首页 > 其他分享 >RocketMQ集群ACL设置

RocketMQ集群ACL设置

时间:2024-08-18 09:39:06浏览次数:13  
标签:opt broker ACL 集群 RocketMQ conf home rmqnamesrv rocketmq

一、概述

因安全需求,需要对RocketMQ添加ACL设置

注意:ACL功能需要高版本支持,低版本不行,本文使用的版本为4.9.4

 

关于搭建RocketMQ集群,请参考链接:https://www.cnblogs.com/xiao987334176/p/16771899.html

 

二、配置

修改配置文件broker-a/broker-a.conf,broker-b/broker-b.conf最后一行增加

aclEnable=true

表示开启ACL功能

 

修改broker-a/plain_acl.yml,broker-b/plain_acl.yml

globalWhiteRemoteAddresses:
  - 10.10.103.*
  - 192.168.0.*
  - 172.24.0.*
#  - 101.95.106.218
#  - 192.168.137.138

accounts:
  - accessKey: RocketMQ
    secretKey: 12345678
    whiteRemoteAddress:
    admin: false
    defaultTopicPerm: DENY
    defaultGroupPerm: SUB
    topicPerms:
      - topicA=DENY
      - topicB=PUB|SUB
      - topicC=SUB
    groupPerms:
      # the group should convert to retry topic
      - groupA=DENY
      - groupB=PUB|SUB
      - groupC=SUB

  - accessKey: rocketmq2
    secretKey: 12345678
    whiteRemoteAddress: 192.168.137.138
    # if it is admin, it could access all resources
    admin: true

说明:
globalWhiteRemoteAddresses: 表示全局白名单远程地址,也就是客户端连接地址,即使密码错误,也可以连接。
accessKey和secretKey,表示连接的用户名和密码
whiteRemoteAddress:表示连接的白名单地址,这里的用户名和密码不能出错。
PUB是发布权限,SUB是订阅权限、也就是消费权限,按需配

 

修改docker-compose.yml

version: '3.5'
services:
  rmqnamesrv-a:
    image: apache/rocketmq:4.9.4
    container_name: rmqnamesrv-a
    ports:
      - 9876:9876
    volumes:
      - /opt/rocketmq/logs/nameserver-a:/home/rocketmq/logs
      - /opt/rocketmq/broker-b/broker-b.conf:/home/rocketmq/rocketmq-4.9.4/conf/broker.conf
      - /opt/rocketmq/broker-a/plain_acl.yml:/home/rocketmq/rocketmq-4.9.4/conf/plain_acl.yml
    command: sh mqnamesrv
    networks:
      rmq:
        aliases:
          - rmqnamesrv-a

  rmqnamesrv-b:
    image: apache/rocketmq:4.9.4
    container_name: rmqnamesrv-b
    ports:
      - 9877:9876
    volumes:
      - /opt/rocketmq/logs/nameserver-b:/home/rocketmq/logs
      - /opt/rocketmq/broker-b/broker-b.conf:/home/rocketmq/rocketmq-4.9.4/conf/broker.conf
      - /opt/rocketmq/broker-a/plain_acl.yml:/home/rocketmq/rocketmq-4.9.4/conf/plain_acl.yml
    command: sh mqnamesrv
    networks:
      rmq:
        aliases:
          - rmqnamesrv-b

  rmqbroker-a:
    image: apache/rocketmq:4.9.4
    container_name: rmqbroker-a
    ports:
      - 10911:10911
    volumes:
      - /opt/rocketmq/logs/broker-a/logs:/home/rocketmq/logs
      - /opt/rocketmq/store/broker-a/store:/home/rocketmq/store
      - /opt/rocketmq/broker-a/broker-a.conf:/home/rocketmq/rocketmq-4.9.4/conf/broker.conf
      - /opt/rocketmq/broker-a/plain_acl.yml:/home/rocketmq/rocketmq-4.9.4/conf/plain_acl.yml
    environment:
      TZ: Asia/Shanghai
      NAMESRV_ADDR: "rmqnamesrv-a:9876"
      JAVA_OPTS: " -Duser.home=/opt"
      JAVA_OPT_EXT: "-server -Xms256m -Xmx256m -Xmn256m"
    command: sh mqbroker -c /home/rocketmq/rocketmq-4.9.4/conf/broker.conf
    links:
      - rmqnamesrv-a:rmqnamesrv-a
      - rmqnamesrv-b:rmqnamesrv-b
    networks:
      rmq:
        aliases:
          - rmqbroker-a

  rmqbroker-b:
    image: apache/rocketmq:4.9.4
    container_name: rmqbroker-b
    ports:
      - 10912:10912
    volumes:
      - /opt/rocketmq/logs/broker-b/logs:/home/rocketmq/logs
      - /opt/rocketmq/store/broker-b/store:/home/rocketmq/store
      - /opt/rocketmq/broker-b/broker-b.conf:/home/rocketmq/rocketmq-4.9.4/conf/broker.conf
      - /opt/rocketmq/broker-a/plain_acl.yml:/home/rocketmq/rocketmq-4.9.4/conf/plain_acl.yml
    environment:
      TZ: Asia/Shanghai
      NAMESRV_ADDR: "rmqnamesrv-b:9877"
      JAVA_OPTS: " -Duser.home=/opt"
      JAVA_OPT_EXT: "-server -Xms256m -Xmx256m -Xmn256m"
    command: sh mqbroker -c /home/rocketmq/rocketmq-4.9.4/conf/broker.conf
    links:
      - rmqnamesrv-a:rmqnamesrv-a
      - rmqnamesrv-b:rmqnamesrv-b
    networks:
      rmq:
        aliases:
          - rmqbroker-b
  rmqconsole:
    image: apacherocketmq/rocketmq-dashboard
    container_name: rmqconsole
    ports:
      - 8087:8080
    environment:
      JAVA_OPTS: -Drocketmq.namesrv.addr=rmqnamesrv-a:9876;rmqnamesrv-b:9877 -Dcom.rocketmq.sendMessageWithVIPChannel=false -Drocketmq.config.accessKey=rocketmq2 -Drocketmq.config.secretKey=12345678
    volumes:
      - /opt/rocketmq/console-ng/data:/tmp/rocketmq-console/data
    networks:
      rmq:
        aliases:
          - rmqconsole
networks:
  rmq:
    name: rmq
    driver: bridge
View Code

如果开启了ACL,注意配置accessKey、secretKey,建议配置admin的账户,不然有些功能没有权限使用,

 

访问控制台,查看数据是否显示正常。

 

标签:opt,broker,ACL,集群,RocketMQ,conf,home,rmqnamesrv,rocketmq
From: https://www.cnblogs.com/xiao987334176/p/16772255.html

相关文章

  • CentOS7部署Kubernetes高可用集群(上)
    目录kubernetes介绍kubernetes具备的功能kubernetes集群角色kubernetes集群类型kubernetes集群规划kubernetes集群环境准备 部署HAProxy及Keepalivedkubernetes集群部署方式介绍kubeadm部署kubernetes集群kubernetes集群初始化部署Pod网络插件Calico部署Nginx测试......
  • NP2011-SW-22-VLAN跳跃攻击_VACL(VLAN-MAP)
    vlan跳跃攻击打双层标记配置端口为access端口trunk模式最好是on关闭trunknegotiation本证vlan使用不用的vlan号配置trunk链路要设置允许哪些vlan通过交换机的aclipaclmacaclvlanacl配置access-list100permitip10.1.9.00.0.0.255anymacaccess-listextende......
  • DolphinScheduler集群部署问题(趟坑)总结
    目录官方文档官方项目地址问题解决官方文档DolphinScheduler|文档中心(apache.org)官方项目地址部署及使用过程中的问题可以参见项目Issue:Issues·apache/dolphinscheduler·GitHubGitHub-apache/dolphinschedulerat3.2.2-release问题解决1、JVM在运......
  • Oracle 11g,12c,18c,19,21,23 RU
    https://updates.oracle.com/ARULink/PatchDetails/process_form?patch_num=6880880数据库补丁详细信息地址:MyOracleSupportNote2521164.1Database19ProactivePatchInformationMyOracleSupportNote2369376.1Database18ProactivePatchInformation.MyOracle......
  • Oracle 数据库中的函数REGEXP_LIKE
    REGEXP_LIKE是Oracle数据库中的一个函数,它用于基于正则表达式模式匹配字符串。这个函数非常强大,允许你执行复杂的字符串搜索和匹配操作,比标准的LIKE语句更加强大和灵活。语法REGEXP_LIKE(source_string,pattern[,match_parameter])source_string:要进行模式匹配......
  • k8s集群
    环境初始化#重命名[root@localhost~]#hostnamectlset-hostnamemaster1[root@localhost~]#susu#配置静态IP[root@master1~]#cd/etc/sysconfig/network-scripts/[root@master1network-scripts]#vimifcfg-ens33BOOTPROTO="none"NAME="ens33"DEV......
  • Oracle数据库中,MINUS是一个关键字
    在Oracle数据库中,MINUS是一个关键字,用于执行两个SELECT语句的差集操作。MINUS操作返回在第一个SELECT语句中出现但不在第二个SELECT语句中出现的所有行。换句话说,它会从第一个查询结果中减去第二个查询结果,只保留在第一个查询结果中存在而第二个查询结果中不存在的记录。基本用法......
  • [20240815]oracle21c环境变量ORACLE_PATH与SQLPATH(windows).txt
    [20240815]oracle21c环境变量ORACLE_PATH与SQLPATH(windows).txt--//我记忆以前测试过这个问题,当时是家里的笔记本,安装oracle12.2cforwindows.OS:windows7,发现无法访问SQLPATH或者--//ORACLE_PATH环境变量定义的路径下login.sql文件.我当时解决办法就是登录手工执行init.sq......
  • [20240816]oracle21c环境变量ORACLE_PATH与SQLPATH(linux).txt
    [20240816]oracle21c环境变量ORACLE_PATH与SQLPATH(linux).txt--//我记忆以前测试过这个问题,当时是家里的笔记本,安装oracle12.2cforwindows.OS:windows7,发现无法访问SQLPATH或者--//ORACLE_PATH环境变量定义的路径下login.sql文件.我当时解决办法就是登录手工执行init.sql......
  • [20240814]oracle 21c NLS_DATE_FORMAT设置问题(整理版本1).txt
    [20240814]oracle21cNLS_DATE_FORMAT设置问题(整理版本1).txt--//朋友遇到的问题,请求远程协助解决问题:--//执行sqlplus出现如下错误:SQL*Plus:Release21.0.0.0.0-ProductiononSatAug1011:38:062024Version21.3.0.0.0Copyright(c)1982,2021,Oracle. Allrightsr......