Re: [openstack-dev] [devstack][keystone] (98)Address already in use: make_sock: could not bind to address [::]:5000 & 0.0.0.0:5000
Hi, You can handle this one of two ways. 1) semanage port -m -t -p tcp 5000 Which will relabel port 5000 as whatever you choose. 2) Or you could allow to bind to commplex_main_port_t allow commplex_main_port_t:tcp_socket name_bind; This will allow to connect to any port labeled commplex_main_port_t. Sincerely, Ryan - Original Message - From: "Ray Chen" To: "OpenStack Development Mailing List (not for usage questions)" Sent: Thursday, July 17, 2014 10:57:41 AM Subject: Re: [openstack-dev] [devstack][keystone] (98)Address already in use: make_sock: could not bind to address [::]:5000 & 0.0.0.0:5000 try to disable the selinux module. I can setup devstack env on my fedora machine with selinux disabled on my fedora machine, selinux is disable, and port 5000 look likes are still used by selinux, [ray@fedora devstack]$ sudo semanage port -l|grep 5000 cluster_port_t tcp 5149, 40040, 50006-50008 cluster_port_t udp 5149, 50006-50008 commplex_main_port_t tcp 5000 commplex_main_port_t udp 5000 [ray@fedora devstack]$ netstat -anp | grep 5000 tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN 6171/python [ray@fedora devstack]$ ps -ef | grep python ray 6171 5695 0 21:34 pts/3 00:00:07 python /opt/stack/keystone/bin/keystone-all --config-file /etc/keystone/keystone.conf --debug On Thu, Jul 17, 2014 at 10:23 PM, Rich Megginson < rmegg...@redhat.com > wrote: On 07/16/2014 10:40 PM, Joe Jiang wrote: Hi all, Thanks for your responds. I try to running # sudo semanage port -l|grep 5000 in my envrionment and get same infomation. >> ... >> commplex_main_port_t tcp 5000 >> commplex_main_port_t udp 5000 then, I wanna remove this port(5000) from SELinux policy rules list use this command(semanage port -d -p tcp -t commplex_port_t 5000), the console echo is "/usr/sbin/semanage: Port tcp/5000 is defined in policy, cannot be deleted" , and 'udp/5000' is same reply. Some sounds[1] say, this port is declared in the corenetwork source policy which is compiled in the base module. So, Have to recompile selinux module? I think that's the only way to do it if you want to relabel port 5000. Thanks. Joe. [1] http://www.redhat.com/archives/fedora-selinux-list/2009-September/msg00056.html >> Another problem with port 5000 in Fedora, and probably more recent >> versions of RHEL, is the selinux policy: >> >> # sudo semanage port -l|grep 5000 >> ... >> commplex_main_port_t tcp 5000 >> commplex_main_port_t udp 5000 >> >> There is some service called "commplex" that has already "claimed" port >> 5000 for its use, at least as far as selinux goes. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [devstack][keystone] (98)Address already in use: make_sock: could not bind to address [::]:5000 & 0.0.0.0:5000
try to disable the selinux module. I can setup devstack env on my fedora machine with selinux disabled on my fedora machine, selinux is disable, and port 5000 look likes are still used by selinux, [ray@fedora devstack]$ sudo semanage port -l|grep 5000 cluster_port_t tcp 5149, 40040, 50006-50008 cluster_port_t udp 5149, 50006-50008 commplex_main_port_t tcp 5000 commplex_main_port_t udp 5000 [ray@fedora devstack]$ netstat -anp | grep 5000 tcp0 0 0.0.0.0:50000.0.0.0:* LISTEN 6171/python [ray@fedora devstack]$ ps -ef | grep python ray 6171 5695 0 21:34 pts/300:00:07 python /opt/stack/keystone/bin/keystone-all --config-file /etc/keystone/keystone.conf --debug On Thu, Jul 17, 2014 at 10:23 PM, Rich Megginson wrote: > On 07/16/2014 10:40 PM, Joe Jiang wrote: > > Hi all, > Thanks for your