Metron是一种多功能的安全遥测数据捕获、流分析和威胁响应平台,最早由Cisco公司的开源大数据系统安全框架项目OpenSOC迁移为Metron项目,现已晋升为Apache顶级项目。Metron提供的功能包括:日志的聚合、对网络包全面捕获的索引和存储、高级行为分析及数据浓缩,并可以将当前的威胁情报信息应用到安全遥测中。从概念上可划分为四个组件:数据捕获与摄取、实时数据处理、受保证的数据持久化和存储、用于驱动监控和风险报警服务的机器学习模型。
2.安装Metron
1)基础环境及版本
CentOS 7
Metron 0.4.1
HDP 2.5
Hosts:
192.168.11.90 node1
192.168.11.103 node2
192.168.11.104 node3
1)添加epel repository 并更新系统:
- yum install epel-release -y
- yum update -y
2)配置各节点间的免秘钥登录,具体参考:https://mp.csdn.net/postedit/81384217
3)在将要安装ES和Storm的节点上增加ElasticSearch和Storm的限制(若不确定安装节点,则在所有节点上增加限制)
echo -e "elasticsearch - memlock unlimited\nstorm - nproc 257597" >> /etc/security/limits.conf
4)调整限制以确保安全级别
- ulimit -n 32768
- ulimit -u 65536
- echo -e "* - nofile 32768\n* - nproc 65536" >> /etc/security/limits.conf
5)禁用IPv6,启用它可能会强制服务仅绑定到IPv6地址,从而导致无法连接到IPv6
- sysctl -w net.ipv6.conf.all.disable_ipv6=1
- sysctl -w net.ipv6.conf.default.disable_ipv6=1
- echo -e "\n# Disable IPv6\nnet.ipv6.conf.all.disable_ipv6 = 1\nnet.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf
6)禁用Transparent Hugepage(Transparent HugePages是RHEL6的新特性)
在kernel配置文件(/etc/ default / grub)的末尾添加“transparent_hugepage = never”,并重新启动(reboot)。
- # 修改行:
- GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=cl/root rd.lvm.lv=cl/swap rhgb quiet"
- # 为:
- GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=cl/root rd.lvm.lv=cl/swap rhgb quiet transparent_hugepage=never"
之后,执行:
grub2-mkconfig -o /boot/grub2/grub.cfg
重启后检查是否已应用更改(确保在方括号中选择“never”字样)
cat /sys/kernel/mm/transparent_hugepage/enabled always madvise [never]
备注:若不想搞乱内核参数,可以创建一个新的systemd服务,在每次启动时禁用它。方法如下:
创建文件“/etc/systemd/system/disable-thp.service”:
- [Unit]
- Description=Disable Transparent Huge Pages (THP)
-
- [Service]
- Type=simple
- ExecStart=/bin/sh -c "echo 'never' > /sys/kernel/mm/transparent_hugepage/enabled && echo 'never' > /sys/kernel/mm/transparent_hugepage/defrag"
-
- [Install]
- WantedBy=multi-user.target
重新启动systemd,启动新服务并确保新服务在启动时运行:
- # systemctl daemon-reload
- # systemctl start disable-thp
- # systemctl enable disable-thp
7)禁用SELinux(Ambari和Metron必需条件):
- setenforce 0
- sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
Metron安装准备
(1)在所有节点上安装Ambari的先决条件:
-
- yum install git wget curl rpm tar unzip scp bzip2 wget createrepo yum-utils ntp python-pip psutils python-psutil ntp libffi-devel gcc openssl-devel -y
- pip install --upgrade pip
- pip install requests
备注:yum 安装 scp 报错:
原因:yum 不存在独立的scp 包,scp属于openssh-clients这个包。
解决方案:安装openssh-clients 即可
yum install openssh-clients
(2)在Metron节点上安装java 1.8(若不确定Metron安装节点,在所有节点上安装Java1.8):
yum install java-1.8.0-openjdk java-1.8.0-openjdk-devel -y
(3)设置Java环境变量:
export JAVA_HOME=$(readlink -f /usr/bin/java | sed "s_/jre/bin/java__")
(4)保存java环境变量,以备重启时使用:
- echo 'export JAVA_HOME=$(readlink -f /usr/bin/java | sed "s_/jre/bin/java__")' > /etc/profile.d/java_18.sh
