ActiveMQ Artemis:客户端连接到代理集群端口

tag-icon tag-icon cluster activemq
ActiveMQ Artemis:客户端连接到代理集群端口

我们正在将一些 JMS 客户端连接到在集群配置中运行的 ActiveMQ Artemis (v2.14.0) 代理。今天,我们注意到客户端连接到专用于集群通信的接受器,并且想知道为什么会发生这种情况。

以下是相关broker.xml片段:

<configuration xmlns="urn:activemq" xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:activemq /schema/artemis-configuration.xsd">
  <core xmlns="urn:activemq:core" xsi:schemaLocation="urn:activemq:core ">
    […]
    <connectors>
      <connector name="netty-connector">tcp://${ipv4addr:localhost}:61618?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;useEpoll=true</connector>
    </connectors>
    <acceptors>
      <!-- Acceptor for every supported protocol -->
      <acceptor name="artemis">tcp://0.0.0.0:61616?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true;connectionsAllowed=10000</acceptor>
      <!-- AMQP Acceptor.  Listens on default AMQP port for AMQP traffic.-->
      <acceptor name="amqp">tcp://0.0.0.0:5672?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=AMQP;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpMinLargeMessageSize=102400;amqpDuplicateDetection=true</acceptor>
      <!-- STOMP Acceptor. -->
      <acceptor name="stomp">tcp://0.0.0.0:61613?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=STOMP;useEpoll=true</acceptor>
      <!-- HornetQ Compatibility Acceptor.  Enables HornetQ Core and STOMP for legacy HornetQ clients. -->
      <acceptor name="hornetq">tcp://0.0.0.0:5445?anycastPrefix=jms.queue.;multicastPrefix=jms.topic.;protocols=HORNETQ,STOMP;useEpoll=true</acceptor>
      <!-- MQTT Acceptor -->
      <acceptor name="mqtt">tcp://0.0.0.0:1883?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=MQTT;useEpoll=true</acceptor>
      <acceptor name="netty-acceptor">tcp://0.0.0.0:61618?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;useEpoll=true</acceptor>
      <acceptor name="artemis-tls">tcp://0.0.0.0:61617?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true;sslEnabled=true;keyStorePath=/var/lib/artemis/certs/keystore.jks;keyStorePassword=${keyStorePassword};enabledProtocols=TLSv1.2</acceptor>
    </acceptors>
    <broadcast-groups>
      <broadcast-group name="cluster-broadcast-group">
        <broadcast-period>5000</broadcast-period>
        <jgroups-file>jgroups.xml</jgroups-file>
        <jgroups-channel>active_broadcast_channel</jgroups-channel>
        <connector-ref>netty-connector</connector-ref>
      </broadcast-group>
    </broadcast-groups>
    <discovery-groups>
      <discovery-group name="cluster-discovery-group">
        <jgroups-file>jgroups.xml</jgroups-file>
        <jgroups-channel>active_broadcast_channel</jgroups-channel>
        <refresh-timeout>10000</refresh-timeout>
      </discovery-group>
    </discovery-groups>
    <cluster-connections>
      <cluster-connection name="artemis-cluster">
        <connector-ref>netty-connector</connector-ref>
        <retry-interval>500</retry-interval>
        <use-duplicate-detection>true</use-duplicate-detection>
        <message-load-balancing>STRICT</message-load-balancing>
        <!-- <address>jms</address> -->
        <max-hops>1</max-hops>
        <discovery-group-ref discovery-group-name="cluster-discovery-group"/>
        <!-- <forward-when-no-consumers>true</forward-when-no-consumers> -->
      </cluster-connection>
    </cluster-connections>
  </core>
</configuration>

目的是使用端口 61616(纯 TCP,接受器artemis)和 61617(TLS,接受器artemis-tls)进行客户端连接。代理应使用端口 61618(接受器netty-acceptor)进行集群内部通信。但是,在拓扑发现期间,代理将端口 61618 发送回客户端(而不是预期的端口 61616)。虽然这在所有通信都是纯 TCP 时有效,但当netty-acceptor配置为 TLS 而客户端连接未配置时,情况会变得奇怪。然后客户端显示类似以下消息

2020-08-24 17:58:13,833 | WARN  | Thread-1 (ActiveMQ-client-netty-threads) | i.n.c.ChannelInitializer | Failed to initialize a channel. Closing: [id: 0x5bb533bc]

java.lang.Exception: Failed to find a store at /var/lib/artemis/certs/truststore.jks

    at org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.validateStoreURL(SSLSupport.java:278)

因此,代理将其内部配置传递给客户端。(/var/lib/artemis/certs/truststore.jks仅存在于 Artemis 容器中。)

我们如何为专用客户端和集群连接配置代理,并确保客户端永远不会收到集群端点?此外,我们可以为客户端和集群连接独立配置 TLS 吗?这些文档在这里没有什么帮助。

编辑

重新思考这个问题会引出一个相关的问题:如何确保通过 TCP 连接的客户端在发现期间始终接收 TCP 端口,而通过 TLS 连接的客户端接收 TLS 端口?

更新

仔细看看Artemis 文档揭示了这样的解释:

虽然可以在服务器上配置该值,但它是由客户端下载并使用的。

好的,这解释了一点。但是,我仍然无法弄清楚如何告诉客户端使用哪个连接器。在RedHat AMQ 7.2文档第 6.3 章说

当与指定 IP 和端口 10.10.10.2:61617 建立 TCP 连接时,客户端甚至代理本身都会引用上述连接器。

建议客户端匹配 IP 地址和端口来找到合适的连接器。但是,这似乎不适用于 Artemis v2.14.0。

相关内容