本文已参与「新人创作礼」活动,一起开启掘金创作之路。
八、附件-配置文件
1. my.cnf
[mysql]
socket=/var/lib/mysql/mysql.sock
# set mysql client default chararter
default-character-set=utf8
[mysqld]
socket=/var/lib/mysql/mysql.sock
# set mysql server port
port = 3306
# set mysql install base dir
basedir=/usr/local/mysql
# set the data store dir
datadir=/usr/local/mysql/data
# set the number of allow max connnection
max_connections=200
# set server charactre default encoding
character-set-server=utf8
# the storage engine
default-storage-engine=INNODB
lower_case_table_names=1
max_allowed_packet=16M
explicit_defaults_for_timestamp=true
[mysql.server]
user=mysql
basedir=/usr/local/mysql
2. ambari.repo
[ambari-2.5.0.3]
# 注意把 192.168.111.201 为 自己集群 主节点的ip
name=ambari Version - ambari-2.5.0.3
#baseurl=http://public-repo-1.hortonworks.com/ambari/centos7/2.x/updates/2.5.0.3
baseurl=http://192.168.111.201/ambari/centos7/
gpgcheck=1
#gpgkey=http://public-repo-1.hortonworks.com/ambari/centos7/2.x/updates/2.5.0.3/RPM-GPG-KEY/RPM-GPG-KEY-Jenkins
gpgkey=http://192.168.111.201/ambari/centos7/RPM-GPG-KEY/RPM-GPG-KEY-Jenkins
enabled=1
3. HDP.repo
[HDP-2.6]
# 注意把 192.168.111.201 为 自己集群 主节点的ip
name=HDP-2.6
baseurl=http://192.168.111.201/HDP/centos7/2.6.5.0-292
path=/
enabled=1
gpgcheck=0
4. HDP-UTILS.repo
[HDP-UTILS-1.1.0.21]
# 注意把 192.168.111.201 为 自己集群 主节点的ip
name=HDP-UTILS-1.1.0.21
baseurl=http://192.168.111.201/HDP-UTILS/
path=/
enabled=1
gpgcheck=0
5. ambari.properties (注意改 node01 为 主节点 hostname)
#
# Copyright 2011 The Apache Software Foundation
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
#Wed May 20 15:47:56 CST 2020
ulimit.open.files=65536
views.http.x-content-type-options=nosniff
server.persistence.type=remote
jdk1.8.jcpol-url=http://public-repo-1.hortonworks.com/ARTIFACTS/jce_policy-8.zip
java.releases.ppc64le=
recommendations.artifacts.lifetime=1w
http.pragma=no-cache
jdk1.8.url=http://public-repo-1.hortonworks.com/ARTIFACTS/jdk-8u112-linux-x64.tar.gz
server.execution.scheduler.misfire.toleration.minutes=480
java.home=/opt/jdk/jdk1.8.0_201
security.server.disabled.ciphers=TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384|TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384|TLS_RSA_WITH_AES_256_CBC_SHA256|TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384|TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384|TLS_DHE_RSA_WITH_AES_256_CBC_SHA256|TLS_DHE_DSS_WITH_AES_256_CBC_SHA256|TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA|TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA|TLS_RSA_WITH_AES_256_CBC_SHA|TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA|TLS_ECDH_RSA_WITH_AES_256_CBC_SHA|TLS_DHE_RSA_WITH_AES_256_CBC_SHA|TLS_DHE_DSS_WITH_AES_256_CBC_SHA|TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256|TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256|TLS_RSA_WITH_AES_128_CBC_SHA256|TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256|TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256|TLS_DHE_RSA_WITH_AES_128_CBC_SHA256|TLS_DHE_DSS_WITH_AES_128_CBC_SHA256|TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA|TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA|TLS_RSA_WITH_AES_128_CBC_SHA|TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA|TLS_ECDH_RSA_WITH_AES_128_CBC_SHA|TLS_DHE_RSA_WITH_AES_128_CBC_SHA|TLS_DHE_DSS_WITH_AES_128_CBC_SHA|TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA|TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA|TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA|TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA|SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA|SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA|TLS_EMPTY_RENEGOTIATION_INFO_SCSV|TLS_DH_anon_WITH_AES_256_CBC_SHA256|TLS_ECDH_anon_WITH_AES_256_CBC_SHA|TLS_DH_anon_WITH_AES_256_CBC_SHA|TLS_DH_anon_WITH_AES_128_CBC_SHA256|TLS_ECDH_anon_WITH_AES_128_CBC_SHA|TLS_DH_anon_WITH_AES_128_CBC_SHA|TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA|SSL_DH_anon_WITH_3DES_EDE_CBC_SHA|SSL_RSA_WITH_DES_CBC_SHA|SSL_DHE_RSA_WITH_DES_CBC_SHA|SSL_DHE_DSS_WITH_DES_CBC_SHA|SSL_DH_anon_WITH_DES_CBC_SHA|SSL_RSA_EXPORT_WITH_DES40_CBC_SHA|SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA|SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA|SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA|TLS_RSA_WITH_NULL_SHA256|TLS_ECDHE_ECDSA_WITH_NULL_SHA|TLS_ECDHE_RSA_WITH_NULL_SHA|SSL_RSA_WITH_NULL_SHA|TLS_ECDH_ECDSA_WITH_NULL_SHA|TLS_ECDH_RSA_WITH_NULL_SHA|TLS_ECDH_anon_WITH_NULL_SHA|SSL_RSA_WITH_NULL_MD5|TLS_KRB5_WITH_3DES_EDE_CBC_SHA|TLS_KRB5_WITH_3DES_EDE_CBC_MD5|TLS_KRB5_WITH_DES_CBC_SHA|TLS_KRB5_WITH_DES_CBC_MD5|TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA|TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
server.jdbc.hostname=node01
shared.resources.dir=/usr/lib/ambari-server/lib/ambari_commons/resources
server.jdbc.connection-pool.max-idle-time=14400
resources.dir=/var/lib/ambari-server/resources
custom.action.definitions=/var/lib/ambari-server/resources/custom_action_definitions
views.request.connect.timeout.millis=5000
jdk1.7.desc=Oracle JDK 1.7 + Java Cryptography Extension (JCE) Policy Files 7
server.jdbc.driver=com.mysql.jdbc.Driver
security.server.keys_dir=/var/lib/ambari-server/keys
server.jdbc.rca.user.name=ambari
webapp.dir=/usr/lib/ambari-server/web
views.http.pragma=no-cache
server.os_family=redhat7
server.jdbc.user.passwd=/etc/ambari-server/conf/password.dat
server.execution.scheduler.isClustered=false
views.ambari.request.connect.timeout.millis=30000
server.jdbc.database=mysql
server.jdbc.connection-pool=c3p0
server.jdbc.database_name=ambari
server.jdbc.rca.url=jdbc:mysql://node01:3306/ambari
bootstrap.script=/usr/lib/python2.6/site-packages/ambari_server/bootstrap.py
server.version.file=/var/lib/ambari-server/resources/version
jdk1.8.dest-file=jdk-8u112-linux-x64.tar.gz
server.task.timeout=1200
user.inactivity.timeout.role.readonly.default=0
server.jdbc.connection-pool.max-age=0
java.releases=jdk1.8,jdk1.7
recommendations.dir=/var/run/ambari-server/stack-recommendations
agent.stack.retry.tries=5
server.os_type=centos7
server.python.log.level=INFO
server.execution.scheduler.maxDbConnections=5
views.ambari.request.read.timeout.millis=45000
views.http.cache-control=no-store
rolling.upgrade.skip.packages.prefixes=
jdk1.8.home=/usr/jdk64/
jdk1.7.home=/usr/jdk64/
agent.task.timeout=900
bootstrap.setup_agent.script=/usr/lib/python2.6/site-packages/ambari_server/setupAgent.py
server.jdbc.rca.driver=com.mysql.jdbc.Driver
jdk1.7.dest-file=jdk-7u67-linux-x64.tar.gz
agent.package.install.task.timeout=1800
server.jdbc.port=3306
