Kylin V10 一键自动安装脚本指南

本文针对 Kylin V10（SP3·Halberd，x86_64） 环境，详细介绍使用 ONEKEY 自动安装脚本 快速部署 Ambari + Bigtop 集群的全过程。 脚本适配 Kylin 系统特性，支持多节点并行安装、自动依赖检测、仓库配置、数据库初始化和系统优化，是构建大数据基础环境的首选方案。

一、安装场景说明

使用场景

场景	描述
新环境部署	在纯净的 Kylin 系统上首次安装 Ambari+Bigtop 集群。
环境重装	原集群清理后快速恢复基础运行环境。
自动化验证	在多台主机上批量执行环境检测、依赖配置与服务启动。
测试实验	可快速拉起模拟集群用于功能验证与调试。

脚本内置 自动检测、自动清理、自动回滚 机制，确保在多节点环境下执行稳定。 默认兼容 yum/dnf 包管理体系，无需手动修改系统源。

二、环境要求与支持范围

系统信息

项目	要求
操作系统	Kylin V10（SP3·Halberd）
架构	x86_64
用户权限	root / 具备 sudo 权限
网络要求	所有节点可互通，主节点可 SSH 登录其他节点
包管理器	yum 或 dnf 自动识别
支持版本	Ambari 3.x、Bigtop 3.2/3.3

注意

请确保系统未安装旧版 Ambari 或 Bigtop，若已存在，请先执行 【Kylin V10】一键强力卸载脚本 进行彻底清理后再部署。

三、安装准备工作

1. 执行授权脚本

#!/bin/bash
# SPDX-License-Identifier: LicenseRef-JaneTTR-Proprietary
# 版权所有 (c) 2025 JaneTTR
# 项目名称：ambari-env
# 文件：install_ambari_cluster.sh
# 版本：1.0.0
# 联系方式：3832514048@qq.com
#
# 许可说明（付费/专有代码）：
# - 本文件仅限个人学习与研究使用；
# - 未经版权所有者书面授权，禁止任何商业用途；
# - 禁止再分发本文件或其修改版本；
# - 禁止通过反编译、反向工程等方式试图绕过授权验证。
#
# 商业授权：
# 如需将本文件或其编译后的代码用于商业用途，必须获得版权所有者的书面授权。
# 请通过上述联系方式进行洽谈。
#
# 免责声明：
# 本文件按“现状”提供，不附带任何形式的担保，包括但不限于适销性、
# 特定用途适用性或无侵权的担保。因使用本文件造成的任何直接或间接损失，
# 版权所有者不承担任何责任。
#
# 如有任何疑问，请联系版权所有者。
# =============================================================================
# 目的：一键初始化并安装 Ambari 集群（多主机批量执行，顺序化、可回放）
#
# 输入清单：
#   - hosts.txt（与脚本同目录），每行：<用户名> <密码> <IP>
#     示例：
#       root 123456 192.168.1.10
#       root 123456 192.168.1.11
#   - 读取后按“用户名 IP 密码”格式使用，并自动挑选最小 IP 作为“仓库/时间源/Server”节点。
#
# 执行步骤（严格依次）：
#   01) 安装与初始化常用工具 / 基础仓库（Rocky8/EPEL/MariaDB 官方源等）
#   02) 配置集群内免密 SSH（双向写入 authorized_keys）
#   03) 批量更新各节点 /etc/hosts（确保互相可解析）
#   04) 配置 Chrony 时间同步（最小 IP 为上游/其余为客户端）
#   05) 配置 Nginx 作为本地 Yum 文件服务（暴露 /data/modules）
#   06) 校验与安装 JDK（JDK8 设为默认，JDK17 建软链 /usr/jdk64/jdk17）
#   07) 安装 MySQL Connector/J（放置到 /usr/share/java/mysql-connector-java.jar）
#   08) 初始化本地 RPM 仓库（createrepo 生成 repodata）
#   09) 各节点写入本地 Yum 源（指向最小 IP 的 Nginx）
#   10) 配置 MariaDB（自动化 secure-installation，root 远程授权）
#   11) 安装并初始化 Ambari Server/Agent（expect 自动应答 ambari-server setup）
#
# 先决条件：
#   - 已安装：sshpass、expect、curl、wget、yum/dnf、createrepo、nginx（脚本会尽量自动安装）
#   - 具有对各节点的 root 或具备 sudo 权限的账号与密码
#   - 所有节点网络互通，SELinux/防火墙策略允许 SSH/HTTP/3306 等必要端口
#
# 使用方法：
#   1) 将脚本与 hosts.txt 放在同一目录
#   2) 赋权：chmod +x install_ambari_cluster.sh
#   3) 执行：./install_ambari_cluster.sh
#   4) 日志：默认输出至 ./ambari_install.log（失败可直接定位重跑步骤）
#
# 设计约束与约定：
#   - 幂等性：对多数步骤进行存在性检查，尽量避免重复执行导致的破坏性变更
#   - 角色选择：最小 IP 节点既作为 Yum 文件源（Nginx）又作为时间源与 Ambari Server
#   - 兼容性：以 Rocky8 系为基线，其他发行版需按需调整仓库与包名
#   - 安全性：生产环境请更换默认密码（root/ambari/hive 等），并限制数据库远程访问
#
# 注意事项：
#   - 如果你已经有外部 NTP/Yum 源/数据库，请在对应函数中跳过或改为指向现有服务
#   - 若需分步执行或人工确认，可在 main() 中加入交互暂停（read -rp ...）
# =================================

set -e
LOGFILE="ambari_install.log"
exec > >(tee -a "$LOGFILE") 2>&1

# 定义日志函数，与 uninstall 脚本保持统一
log_info() {
  echo "$(date '+%Y-%m-%d %H:%M:%S') [Info] $*"
}
log_error() {
  echo "$(date '+%Y-%m-%d %H:%M:%S') [Error] $*" >&2
}

##############################
# 全局变量配置
##############################
HOSTS_FILE="hosts.txt"




DDL_PATH="/var/lib/ambari-server/resources/Ambari-DDL-MySQL-CREATE.sql"


##############################
# JDK 版本参数（适用于 ambari 3.0）
##############################
JDK_VERSION="17.0.2"
JDK_SHORT="17.0.2"
JDK_FILENAME="openjdk-${JDK_SHORT}_linux-x64_bin.tar.gz"
JDK_DOWNLOAD_URL="https://mirrors.huaweicloud.com/openjdk/${JDK_SHORT}/${JDK_FILENAME}"
JDK_FILE_PATH="/opt/modules/${JDK_FILENAME}"
JDK_FILE_HOME_PATH="/opt/modules/jdk-${JDK_SHORT}"
JDK17_SYMLINK="/usr/jdk64/jdk17"

JDK8_VERSION="1.8.0_202"
JDK8_SHORT="1.8.0_202"
JDK8_FILENAME="jdk-8u202-linux-x64.tar.gz"
JDK8_DOWNLOAD_URL="https://repo.huaweicloud.com/java/jdk/8u202-b08/${JDK8_FILENAME}"
JDK8_FILE_PATH="/opt/modules/${JDK8_FILENAME}"
JDK8_FILE_HOME_PATH="/opt/modules/jdk${JDK8_SHORT}"
JDK8_SYMLINK="/usr/jdk64/jdk1.8"


