activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Bain <tb...@alumni.duke.edu>
Subject Re: Reloading users and groups properties on change
Date Fri, 01 Apr 2016 14:16:34 GMT
Yes, file a JIRA, and attach a minimal configuration to reproduce the
problem.

BTW, from what you describe, I'd expect that this would happen for any
client (including a tiny Java test app you could write), which would take
Nagios out of the equation.  Can you confirm that that's the case?  Once
you do, attach that test client to the JIRA; let's avoid giving the
impression that this is somehow related to Nagios if it's really not.

Tim
On Apr 1, 2016 12:15 AM, "Simon Lundström" <simlu@su.se> wrote:

> Noone uses PropertiesLoginModule and reloading?
>
> Gary, so I should file a jira for this right?
>
> BR,
> - Simon
>
> On Thu, 2016-03-10 at 17:14:48 +0100, Simon Lundström wrote:
> > Hi!
> >
> > I talked to Gary Tully on IRC (and mail) and we decided it was best that
> > I mailed the mailinglist since he was pretty sure that someone here had
> > solved this.
> >
> > We are running 5.13.0 and are trying to get {user,group}s.properties to
> > be reloaded automatically when they are changed.
> >
> > In the init.d-script we've added:
> > ACTIVEMQ_OPTS+="
> -Djava.security.auth.login.config=/local/activemq/conf/login.config "
> >
> > and login.config looks like this:
> > activemq-domain {
> >   org.apache.activemq.jaas.PropertiesLoginModule required
> >     debug=true
> >     reload=true
> >     org.apache.activemq.jaas.properties.user="users.properties"
> >
>  org.apache.activemq.jaas.properties.group="../conf.d/approved/groups.properties"
> >   ;
> > };
> >
> > users.properties:
> > system=manager
> > nagios=nagios
> >
> > groups.properties:
> > monitoring=system
> >
> > activemq.xml excerpt:
> > […]
> >     <plugins>
> >       <!-- The configuration value matches the JAAS realm in
> login.config -->
> >       <jaasAuthenticationPlugin configuration="activemq-domain" />
> >
> >       <!-- Enable hot reloading of the The configuration value matches
> the JAAS realm in login.config -->
> >       <runtimeConfigurationPlugin checkPeriod="0" />
> >
> >       <authorizationPlugin>
> >          <map>
> >            <authorizationMap>
> >                <authorizationEntry
> >                  queue="aliveness-test"
> >                  read="monitoring"
> >                  write="monitoring"
> >                  admin="monitoring"
> >                />
> >              </authorizationEntries>
> >            </authorizationMap>
> >          </map>
> >        </authorizationPlugin>
> > […]
> >
> > With this configuration the user nagios should be able to access the
> queue aliveness-test.
> > To reproduce, modify groups.properties so it looks like:
> > monitoring=system,nagios
> >
> > Check your logs (you need to enable debug logging on
> org.apache.activemq.jaas.ReloadableProperties):
> > {"thread":"ActiveMQ NIO Worker
> 622","level":"DEBUG","loggerName":"org.apache.activemq.jaas.ReloadableProperties","message":"Load
> of: PropsFile=/local/activemq/conf/../conf.d/approved/groups.properties"}
> > so the reloading works, but nagios still can't consume from (or produce
> to) the queue:
> > {"thread":"ActiveMQ NIO Worker
> 2","level":"WARN","loggerName":"org.apache.activemq.broker.TransportConnection.Service","message":"Security
> Error occurred on connection to: tcp://0:0:0:0:0:0:0:1:45357, User nagios
> is not authorized to read from: queue://aliveness-test"}
> >
> > Note: If I restart ActiveMQ nagios can consume and produce from the
> > queue.
> >
> > Is there any configuration that I've missed?
> > Is this a bug?
> >
> > BR,
> > - Simon
> >
> > ____________________________________
> >
> > Simon Lundström
> > Section for Infrastructure
> >
> > IT Services
> > Stockholm University
> > SE-106 91 Stockholm, Sweden
> >
> > www.su.se/english/staff-info/it
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message