mirror of
				https://github.com/openimsdk/open-im-server.git
				synced 2025-10-25 20:52:11 +08:00 
			
		
		
		
	feat: update auth logic to compatible old version.
This commit is contained in:
		
							parent
							
								
									5a3dae738e
								
							
						
					
					
						commit
						fa31264da8
					
				| @ -2,8 +2,8 @@ enable: etcd | |||||||
| etcd: | etcd: | ||||||
|   rootDirectory: openim |   rootDirectory: openim | ||||||
|   address: [localhost:12379] |   address: [localhost:12379] | ||||||
|   username: "openIM" |   # username: "openIM" | ||||||
|   password: "openIM123" |   # password: "openIM123" | ||||||
| 
 | 
 | ||||||
| kubernetes: | kubernetes: | ||||||
|   namespace: default |   namespace: default | ||||||
|  | |||||||
| @ -1,7 +1,7 @@ | |||||||
| # Username for authentication | ## Kafka authentication | ||||||
| username: "openIM" | # username: "openIM" | ||||||
| # Password for authentication | # password: "openIM123" | ||||||
| password: "openIM123" | 
 | ||||||
| # Producer acknowledgment settings | # Producer acknowledgment settings | ||||||
| producerAck: | producerAck: | ||||||
| # Compression type to use (e.g., none, gzip, snappy) | # Compression type to use (e.g., none, gzip, snappy) | ||||||
|  | |||||||
| @ -84,17 +84,17 @@ services: | |||||||
|       - ETCD_INITIAL_CLUSTER_TOKEN=tkn |       - ETCD_INITIAL_CLUSTER_TOKEN=tkn | ||||||
|       - ETCD_INITIAL_CLUSTER_STATE=new |       - ETCD_INITIAL_CLUSTER_STATE=new | ||||||
|       - ALLOW_NONE_AUTHENTICATION=no |       - ALLOW_NONE_AUTHENTICATION=no | ||||||
|       - ETCD_ROOT_USER=root |       ## Optional: Enable etcd authentication by setting the following credentials | ||||||
|       - ETCD_ROOT_PASSWORD=openIM123 |       # - ETCD_ROOT_USER=root | ||||||
|       - ETCD_USERNAME=openIM |       # - ETCD_ROOT_PASSWORD=openIM123 | ||||||
|       - ETCD_PASSWORD=openIM123 |       # - ETCD_USERNAME=openIM | ||||||
|  |       # - ETCD_PASSWORD=openIM123 | ||||||
|     volumes: |     volumes: | ||||||
|       - "${DATA_DIR}/components/etcd:/etcd-data" |       - "${DATA_DIR}/components/etcd:/etcd-data" | ||||||
|     command: > |     command: > | ||||||
|       /bin/sh -c ' |       /bin/sh -c ' | ||||||
|         etcd & |         etcd & | ||||||
|         export ETCDCTL_API=3 |         export ETCDCTL_API=3 | ||||||
| 
 |  | ||||||
|         echo "Waiting for etcd to become healthy..." |         echo "Waiting for etcd to become healthy..." | ||||||
|         until etcdctl --endpoints=http://127.0.0.1:2379 endpoint health &>/dev/null; do |         until etcdctl --endpoints=http://127.0.0.1:2379 endpoint health &>/dev/null; do | ||||||
|           echo "Waiting for ETCD to start..." |           echo "Waiting for ETCD to start..." | ||||||
| @ -103,6 +103,9 @@ services: | |||||||
| 
 | 
 | ||||||
|         echo "etcd is healthy." |         echo "etcd is healthy." | ||||||
| 
 | 
 | ||||||
|  |         if [ -n "$${ETCD_ROOT_USER}" ] && [ -n "$${ETCD_ROOT_PASSWORD}" ] && [ -n "$${ETCD_USERNAME}" ] && [ -n "$${ETCD_PASSWORD}" ]; then | ||||||
|  |           echo "Authentication credentials provided. Setting up authentication..." | ||||||
|  | 
 | ||||||
|         echo "Checking authentication status..." |         echo "Checking authentication status..." | ||||||
|         if ! etcdctl --endpoints=http://127.0.0.1:2379 auth status | grep -q "Authentication Status: true"; then |         if ! etcdctl --endpoints=http://127.0.0.1:2379 auth status | grep -q "Authentication Status: true"; then | ||||||
|           echo "Authentication is disabled. Creating users and enabling..." |           echo "Authentication is disabled. Creating users and enabling..." | ||||||
| @ -142,7 +145,6 @@ services: | |||||||
|             etcdctl --endpoints=http://127.0.0.1:2379 --user=$${ETCD_USERNAME}:$${ETCD_PASSWORD} del /test/auth &>/dev/null |             etcdctl --endpoints=http://127.0.0.1:2379 --user=$${ETCD_USERNAME}:$${ETCD_PASSWORD} del /test/auth &>/dev/null | ||||||
|           fi |           fi | ||||||
|         fi |         fi | ||||||
|          |  | ||||||
|         echo "Testing authentication with OpenIM user..." |         echo "Testing authentication with OpenIM user..." | ||||||
