Commit 8dcdd502 authored by caiyanming's avatar caiyanming

add rocketmq

Change-Id: Icae37d3895b4451478c571383b1b6ca92ba4b99b
parent c6878288
---
name: ISSUE_TEMPLATE
about: Describe this issue template's purpose here.
title: ''
labels: ''
assignees: ''
---
The issue tracker is **ONLY** used for bug report(feature request need to follow [RIP process](https://github.com/apache/rocketmq/wiki/RocketMQ-Improvement-Proposal)). Keep in mind, please check whether there is an existing same report before your raise a new one.
Alternately (especially if your communication is not a bug report), you can send mail to our [mailing lists](http://rocketmq.apache.org/about/contact/). We welcome any friendly suggestions, bug fixes, collaboration and other improvements.
Please ensure that your bug report is clear and that it is complete. Otherwise, we may be unable to understand it or to reproduce it, either of which would prevent us from fixing the bug. We strongly recommend the report(bug report or feature request) could include some hints as the following:
**BUG REPORT**
1. Please describe the issue you observed:
- What did you do (The steps to reproduce)?
- What did you expect to see?
- What did you see instead?
2. Please tell us about your environment:
3. Other information (e.g. detailed explanation, logs, related issues, suggestions how to fix, etc):
**FEATURE REQUEST**
1. Please describe the feature you are requesting.
2. Provide any additional detail on your proposed use case for this feature.
2. Indicate the importance of this issue to you (blocker, must-have, should-have, nice-to-have). Are you currently using any workarounds to address this issue?
4. If there are some sub-tasks using -[] for each subtask and create a corresponding issue to map to the sub task:
- [sub-task1-issue-number](example_sub_issue1_link_here): sub-task1 description here,
- [sub-task2-issue-number](example_sub_issue2_link_here): sub-task2 description here,
- ...
stages/
.idea/
\ No newline at end of file
## How To Contribute
We are always very happy to have contributions, whether for trivial cleanups or big new features.
We want to have high quality, well documented codes for each programming language, as well as the surrounding [ecosystem](https://github.com/apache/rocketmq-externals) of integration tools that people use with RocketMQ.
Nor is code the only way to contribute to the project. We strongly value documentation, integration with other project, and gladly accept improvements for these aspects.
## Contributing code
To submit a change for inclusion, please do the following:
#### If the change is non-trivial please include some unit tests that cover the new functionality.
#### If you are introducing a completely new feature or API it is a good idea to start a [RIP](https://github.com/apache/rocketmq/wiki/RocketMQ-Improvement-Proposal) and get consensus on the basic design first.
#### It is our job to follow up on patches in a timely fashion. Nag us if we aren't doing our job (sometimes we drop things).
## Becoming a Committer
We are always interested in adding new contributors. What we look for are series of contributions, good taste and ongoing interest in the project. If you are interested in becoming a committer, please let one of the existing committers know and they can help you walk through the process.
Nowadays,we have several important contribution points:
#### Wiki & JavaDoc
#### RocketMQ SDK(C++\.Net\Php\Python\Go\Node.js)
#### RocketMQ Connectors
##### Prerequisite
If you want to contribute the above listing points, you must abide our some prerequisites:
###### Readability - API must have Javadoc,some very important methods also must have javadoc
###### Testability - 80% above unit test coverage about main process
###### Maintainability - Comply with our [checkstyle spec](style/rmq_checkstyle.xml), and at least 3 month update frequency
###### Deployability - We encourage you to deploy into [maven repository](http://search.maven.org/)
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
\ No newline at end of file
Apache RocketMQ
Copyright 2016-2019 The Apache Software Foundation
This product includes software developed at
The Apache Software Foundation (http://www.apache.org/).
# RocketMQ-Docker
[![License](https://img.shields.io/badge/license-Apache%202-4EB1BA.svg)](https://www.apache.org/licenses/LICENSE-2.0.html)
[![Average time to resolve an issue](http://isitmaintained.com/badge/resolution/apache/rocketmq-docker.svg)](http://isitmaintained.com/project/apache/rocketmq-docker "Average time to resolve an issue")
[![Percentage of issues still open](http://isitmaintained.com/badge/open/apache/rocketmq-docker.svg)](http://isitmaintained.com/project/apache/rocketmq-docker "Percentage of issues still open")
![Twitter Follow](https://img.shields.io/twitter/follow/ApacheRocketMQ?style=social)
This is the Git repo of the Docker Image for Apache RocketMQ. You could run it through the following ways:
1. Generate a RocketMQ Docker image
2. Run the docker image with the below modes:
1. Single Node.
2. Cluster with docker-compose.
3. Cluster on Kubernetes.
## Prerequisites
The Docker images in this repository should support Docker version 1.12+, and Kubernetes version 1.9+.
## Quick start
### A. Generate a RocketMQ docker image
Note: This is an experimented code to allow users to build docker image locally according to a given RocketMQ version. Actually the formal images have been generated by RocketMQ official maintainer and stored in docker hub. Suggest common users to use these remote images directly.
```
cd image-build
sh build-image.sh RMQ-VERSION BASE-IMAGE
```
> Tip: The supported RMQ-VERSIONs can be obtained from [here](https://archive.apache.org/dist/rocketmq/). The supported BASE-IMAGEs are [centos, alpine]. For example: ```sh build-image.sh 4.5.0 alpine```
### B. Stage a specific version
Users can generate a runtime (stage) directory based on a specific version and docker style operate the RocketMQ cluster/server/nameserver beneath the directory.
```
sh stage.sh RMQ-VERSION
```
> Note: RMQ-VERSION is the tag of the RocketMQ image.
After executing the above shell script, (e.g. sh stage.sh 4.5.0), it will generate a stage directory (./stages/4.5.0). User can do the following works under the directory, assuming the RMQ-version is defined with 4.5.0.
#### 1. Single Node
Run:
```
cd stages/4.5.0
./play-docker.sh alpine
```
> NOTE:
Some Linux Systems (e.g. Ubuntu) may generate path
```stages/4.5.0/template```, please adjust the command accordingly.
#### 2. Cluster with docker-compose
Run:
```
cd stages/4.5.0
./play-docker-compose.sh
```
#### 3. Cluster on Kubernetes
Run:
```
cd stages/4.5.0
./play-kubernetes.sh
```
#### 4. Cluster of Dledger storage
Run: (Note: This feature needs RMQ version is 4.4.0 or above)
```
cd stages/4.5.0
./play-docker-dledger.sh
```
## 5. TLS support
Run: (It will startup nameserver and broker with SSL enabled style. The client will not invoke nameserver or broker until related SSL client is configurated. )
You can see detailed TLS config instruction from [here](templates/ssl/README.md)
```
cd stages/4.5.0
./play-docker-tls.sh
# Once nameserver and broker startup correctly, you still can use the following script to test produce/consume in SSL mode, why, due to they still use the SSL setting which exists in JAVA-OPT of the docker rmqbroker container.
./play-producer.sh
./play-consumer.sh
```
### How to update RocketMQ image repository using update.sh
Run:
```
cd image-build
./update.sh
```
This script will get the latest release version of RocketMQ and build the docker images based on ```alpine``` and ```centos``` respectively, then push the new images to the current official repository ```apacherocketmq/rocketmq```.
### How to verify RocketMQ works well
#### Verify with Docker and docker-compose
1. Use `docker ps|grep rmqbroker` to find your RocketMQ broker container id.
2. Use `docker exec -it {container_id} ./mqadmin clusterList -n {nameserver_ip}:9876` to verify if RocketMQ broker works, for example:
```
root$ docker exec -it 63950574b491 ./mqadmin clusterList -n 192.168.43.56:9876
OpenJDK 64-Bit Server VM warning: ignoring option PermSize=128m; support was removed in 8.0
OpenJDK 64-Bit Server VM warning: ignoring option MaxPermSize=128m; support was removed in 8.0
#Cluster Name #Broker Name #BID #Addr #Version #InTPS(LOAD) #OutTPS(LOAD) #PCWait(ms) #Hour #SPACE
DefaultCluster 63950574b491 0 172.17.0.3:10911 V4_3_0 0.00(0,0ms) 0.00(0,0ms) 0 429398.92 -1.0000
```
#### Verify with Kubernetes
1. Use `kubectl get pods|grep rocketmq` to find your RocketMQ broker Pod id, for example:
```
[root@k8s-master rocketmq]# kubectl get pods |grep rocketmq
rocketmq-7697d9d574-b5z7g 2/2 Running 0 2d
```
2. Use `kubectl -n {namespace} exec -it {pod_id} -c broker bash` to login the broker pod, for example:
```
[root@k8s-master rocketmq]# kubectl -n default exec -it rocketmq-7697d9d574-b5z7g -c broker bash
[root@rocketmq-7697d9d574-b5z7g bin]#
```
3. Use `mqadmin clusterList -n {nameserver_ip}:9876` to verify if RocketMQ broker works, for example:
```
[root@rocketmq-7697d9d574-b5z7g bin]# ./mqadmin clusterList -n localhost:9876
OpenJDK 64-Bit Server VM warning: ignoring option PermSize=128m; support was removed in 8.0
OpenJDK 64-Bit Server VM warning: ignoring option MaxPermSize=128m; support was removed in 8.0
#Cluster Name #Broker Name #BID #Addr #Version #InTPS(LOAD) #OutTPS(LOAD) #PCWait(ms) #Hour #SPACE
DefaultCluster rocketmq-7697d9d574-b5z7g 0 192.168.196.14:10911 V4_3_0 0.00(0,0ms) 0.00(0,0ms) 0 429399.44 -1.0000
```
So you will find it works, enjoy !
### C. Product level configuration
The project also provides a usage reference for product level cluster docker configuration and startup. Please see the [README.md](product/README.md) details in /product directory.
## FAQ
#### 1. If I want the broker container to load my customized configuration file (which means `broker.conf`) when it starts, how can I achieve this?
First, create the customized `broker.conf`, like below:
```
brokerClusterName = DefaultCluster
brokerName = broker-a
brokerId = 0
deleteWhen = 04
fileReservedTime = 48
brokerRole = ASYNC_MASTER
flushDiskType = ASYNC_FLUSH
#set `brokerIP1` if you want to set physical IP as broker IP.
brokerIP1=10.10.101.80 #change you own physical IP Address
```
And put the customized `broker.conf` file at a specific path, like "`pwd`/data/broker/conf/broker.conf".
Then we can modify the `play-docker.sh` and volume this file to the broker container when it starts. For example:
```
docker run -d -p 10911:10911 -p 10909:10909 -v `pwd`/data/broker/logs:/root/logs -v `pwd`/data/broker/store:/root/store -v `pwd`/data/broker/conf/broker.conf:/home/rocketmq/rocketmq-4.5.0/conf/broker.conf --name rmqbroker --link rmqnamesrv:namesrv -e "NAMESRV_ADDR=namesrv:9876" apacherocketmq/rocketmq:4.5.0 sh mqbroker -c /opt/rocketmq-4.5.0/conf/broker.conf
```
Finally we can find the customized `broker.conf` has been used in the broker container. For example:
```
MacBook-Pro:4.5.0 huan$ docker ps |grep mqbroker
a32c67aed6dd apacherocketmq/rocketmq:4.5.0 "sh mqbroker" 20 minutes ago Up 20 minutes 0.0.0.0:10909->10909/tcp, 9876/tcp, 0.0.0.0:10911->10911/tcp rmqbroker
MacBook-Pro:4.5.0 $ docker exec -it a32c67aed6dd cat /home/rocketmq/rocketmq-4.5.0/conf/broker.conf
brokerClusterName = DefaultCluster
brokerName = broker-a
brokerId = 0
deleteWhen = 04
fileReservedTime = 48
brokerRole = ASYNC_MASTER
flushDiskType = ASYNC_FLUSH
#set `brokerIP1` if you want to set physical IP as broker IP.
