openstack
/
openstack-manuals
Code Issues Proposed changes

Added XML files for default ports sect and tables 

This patch adds XML files for:
- brief overview of firewall configuration
- table listing ports used by main openstack components
- table listing ports used by other services required by OpenStack

The resulting section will be added as an appendix to the Config Ref
Guide.

Change-Id: Ib7edf8f827cd0c31c51a9cbdaff475384960c7ee
Related-Bug: #1261617
This commit is contained in:
Don Domingo 2014-02-03 16:49:33 +10:00
parent 4d4da90dbb
commit 3b0b6dadd0
4 changed files with 215 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
doc/config-reference/app_firewalls-ports.xml Normal file
View File

@ -0,0 +1,23 @@
<?xml version="1.0" encoding="UTF-8"?>
<appendix xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="firewalls-default-ports">
<title>Firewalls and default ports</title>
<para>On some deployments, such as ones where restrictive
firewalls are in place, you might need to manually configure a
firewall to permit OpenStack service traffic.</para>
<para>To manually configure a firewall, you must permit traffic
through the ports that each OpenStack service uses. This table
lists the default ports that each OpenStack service
uses:</para>
<xi:include href="table_default-ports-primary-services.xml"/>
<para>To function properly, some OpenStack components depend on
other, non-OpenStack services. For example, the OpenStack
dashboard uses HTTP for non-secure communication. In this
case, you must configure the firewall to allow traffic to and
from HTTP.</para>
<para>This table lists the ports that other OpenStack components
use:</para>
<xi:include href="table_default-ports-peripheral-services.xml"/>
</appendix>

33
doc/config-reference/bk-config-ref.xml
View File

@ -46,7 +46,8 @@
<listitem>
<para>Removes content addressed in
installation, merges duplicated
content, and revises legacy references.</para>
content, and revises legacy
references.</para>
</listitem>
</itemizedlist>
</revdescription>
@ -66,9 +67,11 @@
<revdescription>
<itemizedlist>
<listitem>
<para>Moves Block Storage driver configuration information
from the <citetitle>Block Storage Administration Guide</citetitle>
to this reference.</para>
<para>Moves Block Storage driver
configuration information from the
<citetitle>Block Storage
Administration Guide</citetitle> to
this reference.</para>
</listitem>
</itemizedlist>
</revdescription>
@ -78,7 +81,8 @@
<revdescription>
<itemizedlist>
<listitem>
<para>Initial creation of Configuration Reference.</para>
<para>Initial creation of Configuration
Reference.</para>
</listitem>
</itemizedlist>
</revdescription>
@ -86,21 +90,22 @@
</revhistory>
</info>
<xi:include href="ch_config-overview.xml"/>
<!-- Identity -->
<!-- Identity -->
<xi:include href="ch_identityconfigure.xml"/>
<!-- Compute -->
<!-- Compute -->
<xi:include href="ch_computeconfigure.xml"/>
<!-- Image -->
<!-- Image -->
<xi:include href="ch_imageservice.xml"/>
<!-- Networking -->
<!-- Networking -->
<xi:include href="ch_networkingconfigure.xml"/>
<!-- Dashboard -->
<!-- Dashboard -->
<xi:include href="ch_dashboardconfigure.xml"/>
<!-- Object Storage -->
<!-- Object Storage -->
<xi:include href="ch_objectstorageconfigure.xml"/>
<!-- Block Storage -->
<!-- Block Storage -->
<xi:include href="ch_blockstorageconfigure.xml"/>
<!-- Support -->
<!-- Appendices -->
<xi:include href="app_firewalls-ports.xml"/>
<!-- Support -->
<xi:include href="../common/app_support.xml"/>
</book>

61
doc/config-reference/table_default-ports-peripheral-services.xml Normal file
View File

