From 8e9b16a9eaef90add74b71e846371ef61396e19a Mon Sep 17 00:00:00 2001 From: Andrew Hale Date: Mon, 1 Sep 2014 18:53:30 +0100 Subject: [PATCH] Only bind SAIO daemons to localhost The SAIO configs have no default bind_ip setting configured which causes them to listen on all available IP addresses. This can be dangerous on a test machine with public interfaces, especially with the default passwords set. Its reasonable to choose a more restrictive setup, especially in SAIO which uses 127.0.0.1 throughout ring-builder, example commands and the probe tests. Change-Id: I471c49705ce09e07ec7acc07ee42a1e220529b82 --- doc/saio/swift/account-server/1.conf | 1 + doc/saio/swift/account-server/2.conf | 1 + doc/saio/swift/account-server/3.conf | 1 + doc/saio/swift/account-server/4.conf | 1 + doc/saio/swift/container-server/1.conf | 1 + doc/saio/swift/container-server/2.conf | 1 + doc/saio/swift/container-server/3.conf | 1 + doc/saio/swift/container-server/4.conf | 1 + doc/saio/swift/object-server/1.conf | 1 + doc/saio/swift/object-server/2.conf | 1 + doc/saio/swift/object-server/3.conf | 1 + doc/saio/swift/object-server/4.conf | 1 + doc/saio/swift/proxy-server.conf | 1 + 13 files changed, 13 insertions(+) diff --git a/doc/saio/swift/account-server/1.conf b/doc/saio/swift/account-server/1.conf index 116787f8cf..ce599a7c8d 100644 --- a/doc/saio/swift/account-server/1.conf +++ b/doc/saio/swift/account-server/1.conf @@ -2,6 +2,7 @@ devices = /srv/1/node mount_check = false disable_fallocate = true +bind_ip = 127.0.0.1 bind_port = 6012 workers = 1 user = diff --git a/doc/saio/swift/account-server/2.conf b/doc/saio/swift/account-server/2.conf index 7ba4c1f92f..0593e9ad39 100644 --- a/doc/saio/swift/account-server/2.conf +++ b/doc/saio/swift/account-server/2.conf @@ -2,6 +2,7 @@ devices = /srv/2/node mount_check = false disable_fallocate = true +bind_ip = 127.0.0.1 bind_port = 6022 workers = 1 user = diff --git a/doc/saio/swift/account-server/3.conf b/doc/saio/swift/account-server/3.conf index 882397d95d..abc27c2580 100644 --- a/doc/saio/swift/account-server/3.conf +++ b/doc/saio/swift/account-server/3.conf @@ -2,6 +2,7 @@ devices = /srv/3/node mount_check = false disable_fallocate = true +bind_ip = 127.0.0.1 bind_port = 6032 workers = 1 user = diff --git a/doc/saio/swift/account-server/4.conf b/doc/saio/swift/account-server/4.conf index 6e1d1ae437..cda9ac87b9 100644 --- a/doc/saio/swift/account-server/4.conf +++ b/doc/saio/swift/account-server/4.conf @@ -2,6 +2,7 @@ devices = /srv/4/node mount_check = false disable_fallocate = true +bind_ip = 127.0.0.1 bind_port = 6042 workers = 1 user = diff --git a/doc/saio/swift/container-server/1.conf b/doc/saio/swift/container-server/1.conf index 6e5a8d14f6..3062ca3a5a 100644 --- a/doc/saio/swift/container-server/1.conf +++ b/doc/saio/swift/container-server/1.conf @@ -2,6 +2,7 @@ devices = /srv/1/node mount_check = false disable_fallocate = true +bind_ip = 127.0.0.1 bind_port = 6011 workers = 1 user = diff --git a/doc/saio/swift/container-server/2.conf b/doc/saio/swift/container-server/2.conf index e10a88313a..6365215931 100644 --- a/doc/saio/swift/container-server/2.conf +++ b/doc/saio/swift/container-server/2.conf @@ -2,6 +2,7 @@ devices = /srv/2/node mount_check = false disable_fallocate = true +bind_ip = 127.0.0.1 bind_port = 6021 workers = 1 user = diff --git a/doc/saio/swift/container-server/3.conf b/doc/saio/swift/container-server/3.conf index a061aa3240..b925427ff0 100644 --- a/doc/saio/swift/container-server/3.conf +++ b/doc/saio/swift/container-server/3.conf @@ -2,6 +2,7 @@ devices = /srv/3/node mount_check = false disable_fallocate = true +bind_ip = 127.0.0.1 bind_port = 6031 workers = 1 user = diff --git a/doc/saio/swift/container-server/4.conf b/doc/saio/swift/container-server/4.conf index 644b412619..16799a524a 100644 --- a/doc/saio/swift/container-server/4.conf +++ b/doc/saio/swift/container-server/4.conf @@ -2,6 +2,7 @@ devices = /srv/4/node mount_check = false disable_fallocate = true +bind_ip = 127.0.0.1 bind_port = 6041 workers = 1 user = diff --git a/doc/saio/swift/object-server/1.conf b/doc/saio/swift/object-server/1.conf index 4d7b46e5cc..c0300ee558 100644 --- a/doc/saio/swift/object-server/1.conf +++ b/doc/saio/swift/object-server/1.conf @@ -2,6 +2,7 @@ devices = /srv/1/node mount_check = false disable_fallocate = true +bind_ip = 127.0.0.1 bind_port = 6010 workers = 1 user = diff --git a/doc/saio/swift/object-server/2.conf b/doc/saio/swift/object-server/2.conf index 0caea5e028..71d373a48e 100644 --- a/doc/saio/swift/object-server/2.conf +++ b/doc/saio/swift/object-server/2.conf @@ -2,6 +2,7 @@ devices = /srv/2/node mount_check = false disable_fallocate = true +bind_ip = 127.0.0.1 bind_port = 6020 workers = 1 user = diff --git a/doc/saio/swift/object-server/3.conf b/doc/saio/swift/object-server/3.conf index c200867d76..4c103b3041 100644 --- a/doc/saio/swift/object-server/3.conf +++ b/doc/saio/swift/object-server/3.conf @@ -2,6 +2,7 @@ devices = /srv/3/node mount_check = false disable_fallocate = true +bind_ip = 127.0.0.1 bind_port = 6030 workers = 1 user = diff --git a/doc/saio/swift/object-server/4.conf b/doc/saio/swift/object-server/4.conf index 6c2d513d75..c51d12215e 100644 --- a/doc/saio/swift/object-server/4.conf +++ b/doc/saio/swift/object-server/4.conf @@ -2,6 +2,7 @@ devices = /srv/4/node mount_check = false disable_fallocate = true +bind_ip = 127.0.0.1 bind_port = 6040 workers = 1 user = diff --git a/doc/saio/swift/proxy-server.conf b/doc/saio/swift/proxy-server.conf index 4ed132197c..233ba9e3fe 100644 --- a/doc/saio/swift/proxy-server.conf +++ b/doc/saio/swift/proxy-server.conf @@ -1,4 +1,5 @@ [DEFAULT] +bind_ip = 127.0.0.1 bind_port = 8080 workers = 1 user =