Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Critical
Fix Version/s: 7.0.2
Affects Version/s: 7.0.2
Component/s: fts
Labels:
- approved-for-7.0.2
- functional-test
Environment:
Centos 7 64 bit; CB 7.0.2-6636

Triage:
Untriaged
Operating System:
Centos 64-bit
Link to Log File, atop/blg, CBCollectInfo, Core dump:

Hide
http://supportal.couchbase.com/snapshot/dd90bccfdefb85c8a6ed1c84ac6879bf::0
s3://cb-customers-secure/fts-enforce-tls/2021-09-02/collectinfo-2021-09-02t090923-ns_1@172.23.105.215.zip
s3://cb-customers-secure/fts-enforce-tls/2021-09-02/collectinfo-2021-09-02t090923-ns_1@172.23.105.217.zip

Show
http://supportal.couchbase.com/snapshot/dd90bccfdefb85c8a6ed1c84ac6879bf::0 s3://cb-customers-secure/fts-enforce-tls/2021-09-02/collectinfo-2021-09-02t090923-ns_1@172.23.105.215.zip s3://cb-customers-secure/fts-enforce-tls/2021-09-02/collectinfo-2021-09-02t090923-ns_1@172.23.105.217.zip
Story Points:
1
Is this a Regression?:
Yes

Description

My ns-server specific tests are failing as cbft seems to be listening on *:8094 even after enforcing TLS.

Simple way to reproduce this:
1. Start a 1 node cluster with kv service (.215)
2. Add another node with all services (.217)
3. Disable AF and enable n2n encryption to level "strict"
4. Check if FTS obeyed TLS:

[root@localhost logs]# ss -4anpe | grep "8094" | grep "LISTEN"

tcp    LISTEN     0      128       *:18094                 *:*                   users:(("cbft",pid=124186,fd=18)) uid:996 ino:5237690 sk:ffff97a55b695d00 <->

tcp    LISTEN     0      128       *:8094                  *:*                   users:(("cbft",pid=124186,fd=16)) uid:996 ino:5237688 sk:ffff97a55b696c80 <->

[root@localhost logs]#

actual:
*:8094
expected:
127.0.0.1:8094

Attachments

Issue Links

relates to

MB-48142 [Enforce-TLS] FTS should listen at 127.0.0.1:8094

Closed

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

For Gerrit Dashboard: MB-48291
#	Subject	Branch	Project	Status	CR	V
160815,8	MB-48291: Listen on localhost:8094 (even when DisableNonSSLPorts)	cheshire-cat	cbft	Status: MERGED	+2	+1
160973,1	Merge remote-tracking branch 'couchbase/cheshire-cat'	master	cbft	Status: MERGED	+2	+1

Activity

People

Assignee:: Abhi Dangeti

Reporter:: Sumedh Basarkod (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 02/Sep/21 2:16 AM

Updated:: 08/Sep/21 1:34 AM

Resolved:: 07/Sep/21 9:45 AM

Gerrit Reviews

There are no open Gerrit changes

Show There are 2 closed Gerrit changes

Hide There are 2 closed Gerrit changes

MB-48291: Listen on localhost:8094 (even when DisableNonSSLPorts): Gerrit Review:

Merge remote-tracking branch 'couchbase/cheshire-cat': Gerrit Review:

[Enforce-TLS] FTS not honouring strict level of n2n

Details

Description

Attachments

Issue Links

Gerrit Reviews

Activity

People

Dates

Gerrit Reviews

PagerDuty