RocketMQ構建docker鏡像及部署(1)

1.構建rocketmq鏡像並部署(附帶ACL, 單節點)

1. 由於docker官網的rocketmq鏡像已經是很久以前的了，所以我選擇去github上下載最新源碼自己構建鏡像

   1. 下載源碼rocketmq-docker, 然后構建最新版本rocketmq鏡像

   git clone git@github.com:apache/rocketmq-docker.git
   cd rocketmq-docker
   cd image-build
   sh build-image.sh 4.8.0 centos
   #這里構建的規則可以看一下文檔，推薦用alpine，我用這個作為鏡像的容器時報沒有權限所以就用了centos
   

2. 部署nameserve域名發現服務(打包為一個整體，其實容器內部這個鏡像就一個logs文件夾,nameserve和broker選一個掛載就行了)

   mkdir -p /docker/rocketmq/data/namesrv/logs
   mkdir -p /docker/rocketmq/data/namesrv/store
   
   docker run /
   -d /
   -p 9876:9876 /
   -v /docker/rocketmq/data/namesrv/logs:/home/rocketmq/logs /
   -v /docker/rocketmq/data/namesrv/store:/home/rocketmq/store /
   --name rmqnamesrv /
   -e "MAX_POSSIBLE_HEAP=100000000" /
   apacherocketmq/rocketmq:4.8.0 /
   sh mqnamesrv
   

3. 部署broker控制器服務, 日志都在logs這一個文件夾里面，版本不同需要修改版本號(具體可見構建鏡像的sh文件)

   1. broker.conf文件實例如下:

      brokerClusterName = DefaultCluster
      brokerName = broker-a
      brokerId = 0
      deleteWhen = 04
      fileReservedTime = 48
      brokerRole = ASYNC_MASTER
      flushDiskType = ASYNC_FLUSH
      brokerIP1 = 172.16.7.115
      autoCreateTopicEnable=true
      aclEnable=true
      

   2. plain_acl.yml文件實例如下:

      # Licensed to the Apache Software Foundation (ASF) under one or more
      # contributor license agreements.  See the NOTICE file distributed with
      # this work for additional information regarding copyright ownership.
      # The ASF licenses this file to You under the Apache License, Version 2.0
      # (the "License"); you may not use this file except in compliance with
      # the License.  You may obtain a copy of the License at
      #
      #     http://www.apache.org/licenses/LICENSE-2.0
      #
      #  Unless required by applicable law or agreed to in writing, software
      #  distributed under the License is distributed on an "AS IS" BASIS,
      #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      #  See the License for the specific language governing permissions and
      #  limitations under the License.
      
      globalWhiteRemoteAddresses:
      - 172.16.7.*
      
      accounts:
      - accessKey: RocketMQ
        secretKey: 12345678
        whiteRemoteAddress:
        admin: false
        defaultTopicPerm: DENY
        defaultGroupPerm: SUB
        topicPerms:
        - topicA=DENY
        - topicB=PUB|SUB
        - topicC=SUB
        groupPerms:
        # the group should convert to retry topic
        - groupA=DENY
        - groupB=PUB|SUB
        - groupC=SUB
      
      - accessKey: rocketmq2
        secretKey: 12345678
        whiteRemoteAddress: 172.16.7.*
        # if it is admin, it could access all resources
        admin: true
      

4. mkdir -p /docker/rocketmq/conf
   #把上面的broker.conf和plain_acl.yml都放到這個文件夾下面
   
   docker run \
   -d \
   -p 10911:10911 \
   -p 10909:10909 \
   -p 10912:10912 \
   -v /docker/rocketmq/conf/broker.conf:/home/rocketmq/rocketmq-4.8.0/conf/broker.conf \
   -v /docker/rocketmq/conf/plain_acl.yml:/home/rocketmq/rocketmq-4.8.0/conf/plain_acl.yml \
   --name rmqbroker \
   --link rmqnamesrv:namesrv \
   -e "NAMESRV_ADDR=namesrv:9876" \
   -e "MAX_POSSIBLE_HEAP=200000000" \
   apacherocketmq/rocketmq:4.8.0 \
   sh mqbroker -c /home/rocketmq/rocketmq-4.8.0/conf/broker.conf
   

