diff options
Diffstat (limited to 'doc/book/src')
99 files changed, 4029 insertions, 6105 deletions
diff --git a/doc/book/src/Makefile.inc b/doc/book/src/Makefile.inc index 12cab54f8a..99d999ed7a 100644 --- a/doc/book/src/Makefile.inc +++ b/doc/book/src/Makefile.inc @@ -17,7 +17,7 @@ # under the License. # -BOOK=$(wildcard *Book.xml) +BOOK=$(wildcard *Book.xml Programming-In-Apache-Qpid.xml) XML=$(wildcard *.xml) $(wildcard ../common/*.xml) IMAGES=$(wildcard images/*.png) CSS=$(wilcard ../common/css/*.css) diff --git a/doc/book/src/cpp-broker/AMQP-Messaging-Broker-CPP-Book.xml b/doc/book/src/cpp-broker/AMQP-Messaging-Broker-CPP-Book.xml index 228c6a5e15..6122b12e18 100644 --- a/doc/book/src/cpp-broker/AMQP-Messaging-Broker-CPP-Book.xml +++ b/doc/book/src/cpp-broker/AMQP-Messaging-Broker-CPP-Book.xml @@ -53,7 +53,6 @@ <xi:include href="Security.xml"/> <xi:include href="LVQ.xml"/> <xi:include href="queue-state-replication.xml"/> - <xi:include href="Active-Active-Cluster.xml"/> <xi:include href="producer-flow-control.xml"/> <xi:include href="AMQP-Compatibility.xml"/> <xi:include href="Qpid-Interoperability-Documentation.xml"/> diff --git a/doc/book/src/cpp-broker/Active-Active-Cluster.xml b/doc/book/src/cpp-broker/Active-Active-Cluster.xml deleted file mode 100644 index 28db3876e2..0000000000 --- a/doc/book/src/cpp-broker/Active-Active-Cluster.xml +++ /dev/null @@ -1,561 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!-- - -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. - ---> - -<section id="chap-Messaging_User_Guide-Active_Active_Cluster"> - <title>Active-active Messaging Clusters</title> - <para> - Active-active Messaging Clusters provide fault tolerance by ensuring that every broker in a <firstterm>cluster</firstterm> has the same queues, exchanges, messages, and bindings, and allowing a client to <firstterm>fail over</firstterm> to a new broker and continue without any loss of messages if the current broker fails or becomes unavailable. <firstterm>Active-active</firstterm> refers to the fact that all brokers in the cluster can actively serve clients. Because all brokers are automatically kept in a consistent state, clients can connect to and use any broker in a cluster. Any number of messaging brokers can be run as one <firstterm>cluster</firstterm>, and brokers can be added to or removed from a cluster while it is in use. - </para> - <para> - High Availability Messaging Clusters are implemented using using the <ulink url="http://www.openais.org/">OpenAIS Cluster Framework</ulink>. - </para> - <para> - An OpenAIS daemon runs on every machine in the cluster, and these daemons communicate using multicast on a particular address. Every qpidd process in a cluster joins a named group that is automatically synchronized using OpenAIS Closed Process Groups (CPG) — the qpidd processes multicast events to the named group, and CPG ensures that each qpidd process receives all the events in the same sequence. All members get an identical sequence of events, so they can all update their state consistently. - </para> - <para> - Two messaging brokers are in the same cluster if - <orderedlist> - <listitem> - <para> - They run on hosts in the same OpenAIS cluster; that is, OpenAIS is configured with the same mcastaddr, mcastport and bindnetaddr, and - </para> - - </listitem> - <listitem> - <para> - They use the same cluster name. - </para> - - </listitem> - - </orderedlist> - - </para> - <para> - High Availability Clustering has a cost: in order to allow each broker in a cluster to continue the work of any other broker, a cluster must replicate state for all brokers in the cluster. Because of this, the brokers in a cluster should normally be on a LAN; there should be fast and reliable connections between brokers. Even on a LAN, using multiple brokers in a cluster is somewhat slower than using a single broker without clustering. This may be counter-intuitive for people who are used to clustering in the context of High Performance Computing or High Throughput Computing, where clustering increases performance or throughput. - </para> - - <para> - High Availability Messaging Clusters should be used together with Red Hat Clustering Services (RHCS); without RHCS, clusters are vulnerable to the "split-brain" condition, in which a network failure splits the cluster into two sub-clusters that cannot communicate with each other. See the documentation on the <command>--cluster-cman</command> option for details on running using RHCS with High Availability Messaging Clusters. See the <ulink url="http://sources.redhat.com/cluster/wiki">CMAN Wiki</ulink> for more detail on CMAN and split-brain conditions. Use the <command>--cluster-cman</command> option to enable RHCS when starting the broker. - </para> - <section id="sect-Messaging_User_Guide-High_Availability_Messaging_Clusters-Starting_a_Broker_in_a_Cluster"> - <title>Starting a Broker in a Cluster</title> - <para> - Clustering is implemented using the <filename>cluster.so</filename> module, which is loaded by default when you start a broker. To run brokers in a cluster, make sure they all use the same OpenAIS mcastaddr, mcastport, and bindnetaddr. All brokers in a cluster must also have the same cluster name — specify the cluster name in <filename>qpidd.conf</filename>: - </para> - - <screen>cluster-name="local_test_cluster" - </screen> - <para> - On RHEL6, you must create the file <filename>/etc/corosync/uidgid.d/qpidd</filename> to tell Corosync the name of the user running the broker.By default, the user is qpidd: - </para> - - <programlisting> - uidgid { - uid: qpidd - gid: qpidd - } - </programlisting> - <para> - On RHEL5, the primary group for the process running qpidd must be the ais group. If you are running qpidd as a service, it is run as the <command>qpidd</command> user, which is already in the ais group. If you are running the broker from the command line, you must ensure that the primary group for the user running qpidd is ais. You can set the primary group using <command>newgrp</command>: - </para> - - <screen>$ newgrp ais - </screen> - <para> - You can then