- chmod +x /etc/profile.d/java_18.sh
- source /etc/profile.d/java_18.sh
(5)下载并安装Maven 3.3.9:
- wget https://archive.apache.org/dist/maven/maven-3/3.3.9/binaries/apache-maven-3.3.9-bin.tar.gz
- tar -zxf apache-maven-3.3.9-bin.tar.gz
- mv apache-maven-3.3.9 /opt
- PATH=/opt/apache-maven-3.3.9/bin:$PATH
- echo 'export PATH=/opt/apache-maven-3.3.9/bin:$PATH' > /etc/profile.d/maven.sh
- chmod +x /etc/profile.d/maven.sh
(6)检查Maven是否安装成功:
- source /etc/profile.d/maven.sh
- mvn -V
若安装成功,执行结果如下:
- # mvn -V
- Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5; 2015-11-10T08:41:47-08:00)
- Maven home: /opt/apache-maven-3.3.9
- Java version: 1.8.0_131, vendor: Oracle Corporation
- Java home: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.131-3.b12.el7_3.x86_64/jre
- Default locale: en_US, platform encoding: UTF-8
- OS name: "linux", version: "3.10.0-514.16.1.el7.x86_64", arch: "amd64", family: "unix"
- [INFO] Scanning for projects...
- [INFO] ------------------------------------------------------------------------
- [INFO] BUILD FAILURE
- [INFO] ------------------------------------------------------------------------
- [INFO] Total time: 0.083 s
- [INFO] Finished at: 2017-06-06T09:59:03-07:00
- [INFO] Final Memory: 13M/479M
- [INFO] ------------------------------------------------------------------------
- [ERROR] No goals have been specified for this build. You must specify a valid lifecycle phase or a goal in the format <plugin-prefix>:<goal> or <plugin-group-id>:<plugin-artifact-id>[:<plugin-version>]:<goal>. Available lifecycle phases are: validate, initialize, generate-sources, process-sources, generate-resources, process-resources, compile, process-classes, generate-test-sources, process-test-sources, generate-test-resources, process-test-resources, test-compile, process-test-classes, test, prepare-package, package, pre-integration-test, integration-test, post-integration-test, verify, install, deploy, pre-clean, clean, post-clean, pre-site, site, post-site, site-deploy. -> [Help 1]
- [ERROR]
- [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
- [ERROR] Re-run Maven using the -X switch to enable full debug logging.
- [ERROR]
- [ERROR] For more information about the errors and possible solutions, please read the following articles:
- [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/NoGoalSpecifiedException
(7) 在Ambari节点上安装并启用docker(需要使用docker为Ambari创建Metron包)
- yum install docker-io -y
- systemctl start docker
(8)在打包节点上安装nmp,这是构建metron-config所必需的,它是UI的一部分。
yum install npm -y
(9)在 /etc/hosts文件中添加:
127.0.0.1 localhost
(10)在主节点上安装数据库,以备Metron REST使用:
yum install mariadb-server -y
(11) 在所有节点上安装JAVA MySQL连接器:
yum install mysql-connector-java -y
配置Metron REST数据库
安装数据库后运行"mysql_secure_installation"进行初始安全设置:
- systemctl start mariadb
