- Print
- PDF
Web UI connection using tunneling
- Print
- PDF
Available in Classic
By default, you can access the Ambari web UI by using the cluster admin account and password you entered when creating the cluster. However, the web UIs below including HDFS name node UI can only be accessed via SSH tunneling.
- HDFS NameNode UI
- YARN Resource Manager UI
- Spark JobHistory UI
- Oozie web UI
- HBase Master UI
Preparations
Establishing SSH tunneling connection requires the following preparations.
Item | Description | Guide |
---|---|---|
Set ACG | Add the IP and Port 22 of the device to access the cluster's ACG settings | Setting firewall (ACG) |
Authentication key | Private key (.pem) required for access to the cluster | Managing authentication key for direct cluster connection |
Public IP | Public IP required for access to the cluster node Can be viewed from the Public IP item from the cluster details | View cluster details |
1. Check the node inside the cluster with a public IP address assigned
The following describes how to check the node inside the cluster with a public IP address assigned.
- From the NAVER Cloud Platform console, click the Services > Big Data & Analytics > Cloud Hadoop menus, in that order.
- Select the cluster from the cluster list, and then check if a public IP is assigned from the Public IP (Assigned) item in details.
2. Set ACG rules
The following describes how to change the cluster's ACG rules.
- From the NAVER Cloud Platform console, click the Services > Compute > Server > ACG menus, in that order.
- Select the ACG of the cluster to access, and then click the [Set ACG] button.
- Enter the four information items below and add ACG rules.
- Protocol: TCP
- Access source: IP of the local device used for SSH communication
- Allowed port: 22
- Note (optional)
Create tunnel
You can choose one of two methods to create a tunnel, depending on your environment. When the tunneling is complete, traffic from the local computer to Port 9876 will be routed to the cluster’s master node.
Method 1: Create tunnel using SSH
Method 2: Create tunnel using PuTTY
Method 1: Create tunnel using SSH
SSH (Secure Shell) tunneling connects the port on the local machine to the Cloud Hadoop cluster's master node, where a public IP address is assigned and there's an allowed port.
Traffic sent to the local port is routed through the SSH connection to its master node. It will appear as if it originated from the master node, and the response will be rerouted through the tunnel.
Refer to the SSH command statement in the following example to create a SSH tunnel.
- The SSH user in the cluster created in Cloud Hadoop is
sshuser
, and it can't be changed. - Enter the authentication key and public IP information with the preparations completed to
<PEM-FILE-PATH>
and<PUBLIC_IP>
respectively.
# ssh -i <PEM-FILE-PATH> -C2qTnNf -D 9876 sshuser@<PUBLIC_IP>
ssh -i ~/Download/sample-key.pem -C2qTnNf -D 9876 sshuser@10.10.10.10
The command above creates a connection that routes traffic from local Port 9876 to the cluster via SSH. Options are as follows.
PORT | Description |
---|---|
D 9876 | Local port for routing traffic through the tunnel |
C | Web traffic is mostly text, so all data is compressed. |
2 | Force SSH to try protocol version 2 only. |
q | Auto mode |
T | Disable false tty assignment after port forwarding |
n | Do not read STDIN after port forwarding |
N | Do not execute remote command after port forwarding |
f | Run in the background |
Method 2: Create tunnel using PuTTY
The following describes how to create a tunnel using PuTTY.
- Run PuTTY. (Download PuTTY)
- Select Session from the Category window, and enter as below in each of the settings field.
- HostName (or IP address):
sshuser@DNS
(Enter the cluster's public IP inDNS
amongsshuser@DNS
) - Port:
22
- HostName (or IP address):
- In the Category window, click the Connection > SSH > Tunnels item.
- Enter the following information in the Options controlling SSH port forwarding template, and then click the [Add] button.
- Source port: Port of the client to forward (e.g., 9876)
- Destination: Public IP address or public domain address of the cluster
- Dynamic: Enable dynamic SOCKS proxy routing
- In the Category window, select Connection > SSH to expand, and then click the Auth item.
- Click the [Browse] button to select the PPK file created by converting from the PEM file, and then click the [Open] button.
- Please refer to Authentication key (PEM) conversion for more information about converting PEM files.
Once a tunnel is created, PuTTY can save the session and load it when needed.
- To save a session, enter the session name in Load, save or delete a stored session's Saved Sessions input window, and then click [Save].
- To run a session, select the session from the Saved Sessions list, and then click the [Open] button.
Set tunnel in browser
Using the Mozilla Firefox browser is recommended in this stage, as it provides the same proxy settings on all platforms. To use tunnels on other latest browsers like Google Chrome, extensions such as FoxyProxy may be required.
This guide explains how to configure your browser to use the allowed port (e.g., 9876) when creating the localhost and SOCKS v5 proxy tunnels.
Using Firefox
The following describes how to set tunnels in the Firefox browser.
- In the Firefox browser, click Settings > General and then click the [Settings] button in Network Settings.
- In the connection settings pop-up window, configure as shown in the screen below, and then click the [OK] button.
Using macOS + Chrome
The following describes how to set tunnels in the Chrome browser in macOS environment.
- Run cmd.
- Enter the following command to execute.
/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --proxy server="socks5://127.0.0.1:9876"
Using Windows + Chrome
The following describes how to set tunnels in the Chrome browser in Windows environment.
- Right-click the Chrome icon, and then select Properties.
- Enter
--proxy-server="socks5://127.0.0.1:9876"
at the end of the Shortcut tab's Target, and then click the [OK] button.
Access web UI in browser
You cannot access the page in Ambari UI > Quick Links before setting up tunneling, but you can see that you are connected to the Web UI after setting the browser. For example, if the active ResourceManager component is located in the host m-002-cluster-test-hd
, you can access the Resource Manager UI from http://m-002-cluster-test-hd:8088/cluster
.
In the case of the Web UI that was previously accessed without tunneling, after tunneling, the public IP address part of the existing address must be modified to the private IP address or host name of the node to which the public IP address is assigned before access.
For example, if you were able to access the Ambari UI with the address such as http://pub-adqs.hadoop.ntruss.com:8080/#/login
before tunneling, then you will be able to access it with http://m-001-cluster-test-hd:8080/#/login
after tunneling.
After setting the proxy-server, you must restart all web browsers for the proxy to work properly.