📚 本文配套课程 · 数据可视化分析系列
🎬 B 站课程:数据可视化分析:Tableau/SQL 原理与实践 — https://www.bilibili.com/cheese/play/ss8093
近期,为某金Tableau 客户提供了从API、ETL 到数据分析的全平台服务,借此机会介绍一下 Tableau Server 独立网关部署。功能介绍可以参考官方网站:https://help.tableau.com/current/server-linux/zh-cn/server_tsig_overview.htm
独立网关安装包括以下步骤:
- 运行特定于平台的安装程序。
- 运行安装后脚本。此步骤由安装程序自动完成。
- 使用 TSM 启用独立网关实例。
前提:下载并安装 Tableau Server
- 安装 TSM。
- 激活并注册 Tableau Server。必须使用 tableu 企业版本或 AI 版本,从而激活 Advanced Management 功能。
- 配置初始节点设置。
参考其他博客:
步骤 1:下载并安装独立网关
使用发行版的软件包管理器安装 Tableau Server 独立网关,然后运行脚本以初始化独立网关。安装的软件包附带了该脚本。
独立网关安装在 /opt 目录中。
以具有 sudo 访问权限的用户身份登录到要在其中安装独立网关的计算机。 **注意:**参考 Tableau 服务器用户说明新建用户,不要创建 Tableau、tsmadmin、tsigadmin 这些用户。
[root@VM-16-11-centos tsig-extras.20242.25.0825.1650]# su admin
su: user admin does not exist
[root@VM-16-11-centos tsig-extras.20242.25.0825.1650]# groups admin
groups: admin: no such user
[root@VM-16-11-centos tsig-extras.20242.25.0825.1650]# useradd tabadmin
[root@VM-16-11-centos tsig-extras.20242.25.0825.1650]# passwd admin
passwd: Unknown user name 'admin'.
[root@VM-16-11-centos tsig-extras.20242.25.0825.1650]# passwd tabadmin
Changing password for user tabadmin.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@VM-16-11-centos tsig-extras.20242.25.0825.1650]#
[root@VM-16-11-centos tsig-extras.20242.25.0825.1650]# usermod -aG wheel tabadmin
[root@VM-16-11-centos tsig-extras.20242.25.0825.1650]# groups tabadmin
tabadmin : tabadmin wheel
[root@VM-16-11-centos tsig-extras.20242.25.0825.1650]# vi /etc/sudors
[root@VM-16-11-centos tsig-extras.20242.25.0825.1650]# vi /etc/sudor
[root@VM-16-11-centos tsig-extras.20242.25.0825.1650]# vi /etc/sudo
[root@VM-16-11-centos tsig-extras.20242.25.0825.1650]# su tabadmin
[root@VM-16-11-centos home]# groups tsmadmin
tsmadmin : tsmadmin wheel
从 Tableau Server 下载和版本说明页面下载 .rpm 或 .deb 安装程序包。独立网关有独立的下载地址
[admin@tabserver ~]$ wget <https://downloads.tableau.com/esdalt/2023.3.16/tableau-server-tsig-2023-3-16.x86_64.rpm>
--2025-04-23 21:56:17-- <https://downloads.tableau.com/esdalt/2023.3.16/tableau-server-tsig-2023-3-16.x86_64.rpm>
Resolving downloads.tableau.com (downloads.tableau.com)... 23.199.129.121
Connecting to downloads.tableau.com (downloads.tableau.com)|23.199.129.121|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 559189930 (533M) [audio/x-pn-realaudio-plugin]
Saving to: ‘tableau-server-tsig-2023-3-16.x86_64.rpm’
tableau-server-tsig-2023-3-16.x86_64. 3%[=> ] 20.00M 3.18MB/s
- 导航软件包的目录。使用软件包管理器来安装独立网关软件包。 请不要安装到使用符号链接的位置,或安装到网络文件系统 (NFS) 卷上的目录。
- 在类似于 RHEL 的发行版(包括 CentOS)上:
sudo yum updatesudo yum install tableau-tsig-<version>.x86_64.rpm
[root@VM-16-11-centos ~]# cd /home/tabadmin/
[root@VM-16-11-centos tabadmin]# ls
tableau-server-tsig-2024-2-14.x86_64.rpm
[root@VM-16-11-centos tabadmin]# ll
total 543448
-rw-r--r-- 1 root root 556484676 Sep 16 16:11 tableau-server-tsig-2024-2-14.x86_64.rpm
[root@VM-16-11-centos tabadmin]# chown tabadmin:tabadmin tableau-server-tsig-2024-2-14.x86_64.rpm
[root@VM-16-11-centos tabadmin]# ll
total 543448
-rw-r--r-- 1 tabadmin tabadmin 556484676 Sep 16 16:11 tableau-server-tsig-2024-2-14.x86_64.rpm
[root@VM-16-11-centos tabadmin]# su tabadmin
[tabadmin@VM-16-11-centos ~]$ ll
total 543448
-rw-r--r-- 1 tabadmin tabadmin 556484676 Sep 16 16:11 tableau-server-tsig-2024-2-14.x86_64.rpm
