Metron是一種多功能的安全遙測數據捕獲、流分析和威脅響應平臺,最早由Cisco公司的開源大數據系統安全框架項目OpenSOC遷移爲Metron項目,現已晉升爲Apache頂級項目。Metron提供的功能包括:日誌的聚合、對網絡包全面捕獲的索引和存儲、高級行爲分析及數據濃縮,並可以將當前的威脅情報信息應用到安全遙測中。從概念上可劃分爲四個組件:數據捕獲與攝取、實時數據處理、受保證的數據持久化和存儲、用於驅動監控和風險報警服務的機器學習模型。
2.安裝Metron
1)基礎環境及版本
CentOS 7
Metron 0.4.1
HDP 2.5
Hosts:
192.168.11.90 node1
192.168.11.103 node2
192.168.11.104 node3
1)添加epel repository 並更新系統:
- yum install epel-release -y
- yum update -y
2)配置各節點間的免祕鑰登錄,具體參考:https://mp.csdn.net/postedit/81384217
3)在將要安裝ES和Storm的節點上增加ElasticSearch和Storm的限制(若不確定安裝節點,則在所有節點上增加限制)
echo -e "elasticsearch - memlock unlimited\nstorm - nproc 257597" >> /etc/security/limits.conf
4)調整限制以確保安全級別
- ulimit -n 32768
- ulimit -u 65536
- echo -e "* - nofile 32768\n* - nproc 65536" >> /etc/security/limits.conf
5)禁用IPv6,啓用它可能會強制服務僅綁定到IPv6地址,從而導致無法連接到IPv6
- sysctl -w net.ipv6.conf.all.disable_ipv6=1
- sysctl -w net.ipv6.conf.default.disable_ipv6=1
- echo -e "\n# Disable IPv6\nnet.ipv6.conf.all.disable_ipv6 = 1\nnet.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf
6)禁用Transparent Hugepage(Transparent HugePages是RHEL6的新特性)
在kernel配置文件(/etc/ default / grub)的末尾添加“transparent_hugepage = never”,並重新啓動(reboot)。
- # 修改行:
- GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=cl/root rd.lvm.lv=cl/swap rhgb quiet"
- # 爲:
- GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=cl/root rd.lvm.lv=cl/swap rhgb quiet transparent_hugepage=never"
之後,執行:
grub2-mkconfig -o /boot/grub2/grub.cfg
重啓後檢查是否已應用更改(確保在方括號中選擇“never”字樣)
cat /sys/kernel/mm/transparent_hugepage/enabled always madvise [never]
備註:若不想搞亂內核參數,可以創建一個新的systemd服務,在每次啓動時禁用它。方法如下:
創建文件“/etc/systemd/system/disable-thp.service”:
- [Unit]
- Description=Disable Transparent Huge Pages (THP)
-
- [Service]
- Type=simple
- ExecStart=/bin/sh -c "echo 'never' > /sys/kernel/mm/transparent_hugepage/enabled && echo 'never' > /sys/kernel/mm/transparent_hugepage/defrag"
-
- [Install]
- WantedBy=multi-user.target
重新啓動systemd,啓動新服務並確保新服務在啓動時運行:
- # systemctl daemon-reload
- # systemctl start disable-thp
- # systemctl enable disable-thp
7)禁用SELinux(Ambari和Metron必需條件):
- setenforce 0
- sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
Metron安裝準備
(1)在所有節點上安裝Ambari的先決條件:
-
- yum install git wget curl rpm tar unzip scp bzip2 wget createrepo yum-utils ntp python-pip psutils python-psutil ntp libffi-devel gcc openssl-devel -y
- pip install --upgrade pip
- pip install requests
備註:yum 安裝 scp 報錯:
原因:yum 不存在獨立的scp 包,scp屬於openssh-clients這個包。
解決方案:安裝openssh-clients 即可
yum install openssh-clients
(2)在Metron節點上安裝java 1.8(若不確定Metron安裝節點,在所有節點上安裝Java1.8):
yum install java-1.8.0-openjdk java-1.8.0-openjdk-devel -y
(3)設置Java環境變量:
export JAVA_HOME=$(readlink -f /usr/bin/java | sed "s_/jre/bin/java__")
(4)保存java環境變量,以備重啓時使用:
- echo 'export JAVA_HOME=$(readlink -f /usr/bin/java | sed "s_/jre/bin/java__")' > /etc/profile.d/java_18.sh
