安装Metron

原創 凌云网络之昂chan 2018-09-20 22:42

1.Metron简介

Metron是一种多功能的安全遥测数据捕获、流分析和威胁响应平台,最早由Cisco公司的开源大数据系统安全框架项目OpenSOC迁移为Metron项目,现已晋升为Apache顶级项目。Metron提供的功能包括:日志的聚合、对网络包全面捕获的索引和存储、高级行为分析及数据浓缩,并可以将当前的威胁情报信息应用到安全遥测中。从概念上可划分为四个组件:数据捕获与摄取、实时数据处理、受保证的数据持久化和存储、用于驱动监控和风险报警服务的机器学习模型。

2.安装Metron

1)基础环境及版本

       CentOS 7

       Metron 0.4.1

       HDP 2.5

Hosts:
192.168.11.90  node1
192.168.11.103 node2
192.168.11.104 node3

1)添加epel repository 并更新系统:

  1. yum install epel-release -y
  2. yum update -y

2)配置各节点间的免秘钥登录,具体参考:https://mp.csdn.net/postedit/81384217

3)在将要安装ES和Storm的节点上增加ElasticSearch和Storm的限制(若不确定安装节点,则在所有节点上增加限制)

echo -e "elasticsearch - memlock unlimited\nstorm - nproc 257597" >> /etc/security/limits.conf

4)调整限制以确保安全级别

  1. ulimit -n 32768
  2. ulimit -u 65536
  3. echo -e "* - nofile 32768\n* - nproc 65536" >> /etc/security/limits.conf

5)禁用IPv6,启用它可能会强制服务仅绑定到IPv6地址,从而导致无法连接到IPv6

  1. sysctl -w net.ipv6.conf.all.disable_ipv6=1
  2. sysctl -w net.ipv6.conf.default.disable_ipv6=1
  3. echo -e "\n# Disable IPv6\nnet.ipv6.conf.all.disable_ipv6 = 1\nnet.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf

6)禁用Transparent Hugepage(Transparent HugePages是RHEL6的新特性)

在kernel配置文件(/etc/ default / grub)的末尾添加“transparent_hugepage = never”,并重新启动(reboot)。

  1. # 修改行:
  2. GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=cl/root rd.lvm.lv=cl/swap rhgb quiet"
  3. # 为:
  4. GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=cl/root rd.lvm.lv=cl/swap rhgb quiet transparent_hugepage=never"

之后,执行:

grub2-mkconfig -o /boot/grub2/grub.cfg

重启后检查是否已应用更改(确保在方括号中选择“never”字样)

  1. cat /sys/kernel/mm/transparent_hugepage/enabled
  2. always madvise [never]

备注:若不想搞乱内核参数,可以创建一个新的systemd服务,在每次启动时禁用它。方法如下:

          创建文件“/etc/systemd/system/disable-thp.service”:

  1. [Unit]
  2. Description=Disable Transparent Huge Pages (THP)
  3.  
  4. [Service]
  5. Type=simple
  6. ExecStart=/bin/sh -c "echo 'never' > /sys/kernel/mm/transparent_hugepage/enabled && echo 'never' > /sys/kernel/mm/transparent_hugepage/defrag"
  7.  
  8. [Install]
  9. WantedBy=multi-user.target

       重新启动systemd,启动新服务并确保新服务在启动时运行:

  1. # systemctl daemon-reload
  2. # systemctl start disable-thp
  3. # systemctl enable disable-thp

7)禁用SELinux(Ambari和Metron必需条件):

  1. setenforce 0
  2. sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

Metron安装准备

(1)在所有节点上安装Ambari的先决条件:

  1.  
  2. yum install git wget curl rpm tar unzip scp bzip2 wget createrepo yum-utils ntp python-pip psutils python-psutil ntp libffi-devel gcc openssl-devel -y
  3. pip install --upgrade pip
  4. pip install requests

备注:yum 安装 scp 报错:

原因:yum 不存在独立的scp 包,scp属于openssh-clients这个包。

解决方案:安装openssh-clients 即可

yum install openssh-clients

(2)在Metron节点上安装java 1.8(若不确定Metron安装节点,在所有节点上安装Java1.8):

yum install java-1.8.0-openjdk java-1.8.0-openjdk-devel -y

(3)设置Java环境变量:

export JAVA_HOME=$(readlink -f /usr/bin/java | sed "s_/jre/bin/java__")

(4)保存java环境变量,以备重启时使用:

  1. echo 'export JAVA_HOME=$(readlink -f /usr/bin/java | sed "s_/jre/bin/java__")' > /etc/profile.d/java_18.sh
  2. chmod +x /etc/profile.d/java_18.sh
  3. source /etc/profile.d/java_18.sh

(5)下载并安装Maven 3.3.9:

  1. wget https://archive.apache.org/dist/maven/maven-3/3.3.9/binaries/apache-maven-3.3.9-bin.tar.gz
  2. tar -zxf apache-maven-3.3.9-bin.tar.gz
  3. mv apache-maven-3.3.9 /opt
  4. PATH=/opt/apache-maven-3.3.9/bin:$PATH
  5. echo 'export PATH=/opt/apache-maven-3.3.9/bin:$PATH' > /etc/profile.d/maven.sh
  6. chmod +x /etc/profile.d/maven.sh

(6)检查Maven是否安装成功:

  1. source /etc/profile.d/maven.sh
  2. mvn -V

若安装成功,执行结果如下:

  1. # mvn -V
  2. Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5; 2015-11-10T08:41:47-08:00)
  3. Maven home: /opt/apache-maven-3.3.9
  4. Java version: 1.8.0_131, vendor: Oracle Corporation
  5. Java home: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.131-3.b12.el7_3.x86_64/jre
  6. Default locale: en_US, platform encoding: UTF-8
  7. OS name: "linux", version: "3.10.0-514.16.1.el7.x86_64", arch: "amd64", family: "unix"
  8. [INFO] Scanning for projects...
  9. [INFO] ------------------------------------------------------------------------
  10. [INFO] BUILD FAILURE
  11. [INFO] ------------------------------------------------------------------------
  12. [INFO] Total time: 0.083 s
  13. [INFO] Finished at: 2017-06-06T09:59:03-07:00
  14. [INFO] Final Memory: 13M/479M
  15. [INFO] ------------------------------------------------------------------------
  16. [ERROR] No goals have been specified for this build. You must specify a valid lifecycle phase or a goal in the format <plugin-prefix>:<goal> or <plugin-group-id>:<plugin-artifact-id>[:<plugin-version>]:<goal>. Available lifecycle phases are: validate, initialize, generate-sources, process-sources, generate-resources, process-resources, compile, process-classes, generate-test-sources, process-test-sources, generate-test-resources, process-test-resources, test-compile, process-test-classes, test, prepare-package, package, pre-integration-test, integration-test, post-integration-test, verify, install, deploy, pre-clean, clean, post-clean, pre-site, site, post-site, site-deploy. -> [Help 1]
  17. [ERROR]
  18. [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
  19. [ERROR] Re-run Maven using the -X switch to enable full debug logging.
  20. [ERROR]
  21. [ERROR] For more information about the errors and possible solutions, please read the following articles:
  22. [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/NoGoalSpecifiedException

(7) 在Ambari节点上安装并启用docker(需要使用docker为Ambari创建Metron包)

  1. yum install docker-io -y
  2. systemctl start docker

(8)在打包节点上安装nmp,这是构建metron-config所必需的,它是UI的一部分。

yum install npm -y

(9)在 /etc/hosts文件中添加:

127.0.0.1 localhost

(10)在主节点上安装数据库,以备Metron REST使用:

yum install mariadb-server -y

(11) 在所有节点上安装JAVA MySQL连接器:

yum install mysql-connector-java -y

配置Metron REST数据库

安装数据库后运行"mysql_secure_installation"进行初始安全设置:

  1. systemctl start mariadb
  2. systemctl enable mariadb
  3. systemctl status mariadb
  4. mysql_secure_installation #

打包 Metron code

1)从github上克隆Metron repo并切换到0.4.1版本:

  1. git clone https://github.com/apache/metron
  2. cd metron
  3. git checkout Metron_0.4.1

2)使用HDP 2.5构建Metron:

  1. cd metron
  2. mvn clean package -DskipTests -T 2C -P HDP-2.5.0.0,mpack
  3. cd metron-deployment/packaging/docker/rpm-docker
  4. mvn clean install -DskipTests -PHDP-2.5.0.0

     备注:如果rpm-docker失败并报错如下:

/bin/bash:./build.sh:Permission denied

       请禁用selinux后重试 

3)在所有节点上,创建localrepo目录并从Ambari节点复制RPM:

  1.  
  2. mkdir /localrepo
  3. cp -rp /root/metron/metron-deployment/packaging/docker/rpm-docker/RPMS/noarch/* /localrepo/
  4. createrepo /localrepo

       备注:如果多节点安装,还要将软件包复制到其他节点:

  1. ssh root@node2 mkdir /localrepo
  2. scp /localrepo/*rpm root@node2:/localrepo/
  3. ssh root@node2 createrepo /localrepo

4) 为Hadoop服务获取并创建logrotate脚本:

  1. wget -O /etc/logrotate.d/metron-ambari https://raw.githubusercontent.com/apache/metron/master/metron-deployment/roles/ambari_common/templates/metron-hadoop-logrotate.yml
  2. sed -i 's/^  {{ hadoop_logrotate_frequency }}.*$/  daily/' /etc/logrotate.d/metron-ambari
  3. sed -i 's/^  rotate {{ hadoop_logrotate_retention }}.*$/  rotate 30/' /etc/logrotate.d/metron-ambari
  4. chmod 0644 /etc/logrotate.d/metron-ambari

安装Ambari

(1)首先,在每个节点上时间同步,禁用防火墙和SElinux

  1. systemctl enable ntpd
  2. systemctl start ntpd
  3. iptables -P INPUT ACCEPT
  4. iptables -P FORWARD ACCEPT
  5. iptables -P OUTPUT ACCEPT
  6. iptables -t nat -F
  7. iptables -t mangle -F
  8. iptables -F
  9. iptables -X
  10. iptables-save > /etc/sysconfig/iptables
  11. systemctl stop firewalld
  12. systemctl disable firewalld
  13. setenforce 0

备注:如果使用的是CentOS 7和Python 2.7.5及更高版本,则在Ambari UI中安装ambari代理时会遇到错误:

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)

解决办法:要修复它,请在Python中禁用cert检查

参考:https://community.hortonworks.com/questions/120861/ambari-agent-ssl-certificate-verify-failed-certifi.html

sed -i 's/verify=platform_default/verify=disable/' /etc/python/cert-verification.cfg

(2)确保每个节点都可以解析每个其他节点的主机名,即将每个节点的主机名添加到/etc/hosts

  1. 10.10.10.1 node1
  2. 10.10.10.2 node2
  3. 10.10.10.3 node3
  4. 10.10.10.4 node4

(3)在主节点下载和设置Ambari repo(可以用更新的Ambari版本号替换"2.4.3.0")

wget -nv http://public-repo-1.hortonworks.com/ambari/centos7/2.x/updates/2.4.3.0/ambari.repo -O /etc/yum.repos.d/ambari.repo

(4)检查是否添加成功:

  1. yum repolist | grep ambari
  2. # Updates-ambari-2.4.3.0   ambari-2.4.3.0 - Updates

(5)制作本地yum源:

    a、首先下载包含必要软件的压缩包(tarball)到本地,以CentOS7,Ambari 2.4.3和HDP 2.5.0.0为例:

Ambari-2.4.3.0 压缩包地址:

http://public-repo-1.hortonworks.com/ambari/centos7/2.x/updates/2.4.3.0/ambari-2.4.3.0-centos7.tar.gz

HDP-2.5.0.0压缩包地址:

http://public-repo-1.hortonworks.com/HDP/centos7/2.x/updates/2.5.0.0/HDP-2.5.0.0-centos7-rpm.tar.gz

HDP UTILS压缩包下载地址:

http://public-repo-1.hortonworks.com/HDP-UTILS-1.1.0.21/repos/centos7/HDP-UTILS-1.1.0.21-centos7.tar.gz

其他版本,下载地址请参考:

Ambari:

http://docs.hortonworks.com/HDPDocuments/Ambari-2.4.1.0/bk_ambari-installation/content/ambari_repositories.html

HDP和HDP UTILS:

http://docs.hortonworks.com/HDPDocuments/Ambari-2.4.1.0/bk_ambari-installation/content/hdp_stack_repositories.html

b、设置本地库,我们先需要完成一些准备工作,如下:

  1. 选择一台机器作为本地库的镜像服务器,这个机器能够被集群中的机器所访问,且有一个被支持的操作系统。
  2. 此台镜像服务器有软件包管理,例如centOS的yum。

c、在镜像服务器上安装一个HTTP服务(例如Apache httpd)

yum install httpd

     启动web 服务:

  1. [root@master ~]# systemctl start httpd
  2. [root@master ~]# systemctl enable httpd

 d、把下载到的3个资源文件,并解压到http服务(web服务)目录下:

  1. # mkdir /var/www/html/ambari-hdp
  2. # mkdir /var/www/html/ambari-hdp/HDP-UTILS
  3. # tar -xvf ambari-2.4.1.0-centos7.tar.gz -C /var/www/html/ambari-hdp/
  4. # tar -xvf HDP-2.5.0.0-centos7-rpm.tar.gz -C /var/www/html/ambari-hdp/
  5. # tar -xvf HDP-UTILS-1.1.0.21-centos7.tar.gz -C /var/www/html/ambari-hdp/HDP-UTILS

e、 确认解压目录正常,在浏览器中确认是否可以访问,访问地址如下:

Ambari Base URL:http://172.16.16.183:82/ambari-hdp/centos7/

HDP Base URL:http://172.16.16.183:82/ambari-hdp/HDP/centos7/

HDP-UTILS Base URL:http://172.16.16.183:82/ambari-hdp/HDP-UTILS/

f、配置Yum本地Repos资源池(在每台node上)

安装插件:

yum install yum-plugin-priorities

 编辑/etc/yum/pluginconf.d/priorities.conf 文件添加如下配置:

  1. [main]
  2. enabled=1
  3. gpgcheck=0

制作本地资源文件,创建Ambari、HDP、HDP-UTIL资源文件:

  •   ambari.repo
  1. [ambari-2.4.1.0]
  2. name=ambari-2.4.1.0
  3. baseurl=http://192.168.0.203/ambari-hdp/AMBARI-2.4.1.0/centos7/2.4.1.0-22/
  4. gpgcheck=0
  5. gpgkey=http://192.168.0.203/ambari-hdp/AMBARI-2.4.1.0/centos7/2.4.1.0-22/RPM-GPG-KEY/RPM-GPG-KEY-Jenkins
  6. enabled=1
  7. priority=1
  •   hdp.repo
  1. [HDP-2.5.0.0]
  2. name=Hortonworks Data Platform Version - HDP-2.5.0.0
  3. baseurl=http://192.168.0.203/ambari-hdp/HDP/centos7
  4. gpgcheck=0
  5. gpgkey=http://192.168.0.203/ambari-hdp/HDP/centos7/RPM-GPG-KEY/RPM-GPG-KEY-Jenkins
  6. enabled=1
  7. priority=1
  •   hdp-util.repo
  1. [HDP-UTILS-1.1.0.21]
  2. name=Hortonworks Data Platform Version - HDP-UTILS-1.1.0.21
  3. baseurl=http://192.168.0.203/ambari-hdp/HDP-UTILS/
  4. gpgcheck=0
  5. gpgkey=http://192.168.0.203/ambari-hdp/HDP-UTILS/RPM-GPG-KEY/RPM-GPG-KEY-Jenkins
  6. enabled=1
  7. priority=1

   查看资源池:

  1.   [root@master yum.repos.d]# yum repolist 
  2.   repo id                                          repo name                                                                     status
  3.   HDP-2.5                                          HDP-2.5                                                                        0+200
  4.   HDP-2.5.0.0                                      Hortonworks Data Platform Version - HDP-2.5.0.0                                  200
  5.   HDP-UTILS-1.1.0.21                               HDP-UTILS-1.1.0.21                                                                64
  6.   ambari-2.4.1.0                                   ambari-2.4.1.0

(5)安装和设置Ambari server:

yum install ambari-server -y

安装完成后创建ambari数据库及用户,登录root用户执行下面语句:

  1. mysql> create database ambari character set utf8;
  2. mysql> CREATE USER 'ambari'@'%' IDENTIFIED BY 'ambari';
  3. mysql> GRANT ALL PRIVILEGES ON *.* TO 'ambari'@'%';
  4. mysql> FLUSH PRIVILEGES;

如果要安装Hive,再创建Hive数据库和用户 再执行下面的语句:

  1. mysql> create database hive character set utf8;
  2. mysql> CREATE USER 'hive'@'%' IDENTIFIED BY 'hive';
  3. mysql> GRANT ALL PRIVILEGES ON *.* TO 'hive'@'%';
  4. mysql> FLUSH PRIVILEGES;

如果要安装Oozie,再创建Oozie数据库和用户 再执行下面的语句:

  1. mysql> create database oozie character set utf8;
  2. mysql> CREATE USER 'oozie'@'%' IDENTIFIED BY 'oozie';
  3. mysql> GRANT ALL PRIVILEGES ON *.* TO 'oozie'@'%';
  4. mysql> FLUSH PRIVILEGES;

(6) 配置Ambari-Server

  1. [root@node-1 ~]# ambari-server setup
  2. Using python  /usr/bin/python
  3. Setup ambari-server
  4. Checking SELinux...
  5. SELinux status is 'disabled'
  6. Customize user account for ambari-server daemon [y/n] (n)? y
  7. Enter user account for ambari-server daemon (root):ambari  
  8. Adjusting ambari-server permissions and ownership...
  9. Checking firewall status...
  10. Checking JDK...
  11. [1] Oracle JDK 1.8 + Java Cryptography Extension (JCE) Policy Files 8
  12. [2] Oracle JDK 1.7 + Java Cryptography Extension (JCE) Policy Files 7
  13. [3] Custom JDK
  14. ==============================================================================
  15. Enter choice (1): 3
  16. WARNING: JDK must be installed on all hosts and JAVA_HOME must be valid on all hosts.
  17. WARNING: JCE Policy files are required for configuring Kerberos security. If you plan to use Kerberos,please make sure JCE Unlimited Strength Jurisdiction Policy Files are valid on all hosts.
  18. Path to JAVA_HOME: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64/jre  # 填写java_home
  19. Validating JDK on Ambari Server...done.
  20. Checking GPL software agreement...
  21. GPL License for LZO: https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html
  22. Enable Ambari Server to download and install GPL Licensed LZO packages [y/n] (n)? n
  23. Completing setup...
  24. Configuring database...
  25. Enter advanced database configuration [y/n] (n)? y  
  26. Configuring database...
  27. ==============================================================================
  28. Choose one of the following options:
  29. [1] - PostgreSQL (Embedded)
  30. [2] - Oracle
  31. [3] - MySQL / MariaDB
  32. [4] - PostgreSQL
  33. [5] - Microsoft SQL Server (Tech Preview)
  34. [6] - SQL Anywhere
  35. [7] - BDB
  36. ==============================================================================
  37. Enter choice (1): 3
  38. Hostname (localhost): 
  39. Port (3306): 
  40. Database name (ambari): 
  41. Username (ambari): 
  42. Enter Database Password (bigdata): 
  43. Configuring ambari database...
  44. WARNING: Before starting Ambari Server, you must copy the MySQL JDBC driver JAR file to /usr/share/java and set property "server.jdbc.driver.path=[path/to/custom_jdbc_driver]" in ambari.properties.
  45. Press <enter> to continue.

