ops:add production rmqtt config

Author: timzaak

README.md

@@ -13,15 +13,15 @@
 交互协议走 json 字符串。
 ```json5
 # Web websocket-mqtt send
-# publish topic:  $clientId/cmd
+# publish topic:  cmd/$clientId
 {
   cmd: "ls",
   requestId: "random_to_track",
   #stream: false， # can be empty, default is false. this project now only support false.
 }
 
 # mproxy response
-# publish topic: $client/cmd/resp
+# publish topic: cmd/$client/resp
 # success response        
 {
   type: "Ok"      
@@ -46,13 +46,13 @@ Install [Rust 1.70+](https://www.rust-lang.org/),
 [mprocs](https://github.com/pvolok/mprocs). Then, run
 ```shell
 cd web && npm ci && cd ../
-cd develop && ./run_mqtt.sh && cd ../
+cd shell && ./run_mqtt.sh && cd ../
 mprocs
 
-# this is check MQTT agent if is OK
+# Check MQTT agent if is OK
 cd agent && cargo run --example publish_command.rs
 ```
-Web [Figma UI](https://www.figma.com/design/iyL4dms3B8AWGZS14FCRuf/RMQTT-EXEC?m=dev&node-id=0%3A1&t=aXOx1pkofASiwbPa-1)
+Web [Figma UI](https://www.figma.com/design/iyL4dms3B8AWGZS14FCRuf/RMQTT-EXEC?node-id=0%3A1&t=rnIL1LSWwQIXfZdf-1)
 ## 限制
 目前只支持普通的命令, 不支持 `sudo xxx` 之类命令。
 

shell/prod/README.md

@@ -0,0 +1,5 @@
+## RMQTT Production Config
+
+相比于开发配置:
+1. 禁用了 websocket socket。
+2. 在 rmqtt-acl 添加了简单的权限配置。

shell/prod/plugin/rmqtt-acl.toml

@@ -0,0 +1,16 @@
+##--------------------------------------------------------------------
+## rmqtt-acl
+##--------------------------------------------------------------------
+
+disconnect_if_pub_rejected = true
+
+rules = [
+    #["allow", { user = "dashboard" }, "subscribe", ["$SYS/#"]],
+    ["allow", { ipaddr = "127.0.0.1" }, "pubsub", ["$SYS/#", "#"]],
+    #["deny", "all", "subscribe", ["$SYS/#", { eq = "#" }]],
+    # set superuser to publish shell command
+    ["allow", { user = "timzaak", password = "timzaak", superuser = true }],
+    # allow nodes to publish/subscribe shell command
+    ["allow", { user = "nodes", password ="nodes_password" }, "pubsub", ["cmd/%c", "cmd/%c/resp"]],
+    ["deny", "all"]
+]

shell/prod/plugin/rmqtt-http-api.toml

@@ -0,0 +1,21 @@
+##--------------------------------------------------------------------
+## rmqtt-http-api
+##--------------------------------------------------------------------
+
+# See more keys and their definitions at https://github.com/rmqtt/rmqtt/blob/master/docs/en_US/http-api.md
+
+##Number of worker threads
+workers = 1
+## Max Row Limit
+max_row_limit = 10_000
+## HTTP Listener
+http_laddr = "0.0.0.0:6060"
+## Indicates whether to print HTTP request logs
+http_request_log = false
+
+##Whether support retain message, true/false, default value: true
+message_retain_available = false
+##Whether support storage messages, true/false, default value: false
+message_storage_available = false
+##Message expiration time, 0 means no expiration
+message_expiry_interval = "5m"

shell/prod/rmqtt.toml

@@ -0,0 +1,207 @@
+##--------------------------------------------------------------------
+## General
+##--------------------------------------------------------------------
+
+##--------------------------------------------------------------------
+## Task
+##--------------------------------------------------------------------
+#Concurrent task count for global task executor.
+task.exec_workers = 200
+#Queue capacity for global task executor.
+task.exec_queue_max = 3_000
+#Concurrent task count for global local task executor, per worker thread.
+task.local_exec_workers = 5
+#Queue capacity for global local task executor, per worker thread.
+task.local_exec_queue_max = 1_000
+#The rate at which messages are dequeued from the 'LocalTaskExecQueue' message queue, per worker thread.
+#default value: "u32::MAX,1s"
+task.local_exec_rate_limit = "100,1s"
+
+
+##--------------------------------------------------------------------
+## Node
+##--------------------------------------------------------------------
+#Node id
+node.id = 1
+
+#Busy status check switch.