run the broker from the command line, specifying the cluster name as an option. - </para> - - <screen>[jonathan@localhost]$ qpidd --cluster-name="local_test_cluster" - </screen> - <para> - All brokers in a cluster must have identical configuration, with a few exceptions noted below. They must load the same set of plug-ins, and have matching configuration files and command line arguments. The should also have identical ACL files and SASL databases if these are used. If one broker uses persistence, all must use persistence — a mix of transient and persistent brokers is not allowed. Differences in configuration can cause brokers to exit the cluster. For instance, if different ACL settings allow a client to access a queue on broker A but not on broker B, then publishing to the queue will succeed on A and fail on B, so B will exit the cluster to prevent inconsistency. - </para> - <para> - The following settings can differ for brokers on a given cluster: - </para> - <itemizedlist> - <listitem> - <para> - logging options - </para> - - </listitem> - <listitem> - <para> - cluster-url — if set, it will be different for each broker. - </para> - - </listitem> - <listitem> - <para> - port — brokers can listen on different ports. - </para> - - </listitem> - - </itemizedlist> - <para> - The qpid log contains entries that record significant clustering events, e.g. when a broker becomes a member of a cluster, the membership of a cluster is changed, or an old journal is moved out of the way. For instance, the following message states that a broker has been added to a cluster as the first node: - </para> - - <screen> - 2009-07-09 18:13:41 info 127.0.0.1:1410(READY) member update: 127.0.0.1:1410(member) - 2009-07-09 18:13:41 notice 127.0.0.1:1410(READY) first in cluster - </screen> - <note> - <para> - If you are using SELinux, the qpidd process and OpenAIS must have the same SELinux context, or else SELinux must be set to permissive mode. If both qpidd and OpenAIS are run as services, they have the same SELinux context. If both OpenAIS and qpidd are run as user processes, they have the same SELinux context. If one is run as a service, and the other is run as a user process, they have different SELinux contexts. - </para> - - </note> - <para> - The following options are available for clustering: - </para> - <table frame="all" id="tabl-Messaging_User_Guide-Starting_a_Broker_in_a_Cluster-Options_for_High_Availability_Messaging_Cluster"> - <title>Options for High Availability Messaging Cluster</title> - <tgroup align="left" cols="2" colsep="1" rowsep="1"> - <colspec colname="c1" colwidth="1*"></colspec> - <colspec colname="c2" colwidth="4*"></colspec> - <thead> - <row> - <entry align="center" nameend="c2" namest="c1"> - Options for High Availability Messaging Cluster - </entry> - - </row> - - </thead> - <tbody> - <row> - <entry> - <command>--cluster-name <replaceable>NAME</replaceable></command> - </entry> - <entry> - Name of the Messaging Cluster to join. A Messaging Cluster consists of all brokers started with the same cluster-name and openais configuration. - </entry> - - </row> - <row> - <entry> - <command>--cluster-size <replaceable>N</replaceable></command> - </entry> - <entry> - Wait for at least N initial members before completing cluster initialization and serving clients. Use this option in a persistent cluster so all brokers in a persistent cluster can exchange the status of their persistent store and do consistency checks before serving clients. - </entry> - - </row> - <row> - <entry> - <command>--cluster-url <replaceable>URL</replaceable></command> - </entry> - <entry> - An AMQP URL containing the local address that the broker advertizes to clients for fail-over connections. This is different for each host. By default, all local addresses for the broker are advertized. You only need to set this if - <orderedlist> - <listitem> - <para> - Your host has more than one active network interface, and - </para> - - </listitem> - <listitem> - <para> - You want to restrict client fail-over to a specific interface or interfaces. - </para> - - </listitem> - - </orderedlist> - <para>Each broker in the cluster is specified using the following form:</para> - - <programlisting>url = ["amqp:"][ user ["/" password] "@" ] protocol_addr - ("," protocol_addr)* - protocol_addr = tcp_addr / rmda_addr / ssl_addr / ... - tcp_addr = ["tcp:"] host [":" port] - rdma_addr = "rdma:" host [":" port] - ssl_addr = "ssl:" host [":" port]</programlisting> - - <para>In most cases, only one address is advertized, but more than one address can be specified in if the machine running the broker has more than one network interface card, and you want to allow clients to connect using multiple network interfaces. Use a comma delimiter (",") to separate brokers in the URL. Examples:</para> - <itemizedlist> - <listitem> - <para> - <command>amqp:tcp:192.168.1.103:5672</command> advertizes a single address to the broker for failover. - </para> - - </listitem> - <listitem> - <para> - <command>amqp:tcp:192.168.1.103:5672,tcp:192.168.1.105:5672</command> advertizes two different addresses to the broker for failover, on two different network interfaces. - </para> - - </listitem> - - </itemizedlist> - - </entry> - - </row> - <row> - <entry> - <command>--cluster-cman</command> - </entry> - <entry> - <para> - CMAN protects against the "split-brain" condition, in which a network failure splits the cluster into two sub-clusters that cannot communicate with each other. When "split-brain" occurs, each of the sub-clusters can access shared resources without knowledge of the other sub-cluster, resulting in corrupted cluster integrity. - </para> - <para> - To avoid "split-brain", CMAN uses the notion of a "quorum". If more than half the cluster nodes are active, the cluster has quorum and can act. If half (or fewer) nodes are active, the cluster does not have quorum, and all cluster activity is stopped. There are other ways to define the quorum for particular use cases (e.g. a cluster of only 2 members), see the <ulink url="http://sources.redhat.com/cluster/wiki">CMAN Wiki</ulink> - for