本帖最后由 levycui 于 2018-12-25 16:04 编辑
问题导读:
1、集群安全前置准备有哪些?
2、如何安装外部数据MySQL?
3、如何安装Cloudera Manager?
4、如何安装CDH集群?
1文档编写目的
Cloudera在前天12月19日,对外宣布正式发布Cloudera Enterprise 6.1,相关介绍可以参考Fayson昨天的文章《0487-CDH6.1的新功能》和《0488-Cloudera Manager6.1的新功能》。本文档Fayson主要描述如何在Redhat7.4安装CDH6.1。CDH6与CDH5的安装步骤一致,主要包括以下四部分:
1.安全前置准备,包括安装操作系统、关闭防火墙、同步服务器时钟等;
2.外部数据库如MySQL安装
3.安装Cloudera Manager;
4.安装CDH集群;
请务必注意CDH6的安装前置条件包括如下:
MySQL 5.7或更高
MariaDB 5.5或更高
PostgreSQL 8.4或更高
Oracle 12c或更高
Oracle JDK1.8,将不再支持JDK1.7
RHEL 6.8或更高
RHEL 7.2或更高
SLES 12 SP2或更高
Ubuntu 16或更高
1.CM和CDH版本为6.1
2.Redhat7.4
3.JDK1.8.0_141
4.MariaDB-5.5.56
5.root用户安装
2前置准备
2.1hostname及hosts配置
集群中各个节点之间能互相通信使用静态IP地址。IP地址和主机名通过/etc/hosts配置,主机名通过/etc/hostname进行配置。
以cm节点(172.31.6.83)为例:
[mw_shl_code=bash,true]/etc/hostname文件如下:
ip-172-31-6-83.ap-southeast-1.compute.internal[/mw_shl_code]
或者你可以通过命令修改立即生效
[mw_shl_code=bash,true][root@ip-172-31-6-83 ~]$ hostnamectl set-hostname ip-172-31-6-83.ap-southeast-1.compute.internal[/mw_shl_code]
/etc/hosts文件如下:
[mw_shl_code=bash,true]
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.31.6.83 ip-172-31-6-83.ap-southeast-1.compute.internal
172.31.12.142 ip-172-31-12-142.ap-southeast-1.compute.internal
172.31.9.113 ip-172-31-9-113.ap-southeast-1.compute.internal
172.31.4.105 ip-172-31-4-105.ap-southeast-1.compute.internal[/mw_shl_code]
以上两步操作,在集群中其它节点做相应配置。确认需要安装的4台主机的hosts文件:
2.2禁用SELinux
在所有节点执行setenforce 0 命令,此处使用批处理shell执行:
[mw_shl_code=bash,true][root@ip-172-31-6-83 shell]# sh ssh_do_all.sh node.list "setenforce 0"[/mw_shl_code]
集群所有节点修改/etc/selinux/config文件如下:
[mw_shl_code=bash,true]# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted[/mw_shl_code]
2.3关闭防火墙
集群所有节点执行 systemctl stop命令,此处通过shell批量执行命令如下:
[mw_shl_code=bash,true][root@ip-172-31-6-83 shell]# sh ssh_do_all.sh node.list "systemctl stop firewalld"
[root@ip-172-31-6-83 shell]# sh ssh_do_all.sh node.list "systemctl disable firewalld"
[root@ip-172-31-6-83 shell]# sh ssh_do_all.sh node.list "systemctl status firewalld"[/mw_shl_code]
2.4集群时钟同步
在Redhat7.x的操作系统上,已经默认的安装了chrony,我们这里先卸载chrony,然后安装ntp。使用ntp来配置各台机器的时钟同步,将cm(172.31.6.83)服务作为本地ntp服务器,其它3台服务器与其保持同步。
1.所有机器卸载chrony
[mw_shl_code=bash,true][root@ip-172-31-6-83 shell]# sh ssh_do_all.sh node.list "yum -y remove chrony"[/mw_shl_code]
2.所有机器安装ntp
[mw_shl_code=bash,true][root@ip-172-31-6-83 shell]# sh ssh_do_all.sh node.list "yum -y install ntp"[/mw_shl_code]
3.cm机器配置时钟与自己同步
[mw_shl_code=bash,true][root@ ip-172-31-6-83 shell]# vim /etc/ntp.conf
#server 0.rhel.pool.ntp.org iburst
#server 1.rhel.pool.ntp.org iburst
#server 2.rhel.pool.ntp.org iburst
#server 3.rhel.pool.ntp.org iburst
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10[/mw_shl_code]
4.集群其它节点,配置找cm机器去同步
[mw_shl_code=bash,true]#server 0.rhel.pool.ntp.org iburst
#server 1.rhel.pool.ntp.org iburst
#server 2.rhel.pool.ntp.org iburst
#server 3.rhel.pool.ntp.org iburst
server 172.31.6.83[/mw_shl_code]
