Bug #5351

oneuser hardcoded localhost

Added by Julio Nunez over 3 years ago. Updated over 3 years ago.

Status:ClosedStart date:09/06/2017
Priority:LowDue date:
Assignee:-% Done:

0%

Category:-
Target version:-
Resolution:worksforme Pull request:
Affected Versions:OpenNebula 5.4

Description

Using the oneuser command, the connection to the RPC2 daemon is always hardcoded to localhost, this creates an issue in special configuration scenarios.

For example, in my server I have 4 nics, each one configured with different private address ranges, due security settings, only certain traffic from one specific nic is allowed to manage the server, connect with SSH, make tcp connections or open unix sockets (including RPC calls).

In this case, for all localhost settings in the conf files, we changed to the address 10.0.9.1 to force and allow IPTABLES to manages open nebula specific traffic:

oned.conf:80:LISTEN_ADDRESS = "10.0.9.1"
sunstone-server.conf:27::one_xmlrpc: http://10.0.9.1:2633/RPC2
sunstone-server.conf:31::host: 10.0.9.1
sunstone-server.conf:155::oneflow_server: http://10.0.9.1:2474/
oneflow-server.conf:23::one_xmlrpc: http://10.0.9.1:2633/RPC2
econe.conf:25::one_xmlrpc: http://10.0.9.1:2633/RPC2
econe.conf:28::host: 10.0.9.1
sched.conf:72:ONE_XMLRPC = "http://10.0.9.1:2633/RPC2"
onegate-server.conf:23::one_xmlrpc: http://10.0.9.1:2633/RPC2
onegate-server.conf:62::oneflow_server: http://10.0.9.1:2474

But each time we tried to execute the command oneuser show (using the oneadmin user), we received the following message:

Failed to open TCP connection to localhost:2633 (Connection refused - connect(2) for "localhost" port 2633)

For testing purposes, we changed everything back to localhost instead of 10.0.9.1, after that we were able to connect to the RPC service without problem.

History

#1 Updated by Ruben S. Montero over 3 years ago

  • Status changed from Pending to Closed
  • Resolution set to worksforme

Also available in: Atom PDF