Chapter 10. Management

You can manage AMQ Interconnect using both graphical and command-line tools.

AMQ Console
A graphical tool for monitoring and managing AMQ brokers and routers.
qdstat
A command-line tool for monitoring the status of AMQ Interconnect routers.
qdmanage
A command-line tool for viewing and updating the configuration of AMQ Interconnect routers.

10.1. Using AMQ Console

If you prefer to use a graphic interface to manage AMQ, you can use AMQ Console. AMQ Console is a web console included in the AMQ Broker installation, and it enables you to use a web browser to manage AMQ Broker and AMQ Interconnect.

For more information, see Using AMQ Console.

10.2. Monitoring AMQ Interconnect Using qdstat

You can use qdstat to view the status of routers on your router network. For example, you can view information about the attached links and configured addresses, available connections, and nodes in the router network.

10.2.1. Syntax for Using qdstat

You can use qdstat with the following syntax:

$ qdstat OPTION [CONNECTION_OPTIONS] [SECURE_CONNECTION_OPTIONS]

This specifies:

  • An option for the type of information to view.
  • One or more optional connection_options to specify a router for which to view the information.

    If you do not specify a connection option, qdstat connects to the router listening on localhost and the default AMQP port (5672).

  • The secure_connection_options if the router for which you want to view information only accepts secure connections.

For more information about qdstat, see the qdstat man page.

10.2.2. Viewing General Statistics for a Router

You can view information about a router in the router network, such as its working mode and ID.

Procedure

  • Use the following command:

    $ qdstat -g [CONNECTION_OPTIONS]

    This example shows general statistics for the local router:

    $ qdstat -g
    Router Statistics
      attr                             value
      =============================================
      Version                          1.2.0
      Mode                             standalone
      Router Id                        Router.A
      Link Routes                      0
      Auto Links                       0
      Links                            2
      Nodes                            0
      Addresses                        4
      Connections                      1
      Presettled Count                 0
      Dropped Presettled Count         0
      Accepted Count                   2
      Rejected Count                   0
      Released Count                   0
      Modified Count                   0
      Ingress Count                    2
      Egress Count                     1
      Transit Count                    0
      Deliveries from Route Container  0
      Deliveries to Route Container    0

10.2.3. Viewing a List of Connections to a Router

You can view:

  • Connections from clients (sender/receiver)
  • Connections from and to other routers in the network
  • Connections to other containers (such as brokers)
  • Connections from the tool itself

Procedure

  • Use this command:

    $ qdstat -c [CONNECTION_OPTIONS]

    For more information about the fields displayed by this command, see the qdstat -c output columns.

    In this example, two clients are connected to Router.A. Router.A is connected to Router.B and a broker.

    Viewing the connections on Router.A displays the following:

    $ qdstat -c -r Router.A
    Connections
    id    host                        container                              role             dir  security     authentication  tenant
    ==================================================================================================================================
      2   127.0.0.1:5672                                                     route-container  out  no-security  anonymous-user   1
      10  127.0.0.1:5001               Router.B                              inter-router     out  no-security  anonymous-user   2
      12  localhost.localdomain:42972  161211fe-ba9e-4726-9996-52d6962d1276  normal           in   no-security  anonymous-user   3
      14  localhost.localdomain:42980  a35fcc78-63d9-4bed-b57c-053969c38fda  normal           in   no-security  anonymous-user   4
      15  localhost.localdomain:42982  0a03aa5b-7c45-4500-8b38-db81d01ce651  normal           in   no-security  anonymous-user   5
    1
    This connection shows that Router.A is connected to a broker, because the role is route-container, and the dir is out.
    2
    Router.A is also connected to another router on the network (the role is inter-router), establishing an output connection (the dir is out).
    3 4
    These connections show that two clients are connected to Router.A, because the role is normal, and the dir is in.
    5
    The connection from qdstat to Router.A. This is the connection that qdstat uses to query Router.A and display the command output.

