Details
-
Bug
-
Resolution: Fixed
-
Critical
-
7.0.1
-
Centos 7 64 bit; CB EE 7.0.1-5996
-
Triaged
-
-
1
-
Unknown
Description
Steps to Reproduce
1. Create a 2 node cluster .215(kv) and .217(backup)
2. Check that backup service is listening on 8097 as expected
curl -v -u Administrator:password http://localhost:8097/api/v1/config
|
returns
"history_rotation_period":30,"history_rotation_size":50}
|
as expected
3. Now, enforce TLS by enabling n2n encryption at level "strict"
and make the rest call again on backup service node at localhost
Actual:
* About to connect() to localhost port 8097 (#0)
|
* Trying ::1...
|
* Connection refused
|
* Trying 127.0.0.1...
|
* Connection refused
|
* Failed connect to localhost:8097; Connection refused
|
* Closing connection 0
|
curl: (7) Failed connect to localhost:8097; Connection refused
|
8097 is blocked on all addresses including localhost
Expected
8097(non-ssl port) is blocked on all addresses except localhost
Not particularly a bug. But filing because:
1. Per PRD, it seemed like the plan was to block non-ssl ports only on non-localhost addresses
2. Other components like memcached, clusterManagement, eventing etc keep localhost's non-ssl port open and hence wanted to know if backup service was an exception here for some reason
Misc
Note port usage can be checked alternatively using netstat/ss command (instead of checking with a rest call)
ss -4anpe | grep "8097" | grep "LISTEN"
|
gives
tcp LISTEN 0 128 *:18097 *:* users:(("backup",pid=109636,fd=17)) uid:996 ino:177430285 sk:ffff97f8aa999740 <->
|
Attachments
Issue Links
- relates to
-
MB-48122 [Enforce-TLS] Non-availability of some services' stats
- Closed