Ports Used by Cloudera Runtime Components

Cloudera Runtime components use a number of ports for associated services.

All ports listed are TCP.

In the following tables, Internal means that the port is used only for communication among the components; External means that the port can be used for either internal or external communication.

Table 1. External Ports
Component	Service	Port	Configuration	Comment
Apache Atlas	Non-SSL	31000	`atlas.server.http.port`
Apache Atlas	SSL	31443	`atlas.server.https.port`	This port is used only when Atlas is in SSL mode.
Apache Hadoop HDFS	DataNode	9866	`dfs.datanode.address`	DataNode server address and port for data transfer
		9864	`dfs.datanode.http.address`	DataNode HTTP server port
		9865	`dfs.datanode.https.address`	DataNode HTTPS server port
		9867	`dfs.datanode.ipc.address`	DataNode IPC server port
	NameNode	8020	`fs.default.name` or `fs.defaultFS`	`fs.default.name`is deprecated (but still works)
		8022	`dfs.namenode.servicerpc-address`	Optional port used by HDFS daemons to avoid sharing the RPC port used by clients (8020). Cloudera recommends using port 8022.
		9870	`dfs.http.address` or `dfs.namenode.http-address`	`dfs.http.address`is deprecated (but still works)
		9871	`dfs.https.address` or `dfs.namenode.https-address`	`dfs.https.address`is deprecated (but still works)
	NFS gateway	2049		`nfs` port (`nfs3.server.port`)
		4242		`mountd` port (`nfs3.mountd.port`)
		111		`portmapper`or`rpcbind`port
		50079	`nfs.http.port`	The NFS gateway daemon uses this port to serve metrics. The port is configurable on versions 5.10 and higher.
		50579	`nfs.https.port`	The NFS gateway daemon uses this port to serve metrics. The port is configurable on versions 5.10 and higher.
	HttpFS	14000		HttpFS server port
	HttpFS	14001		HttpFS admin port
Apache Hadoop YARN (MRv2)	ResourceManager	8032	`yarn. resourcemanager. address`
		8033	`yarn. resourcemanager. admin.address`
		8088	`yarn. resourcemanager. webapp.address`
		8090	`yarn. resourcemanager. webapp.https.address`
	NodeManager	8042	`yarn. nodemanager. webapp.address`
	NodeManager	8044	`yarn. nodemanager. webapp.https.address`
	JobHistory Server	19888	`mapreduce. jobhistory. webapp.address`
	JobHistory Server	19890	`mapreduce. jobhistory. webapp.https.address`
	ApplicationMaster			The ApplicationMaster serves an HTTP service using an ephemeral port that cannot be restricted. This port is never accessed directly from outside the cluster by clients. All requests to the ApplicationMaster web server is routed using the YARN ResourceManager (proxy service). Locking down access to ephemeral port ranges within the cluster's network might restrict your access to the ApplicationMaster UI and its logs, along with the ability to look at running applications.
Apache Flume	Flume Agent	41414
Apache Hadoop KMS	Key Management Server	16000	`kms_http_port`	Applies to both Java KeyStore KMS and Key Trustee KMS.
Apache HBase	Master	16000	`hbase.master. port`	IPC
	Master	16010	`hbase.master. info.port`	HTTP
	RegionServer	16020	`hbase. regionserver. port`	IPC
	RegionServer	16030	`hbase. regionserver. info.port`	HTTP
	REST	20550	`hbase.rest.port`	The default REST port in HBase is 8080. Because this is a commonly used port, Cloudera Manager sets the default to 20550 instead.
	REST UI	8085
	Thrift Server	9090	Pass `-p <port>` on CLI
	Thrift Server	9095
		9090	Pass `--port <port>` on CLI
	Lily HBase Indexer	11060
Apache Hive	Metastore	9083
	HiveServer2	10000	`hive. server2. thrift.port`	The Beeline command interpreter requires that you specify this port on the command line. If you use Oracle database, you must manually reserve this port.
	HiveServer2 Web User Interface (UI)	10002	`hive. server2. webui.port` in `hive-site.xml`

