Login
      Contents x
      Connecting to a cluster node via SSH
        • Print
        • PDF
        Contents

        Connecting to a cluster node via SSH

          • Print
          • PDF
          Article Summary

          The latest service changes have not yet been reflected in this content. We will update the content as soon as possible. Please refer to the Korean version for information on the latest updates.

          Available in VPC

          You can submit management tasks or applications through NAVER Cloud Platform's Cloud Hadoop console or Web UI (Ambari, Hue, etc.). However, SSH connection to the cluster node is required for executing the client directly.

          Note

          If you connect through SSH to the cluster's assigned domain, the connection will be made to the cluster's edge node. Other nodes can be accessed from the edge node through SSH. For more details, see 2. Connect to cluster node.

          Preparations

          In order to access a cluster node, the following preparations need to be made.

          ItemDescriptionGuide
          Set SSL VPNSecure access from the outside to the network configured within NAVER Cloud Platform
        • Add VPN bandwidth in Route Table of Subnet
        • Download, install, and run SSL VPN client
          		• SSL VPN user guide (VPC)
          Set ACGAdd the IP and Port 22 of equipment to access ACG settings of the relevant cluster
        • Access source: fixed IP of user (You can enter it by clicking the [myIp] button)
          		• Firewall settings (ACG)
          Authentication keyPrivate key (.pem) required for access to the clusterManaging authentication key for direct cluster connection
          DomainDomain address required for access to the cluster nodeCheck cluster details

          1. Set SSL VPN

          SSL VPN must be set for secure access to be established from the outside to the network within NAVER Cloud Platform.
          Create and set SSL VPN according to the following steps:

          a. Create SSL VPN

          1. Access the NAVER Cloud Platform console.
          2. Click VPC from the Platform menu to switch to the VPC environment.
          3. Click the Services > Security > SSL VPN menus, in that order.
          4. Click the [Create SSL VPN] button and create a VPN.
            • Creation is complete once the status changes to Running.
              cloudhadoop-sslvpn-create_ko
          5. Check the VPN access path from the email sent when the SSL VPN creation is completed.
            • You must add the SSL VPN access route to the subnet's route table. Make sure to check your email.
              chadoop-3-2-04-01_en.png
          6. Select the SSL VPN you are operating as follows and click the [User Settings] button.
            chadoop-3-2-05-1_ko.png
          7. After adding the SSL VPN user information to the user settings window, click the [Apply] button. Every time you connect to the VPN in the future, you will receive an OTP verification code through the email and SMS entered by the user.
            cloudhadoop-sslvpn-usersetting1_ko

          b. Add VPN range to subnet's route table

          The following describes how to add a VPN range to the subnet's route table.

          1. From the NAVER Cloud Platform console, click the Services > Networking > VPC > Route Table menus, in that order.
            • You can see that a route table has been created for each subnet of Cloud Hadoop you have created.
          2. Select the route table you want to access and then click the [Set routes] button.
            chadoop-2-1-007_en.png
          3. Enter the following three items and create a table entry.
            • Destination: SSL VPN's IP pool
            • Target Type: SSL VPN
            • Target name: SSL VPN created above
              chadoop-2-1-008_en.png
          4. Do the same for the other route tables.

          c. Download SSL VPN client

          To connect to the Cloud Hadoop cluster using the created SSL VPN, you need to install a client program.

          The following describes how to download and install the SSL VPN client.

          1. Download the SSL VPN Agent from Download SSL VPN.
          2. Unzip and install the client using the .dmg file for mac OS or the .zip file for Windows.

          After the installation is complete, you can view the following applications:
          chadoop-3-2-02_en.png

          Note

          In mac OS Catalina version, the Error 22 invalid parameter error may occur when you attempt to unzip the file. In such cases, using programs such as The Unarchiver instead of the default uninstaller (archive utility) will resolve the problem.

          d. Run SSL VPN client and access

          The following shows how to access the VPC selected when creating the VPN after running the installed SSL VPN client.

