Chapter 9. Reference

9.1. Custom Resource Definition configuration reference

A Custom Resource Definition (CRD) is a schema of configuration items that you can modify for a custom OpenShift object deployed with an Operator. An accompanying Custom Resource (CR) file enables you to specify values for configuration items in the CRD.

The following sub-sections detail the configuration items available in the broker and addressing CRDs.

9.1.1. Broker CRD configuration reference

The broker Custom Resource Definition (CRD) enables you to configure a broker for deployment in an OpenShift project. The following table details the items that you can configure.

Important

Configuration items marked with an asterisk (*) are required in any corresponding Custom Resource (CR) that you deploy. If you do not explicitly specify a value for a non-required item, the configuration uses the default value.

EntrySub-entryTypeExampleDefault valueDescription

adminUser*

 

string

my_user

Automatically-generated, random value

Password required for connecting to broker and management console.

If you do not specify a value, the value is automatically generated and stored in a secret. The default secret name has a format of <Custom Resource name>-credentials-secret. For example, ex-aao-credentials-secret.

adminPassword*

 

string

my_password

Automatically-generated, random value

Password required for connecting to broker and management console.

If you do not specify a value, the value is automatically generated and stored in a secret. The default secret name has a format of <Custom Resource name>-credentials-secret. For example, ex-aao-credentials-secret.

deploymentPlan*

    

Broker deployment configuration

 

image*

string

registry.redhat.io/amq7/amq-broker:latest

registry.redhat.io/amq7/amq-broker:7.5

URL of broker container image to pull from Red Hat Container Registry. The default tag matches the broker Operator version.

 

size*

int

2

2

Number of broker Pods to create in deployment.

If you a specify a value of 2 or greater, your broker deployment is clustered by default. The cluster user name and password are automatically generated and stored in the same secret as adminUser and adminPassword, by default.

 

requireLogin

Boolean

true

true

Specify whether login credentials are required to connect to broker.

 

persistenceEnabled

Boolean

false

true

Specify whether to use journal storage via a persistent volume (PV) created with a persistent volume claim (PVC).

 

journalType

string

aio

aio

Specify whether to use asynchronous I/O (AIO) or non-blocking I/O (NIO).

 

messageMigration

Boolean

true

true

Specify whether to migrate messages upon broker scaledown.

acceptors.acceptor

 

object

  

A single acceptor configuration instance.

 

name*

string

my_acceptor

Not specified

Name of acceptor.

 

port

int

5672

61626 for the first acceptor that you define. Default value increments by 10 for every subsequent acceptor that you define.

Port number to be used for acceptor instance.

 

protocols

string

amqp,core

all

Messaging protocols to enable on acceptor instance.

 

sslEnabled

Boolean

false

false

Specify whether SSL is enabled on acceptor port. If set to true, look in secret for data required to enable SSL on acceptor.

 

sslSecret

string

ex-aao-my_acceptor-secret

Not specified

Secret where client truststore and broker keystore (base64-encoded) and keyStorePassword and trustStorePassword (non-encoded) are stored. If you do not specify a value for sslSecret, the acceptor uses the default secret. The default secret name has a format of <Custom Resource name>-<acceptor name>-secret.

 

enabledCipherSuites

string

SSL_RSA_WITH_RC4_128_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA

Not specified

Comma-separated list of cipher suites to use for SSL communication.

 

enabledProtocols

string

TLSv1,TLSv1.1,TLSv1.2

Not specified

Comma-separated list of protocols to use for SSL communication.

 

needClientAuth

Boolean

true

Not specified

Specify whether broker informs client that two-way SSL is required on acceptor. This property overrides wantClientAuth.

 

wantClientAuth

Boolean

true

Not specified

Specify whether broker tells client that two-way SSL is requested on acceptor, but not required. Overridden by needClientAuth.

 

verifyHost

Boolean

true

Not specified

Specify whether to compare the Common Name (CN) of client’s SSL certificate to its host name, to verify that they match. This option applies only when two-way SSL is used.

 

sslProvider

string

JDK

JDK

Specify whether SSL provider is JDK or OPENSSL.