brokerIP1=10.10.101.80 #change you own physical IP Address
```
In the case of docker-compose, change the docker-compose.yml like following:
```
version: '2'
services:
namesrv:
image: apacherocketmq/rocketmq:4.5.0
container_name: rmqnamesrv
ports:
- 9876:9876
volumes:
- ./data/namesrv/logs:/home/rocketmq/logs
command: sh mqnamesrv
broker:
image: apacherocketmq/rocketmq:4.5.0
container_name: rmqbroker
ports:
- 10909:10909
- 10911:10911
- 10912:10912
volumes:
- ./data/broker/logs:/home/rocketmq/logs
- ./data/broker/store:/home/rocketmq/store
- ./data/broker/conf/broker.conf:/home/rocketmq/rocketmq-4.5.0/conf/broker.conf
command: sh mqbroker -n namesrv:9876 -c ../conf/broker.conf
depends_on:
- namesrv
```
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
FROM openjdk:8-alpine
RUN apk add --no-cache bash gettext nmap-ncat openssl busybox-extras
ARG user=rocketmq
ARG group=rocketmq
ARG uid=3000
ARG gid=3000
# RocketMQ is run with user `rocketmq`, uid = 3000
# If you bind mount a volume from the host or a data container,
# ensure you use the same uid
RUN addgroup --gid ${gid} ${group} \
&& adduser --uid ${uid} -G ${group} ${user} -s /bin/bash -D
ARG version
# Rocketmq version
ENV ROCKETMQ_VERSION ${version}
# Rocketmq home
ENV ROCKETMQ_HOME /home/rocketmq/rocketmq-${ROCKETMQ_VERSION}
WORKDIR ${ROCKETMQ_HOME}
# Install
RUN set -eux; \
apk add --virtual .build-deps curl gnupg unzip; \
curl -L https://archive.apache.org/dist/rocketmq/${ROCKETMQ_VERSION}/rocketmq-all-${ROCKETMQ_VERSION}-bin-release.zip -o rocketmq.zip; \
curl -L https://archive.apache.org/dist/rocketmq/${ROCKETMQ_VERSION}/rocketmq-all-${ROCKETMQ_VERSION}-bin-release.zip.asc -o rocketmq.zip.asc; \
#https://www.apache.org/dist/rocketmq/KEYS
curl -L https://www.apache.org/dist/rocketmq/KEYS -o KEYS; \
\
gpg --import KEYS; \
gpg --batch --verify rocketmq.zip.asc rocketmq.zip; \
unzip rocketmq.zip; \
mv rocketmq-all*/* . ; \
rmdir rocketmq-all* ; \
rm rocketmq.zip rocketmq.zip.asc KEYS; \
apk del .build-deps ; \
rm -rf /var/cache/apk/* ; \
rm -rf /tmp/*
# Copy customized scripts
COPY scripts/ ${ROCKETMQ_HOME}/bin/
RUN chown -R ${uid}:${gid} ${ROCKETMQ_HOME}
# Expose namesrv port
EXPOSE 9876
# Override customized scripts for namesrv
RUN mv ${ROCKETMQ_HOME}/bin/runserver-customize.sh ${ROCKETMQ_HOME}/bin/runserver.sh \
&& chmod a+x ${ROCKETMQ_HOME}/bin/runserver.sh \
&& chmod a+x ${ROCKETMQ_HOME}/bin/mqnamesrv
# Expose broker ports
EXPOSE 10909 10911 10912
# Override customized scripts for broker
RUN mv ${ROCKETMQ_HOME}/bin/runbroker-customize.sh ${ROCKETMQ_HOME}/bin/runbroker.sh \
&& chmod a+x ${ROCKETMQ_HOME}/bin/runbroker.sh \
&& chmod a+x ${ROCKETMQ_HOME}/bin/mqbroker
# Export Java options
RUN export JAVA_OPT=" -Duser.home=/opt"
# Add ${JAVA_HOME}/lib/ext as java.ext.dirs
RUN sed -i 's/${JAVA_HOME}\/jre\/lib\/ext/${JAVA_HOME}\/jre\/lib\/ext:${JAVA_HOME}\/lib\/ext/' ${ROCKETMQ_HOME}/bin/tools.sh
USER ${user}
WORKDIR ${ROCKETMQ_HOME}/bin
\ No newline at end of file
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
FROM centos:7
RUN yum install -y java-1.8.0-openjdk-devel.x86_64 unzip gettext nmap-ncat openssl, which gnupg, telnet \
&& yum clean all -y
# FROM openjdk:8-jdk
# RUN apt-get update && apt-get install -y --no-install-recommends \
# bash libapr1 unzip telnet wget gnupg ca-certificates \
# && rm -rf /var/lib/apt/lists/*
ARG user=rocketmq
ARG group=rocketmq
ARG uid=3000
ARG gid=3000
# RocketMQ is run with user `rocketmq`, uid = 3000
# If you bind mount a volume from the host or a data container,
# ensure you use the same uid
RUN groupadd -g ${gid} ${group} \
&& useradd -u ${uid} -g ${gid} -m -s /bin/bash ${user}
ARG version
# Rocketmq version
ENV ROCKETMQ_VERSION ${version}
# Rocketmq home
ENV ROCKETMQ_HOME /home/rocketmq/rocketmq-${ROCKETMQ_VERSION}
WORKDIR ${ROCKETMQ_HOME}
RUN set -eux; \
curl -L https://archive.apache.org/dist/rocketmq/${ROCKETMQ_VERSION}/rocketmq-all-${ROCKETMQ_VERSION}-bin-release.zip -o rocketmq.zip; \
curl -L https://archive.apache.org/dist/rocketmq/${ROCKETMQ_VERSION}/rocketmq-all-${ROCKETMQ_VERSION}-bin-release.zip.asc -o rocketmq.zip.asc; \
#https://www.apache.org/dist/rocketmq/KEYS
curl -L https://www.apache.org/dist/rocketmq/KEYS -o KEYS; \
\
gpg --import KEYS; \
gpg --batch --verify rocketmq.zip.asc rocketmq.zip ; \
unzip rocketmq.zip ; \
mv rocketmq-all*/* . ; \
rmdir rocketmq-all* ; \
rm rocketmq.zip rocketmq.zip.asc KEYS
# add scripts
COPY scripts/ ${ROCKETMQ_HOME}/bin/
RUN chown -R ${uid}:${gid} ${ROCKETMQ_HOME}
# expose namesrv port
EXPOSE 9876
# add customized scripts for namesrv
RUN mv ${ROCKETMQ_HOME}/bin/runserver-customize.sh ${ROCKETMQ_HOME}/bin/runserver.sh \
&& chmod a+x ${ROCKETMQ_HOME}/bin/runserver.sh \
&& chmod a+x ${ROCKETMQ_HOME}/bin/mqnamesrv
# expose broker ports
EXPOSE 10909 10911 10912
# add customized scripts for broker
RUN mv ${ROCKETMQ_HOME}/bin/runbroker-customize.sh ${ROCKETMQ_HOME}/bin/runbroker.sh \
&& chmod a+x ${ROCKETMQ_HOME}/bin/runbroker.sh \
&& chmod a+x ${ROCKETMQ_HOME}/bin/mqbroker
# export Java options
RUN export JAVA_OPT=" -Duser.home=/opt"
# Add ${JAVA_HOME}/lib/ext as java.ext.dirs
RUN sed -i 's/${JAVA_HOME}\/jre\/lib\/ext/${JAVA_HOME}\/jre\/lib\/ext:${JAVA_HOME}\/lib\/ext/' ${ROCKETMQ_HOME}/bin/tools.sh
USER ${user}
WORKDIR ${ROCKETMQ_HOME}/bin
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
checkVersion()
{
echo "Version = $1"
echo $1 |grep -E "^[0-9]+\.[0-9]+\.[0-9]+" > /dev/null
if [ $? = 0 ]; then
return 1
fi
echo "Version $1 illegal, it should be X.X.X format(e.g. 4.5.0), please check released versions in 'https://archive.apache.org/dist/rocketmq/'"
exit -1
}
if [ $# -lt 2 ]; then
echo -e "Usage: sh $0 Version BaseImage"
exit -1
fi
ROCKETMQ_VERSION=$1
BASE_IMAGE=$2
checkVersion $ROCKETMQ_VERSION
# Build rocketmq
case "${BASE_IMAGE}" in
alpine)
docker build --no-cache -f Dockerfile-alpine -t apacherocketmq/rocketmq:${ROCKETMQ_VERSION}-alpine --build-arg version=${ROCKETMQ_VERSION} .
;;
centos)
docker build --no-cache -f Dockerfile-centos -t apacherocketmq/rocketmq:${ROCKETMQ_VERSION} --build-arg version=${ROCKETMQ_VERSION} .
;;
*)
echo "${BASE_IMAGE} is not supported, supported base images: centos, alpine"
exit -1
;;
esac
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#===========================================================================================
# Java Environment Setting
#===========================================================================================
error_exit ()
{
echo "ERROR: $1 !!"
exit 1
}
find_java_home()
{
case "`uname`" in
Darwin)
JAVA_HOME=$(/usr/libexec/java_home)
;;
*)
JAVA_HOME=$(dirname $(dirname $(readlink -f $(which javac))))
;;
esac
}
find_java_home
[ ! -e "$JAVA_HOME/bin/java" ] && JAVA_HOME=$HOME/jdk/java
[ ! -e "$JAVA_HOME/bin/java" ] && JAVA_HOME=/usr/java
[ ! -e "$JAVA_HOME/bin/java" ] && error_exit "Please set the JAVA_HOME variable in your environment, We need java(x64)!"
export JAVA_HOME
export JAVA="$JAVA_HOME/bin/java"
export BASE_DIR=$(dirname $0)/..
export CLASSPATH=.:${BASE_DIR}/conf:${CLASSPATH}
#===========================================================================================
# JVM Configuration
#===========================================================================================
calculate_heap_sizes()
{
case "`uname`" in
Linux)
system_memory_in_mb=`free -m| sed -n '2p' | awk '{print $2}'`
system_cpu_cores=`egrep -c 'processor([[:space:]]+):.*' /proc/cpuinfo`
;;
FreeBSD)
system_memory_in_bytes=`sysctl hw.physmem | awk '{print $2}'`
system_memory_in_mb=`expr $system_memory_in_bytes / 1024 / 1024`
system_cpu_cores=`sysctl hw.ncpu | awk '{print $2}'`
;;
SunOS)
system_memory_in_mb=`prtconf | awk '/Memory size:/ {print $3}'`
system_cpu_cores=`psrinfo | wc -l`
;;
Darwin)
system_memory_in_bytes=`sysctl hw.memsize | awk '{print $2}'`
system_memory_in_mb=`expr $system_memory_in_bytes / 1024 / 1024`
system_cpu_cores=`sysctl hw.ncpu | awk '{print $2}'`
;;
*)
# assume reasonable defaults for e.g. a modern desktop or
# cheap server
system_memory_in_mb="2048"
system_cpu_cores="2"
;;
esac
# some systems like the raspberry pi don't report cores, use at least 1
if [ "$system_cpu_cores" -lt "1" ]
then
system_cpu_cores="1"
fi
# set max heap size based on the following
# max(min(1/2 ram, 1024MB), min(1/4 ram, 8GB))
# calculate 1/2 ram and cap to 1024MB
# calculate 1/4 ram and cap to 8192MB
# pick the max
half_system_memory_in_mb=`expr $system_memory_in_mb / 2`
quarter_system_memory_in_mb=`expr $half_system_memory_in_mb / 2`
if [ "$half_system_memory_in_mb" -gt "1024" ]
then
half_system_memory_in_mb="1024"
fi
if [ "$quarter_system_memory_in_mb" -gt "8192" ]
then
quarter_system_memory_in_mb="8192"
fi
if [ "$half_system_memory_in_mb" -gt "$quarter_system_memory_in_mb" ]
then
max_heap_size_in_mb="$half_system_memory_in_mb"
else
max_heap_size_in_mb="$quarter_system_memory_in_mb"
fi
MAX_HEAP_SIZE="${max_heap_size_in_mb}M"
# Young gen: min(max_sensible_per_modern_cpu_core * num_cores, 1/4 * heap size)
max_sensible_yg_per_core_in_mb="100"
max_sensible_yg_in_mb=`expr $max_sensible_yg_per_core_in_mb "*" $system_cpu_cores`
desired_yg_in_mb=`expr $max_heap_size_in_mb / 4`
if [ "$desired_yg_in_mb" -gt "$max_sensible_yg_in_mb" ]
then
HEAP_NEWSIZE="${max_sensible_yg_in_mb}M"
else
HEAP_NEWSIZE="${desired_yg_in_mb}M"
fi
}
calculate_heap_sizes
# Dynamically calculate parameters, for reference.
Xms=$MAX_HEAP_SIZE
Xmx=$MAX_HEAP_SIZE
Xmn=$HEAP_NEWSIZE
MaxDirectMemorySize=$MAX_HEAP_SIZE
# Set for `JAVA_OPT`.
JAVA_OPT="${JAVA_OPT} -server -Xms${Xms} -Xmx${Xmx} -Xmn${Xmn}"
JAVA_OPT="${JAVA_OPT} -XX:+UseG1GC -XX:G1HeapRegionSize=16m -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -XX:SoftRefLRUPolicyMSPerMB=0 -XX:SurvivorRatio=8"
JAVA_OPT="${JAVA_OPT} -verbose:gc -Xloggc:/dev/shm/mq_gc_%p.log -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintGCApplicationStoppedTime -XX:+PrintAdaptiveSizePolicy"
JAVA_OPT="${JAVA_OPT} -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=5 -XX:GCLogFileSize=30m"
JAVA_OPT="${JAVA_OPT} -XX:-OmitStackTraceInFastThrow"
JAVA_OPT="${JAVA_OPT} -XX:+AlwaysPreTouch"
JAVA_OPT="${JAVA_OPT} -XX:MaxDirectMemorySize=${MaxDirectMemorySize}"
JAVA_OPT="${JAVA_OPT} -XX:-UseLargePages -XX:-UseBiasedLocking"
JAVA_OPT="${JAVA_OPT} -Djava.ext.dirs=${JAVA_HOME}/jre/lib/ext:${BASE_DIR}/lib"
#JAVA_OPT="${JAVA_OPT} -Xdebug -Xrunjdwp:transport=dt_socket,address=9555,server=y,suspend=n"
JAVA_OPT="${JAVA_OPT} ${JAVA_OPT_EXT}"
JAVA_OPT="${JAVA_OPT} -cp ${CLASSPATH}"
numactl --interleave=all pwd > /dev/null 2>&1
if [ $? -eq 0 ]
then
if [ -z "$RMQ_NUMA_NODE" ] ; then
numactl --interleave=all $JAVA ${JAVA_OPT} $@
else
numactl --cpunodebind=$RMQ_NUMA_NODE --membind=$RMQ_NUMA_NODE $JAVA ${JAVA_OPT} $@
fi
else
$JAVA ${JAVA_OPT} $@
fi
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#===========================================================================================
# Java Environment Setting
#===========================================================================================
error_exit ()
{
echo "ERROR: $1 !!"
exit 1
}
find_java_home()
{
case "`uname`" in
Darwin)
JAVA_HOME=$(/usr/libexec/java_home)
;;
*)
JAVA_HOME=$(dirname $(dirname $(readlink -f $(which javac))))
;;
esac
}
find_java_home
[ ! -e "$JAVA_HOME/bin/java" ] && JAVA_HOME=$HOME/jdk/java
[ ! -e "$JAVA_HOME/bin/java" ] && JAVA_HOME=/usr/java
[ ! -e "$JAVA_HOME/bin/java" ] && error_exit "Please set the JAVA_HOME variable in your environment, We need java(x64)!"
