You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@rocketmq.apache.org by GitBox <gi...@apache.org> on 2022/02/28 05:04:18 UTC
[GitHub] [rocketmq] zergduan opened a new issue #3895: 启用ACL后,为什么要将RMQ_SYS_TRACE_TOPIC写入plain_acl.yaml后才能正常使用轨迹追踪功能?
zergduan opened a new issue #3895:
URL: https://github.com/apache/rocketmq/issues/3895
1. Please describe the issue you observed:
当开启ACL后,如果对应的account没有设置RMQ_SYS_TRACE_TOPIC没有PUB|SUB权限,将无法使用轨迹追踪功能
- What did you do (The steps to reproduce)?
Broker配置文件中启用轨迹追踪和ACL功能:
traceTopicEnable=true
aclEnable=true
配置plain_acl.yaml,内容如下:
```
- accessKey: PG-E-APP-YYY
secretKey: 12345678
whiteRemoteAddress:
admin: false
defaultTopicPerm: DENY
defaultGroupPerm: DENY
topicPerms:
- TP-E-APP-YYY=PUB
groupPerms:
- accessKey: CG-E-APP-YYY-APP-SVC
secretKey: 12345678
whiteRemoteAddress:
admin: false
defaultTopicPerm: DENY
defaultGroupPerm: DENY
topicPerms:
- TP-E-APP-YYY=SUB
groupPerms:
# the group should convert to retry topic
- CG-E-APP-YYY-APP-SVC=PUB|SUB
```
Producer 客户端配置 AK: PG-E-APP-YYY / SK: 12345678,使用发布组 PG-E-APP-YYY 发布消息到 Topic TP-E-APP-YYY;并开启轨迹追踪 enableMsgTrace: true, customizedTraceTopic: null
Consumer 客户端配置 AK: CG-E-APP-YYY-APP-SVC / SK: 12345678,使用订阅组 CG-E-APP-YYY-APP-SVC 订阅消息从 Topic TP-E-APP-YYY;并开启轨迹追踪 enableMsgTrace: true, customizedTraceTopic: null
- What did you expect to see?
消息生产消费成功,并可以使用Web Dashboard查看消息的生产消费轨迹信息
- What did you see instead?
消息生产消费成功,但是找不到生产消费的轨迹信息
2. Please tell us about your environment:
Oracle Linux 8.4
OpenJDK 1.8
RocketMQ 4.9.2
3. Other information (e.g. detailed explanation, logs, related issues, suggestions how to fix, etc):
修改ACL配置,在plain_acl.yaml文件中增加 RMQ_SYS_TRACE_TOPIC 的 SUB|PUB 权限后,重新生产消费消息,新消息的轨迹信息可以正常生成
我有两个问题:
1. 是我的配置有问题?还是在ACL开启的情况下,要使用轨迹追踪功能就必须将RMQ_SYS_TRACE_TOPIC的SUB和PUB权限分配给account?
2. 除了 RMQ_SYS_TRACE_TOPIC 以外,是否还有其它 System Topic 需要加入到 ACL 配置中,才能正常使用相关功能,例如延时消息,顺序消息,事务消息等?
我看源码中有一些 System Topic,如下:
public static final String RMQ_SYS_SCHEDULE_TOPIC = "SCHEDULE_TOPIC_XXXX";
public static final String RMQ_SYS_TRANS_HALF_TOPIC = "RMQ_SYS_TRANS_HALF_TOPIC";
public static final String RMQ_SYS_TRACE_TOPIC = "RMQ_SYS_TRACE_TOPIC";
public static final String RMQ_SYS_TRANS_OP_HALF_TOPIC = "RMQ_SYS_TRANS_OP_HALF_TOPIC";
public static final String RMQ_SYS_TRANS_CHECK_MAX_TIME_TOPIC = "TRANS_CHECK_MAX_TIME_TOPIC";
public static final String RMQ_SYS_OFFSET_MOVED_EVENT = "OFFSET_MOVED_EVENT";
是不是以上这些Topic都必须加入到ACL配置中(授予SUB|PUB)权限,才能确保所有内部功能正常运行?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@rocketmq.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [rocketmq] sunxi92 commented on issue #3895: 启用ACL后,为什么要将RMQ_SYS_TRACE_TOPIC写入plain_acl.yaml后才能正常使用轨迹追踪功能?
Posted by GitBox <gi...@apache.org>.
sunxi92 commented on issue #3895:
URL: https://github.com/apache/rocketmq/issues/3895#issuecomment-1054927518
@duhenglucky I can fix it
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@rocketmq.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [rocketmq] duhenglucky commented on issue #3895: 启用ACL后,为什么要将RMQ_SYS_TRACE_TOPIC写入plain_acl.yaml后才能正常使用轨迹追踪功能?
Posted by GitBox <gi...@apache.org>.
duhenglucky commented on issue #3895:
URL: https://github.com/apache/rocketmq/issues/3895#issuecomment-1054867090
因为消息轨迹的Topic 是支持自定义的,所以建议将该 Topic 加入到ACL 文件中;其他的几个topic 都是内部的topic,并不直接堆外提供服务,理论上不会对客户端访问,但是在代码里面也确实没有增加更多的校验,存在一些隐患,您愿意再起一个issue,然后增加一下相关的校验吗?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@rocketmq.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [rocketmq] duhenglucky closed issue #3895: 启用ACL后,为什么要将RMQ_SYS_TRACE_TOPIC写入plain_acl.yaml后才能正常使用轨迹追踪功能?
Posted by GitBox <gi...@apache.org>.
duhenglucky closed issue #3895:
URL: https://github.com/apache/rocketmq/issues/3895
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@rocketmq.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org