From 8dcdd502d4616331c5456e236d1cc999ff381cac Mon Sep 17 00:00:00 2001 From: ruowen Date: Sat, 4 Jul 2020 08:46:51 +0800 Subject: [PATCH] add rocketmq Change-Id: Icae37d3895b4451478c571383b1b6ca92ba4b99b --- .../.github/ISSUE_TEMPLATE/issue_template.md | 42 +++ rocketmq/.gitignore | 3 + rocketmq/CONTRIBUTING.md | 31 +++ rocketmq/LICENSE | 202 +++++++++++++++ rocketmq/NOTICE | 5 + rocketmq/README.md | 239 ++++++++++++++++++ rocketmq/image-build/Dockerfile-alpine | 90 +++++++ rocketmq/image-build/Dockerfile-centos | 91 +++++++ rocketmq/image-build/build-image.sh | 53 ++++ .../scripts/runbroker-customize.sh | 156 ++++++++++++ .../scripts/runserver-customize.sh | 142 +++++++++++ rocketmq/image-build/update.sh | 49 ++++ rocketmq/product/README.md | 90 +++++++ .../conf/2m-2s-async/broker-a-s.properties | 30 +++ .../conf/2m-2s-async/broker-a.properties | 29 +++ .../conf/2m-2s-async/broker-b-s.properties | 29 +++ .../conf/2m-2s-async/broker-b.properties | 29 +++ .../conf/2m-2s-sync/broker-a-s.properties | 29 +++ .../conf/2m-2s-sync/broker-a.properties | 29 +++ .../conf/2m-2s-sync/broker-b-s.properties | 29 +++ .../conf/2m-2s-sync/broker-b.properties | 29 +++ .../conf/2m-noslave/broker-a.properties | 28 ++ .../conf/2m-noslave/broker-b.properties | 29 +++ .../conf/2m-noslave/broker-trace.properties | 28 ++ rocketmq/product/conf/broker.conf | 25 ++ rocketmq/product/start-broker.sh | 67 +++++ rocketmq/product/start-ns.sh | 55 ++++ rocketmq/stage.sh | 54 ++++ .../templates/data/broker/conf/broker.conf | 8 + .../templates/data/broker/conf/broker1.conf | 9 + .../data/broker0/conf/dledger/broker.conf | 27 ++ .../data/broker1/conf/dledger/broker.conf | 27 ++ .../data/broker2/conf/dledger/broker.conf | 27 ++ .../data/broker/conf/broker.conf | 7 + .../data1/broker/conf/broker.conf | 7 + .../docker-compose/docker-compose.yml | 47 ++++ rocketmq/templates/kubernetes/deployment.yaml | 46 ++++ .../templates/kubernetes/deployment2.yaml | 68 +++++ rocketmq/templates/play-consumer.sh | 20 ++ rocketmq/templates/play-docker-compose.sh | 42 +++ rocketmq/templates/play-docker-dledger.sh | 66 +++++ rocketmq/templates/play-docker-tls.sh | 53 ++++ rocketmq/templates/play-docker.sh | 78 ++++++ rocketmq/templates/play-kubernetes.sh | 23 ++ rocketmq/templates/play-producer.sh | 19 ++ rocketmq/templates/ssl/README.md | 113 +++++++++ rocketmq/templates/ssl/ca.crt | 21 ++ rocketmq/templates/ssl/ca.srl | 1 + rocketmq/templates/ssl/ca_rsa_private.pem | 30 +++ rocketmq/templates/ssl/client.crt | 21 ++ rocketmq/templates/ssl/client.csr | 17 ++ rocketmq/templates/ssl/client_rsa_private.pem | 30 +++ .../ssl/client_rsa_private.pem.unsecure | 27 ++ .../ssl/client_rsa_private_pkcs8.pem | 29 +++ rocketmq/templates/ssl/server.crt | 21 ++ rocketmq/templates/ssl/server.csr | 17 ++ rocketmq/templates/ssl/server_rsa_private.pem | 30 +++ .../ssl/server_rsa_private.pem.unsecure | 27 ++ .../ssl/server_rsa_private_pkcs8.pem | 29 +++ rocketmq/templates/ssl/ssl.properties | 13 + 60 files changed, 2712 insertions(+) create mode 100644 rocketmq/.github/ISSUE_TEMPLATE/issue_template.md create mode 100644 rocketmq/.gitignore create mode 100644 rocketmq/CONTRIBUTING.md create mode 100644 rocketmq/LICENSE create mode 100644 rocketmq/NOTICE create mode 100644 rocketmq/README.md create mode 100644 rocketmq/image-build/Dockerfile-alpine create mode 100644 rocketmq/image-build/Dockerfile-centos create mode 100755 rocketmq/image-build/build-image.sh create mode 100755 rocketmq/image-build/scripts/runbroker-customize.sh create mode 100755 rocketmq/image-build/scripts/runserver-customize.sh create mode 100755 rocketmq/image-build/update.sh create mode 100644 rocketmq/product/README.md create mode 100644 rocketmq/product/conf/2m-2s-async/broker-a-s.properties create mode 100644 rocketmq/product/conf/2m-2s-async/broker-a.properties create mode 100644 rocketmq/product/conf/2m-2s-async/broker-b-s.properties create mode 100644 rocketmq/product/conf/2m-2s-async/broker-b.properties create mode 100644 rocketmq/product/conf/2m-2s-sync/broker-a-s.properties create mode 100644 rocketmq/product/conf/2m-2s-sync/broker-a.properties create mode 100644 rocketmq/product/conf/2m-2s-sync/broker-b-s.properties create mode 100644 rocketmq/product/conf/2m-2s-sync/broker-b.properties create mode 100644 rocketmq/product/conf/2m-noslave/broker-a.properties create mode 100644 rocketmq/product/conf/2m-noslave/broker-b.properties create mode 100644 rocketmq/product/conf/2m-noslave/broker-trace.properties create mode 100644 rocketmq/product/conf/broker.conf create mode 100644 rocketmq/product/start-broker.sh create mode 100644 rocketmq/product/start-ns.sh create mode 100644 rocketmq/stage.sh create mode 100644 rocketmq/templates/data/broker/conf/broker.conf create mode 100644 rocketmq/templates/data/broker/conf/broker1.conf create mode 100644 rocketmq/templates/data/broker0/conf/dledger/broker.conf create mode 100644 rocketmq/templates/data/broker1/conf/dledger/broker.conf create mode 100644 rocketmq/templates/data/broker2/conf/dledger/broker.conf create mode 100644 rocketmq/templates/docker-compose/data/broker/conf/broker.conf create mode 100644 rocketmq/templates/docker-compose/data1/broker/conf/broker.conf create mode 100644 rocketmq/templates/docker-compose/docker-compose.yml create mode 100644 rocketmq/templates/kubernetes/deployment.yaml create mode 100644 rocketmq/templates/kubernetes/deployment2.yaml create mode 100755 rocketmq/templates/play-consumer.sh create mode 100755 rocketmq/templates/play-docker-compose.sh create mode 100755 rocketmq/templates/play-docker-dledger.sh create mode 100755 rocketmq/templates/play-docker-tls.sh create mode 100755 rocketmq/templates/play-docker.sh create mode 100755 rocketmq/templates/play-kubernetes.sh create mode 100755 rocketmq/templates/play-producer.sh create mode 100644 rocketmq/templates/ssl/README.md create mode 100644 rocketmq/templates/ssl/ca.crt create mode 100644 rocketmq/templates/ssl/ca.srl create mode 100644 rocketmq/templates/ssl/ca_rsa_private.pem create mode 100644 rocketmq/templates/ssl/client.crt create mode 100644 rocketmq/templates/ssl/client.csr create mode 100644 rocketmq/templates/ssl/client_rsa_private.pem create mode 100644 rocketmq/templates/ssl/client_rsa_private.pem.unsecure create mode 100644 rocketmq/templates/ssl/client_rsa_private_pkcs8.pem create mode 100644 rocketmq/templates/ssl/server.crt create mode 100644 rocketmq/templates/ssl/server.csr create mode 100644 rocketmq/templates/ssl/server_rsa_private.pem create mode 100644 rocketmq/templates/ssl/server_rsa_private.pem.unsecure create mode 100644 rocketmq/templates/ssl/server_rsa_private_pkcs8.pem create mode 100644 rocketmq/templates/ssl/ssl.properties diff --git a/rocketmq/.github/ISSUE_TEMPLATE/issue_template.md b/rocketmq/.github/ISSUE_TEMPLATE/issue_template.md new file mode 100644 index 0000000..bbf88c2 --- /dev/null +++ b/rocketmq/.github/ISSUE_TEMPLATE/issue_template.md @@ -0,0 +1,42 @@ +--- +name: ISSUE_TEMPLATE +about: Describe this issue template's purpose here. +title: '' +labels: '' +assignees: '' + +--- + +The issue tracker is **ONLY** used for bug report(feature request need to follow [RIP process](https://github.com/apache/rocketmq/wiki/RocketMQ-Improvement-Proposal)). Keep in mind, please check whether there is an existing same report before your raise a new one. + +Alternately (especially if your communication is not a bug report), you can send mail to our [mailing lists](http://rocketmq.apache.org/about/contact/). We welcome any friendly suggestions, bug fixes, collaboration and other improvements. + +Please ensure that your bug report is clear and that it is complete. Otherwise, we may be unable to understand it or to reproduce it, either of which would prevent us from fixing the bug. We strongly recommend the report(bug report or feature request) could include some hints as the following: + +**BUG REPORT** + +1. Please describe the issue you observed: + +- What did you do (The steps to reproduce)? + +- What did you expect to see? + +- What did you see instead? + +2. Please tell us about your environment: + +3. Other information (e.g. detailed explanation, logs, related issues, suggestions how to fix, etc): + +**FEATURE REQUEST** + +1. Please describe the feature you are requesting. + +2. Provide any additional detail on your proposed use case for this feature. + +2. Indicate the importance of this issue to you (blocker, must-have, should-have, nice-to-have). Are you currently using any workarounds to address this issue? + +4. If there are some sub-tasks using -[] for each subtask and create a corresponding issue to map to the sub task: + +- [sub-task1-issue-number](example_sub_issue1_link_here): sub-task1 description here, +- [sub-task2-issue-number](example_sub_issue2_link_here): sub-task2 description here, +- ... diff --git a/rocketmq/.gitignore b/rocketmq/.gitignore new file mode 100644 index 0000000..558ab45 --- /dev/null +++ b/rocketmq/.gitignore @@ -0,0 +1,3 @@ +stages/ + +.idea/ \ No newline at end of file diff --git a/rocketmq/CONTRIBUTING.md b/rocketmq/CONTRIBUTING.md new file mode 100644 index 0000000..952ad73 --- /dev/null +++ b/rocketmq/CONTRIBUTING.md @@ -0,0 +1,31 @@ +## How To Contribute + +We are always very happy to have contributions, whether for trivial cleanups or big new features. +We want to have high quality, well documented codes for each programming language, as well as the surrounding [ecosystem](https://github.com/apache/rocketmq-externals) of integration tools that people use with RocketMQ. + +Nor is code the only way to contribute to the project. We strongly value documentation, integration with other project, and gladly accept improvements for these aspects. + +## Contributing code + +To submit a change for inclusion, please do the following: + +#### If the change is non-trivial please include some unit tests that cover the new functionality. +#### If you are introducing a completely new feature or API it is a good idea to start a [RIP](https://github.com/apache/rocketmq/wiki/RocketMQ-Improvement-Proposal) and get consensus on the basic design first. +#### It is our job to follow up on patches in a timely fashion. Nag us if we aren't doing our job (sometimes we drop things). + +## Becoming a Committer + +We are always interested in adding new contributors. What we look for are series of contributions, good taste and ongoing interest in the project. If you are interested in becoming a committer, please let one of the existing committers know and they can help you walk through the process. + +Nowadays,we have several important contribution points: +#### Wiki & JavaDoc +#### RocketMQ SDK(C++\.Net\Php\Python\Go\Node.js) +#### RocketMQ Connectors + +##### Prerequisite +If you want to contribute the above listing points, you must abide our some prerequisites: + +###### Readability - API must have Javadoc,some very important methods also must have javadoc +###### Testability - 80% above unit test coverage about main process +###### Maintainability - Comply with our [checkstyle spec](style/rmq_checkstyle.xml), and at least 3 month update frequency +###### Deployability - We encourage you to deploy into [maven repository](http://search.maven.org/) diff --git a/rocketmq/LICENSE b/rocketmq/LICENSE new file mode 100644 index 0000000..7a4a3ea --- /dev/null +++ b/rocketmq/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. \ No newline at end of file diff --git a/rocketmq/NOTICE b/rocketmq/NOTICE new file mode 100644 index 0000000..85e2dc3 --- /dev/null +++ b/rocketmq/NOTICE @@ -0,0 +1,5 @@ +Apache RocketMQ +Copyright 2016-2019 The Apache Software Foundation + +This product includes software developed at +The Apache Software Foundation (http://www.apache.org/). diff --git a/rocketmq/README.md b/rocketmq/README.md new file mode 100644 index 0000000..2e8a341 --- /dev/null +++ b/rocketmq/README.md @@ -0,0 +1,239 @@ +# RocketMQ-Docker +[![License](https://img.shields.io/badge/license-Apache%202-4EB1BA.svg)](https://www.apache.org/licenses/LICENSE-2.0.html) +[![Average time to resolve an issue](http://isitmaintained.com/badge/resolution/apache/rocketmq-docker.svg)](http://isitmaintained.com/project/apache/rocketmq-docker "Average time to resolve an issue") +[![Percentage of issues still open](http://isitmaintained.com/badge/open/apache/rocketmq-docker.svg)](http://isitmaintained.com/project/apache/rocketmq-docker "Percentage of issues still open") +![Twitter Follow](https://img.shields.io/twitter/follow/ApacheRocketMQ?style=social) + + +This