Artemis: How to make maximally resilient/retrying connection

2022-11-07 Thread John Lilley 
Greetings,

I’d like to ensure maximal resilience of the broker connection, specifically:

  *   If the Artemis broker is not running when our services start, the 
connection attempt hangs until the broker is available, and then returns the 
connection
  *   If the Artemis broker fails while our services are running, our services 
consumers and producers will hang/block until the broker is available

I *thought* I was doing that by using the URL
tcp://localhost:61616?reconnectAttempts=-1

However, I find that the connection attempt just throws an exception

java.lang.RuntimeException: Failed to create JMS connection to 
'tcp://localhost:61616?reconnectAttempts=-1'
at 
net.redpoint.ipc.jms.JmsStaticConnectionPool.makeConnection(JmsStaticConnectionPool.java:83)
at 
net.redpoint.ipc.jms.JmsStaticConnectionPool.lambda$getConnection$0(JmsStaticConnectionPool.java:46)
at 
java.base/java.util.concurrent.ConcurrentHashMap.computeIfAbsent(ConcurrentHashMap.java:1708)
at 
net.redpoint.ipc.jms.JmsStaticConnectionPool.getConnection(JmsStaticConnectionPool.java:46)
at 
net.redpoint.ipc.jms.JmsServerBase.getConnection(JmsServerBase.java:77)
at net.redpoint.ipc.jms.JmsServerBase.start(JmsServerBase.java:63)
at 
net.redpoint.ipc.servers.TopicServerBase.start(TopicServerBase.java:36)
at 
net.redpoint.rpdm.cache_invalidation_query.CacheInvalidationQueryServerImpl.start(CacheInvalidationQueryServerImpl.java:100)
at 
net.redpoint.rpdm.combinedservice.CombinedServices.start(CombinedServices.java:75)
at 
net.redpoint.rpdm.combinedservice.CombinedServices.run(CombinedServices.java:114)
at net.redpoint.rpdm.combinedservice.Main.main(Main.java:51)
Caused by: javax.jms.JMSException: Failed to create session factory
at 
org.apache.activemq.artemis.jms.client.ActiveMQConnectionFactory.createConnectionInternal(ActiveMQConnectionFactory.java:867)
at 
org.apache.activemq.artemis.jms.client.ActiveMQConnectionFactory.createConnection(ActiveMQConnectionFactory.java:284)
at 
org.apache.activemq.artemis.jms.client.ActiveMQConnectionFactory.createConnection(ActiveMQConnectionFactory.java:279)
at 
net.redpoint.ipc.jms.MyConnectionFactory.createConnection(MyConnectionFactory.java:31)
at 
net.redpoint.ipc.jms.JmsStaticConnectionPool.makeConnection(JmsStaticConnectionPool.java:76)
... 10 more
Caused by: ActiveMQNotConnectedException[errorType=NOT_CONNECTED 
message=AMQ219007: Cannot connect to server(s). Tried with all available 
servers.]
at 
org.apache.activemq.artemis.core.client.impl.ServerLocatorImpl.createSessionFactory(ServerLocatorImpl.java:703)
at 
org.apache.activemq.artemis.jms.client.ActiveMQConnectionFactory.createConnectionInternal(ActiveMQConnectionFactory.java:865)
... 14 more

Can someone help me understand how this is designed to work, and how best to 
achieve the two goals above?

Thanks
John



[rg] 

John Lilley

Data Management Chief Architect, Redpoint Global Inc.

888 Worcester Street, Suite 200 Wellesley, MA 02482

M: +1 7209385761 | 
john.lil...@redpointglobal.com

PLEASE NOTE: This e-mail from Redpoint Global Inc. (“Redpoint”) is confidential 
and is intended solely for the use of the individual(s) to whom it is 
addressed. If you believe you received this e-mail in error, please notify the 
sender immediately, delete the e-mail from your computer and do not copy, print 
or disclose it to anyone else. If you properly received this e-mail as a 
customer, partner or vendor of Redpoint, you should maintain its contents in 
confidence subject to the terms and conditions of your agreement(s) with 
Redpoint.

