Ports Used by Cloudera Runtime Components

Cloudera Runtime components use a number of ports for associated services.

All ports listed are TCP.

In the following tables, Internal means that the port is used only for communication among the components; External means that the port can be used for either internal or external communication.

Table 1. External Ports
Component Service Port Configuration Comment
Apache Atlas Non-SSL 31000 atlas.server.http.port
SSL 31443 atlas.server.https.port This port is used only when Atlas is in SSL mode.
Apache Hadoop HDFS DataNode 9866 dfs.datanode.address DataNode server address and port for data transfer.
9864 dfs.datanode.http.address DataNode HTTP server port.
9865 dfs.datanode.https.address DataNode HTTPS server port.
9867 dfs.datanode.ipc.address DataNode IPC server port.
NameNode 8020 fs.default.name or fs.defaultFS

fs.default.name is deprecated (but still works)

8022 dfs.namenode.servicerpc-address

Optional port used by HDFS daemons to avoid sharing the RPC port used by clients (8020). Cloudera recommends using port 8022.

9870 dfs.http.address or dfs.namenode.http-address

dfs.http.address is deprecated (but still works)

9871 dfs.https.address or dfs.namenode.https-address

dfs.https.address is deprecated (but still works)

NFS gateway 2049

nfs port (nfs3.server.port

4242

mountd port (nfs3.mountd.port

111

portmapper or rpcbind port.

50079 nfs.http.port The NFS gateway daemon uses this port to serve metrics. The port is configurable on versions 5.10 and higher.
50579 nfs.https.port The NFS gateway daemon uses this port to serve metrics. The port is configurable on versions 5.10 and higher.
HttpFS 14000 HttpFS server port
14001 HttpFS admin port
Apache Hadoop YARN (MRv2) ResourceManager 8032 yarn.resourcemanager.address
8033 yarn.resourcemanager.admin.address
8088 yarn.resourcemanager.webapp.address
8090 yarn.resourcemanager.webapp.https.address
NodeManager 8042 yarn.nodemanager.webapp.address
8044 yarn.nodemanager.webapp.https.address
JobHistory Server 19888 mapreduce.jobhistory.webapp.address
19890 mapreduce.jobhistory.webapp.https.address

ApplicationMaster

The ApplicationMaster serves an HTTP service using an ephemeral port that cannot be restricted. This port is never accessed directly from outside the cluster by clients. All requests to the ApplicationMaster web server is routed using the YARN ResourceManager (proxy service). Locking down access to ephemeral port ranges within the cluster's network might restrict your access to the ApplicationMaster UI and its logs, along with the ability to look at running applications.
Apache Flume

Flume Agent

41414
Apache Hadoop KMS Key Management Server 16000 kms_http_port Applies to both Java KeyStore KMS and Key Trustee KMS.
Apache HBase Master 22001 hbase.master.port IPC
22002 hbase.master.info.port HTTP
RegionServer 22101 hbase.regionserver.port IPC
22102 hbase.regionserver.info.port HTTP

REST

20550 hbase.rest.port The default REST port in HBase is 8080. Because this is a commonly used port, Cloudera Manager sets the default to 20550 instead.

REST UI

8085
HBase Thrift Server 9090

Pass -p <port> on CLI

HBase Thrift Serve Web UIr 9095
Lily HBase Indexer 11060
Apache Hive Metastore 9083
HiveServer2 10000 hive.server2.thrift.port

The Beeline command interpreter requires that you specify this port on the command line.

If you use Oracle database, you must manually reserve this port.

HiveServer2 Web User Interface (UI) 10002

hive.server2.webui.port in hive-site.xml

Hue Server 8888
Load Balancer 8889
Apache Impala Impala Daemon 21000 Used to transmit commands and receive results by impala-shell and version 1.2 of the Cloudera ODBC driver.
21050 Used to transmit commands and receive results by applications, such as Business Intelligence tools, using JDBC, the Beeswax query editor in Hue, and version 2.0 or higher of the Cloudera ODBC driver.
25000 Impala web interface for administrators to monitor and troubleshoot.
StateStore Daemon 25010 StateStore web interface for administrators to monitor and troubleshoot.
Catalog Daemon 25020 Catalog service web interface for administrators to monitor and troubleshoot.
Apache Kafka Kafka Broker 9092 port The primary communication port used by producers and consumers; also used for inter-broker communication.
9093 ssl_port A secured communication port used by producers and consumers; also used for inter-broker communication.
Kafka Connect 38083 rest.port Kafka Connect Rest Port.
38085 secure.rest.port Kafka Connect Secure Rest Port.
Apache Knox Knox Gateway 8443 gateway.port The HTTP port for the Gateway
Knox Gateway (HTTPS) 8444 idbroker_gateway_port
Apache Kudu Master 7051 Kudu Master RPC port.
8051 Kudu Master HTTP server port.
TabletServer 7050 Kudu TabletServer RPC port.
8050 Kudu TabletServer HTTP server port.
Apache Oozie Oozie Server 11000

