[openstack-dev] [keystone] Do we really need two listening ports ?

Thomas Goirand zigo at debian.org
Wed Feb 1 12:58:39 UTC 2017


On 02/01/2017 10:54 AM, Attila Fazekas wrote:
> Hi all,
> 
> Typically we have two keystone service listening on two separate ports
> 35357 and 5000.
> 
> Historically one of the port had limited functionality, but today I do
> not see why we want
> to have two separate service/port from the same code base for similar
> purposes.
> 
> Effective we use double amount of memory than it is really required,
> because both port is served by completely different worker instances,
> typically from the same physical server.
> 
> I wonder, would it be difficult to use only a single port or at least
> the same pool of workers for all keystone(identity, auth..) purposes?
> 
> Best Regards,
> Attila

This has been discussed and agreed a long time ago, but nobody did the
work. Please do get rid of the 2nd port. And when you're at it, also get
rid of the admin and internal endpoint in the service catalog.

Cheers,

Thomas Goirand (zigo)




More information about the OpenStack-dev mailing list