feat: Implement etcd and kafka auth.

4 months ago · da7943cc64
parent 8e61f30e9c
commit da7943cc64
4 changed files with 40 additions and 16 deletions
--- a/.env
+++ b/.env
@ -2,7 +2,7 @@ MONGO_IMAGE=mongo:7.0
 REDIS_IMAGE=redis:7.0.0
 KAFKA_IMAGE=bitnami/kafka:3.5.1
 MINIO_IMAGE=minio/minio:RELEASE.2024-01-11T07-46-16Z
-ETCD_IMAGE=quay.io/coreos/etcd:v3.5.13
+ETCD_IMAGE=bitnami/etcd:3.5.13
 PROMETHEUS_IMAGE=prom/prometheus:v2.45.6
 ALERTMANAGER_IMAGE=prom/alertmanager:v0.27.0
 GRAFANA_IMAGE=grafana/grafana:11.0.1
--- a/config/discovery.yml
+++ b/config/discovery.yml
@ -1,9 +1,9 @@
 enable: etcd
 etcd:
  rootDirectory: openim
-  address: [ localhost:12379 ]
+  address: [localhost:12379]
-  username: ''
+  username: "openIM"
-  password: ''
+  password: "openIM123"
 kubernetes:
  namespace: default
--- a/config/kafka.yml
+++ b/config/kafka.yml
@ -1,13 +1,13 @@
 # Username for authentication
-username: ''
+username: "openIM"
 # Password for authentication
-password: ''
+password: "openIM123"
 # Producer acknowledgment settings
 producerAck:
 # Compression type to use (e.g., none, gzip, snappy)
 compressType: none
 # List of Kafka broker addresses
-address: [ localhost:19094 ]
+address: [localhost:19094]
 # Kafka topic for Redis integration
 toRedisTopic: toRedis
 # Kafka topic for MongoDB integration
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -75,7 +75,6 @@ services:
      - "12380:2380"
    environment:
      - ETCD_NAME=s1
      - ETCD_DATA_DIR=/etcd-data
      - ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379
      - ETCD_ADVERTISE_CLIENT_URLS=http://0.0.0.0:2379
      - ETCD_LISTEN_PEER_URLS=http://0.0.0.0:2380
@ -83,8 +82,27 @@ services:
      - ETCD_INITIAL_CLUSTER=s1=http://0.0.0.0:2380
      - ETCD_INITIAL_CLUSTER_TOKEN=tkn
      - ETCD_INITIAL_CLUSTER_STATE=new
      - ALLOW_NONE_AUTHENTICATION=no
      - ETCD_ROOT_USER=root
      - ETCD_ROOT_PASSWORD=openIM123
      - ETCD_USERNAME=openIM
      - ETCD_PASSWORD=openIM123
    volumes:
-      - "${DATA_DIR}/components/etcd:/etcd-data"
+      - "${DATA_DIR}/components/etcd:/bitnami/etcd"
    command: |
      /bin/bash -c '
      /opt/bitnami/scripts/etcd/entrypoint.sh /opt/bitnami/scripts/etcd/run.sh &
      sleep 10
      etcdctl --endpoints=http://127.0.0.1:2379 --user=$${ETCD_ROOT_USER}:$${ETCD_ROOT_PASSWORD} user add $${ETCD_USERNAME} --new-user-password=$${ETCD_PASSWORD} || true
      etcdctl --endpoints=http://127.0.0.1:2379 --user=$${ETCD_ROOT_USER}:$${ETCD_ROOT_PASSWORD} role add openim-role || true
      etcdctl --endpoints=http://127.0.0.1:2379 --user=$${ETCD_ROOT_USER}:$${ETCD_ROOT_PASSWORD} role grant-permission openim-role --prefix=true readwrite / || true
      etcdctl --endpoints=http://127.0.0.1:2379 --user=$${ETCD_ROOT_USER}:$${ETCD_ROOT_PASSWORD} role grant-permission openim-role --prefix=true readwrite "" || true
      etcdctl --endpoints=http://127.0.0.1:2379 --user=$${ETCD_ROOT_USER}:$${ETCD_ROOT_PASSWORD} user grant-role $${ETCD_USERNAME} openim-role || true
      tail -f /dev/null
      '
    restart: always
    networks:
      - openim
@ -106,10 +124,16 @@ services:
      KAFKA_CFG_CONTROLLER_QUORUM_VOTERS: 0@kafka:9093
      KAFKA_CFG_LISTENERS: PLAINTEXT://:9092,CONTROLLER://:9093,EXTERNAL://:9094
      KAFKA_CFG_ADVERTISED_LISTENERS: PLAINTEXT://kafka:9092,EXTERNAL://localhost:19094
-      KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP: CONTROLLER:PLAINTEXT,EXTERNAL:PLAINTEXT,PLAINTEXT:PLAINTEXT
+      KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP: CONTROLLER:PLAINTEXT,EXTERNAL:SASL_PLAINTEXT,PLAINTEXT:SASL_PLAINTEXT
      KAFKA_CFG_CONTROLLER_LISTENER_NAMES: CONTROLLER
      KAFKA_NUM_PARTITIONS: 8
      KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE: "true"
      KAFKA_CFG_SASL_ENABLED_MECHANISMS: PLAIN
      KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN
      KAFKA_CLIENT_USERS: admin,openIM
      KAFKA_CLIENT_PASSWORDS: admin-secret,openIM123
    networks:
      - openim