-
Language:
English
-
Language:
English
Managing and Monitoring a Broker
Administrative tasks made simple
Red Hat
Copyright © 2011-2014 Red Hat, Inc. and/or its affiliates.
Abstract
Chapter 1. Introduction
Abstract
Overview
Routine tasks
- installing SSL certificates
- starting the broker
- creating destinations
- stopping the broker
- maintaining the advisory topics
- monitoring the health of the broker
- monitoring the health of the destinations
Troubleshooting
- the broker's log file
- the advisory topics
- the broker's overall memory footprint
- the size of individual destination
- the total number of messages in the broker
- the size of the broker's persistent store
- a thread dump of the broker
Tools
- administration client—a command line tool that can be used to manage a broker and do rudimentary metric reporting
- console mode—a runtime mode that presents you with a custom console that provides a number of administrative options
- management console—a browser based console for viewing, monitoring, and deploying a group of distributed brokers
- JBoss Operations Network—an advanced monitoring and management tool that can provide detailed metrics and alerting.
- jconsole—a JMX tool that is shipped with the JDK
- VisualVM—a visual tool integrating several command line JDK tools and lightweight profiling capabilities
Chapter 2. Editing a Broker's Configuration
Abstract
- an XML configuration file
- OSGi persistent identifier properties
- standalone—if a broker is deployed as a standalone entity and not a part of a fabric, you change the configuration using a combination of directly editing the broker's configuration template file and the console's config shell.
- in a fabric—if a broker is deployed into a fabric its configuration is managed by the Fabric Agent which draws all of the configuration from the fabric's registry. To modify the container of a broker running as part of a fabric, you need to modify the profile(s) deployed into it. You can do this by using either the fabric:profile-edit console command or the management console.
2.1. Understanding the Red Hat JBoss A-MQ Configuration Model
Abstract
Overview
Figure 2.1. Red Hat JBoss A-MQ Configuration System
Configuration templates
- configuration templates use property placeholders for settings that will be controlled via the OSGi Admin service
- configuration templates do not configure the broker's name
- configuration templates do not configure the location of the data directory
- configuration templates do not configure transport connectors
- configuration templates do not configure network connectors
- configuration templates do not control if a broker is a master or a slave node
- configuration templates can be used as a baseline for multiple brokers on the same machine
${propName}
and are resolved by matching properties in the broker's PID. In order to use property placeholder the configuration template must include the bean definition shown in Example 2.1, “Adding Property Placeholder Support to Red Hat JBoss A-MQ Configuration”.
Example 2.1. Adding Property Placeholder Support to Red Hat JBoss A-MQ Configuration
<!-- Allows us to use system properties and fabric as variables in this configuration file --> <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> <property name="properties"> <bean class="org.fusesource.mq.fabric.ConfigurationProperties"/> </property> </bean> <broker ... > ... </broker>
Example 2.2. Configuration with Property Placeholders
<broker xmlns="http://activemq.apache.org/schema/core" brokerName="${broker-name}" dataDirectory="${data}" persistent="${persists}" start="false"> ... <persistenceAdapter> <jdbcPersistenceAdapter dataDirectory="${data}/derby" dataSource="#derby-ds" /> </persistenceAdapter> </broker>
OSGi PIDs
org.fusesource.mq.fabric.server
.
etc/
folder and use the .cfg
extension and are updated using the config shell. For broker's in a fabric the files are stored in the Fabric Ensemble and are edited using the fabric shell's profile management commands.
2.2. Editing a Standalone Broker's Configuration
Abstract
Overview
Editing the configuration template
etc/activemq.xml
. You can the location of the configuration template by changing the config property in the broker's etc/org.fusesource.mq.fabric.server-default.cfg
file.
Splitting activemq.xml into multiple files
etc/activemq.xml
file into multiple XML files. You can do this using standard XML entities, declared in a DTD internal subset. For example, say you have an etc/activemq.xml
file with the following outline:
<beans ... > ... <broker xmlns="http://activemq.apache.org/schema/core" brokerName="${broker-name}" dataDirectory="${data}" start="false" restartAllowed="false"> <destinationPolicy> <policyMap> <policyEntries> <policyEntry topic=">" producerFlowControl="true"> <pendingMessageLimitStrategy> <constantPendingMessageLimitStrategy limit="1000"/> </pendingMessageLimitStrategy> </policyEntry> <policyEntry queue=">" producerFlowControl="true" memoryLimit="1mb"> </policyEntry> </policyEntries> </policyMap> </destinationPolicy> <!-- Rest of the broker configuration --> ... </broker> </beans>
destinationPolicy
element in a separate file. First of all, create a new file, etc/destination-policy.xml
, to store the destinationPolicy
element, with the following content:
<destinationPolicy> <policyMap> <policyEntries> <policyEntry topic=">" producerFlowControl="true"> <pendingMessageLimitStrategy> <constantPendingMessageLimitStrategy limit="1000"/> </pendingMessageLimitStrategy> </policyEntry> <policyEntry queue=">" producerFlowControl="true" memoryLimit="1mb"> </policyEntry> </policyEntries> </policyMap> </destinationPolicy>
etc/destination-policy.xml
file in your etc/activemq.xml
file by editing activemq.xml
, as follows:
<!DOCTYPE beans [ <!ENTITY destinationpolicy SYSTEM "file:etc/destination-policy.xml"> ]> <beans ... > ... <broker xmlns="http://activemq.apache.org/schema/core" brokerName="${broker-name}" dataDirectory="${data}" start="false" restartAllowed="false"> &destinationpolicy; <!-- Rest of the broker configuration --> ... </broker> </beans>
&destinationpolicy;
entity reference.
destination-policy.xml
file, use the URL format, file:///path/to/file
. For example, to reference the absolute location, /var/destination-policy.xml
, you would use the following DOCTYPE
declaration at the start of the file:
<!DOCTYPE beans [ <!ENTITY destinationpolicy SYSTEM "file:///var/destination-policy.xml"> ]> ...
Format of the DOCTYPE declaration
DOCTYPE
declaration to use with the etc/activemq.xml
file is as follows:
<!DOCTYPE RootElement [ <!ENTITY EntityName SYSTEM "URL"> ]> ...
RootElement
- This must always match the name of the root element in the current file. In the case of
activemq.xml
, the root element isbeans
. EntityName
- The name of the entity you are defining with this ENTITY declaration. In the main part of the current XML file, you can insert the contents of this entity using the entity reference,
&EntityName;
. URL
- To store the contents of the entity in a file, you must reference the file using the
file:
scheme. Because of the way that ActiveMQ processes the XML file, it is not guaranteed to work, if you leave out thefile:
prefix. Relative paths have the formatfile:path/to/file
and absolute paths have the formatfile:///path/to/file
.
Editing the OSGi properties
etc/org.fusesource.mq.fabric.server-default.cfg
file. You can edit these values using the command console's config shell. The PID for these values are org.fusesource.mq.fabric.server.id
. The id is assigned by the container when the broker is started.
Config shell
- config:list—lists all of the runtime configuration files and the current values for their properties
- config:edit—opens an editing session for a configuration file
- config:propset—changes the value of a configuration property
- config:propdel—deletes a configuration property
- config:update—saves the changes to the configuration file being edited
2.3. Modifying a Running Standalone Broker's XML Configuration
Abstract
.xml
configuration file can be modified, saved, then applied while the broker is running. This dynamic runtime configuration feature is useful when you cannot disrupt the operation of existing producers or consumers with a broker restart.
Overview
.xml
configuration file (default is etc/activemq.xml
) directly using an external text or xml editor. Once the edits are saved, the runtime configuration plugin, which monitors the broker's .xml
configuration file, applies any detected runtime-supported changes to the running broker. These changes persist through broker restarts.
.xml
configuration file:
- network connectors—add a network connector to a broker or modify the attributes of an existing one
- virtual destinations—add a virtual destination to a broker or modify the attributes of an existing one
- destination policy—add a subset of <policyEntry> attributes
- authorization roles—add or modify roles that define read/write/admin access to queues and topics.
Prerequisites
- Disable configuration monitoring by the OSGi service factoryYou need to prevent the OSGi service factory from restarting the broker when it detects a change in the broker's configuration. To do so, you edit the installDir
/etc/org.fusesource.mq.fabric.server-default.cfg
file to add the line config.check=false.ImportantIf you fail to disable the OSGi service factory, it will override theruntimeConfigurationPlugin
and restart the broker when it detects a change.If the broker is stopped, you can edit this file directly using an external text or xml editor. If the broker is running, you must use the appropriate config: shell commands to edit this file (see the section called “Editing the OSGi properties”. - Enable dynamic runtime configurationTo enable dynamic runtime configuration, you must set two values in the broker's
.xml
configuration file:- In the
<broker.../>
element, addstart="false"
; for example:<broker xmlns="http://activemq.apache.org//schema/core" ... start="false".../>
This setting prevents Spring from starting the broker when the spring context is loaded. If Spring starts the broker, the broker will not know the location of the resource that created it, leaving the runtime configuration plugin with nothing to monitor. - In the <plugins> element, add
<runtimeConfigurationPlugin checkPeriod="1000">
to enable automated runtime configuration; for example:<plugins> <runtimeConfigurationPlugin checkPeriod="1000" /> </plugins>
The runtime configuration plugin monitors the broker's.xml
configuration file at intervals ofcheckPeriod
and applies only the runtime-supported changes that it detects to the running broker. Modifications made to the attributes of other properties in the broker's.xml
configuration file are ignored until the next broker restart.NoteThe unit of value forcheckPeriod
is milliseconds. The default is0
, which disables checking for changes. Using the default, you must manually trigger updates via JMX.
Dynamically updating network connectors
.xml
configuration file.
<networkConnectors> <networkConnector uri="static:(tcp://localhost:5555)" networkTTL="1" name="one" ... /> </networkConnectors>
Dynamically updating virtual destinations
.xml
configuration file.
<destinationInterceptors> <virtualDestinationInterceptor> <virtualDestinations> <virtualTopic name="B.>" selector="false" /> </virtualDestinations> </virtualDestinationInterceptor> </destinationInterceptors>
checkPeriod
interval.
.xml
configuration file. The first time you add a virtual destination, you must add the entire <destinationInterceptors> section to the broker's .xml
configuration file. Doing so replaces the broker's default <destinationInterceptors> configuration.
Dynamically updating the destination policy
.xml
configuration file.
<policyEntry>
element, which apply to queues and topics.
Table 2.1. Dynamically changeable <policyEntry> attributes
Attribute | Type | Queues | Topics |
---|---|---|---|
allConsumersBeforeDispatchStarts | boolean | Y | N |
alwaysRetroactive | boolean | Y | N |
advisoryForConsumed | boolean | Y | N |
advisoryForDelivery | boolean | Y | N |
advisoryForDiscardingMessages | boolean | Y | N |
advisoryForFastProducers | boolean | Y | N |
advisoryForSlowConsumers | boolean | Y | N |
advisoryWhenFull | boolean | Y | N |
blockedProducerWarningInterval | long | Y | N |
consumersBeforeDispatchStarts | int | Y | N |
cursorMemoryHighWaterMark | int | Y | N |
doOptimizeMessageStore | boolean | Y | N |
gcIsInactiveDestinations | boolean | Y | N |
gcWithNetworkConsumers | boolean | Y | N |
inactiveTimeoutBeforeGC | long | Y | N |
lazyDispatch | boolean | Y | Y |
maxBrowsePageSize | int | Y | N |
maxExpirePageSize | int | Y | N |
maxPageSize | int | Y | N |
memoryLimit | string | Y | Y |
minimumMessageSize | long | Y | N |
optimizedDispatch | boolean | Y | N |
optimizeMessageStoreInFlightLimit | int | Y | N |
producerFlowControl | boolean | Y | N |
reduceMemoryFootprint | boolean | Y | N |
sendAdvisoryIfNoConsumers | boolean | Y | N |
storeUsageHighWaterMark | int | Y | N |
strictOrderDispatch | boolean | Y | N |
timeBeforeDispatchStarts | int | Y | N |
useConsumerPriority | boolean | Y | N |
Destination policies to control paging
maxPageSize
- The maximum number of messages paged into memory for sending to a destination.
maxBrowsePageSize
- NoteThe number of messages paged in for browsing cannot exceed the destination's
memoryLimit
setting. maxExpirePageSize
- The maximum number of messages paged into memory to check for expired messages.
