stop listening on legacy port 4001
Bug #2008652 reported by
Kevin W Monroe
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Etcd Charm |
Fix Released
|
Medium
|
Adam Dyess |
Bug Description
Etcd in ck-1.26 is listening on localhost:4001:
-----
$ sudo ss -ntlp | grep etcd
LISTEN 0 4096 127.0.0.1:4001 0.0.0.0:* users:(
LISTEN 0 4096 *:2379 *:* users:(
LISTEN 0 4096 *:2380 *:* users:(
-----
I suspect this was done for ease of debugging so you could use the localhost endpoint without needing TLS in the env. We should only listen on the current standard ports and enforce TLS while we're at it.
no longer affects: | etcd-snaps |
Changed in charm-etcd: | |
milestone: | none → 1.27 |
Changed in charm-etcd: | |
milestone: | 1.27 → 1.27+ck1 |
Changed in charm-etcd: | |
milestone: | 1.27+ck1 → 1.28 |
Changed in charm-etcd: | |
milestone: | 1.28 → 1.28+ck1 |
Changed in charm-etcd: | |
status: | New → In Progress |
assignee: | nobody → Adam Dyess (addyess) |
importance: | Undecided → Medium |
Changed in charm-etcd: | |
status: | In Progress → Fix Committed |
Changed in charm-etcd: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
PR to help with tls-from-localhost (thanks swalladge!):
https:/ /github. com/charmed- kubernetes/ layer-etcd/ pull/204