Oh, Nagios is just the username. The actual client is an Apache QPid
Proton producer/consumer which connects via AMQP.
Will get on it, thanks Tim!
BR,
- Simon
On Fri, 2016-04-01 at 08:16:34 -0600, Tim Bain wrote:
> Yes, file a JIRA, and attach a minimal configuration to reproduce the
> problem.
>
> BTW, from what you describe, I'd expect that this would happen for any
> client (including a tiny Java test app you could write), which would take
> Nagios out of the equation. Can you confirm that that's the case? Once
> you do, attach that test client to the JIRA; let's avoid giving the
> impression that this is somehow related to Nagios if it's really not.
>
> Tim
> On Apr 1, 2016 12:15 AM, "Simon Lundström" <si...@su.se> wrote:
>
> > Noone uses PropertiesLoginModule and reloading?
> >
> > Gary, so I should file a jira for this right?
> >
> > BR,
> > - Simon
> >
> > On Thu, 2016-03-10 at 17:14:48 +0100, Simon Lundström wrote:
> > > Hi!
> > >
> > > I talked to Gary Tully on IRC (and mail) and we decided it was best that
> > > I mailed the mailinglist since he was pretty sure that someone here had
> > > solved this.
> > >
> > > We are running 5.13.0 and are trying to get {user,group}s.properties to
> > > be reloaded automatically when they are changed.
> > >
> > > In the init.d-script we've added:
> > > ACTIVEMQ_OPTS+="
> > -Djava.security.auth.login.config=/local/activemq/conf/login.config "
> > >
> > > and login.config looks like this:
> > > activemq-domain {
> > > org.apache.activemq.jaas.PropertiesLoginModule required
> > > debug=true
> > > reload=true
> > > org.apache.activemq.jaas.properties.user="users.properties"
> > >
> >
> > org.apache.activemq.jaas.properties.group="../conf.d/approved/groups.properties"
> > > ;
> > > };
> > >
> > > users.properties:
> > > system=manager
> > > nagios=nagios
> > >
> > > groups.properties:
> > > monitoring=system
> > >
> > > activemq.xml excerpt:
> > > […]
> > > <plugins>
> > > <!-- The configuration value matches the JAAS realm in
> > login.config -->
> > > <jaasAuthenticationPlugin configuration="activemq-domain" />
> > >
> > > <!-- Enable hot reloading of the The configuration value matches
> > the JAAS realm in login.config -->
> > > <runtimeConfigurationPlugin checkPeriod="0" />
> > >
> > > <authorizationPlugin>
> > > <map>
> > > <authorizationMap>
> > > <authorizationEntry
> > > queue="aliveness-test"
> > > read="monitoring"
> > > write="monitoring"
> > > admin="monitoring"
> > > />
> > > </authorizationEntries>
> > > </authorizationMap>
> > > </map>
> > > </authorizationPlugin>
> > > […]
> > >
> > > With this configuration the user nagios should be able to access the
> > queue aliveness-test.
> > > To reproduce, modify groups.properties so it looks like:
> > > monitoring=system,nagios
> > >
> > > Check your logs (you need to enable debug logging on
> > org.apache.activemq.jaas.ReloadableProperties):
> > > {"thread":"ActiveMQ NIO Worker
> > 622","level":"DEBUG","loggerName":"org.apache.activemq.jaas.ReloadableProperties","message":"Load
> > of: PropsFile=/local/activemq/conf/../conf.d/approved/groups.properties"}
> > > so the reloading works, but nagios still can't consume from (or produce
> > to) the queue:
> > > {"thread":"ActiveMQ NIO Worker
> > 2","level":"WARN","loggerName":"org.apache.activemq.broker.TransportConnection.Service","message":"Security
> > Error occurred on connection to: tcp://0:0:0:0:0:0:0:1:45357, User nagios
> > is not authorized to read from: queue://aliveness-test"}
> > >
> > > Note: If I restart ActiveMQ nagios can consume and produce from the
> > > queue.
> > >
> > > Is there any configuration that I've missed?
> > > Is this a bug?
> > >
> > > BR,
> > > - Simon
> > >
> > > ____________________________________
> > >
> > > Simon Lundström
> > > Section for Infrastructure
> > >
> > > IT Services
> > > Stockholm University
> > > SE-106 91 Stockholm, Sweden
> > >
> > > www.su.se/english/staff-info/it
> >
