[openstack-dev] [keystone] Do we really need two listening ports ?

Sylvain Bauza sbauza at redhat.com
Wed Feb 1 14:14:25 UTC 2017



Le 01/02/2017 13:58, Thomas Goirand a écrit :
> On 02/01/2017 10:54 AM, Attila Fazekas wrote:
>> Hi all,
>>
>> Typically we have two keystone service listening on two separate ports
>> 35357 and 5000.
>>
>> Historically one of the port had limited functionality, but today I do
>> not see why we want
>> to have two separate service/port from the same code base for similar
>> purposes.
>>
>> Effective we use double amount of memory than it is really required,
>> because both port is served by completely different worker instances,
>> typically from the same physical server.
>>
>> I wonder, would it be difficult to use only a single port or at least
>> the same pool of workers for all keystone(identity, auth..) purposes?
>>
>> Best Regards,
>> Attila
> 
> This has been discussed and agreed a long time ago, but nobody did the
> work. Please do get rid of the 2nd port. And when you're at it, also get
> rid of the admin and internal endpoint in the service catalog.
> 

Only 35357 is declared as a regular IANA service port :
http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=openstack

You can do whatever you want with the other port, that's a configuration
option.

-Sylvain

> Cheers,
> 
> Thomas Goirand (zigo)
> 
> 
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 



More information about the OpenStack-dev mailing list