- chmod +x /etc/profile.d/java_18.sh
- source /etc/profile.d/java_18.sh
(5)下載並安裝Maven 3.3.9:
- wget https://archive.apache.org/dist/maven/maven-3/3.3.9/binaries/apache-maven-3.3.9-bin.tar.gz
- tar -zxf apache-maven-3.3.9-bin.tar.gz
- mv apache-maven-3.3.9 /opt
- PATH=/opt/apache-maven-3.3.9/bin:$PATH
- echo 'export PATH=/opt/apache-maven-3.3.9/bin:$PATH' > /etc/profile.d/maven.sh
- chmod +x /etc/profile.d/maven.sh
(6)檢查Maven是否安裝成功:
- source /etc/profile.d/maven.sh
- mvn -V
若安裝成功,執行結果如下:
- # mvn -V
- Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5; 2015-11-10T08:41:47-08:00)
- Maven home: /opt/apache-maven-3.3.9
- Java version: 1.8.0_131, vendor: Oracle Corporation
- Java home: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.131-3.b12.el7_3.x86_64/jre
- Default locale: en_US, platform encoding: UTF-8
- OS name: "linux", version: "3.10.0-514.16.1.el7.x86_64", arch: "amd64", family: "unix"
- [INFO] Scanning for projects...
- [INFO] ------------------------------------------------------------------------
- [INFO] BUILD FAILURE
- [INFO] ------------------------------------------------------------------------
- [INFO] Total time: 0.083 s
- [INFO] Finished at: 2017-06-06T09:59:03-07:00
- [INFO] Final Memory: 13M/479M
- [INFO] ------------------------------------------------------------------------
- [ERROR] No goals have been specified for this build. You must specify a valid lifecycle phase or a goal in the format <plugin-prefix>:<goal> or <plugin-group-id>:<plugin-artifact-id>[:<plugin-version>]:<goal>. Available lifecycle phases are: validate, initialize, generate-sources, process-sources, generate-resources, process-resources, compile, process-classes, generate-test-sources, process-test-sources, generate-test-resources, process-test-resources, test-compile, process-test-classes, test, prepare-package, package, pre-integration-test, integration-test, post-integration-test, verify, install, deploy, pre-clean, clean, post-clean, pre-site, site, post-site, site-deploy. -> [Help 1]
- [ERROR]
- [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
- [ERROR] Re-run Maven using the -X switch to enable full debug logging.
- [ERROR]
- [ERROR] For more information about the errors and possible solutions, please read the following articles:
- [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/NoGoalSpecifiedException
(7) 在Ambari節點上安裝並啓用docker(需要使用docker爲Ambari創建Metron包)
- yum install docker-io -y
- systemctl start docker
(8)在打包節點上安裝nmp,這是構建metron-config所必需的,它是UI的一部分。
yum install npm -y
(9)在 /etc/hosts文件中添加:
127.0.0.1 localhost
(10)在主節點上安裝數據庫,以備Metron REST使用:
yum install mariadb-server -y
(11) 在所有節點上安裝JAVA MySQL連接器:
yum install mysql-connector-java -y
配置Metron REST數據庫
安裝數據庫後運行"mysql_secure_installation"進行初始安全設置:
- systemctl start mariadb