# MySQL Connector 配置
CONNECTOR_FILE="mysql-connector-java-5.1.48.tar.gz"
CONNECTOR_URL="https://mirrors.aliyun.com/mysql/Connector-J/mysql-connector-java-5.1.48.tar.gz"
CONNECTOR_JAR="mysql-connector-java-5.1.48-bin.jar"
TARGET_JAR="/usr/share/java/mysql-connector-java.jar"

# MariaDB 配置
ROOT_PASSWORD="root"
AMBARI_DB_PASSWORD="ambari"
HIVE_DB_PASSWORD="hive"

# RPM 仓库配置
RPM_DIR="/data/modules"
CREATEREPO_CMD="createrepo"

# Nginx 配置（作为本地 Yum 源代理）
NGINX_MODULES_DIR="/data/modules"

# 获取 JAVA_HOME（确保 JDK 已安装，否则后续应答 ambari-server setup 时无法提供 JAVA_HOME）
JAVA_HOME=$(readlink -f "$(which java)" | sed "s:/bin/java::")
export JAVA_HOME

##############################
# 从 hosts.txt 读取主机信息
# 每行格式：用户名 密码 ip
# 转换为 "用户名 ip 密码" 存入数组 HOSTS
##############################
HOSTS=()
while IFS= read -r line || [ -n "$line" ]; do
  [[ -z "$line" || "$line" =~ ^# ]] && continue
  line=$(echo "$line" | tr -d '\r' | xargs)
  read -r username password ip <<< "$line"
  log_info "读取主机: $ip (user: $username)"
  HOSTS+=("$username $ip $password")
done < "$HOSTS_FILE"
log_info "读取完毕，主机列表："
printf "  %s\n" "${HOSTS[@]}"




########################################
# 仅 Kylin 用：本机自举安装 sshpass（可选但推荐）
########################################
# 可选：私服直装 rpm（不走仓库）
# export SSHPASS_RPM_URL="http://nexus.local/repo/sshpass-1.09-5.el8.x86_64.rpm"

bootstrap_sshpass() {
  set -euo pipefail
  if command -v sshpass >/dev/null 2>&1; then
    echo "[INFO] sshpass 已存在"
    return 0
  fi

  # 优先：rpm 直装（离线/私服）
  if [[ -n "${SSHPASS_RPM_URL:-}" ]]; then
    echo "[INFO] 通过 SSHPASS_RPM_URL 安装: $SSHPASS_RPM_URL"
    tmp="/tmp/sshpass.$RANDOM.rpm"
    curl -fsSL "$SSHPASS_RPM_URL" -o "$tmp"
    sudo rpm -Uvh --nodeps --replacepkgs "$tmp" || true
    rm -f "$tmp"
    command -v sshpass >/dev/null 2>&1 && { echo "[INFO] sshpass 安装完成（rpm）"; return 0; }
    echo "[WARN] rpm 直装失败，改用 yum"
  fi

  # 直接用 yum
  sudo yum -y install sshpass && { echo "[INFO] sshpass 安装完成"; return 0; }

  # 仓库没有时，临时挂 EPOL 仅放行 sshpass
  echo "[INFO] 临时写入 EPOL 仅安装 sshpass ..."
  sudo tee /etc/yum.repos.d/_tmp-openeuler-epol-sshpass.repo >/dev/null <<'EOR'
[openeuler-epol-main-tmp]
name=openEuler 20.03-LTS-SP3 EPOL - main (tmp for sshpass)
baseurl=https://mirrors.huaweicloud.com/openeuler/openEuler-20.03-LTS-SP3/EPOL/main/$basearch/
enabled=1
gpgcheck=0
priority=99
EOR
  echo 'includepkgs=sshpass' | sudo tee -a /etc/yum.repos.d/_tmp-openeuler-epol-sshpass.repo >/dev/null
  sudo yum -y makecache
  sudo yum -y install sshpass || true
  sudo rm -f /etc/yum.repos.d/_tmp-openeuler-epol-sshpass.repo

  if command -v sshpass >/dev/null 2>&1; then
    echo "[INFO] sshpass 安装完成（临时 EPOL）"
    return 0
  fi

  echo "[ERROR] 无法安装 sshpass，请手动安装或提供 SSHPASS_RPM_URL"
  return 1
}

########################################
# 仅 Kylin 用：源配置 + 常用工具 + MariaDB + Nginx（全程 yum）
########################################
# EPOL 白名单（可 export EPOL_INCLUDE 覆盖）
# 默认只放行少量用户态包，避免把基础库拉偏
#

function pre_install_tools() {
  echo "[INFO] >>> Kylin v10 x86_64 初始化：写源、装常用工具、MariaDB 10.11 + Galera-4（Boost1.66 兜底）"

  # 可选：确保控制机有 sshpass
  command -v sshpass >/dev/null 2>&1 || sudo yum -y install sshpass

  # EPOL 白名单（注意：不包含 boost）
  local EPOL_INCLUDE_DEFAULT="sshpass,socat,perl-DBI"
  local EPOL_INCLUDE="${EPOL_INCLUDE:-$EPOL_INCLUDE_DEFAULT}"

  # Boost 1.66 RPM 直链（阿里云 CentOS Vault 8.5 AppStream）
  local BOOST_BASE="https://mirrors.aliyun.com/centos-vault/8.5.2111/AppStream/x86_64/os/Packages"
  local BOOST_RPMS=(
    "boost-program-options-1.66.0-10.el8.x86_64.rpm"
    "boost-system-1.66.0-10.el8.x86_64.rpm"
    "boost-filesystem-1.66.0-10.el8.x86_64.rpm"
    "boost-thread-1.66.0-10.el8.x86_64.rpm"
    "boost-chrono-1.66.0-10.el8.x86_64.rpm"
  )

  for host_info in "${HOSTS[@]}"; do
    local user=$(echo "$host_info" | awk '{print $1}')
    local ip=$(echo "$host_info" | awk '{print $2}')
    local password=$(echo "$host_info" | awk '{print $3}')
    echo "[INFO] 处理主机 $ip ..."

    #################### 0) 基础变量与包管理器 ####################
    sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$user@$ip" "bash -s" <<'EOF_PM'
set -euo pipefail
if ! command -v dnf >/dev/null 2>&1 && ! command -v yum >/dev/null 2>&1; then
  echo "[FATAL] 未检测到 dnf/yum"
  exit 1
fi
EOF_PM

    #################### 1) 写 Kylin V10 源（内置 exclude=boost*） ####################
    sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$user@$ip" "bash -s" <<'EOF_KYLIN'
set -euo pipefail
if [ -f /etc/os-release ]; then . /etc/os-release; [[ "$ID" = "kylin" ]] || { echo "ID=$ID 不是 Kylin"; exit 2; }; else echo "/etc/os-release 缺失"; exit 2; fi
sudo rm -f /etc/yum.repos.d/*.repo

# 这里用双引号 heredoc，让 $basearch 保持字面量需要转义为 \$basearch
sudo tee /etc/yum.repos.d/kylin-v10.repo >/dev/null <<EOR
[kylin-v10-os]
name=Kylin V10 SP3 - OS
baseurl=https://update.cs2c.com.cn/NS/V10/V10SP3/os/adv/lic/base/\$basearch/
enabled=1
gpgcheck=0
priority=10
exclude=boost*

[kylin-v10-updates]
name=Kylin V10 SP3 - Updates
baseurl=https://update.cs2c.com.cn/NS/V10/V10SP3/os/adv/lic/updates/\$basearch/
enabled=1
gpgcheck=0
priority=10
exclude=boost*
EOR
EOF_KYLIN

