Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set integration.api.port to 0 (zero) as default. #3504

Merged
merged 2 commits into from
Jul 22, 2019
Merged

Set integration.api.port to 0 (zero) as default. #3504

merged 2 commits into from
Jul 22, 2019

Conversation

GabrielBrascher
Copy link
Member

Description

CloudStack provides CloudStack API Unauthenticated Access through port
8096. It should not be open to the Internet in any case.

Fixes: #3450

Types of changes

  • Breaking change (fix or feature that would cause existing functionality to change)
  • New feature (non-breaking change which adds functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • Enhancement (improves an existing feature and functionality)
  • Cleanup (Code refactoring and cleanup, that may add test cases)

How Has This Been Tested?

Current behavior

  1. Deploy a fresh CloudStack environment
  2. Assert that the port 8096 is enabled by default.
  3. Verify that integration.api.port is indeed configured as 8096

WIth this PR

  1. Deploy a fresh CloudStack environment with packages from this PR
  2. Assert that the port 8096 is not enabled by default.
  3. Verify that integration.api.port is indeed configured as 0

Set integration.api.port to (0) zero as default.
ca9e77f 
CloudStack provides CloudStack API Unauthenticated Access through port
8096. It should not be open to the Internet in any case.
@GabrielBrascher GabrielBrascher added this to the 4.13.0.0 milestone Jul 19, 2019
@GabrielBrascher GabrielBrascher self-assigned this Jul 19, 2019
@GabrielBrascher GabrielBrascher mentioned this pull request Jul 19, 2019
Closed
@shwstppr
Copy link
Contributor

@blueorangutan package

@blueorangutan
Copy link

@shwstppr a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.

@blueorangutan
Copy link

Packaging result: ✔centos6 ✔centos7 ✔debian. JID-152

rohityadavcloud
rohityadavcloud approved these changes Jul 22, 2019
View reviewed changes
Copy link
Member

@rohityadavcloud rohityadavcloud left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, this was introduced in b363fd4

@rohityadavcloud
Copy link
Member

@blueorangutan package

@blueorangutan
Copy link

@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.

@anuragaw
Copy link
Contributor

I ran a fresh environment off the PR based on KVM and still see integration.api.port to be 8096 in GUI. Are there any additional steps involved or is that supposed to be 0 @GabrielBrascher ?

anuragaw
anuragaw reviewed Jul 22, 2019
View reviewed changes
Copy link
Contributor

@anuragaw anuragaw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Question above to double check as I see some different functionality when locally testing.

@blueorangutan
Copy link

Packaging result: ✖centos6 ✔centos7 ✔debian. JID-163

anuragaw
anuragaw approved these changes Jul 22, 2019
View reviewed changes
Copy link
Contributor

@anuragaw anuragaw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

It was maven debugger database thing before

@rohityadavcloud
Copy link
Member

@blueorangutan package

@blueorangutan
Copy link

@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.

@blueorangutan
Copy link

Packaging result: ✔centos6 ✔centos7 ✔debian. JID-166

@rohityadavcloud
Copy link
Member

Trillian is full capacity, merging this based on Travis job https://travis-ci.org/apache/cloudstack/jobs/561936104 and lgtms

@rohityadavcloud rohityadavcloud merged commit 6a336f8 into apache:master Jul 22, 2019
@rvalle rvalle mentioned this pull request Jan 28, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rohityadavcloud rohityadavcloud rohityadavcloud approved these changes

@DaanHoogland DaanHoogland DaanHoogland approved these changes

@anuragaw anuragaw anuragaw approved these changes

Assignees

@GabrielBrascher GabrielBrascher

Labels
Severity:BLOCKER type:bug type:security
Projects
None yet
Milestone
4.13.0.0
Development

Successfully merging this pull request may close these issues.

Port 8096 allows unauthenticated access from any IP.
7 participants
@GabrielBrascher @shwstppr @blueorangutan @rohityadavcloud @anuragaw @DaanHoogland @svenvogel