公众号第三方网站开发,广告代理商,做百度网站要注意什么,广告设计与制作软件哪个好作者#xff1a;櫰木
1、集群规划
主机版本角色系统用户hd1.dtstack.com3.7.1followerzookeeperhd2.dtstack.com3.7.1leaderzookeeperhd3.dtstack.com3.7.1followerzookeeper
2、zookeeper kerberos主体创建
在生产中zk服务端和客户端票据可以设置成不通名称或相同名称櫰木
1、集群规划
主机版本角色系统用户hd1.dtstack.com3.7.1followerzookeeperhd2.dtstack.com3.7.1leaderzookeeperhd3.dtstack.com3.7.1followerzookeeper
2、zookeeper kerberos主体创建
在生产中zk服务端和客户端票据可以设置成不通名称或相同名称本次设置成同一个票据名称zookeeper/HOSTDTSTACK.COM格式表示zk服务端和客户端票据。
票据名票据文件文件分布zookeeper/hd1.dtstack.comDTSTACK.COM/etc/security/keytab/zookeeper.keytabhd1.dtstack.com主机zookeeper/hd2.dtstack.comDTSTACK.COM/etc/security/keytab/zookeeper.keytabhd2.dtstack.com主机zookeeper/hd3.dtstack.comDTSTACK.COM/etc/security/keytab/zookeeper.keytabhd3.dtstack.com主机
在hd1.dtstack.com主机上root权限下创建kerberos主体使用zookeeper系统用
在每台机器上执行生成脚本执行此脚本可自动生成principal在每个节点执行
bash /root/bigdata/getkeytabs.sh /etc/security/keytab/zookeeper.keytab zookeeper3、zookeeper 安装
修改配置文件
roothd2.dtstack.com ~]# cd /root/bigdata tar -xzvf apache-zookeeper-3.7.1-bin.tar.gz -C /opt
[roothd2.dtstack.com ~]# ln -s /opt/apache-zookeeper-3.7.1-bin/ /opt/zookeeper
[roothd2.dtstack.com ~]#cd /opt/zookeeper
[roothd2.dtstack.com conf]#cat zoo.cfgEOF
tickTime2000
initLimit10
syncLimit5
dataDir/data/zookeeper/data/
dataLogDir/data/zookeeper/log/
clientPort2181
maxCnxns20000
maxClientCnxns2000
minSessionTimeout4000
maxSessionTimeout60000
autopurge.purgeInterval24
autopurge.snapRetainCount5
quorum.cnxn.threads.size20
#zk集群服务地址配置
server.1hd1:2888:3888
server.2hd2:2888:3888
server.3hd3:2888:3888
#zk kerberos配置
authProvider.1org.apache.zookeeper.server.auth.SASLAuthenticationProvider
jaasLoginRenew3600000
kerberos.removeHostFromPrincipaltrue
kerberos.removeRealmFromPrincipaltrue
requireClientAuthSchemesasl
quorum.auth.enableSasltrue
quorum.auth.learner.saslLoginContextLearner
quorum.auth.server.saslLoginContextServer
quorum.auth.kerberos.servicePrincipalzookeeper/hd1.dtstack.comDTSTACK.COM
4lw.commands.whitelistmntr,conf,ruok,cons
EOF说明
改配置文件中ssl配置标红色部分目的是解决ranger 配置hive等组件在连接测试过程出现无权限问题创建SSL认证文件zookeeper-jaas.conf、java.env
roothd2.dtstack.com conf]# cat zookeeper-jaas.confEOF
Server {com.sun.security.auth.module.Krb5LoginModule requireduseKeyTabtruekeyTab/etc/security/keytab/zookeeper.keytabstoreKeytrueuseTicketCachefalseprincipalzookeeper/hd2.dtstack.comDTSTACK.COM;
};
Client {com.sun.security.auth.module.Krb5LoginModule requireduseKeyTabtruekeyTab/etc/security/keytab/zookeeper.keytabstoreKeytrueuseTicketCachefalseprincipalzookeeper/hd2.dtstack.comDTSTACK.COM;
