Updated on 2022-06-09 GMT+08:00

Creating an SSH Channel for Connecting to an MRS Cluster and Configuring the Browser

Scenario

Users and an MRS cluster are in different networks. As a result, an SSH channel needs to be created to send users' requests for accessing websites to the MRS cluster and dynamically forward them to the target websites.

The MAC system does not support this function. For details about how to access MRS, see EIP-based Access.

Prerequisites

  • You have prepared an SSH client for creating the SSH channel, for example, the Git open-source SSH client. You have downloaded and installed the client.
  • You have created a cluster and prepared a key file in PEM format or obtained the password used during cluster creation.
  • Users can access the Internet on the local PC.

Procedure

  1. Log in to the MRS management console and choose Clusters > Active Clusters.
  2. Click the specified MRS cluster name.

    Record the security group of the cluster.

  3. Add an inbound rule to the security group of the Master node to allow data access to the IP address of the MRS cluster through port 22.

    For details, see Virtual Private Cloud > User Guide > Security > Security Group > Adding a Security Group Rule.

  4. Query the primary management node of the cluster. For details, see Determining Active and Standby Management Nodes of Manager.
  5. Bind an elastic IP address to the primary management node.

    For details, see Virtual Private Cloud > User Guide > Elastic IP > Assigning an EIP and Binding It to an ECS.

  6. Start Git Bash locally and run the following command to log in to the active management node of the cluster: ssh root@Elastic IP address or ssh -i Path of the key file root@Elastic IP address.
  7. Run the following command to view data forwarding configurations:

    cat /etc/sysctl.conf | grep net.ipv4.ip_forward

    • If net.ipv4.ip_forward=1 is displayed, the forwarding function has been configured. Go to 9.
    • If net.ipv4.ip_forward=0 is displayed, the forwarding function has not been configured. Go to 8.
    • If net.ipv4.ip_forward fails to be queried, this parameter has not been configured. Run the following command and then go to 9:

      echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf

  8. Modify forwarding configurations on the node.

    1. Run the following command to switch to user root:

      sudo su - root

    2. Run the following commands to modify forwarding configurations:

      echo 1 > /proc/sys/net/ipv4/ip_forward

      sed -i "s/net.ipv4.ip_forward=0/net.ipv4.ip_forward = 1/g" /etc/sysctl.conf

      sysctl -w net.ipv4.ip_forward=1

    3. Run the following command to modify the sshd configuration file:

      vi /etc/ssh/sshd_config

      Press I to enter the edit mode. Locate AllowTcpForwarding and GatewayPorts and delete comment tags. Modify them as follows. Save the changes and exit.

      AllowTcpForwarding yes
      GatewayPorts yes
    4. Run the following command to restart the sshd service:

      service sshd restart

  9. Run the following command to view the floating IP address:

    ifconfig

    In the command output, eth0:FI_HUE indicates the floating IP address of Hue and eth0:wsom specifies the floating IP address of Manager. Record the value of inet.

    Run the exit command to exit.

  10. Run the following command on the local PC to create an SSH channel supporting dynamic port forwarding:

    ssh -i Path of the key file -v -ND Local port root@Elastic IP address or ssh -v -ND Local port root@Elastic IP address. After running the command, enter the password you set when you create the cluster.

    In the command, set Local port to the user's local port that is not occupied. Port 8157 is recommended.

    After the SSH channel is created, add -D to the command and run the command to start the dynamic port forwarding function. By default, the dynamic port forwarding function enables a SOCKS proxy process and monitors the user's local port. Port data will be forwarded to the primary management node using the SSH channel.

  11. Run the following command to configure the browser proxy.

    1. Go to the Google Chrome client installation directory on the local PC.
    2. Press Shift and right-click the blank area, choose Open Command Window Here and enter the following command:

      chrome --proxy-server="socks5://localhost:8157" --host-resolver-rules="MAP * 0.0.0.0 , EXCLUDE localhost" --user-data-dir=c:/tmppath --proxy-bypass-list="*google*com,*gstatic.com,*gvt*.com,*:80"

      • In the preceding command, 8157 is the local proxy port configured in 10.
      • If the local OS is Windows 10, start the Windows OS, click Start and enter cmd. In the displayed CLI, run the command in 11.b. If this method fails, click Start, enter the command in the search box, and run the command in 11.b.

  12. In the address box of the browser, enter the address for accessing Manager.

    Address format: https://Floating IP address of FusionInsight Manager:28443/web

    The username and password of the MRS cluster need to be entered for accessing clusters with Kerberos authentication enabled, for example, user admin. They are not required for accessing clusters with Kerberos authentication disabled.

    When accessing Manager for the first time, you must add the address to the trusted site list.

  13. Prepare the website access address.

    1. Obtain the website address format and the role instance according to Web UIs.
    2. Click Services.
    3. Click the specified service name, for example, HDFS.
    4. Click Instance and view Service IP Address of NameNode(Active).

  14. In the address bar of the browser, enter the website address to access it.
  15. When logging out of the website, terminate and close the SSH tunnel.