[tabadmin@VM-16-11-centos scripts.20242.25.0825.1650]$
[tabadmin@VM-16-11-centos scripts.20242.25.0825.1650]$ cd
[tabadmin@VM-16-11-centos ~]$ ls
tableau-server-tsig-2024-2-14.x86_64.rpm
[tabadmin@VM-16-11-centos ~]$ sudo yum install table* -y
Loaded plugins: fastestmirror, langpacks
Examining tableau-server-tsig-2024-2-14.x86_64.rpm: tableau_tsig-20242.25.0825.1650-20242-25.0825.1650.x86_64
Marking tableau-server-tsig-2024-2-14.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package tableau_tsig-20242.25.0825.1650.x86_64 0:20242-25.0825.1650 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===============================================================================================================================================================================================
Package Arch Version Repository Size
===============================================================================================================================================================================================
Installing:
tableau_tsig-20242.25.0825.1650 x86_64 20242-25.0825.1650 /tableau-server-tsig-2024-2-14.x86_64 1.2 G
Transaction Summary
===============================================================================================================================================================================================
Install 1 Package
Total size: 1.2 G
Installed size: 1.2 G
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : tableau_tsig-20242.25.0825.1650-20242-25.0825.1650.x86_64 [##################################### Installing : tableau_tsig-20242.25.0825.1650-20242-25.0825.1650.x86_64 [###################################### Installing : tableau_tsig-20242.25.0825.1650-20242-25.0825.1650.x86_64 [####################################### Installing : tableau_tsig-20242.25.0825.1650-20242-25.0825.1650.x86_64 [######################################### Installing : tableau_tsig-20242.25.0825.1650-20242-25.0825.1650.x86_64 [########################################## Installing : tableau_tsig-20242.25.0825.1650-20242-25.0825.1650.x86_64 [########################################### Installing : tableau_tsig-20242.25.0825.1650-20242-25.0825.1650.x86_64 1/1
Run:
sudo /opt/tableau/tableau_tsig/packages/scripts.20242.25.0825.1650/initialize-tsig --accepteula -c '<TS cluster identity>'
Run 'sudo /opt/tableau/tableau_tsig/packages/scripts.20242.25.0825.1650/initialize-tsig -h' for command line help.
to continue setting up Tableau Server Independent Gateway.
Verifying : tableau_tsig-20242.25.0825.1650-20242-25.0825.1650.x86_64 1/1
Installed:
tableau_tsig-20242.25.0825.1650.x86_64 0:20242-25.0825.1650
Complete!
[tabadmin@VM-16-11-centos ~]$ sudo /opt/tableau/tableau_tsig/packages/scripts.20242.25.0825.1650/initialize-tsig --accepteula -p 8000 -c "ip 172.17.0.3"
Creating 'tableau-tsig' unprivileged user account
Creating environment file...
Creating directories and setting permissions...
Using '/var/opt/tableau/tableau_tsig' as the data directory.
Adding user 'tabadmin' to group 'tableau-tsig'...
Added. Note: These group membership changes do not take effect in shells already open. For these to take effect, log out of the shell and log back in.
Generating shared secret into /var/opt/tableau/tableau_tsig/config/tsighk-auth.conf
Done.
