Comment 4 for bug 1261617

Hi Tom, Matt,

First-time contributor here.

Below is a list of ports that, as far as I can tell, are used by each Openstack component (by default):

443 Dashboard
5000, 35357 Identity (keystone)
5900-5999 Compute (nova) ports for access to virtual machine consoles
6080 Compute VNC proxy for browsers (openstack-nova-novncproxy service)
6081 Compute VNC proxy for traditional VNC clients (openstack-nova-xvpvncproxy service)
6082 Proxy port for HTML5 console used by Compute service
6000, 6001, 6002 Object Storage (swift)
8776 Block Storage (cinder)
9292 Image API (glance)
9696 Networking (neutron)

Next is a list of ports used by services related to or required by some OpenStack components:

80 HTTP (for when Dashboard is not configured to use secure access)
443 HTTPS (when enabling SSL for any service, particularly for secure-access Dashboard)
873 rsync (essential for Object Storage)
3260 iSCSI target (required for Block Storage)
3306 MySQL database service (default)
5666 Nagios
5672 Message Broker (AMQP traffic)

Sources: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/4/html-single/Installation_and_Configuration_Guide/index.html
https://ask.openstack.org/en/question/6433/openstack-services-and-port/

Just to confirm: on each component chapter, I'll add a short bit on what rules to add to /etc/sysconfig/iptables in order to open these ports in case they're closed via security policy. Let me know if there's anything else to add; I'll submit a patch soon.