    Router.A is connected to Router.B. Viewing the connections on Router.B displays the following:

    $ qdstat -c -r Router.B
    Connections
    id    host                         container  role          dir  security     authentication  tenant
    ====================================================================================================
      1   localhost.localdomain:51848  Router.A   inter-router  in   no-security  anonymous-user    1
    1
    This connection shows that Router.B is connected to Router.A through an incoming connection (the role is inter-router and the dir is in). There is not a connection from qdstat to Router.B, because the command was run from Router.A and forwarded to Router.B.

10.2.5. Viewing Known Routers on a Network

To see the topology of the router network, you can view known routers on the network.

Procedure

  • Use this command:

    $ qdstat -n [CONNECTION_OPTIONS]

    For more information about the fields displayed by this command, see the qdstat -n output columns.

    In this example, Router.A is connected to Router.B, which is connected to Router.C. Viewing the router topology on Router.A shows the following:

    $ qdstat -n -r Router.A
    Routers in the Network
      router-id  next-hop  link  cost  neighbors                 valid-origins
      ==========================================================================
      Router.A   (self)    -           ['Router.B']              [] 1
      Router.B   -         0     1     ['Router.A', 'Router.C']  [] 2
      Router.C   Router.B  -     2     ['Router.B']              [] 3
    1
    Router.A has one neighbor: Router.B.
    2
    Router.B is connected to Router.A and Router.C over link 0. The cost for Router.A to reach Router.B is 1, because the two routers are connected directly.
    3
    Router.C is connected to Router.B, but not to Router.A. The cost for Router.A to reach Router.C is 2, because messages would have to pass through Router.B as the next-hop.

    Router.B shows a different view of the router topology:

    $ qdstat -n -v -r Router.B
    Routers in the Network
      router-id  next-hop  link  cost  neighbors                 valid-origins
      ==========================================================================
      Router.A   -         0     1     ['Router.B']              ['Router.C']
      Router.B   (self)    -           ['Router.A', 'Router.C']  []
      Router.C   -         1     1     ['Router.B']              ['Router.A']

    The neighbors list is the same when viewed on Router.B. However, from the perspective of Router.B, the destinations on Router.A and Router.C both have a cost of 1. This is because Router.B is connected to Router.A and Router.C through links.

    The valid-origins column shows that starting from Router.C, Router.B has the best path to reach Router.A. Likewise, starting from Router.A, Router.B has the best path to reach Router.C.

    Finally, Router.C shows the following details about the router topology:

    $ qdstat -n -v -r Router.C
    Routers in the Network
      router-id  next-hop  link  cost  neighbors                 valid-origins
      ==========================================================================
      Router.A   Router.B  -     2     ['Router.B']              []
      Router.B   -         0     1     ['Router.A', 'Router.C']  []
      Router.C   (self)    -           ['Router.B']              []

    Due to a symmetric topology, the Router.C perspective of the topology is very similar to the Router.A perspective. The primary difference is the cost: the cost to reach Router.B is 1, because the two routers are connected. However, the cost to reach Router.A is 2, because the messages would have to pass through Router.B as the next-hop.

10.2.6. Viewing Addresses Known to a Router

You can view message-routed and link-routed addresses known to a router.

Procedure

  • Use the following command:

    $ qdstat -a [CONNECTION_OPTIONS]

    For more information about the fields displayed by this command, see the qdstat -a output columns.

    In this example, Router.A is connected to both Router.B and a broker. The broker has two queues:

    • my_queue (with a link route on Router.A)
    • my_queue_wp (with a waypoint and autolinks configured on Router.A)

    In addition, there are three receivers: one connected to my_address for message routing, another connected to my_queue, and the last one connected to my_queue_wp.

