thr3ads.net - Puppet users - [Puppet Users] puppetdb listening on TCP Ports 1099 and 58772 [Dec 2012]

If this information is useful, please help other people find it:
Share via:

Michael Henry

2012-Dec-24 09:27 UTC

[Puppet Users] puppetdb listening on TCP Ports 1099 and 58772

PuppetDB is operating fine, but I can''t figure out how to disable it
from
listening globally on TCP 1099 or 58722

How do I disable them from listening globally without having to resort to 
iptables?

$ lsof -i -n -P | grep java | grep LISTEN
java      30115 puppetdb   22u  IPv6 119118      0t0  TCP *:1099 (LISTEN)
java      30115 puppetdb   23u  IPv6 117236      0t0  TCP *:58772 (LISTEN)
java      30115 puppetdb   40u  IPv6 117241      0t0  TCP 127.0.0.1:8080 
(LISTEN)
java      30115 puppetdb   45u  IPv6 117247      0t0  TCP 127.0.0.1:8081 
(LISTEN)

$ netstat -tnlp | grep java
tcp6       0      0 :::1099                 :::*                    
LISTEN      30115/java      
tcp6       0      0 127.0.0.1:8080          :::*                    
LISTEN      30115/java      
tcp6       0      0 127.0.0.1:8081          :::*                    
LISTEN      30115/java      
tcp6       0      0 :::58772                :::*                    
LISTEN      30115/java      

This is what NMAP says they are:

PORT      STATE SERVICE VERSION
1099/tcp  open  jrmi    Java RMI
58772/tcp open  unknown

Java RMI:  http://en.wikipedia.org/wiki/Java_remote_method_invocation

My relevant configurations:
$ egrep ''(port|host|1099|58772)'' /etc/puppetdb/conf.d/*
/etc/puppetdb/conf.d/database.ini:# For PostgreSQL: //host:port/databaseName
/etc/puppetdb/conf.d/database.ini:subname = //localhost:5432/puppetdb
/etc/puppetdb/conf.d/jetty.ini:# Hostname to list for clear-text HTTP.  
Default is localhost
/etc/puppetdb/conf.d/jetty.ini:host = localhost
/etc/puppetdb/conf.d/jetty.ini:port = 8080
/etc/puppetdb/conf.d/jetty.ini:ssl-host = localhost
/etc/puppetdb/conf.d/jetty.ini:ssl-port = 8081
/etc/puppetdb/conf.d/repl.ini:# What port the REPL should listen on
/etc/puppetdb/conf.d/repl.ini:port = 8082

OS:  Ubuntu 12.04 LTS x86_64
Puppetdb 1.0.5
Puppet 3.0.1

Is there a setting I''ve missed?

Thanks in advance.

Respectfully,

Michael Henry (Mike)


-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/VC9-avQhW2IJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Michael Henry

2012-Dec-24 17:53 UTC

head link

[Puppet Users] Re: puppetdb listening on TCP Ports 1099 and 58772

I ran across another thread that mentioned this same behavior, but that it 
didn''t happen on centos.  So I''m wondering:  Is this something
about
Ubuntu''s packaging of openjdk-6-jre-headless, which puppetdb depends
on?
Any ideas?

Still, I''ve found no solution and come to no conclusions.  Any help
would
be appreciated.  :-)

Out of curiosity, I ran the command, below (from puppetdb-foreground).  
It''s pretty clear that puppetdb is somehow loading the RMI classes.

