On Mon, Sep 24, 2012 at 3:38 PM, Kayode Odeyemi <[email protected]> wrote: > On Mon, Sep 24, 2012 at 1:07 PM, Claus Ibsen <[email protected]> wrote: > >> Hi >> >> When AMQ startup it uses JMX and exposes a JMX connector over TCP. >> This is using port 1099 by default. >> Since you get a connection refused there may be another process that >> uses this port. >> >> You can change the port number to something else. See details at >> http://activemq.apache.org/jmx.html >> >> In the conf/activemq.xml file you can configure this, by adding that >> piece of XML snippet, where you can set a different port number. >> >> You can also disable JMX all together, but then you cannot mange the >> broker over JMX which most people want to be able to do. >> >> Thanks. But I'll like to ask for a bit of clearance in this area; > > Are the following still required in 5.5+ > > conf/jmx.access: > > # The "monitorRole" role has readonly access. > # The "controlRole" role has readwrite access. > monitorRole readonly > controlRole readwrite > > conf/jmx.password: > > # The "monitorRole" role has password "abc123". > # The "controlRole" role has password "abcd1234". > monitorRole abc123 > controlRole abcd1234 > > > I don't have the following set in /etc/default/activemq. > > SUNJMX="-Dcom.sun.management.jmxremote.port=1616 > -Dcom.sun.management.jmxremote.ssl=false \ > > -Dcom.sun.management.jmxremote.password.file=${ACTIVEMQ_BASE}/conf/jmx.password > \ > > -Dcom.sun.management.jmxremote.access.file=${ACTIVEMQ_BASE}/conf/jmx.access" > > > Is this still required in 5.5+ ? >
I think those -Dcom.sun... options is for JMX security. eg its standard Java stuff how to specify access control files for JMX access. It's not fancy but I guess it gets the job done. http://docs.oracle.com/javase/1.5.0/docs/guide/jmx/tutorial/security.html So you only need it if you want this kind of security. > My activemq.xml reads: > > > <beans > xmlns="http://www.springframework.org/schema/beans"; > xmlns:amq="http://activemq.apache.org/schema/core"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xsi:schemaLocation="http://www.springframework.org/schema/beans > http://www.springframework.org/schema/beans/spring-beans-2.0.xsd > http://activemq.apache.org/schema/core > http://activemq.apache.org/schema/core/activemq-core.xsd";> > > <!-- Allows us to use system properties as variables in this > configuration file --> > <bean > class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> > <property name="locations"> > <value>file:${activemq.conf}/credentials.properties</value> > </property> > </bean> > > <!-- > The <broker> element is used to configure the ActiveMQ broker. > --> > <broker xmlns="http://activemq.apache.org/schema/core"; > brokerName="localhost" dataDirectory="${activemq.data}" useJmx="true"> > > <destinationPolicy> > <policyMap> > <policyEntries> > <policyEntry topic=">" producerFlowControl="true" > memoryLimit="1mb"> > <pendingSubscriberPolicy> > <vmCursor /> > </pendingSubscriberPolicy> > </policyEntry> > <policyEntry queue=">" producerFlowControl="true" > memoryLimit="1mb"> > </policyEntry> > </policyEntries> > </policyMap> > </destinationPolicy> > > <managementContext createConnector="true" connectorPort="1099"/> > </managementContext> > > <plugins> > <statisticsBrokerPlugin/> > <simpleAuthenticationPlugin> > <users> > <authenticationUser username="mcollective" password="marionette" > groups="mcollective,everyone"/> > <authenticationUser username="admin" password="secret" > groups="mcollective,admin,everyone"/> > </users> > </simpleAuthenticationPlugin> > <authorizationPlugin> > <map> > <authorizationMap> > <authorizationEntries> > <authorizationEntry queue=">" write="admins" read="admins" > admin="admins" /> > <authorizationEntry topic=">" write="admins" read="admins" > admin="admins" /> > <authorizationEntry topic="mcollective.>" write="mcollective" > read="mcollective" admin="mcollective" /> > <authorizationEntry queue="mcollective.>" write="mcollective" > read="mcollective" admin="mcollective" /> > <authorizationEntry topic="ActiveMQ.Advisory.>" read="everyone" > write="everyone" admin="everyone"/> > </authorizationEntries> > </authorizationMap> > </map> > </authorizationPlugin> > </plugins> > <persistenceAdapter> > <kahaDB directory="${activemq.data}/kahadb"/> > </persistenceAdapter> > > <systemUsage> > <systemUsage> > <memoryUsage> > <memoryUsage limit="64 mb"/> > </memoryUsage> > <storeUsage> > <storeUsage limit="100 gb"/> > </storeUsage> > <tempUsage> > <tempUsage limit="50 gb"/> > </tempUsage> > </systemUsage> > </systemUsage> > > <transportConnectors> > <transportConnector name="openwire" uri="tcp://0.0.0.0:61616"/> > <transportConnector name="stomp" uri="stomp://localhost:61613"/> > </transportConnectors> > > </broker> > > <import resource="jetty.xml"/> > > </beans> > > Thanks for taking time to listen Yeah in your activemq.xml file you have <managementContext createConnector="true" connectorPort="1099"/> Which mean on startup a TCP port on port 1099 is started so remote clients can manage the broker with JMX. If you have a port number clash on 1099, you can change the number to something else. Or you can set createConnector=false, then no remote TCP connector is setup. But you can still do local JMX management from the same host. -- Claus Ibsen ----------------- Red Hat, Inc. FuseSource is now part of Red Hat Email: [email protected] Web: http://fusesource.com Twitter: davsclaus Blog: http://davsclaus.com Author of Camel in Action: http://www.manning.com/ibsen
