[openstack-dev] [devstack][keystone] (98)Address already in use: make_sock: could not bind to address [::]:5000 & 0.0.0.0:5000

Ray Chen chenrano2002 at gmail.com
Thu Jul 17 14:57:41 UTC 2014 

try to disable the selinux module. I can setup devstack env on my fedora
machine with selinux disabled

on my fedora machine, selinux is disable, and port 5000 look likes are
still used by selinux,
[ray at fedora devstack]$ sudo semanage port -l|grep 5000
cluster_port_t                 tcp      5149, 40040, 50006-50008
cluster_port_t                 udp      5149, 50006-50008
commplex_main_port_t           tcp      5000
commplex_main_port_t           udp      5000

[ray at fedora devstack]$ netstat -anp | grep 5000

tcp        0      0 0.0.0.0:5000            0.0.0.0:*
LISTEN      6171/python
[ray at fedora devstack]$ ps -ef | grep python
ray       6171  5695  0 21:34 pts/3    00:00:07 python
/opt/stack/keystone/bin/keystone-all --config-file
/etc/keystone/keystone.conf --debug




On Thu, Jul 17, 2014 at 10:23 PM, Rich Megginson <rmeggins at redhat.com>
wrote:

>  On 07/16/2014 10:40 PM, Joe Jiang wrote:
>
>  Hi all,
> Thanks for your responds.
>
>  I try to running # sudo semanage port -l|grep 5000 in my envrionment and
> get same infomation.
> >> ...
> >> commplex_main_port_t tcp 5000
> >> commplex_main_port_t udp 5000
> then, I wanna remove this port(5000) from SELinux policy rules list use
> this command(semanage port -d -p tcp -t commplex_port_t 5000),
> the console echo is "/usr/sbin/semanage: Port tcp/5000 is defined in
> policy, cannot be deleted", and 'udp/5000' is same reply.
> Some sounds[1] say, this port is declared in the corenetwork source policy
> which is compiled in the base module.
> So, Have to recompile selinux module?
>
>
> I think that's the only way to do it if you want to relabel port 5000.
>
>
>
>
>
>  Thanks.
>  Joe.
>
>  [1]
>
> http://www.redhat.com/archives/fedora-selinux-list/2009-September/msg00056.html
>
>
>
>
>
> >> Another problem with port 5000 in Fedora, and probably more recent
> >> versions of RHEL, is the selinux policy:
> >>
> >> # sudo semanage port -l|grep 5000
> >> ...
> >> commplex_main_port_t tcp 5000
> >> commplex_main_port_t udp 5000
> >>
> >> There is some service called "commplex" that has already "claimed" port
> >> 5000 for its use, at least as far as selinux goes.
>
>
>
>
>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140717/7e3b0de5/attachment.html>

More information about the OpenStack-dev mailing list