Show Table of Contents
7.6.2. Configuring ActiveMQ
Edit the
/etc/activemq/activemq.xml file to correctly configure ActiveMQ. You can download a sample configuration file from https://raw.github.com/openshift/openshift-extras/enterprise-2.2/enterprise/install-scripts/activemq.xml. Copy this file into the /etc/activemq/ directory, and make the following configuration changes:
- Replace
activemq.example.comin this file with the actual fully-qualified domain name (FQDN) of this host. - Substitute your own passwords for the example passwords provided, and use them in the MCollective configuration that follows.
Configure the firewall to allow MCollective to communicate on TCP port 61613, and set the
activemq service to start on boot:
# lokkit --port=61613:tcp# chkconfig activemq on
Start the
activemq service:
# service activemq startNote
If you use the kickstart or bash script, the
configure_activemq function performs these steps.
Important
Ensure that the ActiveMQ monitor console web service requires authentication and answers only on the
localhost interface. It is important to limit access to the ActiveMQ console for security.
Procedure 7.13. To Secure the ActiveMQ Console:
- Ensure authentication is enabled:
# sed -i -e '/name="authenticate"/s/false/true/' /etc/activemq/jetty.xml - For the console to answer only on the
localhostinterface, check the/etc/activemq/jetty.xmlfile. Ensure that theConnectorbean has thehostproperty with the value of127.0.0.1.Example 7.5.
ConnectorBean Configuration<bean id="Connector" class="org.eclipse.jetty.server.nio.SelectChannelConnector"> <!-- see the jettyPort bean --> <property name="port" value="#{systemProperties['jetty.port']}" /> <property name="host" value="127.0.0.1" /> </bean> - Ensure that the line for the
adminuser in the/etc/activemq/jetty-realm.propertiesfile is uncommented, and change the default password to a unique one. User definitions in this file take the following form:username: password [,role ...]
Example 7.6.
adminUser Definitionadmin: password, admin
- Restart the
activemqservice for the changes to take effect:#
service activemq restart
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.