Ports Used by Cloudera Runtime Components

Cloudera Runtime components use a number of ports for associated services.

All ports listed are TCP.

In the following tables, Internal means that the port is used only for communication among the components; External means that the port can be used for either internal or external communication.

Table 1. External Ports
Component Service Port Configuration Comment
Apache Atlas Non-SSL 31000 atlas.server.http.port
SSL 31443 atlas.server.https.port This port is used only when Atlas is in SSL mode.
Apache Hadoop HDFS DataNode 9866

dfs.datanode.address

DataNode server address and port for data transfer
9864 dfs.datanode.http.address DataNode HTTP server port
9865 dfs.datanode.https.address DataNode HTTPS server port
9867 dfs.datanode.ipc.address DataNode IPC server port
NameNode 8020

fs.default.name or fs.defaultFS

fs.default.nameis deprecated (but still works)

8022

dfs.namenode.servicerpc-address

Optional port used by HDFS daemons to avoid sharing the RPC port used by clients (8020). Cloudera recommends using port 8022.

9870

dfs.http.address or dfs.namenode.http-address

dfs.http.addressis deprecated (but still works)

9871

dfs.https.address or dfs.namenode.https-address

dfs.https.addressis deprecated (but still works)

NFS gateway 2049

nfs port (nfs3.server.port

4242

mountd port (nfs3.mountd.port

111

portmapperorrpcbindport

50079 nfs.http.port The NFS gateway daemon uses this port to serve metrics. The port is configurable on versions 5.10 and higher.
50579 nfs.https.port The NFS gateway daemon uses this port to serve metrics. The port is configurable on versions 5.10 and higher.
HttpFS 14000 HttpFS server port
14001 HttpFS admin port
Apache Hadoop YARN (MRv2) ResourceManager 8032 yarn. resourcemanager. address
8033 yarn. resourcemanager. admin.address
8088 yarn. resourcemanager. webapp.address
8090 yarn. resourcemanager. webapp.https.address
NodeManager 8042 yarn. nodemanager. webapp.address
8044 yarn. nodemanager. webapp.https.address
JobHistory Server 19888 mapreduce. jobhistory. webapp.address
19890 mapreduce. jobhistory. webapp.https.address

ApplicationMaster

The ApplicationMaster serves an HTTP service using an ephemeral port that cannot be restricted. This port is never accessed directly from outside the cluster by clients. All requests to the ApplicationMaster web server is routed using the YARN ResourceManager (proxy service). Locking down access to ephemeral port ranges within the cluster's network might restrict your access to the ApplicationMaster UI and its logs, along with the ability to look at running applications.

Apache Flume

Flume Agent

41414
Apache Hadoop KMS Key Management Server 16000

kms_http_port

Applies to both Java KeyStore KMS and Key Trustee KMS.

Apache HBase Master 16000 hbase.master. port

IPC

16010 hbase.master. info.port

HTTP

RegionServer 16020 hbase. regionserver. port

IPC

16030 hbase. regionserver. info.port

HTTP

REST

20550 hbase.rest.port

The default REST port in HBase is 8080. Because this is a commonly used port, Cloudera Manager sets the default to 20550 instead.

REST UI

8085
Thrift Server 9090

Pass -p <port> on CLI

Thrift Server 9095
9090

Pass --port <port> on CLI

Lily HBase Indexer 11060
Apache Hive Metastore 9083
HiveServer2 10000

hive. server2. thrift.port

The Beeline command interpreter requires that you specify this port on the command line.

If you use Oracle database, you must manually reserve this port.

