Can't run any service listening on port 80 if cinder is deployed on the same unit
Bug #1896780 reported by
Przemyslaw Hausman
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Cinder Charm |
New
|
Undecided
|
Unassigned |
Bug Description
Cinder charm exposes apache2 on port 80, even though there's nothing relevant being served on this port. When I access port 80 on cinder unit's IP address, an "Apache2 Ubuntu Default Page" is actually served.
This behaviour makes it impossible to colocate cinder with any other service that listens on port 80 -- because the port is already taken by cinder.
From the security perspective it's an unnecessarily open port, expanding the attack surface.
To post a comment you must log in.