- systemctl enable mariadb
- systemctl status mariadb
- mysql_secure_installation #
打包 Metron code
1)從github上克隆Metron repo並切換到0.4.1版本:
- git clone https://github.com/apache/metron
- cd metron
- git checkout Metron_0.4.1
2)使用HDP 2.5構建Metron:
- cd metron
- mvn clean package -DskipTests -T 2C -P HDP-2.5.0.0,mpack
- cd metron-deployment/packaging/docker/rpm-docker
- mvn clean install -DskipTests -PHDP-2.5.0.0
備註:如果rpm-docker失敗並報錯如下:
/bin/bash:./build.sh:Permission denied
請禁用selinux後重試
3)在所有節點上,創建localrepo目錄並從Ambari節點複製RPM:
-
- mkdir /localrepo
- cp -rp /root/metron/metron-deployment/packaging/docker/rpm-docker/RPMS/noarch/* /localrepo/
- createrepo /localrepo
備註:如果多節點安裝,還要將軟件包複製到其他節點:
- ssh root@node2 mkdir /localrepo
- scp /localrepo/*rpm root@node2:/localrepo/
- ssh root@node2 createrepo /localrepo
4) 爲Hadoop服務獲取並創建logrotate腳本:
- wget -O /etc/logrotate.d/metron-ambari https://raw.githubusercontent.com/apache/metron/master/metron-deployment/roles/ambari_common/templates/metron-hadoop-logrotate.yml
- sed -i 's/^ {{ hadoop_logrotate_frequency }}.*$/ daily/' /etc/logrotate.d/metron-ambari
- sed -i 's/^ rotate {{ hadoop_logrotate_retention }}.*$/ rotate 30/' /etc/logrotate.d/metron-ambari
- chmod 0644 /etc/logrotate.d/metron-ambari
安裝Ambari
(1)首先,在每個節點上時間同步,禁用防火牆和SElinux
- systemctl enable ntpd
- systemctl start ntpd
- iptables -P INPUT ACCEPT
- iptables -P FORWARD ACCEPT
- iptables -P OUTPUT ACCEPT
- iptables -t nat -F
- iptables -t mangle -F
- iptables -F
- iptables -X
- iptables-save > /etc/sysconfig/iptables
- systemctl stop firewalld
- systemctl disable firewalld
- setenforce 0
備註:如果使用的是CentOS 7和Python 2.7.5及更高版本,則在Ambari UI中安裝ambari代理時會遇到錯誤:
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)
解決辦法:要修復它,請在Python中禁用cert檢查
sed -i 's/verify=platform_default/verify=disable/' /etc/python/cert-verification.cfg
(2)確保每個節點都可以解析每個其他節點的主機名,即將每個節點的主機名添加到/etc/hosts
- 10.10.10.1 node1
- 10.10.10.2 node2
- 10.10.10.3 node3
- 10.10.10.4 node4
(3)在主節點下載和設置Ambari repo(可以用更新的Ambari版本號替換"2.4.3.0")
wget -nv http://public-repo-1.hortonworks.com/ambari/centos7/2.x/updates/2.4.3.0/ambari.repo -O /etc/yum.repos.d/ambari.repo
(4)檢查是否添加成功:
- yum repolist | grep ambari
- # Updates-ambari-2.4.3.0 ambari-2.4.3.0 - Updates
(5)製作本地yum源:
a、首先下載包含必要軟件的壓縮包(tarball)到本地,以CentOS7,Ambari 2.4.3和HDP 2.5.0.0爲例:
Ambari-2.4.3.0 壓縮包地址:
HDP-2.5.0.0壓縮包地址:
http://public-repo-1.hortonworks.com/HDP/centos7/2.x/updates/2.5.0.0/HDP-2.5.0.0-centos7-rpm.tar.gz
HDP UTILS壓縮包下載地址:
其他版本,下載地址請參考:
Ambari:
HDP和HDP UTILS:
b、設置本地庫,我們先需要完成一些準備工作,如下:
- 選擇一臺機器作爲本地庫的鏡像服務器,這個機器能夠被集羣中的機器所訪問,且有一個被支持的操作系統。
- 此臺鏡像服務器有軟件包管理,例如centOS的yum。
c、在鏡像服務器上安裝一個HTTP服務(例如Apache httpd)
yum install httpd
啓動web 服務:
- [root@master ~]# systemctl start httpd
- [root@master ~]# systemctl enable httpd
d、把下載到的3個資源文件,並解壓到http服務(web服務)目錄下:
- # mkdir /var/www/html/ambari-hdp
