Search

Chapter 11. Allocating Ports

download PDF

Abstract

In a fabric environment, Fuse uses TCP/IP ports for communication between containers. If you need to implement a firewall, you must consider these ports and how to handle communication between Fuse containers. You can use the port service to take care of allocating ports for your services, where the port service allocates ports in such a way as to avoid port clashes.

11.1. Ports used in a Fabric Environment

In a Fabric environment, Fuse uses a number of TCP/IP ports for inter-container communication, as listed in the following table.
You can change these ports in configuration files or fabric profiles.
The minimum set of ports needed for a working fabric is the HTTP port (8181) and Zookeeper server port (2181). However, with only these ports open you cannot configure ensemble operation, which relies on a full set of Zookeeper ports, nor can you use any kind of JMX administration.

TCP-IP Ports used in a Fabric environment

Port Default Value Purpose
Standard SSH 22 To provision containers by using container-create-ssh
Karaf SSH 8101 For attaching remote administration clients
Zookeeper server 2181 For reading the configuration repository
ZooKeeper peer 2888 For synchronizing the configuration repository
ZooKeeper election 3888 For coordinating ZooKeeper ensemble roles
RMI server 1099 For JMX administration operations over RMI
RMI registry 44444 For JMX administration operations over RMI
Standard HTTP 8181 Used by the web-based administration console; the default for web services endpoints
Standard HTTPS 8443 Encrypted; used by the web-based administration console; the default for web services endpoints

Elasticsearch ports

If you enable the Elasticsearch feature on the Fabric node, the Fabric environment uses two ports that are set by properties that belong to the io.fabric8.elasticsearch-insight PID. These PID properties are set to corresponding Fabric environment variable values:
http.port = FABRIC8_ES_HTTP_PORT
Transport.tcp.port = FABRIC8_ES_TCP_PORT
To change the ports that Elasticsearch uses, you can customize these port settings for your Fabric profile. For example, if your profile name is myprofile, you can run the following command to change the HTTP port that Elasticsearch uses from the default value to port 1234:
fabric:profile-edit --pid io.fabric8.elasticsearch-insight/http.port=1234 myprofile
For more information on Fabric profiles, see Section 6.2, “Working with Profiles”.

Managing ports when using a firewall

While Red Hat does not recommend placing firewall restrictions between container hosts in a fabric, sometimes it is unavoidable. To ensure that the fabric works correctly when you configure a firewall, address the following concerns:
  • Fuse expects to have access to public Maven repositories using HTTP, in order to satisfy dependencies when applications are deployed. While there may be a need to block incoming connections to Fuse services, blocking outbound connections could be highly problematic, because Fuse will not be able to connect to the repositories it needs. If there is no alternative to blocking outbound connections, then you must either configure an HTTP proxy with Internet access or you must replicate all the artifacts required from the public repositories in a local shared file system.
  • You might notice sockets in the LISTENING state other that are not listed in the "TCP-IP Ports used in a Fabric environment table. These sockets are used by services exposed by the JVM for debugging and diagnostic purposes. They typically have machine-generated port numbers. in production set-ups, you do not need to expose these ports in the firewall.
  • If you're using a clustered JMS broker setup, then you should make provision for the routing of traffic between brokers, as well as between the brokers and their clients.
  • The ZooKeeper ports can change at runtime,for example, when a ZooKeeper ensemble is resized. If you are implementing a firewall, you should make provision for this port change. For example, rather than opening port 2181 for ZooKeeper, you should open a range of ports starting with 2181, if the ensemble is likely to be re-sized before settling on a final configuration.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.