kolla-ansible

Deny /server-status when using single frontend

Bug #2121626 reported by Jack Hodgkiss
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kolla-ansible
Fix Released
Undecided
Jack Hodgkiss

Bug Description

As reported in this bug https://bugs.launchpad.net/kolla-ansible/+bug/1996913

We are experiencing the same problem with deployments that use single frontend.

To remedy this we should ensure that we deny access to `/server-status` from the external_frontend

Jack Hodgkiss (jackhodgkiss)
Changed in kolla-ansible:
assignee: nobody → Jack Hodgkiss (jackhodgkiss)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/958814

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (master)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/958814
Committed: https://opendev.org/openstack/kolla-ansible/commit/6eae55b58468bc031f071a560e3dd7a15bffacfe
Submitter: "Zuul (22348)"
Branch: master

commit 6eae55b58468bc031f071a560e3dd7a15bffacfe
Author: Jack Hodgkiss <email address hidden>
Date: Thu Aug 28 22:48:01 2025 +0100

    Deny access to `server-status` via `single frontend`

    This change denies access to `server-status` when the using `single
    frontend` configuration for public API services with `HAProxy`.

    Closes-Bug: #2121626
    Change-Id: I447212df92c0da4248e44f652fc66c7381a404bb
    Signed-off-by: Jack Hodgkiss <email address hidden>

Changed in kolla-ansible:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (stable/2025.1)

Fix proposed to branch: stable/2025.1
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/958841

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (stable/2024.2)

Fix proposed to branch: stable/2024.2
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/958842

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (stable/2024.1)

Fix proposed to branch: stable/2024.1
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/958843

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/2024.1)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/958843
Committed: https://opendev.org/openstack/kolla-ansible/commit/9e1e090a970efd2ec21b1b6e235fc80d6a3840a8
Submitter: "Zuul (22348)"
Branch: stable/2024.1

commit 9e1e090a970efd2ec21b1b6e235fc80d6a3840a8
Author: Jack Hodgkiss <email address hidden>
Date: Thu Aug 28 22:48:01 2025 +0100

    Deny access to `server-status` via `single frontend`

    This change denies access to `server-status` when the using `single
    frontend` configuration for public API services with `HAProxy`.

    Closes-Bug: #2121626
    Change-Id: I447212df92c0da4248e44f652fc66c7381a404bb
    Signed-off-by: Jack Hodgkiss <email address hidden>
    (cherry picked from commit 6eae55b58468bc031f071a560e3dd7a15bffacfe)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/2024.2)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/958842
Committed: https://opendev.org/openstack/kolla-ansible/commit/51de4f636c67b71f39d681fe6cc1130dc2c97294
Submitter: "Zuul (22348)"
Branch: stable/2024.2

commit 51de4f636c67b71f39d681fe6cc1130dc2c97294
Author: Jack Hodgkiss <email address hidden>
Date: Thu Aug 28 22:48:01 2025 +0100

    Deny access to `server-status` via `single frontend`

    This change denies access to `server-status` when the using `single
    frontend` configuration for public API services with `HAProxy`.

    Closes-Bug: #2121626
    Change-Id: I447212df92c0da4248e44f652fc66c7381a404bb
    Signed-off-by: Jack Hodgkiss <email address hidden>
    (cherry picked from commit 6eae55b58468bc031f071a560e3dd7a15bffacfe)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/2025.1)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/958841
Committed: https://opendev.org/openstack/kolla-ansible/commit/290b688073320cf312e6ae198b483efb768d4ad6
Submitter: "Zuul (22348)"
Branch: stable/2025.1

commit 290b688073320cf312e6ae198b483efb768d4ad6
Author: Jack Hodgkiss <email address hidden>
Date: Thu Aug 28 22:48:01 2025 +0100

    Deny access to `server-status` via `single frontend`

    This change denies access to `server-status` when the using `single
    frontend` configuration for public API services with `HAProxy`.

    Closes-Bug: #2121626
    Change-Id: I447212df92c0da4248e44f652fc66c7381a404bb
    Signed-off-by: Jack Hodgkiss <email address hidden>
    (cherry picked from commit 6eae55b58468bc031f071a560e3dd7a15bffacfe)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 18.8.0

This issue was fixed in the openstack/kolla-ansible 18.8.0 Caracal release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 19.6.0

This issue was fixed in the openstack/kolla-ansible 19.6.0 Dalmatian release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 20.2.0

This issue was fixed in the openstack/kolla-ansible 20.2.0 Epoxy release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 21.0.0.0rc1

This issue was fixed in the openstack/kolla-ansible 21.0.0.0rc1 Flamingo release candidate.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.