- # mkdir /var/www/html/ambari-hdp/HDP-UTILS
- # tar -xvf ambari-2.4.1.0-centos7.tar.gz -C /var/www/html/ambari-hdp/
- # tar -xvf HDP-2.5.0.0-centos7-rpm.tar.gz -C /var/www/html/ambari-hdp/
- # tar -xvf HDP-UTILS-1.1.0.21-centos7.tar.gz -C /var/www/html/ambari-hdp/HDP-UTILS
e、 確認解壓目錄正常,在瀏覽器中確認是否可以訪問,訪問地址如下:
Ambari Base URL:http://172.16.16.183:82/ambari-hdp/centos7/
HDP Base URL:http://172.16.16.183:82/ambari-hdp/HDP/centos7/
HDP-UTILS Base URL:http://172.16.16.183:82/ambari-hdp/HDP-UTILS/
f、配置Yum本地Repos資源池(在每臺node上)
安裝插件:
yum install yum-plugin-priorities
編輯/etc/yum/pluginconf.d/priorities.conf
文件添加如下配置:
- [main]
- enabled=1
- gpgcheck=0
製作本地資源文件,創建Ambari、HDP、HDP-UTIL資源文件:
- ambari.repo
- [ambari-2.4.1.0]
- name=ambari-2.4.1.0
- baseurl=http://192.168.0.203/ambari-hdp/AMBARI-2.4.1.0/centos7/2.4.1.0-22/
- gpgcheck=0
- gpgkey=http://192.168.0.203/ambari-hdp/AMBARI-2.4.1.0/centos7/2.4.1.0-22/RPM-GPG-KEY/RPM-GPG-KEY-Jenkins
- enabled=1
- priority=1
- hdp.repo
- [HDP-2.5.0.0]
- name=Hortonworks Data Platform Version - HDP-2.5.0.0
- baseurl=http://192.168.0.203/ambari-hdp/HDP/centos7
- gpgcheck=0
- gpgkey=http://192.168.0.203/ambari-hdp/HDP/centos7/RPM-GPG-KEY/RPM-GPG-KEY-Jenkins
- enabled=1
- priority=1
- hdp-util.repo
- [HDP-UTILS-1.1.0.21]
- name=Hortonworks Data Platform Version - HDP-UTILS-1.1.0.21
- baseurl=http://192.168.0.203/ambari-hdp/HDP-UTILS/
- gpgcheck=0
- gpgkey=http://192.168.0.203/ambari-hdp/HDP-UTILS/RPM-GPG-KEY/RPM-GPG-KEY-Jenkins
- enabled=1
- priority=1
查看資源池:
- [root@master yum.repos.d]# yum repolist
- repo id repo name status
- HDP-2.5 HDP-2.5 0+200
- HDP-2.5.0.0 Hortonworks Data Platform Version - HDP-2.5.0.0 200
- HDP-UTILS-1.1.0.21 HDP-UTILS-1.1.0.21 64
- ambari-2.4.1.0 ambari-2.4.1.0
(5)安裝和設置Ambari server:
yum install ambari-server -y
安裝完成後創建ambari數據庫及用戶,登錄root用戶執行下面語句:
- mysql> create database ambari character set utf8;
- mysql> CREATE USER 'ambari'@'%' IDENTIFIED BY 'ambari';
- mysql> GRANT ALL PRIVILEGES ON *.* TO 'ambari'@'%';
- mysql> FLUSH PRIVILEGES;
如果要安裝Hive,再創建Hive數據庫和用戶 再執行下面的語句:
- mysql> create database hive character set utf8;
- mysql> CREATE USER 'hive'@'%' IDENTIFIED BY 'hive';
- mysql> GRANT ALL PRIVILEGES ON *.* TO 'hive'@'%';
- mysql> FLUSH PRIVILEGES;
如果要安裝Oozie,再創建Oozie數據庫和用戶 再執行下面的語句:
- mysql> create database oozie character set utf8;
- mysql> CREATE USER 'oozie'@'%' IDENTIFIED BY 'oozie';
- mysql> GRANT ALL PRIVILEGES ON *.* TO 'oozie'@'%';
- mysql> FLUSH PRIVILEGES;
(6) 配置Ambari-Server
- [root@node-1 ~]# ambari-server setup
- Using python /usr/bin/python
- Setup ambari-server
- Checking SELinux...
- SELinux status is 'disabled'
- Customize user account for ambari-server daemon [y/n] (n)? y
- Enter user account for ambari-server daemon (root):ambari
- Adjusting ambari-server permissions and ownership...
- Checking firewall status...
- Checking JDK...
- [1] Oracle JDK 1.8 + Java Cryptography Extension (JCE) Policy Files 8
- [2] Oracle JDK 1.7 + Java Cryptography Extension (JCE) Policy Files 7
- [3] Custom JDK
- ==============================================================================
- Enter choice (1): 3
- WARNING: JDK must be installed on all hosts and JAVA_HOME must be valid on all hosts.
- WARNING: JCE Policy files are required for configuring Kerberos security. If you plan to use Kerberos,please make sure JCE Unlimited Strength Jurisdiction Policy Files are valid on all hosts.
- Path to JAVA_HOME: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64/jre # 填寫java_home
- Validating JDK on Ambari Server...done.
- Checking GPL software agreement...
- GPL License for LZO: https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html
- Enable Ambari Server to download and install GPL Licensed LZO packages [y/n] (n)? n
- Completing setup...
- Configuring database...
- Enter advanced database configuration [y/n] (n)? y
- Configuring database...
- ==============================================================================
- Choose one of the following options:
- [1] - PostgreSQL (Embedded)
- [2] - Oracle
- [3] - MySQL / MariaDB
- [4] - PostgreSQL
- [5] - Microsoft SQL Server (Tech Preview)
- [6] - SQL Anywhere
- [7] - BDB
- ==============================================================================
- Enter choice (1): 3
- Hostname (localhost):
- Port (3306):
- Database name (ambari):
- Username (ambari):
- Enter Database Password (bigdata):
- Configuring ambari database...
- WARNING: Before starting Ambari Server, you must copy the MySQL JDBC driver JAR file to /usr/share/java and set property "server.jdbc.driver.path=[path/to/custom_jdbc_driver]" in ambari.properties.
- Press <enter> to continue.
到上面一步時,提示需要配置mysql的 jdbc驅動,並修改Ambari配置文件,指定jdbc驅動文件位置:
在安裝Metron準備(11)步驟時我們安裝了JAVA MySQL連接器其默認路徑爲(/usr/share/java/),所以我們只需要在Ambari配置文件中添加jdbc驅動文件位置即可,即在編輯/etc/ambari-server/conf/ambari.properties添加如下配置:
server.jdbc.driver.path=/usr/share/java/mysql-connector-java.jar
配置完成後繼續,會出現如下提示:
- Press <enter> to continue.
- Configuring remote database connection properties...
- WARNING: Before starting Ambari Server, you must run the following DDL against the database to create the schema: /var/lib/ambari-server/resources/Ambari-DDL-MySQL-CREATE.sql
- Proceed with configuring remote database connection properties [y/n] (y)?
出現上述提示時,根據信息導入數據庫:將Ambari數據庫腳本導入到數據庫。Ambari安裝會將安裝等信息寫入數據庫,建議使用自己安裝的MySQL數據庫,也可以不安裝而使用默認數據庫PostgreSQL。如果使用自己定義的數據庫,必須在啓動Ambari服務之前導入Ambari的sql腳本。
- # mysql -uroot -p
- mysql> use ambari;
- mysql> source /var/lib/ambari-server/resources/Ambari-DDL-MySQL-CREATE.sql;
(6)通過運行mpack命令將Metron服務添加到Ambari(確保在--mpack =中指定正確的mpack路徑):
ambari-server install-mpack --mpack=/root/metron/metron-deployment/packaging/ambari/metron-mpack/target/metron_mpack-0.4.1.0.tar.gz --verbose
(7)啓動Ambari服務
ambari-server start
(8)服務啓動成功後,會監聽8080端口,通過在Web瀏覽器中訪問Ambari UI:http://<Ambari_server_ip>:8080/,賬號密碼admin/admin正常登錄,則安裝完成。結果如下圖所示(圖片來自網絡,僅供參考):
(9)創建集羣
使用ambari的web界面可完成對集羣的所有管理操作,創建一個實例集羣。
選擇本地源,移除不必要的版本:
設置本地源爲以上步驟中製作的本地源:
Base URL:ambari :http://172.16.16.183:82/ambari-hdp/ambari/centos7/
HDP :http://172.16.16.183:82/ambari-hdp/HDP/centos7/
HDP-UTILS:http://172.16.16.183:82/ambari-hdp/HDP-UTILS/
及Metron 源採用本地源:file:////localrepo/repodata
添加主機節點,上傳(Ambari server 節點的)id_rsa文件:
(9)安裝Ambari agent,組建集羣,如下圖所示(由於在安裝過程中不僅需要從本地HDP及Metron配置的源中下載文件還需要聯網下載文件所以需要時間較長,且有時會因爲網絡超時導致安裝失敗,可能需要多次重試,請周知):
在安裝過程中,ambari註冊主機的時候,ambari-agent出現如下錯誤:
- NetUtil.py:96 - EOF occurred in violation of protocol (_ssl.c:579)
- NetUtil.py:97 - SSLError: Failed to connect. Please check openssl library versions.
