Port requirements
If you are using a firewall, you must open all ports that are listed in the following table to ensure that Bare Metal Orchestrator functions correctly. The following table lists the ports that Bare Metal Orchestrator uses for on-premises deployments:
Port | Required on | Description |
22 | GC and remote sites | Used for SSH access to run Ansible playbooks. |
67 | GC and remote sites | Used when DHCP is configured. Optionally open on the remote site and the Global Controller. This port should be open if PXE or auto-discovery is used. |
69 | GC and remote sites | Used by the TFTP server. This port should be open and available at all times for the TFTP server. |
80 (TCP) | GC and remote sites | Used for HTTP traffic. |
TCP/81 (HTTP) | GC site | Used for downloading ESXi driver into the endpoint. |
123 | Remote site | Used for NTP synchronization. |
441 | GC site | Used by the global web server to store operating systems and firmware images. |
442 | GC site | Used by the internal web server. |
TCP/442 (HTTPS) | GC site | Used for downloading firmware and ESXi images. |
443 (TCP) | GC and remote sites | Used for HTTPS traffic. |
443 (HTTPS) and 80 (HTTP) | GC site | Used by the web user interface. |
2375 (TCP) | GC and remote sites | Used by the docker container repository. |
2379 (TCP) | GC site | Used by the ETCD client for data access and management. |
2380 (TCP) | GC site | Used by the ETCD peer for data access and management. |
5047 | GC site | Used by localregistry.io as a docker container repository. |
5113 (TCP) | GC and remote sites | Used for traffic to overcloudregistry.io. |
6443 (TCP) | GC site | Used for communicating with remote sites and the application programming interface (API). |
8081 | GC site | Used for setting up remote sites. |
8472 (UDP) | GC and remote sites | Used for Flannel VXLAN. |
9345 (TCP) | GC site | Used for API communications. |
10250 | GC and remote sites | Used by the kubelet node agent to register the node and manage containers. |
30000 - 32767 (TCP) | GC and remote sites | NodePort port range. |
30500 | GC site | Used by the global S3 to store the backups. |