Dynamically updating authorization roles
- add the authorization plugin to the
<plugins>
section of the broker's.xml
configuration file - configure the authorization plugin's
<map>
element
<plugins> <runtimeConfigurationPlugin checkPeriod="1000" /> <authorizationPlugin> <map> <authorizationMap> <authorizationEntries> <authorizationEntry queue=">" read="admins" write="admins" admin="admins" /> <authorizationEntry queue="USERS.>" read="users" write="users" admin="users" /> <authorizationEntry topic=">" read="admins" write="admins" admin="admins" /> <authorizationEntry topic="USERS.>" read="users" write="users" admin="users" /> ...
2.4. Editing a Broker's Configuration in a Fabric
Abstract
Overview
Profiles
- the Apache Karaf features to be deployed
- OSGi bundles to be deployed
- the repositories from which artifacts can be provisioned
- properties that configure the broker's runtime behavior
Procedure
- Create a configuration template.
- Create a base profile for all of the brokers in the fabric using the configuration template.
- Create profiles that inherit from the base profile that will be assigned to one or more brokers.
- Modify the properties in each of the profiles to the desired values for the brokers to which the profile will be assigned.
- Assign the new profiles to the desired brokers.
Creating a base profile
- Optionally create a new profile version using the fabric:version-create command.This will create a new copy of the existing profiles.
- Import the new XML template into the registry using the fabric:import command as shown in Example 2.4, “Creating a Profile Using an XML Configuration Template”.
Example 2.3. Importing an XML Configuration Template
JBossA-MQ:karaf@root>
fabric:import -t /fabric/configs/versions/version/profiles/mq-base/xmlTemplate xmlTemplatePath
- Create a new configuration profile instance to hold the new XML template using the fabric:mq-create command as shown in Example 2.4, “Creating a Profile Using an XML Configuration Template”.
Example 2.4. Creating a Profile Using an XML Configuration Template
JBossAMQ:karaf@root>
fabric:mq-create --config xmlTemplate profileName
This will create a new profile that is based on the default broker profile but uses the imported XML template.
Creating deployment profiles and assigning them to brokers
- Create new profile using the fabric:profile-create command as shown in Example 2.5, “Creating a Deployment Profile”.
Example 2.5. Creating a Deployment Profile
JBossA-MQ:karaf@root>
fabric:profile-create --parents baseProfile profileName
- Add values for the property placeholders using the fabric:profile-edit command as shown in Example 2.6, “Setting Properties in a Profile”.
Example 2.6. Setting Properties in a Profile
JBossAMQ:karaf@root>
fabric:profile-edit -p org.fusesource.mq.fabric.server-profileName/propName=propVal profileName
The fabric properties for a broker are specified using the PIDorg.fusesource.mq.fabric.server-profileName
, so to specify a value for the broker-name property for the profile calledmyBroker
you would use the command shown in Example 2.7, “Setting the Broker Name Property”.Example 2.7. Setting the Broker Name Property
JBossAMQ:karaf@root>
fabric:profile-edit -p org.fusesource.mq.fabric.server-myBroker/broker-name=esmeralda myBroker
- Assign the new profile to one or more brokers using the fabric:container-add-profile command as shown in Example 2.8, “Assigning a Profile to a Broker”.
Example 2.8. Assigning a Profile to a Broker
JBossAMQ:karaf@root>
fabric:container-add-profile brokerName profileName
Using the management console
Chapter 3. Security Basics
Abstract
3.1. Security Overview
Overview
Ports exposed by the Red Hat JBoss A-MQ container
Figure 3.1. Ports Exposed by the Red Hat JBoss A-MQ Container
- Console port—enables remote control of a container instance, through Apache Karaf shell commands. This port is enabled by default and is secured both by JAAS authentication and by SSL.
- JMX port—enables management of the container through the JMX protocol. This port is enabled by default and is secured by JAAS authentication.
- Web console port—provides access to an embedded Jetty container that hosts the Fuse Management Console.
Authentication and authorization system
3.2. Basic Security Configuration
Overview
- configure access to the Fuse Management Console
- assign roles to each of the remote ports to limit access
- strengthen the credentials needed to access the remote console
Create a secure JAAS user
InstallDir/etc/users.properties
file and add a new user field, as follows:
Username=Password,admin
Username
and Password
are the new user credentials. The admin
role gives this user the privileges to access all administration and management functions of the container. For more details about JAAS, see the Security Guide.
Assigning roles for remote access
- SSH (remote console login)To override the default role for the remote console add a
sshRole
property to theorg.apache.karaf.shell
PID. The following sets the role toadmin
:sshRole=admin
- JMX managementTo override the default role for JMX add a
jmxRole
property to theorg.apache.karaf.management
PID. The following sets the role tojmx
:jmxRole=jmx
Strengthening security on the remote console port
- Make sure that the JAAS user credentials have strong passwords.
- Customize the X.509 certificate (replace the Java keystore file,
InstallDir/etc/host.key
, with a custom key pair).
3.3. Disabling Broker Security
Overview
Standalone server
InstallDir/etc/activemq.xml
file using a text editor and look for the following lines:
...
<plugins>
<jaasAuthenticationPlugin configuration="karaf" />
</plugins>
...
jaasAuthenticationPlugin
element. The next time you start up the JBoss A-MQ container using the start script the broker will run with unsecured ports.
Chapter 4. Securing a Standalone Red Hat JBoss A-MQ Container
Abstract
4.1. Defining JAAS Realms
Overview
jaas:config
element for defining JAAS realms in a blueprint configuration file. The JAAS realms defined in this way are made available to all of the application bundles deployed in the container, making it possible to share the JAAS security infrastructure across the whole container.
Namespace
jaas:config
element is defined in the http://karaf.apache.org/xmlns/jaas/v1.0.0
namespace. When defining a JAAS realm you will need to include the line shown in Example 4.1, “JAAS Blueprint Namespace”.
Example 4.1. JAAS Blueprint Namespace
xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
Configuring a JAAS realm
jaas:config
element is shown in Example 4.2, “Defining a JAAS Realm in Blueprint XML”.
Example 4.2. Defining a JAAS Realm in Blueprint XML
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"> <jaas:config name="JaasRealmName" [rank="IntegerRank"]> <jaas:module className="LoginModuleClassName" [flags="[required|requisite|sufficient|optional]"]> Property=Value ... </jaas:module> ... <!-- Can optionally define multiple modules --> ... </jaas:config> </blueprint>
jaas:config
- Defines the JAAS realm. It has the following attributes:
name
—specifies the name of the JAAS realm.rank
—specifies an optional rank for resolving naming conflicts between JAAS realms . When two or more JAAS realms are registered under the same name, the OSGi container always picks the realm instance with the highest rank.
jaas:module
- Defines a JAAS login module in the current realm.
jaas:module
has the following attributes:className
—the fully-qualified class name of a JAAS login module. The specified class must be available from the bundle classloader.flags
—determines what happens upon success or failure of the login operation. Table 4.1, “Flags for Defining a JAAS Module” describes the valid values.Table 4.1. Flags for Defining a JAAS Module
Value Description required
Authentication of this login module must succeed. Always proceed to the next login module in this entry, irrespective of success or failure. requisite
Authentication of this login module must succeed. If success, proceed to the next login module; if failure, return immediately without processing the remaining login modules. sufficient
Authentication of this login module is not required to succeed. If success, return immediately without processing the remaining login modules; if failure, proceed to the next login module. optional
Authentication of this login module is not required to succeed. Always proceed to the next login module in this entry, irrespective of success or failure.
The contents of ajaas:module
element is a space separated list of property settings, which are used to initialize the JAAS login module instance. The specific properties are determined by the JAAS login module and must be put into the proper format.NoteYou can define multiple login modules in a realm.
Converting standard JAAS login properties to XML
PropertiesLogin
realm using the Red Hat JBoss A-MQ properties login module class, PropertiesLoginModule
:
Example 4.3. Standard JAAS Properties
PropertiesLogin { org.apache.activemq.jaas.PropertiesLoginModule required org.apache.activemq.jaas.properties.user="users.properties" org.apache.activemq.jaas.properties.group="groups.properties"; };
jaas:config
element in a blueprint file, is shown in Example 4.4, “Blueprint JAAS Properties”.
Example 4.4. Blueprint JAAS Properties
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0" xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0"> <jaas:config name="PropertiesLogin"> <jaas:module className="org.apache.activemq.jaas.PropertiesLoginModule" flags="required"> org.apache.activemq.jaas.properties.user=users.properties org.apache.activemq.jaas.properties.group=groups.properties </jaas:module> </jaas:config> </blueprint>
Example
LDAPLogin
realm to use Red Hat JBoss A-MQ's LDAPLoginModule
class, which connects to the LDAP server located at ldap://localhost:10389.
Example 4.5. Configuring a JAAS Realm
<?xml version="1.0" encoding="UTF-8"?> <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0" xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0"> <jaas:config name="LDAPLogin" rank="1"> <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required"> initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory connection.username=uid=admin,ou=system connection.password=secret connection.protocol= connection.url = ldap://localhost:10389 user.base.dn = ou=users,ou=system user.filter = (uid=%u) user.search.subtree = true role.base.dn = ou=users,ou=system role.filter = (uid=%u) role.name.attribute = ou role.search.subtree = true authentication = simple </jaas:module> </jaas:config> </blueprint>
4.2. Enabling LDAP Authentication
Overview
org.apache.karaf.jaas.modules.ldap.LDAPLoginModule
class. It is preloaded in the container, so you do not need to install it's bundle.
Procedure
jaas:module
element to the realm and setting its className
attribute to org.apache.karaf.jaas.modules.ldap.LDAPLoginModule
.
Example 4.6. Red Hat JBoss A-MQ LDAP JAAS Login Module
<jaas:config ... > <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required"> ... </jaas:module> </jaas:config>
LDAP properties
Table 4.2. Properties for the Red Hat JBoss A-MQ LDAP Login Module
Example
Example 4.7. Configuring a JAAS Realm that Uses LDAP Authentication
<?xml version="1.0" encoding="UTF-8"?> <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0" xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0"> <jaas:config name="karaf" rank="1"> <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="sufficient"> initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory connection.username=uid=admin,ou=system connection.password=secret connection.protocol= connection.url = ldaps://localhost:10636 user.base.dn = ou=users,ou=system user.filter = (uid=%u) user.search.subtree = true role.base.dn = ou=roles,ou=system,dc=fusesource role.filter = (uid=%u) role.name.attribute = cn role.search.subtree = true authentication = simple ssl.protocol=TLSv1 ssl.truststore=truststore ssl.algorithm=PKIX </jaas:module> ... </jaas:config> </blueprint>
ssl.protocol
to TLSv1
, in order to protect against the Poodle vulnerability (CVE-2014-3566)
4.3. Using Encrypted Property Placeholders
Overview
- Create a properties file with encrypted values.
- Add the proper namespaces to your blueprint file.
- Import the properties using the Aries property placeholder extension.
- Configure the Jasypt encryption algorithm.
- Use the placeholders in your blueprint file.
- Ensure that the Jasypt features are installed into the Red Hat JBoss A-MQ container.
Encrypted properties
ENC()
function as shown in Example 4.8, “Property File with an Encrypted Property”.
Example 4.8. Property File with an Encrypted Property
#ldap.properties ldap.password=ENC(amIsvdqno9iSwnd7kAlLYQ==) ldap.url=ldap://192.168.1.74:10389
Namespaces
- Aries extensions—
http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0
- Apache Karaf Jasypt—
http://karaf.apache.org/xmlns/jasypt/v1.0.0
Example 4.9. Encrypted Property Namespaces
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0" xmlns:enc="http://karaf.apache.org/xmlns/jasypt/v1.0.0"> ... </blueprint>
Placeholder extension
property-paceholder
element to you blueprint file. As shown in Example 4.10, “Aries Placeholder Extension”, it must come before the Jasypt configuration or the use of placeholders.
Example 4.10. Aries Placeholder Extension
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0" xmlns:enc="http://karaf.apache.org/xmlns/jasypt/v1.0.0"> <ext:property-placeholder> <location>file:etc/ldap.properties</location> </ext:property-placeholder> ... </blueprint>
property-paceholder
element's location
child specifies the location of the property file that contains the properties to use for the configuration. You can specify multiple files by using multiple location
children.
Jasypt configuration
property-placeholder
element. It has one child, encoder
, that contains the actual Jasypt configuration.
encoder
element's mandatory class
attribute specifies the fully qualified classname of the Jasypt encryptor to use for decrypting the properties. The encoder
element can take a property
child that defines a Jasypt PBEConfig
bean for configuring the encryptor.
Example 4.11. Jasypt Blueprint Configuration
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0" xmlns:enc="http://karaf.apache.org/xmlns/jasypt/v1.0.0"> <ext:property-placeholder> <location>file://ldap.properties</location> <enc:property-placeholder> <enc:encryptor class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor"> <property name="config"> <bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig"> <property name="algorithm" value="PBEWithMD5AndDES" /> <property name="passwordEnvName" value="FUSE_ENCRYPTION_PASSWORD" /> </bean> </property> </enc:encryptor> </enc:property-placeholder> ... </blueprint>
Placeholders
${prop.name}
.
Example 4.12. Jasypt Blueprint Configuration
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0" xmlns:enc="http://karaf.apache.org/xmlns/jasypt/v1.0.0"> <ext:property-placeholder> <location>file://ldap.properties</location> <enc:property-placeholder> <enc:encryptor class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor"> <property name="config"> <bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig"> <property name="algorithm" value="PBEWithMD5AndDES" /> <property name="passwordEnvName" value="FUSE_ENCRYPTION_PASSWORD" /> </bean> </property> </enc:encryptor> </enc:property-placeholder> <jaas:config name="karaf" rank="1"> <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required"> initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory debug=true connectionURL=${ldap.url} connectionUsername=cn=mqbroker,ou=Services,ou=system,dc=fusesource,dc=com connectionPassword=${ldap.password} connectionProtocol= authentication=simple userRoleName=cn userBase = ou=User,ou=ActiveMQ,ou=system,dc=fusesource,dc=com userSearchMatching=(uid={0}) userSearchSubtree=true roleBase = ou=Group,ou=ActiveMQ,ou=system,dc=fusesource,dc=com roleName=cn roleSearchMatching= (member:=uid={1}) roleSearchSubtree=true </jaas:module> </jaas:config> </blueprint>
${ldap.password}
placeholder will be replaced with the decrypted value of the ldap.password
property from the properties file.
Installing the Jasypt features
jasypt-encryption
feature using the features:install command as shown in Example 4.13, “Installing the Jasypt Feature”.
Example 4.13. Installing the Jasypt Feature
karaf@root>
features:install jasypt-encryption
4.4. Configuring Roles for the Administrative Protocols
Overview
Administration protocols
- SSH (remote console login)
- JMX management
Default role
karaf.admin.role
property in the broker's etc/system.properties
file. For example, the default setting of karaf.admin.role
is:
karaf.admin.role=admin
admin
role set by karaf.admin.role
for each of the administrative protocols.
Changing the remote console's role
sshRole
property to the etc/org.apache.karaf.shell.cfg
file. The following sets the role to admin
:
sshRole=admin
Changing the JMX role
jmxRole
property to the etc/org.apache.karaf.management.cfg
file.
Chapter 5. Securing Fabric Containers
Abstract
karaf
JAAS realm. This realm is defined in the fabric-jaas
feature. It is deployed to all containers in the fabric as part of the default
profile.
karaf
JAAS realm to use a proper login module. The fabric containers include an LDAP module that is preloaded and simply needs to be activated. Doing so requires that the new JAAS realm be defined in OSGi blueprint files and deployed to the container's in the fabric.
5.1. Using the Default Authentication System
Abstract
5.1.1. Managing Users
Viewing user data
Adding a user
- Click Users from the main menu.The Users page opens.
- Click Create User.The Create New User dialog opens.
- In the Username field, enter a unique name for the user.The user name must be at least five characters long.
- In the Password field, enter a password for the user.The password must be atleast six characters long.
- In the Repeat Password field, reenter the password for the user.
- Click Create.The dialog closes and the new user is added to the list.
Removing a user
- Click Users from the main menu.The Users page opens.
- Select the user to be deleted from the list.
- Click Delete User.A confirmation dialog opens.
- Click Yes.The dialog closes and the user is removed from the list.
Changing a user's password
- Click Users from the main menu.The Users page opens.
- Select the user to update from the list.
- Click Change Password.The Change Password dialog opens.
- In the Password field, enter a password for the user.The password must be at least six characters long.
- In the Repeat Password field, reenter the password for the user.
- Click Change.The dialog closes and a message shows that the password was changed.
Adding a role to a user
- Click Users from the main menu.The Users page opens.
- Select the user to update from the list.
- Click Add Role.The Add New Role dialog opens.
- In the Role Name field, enter a role for the user.
- Click Add.The dialog closes and a message shows that the role was added.
Deleting a role from a user
- Click Users from the main menu.The Users page opens.
- Select the user to update from the list.The user's roles are listed on the right side of the page.
- Click the X opposite the role to delete.A confirmation dialog opens.
- Click Yes.The dialog closes and the role is removed from the list.
5.1.2. Encrypting Stored Passwords
Overview
karaf
realm. This can be done by adding the appropriate configuration properties to the io.fabric8.jaas
PID and ensuring that they are applied to all of the containers in the fabric.
Editing the default profile
default
profile. It is applied to all containers in a fabric through inheritance.
default
profile, you should create a new profile version. Editing the active default
profile could make your fabric unstable.
default
profile:
- Select the management console's Profiles tab.
- Create a new version by clicking Create Version.The Create New Version dialog appears.
- Optionally enter a name for the new version in the NameIf you leave the Name field blank, the management console will use the name of the parent version and append the next available version number, starting from 1, to the name. For example, if version
brokers1
existed, the management console would create versionbrokers1.1
. - From the Parent Version list, select the version from which the new version will originate.By default Use most recently created version is selected.
- Click Create to create the version.The dialog will close and the new version will be listed in the Versions table.
- Select the new version from the Versions list.
- Select the
default
profile from the Profiles list.The Profiles page for the selected profile opens. - Select the Config Files tab.
- Select
io.fabric8.jaas
from the list.A text editing window opens. - Enter values for the properties described in Table 5.1, “JAAS Encryption Properties” following the example shown in Example 5.1, “Password Encryption Configuration”.
Example 5.1. Password Encryption Configuration
encryption.enabled = true encryption.name = jasypt encryption.algorithm = SHA-256 encryption.encoding = base64 encryption.iterations = 100000 encryption.saltSizeBytes = 16
- Click Save.
- If you configure the encryption to use Jasypt, add the
jasypt-encryption
feature to the profile.- Select the Repositories tab.
- In the Add repository field enter
mvn:org.apache.karaf.assemblies.features/standard/2.3.0.fuse-71-044/xml/features
. - Click Add.
- Select the Features tab.
- From the Repository list select mvn:org.apache.karaf.assemblies.features/standard/2.3.0.fuse-71-044/xml/features.
- From the Features list select jasypt-encryption.
- Select the management console's Containers tab.
- Click Migrate Containers.
- Click Select All.
- Select the version to which you added encryption from the Target Version table.
- Click Apply.
Configuration properties
Table 5.1. JAAS Encryption Properties
Property | Description |
---|---|
encryption.enabled | Specifies if password encryption is enabled. |
encryption.name | Specifies the name of the encryption service, which has been registered as an OSGi service. See the section called “Encryption services”. |
encryption.prefix | Specifies the prefix for encrypted passwords. |
encryption.suffix | Specifies the suffix for encrypted passwords. |
encryption.algorithm |
Specifies the name of the encryption algorithm—for example,
MD5 or SHA-1 . You can specify one of the following encryption algorithms:
|
encryption.encoding | Specifies the encrypted passwords encoding: hexadecimal or base64 . |
encryption.providerName (Jasypt only) | Name of the java.security.Provider instance that is to provide the digest algorithm. |
encryption.providerClassName (Jasypt only) | Specifies the class name of the security provider that is to provide the digest algorithm. |
encryption.iterations (Jasypt only) | Specifies the number of times to apply the hash function recursively. |
encryption.saltSizeBytes (Jasypt only) | Specifies the size of the salt used to compute the digest. |
encryption.saltGeneratorClassName (Jasypt only) | Specifies the class name of the salt generator. |
role.policy | Specifies the policy for identifying role principals. Can have the values, prefix or group . |
role.discriminator | Specifies the discriminator value to be used by the role policy. |
Encryption services
org.apache.karaf.jaas.modules.EncryptionService
interface and exporting an instance of the encryption service as an OSGi service. Two alternative implementations of the encryption service are provided:
- Basic encryption service—installed in the standalone container by default and you can reference it by setting the
encryption.name
property to the value,basic
. In the basic encryption service, the message digest algorithms are provided by the SUN security provider (the default security provider in the Oracle JDK). - Jasypt encryption—can be installed in the standalone container by installing the
jasypt-encryption
feature. To access the Jasypt encryption service, set theencryption.name
property to the value,jasypt
.For more information about Jasypt encryption, see the Jasypt documentation.
5.2. Defining JAAS Realms in a Fabric
Overview
jaas:config
element for defining JAAS realms. The difference is that when containers are deployed in a fabric, the JAAS realms need to be pushed out the fabric registry and all of the containers in the fabric need to share the same JAAS realms.
Procedure
- Create a Maven project to package and deploy the JAAS realm to the fabric's Maven proxy as shown in the section called “Creating a Maven project for deploying a JAAS realm”.
- Create a JAAS realm that uses the LDAP login module:
- Open the blueprint XML file in
src/main/resources/OSGI-INF/my-service.xml
in a text editor. - Delete the
bean
andservice
elements. - Add a
jaas:config
element to the blueprint.See Section 4.1, “Defining JAAS Realms” for details on configuring the JAAS realm.
- Deploy the JAAS realm to the fabric's maven proxy using the mvn deploy command.
- In the management console create a new profile for deploying the new realm.
- Select the Bundles tab.
- Add the bundle you uploaded for the JAAS realm to the profile.Bundles are specified using Maven URLs. For example if your project's group ID is
my.jaas.realm
and the artifact ID isjaas
, the Maven URL for the bundle will be mvn:my.jaas.realm/ldap/version. - Add the new profile to all of the containers in the fabric.
Creating a Maven project for deploying a JAAS realm
- Use the
karaf-blueprint-archetype
archetype to generate a template project.Example 5.2, “Create a Maven Project” shows how to invoke the archetype from the command line.Example 5.2. Create a Maven Project
mvn archetype:generate -DarchetypeGroupId=org.apache.karaf.archetypes -DarchetypeArtifactId=karaf-blueprint-archetype -DgroupId=groupID -DartifactId=artifactID
- Remove the project's
src/main/java
folder.This folder holds template Java classes for implementing an OSGi service, but the JAAS realm does not require any Java classes. - Open the project's POM in a text editor.
- Add a
distributionManagement
element, similar to the one shown in Example 5.3, “Fabric Maven Proxy Distribution Settings”, to the POM.Example 5.3. Fabric Maven Proxy Distribution Settings
<distributionManagement> <repository> <id>fabric-maven-proxy</id> <name>FMC Maven Proxy</name> <url>http://username:password@localhost:8107/maven/upload/</url> </repository> </distributionManagement>
You will need to modify theurl
element to include the connection details for your environment:- The username and password are the credentials used access the Fabric Server to which you are trying to connect.
- The hostname,
localhost
in Example 5.3, “Fabric Maven Proxy Distribution Settings”, is the address of the machine hosting the Fabric Server. - The port number,
8107
in Example 5.3, “Fabric Maven Proxy Distribution Settings”, is the port number exposed by the Fabric Server.8107
is the default setting. - The path,
/maven/upload/
in Example 5.3, “Fabric Maven Proxy Distribution Settings”, is the same for all Fabric Servers.