- systemctl enable mariadb
- systemctl status mariadb
- mysql_secure_installation #
打包 Metron code
1)从github上克隆Metron repo并切换到0.4.1版本:
- git clone https://github.com/apache/metron
- cd metron
- git checkout Metron_0.4.1
2)使用HDP 2.5构建Metron:
- cd metron
- mvn clean package -DskipTests -T 2C -P HDP-2.5.0.0,mpack
- cd metron-deployment/packaging/docker/rpm-docker
- mvn clean install -DskipTests -PHDP-2.5.0.0
备注:如果rpm-docker失败并报错如下:
/bin/bash:./build.sh:Permission denied
请禁用selinux后重试
3)在所有节点上,创建localrepo目录并从Ambari节点复制RPM:
-
- mkdir /localrepo
- cp -rp /root/metron/metron-deployment/packaging/docker/rpm-docker/RPMS/noarch/* /localrepo/
- createrepo /localrepo
备注:如果多节点安装,还要将软件包复制到其他节点:
- ssh root@node2 mkdir /localrepo
- scp /localrepo/*rpm root@node2:/localrepo/
- ssh root@node2 createrepo /localrepo
4) 为Hadoop服务获取并创建logrotate脚本:
- wget -O /etc/logrotate.d/metron-ambari https://raw.githubusercontent.com/apache/metron/master/metron-deployment/roles/ambari_common/templates/metron-hadoop-logrotate.yml
- sed -i 's/^ {{ hadoop_logrotate_frequency }}.*$/ daily/' /etc/logrotate.d/metron-ambari
- sed -i 's/^ rotate {{ hadoop_logrotate_retention }}.*$/ rotate 30/' /etc/logrotate.d/metron-ambari
- chmod 0644 /etc/logrotate.d/metron-ambari
安装Ambari
(1)首先,在每个节点上时间同步,禁用防火墙和SElinux
- systemctl enable ntpd
- systemctl start ntpd
- iptables -P INPUT ACCEPT
- iptables -P FORWARD ACCEPT
- iptables -P OUTPUT ACCEPT
- iptables -t nat -F
- iptables -t mangle -F
- iptables -F
- iptables -X
- iptables-save > /etc/sysconfig/iptables
- systemctl stop firewalld
- systemctl disable firewalld
- setenforce 0
备注:如果使用的是CentOS 7和Python 2.7.5及更高版本,则在Ambari UI中安装ambari代理时会遇到错误:
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)
解决办法:要修复它,请在Python中禁用cert检查
sed -i 's/verify=platform_default/verify=disable/' /etc/python/cert-verification.cfg
(2)确保每个节点都可以解析每个其他节点的主机名,即将每个节点的主机名添加到/etc/hosts
- 10.10.10.1 node1
- 10.10.10.2 node2
- 10.10.10.3 node3
- 10.10.10.4 node4
(3)在主节点下载和设置Ambari repo(可以用更新的Ambari版本号替换"2.4.3.0")
wget -nv http://public-repo-1.hortonworks.com/ambari/centos7/2.x/updates/2.4.3.0/ambari.repo -O /etc/yum.repos.d/ambari.repo
(4)检查是否添加成功:
- yum repolist | grep ambari
- # Updates-ambari-2.4.3.0 ambari-2.4.3.0 - Updates
(5)制作本地yum源:
a、首先下载包含必要软件的压缩包(tarball)到本地,以CentOS7,Ambari 2.4.3和HDP 2.5.0.0为例:
Ambari-2.4.3.0 压缩包地址:
HDP-2.5.0.0压缩包地址:
http://public-repo-1.hortonworks.com/HDP/centos7/2.x/updates/2.5.0.0/HDP-2.5.0.0-centos7-rpm.tar.gz
HDP UTILS压缩包下载地址:
其他版本,下载地址请参考:
Ambari:
HDP和HDP UTILS:
b、设置本地库,我们先需要完成一些准备工作,如下:
- 选择一台机器作为本地库的镜像服务器,这个机器能够被集群中的机器所访问,且有一个被支持的操作系统。
- 此台镜像服务器有软件包管理,例如centOS的yum。
c、在镜像服务器上安装一个HTTP服务(例如Apache httpd)
yum install httpd
启动web 服务:
- [root@master ~]# systemctl start httpd
- [root@master ~]# systemctl enable httpd
d、把下载到的3个资源文件,并解压到http服务(web服务)目录下:
- # mkdir /var/www/html/ambari-hdp
