bind all services not required by the nodes to the loopback interface or add ingress firewall rules for these services

Bug #975450 reported by Jamie Strandboge on 2012-04-06
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
MAAS
Critical
Jeroen T. Vermeulen
txlongpoll
Critical
Julian Edwards
maas (Ubuntu)
High
Andres Rodriguez
Precise
High
kavya
txlongpoll (Ubuntu)
Undecided
Andres Rodriguez
Precise
Undecided
Unassigned

Bug Description

This is a tracking bug for a dependency of the maas MIR (bug #961344).

For 12.04, bind all services not required by the nodes to the loopback interface (like with postgresql). This includes mass-pserv, maas-txlongpoll, epmd, and rabbitmq and anything else that is added between now and release. If this cannot be done, add explict firewall rules (I suggest in a 'maas' chain to make this play nice with other rulesets) for these open ports.

Related branches

tags: added: rls-p-tracking
Changed in maas (Ubuntu Precise):
milestone: none → ubuntu-12.04
status: New → Triaged
security vulnerability: no → yes
security vulnerability: yes → no
Changed in maas:
status: New → Triaged
importance: Undecided → Critical
Jeroen T. Vermeulen (jtv) wrote :

Split off the pserv & txlongpoll parts as bug 977752 (we can do these within the MAAS code).

Jeroen T. Vermeulen (jtv) wrote :

Turns out there was no need to split off a bug: the MAAS bugtask on this bug was meant for that. Marked the new bug as a duplicate.

Jeroen T. Vermeulen (jtv) wrote :

The branch I attached makes pserv listen only to 127.0.0.1. THIS DOES NOT FIX TXLONGPOLL. That would take upstream changes to make the interface binding configurable. So we'll still need to firewall off the txlongpoll port.

Changed in maas:
assignee: nobody → Jeroen T. Vermeulen (jtv)
status: Triaged → Fix Released
Changed in maas (Ubuntu Precise):
importance: Undecided → High
Changed in txlongpoll:
status: New → In Progress
importance: Undecided → Critical
assignee: nobody → Julian Edwards (julian-edwards)
Julian Edwards (julian-edwards) wrote :

Dear packagers, please pull latest txlongpoll which now has an "interface" frontend config item that you can set to 127.0.0.1 for MAAS.

Changed in txlongpoll:
milestone: none → 0.3.2
status: In Progress → Fix Released
Changed in txlongpoll (Ubuntu Precise):
status: New → Confirmed
Changed in maas (Ubuntu):
assignee: nobody → Andres Rodriguez (andreserl)
Changed in txlongpoll (Ubuntu):
assignee: nobody → Andres Rodriguez (andreserl)
kavya (kavyamensin123) on 2013-09-06
Changed in maas (Ubuntu Precise):
assignee: nobody → kavya (kavyamensin123)
Changed in txlongpoll (Ubuntu):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers