Loading...

XML

Word

Printable

Details

Type: Task
Resolution: Fixed
Priority: Major
Fix Version/s: None
Affects Version/s: None
Component/s: qe
Labels:
None
Environment:
Centos 7 64 bit; CB EE 7.0.2-6547

Story Points:
1

Description

Summary:
Currently, we have a test that scans all ports to see if any services are listening on non-loopback address at non-ssl port after enforcing TLS.
One such port is indexer's 9100. After enforcing TLS, indexer seems to listen on this port on all addresses. ie;

ss -4anpe | grep "9100" | grep "LISTEN"

returns

tcp    LISTEN     0      128       *:9100                  *:*                   users:(("indexer",pid=83917,fd=21)) uid:996 ino:192323307 sk:ffff97f84dcabe00 <->

it returns *:9100 .

Filing this to check if this is expected or if indexer must listen instead only on 127.0.0.1:9100 after enforcing tls.

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Sumedh Basarkod (Inactive)

Reporter:: Sumedh Basarkod (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 20/Aug/21 3:03 AM

Updated:: 24/Aug/21 1:05 AM

Resolved:: 24/Aug/21 1:05 AM

Gerrit Reviews

There are no open Gerrit changes

Show There are 2 closed Gerrit changes

Hide There are 2 closed Gerrit changes

MB-48074: Disable tls checks on non-http indexer ports: Gerrit Review:

MB-48074: Disable tls checks on non-http indexer ports: Gerrit Review:

Decide if we want to fail if Indexer listens on *:9100 port after enforcing TLS

Details

Description

Attachments

Gerrit Reviews

Activity

People

Dates

Gerrit Reviews

PagerDuty