Merge "Reserve Keystone ports from the ephemeral range"

2014-06-17 01:24:47 +00:00 · 2014-06-17 01:24:47 +00:00 · 4fbb8137af
commit 4fbb8137af
parent 0dfc5230cc 6cae83efd7
1 changed files with 24 additions and 0 deletions
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@ -35,6 +35,30 @@ source $TOP_DIR/functions

 FILES=$TOP_DIR/files

+# Keystone Port Reservation
+# -------------------------
+# Reserve and prevent $KEYSTONE_AUTH_PORT and $KEYSTONE_AUTH_PORT_INT from
+# being used as ephemeral ports by the system. The default(s) are 35357 and
+# 35358 which are in the Linux defined ephemeral port range (in disagreement
+# with the IANA ephemeral port range). This is a workaround for bug #1253482
+# where Keystone will try and bind to the port and the port will already be
+# in use as an ephemeral port by another process. This places an explicit
+# exception into the Kernel for the Keystone AUTH ports.
+keystone_ports=${KEYSTONE_AUTH_PORT:-35357},${KEYSTONE_AUTH_PORT_INT:-35358}
+
+# Get any currently reserved ports, strip off leading whitespace
+reserved_ports=$(sysctl net.ipv4.ip_local_reserved_ports | awk -F'=' '{print $2;}' | sed 's/^ //')
+
+if [[ -z "${reserved_ports}" ]]; then
+    # If there are no currently reserved ports, reserve the keystone ports
+    sudo sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_ports}
+else
+    # If there are currently reserved ports, keep those and also reserve the
+    # keystone specific ports. Duplicate reservations are merged into a single
+    # reservation (or range) automatically by the kernel.
+    sudo sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_ports},${reserved_ports}
+fi
+

 # Python Packages
 # ---------------