more detail. - </para> - <para> - When enabled, the broker will wait until it belongs to a quorate cluster before accepting client connections. It continually monitors the quorum status and shuts down immediately if the node it runs on loses touch with the quorum. - </para> - - </entry> - - </row> - <row> - <entry> - --cluster-username - </entry> - <entry> - SASL username for connections between brokers. - </entry> - - </row> - <row> - <entry> - --cluster-password - </entry> - <entry> - SASL password for connections between brokers. - </entry> - - </row> - <row> - <entry> - --cluster-mechanism - </entry> - <entry> - SASL authentication mechanism for connections between brokers - </entry> - - </row> - - </tbody> - - </tgroup> - - </table> - <para> - If a broker is unable to establish a connection to another broker in the cluster, the log will contain SASL errors, e.g: - </para> - - <screen>2009-aug-04 10:17:37 info SASL: Authentication failed: SASL(-13): user not found: Password verification failed - </screen> - <para> - You can set the SASL user name and password used to connect to other brokers using the <command>cluster-username</command> and <command>cluster-password</command> properties when you start the broker. In most environment, it is easiest to create an account with the same user name and password on each broker in the cluster, and use these as the <command>cluster-username</command> and <command>cluster-password</command>. You can also set the SASL mode using <command>cluster-mechanism</command>. Remember that any mechanism you enable for broker-to-broker communication can also be used by a client, so do not enable <command>cluster-mechanism=ANONYMOUS</command> in a secure environment. - </para> - <para> - Once the cluster is running, run <command>qpid-cluster</command> to make sure that the brokers are running as one cluster. See the following section for details. - </para> - <para> - If the cluster is correctly configured, queues and messages are replicated to all brokers in the cluster, so an easy way to test the cluster is to run a program that routes messages to a queue on one broker, then to a different broker in the same cluster and read the messages to make sure they have been replicated. The <command>drain</command> and <command>spout</command> programs can be used for this test. - </para> - - </section> - - <section id="sect-Messaging_User_Guide-High_Availability_Messaging_Clusters-qpid_cluster"> - <title>qpid-cluster</title> - <para> - <command>qpid-cluster</command> is a command-line utility that allows you to view information on a cluster and its brokers, disconnect a client connection, shut down a broker in a cluster, or shut down the entire cluster. You can see the options using the <command>--help</command> option: - </para> - - <screen>$ ./qpid-cluster --help - </screen> - - <screen>Usage: qpid-cluster [OPTIONS] [broker-addr] - - broker-addr is in the form: [username/password@] hostname | ip-address [:<port>] - ex: localhost, 10.1.1.7:10000, broker-host:10000, guest/guest@localhost - - Options: - -C [--all-connections] View client connections to all cluster members - -c [--connections] ID View client connections to specified member - -d [--del-connection] HOST:PORT - Disconnect a client connection - -s [--stop] ID Stop one member of the cluster by its ID - -k [--all-stop] Shut down the whole cluster - -f [--force] Suppress the 'are-you-sure?' prompt - -n [--numeric] Don't resolve names - </screen> - <para> - Let's connect to a cluster and display basic information about the cluser and its brokers. When you connect to the cluster using <command>qpid-tool</command>, you can use the host and port for any broker in the cluster. For instance, if a broker in the cluster is running on <filename>localhost</filename> on port 6664, you can start <command>qpid-tool</command> like this: - </para> - - <screen> - $ qpid-cluster localhost:6664 - </screen> - <para> - Here is the output: - </para> - - <screen> - Cluster Name: local_test_cluster - Cluster Status: ACTIVE - Cluster Size: 3 - Members: ID=127.0.0.1:13143 URL=amqp:tcp:192.168.1.101:6664,tcp:192.168.122.1:6664,tcp:10.16.10.62:6664 - : ID=127.0.0.1:13167 URL=amqp:tcp:192.168.1.101:6665,tcp:192.168.122.1:6665,tcp:10.16.10.62:6665 - : ID=127.0.0.1:13192 URL=amqp:tcp:192.168.1.101:6666,tcp:192.168.122.1:6666,tcp:10.16.10.62:6666 - </screen> - <para> - The ID for each broker in cluster is given on the left. For instance, the ID for the first broker in the cluster is <command>127.0.0.1:13143</command>. The URL in the output is the broker's advertized address. Let's use the ID to shut the broker down using the <command>--stop</command> command: - </para> - - <screen>$ ./qpid-cluster localhost:6664 --stop 127.0.0.1:13143 - </screen> - - </section> - - <section id="sect-Messaging_User_Guide-High_Availability_Messaging_Clusters-Failover_in_Clients"> - <title>Failover in Clients</title> - <para> - If a client is connected to a broker, the connection fails if the broker crashes or is killed. If heartbeat is enabled for the connection, a connection also fails if the broker hangs, the machine the broker is running on fails, or the network connection to the broker is lost — the connection fails no later than twice the heartbeat interval. - </para> - <para> - When a client's connection to a broker fails, any sent messages that have been acknowledged to the sender will have been replicated to all brokers in the cluster, any received messages that have not yet been acknowledged by the receiving client requeued to all brokers, and the client API notifies the application of the failure by throwing an exception. - </para> - <para> - Clients can be configured to automatically reconnect to another broker when it receives such an exception. Any messages that have been sent by the client, but not yet acknowledged as delivered, are resent. Any messages that have been read by the client, but not acknowledged, are delivered to the client. - </para> - <para> - TCP is slow to detect connection failures. A client can configure a connection to use a heartbeat to