5.1. Appendix A: Controller and Compute Ports

This section lists the TCP ports that need to be open for Virtuozzo PowerPanel to operate properly.

5.1.1. Controller Ports

The following ports need to be open on the controller node:

  • Ports 80, 443, 6556, 6557, 35357 in the external network for public access.
  • Ports 3306, 5671, 6556, 6557, 35357 in the internal network for communication with compute nodes.

If you have a firewall enabled on the controller, the deploy script will create rules to open the required ports automatically.

TCP port Traffic Description
35357 Incoming, outgoing Used by the Keystone identity service.
6556, 6557 Incoming, outgoing Used by the Virtuozzo PowerPanel services vzapi and vncproxy.
5671 Incoming, outgoing Used by the RabbitMQ message broker to exchange messages between PowerPanel components.
3306 Incoming, outgoing Used to connect to the internal database.
443 Outgoing Used to send problem reports to the support team.
80 Incoming, outgoing Used for HTTP connections, e.g., to download Virtuozzo updates from remote repositories.

5.1.2. Compute Ports

Compute nodes do not have a firewall enabled by default. If you need to start a firewall service on a compute node, open all ports listed in the table to let it communicate with the controller node. For example, if you use firewalld:

# firewall-cmd --permanent --zone=public \
--add-port=35357/tcp \
--add-port=6556-6557/tcp \
--add-port=5671/tcp \
--add-port=3306/tcp
TCP port Traffic Description
35357 Incoming, outgoing Used by the Keystone identity service.
6556, 6557 Incoming, outgoing Used by the Virtuozzo PowerPanel services vzapi and vncproxy.
5671 Incoming, outgoing Used by the RabbitMQ message broker to exchange messages between PowerPanel components.
3306 Incoming, outgoing Used to connect to the internal database.