OOZIE_HTTP_PORT in oozie-env.sh

HTTP
11443 HTTPS
Apache Ozone Ozone Manager 9862 ozone.om.rpc-port RPC endpoint for clients and applications.
9874 ozone.om.http-port HTTP port for the Ozone Manager web UI.
9875 ozone.om.https-port HTTPS port for the Ozone Manager web UI.
Storage Container Manager 9876 ozone.scm.http-port HTTP port for the SCM UI.
9877 ozone.scm.https-port HTTPS port for the SCM web UI.
DataNode 9882 hdds.datanode.http-address HTTP port for the DataNode web UI.
9883 hdds.datanode.https-address HTTPS port for the DataNode web UI.
9858 dfs.container.ratis.ipc RAFT server endpoint that is used by clients and other DataNodes to replicate RAFT transactions and write data.
9859 dfs.container.ipc Endpoint that is used by clients and other DataNodes to read block data.
S3 Gateway 9878 ozone.s3g.http-port HTTP port for the S3 API REST endpoint and web UI.
9879 ozone.s3g.https-port HTTPS port for the S3 API REST endpoint and web UI.
Recon Service 9891 ozone.recon.rpc-port Port used by DataNodes to communicate with the Recon Server.
9888 ozone.recon.http-port HTTP port for the Recon service web UI and REST API.
9889 ozone.recon.https-port HTTPS port for the Recon service web UI and REST API.
Apache Ranger Non-SSL 6080 ranger.service.http.port
SSL 6182 ranger.service.https.port This port is used only when Ranger is in SSL mode.
Admin Unix Auth Service Port 5151 ranger.unixauth.service.port
Ranger KMS Ranger KMS nodes 9292 ranger.service.http.port HTTP port for Ranger KMS.
Ranger KMS nodes 9494 ranger.service.https.port HTTPS port for Ranger KMS. Only used when SSL is enabled for Ranger KMS.
Ranger RMS Ranger RMS nodes 8383 ranger.service.http.port HTTP port for Ranger RMS.
Ranger RMS nodes 8484 ranger.service.https.port HTTPS port for Ranger RMS. Only used when SSL is enabled for Ranger RMS.
Apache Solr Solr Server 8983 HTTP port for all Solr-specific actions, update/query.
Solr Server 8985 HTTPS port for all Solr-specific actions, update/query.
Apache Spark

Shuffle service

7377 spark.shuffle.service.port

History Server

18081 spark.history.ui.port

History Server with TLS

18488 spark.ssl.historyServer.port
Apache Sqoop

Metastore

16000 sqoop.metastore.server.port
Apache Zeppelin Zeppelin Server 8885 zeppelin.server.port
Zeppelin Server (SSL) 8886 zeppelin.server.ssl.port
Apache ZooKeeper

Server (with Cloudera Runtime or Cloudera Manager)

2181 clientPort Client port.
Cruise Control Cruise Control Server 8899 webserver.http.port This is the main port that enables access to the Cruise Control Server
Livy Livy Server Web UI 8998 livy.server.port
Livy Thrift Server 10090 livy.server.thrift.port
Omid TSO Server 54758
Schema Registry Schema Registry Server 7788 schema.registry.port REST endpoint for Schema Registry.
7789 schema.registry.adminPort Page for monitoring the Schema Registry service to determine for example the health state and CPU usage.
7790 schema.registry.ssl.port When SSL is enabled, REST endpoint for Schema Registry.
7791 schema.registry.ssl.adminPort When SSL is enabled, the page for monitoring the Schema Registry service to determine for example the health state and CPU usage.
Streams Messaging Manager Streams Messaging Manager Rest Admin Server 8585 streams.messaging.manager.port Streams Messaging Manager Port
8587 streams.messaging.manager.ssl.port Streams Messaging Manager Port (SSL)
8586 streams.messaging.manager.adminPort Streams Messaging Manager Admin Port
8588 streams.messaging.manager.ssl.adminPort Streams Messaging Manager Admin Port (SSL)
Streams Messaging Manager UI Server 9991 streams.messaging.manager.ui.port The port on which server accepts connections. This port is used for both secured and unsecured connections.
Streams Replication Manager SRM Service 6670 streams.replication.manager.service.port SRM Service port.
6671 streams.replication.manager.service.ssl.port SRM Service port when SSL is enabled.
Table 2. Internal Ports
Component Service Port Configuration Comment
Apache Hadoop HDFS Secondary NameNode 9868 dfs.secondary.http.address or dfs.namenode.secondary.http-address

dfs.secondary.http.addressis deprecated (but still works)