export JAVA_HOME
export JAVA="$JAVA_HOME/bin/java"
export BASE_DIR=$(dirname $0)/..
export CLASSPATH=.:${BASE_DIR}/conf:${CLASSPATH}
#===========================================================================================
# JVM Configuration
#===========================================================================================
calculate_heap_sizes()
{
case "`uname`" in
Linux)
system_memory_in_mb=`free -m| sed -n '2p' | awk '{print $2}'`
system_cpu_cores=`egrep -c 'processor([[:space:]]+):.*' /proc/cpuinfo`
;;
FreeBSD)
system_memory_in_bytes=`sysctl hw.physmem | awk '{print $2}'`
system_memory_in_mb=`expr $system_memory_in_bytes / 1024 / 1024`
system_cpu_cores=`sysctl hw.ncpu | awk '{print $2}'`
;;
SunOS)
system_memory_in_mb=`prtconf | awk '/Memory size:/ {print $3}'`
system_cpu_cores=`psrinfo | wc -l`
;;
Darwin)
system_memory_in_bytes=`sysctl hw.memsize | awk '{print $2}'`
system_memory_in_mb=`expr $system_memory_in_bytes / 1024 / 1024`
system_cpu_cores=`sysctl hw.ncpu | awk '{print $2}'`
;;
*)
# assume reasonable defaults for e.g. a modern desktop or
# cheap server
system_memory_in_mb="2048"
system_cpu_cores="2"
;;
esac
# some systems like the raspberry pi don't report cores, use at least 1
if [ "$system_cpu_cores" -lt "1" ]
then
system_cpu_cores="1"
fi
# set max heap size based on the following
# max(min(1/2 ram, 1024MB), min(1/4 ram, 8GB))
# calculate 1/2 ram and cap to 1024MB
# calculate 1/4 ram and cap to 8192MB
# pick the max
half_system_memory_in_mb=`expr $system_memory_in_mb / 2`
quarter_system_memory_in_mb=`expr $half_system_memory_in_mb / 2`
if [ "$half_system_memory_in_mb" -gt "1024" ]
then
half_system_memory_in_mb="1024"
fi
if [ "$quarter_system_memory_in_mb" -gt "8192" ]
then
quarter_system_memory_in_mb="8192"
fi
if [ "$half_system_memory_in_mb" -gt "$quarter_system_memory_in_mb" ]
then
max_heap_size_in_mb="$half_system_memory_in_mb"
else
max_heap_size_in_mb="$quarter_system_memory_in_mb"
fi
MAX_HEAP_SIZE="${max_heap_size_in_mb}M"
# Young gen: min(max_sensible_per_modern_cpu_core * num_cores, 1/4 * heap size)
max_sensible_yg_per_core_in_mb="100"
max_sensible_yg_in_mb=`expr $max_sensible_yg_per_core_in_mb "*" $system_cpu_cores`
desired_yg_in_mb=`expr $max_heap_size_in_mb / 4`
if [ "$desired_yg_in_mb" -gt "$max_sensible_yg_in_mb" ]
then
HEAP_NEWSIZE="${max_sensible_yg_in_mb}M"
else
HEAP_NEWSIZE="${desired_yg_in_mb}M"
fi
}
calculate_heap_sizes
# Dynamically calculate parameters, for reference.
Xms=$MAX_HEAP_SIZE
Xmx=$MAX_HEAP_SIZE
Xmn=$HEAP_NEWSIZE
# Set for `JAVA_OPT`.
JAVA_OPT="${JAVA_OPT} -server -Xms${Xms} -Xmx${Xmx} -Xmn${Xmn}"
JAVA_OPT="${JAVA_OPT} -XX:+UseConcMarkSweepGC -XX:+UseCMSCompactAtFullCollection -XX:CMSInitiatingOccupancyFraction=70 -XX:+CMSParallelRemarkEnabled -XX:SoftRefLRUPolicyMSPerMB=0 -XX:+CMSClassUnloadingEnabled -XX:SurvivorRatio=8 -XX:-UseParNewGC"
JAVA_OPT="${JAVA_OPT} -verbose:gc -Xloggc:/dev/shm/rmq_srv_gc.log -XX:+PrintGCDetails"
JAVA_OPT="${JAVA_OPT} -XX:-OmitStackTraceInFastThrow"
JAVA_OPT="${JAVA_OPT} -XX:-UseLargePages"
JAVA_OPT="${JAVA_OPT} -Djava.ext.dirs=${JAVA_HOME}/jre/lib/ext:${BASE_DIR}/lib"
#JAVA_OPT="${JAVA_OPT} -Xdebug -Xrunjdwp:transport=dt_socket,address=9555,server=y,suspend=n"
JAVA_OPT="${JAVA_OPT} ${JAVA_OPT_EXT}"
JAVA_OPT="${JAVA_OPT} -cp ${CLASSPATH}"
$JAVA ${JAVA_OPT} $@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
checkVersion()
{
echo "Version = $1"
echo $1 |grep -E "^[0-9]+\.[0-9]+\.[0-9]+" > /dev/null
if [ $? = 0 ]; then
return 0
fi
echo "Version $1 illegal, it should be X.X.X format(e.g. 4.5.0), please check released versions in 'https://archive.apache.org/dist/rocketmq/'"
exit -1
}
set -eu;
# Update the image of the latest released version
LATEST_VERSION=$(curl -s https://archive.apache.org/dist/rocketmq/ | awk -F '>' '{print $3}' | awk -F '/' '{print $1}' | grep '^[0-9]' | sort | tail -1)
checkVersion ${LATEST_VERSION}
baseImages=("alpine" "centos")
for baseImage in ${baseImages[@]}
do
echo "Building image of version ${LATEST_VERSION}, base-image ${baseImage}"
bash build-image.sh ${LATEST_VERSION} ${baseImage}
if [ "${baseImage}" = "centos" ];then
TAG=${LATEST_VERSION}
else
TAG=${LATEST_VERSION}-${baseImage}
fi
docker push apacherocketmq/rocketmq:${TAG}
done
# Config Reference of RocketMQ Docker in production
## Background
This is a simple instructions for how to use a persistent storage and configuration information in a production environment to deploy a NameServer cluster and a master-slave broker cluster under distributed network nodes.
Note: Here only contains the configuration and startup Docker containers, without mentioning the container's monitoring and management, the container machine's DNS configuration, message distribution and reliability storage details. This part needs to depend on the advanced deployment capabilities related to RocketMQ-Operator in conjunction with the capabilities of Kubernetes.
## Steps to deploy and run docker containers
1. Determine the IP and DNS information of the host (physical or virtual machine) to be deployed with NameServer or Broker, the storage file location in the hosted node, and ensure that the relevant ports (9876, 10911, 10912, 10909) are not occupied.
2. Prepare the configuration file used by the broker, select the reference configuration file according to the requirements of the Cluster, and modify the necessary attribute parameters in the file.
3. Call the docker container startup script, set the docker parameters, and start the container (look for the RocketMQ image version from [here]())
4. Verify the container startup status
## Directory Structure
product /
​ | - conf / (Several typical cluster configuration references )
​ | - start-ns.sh (Shell script for starting a name-server container, which is called once for each name-server container on different node)
​ | - start-broker.sh (Shell script for starting a broker container, which is called once for creating different broker cluster member on different node)
| - README.md
| - README_cn.md
## Use Case
How to config a 2m-2s-async cluster in Docker style.
### Startup nameserver cluster
Note: You can skip this step if you use an existing nameserver cluster
1. Confirm the host machine where the nameserver is to be deployed and copy the product directory into the host. Determine the directory (DATA_HOME) where the container persistences content (logs/storage) on the host, as well as the RocketMQ image version (ROCKETMQ_VERSION) and base image alpine or centos (BASE_IMAGE)
2. Run the script start-ns.sh, for example:
```
sh start-ns.sh /home/nameserver/data 4.5.0 alpine
```
3. Repeat above steps if there are multiple nameservers in the cluster.
### Startup broker cluster
1. Confirm the NameServer Cluster address. (fomart e.g. "ns1:9876;ns2:9876;...")
2. Confirm the host machine where the broker-a master is to be deployed,determine the directory (DATA_HOME) where the container persistence content (logs/storage) exists on the host, e.g. DATA_HOME is set as /home/broker/data/; then you need to copy the reference config file conf/2m-2s-async/broker-a.properties as /home/broker/data/conf/2m-2s-async/broker-a.properties in the host.
Change file broker-a.properties and make the property 'brokerIP1' value as the dns-hostname(Precautions #3) of the host.
3. Confirm the ROCKETMQ_VERSION (e.g. 4.5.0), start broker with shell script start-broker.sh through the following command:
```
sh start-broker.sh /home/broker/data 4.5.0 "ns1:9876;ns2:9876" conf/2m-2s-async/broker-a.properties alpine
```
4. Check if the broker container is start up correctly (Note:The dir DATA_HOME in host needs to open read/write permissions for the rocketmq user in the container, Precautions #1)
5. Confirm the host machine where the broker-a slave is to be deployed,determine the directory (DATA_HOME) where the container persistences content (logs/storage) on the host, e.g. DATA_HOME is set as /home/broker/data/; then you need to copy the reference config file conf/2m-2s-async/broker-a-s.properties as /home/broker/data/conf/2m-2s-async/broker-a-s.properties in the host.
Change file broker-a-s.properties and the proeprty 'brokerIP1' valueas the dns-hostname of the host.
6. Confirm the ROCKETMQ_VERSION,start slave broker with shell script start-broker.sh:
```
sh start-broker.sh /home/broker/data 4.5.0 "ns1:9876;ns2:9876" conf/2m-2s-async/broker-a-s.properties alpine
```
7. Check if the broker container is start up correctly.
8. Repeat above steps to create master and slave broker docker containers.
## Precautions
1. Ensure the DATA_HOME directory r/w permissions
The broker container needs to write data that needs to be persisted in the DATA_HOME directory of the host, these data include operation logs and message storage files. It is required to open the permissions in the DATA_HOME directory to ensure that the relevant files can be written when the broker is started and running.
A case: After starting the broker, the broker automatically quits after a period of time, without any log writes, this may be due to the container does not write DATA_HOME / logs directory permissions.
2. Declare the external map port in the script (start-broker.sh, start-ns.sh)
The default mapping ports have been defined in the relevant script. If the user has special requirements (such as a port is already occupied by other applications), you need to modify the shell script to define a new port mapping.
3. Recommended to use DNS to configure the broker and name-server address.
The broker running in the docker container uses the property brokerIP1 to specify the address of the host it is on, and register/publish this address in the NameServer so that the RocketMQ client can obtain externally available broker addresses through the NameServer. When specifying the brokerIP1 property value, a good practice is to use dns- Hostname (instead of the direct IP address), so that when a large-scale broker changes or ip address migration, it will not affect the deployed containers.
