Kerberos認証を使用した1ノードのhive環境は、以下のVagrantfileを使用して構築できます。Kerberosとhiveのインストールと同時にテストユーザ(test)の作成とサンプルテーブルの作成も同時に行います。
Vagrantfile
VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.box = "bento/centos-7.3"
config.vm.hostname = "krbhive.vm.internal"
config.vm.provider :virtualbox do |vbox|
vbox.name = "krbhive"
vbox.cpus = 4
vbox.memory = 13312
vbox.customize ["modifyvm", :id, "--nicpromisc2","allow-all"]
end
# private network
config.vm.network "private_network", ip: "192.168.55.70", :netmask => "255.255.255.0"
# bridge netwrok
config.vm.network "public_network", ip: "192.168.1.70", :netmask => "255.255.255.0"
config.vm.network "forwarded_port", guest:22, host:10022, id:"ssh"
config.vm.provision "shell", inline: <<-SHELL
#echo "192.168.55.70 krbhive.vm.internal krbhive" >> /etc/hosts
sed -i -e 's/127.0.0.1\\t/192.168.55.70\\t/' /etc/hosts
# havegedのインストール
yum -y install epel-release
yum -y install haveged
systemctl enable haveged.service
systemctl start haveged.service
# kerberosインストール
yum -y install krb5-server krb5-workstation pam_krb5
# chrony設定
echo 'allow 192.168.1/24' >> /etc/chrony.conf
echo 'allow 192.168.55/24' >> /etc/chrony.conf
systemctl enable chronyd.service
systemctl start chronyd.service
# kdc.conf/kerb5/conf設定
sed -i -e 's/EXAMPLE.COM/VM.INTERNAL/g' /var/kerberos/krb5kdc/kdc.conf
kdb5_util create -r VM.INTERNAL -s -P admin
sed -i -e 's/# default_realm = EXAMPLE.COM/default_realm = VM.INTERNAL/' /etc/krb5.conf
sed -i -e 's/ default_ccache_name/#default_ccache_name/' /etc/krb5.conf
sed -i -e 's/\\[realms\\]/#[realms]/' /etc/krb5.conf
sed -i -e 's/\\[domain_realm\\]/#[domain_realm]/' /etc/krb5.conf
echo '' >> /etc/krb5.conf
echo '[realms]' >> /etc/krb5.conf
echo 'VM.INTERNAL = {' >> /etc/krb5.conf
echo ' kdc = krbhive.vm.internal' >> /etc/krb5.conf
echo ' admin_server = krbhive.vm.internal' >> /etc/krb5.conf
echo '}' >> /etc/krb5.conf
echo '' >> /etc/krb5.conf
echo '[domain_realm]' >> /etc/krb5.conf
echo '.vm.internal = VM.INTERNAL' >> /etc/krb5.conf
echo 'vm.internal = VM.INTERNAL' >> /etc/krb5.conf
sed -i -e 's/^/#/' /var/kerberos/krb5kdc/kadm5.acl
echo '*/admin@VM.INTERNAL *' >> /var/kerberos/krb5kdc/kadm5.acl
kadmin.local addprinc -pw "admin" root/admin
systemctl enable krb5kdc
systemctl start krb5kdc
systemctl enable kadmin
systemctl start kadmin
# ホスト追加
kadmin.local addprinc -randkey host/krvhive.vm.internal
kadmin.local ktadd host/krbhive.vm.internal
# install mysql
sudo yum -y remove mariadb-libs
yum -y localinstall http://dev.mysql.com/get/mysql57-community-release-el7-7.noarch.rpm