    #################### 2) 写 EPOL 源（段内写入 includepkgs，避免后置拼接丢换行） ####################
    sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$user@$ip" \
      "EPOL_INCLUDE='$EPOL_INCLUDE' bash -s" <<'EOF_EPOL'
set -euo pipefail
sudo tee /etc/yum.repos.d/openeuler-epol.repo >/dev/null <<EOR
[openeuler-epol-main]
name=openEuler 20.03-LTS-SP3 EPOL - main
baseurl=https://mirrors.huaweicloud.com/openeuler/openEuler-20.03-LTS-SP3/EPOL/main/\$basearch/
enabled=1
gpgcheck=0
priority=90
includepkgs=${EPOL_INCLUDE}
EOR
EOF_EPOL

    #################### 3) 写 MariaDB 官方 10.11 源 ####################
    sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$user@$ip" "bash -s" <<'EOF_MDBREPO'
set -euo pipefail
sudo tee /etc/yum.repos.d/mariadb.repo >/dev/null <<'EOR'
[mariadb]
name=MariaDB 10.11
baseurl=https://mirrors.aliyun.com/mariadb/yum/10.11/rhel8-amd64
gpgkey=https://mirrors.aliyun.com/mariadb/yum/RPM-GPG-KEY-MariaDB
gpgcheck=1
enabled=1
EOR
EOF_MDBREPO

    #################### 4) 基础软件 + gcc 对齐 ####################
    sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$user@$ip" "bash -s" <<'EOF_BASE'
set -euo pipefail
sudo yum clean all -y || true
sudo rm -rf /var/cache/yum || true
sudo yum makecache -y --refresh

# 温和更新（避免把现有更高版本降级）
sudo yum -y update --nobest --skip-broken || true

# 常用工具
sudo yum -y install \
  wget curl vim tar unzip which sudo less lsof rsync \
  net-tools iproute iputils hostname passwd \
  openssh-server openssh-clients \
  procps-ng \
  make cmake autoconf automake libtool m4 pkgconf \
  createrepo chrony sshpass expect python3 socat \
  perl-DBI \
  --nobest --skip-broken || true

# gcc 对齐 + c++
sudo yum -y distro-sync gcc --allowerasing || true
sudo yum -y install gcc-c++ --allowerasing || true
EOF_BASE

    #################### 5) （保留）不再二次修改 repo，避免 “Bad id for repo” ####################
    # ——> 这里删除你之前的 fix_exclude awk 块，因为我们已经在写入时就把 exclude/includepkgs 写进段内了。
    #     避免因为换行/段落拼接导致的 [repoid]exclude=xxx 合并到一行的风险。

    #################### 6) 直接拉取 Boost 1.66 RPM 并本地安装（避免模块依赖） ####################
    sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$user@$ip" "bash -s" <<EOF_BOOST
set -euo pipefail
TMPDIR=\$(mktemp -d /tmp/boost166.XXXX)
cd "\$TMPDIR"
for rpm in ${BOOST_RPMS[@]}; do
  url="${BOOST_BASE}/\${rpm}"
  echo "[INFO] 下载 \$url"
  curl -fSL --retry 3 -o "\${rpm}" "\$url"
done

# 如果系统里已有更高版 boost*，用 allowerasing 自动替换为 1.66
sudo yum -y localinstall *.rpm --allowerasing || {
  echo "[WARN] localinstall 失败，尝试先移除冲突后再装..."
  TO_RM=\$(rpm -qa | egrep -i '^boost-(program-options|system|filesystem|thread|chrono)-' || true)
  if [ -n "\$TO_RM" ]; then
    echo "\$TO_RM" | sed 's/^/  - /'
    sudo yum -y remove \$TO_RM || true
  fi
  sudo yum -y localinstall *.rpm --allowerasing
}

ls -l /usr/lib64/libboost_program_options.so.1.66.0 || exit 3
cd /
rm -rf "\$TMPDIR"
EOF_BOOST

    #################### 7) 安装 MariaDB（显式带上 galera-4） ####################
    sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$user@$ip" "bash -s" <<'EOF_MDB'
set -euo pipefail
# 清理系统自带 mariadb 10.3（若仍残留）
TO_REMOVE=$(rpm -qa | egrep -i '^mariadb(-|$)' | grep -Ev 'connector|compat' || true)
[ -n "$TO_REMOVE" ] && sudo yum -y remove $TO_REMOVE || true

# 装 galera-4 + MariaDB 10.11（来自 mariadb 官方 el8 仓）
sudo yum -y install --disablerepo="*" --enablerepo="mariadb" \
  galera-4 MariaDB-server MariaDB-client MariaDB-common MariaDB-shared \
  --allowerasing --nobest

sudo systemctl enable mariadb || true
sudo systemctl start mariadb || true
EOF_MDB

    #################### 8) Nginx（系统源优先） ####################
    sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$user@$ip" "bash -s" <<'EOF_NGX'
set -euo pipefail
if ! sudo yum -y install nginx; then
  sudo tee /etc/yum.repos.d/nginx.repo >/dev/null <<'EOR2'
[nginx-stable]
name=nginx stable repo
baseurl=https://nginx.org/packages/rhel/8/$basearch/
gpgcheck=0
enabled=1
module_hotfixes=1
EOR2
  sudo yum -y makecache
  sudo yum -y install nginx
fi
sudo systemctl enable nginx || true
sudo systemctl start nginx || true
echo "[OK] $HOSTNAME 基础环境初始化完成"
EOF_NGX

  #################### 9) 安装 PostgreSQL（仅用 yum，最小化） ####################
    sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$user@$ip" "bash -s" <<'EOF_PG'
set -euo pipefail

# 安装服务端与常用扩展
sudo yum -y install postgresql-server postgresql-contrib

# 初始化数据库（不同打包路径兼容两种常见脚本名）
if command -v postgresql-setup >/dev/null 2>&1; then
  sudo postgresql-setup --initdb
elif [ -x /usr/bin/postgresql-setup ]; then
  sudo /usr/bin/postgresql-setup --initdb
else
  # 兜底：直接 initdb 到默认目录
  sudo -u postgres initdb -D /var/lib/pgsql/data
fi

# 启动并开机自启（服务名常规为 postgresql）
sudo systemctl enable --now postgresql

# 简要状态
psql --version || true
systemctl --no-pager -l status postgresql || true
echo "[OK] PostgreSQL 已安装并启动（本机连接可用）"
EOF_PG

  done
}




function pre_setup_passwordless_ssh() {
  log_info ">>> 配置主机间免密登录"
  for host_info in "${HOSTS[@]}"; do
    user=$(echo "$host_info" | awk '{print $1}')
    ip=$(echo "$host_info" | awk '{print $2}')
    password=$(echo "$host_info" | awk '{print $3}')
    sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$user@$ip" bash <<'EOF'
      set -e
      mkdir -p ~/.ssh
      chmod 700 ~/.ssh
      if [ ! -f ~/.ssh/id_rsa ]; then
         ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa -N ""
      fi
      chmod 600 ~/.ssh/id_rsa
      chmod 644 ~/.ssh/id_rsa.pub
EOF
  done
  for host_info in "${HOSTS[@]}"; do
    user=$(echo "$host_info" | awk '{print $1}')
    ip=$(echo "$host_info" | awk '{print $2}')
    password=$(echo "$host_info" | awk '{print $3}')
    pub_key=$(sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$user@$ip" "cat ~/.ssh/id_rsa.pub")
    for target_info in "${HOSTS[@]}"; do
      target_user=$(echo "$target_info" | awk '{print $1}')
      target_ip=$(echo "$target_info" | awk '{print $2}')
      target_pass=$(echo "$target_info" | awk '{print $3}')
      sshpass -p "$target_pass" ssh -o StrictHostKeyChecking=no "$target_user@$target_ip" bash <<EOF
        mkdir -p ~/.ssh
        chmod 700 ~/.ssh
        touch ~/.ssh/authorized_keys
        chmod 600 ~/.ssh/authorized_keys
        if ! grep -q '$pub_key' ~/.ssh/authorized_keys; then
           echo '$pub_key' >> ~/.ssh/authorized_keys
        fi
EOF
    done
  done
  log_info "免密登录配置完成。"
}

##############################
# 函数：更新 /etc/hosts 文件
##############################
function pre_update_hosts_file() {
  log_info ">>> 更新 /etc/hosts 文件"
  for host_info in "${HOSTS[@]}"; do
    user=$(echo "$host_info" | awk '{print $1}')
    ip=$(echo "$host_info" | awk '{print $2}')
    password=$(echo "$host_info" | awk '{print $3}')
    log_info "更新主机 $ip 的 /etc/hosts 文件..."
    host_name=$(sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$user@$ip" "hostname")
    update_cmd="echo '### 更新 /etc/hosts 文件 ###';"
    for target_info in "${HOSTS[@]}"; do
      target_ip=$(echo "$target_info" | awk '{print $2}')
      target_host_name=$(sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$user@$ip" "ssh -o StrictHostKeyChecking=no $user@$target_ip hostname")
      update_cmd+="if ! grep -q '$target_ip $target_host_name' /etc/hosts; then echo '$target_ip $target_host_name' | sudo tee -a /etc/hosts > /dev/null; fi;"
    done
    sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$user@$ip" "$update_cmd"
    log_info "主机 $ip 的 /etc/hosts 更新完成。"
  done
  log_info "/etc/hosts 更新完成。"
}

##############################
# 函数：配置 Chrony 时间同步
##############################
function pre_setup_ntp_sync() {
  log_info ">>> 配置 Chrony 时间同步"
  IPS=()
  for host_info in "${HOSTS[@]}"; do
    ip=$(echo "$host_info" | awk '{print $2}')
    IPS+=("$ip")
  done
  SERVER_IP="${IPS[0]}"
  CLIENT_IPS=("${IPS[@]:1}")

  for host_info in "${HOSTS[@]}"; do
    user=$(echo "$host_info" | awk '{print $1}')
    ip=$(echo "$host_info" | awk '{print $2}')
    password=$(echo "$host_info" | awk '{print $3}')
    if [ "$ip" == "$SERVER_IP" ]; then
      log_info "在服务器 $ip 上配置 Chrony..."
      sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$user@$ip" bash <<'EOF'
        set -e
        if ! command -v chronyd &>/dev/null; then
          sudo yum install -y chrony
        fi
        cat <<EOL | sudo tee /etc/chrony.conf
server ntp.ntsc.ac.cn iburst
server ntp1.aliyun.com iburst
server ntp2.aliyun.com iburst
server ntp3.aliyun.com iburst
allow 0.0.0.0/0
local stratum 10
driftfile /var/lib/chrony/drift
logdir /var/log/chrony
EOL
        sudo systemctl restart chronyd
        sudo systemctl enable chronyd
EOF
    fi
  done

  for ip in "${CLIENT_IPS[@]}"; do
    for host_info in "${HOSTS[@]}"; do
      curr_ip=$(echo "$host_info" | awk '{print $2}')
      if [ "$curr_ip" == "$ip" ]; then
        user=$(echo "$host_info" | awk '{print $1}')
        password=$(echo "$host_info" | awk '{print $3}')
        log_info "在客户端 $ip 配置 Chrony..."
        sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$user@$ip" bash <<EOF
          set -e
          if ! command -v chronyd &>/dev/null; then
            sudo yum install -y chrony
          fi
          cat <<EOL | sudo tee /etc/chrony.conf
server $SERVER_IP iburst
driftfile /var/lib/chrony/drift
logdir /var/log/chrony
EOL
          sudo systemctl restart chronyd
          sudo systemctl enable chronyd
EOF
      fi
    done
  done
  log_info "Chrony 时间同步配置完成。"
}

##############################
# 函数：配置 Nginx（作为本地 Yum 仓库代理）
##############################
function pre_setup_nginx() {
  log_info ">>> 配置 Nginx"

  # 选出最小 IP 的主机作为 Nginx 节点
  IPS=()
  for host_info in "${HOSTS[@]}"; do
    ip=$(echo "$host_info" | awk '{print $2}')
    IPS+=("$ip")
  done
  IFS=$'\n' sorted_ips=($(sort -n <<<"${IPS[*]}")); unset IFS
  SMALLEST_IP="${sorted_ips[0]}"

  for host_info in "${HOSTS[@]}"; do
    user=$(echo "$host_info" | awk '{print $1}')
    ip=$(echo "$host_info" | awk '{print $2}')
    password=$(echo "$host_info" | awk '{print $3}')

    if [ "$ip" == "$SMALLEST_IP" ]; then
      log_info "在 $ip 配置 Nginx..."

      # 把 root 目录传进远端（默认 /data/modules）
      sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$user@$ip" \
        "NGINX_ROOT='${NGINX_MODULES_DIR:-/data/modules}' bash -s" <<'EOF'
set -euo pipefail

# 1) 安装 nginx（Kylin v10 兼容 dnf/yum，避免 epel）
if ! command -v nginx &>/dev/null; then
  if command -v dnf &>/dev/null; then
    sudo dnf install -y nginx
  else
    sudo yum install -y nginx
  fi
fi

# 2) 目录与权限（做本地 YUM 源：/data/modules）
: "${NGINX_ROOT:=/data/modules}"
sudo mkdir -p "$NGINX_ROOT"

# 若无 nginx 用户则创建（部分发行版安装包会自动创建）
if ! id nginx &>/dev/null; then
  sudo useradd --system --no-create-home --shell /sbin/nologin nginx || true
fi

sudo chown -R nginx:nginx "$NGINX_ROOT"
sudo chmod -R 755 "$NGINX_ROOT"

# SELinux（若为 Enforcing）：内容上下文
if command -v getenforce &>/dev/null && getenforce | grep -iq Enforc; then
  sudo chcon -Rt httpd_sys_content_t "$NGINX_ROOT" || true
fi

# 3) 移除默认站点，避免冲突
if [ -f "/etc/nginx/conf.d/default.conf" ]; then
  sudo mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.bak || true
fi

# 4) 确保 nginx.conf 会 include conf.d/*.conf
if [ -f /etc/nginx/nginx.conf ]; then
  # 如果已有 http{} 块但缺少 include，则补上
  if ! grep -Eq '^\s*include\s+/etc/nginx/conf\.d/\*\.conf;' /etc/nginx/nginx.conf; then
    if grep -q '^[[:space:]]*http[[:space:]]*{' /etc/nginx/nginx.conf; then
      sudo awk '
        BEGIN{added=0}
        /^\s*http\s*{/{
          print; print "    include /etc/nginx/conf.d/*.conf;";
          added=1; next
        } {print}
        END{ if(added==0) exit 0 }
      ' /etc/nginx/nginx.conf | sudo tee /etc/nginx/nginx.conf >/dev/null
    else
      # 没有 http{} 则追加一个最小 http{} 块
      sudo tee -a /etc/nginx/nginx.conf >/dev/null <<'EOMINHTTP'
http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    sendfile on;
    keepalive_timeout 65;
    include /etc/nginx/conf.d/*.conf;
}
EOMINHTTP
    fi
  fi
else
  # 不存在则写入一个干净的默认模板
  sudo tee /etc/nginx/nginx.conf >/dev/null <<'EONG'
user nginx;
worker_processes auto;
error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events { worker_connections 1024; }

