Web UI connection using tunneling

Available in Classic

By default, you can access the Ambari web UI by using the cluster admin account and password you entered when creating the cluster. However, the web UIs below including HDFS name node UI can only be accessed via SSH tunneling.

• HDFS NameNode UI
• YARN Resource Manager UI
• Spark JobHistory UI
• Oozie web UI
• HBase Master UI

Preparations

Establishing SSH tunneling connection requires the following preparations.

1. Check the node inside the cluster with a public IP address assigned

The following describes how to check the node inside the cluster with a public IP address assigned.

1. From the NAVER Cloud Platform console, click the Services > Big Data & Analytics > Cloud Hadoop menus, in that order.
2. Select the cluster from the cluster list, and then check if a public IP is assigned from the Public IP (Assigned) item in details.
   

2. Set ACG rules

The following describes how to change the cluster's ACG rules.

1. From the NAVER Cloud Platform console, click the Services > Compute > Server > ACG menus, in that order.
2. Select the ACG of the cluster to access, and then click the [Set ACG] button.
   
3. Enter the four information items below and add ACG rules.
   • Protocol: TCP
   • Access source: IP of the local device used for SSH communication
   • Allowed port: 22
   • Note (optional)
     

Create tunnel

You can choose one of two methods to create a tunnel, depending on your environment. When the tunneling is complete, traffic from the local computer to Port 9876 will be routed to the cluster’s master node.

Method 1: Create tunnel using SSH
Method 2: Create tunnel using PuTTY

Method 1: Create tunnel using SSH

SSH (Secure Shell) tunneling connects the port on the local machine to the Cloud Hadoop cluster's master node, where a public IP address is assigned and there's an allowed port.

Traffic sent to the local port is routed through the SSH connection to its master node. It will appear as if it originated from the master node, and the response will be rerouted through the tunnel.

Refer to the SSH command statement in the following example to create a SSH tunnel.

• The SSH user in the cluster created in Cloud Hadoop is sshuser, and it can't be changed.
• Enter the authentication key and public IP information with the preparations completed to <PEM-FILE-PATH> and <PUBLIC_IP> respectively.

# ssh -i <PEM-FILE-PATH> -C2qTnNf -D 9876 sshuser@<PUBLIC_IP>
ssh -i ~/Download/sample-key.pem -C2qTnNf -D 9876 sshuser@10.10.10.10

The command above creates a connection that routes traffic from local Port 9876 to the cluster via SSH. Options are as follows.

Method 2: Create tunnel using PuTTY

The following describes how to create a tunnel using PuTTY.

1. Run PuTTY. (Download PuTTY)
2. Select Session from the Category window, and enter as below in each of the settings field.
   • HostName (or IP address): sshuser@DNS (Enter the cluster's public IP in DNS among sshuser@DNS)
   • Port: 22
3. In the Category window, click the Connection > SSH > Tunnels item.
4. Enter the following information in the Options controlling SSH port forwarding template, and then click the [Add] button.
   • Source port: Port of the client to forward (e.g., 9876)
   • Destination: Public IP address or public domain address of the cluster
   • Dynamic: Enable dynamic SOCKS proxy routing
5. In the Category window, select Connection > SSH to expand, and then click the Auth item.
6. Click the [Browse] button to select the PPK file created by converting from the PEM file, and then click the [Open] button.
   • Please refer to Authentication key (PEM) conversion for more information about converting PEM files.

Set tunnel in browser

Using the Mozilla Firefox browser is recommended in this stage, as it provides the same proxy settings on all platforms. To use tunnels on other latest browsers like Google Chrome, extensions such as FoxyProxy may be required.

This guide explains how to configure your browser to use the allowed port (e.g., 9876) when creating the localhost and SOCKS v5 proxy tunnels.

• Using Firefox
• Using macOS + Chrome
• Using Windows + Chrome

Using Firefox

The following describes how to set tunnels in the Firefox browser.

1. In the Firefox browser, click Settings > General and then click the [Settings] button in Network Settings.
2. In the connection settings pop-up window, configure as shown in the screen below, and then click the [OK] button.
   

Using macOS + Chrome

The following describes how to set tunnels in the Chrome browser in macOS environment.

1. Run cmd.
2. Enter the following command to execute.

/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --proxy server="socks5://127.0.0.1:9876"

Using Windows + Chrome

The following describes how to set tunnels in the Chrome browser in Windows environment.

1. Right-click the Chrome icon, and then select Properties.
2. Enter --proxy-server="socks5://127.0.0.1:9876" at the end of the Shortcut tab's Target, and then click the [OK] button.
   

Access web UI in browser

You cannot access the page in Ambari UI > Quick Links before setting up tunneling, but you can see that you are connected to the Web UI after setting the browser. For example, if the active ResourceManager component is located in the host m-002-cluster-test-hd, you can access the Resource Manager UI from http://m-002-cluster-test-hd:8088/cluster.

In the case of the Web UI that was previously accessed without tunneling, after tunneling, the public IP address part of the existing address must be modified to the private IP address or host name of the node to which the public IP address is assigned before access.
For example, if you were able to access the Ambari UI with the address such as http://pub-adqs.hadoop.ntruss.com:8080/#/login before tunneling, then you will be able to access it with http://m-001-cluster-test-hd:8080/#/login after tunneling.