is the Git repo of the Docker Image for Apache RocketMQ. You could run it through the following ways: + +1. Generate a RocketMQ Docker image +2. Run the docker image with the below modes: + 1. Single Node. + 2. Cluster with docker-compose. + 3. Cluster on Kubernetes. + + +## Prerequisites + +The Docker images in this repository should support Docker version 1.12+, and Kubernetes version 1.9+. + + +## Quick start + +### A. Generate a RocketMQ docker image + +Note: This is an experimented code to allow users to build docker image locally according to a given RocketMQ version. Actually the formal images have been generated by RocketMQ official maintainer and stored in docker hub. Suggest common users to use these remote images directly. + +``` +cd image-build +sh build-image.sh RMQ-VERSION BASE-IMAGE +``` + +> Tip: The supported RMQ-VERSIONs can be obtained from [here](https://archive.apache.org/dist/rocketmq/). The supported BASE-IMAGEs are [centos, alpine]. For example: ```sh build-image.sh 4.5.0 alpine``` + +### B. Stage a specific version + +Users can generate a runtime (stage) directory based on a specific version and docker style operate the RocketMQ cluster/server/nameserver beneath the directory. + +``` +sh stage.sh RMQ-VERSION +``` + +> Note: RMQ-VERSION is the tag of the RocketMQ image. +After executing the above shell script, (e.g. sh stage.sh 4.5.0), it will generate a stage directory (./stages/4.5.0). User can do the following works under the directory, assuming the RMQ-version is defined with 4.5.0. + +#### 1. Single Node + +Run: + +``` +cd stages/4.5.0 + +./play-docker.sh alpine + +``` +> NOTE: +Some Linux Systems (e.g. Ubuntu) may generate path +```stages/4.5.0/template```, please adjust the command accordingly. + + +#### 2. Cluster with docker-compose + +Run: + +``` +cd stages/4.5.0 + +./play-docker-compose.sh + +``` + + +#### 3. Cluster on Kubernetes + +Run: + +``` +cd stages/4.5.0 + +./play-kubernetes.sh + +``` + +#### 4. Cluster of Dledger storage + +Run: (Note: This feature needs RMQ version is 4.4.0 or above) + +``` +cd stages/4.5.0 + +./play-docker-dledger.sh + +``` + +## 5. TLS support + +Run: (It will startup nameserver and broker with SSL enabled style. The client will not invoke nameserver or broker until related SSL client is configurated. ) + +You can see detailed TLS config instruction from [here](templates/ssl/README.md) + +``` +cd stages/4.5.0 + +./play-docker-tls.sh + +# Once nameserver and broker startup correctly, you still can use the following script to test produce/consume in SSL mode, why, due to they still use the SSL setting which exists in JAVA-OPT of the docker rmqbroker container. +./play-producer.sh +./play-consumer.sh +``` + +### How to update RocketMQ image repository using update.sh +Run: + +``` +cd image-build +./update.sh +``` + +This script will get the latest release version of RocketMQ and build the docker images based on ```alpine``` and ```centos``` respectively, then push the new images to the current official repository ```apacherocketmq/rocketmq```. + +### How to verify RocketMQ works well + +#### Verify with Docker and docker-compose + +1. Use `docker ps|grep rmqbroker` to find your RocketMQ broker container id. + +2. Use `docker exec -it {container_id} ./mqadmin clusterList -n {nameserver_ip}:9876` to verify if RocketMQ broker works, for example: +``` +root$ docker exec -it 63950574b491 ./mqadmin clusterList -n 192.168.43.56:9876 +OpenJDK 64-Bit Server VM warning: ignoring option PermSize=128m; support was removed in 8.0 +OpenJDK 64-Bit Server VM warning: ignoring option MaxPermSize=128m; support was removed in 8.0 +#Cluster Name #Broker Name #BID #Addr #Version #InTPS(LOAD) #OutTPS(LOAD) #PCWait(ms) #Hour #SPACE +DefaultCluster 63950574b491 0 172.17.0.3:10911 V4_3_0 0.00(0,0ms) 0.00(0,0ms) 0 429398.92 -1.0000 + +``` + +#### Verify with Kubernetes + +1. Use `kubectl get pods|grep rocketmq` to find your RocketMQ broker Pod id, for example: +``` +[root@k8s-master rocketmq]# kubectl get pods |grep rocketmq +rocketmq-7697d9d574-b5z7g 2/2 Running 0 2d +``` + +2. Use `kubectl -n {namespace} exec -it {pod_id} -c broker bash` to login the broker pod, for example: +``` +[root@k8s-master rocketmq]# kubectl -n default exec -it rocketmq-7697d9d574-b5z7g -c broker bash +[root@rocketmq-7697d9d574-b5z7g bin]# +``` + +3. Use `mqadmin clusterList -n {nameserver_ip}:9876` to verify if RocketMQ broker works, for example: +``` +[root@rocketmq-7697d9d574-b5z7g bin]# ./mqadmin clusterList -n localhost:9876 +OpenJDK 64-Bit Server VM warning: ignoring option PermSize=128m; support was removed in 8.0 +OpenJDK 64-Bit Server VM warning: ignoring option MaxPermSize=128m; support was removed in 8.0 +#Cluster Name #Broker Name #BID #Addr #Version #InTPS(LOAD) #OutTPS(LOAD) #PCWait(ms) #Hour #SPACE +DefaultCluster rocketmq-7697d9d574-b5z7g 0 192.168.196.14:10911 V4_3_0 0.00(0,0ms) 0.00(0,0ms) 0 429399.44 -1.0000 + +``` + +So you will find it works, enjoy ! + +### C. Product level configuration + +The project also provides a usage reference for product level cluster docker configuration and startup. Please see the [README.md](product/README.md) details in /product directory. + + +## FAQ + +#### 1. If I want the broker container to load my customized configuration file (which means `broker.conf`) when it starts, how can I achieve this? + +First, create the customized `broker.conf`, like below: +``` +brokerClusterName = DefaultCluster +brokerName = broker-a +brokerId = 0 +deleteWhen = 04 +fileReservedTime = 48 +brokerRole = ASYNC_MASTER +flushDiskType = ASYNC_FLUSH +#set `brokerIP1` if you want to set physical IP as broker IP. +brokerIP1=10.10.101.80 #change you own physical IP Address +``` + +And put the customized `broker.conf` file at a specific path, like "`pwd`/data/broker/conf/broker.conf". + +Then we can modify the `play-docker.sh` and volume this file to the broker container when it starts. For example: + +``` +docker run -d -p 10911:10911 -p 10909:10909 -v `pwd`/data/broker/logs:/root/logs -v `pwd`/data/broker/store:/root/store -v `pwd`/data/broker/conf/broker.conf:/home/rocketmq/rocketmq-4.5.0/conf/broker.conf --name rmqbroker --link rmqnamesrv:namesrv -e "NAMESRV_ADDR=namesrv:9876" apacherocketmq/rocketmq:4.5.0 sh mqbroker -c /opt/rocketmq-4.5.0/conf/broker.conf + +``` + +Finally we can find the customized `broker.conf` has been used in the broker container. For example: + +``` +MacBook-Pro:4.5.0 huan$ docker ps |grep mqbroker +a32c67aed6dd apacherocketmq/rocketmq:4.5.0 "sh mqbroker" 20 minutes ago Up 20 minutes 0.0.0.0:10909->10909/tcp, 9876/tcp, 0.0.0.0:10911->10911/tcp rmqbroker +MacBook-Pro:4.5.0 $ docker exec -it a32c67aed6dd cat /home/rocketmq/rocketmq-4.5.0/conf/broker.conf +brokerClusterName = DefaultCluster +brokerName = broker-a +brokerId = 0 +deleteWhen = 04 +fileReservedTime = 48 +brokerRole = ASYNC_MASTER +flushDiskType = ASYNC_FLUSH +#set `brokerIP1` if you want to set physical IP as broker IP. +brokerIP1=10.10.101.80 #change you own physical IP Address + +``` + +In the case of docker-compose, change the docker-compose.yml like following: +``` +version: '2' +services: + namesrv: + image: apacherocketmq/rocketmq:4.5.0 + container_name: rmqnamesrv + ports: + - 9876:9876 + volumes: + - ./data/namesrv/logs:/home/rocketmq/logs + command: sh mqnamesrv + broker: + image: apacherocketmq/rocketmq:4.5.0 + container_name: rmqbroker + ports: + - 10909:10909 + - 10911:10911 + - 10912:10912 + volumes: + - ./data/broker/logs:/home/rocketmq/logs + - ./data/broker/store:/home/rocketmq/store + - ./data/broker/conf/broker.conf:/home/rocketmq/rocketmq-4.5.0/conf/broker.conf + command: sh mqbroker -n namesrv:9876 -c ../conf/broker.conf + depends_on: + - namesrv + +``` diff --git a/rocketmq/image-build/Dockerfile-alpine b/rocketmq/image-build/Dockerfile-alpine new file mode 100644 index 0000000..90bbda5 --- /dev/null +++ b/rocketmq/image-build/Dockerfile-alpine @@ -0,0 +1,90 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +FROM openjdk:8-alpine + +RUN apk add --no-cache bash gettext nmap-ncat openssl busybox-extras + +ARG user=rocketmq +ARG group=rocketmq +ARG uid=3000 +ARG gid=3000 + +# RocketMQ is run with user `rocketmq`, uid = 3000 +# If you bind mount a volume from the host or a data container, +# ensure you use the same uid +RUN addgroup --gid ${gid} ${group} \ + && adduser --uid ${uid} -G ${group} ${user} -s /bin/bash -D + +ARG version + +# Rocketmq version +ENV ROCKETMQ_VERSION ${version} + +# Rocketmq home +ENV ROCKETMQ_HOME /home/rocketmq/rocketmq-${ROCKETMQ_VERSION} + +WORKDIR ${ROCKETMQ_HOME} + +# Install +RUN set -eux; \ + apk add --virtual .build-deps curl gnupg unzip; \ + curl -L https://archive.apache.org/dist/rocketmq/${ROCKETMQ_VERSION}/rocketmq-all-${ROCKETMQ_VERSION}-bin-release.zip -o rocketmq.zip; \ + curl -L https://archive.apache.org/dist/rocketmq/${ROCKETMQ_VERSION}/rocketmq-all-${ROCKETMQ_VERSION}-bin-release.zip.asc -o rocketmq.zip.asc; \ + #https://www.apache.org/dist/rocketmq/KEYS + curl -L https://www.apache.org/dist/rocketmq/KEYS -o KEYS; \ + \ + gpg --import KEYS; \ + gpg --batch --verify rocketmq.zip.asc rocketmq.zip; \ + unzip rocketmq.zip; \ + mv rocketmq-all*/* . ; \ + rmdir rocketmq-all* ; \ + rm rocketmq.zip rocketmq.zip.asc KEYS; \ + apk del .build-deps ; \ + rm -rf /var/cache/apk/* ; \ + rm -rf /tmp/* + +# Copy customized scripts +COPY scripts/ ${ROCKETMQ_HOME}/bin/ + +RUN chown -R ${uid}:${gid} ${ROCKETMQ_HOME} + +# Expose namesrv port +EXPOSE 9876 + +# Override customized scripts for namesrv +RUN mv ${ROCKETMQ_HOME}/bin/runserver-customize.sh ${ROCKETMQ_HOME}/bin/runserver.sh \ + && chmod a+x ${ROCKETMQ_HOME}/bin/runserver.sh \ + && chmod a+x ${ROCKETMQ_HOME}/bin/mqnamesrv + +# Expose broker ports +EXPOSE 10909 10911 10912 + +# Override customized scripts for broker +RUN mv ${ROCKETMQ_HOME}/bin/runbroker-customize.sh ${ROCKETMQ_HOME}/bin/runbroker.sh \ + && chmod a+x ${ROCKETMQ_HOME}/bin/runbroker.sh \ + && chmod a+x ${ROCKETMQ_HOME}/bin/mqbroker + +# Export Java options +RUN export JAVA_OPT=" -Duser.home=/opt" + +# Add ${JAVA_HOME}/lib/ext as java.ext.dirs +RUN sed -i 's/${JAVA_HOME}\/jre\/lib\/ext/${JAVA_HOME}\/jre\/lib\/ext:${JAVA_HOME}\/lib\/ext/' ${ROCKETMQ_HOME}/bin/tools.sh + +USER ${user} + +WORKDIR ${ROCKETMQ_HOME}/bin \ No newline at end of file diff --git a/rocketmq/image-build/Dockerfile-centos b/rocketmq/image-build/Dockerfile-centos new file mode 100644 index 0000000..17b2a06 --- /dev/null +++ b/rocketmq/image-build/Dockerfile-centos @@ -0,0 +1,91 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +FROM centos:7 + +RUN yum install -y java-1.8.0-openjdk-devel.x86_64 unzip gettext nmap-ncat openssl, which gnupg, telnet \ + && yum clean all -y + +# FROM openjdk:8-jdk +# RUN apt-get update && apt-get install -y --no-install-recommends \ +# bash libapr1 unzip telnet wget gnupg ca-certificates \ +# && rm -rf /var/lib/apt/lists/* + +ARG user=rocketmq +ARG group=rocketmq +ARG uid=3000 +ARG gid=3000 + +# RocketMQ is run with user `rocketmq`, uid = 3000 +# If you bind mount a volume from the host or a data container, +# ensure you use the same uid +RUN groupadd -g ${gid} ${group} \ + && useradd -u ${uid} -g ${gid} -m -s /bin/bash ${user} + +ARG version + +# Rocketmq version +ENV ROCKETMQ_VERSION ${version} + +# Rocketmq home +ENV ROCKETMQ_HOME /home/rocketmq/rocketmq-${ROCKETMQ_VERSION} + +WORKDIR ${ROCKETMQ_HOME} + +RUN set -eux; \ + curl -L https://archive.apache.org/dist/rocketmq/${ROCKETMQ_VERSION}/rocketmq-all-${ROCKETMQ_VERSION}-bin-release.zip -o rocketmq.zip; \ + curl -L https://archive.apache.org/dist/rocketmq/${ROCKETMQ_VERSION}/rocketmq-all-${ROCKETMQ_VERSION}-bin-release.zip.asc -o rocketmq.zip.asc; \ + #https://www.apache.org/dist/rocketmq/KEYS + curl -L https://www.apache.org/dist/rocketmq/KEYS -o KEYS; \ + \ + gpg --import KEYS; \ + gpg --batch --verify rocketmq.zip.asc rocketmq.zip ; \ + unzip rocketmq.zip ; \ + mv rocketmq-all*/* . ; \ + rmdir rocketmq-all* ; \ + rm rocketmq.zip rocketmq.zip.asc KEYS + +# add scripts +COPY scripts/ ${ROCKETMQ_HOME}/bin/ + +RUN chown -R ${uid}:${gid} ${ROCKETMQ_HOME} + +# expose namesrv port +EXPOSE 9876 + +# add customized scripts for namesrv +RUN mv ${ROCKETMQ_HOME}/bin/runserver-customize.sh ${ROCKETMQ_HOME}/bin/runserver.sh \ + && chmod a+x ${ROCKETMQ_HOME}/bin/runserver.sh \ + && chmod a+x ${ROCKETMQ_HOME}/bin/mqnamesrv + +# expose broker ports +EXPOSE 10909 10911 10912 + +# add customized scripts for broker +RUN mv ${ROCKETMQ_HOME}/bin/runbroker-customize.sh ${ROCKETMQ_HOME}/bin/runbroker.sh \ + && chmod a+x ${ROCKETMQ_HOME}/bin/runbroker.sh \ + && chmod a+x ${ROCKETMQ_HOME}/bin/mqbroker + +# export Java options +RUN export JAVA_OPT=" -Duser.home=/opt" + +# Add ${JAVA_HOME}/lib/ext as java.ext.dirs +RUN sed -i 's/${JAVA_HOME}\/jre\/lib\/ext/${JAVA_HOME}\/jre\/lib\/ext:${JAVA_HOME}\/lib\/ext/' ${ROCKETMQ_HOME}/bin/tools.sh + +USER ${user} + +WORKDIR ${ROCKETMQ_HOME}/bin diff --git a/rocketmq/image-build/build-image.sh b/rocketmq/image-build/build-image.sh new file mode 100755 index 0000000..6073271 --- /dev/null +++ b/rocketmq/image-build/build-image.sh @@ -0,0 +1,53 @@ +#!