1.软件准备
- VMware
- CentOS-7
例如:CentOS-7-x86_64-DVD-1708.iso
2.虚拟机安装配置
- 安装3台虚拟机
- 网络配置(CentOS 7 在安装过程中配置最简单)
- 更改主机名
- host映射(主机名与IP地址的映射)
安装虚拟机及网络配置
更改主机名(所有虚拟机都执行)
hostnamectl set-hostname node1
hostnamectl set-hostname node1
hostnamectl set-hostname node3
- 更改之后不需要重启虚拟机,ctrl+D快捷键退出当前登入用户,重新登陆后即可刷新主机名。
主机名与IP地址的映射(所有虚拟机都执行)
vi /etc/hosts
##在此文件末尾添加如下代码
192.168.159.150 node1
192.168.159.151 node2
192.168.159.152 node3
3.集群规划
IP | 主机名 | 环境配置 | 安装 |
---|---|---|---|
192.168.159.150 | node1 | 关防火墙和selinux, host映射, 时钟同步 | JDK,NameNode,ResourceManager, Zookeeper |
192.168.159.151 | node2 | 关防火墙和selinux, host映射, 时钟同步 | JDK,DataNode,NodeManager,Zeekeeper |
192.168.159.152 | node3 | 关防火墙和selinux, host映射, 时钟同步 | JDK,DataNode,NodeManager,Zeekeeper |
4.关闭防火墙和selinux
4.1关闭防火墙(所有节点都执行)
##临时关闭防火墙
[root@node1 ~]# systemctl stop firewalld
##禁止开机自动启动防火墙
[root@node1 ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
4.2关闭selinux(所有节点都执行)
①什么是selinux
- SELinux是Linux的一种安全子系统
- Linux中的权限管理是针对于文件的,而不是针对进程的,也就是说,如果root启动了某个进程,则这个进程可以操作任何一个文件
- SELinux在Linux的文件权限之外,增加了对进程的限制,进程只能在进程允许的范围内操作资源
②为什么要关闭selinux
- 如果开启了SELinux,需要做非常复杂的配置,才能正常使用系统,在学习阶段,在非生产环境,一般不使用SELinux
③selinux的工作模式
- enforcing 强制模式
- permissive 宽容模式
- disabled 关闭
[root@node1 ~]# cd /etc/selinux
[root@node1 selinux]# vi config
##修改SELINUX值为disabled
SELINUX=disabled
5.虚拟机免密登录
①为什么要免密登录
- Hadoop 节点众多, 所以一般在主节点启动从节点, 这个时候就需要程序自动在主节点登录到从节点中, 如果不能免密就每次都要输入密码, 非常麻烦
②免密 SSH 登录的原理
- 需要先在 B节点 配置 A节点 的公钥
- A节点 请求 B节点 要求登录
- B节点 使用 A节点 的公钥, 加密一段随机文本
- A节点 使用私钥解密, 并发回给 B节点
- B节点 验证文本是否正确
5.1生成公钥与私钥(所有节点都执行)
[root@node1 selinux]# ssh-keygen -t rsa
执行该命令之后,按下三个回车即可
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:mL6IaAW41SYv4saZcJfrb1SOonlGyqq4v5r4aKIeXdE root@node1
The key's randomart image is:
+---[RSA 2048]----+
| |
| . |
|. . . E |
|..o o .o. |
| o.+ oo+S |
|+ +.B.o . |
|+=+O +. |
|+%*.+... |
|^B==ooo |
+----[SHA256]-----+
5.2拷贝公钥到同一台/第一台机器(所有节点都执行)
[root@node1 selinux]# ssh-copy-id node1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'node1 (192.168.159.150)' can't be established.
ECDSA key fingerprint is SHA256:3E8izhmwcC4cG7hDP/ZpuSAQkdfctNFgGmAp13Mu7rU.
ECDSA key fingerprint is MD5:c2:cd:87:cc:7c:26:e2:e9:1c:d1:be:41:24:5b:cb:47.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node1's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'node1'"
and check to make sure that only the key(s) you wanted were added.
5.3复制第一台机器的认证到其他机器(只在第一台机器上执行)
[root@node1 selinux]# scp /root/.ssh/authorized_keys node2:/root/.ssh
[root@node1 selinux]# scp /root/.ssh/authorized_keys node3:/root/.ssh
[root@node1 selinux]# scp /root/.ssh/authorized_keys node2:/root/.ssh
The authenticity of host 'node2 (192.168.159.151)' can't be established.
ECDSA key fingerprint is SHA256:rFVi0JO4lIK51dKM8mgTPduBSnqxcRcrA0NQHnRODu8.
ECDSA key fingerprint is MD5:c8:a9:84:ca:47:b5:6a:f1:79:aa:dc:95:4d:75:ff:70.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node2,192.168.159.151' (ECDSA) to the list of known hosts.
root@node2's password:
authorized_keys 100% 1176 1.4MB/s 00:00
[root@node1 selinux]# scp /root/.ssh/authorized_keys node3:/root/.ssh
The authenticity of host 'node3 (192.168.159.152)' can't be established.
ECDSA key fingerprint is SHA256:hMrlPmH1KXt5zYGhGMEUFXDe8WLdTBl+zdvkwnQg3DA.
ECDSA key fingerprint is MD5:46:f4:c9:62:b9:fc:b6:31:27:3b:fe:73:e9:35:81:72.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node3,192.168.159.152' (ECDSA) to the list of known hosts.
root@node3's password:
authorized_keys 100% 1176 1.4MB/s 00:00
6.时钟同步
①为什么需要时间同步
- 因为很多分布式系统是有状态的, 比如说存储一个数据, A节点记录的时间是 1, B节点记录的时间是 2, 就会出问题
②时钟同步的方法
- 所有主机和同一台主机的时间保持同步
- 通过网络,所有主机和时钟同步服务器保持同步(选用这种方法)
## 安装ntp
yum install -y ntp
## 启动定时任务
crontab -e
随后在弹出的输入界面输入下面内容
*/1 * * * * /usr/sbin/ntpdate ntp4.aliyun.com;