有兩種可能:
第一是有可能如前面所提到的使用的是centos7、python 2.7.5及以上版本的python 會在安裝Ambari agent時報錯:
|
解決辦法是:要解決此問題,即在此處禁用Python中的證書檢查
-
- sed -i 's/verify=platform_default/verify=disable/' /etc/python/cert-verification.cfg
第二是Ambari agent安全驗證引起的;
解決方案 在ambari-agent的配置文件ambari-agent.ini 在 [security]增加一項
- [security]
- force_https_protocol=PROTOCOL_TLSv1_2
2.如出現bootstrap、stack-recommendations 目錄找不到的錯誤:
解決方案:
進入/var/run/ambari-server,手動創建bootstrap文件夾,並對其添加owner爲ambari:
chown ambari bootstrap
然後重啓Ambari server
ambari-server restart
安裝成功後,會顯示如下界面:
(9)使用Ambari安裝其他組件
a.首先,輸入集羣任意集羣名稱;
b.選擇版本:確保選中"Public Repository"。您還應該看到列出的/localrepo目錄。
c.設置安裝選項:在"Target Hosts"中指定安裝Ambari集羣的節點的主機名(/ etc / hosts中指定的所有節點)。在"Host Registration Information"中複製主節點私鑰(/root/.ssh/id_rsa)的內容。如果收到警告"以下主機名無效FQDN",請忽略它並單擊"確定"。
d.選擇服務:選擇以下服務:
HDFS YARN + MapReduce2 Tez HBase Pig Zookeeper Storm Flume Ambari Metrics Kafka Elasticsearch Kibana Metron Slider OpenTAXII Pycapa Zeppelin Notebook Hive
e.分配Masters:在所有節點上分配"Kafka Broker",確保在一個公共節點上安裝以下組件:
- Storm UI Server
- Metron Indexing
- MySQL Server
- Kibana Server
- Elasticsearch Master
- Metron Parsers
- Metron Enrichment
f. 分配Slaves和Clients:
DataNode NodeManager RegionServer Supervisor Client
g.自定義服務:以下是需要配置的服務列表:
(1)在HDFS - > Configs下將"NameNode Java堆大小"(namenode_heapsize)從默認的1024 MB設置爲至少4096 MB。
(2)對於ElasticSearch:
將"zen_discovery_ping_unicast_hosts"設置爲在Assign Master選項卡上分配ElasticSearch Master的節點的IP。
在"Advanced elastic-site"下:將"network_host"更改爲"0.0.0.0"。如果Metron暴露在公共互聯網上,請不要這樣做!現在是“[_local_,_ site_]”。
(3)對於Kibana:
將"kibana_es_url"設置爲http:// <elasticsearch_master_hostname>:9200。elasticsearch_master_hostname是" Assign Master "選項卡上分配ElasticSearch Master的節點的IP。
將"kibana_default_application"更改爲"dashboard / Metron-Dashboard"
(4)對於Metron:將"Elasticsearch Hosts"設置爲在Assign Master選項卡上分配ElasticSearch Master的節點的IP。
(5)對於Storm:將"supervisor.slots.ports"的數量從默認的[6700,6701]增加到[6700,6701,6702,6703,6704]如果只安裝一個節點。
(6)對於metron REST使用:
Metron JDBC客戶端路徑:/usr/share/java/mysql-connector-java.jar
Metron JDBC驅動程序:com.mysql.jdbc.Driver
Metron JDBC密碼:<DB PASSWORD>
Metron JDBC平臺:mysql
Metron JDBC URL:jdbc:mysql://127.0.0.1:3306 / <DB NAME>
Metron JDBC用戶名:<DB USERNAME>
(7)將其餘配置值設置爲Ambari推薦的或您想要的配置值(如DB密碼)並執行安裝。在只有3個節點,集羣安裝如下:
node1 |
node2 |
node3 |
---|---|---|
DataNode | DataNode | DataNode |
Elasticsearch Master | App Timeline Server |
Elasticsearch Data Node |
Grafana | Kafka Broker | Metrics Monitor |
HBase Client | DRPC Server | Flume |