[tabadmin@VM-16-11-centos ~]$ tail /var/opt/tableau/tableau_tsig/config/tsighk-auth.conf
tail: cannot open ‘/var/opt/tableau/tableau_tsig/config/tsighk-auth.conf’ for reading: Permission denied
[tabadmin@VM-16-11-centos ~]$ sudo tail /var/opt/tableau/tableau_tsig/config/tsighk-auth.conf
TsighkAuth "32092-20575-11449-22115-1674-30821"
[tabadmin@VM-16-11-centos ~]$ hostname
VM-16-11-centos
[tabadmin@VM-16-11-centos ~]$
- 在 Ubuntu 上:
sudo apt-get update sudo apt-get upgrade sudo apt-get -y install gdebi-core sudo gdebi -n tableau-tsig-<version>_amd64.deb
步骤2:初始化 Tableau Server 独立网关
下一步是运行 initialize-tsig 脚本。
- 导航到
scripts目录:cd /opt/taleau/tableau_tsig/packages/scripts.<version_code>/ - 运行以下脚本来初始化并启动独立网关:
sudo ./initialize-tsig --accepteula -c <ts_cluster_location> --<optional_parameters>initialize-tsig脚本的唯一必需参数为--accepteula和-c。- -accepteula – 您必须包括此参数来接受 Tableau 最终用户许可协议 (EULA)。
- -c 您必须包含此参数以指定 Tableau Server 群集中所有节点的网络位置。这些节点可能正在向独立网关发送“整理”请求。可以使用通配符和子网掩码来指定多个节点。若要指定多个地址,请用空格分隔各个地址,并在整个地址周围使用引号。
- 所有其他参数都是可选的,如果不使用,将被赋予默认值。最常用的应该是指定端口,比如-p 8000. 在运行脚本之前查看参数及其默认值:initialize-tsig 脚本的帮助输出。
[tabadmin@VM-16-11-centos ~]$ sudo /opt/tableau/tableau_tsig/packages/scripts.20242.25.0825.1650/initialize-tsig -h
Usage: initialize-tsig --accepteula -c ts_cluster_location [optional arguments]
Sets up directories and permissions to properly run the Tableau Server Independent Gateway (TSIG),
and then starts included services.
When no options are given, the script uses default values.
REQUIRED
--accepteula Indicate that you have accepted the End User License Agreement (EULA).
You can find the EULA in
/opt/tableau/tableau_tsig/packages/docs.20242.25.0825.1650
-c <ts_cluster_location> Network location of the Tableau Server cluster from which
TSIG housekeeping requests can be received. Must be one of the forms
acceptable to Apache httpd mod_authz_host "Require" directive (see
<https://httpd.apache.org/docs/2.4/mod/mod_authz_host.html>). For
example, "ip 192.1.168.0/24", "host ts.example.org". Use
quotes if there are embedded spaces. Do not include the "Require"
keyword.
THERE IS NO DEFAULT FOR THIS OPTION.
OPTIONAL
-i <tsig_instance_id> A unique identifier for this TSIG instance. Defaults to the name of this host.
-p <tsig_external_port> Port listening for external requests. Default is 80.
-t <tsig_external_port_protocol> Protocol scheme for external requests. Choices are "http" or
"https". Default is "http".
-k <tsig_housekeeping_port> Port listening for housekeeping requests from Tableau Server
cluster. Default is 21319.
-s <tsig_housekeeping_port_protocol> Protocol scheme for housekeeping requests. Choices are "http" or
"https". Default is "http".
-d <data_dir> Set a custom location for the data directory
if it's not already set. If not set, the default is
"/var/opt/tableau/tableau_tsig".
-f Bypass warning messages or distribution version check
-g Do NOT add the current user to the "tableau-tsig" group,
used for easier access to log files and runtime files.
-a <username> The provided username will be used as the user to be added
to the appropriate groups, instead of the user running this
script. Providing both -a and -g is not allowed.
-q Quiet, suppress output except for errors and warnings.
--unprivileged-user=<value> Name of the unprivileged account to run Tableau Server Independent Gateway.
Default: "tableau-tsig".
--disable-account-creation Do not create groups or the user account for Tableau Server Independent Gateway.
However, the values in: unprivileged-username will still be used in TSIG configuration.
步骤 3:在 Tableau Server 中启用独立网关
若要完成独立网关的安装,您需要使用 TSM 来启用它。
- 将 JSON 配置文件复制到 Tableau Server 的初始节点。
- 在初始节点上,使用作为
tsmadmin组成员的帐户打开命令提示符。 - 运行以下命令以停止 Tableau Server,使用 json 配置文件启用独立网关,然后重新启动服务器:
tsm stop tsm topology external-services gateway enable -c tsig.json tsm start
如果是更新,那么使用 update
[tabadmin@VM-0-3-rockylinux ~]$ tsm topology external-services gateway enable -c tsig.json
Enabling Independent Gateway.
