You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@rocketmq.apache.org by GitBox <gi...@apache.org> on 2022/01/17 09:26:30 UTC

[GitHub] [rocketmq] danolphoenix opened a new issue #3768: Use acl RPCHook in BrokerOuterAPI to help master-slave sync when the ip cannot predicted

danolphoenix opened a new issue #3768:
URL: https://github.com/apache/rocketmq/issues/3768


   Hi all (*´▽`)ノ, I tried to run a rocketmq cluster with v4.9.2 in K8S pods with aclEnable=true...and run into some trouble
   
   according to this page:
   https://github.com/apache/rocketmq/blob/master/docs/cn/acl/user_guide.md#6-%E6%9D%83%E9%99%90%E6%8E%A7%E5%88%B6%E7%9A%84%E4%BD%BF%E7%94%A8%E9%99%90%E5%88%B6
   
   ```
   (1)如果ACL与高可用部署(Master/Slave架构)同时启用,
   那么需要在Broker Master节点的distribution/conf/plain_acl.yml配置文件中 设置全局白名单信息,
   即为将Slave节点的ip地址设置至Master节点plain_acl.yml配置文件的全局白名单中。
   
   (2)如果ACL与高可用部署(多副本Dledger架构)同时启用,由于出现节点宕机时,Dledger Group组内会自动选主,
   那么就需要将Dledger Group组 内所有Broker节点的plain_acl.yml配置文件的白名单设置所有Broker节点的ip地址。
   ```
   I should specify "globalWhiteRemoteAddresses" value (i guess they are pod ips) in plain_acl.yml configMap before the pods are created.
   
   However I just can see the pod IP after they are created. ∑(っ°Д°)っ
   
   i can not set value like "192.168.1.*" because the client pod ips may be in the same network segment(つ﹏⊂)
   
   After reading rocketmq/broker/src/main/java/org/apache/rocketmq/broker/out/BrokerOuterAPI.java I found BrokerOutApi can registerRPCHook.
   ```
       // this constructor method is called in src/main/java/org/apache/rocketmq/broker/BrokerController.java,line 193
       public BrokerOuterAPI(final NettyClientConfig nettyClientConfig) {
           this(nettyClientConfig, null);
       }
   
       // this constructor method is only called by the method above, but it give `rpcHook` parameter
       public BrokerOuterAPI(final NettyClientConfig nettyClientConfig, RPCHook rpcHook) {
           this.remotingClient = new NettyRemotingClient(nettyClientConfig);
           this.remotingClient.registerRPCHook(rpcHook);
       }
   ```
   I guess if I can use this RPCHook when the IP information cannot be predicted in advance?
   Maybe reading AK/SK from tools.yaml is a feasible solution? (・ω・)?
   like
   ```
       public BrokerOuterAPI(final NettyClientConfig nettyClientConfig, BrokerConfig brokerConfig) {
           if(brokerConfig.isAclEnable()){
               this(nettyClientConfig, AclUtils.getAclRPCHook(`some acl tools.yaml path like rocketmqhome + MixAll.ACL_CONF_TOOLS_FILE`);
           }else{
               this(nettyClientConfig, null);
           }
       }
   ```
   
   then slave can use this hook to sync data from master without set `globalWhiteRemoteAddresses`.is it appropriate?
   or could you please give me some other ideas to solve this problem, thanks a lot.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@rocketmq.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [rocketmq] ni-ze commented on issue #3768: Use acl RPCHook in BrokerOuterAPI to help master-slave sync when the ip cannot predicted

Posted by GitBox <gi...@apache.org>.
ni-ze commented on issue #3768:
URL: https://github.com/apache/rocketmq/issues/3768#issuecomment-1020737046


   Seems to work, but this method is suggested.
   ```java
   org.apache.rocketmq.broker.BrokerController#registerClientRPCHook
   ```
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@rocketmq.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [rocketmq] ni-ze commented on issue #3768: Use acl RPCHook in BrokerOuterAPI to help master-slave sync when the ip cannot predicted

Posted by GitBox <gi...@apache.org>.
ni-ze commented on issue #3768:
URL: https://github.com/apache/rocketmq/issues/3768#issuecomment-1020737046


   Seems to work, but this method is suggested.
   ```java
   org.apache.rocketmq.broker.BrokerController#registerClientRPCHook
   ```
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@rocketmq.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org