activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Claus Ibsen <claus.ib...@gmail.com>
Subject Re: Failed to retrieve RMIServer stub
Date Mon, 24 Sep 2012 14:39:38 GMT
On Mon, Sep 24, 2012 at 3:38 PM, Kayode Odeyemi <dreyemi@gmail.com> wrote:
> On Mon, Sep 24, 2012 at 1:07 PM, Claus Ibsen <claus.ibsen@gmail.com> wrote:
>
>> Hi
>>
>> When AMQ startup it uses JMX and exposes a JMX connector over TCP.
>> This is using port 1099 by default.
>> Since you get a connection refused there may be another process that
>> uses this port.
>>
>> You can change the port number to something else. See details at
>> http://activemq.apache.org/jmx.html
>>
>> In the conf/activemq.xml file you can configure this, by adding that
>> piece of XML snippet, where you can set a different port number.
>>
>> You can also disable JMX all together, but then you cannot mange the
>> broker over JMX which most people want to be able to do.
>>
>> Thanks. But I'll like to ask for a bit of clearance in this area;
>
> Are the following still required in 5.5+
>
> conf/jmx.access:
>
> # The "monitorRole" role has readonly access.
> # The "controlRole" role has readwrite access.
> monitorRole readonly
> controlRole readwrite
>
> conf/jmx.password:
>
> # The "monitorRole" role has password "abc123".
> # The "controlRole" role has password "abcd1234".
> monitorRole abc123
> controlRole abcd1234
>
>
>  I don't have the following set in /etc/default/activemq.
>
>   SUNJMX="-Dcom.sun.management.jmxremote.port=1616
> -Dcom.sun.management.jmxremote.ssl=false \
>     -Dcom.sun.management.jmxremote.password.file=${ACTIVEMQ_BASE}/conf/jmx.password
> \
>     -Dcom.sun.management.jmxremote.access.file=${ACTIVEMQ_BASE}/conf/jmx.access"
>
>
> Is this still required in 5.5+ ?
>

I think those -Dcom.sun... options is for JMX security. eg its
standard Java stuff how to specify access control files for JMX
access.
It's not fancy but I guess it gets the job done.
http://docs.oracle.com/javase/1.5.0/docs/guide/jmx/tutorial/security.html

So you only need it if you want this kind of security.


> My activemq.xml reads:
>
>
> <beans
>   xmlns="http://www.springframework.org/schema/beans"
>   xmlns:amq="http://activemq.apache.org/schema/core"
>   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>   xsi:schemaLocation="http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
>   http://activemq.apache.org/schema/core
> http://activemq.apache.org/schema/core/activemq-core.xsd">
>
>     <!-- Allows us to use system properties as variables in this
> configuration file -->
>     <bean
> class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
>         <property name="locations">
>             <value>file:${activemq.conf}/credentials.properties</value>
>         </property>
>     </bean>
>
>     <!--
>         The <broker> element is used to configure the ActiveMQ broker.
>     -->
>     <broker xmlns="http://activemq.apache.org/schema/core"
> brokerName="localhost" dataDirectory="${activemq.data}" useJmx="true">
>
>         <destinationPolicy>
>             <policyMap>
>               <policyEntries>
>                 <policyEntry topic=">" producerFlowControl="true"
> memoryLimit="1mb">
>                   <pendingSubscriberPolicy>
>                     <vmCursor />
>                   </pendingSubscriberPolicy>
>                 </policyEntry>
>                 <policyEntry queue=">" producerFlowControl="true"
> memoryLimit="1mb">
>                 </policyEntry>
>               </policyEntries>
>             </policyMap>
>         </destinationPolicy>
>
>             <managementContext createConnector="true" connectorPort="1099"/>
>         </managementContext>
>
>     <plugins>
>       <statisticsBrokerPlugin/>
>       <simpleAuthenticationPlugin>
>         <users>
>           <authenticationUser username="mcollective" password="marionette"
> groups="mcollective,everyone"/>
>           <authenticationUser username="admin" password="secret"
> groups="mcollective,admin,everyone"/>
>         </users>
>       </simpleAuthenticationPlugin>
>       <authorizationPlugin>
>         <map>
>           <authorizationMap>
>         <authorizationEntries>
>           <authorizationEntry queue=">" write="admins" read="admins"
> admin="admins" />
>           <authorizationEntry topic=">" write="admins" read="admins"
> admin="admins" />
>           <authorizationEntry topic="mcollective.>" write="mcollective"
> read="mcollective" admin="mcollective" />
>           <authorizationEntry queue="mcollective.>" write="mcollective"
> read="mcollective" admin="mcollective" />
>           <authorizationEntry topic="ActiveMQ.Advisory.>" read="everyone"
> write="everyone" admin="everyone"/>
>         </authorizationEntries>
>           </authorizationMap>
>         </map>
>       </authorizationPlugin>
>     </plugins>
>         <persistenceAdapter>
>             <kahaDB directory="${activemq.data}/kahadb"/>
>         </persistenceAdapter>
>
>           <systemUsage>
>             <systemUsage>
>                 <memoryUsage>
>                     <memoryUsage limit="64 mb"/>
>                 </memoryUsage>
>                 <storeUsage>
>                     <storeUsage limit="100 gb"/>
>                 </storeUsage>
>                 <tempUsage>
>                     <tempUsage limit="50 gb"/>
>                 </tempUsage>
>             </systemUsage>
>         </systemUsage>
>
>         <transportConnectors>
>         <transportConnector name="openwire" uri="tcp://0.0.0.0:61616"/>
>         <transportConnector name="stomp" uri="stomp://localhost:61613"/>
>         </transportConnectors>
>
>     </broker>
>
>     <import resource="jetty.xml"/>
>
> </beans>
>
> Thanks for taking time to listen

Yeah in your activemq.xml file you have
   <managementContext createConnector="true" connectorPort="1099"/>

Which mean on startup a TCP port on port 1099 is started so remote
clients can manage the broker with JMX.
If you have a port number clash on 1099, you can change the number to
something else.
Or you can set createConnector=false, then no remote TCP connector is
setup. But you can still do local JMX management from the same host.




-- 
Claus Ibsen
-----------------
Red Hat, Inc.
FuseSource is now part of Red Hat
Email: cibsen@redhat.com
Web: http://fusesource.com
Twitter: davsclaus
Blog: http://davsclaus.com
Author of Camel in Action: http://www.manning.com/ibsen

Mime
View raw message