-
Language:
English
-
Language:
English
Managing and Monitoring a Broker
Administrative tasks made simple
Red Hat
Copyright © 2013 Red Hat, Inc. and/or its affiliates.
Revision History | |
---|---|
06/01/12 | |
Added JAAS information to enterprise version. | |
06/06/12 | |
Added chapter about adding new brokers using a fabric. | |
08/29/12 | |
added chapter about patching | |
09/24/12 | |
added chapter about basic security | |
09/24/12 | |
added chapter about joining a fabric | |
10/05/12 | |
added chapter about setting up transport connectors | |
01/23/13 | |
added chapter setting up the management console |
Abstract
Chapter 1. Introduction
Abstract
Overview
Routine tasks
- installing SSL certificates
- starting the broker
- creating destinations
- stopping the broker
- maintaining the advisory topics
- monitoring the health of the broker
- monitoring the health of the destinations
Troubleshooting
- the broker's log file
- the advisory topics
- the broker's overall memory footprint
- the size of individual destination
- the total number of messages in the broker
- the size of the broker's persistent store
- a thread dump of the broker
Tools
- administration client—a command line tool that can be used to manage a broker and do rudimentary metric reporting
- console mode—a runtime mode that presents you with a custom console that provides a number of administrative options
- Web console—a browser based console that provides metric reporting, destination browsing, and other administrative functions
- management console—a browser based console for viewing, monitoring, and deploying a group of distributed brokers
- JBoss Operations Network—an advanced monitoring and management tool that can provide detailed metrics and alerting.
- jconsole—a JMX tool that is shipped with the JDK
- VisualVM—a visual tool integrating several command line JDK tools and lightweight profiling capabilities
Chapter 2. Editing a Broker's Configuration
Revision History | |
---|---|
5/25/12 | |
Changed the description of standalone configuration to make it more consistent with the Fabric container and to make it clearer that using property placeholders and OSGi config is the recommended approach. | |
6/25/12 | |
Broke the discussion about template files into its own section. |
Abstract
- an XML configuration file
- OSGi persistent identifier properties
- standalone—if a broker is deployed as a standalone entity and not a part of a fabric, you change the configuration using a combination of directly editing the broker's configuration template file and the console's config shell.
- in a fabric—if a broker is deployed into a fabric its configuration is managed by the Fabric Agent which draws all of the configuration from the fabric's registry. To modify the container of a broker running as part of a fabric, you need to modify the profile(s) deployed into it. You can do this by using either the fabric:profile-edit console command or the management console.
2.1. Understanding the Red Hat JBoss A-MQ Configuration Model
Abstract
Overview
Figure 2.1. Red Hat JBoss A-MQ Configuration System
Configuration templates
- configuration templates use property placeholders for settings that will be controlled via the OSGi Admin service
- configuration templates do not configure the broker's name
- configuration templates do not configure the location of the data directory
- configuration templates do not configure transport connectors
- configuration templates do not configure network connectors
- configuration templates do not control if a broker is a master or a slave node
- configuration templates can be used as a baseline for multiple brokers on the same machine
${propName}
and are resolved by matching properties in the broker's PID. In order to use property placeholder the configuration template must include the bean definition shown in Example 2.1, “Adding Property Placeholder Support to Red Hat JBoss A-MQ Configuration”.
Example 2.1. Adding Property Placeholder Support to Red Hat JBoss A-MQ Configuration
<!-- Allows us to use system properties and fabric as variables in this configuration file --> <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> <property name="properties"> <bean class="org.fusesource.mq.fabric.ConfigurationProperties"/> </property> </bean> <broker ... > ... </broker>
Example 2.2. Configuration with Property Placeholders
<broker xmlns="http://activemq.apache.org/schema/core" brokerName="${broker-name}" dataDirectory="${data}" persistent="${persists}" start="false"> ... <persistenceAdapter> <jdbcPersistenceAdapter dataDirectory="${data}/derby" dataSource="#derby-ds" /> </persistenceAdapter> </broker>
OSGi PIDs
org.fusesource.mq.fabric.server
.
etc/
folder and use the .cfg
extension and are updated using the config shell. For broker's in a fabric the files are stored in the Fabric Ensemble and are edited using the fabric shell's profile management commands.
2.2. Editing a Standalone Broker's Configuration
Revision History | |
---|---|
06/28/12 | |
updated to fit standard configuration pattern |
Abstract
Overview
Editing the configuration template
etc/activemq.xml
. You can the location of the configuration template by changing the config property in the broker's etc/org.fusesource.mq.fabric.server-default.cfg
file.
Editing the OSGi properties
etc/org.fusesource.mq.fabric.server-default.cfg
file. You can edit these values using the command console's config shell. The PID for these values are org.fusesource.mq.fabric.server.id
. The id is assigned by the container when the broker is started.
Config shell
- config:list—lists all of the runtime configuration files and the current values for their properties
- config:edit—opens an editing session for a configuration file
- config:propset—changes the value of a configuration property
- config:propdel—deletes a configuration property
- config:update—saves the changes to the configuration file being edited
2.3. Editing a Broker's Configuration in a Fabric
Revision History | |
---|---|
6/25/12 | |
Moved the template material to a high-level section. |
Abstract
Overview
Profiles
- the Apache Karaf features to be deployed
- OSGi bundles to be deployed
- the repositories from which artifacts can be provisioned
- properties that configure the broker's runtime behavior
Procedure
- Create a configuration template.
- Create a base profile for all of the brokers in the fabric using the configuration template.
- Create profiles that inherit from the base profile that will be assigned to one or more brokers.
- Modify the properties in each of the profiles to the desired values for the brokers to which the profile will be assigned.
- Assign the new profiles to the desired brokers.
Creating a base profile
- Optionally create a new profile version using the fabric:version-create command.This will create a new copy of the existing profiles.
- Import the new XML template into the registry using the fabric:import command as shown in Example 2.4, “Creating a Profile Using an XML Configuration Template”.
Example 2.3. Importing an XML Configuration Template
JBossA-MQ:karaf@root>
fabric:import -t /fabric/configs/versions/version/profiles/mq-base/xmlTemplate xmlTemplatePath
- Create a new configuration profile instance to hold the new XML template using the fabric:mq-create command as shown in Example 2.4, “Creating a Profile Using an XML Configuration Template”.
Example 2.4. Creating a Profile Using an XML Configuration Template
JBossAMQ:karaf@root>
fabric:mq-create --config xmlTemplate profileName
This will create a new profile that is based on the default broker profile but uses the imported XML template.
Creating deployment profiles and assigning them to brokers
- Create new profile using the fabric:profile-create command as shown in Example 2.5, “Creating a Deployment Profile”.
Example 2.5. Creating a Deployment Profile
JBossA-MQ:karaf@root>
fabric:profile-create --parents baseProfile profileName
- Add values for the property placeholders using the fabric:profile-edit command as shown in Example 2.6, “Setting Properties in a Profile”.
Example 2.6. Setting Properties in a Profile
JBossAMQ:karaf@root>
fabric:profile-edit -p org.fusesource.mq.fabric.server-profileName/propName=propVal profileName
The fabric properties for a broker are specified using the PIDorg.fusesource.mq.fabric.server-profileName
, so to specify a value for the broker-name property for the profile calledmyBroker
you would use the command shown in Example 2.7, “Setting the Broker Name Property”.Example 2.7. Setting the Broker Name Property
JBossAMQ:karaf@root>
fabric:profile-edit -p org.fusesource.mq.fabric.server-myBroker/broker-name=esmeralda myBroker
- Assign the new profile to one or more brokers using the fabric:container-add-profile command as shown in Example 2.8, “Assigning a Profile to a Broker”.
Example 2.8. Assigning a Profile to a Broker
JBossAMQ:karaf@root>
fabric:container-add-profile brokerName profileName
Using the management console
Chapter 3. Security Basics
Abstract
3.1. Security Overview
Overview
Ports exposed by the Red Hat JBoss A-MQ container
Figure 3.1. Ports Exposed by the Red Hat JBoss A-MQ Container
- Console port—enables remote control of a container instance, through Apache Karaf shell commands. This port is enabled by default and is secured both by JAAS authentication and by SSL.
- JMX port—enables management of the container through the JMX protocol. This port is enabled by default and is secured by JAAS authentication.
- Web console port—provides access to an embedded Jetty container that can host Web console servlet.
Authentication and authorization system
3.2. Basic Security Configuration
Overview
- configure access to the Web console
- assign roles to each of the remote ports to limit access
- strengthen the credentials needed to access the remote console
Create a secure JAAS user
InstallDir/etc/users.properties
file and add a new user field, as follows:
Username=Password,admin
Username
and Password
are the new user credentials. The admin
role gives this user the privileges to access all administration and management functions of the container. For more details about JAAS, see the Security Guide.
Configure the Web console
InstallDir/etc/system.properties
file. Search for the activemq.jmx.user
and activemq.jmx.password
settings (which are commented out by default), and modify them as follows:
# # Authentication - must match an entry in user.properties with the admin privilege # activemq.jmx.user=Username activemq.jmx.password=Password
Username
and Password
are the credentials of a JAAS user with admin
privileges.
org.apache.activemq.webconsole.cfg
file, in order to set more properties in that file. Hence, indirectly these properties are used to set the webconsole.jmx.*
and webconsole.jms.*
properties.
Assigning roles for remote access
- SSH (remote console login)To override the default role for the remote console add a
sshRole
property to theorg.apache.karaf.shell
PID. The following sets the role toadmin
:sshRole=admin
- JMX managementTo override the default role for JMX add a
jmxRole
property to theorg.apache.karaf.management
PID. The following sets the role tojmx
:jmxRole=jmx
- Web console
Strengthening security on the remote console port
- Make sure that the JAAS user credentials have strong passwords.
- Customize the X.509 certificate (replace the Java keystore file,
InstallDir/etc/host.key
, with a custom key pair).
3.3. Disabling Broker Security
Overview
Standalone server
InstallDir/etc/activemq.xml
file using a text editor and look for the following lines:
...
<plugins>
<jaasAuthenticationPlugin configuration="karaf" />
</plugins>
...
jaasAuthenticationPlugin
element. The next time you start up the JBoss A-MQ container using the start script the broker will run with unsecured ports.
Chapter 4. Setting up and Accessing the Web Console
Revision History | |
---|---|
06/01/12 | |
Added the content about console security. | |
12/06/12 | |
Made it clear that the Web console is only for standalone containers |
Abstract
4.1. Using the Embedded Web Console
Revision History | |
---|---|
12/06/12 | |
Made it clear that Web console doesn't work in Fabric | |
12/06/12 | |
Removed the enterprise and disto conditions |
Abstract
Overview
Accessing the console
Changing the port
org.ops4j.pax.web
OSGi Admin PID.
8536
.
Example 4.1. Changing the Web Console's Port
JBossA-MQ:karaf@root>
config:edit org.ops4j.pax.web
JBossA-MQ:karaf@root>
config:proplist
service.pid = org.ops4j.pax.web javax.servlet.context.tempdir = InstallDir/data/pax-web-jsp org.osgi.service.http.port = 8181 org.ops4j.pax.web.config.file = InstallDir/etc/jetty.xml org.apache.karaf.features.configKey = org.ops4j.pax.web
JBossA-MQ:karaf@root>
config:propset org.osgi.service.http.port 8536
JBossA-MQ:karaf@root>
config:update
Securing the console
conf/jetty.xml
.
4.2. Securing the Web Console
Overview
etc/jetty.xml
configuration file.
Enabling basic authentication
conf/jetty.xml
file already includes most of the configuration required for basic authentication, the authentication feature is disabled by default. To enable it, search for the following line in the jetty.xml
file:
<property name="authenticate" value="false" />
value
attribute, changing its value to true
. The result should be similar to:
<property name="authenticate" value="true" />
username=admin
, password=admin
.