    Viewing the addresses displays the following information:

    $ qdstat -a
    Router Addresses
      class     addr                   phs  distrib       in-proc  local  remote  cntnr  in  out  thru  to-proc  from-proc
      ======================================================================================================================
      local     $_management_internal       closest       1        0      0       0      0   0    0     0        0
      local     $displayname                closest       1        0      0       0      0   0    0     0        0
      mobile    $management            0    closest       1        0      0       0      8   0    0     8        0
      local     $management                 closest       1        0      0       0      0   0    0     0        0
      router    Router.B                    closest       0        0      1       0      0   0    5     0        5 1
      mobile    my_address             0    closest       0        1      0       0      1   1    0     0        0 2
      link-in   my_queue                    linkBalanced  0        0      0       1      0   0    0     0        0 3
      link-out  my_queue                    linkBalanced  0        0      0       1      0   0    0     0        0
      mobile    my_queue_wp            1    balanced      0        1      0       0      1   1    0     0        0 4
      mobile    my_queue_wp            0    balanced      0        1      0       0      1   1    0     0        0
      local     qdhello                     flood         1        1      0       0      0   0    0     741      706 5
      local     qdrouter                    flood         1        0      0       0      0   0    0     4        0
      topo      qdrouter                    flood         1        0      1       0      0   0    27    28       28
      local     qdrouter.ma                 multicast     1        0      0       0      0   0    0     1        0
      topo      qdrouter.ma                 multicast     1        0      1       0      0   0    2     0        3
      local     temp.IJSoXoY_lX0TiDE        closest       0        1      0       0      0   0    0     0        0
    1
    An address related to Router.B with a remote at 1. This is the consumer from Router.B.
    2
    The my_address address has one local consumer, which is related to the single receiver attached on that address. The in and out fields are both 1, which means that one message has traveled through this address using the closest distribution method.
    3
    The incoming link route for the my_queue address. This address has one locally-attached container (cntnr) as a destination (in this case, the broker). The following entry is the outgoing link for the same address.
    4
    The incoming autolink for the my_queue_wp address and configured waypoint. There is one local consumer (local) for the attached receiver. The following entry is the outgoing autolink for the same address. A single message has traveled through the autolinks.
    5
    The qdhello, qdrouter, and qdrouter.ma addresses are used to periodically update the network topology and deliver router control messages. These updates are made automatically through the inter-router protocol, and are based on all of the messages the routers have exchanged. In this case, the distribution method (distrib) for each address is either flood or multicast to ensure the control messages reach all of the routers in the network.

10.2.9. Viewing Memory Consumption Information

If you need to perform debugging or tracing for a router, you can view information about its memory consumption.

Procedure

  • Use the following command:

    $ qdstat -m [CONNECTION_OPTIONS]

    This command displays information about allocated objects, their size, and their usage by application threads:

    $ qdstat -m
    Types
      type                     size   batch  thread-max  total  in-threads  rebal-in  rebal-out
      ===========================================================================================
      qd_bitmask_t             24     64     128         64     64          0         0
      qd_buffer_t              536    16     32          80     80          0         0
      qd_composed_field_t      64     64     128         256    256         0         0
      qd_composite_t           112    64     128         320    320         0         0
      ...

10.3. Managing AMQ Interconnect Using qdmanage

You can use qdmanage to view and modify the configuration of a running router at runtime. Specifically, qdmanage enables you to create, read, update, and delete the sections and attributes in the router’s configuration file without having to restart the router.

Note

The qdmanage tool implements the AMQP management specification, which means that you can use it with any standard AMQP-managed endpoint, not just with AMQ Interconnect.

10.3.1. Syntax for Using qdmanage

You can use qdmanage with the following syntax:

$ qdmanage [CONNECTION_OPTIONS] OPERATION [OPTIONS]

This specifies:

  • One or more optional connection_options to specify the router on which to perform the operation, or to supply security credentials if the router only accepts secure connections.

    If you do not specify any connection options, qdmanage connects to the router listening on localhost and the default AMQP port (5672).

  • The operation to perform on the router.
  • One or more optional options to specify a configuration entity on which to perform the operation or how to format the command output.

When you enter a qdmanage command, it is executed as an AMQP management operation request, and then the response is returned as command output in JSON format.