responds. > > I try to running # sudo semanage port -l|grep 5000 in my envrionment and > get same infomation. > >> ... > >> commplex_main_port_t tcp 5000 > >> commplex_main_port_t udp 5000 > then, I wanna remove this port(5000) from SELinux policy rules list use > this command(semanage port -d -p tcp -t commplex_port_t 5000), > the console echo is "/usr/sbin/semanage: Port tcp/5000 is defined in > policy, cannot be deleted", and 'udp/5000' is same reply. > Some sounds[1] say, this port is declared in the corenetwork source policy > which is compiled in the base module. > So, Have to recompile selinux module? > > > I think that's the only way to do it if you want to relabel port 5000. > > > > > > Thanks. > Joe. > > [1] > > http://www.redhat.com/archives/fedora-selinux-list/2009-September/msg00056.html > > > > > > >> Another problem with port 5000 in Fedora, and probably more recent > >> versions of RHEL, is the selinux policy: > >> > >> # sudo semanage port -l|grep 5000 > >> ... > >> commplex_main_port_t tcp 5000 > >> commplex_main_port_t udp 5000 > >> > >> There is some service called "commplex" that has already "claimed" port > >> 5000 for its use, at least as far as selinux goes. > > > > > > > > ___ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [devstack][keystone] (98)Address already in use: make_sock: could not bind to address [::]:5000 & 0.0.0.0:5000
On 07/16/2014 10:40 PM, Joe Jiang wrote: Hi all, Thanks for your responds. I try to running # sudo semanage port -l|grep 5000 in my envrionment and get same infomation. >> ... >> commplex_main_port_t tcp 5000 >> commplex_main_port_t udp 5000 then, I wanna remove this port(5000) from SELinux policy rules list use this command(semanage port -d -p tcp -t commplex_port_t 5000), the console echo is "/usr/sbin/semanage: Port tcp/5000 is defined in policy, cannot be deleted", and 'udp/5000' is same reply. Some sounds[1] say, this port is declared in the corenetwork source policy which is compiled in the base module. So, Have to recompile selinux module? I think that's the only way to do it if you want to relabel port 5000. Thanks. Joe. [1] http://www.redhat.com/archives/fedora-selinux-list/2009-September/msg00056.html >> Another problem with port 5000 in Fedora, and probably more recent >> versions of RHEL, is the selinux policy: >> >> # sudo semanage port -l|grep 5000 >> ... >> commplex_main_port_t tcp 5000 >> commplex_main_port_t udp 5000 >> >> There is some service called "commplex" that has already "claimed" port >> 5000 for its use, at least as far as selinux goes. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [devstack][keystone] (98)Address already in use: make_sock: could not bind to address [::]:5000 & 0.0.0.0:5000
Hi all, Thanks for your responds. I try to running # sudo semanage port -l|grep 5000 in my envrionment and get same infomation. >> ... >> commplex_main_port_t tcp 5000 >> commplex_main_port_t udp 5000 then, I wanna remove this port(5000) from SELinux policy rules list use this command(semanage port -d -p tcp -t commplex_port_t 5000), the console echo is "/usr/sbin/semanage: Port tcp/5000 is defined in policy, cannot be deleted", and 'udp/5000' is same reply. Some sounds[1] say, this port is declared in the corenetwork source policy which is compiled in the base module. So, Have to recompile selinux module? Thanks. Joe. [1] http://www.redhat.com/archives/fedora-selinux-list/2009-September/msg00056.html >> Another problem with port 5000 in Fedora, and probably more recent >> versions of RHEL, is the selinux policy: >> >> # sudo semanage port -l|grep 5000 >> ... >> commplex_main_port_t tcp 5000 >> commplex_main_port_t udp 5000 >> >> There is some service called "commplex" that has already "claimed" port >> 5000 for its use, at least as far as selinux goes. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [devstack][keystone] (98)Address already in use: make_sock: could not bind to address [::]:5000 & 0.0.0.0:5000
