From 6cae83efd72133adae891da0665f51f526705592 Mon Sep 17 00:00:00 2001
From: Morgan Fainberg <morgan.fainberg@gmail.com>
Date: Thu, 12 Jun 2014 15:08:48 -0700
Subject: [PATCH] Reserve Keystone ports from the ephemeral range

Reserve Keystone ports from the ephemeral range as early as reasonably
possible in the fixup_stuff.sh process to reduce the likelihood that the
port will be in use. This does not completely resolve the issue
where Keystone's IANA assigned port falls into Linux's ephemeral
range, but this should reduce the occurrences. The default ports
are 35357 and 35358.

Change-Id: I8cfb53d8f90c1ff1fb1083c59fefabca3d14323b
Partial-Bug: #1253482
---
 tools/fixup_stuff.sh | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index e6a6a79876..d3a63602b8 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@@ -35,6 +35,30 @@ source $TOP_DIR/functions
 
 FILES=$TOP_DIR/files
 
+# Keystone Port Reservation
+# -------------------------
+# Reserve and prevent $KEYSTONE_AUTH_PORT and $KEYSTONE_AUTH_PORT_INT from
+# being used as ephemeral ports by the system. The default(s) are 35357 and
+# 35358 which are in the Linux defined ephemeral port range (in disagreement
+# with the IANA ephemeral port range). This is a workaround for bug #1253482
+# where Keystone will try and bind to the port and the port will already be
+# in use as an ephemeral port by another process. This places an explicit
+# exception into the Kernel for the Keystone AUTH ports.
+keystone_ports=${KEYSTONE_AUTH_PORT:-35357},${KEYSTONE_AUTH_PORT_INT:-35358}
+
+# Get any currently reserved ports, strip off leading whitespace
+reserved_ports=$(sysctl net.ipv4.ip_local_reserved_ports | awk -F'=' '{print $2;}' | sed 's/^ //')
+
+if [[ -z "${reserved_ports}" ]]; then
+    # If there are no currently reserved ports, reserve the keystone ports
+    sudo sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_ports}
+else
+    # If there are currently reserved ports, keep those and also reserve the
+    # keystone specific ports. Duplicate reservations are merged into a single
+    # reservation (or range) automatically by the kernel.
+    sudo sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_ports},${reserved_ports}
+fi
+
 
 # Python Packages
 # ---------------