ActiveMQ Artemis:客戶端連接到代理叢集連接埠

tag-icon tag-icon cluster activemq
ActiveMQ Artemis:客戶端連接到代理叢集連接埠

我們正在將一些 JMS 用戶端連接到在叢集配置中執行的 ActiveMQ Artemis (v2.14.0) 代理程式。今天,我們注意到客戶端連接到專用於集群通訊的接受器,並且想知道為什麼會發生這種情況。

以下是相關broker.xml片段:

<configuration xmlns="urn:activemq" xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:activemq /schema/artemis-configuration.xsd">
  <core xmlns="urn:activemq:core" xsi:schemaLocation="urn:activemq:core ">
    […]
    <connectors>
      <connector name="netty-connector">tcp://${ipv4addr:localhost}:61618?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;useEpoll=true</connector>
    </connectors>
    <acceptors>
      <!-- Acceptor for every supported protocol -->
      <acceptor name="artemis">tcp://0.0.0.0:61616?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true;connectionsAllowed=10000</acceptor>
      <!-- AMQP Acceptor.  Listens on default AMQP port for AMQP traffic.-->
      <acceptor name="amqp">tcp://0.0.0.0:5672?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=AMQP;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpMinLargeMessageSize=102400;amqpDuplicateDetection=true</acceptor>
      <!-- STOMP Acceptor. -->
      <acceptor name="stomp">tcp://0.0.0.0:61613?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=STOMP;useEpoll=true</acceptor>
      <!-- HornetQ Compatibility Acceptor.  Enables HornetQ Core and STOMP for legacy HornetQ clients. -->
      <acceptor name="hornetq">tcp://0.0.0.0:5445?anycastPrefix=jms.queue.;multicastPrefix=jms.topic.;protocols=HORNETQ,STOMP;useEpoll=true</acceptor>
      <!-- MQTT Acceptor -->
      <acceptor name="mqtt">tcp://0.0.0.0:1883?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=MQTT;useEpoll=true</acceptor>
      <acceptor name="netty-acceptor">tcp://0.0.0.0:61618?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;useEpoll=true</acceptor>
      <acceptor name="artemis-tls">tcp://0.0.0.0:61617?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true;sslEnabled=true;keyStorePath=/var/lib/artemis/certs/keystore.jks;keyStorePassword=${keyStorePassword};enabledProtocols=TLSv1.2</acceptor>
    </acceptors>
    <broadcast-groups>
      <broadcast-group name="cluster-broadcast-group">
        <broadcast-period>5000</broadcast-period>
        <jgroups-file>jgroups.xml</jgroups-file>
        <jgroups-channel>active_broadcast_channel</jgroups-channel>
        <connector-ref>netty-connector</connector-ref>
      </broadcast-group>
    </broadcast-groups>
    <discovery-groups>
      <discovery-group name="cluster-discovery-group">
        <jgroups-file>jgroups.xml</jgroups-file>
        <jgroups-channel>active_broadcast_channel</jgroups-channel>
        <refresh-timeout>10000</refresh-timeout>
      </discovery-group>
    </discovery-groups>
    <cluster-connections>
      <cluster-connection name="artemis-cluster">
        <connector-ref>netty-connector</connector-ref>
        <retry-interval>500</retry-interval>
        <use-duplicate-detection>true</use-duplicate-detection>
        <message-load-balancing>STRICT</message-load-balancing>
        <!-- <address>jms</address> -->
        <max-hops>1</max-hops>
        <discovery-group-ref discovery-group-name="cluster-discovery-group"/>
        <!-- <forward-when-no-consumers>true</forward-when-no-consumers> -->
      </cluster-connection>
    </cluster-connections>
  </core>
</configuration>

目的是使用連接埠 61616(普通 TCP,acceptor artemis)和 61617(TLS,acceptor artemis-tls)進行客戶端連線。代理應使用連接埠 61618(接受器netty-acceptor)進行集群內部通訊。但是,在拓撲發現期間,代理程式將連接埠 61618 傳送回客戶端(而不是預期的連接埠 61616)。雖然這在所有通訊都是純 TCP 時有效,netty-acceptor但當配置為 TLS 而客戶端連線未配置時,事情會變得很奇怪。然後客戶端顯示以下訊息

2020-08-24 17:58:13,833 | WARN  | Thread-1 (ActiveMQ-client-netty-threads) | i.n.c.ChannelInitializer | Failed to initialize a channel. Closing: [id: 0x5bb533bc]

java.lang.Exception: Failed to find a store at /var/lib/artemis/certs/truststore.jks

    at org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.validateStoreURL(SSLSupport.java:278)

因此,代理將其內部配置傳遞給客戶端。 (/var/lib/artemis/certs/truststore.jks僅存在於 Artemis 容器中。)

我們如何為專用客戶端和叢集連線配置代理並確保客戶端永遠不會接收叢集端點?另外,我們可以為客戶端和叢集連線獨立配置 TLS 嗎?這些文件在這裡並沒有多大幫助。

編輯

重新思考這個問題會導致一個相關的問題:如何確保透過 TCP 連接的客戶端在發現期間始終接收 TCP 端口,並且透過 TLS 連接的用戶端接收 TLS 連接埠?

更新

仔細觀察阿耳忒彌斯文檔揭示了這個解釋:

雖然這個值可以在伺服器上配置,但它是由客戶端下載和使用的。

好吧,這解釋了一點。但是,我仍然不知道如何告訴客戶使用哪個連接器。在裡面紅帽 AMQ 7.2文檔,第 6.3 章說

當與指定的 IP 和連接埠 10.10.10.2:61617 建立 TCP 連線時,用戶端甚至代理本身將引用上面的連接器。

建議用戶端匹配 IP 位址和連接埠以找到合適的連接器。然而,這似乎不適用於 Artemis v2.14.0。

相關內容