On 07/16/2014 09:10 AM, Morgan Fainberg wrote: -- From: Rich Megginson rmegg...@redhat.com Reply: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.org Date: July 16, 2014 at 08:08:00 To: openstack-dev@lists.openstack.org openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] [devstack][keystone] (98)Address already in use: make_sock: could not bind to address [::]:5000 & 0.0.0.0:5000 Another problem with port 5000 in Fedora, and probably more recent versions of RHEL, is the selinux policy: # sudo semanage port -l|grep 5000 ... commplex_main_port_t tcp 5000 commplex_main_port_t udp 5000 There is some service called "commplex" that has already "claimed" port 5000 for its use, at least as far as selinux goes. Wouldn’t this also affect the eventlet-based Keystone using port 5000? Yes, it should. This is not an apache-specific related issue is it? No, afaict. —Morgan ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [devstack][keystone] (98)Address already in use: make_sock: could not bind to address [::]:5000 & 0.0.0.0:5000
-- From: Rich Megginson rmegg...@redhat.com Reply: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.org Date: July 16, 2014 at 08:08:00 To: openstack-dev@lists.openstack.org openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] [devstack][keystone] (98)Address already in use: make_sock: could not bind to address [::]:5000 & 0.0.0.0:5000 > Another problem with port 5000 in Fedora, and probably more recent > versions of RHEL, is the selinux policy: > > # sudo semanage port -l|grep 5000 > ... > commplex_main_port_t tcp 5000 > commplex_main_port_t udp 5000 > > There is some service called "commplex" that has already "claimed" port > 5000 for its use, at least as far as selinux goes. > Wouldn’t this also affect the eventlet-based Keystone using port 5000? This is not an apache-specific related issue is it? —Morgan ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [devstack][keystone] (98)Address already in use: make_sock: could not bind to address [::]:5000 & 0.0.0.0:5000
On 07/16/2014 08:43 AM, Brian Haley wrote: On 07/16/2014 07:34 AM, Joe Jiang wrote: Hi all, When I just set up my develope environment use devstack at CentOS 6.5, that fetch devstack source via github.com and checkout stable/icehouse branch. and bellow[1] is the error log fragment. I'm not sure if I am ok to ask my question in this mail list or not, because I search all of the web and still not resolve it. Anyway, I need you help. and, your help is a highly appreciated. I tripped over a similar issue with Horizon yesterday and found this bug: https://bugs.launchpad.net/devstack/+bug/1340660 The error I saw was with port 80, so I was able to disable Horizon to get around it, and I didn't see anything obvious in the apache error logs to explain it. -Brian Another problem with port 5000 in Fedora, and probably more recent versions of RHEL, is the selinux policy: # sudo semanage port -l|grep 5000 ... commplex_main_port_t tcp 5000 commplex_main_port_t udp 5000 There is some service called "commplex" that has already "claimed" port 5000 for its use, at least as far as selinux goes. 2014-07-16 11:08:53.282 | + sudo sed '/^Listen/s/^.