CentOS7.8离线搭建CDH6.2.0集群（一）安装环境介绍1.CM和CDH版本为6.2.02.CentOS-7.8

`安装环境介绍`

1.CM和CDH版本为6.2.0

2.CentOS-7.8（CentOS-2003）

3.oracle-j2sdk1.8-1.8.0+update181-1

4.postgresql9.6

5.root用户安装

安装步骤

前置准备

数据库安装与配置（PostgresQL）

Cloudera Manager安装前置准备

Cloudera Manager安装

CDH集群安装部署

前置准备

1.关闭防火墙（所有节点）

[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld 
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# systemctl status firewalld        
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

1月 20 11:24:52 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
1月 20 11:24:53 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
1月 20 14:20:44 localhost.localdomain systemd[1]: Stopping firewalld - dynamic firewall daemon...
1月 20 14:20:45 localhost.localdomain systemd[1]: Stopped firewalld - dynamic firewall daemon.

2.禁用SELinux（所有节点）

[root@localhost ~]# setenforce 0
[root@localhost ~]# vi /etc/selinux/config 
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

3.swap设置（所有节点）

[root@localhost ~]# echo vm.swappiness = 10 >> /etc/sysctl.conf

4.透明大页设置（所有节点）

[root@localhost ~]# echo never > /sys/kernel/mm/transparent_hugepage/defrag
[root@localhost ~]# echo never > /sys/kernel/mm/transparent_hugepage/enabled

设置开机自关闭

###执行以下脚本
sudo tee /etc/systemd/system/disable-thp.service <<-'EOF'
[Unit]
Description=Disable Transparent Huge Pages (THP)

[Service]
Type=simple
ExecStart=/bin/sh -c "echo 'never' > /sys/kernel/mm/transparent_hugepage/enabled && echo 'never' > /sys/kernel/mm/transparent_hugepage/defrag"

[Install]
WantedBy=multi-user.target
EOF

###执行结果如下：
[root@localhost ~]# sudo tee /etc/systemd/system/disable-thp.service <<-'EOF'
> [Unit]
> Description=Disable Transparent Huge Pages (THP)
> 
> [Service]
> Type=simple
> ExecStart=/bin/sh -c "echo 'never' > /sys/kernel/mm/transparent_hugepage/enabled && echo 'never' > /sys/kernel/mm/transparent_hugepage/defrag"
> 
> [Install]
> WantedBy=multi-user.target
> EOF
[Unit]
Description=Disable Transparent Huge Pages (THP)

[Service]
Type=simple
ExecStart=/bin/sh -c "echo 'never' > /sys/kernel/mm/transparent_hugepage/enabled && echo 'never' > /sys/kernel/mm/transparent_hugepage/defrag"

[Install]
WantedBy=multi-user.target

###启动服务并设置开机启动
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl start disable-thp
[root@localhost ~]# systemctl enable disable-thp
Created symlink from /etc/systemd/system/multi-user.target.wants/disable-thp.service to /etc/systemd/system/disable-thp.service.

5.ssh免密配置（所有节点）

所有节点生成无密码密钥对

[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:HIWEd35GrNBtgsPNY9MGrFT3M2HtXAcPsH1k1Paspd4 root@cdh62-master
The key's randomart image is:
+---[RSA 2048]----+
|       +.O+=o.=+=|
|      . O.@.B= **|
|       o.B O. ==*|
|       ...o o  +*|
|        S  o   + |
|              o  |
|             . . |
|              . E|
|                 |
+----[SHA256]-----+

在主节点上将公钥添加到认证文件中并设置认证文件访问权限为600

[root@localhost ~]# cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[root@localhost ~]# chmod 600 ~/.ssh/authorized_keys