yum -y install mysql mysql-devel mysql-server mysql-utilities
sudo systemctl enable mysqld.service
sudo systemctl start mysqld.service
# change password and create users and databases.
chkconfig mysqld on
service mysqld start
export MYSQL_ROOTPWD='Root123#'
export MYSQL_PWD=`cat /var/log/mysqld.log | awk '/temporary password/ {print $NF}'`
mysql -uroot --connect-expired-password -e "SET PASSWORD = PASSWORD('$MYSQL_ROOTPWD');"
export MYSQL_PWD=$MYSQL_ROOTPWD
export MYSQL_ROOTPWD='root'
mysql -uroot --connect-expired-password -e "UNINSTALL PLUGIN validate_password;"
mysql -uroot --connect-expired-password -e "SET PASSWORD = PASSWORD('$MYSQL_ROOTPWD');"
export MYSQL_PWD=$MYSQL_ROOTPWD
mysql -uroot --connect-expired-password -e "CREATE DATABASE ambari DEFAULT CHARACTER SET utf8;"
mysql -uroot --connect-expired-password -e "CREATE USER ambari@localhost IDENTIFIED BY 'bigdata';"
mysql -uroot --connect-expired-password -e "GRANT ALL PRIVILEGES ON ambari.* TO 'ambari'@'%' IDENTIFIED BY 'bigdata';"
mysql -uroot --connect-expired-password -e "CREATE DATABASE hive DEFAULT CHARACTER SET utf8;"
mysql -uroot --connect-expired-password -e "CREATE USER hive@localhost IDENTIFIED BY 'hive';"
mysql -uroot --connect-expired-password -e "GRANT ALL PRIVILEGES ON hive.* TO 'hive'@'%' IDENTIFIED BY 'hive';"
sudo systemctl stop mysqld.service
sudo cp /vagrant/my.cnf /etc
ln -s /var/lib/mysql/mysql.sock /tmp/mysql.sock
sudo systemctl start mysqld.service
# install JDBC driver
yum -y install mysql-connector-java
# Ambariのインストール
cd /etc/yum.repos.d/
wget http://public-repo-1.hortonworks.com/ambari/centos7/2.x/updates/2.5.1.0/ambari.repo
yum -y install ambari-server ambari-agent
# workaround of AMBARI-20532
echo '' >> /etc/ambari-server/conf/ambari.properties
echo 'server.jdbc.database=mysql' >> /etc/ambari-server/conf/ambari.properties
echo 'server.jdbc.database_name=ambari' >> /etc/ambari-server/conf/ambari.properties
echo 'server.jdbc.user.name=ambari' >> /etc/ambari-server/conf/ambari.properties
echo 'server.jdbc.user.password=/etc/ambari-server/conf/password.dat' >> /etc/ambari-server/conf/ambari.properties
echo 'server.jdbc.driver=/usr/share/java/mysql-connector-java.jar' >> /etc/ambari-server/conf/ambari.properties
echo 'custom.jdbc.name=mysql-connector-java.jar' >> /etc/ambari-server/conf/ambari.properties
echo 'server.jdbc.hostname=localhost' >> /etc/ambari-server/conf/ambari.properties
echo 'server.jdbc.port=3306' >> /etc/ambari-server/conf/ambari.properties
ambari-server setup -s --jdbc-db=mysql --jdbc-driver=/usr/share/java/mysql-connector-java.jar -v
ambari-server setup --silent
mysql -u ambari -pbigdata ambari < /var/lib/ambari-server/resources/Ambari-DDL-MySQL-CREATE.sql
ambari-server start
ambari-agent start
# 構成情報のサブミット
curl -H "X-Requested-By: ambari" -X POST -u admin:admin http://localhost:8080/api/v1/blueprints/krbhive -d @/vagrant/cluster_configuration.json
curl -H "X-Requested-By: ambari" -X POST -u admin:admin http://localhost:8080/api/v1/clusters/krbhive -d @/vagrant/hostmapping.json
sleep 60
# クラスタが構築されるまで待機
Progress=`curl -s --user admin:admin -X GET http://localhost:8080/api/v1/clusters/krbhive/requests/1 | grep progress_percent | awk '{print $3}' | cut -d . -f 1`
while [[ `echo $Progress | grep -v 100` ]]; do
Progress=`curl -s --user admin:admin -X GET http://localhost:8080/api/v1/clusters/krbhive/requests/1 | grep progress_percent | awk '{print $3}' | cut -d . -f 1`
echo " Progress: $Progress%"
sleep 30
done
# adminユーザのディレクトリ作成
sudo -u hdfs /usr/bin/hdfs dfs -mkdir /user/admin
sudo -u hdfs /usr/bin/hdfs dfs -chown admin /user/admin
# テストユーザの作成とサンプルテーブルの作成
useradd test
cd ~test
kadmin -p root/admin -w admin addprinc -pw test test
kadmin.local ktadd -norandkey test
kadmin.local xst -norandkey -k test.keytab test@VM.INTERNAL
chown test:test test.keytab
sudo -u hdfs /usr/bin/hdfs dfs -mkdir /user/test
