[Openstack] Use of IANA-registered ports

Michael Barton mike-launchpad at weirdlooking.com
Mon Jan 3 09:32:57 UTC 2011


On Sun, Jan 2, 2011 at 7:57 PM, Ewan Mellor <Ewan.Mellor at eu.citrix.com> wrote:
> We've got some complications though: http://swift.openstack.org/howto_installmultinode.html says "Auth node: ... This can be on the same node as a Proxy node" and "Storage nodes: Runs the swift-account-server, swift-container-server, and swift-object-server." This implies that we need at least two ports for a storage proxy, and three ports for a storage node.  I think that some people plan to run the Glance API and registry on the same machine too.  We could run these things on 80, 81, and 82 in the case of a storage node, but I don't see that that's any better than using arbitrary ports as we are at the moment.  8080 is a possibility too of course, but some people may want to run web UIs on these nodes too, in which case it would be nice to keep 8080 available.
> All said, I think if people are serious about running storage nodes with account, container, and object servers together, then it's reasonable for us to ask for new ports to be assigned.  The argument is weaker (but still reasonable I think) for storage API nodes with auth and proxy together (proxy will use port 80, but we still need one for auth).


I don't see a lot of utility in trying to get IANA assigned ports for
services that are completely internal to swift.  They could change in
the future, and vary greatly between different
configurations/deployments anyway.

I do recommend that in a production environment, public HTTP-based
services live on port 80/443.  I also recommend that the swift auth
server is for entertainment purposes only.

-- Mike




More information about the Openstack mailing list