For example, the following command executes a query operation on a router, and then returns the response in JSON format:

$ qdmanage query --type listener
[
  {
    "stripAnnotations": "both",
    "addr": "127.0.0.1",
    "multiTenant": false,
    "requireSsl": false,
    "idleTimeoutSeconds": 16,
    "saslMechanisms": "ANONYMOUS",
    "maxFrameSize": 16384,
    "requireEncryption": false,
    "host": "0.0.0.0",
    "cost": 1,
    "role": "normal",
    "http": false,
    "maxSessions": 32768,
    "authenticatePeer": false,
    "type": "org.apache.qpid.dispatch.listener",
    "port": "amqp",
    "identity": "listener/0.0.0.0:amqp",
    "name": "listener/0.0.0.0:amqp"
  }
]

For more information about qdmanage, see the qdmanage man page.

10.3.2. Managing Network Connections

You can use qdmanage to view, create, update, and delete listeners and connectors for any router in your router network.

10.3.2.1. Managing Listeners

Listeners define how clients can connect to a router. The following table lists the qdmanage commands you can use to perform common operations on listeners.

For more information about the attributes you can use with these commands, see listener in the qdrouterd.conf man page.

Note

The commands in this table demonstrate operations on the local router listening on localhost and the default AMQP port (5672). If you want to perform an operation on a different router in the router network, you must specify the necessary connection options. For more information, see Connection Options in the qdmanage man page.

To…​Use this command…​

View the router’s listeners

qdmanage query --type=listener

View the roles and ports on which the router is listening

qdmanage query role port --type=listener

View the attributes configured for a listener

qdmanage read --name=LISTENER_NAME

Create a listener

qdmanage create --type=listener --ATTRIBUTE=VALUE ...

Create multiple listeners

  1. Enter this command:

    qdmanage create --stdin
  2. Configure the listeners using a JSON map:

    [{"type"="listener", "ATTRIBUTE":"VALUE"...}, {"type"="listener", "ATTRIBUTE":"VALUE"...}...]

These commands use a JSON map to create two listeners.

Update a listener

qdmanage update --type=listener --ATTRIBUTE=VALUE ...

Update multiple listeners

  1. Enter this command:

    qdmanage update --stdin
  2. Configure the listeners using a JSON map:

    [{"type"="listener", "ATTRIBUTE":"VALUE"...}, {"type"="listener", "ATTRIBUTE":"VALUE"...}...]

These commands use a JSON map to update two listeners.

Delete an attribute from a listener

qdmanage update --type=listener --ATTRIBUTE

Delete a listener

qdmanage delete --name=LISTENER_NAME

10.3.2.2. Managing Connectors

Connectors define how the router can connect to other endpoints in your messaging network, such as brokers and other routers. The following table lists the qdmanage commands you can use to perform common operations on connectors.

For more information about the attributes you can use with these commands, see connector in the qdrouterd.conf man page.

Note

The commands in this table demonstrate operations on the local router listening on localhost and the default AMQP port (5672). If you want to perform an operation on a different router in the router network, you must specify the necessary connection options. For more information, see Connection Options in the qdmanage man page.

To…​Use this command…​

View the router’s connectors

qdmanage query --type=connector

View the roles and ports on which the router can connect to other endpoints

qdmanage query role port --type=connector

If the router is connected to a broker, view the alternate URLs on which the router can connect to the broker if the primary connection fails

qdmanage query failoverUrls --type=connector --name=CONNECTOR_NAME

View the attributes configured for a connector

qdmanage read --name=CONNECTOR_NAME

Create a connector

qdmanage create --type=connector --ATTRIBUTE=VALUE ...

Create multiple connectors

  1. Enter this command:

    qdmanage create --stdin
  2. Configure the connectors using a JSON map:

    [{"type"="connector", "ATTRIBUTE":"VALUE"...}, {"type"="connector", "ATTRIBUTE":"VALUE"...}...]

These commands use a JSON map to create two connectors.

Update a connector

qdmanage update --type=connector --ATTRIBUTE=VALUE ...