5.3. Enabling LDAP Authentication
Abstract
Overview
org.apache.karaf.jaas.modules.ldap.LDAPLoginModule
class. It is preloaded by the containers, so you do not need to install its bundle.
karaf
realm to use the LDAP login module and deploy it to every container in the management console's fabric. Once this is done, all access to the management console Fuse Management Console, and all of the fabric containers' command consoles, will be authenticated against your LDAP server.
Procedure
- Create a Maven project to package and deploy the LDAP JAAS realm to the fabric's Maven proxy as shown in the section called “Creating a Maven project for deploying a JAAS realm”.
- Create a JAAS realm that uses the LDAP login module:
- Open the blueprint XML file in
src/main/resources/OSGI-INF/my-service.xml
in a text editor. - Delete the
bean
andservice
elements. - Add a
jaas:config
element to the blueprint. - Add a
name
attribute to thejaas:config
element and set its value tokaraf
.NoteThis will override the default realm used by the container. - Add a
rank
attribute to thejaas:config
element and set its value to5
.NoteThis will insure that this realm is used by the container. - Add a
jaas:module
element to thejaas:config
element. - Add a
className
attribute to thejaas:module
element and set its value toorg.apache.karaf.jaas.modules.ldap.LDAPLoginModule
.Example 5.4, “LDAP JAAS Login Module” shows the blueprint file.Example 5.4. LDAP JAAS Login Module
<jaas:config ... > <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required"> ... </jaas:module> </jaas:config>
- Provide values for the properties described in Table 4.2, “Properties for the Red Hat JBoss A-MQ LDAP Login Module”.
- Deploy the JAAS realm to the fabric's maven proxy using the mvn deploy command.
- In the management console create a new profile for deploying the LDAP realm.See Using the Management Console.
- Select the Bundles tab.
- Add the bundle you uploaded for the JAAS realm to the profile.Bundles are specified using Maven URLs. For example if your project's group ID is
my.jaas.realm
and the artifact ID isldap
, the Maven URL for the bundle will be mvn:my.jaas.realm/ldap/version.See Using the Management Console. - Add the new profile to all of the containers in the fabric.See Using the Management Console.
Chapter 6. Installing Red Hat JBoss A-MQ as a Service
Abstract
- Generate the service wrapper for your system.
- Configure the launch script for your system.
- Configure the service wrapper for your system.
- Install the service wrapper as system service.
6.1. Generating the Wrapper
Abstract
Overview
wrapper
feature generates a wrapper around the JBoss A-MQ runtime that allows you to install a message broker as a system service. The wrapper
feature does not come preinstalled in the console, so before you can generate the service wrapper you must install the wrapper
feature.
Procedure
- Start JBoss A-MQ in console mode using the amq command.
- Once the console is started and the command prompt appears, enter
features:install wrapper
.The features:install command will locate the required libraries to provision the wrapper feature and deploy it into the run time. - Generate the wrapper by entering
wrapper:install -n serviceName -d displayName -D description
.The wrapper:install command has the options described in Table 6.1, “Wrapper Install Options”.Table 6.1. Wrapper Install Options
Option Default Description -s
AUTO_START
(Windows only) Specifies the mode in which the service is installed. Valid values are AUTO_START
orDEMAND_START
.-n
karaf
Specifies the service name that will be used when installing the service. -d
Specifies the display name of the service. -D
Specifies the description of the service.
Generated files
bin\ServiceName-wrapper[.exe]
—the executable file for the wrapper.bin\ServiceName-service[.bat]
—the script used to install and remove the service.etc\ServiceName-wrapper.conf
—the wrapper's configuration file.- Three library files required by the service wrapper:
lib\libwrapper.so
lib\karaf-wrapper.jar
lib\karaf-wrapper-main.jar
6.2. Configure the Script
Abstract
ServiceName-service[.bat]
file, is located under the InstallDir/bin/
directory.
Overview
ServiceName-service[.bat]
file, as described here.
RUN_AS_USER
RUN_AS_USER
variable is set, the ServiceName-service[.bat]
script runs as the specified user. For example, to run the script as the user, mquser
, search for the line, #RUN_AS_USER
, uncomment the line, and set the variable as follows:
RUN_AS_USER=mquser
wrapper.log
files. Failure to be able to write the log file will cause the Wrapper to exit without any way to write out an error message.
PRIORITY
nice
command by setting the PRIORITY
variable (it is not set by default).
6.3. Configuring the Wrapper
Abstract
ServiceName-wrapper.conf
file, which is located under the InstallDir/etc/
directory.
Overview
ServiceName-wrapper.conf
file, which is located under the InstallDir/etc/
directory.
- the default environment settings
- the properties passed to the JVM
- the classpath
- the JMX settings
- the logging settings
Specifying the Red Hat JBoss A-MQ's environment
KARAF_HOME
—the location of the Red Hat JBoss A-MQ install directory.KARAF_BASE
—the root directory containing the configuration and OSGi data specific to the broker instance.The configuration for the broker instance is stored in theKARAF_BASE/conf
directory. Other data relating to the OSGi runtime is also stored beneath the base directory.KARAF_DATA
—the directory containing the logging and persistence data for the broker.
Example 6.1. Default Environment Settings
set.default.KARAF_HOME=InstallDir set.default.KARAF_BASE=InstallDir set.default.KARAF_DATA=InstallDir\data
Passing parameters to the JVM
wrapper.java.additional.<n>
. <n> is a sequence number that must be distinct for each parameter.
wrapper.java.additional.<n>=-DPropName=PropValue
.
Example 6.2. Default Java System Properties
# JVM # note that n is the parameter number starting from 1. wrapper.java.additional.1=-Dkaraf.home="%KARAF_HOME%" wrapper.java.additional.2=-Dkaraf.base="%KARAF_BASE%" wrapper.java.additional.3=-Dkaraf.data="%KARAF_DATA%" wrapper.java.additional.4=-Dcom.sun.managment.jmxremote wrapper.java.additional.5=-Dkaraf.startLocalConsole=false wrapper.java.additional.6=-Dkaraf.startRemoteShell=true wrapper.java.additional.7=-Djava.endorsed.dirs="%JAVA_HOME%/jre/lib/endorsed;%JAVA_HOME%/lib/endorsed;%KARAF_HOME%/lib/endorsed" wrapper.java.additional.8=-Djava.ext.dirs="%JAVA_HOME%/jre/lib/ext;%JAVA_HOME%/lib/ext;%KARAF_HOME%/lib/ext"
Adding classpath entries
wrapper.java.classpath.<n>
. <n> is a sequence number that must be distinct for each classpath entry.
Example 6.3. Default Wrapper Classpath
wrapper.java.classpath.1=%KARAF_BASE%/lib/karaf-wrapper.jar wrapper.java.classpath.2=%KARAF_HOME%/lib/karaf.jar wrapper.java.classpath.3=%KARAF_HOME%/lib/karaf-jaas-boot.jar wrapper.java.classpath.4=%KARAF_BASE%/lib/karaf-wrapper-main.jar
JMX configuration
- Locate the line
# Uncomment to enable jmx
.There are three properties, shown in Example 6.4, “Wrapper JMX Properties”, that are used to configure JMX.Example 6.4. Wrapper JMX Properties
# Uncomment to enable jmx #wrapper.java.additional.n=-Dcom.sun.management.jmxremote.port=1616 #wrapper.java.additional.n=-Dcom.sun.management.jmxremote.authenticate=false #wrapper.java.additional.n=-Dcom.sun.management.jmxremote.ssl=false
- Remove the
#
from in front of each of the properties. - Replace the
n
in each property to a number that fits into the sequence of addition properties established in the configuration.
Configuring logging
Table 6.2. Wrapper Logging Properties
Property | Description |
---|---|
wrapper.console.format |
Specifies how the logging information sent to the console is formated. The format consists of the following tokens:
|
wrapper.console.loglevel | Specifies the logging level displayed on the console. |
wrapper.logfile | Specifies the file used to store the log. |
wrapper.logfile.format | Specifies how the logging information sent to the log file is formated. |
wrapper.console.loglevel | Specifies the logging level sent to the log file. |
wrapper.console.maxsize | Specifies the maximum size, in bytes, that the log file can grow to before the log is archived. The default value of 0 disables log rolling. |
wrapper.console.maxfiles | Specifies the maximum number of archived log files which will be allowed before old files are deleted. The default value of 0 implies no limit. |
wrapper.syslog.loglevel | Specifies the logging level for the sys/event log output. |
6.4. Installing and Starting the Service
Overview
Windows
InstallDir\bin\ServiceName-service.bat install
. If you used the default start setting, the service will start when Windows is launched. If you specified DEMAND_START
, you will need to start the service manually.
net start "ServiceName"
. You can also use the Windows service UI.
net stop "ServiceName"
You can also use the Windows service UI.
InstallDir\bin\ServiceName-service.bat remove
.
Redhat Linux
#
ln -s InstallDir/bin/ServiceName-service /etc/init.d/
#
chkconfig ServiceName-service --add
#
chkconfig ServiceName-service on
service ServiceName-service start
.
service ServiceName-service stop
.
#
service ServiceName-service stop
#
chkconfig ServiceName-service --del
#
rm /etc/init.d/ServiceName-service
Ubuntu Linux
#
ln -s InstallDir/bin/ServiceName-service /etc/init.d/
#
update-rc.d ServiceName-service defaults
/etc/init.d/ServiceName-service start
.
/etc/init.d/ServiceName-service stop
.
#
/etc/init.d/ServiceName-service stop
#
rm /etc/init.d/ServiceName-service
Chapter 7. Starting a Broker
Abstract
Overview
- console mode—the broker starts up as a foreground process and presents the user with a command shell
- daemon mode—the broker starts up as a background process that can be manged using a remote console or the provided command line tools
InstallDir/etc/activemq.xml
configuration file. The configuration uses values loaded from the InstallDir/etc/system.properties
file and the InstallDir/etc/org.fusesource.mq.fabric.server-default.cfg
file.
Starting in console mode
Table 7.1. Start up Commands for Console Mode
Windows | bin\amq.bat |
Unix | bin/amq |
Example 7.1. Broker Console
______ ___ ___ _____ | ___| | \/ || _ | | |_ _ _ ___ ___ | . . || | | | | _|| | | |/ __| / _ \ | |\/| || | | | | | | |_| |\__ \| __/ | | | |\ \/' / \_| \__,_||___/ \___| \_| |_/ \_/\_\ Fuse MQ (7.0.0.fuse-036) http://fusesource.org/mq/ Hit '<tab>' for a list of available commands and '[cmd] --help' for help on a specific command. Hit '<ctrl-d>' or 'osgi:shutdown' to shutdown Fuse MQ.
JBossA-MQ:karaf@root>
Starting in daemon mode
Table 7.2. Start up Commands for Daemon Mode
Windows | bin\start.bat |
Unix | bin/start |
Starting a broker in a fabric
- using the console of one of the other broker's in the fabricIf one of the brokers in the fabric is running in console mode you an use the fabric:container-start command to start any of the other brokers in the fabric. The command requires that you supply the container name used when creating the broker in the fabric. For example to start a broker named
fabric-broker3
you woul duse the command shown in Example 7.2, “Starting a Broker in a Fabric”.Example 7.2. Starting a Broker in a Fabric
JBossA-MQ:karaf@root>
fabric:container-start fabric-broker3
- using the administration client of one of the broker's in the fabricIf none of the brokers are running in console mode, you can use the administration client on one of the brokers to execute the fabric:container-start command. The administration client is run using the client command in Red Hat JBoss A-MQ's
bin
folder. Example 7.3, “Starting a Broker in a Fabric with the Administration Client” shows how to use the remote client to start remote broker in the fabric.Example 7.3. Starting a Broker in a Fabric with the Administration Client
bin/client fabric:container-start fabric-broker3
- using the management consoleThe management console can start and stop any of the brokers in the fabric it manages from a Web based console.For more information see Using the Management Console.
Chapter 8. Sending Commands to the Broker
Abstract
Overview
- the JBoss A-MQ administration client that can be used to send any of the console commands to a broker running in daemon mode
- a broker running in console mode can connect to a remote broker and be used to manage the remote broker
- Red Hat JBoss A-MQ includes a vanilla Apache Karaf shell that can connect to a remote broker and be used to manage the remote broker
Running the administration client
InstallDir/bin
. Example 8.1, “Client Command” shows the syntax for the command.
Example 8.1. Client Command
client
[
--help
] [
-a port
] [
-h host
] [
-u user
] [
-p password
] [
-v
] [
-r attempts
] [
-d delay
] [
commands
]
Table 8.1. Administration Client Arguments
Argument | Description |
---|---|
--help | Displays the help message. |
-a | Specifies the remote host's port. |
-h | Specify the remote host's name. |
-u | Specifies user name used to log into the broker. |
-p | Specifies the password used to log into the broker. |
-v | Use verbose output. |
-r | Specifies the maximum number of attempts to establish a connection. |
-d | Specifies, in seconds, the delay between retries. The default is 2 seconds. |
commands | Specifies one or more commands to run. If no commands are specified, the client enters an interactive mode. |
Using the broker console
- console help—list all of the commands along with a brief summary of the commands function
- command help—a detailed description of a command and its arguments
Example 8.2. Console Help
JBossA-MQ:karaf@root>
help
COMMANDS activemq:browse activemq:bstat activemq:list activemq:purge activemq:query admin:change-opts Changes the Java options of an existing container instance. admin:change-rmi-registry-port Changes the RMI registry port (used by management layer) of an existing container instance.
...JBossA-MQ:karaf@root>
--help
option. As shown in Example 8.3, “Help for a Command”, entering admin:start --help
displays the help for that command.
Example 8.3. Help for a Command
JBossA-MQ:karaf@root>
admin:start --help
DESCRIPTION admin:start Starts an existing container instance. SYNTAX admin:start [options] name ARGUMENTS name The name of the container instance OPTIONS --help Display this help message -o, --java-opts Java options when launching the instance
JBossA-MQ:karaf@root>
Connecting a console to a remote broker
-p
flag. You can also specify a command to be executed by the remote console connection. If you do not specify a command, you are presented with a prompt that will pass commands to the remote broker's console.
Starting a basic console
Available commands
Chapter 9. Deploying a New Broker
Abstract
- as a collection of standalone brokers
- a fabric of brokers
9.1. Deploying a Standalone Broker
Abstract
Overview
Procedure
- Install JBoss A-MQ onto the target system as described in the Installation Guide.
- Modify the new installation's configuration for your environment as described in Chapter 2, Editing a Broker's Configuration.
More information
- Using Networks of Brokers
- Fault Tolerant Messaging
9.2. Deploying a New Broker into a Fabric
Abstract
Overview
- allowing you to do them from a remote location
- providing tools that assist in automatically configuring fail over clusters, networks of brokers, and master/slave clusters.
- allowing you to reuse parts of existing profiles to ensure consistency
- providing tooling to do rolling updates
- providing tooling to roll back changes when needed
Procedure
- Create a template JBoss A-MQ XML configuration file in a location that is accessible to the container.
- In the command console, use the fabric:import command to upload the your XML configuration template to the Fabric Ensemble as shown in Example 9.1, “Uploading a Template to a Fabric Ensemble”.
Example 9.1. Uploading a Template to a Fabric Ensemble
JBossA-MQ:karaf@root>
fabric:import -t /fabric/configs/versions/version/profiles/mq-base/configFile configFile
version must match the version of the new profile you will create for the new broker. - Use the fabric:mq-create command to create a profile for the new broker and assign it to a container.
- To deploy the new broker into an existing container use the command shown in Example 9.2, “Creating a New Broker in an Existing Container”
Example 9.2. Creating a New Broker in an Existing Container
JBossA-MQ:karaf@root>
fabric:mq-create --assign-container containerName --config configFile profileName
This will create a new broker profile that inherits from themq-base
profile, but uses your XML configuration template, and deploy it to the specified container. - To deploy the new broker into an new container use the command shown in Example 9.3, “Creating a New Broker in a New Container”
Example 9.3. Creating a New Broker in a New Container
JBossA-MQ:karaf@root>
fabric:mq-create --create-container containerName --config configFile profileName
This will create a new broker profile that inherits from themq-base
profile, but uses your XML configuration template, create a new container named containerName, and deploy the broker profile to it.NoteThe new container will be a child of the container from which you execute the fabric:mq-create command.
You can add network configuration settings to the profile as well. - Use the fabric:profile-edit command shown in Example 9.4, “Editing a Broker Profile” to set the required properties.
Example 9.4. Editing a Broker Profile
JBossA-MQ:karaf@root>
fabric:profile-edit --pid org.fusesource.mq.fabric.server-profileName/property=value profileName
The properties that need to be set will depend on the properties you specified using property place holders in the template XML configuration and the broker's network settings.
More information
- Using Networks of Brokers
- Fault Tolerant Messaging
Chapter 10. Shutting Down a Broker
Abstract
10.1. Shutting Down a Local Broker
Abstract
Overview
Stopping the broker from console mode
Example 10.1. Using the Console's Shutdown Command
JBossA-MQ:karaf@root>
shutdown -f
JBossA-MQ:karaf@root>
logout [Process completed]
Stopping a broker running in daemon mode
bin
folder.
10.2. Shutting Down a Broker Remotely
Abstract
Overview
- using the stop command—the stop command does not require starting an instance of the broker
- using a remote console connection—a broker's console can be used to remotely shutdown a broker on another machine
- using a fabric member's console—brokers that are part of a fabric can stop members of their fabric
- using the management console—brokers that are part of a fabric can be stopped using a management console connected to their fabricFor more information see Using the Management Console.
Using the stop command
InstallDir/bin
directory. The commands syntax is shown in Example 10.2, “Stop Command Syntax”.
Example 10.2. Stop Command Syntax
stop
[
-a port
] {
-h hostname
} {
-u username
} {
-p password
}
-a port
- Specifies the SSH port of the remote instance. The default is 8101.
-h hostname
- Specifies the hostname of the machine on which the remote instance is running.
-u username
- Specifies the username used to connect to the remote broker.NoteThe default username for a broker is
karaf
. -p password
- Specifies the password used to connect to the remote broker.NoteThe default password for a broker is
karaf
.
NEBrokerHost2
.
Example 10.3. Stopping a Remote Broker
bin/stop -u karaf -p karaf -h NEBrokerHost2
Using a remote console
NWBrokerHost
.
Example 10.4. Shutting Down a Broker using a Remote Console Connection
JBossA-MQ:karaf@root>
ssh -l karaf -P karaf NWBrokerHost
_ ____ __ __ ____ | | _ \ /\ | \/ |/ __ \ | | |_) | ___ ___ ___ / \ ______| \ / | | | | _ | | _ < / _ \/ __/ __| / /\ \______| |\/| | | | | | |__| | |_) | (_) \__ \__ \ / ____ \ | | | | |__| | \____/|____/ \___/|___/___/ /_/ \_\ |_| |_|\___\_\ JBoss A-MQ (6.0.0.redhat-012) http://www.redhat.com/products/jbossenterprisemiddleware/amq/ Hit '<tab>' for a list of available commands and '[cmd] --help' for help on a specific command. Hit '<ctrl-d>' or 'osgi:shutdown' to shutdown JBoss A-MQ.
JBossA-MQ:karaf@root>
osgi:shutdown
Confirm: shutdown instance root (yes/no):
yes
JBossA-MQ:karaf@root>
JBossA-MQ:karaf@root>
Shutting down remote brokers in a fabric
fabric-broker3
.
Example 10.5. Shutting Down a Broker in a Fabric
./bin/client fabric-broker3 fabric:container-stop
Chapter 11. Connecting a Broker to a Fabric
Abstract
- join an existing fabricThis option is useful if you have an existing fabric and simply want to add the broker to it. You can add the broker as a fully managed container in which the broker's existing configuration is wiped out and replaced with a profile from the fabric's repository. You can also add the broker as an unmanaged container that retains all of its configuration, but can be discovered through the fabric's ensemble.NoteThis option can also be used to move a broker from one fabric to another.
- create a new fabricThis option converts the standalone broker into a Fabric Server. You will then need to either add a new broker to the fabric, or assign a broker profile to the server.
11.1. Joining a Broker to a Fabric
- A managed container is a full member of the fabric and is managed by a Fabric Agent. The agent configures the container based on information provided by the fabric's ensemble. The ensemble knows which profiles are associated with the container and the agent determines what to install based on the contents of the profiles.
- A non-managed container is not managed by a Fabric Agent. It's configuration remains intact after it joins the fabric and is controlled as if the broker were a standalone broker. Joining the fabric in this manner registers the broker with the fabric's ensemble and allows clients to locate the broker using the fabric's discovery mechanism.
11.1.1. Joining a Fabric as a Managed Container
Overview
fabric
profile. To start up as broker, you need to ensure that the fabric has a profile with the proper configuration and associate it with the container. The fabric:join command's -p
argument allows you to specify a profile to install into the container once the agent is installed.
Becoming a managed container
- The broker installs the required Fuse Fabric bundles to interact with the fabric's ensemble.
- The broker contacts the specified Fabric Server and initiates the joining process.
- The Fabric Server registers the container with the fabric's ensemble.This adds the container's information to the fabric's registry using the container name as the key. Because the container is a managed container, the registry creates an empty entry for the container and only includes the information it needs to manage the container.WarningIf the container being added to the fabric has the same name as a container already registered with the fabric, both containers will be reset and will always share the same configuration.
- The Fabric Server, as a delegate of the fabric's ensemble, takes control of the container.This process clears the container and resets its configuration to a default state.
- The ensemble installs the
fabric
profile into the container.This loads the Fabric Agent into the container to facilitate the management of the container. - If the
-p
argument is passed the fabric:join, the container's agent installs the artifacts and configuration settings from the specified profile. - The container sits empty and ready for you to associate one or more profiles with it.
- The agent monitors the container and the ensemble for changes.If the state of the container changes, the agent updates the ensemble's registry entry. If the ensemble has updates for the container, such as a new profile being associated with the container or a change to one of the profiles already associated with the container, the agent updates the container.
Remaining a message broker
mq
profile that loads a default message broker. You can also create a new profile for your brokers as described in Section 2.4, “Editing a Broker's Configuration in a Fabric”.
-p
flag. The specified profile will be assigned to the container as soon as the agent is installed. If you would rather do it in two steps, you can assign the profile using the fabric:container-change-profile command or the management console.
Procedure
- Create a profile for your broker.For details on creating a broker profile see Section 2.4, “Editing a Broker's Configuration in a Fabric”.
- Get the URL for one of the Fabric Servers in the existing fabric.The URL of a Server has the following format:
HostName:IPPort
For example, given a fabric registry agent running on the host,myhost
, the URL would bemyhost:2181
. The IP port, 2181, is the default IP port used by a Fabric Server and is usually the correct value to use. If you are in any doubt about which URL to use you can discover the URLs of the Fabric Servers as follows:- Connect to the command console of one of the containers in the fabric.
- Enter the following sequence of console commands:
JBossA-MQ:karaf@root>
config:edit io.fabric8.zookeeper
JBossA-MQ:karaf@root>
config:proplist
service.pid = io.fabric8.zookeeper zookeeper.url = myhostA:2181,myhostB:2181,myhostC:2181,myhostC:2182,myhostC:2183 fabric.zookeeper.pid = io.fabric8.zookeeper
JBossA-MQ:karaf@root>
config:cancel
Thezookeeper.url
property holds a comma-separated list of Fabric Server URLs. You can use any one of these URLs to join the fabric.
- Connect to the standalone broker's command console.
- Enter the following command:
JBossA-MQ:karaf@root>
fabric:join -p brokerProfile fabricURL brokerName
You need to provide values for:
11.1.2. Joining a Fabric as a Non-Managed Container
Overview
Becoming a non-managed container
- The broker installs the required Fuse Fabric bundles to interact with the fabric's ensemble.
