This topic describes the methods that you can use to access the web UIs of open source components that are deployed in an E-MapReduce (EMR) cluster. You can configure security group rules and access links to access the web UIs of open source components that are deployed in an EMR cluster.
Prerequisites
An EMR cluster is created. For more information, see Create a cluster.
Background information
Method | Benefit | Limit |
---|---|---|
Method 1: Access the web UIs of open source components by using Knox |
|
|
Method 2: Access the web UIs of open source components by using internal IP addresses | You do not need to deploy the Knox service. | You must add security group rules based on the service ports that you want to access. |
Method 1: Access the web UIs of open source components by using Knox
Add a security group rule
The first time you use a component, perform the following steps to configure security group rules:
- Obtain the public IP address of your on-premises machine. For security purposes, we recommend that you allow access only from the current public IP address when you configure a security group rule. To obtain the current public IP address, visit https://myip.ipip.net/.
- Go to the Basic Information tab of the desired cluster.
- Log on to the EMR on ECS console.
- In the top navigation bar, select the region where your cluster resides and select a resource group based on your business requirements.
- On the EMR on ECS page, find the desired cluster and click the name of the cluster in the Cluster ID/Name column.
- Add a security group rule.
Access the web UIs of open source components
- Go to the Access Links and Ports tab.
- Log on to the EMR on ECS console.
- In the top navigation bar, select the region where your cluster resides and select a resource group based on your business requirements.
- On the EMR on ECS page, find the desired cluster and click the name of the cluster in the Cluster ID/Name column.
- On the page that appears, click the Access Links and Ports tab.
- On the Access Links and Ports tab, find the component whose web UI you want to access and click the link in the Knox Proxy Address column. Important If you do not assign a public IP address to the master node of the cluster, you can access the web UIs of open source components only by using the internal Knox proxy address. If you want to use the public Knox proxy address to access the web UIs of open source components, perform the following steps.
- On the Nodes tab, click the Plus icon to the left of the master node group. In the Node Name/ID column, click the ID of the master-1-1 node.
- In the Elastic Compute Service (ECS) console, associate an elastic IP address (EIP) with the ECS instance of the master-1-1 node. For more information, see Associate or disassociate an EIP.
- Synchronize host information.
- On the Nodes tab, choose in the upper-right corner.
- In the message that appears, click Off.
On the Access Links and Ports tab, you can access the web UIs of open source components by using the public Knox proxy address.
- Use an added user for logon authentication and access the web UI of the corresponding open source component. For information about how to add a user, see Manage user accounts.
- Access the web UIs of some special open source components.
- Access the web UI of RangerAfter Ranger is deployed in a cluster, you can use the default username and password of Ranger to access the web UI of Ranger. For more information, see Overview.Note For Hadoop clusters, the default username and password of Ranger are admin. For DataLake clusters or custom clusters, the default username of Ranger is admin and the default password is admin1234.
- Access the web UI of Flink (minor versions earlier than EMR V3.29.0)In minor versions earlier than EMR V3.29.0, you can access the web UI of Flink only by using an SSH tunnel. For more information, see Create an SSH tunnel to access web UIs of open source components.Note To access a Flink job on the web UI of YARN, go to the Access Links and Ports tab in the EMR console, and click the link of the YARN UI in the Knox Proxy Address column. In the Hadoop console, click the ID of the Flink job to view the details of the Flink job.
- Access the web UI of Ranger
Method 2: Access the web UIs of open source components by using internal IP addresses
Add a security group rule
- Obtain the internal IP address of your on-premises machine. For security purposes, we recommend that you allow access only from the current internal IP address when you configure a security group rule.
- Go to the cluster information page.
- Log on to the EMR on ECS console.
- In the top navigation bar, select the region where your cluster resides and select a resource group based on your business requirements.
- On the EMR on ECS page, find the desired cluster and click the name of the cluster in the Cluster ID/Name column.
- Add a security group rule.
Access the web UIs of open source components
- Go to the Access Links and Ports tab.
- Log on to the EMR on ECS console.
- In the top navigation bar, select the region where your cluster resides and select a resource group based on your business requirements.
- On the EMR on ECS page, find the desired cluster and click the name of the cluster in the Cluster ID/Name column.
- On the page that appears, click the Access Links and Ports tab.
- On the Access Links and Ports tab, find the open source component whose web UI you want to access and click the link in the Native UI Address column.
FAQ
- Q: Why does the system have no response after I click the URL of an open source component?
A: If you use Knox to access the web UI of an open source component, you must enable port 8443 for the security group of the desired cluster. If you use the native UI address of an open source component to access the web UI of the component, you must enable the required port for the security group of the desired cluster. For more information about how to add a security group rule, see Add a security group rule.
- Q: What are the username and password for logon authentication?
A: Use an added user and the password that you specified for the user for logon authentication. For information about how to add a user, see Manage user accounts.