\ No newline at end of file
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
brokerClusterName=DefaultCluster
brokerName=broker-a
brokerId=1
deleteWhen=04
fileReservedTime=48
brokerRole=SLAVE
flushDiskType=ASYNC_FLUSH
#Slave host dns-name/ip
brokerIP1=REPLACE_IT
#with Master's BroperIP1
brokerIP2=REPLACE_IT
#with Master's haListenPort, default 10912
#haListenPort=10912
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
brokerClusterName=DefaultCluster
brokerName=broker-a
brokerId=0
deleteWhen=04
fileReservedTime=48
brokerRole=ASYNC_MASTER
flushDiskType=ASYNC_FLUSH
# Host node's dns-name or ip
brokerIP1=REPLACE_IT
# Optional config different value rather than default ports.
# Caution: changing default ports need to update port mapping setting (-p) in start-broker.sh
#listenPort=10911
#haListenPort=10912
\ No newline at end of file
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
brokerClusterName=DefaultCluster
brokerName=broker-b
brokerId=1
deleteWhen=04
fileReservedTime=48
brokerRole=SLAVE
flushDiskType=ASYNC_FLUSH
#Slave host dns-name/ip
brokerIP1=REPLACE_IT
#with Master's BroperIP1
brokerIP2=REPLACE_IT
# with Master's haListenPort, default 10912
#haListenPort=10912
\ No newline at end of file
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
brokerClusterName=DefaultCluster
brokerName=broker-b
brokerId=0
deleteWhen=04
fileReservedTime=48
brokerRole=ASYNC_MASTER
flushDiskType=ASYNC_FLUSH
# Host node's dns-name or ip
brokerIP1=REPLACE_IT
# Optional config different value rather than default ports.
# Caution: changing default ports need to update port mapping setting (-p) in start-broker.sh
#listenPort=10911
#haListenPort=10912
\ No newline at end of file
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
brokerClusterName=DefaultCluster
brokerName=broker-a
brokerId=1
deleteWhen=04
fileReservedTime=48
brokerRole=SLAVE
flushDiskType=ASYNC_FLUSH
#Slave host dns-name/ip
brokerIP1=REPLACE_IT
#with Master's BroperIP1
brokerIP2=REPLACE_IT
#with Master's haListenPort, default 10912
#haListenPort=10912
\ No newline at end of file
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
brokerClusterName=DefaultCluster
brokerName=broker-a
brokerId=0
deleteWhen=04
fileReservedTime=48
brokerRole=SYNC_MASTER
flushDiskType=ASYNC_FLUSH
# Host node's dns-name or ip
brokerIP1=REPLACE_IT
# Optional config different value rather than default ports.
# Caution: changing default ports need to update port mapping setting (-p) in start-broker.sh
#listenPort=10911
#haListenPort=10912
\ No newline at end of file
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
brokerClusterName=DefaultCluster
brokerName=broker-b
brokerId=1
deleteWhen=04
fileReservedTime=48
brokerRole=SLAVE
flushDiskType=ASYNC_FLUSH
#Slave host dns-name/ip
brokerIP1=REPLACE_IT
#with Master's BroperIP1
brokerIP2=REPLACE_IT
# with Master's haListenPort, default 10912
#haListenPort=10912
\ No newline at end of file
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
brokerClusterName=DefaultCluster
brokerName=broker-b
brokerId=0
deleteWhen=04
fileReservedTime=48
brokerRole=SYNC_MASTER
flushDiskType=ASYNC_FLUSH
# Host node's dns-name or ip
brokerIP1=REPLACE_IT
# Optional config different value rather than default ports.
# Caution: changing default ports need to update port mapping setting (-p) in start-broker.sh
#listenPort=10911
#haListenPort=10912
\ No newline at end of file
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
brokerClusterName=DefaultCluster
brokerName=broker-a
brokerId=0
deleteWhen=04
fileReservedTime=48
brokerRole=ASYNC_MASTER
flushDiskType=ASYNC_FLUSH
# Host node's dns-name or ip
brokerIP1=REPLACE_IT
# Optional config different value rather than default ports.
# Caution: changing default ports need to update port mapping setting (-p) in start-broker.sh
#listenPort=10911
\ No newline at end of file
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
brokerClusterName=DefaultCluster
brokerName=broker-b
brokerId=0
deleteWhen=04
fileReservedTime=48
brokerRole=ASYNC_MASTER
flushDiskType=ASYNC_FLUSH
# Host node's dns-name or ip
brokerIP1=REPLACE_IT
# Optional config different value rather than default ports.
# Caution: changing default ports need to update port mapping setting (-p) in start-broker.sh
#listenPort=10911
#haListenPort=10912
\ No newline at end of file
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
brokerClusterName=DefaultCluster
brokerName=broker-trace
brokerId=0
deleteWhen=04
fileReservedTime=48
brokerRole=ASYNC_MASTER
flushDiskType=ASYNC_FLUSH
# Host node's dns-name or ip
brokerIP1=REPLACE_IT
# Optional config different value rather than default ports.
# Caution: changing default ports need to update port mapping setting (-p) in start-broker.sh
#listenPort=10911
\ No newline at end of file
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
brokerClusterName = DefaultCluster
brokerName = broker-b
brokerId = 0
deleteWhen = 04
fileReservedTime = 48
brokerRole = ASYNC_MASTER
flushDiskType = ASYNC_FLUSH
# Set self-defined brokerIP address (e.g. the host node's)
#brokerIP1=30.25.90.82
#!/bin/sh
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## Main
if [ $# -lt 4 ]; then
echo "Usage: sh $0 DATA_HOME ROCKETMQ_VERSION NAMESRV_ADDR CONF_FILE"
exit -1
fi
DATA_HOME=$1
ROCKETMQ_VERSION=$2
NAMESRV_ADDR=$3
CONF_FILE=$4
BASE_IMAGE=$5
## Show Env Setting
echo "ENV Setting: "
echo " DATA_HOME=${DATA_HOME} ROCKETMQ_VERSION=${ROCKETMQ_VERSION}"
echo " NAMESRV_ADDR=${NAMESRV_ADDR}"
echo " CONF_FILE=${CONF_FILE}"
## Check config file existing
if [ ! -f "${DATA_HOME}/conf/${CONF_FILE}" ]; then
echo "You must ensure the broker config file [${DATA_HOME}/conf/${CONF_FILE}] is pre-defined!!!"
exit -1
fi
# Start Broker
start_broker()
{
TAG_SUFFIX=$1
docker run -d -v ${DATA_HOME}/logs:/home/rocketmq/logs -v ${DATA_HOME}/store:/home/rocketmq/store \
-v ${DATA_HOME}/conf:/home/rocketmq/conf \
--name rmqbroker \
-e "NAMESRV_ADDR=${NAMESRV_ADDR}" \
-p 10911:10911 -p 10912:10912 -p 10909:10909 \
apacherocketmq/rocketmq:${ROCKETMQ_VERSION}${TAG_SUFFIX} \
sh mqbroker -c /home/rocketmq/conf/${CONF_FILE}
}
case "${BASE_IMAGE}" in
alpine)
start_broker -alpine
;;
centos)
start_broker
;;
*)
echo "${BASE_IMAGE} is not supported, supported base images: centos, alpine"
exit -1
;;
esac
\ No newline at end of file
#!/bin/sh
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## Main
if [ $# -lt 3 ]; then
echo "Usage: sh $0 DATA_HOME ROCKETMQ_VERSION BASE_IMAGE"
exit -1
fi
DATA_HOME=$1
ROCKETMQ_VERSION=$2
BASE_IMAGE=$3
## Show Env Setting
echo "ENV Setting: "
echo "DATA_HOME=${DATA_HOME} ROCKETMQ_VERSION=${ROCKETMQ_VERSION}"
# Start nameserver
start_namesrv()
{
TAG_SUFFIX=$1
docker run -d -v ${DATA_HOME}/logs:/home/rocketmq/logs \
--name rmqnamesrv \
-p 9876:9876 \
apacherocketmq/rocketmq:${ROCKETMQ_VERSION}${TAG_SUFFIX} \
sh mqnamesrv
}
case "${BASE_IMAGE}" in
alpine)
start_namesrv -alpine
;;
centos)
start_namesrv
;;
*)
echo "${BASE_IMAGE} is not supported, supported base images: centos, alpine"
exit -1
;;
esac
\ No newline at end of file
#!/bin/sh
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
checkVersion()
{
echo "Stage version = $1"
echo $1 |grep -E "^[0-9]+\.[0-9]+\.[0-9]+" > /dev/null
if [ $? = 0 ]; then
return 1
fi
echo "Version $1 illegal, it should be X.X.X format(e.g. 4.5.0), please check released versions in 'https://archive.apache.org/dist/rocketmq/'"
return 0
}
CURRENT_DIR="$(cd "$(dirname "$0")"; pwd)"
[ ! -d "$STAGE_DIR" ] && STAGE_DIR=$CURRENT_DIR/stages
mkdir -p $STAGE_DIR
if [ $# -lt 1 ]; then
echo "Usage: sh $0 version"
exit -1
fi
version=$1
checkVersion $version
if [ $? = 0 ]; then
exit -1
fi
echo "mkdir $STAGE_DIR/$version"
mkdir -p "$STAGE_DIR/$version"
cp -rf "$CURRENT_DIR/templates/" "$STAGE_DIR/$version"
echo "staged templates into folder $STAGE_DIR/$version"
# Replace string "ROCKETMQ_VERSION" with real version in all files under $STAGE_DIR/$version
find "$STAGE_DIR/$version" -type f | xargs perl -pi -e "s/ROCKETMQ_VERSION/${version}/g"
\ No newline at end of file
brokerClusterName = DefaultCluster
brokerName = broker-abc
brokerId = 0
deleteWhen = 04
fileReservedTime = 48
brokerRole = ASYNC_MASTER
flushDiskType = ASYNC_FLUSH
brokerIP1 = 30.25.90.30
brokerClusterName = DefaultCluster
brokerName = broker-abc1
brokerId = 1
deleteWhen = 04
fileReservedTime = 48
brokerRole = ASYNC_MASTER
flushDiskType = ASYNC_FLUSH
brokerIP1 = m30
listenPort = 10921
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
brokerClusterName = RaftCluster
brokerName=RaftNode00
listenPort=30911
#namesrvAddr=127.0.0.1:9876
storePathRootDir=/tmp/rmqstore/node00
storePathCommitLog=/tmp/rmqstore/node00/commitlog
enableDLegerCommitLog=true
dLegerGroup=RaftNode00
dLegerPeers=n0-172.18.0.12:40911;n1-172.18.0.13:40912;n2-172.18.0.14:40913
## must be unique
dLegerSelfId=n0
sendMessageThreadPoolNums=16
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
brokerClusterName = RaftCluster
brokerName=RaftNode01
listenPort=30911
#namesrvAddr=127.0.0.1:9876
storePathRootDir=/tmp/rmqstore/node00
storePathCommitLog=/tmp/rmqstore/node00/commitlog
enableDLegerCommitLog=true
dLegerGroup=RaftNode00
dLegerPeers=n0-172.18.0.12:40911;n1-172.18.0.13:40912;n2-172.18.0.14:40913
## must be unique
dLegerSelfId=n1
sendMessageThreadPoolNums=16
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
brokerClusterName = RaftCluster
brokerName=RaftNode02
listenPort=30911
#namesrvAddr=127.0.0.1:9876
storePathRootDir=/tmp/rmqstore/node00
storePathCommitLog=/tmp/rmqstore/node00/commitlog
enableDLegerCommitLog=true
dLegerGroup=RaftNode00
dLegerPeers=n0-172.18.0.12:40911;n1-172.18.0.13:40912;n2-172.18.0.14:40913
## must be unique
dLegerSelfId=n2
sendMessageThreadPoolNums=16
brokerClusterName = DefaultCluster
brokerName = broker-a
brokerId = 0
deleteWhen = 04
fileReservedTime = 48
brokerRole = ASYNC_MASTER
flushDiskType = ASYNC_FLUSH
brokerClusterName = DefaultCluster
brokerName = broker-b
brokerId = 0
deleteWhen = 04
fileReservedTime = 48
brokerRole = ASYNC_MASTER
flushDiskType = ASYNC_FLUSH
version: '2'
services:
#Service for nameserver
namesrv:
image: apacherocketmq/rocketmq:ROCKETMQ_VERSION
container_name: rmqnamesrv
ports:
- 9876:9876
volumes:
- ./data/namesrv/logs:/home/rocketmq/logs
command: sh mqnamesrv
#Service for broker
broker:
image: apacherocketmq/rocketmq:ROCKETMQ_VERSION
container_name: rmqbroker
links:
- namesrv
ports:
- 10909:10909
- 10911:10911
- 10912:10912
environment:
- NAMESRV_ADDR=namesrv:9876
volumes:
- ./data/broker/logs:/home/rocketmq/logs
- ./data/broker/store:/home/rocketmq/store
- ./data/broker/conf/broker.conf:/opt/rocketmq-ROCKETMQ_VERSION/conf/broker.conf
command: sh mqbroker -c /opt/rocketmq-ROCKETMQ_VERSION/conf/broker.conf
#Service for another broker -- broker1
broker1:
image: apacherocketmq/rocketmq:ROCKETMQ_VERSION
container_name: rmqbroker-b
links:
- namesrv
ports:
- 10929:10909
- 10931:10911
- 10932:10912
environment:
- NAMESRV_ADDR=namesrv:9876
volumes:
- ./data1/broker/logs:/home/rocketmq/logs
- ./data1/broker/store:/home/rocketmq/store
- ./data1/broker/conf/broker.conf:/opt/rocketmq-ROCKETMQ_VERSION/conf/broker.conf
command: sh mqbroker -c /opt/rocketmq-ROCKETMQ_VERSION/conf/broker.conf
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: rocketmq
spec:
replicas: 1
template:
metadata:
labels:
app: rocketmq
spec:
containers:
- name: broker
image: apacherocketmq/rocketmq:ROCKETMQ_VERSION
command: ["sh","mqbroker", "-n","localhost:9876"]
imagePullPolicy: IfNotPresent
ports:
- containerPort: 10909
- containerPort: 10911
volumeMounts:
- mountPath: /home/rocketmq/logs
name: brokeroptlogs
- mountPath: /home/rocketmq/store
name: brokeroptstore
- name: namesrv
image: apacherocketmq/rocketmq:ROCKETMQ_VERSION
command: ["sh","mqnamesrv"]
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9876
volumeMounts:
- mountPath: /home/rocketmq/logs
name: namesrvoptlogs
volumes:
- name: brokeroptlogs
hostPath:
path: /data/broker/logs
- name: brokeroptstore
hostPath:
path: /data/broker/store
- name: namesrvoptlogs
hostPath:
path: /data/namesrv/logs
- name: namesrvoptstore
hostPath:
path: /data/namesrv/store
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: rocketmq-ns-deployment
spec:
replicas: 1
selector:
matchLabels:
app: rocketmq-nameserver
name: rocketmq-nameserver
template:
metadata:
labels:
app: rocketmq-nameserver
name: rocketmq-nameserver
spec:
containers:
- name: rocketmq-nameserver
image: apacherocketmq/rocketmq:ROCKETMQ_VERSION
command: ["sh","mqnamesrv"]
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9876
volumeMounts:
- mountPath: /home/rocketmq/logs
name: namesrvlogs
volumes:
- name: namesrvlogs
emptyDir: {}
- name: namesrvstore
emptyDir: {}
---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: rocketmq-broker-deployment
spec:
replicas: 1
selector:
matchLabels:
app: rocketmq-broker
name: rocketmq-broker
template:
metadata:
labels:
app: rocketmq-broker
name: rocketmq-broker
spec:
containers:
- name: rocketmq-broker
image: apacherocketmq/rocketmq:ROCKETMQ_VERSION
command: ["sh","mqbroker", "-n","rocketmq-ns-deployment:9876"]
imagePullPolicy: IfNotPresent
ports:
- containerPort: 10909
- containerPort: 10911
volumeMounts:
- mountPath: /home/rocketmq/logs
name: brokerlogs
- mountPath: /home/rocketmq/store
name: brokerstore
volumes:
- name: brokerlogs
emptyDir: {}
- name: brokerstore
emptyDir: {}
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Consume messages
docker exec -ti rmqbroker sh ./tools.sh org.apache.rocketmq.example.quickstart.Consumer
\ No newline at end of file
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
RMQ_CONTAINER=$(docker ps -a|awk '/rmq/ {print $1}')
if [[ -n "$RMQ_CONTAINER" ]]; then
echo "Removing RocketMQ Container..."
docker rm -fv $RMQ_CONTAINER
# Wait till the existing containers are removed
sleep 5
fi
prepare_dir()
{
dirs=("docker-compose/data/namesrv/logs" "docker-compose/data/broker/logs" "docker-compose/data/broker/store" "docker-compose/data1/broker/logs" "docker-compose/data1/broker/store")
for dir in ${dirs[@]}
do
if [ ! -d "`pwd`/${dir}" ]; then
mkdir -p "`pwd`/${dir}"
chmod a+rw "`pwd`/${dir}"
fi
done
}
prepare_dir
# Run nameserver and broker
docker-compose -f ./docker-compose/docker-compose.yml up -d
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
RMQ_CONTAINER=$(docker ps -a|awk '/rmq/ {print $1}')
if [[ -n "$RMQ_CONTAINER" ]]; then
echo "Removing RocketMQ Container..."
docker rm -fv $RMQ_CONTAINER
# Wait till the existing containers are removed
sleep 5
fi
DLEDGER_NET=$(docker network ls |awk '/dledger-br/ {print $1}')
if [[ -n "$DLEDGER_NET" ]]; then
echo "Removing DLedger Bridge network..."
docker network rm $DLEDGER_NET
# Wait till the existing networks are removed
sleep 5
fi
prepare_dir()
{
dirs=("data/namesrv/logs" "data/broker0/logs" "data/broker0/store" "data/broker1/logs" "data/broker1/store" "data/broker2/logs" "data/broker2/store")
for dir in ${dirs[@]}
do
if [ ! -d "`pwd`/${dir}" ]; then
mkdir -p "`pwd`/${dir}"
chmod a+rw "`pwd`/${dir}"
fi
done
}
prepare_dir
echo "Starting RocketMQ nodes..."