- # mkdir /var/www/html/ambari-hdp/HDP-UTILS
- # tar -xvf ambari-2.4.1.0-centos7.tar.gz -C /var/www/html/ambari-hdp/
- # tar -xvf HDP-2.5.0.0-centos7-rpm.tar.gz -C /var/www/html/ambari-hdp/
- # tar -xvf HDP-UTILS-1.1.0.21-centos7.tar.gz -C /var/www/html/ambari-hdp/HDP-UTILS
e、 确认解压目录正常,在浏览器中确认是否可以访问,访问地址如下:
Ambari Base URL:http://172.16.16.183:82/ambari-hdp/centos7/
HDP Base URL:http://172.16.16.183:82/ambari-hdp/HDP/centos7/
HDP-UTILS Base URL:http://172.16.16.183:82/ambari-hdp/HDP-UTILS/
f、配置Yum本地Repos资源池(在每台node上)
安装插件:
yum install yum-plugin-priorities
编辑/etc/yum/pluginconf.d/priorities.conf
文件添加如下配置:
- [main]
- enabled=1
- gpgcheck=0
制作本地资源文件,创建Ambari、HDP、HDP-UTIL资源文件:
- ambari.repo
- [ambari-2.4.1.0]
- name=ambari-2.4.1.0
- baseurl=http://192.168.0.203/ambari-hdp/AMBARI-2.4.1.0/centos7/2.4.1.0-22/
- gpgcheck=0
- gpgkey=http://192.168.0.203/ambari-hdp/AMBARI-2.4.1.0/centos7/2.4.1.0-22/RPM-GPG-KEY/RPM-GPG-KEY-Jenkins
- enabled=1
- priority=1
- hdp.repo
- [HDP-2.5.0.0]
- name=Hortonworks Data Platform Version - HDP-2.5.0.0
- baseurl=http://192.168.0.203/ambari-hdp/HDP/centos7
- gpgcheck=0
- gpgkey=http://192.168.0.203/ambari-hdp/HDP/centos7/RPM-GPG-KEY/RPM-GPG-KEY-Jenkins
- enabled=1
- priority=1
- hdp-util.repo
- [HDP-UTILS-1.1.0.21]
- name=Hortonworks Data Platform Version - HDP-UTILS-1.1.0.21
- baseurl=http://192.168.0.203/ambari-hdp/HDP-UTILS/
- gpgcheck=0
- gpgkey=http://192.168.0.203/ambari-hdp/HDP-UTILS/RPM-GPG-KEY/RPM-GPG-KEY-Jenkins
- enabled=1
- priority=1
查看资源池:
- [root@master yum.repos.d]# yum repolist
- repo id repo name status
- HDP-2.5 HDP-2.5 0+200
- HDP-2.5.0.0 Hortonworks Data Platform Version - HDP-2.5.0.0 200
- HDP-UTILS-1.1.0.21 HDP-UTILS-1.1.0.21 64
- ambari-2.4.1.0 ambari-2.4.1.0
(5)安装和设置Ambari server:
yum install ambari-server -y
安装完成后创建ambari数据库及用户,登录root用户执行下面语句:
- mysql> create database ambari character set utf8;
- mysql> CREATE USER 'ambari'@'%' IDENTIFIED BY 'ambari';
- mysql> GRANT ALL PRIVILEGES ON *.* TO 'ambari'@'%';
- mysql> FLUSH PRIVILEGES;
如果要安装Hive,再创建Hive数据库和用户 再执行下面的语句:
- mysql> create database hive character set utf8;
- mysql> CREATE USER 'hive'@'%' IDENTIFIED BY 'hive';
- mysql> GRANT ALL PRIVILEGES ON *.* TO 'hive'@'%';
- mysql> FLUSH PRIVILEGES;
如果要安装Oozie,再创建Oozie数据库和用户 再执行下面的语句:
- mysql> create database oozie character set utf8;
- mysql> CREATE USER 'oozie'@'%' IDENTIFIED BY 'oozie';
- mysql> GRANT ALL PRIVILEGES ON *.* TO 'oozie'@'%';
- mysql> FLUSH PRIVILEGES;
(6) 配置Ambari-Server
- [root@node-1 ~]# ambari-server setup
- Using python /usr/bin/python
- Setup ambari-server
- Checking SELinux...
- SELinux status is 'disabled'
- Customize user account for ambari-server daemon [y/n] (n)? y
- Enter user account for ambari-server daemon (root):ambari
- Adjusting ambari-server permissions and ownership...
- Checking firewall status...
- Checking JDK...
- [1] Oracle JDK 1.8 + Java Cryptography Extension (JCE) Policy Files 8
- [2] Oracle JDK 1.7 + Java Cryptography Extension (JCE) Policy Files 7
- [3] Custom JDK
- ==============================================================================
- Enter choice (1): 3
- WARNING: JDK must be installed on all hosts and JAVA_HOME must be valid on all hosts.
- WARNING: JCE Policy files are required for configuring Kerberos security. If you plan to use Kerberos,please make sure JCE Unlimited Strength Jurisdiction Policy Files are valid on all hosts.
- Path to JAVA_HOME: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64/jre # 填写java_home
- Validating JDK on Ambari Server...done.
- Checking GPL software agreement...
- GPL License for LZO: https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html
- Enable Ambari Server to download and install GPL Licensed LZO packages [y/n] (n)? n
- Completing setup...
- Configuring database...
- Enter advanced database configuration [y/n] (n)? y
- Configuring database...
- ==============================================================================
- Choose one of the following options:
- [1] - PostgreSQL (Embedded)
- [2] - Oracle
- [3] - MySQL / MariaDB
- [4] - PostgreSQL
- [5] - Microsoft SQL Server (Tech Preview)
- [6] - SQL Anywhere
- [7] - BDB
- ==============================================================================
- Enter choice (1): 3
- Hostname (localhost):
- Port (3306):
- Database name (ambari):
- Username (ambari):
- Enter Database Password (bigdata):
- Configuring ambari database...
- WARNING: Before starting Ambari Server, you must copy the MySQL JDBC driver JAR file to /usr/share/java and set property "server.jdbc.driver.path=[path/to/custom_jdbc_driver]" in ambari.properties.
- Press <enter> to continue.
到上面一步时,提示需要配置mysql的 jdbc驱动,并修改Ambari配置文件,指定jdbc驱动文件位置:
在安装Metron准备(11)步骤时我们安装了JAVA MySQL连接器其默认路径为(/usr/share/java/),所以我们只需要在Ambari配置文件中添加jdbc驱动文件位置即可,即在编辑/etc/ambari-server/conf/ambari.properties添加如下配置:
server.jdbc.driver.path=/usr/share/java/mysql-connector-java.jar
配置完成后继续,会出现如下提示:
- Press <enter> to continue.
- Configuring remote database connection properties...
- WARNING: Before starting Ambari Server, you must run the following DDL against the database to create the schema: /var/lib/ambari-server/resources/Ambari-DDL-MySQL-CREATE.sql
- Proceed with configuring remote database connection properties [y/n] (y)?
出现上述提示时,根据信息导入数据库:将Ambari数据库脚本导入到数据库。Ambari安装会将安装等信息写入数据库,建议使用自己安装的MySQL数据库,也可以不安装而使用默认数据库PostgreSQL。如果使用自己定义的数据库,必须在启动Ambari服务之前导入Ambari的sql脚本。
- # mysql -uroot -p
- mysql> use ambari;
- mysql> source /var/lib/ambari-server/resources/Ambari-DDL-MySQL-CREATE.sql;
(6)通过运行mpack命令将Metron服务添加到Ambari(确保在--mpack =中指定正确的mpack路径):
ambari-server install-mpack --mpack=/root/metron/metron-deployment/packaging/ambari/metron-mpack/target/metron_mpack-0.4.1.0.tar.gz --verbose
(7)启动Ambari服务
ambari-server start
(8)服务启动成功后,会监听8080端口,通过在Web浏览器中访问Ambari UI:http://<Ambari_server_ip>:8080/,账号密码admin/admin正常登录,则安装完成。结果如下图所示(图片来自网络,仅供参考):
(9)创建集群
使用ambari的web界面可完成对集群的所有管理操作,创建一个实例集群。
选择本地源,移除不必要的版本:
设置本地源为以上步骤中制作的本地源:
Base URL:ambari :http://172.16.16.183:82/ambari-hdp/ambari/centos7/
HDP :http://172.16.16.183:82/ambari-hdp/HDP/centos7/
HDP-UTILS:http://172.16.16.183:82/ambari-hdp/HDP-UTILS/
及Metron 源采用本地源:file:////localrepo/repodata
添加主机节点,上传(Ambari server 节点的)id_rsa文件:
(9)安装Ambari agent,组建集群,如下图所示(由于在安装过程中不仅需要从本地HDP及Metron配置的源中下载文件还需要联网下载文件所以需要时间较长,且有时会因为网络超时导致安装失败,可能需要多次重试,请周知):
在安装过程中,ambari注册主机的时候,ambari-agent出现如下错误:
- NetUtil.py:96 - EOF occurred in violation of protocol (_ssl.c:579)
- NetUtil.py:97 - SSLError: Failed to connect. Please check openssl library versions.