5. 此時一個附帶acl的rocketmq單節點就完成了，訪問的時候帶accessKey和secretkey就可以了，不同類型用戶使用不同的key和secret擁有的資源權限也就不同。rocketmq的源碼地址: https://github.com/apache/rocketmq，可以下下來看看配置以及源碼，打包好的都在distribution這個模塊里面。

2.構建rocketmq-console-log鏡像並部署(附帶需要登錄帳密)

1. 可以自己去拉取源碼構建最新鏡像，也可以拉取已經構建好的之前的鏡像，源碼地址:https://github.com/apache/rocketmq-externals，現在被踢出去了，可以看這個地址 https://gitee.com/ashscc/rocketmq-console

   1. 構建鏡像

      git clone git@github.com:apache/rocketmq-externals.git 
      cd rocketmq-externals/rocketmq-console/
      mvn clean package -Dmaven.test.skip=true
      #然后去classes里面找到打包好的jar文件移動到rocketmq-externals/rocketmq-console/src/main/docker目錄下面
      cd src/main/docker
      docker build -t docker-console-login
      

   2. 修改源碼配置，也可以不修改，后面通過環境變量來修改，但是users.proprerties需要放到${rocketmq.config.dataPath}這個目錄下面，且是熱更新的。application.properties

   #application.properties的修改如下，根據自己的實際情況修改，這里配置的是連接域名發現服務以及broker鑒權時候的配置
   #if this value is empty,use env value rocketmq.config.namesrvAddr  NAMESRV_ADDR | now, you can set it in ops page.default localhost:9876
   rocketmq.config.namesrvAddr=172.16.7.115:9876
   #rocketmq-console's data path:dashboard/monitor
   rocketmq.config.dataPath=/tmp/rocketmq-console/data
   
   #Must create userInfo file: ${rocketmq.config.dataPath}/users.properties if the login is required
   rocketmq.config.loginRequired=true
   
   #set the accessKey and secretKey if you used acl
   rocketmq.config.accessKey=rocketmq2
   rocketmq.config.secretKey=12345678
   

   2. 新建users.properties，通過改變讀取地址以及掛載可以實現即時修改更新登錄用戶帳密

   mkdir -p /docker/rocketmq-console/data
   cd /docker/rocketmq-console/data
   touch users.properties
   #然后寫入一下配置
   # 對登陸的console-log的用戶的帳密的配置，修改規則看說明
   # This file supports hot change, any change will be auto-reloaded without Console restarting.
   # Format: a user per line, username=password[,N] #N is optional, 0 (Normal User); 1 (Admin)
   
   # Define Admin
   admin=admin,1
   
   # Define Users
   user1=user1
   user2=user2
   

2. 運行console-log的鏡像

   docker run \
   -d \
   -e "JAVA_OPTS=-Drocketmq.config.namesrvAddr=172.16.7.115:9876 -Drocketmq.config.isVIPChannel=false -Drocketmq.config.dataPath=/tmp/rocketmq-console/data -Drocketmq.config.loginRequired=true -Drocketmq.config.accessKey=rocketmq2 -Drocketmq.config.secretKey=12345678" \
   -v /docker/rocketmq-console/data:/tmp/rocketmq-console/data \
   -p 8080:8080 \
   -t docker-console
   

   1. 實際情況中映射的接口可能得改變，根據需求變動，大致的構建一套帶ACL的方式如上

$\color{#FF0000}{tips:參考思路以及防坑,不要完全照搬代碼以及過程}$

參考:

1.https://www.cnblogs.com/franson-2016/p/12714692.html

2.https://www.jianshu.com/p/7c9b20518800

3.https://blog.csdn.net/rambogototravel/article/details/103519111

4.https://my.oschina.net/u/3362856/blog/4781202