*$/Listen 0.0.0.0:80/' -i /etc/httpd/conf/httpd.conf 2014-07-16 11:08:53.295 | + sudo rm -f '/var/log/httpd/horizon_*' 2014-07-16 11:08:53.310 | + sudo sh -c 'sed -e " 2014-07-16 11:08:53.310 | s,%USER%,stack,g; 2014-07-16 11:08:53.310 | s,%GROUP%,stack,g; 2014-07-16 11:08:53.310 | s,%HORIZON_DIR%,/opt/stack/horizon,g; 2014-07-16 11:08:53.310 | s,%APACHE_NAME%,httpd,g; 2014-07-16 11:08:53.310 | s,%DEST%,/opt/stack,g; 2014-07-16 11:08:53.310 | s,%HORIZON_REQUIRE%,,g; 2014-07-16 11:08:53.310 | " /home/devstack/files/apache-horizon.template /etc/httpd/conf.d/horizon.conf' 2014-07-16 11:08:53.321 | + start_horizon 2014-07-16 11:08:53.321 | + restart_apache_server 2014-07-16 11:08:53.321 | + restart_service httpd 2014-07-16 11:08:53.321 | + is_ubuntu 2014-07-16 11:08:53.321 | + [[ -z rpm ]] 2014-07-16 11:08:53.322 | + '[' rpm = deb ']' 2014-07-16 11:08:53.322 | + sudo /sbin/service httpd restart 2014-07-16 11:08:53.361 | Stopping httpd: [FAILED] 2014-07-16 11:08:53.532 | Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName 2014-07-16 11:08:53.533 | (98)Address already in use: make_sock: could not bind to address [::]:5000 2014-07-16 11:08:53.533 | (98)Address already in use: make_sock: could not bind to address 0.0.0.0:5000 2014-07-16 11:08:53.533 | no listening sockets available, shutting down 2014-07-16 11:08:53.533 | Unable to open logs 2014-07-16 11:08:53.547 | [FAILED] 2014-07-16 11:08:53.549 | + exit_trap 2014-07-16 11:08:53.549 | + local r=1 2014-07-16 11:08:53.549 | ++ jobs -p 2014-07-16 11:08:53.550 | + jobs= 2014-07-16 11:08:53.550 | + [[ -n '' ]] 2014-07-16 11:08:53.550 | + exit 1 [stack@stack devstack]$ ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [devstack][keystone] (98)Address already in use: make_sock: could not bind to address [::]:5000 & 0.0.0.0:5000
On 07/16/2014 07:34 AM, Joe Jiang wrote: > Hi all, > > When I just set up my develope environment use devstack at CentOS 6.5, > that fetch devstack source via github.com and checkout stable/icehouse branch. > and bellow[1] is the error log fragment. > I'm not sure if I am ok to ask my question in this mail list or not, > because I search all of the web and still not resolve it. > Anyway, I need you help. and, your help is a highly appreciated. I tripped over a similar issue with Horizon yesterday and found this bug: https://bugs.launchpad.net/devstack/+bug/1340660 The error I saw was with port 80, so I was able to disable Horizon to get around it, and I didn't see anything obvious in the apache error logs to explain it. -Brian > 2014-07-16 11:08:53.282 | + sudo sed '/^Listen/s/^.*$/Listen 0.0.0.0:80/' -i > /etc/httpd/conf/httpd.conf > 2014-07-16 11:08:53.295 | + sudo rm -f '/var/log/httpd/horizon_*' > 2014-07-16 11:08:53.310 | + sudo sh -c 'sed -e " > 2014-07-16 11:08:53.310 | s,%USER%,stack,g; > 2014-07-16 11:08:53.310 | s,%GROUP%,stack,g; > 2014-07-16 11:08:53.310 | s,%HORIZON_DIR%,/opt/stack/horizon,g; > 2014-07-16 11:08:53.310 | s,%APACHE_NAME%,httpd,g; > 2014-07-16 11:08:53.310 | s,%DEST%,/opt/stack,g; > 2014-07-16 11:08:53.310 | s,%HORIZON_REQUIRE%,,g; > 2014-07-16 11:08:53.310 | " /home/devstack/files/apache-horizon.template >>/etc/httpd/conf.d/horizon.conf' > 2014-07-16 11:08:53.321 | + start_horizon > 2014-07-16 11:08:53.321 | + restart_apache_server > 2014-07-16 11:08:53.321 | + restart_service httpd > 2014-07-16 11:08:53.321 | + is_ubuntu > 2014-07-16 11:08:53.321 | + [[ -z rpm ]] > 2014-07-16 11:08:53.322 | + '[' rpm = deb ']' > 2014-07-16 11:08:53.322 | + sudo /sbin/service httpd restart > 2014-07-16 11:08:53.361 | Stopping httpd: [FAILED] > 2014-07-16 11:08:53.532 | Starting httpd: httpd: Could not reliably determine > the server's fully qualified domain name, using 127.0.0.1 for ServerName > 2014-07-16 