有两种可能:
第一是有可能如前面所提到的使用的是centos7、python 2.7.5及以上版本的python 会在安装Ambari agent时报错:
|
解决办法是:要解决此问题,即在此处禁用Python中的证书检查
-
- sed -i 's/verify=platform_default/verify=disable/' /etc/python/cert-verification.cfg
第二是Ambari agent安全验证引起的;
解决方案 在ambari-agent的配置文件ambari-agent.ini 在 [security]增加一项
- [security]
- force_https_protocol=PROTOCOL_TLSv1_2
2.如出现bootstrap、stack-recommendations 目录找不到的错误:
解决方案:
进入/var/run/ambari-server,手动创建bootstrap文件夹,并对其添加owner为ambari:
chown ambari bootstrap
然后重启Ambari server
ambari-server restart
安装成功后,会显示如下界面:
(9)使用Ambari安装其他组件
a.首先,输入集群任意集群名称;
b.选择版本:确保选中"Public Repository"。您还应该看到列出的/localrepo目录。
c.设置安装选项:在"Target Hosts"中指定安装Ambari集群的节点的主机名(/ etc / hosts中指定的所有节点)。在"Host Registration Information"中复制主节点私钥(/root/.ssh/id_rsa)的内容。如果收到警告"以下主机名无效FQDN",请忽略它并单击"确定"。
d.选择服务:选择以下服务:
HDFS YARN + MapReduce2 Tez HBase Pig Zookeeper Storm Flume Ambari Metrics Kafka Elasticsearch Kibana Metron Slider OpenTAXII Pycapa Zeppelin Notebook Hive
e.分配Masters:在所有节点上分配"Kafka Broker",确保在一个公共节点上安装以下组件:
- Storm UI Server
- Metron Indexing
- MySQL Server
- Kibana Server
- Elasticsearch Master
- Metron Parsers
- Metron Enrichment
f. 分配Slaves和Clients:
DataNode NodeManager RegionServer Supervisor Client
g.自定义服务:以下是需要配置的服务列表:
(1)在HDFS - > Configs下将"NameNode Java堆大小"(namenode_heapsize)从默认的1024 MB设置为至少4096 MB。
(2)对于ElasticSearch:
将"zen_discovery_ping_unicast_hosts"设置为在Assign Master选项卡上分配ElasticSearch Master的节点的IP。
在"Advanced elastic-site"下:将"network_host"更改为"0.0.0.0"。如果Metron暴露在公共互联网上,请不要这样做!现在是“[_local_,_ site_]”。
(3)对于Kibana:
将"kibana_es_url"设置为http:// <elasticsearch_master_hostname>:9200。elasticsearch_master_hostname是" Assign Master "选项卡上分配ElasticSearch Master的节点的IP。
将"kibana_default_application"更改为"dashboard / Metron-Dashboard"
(4)对于Metron:将"Elasticsearch Hosts"设置为在Assign Master选项卡上分配ElasticSearch Master的节点的IP。
(5)对于Storm:将"supervisor.slots.ports"的数量从默认的[6700,6701]增加到[6700,6701,6702,6703,6704]如果只安装一个节点。
(6)对于metron REST使用:
Metron JDBC客户端路径:/usr/share/java/mysql-connector-java.jar
Metron JDBC驱动程序:com.mysql.jdbc.Driver
Metron JDBC密码:<DB PASSWORD>
Metron JDBC平台:mysql
Metron JDBC URL:jdbc:mysql://127.0.0.1:3306 / <DB NAME>
Metron JDBC用户名:<DB USERNAME>
(7)将其余配置值设置为Ambari推荐的或您想要的配置值(如DB密码)并执行安装。在只有3个节点,集群安装如下:
node1 |
node2 |
node3 |
---|---|---|
DataNode | DataNode | DataNode |
Elasticsearch Master | App Timeline Server |
Elasticsearch Data Node |
Grafana | Kafka Broker | Metrics Monitor |
HBase Client | DRPC Server | Flume |
