Table of Contents
The following flows from the Nodes to the Rudder Root Server have to be allowed:
- Port 5309, TCP
- CFEngine communication port, used to communicate the policies to the rudder nodes.
- Port 80, TCP, for nodes
- HTTP communication port, used to send inventory and fetch the id of the Rudder Server.
- Port 514, TCP
- Syslog port, used to centralize reports.
Open the following flow from the clients desktop to the Rudder Root Server:
- Port 443, TCP, for users
- HTTPS communication port, used by the users to access to the web interface.
These flows are used to add features to Rudder:
- CFEngine Nova
- Managing Windows machines requires the commercial version of CFEngine, called Nova. It needs to open the port 5308 TCP from the Node to the Rudder Root Server.
Currently, Rudder relies on the Node declared hostnames to identify them. So it is required that each Node hostname can be resolved to its IP address that will be used to contact the Rudder Server. We are aware that it is far from being ideal in most cases (no DNS environment, private sub-networks, NAT, etc…), and we are currently working on an alternative solution.
If you do not have the wished name resolution, we advise that you should fill
the IP address and hostname of the /etc/hosts
Similarly, each Rudder Node must be able to resolve the Rudder Root Server hostname given in the step described in Initial configuration of your Rudder Root Server.
