Network
Network Interface
The Cloudify Manager requires at least 2 network interfaces with configured IP addresses:
- Private - This interface is dedicated to communication with other Cloudify components, including agents and cluster members.
- Public - This interface is dedicated to connections to the Cloudify Manager via the Cloudify CLI and Cloudify Management Console.
Connectivity requirements These are the minimal requirements for production systems.
- Internal communication - between Cloudify management cluster entities - at least 1 gbps connection with a latency of 1msec or less.
- Cloudify Agent to manager communication - at least 100 mbps connection with a latency of 50ms or less.
Network Ports The Cloudify Manager listens on the following ports:
| PORT | DESCRIPTION |
|---|---|
| 80 | REST API and UI. This port must be accessible when SSL is not enabled. |
| 443 | REST API and UI. This port must be accessible when SSL is enabled. |
| 22 | For remote access to the manager from the Cloudify CLI. (Optional) |
| 5671 | RabbitMQ. This port must be accessible from agent VMs. |
| 8009 | Monitoring service port. |
| 53333 | Internal REST communications. This port must be accessible from agent VMs. |
Additionally, when Cloudify is deployed in a cluster topology, the following ports should be allowed:
Database nodes access to each other:
| PORT | DESCRIPTION |
|---|---|
| 2379 | Etcd client-server for Patroni cluster state. |
| 2380 | Etcd server-server for Patroni cluster state. |
| 5432 | PostgreSQL replication. |
| 8008 | Patroni API for retrieving cluster state. |
Manager access to database servers:
| PORT | DESCRIPTION |
|---|---|
| 5432 | Database access. |
| 8008 | Patroni, for determining DB node state. |
| 8009 | Monitoring service port. |
Messaging queue (RabbitMQ) nodes access to each other:
| PORT | DESCRIPTION |
|---|---|
| 4369 | EPMD for discovery operations. |
| 25671 | Server-server rabbit communication. |
Manager access to messaging queue servers:
| PORT | DESCRIPTION |
|---|---|
| 4369 | EPMD for discovery operations. |
| 5671 | Brokers access. |
| 15671 | Accessing the management plugin for user management. |
| 8009 | Monitoring service port. |
Manager to manager access:
| PORT | DESCRIPTION |
|---|---|
| 22000 | Syncthing for file replication. |
| 8009 | Monitoring service port. |
All ports are TCP unless otherwise noted.
Reverse DNS lookup
Reverse DNS lookup must be available for the RabbitMQ nodes.