          1. Run the SSL VPN client you have installed.
          2. Enter the SSL VPN path received by email when creating the VPN, and click the [Connect] button.
            chadoop-3-2-03_en.png

          Once OTP authentication is complete, you can access the VPC selected when creating the VPN through SSL VPN. If you are accessing the same VPC/Subnet, you only need to perform steps a to d just once.

          2. Add fixed IP to ACG

          The following describes how to add a fixed IP to the cluster's ACG.

          1. From the NAVER Cloud Platform console, click the Services > Compute > Server > ACG menus, in that order.
          2. Select the ACG of the cluster you want to access, and click the [ACG settings] button.
          3. Enter the following four items and add an ACG Rule.
            • Protocol: TCP
            • Access source: IP of the local equipment used for SSH communication
            • Allowed port: 22
            • Note (optional)

          SSH connection in the mac OS

          It describes the access method using iTerm2. Even if other programs are used, the same action generates the same outcome.

          chmod 400 </path/to/pem-key>
ssh -i </path/to/pem-key>  sshuser@<cluster-domain>

          SSH connection in Windows

          It describes the access method using the PuTTY client. Even if other programs are used, the same action generates the same outcome.

          Proceed with the following steps in order.

          1. Authentication key (.pem) conversion

          PuTTY doesn't natively support the private key format (.pem) generated by Cloud Hadoop. You can use the PuTTYgen application provided by PuTTY to convert the authentication key into the format (.ppk) used by PuTTY. The private key must be converted to this format (.ppk) before PuTTY can be used to connect to the edge node.

          1. Run PuTTYgen. ([Download puttygen](https://www.chiark.greenend.org.uk/ ~ sgtatham/putty/latest.html){target="_blank"})
          2. Select RSA in Type of key to generate and click the [Load] button.
          3. Select the authentication key (*.pem), and then click the [Open] button.
            • To find a file in the PEM format, select the option to display all file types.
            • The PEM file is the file name of the authentication key that is currently applied to the cluster. This PEM file must be stored on the user's local PC.
            • If the PEM file is missing, the authentication key for connection can be changed from the Console > Manage server access > Manage authentication key for direct cluster connection menu. (See Managing authentication key for direct cluster connection)
          4. Check the details in the completion confirmation popup window, and then click the [OK] button.
          5. Click the [Save private key] button and save it as a ppk format file that can be used in PuTTY.
            • If PuTTYgen displays a warning message about saving a key without a password, then select the [Yes] button.
            • Save it with the same name as the previously generated authentication key. PuTTY automatically adds the .ppk file extension.

          2. Connect to cluster node

          1. Run PuTTY. (Download PuTTY)
          2. Select Session from the Category window, and enter as below in each of the settings field.
            • HostName (or IP address): sshuser@DNS (Enter the domain address of the cluster in DNS among sshuser@DNS)
            • Port: 22
          3. In the Category window, select Connection > SSH > Auth > Credentials.
          4. In Private key file for authentication, click the [Browse] button to select the .ppk file created by converting the .pem file, and then click the [Open] button.
          5. Check if the connection to the edge node has been established successfully as follows:
            chadoop-2-1-116_en.png
          Note

          For PuTTY versions prior to 0.78, Private key file for authentication can be selected in Connection > SSH > Auth.

          Note

          You can check the private IP and host name of each node in the Ambari UI > Hosts menu. For instructions on accessing the Ambari UI, see the Ambari UI guide.

          • Connect to the edge node and enter ssh {master node host name} or ssh {master node Private IP} to access the master node (for example, m-001, m-002).

            chadoop-2-1-node.png

          • Data nodes (for example, d-001, d-002) can also be accessed in the same way as the master node. Connect to the edge node and connect ssh {data node host name} or ssh {data node Private IP}.

            chadoop-2-1-node2.png

          Was this article helpful?
          What's Next
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout