Remove port 35357

This removes port 35357 for Keystone as will be
done in [1] and changes all references to that port.

I can't see that packstack will need to keep the support
for both ports as done in TripleO recently [2].

[1] https://review.openstack.org/#/c/619257/
[2] https://review.openstack.org/#/c/627793/

Change-Id: I4b6dcd396e1e5e666e7429929240bca7aadbc3bb
This commit is contained in:
Tobias Urdin 2019-01-07 16:23:09 +01:00
parent eaf3c70182
commit 926bc175be
4 changed files with 3 additions and 19 deletions

View File

@ -776,7 +776,7 @@ def create_manifest(config, messages):
config['CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'] = "http://%s:5000/" % ( config['CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'] = "http://%s:5000/" % (
config['CONFIG_KEYSTONE_HOST_URL'] config['CONFIG_KEYSTONE_HOST_URL']
) )
config['CONFIG_KEYSTONE_ADMIN_URL'] = "http://%s:35357" % ( config['CONFIG_KEYSTONE_ADMIN_URL'] = "http://%s:5000" % (
config['CONFIG_KEYSTONE_HOST_URL'] config['CONFIG_KEYSTONE_HOST_URL']
) )
@ -786,6 +786,6 @@ def create_manifest(config, messages):
fw_details[key]['host'] = "ALL" fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "keystone" fw_details[key]['service_name'] = "keystone"
fw_details[key]['chain'] = "INPUT" fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['5000', '35357'] fw_details[key]['ports'] = ['5000']
fw_details[key]['proto'] = "tcp" fw_details[key]['proto'] = "tcp"
config['FIREWALL_KEYSTONE_RULES'] = fw_details config['FIREWALL_KEYSTONE_RULES'] = fw_details

View File

@ -25,8 +25,6 @@ class packstack::apache ()
# Keystone port # Keystone port
apache::listen { '5000': } apache::listen { '5000': }
# Keystone admin port
apache::listen { '35357': }
if hiera('CONFIG_CEILOMETER_INSTALL') == 'y' { if hiera('CONFIG_CEILOMETER_INSTALL') == 'y' {
if hiera('CONFIG_CEILOMETER_SERVICE_NAME') == 'httpd' { if hiera('CONFIG_CEILOMETER_SERVICE_NAME') == 'httpd' {

View File

@ -14,7 +14,7 @@ class packstack::magnum ()
$magnum_url = "${magnum_protocol}://${magnum_host}:$magnum_port/v1" $magnum_url = "${magnum_protocol}://${magnum_host}:$magnum_port/v1"
class { '::magnum::keystone::authtoken': class { '::magnum::keystone::authtoken':
www_authenticate_uri => "${magnum_protocol}://${magnum_host}:5000/v3", www_authenticate_uri => "${magnum_protocol}://${magnum_host}:5000/v3",
auth_url => "${magnum_protocol}://${magnum_host}:35357", auth_url => "${magnum_protocol}://${magnum_host}:5000",
auth_version => 'v3', auth_version => 'v3',
username => 'magnum', username => 'magnum',
password => hiera('CONFIG_MAGNUM_KS_PW'), password => hiera('CONFIG_MAGNUM_KS_PW'),

View File

@ -117,20 +117,6 @@ if [ $(id -u) != 0 ]; then
$SUDO service sshd restart $SUDO service sshd restart
fi fi
# Sometimes keystone admin port is used as ephemeral port for other connections and gate jobs fail with httpd error 'Address already in use'.
# We reserve port 35357 at the beginning of the job execution to mitigate this issue as much as possible.
# Similar hack is done in devstack https://github.com/openstack-dev/devstack/blob/master/tools/fixup_stuff.sh#L53-L68
# Get any currently reserved ports, strip off leading whitespace
keystone_port=35357
reserved_ports=$(sysctl net.ipv4.ip_local_reserved_ports | awk -F'=' '{print $2;}' | sed 's/^ //')
if [[ -z "${reserved_ports}" ]]; then
$SUDO sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_port}
else
$SUDO sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_port},${reserved_ports}
fi
# Make swap configuration consistent # Make swap configuration consistent
# TODO: REMOVE ME # TODO: REMOVE ME
# https://review.openstack.org/#/c/300122/ # https://review.openstack.org/#/c/300122/