11:08:53.533 | (98)Address already in use: make_sock: could not > bind > to address [::]:5000 > 2014-07-16 11:08:53.533 | (98)Address already in use: make_sock: could not > bind > to address 0.0.0.0:5000 > 2014-07-16 11:08:53.533 | no listening sockets available, shutting down > 2014-07-16 11:08:53.533 | Unable to open logs > 2014-07-16 11:08:53.547 | [FAILED] > 2014-07-16 11:08:53.549 | + exit_trap > 2014-07-16 11:08:53.549 | + local r=1 > 2014-07-16 11:08:53.549 | ++ jobs -p > 2014-07-16 11:08:53.550 | + jobs= > 2014-07-16 11:08:53.550 | + [[ -n '' ]] > 2014-07-16 11:08:53.550 | + exit 1 > [stack@stack devstack]$ > > > > > ___ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [devstack][keystone] (98)Address already in use: make_sock: could not bind to address [::]:5000 & 0.0.0.0:5000
Since Keystone moved to running under httpd, it uses port 5000 by default. Seems like something is already running on port 5000 on your machine. You can try finding the process running on port 5000 by doing: netstat -plten |grep java and then killing it, the PID should be one of th columns. Regards, Steve Martinelli Software Developer - Openstack Keystone Core Member Phone: 1-905-413-2851 E-mail: steve...@ca.ibm.com 8200 Warden Ave Markham, ON L6G 1C7 Canada From: "Joe Jiang" To: openstack-dev@lists.openstack.org, Date: 07/16/2014 07:37 AM Subject: [openstack-dev] [devstack][keystone] (98)Address already in use: make_sock: could not bind to address [::]:5000 & 0.0.0.0:5000 Hi all, When I just set up my develope environment use devstack at CentOS 6.5, that fetch devstack source via github.com and checkout stable/icehouse branch. and bellow[1] is the error log fragment. I'm not sure if I am ok to ask my question in this mail list or not, because I search all of the web and still not resolve it. Anyway, I need you help. and, your help is a highly appreciated. Thanks. Joe. 2014-07-16 11:08:53.282 | + sudo sed '/^Listen/s/^.*$/Listen 0.0.0.0:80/' -i /etc/httpd/conf/httpd.conf 2014-07-16 11:08:53.295 | + sudo rm -f '/var/log/httpd/horizon_*' 2014-07-16 11:08:53.310 | + sudo sh -c 'sed -e " 2014-07-16 11:08:53.310 | s,%USER%,stack,g; 2014-07-16 11:08:53.310 | s,%GROUP%,stack,g; 2014-07-16 11:08:53.310 | s,%HORIZON_DIR%,/opt/stack/horizon,g; 2014-07-16 11:08:53.310 | s,%APACHE_NAME%,httpd,g; 2014-07-16 11:08:53.310 | s,%DEST%,/opt/stack,g; 2014-07-16 11:08:53.310 | s,%HORIZON_REQUIRE%,,g; 2014-07-16 11:08:53.310 | " /home/devstack/files/apache-horizon.template >/etc/httpd/conf.d/horizon.conf' 2014-07-16 11:08:53.321 | + start_horizon 2014-07-16 11:08:53.321 | + restart_apache_server 2014-07-16 11:08:53.321 | + restart_service httpd 2014-07-16 11:08:53.321 | + is_ubuntu 2014-07-16 11:08:53.321 | + [[ -z rpm ]] 2014-07-16 11:08:53.322 | + '[' rpm = deb ']' 2014-07-16 11:08:53.322 | + sudo /sbin/service httpd restart 2014-07-16 11:08:53.361 | Stopping httpd: [FAILED] 2014-07-16 11:08:53.532 | Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName 2014-07-16 11:08:53.533 | (98)Address already in use: make_sock: could not bind to address [::]:5000 2014-07-16 11:08:53.533 | (98)Address already in use: make_sock: could not bind to address 0.0.0.0:5000 2014-07-16 11:08:53.533 | no listening sockets available, shutting down 2014-07-16 11:08:53.533 | Unable to open logs 2014-07-16 11:08:53.547 | [FAILED] 2014-07-16 11:08:53.549 | + exit_trap 2014-07-16 11:08:53.549 | + local r=1 2014-07-16 11:08:53.549 | ++ jobs -p 2014-07-16 11:08:53.550 | + jobs= 2014-07-16 11:08:53.550 | + [[ -n '' ]] 2014-07-16 11:08:53.550 | + exit 1 [stack@stack devstack]$ ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev