RocketMQ的Docker镜像部署(以及Dashboard、ACL)
准备
- 包含RocketMQ部署(NameServer、Broker)、Dashboard、ACL
- 拉取镜像
- RocketMQ
$ docker pull apache/rocketmq:5.1.4
- Dashboard
$ docker pull apacherocketmq/rocketmq-dashboard:latest
- 创建docker-network
$ docker network create rocketmq-net
(如果都部署在同一节点的话需要这样做)
部署 NameServer
shell
复制代码
# 创建目录
mkdir -p /opt/soft/rocketmq-5.1.4-docker/namesrv/logs
# 修改权限,便于docker容器写入文件
chmod 777 /opt/soft/rocketmq-5.1.4-docker/namesrv/logs
shell
复制代码
docker run -d --name rocketmq-namesrv \
--network rocketmq-net \
--restart=always \
-p 9876:9876 \
-v /opt/soft/rocketmq-5.1.4-docker/namesrv/logs:/home/rocketmq/logs \
-e "MAX_POSSIBLE_HEAP=100000000" \
apache/rocketmq:5.1.4 \
sh mqnamesrv
- 注意:
- Docker容器需要有对服务器目录 /opt/soft/rocketmq-5.1.4-docker/namesrv/logs 的写入权限,例如可以提前创建该目录,并设置777 权限。后续的
-v
挂载同理。
部署 Broker
- 拷贝NameServer容器的中的配置文件到Broker
shell
复制代码
mkdir -p /opt/soft/rocketmq-5.1.4-docker/broker/broker-a-0
docker cp <NameServer的容器ID>:/home/rocketmq/rocketmq-5.1.4/conf /opt/soft/rocketmq-5.1.4-docker/broker/broker-a-0
- 修改Broker配置
$ vim /opt/soft/rocketmq-5.1.4-docker/broker/broker-a/conf/broker.conf
conf
复制代码
# 所属集群名称
brokerClusterName = DefaultCluster
# Broker名称,Master和Slave使用相同的名称(主从关系)
brokerName = broker-a
# 0表示Master,大于0表示不同的Slave
brokerId = 0
# 删除消息的时机,默认是4点
deleteWhen = 04
# 消息持久化在磁盘上的时长(小时)
fileReservedTime = 48
# Master和Slave之间同步数据的机制:SYNC_MASTER、ASYNC_MASTER、SLAVE
brokerRole = ASYNC_MASTER
# 刷盘策略:SYNC_FLUSH 消息写入磁盘后才返回成功状态;ASYNC_FLUSH 不需要等返回成功。
flushDiskType = ASYNC_FLUSH
# 设置Broker节点所在服务器的IP地址(需要连该MQ的外网应当能访问该IP)
brokerIP1 = XXX.XXX.XXX.XXX
# NameServer地址,用分号分割,我们通过Docker的环境变量指定
# namesrvAddr = XXX.XXX.XXX.XXX:9876
# Broker 对外服务的监听端口,默认即可
# listenPort = 10911
# 是否允许 Broker 自动创建 Topic
# autoCreateTopicEnable = true
# 是否允许 Broker 自动创建 订阅组
# autoCreateSubscriptionGroup = true
# 开启鉴权
# aclEnable = true
shell
复制代码
# 创建目录
mkdir -p /opt/soft/rocketmq-5.1.4-docker/broker/broker-a-0/conf
mkdir -p /opt/soft/rocketmq-5.1.4-docker/broker/broker-a-0/logs
mkdir -p /opt/soft/rocketmq-5.1.4-docker/broker/broker-a-0/store
# 修改权限,便于docker容器写入文件
chmod 777 /opt/soft/rocketmq-5.1.4-docker/broker/broker-a-0/conf
chmod 777 /opt/soft/rocketmq-5.1.4-docker/broker/broker-a-0/logs
chmod 777 /opt/soft/rocketmq-5.1.4-docker/broker/broker-a-0/store
shell
复制代码
docker run -d --name rocketmq-broker-a-0 \
--network rocketmq-net \
--restart=always \
--privileged=true \
-p 10911:10911 -p 10909:10909 \
-v /opt/soft/rocketmq-5.1.4-docker/broker/broker-a-0/conf:/home/rocketmq/rocketmq-5.1.4/conf \
-v /opt/soft/rocketmq-5.1.4-docker/broker/broker-a-0/logs:/home/rocketmq/logs \
-v /opt/soft/rocketmq-5.1.4-docker/broker/broker-a-0/store:/home/rocketmq/store \
-e "NAMESRV_ADDR=rocketmq-namesrv:9876" \
-e "MAX_POSSIBLE_HEAP=200000000" \
apache/rocketmq:5.1.4 \
sh mqbroker -c /home/rocketmq/rocketmq-5.1.4/conf/broker.conf
-e "BROKER_IP_1=10.113.75.113" \
部署 其他Broker
- 和上面的配置类似
- 调整 broker.conf 中的brokerName、brokerId即可
- 如果在不同的服务器的话
- 不用使用
--network rocketmq-net
-e "NAMESRV_ADDR=rocketmq-namesrv:9876"
