...
|
...
|
@@ -35,6 +35,30 @@ source $TOP_DIR/functions
|
35
|
35
|
|
36
|
36
|
FILES=$TOP_DIR/files
|
37
|
37
|
|
|
38
|
+# Keystone Port Reservation
|
|
39
|
+# -------------------------
|
|
40
|
+# Reserve and prevent $KEYSTONE_AUTH_PORT and $KEYSTONE_AUTH_PORT_INT from
|
|
41
|
+# being used as ephemeral ports by the system. The default(s) are 35357 and
|
|
42
|
+# 35358 which are in the Linux defined ephemeral port range (in disagreement
|
|
43
|
+# with the IANA ephemeral port range). This is a workaround for bug #1253482
|
|
44
|
+# where Keystone will try and bind to the port and the port will already be
|
|
45
|
+# in use as an ephemeral port by another process. This places an explicit
|
|
46
|
+# exception into the Kernel for the Keystone AUTH ports.
|
|
47
|
+keystone_ports=${KEYSTONE_AUTH_PORT:-35357},${KEYSTONE_AUTH_PORT_INT:-35358}
|
|
48
|
+
|
|
49
|
+# Get any currently reserved ports, strip off leading whitespace
|
|
50
|
+reserved_ports=$(sysctl net.ipv4.ip_local_reserved_ports | awk -F'=' '{print $2;}' | sed 's/^ //')
|
|
51
|
+
|
|
52
|
+if [[ -z "${reserved_ports}" ]]; then
|
|
53
|
+ # If there are no currently reserved ports, reserve the keystone ports
|
|
54
|
+ sudo sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_ports}
|
|
55
|
+else
|
|
56
|
+ # If there are currently reserved ports, keep those and also reserve the
|
|
57
|
+ # keystone specific ports. Duplicate reservations are merged into a single
|
|
58
|
+ # reservation (or range) automatically by the kernel.
|
|
59
|
+ sudo sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_ports},${reserved_ports}
|
|
60
|
+fi
|
|
61
|
+
|
38
|
62
|
|
39
|
63
|
# Python Packages
|
40
|
64
|
# ---------------
|