Access the Web UI with Tunneling

Prev Next

Available in VPC

By default, you can access the Ambari Web UI using the cluster administrator account and password you entered when creating the cluster. However, the following web UIs, such as the HDFS NameNode UI, can only be accessed via SSH tunneling.

  • HDFS NameNode UI
  • YARN Resource Manager UI
  • Spark Job History UI
  • Oozie Web UI
  • HBase Master UI

Preliminary tasks

To establish an SSH tunneling connection, the following preliminary tasks are required:

Item Description Guide
Configure ACG Add the IP and port 22 of the device to access the cluster's ACG settings
  • Access source: User's static IP (Can be entered by clicking [myIp])
 Firewall settings (ACG)
Authentication key Private key (.pem) required for access to the cluster Manage authentication key for direct cluster access
Domain Domain address required for access to cluster nodes Check cluster details

1. Check domain within cluster

To check which domain is assigned to a cluster:

  1. From the NAVER Cloud Platform console's VPC environment, navigate to i_menu > Services > Big Data & Analytics > Cloud Hadoop.
  2. After selecting a cluster from the cluster list, check whether a domain is assigned in the Domain section of the details.
    cloudhadoop-clusterlist-domein_ko

2. Set ACG rules

To change the ACG rules of a cluster:

  1. In the VPC environment on the NAVER Cloud Platform console, navigate to i_menu > Services > Compute > Server > ACG.
  2. Select the ACG of the cluster you want to access and click [Set ACG].
    cloudhadoop-server-acg1_ko
  3. Enter the following 4 information items and add ACG Rule:
    • Protocol: TCP
    • Access source: IP of the local device that communicates with SSH
    • Allowed port: 22
    • Note (optional)
      chadoop-3-3-02_ko

Create tunnel

Depending on your environment, tunneling can be done in one of 2 ways. Once tunneling is complete, traffic sent from your local computer to port 9876 will be routed to the cluster's edge node.

Method 1: Create a tunnel using SSH commands
Method 2: Create a tunnel using PuTTY

Method 1: Create a tunnel using SSH commands

SSH (Secure Shell) tunneling connects a port on your local computer to an edge node in your Cloud Hadoop cluster with a domain address and port that is allowed.

Traffic sent to the local port is routed to the corresponding edge node via an SSH connection. It appears as if it originated from the edge node and the response is rerouted through the tunnel.

Create an SSH tunnel by referring to the SSH commands in the following example:

  • The SSH user for clusters created in Cloud Hadoop is sshuser and cannot be changed.
  • Enter the authentication key and domain information from the preliminary tasks in <PEM-FILE-PATH> and <CLUSTER-DOMAIN>, respectively.
# ssh -i <PEM-FILE-PATH> -C2qTnNf -D 9876 sshuser@<CLUSTER-DOMAIN>
ssh -i ~/Download/sample-key.pem -C2qTnNf -D 9876 sshuser@pub-XXXX.hadoop.ntruss.com

The above commands create a connection to the cluster via SSH on local port 9876, routing traffic to it. The options are as follows:

PORT Description
D 9876 Local port that routes traffic through the tunnel
C Web traffic is mostly text, so all data is compressed
2 Force SSH to attempt only protocol version 2
q Automatic mode
T Disable false tty allocation after port forwarding
n STDIN not read after port forwarding
N Do not execute remote commands after port forwarding
f Run in background

Method 2: Create a tunnel using PuTTY

To create a tunnel using PuTTY:

  1. Run PuTTY. (Download PuTTY)
  2. Select Session from the Category window and enter as below in each of the settings fields.
    • HostName (or IP address): sshuser@DNS (Enter the domain of the relevant cluster in DNS among sshuser@DNS)
    • Port: 22
  3. In the Category window, click Connection > SSH > Tunnels.
  4. Enter the following information in the Options controlling SSH port forwarding form and click [Add].
    • Source port: Port of the client you want to forward to (e.g., 9876)
    • Destination: Domain address of the relevant cluster
    • Dynamic: Enable dynamic SOCKS proxy routing
  5. In the Category window, select Connection > SSH > Auth > Credentials.
  6. Click [Browse] under Private key file for authentication to select the PPK file created by converting the PEM file, and then click [Open].
Note

For earlier versions than PuTTY 0.78, Private key file for authentication can be selected in Connection > SSH > Auth.

Note

Once a tunnel is created, you can save the session in PuTTY and load it when needed.

  • To save a session, enter the session name in the Saved sessions input field under Load, save or delete a stored session, and then click [Save].
  • To run a session, select the session from the Saved Sessions list, and then click [Open].

Configure tunnel in browser

For this step, we recommend using the Mozilla Firefox browser, which provides consistent proxy settings across all platforms. Other modern browsers (e.g. Google Chrome) may require an extension such as FoxyProxy to work with the tunnel.

This guide explains how to configure your browser to use an allowed port (e.g. 9876) when creating a SOCKS v5 proxy tunnel with localhost.

When using Firefox

To set up a tunnel in the Firefox browser:

  1. In the Firefox browser, click df-quick-start_i-firefox > Settings > General, then click [Settings] under Network Settings.
  2. In the connection settings popup, configure the settings as shown below and click [OK].
    hadoop-chadoop-proxy1_ko

When using macOS Chrome

To set up a tunnel in the Chrome browser on macOS:

  1. Run cmd.
  2. Enter and execute the following command:
/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --proxy server="socks5://127.0.0.1:9876"

When using Windows Chrome

To set up a tunnel in the Chrome browser on Windows:

  1. Right-click the Chrome icon, and then select Properties.
  2. Enter --proxy-server="socks5://127.0.0.1:9876" at the end of the Target (T) text in the [Shortcut] tab, and then click [OK].
    chadoop-2-1-106_ko

Access Web UI from a browser

Before setting up a tunnel, you will not be able to access the page in Ambari Metrics > Quick Links, but after configuring your browser, you will be able to access the Web UI. For example, if the Active ResourceManager component is on host m-002-cluster-test-hd, you can access the Resource Manager UI at http://m-002-cluster-test-hd:8088/cluster.

To access Web UIs that were previously accessible without tunneling after tunneling, you must change the domain address of the existing address to a private IP address or host name.
For example, if you originally accessed the Ambari UI at an address like http://pub-adqs.hadoop.ntruss.com:8443/#/login without tunneling, you can access it at http://m-001-cluster-test-hd:8443/#/login after tunneling.

Caution

After setting up a proxy server, you will need to restart all your web browsers for them to work properly.