Merge "Stop creating a keystone admin site"
This commit is contained in:
commit
fb2e741008
@ -666,7 +666,6 @@ In RegionTwo:
|
|||||||
|
|
||||||
disable_service horizon
|
disable_service horizon
|
||||||
KEYSTONE_SERVICE_HOST=<KEYSTONE_IP_ADDRESS_FROM_REGION_ONE>
|
KEYSTONE_SERVICE_HOST=<KEYSTONE_IP_ADDRESS_FROM_REGION_ONE>
|
||||||
KEYSTONE_AUTH_HOST=<KEYSTONE_IP_ADDRESS_FROM_REGION_ONE>
|
|
||||||
REGION_NAME=RegionTwo
|
REGION_NAME=RegionTwo
|
||||||
KEYSTONE_REGION_NAME=RegionOne
|
KEYSTONE_REGION_NAME=RegionOne
|
||||||
|
|
||||||
|
@ -1,5 +1,4 @@
|
|||||||
Listen %PUBLICPORT%
|
Listen %PUBLICPORT%
|
||||||
Listen %ADMINPORT%
|
|
||||||
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)" keystone_combined
|
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)" keystone_combined
|
||||||
|
|
||||||
<Directory %KEYSTONE_BIN%>
|
<Directory %KEYSTONE_BIN%>
|
||||||
@ -20,20 +19,6 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)"
|
|||||||
%SSLKEYFILE%
|
%SSLKEYFILE%
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
|
|
||||||
<VirtualHost *:%ADMINPORT%>
|
|
||||||
WSGIDaemonProcess keystone-admin processes=3 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
|
|
||||||
WSGIProcessGroup keystone-admin
|
|
||||||
WSGIScriptAlias / %KEYSTONE_BIN%/keystone-wsgi-admin
|
|
||||||
WSGIApplicationGroup %{GLOBAL}
|
|
||||||
WSGIPassAuthorization On
|
|
||||||
ErrorLogFormat "%M"
|
|
||||||
ErrorLog /var/log/%APACHE_NAME%/keystone.log
|
|
||||||
CustomLog /var/log/%APACHE_NAME%/keystone_access.log keystone_combined
|
|
||||||
%SSLENGINE%
|
|
||||||
%SSLCERTFILE%
|
|
||||||
%SSLKEYFILE%
|
|
||||||
</VirtualHost>
|
|
||||||
|
|
||||||
%SSLLISTEN%<VirtualHost *:443>
|
%SSLLISTEN%<VirtualHost *:443>
|
||||||
%SSLLISTEN% %SSLENGINE%
|
%SSLLISTEN% %SSLENGINE%
|
||||||
%SSLLISTEN% %SSLCERTFILE%
|
%SSLLISTEN% %SSLCERTFILE%
|
||||||
@ -49,13 +34,3 @@ Alias /identity %KEYSTONE_BIN%/keystone-wsgi-public
|
|||||||
WSGIApplicationGroup %{GLOBAL}
|
WSGIApplicationGroup %{GLOBAL}
|
||||||
WSGIPassAuthorization On
|
WSGIPassAuthorization On
|
||||||
</Location>
|
</Location>
|
||||||
|
|
||||||
Alias /identity_admin %KEYSTONE_BIN%/keystone-wsgi-admin
|
|
||||||
<Location /identity_admin>
|
|
||||||
SetHandler wsgi-script
|
|
||||||
Options +ExecCGI
|
|
||||||
|
|
||||||
WSGIProcessGroup keystone-admin
|
|
||||||
WSGIApplicationGroup %{GLOBAL}
|
|
||||||
WSGIPassAuthorization On
|
|
||||||
</Location>
|
|
||||||
|
32
lib/keystone
32
lib/keystone
@ -50,9 +50,7 @@ fi
|
|||||||
KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
|
KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
|
||||||
KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
|
KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
|
||||||
KEYSTONE_PUBLIC_UWSGI_CONF=$KEYSTONE_CONF_DIR/keystone-uwsgi-public.ini
|
KEYSTONE_PUBLIC_UWSGI_CONF=$KEYSTONE_CONF_DIR/keystone-uwsgi-public.ini
|
||||||
KEYSTONE_ADMIN_UWSGI_CONF=$KEYSTONE_CONF_DIR/keystone-uwsgi-admin.ini
