stop listening on legacy port 4001
Bug #2008652 reported by
Kevin W Monroe
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Etcd Charm |
In Progress
|
Medium
|
Adam Dyess | ||
Bug Description
Etcd in ck-1.26 is listening on localhost:4001:
-----
$ sudo ss -ntlp | grep etcd
LISTEN 0 4096 127.0.0.1:4001 0.0.0.0:* users:(
LISTEN 0 4096 *:2379 *:* users:(
LISTEN 0 4096 *:2380 *:* users:(
-----
I suspect this was done for ease of debugging so you could use the localhost endpoint without needing TLS in the env. We should only listen on the current standard ports and enforce TLS while we're at it.
Revision history for this message
| Kevin W Monroe (kwmonroe) wrote | #1 |
| no longer affects: | etcd-snaps |
| Changed in charm-etcd: | |
| milestone: | none → 1.27 |
| Changed in charm-etcd: | |
| milestone: | 1.27 → 1.27+ck1 |
| Changed in charm-etcd: | |
| milestone: | 1.27+ck1 → 1.28 |
| Changed in charm-etcd: | |
| milestone: | 1.28 → 1.28+ck1 |
Revision history for this message
| Adam Dyess (addyess) wrote | #2 |
| Changed in charm-etcd: | |
| status: | New → In Progress |
| assignee: | nobody → Adam Dyess (addyess) |
| importance: | Undecided → Medium |
Revision history for this message
| Kevin W Monroe (kwmonroe) wrote | #3 |
| Changed in charm-etcd: | |
| milestone: | 1.28+ck1 → 1.29 |
To post a comment you must log in.
PR to help with tls-from-localhost (thanks swalladge!):
https:/