How do I configure a firewall on a RHEL server to allow remote monitoring with Performance Co-Pilot (PCP)?

Solution Verified - Updated 5 Aug 2024

Environment

How do I configure firewall on a RHEL server to allow remote monitoring with performance Co-Pilot (PCP)?
How can I configure PCP security features, including authentication and access control

for local performance data collection, the firewall configuration does NOT need to be changed. This is the most common PCP collector deployment.
to allow monitoring of the server by remote PCP clients (including a remote pmlogger), the firewall configuration needs to be configured as follows :

firewall-cmd --permanent --zone=public --add-service=pmcd
firewall-cmd --reload

use the standard firewall configuration tools, e.g. by running setup or system-config-securitylevel.

the firewall GUI tool on each RHEL version can also be used - just open up (or re-map) the pmcd port (which is normally 44321/tcp, see /etc/services) on the desired network interfaces or zones as needed.
in a devops environment with the pmwebd(1) service enabled, you may also want to expose the pmwebd port, which is 44323/tcp by default.
there may be security implications of allowing remote access - PCP exports a lot of information about the system. Due care is required when opening the pmcd port on a public zoned interface.

PCP has authentication and access control features that can be configured if necessary, see the pcpintro(1) man page and also Content from pcp.io is not included.Authenticated Connections
these features should be used when access control is required, e.g. for remote access over a public interface.