6. Prepare the Environment

To deploy your HDP instance, you need to prepare your deployment environment:

 6.1. Enable NTP on the Cluster

The clocks of all the nodes in your cluster must be able to synchronize with each other. If your system does not have access to the Internet, set up a master node as an NTP xserver. Use the following instructions to enable NTP for your cluster:

  1. Configure NTP clients. Execute the following command on all nodes in your cluster:

    • For RHEL/CentOS/Oracle Linux:

      yum install ntp

    • For SLES:

      zypper install ntp

    • For Ubuntu and Debian:

      apt-get install ntp

  2. Enable the service. Execute the following command on all the nodes in your cluster.

    • For RHEL/CentOS/Oracle Linux:

      chkconfig ntpd on

    • For SLES, Ubuntu, and Debian:

      chkconfig ntp on

  3. Start the NTP. Execute the following command on all the nodes in your cluster.

    • For RHEL/CentOS/Oracle Linux:

      /etc/init.d/ntpd start

    • For SLES:

      /etc/init.d/ntp start

    • For Ubuntu and Debian:

      /etc/init.d/ntp start

  4. If you want to use the existing NTP server in your environment, configure the firewall on the local NTP server to enable UDP input traffic on port 123 and replace 192.168.1.0/24 with the ip addresses in the cluster. For example on RHEL hosts you would use:

    # iptables -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p udp --dport 123 -j ACCEPT

  5. Then, restart iptables. Execute the following command on all the nodes in your cluster:

    # service iptables restart

  6. Finally, configure clients to use the local NTP server. Edit the /etc/ntp.conf and add the following line:

    server $LOCAL_SERVER_IP OR HOSTNAME

 6.2. Check DNS

All hosts in your system must be configured for DNS and Reverse DNS.

[Note]Note

If you are unable to configure DNS and Reverse DNS, you must add the name of every server in your cluster to the hosts file on each server in the cluster.

Use the following instructions to check DNS for all the servers in your cluster:

  1. Perform forward lookup checking. For example, for the localdomain domain that contains a server with name host01 and the IP address 192.168.0.10, execute the following command:

    nslookup host01

    A message similar to the following example is returned:

    Name: host01.localdomain Address: 192.168.0.10

  2. Perform reverse lookup checking. For example, for the localdomain domain that contains a server with name host01 and the IP address 192.168.0.10, execute the following command:

    nslookup 192.168.0.10

    A message similar to the following example is returned:

    10.0.168.192.in-addr.arpa name = host01.localdomain.

  3. For all nodes of the cluster, add the "IP address-host name" key-value pair to the /etc/hosts file. For example:

    192.168.0.11 host01

If you do not receive valid responses as shown in Steps 1 and 2, set up a DNS zone in your cluster or configure host files on each host of the cluster using one of the following options:

  • Option I: Edit the hosts file on each node of the cluster.

    The following instructions use these example values:

    • domain name: “localdomain”

    • nameserver: “host01”/192.168.0.11

    • hosts: “host02”/192.168.0.12, “host02”/192.168.0.12

  • Option II: Configure DNS using BIND nameserver.

    The following instructions use these example values:

    • domain name: “localdomain”

    • nameserver: “host01”/192.168.0.11

    • hosts: “host02”/192.168.0.12, “host02”/192.168.0.12

  1. Install BIND packages:

    yum install bind
    yum install bind-libs 
    yum install bind-utils
  2. Initiate service:

    chkconfig named on

  3. Configure files as shown below. The example values listed above are used in the following configurations. Replace these example values with values from your deployment environment.

    • Edit /etc/resolv.conf (for all nodes in cluster) and add the following lines:

      domain localdomain search localdomain nameserver 192.168.0.11

    • Edit /etc/named.conf (for all nodes in cluster) and add the following lines:

      listen-on port 53 { any; };//by default it is opened only for localhost
       ...zone "localdomain" { 
       type master;
       notify no;
       allow-query { any; }; 
       file "named-forw.zone";
       };
       zone "0.168.192.in-addr.arpa" { 
       type master;
       notify no;
       allow-query { any; }; 
       file "named-rev.zone";
      };
    • Edit named-forw.zone as shown in the following sample forward zone configuration file:

       
      $TTL 3D
      @ SOAhost01.localdomain.root.localdomain (201306030;3600;3600;3600;3600)
      NS host01 ; Nameserver Address 
      localhost IN A 127.0.0.1
      host01 IN A 192.168.0.11 
      host02 IN A 192.168.0.12 
      host03 IN A 192.168.0.13 
    • Edit the named-rev.zone as shown in the following sample reverse zone configuration file:

      $TTL 3D
      @ SOA host01.localdomain.root.localdomain. (201306031;28800;2H;4W;1D); 
      NS host01.localdomain.; Nameserver Address
      11 IN   PTR   host01.localdomain.
      12 IN   PTR   host02.localdomain.
      13 IN   PTR   host03.localdomain.
  4. Restart the bind service.

    /etc/init.d/named restart

  5. Add rules to the firewall.

    iptables -A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT 
    iptables -A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT 
    service iptables save
    service iptables restart

    Alternatively, you can also allow traffic over DNS port (53) using the system-config-firewall utility.

 6.3. Disable SELinux

The Security-Enhanced (SE) Linux feature should be disabled during the installation process.

  1. Check the state of SELinux. On all the host machines, execute the following command:

    getenforce

    If the command returns disabled or permissive as the response, no further actions are required. If the result is enabled, proceed to Step 2.

  2. Disable SELinux either temporarily for each session or permanently.

    • Option I: Disable SELinux temporarily by executing the following command:

      setenforce 0

    • Option II: Disable SELinux permanently in the /etc/sysconfig/selinux file by changing the value of SELINUX field to permissive or disabled. Restart your system.

 6.4. Disable IPTables

Certain ports must be open and available during installation. The easiest way to do this is to temporarily disable iptables. If the security protocols at your installation do not allow you to disable iptables, you can proceed with them on, as long as all of the relevant ports are open and available. See "Configuring Ports" in the HDP Reference Guide for more information.

On all RHEL/CentOS host machines, execute the following commands to disable iptables:

chkconfig iptables off

service iptables stop

On Ubuntu and Debian host machines, execute the following command to disable iptables:

service ufw stop

Restart iptables after your setup is complete.

[Important]Important

If you leave iptables enabled and do not set up the necessary ports, the cluster installation will fail.


loading table of contents...