一、用途
测试、预发环境有且只有一个rocketmq,用做业务消息队列,正式环境与阿里云的rocketmq互补,用做非特殊业务统一使用的消息队列
二、Dockerfile
为解决低版本的漏洞问题,通过dockerhub找到了github上的dockerfile源码,自己制作了一个高版本4.9.4版本的镜像(写此文时官方的4.9.4版本镜像也出来了)
rocketmq-docker/Dockerfile-centos at master · apache/rocketmq-docker · GitHub
FROM centos:7
RUN yum install -y java-1.8.0-openjdk-devel.x86_64 unzip gettext nmap-ncat openssl, which gnupg, telnet \
&& yum clean all -y
ARG user=rocketmq
ARG group=rocketmq
ARG uid=3000
ARG gid=3000
RUN groupadd -g ${gid} ${group} \
&& useradd -u ${uid} -g ${gid} -m -s /bin/bash ${user}
ARG version
ENV ROCKETMQ_VERSION 4.9.4
ENV ROCKETMQ_HOME /home/rocketmq/rocketmq-${ROCKETMQ_VERSION}
WORKDIR ${ROCKETMQ_HOME}
RUN set -eux; \
curl -L http://mirrors.ustc.edu.cn/apache/rocketmq/${ROCKETMQ_VERSION}/rocketmq-all-${ROCKETMQ_VERSION}-bin-release.zip -o rocketmq.zip; \
unzip rocketmq.zip ; \
mv rocketmq*/* . ; \
rmdir rocketmq-* ; \
rm rocketmq.zip
COPY scripts/ ${ROCKETMQ_HOME}/bin/
RUN chown -R ${uid}:${gid} ${ROCKETMQ_HOME}
# expose namesrv port
EXPOSE 9876
RUN mv ${ROCKETMQ_HOME}/bin/runserver-customize.sh ${ROCKETMQ_HOME}/bin/runserver.sh \
&& chmod a+x ${ROCKETMQ_HOME}/bin/runserver.sh \
&& chmod a+x ${ROCKETMQ_HOME}/bin/mqnamesrv
# expose broker ports
EXPOSE 10909 10911 10912
# add customized scripts for broker
RUN mv ${ROCKETMQ_HOME}/bin/runbroker-customize.sh ${ROCKETMQ_HOME}/bin/runbroker.sh \
&& chmod a+x ${ROCKETMQ_HOME}/bin/runbroker.sh \
&& chmod a+x ${ROCKETMQ_HOME}/bin/mqbroker
# export Java options
RUN export JAVA_OPT=" -Duser.home=/opt"
# Add ${JAVA_HOME}/lib/ext as java.ext.dirs
RUN sed -i 's/${JAVA_HOME}\/jre\/lib\/ext/${JAVA_HOME}\/jre\/lib\/ext:${JAVA_HOME}\/lib\/ext/' ${ROCKETMQ_HOME}/bin/tools.sh
USER ${user}
WORKDIR ${ROCKETMQ_HOME}/bin
三、运行方式
rocketmq因为官方制作镜像考虑的安全性较高,运行时需要创建指定uid的用户,参照以下方式创建并运行,有namesrv、broker、dashboard三个组件
#rocketmq安装
rocketmq_install(){
#定义rocketmq数据目录
rocketmq_dir=/alidata/app/rocketmq
#创建用户,与定制容器中uid、gid保持一致
groupadd -g 3000 rocketmq
useradd -u 3000 -g rocketmq -M -s /sbin/nologin rocketmq
#创建目录
mkdir -p $rocketmq_dir/{broker/logs,broker/store,config,namesrv/store,namesrv/logs,dashboard}
#授权
chown -R rocketmq:rocketmq $rocketmq_dir
cat > $rocketmq_dir/config/broker.conf << EOF
brokerClusterName = DefaultCluster
brokerName = broker-a
brokerId = 0
deleteWhen = 04
fileReservedTime = 48
brokerRole = ASYNC_MASTER
flushDiskType = ASYNC_FLUSH
brokerIP1 = $IP
listenPort=10911
brokerId=0
autoCreateTopicEnable=true
mapedFileSizeConsumeQueue=300000
diskMaxUsedSpaceRatio=90
EOF
mkdir -p $scripts_dir/rockmq
cd $scripts_dir/rockmq
cat > rmqbroker.sh << EOF
docker rm -f rmqbroker
docker run -d -p 10911:10911 -p 10909:10909 \\
--restart always \\
-v $rocketmq_dir/broker/logs:/home/rocketmq/logs \\
-v $rocketmq_dir/config/broker.conf:/home/rocketmq/conf/broker.conf \\
-v $rocketmq_dir/broker/store:/home/rocketmq/store \\
--name rmqbroker \\
-e "NAMESRV_ADDR=$IP:9876" \\
-e "JAVA_OPT_EXT=-Xmx2048m -Xms2048m -Xmn1024m" \\
-e "MAX_POSSIBLE_HEAP=200000000" \\
swr.cn-east-3.myhuaweicloud.com/syh/rocketmq:4.9.4 \\
sh mqbroker -c /home/rocketmq/conf/broker.conf
EOF
cat > rmqnamesrv.sh << EOF
docker rm -f rmqnamesrv
docker run -d -p 9876:9876 \\
--restart always \\
-v $rocketmq_dir/namesrv/logs:/home/rocketmq/logs \\
--name rmqnamesrv \\
-e "JAVA_OPT_EXT=-Xms512M -Xmx512M -Xmn128m" \\
-e "MAX_POSSIBLE_HEAP=100000000" \\
swr.cn-east-3.myhuaweicloud.com/syh/rocketmq:4.9.4 \\
sh mqnamesrv
EOF
cat > $rocketmq_dir/dashboard/users.properties << EOF
admin=$rockermq_password,1
EOF
cat > rocketmq-ng.sh << EOF
docker rm -f rocketmq-dashboard
docker run -d --name=rocketmq-dashboard \\
--restart always \\
-v $rocketmq_dir/dashboard/users.properties:/tmp/rocketmq-console/data/users.properties \\
-e "JAVA_OPTS=-Drocketmq.namesrv.addr=$IP:9876 -Dcom.rocketmq.sendMessageWithVIPChannel=false -Drocketmq.config.loginRequired=true" \\
-p 8080:8080 -t \\
swr.cn-east-3.myhuaweicloud.com/syh/rocketmq-dashboard:4.9.4
EOF
#执行脚本
sh rmqbroker.sh
sh rmqnamesrv.sh
sh rocketmq-ng.sh
}
四、控制台访问
dashboard的镜像也是直接拉取的官方镜像,自行改造打了一个tag,同时加上了一个账号密码逻辑,规避控制台无密码漏洞。文章来源:https://www.toymoban.com/news/detail-544645.html
以访问预发环境rocketmq控制台为例,需要在浏览器中输入:http://10.100.10.204:8080/文章来源地址https://www.toymoban.com/news/detail-544645.html
到了这里,关于Rocketmq 安装部署的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!