Hue	Server	8888
Hue	Load Balancer	8889
Apache Impala	Impala Daemon	21000		Used to transmit commands and receive results by `impala-shell` and version 1.2 of the Cloudera ODBC driver.
		21050		Used to transmit commands and receive results by applications, such as Business Intelligence tools, using JDBC, the Beeswax query editor in Hue, and version 2.0 or higher of the Cloudera ODBC driver.
		25000		Impala web interface for administrators to monitor and troubleshoot.
	StateStore Daemon	25010		StateStore web interface for administrators to monitor and troubleshoot.
	Catalog Daemon	25020		Catalog service web interface for administrators to monitor and troubleshoot.
Apache Kafka	Kafka Broker	9092	port	The primary communication port used by producers and consumers; also used for inter-broker communication.
	Kafka Broker	9093	ssl_port	A secured communication port used by producers and consumers; also used for inter-broker communication.
	Kafka Connect	38083	rest.port	Kafka Connect Rest Port
	Kafka Connect	38085	secure.rest.port	Kafka Connect Secure Rest Port
Apache Kudu	Master	7051		Kudu Master RPC port
	Master	8051		Kudu Master HTTP server port
	TabletServer	7050		Kudu TabletServer RPC port
	TabletServer	8050		Kudu TabletServer HTTP server port
Apache Oozie	Oozie Server	11000	`OOZIE_HTTP_PORT` in `oozie-env.sh`	HTTP
Apache Oozie	Oozie Server	11443		HTTPS
Apache Ranger	Non-SSL	6080	`ranger.service.http.port`
	SSL	6182	`ranger.service.https.port`	This port is used only when Ranger is in SSL mode.
	Admin Unix Auth Service Port	5151	`ranger.unixauth.service.port`
Apache Solr	Solr Server	8983		HTTP port for all Solr-specific actions, update/query.
Apache Solr	Solr Server	8985		HTTPS port for all Solr-specific actions, update/query.
Apache Spark	Shuffle service	7377	`spark.shuffle.service.port`
	History Server	18081	`spark.history.ui.port`
	History Server with TLS	18488	`spark.ssl.historyServer.port`
Apache Sqoop	Metastore	16000	`sqoop. metastore. server.port`
Apache ZooKeeper	Server (with CDH or Cloudera Manager)	2181	clientPort	Client port
Cruise Control	Cruise Control Server	8899	webserver.http.port	This is the main port that enables access to the Cruise Control Server
Livy	Livy Server Web UI	8998	`livy.server.port`
Livy	Livy Thrift Server	10090	`livy.server.thrift.port`
Schema Registry	Schema Registry Server	7788	schema.registry.port	REST endpoint for Schema Registry.
		7789	schema.registry.adminPort	Page for monitoring the Schema Registry service to determine for example the health state and CPU usage.
		7790	schema.registry.ssl.port	When SSL is enabled, REST endpoint for Schema Registry.
		7791	schema.registry.ssl.adminPort	When SSL is enabled, the page for monitoring the Schema Registry service to determine for example the health state and CPU usage.
Streams Messaging Manager	Streams Messaging Manager Rest Admin Server	8585	streams.messaging.manager.port	Streams Messaging Manager Port
		8587	streams.messaging.manager.ssl.port	Streams Messaging Manager Port (SSL)
		8586	streams.messaging.manager.adminPort	Streams Messaging Manager Admin Port
		8588	streams.messaging.manager.ssl.adminPort	Streams Messaging Manager Admin Port (SSL)
	Streams Messaging Manager UI Server	9991	streams.messaging.manager.ui.port	The port on which server accepts connections. This port is used for both secured and unsecured connections.
Streams Replication Manager	SRM Service	6670	streams.replication.manager.service.port	SRM Service port.
Streams Replication Manager	SRM Service	6671	streams.replication.manager.service.ssl.port	SRM Service port. when SSL is enabled.

