Details
-
Bug
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
None
-
None
-
None
-
OpenStack, AWS, anything where ports are closed by default
Description
It took me a really, really long time to figure out which ports needed opened to have a successful installation.
I opened a few too many, but here is my current list:
DNS is open because I'm also running a DNS server in my ambari instance. I have no idea what 8020 is used for, but the logs of one of the nodes was trying to get to it, the 50000-60000 range is just "hadoop services" it would be nice to have a list of those somewhere as well, so I can lock down 9990 ports or so.
It would also be good to know which rules are just for inner-instance communication and which should be accessible to other users, or at least a description of how each port is used, and not just for what so that I could make those decisions for my installation.
rules = [
'icmp, -1, -1, 0.0.0.0/0', # ping
'tcp, 22, 22, 0.0.0.0/0', # ssh
'tcp, 53, 53, 0.0.0.0/0', # dns
'udp, 53, 53, 0.0.0.0/0', # dns
'tcp, 8080, 8080, 0.0.0.0/0', # http
'tcp, 8440, 8441, 0.0.0.0/0', # http, other
'tcp, 8020, 8020, 0.0.0.0/0', # http, other, hadoop
'tcp, 5432, 5432, 0.0.0.0/0', # postgres
'tcp, 50000, 60000, 0.0.0.0/0' # hadoop, overly open
]