change default keystone port away from 5000
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
Invalid
|
Medium
|
Joseph Heck | ||
Bug Description
Honestly the only reason is that I've heard some fairly direct feedback that port 5000 is that MS uPnP port and hence blocked by many corporate entities, so it's just a matter of a PITA and a slight bump in setup for those groups. Thought to honestly register another port with IANA like 35357 and put it in place - wanted to see if anyone screamed first.
-joe
On Jun 20, 2012, at 8:49 PM, Vaze, Mandar wrote:
"public_port" is configurable via keystone.conf - so if port 5000 is blocked in specific setup, it is trivial to change it to some other port.
why make so many changes (REST docs, XML docs, devstack, and the code) for a parameter that can be easily tweaked ?
-Mandar
-----Original Message-----
From: <email address hidden> [mailto:<email address hidden>] On Behalf Of Joseph Heck
Sent: Thursday, June 21, 2012 4:46 AM
To: <email address hidden> (<email address hidden>)
Subject: [Openstack] [keystone] Keystone on port 5000 - proposing change default port to 8770
At the risk of a terrible public tar and feathering...
I've learned that port 5000 (which Keystone is using for it's default public-token-auth stuff) is commonly blocked by many firewalls, as it's been registered as a Microsoft uPnP port.
I thought I'd go ahead and propose changing the default to 8770. I picked this number because it's close to the Nova ports in common use (8773, 8774, 8775, and 8776).
And yes, I'll submit updates to all REST docs, XML docs, devstack, and the code.
| Joseph Heck (heckj) wrote | #1 |
| Joseph Heck (heckj) wrote | #2 |
| Joseph Heck (heckj) wrote | #3 |
| Changed in keystone: | |
| milestone: | none → folsom-3 |
| OpenStack Infra (hudson-openstack) wrote Fix proposed to keystone (master) | #4 |
| Changed in keystone: | |
| status: | Triaged → In Progress |
| Changed in keystone: | |
| status: | In Progress → Invalid |
| milestone: | folsom-3 → none |
| Joseph Heck (heckj) wrote | #5 |
Have requested a formal port from IANA for the public keystone port:
To whom it may concern:
This is an automatically generated message to notify you that we have
received your request, and it has been recorded in our ticketing
system with a reference number of 583461. To check the status
of your request, please see:
https:/
If you have any problems accessing this page, please contact
<email address hidden>.
There is no need to reply to this message right now. IANA staff will
review your message shortly.
If this message is in reply to a previously submitted ticket, it is
possible that the previous ticket has been marked as closed. As we
review this ticket, we will also review previous correspondence and
take appropriate action.
To expedite processing, and ensure our staff can view the full history
of this request, please make sure you include the follow exact text in
the subject line of all future correspondence on this issue:
[IANA #583461]
You can also simply reply to this message, as this tag is already in
the subject line.
Thank you,
The Internet Assigned Numbers Authority
<email address hidden>
-------
Application for a Port Number and/or Service Name
Assignee: Nebula <email address hidden>
Contact Person: Joe Heck <email address hidden>
Resource Request:
[x] Port Number
[x] Service Name
Transport Protocols:
[x] TCP
[ ] UDP
[ ] SCTP
[ ] DCCP
Service Code: []
Service Name: [openstack-id]
Desired Port Number: [8770]
Description: [public openstack identity api]
Reference:
[The keystone service (http://
Defined TXT Keys:
1. If broadcast/multicast is used, how and what for?
[]
2. If UDP is requested, please explain how traffic is limited, and whether the
protocol reacts to congestion.
[]
3. If UDP is requested, please indicate whether the service is solely
for the discovery of hosts supporting this protocol.
[]
4. Please explain how your protocol supports versioning.
[The REST API is versioned within the URI using a standard versioning scheme across all OpenStack projects. ]
5. If your request is for more than one transport, please explain in
detail how the protocol differs over each transport.
[Another openstack-id is also registered on port 35357, which is the administrative API port. The transports for public and administrative use are supported as defaulting to separate ports to allow for easier enforcement of security.]
6. Please describe how your protocol supports security. Note that presently
there is no IETF consensus on when it is appropriate to use a second port
for an insecure version of a protocol.
[If enabled, the protocol fully supports SSL encryption, and in future versions will support SSL server and client side authentication]
7. Please explain the state of development of your protocol.
[stable and in continued development - currently in V2, beginning implementation ...