Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-48141

[Enforce-TLS] Query should listen at 127.0.0.1:8093

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 7.0.2
    • Fix Version/s: 7.0.2
    • Component/s: query
    • Triage:
      Untriaged
    • Operating System:
      Centos 64-bit
    • Story Points:
      1
    • Is this a Regression?:
      Unknown

      Description

      Summary:
      Prometheus is failing to scrape metrics from query service after enforcing TLS, and as a result is leading to non-availability of stats. This is because after enforcing TLS, cbq-engine stops listening on non-ssl port at loopback-address. See MB-48122 for the discussion around this, screenshots, and logs

        Attachments

          Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            Activity

            Hide
            marco.greco Marco Greco added a comment -

            Wayne Siu could we approve for 7.0.2? This makes Prometheus not work with strict TLS.

            Show
            marco.greco Marco Greco added a comment - Wayne Siu could we approve for 7.0.2? This makes Prometheus not work with strict TLS.
            Hide
            build-team Couchbase Build Team added a comment -

            Build couchbase-server-7.0.2-6612 contains query commit 2bcbbe7 with commit message:
            MB-48141 enable localhost listeners for TLS strict mode

            Show
            build-team Couchbase Build Team added a comment - Build couchbase-server-7.0.2-6612 contains query commit 2bcbbe7 with commit message: MB-48141 enable localhost listeners for TLS strict mode
            Hide
            pierre.regazzoni Pierre Regazzoni added a comment -

            Verified on 7.0.2-6612

            # /opt/couchbase/bin/couchbase-cli setting-security -c http://localhost:8091 -u Administrator -p password --set --cluster-encryption-level strict
            SUCCESS: Security settings updated
             
            # lsof -i :8093
            COMMAND     PID      USER   FD   TYPE    DEVICE SIZE/OFF NODE NAME
            prometheu 22736 couchbase   13u  IPv4 103037323      0t0  TCP localhost:54658->localhost:8093 (ESTABLISHED)
            cbq-engin 22919 couchbase   10u  IPv4 103041688      0t0  TCP localhost:8093 (LISTEN)
            cbq-engin 22919 couchbase   11u  IPv4 103041796      0t0  TCP localhost:8093->localhost:54658 (ESTABLISHED)
            cbq-engin 22919 couchbase   14u  IPv6 103041689      0t0  TCP localhost:8093 (LISTEN) 

            Show
            pierre.regazzoni Pierre Regazzoni added a comment - Verified on 7.0.2-6612 # /opt/couchbase/bin/couchbase-cli setting-security -c http: //localhost:8091 -u Administrator -p password --set --cluster-encryption-level strict SUCCESS: Security settings updated   # lsof -i : 8093 COMMAND     PID      USER   FD   TYPE    DEVICE SIZE/OFF NODE NAME prometheu 22736 couchbase   13u  IPv4 103037323       0t0  TCP localhost: 54658 ->localhost: 8093 (ESTABLISHED) cbq-engin 22919 couchbase   10u  IPv4 103041688       0t0  TCP localhost: 8093 (LISTEN) cbq-engin 22919 couchbase   11u  IPv4 103041796       0t0  TCP localhost: 8093 ->localhost: 54658 (ESTABLISHED) cbq-engin 22919 couchbase   14u  IPv6 103041689       0t0  TCP localhost: 8093 (LISTEN)

              People

              Assignee:
              pierre.regazzoni Pierre Regazzoni
              Reporter:
              sumedh.basarkod Sumedh Basarkod
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Gerrit Reviews

                  There are no open Gerrit changes

                    PagerDuty