- Print
- PDF
Web UI connection using tunneling
- Print
- PDF
Available in VPC
By default, you can access the Ambari web UI by using the cluster admin account and password you entered when creating the cluster. However, the web UIs below including HDFS name node UI can only be accessed via SSH tunneling.
- HDFS NameNode UI
- YARN Resource Manager UI
- Spark JobHistory UI
- Oozie Web UI
- HBase Master UI
Preparations
Establishing SSH tunneling connection requires the following preparations.
Item | Description | Guide |
---|---|---|
Set ACG | Add the IP and Port 22 of the device to access the cluster's ACG settings | Setting firewall (ACG) |
Authentication key | Private key (.pem) required for access to the cluster | Managing authentication key for direct cluster connection |
Domain | Domain address required for access to the cluster node | View cluster details |
1. View in-cluster domain
The following describes how to view the domain assigned within the cluster.
- From the NAVER Cloud Platform console, click the Services > Big Data & Analytics > Cloud Hadoop menus, in that order.
- Select the cluster from the cluster list, and then check if a domain is assigned from the Domain item in details.
2. Set ACG rules
The following describes how to change the cluster's ACG rules.
- From the NAVER Cloud Platform console, click the Services > Compute > Server > ACG menus, in that order.
- Select the ACG of the cluster to access, and then click the [Set ACG] button.
- Enter the four information items below and add ACG rules.
- Protocol: TCP
- Access source: IP of the local device used for SSH communication
- Allowed port: 22
- Note (optional)
Create tunnel
You can choose one of two methods to create a tunnel, depending on your environment. When the tunneling is complete, traffic from the local computer to Port 9876 will be routed to the cluster’s edge node.
Method 1: Create tunnel using SSH
Method 2: Create tunnel using PuTTY
Method 1: Create tunnel using SSH
SSH (Secure Shell) tunneling connects the port on the local machine to the Cloud Hadoop cluster's edge node, where a public IP address is assigned and there's an allowed port.
Traffic sent to the local port is routed through the SSH connection to its edge node. It will appear as if it originated from the edge node, and the response will be rerouted through the tunnel.
Refer to the SSH command statement in the following example to create a SSH tunnel.
- The SSH user in the cluster created in Cloud Hadoop is
sshuser
, and it can't be changed. - Enter the authentication key and
information with the preparations completed to <PEM-FILE-PATH>
and<CLUSTER-DOMAIN>
respectively.
# ssh -i <PEM-FILE-PATH> -C2qTnNf -D 9876 sshuser@<CLUSTER-DOMAIN>
ssh -i ~/Download/sample-key.pem -C2qTnNf -D 9876 sshuser@pub-XXXX.hadoop.ntruss.com
The command above creates a connection that routes traffic from local Port 9876 to the cluster via SSH. Options are as follows.
PORT | Description |
---|---|
D 9876 | Local port for routing traffic through the tunnel |
C | Web traffic is mostly text, so all data is compressed. |
2 | Force SSH to try protocol version 2 only. |
q | Auto mode |
T | Disable false tty assignment after port forwarding |
n | Do not read STDIN after port forwarding |
N | Do not execute remote command after port forwarding |
f | Run in the background |
Method 2: Create tunnel using PuTTY
The following describes how to create a tunnel using PuTTY.
- Run PuTTY. (Download PuTTY)
- Select Session from the Category window, and enter as below in each of the settings field.
- HostName (or IP address):
sshuser@DNS
(Enter the cluster's domain inDNS
amongsshuser@DNS
) - Port:
22
- HostName (or IP address):
- In the Category window, click the Connection > SSH > Tunnels item.
- Enter the following information in the Options controlling SSH port forwarding template, and then click the [Add] button.
- Source port: Port of the client to forward (e.g., 9876)
- Destination: The domain address of the cluster
- Dynamic: Enable dynamic SOCKS proxy routing
- In the Category window, select Connection > SSH > Auth > Credentials.
- In Private key file for authentication, click the [Browse] button to select the .ppk file created by converting the .pem file, and then click the [Open] button.
- Please refer to Authentication key (PEM) conversion for more information about converting PEM files.
For PuTTY versions prior to 0.78, Private key file for authentication can be selected in Connection > SSH > Auth.
Once a tunnel is created, PuTTY can save the session and load it when needed.
- To save a session, enter the session name in Load, save or delete a stored session's Saved Sessions input window, and then click [Save].
- To run a session, select the session from the Saved Sessions list, and then click the [Open] button.
Set tunnel in browser
Using the Mozilla Firefox browser is recommended in this stage, as it provides the same proxy settings on all platforms. To use tunnels on other latest browsers like Google Chrome, extensions such as FoxyProxy may be required.
This guide explains how to configure your browser to use the allowed port (e.g., 9876) when creating the localhost and SOCKS v5 proxy tunnels.
Using Firefox
The following describes how to set tunnels in the Firefox browser.
- Click Settings > General from the Firefox browser, and then click Network settings's [Settings] button.
- In the connection settings pop-up window, configure as shown in the screen below, and then click the [Confirm] button.
macOS Chrome
The following describes how to set tunnels in the Chrome browser in macOS environment.
- Run cmd.
- Enter the following command to execute.
/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --proxy server="socks5://127.0.0.1:9876"
Windows Chrome
The following describes how to set tunnels in the Chrome browser in Windows environment.
- Right-click the Chrome icon, and then select Properties.
- Enter
--proxy-server="socks5://127.0.0.1:9876"
at the end of the [Shortcut] tab's Target, and then click the [OK] button.
Access web UI in browser
Before setting tunneling, the pages in the Ambari Quick Links can't be accessed. You can see that the web UI access can be made after setting the browser. For example, if the active ResourceManager component is located in the host m-002-cluster-test-hd
, you can access the Resource Manager UI from http://m-002-cluster-test-hd:8088/cluster
.
For Web UI, which was previously connected without tunneling, after tunneling, the domain address of the existing address must be modified to a private IP address or host name before accessing it.
For example, if you originally accessed the Ambari UI with an address such as http://pub-adqs.hadoop.ntruss.com:8443/#/login
without tunneling, you can access it from http://m-001-cluster-test-hd:8443/#/login
after tunneling.
After setting the proxy-server, you must restart all web browsers for the proxy to work properly.