[Puppet Users] puppetdb listening on TCP Ports 1099 and 58772

[Puppet Users] puppetdb listening on TCP Ports 1099 and 58772

	Michael Henry
	Dec 24, 2012 at 9:39 am

PuppetDB is operating fine, but I can't figure out how to disable it from
listening globally on TCP 1099 or 58722

How do I disable them from listening globally without having to resort to
iptables?

$ lsof -i -n -P | grep java | grep LISTEN
java 30115 puppetdb 22u IPv6 119118 0t0 TCP *:1099 (LISTEN)
java 30115 puppetdb 23u IPv6 117236 0t0 TCP *:58772 (LISTEN)
java 30115 puppetdb 40u IPv6 117241 0t0 TCP 127.0.0.1:8080
(LISTEN)
java 30115 puppetdb 45u IPv6 117247 0t0 TCP 127.0.0.1:8081
(LISTEN)

$ netstat -tnlp | grep java
tcp6 0 0 :::1099 :::*
LISTEN 30115/java
tcp6 0 0 127.0.0.1:8080 :::*
LISTEN 30115/java
tcp6 0 0 127.0.0.1:8081 :::*
LISTEN 30115/java
tcp6 0 0 :::58772 :::*
LISTEN 30115/java

This is what NMAP says they are:

PORT STATE SERVICE VERSION
1099/tcp open jrmi Java RMI
58772/tcp open unknown

Java RMI: http://en.wikipedia.org/wiki/Java_remote_method_invocation

My relevant configurations:
$ egrep '(port|host|1099|58772)' /etc/puppetdb/conf.d/*
/etc/puppetdb/conf.d/database.ini:# For PostgreSQL: //host:port/databaseName
/etc/puppetdb/conf.d/database.ini:subname = //localhost:5432/puppetdb
/etc/puppetdb/conf.d/jetty.ini:# Hostname to list for clear-text HTTP.
Default is localhost
/etc/puppetdb/conf.d/jetty.ini:host = localhost
/etc/puppetdb/conf.d/jetty.ini:port = 8080
/etc/puppetdb/conf.d/jetty.ini:ssl-host = localhost
/etc/puppetdb/conf.d/jetty.ini:ssl-port = 8081
/etc/puppetdb/conf.d/repl.ini:# What port the REPL should listen on
/etc/puppetdb/conf.d/repl.ini:port = 8082

OS: Ubuntu 12.04 LTS x86_64
Puppetdb 1.0.5
Puppet 3.0.1

Is there a setting I've missed?

Thanks in advance.

Respectfully,

Michael Henry (Mike)

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/VC9-avQhW2IJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to [email protected].
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

3 responses
Oldest
Nested

Michael Henry

at Dec 24, 2012 at 5:53 pm

⇧

I ran across another thread that mentioned this same behavior, but that it
didn't happen on centos. So I'm wondering: Is this something about
Ubuntu's packaging of openjdk-6-jre-headless, which puppetdb depends on?
Any ideas?

Still, I've found no solution and come to no conclusions. Any help would
be appreciated. :-)

Out of curiosity, I ran the command, below (from puppetdb-foreground).
It's pretty clear that puppetdb is somehow loading the RMI classes.

$ su puppetdb -s /bin/bash -c "/usr/bin/java -verbose -Xmx192m
-XX:+HeapDumpOnOutOfMemoryError
-XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof -jar
/usr/share/puppetdb/puppetdb.jar services -c /etc/puppetdb/conf.d $@" 2>&1

egrep -i '\b(rmi|registry)\b'