9869 dfs.secondary.https.address
JournalNode 8485 dfs.namenode.shared.edits.dir
8480

dfs.journalnode.http-address

8481

dfs.journalnode.https-address

Failover Controller

8019

Used for NameNode HA

Apache Hadoop YARN (MRv2) ResourceManager 8030
yarn.resourcemanager.scheduler.address
8031 yarn.resourcemanager.resource-tracker.address
NodeManager 8040 yarn.nodemanager.localizer.address
8041 yarn.nodemanager.address
JobHistory Server 10020 mapreduce.jobhistory.address
10033 mapreduce.jobhistory.admin.address

Shuffle HTTP

13562 mapreduce.shuffle.port
Queue Manager 8082 queuemanager_webapp_port
Config Store/Service 8080 Set this configuration in the config.yml file for the service. Reconfiguring this in a production environment is not recommended.
Queue Manager Config-Service 8081 adminConnectorsPort Set this configuration in the config.yml file for the service.
Apache Hadoop KMS Key Management Server 16001

kms_admin_port

Applies to both Java KeyStore KMS and Key Trustee KMS.

Apache HBase HQuorumPeer 2181 hbase.zookeeper.property.clientPort

HBase-managed ZooKeeper mode

2888 hbase.zookeeper.peerport

HBase-managed ZooKeeper mode

3888 hbase.zookeeper.leaderport

HBase-managed ZooKeeper mode

Apache Impala Impala Daemon 22000 Internal use only. Impala daemons use this port to communicate with each other.
23000 Internal use only. Impala daemons listen on this port for updates from the statestore daemon.
StateStore Daemon 24000 Internal use only. The statestore daemon listens on this port for registration/unregistration requests.
Catalog Daemon 23020 Internal use only. The catalog daemon listens on this port for updates from the statestore daemon.
26000 Internal use only. The catalog service uses this port to communicate with the Impala daemons.
Apache Kafka Kafka Broker 9092 port The primary communication port used by producers and consumers; also used for inter-broker communication.
9093 ssl_port A secured communication port used by producers and consumers; also used for inter-broker communication.
9393 jmx_port Internal use only. Used for administration via JMX.
9394 kafka.http.metrics.port Internal use only. This is the port via which the HTTP metric reporter listens. It is used to retrieve metrics through HTTP instead of JMX.
Kafka Connect 38084 metrics.jetty.server.port Metrics Jetty Server Port
Kafka MirrorMaker 24042 jmx_port Internal use only. Used to administer the producer and consumer of the MirrorMaker.
Apache Ozone Ozone Manager 9872 ozone.om.ratis-port RPC endpoint for Ozone Manager HA instances to form a RAFT consensus ring.
Storage Container Manager 9861 ozone.scm.datanode.port Port used by the DataNodes to communicate with the Storage Container Manager (SCM).
9863 ozone.scm.block.client.port Port used by the Ozone Manager to communicate with the SCM for block related operations.
9860 ozone.scm.client.port Port used by the Ozone Manager and other clients to communicate with the SCM for container operations.
9894 ozone.scm.ratis.port Port used by the SCM to communicate with other SCMs using Ratis.
9895 ozone.scm.grpc.port Port used by the SCM to communicate with other SCMs about the database checkpoint downloads.
Apache Phoenix Phoenix Query Server Port 8765 phoenix_query_server_port
Apache Solr Solr Server 8993 Infra-Solr HTTP port
Solr Server 8995 Infra-Solr HTTPS port
Apache ZooKeeper

Server (with Cloudera Runtime only)

2888 X in server.N =host:X:Y Peer

Server (with Cloudera Runtime only)

3888 X in server.N =host:X:Y Peer

Server (with Cloudera Runtime and Cloudera Manager)

3181 X in server.N =host:X:Y Peer

Server (with Cloudera Runtime and Cloudera Manager)

4181 X in server.N =host:X:Y Peer
ZooKeeper JMX port 9010 ZooKeeper will also use another randomly selected port for RMI. To allow Cloudera Manager to monitor ZooKeeper, you must do one of the following:
  • Open up all ports when the connection originates from the Cloudera Manager Server
  • Do the following:
    1. Open a non-ephemeral port (such as 9011) in the firewall.
    2. Install Oracle Java 7u4 JDK or higher.
    3. Add the port configuration to the advanced configuration snippet, for example: -Dcom.sun.management.jmxremote.rmi.port=9011
    4. Restart ZooKeeper.
Streams Messaging Manager Streams Messaging Manager Rest Admin Server 6670 streams.replication.manager.port Streams Replication Manager rest port
6671 streams.replication.manager.port Streams Replication Manager rest port on SSL
7180 cm.metrics.port Cloudera Manager's HTTP port.
7183 cm.metrics.port Cloudera Manager's HTTPS port
9997 cm.metrics.service.monitor.port Cloudera Manager Service Monitor port
38083 kafka.connect.port Kafka Connect port
3306 streams.messaging.manager.storage.connector.port Streams Messaging Manager database port