**1.1. Ranger

Ranger自身没有高可用方案,通过ambari开启ranger HA时需要使用第三方组件虚拟出一个ip来提供ranger admin服务,我们这次使用keepalived组件。开启ranger HA后可以解决ranger主机宕机导致集群权限不可用问题。




在安装keepalived的主机上开启路由转发
echo 1 > /proc/sys/net/ipv4/ip_forward

vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.ip_nonlocal_bind = 1


生效:/sbin/sysctl -p
Keepalived安装配置

安装 yum install ipset
可以使用yum或下载rpm包安装。

使用root用户执行: yum install keepalived -y

等待ranger主备两台主机安装完keepalived后,进行配置。


先查询某个url的md5值:# genhash -s 10.1.241.65 -p 6080 -u /
MD5SUM = d41d8cd98f00b204e9800998ecf8427e

  1. vi  /etc/keepalived/keepalived.conf 
  3. ! Configuration File for keepalived
  5. global_defs {
  6.    router_id LVS_DEVEL
  7.    vrrp_skip_check_adv_addr
  8.    script_user root
  9.    #vrrp_strict
  10. }
  13. vrrp_script checkranger
  14. {
  15.     script "/root/check_ranger_admin.sh"
  16.     interval 3
  17.     weight -20
  18. }
  21. vrrp_instance VI_1 {
  22.     state MASTER
  23.     interface eth0
  24.     virtual_router_id 51
  25.     priority 100
  26.     advert_int 1
  27.     authentication {
  28.         auth_type PASS
  29.         auth_pass 1111
  30.     }
  31.     virtual_ipaddress {
  32.         10.1.241.243
  33.     }
  35.     track_script
  36.     {
  37.        checkranger
  38.     }
  40. }
  42. virtual_server 10.1.241.243 6080 {
  43.     delay_loop 3
  44.     lb_algo rr
  45.     lb_kind DR
  46.     persistence_timeout 50
  47.     protocol TCP
  49.     real_server 10.1.241.65 6080 {
  50.         weight 1
  51.         HTTP_GET {
  52.         url {
  53.             path /  # 检查的uri地址
  54.             #status_code 200
  55.             digest d41d8cd98f00b204e9800998ecf8427e # 用keepalived自带的genhash生成,/usr/bin/genhash -s rsIP -p port -u uri
  56.         }
  57.         connect_timeout 1   # 链接超时时间
  58.         nb_get_retry 3   # 重连次数
  59.         delay_before_retry 1  # 重连时间间隔
  60.         #connect_port 6080  # 检测端口
  61.         }
  62.     }
  64. }



keepalived slave节点:

  1. ! Configuration File for keepalived
  3. global_defs {
  4.    router_id LVS_DEVEL
  5.    vrrp_skip_check_adv_addr
  6.    script_user root
  7.    #vrrp_strict
  8. }
  11. vrrp_script checkranger
  12. {
  13.     script "/root/check_ranger_admin.sh"
  14.     interval 3
  15.     weight -20
  16. }
  19. vrrp_instance VI_1 {
  20.     state BACKUP
  21.     interface eth0
  22.     virtual_router_id 51
  23.     priority 90
  24.     advert_int 1
  25.     authentication {
  26.         auth_type PASS
  27.         auth_pass 1111
  28.     }
  29.     virtual_ipaddress {
  30.         10.1.241.243
  31.     }
  33.     track_script
  34.     {
  35.        checkranger
  36.     }
  38. }
  40. virtual_server 10.1.241.243 6080 {
  41.     delay_loop 3
  42.     lb_algo rr
  43.     lb_kind DR
  44.     persistence_timeout 50
  45.     protocol TCP
  47.     real_server 10.1.241.68 6080 {
  48.         weight 1
  49.         HTTP_GET {
  50.         url {
  51.             path /  # 检查的uri地址
  52.             #status_code 200
  53.             digest d41d8cd98f00b204e9800998ecf8427e # 用keepalived自带的genhash生成,/usr/bin/genhash -s rsIP -p port -u uri
  54.         }
  55.         connect_timeout 1   # 链接超时时间
  56.         nb_get_retry 3   # 重连次数
  57.         delay_before_retry 1  # 重连时间间隔
  58.         #connect_port 6080  # 检测端口
  59.         }
  60.     }
  62. }


Check whether ranger is alived.

  1. #!/bin/sh
  2. count=`ps aux | grep -v grep | grep ranger-admin | wc -l`
  3. if [ $count -gt 0 ]; then
  4.     echo 'ranger is alived.'
  5.     exit 0
  6. else
  7.     echo 'ranger is dead.'
  8.     nohup systemctl stop keepalived.service &
  9.     exit 0
  10. fi

主节点查看虚拟ip是否存在

image.png

至此,keepalived主备安装配置完毕!

通过ranger web界面检查虚拟ip转发状态:
image.png

通过ambari开启ranger HA
image.png
image.png
至此ranger admin HA已经开启。可以避免由于ranger主机宕机导致集群权限不可用