@ -0,0 +1,61 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- This table was not automatically generated in any way.
You can edit it as needed. -->
<para xmlns="http://docbook.org/ns/docbook" version="5.0">
<table rules="all">
<caption>Default ports that secondary services related to
OpenStack components use</caption>
<col width="25%"/>
<col width="25%"/>
<col width="50%"/>
<thead>
<tr>
<th>Service</th>
<th>Default port</th>
<th>Used by</th>
</tr>
</thead>
<tbody>
<tr>
<td>HTTP</td>
<td>80</td>
<td>OpenStack dashboard (<literal>Horizon</literal>)
when it is not configured to use secure
access.</td>
</tr>
<tr>
<td>HTTP alternate</td>
<td>8080</td>
<td>OpenStack Object Storage
(<literal>swift</literal>) service.</td>
</tr>
<tr>
<td>HTTPS</td>
<td>443</td>
<td>Any OpenStack service that is enabled for SSL,
especially secure-access dashboard.</td>
</tr>
<tr>
<td>rsync</td>
<td>873</td>
<td>OpenStack Object Storage. Required.</td>
</tr>
<tr>
<td>iSCSI target</td>
<td>3260</td>
<td>OpenStack Block Storage. Required.</td>
</tr>
<tr>
<td>MySQL database service</td>
<td>3306</td>
<td>Most OpenStack components.</td>
</tr>
<tr>
<td>Message Broker (AMQP traffic)</td>
<td>5672</td>
<td>OpenStack Block Storage, Networking,
Orchestration, and Compute.</td>
</tr>
</tbody>
</table>
</para>

112
doc/config-reference/table_default-ports-primary-services.xml Normal file
View File

@ -0,0 +1,112 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- This table was not automatically generated in any way.
You can edit it as needed. -->
<para xmlns="http://docbook.org/ns/docbook" version="5.0">
<table rules="all">
<caption>Default ports that OpenStack components use</caption>
<col width="50%"/>
<col width="25%"/>
<col width="25%"/>
<thead>
<tr>
<th>OpenStack service</th>
<th>Default ports</th>
<th>Port type</th>
</tr>
</thead>
<tbody>
<tr>
<td>Block Storage (<literal>cinder</literal>)</td>
<td>8776</td>
<td>publicurl and adminurl</td>
</tr>
<tr>
<td>Compute (<literal>nova</literal>) endpoints</td>
<td>8774</td>
<td>publicurl and adminurl</td>
</tr>
<tr>
<td>Compute API (<literal>nova-api</literal>)</td>
<td>8773, 8775</td>
<td/>
</tr>
<tr>
<td>Compute ports for access to virtual machine
consoles</td>
<td>5900-5999</td>
<td/>
</tr>
<tr>
<td>Compute VNC proxy for browsers (
<systemitem>openstack-nova-novncproxy</systemitem>)</td>
<td>6080</td>
</tr>
<tr>
<td>Compute VNC proxy for traditional VNC clients
(<systemitem>openstack-nova-xvpvncproxy</systemitem>)</td>
<td>6081</td>
<td/>
</tr>
<tr>
<td>Proxy port for HTML5 console used by Compute
service</td>
<td>6082</td>
<td/>
</tr>
<tr>
<td>Identity Service (<literal>keystone</literal>)
administrative endpoint</td>
<td>35357</td>
<td>adminurl</td>
</tr>
<tr>
<td>Identity Service public endpoint</td>
<td>5000</td>
<td>publicurl</td>
</tr>
<tr>
<td>Image Service (<literal>glance</literal>) API</td>
<td>9292</td>
<td>publicurl and adminurl</td>
</tr>
<tr>
<td>Image Service registry</td>
<td>9191</td>
<td/>
</tr>
<tr>
<td>Networking (<literal>neutron</literal>)</td>
<td>9696</td>
<td>publicurl and adminurl</td>
</tr>
<tr>
<td>Object Storage (<literal>swift</literal>)</td>
<td>6000, 6001, 6002</td>
<td/>
</tr>
<tr>
<td>Orchestration (<literal>heat</literal>)
endpoint</td>
<td>8004</td>
<td>publicurl and adminurl</td>
</tr>
<tr>
<td>Orchestration AWS CloudFormation-compatible API
(<literal>openstack-heat-api-cfn</literal>)</td>
<td>8000</td>
<td/>
</tr>
<tr>
<td>Orchestration AWS CloudWatch-compatible API
(<literal>openstack-heat-api-cloudwatch</literal>)</td>
<td>8003</td>
<td/>
</tr>
<tr>
<td>Telemetry (<literal>ceilometer</literal>)</td>
<td>8777</td>
<td>publicurl and adminurl</td>
</tr>
</tbody>
</table>
</para>