中的 rocketmq-namesrv 需要修改为对应服务器的IP
- 后面Dashboard中的配置同理
部署 Dashboard
shell
复制代码
mkdir -p /opt/soft/rocketmq-5.1.4-docker/console/data
chmod 777 /opt/soft/rocketmq-5.1.4-docker/console/data
- 配置用户名和密码
$ vim /opt/soft/rocketmq-5.1.4-docker/console/data/users.properties
properties
复制代码
# This file supports hot change, any change will be auto-reloaded without Console restarting.
# Format: a user per line, username=password[,N] #N is optional, 0 (Normal User); 1 (Admin)
# Define Admin
# === 规则「用户名=密码,权限」。权限为1表示管理员,为0表示普通用户 ===
admin=admin123,1
# Define Users
# === 屏蔽下边两个账户 ==
#user1=user1
#user2=user2
shell
复制代码
docker run -d --name rocketmq-console \
--network rocketmq-net \
--restart=always \
-p 10100:8080 \
-v /opt/soft/rocketmq-5.1.4-docker/console/data:/tmp/rocketmq-console/data \
-e "JAVA_OPTS=-Drocketmq.namesrv.addr=rocketmq-namesrv:9876 -Dcom.rocketmq.sendMessageWithVIPChannel=false -Drocketmq.config.loginRequired=true" \
apacherocketmq/rocketmq-dashboard:latest
# 当-Drocketmq.config.loginRequired为false时,则Dashboard不需要登录用户和密码
# 这里的 rocketmq-namesrv 是NameServer的地址
- 直接访问
http://<Dashboard的IP>:10100
,输入前面配置的用户、密码
- 现在已经可以正常使用了
开启 ACL
修改所有Broker节点
- 编辑Broker配置文件,命令样例
vim /opt/soft/rocketmq-5.1.4-docker/broker/broker-a/conf/broker.conf
nginx
复制代码
# 配置下面这段
# 开启鉴权
aclEnable = true
- 编辑ACL配置文件,命令样例
vim /opt/soft/rocketmq-5.1.4-docker/broker/broker-a/conf/plain_acl.yml
yaml
复制代码
globalWhiteRemoteAddresses:
# 注释掉全局白名单,所有IP皆可访问,根据自己需求进行控制
#- 10.10.103.*
#- 192.168.0.*
accounts:
- accessKey: RocketMQ
secretKey: 12345678
whiteRemoteAddress:
admin: false
defaultTopicPerm: DENY
defaultGroupPerm: SUB
topicPerms:
- topicA=DENY
- topicB=PUB|SUB
- topicC=SUB
groupPerms:
# the group should convert to retry topic
- groupA=DENY
- groupB=PUB|SUB
- groupC=SUB
- accessKey: rocketmq2
secretKey: 12345678
whiteRemoteAddress: 192.168.1.*
# if it is admin, it could access all resources
admin: true
# 添加一个给Dashboard使用的用户
- accessKey: console
secretKey: 12345678
whiteRemoteAddress:
admin: true
- 重启Broker节点
$ docker restart <容器ID>
修改 Dashboard 启动命令
- 移除已部署的Dashboard,样例命令
$ docker rm -f <容器ID>
- 在启动命令中添加accessKey、secretKey
shell
复制代码
docker run -d --name rocketmq-console \
--network rocketmq-net \
--restart=always \
-p 10100:8080 \
-v /opt/soft/rocketmq-5.1.4-docker/console/data:/tmp/rocketmq-console/data \
-e "JAVA_OPTS=-Drocketmq.namesrv.addr=rocketmq-namesrv:9876 -Dcom.rocketmq.sendMessageWithVIPChannel=false -Drocketmq.config.loginRequired=true -Drocketmq.config.accessKey=console -Drocketmq.config.secretKey=12345678" \
apacherocketmq/rocketmq-dashboard:latest
参考