Failed to enable Independent Gateway.
See '/var/opt/tableau/tableau_server/data/tabsvc/logs/tabadmincontroller/tabadmincontroller_*.log' on Tableau Server nodes running the Administration Controller process for server log information.
errors.independentgateway.already_enabled.summary: Tableau Server is already configured to use Independent Gateway.
[tabadmin@VM-0-3-rockylinux ~]$ tsm topology external-services gateway update -c tsig.json
Updating Independent Gateway.
The last successful run of UpdateIndependentGatewayJob took 1 minute(s).
Job id is '39', timeout is 30 minutes.
11% - Verifying there are no pending changes.
22% - Updating configuration of Independent Gateway.
33% - Disabling all services.
44% - Waiting for the services to stop.
55% - Updating the configuration version on nodes.
66% - Waiting for services to reconfigure.
77% - Enabling all services.
88% - Waiting for the services to start.
100% - Applying configuration changes.
Successfully updated Independent Gateway.
[tabadmin@VM-0-3-rockylinux ~]$
安装和配置独立网关的最后一步是在 Tableau Server 中启用独立网关。
为此,请将 TSM 命令 tsm topology external-services gateway enable -c <file>与一个 JSON 文件结合使用,该文件标识一个或多个独立网关实例,并向 Tableau Server 提供服务器与独立网关之间通信所需的详细信息。
Tableau Server 必须处于停止状态才能启用独立网关。
关键:独立网关 JSON 文件内容
用于在 Tableau Server 上启用独立网关实例的 JSON 文件需要包含以下内容:
- id — id 值必须与特定实例的
tsig_instance_id匹配。如果您未提供此项,则默认值为独立网关计算机的完全限定的域名,以小写形式显示。json 文件中的值必须与hostname命令的输出匹配。 - host – host 值必须是 Tableau Server 节点可使用 DNS 解析的独立网关计算机的 IP 地址 。
- port – port 必须与在独立网关实例上指定的整理端口 (
tsig_housekeeping_port) 匹配。如果您在初始化期间未提供此信息,则默认值为“21319”。 - protocol协议必须与在独立网关实例上指定的整理协议 (
tsig_housekeeping_port_protocol) 相同。如果您在初始化期间未提供此信息,则默认为“http”。 - authsecret — authsecret 必须与独立网关实例上的初始化脚本创建的密文匹配。
关键:独立网关身份验证密文
初始化脚本在每台独立网关计算机上创建一个唯一的共享密文。您需要此密文才能在 Tableau Server 中启用独立网关。复制密文并将其作为“authsecret”包含在您的 JSON 文件中。
共享密文位于以下位置的 tsighk-auth.conf 文件中:/var/opt/tableau/tableau_tsig/config/tsighk-auth.conf
独立网关 JSON 文件示例:
JSON 文件应采用以下格式。此示例 JSON 文件显示有默认值的默认值。您的文件应该使用与您的独立网关安装和您的组织相匹配的实际值。
[root@VM-0-3-rockylinux tabadmin]# tail tsig.json
"independentGateways": [
{
"id": "VM-16-11-centos",
"host": "49.235.209.99",
"port": "21319",
"protocol": "http",
"authsecret": "26227-9323-6672-7548-16244-XXXX9"
}
]
}
如果是多个网关:
{
"independentGateways": [
{
"id": "<mycomputer.example.com>",
"host": "<DNS name of Independent Gateway computer>",
"port": "21319",
"protocol": "http",
"authsecret": "<shared-secret01>"
},
{
"id": "<mycomputer2.example.com>",
"host": "<DNS name of second Independent Gateway computer>",
"port": "21319",
"protocol": "http",
"authsecret": "<shared-secret02>"
}
]
}
步骤 4:验证 Tableau Server 中的独立网关
通过在浏览器中输入独立网关的地址,您应该能够导航到 Tableau Server 登录页面。
如果独立网关和后端 Tableau Server 部署之间存在防火墙,则您需要为 Tableau Server 进程打开端口以进行直接连接。有关详细信息,请参见直接连接。
附:如果要删除 tsig,使用 obliterate 命令
这个和 Tableau 程序一样,不要尝试手动删除文件。
[tabadmin@VM-16-11-centos ~]$ cd /opt/tableau/tableau_tsig/
[tabadmin@VM-16-11-centos tableau_tsig]$ cd packages/
[tabadmin@VM-16-11-centos packages]$ cd scripts.20242.25.0825.1650/
[tabadmin@VM-16-11-centos scripts.20242.25.0825.1650]$ ls
after-install-common defaults-tsig.bash initialize-tsm-common node-recovery template.nfo
after-install-tsig fno-to-serveratr migrate-fno-to-serveratr-offline README-CollectionTsfiles.txt user-at-override.conf
before-remove-tsig generate-offline-deactivation-response migrate-fno-to-serveratr-offline-upload README-TSIG.txt user-at.service
collect-tsfiles initialize-tsig migrate-fno-to-serveratr-online-finish tableau-tsig-obliterate
[tabadmin@VM-16-11-centos scripts.20242.25.0825.1650]$ sudo ./tableau-tsig-obliterate -y -y -y
Removed symlink /etc/systemd/system/default.target.wants/user@995.service.
===> Deleting user tableau-tsig
userdel: group tableau-tsig not removed because it has other members.
===> Deleting data directory /var/opt/tableau/tableau_tsig
===> Removing all Tableau Server Independent Gateway packages
Loaded plugins: fastestmirror, langpacks
No Match for argument: tableau-tsig*
No Packages marked for removal
Loaded plugins: fastestmirror, langpacks
Resolving Dependencies
--> Running transaction check
---> Package tableau_tsig-20242.25.0825.1650.x86_64 0:20242-25.0825.1650 will be erased
--> Finished Dependency Resolution
Dependencies Resolved
===========================================================================================
Package Arch Version Repository Size
=====================================================================================
Removing:
tableau_tsig-20242.25.0825.1650 x86_64 20242-25.0825.1650 @/tableau-server-tsig-2024-2-14.x86_64 1.2 G
Transaction Summary
=================================================================
Remove 1 Package
Installed size: 1.2 G
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
WARN: Environment file at /etc/opt/tableau/tableau_tsig/environment.bash does not exist, skipping service uninstall.
Erasing : tableau_tsig-20242.25.0825.1650-20242-25.0825.1650.x86_64 1/1
Verifying : tableau_tsig-20242.25.0825.1650-20242-25.0825.1650.x86_64 1/1
Removed:
tableau_tsig-20242.25.0825.1650.x86_64 0:20242-25.0825.1650
Complete!
===> Removing configuration files stored in system locations
===> Tableau Server Independent Gateway obliterated
[tabadmin@VM-16-11-centos scripts.20242.25.0825.1650]$
即便是清除,有时候有需要手动删除一个文件。
[tabadmin@VM-16-11-centos ~]$ sudo /opt/tableau/tableau_tsig/packages/scripts.20242.25.0825.1650/initialize-tsig --accepteula -p 8000 -c "ip 172.17.0.3"
Creating 'tableau-tsig' unprivileged user account
Creating environment file...
Creating directories and setting permissions...
Using '/var/opt/tableau/tableau_tsig' as the data directory.
Adding user 'tabadmin' to group 'tableau-tsig'...
Added. Note: These group membership changes do not take effect in shells already open. For these to take effect, log out of the shell and log back in.
Generating shared secret into /var/opt/tableau/tableau_tsig/config/tsighk-auth.conf
ln: failed to create hard link ‘/opt/tableau/tableau_tsig/packages/tsig-extras.20242.25.0825.1650/fluent-bit’: File exists
[tabadmin@VM-16-11-centos ~]$ sudo mv /opt/tableau/tableau_tsig/packages/tsig-extras.20242.25.0825.1650/fluent-bit
[tabadmin@VM-16-11-centos ~]$ sudo /opt/tableau/tableau_tsig/packages/scripts.20242.25.0825.1650/initialize-tsig --accepteula -p 8000 -c "ip 172.17.0.3"
Creating environment file...
Creating directories and setting permissions...
Using '/var/opt/tableau/tableau_tsig' as the data directory.
Adding user 'tabadmin' to group 'tableau-tsig'...
Added. Note: These group membership changes do not take effect in shells already open. For these to take effect, log out of the shell and log back in.
Generating shared secret into /var/opt/tableau/tableau_tsig/config/tsighk-auth.conf
open: Text file busy
elf_open: Text file busy
以后再补充。