Ports Used by Cloudera Runtime Components
Cloudera Runtime components use a number of ports for associated services.
All ports listed are TCP.
In the following tables, Internal means that the port is used only for communication among the components; External means that the port can be used for either internal or external communication.
Component | Service | Port | Configuration | Comment |
---|---|---|---|---|
Apache Atlas | Non-SSL | 31000 | atlas.server.http.port |
|
SSL | 31443 | atlas.server.https.port |
This port is used only when Atlas is in SSL mode. | |
Apache Hadoop HDFS | DataNode | 9866 | dfs.datanode.address
|
DataNode server address and port for data transfer. |
9864 |
dfs.datanode.http.address
|
DataNode HTTP server port. | ||
9865 |
dfs.datanode.https.address
|
DataNode HTTPS server port. | ||
9867 |
dfs.datanode.ipc.address
|
DataNode IPC server port. | ||
NameNode | 8020 | fs.default.name or
fs.defaultFS |
|
|
8022 | dfs.namenode.servicerpc-address
|
Optional port used by HDFS daemons to avoid sharing the RPC port used by clients (8020). Cloudera recommends using port 8022. |
||
9870 | dfs.http.address or
dfs.namenode.http-address |
|
||
9871 | dfs.https.address or
dfs.namenode.https-address |
|
||
NFS gateway | 2049 |
|
||
4242 |
|
|||
111 |
|
|||
50079 |
nfs.http.port
|
The NFS gateway daemon uses this port to serve metrics. The port is configurable on versions 5.10 and higher. | ||
50579 |
nfs.https.port
|
The NFS gateway daemon uses this port to serve metrics. The port is configurable on versions 5.10 and higher. | ||
HttpFS | 14000 | HttpFS server port | ||
14001 | HttpFS admin port | |||
Apache Hadoop YARN (MRv2) | ResourceManager | 8032 |
yarn.resourcemanager.address
|
|
8033 |
yarn.resourcemanager.admin.address
|
|||
8088 |
yarn.resourcemanager.webapp.address
|
|||
8090 |
yarn.resourcemanager.webapp.https.address
|
|||
NodeManager | 8042 |
yarn.nodemanager.webapp.address
|
||
8044 |
yarn.nodemanager.webapp.https.address
|
|||
JobHistory Server | 19888 |
mapreduce.jobhistory.webapp.address
|
||
19890 |
mapreduce.jobhistory.webapp.https.address
|
|||
ApplicationMaster |
The ApplicationMaster serves an HTTP service using an ephemeral port that cannot be restricted. This port is never accessed directly from outside the cluster by clients. All requests to the ApplicationMaster web server is routed using the YARN ResourceManager (proxy service). Locking down access to ephemeral port ranges within the cluster's network might restrict your access to the ApplicationMaster UI and its logs, along with the ability to look at running applications. | |||
Apache Flume |
Flume Agent |
41414 | ||
Apache Hadoop KMS | Key Management Server | 16000 |
kms_http_port
|
Applies to both Java KeyStore KMS and Key Trustee KMS. |
Apache HBase | Master | 22001 |
hbase.master.port
|
IPC |
22002 |
hbase.master.info.port
|
HTTP | ||
RegionServer | 22101 |
hbase.regionserver.port
|
IPC | |
22102 |
hbase.regionserver.info.port
|
HTTP | ||
REST |
20550 |
hbase.rest.port
|
The default REST port in HBase is 8080. Because this is a commonly used port, Cloudera Manager sets the default to 20550 instead. | |
REST UI |
8085 | |||
HBase Thrift Server | 9090 |
Pass |
||
HBase Thrift Serve Web UIr | 9095 | |||
Lily HBase Indexer | 11060 | |||
Apache Hive | Metastore | 9083 | ||
HiveServer2 | 10000 | hive.server2.thrift.port
|
The Beeline command interpreter requires that you specify this port on the command line. If you use Oracle database, you must manually reserve this port. |
|
HiveServer2 Web User Interface (UI) | 10002 |
|
||