Editing user credentials
conf/jetty-realm.properties
file, which you can edit to add user credentials and roles. Each user is defined on a separate line, which has the following format:
Username: Password [, Role01, Role02, ... ]
jblogs
, password, secret
, and role, developer
, you would add the following line to the jetty-realm.properties
file:
jblogs: secret, developer
Enabling SSL security
Connector
bean in the conf/jetty.xml
file. Replace the org.eclipse.jetty.server.nio.SelectChannelConnector
class with the org.eclipse.jetty.server.ssl.SslSelectChannelConnector
class. Specify the relevant properties of the SslSelectChannelConnector
class in order to configure the Jetty server's HTTPS port as shown in Example 4.2, “SSL Enabled Web Console Configuration”.
Example 4.2. SSL Enabled Web Console Configuration
<property name="connectors"> <list> <bean id="Connector" class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector"> <property name="port" value="8443" /> <property name="maxIdleTime" value="30000"/> <property name="keystore" value="${activemq.home}/conf/broker.ks"/> <property name="password" value="testjetty"/> <property name="keyPassword" value="testjetty"/> <property name="truststore" value="${activemq.home}/conf/broker.ks"/> </bean> </list> </property>
SslSelectChannelConnector
properties can be explained as follows:
port
—specifies the secure IP port number (accessible through HTTPS).maxIdleTime
—specifies the connection idle time in milliseconds. If there is no activity on a connection for longer than this timeout, the connection will be closed.keystore
—specifies the location of the Jetty server's X.509 certificate, which is stored in a Java keystore file on the file system. The Jetty server uses this certificate to identify itself to a client, during the SSL handshake.password
—specifies the store password, which is needed to unlock the keystore file. See the Security Guide.keyPassword
—specifies the key password, which is used to decrypt the private key that is stored within the keystore file. Typically, the store password and the key password are identical. Some SSL implementations even require this to be the case.truststore
—specifies the location of a Java keystore file that contains a list of one or more trusted certificates, which can be used during the SSL handshake to check that incoming client certificates are correctly signed.NoteIn the current example, the truststore is actually irrelevant, because clients are not required to send a certificate to the Jetty server.
broker.ks
certificate used in the example is insecure. Anyone can access its private key. To secure your system properly, you must create new certificates signed by a trusted CA, as described in the Security Guide.
Reference
SslSelectChannelConnector
class, see http://download.eclipse.org/jetty/stable-7/apidocs/org/eclipse/jetty/server/ssl/SslSocketConnector.html.
4.3. Deploying a Standalone Web Console
Revision History | |
---|---|
10/29/12 | |
updated the url used to download the components |
Overview
Disabling the Web embedded console
import
element that imports the Jetty configuration into your broker's configuration file as shown in Example 4.3, “Disabling the Embedded Web Console”.
Example 4.3. Disabling the Embedded Web Console
<beans ... > <broker ... > ... </broker> <!-- <import resource="jetty.xml"/> --> </beans>
Configuring Tomcat
- Download the Web console's WAR,
activemq-web-console-6.0.0.redhat-024.war
, from http://repo.fusesource.com/nexus/content/repositories/releases/org/apache/activemq/activemq-web-console/5.8.0.redhat-60024/. - Copy the Web console's WAR to the
TOMCAT_HOME/webapps
folder. - Download
activemq-all-6.0.0.redhat-024.jar
from http://repo.fusesource.com/nexus/content/repositories/releases/org/apache/activemq/activemq-all/5.8.0.redhat-60024/. - Copy
activemq-all-6.0.0.redhat-024.jar
to theTOMCAT_HOME/common/lib
folder. - Modify
TOMCAT_HOME/bin/catalina.sh(.bat)
to include the configuration in Example 4.4, “Configuration for Deploying the Web Console in Tomcat”.Example 4.4. Configuration for Deploying the Web Console in Tomcat
JAVA_OPTS="-Dwebconsole.type=properties \ -Dwebconsole.jms.url=brokerURL \ -Dwebconsole.jmx.url=brokerJMXURL \ -Dwebconsole.jmx.user=JMXUserName \ -Dwebconsole.jmx.password=JMXPassword"
- Restart Tomcat.
Monitoring clusters
- Specify the JMS URL,
webconsole.jms.url
, with a failover: URI specifying the brokers in the cluster. - Specify the JMX URL,
webconsole.jmx.url
as a comma separated list that contains the JMX URL for each of the brokers in the cluster.
Example 4.5. Configuration for Monitoring a Cluster with the Web Console
-Dwebconsole.jms.url=failover:(tcp://serverA:61616,tcp://serverB:61616) -Dwebconsole.jmx.url=service:jmx:rmi:///jndi/rmi://serverA:1099/jmxrmi,service:jmx:rmi:///jndi/rmi://serverB:1099/jmxrmi
Chapter 5. Installing and Securing the Management Console
Abstract
5.1. Installing into a Standalone Container
Procedure
- Open the container's command console.
- Check if the prerequisites are installed using the features:list command.
- If any of the prerequisites are not installed, install them using the features:install command.
- Install the management console using the features:install command shown in Example 5.1, “Installing the Management Console”.
Example 5.1. Installing the Management Console
>
features:install fabric-webui - In your Web browser, open the management console.The management console will be hosted at the container's HTTP service port as specified by the
org.ops4j.pax.web
PID'sorg.osgi.service.http.port
property. The default HTTP port for an Apache Karaf container is8181
. - Connect the console to a Fabric.
- Join an existing fabric.
- Click Join.A form opens where you enter a fabric server's connection information.
- In the Hostname field, enter the name of the machine hosting fabric server for the fabric the console will manage.
- In the Port field, enter the port number used to connect to the fabric server for the fabric the console will manage.
- In the ZooKeeper Password field, enter the password used to access the registry data for the fabric the console will manage.
- Click Join.The management connects to the fabric and the login page appears.
- Create a new fabric.
- Click Create.A form opens where you enter the information needed to create a new fabric.
- In the Username field, enter the name of the user for accessing the console and be used to connect to all of the container's in the fabric.
- In the Password field, enter the password for the administrative user.
- In the ZooKeeper Password field, enter the password that will be used to secure access to the fabric's registry data.
- In the Global Resolver field, select the default policy governing how containers in the fabric report their address to other containers.
- In the Local Resolver field, select the policy governing how the container being created reports its address to other containers.
- Enter a range of ports over which the fabric can be contacted.
- Click Create.The console's server creates the fabric and the login page appears.
5.2. Installing into a Fabric Container
Overview
fmc
profile configures a container to become a management console server. You only need to apply the profile to one container in a fabric to enable the management console.
Procedure
- Open a command console for one of the containers in the fabric.
- Install the management console's profile using the fabric:container-add-profile command shown in Example 5.2, “Installing the Management Console Profile”.
Example 5.2. Installing the Management Console Profile
>
fabric:container-add-profile containerName fmccontainerName is the name of the container into which the management console will be installed - In your Web browser, open the management console.The console will be hosted at the container's HTTP service port. To determine the container's HTTP service port:
- Connect to the container into which you deployed the
fmc
profile using the fabric:container-connect command. - Use the config:list command to see the container's configuration.
- Locate the
org.ops4j.pax.web
PID. - See the value assigned to the
org.osgi.service.http.port
property.
If theorg.osgi.service.http.port
is not set for this container, you can set it by adding the property to thefmc
profile as shown in Example 5.3, “Setting a Fabric Container's HTTP Port”.Example 5.3. Setting a Fabric Container's HTTP Port
>
fabric:profile-edit -p org.ops4j.pax.web/org.osgi.service.http.port=portNumber fmc
5.3. Encrypting the Connection to the Management Console Server
Revision History | |
---|---|
11/28/12 | |
Updated to use fabric configuration |
Abstract
Overview
Creating certificates
Installing the certificates
etc/certs
folder. You can, however, store the certificates in any folder from which the container can access them.
Enabling HTTPS
org.ops4j.pax.web
PID. To enable HTTPS, you will need to change the properties in that PID for the container in which the management console is running. You can do this is to update the fmc
profile deployed to the container. Alternatively, you could create a separate profile to configure the HTTP port.
fmc
profile:
- Open a command console connected to one of the container in the fabric.
- Disable the insecure HTTP port setting the org.osgi.service.http.enabled property to
false
as shown in Example 5.4, “Disabling the HTTP Port”.Example 5.4. Disabling the HTTP Port
fabric:profile-edit -p org.ops4j.pax.web/org.osgi.service.http.enabled=false fmc
- Enable the secure HTTPS port by setting the org.osgi.service.http.secure.enabled property to true as shown in Example 5.5, “Property for Enabling the HTTPS Port”.
Example 5.5. Property for Enabling the HTTPS Port
fabric:profile-edit -p org.ops4j.pax.web/org.osgi.service.http.secure.enabled=true fmc
- Specify the port used for connecting over HTTPS by setting the org.osgi.service.http.port.secure property to an available port as shown in Example 5.6, “Property for Specifying the HTTPS Port”.
Example 5.6. Property for Specifying the HTTPS Port
fabric:profile-edit -p org.ops4j.pax.web/org.osgi.service.http.port.secure=8108 fmc
NoteYou can reuse port 8107. - Configure the keystore used to hold the X.509 certificates.
- Specify the location of the keystore by adding the org.ops4j.pax.web.ssl.keystore property.
- Specify the type of keystore used by adding the org.ops4j.pax.web.ssl.keystore.type property and setting it to
JKS
. - Specify the password for unlocking the Java keystore by adding the org.ops4j.pax.web.ssl.password property.
- Specify the password for decrypting the private key by adding the org.ops4j.pax.web.ssl.keypassword property.NoteThis is typically the same as the password used to unlock the keystore.
- Specify if certificate-based client authentication at the server is wanted by adding the org.ops4j.pax.web.ssl.clientauthwanted property.When set to
true
the server will request that the client send an X.509 certificate during the SSL handshake. - Specify if certificate-based client authentication at the server is required by adding the org.ops4j.pax.web.ssl.clientauthneeded property.When set to
true
an exception is thrown if the client does not present a valid X.509 certificate during the SSL handshake.
Chapter 6. Securing a Standalone Red Hat JBoss A-MQ Container
Abstract
6.1. Defining JAAS Realms
Overview
jaas:config
element for defining JAAS realms in a blueprint configuration file. The JAAS realms defined in this way are made available to all of the application bundles deployed in the container, making it possible to share the JAAS security infrastructure across the whole container.
Namespace
jaas:config
element is defined in the http://karaf.apache.org/xmlns/jaas/v1.0.0
namespace. When defining a JAAS realm you will need to include the line shown in Example 6.1, “JAAS Blueprint Namespace”.
Example 6.1. JAAS Blueprint Namespace
xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
Configuring a JAAS realm
jaas:config
element is shown in Example 6.2, “Defining a JAAS Realm in Blueprint XML”.
Example 6.2. Defining a JAAS Realm in Blueprint XML
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"> <jaas:config name="JaasRealmName" [rank="IntegerRank"]> <jaas:module className="LoginModuleClassName" [flags="[required|requisite|sufficient|optional]"]> Property=Value ... </jaas:module> ... <!-- Can optionally define multiple modules --> ... </jaas:config> </blueprint>
jaas:config
- Defines the JAAS realm. It has the following attributes:
name
—specifies the name of the JAAS realm.rank
—specifies an optional rank for resolving naming conflicts between JAAS realms . When two or more JAAS realms are registered under the same name, the OSGi container always picks the realm instance with the highest rank.
jaas:module
- Defines a JAAS login module in the current realm.
jaas:module
has the following attributes:className
—the fully-qualified class name of a JAAS login module. The specified class must be available from the bundle classloader.flags
—determines what happens upon success or failure of the login operation. Table 6.1, “Flags for Defining a JAAS Module” describes the valid values.Table 6.1. Flags for Defining a JAAS Module
Value Description required
Authentication of this login module must succeed. Always proceed to the next login module in this entry, irrespective of success or failure. requisite
Authentication of this login module must succeed. If success, proceed to the next login module; if failure, return immediately without processing the remaining login modules. sufficient
Authentication of this login module is not required to succeed. If success, return immediately without processing the remaining login modules; if failure, proceed to the next login module. optional
Authentication of this login module is not required to succeed. Always proceed to the next login module in this entry, irrespective of success or failure.
