5.1. Appendix A: Controller and Compute Ports

This section lists the TCP ports that need to be open for Virtuozzo PowerPanel to operate properly. I in the Description column indicates that the port should be open for incoming traffic and O, for outgoing traffic.

5.1.1. Controller Ports

If you have a firewall enabled on the controller, the deploy script will create rules to open these ports automatically.

Port Description
35357 (IO) Used by the Keystone identity service.
6556, 6557 (IO) Used by the Virtuozzo PowerPanel services vzapi and vncproxy.
5671 (IO) Used by the RabbitMQ message broker to exchange messages between PowerPanel components.
3306 (IO) Used to connect to the internal database.
443 (O) Used to send problem reports to the support team.
80 (IO) Used for HTTP connections, e.g., to download Virtuozzo updates from remote repositories.

5.1.2. Compute Ports

Compute nodes running Virtuozzo do not have the firewall enabled by default. If, however, you have configured and started a firewall manually on a compute node, create rules to open these ports on that compute node. For example, if you use firewalld:

# firewall-cmd --permanent --zone=public --add-port=35357/tcp --add-port=6556-6557/tcp --add-port=5671/tcp --add-port=3306/tcp
Port Description
35357 (IO) Used by the Keystone identity service.
6556, 6557 (IO) Used by the Virtuozzo PowerPanel services vzapi and vncproxy.
5671 (IO) Used by the RabbitMQ message broker to exchange messages between Virtuozzo PowerPanel components.
3306 (IO) Used to connect to the internal database.