Connect to manager node via SSH

Prev Next

Available in VPC

You can connect to the manager node of a Search Engine Service cluster via SSH.

Caution

NAVER Cloud Platform is not responsible for any issues or service disruptions caused by actions you perform after connecting to the cluster via SSH.

Follow these steps to connect via SSH.
1. Create target group
2. Create load balancer
3. Add listener
4. Configure manager node ACG
5. Connect to manager node via SSH

Note

Pricing information for using the load balancer depends on service runtime and data transfer. For more details about the Load Balancer pricing information, see Load Balancer on the NAVER Cloud Platform portal.

1. Create target group

To use the load balancer, first create one target group for port 80 and another for port 22.

Note

This section describes only the settings required for SSH access. For more information on creating target groups, see Create and manage Target Group in the Load Balancer user guide.

  1. In the VPC environment on the NAVER Cloud Platform console, navigate to i_menu > Services > Networking > Load Balancer.
  2. Click Target group.
  3. Click Create target group.
  4. Enter details for the target group, and then click [Next].
    • Target group name: Name the target group.
    • Target type: Select VPC server,
    • VPC: Select the VPC where the cluster is deployed.
    • Protocol: Select TCP.
    • Port: Enter 80.
  5. Enter information for Health Check, and click [Next].
    • Protocol: Select TCP.
    • Port: Enter 80.
  6. In the All targets list, select the manager server with the name format "cluster-name-m-code", then click i-ses-right.
    • If the cluster has redundant manager nodes, select 2 manager servers.
    • The selected servers move to the Applied targets.
  7. Click [Next].
  8. Review the settings, then click [Create target group].
  9. Enter 22 for the port, then repeat steps 3 through 8.

2. Create load balancer

Create a network load balancer for communication with the manager node.

Note
  • To create a load balancer, a dedicated load balancer subnet must already exist. For more information on creating subnets, see Create Subnet in the VPC user guide.
  • This section describes only the settings required for SSH access. For more information on network load balancers, see Create and manage Network Load Balancer in the Load Balancer user guide.
  1. In the VPC environment on the NAVER Cloud Platform console, navigate to i_menu > Services > Networking > Load Balancer.
  2. Click the Load Balancer menu.
  3. Navigate to [Create load balancer] > [Create network load balancer].
  4. Enter the load balancer detail, then click [Next].
    • Load balancer name: Name the load balancer.
    • Network: Select Public IP.
    • Target VPC: Select the VPC where the cluster is deployed.
    • Select subnet: Select the region where the cluster is deployed, then select the load balancer–dedicated subnet in that region.
      • i-ses-refresh: Refresh the subnet list.
      • [Create Subnet]: Go to the Subnet Management menu where you can create subnets.
  5. In the Protocol, select TCP, enter 80 as the load balancer port, then click [Add].
  6. Click [Next].
  7. From the Target group dropdown list, select the target group for port 80 created in Step 1. Create target group, then click [Next].
  8. Review the settings, then click [Create load balancer].

3. Add listener

Add a target group for SSH access to the listener of the created load balancer.

  1. 2. Create load balancer, select the load balancer created in it, and then click [Change listener settings].
  2. Click [Add listener].
  3. Enter the details, and click [OK].
    • Protocol: Select TCP.
    • Port: Enter 22.
    • Target Group: Select the target group for port 22.

4. Configure manager node ACG

Configure ACG rules to allow access to the manager node.

Note

This section describes only the settings required for SSH access. For more information on ACG, see ACG.

  1. In the VPC environment on the NAVER Cloud Platform console, navigate to i_menu > Services > Big Data & Analytics > Search Engine Service.
  2. Click the Cluster menu.
  3. Select the cluster for SSH access, check the manager node ACG, then click i-ses-window.
  4. Select the manager node ACG identified in the previous step, then click [Set ACG].
  5. In the [Inbound] tab, add the following ACG rules, then click [Add].
    • Load balancer access rule for the manager node
      • Protocol: Select TCP.
      • Access source: Enter the IP address range of the load balancer-dedicated subnet.
      • Allowed port: Enter 1-65535.
    • SH access rule
      • Protocol: Select TCP.
      • Access source: Click [myIp] and enter your public IP address.
      • Allowed port: Enter 22.
  6. Click [Apply].
Caution
  • Allowing access to the entire Internet (IP address: 0.0.0.0/0) can pose serious security risks and may affect cluster tasks.
  • Automatically created rules are required for managing Search Engine Service. Deleting or modifying these rules may impact cluster operation.

5. Connect to manager node via SSH

You can connect directly via SSH from an external network to the manager node assigned a load balancer.

  • An cluster authentication key (.pem file) configured is required.
    • If you lose the authentication key, you can reset it from Search Engine Service > Cluster > Manage server access > Change authentication key for direct cluster access.

To connect to the manager node via SSH based on your operating system:

For MacOS or Linux

To connect to the manager node via SSH on macOS or Linux:

  1. Launch a terminal.
    • For macOS: Application > Utilities > Terminal.
    • For Linux: Application > Accessories > Terminal.
  2. Run the following command to move to the directory where the authentication key file is located (/path).
    cd /path
  3. Run the following command to restrict access to the authentication key file (key.pem).
    chmod 400 key.pem
  4. Run the following command.
    ssh -i /path/key.pem sshuser@"load balancer IP address"
    • Load balancer IP address: In the VPC environment of the console, navigate to i_menu > Services > Networking > Load Balancer > Load Balancer to view the load balancer connection details.
  5. When a security prompt appears, enter yes to connect to the manager node.

For Windows

PuTTY does not natively support the authentication key format (.pem) generated by Search Engine Service. You must convert the key to a PuTTY-compatible format (.ppk)before connecting to the server.

Convert authentication key

To convert a .pem file to a .ppk file using PuTTYgen, which is provided with PuTTY:

  1. Run PuTTYgen.
  2. Click [Load], select the authentication key file (.pem), then click [Open].
    • To locate the .pem file, select the option to show all file types.
      ses-ssh-vpc_puttygenload
  3. In Type of key to generate, select RSA and click [Save private key].
    ses-ssh-vpc_puttygensave
  4. If a warning appears about saving the key without a password, click [Yes], then save the file with the same name as the original key.
    • The .ppk file extension is added automatically.

Connect to the server

To connect to the server using the converted authentication key:

  1. Run PuTTY.
  2. In Category, navigate to Connection > SSH > Auth.
    ses-ssh-vpc_puttyauth
  3. Click [Browse].
  4. Select the converted authentication key file (.ppk), then click [Open].
  5. In Category, click Session.
  6. Enter the server access details.
    ses-ssh-vpc_puttyconnect
    • Host Name (or IP address): Enter "sshuser@load balancer IP address."
      • Load balancer IP address: In the VPC environment of the console, navigate to i_menu > Services > Networking > Load Balancer > Load Balancer to view the load balancer connection details.
    • Port: Enter 22.
    • Connection type: Select SSH.
  7. Click [Open] to connect to the manager server.