Hue | Server | 8888 | ||
Load Balancer | 8889 | |||
Apache Impala | Impala Daemon | 21000 | Used to transmit commands and receive results by
impala-shell and version 1.2 of the Cloudera ODBC driver. |
|
21050 | Used to transmit commands and receive results by applications, such as Business Intelligence tools, using JDBC, the Beeswax query editor in Hue, and version 2.0 or higher of the Cloudera ODBC driver. | |||
25000 | Impala web interface for administrators to monitor and troubleshoot. | |||
StateStore Daemon | 25010 | StateStore web interface for administrators to monitor and troubleshoot. | ||
Catalog Daemon | 25020 | Catalog service web interface for administrators to monitor and troubleshoot. | ||
Apache Kafka | Kafka Broker | 9092 | port |
The primary communication port used by producers and consumers; also used for inter-broker communication. |
9093 | ssl_port |
A secured communication port used by producers and consumers; also used for inter-broker communication. | ||
Kafka Connect | 38083 | rest.port |
Kafka Connect Rest Port. | |
38085 | secure.rest.port |
Kafka Connect Secure Rest Port. | ||
Apache Knox | Knox Gateway | 8443 | gateway.port |
The HTTP port for the Gateway |
Knox Gateway (HTTPS) | 8444 | idbroker_gateway_port |
||
Apache Kudu | Master | 7051 | Kudu Master RPC port. | |
8051 | Kudu Master HTTP server port. | |||
TabletServer | 7050 | Kudu TabletServer RPC port. | ||
8050 | Kudu TabletServer HTTP server port. | |||
Apache Oozie | Oozie Server | 11000 |
|
HTTP |
11443 | HTTPS | |||
Apache Ozone | Ozone Manager | 9862 | ozone.om.rpc-port |
RPC endpoint for clients and applications. |
9874 | ozone.om.http-port |
HTTP port for the Ozone Manager web UI. | ||
9875 | ozone.om.https-port |
HTTPS port for the Ozone Manager web UI. | ||
Storage Container Manager | 9876 | ozone.scm.http-port |
HTTP port for the SCM UI. | |
9877 | ozone.scm.https-port |
HTTPS port for the SCM web UI. | ||
DataNode | 9882 | hdds.datanode.http-address |
HTTP port for the DataNode web UI. | |
9883 | hdds.datanode.https-address |
HTTPS port for the DataNode web UI. | ||
9858 | dfs.container.ratis.ipc |
RAFT server endpoint that is used by clients and other DataNodes to replicate RAFT transactions and write data. | ||
9859 | dfs.container.ipc |
Endpoint that is used by clients and other DataNodes to read block data. | ||
S3 Gateway | 9878 | ozone.s3g.http-port |
HTTP port for the S3 API REST endpoint and web UI. | |
9879 | ozone.s3g.https-port |
HTTPS port for the S3 API REST endpoint and web UI. | ||
Recon Service | 9891 | ozone.recon.rpc-port |
Port used by DataNodes to communicate with the Recon Server. | |
9888 | ozone.recon.http-port |
HTTP port for the Recon service web UI and REST API. | ||
9889 | ozone.recon.https-port |
HTTPS port for the Recon service web UI and REST API. | ||
Apache Ranger | Non-SSL | 6080 | ranger.service.http.port |
|
SSL | 6182 | ranger.service.https.port |
This port is used only when Ranger is in SSL mode. | |
Admin Unix Auth Service Port | 5151 | ranger.unixauth.service.port |
||
Ranger KMS | Ranger KMS nodes | 9292 | ranger.service.http.port |
HTTP port for Ranger KMS. |
Ranger KMS nodes | 9494 | ranger.service.https.port |
HTTPS port for Ranger KMS. Only used when SSL is enabled for Ranger KMS. | |
Ranger RMS | Ranger RMS nodes | 8383 | ranger.service.http.port |
HTTP port for Ranger RMS. |
Ranger RMS nodes | 8484 | ranger.service.https.port |
HTTPS port for Ranger RMS. Only used when SSL is enabled for Ranger RMS. | |
Apache Solr | Solr Server | 8983 | HTTP port for all Solr-specific actions, update/query. | |
