Description of problem:
After an installation, tomcat is listening on 0.0.0.0 for the following ports defined in server.xml:
The only service connecting to tomcat is katello, which runs on localhost. It would be better if tomcat was restricted to binding to 127.0.0.1. This is changed via server.xml.
Version-Release number of selected component (if applicable): 6.2.11
sorry, i meant to say that katello only connects to candlepin on localhost, not that katello itself runs on localhost:)
*** Bug 1188603 has been marked as a duplicate of this bug. ***
Currently showing the following on 6.3.0:
# netstat -tnpl | grep java
tcp6 0 0 :::8080 :::* LISTEN 11722/java
tcp6 0 0 :::8443 :::* LISTEN 11722/java
tcp6 0 0 127.0.0.1:8005 :::* LISTEN 11722/java
tcp6 0 0 :::8009 :::* LISTEN 11722/java
Will this be configurable in custom-hiera?
(In reply to Peter Gervase from comment #9)
> Will this be configurable in custom-hiera?
Why would it need to be? End users aren't supposed to interact directly with Tomcat.
Build Version: 6.8 Snap4
# rpm -q foreman-installer-2.1.0-0.3.1.rc2.el7sat.noarch
# sudo netstat -lnp|grep java
tcp6 0 0 127.0.0.1:8443 :::* LISTEN 21575/java
tcp6 0 0 127.0.0.1:8005 :::* LISTEN 21575/java
tcp6 0 0 :::8140 :::* LISTEN 21787/java
tcp6 0 0 127.0.0.1:61613 :::* LISTEN 21575/java
udp6 0 0 :::49220 :::* 21575/java
So here tomcat is communicating to candlepin via localhost(Katello).
One more thing the 8140 port is a puppet, not tomcat.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Important: Satellite 6.8 release), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.