|
|
||||||
KEYSTONE_PUBLIC_UWSGI=$KEYSTONE_BIN_DIR/keystone-wsgi-public
|
KEYSTONE_PUBLIC_UWSGI=$KEYSTONE_BIN_DIR/keystone-wsgi-public
|
||||||
KEYSTONE_ADMIN_UWSGI=$KEYSTONE_BIN_DIR/keystone-wsgi-admin
|
|
||||||
|
|
||||||
# KEYSTONE_DEPLOY defines how keystone is deployed, allowed values:
|
# KEYSTONE_DEPLOY defines how keystone is deployed, allowed values:
|
||||||
# - mod_wsgi : Run keystone under Apache HTTPd mod_wsgi
|
# - mod_wsgi : Run keystone under Apache HTTPd mod_wsgi
|
||||||
@ -81,21 +79,12 @@ KEYSTONE_RESOURCE_BACKEND=${KEYSTONE_RESOURCE_BACKEND:-sql}
|
|||||||
KEYSTONE_TOKEN_FORMAT=${KEYSTONE_TOKEN_FORMAT:-fernet}
|
KEYSTONE_TOKEN_FORMAT=${KEYSTONE_TOKEN_FORMAT:-fernet}
|
||||||
KEYSTONE_TOKEN_FORMAT=$(echo ${KEYSTONE_TOKEN_FORMAT} | tr '[:upper:]' '[:lower:]')
|
KEYSTONE_TOKEN_FORMAT=$(echo ${KEYSTONE_TOKEN_FORMAT} | tr '[:upper:]' '[:lower:]')
|
||||||
|
|
||||||
# Set Keystone interface configuration
|
|
||||||
KEYSTONE_AUTH_HOST=${KEYSTONE_AUTH_HOST:-$SERVICE_HOST}
|
|
||||||
KEYSTONE_AUTH_PORT=${KEYSTONE_AUTH_PORT:-35357}
|
|
||||||
KEYSTONE_AUTH_PORT_INT=${KEYSTONE_AUTH_PORT_INT:-35358}
|
|
||||||
KEYSTONE_AUTH_PROTOCOL=${KEYSTONE_AUTH_PROTOCOL:-$SERVICE_PROTOCOL}
|
|
||||||
|
|
||||||
# Public facing bits
|
# Public facing bits
|
||||||
KEYSTONE_SERVICE_HOST=${KEYSTONE_SERVICE_HOST:-$SERVICE_HOST}
|
KEYSTONE_SERVICE_HOST=${KEYSTONE_SERVICE_HOST:-$SERVICE_HOST}
|
||||||
KEYSTONE_SERVICE_PORT=${KEYSTONE_SERVICE_PORT:-5000}
|
KEYSTONE_SERVICE_PORT=${KEYSTONE_SERVICE_PORT:-5000}
|
||||||
KEYSTONE_SERVICE_PORT_INT=${KEYSTONE_SERVICE_PORT_INT:-5001}
|
KEYSTONE_SERVICE_PORT_INT=${KEYSTONE_SERVICE_PORT_INT:-5001}
|
||||||
KEYSTONE_SERVICE_PROTOCOL=${KEYSTONE_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
|
KEYSTONE_SERVICE_PROTOCOL=${KEYSTONE_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
|
||||||
|
|
||||||
# Bind hosts
|
|
||||||
KEYSTONE_ADMIN_BIND_HOST=${KEYSTONE_ADMIN_BIND_HOST:-$KEYSTONE_SERVICE_HOST}
|
|
||||||
|
|
||||||
# Set the project for service accounts in Keystone
|
# Set the project for service accounts in Keystone
|
||||||
SERVICE_DOMAIN_NAME=${SERVICE_DOMAIN_NAME:-Default}
|
SERVICE_DOMAIN_NAME=${SERVICE_DOMAIN_NAME:-Default}
|
||||||
SERVICE_PROJECT_NAME=${SERVICE_PROJECT_NAME:-service}
|
SERVICE_PROJECT_NAME=${SERVICE_PROJECT_NAME:-service}
|
||||||
@ -106,7 +95,6 @@ SERVICE_TENANT_NAME=${SERVICE_PROJECT_NAME:-service}
|
|||||||
|
|
||||||
# if we are running with SSL use https protocols
|
# if we are running with SSL use https protocols
|
||||||
if is_service_enabled tls-proxy; then
|
if is_service_enabled tls-proxy; then
|
||||||
KEYSTONE_AUTH_PROTOCOL="https"
|
|
||||||
KEYSTONE_SERVICE_PROTOCOL="https"
|
KEYSTONE_SERVICE_PROTOCOL="https"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -154,11 +142,8 @@ function cleanup_keystone {
|
|||||||
sudo rm -f $(apache_site_config_for keystone)
|
sudo rm -f $(apache_site_config_for keystone)
|
||||||
else
|
else
|
||||||