HBase Master | HBase Client | HBase Client |
HCat Client | HCat Client | HCat Client |
HDFS Client | HDFS Client | HDFS Client |
Hive Client | Hive Client | Hive Client |
Kafka Broker | History Server | Kafka Broker |
Kibana Server | Hive Metastore | MapReduce2 Client |
MapReduce2 Client | HiveServer2 | Metrics Collector |
Metrics Monitor | MapReduce2 Client | Metron Client |
Metron Client | Metrics Monitor | NodeManager |
Metron Enrichment | Metron Client | Pig Client |
Metron Indexing | MySQL Server | Slider Client |
Metron Parsers | Nimbus | Spark Client |
Metron REST | NodeManager | Supervisor |
NameNode | Pig Client | Tez Client |
NodeManager | ResourceManager | YARN Client |
Pig Client | NameNode | ZooKeeper Client |
RegionServer |
RegionServer | RegionServer |
Slider Client | Slider Client | ZooKeeper Server |
Spark Client | Spark Client | |
Spark History Server | Supervisor | |
Storm UI Server | Tez Client | |
Supervisor | WebHCat Server | |
Tez Client | YARN Client | |
YARN Client | ZooKeeper Client | |
Zeppelin Notebook | ZooKeeper Server | |
ZooKeeper Client | ||
ZooKeeper Server |
配置Metron REST,Metron REST可能无法工作,因为我们仍然需要将用户和数据库添加到MariaDB。此时,请确保所有服务都已启动,需要手动启动一些。
在MySQL中为Metron REST配置用户。在安装Metron REST UI的节点上,执行以下操作:
- # mysql -u root -p
- CREATE USER '<DB USERNAME>'@'localhost' IDENTIFIED BY '<DB PASSWORD>';
- CREATE DATABASE IF NOT EXISTS <DB NAME>;
- GRANT ALL PRIVILEGES ON <DB NAME>.* TO '<DB USERNAME>'@'localhost';
例如:
- # mysql -u root -p
- > CREATE USER 'metron'@'localhost' IDENTIFIED BY 'metron';
- > CREATE DATABASE IF NOT EXISTS metronrest;
- > GRANT ALL PRIVILEGES ON metronrest.* TO 'metron'@'localhost';
- > quit
- Bye
- #
在metron REST服务运行之前,我们需要做最后一步。 由于Centos 7中的systemd,服务metron-rest start <PASSWORD>不再有效。因此,必须编辑配置文件"/etc/rc.d/init.d/metron-rest"。 在此文件中,将METRON_JDBC_PASSWORD ="$2"更改为METRON_JDBC_PASSWORD ="<DB PASSWORD>"并通过Ambari界面重新启动metron-rest服务。
配置以下项时,请确保已启动Metron REST UI。
将Metron REST用户名和密码添加到metronrest数据库:
- # mysql -u <DB USERNAME> -p
- > use <DB NAME>;
- > insert into users (username, password, enabled) values ('<USERNAME>','<PASSWORD>',1);
- > insert into authorities (username, authority) values ('<USERNAME>', 'ROLE_USER');
- > quit
- Bye
- #
例如:
- # mysql -u metron -p
- > use metronrest;
- > insert into users (username, password, enabled) values ('metron','metron',1);
- > insert into authorities (username, authority) values ('metron', 'ROLE_USER');
- > quit
- Bye
- #
确保所有服务都已启动。