The contents of ajaas:module
element is a space separated list of property settings, which are used to initialize the JAAS login module instance. The specific properties are determined by the JAAS login module and must be put into the proper format.NoteYou can define multiple login modules in a realm.
Converting standard JAAS login properties to XML
PropertiesLogin
realm using the Red Hat JBoss A-MQ properties login module class, PropertiesLoginModule
:
Example 6.3. Standard JAAS Properties
PropertiesLogin { org.apache.activemq.jaas.PropertiesLoginModule required org.apache.activemq.jaas.properties.user="users.properties" org.apache.activemq.jaas.properties.group="groups.properties"; };
jaas:config
element in a blueprint file, is shown in Example 6.4, “Blueprint JAAS Properties”.
Example 6.4. Blueprint JAAS Properties
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0" xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0"> <jaas:config name="PropertiesLogin"> <jaas:module className="org.apache.activemq.jaas.PropertiesLoginModule" flags="required"> org.apache.activemq.jaas.properties.user=users.properties org.apache.activemq.jaas.properties.group=groups.properties </jaas:module> </jaas:config> </blueprint>
Example
LDAPLogin
realm to use Red Hat JBoss A-MQ's LDAPLoginModule
class, which connects to the LDAP server located at ldap://localhost:10389.
Example 6.5. Configuring a JAAS Realm
<?xml version="1.0" encoding="UTF-8"?> <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0" xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0"> <jaas:config name="LDAPLogin" rank="1"> <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required"> initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory connection.username=uid=admin,ou=system connection.password=secret connection.protocol= connection.url = ldap://localhost:10389 user.base.dn = ou=users,ou=system user.filter = (uid=%u) user.search.subtree = true role.base.dn = ou=users,ou=system role.filter = (uid=%u) role.name.attribute = ou role.search.subtree = true authentication = simple </jaas:module> </jaas:config> </blueprint>
6.2. Enabling LDAP Authentication
Overview
org.apache.karaf.jaas.modules.ldap.LDAPLoginModule
class. It is preloaded in the container, so you do not need to install it's bundle.
Procedure
jaas:module
element to the realm and setting its className
attribute to org.apache.karaf.jaas.modules.ldap.LDAPLoginModule
.
Example 6.6. Red Hat JBoss A-MQ LDAP JAAS Login Module
<jaas:config ... > <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required"> ... </jaas:module> </jaas:config>
LDAP properties
Table 6.2. Properties for the Red Hat JBoss A-MQ LDAP Login Module
Example
Example 6.7. Configuring a JAAS Realm that Uses LDAP Authentication
<?xml version="1.0" encoding="UTF-8"?> <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0" xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0"> <jaas:config name="karaf" rank="1"> <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="sufficient"> initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory connection.username=uid=admin,ou=system connection.password=secret connection.protocol= connection.url = ldaps://localhost:10636 user.base.dn = ou=users,ou=system user.filter = (uid=%u) user.search.subtree = true role.base.dn = ou=roles,ou=system,dc=fusesource role.filter = (uid=%u) role.name.attribute = cn role.search.subtree = true authentication = simple ssl.protocol=TLSv1 ssl.truststore=truststore ssl.algorithm=PKIX </jaas:module> ... </jaas:config> </blueprint>
ssl.protocol
to TLSv1
, in order to protect against the Poodle vulnerability (CVE-2014-3566)
6.3. Using Encrypted Property Placeholders
Overview
- Create a properties file with encrypted values.
- Add the proper namespaces to your blueprint file.
- Import the properties using the Aries property placeholder extension.
- Configure the Jasypt encryption algorithm.
- Use the placeholders in your blueprint file.
- Ensure that the Jasypt features are installed into the Red Hat JBoss A-MQ container.
Encrypted properties
ENC()
function as shown in Example 6.8, “Property File with an Encrypted Property”.
Example 6.8. Property File with an Encrypted Property
#ldap.properties ldap.password=ENC(amIsvdqno9iSwnd7kAlLYQ==) ldap.url=ldap://192.168.1.74:10389
Namespaces
- Aries extensions—
http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0
- Apache Karaf Jasypt—
http://karaf.apache.org/xmlns/jasypt/v1.0.0
Example 6.9. Encrypted Property Namespaces
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0" xmlns:enc="http://karaf.apache.org/xmlns/jasypt/v1.0.0"> ... </blueprint>
Placeholder extension
property-paceholder
element to you blueprint file. As shown in Example 6.10, “Aries Placeholder Extension”, it must come before the Jasypt configuration or the use of placeholders.
Example 6.10. Aries Placeholder Extension
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0" xmlns:enc="http://karaf.apache.org/xmlns/jasypt/v1.0.0"> <ext:property-placeholder> <location>file:etc/ldap.properties</location> </ext:property-placeholder> ... </blueprint>
property-paceholder
element's location
child specifies the location of the property file that contains the properties to use for the configuration. You can specify multiple files by using multiple location
children.
Jasypt configuration
property-placeholder
element. It has one child, encoder
, that contains the actual Jasypt configuration.
encoder
element's mandatory class
attribute specifies the fully qualified classname of the Jasypt encryptor to use for decrypting the properties. The encoder
element can take a property
child that defines a Jasypt PBEConfig
bean for configuring the encryptor.
Example 6.11. Jasypt Blueprint Configuration
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0" xmlns:enc="http://karaf.apache.org/xmlns/jasypt/v1.0.0"> <ext:property-placeholder> <location>file://ldap.properties</location> <enc:property-placeholder> <enc:encryptor class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor"> <property name="config"> <bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig"> <property name="algorithm" value="PBEWithMD5AndDES" /> <property name="passwordEnvName" value="FUSE_ENCRYPTION_PASSWORD" /> </bean> </property> </enc:encryptor> </enc:property-placeholder> ... </blueprint>
Placeholders
${prop.name}
.
Example 6.12. Jasypt Blueprint Configuration
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0" xmlns:enc="http://karaf.apache.org/xmlns/jasypt/v1.0.0"> <ext:property-placeholder> <location>file://ldap.properties</location> <enc:property-placeholder> <enc:encryptor class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor"> <property name="config"> <bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig"> <property name="algorithm" value="PBEWithMD5AndDES" /> <property name="passwordEnvName" value="FUSE_ENCRYPTION_PASSWORD" /> </bean> </property> </enc:encryptor> </enc:property-placeholder> <jaas:config name="karaf" rank="1"> <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required"> initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory debug=true connectionURL=${ldap.url} connectionUsername=cn=mqbroker,ou=Services,ou=system,dc=fusesource,dc=com connectionPassword=${ldap.password} connectionProtocol= authentication=simple userRoleName=cn userBase = ou=User,ou=ActiveMQ,ou=system,dc=fusesource,dc=com userSearchMatching=(uid={0}) userSearchSubtree=true roleBase = ou=Group,ou=ActiveMQ,ou=system,dc=fusesource,dc=com roleName=cn roleSearchMatching= (member:=uid={1}) roleSearchSubtree=true </jaas:module> </jaas:config> </blueprint>
${ldap.password}
placeholder will be replaced with the decrypted value of the ldap.password
property from the properties file.
Installing the Jasypt features
jasypt-encryption
feature using the features:install command as shown in Example 6.13, “Installing the Jasypt Feature”.
Example 6.13. Installing the Jasypt Feature
karaf@root>
features:install jasypt-encryption
6.4. Configuring Roles for the Administrative Protocols
Overview
Administration protocols
- SSH (remote console login)
- JMX management
Default role
karaf.admin.role
property in the broker's etc/system.properties
file. For example, the default setting of karaf.admin.role
is:
karaf.admin.role=admin
admin
role set by karaf.admin.role
for each of the administrative protocols.
Changing the remote console's role
sshRole
property to the etc/org.apache.karaf.shell.cfg
file. The following sets the role to admin
:
sshRole=admin
Changing the JMX role
jmxRole
property to the etc/org.apache.karaf.management.cfg
file.
Chapter 7. Securing Fabric Containers
Abstract
karaf
JAAS realm. This realm is defined in the fabric-jaas
feature. It is deployed to all containers in the fabric as part of the default
profile.
karaf
JAAS realm to use a proper login module. The fabric containers include an LDAP module that is preloaded and simply needs to be activated. Doing so requires that the new JAAS realm be defined in OSGi blueprint files and deployed to the container's in the fabric.
7.1. Using the Default Authentication System
Revision History | |
---|---|
12/3/12 | |
clarified that the default mechanism is the one used by the fabric | |
12/3/12 | |
split into sub-sections for user management and configuring encryption |
Abstract
7.1.1. Managing Users
Viewing user data
Adding a user
- Click Users from the main menu.The Users page opens.
- Click Create User.The Create New User dialog opens.
- In the Username field, enter a unique name for the user.The user name must be at least five characters long.
- In the Password field, enter a password for the user.The password must be atleast six characters long.
- In the Repeat Password field, reenter the password for the user.
- Click Create.The dialog closes and the new user is added to the list.
Removing a user
- Click Users from the main menu.The Users page opens.
- Select the user to be deleted from the list.
- Click Delete User.A confirmation dialog opens.
- Click Yes.The dialog closes and the user is removed from the list.
Changing a user's password
- Click Users from the main menu.The Users page opens.
- Select the user to update from the list.
- Click Change Password.The Change Password dialog opens.
- In the Password field, enter a password for the user.The password must be at least six characters long.
- In the Repeat Password field, reenter the password for the user.
- Click Change.The dialog closes and a message shows that the password was changed.
Adding a role to a user
- Click Users from the main menu.The Users page opens.
- Select the user to update from the list.
- Click Add Role.The Add New Role dialog opens.
- In the Role Name field, enter a role for the user.
- Click Add.The dialog closes and a message shows that the role was added.
Deleting a role from a user
- Click Users from the main menu.The Users page opens.
- Select the user to update from the list.The user's roles are listed on the right side of the page.
- Click the X opposite the role to delete.A confirmation dialog opens.
- Click Yes.The dialog closes and the role is removed from the list.
7.1.2. Encrypting Stored Passwords
Overview
karaf
realm. This can be done by adding the appropriate configuration properties to the org.fusesource.fabric.jaas
PID and ensuring that they are applied to all of the containers in the fabric.
Editing the default profile
default
profile. It is applied to all containers in a fabric through inheritance.
default
profile, you should create a new profile version. Editing the active default
profile could make your fabric unstable.
default
profile:
- Select the management console's Profiles tab.
- Create a new version by clicking Create Version.The Create New Version dialog appears.
- Optionally enter a name for the new version in the NameIf you leave the Name field blank, the management console will use the name of the parent version and append the next available version number, starting from 1, to the name. For example, if version
brokers1
existed, the management console would create versionbrokers1.1
. - From the Parent Version list, select the version from which the new version will originate.By default Use most recently created version is selected.
- Click Create to create the version.The dialog will close and the new version will be listed in the Versions table.
- Select the new version from the Versions list.
- Select the
default
profile from the Profiles list.The Profiles page for the selected profile opens. - Select the Config Files tab.
- Select
org.fusesource.fabric.jaas
from the list.A text editing window opens. - Enter values for the properties described in Table 7.1, “JAAS Encryption Properties” following the example shown in Example 7.1, “Password Encryption Configuration”.
Example 7.1. Password Encryption Configuration
encryption.enabled = true encryption.name = jasypt encryption.algorithm = SHA-256 encryption.encoding = base64 encryption.iterations = 100000 encryption.saltSizeBytes = 16
- Click Save.
- If you configure the encryption to use Jasypt, add the
jasypt-encryption
feature to the profile.- Select the Repositories tab.
- In the Add repository field enter
mvn:org.apache.karaf.assemblies.features/standard/2.3.0.fuse-71-044/xml/features
. - Click Add.
- Select the Features tab.
- From the Repository list select mvn:org.apache.karaf.assemblies.features/standard/2.3.0.fuse-71-044/xml/features.
- From the Features list select jasypt-encryption.
- Select the management console's Containers tab.
- Click Migrate Containers.
- Click Select All.
- Select the version to which you added encryption from the Target Version table.
- Click Apply.
Configuration properties
Table 7.1. JAAS Encryption Properties
Property | Description |
---|---|
encryption.enabled | Specifies if password encryption is enabled. |
encryption.name | Specifies the name of the encryption service, which has been registered as an OSGi service. See the section called “Encryption services”. |
encryption.prefix | Specifies the prefix for encrypted passwords. |
encryption.suffix | Specifies the suffix for encrypted passwords. |
encryption.algorithm |
Specifies the name of the encryption algorithm—for example,
MD5 or SHA-1 . You can specify one of the following encryption algorithms:
|
encryption.encoding | Specifies the encrypted passwords encoding: hexadecimal or base64 . |
encryption.providerName (Jasypt only) | Name of the java.security.Provider instance that is to provide the digest algorithm. |
encryption.providerClassName (Jasypt only) | Specifies the class name of the security provider that is to provide the digest algorithm. |
encryption.iterations (Jasypt only) | Specifies the number of times to apply the hash function recursively. |
encryption.saltSizeBytes (Jasypt only) | Specifies the size of the salt used to compute the digest. |
encryption.saltGeneratorClassName (Jasypt only) | Specifies the class name of the salt generator. |
role.policy | Specifies the policy for identifying role principals. Can have the values, prefix or group . |
role.discriminator | Specifies the discriminator value to be used by the role policy. |
Encryption services
org.apache.karaf.jaas.modules.EncryptionService
interface and exporting an instance of the encryption service as an OSGi service. Two alternative implementations of the encryption service are provided:
- Basic encryption service—installed in the standalone container by default and you can reference it by setting the
encryption.name
property to the value,basic
. In the basic encryption service, the message digest algorithms are provided by the SUN security provider (the default security provider in the Oracle JDK). - Jasypt encryption—can be installed in the standalone container by installing the
jasypt-encryption
feature. To access the Jasypt encryption service, set theencryption.name
property to the value,jasypt
.For more information about Jasypt encryption, see the Jasypt documentation.
7.2. Defining JAAS Realms in a Fabric
Overview
jaas:config
element for defining JAAS realms. The difference is that when containers are deployed in a fabric, the JAAS realms need to be pushed out the fabric registry and all of the containers in the fabric need to share the same JAAS realms.
Procedure
- Create a Maven project to package and deploy the JAAS realm to the fabric's Maven proxy as shown in the section called “Creating a Maven project for deploying a JAAS realm”.
- Create a JAAS realm that uses the LDAP login module:
- Open the blueprint XML file in
src/main/resources/OSGI-INF/my-service.xml
in a text editor. - Delete the
bean
andservice
elements. - Add a
jaas:config
element to the blueprint.See Section 6.1, “Defining JAAS Realms” for details on configuring the JAAS realm.
- Deploy the JAAS realm to the fabric's maven proxy using the mvn deploy command.
- In the management console create a new profile for deploying the new realm.
- Select the Bundles tab.
- Add the bundle you uploaded for the JAAS realm to the profile.Bundles are specified using Maven URLs. For example if your project's group ID is
my.jaas.realm
and the artifact ID isjaas
, the Maven URL for the bundle will be mvn:my.jaas.realm/ldap/version. - Add the new profile to all of the containers in the fabric.
Creating a Maven project for deploying a JAAS realm
- Use the
karaf-blueprint-archetype
archetype to generate a template project.Example 7.2, “Create a Maven Project” shows how to invoke the archetype from the command line.Example 7.2. Create a Maven Project
mvn archetype:generate -DarchetypeGroupId=org.apache.karaf.archetypes -DarchetypeArtifactId=karaf-blueprint-archetype -DgroupId=groupID -DartifactId=artifactID
- Remove the project's
src/main/java
folder.This folder holds template Java classes for implementing an OSGi service, but the JAAS realm does not require any Java classes. - Open the project's POM in a text editor.
- Add a
distributionManagement
element, similar to the one shown in Example 7.3, “Fabric Maven Proxy Distribution Settings”, to the POM.Example 7.3. Fabric Maven Proxy Distribution Settings
<distributionManagement> <repository> <id>fabric-maven-proxy</id> <name>FMC Maven Proxy</name> <url>http://username:password@localhost:8107/maven/upload/</url> </repository> </distributionManagement>
You will need to modify theurl
element to include the connection details for your environment:- The username and password are the credentials used access the Fabric Server to which you are trying to connect.
- The hostname,
localhost
in Example 7.3, “Fabric Maven Proxy Distribution Settings”, is the address of the machine hosting the Fabric Server. - The port number,
8107
in Example 7.3, “Fabric Maven Proxy Distribution Settings”, is the port number exposed by the Fabric Server.8107
is the default setting. - The path,
/maven/upload/
in Example 7.3, “Fabric Maven Proxy Distribution Settings”, is the same for all Fabric Servers.
7.3. Enabling LDAP Authentication
Revision History | |
---|---|
12/05/12 | |
modified the procedure to work in a fabric |
Abstract
Overview
org.apache.karaf.jaas.modules.ldap.LDAPLoginModule
class. It is preloaded by the containers, so you do not need to install its bundle.
karaf
realm to use the LDAP login module and deploy it to every container in the management console's fabric. Once this is done, all access to the management console Web console, and all of the fabric containers' command consoles, will be authenticated against your LDAP server.
Procedure
- Create a Maven project to package and deploy the LDAP JAAS realm to the fabric's Maven proxy as shown in the section called “Creating a Maven project for deploying a JAAS realm”.
- Create a JAAS realm that uses the LDAP login module:
- Open the blueprint XML file in
src/main/resources/OSGI-INF/my-service.xml
in a text editor. - Delete the
bean
andservice
elements. - Add a
jaas:config
element to the blueprint. - Add a
name
attribute to thejaas:config
element and set its value tokaraf
.NoteThis will override the default realm used by the container. - Add a
rank
attribute to thejaas:config
element and set its value to5
.NoteThis will insure that this realm is used by the container. - Add a
jaas:module
element to thejaas:config
element. - Add a
className
attribute to thejaas:module
element and set its value toorg.apache.karaf.jaas.modules.ldap.LDAPLoginModule
.Example 7.4, “LDAP JAAS Login Module” shows the blueprint file.Example 7.4. LDAP JAAS Login Module
<jaas:config ... > <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required"> ... </jaas:module> </jaas:config>
- Provide values for the properties described in Table 6.2, “Properties for the Red Hat JBoss A-MQ LDAP Login Module”.
- Deploy the JAAS realm to the fabric's maven proxy using the mvn deploy command.
- In the management console create a new profile for deploying the LDAP realm.See Using the Management Console.
- Select the Bundles tab.
- Add the bundle you uploaded for the JAAS realm to the profile.Bundles are specified using Maven URLs. For example if your project's group ID is
my.jaas.realm
and the artifact ID isldap
, the Maven URL for the bundle will be mvn:my.jaas.realm/ldap/version.See Using the Management Console. - Add the new profile to all of the containers in the fabric.See Using the Management Console.
Chapter 8. Installing Red Hat JBoss A-MQ as a Service
Revision History | |
---|---|
06/01/12 | |
Updated to reflect that the wrapper is automatically generated by the Enterprise installers. | |
03/11/13 | |
Updated to include directions for generating the wrapper. |
Abstract
- Generate the service wrapper for your system.
- Configure the launch script for your system.
- Configure the service wrapper for your system.
- Install the service wrapper as system service.
8.1. Generating the Wrapper
Abstract
Overview
wrapper
feature generates a wrapper around the JBoss A-MQ runtime that allows you to install a message broker as a system service. The wrapper
feature does not come preinstalled in the console, so before you can generate the service wrapper you must install the wrapper
feature.
Procedure
- Start JBoss A-MQ in console mode using the amq command.
- Once the console is started and the command prompt appears, enter
features:install wrapper
.The features:install command will locate the required libraries to provision the wrapper feature and deploy it into the run time. - Generate the wrapper by entering
wrapper:install -n serviceName -d displayName -D description
.The wrapper:install command has the options described in Table 8.1, “Wrapper Install Options”.Table 8.1. Wrapper Install Options
Option Default Description -s
AUTO_START
(Windows only) Specifies the mode in which the service is installed. Valid values are AUTO_START
orDEMAND_START
.-n
karaf
Specifies the service name that will be used when installing the service. -d
Specifies the display name of the service. -D
Specifies the description of the service.
Generated files
bin\ServiceName-wrapper[.exe]
—the executable file for the wrapper.bin\ServiceName-service[.bat]
—the script used to install and remove the service.etc\ServiceName-wrapper.conf
—the wrapper's configuration file.- Three library files required by the service wrapper:
lib\libwrapper.so
lib\karaf-wrapper.jar
lib\karaf-wrapper-main.jar
8.2. Configure the Script
Abstract
ServiceName-service[.bat]
file, is located under the InstallDir/bin/
directory.
Overview
ServiceName-service[.bat]
file, as described here.
RUN_AS_USER
RUN_AS_USER
variable is set, the ServiceName-service[.bat]
script runs as the specified user. For example, to run the script as the user, mquser
, search for the line, #RUN_AS_USER
, uncomment the line, and set the variable as follows:
RUN_AS_USER=mquser
wrapper.log
files. Failure to be able to write the log file will cause the Wrapper to exit without any way to write out an error message.
PRIORITY
nice
command by setting the PRIORITY
variable (it is not set by default).
8.3. Configuring the Wrapper
Abstract
ServiceName-wrapper.conf
file, which is located under the InstallDir/etc/
directory.
Overview
ServiceName-wrapper.conf
file, which is located under the InstallDir/etc/
directory.
- the default environment settings
- the properties passed to the JVM
- the classpath
- the JMX settings
- the logging settings
Specifying the Red Hat JBoss A-MQ's environment
KARAF_HOME
—the location of the Red Hat JBoss A-MQ install directory.KARAF_BASE
—the root directory containing the configuration and OSGi data specific to the broker instance.The configuration for the broker instance is stored in theKARAF_BASE/conf
directory. Other data relating to the OSGi runtime is also stored beneath the base directory.KARAF_DATA
—the directory containing the logging and persistence data for the broker.
Example 8.1. Default Environment Settings
set.default.KARAF_HOME=InstallDir set.default.KARAF_BASE=InstallDir set.default.KARAF_DATA=InstallDir\data
Passing parameters to the JVM
wrapper.java.additional.<n>
. <n> is a sequence number that must be distinct for each parameter.
wrapper.java.additional.<n>=-DPropName=PropValue
.
Example 8.2. Default Java System Properties
# JVM # note that n is the parameter number starting from 1. wrapper.java.additional.1=-Dkaraf.home="%KARAF_HOME%" wrapper.java.additional.2=-Dkaraf.base="%KARAF_BASE%" wrapper.java.additional.3=-Dkaraf.data="%KARAF_DATA%" wrapper.java.additional.4=-Dcom.sun.managment.jmxremote wrapper.java.additional.5=-Dkaraf.startLocalConsole=false wrapper.java.additional.6=-Dkaraf.startRemoteShell=true wrapper.java.additional.7=-Djava.endorsed.dirs="%JAVA_HOME%/jre/lib/endorsed;%JAVA_HOME%/lib/endorsed;%KARAF_HOME%/lib/endorsed" wrapper.java.additional.8=-Djava.ext.dirs="%JAVA_HOME%/jre/lib/ext;%JAVA_HOME%/lib/ext;%KARAF_HOME%/lib/ext"
Adding classpath entries
wrapper.java.classpath.<n>
. <n> is a sequence number that must be distinct for each classpath entry.
Example 8.3. Default Wrapper Classpath
wrapper.java.classpath.1=%KARAF_BASE%/lib/karaf-wrapper.jar wrapper.java.classpath.2=%KARAF_HOME%/lib/karaf.jar wrapper.java.classpath.3=%KARAF_HOME%/lib/karaf-jaas-boot.jar wrapper.java.classpath.4=%KARAF_BASE%/lib/karaf-wrapper-main.jar
JMX configuration
- Locate the line
# Uncomment to enable jmx
.There are three properties, shown in Example 8.4, “Wrapper JMX Properties”, that are used to configure JMX.Example 8.4. Wrapper JMX Properties
# Uncomment to enable jmx #wrapper.java.additional.n=-Dcom.sun.management.jmxremote.port=1616 #wrapper.java.additional.n=-Dcom.sun.management.jmxremote.authenticate=false #wrapper.java.additional.n=-Dcom.sun.management.jmxremote.ssl=false
- Remove the
#
from in front of each of the properties. - Replace the
n
in each property to a number that fits into the sequence of addition properties established in the configuration.
Configuring logging
Table 8.2. Wrapper Logging Properties
Property | Description |
---|---|
wrapper.console.format |
Specifies how the logging information sent to the console is formated. The format consists of the following tokens:
|
wrapper.console.loglevel | Specifies the logging level displayed on the console. |
wrapper.logfile | Specifies the file used to store the log. |
wrapper.logfile.format | Specifies how the logging information sent to the log file is formated. |
wrapper.console.loglevel | Specifies the logging level sent to the log file. |
wrapper.console.maxsize | Specifies the maximum size, in bytes, that the log file can grow to before the log is archived. The default value of 0 disables log rolling. |
wrapper.console.maxfiles | Specifies the maximum number of archived log files which will be allowed before old files are deleted. The default value of 0 implies no limit. |
wrapper.syslog.loglevel | Specifies the logging level for the sys/event log output. |
8.4. Installing and Starting the Service
Overview
Windows
InstallDir\bin\ServiceName-service.bat install
. If you used the default start setting, the service will start when Windows is launched. If you specified DEMAND_START
, you will need to start the service manually.
net start "ServiceName"
. You can also use the Windows service UI.
net stop "ServiceName"
You can also use the Windows service UI.
InstallDir\bin\ServiceName-service.bat remove
.
Redhat Linux
#
ln -s InstallDir/bin/ServiceName-service /etc/init.d/
#
chkconfig ServiceName-service --add
#
chkconfig ServiceName-service on
service ServiceName-service start
.
service ServiceName-service stop
.
#
service ServiceName-service stop
#
chkconfig ServiceName-service --del
#
rm /etc/init.d/ServiceName-service
Ubuntu Linux
#
ln -s InstallDir/bin/ServiceName-service /etc/init.d/
#
update-rc.d ServiceName-service defaults
/etc/init.d/ServiceName-service start
.
/etc/init.d/ServiceName-service stop
.
#
/etc/init.d/ServiceName-service stop
#
rm /etc/init.d/ServiceName-service
Chapter 9. Starting a Broker
Abstract
Overview
- console mode—the broker starts up as a foreground process and presents the user with a command shell
- daemon mode—the broker starts up as a background process that can be manged using a remote console or the provided command line tools
InstallDir/etc/activemq.xml
configuration file. The configuration uses values loaded from the InstallDir/etc/system.properties
file and the InstallDir/etc/org.fusesource.mq.fabric.server-default.cfg
file.
Starting in console mode
Table 9.1. Start up Commands for Console Mode
Windows | bin\amq.bat |
Unix | bin/amq |
Example 9.1. Broker Console
______ ___ ___ _____ | ___| | \/ || _ | | |_ _ _ ___ ___ | . . || | | | | _|| | | |/ __| / _ \ | |\/| || | | | | | | |_| |\__ \| __/ | | | |\ \/' / \_| \__,_||___/ \___| \_| |_/ \_/\_\ Fuse MQ (7.0.0.fuse-036) http://fusesource.org/mq/ Hit '<tab>' for a list of available commands and '[cmd] --help' for help on a specific command. Hit '<ctrl-d>' or 'osgi:shutdown' to shutdown Fuse MQ.
JBossA-MQ:karaf@root>
Starting in daemon mode
Table 9.2. Start up Commands for Daemon Mode
Windows | bin\start.bat |
Unix | bin/start |
Starting a broker in a fabric
- using the console of one of the other broker's in the fabricIf one of the brokers in the fabric is running in console mode you an use the fabric:container-start command to start any of the other brokers in the fabric. The command requires that you supply the container name used when creating the broker in the fabric. For example to start a broker named
fabric-broker3
you woul duse the command shown in Example 9.2, “Starting a Broker in a Fabric”.Example 9.2. Starting a Broker in a Fabric
JBossA-MQ:karaf@root>
fabric:container-start fabric-broker3
- using the administration client of one of the broker's in the fabricIf none of the brokers are running in console mode, you can use the administration client on one of the brokers to execute the fabric:container-start command. The administration client is run using the client command in Red Hat JBoss A-MQ's
bin
folder. Example 9.3, “Starting a Broker in a Fabric with the Administration Client” shows how to use the remote client to start remote broker in the fabric.Example 9.3. Starting a Broker in a Fabric with the Administration Client
bin/client fabric:container-start fabric-broker3
- using the management consoleThe management console can start and stop any of the brokers in the fabric it manages from a Web based console.For more information see Using the Management Console.
Chapter 10. Sending Commands to the Broker
Abstract
Overview
- the JBoss A-MQ administration client that can be used to send any of the console commands to a broker running in daemon mode
- a broker running in console mode can connect to a remote broker and be used to manage the remote broker
- Red Hat JBoss A-MQ includes a vanilla Apache Karaf shell that can connect to a remote broker and be used to manage the remote broker
Running the administration client
InstallDir/bin
. Example 10.1, “Client Command” shows the syntax for the command.
Example 10.1. Client Command
client
[
--help
] [
-a port
] [
-h host
] [
-u user
] [
-p password
] [
-v
] [
-r attempts
] [
-d delay
] [
commands
]
Table 10.1. Administration Client Arguments
Argument | Description |
---|---|
--help | Displays the help message. |
-a | Specifies the remote host's port. |
-h | Specify the remote host's name. |
-u | Specifies user name used to log into the broker. |
-p | Specifies the password used to log into the broker. |
-v | Use verbose output. |
-r | Specifies the maximum number of attempts to establish a connection. |
-d | Specifies, in seconds, the delay between retries. The default is 2 seconds. |
commands | Specifies one or more commands to run. If no commands are specified, the client enters an interactive mode. |
Using the broker console
- console help—list all of the commands along with a brief summary of the commands function
- command help—a detailed description of a command and its arguments
Example 10.2. Console Help
JBossA-MQ:karaf@root>
help
COMMANDS activemq:browse activemq:bstat activemq:list activemq:purge activemq:query admin:change-opts Changes the Java options of an existing container instance. admin:change-rmi-registry-port Changes the RMI registry port (used by management layer) of an existing container instance.
...JBossA-MQ:karaf@root>
--help
option. As shown in Example 10.3, “Help for a Command”, entering admin:start --help
displays the help for that command.
Example 10.3. Help for a Command
JBossA-MQ:karaf@root>
admin:start --help
DESCRIPTION admin:start Starts an existing container instance. SYNTAX admin:start [options] name ARGUMENTS name The name of the container instance OPTIONS --help Display this help message -o, --java-opts Java options when launching the instance
JBossA-MQ:karaf@root>
Connecting a console to a remote broker
-p
flag. You can also specify a command to be executed by the remote console connection. If you do not specify a command, you are presented with a prompt that will pass commands to the remote broker's console.
Starting a basic console
Available commands
Chapter 11. Deploying a New Broker
Abstract
- as a collection of standalone brokers
- a fabric of brokers
11.1. Deploying a Standalone Broker
Abstract
Overview
Procedure
- Install JBoss A-MQ onto the target system as described in the Installation Guide.
- Modify the new installation's configuration for your environment as described in Chapter 2, Editing a Broker's Configuration.
More information
- Using Networks of Brokers
- Fault Tolerant Messaging
11.2. Deploying a New Broker into a Fabric
Abstract
Overview
- allowing you to do them from a remote location
- providing tools that assist in automatically configuring fail over clusters, networks of brokers, and master/slave clusters.
- allowing you to reuse parts of existing profiles to ensure consistency
- providing tooling to do rolling updates
- providing tooling to roll back changes when needed
Procedure
- Create a template JBoss A-MQ XML configuration file in a location that is accessible to the container.
- In the command console, use the fabric:import command to upload the your XML configuration template to the Fabric Ensemble as shown in Example 11.1, “Uploading a Template to a Fabric Ensemble”.
Example 11.1. Uploading a Template to a Fabric Ensemble
JBossA-MQ:karaf@root>
fabric:import -t /fabric/configs/versions/version/profiles/mq-base/configFile configFile
version must match the version of the new profile you will create for the new broker. - Use the fabric:mq-create command to create a profile for the new broker and assign it to a container.
- To deploy the new broker into an existing container use the command shown in Example 11.2, “Creating a New Broker in an Existing Container”
Example 11.2. Creating a New Broker in an Existing Container
JBossA-MQ:karaf@root>
fabric:mq-create --assign-container containerName --config configFile profileName
This will create a new broker profile that inherits from themq-base
profile, but uses your XML configuration template, and deploy it to the specified container. - To deploy the new broker into an new container use the command shown in Example 11.3, “Creating a New Broker in a New Container”
Example 11.3. Creating a New Broker in a New Container
JBossA-MQ:karaf@root>
fabric:mq-create --create-container containerName --config configFile profileName
This will create a new broker profile that inherits from themq-base
profile, but uses your XML configuration template, create a new container named containerName, and deploy the broker profile to it.NoteThe new container will be a child of the container from which you execute the fabric:mq-create command.
You can add network configuration settings to the profile as well. - Use the fabric:profile-edit command shown in Example 11.4, “Editing a Broker Profile” to set the required properties.
Example 11.4. Editing a Broker Profile
JBossA-MQ:karaf@root>
fabric:profile-edit --pid org.fusesource.mq.fabric.server-profileName/property=value profileName
The properties that need to be set will depend on the properties you specified using property place holders in the template XML configuration and the broker's network settings.
More information
- Using Networks of Brokers
- Fault Tolerant Messaging
Chapter 12. Shutting Down a Broker
Abstract
12.1. Shutting Down a Local Broker
Abstract
Overview
Stopping the broker from console mode
Example 12.1. Using the Console's Shutdown Command
JBossA-MQ:karaf@root>
shutdown -f
JBossA-MQ:karaf@root>
logout [Process completed]
Stopping a broker running in daemon mode
bin
folder.
12.2. Shutting Down a Broker Remotely
Abstract
Overview
- using the stop command—the stop command does not require starting an instance of the broker
- using a remote console connection—a broker's console can be used to remotely shutdown a broker on another machine
- using a fabric member's console—brokers that are part of a fabric can stop members of their fabric
- using the management console—brokers that are part of a fabric can be stopped using a management console connected to their fabricFor more information see Using the Management Console.
Using the stop command
InstallDir/bin
directory. The commands syntax is shown in Example 12.2, “Stop Command Syntax”.
Example 12.2. Stop Command Syntax
stop
[
-a port
] {
-h hostname
} {
-u username
} {
-p password
}
-a port
- Specifies the SSH port of the remote instance. The default is 8101.
-h hostname
- Specifies the hostname of the machine on which the remote instance is running.
-u username
- Specifies the username used to connect to the remote broker.NoteThe default username for a broker is
karaf
. -p password
- Specifies the password used to connect to the remote broker.NoteThe default password for a broker is
karaf
.
NEBrokerHost2
.
Example 12.3. Stopping a Remote Broker
bin/stop -u karaf -p karaf -h NEBrokerHost2
Using a remote console
NWBrokerHost
.
Example 12.4. Shutting Down a Broker using a Remote Console Connection
JBossA-MQ:karaf@root>
ssh -l karaf -P karaf NWBrokerHost
_ ____ __ __ ____ | | _ \ /\ | \/ |/ __ \ | | |_) | ___ ___ ___ / \ ______| \ / | | | | _ | | _ < / _ \/ __/ __| / /\ \______| |\/| | | | | | |__| | |_) | (_) \__ \__ \ / ____ \ | | | | |__| | \____/|____/ \___/|___/___/ /_/ \_\ |_| |_|\___\_\ JBoss A-MQ (6.0.0.redhat-012) http://www.redhat.com/products/jbossenterprisemiddleware/amq/ Hit '<tab>' for a list of available commands and '[cmd] --help' for help on a specific command. Hit '<ctrl-d>' or 'osgi:shutdown' to shutdown JBoss A-MQ.
