Difference between revisions of "JMS server: ActiveMQ"

Line 114: Line 114:
  
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
# INPUT
+
#### INPUT
$IPTABLES -A INPUT -p tcp -m state --state NEW --dport 5672 -j ACCEPT           # AMQP port
+
# messages
$IPTABLES -A INPUT -p tcp -m state --state NEW --dport 8161 -j ACCEPT           # HTTP web-console. Not required if you're using Apache2 proxy
+
$IPTABLES -A INPUT -p tcp -m state --state NEW --dport 5672 -j ACCEPT       # AMQP port
$IPTABLES -A INPUT -p tcp -m state --state NEW --dport 8162 -j ACCEPT           # HTTPs web-console. Not required if you're using Apache2 proxy
+
$IPTABLES -A INPUT -p tcp -m state --state NEW --dport 61616 -j ACCEPT    # JMS port
$IPTABLES -A INPUT -p tcp -m state --state NEW --dport 11099 -j ACCEPT           # JMX standalone port. Not required if you're using default JVM JMX connector on TCP 1616
+
 
$IPTABLES -A INPUT -p tcp -m state --state NEW --dport 61616 -j ACCEPT           # JMS port
+
# web monitoring
 +
#$IPTABLES -A INPUT -p tcp -m state --state NEW --dport 8161 -j ACCEPT     # HTTP web-console. Not required if you're using Apache2 proxy
 +
#$IPTABLES -A INPUT -p tcp -m state --state NEW --dport 8162 -j ACCEPT     # HTTPs web-console. Not required if you're using Apache2 proxy
 +
 
 +
# JMX monitoring
 +
$IPTABLES -A INPUT -p tcp -m state --state NEW --dport 1099 -j ACCEPT     # JVM default RMI port
 +
#$IPTABLES -A INPUT -p tcp -m state --state NEW --dport 11099 -j ACCEPT   # JMX standalone port. Not required if you're using default JVM JMX connector on TCP 1616
  
 
# Output
 
# Output
 
$IPTABLES -A OUTPUT -p tcp -m state --state NEW --dport 5672 -j ACCEPT  
 
$IPTABLES -A OUTPUT -p tcp -m state --state NEW --dport 5672 -j ACCEPT  
 +
$IPTABLES -A OUTPUT -p tcp -m state --state NEW --dport 61616 -j ACCEPT
 +
 
$IPTABLES -A OUTPUT -p tcp -m state --state NEW --dport 8161 -j ACCEPT
 
$IPTABLES -A OUTPUT -p tcp -m state --state NEW --dport 8161 -j ACCEPT
 
$IPTABLES -A OUTPUT -p tcp -m state --state NEW --dport 8162 -j ACCEPT
 
$IPTABLES -A OUTPUT -p tcp -m state --state NEW --dport 8162 -j ACCEPT
 +
 +
$IPTABLES -A OUTPUT -p tcp -m state --state NEW --dport 1099 -j ACCEPT
 
$IPTABLES -A OUTPUT -p tcp -m state --state NEW --dport 11099 -j ACCEPT
 
$IPTABLES -A OUTPUT -p tcp -m state --state NEW --dport 11099 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -m state --state NEW --dport 61616 -j ACCEPT
 
 
</syntaxhighlight>
 
</syntaxhighlight>
  
Line 292: Line 301:
  
  
Make sure that you're using the default JVM connector (line 65):
+
Make sure that you're using a new JVM connector (line 65):
 
<syntaxhighlight lang="xml">
 
<syntaxhighlight lang="xml">
 
<broker xmlns="http://activemq.apache.org/schema/core" useJmx="true" brokerName="preprodrtd.vehco.com" dataDirectory="${activemq.data}">  
 
<broker xmlns="http://activemq.apache.org/schema/core" useJmx="true" brokerName="preprodrtd.vehco.com" dataDirectory="${activemq.data}">  
 
   ...  
 
   ...  
 
   <managementContext>
 
   <managementContext>
     <managementContext createConnector="false" />
+
     <managementContext createConnector="true" />
 
   </managementContext>
 
   </managementContext>
 
   ...
 