5.重启所有机器的ntp服务
[mw_shl_code=bash,true]
[root@ ip-172-31-6-83 shell]# sh ssh_do_all.sh node.list "systemctl restart ntpd"
[root@ ip-172-31-6-83 shell]# sh ssh_do_all.sh node.list "systemctl status ntpd"[/mw_shl_code]
6.验证始终同步,在所有节点执行ntpq -p命令,如下使用脚本批量执行
[mw_shl_code=bash,true][root@ ip-172-31-6-83 shell]# sh ssh_do_all.sh node.list "ntpq -p"[/mw_shl_code]
左边出现*号表示同步成功。
2.5设置swap
所有节点执行
[mw_shl_code=bash,true][root@ ip-172-31-6-83 shell]# sh ssh_do_all.sh node.list "echo vm.swappiness = 10 >> /etc/sysctl.conf"[/mw_shl_code]
2.6设置透明大页面
所有节点执行:
[mw_shl_code=bash,true][root@ ip-172-31-6-83 shell]# sh ssh_do_all.sh node.list "echo never > /sys/kernel/mm/transparent_hugepage/defrag "
[root@ ip-172-31-6-83 shell]# sh ssh_do_all.sh node.list "echo never > /sys/kernel/mm/transparent_hugepage/enabled"[/mw_shl_code]
设置开机自关闭
将如下脚本添加到/etc/rc.d/rc.local文件中
[mw_shl_code=bash,true]if test -f /sys/kernel/mm/transparent_hugepage/enabled; then echo never > /sys/kernel/mm/transparent_hugepage/enabled fi if test -f /sys/kernel/mm/transparent_hugepage/defrag; then echo never > /sys/kernel/mm/transparent_hugepage/defrag fi[/mw_shl_code]
同步到所有节点
2.7配置操作系统repo
Fayson用的是AWS的环境,这步是可以省略的,放在这里供物理机部署的兄弟们参考。
挂载操作系统iso文件
[mw_shl_code=bash,true][ec2-user@ip-172-31-2-159 ~]$ sudo mkdir /media/DVD1
[ec2-user@ip-172-31-2-159 ~]$ sudo mount -o loop
CentOS-7-x86_64-DVD-1611.iso /media/DVD1/[/mw_shl_code]
配置操作系统repo
[mw_shl_code=bash,true][ec2-user@ip-172-31-2-159 ~]$ sudo vim /etc/yum.repos.d/local_os.repo
[local_iso]
name=CentOS-$releasever - Media
baseurl=file:///media/DVD1
gpgcheck=0
enabled=1
[ec2-user@ip-172-31-2-159 ~]$ sudo yum repolist[/mw_shl_code]
2.8安装http服务
安装httpd服务
[mw_shl_code=bash,true][ec2-user@ip-172-31-2-159 ~]$ sudo yum -y install httpd[/mw_shl_code]
启动httpd服务
[mw_shl_code=bash,true][ec2-user@ip-172-31-2-159 ~]$ sudo systemctl start httpd[/mw_shl_code]
安装完httpd后,重新制作操作系统repo,换成http的方式方便其它服务器也可以访问
[mw_shl_code=bash,true][ec2-user@ip-172-31-2-159 ~]$ sudo mkdir /var/www/html/iso
[ec2-user@ip-172-31-2-159 ~]$ sudo scp -r /media/DVD1/* /var/www/html/iso/
[ec2-user@ip-172-31-2-159 ~]$ sudo vim /etc/yum.repos.d/os.repo
[osrepo]
name=os_repo
baseurl=http://172.31.2.159/iso/
enabled=true
gpgcheck=false
[ec2-user@ip-172-31-2-159 ~]$ sudo yum repolist[/mw_shl_code]
1.修改/etc/httpd/conf/httpd.conf配置文件,在<IfModule mime_module>中修改以下内容
[mw_shl_code=bash,true]AddType application/x-gzip .gz .tgz .parcel[/mw_shl_code]
2.保存httpd.conf的修改,并重启httpd服务
[mw_shl_code=bash,true][root@ip-172-31-6-83 java]# systemctl restart httpd[/mw_shl_code]
2.9安装MariaDB
1.安装MariaDB
[mw_shl_code=bash,true][root@ ip-172-31-6-83 ~]# yum -y install mariadb
[root@ ip-172-31-6-83 ~]# yum -y install mariadb-server[/mw_shl_code]
2.启动并配置MariaDB
[mw_shl_code=bash,true][root@ ip-172-31-6-83 ~]# systemctl start mariadb
[root@ ip-172-31-6-83 ~]# /usr/bin/mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] n
... skipping.