JBossA-MQ:karaf@root>
osgi:shutdown
Confirm: shutdown instance root (yes/no):
yes
JBossA-MQ:karaf@root>
JBossA-MQ:karaf@root>
Shutting down remote brokers in a fabric
fabric-broker3
.
Example 12.5. Shutting Down a Broker in a Fabric
./bin/client fabric-broker3 fabric:container-stop
Chapter 13. Connecting a Broker to a Fabric
Abstract
- join an existing fabricThis option is useful if you have an existing fabric and simply want to add the broker to it. You can add the broker as a fully managed container in which the broker's existing configuration is wiped out and replaced with a profile from the fabric's repository. You can also add the broker as an unmanaged container that retains all of its configuration, but can be discovered through the fabric's ensemble.NoteThis option can also be used to move a broker from one fabric to another.
- create a new fabricThis option converts the standalone broker into a Fabric Server. You will then need to either add a new broker to the fabric, or assign a broker profile to the server.
13.1. Joining a Broker to a Fabric
- A managed container is a full member of the fabric and is managed by a Fabric Agent. The agent configures the container based on information provided by the fabric's ensemble. The ensemble knows which profiles are associated with the container and the agent determines what to install based on the contents of the profiles.
- A non-managed container is not managed by a Fabric Agent. It's configuration remains intact after it joins the fabric and is controlled as if the broker were a standalone broker. Joining the fabric in this manner registers the broker with the fabric's ensemble and allows clients to locate the broker using the fabric's discovery mechanism.
13.1.1. Joining a Fabric as a Managed Container
Overview
fabric
profile. To start up as broker, you need to ensure that the fabric has a profile with the proper configuration and associate it with the container. The fabric:join command's -p
argument allows you to specify a profile to install into the container once the agent is installed.
Becoming a managed container
- The broker installs the required Fuse Fabric bundles to interact with the fabric's ensemble.
- The broker contacts the specified Fabric Server and initiates the joining process.
- The Fabric Server registers the container with the fabric's ensemble.This adds the container's information to the fabric's registry using the container name as the key. Because the container is a managed container, the registry creates an empty entry for the container and only includes the information it needs to manage the container.WarningIf the container being added to the fabric has the same name as a container already registered with the fabric, both containers will be reset and will always share the same configuration.
- The Fabric Server, as a delegate of the fabric's ensemble, takes control of the container.This process clears the container and resets its configuration to a default state.
- The ensemble installs the
fabric
profile into the container.This loads the Fabric Agent into the container to facilitate the management of the container. - If the
-p
argument is passed the fabric:join, the container's agent installs the artifacts and configuration settings from the specified profile. - The container sits empty and ready for you to associate one or more profiles with it.
- The agent monitors the container and the ensemble for changes.If the state of the container changes, the agent updates the ensemble's registry entry. If the ensemble has updates for the container, such as a new profile being associated with the container or a change to one of the profiles already associated with the container, the agent updates the container.
Remaining a message broker
mq
profile that loads a default message broker. You can also create a new profile for your brokers as described in Section 2.3, “Editing a Broker's Configuration in a Fabric”.
-p
flag. The specified profile will be assigned to the container as soon as the agent is installed. If you would rather do it in two steps, you can assign the profile using the fabric:container-change-profile command or the management console.
Procedure
- Create a profile for your broker.For details on creating a broker profile see Section 2.3, “Editing a Broker's Configuration in a Fabric”.
- Get the URL for one of the Fabric Servers in the existing fabric.The URL of a Server has the following format:
HostName:IPPort
For example, given a fabric registry agent running on the host,myhost
, the URL would bemyhost:2181
. The IP port, 2181, is the default IP port used by a Fabric Server and is usually the correct value to use. If you are in any doubt about which URL to use you can discover the URLs of the Fabric Servers as follows:- Connect to the command console of one of the containers in the fabric.
- Enter the following sequence of console commands:
JBossA-MQ:karaf@root>
config:edit org.fusesource.fabric.zookeeper
JBossA-MQ:karaf@root>
config:proplist
service.pid = org.fusesource.fabric.zookeeper zookeeper.url = myhostA:2181,myhostB:2181,myhostC:2181,myhostC:2182,myhostC:2183 fabric.zookeeper.pid = org.fusesource.fabric.zookeeper
JBossA-MQ:karaf@root>
config:cancel
Thezookeeper.url
property holds a comma-separated list of Fabric Server URLs. You can use any one of these URLs to join the fabric.
- Connect to the standalone broker's command console.
- Enter the following command:
JBossA-MQ:karaf@root>
fabric:join -p brokerProfile fabricURL brokerName
You need to provide values for:
13.1.2. Joining a Fabric as a Non-Managed Container
Overview
Becoming a non-managed container
- The broker installs the required Fuse Fabric bundles to interact with the fabric's ensemble.
- The broker contacts the specified Fabric Server and initiates the joining process.
- The Fabric Server registers the container with the fabric's ensemble.This adds the broker's information to the fabric's registry using the broker's name as the key. Because the broker is non-managed, the registry creates an entry containing information for all the message destinations hosted by the broker.WarningIf the container being added to the fabric has the same name as a container already registered with the fabric, both containers will be reset and will always share the same configuration.
- The agent monitors the broker and updates the updates the ensemble's registry entry as needed.
Procedure
- Get the URL for one of the Fabric Servers in the existing fabric.The URL of a Server has the following format:
HostName:IPPort
For example, given a fabric registry agent running on the host,myhost
, the URL would bemyhost:2181
. The IP port, 2181, is the default IP port used by a Fabric Server and is usually the correct value to use. If you are in any doubt about which URL to use you can discover the URLs of the Fabric Servers as follows:- Connect to the command console of one of the containers in the fabric.
- Enter the following sequence of console commands:
JBossA-MQ:karaf@root>
config:edit org.fusesource.fabric.zookeeper
JBossA-MQ:karaf@root>
config:proplist
service.pid = org.fusesource.fabric.zookeeper zookeeper.url = myhostA:2181,myhostB:2181,myhostC:2181,myhostC:2182,myhostC:2183 fabric.zookeeper.pid = org.fusesource.fabric.zookeeper
JBossA-MQ:karaf@root>
config:cancel
Thezookeeper.url
property holds a comma-separated list of Fabric Server URLs. You can use any one of these URLs to join the fabric.
- Connect to the standalone broker's command console.
- Enter the following command:
JBossA-MQ:karaf@root>
fabric:join -n fabricURL brokerName
You need to provide values for:-n
—specifies that the broker will not be managed by the fabric- fabricURL—the Fabric Server URL you obtained in Step 1
- brokerName—the name the broker will use to register with the fabricImportantThe name should be unique among the containers in the fabric.
13.2. Creating a New Fabric
Revision History | |
---|---|
12/04/12 | |
Clarified what happens when a fabric is created. | |
12/04/12 | |
Added note about removing the default broker from the original container. |
Overview
- The recommended approach is to create the fabric such that the broker is converted into a managed Fabric Server. The container will revert to being a vanilla broker, so you will need to either create a new broker with the desired configuration or deploy an updated broker profile into the Fabric Server.Ensuring that the new broker is configured properly requires creating a broker profile with the proper settings. This can be done once the new fabric is created using the fabric:mq-create command. The fabric:mq-create command can also create the new broker.
- The alternative approach is to create the fabric such that the broker becomes a non-managed Fabric Server. The broker becomes a Fabric Server that is fully capable of being part of a fabric's ensemble. However, the broker retains control over its own configuration. It will continue to be managed as if it were a standalone broker and will not respond to fabric commands that attempt to alter its configuration.
Becoming a new fabric
- The broker installs the required Fuse Fabric bundles to become a Fabric Server.
- The Fabric Server starts up the ensemble process.
- A new ensemble containing an empty configuration registry and a runtime registry with a single entry for the Fabric Server is created.
- The Fabric Server delegates control over its configuration to the ensemble.NoteIf the fabric is created with a non-managed server, this step is skipped.
- The ensemble associates the profiles required to be a Fabric Server with the container.
- Unless the
--no-import
flag is used, the ensemble imports a set of profiles.- If the
--import-dir
flag is used, the profiles are imported from the specified location. - If no location is specified the default set of profiles is imported from
InstallDir/fabric/import
.
- The ensemble installs the default
mq
profile to the container.This starts a default broker instance in the container.NoteIf the fabric is created with a non-managed server, this step is skipped. - The ensemble waits for commands to update the fabric.
Procedure
- Delete the standalone broker configuration(s) from your installation's
/etc
folder.The configuration is stored in/etc/org.fusesource.mq.fabric.server-configName.cfg
. - Connect to the standalone broker's command console.
- Remove any brokers running in the container.
- Use config:list to locate any PIDs using the form
org.fusesource.mq.fabric.server.ID
. - Use config:delete to delete all of the PIDs using the form
org.fusesource.mq.fabric.server.ID
.
- Enter the following command:
JBossA-MQ:karaf@root>
fabric:create
NoteIf you want to import a predefined set of profiles, use the-p import-dir
option to specify the set of profiles to import. - Add a new broker to the fabric as described in Section 11.2, “Deploying a New Broker into a Fabric”.
Chapter 14. Adding Client Connection Points
Abstract
- a
transportConnector
element in the XML configuration template that provides the details for the connection point - an entry in the broker's
org.fusesource.mq.fabric.server.id
PID's connectors property to activate the connection point
transportConnector
element provides all of the details needed to create the connection point. This includes the type of transport being used, the host and port for the connection, and any transport properties needed. The connectors property is a space delimited list that specifies which transport connectors to activate.
14.1. Adding a Transport Connector to a Standalone Broker
Adding a transport connector definition
- Open the broker's configuration template for editing.
- Locate the
transportConnectors
element. - Add a
transportConnector
element as a child of thetransportConnectors
element. - Add a
name
attribute to the newtransportConnector
element.Thename
attribute specifies a unique identifier for the transport connector. It is used in the connectors property to identify the transport to be activated. - Add a
uri
attribute to the newtransportConnector
element.Theuri
attribute specifies the connection details used to instantiate the connector. Clients will use a similar URI to access the broker using this connector. For a complete list of the URIs see the Connection Reference. - Save the changes to the configuration template.
Activating a connector
- Connect to the broker using a command console.
- Open the broker's
org.fusesource.mq.fabric.server.id
PID for editing using the config:editcommand.JBossAMQ:karaf>
config:edit org.fusesource.mq.fabric.server.098765NoteYou can use the config:list command to find the id for the broker. - Verify the value of the connectors property using the config:proplist command.
JBossAMQ:karaf>
config:proplist connector - Change the value of the connectors property using the config:propset command.
JBossAMQ:karaf>
config:propset connector "connector1 connector2..."connector1 specifies the name of a transport to activate. The value corresponds the value of thetransportConnector
element'sname
attribute. - Save the changes using the config:update command.
JBossAMQ:karaf>
config:update
14.2. Adding a Transport Connector to a Fabric Broker
Adding a transport connector definition
- Create a configuration template.
- Locate the
transportConnectors
element. - Add a
transportConnector
element as a child of thetransportConnectors
element. - Add a
name
attribute to the newtransportConnector
element.Thename
attribute specifies a unique identifier for the transport connector. It is used in the connectors property to identify the transport to be activated. - Add a
uri
attribute to the newtransportConnector
element.Theuri
attribute specifies the connection details used to instantiate the connector. Clients will use a similar URI to access the broker using this connector. For a complete list of the URIs see the Connection Reference. - Save the changes to the configuration template.
- In the command console, use the fabric:import command to upload the your XML configuration template to the Fabric Ensemble.
JBossAMQ:karaf>
fabric:import -t /fabric/configs/versions/version/profiles/mq-base/configFile configFile
version must match the version of the new profile. - Use the fabric:mq-create command to create a new profile.
JBossAMQ:karaf>
fabric:mq-create --config configFile profileName
This will create a new broker profile that inherits from themq-base
profile, but uses your XML configuration template.
Activating a connector
- Connect to the broker using a command console.
- Verify the value of the connectors property for the desired profile using the fabric:profile-display command.
JBossAMQ:karaf>
fabric:profile-display profileName - Change the value of the connectors property using the fabric:profile-edit command's
-p
option.JBossAMQ:karaf>
fabric:profile-edit -p org.fusesource.mq.fabric.server-profileName/connectors="connector1 connector2..." profileNameconnector1 specifies the name of a transport to activate. The value corresponds the value of thetransportConnector
element'sname
attribute. - Deploy the new profile to one or more brokers in the fabric to test the changes.
JBossAMQ:karaf>
fabric:container-add-profile broker profileName
Chapter 15. Using Logging
Abstract
- Apache Log4j
- Apache Commons Logging
- SLF4J
- Java Util Logging
15.1. Logging Configuration
Revision History | |
---|---|
09/12/2012 | |
clarified the configuration steps and updated the examples |
Abstract
Overview
etc/system.properties
—the configuration file that sets the logging level during the broker’s boot process. The file contains a single property, org.ops4j.pax.logging.DefaultServiceLog.level, that is set toERROR
by default.org.ops4j.pax.logging
—the PID used to configure the logging back end service. It sets the logging levels for all of the defined loggers and defines the appenders used to generate log output. It uses standard Log4j configuration. By default, it sets the root logger's level toINFO
and defines two appenders: one for the console and one for the log file.NoteThe console's appender is disabled by default. To enable it, addlog4j.appender.stdout.append=true
to the configuration For example, to enable the console appender in a broker, you would use the following commands:JBossA-MQ:karaf@root>
config:edit org.ops4j.pax.logging
JBossA-MQ:karaf@root>
config:propappend log4j.appender.stdout.append true
JBossA-MQ:karaf@root>
config:update
org.apache.karaf.log.cfg
—configures the output of the log console commands.
Changing the log levels
org.ops4j.pax.logging
PID's log4j.rootLogger
property so that the logging level is one of the following:
TRACE
DEBUG
INFO
WARN
ERROR
FATAL
NONE
Example 15.1. Changing Logging Levels
JBossA-MQ:karaf@root>
config:edit org.ops4j.pax.logging
JBossA-MQ:karaf@root>
config:propset log4j.rootLogger "DEBUG, out, osgi:VmLogAppender"
JBossA-MQ:karaf@root>
config:update
Changing the appenders' thresholds
log4j.appender.appenderName.threshold
property that controls what level of messages are written to the appender. The appender threshold values are the same as the log level values.
DEBUG
but limiting the information displayed on the console to WARN
.
Example 15.2. Changing the Log Information Displayed on the Console
JBossA-MQ:karaf@root>
config:edit org.ops4j.pax.logging
JBossA-MQ:karaf@root>
config:propset log4j.rootLogger "DEBUG, out, osgi:VmLogAppender"
JBossA-MQ:karaf@root>
config:propappend log4j.appender.stdout.threshold WARN
JBossA-MQ:karaf@root>
config:update
15.2. Viewing the Log
Abstract
Overview
- using a text editor
- using the broker's, or a remote broker's, console
- using the administration client
Viewing the log in a text editor
InstallDir/data/log
. The main log file is karaf.log
. If archiving is turned on, there may be archived log files also stored in the logging directory.
- the time of the entry
- the log level of the entry
- the thread that generated the entry
- the bundle that generated the entry
- an informational message about the cause of the entry
Viewing the log with the console
- log:display—displays the most recent log entriesBy default, the number of entries returned and the pattern of the output depends on the size and pattern properties in the
org.apache.karaf.log.cfg
file. You can override these using the-p
and-d
arguments. - log:display-exception—displays the most recently logged exception
- log:tail—continuously display log entries
Viewing the log with the administration client
client log:display
into a system terminal will display the most recent log entries for the local broker.
Chapter 16. Using JMX
Abstract
16.1. Configuring JMX
Revision History | |
---|---|
06/01/12 | |
Added note about Enterprise JMX connector. |
Abstract
Overview
Enabling and disabling
broker
element's useJmx
attribute to false
. This will stop the broker from exposing itself via JMX.
Securing access to JMX
jmxRole
property to the etc/org.apache.karaf.management.cfg
file.
Advanced configuration
managementContext
child element to the broker's broker
element. The managementContext
element uses a managementContext
child to configure the broker. The attributes of the inner managementContext
element specify the broker's JMX configuration.
Table 16.1. Broker JMX Configuration Properties
Property | Default Value | Description |
---|---|---|
useMBeanServer | true | Specifies whether the broker will use the MBean server created by the JVM. When set to false , the broker will create an MBean server. |
jmxDomainName | org.apache.activemq | Specifies the JMX domain used by the broker's MBeans. |
createMBeanServer | true | Specifies whether the broker creates an MBean server if none is found. |
createConnector | true [a] | Specifies whether the broker creates a JMX connector for the MBean server. If this is set to false the broker will only be accessible using the JMX connector created by the JVM. |
connectorPort | 1099 | Specifies the port number used by the JMX connector created by the broker. |
connectorHost | localhost | Specifies the host used by the JMX connector and the RMI server. |
rmiServerPort | 0 | Specifies the RMI server port. This setting is useful if port usage needs to be restricted behind a firewall. |
connectorPath | /jmxrmi | Specifies the path under which the JMX connector will be registered. |
[a]
The default configuration template for the broker sets this property to false so that the broker uses the container's JMX connection.
|
Example 16.1. Configuring a Broker's JMX Connection
<broker ... > ... <managementContext> <managementContext createMBeanServer="false" createConnector="false" /> </managementContext> ... </broker>
16.2. Statistics Collected by JMX
Broker statistics
Table 16.2. Broker JMX Statistics
Destination statistics
Table 16.3. Destination JMX Statistics
Subscription statistics
Table 16.4. Connection JMX Statistics
16.3. Managing the Broker with JMX
Abstract
Overview
Broker actions
Table 16.5. Broker MBean Operations
Connector actions
Table 16.6. Connector MBean Operations
Network connector actions
Table 16.7. Network Connector MBean Operations
Queue actions
Table 16.8. Queue MBean Operations
Topic actions
Table 16.9. Topic MBean Operations
Subscription actions
Table 16.10. Subscription MBean Operations
Chapter 17. Applying Patches
Abstract
.patch
file that lists the contained artifacts. The artifacts are typically one or more bundles. They can, however, include configuration files and feature descriptors.
- Customer Support sends you a patch.
- Customer Support sends you a link to download a patch.
- standalone—the broker's command console's patch shell has commands for managing the patching process
- fabric—patching a fabric requires applying the patch to a profile and then applying the profile to a brokerThe management console is the recommended way to patch brokers in a fabric. See Using the Management Console for more information.
17.1. Patching a Standalone Broker
Abstract
Overview
system
folder. When the patch is applied, the broker's configuration is changed so that it points to the patched artifacts instead of the artifacts from the original installation. This makes it easy for the system to be restored to its original state or to selectively back out patches.
Applying a patch
- Add the patch to the broker's environment using the patch:add command.Example 17.1, “Adding a Patch to a Broker's Environment” shows the command for adding the patch contained in the patch file
patch.zip
from the local file system.Example 17.1. Adding a Patch to a Broker's Environment
FuseMQ>
patch:add file://patch.zip
This command copies the specified patch file to the broker'ssystem
folder and unpacks it. - Simulate installing the patch using the patch:simulate command.This will generate a log of the changes that will be made to the broker when the patch is installed, but will not make any actual changes to the broker.NoteThe patch:list command will display a list of all patches added to the broker's
system
folder. - Review the simulation log to understand the changes that will be made to the broker.
- Apply the patch to the broker using the patch:install command.NoteThe patch:list command will display a list of all patches added to the broker's
system
folder.
Rolling back a patch
Example 17.2. Rolling Back a Patch
FuseMQ>
patch:rollback patch1
system
folder.
17.2. Patching a Broker in a Fabric
Abstract
Overview
Procedure
- Getting a patch file.
- Customer Support sends you a patch.
- Customer Support sends you a link to download a patch.
- Uploading one or more patch files to the fabric's Maven repository.
- Applying the patch(es) to a profile version.This creates a new profile version that points to the new versions of the patched bundles and repositories.
- Migrate one or two brokers to the patched profile version to ensure that the patch does not introduce any new issues.
- After you are certain that the patch works, migrate the remaining brokers in the fabric to the patched version.
Using the management console
Using the command console
- Upload the patch file to the fabric's Maven repository.
- Create a new profile version to which the patch will be applied.
- Modify all of the profiles in the new version which require the patch.
- Use the fabric:container-upgrade command to roll the patch out to the brokers running in the fabric.
Appendix A. Required JARS
Overview
activemq-all.jar
file on the broker's CLASSPATH
. It contains all of the classes needed by a message broker. This is the default set up for a Red Hat JBoss A-MQ installation.
CLASSPATH
you can add the individual JARs. There are several JARs that are required. In addition, there are a few that are only needed when certain features are used.
Required JARs from Red Hat JBoss A-MQ
CLASSPATH
:
activemq-broker.jar
activemq-client.jar
activeio-core.jar
slf4j-api.jar
JEE JARs
- the
jee.jar
from Oracle - your JEE container's installation
- the Geronimo specs JARs:
geronimo-spec-jms.jar
geronimo-spec-jta.jar
geronimo-spec-j2ee-management.jar
Persistent messaging JARs
CLASSPATH
for the desired persistence store. The JAR names follow the pattern activemq-store-store
. The following message stores are included:
activemq-amq-store.jar
activemq-jdbc-store.jar
activemq-kahadb-store.jar
activemq-leveldb-store.jar
- For KahaDB you will need
kahadb.jar
. - For JDBC you will need the JARs for your database's JDBC driver.
Index
A
- Active, Subscription statistics
- activemq.xml, Editing the configuration template
- administration client
- running, Running the administration client
- administration console
- port number, Changing the port
- securing, Securing the console
- url, Accessing the console
- amq, Starting in console mode
- Aries
- namespaces, Namespaces
- placeholder extension, Placeholder extension
- authentication, LDAP properties
- AverageEnqueueTime, Destination statistics
B
- BlockedProducerWarningInterval, Destination statistics
- broker
- addConnector, Broker actions
- addNetworkConnector, Broker actions
- addQueue, Broker actions
- addTopic, Broker actions
- createDurableSubscriber, Broker actions
- deploying
- fabric container, Procedure
- destroyDurableSubscriber, Broker actions
- disableStatistics, Broker actions
- enableStatistics, Broker actions
- gc, Broker actions
- reloadLog4jProperties, Broker actions
- removeConnector, Broker actions
- removeNetworkConnector, Broker actions
- removeQueue, Broker actions
- removeTopic, Broker actions
- resetStatistics, Broker actions
- start, Broker actions
- stop, Broker actions
- stopGracefully, Broker actions
- terminateJVM, Broker actions
- useJmx, Enabling and disabling
- BrokerId, Broker statistics
- BrokerName, Broker statistics
- BrokerVersion, Broker statistics
C
- client, Running the administration client
- command console
- getting help, Using the broker console
- remote access, Connecting a console to a remote broker
- config shell, Editing the OSGi properties
- config.properties, Overview
- configuration
- persistent identifier, OSGi PIDs
- PID, OSGi PIDs
- template, Configuration templates
- connection.password, LDAP properties
- connection.url, LDAP properties
- connection.username, LDAP properties
- connector
- connectionCount, Connector actions
- disableStatistics, Connector actions
- enableStatistics, Connector actions
- resetStatistics, Connector actions
- start, Connector actions
- stop, Connector actions
- connectorHost, Advanced configuration
- connectorPath, Advanced configuration
- connectorPort, Advanced configuration
- connectors, Activating a connector, Activating a connector
- console
- config shell, Editing the OSGi properties
- console mode
- starting, Starting in console mode
- stopping, Stopping the broker from console mode
- ConsumerCount, Destination statistics
- createConnector, Advanced configuration
- createMBeanServer, Advanced configuration
- CursorFull, Destination statistics
- CursorMemoryUsage, Destination statistics
- CursorPercentUsage, Destination statistics
D
- daemon mode
- starting, Starting in daemon mode
- stopping, Stopping a broker running in daemon mode
- DataDirectory, Broker statistics
- deploying
- standalone broker, Deploying a Standalone Broker
- DequeueCount, Destination statistics
- DequeueCounter, Subscription statistics
- DispatchCount, Destination statistics
- DispatchedCounter, Subscription statistics
- DispatchedQueueSize, Subscription statistics
E
- embedded console
- disabling, Disabling the Web embedded console
- encryptor, Jasypt configuration
- EnqueueCount, Destination statistics
- EnqueueCounter, Subscription statistics
- ExpiredCount, Destination statistics
F
- fabric
- profiles, Profiles
- starting a broker, Starting a broker in a fabric
- stopping a broker, Shutting down remote brokers in a fabric
- versions, Profiles
- fabric shell, Procedure
- fabric:container-change-profile, Remaining a message broker
- fabric:container-connect, Connecting a console to a remote broker
- fabric:container-start, Starting a broker in a fabric
- fabric:container-stop, Shutting down remote brokers in a fabric
- fabric:container-upgrade, Using the command console
- fabric:create, Creating a New Fabric
- fabric:join, Joining a Broker to a Fabric
- fabric:mq-create, Procedure
- features:install, Installing the Jasypt features
H
- HTTPS
- client authentication needed, Enabling HTTPS
- client authentication wanted, Enabling HTTPS
- HTTPS configuration, Enabling HTTPS
I
- InFlightCount, Destination statistics
- initial.context.factory, LDAP properties
J
- JAAS
- configuration syntax, Configuring a JAAS realm
- converting to blueprint, Converting standard JAAS login properties to XML
- namespace, Namespace
- jaas:config, Configuring a JAAS realm
- jaas:module, Configuring a JAAS realm
- Jasypt
- configuration, Jasypt configuration
- libraries, Installing the Jasypt features
- namespaces, Namespaces
- jasypt-encryption, Installing the Jasypt features
- JBoss Operations Network, Tools
- jconsole, Tools
- JMX
- disabling, Enabling and disabling
- roles, Changing the JMX role, Securing access to JMX
- jmxDomainName, Advanced configuration
- joining a fabric
- managed container, Joining a Fabric as a Managed Container
- non-managed container, Joining a Fabric as a Non-Managed Container
K
- KARAF_BASE, Specifying the Red Hat JBoss A-MQ's environment
- KARAF_DATA, Specifying the Red Hat JBoss A-MQ's environment
- KARAF_HOME, Specifying the Red Hat JBoss A-MQ's environment
L
- LDAP
- authentication, LDAP properties
- configuration, LDAP properties
- connection.password, LDAP properties
- connection.url, LDAP properties
- connection.username, LDAP properties
- enabling, Enabling LDAP Authentication, Enabling LDAP Authentication
- initial.context.factory, LDAP properties
- properties, LDAP properties
- role.base.dn, LDAP properties
- role.filter, LDAP properties
- role.name.attribute, LDAP properties
- role.search.subtree, LDAP properties
- ssl, LDAP properties
- ssl.algorithm, LDAP properties
- ssl.keyalias, LDAP properties
- ssl.keystore, LDAP properties
- ssl.protocol, LDAP properties
- ssl.provider, LDAP properties
- ssl.truststore, LDAP properties
- user.base.dn, LDAP properties
- user.filter, LDAP properties
- user.search.subtree, LDAP properties
- LDAPLoginModule, Enabling LDAP Authentication, Enabling LDAP Authentication
- logging
- console commands, Viewing the log with the console, Viewing the log with the administration client
- viewing as text, Viewing the log in a text editor
- viewing in an editor, Viewing the log in a text editor
- viewing in the console, Viewing the log with the console
- viewing with the admin client, Viewing the log with the administration client
M
- managed container, Joining a Fabric as a Managed Container
- management console, Tools
- managementContext, Advanced configuration
- connectorHost, Advanced configuration
- connectorPath, Advanced configuration
- connectorPort, Advanced configuration
- createConnector, Advanced configuration
- createMBeanServer, Advanced configuration
- jmxDomainName, Advanced configuration
- rmiServerPort, Advanced configuration
- useMBeanServer, Advanced configuration
- MaxEnqueueTime, Destination statistics
- MaximumPendingMessageLimit, Subscription statistics
- MaxPageSize, Destination statistics
- MemoryLimit, Broker statistics, Destination statistics
- MemoryPercentageUsed, Broker statistics, Destination statistics
- MemoryUsagePortion, Destination statistics
- MessageCountAwaitingAcknowledge, Subscription statistics
- MinEnqueueTime, Destination statistics
- mq-create, Procedure
N
- namespaces
- Aries, Namespaces
- Jasypt, Namespaces
- network connector
- start, Network connector actions
- stop, Network connector actions
- non-managed container, Joining a Fabric as a Non-Managed Container
O
- org.apache.karaf.log, Overview
- org.fusesource.mq.fabric.server-*, Activating a connector
- org.fusesource.mq.fabric.server.*, Activating a connector
- org.ops4j.pax.logging, Overview
- org.ops4j.pax.logging.DefaultServiceLog.level, Overview
- org.ops4j.pax.web.ssl.clientauthneeded, Enabling HTTPS
- org.ops4j.pax.web.ssl.clientauthwanted, Enabling HTTPS
- org.ops4j.pax.web.ssl.keypassword, Enabling HTTPS
- org.ops4j.pax.web.ssl.keystore, Enabling HTTPS
- org.ops4j.pax.web.ssl.keystore.type, Enabling HTTPS
- org.ops4j.pax.web.ssl.password, Enabling HTTPS
- org.osgi.service.http.enabled, Enabling HTTPS
- org.osgi.service.http.port.secure, Enabling HTTPS
- org.osgi.service.http.secure.enabled, Enabling HTTPS
- osgi:shutdown, Using a remote console
P
- patch:add, Applying a patch
- patch:install, Applying a patch
- patch:list, Applying a patch, Rolling back a patch
- patch:rollback, Rolling back a patch
- patch:simulate, Applying a patch
- patching
- fabric
- command console, Using the command console
- standalone, Applying a patch
- rollback, Rolling back a patch
- the management console, Using the management console
- PendingQueueSize, Subscription statistics
- persistent identifier, OSGi PIDs
- PID, OSGi PIDs
- PrefetchSize, Subscription statistics
- ProducerCount, Destination statistics
- profile
- creating, Procedure
- properties
- Apache Karaf placeholder extension, Jasypt configuration
- Aries placeholder extension, Placeholder extension
- encrypted, Encrypted properties
- LDAP, LDAP properties
- placeholder, Placeholders
- property-placeholder, Placeholder extension, Jasypt configuration
Q
- queue
- browse, Queue actions
- browseAsTable, Queue actions
- browseMessages, Queue actions
- copyMatchingMessagesTo, Queue actions
- copyMessageTo, Queue actions
- cursorSize, Queue actions
- doesCursorHaveMessagesBuffered, Queue actions
- doesCursorHaveSpace, Queue actions
- getMessage, Queue actions
- moveMatchingMessagesTo, Queue actions
- moveMessageTo, Queue actions
- purge, Queue actions
- removeMatchingMessages, Queue actions
- removeMessage, Queue actions
- resetStatistics, Queue actions
- retryMessage, Queue actions
- sendTextMessage, Queue actions
- QueueSize, Destination statistics
R
- remote console
- rmiServerPort, Advanced configuration
- role.base.dn, LDAP properties
- role.filter, LDAP properties
- role.name.attribute, LDAP properties
- role.search.subtree, LDAP properties
- roles
- default, Default role
- JMX, Changing the JMX role, Securing access to JMX
- LDAP configuration, LDAP properties
- remote console, Changing the remote console's role
- routine tasks, Routine tasks
- routing console
- securing, Securing the console
S
- service wrapper
- classpath, Adding classpath entries
- JMX configuration, JMX configuration
- JVM properties, Passing parameters to the JVM
- logging, Configuring logging
- shell, Starting a basic console
- shutdown, Stopping the broker from console mode
- ssh:ssh, Connecting a console to a remote broker, Using a remote console
- ssl, LDAP properties
- ssl.algorithm, LDAP properties
- ssl.keyalias, LDAP properties
- ssl.keystore, LDAP properties
- ssl.protocol, LDAP properties
- ssl.provider, LDAP properties
- ssl.truststore, LDAP properties
- SslSelectChannelConnector, Enabling SSL security
- standalone broker
- configuration template, Editing the configuration template
- deploying, Deploying a Standalone Broker
- runtime configuration, Editing the OSGi properties
- start, Starting in daemon mode
- stop, Stopping a broker running in daemon mode
- StoreLimit, Broker statistics
- StorePercentageUsed, Broker statistics
- subscription
- browse, Subscription actions
- browseAsTable, Subscription actions
- cursorSize, Subscription actions
- destory, Subscription actions
- doesCursorHaveMessagesBuffered, Subscription actions
- doesCursorHaveSpace, Subscription actions
- isMatchingQueue, Subscription actions
- isMatchingTopic, Subscription actions
- system service
- Redhat, Redhat Linux
- Ubuntu, Ubuntu Linux
- Windows, Windows
T
- TempLimit, Broker statistics
- TempPercentageUsed, Broker statistics
- tooling, Tools
- topic
- browse, Topic actions
- browseAsTable, Topic actions
- browseMessages, Topic actions
- resetStatistics, Topic actions
- sendTextMessage, Topic actions
- TotalConsumerCount, Broker statistics
- TotalDequeueCount, Broker statistics
- TotalEnqueueCount, Broker statistics
- TotalMessageCount, Broker statistics
- TotalProducerCount, Broker statistics
- transportConnector, Adding a transport connector definition, Adding a transport connector definition
- transportConnectors, Adding a transport connector definition, Adding a transport connector definition
U
- useJmx, Enabling and disabling
- useMBeanServer, Advanced configuration
- user.base.dn, LDAP properties
- user.filter, LDAP properties
- user.search.subtree, LDAP properties
V
- VisualVM, Tools
W
- Web console
- accessing, Accessing the console
- basic authentication, Enabling basic authentication
- clusters, Monitoring clusters
- port number, Changing the port
- roles, Editing user credentials
- securing, Securing the console
- SSL, Enabling SSL security
- user credentials, Editing user credentials
- webconsole.jms.url, Configuring Tomcat, Monitoring clusters
- webconsole.jmx.password, Configuring Tomcat
- webconsole.jmx.url, Configuring Tomcat, Monitoring clusters
- webconsole.jmx.user, Configuring Tomcat
X
- X.509
- configuration, Enabling HTTPS
Legal Notice
Trademark Disclaimer
Legal Notice
Third Party Acknowledgements
- JLine (http://jline.sourceforge.net) jline:jline:jar:1.0License: BSD (LICENSE.txt) - Copyright (c) 2002-2006, Marc Prud'hommeaux
mwp1@cornell.edu
All rights reserved.Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:- Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
- Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
- Neither the name of JLine nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - Stax2 API (http://woodstox.codehaus.org/StAX2) org.codehaus.woodstox:stax2-api:jar:3.1.1License: The BSD License (http://www.opensource.org/licenses/bsd-license.php)Copyright (c) <YEAR>, <OWNER> All rights reserved.Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
- Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
- Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - jibx-run - JiBX runtime (http://www.jibx.org/main-reactor/jibx-run) org.jibx:jibx-run:bundle:1.2.3License: BSD (http://jibx.sourceforge.net/jibx-license.html) Copyright (c) 2003-2010, Dennis M. Sosnoski.All rights reserved.Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
- Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
- Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
- Neither the name of JiBX nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - JavaAssist (http://www.jboss.org/javassist) org.jboss.javassist:com.springsource.javassist:jar:3.9.0.GA:compileLicense: MPL (http://www.mozilla.org/MPL/MPL-1.1.html)
- HAPI-OSGI-Base Module (http://hl7api.sourceforge.net/hapi-osgi-base/) ca.uhn.hapi:hapi-osgi-base:bundle:1.2License: Mozilla Public License 1.1 (http://www.mozilla.org/MPL/MPL-1.1.txt)