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    tcp_nopush      on;
    tcp_nodelay     on;
    keepalive_timeout  65;

    include /etc/nginx/conf.d/*.conf;
}
EONG
fi

# 5) 站点配置（root=/data/modules，开启目录索引）
sudo mkdir -p /etc/nginx/conf.d
sudo tee /etc/nginx/conf.d/modules_proxy.conf >/dev/null <<EOVH
server {
    listen 80;
    server_name _;

    root ${NGINX_ROOT};
    index index.html index.htm;

    location / {
        autoindex on;
        autoindex_exact_size off;
        autoindex_localtime on;
        try_files \$uri \$uri/ =404;
    }

    # 可选：YUM repodata 的常见静态类型
    types {
        application/xml                                        xml;
        application/x-rpm                                      rpm;
        text/plain                                             repomd;
    }
}
EOVH

# 6) 测试并启动
sudo nginx -t
sudo systemctl enable --now nginx

# 7) 防火墙（如 firewalld 在运行）
if systemctl is-active --quiet firewalld; then
  sudo firewall-cmd --add-service=http --permanent || true
  sudo firewall-cmd --reload || true
fi

# 8) 关键信息回显
echo "[OK] NGINX_ROOT: ${NGINX_ROOT}"
ss -lntp | awk '$4 ~ /:80$/ {print "[LISTEN] "$0}'
EOF
    fi
  done

  log_info "Nginx 配置完成。"
}



function pre_check_jdk() {
  log_info ">>> 检查并批量安装 JDK8 & JDK17"

  # 1) 取主控机（最小 IP）与其登录信息
  IPS=()
  declare SMALLEST_USER="" SMALLEST_PASS=""
  for host_info in "${HOSTS[@]}"; do
    ip=$(echo "$host_info" | awk '{print $2}')
    IPS+=("$ip")
  done
  IFS=$'\n' sorted_ips=($(sort -n <<<"${IPS[*]}"))
  unset IFS
  SMALLEST_IP="${sorted_ips[0]}"

  # 根据 SMALLEST_IP 反查其 user/password
  for host_info in "${HOSTS[@]}"; do
    u=$(echo "$host_info" | awk '{print $1}')
    ip=$(echo "$host_info" | awk '{print $2}')
    p=$(echo "$host_info" | awk '{print $3}')
    if [ "$ip" == "$SMALLEST_IP" ]; then
      SMALLEST_USER="$u"
      SMALLEST_PASS="$p"
      break
    fi
  done

  # 2) 在主控机下载 JDK8/JDK17（使用顶部变量：JDK8_DOWNLOAD_URL、JDK_DOWNLOAD_URL 等）
  for host_info in "${HOSTS[@]}"; do
    user=$(echo "$host_info" | awk '{print $1}')
    ip=$(echo "$host_info" | awk '{print $2}')
    password=$(echo "$host_info" | awk '{print $3}')
    if [ "$ip" == "$SMALLEST_IP" ]; then
      log_info "在 $ip 下载 JDK8 和 JDK17..."
      sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$user@$ip" bash <<EOF
set -e
mkdir -p /opt/modules
if [ ! -s "$JDK8_FILE_PATH" ]; then
  echo "[JDK8] 开始下载: $JDK8_DOWNLOAD_URL"
  curl -fSL -o "$JDK8_FILE_PATH" "$JDK8_DOWNLOAD_URL"
else
  echo "[JDK8] JDK 包已存在: $JDK8_FILE_PATH"
fi
if [ ! -s "$JDK_FILE_PATH" ]; then
  echo "[JDK17] 开始下载: $JDK_DOWNLOAD_URL"
  curl -fSL -o "$JDK_FILE_PATH" "$JDK_DOWNLOAD_URL"
else
  echo "[JDK17] JDK 包已存在: $JDK_FILE_PATH"
fi
EOF
    fi
  done

  # 3. 分发 JDK 包到其他节点
  for host_info in "${HOSTS[@]}"; do
    user=$(echo "$host_info" | awk '{print $1}')
    ip=$(echo "$host_info" | awk '{print $2}')
    password=$(echo "$host_info" | awk '{print $3}')
    if [ "$ip" != "$SMALLEST_IP" ]; then
      log_info "在 $ip 创建目录..."
      sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$user@$ip" "mkdir -p $(dirname "$JDK8_FILE_PATH") && mkdir -p $(dirname "$JDK_FILE_PATH")"

      log_info "同步 JDK8 包到 $ip..."
      sshpass -p "$password" scp -o StrictHostKeyChecking=no "$SMALLEST_IP:$JDK8_FILE_PATH" "$user@$ip:$JDK8_FILE_PATH"

      log_info "同步 JDK17 包到 $ip..."
      sshpass -p "$password" scp -o StrictHostKeyChecking=no "$SMALLEST_IP:$JDK_FILE_PATH" "$user@$ip:$JDK_FILE_PATH"
    fi
  done

  # 4. 每台主机解压&配置
  for host_info in "${HOSTS[@]}"; do
    user=$(echo "$host_info" | awk '{print $1}')
    ip=$(echo "$host_info" | awk '{print $2}')
    password=$(echo "$host_info" | awk '{print $3}')
    log_info "在 $ip 解压安装 JDK8 和 JDK17..."
    sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$user@$ip" bash <<EOF
set -e
mkdir -p /opt/modules
# JDK8
if [ ! -d "$JDK8_FILE_HOME_PATH" ]; then
  echo "[JDK8] 解压..."
  tar -zxf "$JDK8_FILE_PATH" -C /opt/modules
  JDK8_DIR=\$(tar -tf "$JDK8_FILE_PATH" | head -1 | cut -d/ -f1)
  if [ "/opt/modules/\$JDK8_DIR" != "$JDK8_FILE_HOME_PATH" ]; then
    mv "/opt/modules/\$JDK8_DIR" "$JDK8_FILE_HOME_PATH"
  fi
else
  echo "[JDK8] 已解压: $JDK8_FILE_HOME_PATH"
fi
# JDK17
if [ ! -d "$JDK_FILE_HOME_PATH" ]; then
  echo "[JDK17] 解压..."
  tar -zxf "$JDK_FILE_PATH" -C /opt/modules
  JDK17_DIR=\$(tar -tf "$JDK_FILE_PATH" | head -1 | cut -d/ -f1)
  if [ "/opt/modules/\$JDK17_DIR" != "$JDK_FILE_HOME_PATH" ]; then
    mv "/opt/modules/\$JDK17_DIR" "$JDK_FILE_HOME_PATH"
  fi
else
  echo "[JDK17] 已解压: $JDK_FILE_HOME_PATH"
fi
# JDK8 设为默认
sudo bash -c "cat >/etc/profile.d/java.sh" <<EOL
export JAVA_HOME=$JDK8_FILE_HOME_PATH
export PATH=\\\$JAVA_HOME/bin:\\\$PATH
EOL
# JDK17 建软连接
sudo mkdir -p /usr/jdk64
if [ -L "$JDK17_SYMLINK" ] || [ -e "$JDK17_SYMLINK" ]; then
  sudo rm -rf "$JDK17_SYMLINK"
fi
sudo ln -s "$JDK_FILE_HOME_PATH" "$JDK17_SYMLINK"
echo "[JDK17] 软链接已创建: $JDK17_SYMLINK -> $JDK_FILE_HOME_PATH"
source /etc/profile.d/java.sh
echo "[JDK8] 当前 JAVA 版本:"
java -version
echo "[JDK17] 路径:"
ls -l "$JDK17_SYMLINK"