HiveServer2 Web User Interface (UI) 10002

hive. server2. webui.port in hive-site.xml

Hue Server 8888
Load Balancer 8889
Apache Impala Impala Daemon 21000 Used to transmit commands and receive results by impala-shell and version 1.2 of the Cloudera ODBC driver.
21050 Used to transmit commands and receive results by applications, such as Business Intelligence tools, using JDBC, the Beeswax query editor in Hue, and version 2.0 or higher of the Cloudera ODBC driver.
25000 Impala web interface for administrators to monitor and troubleshoot.
StateStore Daemon 25010 StateStore web interface for administrators to monitor and troubleshoot.
Catalog Daemon 25020 Catalog service web interface for administrators to monitor and troubleshoot.
Apache Kafka Kafka Broker 9092 port The primary communication port used by producers and consumers; also used for inter-broker communication.
9093 ssl_port A secured communication port used by producers and consumers; also used for inter-broker communication.
Kafka Connect 38083 rest.port Kafka Connect Rest Port
38085 secure.rest.port Kafka Connect Secure Rest Port
Apache Kudu Master 7051 Kudu Master RPC port
8051 Kudu Master HTTP server port
TabletServer 7050

Kudu TabletServer RPC port

8050

Kudu TabletServer HTTP server port

Apache Oozie Oozie Server 11000

OOZIE_HTTP_PORT in oozie-env.sh

HTTP

11443

HTTPS

Apache Ranger Non-SSL 6080 ranger.service.http.port
SSL 6182 ranger.service.https.port This port is used only when Ranger is in SSL mode.
Admin Unix Auth Service Port 5151 ranger.unixauth.service.port
Apache Solr Solr Server 8983 HTTP port for all Solr-specific actions, update/query.
Solr Server 8985 HTTPS port for all Solr-specific actions, update/query.
Apache Spark

Shuffle service

7377 spark.shuffle.service.port

History Server

18081 spark.history.ui.port

History Server with TLS

18488 spark.ssl.historyServer.port
Apache Sqoop

Metastore

16000 sqoop. metastore. server.port
Apache ZooKeeper

Server (with CDH or Cloudera Manager)

2181

clientPort

Client port

Cruise Control Cruise Control Server 8899 webserver.http.port This is the main port that enables access to the Cruise Control Server
Livy Livy Server Web UI 8998 livy.server.port
Livy Thrift Server 10090 livy.server.thrift.port
Schema Registry Schema Registry Server 7788 schema.registry.port REST endpoint for Schema Registry.
7789 schema.registry.adminPort Page for monitoring the Schema Registry service to determine for example the health state and CPU usage.
7790 schema.registry.ssl.port When SSL is enabled, REST endpoint for Schema Registry.
7791 schema.registry.ssl.adminPort When SSL is enabled, the page for monitoring the Schema Registry service to determine for example the health state and CPU usage.
Streams Messaging Manager Streams Messaging Manager Rest Admin Server 8585 streams.messaging.manager.port Streams Messaging Manager Port
8587 streams.messaging.manager.ssl.port Streams Messaging Manager Port (SSL)
8586 streams.messaging.manager.adminPort Streams Messaging Manager Admin Port
8588 streams.messaging.manager.ssl.adminPort Streams Messaging Manager Admin Port (SSL)
Streams Messaging Manager UI Server 9991 streams.messaging.manager.ui.port The port on which server accepts connections. This port is used for both secured and unsecured connections.
Streams Replication Manager SRM Service 6670 streams.replication.manager.service.port SRM Service port.
6671 streams.replication.manager.service.ssl.port SRM Service port. when SSL is enabled.
Table 2. Internal Ports
Component Service Port Configuration Comment
Apache Hadoop HDFS Secondary NameNode 9868 dfs.secondary.http.address or dfs.namenode. secondary. http-address

dfs.secondary.http.addressis deprecated (but still works)

9869 dfs.secondary.https.address
JournalNode 8485 dfs.namenode. shared.edits.dir
8480

dfs.journalnode. http-address

8481

dfs.journalnode. https-address

Failover Controller

8019

Used for NameNode HA

Apache Hadoop YARN (MRv2) ResourceManager 8030
yarn.resourcemanager.scheduler.address
8031 yarn. resourcemanager. resource-tracker. address
NodeManager 8040 yarn. nodemanager. localizer. address
8041 yarn. nodemanager. address
JobHistory Server 10020 mapreduce. jobhistory. address
10033 mapreduce. jobhistory.admin. address