stop_process "keystone"
|
stop_process "keystone"
|
||||||
# TODO: remove admin at pike-2
|
|
||||||
remove_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI"
|
remove_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI"
|
||||||
remove_uwsgi_config "$KEYSTONE_ADMIN_UWSGI_CONF" "$KEYSTONE_ADMIN_UWSGI"
|
|
||||||
sudo rm -f $(apache_site_config_for keystone-wsgi-public)
|
sudo rm -f $(apache_site_config_for keystone-wsgi-public)
|
||||||
sudo rm -f $(apache_site_config_for keystone-wsgi-admin)
|
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -171,12 +156,10 @@ function _config_keystone_apache_wsgi {
|
|||||||
local keystone_certfile=""
|
local keystone_certfile=""
|
||||||
local keystone_keyfile=""
|
local keystone_keyfile=""
|
||||||
local keystone_service_port=$KEYSTONE_SERVICE_PORT
|
local keystone_service_port=$KEYSTONE_SERVICE_PORT
|
||||||
local keystone_auth_port=$KEYSTONE_AUTH_PORT
|
|
||||||
local venv_path=""
|
local venv_path=""
|
||||||
|
|
||||||
if is_service_enabled tls-proxy; then
|
if is_service_enabled tls-proxy; then
|
||||||
keystone_service_port=$KEYSTONE_SERVICE_PORT_INT
|
keystone_service_port=$KEYSTONE_SERVICE_PORT_INT
|
||||||
keystone_auth_port=$KEYSTONE_AUTH_PORT_INT
|
|
||||||
fi
|
fi
|
||||||
if [[ ${USE_VENV} = True ]]; then
|
if [[ ${USE_VENV} = True ]]; then
|
||||||
venv_path="python-path=${PROJECT_VENV["keystone"]}/lib/$(python_version)/site-packages"
|
venv_path="python-path=${PROJECT_VENV["keystone"]}/lib/$(python_version)/site-packages"
|
||||||
@ -185,7 +168,6 @@ function _config_keystone_apache_wsgi {
|
|||||||
sudo cp $FILES/apache-keystone.template $keystone_apache_conf
|
sudo cp $FILES/apache-keystone.template $keystone_apache_conf
|
||||||
sudo sed -e "
|
sudo sed -e "
|
||||||
s|%PUBLICPORT%|$keystone_service_port|g;
|
s|%PUBLICPORT%|$keystone_service_port|g;
|
||||||
s|%ADMINPORT%|$keystone_auth_port|g;
|
|
||||||
s|%APACHE_NAME%|$APACHE_NAME|g;
|
s|%APACHE_NAME%|$APACHE_NAME|g;
|
||||||
s|%SSLLISTEN%|$keystone_ssl_listen|g;
|
s|%SSLLISTEN%|$keystone_ssl_listen|g;
|
||||||
s|%SSLENGINE%|$keystone_ssl|g;
|
s|%SSLENGINE%|$keystone_ssl|g;
|
||||||
@ -223,12 +205,10 @@ function configure_keystone {
|
|||||||
iniset_rpc_backend keystone $KEYSTONE_CONF oslo_messaging_notifications
|
iniset_rpc_backend keystone $KEYSTONE_CONF oslo_messaging_notifications
|
||||||
|
|
||||||
local service_port=$KEYSTONE_SERVICE_PORT
|
local service_port=$KEYSTONE_SERVICE_PORT
|
||||||
local auth_port=$KEYSTONE_AUTH_PORT
|
|
||||||
|
|
||||||
if is_service_enabled tls-proxy; then
|
if is_service_enabled tls-proxy; then
|
||||||
# Set the service ports for a proxy to take the originals
|
# Set the service ports for a proxy to take the originals
|
||||||
service_port=$KEYSTONE_SERVICE_PORT_INT
|
service_port=$KEYSTONE_SERVICE_PORT_INT
|
||||||
auth_port=$KEYSTONE_AUTH_PORT_INT
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Override the endpoints advertised by keystone (the public_endpoint and
