@@ -35,6 +35,30 @@ source $TOP_DIR/functions

 FILES=$TOP_DIR/files

+# Keystone Port Reservation

+# -------------------------

+# Reserve and prevent $KEYSTONE_AUTH_PORT and $KEYSTONE_AUTH_PORT_INT from

+# being used as ephemeral ports by the system. The default(s) are 35357 and

+# 35358 which are in the Linux defined ephemeral port range (in disagreement

+# with the IANA ephemeral port range). This is a workaround for bug #1253482

+# where Keystone will try and bind to the port and the port will already be

+# in use as an ephemeral port by another process. This places an explicit

+# exception into the Kernel for the Keystone AUTH ports.

+keystone_ports=${KEYSTONE_AUTH_PORT:-35357},${KEYSTONE_AUTH_PORT_INT:-35358}

+

+# Get any currently reserved ports, strip off leading whitespace

+reserved_ports=$(sysctl net.ipv4.ip_local_reserved_ports | awk -F'=' '{print $2;}' | sed 's/^ //')

+

+if [[ -z "${reserved_ports}" ]]; then

+    # If there are no currently reserved ports, reserve the keystone ports

+    sudo sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_ports}

+else

+    # If there are currently reserved ports, keep those and also reserve the

+    # keystone specific ports. Duplicate reservations are merged into a single

+    # reservation (or range) automatically by the kernel.

+    sudo sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_ports},${reserved_ports}

+fi

+

 # Python Packages

 # ---------------