I want to run ActiveMQ Artemis (2.10.1) as a Windows Service as a windows service on a Windows Server 2016. I followed the documentation:
On windows you will have the option to run ActiveMQ Artemis as a service. Just use the following command to install it:
$ ./artemis-service.exe install
It works very well as long as I switch user to an account with Administrator rights. However in the project I am working it would be preferable to run the service as a special "service user" account.
When one develops your own Windows service one can use the ServiceProcessInstaller.Account class/property to control which account is used for the service.
I guess this behavior is built into the artemis-service.exe binary and accompanying configuration file, artemis-service.xml.
However I cannot find any documentation or source code for this. Anyone knows?
According to pom.xml during build of Artemis artemis-service.exe is pulled from Maven Repository Artifact winsw what is from WinSW on github. According to its documentation you have to specify the service account in the xml file:
Service account
It is possible to specify the useraccount (and password) that the
service will run as. To do this, specify a element
like this:
<serviceaccount>
<domain>YOURDOMAIN</domain>
<user>useraccount</user>
<password>Pa55w0rd</password>
<allowservicelogon>true</allowservicelogon>
</serviceaccount>
The <allowservicelogon> is optional. If set to true, will
automatically set the "Allow Log On As A Service" right to the listed
account.
Someone already tried to do something similar you are triying and opened the issue register service as local service and not system service #121.
Related
I am using the e-signature Java SDK for the application that I developed.
The application will run on a docker container and the container on a Linux server.
There is a proxy configured on this server and I have been asked if there is anything that they have to configure regarding DocuSign integration.
This answer on GitHub says that SDK would automatically pick up the proxy settings of the system.
What happens on my case. Will it pick the server or the container settings. Should I manually set the proxy settings in code?
Unfortunately I do not have access to the system (or to any similar system) so it is not possible to test the application.
The answer you linked to (https://github.com/docusign/docusign-esign-java-client/issues/152#issuecomment-653926077) talked about an enhancement request that will enable a specific ApiClient with its own proxy for the Java SDK.
You do need to update the proxy settings in your code if you know what they are.
I'd like to keep track of data that might be stuck in Apache Artemis queues and I'd like to leverage its JMX management abilities together with our Zabbix instance.
What steps do I need to take in order to successfully connect Zabbix to Artemis via JMX? The ones mentioned in https://activemq.apache.org/artemis/docs/latest/management.html are not quite clear to me.
I had to disable the internal connector and go the other way around by adding this to the artemis.profile file:
JAVA_ARGS="$JAVA_ARGS -Dcom.sun.management.jmxremote"
JAVA_ARGS="$JAVA_ARGS -Dcom.sun.management.jmxremote.authenticate=false"
JAVA_ARGS="$JAVA_ARGS -Dcom.sun.management.jmxremote.ssl=false"
JAVA_ARGS="$JAVA_ARGS -Dcom.sun.management.jmxremote.port=1099"
JAVA_ARGS="$JAVA_ARGS -Dcom.sun.management.jmxremote.rmi.port=1098"
JAVA_ARGS="$JAVA_ARGS -Djava.rmi.server.hostname=edimq-broker-master-az1.dc01.clouedi.local"
However, this way it's anything but secure, I know.
As the documentation states, you need to add this to your management.xml:
<connector connector-port="1099"/>
This will expose a JMX connector on localhost so if you want to be able to access it remotely from another machine on your network (i.e. your Zabbix instance) then you should do something like:
<connector connector-port="1099" connector-host="myhost" />
Also, if you have multiple IP addresses on the machine hosting the broker you'll want to set this system property in the JAVA_ARGS variable in artemis.profile:
-Djava.rmi.server.hostname=myhost
Then point your Zabbix instance at the broker using a url like:
service:jmx:rmi:///jndi/rmi://myhost:1099/jmxrmi
You can see this in action by running the jmx example shipped with Artemis in the examples/features/standard/ directory. Just navigate into that directory and run mvn verify. Running the example will create a broker instance, start the broker instance, and run the client all automatically. After the example runs you can go to into the target/server0 directory and look at all the configuration files to compare them to your own. You can also start broker independently of the example if you wish (by running ./artemis run from the target/server0/bin directory). Once the broker is running you should be able to connect to it with JConsole no problem using a JMX url like this:
service:jmx:rmi:///jndi/rmi://localhost:1099/jmxrmi
I have used Bitnami VM to deploy Parse Server on Azure but I cannot seem to be able to access Parse Server Dashboard. What URL is it available on? Do I need to open any ports?