detect connection failure, and can specify a time interval for the heartbeat. If heartbeats are in use, failures will be detected no later than twice the heartbeat interval. The Java JMS client enables hearbeat by default. See the sections on Failover in Java JMS Clients and Failover in C++ Clients for the code to enable heartbeat. - </para> - <section id="sect-Messaging_User_Guide-Failover_in_Clients-Failover_in_Java_JMS_Clients"> - <title>Failover in Java JMS Clients</title> - <para> - In Java JMS clients, client failover is handled automatically if it is enabled in the connection. Any messages that have been sent by the client, but not yet acknowledged as delivered, are resent. Any messages that have been read by the client, but not acknowledged, are sent to the client. - </para> - <para> - You can configure a connection to use failover using the <command>failover</command> property: - </para> - - <screen> - connectionfactory.qpidConnectionfactory = amqp://guest:guest@clientid/test?brokerlist='tcp://localhost:5672'&failover='failover_exchange' - </screen> - <para> - This property can take three values: - </para> - <variablelist id="vari-Messaging_User_Guide-Failover_in_Java_JMS_Clients-Failover_Modes"> - <title>Failover Modes</title> - <varlistentry> - <term>failover_exchange</term> - <listitem> - <para> - If the connection fails, fail over to any other broker in the cluster. - </para> - - </listitem> - - </varlistentry> - <varlistentry> - <term>roundrobin</term> - <listitem> - <para> - If the connection fails, fail over to one of the brokers specified in the <command>brokerlist</command>. - </para> - - </listitem> - - </varlistentry> - <varlistentry> - <term>singlebroker</term> - <listitem> - <para> - Failover is not supported; the connection is to a single broker only. - </para> - - </listitem> - - </varlistentry> - - </variablelist> - <para> - In a Connection URL, heartbeat is set using the <command>idle_timeout</command> property, which is an integer corresponding to the heartbeat period in seconds. For instance, the following line from a JNDI properties file sets the heartbeat time out to 3 seconds: - </para> - - <screen> - connectionfactory.qpidConnectionfactory = amqp://guest:guest@clientid/test?brokerlist='tcp://localhost:5672',idle_timeout=3 - </screen> - - </section> - - <section id="sect-Messaging_User_Guide-Failover_in_Clients-Failover_and_the_Qpid_Messaging_API"> - <title>Failover and the Qpid Messaging API</title> - <para> - The Qpid Messaging API also supports automatic reconnection in the event a connection fails. . Senders can also be configured to replay any in-doubt messages (i.e. messages whice were sent but not acknowleged by the broker. See "Connection Options" and "Sender Capacity and Replay" in <citetitle>Programming in Apache Qpid</citetitle> for details. - </para> - <para> - In C++ and python clients, heartbeats are disabled by default. You can enable them by specifying a heartbeat interval (in seconds) for the connection via the 'heartbeat' option. - </para> - <para> - See "Cluster Failover" in <citetitle>Programming in Apache Qpid</citetitle> for details on how to keep the client aware of cluster membership. - </para> - - </section> - - - </section> - - <section id="sect-Messaging_User_Guide-High_Availability_Messaging_Clusters-Error_handling_in_Clusters"> - <title>Error handling in Clusters</title> - <para> - If a broker crashes or is killed, or a broker machine failure, broker connection failure, or a broker hang is detected, the other brokers in the cluster are notified that it is no longer a member of the cluster. If a new broker is joined to the cluster, it synchronizes with an active broker to obtain the current cluster state; if this synchronization fails, the new broker exit the cluster and aborts. - </para> - <para> - If a broker becomes extremely busy and stops responding, it stops accepting incoming work. All other brokers continue processing, and the non-responsive node caches all AIS traffic. When it resumes, the broker completes processes all cached AIS events, then accepts further incoming work. <!-- If a broker is non-responsive for too long, it is assumed to be hanging, and treated as described in the previous paragraph. --> - </para> - <para> - Broker hangs are only detected if the watchdog plugin is loaded and the <command>--watchdog-interval</command> option is set. The watchdog plug-in kills the qpidd broker process if it becomes stuck for longer than the watchdog interval. In some cases, e.g. certain phases of error resolution, it is possible for a stuck process to hang other cluster members that are waiting for it to send a message. Using the watchdog, the stuck process is terminated and removed from the cluster, allowing other members to continue and clients of the stuck process to fail over to other members. - </para> - <para> - Redundancy can also be achieved directly in the AIS network by specifying more than one network interface in the AIS configuration file. This causes Totem to use a redundant ring protocol, which makes failure of a single network transparent. - </para> - <para> - Redundancy can be achieved at the operating system level by using NIC bonding, which combines multiple network ports into a single group, effectively aggregating the bandwidth of multiple interfaces into a single connection. This provides both network load balancing and fault tolerance. - </para> - <para> - If any broker encounters an error, the brokers compare notes to see if they all received the same error. If not, the broker removes itself from the cluster and shuts itself down to ensure that all brokers in the cluster have consistent state. For instance, a broker may run out of disk space; if this happens, the broker shuts itself down. Examining the broker's log can help determine the error and suggest ways to prevent it from occuring in the future. - </para> - <!