Red Hat SummitChapter 5. Network ports and protocols
Red Hat Ansible Automation Platform uses several ports to communicate with its services. These ports must be open and available for incoming connections to the Red Hat Ansible Automation Platform server in order for it to work. Ensure that these ports are available and are not being blocked by the server firewall.
The following architectural diagram is an example of a fully deployed Ansible Automation Platform with all possible components.
The following tables show the default Red Hat Ansible Automation Platform destination ports required for each application.
The following default destination ports and installer inventory listed are configurable. If you choose to configure them to suit your environment, you might experience a change in behavior.
| Port | Protocol | Service | Direction | Installer Inventory Variable | Required for |
|---|---|---|---|---|---|
| 22 | TCP | SSH | Inbound and Outbound |
| Remote access during installation |
| 5432 | TCP | Postgres | Inbound and Outbound |
| Default port ALLOW connections from controller(s) to database port |
| Port | Protocol | Service | Direction | Installer Inventory Variable | Required for |
|---|---|---|---|---|---|
| 22 | TCP | SSH | Inbound and Outbound |
| Installation |
| 80 | TCP | HTTP | Inbound |
| UI/API |
| 443 | TCP | HTTPS | Inbound |
| UI/API |
| 5432 | TCP | PostgreSQL | Inbound and Outbound |
| Open only if the internal database is used along with another component. Otherwise, this port should not be open Hybrid mode in a cluster |
| 27199 | TCP | Receptor | Inbound and Outbound |
| ALLOW receptor listener port across all controllers for mandatory and automatic control plane clustering |
| Port | Protocol | Service | Direction | Installer Inventory Variable | Required for |
|---|---|---|---|---|---|
| 22 | TCP | SSH | Inbound and Outbound |
| Installation |
| 27199 | TCP | Receptor | Inbound and Outbound |
| Mesh ALLOW connection from controller(s) to Receptor port |
| Port | Protocol | Service | Direction | Installer Inventory Variable | Required for |
|---|---|---|---|---|---|
| 22 | TCP | SSH | Inbound and Outbound |
| Installation |
| 80/443 | TCP | SSH | Inbound and Outbound | Fixed value (maps to Table 5.7 Automation hub’s "User interface" port) | Allows execution nodes to pull the execution environment image from automation hub |
| 27199 | TCP | Receptor | Inbound and Outbound |
| Mesh - Nodes directly peered to controllers. No hop nodes involved. 27199 is bi-directional for the execution nodes ALLOW connections from controller(s) to Receptor port (non-hop connected nodes) ALLOW connections from hop node(s) to Receptor port (if relayed through hop nodes) |
| Port | Protocol | Service | Direction | Installer Inventory Variable | Required for |
|---|---|---|---|---|---|
| 22 | TCP | SSH | Inbound and Outbound |
| Installation |
| 27199 | TCP | Receptor | Inbound and Outbound |
| Mesh - Nodes directly peered to controllers. Direct nodes involved. 27199 is bi-directional for execution nodes ENABLE connections from controller(s) to Receptor port for non-hop connected nodes ENABLE connections from hop node(s) to Receptor port if relayed through hop nodes |
| 443 | TCP | Podman | Inbound |
| UI/API |
| Port | Protocol | Service | Direction | Installer Inventory Variable | Required for |
|---|---|---|---|---|---|
| 22 | TCP | SSH | Inbound and Outbound |
| Installation |
| 27199 | TCP | Receptor | Inbound and Outbound |
| Mesh - Nodes directly peered to controllers. No hop nodes involved. 27199 is bi-directional for the execution nodes ENABLE connections from controller(s) to Receptor port for non-hop connected nodes ENABLE connections from hop node(s) to Receptor port if relayed through hop nodes |
| 443 | TCP | Podman | Inbound |
| UI/API |
| Port | Protocol | Service | Direction | Installer Inventory Variable | Required for |
|---|---|---|---|---|---|
| 22 | TCP | SSH | Inbound and Outbound |
| Installation |
| 80 | TCP | HTTP | Inbound | Fixed value | User interface |
| 443 | TCP | HTTPS | Inbound | Fixed value | User interface |
| 5432 | TCP | PostgreSQL | Inbound and Outbound |
| Open only if the internal database is used along with another component. Otherwise, this port should not be open |
| Port | Protocol | Service | Direction | Installer Inventory Variable | Required for |
|---|---|---|---|---|---|
| 22 | TCP | SSH | Inbound and Outbound |
| Installation |
| 443 | TCP | HTTPS | Inbound |
| Access to Service Catalog user interface |
| 5432 | TCP | PostgreSQL | Inbound and Outbound |
| Open only if the internal database is used. Otherwise, this port should not be open |
| URL | Required for |
|---|---|
| General account services, subscriptions | |
| Insights data upload | |
| Inventory upload and Cloud Connector connection | |
| Access to Insights dashboard |
| URL | Required for |
|---|---|
| General account services, subscriptions | |
| Indexing execution environments | |
| TCP | |
| https://automation-hub-prd.s3.amazonaws.com https://automation-hub-prd.s3.us-east-2.amazonaws.com/ | Firewall access |
| Ansible Community curated Ansible content | |
| https://ansible-galaxy-ng.s3.dualstack.us-east-1.amazonaws.com | |
| Access to container images provided by Red Hat and partners | |
| Red Hat and partner curated Ansible Collections |
| URL | Required for |
|---|---|
| Access to container images provided by Red Hat and partners | |
|
| Access to container images provided by Red Hat and partners |
|
| Access to container images provided by Red Hat and partners |
|
| Access to container images provided by Red Hat and partners |
|
| Access to container images provided by Red Hat and partners |
Image manifests and filesystem blobs are served directly from registry.redhat.io. However, from 1 May 2023, filesystem blobs are served from quay.io instead. To avoid problems pulling container images, you must enable outbound connections to the listed quay.io hostnames.
Make this change to any firewall configuration that specifically enables outbound connections to registry.redhat.io.
Use the hostnames instead of IP addresses when configuring firewall rules.
After making this change, you can continue to pull images from registry.redhat.io. You do not require a quay.io login, or need to interact with the quay.io registry directly in any way to continue pulling Red Hat container images.
For more information, see the article here
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}