【RocketMQ】5.x安装acl2.0配置

下载rocketmq-5.4.0

https://dist.apache.org/repos/dist/release/rocketmq/5.4.0/rocketmq-all-5.4.0-bin-release.zip

解压到:D:\dev\env\rocketmq-5.4.0

ACL访问控制2.0配置

官方文档:https://rocketmq.apache.org/zh/docs/bestPractice/03access

注意:

1. 从 RocketMQ 5.3.3 开始 ACL 1.0 已不再支持,建议升级到 ACL 2.0
2. 启动前配置 ROCKETMQ_HOME 环境变量

编辑 conf/broker.conf 文件,添加以下配置:

# 启用认证
authenticationEnabled = true
authenticationMetadataProvider = org.apache.rocketmq.auth.authentication.provider.LocalAuthenticationMetadataProvider
authenticationStrategy = org.apache.rocketmq.auth.authentication.strategy.StatefulAuthenticationStrategy
# 启用授权
authorizationEnabled = true
authorizationMetadataProvider = org.apache.rocketmq.auth.authorization.provider.LocalAuthorizationMetadataProvider
authorizationStrategy = org.apache.rocketmq.auth.authorization.strategy.StatefulAuthorizationStrategy
# 初始化管理员用户(首次启动自动创建)
initAuthenticationUser = {"username":"myrocketmq","password":"12345678"}
# 组件间认证凭证(用于Broker主从同步、集群内部通信等)
innerClientAuthenticationCredentials = {"accessKey":"myrocketmq","secretKey":"12345678"}

编辑 conf/tools.yml 文件

accessKey: myrocketmq
secretKey: 12345678

启动 RocketMQ

set ROCKETMQ_HOME=D:\dev\env\rocketmq-5.4.0
start "RocketNameServer" cmd /K call D:\dev\env\rocketmq-5.4.0\bin\mqnamesrv.cmd
start "RocketBroker" cmd /K call D:\dev\env\rocketmq-5.4.0\bin\mqbroker.cmd -n 127.0.0.1:9876 -c D:\dev\env\rocketmq-5.4.0\conf\broker.conf
nohup sh bin/mqnamesrv &
nohup sh bin/mqbroker -n localhost:9876 -c conf/broker.conf &

修改 Nacos global.yaml 文件,rocketmq 追加配置

rocketmq:
  enable-acl: true
  producer:
    access-key: myrocketmq
    secret-key: 12345678

 

Dashboard2.1.0

下载dashboard: https://github.com/apache/rocketmq-dashboard

编辑 application.yaml 文件,追加配置

rocketmq:
  config:
    namesrvAddrs:
      - 127.0.0.1:9876
    loginRequired: true
    accessKey: myrocketmq
    secretKey: 12345678

编辑 users.properties 文件,追加配置

添加 账号: mqadmin 密码: 12345678 格式如下:账号=密码,权限(0 Normal User, 1 Admin)
mqadmin=12345678,1

启动 dashboard

java -jar rocketmq-dashboard-2.1.0.jar --server.port=8082 --rocketmq.config.namesrvAddr=127.0.0.1:9876 --rocketmq.config.loginRequired=true --rocketmq.config.accessKey=myrocketmq --rocketmq.config.secretKey=12345678

创建业务用户和授权(非必须,使用超级用户myrocketmq就行)

# 创建管理员用户
sh bin/mqadmin createUser -n 127.0.0.1:9876 -c DefaultCluster -u rocketmq_adm -p 12345678 -t Normal
# 授予集群管理权限
sh bin/mqadmin createAcl -n 127.0.0.1:9876 -c DefaultCluster -s User:rocketmq_adm -r Cluster:DefaultCluster -a All -d Allow
# 授予所有Topic的管理权限
sh bin/mqadmin createAcl -n 127.0.0.1:9876 -c DefaultCluster -s User:rocketmq_adm -r Topic:* -a All -d Allow
# 授予所有Group的管理权限
sh bin/mqadmin createAcl -n 127.0.0.1:9876 -c DefaultCluster -s User:rocketmq_adm -r Group:* -a All -d Allow

 

posted @ 2026-02-12 14:39  谷粒-笔记  阅读(67)  评论(0)    收藏  举报