Red Hat Training

A Red Hat training course is available for Red Hat OpenStack Platform

Firewall Rules for Red Hat OpenStack Platform

Red Hat OpenStack Platform 13

List of required ports and protocols.

OpenStack Documentation Team

Abstract

This article describes the firewall rules created by the Red Hat OpenStack Platform director.

Chapter 1. Firewall Rules for Red Hat OpenStack Platform

This article describes the firewall configuration created by the director on Red Hat OpenStack Platform. These ports are required for services running on the overcloud.

1.1. Nova API

ServiceProtocolPortsNotes

nova

TCP

6080

Nova novnc Proxy

nova

TCP

13080

Nova novnc Proxy (SSL)

nova

TCP

8773

Nova EC2 API

nova

TCP

3773

Nova EC2 API (SSL)

nova

TCP

8774

Nova API

nova

TCP

13774

Nova API (SSL)

nova

TCP

8775

Nova Metadata

1.2. HAProxy

ServiceProtocolPortsNotes

haproxy_stats

TCP

1993

 

1.3. Glance Registry API

ServiceProtocolPortsNotes

glance

TCP

9191

Glance Registry API

1.4. Ceilometer API

ServiceProtocolPortsNotes

ceilometer

TCP

8777

Ceilometer API

ceilometer

TCP

13777

Ceilometer API (SSL)

1.5. Keystone

ServiceProtocolPortsNotes

keystone

TCP

5000

Keystone Public API

keystone

TCP

13000

Keystone Public API (SSL)

keystone

TCP

35357

Keystone Admin API

keystone

TCP

13357

Keystone Admin API (SSL)

1.6. Ironic Conductor

ServiceProtocolPortsNotes

TFTP

UDP

69

 

HTTP

TCP

8088

 

1.7. Nova Libvirt

ServiceProtocolPortsNotes

nova_libvirt

TCP

16514

 

1.8. RabbitMQ

ServiceProtocolPortsNotes

rabbitmq

TCP

4369

Rabbitmq

rabbitmq

TCP

5672

Rabbitmq

rabbitmq

TCP

25672

Rabbitmq

1.9. Glance API

ServiceProtocolPortsNotes

glance

TCP

9292

Glance API

glance

TCP

13292

Glance API (SSL)

1.10. keepalived

ServiceProtocolPortsNotes

VRRP

VRRP

 

VRRP

1.11. Redis

ServiceProtocolPortsNotes

redis

TCP

6379

Internal service coordination

redis

TCP

26379

 

1.12. MySQL Galera

ServiceProtocolPortsNotes

mysql_galera

TCP

873

MySQL

mysql_galera

TCP

3306

 

mysql_galera

TCP

4444

 

mysql_galera

TCP

4567

 

mysql_galera

TCP

4568

 

mysql_galera

TCP

9200

Galera-monitor

1.13. MongoDB

ServiceProtocolPortsNotes

mongodb_config

TCP

27019

mongodb_config

mongodb_sharding

TCP

27018

mongodb_sharding

mongodb

TCP

27017

MongoDB

1.14. NTP

ServiceProtocolPortsNotes

ntp

UDP

123

NTP

1.15. Swift Storage

ServiceProtocolPortsNotes

swift

TCP

873

Rsync

swift

TCP

6000

Object Server

swift

TCP

6001

Container Server

swift

TCP

6002

Account Server

1.16. Ceph OSD

ServiceProtocolPortsNotes

ceph

TCP

6800-7300

 

1.17. Neutron L3

ServiceProtocolPortsNotes

VRRP

VRRP

 

VRRP

1.18. Heat CloudFormation API service

ServiceProtocolPortsNotes

heat

TCP

8000

Heat AWS CloudFormation-compatible API

heat

TCP

13800

Heat AWS CloudFormation-compatible API (SSL)

1.19. Gnocchi API

ServiceProtocolPortsNotes

gnocchi

TCP

8041

Gnocchi API

gnocchi

TCP

13041

Gnocchi API (SSL)

1.20. Gnocchi Statsd

ServiceProtocolPortsNotes

gnocchi_statsd

UDP

8125

Network daemon for statistics

1.21. Neutron DHCP

ServiceProtocolPortsNotes

neutron_DHCP

UDP

67

Provisioning the Overcloud

neutron_DHCP

UDP

68

 

1.22. Ceilometer SNMP

ServiceProtocolPortsNotes

SNMP

UDP

161

Ceilometer

1.23. Heat API

ServiceProtocolPortsNotes

heat

TCP

8004

Heat API Endpoint

heat

TCP

13004

Heat API Endpoint (SSL)

1.24. Neutron OVS Agent

ServiceProtocolPortsNotes

neutron_vxlan

UDP

4789

VXLAN

neutron_vxlan

GRE

GRE

 

1.25. Swift Proxy

ServiceProtocolPortsNotes

swift

TCP

8080

Swift Proxy

swift

TCP

13808

Swift Proxy (SSL)

1.26. Heat AWS CloudWatch-compatible API

ServiceProtocolPortsNotes

heat

TCP

8003

Heat AWS CloudWatch-compatible API

heat

TCP

13003

Heat AWS CloudWatch-compatible API (SSL)

1.27. Memcached service

ServiceProtocolPortsNotes

memcached

TCP

11211

 

1.28. Ceph Monitor service

ServiceProtocolPortsNotes

ceph

TCP

6789

 

1.29. Ceph RadosGW service

ServiceProtocolPortsNotes

ceph_rgw

TCP

8080

Ceph RGW

ceph_rgw

TCP

13080

Ceph RGW (SSL)

1.30. Cinder API

ServiceProtocolPortsNotes

cinder

TCP

8776

Cinder API

cinder

TCP

13776

Cinder API (SSL)

1.31. Cinder Volume iSCSI Initiator

ServiceProtocolPortsNotes

iSCSI

TCP

3260

 

1.32. Ironic API

ServiceProtocolPortsNotes

ironic

TCP

6385

Ironic API

ironic

TCP

13385

Ironic API (SSL)

1.33. pacemaker

ServiceProtocolPortsNotes

pacemaker

TCP

2224

 

pacemaker

TCP

3121

 

pacemaker

TCP

21064

 

pacemaker

UDP

5405

 

1.34. Sahara API

ServiceProtocolPortsNotes

sahara

TCP

8386

Sahara API

sahara

TCP

13386

Sahara API (SSL)

1.35. Neutron API

ServiceProtocolPortsNotes

neutron

TCP

9696

Neutron API

neutron

TCP

13696

Neutron API (SSL)

1.36. Horizon

ServiceProtocolPortsNotes

horizon

TCP

80

Dashboard

horizon

TCP

443

Dashboard (SSL)

1.37. AODH API

ServiceProtocolPortsNotes

aodh_api

TCP

8042

 

aodh_api

TCP

13042

 

1.38. Manila API

ServiceProtocolPortsNotes

manila

TCP

8786

Manila API

manila

TCP

13786

Manila API

Legal Notice

Copyright © 2018 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.