Help Center/ MapReduce Service/ User Guide/ Managing Clusters/ Accessing MRS Manager
Updated on 2024-09-23 GMT+08:00
View PDF
Share

Accessing MRS Manager

Scenario

MRS allows you to oversee, adjust, and handle clusters on Manager. Once the cluster is set up, you can access Manager as user admin.

Currently, you can access Manager using the following methods:

  • Accessing MRS Manager Using an EIP: You can bind an EIP to the cluster to access the MRS Manager GUI and open source components managed in the cluster. This method is suggested as it is more user-friendly.
  • Accessing MRS Cluster Manager Using Direct Connect: Direct Connect is a high-speed, low-latency, stable, and secure dedicated network connection that connects your local data center to an online cloud VPC. It extends online cloud services and existing IT facilities to build a flexible, scalable hybrid computing environment.

    You need to ensure that Direct Connect is available, and the connection between the local data center and the online VPC has been established. For details, see What Is Direct Connect?

    You can switch between EIP access and Direct Connect access on the MRS console as follows: Log in to the MRS console, click next to MRS Manager on the Dashboard page of the target MRS cluster, and switch between the two access methods on the displayed page.

  • Accessing MRS Manager Through an ECS: Access Manager through an ECS that is in the same VPC as the MRS cluster. This method is complex and is recommended when the EIP function is not supported.
  • Configuring an SSH Tunnel to Access MRS Manager: Users and an MRS cluster are in different networks. As a result, an SSH tunnel needs to be created to send users' requests for accessing websites to the MRS cluster and dynamically forward them to the target websites.

Prerequisites

Make sure the cluster is not in the starting, stopping, stopped, deleting, deleted, or frozen state before accessing MRS Manager.

Accessing MRS Manager Using an EIP

  1. Log in to the MRS management console.
  2. In the navigation pane, choose Active Clusters. Click the target cluster name to access the cluster details page.
  3. Click Access Manager next to MRS Manager. In the displayed dialog box, select EIP and configure the EIP information.

    1. If no EIP is bound when the MRS cluster is created, select an available EIP from the EIP drop-down list. Otherwise, perform the operations in 3.b.
      • If no available EIPs are displayed, click Manage EIP to create one. An EIP can be bound to only one MRS cluster.
      • To unbind or release an EIP, log in to the EIPs page, locate the row containing the target EIP, and click Unbind or choose More > Release in the Operation column.
    2. In Security Group, select the security group to which the current cluster belongs. The security group is configured during cluster creation or is automatically created by the cluster.
      If you want to view, modify, or delete a security group rule, click Manage Security Group Rule.
      • "MRS Manager public ip access control rule" is automatically added to the Description column of the added security group. To view this description, choose Manage Security Group Rule, click Security Group, and click Inbound Rules.
        Figure 1 Adding a security group rule to the MRS cluster
      • It is normal that the automatically generated public IP address is different from your local IP address and no action is required.
      • Port 9022 is the Knox port of the MRS cluster. Therefore, you need to enable the permission to access the port to access Manager.
    3. Select the information to be confirmed and click OK. The Manager login page is displayed.

  4. Enter the default username admin and the password set during cluster creation, and click Log In. The Manager page is displayed.
  5. To grant users in other network segments the permission to access Manager, you can modify the security group and add the IP address range for the users to access the public network.

    1. Click Add Security Group Rule next to EIP.
      Figure 2 Cluster details
    2. On the Add Security Group Rule page, add the IP address segment for users to access the public network and select I confirm that public network IP/port is a trusted public IP address. I understand that using 0.0.0.0/0. poses security risks. See Figure 3.
      Figure 3 Adding a security group rule

      By default, the IP address segment used for accessing the public network is filled. You can change the IP address segment as required. To view, modify, or delete security group rules, click Manage Security Group Rule.

    3. Click OK.

Accessing MRS Cluster Manager Using Direct Connect

  1. Log in to the MRS console.
  2. Click the name of the cluster to enter its details page.
  3. On the Dashboard page of the cluster details page, click Access Manager next to MRS Manager.
  4. Set Access Mode to Direct Connect and confirm that you understand the impact of the operation.

    The floating IP address is automatically allocated by MRS to access MRS Manager. Before using Direct Connect to access MRS Manager, ensure that the connection between the local data center and the online VPC has been established.

  5. Click OK. The MRS Manager login page is displayed. Enter the username admin and the password set during cluster creation.

Accessing MRS Manager Through an ECS

  1. Log in to the MRS console.
  2. On the Active Clusters page, click the name of the specified cluster.

    Record the AZ, VPC, and Security Group of the cluster.

  3. On the homepage of the management console, choose Service List > Elastic Cloud Server to switch to the ECS management console and create an ECS.

    • The AZ, VPC, and Security Group of the ECS must be the same as those of the cluster to be accessed.
    • Select a Windows public image. For example, a standard image Windows Server 2012 R2 Standard 64bit(40GB).
    • For details about other configuration parameters, see Purchasing an ECS with Customized Configurations.

    If the security group of the ECS is different from Default Security Group of the Master node, you can modify the configuration using either of the following methods:

    • Change the security group of the ECS to the default security group of the Master node. For details, see Changing a Security Group.
    • Add two security group rules to the security groups of the Master and Core nodes to enable the ECS to access the cluster. Set Protocol to TCP, Ports of the two security group rules to 28443 and 20009, respectively. For details, see Creating a Security Group.

    If "Failed to add security group rules." is displayed, check whether the security group quota is sufficient. If more quotas are needed, increase the quotas or delete security group rules that are no longer used.

  4. On the EIP console, apply for an EIP and bind it to the ECS.

    For details, see Assigning an EIP and Binding It to an ECS.

