HDP 10.Azkaban 编译及 LDAP 配置

1、下载 ( 在 client-v01 服务器操作 )

mkdir -p /software/;

cd /software/;

yum -y install git;

git clone https://github.com/azkaban/azkaban.git

2、编译( 在 client-v01 服务器操作 )

yum -y install npm

npm install -g less dustjs-linkedin

yum -y install ant*

cd /software/azkaban/

./gradlew distTar

执行 ./gradlew distTar 命令编译成功后,将出现类似如下图的 "BUILD SUCCESSFUL" 字样。

 

3、初步安装

创建 azkaban元数据库,并创建相关数据库帐号( 在ambari  服务器操作 )。

mysql -uroot -p123456

CREATE DATABASE `azkaban` /*!40100 DEFAULT CHARACTER SET utf8 */;

CREATE USER 'azkaban'@'client-v01.tianlingqun.com' IDENTIFIED BY 'Wf#azkb123';

CREATE USER 'azkaban'@'client-v02.tianlingqun.com' IDENTIFIED BY 'Wf#azkb123';

GRANT all ON azkaban.* to 'azkaban'@'client-v01.tianlingqun.com' WITH GRANT OPTION;

GRANT all ON azkaban.* to 'azkaban'@'client-v02.tianlingqun.com' WITH GRANT OPTION;

flush privileges;

 

4、导入元数据( 在 client-v01 服务器以 root 用户操作 )。

cd /software/azkaban/

cp ./azkaban-web-server/build/distributions/azkaban-web-server-3.80.0.tar.gz /usr/local/;

cp ./azkaban-exec-server/build/distributions/azkaban-exec-server-3.80.0.tar.gz /usr/local/;

cp ./azkaban-db/build/distributions/azkaban-db-3.80.0.tar.gz /usr/local/;

cp ./azkaban-hadoop-security-plugin/build/distributions/azkaban-hadoop-security-plugin-3.80.0.tar.gz /usr/local/;

cd /usr/local/;

tar -xvf ./azkaban-web-server-3.80.0.tar.gz;

tar -xvf ./azkaban-exec-server-3.80.0.tar.gz;

tar -xvf ./azkaban-db-3.80.0.tar.gz;

tar -xvf ./azkaban-hadoop-security-plugin-3.80.0.tar.gz;

rm -rf /usr/local/azkaban*.tar.gz;

ln -s ./azkaban-web-server-3.80.0 ./azkaban-web-server

ln -s ./azkaban-exec-server-3.80.0 ./azkaban-exec-server

yum -y localinstall https://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm

yum -y install mysql-community-client

cd /usr/local/azkaban-db-3.80.0/;

mysql -hambari.tianlingqun.com -uazkaban -pWf\#azkb123;

use azkaban;

source /usr/local/azkaban-db-3.80.0/create-all-sql-3.80.0.sql;

5、创建 Azkaban LDAP相关帐号,并配置azkaban用户环境 ( 在client-v01 服务器以 root 用户操作 )。

kinit admin

ipa user-add azkaban --first=azkaban --last=azkaban --shell=/bin/bash --homedir=/home/azkaban;

ipa service-add azkaban/client-v01.tianlingqun.com;

ipa-getkeytab -s ipa-v01.tianlingqun.com -p azkaban/client-v01.tianlingqun.com \

-k /etc/security/keytabs/azkaban.service.keytab;

chown azkaban:azkaban /etc/security/keytabs/azkaban.service.keytab;

chmod 400 /etc/security/keytabs/azkaban.service.keytab;

mkdir /home/azkaban/;

cp ~/.bashrc /home/azkaban/;

cp ~/.bash_profile /home/azkaban/;

chown -R azkaban:azkaban /home/azkaban;

cd /usr/local/;

chown -R azkaban:azkaban /usr/local/azkaban*;

6、生成代理 execute-as-user 文件,以便 Azkaban能够以“代理某用户执行”

cd /usr/local/azkaban-exec-server/

mkdir nativelib

chown azkaban:azkaban ./nativelib;

cd nativelib

cp /software/azkaban/az-exec-util/src/main/c/execute-as-user.c ./

gcc execute-as-user.c -o execute-as-user

chown root:azkaban execute-as-user

chmod 6050 execute-as-user

同时记得修改配置文件 /usr/local/azkaban-exec-server/plugins/jobtypes/commonprivate.properties 中的配置如下:

execute.as.user=true

azkaban.native.lib=/usr/local/azkaban-exec-server/nativelib/

7、创建相关目录

cd /usr/local/azkaban-web-server/

mkdir ./logs

mkdir ./nativelib

mkdir ./temp

chown azkaban:azkaban ./*

cd /usr/local/azkaban-exec-server/

mkdir ./executions

mkdir ./projects

mkdir ./logs

mkdir ./temp

chown azkaban:azkaban ./*

8、下载编译 ldap 相关 jar 包

cd /software/

git clone https://github.com/researchgate/azkaban-ldap-usermanager.git

cd ./azkaban-ldap-usermanager

./gradlew build

编译成功后,将其cp 到 /usr/local/azkaban-web-server/nativelib/

cp ./build/libs/azkaban-ldap-usermanager-1.2.1-SNAPSHOT.jar /usr/local/azkaban-web-server/nativelib/

cp ./build/libs/azkaban-ldap-usermanager-1.2.1-SNAPSHOT.jar /usr/local/azkaban-web-server/lib/

chown azkaban:azkaban /usr/local/azkaban-web-server/nativelib/azkaban-ldap-usermanager-1.2.1-SNAPSHOT.jar

chown azkaban:azkaban /usr/local/azkaban-web-server/lib/azkaban-ldap-usermanager-1.2.1-SNAPSHOT.jar

 

 

9、执行如下命令,生成 keystore 文件

cd /usr/local/azkaban-web-server

keytool -keystore keystore -alias jetty -genkey -keyalg RSA -sigalg SHA256withRSA

chown azkaban:azkaban ./keystore

 

10、配置Azkaban,具体配置文件请参考:

/usr/local/azkaban-web-server/conf/azkaban.properties 对应附件中的azkaba.web.properties 文件;

/usr/local/azkaban-exec-server/conf/azkaban.properties 对应附件中的azkaba.exec.properties 文件;

尝试启动 Azkaban(记住:先启动 exec 进程,再启动 web进程;因为在启动 web进程的时候会检查当前是否有“活跃”的 exec 进程)

su - azkaban

cd /usr/local/azkaban-exec-server

./bin/start-exec.sh

curl -G "localhost:12321/executor?action=activate" && echo

cd /usr/local/azkaban-web-server

mkdir -p ./plugins/triggers #  这个目录是不应该创建的:否则Azkabanweb ⽆法进入!!!!

./bin/start-web.sh

注意:

1. 报"ERROR [PluginCheckerAndActionsLoader] [Azkaban]plugin path plugins/triggers doesn't exist!" 之类的错误可以忽略。

2. 由于配置了user.manager.ldap.allowedGroups=admins,g_etl,g_bigdata,g_rec,g_anticheat,g_push,g_datapm,g_ad ,所以只有 ipa 用户属于这些组之一才能登陆使用Azkaban。

11、安装完毕后,可以尝试登陆 Azkaban WEB UI,链接https://client-v01:8443

 

 

posted @ 2022-05-29 08:30  田领群  阅读(62)  评论(0编辑  收藏  举报