puppet-openstacklib

All api servers running under httpd with wsgi has /icons accessible

Bug #1854442 reported by Takashi Kajinami
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
puppet-openstacklib
Fix Released
Undecided
Unassigned

Bug Description

Currently most of api processes are running under httpd with wsgi frame work, but all httpd process have valid alias configuration for icons directory, which enables us to access /icons path.
~~~
[heat-admin@controller-0 ~]$ curl -v -I http://172.17.1.10:8774/icons/
* About to connect() to 172.17.1.10 port 8774 (#0)
* Trying 172.17.1.10...
* Connected to 172.17.1.10 (172.17.1.10) port 8774 (#0)
> HEAD /icons/ HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 172.17.1.10:8774
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Date: Fri, 29 Nov 2019 07:07:44 GMT
Date: Fri, 29 Nov 2019 07:07:44 GMT
< Server: Apache
Server: Apache
< Content-Type: text/html;charset=UTF-8
Content-Type: text/html;charset=UTF-8

<
* Connection #0 to host 172.17.1.10 left intact
~~~

Although it does not cause effect on software behaviour, it can bring us some security concern because it makes unnecessary files accessible

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (master)

Fix proposed to branch: master
Review: https://review.opendev.org/696648

Changed in tripleo:
assignee: nobody → Takashi Kajinami (kajinamit)
status: New → In Progress
Bogdan Dobrelya (bogdando)
Changed in tripleo:
importance: Undecided → Medium
milestone: none → ussuri-1
Cédric Jeanneret (cjeanner)
tags: added: puppet queens-backport-potential rocky-backport-potential train-backport-potential
Revision history for this message
Cédric Jeanneret (cjeanner) wrote :

This approach might be more efficient: https://review.opendev.org/#/c/696858/

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/puppet-openstacklib 16.0.0

This issue was fixed in the openstack/puppet-openstacklib 16.0.0 release.

Emilien Macchi (emilienm)
Changed in tripleo:
milestone: ussuri-1 → ussuri-2
Cédric Jeanneret (cjeanner)
tags: added: stein-backport-potential
wes hayutin (weshayutin)
Changed in tripleo:
milestone: ussuri-2 → ussuri-3
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on tripleo-heat-templates (master)

Change abandoned by Takashi Kajinami (<email address hidden>) on branch: master
Review: https://review.opendev.org/696648
Reason: Another patch to fix the same issue was merged into master, so let me abandon this.

https://review.opendev.org/#/c/696858/

Revision history for this message
Takashi Kajinami (kajinamit) wrote :

The fix was merged and released in puppet-openstacklib, so let me move this to puppet-openstacklib and change the status to Fix Released.

Changed in puppet-openstacklib:
status: New → Fix Released
no longer affects: tripleo
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/puppet-openstacklib 15.5.0

This issue was fixed in the openstack/puppet-openstacklib 15.5.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/puppet-openstacklib queens-eol

This issue was fixed in the openstack/puppet-openstacklib queens-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/puppet-openstacklib rocky-eol

This issue was fixed in the openstack/puppet-openstacklib rocky-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/puppet-openstacklib stein-eol

This issue was fixed in the openstack/puppet-openstacklib stein-eol release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.