Centos 安装Redis7.2
1、下载Redis
Redis 下载页面:https://redis.io/download/
bash
wget https://github.com/redis/redis/archive/7.2.4.tar.gz
2、解压并编译
bash
# 1、进入目录
cd /export/servers/
tar -xzvf redis-7.2.4
# 2、安装依赖
yum install gcc make openssl-devel
# 3、安装redis 本地依赖
cd deps
make hiredis jemalloc linenoise lua
# 4、执行make
cd ../
make && make install
3、修改配置
bash
daemonize yes
requirepass xxx
dir /export/backup/redis
4、修改内存提交限制
bash
vim /etc/sysctl.conf
# 启用内存可重复提交限制
vm.overcommit_memory=1
执行:sysctl vm.overcommit_memory=1
5、自动启动
Centos 安装 MinIO
1、通过yum安装
官网地址 min.io
bash
# 1、下载rpm
wget https://dl.min.io/server/minio/release/linux-amd64/archive/minio-20240226093348.0.0-1.x86_64.rpm -O minio.rpm
# 2、安装
sudo dnf install minio.rpm
2. 创建文件存储目录
bash
mkdir /export/data/minio
# 创建用户组
groupadd -r minio-user
# 创建用户
useradd -M -r -g minio-user minio-user
# 设置路劲访问权限
chown minio-user:minio-user /export/data/minio
# 启动minio(使用默认账号启动,非后台进程)
minio server /export/data/minio --address 0.0.0.0:9000 --console-address 0.0.0.0:9001
3、MonIO做为服务后端系统
参考文档:Create the systemd Service File
3.1、 创建环境变量
bash
# 创建并编辑服务环境变量
vim /etc/default/minio
# 设置路劲访问权限
chown minio-user:minio-user /etc/default/minio
环境变量内容
properties
# MINIO_ROOT_USER and MINIO_ROOT_PASSWORD sets the root account for the MinIO server.
# This user has unrestricted permissions to perform S3 and administrative API operations on any resource in the deployment.
# Omit to use the default values 'minioadmin:minioadmin'.
# MinIO recommends setting non-default values as a best practice, regardless of environment.
MINIO_ROOT_USER=myminioadmin
MINIO_ROOT_PASSWORD=minio-secret-key-change-me
# MINIO_VOLUMES sets the storage volumes or paths to use for the MinIO server.
# The specified path uses MinIO expansion notation to denote a sequential series of drives between 1 and 4, inclusive.
# All drives or paths included in the expanded drive list must exist *and* be empty or freshly formatted for MinIO to start successfully.
MINIO_VOLUMES="/export/data/minio"
# MINIO_OPTS sets any additional commandline options to pass to the MinIO server.
# For example, `--console-address :9001` sets the MinIO Console listen port
MINIO_OPTS="--address :9000 --console-address :9001"
# MINIO_SERVER_URL sets the hostname of the local machine for use with the MinIO Server.
# MinIO assumes your network control plane can correctly resolve this hostname to the local machine.
# Uncomment the following line and replace the value with the correct hostname for the local machine.
#MINIO_SERVER_URL="http://minio.example.net"
3.2、创建systemctl 服务
bash
vim /usr/lib/systemd/system/minio.service
输入如下配置信息:
ini
[Unit]
Description=MinIO
Documentation=https://min.io/docs/minio/linux/index.html
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/usr/local/bin/minio
[Service]
WorkingDirectory=/usr/local
User=minio-user
Group=minio-user
ProtectProc=invisible
EnvironmentFile=/etc/default/minio
ExecStartPre=/bin/bash -c "if [ -z \"${MINIO_VOLUMES}\" ]; then echo \"Variable MINIO_VOLUMES not set in /etc/default/minio\"; exit 1; fi"
ExecStart=/usr/local/bin/minio server $MINIO_OPTS $MINIO_VOLUMES
# MinIO RELEASE.2023-05-04T21-44-30Z adds support for Type=notify (https://www.freedesktop.org/software/systemd/man/systemd.service.html#Type=)
# This may improve systemctl setups where other services use `After=minio.server`
# Uncomment the line to enable the functionality
# Type=notify
# Let systemd restart this service always
Restart=always
# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65536
# Specifies the maximum number of threads this process can create
TasksMax=infinity
# Disable timeout logic and wait until process is stopped
TimeoutStopSec=infinity
SendSIGKILL=no
[Install]
WantedBy=multi-user.target
# Built for ${project.name}-${project.version} (${project.name})
3.3、启动服务
shell
# 重新加载服务
systemctl daemon-reload
# 启动服务
sudo systemctl start minio.service
# 服务状态
systemctl status minio.service
# 服务自启动
systemctl enable minio.service
4、MinIO 通过Nginx代理二级域名
参考文档:https://min.io/docs/minio/linux/integrations/setup-nginx-proxy-with-minio.html
Centos 安装Kafka
1、安装Zookeeper
1.1 下载地址:https://downloads.apache.org/zookeeper/
bash
wget https://downloads.apache.org/zookeeper/zookeeper-3.8.4/apache-zookeeper-3.8.4-bin.tar.gz
1.2 解压安装
bash
tar -xzvf apache-zookeeper-3.8.4-bin.tar.gz
mv apache-zookeeper-3.8.4-bin zookeeper
1.3 添加到环境变量
bash
vim /etc/profile
# 添加如下内容
export ZOOKEEPER_HOME=/export/servers/zookeeper
export PATH=$PATH:$ZOOKEEPER_HOME/bin
1.4 修改zookeeper配置文件
bash
cp /export/servers/zookeeper/conf/zoo_sample.cfg /export/servers/zookeeper/conf/zoo.cfg
vim /export/servers/zookeeper/conf/zoo.cfg
修改如下内容:
# 数据存放路径
dataDir=/export/data/zookeeper
# the basic time unit in milliseconds used by ZooKeeper. It is used to do heartbeats and the minimum session timeout will be twice the tickTime.