   ...
Line 340: Line 349:
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
 
# ACTIVEMQ_SUNJMX_START="-Dcom.sun.management.jmxremote.port=11099 "
 
# ACTIVEMQ_SUNJMX_START="-Dcom.sun.management.jmxremote.port=11099 "
ACTIVEMQ_SUNJMX_START="-Dcom.sun.management.jmxremote.port=1616 "
+
ACTIVEMQ_SUNJMX_START="-Dcom.sun.management.jmxremote.rmi.port=1099 "
 
ACTIVEMQ_SUNJMX_START="$ACTIVEMQ_SUNJMX_START -Dcom.sun.management.jmxremote.password.file=${ACTIVEMQ_CONF}/jmx.password"
 
ACTIVEMQ_SUNJMX_START="$ACTIVEMQ_SUNJMX_START -Dcom.sun.management.jmxremote.password.file=${ACTIVEMQ_CONF}/jmx.password"
 
ACTIVEMQ_SUNJMX_START="$ACTIVEMQ_SUNJMX_START -Dcom.sun.management.jmxremote.access.file=${ACTIVEMQ_CONF}/jmx.access"
 
ACTIVEMQ_SUNJMX_START="$ACTIVEMQ_SUNJMX_START -Dcom.sun.management.jmxremote.access.file=${ACTIVEMQ_CONF}/jmx.access"
Line 347: Line 356:
 
</syntaxhighlight>
 
</syntaxhighlight>
  
!! Note that the right port to use is 1616 !!
+
!! Note that the '''default JVM RMI port''' will be used [TCP 1099] instead of the standalone one. !!
 +
 
 +
 
 +
No you can access the console remotely using Jconsole or any other client.
 +
 
 +
URL:  service:jmx:rmi:///jndi/rmi://'''<your hostname>''':1099/jmxrmi
  
  

Revision as of 10:38, 25 April 2014

Manual installation

Installation

Get Apache Active MQ

Get the latest binary version from: http://activemq.apache.org/download.html

Program setup

  • Copy archive to /opt/ directory:
mv apache-activemq-5.9.1-bin.zip /opt/
cd /opt/
  • Unzip and create simlink
unzip apache-activemq-5.9.1-bin.zip
ln -s /opt/apache-activemq-5.9.1/ /opt/activemq/
  • Set executable flag and symlinks
chmod 755 /opt/activemq/bin/activemq
ln -s /opt/activemq/bin/activemq /usr/bin/activemq
ln -s /opt/activemq/bin/activemq /etc/init.d/activemq

Rights adjustments

  • Add non privileged account
adduser -system activemq
addgroup -system activemq
  • Adjust user shell

Edit:

vim /etc/passwd

Adjust the user SHELL

activemq:x:116:65534::/home/activemq:/bin/bash
  • Adjust user group

Edit:

vim /etc/group

Adjust the group membership

activemq:x:1001:activemq
  • Set MQ folder privileges
chown -R activemq:activemq /opt/apache-activemq-5.9.1/
chown -R activemq:activemq /opt/activemq/

Basic configuration

Home + User

  • Set home and user

Edit

vim /opt/activemq/bin/activemq

Set after "Configuration" (line ~ 40)

ACTIVEMQ_HOME=”/opt/activemq”
ACTIVEMQ_USER=”activemq”

Runtime configuration

  • Create runtime configuration. Generate default settings
/opt/activemq/bin/activemq setup /etc/default/activemq
  • Adjust configuration rights
chown root:nogroup /etc/default/activemq
chmod 600 /etc/default/activemq

Add ActiveMQ to boot sequence

cd /etc/init.d
update-rc.d activemq defaults

Remove ActiveMq from boot sequence

update-rc.d -f activemq remove
rm /etc/init.d/activemq


Setup firewall

This is the list of ports that are used by ActiveMQ:

  • port 61616 = JMS queue access
  • port 11099 = JMX remote console (connector port)
  • port 8161 = HTTP manager
  • port 8162 = HTTPS manager
  • port 5672 = AMQP port

Edit your firewall script:

vim /etc/firewall/firewall-start.sh


#### INPUT
# messages
$IPTABLES -A INPUT -p tcp -m state --state NEW --dport 5672 -j ACCEPT       # AMQP port
$IPTABLES -A INPUT -p tcp -m state --state NEW --dport 61616 -j ACCEPT     # JMS port

# web monitoring
#$IPTABLES -A INPUT -p tcp -m state --state NEW --dport 8161 -j ACCEPT     # HTTP web-console. Not required if you're using Apache2 proxy
#$IPTABLES -A INPUT -p tcp -m state --state NEW --dport 8162 -j ACCEPT     # HTTPs web-console. Not required if you're using Apache2 proxy

# JMX monitoring
$IPTABLES -A INPUT -p tcp -m state --state NEW --dport 1099 -j ACCEPT      # JVM default RMI port
#$IPTABLES -A INPUT -p tcp -m state --state NEW --dport 11099 -j ACCEPT    # JMX standalone port. Not required if you're using default JVM JMX connector on TCP 1616

# Output
$IPTABLES -A OUTPUT -p tcp -m state --state NEW --dport 5672 -j ACCEPT 
$IPTABLES -A OUTPUT -p tcp -m state --state NEW --dport 61616 -j ACCEPT

$IPTABLES -A OUTPUT -p tcp -m state --state NEW --dport 8161 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -m state --state NEW --dport 8162 -j ACCEPT

$IPTABLES -A OUTPUT -p tcp -m state --state NEW --dport 1099 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -m state --state NEW --dport 11099 -j ACCEPT


Logs

The application's logs are in $ACTIVEMQ/data/activemq.log

cat /opt/activemq/data/activemq.log


Advanced Configuration (all O.S)

Broker settings

Edit configuration file

  • Linux ~ manual
vim /opt/activemq/conf/activemq.xml
  • Linux ~ auto
vim /etc/activemq/instances-enabled/main/activemq.xml
  • Windows

$ACTIVEMQ/conf/activemq.xml


Adjust broker setting

  • Set broker name
<broker     xmlns="http://activemq.apache.org/schema/core"
        brokerName="myServerName"
       dataDirectory="${activemq.base}/data">
  • Set listener to all interfaces (0.0.0.0)
<transportConnectors>
        <transportConnector name="openwire" uri="tcp://0.0.0.0:61616"/>
</transportConnectors>
  • Limit queues size​
<systemUsage>
 <systemUsage>
  <memoryUsage>
   <memoryUsage limit="64 mb"/>
  </memoryUsage>
  <storeUsage>
   <storeUsage limit="100 gb"/>
  </storeUsage>
  <tempUsage>
   <tempUsage limit="50 gb"/>
  </tempUsage>
 </systemUsage>
</systemUsage>


Enable HTTP web console

Edit your jetty configuration

Linux ~ Manual

vim /opt/activemq/conf/jetty.xml
  • Windows

$ACTIVEMQ/conf/jetty.xml

Adjust broker name and listening port

At the bottom, edit connector :

<property name="connectors">
  <list>
     <bean id="Connector" class="org.eclipse.jetty.server.nio.SelectChannelConnector">
         <property name="port" value="8161" />
         <property name="host" value="0.0.0.0" />
      </bean>
    ...
  </list>
</property>


Change root context for Web-Console

Edit "jetty.xml" [look to the previous §]

Add a new securityConstraintMapping (line 40), " /activemq/* "

<bean id="securityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">
      <property name="constraint" ref="securityConstraint" />
      <property name="pathSpec" value="/api/*,/activemq/*,/admin/*,*.jsp" />
 </bean>


Change the WebAppContext.contextpath value to " /activemq " instead of " /admin "

  <property name="handler">
     <bean id="sec" class="org.eclipse.jetty.server.handler.HandlerCollection">
         <property name="handlers">
             <list>
                 <bean class="org.eclipse.jetty.webapp.WebAppContext">
                    <!-- property name="contextPath" value="/admin" / -->
                    <property name="contextPath" value="/activemq" />
                    <property name="resourceBase" value="${activemq.home}/webapps/admin" />
                    <property name="logUrlOnStart" value="true" />
                 </bean>

                 ...