Solr Server | 8985 | HTTPS port for all Solr-specific actions, update/query. | ||
Apache Spark |
Shuffle service |
7377 | spark.shuffle.service.port |
|
History Server |
18081 | spark.history.ui.port |
||
History Server with TLS |
18488 |
spark.ssl.historyServer.port
|
||
Apache Sqoop |
Metastore |
16000 |
sqoop.metastore.server.port
|
|
Apache Zeppelin | Zeppelin Server | 8885 | zeppelin.server.port | |
Zeppelin Server (SSL) | 8886 | zeppelin.server.ssl.port | ||
Apache ZooKeeper |
Server (with Cloudera Runtime or Cloudera Manager) |
2181 | clientPort |
Client port. |
Cruise Control | Cruise Control Server | 8899 | webserver.http.port |
This is the main port that enables access to the Cruise Control Server |
Livy | Livy Server Web UI | 8998 | livy.server.port |
|
Livy Thrift Server | 10090 | livy.server.thrift.port |
||
Omid | TSO Server | 54758 | ||
Schema Registry | Schema Registry Server | 7788 | schema.registry.port |
REST endpoint for Schema Registry. |
7789 | schema.registry.adminPort |
Page for monitoring the Schema Registry service to determine for example the health state and CPU usage. | ||
7790 | schema.registry.ssl.port |
When SSL is enabled, REST endpoint for Schema Registry. | ||
7791 | schema.registry.ssl.adminPort |
When SSL is enabled, the page for monitoring the Schema Registry service to determine for example the health state and CPU usage. | ||
Streams Messaging Manager | Streams Messaging Manager Rest Admin Server | 8585 | streams.messaging.manager.port |
Streams Messaging Manager Port |
8587 | streams.messaging.manager.ssl.port |
Streams Messaging Manager Port (SSL) | ||
8586 | streams.messaging.manager.adminPort |
Streams Messaging Manager Admin Port | ||
8588 | streams.messaging.manager.ssl.adminPort |
Streams Messaging Manager Admin Port (SSL) | ||
Streams Messaging Manager UI Server | 9991 | streams.messaging.manager.ui.port |
The port on which server accepts connections. This port is used for both secured and unsecured connections. | |
Streams Replication Manager | SRM Service | 6670 | streams.replication.manager.service.port |
SRM Service port. |
6671 | streams.replication.manager.service.ssl.port |
SRM Service port when SSL is enabled. |
Component | Service | Port | Configuration | Comment |
---|---|---|---|---|
Apache Hadoop HDFS | Secondary NameNode | 9868 | dfs.secondary.http.address or
dfs.namenode.secondary.http-address |
|
9869 |
dfs.secondary.https.address
|
|||
JournalNode | 8485 |
dfs.namenode.shared.edits.dir
|
||
8480 |
|
|||
8481 |
|
|||
Failover Controller |
8019 |
Used for NameNode HA |
||
Apache Hadoop YARN (MRv2) | ResourceManager | 8030 |
|
|
8031 |
yarn.resourcemanager.resource-tracker.address
|
|||
NodeManager | 8040 |
yarn.nodemanager.localizer.address
|
||
8041 |
yarn.nodemanager.address
|
|||
JobHistory Server | 10020 |
mapreduce.jobhistory.address
|
||
10033 |
mapreduce.jobhistory.admin.address
|
|||
Shuffle HTTP |
13562 | mapreduce.shuffle.port |
||
Queue Manager | 8082 | queuemanager_webapp_port | ||
Config Store/Service | 8080 | Set this configuration in the config.yml file for the service. | Reconfiguring this in a production environment is not recommended. | |
Queue Manager Config-Service | 8081 | adminConnectorsPort | Set this configuration in the config.yml file for the service. | |
Apache Hadoop KMS | Key Management Server | 16001 |
|
Applies to both Java KeyStore KMS and Key Trustee KMS. |
Apache HBase | HQuorumPeer | 2181 |
hbase.zookeeper.property.clientPort
|
HBase-managed ZooKeeper mode |
2888 |
hbase.zookeeper.peerport
