Connect to manager node using SSH

Available in VPC

It describes how to connect using SSH to the manager node of the cluster created by the Search Engine Service.

Proceed with the following steps in order for SSH access.
1. Create target group
2. Create load balancer
3. Add listener
4. ACG settings of manager node
5. Connect to manager node using SSH

1. Create target group

To use the load balancer, first create a Target Group for port 80 and a Target Group for port 22.

1. From the NAVER Cloud Platform console, click the Services > Networking > Load Balancer menus, in that order.
2. Click the Target Group menu.
3. Click the [Create Target Group] button.
4. Enter the Target Group information to create, and then click the [Next] button.
   • Target Group name: enter the Target Group name
   • Target type: select VPC server
   • VPC: select the VPC where the cluster is installed
   • Protocol: select TCP
   • Port: enter 80
5. Enter the information for Health Check for the Target, and then click the [Next] button.
   • Protocol: select TCP
   • Port: enter 80
6. From the list of all targets, select the manager server whose server name is cluster name-m-code, and then click .
   • If the manager node is a duplex cluster, select two manager servers.
   • The selected server will be moved to the Apply Target.
7. Click the [Next] button.
8. After checking the information configured, click the [Create Target Group] button.
9. Enter the port entry as 22 and run procedure 3 to 8 one more time.

2. Create load balancer

Create a network load balancer for communication on the manager node.

1. From the NAVER Cloud Platform console, click the Services > Networking > Load Balancer menus, in that order.
2. Click the Load Balancer menu.
3. Click the [Create load balancer] button and then click the [Create network load balancer] button.
4. Enter the load balancer information to create, and then click the [Next] button.
   • Load balancer name: enter the load balancer name
   • Network: select Public IP
   • Target VPC: select the VPC where the cluster is installed
   • Select subnet: select the region where the cluster exists, and then select a dedicated subnet for the load balancer created in that region
     • : refresh the list of subnets held
     • [Create subnet]: go to Subnet Management menu where you can create a subnet
5. Select TCP in Protocol, enter 80 in the load balancer port, and then click the [Add] button.
6. Click the [Next] button.
7. From the Target Group drop-down menu, select the Target Group for Port 80 created in 1. Create Target Group and click the [Next] button.
8. Check the settings information, and then click the [Create load balancer] button.

3. Adding listener

Add a Target Group for SSH connection to the listener of the created load balancer.

1. Select the load balancer that you created in 2. Create load balancer, and then click the [Change listener settings] button.
2. Click the [Add listener] button.
3. Enter information and click the [OK] button.
   • Protocol: select TCP
   • Port: enter 22
   • Target Group: select the Target Group for port number 22

4. ACG settings of manager node

Set up ACG rules for connecting to the manager node.

1. From the NAVER Cloud Platform console, click the Services > Big Data & Analytics > Search Engine Service menus, in that order.
2. Click the Cluster menu.
3. Click the cluster to which you want to connect using SSH, check the Manager node ACG, and click .
4. Select the manager node ACG checked in step 3 and click the [Set ACG].
5. Enter the following ACG rules in the [Inbound] tab and then click the [Add] button.
   • Rules for the load balancer to access the manager node
     • Protocol: select TCP
     • Access source: enter the IP address range for the subnets dedicated to the load balancer
     • Allowed port: enter 1-65535
   • Rules for SSH access
     • Protocol: select TCP
     • Access source: click the [myIp] button to enter your public IP address
     • Allowed port: enter 22
6. Click the [Apply] button.

5. Connect to manager node using SSH

You can access using SSH directly from the outside to the manager node to which the load balancer is assigned.

• The authentication key (.pem file) set in the cluster is required.
  • If you lose the authentication key, you can reset the authentication key in the Search Engine Service > Cluster > Manage server access > Change authentication key for direct cluster access menu.

The method of SSH connection to the manager node by operating system is as follows:

• For macOS or Linux
• For Windows

For macOS or Linux

For macOS or Linux, the method of SSH connection to the manager node is as follows:

1. Run the terminal program.

   • For macOS X: Application > Utilities > Terminal
   • For Linux: Application > Accessories > Terminal

2. Run the following command to navigate to the path (/path) where the authentication key file is located.

   cd /path
   

3. Run the following command to change the authentication key file (key.pem) so that it is not publicly visible.

   chmod 400 key.pem
   

4. Run the following command:

   ssh -i /path/key.pem sshuser@"로드 밸런서 IP 주소"
   

   • Load balancer IP address: check the connection information of the load balancer in the Services > Networking > Load Balancer > Load Balancer menu

5. If you see a security warning, enter yes to access the manager node server.

For Windows

PuTTY does not support by default the authentication key format (.pem) created by the Search Engine Service. Therefore, you must access the server after converting the authentication key to the format (.ppk) used by PuTTY.

Authentication key conversion

The following is how to convert .pem file to .ppk file using PuTTYgen provided by PuTTY:

1. Run PuTTYgen.
2. Click the [Load] button, select the authentication key file (.pem), and then click the [Open] button.
   • Select the option to display all types of files to locate .pem file.
     
3. Select RSA in the Type of key to generate entry, and then click the [Save private key] button.
   
4. If you see a warning window for saving a key without a password, click the [Yes] button and save it with the same name as the existing authentication key.
   • The .ppk file extension is automatically added.

Server access

The following is how to access the server using the converted authentication key:

1. Run Putty.
2. In Category, click Connection > SSH > Auth, in this order.
   
3. Click the [Browse] button.
4. Select the converted authentication key file (.ppk) and then click the [Open] button.
5. Click Session in Category.
6. Enter the information to access the server.
   
   • Host Name (or IP address): enter sshuser@load balancer IP address
     • Load balancer IP address: check the connection information of the load balancer in the Services > Networking > Load Balancer > Load Balancer menu in the console
   • Port: enter 22
   • Connection type: select SSH
7. Click the [Open] button to access the manager server.