I have installed a cluster on AWS using the quick start guide and the CLoudera Director but when I try to ssh to the manager node using the connect command generated from the instance management console
ssh -i aws-cloudera-quickstart-06-24-2016.pem email@example.com
I get the error message
ssh: connect to host ec2-xx-xx-xx-xxx.eu-central-1.compute.amazonaws.com port 22: Operation timed out
(NOTE I have obfusicated the IP address on the commande- I do use the correct IP address)
Consequently I can also not not set up an ssh tunnel to allow me to connect from my browser.
Can you help please or if you need more details please let me know what and how to supply it.
It seems like you are trying to connect to the instance via its public IP address. Have you enabled the "Associate Public IP Address" flag while setting up the environment? This will create the instances with public IP addresses.
If you have already enabled that flag, then please check the firewall rules of the security group that you used.
Do note that you can connect to the CM instance using the private IP address from the Director instance itself - but if your goal is to be able to access the CM instance from anywhere, then you'd have to associate public IP addresses first.
I can confirm that I am using the private IP address. Also the private and public are associated. This is a clean install using the AWS Quickstart template, the install finished cleanly. All security profiles say the ports are open.
I can still not
1. Connect to the manager node using
ssh -i "aws-cloudera-quickstart-08-12-2016.pem" firstname.lastname@example.org
2. Create the ssh tunnel to that I can use my browser to connect to the manager.
ssh -i aws-cloudera-quickstart-08-12-2016.pem -L 7180:10.0.1.104:7180 email@example.com
You say that you are using the private IP address, but it appears that your command (1) below is attempting to SSH to the public DNS name of your instance. What happens if you try command (1), but replace the public DNS name with the private IP address?
Also, are you attempting the connection from the Director instance that you installed using AWS Quickstart, or from some other host?
Thanks for replying so quickly. I am following the instructions in the Cloudera AWS quickstart gude (page 25 version updated Feb 2016). It says to use the public DNS address in the second half of the command.
This is the command that also works to set up the tunnel to the Director which works fine.
I have tried it with the private DNS in the second half of the command and it does not work, unresolved address.
I am trying to SSH from a terminal session on Mac, and also from the Director using the link to the cluster, both do not work.
Any suggestions appreciated, this has held me up for 3 days now!
If you are using the current version of Director, I think the corresponding quickstart guide is the one updated July 2016 (https://s3.amazonaws.com/quickstart-reference/cloudera/hadoop/latest/doc/Cloudera_EDH_on_AWS.pdf). But I assume the instructions you are using are similar to the ones on pages 18 and 25 of the current document.
Let's take a step back and talk about what should and shouldn't work.
In all of this discussion, I assume you do not have any special VPN setup allowing you to access the private IP address of your cluster launcher instance or the instances it manages.
In order for you to do administration on your cluster launcher (Cloudera Director) instance, or to be able to use it for port forwarding, you need to have SSH access to the instance on port 22 on its public IP address, and the private key file that was used to set up the instance. Are you able to successfully SSH into the cluster launcher instance, using a command like the one on page 18, but without the port-forwarding options?
In order for you to use the Cloudera Director UI, one of two conditions must be satisfied: (1) port 7189 on the cluster launcher instance must be exposed on the public IP address, or (2) you must set up an SSH tunnel to the port on the private IP address, via the accessible SSH endpoint on the public IP address. Are you able to successfully access the Cloudera Director UI, either directly or via an SSH tunnel, using a command similar to the one on page 18?
Assuming these preconditions are satisfied, let's take the remaining use cases one at a time.
First, let's determine whether you have SSH access to the Cloudera Manager instance at all. Even under the most restrictive valid configuration, the cluster launcher instance must have SSH access to the Cloudera Manager instance on its private IP address. Open an SSH session on the cluster launcher instance (using the private key that was used to set up that instance), and from inside that session, try to open an SSH session to the Cloudera Manager instance on its private IP address, using the generated private key that is stored on the cluster launcher instance. If this does not work, none of the subsequent use cases will work, so we have to iron this out first.
I can ssh from the director to the manager using both private IP and public DNS. I can also ssh tunnel from the director to the manager.
However nether the ssh logon or tunnel works from my local terminal session.
Once I had managed to tunnel from the director to the manager I went to the director web ui and tried to link to the manager from there but it did not work, however I notice that the director has the wrong external dns address for the manager which seems odd?
I also noticed that my director (cluster launcher) instance has an elastic IP associated with the private IP, should this also be the case for the manager instance?
Since you can SSH to director instance from your local terminal session, and to the manager instance from the director instance, the next step is to figure out why you cannot SSH to the manager instance directly from your local instance.
You first need to verify that the inbound rules on the security group for your manager instance allow access to port 22 on the external IP address from the IP address range of your local machine. Then you need to verify that any firewall rules on your local machine allow outbound access to the manager instance.
Also, you need to make sure that you have copied the private key file that you are using to connect to the manager instance to your local machine and set the permissions appropriately.
Here is a link to the AWS docs on troubleshooting connectivity issues:
It is not surprising that the link to the manager in the director web UI does not work. That link is to port 7180 on the private IP address of the manager instance, and you will not be able to use it until you have set up a SOCKS proxy as described in the user guide. For security reasons you should NOT expose Cloudera Manager to the public internet. But you won't be able to set up the SOCKS proxy correctly until you can iron out your connectivity issues.
The security groups look good all open. There is nothing on my machine blocking access either. I have downloaded the keyfile to my local machine and it has the correct access set. However when I ssh from the cluster launcher to the cluster manager I can see that in the ec2-user home directory on the cluster manager that there is no *.pem file for the keypair. Surely this must have been set up during the install script, but I searched the whole machine from / and it does not exist. I guess that could be causing the problem?
I don't think thats the problem. Can you check that the tunnelling command to access Cloudera Manager is correct. It should look something like below:
ssh -i privatekey.pem -L 7180:cloudera-manager-private-ip:7180 -L 7187:cloudera-manager-private-ip:7187 ec2-user@cluster-launcher-public-ip
Something to note, in one of your previous posts you had a similar command but were using "aws-cloudera-quickstart-08-12-2016.pem" as the private key. Since the host we're tunneling through is the cluster launcher host, you shouldn't be using the private key generated by quickstart. Instead use the key for the cluster launcher instance. Also make sure to run this command on your local machine and verify success by going to localhost:7180 on the browser.