/bin/bash + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +checkVersion() +{ + echo "Version = $1" + echo $1 |grep -E "^[0-9]+\.[0-9]+\.[0-9]+" > /dev/null + if [ $? = 0 ]; then + return 1 + fi + + echo "Version $1 illegal, it should be X.X.X format(e.g. 4.5.0), please check released versions in 'https://archive.apache.org/dist/rocketmq/'" + exit -1 +} + +if [ $# -lt 2 ]; then + echo -e "Usage: sh $0 Version BaseImage" + exit -1 +fi + +ROCKETMQ_VERSION=$1 +BASE_IMAGE=$2 + +checkVersion $ROCKETMQ_VERSION + +# Build rocketmq +case "${BASE_IMAGE}" in + alpine) + docker build --no-cache -f Dockerfile-alpine -t apacherocketmq/rocketmq:${ROCKETMQ_VERSION}-alpine --build-arg version=${ROCKETMQ_VERSION} . + ;; + centos) + docker build --no-cache -f Dockerfile-centos -t apacherocketmq/rocketmq:${ROCKETMQ_VERSION} --build-arg version=${ROCKETMQ_VERSION} . + ;; + *) + echo "${BASE_IMAGE} is not supported, supported base images: centos, alpine" + exit -1 + ;; +esac + diff --git a/rocketmq/image-build/scripts/runbroker-customize.sh b/rocketmq/image-build/scripts/runbroker-customize.sh new file mode 100755 index 0000000..e1edad0 --- /dev/null +++ b/rocketmq/image-build/scripts/runbroker-customize.sh @@ -0,0 +1,156 @@ +#!/bin/bash + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#=========================================================================================== +# Java Environment Setting +#=========================================================================================== +error_exit () +{ + echo "ERROR: $1 !!" + exit 1 +} + +find_java_home() +{ + case "`uname`" in + Darwin) + JAVA_HOME=$(/usr/libexec/java_home) + ;; + *) + JAVA_HOME=$(dirname $(dirname $(readlink -f $(which javac)))) + ;; + esac +} + +find_java_home + +[ ! -e "$JAVA_HOME/bin/java" ] && JAVA_HOME=$HOME/jdk/java +[ ! -e "$JAVA_HOME/bin/java" ] && JAVA_HOME=/usr/java +[ ! -e "$JAVA_HOME/bin/java" ] && error_exit "Please set the JAVA_HOME variable in your environment, We need java(x64)!" + +export JAVA_HOME +export JAVA="$JAVA_HOME/bin/java" +export BASE_DIR=$(dirname $0)/.. +export CLASSPATH=.:${BASE_DIR}/conf:${CLASSPATH} + +#=========================================================================================== +# JVM Configuration +#=========================================================================================== +calculate_heap_sizes() +{ + case "`uname`" in + Linux) + system_memory_in_mb=`free -m| sed -n '2p' | awk '{print $2}'` + system_cpu_cores=`egrep -c 'processor([[:space:]]+):.*' /proc/cpuinfo` + ;; + FreeBSD) + system_memory_in_bytes=`sysctl hw.physmem | awk '{print $2}'` + system_memory_in_mb=`expr $system_memory_in_bytes / 1024 / 1024` + system_cpu_cores=`sysctl hw.ncpu | awk '{print $2}'` + ;; + SunOS) + system_memory_in_mb=`prtconf | awk '/Memory size:/ {print $3}'` + system_cpu_cores=`psrinfo | wc -l` + ;; + Darwin) + system_memory_in_bytes=`sysctl hw.memsize | awk '{print $2}'` + system_memory_in_mb=`expr $system_memory_in_bytes / 1024 / 1024` + system_cpu_cores=`sysctl hw.ncpu | awk '{print $2}'` + ;; + *) + # assume reasonable defaults for e.g. a modern desktop or + # cheap server + system_memory_in_mb="2048" + system_cpu_cores="2" + ;; + esac + + # some systems like the raspberry pi don't report cores, use at least 1 + if [ "$system_cpu_cores" -lt "1" ] + then + system_cpu_cores="1" + fi + + # set max heap size based on the following + # max(min(1/2 ram, 1024MB), min(1/4 ram, 8GB)) + # calculate 1/2 ram and cap to 1024MB + # calculate 1/4 ram and cap to 8192MB + # pick the max + half_system_memory_in_mb=`expr $system_memory_in_mb / 2` + quarter_system_memory_in_mb=`expr $half_system_memory_in_mb / 2` + if [ "$half_system_memory_in_mb" -gt "1024" ] + then + half_system_memory_in_mb="1024" + fi + if [ "$quarter_system_memory_in_mb" -gt "8192" ] + then + quarter_system_memory_in_mb="8192" + fi + if [ "$half_system_memory_in_mb" -gt "$quarter_system_memory_in_mb" ] + then + max_heap_size_in_mb="$half_system_memory_in_mb" + else + max_heap_size_in_mb="$quarter_system_memory_in_mb" + fi + MAX_HEAP_SIZE="${max_heap_size_in_mb}M" + + # Young gen: min(max_sensible_per_modern_cpu_core * num_cores, 1/4 * heap size) + max_sensible_yg_per_core_in_mb="100" + max_sensible_yg_in_mb=`expr $max_sensible_yg_per_core_in_mb "*" $system_cpu_cores` + + desired_yg_in_mb=`expr $max_heap_size_in_mb / 4` + + if [ "$desired_yg_in_mb" -gt "$max_sensible_yg_in_mb" ] + then + HEAP_NEWSIZE="${max_sensible_yg_in_mb}M" + else + HEAP_NEWSIZE="${desired_yg_in_mb}M" + fi +} + +calculate_heap_sizes + +# Dynamically calculate parameters, for reference. +Xms=$MAX_HEAP_SIZE +Xmx=$MAX_HEAP_SIZE +Xmn=$HEAP_NEWSIZE +MaxDirectMemorySize=$MAX_HEAP_SIZE +# Set for `JAVA_OPT`. +JAVA_OPT="${JAVA_OPT} -server -Xms${Xms} -Xmx${Xmx} -Xmn${Xmn}" +JAVA_OPT="${JAVA_OPT} -XX:+UseG1GC -XX:G1HeapRegionSize=16m -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -XX:SoftRefLRUPolicyMSPerMB=0 -XX:SurvivorRatio=8" +JAVA_OPT="${JAVA_OPT} -verbose:gc -Xloggc:/dev/shm/mq_gc_%p.log -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintGCApplicationStoppedTime -XX:+PrintAdaptiveSizePolicy" +JAVA_OPT="${JAVA_OPT} -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=5 -XX:GCLogFileSize=30m" +JAVA_OPT="${JAVA_OPT} -XX:-OmitStackTraceInFastThrow" +JAVA_OPT="${JAVA_OPT} -XX:+AlwaysPreTouch" +JAVA_OPT="${JAVA_OPT} -XX:MaxDirectMemorySize=${MaxDirectMemorySize}" +JAVA_OPT="${JAVA_OPT} -XX:-UseLargePages -XX:-UseBiasedLocking" +JAVA_OPT="${JAVA_OPT} -Djava.ext.dirs=${JAVA_HOME}/jre/lib/ext:${BASE_DIR}/lib" +#JAVA_OPT="${JAVA_OPT} -Xdebug -Xrunjdwp:transport=dt_socket,address=9555,server=y,suspend=n" +JAVA_OPT="${JAVA_OPT} ${JAVA_OPT_EXT}" +JAVA_OPT="${JAVA_OPT} -cp ${CLASSPATH}" + +numactl --interleave=all pwd > /dev/null 2>&1 +if [ $? -eq 0 ] +then + if [ -z "$RMQ_NUMA_NODE" ] ; then + numactl --interleave=all $JAVA ${JAVA_OPT} $@ + else + numactl --cpunodebind=$RMQ_NUMA_NODE --membind=$RMQ_NUMA_NODE $JAVA ${JAVA_OPT} $@ + fi +else + $JAVA ${JAVA_OPT} $@ +fi diff --git a/rocketmq/image-build/scripts/runserver-customize.sh b/rocketmq/image-build/scripts/runserver-customize.sh new file mode 100755 index 0000000..c05e77e --- /dev/null +++ b/rocketmq/image-build/scripts/runserver-customize.sh @@ -0,0 +1,142 @@ +#!/bin/bash + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#=========================================================================================== +# Java Environment Setting +#=========================================================================================== +error_exit () +{ + echo "ERROR: $1 !!" + exit 1 +} + +find_java_home() +{ + case "`uname`" in + Darwin) + JAVA_HOME=$(/usr/libexec/java_home) + ;; + *) + JAVA_HOME=$(dirname $(dirname $(readlink -f $(which javac)))) + ;; + esac +} + +find_java_home + +[ ! -e "$JAVA_HOME/bin/java" ] && JAVA_HOME=$HOME/jdk/java +[ ! -e "$JAVA_HOME/bin/java" ] && JAVA_HOME=/usr/java +[ ! -e "$JAVA_HOME/bin/java" ] && error_exit "Please set the JAVA_HOME variable in your environment, We need java(x64)!" + +export JAVA_HOME +export JAVA="$JAVA_HOME/bin/java" +export BASE_DIR=$(dirname $0)/.. +export CLASSPATH=.:${BASE_DIR}/conf:${CLASSPATH} + +#=========================================================================================== +# JVM Configuration +#=========================================================================================== +calculate_heap_sizes() +{ + case "`uname`" in + Linux) + system_memory_in_mb=`free -m| sed -n '2p' | awk '{print $2}'` + system_cpu_cores=`egrep -c 'processor([[:space:]]+):.*' /proc/cpuinfo` + ;; + FreeBSD) + system_memory_in_bytes=`sysctl hw.physmem | awk '{print $2}'` + system_memory_in_mb=`expr $system_memory_in_bytes / 1024 / 1024` + system_cpu_cores=`sysctl hw.ncpu | awk '{print $2}'` + ;; + SunOS) + system_memory_in_mb=`prtconf | awk '/Memory size:/ {print $3}'` + system_cpu_cores=`psrinfo | wc -l` + ;; + Darwin) + system_memory_in_bytes=`sysctl hw.memsize | awk '{print $2}'` + system_memory_in_mb=`expr $system_memory_in_bytes / 1024 / 1024` + system_cpu_cores=`sysctl hw.ncpu | awk '{print $2}'` + ;; + *) + # assume reasonable defaults for e.g. a modern desktop or + # cheap server + system_memory_in_mb="2048" + system_cpu_cores="2" + ;; + esac + + # some systems like the raspberry pi don't report cores, use at least 1 + if [ "$system_cpu_cores" -lt "1" ] + then + system_cpu_cores="1" + fi + + # set max heap size based on the following + # max(min(1/2 ram, 1024MB), min(1/4 ram, 8GB)) + # calculate 1/2 ram and cap to 1024MB + # calculate 1/4 ram and cap to 8192MB + # pick the max + half_system_memory_in_mb=`expr $system_memory_in_mb / 2` + quarter_system_memory_in_mb=`expr $half_system_memory_in_mb / 2` + if [ "$half_system_memory_in_mb" -gt "1024" ] + then + half_system_memory_in_mb="1024" + fi + if [ "$quarter_system_memory_in_mb" -gt "8192" ] + then + quarter_system_memory_in_mb="8192" + fi + if [ "$half_system_memory_in_mb" -gt "$quarter_system_memory_in_mb" ] + then + max_heap_size_in_mb="$half_system_memory_in_mb" + else + max_heap_size_in_mb="$quarter_system_memory_in_mb" + fi + MAX_HEAP_SIZE="${max_heap_size_in_mb}M" + + # Young gen: min(max_sensible_per_modern_cpu_core * num_cores, 1/4 * heap size) + max_sensible_yg_per_core_in_mb="100" + max_sensible_yg_in_mb=`expr $max_sensible_yg_per_core_in_mb "*" $system_cpu_cores` + + desired_yg_in_mb=`expr $max_heap_size_in_mb / 4` + + if [ "$desired_yg_in_mb" -gt "$max_sensible_yg_in_mb" ] + then + HEAP_NEWSIZE="${max_sensible_yg_in_mb}M" + else + HEAP_NEWSIZE="${desired_yg_in_mb}M" + fi +} + +calculate_heap_sizes + +# Dynamically calculate parameters, for reference. +Xms=$MAX_HEAP_SIZE +Xmx=$MAX_HEAP_SIZE +Xmn=$HEAP_NEWSIZE +# Set for `JAVA_OPT`. +JAVA_OPT="${JAVA_OPT} -server -Xms${Xms} -Xmx${Xmx} -Xmn${Xmn}" +JAVA_OPT="${JAVA_OPT} -XX:+UseConcMarkSweepGC -XX:+UseCMSCompactAtFullCollection -XX:CMSInitiatingOccupancyFraction=70 -XX:+CMSParallelRemarkEnabled -XX:SoftRefLRUPolicyMSPerMB=0 -XX:+CMSClassUnloadingEnabled -XX:SurvivorRatio=8 -XX:-UseParNewGC" +JAVA_OPT="${JAVA_OPT} -verbose:gc -Xloggc:/dev/shm/rmq_srv_gc.log -XX:+PrintGCDetails" +JAVA_OPT="${JAVA_OPT} -XX:-OmitStackTraceInFastThrow" +JAVA_OPT="${JAVA_OPT} -XX:-UseLargePages" +JAVA_OPT="${JAVA_OPT} -Djava.ext.dirs=${JAVA_HOME}/jre/lib/ext:${BASE_DIR}/lib" +#JAVA_OPT="${JAVA_OPT} -Xdebug -Xrunjdwp:transport=dt_socket,address=9555,server=y,suspend=n" +JAVA_OPT="${JAVA_OPT} ${JAVA_OPT_EXT}" +JAVA_OPT="${JAVA_OPT} -cp ${CLASSPATH}" + +$JAVA ${JAVA_OPT} $@ diff --git a/rocketmq/image-build/update.sh b/rocketmq/image-build/update.sh new file mode 100755 index 0000000..0678125 --- /dev/null +++ b/rocketmq/image-build/update.sh @@ -0,0 +1,49 @@ +#!/bin/bash + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +checkVersion() +{ + echo "Version = $1" + echo $1 |grep -E "^[0-9]+\.[0-9]+\.