Just an update on this. A new version of Parse Server provided by Bitnami is now available in the Azure Marketplace. The new version does include the Dashboard.
Have you been following Bitnami instructions?
It states you can access the dashboard using this URL: http://[server-IP-address]/parse
This means only TCP/80 port needs to be open (on your Network Security Group if you use one or in your VM ACL if you don't).
You have now other (probably easier) options to deploy Parse Server on Azure:
using a dedicated ARM template leveraging Azure services (App Service, DocumentDB, Notification hub, ...).
using Azure App Service with the original Facebook/Parse version with MongoDB.
I've got it. The bitnami guys were kind enough to reply to me for this topic:
You can launch the latest Parse version that ships the Dashboard from https://vmdepot.msopentech.com/Vhd/Show?vhdId=64574&version=66817 It could take some time to be available in the Azure Marketplace
So bottom line, use the image from VM depot and not the one on Azure Marketplace as it is an old one and doesn't include the Dashboard.
I'm not sure if this is proper place for such question (maybe should be placed on SuperUser?), but I'll try.
I have one C# console application and one Windows service. Both does the same, but console app was created before and is kept for backward compatibility. Each of these is running WCF service, whose methods operates on files in C:\ProgramData\MyApp. Console app is run as limited user (non-admin), Windows service runs as NT AUTHORITY\NETWORK SERVICE. When app creates some dirs/files, service cannot delete it and vice versa.
I would like to have it secured. My question is: should I grant full permissions on C:\ProgramData\MyApp to NETWORK SERVICE and current user? Or should I create dedicated user for running service/app?
Assuming your application does not set explicit security permission on newly created files, granting Network Service account Delete permissions on the folder would solve your immediate problem.
This command will do the work:
icacls c:\ProgramData\MyApp /t /grant "NETWORK SERVICE":(OI)(CI)(IO)D
Repeat the same for your other user service account.
I have designed a simple windows service in .NET 2.0.
I am trying to deploy it on my local machine. I have switched to design view, and setup ServiceInstaller and ServiceProcessInstaller objects. There is a Project Installer. I have also wrapped the Windows Service into a .NET setup project and install it, leaving an .exe in the specified directory.
I have fired up cmd and entered the path to installutil. This works fine, but then I typeinstallutil and the full path to the service, in Visual Studio command prompt, and this does not work (I've also tried installutil /i and all sorts of things out of desperation). The permissions are local system (extensive).
Any ideas what I am doing wrong? For those here who have installed Windows Services, what was your methodology to install the service?
Thanks
We actually create an installer built into our application. It's a console app that has a command line to install/uninstall the server as well as run as a service or in console mode.
See this article on a Self Installing Service for some details. I like this method as it provides flexibility.
DESCRIPTION:
SC is a command line program used for communicating with the
NT Service Controller and services.
USAGE:
sc [command] [service name] ...
The option has the form "\\ServerName"
Further help on commands can be obtained by typing: "sc [command]"
Commands:
query-----------Queries the status for a service, or
enumerates the status for types of services.
queryex---------Queries the extended status for a service, or
enumerates the status for types of services.
start-----------Starts a service.
pause-----------Sends a PAUSE control request to a service.
interrogate-----Sends an INTERROGATE control request to a service.
continue--------Sends a CONTINUE control request to a service.
stop------------Sends a STOP request to a service.
config----------Changes the configuration of a service (persistant).
description-----Changes the description of a service.
failure---------Changes the actions taken by a service upon failure.
qc--------------Queries the configuration information for a service.
qdescription----Queries the description for a service.
qfailure--------Queries the actions taken by a service upon failure.
delete----------Deletes a service (from the registry).
create----------Creates a service. (adds it to the registry).
control---------Sends a control to a service.
sdshow----------Displays a service's security descriptor.
sdset-----------Sets a service's security descriptor.
GetDisplayName--Gets the DisplayName for a service.
GetKeyName------Gets the ServiceKeyName for a service.
EnumDepend------Enumerates Service Dependencies.
The following commands don't require a service name:
sc
boot------------(ok | bad) Indicates whether the last boot should
be saved as the last-known-good boot configuration
Lock------------Locks the Service Database
QueryLock-------Queries the LockStatus for the SCManager Database
EXAMPLE:
sc start MyService
Here's another reference specific to .NET services.
http://bytes.com/forum/thread739857.html
I'm calling installutil in my setup package and it works for me just fine.
That'd be great if you posted an error message that you're getting when running installutil.