openstack team mailing list archive

[Ewan Mellor <Ewan.Mellor@xxxxxxxxxxxxx>]

Yes, that's a good point.  Certainly for the API nodes we should use port 80/443, and change the defaults if necessary.

We've got some complications though: http://swift.openstack.org/howto_installmultinode.html says "Auth node: ... This can be on the same node as a Proxy node" and "Storage nodes: Runs the swift-account-server, swift-container-server, and swift-object-server." This implies that we need at least two ports for a storage proxy, and three ports for a storage node.  I think that some people plan to run the Glance API and registry on the same machine too.  We could run these things on 80, 81, and 82 in the case of a storage node, but I don't see that that's any better than using arbitrary ports as we are at the moment.  8080 is a possibility too of course, but some people may want to run web UIs on these nodes too, in which case it would be nice to keep 8080 available.

All said, I think if people are serious about running storage nodes with account, container, and object servers together, then it's reasonable for us to ask for new ports to be assigned.  The argument is weaker (but still reasonable I think) for storage API nodes with auth and proxy together (proxy will use port 80, but we still need one for auth).

For Nova, I think we're OK with the HTTP ports, because most of the components are using rabbitmq for communication.  For Glance, I'm not sure.

Cheers,

Ewan.


> -----Original Message-----
> From: Eric Day [mailto:eday@xxxxxxxxxxxx]
> Sent: 02 January 2011 17:12
> To: Monty Taylor
> Cc: Jay Pipes; Ewan Mellor; openstack@xxxxxxxxxxxxxxxxxxx
> Subject: Re: [Openstack] Use of IANA-registered ports
> 
> For production deployments, the default port should be 80, no? I
> imagine most production deployments will be running port 80 and
> have different sets of hosts running each service (swift, glance,
> nova). Four single-machine setup we should explain how to change
> the ports so they don't interfere, but the official *should* stay at
> 80, IMHO.
> 
> Also, IANA is strict about handing out new ports, and the most likely
> response will be to use 80 or 8080 (HTTP-alt) since it is just HTTP.
> 
> -Eric
> 
> On Sun, Jan 02, 2011 at 08:29:11AM -0800, Monty Taylor wrote:
> > On 01/02/2011 05:39 AM, Jay Pipes wrote:
> > > This day was going to come sooner or later :)
> > >
> > > Yes, I think we should get IANA assignment of ports for Nova and
> Glance.
> > >
> > > Monty, you have experience doing this for Drizzle. Can you assist
> us?
> >
> > It was actually Eric who did it for Drizzle ... but I can certainly
> help. :)
> >
> > > On Sat, Jan 1, 2011 at 6:24 PM, Ewan Mellor
> <Ewan.Mellor@xxxxxxxxxxxxx> wrote:
> > >> I’ve just noticed that Glance (by default) is using IANA-
> registered ports
> > >> (they’re in my /etc/services, so netstat shows the incorrect named
> port),
> > >> and that made me wonder whether we should register ports of our
> own for all
> > >> of the OpenStack services.  Is anyone interested in getting IANA
> > >> registrations done?
> > >>
> > >>
> > >>
> > >> Ewan.
> > >>
> > >>
> > >>
> > >> _______________________________________________
> > >> Mailing list: https://launchpad.net/~openstack
> > >> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> > >> Unsubscribe : https://launchpad.net/~openstack
> > >> More help   : https://help.launchpad.net/ListHelp
> > >>
> > >>
> > >