|
# Override the endpoints advertised by keystone (the public_endpoint and
|
||||||
@ -238,7 +218,7 @@ function configure_keystone {
|
|||||||
# don't want the port (in the case of putting keystone on a path in
|
# don't want the port (in the case of putting keystone on a path in
|
||||||
# apache).
|
# apache).
|
||||||
iniset $KEYSTONE_CONF DEFAULT public_endpoint $KEYSTONE_SERVICE_URI
|
iniset $KEYSTONE_CONF DEFAULT public_endpoint $KEYSTONE_SERVICE_URI
|
||||||
iniset $KEYSTONE_CONF DEFAULT admin_endpoint $KEYSTONE_AUTH_URI
|
iniset $KEYSTONE_CONF DEFAULT admin_endpoint $KEYSTONE_SERVICE_URI
|
||||||
|
|
||||||
if [[ "$KEYSTONE_TOKEN_FORMAT" != "" ]]; then
|
if [[ "$KEYSTONE_TOKEN_FORMAT" != "" ]]; then
|
||||||
iniset $KEYSTONE_CONF token provider $KEYSTONE_TOKEN_FORMAT
|
iniset $KEYSTONE_CONF token provider $KEYSTONE_TOKEN_FORMAT
|
||||||
@ -261,7 +241,6 @@ function configure_keystone {
|
|||||||
_config_keystone_apache_wsgi
|
_config_keystone_apache_wsgi
|
||||||
else # uwsgi
|
else # uwsgi
|
||||||
write_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI" "/identity"
|
write_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI" "/identity"
|
||||||
write_uwsgi_config "$KEYSTONE_ADMIN_UWSGI_CONF" "$KEYSTONE_ADMIN_UWSGI" "/identity_admin"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
iniset $KEYSTONE_CONF DEFAULT max_token_size 16384
|
iniset $KEYSTONE_CONF DEFAULT max_token_size 16384
|
||||||
@ -518,7 +497,7 @@ function install_keystone {
|
|||||||
function start_keystone {
|
function start_keystone {
|
||||||
# Get right service port for testing
|
# Get right service port for testing
|
||||||
local service_port=$KEYSTONE_SERVICE_PORT
|
local service_port=$KEYSTONE_SERVICE_PORT
|
||||||
local auth_protocol=$KEYSTONE_AUTH_PROTOCOL
|
local auth_protocol=$KEYSTONE_SERVICE_PROTOCOL
|
||||||
if is_service_enabled tls-proxy; then
|
if is_service_enabled tls-proxy; then
|
||||||
service_port=$KEYSTONE_SERVICE_PORT_INT
|
service_port=$KEYSTONE_SERVICE_PORT_INT
|
||||||
auth_protocol="http"
|
auth_protocol="http"
|
||||||
@ -546,7 +525,6 @@ function start_keystone {
|
|||||||
# Start proxies if enabled
|
# Start proxies if enabled
|
||||||
if is_service_enabled tls-proxy; then
|
if is_service_enabled tls-proxy; then
|
||||||
start_tls_proxy keystone-service '*' $KEYSTONE_SERVICE_PORT $KEYSTONE_SERVICE_HOST $KEYSTONE_SERVICE_PORT_INT
|
start_tls_proxy keystone-service '*' $KEYSTONE_SERVICE_PORT $KEYSTONE_SERVICE_HOST $KEYSTONE_SERVICE_PORT_INT
|
||||||
start_tls_proxy keystone-auth '*' $KEYSTONE_AUTH_PORT $KEYSTONE_AUTH_HOST $KEYSTONE_AUTH_PORT_INT
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# (re)start memcached to make sure we have a clean memcache.