sudo -u hdfs /usr/bin/hdfs dfs -chown test /user/test
cp /vagrant/sample.sql /home/test
chown test:test /home/test/sample.sql
cp /vagrant/sample.csv /tmp
chmod 777 /tmp/sample.csv
sudo -u test kinit -k -t /home/test/test.keytab test
sudo -u test beeline -u 'jdbc:hive2://krbhive.vm.internal:10000/default;principal=hive/krbhive.vm.internal@VM.INTERNAL' -f /home/test/sample.sql
SHELL
end
cluster_configuration.json
{
"configurations" : [
{
"kerberos-env": {
"properties_attributes" : { },
"properties" : {
"realm" : "VM.INTERNAL",
"kdc_type" : "mit-kdc",
"kdc_host" : "krbhive.vm.internal",
"admin_server_host" : "krbhive.vm.internal"
}
}
},
{
"krb5-conf": {
"properties_attributes" : { },
"properties" : {
"domains" : "vm.internal",
"manage_krb5_conf" : "false"
}
}
},
{
"hive-site": {
"hive.support.concurrency": "true",
"hive.txn.manager": "org.apache.hadoop.hive.ql.lockmgr.DbTxnManager",
"hive.compactor.initiator.on": "true",
"hive.compactor.worker.threads": "5",
"javax.jdo.option.ConnectionDriverName": "com.mysql.jdbc.Driver",
"javax.jdo.option.ConnectionPassword": "hive",
"javax.jdo.option.ConnectionURL": "jdbc:mysql://localhost/hive",
"javax.jdo.option.ConnectionUserName": "hive"
}
},
{
"hive-env": {
"hive_ambari_database": "MySQL",
"hive_database": "Existing MySQL Database",
"hive_database_type": "mysql",
"hive_database_name": "hive"
}
},
{
"core-site": {
"properties" : {
"hadoop.proxyuser.root.groups" : "*",
"hadoop.proxyuser.root.hosts" : "*",
"hadoop.proxyuser.hive.groups" : "*",
"hadoop.proxyuser.hive.hosts" : "*"
}
}
}
],
"host_groups" : [
{
"name" : "host_group_1",
"components" : [
{
"name" : "NAMENODE"
},
{
"name" : "SECONDARY_NAMENODE"
},
{
"name" : "DATANODE"
},
{
"name" : "HDFS_CLIENT"
},
{
"name" : "RESOURCEMANAGER"
},
{
"name" : "NODEMANAGER"
},
{
"name" : "YARN_CLIENT"
},
{
"name" : "HISTORYSERVER"
},
{
"name" : "APP_TIMELINE_SERVER"
},
{
"name" : "ZOOKEEPER_SERVER"
},
{
"name" : "ZOOKEEPER_CLIENT"
},
{
"name" : "METRICS_MONITOR"
},
{
"name" : "TEZ_CLIENT"
},
{
"name" : "HIVE_SERVER"
},
{
"name" : "HIVE_METASTORE"
},
{
"name" : "METRICS_COLLECTOR"
},
{
"name" : "WEBHCAT_SERVER"
}
],
"cardinality" : "1"
}
],
"settings" : [{
"recovery_settings" : [{
"recovery_enabled" : "true"
}]
}],
"Blueprints" : {
"blueprint_name" : "krbhive",
"stack_name" : "HDP",
"stack_version" : "2.6",
"security" : {
"type" : "KERBEROS"
}
}
}
hostmapping.json
{
"blueprint" : "krbhive",
"default_password" : "admin",
"credentials" : [
{
"alias" : "kdc.admin.credential",
"principal" : "root/admin@VM.INTERNAL",
"key" : "admin",
"type" : "TEMPORARY"
}
],
"security" : {
"type" : "KERBEROS"
},
"provision_action" : "INSTALL_AND_START",
"host_groups" :[
{
"name" : "host_group_1",
"hosts" : [
{
"fqdn" : "krbhive.vm.internal"
}
]
}
]
}
my.cnf
[client]
port = 3306
socket = /var/lib/mysql/mysql.sock
default-character-set=utf8
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
bind-address = 0.0.0.0
port = 3306
key_buffer_size = 256M
max_allowed_packet = 16M
table_open_cache = 16
innodb_buffer_pool_size = 512M
innodb_log_file_size = 32M
sort_buffer_size = 8M
read_buffer_size = 8M
read_rnd_buffer_size = 8M
join_buffer_size = 8M
thread_stack = 4M
character-set-server=utf8
lower_case_table_names = 1
innodb_lock_wait_timeout=120
skip-innodb-doublewrite
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
sample.sql
CREATE EXTERNAL TABLE sample (
store_id INT,
sales INT
)
ROW FORMAT SERDE 'org.apache.hadoop.hive.serde2.OpenCSVSerde'
WITH SERDEPROPERTIES (
"separatorChar" = ",",
"quoteChar" = "\"",
"escapeChar" = "\\"
)
stored as textfile
LOCATION '/user/test'
tblproperties ("skip.header.line.count"="1");
LOAD DATA LOCAL INPATH '/tmp/sample.csv' OVERWRITE INTO TABLE sample;
select * from sample;
sample.csv
store_id,sales
100,15000000
200,20000000
300,18000000
○関連情報
・
Vagrantを使用して、Kerberosサーバを構築する
・
VagrantとAmbari blueprintでhiveの1ノードクラスタを作成する
・Ambariに関する他の記事は
こちらを参照してください。