[Loaded java.rmi.server.RMIServerSocketFactory from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.registry.LocateRegistry from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.Remote from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.registry.Registry from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.RemoteObject from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.RemoteServer from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.registry.RegistryImpl from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.RemoteRef from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.ServerRef from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.server.Dispatcher from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.server.UnicastRef from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.server.UnicastServerRef from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.server.Util from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.LogStream from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.runtime.Log from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.runtime.Log$LogFactory from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.runtime.Log$LoggerLogFactory from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.runtime.Log$LoggerLog from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.runtime.Log$LoggerLog$1 from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.runtime.Log$InternalStreamHandler from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.server.WeakClassHashMap from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.server.UnicastServerRef$HashToMethod_Maps from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.ObjID from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.UID from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.LiveRef from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.Endpoint from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.tcp.TCPEndpoint from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.Transport from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.tcp.TCPTransport from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.tcp.TCPTransport$1 from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.RMIClientSocketFactory from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.RMISocketFactory from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.proxy.RMIMasterSocketFactory from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.proxy.RMIDirectSocketFactory from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.server.UnicastServerRef2 from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.server.UnicastRef2 from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.RemoteStub from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.registry.RegistryImpl_Stub from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.Operation from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.Skeleton from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.registry.RegistryImpl_Skel from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.Target from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.WeakRef from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.ObjectTable from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.dgc.DGC from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.DGCImpl from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.runtime.RuntimeUtil$GetInstanceAction from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.runtime.RuntimeUtil from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.runtime.RuntimeUtil$1 from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.DGCImpl$2 from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.DGCImpl_Stub from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.DGCImpl_Skel from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.ObjectEndpoint from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.runtime.NewThreadAction from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.runtime.NewThreadAction$1 from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.runtime.NewThreadAction$2 from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.tcp.TCPTransport$AcceptLoop from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.server.WeakClassHashMap$ValueCell from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.RemoteException from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.AccessException from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.NotBoundException from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.AlreadyBoundException from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.server.UnicastServerRef$HashToMethod_Maps$1 from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded com.sun.jmx.remote.protocol.rmi.ServerProvider from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded javax.management.remote.rmi.RMIConnectorServer from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded javax.management.remote.rmi.RMIServer from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded javax.management.remote.rmi.RMIServerImpl from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded javax.management.remote.rmi.RMIJRMPServerImpl from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.UnicastRemoteObject from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded javax.management.remote.rmi.RMIServerImpl_Stub from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded javax.management.remote.rmi.RMIConnection from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.SkeletonNotFoundException from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.ObjectTable$Reaper from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded javax.management.remote.rmi.RMIConnector from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded javax.management.remote.rmi.NoCallStackClassLoader from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded javax.management.remote.rmi.RMIConnector$1 from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded javax.management.remote.rmi.RMIConnectionImpl_Stub from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.MarshalledObject from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded javax.management.remote.rmi.RMIConnector$2 from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded javax.rmi.CORBA.Stub from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded org.omg.stub.javax.management.remote.rmi._RMIConnection_Stub from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded com.sun.jndi.url.rmi.rmiURLContextFactory from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded com.sun.jndi.url.rmi.rmiURLContext from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded com.sun.jndi.rmi.registry.RegistryContext from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded com.sun.jndi.rmi.registry.AtomicNameParser from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.Channel from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.tcp.TCPChannel from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.Connection from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.tcp.TCPTransport$ConnectionHandler from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.tcp.TCPConnection from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.proxy.RMISocketInfo from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.RemoteCall from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.StreamRemoteCall from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.server.MarshalOutputStream from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.ConnectionOutputStream from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.server.MarshalOutputStream$1 from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.NoSuchObjectException from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.RMIClassLoader from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.RMIClassLoaderSpi from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.RMIClassLoader$2 from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.RMIClassLoader$1 from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.server.LoaderHandler from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.DGCAckHandler from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.server.MarshalInputStream from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.ConnectionInputStream from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.activation.ActivationSystem from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.server.Activation$ActivationSystemImpl_Stub from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.activation.ActivationGroupID from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.activation.ActivationInstantiator from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.activation.ActivationDesc from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.activation.ActivationID from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.activation.ActivationException from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.activation.UnknownGroupException from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.activation.ActivationMonitor from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.activation.UnknownObjectException from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.activation.ActivationGroupDesc from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.DGCAckHandler$1 from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.Transport$1 from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.DGCClient from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.dgc.VMID from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.dgc.VMID$1 from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.DGCClient$EndpointEntry from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.DGCClient$EndpointEntry$RenewCleanThread from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.DGCClient$EndpointEntry$RefEntry from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.DGCClient$EndpointEntry$RefEntry$PhantomLiveRef
from /usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.dgc.Lease from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.DGCImpl$LeaseInfo from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.DGCImpl$1 from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.SequenceEntry from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.tcp.TCPChannel$1 from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.DGCClient$EndpointEntry$1 from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.registry.RegistryImpl$1 from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.registry.RegistryImpl$2 from
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]

