开源大数据集群部署(十五)Zookeeper集群部署
1、集群规划
主机 | 版本 | 角色 | 系统用户 |
hd1.dtstack.com | 3.7.1 | follower | zookeeper |
hd2.dtstack.com | 3.7.1 | leader | zookeeper |
hd3.dtstack.com | 3.7.1 | follower | zookeeper |
2、zookeeper kerberos主体创建
在生产中zk服务端和客户端票据可以设置成不通名称或相同名称,本次设置成同一个票据名称zookeeper/HOST@DTSTACK.COM格式表示zk服务端和客户端票据。
票据名 | 票据文件 | 文件分布 |
zookeeper/hd1.dtstack.com@DTSTACK.COM | /etc/security/keytab/zookeeper.keytab | hd1.dtstack.com主机 |
zookeeper/hd2.dtstack.com@DTSTACK.COM | /etc/security/keytab/zookeeper.keytab | hd2.dtstack.com主机 |
zookeeper/hd3.dtstack.com@DTSTACK.COM | /etc/security/keytab/zookeeper.keytab | hd3.dtstack.com主机 |
在hd1.dtstack.com主机上root权限下创建kerberos主体,使用zookeeper系统用
在每台机器上执行生成脚本,执行此脚本可自动生成principal(在每个节点执行)
bash /root/bigdata/getkeytabs.sh /etc/security/keytab/zookeeper.keytab zookeeper
3、zookeeper 安装
修改配置文件
[
root@hd2.dtstack.com ~]# cd /root/bigdata && tar -xzvf apache-zookeeper-3.7.1-bin.tar.gz -C /opt [root@hd2.dtstack.com ~]# ln -s /opt/apache-zookeeper-3.7.1-bin/ /opt/zookeeper [root@hd2.dtstack.com ~]#cd /opt/zookeeper [root@hd2.dtstack.com conf]#cat >zoo.cfg<<EOF tickTime=2000 initLimit=10 syncLimit=5 dataDir=/data/zookeeper/data/ dataLogDir=/data/zookeeper/log/ clientPort=2181 maxCnxns=20000 maxClientCnxns=2000 minSessionTimeout=4000 maxSessionTimeout=60000 autopurge.purgeInterval=24 autopurge.snapRetainCount=5 quorum.cnxn.threads.size=20 #zk集群服务地址配置 server.1=hd1:2888:3888 server.2=hd2:2888:3888 server.3=hd3:2888:3888 #zk kerberos配置 authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider jaasLoginRenew=3600000 kerberos.removeHostFromPrincipal=true kerberos.removeRealmFromPrincipal=true requireClientAuthScheme=sasl quorum.auth.enableSasl=true quorum.auth.learner.saslLoginContext=Learner quorum.auth.server.saslLoginContext=Server quorum.auth.kerberos.servicePrincipal=zookeeper/hd1.dtstack.com@DTSTACK.COM 4lw.commands.whitelist=mntr,conf,ruok,cons EOF
说明:
ü 改配置文件中ssl配置(标红色部分)目的是解决ranger 配置hive等组件在连接测试过程出现无权限问题
Ø 创建SSL认证文件zookeeper-jaas.conf、java.env
[
root@hd2.dtstack.com conf]# cat >zookeeper-jaas.conf<<EOF
Server {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/etc/security/keytab/zookeeper.keytab"
storeKey=true
useTicketCache=false
principal="zookeeper/hd2.dtstack.com@DTSTACK.COM";
};
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/etc/security/keytab/zookeeper.keytab"
storeKey=true
useTicketCache=false
principal="zookeeper/hd2.dtstack.com@DTSTACK.COM";
};
Learner {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/etc/security/keytab/zookeeper.keytab"
storeKey=true
useTicketCache=false
principal="zookeeper/hd2.dtstack.com@DTSTACK.COM";
};
EOF说明:
ü principal用具体票据名,不能用hadoop/host_name@DTSTACK.COM或hadoop/_HOST@DTSTACK.COM,否则报错
ü zk服务端和客户端票据在kerberos中已经创建,此处省略,客户端和服务端票据是不一样的
[
root@hd2.dtstack.com conf]# cat >java.env<<EOF export JVMFLAGS="-Djava.security.auth.login.config=/opt/zookeeper/conf/zookeeper-jaas.conf" export JAVA_HOME="/opt/java" EOF [root@hd2.dtstack.com conf]# cat >/data/zookeeper/data/myid<<EOF 2 EOF
Ø 同步到其他机器
root@hd2.dtstack.com conf]# cd /opt/ [root@hd2.dtstack.com software]# scp -r apache-zookeeper-3.7.1-bin root@hd1.dtstack.com:/opt/ [root@hd2.dtstack.com software]# scp -r apache-zookeeper-3.7.1-bin root@hd3.dtstack.com:/opt/
Ø 在其他机器修改对应配置
hd1.dtstack.com主机root权限:
[root@hd1.dtstack.com conf]# cat >/data/zookeeper/data/myid<<EOF 1 EOF
[root@hd1.dtstack.com ~]# cd /opt/apache-zookeeper-3.7.1-bin/conf [root@hd1.dtstack.com ~]# sed -i 's#hd2.dtstack.com#hd1.dtstack.com#g' zookeeper-jaas.conf [root@hd1.dtstack.com ~]# sed -i 's#hd2.dtstack.com#hd1.dtstack.com#g' zoo.cfg
hd3.dtstack.com主机root权限:
[root@hd3.dtstack.com conf]# cat >/data/zookeeper/data/myid<<EOF 3 EOF [root@hd3.dtstack.com ~]# cd /opt/apache-zookeeper-3.7.1-bin/conf [root@hd3.dtstack.com ~]# sed -i 's#hd2.dtstack.com#hd3.dtstack.com#g' zookeeper-jaas.conf [root@hd3.dtstack.com ~]# sed -i 's#hd2.dtstack.com#hd3.dtstack.com#g' zoo.cfg
2.5.3 zookeeper集群启停
Ø zk集群启停脚本zk_cluster.sh内容如下:
[root@hd1.dtstack.com apache-zookeeper-3.7.1-bin]# cat >zk_cluster.sh<<EOF
#!/bin/bash
case $1 in
"start"){
for i in hd1.dtstack.com hd2.dtstack.com hd3.dtstack.com
do
echo ---------- zookeeper $i 启动 ------------
ssh $i "source /etc/profile;/opt/zookeeper/bin/zkServer.sh start"
done
};;
"stop"){
for i in hd1.dtstack.com hd2.dtstack.com hd3.dtstack.com
do
echo ---------- zookeeper $i 停止 ------------
ssh $i "source /etc/profile;/opt/zookeeper/bin/zkServer.sh stop"
done
};;
"status"){
for i in hd{1..3}
do
echo ---------- zookeeper $i 状态 ------------
ssh $i "source /etc/profile;/opt/zookeeper/bin/zkServer.sh status"
done
};;
esacEOF
Ø 修改整体目录文件权限
[root@hd1.dtstack.com apache-zookeeper-3.6.3-bin]# chown -R zookeeper:zookeeper /opt/apache-zookeeper-3.7.1-bin
Ø 启动命令:
sh zk_cluster.sh start
Ø 停止命令:
sh zk_cluster.sh stop
Ø 查看状态命令:
sh zk_cluster.sh status
2.5.4 zookeeper集群验证
Ø 可通过执行sh zk_cluster.sh status查看
Ø 端口查看,命令netstat -an|grep 2181
Ø 进程查看,命令jps
至此,zk三节点集群搭建完成