Update multiple connectors

  1. Enter this command:

    qdmanage update --stdin
  2. Configure the connectors using a JSON map:

    [{"type"="connector", "ATTRIBUTE":"VALUE"...}, {"type"="connector", "ATTRIBUTE":"VALUE"...}...]

These commands use a JSON map to update two connectors.

Delete an attribute from a connector

qdmanage update --type=connector --ATTRIBUTE

Delete a connector

qdmanage delete --name=CONNECTOR_NAME

10.3.3. Managing Security

AMQ Interconnect supports both SSL/TLS and SASL security protocols for encrypting and authenticating incoming and outgoing connections for your routers. You can use qdmanage to view, create, update, and delete security policies for any router in your router network.

10.3.3.1. Managing SSL/TLS Encryption and Authentication

AMQ Interconnect supports SSL/TLS for certificate-level encryption and mutual authentication. The following table lists the common qdmanage commands you can use to secure incoming and outgoing connections for a router in your router network.

For more information about the attributes you can use with these commands, see sslProfile and listener in the qdrouterd.conf man page.

Note

The commands in this table demonstrate operations on the local router listening on localhost and the default AMQP port (5672). If you want to perform an operation on a different router in the router network, you must specify the necessary connection options. For more information, see Connection Options in the qdmanage man page.

To…​Use this command…​

View the router’s SSL/TLS configuration

qdmanage query --type=sslProfile

Set up SSL/TLS for the router

qdmanage create --type=sslProfile --name=NAME --ATTRIBUTE=VALUE ...

Add SSL/TLS encryption to an incoming connection

qdmanage update --name=LISTENER_NAME --sslProfile=NAME --requireSsl=yes

Change SSL/TLS encryption on an incoming connection

qdmanage update --name=LISTENER_NAME --ATTRIBUTE=VALUE ...

Add SSL/TLS client authentication to an incoming connection

qdmanage update --name=LISTENER_NAME --authenticatePeer=yes

Remove SSL/TLS client authentication from an incoming connection

qdmanage update --name=LISTENER_NAME --authenticatePeer=no

Add SSL/TLS client authentication to an outgoing connection

qdmanage update --name=CONNECTOR_NAME --sslProfile=NAME

Remove SSL/TLS client authentication from an outgoing connection

qdmanage update --name=CONNECTOR_NAME --sslProfile

Delete an SSL profile

qdmanage delete --name=SSL_PROFILE_NAME

10.3.3.2. Managing SASL Encryption and Authentication

AMQ Interconnect supports SASL for authentication and payload encryption. The following table lists the common qdmanage commands you can use to secure incoming and outgoing connections for a router in your router network.

For more information about the attributes you can use with these commands, see router and listener in the qdrouterd.conf man page.

Note

The commands in this table demonstrate operations on the local router listening on localhost and the default AMQP port (5672). If you want to perform an operation on a different router in the router network, you must specify the necessary connection options. For more information, see Connection Options in the qdmanage man page.

To…​Use this command…​

Set up SASL for the router

qdmanage update --type=router --saslConfigDir=PATH --saslConfigName=NAME

Add SASL authentication to an incoming connection

qdmanage update --name=LISTENER_NAME --authenticatePeer=yes --saslMechanisms=MECHANISMS

Change SASL mechanisms for an incoming connection

qdmanage update --name=LISTENER_NAME --saslMechanisms=MECHANISMS

Add SASL authentication to an outgoing connection

qdmanage update --name=CONNECTOR_NAME --saslMechanisms=MECHANISMS --saslUsername=USERNAME --saslPassword=PASSWORD

Change SASL mechanisms for an outgoing connection

qdmanage update --name=CONNECTOR_NAME --saslMechanisms=MECHANISMS

Add SASL payload encryption to an incoming connection

qdmanage update --name=LISTENER_NAME --requireEncryption=yes --saslMechanisms=MECHANISMS

Change SASL mechanisms for an incoming connection

qdmanage update --name=LISTENER_NAME --saslMechanisms=MECHANISMS

Remove SASL payload encryption from an incoming connection

qdmanage update --name=LISTENER_NAME --requireEncryption=no --saslMechanisms

Delete a SASL configuration

qdmanage update --type=router --saslConfigDir --saslConfigName

10.3.4. Managing Routing

AMQ Interconnect supports both message routing and link routing for distributing messages between senders and receivers. You can use qdmanage to view how addresses and link routes are configured in your environment, and define how a router should distribute messages.

10.3.4.1. Managing Message Routing

Message routing involves configuring addresses to define how AMQ Interconnect should distribute messages. The following table lists the common qdmanage commands you can use to configure addresses for a router in your router network.

For more information about the attributes you can use with these commands, see address and autolink in the qdrouterd.conf man page.

Note

The commands in this table demonstrate operations on the local router listening on localhost and the default AMQP port (5672). If you want to perform an operation on a different router in the router network, you must specify the necessary connection options. For more information, see Connection Options in the qdmanage man page.

To…​Use this command…​

View addresses

qdmanage query --type=address
qdmanage read --name=ADDRESS_NAME

View address distribution patterns

qdmanage query prefix distribution --type=address

View waypoints to broker queues

qdmanage query prefix --type=address --waypoint=yes

View autolinks

qdmanage query --type=autolink

Set a distribution pattern for an address

qdmanage create --type=address --prefix=ADDRESS_PREFIX --distribution=DISTRIBUTION_PATTERN ...

Set distribution patterns for multiple addresses

  1. Enter this command:

    qdmanage create --stdin
  2. Configure the addresses using a JSON map:

    [{"type":"address", "prefix":"ADDRESS_PREFIX", "distribution":"DISTRIBUTION_PATTERN", "ATTRIBUTE":"VALUE", ...}, {"type":"address", "prefix":"ADDRESS_PREFIX", "distribution":"DISTRIBUTION_PATTERN", "ATTRIBUTE":"VALUE", ...} ...]

These commands configure two addresses.

Connect an address to a broker queue

  1. Enter this command:

    qdmanage create --stdin
  2. Create an address waypoint, an incoming autolink, and an outgoing autolink:

    [{"type":"address", "prefix":"ADDRESS_PREFIX", "waypoint":"yes"}, {"type":"autolink", "addr":"ADDRESS_NAME", "connection":"CONNECTOR/LISTENER_NAME", "direction":"in"}, {"type":"autolink", "addr":"ADDRESS_NAME", "connection":"CONNECTOR/LISTENER_NAME", "direction":"out"}]

Update an address configuration

qdmanage update --name=ADDRESS_NAME --ATTRIBUTE=VALUE ...

Update an autolink

qdmanage update --name=AUTOLINK_NAME --ATTRIBUTE=VALUE ...

Delete an address configuration

qdmanage delete --name=ADDRESS_NAME

Delete an autolink

qdmanage delete --name=AUTOLINK_NAME

10.3.5. Managing Logging

AMQ Interconnect logs are broken into different categories called logging modules. Each module provides important information about a particular aspect of a router. The following table lists the common qdmanage commands you can use to view and change the configuration of a logging module.

For more information about the attributes you can use with these commands, see log in the qdrouterd.conf man page.

Note

The commands in this table demonstrate operations on the local router listening on localhost and the default AMQP port (5672). If you want to perform an operation on a different router in the router network, you must specify the necessary connection options. For more information, see Connection Options in the qdmanage man page.

To…​Use this command…​

View the logging configuration

qdmanage query --type=log

View the logging configuration for a logging module

qdmanage read --type=log --name=log/LOGGING_MODULE_NAME

Set the default logging configuration

qdmanage update --type=log --name=log/DEFAULT enable=LOGGING_LEVEL includeTimestamp=yes ATTRIBUTE=VALUE

Enable logging for a logging module

qdmanage update --type=log --name=log/LOGGING_MODULE_NAME enable=LOGGING_LEVEL ATTRIBUTE=VALUE ...

Change the logging configuration for a logging module

qdmanage update --type=log --name=log/LOGGING_MODULE_NAME ATTRIBUTE=VALUE ...