This topic describes how to configure security group rules and access the web UIs of open source components in an E-MapReduce (EMR) cluster. After you create a cluster, EMR binds several domain names to the cluster for you to access the web UIs of open source components.

Prerequisites

An EMR cluster is created. For more information, see Create a cluster.
Note An elastic IP address (EIP) is associated with the EMR cluster.

Configure security group rules

If you use a component for the first time, you must perform the following steps to configure security group rules:

  1. Obtain the public IP address of your on-premises machine.
    For security purposes, we recommend that you allow only access from the current public IP address when you configure a security group rule. To obtain your current public IP address, visit http://myip.ipip.net/. You can view your public IP address.
  2. Add security group rules.
    1. Log on to the Alibaba Cloud EMR console.
    2. In the top navigation bar, select the region where your cluster resides and select a resource group based on your business requirements.
    3. Click the Cluster Management tab.
    4. On the Cluster Management page, find your cluster and click Details in the Actions column.
    5. In the Network Info section of the Cluster Overview page, record the value of Network Type and click the link of Security Group ID.
    6. Enable the required ports.
      Notice To prevent attacks from external users, you are not allowed to set Authorization Object to 0.0.0.0/0.
      The following table lists the ports you need to enable to access the web UIs of different components.
      Component Port
      YARN 8443
      Note After Ranger is deployed in your cluster, you can access the web UI of Ranger.
      HDFS
      Spark History Server
      Ganglia
      Oozie
      Tez
      ImpalaCatalogd
      ImpalaStatestored
      Storm
      Ranger
      Zeppelin 8080
      Hue 8888
      For example, you can perform the following operations to enable port 8443:
      1. On the Security Group Rules page, click Add Security Group Rule in the upper-right corner.
      2. In the Add Security Group Rule dialog box, set Port Range to 8443/8443.
      3. Set Authorization Object to the public IP address obtained in Step 1.
      4. Click OK.
      Note
      • If the network type of the cluster is VPC, set NIC Type to Internal Network and Rule Direction to Inbound. If the network type of the cluster is classic network, set NIC Type to Internet and Rule Direction to Inbound. In this topic, the VPC network type is used.
      • When you configure inbound and outbound rules for applications, follow the principle of least privilege. Enable only the ports required by your applications.
    7. View the added rule on the Inbound tab.
      Rule configurations

      Network access is securely enabled and network configuration is complete.

Access the web UIs of open source components

  1. Log on to the Alibaba Cloud EMR console.
  2. In the top navigation bar, select the region where your cluster resides and select a resource group based on your business requirements.
  3. Click the Cluster Management tab.
  4. On the Cluster Management page, find your cluster and click Details in the Actions column.
  5. In the left-side navigation pane of the Cluster Overview page, click Connect Strings.
  6. On the Public Connect Strings page, find the component whose web UI you want to access and click its link.
    • In V2.X.X versions later than V2.7.X or V3.X.X versions later than V3.5.X, you can use a Knox account to access the web UIs of open source components. For more information about how to create a Knox account, see Manage user accounts. For more information about how to use Knox, see Knox. To access the web UI of Hue, you must use the Hue username and password. For more information about how to use Hue, see Use Hue. You can directly access the web UI of Zeppelin without a username and password.
    • After Ranger is deployed in your cluster, you can use the default username and password to access the web UI of Ranger. For more information, see Overview.