You can directly access any Hydrolix component's underlying instance through the use of SSH. This requires a little extra preparation prior to the creation of a cluster, as well as comfort with using a Unix command line interface.
You control SSH access to components through the use of SSH keys, adding the public keys of trusted users to your Hydrolix client configuration.
You add keys to your client configuration through the
update sub-command of the
hdxctl command-line utility. As an additional argument, you supply either the name of an SSH key stored on AWS EC2, or the path to a local authorized-keys file.
After you add keys to your client configuration, the components of any clusters you subsequently create will allow SSH login via these keys' paired counterparts. Adding public keys to your configuration has no effect on clusters you have already created.
To add a public key that you have stored on AWS, use the
--aws-ssh-key-name option of
hdxctl, providing the key's AWS name as an argument.
For example, if you have an AWS-stored key named "my-ssh-key":
$ hdxctl update hdxcli-12354abc --aws-ssh-key-name my-ssh-key
To view a list of the keys you have stored on AWS, visit your EC2 console and select Key Pairs.
To add public keys from an OpenSSH authorized-keys file stored on your own computer, use the
--ssh-authorized-keys option of
hdxctl, providing a path to that file as an argument.
For example, to include all the public SSH keys stored in a file located at
.ssh/authorized_keys within your own computer's home directory:
$ hdxctl update hdxcli-12354abc --ssh-authorized-keys ~/.ssh/authorized_keys
The easiest way to connect to an instance within a Hydrolix once the private SSH key that you wish to use has been configured is to use the HDXCTL command. Within this command you are able to connect to components through the
hdxctl goto sub-command.
For example, to connect to your UI component via SSH:
$ hdxctl goto hdxcli-12354abc hdx-54321xyz ui
Once you have updated your keys onto the Hydrolix cluster you are able to connect to bastion host via it's IP. To get a list of IP's you can use the
HDXCTL instances command. Alternatively it is possible to use
presence discover -s <service-name> to get a list of the IP's once on the bastion.
To SSH around the cluster SSH to the Bastion and then SSH through to the component you wish to look at. Note you should use Agent forwarding (
-A). The user to use is ubuntu.
$ ssh -A [email protected]
In order to accept SSH access requests from a given IP address, you must also configure your cluster to accept traffic of any kind from that IP. See Enabling access to your cluster for more information.
Presence discover is deployed on the Bastion so you can interrogate the IP's for your instances.
[email protected]:~$ presence discover --help Usage: presence discover [OPTIONS] Options: --region TEXT -v, --verbose -s, --service TEXT -b, --bucket TEXT -p, --bucket-prefix TEXT --ttl INTEGER --help Show this message and exit.
[email protected]:~$ presence discover -s merge-peer 2021-06-03 09:43:03+00:00 10.0.3.154 2021-06-03 09:43:07+00:00 10.0.2.157 2021-06-03 09:43:31+00:00 10.0.2.72 2021-06-03 09:43:48+00:00 10.0.3.29
Updated 6 months ago