VM上でクラスターを二つ作成する
sudo -iwget https://raw.githubusercontent.com/hajimeo/samples/master/bash/start_hdp.sh -O ./start_hdp.sh
chmod u+x ./start_hdp.sh
# after preparing the response files
./start_hdp.sh -a -r node1_HDP2420_ambari2503.resp # -a for automate or -i for interactive
./start_hdp.sh -a -r node6_HDP2420_ambari2503.resp
NOTE: Responseファイルの中身
root@ho-ubu04:~# cat node1_HDP2420_ambari2503.resp
r_AMBARI_BLUEPRINT="Y"
r_AMBARI_BLUEPRINT_CLUSTERCONFIG_PATH=""
r_AMBARI_BLUEPRINT_HOSTMAPPING_PATH=""
r_AMBARI_HOST="node1.localdomain"
r_AMBARI_REPO_FILE="http://public-repo-1.hortonworks.com/ambari/centos6/2.x/updates/2.5.0.3/ambari.repo"
r_AMBARI_VER="2.5.0.3"
r_APTGET_UPGRADE="N"
r_CLUSTER_NAME="ubu04c1"
r_CONTAINER_OS="centos"
r_CONTAINER_OS_VER="6.8"
r_DEFAULT_PASSWORD="hadoop"
r_DOCKERFILE_URL="https://raw.githubusercontent.com/hajimeo/samples/master/docker/DockerFile"
r_DOCKER_HOST_IP="172.17.0.1"
r_DOCKER_KEEP_RUNNING="Y"
r_DOCKER_NETWORK_ADDR="172.17.140."
r_DOCKER_NETWORK_MASK="/16"
r_DOCKER_PRIVATE_HOSTNAME="dockerhost1"
r_DOMAIN_SUFFIX=".localdomain"
r_HDP_LOCAL_REPO="N"
r_HDP_REPO_URL="http://public-repo-1.hortonworks.com/HDP/centos6/2.x/updates/2.4.2.0/"
r_HDP_REPO_VER="2.4.2.0"
r_HDP_STACK_VERSION="2.4"
r_NODE_START_NUM="1"
r_NTP_SERVER="ntp.ubuntu.com"
r_NUM_NODES="4"
r_PROXY="Y"
r_PROXY_PORT="28080"
r_REPO_OS_VER="6"
root@ho-ubu04:~# diff node1_HDP2420_ambari2503.resp node6_HDP2420_ambari2503.resp
4c4
< r_AMBARI_HOST="node1.localdomain"
---
> r_AMBARI_HOST="node6.localdomain"
8c8
< r_CLUSTER_NAME="ubu04c1"
---
> r_CLUSTER_NAME="ubu04c6"
23c23
< r_NODE_START_NUM="1"
---
> r_NODE_START_NUM="6"
Dockerコンテナに二つ目のNICを追加する
curl -O https://raw.githubusercontent.com/jpetazzo/pipework/master/pipework
chmod u+x pipework
mv pipework /usr/sbin/
NOTE: 普通は同一のIPは避けたほうがいいと思いますが、今回は敢えて同じIP
pipework br1 node1 192.168.100.1/24
pipework br1 node2 192.168.100.2/24
pipework br1 node3 192.168.100.3/24
pipework br1 node4 192.168.100.4/24
pipework br6 node6 192.168.100.1/24
pipework br6 node7 192.168.100.2/24
pipework br6 node8 192.168.100.3/24
pipework br6 node9 192.168.100.4/24
MIT KDCをVM上に設定
curl -O https://raw.githubusercontent.com/hajimeo/samples/master/bash/setup_security.sh
. ./setup_security.sh
f_kdc_install_on_host
そのあと各AmbariからKerberosをWizardから設定
/etc/hostsを設定
root@ho-ubu04:~# cat hosts_a
172.17.140.6 node6.localdomain node6.localdomain. node6
172.17.140.7 node7.localdomain node7.localdomain. node7
172.17.140.8 node8.localdomain node8.localdomain. node8
172.17.140.9 node9.localdomain node9.localdomain. node9
192.168.100.1 node1.localdomain node1.localdomain. node1
192.168.100.2 node2.localdomain node2.localdomain. node2
192.168.100.3 node3.localdomain node3.localdomain. node3
192.168.100.4 node4.localdomain node4.localdomain. node4
root@ho-ubu04:~# for i in {1..4}; do scp ./hosts_a node$i.localdomain:/etc/hosts; done
root@ho-ubu04:~# cat hosts_b
172.17.140.1 node1.localdomain node1.localdomain. node1
172.17.140.2 node2.localdomain node2.localdomain. node2
172.17.140.3 node3.localdomain node3.localdomain. node3
172.17.140.4 node4.localdomain node4.localdomain. node4
192.168.100.1 node6.localdomain node6.localdomain. node6
192.168.100.2 node7.localdomain node7.localdomain. node7
192.168.100.3 node8.localdomain node8.localdomain. node8
192.168.100.4 node9.localdomain node9.localdomain. node9
root@ho-ubu04:~# for i in {6..9}; do scp ./hosts_b node$i.localdomain:/etc/hosts; done
Ambari(CLI)からコンフィグを変更
XXXX-bind-hostを0.0.0.0に変更
# cluster name
root@ho-ubu04:~# grep r_CLUSTER_NAME *.resp
node1_HDP2420_ambari2503.resp:r_CLUSTER_NAME="ubu04c1"
node6_HDP2420_ambari2503.resp:r_CLUSTER_NAME="ubu04c6"
# on each Ambari Node (node1 and node6)
_CLS="ubu04c1" # and ubu04c6 from node6
for _p in http https rpc serverrpc; do
/var/lib/ambari-server/resources/scripts/configs.sh set localhost $_CLS hdfs-site dfs.namenode.${_p}-bind-host 0.0.0.0