Manage web-users

vim /opt/activemq/conf/jetty-realm.properties

Edit last line

     admin: admin, admin


Apache 2 mod proxy

If you like to use Apache 2 mod_proxy instead of opening your ports:

Edit either your Virtual Host configuration of mod_proxy.conf :

	ProxyPass /activemq http://localhost:8161/activemq/
	ProxyPassReverse /activemq http://localhost:8161/activemq


Enable JMX remote management and monitoring

Official documentation: http://activemq.apache.org/jmx.html


Add JMX support

Edit configuration:

vim /opt/activemq/conf/activemq.xml


Adjust the broker tag (line 35), add useJmx="true"

<broker xmlns="http://activemq.apache.org/schema/core" useJmx="true" brokerName="preprodrtd.vehco.com" dataDirectory="${activemq.data}">
...
</broker>


Make sure that you're using a new JVM connector (line 65):

<broker xmlns="http://activemq.apache.org/schema/core" useJmx="true" brokerName="preprodrtd.vehco.com" dataDirectory="${activemq.data}"> 
  ... 
  <managementContext>
     <managementContext createConnector="true" />
  </managementContext>
   ...
 </broker>


Create JMX users

  • User creation
vim /opt/activemq/conf/jmx.access

Add some users. As a reminder:

userMq readonly
adminMq readwrite


  • User password
vim /opt/activemq/conf/jmx.password

Set passwords. Usernames must match!

userMq abc123
adminMq abcd1234


JMX settings

Edit activemq launcher

vim /opt/activemq/bin/activemq

Search for ACTIVEMQ_JMX and adjust the lines to:

# ACTIVEMQ_SUNJMX_START="-Dcom.sun.management.jmxremote.port=11099 "
ACTIVEMQ_SUNJMX_START="-Dcom.sun.management.jmxremote.rmi.port=1099 "
ACTIVEMQ_SUNJMX_START="$ACTIVEMQ_SUNJMX_START -Dcom.sun.management.jmxremote.password.file=${ACTIVEMQ_CONF}/jmx.password"
ACTIVEMQ_SUNJMX_START="$ACTIVEMQ_SUNJMX_START -Dcom.sun.management.jmxremote.access.file=${ACTIVEMQ_CONF}/jmx.access"
ACTIVEMQ_SUNJMX_START="$ACTIVEMQ_SUNJMX_START -Dcom.sun.management.jmxremote.ssl=false"
ACTIVEMQ_SUNJMX_START="$ACTIVEMQ_SUNJMX_START -Dcom.sun.management.jmxremote"

!! Note that the default JVM RMI port will be used [TCP 1099] instead of the standalone one. !!


No you can access the console remotely using Jconsole or any other client.

URL: service:jmx:rmi:///jndi/rmi://<your hostname>:1099/jmxrmi


Automatic installation

!! Depending on your distro, you might not have the web console !! This is NOT recommended.

Get binary

apt-get install activemq

Enable instance

  • Check instance
cd /etc/activemq/instances-enabled/
ls

... By default you should have an instance enable.

If not:

ln -s /etc/activemq/instances-available/main /etc/activemq/instances-enabled/main
cp /usr/share/activemq/activemq-options /etc/activemq/instances-available/main/options
  • Edit settings
vim /etc/activemq/instances-available/main/options
  • Adjust $INSTANCE (use 'main')
ACTIVEMQ_BASE="/var/lib/activemq/main"

Create directories

mkdir -p /var/lib/activemq/main/data
mkdir -p /var/lib/activemq/main/data/kahadb                
chown -R activemq:activemq /var/lib/activemq/main
chmod -R 755 /var/lib/activemq/main

Kahadb == MQ embedded DB