Ranger Admin + Haproxy + Keepalived 高可用

mac2024-05-18 29

主机： vip:172.17.8.189 ip: 172.17.8.85 172.17.8.59 ranger admin: 172.17.8.94 172.17.8.89

keepalived: 2.0.16 haproxy: 2.0.8 ranger admin: 0.5.4-SNAPSHOT

https://www.keepalived.org/software/keepalived-2.0.16.tar.gz http://www.haproxy.org/download/2.0/src/haproxy-2.0.8.tar.gz

172.17.8.89 安装ranger admin: [******@****-**-dev05-84 target]$ pwd /home/******/ranger/target [******@****-**-dev05-84 target]$ scp ranger-0.5.4-SNAPSHOT-admin.tar.gz 172.17.8.89:/home/******/ ranger-0.5.4-SNAPSHOT-admin.tar.gz 登录172.17.8.89 [******@****-**-dev09-889 ~]$ sudo su - root Last login: Mon Oct 28 11:27:08 CST 2019 on pts/0 [root@****-**-dev09-889 ~]# cd /usr/local/ [root@****-**-dev09-889 local]# cp /home/******/ranger-0.5.4-SNAPSHOT-admin.tar.gz ./ [root@****-**-dev09-889 local]# tar -xvf ranger-0.5.4-SNAPSHOT-admin.tar.gz [root@****-**-dev09-889 local]# ln -s ranger-0.5.4-SNAPSHOT-admin ranger-admin 拷贝mysql jdbc jar: [******@****-**-dev06-894 ~]$ scp mysql-connector-java.jar 172.17.8.89:/home/******/ mysql-connector-java.jar

root@****-**-dev09-889 local]# cd ranger-admin/ [root@****-**-dev09-889 ranger-admin]# cp /home/******/mysql-connector-java.jar ./ [root@****-**-dev09-889 ranger-admin]# ls -al mysql-connector-java.jar -rw-r--r-- 1 root root 985600 Oct 29 11:02 mysql-connector-java.jar 修改配置文件： [root@****-**-dev09-889 ranger-admin]# vim install.properties [root@****-**-dev09-889 ranger-admin]# cat install.properties | grep -v "^#" | grep -v "^$" PYTHON_COMMAND_INVOKER=python DB_FLAVOR=MYSQL SQL_CONNECTOR_JAR=/usr/local/ranger-admin/mysql-connector-java.jar db_root_user=rangerdba db_root_password=rangerdba db_host=172.17.8.48:3306 db_name=ranger db_user=rangeradmin db_password=***** audit_store=solr audit_solr_urls=http://172.17.8.4:6083/solr/ranger_audits audit_solr_user= audit_solr_password= audit_solr_zookeepers= audit_db_name=ranger_audit audit_db_user=rangerlogger audit_db_password= policymgr_external_url=http://localhost:6080 policymgr_http_enabled=true unix_user=ranger unix_group=ranger authentication_method=UNIX remoteLoginEnabled=true authServiceHostName=172.17.8.85 authServicePort=5151 修改setup.sh： [root@****-**-dev09-889 ranger-admin]# chmod +x setup.sh [root@****-**-dev09-889 ranger-admin]# vim setup.sh 注释脚本如下几行： [root@****-**-dev09-889 ranger-admin]# cat setup.sh | grep "^#" #run_dba_steps #if [ "$?" == "0" ] #then #$PYTHON_COMMAND_INVOKER db_setup.py #else # exit 1 #fi #$PYTHON_COMMAND_INVOKER db_setup.py -javapatch [root@****-**-dev09-889 ranger-admin]# export JAVA_HOME=/usr/java/jdk1.7.0_80 [root@****-**-dev09-889 ranger-admin]# ./setup.sh 报错： Error creating Alias!! Error: SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder". SLF4J: Defaulting to no-operation (NOP) logger implementation SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details. Oct 29, 2019 11:15:12 AM org.apache.hadoop.util.NativeCodeLoader <clinit> WARNING: Unable to load native-hadoop library for your platform... using builtin-java classes where applicable Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/htrace/core/Tracer$Builder at org.apache.hadoop.fs.FsTracer.get(FsTracer.java:42) at org.apache.hadoop.fs.FileSystem.createFileSystem(FileSystem.java:2696) at org.apache.hadoop.fs.FileSystem.access$200(FileSystem.java:99) at org.apache.hadoop.fs.FileSystem$Cache.getInternal(FileSystem.java:2761) at org.apache.hadoop.fs.FileSystem$Cache.get(FileSystem.java:2743) at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:387) at org.apache.hadoop.fs.Path.getFileSystem(Path.java:296) at org.apache.hadoop.security.alias.JavaKeyStoreProvider.initFileSystem(JavaKeyStoreProvider.java:89) at org.apache.hadoop.security.alias.AbstractJavaKeyStoreProvider.<init>(AbstractJavaKeyStoreProvider.java:85) at org.apache.hadoop.security.alias.JavaKeyStoreProvider.<init>(JavaKeyStoreProvider.java:49) at org.apache.hadoop.security.alias.JavaKeyStoreProvider.<init>(JavaKeyStoreProvider.java:41) at org.apache.hadoop.security.alias.JavaKeyStoreProvider$Factory.createProvider(JavaKeyStoreProvider.java:100) at org.apache.hadoop.security.alias.CredentialProviderFactory.getProviders(CredentialProviderFactory.java:58) at org.apache.ranger.credentialapi.CredentialReader.getDecryptedString(CredentialReader.java:58) at org.apache.ranger.credentialapi.buildks.createCredential(buildks.java:86) at org.apache.ranger.credentialapi.buildks.main(buildks.java:39) Caused by: java.lang.ClassNotFoundException: org.apache.htrace.core.Tracer$Builder at java.net.URLClassLoader$1.run(URLClassLoader.java:366) at java.net.URLClassLoader$1.run(URLClassLoader.java:355) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:354) at java.lang.ClassLoader.loadClass(ClassLoader.java:425) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308) at java.lang.ClassLoader.loadClass(ClassLoader.java:358) ... 16 more 拷贝下面jar： [root@****-**-dev09-889 lib]# cp /opt/cloudera/parcels/CDH/jars/htrace-core4-4.0.1-incubating.jar ./ [root@****-**-dev09-889 lib]# pwd /usr/local/ranger-admin/cred/lib [root@****-**-dev09-889 lib]# cd /usr/local/ranger-admin/ [root@****-**-dev09-889 ranger-admin]# ./setup.sh Installation of Ranger PolicyManager Web Application is completed. 启动服务： [root@****-**-dev09-889 ranger-admin]# service ranger-admin start Starting Apache Ranger Admin. Apache Ranger Admin has started. 登录管理页面： http://172.17.8.89:6080

用户名：admin 密码：admin

安装Haproxy：

直接下载失败，从其它机器拷贝： $ scp /e/downloads/haproxy-2.0.8.tar.gz ******@172.17.8.85:/home/****** haproxy-2.0.8.tar.gz 100% 2487KB 1.2MB/s 00:02 [root@****-**-dev03-885 local]# cp /home/******/haproxy-2.0.8.tar.gz ./ [root@****-**-dev03-885 local]# tar -xvf haproxy-2.0.8.tar.gz [root@****-**-dev03-885 local]# cd haproxy-2.0.8/

查看make TARGET 参数值： linux2628 for Linux 2.6.28, 3.x, and above (enables splice and tproxy) [root@****-**-dev03-885 haproxy-2.0.8]# uname -a Linux ****-**-dev03-885.*******.com 3.10.0-957.10.1.el7.x86_64 #1 SMP Mon Mar 18 15:06:45 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

[root@****-**-dev03-885 haproxy-2.0.8]# make TARGET=linux2628

Target 'linux2628' was removed from HAProxy 2.0 due to being irrelevant and often wrong. Please use 'linux-glibc' instead or define your custom target by checking available options using 'make help TARGET=<your-target>'.

make: *** [all] Error 1

[root@****-**-dev03-885 haproxy-2.0.8]# make TARGET=linux-glibc CC src/ev_poll.o /bin/sh: gcc: command not found make: *** [src/ev_poll.o] Error 127

没有gcc命令,安装gcc: [root@****-**-dev03-885 haproxy-2.0.8]# yum -y install gcc [root@****-**-dev03-885 haproxy-2.0.8]# make TARGET=linux-glibc [root@****-**-dev03-885 haproxy-2.0.8]# make install PREFIX=/usr/local/haproxy [root@****-**-dev03-885 haproxy-2.0.8]# useradd haproxy 配置参数文件： [root@****-**-dev03-885 haproxy-2.0.8]# cd .. [root@****-**-dev03-885 local]# cd haproxy [root@****-**-dev03-885 haproxy]# pwd /usr/local/haproxy [root@****-**-dev03-885 haproxy]# mkdir /etc/haproxy [root@****-**-dev03-885 haproxy]# vim /etc/haproxy/haproxy.cfg [root@****-**-dev03-885 haproxy]# cat /etc/haproxy/haproxy.cfg global log 127.0.0.1 local0 log 127.0.0.1 local1 notice chroot /var/lib/haproxy stats timeout 30s user haproxy group haproxy daemon stats socket /var/lib/haproxy/stats nbproc 1 maxconn 4000

defaults mode http log global option httplog option httpclose log 127.0.0.1 local2 option dontlognull option forwardfor option redispatch option http-keep-alive retries 3 stats uri /haproxy?stats timeout http-request 10s timeout http-keep-alive 10s option httpchk / timeout connect 5000 timeout client 50000 timeout server 50000 maxconn 4000

frontend http_front bind *:6080 http-request set-header X-Forwarded-Proto http default_backend servers

backend servers mode http balance roundrobin cookie LB insert server server1 172.17.8.94:6080 maxconn 200 weight 10 cookie 1 check inter 5000 rise 3 fall 3 server server2 172.17.8.89:6080 maxconn 200 weight 10 cookie 2 check inter 5000 rise 3 fall 3 Haproxy使用系统服务收集日志： [root@****-**-dev03-885 haproxy]# vim /etc/rsyslog.conf 取消下面两行注释： $ModLoad imu** $U**ServerRun 514 添加： local0.* /usr/local/haproxy/logs/haproxy.log local2.* /usr/local/haproxy/logs/haproxy.log [root@****-**-dev03-885 haproxy]# mkdir -p /var/lib/haproxy 重启系统日志服务： [root@****-**-dev03-885 haproxy]# systemctl restart rsyslog.service [root@****-**-dev03-885 haproxy]# /usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c Configuration file is valid 启动服务： [root@****-**-dev03-885 haproxy]# /usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg

停掉服务： [root@****-**-dev03-885 haproxy]# killall haproxy

配置服务启动脚本： [root@****-**-dev03-885 haproxy]# cp ../haproxy-2.0.8/examples/haproxy.init /etc/init.d/haproxy [root@****-**-dev03-885 haproxy]# chmod +x /etc/init.d/haproxy [root@****-**-dev03-885 haproxy]# ln -s /usr/local/haproxy/sbin/haproxy /usr/sbin/haproxy [root@****-**-dev03-885 haproxy]# haproxy -v HA-Proxy version 2.0.8 2019/10/23 - https://haproxy.org/ [root@****-**-dev03-885 haproxy]# systemctl daemon-reload [root@****-**-dev03-885 haproxy]# systemctl start haproxy

使用keepalived,无需设置开启自启动 #[root@****-**-dev03-885 haproxy]# chkconfig haproxy on

按以上操作配置，172.17.8.59 Haproxy

http://172.17.8.59:6080

统计页面: http://172.17.8.59:6080/haproxy?stats

安装KeepAlived: 172.17.8.85 [******@****-**-dev03-885 ~]$ wget https://www.keepalived.org/software/keepalived-2.0.16.tar.gz [******@****-**-dev03-885 ~] sudo su - root [root@****-**-dev03-885 ~]# cd /usr/local/ [root@****-**-dev03-885 local]# cp /home/******/keepalived-2.0.16.tar.gz ./ [root@****-**-dev03-885 local]# tar -xvf keepalived-2.0.16.tar.gz [root@****-**-dev03-885 local]# yum install openssl openssl-devel libnfnetlink-devel gcc libnl3-devel net-snmp-devel -y [root@****-**-dev03-885 local]# cd keepalived-2.0.16/ [root@****-**-dev03-885 keepalived-2.0.16]# ./configure --with-init=SYSV --prefix=/usr/local/keepalived [root@****-**-dev03-885 keepalived-2.0.16]# make [root@****-**-dev03-885 keepalived-2.0.16]# make install 拷贝文件： [root@****-**-dev03-885 keepalived-2.0.16]# cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ [root@****-**-dev03-885 keepalived-2.0.16]# cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/ [root@****-**-dev03-885 keepalived-2.0.16]# ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin/keepalived [root@****-**-dev03-885 keepalived-2.0.16]# chmod +x /etc/init.d/keepalived 建立配置文件： [root@****-**-dev03-885 keepalived-2.0.16]# mkdir /etc/keepalived [root@****-**-dev03-885 keepalived-2.0.16]# cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/

启动： [root@****-**-dev03-885 keepalived-2.0.16]# systemctl daemon-reload [root@****-**-dev03-885 keepalived-2.0.16]# systemctl start keepalived [root@****-**-dev03-885 keepalived-2.0.16]# systemctl status keepalived

开机自启动： [root@****-**-dev03-885 keepalived-2.0.16]# chkconfig keepalived on

同样安装：172.17.8.59

配置文件(主节点): [root@****-**-dev03-885 keepalived-2.0.16]# vim /etc/sysctl.conf net.ipv4.ip_nonlocal_bind = 1 net.ipv4.ip_forward = 1 [root@****-**-dev03-885 keepalived-2.0.16]# sysctl -p

keepalived配置：主节点： ! Configuration File for keepalived

global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 172.0.0.1 smtp_connect_timeout 30 router_id LVS_DEVEL vrrp_skip_check_adv_addr ! vrrp_strict vrrp_garp_interval 0.001 vrrp_gna_interval 0.000001 }

vrrp_script check_haproxy { script "killall -0 haproxy" interval 2 weight 2 fall 3 rise 3 }

vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 189 priority 101 advert_int 1 authentication { auth_type PASS auth_pass 1111 } unicast_peer { 172.17.8.85 172.17.8.59 } virtual_ipaddress { 172.17.8.189 } track_script { check_haproxy }

}

从节点： ! Configuration File for keepalived

vrrp_script check_haproxy { script "killall -0 haproxy" interval 2 weight 2 fall 3 rise 3 }

vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 189 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } unicast_peer { 172.17.8.85 172.17.8.59 } virtual_ipaddress { 172.17.8.189 } track_script { check_haproxy }

}

验证： [root@****-**-dev03-885 ~]# ip addr show eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether fa:16:3e:11:6f:46 brd ff:ff:ff:ff:ff:ff inet 172.17.8.85/24 brd 172.17.8.255 scope global eth0 valid_lft forever preferred_lft forever inet 172.17.8.189/32 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::f816:3eff:fe11:6f46/64 scope link valid_lft forever preferred_lft forever [root@****-**-dev03-885 ~]# systemctl stop haproxy [root@****-**-dev03-885 ~]# ip addr show eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether fa:16:3e:11:6f:46 brd ff:ff:ff:ff:ff:ff inet 172.17.8.85/24 brd 172.17.8.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::f816:3eff:fe11:6f46/64 scope link valid_lft forever preferred_lft forever [root@****-**-dev04-859 ~]# ip addr show eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether fa:16:3e:cc:d5:07 brd ff:ff:ff:ff:ff:ff inet 172.17.8.59/24 brd 172.17.8.255 scope global eth0 valid_lft forever preferred_lft forever inet 172.17.8.189/32 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::f816:3eff:fecc:d507/64 scope link valid_lft forever preferred_lft forever [root@****-**-dev03-885 ~]# systemctl start haproxy [root@****-**-dev03-885 ~]# ip addr show eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether fa:16:3e:11:6f:46 brd ff:ff:ff:ff:ff:ff inet 172.17.8.85/24 brd 172.17.8.255 scope global eth0 valid_lft forever preferred_lft forever inet 172.17.8.189/32 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::f816:3eff:fe11:6f46/64 scope link valid_lft forever preferred_lft forever

最新回复(0)