[openstack-dev] [keystone] Do we really need two listening ports ?

Sylvain Bauza sbauza at redhat.com
Wed Feb 1 14:14:25 UTC 2017

Le 01/02/2017 13:58, Thomas Goirand a écrit :
> On 02/01/2017 10:54 AM, Attila Fazekas wrote:
>> Hi all,
>> Typically we have two keystone service listening on two separate ports
>> 35357 and 5000.
>> Historically one of the port had limited functionality, but today I do
>> not see why we want
>> to have two separate service/port from the same code base for similar
>> purposes.
>> Effective we use double amount of memory than it is really required,
>> because both port is served by completely different worker instances,
>> typically from the same physical server.
>> I wonder, would it be difficult to use only a single port or at least
>> the same pool of workers for all keystone(identity, auth..) purposes?
>> Best Regards,
>> Attila
> This has been discussed and agreed a long time ago, but nobody did the
> work. Please do get rid of the 2nd port. And when you're at it, also get
> rid of the admin and internal endpoint in the service catalog.

Only 35357 is declared as a regular IANA service port :

You can do whatever you want with the other port, that's a configuration


> Cheers,
> Thomas Goirand (zigo)
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

More information about the OpenStack-dev mailing list