- The broker contacts the specified Fabric Server and initiates the joining process.
- The Fabric Server registers the container with the fabric's ensemble.This adds the broker's information to the fabric's registry using the broker's name as the key. Because the broker is non-managed, the registry creates an entry containing information for all the message destinations hosted by the broker.WarningIf the container being added to the fabric has the same name as a container already registered with the fabric, both containers will be reset and will always share the same configuration.
- The agent monitors the broker and updates the updates the ensemble's registry entry as needed.
Procedure
- Get the URL for one of the Fabric Servers in the existing fabric.The URL of a Server has the following format:
HostName:IPPort
For example, given a fabric registry agent running on the host,myhost
, the URL would bemyhost:2181
. The IP port, 2181, is the default IP port used by a Fabric Server and is usually the correct value to use. If you are in any doubt about which URL to use you can discover the URLs of the Fabric Servers as follows:- Connect to the command console of one of the containers in the fabric.
- Enter the following sequence of console commands:
JBossA-MQ:karaf@root>
config:edit io.fabric8.zookeeper
JBossA-MQ:karaf@root>
config:proplist
service.pid = io.fabric8.zookeeper zookeeper.url = myhostA:2181,myhostB:2181,myhostC:2181,myhostC:2182,myhostC:2183 fabric.zookeeper.pid = io.fabric8.zookeeper
JBossA-MQ:karaf@root>
config:cancel
Thezookeeper.url
property holds a comma-separated list of Fabric Server URLs. You can use any one of these URLs to join the fabric.
- Connect to the standalone broker's command console.
- Enter the following command:
JBossA-MQ:karaf@root>
fabric:join -n fabricURL brokerName
You need to provide values for:-n
—specifies that the broker will not be managed by the fabric- fabricURL—the Fabric Server URL you obtained in Step 1
- brokerName—the name the broker will use to register with the fabricImportantThe name should be unique among the containers in the fabric.
11.2. Creating a New Fabric
Overview
- The recommended approach is to create the fabric such that the broker is converted into a managed Fabric Server. The container will revert to being a vanilla broker, so you will need to either create a new broker with the desired configuration or deploy an updated broker profile into the Fabric Server.Ensuring that the new broker is configured properly requires creating a broker profile with the proper settings. This can be done once the new fabric is created using the fabric:mq-create command. The fabric:mq-create command can also create the new broker.
- The alternative approach is to create the fabric such that the broker becomes a non-managed Fabric Server. The broker becomes a Fabric Server that is fully capable of being part of a fabric's ensemble. However, the broker retains control over its own configuration. It will continue to be managed as if it were a standalone broker and will not respond to fabric commands that attempt to alter its configuration.
Becoming a new fabric
- The broker installs the required Fuse Fabric bundles to become a Fabric Server.
- The Fabric Server starts up the ensemble process.
- A new ensemble containing an empty configuration registry and a runtime registry with a single entry for the Fabric Server is created.
- The Fabric Server delegates control over its configuration to the ensemble.NoteIf the fabric is created with a non-managed server, this step is skipped.
- The ensemble associates the profiles required to be a Fabric Server with the container.
- Unless the
--no-import
flag is used, the ensemble imports a set of profiles.- If the
--import-dir
flag is used, the profiles are imported from the specified location. - If no location is specified the default set of profiles is imported from
InstallDir/fabric/import
.
- The ensemble installs the default
mq
profile to the container.This starts a default broker instance in the container.NoteIf the fabric is created with a non-managed server, this step is skipped. - The ensemble waits for commands to update the fabric.
Procedure
- Delete the standalone broker configuration(s) from your installation's
/etc
folder.The configuration is stored in/etc/org.fusesource.mq.fabric.server-configName.cfg
. - Connect to the standalone broker's command console.
- Remove any brokers running in the container.
- Use config:list to locate any PIDs using the form
org.fusesource.mq.fabric.server.ID
. - Use config:delete to delete all of the PIDs using the form
org.fusesource.mq.fabric.server.ID
.
- Enter the following command:
JBossA-MQ:karaf@root>
fabric:create
NoteIf you want to import a predefined set of profiles, use the-p import-dir
option to specify the set of profiles to import. - Add a new broker to the fabric as described in Section 9.2, “Deploying a New Broker into a Fabric”.
Chapter 12. Adding Client Connection Points
Abstract
- a
transportConnector
element in the XML configuration template that provides the details for the connection point - an entry in the broker's
org.fusesource.mq.fabric.server.id
PID's connectors property to activate the connection point
transportConnector
element provides all of the details needed to create the connection point. This includes the type of transport being used, the host and port for the connection, and any transport properties needed. The connectors property is a space delimited list that specifies which transport connectors to activate.
12.1. Adding a Transport Connector to a Standalone Broker
Adding a transport connector definition
- Open the broker's configuration template for editing.
- Locate the
transportConnectors
element. - Add a
transportConnector
element as a child of thetransportConnectors
element. - Add a
name
attribute to the newtransportConnector
element.Thename
attribute specifies a unique identifier for the transport connector. It is used in the connectors property to identify the transport to be activated. - Add a
uri
attribute to the newtransportConnector
element.Theuri
attribute specifies the connection details used to instantiate the connector. Clients will use a similar URI to access the broker using this connector. For a complete list of the URIs see the Connection Reference. - Save the changes to the configuration template.
Activating a connector
- Connect to the broker using a command console.
- Open the broker's
org.fusesource.mq.fabric.server.id
PID for editing using the config:editcommand.JBossAMQ:karaf>
config:edit org.fusesource.mq.fabric.server.098765NoteYou can use the config:list command to find the id for the broker. - Verify the value of the connectors property using the config:proplist command.
JBossAMQ:karaf>
config:proplist connector - Change the value of the connectors property using the config:propset command.
JBossAMQ:karaf>
config:propset connector "connector1 connector2..."connector1 specifies the name of a transport to activate. The value corresponds the value of thetransportConnector
element'sname
attribute. - Save the changes using the config:update command.
JBossAMQ:karaf>
config:update
12.2. Adding a Transport Connector to a Fabric Broker
Adding a transport connector definition
- Create a configuration template.
- Locate the
transportConnectors
element. - Add a
transportConnector
element as a child of thetransportConnectors
element. - Add a
name
attribute to the newtransportConnector
element.Thename
attribute specifies a unique identifier for the transport connector. It is used in the connectors property to identify the transport to be activated. - Add a
uri
attribute to the newtransportConnector
element.Theuri
attribute specifies the connection details used to instantiate the connector. Clients will use a similar URI to access the broker using this connector. For a complete list of the URIs see the Connection Reference. - Save the changes to the configuration template.
- In the command console, use the fabric:import command to upload the your XML configuration template to the Fabric Ensemble.
JBossAMQ:karaf>
fabric:import -t /fabric/configs/versions/version/profiles/mq-base/configFile configFile
version must match the version of the new profile. - Use the fabric:mq-create command to create a new profile.
JBossAMQ:karaf>
fabric:mq-create --config configFile profileName
This will create a new broker profile that inherits from themq-base
profile, but uses your XML configuration template.
Activating a connector
- Connect to the broker using a command console.
- Verify the value of the connectors property for the desired profile using the fabric:profile-display command.
JBossAMQ:karaf>
fabric:profile-display profileName - Change the value of the connectors property using the fabric:profile-edit command's
-p
option.JBossAMQ:karaf>
fabric:profile-edit -p org.fusesource.mq.fabric.server-profileName/connectors="connector1 connector2..." profileNameconnector1 specifies the name of a transport to activate. The value corresponds the value of thetransportConnector
element'sname
attribute. - Deploy the new profile to one or more brokers in the fabric to test the changes.
JBossAMQ:karaf>
fabric:container-add-profile broker profileName
Chapter 13. Adding a Queue or a Topic
Abstract
Automatic destination creation
Restricting destination creation
admin
role and not granting it to certain user groups, you can ensure that those user groups are unable to create new destinations on the fly.
admin
role vary, depending on which authorization plug-in the broker uses. For full details about how to configure broker authorization, please consult the Authorization chapter of the JBoss A-MQ Security Guide.
Chapter 14. Using Logging
Abstract
- Apache Log4j
- Apache Commons Logging
- SLF4J
- Java Util Logging
14.1. Logging Configuration
Abstract
Overview
etc/system.properties
—the configuration file that sets the logging level during the broker’s boot process. The file contains a single property, org.ops4j.pax.logging.DefaultServiceLog.level, that is set toERROR
by default.org.ops4j.pax.logging
—the PID used to configure the logging back end service. It sets the logging levels for all of the defined loggers and defines the appenders used to generate log output. It uses standard Log4j configuration. By default, it sets the root logger's level toINFO
and defines two appenders: one for the console and one for the log file.NoteThe console's appender is disabled by default. To enable it, addlog4j.appender.stdout.append=true
to the configuration For example, to enable the console appender in a broker, you would use the following commands:JBossA-MQ:karaf@root>
config:edit org.ops4j.pax.logging
JBossA-MQ:karaf@root>
config:propappend log4j.appender.stdout.append true
JBossA-MQ:karaf@root>
config:update
org.apache.karaf.log.cfg
—configures the output of the log console commands.
Changing the log levels
org.ops4j.pax.logging
PID's log4j.rootLogger
property so that the logging level is one of the following:
TRACE
DEBUG
INFO
WARN
ERROR
FATAL
NONE
Example 14.1. Changing Logging Levels
JBossA-MQ:karaf@root>
config:edit org.ops4j.pax.logging
JBossA-MQ:karaf@root>
config:propset log4j.rootLogger "DEBUG, out, osgi:VmLogAppender"
JBossA-MQ:karaf@root>
config:update
Changing the appenders' thresholds
log4j.appender.appenderName.threshold
property that controls what level of messages are written to the appender. The appender threshold values are the same as the log level values.
DEBUG
but limiting the information displayed on the console to WARN
.
Example 14.2. Changing the Log Information Displayed on the Console
JBossA-MQ:karaf@root>
config:edit org.ops4j.pax.logging
JBossA-MQ:karaf@root>
config:propset log4j.rootLogger "DEBUG, out, osgi:VmLogAppender"
JBossA-MQ:karaf@root>
config:propappend log4j.appender.stdout.threshold WARN
JBossA-MQ:karaf@root>
config:update
14.2. Viewing the Log
Abstract
Overview
- using a text editor
- using the broker's, or a remote broker's, console
- using the administration client
Viewing the log in a text editor
InstallDir/data/log
. The main log file is karaf.log
. If archiving is turned on, there may be archived log files also stored in the logging directory.
- the time of the entry
- the log level of the entry
- the thread that generated the entry
- the bundle that generated the entry
- an informational message about the cause of the entry
Viewing the log with the console
- log:display—displays the most recent log entriesBy default, the number of entries returned and the pattern of the output depends on the size and pattern properties in the
org.apache.karaf.log.cfg
file. You can override these using the-p
and-d
arguments. - log:display-exception—displays the most recently logged exception
- log:tail—continuously display log entries
Viewing the log with the administration client
client log:display
into a system terminal will display the most recent log entries for the local broker.
Chapter 15. Using JMX
Abstract
15.1. Configuring JMX
Abstract
Overview
Enabling and disabling
broker
element's useJmx
attribute to false
. This will stop the broker from exposing itself via JMX.
Securing access to JMX
jmxRole
property to the etc/org.apache.karaf.management.cfg
file.
Advanced configuration
managementContext
child element to the broker's broker
element. The managementContext
element uses a managementContext
child to configure the broker. The attributes of the inner managementContext
element specify the broker's JMX configuration.
Table 15.1. Broker JMX Configuration Properties
Property | Default Value | Description |
---|---|---|
useMBeanServer | true | Specifies whether the broker will use the MBean server created by the JVM. When set to false , the broker will create an MBean server. |
jmxDomainName | org.apache.activemq | Specifies the JMX domain used by the broker's MBeans. |
createMBeanServer | true | Specifies whether the broker creates an MBean server if none is found. |
createConnector | true [a] | Specifies whether the broker creates a JMX connector for the MBean server. If this is set to false the broker will only be accessible using the JMX connector created by the JVM. |
connectorPort | 1099 | Specifies the port number used by the JMX connector created by the broker. |
connectorHost | localhost | Specifies the host used by the JMX connector and the RMI server. |
rmiServerPort | 0 | Specifies the RMI server port. This setting is useful if port usage needs to be restricted behind a firewall. |
connectorPath | /jmxrmi | Specifies the path under which the JMX connector will be registered. |
[a]
The default configuration template for the broker sets this property to false so that the broker uses the container's JMX connection.
|
Example 15.1. Configuring a Broker's JMX Connection
<broker ... > ... <managementContext> <managementContext createMBeanServer="false" createConnector="false" /> </managementContext> ... </broker>
15.2. Statistics Collected by JMX
Broker statistics
Table 15.2. Broker JMX Statistics
Destination statistics
Table 15.3. Destination JMX Statistics
Subscription statistics
Table 15.4. Connection JMX Statistics
15.3. Managing the Broker with JMX
Abstract
Overview
Broker actions
Table 15.5. Broker MBean Operations
Connector actions
Table 15.6. Connector MBean Operations
Network connector actions
Table 15.7. Network Connector MBean Operations
Queue actions
Table 15.8. Queue MBean Operations
Topic actions
Table 15.9. Topic MBean Operations
Subscription actions
Table 15.10. Subscription MBean Operations
Chapter 16. Applying Patches
Abstract
.patch
file that lists the contained artifacts. The artifacts are typically one or more bundles. They can, however, include configuration files and feature descriptors.
- Customer Support sends you a patch.
- Customer Support sends you a link to download a patch.
- Download a patch directly from the Red Hat customer portal.
- standalone—the broker's command console's patch shell has commands for managing the patching process
- fabric—patching a fabric requires applying the patch to a profile and then applying the profile to a broker. The management console is the recommended way to patch brokers in a fabric. See Using the Management Console for more information.
16.1. Finding the Right Patches to Apply
Abstract
Locate the patches on the customer portal
- Login to the Red Hat Customer Portal using your customer account. This account must be associated with an appropriate Red Hat software subscription, otherwise you will not be able to see the patch downloads for JBoss A-MQ.
- Navigate to the customer portal Software Downloads page.
- In the Product dropdown menu, select the appropriate product (for example, A-MQ or Fuse), and then select the version, 6.1.0, from the Version dropdown menu. A table of downloads now appears, which has three tabs: Releases, Patches, and Security Advisories.NoteMake sure you select the right GA version for your product. A micro version release (for example, 6.1.1) is not the same thing as a patched release.
- Click the Patches tab to view the regular patches (with no security-related fixes).
- Click the Security Advisories tab to view the patches with security-related fixes.
Types of patch
- Patches with GA baseline (for example, Patch 1, Patch 2, Patch 3, and so on)
- Rollup patches (for example, Rollup 1, Rollup 2, and so on)
- Patches with rollup baseline (for example, Rollup 1 Patch1, Rollup1 Patch2, and so on)
Patches with GA baseline
Rollup patches
Patches with rollup baseline
Which patches are needed to update the GA product to the latest patch level?
- If the only patches released so far are patches with GA baseline (Patch 1, Patch 2, and so on), apply the latest of these patches directly to the GA product.
- If a rollup patch has been released and no patches have been released after the latest rollup patch, simply apply the latest rollup patch to the GA product.
- If the latest patch is a patch with a rollup baseline, you must apply two patches to the GA product, as follows:
- Apply the latest rollup patch, and then
- Apply the latest patch with a rollup baseline.
Which patches to apply, if you only want to install regression-tested patches?
Example of identifying patches to apply
Patches available under the Patches tab
Figure 16.1. Patches Tab
Patches available under the Security Advisories tab
Figure 16.2. Security Advisories Tab
Complete list of available patches
- Red Hat JBoss Fuse 6.1.0 Patch 1
- Red Hat JBoss Fuse 6.1.0 Patch 2
- Red Hat JBoss Fuse/A-MQ 6.1 Rollup 1
- Red Hat JBoss Fuse/A-MQ 6.1 Rollup 1 Patch 1
- Red Hat JBoss Fuse/A-MQ 6.1 Rollup 1 Patch 2
Patches you would apply to update to the latest patch level
- Red Hat JBoss Fuse/A-MQ 6.1 Rollup 1
- Red Hat JBoss Fuse/A-MQ 6.1 Rollup 1 Patch 2
16.2. Patching a Standalone Container
Abstract
Overview
system
folder. When the patch is applied, the container's configuration is changed so that it points to the patched artifacts instead of the artifacts from the original installation. This makes it easy for the system to be restored to its original state or to selectively back out patches.
Applying a patch
- Add the patch to the container's environment using the patch:add command.Example 16.1, “Adding a Patch to a Broker's Environment” shows the command for adding the patch contained in the patch file
patch.zip
from the local file system.Example 16.1. Adding a Patch to a Broker's Environment
JBoss A-MQ>
patch:add file://patch.zip
This command copies the specified patch file to the container'ssystem
folder and unpacks it. - Simulate installing the patch using the patch:simulate command.This will generate a log of the changes that will be made to the container when the patch is installed, but will not make any actual changes to the container.NoteThe patch:list command displays a list of all patches added to the container's
system
folder. - Review the simulation log to understand the changes that will be made to the container.
- Apply the patch to the container using the patch:install command.WarningRunning patch:install before the container is fully started and all of the bundles are active will cause the container to hang.NoteThe patch:list command displays a list of all patches added to the container's
system
folder. - Shut down the container that you just applied the patch to.
- The extracted patch archive contains the
manual_steps
directory. Copy the content of themanual_steps/
directory to the appropriate directory (xyz
bin
,etc
,lib
) in the JBoss A-MQ 6.1 installation directory. Copy the content in themanual_steps/fabric-system-updates/system
directory to thesystem
directory in the JBoss A-MQ installation directory. This is the system repository that contains some patched artifacts. - Start the container. If you are using a remote console, you will lose the connection to the container. If you are using the container's local console, it will automatically reconnect when the container restarts.
Rolling back a patch
Example 16.2. Rolling Back a Patch
JBoss A-MQ> patch:rollback patch1
system
folder.
Adding features to a patched container
16.3. Patching Standalone Apache ActiveMQ
Abstract
InstallDir/extras
directory. Patching the standalone Apache ActiveMQ is a manual process, requiring you to copy some library files.
Patch files
Apache ActiveMQ install directory
extras/apache-activemq-5.9.0.redhat-610379.zip
file and installed standalone Apache ActiveMQ into the ApacheActiveMQInstall
directory.
How to apply a patch to standalone Apache ActiveMQ
- After determining which patches to apply, download the relevant patches from the Customer Portal, as described in Section 16.1, “Finding the Right Patches to Apply”.
- Stop the ActiveMQ broker, if it is running.
- Make a backup copy of the original standalone Apache ActiveMQ
lib
directory,ApacheActiveMQInstall/lib
- Starting with the first patch file, use an archive utility to open the downloaded patch (
.zip
) file, and extract the patch to a convenient temporary location,ExtractedPatch
. - The patched library files for the standalone Apache ActiveMQ instance are located in the following subdirectory of the patch:
ExtractedPatch/apache-activemq-5.9.0.redhat-610379/lib
Copy the complete contents of this directory to the standalone Apache ActiveMQlib
directory,ApacheActiveMQInstall/lib
. - Delete the older versions of the patched library files in
ApacheActiveMQInstall/lib
. Only one version of each library should be present in the lib directory, and it should be the patched version.For example, if you found two versions of theactivemq-broker
JAR file present in thelib
directory after copying the patch libraries:activemq-broker-5.9.0.redhat-610379.jar activemq-broker-5.9.0.redhat-611423.jar
You would delete the older version,activemq-broker-5.9.0.redhat-610379.jar
. - If you need to install a second patch on top of the first, repeat steps 4, 5, and 6, for the second patch.
- Restart the ActiveMQ broker.
16.4. Patching a Container in a Fabric
Abstract
Overview
Procedure
- Getting a patch file.
- Customer Support sends you a patch.
- Customer Support sends you a link to download a patch.
- You, or your organization, generate a patch file for an internally created application.
- Uploading one or more patch files to the fabric's Maven repository.
- Applying the patch(es) to a profile version.This creates a new profile version that points to the new versions of the patched bundles and repositories.
- Migrate one or two containers to the patched profile version to ensure that the patch does not introduce any new issues.
- After you are certain that the patch works, migrate the remaining containers in the fabric to the patched version.
Using the management console
Using the command console
- Create a new version, using the
fabric:version-create
command:JBossFuse:karaf@root> fabric:version-create 1.1 Created version: 1.1 as copy of: 1.0
ImportantThe version name must be a pure numeric string, such as1.1
,1.2
,2.1
, or2.2
. You cannot incorporate alphabetic characters in the version name (such as1.0.patch
). - Apply the patch to the new version, using the
fabric:patch-apply
command. For example, to apply theactivemq.zip
patch file to version1.1
:JBossFuse:karaf@root> fabric:patch-apply --version 1.1 file:///patches/activemq.zip
- Upgrade the container using the
fabric:container-upgrade
command, specifying which container you want to upgrade. For example, to upgrade theroot
container, enter the following command:JBossFuse:karaf@root> fabric:container-upgrade 1.1 root Upgraded container root from version 1.0 to 1.1
- You can check that the new patch profile has been created using the
fabric:profile-list
command, as follows:BossFuse:karaf@root> fabric:profile-list --version 1.1 | grep patch default 0 patch-activemq-patch patch-activemq-patch
Where we presume that the patch was applied to profile version 1.1.TipIf you want to avoid specifying the profile version (with--version
) every time you invoke a profile command, you can change the default profile version using thefabric:version-set-default Version
command.You can also check whether specific JARs are included in the patch, for example:JBossFuse:karaf@root> list | grep -i activemq [ 131] [Active ] [Created ] [ ] [ 50] activemq-osgi (5.9.0.redhat-61037X) [ 139] [Active ] [Created ] [ ] [ 50] activemq-karaf (5.9.0.redhat-61037X) [ 207] [Active ] [ ] [ ] [ 60] activemq-camel (5.9.0.redhat-61037X)
Appendix A. Required JARS
Overview
activemq-all.jar
file on the broker's CLASSPATH
. It contains all of the classes needed by a message broker. This is the default set up for a Red Hat JBoss A-MQ installation.
CLASSPATH
you can add the individual JARs. There are several JARs that are required. In addition, there are a few that are only needed when certain features are used.
Required JARs from Red Hat JBoss A-MQ
CLASSPATH
:
activemq-broker.jar
activemq-client.jar
activeio-core.jar
slf4j-api.jar
JEE JARs
- the
jee.jar
from Oracle - your JEE container's installation
- the Geronimo specs JARs:
geronimo-spec-jms.jar
geronimo-spec-jta.jar
geronimo-spec-j2ee-management.jar
Persistent messaging JARs
CLASSPATH
for the desired persistence store. The JAR names follow the pattern activemq-store-store
. The following message stores are included:
activemq-amq-store.jar
activemq-jdbc-store.jar
activemq-kahadb-store.jar
activemq-leveldb-store.jar
- For KahaDB you will need
kahadb.jar
. - For JDBC you will need the JARs for your database's JDBC driver.
Index
A
- Active, Subscription statistics
- activemq.xml, Editing the configuration template
- administration client
- running, Running the administration client
- amq, Starting in console mode
- Aries
- namespaces, Namespaces
- placeholder extension, Placeholder extension
- authentication, LDAP properties
- AverageEnqueueTime, Destination statistics
B
- BlockedProducerWarningInterval, Destination statistics
- broker
- addConnector, Broker actions
- addNetworkConnector, Broker actions
- addQueue, Broker actions
- addTopic, Broker actions
- createDurableSubscriber, Broker actions
- deploying
- fabric container, Procedure
- destroyDurableSubscriber, Broker actions
- disableStatistics, Broker actions
- enableStatistics, Broker actions
- gc, Broker actions
- reloadLog4jProperties, Broker actions
- removeConnector, Broker actions
- removeNetworkConnector, Broker actions
- removeQueue, Broker actions
- removeTopic, Broker actions
- resetStatistics, Broker actions
- start, Broker actions
- stop, Broker actions
- stopGracefully, Broker actions
- terminateJVM, Broker actions
- useJmx, Enabling and disabling
- BrokerId, Broker statistics
- BrokerName, Broker statistics
- BrokerVersion, Broker statistics
C
- client, Running the administration client
- command console
- getting help, Using the broker console
- remote access, Connecting a console to a remote broker
- config shell, Editing the OSGi properties
- config.properties, Overview
- configuration
- persistent identifier, OSGi PIDs
- PID, OSGi PIDs
- template, Configuration templates
- connection.password, LDAP properties
- connection.url, LDAP properties
- connection.username, LDAP properties
- connector
- connectionCount, Connector actions
- disableStatistics, Connector actions
- enableStatistics, Connector actions
- resetStatistics, Connector actions
- start, Connector actions
- stop, Connector actions
- connectorHost, Advanced configuration
- connectorPath, Advanced configuration
- connectorPort, Advanced configuration
- connectors, Activating a connector, Activating a connector
- console
- config shell, Editing the OSGi properties
- console mode
- starting, Starting in console mode
- stopping, Stopping the broker from console mode
- ConsumerCount, Destination statistics
- createConnector, Advanced configuration
- createMBeanServer, Advanced configuration
- CursorFull, Destination statistics
- CursorMemoryUsage, Destination statistics
- CursorPercentUsage, Destination statistics
D
- daemon mode
- starting, Starting in daemon mode
- stopping, Stopping a broker running in daemon mode
- DataDirectory, Broker statistics
- deploying
- standalone broker, Deploying a Standalone Broker
- DequeueCount, Destination statistics
- DequeueCounter, Subscription statistics
- DispatchCount, Destination statistics
- DispatchedCounter, Subscription statistics
- DispatchedQueueSize, Subscription statistics
E
- encryptor, Jasypt configuration
- EnqueueCount, Destination statistics
- EnqueueCounter, Subscription statistics
- ExpiredCount, Destination statistics
F
- fabric
- profiles, Profiles
- starting a broker, Starting a broker in a fabric
- stopping a broker, Shutting down remote brokers in a fabric
- versions, Profiles
- fabric shell, Procedure
- fabric:container-change-profile, Remaining a message broker
- fabric:container-connect, Connecting a console to a remote broker
- fabric:container-start, Starting a broker in a fabric
- fabric:container-stop, Shutting down remote brokers in a fabric
- fabric:container-upgrade, Using the command console
- fabric:create, Creating a New Fabric
- fabric:join, Joining a Broker to a Fabric
- fabric:mq-create, Procedure
- features:install, Installing the Jasypt features
I
- InFlightCount, Destination statistics
- initial.context.factory, LDAP properties
J
- JAAS
- configuration syntax, Configuring a JAAS realm
- converting to blueprint, Converting standard JAAS login properties to XML
- namespace, Namespace
- jaas:config, Configuring a JAAS realm
- jaas:module, Configuring a JAAS realm
- Jasypt
- configuration, Jasypt configuration
- libraries, Installing the Jasypt features
- namespaces, Namespaces
- jasypt-encryption, Installing the Jasypt features
- JBoss Operations Network, Tools
- jconsole, Tools
- JMX
- disabling, Enabling and disabling
- roles, Changing the JMX role, Securing access to JMX
- jmxDomainName, Advanced configuration
- joining a fabric
- managed container, Joining a Fabric as a Managed Container
- non-managed container, Joining a Fabric as a Non-Managed Container
K
- KARAF_BASE, Specifying the Red Hat JBoss A-MQ's environment
- KARAF_DATA, Specifying the Red Hat JBoss A-MQ's environment
- KARAF_HOME, Specifying the Red Hat JBoss A-MQ's environment
L
- LDAP
- authentication, LDAP properties
- configuration, LDAP properties
- connection.password, LDAP properties
- connection.url, LDAP properties
- connection.username, LDAP properties
- enabling, Enabling LDAP Authentication, Enabling LDAP Authentication
- initial.context.factory, LDAP properties
- properties, LDAP properties
- role.base.dn, LDAP properties
- role.filter, LDAP properties
- role.name.attribute, LDAP properties
- role.search.subtree, LDAP properties
- ssl, LDAP properties
- ssl.algorithm, LDAP properties
- ssl.keyalias, LDAP properties
- ssl.keystore, LDAP properties
- ssl.protocol, LDAP properties
- ssl.provider, LDAP properties
- ssl.truststore, LDAP properties
- user.base.dn, LDAP properties
- user.filter, LDAP properties
- user.search.subtree, LDAP properties
- LDAPLoginModule, Enabling LDAP Authentication, Enabling LDAP Authentication
- logging
- console commands, Viewing the log with the console, Viewing the log with the administration client
- viewing as text, Viewing the log in a text editor
- viewing in an editor, Viewing the log in a text editor
- viewing in the console, Viewing the log with the console
- viewing with the admin client, Viewing the log with the administration client
M
- managed container, Joining a Fabric as a Managed Container
- management console, Tools
- managementContext, Advanced configuration
- connectorHost, Advanced configuration
- connectorPath, Advanced configuration
- connectorPort, Advanced configuration
- createConnector, Advanced configuration
- createMBeanServer, Advanced configuration
- jmxDomainName, Advanced configuration
- rmiServerPort, Advanced configuration
- useMBeanServer, Advanced configuration
- MaxEnqueueTime, Destination statistics
- MaximumPendingMessageLimit, Subscription statistics
- MaxPageSize, Destination statistics
- MemoryLimit, Broker statistics, Destination statistics
- MemoryPercentageUsed, Broker statistics, Destination statistics
- MemoryUsagePortion, Destination statistics
- MessageCountAwaitingAcknowledge, Subscription statistics
- MinEnqueueTime, Destination statistics
- mq-create, Procedure
N
- namespaces
- Aries, Namespaces
- Jasypt, Namespaces
- network connector
- start, Network connector actions
- stop, Network connector actions
- non-managed container, Joining a Fabric as a Non-Managed Container
O
- org.apache.karaf.log, Overview
- org.fusesource.mq.fabric.server-*, Activating a connector
- org.fusesource.mq.fabric.server.*, Activating a connector
- org.ops4j.pax.logging, Overview
- org.ops4j.pax.logging.DefaultServiceLog.level, Overview
- osgi:shutdown, Using a remote console
P
- patch:add, Applying a patch
- patch:install, Applying a patch
- patch:list, Applying a patch, Rolling back a patch
- patch:rollback, Rolling back a patch
- patch:simulate, Applying a patch
- patching
- fabric
- command console, Using the command console
- management console, Using the management console
- standalone, Applying a patch
- rollback, Rolling back a patch
- PendingQueueSize, Subscription statistics
- persistent identifier, OSGi PIDs
- PID, OSGi PIDs
- PrefetchSize, Subscription statistics
- ProducerCount, Destination statistics
- profile
- creating, Procedure
- properties
- Apache Karaf placeholder extension, Jasypt configuration
- Aries placeholder extension, Placeholder extension
- encrypted, Encrypted properties
- LDAP, LDAP properties
- placeholder, Placeholders
- property-placeholder, Placeholder extension, Jasypt configuration
Q
- queue
- browse, Queue actions
- browseAsTable, Queue actions
- browseMessages, Queue actions
- copyMatchingMessagesTo, Queue actions
- copyMessageTo, Queue actions
- cursorSize, Queue actions
- doesCursorHaveMessagesBuffered, Queue actions
- doesCursorHaveSpace, Queue actions
- getMessage, Queue actions
- moveMatchingMessagesTo, Queue actions
- moveMessageTo, Queue actions
- purge, Queue actions
- removeMatchingMessages, Queue actions
- removeMessage, Queue actions
- resetStatistics, Queue actions
- retryMessage, Queue actions
- sendTextMessage, Queue actions
- QueueSize, Destination statistics
R
- remote console
- rmiServerPort, Advanced configuration
- role.base.dn, LDAP properties
- role.filter, LDAP properties
- role.name.attribute, LDAP properties
- role.search.subtree, LDAP properties
- roles
- default, Default role
- JMX, Changing the JMX role, Securing access to JMX
- LDAP configuration, LDAP properties
- remote console, Changing the remote console's role
- routine tasks, Routine tasks
S
- service wrapper
- classpath, Adding classpath entries
- JMX configuration, JMX configuration
- JVM properties, Passing parameters to the JVM
- logging, Configuring logging
- shell, Starting a basic console
- shutdown, Stopping the broker from console mode
- ssh:ssh, Connecting a console to a remote broker, Using a remote console
- ssl, LDAP properties
- ssl.algorithm, LDAP properties
- ssl.keyalias, LDAP properties
- ssl.keystore, LDAP properties
- ssl.protocol, LDAP properties
- ssl.provider, LDAP properties
- ssl.truststore, LDAP properties
- standalone broker
- configuration template, Editing the configuration template
- deploying, Deploying a Standalone Broker
- runtime configuration, Editing the OSGi properties
- start, Starting in daemon mode
- stop, Stopping a broker running in daemon mode
- StoreLimit, Broker statistics
- StorePercentageUsed, Broker statistics
- subscription
- browse, Subscription actions
- browseAsTable, Subscription actions
- cursorSize, Subscription actions
- destory, Subscription actions
- doesCursorHaveMessagesBuffered, Subscription actions
- doesCursorHaveSpace, Subscription actions
- isMatchingQueue, Subscription actions
- isMatchingTopic, Subscription actions
- system service
- Redhat, Redhat Linux
- Ubuntu, Ubuntu Linux
- Windows, Windows
T
- TempLimit, Broker statistics
- TempPercentageUsed, Broker statistics
- tooling, Tools
- topic
- browse, Topic actions
- browseAsTable, Topic actions
- browseMessages, Topic actions
- resetStatistics, Topic actions
- sendTextMessage, Topic actions
- TotalConsumerCount, Broker statistics
- TotalDequeueCount, Broker statistics
- TotalEnqueueCount, Broker statistics
- TotalMessageCount, Broker statistics
- TotalProducerCount, Broker statistics
- transportConnector, Adding a transport connector definition, Adding a transport connector definition
- transportConnectors, Adding a transport connector definition, Adding a transport connector definition
U
- useJmx, Enabling and disabling
- useMBeanServer, Advanced configuration
- user.base.dn, LDAP properties
- user.filter, LDAP properties
- user.search.subtree, LDAP properties
V
- VisualVM, Tools
Legal Notice
Trademark Disclaimer
Legal Notice
Third Party Acknowledgements
- JLine (http://jline.sourceforge.net) jline:jline:jar:1.0License: BSD (LICENSE.txt) - Copyright (c) 2002-2006, Marc Prud'hommeaux
mwp1@cornell.edu
All rights reserved.Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:- Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
- Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
- Neither the name of JLine nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - Stax2 API (http://woodstox.codehaus.org/StAX2) org.codehaus.woodstox:stax2-api:jar:3.1.1License: The BSD License (http://www.opensource.org/licenses/bsd-license.php)Copyright (c) <YEAR>, <OWNER> All rights reserved.Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
- Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
- Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - jibx-run - JiBX runtime (http://www.jibx.org/main-reactor/jibx-run) org.jibx:jibx-run:bundle:1.2.3License: BSD (http://jibx.sourceforge.net/jibx-license.html) Copyright (c) 2003-2010, Dennis M. Sosnoski.All rights reserved.Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
- Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
- Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
- Neither the name of JiBX nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - JavaAssist (http://www.jboss.org/javassist) org.jboss.javassist:com.springsource.javassist:jar:3.9.0.GA:compileLicense: MPL (http://www.mozilla.org/MPL/MPL-1.1.html)
- HAPI-OSGI-Base Module (http://hl7api.sourceforge.net/hapi-osgi-base/) ca.uhn.hapi:hapi-osgi-base:bundle:1.2License: Mozilla Public License 1.1 (http://www.mozilla.org/MPL/MPL-1.1.txt)