Попытка получить доступ к службе ActiveMQ в кластере мини-кубов - PullRequest
Новая
       28

Попытка получить доступ к службе ActiveMQ в кластере мини-кубов

0 голосов
/ 26 января 2019

В тестовой среде мини-куба у меня есть следующее развертывание / служба (развернутая в ArgoProj, поэтому шаблон немного отличается), определенная для ActiveMQ (версия 5.14.5): 

  - name: amq-server-d
    resource:
      action: create
      manifest: |
        apiVersion: apps/v1
        kind: Deployment
        metadata:
          name: amq
        spec:
          selector:
            matchLabels:
              app: amq
              track: stable
          template:
            metadata:
              labels:
                app: amq
                track: stable
            spec:
              containers:
              - image: gms/activemq
                imagePullPolicy: Never
                name: amq
                ports:
                - containerPort: 61616
                - containerPort: 8161
                volumeMounts:
                - name: test-data
                  mountPath: /opt/activemq/data
                  readOnly: false  
                - name: test-conf
                  mountPath: /opt/activemq/conf
                  readOnly: false  
              volumes:
              - name: test-data
                hostPath:
                  path:   /Users/gms/development/nlp/nlpie/data/adapt/amq/data  
              - name: test-conf
                hostPath:
                  path:  /Users/gms/development/nlp/nlpie/data/adapt/amq/conf  


 - name: amq-server-s
    resource:
      action: create
      manifest: |
        apiVersion: v1
        kind: Service
        metadata:
          name: amq
          namespace: default
          labels:
            app: amq
        spec:
          selector:
            app: amq
          ports:
          - name: test1
            protocol: TCP
            port: 61616
            targetPort: 61616
          - name: test2
            protocol: TCP
            port: 8161
            targetPort: 8161

Образ докерапрекрасно работает сам по себе и определяется как: 

FROM openjdk:8-jre

ENV ACTIVEMQ_VERSION 5.14.5
ENV ACTIVEMQ apache-activemq-$ACTIVEMQ_VERSION
ENV ACTIVEMQ_TCP=61616 ACTIVEMQ_AMQP=5672 ACTIVEMQ_STOMP=61613 ACTIVEMQ_MQTT=1883 ACTIVEMQ_WS=61614 ACTIVEMQ_UI=8161

ENV ACTIVEMQ_HOME /opt/activemq

RUN set -x && \
    curl -s -S https://archive.apache.org/dist/activemq/$ACTIVEMQ_VERSION/$ACTIVEMQ-bin.tar.gz | tar xvz -C /opt && \
    ln -s /opt/$ACTIVEMQ $ACTIVEMQ_HOME && \
    useradd -r -M -d $ACTIVEMQ_HOME activemq && \
    chown -R activemq:activemq /opt/$ACTIVEMQ && \
    chown -h activemq:activemq $ACTIVEMQ_HOME

USER activemq

WORKDIR $ACTIVEMQ_HOME
EXPOSE $ACTIVEMQ_TCP $ACTIVEMQ_AMQP $ACTIVEMQ_STOMP $ACTIVEMQ_MQTT $ACTIVEMQ_WS $ACTIVEMQ_UI

CMD ["/bin/sh", "-c", "bin/activemq console"]

Они отлично работают и отображаются в виде служб и развертываний: 

D20181472:nlp-adapt-kube gms$ kubectl get svc -o wide
NAME         TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)              AGE   SELECTOR
amq          ClusterIP   10.111.0.111   <none>        61616/TCP,8161/TCP   2s    app=amq
kubernetes   ClusterIP   10.96.0.1      <none>        443/TCP              24h   <none>


D20181472:nlp-adapt-kube gms$ kubectl get deploy -o wide
NAME   READY   UP-TO-DATE   AVAILABLE   AGE   CONTAINERS   IMAGES         SELECTOR
amq    0/1     1            0           33s   amq          gms/activemq   app=amq,track=stable

А внутри кластера я могу получить доступ к службе с помощью:его имя и пространство имен, ala: 

kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
If you don't see a command prompt, try pressing enter.
dnstools# nslookup amq.default
Server:     10.96.0.10
Address:    10.96.0.10#53

Name:   amq.default.svc.cluster.local
Address: 10.111.0.111

Однако, если я попробую curl для доступа к порту протокола tcp 61616 (используется ActiveMQ для удаленных подключений, который, по моему мнению, включен по умолчанию), я получаю времяout: 

dnstools# curl amq.default:61616
curl: (7) Failed to connect to amq.default port 61616: Operation timed out