|         if etcdctl --endpoints=http://127.0.0.1:2379 --user=$${ETCD_USERNAME}:$${ETCD_PASSWORD} put /test/auth "auth-works"; then |         if etcdctl --endpoints=http://127.0.0.1:2379 --user=$${ETCD_USERNAME}:$${ETCD_PASSWORD} put /test/auth "auth-works"; then | ||||||
|           echo "Authentication working properly" |           echo "Authentication working properly" | ||||||
| @ -150,6 +152,10 @@ services: | |||||||
|         else |         else | ||||||
|           echo "WARNING: Authentication test failed" |           echo "WARNING: Authentication test failed" | ||||||
|           fi |           fi | ||||||
|  |         else | ||||||
|  |           echo "No authentication credentials provided. Running in no-auth mode." | ||||||
|  |           echo "To enable authentication, set ETCD_ROOT_USER, ETCD_ROOT_PASSWORD, ETCD_USERNAME, and ETCD_PASSWORD environment variables." | ||||||
|  |         fi | ||||||
|          |          | ||||||
|         tail -f /dev/null |         tail -f /dev/null | ||||||
|       ' |       ' | ||||||
| @ -172,18 +178,38 @@ services: | |||||||
|       KAFKA_CFG_NODE_ID: 0 |       KAFKA_CFG_NODE_ID: 0 | ||||||
|       KAFKA_CFG_PROCESS_ROLES: controller,broker |       KAFKA_CFG_PROCESS_ROLES: controller,broker | ||||||
|       KAFKA_CFG_CONTROLLER_QUORUM_VOTERS: 0@kafka:9093 |       KAFKA_CFG_CONTROLLER_QUORUM_VOTERS: 0@kafka:9093 | ||||||
|       KAFKA_CFG_LISTENERS: PLAINTEXT://:9092,CONTROLLER://:9093,EXTERNAL://:9094 |  | ||||||
|       KAFKA_CFG_ADVERTISED_LISTENERS: PLAINTEXT://kafka:9092,EXTERNAL://localhost:19094 |  | ||||||
|       KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP: CONTROLLER:PLAINTEXT,EXTERNAL:SASL_PLAINTEXT,PLAINTEXT:SASL_PLAINTEXT |  | ||||||
|       KAFKA_CFG_CONTROLLER_LISTENER_NAMES: CONTROLLER |       KAFKA_CFG_CONTROLLER_LISTENER_NAMES: CONTROLLER | ||||||
|       KAFKA_NUM_PARTITIONS: 8 |       KAFKA_NUM_PARTITIONS: 8 | ||||||
|       KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE: "true" |       KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE: "true" | ||||||
| 
 | 
 | ||||||
|       KAFKA_CFG_SASL_ENABLED_MECHANISMS: PLAIN |       KAFKA_CFG_LISTENERS: "PLAINTEXT://:9092,CONTROLLER://:9093,EXTERNAL://:9094" | ||||||
|       KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN |       KAFKA_CFG_ADVERTISED_LISTENERS: "PLAINTEXT://kafka:9092,EXTERNAL://localhost:19094" | ||||||
|       KAFKA_CLIENT_USERS: admin,openIM |       KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP: "CONTROLLER:PLAINTEXT,EXTERNAL:PLAINTEXT,PLAINTEXT:PLAINTEXT" | ||||||
|       KAFKA_CLIENT_PASSWORDS: admin-secret,openIM123 |       KAFKA_CFG_INTER_BROKER_LISTENER_NAME: "PLAINTEXT" | ||||||
| 
 | 
 | ||||||
|  |       # Authentication configuration variables - comment out to disable auth | ||||||
|  |       # KAFKA_USERNAME: "openIM" | ||||||
|  |       # KAFKA_PASSWORD: "openIM123" | ||||||
|  |     command: > | ||||||
|  |       /bin/sh -c ' | ||||||
|  |         if [ -n "$${KAFKA_USERNAME}" ] && [ -n "$${KAFKA_PASSWORD}" ]; then | ||||||
|  |           echo "=== Kafka SASL Authentication ENABLED ===" | ||||||
|  |           echo "Username: $${KAFKA_USERNAME}" | ||||||
|  |            | ||||||
|  |           # Set environment variables for SASL authentication | ||||||
|  |           export KAFKA_CFG_LISTENERS="SASL_PLAINTEXT://:9092,CONTROLLER://:9093,EXTERNAL://:9094" | ||||||
|  |           export KAFKA_CFG_ADVERTISED_LISTENERS="SASL_PLAINTEXT://kafka:9092,EXTERNAL://localhost:19094" | ||||||
|  |           export KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP="CONTROLLER:PLAINTEXT,EXTERNAL:SASL_PLAINTEXT,SASL_PLAINTEXT:SASL_PLAINTEXT" | ||||||
|  |           export KAFKA_CFG_SASL_ENABLED_MECHANISMS="PLAIN" | ||||||
|  |           export KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL="PLAIN" | ||||||
|  |           export KAFKA_CFG_INTER_BROKER_LISTENER_NAME="SASL_PLAINTEXT" | ||||||
|  |           export KAFKA_CLIENT_USERS="$${KAFKA_USERNAME}" | ||||||
|  |           export KAFKA_CLIENT_PASSWORDS="$${KAFKA_PASSWORD}" | ||||||
|  |         fi | ||||||
|  |          | ||||||
|  |         # Start Kafka with the configured environment | ||||||
|  |         exec /opt/bitnami/scripts/kafka/entrypoint.sh /opt/bitnami/scripts/kafka/run.sh | ||||||
|  |       ' | ||||||
|     networks: |     networks: | ||||||
|       - openim |       - openim | ||||||
| 
 | 
 | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user