Disable Apache default ports

Openstack services don't use the default ports (80 and 443), so change Apache to not open them. Change-Id: I518465cd2d6f53e229ab81ebd751f311f8627f83 Closes-bug: #1845665
2019-11-02 07:24:27 -03:00 · 2019-11-02 07:24:27 -03:00 · 0bf9812bc1
parent 9f4522216b
commit 0bf9812bc1
3 changed files with 11 additions and 1 deletions
--- a/hooks/nova_cc_utils.py
+++ b/hooks/nova_cc_utils.py
@ -108,6 +108,7 @@ NOVA_CONF = '%s/nova.conf' % NOVA_CONF_DIR
 NOVA_API_PASTE = '%s/api-paste.ini' % NOVA_CONF_DIR
 VENDORDATA_FILE = '%s/vendor_data.json' % NOVA_CONF_DIR
 HAPROXY_CONF = '/etc/haproxy/haproxy.cfg'
+APACHE_PORTS_CONF = '/etc/apache2/ports.conf'
 APACHE_CONF = '/etc/apache2/sites-available/openstack_https_frontend'
 APACHE_24_CONF = '/etc/apache2/sites-available/openstack_https_frontend.conf'
 APACHE_SSL_DIR = '/etc/apache2/ssl/nova'
@ -218,6 +219,10 @@ def get_base_resource_map():
                    determine_ports)],
                'services': ['apache2'],
            }),
+            (APACHE_PORTS_CONF, {
+                'contexts': [],
+                'services': ['apache2'],
+            }),
        ])
    return _BASE_RESOURCE_MAP

--- a/templates/ports.conf
+++ b/templates/ports.conf
@ -0,0 +1 @@
+#File written by Juju: leave default ports closed (see LP 1845665).
--- a/unit_tests/test_nova_cc_utils.py
+++ b/unit_tests/test_nova_cc_utils.py
@ -134,6 +134,7 @@ RESTART_MAP_ICEHOUSE = OrderedDict([
    ]),
    ('/etc/haproxy/haproxy.cfg', ['haproxy']),
    ('/etc/apache2/sites-available/openstack_https_frontend', ['apache2']),
+    ('/etc/apache2/ports.conf', ['apache2']),
 ])
 RESTART_MAP_OCATA_ACTUAL = OrderedDict([
    ('/etc/nova/nova.conf', [
@ -142,6 +143,7 @@ RESTART_MAP_OCATA_ACTUAL = OrderedDict([
    ('/etc/nova/api-paste.ini', ['nova-api-os-compute', 'apache2']),
    ('/etc/haproxy/haproxy.cfg', ['haproxy']),
    ('/etc/apache2/sites-available/openstack_https_frontend', ['apache2']),
+    ('/etc/apache2/ports.conf', ['apache2']),
    ('/etc/apache2/sites-enabled/wsgi-placement-api.conf', ['apache2']),
 ])
 RESTART_MAP_OCATA_BASE = OrderedDict([
@ -153,7 +155,8 @@ RESTART_MAP_OCATA_BASE = OrderedDict([
        'nova-api-os-compute', 'nova-placement-api'
    ]),
    ('/etc/haproxy/haproxy.cfg', ['haproxy']),
-    ('/etc/apache2/sites-available/openstack_https_frontend', ['apache2'])
+    ('/etc/apache2/sites-available/openstack_https_frontend', ['apache2']),
+    ('/etc/apache2/ports.conf', ['apache2']),
 ])
 RESTART_MAP_ROCKY_ACTUAL = OrderedDict([
    ('/etc/nova/nova.conf', [
@ -162,6 +165,7 @@ RESTART_MAP_ROCKY_ACTUAL = OrderedDict([
    ('/etc/nova/api-paste.ini', ['apache2']),
    ('/etc/haproxy/haproxy.cfg', ['haproxy']),
    ('/etc/apache2/sites-available/openstack_https_frontend', ['apache2']),
+    ('/etc/apache2/ports.conf', ['apache2']),
    ('/etc/apache2/sites-enabled/wsgi-api-os-compute.conf', ['apache2']),
    ('/etc/apache2/sites-enabled/wsgi-placement-api.conf', ['apache2']),
    ('/etc/apache2/sites-enabled/wsgi-openstack-metadata.conf', ['apache2']),
				`@ -0,0 +1 @@`
				`#File written by Juju: leave default ports closed (see LP 1845665).`