# Create network
docker network create --subnet=172.18.0.0/16 dledger-br
# Start nameserver
docker run --net dledger-br --ip 172.18.0.11 -d -p 9876:9876 -v `pwd`/data/namesrv/logs:/home/rocketmq/logs --name rmqnamesrv apacherocketmq/rocketmq:ROCKETMQ_VERSION sh mqnamesrv
# Start Brokers
docker run --net dledger-br --ip 172.18.0.12 -d -p 30911:30911 -p 30909:30909 -v `pwd`/data/broker0/logs:/home/rocketmq/logs -v `pwd`/data/broker0/store:/home/rocketmq/store -v `pwd`/data/broker0/conf/dledger:/opt/rocketmq-ROCKETMQ_VERSION/conf/dledger --name rmqbroker --link rmqnamesrv:namesrv -e "NAMESRV_ADDR=namesrv:9876" apacherocketmq/rocketmq:ROCKETMQ_VERSION sh mqbroker -c ../conf/dledger/broker.conf
docker run --net dledger-br --ip 172.18.0.13 -d -p 30921:30921 -p 30919:30919 -v `pwd`/data/broker1/logs:/home/rocketmq/logs -v `pwd`/data/broker1/store:/home/rocketmq/store -v `pwd`/data/broker1/conf/dledger:/opt/rocketmq-ROCKETMQ_VERSION/conf/dledger --name rmqbroker1 --link rmqnamesrv:namesrv -e "NAMESRV_ADDR=namesrv:9876" apacherocketmq/rocketmq:ROCKETMQ_VERSION sh mqbroker -c ../conf/dledger/broker.conf
docker run --net dledger-br --ip 172.18.0.14 -d -p 30931:30931 -p 30929:30929 -v `pwd`/data/broker2/logs:/home/rocketmq/logs -v `pwd`/data/broker2/store:/home/rocketmq/store -v `pwd`/data/broker2/conf/dledger:/opt/rocketmq-ROCKETMQ_VERSION/conf/dledger --name rmqbroker2 --link rmqnamesrv:namesrv -e "NAMESRV_ADDR=namesrv:9876" apacherocketmq/rocketmq:ROCKETMQ_VERSION sh mqbroker -c ../conf/dledger/broker.conf
# Service unavailable when not ready
# sleep 20
# Produce messages
# sh ./play-producer.sh
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
RMQ_CONTAINER=$(docker ps -a|awk '/rmq/ {print $1}')
if [[ -n "$RMQ_CONTAINER" ]]; then
echo "Removing RocketMQ Container..."
docker rm -fv $RMQ_CONTAINER
# Wait till the existing containers are removed
sleep 5
fi
prepare_dir()
{
dirs=("data/namesrv/logs" "data/broker/logs" "data/broker/store")
for dir in ${dirs[@]}
do
if [ ! -d "`pwd`/${dir}" ]; then
mkdir -p "`pwd`/${dir}"
chmod a+rw "`pwd`/${dir}"
fi
done
}
prepare_dir
echo "Starting RocketMQ nodes..."
# Start nameserver
docker run -d -v `pwd`/ssl:/home/rocketmq/ssl -v `pwd`/data/namesrv/logs:/home/rocketmq/logs --name rmqnamesrv -e "JAVA_OPT=-Dtls.test.mode.enable=false -Dtls.config.file=/home/rocketmq/ssl/ssl.properties -Dtls.test.mode.enable=false -Dtls.server.need.client.auth=required" apacherocketmq/rocketmq:ROCKETMQ_VERSION sh mqnamesrv
# Start Broker
docker run -d -v `pwd`/ssl:/home/rocketmq/ssl -v `pwd`/data/broker/logs:/home/rocketmq/logs -v `pwd`/data/broker/store:/home/rocketmq/store --name rmqbroker --link rmqnamesrv:namesrv -e "NAMESRV_ADDR=namesrv:9876" -e "JAVA_OPT=-Dtls.enable=true -Dtls.client.authServer=true -Dtls.test.mode.enable=false -Dtls.config.file=/home/rocketmq/ssl/ssl.properties -Dtls.test.mode.enable=false -Dtls.server.mode=enforcing -Dtls.server.need.client.auth=required" apacherocketmq/rocketmq:ROCKETMQ_VERSION sh mqbroker
# Service unavailable when not ready
# sleep 20
# Produce messages
# sh ./play-producer.sh
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
start_namesrv_broker()
{
TAG_SUFFIX=$1
# Start nameserver
docker run -d -v `pwd`/data/namesrv/logs:/home/rocketmq/logs --name rmqnamesrv -p 9876:9876 apacherocketmq/rocketmq:ROCKETMQ_VERSION${TAG_SUFFIX} sh mqnamesrv
# Start Broker
docker run -d -v `pwd`/data/broker/logs:/home/rocketmq/logs -v `pwd`/data/broker/store:/home/rocketmq/store --name rmqbroker --link rmqnamesrv:namesrv -e "NAMESRV_ADDR=namesrv:9876" -p 10909:10909 -p 10911:10911 -p 10912:10912 apacherocketmq/rocketmq:ROCKETMQ_VERSION${TAG_SUFFIX} sh mqbroker
}
if [ $# -lt 1 ]; then
echo -e "Usage: sh $0 BaseImage"
exit -1
fi
export BASE_IMAGE=$1
echo "Play RocketMQ docker image of tag ROCKETMQ_VERSION-${BASE_IMAGE}"
RMQ_CONTAINER=$(docker ps -a|awk '/rmq/ {print $1}')
if [[ -n "$RMQ_CONTAINER" ]]; then
echo "Removing RocketMQ Container..."
docker rm -fv $RMQ_CONTAINER
# Wait till the existing containers are removed
sleep 5
fi
prepare_dir()
{
dirs=("data/namesrv/logs" "data/broker/logs" "data/broker/store")
for dir in ${dirs[@]}
do
if [ ! -d "`pwd`/${dir}" ]; then
mkdir -p "`pwd`/${dir}"
chmod a+rw "`pwd`/${dir}"
fi
done
}
prepare_dir
echo "Starting RocketMQ nodes..."
case "${BASE_IMAGE}" in
alpine)
start_namesrv_broker -alpine
;;
centos)
start_namesrv_broker
;;
*)
echo "${BASE_IMAGE} is not supported, supported base images: centos, alpine"
exit -1
;;
esac
# Service unavailable when not ready
# sleep 20
# Produce messages
# sh ./play-producer.sh
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
if [ ! -d "`pwd`/data" ]; then
mkdir -p "data"
fi
# Run nameserver and broker on your Kubernetes cluster
kubectl apply -f kubernetes/deployment.yaml
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Produce messages
docker exec -ti rmqbroker sh ./tools.sh org.apache.rocketmq.example.quickstart.Producer
\ No newline at end of file
# Description of TLS related files
The purpose of this README file is to show how to generate SSL-related key pairs and self-signed certificates for testing, and how to configure the RocketMQ TLS configuration file parameters.
## 1. Generating SSL related files
### CA certificate and key file generation (directly generate CA key and its self-signed certificate)
```
openssl req -newkey rsa:2048 -passout pass:123456 -keyout ca_rsa_private.pem -x509 -days 365 -out ca.crt -subj "/C=CN/ST=BJ/L=BJ/O=COM/OU=NSP/CN=CA/emailAddress=youremail@apache.com"
```
### Server certificate and key file generation (directly generate server key and certificate to be signed)
```
openssl req -newkey rsa:2048 -passout pass:server -keyout server_rsa_private.pem -out server.csr -subj "/C=CN/ST=BJ/L=BJ/O=COM/OU=NSP/CN=SERVER/emailAddress=youremail@apache.com"
```
### Signing a server certificate with a CA certificate and key
```
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca_rsa_private.pem -passin pass:123456 -CAcreateserial -out server.crt
# Alternatively, convert the encrypted RSA key to an unencrypted RSA key, avoiding the requirement to enter the decryption password for each read.
openssl rsa -in server_rsa_private.pem -out server_rsa_private.pem.unsecure -passin pass:server
```
### Client certificate and key file generation (directly generate client key and certificate to be signed)
```
openssl req -newkey rsa:2048 -passout pass:client -keyout client_rsa_private.pem -out client.csr -subj "/C=CN/ST=BJ/L=BJ/O=COM/OU=NSP/CN=CLIENT/emailAddress=youremail@apache.com"
```
### Signing a client certificate with a CA certificate and key
```
openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca_rsa_private.pem -passin pass:123456 -CAcreateserial -out client.crt
# Alternatively, convert the encrypted RSA key to an unencrypted RSA key
openssl rsa -in client_rsa_private.pem -out client_rsa_private.pem.unsecure -passin pass:client
```
### PKCS8 processing of the client and server keys (Reason: see Appendix 1)
```
openssl pkcs8 -topk8 -v1 PBE-SHA1-RC4-128 -in server_rsa_private.pem -out server_rsa_private_pkcs8.pem -passout pass:server -passin pass:server
openssl pkcs8 -topk8 -v1 PBE-SHA1-RC4-128 -in client_rsa_private.pem -out client_rsa_private_pkcs8.pem -passout pass:client -passin pass:client
```
## 2. RocketMQ TLS Configuration Instructions
ssl.properties (Note: there should be no spaces after the attribute value)
```
## client setting
tls.client.certPath=/home/rocketmq/ssl/client.crt
tls.client.keyPath=/home/rocketmq/ssl/client_rsa_private_pkcs8.pem
tls.client.keyPassword=client
tls.client.trustCertPath=/home/rocketmq/ssl/ca.crt
## server setting
tls.server.certPath=/home/rocketmq/ssl/server.crt
tls.server.keyPath=/home/rocketmq/ssl/server_rsa_private_pkcs8.pem
tls.server.keyPassword=server
tls.server.trustCertPath=/home/rocketmq/ssl/ca.crt
#server.auth.client
tls.server.need.client.auth=required
```
## 3. Use the SSL config on RocketMQ
1. Client Side (System Properties)
```
-Dtls.enable=true
-Dtls.client.authServer=true # force verifying server cert
-Dtls.test.mode.enable=false # not a test mode
-Dtls.config.file=/home/rocketmq/ssl/ssl.properties
```
2. Broker Side (System Properties)
```
-Dtls.test.mode.enable=false #not a test mode
-Dtls.config.file=/home/rocketmq/ssl/ssl.properties
-Dtls.server.need.client.auth=required
```
## 4. Appendix
1. It's a bug in Java: https://bugs.openjdk.java.net/browse/JDK-8076999
```
$ docker logs rmqbroker
java.lang.IllegalArgumentException: Input stream does not contain valid private key.
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:278)
at org.apache.rocketmq.remoting.netty.TlsHelper.buildSslContext(TlsHelper.java:124)
at org.apache.rocketmq.remoting.netty.NettyRemotingClient.<init>(NettyRemotingClient.java:133)
at org.apache.rocketmq.remoting.netty.NettyRemotingClient.<init>(NettyRemotingClient.java:99)
at org.apache.rocketmq.broker.out.BrokerOuterAPI.<init>(BrokerOuterAPI.java:74)
at org.apache.rocketmq.broker.out.BrokerOuterAPI.<init>(BrokerOuterAPI.java:70)
at org.apache.rocketmq.broker.BrokerController.<init>(BrokerController.java:189)
at org.apache.rocketmq.broker.BrokerStartup.createBrokerController(BrokerStartup.java:210)
at org.apache.rocketmq.broker.BrokerStartup.main(BrokerStartup.java:58)
Caused by: java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 48)
at sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:257)
at sun.security.util.DerInputStream.getOID(DerInputStream.java:314)
at com.sun.crypto.provider.PBES2Parameters.engineInit(PBES2Parameters.java:267)
at java.security.AlgorithmParameters.init(AlgorithmParameters.java:293)
at sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:132)
at sun.security.x509.AlgorithmId.<init>(AlgorithmId.java:114)
at sun.security.x509.AlgorithmId.parse(AlgorithmId.java:372)
at javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:95)
at io.netty.handler.ssl.SslContext.generateKeySpec(SslContext.java:907)
at io.netty.handler.ssl.SslContext.getPrivateKeyFromByteBuffer(SslContext.java:963)
at io.netty.handler.ssl.SslContext.toPrivateKey(SslContext.java:953)
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:276)
... 8 more
For illustration purposes:
openssl genrsa -out private_openssl.pem
openssl pkcs8 -topk8 -v1 PBE-SHA1-RC4-128 -in private_openssl.pem -out private_pkcs8_v1.pem -passout pass:123456
openssl pkcs8 -topk8 -v2 des3 -in private_openssl.pem -out private_pkcs8_v2.pem -passout pass:123456
KSE can open private_pkcs8_v1.pem just fine (that is when running under Java8, things are even worse with Java7), while trying to open private_pkcs8_v2.pem will cause java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 48).