[0-9]+" > /dev/null + if [ $? = 0 ]; then + return 0 + fi + + echo "Version $1 illegal, it should be X.X.X format(e.g. 4.5.0), please check released versions in 'https://archive.apache.org/dist/rocketmq/'" + exit -1 +} + +set -eu; + +# Update the image of the latest released version +LATEST_VERSION=$(curl -s https://archive.apache.org/dist/rocketmq/ | awk -F '>' '{print $3}' | awk -F '/' '{print $1}' | grep '^[0-9]' | sort | tail -1) + +checkVersion ${LATEST_VERSION} + +baseImages=("alpine" "centos") + +for baseImage in ${baseImages[@]} +do + echo "Building image of version ${LATEST_VERSION}, base-image ${baseImage}" + bash build-image.sh ${LATEST_VERSION} ${baseImage} + if [ "${baseImage}" = "centos" ];then + TAG=${LATEST_VERSION} + else + TAG=${LATEST_VERSION}-${baseImage} + fi + docker push apacherocketmq/rocketmq:${TAG} +done diff --git a/rocketmq/product/README.md b/rocketmq/product/README.md new file mode 100644 index 0000000..fe28d3c --- /dev/null +++ b/rocketmq/product/README.md @@ -0,0 +1,90 @@ +# Config Reference of RocketMQ Docker in production + +## Background + +This is a simple instructions for how to use a persistent storage and configuration information in a production environment to deploy a NameServer cluster and a master-slave broker cluster under distributed network nodes. + +Note: Here only contains the configuration and startup Docker containers, without mentioning the container's monitoring and management, the container machine's DNS configuration, message distribution and reliability storage details. This part needs to depend on the advanced deployment capabilities related to RocketMQ-Operator in conjunction with the capabilities of Kubernetes. + +## Steps to deploy and run docker containers + +1. Determine the IP and DNS information of the host (physical or virtual machine) to be deployed with NameServer or Broker, the storage file location in the hosted node, and ensure that the relevant ports (9876, 10911, 10912, 10909) are not occupied. +2. Prepare the configuration file used by the broker, select the reference configuration file according to the requirements of the Cluster, and modify the necessary attribute parameters in the file. +3. Call the docker container startup script, set the docker parameters, and start the container (look for the RocketMQ image version from [here]()) +4. Verify the container startup status + +## Directory Structure + +product / + +​ | - conf / (Several typical cluster configuration references ) + +​ | - start-ns.sh (Shell script for starting a name-server container, which is called once for each name-server container on different node) + +​ | - start-broker.sh (Shell script for starting a broker container, which is called once for creating different broker cluster member on different node) + + | - README.md + + | - README_cn.md + +## Use Case + +How to config a 2m-2s-async cluster in Docker style. + +### Startup nameserver cluster + +Note: You can skip this step if you use an existing nameserver cluster + +1. Confirm the host machine where the nameserver is to be deployed and copy the product directory into the host. Determine the directory (DATA_HOME) where the container persistences content (logs/storage) on the host, as well as the RocketMQ image version (ROCKETMQ_VERSION) and base image alpine or centos (BASE_IMAGE) + +2. Run the script start-ns.sh, for example: + + ``` + sh start-ns.sh /home/nameserver/data 4.5.0 alpine + ``` + +3. Repeat above steps if there are multiple nameservers in the cluster. + +### Startup broker cluster + +1. Confirm the NameServer Cluster address. (fomart e.g. "ns1:9876;ns2:9876;...") + +2. Confirm the host machine where the broker-a master is to be deployed,determine the directory (DATA_HOME) where the container persistence content (logs/storage) exists on the host, e.g. DATA_HOME is set as /home/broker/data/; then you need to copy the reference config file conf/2m-2s-async/broker-a.properties as /home/broker/data/conf/2m-2s-async/broker-a.properties in the host. + + Change file broker-a.properties and make the property 'brokerIP1' value as the dns-hostname(Precautions #3) of the host. + +3. Confirm the ROCKETMQ_VERSION (e.g. 4.5.0), start broker with shell script start-broker.sh through the following command: + + ``` + sh start-broker.sh /home/broker/data 4.5.0 "ns1:9876;ns2:9876" conf/2m-2s-async/broker-a.properties alpine + ``` + +4. Check if the broker container is start up correctly (Note:The dir DATA_HOME in host needs to open read/write permissions for the rocketmq user in the container, Precautions #1) + +5. Confirm the host machine where the broker-a slave is to be deployed,determine the directory (DATA_HOME) where the container persistences content (logs/storage) on the host, e.g. DATA_HOME is set as /home/broker/data/; then you need to copy the reference config file conf/2m-2s-async/broker-a-s.properties as /home/broker/data/conf/2m-2s-async/broker-a-s.properties in the host. + + Change file broker-a-s.properties and the proeprty 'brokerIP1' valueas the dns-hostname of the host. + +6. Confirm the ROCKETMQ_VERSION,start slave broker with shell script start-broker.sh: + + ``` + sh start-broker.sh /home/broker/data 4.5.0 "ns1:9876;ns2:9876" conf/2m-2s-async/broker-a-s.properties alpine + ``` + +7. Check if the broker container is start up correctly. + +8. Repeat above steps to create master and slave broker docker containers. + +## Precautions + +1. Ensure the DATA_HOME directory r/w permissions + + The broker container needs to write data that needs to be persisted in the DATA_HOME directory of the host, these data include operation logs and message storage files. It is required to open the permissions in the DATA_HOME directory to ensure that the relevant files can be written when the broker is started and running. + A case: After starting the broker, the broker automatically quits after a period of time, without any log writes, this may be due to the container does not write DATA_HOME / logs directory permissions. + +2. Declare the external map port in the script (start-broker.sh, start-ns.sh) + The default mapping ports have been defined in the relevant script. If the user has special requirements (such as a port is already occupied by other applications), you need to modify the shell script to define a new port mapping. + +3. Recommended to use DNS to configure the broker and name-server address. + + The broker running in the docker container uses the property brokerIP1 to specify the address of the host it is on, and register/publish this address in the NameServer so that the RocketMQ client can obtain externally available broker addresses through the NameServer. When specifying the brokerIP1 property value, a good practice is to use dns- Hostname (instead of the direct IP address), so that when a large-scale broker changes or ip address migration, it will not affect the deployed containers. \ No newline at end of file diff --git a/rocketmq/product/conf/2m-2s-async/broker-a-s.properties b/rocketmq/product/conf/2m-2s-async/broker-a-s.properties new file mode 100644 index 0000000..e5eef23 --- /dev/null +++ b/rocketmq/product/conf/2m-2s-async/broker-a-s.properties @@ -0,0 +1,30 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +brokerClusterName=DefaultCluster +brokerName=broker-a +brokerId=1 +deleteWhen=04 +fileReservedTime=48 +brokerRole=SLAVE +flushDiskType=ASYNC_FLUSH + + +#Slave host dns-name/ip +brokerIP1=REPLACE_IT +#with Master's BroperIP1 +brokerIP2=REPLACE_IT + +#with Master's haListenPort, default 10912 +#haListenPort=10912 diff --git a/rocketmq/product/conf/2m-2s-async/broker-a.properties b/rocketmq/product/conf/2m-2s-async/broker-a.properties new file mode 100644 index 0000000..39dc5bf --- /dev/null +++ b/rocketmq/product/conf/2m-2s-async/broker-a.properties @@ -0,0 +1,29 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +brokerClusterName=DefaultCluster +brokerName=broker-a +brokerId=0 +deleteWhen=04 +fileReservedTime=48 +brokerRole=ASYNC_MASTER +flushDiskType=ASYNC_FLUSH + +# Host node's dns-name or ip +brokerIP1=REPLACE_IT + +# Optional config different value rather than default ports. +# Caution: changing default ports need to update port mapping setting (-p) in start-broker.sh +#listenPort=10911 +#haListenPort=10912 \ No newline at end of file diff --git a/rocketmq/product/conf/2m-2s-async/broker-b-s.properties b/rocketmq/product/conf/2m-2s-async/broker-b-s.properties new file mode 100644 index 0000000..50fb0fb --- /dev/null +++ b/rocketmq/product/conf/2m-2s-async/broker-b-s.properties @@ -0,0 +1,29 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +brokerClusterName=DefaultCluster +brokerName=broker-b +brokerId=1 +deleteWhen=04 +fileReservedTime=48 +brokerRole=SLAVE +flushDiskType=ASYNC_FLUSH + +#Slave host dns-name/ip +brokerIP1=REPLACE_IT +#with Master's BroperIP1 +brokerIP2=REPLACE_IT + +# with Master's haListenPort, default 10912 +#haListenPort=10912 \ No newline at end of file diff --git a/rocketmq/product/conf/2m-2s-async/broker-b.properties b/rocketmq/product/conf/2m-2s-async/broker-b.properties new file mode 100644 index 0000000..c84cb76 --- /dev/null +++ b/rocketmq/product/conf/2m-2s-async/broker-b.properties @@ -0,0 +1,29 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +brokerClusterName=DefaultCluster +brokerName=broker-b +brokerId=0 +deleteWhen=04 +fileReservedTime=48 +brokerRole=ASYNC_MASTER +flushDiskType=ASYNC_FLUSH + +# Host node's dns-name or ip +brokerIP1=REPLACE_IT + +# Optional config different value rather than default ports. +# Caution: changing default ports need to update port mapping setting (-p) in start-broker.sh +#listenPort=10911 +#haListenPort=10912 \ No newline at end of file diff --git a/rocketmq/product/conf/2m-2s-sync/broker-a-s.properties b/rocketmq/product/conf/2m-2s-sync/broker-a-s.properties new file mode 100644 index 0000000..275f236 --- /dev/null +++ b/rocketmq/product/conf/2m-2s-sync/broker-a-s.properties @@ -0,0 +1,29 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +brokerClusterName=DefaultCluster +brokerName=broker-a +brokerId=1 +deleteWhen=04 +fileReservedTime=48 +brokerRole=SLAVE +flushDiskType=ASYNC_FLUSH + +#Slave host dns-name/ip +brokerIP1=REPLACE_IT +#with Master's BroperIP1 +brokerIP2=REPLACE_IT + +#with Master's haListenPort, default 10912 +#haListenPort=10912 \ No newline at end of file diff --git a/rocketmq/product/conf/2m-2s-sync/broker-a.properties b/rocketmq/product/conf/2m-2s-sync/broker-a.properties new file mode 100644 index 0000000..acdc008 --- /dev/null +++ b/rocketmq/product/conf/2m-2s-sync/broker-a.properties @@ -0,0 +1,29 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +brokerClusterName=DefaultCluster +brokerName=broker-a +brokerId=0 +deleteWhen=04 +fileReservedTime=48 +brokerRole=SYNC_MASTER +flushDiskType=ASYNC_FLUSH + +# Host node's dns-name or ip +brokerIP1=REPLACE_IT + +# Optional config different value rather than default ports. +# Caution: changing default ports need to update port mapping setting (-p) in start-broker.sh +#listenPort=10911 +#haListenPort=10912 \ No newline at end of file diff --git a/rocketmq/product/conf/2m-2s-sync/broker-b-s.properties b/rocketmq/product/conf/2m-2s-sync/broker-b-s.properties new file mode 100644 index 0000000..50fb0fb --- /dev/null +++ b/rocketmq/product/conf/2m-2s-sync/broker-b-s.properties @@ -0,0 +1,29 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +brokerClusterName=DefaultCluster +brokerName=broker-b +brokerId=1 +deleteWhen=04 +fileReservedTime=48 +brokerRole=SLAVE +flushDiskType=ASYNC_FLUSH + +#Slave host dns-name/ip +brokerIP1=REPLACE_IT +#with Master's BroperIP1 +brokerIP2=REPLACE_IT + +# with Master's haListenPort, default 10912 +#haListenPort=10912 \ No newline at end of file diff --git a/rocketmq/product/conf/2m-2s-sync/broker-b.properties b/rocketmq/product/conf/2m-2s-sync/broker-b.properties new file mode 100644 index 0000000..29c4a28 --- /dev/null +++ b/rocketmq/product/conf/2m-2s-sync/broker-b.properties @@ -0,0 +1,29 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +brokerClusterName=DefaultCluster +brokerName=broker-b +brokerId=0 +deleteWhen=04 +fileReservedTime=48 +brokerRole=SYNC_MASTER +flushDiskType=ASYNC_FLUSH + +# Host node's dns-name or ip +brokerIP1=REPLACE_IT + +# Optional config different value rather than default ports. +# Caution: changing default ports need to update port mapping setting (-p) in start-broker.sh +#listenPort=10911 +#haListenPort=10912 \ No newline at end of file diff --git a/rocketmq/product/conf/2m-noslave/broker-a.properties b/rocketmq/product/conf/2m-noslave/broker-a.properties new file mode 100644 index 0000000..e1189b5 --- /dev/null +++ b/rocketmq/product/conf/2m-noslave/broker-a.properties @@ -0,0 +1,28 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +brokerClusterName=DefaultCluster +brokerName=broker-a +brokerId=0 +deleteWhen=04 +fileReservedTime=48 +brokerRole=ASYNC_MASTER +flushDiskType=ASYNC_FLUSH + +# Host node's dns-name or ip +brokerIP1=REPLACE_IT + +# Optional config different value rather than default ports. +# Caution: changing default ports need to update port mapping setting (-p) in start-broker.sh +#listenPort=10911 \ No newline at end of file diff --git a/rocketmq/product/conf/2m-noslave/broker-b.properties b/rocketmq/product/conf/2m-noslave/broker-b.properties new file mode 100644 index 0000000..c84cb76 --- /dev/null +++ b/rocketmq/product/conf/2m-noslave/broker-b.properties @@ -0,0 +1,29 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +brokerClusterName=DefaultCluster +brokerName=broker-b +brokerId=0 +deleteWhen=04 +fileReservedTime=48 +brokerRole=ASYNC_MASTER +flushDiskType=ASYNC_FLUSH + +# Host node's dns-name or ip +brokerIP1=REPLACE_IT + +# Optional config different value rather than default ports. +# Caution: changing default ports need to update port mapping setting (-p) in start-broker.sh +#listenPort=10911 +#haListenPort=10912 \ No newline at end of file diff --git a/rocketmq/product/conf/2m-noslave/broker-trace.properties b/rocketmq/product/conf/2m-noslave/broker-trace.properties new file mode 100644 index 0000000..fe1c82f --- /dev/null +++ b/rocketmq/product/conf/2m-noslave/broker-trace.properties @@ -0,0 +1,28 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +brokerClusterName=DefaultCluster +brokerName=broker-trace +brokerId=0 +deleteWhen=04 +fileReservedTime=48 +brokerRole=ASYNC_MASTER +flushDiskType=ASYNC_FLUSH + +# Host node's dns-name or ip +brokerIP1=REPLACE_IT + +# Optional config different value rather than default ports. +# Caution: changing default ports need to update port mapping setting (-p) in start-broker.sh +#listenPort=10911 \ No newline at end of file diff --git a/rocketmq/product/conf/broker.conf b/rocketmq/product/conf/broker.conf new file mode 100644 index 0000000..3a7676b --- /dev/null +++ b/rocketmq/product/conf/broker.conf @@ -0,0 +1,25 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +brokerClusterName = DefaultCluster +brokerName = broker-b +brokerId = 0 +deleteWhen = 04 +fileReservedTime = 48 +brokerRole = ASYNC_MASTER +flushDiskType = ASYNC_FLUSH + +# Set self-defined brokerIP address (e.g. the host node's) +#brokerIP1=30.25.90.82 diff --git a/rocketmq/product/start-broker.sh b/rocketmq/product/start-broker.sh new file mode 100644 index 0000000..169e037 --- /dev/null +++ b/rocketmq/product/start-broker.sh @@ -0,0 +1,67 @@ +#!