 到上面一步时,提示需要配置mysql的 jdbc驱动,并修改Ambari配置文件,指定jdbc驱动文件位置:

在安装Metron准备(11)步骤时我们安装了JAVA MySQL连接器其默认路径为(/usr/share/java/),所以我们只需要在Ambari配置文件中添加jdbc驱动文件位置即可,即在编辑/etc/ambari-server/conf/ambari.properties添加如下配置:

server.jdbc.driver.path=/usr/share/java/mysql-connector-java.jar

 配置完成后继续,会出现如下提示:

  1. Press <enter> to continue.
  2. Configuring remote database connection properties...
  3. WARNING: Before starting Ambari Server, you must run the following DDL against the database to create the schema: /var/lib/ambari-server/resources/Ambari-DDL-MySQL-CREATE.sql
  4. Proceed with configuring remote database connection properties [y/n] (y)?

 出现上述提示时,根据信息导入数据库:将Ambari数据库脚本导入到数据库。Ambari安装会将安装等信息写入数据库,建议使用自己安装的MySQL数据库,也可以不安装而使用默认数据库PostgreSQL。如果使用自己定义的数据库,必须在启动Ambari服务之前导入Ambari的sql脚本。

  1. # mysql -uroot -p
  2. mysql> use ambari;
  3. mysql> source /var/lib/ambari-server/resources/Ambari-DDL-MySQL-CREATE.sql;

(6)通过运行mpack命令将Metron服务添加到Ambari(确保在--mpack =中指定正确的mpack路径):

ambari-server install-mpack --mpack=/root/metron/metron-deployment/packaging/ambari/metron-mpack/target/metron_mpack-0.4.1.0.tar.gz --verbose

 (7)启动Ambari服务

ambari-server start

(8)服务启动成功后,会监听8080端口,通过在Web浏览器中访问Ambari UI:http://<Ambari_server_ip>:8080/,账号密码admin/admin正常登录,则安装完成。结果如下图所示(图片来自网络,仅供参考):

(9)创建集群

使用ambari的web界面可完成对集群的所有管理操作,创建一个实例集群。

 选择本地源,移除不必要的版本:

 设置本地源为以上步骤中制作的本地源:

Base URL:ambari :http://172.16.16.183:82/ambari-hdp/ambari/centos7/

                     HDP :http://172.16.16.183:82/ambari-hdp/HDP/centos7/

                    HDP-UTILS:http://172.16.16.183:82/ambari-hdp/HDP-UTILS/

及Metron 源采用本地源:file:////localrepo/repodata

添加主机节点,上传(Ambari server 节点的)id_rsa文件:
使用Ambari搭建Hadoop集群

(9)安装Ambari agent,组建集群,如下图所示(由于在安装过程中不仅需要从本地HDP及Metron配置的源中下载文件还需要联网下载文件所以需要时间较长,且有时会因为网络超时导致安装失败,可能需要多次重试,请周知):

 在安装过程中,ambari注册主机的时候,ambari-agent出现如下错误:

  1. NetUtil.py:96 - EOF occurred in violation of protocol (_ssl.c:579)
  2. NetUtil.py:97 - SSLError: Failed to connect. Please check openssl library versions.

