Description of problem: After an installation, tomcat is listening on 0.0.0.0 for the following ports defined in server.xml: 8080 8443 8009 The only service connecting to tomcat is katello, which runs on localhost. It would be better if tomcat was restricted to binding to 127.0.0.1. This is changed via server.xml. Version-Release number of selected component (if applicable): 6.2.11
sorry, i meant to say that katello only connects to candlepin on localhost, not that katello itself runs on localhost:)
*** Bug 1188603 has been marked as a duplicate of this bug. ***
Currently showing the following on 6.3.0: # netstat -tnpl | grep java tcp6 0 0 :::8080 :::* LISTEN 11722/java tcp6 0 0 :::8443 :::* LISTEN 11722/java tcp6 0 0 127.0.0.1:8005 :::* LISTEN 11722/java tcp6 0 0 :::8009 :::* LISTEN 11722/java
Will this be configurable in custom-hiera?
(In reply to Peter Gervase from comment #9) > Will this be configurable in custom-hiera? Why would it need to be? End users aren't supposed to interact directly with Tomcat.
Build Version: 6.8 Snap4 Status: Verified Verification point: # rpm -q foreman-installer-2.1.0-0.3.1.rc2.el7sat.noarch foreman-installer-2.1.0-0.3.1.rc2.el7sat.noarch # sudo netstat -lnp|grep java tcp6 0 0 127.0.0.1:8443 :::* LISTEN 21575/java tcp6 0 0 127.0.0.1:8005 :::* LISTEN 21575/java tcp6 0 0 :::8140 :::* LISTEN 21787/java tcp6 0 0 127.0.0.1:61613 :::* LISTEN 21575/java udp6 0 0 :::49220 :::* 21575/java So here tomcat is communicating to candlepin via localhost(Katello). One more thing the 8140 port is a puppet, not tomcat.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: Satellite 6.8 release), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:4366