# JDK8 建软连接
sudo mkdir -p /usr/jdk64
if [ -L "$JDK8_SYMLINK" ] || [ -e "$JDK8_SYMLINK" ]; then
  sudo rm -rf "$JDK8_SYMLINK"
fi
sudo ln -s "$JDK8_FILE_HOME_PATH" "$JDK8_SYMLINK"
echo "[JDK8] 软链接已创建: $JDK8_SYMLINK -> $JDK8_FILE_HOME_PATH"


EOF
  done

  log_info "JDK8/JDK17 安装及软连接全部完成。"
}




##############################
# 函数：安装 MySQL Connector/J
##############################
function pre_check_mysql_conn() {
  log_info ">>> 安装 MySQL Connector/J"
  IPS=()
  for host_info in "${HOSTS[@]}"; do
    ip=$(echo "$host_info" | awk '{print $2}')
    IPS+=("$ip")
  done
  IFS=$'\n' sorted_ips=($(sort -n <<<"${IPS[*]}"))
  unset IFS
  SMALLEST_IP="${sorted_ips[0]}"
  for host_info in "${HOSTS[@]}"; do
    user=$(echo "$host_info" | awk '{print $1}')
    ip=$(echo "$host_info" | awk '{print $2}')
    password=$(echo "$host_info" | awk '{print $3}')
    if [ "$ip" == "$SMALLEST_IP" ]; then
      log_info "在 $ip 安装 MySQL Connector/J..."
      sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$user@$ip" bash <<EOF
        set -e
        mkdir -p /opt/modules
        if [ -f "$TARGET_JAR" ]; then
          echo "MySQL Connector/J 已存在，跳过安装。"
          exit 0
        fi
        if [ ! -f "/opt/modules/$CONNECTOR_FILE" ]; then
          wget -q "$CONNECTOR_URL" -O "/opt/modules/$CONNECTOR_FILE"
        fi
        if [ ! -f "/opt/modules/$CONNECTOR_JAR" ]; then
          tar -xzf "/opt/modules/$CONNECTOR_FILE" -C /opt/modules
        fi
        sudo mkdir -p \$(dirname "$TARGET_JAR")
        sudo mv "/opt/modules/mysql-connector-java-5.1.48/$CONNECTOR_JAR" "$TARGET_JAR"
EOF
    fi
  done
  log_info "MySQL Connector/J 安装完成。"
}

##############################
# 函数：检查并初始化本地 YUM 仓库
##############################
function pre_check_yum_package() {
  log_info ">>> 检查并初始化 YUM 仓库"
  IPS=()
  for host_info in "${HOSTS[@]}"; do
    ip=$(echo "$host_info" | awk '{print $2}')
    IPS+=("$ip")
  done
  IFS=$'\n' sorted_ips=($(sort -n <<<"${IPS[*]}"))
  unset IFS
  SMALLEST_IP="${sorted_ips[0]}"
  for host_info in "${HOSTS[@]}"; do
    user=$(echo "$host_info" | awk '{print $1}')
    ip=$(echo "$host_info" | awk '{print $2}')
    password=$(echo "$host_info" | awk '{print $3}')
    if [ "$ip" == "$SMALLEST_IP" ]; then
      log_info "在 $ip 检查 RPM 包仓库..."
      sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$user@$ip" bash <<EOF
        set -e
        if ! command -v $CREATEREPO_CMD &>/dev/null; then
          sudo yum install -y createrepo
        fi
        mkdir -p "$RPM_DIR"
        if [ -z "\$(ls -A $RPM_DIR 2>/dev/null)" ]; then
          echo "RPM 目录为空，可在此处添加 RPM 包下载逻辑。"
        fi
        if [ -d "$RPM_DIR/repodata" ]; then
          rm -rf "$RPM_DIR/repodata"
        fi
        $CREATEREPO_CMD "$RPM_DIR"
EOF
    fi
  done
  log_info "YUM 仓库初始化完成。"
}

##############################
# 函数：配置本地 Yum 源（指向最小 IP 主机）
##############################
function pre_check_local_yum() {
  log_info ">>> 配置本地 Yum 源"
  IPS=()
  USERS=()
  PASSWORDS=()
  for host_info in "${HOSTS[@]}"; do
    USERS+=("$(echo "$host_info" | awk '{print $1}')")
    ip=$(echo "$host_info" | awk '{print $2}')
    IPS+=("$ip")
    PASSWORDS+=("$(echo "$host_info" | awk '{print $3}')")
  done
  IFS=$'\n' sorted_ips=($(sort -n <<<"${IPS[*]}"))
  unset IFS
  SERVER_IP="${sorted_ips[0]}"
  for i in "${!IPS[@]}"; do
    if [ "${IPS[i]}" == "$SERVER_IP" ]; then
      SERVER_USER="${USERS[i]}"
      SERVER_PASSWORD="${PASSWORDS[i]}"
      break
    fi
  done
  for i in "${!IPS[@]}"; do
    client_ip="${IPS[i]}"
    client_user="${USERS[i]}"
    client_password="${PASSWORDS[i]}"
    sshpass -p "$client_password" ssh -o StrictHostKeyChecking=no "$client_user@$client_ip" bash <<EOF
      cat <<YUM_REPO | sudo tee /etc/yum.repos.d/ambari.repo
[ambari]
name=Ambari Local Repository
baseurl=http://$SERVER_IP/
enabled=1
gpgcheck=0
YUM_REPO
      sudo yum clean all
      sudo yum repolist
EOF
  done
  log_info "本地 Yum 源配置完成。"
}

##############################
# 函数：配置 MariaDB（含自动 secure-installation 应答，并授予 root 远程连接权限）
##############################
function pre_check_mariadb_config() {
  log_info ">>> 配置 MariaDB"
  IPS=()
  USERS=()
  PASSWORDS=()
  for host_info in "${HOSTS[@]}"; do
    USERS+=("$(echo "$host_info" | awk '{print $1}')")
    ip=$(echo "$host_info" | awk '{print $2}')
    IPS+=("$ip")
    PASSWORDS+=("$(echo "$host_info" | awk '{print $3}')")
  done
  IFS=$'\n' sorted_ips=($(sort -n <<<"${IPS[*]}"))
  unset IFS
  SERVER_IP="${sorted_ips[0]}"
  CLIENT_IPS=("${sorted_ips[@]:1}")
  CURRENT_IP=$(hostname -I | awk '{print $1}')
  for i in "${!IPS[@]}"; do
    if [ "${IPS[i]}" == "$SERVER_IP" ]; then
      SERVER_USER="${USERS[i]}"
      SERVER_PASSWORD="${PASSWORDS[i]}"
      break
    fi
  done

  if [ "$CURRENT_IP" == "$SERVER_IP" ]; then
    # 修改 /etc/my.cnf，确保 bind-address=0.0.0.0
    sshpass -p "$SERVER_PASSWORD" ssh -o StrictHostKeyChecking=no "$SERVER_USER@$SERVER_IP" bash <<'EOF'
      set -e
      sudo tee /etc/my.cnf > /dev/null <<EOL
[client]
default-character-set=utf8mb4