-- "Bad case" for cluster matrix - things we will fix, or things users may encounter long term? --> - </section> - - <section id="sect-Messaging_User_Guide-High_Availability_Messaging_Clusters-Persistence_in_High_Availability_Message_Clusters"> - <title>Persistence in High Availability Message Clusters</title> - <para> - Persistence and clustering are two different ways to provide reliability. Most systems that use a cluster do not enable persistence, but you can do so if you want to ensure that messages are not lost even if the last broker in a cluster fails. A cluster must have all transient or all persistent members, mixed clusters are not allowed. Each broker in a persistent cluster has it's own independent replica of the cluster's state it its store. - </para> - <section id="sect-Messaging_User_Guide-Persistence_in_High_Availability_Message_Clusters-Clean_and_Dirty_Stores"> - <title>Clean and Dirty Stores</title> - <para> - When a broker is an active member of a cluster, its store is marked "dirty" because it may be out of date compared to other brokers in the cluster. If a broker leaves a running cluster because it is stopped, it crashes or the host crashes, its store continues to be marked "dirty". - </para> - <para> - If the cluster is reduced to a single broker, its store is marked "clean" since it is the only broker making updates. If the cluster is shut down with the command <literal>qpid-cluster -k</literal> then all the stores are marked clean. - </para> - <para> - When a cluster is initially formed, brokers with clean stores read from their stores. Brokers with dirty stores, or brokers that join after the cluster is running, discard their old stores and initialize a new store with an update from one of the running brokers. The <command>--truncate</command> option can be used to force a broker to discard all existing stores even if they are clean. (A dirty store is discarded regardless.) - </para> - <para> - Discarded stores are copied to a back up directory. The active store is in <data-dir>/rhm. Back-up stores are in <data-dir>/_cluster.bak.<nnnn>/rhm, where <nnnn> is a 4 digit number. A higher number means a more recent backup. - </para> - - </section> - - <section id="sect-Messaging_User_Guide-Persistence_in_High_Availability_Message_Clusters-Starting_a_persistent_cluster"> - <title>Starting a persistent cluster</title> - <para> - When starting a persistent cluster broker, set the cluster-size option to the number of brokers in the cluster. This allows the brokers to wait until the entire cluster is running so that they can synchronize their stored state. - </para> - <para> - The cluster can start if: - </para> - <para> - <itemizedlist> - <listitem> - <para> - all members have empty stores, or - </para> - - </listitem> - <listitem> - <para> - at least one member has a clean store - </para> - - </listitem> - - </itemizedlist> - - </para> - <para> - All members of the new cluster will be initialized with the state from a clean store. - </para> - - </section> - - <section id="sect-Messaging_User_Guide-Persistence_in_High_Availability_Message_Clusters-Stopping_a_persistent_cluster"> - <title>Stopping a persistent cluster</title> - <para> - To cleanly shut down a persistent cluster use the command <command>qpid-cluster -k</command>. This causes all brokers to synchronize their state and mark their stores as "clean" so they can be used when the cluster restarts. - </para> - - </section> - - <section id="sect-Messaging_User_Guide-Persistence_in_High_Availability_Message_Clusters-Starting_a_persistent_cluster_with_no_clean_store"> - <title>Starting a persistent cluster with no clean store</title> - <para> - If the cluster has previously had a total failure and there are no clean stores then the brokers will fail to start with the log message <literal>Cannot recover, no clean store.</literal> If this happens you can start the cluster by marking one of the stores "clean" as follows: - </para> - <procedure> - <step> - <para> - Move the latest store backup into place in the brokers data-directory. The backups end in a 4 digit number, the latest backup is the highest number. - </para> - - <screen> - cd <data-dir> - mv rhm rhm.bak - cp -a _cluster.bak.<nnnn>/rhm . - </screen> - - </step> - <step> - <para> - Mark the store as clean: - <screen>qpid-cluster-store -c <data-dir></screen> - - </para> - - </step> - - </procedure> - - <para> - Now you can start the cluster, all members will be initialized from the store you marked as clean. - </para> - - </section> - - <section id="sect-Messaging_User_Guide-Persistence_in_High_Availability_Message_Clusters-Isolated_failures_in_a_persistent_cluster"> - <title>Isolated failures in a persistent cluster</title> - <para> - A broker in a persistent cluster may encounter errors that other brokers in the cluster do not; if this happens, the broker shuts itself down to avoid making the cluster state inconsistent. For example a disk failure on one node will result in that node shutting down. Running out of storage capacity can also cause a node to shut down because because the brokers may not run out of storage at exactly the same point, even if they have similar storage configuration. To avoid unnecessary broker shutdowns, make sure the queue policy size of each durable queue is less than the capacity of the journal for the queue. - </para> - - </section> - - - </section> - - -</section> diff --git a/doc/book/src/cpp-broker/Active-Passive-Cluster.xml b/doc/book/src/cpp-broker/Active-Passive-Cluster.xml index 805ceb06e0..8a6403c2b5 100644 --- a/doc/book/src/cpp-broker/Active-Passive-Cluster.xml +++ b/doc/book/src/cpp-broker/Active-Passive-Cluster.xml @@ -55,30 +55,45 @@ under the License. <title>Avoiding message loss</title> <para> In order to avoid message loss, the primary broker <emphasis>delays - acknowledgment</emphasis> of messages received from clients until the - message has been replicated to and acknowledged by all of the back-up + acknowledgment</emphasis> of messages received from clients until the message has + been replicated to and acknowledged by all of the back-up brokers. This means that + all <emphasis>acknowledged</emphasis> messages are safely stored on all the backup brokers. </para> <para> - Clients buffer unacknowledged messages and re-send them in the