```
\ No newline at end of file
-----BEGIN CERTIFICATE-----
MIIDZjCCAk4CCQCtAwqWe7vLNzANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJD
TjELMAkGA1UECAwCQkoxCzAJBgNVBAcMAkJKMQwwCgYDVQQKDANDT00xDDAKBgNV
BAsMA05TUDELMAkGA1UEAwwCQ0ExIzAhBgkqhkiG9w0BCQEWFHlvdXJlbWFpbEBh
cGFjaGUuY29tMB4XDTE5MDYxMzA3MDk1M1oXDTIwMDYxMjA3MDk1M1owdTELMAkG
A1UEBhMCQ04xCzAJBgNVBAgMAkJKMQswCQYDVQQHDAJCSjEMMAoGA1UECgwDQ09N
MQwwCgYDVQQLDANOU1AxCzAJBgNVBAMMAkNBMSMwIQYJKoZIhvcNAQkBFhR5b3Vy
ZW1haWxAYXBhY2hlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
ANdzKEOXr/NRkJir0+vHGYkbAYhRZaFvAJTnjymAOtipAEWENgUTcNSOfdJu+0EZ
Xiw8sItYgj/WOBMdsHLDFDv2Z/tKZodPFOH2UkgmqrHEQLVSXoRcEaOMs9OXrVBy
0tzv2VQdGyihIM0hWHGXEcf7jbh7mhho0fVI0Kc7YfWrx1Q57ad4WzM9zAvsU5J4
tyBGfgZQcScwVbyqc01N5Q0pUKRbVNgIYbr806a6lOHc0NfHrZFyyo0TGCF/U3o5
Wkyb2Nm67IGJXwbFICi3u8IEVcqy/8JLHja8IXW89oksqY6lSkergsHpUESW1y7q
tREeeLbZqJVUUA/T8yLAr7UCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAResTmwE0
JW9mvWfZX9jI5/ERUOklYkiTRNfbVtXMJv2dnqpI6ZqUoAt7Yq+W1jYHqqf+sSYP
jbaxO2aC5nTQIigdbrtNazpUScSiFCydu9wThlY4sGWu39Yy5YJ55MsE/Ra7J8lj
v7EjWe+eG54f9kOfjwAsH2oKIntxSvHvGoNZ7/46JwU3volL+EAVA+Yvs5mwR4F2
NB9FItBK2TCRErmf6JrP/2TZ399kabVRk1ZSjGNoe3UQc5ZxlvtW3shGR0d98ysf
/AkVb6P77tAc4VX9ccoznc1xR/kzZMCu/AWc8TNV5lzVL4EfmKrtrzWAHkkeTLjY
lSck/qDdF0uKNg==
-----END CERTIFICATE-----
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIlNAfpmmINeQCAggA
MB0GCWCGSAFlAwQBKgQQxMXaVtdrGf1s/DOwm1C3gQSCBNA5DnEMy5d3auB7nZVm
MNe4zwNSgQ/iEY7XLPIHTy2d+xyUcQBHbGw1dyHpUPJJfCLS0w46BZWoiMTZRhpO
sCNDbpGhaIVf54zZlXUm5suy3lIrydQTftn1TsUN5Ba2UVkmKNzfyoWFebfYx/YO
ZjyB4nxaQcxLjOl18eq+36uZHae5Oo8ccYO9rUHqWTpShalK4TH92qwQpH9YNoJP
zTPu/sCvovUPuyPNZ9RhoaDucwQs2oHzAPCBIHPu0bYVef8gklsSFCyM6o6UayRr
WwB8CSekwYLtGzZnAKQrOEaxwhdZRMzwC86YtFhPD3Qfo7MnsJ10bDCqaaDFkWCn
Y7N+FiBblZG5+QbBwu0ltNSHMr3en2xFkf4pp4TnlNOnqaZmI3Mw4Y9pX3+3XUL5
3vC0dsygFw76RQNw1QK/XtdvXBKWvO/BPrZQsE6cRWyODsBf3oYJqocf+MWtszGi
wWuYwpA51aXyWiBB4oD43UYO1GVls9hMOcL3SorTT0XQbd9KFtvJoFpl92owlD6J
ht2UbmyrBq/nx8/9mYvPq1vudt0HxpbqJU2CMsUg8FzBrwQpthpdysduEfpyAIhU
iZ9NxM4eLmzPP82TwzjOb642M2Gc150Fbuh//EajSqpA303OcOjNVPtV5ZPv+Jqt
5JZFUiKwMogIfRllSfFKMihzpHi3y20oDsz96FO8Qz8Iri3VlLk6Hd8nc7Mhk6bL
Az2Nl18sHvPchnolm9/avWuVZb6P2y3xXFmdPk/Ow+rRKBXV9JEGd11KWd2Iof1x
MwDCilPcZG/ifYhbZFvrVQIvUT/PZH83p/3QFrGLZoAYxxyb5qhtPbTrAoPy6j03
cZSLvrExD0iANCg9LRZbKjpz/kRhpChnJ0Xg3C4xgSMilqbsr8DgBp7Bns2ReV4B
DTvJgjgLGekgc2PEqt5IyHkCo4M9E981NiU90rtm/6SOtjXLaBvrEpQc09bmAExE
/Syvj8OgJwpsNBhbgOMILItNf+b5+xeVf1fQZVqaFBx4ENNHPx382+6LWKb1eMMW
fslO0MDcAC+8M7bsAZrvCSdHyF0rNdbjxYpETJRxPkbVaxhHnNKdXUp8YRAk93JE
iC7ZppGUrpizY9kMRGmSFai6jdMWEKOazOkScfbCoyVHbzWxD01WqR7Rfy3+1d2f
HNwPQTOLmPIpw9NZ0E+k6HBw1C1J0ZplhXA6m4vwlq4kJtmki2dvcRjGdViAHc9q
b4gDjGmR8uexs7UHcwxXCCUOKKrWxXnzqhB2NdBuU3Wz1I5VYtxJZxCIDdNlBGBz
jkXwwVS6tTV2MeUTwvel2LLeouf+XemHNjJseR/1d+RThYKbGsas4PiVdQXIJ5Dv
9OJbiFq7sypIAoLLCJx7zXAFr6CY/EdrcyZ2EISkIBILOfja2Yasm4xUiRE4/hxn
x/b6pCqvuDXbWDFCclMM2VqM+/MFDU7Sixl9xYb75Wnhc/0+C0T5KtrQjy3/1lUD
uBNSty/uKDUPTxxAhVNXKqfOZtTgtZtMqF9m3fVn5eF0ZLzEdoaAaOjIgLTJuxNK
fpUkT8YRwY+r0noBJAtX5Iz4KejrTUzQ2fHjF072ktL2AUCztyuGZKmBHlTnZq99
639DZUIe/Ejtl2LqMz/ggksS/A==
-----END ENCRYPTED PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDajCCAlICCQDljUA20BnKpTANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJD
TjELMAkGA1UECAwCQkoxCzAJBgNVBAcMAkJKMQwwCgYDVQQKDANDT00xDDAKBgNV
BAsMA05TUDELMAkGA1UEAwwCQ0ExIzAhBgkqhkiG9w0BCQEWFHlvdXJlbWFpbEBh
cGFjaGUuY29tMB4XDTE5MDYxMzA3MTA1NVoXDTIwMDYxMjA3MTA1NVoweTELMAkG
A1UEBhMCQ04xCzAJBgNVBAgMAkJKMQswCQYDVQQHDAJCSjEMMAoGA1UECgwDQ09N
MQwwCgYDVQQLDANOU1AxDzANBgNVBAMMBkNMSUVOVDEjMCEGCSqGSIb3DQEJARYU
eW91cmVtYWlsQGFwYWNoZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC9DgTX7RfPfdu7kI0LTDJZsEZjcO7v6jjuI5AsGie9V8jCYusJGI7VbHEF
DlAd8Bj+Di+VDSKyVhBwVvE9vCFtccXpnnbq1BuLTiJuMJ8JoAF6BZnnS7heGeXE
073nco8m90kt2GvDJ+GGtM29tDzAGRZiEXlGABQOvRblqUNK4ZyIOcS+nhPMxu5v
JF1kA2xS03ow+Sas0CtJ90yPCNJEczuyeXuyeJTlMKUsPyjzwQsKQRScipi7X6MO
h+4dDm3FRt0N4+H29yGHSjxgmlzR5H4/je7INW6YXCPoK5YrcsPfbgl2FvqHMMC2
wH7+Yjlf1GCFWWAC84p6x+2DtbgdAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAH97
Nia1GGSR2oyLD/AYuss3NyPkLvwjd2s2rZR2HfvqivRCrMSt8GAlQBhrN8dnVCd1
j3dLQMEQ7iZ6lsL7Gjo8ppmz6el2yvZ0XHYkCS8YC7pu5G+9H2+SP5pFXA5CFowj
GCwUHETMnGEZ3dGIVn06Ifyu0nPNT22l0gycC7lZDz69i0JE7FN3ijBl2UCsfphm
9ayBf+bZ+ZQWGTaBO8hQcl4FNPle6Yw63/x4l47ks+zHw7pIOKE59gSbzimvi8zI
uLn0GnJrn+medVSlD1enDrWvEfFSL1ZyGkFiqMlBAQjHGDfj8+sTLfsA4pwnYNqq
1reXIuFOMouI4UVfgS0=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE REQUEST-----
MIICvjCCAaYCAQAweTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkJKMQswCQYDVQQH
DAJCSjEMMAoGA1UECgwDQ09NMQwwCgYDVQQLDANOU1AxDzANBgNVBAMMBkNMSUVO
VDEjMCEGCSqGSIb3DQEJARYUeW91cmVtYWlsQGFwYWNoZS5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9DgTX7RfPfdu7kI0LTDJZsEZjcO7v6jju
I5AsGie9V8jCYusJGI7VbHEFDlAd8Bj+Di+VDSKyVhBwVvE9vCFtccXpnnbq1BuL
TiJuMJ8JoAF6BZnnS7heGeXE073nco8m90kt2GvDJ+GGtM29tDzAGRZiEXlGABQO
vRblqUNK4ZyIOcS+nhPMxu5vJF1kA2xS03ow+Sas0CtJ90yPCNJEczuyeXuyeJTl
MKUsPyjzwQsKQRScipi7X6MOh+4dDm3FRt0N4+H29yGHSjxgmlzR5H4/je7INW6Y
XCPoK5YrcsPfbgl2FvqHMMC2wH7+Yjlf1GCFWWAC84p6x+2DtbgdAgMBAAGgADAN
BgkqhkiG9w0BAQsFAAOCAQEADPNzwKiL4s4XJNv1tUbwMGoxjgoIGit8o/cHkR1t
zM98KREvCsSxhR+oAjnXTq/sw57ZxDW49RABFswsKcq1gi/14XvQOLjn9q8+Lt3d
tZO0wnvF0wbPruMG1BzDNcNZ6cI6MxnffdgHaIvj8jZ6+ky3/AWFm54xQv/k2sos
Am9gTKFad+1nQWK0BB5LlL92CeJ070i1QaLqAcpqLNxQt/AHlcCYsXgh3Em4DE3T
NXQ6LfLDtXRMS4LHsCg9FpX5kdCBhtpR711F3dp/L8FT2mfI4dnpxiow3jE68+S9
o3Xp+QCNmJ8MXlQx3X0mBO1Lb7dy6TgR1FCiltAx0JMhbg==
-----END CERTIFICATE REQUEST-----
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQI3Y+Ip2IEWYcCAggA
MB0GCWCGSAFlAwQBKgQQOKd56H9rUJh0G8frLK/QQASCBNDJCztIrpHwj0g5CusF
YQHVcL5BNDzH9Bg6B5LDmKAgXtgd9Xmy/asAmX1QGDUajGhbxFcLcUibvQKxOhzl
/Dwm2M3fR7gecosMU+K6T519nk/fsugXQfJUUPU7aGYwpSUz8myKHDUKlGRLJ23Z
1PX/KkB6ud4K5yGEkisCSxPO+rf+YjJCe7+VohsLKnC5mUiBxbGtPKxI5dzijZo+
MksEaOklvJzJGgwlKgNj3D6OurASGYeyxbORaKkT3YBvW/RwuWJ5BTKMf7nMNIFS
umRPkacE5sgisyJHe4X0SHFvlthG4DXQ9SYE9Yh224RPQ3arv6NvSUO/FF33wDpZ
iKnrsx1GpB2+DmbXUNEYhlG9KFGR2gx2WtQBfcY1dUHQUvZ9XhGsgvkhHVUHrPXW
HfY2SddpIt0sgwTeni7f5AA6n0TEsESPwItbpReEgZv7D23gOEYD5voXzBHxn0YJ
B9ZiebD+SHqScZpJPuCvBIn+na2gdZLo5w4uK2tdMicv9Quf4I7mJXHsxUgGCRK0
qXz3PjvmK/odJZf1+e4RB1wf90Pjp1YIlNzNkTDr0rWAiX5a1a82c2gZwULZZ8uM
yo0Cd6YE2idzzQrfXf4mejfhBc7EPqSbagvEwteUTUpMqHJifr22Cw9jdbXDNtB8
ZyqebxOdfejZ1mMMaTFJSmXhY/a9l3XRPVwOAWcTjrZjAx+gHYYHOUaDdnB+etj6