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB![/mw_shl_code]
3.建立CM,Hive等需要的表
[mw_shl_code=bash,true][root@ip-172-31-6-83 ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 9
Server version: 5.5.56-MariaDB MariaDB Server
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
create database metastore default character set utf8; CREATE USER 'hive'@'%' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON metastore. * TO 'hive'@'%'; FLUSH PRIVILEGES; create database cm default character set utf8; CREATE USER 'cm'@'%' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON cm. * TO 'cm'@'%'; FLUSH PRIVILEGES; create database am default character set utf8; CREATE USER 'am'@'%' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON am. * TO 'am'@'%'; FLUSH PRIVILEGES; create database rm default character set utf8; CREATE USER 'rm'@'%' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON rm. * TO 'rm'@'%'; FLUSH PRIVILEGES;
create database hue default character set utf8; CREATE USER 'hue'@'%' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON hue. * TO 'hue'@'%'; FLUSH PRIVILEGES;
create database oozie default character set utf8; CREATE USER 'oozie'@'%' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON oozie. * TO 'oozie'@'%'; FLUSH PRIVILEGES;
create database sentry default character set utf8; CREATE USER 'sentry'@'%' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON sentry. * TO 'sentry'@'%'; FLUSH PRIVILEGES;
create database nav_ms default character set utf8; CREATE USER 'nav_ms'@'%' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON nav_ms. * TO 'nav_ms'@'%'; FLUSH PRIVILEGES;
create database nav_as default character set utf8;
CREATE USER 'nav_as'@'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON nav_as. * TO 'nav_as'@'%';
FLUSH PRIVILEGES;[/mw_shl_code]
[mw_shl_code=bash,true][root@ip-172-31-6-83 shell]# mkdir -p /usr/share/java/
[root@ip-172-31-6-83 ~]# mv mysql-connector-java-5.1.34.jar /usr/share/java/
[root@ip-172-31-6-83 ~]# cd /usr/share/java
[root@ip-172-31-6-83 java]# chmod 777 mysql-connector-java-5.1.34.jar
[root@ip-172-31-6-83 java]# ln -s mysql-connector-java-5.1.34.jar mysql-connector-java.jar
[root@ip-172-31-6-83 java]# ll
total 940
-rwxrwxrwx. 1 root root 960372 May 16 15:53 mysql-connector-java-5.1.34.jar
lrwxrwxrwx. 1 root root 31 May 16 15:53 mysql-connector-java.jar -> mysql-connector-java-5.1.34.jar[/mw_shl_code]
3Cloudera Manager安装
3.1配置本地repo源
1.下载CM6.1的安装包,地址为:
https://archive.cloudera.com/cm6 ... 9885.el7.x86_64.rpm
https://archive.cloudera.com/cm6 ... 9885.el7.x86_64.rpm
https://archive.cloudera.com/cm6 ... 9885.el7.x86_64.rpm
https://archive.cloudera.com/cm6 ... 9885.el7.x86_64.rpm
https://archive.cloudera.com/cm6 ... ate141-1.x86_64.rpm
https://archive.cloudera.com/cm6/6.1.0/allkeys.asc
2.下载CDH6.0的安装包,地址为:
https://archive.cloudera.com/cdh ... 0.537114-el7.parcel
https://archive.cloudera.com/cdh ... 4-el7.parcel.sha256
https://archive.cloudera.com/cdh6/6.0.0/parcels/manifest.json
3.将Cloudera Manager安装需要的5个rpm包以及一个asc文件下载到本地,放在同一目录,执行createrepo命令生成rpm元数据。
[mw_shl_code=bash,true]
[root@ip-172-31-6-83 cm6.1]# ll
total 1330732
-rw-r--r-- 1 root root 14041 Dec 17 23:26 allkeys.asc
-rw-r--r-- 1 root root 26548248 Dec 17 23:27 cloudera-manager-agent-6.1.0-769885.el7.x86_64.rpm
-rw-r--r-- 1 root root 1151186332 Dec 17 23:27 cloudera-manager-daemons-6.1.0-769885.el7.x86_64.rpm
-rw-r--r-- 1 root root 8956 Dec 17 23:27 cloudera-manager-server-6.1.0-769885.el7.x86_64.rpm
-rw-r--r-- 1 root root 10992 Dec 17 23:27 cloudera-manager-server-db-2-6.1.0-769885.el7.x86_64.rpm
-rw-r--r-- 1 root root 184888682 Dec 17 23:27 oracle-j2sdk1.8-1.8.0+update141-1.x86_64.rpm
[root@ip-172-31-6-83 cm6.1]# createrepo .
Spawning worker 0 with 2 pkgs
Spawning worker 1 with 1 pkgs
Spawning worker 2 with 1 pkgs
Spawning worker 3 with 1 pkgs
Workers Finished
Saving Primary metadata
Saving file lists metadata
Saving other metadata
Generating sqlite DBs
Sqlite DBs complete[/mw_shl_code]
4.配置Web服务器
将上述cdh6.1/cm6.1目录移动到/var/www/html目录下, 使得用户可以通过HTTP访问这些rpm包。
[mw_shl_code=bash,true][root@ip-172-31-6-83 ~]# mv cdh6.1/ cm6.1/ /var/www/html/[/mw_shl_code]
验证浏览器能否正常访问
5.制作Cloudera Manager的repo源
[mw_shl_code=bash,true][root@ip-172-31-6-83 ~]# vim /etc/yum.repos.d/cm.repo
[cmrepo]
name = cm_repo
baseurl = baseurl=http://172.31.6.83/cm6.1
enable = true
gpgcheck = false
[root@ip-172-31-6-83 yum.repos.d]# yum repolist
Loaded plugins: amazon-id, rhui-lb, search-disabled-repos
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
repo id repo name status
!cmrepo cm_repo 5
!rhui-REGION-client-config-server-7/x86_64 Red Hat Update Infrastructure 2.0 Client Configuration Server 7 1
!rhui-REGION-rhel-server-releases/7Server/x86_64 Red Hat Enterprise Linux Server 7 (RPMs) 23,206
!rhui-REGION-rhel-server-rh-common/7Server/x86_64 Red Hat Enterprise Linux Server 7 RH Common (RPMs) 235
repolist: 23,447[/mw_shl_code]
6.验证安装JDK
[mw_shl_code=bash,true][root@ip-172-31-6-83 yum.repos.d]# yum -y install oracle-j2sdk1.8-1.8.0+update141-1.x86_64[/mw_shl_code]
3.2安装Cloudera Manager Server
1.通过yum安装Cloudera Manager Server
[mw_shl_code=bash,true]yum -y install cloudera-manager-server[/mw_shl_code]
2.初始化数据库
[mw_shl_code=bash,true][root@ip-172-31-6-83 yum.repos.d]# /opt/cloudera/cm/schema/scm_prepare_database.sh mysql cm cm password
JAVA_HOME=/usr/java/jdk1.8.0_141-cloudera
Verifying that we can write to /etc/cloudera-scm-server
Creating SCM configuration file in /etc/cloudera-scm-server
Executing: /usr/java/jdk1.8.0_141-cloudera/bin/java -cp /usr/share/java/mysql-connector-java.jar:/usr/share/java/oracle-connector-java.jar:/usr/share/java/postgresql-connector-java.jar:/opt/cloudera/cm/schema/../lib/* com.cloudera.enterprise.dbutil.DbCommandExecutor /etc/cloudera-scm-server/db.properties com.cloudera.cmf.db.
[main] DbCommandExecutor INFO Successfully connected to database.
All done, your SCM database is configured correctly![/mw_shl_code]
3.启动Cloudera Manager Server
[mw_shl_code=bash,true][root@ ip-172-31-6-83 ~]# systemctl start cloudera-scm-server[/mw_shl_code]
4.检查端口是否监听
[mw_shl_code=bash,true][root@ip-172-31-6-83 yum.repos.d]# netstat -lnpt | grep 7180
tcp 0 0 0.0.0.0:7180 0.0.0.0:* LISTEN 10210/java [/mw_shl_code]
5.通过http://13.229.230.219:7180/cmf/login访问CM
4CDH安装
4.1CDH集群安装向导
1.admin/admin登录到CM
2.同意license协议,点击继续
3.选择60试用,点击继续
4.点击“继续”
5.点击“继续”,可以忽略这个自动TLS自动安装。
6.输入主机ip或者名称,点击搜索找到主机后点击继续
7.点击“继续”
8.选择自定义存储库,输入cm的http地址
9.使用Parcel选择,点击“更多选项”,点击“-”删除其它所有地址,输入
http://172.31.6.83/cdh6.1,点击“保存更改”
10.点击“继续”,进入下一步安装jdk
11.点击“继续”,进入下一步配置ssh账号密码
12.点击“继续”,进入下一步,安装Cloudera Manager相关到各个节点
等待agent安装完毕后,自动跳转到下一步开始分发parcel
13.点击“继续”,进入下一步安装cdh到各个节点
14.点击“继续”,进入下一步主机检查,确保所有检查项均通过。Fayson的机器因为有多个Java版本有一些警告,此步忽略。
点击完成进入服务安装向导。
4.2集群设置安装向导
1.选择需要安装的服务
2.点击“继续”,进入集群角色分配,一台机器作为管理节点,另外三台机器作为DataNode
3.点击“继续”,进入下一步,测试数据库连接
4.测试成功,点击“继续”,进入目录设置,此处使用默认默认目录,根据实际情况进行目录修改
5.点击“继续”,进入各个服务启动
6.安装成功,点击继续
7.安装成功后进入home管理界面
4.3组件版本检查
可以看到Hadoop3.0,Flume1.8,HBase2.1,Hive2.1.1,Spark2.2,Hue3.9,Impala3.1,Kafka2.0.0,Kudu1.8,Oozie5.0,Pig0.17,Senty2.1,Solr7.4,Sqoop1.4.7,Zookeeper3.4.5等。
5总结
1.从安装方式上来看,CDH6与CDH5变化不大,这也方便了CDH5的用户可以较为快速的迁移到CDH6,以及适应CDH6的安装与使用。
2.安装向导界面有一些变化,现在可以一目了然的看到一共多少步骤,以及每个步骤是干什么。
3.安装条件前置没有任何变化,包括防火墙,Selinux关闭,ntp同步等等。可以参考Fayson之前的文章《CDH安装前置准备》
4.进到主界面变化也不大,主要是Cloudera的logo变成了黑色,与Cloudera主页的整体风格一致。
5.在配置Cloudera Manager连接到数据库时的脚本有所变化。以前是/usr/share/cmf/schema/scm_prepare_database.sh,现在是/opt/cloudera/cm/schema/scm_prepare_database.sh
6.Cloudera Manager服务的状态在Redhat7通过systemctl status cloudera-scm-server查看是显示正确,而以前是不正确的,可以参考Fayson之前的文章《Cloudera Manager Server服务在RedHat7状态显示异常分析》
7.Cloudera Manager的rpm安装包由之前的7个变成了5个,去掉了之前的JDK6的包,然后自带JDK1.8.0_141,将不再支持JDK1.7。
8.注意CM的安装除了下载rpm包以外,还要下载allkeys.asc文件,否则安装agent的时候会报以下错误:
9.对于离线安装CDH6.0,分发Parcel出现hash校验失败的问题,是因为在CM6中修复了一个bug,让它不再忽略由http服务器发送的“Content-Encoding”的header信息,但是我们在Redhat中安装的httpd服务,当它传输parcel文件时,默认会错误的设置“Content-Encoding”。于是CM server会错误的认为parcel文件已经被httpd压缩并尝试解压缩。所以会导致失败。解决办法是参考2.8章节的,设置httpd的conf文件,AddType application/x-gzip .gz .tgz .parcel,然后重启httpd服务和CM服务。这个问题在beta的时候就已经存在了,具体请参考《Redhat7.4安装CDH6.0_beta1时分发Parcel异常分析》
10.在安装过程中会有页面提示Auto-TLS,该步骤可以忽略,不过如果对主机通信或者CM页面访问有SSL/TLS需求的话,也可以按照提示进行配置。
作者:Fayson
来源:Hadoop实操
最新经典文章,欢迎关注公众号 |
|