  5. Log in to the ECS.

    The Windows system account, password, EIP, and security group rules are required for logging in to the ECS. For details, see Logging In to a Windows ECS.

  6. On the Windows remote desktop, use your browser to access Manager.

    The Manager access address is in the https://OMS floating IP address:28443/web format. Enter the name and password of the cluster user, for example, user admin.

    • To obtain the floating IP address of OMS, log in to the Master2 node remotely, and run the ifconfig command. In the command output, eth0:wsom indicates the floating IP address of OMS. Record the value of inet. If the floating IP address of OMS cannot be queried on the Master2 node, switch to the Master1 node to query and record the floating IP address. If there is only one Master node, query and record the cluster manager IP address of the Master node.
    • If you access Manager with other cluster usernames, change the password upon your first access. The new password must meet the requirements of the current password complexity policies. For details, contact the administrator.
    • By default, a user is locked after inputting an incorrect password five consecutive times. The user is automatically unlocked after 5 minutes.

  7. Log out of FusionInsight Manager. To log out of Manager, move the cursor to in the upper right corner and click Log Out.

Configuring an SSH Tunnel to Access MRS Manager

Users and an MRS cluster are in different networks. As a result, an SSH tunnel needs to be created to send users' requests for accessing websites to the MRS cluster and dynamically forward them to the target websites.

The MAC system does not support this function. For details about how to access MRS, see Accessing MRS Manager Using an EIP.

Make sure the following prerequisites are met before proceeding with the operation:

  • You have prepared an SSH client for creating the SSH tunnel, for example, the Git open source SSH client. You have downloaded and installed the client.
  • You have created a cluster and prepared a key file in PEM format or obtained the password used during cluster creation.
  • Users can access the Internet on the local PC.
  1. Log in to the MRS console and click Active Clusters.
  2. Click the specified MRS cluster name.

    Record the security group of the cluster.

  3. Add an inbound rule to the security group of the master node to allow data access to the IP address of the MRS cluster through port 22.

    For details, see Adding a Security Group Rule.

  4. Query the primary management node of the cluster by referring to Checking MRS Active/Standby Management Nodes.
  5. Bind an elastic IP address to the primary management node of the cluster.

    For details, see Assigning an EIP and Binding It to an ECS.

  6. Start Git Bash locally and run the following command to log in to the active management node of the cluster:

    ssh root@EIP address

    Alternatively, run the following command:

    ssh -i Key file path root@EIP address

  7. View data forwarding configurations.

    cat /etc/sysctl.conf | grep net.ipv4.ip_forward

    • If net.ipv4.ip_forward=1 is displayed, the forwarding function has been configured. Go to 9.
    • If net.ipv4.ip_forward=0 is displayed, the forwarding function has not been configured. Go to 8.
    • If net.ipv4.ip_forward fails to be queried, this parameter has not been configured. Run the following command and then go to 9:

      echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf

  8. Modify forwarding configurations on the node.

    1. Switch to user root.

      sudo su - root

    2. Modify forwarding configurations.

      echo 1 > /proc/sys/net/ipv4/ip_forward

      sed -i "s/net.ipv4.ip_forward=0/net.ipv4.ip_forward = 1/g" /etc/sysctl.conf

      sysctl -w net.ipv4.ip_forward=1

    3. Modify the sshd configuration file.

      vi /etc/ssh/sshd_config

      Press I to enter the edit mode. Locate AllowTcpForwarding and GatewayPorts and delete comment tags. Modify them as follows. Save the changes and exit.

      AllowTcpForwarding yes
GatewayPorts yes
    4. Restart the sshd service.

      service sshd restart

  9. View the floating IP address.

    ifconfig

    In the command output, eth0:FI_HUE indicates the floating IP address of Hue, and eth0:wsom indicates the floating IP address of Manager. Record the value of inet.

    Run the exit command to exit.

  10. Run the following command on the local host to create an SSH tunnel that supports dynamic port forwarding:

    ssh -i Path of the key file -v -ND Local port root@EIP address

    Alternatively, run the following command:

    ssh -v -ND Local port root@EIP address

    Enter the password for creating the cluster as prompted.

    In the command, set Local port to the user's local port that is not occupied. Port 8157 is recommended.

    After the SSH tunnel is created, use -D to enable the dynamic port forwarding function. By default, the dynamic port forwarding function enables a SOCKS proxy process and monitors the user's local port. Port data will be forwarded to the primary management node using the SSH tunnel.

  11. Configure the browser proxy.

    1. Go to the Google Chrome client installation directory on the local PC.
    2. Press Shift and right-click the blank area, choose Open Command Window Here and enter the following command:

      chrome --proxy-server="socks5://localhost:8157" --host-resolver-rules="MAP * 0.0.0.0 , EXCLUDE localhost" --user-data-dir=c:/tmppath --proxy-bypass-list="*google*com,*gstatic.com,*gvt*.com,*:80"

      • In the preceding command, 8157 is the local proxy port configured in 10.
      • If the local OS is Windows 10, start the Windows OS, click Start and enter cmd. In the displayed CLI, run the command in 11.b. If this method fails, click Start, enter the command in the search box, and run the command in 11.b.

  12. In the address box of the browser, enter the address for accessing Manager.

    The Manager access address is in the https://Manager floating IP address:28443/web format.

    The username and password of the MRS cluster need to be entered for accessing clusters with Kerberos authentication enabled, for example, user admin. They are not required for accessing normal clusters with Kerberos authentication disabled.

    For the first access, add the site to the trusted site list as prompted to continue to open the page.

  13. When logging out of Manager, terminate and close the SSH tunnel.
Parent topic: Managing Clusters