RocketMQ構建docker映象及部署(1)
1.構建rocketmq映象並部署(附帶ACL, 單節點)
-
由於docker官網的rocketmq映象已經是很久以前的了,所以我選擇去github上下載最新原始碼自己構建映象
- 下載原始碼rocketmq-docker, 然後構建最新版本rocketmq映象
git clone [email protected]:apache/rocketmq-docker.git cd rocketmq-docker cd image-build sh build-image.sh 4.8.0 centos #這裡構建的規則可以看一下文件,推薦用alpine,我用這個作為映象的容器時報沒有許可權所以就用了centos
-
部署nameserve域名發現服務(打包為一個整體,其實容器內部這個映象就一個logs資料夾,nameserve和broker選一個掛載就行了)
mkdir -p /docker/rocketmq/data/namesrv/logs mkdir -p /docker/rocketmq/data/namesrv/store docker run / -d / -p 9876:9876 / -v /docker/rocketmq/data/namesrv/logs:/home/rocketmq/logs / -v /docker/rocketmq/data/namesrv/store:/home/rocketmq/store / --name rmqnamesrv / -e "MAX_POSSIBLE_HEAP=100000000" / apacherocketmq/rocketmq:4.8.0 / sh mqnamesrv
-
部署broker控制器服務, 日誌都在logs這一個資料夾裡面,版本不同需要修改版本號(具體可見構建映象的sh檔案)
-
broker.conf檔案例項如下:
brokerClusterName = DefaultCluster brokerName = broker-a brokerId = 0 deleteWhen = 04 fileReservedTime = 48 brokerRole = ASYNC_MASTER flushDiskType = ASYNC_FLUSH brokerIP1 = 172.16.7.115 autoCreateTopicEnable=true aclEnable=true
-
plain_acl.yml檔案例項如下:
# Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to You under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. globalWhiteRemoteAddresses: - 172.16.7.* accounts: - accessKey: RocketMQ secretKey: 12345678 whiteRemoteAddress: admin: false defaultTopicPerm: DENY defaultGroupPerm: SUB topicPerms: - topicA=DENY - topicB=PUB|SUB - topicC=SUB groupPerms: # the group should convert to retry topic - groupA=DENY - groupB=PUB|SUB - groupC=SUB - accessKey: rocketmq2 secretKey: 12345678 whiteRemoteAddress: 172.16.7.* # if it is admin, it could access all resources admin: true
-
-
mkdir -p /docker/rocketmq/conf #把上面的broker.conf和plain_acl.yml都放到這個資料夾下面 docker run \ -d \ -p 10911:10911 \ -p 10909:10909 \ -p 10912:10912 \ -v /docker/rocketmq/conf/broker.conf:/home/rocketmq/rocketmq-4.8.0/conf/broker.conf \ -v /docker/rocketmq/conf/plain_acl.yml:/home/rocketmq/rocketmq-4.8.0/conf/plain_acl.yml \ --name rmqbroker \ --link rmqnamesrv:namesrv \ -e "NAMESRV_ADDR=namesrv:9876" \ -e "MAX_POSSIBLE_HEAP=200000000" \ apacherocketmq/rocketmq:4.8.0 \ sh mqbroker -c /home/rocketmq/rocketmq-4.8.0/conf/broker.conf
-
此時一個附帶acl的rocketmq單節點就完成了,訪問的時候帶accessKey和secretkey就可以了,不同型別使用者使用不同的key和secret擁有的資源許可權也就不同。rocketmq的原始碼地址: https://github.com/apache/rocketmq,可以下下來看看配置以及原始碼,打包好的都在distribution這個模組裡面。
2.構建rocketmq-console-log映象並部署(附帶需要登入帳密)
-
可以自己去拉取原始碼構建最新映象,也可以拉取已經構建好的之前的映象,原始碼地址:https://github.com/apache/rocketmq-externals,現在被踢出去了,可以看這個地址 https://gitee.com/ashscc/rocketmq-console
-
構建映象
git clone [email protected]:apache/rocketmq-externals.git cd rocketmq-externals/rocketmq-console/ mvn clean package -Dmaven.test.skip=true #然後去classes裡面找到打包好的jar檔案移動到rocketmq-externals/rocketmq-console/src/main/docker目錄下面 cd src/main/docker docker build -t docker-console-login
-
修改原始碼配置,也可以不修改,後面通過環境變數來修改,但是users.proprerties需要放到${rocketmq.config.dataPath}這個目錄下面,且是熱更新的。application.properties
#application.properties的修改如下,根據自己的實際情況修改,這裡配置的是連線域名發現服務以及broker鑑權時候的配置 #if this value is empty,use env value rocketmq.config.namesrvAddr NAMESRV_ADDR | now, you can set it in ops page.default localhost:9876 rocketmq.config.namesrvAddr=172.16.7.115:9876 #rocketmq-console's data path:dashboard/monitor rocketmq.config.dataPath=/tmp/rocketmq-console/data #Must create userInfo file: ${rocketmq.config.dataPath}/users.properties if the login is required rocketmq.config.loginRequired=true #set the accessKey and secretKey if you used acl rocketmq.config.accessKey=rocketmq2 rocketmq.config.secretKey=12345678
- 新建users.properties,通過改變讀取地址以及掛載可以實現即時修改更新登入使用者帳密
mkdir -p /docker/rocketmq-console/data cd /docker/rocketmq-console/data touch users.properties #然後寫入一下配置 # 對登陸的console-log的使用者的帳密的配置,修改規則看說明 # This file supports hot change, any change will be auto-reloaded without Console restarting. # Format: a user per line, username=password[,N] #N is optional, 0 (Normal User); 1 (Admin) # Define Admin admin=admin,1 # Define Users user1=user1 user2=user2
-
-
執行console-log的映象
docker run \ -d \ -e "JAVA_OPTS=-Drocketmq.config.namesrvAddr=172.16.7.115:9876 -Drocketmq.config.isVIPChannel=false -Drocketmq.config.dataPath=/tmp/rocketmq-console/data -Drocketmq.config.loginRequired=true -Drocketmq.config.accessKey=rocketmq2 -Drocketmq.config.secretKey=12345678" \ -v /docker/rocketmq-console/data:/tmp/rocketmq-console/data \ -p 8080:8080 \ -t docker-console
- 實際情況中對映的介面可能得改變,根據需求變動,大致的構建一套帶ACL的方式如上
$\color{#FF0000}{tips:參考思路以及防坑,不要完全照搬程式碼以及過程}$
參考:
1.https://www.cnblogs.com/franson-2016/p/12714692.html
2.https://www.jianshu.com/p/7c9b20518800
3.https://blog.csdn.net/rambogototravel/article/details/103519111