Re: ACTIVEMQ WEBCONSOLE BROKE CONNECTION | JNDI Question

2022-11-07 Thread Manjunath Kashyap 
HI Matt,

I updated the configs as below,

Activemq.xml:



 


Added the below parameter in activemq: env file:

ACTIVEMQ_SUNJMX_CONTROL="-Dcom.sun.management.jmxremote.port=5014 
-Dcom.sun.management.jmxremote.ssl=false  
-Dcom.sun.management.jmxremote.password.file=$ACTIVEMQ_BASE/conf/jmx.password  
-Dcom.sun.management.jmxremote.access.file=$ACTIVEMQ_BASE/conf/jmx.access”

Observations:

1. Port 5014 is not listening when the broker is started.
2. I see the below message when the broker is stopped

INFO: failed to resolve jmxUrl for pid:946, using default JMX url
Connecting to JMX URL: service:jmx:rmi:///jndi/rmi://localhost:1099/jmxrmi
.INFO: Broker not available at: 
service:jmx:rmi:///jndi/rmi://localhost:1099/jmxrmi

Please let me know if I am doing something incorrectly. 

BR/Kashyap.

> On 08-Nov-2022, at 12:26 AM, Matt Pavlovich  wrote:
> 
> Hello Manjunath-
> 
> Looks like you are creating multiple JMX connectors (one is JVM default, the 
> other is ActiveMQ creating one per your non-default configuration). ActiveMQ 
> does not need a dedicated connector, so you can modify the  createConnector=“false” /> and just use the -D parameters.
> 
> ref: https://activemq.apache.org/jmx 
> 
> Thanks,
> Matt Pavlovich
> 
>> On Nov 7, 2022, at 12:21 PM, Manjunath Kashyap  
>> wrote:
>> 
>> Hi All,
>> 
>> ISSUE:
>> 
>> We have Installed AMQ in a MASTER/SLAVE pair for both Consumers and 
>> Producers.
>> We also have installed the Web console to list all the queues using the 
>> MBEAN connector.
>> AS part of this implementation, we have provided the JMX plain username and 
>> password in the Catalina.sh script.
>> 
>> We have been told this is a Security threat and are requested to remove the 
>> Plain password from the process.The config and output is as shown below.
>> 
>> activemq.xml:
>> 
>> 
>>  > connectorPort="5014">
>>   > xmlns="http://www.springframework.org/schema/beans; name="environment">
>>http://www.springframework.org/schema/beans;>
>>http://www.springframework.org/schema/beans;
>>   key="jmx.remote.x.password.file"
>>  value="${activemq.base}/conf/jmx.password"/>
>>http://www.springframework.org/schema/beans;
>>  key="jmx.remote.x.access.file"
>>value="${activemq.base}/conf/jmx.access"/>
>>
>>   
>> 
>> 
>> 
>> Catalina.sh :
>> 
>> JAVA_OPTS="$JAVA_OPTS -Dwebconsole.type=properties 
>> -Dwebconsole.jms.url=failover:\(tcp://MASTER:52671,tcp://SLAVE:52671\) 
>> -Dwebconsole.jmx.url=service:jmx:rmi:///jndi/rmi://MASTER:5014/jmxrmi,service:jmx:rmi:///jndi/rmi://SLAVE:5014/jmxrmi
>>  -Dwebconsole.jmx.user=admin -Dwebconsole.jmx.password=***”
>> 
>> 
>> The process displays the password in plain text. So to overcome this issue 
>> we tried the below configuration in Catalina.sh but no luck,
>> 
>> JAVA_OPTS="$JAVA_OPTS -Dwebconsole.type=properties 
>> -Dwebconsole.jms.url=failover:\(tcp://MASTER:52671,tcp://SLAVE:52671\) 
>> -Dwebconsole.jmx.url=service:jmx:rmi:///jndi/rmi://MASTER:5014/jmxrmi,service:jmx:rmi:///jndi/rmi://SLAVE:5014/jmxrmi
>>  -Dcom.sun.management.jmxremote.ssl=false 
>> -Dcom.sun.management.jmxremote.password.file=/opt/sncr/product/ActiveMQ/DEV/AMQ_ETL_MASTER/apache-activemq-5.16.4/conf/jmx.password
>>  
>> -Dcom.sun.management.jmxremote.access.file=/opt/sncr/product/ActiveMQ/DEV/AMQ_ETL_MASTER/apache-activemq-5.16.4/conf/jmx.access
>>  -Dcom.sun.management.jmxremote.rmi.port=5014 
>> -Dcom.sun.management.jmxremote.authenticate=true”
>> 
>> 
>> Question: Is there a way to hide the password in the tomcat configuration to 
>> authenticate to the brokers?
>> 
>> 
>> Thanks,
>> Kashyap.
>

Re: ACTIVEMQ WEBCONSOLE BROKE CONNECTION | JNDI Question

2022-11-07 Thread Matt Pavlovich 
Hello Manjunath-

Looks like you are creating multiple JMX connectors (one is JVM default, the 
other is ActiveMQ creating one per your non-default configuration). ActiveMQ 
does not need a dedicated connector, so you can modify the  and just use the -D parameters.