$ su puppetdb -s /bin/bash -c "/usr/bin/java -verbose -Xmx192m 
-XX:+HeapDumpOnOutOfMemoryError 
-XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof  -jar 
/usr/share/puppetdb/puppetdb.jar services -c /etc/puppetdb/conf.d $@"
2>&1
|  egrep -i ''\b(rmi|registry)\b''

[Loaded java.rmi.server.RMIServerSocketFactory from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.registry.LocateRegistry from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.Remote from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.registry.Registry from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.RemoteObject from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.RemoteServer from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.registry.RegistryImpl from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.RemoteRef from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.ServerRef from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.server.Dispatcher from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.server.UnicastRef from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.server.UnicastServerRef from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.server.Util from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.LogStream from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.runtime.Log from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.runtime.Log$LogFactory from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.runtime.Log$LoggerLogFactory from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.runtime.Log$LoggerLog from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.runtime.Log$LoggerLog$1 from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.runtime.Log$InternalStreamHandler from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.server.WeakClassHashMap from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.server.UnicastServerRef$HashToMethod_Maps from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.ObjID from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.UID from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.LiveRef from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.Endpoint from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.tcp.TCPEndpoint from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.Transport from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.tcp.TCPTransport from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.tcp.TCPTransport$1 from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.RMIClientSocketFactory from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.RMISocketFactory from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.proxy.RMIMasterSocketFactory from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.proxy.RMIDirectSocketFactory from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.server.UnicastServerRef2 from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.server.UnicastRef2 from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.RemoteStub from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.registry.RegistryImpl_Stub from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.Operation from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.Skeleton from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.registry.RegistryImpl_Skel from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.Target from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.WeakRef from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.ObjectTable from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.dgc.DGC from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.DGCImpl from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.runtime.RuntimeUtil$GetInstanceAction from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.runtime.RuntimeUtil from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.runtime.RuntimeUtil$1 from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.DGCImpl$2 from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.DGCImpl_Stub from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.DGCImpl_Skel from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.ObjectEndpoint from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.runtime.NewThreadAction from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.runtime.NewThreadAction$1 from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.runtime.NewThreadAction$2 from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.tcp.TCPTransport$AcceptLoop from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.server.WeakClassHashMap$ValueCell from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.RemoteException from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.AccessException from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.NotBoundException from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.AlreadyBoundException from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.server.UnicastServerRef$HashToMethod_Maps$1 from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded com.sun.jmx.remote.protocol.rmi.ServerProvider from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded javax.management.remote.rmi.RMIConnectorServer from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded javax.management.remote.rmi.RMIServer from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded javax.management.remote.rmi.RMIServerImpl from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded javax.management.remote.rmi.RMIJRMPServerImpl from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.UnicastRemoteObject from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded javax.management.remote.rmi.RMIServerImpl_Stub from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded javax.management.remote.rmi.RMIConnection from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.SkeletonNotFoundException from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.ObjectTable$Reaper from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded javax.management.remote.rmi.RMIConnector from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded javax.management.remote.rmi.NoCallStackClassLoader from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded javax.management.remote.rmi.RMIConnector$1 from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded javax.management.remote.rmi.RMIConnectionImpl_Stub from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.MarshalledObject from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded javax.management.remote.rmi.RMIConnector$2 from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded javax.rmi.CORBA.Stub from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded org.omg.stub.javax.management.remote.rmi._RMIConnection_Stub from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded com.sun.jndi.url.rmi.rmiURLContextFactory from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded com.sun.jndi.url.rmi.rmiURLContext from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded com.sun.jndi.rmi.registry.RegistryContext from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded com.sun.jndi.rmi.registry.AtomicNameParser from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.Channel from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.tcp.TCPChannel from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.Connection from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.tcp.TCPTransport$ConnectionHandler from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.tcp.TCPConnection from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.proxy.RMISocketInfo from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.RemoteCall from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.StreamRemoteCall from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.server.MarshalOutputStream from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.ConnectionOutputStream from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.server.MarshalOutputStream$1 from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.NoSuchObjectException from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.RMIClassLoader from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.RMIClassLoaderSpi from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.RMIClassLoader$2 from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.server.RMIClassLoader$1 from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.server.LoaderHandler from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.DGCAckHandler from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.server.MarshalInputStream from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.ConnectionInputStream from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.activation.ActivationSystem from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.server.Activation$ActivationSystemImpl_Stub from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.activation.ActivationGroupID from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.activation.ActivationInstantiator from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.activation.ActivationDesc from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.activation.ActivationID from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.activation.ActivationException from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.activation.UnknownGroupException from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.activation.ActivationMonitor from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.activation.UnknownObjectException from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.activation.ActivationGroupDesc from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.DGCAckHandler$1 from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.Transport$1 from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.DGCClient from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.dgc.VMID from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.dgc.VMID$1 from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.DGCClient$EndpointEntry from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.DGCClient$EndpointEntry$RenewCleanThread from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.DGCClient$EndpointEntry$RefEntry from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.DGCClient$EndpointEntry$RefEntry$PhantomLiveRef 
from /usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded java.rmi.dgc.Lease from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.DGCImpl$LeaseInfo from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.DGCImpl$1 from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.SequenceEntry from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.tcp.TCPChannel$1 from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.transport.DGCClient$EndpointEntry$1 from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.registry.RegistryImpl$1 from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]
[Loaded sun.rmi.registry.RegistryImpl$2 from 
/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar]