远程拷贝认证文件到其它节点

[root@localhost ~]# scp ~/.ssh/authorized_keys root@cdh62-node01:~/.ssh/      
The authenticity of host 'cdh62-node01 (192.168.11.61)' can't be established.
ECDSA key fingerprint is SHA256:t8gGRmfYuQpfJw4NoaHWDEVAS8dsnCd6R73uavswn8k.
ECDSA key fingerprint is MD5:7f:fb:9f:1c:d9:13:92:39:23:a8:c4:ad:bf:4a:d0:b9.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'cdh62-node01,192.168.11.61' (ECDSA) to the list of known hosts.
root@cdh62-node01's password: 
authorized_keys                                                                                                                               100%  399   294.4KB/s   00:00    
[root@localhost ~]# scp ~/.ssh/authorized_keys root@cdh62-node02:~/.ssh/
The authenticity of host 'cdh62-node02 (192.168.11.62)' can't be established.
ECDSA key fingerprint is SHA256:t8gGRmfYuQpfJw4NoaHWDEVAS8dsnCd6R73uavswn8k.
ECDSA key fingerprint is MD5:7f:fb:9f:1c:d9:13:92:39:23:a8:c4:ad:bf:4a:d0:b9.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'cdh62-node02,192.168.11.62' (ECDSA) to the list of known hosts.
root@cdh62-node02's password: 
authorized_keys

6.hostname及host配置（所有节点）

更改机器主机名

###master节点(192.168.11.60)
[root@localhost ~]# hostnamectl set-hostname cdh62-master
###node01节点(192.168.11.61)
[root@localhost ~]# hostnamectl set-hostname cdh62-node01
###node02节点(192.168.11.62)
[root@localhost ~]# hostnamectl set-hostname cdh62-node02

修改host文件

[root@localhost ~]# vi /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.11.60    cdh62-master
192.168.11.61    cdh62-node01
192.168.11.62    cdh62-node02

同步hosts文件至其它节点

[root@localhost ~]# scp /etc/hosts root@cdh62-node01:/etc/hosts
hosts                                                                                                                                         100%  249   163.7KB/s   00:00    
[root@localhost ~]# scp /etc/hosts root@cdh62-node02:/etc/hosts
hosts                                                                                                                                         100%  249   143.4KB/s   00:00

7.集群时钟同步（所有节点）

服务端配置

[root@localhost ~]# vi /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3

# Enable kernel synchronization of the real-time clock (RTC).
rtcsync

# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *

# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2

# Allow NTP client access from local network.
allow 192.168.11.0/24

# Serve time even if not synchronized to a time source.
#local stratum 10

# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys

# Specify directory for log files.
logdir /var/log/chrony

# Select which information is logged.
#log measurements statistics tracking

### 开启时间同步
[root@localhost ~]# systemctl restart chronyd
### 查看时间同步状态
[root@localhost ~]# timedatectl status
      Local time: 三 2021-01-20 15:11:21 CST
  Universal time: 三 2021-01-20 07:11:21 UTC
        RTC time: 三 2021-01-20 07:11:21
       Time zone: Asia/Shanghai (CST, +0800)
     NTP enabled: yes
NTP synchronized: no
 RTC in local TZ: no
      DST active: n/a
### 开启网络时间同步
[root@localhost ~]# timedatectl set-ntp true

主要修改的地方如截图：

客户端配置

[root@localhost ~]# vi /etc/chrony.conf
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server cdh62-master iburst

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3

# Enable kernel synchronization of the real-time clock (RTC).
rtcsync

# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *

# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2

# Allow NTP client access from local network.
allow cdh62-master

# Serve time even if not synchronized to a time source.
#local stratum 10

# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys

# Specify directory for log files.
logdir /var/log/chrony

# Select which information is logged.
#log measurements statistics tracking

### 开启时间同步
[root@localhost ~]# systemctl restart chronyd
### 查看时间同步状态
[root@localhost ~]# timedatectl status
      Local time: 三 2021-01-20 15:15:05 CST
  Universal time: 三 2021-01-20 07:15:05 UTC
        RTC time: 三 2021-01-20 07:15:05
       Time zone: Asia/Shanghai (CST, +0800)
     NTP enabled: yes
NTP synchronized: no
 RTC in local TZ: no
      DST active: n/a
### 开启网络时间同步
[root@localhost ~]# timedatectl set-ntp true

主要修改的地方如截图：