E-MapReduce:Access the web UIs of open source components in the EMR console

Use the native UI address to access the web UI of an open source component

You need to only enable the ports over which the web UIs of open source components can be accessed and add the ports to the security group. This way, you can directly access the web UIs of open source components by using the corresponding native UI address. This method features convenient operations. However, you must enable ports over which the web UIs of open source components can be accessed.

1. Enable a port

To enable a port, add the IP address of the client that you want to use and the port of an open source component to the security group rule of your EMR cluster.

1. Go to the Basic Information tab.

2. In the Security section of the Basic Information tab, click the link to the right of Cluster Security Group to go to the Security Group Details tab of the Elastic Compute Service (ECS) console.

3. On the Inbound subtab of the Security Group Details tab, click Add Rule. Then, configure the required parameters and retain the default values of other parameters. The following table describes the parameters.

   Parameter	Description	Example
   Port Range	The port over which the web UI of an open source component is accessed.	For example, to access the web UI of YARN, enter 8088/8088 in the Port Range column. For more information about the ports of other open source components, see Access the web UIs of open source components.
   Authorization Object	The internal IP address of the client.	Enter the internal IP address of your client. Make sure that the client that you want to use and the nodes in your EMR cluster are in the same internal network environment.

   Note

   For more information about the parameters, see Security group rules.

2. Use the native UI address to access the web UI of an open source component

1. On the Access Links and Ports tab, copy the native UI address of the desired open source component.

2. On the client, open a browser and access the native UI address that you copied. If your client runs a Linux operating system, run the curl -L http://IP address:port/ command to check whether you can use the native UI address to access the web UI of the open source component.

Use the internal or external Knox proxy address to access the web UI of an open source component

To use the internal or external Knox proxy address to access the web UI of an open source component, enable port 8443 and perform identity authentication by using the username that you added on the Users tab. This method requires only one port and ensures high security based on identity authentication but involves complex operations.

1. Add Knox

If Knox is not deployed in your EMR cluster, perform the following steps to add Knox:

1. Go to the Services tab.

2. On the Services tab, click Add Service. In the Add Service panel, select KNOX and OpenLDAP and click OK.

3. After the services are added, click the Access Links and Ports tab. On the Access Links and Ports tab, you can view the Knox proxy addresses.

2. (Optional) Associate an EIP with an ECS instance

1. Click the Nodes tab.

2. On the Nodes tab, find the emr-master node group, click the icon, and then click the ID of the master-1-1 node.

3. In the Configuration Information section of the Instance Details tab, find Public IP Address and click Associate EIP to associate an EIP with the ECS instance. For more information, see EIPs.

4. In the upper-right corner of the cluster details page in the EMR console, click All Operations and click Synchronize Host Information in the Cluster Operation section.

5. On the Access Links and Ports tab, view the public Knox proxy addresses.

3. Enable Port 8443

Add Port 8443 to the security group of your EMR cluster. For more information, see Enable a port in this topic. The following table describes the key parameters.

4. Add a user

The username and password of the user that you add on the Users tab are required to access the web UI of an open source component. For information about how to add a user, see Manage OpenLDAP users.

5. Use the internal or external Knox proxy address to access the web UI of an open source component

Go to the Access Links and Ports tab.

• Public Knox proxy address: Click the public Knox proxy address of the desired open source component. On the page that appears, enter the username and password.

• Internal Knox proxy address: Click the internal Knox proxy address of the desired open source component. On the page that appears, enter the username and password. If your client runs a Linux operating system, you can run the curl -k -u username:password https://Internal IP address:8443/gateway/cluster-topo/xx command to check whether you can access the web UI.

Access the web UIs of special open source components

Access the web UI of Ranger

After Ranger is deployed in a cluster, you can use the default username and password to access the web UI of Ranger. For more information, see Ranger.

• Data lake scenario (DataLake clusters)

  • EMR V3.44.0 or a later minor version and EMR V5.10.0 or a later minor version

    The default username is admin, and the default password is Admin1234. If you forget the default password, resolve the issue by referring to FAQ.

  • A minor version earlier than EMR V3.44.0 or a minor version earlier than EMR V5.10.0

    The default username is admin, and the default password is admin1234. If you forget the default password, resolve the issue by referring to FAQ.

• Old Data lake scenario (Hadoop clusters)

  The default username and password are admin. If you forget the default password, resolve the issue by referring to FAQ.

Access the web UI of Flink (minor versions earlier than EMR V3.29.0)

In minor versions earlier than EMR V3.29.0, you can access the web UI of Flink only by using an SSH tunnel. For more information, see Create an SSH tunnel to access the web UIs of open source components.

FAQ

Why does a blank page appear after I click the Access Links and Ports tab?

Check whether you have an overdue payment. If you have an overdue payment, you must settle the overdue payment and wait for a period of time.

Why am I unable to access the web UI of an open source component by using a native UI address?

Check whether the client that you want to use and the nodes in your EMR cluster are in the same internal network environment.

What are the username and password for logon authentication?

Use an added user and the password that you specified for the user to perform logon authentication. For information about how to add a user, see Manage OpenLDAP users.

Why does the username and password page reappear after I enter the correct username and password?

1. On the Services tab, stop OpenLDAP.

2. Log on to the master-1-1 node.

3. Copy the repair_ldap_service.sh script to the master-1-1 node.

4. Execute the bash repair_ldap_service.sh script as the user root.

5. In the upper-right corner of the OpenLDAP service page in the EMR console, choose More > Restart.

What do I do if the web UI of an open source component fails to be accessed by using the internal or external Knox proxy address?

1. Check whether Port 8443 is enabled based on the preceding steps.

2. Specific open source components fail to adapt to Knox. As a result, you cannot use the internal or external Knox proxy address to access the web UIs of the open source components. You can access the web UIs of the open source components by using other methods. The adaptation issue occurs in the following open source components:

   • HBase that is deployed in EMR V5.10.X to V5.12.X.

   • Presto and Trino that are deployed in EMR V5.10.X to V5.14.X.

References

• If you have high security requirements or use a special network environment, you can create an SSH tunnel to access the web UIs of open source components. For more information, see Create an SSH tunnel to access the web UIs of open source components.

• For information about service-related issues, see FAQ.