};
Learner {com.sun.security.auth.module.Krb5LoginModule requireduseKeyTabtruekeyTab/etc/security/keytab/zookeeper.keytabstoreKeytrueuseTicketCachefalseprincipalzookeeper/hd2.dtstack.comDTSTACK.COM;
};
EOF说明
principal用具体票据名不能用hadoop/host_nameDTSTACK.COM或hadoop/_HOSTDTSTACK.COM,否则报错zk服务端和客户端票据在kerberos中已经创建此处省略客户端和服务端票据是不一样的
roothd2.dtstack.com conf]# cat java.envEOF
export JVMFLAGS-Djava.security.auth.login.config/opt/zookeeper/conf/zookeeper-jaas.conf
export JAVA_HOME/opt/java
EOF[roothd2.dtstack.com conf]# cat /data/zookeeper/data/myidEOF
2
EOF同步到其他机器
roothd2.dtstack.com conf]# cd /opt/
[roothd2.dtstack.com software]# scp -r apache-zookeeper-3.7.1-bin roothd1.dtstack.com:/opt/
[roothd2.dtstack.com software]# scp -r apache-zookeeper-3.7.1-bin roothd3.dtstack.com:/opt/在其他机器修改对应配置
hd1.dtstack.com主机root权限
[roothd1.dtstack.com conf]# cat /data/zookeeper/data/myidEOF
1
EOF[roothd1.dtstack.com ~]# cd /opt/apache-zookeeper-3.7.1-bin/conf
[roothd1.dtstack.com ~]# sed -i s#hd2.dtstack.com#hd1.dtstack.com#g zookeeper-jaas.conf
[roothd1.dtstack.com ~]# sed -i s#hd2.dtstack.com#hd1.dtstack.com#g zoo.cfghd3.dtstack.com主机root权限
[roothd3.dtstack.com conf]# cat /data/zookeeper/data/myidEOF
3
EOF
[roothd3.dtstack.com ~]# cd /opt/apache-zookeeper-3.7.1-bin/conf
[roothd3.dtstack.com ~]# sed -i s#hd2.dtstack.com#hd3.dtstack.com#g zookeeper-jaas.conf
[roothd3.dtstack.com ~]# sed -i s#hd2.dtstack.com#hd3.dtstack.com#g zoo.cfg4 zookeeper集群启停
zk集群启停脚本zk_cluster.sh内容如下
[roothd1.dtstack.com apache-zookeeper-3.7.1-bin]# cat zk_cluster.shEOF
#!/bin/bashcase $1 in
start){
for i in hd1.dtstack.com hd2.dtstack.com hd3.dtstack.com
doecho ---------- zookeeper $i 启动 ------------
ssh $i source /etc/profile;/opt/zookeeper/bin/zkServer.sh start
done
};;
stop){
for i in hd1.dtstack.com hd2.dtstack.com hd3.dtstack.com
doecho ---------- zookeeper $i 停止 ------------
ssh $i source /etc/profile;/opt/zookeeper/bin/zkServer.sh stop
done
};;
status){
for i in hd{1..3}
doecho ---------- zookeeper $i 状态 ------------
ssh $i source /etc/profile;/opt/zookeeper/bin/zkServer.sh status
done
};;
esac
EOF修改整体目录文件权限
[roothd1.dtstack.com apache-zookeeper-3.6.3-bin]# chown -R zookeeper:zookeeper /opt/apache-zookeeper-3.7.1-bin启动命令
sh zk_cluster.sh start停止命令
sh zk_cluster.sh stop查看状态命令
sh zk_cluster.sh status5 zookeeper集群验证
可通过执行sh zk_cluster.sh status查看
端口查看命令netstat -an|grep 2181
进程查看命令jps
至此zk三节点集群搭建完成
更多技术信息请查看云掣官网https://yunche.pro/?tyrgw
