docker安装rocketmq 开通acl鉴权 rocketmq-dashboard
Posted 伍有晓俐
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了docker安装rocketmq 开通acl鉴权 rocketmq-dashboard相关的知识,希望对你有一定的参考价值。
准备
hub地址:https://hub.docker.com/r/foxiswho/rocketmq
/mydata/rocketmq
[root@xxx-test-ecs001 rocketmq]# pwd
/mydata/rocketmq
[root@xxx-test-ecs001 rocketmq]# ll
drwxrwxrwx 4 root root 4096 Nov 9 11:39 broker
drwxrwxrwx 3 root root 4096 Nov 8 18:41 console
-rw-r--r-- 1 root root 2041 Nov 9 13:50 docker-compose.yml
drwxrwxrwx 4 root root 4096 Nov 8 14:45 namesrv
[root@xxx-test-ecs001 rocketmq]#
创建对应目录和文件
mkdir -p /mydata/rocketmq/broker/logs,store
mkdir -p /mydata/rocketmq/namesrv/logs,store
mkdir -p /mydata/rocketmq/console/data
#赋予目录权限
chmod -R 777 /mydata/rocketmq
/mydata/rocketmq/broker
[root@kamp-test-ecs001 rocketmq]# cd broker/
[root@kamp-test-ecs001 broker]# ll
-rwxrwxrwx 1 root root 228 Nov 8 18:48 broker.conf
drwxrwxrwx 3 root root 4096 Nov 9 10:27 logs
-rw-r--r-- 1 root root 721 Nov 9 11:39 plain_acl.yml
drwxrwxrwx 2 root root 4096 Nov 9 10:27 store
[root@kamp-test-ecs001 broker]#
参考官方配置文件 https://github.com/apache/rocketmq/tree/develop/distribution/conf
/mydata/rocketmq/broker/broker.conf
brokerClusterName = DefaultCluster
brokerName = broker-a
brokerId = 0
deleteWhen = 04
fileReservedTime = 48
brokerRole = ASYNC_MASTER
flushDiskType = ASYNC_FLUSH
#开启鉴权
aclEnable=true
# 主机IP
brokerIP1 = 47.107.xx.xx
/mydata/rocketmq/broker/plain_acl.yml
开通acl权限控制,canal等配置全局白名单之后不需要配置密码
中文文档:https://github.com/apache/rocketmq/blob/master/docs/cn/acl/user_guide.md
globalWhiteRemoteAddresses:
- 192.168.1.*
- 47.107.xx.xx
accounts:
- accessKey: RocketMQ123
secretKey: KDFJ*sldf_sdf
whiteRemoteAddress:
admin: false
defaultTopicPerm: DENY
defaultGroupPerm: SUB
topicPerms:
- topicA=DENY
- topicB=PUB|SUB
- topicC=SUB
groupPerms:
# the group should convert to retry topic
- groupA=DENY
- groupB=PUB|SUB
- groupC=SUB
#不能少于6位
- accessKey: hello_rocketmq
secretKey: kf_ls_HELlos
whiteRemoteAddress: 192.168.1.*
# if it is admin, it could access all resources
admin: true
/mydata/rocketmq/console/data/users.properties
控制台basic登录使用
# This file supports hot change, any change will be auto-reloaded without Console restarting.
# Format: a user per line, username=password[,N] #N is optional, 0 (Normal User); 1 (Admin)
# Define Admin
# =============用户名和密码规则「用户名=密码,权限」,这里的权限为1表示管理员,为0表示普通用户=============
# 例如:admin=admin123,1
admin=123Uskfss,1
# Define Users
# =============屏蔽下边两个账户=============
#user1=user1
#user2=user2
执行脚本
docker-compose.yml
version: '2.3'
services:
rmqnamesrv:
image: foxiswho/rocketmq:4.8.0
# image: registry.cn-hangzhou.aliyuncs.com/foxiswho/rocketmq:4.7.0
container_name: rmqnamesrv
ports:
- 9876:9876
volumes:
- /mydata/rocketmq/namesrv/logs:/home/rocketmq/logs
- /mydata/rocketmq/namesrv/store:/home/rocketmq/store
environment:
JAVA_OPT_EXT: "-Duser.home=/home/rocketmq -Xms512M -Xmx512M -Xmn128m"
command: [ "sh","mqnamesrv" ]
networks:
rmq:
aliases:
- rmqnamesrv
rmqbroker:
image: foxiswho/rocketmq:4.8.0
# image: registry.cn-hangzhou.aliyuncs.com/foxiswho/rocketmq:4.7.0
container_name: rmqbroker
ports:
- 10909:10909
- 10911:10911
volumes:
- /mydata/rocketmq/broker/logs:/home/rocketmq/rocketmq-4.8.0/logs
- /mydata/rocketmq/broker/store:/home/rocketmq/rocketmq-4.8.0/store
- /mydata/rocketmq/broker/broker.conf:/home/rocketmq/rocketmq-4.8.0/conf/broker.conf
- /mydata/rocketmq/broker/plain_acl.yml:/home/rocketmq/rocketmq-4.8.0/conf/plain_acl.yml
environment:
JAVA_OPT_EXT: "-Xms512M -Xmx512M -Xmn128m"
command: [ "sh","mqbroker","-c","/home/rocketmq/rocketmq-4.8.0/conf/broker.conf","-n","rmqnamesrv:9876","autoCreateTopicEnable=true" ]
depends_on:
- rmqnamesrv
networks:
rmq:
aliases:
- rmqbroker
rmqconsole:
image: apacherocketmq/rocketmq-dashboard:1.0.0
container_name: rmqconsole
ports:
- 8180:8080
volumes:
- /mydata/rocketmq/console/data:/tmp/rocketmq-console/data
environment:
JAVA_OPTS: "-Drocketmq.namesrv.addr=rmqnamesrv:9876 -Dcom.rocketmq.sendMessageWithVIPChannel=false -Drocketmq.config.loginRequired=true -Drocketmq.config.accessKey=hello_rocketmq -Drocketmq.config.secretKey=kf_ls_HELlos"
depends_on:
- rmqnamesrv
networks:
rmq:
aliases:
- rmqconsole
networks:
rmq:
name: rmq
driver: bridge
springboot程序连接是需要增加access-key和secret-key
以上是关于docker安装rocketmq 开通acl鉴权 rocketmq-dashboard的主要内容,如果未能解决你的问题,请参考以下文章