On Monday, December 24, 2012 1:27:24 AM UTC-8, Michael Henry
wrote:>
> PuppetDB is operating fine, but I can''t figure out how to disable
it from
> listening globally on TCP 1099 or 58722
>
> How do I disable them from listening globally without having to resort to 
> iptables?
>
> $ lsof -i -n -P | grep java | grep LISTEN
> java      30115 puppetdb   22u  IPv6 119118      0t0  TCP *:1099 (LISTEN)
> java      30115 puppetdb   23u  IPv6 117236      0t0  TCP *:58772 (LISTEN)
> java      30115 puppetdb   40u  IPv6 117241      0t0  TCP
127.0.0.1:8080(LISTEN)
> java      30115 puppetdb   45u  IPv6 117247      0t0  TCP
127.0.0.1:8081(LISTEN)
>
> $ netstat -tnlp | grep java
> tcp6       0      0 :::1099                 :::*                    
> LISTEN      30115/java      
> tcp6       0      0 127.0.0.1:8080          :::*                    
> LISTEN      30115/java      
> tcp6       0      0 127.0.0.1:8081          :::*                    
> LISTEN      30115/java      
> tcp6       0      0 :::58772                :::*                    
> LISTEN      30115/java      
>
> This is what NMAP says they are:
>
> PORT      STATE SERVICE VERSION
> 1099/tcp  open  jrmi    Java RMI
> 58772/tcp open  unknown
>
> Java RMI:  http://en.wikipedia.org/wiki/Java_remote_method_invocation
>
> My relevant configurations:
> $ egrep ''(port|host|1099|58772)'' /etc/puppetdb/conf.d/*
> /etc/puppetdb/conf.d/database.ini:# For PostgreSQL: 
> //host:port/databaseName
> /etc/puppetdb/conf.d/database.ini:subname = //localhost:5432/puppetdb
> /etc/puppetdb/conf.d/jetty.ini:# Hostname to list for clear-text HTTP.  
> Default is localhost
> /etc/puppetdb/conf.d/jetty.ini:host = localhost
> /etc/puppetdb/conf.d/jetty.ini:port = 8080
> /etc/puppetdb/conf.d/jetty.ini:ssl-host = localhost
> /etc/puppetdb/conf.d/jetty.ini:ssl-port = 8081
> /etc/puppetdb/conf.d/repl.ini:# What port the REPL should listen on
> /etc/puppetdb/conf.d/repl.ini:port = 8082
>
> OS:  Ubuntu 12.04 LTS x86_64
> Puppetdb 1.0.5
> Puppet 3.0.1
>
> Is there a setting I''ve missed?
>
> Thanks in advance.
>
> Respectfully,
>
> Michael Henry (Mike)
>
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/0vlSetd9vVIJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Michael Henry

2012-Dec-27 10:47 UTC

head link

[Puppet Users] Re: puppetdb listening on TCP Ports 1099 and 58772

So, nobody is able to explain to me why puppetdb is running Java RMI 
service on all interfaces when it''s otherwise not configured to?

Really, there''s got to be a way to stop this aside from using iptables.

$ lsof -i -n -P | grep java | grep LISTEN
java      31464 puppetdb   21u  IPv6 715671      0t0  TCP *:1099 (LISTEN)
java      31464 puppetdb   22u  IPv6 717146      0t0  TCP *:40196 (LISTEN)  
# note: port changes since original post
java      31464 puppetdb   39u  IPv6 717150      0t0  TCP 127.0.0.1:8080 
(LISTEN)
java      31464 puppetdb   44u  IPv6 715700      0t0  TCP 127.0.0.1:8081 
(LISTEN)

$ uname -a 
Linux neocrime.net 3.6.11 #5 SMP Sat Dec 22 21:02:13 UTC 2012 x86_64 x86_64 
x86_64 GNU/Linux

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 12.04.1 LTS
Release:        12.04
Codename:       precise

$dpkg -l puppetdb puppetmaster postgresql rubygems openjdk-6-jre-headless
...
ii  openjdk-6-jre-headle 6b24-1.11.5-0ubuntu1 OpenJDK Java runtime, using 
Hotspot JIT (headless)
ii  postgresql           9.1+129ubuntu1       object-relational SQL 
database (supported version)
ii  puppetdb             1.0.5-1puppetlabs1   PuppetDB Centralized Storage.
ii  puppetmaster         3.0.2-1puppetlabs1   Centralized configuration 
management - master startup an
ii  rubygems             1.8.21-0~28~precise1 package management framework 
for Ruby libraries/applicat

$ cat /etc/apt/sources.list.d/PuppetLabs.list 
deb http://apt.puppetlabs.com precise main

$ cat /etc/puppetdb/conf.d/* | grep -v ''^#''
[global]
vardir = /var/lib/puppetdb
logging-config = /etc/puppetdb/conf.d/../log4j.properties
resource-query-limit = 20000
[command-processing]
[database]
classname = org.postgresql.Driver
subprotocol = postgresql
subname = //localhost:5432/puppetdb
log-slow-statements = 10
syntax_pgs = true
gc-interval = 60
username = puppetdb
password = redacted
[jetty]
host = localhost
port = 8080
ssl-host = localhost
ssl-port = 8081
keystore = /etc/puppetdb/ssl/keystore.jks
truststore = /etc/puppetdb/ssl/truststore.jks
key-password = redacted
trust-password = redacted
[repl]
enabled = false
type = nrepl
port = 8082


On Monday, December 24, 2012 1:27:24 AM UTC-8, Michael Henry
wrote:>
> PuppetDB is operating fine, but I can''t figure out how to disable
it from
> listening globally on TCP 1099 or 58722
>
> How do I disable them from listening globally without having to resort to 
> iptables?
>
> $ lsof -i -n -P | grep java | grep LISTEN
> java      30115 puppetdb   22u  IPv6 119118      0t0  TCP *:1099 (LISTEN)
> java      30115 puppetdb   23u  IPv6 117236      0t0  TCP *:58772 (LISTEN)
> java      30115 puppetdb   40u  IPv6 117241      0t0  TCP
127.0.0.1:8080(LISTEN)
> java      30115 puppetdb   45u  IPv6 117247      0t0  TCP
127.0.0.1:8081(LISTEN)
>
> $ netstat -tnlp | grep java
> tcp6       0      0 :::1099                 :::*                    
> LISTEN      30115/java      
> tcp6       0      0 127.0.0.1:8080          :::*                    
> LISTEN      30115/java      
> tcp6       0      0 127.0.0.1:8081          :::*                    
> LISTEN      30115/java      
> tcp6       0      0 :::58772                :::*                    
> LISTEN      30115/java      
>
> This is what NMAP says they are:
>
> PORT      STATE SERVICE VERSION
> 1099/tcp  open  jrmi    Java RMI
> 58772/tcp open  unknown
>
> Java RMI:  http://en.wikipedia.org/wiki/Java_remote_method_invocation
>
> My relevant configurations:
> $ egrep ''(port|host|1099|58772)'' /etc/puppetdb/conf.d/*
> /etc/puppetdb/conf.d/database.ini:# For PostgreSQL: 
> //host:port/databaseName
> /etc/puppetdb/conf.d/database.ini:subname = //localhost:5432/puppetdb
> /etc/puppetdb/conf.d/jetty.ini:# Hostname to list for clear-text HTTP.  
> Default is localhost
> /etc/puppetdb/conf.d/jetty.ini:host = localhost
> /etc/puppetdb/conf.d/jetty.ini:port = 8080
> /etc/puppetdb/conf.d/jetty.ini:ssl-host = localhost
> /etc/puppetdb/conf.d/jetty.ini:ssl-port = 8081
> /etc/puppetdb/conf.d/repl.ini:# What port the REPL should listen on
> /etc/puppetdb/conf.d/repl.ini:port = 8082
>
> OS:  Ubuntu 12.04 LTS x86_64
> Puppetdb 1.0.5
> Puppet 3.0.1
>
> Is there a setting I''ve missed?
>
> Thanks in advance.
>
> Respectfully,
>
> Michael Henry (Mike)
>
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/6gA8u8I8NAcJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Deepak Giridharagopal

2013-Jan-02 20:32 UTC

head link

Re: [Puppet Users] Re: puppetdb listening on TCP Ports 1099 and 58772

This is tracked in the following ticket:
http://projects.puppetlabs.com/issues/18285 , and there''s some
discussion
in the ticket about the particulars. A fix has been merged into master;
thanks for pointing this issue out to us!

deepak


On Thu, Dec 27, 2012 at 2:47 AM, Michael Henry <mhenry@neocrime.com>
wrote:
> So, nobody is able to explain to me why puppetdb is running Java RMI
> service on all interfaces when it''s otherwise not configured to?
>
> Really, there''s got to be a way to stop this aside from using
iptables.
>
>
> $ lsof -i -n -P | grep java | grep LISTEN
> java      31464 puppetdb   21u  IPv6 715671      0t0  TCP *:1099 (LISTEN)
> java      31464 puppetdb   22u  IPv6 717146      0t0  TCP *:40196
> (LISTEN)  # note: port changes since original post
> java      31464 puppetdb   39u  IPv6 717150      0t0  TCP
127.0.0.1:8080(LISTEN)
> java      31464 puppetdb   44u  IPv6 715700      0t0  TCP
127.0.0.1:8081(LISTEN)
>
> $ uname -a
> Linux neocrime.net 3.6.11 #5 SMP Sat Dec 22 21:02:13 UTC 2012 x86_64
> x86_64 x86_64 GNU/Linux
>
> $ lsb_release -a
> No LSB modules are available.
> Distributor ID: Ubuntu
> Description:    Ubuntu 12.04.1 LTS
> Release:        12.04
> Codename:       precise
>
> $dpkg -l puppetdb puppetmaster postgresql rubygems openjdk-6-jre-headless
> ...
> ii  openjdk-6-jre-headle 6b24-1.11.5-0ubuntu1 OpenJDK Java runtime, using
> Hotspot JIT (headless)
> ii  postgresql           9.1+129ubuntu1       object-relational SQL
> database (supported version)
> ii  puppetdb             1.0.5-1puppetlabs1   PuppetDB Centralized Storage.
> ii  puppetmaster         3.0.2-1puppetlabs1   Centralized configuration
> management - master startup an
> ii  rubygems             1.8.21-0~28~precise1 package management framework
> for Ruby libraries/applicat
>
> $ cat /etc/apt/sources.list.d/PuppetLabs.list
> deb http://apt.puppetlabs.com precise main
>
> $ cat /etc/puppetdb/conf.d/* | grep -v ''^#''
> [global]
> vardir = /var/lib/puppetdb
> logging-config = /etc/puppetdb/conf.d/../log4j.properties
> resource-query-limit = 20000
> [command-processing]
> [database]
> classname = org.postgresql.Driver
> subprotocol = postgresql
> subname = //localhost:5432/puppetdb
> log-slow-statements = 10
> syntax_pgs = true
> gc-interval = 60
> username = puppetdb
> password = redacted
> [jetty]
> host = localhost
> port = 8080
> ssl-host = localhost
> ssl-port = 8081
> keystore = /etc/puppetdb/ssl/keystore.jks
> truststore = /etc/puppetdb/ssl/truststore.jks
> key-password = redacted
> trust-password = redacted
> [repl]
> enabled = false
> type = nrepl
> port = 8082
>
>
>
> On Monday, December 24, 2012 1:27:24 AM UTC-8, Michael Henry wrote:
>
>> PuppetDB is operating fine, but I can''t figure out how to
disable it from
>> listening globally on TCP 1099 or 58722
>>
>> How do I disable them from listening globally without having to resort
to
>> iptables?
>>
>> $ lsof -i -n -P | grep java | grep LISTEN
>> java      30115 puppetdb   22u  IPv6 119118      0t0  TCP *:1099
(LISTEN)
>> java      30115 puppetdb   23u  IPv6 117236      0t0  TCP *:58772
(LISTEN)
>> java      30115 puppetdb   40u  IPv6 117241      0t0  TCP
127.0.0.1:8080(LISTEN)
>> java      30115 puppetdb   45u  IPv6 117247      0t0  TCP
127.0.0.1:8081(LISTEN)
>>
>> $ netstat -tnlp | grep java
>> tcp6       0      0 :::1099                 :::*
>> LISTEN      30115/java
>> tcp6       0      0 127.0.0.1:8080          :::*
>> LISTEN      30115/java
>> tcp6       0      0 127.0.0.1:8081          :::*
>> LISTEN      30115/java
>> tcp6       0      0 :::58772                :::*
>> LISTEN      30115/java
>>
>> This is what NMAP says they are:
>>
>> PORT      STATE SERVICE VERSION
>> 1099/tcp  open  jrmi    Java RMI
>> 58772/tcp open  unknown
>>
>> Java RMI: 
http://en.wikipedia.org/wiki/**Java_remote_method_invocation<http://en.wikipedia.org/wiki/Java_remote_method_invocation>
>>
>> My relevant configurations:
>> $ egrep ''(port|host|1099|58772)''
/etc/puppetdb/conf.d/*
>> /etc/puppetdb/conf.d/database.**ini:# For PostgreSQL:
>> //host:port/databaseName
>> /etc/puppetdb/conf.d/database.**ini:subname = //localhost:5432/puppetdb
>> /etc/puppetdb/conf.d/jetty.**ini:# Hostname to list for clear-text
>> HTTP.  Default is localhost
>> /etc/puppetdb/conf.d/jetty.**ini:host = localhost
>> /etc/puppetdb/conf.d/jetty.**ini:port = 8080
>> /etc/puppetdb/conf.d/jetty.**ini:ssl-host = localhost
>> /etc/puppetdb/conf.d/jetty.**ini:ssl-port = 8081
>> /etc/puppetdb/conf.d/repl.ini:**# What port the REPL should listen on
>> /etc/puppetdb/conf.d/repl.ini:**port = 8082
>>
>> OS:  Ubuntu 12.04 LTS x86_64
>> Puppetdb 1.0.5
>> Puppet 3.0.1
>>
>> Is there a setting I''ve missed?
>>
>> Thanks in advance.
>>
>> Respectfully,
>>
>> Michael Henry (Mike)
>>
>>
>>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/6gA8u8I8NAcJ.
>
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Apparently Analagous Threads

Search for more reasonably related threads

Puppet users - Dec 2012 - puppetdb listening on TCP Ports 1099 and 58772

[Puppet Users] puppetdb listening on TCP Ports 1099 and 58772

[Puppet Users] Re: puppetdb listening on TCP Ports 1099 and 58772

[Puppet Users] Re: puppetdb listening on TCP Ports 1099 and 58772

Re: [Puppet Users] Re: puppetdb listening on TCP Ports 1099 and 58772

Apparently Analagous Threads