Ranger Admin + Haproxy + Keepalived 高可用
主机:
vip:172.17.8.189
ip:
172.17.8.85
172.17.8.59
ranger admin:
172.17.8.94
172.17.8.89
keepalived: 2.0.16
haproxy: 2.0.8
ranger admin: 0.5.4-SNAPSHOT
https://www.keepalived.org/software/keepalived-2.0.16.tar.gz
http://www.haproxy.org/download/2.0/src/haproxy-2.0.8.tar.gz
172.17.8.89 安装ranger admin:
[******@****-**-dev05-84 target]$ pwd
/home/******/ranger/target
[******@****-**-dev05-84 target]$ scp ranger-0.5.4-SNAPSHOT-admin.tar.gz 172.17.8.89:/home/******/
ranger-0.5.4-SNAPSHOT-admin.tar.gz
登录172.17.8.89
[******@****-**-dev09-889 ~]$ sudo su - root
Last login: Mon Oct 28 11:27:08 CST 2019 on pts/0
[root@****-**-dev09-889 ~]# cd /usr/local/
[root@****-**-dev09-889 local]# cp /home/******/ranger-0.5.4-SNAPSHOT-admin.tar.gz ./
[root@****-**-dev09-889 local]# tar -xvf ranger-0.5.4-SNAPSHOT-admin.tar.gz
[root@****-**-dev09-889 local]# ln -s ranger-0.5.4-SNAPSHOT-admin ranger-admin
拷贝mysql jdbc jar:
[******@****-**-dev06-894 ~]$ scp mysql-connector-java.jar 172.17.8.89:/home/******/
mysql-connector-java.jar
root@****-**-dev09-889 local]# cd ranger-admin/
[root@****-**-dev09-889 ranger-admin]# cp /home/******/mysql-connector-java.jar ./
[root@****-**-dev09-889 ranger-admin]# ls -al mysql-connector-java.jar
-rw-r--r-- 1 root root 985600 Oct 29 11:02 mysql-connector-java.jar
修改配置文件:
[root@****-**-dev09-889 ranger-admin]# vim install.properties
[root@****-**-dev09-889 ranger-admin]# cat install.properties | grep -v "^#" | grep -v "^$"
PYTHON_COMMAND_INVOKER=python
DB_FLAVOR=MYSQL
SQL_CONNECTOR_JAR=/usr/local/ranger-admin/mysql-connector-java.jar
db_root_user=rangerdba
db_root_password=rangerdba
db_host=172.17.8.48:3306
db_name=ranger
db_user=rangeradmin
db_password=*****
audit_store=solr
audit_solr_urls=http://172.17.8.4:6083/solr/ranger_audits
audit_solr_user=
audit_solr_password=
audit_solr_zookeepers=
audit_db_name=ranger_audit
audit_db_user=rangerlogger
audit_db_password=
policymgr_external_url=http://localhost:6080
policymgr_http_enabled=true
unix_user=ranger
unix_group=ranger
authentication_method=UNIX
remoteLoginEnabled=true
authServiceHostName=172.17.8.85
authServicePort=5151
修改setup.sh:
[root@****-**-dev09-889 ranger-admin]# chmod +x setup.sh
[root@****-**-dev09-889 ranger-admin]# vim setup.sh
注释脚本如下几行:
[root@****-**-dev09-889 ranger-admin]# cat setup.sh | grep "^#"
#run_dba_steps
#if [ "$?" == "0" ]
#then
#$PYTHON_COMMAND_INVOKER db_setup.py
#else
# exit 1
#fi
#$PYTHON_COMMAND_INVOKER db_setup.py -javapatch
[root@****-**-dev09-889 ranger-admin]# export JAVA_HOME=/usr/java/jdk1.7.0_80
[root@****-**-dev09-889 ranger-admin]# ./setup.sh
报错:
Error creating Alias!! Error: SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
Oct 29, 2019 11:15:12 AM org.apache.hadoop.util.NativeCodeLoader
WARNING: Unable to load native-hadoop library for your platform... using builtin-java classes where applicable
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/htrace/core/Tracer$Builder
at org.apache.hadoop.fs.FsTracer.get(FsTracer.java:42)
at org.apache.hadoop.fs.FileSystem.createFileSystem(FileSystem.java:2696)
at org.apache.hadoop.fs.FileSystem.access$200(FileSystem.java:99)
at org.apache.hadoop.fs.FileSystem$Cache.getInternal(FileSystem.java:2761)
at org.apache.hadoop.fs.FileSystem$Cache.get(FileSystem.java:2743)
at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:387)
at org.apache.hadoop.fs.Path.getFileSystem(Path.java:296)
at org.apache.hadoop.security.alias.JavaKeyStoreProvider.initFileSystem(JavaKeyStoreProvider.java:89)
at org.apache.hadoop.security.alias.AbstractJavaKeyStoreProvider.
at org.apache.hadoop.security.alias.JavaKeyStoreProvider.
at org.apache.hadoop.security.alias.JavaKeyStoreProvider.
at org.apache.hadoop.security.alias.JavaKeyStoreProvider$Factory.createProvider(JavaKeyStoreProvider.java:100)
at org.apache.hadoop.security.alias.CredentialProviderFactory.getProviders(CredentialProviderFactory.java:58)
at org.apache.ranger.credentialapi.CredentialReader.getDecryptedString(CredentialReader.java:58)
at org.apache.ranger.credentialapi.buildks.createCredential(buildks.java:86)
at org.apache.ranger.credentialapi.buildks.main(buildks.java:39)
Caused by: java.lang.ClassNotFoundException: org.apache.htrace.core.Tracer$Builder
at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
... 16 more
拷贝下面jar:
[root@****-**-dev09-889 lib]# cp /opt/cloudera/parcels/CDH/jars/htrace-core4-4.0.1-incubating.jar ./
[root@****-**-dev09-889 lib]# pwd
/usr/local/ranger-admin/cred/lib
[root@****-**-dev09-889 lib]# cd /usr/local/ranger-admin/
[root@****-**-dev09-889 ranger-admin]# ./setup.sh
Installation of Ranger PolicyManager Web Application is completed.
启动服务:
[root@****-**-dev09-889 ranger-admin]# service ranger-admin start
Starting Apache Ranger Admin.
Apache Ranger Admin has started.
登录管理页面:
http://172.17.8.89:6080
用户名:admin 密码:admin
安装Haproxy:
直接下载失败,从其它机器拷贝:
$ scp /e/downloads/haproxy-2.0.8.tar.gz ******@172.17.8.85:/home/******
haproxy-2.0.8.tar.gz 100% 2487KB 1.2MB/s 00:02
[root@****-**-dev03-885 local]# cp /home/******/haproxy-2.0.8.tar.gz ./
[root@****-**-dev03-885 local]# tar -xvf haproxy-2.0.8.tar.gz
[root@****-**-dev03-885 local]# cd haproxy-2.0.8/
查看make TARGET 参数值:
linux2628 for Linux 2.6.28, 3.x, and above (enables splice and tproxy)
[root@****-**-dev03-885 haproxy-2.0.8]# uname -a
Linux ****-**-dev03-885.*******.com 3.10.0-957.10.1.el7.x86_64 #1 SMP Mon Mar 18 15:06:45 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
[root@****-**-dev03-885 haproxy-2.0.8]# make TARGET=linux2628
Target 'linux2628' was removed from HAProxy 2.0 due to being irrelevant and
often wrong. Please use 'linux-glibc' instead or define your custom target
by checking available options using 'make help TARGET=
make: *** [all] Error 1
[root@****-**-dev03-885 haproxy-2.0.8]# make TARGET=linux-glibc
CC src/ev_poll.o
/bin/sh: gcc: command not found
make: *** [src/ev_poll.o] Error 127
没有gcc命令,安装gcc:
[root@****-**-dev03-885 haproxy-2.0.8]# yum -y install gcc
[root@****-**-dev03-885 haproxy-2.0.8]# make TARGET=linux-glibc
[root@****-**-dev03-885 haproxy-2.0.8]# make install PREFIX=/usr/local/haproxy
[root@****-**-dev03-885 haproxy-2.0.8]# useradd haproxy
配置参数文件:
[root@****-**-dev03-885 haproxy-2.0.8]# cd ..
[root@****-**-dev03-885 local]# cd haproxy
[root@****-**-dev03-885 haproxy]# pwd
/usr/local/haproxy
[root@****-**-dev03-885 haproxy]# mkdir /etc/haproxy
[root@****-**-dev03-885 haproxy]# vim /etc/haproxy/haproxy.cfg
[root@****-**-dev03-885 haproxy]# cat /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
chroot /var/lib/haproxy
stats timeout 30s
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
nbproc 1
maxconn 4000
defaults
mode http
log global
option httplog
option httpclose
log 127.0.0.1 local2
option dontlognull
option forwardfor
option redispatch
option http-keep-alive
retries 3
stats uri /haproxy?stats
timeout http-request 10s
timeout http-keep-alive 10s
option httpchk /
timeout connect 5000
timeout client 50000
timeout server 50000
maxconn 4000
frontend http_front
bind *:6080
http-request set-header X-Forwarded-Proto http
default_backend servers
backend servers
mode http
balance roundrobin
cookie LB insert
server server1 172.17.8.94:6080 maxconn 200 weight 10 cookie 1 check inter 5000 rise 3 fall 3
server server2 172.17.8.89:6080 maxconn 200 weight 10 cookie 2 check inter 5000 rise 3 fall 3
Haproxy使用系统服务收集日志:
[root@****-**-dev03-885 haproxy]# vim /etc/rsyslog.conf
取消下面两行注释:
$ModLoad imu**
$U**ServerRun 514
添加:
local0.* /usr/local/haproxy/logs/haproxy.log
local2.* /usr/local/haproxy/logs/haproxy.log
[root@****-**-dev03-885 haproxy]# mkdir -p /var/lib/haproxy
重启系统日志服务:
[root@****-**-dev03-885 haproxy]# systemctl restart rsyslog.service
[root@****-**-dev03-885 haproxy]# /usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c
Configuration file is valid
启动服务:
[root@****-**-dev03-885 haproxy]# /usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg
停掉服务:
[root@****-**-dev03-885 haproxy]# killall haproxy
配置服务启动脚本:
[root@****-**-dev03-885 haproxy]# cp ../haproxy-2.0.8/examples/haproxy.init /etc/init.d/haproxy
[root@****-**-dev03-885 haproxy]# chmod +x /etc/init.d/haproxy
[root@****-**-dev03-885 haproxy]# ln -s /usr/local/haproxy/sbin/haproxy /usr/sbin/haproxy
[root@****-**-dev03-885 haproxy]# haproxy -v
HA-Proxy version 2.0.8 2019/10/23 - https://haproxy.org/
[root@****-**-dev03-885 haproxy]# systemctl daemon-reload
[root@****-**-dev03-885 haproxy]# systemctl start haproxy
使用keepalived,无需设置开启自启动
#[root@****-**-dev03-885 haproxy]# chkconfig haproxy on
按以上操作配置,172.17.8.59 Haproxy
http://172.17.8.59:6080
统计页面:
http://172.17.8.59:6080/haproxy?stats
安装KeepAlived:
172.17.8.85
[******@****-**-dev03-885 ~]$ wget https://www.keepalived.org/software/keepalived-2.0.16.tar.gz
[******@****-**-dev03-885 ~] sudo su - root
[root@****-**-dev03-885 ~]# cd /usr/local/
[root@****-**-dev03-885 local]# cp /home/******/keepalived-2.0.16.tar.gz ./
[root@****-**-dev03-885 local]# tar -xvf keepalived-2.0.16.tar.gz
[root@****-**-dev03-885 local]# yum install openssl openssl-devel libnfnetlink-devel gcc libnl3-devel net-snmp-devel -y
[root@****-**-dev03-885 local]# cd keepalived-2.0.16/
[root@****-**-dev03-885 keepalived-2.0.16]# ./configure --with-init=SYSV --prefix=/usr/local/keepalived
[root@****-**-dev03-885 keepalived-2.0.16]# make
[root@****-**-dev03-885 keepalived-2.0.16]# make install
拷贝文件:
[root@****-**-dev03-885 keepalived-2.0.16]# cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[root@****-**-dev03-885 keepalived-2.0.16]# cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
[root@****-**-dev03-885 keepalived-2.0.16]# ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin/keepalived
[root@****-**-dev03-885 keepalived-2.0.16]# chmod +x /etc/init.d/keepalived
建立配置文件:
[root@****-**-dev03-885 keepalived-2.0.16]# mkdir /etc/keepalived
[root@****-**-dev03-885 keepalived-2.0.16]# cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
启动:
[root@****-**-dev03-885 keepalived-2.0.16]# systemctl daemon-reload
[root@****-**-dev03-885 keepalived-2.0.16]# systemctl start keepalived
[root@****-**-dev03-885 keepalived-2.0.16]# systemctl status keepalived
开机自启动:
[root@****-**-dev03-885 keepalived-2.0.16]# chkconfig keepalived on
同样安装:172.17.8.59
配置文件(主节点):
[root@****-**-dev03-885 keepalived-2.0.16]# vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
[root@****-**-dev03-885 keepalived-2.0.16]# sysctl -p
keepalived配置:
主节点:
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 172.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
! vrrp_strict
vrrp_garp_interval 0.001
vrrp_gna_interval 0.000001
}
vrrp_script check_haproxy {
script "killall -0 haproxy"
interval 2
weight 2
fall 3
rise 3
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 189
priority 101
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
unicast_peer {
172.17.8.85
172.17.8.59
}
virtual_ipaddress {
172.17.8.189
}
track_script {
check_haproxy
}
}
从节点:
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 172.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
! vrrp_strict
vrrp_garp_interval 0.001
vrrp_gna_interval 0.000001
}
vrrp_script check_haproxy {
script "killall -0 haproxy"
interval 2
weight 2
fall 3
rise 3
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 189
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
unicast_peer {
172.17.8.85
172.17.8.59
}
virtual_ipaddress {
172.17.8.189
}
track_script {
check_haproxy
}
}
验证:
[root@****-**-dev03-885 ~]# ip addr show eth0
2: eth0:
link/ether fa:16:3e:11:6f:46 brd ff:ff:ff:ff:ff:ff
inet 172.17.8.85/24 brd 172.17.8.255 scope global eth0
valid_lft forever preferred_lft forever
inet 172.17.8.189/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe11:6f46/64 scope link
valid_lft forever preferred_lft forever
[root@****-**-dev03-885 ~]# systemctl stop haproxy
[root@****-**-dev03-885 ~]# ip addr show eth0
2: eth0:
link/ether fa:16:3e:11:6f:46 brd ff:ff:ff:ff:ff:ff
inet 172.17.8.85/24 brd 172.17.8.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe11:6f46/64 scope link
valid_lft forever preferred_lft forever
[root@****-**-dev04-859 ~]# ip addr show eth0
2: eth0:
link/ether fa:16:3e:cc:d5:07 brd ff:ff:ff:ff:ff:ff
inet 172.17.8.59/24 brd 172.17.8.255 scope global eth0
valid_lft forever preferred_lft forever
inet 172.17.8.189/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fecc:d507/64 scope link
valid_lft forever preferred_lft forever
[root@****-**-dev03-885 ~]# systemctl start haproxy
[root@****-**-dev03-885 ~]# ip addr show eth0
2: eth0:
link/ether fa:16:3e:11:6f:46 brd ff:ff:ff:ff:ff:ff
inet 172.17.8.85/24 brd 172.17.8.255 scope global eth0
valid_lft forever preferred_lft forever
inet 172.17.8.189/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe11:6f46/64 scope link
valid_lft forever preferred_lft forever