7.6.2. Configuring ActiveMQ

Edit the /etc/activemq/activemq.xml file to correctly configure ActiveMQ. You can download a sample configuration file from https://raw.github.com/openshift/openshift-extras/enterprise-2.2/enterprise/install-scripts/activemq.xml. Copy this file into the /etc/activemq/ directory, and make the following configuration changes:
  1. Replace activemq.example.com in this file with the actual fully-qualified domain name (FQDN) of this host.
  2. Substitute your own passwords for the example passwords provided, and use them in the MCollective configuration that follows.
Configure the firewall to allow MCollective to communicate on TCP port 61613, and set the activemq service to start on boot: 
# lokkit --port=61613:tcp
# chkconfig activemq on
Start the activemq service: 
# service activemq start

Note

If you use the kickstart or bash script, the configure_activemq function performs these steps.

Important

Ensure that the ActiveMQ monitor console web service requires authentication and answers only on the localhost interface. It is important to limit access to the ActiveMQ console for security.

Procedure 7.13. To Secure the ActiveMQ Console:

  1. Ensure authentication is enabled: 
    # sed -i -e '/name="authenticate"/s/false/true/' /etc/activemq/jetty.xml
  2. For the console to answer only on the localhost interface, check the /etc/activemq/jetty.xml file. Ensure that the Connector bean has the host property with the value of 127.0.0.1.

    Example 7.5. Connector Bean Configuration

    <bean id="Connector" class="org.eclipse.jetty.server.nio.SelectChannelConnector">
      <!-- see the jettyPort bean -->
      <property name="port" value="#{systemProperties['jetty.port']}" />
      <property name="host" value="127.0.0.1" />
</bean>
  3. Ensure that the line for the admin user in the /etc/activemq/jetty-realm.properties file is uncommented, and change the default password to a unique one. User definitions in this file take the following form: 
    username: password [,role ...]

    Example 7.6. admin User Definition

    admin: password, admin
  4. Restart the activemq service for the changes to take effect: 
    # service activemq restart