HDP 10.Azkaban 编译及 LDAP 配置
1、下载 ( 在 client-v01 服务器操作 )
mkdir -p /software/;
cd /software/;
yum -y install git;
git clone https://github.com/azkaban/azkaban.git
2、编译( 在 client-v01 服务器操作 )
yum -y install npm
npm install -g less dustjs-linkedin
yum -y install ant*
cd /software/azkaban/
./gradlew distTar
执行 ./gradlew distTar 命令编译成功后,将出现类似如下图的 "BUILD SUCCESSFUL" 字样。
3、初步安装
创建 azkaban元数据库,并创建相关数据库帐号( 在ambari 服务器操作 )。
mysql -uroot -p123456
CREATE DATABASE `azkaban` /*!40100 DEFAULT CHARACTER SET utf8 */;
CREATE USER 'azkaban'@'client-v01.tianlingqun.com' IDENTIFIED BY 'Wf#azkb123';
CREATE USER 'azkaban'@'client-v02.tianlingqun.com' IDENTIFIED BY 'Wf#azkb123';
GRANT all ON azkaban.* to 'azkaban'@'client-v01.tianlingqun.com' WITH GRANT OPTION;
GRANT all ON azkaban.* to 'azkaban'@'client-v02.tianlingqun.com' WITH GRANT OPTION;
flush privileges;
4、导入元数据( 在 client-v01 服务器以 root 用户操作 )。
cd /software/azkaban/
cp ./azkaban-web-server/build/distributions/azkaban-web-server-3.80.0.tar.gz /usr/local/;
cp ./azkaban-exec-server/build/distributions/azkaban-exec-server-3.80.0.tar.gz /usr/local/;
cp ./azkaban-db/build/distributions/azkaban-db-3.80.0.tar.gz /usr/local/;
cp ./azkaban-hadoop-security-plugin/build/distributions/azkaban-hadoop-security-plugin-3.80.0.tar.gz /usr/local/;
cd /usr/local/;
tar -xvf ./azkaban-web-server-3.80.0.tar.gz;
tar -xvf ./azkaban-exec-server-3.80.0.tar.gz;
tar -xvf ./azkaban-db-3.80.0.tar.gz;
tar -xvf ./azkaban-hadoop-security-plugin-3.80.0.tar.gz;
rm -rf /usr/local/azkaban*.tar.gz;
ln -s ./azkaban-web-server-3.80.0 ./azkaban-web-server
ln -s ./azkaban-exec-server-3.80.0 ./azkaban-exec-server
yum -y localinstall https://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm
yum -y install mysql-community-client
cd /usr/local/azkaban-db-3.80.0/;
mysql -hambari.tianlingqun.com -uazkaban -pWf\#azkb123;
use azkaban;
source /usr/local/azkaban-db-3.80.0/create-all-sql-3.80.0.sql;
5、创建 Azkaban LDAP相关帐号,并配置azkaban用户环境 ( 在client-v01 服务器以 root 用户操作 )。
kinit admin
ipa user-add azkaban --first=azkaban --last=azkaban --shell=/bin/bash --homedir=/home/azkaban;
ipa service-add azkaban/client-v01.tianlingqun.com;
ipa-getkeytab -s ipa-v01.tianlingqun.com -p azkaban/client-v01.tianlingqun.com \
-k /etc/security/keytabs/azkaban.service.keytab;
chown azkaban:azkaban /etc/security/keytabs/azkaban.service.keytab;
chmod 400 /etc/security/keytabs/azkaban.service.keytab;
mkdir /home/azkaban/;
cp ~/.bashrc /home/azkaban/;
cp ~/.bash_profile /home/azkaban/;
chown -R azkaban:azkaban /home/azkaban;
cd /usr/local/;
chown -R azkaban:azkaban /usr/local/azkaban*;
6、生成代理 execute-as-user 文件,以便 Azkaban能够以“代理某用户执行”
cd /usr/local/azkaban-exec-server/
mkdir nativelib
chown azkaban:azkaban ./nativelib;
cd nativelib
cp /software/azkaban/az-exec-util/src/main/c/execute-as-user.c ./
gcc execute-as-user.c -o execute-as-user
chown root:azkaban execute-as-user
chmod 6050 execute-as-user
同时记得修改配置文件 /usr/local/azkaban-exec-server/plugins/jobtypes/commonprivate.properties 中的配置如下:
execute.as.user=true
azkaban.native.lib=/usr/local/azkaban-exec-server/nativelib/
7、创建相关目录
cd /usr/local/azkaban-web-server/
mkdir ./logs
mkdir ./nativelib
mkdir ./temp
chown azkaban:azkaban ./*
cd /usr/local/azkaban-exec-server/
mkdir ./executions
mkdir ./projects
mkdir ./logs
mkdir ./temp
chown azkaban:azkaban ./*
8、下载编译 ldap 相关 jar 包
cd /software/
git clone https://github.com/researchgate/azkaban-ldap-usermanager.git
cd ./azkaban-ldap-usermanager
./gradlew build
编译成功后,将其cp 到 /usr/local/azkaban-web-server/nativelib/
cp ./build/libs/azkaban-ldap-usermanager-1.2.1-SNAPSHOT.jar /usr/local/azkaban-web-server/nativelib/
cp ./build/libs/azkaban-ldap-usermanager-1.2.1-SNAPSHOT.jar /usr/local/azkaban-web-server/lib/
chown azkaban:azkaban /usr/local/azkaban-web-server/nativelib/azkaban-ldap-usermanager-1.2.1-SNAPSHOT.jar
chown azkaban:azkaban /usr/local/azkaban-web-server/lib/azkaban-ldap-usermanager-1.2.1-SNAPSHOT.jar
9、执行如下命令,生成 keystore 文件
cd /usr/local/azkaban-web-server
keytool -keystore keystore -alias jetty -genkey -keyalg RSA -sigalg SHA256withRSA
chown azkaban:azkaban ./keystore
10、配置Azkaban,具体配置文件请参考:
/usr/local/azkaban-web-server/conf/azkaban.properties 对应附件中的azkaba.web.properties 文件;
/usr/local/azkaban-exec-server/conf/azkaban.properties 对应附件中的azkaba.exec.properties 文件;
尝试启动 Azkaban(记住:先启动 exec 进程,再启动 web进程;因为在启动 web进程的时候会检查当前是否有“活跃”的 exec 进程)
su - azkaban
cd /usr/local/azkaban-exec-server
./bin/start-exec.sh
curl -G "localhost:12321/executor?action=activate" && echo
cd /usr/local/azkaban-web-server
mkdir -p ./plugins/triggers # 这个目录是不应该创建的:否则Azkabanweb ⽆法进入!!!!
./bin/start-web.sh
注意:
1. 报"ERROR [PluginCheckerAndActionsLoader] [Azkaban]plugin path plugins/triggers doesn't exist!" 之类的错误可以忽略。
2. 由于配置了user.manager.ldap.allowedGroups=admins,g_etl,g_bigdata,g_rec,g_anticheat,g_push,g_datapm,g_ad ,所以只有 ipa 用户属于这些组之一才能登陆使用Azkaban。
11、安装完毕后,可以尝试登陆 Azkaban WEB UI,链接https://client-v01:8443