EMQ集群安装(CentOS)

简介:

在Centos系统上安装EMQ集群,以三台服务器为例,IP地址分别为:
192.168.0.160 
192.168.0.161 
192.168.0.162

安装环境及版本:

系统环境:CentOS Linux release 7.5.1804 (Core)
EMQ版本:emqx-centos7-v3.2.3.x86_64.rpm

一、EMQ安装

1.1 安装

安装:rpm -ivh emqx-centos7-v3.2.3.x86_64.rpm
插件:yum -y install lksctp-tools

[root@localhost ~]# rpm -ivh emqx-centos7-v3.2.3.x86_64.rpm 
Preparing...                          ################################# [100%]
Updating / installing...
   1:emqx-3.2.3-1.el7                 ################################# [100%]
Created symlink from /etc/systemd/system/multi-user.target.wants/emqx.service to /usr/lib/systemd/system/emqx.service.
[root@localhost ~]# yum -y install lksctp-tools
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
......
  Installing : lksctp-tools-1.0.17-2.el7.x86_64                                                                                                                                                                                           1/1 
  Verifying  : lksctp-tools-1.0.17-2.el7.x86_64                                                                                                                                                                                           1/1 

Installed:
  lksctp-tools.x86_64 0:1.0.17-2.el7                                                                                                                                                                                                          

Complete!

1.2 启停、自启动

启动:[root@localhost ~]# systemctl start emqx
停止:[root@localhost ~]# systemctl stop emqx
重启:[root@localhost ~]# systemctl restart emqx
自启动:[root@localhost ~]# systemctl enable emqx
状态:[root@localhost ~]# systemctl status emqx

[root@localhost ~]# systemctl start emqx
[root@localhost ~]# systemctl stop emqx
[root@localhost ~]# systemctl restart emqx
[root@localhost ~]# systemctl enable emqx
[root@localhost ~]# systemctl status emqx
● emqx.service - emqx daemon
   Loaded: loaded (/usr/lib/systemd/system/emqx.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2020-07-01 23:06:18 EDT; 14s ago
   CGroup: /system.slice/emqx.service
           ├─8927 /usr/lib/emqx/erts-10.3/bin/epmd -daemon
           ├─8939 /usr/lib/emqx/erts-10.3/bin/run_erl -daemon //var/lib/emqx/emqx_erl_pipes/emqx@127.0.0.1/ /var/log/emqx exec "/usr/bin/emqx" "console"
           ├─8941 /usr/lib/emqx/erts-10.3/bin/beam.smp -spp true -e 256000 -Q 1024000 -P 2048000 -A 32 -zdbbl 8192 -- -root /usr/lib/emqx -progname usr/bin/emqx -- -home /var/lib/emqx -- -boot /usr/lib/emqx/releases/v3.2.3/emqx -mode e...
           ├─9221 erl_child_setup 1048576
           ├─9273 sh -s disksup
           ├─9274 /usr/lib/emqx/lib/os_mon-2.4.7/priv/bin/memsup
           └─9275 /usr/lib/emqx/lib/os_mon-2.4.7/priv/bin/cpu_sup

Jul 01 23:06:12 localhost.localdomain systemd[1]: Starting emqx daemon...
Jul 01 23:06:18 localhost.localdomain systemd[1]: Started emqx daemon.

1.3 验证

浏览器输入:http://192.168.0.150:18083/

默认用户名和密码为admin、public

1.4 支持SSL

生成CA证书文件,并将文件上传至/etc/emqx/certs/目录

进入/etc/emqx目录

[apache@ai_bk emqx]$ ll /etc/emqx/
total 84
-rwxr-xr-x 1 emqx emqx   839 Sep 17  2019 acl.conf
drwxr-xr-x 2 emqx emqx  4096 Dec 23  2019 certs
-rwxr-xr-x 1 emqx emqx 56056 Nov 15  2019 emqx.conf
drwxr-xr-x 2 emqx emqx  4096 Oct 30  2019 lwm2m_xml
drwxr-xr-x 2 emqx emqx  4096 Oct 30  2019 plugins
-rwxr-xr-x 1 emqx emqx    26 Sep 17  2019 psk.txt
-rwxr-xr-x 1 emqx emqx   433 Sep 17  2019 ssl_dist.conf
-rwxr-xr-x 1 emqx emqx  2764 Sep 17  2019 vm.args