event of - a fail-over. + Clients keep <emphasis>unacknowledged</emphasis> messages in a buffer + <footnote> + <para> + You can control the maximum number of messages in the buffer by setting the + client's <literal>capacity</literal>. For details of how to set the capacity + in client code see "Using the Qpid Messaging API" in + <citetitle>Programming in Apache Qpid</citetitle>. + </para> + </footnote> + until they are acknowledged by the primary. If the primary fails, clients will + fail-over to the new primary and <emphasis>re-send</emphasis> all their + unacknowledged messages. <footnote> <para> Clients must use "at-least-once" reliability to enable re-send of unacknowledged messages. This is the default behavior, no options need be set to enable it. For details of client addressing options see "Using the Qpid Messaging API" - in <citetitle>Programming in Apache Qpid</citetitle> + in <citetitle>Programming in Apache Qpid</citetitle>. </para> </footnote> - If the primary crashes before a message is replicated to - all the backups, the client will re-send the message when it fails over - to the new primary. + </para> + <para> + So if the primary crashes, all the <emphasis>acknowledged</emphasis> + messages will be available on the backup that takes over as the new + primary. The <emphasis>unacknowledged</emphasis> messages will be + re-sent by the clients. Thus no messages are lost. </para> <para> Note that this means it is possible for messages to be - <emphasis>duplicated</emphasis>. In the event of a failure it is - possible for a message to be both received by the backup that becomes - the new primary <emphasis>and</emphasis> re-sent by the client. + <emphasis>duplicated</emphasis>. In the event of a failure it is possible for a + message to received by the backup that becomes the new primary + <emphasis>and</emphasis> re-sent by the client. The application must take steps + to identify and eliminate duplicates. </para> <para> When a new primary is promoted after a fail-over it is initially in @@ -87,6 +102,11 @@ under the License. primary. This protects those messages against a failure of the new primary until the backups have a chance to connect and catch up. </para> + <para> + Not all messages need to be replicated to the back-up brokers. If a + message is consumed and acknowledged by a regular client before it has + been replicated to a backup, then it doesn't need to be replicated. + </para> <variablelist> <title>Status of a HA broker</title> <varlistentry> @@ -134,67 +154,35 @@ under the License. </variablelist> </section> <section> - <title>Replacing the old cluster module</title> + <title>Limitations</title> <para> - The High Availability (HA) module replaces the previous - <firstterm>active-active</firstterm> cluster module. The new active-passive - approach has several advantages compared to the existing active-active cluster - module. - <itemizedlist> - <listitem> - It does not depend directly on openais or corosync. It does not use multicast - which simplifies deployment. - </listitem> - <listitem> - It is more portable: in environments that don't support corosync, it can be - integrated with a resource manager available in that environment. - </listitem> - <listitem> - Replication to a <firstterm>disaster recovery</firstterm> site can be handled as - simply another node in the cluster, it does not require a separate replication - mechanism. - </listitem> - <listitem> - It can take advantage of features provided by the resource manager, for example - virtual IP addresses. - </listitem> - <listitem> - Improved performance and scalability due to better use of multiple CPUs - </listitem> - </itemizedlist> + There are a some known limitations in the current implementation. These + will be fixed in furture versions. </para> - </section> - <section> - <title>Limitations</title> <itemizedlist> <listitem> - Transactional changes to queue state are not replicated atomically. If the - primary crashes during a transaction, it is possible that the backup could - contain only part of the changes introduced by a transaction. - </listitem> - <listitem> - Not yet integrated with the persistent store. A persistent broker must have its - store erased before joining an existing cluster. If the entire cluster fails, - there are no tools to help identify the most recent store. In the future a - persistent broker will be able to use its stored messages to avoid downloading - messages from the primary when joining a cluster. - </listitem> - <listitem> - Configuration changes (creating or deleting queues, exchanges and bindings) are - replicated asynchronously. Management tools used to make changes will consider - the change complete when it is complete on the primary, it may not yet be - replicated to all the backups. + <para> + Transactional changes to queue state are not replicated atomically. If + the primary crashes during a transaction, it is possible that the + backup could contain only part of the changes introduced by a + transaction. + </para> </listitem> <listitem> - Deletions made immediately after a failure (before all the backups are ready) - may be lost on a backup. Queues, exchange or bindings that were deleted on the - primary could re-appear if that backup is promoted to primary on a subsequent - failure. + <para> + Configuration changes (creating or deleting queues, exchanges and + bindings) are replicated asynchronously. Management tools used to + make changes will consider the change complete when it is complete + on the primary, it may not yet be replicated to all the backups. + </para> </listitem> <listitem> - Federated links <emphasis>from</emphasis> the primary will be lost in fail over, - they will not be re-connected to the new primary. Federation links - <emphasis>to</emphasis> the primary can fail over. + <para> + Federated links <emphasis>from</emphasis> the primary will be lost + in fail over, they will not be re-connected to the new + primary. Federation links <emphasis>to</emphasis> the primary will + fail over. + </para> </listitem> </itemizedlist> </section> @@ -247,12 +235,20 @@ under the License. </row> <row> <entry> + <literal>ha-queue-replication <replaceable>yes|no</replaceable></literal> + </entry> + <entry> + Enable replication of specific queues without joining a cluster, see <xref linkend="ha-queue-replication"/>. + </entry> + </row> + <row> + <entry> <literal>ha-brokers-url <replaceable>URL</replaceable></literal> </entry> <entry> <para> The URL - <footnote> + <footnote id="ha-url-grammar"> <para> The full format of the URL is given by this grammar: <programlisting> @@ -264,10 +260,9 @@ ssl_addr = "ssl:" host [":" port]' </programlisting> </para> </footnote> - used by cluster brokers to connect to each other. The URL can - contain a list of all the broker addresses or it can contain a single - virtual IP address. If a list is used it is comma separated, for example - <literal>amqp:node1.exaple.com,node2.exaple.com,node3.exaple.com</literal> + used by cluster brokers to connect to each other. The URL should + contain a comma separated list of the broker addresses, rather than a + virtual IP address. </para> </entry> </row> @@ -275,20 +270,23 @@ ssl_addr = "ssl:" host [":" port]' <entry><literal>ha-public-url <replaceable>URL</replaceable></literal> </entry> <entry> <para> - The URL that is advertised to clients. This defaults to the - <literal>ha-brokers-url</literal> URL above, and has the same format. A - virtual IP address is recommended for the public URL as it simplifies - deployment and hides changes to the cluster membership from clients. + The URL <footnoteref linkend="ha-url-grammar"/> is advertised to + clients as the "known-hosts" for fail-over. It can be a list or + a single virtual IP address. A virtual IP address is recommended. </para> <para> - This option allows you to put client traffic on a different network from - broker traffic, which is recommended. + Using this option you can put client and broker traffic on + separate networks, which is recommended. + </para> + <para> + Note: When HA clustering is enabled the broker option + <literal>known-hosts-url</literal> is ignored and over-ridden by + the <literal>ha-public-url</literal> setting. </para> </entry> </row> <row> <entry><literal>ha-replicate </literal><replaceable>VALUE</replaceable></entry> - <foo/> <entry> <para> Specifies whether queues and exchanges are replicated by default. @@ -330,6 +328,15 @@ ssl_addr = "ssl:" host [":" port]' </para> </entry> </row> + <row> + <entry><literal>link-heartbeat-interval <replaceable>SECONDS</replaceable></literal></entry> + <entry> + <para> + Heartbeat interval for replication links. The link will be assumed broken + if there is no heartbeat for twice the interval. + </para> + </entry> + </row> </tbody> </tgroup> </table> @@ -382,7 +389,7 @@ ssl_addr = "ssl:" host [":" port]' clustered services using <command>cman</command> and <command>rgmanager</command>. It will show you how to configure an active-passive, hot-standby <command>qpidd</command> HA cluster with <command>rgmanager</command>. - </para> + </para> <para> You must provide a <literal>cluster.conf</literal> file to configure <command>cman</command> and <command>rgmanager</command>. Here is @@ -532,22 +539,28 @@ NOTE: fencing is not shown, you must configure fencing appropriately for your cl </section> <section id="ha-creating-replicated"> - <title>Creating replicated queues and exchanges</title> + <title>Controlling replication of queues and exchanges</title> <para> By default, queues and exchanges are not replicated automatically. You can change the default behavior by setting the <literal>ha-replicate</literal> configuration option. It has one of the following values: <itemizedlist> <listitem> - <firstterm>all</firstterm>: Replicate everything automatically: queues, - exchanges, bindings and messages. + <para> + <firstterm>all</firstterm>: Replicate everything automatically: queues, + exchanges, bindings and messages. + </para> </listitem> <listitem> - <firstterm>configuration</firstterm>: Replicate the existence of queues, - exchange and bindings but don't replicate messages. + <para> + <firstterm>configuration</firstterm>: Replicate the existence of queues, + exchange and bindings but don't replicate messages. + </para> </listitem> <listitem> - <firstterm>none</firstterm>: Don't replicate anything, this is the default. + <para> + <firstterm>none</firstterm>: Don't replicate anything, this is the default. + </para> </listitem> </itemizedlist> </para> @@ -575,6 +588,18 @@ NOTE: fencing is not shown, you must configure fencing appropriately for your cl <programlisting> "myqueue;{create:always,node:{x-declare:{arguments:{'qpid.replicate':all}}}}" </programlisting> + <para> + There are some built-in exchanges created automatically by the broker, these + exchangs are never replicated. The built-in exchanges are the default (nameless) + exchange, the AMQP standard exchanges (<literal>amq.direct, amq.topic, amq.fanout</literal> and + <literal>amq.match</literal>) and the management exchanges (<literal>qpid.management, qmf.default.direct</literal> and + <literal>qmf.default.topic</literal>) + </para> + <para> + Note that if you bind a replicated queue to one of these exchanges, the + binding wil <emphasis>not</emphasis> be replicated, so the queue will not + have the binding after a fail-over. + </para> </section> <section> @@ -588,12 +613,17 @@ NOTE: fencing is not shown, you must configure fencing appropriately for your cl each type of client). There are two possibilities <itemizedlist> <listitem> - The URL contains multiple addresses, one for each broker in the cluster. + <para> + The URL contains multiple addresses, one for each broker in the cluster. + </para> </listitem> <listitem> - The URL contains a single <firstterm>virtual IP address</firstterm> - that is assigned to the primary broker by the resource manager. - <footnote><para>Only if the resource manager supports virtual IP addresses</para></footnote> + <para> + The URL contains a single <firstterm>virtual IP address</firstterm> + that is assigned to the primary broker by the resource manager. + <footnote><para>Only if the resource manager supports virtual IP + addresses</para></footnote> + </para> </listitem> </itemizedlist> In the first case, clients will repeatedly re-try each address in the URL @@ -790,10 +820,10 @@ NOTE: fencing is not shown, you must configure fencing appropriately for your cl <para> To integrate with a different resource manager you must configure it to: <itemizedlist> - <listitem>Start a qpidd process on each node of the cluster.