I'm running ActiveMQ Artemis inside of docker containers for our three environments (DEV/QA/PROD).
The management console typically runs on port 8161 and so I included this in the artemis create statement when I created the broker.
--http-host 0.0.0.0 --http-port 8161
So this causes the following two changes that I can see:
bootstrap.xml gets the host/port:
<web bind="http://0.0.0.0:8161" path="web">
<app url="redhat-branding" war="redhat-branding.war"/>
<app url="artemis-plugin" war="artemis-plugin.war"/>
<app url="dispatch-hawtio-console" war="dispatch-hawtio-console.war"/>
<app url="console" war="console.war"/>
</web>
jolokia-access.xml gets the host/port:
<allow-origin>*://0.0.0.0*</allow-origin>
I'm trying to access the ActiveMQ Artemis Hawtio management console from a remote computer, but the exposed docker ports are not 8161. They're the mapped ports 38161, 48161, & 58161.
So when I login to the management console, I get:
Operation unknown failed due to: java.lang.Exception : Origin http://10.0.20.2:58161 is not allowed to call this agent
Uncaught TypeError: Cannot read property 'apply' of undefined (http://10.0.20.2:58161/console/app/app.js:16:14127)
Uncaught TypeError: Cannot read property 'apply' of undefined (http://10.0.20.2:58161/console/app/app.js:16:14127)
...
I believe the problem here is that your jolokia-access.xml using this:
<allow-origin>*://0.0.0.0*</allow-origin>
However, you're attempting to access the console via http://10.0.20.2:58161 which isn't allowed based on your jolokia-access.xml. Therefore you need to change the jolokia-access.xml to allow the IP:port you're actually going to use to connect.
You can read more about the jolokia-access.xml in the Jolokia security documentation.
For clarity's sake, the meta-address 0.0.0.0 is basically the "no particular address" placeholder and in the context of binding a listener to a network interface it means the listener should bind/listen to all interfaces. However, in the context of <allow-origin> for Jolokia security it doesn't mean allow all origins. The <allow-origin> supports literal matches and wild-cards (as noted in the documentation linked above). Therefore, if 0.0.0.0 is specified it attempts to literally match 0.0.0.0. There is no way to disable Jolokia security from the create command. If you were to pass something like --http-host 10.0.20.* to the create command then 10.0.20.* would be used to bind the webserver in bootstrap.xml which would fail.
There is the option of using --relax-jolokia which will disable strict checking which may help your use-case.
Just you need to make change on the jolokia-access.xml file to edit cors :
<allow-origin>*://*</allow-origin>
For more information about this you can refert to : https://medium.com/#hasnat.saeed/setup-activemq-artemis-on-ubuntu-18-04-76bb4975308b
Related
I am trying to mirror a kafka topic from a provider in a container in an ec2 instance to a consumer, and messages are not coming through. I suspect that I am messing things up with the .properties configs, as this is my first time using MirrorMaker. I may have also messed up with pointing to the wrong ports somewhere along the way.
The would-be provider broker is running in a centOS container in an ec2 instance. The provider is receiving data from a remote MySQL server through a custom-configured jdbc source connector to a topic called mysql-jdbc-events. The provider is successfully receiving messages.
The would-be consumer is currently on the host ec2 instance, although that will change once it's successfully been tested. I mapped port 12181 of the host to port 2181 of the container (where zookeeper is running). I am running the MirrorMaker command from the consumer.
I ran the command
./kafka-run-class.sh kafka.tools.MirrorMaker --consumer.config /path/to/config/consumer.properties --producer.config /path/to/config/producer.properties --whitelist "mysql-jdbc-events"
consumer.properties:
# format: host1:port1,host2:port2 ...
zookeeper.connect=(host ip-address):12181
zookeeper.connection.timeout.ms=10000
bootstrap.servers=localhost:9092
# consumer group id
group.id=mirror_group
producer.properties:
# format: host1:port1,host2:port2 ...
zookeeper.connect=(host ip-address):2181
bootstrap.servers=localhost:9092
# specify the compression codec for all data generated: none, gzip, snappy, lz4, zstd
compression.type=none
I tried both with and without the zookeeper.connect parameter in the producer config because I found conflicting about it being necessary. I also got a warning to the effect of WARN The configuration 'zookeeper.connect' was supplied but isn't a known config., but I read elsewhere on SO that this could be ignored.
I did not get any messages populated to the topic at the consumer, but there are messages in the topic at the producer.
If any more information would be helpful, please let me know.
I am also not married to this configuration - if there is a simpler way to keep the jdbc in the container and forward the messages to a kafka instance outside the container, that's good too.
I'd like to keep track of data that might be stuck in Apache Artemis queues and I'd like to leverage its JMX management abilities together with our Zabbix instance.
What steps do I need to take in order to successfully connect Zabbix to Artemis via JMX? The ones mentioned in https://activemq.apache.org/artemis/docs/latest/management.html are not quite clear to me.
