Change default congress port to non reserved port number 1789
This patch changes the default port number congress-server uses from 8080 to 1789 which is not reserved by anyone yet. 1789 is also the date that the United States Congress was created so this number seems like a good fit. Change-Id: Ie3cf2639408cf3aa8d2cb64532871835f1cdf0d1 Closes-bug: 1364126
This commit is contained in:
parent
d303c87db7
commit
7699632508
|
@ -24,7 +24,7 @@ LOG = logging.getLogger(__name__)
|
|||
core_opts = [
|
||||
cfg.StrOpt('bind_host', default='0.0.0.0',
|
||||
help="The host IP to bind to"),
|
||||
cfg.IntOpt('bind_port', default=8080,
|
||||
cfg.IntOpt('bind_port', default=1789,
|
||||
help="The port to bind to"),
|
||||
cfg.IntOpt('max_simultaneous_requests', default=1024,
|
||||
help="Thread pool size for eventlet."),
|
||||
|
|
|
@ -27,7 +27,7 @@ class ConfigurationTest(testtools.TestCase):
|
|||
|
||||
def test_defaults(self):
|
||||
self.assertEqual('0.0.0.0', cfg.CONF.bind_host)
|
||||
self.assertEqual(8080, cfg.CONF.bind_port)
|
||||
self.assertEqual(1789, cfg.CONF.bind_port)
|
||||
self.assertEqual(False, cfg.CONF.tcp_keepalive)
|
||||
self.assertEqual(600, cfg.CONF.tcp_keepidle)
|
||||
self.assertEqual(1, cfg.CONF.api_workers)
|
||||
|
|
|
@ -51,7 +51,7 @@ CONGRESS_CONF_DIR=/etc/congress
|
|||
CONGRESS_CONF=$CONGRESS_CONF_DIR/congress.conf
|
||||
|
||||
# Default Congress Port
|
||||
CONGRESS_PORT=${CONGRESS_PORT:-8080}
|
||||
CONGRESS_PORT=${CONGRESS_PORT:-1789}
|
||||
# Default Congress Host
|
||||
CONGRESS_HOST=${CONGRESS_HOST:-$SERVICE_HOST}
|
||||
# Default admin username
|
||||
|
|
File diff suppressed because one or more lines are too long
|
@ -194,20 +194,20 @@ you will add the congress policy to detect the violation.
|
|||
|
||||
12) Add a rule that detects when a VM is connected to a port belonging to a different group::
|
||||
|
||||
$ curl -X POST localhost:8080/policies/classification/rules -d '{"rule": "error(name2) :- neutron:ports(a, b, c, d, e, f, g, network_id, tenant_id, j, k, l, m, n, device_id, p), nova:servers(device_id, name2, c2, d2, tenant_id2, f2, g2, h2), neutron:networks(a3, b3, c3, d3, e3, tenant_id3, g3, h3, i3, network_id, k3), not same_group(tenant_id, tenant_id2) "}'
|
||||
$ curl -X POST localhost:1789/policies/classification/rules -d '{"rule": "error(name2) :- neutron:ports(a, b, c, d, e, f, g, network_id, tenant_id, j, k, l, m, n, device_id, p), nova:servers(device_id, name2, c2, d2, tenant_id2, f2, g2, h2), neutron:networks(a3, b3, c3, d3, e3, tenant_id3, g3, h3, i3, network_id, k3), not same_group(tenant_id, tenant_id2) "}'
|
||||
|
||||
{"comment": null, "id": "869e6a85-43ed-49fd-9fd7-f649d9c06fc2", "rule": "error(name2) :- neutron:ports(a, b, c, d, e, f, g, network_id, tenant_id, j, k, l, m, n, device_id, p), nova:servers(device_id, name2, c2, d2, tenant_id2, f2, g2, h2), neutron:networks(a3, b3, c3, d3, e3, tenant_id3, g3, h3, i3, network_id, k3), not same_group(tenant_id, tenant_id2)"}
|
||||
|
||||
|
||||
13) Add a rule that detects when a port is connected to a network belonging to a different group::
|
||||
|
||||
$ curl -X POST localhost:8080/policies/classification/rules -d '{"rule": "error(name2) :- neutron:ports(a, b, c, d, e, f, g, network_id, tenant_id, j, k, l, m, n, device_id, p), nova:servers(device_id, name2, c2, d2, tenant_id2, f2, g2, h2), neutron:networks(a3, b3, c3, d3, e3, tenant_id3, g3, h3, i3, network_id, k3) , not same_group(tenant_id2, tenant_id3) "}'
|
||||
$ curl -X POST localhost:1789/policies/classification/rules -d '{"rule": "error(name2) :- neutron:ports(a, b, c, d, e, f, g, network_id, tenant_id, j, k, l, m, n, device_id, p), nova:servers(device_id, name2, c2, d2, tenant_id2, f2, g2, h2), neutron:networks(a3, b3, c3, d3, e3, tenant_id3, g3, h3, i3, network_id, k3) , not same_group(tenant_id2, tenant_id3) "}'
|
||||
|
||||
{"comment": null, "id": "6871ef89-4bec-4b47-ad2f-b71788e9d400", "rule": "error(name2) :- neutron:ports(a, b, c, d, e, f, g, network_id, tenant_id, j, k, l, m, n, device_id, p), nova:servers(device_id, name2, c2, d2, tenant_id2, f2, g2, h2), neutron:networks(a3, b3, c3, d3, e3, tenant_id3, g3, h3, i3, network_id, k3), not same_group(tenant_id2, tenant_id3)"}
|
||||
|
||||
14) Define a table mapping a tenant_id to any other tenant in the same group::
|
||||
|
||||
$ curl -X POST localhost:8080/policies/classification/rules -d '{"rule": "same_group(x, y) :- group(x, g), group(y, g) "}'
|
||||
$ curl -X POST localhost:1789/policies/classification/rules -d '{"rule": "same_group(x, y) :- group(x, g), group(y, g) "}'
|
||||
|
||||
{"comment": null, "id": "9165ab44-ef9e-4561-af55-3d29b9da0bfe", "rule": "same_group(x, y) :- group(x, g), group(y, g)"}
|
||||
|
||||
|
@ -218,11 +218,11 @@ information from a system like Keystone or ActiveDirectory. In this
|
|||
tutorial, we'll populate the group table with membership information
|
||||
manually::
|
||||
|
||||
$ curl -X POST localhost:8080/policies/classification/rules -d "{\"rule\": \"group(\\\"$ADMIN_ID\\\", \\\"IT\\\") :- true \"}"
|
||||
$ curl -X POST localhost:1789/policies/classification/rules -d "{\"rule\": \"group(\\\"$ADMIN_ID\\\", \\\"IT\\\") :- true \"}"
|
||||
|
||||
{"comment": null, "id": "1554e108-adc5-40e1-870a-dda3b877f2bc", "rule": "group(\"7320f8345acb489e8296ddb3b1ad1262\", \"IT\") :- true()"}
|
||||
|
||||
$ curl -X POST localhost:8080/policies/classification/rules -d "{\"rule\": \"group(\\\"$DEMO_ID\\\", \\\"Marketing\\\") :- true \"}"
|
||||
$ curl -X POST localhost:1789/policies/classification/rules -d "{\"rule\": \"group(\\\"$DEMO_ID\\\", \\\"Marketing\\\") :- true \"}"
|
||||
|
||||
{"comment": null, "id": "810c2217-0161-4ba6-ab29-a822bfca0f99", "rule": "group(\"81084a94769c4ce0accb6968c397a085\", \"Marketing\") :- true()"}
|
||||
|
||||
|
@ -234,7 +234,7 @@ violations (which there are).
|
|||
|
||||
16) List the errors. You should see one entry for "vm-demo".::
|
||||
|
||||
$ curl -X GET localhost:8080/policies/classification/tables/error/rows
|
||||
$ curl -X GET localhost:1789/policies/classification/tables/error/rows
|
||||
|
||||
[
|
||||
{
|
||||
|
@ -258,5 +258,5 @@ Relisting Policy Violations
|
|||
18) Now, when print the error table it will be empty because there are
|
||||
no violations.::
|
||||
|
||||
$ curl -X GET localhost:8080/policies/classification/tables/error/rows
|
||||
$ curl -X GET localhost:1789/policies/classification/tables/error/rows
|
||||
[]
|
||||
|
|
Loading…
Reference in New Issue