ref: https://activemq.apache.org/jmx 

Thanks,
Matt Pavlovich

> On Nov 7, 2022, at 12:21 PM, Manjunath Kashyap  
> wrote:
> 
> Hi All,
> 
> ISSUE:
> 
> We have Installed AMQ in a MASTER/SLAVE pair for both Consumers and Producers.
> We also have installed the Web console to list all the queues using the MBEAN 
> connector.
> AS part of this implementation, we have provided the JMX plain username and 
> password in the Catalina.sh script.
> 
> We have been told this is a Security threat and are requested to remove the 
> Plain password from the process.The config and output is as shown below.
> 
> activemq.xml:
> 
> 
>connectorPort="5014">
> xmlns="http://www.springframework.org/schema/beans; name="environment">
> http://www.springframework.org/schema/beans;>
> http://www.springframework.org/schema/beans;
>key="jmx.remote.x.password.file"
>   value="${activemq.base}/conf/jmx.password"/>
> http://www.springframework.org/schema/beans;
>   key="jmx.remote.x.access.file"
> value="${activemq.base}/conf/jmx.access"/>
> 
>
>  
> 
> 
> Catalina.sh :
> 
> JAVA_OPTS="$JAVA_OPTS -Dwebconsole.type=properties 
> -Dwebconsole.jms.url=failover:\(tcp://MASTER:52671,tcp://SLAVE:52671\) 
> -Dwebconsole.jmx.url=service:jmx:rmi:///jndi/rmi://MASTER:5014/jmxrmi,service:jmx:rmi:///jndi/rmi://SLAVE:5014/jmxrmi
>  -Dwebconsole.jmx.user=admin -Dwebconsole.jmx.password=***”
> 
> 
> The process displays the password in plain text. So to overcome this issue we 
> tried the below configuration in Catalina.sh but no luck,
> 
> JAVA_OPTS="$JAVA_OPTS -Dwebconsole.type=properties 
> -Dwebconsole.jms.url=failover:\(tcp://MASTER:52671,tcp://SLAVE:52671\) 
> -Dwebconsole.jmx.url=service:jmx:rmi:///jndi/rmi://MASTER:5014/jmxrmi,service:jmx:rmi:///jndi/rmi://SLAVE:5014/jmxrmi
>  -Dcom.sun.management.jmxremote.ssl=false 
> -Dcom.sun.management.jmxremote.password.file=/opt/sncr/product/ActiveMQ/DEV/AMQ_ETL_MASTER/apache-activemq-5.16.4/conf/jmx.password
>  
> -Dcom.sun.management.jmxremote.access.file=/opt/sncr/product/ActiveMQ/DEV/AMQ_ETL_MASTER/apache-activemq-5.16.4/conf/jmx.access
>  -Dcom.sun.management.jmxremote.rmi.port=5014 
> -Dcom.sun.management.jmxremote.authenticate=true”
> 
> 
> Question: Is there a way to hide the password in the tomcat configuration to 
> authenticate to the brokers?
> 
> 
> Thanks,
> Kashyap.

Re: SLACK CHANNEL REQUEST

2022-11-07 Thread Manjunath Kashyap 
Thanks Justin :)

> On 07-Nov-2022, at 11:50 PM, Justin Bertram  wrote:
> 
> Done.
> 
> 
> Justin
> 
> On Mon, Nov 7, 2022 at 12:10 PM Manjunath Kashyap <
> mail2manjukash...@gmail.com> wrote:
> 
>> Hi All,
>> 
>> Requesting you to add me to the ASF-Slack channel.
>> 
>> BR/Kashyap.
>> 
>>

ACTIVEMQ WEBCONSOLE BROKE CONNECTION | JNDI Question

2022-11-07 Thread Manjunath Kashyap 
Hi All,

ISSUE:

We have Installed AMQ in a MASTER/SLAVE pair for both Consumers and Producers.
We also have installed the Web console to list all the queues using the MBEAN 
connector.
AS part of this implementation, we have provided the JMX plain username and 
password in the Catalina.sh script.