+#default value: true
+node.busy.check_enable = true
+#Busy status update interval.
+#default value: 2s
+node.busy.update_interval = "2s"
+#The threshold for the 1-minute average system load used to determine system busyness.
+#Value range: 0.0-100.0, default value: 80.0
+node.busy.loadavg = 80.0
+#The threshold for average CPU load used to determine system busyness.
+#Value range: 0.0-100.0, default value: 90.0
+node.busy.cpuloadavg = 90.0
+#The threshold for determining high-concurrency connection handshakes in progress.
+node.busy.handshaking = 0
+
+##--------------------------------------------------------------------
+## RPC
+##--------------------------------------------------------------------
+#rpc.server_addr = "0.0.0.0:5363"
+#rpc.server_workers = 4
+#Maximum number of messages sent in batch
+#rpc.batch_size = 128
+#Client concurrent request limit
+#rpc.client_concurrency_limit = 128
+#Connect and send to server timeout
+#rpc.client_timeout = "10s"
+
+
+##--------------------------------------------------------------------
+## Log
+##--------------------------------------------------------------------
+# Value: off | file | console | both
+log.to = "file"
+# Value: trace, debug, info, warn, error
+log.level = "debug"
+log.dir = "/var/log/rmqtt"
+log.file = "rmqtt.log"
+
+
+##--------------------------------------------------------------------
+## Plugins
+##--------------------------------------------------------------------
+#Plug in configuration file directory
+plugins.dir = "plugin/"
+#Plug in started by default, when the mqtt server is started
+plugins.default_startups = [
+    #"rmqtt-plugin-template",
+    #"rmqtt-retainer",
+    #"rmqtt-auth-http",
+    #"rmqtt-cluster-broadcast",
+    #"rmqtt-cluster-raft",
+    #"rmqtt-sys-topic",
+    #"rmqtt-message-storage",
+    #"rmqtt-session-storage",
+    #"rmqtt-web-hook",
+    #"rmqtt-http-api"
+]
+
+
+##--------------------------------------------------------------------
+## MQTT
+##--------------------------------------------------------------------
+
+
+##--------------------------------------------------------------------
+## Listeners
+##--------------------------------------------------------------------
+
+##--------------------------------------------------------------------
+## MQTT/TCP - External TCP Listener for MQTT Protocol
+listener.tcp.external.addr = "0.0.0.0:1883"
+#Number of worker threads
+listener.tcp.external.workers = 8
+#The maximum number of concurrent connections allowed by the listener.
+listener.tcp.external.max_connections = 1024000
+#Maximum concurrent handshake limit, Default: 500
+listener.tcp.external.max_handshaking_limit = 500
+#Handshake timeout.
+listener.tcp.external.handshake_timeout = "30s"
+#Maximum allowed mqtt message length. 0 means unlimited, default: 1m
+listener.tcp.external.max_packet_size = "1m"
+#The maximum length of the TCP connection queue.
+#It indicates the maximum number of TCP connection queues that are being handshaked three times in the system
+listener.tcp.external.backlog = 1024
+#Whether anonymous login is allowed. Default: true
+listener.tcp.external.allow_anonymous = true
+#A value of zero indicates disabling the keep-alive feature, where the server
+#doesn't need to disconnect due to client inactivity, default: true
+listener.tcp.external.allow_zero_keepalive = true
+#Minimum allowable keepalive value for mqtt connection,
+#less than this value will reject the connection(MQTT V3),
+#less than this value will set keepalive to this value in CONNACK (MQTT V5),
+#default: 0, unit: seconds
+listener.tcp.external.min_keepalive = 0
+#Maximum allowable keepalive value for mqtt connection,
+#greater than this value will reject the connection(MQTT V3),
+#greater than this value will set keepalive to this value in CONNACK (MQTT V5),
+#default value: 65535, unit: seconds
+listener.tcp.external.max_keepalive = 65535
+# > 0.5, Keepalive * backoff * 2
+listener.tcp.external.keepalive_backoff = 0.75
+#Flight window size. The flight window is used to store the unanswered QoS 1 and QoS 2 messages
+listener.tcp.external.max_inflight = 16
+#Maximum length of message queue
+listener.tcp.external.max_mqueue_len = 1000
+#The rate at which messages are ejected from the message queue,
+#default value: "u32::max_value(),1s"
+listener.tcp.external.mqueue_rate_limit = "1000,1s"
+#Maximum length of client ID allowed, Default: 65535
+listener.tcp.external.max_clientid_len = 65535
+#The maximum QoS level that clients are allowed to publish. default value: 2
+listener.tcp.external.max_qos_allowed = 2
+#The maximum level at which clients are allowed to subscribe to topics.
