Configuring firewall port access
If a firewall runs on the nodes in the Cassandra or DataStax Enterprise cluster, open up ports to allow communication between the nodes.
All network security starts with strict and proper firewall rules on interfaces that are exposed to the internet, allowing only the absolute minimum traffic in or out of your network. Firewall security is especially important when running your infrastructure in a public cloud. Wherever you run your clusters, DataStax strongly recommends to run a firewall on all nodes in your Cassandra or DataStax Enterprise cluster.
Begin with a restrictive configuration that blocks all traffic except SSH. Then, open up the following ports on a private DSE network to allow communication between the nodes, including certain Cassandra ports. There is no reason to open DSE ports on a public network. If these ports are not opened, the node acts as a standalone database server rather than joining the database cluster when you start Cassandra (or Hadoop in DataStax Enterprise) on a node.
Procedure
Port | Description | Configurable in |
---|---|---|
Public facing ports |
||
22 | SSH (default) | See your OS documentation on sshd. |
DataStax Enterprise public ports |
||
4040 | Spark application web site port. | Apache Spark™ |
5598 | Public port for DSE File System (DSEFS) clients. | dse.yaml. |
7080 | Spark Master web site port. | spark-env.sh |
7081 | Spark Worker web site port. | spark-env.sh |
8012 | Hadoop Job Tracker client port. The Job Tracker listens on this port for job submissions and communications from Task Trackers; allows traffic from each analytics node in a cluster. | cassandra.yaml |
8182 | The gremlin server port for DSE Graph. | See Graph configuration. |
8983 | DSE Search (Solr) port and Demo applications web site port (Portfolio, Search, Search log, Weather Sensors) | |
8090 | Spark Jobserver REST API port. | See Spark Jobserver. |
9091 | The DataStax Studio server port. | See DataStax Studio documentation. Configure in dse_studio_install_dir/configuration.yaml. |
9999 | Spark Jobserver JMX port. Required only if Spark Jobserver is running and remote access to JMX is required. | |
18080 | Spark application history server web site port. Only required if Spark application history server is running. Can be changed with the spark.history.ui.port setting. | See Spark history server. |
50030 | Hadoop Job Tracker web site port. The Job Tracker listens on this port for HTTP requests. If initiated from the OpsCenter, these requests are proxied through the opscenterd daemon; otherwise, they come directly from the browser. See OpsCenter ports reference. | mapred-site.xml |
50060 | Hadoop Task Tracker web site port. Each Task Tracker listens on this port for HTTP requests coming directly from the browser and not proxied by the opscenterd daemon. See OpsCenter ports reference. | mapred-site.xml |
OpsCenter public ports |
||
8888 | OpsCenter web site port. The opscenterd daemon listens on this port for HTTP requests coming directly from the browser. See OpsCenter ports reference. | opscenterd.conf |
Inter-node ports |
||
Cassandra inter-node communication ports |
||
5599 | Private port for DSEFS inter-node communication port. Must not be visible outside of the cluster. | dse.yaml |
7000 | Cassandra inter-node cluster communication port. | cassandra.yaml |
7001 | Cassandra SSL inter-node cluster communication port. | cassandra.yaml |
7199 | Cassandra JMX metrics monitoring port. DataStax recommends allowing connections only from the local node. Configure SSL and JMX authentication when allowing connections from other nodes. See Encrypting data. | cassandra-env.sh See JMX options in Tuning Java resources. |
1024 - 65355 | JMX reconnection/loopback ports. See the description for port 7199. |
See JMX options in Tuning Java resources. |
9160 | Cassandra client port (Thrift) port. OpsCenter agents makes Thrift requests to their local node on this port. Additionally, the port can be used by the opscenterd daemon to make Thrift requests to each node in the cluster. | cassandra.yaml |
DataStax Enterprise inter-node ports |
||
7077 | Spark Master inter-node communication port. | dse.yaml |
8609 | Port for inter-node messaging service. | dse.yaml |
8984 | DSE Search inter-node communication port used for releases earlier than 5.0 and during upgrades to 5.0. Deprecated for DataStax Enterprise 5.0 and later. | dse.yaml |
9042 | CQL native clients port. | cassandra.yaml |
9290 | Hadoop Job Tracker Thrift port. The Job Tracker listens on this port for Thrift requests coming from the opscenterd daemon. | |
10000 | Hive server port. | hive-site.xml |
10000 | Spark SQL Thrift server port. Only required if Spark SQL Thrift server is running. | Set with the -p option with the Spark SQL Thrift server. |
For use with Spark, the default location of the hive-site.xml file is:
Installer-Services and Package installations | /etc/dse/spark/hive-site.xml |
Installer-No Services and Tarball installations | install_location/resources/spark/conf/hive-site.xml |
For use with Hive, the default location of the hive-site.xml file is:
Installer-Services and Package installations | /etc/dse/hive/hive-site.xml |
Installer-No Services and Tarball installations | install_location/resources/hive/conf/hive-site.xml |
Installer-Services and Package installations | /etc/dse/spark/spark-env.sh |
Installer-No Services and Tarball installations | install_location/resources/spark/conf/spark-env.sh |
Installer-Services | /etc/dse/cassandra/cassandra.yaml |
Package installations | /etc/dse/cassandra/cassandra.yaml |
Installer-No Services | install_location/resources/cassandra/conf/cassandra.yaml |
Tarball installations | install_location/resources/cassandra/conf/cassandra.yaml |
Installer-Services | /etc/dse/dse.yaml |
Package installations | /etc/dse/dse.yaml |
Installer-No Services | install_location/resources/dse/conf/dse.yaml |
Tarball installations | install_location/resources/dse/conf/dse.yaml |
Installer-Services and Package installations | /etc/dse/hadoop/mapred-site.xml |
Installer-No Services and Tarball installations | install_location/resources/hadoop/conf/mapred-site.xml |
Package installations | /etc/dse/cassandra/cassandra-env.sh |
Tarball installations | install_location/resources/cassandra/conf/cassandra-env.sh |