有两种可能:

第一是有可能如前面所提到的使用的是centos7、python 2.7.5及以上版本的python 会在安装Ambari agent时报错:

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)

解决办法是:要解决此问题,即在此处禁用Python中的证书检查

  1.  
  2. sed -i 's/verify=platform_default/verify=disable/' /etc/python/cert-verification.cfg

第二是Ambari agent安全验证引起的;

解决方案 在ambari-agent的配置文件ambari-agent.ini 在 [security]增加一项

  1. [security] 
  2. force_https_protocol=PROTOCOL_TLSv1_2

2.如出现bootstrap、stack-recommendations 目录找不到的错误:

解决方案:

进入/var/run/ambari-server,手动创建bootstrap文件夹,并对其添加owner为ambari:

chown ambari bootstrap

然后重启Ambari server

ambari-server restart

安装成功后,会显示如下界面:
使用Ambari搭建Hadoop集群
(9)使用Ambari安装其他组件

        a.首先,输入集群任意集群名称;

        b.选择版本:确保选中"Public Repository"。您还应该看到列出的/localrepo目录。

       c.设置安装选项:在"Target Hosts"中指定安装Ambari集群的节点的主机名(/ etc / hosts中指定的所有节点)。在"Host Registration Information"中复制主节点私钥(/root/.ssh/id_rsa)的内容。如果收到警告"以下主机名无效FQDN",请忽略它并单击"确定"。

       d.选择服务:选择以下服务:

使用Ambari搭建Hadoop集群  

  1. HDFS
  2. YARN + MapReduce2
  3. Tez
  4. HBase
  5. Pig
  6. Zookeeper
  7. Storm
  8. Flume
  9. Ambari Metrics
  10. Kafka
  11. Elasticsearch
  12. Kibana
  13. Metron
  14. Slider
  15. OpenTAXII
  16. Pycapa
  17. Zeppelin Notebook
  18. Hive

      e.分配Masters:在所有节点上分配"Kafka Broker",确保在一个公共节点上安装以下组件:

  1. Storm UI Server
  2. Metron Indexing
  3. MySQL Server
  4. Kibana Server
  5. Elasticsearch Master
  6. Metron Parsers
  7. Metron Enrichment

      f. 分配Slaves和Clients:

  1. DataNode
  2. NodeManager
  3. RegionServer
  4. Supervisor
  5. Client

      g.自定义服务:以下是需要配置的服务列表:

(1)在HDFS - > Configs下将"NameNode Java堆大小"(namenode_heapsize)从默认的1024 MB设置为至少4096 MB。

(2)对于ElasticSearch:
将"zen_discovery_ping_unicast_hosts"设置为在Assign Master选项卡上分配ElasticSearch Master的节点的IP。
在"Advanced elastic-site"下:将"network_host"更改为"0.0.0.0"。如果Metron暴露在公共互联网上,请不要这样做!现在是“[_local_,_ site_]”。
(3)对于Kibana:
将"kibana_es_url"设置为http:// <elasticsearch_master_hostname>:9200。elasticsearch_master_hostname是" Assign Master "选项卡上分配ElasticSearch Master的节点的IP。
将"kibana_default_application"更改为"dashboard / Metron-Dashboard"
(4)对于Metron:将"Elasticsearch Hosts"设置为在Assign Master选项卡上分配ElasticSearch Master的节点的IP。
(5)对于Storm:将"supervisor.slots.ports"的数量从默认的[6700,6701]增加到[6700,6701,6702,6703,6704]如果只安装一个节点。
(6)对于metron REST使用:
           Metron JDBC客户端路径:/usr/share/java/mysql-connector-java.jar
           Metron JDBC驱动程序:com.mysql.jdbc.Driver
           Metron JDBC密码:<DB PASSWORD>
           Metron JDBC平台:mysql
           Metron JDBC URL:jdbc:mysql://127.0.0.1:3306 / <DB NAME>
           Metron JDBC用户名:<DB USERNAME>

(7)将其余配置值设置为Ambari推荐的或您想要的配置值(如DB密码)并执行安装。在只有3个节点,集群安装如下:

node1

node2

node3
DataNode DataNode DataNode
Elasticsearch Master App Timeline Server

Elasticsearch Data Node
Grafana Kafka Broker Metrics Monitor
HBase Client DRPC Server Flume
HBase Master HBase Client HBase Client
HCat Client HCat Client HCat Client
HDFS Client HDFS Client HDFS Client
Hive Client Hive Client Hive Client
Kafka Broker History Server Kafka Broker
Kibana Server Hive Metastore MapReduce2 Client
MapReduce2 Client HiveServer2 Metrics Collector
Metrics Monitor MapReduce2 Client Metron Client
Metron Client Metrics Monitor NodeManager
Metron Enrichment Metron Client Pig Client
Metron Indexing MySQL Server Slider Client
Metron Parsers Nimbus Spark Client
Metron REST NodeManager Supervisor
NameNode Pig Client Tez Client
NodeManager ResourceManager YARN Client
Pig Client NameNode ZooKeeper Client

RegionServer

 RegionServer RegionServer
Slider Client Slider Client ZooKeeper Server
Spark Client Spark Client  
Spark History Server Supervisor  
Storm UI Server Tez Client  
Supervisor WebHCat Server  
Tez Client YARN Client  
YARN Client ZooKeeper Client  
Zeppelin Notebook ZooKeeper Server  
ZooKeeper Client    
ZooKeeper Server    

 配置Metron REST,Metron REST可能无法工作,因为我们仍然需要将用户和数据库添加到MariaDB。此时,请确保所有服务都已启动,需要手动启动一些。

在MySQL中为Metron REST配置用户。在安装Metron REST UI的节点上,执行以下操作:

  1. # mysql -u root -p
  2. CREATE USER '<DB USERNAME>'@'localhost' IDENTIFIED BY '<DB PASSWORD>';
  3. CREATE DATABASE IF NOT EXISTS <DB NAME>;
  4. GRANT ALL PRIVILEGES ON <DB NAME>.* TO '<DB USERNAME>'@'localhost';

例如:

  1. # mysql -u root -p
  2. > CREATE USER 'metron'@'localhost' IDENTIFIED BY 'metron';
  3. > CREATE DATABASE IF NOT EXISTS metronrest;
  4. > GRANT ALL PRIVILEGES ON metronrest.* TO 'metron'@'localhost';
  5. > quit
  6. Bye
  7. #

在metron REST服务运行之前,我们需要做最后一步。 由于Centos 7中的systemd,服务metron-rest start <PASSWORD>不再有效。因此,必须编辑配置文件"/etc/rc.d/init.d/metron-rest"。 在此文件中,将METRON_JDBC_PASSWORD ="$2"更改为METRON_JDBC_PASSWORD ="<DB PASSWORD>"并通过Ambari界面重新启动metron-rest服务。

配置以下项时,请确保已启动Metron REST UI。

将Metron REST用户名和密码添加到metronrest数据库:

  1. # mysql -u <DB USERNAME> -p
  2. > use <DB NAME>;
  3. > insert into users (username, password, enabled) values ('<USERNAME>','<PASSWORD>',1);
  4. > insert into authorities (username, authority) values ('<USERNAME>', 'ROLE_USER');
  5. > quit
  6. Bye
  7. #

例如:

  1. # mysql -u metron -p
  2. > use metronrest;
  3. > insert into users (username, password, enabled) values ('metron','metron',1);
  4. > insert into authorities (username, authority) values ('metron', 'ROLE_USER');
  5. > quit
  6. Bye
  7. #

确保所有服务都已启动。

 

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

Metron(一)

尚琬凝霏 2020-02-21 15:56:39