On Monday, December 24, 2012 1:27:24 AM UTC-8, Michael Henry wrote:

PuppetDB is operating fine, but I can't figure out how to disable it from
listening globally on TCP 1099 or 58722

How do I disable them from listening globally without having to resort to
iptables?

$ lsof -i -n -P | grep java | grep LISTEN
java 30115 puppetdb 22u IPv6 119118 0t0 TCP *:1099 (LISTEN)
java 30115 puppetdb 23u IPv6 117236 0t0 TCP *:58772 (LISTEN)
java 30115 puppetdb 40u IPv6 117241 0t0 TCP 127.0.0.1:8080(LISTEN)
java 30115 puppetdb 45u IPv6 117247 0t0 TCP 127.0.0.1:8081(LISTEN)

$ netstat -tnlp | grep java
tcp6 0 0 :::1099 :::*
LISTEN 30115/java
tcp6 0 0 127.0.0.1:8080 :::*
LISTEN 30115/java
tcp6 0 0 127.0.0.1:8081 :::*
LISTEN 30115/java
tcp6 0 0 :::58772 :::*
LISTEN 30115/java

This is what NMAP says they are:

PORT STATE SERVICE VERSION
1099/tcp open jrmi Java RMI
58772/tcp open unknown

Java RMI: http://en.wikipedia.org/wiki/Java_remote_method_invocation

My relevant configurations:
$ egrep '(port|host|1099|58772)' /etc/puppetdb/conf.d/*
/etc/puppetdb/conf.d/database.ini:# For PostgreSQL:
//host:port/databaseName
/etc/puppetdb/conf.d/database.ini:subname = //localhost:5432/puppetdb
/etc/puppetdb/conf.d/jetty.ini:# Hostname to list for clear-text HTTP.
Default is localhost
/etc/puppetdb/conf.d/jetty.ini:host = localhost
/etc/puppetdb/conf.d/jetty.ini:port = 8080
/etc/puppetdb/conf.d/jetty.ini:ssl-host = localhost
/etc/puppetdb/conf.d/jetty.ini:ssl-port = 8081
/etc/puppetdb/conf.d/repl.ini:# What port the REPL should listen on
/etc/puppetdb/conf.d/repl.ini:port = 8082

OS: Ubuntu 12.04 LTS x86_64
Puppetdb 1.0.5
Puppet 3.0.1

Is there a setting I've missed?

Thanks in advance.

Respectfully,

Michael Henry (Mike)

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/0vlSetd9vVIJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to [email protected].
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

reply | permalink

Michael Henry

at Dec 27, 2012 at 10:47 am

⇧

So, nobody is able to explain to me why puppetdb is running Java RMI
service on all interfaces when it's otherwise not configured to?

Really, there's got to be a way to stop this aside from using iptables.

$ lsof -i -n -P | grep java | grep LISTEN
java 31464 puppetdb 21u IPv6 715671 0t0 TCP *:1099 (LISTEN)
java 31464 puppetdb 22u IPv6 717146 0t0 TCP *:40196 (LISTEN)
# note: port changes since original post
java 31464 puppetdb 39u IPv6 717150 0t0 TCP 127.0.0.1:8080
(LISTEN)
java 31464 puppetdb 44u IPv6 715700 0t0 TCP 127.0.0.1:8081
(LISTEN)

$ uname -a
Linux neocrime.net 3.6.11 #5 SMP Sat Dec 22 21:02:13 UTC 2012 x86_64 x86_64
x86_64 GNU/Linux

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 12.04.1 LTS
Release: 12.04
Codename: precise

$dpkg -l puppetdb puppetmaster postgresql rubygems openjdk-6-jre-headless
...
ii openjdk-6-jre-headle 6b24-1.11.5-0ubuntu1 OpenJDK Java runtime, using
Hotspot JIT (headless)
ii postgresql 9.1+129ubuntu1 object-relational SQL
database (supported version)
ii puppetdb 1.0.5-1puppetlabs1 PuppetDB Centralized Storage.
ii puppetmaster 3.0.2-1puppetlabs1 Centralized configuration
management - master startup an
ii rubygems 1.8.21-0~28~precise1 package management framework
for Ruby libraries/applicat

$ cat /etc/apt/sources.list.d/PuppetLabs.list
deb http://apt.puppetlabs.com precise main

$ cat /etc/puppetdb/conf.d/* | grep -v '^#'
[global]
vardir = /var/lib/puppetdb
logging-config = /etc/puppetdb/conf.d/../log4j.properties
resource-query-limit = 20000
[command-processing]
[database]
classname = org.postgresql.Driver
subprotocol = postgresql
subname = //localhost:5432/puppetdb
log-slow-statements = 10
syntax_pgs = true
gc-interval = 60
username = puppetdb
password = redacted
[jetty]
host = localhost
port = 8080
ssl-host = localhost
ssl-port = 8081
keystore = /etc/puppetdb/ssl/keystore.jks
truststore = /etc/puppetdb/ssl/truststore.jks
key-password = redacted
trust-password = redacted
[repl]
enabled = false
type = nrepl
port = 8082

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/6gA8u8I8NAcJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to [email protected].
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

reply | permalink

Deepak Giridharagopal

at Jan 2, 2013 at 8:32 pm

⇧

This is tracked in the following ticket:
http://projects.puppetlabs.com/issues/18285 , and there's some discussion
in the ticket about the particulars. A fix has been merged into master;
thanks for pointing this issue out to us!

deepak

On Thu, Dec 27, 2012 at 2:47 AM, Michael Henry wrote:

So, nobody is able to explain to me why puppetdb is running Java RMI
service on all interfaces when it's otherwise not configured to?

Really, there's got to be a way to stop this aside from using iptables.

$ lsof -i -n -P | grep java | grep LISTEN
java 31464 puppetdb 21u IPv6 715671 0t0 TCP *:1099 (LISTEN)
java 31464 puppetdb 22u IPv6 717146 0t0 TCP *:40196
(LISTEN) # note: port changes since original post
java 31464 puppetdb 39u IPv6 717150 0t0 TCP 127.0.0.1:8080(LISTEN)
java 31464 puppetdb 44u IPv6 715700 0t0 TCP 127.0.0.1:8081(LISTEN)

$ uname -a
Linux neocrime.net 3.6.11 #5 SMP Sat Dec 22 21:02:13 UTC 2012 x86_64
x86_64 x86_64 GNU/Linux

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 12.04.1 LTS
Release: 12.04
Codename: precise

$dpkg -l puppetdb puppetmaster postgresql rubygems openjdk-6-jre-headless
...
ii openjdk-6-jre-headle 6b24-1.11.5-0ubuntu1 OpenJDK Java runtime, using
Hotspot JIT (headless)
ii postgresql 9.1+129ubuntu1 object-relational SQL
database (supported version)
ii puppetdb 1.0.5-1puppetlabs1 PuppetDB Centralized Storage.
ii puppetmaster 3.0.2-1puppetlabs1 Centralized configuration
management - master startup an
ii rubygems 1.8.21-0~28~precise1 package management framework
for Ruby libraries/applicat

$ cat /etc/apt/sources.list.d/PuppetLabs.list
deb http://apt.puppetlabs.com precise main

$ cat /etc/puppetdb/conf.d/* | grep -v '^#'
[global]
vardir = /var/lib/puppetdb
logging-config = /etc/puppetdb/conf.d/../log4j.properties
resource-query-limit = 20000
[command-processing]
[database]
classname = org.postgresql.Driver
subprotocol = postgresql
subname = //localhost:5432/puppetdb
log-slow-statements = 10
syntax_pgs = true
gc-interval = 60
username = puppetdb
password = redacted
[jetty]
host = localhost
port = 8080
ssl-host = localhost
ssl-port = 8081
keystore = /etc/puppetdb/ssl/keystore.jks
truststore = /etc/puppetdb/ssl/truststore.jks
key-password = redacted
trust-password = redacted
[repl]
enabled = false
type = nrepl
port = 8082

On Monday, December 24, 2012 1:27:24 AM UTC-8, Michael Henry wrote:

PuppetDB is operating fine, but I can't figure out how to disable it from
listening globally on TCP 1099 or 58722

How do I disable them from listening globally without having to resort to
iptables?

$ lsof -i -n -P | grep java | grep LISTEN
java 30115 puppetdb 22u IPv6 119118 0t0 TCP *:1099 (LISTEN)
java 30115 puppetdb 23u IPv6 117236 0t0 TCP *:58772 (LISTEN)
java 30115 puppetdb 40u IPv6 117241 0t0 TCP 127.0.0.1:8080(LISTEN)
java 30115 puppetdb 45u IPv6 117247 0t0 TCP 127.0.0.1:8081(LISTEN)

$ netstat -tnlp | grep java
tcp6 0 0 :::1099 :::*
LISTEN 30115/java
tcp6 0 0 127.0.0.1:8080 :::*
LISTEN 30115/java
tcp6 0 0 127.0.0.1:8081 :::*
LISTEN 30115/java
tcp6 0 0 :::58772 :::*
LISTEN 30115/java

This is what NMAP says they are:

PORT STATE SERVICE VERSION
1099/tcp open jrmi Java RMI
58772/tcp open unknown

Java RMI: http://en.wikipedia.org/wiki/**Java_remote_method_invocation<http://en.wikipedia.org/wiki/Java_remote_method_invocation>

My relevant configurations:
$ egrep '(port|host|1099|58772)' /etc/puppetdb/conf.d/*
/etc/puppetdb/conf.d/database.**ini:# For PostgreSQL:
//host:port/databaseName
/etc/puppetdb/conf.d/database.**ini:subname = //localhost:5432/puppetdb
/etc/puppetdb/conf.d/jetty.**ini:# Hostname to list for clear-text
HTTP. Default is localhost
/etc/puppetdb/conf.d/jetty.**ini:host = localhost
/etc/puppetdb/conf.d/jetty.**ini:port = 8080
/etc/puppetdb/conf.d/jetty.**ini:ssl-host = localhost
/etc/puppetdb/conf.d/jetty.**ini:ssl-port = 8081
/etc/puppetdb/conf.d/repl.ini:**# What port the REPL should listen on
/etc/puppetdb/conf.d/repl.ini:**port = 8082

OS: Ubuntu 12.04 LTS x86_64
Puppetdb 1.0.5
Puppet 3.0.1

Is there a setting I've missed?

Thanks in advance.

Respectfully,

Michael Henry (Mike)

--

You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/6gA8u8I8NAcJ.

To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to [email protected].
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

reply | permalink

Related Discussions

Discussion Navigation

view	thread \| post

Discussion Overview

group	puppet-users @
categories	puppet
posted	Dec 24, '12 at 9:39a
active	Jan 2, '13 at 8:32p
posts	4
users	2
website	puppetlabs.com

responses	expanded	Hotkey: s
font	variable	Hotkey: f
user style	avatars	Hotkey: a

[Puppet Users] puppetdb listening on TCP Ports 1099 and 58772

Search Discussions

Related Discussions

2 users in discussion