Reserve Keystone ports from the ephemeral range

Reserve Keystone ports from the ephemeral range as early as reasonably
possible in the fixup_stuff.sh process to reduce the likelihood that the
port will be in use. This does not completely resolve the issue
where Keystone's IANA assigned port falls into Linux's ephemeral
range, but this should reduce the occurrences. The default ports
are 35357 and 35358.

Change-Id: I8cfb53d8f90c1ff1fb1083c59fefabca3d14323b
Partial-Bug: #1253482
This commit is contained in:
Morgan Fainberg 2014-06-12 15:08:48 -07:00 committed by Morgan Fainberg
parent 73ed4880a6
commit 6cae83efd7

@ -35,6 +35,30 @@ source $TOP_DIR/functions
FILES=$TOP_DIR/files
# Keystone Port Reservation
# -------------------------
# Reserve and prevent $KEYSTONE_AUTH_PORT and $KEYSTONE_AUTH_PORT_INT from
# being used as ephemeral ports by the system. The default(s) are 35357 and
# 35358 which are in the Linux defined ephemeral port range (in disagreement
# with the IANA ephemeral port range). This is a workaround for bug #1253482
# where Keystone will try and bind to the port and the port will already be
# in use as an ephemeral port by another process. This places an explicit
# exception into the Kernel for the Keystone AUTH ports.
keystone_ports=${KEYSTONE_AUTH_PORT:-35357},${KEYSTONE_AUTH_PORT_INT:-35358}
# Get any currently reserved ports, strip off leading whitespace
reserved_ports=$(sysctl net.ipv4.ip_local_reserved_ports | awk -F'=' '{print $2;}' | sed 's/^ //')
if [[ -z "${reserved_ports}" ]]; then
# If there are no currently reserved ports, reserve the keystone ports
sudo sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_ports}
else
# If there are currently reserved ports, keep those and also reserve the
# keystone specific ports. Duplicate reservations are merged into a single
# reservation (or range) automatically by the kernel.
sudo sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_ports},${reserved_ports}
fi
# Python Packages
# ---------------