环境介绍:
Soft | Verison |
---|---|
Hadoop | hadoop-3.3.4 |
Hadoop HDFS 环境安装
-
Java环境准备:
wget https://repo.huaweicloud.com/java/jdk/8u202-b08/jdk-8u202-linux-x64.tar.gz tar -xzvf jdk-8u202-linux-x64.tar.gz
Java 环境配置:vim /etc/profile
export JAVA_HOME=/root/jdk1.8.0_202 export JRE_HOME=${JAVA_HOME}/jre export CLASSPATH=.:${JAVA_HOME}/lib:${JRE_HOME}/lib:$CLASSPATH export JAVA_PATH=${JAVA_HOME}/bin:${JRE_HOME}/bin export PATH=$PATH:${JAVA_PATH}
-
Hadoop3.3.4 下载
wget https://mirrors.tuna.tsinghua.edu.cn/apache/hadoop/common/hadoop-3.3.4/hadoop-3.3.4.tar.gz tar -xzvf hadoop-3.3.4.tar.gz
-
Hadoop环境配置
export HADOOP_HOME=/root/hadoop-3.3.4 export HADOOP_CONF_DIR=$HADOOP_HOME/etc/hadoop export HADOOP_HDFS_HOME=$HADOOP_HOME export PATH=$PATH:$HADOOP_HOME/sbin:$HADOOP_HOME/bin
-
Lacalhost SSH 免密登录
ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys chmod 0600 ~/.ssh/authorized_keys ssh localhost
执行 ssh localhost,会弹出安全提示,填写yes即可。
如果是docker环境下,需要手动启动sshd服务。
/usr/sbin/sshd
-
core-site.xml配置
[root@17a5da45700b hadoop]# cat etc/hadoop/core-site.xml <configuration> <property> <name>fs.defaultFS</name> <value>hdfs://localhost:9000</value> </property> <property> <name>hadoop.proxyuser.root.hosts</name> <value>*</value> </property> <property> <name>hadoop.proxyuser.root.groups</name> <value>*</value> </property> <property> <name>hadoop.security.key.provider.path</name> <value>kms://http@localhost:9600/kms</value> <description> The KeyProvider to use when interacting with encryption keys used when reading and writing to an encryption zone. </description> </property> <property> <name>hadoop.proxyuser.kms.groups</name> <value>*</value> </property> </configuration>
-
hdfs-site.xml配置
[root@VM-0-62-centos hadoop-3.3.4]# cat etc/hadoop/hdfs-site.xml <?xml version="1.0" encoding="UTF-8"?> <?xml-stylesheet type="text/xsl" href="configuration.xsl"?> <!-- Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. See accompanying LICENSE file. --> <!-- Put site-specific property overrides in this file. --> <configuration> <property> <name>dfs.replication</name> <value>1</value> </property> <property> <name>hadoop.security.key.provider.path</name> <value>kms://http@localhost:9600/kms</value> <description> The KeyProvider to use when interacting with encryption keys used when reading and writing to an encryption zone. </description> </property> </configuration>
-
hadoop-env.sh配置:添加如下配置到hadoop-env.sh。
export JAVA_HOME=/root/jdk1.8.0_202 export HDFS_NAMENODE_USER=root export HDFS_DATANODE_USER=root export HDFS_SECONDARYNAMENODE_USER=root export YARN_RESOURCEMANAGER_USER=root export YARN_NODEMANAGER_USER=root export HADOOP_SHELL_EXECNAME=root
-
格式化hdfs文件系统
bin/hdfs namenode -format
-
启动hadoop服务
./start-all.sh
查看进程
[root@VM-0-62-centos sbin]# jps 83586 NameNode 84005 SecondaryNameNode 90937 Jps 84283 ResourceManager 84442 NodeManager 83773 DataNode
KMS配置和启动
-
使用keytool生成秘钥文件:
keytool -genkey -alias 'key1';
执行上面命令,密码为123456,其他都为空,遇到yes/no时输入yes
[root@57f4b0d7c137 common]# keytool -genkey -alias 'key1'; Enter keystore password: 123456 What is your first and last name? [Unknown]: What is the name of your organizational unit? [Unknown]: What is the name of your organization? [Unknown]: What is the name of your City or Locality? [Unknown]: What is the name of your State or Province? [Unknown]: What is the two-letter country code for this unit? [Unknown]: Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct? [no]: yes Enter key password for <key2> (RETURN if same as keystore password): 123456 Re-enter new password:123456
也可以使用如下命令:
keytool -genkey -alias 'kmskey' -keystore /root/kms.keystore -dname "CN=localhost, OU=localhost, O=localhost, L=SH, ST=SH, C=CN" -keypass 123456 -storepass 123456 -validity 180
-
在 etc/hadoop/下创建kms.keystore.password 文件,并写入密码123456
[root@VM-0-62-centos hadoop-3.3.4]# cat etc/hadoop/kms.keystore.password 123456
-
kms-site.xml配置
-
cat etc/hadoop/kms-site.xml <?xml version="1.0" encoding="UTF-8"?> <!-- Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> <!-- Put site-specific property overrides in this file. --> <configuration> <property> <name>hadoop.kms.key.provider.uri</name> <!--keytools生成的keystore文件 --> <value>jceks://file@/root/kms.keystore</value> </property> <property> <name>hadoop.security.keystore.java-keystore-provider.password-file</name> <!-- etc/hadoop/kms.keystore.password 文件名称,文件中包含了密码 --> <value>kms.keystore.password</value> </property> </configuration>
-
启动KMS
hadoop --daemon start kms
查看kms进程
[root@VM-0-62-centos hadoop-3.3.4]# ps axu|grep kms root 87089 0.3 3.4 3698484 270792 pts/1 Sl 17:52 0:07 /root/jdk1.8.0_202/bin/java -Dproc_kms -Djava.net.preferIPv4Stack=true -Dkms.config.dir=/root/hadoop-3.3.4/etc/hadoop -Dkms.log.dir=/root/hadoop-3.3.4/logs -Dyarn.log.dir=/root/hadoop-3.3.4/logs -Dyarn.log.file=hadoop-root-kms-VM-0-62-centos.log -Dyarn.home.dir=/root/hadoop-3.3.4 -Dyarn.root.logger=INFO,console -Djava.library.path=/root/hadoop-3.3.4/lib/native -Dhadoop.log.dir=/root/hadoop-3.3.4/logs -Dhadoop.log.file=hadoop-root-kms-VM-0-62-centos.log -Dhadoop.home.dir=/root/hadoop-3.3.4 -Dhadoop.id.str=root -Dhadoop.root.logger=INFO,RFA -Dhadoop.policy.file=hadoop-policy.xml -Dhadoop.security.logger=INFO,NullAppender org.apache.hadoop.crypto.key.kms.server.KMSWebServer root 93056 0.0 0.0 9208 1100 pts/2 S+ 18:30 0:00 grep --color=auto kms
-
KMS使用
#创建秘钥 hadoop key create key1 #查询列表 hadoop key list –metadata #创建目录 hadoop fs -mkdir /sub #使用key1加密sub目录 hdfs crypto -createZone -keyName key1 -path /sub #像加密区sub写入数据 hdfs dfs -copyFromLocal NOTICE.txt /sub #读取加密区sub的数据 hdfs dfs -copyToLocal /sub NOTICE.txt.1
参考:
-
https://blog.csdn.net/linlinv3/article/details/44963429
-
https://blog.csdn.net/yunduanyou/article/details/76461223