tickTime=2000
# the port to listen for client connections
clientPort=2181
# 末尾追加(多节点需要配置)
# server.1=node2:2888:3888
# server.2=node3:2888:3888
# server.3=node4:2888:3888
1.5 创建节点ID
bash
mkdir /export/data/zookeeper
echo "1" > /export/data/zookeeper/myid
1.6 启动zookeeper
bash
zkServer.sh start
# 使用jps 检测是否启动成功, QuorumPeerMain
1.7 开机自启动
bash
cat > /etc/systemd/system/zookeeper.service << EOF
ini
[Unit]
Description=zookeeper
After=syslog.target network.target
[Service]
Type=forking
# 指定zookeeper 日志文件路径,也可以在zkServer.sh 中定义
Environment=ZOO_LOG_DIR=/export/Logs/zookeeper
# 指定JDK路径,也可以在zkServer.sh 中定义
Environment=JAVA_HOME=/export/servers/jdk1.8.0_401
ExecStart=/export/servers/zookeeper/bin/zkServer.sh start
ExecStop=/export/servers/zookeeper/bin/zkServer.sh stop
Restart=always
User=root
Group=root
[Install]
WantedBy=multi-user.target
EOF
重新加载服务
bash
systemctl daemon-reload
开机自启动
bash
systemctl enable zookeeper
查看zookeeper状态
bash
systemctl status zookeeper
1.8 zookeeper 查看器
https://issues.apache.org/jira/secure/attachment/12436620/ZooInspector.zip
1.9 设置zookeeper SASL认证
1、编写认证文件
bash
vim /export/servers/zookeeper/conf/zk_server_jaas.conf
txt
Server {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="user" password="user-password"
user_kafka="kafka-password";
};
Client {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="kafka" password="kafka-password";
};
这里Server和Client 都使用kafka认证模式,需要导入kafka-clients-x.x.x.jar 到 zookeeper的lib目录下。
2、编写java.env 文件
bash
vim /export/servers/zookeeper/conf/java.env
properties
CLIENT_JVMFLAGS="${CLIENT_JVMFLAGS} -Djava.security.auth.login.config=/export/servers/zookeeper/conf/zk_server_jaas.conf"
SERVER_JVMFLAGS="-Djava.security.auth.login.config=/export/servers/zookeeper/conf/zk_server_jaas.conf"
zookeeper 自动时会使用该文件
3、修改配置文件
properties
authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
requireClientAuthScheme=sasl
zookeeper.sasl.client=true
allowSaslFailedClients=false
sessionRequireClientSASLAuth=true
启动服务之后即可使用安全认证
4、导入 Kafka 客户端
bash
cp /export/servers/kafka/libs/kafka-clients-3.7.0.jar /export/servers/zookeeper/lib
5、重启Zookeeper
bash
systemctl restart zookeeper
2、安装Kafka
2.1 下载地址:https://downloads.apache.org/kafka/
bash
wget https://downloads.apache.org/kafka/3.7.0/kafka_2.13-3.7.0.tgz
2.2 安装
bash
tar -xzvf kafka_2.13-3.7.0.tgz
mv kafka_2.13-3.7.0 kafka
2.3 添加到环境变量中
bash
vim /etc/profile
properties
JAVA_HOME=/opt/jdk
ZOOKEEPER_HOME=/opt/zookeeper
KAFKA_HOME=/opt/kafka
PATH=$PATH:$ZOOKEEPER_HOME/bin:$JAVA_HOME/bin:$KAFKA_HOME/bin
export JAVA_HOME ZOOKEEPER_HOME PATH
bash
source /etc/profile
2.4 修改配置文件
bash
cp /export/servers/kafka/config/server.properties /export/servers/kafka/config/server.properties.backup
cd /opt/kafka/config
vim /opt/kafka/config/server.properties
修改如下信息
ini
#broker 的全局唯一编号,不能重复
broker.id=0
#删除 topic 功能使能
delete.topic.enable=true
#kafka 运行日志存放的路径
log.dirs=/export/Logs/kafka/logs
#配置连接 Zookeeper 集群地址
zookeeper.connect=hadoop102:2181,hadoop103:2181,hadoop104:2181
# -------------不需要修改------------------
#处理网络请求的线程数量
num.network.threads=3
