RangerAdminHA部署方案

ThomasgGx

已于 2023-03-21 09:25:57 修改

阅读量1k

点赞数

文章标签： hadoop

于 2021-08-31 17:15:02 首次发布

本文链接：https://blog.csdn.net/sinat_23257429/article/details/120022512

版权

概述

ranger最新版本2.0已经实现了基于客户端的HA方式，只需要在客户端配置多个URL即可，对于之前的版本如果是实现高可用可以采用Haproxy+KeepAlived的方式。另外由于RangerPlugin 每次并不是都是从服务端（rangerAdmin）拉去策略，会使用本地缓存进行权限验证所以在服务宕机后，也能正常进行鉴权，服务宕机后只会影响无法正常添加新的策略。

部署步骤

1.部署架构
rangerHa部署架构
按照架构我们这里需要部署两个Haproxy 两个Keepalived 两个rangerAdmin，其中 Haproxy与KeepAlived需要在相同的机器上部署
具体如下：

| 服务器 |部署角色 |
| ip1 |Haproxy+keepalived |
| ip2 |Haproxy+keepalived |
| ip3 | rangeradmin |
| ip3 | rangeradmin |

具体Haproxy 与Keepalived安装步骤这里不进行说明，只给出下配置文件：

keepAlived配置

global_defs {
   smtp_connect_timeout 30
   router_id LVS_DEVEL
}

vrrp_script chk_haproxy {
        script "/usr/local/haproxy/check_alive.sh" #检测haproxy状体，服务不正常时需要拉起服务或者kill掉当前keepalived
        interval 5 # 检测间隔
        weight -20  #BACKUP节点不配置
}

vrrp_instance VI_1 {
    state MASTER|BACKUP  #这里配置主备  主节点配置 MASTER 备份节点配置BACKUP
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
         192.168.163.200    #对外提供的虚拟ip地址
    }
    track_script {
       chk_haproxy    #引用上述脚本
    }
}

检测脚本内容


```powershell
#/bin/bash
# 检测服务进程，当无服务进程时尝试启动 如果启动不成功则kill掉当前的keepalived服务切花Vip
echo "check haproxy stats" >>/tmp/haproxy_check.log
A=`ps -C haproxy --no-header |wc  -l`

if [ $A -eq  0 ];then
   echo  "`date` haproxy  is dead">>/tmp/haproxy_check.log
   service haproxy  start
fi
sleep  5

if [ `ps -C haproxy --no-header|wc -l` -eq 0 ];then
    echo "`date` haproxy cannot start, stop keepalived" >>/tmp/haproxy_check.log
    service keepalived stop
fi


Haproxy配置

```css
#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend  http_front
     #配置监听
     bind *:6080
     http-request set-header X-Forwarded-Proto http
     stats uri /haproxy?stats
     default_backend  app


#    acl url_static       path_beg       -i /static /images /javascript /stylesheets
#    acl url_static       path_end       -i .jpg .gif .png .css .js

#    use_backend static          if url_static
#    default_backend             app

#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
#backend static
#W    balance     roundrobin
#    server      static 127.0.0.1:4331 check

#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
     mode http
     balance roundrobin
     cookie LB insert
     #如下配置后端服务代理地址
     server server1 192.168.163.113:6081 maxconn 200 weight 10 cookie 1 check inter 5000 rise 3 fall 3
     server server2 192.168.163.114:6081 maxconn 200 weight 10 cookie 2 check inter 5000 rise 3 fall 3