I had to disable the internal connector and go the other way around by adding this to the artemis.profile file:
JAVA_ARGS="$JAVA_ARGS -Dcom.sun.management.jmxremote"
JAVA_ARGS="$JAVA_ARGS -Dcom.sun.management.jmxremote.authenticate=false"
JAVA_ARGS="$JAVA_ARGS -Dcom.sun.management.jmxremote.ssl=false"
JAVA_ARGS="$JAVA_ARGS -Dcom.sun.management.jmxremote.port=1099"
JAVA_ARGS="$JAVA_ARGS -Dcom.sun.management.jmxremote.rmi.port=1098"
JAVA_ARGS="$JAVA_ARGS -Djava.rmi.server.hostname=edimq-broker-master-az1.dc01.clouedi.local"
However, this way it's anything but secure, I know.
As the documentation states, you need to add this to your management.xml:
<connector connector-port="1099"/>
This will expose a JMX connector on localhost so if you want to be able to access it remotely from another machine on your network (i.e. your Zabbix instance) then you should do something like:
<connector connector-port="1099" connector-host="myhost" />
Also, if you have multiple IP addresses on the machine hosting the broker you'll want to set this system property in the JAVA_ARGS variable in artemis.profile:
-Djava.rmi.server.hostname=myhost
Then point your Zabbix instance at the broker using a url like:
service:jmx:rmi:///jndi/rmi://myhost:1099/jmxrmi
You can see this in action by running the jmx example shipped with Artemis in the examples/features/standard/ directory. Just navigate into that directory and run mvn verify. Running the example will create a broker instance, start the broker instance, and run the client all automatically. After the example runs you can go to into the target/server0 directory and look at all the configuration files to compare them to your own. You can also start broker independently of the example if you wish (by running ./artemis run from the target/server0/bin directory). Once the broker is running you should be able to connect to it with JConsole no problem using a JMX url like this:
service:jmx:rmi:///jndi/rmi://localhost:1099/jmxrmi
I am using the ActiveMQ extension of AppDynamics. It is good to start. With JMXRemote(enabled in artemis.profile) it is OK. But, I want it from localhost. JMX is enabled by default for localhost for AMQ. AMQ management console use jmx internally and it works without JMXRemote enabled. What service URL jolokia use internally to connect using JMX from localhost? I have tryed with following URL:
serviceUrl: "service:jmx:rmi:///jndi/rmi://:1099/jmxrmi"
The first step is to add a username and password in the etc/users.properties file. For most purposes, it is ok to just
use the default settings provided out of the box. For this, just uncomment the following line:
admin=admin,admin,manager,viewer,Operator, Maintainer, Deployer, Auditor, Administrator, SuperUser
Then, you must bypass credential checks on BrokeViewMBean by adding it to the whitelist ACL configuration. You can do so by replacing this line:
org.apache.activemq.Broker;getBrokerVersion=bypass
with this:
org.apache.activemq.Broker=bypass
In addition to being the correct way, it also enables several different configuration options (eg: port, listen address, etc) by just changing the file org.apache.karaf.management.cfg on broker's etc directory.
Please keep in mind that JMX access is made through a different JMX connector root in this case: it uses karaf-root instead of jmxrmi, which was previously used in the older method. It also uses port 1099 by default, instead of 1616.
Therefore, the uri should be
service:jmx:rmi:///jndi/rmi://<host>:<port>/karaf-root
I m trying setup a cassandra cluster as a test bed but gave the JMX remote connection error. I seem to found the answer for my error from cassandra FAQ page
Nodetool says "Connection refused to host: 127.0.1.1" for any remote host. What gives?
Nodetool relies on JMX, which in turn relies on RMI, which in turn sets up it's own listeners and connectors as needed on each end of the exchange. Normally all of this happens behind the scenes transparently, but incorrect name resolution for either the host connecting, or the one being connected to, can result in crossed wires and confusing exceptions.
If you are not using DNS, then make sure that your /etc/hosts files are accurate on both ends. If that fails try passing the -Djava.rmi.server.hostname=$IP option to the JVM at startup (where $IP is the address of the interface you can reach from the remote machine).
But can somebody help me on how to do -Djava.rmi.server.hostname=$IP
Or what to add is hosts file, i know that in hosts normally we add "IP Alias", but whose ip and alias.
I dont know much java or either linux
I m currently working on ubuntu v10.04 and cassandra v0.74
Sudesh
For JMX you need to enable JMX-remoting:
java -Dcom.sun.management.jmxremote
Depending on from where you want to access the jmx-server, you also need to specify a port:
-Dcom.sun.management.jmxremote.port=12345
and set or disable passwords.
Have a look at http://download.oracle.com/javase/1.5.0/docs/guide/management/agent.html for more details.
I am running a JBoss instance on a linux server
I am using the ./run.sh -b
This is not working what could be the reason.
I am unable to share the error message details as of now will post it when I can, till then any alternatives or solutions ?
The -b [IP-Address|Hostname] option binds services to the given interface, using 0.0.0.0 as IP makes the services available to all interfaces.
It really depends on the error message I suppose you receive a java.net.BindException: Address already in use: JVM_Bind In this case you need to identify to service already bound to this port and disable or reconfigure it. Alternativly you could reconfigure you jboss