bhcUjnEM+40WT7n3DuTSnexSE2pwROqKbnrtlMqN5CTqWv1295Q/N6PrTyyQN3xD
zwZaXvIQPFh3BTm4m4otIVeYp3qqE0ESFsE46RZjtw3tSrAWbNrhl9m5LD65aKiO
S0zDW89RenUiLHaDa4r2kD18tAf8cTbls5E03IIcgR12vVT6c0rY5DM7VpI72fN0
xsBML1BbJ8P8V8T5RHzxFhbcDfO7BGe/n4rAyrJQX/B1b5+RrhI8bGdMKjCsPeuG
qsmC+u6BlAd4/2nvvMHvUefkw2k9MiiWH/q7vXRvqi24LURutgM6G1+k7c7Cyeog
HDLz2QA2YYwMKO0sDHeF9D1n2dhCCoi60yRm4Hi8ePBIlJs+yAya+DI8LODM8xBm
ZkGMOUTQayFZ+GGgEe+aqnZiVqkBOIcY+cGofn6EKzPjTqrZ20g31Zlt/NNdJYmt
QiLjWsuHMy8NuAvPJtEKDqzFNI1aHmXVSpMnSujtwBxibnTu+pPjFSpyp4Ftdh1Y
VwfnNDDaoGtmRCVJQ3wxBbmCo85MkLAqsPu0aI3SyiUAYw7WX2vf4U0nzLUobFQQ
AXbdLHI9+eDZ042g76ZLdR5unye89iYoxblXSoUbYhJqmE7rgXpORouljg0GWdbi
+TP/uWlSrp7z0ErwewIydQ17SyA6MVrhhGgp/q/FRYx+dpUswPSvbeR23kzfeFNT
ICJToVli6C1M1+YA0wTehWJtCLYP/tBBRSVROnVdnZQ00ERJ96RzVtKnt0SdV/3e
gpj8NyJYnYuuO9H7NTk9K1SnKLfCBcsCU0Z5dHvoMkxEYr8J8nuZf9hy5IfbyUNO
9o6KhAB7SVIgwjCwlmzeczWXPVrdeYqWSTFrrIia5PDJkaZlX3pm2jjHHKmxWF0o
H6N5Z5yWW7emy8K+eSvMpfTJeQ==
-----END ENCRYPTED PRIVATE KEY-----
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAvQ4E1+0Xz33bu5CNC0wyWbBGY3Du7+o47iOQLBonvVfIwmLr
CRiO1WxxBQ5QHfAY/g4vlQ0islYQcFbxPbwhbXHF6Z526tQbi04ibjCfCaABegWZ
50u4XhnlxNO953KPJvdJLdhrwyfhhrTNvbQ8wBkWYhF5RgAUDr0W5alDSuGciDnE
vp4TzMbubyRdZANsUtN6MPkmrNArSfdMjwjSRHM7snl7sniU5TClLD8o88ELCkEU
nIqYu1+jDofuHQ5txUbdDePh9vchh0o8YJpc0eR+P43uyDVumFwj6CuWK3LD324J
dhb6hzDAtsB+/mI5X9RghVlgAvOKesftg7W4HQIDAQABAoIBAFwuQLhUF58JXCGZ
etw+W/KVW8zS3P5IM1gSKRMH8caFzhLSDo4R1ltEE9uGPhRK5LTDj/naPMe95SgR
jHEwkQ//QKQHqy4XHBMRlwIpXPJhfTbVElTP++aONBWDtP3sQtaaDql29BxlDrcS
45qTDmgQE3Tf1kUGdsE0+7whivkwLxQS9V0G/Gk20Nfypx26iBGLPlf7DANn6CcM
DYySHF/AYjuwf7bHM7P6YOHGio3aZmV455RNw98lK29DwkAQnHwrs5Q9Dp+fibE8
WrPDjB+mfJg/M5SHExnIbYxC/wO7GC2CnKEQ25jdC820yw/wPp3ug5fh9XDK6rd/
CCA9mSECgYEA8e3IUZa9Xp3kkkJjPllcy8rsNv79+Ifmtn5Cx4klclHFQe2I8Wvw
/ZkhvjknDWaGxOYb4CEbLQCPQWxrvNp1/pItze68PrtsiSNnJHAjTnjXNaHc9wgy
y+/H4FqJy2Mfo0zGG65fCxiBSoFrx0K8p7Rs4nnrclohsRZ9Qc1/MmUCgYEAyAz2
wwUrj76xUIta/j2Mnbnwcb0oY0uZVs9XMxpR05mGLw9FMSPTVWtE+rRCJ/dKBark
dSGkZ+rG8ICvgek09D6Tl+gSgUiM5mXPNcW3BuNF/EVQCGhakeyTFWUTGeuEb/Og
QsxccwcUHCXM4WryYnUu1yqzcpF+/hqlaMyrt1kCgYEA7hyht6PMeK6gxE9xDHG5
wp7TxQFOCGoB6oX0xh027QCMTGo1CaC6zW8FZgssY6UQagUtVHhhHfbaCINkurit
v8QyLuiVAI1JsuRUZOm15ktLTe8k40J/dHdo22lhC/xgrEIpDh+eTfZtcl5VLQaD
VfBf5rwmvyL03C4NVFGkqn0CgYBf3P5+s8KNLncvvqfK/1mb15dmGZv6ASco11DU
9z7Q5FfNw0aH5sAFxdKXRLwTBMhe8OZrTsTG21WbuD7iRQuQI1B80cPUWhzS52Sl
QuqTDWPjIJ/ad483MCPHc9j0aczcDOX2PJHsuS6k0mRcfPBLyBW7HAZD138Aa2pq
TvHWeQKBgADj8mPJMyQfn6YcBCL81KvzF/1HmbdehIMh2kJNK/9g8PZOKx0KnIum
43JZDFnqheoZcHCO/K+IAR7Vw+MV4MWZ/pNG65rcFGwyXygVdV8j5/o5dfbY64jX
WZIixa4+pqr+PbILGC6YJrPBaxJclmzay+jFCkDyrfjIsJVXHmis
-----END RSA PRIVATE KEY-----
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIE4zAcBgoqhkiG9w0BDAEBMA4ECLmmzAmLIjO3AgIIAASCBMETwEYAUaz988mU
3NyUox7+owFLpeIkqHptQ+KP/iMmP+cXJe+hLMjyvG7HGSauQ5ruNSUqg2OfaHrx
RqzBjESlkqOmJ7u7IGNRGFlds+SHikbgHoJb+sYP1K7qPeHpCMgq+JD3cV0F7UQF
cUZNv/4PLSsw/lo70N8+FaGeGRto0TO8Djhlvs4sPM4rlTazV5h3LpOZCYkO56Gd
DpwYo+bcr1S0GxZMgyRbggAvcL02GTTvSoH5KdzX10UbH/pJh6Q28Syagg713iX8
rku958UMtpluwlOmvjlZ8yxbz49q4UhUS1v9Ox/YB5XRwOQSCopJIWRJSgjLj3mj
o7APtLueV07nZ1jMG35T1kD5KhjwfXSjDpIWfeBuDy7rLzqHHNrCfZO97C8xltTn
25IItpQ3nKdzFA9+YuwSixPMUnR7pFrDKktU22DNpQGaXOBMKiKHk7nQv7oKCt6q
0WUa4H/flxVk94kLOKSND1UqNlrsGqoMjjC55DM1s+LsxdvXeMqiNTAJFI3sAxRM
o6SPqKuUxG+m9m/AqWXvwjVlnCXvTiWPUa/FBRvTUZUllxLwunhpJQNkbKLOqWjN
GPc2U8iaUf0FeXeCPoYervkU4cJBR6BAEgHfb7EFXh4gY7I8XOXOSENxVxnSWiWp
zVv0J+egmzbobwW/XvxK1+IyaFL9P9enUnyqmlIYEJqKp/QwMAdUiNuP+VZuFIBE
JldINC8KsvQREtYn3zImDbMvP9cDp9n8EFI0/9+R3BPrBhFBlfY06OfP6G2Dqynx
3RbbTcQKcCYwOkogZIsqCg4f7gRgTSPw71FrrcZO+JlBF7zF5COv9vr7wKcoBUkc
tVedq08mQOuGdz7NRiwMvapecdK9EQGGuMVrppz/6fbxYqUp3xFcT+KJ7yqfpv0f
KQF8zbjkcFawQic9lTFB/Xa14nOUQC7UDVcOOrBNic0WKRz8+bo78Mtsqe5abKhs
IkhR4w2YfhPMyCZTREeCeFdhSbDadseI+EoTyOYAIBJRCNI5rKDhWlVTdQNZ+wot
JO8Pnyi+FtSrmqoBATeBY4SzTH6+cDX0WLtiJl2KLvY8ezlvv+dzuv1Umm8Hp/El
tjBqNwU3pLQXJpuagX+6zOexghKHR9nvh/McEGWk5NTk8n+dedMkWxU2TB6Cteo/
JB7zN/xl32uMw+74xuAaS0WblXmfMFm6FJrtOZ2xfxBZSc3yktfca5viIRLtRP0I
9EyGp05I71gr/5FV1ENitLFnso0GfFZ73gsRtRH1Jdcr09O3XmFcUAXWTJuo6u4h
fYMU98h/0sQ02PYYO1lWhK0zqJ1UD9MtpTUCt6gCgEq4FuZeHzfVbBZX5/b7G+q3
dtmIIrITd8DZa4bzAYJzMPa4KfK95NuECUjGTlM+PuVKHTXC+ej9zlDm35XDJ/FU
N7H+c65GGrYTPro4R9tu/2T/P486icepC3gPC7nnMm7/zdORxWLzDIlZm3vkTG1T
p4Q3vF5+eYkMT42WV92o2JdYWU4YKgTTrrWEjO4MBHitZ/Apz4oz2bDiYZXFB+eS
Bysd1n3lvrk7huZ8o38sFW10mbdWPFjEb7ky7QaHUmpsmFIPT76yJ7+0msEt7Lv8
fPuDvh9oqg==
-----END ENCRYPTED PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDajCCAlICCQDljUA20BnKpDANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJD
TjELMAkGA1UECAwCQkoxCzAJBgNVBAcMAkJKMQwwCgYDVQQKDANDT00xDDAKBgNV
BAsMA05TUDELMAkGA1UEAwwCQ0ExIzAhBgkqhkiG9w0BCQEWFHlvdXJlbWFpbEBh
cGFjaGUuY29tMB4XDTE5MDYxMzA3MTAxOVoXDTIwMDYxMjA3MTAxOVoweTELMAkG
A1UEBhMCQ04xCzAJBgNVBAgMAkJKMQswCQYDVQQHDAJCSjEMMAoGA1UECgwDQ09N
MQwwCgYDVQQLDANOU1AxDzANBgNVBAMMBlNFUlZFUjEjMCEGCSqGSIb3DQEJARYU
eW91cmVtYWlsQGFwYWNoZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCrcoEkq7+3+/j6kptOBxJSC3y90oGOyQvMJyCmsytwr+Qj0J7so3ZyBp8B
lsUdvgq6Z9NzZpgu+bsjvIws/Ej6yfdM+TSPc7WdctRwtJjbxsYNRXI5X6dLf8gn
u9eXSkTzaJhNyx0+r0hH24ts1rTwAVXB5Rfb0A8748fR5Lx8juN+SSfCWaTQKqmd
QDiQN08WkCeNTnxMWOb9AqN2XAxj9GCCJOIdlr/XyPNWIJuIZkL+R6WsjIcR/7NH
v58VB9I0ve4tjd0fk7SpHrIqi3q87lt43Pf05yQqIp90HU5wu55JT6p9YsW+UaSl
eVVIxVAhehou4Q3oOjPNcJABwgPRAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAKM2
rIbsKe+kpxdVgoZSznWztN10APYtGM/0ss76B2mT2SCmKDdhbkeCG4VW6qw3CtUs
odPTp4pKtG9UF/J3BAgwIHI0LnWQfxJ973t7vfzP9D1Q7/X6j4UaMbldj442MEDM
pItITWPxpEqMdd4O3EcqsxbqQRWiugjQ57+Z80GxoSFSthIMX3nUjGHfbewxy/Jk
VPdyqElzcJ0CwRE0Dey18h+bbqdyDaG0wJ+HKZlbx2A018SX+VhyTUpnytrTHhVb
SD9rsdtFJFfnyeatJMmtjn/Hlhb19k4kk/UxiStW95zxmesen9OHi1bRlUvPKcOO
bwdeH2xp7R1Tio1CY4E=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE REQUEST-----
MIICvjCCAaYCAQAweTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkJKMQswCQYDVQQH
DAJCSjEMMAoGA1UECgwDQ09NMQwwCgYDVQQLDANOU1AxDzANBgNVBAMMBlNFUlZF
UjEjMCEGCSqGSIb3DQEJARYUeW91cmVtYWlsQGFwYWNoZS5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrcoEkq7+3+/j6kptOBxJSC3y90oGOyQvM
JyCmsytwr+Qj0J7so3ZyBp8BlsUdvgq6Z9NzZpgu+bsjvIws/Ej6yfdM+TSPc7Wd
ctRwtJjbxsYNRXI5X6dLf8gnu9eXSkTzaJhNyx0+r0hH24ts1rTwAVXB5Rfb0A87
48fR5Lx8juN+SSfCWaTQKqmdQDiQN08WkCeNTnxMWOb9AqN2XAxj9GCCJOIdlr/X
yPNWIJuIZkL+R6WsjIcR/7NHv58VB9I0ve4tjd0fk7SpHrIqi3q87lt43Pf05yQq