HBase Master | HBase Client | HBase Client |
HCat Client | HCat Client | HCat Client |
HDFS Client | HDFS Client | HDFS Client |
Hive Client | Hive Client | Hive Client |
Kafka Broker | History Server | Kafka Broker |
Kibana Server | Hive Metastore | MapReduce2 Client |
MapReduce2 Client | HiveServer2 | Metrics Collector |
Metrics Monitor | MapReduce2 Client | Metron Client |
Metron Client | Metrics Monitor | NodeManager |
Metron Enrichment | Metron Client | Pig Client |
Metron Indexing | MySQL Server | Slider Client |
Metron Parsers | Nimbus | Spark Client |
Metron REST | NodeManager | Supervisor |
NameNode | Pig Client | Tez Client |
NodeManager | ResourceManager | YARN Client |
Pig Client | NameNode | ZooKeeper Client |
RegionServer |
RegionServer | RegionServer |
Slider Client | Slider Client | ZooKeeper Server |
Spark Client | Spark Client | |
Spark History Server | Supervisor | |
Storm UI Server | Tez Client | |
Supervisor | WebHCat Server | |
Tez Client | YARN Client | |
YARN Client | ZooKeeper Client | |
Zeppelin Notebook | ZooKeeper Server | |
ZooKeeper Client | ||
ZooKeeper Server |
配置Metron REST,Metron REST可能無法工作,因爲我們仍然需要將用戶和數據庫添加到MariaDB。此時,請確保所有服務都已啓動,需要手動啓動一些。
在MySQL中爲Metron REST配置用戶。在安裝Metron REST UI的節點上,執行以下操作:
- # mysql -u root -p
- CREATE USER '<DB USERNAME>'@'localhost' IDENTIFIED BY '<DB PASSWORD>';
- CREATE DATABASE IF NOT EXISTS <DB NAME>;
- GRANT ALL PRIVILEGES ON <DB NAME>.* TO '<DB USERNAME>'@'localhost';
例如:
- # mysql -u root -p
- > CREATE USER 'metron'@'localhost' IDENTIFIED BY 'metron';
- > CREATE DATABASE IF NOT EXISTS metronrest;
- > GRANT ALL PRIVILEGES ON metronrest.* TO 'metron'@'localhost';
- > quit
- Bye
- #
在metron REST服務運行之前,我們需要做最後一步。 由於Centos 7中的systemd,服務metron-rest start <PASSWORD>不再有效。因此,必須編輯配置文件"/etc/rc.d/init.d/metron-rest"。 在此文件中,將METRON_JDBC_PASSWORD ="$2"更改爲METRON_JDBC_PASSWORD ="<DB PASSWORD>"並通過Ambari界面重新啓動metron-rest服務。
配置以下項時,請確保已啓動Metron REST UI。
將Metron REST用戶名和密碼添加到metronrest數據庫:
- # mysql -u <DB USERNAME> -p
- > use <DB NAME>;
- > insert into users (username, password, enabled) values ('<USERNAME>','<PASSWORD>',1);
- > insert into authorities (username, authority) values ('<USERNAME>', 'ROLE_USER');
- > quit
- Bye
- #
例如:
- # mysql -u metron -p
- > use metronrest;
- > insert into users (username, password, enabled) values ('metron','metron',1);
- > insert into authorities (username, authority) values ('metron', 'ROLE_USER');
- > quit
- Bye
- #
確保所有服務都已啓動。