Configure firewall rules for Red Hat OpenStack Platform director

Red Hat OpenStack Platform 9

Configure firewalls between the Controller and Compute nodes

OpenStack Documentation Team

Abstract

This article describes the firewall rules required for Red Hat OpenStack Platform director.

1. Configure Firewall Rules for Red Hat OpenStack Platform Director

This article describes the network ports required for controllers on Red Hat OpenStack Platform 9.

ServiceProtocolPortsNotes

mongodb_config

TCP

27019

mongodb_config

mongodb_sharding

TCP

27018

mongodb_sharding

mongodb

TCP

27017

MongoDB

mysql_galera

TCP

873

MySQL

mysql_galera

TCP

3306

 

mysql_galera

TCP

3306

 

mysql_galera

TCP

4444

 

mysql_galera

TCP

4567

 

mysql_galera

TCP

4568

 

mysql_galera

TCP

9200

Galera-monitor

ntp

UDP

123

NTP

VRRP

VRRP

 

VRRP

haproxy_stats

TCP

1993

 

redis

TCP

6379

internal service coordination

redis

TCP

26379

 

rabbitmq

TCP

5672

Rabbitmq

ceph

TCP

6789

 

ceph

TCP

6800-6810

 

keystone

TCP

5000

Keystone Public API

keystone

TCP

13000

Keystone Public API (SSL)

keystone

TCP

35357

Keystone Admin API

keystone

TCP

13357

Keystone Admin API (SSL)

glance

TCP

9292

Glance API

glance

TCP

9191

Glance Registry API

glance

TCP

13292

Glance API (SSL)

nova

TCP

6080

Nova novnc Proxy

nova

TCP

13080

Nova novnc Proxy (SSL)

nova

TCP

8773

Nova EC2 API

nova

TCP

3773

Nova EC2 API (SSL)

nova

TCP

8774

Nova API

nova

TCP

13774

Nova API (SSL)

nova

TCP

8775

Nova Metadata

neutron

TCP

9696

Neutron API

neutron

TCP

13696

Neutron API (SSL)

neutron_DHCP

TCP

67

Provisioning the Overcloud

neutron_DHCP

UDP

68

 

neutron_vxlan

UDP

4789

VXLAN

cinder

TCP

8776

Cinder API

cinder

TCP

13776

Cinder API (SSL)

iSCSI

TCP

3260

 

memcached

TCP

11211

 

Swift

TCP

8080

Swift Proxy

Swift

TCP

13808

Swift Proxy (SSL)

Swift

TCP

873

Rsync

Swift

TCP

6000

Object Server

Swift

TCP

6001

Container Server

Swift

TCP

6002

Account Server

ceilometer

TCP

8777

Ceilometer API

ceilometer

TCP

13777

Ceilometer API (SSL)

heat

TCP

8000

Heat AWS CloudFormation-compatible API

heat

TCP

13800

Heat AWS CloudFormation-compatible API (SSL)

heat

TCP

8003

Heat AWS CloudWatch-compatible API

heat

TCP

13003

Heat AWS CloudWatch-compatible API (SSL)

heat

TCP

8004

Heat API Endpoint

heat

TCP

13004

Heat API Endpoint (SSL)

horizon

TCP

80

Dashboard

horizon

TCP

443

Dashboard

SNMP

UDP

161

Ceilometer

aodh

TCP

8042

Ceilometer

aodh

TCP

13042

Ceilometer

gnocchi-api

TCP

8041

 

gnocchi-api

TCP

13041

 

Corosync

TCP

2224

Pacemaker clustering

Corosync

TCP

3121

Pacemaker clustering

Corosync

TCP

21064

Pacemaker clustering

Corosync

UDP

5405

Pacemaker clustering

sahara

TCP

8386

OpenStack Data Processing

sahara

TCP

13386

OpenStack Data Processing

Legal Notice

Copyright © 2017 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.