#用来处理磁盘 IO 的现成数量
num.io.threads=8
#发送套接字的缓冲区大小
socket.send.buffer.bytes=102400
#接收套接字的缓冲区大小
socket.receive.buffer.bytes=102400
#请求套接字的缓冲区大小
socket.request.max.bytes=104857600
#topic 在当前 broker 上的分区个数
num.partitions=1
#用来恢复和清理 data 下数据的线程数量
num.recovery.threads.per.data.dir=1
#segment 文件保留的最长时间,超时将被删除
log.retention.hours=168
2.5 启动集群
启动集群
bash
cd /export/servers/kafka
# 启动
bin/kafka-server-start.sh -daemon config/server.properties
# 关闭
bin/kafka-server-stop.sh stop
kafka 群起脚本(部分)
bash
for i in hadoop102 hadoop103 hadoop104
do
echo "========== $i =========="
ssh $i '/export/servers/kafka/bin/kafka-server-start.sh -daemon
/export/servers/kafka/config/server.properties'
done
2.6 kafka 开机自启动
bash
cat > /etc/systemd/system/kafka.service << EOF
[Unit]
Description=kafka
After=syslog.target network.target zookeeper.service
[Service]
Type=simple
# 指定JDK路径,也可以在zkServer.sh 中定义
Environment=JAVA_HOME=/export/servers/jdk1.8.0_401
ExecStart=/export/servers/kafka/bin/kafka-server-start.sh /export/servers/kafka/config/server.properties
ExecStop=/export/servers/kafka/bin/kafka-server-stop.sh stop
Restart=always
User=root
Group=root
[Install]
WantedBy=multi-user.target
EOF
刷新配置文件
bash
systemctl daemon-reload
# 开机启动
systemctl enable kafka
# 启动服务
systemctl start kafka
# 关闭服务
systemctl stop kafka
# 查看状态
systemctl status kafka
3. 启动安全认证
3.1 添加认证文件
在config目录下添加kafka_server_jaas.conf文件,内容如下:
txt
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin" password="admin-pwd"
user_admin="admin-pwd"
user_producer="producer-pwd"
user_consumer="customer-pwd";
};
Client {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="kafka"
password="Jby@2024";
};
这里,KafkaServer中username和password 为 broker 内部通信的用户名密码。user_producer和user_consumer分别是为生产者和消费者用户设置的凭证。您可以根据需要创建更多的用户和密码。
其中 user_admin = "admin_pwd" 非常重要且必须与 username 和 password 一致。 否则会出现如下错误:
log
[2024-03-06 10:42:59,070] INFO [Controller id=0, targetBrokerId=0] Node 0 disconnected. (org.apache.kafka.clients.NetworkClient)
[2024-03-06 10:42:59,070] ERROR [Controller id=0, targetBrokerId=0] Connection to node 0 (iZwz94rqv754l5q4mca9nbZ/127.0.0.1:9092) failed authentication due to: Authentication failed: Invalid username or password (org.apache.kafka.clients.NetworkClient)
3.2 配置Kafka服务器属性
编辑Kafka的server.properties文件,添加或修改以下配置以启用SASL(Simple Authentication and Security Layer)和设置监听器:
properties
listeners=SASL_PLAINTEXT://host.name:port
security.inter.broker.protocol=SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=PLAIN
sasl.enabled.mechanisms=PLAIN
3.3 修改启动脚本
编辑Kafka的启动脚本(通常是kafka-server-start.sh),找到export KAFKA_HEAP_OPTS行,并在其后添加JVM参数,指向您的JAAS配置文件:
bash
export KAFKA_HEAP_OPTS="-Djava.security.auth.login.config=/export/servers/kafka/config $KAFKA_HEAP_OPTS"
同样,确保将/path/to/kafka_server_jaas.conf替换为您实际的JAAS配置文件路径。
3.4 修改客户端配置
producer.properties or consumer.properties
properties
security.protocol=SASL_PLAINTEXT
sasl.mechanism=PLAIN
sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
username="producer" \
password="producer-pwd";
3.5 启动kafka服务
bash
systemctl restart kafka