/bin/sh + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +## Main +if [ $# -lt 4 ]; then + echo "Usage: sh $0 DATA_HOME ROCKETMQ_VERSION NAMESRV_ADDR CONF_FILE" + exit -1 +fi + +DATA_HOME=$1 +ROCKETMQ_VERSION=$2 +NAMESRV_ADDR=$3 +CONF_FILE=$4 +BASE_IMAGE=$5 + +## Show Env Setting +echo "ENV Setting: " +echo " DATA_HOME=${DATA_HOME} ROCKETMQ_VERSION=${ROCKETMQ_VERSION}" +echo " NAMESRV_ADDR=${NAMESRV_ADDR}" +echo " CONF_FILE=${CONF_FILE}" + +## Check config file existing +if [ ! -f "${DATA_HOME}/conf/${CONF_FILE}" ]; then + echo "You must ensure the broker config file [${DATA_HOME}/conf/${CONF_FILE}] is pre-defined!!!" + exit -1 +fi + + +# Start Broker +start_broker() +{ + TAG_SUFFIX=$1 + docker run -d -v ${DATA_HOME}/logs:/home/rocketmq/logs -v ${DATA_HOME}/store:/home/rocketmq/store \ + -v ${DATA_HOME}/conf:/home/rocketmq/conf \ + --name rmqbroker \ + -e "NAMESRV_ADDR=${NAMESRV_ADDR}" \ + -p 10911:10911 -p 10912:10912 -p 10909:10909 \ + apacherocketmq/rocketmq:${ROCKETMQ_VERSION}${TAG_SUFFIX} \ + sh mqbroker -c /home/rocketmq/conf/${CONF_FILE} +} + +case "${BASE_IMAGE}" in + alpine) + start_broker -alpine + ;; + centos) + start_broker + ;; + *) + echo "${BASE_IMAGE} is not supported, supported base images: centos, alpine" + exit -1 + ;; +esac \ No newline at end of file diff --git a/rocketmq/product/start-ns.sh b/rocketmq/product/start-ns.sh new file mode 100644 index 0000000..cb82585 --- /dev/null +++ b/rocketmq/product/start-ns.sh @@ -0,0 +1,55 @@ +#!/bin/sh + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +## Main +if [ $# -lt 3 ]; then + echo "Usage: sh $0 DATA_HOME ROCKETMQ_VERSION BASE_IMAGE" + exit -1 +fi + +DATA_HOME=$1 +ROCKETMQ_VERSION=$2 +BASE_IMAGE=$3 + +## Show Env Setting +echo "ENV Setting: " +echo "DATA_HOME=${DATA_HOME} ROCKETMQ_VERSION=${ROCKETMQ_VERSION}" + +# Start nameserver +start_namesrv() +{ + TAG_SUFFIX=$1 + docker run -d -v ${DATA_HOME}/logs:/home/rocketmq/logs \ + --name rmqnamesrv \ + -p 9876:9876 \ + apacherocketmq/rocketmq:${ROCKETMQ_VERSION}${TAG_SUFFIX} \ + sh mqnamesrv +} + +case "${BASE_IMAGE}" in + alpine) + start_namesrv -alpine + ;; + centos) + start_namesrv + ;; + *) + echo "${BASE_IMAGE} is not supported, supported base images: centos, alpine" + exit -1 + ;; +esac \ No newline at end of file diff --git a/rocketmq/stage.sh b/rocketmq/stage.sh new file mode 100644 index 0000000..3e57ca2 --- /dev/null +++ b/rocketmq/stage.sh @@ -0,0 +1,54 @@ +#!/bin/sh + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +checkVersion() +{ + echo "Stage version = $1" + echo $1 |grep -E "^[0-9]+\.[0-9]+\.[0-9]+" > /dev/null + if [ $? = 0 ]; then + return 1 + fi + + echo "Version $1 illegal, it should be X.X.X format(e.g. 4.5.0), please check released versions in 'https://archive.apache.org/dist/rocketmq/'" + return 0 +} + +CURRENT_DIR="$(cd "$(dirname "$0")"; pwd)" + +[ ! -d "$STAGE_DIR" ] && STAGE_DIR=$CURRENT_DIR/stages +mkdir -p $STAGE_DIR + +if [ $# -lt 1 ]; then + echo "Usage: sh $0 version" + exit -1 +fi + +version=$1 +checkVersion $version +if [ $? = 0 ]; then + exit -1 +fi + +echo "mkdir $STAGE_DIR/$version" +mkdir -p "$STAGE_DIR/$version" + +cp -rf "$CURRENT_DIR/templates/" "$STAGE_DIR/$version" + +echo "staged templates into folder $STAGE_DIR/$version" + +# Replace string "ROCKETMQ_VERSION" with real version in all files under $STAGE_DIR/$version +find "$STAGE_DIR/$version" -type f | xargs perl -pi -e "s/ROCKETMQ_VERSION/${version}/g" \ No newline at end of file diff --git a/rocketmq/templates/data/broker/conf/broker.conf b/rocketmq/templates/data/broker/conf/broker.conf new file mode 100644 index 0000000..e460e54 --- /dev/null +++ b/rocketmq/templates/data/broker/conf/broker.conf @@ -0,0 +1,8 @@ +brokerClusterName = DefaultCluster +brokerName = broker-abc +brokerId = 0 +deleteWhen = 04 +fileReservedTime = 48 +brokerRole = ASYNC_MASTER +flushDiskType = ASYNC_FLUSH +brokerIP1 = 30.25.90.30 diff --git a/rocketmq/templates/data/broker/conf/broker1.conf b/rocketmq/templates/data/broker/conf/broker1.conf new file mode 100644 index 0000000..7233af9 --- /dev/null +++ b/rocketmq/templates/data/broker/conf/broker1.conf @@ -0,0 +1,9 @@ +brokerClusterName = DefaultCluster +brokerName = broker-abc1 +brokerId = 1 +deleteWhen = 04 +fileReservedTime = 48 +brokerRole = ASYNC_MASTER +flushDiskType = ASYNC_FLUSH +brokerIP1 = m30 +listenPort = 10921 diff --git a/rocketmq/templates/data/broker0/conf/dledger/broker.conf b/rocketmq/templates/data/broker0/conf/dledger/broker.conf new file mode 100644 index 0000000..7b21174 --- /dev/null +++ b/rocketmq/templates/data/broker0/conf/dledger/broker.conf @@ -0,0 +1,27 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +brokerClusterName = RaftCluster +brokerName=RaftNode00 +listenPort=30911 +#namesrvAddr=127.0.0.1:9876 +storePathRootDir=/tmp/rmqstore/node00 +storePathCommitLog=/tmp/rmqstore/node00/commitlog +enableDLegerCommitLog=true +dLegerGroup=RaftNode00 +dLegerPeers=n0-172.18.0.12:40911;n1-172.18.0.13:40912;n2-172.18.0.14:40913 +## must be unique +dLegerSelfId=n0 +sendMessageThreadPoolNums=16 diff --git a/rocketmq/templates/data/broker1/conf/dledger/broker.conf b/rocketmq/templates/data/broker1/conf/dledger/broker.conf new file mode 100644 index 0000000..8b32bb2 --- /dev/null +++ b/rocketmq/templates/data/broker1/conf/dledger/broker.conf @@ -0,0 +1,27 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +brokerClusterName = RaftCluster +brokerName=RaftNode01 +listenPort=30911 +#namesrvAddr=127.0.0.1:9876 +storePathRootDir=/tmp/rmqstore/node00 +storePathCommitLog=/tmp/rmqstore/node00/commitlog +enableDLegerCommitLog=true +dLegerGroup=RaftNode00 +dLegerPeers=n0-172.18.0.12:40911;n1-172.18.0.13:40912;n2-172.18.0.14:40913 +## must be unique +dLegerSelfId=n1 +sendMessageThreadPoolNums=16 diff --git a/rocketmq/templates/data/broker2/conf/dledger/broker.conf b/rocketmq/templates/data/broker2/conf/dledger/broker.conf new file mode 100644 index 0000000..6fec70e --- /dev/null +++ b/rocketmq/templates/data/broker2/conf/dledger/broker.conf @@ -0,0 +1,27 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +brokerClusterName = RaftCluster +brokerName=RaftNode02 +listenPort=30911 +#namesrvAddr=127.0.0.1:9876 +storePathRootDir=/tmp/rmqstore/node00 +storePathCommitLog=/tmp/rmqstore/node00/commitlog +enableDLegerCommitLog=true +dLegerGroup=RaftNode00 +dLegerPeers=n0-172.18.0.12:40911;n1-172.18.0.13:40912;n2-172.18.0.14:40913 +## must be unique +dLegerSelfId=n2 +sendMessageThreadPoolNums=16 diff --git a/rocketmq/templates/docker-compose/data/broker/conf/broker.conf b/rocketmq/templates/docker-compose/data/broker/conf/broker.conf new file mode 100644 index 0000000..a8f04e2 --- /dev/null +++ b/rocketmq/templates/docker-compose/data/broker/conf/broker.conf @@ -0,0 +1,7 @@ +brokerClusterName = DefaultCluster +brokerName = broker-a +brokerId = 0 +deleteWhen = 04 +fileReservedTime = 48 +brokerRole = ASYNC_MASTER +flushDiskType = ASYNC_FLUSH diff --git a/rocketmq/templates/docker-compose/data1/broker/conf/broker.conf b/rocketmq/templates/docker-compose/data1/broker/conf/broker.conf new file mode 100644 index 0000000..37c8a5f --- /dev/null +++ b/rocketmq/templates/docker-compose/data1/broker/conf/broker.conf @@ -0,0 +1,7 @@ +brokerClusterName = DefaultCluster +brokerName = broker-b +brokerId = 0 +deleteWhen = 04 +fileReservedTime = 48 +brokerRole = ASYNC_MASTER +flushDiskType = ASYNC_FLUSH diff --git a/rocketmq/templates/docker-compose/docker-compose.yml b/rocketmq/templates/docker-compose/docker-compose.yml new file mode 100644 index 0000000..ca39d02 --- /dev/null +++ b/rocketmq/templates/docker-compose/docker-compose.yml @@ -0,0 +1,47 @@ +version: '2' +services: + #Service for nameserver + namesrv: + image: apacherocketmq/rocketmq:ROCKETMQ_VERSION + container_name: rmqnamesrv + ports: + - 9876:9876 + volumes: + - ./data/namesrv/logs:/home/rocketmq/logs + command: sh mqnamesrv + + #Service for broker + broker: + image: apacherocketmq/rocketmq:ROCKETMQ_VERSION + container_name: rmqbroker + links: + - namesrv + ports: + - 10909:10909 + - 10911:10911 + - 10912:10912 + environment: + - NAMESRV_ADDR=namesrv:9876 + volumes: + - ./data/broker/logs:/home/rocketmq/logs + - ./data/broker/store:/home/rocketmq/store + - ./data/broker/conf/broker.conf:/opt/rocketmq-ROCKETMQ_VERSION/conf/broker.conf + command: sh mqbroker -c /opt/rocketmq-ROCKETMQ_VERSION/conf/broker.conf + + #Service for another broker -- broker1 + broker1: + image: apacherocketmq/rocketmq:ROCKETMQ_VERSION + container_name: rmqbroker-b + links: + - namesrv + ports: + - 10929:10909 + - 10931:10911 + - 10932:10912 + environment: + - NAMESRV_ADDR=namesrv:9876 + volumes: + - ./data1/broker/logs:/home/rocketmq/logs + - ./data1/broker/store:/home/rocketmq/store + - ./data1/broker/conf/broker.conf:/opt/rocketmq-ROCKETMQ_VERSION/conf/broker.conf + command: sh mqbroker -c /opt/rocketmq-ROCKETMQ_VERSION/conf/broker.conf diff --git a/rocketmq/templates/kubernetes/deployment.yaml b/rocketmq/templates/kubernetes/deployment.yaml new file mode 100644 index 0000000..cf226c8 --- /dev/null +++ b/rocketmq/templates/kubernetes/deployment.yaml @@ -0,0 +1,46 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: rocketmq +spec: + replicas: 1 + template: + metadata: + labels: + app: rocketmq + spec: + containers: + - name: broker + image: apacherocketmq/rocketmq:ROCKETMQ_VERSION + command: ["sh","mqbroker", "-n","localhost:9876"] + imagePullPolicy: IfNotPresent + ports: + - containerPort: 10909 + - containerPort: 10911 + volumeMounts: + - mountPath: /home/rocketmq/logs + name: brokeroptlogs + - mountPath: /home/rocketmq/store + name: brokeroptstore + - name: namesrv + image: apacherocketmq/rocketmq:ROCKETMQ_VERSION + command: ["sh","mqnamesrv"] + imagePullPolicy: IfNotPresent + ports: + - containerPort: 9876 + volumeMounts: + - mountPath: /home/rocketmq/logs + name: namesrvoptlogs + volumes: + - name: brokeroptlogs + hostPath: + path: /data/broker/logs + - name: brokeroptstore + hostPath: + path: /data/broker/store + - name: namesrvoptlogs + hostPath: + path: /data/namesrv/logs + - name: namesrvoptstore + hostPath: + path: /data/namesrv/store diff --git a/rocketmq/templates/kubernetes/deployment2.yaml b/rocketmq/templates/kubernetes/deployment2.yaml new file mode 100644 index 0000000..9844a93 --- /dev/null +++ b/rocketmq/templates/kubernetes/deployment2.yaml @@ -0,0 +1,68 @@ +kind: Deployment +apiVersion: extensions/v1beta1 +metadata: + name: rocketmq-ns-deployment +spec: + replicas: 1 + selector: + matchLabels: + app: rocketmq-nameserver + name: rocketmq-nameserver + template: + metadata: + labels: + app: rocketmq-nameserver + name: rocketmq-nameserver + spec: + containers: + - name: rocketmq-nameserver + image: apacherocketmq/rocketmq:ROCKETMQ_VERSION + command: ["sh","mqnamesrv"] + imagePullPolicy: IfNotPresent + ports: + - containerPort: 9876 + volumeMounts: + - mountPath: /home/rocketmq/logs + name: namesrvlogs + volumes: + - name: namesrvlogs + emptyDir: {} + - name: namesrvstore + emptyDir: {} +--- +kind: Deployment +apiVersion: extensions/v1beta1 +metadata: + name: rocketmq-broker-deployment +spec: + replicas: 1 + selector: + matchLabels: + app: rocketmq-broker + name: rocketmq-broker + template: + metadata: + labels: + app: rocketmq-broker + name: rocketmq-broker + spec: + containers: + - name: rocketmq-broker + image: apacherocketmq/rocketmq:ROCKETMQ_VERSION + command: ["sh","mqbroker", "-n","rocketmq-ns-deployment:9876"] + imagePullPolicy: IfNotPresent + ports: + - containerPort: 10909 + - containerPort: 10911 + volumeMounts: + - mountPath: /home/rocketmq/logs + name: brokerlogs + - mountPath: /home/rocketmq/store + name: brokerstore + volumes: + - name: brokerlogs + emptyDir: {} + - name: brokerstore + emptyDir: {} + + diff --git a/rocketmq/templates/play-consumer.sh b/rocketmq/templates/play-consumer.sh new file mode 100755 index 0000000..a097ec0 --- /dev/null +++ b/rocketmq/templates/play-consumer.