|
# (re)start memcached to make sure we have a clean memcache.
|
||||||
@ -569,9 +547,7 @@ function stop_keystone {
|
|||||||
# - ``ADMIN_PASSWORD``
|
# - ``ADMIN_PASSWORD``
|
||||||
# - ``IDENTITY_API_VERSION``
|
# - ``IDENTITY_API_VERSION``
|
||||||
# - ``REGION_NAME``
|
# - ``REGION_NAME``
|
||||||
# - ``KEYSTONE_SERVICE_PROTOCOL``
|
# - ``KEYSTONE_SERVICE_URI``
|
||||||
# - ``KEYSTONE_SERVICE_HOST``
|
|
||||||
# - ``KEYSTONE_SERVICE_PORT``
|
|
||||||
function bootstrap_keystone {
|
function bootstrap_keystone {
|
||||||
$KEYSTONE_BIN_DIR/keystone-manage bootstrap \
|
$KEYSTONE_BIN_DIR/keystone-manage bootstrap \
|
||||||
--bootstrap-username admin \
|
--bootstrap-username admin \
|
||||||
@ -580,7 +556,7 @@ function bootstrap_keystone {
|
|||||||
--bootstrap-role-name admin \
|
--bootstrap-role-name admin \
|
||||||
--bootstrap-service-name keystone \
|
--bootstrap-service-name keystone \
|
||||||
--bootstrap-region-id "$REGION_NAME" \
|
--bootstrap-region-id "$REGION_NAME" \
|
||||||
--bootstrap-admin-url "$KEYSTONE_AUTH_URI" \
|
--bootstrap-admin-url "$KEYSTONE_SERVICE_URI" \
|
||||||
--bootstrap-public-url "$KEYSTONE_SERVICE_URI"
|
--bootstrap-public-url "$KEYSTONE_SERVICE_URI"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -430,7 +430,7 @@ function configure_swift {
|
|||||||
swift_pipeline+=" authtoken"
|
swift_pipeline+=" authtoken"
|
||||||
if is_service_enabled s3api;then
|
if is_service_enabled s3api;then
|
||||||
swift_pipeline+=" s3token"
|
swift_pipeline+=" s3token"
|
||||||
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:s3token auth_uri ${KEYSTONE_AUTH_URI_V3}
|
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:s3token auth_uri ${KEYSTONE_SERVICE_URI_V3}
|
||||||
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:s3token delay_auth_decision true
|
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:s3token delay_auth_decision true
|
||||||
fi
|
fi
|
||||||
swift_pipeline+=" keystoneauth"
|
swift_pipeline+=" keystoneauth"
|
||||||
@ -521,7 +521,7 @@ function configure_swift {
|
|||||||
local auth_vers
|
local auth_vers
|
||||||
auth_vers=$(iniget ${testfile} func_test auth_version)
|
auth_vers=$(iniget ${testfile} func_test auth_version)
|
||||||
iniset ${testfile} func_test auth_host ${KEYSTONE_SERVICE_HOST}
|
iniset ${testfile} func_test auth_host ${KEYSTONE_SERVICE_HOST}
|
||||||
if [[ "$KEYSTONE_AUTH_PROTOCOL" == "https" ]]; then
|
if [[ "$KEYSTONE_SERVICE_PROTOCOL" == "https" ]]; then
|
||||||
iniset ${testfile} func_test auth_port 443
|
iniset ${testfile} func_test auth_port 443
|
||||||
else
|
else
|
||||||
iniset ${testfile} func_test auth_port 80
|
iniset ${testfile} func_test auth_port 80
|
||||||
|
4
stack.sh
4
stack.sh
@ -876,7 +876,7 @@ fi
|
|||||||
install_keystonemiddleware
|
install_keystonemiddleware
|
||||||
|
|
||||||
if is_service_enabled keystone; then
|
if is_service_enabled keystone; then
|
||||||
if [ "$KEYSTONE_AUTH_HOST" == "$SERVICE_HOST" ]; then
|
if [ "$KEYSTONE_SERVICE_HOST" == "$SERVICE_HOST" ]; then
|
||||||
stack_install_service keystone
|
stack_install_service keystone
|
||||||
configure_keystone
|
configure_keystone
|
||||||
fi
|
fi
|
||||||
@ -1096,7 +1096,7 @@ write_clouds_yaml
|
|||||||
if is_service_enabled keystone; then
|
if is_service_enabled keystone; then
|
||||||
echo_summary "Starting Keystone"
|
echo_summary "Starting Keystone"
|
||||||
|
|
||||||
if [ "$KEYSTONE_AUTH_HOST" == "$SERVICE_HOST" ]; then
|
if [ "$KEYSTONE_SERVICE_HOST" == "$SERVICE_HOST" ]; then
|
||||||
init_keystone
|
init_keystone
|
||||||
start_keystone
|
start_keystone
|
||||||
bootstrap_keystone
|
bootstrap_keystone
|
||||||
|
@ -26,39 +26,6 @@ if [[ -z "$TOP_DIR" ]]; then
|
|||||||
FILES=$TOP_DIR/files
|
FILES=$TOP_DIR/files
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Keystone Port Reservation
|
|
||||||
# -------------------------
|
|
||||||
# Reserve and prevent ``KEYSTONE_AUTH_PORT`` and ``KEYSTONE_AUTH_PORT_INT`` from
|
|
||||||
# being used as ephemeral ports by the system. The default(s) are 35357 and
|
|
||||||
# 35358 which are in the Linux defined ephemeral port range (in disagreement
|
|
||||||
# with the IANA ephemeral port range). This is a workaround for bug #1253482
|
|
||||||
# where Keystone will try and bind to the port and the port will already be
|
|
||||||
# in use as an ephemeral port by another process. This places an explicit
|
|
||||||
# exception into the Kernel for the Keystone AUTH ports.
|
|
||||||
function fixup_keystone {
|
|
||||||
keystone_ports=${KEYSTONE_AUTH_PORT:-35357},${KEYSTONE_AUTH_PORT_INT:-35358}
|
|
||||||
|
|
||||||
# Only do the reserved ports when available, on some system (like containers)
|
|
||||||
# where it's not exposed we are almost pretty sure these ports would be
|
|
||||||
# exclusive for our DevStack.
|
|
||||||
if sysctl net.ipv4.ip_local_reserved_ports >/dev/null 2>&1; then
|
|
||||||
# Get any currently reserved ports, strip off leading whitespace
|
|
||||||
reserved_ports=$(sysctl net.ipv4.ip_local_reserved_ports | awk -F'=' '{print $2;}' | sed 's/^ //')
|
|
||||||
|
|
||||||
if [[ -z "${reserved_ports}" ]]; then
|
|
||||||
# If there are no currently reserved ports, reserve the keystone ports
|
|
||||||
sudo sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_ports}
|
|
||||||
else
|
|
||||||
# If there are currently reserved ports, keep those and also reserve the
|
|
||||||
# Keystone specific ports. Duplicate reservations are merged into a single
|
|
||||||
# reservation (or range) automatically by the kernel.
|
|
||||||
sudo sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_ports},${reserved_ports}
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
echo_summary "WARNING: unable to reserve keystone ports"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# Python Packages
|
# Python Packages
|
||||||
# ---------------
|
# ---------------
|
||||||
|
|
||||||
@ -182,7 +149,6 @@ function fixup_ubuntu {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function fixup_all {
|
function fixup_all {
|
||||||
fixup_keystone
|
|
||||||
fixup_ubuntu
|
fixup_ubuntu
|
||||||
fixup_fedora
|
fixup_fedora
|
||||||
fixup_suse
|
fixup_suse
|
||||||
|
Loading…
Reference in New Issue
Block a user