Access cluster node through SSH

Prev Next

Available in VPC

You can submit management tasks or applications through NAVER Cloud Platform's Cloud Hadoop console or web UI (Ambari, Hue, etc.). However, SSH connection to the cluster node is required to execute the client directly.

Note

If you connect through SSH to the cluster's assigned domain, the connection will be made to the cluster's edge node. Other nodes can be accessed from the edge node through SSH. For more information, see 2. Access cluster node.

Preparations

In order to access a cluster node, the following preparations need to be made:

Item Description Guide
Set SSL VPN Secure access from the outside to the network configured within NAVER Cloud Platform.
  • Add VPN range to subnet's route table.
  • Download, install, and run SSL VPN client.
 SSL VPN user guide (VPC)
Set ACG Add the IP of the device and port 22 to access the cluster's ACG settings.
  • Access source: User's fixed IP (click [myIp] to enter).
 Set firewall (ACG)
Authentication key Private key (.pem) required for accessing the cluster. Manage authentication key for direct cluster access
Domain Domain address required for accessing the cluster node. Check cluster details

1. Set SSL VPN

SSL VPN must be set to ensure secure access from outside to the network configured within NAVER Cloud Platform.
Create and set SSL VPN according to the following steps:

a. Create SSL VPN

  1. In the VPC environment of the NAVER Cloud Platform console, navigate to i_menu > Services > Security > SSL VPN in order.
  2. Click [Create SSL VPN] and create a VPN.
    • Creation is complete once the status changes to Running.
      cloudhadoop-sslvpn-create_ko
  3. Check the VPN access path from the email sent when the SSL VPN creation is completed.
    • You must add the SSL VPN access route to the subnet's route table. Be sure to check your email.
      chadoop-3-2-04-01_ko
  4. Select the SSL VPN you are operating and click [User settings].
    chadoop-3-2-05-1_ko
  5. After adding the SSL VPN user information to the user settings window, click [Apply]. Every time you access VPN in the future, you will receive an OTP verification code through your email and SMS.
    cloudhadoop-sslvpn-usersetting1_ko

b. Add VPN range to subnet's route table.

To add VPN range to the subnet's route table:

  1. In the VPC environment of the NAVER Cloud Platform console, navigate to i_menu > Services > Networking > VPC > Route Table in order.
    • You can see that a route table has been created for each subnet of Cloud Hadoop you have created.
  2. Select the route table you want to access and click [Set routes].
    chadoop-2-1-007_ko
  3. Enter the following 3 items and create a table entry:
    • Destination: SSL VPN's IP pool
    • Target Type: SSL VPN
    • Target name: SSL VPN created above
      chadoop-2-1-008_ko
  4. Do the same for the other route tables.

c. Download SSL VPN client

To access the Cloud Hadoop cluster using the created SSL VPN, you need to install a client program.

To download and install the SSL VPN client:

  1. Download the SSL VPN Agent from Download SSL VPN.
  2. Unzip and install the client using the .dmg file for mac OS or the .zip file for Windows.

After the installation is complete, you can view the following applications:
chadoop-3-2-02_ko

Note

In the mac OS Catalina version, error 22, the invalid parameter error, may occur when you attempt to unzip the file. In such case, using programs such as The Unarchiver instead of the default uninstaller (archive utility) will resolve the problem.

d. Run and access SSL VPN client

To access the VPC selected when creating the VPN after running the installed SSL VPN client:

  1. Run the SSL VPN client you have installed.
  2. Enter the SSL VPN path received by email when creating the VPN and click [Connect].
    chadoop-3-2-03_ko

Once OTP authentication is complete, you can access the VPC selected when creating the VPN through SSL VPN. If you are accessing the same VPC/Subnet, you only need to perform steps a to d just once.

2. Add fixed IP to ACG

To add a fixed IP to the cluster's ACG:

  1. In the VPC environment of the NAVER Cloud Platform console, navigate to i_menu > Services > Compute > Server > ACG in order.
  2. Select the ACG of the cluster you want to access and click [ACG settings].
  3. Enter the following 4 information items and add ACG Rule:
    • Protocol: TCP
    • Access source: IP of the local device used for SSH communication
    • Allowed port: 22
    • Note (optional)

SSH connection in the mac OS

It describes the connection method using iTerm2. Even if other programs are used, the same action generates the same outcome.

chmod 400 </path/to/pem-key>
ssh -i </path/to/pem-key>  sshuser@<cluster-domain>
Note

sign_and_send_pubkey: If the No mutual signature supported error occurs, add the following contents to the ~/.ssh/config file, and then access it:

Host *
    PubkeyAcceptedKeyTypes +ssh-rsa

Access SSH in Windows environment

It describes the connection method using the PuTTY client. Even if other programs are used, the same action generates the same outcome.

Follow the steps below in order:

1. Convert authentication key (pem)

PuTTY does not natively support the private key format (.pem) generated by Cloud Hadoop. You can use the PuTTYgen application provided by PuTTY to convert the authentication key into the format (.ppk) used by PuTTY. The private key must be converted into this format (.ppk) before PuTTY can be used to connect to the edge node.

  1. Run PuTTYgen. (Download PuTTYgen)
  2. Select RSA in Type of key to generate and click [Load].
  3. Select the authentication key (*.pem) and then click [Open].
    • To find a file in PEM format, select the option that allows you to see files of all types.
    • The PEM file is the file name of the authentication key that is currently applied to the cluster. This PEM file must be stored on the user's local PC.
    • If the PEM file is missing, the authentication key for connection can be changed from Console > Manage server access > Manage authentication key for direct cluster access. (See Managing authentication key for direct cluster connection)
  4. Check the details on the Completion confirmation popup window and then click [OK].
  5. Click [Save private key] and save it in PPK format so that it can be used in PuTTY.
    • If PuTTYgen displays a warning message about saving a key without a password, select [Yes].
    • Save it using the same name as the previously generated authentication key. PuTTY automatically adds the .ppk file extension.

2. Access cluster node

  1. Run PuTTY. (Download PuTTY)
  2. Select Session in Category and enter as below:
    • HostName (or IP address): sshuser@DNS (Enter the domain address of the cluster in DNS among sshuser@DNS)
    • Port: 22
  3. Click Connection > SSH > Auth > Credentials in Category.
  4. Click [Browse] in Private key file for authentication to select the PPK file created by converting the PEM file, and then click [Open].
  5. Check if connection to the edge node has been established successfully as follows:
    chadoop-2-1-116_ko
Note

For earlier versions than PuTTY 0.78, Private key file for authentication can be selected in Connection > SSH > Auth.

Note

You can check the private IP and host name of each node in Ambari UI > Hosts. For more information on how to access Ambari UI, see the Ambari UI guide.

  • Connect to the edge node and enter ssh {master node host name} or ssh {master node Private IP} to access the master node (for example, m-001 or m-002).

    chadoop-2-1-node

  • Data nodes (for example, d-001 or d-002) can also be accessed in the same way as the master node. Connect to the edge node and connect to ssh {data node host name} or ssh {data node private IP}.

    chadoop-2-1-node2