Web UI connection using tunneling

Available in VPC

By default, you can access the Ambari web UI by using the cluster admin account and password you entered when creating the cluster. However, the web UIs below including HDFS name node UI can only be accessed via SSH tunneling.

• HDFS NameNode UI
• YARN Resource Manager UI
• Spark JobHistory UI
• Oozie Web UI
• HBase Master UI

Preparations

Establishing SSH tunneling connection requires the following preparations.

1. View in-cluster domain

The following describes how to view the domain assigned within the cluster.

1. From the NAVER Cloud Platform console, click the Services > Big Data & Analytics > Cloud Hadoop menus, in that order.
2. Select the cluster from the cluster list, and then check if a domain is assigned from the Domain item in details.
   

2. Set ACG rules

The following describes how to change the cluster's ACG rules.

1. From the NAVER Cloud Platform console, click the Services > Compute > Server > ACG menus, in that order.
2. Select the ACG of the cluster to access, and then click the [Set ACG] button.
   
3. Enter the four information items below and add ACG rules.
   • Protocol: TCP
   • Access source: IP of the local device used for SSH communication
   • Allowed port: 22
   • Note (optional)
     

Create tunnel

You can choose one of two methods to create a tunnel, depending on your environment. When the tunneling is complete, traffic from the local computer to Port 9876 will be routed to the cluster’s edge node.

Method 1: Create tunnel using SSH
Method 2: Create tunnel using PuTTY

Method 1: Create tunnel using SSH

SSH (Secure Shell) tunneling connects the port on the local machine to the Cloud Hadoop cluster's edge node, where a public IP address is assigned and there's an allowed port.

Traffic sent to the local port is routed through the SSH connection to its edge node. It will appear as if it originated from the edge node, and the response will be rerouted through the tunnel.

Refer to the SSH command statement in the following example to create a SSH tunnel.

• The SSH user in the cluster created in Cloud Hadoop is sshuser, and it can't be changed.
• Enter the authentication key and information with the preparations completed to <PEM-FILE-PATH> and <CLUSTER-DOMAIN> respectively.

# ssh -i <PEM-FILE-PATH> -C2qTnNf -D 9876 sshuser@<CLUSTER-DOMAIN>
ssh -i ~/Download/sample-key.pem -C2qTnNf -D 9876 sshuser@pub-XXXX.hadoop.ntruss.com

The command above creates a connection that routes traffic from local Port 9876 to the cluster via SSH. Options are as follows.

Method 2: Create tunnel using PuTTY

The following describes how to create a tunnel using PuTTY.

1. Run PuTTY. (Download PuTTY)
2. Select Session from the Category window, and enter as below in each of the settings field.
   • HostName (or IP address): sshuser@DNS (Enter the cluster's domain in DNS among sshuser@DNS)
   • Port: 22
3. In the Category window, click the Connection > SSH > Tunnels item.
4. Enter the following information in the Options controlling SSH port forwarding template, and then click the [Add] button.
   • Source port: Port of the client to forward (e.g., 9876)
   • Destination: The domain address of the cluster
   • Dynamic: Enable dynamic SOCKS proxy routing
5. In the Category window, select Connection > SSH > Auth > Credentials.
6. In Private key file for authentication, click the [Browse] button to select the .ppk file created by converting the .pem file, and then click the [Open] button.
   • Please refer to Authentication key (PEM) conversion for more information about converting PEM files.

Set tunnel in browser

Using the Mozilla Firefox browser is recommended in this stage, as it provides the same proxy settings on all platforms. To use tunnels on other latest browsers like Google Chrome, extensions such as FoxyProxy may be required.

This guide explains how to configure your browser to use the allowed port (e.g., 9876) when creating the localhost and SOCKS v5 proxy tunnels.

• Using Firefox
• Using macOS + Chrome
• Using Windows + Chrome

Using Firefox

The following describes how to set tunnels in the Firefox browser.

1. Click Settings > General from the Firefox browser, and then click Network settings's [Settings] button.
2. In the connection settings pop-up window, configure as shown in the screen below, and then click the [Confirm] button.
   

macOS Chrome

The following describes how to set tunnels in the Chrome browser in macOS environment.

1. Run cmd.
2. Enter the following command to execute.

/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --proxy server="socks5://127.0.0.1:9876"

Windows Chrome

The following describes how to set tunnels in the Chrome browser in Windows environment.

1. Right-click the Chrome icon, and then select Properties.
2. Enter --proxy-server="socks5://127.0.0.1:9876" at the end of the [Shortcut] tab's Target, and then click the [OK] button.
   

Access web UI in browser

Before setting tunneling, the pages in the Ambari Quick Links can't be accessed. You can see that the web UI access can be made after setting the browser. For example, if the active ResourceManager component is located in the host m-002-cluster-test-hd, you can access the Resource Manager UI from http://m-002-cluster-test-hd:8088/cluster.

For Web UI, which was previously connected without tunneling, after tunneling, the domain address of the existing address must be modified to a private IP address or host name before accessing it.
For example, if you originally accessed the Ambari UI with an address such as http://pub-adqs.hadoop.ntruss.com:8443/#/login without tunneling, you can access it from http://m-001-cluster-test-hd:8443/#/login after tunneling.