ceilometer-api listens on 0.0.0.0 instead of loopback IP
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
PBR |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
ceilometer-api listens on 0.0.0.0 instead of loopback IP
There are two issues
1. When ceilometer-api is run from command line, it does not accepts port number provided at command line.
# /usr/bin/
usage: ceilometer-api [-h] [--port PORT]
optional arguments:
-h, --help show this help message and exit
--port PORT, -p PORT TCP port to listen on (default: 8000)
# /usr/bin/
Option "verbose" from group "DEFAULT" is deprecated for removal. Its value may be silently ignored in the future.
Option "os_endpoint_type" from group "service_
usage: ceilometer-api [-h] [--config-dir DIR] [--config-file PATH] [--debug]
ceilometer-api: error: unrecognized arguments: --port 8777
2. Also, the port is bound on address 0.0.0.0, and since it is not configured to listen on https, it would be security issue to listen on all configured IPv4 addresses on the system. Probably, it should only listen on loopback address.
# netstat -tulpn | grep 8000
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 31139/python
# ps -ef | grep 31139
root 31139 5756 0 03:59 pts/1 00:00:01 /usr/bin/python /usr/bin/
root 31517 3530 0 04:05 pts/0 00:00:00 grep --color=auto 31139
1. Better use mod_wsgi or uwsgi
2. This is a pbr problem
3. It seems you are using an old pbr version