|
HBase-managed ZooKeeper mode |
||
3888 |
hbase.zookeeper.leaderport
|
HBase-managed ZooKeeper mode |
||
Apache Impala | Impala Daemon | 22000 | Internal use only. Impala daemons use this port to communicate with each other. | |
23000 | Internal use only. Impala daemons listen on this port for updates from the statestore daemon. | |||
StateStore Daemon | 24000 | Internal use only. The statestore daemon listens on this port for registration/unregistration requests. | ||
Catalog Daemon | 23020 | Internal use only. The catalog daemon listens on this port for updates from the statestore daemon. | ||
26000 | Internal use only. The catalog service uses this port to communicate with the Impala daemons. | |||
Apache Kafka | Kafka Broker | 9092 | port | The primary communication port used by producers and consumers; also used for inter-broker communication. |
9093 | ssl_port | A secured communication port used by producers and consumers; also used for inter-broker communication. | ||
9393 | jmx_port | Internal use only. Used for administration via JMX. | ||
9394 | kafka.http.metrics.port | Internal use only. This is the port via which the HTTP metric reporter listens. It is used to retrieve metrics through HTTP instead of JMX. | ||
Kafka Connect | 38084 | metrics.jetty.server.port | Metrics Jetty Server Port | |
Kafka MirrorMaker | 24042 | jmx_port | Internal use only. Used to administer the producer and consumer of the MirrorMaker. | |
Apache Ozone | Ozone Manager | 9872 | ozone.om.ratis-port |
RPC endpoint for Ozone Manager HA instances to form a RAFT consensus ring. |
Storage Container Manager | 9861 | ozone.scm.datanode.port |
Port used by the DataNodes to communicate with the Storage Container Manager (SCM). | |
9863 | ozone.scm.block.client.port |
Port used by the Ozone Manager to communicate with the SCM for block related operations. | ||
9860 | ozone.scm.client.port |
Port used by the Ozone Manager and other clients to communicate with the SCM for container operations. | ||
9894 | ozone.scm.ratis.port |
Port used by the SCM to communicate with other SCMs using Ratis. | ||
9895 | ozone.scm.grpc.port |
Port used by the SCM to communicate with other SCMs about the database checkpoint downloads. | ||
Apache Phoenix | Phoenix Query Server Port | 8765 | phoenix_query_server_port |
|
Apache Solr | Solr Server | 8993 | Infra-Solr HTTP port | |
Solr Server | 8995 | Infra-Solr HTTPS port | ||
Apache ZooKeeper |
Server (with Cloudera Runtime only) |
2888 |
X in server.N =host:X:Y
|
Peer |
Server (with Cloudera Runtime only) |
3888 |
X in server.N =host:X:Y
|
Peer | |
Server (with Cloudera Runtime and Cloudera Manager) |
3181 |
X in server.N =host:X:Y
|
Peer | |
Server (with Cloudera Runtime and Cloudera Manager) |
4181 |
X in server.N =host:X:Y
|
Peer | |
ZooKeeper JMX port | 9010 | ZooKeeper will also use another randomly selected port for
RMI. To allow Cloudera Manager to monitor ZooKeeper, you must do one of the
following:
|
||
Streams Messaging Manager | Streams Messaging Manager Rest Admin Server | 6670 | streams.replication.manager.port | Streams Replication Manager rest port |
6671 | streams.replication.manager.port | Streams Replication Manager rest port on SSL | ||
7180 | cm.metrics.port | Cloudera Manager's HTTP port. | ||
7183 | cm.metrics.port | Cloudera Manager's HTTPS port | ||
9997 | cm.metrics.service.monitor.port | Cloudera Manager Service Monitor port | ||
38083 | kafka.connect.port | Kafka Connect port | ||
3306 | streams.messaging.manager.storage.connector.port | Streams Messaging Manager database port |