http.strict-transport-security=max-age=31536000
common.services.path=/var/lib/ambari-server/resources/common-services
agent.threadpool.size.max=25
ambari.python.wrap=ambari-python-wrap
skip.service.checks=false
server.jdbc.connection-pool.idle-test-interval=7200
ambari-server.user=root
jdk1.8.desc=Oracle JDK 1.8 + Java Cryptography Extension (JCE) Policy Files 8
views.http.strict-transport-security=max-age=31536000
http.x-content-type-options=nosniff
jdk1.7.re=(jdk.*)/jre
metadata.path=/var/lib/ambari-server/resources/stacks
jdk1.8.jcpol-file=jce_policy-8.zip
views.skip.home-directory-check.file-system.list=wasb,adls,adl
server.python.log.name=ambari-server-command.log
stackadvisor.script=/var/lib/ambari-server/resources/scripts/stack_advisor.py
http.x-xss-protection=1; mode=block
bootstrap.dir=/var/run/ambari-server/bootstrap
server.connection.max.idle.millis=900000
server.jdbc.rca.user.passwd=/etc/ambari-server/conf/password.dat
views.http.x-frame-options=SAMEORIGIN
server.jdbc.connection-pool.acquisition-size=5
http.x-frame-options=DENY
jce.download.supported=true
jdk.download.supported=true
jdk1.7.url=http://public-repo-1.hortonworks.com/ARTIFACTS/jdk-7u67-linux-x64.tar.gz
server.jdbc.user.name=ambari
mpacks.staging.path=/var/lib/ambari-server/resources/mpacks
pid.dir=/var/run/ambari-server
user.inactivity.timeout.default=0
agent.stack.retry.on_repo_unavailability=false
extensions.path=/var/lib/ambari-server/resources/extensions
views.request.read.timeout.millis=10000
jdk1.7.jcpol-file=UnlimitedJCEPolicyJDK7.zip
server.tmp.dir=/var/lib/ambari-server/data/tmp
server.execution.scheduler.maxThreads=5
server.jdbc.url=jdbc:mysql://node01:3306/ambari
server.fqdn.service.url=http://169.254.169.254/latest/meta-data/public-hostname
views.http.x-xss-protection=1; mode=block
server.http.session.inactive_timeout=1800
server.stages.parallel=true
kerberos.keytab.cache.dir=/var/lib/ambari-server/data/cache
jdk1.8.re=(jdk.*)/jre
http.cache-control=no-store
client.threadpool.size.max=25
jdk1.7.jcpol-url=http://public-repo-1.hortonworks.com/ARTIFACTS/UnlimitedJCEPolicyJDK7.zip
server.jdbc.connection-pool.max-idle-time-excess=0
九、遇到问题
1. 安装mysq修改密码问题
报错信息
Access denied for user 'root'@'localhost' (using password: YES)
问题原因:根本原因是密码设置策略问题,因为我之间使用临时密码,设置新密码为很简单的密码123456才会报错 解决发放: 设置新密码临时密码后面随便加个字母,就可以成功,然后再重新设置为简单密码,这样就可以了 脚本如下
mysqlPw=`sed -n 2p /root/.mysql_secret`
mysqlPwTMP=`sed -n 2p /root/.mysql_secret`1
mysqlNewPw=123456
hostname=`"hostname"`
#ssh $hostname "source /etc/profile;java -version"
ssh $hostname "source /etc/profile;mysqladmin -h127.0.0.1 -uroot -p'$mysqlPw' password '$mysqlPwTMP';mysqladmin -h127.0.0.1 -uroot -p'$mysqlPwTMP' password '$mysqlNewPw';exit"
使用ssh修改的原因是,在当前shell中,前面刚刚source环境变量之后,当前shell拿不到最新的环境变量也就是会报错 mysqladmin 命令找不到的错误
2.页面进行注册ambari-agent失败问题
问题:在openssl版本一致的情况python-2.7.5可能会出现证书验证失败
解决办法
sed -i 's/verify=platform_default/verify=disable/' /etc/python/cert-verification.cfg
问题:ssl版本问题
解决办法
sed -i "53 iforce_https_protocol=PROTOCOL_TLSv1_2" /etc/ambari-agent/conf/ambari-agent.ini
十、总结
1.经验总结
ansible:本人感觉没有实际应用价值,用shell+ssh能完全实现一键式部署,不需要前面的安装
2.缺陷
ansible:需要安装 hosts:如果hosts文件更改,需要改的地方太多了 配置文件:ansible,shell脚本中变量没有使用统一配置文件
3.期望
应该使用shell去读hosts文件,直接使用shell完成一键式,摒弃ansible,使用配置文件来完成变量定义,如果更换环境,或在其他地方部署会方便的多,但是不可否认从并发角度来看ansiable还是具有优势(很多大公司再用,公司也一直在推),但我更倾向于用shell解决
