RocketMQ构建docker镜像及部署(1)

1.构建rocketmq镜像并部署(附带ACL, 单节点)

1. 由于docker官网的rocketmq镜像已经是很久以前的了，所以我选择去github上下载最新源码自己构建镜像

   1. 下载源码rocketmq-docker, 然后构建最新版本rocketmq镜像

   git clone git@github.com:apache/rocketmq-docker.git
   cd rocketmq-docker
   cd image-build
   sh build-image.sh 4.8.0 centos
   #这里构建的规则可以看一下文档，推荐用alpine，我用这个作为镜像的容器时报没有权限所以就用了centos
   

2. 部署nameserve域名发现服务(打包为一个整体，其实容器内部这个镜像就一个logs文件夹,nameserve和broker选一个挂载就行了)

   mkdir -p /docker/rocketmq/data/namesrv/logs
   mkdir -p /docker/rocketmq/data/namesrv/store
   
   docker run /
   -d /
   -p 9876:9876 /
   -v /docker/rocketmq/data/namesrv/logs:/home/rocketmq/logs /
   -v /docker/rocketmq/data/namesrv/store:/home/rocketmq/store /
   --name rmqnamesrv /
   -e "MAX_POSSIBLE_HEAP=100000000" /
   apacherocketmq/rocketmq:4.8.0 /
   sh mqnamesrv
   

3. 部署broker控制器服务, 日志都在logs这一个文件夹里面，版本不同需要修改版本号(具体可见构建镜像的sh文件)

   1. broker.conf文件实例如下:

      brokerClusterName = DefaultCluster
      brokerName = broker-a
      brokerId = 0
      deleteWhen = 04
      fileReservedTime = 48
      brokerRole = ASYNC_MASTER
      flushDiskType = ASYNC_FLUSH
      brokerIP1 = 172.16.7.115
      autoCreateTopicEnable=true
      aclEnable=true
      

   2. plain_acl.yml文件实例如下:

      # Licensed to the Apache Software Foundation (ASF) under one or more
      # contributor license agreements.  See the NOTICE file distributed with
      # this work for additional information regarding copyright ownership.
      # The ASF licenses this file to You under the Apache License, Version 2.0
      # (the "License"); you may not use this file except in compliance with
      # the License.  You may obtain a copy of the License at
      #
      #     http://www.apache.org/licenses/LICENSE-2.0
      #
      #  Unless required by applicable law or agreed to in writing, software
      #  distributed under the License is distributed on an "AS IS" BASIS,
      #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      #  See the License for the specific language governing permissions and
      #  limitations under the License.
      
      globalWhiteRemoteAddresses:
      - 172.16.7.*
      
      accounts:
      - accessKey: RocketMQ
        secretKey: 12345678
        whiteRemoteAddress:
        admin: false
        defaultTopicPerm: DENY
        defaultGroupPerm: SUB
        topicPerms:
        - topicA=DENY
        - topicB=PUB|SUB
        - topicC=SUB
        groupPerms:
        # the group should convert to retry topic
        - groupA=DENY
        - groupB=PUB|SUB
        - groupC=SUB
      
      - accessKey: rocketmq2
        secretKey: 12345678
        whiteRemoteAddress: 172.16.7.*
        # if it is admin, it could access all resources
        admin: true
      

4. mkdir -p /docker/rocketmq/conf
   #把上面的broker.conf和plain_acl.yml都放到这个文件夹下面
   
   docker run \
   -d \
   -p 10911:10911 \
   -p 10909:10909 \
   -p 10912:10912 \
   -v /docker/rocketmq/conf/broker.conf:/home/rocketmq/rocketmq-4.8.0/conf/broker.conf \
   -v /docker/rocketmq/conf/plain_acl.yml:/home/rocketmq/rocketmq-4.8.0/conf/plain_acl.yml \
   --name rmqbroker \
   --link rmqnamesrv:namesrv \
   -e "NAMESRV_ADDR=namesrv:9876" \
   -e "MAX_POSSIBLE_HEAP=200000000" \
   apacherocketmq/rocketmq:4.8.0 \
   sh mqbroker -c /home/rocketmq/rocketmq-4.8.0/conf/broker.conf
   

5. 此时一个附带acl的rocketmq单节点就完成了，访问的时候带accessKey和secretkey就可以了，不同类型用户使用不同的key和secret拥有的资源权限也就不同。rocketmq的源码地址: https://github.com/apache/rocketmq，可以下下来看看配置以及源码，打包好的都在distribution这个模块里面。

2.构建rocketmq-console-log镜像并部署(附带需要登录帐密)

1. 可以自己去拉取源码构建最新镜像，也可以拉取已经构建好的之前的镜像，源码地址:https://github.com/apache/rocketmq-externals，现在被踢出去了，可以看这个地址 https://gitee.com/ashscc/rocketmq-console

   1. 构建镜像

      git clone git@github.com:apache/rocketmq-externals.git 
      cd rocketmq-externals/rocketmq-console/
      mvn clean package -Dmaven.test.skip=true
      #然后去classes里面找到打包好的jar文件移动到rocketmq-externals/rocketmq-console/src/main/docker目录下面
      cd src/main/docker
      docker build -t docker-console-login
      

   2. 修改源码配置，也可以不修改，后面通过环境变量来修改，但是users.proprerties需要放到${rocketmq.config.dataPath}这个目录下面，且是热更新的。application.properties

   #application.properties的修改如下，根据自己的实际情况修改，这里配置的是连接域名发现服务以及broker鉴权时候的配置
   #if this value is empty,use env value rocketmq.config.namesrvAddr  NAMESRV_ADDR | now, you can set it in ops page.default localhost:9876
   rocketmq.config.namesrvAddr=172.16.7.115:9876
   #rocketmq-console's data path:dashboard/monitor
   rocketmq.config.dataPath=/tmp/rocketmq-console/data
   
   #Must create userInfo file: ${rocketmq.config.dataPath}/users.properties if the login is required
   rocketmq.config.loginRequired=true
   
   #set the accessKey and secretKey if you used acl
   rocketmq.config.accessKey=rocketmq2
   rocketmq.config.secretKey=12345678
   

   2. 新建users.properties，通过改变读取地址以及挂载可以实现即时修改更新登录用户帐密

   mkdir -p /docker/rocketmq-console/data
   cd /docker/rocketmq-console/data
   touch users.properties
   #然后写入一下配置
   # 对登陆的console-log的用户的帐密的配置，修改规则看说明
   # This file supports hot change, any change will be auto-reloaded without Console restarting.
   # Format: a user per line, username=password[,N] #N is optional, 0 (Normal User); 1 (Admin)
   
   # Define Admin
   admin=admin,1
   
   # Define Users
   user1=user1
   user2=user2
   

2. 运行console-log的镜像

   docker run \
   -d \
   -e "JAVA_OPTS=-Drocketmq.config.namesrvAddr=172.16.7.115:9876 -Drocketmq.config.isVIPChannel=false -Drocketmq.config.dataPath=/tmp/rocketmq-console/data -Drocketmq.config.loginRequired=true -Drocketmq.config.accessKey=rocketmq2 -Drocketmq.config.secretKey=12345678" \
   -v /docker/rocketmq-console/data:/tmp/rocketmq-console/data \
   -p 8080:8080 \
   -t docker-console
   

   1. 实际情况中映射的接口可能得改变，根据需求变动，大致的构建一套带ACL的方式如上

$\color{#FF0000}{tips:参考思路以及防坑,不要完全照搬代码以及过程}$

参考:

1.https://www.cnblogs.com/franson-2016/p/12714692.html

2.https://www.jianshu.com/p/7c9b20518800

3.https://blog.csdn.net/rambogototravel/article/details/103519111

4.https://my.oschina.net/u/3362856/blog/4781202