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# Consume messages +docker exec -ti rmqbroker sh ./tools.sh org.apache.rocketmq.example.quickstart.Consumer \ No newline at end of file diff --git a/rocketmq/templates/play-docker-compose.sh b/rocketmq/templates/play-docker-compose.sh new file mode 100755 index 0000000..0ed7dc2 --- /dev/null +++ b/rocketmq/templates/play-docker-compose.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +RMQ_CONTAINER=$(docker ps -a|awk '/rmq/ {print $1}') +if [[ -n "$RMQ_CONTAINER" ]]; then + echo "Removing RocketMQ Container..." + docker rm -fv $RMQ_CONTAINER + # Wait till the existing containers are removed + sleep 5 +fi + +prepare_dir() +{ + dirs=("docker-compose/data/namesrv/logs" "docker-compose/data/broker/logs" "docker-compose/data/broker/store" "docker-compose/data1/broker/logs" "docker-compose/data1/broker/store") + + for dir in ${dirs[@]} + do + if [ ! -d "`pwd`/${dir}" ]; then + mkdir -p "`pwd`/${dir}" + chmod a+rw "`pwd`/${dir}" + fi + done +} + +prepare_dir + +# Run nameserver and broker +docker-compose -f ./docker-compose/docker-compose.yml up -d diff --git a/rocketmq/templates/play-docker-dledger.sh b/rocketmq/templates/play-docker-dledger.sh new file mode 100755 index 0000000..e8c88a8 --- /dev/null +++ b/rocketmq/templates/play-docker-dledger.sh @@ -0,0 +1,66 @@ +#!/bin/bash + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +RMQ_CONTAINER=$(docker ps -a|awk '/rmq/ {print $1}') +if [[ -n "$RMQ_CONTAINER" ]]; then + echo "Removing RocketMQ Container..." + docker rm -fv $RMQ_CONTAINER + # Wait till the existing containers are removed + sleep 5 +fi + +DLEDGER_NET=$(docker network ls |awk '/dledger-br/ {print $1}') +if [[ -n "$DLEDGER_NET" ]]; then + echo "Removing DLedger Bridge network..." + docker network rm $DLEDGER_NET + # Wait till the existing networks are removed + sleep 5 +fi + +prepare_dir() +{ + dirs=("data/namesrv/logs" "data/broker0/logs" "data/broker0/store" "data/broker1/logs" "data/broker1/store" "data/broker2/logs" "data/broker2/store") + + for dir in ${dirs[@]} + do + if [ ! -d "`pwd`/${dir}" ]; then + mkdir -p "`pwd`/${dir}" + chmod a+rw "`pwd`/${dir}" + fi + done +} + +prepare_dir + +echo "Starting RocketMQ nodes..." + +# Create network +docker network create --subnet=172.18.0.0/16 dledger-br + +# Start nameserver +docker run --net dledger-br --ip 172.18.0.11 -d -p 9876:9876 -v `pwd`/data/namesrv/logs:/home/rocketmq/logs --name rmqnamesrv apacherocketmq/rocketmq:ROCKETMQ_VERSION sh mqnamesrv + +# Start Brokers +docker run --net dledger-br --ip 172.18.0.12 -d -p 30911:30911 -p 30909:30909 -v `pwd`/data/broker0/logs:/home/rocketmq/logs -v `pwd`/data/broker0/store:/home/rocketmq/store -v `pwd`/data/broker0/conf/dledger:/opt/rocketmq-ROCKETMQ_VERSION/conf/dledger --name rmqbroker --link rmqnamesrv:namesrv -e "NAMESRV_ADDR=namesrv:9876" apacherocketmq/rocketmq:ROCKETMQ_VERSION sh mqbroker -c ../conf/dledger/broker.conf +docker run --net dledger-br --ip 172.18.0.13 -d -p 30921:30921 -p 30919:30919 -v `pwd`/data/broker1/logs:/home/rocketmq/logs -v `pwd`/data/broker1/store:/home/rocketmq/store -v `pwd`/data/broker1/conf/dledger:/opt/rocketmq-ROCKETMQ_VERSION/conf/dledger --name rmqbroker1 --link rmqnamesrv:namesrv -e "NAMESRV_ADDR=namesrv:9876" apacherocketmq/rocketmq:ROCKETMQ_VERSION sh mqbroker -c ../conf/dledger/broker.conf +docker run --net dledger-br --ip 172.18.0.14 -d -p 30931:30931 -p 30929:30929 -v `pwd`/data/broker2/logs:/home/rocketmq/logs -v `pwd`/data/broker2/store:/home/rocketmq/store -v `pwd`/data/broker2/conf/dledger:/opt/rocketmq-ROCKETMQ_VERSION/conf/dledger --name rmqbroker2 --link rmqnamesrv:namesrv -e "NAMESRV_ADDR=namesrv:9876" apacherocketmq/rocketmq:ROCKETMQ_VERSION sh mqbroker -c ../conf/dledger/broker.conf + +# Service unavailable when not ready +# sleep 20 + +# Produce messages +# sh ./play-producer.sh diff --git a/rocketmq/templates/play-docker-tls.sh b/rocketmq/templates/play-docker-tls.sh new file mode 100755 index 0000000..1612fe2 --- /dev/null +++ b/rocketmq/templates/play-docker-tls.sh @@ -0,0 +1,53 @@ +#!/bin/bash + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +RMQ_CONTAINER=$(docker ps -a|awk '/rmq/ {print $1}') +if [[ -n "$RMQ_CONTAINER" ]]; then + echo "Removing RocketMQ Container..." + docker rm -fv $RMQ_CONTAINER + # Wait till the existing containers are removed + sleep 5 +fi + +prepare_dir() +{ + dirs=("data/namesrv/logs" "data/broker/logs" "data/broker/store") + + for dir in ${dirs[@]} + do + if [ ! -d "`pwd`/${dir}" ]; then + mkdir -p "`pwd`/${dir}" + chmod a+rw "`pwd`/${dir}" + fi + done +} + +prepare_dir + +echo "Starting RocketMQ nodes..." + +# Start nameserver +docker run -d -v `pwd`/ssl:/home/rocketmq/ssl -v `pwd`/data/namesrv/logs:/home/rocketmq/logs --name rmqnamesrv -e "JAVA_OPT=-Dtls.test.mode.enable=false -Dtls.config.file=/home/rocketmq/ssl/ssl.properties -Dtls.test.mode.enable=false -Dtls.server.need.client.auth=required" apacherocketmq/rocketmq:ROCKETMQ_VERSION sh mqnamesrv + +# Start Broker +docker run -d -v `pwd`/ssl:/home/rocketmq/ssl -v `pwd`/data/broker/logs:/home/rocketmq/logs -v `pwd`/data/broker/store:/home/rocketmq/store --name rmqbroker --link rmqnamesrv:namesrv -e "NAMESRV_ADDR=namesrv:9876" -e "JAVA_OPT=-Dtls.enable=true -Dtls.client.authServer=true -Dtls.test.mode.enable=false -Dtls.config.file=/home/rocketmq/ssl/ssl.properties -Dtls.test.mode.enable=false -Dtls.server.mode=enforcing -Dtls.server.need.client.auth=required" apacherocketmq/rocketmq:ROCKETMQ_VERSION sh mqbroker + +# Service unavailable when not ready +# sleep 20 + +# Produce messages +# sh ./play-producer.sh diff --git a/rocketmq/templates/play-docker.sh b/rocketmq/templates/play-docker.sh new file mode 100755 index 0000000..04f47e0 --- /dev/null +++ b/rocketmq/templates/play-docker.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +start_namesrv_broker() +{ + TAG_SUFFIX=$1 + # Start nameserver + docker run -d -v `pwd`/data/namesrv/logs:/home/rocketmq/logs --name rmqnamesrv -p 9876:9876 apacherocketmq/rocketmq:ROCKETMQ_VERSION${TAG_SUFFIX} sh mqnamesrv + # Start Broker + docker run -d -v `pwd`/data/broker/logs:/home/rocketmq/logs -v `pwd`/data/broker/store:/home/rocketmq/store --name rmqbroker --link rmqnamesrv:namesrv -e "NAMESRV_ADDR=namesrv:9876" -p 10909:10909 -p 10911:10911 -p 10912:10912 apacherocketmq/rocketmq:ROCKETMQ_VERSION${TAG_SUFFIX} sh mqbroker +} + +if [ $# -lt 1 ]; then + echo -e "Usage: sh $0 BaseImage" + exit -1 +fi + +export BASE_IMAGE=$1 + +echo "Play RocketMQ docker image of tag ROCKETMQ_VERSION-${BASE_IMAGE}" + +RMQ_CONTAINER=$(docker ps -a|awk '/rmq/ {print $1}') +if [[ -n "$RMQ_CONTAINER" ]]; then + echo "Removing RocketMQ Container..." + docker rm -fv $RMQ_CONTAINER + # Wait till the existing containers are removed + sleep 5 +fi + +prepare_dir() +{ + dirs=("data/namesrv/logs" "data/broker/logs" "data/broker/store") + + for dir in ${dirs[@]} + do + if [ ! -d "`pwd`/${dir}" ]; then + mkdir -p "`pwd`/${dir}" + chmod a+rw "`pwd`/${dir}" + fi + done +} + +prepare_dir + +echo "Starting RocketMQ nodes..." + +case "${BASE_IMAGE}" in + alpine) + start_namesrv_broker -alpine + ;; + centos) + start_namesrv_broker + ;; + *) + echo "${BASE_IMAGE} is not supported, supported base images: centos, alpine" + exit -1 + ;; +esac + +# Service unavailable when not ready +# sleep 20 + +# Produce messages +# sh ./play-producer.sh diff --git a/rocketmq/templates/play-kubernetes.sh b/rocketmq/templates/play-kubernetes.sh new file mode 100755 index 0000000..5a3a539 --- /dev/null +++ b/rocketmq/templates/play-kubernetes.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +if [ ! -d "`pwd`/data" ]; then + mkdir -p "data" +fi + +# Run nameserver and broker on your Kubernetes cluster +kubectl apply -f kubernetes/deployment.yaml diff --git a/rocketmq/templates/play-producer.sh b/rocketmq/templates/play-producer.sh new file mode 100755 index 0000000..f022a13 --- /dev/null +++ b/rocketmq/templates/play-producer.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Produce messages +docker exec -ti rmqbroker sh ./tools.sh org.apache.rocketmq.example.quickstart.Producer \ No newline at end of file diff --git a/rocketmq/templates/ssl/README.md b/rocketmq/templates/ssl/README.md new file mode 100644 index 0000000..aedf237 --- /dev/null +++ b/rocketmq/templates/ssl/README.md @@ -0,0 +1,113 @@ +# Description of TLS related files + +The purpose of this README file is to show how to generate SSL-related key pairs and self-signed certificates for testing, and how to configure the RocketMQ TLS configuration file parameters. + +## 1. Generating SSL related files + +### CA certificate and key file generation (directly generate CA key and its self-signed certificate) +``` +openssl req -newkey rsa:2048 -passout pass:123456 -keyout ca_rsa_private.pem -x509 -days 365 -out ca.crt -subj "/C=CN/ST=BJ/L=BJ/O=COM/OU=NSP/CN=CA/emailAddress=youremail@apache.com" +``` + +### Server certificate and key file generation (directly generate server key and certificate to be signed) +``` +openssl req -newkey rsa:2048 -passout pass:server -keyout server_rsa_private.pem -out server.csr -subj "/C=CN/ST=BJ/L=BJ/O=COM/OU=NSP/CN=SERVER/emailAddress=youremail@apache.com" +``` + +### Signing a server certificate with a CA certificate and key +``` +openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca_rsa_private.pem -passin pass:123456 -CAcreateserial -out server.crt +# Alternatively, convert the encrypted RSA key to an unencrypted RSA key, avoiding the requirement to enter the decryption password for each read. +openssl rsa -in server_rsa_private.pem -out server_rsa_private.pem.unsecure -passin pass:server +``` + +### Client certificate and key file generation (directly generate client key and certificate to be signed) +``` +openssl req -newkey rsa:2048 -passout pass:client -keyout client_rsa_private.pem -out client.csr -subj "/C=CN/ST=BJ/L=BJ/O=COM/OU=NSP/CN=CLIENT/emailAddress=youremail@apache.com" +``` + +### Signing a client certificate with a CA certificate and key +``` +openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca_rsa_private.pem -passin pass:123456 -CAcreateserial -out client.crt +# Alternatively, convert the encrypted RSA key to an unencrypted RSA key +openssl rsa -in client_rsa_private.pem -out client_rsa_private.pem.unsecure -passin pass:client +``` + +### PKCS8 processing of the client and server keys (Reason: see Appendix 1) +``` +openssl pkcs8 -topk8 -v1 PBE-SHA1-RC4-128 -in server_rsa_private.pem -out server_rsa_private_pkcs8.pem -passout pass:server -passin pass:server +openssl pkcs8 -topk8 -v1 PBE-SHA1-RC4-128 -in client_rsa_private.pem -out client_rsa_private_pkcs8.pem -passout pass:client -passin pass:client +``` + +## 2. RocketMQ TLS Configuration Instructions +ssl.properties (Note: there should be no spaces after the attribute value) +``` +## client setting +tls.client.certPath=/home/rocketmq/ssl/client.crt +tls.client.keyPath=/home/rocketmq/ssl/client_rsa_private_pkcs8.pem +tls.client.keyPassword=client +tls.client.trustCertPath=/home/rocketmq/ssl/ca.crt + +## server setting +tls.server.certPath=/home/rocketmq/ssl/server.crt +tls.server.keyPath=/home/rocketmq/ssl/server_rsa_private_pkcs8.pem +tls.server.keyPassword=server +tls.server.trustCertPath=/home/rocketmq/ssl/ca.crt +#server.auth.client +tls.server.need.client.auth=required +``` + +## 3. Use the SSL config on RocketMQ +1. Client Side (System Properties) +``` + -Dtls.enable=true + -Dtls.client.authServer=true # force verifying server cert + -Dtls.test.mode.enable=false # not a test mode + -Dtls.config.file=/home/rocketmq/ssl/ssl.properties +``` +2. Broker Side (System Properties) +``` + -Dtls.test.mode.enable=false #not a test mode + -Dtls.config.file=/home/rocketmq/ssl/ssl.properties + -Dtls.server.need.client.auth=required +``` + + +## 4. Appendix + +1. It's a bug in Java: https://bugs.openjdk.java.net/browse/JDK-8076999 +``` +$ docker logs rmqbroker +java.lang.IllegalArgumentException: Input stream does not contain valid private key. + at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:278) + at org.apache.rocketmq.remoting.netty.TlsHelper.buildSslContext(TlsHelper.java:124) + at org.apache.rocketmq.remoting.netty.NettyRemotingClient.