done
HTTP Auth(Spenego)を設定
_CLS="ubu04c1" # and ubu04c6 from node6
/var/lib/ambari-server/resources/scripts/configs.sh set localhost $_CLS core-site hadoop.security.token.service.use_ip false
/var/lib/ambari-server/resources/scripts/configs.sh set localhost $_CLS core-site hadoop.http.authentication.signature.secret.file /etc/security/http_secret
/var/lib/ambari-server/resources/scripts/configs.sh set localhost $_CLS core-site hadoop.http.authentication.type kerberos
/var/lib/ambari-server/resources/scripts/configs.sh set localhost $_CLS core-site hadoop.http.authentication.kerberos.keytab /etc/security/keytabs/spnego.service.keytab
/var/lib/ambari-server/resources/scripts/configs.sh set localhost $_CLS core-site hadoop.http.authentication.kerberos.principal org.apache.hadoop.security.AuthenticationFilterInitializer
/var/lib/ambari-server/resources/scripts/configs.sh set localhost $_CLS core-site hadoop.http.authentication.kerberos.principal HTTP/_HOST@EXAMPLE.COM
/var/lib/ambari-server/resources/scripts/configs.sh set localhost $_CLS core-site hadoop.http.authentication.cookie.domain localdomain
# on all nodes
dd if=/dev/urandom of=/etc/security/http_secret bs=1024 count=1 && chown hdfs:hadoop /etc/security/http_secret && chmod 440 /etc/security/http_secret
auth_to_localも変更
RULE:[1:$1@$0](ambari-qa-ubu04c6@EXAMPLE.COM)s/.*/ambari-qa/
RULE:[1:$1@$0](hdfs-ubu04c6@EXAMPLE.COM)s/.*/hdfs/
RULE:[1:$1@$0](ambari-qa-ubu04c1@EXAMPLE.COM)s/.*/ambari-qa/
RULE:[1:$1@$0](hdfs-ubu04c1@EXAMPLE.COM)s/.*/hdfs/
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/
RULE:[2:$1@$0](hive@EXAMPLE.COM)s/.*/hive/
RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/
RULE:[2:$1@$0](nm@EXAMPLE.COM)s/.*/yarn/
RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/
RULE:[2:$1@$0](rm@EXAMPLE.COM)s/.*/yarn/
RULE:[2:$1@$0](yarn@EXAMPLE.COM)s/.*/yarn/
DEFAULT
テスト中に出たエラー
上記の”RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//”がないと、"Usernames not matched: name=hdfs != expected=hdfs-ubu04c1"
"Requested user hdfs is not whitelisted and has id 504,which is below the minimum allowed 1000"
YARN => Advanced yarn-env => Minimum user ID for submitting job
MAPREDUCE-6565 回避方法
su - hdfs
kinit -kt /etc/security/keytabs/hdfs.headless.keytab hdfs-ubu04c1
hdfs dfs -get /hdp/apps/2.4.2.0-258/mapreduce/mapreduce.tar.gz
tar xzvf mapreduce.tar.gz
# hadoop.security.token.service.use_ipを追加
vi ./hadoop/etc/hadoop/core-site.xml
mv mapreduce.tar.gz mapreduce.tar.gz.orig
tar czvf mapreduce.tar.gz hadoop
# 'hdfs'ユーザーとしてアップロード
hdfs dfs -put -f ./mapreduce.tar.gz /hdp/apps/2.4.2.0-258/mapreduce/mapreduce.tar.gz
最後に":$PWD/mr-framework/hadoop/etc/hadoop/"(アスタリスク*は使わない)がmapred-site mapreduce.application.classpathにあることを確認
kinit -kt /etc/security/keytabs/hdfs.headless.keytab hdfs-ubu04c1
hdfs dfs -get /hdp/apps/2.4.2.0-258/mapreduce/mapreduce.tar.gz
tar xzvf mapreduce.tar.gz
# hadoop.security.token.service.use_ipを追加
vi ./hadoop/etc/hadoop/core-site.xml
mv mapreduce.tar.gz mapreduce.tar.gz.orig
tar czvf mapreduce.tar.gz hadoop
# 'hdfs'ユーザーとしてアップロード
hdfs dfs -put -f ./mapreduce.tar.gz /hdp/apps/2.4.2.0-258/mapreduce/mapreduce.tar.gz
最後に":$PWD/mr-framework/hadoop/etc/hadoop/"(アスタリスク*は使わない)がmapred-site mapreduce.application.classpathにあることを確認
補足:
NameNode HAでWebhdfs/SwebhdfsをDistcpで使う場合は下記のコンフィグが必要
dfs.namenode.http-address.<REMOTE_NAMESERVICE>.nn1=remote_namenode1:50070
dfs.namenode.http-address.<REMOTE_NAMESERVICE>.nn2=remote_namenode2:50070
dfs.namenode.https-address.<REMOTE_NAMESERVICE>.nn1=remote_namenode1:50470
dfs.namenode.https-address.<REMOTE_NAMESERVICE>.nn2=remote_namenode2:50470
dfs.namenode.http-address.<REMOTE_NAMESERVICE>.nn2=remote_namenode2:50070
dfs.namenode.https-address.<REMOTE_NAMESERVICE>.nn1=remote_namenode1:50470
dfs.namenode.https-address.<REMOTE_NAMESERVICE>.nn2=remote_namenode2:50470
0 件のコメント:
コメントを投稿