Ports Used by Cloudera Runtime Components

Cloudera Runtime components use a number of ports for associated services.

All ports listed are TCP.

In the following tables, Internal means that the port is used only for communication among the components; External means that the port can be used for either internal or external communication.


    dfs.datanode.http.address


    dfs.datanode.https.address


    dfs.datanode.ipc.address

fs.default.name is deprecated (but still works)

dfs.http.address is deprecated (but still works)

dfs.https.address is deprecated (but still works)

nfs port ( nfs3.server.port )

mountd port ( nfs3.mountd.port )


    nfs.https.port


    yarn.resourcemanager.address

Flume Agent

OOZIE_HTTP_PORT in oozie-env.sh

Shuffle service

History Server

History Server with TLS


    spark.ssl.historyServer.port

Metastore


    sqoop.metastore.server.port

Table 1. External Ports
Component	Service	Configuration	Comment	Apache Atlas	Non-SSL	31000	`atlas.server.http.port`	31443	`atlas.server.https.port`	This port is used only when Atlas is in SSL mode.	Apache Hadoop HDFS	DataNode	`dfs.datanode.address`	DataNode server address and port for data transfer.	DataNode HTTP server port.	DataNode HTTPS server port.	DataNode IPC server port.	NameNode	`fs.default.name` or `fs.defaultFS`	`dfs.namenode.servicerpc-address` Optional port used by HDFS daemons to avoid sharing the RPC port used by clients (8020). Cloudera recommends using port 8022.	`dfs.http.address` or `dfs.namenode.http-address`	`dfs.https.address` or `dfs.namenode.https-address`	NFS gateway	The NFS gateway daemon uses this port to serve metrics. The port is configurable on versions 5.10 and higher.	50579	The NFS gateway daemon uses this port to serve metrics. The port is configurable on versions 5.10 and higher.	HttpFS	14000	HttpFS server port	14001	HttpFS admin port	Apache Hadoop YARN (MRv2)	ResourceManager	The ApplicationMaster serves an HTTP service using an ephemeral port that cannot be restricted. This port is never accessed directly from outside the cluster by clients. All requests to the ApplicationMaster web server is routed using the YARN ResourceManager (proxy service). Locking down access to ephemeral port ranges within the cluster's network might restrict your access to the ApplicationMaster UI and its logs, along with the ability to look at running applications.	Apache Flume	41414	Used to transmit commands and receive results by `impala-shell` and version 1.2 of the Cloudera ODBC driver.	21050	Used to transmit commands and receive results by applications, such as Business Intelligence tools, using JDBC, the Beeswax query editor in Hue, and version 2.0 or higher of the Cloudera ODBC driver.	25000	Impala web interface for administrators to monitor and troubleshoot.	28000	Used to transmit commands and receive results by client applications over HTTP through the HiveServer2 protocol.	StateStore Daemon	25010	StateStore web interface for administrators to monitor and troubleshoot.	Catalog Daemon	25020	Catalog service web interface for administrators to monitor and troubleshoot.	Apache Kafka	Kafka Broker	The primary communication port used by producers and consumers; also used for inter-broker communication.	`ssl_port`	A secured communication port used by producers and consumers; also used for inter-broker communication.	Kafka Connect	28083	`rest.port`	Kafka Connect Rest Port.	28085	`secure.rest.port`	Kafka Connect Secure Rest Port	28084	`metrics.jetty.server.port`	Jetty Metrics Port	28087	`metrics.jetty.server.secureport`	Secure Jetty Metrics Port	Apache Knox	Knox Gateway	`gateway.port`	The HTTPS port for the Gateway	Knox Gateway (HTTPS)	`idbroker_gateway_port`	Apache Kudu	Master	Kudu Master RPC port.	