[mysqld]
user=mysql
port=3306
basedir=/usr
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
pid-file=/var/run/mysqld/mysqld.pid
character-set-server=utf8mb4
collation-server=utf8mb4_unicode_ci
default-storage-engine=InnoDB
innodb_buffer_pool_size=1G
innodb_log_file_size=256M
innodb_log_buffer_size=64M
innodb_file_per_table=1
innodb_lock_wait_timeout=50
innodb_buffer_pool_instances=4
innodb_doublewrite=1
innodb_adaptive_hash_index=1
innodb_file_format=Barracuda
innodb_compression_level=6
innodb_fast_shutdown=1
innodb_strict_mode=1
innodb_status_file=1
innodb_stats_on_metadata=0
innodb_thread_concurrency=8
bind-address=0.0.0.0
skip-name-resolve
max_connections=500
slow_query_log=1
slow_query_log_file=/var/log/mysql/slow-query.log
long_query_time=2

[mysqldump]
default-character-set=utf8mb4
EOL
      if [ ! -d /var/run/mysqld ]; then
         sudo mkdir -p /var/run/mysqld
         sudo chown mysql:mysql /var/run/mysqld
      fi
      if [ ! -d /var/log/mysql ]; then
         sudo mkdir -p /var/log/mysql
         sudo chown mysql:mysql /var/log/mysql
      fi
      if [ ! -d /var/lib/mysql/mysql ]; then
         mysql_install_db --user=mysql --datadir=/var/lib/mysql
      fi
      if ! command -v mariadb &>/dev/null; then
         sudo yum install -y MariaDB-server MariaDB-client
      fi
      sudo systemctl restart mariadb
      sudo systemctl enable mariadb
EOF

    # 自动应答 MariaDB secure-installation（用 expect 内嵌应答），注意此处外层 here-doc未使用单引号，以便变量展开
    sshpass -p "$SERVER_PASSWORD" ssh -o StrictHostKeyChecking=no "$SERVER_USER@$SERVER_IP" bash <<EOF
set -e
if ! command -v expect >/dev/null 2>&1; then
   sudo yum install -y expect
fi
expect << "END_EXPECT"
set timeout 20

spawn mariadb-secure-installation

# 1. 输入空密码（直接回车）
expect "Enter current password for root (enter for none):"
send "root\r"
puts "Sent empty root password."

# 2. 处理 "Switch to unix_socket authentication [Y/n]" 提示
expect {
    -re {Switch to unix_socket authentication \[Y/n\]} {
         send "n\r"
         puts "Sent n for 'Switch to unix_socket authentication'."
    }
    timeout { puts "No unix_socket prompt encountered."; }
}

# 3. 处理 "Change the root password? [Y/n]" 提示
expect {
    -re {Change the root password\? \[Y/n\]} {
         send "n\r"
         puts "Sent n for 'Change the root password?'."
    }
    -re {Remove anonymous users\?} {
         puts "No change password prompt; proceeding to anonymous users."
         exp_continue
    }
    timeout { puts "No change root password prompt encountered."; }
}

# 4. 处理 "Remove anonymous users?" 提示（允许跨行匹配）
expect {
    -re {(?s)Remove anonymous users.*\[Y/n\]} {
         send "y\r"
         puts "Sent y for 'Remove anonymous users?'."
    }
    timeout { puts "No 'Remove anonymous users' prompt encountered."; }
}

# 5. 处理 "Disallow root login remotely? [Y/n]" 提示
expect {
    -re {Disallow root login remotely\? \[Y/n\]} {
         send "n\r"
         puts "Sent n for 'Disallow root login remotely?'."
    }
    timeout { puts "No disallow root login remotely prompt encountered."; }
}

# 6. 处理 "Remove test database and access to it? [Y/n]" 提示
expect {
    -re {Remove test database and access to it\? \[Y/n\]} {
         send "n\r"
         puts "Sent n for 'Remove test database and access to it?'."
    }
    timeout { puts "No remove test database prompt encountered."; }
}

# 7. 处理 "Reload privilege tables now? [Y/n]" 提示
expect {
    -re {Reload privilege tables now\? \[Y/n\]} {
         send "y\r"
         puts "Sent y for 'Reload privilege tables now?'."
    }
    timeout { puts "No reload privilege tables prompt encountered."; }
}

expect eof
END_EXPECT
EOF

    # 授予 root 用户远程连接权限，解决 1130 错误
    sshpass -p "$SERVER_PASSWORD" ssh -o StrictHostKeyChecking=no "$SERVER_USER@$SERVER_IP" bash <<'EOF'
      mysql -uroot -p'root' <<EOFSQL
ALTER USER 'root'@'localhost' IDENTIFIED VIA mysql_native_password USING PASSWORD('root');
CREATE USER IF NOT EXISTS 'root'@'%' IDENTIFIED BY 'root';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EOFSQL
EOF
  fi

  # 测试客户端 MariaDB 连接
  for client_ip in "${CLIENT_IPS[@]}"; do
    for host_info in "${HOSTS[@]}"; do
      curr_ip=$(echo "$host_info" | awk '{print $2}')
      if [ "$curr_ip" == "$client_ip" ]; then
        client_user=$(echo "$host_info" | awk '{print $1}')
        client_pass=$(echo "$host_info" | awk '{print $3}')
        sshpass -p "$client_pass" ssh -o StrictHostKeyChecking=no "$client_user@$client_ip" "mysql -uroot -p'${ROOT_PASSWORD}' -h'$SERVER_IP' -e 'SELECT 1;'"
      fi
    done
  done
  log_info "MariaDB 配置完成。"
}




##############################
# 函数：安装 Ambari Server 和 Agent
##############################

function install_ambari() {
  log_info ">>> 安装 Ambari Server 和 Agent"
  USERS=()
  IPS=()
  PASSWORDS=()
  for host_info in "${HOSTS[@]}"; do
    u=$(echo "$host_info" | awk '{print $1}')
    ip=$(echo "$host_info" | awk '{print $2}')
    p=$(echo "$host_info" | awk '{print $3}')
    USERS+=("$u")
    IPS+=("$ip")
    PASSWORDS+=("$p")
  done

  IFS=$'\n' sorted_ips=($(sort -n <<<"${IPS[*]}"))
  unset IFS
  SERVER_IP="${sorted_ips[0]}"
  CLIENT_IPS=("${sorted_ips[@]:1}")
  CURRENT_IP=$(hostname -I | awk '{print $1}')

  if [ "$CURRENT_IP" == "$SERVER_IP" ]; then
    log_info "当前主机为 Ambari Server 节点 ($SERVER_IP)，开始安装..."

