Access the Web UI with Tunneling

Prev Next

Available in Classic

By default, you can access the Ambari Web UI using the cluster administrator account and password you entered when creating the cluster. However, the following web UIs, such as the HDFS NameNode UI, can only be accessed via SSH tunneling.

  • HDFS NameNode UI
  • YARN Resource Manager UI
  • Spark JobHistory UI
  • Oozie Web UI
  • HBase Master UI

Preliminary tasks

To establish an SSH tunneling connection, the following preliminary tasks are required:

Item Description Guide
Configure ACG Add the IP and port 22 of the device to access the cluster's ACG settings
  • Access source: User's static IP (Can be entered by clicking [myIp])
 Firewall settings (ACG)
Authentication key Private key (.pem) required for access to the cluster Manage authentication key for direct cluster access
Public domain Public domain address needed for accessing the relevant cluster node
Can be viewed from the Public domain item in the cluster details		 Check cluster details
Public IP Public IP required for access to the cluster node
The details of the cluster can be viewed from Public IP		 Check cluster details

1. Check which nodes within the cluster have public IPs assigned

To check which nodes within the cluster have public IPs assigned to them:

  1. From the NAVER Cloud Platform console's Classic environment, navigate to i_menu > Services > Big Data & Analytics > Cloud Hadoop.
  2. After selecting the cluster from the cluster list, check the public IP in the Public IP (assigned) section of the cluster details.
    chadoop-2-1-107_ko

2. Set ACG rules

To change the ACG rules of a cluster:

  1. From the NAVER Cloud Platform console's Classic environment, navigate to i_menu > Services > Compute > Server > ACG.
  2. Select the ACG of the cluster you want to access and click [Set ACG].
    chadoop-3-3-01_ko
  3. Enter the following 4 information items and add ACG Rule:
    • Protocol: TCP
    • Access source: IP of the local device that communicates with SSH
    • Allowed port: 22
    • Note (optional)
      chadoop-3-3-02_ko

Create tunnel

Depending on your environment, tunneling can be done in one of 2 ways. Once tunneling is complete, traffic sent from your local computer to port 9876 will be routed to the cluster's master node.

Method 1: Create a tunnel using SSH commands
Method 2: Create a tunnel using PuTTY

Method 1: Create a tunnel using SSH commands

SSH (Secure Shell) tunneling connects a port on your local computer to a master node with an allowed public IP address and port assigned to a Cloud Hadoop cluster.

Traffic sent to the local port is routed to the corresponding master node via an SSH connection. It appears as if it originated from the master node and the response is rerouted through the tunnel.

Create an SSH tunnel by referring to the SSH commands in the following example:

  • The SSH user for clusters created in Cloud Hadoop is sshuser and cannot be changed.
  • Enter the authentication key and public IP information from the preliminary tasks in <PEM-FILE-PATH> and <PUBLIC_IP>, respectively.
# ssh -i <PEM-FILE-PATH> -C2qTnNf -D 9876 sshuser@<PUBLIC_IP>
ssh -i ~/Download/sample-key.pem -C2qTnNf -D 9876 sshuser@10.10.10.10

The above commands create a connection to the cluster via SSH on local port 9876, routing traffic to it. The options are as follows:

PORT Description
D 9876 Local port that routes traffic through the tunnel
C Web traffic is mostly text, so all data is compressed
2 Force SSH to attempt only protocol version 2
q Automatic mode
T Disable false tty allocation after port forwarding
n STDIN not read after port forwarding
N Do not execute remote commands after port forwarding
f Run in background

Method 2: Create a tunnel using PuTTY

To create a tunnel using PuTTY:

  1. Run PuTTY. (Download PuTTY)
  2. Select Session in the Category window and enter info in each of the settings fields as below.
    • HostName (or IP address): sshuser@DNS (Enter the public domain or the public IP of the relevant cluster into DNS of sshuser@DNS)
    • Port: 22
  3. In the Category window, click Connection > SSH > Tunnels.
  4. Enter the following information in the Options controlling SSH port forwarding form and click [Add].
    • Source port: Port of the client you want to forward to (e.g. 9876)
    • Destination: Enter the public domain or public IP of the relevant cluster
    • Dynamic: Enable dynamic SOCKS proxy routing
  5. In the Category window, select Connection > SSH to expand, and then click the Auth item.
  6. Click [Browse] to select the PPK file created by converting the PEM file, and then click [Open].
Note

Once a tunnel is created, you can save the session in PuTTY and load it when needed.

  • To save a session, enter the session name in the Saved sessions input field under Load, save or delete a stored session, and then click [Save].
  • To run a session, select the session from the Saved Sessions list, and then click [Open].

Configure tunnel in browser

For this step, we recommend using the Mozilla Firefox browser, which provides consistent proxy settings across all platforms. Other modern browsers, such as Google Chrome, may require an extension such as FoxyProxy to work with the tunnel.

This guide explains how to configure your browser to use an allowed port (e.g. 9876) when creating a SOCKS v5 proxy tunnel with localhost.

When using Firefox

To set up a tunnel in the Firefox browser:

  1. In the Firefox browser, click Settings > General, then click [Settings] under Network Settings.
  2. In the connection settings popup, configure the settings as shown below and click [OK].
    hadoop-chadoop-proxy1_ko

When using macOS + Chrome

To set up a tunnel in the Chrome browser on macOS:

  1. Run cmd.
  2. Enter and execute the following command:
/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --proxy server="socks5://127.0.0.1:9876"

When using Windows + Chrome

To set up a tunnel in the Chrome browser on Windows:

  1. Right-click the Chrome icon, and then select Properties.
  2. Enter --proxy-server="socks5://127.0.0.1:9876" at the end of the Target (T) text in the [Shortcut] tab, and then click [OK].
    chadoop-2-1-106_ko

Access Web UI from a browser

Before setting up a tunnel, you will not be able to access the page in Ambari UI > Quick Links, but after configuring your browser, you will be able to access the Web UI. For example, if the Active ResourceManager component is on host m-002-cluster-test-hd, you can access the Resource Manager UI at http://m-002-cluster-test-hd:8088/cluster.

To access Web UIs that were previously accessible without tunneling after tunneling, you must change the public IP address in the existing address to the private IP address or host name of the node to which the public IP address was assigned.
For example, if you originally accessed the Ambari UI at an address like http://pub-adqs.hadoop.ntruss.com:8080/#/login without tunneling, you can access it at http://m-001-cluster-test-hd:8080/#/login after tunneling.

Caution

After setting up a proxy server, you will need to restart all your web browsers for them to work properly.