修改配置文件:vi /etc/emqx/emqx.conf

  1196	listener.ssl.external.handshake_timeout = 15s
  1200	## See: http://erlang.org/doc/man/ssl.html
  1203	listener.ssl.external.keyfile = /etc/emqx/certs/key.pem
  1207	## See: http://erlang.org/doc/man/ssl.html
  1210	listener.ssl.external.certfile = /etc/emqx/certs/cert.pem
  1216	listener.ssl.external.cacertfile = /etc/emqx/certs/cacert.pem

利用EMQ官网提供的PHP接口建立连接时,填入CA证书文件里面的crt文件名及路径,并将verify_peer_name设置为false
重启:systemctl restart emqx

二、EMQ集群

2.1 关闭EMQ集群所有服务器的防火墙和禁用SELINUX

详情参考《关闭防火墙及SELINUX(CentOS)》

2.2 集群配置

修改三台服务器所有节点配置:vi /etc/emqx/emqx.conf

    12	cluster.name = emqxcl
    25	cluster.discovery = static
    48	## Node list of the cluster.
    51	cluster.static.seeds = emqx@192.168.0.160,emqx@192.168.0.161,emqx@192.168.0.162

同步三台服务器的.erlang.cookie,将其中一台同步给另外两台即可,如将192.168.0.160同步给192.168.0.161和192.168.0.162

scp $HOME/.erlang.cookie root@192.168.0.161:$HOME/.erlang.cookie 
scp $HOME/.erlang.cookie root@192.168.0.162:$HOME/.erlang.cookie

2.3 集群状态

重启所有节点emqx集群服务器,在各节点运行:emqx_ctl status

[root@localhost ~]# emqx_ctl status
Node 'emqx@192.168.0.160' is started
emqx 3.2.3 is running
[root@localhost ~]# emqx_ctl status
Node 'emqx@192.168.0.161' is started
emqx 3.2.3 is running
[root@localhost ~]# emqx_ctl status
Node 'emqx@192.168.0.162' is started
emqx 3.2.3 is running

查看集群状态:emqx_ctl cluster status(任意一台都可执行)

[root@localhost ~]# emqx_ctl cluster status
Cluster status: [{running_nodes,['emqx@192.168.0.162','emqx@192.168.0.161',
                                 'emqx@192.168.0.160']}]

2.4 用户认证

为了确保安全,可以通过用户认证的方式来收发EMQ消息,否则仅仅通过主题不够安全。

2.4.1 关闭匿名访问

编辑EMQ集群所有服务器:vi /etc/emqx/emqx.conf

allow_anonymous = false

2.4.2 开启用户认证插件

安装插件,这个可以通过管理页面添加,也可以通过命令添加:
集群所有节点服务器:emqx_ctl plugins load emqx_auth_username

[root@localhost ~]# emqx_ctl plugins load emqx_auth_username
Start apps: [emqx_auth_username]
Plugin emqx_auth_username loaded successfully.
[root@localhost ~]# emqx_ctl plugins list |grep true
Plugin(emqx_auth_username, version=3.2.3, description=EMQ X Authentication with Username and Password, active=true)
Plugin(emqx_dashboard, version=3.2.3, description=EMQ X Web Dashboard, active=true)
Plugin(emqx_management, version=3.2.3, description=EMQ X Management API and CLI, active=true)
Plugin(emqx_recon, version=3.2.3, description=EMQ X Recon Plugin, active=true)
Plugin(emqx_retainer, version=3.2.3, description=EMQ X Retainer, active=true)
Plugin(emqx_rule_engine, version=3.2.3, description=EMQ X Rule Engine, active=true)

添加认证用户,可以通过管理页面添加,也可以通过命令添加:
集群所有节点服务器:emqx_ctl users add test test-0811

[root@localhost ~]# emqx_ctl users add test test-0811
ok
[root@localhost ~]# emqx_ctl users list
test
[root@localhost ~]# 

重启所有节点,这样用户连接EMQX服务器时,就需要用户名和密码才能连上

三、负载

在负载服务器上安装NGINX,修改配置文件:vi /etc/nginx/nginx.conf,具体安装方式参考《Nginx集群搭建》

stream {
    # Example configuration for TCP load balancing

    upstream stream_backend {
        server 192.168.0.160:1883 max_fails=2 fail_timeout=30s;
        server 192.168.0.161:1883 max_fails=2 fail_timeout=30s;
       # server 192.168.0.162:1883 max_fails=2 fail_timeout=30s;
    }

    server {
        listen 1883;
        proxy_pass stream_backend;
        proxy_buffer_size 4k;
    }
}

发表回复