docker安装rocketmq 开通acl鉴权 rocketmq-dashboard

Posted 伍有晓俐

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了docker安装rocketmq 开通acl鉴权 rocketmq-dashboard相关的知识,希望对你有一定的参考价值。

准备

hub地址:https://hub.docker.com/r/foxiswho/rocketmq

/mydata/rocketmq

[root@xxx-test-ecs001 rocketmq]# pwd
/mydata/rocketmq
[root@xxx-test-ecs001 rocketmq]# ll
drwxrwxrwx 4 root root 4096 Nov  9 11:39 broker
drwxrwxrwx 3 root root 4096 Nov  8 18:41 console
-rw-r--r-- 1 root root 2041 Nov  9 13:50 docker-compose.yml
drwxrwxrwx 4 root root 4096 Nov  8 14:45 namesrv
[root@xxx-test-ecs001 rocketmq]# 

创建对应目录和文件

mkdir -p /mydata/rocketmq/broker/logs,store
mkdir -p /mydata/rocketmq/namesrv/logs,store
mkdir -p /mydata/rocketmq/console/data
#赋予目录权限
chmod -R 777 /mydata/rocketmq

/mydata/rocketmq/broker

[root@kamp-test-ecs001 rocketmq]# cd broker/
[root@kamp-test-ecs001 broker]# ll
-rwxrwxrwx 1 root root  228 Nov  8 18:48 broker.conf
drwxrwxrwx 3 root root 4096 Nov  9 10:27 logs
-rw-r--r-- 1 root root  721 Nov  9 11:39 plain_acl.yml
drwxrwxrwx 2 root root 4096 Nov  9 10:27 store
[root@kamp-test-ecs001 broker]# 
参考官方配置文件 https://github.com/apache/rocketmq/tree/develop/distribution/conf

/mydata/rocketmq/broker/broker.conf

brokerClusterName = DefaultCluster
brokerName = broker-a
brokerId = 0
deleteWhen = 04
fileReservedTime = 48
brokerRole = ASYNC_MASTER
flushDiskType = ASYNC_FLUSH
#开启鉴权
aclEnable=true
# 主机IP
brokerIP1 = 47.107.xx.xx

/mydata/rocketmq/broker/plain_acl.yml
开通acl权限控制,canal等配置全局白名单之后不需要配置密码
中文文档:https://github.com/apache/rocketmq/blob/master/docs/cn/acl/user_guide.md

globalWhiteRemoteAddresses:
  - 192.168.1.*
  - 47.107.xx.xx

accounts:
  - accessKey: RocketMQ123
    secretKey: KDFJ*sldf_sdf
    whiteRemoteAddress:
    admin: false
    defaultTopicPerm: DENY
    defaultGroupPerm: SUB
    topicPerms:
      - topicA=DENY
      - topicB=PUB|SUB
      - topicC=SUB
    groupPerms:
      # the group should convert to retry topic
      - groupA=DENY
      - groupB=PUB|SUB
      - groupC=SUB

    #不能少于6位
  - accessKey: hello_rocketmq
    secretKey: kf_ls_HELlos
    whiteRemoteAddress: 192.168.1.*
    # if it is admin, it could access all resources
    admin: true

/mydata/rocketmq/console/data/users.properties
控制台basic登录使用

# This file supports hot change, any change will be auto-reloaded without Console restarting.
# Format: a user per line, username=password[,N] #N is optional, 0 (Normal User); 1 (Admin)
# Define Admin
# =============用户名和密码规则「用户名=密码,权限」,这里的权限为1表示管理员,为0表示普通用户=============
# 例如:admin=admin123,1
admin=123Uskfss,1
# Define Users
# =============屏蔽下边两个账户=============
#user1=user1
#user2=user2

执行脚本

docker-compose.yml

version: '2.3'

services:
  rmqnamesrv:
    image: foxiswho/rocketmq:4.8.0
    #    image: registry.cn-hangzhou.aliyuncs.com/foxiswho/rocketmq:4.7.0
    container_name: rmqnamesrv
    ports:
      - 9876:9876
    volumes:
      - /mydata/rocketmq/namesrv/logs:/home/rocketmq/logs
      - /mydata/rocketmq/namesrv/store:/home/rocketmq/store
    environment:
      JAVA_OPT_EXT: "-Duser.home=/home/rocketmq -Xms512M -Xmx512M -Xmn128m"
    command: [ "sh","mqnamesrv" ]
    networks:
      rmq:
        aliases:
          - rmqnamesrv
  rmqbroker:
    image: foxiswho/rocketmq:4.8.0
    #    image: registry.cn-hangzhou.aliyuncs.com/foxiswho/rocketmq:4.7.0
    container_name: rmqbroker
    ports:
      - 10909:10909
      - 10911:10911
    volumes:
      - /mydata/rocketmq/broker/logs:/home/rocketmq/rocketmq-4.8.0/logs
      - /mydata/rocketmq/broker/store:/home/rocketmq/rocketmq-4.8.0/store
      - /mydata/rocketmq/broker/broker.conf:/home/rocketmq/rocketmq-4.8.0/conf/broker.conf
      - /mydata/rocketmq/broker/plain_acl.yml:/home/rocketmq/rocketmq-4.8.0/conf/plain_acl.yml
    environment:
      JAVA_OPT_EXT: "-Xms512M -Xmx512M -Xmn128m"
    command: [ "sh","mqbroker","-c","/home/rocketmq/rocketmq-4.8.0/conf/broker.conf","-n","rmqnamesrv:9876","autoCreateTopicEnable=true" ]
    depends_on:
      - rmqnamesrv
    networks:
      rmq:
        aliases:
          - rmqbroker

  rmqconsole:
    image: apacherocketmq/rocketmq-dashboard:1.0.0
    container_name: rmqconsole
    ports:
      - 8180:8080
    volumes:
      - /mydata/rocketmq/console/data:/tmp/rocketmq-console/data
    environment:
      JAVA_OPTS: "-Drocketmq.namesrv.addr=rmqnamesrv:9876 -Dcom.rocketmq.sendMessageWithVIPChannel=false -Drocketmq.config.loginRequired=true -Drocketmq.config.accessKey=hello_rocketmq -Drocketmq.config.secretKey=kf_ls_HELlos"
    depends_on:
      - rmqnamesrv
    networks:
      rmq:
        aliases:
          - rmqconsole

networks:
  rmq:
    name: rmq
    driver: bridge

springboot程序连接是需要增加access-key和secret-key

以上是关于docker安装rocketmq 开通acl鉴权 rocketmq-dashboard的主要内容,如果未能解决你的问题,请参考以下文章

RocketMQ ACL使用指南

RocketMQ ACL使用指南

Docker安装RocketMQ单机版

Docker安装RocketMQ

Docker以挂载方式安装RocketMQ

RocketMQ ACL版本升级过程中的曲折经历(大厂线上环境大规模MQ升级开启ACL实战)