Bug 536151 (RHQ-532)

Summary: Enable socket based transports to listen on more than one network interface
Product: [Other] RHQ Project Reporter: Charles Crouch <ccrouch>
Component: No ComponentAssignee: RHQ Project Maintainer <rhq-maint>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 1.0CC: asantos, ccrouch, cwelton, hbrock, jshaughn
Target Milestone: ---Keywords: Improvement
Target Release: ---   
Hardware: All   
OS: All   
URL: http://jira.rhq-project.org/browse/RHQ-532
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-05-13 13:26:50 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Charles Crouch 2008-06-02 10:00:00 EDT
At the moment if you have the following in rhq-server.properties (only the transport is different from the defaults)

# Container configuration
jboss.bind.address=0.0.0.0
# RHQ Server's remote endpoint for agents to talk to
rhq.communications.connector.transport=sslsocket
rhq.communications.connector.bind-address=${jboss.bind.address}

then it appears that JBoss Remoting will still only bind to one interface, rather than all of them (0.0.0.0). In my testing I was trying to connect to 127.0.0.1 but Remoting was using a NAT assigned ip. Which interface it uses can be seen by turning on debug logging. This should only be a problem for JBoss Remoting managed transports such as socket/sslsocket since things like sslservlet and servlet rely on Tomcat to handle the interface binding.

Next steps

1) Update the security documentation to reflect that you shouldnt use 0.0.0.0 as your connector bind-address if you're using sslsocket/socket.

2) Investigate whether Remoting 2.4 addresses this issue. From the release notes it looks like it does:

"JBossRemoting 2.4.0.GA is an incremental release, with dozens of bug fixes and several new features:

   * servers can be bound to multiple IP addresses "
Comment 1 Ian Springer 2008-06-02 10:11:14 EDT
Charles, besides updating the docs, I'd also add a comment in rhq-server.properties.
Comment 2 Joseph Marques 2008-07-19 20:54:21 EDT
charles, yup, multiple homes supported through single-line syntax:

http://www.jboss.org/jbossremoting/docs/guide/2.4/html/ch05.html#d0e1124
Comment 3 Red Hat Bugzilla 2009-11-10 16:11:16 EST
This bug was previously known as http://jira.rhq-project.org/browse/RHQ-532
Comment 4 Joseph Marques 2010-08-10 17:43:06 EDT
The link from 2008-07-19 is stale.  Here is an updated link -- http://docs.jboss.org/jbossremoting/2.5.2.SP3/html_single/#d0e1476

Note: we're currently using 2.2.2.SP8, and the documentation link above explains that the multi-home option was only introduced in 2.4.x, so we would have to upgrade our remoting version in order to take advantage of this functionality.