EMQX 5.0 Docker 部署时，授权配置可以写进环境变量吗？

mmdjiji · 2022 年7 月 25 日 09:35

环境信息

EMQX 版本：5.0.3
操作系统及版本：Ubuntu 20.04 Docker

问题描述

因为添加授权配置非常方便，可以轻松用于鉴权，但我不知道能不能直接通过添加环境变量的方法来添加鉴权条目，而不是修改配置文件或者调用HTTP API。

我在进行 Docker 部署时想在环境变量里试图添加 EMQX_AUTHORIZATION 变量去重写授权的配置，但是似乎不起作用：

docker run -d --name emqx -p 1883:1883 -p 18083:18083 -v emqx_data:/opt/emqx/data -v emqx_etc:/opt/emqx/etc -v emqx_log:/opt/emqx/log -e EMQX_AUTHORIZATION__NO_MATCH=deny -e EMQX_AUTHORIZATION__DENY_ACTION=disconnect -e EMQX_AUTHORIZATION__SOURCES={type:"built_in_database",enable:true} emqx/emqx:5.0.3

Docker认为这么做语法错误：

docker: invalid reference format: repository name must be lowercase.

我也尝试过这种加载方法：

EMQX_AUTHORIZATION__SOURCES="[{enable=true, backend=\"built_in_database\", mechanism=\"password_based\"}]"

似乎也不能正常工作：

2022-07-25T09:45:00.142872+00:00 [error] failed_to_check_schema: emqx_conf_schema

2022-07-25T09:45:00.149882+00:00 [error] #{kind => validation_error,mismatches => #{<<"authz:file">> => #{kind => validation_error,path => "authorization.sources.1",reason => unknown_fields,unknown => <<"backend,mechanism">>,unmatched => <<"path,type">>},<<"authz:http_get">> => #{kind => validation_error,path => "authorization.sources.1",reason => unknown_fields,unknown => <<"backend,mechanism">>,unmatched => <<"body,connect_timeout...">>},<<"authz:http_post">> => #{kind => validation_error,path => "authorization.sources.1",reason => unknown_fields,unknown => <<"backend,mechanism">>,unmatched => <<"body,connect_timeout...">>},<<"authz:mnesia">> => #{kind => validation_error,path => "authorization.sources.1",reason => unknown_fields,unknown => <<"backend,mechanism">>,unmatched => <<"type">>},<<"authz:mongo_rs">> => #{kind => validation_error,path => "authorization.sources.1",reason => unknown_fields,unknown => <<"backend,mechanism">>,unmatched => <<"auth_source,collection...">>},<<"authz:mongo_sharded">> => #{kind => validation_error,path => "authorization.sources.1",reason => unknown_fields,unknown => <<"backend,mechanism">>,unmatched => <<"auth_source,collection...">>},<<"authz:mongo_single">> => #{kind => validation_error,path => "authorization.sources.1",reason => unknown_fields,unknown => <<"backend,mechanism">>,unmatched => <<"auth_source,collection...">>},<<"authz:mysql">> => #{kind => validation_error,path => "authorization.sources.1",reason => unknown_fields,unknown => <<"backend,mechanism">>,unmatched => <<"auto_reconnect,database...">>},<<"authz:postgresql">> => #{kind => validation_error,path => "authorization.sources.1",reason => unknown_fields,unknown => <<"backend,mechanism">>,unmatched => <<"auto_reconnect,database...">>},<<"authz:redis_cluster">> => #{kind => validation_error,path => "authorization.sources.1",reason => unknown_fields,unknown => <<"backend,mechanism">>,unmatched => <<"auto_reconnect,cmd...">>},<<"authz:redis_sentinel">> => #{kind => validation_error,path => "authorization.sources.1",reason => unknown_fields,unknown => <<"backend,mechanism">>,unmatched => <<"auto_reconnect,cmd...">>},<<"authz:redis_single">> => #{kind => validation_error,path => "authorization.sources.1",reason => unknown_fields,unknown => <<"backend,mechanism">>,unmatched => <<"auto_reconnect,cmd...">>}},path => "authorization.sources.1",reason => matched_no_union_member}

ERROR: call_hocon_failed: -v -t 2022.07.25.09.44.59 -s emqx_conf_schema -c /opt/emqx/etc/emqx.conf -d /opt/emqx/data/configs generate

DDDHuang · 2022 年7 月 26 日 01:46

不能通过环境变量，目前只能通过API。因为一般来说认证数据都非常多，至少应该和设备数量一致的条目数量。所以一般推荐API调用或者第三方数据库认证

mmdjiji · 2022 年7 月 26 日 01:48

是这样的，但是至少想把认证的初始化放在环境变量中，至于认证的账号密码的细节放在api去调用，这样也不可行嘛。

wangscaler · 2022 年7 月 26 日 02:01

友情提示：第一种方式的错误提示是容器名必须小写。而你没有设置容器名。而不是语法错误

mmdjiji · 2022 年7 月 26 日 02:03

设置了的，我没有加这个环境变量的时候运行是正常的，肯定是环境变量编译格式导致的docker误判，如果改成字符串就不会发生这个了，所以docker在环境变量中出现{}或者[]的时候可能会特判