Ip90HU5wu55JT6p9YsW+UaSleVVIxVAhehou4Q3oOjPNcJABwgPRAgMBAAGgADAN
BgkqhkiG9w0BAQsFAAOCAQEAPVQCIHeZszbwZWBWYxSsOyg8zdGJUJr94coP1Vqf
h4iSiMUQDIAVpobw2Np1f1SfIU/kc3jK3pSk+ac7kb5hf/2WA8UJMtyb4KUYxhYL
U6x+/imKjijLQb2UMOx9QyATMzX9N+r42mblWpGKbeT8v2iXXbFWOB6xffR3VmfO
FmZkHCTe0rO29wfDvJNG7UM7o7a4v9hu3FU3wu0woJKmNm7We8ePIYg1aWAoT7+6
XloBIX4vpmqQgG1DoAwkJIQIyr+4z8o6MXDdMDYHK+OaRz0u7CpZD3fkWm92ceYP
W5jYtEV/krwwbMJJNOc3UlBf1bFnD6PrfCH68G4rnn2OtA==
-----END CERTIFICATE REQUEST-----
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIFwd6743xwR4CAggA
MB0GCWCGSAFlAwQBKgQQX+Zs4Opeu6nFw/SBfyRyzQSCBNAIkBV3aYRvkRrx9cPC
4Kui3tXktAPJz7/EAXjCS3ahBmBfCIQCDTvpNFBmtP+rbQFMh2RMVD8ntnhfRblN
++/XrDCPqA5qsovKXgrrpxsEYY8Z6l1V9N16y14heawVtR82mNDFRZ4i6RS8+B2X
WLf9wv3gmkBJuvkD9q3IT3uO6w8fbF4xaZ3tT+n6tlcvmZ6Ux9AZEpgrZvtIPhF7
aCZMRhi0JqZALIjf3FK4EgFNzNFwLCLixPczvJvGRP8yf4oqC/dg6T5AiAdPLhyt
ccWAtgKDQu7iPGVe0MYlRhtXrSt13WlAt7Yg+0gcIMmYGyeAMZd12vBYUtR3ts3c
gy/K2OzcH0V4a69llbx1NzpoEzt4kKVjDWnIy++a0/nwVAI5WX2HwgPbs+ShQ3VO
+CWpSsGjUkReA2ObbIf9AHk97SysBkfULA0+DYfD7IrdSunmZVpdkj0gYEJo7jy+
nn98LHBZqlJSerLoF/zInSAY8Ym4abtCvUjlAo+9Rm1DLlIEnbRvkAuLq7d8p6Mn
mHRgvvLlgGmDkOa4LzE/Q8+JD8X4XeVmPXT9JWYmOfJFKu1fP7gVXevyp4XfQNHD
7/d/0y3OAHpVWEWIT0hmuyYy3t0DOZx8HFlc3d4kHBXDtrVfXuQ7Ny6u3M3pbAGO
RdPT7a2X94o5/IAphmarCHIMosek0voby2oK2JL96hLl2vDFbAowN7TOxuiQKdjz
VW7XiELiXXcE7J9xhu+ZCmvgMTJP29tiu2/i0Tj2Nxz9EkPjIuDRm3BqPAxTReU8
tUFj0t9Wuj2KTLPKbKt664Z92xFaS7MIFJrm3l6H/oGNa3qIpLYiBJeKN6ktCzbC
4ZQpUkz2uZDJBwcFKh7CJbc0HBSRgxa0MbW01VQBXz8zkzfDr2XUvNddA3gs5iP6
sUtlUVK74MjfHmnsjQUsDNRLH7kMPjAlVS8qyamNMzBWmMcvS+orc59dzCVckmBu
MqJWKZLwU/gcSQRhGzokaYe40qtoNzcQV2YlUP4gotpC3AlyJlYHNEl65MbWjTKB
TyWXXdJJ7Hfn2j6k0PXhzHsNKBfTcy465no+/BR+wBpY7b3fIN5+EgGiisAM2gjX
eMRMhVOfV4+qY+nYARH4tavu2Sn5la6sqEGolu4iLp8hcMoJe9No6T4NDaAqMNWU
5wH+QunEL/eRfMY9Y1bxP+NspqOIjP++TXHN1i95eZsWF7au/B7Nl/5arkT3dqDO
sNv33Igatad8lkY7wy/lknqYPYyqSuQAmNuhIcNOJIv73ssaXqIhUtl/GDj++j5W
em2J3+cwEZyyQ+Bp4IDz3MHLa7cR8sAyWgREnAsbL1PhH47t44xUxDWe/zEiD1Qm
H4ak6adLQRGfPeSSEk7X4G8MPZ5rIfBX7BFamTnBaFvxCmiVRFd44dP4hEN+ozE8
NQZdgGm4S6MENTgZTypEQ3i4H59sizrdW0kYcBP3taqKN/5p8/D+Pkg7UQf5ma31
3UJinBWNGFQYUtCWLzkGCVypwnBSworlPHsRmFR/3uqozNNWa0x6uCAkpKzd5tXk
MwkgPA9Sf6ZXCNsfVoz8PfIC9Blj9LrOVkWfUUEztaNjet15gi0NJFuMfDoGeJ7J
OaYpJ1sk8E7q6rd3Br44CfTvlw==
-----END ENCRYPTED PRIVATE KEY-----
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAq3KBJKu/t/v4+pKbTgcSUgt8vdKBjskLzCcgprMrcK/kI9Ce
7KN2cgafAZbFHb4KumfTc2aYLvm7I7yMLPxI+sn3TPk0j3O1nXLUcLSY28bGDUVy
OV+nS3/IJ7vXl0pE82iYTcsdPq9IR9uLbNa08AFVweUX29APO+PH0eS8fI7jfkkn
wlmk0CqpnUA4kDdPFpAnjU58TFjm/QKjdlwMY/RggiTiHZa/18jzViCbiGZC/kel
rIyHEf+zR7+fFQfSNL3uLY3dH5O0qR6yKot6vO5beNz39OckKiKfdB1OcLueSU+q
fWLFvlGkpXlVSMVQIXoaLuEN6DozzXCQAcID0QIDAQABAoIBAFKQlSLc1zo6TUAW
pFYiT69VOuCLZLsnlNffK/k7pbrh6eNZj390hREKoT55pjnZkH8OiyUzDizpNTdT
kMoFQPwNkVvvU2GWHqtRZn9UaZzFkBFKFWUN7JoOUozYCE4ihSwXfelQ3KeYcB2y
2+UxTPecHPmAY0oHW57C5jLtjdwJhjo3m3S+lh79uFE4u+QIUV86Psn8JBLej2QU
AYUy7AaAMuLHsJtWtP5jpaCKikCWYtfaCHismWpN2RbIwVp+unWhpryUpOOZx5F/
iEE8OaDAkZimPgS2Bh67VmX2+SmaRFDRXKWEUXP3v7EVPY40SIZfZcqW7JSVrHkp
w+/pNUECgYEA0gw84EFJBGumMptwjTffajrtynE/cjtYSp/cmYisQsQXcb2DSjTS
zrK2kJmJUCuEeM1GQRkS0by4lk157BzZaBcMwad/4zwJ8ZU8676yKv0Rf488+DE4
4IWByoSYElH9N9iW2eWWuH8+BeP86JUt+DgLqPBLsy7PKndNbzJE4BkCgYEA0PRw
JeNfjvcGTLDmm2qbtYYzheIUdQmwYUrYqRQCRPP3jxJIrrvwn9ID6Cx8FS2vdsXr
3vxYdaDARrijF1pDH3swm3GHrIV/qYAkb4Cy9mdoXK96AB0RD5plbo15952d6kfD
OdZ3D+FXUdJbqHIR0Vk60iRSR+bphfOK73r32HkCgYAd5/Ym68Ssp3MTU4RT5ved
VWST5UnmRsLMZTRwe8AjBW5dGGGACENXgKRztBiT3I5Q8NEm5Z4DVL5nUAKi9nyR
0G5ViDayMNMtnVT+L7mIW13Jbqh8oe16MigHoJdSTHAkKmdYANNT03IOPqa8qrjP
1ZL7a7MrgOeoITJaOasKyQKBgES81JOyK4JFQt5Bp2ri9BwP7K0TRTWHHW20CHf+
bAyw0PRQyHYqvypkFQLwd1UkNT92NnShQJxZaEcbgBMzjzcw+Dl6bG5VcDybOeEw
Ti7+r3cmBpU4+p7OZKWshr3tLMCgINnK8lnYADibYamU9MWQe+gbKLIchR+akU7c
feHJAoGADF8pbOuCpRFZnUYzKh+RP2tHcRJSGSi7VouI9tCx+NXfKuuFlfw3+2ug
/xmbjwzXYUDw+VjpOYA1OAsqmtyk4sJKP2z4oA1RLUfuL1nXyHRgMQ39/KmY4/Uy
2hPaS1CkfAgSGqTpb0ciY8ELCJQIDrX3QNgCeR1cCHxLygDVGvc=
-----END RSA PRIVATE KEY-----
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIE4jAcBgoqhkiG9w0BDAEBMA4ECJOZ3PKU8BRPAgIIAASCBMAocpv2E45lph1C
G5zcJbwMJw08ER7ouxnhcGyKt+CXIbMESikTUUJDudCWgTiTIt/A0baNPW4m6Zv+
oJhvMBFl7KfUyCkVRpSw53ygHM6TeeIS0UP6x7eB9++yNCJ3ZVF7OzVvmDwx9FnV
XOfgQjZIIvcyXgn5jwj82PB7YG3fwQye4AUgmr6ngbMk/GZ35XIZSfPptHHdvkxG
DifswZynDX8FeH4NAKZJilC0m/gO2OayVRHl19LVTu9V/1SKya0uLJvP9Lezqwl9
n1cSexe8rbpho3HX5nRbWk3T2/sM1F/fD/ylDdzgrvLe7xmlbExhBMZfIaFnTJu3
4+dJBYlS7cBBeF2B+9/4r6TXVtZMsjNVmWLEye3ExXCOY41fKvTv5qH4TyXXrsrc
1G4Bv4+oNXa/WnfF8qDlvtsSouOPWHtQEQMVMKyaLL70Z1wyKFVtFT8EbkGmT878
lJX/XsgXgfq61+OZUpriQb1+0nzlPStnRRUL07D+ryllvFRoIBh1q9OwIvdVHDsI
zh+KCVsPEuq7VdIW+wNRiomIGu4SLjquPYxyOnqV3YVmcSUfzbo+li1QcplC6WVS
LICZsvIuCUtEAOTXzJdcUMKSNgYX+sCLZBrG+EYZhTBFwTELSTGESC3gGGdua1nq
Bm86S1wBgY6i9jIDxvuLXOVcphVUB6/9PQrxbVAtrpeDXGAyMj72h1GSGehr/VuS
jlSNz/LLXoSCZKs6faPo3B0PM0VMN87dVNVpOw+3eTkdy2x/0H2oAoGVIbtSTvbh
bmTbCcMiXlwCBgfUZUu+6YuwRZzxXxS8gNpXW/RT8KNnmCLGNtjJhQN4hHfrKsAI
+M1qAVbkSixHRGWQygbFSUUQ8h7OYFMft5YpnKLgl/BaMjzAsFZOFbcOAerQHcL7
FatCQpBCmQ8MleiEzK7rN7IGYe7yx0HW1NzX6ym2uhCUtwipH6sspT7hDJvMrGFW
vAQwBBdw6ewmjq+XCliSDNFTp1TRkiN0ilgeLS+EIBPKh0SFooXe5oXJhbTNVQem
is958jgJLeDGVDZrjyZq2ptPYb0kXmGQKvhnqZkO8hqI1xGbGZm7tERivolclMN2
e4Yh1D68fcyOzpmfPiVN6T22I0GMAtq8exO+F2LTdarGWnBRr6aOp6QSPz7iMQhf
OHXUj4smLGkZT5XIlinoVK5YlKIq5aUusKrS9hxqNfyMTz9iETiNNg9hCTolXKvN
tuYygAMR44DqhLTsQLr/8++DxdLZ4v3Rd16q/YX1GNAUMvNEMzokDbp50+ET36Mg
VZu3SeRmjnh5SvohDRbM4uool+0KFkGjsB3UpyeF1QgfNcUuc608VnFFF3XIErw9
TaARow1v8LJ9+C2p8ZweSr5npatP4uMcDZ3DalRx7Dhef5PpOmt0BTuV9AJpBLDe
l3qpQo/z5a25wJa1fe7xk2nbVGjI7goxJSJu4BovE9pBw0GkQz44xNiKn+S4Bunp
lIJ9CpB1i9+EN7xxcG2vPkcsajgCmoXqlMfxvuvegZPISAwsxjd9WPO8BuC1a6dA
EmVffgNsK43YGSnBJZEmmOb+1uGvbZJHLiMcpTF2xiaCr9qxDurn1euOFJ4nIF1f
ONZTTyJQ
-----END ENCRYPTED PRIVATE KEY-----
## client setting
tls.client.certPath=/home/rocketmq/ssl/client.crt
tls.client.keyPath=/home/rocketmq/ssl/client_rsa_private_pkcs8.pem
tls.client.keyPassword=client
tls.client.trustCertPath=/home/rocketmq/ssl/ca.crt
## server setting
tls.server.certPath=/home/rocketmq/ssl/server.crt
tls.server.keyPath=/home/rocketmq/ssl/server_rsa_private_pkcs8.pem
tls.server.keyPassword=server
tls.server.trustCertPath=/home/rocketmq/ssl/ca.crt
#server.auth.client
tls.server.need.client.auth=required
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment