Red Hat Summitこのコンテンツは選択した言語では利用できません。
Appendix B. Firewalls and default ports
On some deployments, such as ones where restrictive firewalls are in place, you might need to manually configure a firewall to permit OpenStack service traffic.
To manually configure a firewall, you must permit traffic through the ports that each OpenStack service uses. This table lists the default ports that each OpenStack service uses:
| OpenStack service | Default ports | Port type |
|---|---|---|
Block Storage (cinder)
|
8776 | publicurl and adminurl |
Compute (nova) endpoints
|
8774 | publicurl and adminurl |
Compute API (nova-api)
|
8773, 8775 | |
| Compute ports for access to virtual machine consoles | 5900-5999 | |
Compute VNC proxy for browsers ( openstack-nova-novncproxy)
|
6080 | |
Compute VNC proxy for traditional VNC clients (openstack-nova-xvpvncproxy)
|
6081 | |
| Proxy port for HTML5 console used by Compute service | 6082 | |
Data processing service (sahara) endpoint
|
8386 | publicurl and adminurl |
Identity service (keystone) administrative endpoint
|
35357 | adminurl |
| Identity service public endpoint | 5000 | publicurl |
Image service (glance) API
|
9292 | publicurl and adminurl |
| Image service registry | 9191 | |
Networking (neutron)
|
9696 | publicurl and adminurl |
Object Storage (swift)
|
6000, 6001, 6002 | |
Orchestration (heat) endpoint
|
8004 | publicurl and adminurl |
Orchestration AWS CloudFormation-compatible API (openstack-heat-api-cfn)
|
8000 | |
Orchestration AWS CloudWatch-compatible API (openstack-heat-api-cloudwatch)
|
8003 | |
Telemetry (ceilometer)
|
8777 | publicurl and adminurl |
To function properly, some OpenStack components depend on other, non-OpenStack services. For example, the OpenStack dashboard uses HTTP for non-secure communication. In this case, you must configure the firewall to allow traffic to and from HTTP.
This table lists the ports that other OpenStack components use:
| Service | Default port | Used by |
|---|---|---|
| HTTP | 80 |
OpenStack dashboard (Horizon) when it is not configured to use secure access.
|
| HTTP alternate | 8080 |
OpenStack Object Storage (swift) service.
|
| HTTPS | 443 | Any OpenStack service that is enabled for SSL, especially secure-access dashboard. |
| rsync | 873 | OpenStack Object Storage. Required. |
| iSCSI target | 3260 | OpenStack Block Storage. Required. |
| MySQL database service | 3306 | Most OpenStack components. |
| Message Broker (AMQP traffic) | 5672 | OpenStack Block Storage, Networking, Orchestration, and Compute. |
On some deployments, the default port used by a service may fall within the defined local port range of a host. To check a host's local port range:
sysctl -a | grep ip_local_port_range
$ sysctl -a | grep ip_local_port_range
If a service's default port falls within this range, run the following program to check if the port has already been assigned to another application:
lsof -i :PORT
$ lsof -i :PORT
Configure the service to use a different port if the default port is already being used by another application.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}