 

sniHost

string

some_regular_expression

Not specified

Regular expression to match against server_name extension on incoming SSL connections. If the names don’t match, connection to the acceptor is rejected.

 

expose

Boolean

true

false

Specify whether to expose acceptor outside OpenShift Container Platform

 

anycastPrefix

string

jms.topic.

Not specified

Prefix used by client to specify that the anycast routing type should be used.

 

multicastPrefix

string

/queue/

Not specified

Prefix used by client to specify that the multicast routing type should be used.

 

connectionsAllowed

integer

2

0

Number of connections allowed on acceptor. When this limit is reached, a DEBUG message is issued to the log, and the connection is refused. The type of client in use determines what happens when the connection is refused.

connectors.connector

 

object

  

A single connector configuration instance.

 

name*

string

my_connector

N/A

Name of connector

 

type

string

tcp

tcp

The type of connector to create, tcp or vm.

 

host*

string

localhost

Not specified

Host name or IP address to connect to.

 

port*

int

22222

Not specified

Port number to be used for connector instance.

 

sslEnabled

Boolean

false

false

Specify whether SSL is enabled on connector port. If set to true, look in secret for data required to enable SSL on connector.

 

sslSecret

string

ex-aao-my_connector-secret

Not specified

Secret where client truststore and broker keystore (base64-encoded) and keyStorePassword and trustStorePassword (non-encoded) are stored. If you do not specify a value for sslSecret, the connector uses the default secret. The default secret name has a format of <Custom Resource name>-<connector name>-secret.

 

enabledCipherSuites

string

SSL_RSA_WITH_RC4_128_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA

Not specified

Comma-separated list of cipher suites to use for SSL communication.

 

enabledProtocols

string

TLSv1,TLSv1.1,TLSv1.2

Not specified

Comma-separated list of protocols to use for SSL communication.

 

needClientAuth

Boolean

true

Not specified

Specify whether broker informs client that two-way SSL is required on connector. This property overrides wantClientAuth.

 

wantClientAuth

Boolean

true

Not specified

Specify whether broker informs client that two-way SSL is requested on connector, but not required. Overridden by needClientAuth.

 

verifyHost

Boolean

true

Not specified

Specify whether to compare Common Name (CN) of client’s SSL certificate to its host name, to verify that they match. This option applies only when two-way SSL is used.

 

sslProvider

string

JDK

JDK

Specify whether SSL provider is JDK or OPENSSL.

 

sniHost

string

some_regular_expression

Not specified

Regular expression to match against server_name extension on SSL connection. If the names don’t match, the connector connection is rejected.

 

expose

Boolean

true

false

Specify whether to expose connector outside OpenShift Container Platform.

console

    

Configuration of broker management console.

 

expose

Boolean

true

false

Specify whether to expose management console port.

 

sslEnabled

Boolean

true

false

Specify whether to use SSL on management console port.

 

sslSecret

string

ex-aao-my_console-secret

Not specified

Secret where client truststore and broker keystore (base64-encoded) and keyStorePassword and trustStorePassword (non-encoded) are stored. If you do not specify a value for sslSecret, the console uses the default secret. The default secret name has a format of <Custom Resource name>-console-secret.

 

useClientAuth

Boolean

true

false

Specify whether management console requires client authorization.

9.1.2. Addressing CRD configuration reference

The addressing Custom Resource Definition (CRD) enables you to define addresses and queues and associated routing types to be created in your broker. The following table details the items that you can configure.

Important

Configuration items marked with an asterisk (*) are required in any corresponding Custom Resource (CR) that you deploy. If you do not explicitly specify a value for a non-required item, the configuration uses the default value.

EntryTypeExampleDefault valueDescription

addressName*

string

address0

Not specified

Address name to be created in broker.

queueName*

string

queue0

Not specified

Queue name to be created in broker.

routingType*

string

anycast

Not specified

Routing type to be used - anycast or multicast.

