-
Language:
English
-
Language:
English
Chapter 5. Tutorials
5.1. Example Deployment Workflow
This tutorial prepares and deploys a multi-node A-MQ instance with persistent storage. Before we get started, you must create a persistent volume in OpenShift and it should be have the available status.
5.1.1. Preparing A-MQ Deployment
Log in as a cluster administrator or user that has project administrator access to the
openshift
project.$ oc login -u system:admin
Run the following commands to update the core A-MQ OpenShift image stream in the
openshift
project.$ oc create -n openshift -f \ https://raw.githubusercontent.com/jboss-openshift/application-templates/ose-v1.4.15/amq/amq63-image-stream.json $ oc replace -n openshift -f \ https://raw.githubusercontent.com/jboss-openshift/application-templates/ose-v1.4.15/amq/amq63-image-stream.json $ oc -n openshift import-image jboss-amq-63:1.4
It is possible to see some error messages saying some image streams already exist.
Update the A-MQ templates.
$ for template in amq63-persistent-ssl.json \ amq63-basic.json \ amq63-ssl.json \ amq63-persistent.json; do oc replace -n openshift -f \ https://raw.githubusercontent.com/jboss-openshift/application-templates/ose-v1.4.15/amq/${template} done
Create a new
amq-demo
project:$ oc new-project amq-demo
Create a service account to be used for the A-MQ deployment:
$ echo '{"kind": "ServiceAccount", "apiVersion": "v1", "metadata": {"name": "amq-service-account"}}' | oc create -f -
Add the view role to the service account. This enables the service account to view all the resources in the
amq-demo
namespace, which is necessary for managing the cluster when using the Kubernetes REST API agent for discovering the mesh endpoints.$ oc policy add-role-to-user view system:serviceaccount:amq-demo:amq-service-account
Edit the deployment configuration to run the AMQ pod with newly created service account.
$ oc edit dc/<deployment_config>
Add the serviceAccount and serviceAccountName parameters to the spec field, and specify the service account you want to use.
spec: securityContext: {} serviceAccount: serviceaccount serviceAccountName: amq-service-account
A-MQ requires a broker keyStore, a client keyStore, and a client trustStore that includes the broker keyStore.
This example uses ‘keytool’, a package included with the Java Development Kit, to generate dummy credentials for use with the A-MQ installation.
Generate a self-signed certificate for the broker keyStore:
$ keytool -genkey -alias broker -keyalg RSA -keystore broker.ks
Export the certificate so that it can be shared with clients:
$ keytool -export -alias broker -keystore broker.ks -file broker_cert
Generate a self-signed certificate for the client keyStore:
$ keytool -genkey -alias client -keyalg RSA -keystore client.ks
Create a client trust store that imports the broker certificate:
$ keytool -import -alias broker -keystore client.ts -file broker_cert
Use the broker keyStore file to create the A-MQ secret:
$ oc secrets new amq-app-secret broker.ks
Add the secret to the service account created earlier:
$ oc secrets add sa/amq-service-account secret/amq-app-secret
5.1.2. Deployment
-
Log in to the OpenShift web console and select the
amq-demo
project space. - Click Add to Project to list all of the default image streams and templates.
- Use the Filter by keyword search bar to limit the list to those that match amq. You may need to click See all to show the desired application template.
- Select the template. This example uses the amq63-persistent-ssl template to allow for persistent storage.
Example Template:APPLICATION_NAME
brokerMQ_PROTOCOL
openwireMQ_USERNAME
amq-demo-userMQ_PASSWORD
passwordVOLUME_CAPACITY
512MiAMQ_SECRET
amq-app-secretAMQ_TRUSTSTORE
broker.ksAMQ_TRUSTSTORE_PASSWORD
passwordAMQ_KEYSTORE
broker.ksAMQ_KEYSTORE_PASSWORD
passwordAMQ_MESH_DISCOVERY_TYPE
kubeAMQ_MESH_SERVICE_NAME
brokerAMQ_MESH_SERVICE_NAMESPACE
amq-demoAMQ_STORAGE_USAGE_LIMIT
1 gbAMQ_SPLIT
trueIMAGE_STREAM_NAMESPACE
openshift
Run get pods
command to get the list of running pods:
$ oc get pods NAME READY STATUS RESTARTS AGE amq63-amq-2-m8fdh 1/1 Running 0 2m amq63-drainer-1-3rpgx 1/1 Running 0 8m
5.1.3. Post-Deployment
Creating a route
Create a route for the broker so that clients outside of OpenShift can connect using SSL. By default, the OpenWire protocol uses the 61617/TCP port.
- Click Create a Route and click Show options for secured routes to display all parameters.
- Use the Target Port drop-down menu to select 61617/TCP
- Use the TLS Termination drop-down menu to select Passthrough. This will relay all communication to the A-MQ broker without the OpenShift router decrypting and resending it.
Clients can now connect to the broker by specifying the following in their configuration:
factory.setBrokerURL("failover://ssl://broker-amq-demo.example.com:443");
Scaling up
Scale up by clicking the Scale up arrow in the amq-demo project Overview in the web console. Or, using the OpenShift command line:
$ oc scale dc amq-demo --replicas=3
Connecting to the A-MQ Console
To connect to the A-MQ console from the OpenShift web console, navigate to the broker pod and click the Connect button located in the Template information.
For OpenShift Container Platform, click the Open Java Console button. === Example How to Monitor A-MQ This tutorial demonstrates how to monitor A-MQ.
5.1.4. Prerequisite
Make sure you have created a project, service account, and added the view role to the service account for A-MQ deployment, as mentioned in the section Example Deployment Workflow.
5.1.5. Monitoring A-MQ
Go to your project:
$ oc project monitoramq
Deploy a new broker instance to the
monitoramq
project, using theamq63-basic
template from theopenshift
namespace:$ oc process openshift//amq63-basic -v APPLICATION_NAME=broker,MQ_USERNAME=admin,MQ_PASSWORD=admin,MQ_QUEUES=TESTQUEUE -n monitoramq | oc create -f - services "broker-amq-amqp" created services "broker-amq-mqtt" created services "broker-amq-stomp" created services "broker-amq-tcp" created deploymentconfigs "broker-amq" created
Get the list of running pods:
$ oc get pods NAME READY STATUS RESTARTS AGE broker-amq-1-ftqmk 1/1 Running 0 14d
Run the command
oc logs
:oc logs -f broker-amq-1-ftqmk Running jboss-amq-6/amq63-openshift image, version 1.3-5 INFO: Loading '/opt/amq/bin/env' INFO: Using java '/usr/lib/jvm/java-1.8.0/bin/java' INFO: Starting in foreground, this is just for debugging purposes (stop process by pressing CTRL+C) ... INFO | Listening for connections at: tcp://broker-amq-1-ftqmk:61616?maximumConnections=1000&wireFormat.maxFrameSize=104857600 INFO | Connector openwire started INFO | Starting OpenShift discovery agent for service broker-amq-tcp transport type tcp INFO | Network Connector DiscoveryNetworkConnector:NC:BrokerService[broker-amq-1-ftqmk] started INFO | Apache ActiveMQ 5.11.0.redhat-621084 (broker-amq-1-ftqmk, ID:broker-amq-1-ftqmk-41433-1491445582960-0:1) started INFO | For help or more information please see: http://activemq.apache.org WARN | Store limit is 102400 mb (current store usage is 0 mb). The data directory: /opt/amq/data/kahadb only has 9684 mb of usable space - resetting to maximum available disk space: 9684 mb WARN | Temporary Store limit is 51200 mb, whilst the temporary data directory: /opt/amq/data/broker-amq-1-ftqmk/tmp_storage only has 9684 mb of usable space - resetting to maximum available 9684 mb.
Run your query to monitor your broker for ServiceHealth:
$ curl -k -H "Authorization: Bearer $(oc whoami -t)" https://10.1.2.2:8443/api/v1/namespaces/monitoramq/pods/https:broker-amq-1-ftqmk:8778/proxy/jolokia/read/org.apache.activemq:type=Broker,brokerName=*,service=Health/CurrentStatus {"request":{"mbean":"org.apache.activemq:brokerName=*,service=Health,type=Broker","attribute":"CurrentStatus","type":"read"},"value":{"org.apache.activemq:brokerName=broker-amq-1-ftqmk,service=Health,type=Broker":{"CurrentStatus":"Good"}},"timestamp":1491451600,"status":200}
where,
- 10.1.2.2 is the master host.
- monitoramq is the name of your namespace or project.
-
broker-amq-1-ftqmk is the name of your running pod (got from
oc get pods
in previous step-4). - 8778 Jolokia exposed port for AMQ xPaaS image.
Run your query to monitor your broker’s memoryLimit for a queue:
$ curl -k -H "Authorization: Bearer $(oc whoami -t)" https://10.1.2.2:8443/api/v1/namespaces/monitoramqlatest/pods/https:broker-amq-1-ftqmk:8778/proxy/jolokia/read/org.apache.activemq:type=Broker,brokerName=*,destinationType=Queue,destinationName=ABEL/MemoryLimit {"request":{"mbean":"org.apache.activemq:brokerName=*,destinationName=ABEL,destinationType=Queue,type=Broker","attribute":"MemoryLimit","type":"read"},"value":{"org.apache.activemq:brokerName=broker-amq-1-ftqmk,destinationName=ABEL,destinationType=Queue,type=Broker":{"MemoryLimit":1048576}},"timestamp":1491451792,"status":200}
-
Go to your Openshift Web Console, select your project, go to the running pod, and click
Open Java Console
. - You will be redirected to Openshift Container Platform Console, where you can see the listed queues under your broker.