8.4.4. ActiveMQ

ActiveMQ uses the term broker to identify an ActiveMQ server. However, this section distinguishes ActiveMQ brokers from OpenShift Enterprise broker hosts.
Because ActiveMQ services can be configured for redundancy, this section demonstrates redundancy with three servers to configure a redundant network of ActiveMQ brokers. This configuration provides the following advantages:
  • Distributes queues and topics among ActiveMQ brokers
  • Allows clients to connect to any Active MQ broker on the network
  • Failover to another ActiveMQ broker if one fails
Connecting all ActiveMQ brokers to each other achieves this redundancy. See the following ActiveMQ documentation for more background information:

8.4.4.1. Configuring a Network of ActiveMQ Brokers

This section describes how to configure a network of ActiveMQ brokers, and the example instructions show a configuration of three ActiveMQ brokers found on the following hosts:
  • activemq1.example.com
  • activemq2.example.com
  • activemq3.example.com
Use the same configuration for all hosts, but substitute specific information to suit the requirements of each host.
Networked ActiveMQ brokers are configured differently from what is described in the basic installation. The following procedure describes how to configure a network of ActiveMQ brokers.

Procedure 8.14. To Configure a Network of ActiveMQ Brokers:

  1. Install ActiveMQ with: 
    # yum install -y activemq
  2. Modify the /etc/activemq/activemq.xml configuration file. Red Hat recommends downloading and using the sample activemq.xml file provided at https://raw.github.com/openshift/openshift-extras/enterprise-2.2/enterprise/install-scripts/activemq-network.xml as a starting point. Modify the host names, user names, and passwords to suit your requirements.
    However, if you choose to modify the default /etc/activemq/activemq.xml configuration file, use the following instructions to do so. Each change that must be made in the default /etc/activemq/activemq.xml file is described accordingly. Red Hat recommends that you create a backup of the default /etc/activemq/activemq.xml file before modifying it, using the following command: 
    # cp /etc/activemq/activemq.xml{,.orig}
    1. In the broker element, modify the brokerName and dataDirectory attributes, and add useJmx="true": 
      <broker xmlns="http://activemq.apache.org/schema/core"
                 brokerName="activemq1.example.com" useJmx="true"
                 dataDirectory="${activemq.base}/data">
    2. Modify the destinationPolicy element: 
      <destinationPolicy>
  <policyMap>
    <policyEntries>
      <policyEntry topic=">" producerFlowControl="false"/>
      <policyEntry queue="*.reply.>" gcInactiveDestinations="true"
                             inactiveTimoutBeforeGC="300000" />
    </policyEntries>
  </policyMap>
</destinationPolicy>
    3. Comment out or remove the persistenceAdapter element, and replace it with the networkConnectors element. This example is for the first ActiveMQ broker. 
      <networkConnectors>
  <networkConnector name="broker1-broker2-topic"
      uri="static:(tcp://activemq2.example.com:61616)"
        userName="amquser" password="amqpass">
    <excludedDestinations>
            <queue physicalName=">" />
      </excludedDestinations>
  </networkConnector>
  <networkConnector name="broker1-broker2-queue"
      uri="static:(tcp://activemq2.example.com:61616)"
      userName="amquser" password="amqpass"
      conduitSubscriptions="false">
    <excludedDestinations>
      <topic physicalName=">" />
    </excludedDestinations>
  </networkConnector>
  <networkConnector name="broker1-broker3-topic"
      uri="static:(tcp://activemq3.example.com:61616)"
      userName="amquser" password="amqpass">
    <excludedDestinations>
      <queue physicalName=">" />
    </excludedDestinations>
  </networkConnector>
  <networkConnector name="broker1-broker3-queue"
      uri="static:(tcp://activemq3.example.com:61616)"
      userName="amquser" password="amqpass"
       conduitSubscriptions="false">
    <excludedDestinations>
      <topic physicalName=">" />
    </excludedDestinations>
  </networkConnector>
</networkConnectors>
      The networkConnectors element provides one-way message paths to other ActiveMQ brokers on the network. For a fault-tolerant configuration, the networkConnector element for each ActiveMQ broker must point to the other ActiveMQ brokers, and is specific to each host. In the example above, the activemq1.example.com host is shown.
      Each networkConnector element requires a unique name and ActiveMQ broker. The names used here are in the localhost -> remotehost format, reflecting the direction of the connection. For example, the first ActiveMQ broker has a networkConnector element name prefixed with broker1-broker2, and the address corresponds to a connection to the second host.
      The userName and password attributes are for connections between the ActiveMQ brokers, and match the definitions described in the next step.
    4. Add the plugins element to define authentication and authorization for MCollective, inter-broker connections, and administration purposes. The plugins element must be after the networkConnectors element. Substitute user names and passwords according to your local IT policy. 
      <plugins>
  <statisticsBrokerPlugin/>
  <simpleAuthenticationPlugin>
    <users>
      <authenticationUser username="mcollective"
            password="marionette" groups="mcollective,everyone"/>
      <authenticationUser username="amquser"
            password="amqpass" groups="admins,everyone"/>
      <authenticationUser username="admin"
            password="password" groups="mcollective,admin,everyone"/>
    </users>
  </simpleAuthenticationPlugin>
  <authorizationPlugin>
    <map>
      <authorizationMap>
        <authorizationEntries>
          <authorizationEntry queue=">"
                 write="admins" read="admins" admin="admins" />
          <authorizationEntry topic=">"
                 write="admins" read="admins" admin="admins" />
          <authorizationEntry topic="mcollective.>"
                 write="mcollective" read="mcollective" admin="mcollective" />
          <authorizationEntry queue="mcollective.>"
                 write="mcollective" read="mcollective" admin="mcollective" />
          <authorizationEntry topic="ActiveMQ.Advisory.>"
                 read="everyone" write="everyone" admin="everyone"/>
        </authorizationEntries>
      </authorizationMap>
    </map>
  </authorizationPlugin>
</plugins>
    5. Add the stomp transportConnector (for use by MCollective) to the transportConnectors element. The openwire transportConnector is used for ActiveMQ inter-broker transport, and must not be modified. Configure the transportConnectors element as shown in the following example. 
      <transportConnectors>
  <transportConnector name="openwire" uri="tcp://0.0.0.0:61616"/>
  <transportConnector name="stomp" uri="stomp://0.0.0.0:61613"/>
</transportConnectors>
  3. Secure the ActiveMQ console by configuring Jetty, as described in the basic installation.
    1. Enable authentication and restrict the console to localhost: 
      # cp /etc/activemq/jetty.xml{,.orig}
# sed -i -e '/name="authenticate"/s/false/true/' /etc/activemq/jetty.xml
    2. Change the default admin password in the /etc/activemq/jetty-realm.properties file. The password is the same as the admin password in the authentication plug-in. 
      # cp /etc/activemq/jetty-realm.properties{,.orig}
# sed -i -e '/admin:/s/admin,/password,/' /etc/activemq/jetty-realm.properties
  4. Modify the firewall to allow ActiveMQ stomp and openshift traffic: 
    # lokkit --port=61613:tcp
# lokkit --port=61616:tcp
    The basic installation only opens port 61613. Here, port 61616 has also been opened to allow ActiveMQ inter-broker traffic.
  5. Restart the ActiveMQ service and make it persistent on boot: 
    # service activemq restart
# chkconfig activemq on

Note

If you use the kickstart bash script, the configure_activemq function performs these steps when multiple members are specified with CONF_ACTIVEMQ_REPLICANTS.