9.2. Application template parameters

Configuration of the AMQ Broker on OpenShift Container Platform image is performed by specifying values of application template parameters. You can configure the following parameters:

Table 9.1. Application template parameters

ParameterDescription

AMQ_ADDRESSES

Specifies the addresses available by default on the broker on its startup, in a comma-separated list.

AMQ_ANYCAST_PREFIX

Specifies the anycast prefix applied to the multiplexed protocol ports 61616 and 61617.

AMQ_CLUSTERED

Enables clustering.

AMQ_CLUSTER_PASSWORD

Specifies the password to use for clustering. If no value is specified, a random password is generated.

AMQ_CLUSTER_USER

Specifies the cluster user to use for clustering. If no value is specified, a random user name is generated.

AMQ_DATA_DIR

Specifies the directory for the data. Used in stateful sets.

AMQ_DATA_DIR_LOGGING

Specifies the directory for the data directory logging.

AMQ_EXTRA_ARGS

Specifies additional arguments to pass to artemis create.

AMQ_GLOBAL_MAX_SIZE

Specifies the maximum amount of memory that message data can consume. If no value is specified, half of the system’s memory is allocated.

AMQ_KEYSTORE

Specifies the SSL keystore file name. If no value is specified, a random password is generated but SSL will not be configured.

AMQ_KEYSTORE_PASSWORD

(Optional) Specifies the password used to decrypt the SSL keystore.

AMQ_KEYSTORE_TRUSTSTORE_DIR

Specifies the directory where the secrets are mounted. The default value is /etc/amq-secret-volume.

AMQ_MAX_CONNECTIONS

For SSL only, specifies the maximum number of connections that an acceptor will accept.

AMQ_MULTICAST_PREFIX

Specifies the multicast prefix applied to the multiplexed protocol ports 61616 and 61617.

AMQ_NAME

Specifies the name of the broker instance.

AMQ_PASSWORD

Specifies the password used for authentication to the broker. If no value is specified, a random password is generated.

AMQ_PROTOCOL

Specifies the messaging protocols used by the broker in a comma-separated list. Available options are amqp, mqtt, openwire, stomp, and hornetq. If none are specified, all protocols are available. Note that for integration of the image with Red Hat JBoss Enterprise Application Platform, the OpenWire protocol must be specified, while other protocols can be optionally specified as well.

AMQ_QUEUES

Specifies the queues available by default on the broker on its startup, in a comma-separated list.

AMQ_REQUIRE_LOGIN

If set to true, login is required. If not specified, or set to false, anonymous access is permitted. By default, the value of this parameter is not specified.

AMQ_ROLE

Specifies the name for the role created. The default value is amq.

AMQ_TRUSTSTORE

Specifies the SSL truststore file name. If no value is specified, a random password is generated but SSL will not be configured.

AMQ_TRUSTSTORE_PASSWORD

(Optional) Specifies the password used to decrypt the SSL truststore.

AMQ_USER

Specifies the user name used for authentication to the broker. If no value is specified, a random user name is generated.

APPLICATION_NAME

Specifies the name of the application used internally within OpenShift. It is used in names of services, pods, and other objects within the application.

IMAGE

Specifies the image. Used in the persistence, persistent-ssl, and statefulset-clustered templates.

IMAGE_STREAM_NAMESPACE

Specifies the image stream name space. Used in the ssl and basic templates.

OPENSHIFT_DNS_PING_SERVICE_PORT

Specifies the port number for the OpenShift DNS ping.

VOLUME_CAPACITY

Specifies the size of the persistent storage for database volumes.

Note

If you use broker.xml for a custom configuration, any values specified in that file for the following parameters will override values specified for the same parameters in the your application templates.

  • AMQ_NAME
  • AMQ_ROLE
  • AMQ_CLUSTER_USER
  • AMQ_CLUSTER_PASSWORD

9.3. Logging

In addition to viewing the OpenShift logs, you can troubleshoot a running AMQ Broker on OpenShift Container Platform image by viewing the AMQ logs that are output to the container’s console.

Procedure

  • At the command line, run the following command: 
$ oc logs -f <pass:quotes[<pod-name>]> <pass:quotes[<container-name>]>

Revised on 2021-05-14 10:13:54 UTC