Я протестировал curl на самом кластере kubernetes и возвращает ответ: 

dnstools# curl -k -d 'body=message' https://10.96.0.1:443
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {

  },
  "status": "Failure",
  "message": "forbidden: User \"system:anonymous\" cannot post path \"/\"",
  "reason": "Forbidden",
  "details": {

  },
  "code": 403

AFAIK, в миникубе не должно быть никаких правил брандмауэраэто должно быть решено для AMQ, поэтому я не совсем уверен, почему это не работает.Я также пытался использовать NodePorts для службы AMQ, но это не помогло.Любые предложения приветствуются!

1 Ответ

0 голосов
/ 27 января 2019

Благодаря @Laszlo Valko кажется, что модуль не запускался из-за ошибки прав доступа: 

D20181472:nlp-adapt-kube gms$ kubectl logs amq-76ccdc4bb-mbkml
INFO: Loading '/opt/activemq/bin/env'
INFO: Using java '/docker-java-home/jre/bin/java'
INFO: Starting in foreground, this is just for debugging purposes (stop process by pressing CTRL+C)
INFO: Creating pidfile /opt/activemq/data/activemq.pid
bin/activemq: 484: bin/activemq: cannot create /opt/activemq/data/activemq.pid: Permission denied
Java Runtime: Oracle Corporation 1.8.0_181 /usr/lib/jvm/java-8-openjdk-amd64/jre
  Heap sizes: current=62976k  free=58715k  max=932352k
    JVM args: -Xms64M -Xmx1G -Djava.util.logging.config.file=logging.properties -Djava.security.auth.login.config=/opt/activemq/conf/login.config -Dcom.sun.management.jmxremote -Djava.awt.headless=true -Djava.io.tmpdir=/opt/activemq/tmp -Dactivemq.classpath=/opt/activemq/conf:/opt/activemq/../lib/: -Dactivemq.home=/opt/activemq -Dactivemq.base=/opt/activemq -Dactivemq.conf=/opt/activemq/conf -Dactivemq.data=/opt/activemq/data
Extensions classpath:
  [/opt/activemq/lib,/opt/activemq/lib/camel,/opt/activemq/lib/optional,/opt/activemq/lib/web,/opt/activemq/lib/extra]
ACTIVEMQ_HOME: /opt/activemq
ACTIVEMQ_BASE: /opt/activemq
ACTIVEMQ_CONF: /opt/activemq/conf
ACTIVEMQ_DATA: /opt/activemq/data
log4j:ERROR setFile(null,true) call failed.
java.io.FileNotFoundException: /opt/activemq/data/activemq.log (Permission denied)

Установлен для запуска с правами root, и теперь все работает: 

dnstools# curl -o amq.default:61616
curl: no URL specified!
curl: try 'curl --help' or 'curl --manual' for more information
dnstools# curl  amq.default:61616
Warning: Binary output can mess up your terminal. Use "--output -" to tell
Warning: curl to output it to your terminal anyway, or consider "--output
Warning: <FILE>" to save to a file.
dnstools# curl  amq.default:61616 --output test.out
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   387    0   387    0     0  35181      0 --:--:-- --:--:-- --:--:-- 38700
dnstools# cat test.out
ActiveMQ
         m
          TcpNoDelayEnabledSizePrefixDisabled   CacheSize
                                                         ProviderName  ActiveMQStackTraceEnabledPlatformDetails HJVM: 1.8.0_181, 25.181-b13, Oracle Corporation, OS: Linux, 4.15.0, amd64
                                                                                                                                                                                         CacheEnabledTightEncodingEnabled
                          MaxFrameSize@MaxInactivityDurationu0 MaxInactivityDurationInitalDelay'ProviderVersion 5.14.5dnstools#


