[openstack-keystone/f20] exclude default port 35357 from the ephemeral port range
Alan Pevec
apevec at fedoraproject.org
Tue Jan 20 00:28:30 UTC 2015
commit e50792cd4a3c473f69cb361cf33a8f673a691031
Author: Alan Pevec <alan.pevec at redhat.com>
Date: Wed Jun 25 01:00:34 2014 +0200
exclude default port 35357 from the ephemeral port range
https://review.openstack.org/#/c/58013/8/doc/source/configuration.rst
openstack-keystone.spec | 5 +++++
openstack-keystone.sysctl | 3 +++
2 files changed, 8 insertions(+), 0 deletions(-)
---
diff --git a/openstack-keystone.spec b/openstack-keystone.spec
index 2c94806..6037011 100644
--- a/openstack-keystone.spec
+++ b/openstack-keystone.spec
@@ -12,6 +12,7 @@ URL: http://keystone.openstack.org/
Source0: http://launchpad.net/keystone/%{release_name}/%{version}/+download/keystone-%{version}.tar.gz
Source1: openstack-keystone.logrotate
Source2: openstack-keystone.service
+Source3: openstack-keystone.sysctl
Source5: openstack-keystone-sample-data
Source20: keystone-dist.conf
@@ -121,6 +122,8 @@ install -p -D -m 640 etc/default_catalog.templates %{buildroot}%{_sysconfdir}/ke
install -p -D -m 640 etc/policy.json %{buildroot}%{_sysconfdir}/keystone/policy.json
install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/openstack-keystone
install -p -D -m 644 %{SOURCE2} %{buildroot}%{_unitdir}/openstack-keystone.service
+install -d -m 755 %{buildroot}%{_prefix}/lib/sysctl.d
+install -p -D -m 644 %{SOURCE3} %{buildroot}%{_prefix}/lib/sysctl.d/openstack-keystone.conf
# Install sample data script.
install -p -D -m 755 tools/sample_data.sh %{buildroot}%{_datadir}/keystone/sample_data.sh
install -p -D -m 755 %{SOURCE5} %{buildroot}%{_bindir}/openstack-keystone-sample-data
@@ -197,6 +200,7 @@ fi
%config(noreplace) %{_sysconfdir}/logrotate.d/openstack-keystone
%dir %attr(-, keystone, keystone) %{_sharedstatedir}/keystone
%dir %attr(0750, keystone, keystone) %{_localstatedir}/log/keystone
+%{_prefix}/lib/sysctl.d/openstack-keystone.conf
%files -n python-keystone
%defattr(-,root,root,-)
@@ -212,6 +216,7 @@ fi
%changelog
* Wed Sep 24 2014 Alan Pevec <alan.pevec at redhat.com> 2013.2.4-1
- Update to upstream 2013.2.4
+- exclude default port 35357 from the ephemeral port range
* Wed Jul 09 2014 Alan Pevec <apevec at redhat.com> 2013.2.3-5
- Keystone V2 trusts privilege escalation through user supplied project id
diff --git a/openstack-keystone.sysctl b/openstack-keystone.sysctl
new file mode 100644
index 0000000..682c160
--- /dev/null
+++ b/openstack-keystone.sysctl
@@ -0,0 +1,3 @@
+# By default, keystone starts a service on IANA-assigned port 35357
+# http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt
+net.ipv4.ip_local_reserved_ports = 35357
More information about the scm-commits
mailing list