    # 安装 MySQL Connector/J（确保 TARGET_JAR 存在）
    sshpass -p "${PASSWORDS[0]}" ssh -o StrictHostKeyChecking=no "${USERS[0]}@$SERVER_IP" bash <<EOF
set -ex
mkdir -p /opt/modules/mysql-connector
if [ ! -f "${TARGET_JAR}" ]; then
   wget -q "${CONNECTOR_URL}" -O /opt/modules/mysql-connector/mysql-connector-java.tar.gz
   tar -xzf /opt/modules/mysql-connector/mysql-connector-java.tar.gz -C /opt/modules/mysql-connector
   sudo mkdir -p /usr/share/java
   sudo cp /opt/modules/mysql-connector/mysql-connector-java-5.1.48/${CONNECTOR_JAR} "${TARGET_JAR}"
fi
EOF

    # 在本地构造 HOSTS_SQL 字符串（各 IP 的 GRANT 语句）
    HOSTS_SQL=""
    for ip in "${IPS[@]}"; do
      HOSTS_SQL+="GRANT ALL PRIVILEGES ON *.* TO 'ambari'@'$ip' IDENTIFIED BY '$AMBARI_DB_PASSWORD' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON *.* TO 'hive'@'$ip' IDENTIFIED BY '$HIVE_DB_PASSWORD' WITH GRANT OPTION;
"
    done

    sshpass -p "${PASSWORDS[0]}" ssh -o StrictHostKeyChecking=no "${USERS[0]}@$SERVER_IP" bash <<EOF
set -e
mysql -uroot -p"${ROOT_PASSWORD}" <<EOFSQL
CREATE DATABASE IF NOT EXISTS ambari;
CREATE DATABASE IF NOT EXISTS hive;
CREATE USER IF NOT EXISTS 'ambari'@'%' IDENTIFIED BY '$AMBARI_DB_PASSWORD';
CREATE USER IF NOT EXISTS 'hive'@'%' IDENTIFIED BY '$HIVE_DB_PASSWORD';
GRANT ALL PRIVILEGES ON *.* TO 'ambari'@'%' IDENTIFIED BY '$AMBARI_DB_PASSWORD' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON *.* TO 'ambari'@'localhost' IDENTIFIED BY '$AMBARI_DB_PASSWORD' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON *.* TO 'hive'@'%' IDENTIFIED BY '$HIVE_DB_PASSWORD' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON *.* TO 'hive'@'localhost' IDENTIFIED BY '$HIVE_DB_PASSWORD' WITH GRANT OPTION;
${HOSTS_SQL}
FLUSH PRIVILEGES;
EOFSQL
EOF

    # 先执行一次非交互式 setup 命令
    sshpass -p "${PASSWORDS[0]}" ssh -o StrictHostKeyChecking=no "${USERS[0]}@$SERVER_IP" bash <<EOF
set -e
sudo yum install -y ambari-server
source /etc/profile
ambari-server setup --jdbc-db=mysql --jdbc-driver="${TARGET_JAR}"
EOF

    # 然后使用 expect 自动应答 setup 后续交互提示
    sshpass -p "${PASSWORDS[0]}" ssh -o StrictHostKeyChecking=no "${USERS[0]}@$SERVER_IP" bash <<EOF
set -e
expect -c "
  set timeout -1
  spawn ambari-server setup --java-home /usr/jdk64/jdk17 --stack-java-home /usr/jdk64/jdk1.8
  expect \"Customize user account for ambari-server daemon\"
  send \"n\r\"

  expect {
    \"Completing setup...\" {
    }
    \"Enable Ambari Server to download and install GPL\" {
      send \"y\r\"
    }
  }

  expect \"Enter advanced database configuration\"
  send \"y\r\"
  expect \"Choose one of the following options:\"
  send \"3\r\"
  expect \"Hostname\"
  send \"${SERVER_IP}\r\"
  expect \"Port\"
  send \"3306\r\"
  expect \"Database name\"
  send \"ambari\r\"
  expect \"Username\"
  send \"ambari\r\"
  expect \"Enter Database Password\"
  send \"ambari\r\"

  expect {
    \"Configuring ambari database...\" {
    }
    \"Re-enter password: \" {
      send \"ambari\r\"
    }
  }

  expect {
    \"Configuring remote database connection properties...\" {
    }
    \"Should ambari use existing default jdbc\" {
      send \"y\r\"
    }
  }

  expect \"Proceed with configuring remote database connection properties\"
  send \"y\r\"
  expect eof
"
EOF

    # DDL 初始化和启动 Ambari Server（直接在远程展开 DDL_PATH）
    sshpass -p "${PASSWORDS[0]}" ssh -o StrictHostKeyChecking=no "${USERS[0]}@$SERVER_IP" bash <<EOF
set -e
echo "执行 Ambari DDL 脚本..."
if [ ! -f "$DDL_PATH" ]; then
  echo "错误：DDL 文件 $DDL_PATH 不存在！可能是 Ambari Server 尚未正确安装。"
  exit 1
fi
RESULT=\$(mysql -u ambari -p"${AMBARI_DB_PASSWORD}" -D ambari -N -e "SHOW TABLES LIKE 'metainfo';" 2>/dev/null)
if [ "\$RESULT" == "metainfo" ]; then
  echo "DDL 脚本已经执行过，跳过初始化。"
else
  echo "DDL 尚未执行，开始初始化..."
  mysql -u ambari -p"${AMBARI_DB_PASSWORD}" ambari <"$DDL_PATH"
  echo "Ambari DDL 脚本执行完成。"
fi
echo "启动 Ambari Server..."
ambari-server restart
echo "Ambari Server 已启动并设置为开机自启。"
sudo yum install -y ambari-agent
ambari-agent restart
EOF

  else
    log_info "当前主机非 Ambari Server 节点，跳过安装。"
  fi

  log_info "Ambari 安装完成。"
}




##############################
# 主函数：依次执行所有步骤
##############################
function main() {
  bootstrap_sshpass
  pre_install_tools
  pre_setup_passwordless_ssh
  pre_update_hosts_file
  pre_setup_ntp_sync
  pre_setup_nginx
  pre_check_jdk
  pre_check_mysql_conn
  pre_check_yum_package
  pre_check_local_yum
  pre_check_mariadb_config
  install_ambari
  log_info "Ambari 集群环境安装全部完成。"
}

main

log_info "请查看日志：$LOGFILE"

注意事项

请提前准备离线 RPM 包并放置在 /data/modules/ 目录下。不然安装必然失败！

2. 配置 hosts.txt 文件

在脚本同级目录创建 hosts.txt 文件，用于定义目标节点信息。

<用户名> <密码> <IP地址>

示例：

root Tt3832514048 192.168.3.1
root Tt3832514048 192.168.3.2
root Tt3832514048 192.168.3.3

参数说明

• 第一列：节点登录用户名（通常为 root）
• 第二列：登录密码，支持明文
• 第三列：节点 IP 地址

注意事项

1. 所有节点之间必须可互通（建议提前配置 /etc/hosts）；
2. 脚本会自动建立 SSH 免密连接；
3. 如果节点使用不同密码，可单独列出；
4. hosts.txt 文件需与脚本放在同一目录。

四、执行安装脚本

bash install_ambari_cluster.sh

执行后，脚本将自动检测当前环境，并在各节点上执行以下任务：

1. 检测 Kylin 系统版本与包管理器类型
2. 校验 SELinux、firewalld、chronyd、hostname 等配置
3. 自动配置本地 YUM 源（检测 /etc/yum.repos.d/kylin.repo）
4. 安装并配置 JDK（默认安装至 /opt/modules/jdk1.8.0_202）
5. 自动安装 MariaDB 10.11 并初始化数据库
6. 安装 Ambari Server 与 Agent
7. 执行 Ambari Server setup 并启动服务
8. 自动注册集群节点，验证服务状态

五、安装过程展示

1. 环境检测与依赖安装

脚本自动安装 sshpass、expect、java、mariadb 等依赖包， 并检测 YUM 仓库连通性与 Kylin 系统版本。

2. 自动执行 Ambari Server Setup

系统自动执行 ambari-server setup，无需人工输入数据库信息， MariaDB 用户与库表自动创建（默认用户 ambari / 密码 root）。

3. 集群启动与服务验证

安装完成后，访问：

http://<主节点IP>:8080

默认账号：

用户名：admin
密码：admin

Ambari 界面中可以看到所有节点状态正常且 Agent 已自动注册。