[openstack-keystone/f20] exclude default port 35357 from the ephemeral port range

Alan Pevec apevec at fedoraproject.org
Tue Jan 20 00:28:30 UTC 2015 

commit e50792cd4a3c473f69cb361cf33a8f673a691031
Author: Alan Pevec <alan.pevec at redhat.com>
Date:   Wed Jun 25 01:00:34 2014 +0200

    exclude default port 35357 from the ephemeral port range
    
    https://review.openstack.org/#/c/58013/8/doc/source/configuration.rst

 openstack-keystone.spec   |    5 +++++
 openstack-keystone.sysctl |    3 +++
 2 files changed, 8 insertions(+), 0 deletions(-)
---
diff --git a/openstack-keystone.spec b/openstack-keystone.spec
index 2c94806..6037011 100644
--- a/openstack-keystone.spec
+++ b/openstack-keystone.spec
@@ -12,6 +12,7 @@ URL:            http://keystone.openstack.org/
 Source0:        http://launchpad.net/keystone/%{release_name}/%{version}/+download/keystone-%{version}.tar.gz
 Source1:        openstack-keystone.logrotate
 Source2:        openstack-keystone.service
+Source3:        openstack-keystone.sysctl
 Source5:        openstack-keystone-sample-data
 Source20:       keystone-dist.conf
 
@@ -121,6 +122,8 @@ install -p -D -m 640 etc/default_catalog.templates %{buildroot}%{_sysconfdir}/ke
 install -p -D -m 640 etc/policy.json %{buildroot}%{_sysconfdir}/keystone/policy.json
 install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/openstack-keystone
 install -p -D -m 644 %{SOURCE2} %{buildroot}%{_unitdir}/openstack-keystone.service
+install -d -m 755 %{buildroot}%{_prefix}/lib/sysctl.d
+install -p -D -m 644 %{SOURCE3} %{buildroot}%{_prefix}/lib/sysctl.d/openstack-keystone.conf
 # Install sample data script.
 install -p -D -m 755 tools/sample_data.sh %{buildroot}%{_datadir}/keystone/sample_data.sh
 install -p -D -m 755 %{SOURCE5} %{buildroot}%{_bindir}/openstack-keystone-sample-data
@@ -197,6 +200,7 @@ fi
 %config(noreplace) %{_sysconfdir}/logrotate.d/openstack-keystone
 %dir %attr(-, keystone, keystone) %{_sharedstatedir}/keystone
 %dir %attr(0750, keystone, keystone) %{_localstatedir}/log/keystone
+%{_prefix}/lib/sysctl.d/openstack-keystone.conf
 
 %files -n python-keystone
 %defattr(-,root,root,-)
@@ -212,6 +216,7 @@ fi
 %changelog
 * Wed Sep 24 2014 Alan Pevec <alan.pevec at redhat.com> 2013.2.4-1
 - Update to upstream 2013.2.4
+- exclude default port 35357 from the ephemeral port range
 
 * Wed Jul 09 2014 Alan Pevec <apevec at redhat.com> 2013.2.3-5
 - Keystone V2 trusts privilege escalation through user supplied project id
diff --git a/openstack-keystone.sysctl b/openstack-keystone.sysctl
new file mode 100644
index 0000000..682c160
--- /dev/null
+++ b/openstack-keystone.sysctl
@@ -0,0 +1,3 @@
+# By default, keystone starts a service on IANA-assigned port 35357
+# http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt
+net.ipv4.ip_local_reserved_ports = 35357

More information about the scm-commits mailing list