(NettyRemotingClient.java:133) + at org.apache.rocketmq.remoting.netty.NettyRemotingClient.(NettyRemotingClient.java:99) + at org.apache.rocketmq.broker.out.BrokerOuterAPI.(BrokerOuterAPI.java:74) + at org.apache.rocketmq.broker.out.BrokerOuterAPI.(BrokerOuterAPI.java:70) + at org.apache.rocketmq.broker.BrokerController.(BrokerController.java:189) + at org.apache.rocketmq.broker.BrokerStartup.createBrokerController(BrokerStartup.java:210) + at org.apache.rocketmq.broker.BrokerStartup.main(BrokerStartup.java:58) +Caused by: java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 48) + at sun.security.util.ObjectIdentifier.(ObjectIdentifier.java:257) + at sun.security.util.DerInputStream.getOID(DerInputStream.java:314) + at com.sun.crypto.provider.PBES2Parameters.engineInit(PBES2Parameters.java:267) + at java.security.AlgorithmParameters.init(AlgorithmParameters.java:293) + at sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:132) + at sun.security.x509.AlgorithmId.(AlgorithmId.java:114) + at sun.security.x509.AlgorithmId.parse(AlgorithmId.java:372) + at javax.crypto.EncryptedPrivateKeyInfo.(EncryptedPrivateKeyInfo.java:95) + at io.netty.handler.ssl.SslContext.generateKeySpec(SslContext.java:907) + at io.netty.handler.ssl.SslContext.getPrivateKeyFromByteBuffer(SslContext.java:963) + at io.netty.handler.ssl.SslContext.toPrivateKey(SslContext.java:953) + at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:276) + ... 8 more + +For illustration purposes: + +openssl genrsa -out private_openssl.pem +openssl pkcs8 -topk8 -v1 PBE-SHA1-RC4-128 -in private_openssl.pem -out private_pkcs8_v1.pem -passout pass:123456 +openssl pkcs8 -topk8 -v2 des3 -in private_openssl.pem -out private_pkcs8_v2.pem -passout pass:123456 +KSE can open private_pkcs8_v1.pem just fine (that is when running under Java8, things are even worse with Java7), while trying to open private_pkcs8_v2.pem will cause java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 48). + +``` \ No newline at end of file diff --git a/rocketmq/templates/ssl/ca.crt b/rocketmq/templates/ssl/ca.crt new file mode 100644 index 0000000..4b47bb5 --- /dev/null +++ b/rocketmq/templates/ssl/ca.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDZjCCAk4CCQCtAwqWe7vLNzANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJD +TjELMAkGA1UECAwCQkoxCzAJBgNVBAcMAkJKMQwwCgYDVQQKDANDT00xDDAKBgNV +BAsMA05TUDELMAkGA1UEAwwCQ0ExIzAhBgkqhkiG9w0BCQEWFHlvdXJlbWFpbEBh +cGFjaGUuY29tMB4XDTE5MDYxMzA3MDk1M1oXDTIwMDYxMjA3MDk1M1owdTELMAkG +A1UEBhMCQ04xCzAJBgNVBAgMAkJKMQswCQYDVQQHDAJCSjEMMAoGA1UECgwDQ09N +MQwwCgYDVQQLDANOU1AxCzAJBgNVBAMMAkNBMSMwIQYJKoZIhvcNAQkBFhR5b3Vy +ZW1haWxAYXBhY2hlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ANdzKEOXr/NRkJir0+vHGYkbAYhRZaFvAJTnjymAOtipAEWENgUTcNSOfdJu+0EZ +Xiw8sItYgj/WOBMdsHLDFDv2Z/tKZodPFOH2UkgmqrHEQLVSXoRcEaOMs9OXrVBy +0tzv2VQdGyihIM0hWHGXEcf7jbh7mhho0fVI0Kc7YfWrx1Q57ad4WzM9zAvsU5J4 +tyBGfgZQcScwVbyqc01N5Q0pUKRbVNgIYbr806a6lOHc0NfHrZFyyo0TGCF/U3o5 +Wkyb2Nm67IGJXwbFICi3u8IEVcqy/8JLHja8IXW89oksqY6lSkergsHpUESW1y7q +tREeeLbZqJVUUA/T8yLAr7UCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAResTmwE0 +JW9mvWfZX9jI5/ERUOklYkiTRNfbVtXMJv2dnqpI6ZqUoAt7Yq+W1jYHqqf+sSYP +jbaxO2aC5nTQIigdbrtNazpUScSiFCydu9wThlY4sGWu39Yy5YJ55MsE/Ra7J8lj +v7EjWe+eG54f9kOfjwAsH2oKIntxSvHvGoNZ7/46JwU3volL+EAVA+Yvs5mwR4F2 +NB9FItBK2TCRErmf6JrP/2TZ399kabVRk1ZSjGNoe3UQc5ZxlvtW3shGR0d98ysf +/AkVb6P77tAc4VX9ccoznc1xR/kzZMCu/AWc8TNV5lzVL4EfmKrtrzWAHkkeTLjY +lSck/qDdF0uKNg== +-----END CERTIFICATE----- diff --git a/rocketmq/templates/ssl/ca.srl b/rocketmq/templates/ssl/ca.srl new file mode 100644 index 0000000..3a6e474 --- /dev/null +++ b/rocketmq/templates/ssl/ca.srl @@ -0,0 +1 @@ +E58D4036D019CAA5 diff --git a/rocketmq/templates/ssl/ca_rsa_private.pem b/rocketmq/templates/ssl/ca_rsa_private.pem new file mode 100644 index 0000000..367ae2e --- /dev/null +++ b/rocketmq/templates/ssl/ca_rsa_private.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIlNAfpmmINeQCAggA +MB0GCWCGSAFlAwQBKgQQxMXaVtdrGf1s/DOwm1C3gQSCBNA5DnEMy5d3auB7nZVm +MNe4zwNSgQ/iEY7XLPIHTy2d+xyUcQBHbGw1dyHpUPJJfCLS0w46BZWoiMTZRhpO +sCNDbpGhaIVf54zZlXUm5suy3lIrydQTftn1TsUN5Ba2UVkmKNzfyoWFebfYx/YO +ZjyB4nxaQcxLjOl18eq+36uZHae5Oo8ccYO9rUHqWTpShalK4TH92qwQpH9YNoJP +zTPu/sCvovUPuyPNZ9RhoaDucwQs2oHzAPCBIHPu0bYVef8gklsSFCyM6o6UayRr +WwB8CSekwYLtGzZnAKQrOEaxwhdZRMzwC86YtFhPD3Qfo7MnsJ10bDCqaaDFkWCn +Y7N+FiBblZG5+QbBwu0ltNSHMr3en2xFkf4pp4TnlNOnqaZmI3Mw4Y9pX3+3XUL5 +3vC0dsygFw76RQNw1QK/XtdvXBKWvO/BPrZQsE6cRWyODsBf3oYJqocf+MWtszGi +wWuYwpA51aXyWiBB4oD43UYO1GVls9hMOcL3SorTT0XQbd9KFtvJoFpl92owlD6J +ht2UbmyrBq/nx8/9mYvPq1vudt0HxpbqJU2CMsUg8FzBrwQpthpdysduEfpyAIhU +iZ9NxM4eLmzPP82TwzjOb642M2Gc150Fbuh//EajSqpA303OcOjNVPtV5ZPv+Jqt +5JZFUiKwMogIfRllSfFKMihzpHi3y20oDsz96FO8Qz8Iri3VlLk6Hd8nc7Mhk6bL +Az2Nl18sHvPchnolm9/avWuVZb6P2y3xXFmdPk/Ow+rRKBXV9JEGd11KWd2Iof1x +MwDCilPcZG/ifYhbZFvrVQIvUT/PZH83p/3QFrGLZoAYxxyb5qhtPbTrAoPy6j03 +cZSLvrExD0iANCg9LRZbKjpz/kRhpChnJ0Xg3C4xgSMilqbsr8DgBp7Bns2ReV4B +DTvJgjgLGekgc2PEqt5IyHkCo4M9E981NiU90rtm/6SOtjXLaBvrEpQc09bmAExE +/Syvj8OgJwpsNBhbgOMILItNf+b5+xeVf1fQZVqaFBx4ENNHPx382+6LWKb1eMMW +fslO0MDcAC+8M7bsAZrvCSdHyF0rNdbjxYpETJRxPkbVaxhHnNKdXUp8YRAk93JE +iC7ZppGUrpizY9kMRGmSFai6jdMWEKOazOkScfbCoyVHbzWxD01WqR7Rfy3+1d2f +HNwPQTOLmPIpw9NZ0E+k6HBw1C1J0ZplhXA6m4vwlq4kJtmki2dvcRjGdViAHc9q +b4gDjGmR8uexs7UHcwxXCCUOKKrWxXnzqhB2NdBuU3Wz1I5VYtxJZxCIDdNlBGBz +jkXwwVS6tTV2MeUTwvel2LLeouf+XemHNjJseR/1d+RThYKbGsas4PiVdQXIJ5Dv +9OJbiFq7sypIAoLLCJx7zXAFr6CY/EdrcyZ2EISkIBILOfja2Yasm4xUiRE4/hxn +x/b6pCqvuDXbWDFCclMM2VqM+/MFDU7Sixl9xYb75Wnhc/0+C0T5KtrQjy3/1lUD +uBNSty/uKDUPTxxAhVNXKqfOZtTgtZtMqF9m3fVn5eF0ZLzEdoaAaOjIgLTJuxNK +fpUkT8YRwY+r0noBJAtX5Iz4KejrTUzQ2fHjF072ktL2AUCztyuGZKmBHlTnZq99 +639DZUIe/Ejtl2LqMz/ggksS/A== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/rocketmq/templates/ssl/client.crt b/rocketmq/templates/ssl/client.crt new file mode 100644 index 0000000..850057c --- /dev/null +++ b/rocketmq/templates/ssl/client.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDajCCAlICCQDljUA20BnKpTANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJD +TjELMAkGA1UECAwCQkoxCzAJBgNVBAcMAkJKMQwwCgYDVQQKDANDT00xDDAKBgNV +BAsMA05TUDELMAkGA1UEAwwCQ0ExIzAhBgkqhkiG9w0BCQEWFHlvdXJlbWFpbEBh +cGFjaGUuY29tMB4XDTE5MDYxMzA3MTA1NVoXDTIwMDYxMjA3MTA1NVoweTELMAkG +A1UEBhMCQ04xCzAJBgNVBAgMAkJKMQswCQYDVQQHDAJCSjEMMAoGA1UECgwDQ09N +MQwwCgYDVQQLDANOU1AxDzANBgNVBAMMBkNMSUVOVDEjMCEGCSqGSIb3DQEJARYU +eW91cmVtYWlsQGFwYWNoZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC9DgTX7RfPfdu7kI0LTDJZsEZjcO7v6jjuI5AsGie9V8jCYusJGI7VbHEF +DlAd8Bj+Di+VDSKyVhBwVvE9vCFtccXpnnbq1BuLTiJuMJ8JoAF6BZnnS7heGeXE +073nco8m90kt2GvDJ+GGtM29tDzAGRZiEXlGABQOvRblqUNK4ZyIOcS+nhPMxu5v +JF1kA2xS03ow+Sas0CtJ90yPCNJEczuyeXuyeJTlMKUsPyjzwQsKQRScipi7X6MO +h+4dDm3FRt0N4+H29yGHSjxgmlzR5H4/je7INW6YXCPoK5YrcsPfbgl2FvqHMMC2 +wH7+Yjlf1GCFWWAC84p6x+2DtbgdAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAH97 +Nia1GGSR2oyLD/AYuss3NyPkLvwjd2s2rZR2HfvqivRCrMSt8GAlQBhrN8dnVCd1 +j3dLQMEQ7iZ6lsL7Gjo8ppmz6el2yvZ0XHYkCS8YC7pu5G+9H2+SP5pFXA5CFowj +GCwUHETMnGEZ3dGIVn06Ifyu0nPNT22l0gycC7lZDz69i0JE7FN3ijBl2UCsfphm +9ayBf+bZ+ZQWGTaBO8hQcl4FNPle6Yw63/x4l47ks+zHw7pIOKE59gSbzimvi8zI +uLn0GnJrn+medVSlD1enDrWvEfFSL1ZyGkFiqMlBAQjHGDfj8+sTLfsA4pwnYNqq +1reXIuFOMouI4UVfgS0= +-----END CERTIFICATE----- diff --git a/rocketmq/templates/ssl/client.csr b/rocketmq/templates/ssl/client.csr new file mode 100644 index 0000000..4624fd6 --- /dev/null +++ b/rocketmq/templates/ssl/client.csr @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICvjCCAaYCAQAweTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkJKMQswCQYDVQQH +DAJCSjEMMAoGA1UECgwDQ09NMQwwCgYDVQQLDANOU1AxDzANBgNVBAMMBkNMSUVO +VDEjMCEGCSqGSIb3DQEJARYUeW91cmVtYWlsQGFwYWNoZS5jb20wggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9DgTX7RfPfdu7kI0LTDJZsEZjcO7v6jju +I5AsGie9V8jCYusJGI7VbHEFDlAd8Bj+Di+VDSKyVhBwVvE9vCFtccXpnnbq1BuL +TiJuMJ8JoAF6BZnnS7heGeXE073nco8m90kt2GvDJ+GGtM29tDzAGRZiEXlGABQO +vRblqUNK4ZyIOcS+nhPMxu5vJF1kA2xS03ow+Sas0CtJ90yPCNJEczuyeXuyeJTl +MKUsPyjzwQsKQRScipi7X6MOh+4dDm3FRt0N4+H29yGHSjxgmlzR5H4/je7INW6Y +XCPoK5YrcsPfbgl2FvqHMMC2wH7+Yjlf1GCFWWAC84p6x+2DtbgdAgMBAAGgADAN +BgkqhkiG9w0BAQsFAAOCAQEADPNzwKiL4s4XJNv1tUbwMGoxjgoIGit8o/cHkR1t +zM98KREvCsSxhR+oAjnXTq/sw57ZxDW49RABFswsKcq1gi/14XvQOLjn9q8+Lt3d +tZO0wnvF0wbPruMG1BzDNcNZ6cI6MxnffdgHaIvj8jZ6+ky3/AWFm54xQv/k2sos +Am9gTKFad+1nQWK0BB5LlL92CeJ070i1QaLqAcpqLNxQt/AHlcCYsXgh3Em4DE3T +NXQ6LfLDtXRMS4LHsCg9FpX5kdCBhtpR711F3dp/L8FT2mfI4dnpxiow3jE68+S9 +o3Xp+QCNmJ8MXlQx3X0mBO1Lb7dy6TgR1FCiltAx0JMhbg== +-----END CERTIFICATE REQUEST----- diff --git a/rocketmq/templates/ssl/client_rsa_private.pem b/rocketmq/templates/ssl/client_rsa_private.pem new file mode 100644 index 0000000..1c4e35d --- /dev/null +++ b/rocketmq/templates/ssl/client_rsa_private.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQI3Y+Ip2IEWYcCAggA +MB0GCWCGSAFlAwQBKgQQOKd56H9rUJh0G8frLK/QQASCBNDJCztIrpHwj0g5CusF +YQHVcL5BNDzH9Bg6B5LDmKAgXtgd9Xmy/asAmX1QGDUajGhbxFcLcUibvQKxOhzl +/Dwm2M3fR7gecosMU+K6T519nk/fsugXQfJUUPU7aGYwpSUz8myKHDUKlGRLJ23Z +1PX/KkB6ud4K5yGEkisCSxPO+rf+YjJCe7+VohsLKnC5mUiBxbGtPKxI5dzijZo+ +MksEaOklvJzJGgwlKgNj3D6OurASGYeyxbORaKkT3YBvW/RwuWJ5BTKMf7nMNIFS +umRPkacE5sgisyJHe4X0SHFvlthG4DXQ9SYE9Yh224RPQ3arv6NvSUO/FF33wDpZ +iKnrsx1GpB2+DmbXUNEYhlG9KFGR2gx2WtQBfcY1dUHQUvZ9XhGsgvkhHVUHrPXW +HfY2SddpIt0sgwTeni7f5AA6n0TEsESPwItbpReEgZv7D23gOEYD5voXzBHxn0YJ +B9ZiebD+SHqScZpJPuCvBIn+na2gdZLo5w4uK2tdMicv9Quf4I7mJXHsxUgGCRK0 +qXz3PjvmK/odJZf1+e4RB1wf90Pjp1YIlNzNkTDr0rWAiX5a1a82c2gZwULZZ8uM +yo0Cd6YE2idzzQrfXf4mejfhBc7EPqSbagvEwteUTUpMqHJifr22Cw9jdbXDNtB8 +ZyqebxOdfejZ1mMMaTFJSmXhY/a9l3XRPVwOAWcTjrZjAx+gHYYHOUaDdnB+etj6 +bhcUjnEM+40WT7n3DuTSnexSE2pwROqKbnrtlMqN5CTqWv1295Q/N6PrTyyQN3xD +zwZaXvIQPFh3BTm4m4otIVeYp3qqE0ESFsE46RZjtw3tSrAWbNrhl9m5LD65aKiO +S0zDW89RenUiLHaDa4r2kD18tAf8cTbls5E03IIcgR12vVT6c0rY5DM7VpI72fN0 +xsBML1BbJ8P8V8T5RHzxFhbcDfO7BGe/n4rAyrJQX/B1b5+RrhI8bGdMKjCsPeuG +qsmC+u6BlAd4/2nvvMHvUefkw2k9MiiWH/q7vXRvqi24LURutgM6G1+k7c7Cyeog +HDLz2QA2YYwMKO0sDHeF9D1n2dhCCoi60yRm4Hi8ePBIlJs+yAya+DI8LODM8xBm +ZkGMOUTQayFZ+GGgEe+aqnZiVqkBOIcY+cGofn6EKzPjTqrZ20g31Zlt/NNdJYmt +QiLjWsuHMy8NuAvPJtEKDqzFNI1aHmXVSpMnSujtwBxibnTu+pPjFSpyp4Ftdh1Y +VwfnNDDaoGtmRCVJQ3wxBbmCo85MkLAqsPu0aI3SyiUAYw7WX2vf4U0nzLUobFQQ +AXbdLHI9+eDZ042g76ZLdR5unye89iYoxblXSoUbYhJqmE7rgXpORouljg0GWdbi ++TP/uWlSrp7z0ErwewIydQ17SyA6MVrhhGgp/q/FRYx+dpUswPSvbeR23kzfeFNT +ICJToVli6C1M1+YA0wTehWJtCLYP/tBBRSVROnVdnZQ00ERJ96RzVtKnt0SdV/3e +gpj8NyJYnYuuO9H7NTk9K1SnKLfCBcsCU0Z5dHvoMkxEYr8J8nuZf9hy5IfbyUNO +9o6KhAB7SVIgwjCwlmzeczWXPVrdeYqWSTFrrIia5PDJkaZlX3pm2jjHHKmxWF0o +H6N5Z5yWW7emy8K+eSvMpfTJeQ== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/rocketmq/templates/ssl/client_rsa_private.pem.unsecure b/rocketmq/templates/ssl/client_rsa_private.pem.unsecure new file mode 100644 index 0000000..7e9a4e3 --- /dev/null +++ b/rocketmq/templates/ssl/client_rsa_private.pem.unsecure @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAvQ4E1+0Xz33bu5CNC0wyWbBGY3Du7+o47iOQLBonvVfIwmLr +CRiO1WxxBQ5QHfAY/g4vlQ0islYQcFbxPbwhbXHF6Z526tQbi04ibjCfCaABegWZ +50u4XhnlxNO953KPJvdJLdhrwyfhhrTNvbQ8wBkWYhF5RgAUDr0W5alDSuGciDnE +vp4TzMbubyRdZANsUtN6MPkmrNArSfdMjwjSRHM7snl7sniU5TClLD8o88ELCkEU +nIqYu1+jDofuHQ5txUbdDePh9vchh0o8YJpc0eR+P43uyDVumFwj6CuWK3LD324J +dhb6hzDAtsB+/mI5X9RghVlgAvOKesftg7W4HQIDAQABAoIBAFwuQLhUF58JXCGZ +etw+W/KVW8zS3P5IM1gSKRMH8caFzhLSDo4R1ltEE9uGPhRK5LTDj/naPMe95SgR +jHEwkQ//QKQHqy4XHBMRlwIpXPJhfTbVElTP++aONBWDtP3sQtaaDql29BxlDrcS +45qTDmgQE3Tf1kUGdsE0+7whivkwLxQS9V0G/Gk20Nfypx26iBGLPlf7DANn6CcM +DYySHF/AYjuwf7bHM7P6YOHGio3aZmV455RNw98lK29DwkAQnHwrs5Q9Dp+fibE8 +WrPDjB+mfJg/M5SHExnIbYxC/wO7GC2CnKEQ25jdC820yw/wPp3ug5fh9XDK6rd/ +CCA9mSECgYEA8e3IUZa9Xp3kkkJjPllcy8rsNv79+Ifmtn5Cx4klclHFQe2I8Wvw +/ZkhvjknDWaGxOYb4CEbLQCPQWxrvNp1/pItze68PrtsiSNnJHAjTnjXNaHc9wgy +y+/H4FqJy2Mfo0zGG65fCxiBSoFrx0K8p7Rs4nnrclohsRZ9Qc1/MmUCgYEAyAz2 +wwUrj76xUIta/j2Mnbnwcb0oY0uZVs9XMxpR05mGLw9FMSPTVWtE+rRCJ/dKBark +dSGkZ+rG8ICvgek09D6Tl+gSgUiM5mXPNcW3BuNF/EVQCGhakeyTFWUTGeuEb/Og +QsxccwcUHCXM4WryYnUu1yqzcpF+/hqlaMyrt1kCgYEA7hyht6PMeK6gxE9xDHG5 +wp7TxQFOCGoB6oX0xh027QCMTGo1CaC6zW8FZgssY6UQagUtVHhhHfbaCINkurit +v8QyLuiVAI1JsuRUZOm15ktLTe8k40J/dHdo22lhC/xgrEIpDh+eTfZtcl5VLQaD +VfBf5rwmvyL03C4NVFGkqn0CgYBf3P5+s8KNLncvvqfK/1mb15dmGZv6ASco11DU +9z7Q5FfNw0aH5sAFxdKXRLwTBMhe8OZrTsTG21WbuD7iRQuQI1B80cPUWhzS52Sl +QuqTDWPjIJ/ad483MCPHc9j0aczcDOX2PJHsuS6k0mRcfPBLyBW7HAZD138Aa2pq +TvHWeQKBgADj8mPJMyQfn6YcBCL81KvzF/1HmbdehIMh2kJNK/9g8PZOKx0KnIum +43JZDFnqheoZcHCO/K+IAR7Vw+MV4MWZ/pNG65rcFGwyXygVdV8j5/o5dfbY64jX +WZIixa4+pqr+PbILGC6YJrPBaxJclmzay+jFCkDyrfjIsJVXHmis +-----END RSA PRIVATE KEY----- diff --git a/rocketmq/templates/ssl/client_rsa_private_pkcs8.pem b/rocketmq/templates/ssl/client_rsa_private_pkcs8.pem new file mode 100644 index 0000000..f781bf6 --- /dev/null +++ b/rocketmq/templates/ssl/client_rsa_private_pkcs8.pem @@ -0,0 +1,29 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIE4zAcBgoqhkiG9w0BDAEBMA4ECLmmzAmLIjO3AgIIAASCBMETwEYAUaz988mU +3NyUox7+owFLpeIkqHptQ+KP/iMmP+cXJe+hLMjyvG7HGSauQ5ruNSUqg2OfaHrx +RqzBjESlkqOmJ7u7IGNRGFlds+SHikbgHoJb+sYP1K7qPeHpCMgq+JD3cV0F7UQF +cUZNv/4PLSsw/lo70N8+FaGeGRto0TO8Djhlvs4sPM4rlTazV5h3LpOZCYkO56Gd +DpwYo+bcr1S0GxZMgyRbggAvcL02GTTvSoH5KdzX10UbH/pJh6Q28Syagg713iX8 +rku958UMtpluwlOmvjlZ8yxbz49q4UhUS1v9Ox/YB5XRwOQSCopJIWRJSgjLj3mj +o7APtLueV07nZ1jMG35T1kD5KhjwfXSjDpIWfeBuDy7rLzqHHNrCfZO97C8xltTn +25IItpQ3nKdzFA9+YuwSixPMUnR7pFrDKktU22DNpQGaXOBMKiKHk7nQv7oKCt6q +0WUa4H/flxVk94kLOKSND1UqNlrsGqoMjjC55DM1s+LsxdvXeMqiNTAJFI3sAxRM +o6SPqKuUxG+m9m/AqWXvwjVlnCXvTiWPUa/FBRvTUZUllxLwunhpJQNkbKLOqWjN +GPc2U8iaUf0FeXeCPoYervkU4cJBR6BAEgHfb7EFXh4gY7I8XOXOSENxVxnSWiWp +zVv0J+egmzbobwW/XvxK1+IyaFL9P9enUnyqmlIYEJqKp/QwMAdUiNuP+VZuFIBE +JldINC8KsvQREtYn3zImDbMvP9cDp9n8EFI0/9+R3BPrBhFBlfY06OfP6G2Dqynx +3RbbTcQKcCYwOkogZIsqCg4f7gRgTSPw71FrrcZO+JlBF7zF5COv9vr7wKcoBUkc +tVedq08mQOuGdz7NRiwMvapecdK9EQGGuMVrppz/6fbxYqUp3xFcT+KJ7yqfpv0f +KQF8zbjkcFawQic9lTFB/Xa14nOUQC7UDVcOOrBNic0WKRz8+bo78Mtsqe5abKhs +IkhR4w2YfhPMyCZTREeCeFdhSbDadseI+EoTyOYAIBJRCNI5rKDhWlVTdQNZ+wot +JO8Pnyi+FtSrmqoBATeBY4SzTH6+cDX0WLtiJl2KLvY8ezlvv+dzuv1Umm8Hp/El +tjBqNwU3pLQXJpuagX+6zOexghKHR9nvh/McEGWk5NTk8n+dedMkWxU2TB6Cteo/ +JB7zN/xl32uMw+74xuAaS0WblXmfMFm6FJrtOZ2xfxBZSc3yktfca5viIRLtRP0I +9EyGp05I71gr/5FV1ENitLFnso0GfFZ73gsRtRH1Jdcr09O3XmFcUAXWTJuo6u4h +fYMU98h/0sQ02PYYO1lWhK0zqJ1UD9MtpTUCt6gCgEq4FuZeHzfVbBZX5/b7G+q3 +dtmIIrITd8DZa4bzAYJzMPa4KfK95NuECUjGTlM+PuVKHTXC+ej9zlDm35XDJ/FU +N7H+c65GGrYTPro4R9tu/2T/P486icepC3gPC7nnMm7/zdORxWLzDIlZm3vkTG1T +p4Q3vF5+eYkMT42WV92o2JdYWU4YKgTTrrWEjO4MBHitZ/Apz4oz2bDiYZXFB+eS +Bysd1n3lvrk7huZ8o38sFW10mbdWPFjEb7ky7QaHUmpsmFIPT76yJ7+0msEt7Lv8 +fPuDvh9oqg== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/rocketmq/templates/ssl/server.crt b/rocketmq/templates/ssl/server.crt new file mode 100644 index 0000000..ebbfb40 --- /dev/null +++ b/rocketmq/templates/ssl/server.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDajCCAlICCQDljUA20BnKpDANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJD +TjELMAkGA1UECAwCQkoxCzAJBgNVBAcMAkJKMQwwCgYDVQQKDANDT00xDDAKBgNV +BAsMA05TUDELMAkGA1UEAwwCQ0ExIzAhBgkqhkiG9w0BCQEWFHlvdXJlbWFpbEBh +cGFjaGUuY29tMB4XDTE5MDYxMzA3MTAxOVoXDTIwMDYxMjA3MTAxOVoweTELMAkG +A1UEBhMCQ04xCzAJBgNVBAgMAkJKMQswCQYDVQQHDAJCSjEMMAoGA1UECgwDQ09N +MQwwCgYDVQQLDANOU1AxDzANBgNVBAMMBlNFUlZFUjEjMCEGCSqGSIb3DQEJARYU +eW91cmVtYWlsQGFwYWNoZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCrcoEkq7+3+/j6kptOBxJSC3y90oGOyQvMJyCmsytwr+Qj0J7so3ZyBp8B +lsUdvgq6Z9NzZpgu+bsjvIws/Ej6yfdM+TSPc7WdctRwtJjbxsYNRXI5X6dLf8gn +u9eXSkTzaJhNyx0+r0hH24ts1rTwAVXB5Rfb0A8748fR5Lx8juN+SSfCWaTQKqmd +QDiQN08WkCeNTnxMWOb9AqN2XAxj9GCCJOIdlr/XyPNWIJuIZkL+R6WsjIcR/7NH +v58VB9I0ve4tjd0fk7SpHrIqi3q87lt43Pf05yQqIp90HU5wu55JT6p9YsW+UaSl +eVVIxVAhehou4Q3oOjPNcJABwgPRAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAKM2 +rIbsKe+kpxdVgoZSznWztN10APYtGM/0ss76B2mT2SCmKDdhbkeCG4VW6qw3CtUs +odPTp4pKtG9UF/J3BAgwIHI0LnWQfxJ973t7vfzP9D1Q7/X6j4UaMbldj442MEDM +pItITWPxpEqMdd4O3EcqsxbqQRWiugjQ57+Z80GxoSFSthIMX3nUjGHfbewxy/Jk +VPdyqElzcJ0CwRE0Dey18h+bbqdyDaG0wJ+HKZlbx2A018SX+VhyTUpnytrTHhVb +SD9rsdtFJFfnyeatJMmtjn/Hlhb19k4kk/UxiStW95zxmesen9OHi1bRlUvPKcOO +bwdeH2xp7R1Tio1CY4E= +-----END CERTIFICATE----- diff --git a/rocketmq/templates/ssl/server.csr b/rocketmq/templates/ssl/server.csr new file mode 100644 index 0000000..5a8051c --- /dev/null +++ b/rocketmq/templates/ssl/server.csr @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICvjCCAaYCAQAweTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkJKMQswCQYDVQQH +DAJCSjEMMAoGA1UECgwDQ09NMQwwCgYDVQQLDANOU1AxDzANBgNVBAMMBlNFUlZF +UjEjMCEGCSqGSIb3DQEJARYUeW91cmVtYWlsQGFwYWNoZS5jb20wggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrcoEkq7+3+/j6kptOBxJSC3y90oGOyQvM +JyCmsytwr+Qj0J7so3ZyBp8BlsUdvgq6Z9NzZpgu+bsjvIws/Ej6yfdM+TSPc7Wd +ctRwtJjbxsYNRXI5X6dLf8gnu9eXSkTzaJhNyx0+r0hH24ts1rTwAVXB5Rfb0A87 +48fR5Lx8juN+SSfCWaTQKqmdQDiQN08WkCeNTnxMWOb9AqN2XAxj9GCCJOIdlr/X +yPNWIJuIZkL+R6WsjIcR/7NHv58VB9I0ve4tjd0fk7SpHrIqi3q87lt43Pf05yQq +Ip90HU5wu55JT6p9YsW+UaSleVVIxVAhehou4Q3oOjPNcJABwgPRAgMBAAGgADAN +BgkqhkiG9w0BAQsFAAOCAQEAPVQCIHeZszbwZWBWYxSsOyg8zdGJUJr94coP1Vqf +h4iSiMUQDIAVpobw2Np1f1SfIU/kc3jK3pSk+ac7kb5hf/2WA8UJMtyb4KUYxhYL +U6x+/imKjijLQb2UMOx9QyATMzX9N+r42mblWpGKbeT8v2iXXbFWOB6xffR3VmfO +FmZkHCTe0rO29wfDvJNG7UM7o7a4v9hu3FU3wu0woJKmNm7We8ePIYg1aWAoT7+6 +XloBIX4vpmqQgG1DoAwkJIQIyr+4z8o6MXDdMDYHK+OaRz0u7CpZD3fkWm92ceYP +W5jYtEV/krwwbMJJNOc3UlBf1bFnD6PrfCH68G4rnn2OtA== +-----END CERTIFICATE REQUEST----- diff --git a/rocketmq/templates/ssl/server_rsa_private.pem b/rocketmq/templates/ssl/server_rsa_private.pem new file mode 100644 index 0000000..c375910 --- /dev/null +++ b/rocketmq/templates/ssl/server_rsa_private.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIFwd6743xwR4CAggA +MB0GCWCGSAFlAwQBKgQQX+Zs4Opeu6nFw/SBfyRyzQSCBNAIkBV3aYRvkRrx9cPC +4Kui3tXktAPJz7/EAXjCS3ahBmBfCIQCDTvpNFBmtP+rbQFMh2RMVD8ntnhfRblN +++/XrDCPqA5qsovKXgrrpxsEYY8Z6l1V9N16y14heawVtR82mNDFRZ4i6RS8+B2X +WLf9wv3gmkBJuvkD9q3IT3uO6w8fbF4xaZ3tT+n6tlcvmZ6Ux9AZEpgrZvtIPhF7 +aCZMRhi0JqZALIjf3FK4EgFNzNFwLCLixPczvJvGRP8yf4oqC/dg6T5AiAdPLhyt +ccWAtgKDQu7iPGVe0MYlRhtXrSt13WlAt7Yg+0gcIMmYGyeAMZd12vBYUtR3ts3c +gy/K2OzcH0V4a69llbx1NzpoEzt4kKVjDWnIy++a0/nwVAI5WX2HwgPbs+ShQ3VO ++CWpSsGjUkReA2ObbIf9AHk97SysBkfULA0+DYfD7IrdSunmZVpdkj0gYEJo7jy+ +nn98LHBZqlJSerLoF/zInSAY8Ym4abtCvUjlAo+9Rm1DLlIEnbRvkAuLq7d8p6Mn +mHRgvvLlgGmDkOa4LzE/Q8+JD8X4XeVmPXT9JWYmOfJFKu1fP7gVXevyp4XfQNHD +7/d/0y3OAHpVWEWIT0hmuyYy3t0DOZx8HFlc3d4kHBXDtrVfXuQ7Ny6u3M3pbAGO +RdPT7a2X94o5/IAphmarCHIMosek0voby2oK2JL96hLl2vDFbAowN7TOxuiQKdjz +VW7XiELiXXcE7J9xhu+ZCmvgMTJP29tiu2/i0Tj2Nxz9EkPjIuDRm3BqPAxTReU8 +tUFj0t9Wuj2KTLPKbKt664Z92xFaS7MIFJrm3l6H/oGNa3qIpLYiBJeKN6ktCzbC +4ZQpUkz2uZDJBwcFKh7CJbc0HBSRgxa0MbW01VQBXz8zkzfDr2XUvNddA3gs5iP6 +sUtlUVK74MjfHmnsjQUsDNRLH7kMPjAlVS8qyamNMzBWmMcvS+orc59dzCVckmBu +MqJWKZLwU/gcSQRhGzokaYe40qtoNzcQV2YlUP4gotpC3AlyJlYHNEl65MbWjTKB +TyWXXdJJ7Hfn2j6k0PXhzHsNKBfTcy465no+/BR+wBpY7b3fIN5+EgGiisAM2gjX +eMRMhVOfV4+qY+nYARH4tavu2Sn5la6sqEGolu4iLp8hcMoJe9No6T4NDaAqMNWU +5wH+QunEL/eRfMY9Y1bxP+NspqOIjP++TXHN1i95eZsWF7au/B7Nl/5arkT3dqDO +sNv33Igatad8lkY7wy/lknqYPYyqSuQAmNuhIcNOJIv73ssaXqIhUtl/GDj++j5W +em2J3+cwEZyyQ+Bp4IDz3MHLa7cR8sAyWgREnAsbL1PhH47t44xUxDWe/zEiD1Qm +H4ak6adLQRGfPeSSEk7X4G8MPZ5rIfBX7BFamTnBaFvxCmiVRFd44dP4hEN+ozE8 +NQZdgGm4S6MENTgZTypEQ3i4H59sizrdW0kYcBP3taqKN/5p8/D+Pkg7UQf5ma31 +3UJinBWNGFQYUtCWLzkGCVypwnBSworlPHsRmFR/3uqozNNWa0x6uCAkpKzd5tXk +MwkgPA9Sf6ZXCNsfVoz8PfIC9Blj9LrOVkWfUUEztaNjet15gi0NJFuMfDoGeJ7J +OaYpJ1sk8E7q6rd3Br44CfTvlw== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/rocketmq/templates/ssl/server_rsa_private.pem.unsecure b/rocketmq/templates/ssl/server_rsa_private.pem.unsecure new file mode 100644 index 0000000..05b1053 --- /dev/null +++ b/rocketmq/templates/ssl/server_rsa_private.pem.unsecure @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAq3KBJKu/t/v4+pKbTgcSUgt8vdKBjskLzCcgprMrcK/kI9Ce +7KN2cgafAZbFHb4KumfTc2aYLvm7I7yMLPxI+sn3TPk0j3O1nXLUcLSY28bGDUVy +OV+nS3/IJ7vXl0pE82iYTcsdPq9IR9uLbNa08AFVweUX29APO+PH0eS8fI7jfkkn +wlmk0CqpnUA4kDdPFpAnjU58TFjm/QKjdlwMY/RggiTiHZa/18jzViCbiGZC/kel +rIyHEf+zR7+fFQfSNL3uLY3dH5O0qR6yKot6vO5beNz39OckKiKfdB1OcLueSU+q +fWLFvlGkpXlVSMVQIXoaLuEN6DozzXCQAcID0QIDAQABAoIBAFKQlSLc1zo6TUAW +pFYiT69VOuCLZLsnlNffK/k7pbrh6eNZj390hREKoT55pjnZkH8OiyUzDizpNTdT +kMoFQPwNkVvvU2GWHqtRZn9UaZzFkBFKFWUN7JoOUozYCE4ihSwXfelQ3KeYcB2y +2+UxTPecHPmAY0oHW57C5jLtjdwJhjo3m3S+lh79uFE4u+QIUV86Psn8JBLej2QU +AYUy7AaAMuLHsJtWtP5jpaCKikCWYtfaCHismWpN2RbIwVp+unWhpryUpOOZx5F/ +iEE8OaDAkZimPgS2Bh67VmX2+SmaRFDRXKWEUXP3v7EVPY40SIZfZcqW7JSVrHkp +w+/pNUECgYEA0gw84EFJBGumMptwjTffajrtynE/cjtYSp/cmYisQsQXcb2DSjTS +zrK2kJmJUCuEeM1GQRkS0by4lk157BzZaBcMwad/4zwJ8ZU8676yKv0Rf488+DE4 +4IWByoSYElH9N9iW2eWWuH8+BeP86JUt+DgLqPBLsy7PKndNbzJE4BkCgYEA0PRw +JeNfjvcGTLDmm2qbtYYzheIUdQmwYUrYqRQCRPP3jxJIrrvwn9ID6Cx8FS2vdsXr +3vxYdaDARrijF1pDH3swm3GHrIV/qYAkb4Cy9mdoXK96AB0RD5plbo15952d6kfD +OdZ3D+FXUdJbqHIR0Vk60iRSR+bphfOK73r32HkCgYAd5/Ym68Ssp3MTU4RT5ved +VWST5UnmRsLMZTRwe8AjBW5dGGGACENXgKRztBiT3I5Q8NEm5Z4DVL5nUAKi9nyR +0G5ViDayMNMtnVT+L7mIW13Jbqh8oe16MigHoJdSTHAkKmdYANNT03IOPqa8qrjP +1ZL7a7MrgOeoITJaOasKyQKBgES81JOyK4JFQt5Bp2ri9BwP7K0TRTWHHW20CHf+ +bAyw0PRQyHYqvypkFQLwd1UkNT92NnShQJxZaEcbgBMzjzcw+Dl6bG5VcDybOeEw +Ti7+r3cmBpU4+p7OZKWshr3tLMCgINnK8lnYADibYamU9MWQe+gbKLIchR+akU7c +feHJAoGADF8pbOuCpRFZnUYzKh+RP2tHcRJSGSi7VouI9tCx+NXfKuuFlfw3+2ug +/xmbjwzXYUDw+VjpOYA1OAsqmtyk4sJKP2z4oA1RLUfuL1nXyHRgMQ39/KmY4/Uy +2hPaS1CkfAgSGqTpb0ciY8ELCJQIDrX3QNgCeR1cCHxLygDVGvc= +-----END RSA PRIVATE KEY----- diff --git a/rocketmq/templates/ssl/server_rsa_private_pkcs8.pem b/rocketmq/templates/ssl/server_rsa_private_pkcs8.pem new file mode 100644 index 0000000..8fd3c9b --- /dev/null +++ b/rocketmq/templates/ssl/server_rsa_private_pkcs8.pem @@ -0,0 +1,29 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIE4jAcBgoqhkiG9w0BDAEBMA4ECJOZ3PKU8BRPAgIIAASCBMAocpv2E45lph1C +G5zcJbwMJw08ER7ouxnhcGyKt+CXIbMESikTUUJDudCWgTiTIt/A0baNPW4m6Zv+ +oJhvMBFl7KfUyCkVRpSw53ygHM6TeeIS0UP6x7eB9++yNCJ3ZVF7OzVvmDwx9FnV +XOfgQjZIIvcyXgn5jwj82PB7YG3fwQye4AUgmr6ngbMk/GZ35XIZSfPptHHdvkxG +DifswZynDX8FeH4NAKZJilC0m/gO2OayVRHl19LVTu9V/1SKya0uLJvP9Lezqwl9 +n1cSexe8rbpho3HX5nRbWk3T2/sM1F/fD/ylDdzgrvLe7xmlbExhBMZfIaFnTJu3 +4+dJBYlS7cBBeF2B+9/4r6TXVtZMsjNVmWLEye3ExXCOY41fKvTv5qH4TyXXrsrc +1G4Bv4+oNXa/WnfF8qDlvtsSouOPWHtQEQMVMKyaLL70Z1wyKFVtFT8EbkGmT878 +lJX/XsgXgfq61+OZUpriQb1+0nzlPStnRRUL07D+ryllvFRoIBh1q9OwIvdVHDsI +zh+KCVsPEuq7VdIW+wNRiomIGu4SLjquPYxyOnqV3YVmcSUfzbo+li1QcplC6WVS +LICZsvIuCUtEAOTXzJdcUMKSNgYX+sCLZBrG+EYZhTBFwTELSTGESC3gGGdua1nq +Bm86S1wBgY6i9jIDxvuLXOVcphVUB6/9PQrxbVAtrpeDXGAyMj72h1GSGehr/VuS +jlSNz/LLXoSCZKs6faPo3B0PM0VMN87dVNVpOw+3eTkdy2x/0H2oAoGVIbtSTvbh +bmTbCcMiXlwCBgfUZUu+6YuwRZzxXxS8gNpXW/RT8KNnmCLGNtjJhQN4hHfrKsAI ++M1qAVbkSixHRGWQygbFSUUQ8h7OYFMft5YpnKLgl/BaMjzAsFZOFbcOAerQHcL7 +FatCQpBCmQ8MleiEzK7rN7IGYe7yx0HW1NzX6ym2uhCUtwipH6sspT7hDJvMrGFW +vAQwBBdw6ewmjq+XCliSDNFTp1TRkiN0ilgeLS+EIBPKh0SFooXe5oXJhbTNVQem +is958jgJLeDGVDZrjyZq2ptPYb0kXmGQKvhnqZkO8hqI1xGbGZm7tERivolclMN2 +e4Yh1D68fcyOzpmfPiVN6T22I0GMAtq8exO+F2LTdarGWnBRr6aOp6QSPz7iMQhf +OHXUj4smLGkZT5XIlinoVK5YlKIq5aUusKrS9hxqNfyMTz9iETiNNg9hCTolXKvN +tuYygAMR44DqhLTsQLr/8++DxdLZ4v3Rd16q/YX1GNAUMvNEMzokDbp50+ET36Mg +VZu3SeRmjnh5SvohDRbM4uool+0KFkGjsB3UpyeF1QgfNcUuc608VnFFF3XIErw9 +TaARow1v8LJ9+C2p8ZweSr5npatP4uMcDZ3DalRx7Dhef5PpOmt0BTuV9AJpBLDe +l3qpQo/z5a25wJa1fe7xk2nbVGjI7goxJSJu4BovE9pBw0GkQz44xNiKn+S4Bunp +lIJ9CpB1i9+EN7xxcG2vPkcsajgCmoXqlMfxvuvegZPISAwsxjd9WPO8BuC1a6dA +EmVffgNsK43YGSnBJZEmmOb+1uGvbZJHLiMcpTF2xiaCr9qxDurn1euOFJ4nIF1f +ONZTTyJQ +-----END ENCRYPTED PRIVATE KEY----- diff --git a/rocketmq/templates/ssl/ssl.properties b/rocketmq/templates/ssl/ssl.properties new file mode 100644 index 0000000..de79016 --- /dev/null +++ b/rocketmq/templates/ssl/ssl.properties @@ -0,0 +1,13 @@ +## client setting +tls.client.certPath=/home/rocketmq/ssl/client.crt +tls.client.keyPath=/home/rocketmq/ssl/client_rsa_private_pkcs8.pem +tls.client.keyPassword=client +tls.client.trustCertPath=/home/rocketmq/ssl/ca.crt + +## server setting +tls.server.certPath=/home/rocketmq/ssl/server.crt +tls.server.keyPath=/home/rocketmq/ssl/server_rsa_private_pkcs8.pem +tls.server.keyPassword=server +tls.server.trustCertPath=/home/rocketmq/ssl/ca.crt +#server.auth.client +tls.server.need.client.auth=required \ No newline at end of file -- GitLab