Chapter 11. Allocating Ports
11.1. Ports used in a Fabric Environment
TCP-IP Ports used in a Fabric environment
To provision containers by using
|Karaf SSH||8101||For attaching remote administration clients|
|Zookeeper server||2181||For reading the configuration repository|
|ZooKeeper peer||2888||For synchronizing the configuration repository|
|ZooKeeper election||3888||For coordinating ZooKeeper ensemble roles|
|RMI server||1099||For JMX administration operations over RMI|
|RMI registry||44444||For JMX administration operations over RMI|
|Standard HTTP||8181||Used by the web-based administration console; the default for web services endpoints|
|Standard HTTPS||8443||Encrypted; used by the web-based administration console; the default for web services endpoints|
io.fabric8.elasticsearch-insightPID. These PID properties are set to corresponding Fabric environment variable values:
http.port = FABRIC8_ES_HTTP_PORT
Transport.tcp.port = FABRIC8_ES_TCP_PORT
myprofile, you can run the following command to change the HTTP port that Elasticsearch uses from the default value to port 1234:
fabric:profile-edit --pid io.fabric8.elasticsearch-insight/http.port=1234 myprofile
Managing ports when using a firewall
- Fuse expects to have access to public Maven repositories using HTTP, in order to satisfy dependencies when applications are deployed. While there may be a need to block incoming connections to Fuse services, blocking outbound connections could be highly problematic, because Fuse will not be able to connect to the repositories it needs. If there is no alternative to blocking outbound connections, then you must either configure an HTTP proxy with Internet access or you must replicate all the artifacts required from the public repositories in a local shared file system.
- You might notice sockets in the LISTENING state other that are not listed in the "TCP-IP Ports used in a Fabric environment table. These sockets are used by services exposed by the JVM for debugging and diagnostic purposes. They typically have machine-generated port numbers. in production set-ups, you do not need to expose these ports in the firewall.
- If you're using a clustered JMS broker setup, then you should make provision for the routing of traffic between brokers, as well as between the brokers and their clients.
- The ZooKeeper ports can change at runtime,for example, when a ZooKeeper ensemble is resized. If you are implementing a firewall, you should make provision for this port change. For example, rather than opening port 2181 for ZooKeeper, you should open a range of ports starting with 2181, if the ensemble is likely to be re-sized before settling on a final configuration.