We have been told this is a Security threat and are requested to remove the 
Plain password from the process.The config and output is as shown below.

activemq.xml:



http://www.springframework.org/schema/beans; name="environment">
 http://www.springframework.org/schema/beans;>
 http://www.springframework.org/schema/beans;
 key="jmx.remote.x.password.file"
   value="${activemq.base}/conf/jmx.password"/>
 http://www.springframework.org/schema/beans;
   key="jmx.remote.x.access.file"
 value="${activemq.base}/conf/jmx.access"/>
 

  


Catalina.sh :

JAVA_OPTS="$JAVA_OPTS -Dwebconsole.type=properties 
-Dwebconsole.jms.url=failover:\(tcp://MASTER:52671,tcp://SLAVE:52671\) 
-Dwebconsole.jmx.url=service:jmx:rmi:///jndi/rmi://MASTER:5014/jmxrmi,service:jmx:rmi:///jndi/rmi://SLAVE:5014/jmxrmi
 -Dwebconsole.jmx.user=admin -Dwebconsole.jmx.password=***”


The process displays the password in plain text. So to overcome this issue we 
tried the below configuration in Catalina.sh but no luck,

JAVA_OPTS="$JAVA_OPTS -Dwebconsole.type=properties 
-Dwebconsole.jms.url=failover:\(tcp://MASTER:52671,tcp://SLAVE:52671\) 
-Dwebconsole.jmx.url=service:jmx:rmi:///jndi/rmi://MASTER:5014/jmxrmi,service:jmx:rmi:///jndi/rmi://SLAVE:5014/jmxrmi
 -Dcom.sun.management.jmxremote.ssl=false 
-Dcom.sun.management.jmxremote.password.file=/opt/sncr/product/ActiveMQ/DEV/AMQ_ETL_MASTER/apache-activemq-5.16.4/conf/jmx.password
 
-Dcom.sun.management.jmxremote.access.file=/opt/sncr/product/ActiveMQ/DEV/AMQ_ETL_MASTER/apache-activemq-5.16.4/conf/jmx.access
 -Dcom.sun.management.jmxremote.rmi.port=5014 
-Dcom.sun.management.jmxremote.authenticate=true”


Question: Is there a way to hide the password in the tomcat configuration to 
authenticate to the brokers?


Thanks,
Kashyap.

Re: SLACK CHANNEL REQUEST

2022-11-07 Thread Justin Bertram 
Done.


Justin

On Mon, Nov 7, 2022 at 12:10 PM Manjunath Kashyap <
mail2manjukash...@gmail.com> wrote:

> Hi All,
>
> Requesting you to add me to the ASF-Slack channel.
>
> BR/Kashyap.
>
>

SLACK CHANNEL REQUEST

2022-11-07 Thread Manjunath Kashyap 
Hi All,

Requesting you to add me to the ASF-Slack channel.

BR/Kashyap.

How to revoke write access to Acceptors folder in ActiveMQ Artemis Management Console(Jolokia)

2022-11-07 Thread Ekta Awasthi 
Hello All,

Seeking some guidance on how to revoke all the write access to Artemis 
Management Console(Jolokia). I understand we can control the rbac for the 
addresses by playing around in the management.xml but I am unable to determine 
on how to control the acceptors folder which includes the Artemis + cluster 
folder configuration from the management console (Jolokia). Recently, we had a 
team member who closed all the open sessions from management console by 
navigating to acceptors folder and under the session column, which caused a big 
outage for the company.

We would like to completely revoke write access to acceptors folder + columns 
including Connections, sessions, consumers, etc so that no one can take any 
actions such as closing connections sessions.

[cid:6a2fe4ac-1e88-4800-9b87-e33d1a9e75cb]


If anyone knows how to handle this, would really help us out. Thanks In advance.

Ekta Awasthi,
Engineer, EAI Operations & Support | Office Depot, Inc.
6600 North Military Trail | Boca Raton, FL 33496-2434
Office: 561-438-3552 | Mobile: 206-966-5577 | 
ekta.awas...@officedepot.com

-- Tips for EAI Support Engagement --
-EAI Pre-Prod Support: Create requests on the following JIRA board EAI 
Operations 
Support
-EAI Production Support: Create requests via IT Service 
Desk self-service 
portal, instructions click 
here:
 EAI Support queue --> ODP - Enterprise Apps Integration Support
-As a reminder, the Service Availability Managers should be engaged for any 
service impacting issues, with a ***Page*** to 
naitavailabilitym...@officedepot.com
 or by initiating a MIRT

CONFIDENTIALITY NOTICE: The information contained in this email and attached 
document(s) may contain confidential information that is intended only for the 
addressee(s). If you are not the intended recipient, you are hereby advised 
that any disclosure, copying, distribution or the taking of any action in 
reliance upon the information is prohibited. If you have received this email in 
error, please immediately notify the sender and delete it from your system.