D20181472:nlp-adapt-kube gms$ kubectl logs amq-5bcc4fdfc5-8h7tt
INFO: Loading '/opt/activemq/bin/env'
INFO: Using java '/docker-java-home/jre/bin/java'
bin/activemq: 1: bin/activemq: ps: not found
INFO: Starting in foreground, this is just for debugging purposes (stop process by pressing CTRL+C)
INFO: Creating pidfile /opt/activemq/data/activemq.pid
Java Runtime: Oracle Corporation 1.8.0_181 /usr/lib/jvm/java-8-openjdk-amd64/jre
  Heap sizes: current=62976k  free=58715k  max=932352k
    JVM args: -Xms64M -Xmx1G -Djava.util.logging.config.file=logging.properties -Djava.security.auth.login.config=/opt/activemq/conf/login.config -Dcom.sun.management.jmxremote -Djava.awt.headless=true -Djava.io.tmpdir=/opt/activemq/tmp -Dactivemq.classpath=/opt/activemq/conf:/opt/activemq/../lib/: -Dactivemq.home=/opt/activemq -Dactivemq.base=/opt/activemq -Dactivemq.conf=/opt/activemq/conf -Dactivemq.data=/opt/activemq/data
Extensions classpath:
  [/opt/activemq/lib,/opt/activemq/lib/camel,/opt/activemq/lib/optional,/opt/activemq/lib/web,/opt/activemq/lib/extra]
ACTIVEMQ_HOME: /opt/activemq
ACTIVEMQ_BASE: /opt/activemq
ACTIVEMQ_CONF: /opt/activemq/conf
ACTIVEMQ_DATA: /opt/activemq/data
Loading message broker from: xbean:activemq.xml
 INFO | Refreshing org.apache.activemq.xbean.XBeanBrokerFactory$1@5f2108b5: startup date [Sun Jan 27 02:57:49 UTC 2019]; root of context hierarchy
 INFO | Using Persistence Adapter: KahaDBPersistenceAdapter[/opt/activemq/data/kahadb]
 INFO | KahaDB is version 6
 INFO | Recovering from the journal @1:503
 INFO | Recovery replayed 147 operations from the journal in 0.115 seconds.
 INFO | PListStore:[/opt/activemq/data/localhost/tmp_storage] started
 INFO | Apache ActiveMQ 5.14.5 (localhost, ID:amq-5bcc4fdfc5-8h7tt-46331-1548557870872-0:1) is starting
 INFO | Listening for connections at: tcp://amq-5bcc4fdfc5-8h7tt:61616?maximumConnections=1000&wireFormat.maxFrameSize=104857600
 INFO | Connector openwire started
 INFO | Listening for connections at: amqp://amq-5bcc4fdfc5-8h7tt:5672?maximumConnections=1000&wireFormat.maxFrameSize=104857600
 INFO | Connector amqp started
 INFO | Listening for connections at: stomp://amq-5bcc4fdfc5-8h7tt:61613?maximumConnections=1000&wireFormat.maxFrameSize=104857600
 INFO | Connector stomp started
 INFO | Listening for connections at: mqtt://amq-5bcc4fdfc5-8h7tt:1883?maximumConnections=1000&wireFormat.maxFrameSize=104857600
 INFO | Connector mqtt started
 WARN | ServletContext@o.e.j.s.ServletContextHandler@1e44b638{/,null,STARTING} has uncovered http methods for path: /
 INFO | Listening for connections at ws://amq-5bcc4fdfc5-8h7tt:61614?maximumConnections=1000&wireFormat.maxFrameSize=104857600
 INFO | Connector ws started
 INFO | Apache ActiveMQ 5.14.5 (localhost, ID:amq-5bcc4fdfc5-8h7tt-46331-1548557870872-0:1) started
 INFO | For help or more information please see: http://activemq.apache.org
 INFO | No Spring WebApplicationInitializer types detected on classpath
 INFO | ActiveMQ WebConsole available at http://0.0.0.0:8161/
 INFO | ActiveMQ Jolokia REST API available at http://0.0.0.0:8161/api/jolokia/
 INFO | Initializing Spring FrameworkServlet 'dispatcher'
 INFO | No Spring WebApplicationInitializer types detected on classpath
 INFO | jolokia-agent: Using policy access restrictor classpath:/jolokia-access.xml
 WARN | Transport Connection to: tcp://172.17.0.2:37578 failed: java.io.IOException: Frame size of 1 GB larger than max allowed 100 MB
 WARN | Transport Connection to: tcp://172.17.0.2:37848 failed: java.io.IOException: Frame size of 1 GB larger than max allowed 100 MB
 WARN | Transport Connection to: tcp://172.17.0.2:38082 failed: java.io.IOException: Frame size of 1 GB larger than max allowed 100 MB
...