pcsd is listening on all networks available including external networks
Bug #1856626 reported by
Takashi Kajinami
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
Undecided
|
Takashi Kajinami |
Bug Description
When we deploy overcloud by director, we see that pcsd is listening on all available networks, which means that we can access to pcsd from external network connected to controller nodes.
~~~
[heat-admin@
root 280462 0.0 0.1 986088 58020 ? Ssl Dec09 2:44 /usr/bin/ruby /usr/lib/pcsd/pcsd
[heat-admin@
tcp 0 0 :::2224 0.0.0.0:* LISTEN 280462/ruby
~~~
However, we expect that only operators can use pcsd to manage cluster services, so it would be better to make pcsd listen on a specific internal network instead of all networks
To post a comment you must log in.
Fix proposed to branch: master /review. opendev. org/699318
Review: https:/