[Openstack] [keystone] Keystone on port 5000 - proposing change default port to 8770
Gabriel Hurley
Gabriel.Hurley at nebula.com
Thu Jun 21 19:36:09 UTC 2012
The port change is fine with me since we're trampling on an already-registered port number.
However, I'd like to ask again about the admin vs. standard ports in the Keystone v3 API. There was no mention of the differentiation between the two or how they would be used. Especially in a post-RBAC/policy.json world, what is an "admin" API call? Does Keystone really need two ports (Matt Joyce suggests it does) or could they be one?
- Gabriel
> -----Original Message-----
> From: openstack-bounces+gabriel.hurley=nebula.com at lists.launchpad.net
> [mailto:openstack-
> bounces+gabriel.hurley=nebula.com at lists.launchpad.net] On Behalf Of
> Nguyen, Liem Manh
> Sent: Thursday, June 21, 2012 10:40 AM
> To: Joseph Heck; Vaze, Mandar
> Cc: openstack at lists.launchpad.net
> Subject: Re: [Openstack] [keystone] Keystone on port 5000 - proposing
> change default port to 8770
>
> +1 for an IANA-registered public port. I wonder why we registered the
> admin port, but not the public port in the first place.
>
> Liem
>
> -----Original Message-----
> From: openstack-bounces+liem_m_nguyen=hp.com at lists.launchpad.net
> [mailto:openstack-bounces+liem_m_nguyen=hp.com at lists.launchpad.net]
> On Behalf Of Joseph Heck
> Sent: Thursday, June 21, 2012 1:28 AM
> To: Vaze, Mandar
> Cc: openstack at lists.launchpad.net
> Subject: Re: [Openstack] [keystone] Keystone on port 5000 - proposing
> change default port to 8770
>
> Honestly the only reason is that I've heard some fairly direct feedback that
> port 5000 is that MS uPnP port and hence blocked by many corporate
> entities, so it's just a matter of a PITA and a slight bump in setup for those
> groups. Thought to honestly register another port with IANA like 35357 and
> put it in place - wanted to see if anyone screamed first.
>
> -joe
>
> On Jun 20, 2012, at 8:49 PM, Vaze, Mandar wrote:
> > "public_port" is configurable via keystone.conf - so if port 5000 is blocked in
> specific setup, it is trivial to change it to some other port.
> >
> > why make so many changes (REST docs, XML docs, devstack, and the code)
> for a parameter that can be easily tweaked ?
> >
> > -Mandar
> >
> > -----Original Message-----
> > From: openstack-bounces+mandar.vaze=nttdata.com at lists.launchpad.net
> [mailto:openstack-bounces+mandar.vaze=nttdata.com at lists.launchpad.net]
> On Behalf Of Joseph Heck
> > Sent: Thursday, June 21, 2012 4:46 AM
> > To: openstack at lists.launchpad.net (openstack at lists.launchpad.net)
> > Subject: [Openstack] [keystone] Keystone on port 5000 - proposing change
> default port to 8770
> >
> > At the risk of a terrible public tar and feathering...
> >
> > I've learned that port 5000 (which Keystone is using for it's default public-
> token-auth stuff) is commonly blocked by many firewalls, as it's been
> registered as a Microsoft uPnP port.
> >
> > I thought I'd go ahead and propose changing the default to 8770. I picked
> this number because it's close to the Nova ports in common use (8773, 8774,
> 8775, and 8776).
> >
> > And yes, I'll submit updates to all REST docs, XML docs, devstack, and the
> code.
> >
> > So... how many people do I need to worry about murdering me for this
> next design summit?
> >
> > -joe
> >
> > _______________________________________________
> > Mailing list: https://launchpad.net/~openstack
> > Post to : openstack at lists.launchpad.net
> > Unsubscribe : https://launchpad.net/~openstack
> > More help : https://help.launchpad.net/ListHelp
> >
> >
> __________________________________________________________
> ____________
> > Disclaimer:This email and any attachments are sent in strictest confidence
> for the sole use of the addressee and may contain legally privileged,
> confidential, and proprietary data. If you are not the intended recipient,
> please advise the sender by replying promptly to this email and then delete
> and destroy this email and any attachments without any further use, copying
> or forwarding
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
More information about the Openstack
mailing list