This is tracked in the following ticket: http://projects.puppetlabs.com/issues/18285 , and there's some discussion in the ticket about the particulars. A fix has been merged into master; thanks for pointing this issue out to us!
deepak On Thu, Dec 27, 2012 at 2:47 AM, Michael Henry <[email protected]> wrote: > So, nobody is able to explain to me why puppetdb is running Java RMI > service on all interfaces when it's otherwise not configured to? > > Really, there's got to be a way to stop this aside from using iptables. > > > $ lsof -i -n -P | grep java | grep LISTEN > java 31464 puppetdb 21u IPv6 715671 0t0 TCP *:1099 (LISTEN) > java 31464 puppetdb 22u IPv6 717146 0t0 TCP *:40196 > (LISTEN) # note: port changes since original post > java 31464 puppetdb 39u IPv6 717150 0t0 TCP > 127.0.0.1:8080(LISTEN) > java 31464 puppetdb 44u IPv6 715700 0t0 TCP > 127.0.0.1:8081(LISTEN) > > $ uname -a > Linux neocrime.net 3.6.11 #5 SMP Sat Dec 22 21:02:13 UTC 2012 x86_64 > x86_64 x86_64 GNU/Linux > > $ lsb_release -a > No LSB modules are available. > Distributor ID: Ubuntu > Description: Ubuntu 12.04.1 LTS > Release: 12.04 > Codename: precise > > $dpkg -l puppetdb puppetmaster postgresql rubygems openjdk-6-jre-headless > ... > ii openjdk-6-jre-headle 6b24-1.11.5-0ubuntu1 OpenJDK Java runtime, using > Hotspot JIT (headless) > ii postgresql 9.1+129ubuntu1 object-relational SQL > database (supported version) > ii puppetdb 1.0.5-1puppetlabs1 PuppetDB Centralized Storage. > ii puppetmaster 3.0.2-1puppetlabs1 Centralized configuration > management - master startup an > ii rubygems 1.8.21-0~28~precise1 package management framework > for Ruby libraries/applicat > > $ cat /etc/apt/sources.list.d/PuppetLabs.list > deb http://apt.puppetlabs.com precise main > > $ cat /etc/puppetdb/conf.d/* | grep -v '^#' > [global] > vardir = /var/lib/puppetdb > logging-config = /etc/puppetdb/conf.d/../log4j.properties > resource-query-limit = 20000 > [command-processing] > [database] > classname = org.postgresql.Driver > subprotocol = postgresql > subname = //localhost:5432/puppetdb > log-slow-statements = 10 > syntax_pgs = true > gc-interval = 60 > username = puppetdb > password = redacted > [jetty] > host = localhost > port = 8080 > ssl-host = localhost > ssl-port = 8081 > keystore = /etc/puppetdb/ssl/keystore.jks > truststore = /etc/puppetdb/ssl/truststore.jks > key-password = redacted > trust-password = redacted > [repl] > enabled = false > type = nrepl > port = 8082 > > > > On Monday, December 24, 2012 1:27:24 AM UTC-8, Michael Henry wrote: > >> PuppetDB is operating fine, but I can't figure out how to disable it from >> listening globally on TCP 1099 or 58722 >> >> How do I disable them from listening globally without having to resort to >> iptables? >> >> $ lsof -i -n -P | grep java | grep LISTEN >> java 30115 puppetdb 22u IPv6 119118 0t0 TCP *:1099 (LISTEN) >> java 30115 puppetdb 23u IPv6 117236 0t0 TCP *:58772 (LISTEN) >> java 30115 puppetdb 40u IPv6 117241 0t0 TCP >> 127.0.0.1:8080(LISTEN) >> java 30115 puppetdb 45u IPv6 117247 0t0 TCP >> 127.0.0.1:8081(LISTEN) >> >> $ netstat -tnlp | grep java >> tcp6 0 0 :::1099 :::* >> LISTEN 30115/java >> tcp6 0 0 127.0.0.1:8080 :::* >> LISTEN 30115/java >> tcp6 0 0 127.0.0.1:8081 :::* >> LISTEN 30115/java >> tcp6 0 0 :::58772 :::* >> LISTEN 30115/java >> >> This is what NMAP says they are: >> >> PORT STATE SERVICE VERSION >> 1099/tcp open jrmi Java RMI >> 58772/tcp open unknown >> >> Java RMI: >> http://en.wikipedia.org/wiki/**Java_remote_method_invocation<http://en.wikipedia.org/wiki/Java_remote_method_invocation> >> >> My relevant configurations: >> $ egrep '(port|host|1099|58772)' /etc/puppetdb/conf.d/* >> /etc/puppetdb/conf.d/database.**ini:# For PostgreSQL: >> //host:port/databaseName >> /etc/puppetdb/conf.d/database.**ini:subname = //localhost:5432/puppetdb >> /etc/puppetdb/conf.d/jetty.**ini:# Hostname to list for clear-text >> HTTP. Default is localhost >> /etc/puppetdb/conf.d/jetty.**ini:host = localhost >> /etc/puppetdb/conf.d/jetty.**ini:port = 8080 >> /etc/puppetdb/conf.d/jetty.**ini:ssl-host = localhost >> /etc/puppetdb/conf.d/jetty.**ini:ssl-port = 8081 >> /etc/puppetdb/conf.d/repl.ini:**# What port the REPL should listen on >> /etc/puppetdb/conf.d/repl.ini:**port = 8082 >> >> OS: Ubuntu 12.04 LTS x86_64 >> Puppetdb 1.0.5 >> Puppet 3.0.1 >> >> Is there a setting I've missed? >> >> Thanks in advance. >> >> Respectfully, >> >> Michael Henry (Mike) >> >> >> -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/6gA8u8I8NAcJ. > > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
