{"id":202,"date":"2017-05-26T20:48:16","date_gmt":"2017-05-26T20:48:16","guid":{"rendered":"http:\/\/marcel-jan.eu\/datablog\/?p=202"},"modified":"2017-05-28T19:11:37","modified_gmt":"2017-05-28T19:11:37","slug":"building-hdp-2-6-on-aws-part-2-the-master-nodes","status":"publish","type":"post","link":"https:\/\/marcel-jan.eu\/datablog\/2017\/05\/26\/building-hdp-2-6-on-aws-part-2-the-master-nodes\/","title":{"rendered":"Building HDP 2.6 on AWS, Part 2: the master nodes"},"content":{"rendered":"

This is part 2 in a series on how to build a Hortonworks Data Platform 2.6 cluster on AWS. In part 1 we created an edge node<\/a> where we will later install Ambari Server. The next step is creating the master nodes.<\/p>\n

Creating the first master node<\/h1>\n

Make sure you are logged in Amazon Web Services, in the same AWS district as the edge node. To create 3 master nodes, we have to start with one. Once again we go to the EC2 dashboard in the AWS interface and click “Launch instance”. And again we have a choice of Amazon Machine Images and again we choose Ubuntu Server 16.04.<\/p>\n

<\/p>\n

\"\"<\/p>\n

This time I chose a general purpose instance that is a bit more powerful than our edge node. Select the one with type m3.large.<\/p>\n

\"\"<\/p>\n

Networking<\/h2>\n

We will create our master node in a new subnet. We don’t want it to be accessible from the Internet, but it should be able to access Internet itself (for updates).<\/p>\n

Because this subnet is not accessible from the outside world, you might put something like “private” in the name tag. This subnet will be created in the same VPC as last time, so select that. But it will have a different IPv4 CIDR block, than the one we created last time, because we need a different range of IP’s.<\/p>\n

To give an example, last post I created a subnet for public access with IPv4 CIDR block 100.10.42.0\/24. We’re going to be in the 100.10.x.x range, but we can’t chose 100.10.42.x anymore for our new subnet. That is already taken. So lets use 100.10.43.0\/24.<\/p>\n

\"\"<\/p>\n

Storage<\/h2>\n

On another Hadoop cluster we had space usage warnings on the root partition on some of the master nodes. Like I told part 1 it’s not easy to enlarge a root partition. 150 GB should do it, though.<\/p>\n

\"\"<\/p>\n

Tags<\/h2>\n

Again, we can add a Name tag.<\/p>\n

\"\"<\/p>\n

Security groups<\/h2>\n

The master nodes operate in a network space that is not accessible from the outside world. So if there isn’t a private security group available already, you have to create one.<\/p>\n

\"\"<\/p>\n

While we do not want the master nodes to be accessible directly, we’re going to need that direct access at the start of the installation. So we need to place the master node temporarily in both the public and private security groups.<\/p>\n

\"\"<\/p>\n

Review<\/h2>\n

Check that the configuration is in order and click Launch.<\/p>\n

\"\"<\/p>\n

Key pair<\/h2>\n

Let’s use the same key pair as for the edge node.<\/p>\n

\"\"<\/p>\n

Elastic IP<\/h2>\n

To temporarily reach our first master we’re also going to need an Elastic IP. So let’s make one. You’ll find it in the VPC Dashboard. If you’re not sure where to look, check out Part 1<\/a> where we also created one.<\/p>\n

\"\"<\/p>\n

And let’s associate it with our first master.<\/p>\n

\"\"<\/p>\n

You get to choose the associated instance here.<\/p>\n

\"\"<\/p>\n

Connection with Putty<\/h2>\n

All is set to connect to our master node. For this I use Putty again.<\/p>\n

\"\"<\/p>\n

Passwordless logging in from the edge node<\/h2>\n

After we have created our masters and nodes, we will register them in an Ambari cluster. This will not work when the process has to enter a passphrase when making a connection from our edge node to our master nodes (I know from experience).<\/p>\n