Shuffle HTTP

13562 mapreduce.shuffle.port
Queue Manager 8082 queuemanager_webapp_port
Config Store/Service 8080 Set this configuration in the config.yml file for the service. Reconfiguring this in a production environment is not recommended.
Queue Manager Config-Service 8081 adminConnectorsPort Set this configuration in the config.yml file for the service.
Apache Hadoop KMS Key Management Server 16001

kms_admin_port

Applies to both Java KeyStore KMS and Key Trustee KMS.

Apache HBase HQuorumPeer 2181 hbase. zookeeper. property. clientPort

HBase-managed ZooKeeper mode

2888 hbase. zookeeper. peerport

HBase-managed ZooKeeper mode

3888 hbase. zookeeper. leaderport

HBase-managed ZooKeeper mode

Apache Impala Impala Daemon 22000 Internal use only. Impala daemons use this port to communicate with each other.
23000 Internal use only. Impala daemons listen on this port for updates from the statestore daemon.
StateStore Daemon 24000 Internal use only. The statestore daemon listens on this port for registration/unregistration requests.
Catalog Daemon 23020 Internal use only. The catalog daemon listens on this port for updates from the statestore daemon.
26000 Internal use only. The catalog service uses this port to communicate with the Impala daemons.
Apache Kafka Kafka Broker 9092 port The primary communication port used by producers and consumers; also used for inter-broker communication.
9093 ssl_port A secured communication port used by producers and consumers; also used for inter-broker communication.
9393 jmx_port Internal use only. Used for administration via JMX.
9394 kafka.http.metrics.port Internal use only. This is the port via which the HTTP metric reporter listens. It is used to retrieve metrics through HTTP instead of JMX.
Kafka Connect 38084 metrics.jetty.server.port Metrics Jetty Server Port
Kafka MirrorMaker 24042 jmx_port Internal use only. Used to administer the producer and consumer of the MirrorMaker.
Apache Solr Solr Server 8993 Infra-Solr HTTP port
Solr Server 8995 Infra-Solr HTTPS port
Apache ZooKeeper

Server (with CDH only)

2888 X in server.N =host:X:Y Peer

Server (with CDH only)

3888 X in server.N =host:X:Y Peer

Server (with CDH and Cloudera Manager)

3181 X in server.N =host:X:Y Peer

Server (with CDH and Cloudera Manager)

4181 X in server.N =host:X:Y Peer
ZooKeeper JMX port 9010 ZooKeeper will also use another randomly selected port for RMI. To allow Cloudera Manager to monitor ZooKeeper, you must do one of the following:
  • Open up all ports when the connection originates from the Cloudera Manager Server
  • Do the following:
    1. Open a non-ephemeral port (such as 9011) in the firewall.
    2. Install Oracle Java 7u4 JDK or higher.
    3. Add the port configuration to the advanced configuration snippet, for example: -Dcom.sun.management. jmxremote.rmi.port=9011
    4. Restart ZooKeeper.
Apache Zeppelin Zeppelin Server 8885 zeppelin.server.port
Zeppelin Server (SSL) 8886 zeppelin.server.ssl.port
Streams Messaging Manager Streams Messaging Manager Rest Admin Server 6670 streams.replication.manager.port Streams Replication Manager rest port
6671 streams.replication.manager.port Streams Replication Manager rest port on SSL
7180 cm.metrics.port Cloudera Manager's HTTP port.
7183 cm.metrics.port Cloudera Manager's HTTPS port
9997 cm.metrics.service.monitor.port Cloudera Manager Service Monitor port
38083 kafka.connect.port Kafka Connect port
3306 streams.messaging.manager.storage.connector.port Streams Messaging Manager database port