Ports Used by Cloudera Director
Cloudera Director needs to communicate with each of the nodes in the clusters that it manages. The simplest way to achieve this, if your organization's security policies allow it, is to enable all network traffic between Cloudera Director, cluster instances, and the Cloudera Manager node using any protocol on any port. You can do this in AWS by creating a security group for your VPC that allows traffic between its members and assigning this security group to Cloudera Director, Cloudera Manager, and all cluster instances. With this approach, you do not have to specify each port that is required by Cloudera Manager.
|SSH (22)||TCP (6)||22||0.0.0.0/0|
In a restricted network environment, you might want to enable minimal network traffic between instances and keep open ports to a minimum.
- Minimally, open port 22 for traffic to allow SSH access to the Cloudera Director server. If using SSH tunneling, the other Cloudera Director ports below are not required.
- Minimally, the Cloudera Director server needs SSH (port 22) access to every node in the cluster.
- Open outbound port 123 so that the Cloudera Manager and cluster nodes can access an NTP time server.
- Optionally, open port 7189 on the Cloudera Director server to enable access to the Cloudera Director web UI. Optionally, you can configure Cloudera Director to use HTTPS. You can configure a non-default port for the Cloudera Director web UI by adding the server.port property to the server application.properties file and specifying the desired port number. To enable HTTPS, configure the server.ssl.* settings in the SSL section of the application.properties file.
- Optionally, open port 7180 on the Cloudera Manager instances so that the Cloudera Director server can use port 7180 to interact with the Cloudera Manager API. (Otherwise, Cloudera Director will use SSH tunnels on port 22 to communicate with Cloudera Manager.)
- The Cloudera Director server needs access to outbound ports 80 and 443 to retrieve packages for initial installation, metering access, and for API access to the AWS, Azure, and Google APIs. Refer to AWS, Azure, and Google documentation for the exact domains.
For information on ports used by Cloudera Manager and CDH, see Ports in the Cloudera Manager documentation.
The following table summarizes the Cloudera Director port requirements described above:
*You can restrict access to archive.cloudera.com and metering.cloudera.com if you have an internal parcel repository and Cloudera Manager repository, and are not using usage-based billing (which requires metering), but your instances still require access to your cloud provider's REST APIs through HTTP or HTTPS.
|Cloudera Director||Cloudera Director server||Cloudera Director web UI and API||7189 (configurable)||HTTP||No (SSH tunnel can be used instead)|
|Web UI and API||configurable||HTTPS||No (SSH tunnel can be used instead)|
|Clusters managed by Cloudera Director||Cloudera Manager node||Cloudera Manager API||7180||HTTP||No (SSH tunnel can be used instead)|
|Cluster nodes||NTP||123 (outbound)||UDP||Yes|
|archive.cloudera.com, metering.cloudera.com, AWS, Azure, and Google REST APIs, etc.||Cloudera Director server and the Cloudera Manager node||Software download/metering||80 (outbound)||HTTP||Yes*|