Ubuntu
maas package

bind all services not required by the nodes to the loopback interface or add ingress firewall rules for these services

Bug #975450 reported by Jamie Strandboge
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
MAAS
Fix Released
Critical
Jeroen T. Vermeulen
txlongpoll
Fix Released
Critical
Julian Edwards
txlongpoll 0.3.2
maas (Ubuntu)
Triaged
High
Andres Rodriguez
Ubuntu ubuntu-12.04
Precise
Won't Fix
High
kavya
Ubuntu ubuntu-12.04
txlongpoll (Ubuntu)
Won't Fix
Undecided
Andres Rodriguez
Precise
Won't Fix
Undecided
Unassigned

Bug Description

This is a tracking bug for a dependency of the maas MIR (bug #961344).

For 12.04, bind all services not required by the nodes to the loopback interface (like with postgresql). This includes mass-pserv, maas-txlongpoll, epmd, and rabbitmq and anything else that is added between now and release. If this cannot be done, add explict firewall rules (I suggest in a 'maas' chain to make this play nice with other rulesets) for these open ports.

Related branches

lp://qastaging/~jtv/maas/bug-977752
Gavin Panella (community): Approve
Diff: 153 lines (+64/-38)
3 files modified
etc/pserv.yaml (+6/-0)
src/provisioningserver/plugin.py (+57/-38)
src/provisioningserver/tests/test_plugin.py (+1/-0)
Jamie Strandboge (jdstrand)
tags: added: rls-p-tracking
Changed in maas (Ubuntu Precise):
milestone: none → ubuntu-12.04
status: New → Triaged
Jamie Strandboge (jdstrand)
security vulnerability: no → yes
security vulnerability: yes → no
Julian Edwards (julian-edwards)
Changed in maas:
status: New → Triaged
importance: Undecided → Critical
Revision history for this message
Jeroen T. Vermeulen (jtv) wrote :

Split off the pserv & txlongpoll parts as bug 977752 (we can do these within the MAAS code).

Revision history for this message
Jeroen T. Vermeulen (jtv) wrote :

Turns out there was no need to split off a bug: the MAAS bugtask on this bug was meant for that. Marked the new bug as a duplicate.

Revision history for this message
Jeroen T. Vermeulen (jtv) wrote :

The branch I attached makes pserv listen only to 127.0.0.1. THIS DOES NOT FIX TXLONGPOLL. That would take upstream changes to make the interface binding configurable. So we'll still need to firewall off the txlongpoll port.

Jeroen T. Vermeulen (jtv)
Changed in maas:
assignee: nobody → Jeroen T. Vermeulen (jtv)
status: Triaged → Fix Released
Jamie Strandboge (jdstrand)
Changed in maas (Ubuntu Precise):
importance: Undecided → High
Julian Edwards (julian-edwards)
Changed in txlongpoll:
status: New → In Progress
importance: Undecided → Critical
assignee: nobody → Julian Edwards (julian-edwards)
Revision history for this message
Julian Edwards (julian-edwards) wrote :

Dear packagers, please pull latest txlongpoll which now has an "interface" frontend config item that you can set to 127.0.0.1 for MAAS.

Changed in txlongpoll:
milestone: none → 0.3.2
status: In Progress → Fix Released
Jamie Strandboge (jdstrand)
Changed in txlongpoll (Ubuntu Precise):
status: New → Confirmed
Andres Rodriguez (andreserl)
Changed in maas (Ubuntu):
assignee: nobody → Andres Rodriguez (andreserl)
Changed in txlongpoll (Ubuntu):
assignee: nobody → Andres Rodriguez (andreserl)
kavya (kavyamensin123)
Changed in maas (Ubuntu Precise):
assignee: nobody → kavya (kavyamensin123)
Andres Rodriguez (andreserl)
Changed in txlongpoll (Ubuntu):
status: Confirmed → Won't Fix
Revision history for this message
Steve Langasek (vorlon) wrote :

The Precise Pangolin has reached end of life, so this bug will not be fixed for that release

Changed in maas (Ubuntu Precise):
status: Triaged → Won't Fix
Steve Langasek (vorlon)
Changed in txlongpoll (Ubuntu Precise):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.