Table 2. Internal Ports
Component	Service	Port	Configuration	Comment
Apache Hadoop HDFS	Secondary NameNode	9868	`dfs.secondary.http.address` or `dfs.namenode. secondary. http-address`	`dfs.secondary.http.address`is deprecated (but still works)
	Secondary NameNode	9869	`dfs.secondary.https.address`
	JournalNode	8485	`dfs.namenode. shared.edits.dir`
		8480	`dfs.journalnode. http-address`
		8481	`dfs.journalnode. https-address`
	Failover Controller	8019		Used for NameNode HA
Apache Hadoop YARN (MRv2)	ResourceManager	8030	`yarn.resourcemanager.scheduler.address`
	ResourceManager	8031	`yarn. resourcemanager. resource-tracker. address`
	NodeManager	8040	`yarn. nodemanager. localizer. address`
	NodeManager	8041	`yarn. nodemanager. address`
	JobHistory Server	10020	`mapreduce. jobhistory. address`
	JobHistory Server	10033	`mapreduce. jobhistory.admin. address`
	Shuffle HTTP	13562	`mapreduce.shuffle.port`
	Queue Manager	8082	queuemanager_webapp_port
	Config Store/Service	8080	Set this configuration in the config.yml file for the service.	Reconfiguring this in a production environment is not recommended.
	Queue Manager Config-Service	8081	adminConnectorsPort	Set this configuration in the config.yml file for the service.
Apache Hadoop KMS	Key Management Server	16001	`kms_admin_port`	Applies to both Java KeyStore KMS and Key Trustee KMS.
Apache HBase	HQuorumPeer	2181	`hbase. zookeeper. property. clientPort`	HBase-managed ZooKeeper mode
		2888	`hbase. zookeeper. peerport`	HBase-managed ZooKeeper mode
		3888	`hbase. zookeeper. leaderport`	HBase-managed ZooKeeper mode
Apache Impala	Impala Daemon	22000		Internal use only. Impala daemons use this port to communicate with each other.
	Impala Daemon	23000		Internal use only. Impala daemons listen on this port for updates from the statestore daemon.
	StateStore Daemon	24000		Internal use only. The statestore daemon listens on this port for registration/unregistration requests.
	Catalog Daemon	23020		Internal use only. The catalog daemon listens on this port for updates from the statestore daemon.
	Catalog Daemon	26000		Internal use only. The catalog service uses this port to communicate with the Impala daemons.
Apache Kafka	Kafka Broker	9092	port	The primary communication port used by producers and consumers; also used for inter-broker communication.
		9093	ssl_port	A secured communication port used by producers and consumers; also used for inter-broker communication.
		9393	jmx_port	Internal use only. Used for administration via JMX.
		9394	kafka.http.metrics.port	Internal use only. This is the port via which the HTTP metric reporter listens. It is used to retrieve metrics through HTTP instead of JMX.
	Kafka Connect	38084	metrics.jetty.server.port	Metrics Jetty Server Port
	Kafka MirrorMaker	24042	jmx_port	Internal use only. Used to administer the producer and consumer of the MirrorMaker.
Apache Solr	Solr Server	8993		Infra-Solr HTTP port
Apache Solr	Solr Server	8995		Infra-Solr HTTPS port
Apache ZooKeeper	Server (with CDH only)	2888	`X in server.N =host:X:Y`	Peer
	Server (with CDH only)	3888	`X in server.N =host:X:Y`	Peer
	Server (with CDH and Cloudera Manager)	3181	`X in server.N =host:X:Y`	Peer
	Server (with CDH and Cloudera Manager)	4181	`X in server.N =host:X:Y`	Peer
	ZooKeeper JMX port	9010		ZooKeeper will also use another randomly selected port for RMI. To allow Cloudera Manager to monitor ZooKeeper, you must do one of the following: Open up all ports when the connection originates from the Cloudera Manager Server Do the following: Open a non-ephemeral port (such as 9011) in the firewall. Install Oracle Java 7u4 JDK or higher. Add the port configuration to the advanced configuration snippet, for example: `-Dcom.sun.management. jmxremote.rmi.port=9011` Restart ZooKeeper.
Apache Zeppelin	Zeppelin Server	8885	zeppelin.server.port
Apache Zeppelin	Zeppelin Server (SSL)	8886	zeppelin.server.ssl.port
Streams Messaging Manager	Streams Messaging Manager Rest Admin Server	6670	streams.replication.manager.port	Streams Replication Manager rest port
		6671	streams.replication.manager.port	Streams Replication Manager rest port on SSL
		7180	cm.metrics.port	Cloudera Manager's HTTP port.
		7183	cm.metrics.port	Cloudera Manager's HTTPS port
		9997	cm.metrics.service.monitor.port	Cloudera Manager Service Monitor port
		38083	kafka.connect.port	Kafka Connect port
		3306	streams.messaging.manager.storage.connector.port	Streams Messaging Manager database port