+#0 means unlimited. default value: 0
+listener.tcp.external.max_topic_levels = 0
+#Whether support retain message, true/false, default value: false
+listener.tcp.external.retain_available = false
+#Session timeout, default value: 2 hours
+listener.tcp.external.session_expiry_interval = "2h"
+#QoS 1/2 message retry interval, 0 means no resend
+listener.tcp.external.message_retry_interval = "20s"
+#Message expiration time, 0 means no expiration
+listener.tcp.external.message_expiry_interval = "5m"
+#The maximum number of topics that a single client is allowed to subscribe to
+#0 means unlimited, default value: 0
+listener.tcp.external.max_subscriptions = 0
+#Shared subscription switch, default value: true
+listener.tcp.external.shared_subscription = true
+#topic alias maximum, default value: 0, topic aliases not enabled. (MQTT 5.0)
+listener.tcp.external.max_topic_aliases = 32
+
+##--------------------------------------------------------------------
+## Internal TCP Listener for MQTT Protocol
+#listener.tcp.internal.enable = true
+#listener.tcp.internal.addr = "0.0.0.0:11883"
+#listener.tcp.internal.workers = 4
+#listener.tcp.internal.max_connections = 102400
+#listener.tcp.internal.max_handshaking_limit = 500
+#listener.tcp.internal.handshake_timeout = "30s"
+#listener.tcp.internal.max_packet_size = "1M"
+#listener.tcp.internal.backlog = 512
+#listener.tcp.internal.allow_anonymous = true
+#listener.tcp.internal.allow_zero_keepalive = true
+#listener.tcp.internal.min_keepalive = 0
+#listener.tcp.internal.max_keepalive = 65535
+#listener.tcp.internal.keepalive_backoff = 0.75
+#listener.tcp.internal.max_inflight = 16
+#listener.tcp.internal.max_mqueue_len = 1000    
+#listener.tcp.internal.mqueue_rate_limit = "1000,1s"
+#listener.tcp.internal.max_clientid_len = 65535
+#listener.tcp.internal.max_qos_allowed = 2
+#listener.tcp.internal.max_topic_levels = 0
+#listener.tcp.internal.retain_available = false
+#listener.tcp.internal.session_expiry_interval = "2h"
+#listener.tcp.internal.message_retry_interval = "30s"
+#listener.tcp.internal.message_expiry_interval = "5m"
+#listener.tcp.internal.max_subscriptions = 0
+#listener.tcp.internal.shared_subscription = true
+#listener.tcp.internal.max_topic_aliases = 0
+
+##--------------------------------------------------------------------
+## MQTT/TLS - External TLS Listener for MQTT Protocol, (TLSv1.2)
+#listener.tls.external.addr = "0.0.0.0:8883"
+#listener.tls.external.cross_certificate = true
+#listener.tls.external.cert = "./rmqtt-bin/rmqtt.fullchain.pem"
+#listener.tls.external.cross_certificate = false
+#listener.tls.external.cert = "./rmqtt-bin/rmqtt.pem"
+#listener.tls.external.key = "./rmqtt-bin/rmqtt.key"
+
+##--------------------------------------------------------------------
+## MQTT/WebSocket - External WebSocket Listener for MQTT Protocol
+#listener.ws.external.addr = "0.0.0.0:8080"
+
+##--------------------------------------------------------------------
+## MQTT/TLS-WebSocket - External TLS-WebSocket Listener for MQTT Protocol, (TLSv1.2)
+#listener.wss.external.addr = "0.0.0.0:8443"
+#listener.wss.external.cross_certificate = true
+#listener.wss.external.cert = "./rmqtt-bin/rmqtt.fullchain.pem"
+#listener.wss.external.cross_certificate = false
+#listener.wss.external.cert = "./rmqtt-bin/rmqtt.pem"
+#listener.wss.external.key = "./rmqtt-bin/rmqtt.key"

shell/prod/run_prod_mqtt.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+#-p 6060:6060 -p 1883:1883
+docker run -d --name rmqtt --network=host \
+-v $(pwd)/rmqtt/rmqtt.toml:/app/rmqtt/rmqtt.toml \
+-v $(pwd)/rmqtt/plugin:/app/rmqtt/plugin  \
+-v $(pwd)/rmqtt/log:/var/log/rmqtt \
+rmqtt/rmqtt:latest