PBR

ceilometer-api listens on 0.0.0.0 instead of loopback IP

Bug #1628094 reported by Gautam Prasad
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
PBR
Fix Released
Undecided
Unassigned

Bug Description

ceilometer-api listens on 0.0.0.0 instead of loopback IP

There are two issues

1. When ceilometer-api is run from command line, it does not accepts port number provided at command line.

# /usr/bin/ceilometer-api -h
usage: ceilometer-api [-h] [--port PORT]

optional arguments:
  -h, --help show this help message and exit
  --port PORT, -p PORT TCP port to listen on (default: 8000)

# /usr/bin/ceilometer-api --port 8777
Option "verbose" from group "DEFAULT" is deprecated for removal. Its value may be silently ignored in the future.
Option "os_endpoint_type" from group "service_credentials" is deprecated. Use option "interface" from group "service_credentials".
usage: ceilometer-api [-h] [--config-dir DIR] [--config-file PATH] [--debug]
                      [--log-config-append PATH]
                      [--log-date-format DATE_FORMAT] [--log-dir LOG_DIR]
                      [--log-file PATH] [--nodebug] [--nouse-syslog]
                      [--noverbose] [--nowatch-log-file]
                      [--syslog-log-facility SYSLOG_LOG_FACILITY]
                      [--use-syslog] [--verbose] [--version]
                      [--watch-log-file]
                      [--service_credentials-interface SERVICE_CREDENTIALS_INTERFACE]
                      [--service_credentials-region-name SERVICE_CREDENTIALS_REGION_NAME]
ceilometer-api: error: unrecognized arguments: --port 8777

2. Also, the port is bound on address 0.0.0.0, and since it is not configured to listen on https, it would be security issue to listen on all configured IPv4 addresses on the system. Probably, it should only listen on loopback address.

# netstat -tulpn | grep 8000
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 31139/python

# ps -ef | grep 31139
root 31139 5756 0 03:59 pts/1 00:00:01 /usr/bin/python /usr/bin/ceilometer-api
root 31517 3530 0 04:05 pts/0 00:00:00 grep --color=auto 31139

Revision history for this message
Julien Danjou (jdanjou) wrote :

1. Better use mod_wsgi or uwsgi
2. This is a pbr problem
3. It seems you are using an old pbr version

affects: ceilometer → pbr
Revision history for this message
Ben Nemec (bnemec) wrote :

I believe this should have been fixed by https://github.com/openstack-dev/pbr/commit/6fdf4e1086c53adf47561697cf82417e1f3b14ed#diff-6c5d8c88de993e859c6554c87ef9b096

It allows configuration of the listen address. If the unrecognized argument bug still exists please open a separate bug so we can track it properly. Thanks.

Changed in pbr:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.