简介:
在Centos系统上安装EMQ集群,以三台服务器为例,IP地址分别为:
192.168.0.160
192.168.0.161
192.168.0.162
安装环境及版本:
系统环境:CentOS Linux release 7.5.1804 (Core)
EMQ版本:emqx-centos7-v3.2.3.x86_64.rpm
一、EMQ安装
1.1 安装
安装:rpm -ivh emqx-centos7-v3.2.3.x86_64.rpm
插件:yum -y install lksctp-tools
[root@localhost ~]# rpm -ivh emqx-centos7-v3.2.3.x86_64.rpm
Preparing... ################################# [100%]
Updating / installing...
1:emqx-3.2.3-1.el7 ################################# [100%]
Created symlink from /etc/systemd/system/multi-user.target.wants/emqx.service to /usr/lib/systemd/system/emqx.service.
[root@localhost ~]# yum -y install lksctp-tools
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
......
Installing : lksctp-tools-1.0.17-2.el7.x86_64 1/1
Verifying : lksctp-tools-1.0.17-2.el7.x86_64 1/1
Installed:
lksctp-tools.x86_64 0:1.0.17-2.el7
Complete!
1.2 启停、自启动
启动:[root@localhost ~]# systemctl start emqx
停止:[root@localhost ~]# systemctl stop emqx
重启:[root@localhost ~]# systemctl restart emqx
自启动:[root@localhost ~]# systemctl enable emqx
状态:[root@localhost ~]# systemctl status emqx
[root@localhost ~]# systemctl start emqx
[root@localhost ~]# systemctl stop emqx
[root@localhost ~]# systemctl restart emqx
[root@localhost ~]# systemctl enable emqx
[root@localhost ~]# systemctl status emqx
● emqx.service - emqx daemon
Loaded: loaded (/usr/lib/systemd/system/emqx.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2020-07-01 23:06:18 EDT; 14s ago
CGroup: /system.slice/emqx.service
├─8927 /usr/lib/emqx/erts-10.3/bin/epmd -daemon
├─8939 /usr/lib/emqx/erts-10.3/bin/run_erl -daemon //var/lib/emqx/emqx_erl_pipes/emqx@127.0.0.1/ /var/log/emqx exec "/usr/bin/emqx" "console"
├─8941 /usr/lib/emqx/erts-10.3/bin/beam.smp -spp true -e 256000 -Q 1024000 -P 2048000 -A 32 -zdbbl 8192 -- -root /usr/lib/emqx -progname usr/bin/emqx -- -home /var/lib/emqx -- -boot /usr/lib/emqx/releases/v3.2.3/emqx -mode e...
├─9221 erl_child_setup 1048576
├─9273 sh -s disksup
├─9274 /usr/lib/emqx/lib/os_mon-2.4.7/priv/bin/memsup
└─9275 /usr/lib/emqx/lib/os_mon-2.4.7/priv/bin/cpu_sup
Jul 01 23:06:12 localhost.localdomain systemd[1]: Starting emqx daemon...
Jul 01 23:06:18 localhost.localdomain systemd[1]: Started emqx daemon.
1.3 验证
浏览器输入:http://192.168.0.150:18083/
1.4 支持SSL
生成CA证书文件,并将文件上传至/etc/emqx/certs/目录
进入/etc/emqx目录
[apache@ai_bk emqx]$ ll /etc/emqx/
total 84
-rwxr-xr-x 1 emqx emqx 839 Sep 17 2019 acl.conf
drwxr-xr-x 2 emqx emqx 4096 Dec 23 2019 certs
-rwxr-xr-x 1 emqx emqx 56056 Nov 15 2019 emqx.conf
drwxr-xr-x 2 emqx emqx 4096 Oct 30 2019 lwm2m_xml
drwxr-xr-x 2 emqx emqx 4096 Oct 30 2019 plugins
-rwxr-xr-x 1 emqx emqx 26 Sep 17 2019 psk.txt
-rwxr-xr-x 1 emqx emqx 433 Sep 17 2019 ssl_dist.conf
-rwxr-xr-x 1 emqx emqx 2764 Sep 17 2019 vm.args
修改配置文件:vi /etc/emqx/emqx.conf
1196 listener.ssl.external.handshake_timeout = 15s
1200 ## See: http://erlang.org/doc/man/ssl.html
1203 listener.ssl.external.keyfile = /etc/emqx/certs/key.pem
1207 ## See: http://erlang.org/doc/man/ssl.html
1210 listener.ssl.external.certfile = /etc/emqx/certs/cert.pem
1216 listener.ssl.external.cacertfile = /etc/emqx/certs/cacert.pem
利用EMQ官网提供的PHP接口建立连接时,填入CA证书文件里面的crt文件名及路径,并将verify_peer_name设置为false
重启:systemctl restart emqx
二、EMQ集群
2.1 关闭EMQ集群所有服务器的防火墙和禁用SELINUX
详情参考《关闭防火墙及SELINUX(CentOS)》
2.2 集群配置
修改三台服务器所有节点配置:vi /etc/emqx/emqx.conf
12 cluster.name = emqxcl
25 cluster.discovery = static
48 ## Node list of the cluster.
51 cluster.static.seeds = emqx@192.168.0.160,emqx@192.168.0.161,emqx@192.168.0.162
同步三台服务器的.erlang.cookie,将其中一台同步给另外两台即可,如将192.168.0.160同步给192.168.0.161和192.168.0.162
scp $HOME/.erlang.cookie root@192.168.0.161:$HOME/.erlang.cookie
scp $HOME/.erlang.cookie root@192.168.0.162:$HOME/.erlang.cookie
2.3 集群状态
重启所有节点emqx集群服务器,在各节点运行:emqx_ctl status
[root@localhost ~]# emqx_ctl status
Node 'emqx@192.168.0.160' is started
emqx 3.2.3 is running
[root@localhost ~]# emqx_ctl status
Node 'emqx@192.168.0.161' is started
emqx 3.2.3 is running
[root@localhost ~]# emqx_ctl status
Node 'emqx@192.168.0.162' is started
emqx 3.2.3 is running
查看集群状态:emqx_ctl cluster status(任意一台都可执行)
[root@localhost ~]# emqx_ctl cluster status
Cluster status: [{running_nodes,['emqx@192.168.0.162','emqx@192.168.0.161',
'emqx@192.168.0.160']}]
2.4 用户认证
为了确保安全,可以通过用户认证的方式来收发EMQ消息,否则仅仅通过主题不够安全。
2.4.1 关闭匿名访问
编辑EMQ集群所有服务器:vi /etc/emqx/emqx.conf
allow_anonymous = false
2.4.2 开启用户认证插件
安装插件,这个可以通过管理页面添加,也可以通过命令添加:
集群所有节点服务器:emqx_ctl plugins load emqx_auth_username
[root@localhost ~]# emqx_ctl plugins load emqx_auth_username
Start apps: [emqx_auth_username]
Plugin emqx_auth_username loaded successfully.
[root@localhost ~]# emqx_ctl plugins list |grep true
Plugin(emqx_auth_username, version=3.2.3, description=EMQ X Authentication with Username and Password, active=true)
Plugin(emqx_dashboard, version=3.2.3, description=EMQ X Web Dashboard, active=true)
Plugin(emqx_management, version=3.2.3, description=EMQ X Management API and CLI, active=true)
Plugin(emqx_recon, version=3.2.3, description=EMQ X Recon Plugin, active=true)
Plugin(emqx_retainer, version=3.2.3, description=EMQ X Retainer, active=true)
Plugin(emqx_rule_engine, version=3.2.3, description=EMQ X Rule Engine, active=true)
添加认证用户,可以通过管理页面添加,也可以通过命令添加:
集群所有节点服务器:emqx_ctl users add test test-0811
[root@localhost ~]# emqx_ctl users add test test-0811
ok
[root@localhost ~]# emqx_ctl users list
test
[root@localhost ~]#
重启所有节点,这样用户连接EMQX服务器时,就需要用户名和密码才能连上
三、负载
在负载服务器上安装NGINX,修改配置文件:vi /etc/nginx/nginx.conf,具体安装方式参考《Nginx集群搭建》
stream {
# Example configuration for TCP load balancing
upstream stream_backend {
server 192.168.0.160:1883 max_fails=2 fail_timeout=30s;
server 192.168.0.161:1883 max_fails=2 fail_timeout=30s;
# server 192.168.0.162:1883 max_fails=2 fail_timeout=30s;
}
server {
listen 1883;
proxy_pass stream_backend;
proxy_buffer_size 4k;
}
}