Kudu Master HTTP server port.	TabletServer	Kudu TabletServer RPC port.	Kudu TabletServer HTTP server port.	Apache Oozie	Oozie Server	11000	11443	HTTPS	Apache Ozone	Ozone Manager	`ozone.om.rpc-port`	RPC endpoint for clients and applications.	`ozone.om.http-port`	HTTP port for the Ozone Manager web UI.	`ozone.om.https-port`	HTTPS port for the Ozone Manager web UI.	Storage Container Manager	`ozone.scm.http-port`	HTTP port for the SCM UI.	`ozone.scm.https-port`	HTTPS port for the SCM web UI.	DataNode	`hdds.datanode.http-address`	HTTP port for the DataNode web UI.	`hdds.datanode.https-address`	HTTPS port for the DataNode web UI.	`dfs.container.ratis.ipc`	RAFT server endpoint that is used by clients and other DataNodes to replicate RAFT transactions and write data.	`dfs.container.ipc`	Endpoint that is used by clients and other DataNodes to read block data.	S3 Gateway	`ozone.s3g.http-port`	HTTP port for the S3 API REST endpoint and web UI.	`ozone.s3g.https-port`	HTTPS port for the S3 API REST endpoint and web UI.	Recon Service	`ozone.recon.rpc-port`	Port used by DataNodes to communicate with the Recon Server.	`ozone.recon.http-port`	HTTP port for the Recon service web UI and REST	`ozone.recon.https-port`	HTTPS port for the Recon service web UI and REST	Apache Ranger	Non-SSL	`ranger.service.http.port`	`ranger.service.https.port`	This port is used only when Ranger is in SSL mode.	Admin Unix Auth Service Port	`ranger.unixauth.service.port`	Usersync HTTP Port	`ranger.usersync.http.port`	HTTP port for Ranger Usersync	Usersync HTTPS Port	`ranger.usersync.https.port`	HTTPS port for Ranger Usersync	Tagsync HTTP Port	`ranger.tagsync.http.port`	HTTP port for Ranger Tagsync	Tagsync HTTPS Port Port	`ranger.tagsync.https.port`	HTTPS port for Ranger Tagsync	Ranger KMS	Ranger KMS nodes	`ranger.service.http.port`	HTTP port for Ranger KMS.	Ranger KMS nodes	`ranger.service.https.port`	HTTPS port for Ranger KMS. Only used when SSL is enabled for Ranger KMS.	Ranger RMS	Ranger RMS nodes	`ranger.service.http.port`	HTTP port for Ranger RMS.	Ranger RMS nodes	`ranger.service.https.port`	HTTPS port for Ranger RMS. Only used when SSL is enabled for Ranger RMS.	Apache Solr	Solr Server	HTTP port for all Solr-specific actions, update/query.	Solr Server	HTTPS port for all Solr-specific actions, update/query.	Apache Spark	`spark.shuffle.service.port`	Port on which the Spark external shuffle service runs.	18088	`spark.history.ui.port`	HTTP port for the Spark History Server WebUI.	18488	HTTPS port for Spark History Server WebUI. Only used when SSL is enabled for Spark History Server.	Apache Sqoop	16000	`schema.registry.adminPort`	Page for monitoring the Schema Registry service to determine for example the health state and CPU usage.	`schema.registry.ssl.port`	When SSL is enabled, REST endpoint for Schema Registry.	`schema.registry.ssl.adminPort`	When SSL is enabled, the page for monitoring the Schema Registry service to determine for example the health state and CPU usage.	Streams Messaging Manager	Streams Messaging Manager Rest Admin Server	`streams.messaging.manager.port`	Streams Messaging Manager Port	`streams.messaging.manager.ssl.port`	Streams Messaging Manager Port (SSL)	`streams.messaging.manager.adminPort`	Streams Messaging Manager Admin Port	`streams.messaging.manager.ssl.adminPort`	Streams Messaging Manager Admin Port (SSL)	Streams Messaging Manager UI Server	`streams.messaging.manager.ui.port`	The port on which server accepts connections. This port is used for both secured and unsecured connections.	Streams Replication Manager	SRM Service	`streams.replication.manager.service.port`	SRM Service port.	`streams.replication.manager.service.ssl.port`	SRM Service port when SSL is enabled.

dfs.secondary.http.address is deprecated (but still works)


    dfs.secondary.https.address


    kms_admin_port

Applies to both Java KeyStore KMS and Key Trustee KMS.


    hbase.zookeeper.property.clientPort

HBase-managed ZooKeeper mode


    hbase.zookeeper.peerport

HBase-managed ZooKeeper mode


    hbase.zookeeper.leaderport

HBase-managed ZooKeeper mode

Server (with Cloudera Runtime only)


    X in server.N =host:X:Y

Server (with Cloudera Runtime only)


    X in server.N =host:X:Y

Server (with Cloudera Runtime and Cloudera Manager)


    X in server.N =host:X:Y

Server (with Cloudera Runtime and Cloudera Manager)


    X in server.N =host:X:Y

Table 2. Internal Ports
Component	Service	Configuration	Comment	Apache Hadoop HDFS	Secondary NameNode	`dfs.secondary.http.address` or `dfs.namenode.secondary.http-address`	Set this configuration in the config.yml file for the service.	Reconfiguring this in a production environment is not recommended.	Queue Manager Config-Service	adminConnectorsPort	Set this configuration in the config.yml file for the service.	Apache Hadoop KMS	Key Management Server	16001	Apache HBase	HQuorumPeer	Apache Impala	Impala Daemon	23000	Internal use only. Impala daemons listen on this port for updates from the statestore daemon.	27000	Internal use only. Impala daemons use this port for KRPC based communication with each other.	StateStore Daemon	24000	Internal use only. The statestore daemon listens on this port for registration/unregistration requests.	Catalog Daemon	23020	Internal use only. The catalog daemon listens on this port for updates from the statestore daemon.	26000	Internal use only. The catalog service uses this port to communicate with the Impala daemons.	Apache Kafka	Kafka Broker	The primary communication port used by producers and consumers; also used for inter-broker communication.	ssl_port	A secured communication port used by producers and consumers; also used for inter-broker communication.	jmx_port	Internal use only. Used for administration via JMX.	kafka.http.metrics.port	Internal use only. This is the port via which the HTTP metric reporter listens. It is used to retrieve metrics through HTTP instead of JMX.	Kafka MirrorMaker	24042	jmx_port	Internal use only. Used to administer the producer and consumer of the MirrorMaker.	Apache Ozone	Ozone Manager	`ozone.om.ratis-port`	RPC endpoint for Ozone Manager HA instances to form a RAFT consensus ring.	Storage Container Manager	`ozone.scm.datanode.port`	Port used by the DataNodes to communicate with the Storage Container Manager (SCM).	`ozone.scm.block.client.port`	Port used by the Ozone Manager to communicate with the SCM for block related operations.	`ozone.scm.client.port`	Port used by the Ozone Manager and other clients to communicate with the SCM for container operations.	`ozone.scm.ratis.port`	Port used by the SCM to communicate with other SCMs using Ratis.	`ozone.scm.grpc.port`	Port used by the SCM to communicate with other SCMs about the database checkpoint downloads.	Apache Phoenix	Phoenix Query Server Port	`phoenix.queryserver.http.port`	Apache Solr	Solr Server	Infra-Solr HTTP port	Solr Server	Infra-Solr HTTPS port	Apache ZooKeeper	ZooKeeper JMX port	ZooKeeper will also use another randomly selected port for RMI. To allow Cloudera Manager to monitor ZooKeeper, you must do one of the following: Open up all ports when the connection originates from the Cloudera Manager Server Do the following: Open a non-ephemeral port (such as 9011) in the firewall. Install Oracle Java 7u4 JDK or higher. Add the port configuration to the advanced configuration snippet, for example: `-Dcom.sun.management.jmxremote.rmi.port=9011` Restart ZooKeeper.