To allow this we need to copy the \/root\/.ssh\/id_rsa.pub file from the edge node, to the master node at the same location (\/root\/.ssh).<\/p>\n

The way I did this:<\/p>\n

    \n
  1. On the edge node, as root, I copied \/root\/.ssh\/id_rsa.pub to \/tmp.<\/li>\n
  2. I copied the file with WinSCP from \/tmp to my workstation.<\/li>\n
  3. From my workstation I copied it with WinSCP to my master node to \/tmp.<\/li>\n
  4. On the master node, from \/tmp as root I copied the file to \/root\/.ssh.<\/li>\n<\/ol>\n

    There is one more step. On the master node we need to copy id_rsa.pub to the file authorized_keys:<\/p>\n

    cat id_rsa.pub >> authorized_keys<\/pre>\n
    Enable NTP<\/h2>\n
    Next we need to do a couple of things on the master node as root. I’m following the documentation here, but with Ubuntu commands.<\/p>\n
    First we need to install NTP:<\/p>\n
    apt-get update\r\napt-get install ntp<\/pre>\n
    Now we enable NTP:<\/p>\n
    update-rc.d ntp defaults\r\nupdate-rc.d ntp enable\r\n\/etc\/init.d\/ntp start<\/pre>\n
    Fully Qualified Domain Name<\/h2>\n
    According to the documentation your hostname needs to be equal to the FQDN, or Fully Qualified Domain Name. Here is how I did that. Of course you need to fill in the hostname and IP of your master.<\/p>\n
    MYHOST=ip-100-10-43-237.eu-west-1.compute.internal\r\nMYIP=\"100.10.43.237\"\r\n\r\nhostname $MYHOST\r\necho $MYHOST > \/etc\/hostname\r\necho $MYIP $MYHOST >> \/etc\/hosts<\/pre>\n
    Because the right settings here are rather important, it’s best to check:<\/p>\n
    hostname\r\ncat \/etc\/hostname\r\ncat \/etc\/hosts<\/pre>\n
    Turning off security<\/h2>\n
    At this point the documentation tells me to turn off IPtables<\/a>, the Linux firewall software. But Ubuntu Server 16.04 uses a different firewall product. If you query it’s status, you’ll find it’s turned off already:<\/p>\n
    # sudo ufw status\r\n\r\nStatus: inactive<\/pre>\n
    SELinux also has to be turned off<\/a>. SELinux stands for Security-Enhanced Linux. It’s a kernel module with which you can choose what software is allowed to do what. You turn it off with this command.<\/p>\n
    setenforce 0<\/pre>\n
    Bit of a shame that, because I recently learned<\/a> SELinux is actually not that hard to maintain<\/a>.<\/p>\n
    But believe me, for now it’s better to follow instructions of HDP’s documentation<\/a> up to the letter, because there’s so much that can go wrong.<\/p>\n
    There’s one more command to run, to set the umask.<\/p>\n
    umask 0022<\/pre>\n
    Checking the setting is easy. This command should return 0022.<\/p>\n
    umask<\/pre>\n
    And then let’s put the umask in the standard profile.<\/p>\n
    echo umask 0022 >> \/etc\/profile<\/pre>\n
    Installing necessary software<\/h2>\n
    We’re going to need some software<\/a>. Here is how I’ve checked if everything is available.<\/p>\n
    sudo apt-get update\r\napt list installed curl\r\napt list installed scp\r\napt list installed unzip\r\napt list installed openssl\r\napt list installed tar\r\napt list installed wget\r\napt list installed python\r\napt list installed openjdk-8-jdk<\/pre>\n
    JDK7 is also supported. On my system unzip was missing, so to install that, you run this command.<\/p>\n
    sudo apt install unzip<\/pre>\n
    Couple of checks<\/h2>\n
    I wrote these commands down, but I can’t seem to find them in the documentation anymore. The default values were okay, so it’s not a big issue.<\/p>\n
    This command checks free memory:<\/p>\n
    # free -m\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 total\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 used\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 free\u00a0\u00a0\u00a0\u00a0\u00a0 shared\u00a0 buff\/cache\u00a0\u00a0 available\r\n Mem:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 7061\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 126\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 6114\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 16\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 821\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 6642\r\n Swap:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0<\/pre>\n
    Maximum open number of files:<\/p>\n
    # ulimit -Sn\r\n\r\n1024\r\n\r\n# ulimit -Hn\r\n\r\n4096<\/pre>\n
    Removing the Elastic IP and security group<\/h2>\n
    Alright, we have done everything necessary on the command prompt. Now it’s time to remove the unnecessary: the Elastic IP and public security group.<\/p>\n
    \"\"<\/p>\n
    Next go to the Change Security Groups option in the instances overview.<\/p>\n
    \"\"<\/p>\n
    Remove the public security group.<\/p>\n
    \"\"<\/p>\n
    Don’t forget to test if you can now log in passwordless-ly from the edge node to this master node.<\/p>\n
    Bring in the clones<\/h1>\n
    Time to clone us some master nodes. I’ve used the Launch More Like This option for this.<\/p>\n
    \"\"<\/p>\n
    Immediately the review window pops up, but we have some changes to make.<\/p>\n
    \"\"<\/p>\n
    So click Previous. Here I’ve already entered a name to which I will add numbers for different nodes later on.<\/p>\n
    \"\"<\/p>\n
    Let’s go back by clicking Previous a couple of more times until you arrive at Step 3: Configure Instance Details. Here we change the number of instances to 2. This means we’re going to create 2 clones instead of one.\"\"<\/p>\n
    Now click Review and Launch. You have to choose the same key pair as the first master.<\/p>\n
    \"\"<\/p>\n
    And before you know it, you have 3 master nodes. Let’s change their tags right away, so we can distinguish them from each other.<\/p>\n
    \"\"<\/p>\n
    Test passwordless login, again<\/h2>\n
    If I’m not very much mistaken, you can log in without password from the edge node to your new master nodes.<\/p>\n
    Conclusion<\/h1>\n
    It’s quite a bit of work to make these master nodes, but you have to follow each step. Do this and the registration of your master (and worker) nodes in Ambari will go more smoothly.<\/p>\n
    If you have any remarks about my process here, let me know in the comments.<\/p>\n
     <\/p>\n
    Next post we’re going to create worker nodes. Luckily this process will look very much like what we did to create master nodes.<\/p>\n","protected":false},"excerpt":{"rendered":"
    This is part 2 in a series on how to build a Hortonworks Data Platform 2.6 cluster on AWS. In part 1 we created an edge node where we will later install Ambari Server. The next step is creating the master nodes. Creating the first master node Make sure you […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[55],"tags":[50,49,54,4,48,47,53,51],"class_list":["post-202","post","type-post","status-publish","format-standard","hentry","category-howto","tag-amazon-web-services","tag-aws","tag-cloning-nodes","tag-hadoop","tag-hdp","tag-hortonworks-data-platform","tag-master-node","tag-ubuntu-server"],"_links":{"self":[{"href":"https:\/\/marcel-jan.eu\/datablog\/wp-json\/wp\/v2\/posts\/202","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/marcel-jan.eu\/datablog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/marcel-jan.eu\/datablog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/marcel-jan.eu\/datablog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/marcel-jan.eu\/datablog\/wp-json\/wp\/v2\/comments?post=202"}],"version-history":[{"count":7,"href":"https:\/\/marcel-jan.eu\/datablog\/wp-json\/wp\/v2\/posts\/202\/revisions"}],"predecessor-version":[{"id":235,"href":"https:\/\/marcel-jan.eu\/datablog\/wp-json\/wp\/v2\/posts\/202\/revisions\/235"}],"wp:attachment":[{"href":"https:\/\/marcel-jan.eu\/datablog\/wp-json\/wp\/v2\/media?parent=202"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/marcel-jan.eu\/datablog\/wp-json\/wp\/v2\/categories?post=202"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/marcel-jan.eu\/datablog\/wp-json\/wp\/v2\/tags?post=202"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}