</listitem> - <listitem>Restart qpidd if it crashes.</listitem> - <listitem>Promote exactly one of the brokers to primary.</listitem> - <listitem>Detect a failure and promote a new primary.</listitem> + <listitem><para>Start a qpidd process on each node of the cluster.</para></listitem> + <listitem><para>Restart qpidd if it crashes.</para></listitem> + <listitem><para>Promote exactly one of the brokers to primary.</para></listitem> + <listitem><para>Detect a failure and promote a new primary.</para></listitem> </itemizedlist> </para> <para> @@ -821,6 +851,30 @@ NOTE: fencing is not shown, you must configure fencing appropriately for your cl or to simulate a cluster on a single node. For deployment, a resource manager is required. </para> </section> + <section id="ha-queue-replication"> + <title>Replicating specific queues</title> + <para> + In addition to the automatic replication performed in a cluster, you can + set up replication for specific queues between arbitrary brokers, even if + the brokers are not members of a cluster. The command: + </para> + <programlisting> + qpid-ha replicate <replaceable>QUEUE</replaceable> <replaceable>REMOTE-BROKER</replaceable> + </programlisting> + <para> + sets up replication of <replaceable>QUEUE</replaceable> on <replaceable>REMOTE-BROKER</replaceable> to <replaceable>QUEUE</replaceable> on the current broker. + </para> + <para> + Set the configuration option + <literal>ha-queue-replication=yes</literal> on both brokers to enable this + feature on non-cluster brokers. It is automatically enabled for brokers + that are part of a cluster. + </para> + <para> + Note that this feature does not provide automatic fail-over, for that you + need to run a cluster. + </para> + </section> </section> <!-- LocalWords: scalability rgmanager multicast RGManager mailto LVQ qpidd IP dequeued Transactional username diff --git a/doc/book/src/cpp-broker/Security.xml b/doc/book/src/cpp-broker/Security.xml index f28b72c71d..67c9d3dab7 100644 --- a/doc/book/src/cpp-broker/Security.xml +++ b/doc/book/src/cpp-broker/Security.xml @@ -315,67 +315,102 @@ com.sun.security.jgss.initiate { <!-- ################################################### --> <section id="sect-Messaging_User_Guide-Security-Authorization"> <title>Authorization</title> <para> - In Qpid, Authorization specifies which actions can be performed by each authenticated user using an Access Control List (ACL). Use the <command>--acl-file</command> command to load the access control list. The filename should have a <filename>.acl</filename> extension: + In Qpid, Authorization specifies which actions can be performed by each authenticated user using an Access Control List (ACL). + </para> + <para> + Use the <command>--acl-file</command> command to load the access control list. The filename should have a <filename>.acl</filename> extension: </para> <screen> -$ qpidd --acl-file <replaceable>./aclfilename.acl</replaceable></screen> + $ qpidd --acl-file <replaceable>./aclfilename.acl</replaceable></screen> <para> Each line in an ACL file grants or denies specific rights to a user. If the last line in an ACL file is <literal>acl deny all all</literal>, the ACL uses <firstterm>deny mode</firstterm>, and only those rights that are explicitly allowed are granted: </para> <programlisting> -acl allow rajith@QPID all all -acl deny all all + acl allow rajith@QPID all all + acl deny all all </programlisting> <para> On this server, <literal>rajith@QPID</literal> can perform any action, but nobody else can. Deny mode is the default, so the previous example is equivalent to the following ACL file: </para> <programlisting> -acl allow rajith@QPID all all + acl allow rajith@QPID all all +</programlisting> + <para> + Alternatively the ACL file may use <firstterm>allow mode</firstterm> by placing: + </para> +<programlisting> + acl allow all all </programlisting> <para> + as the final line in the ACL file. In <emphasis>allow mode</emphasis> all actions by all users are allowed unless otherwise denied by specific ACL rules. + The ACL rule which selects <emphasis>deny mode</emphasis> or <emphasis>allow mode</emphasis> must be the last line in the ACL rule file. + </para> + <para> ACL syntax allows fine-grained access rights for specific actions: </para> <programlisting> -acl allow carlt@QPID create exchange name=carl.* -acl allow fred@QPID create all -acl allow all consume queue -acl allow all bind exchange -acl deny all all + acl allow carlt@QPID create exchange name=carl.* + acl allow fred@QPID create all + acl allow all consume queue + acl allow all bind exchange + acl deny all all </programlisting> <para> An ACL file can define user groups, and assign permissions to them: </para> <programlisting> -group admin ted@QPID martin@QPID -acl allow admin create all -acl deny all all + group admin ted@QPID martin@QPID + acl allow admin create all + acl deny all all </programlisting> + + <para> + Performance Note: Most ACL queries are performed infrequently. The overhead associated with + ACL passing an allow or deny decision on the creation of a queue is negligible + compared to actually creating and using the queue. One notable exception is the <command>publish exchange</command> + query. ACL files with no <emphasis>publish exchange</emphasis> rules are noted and the broker short circuits the logic + associated with the per-messsage <emphasis>publish exchange</emphasis> ACL query. + However, if an ACL file has any <emphasis>publish exchange</emphasis> rules + then the broker is required to perform a <emphasis>publish exchange</emphasis> query for each message published. + Users with performance critical applications are encouraged to structure exchanges, queues, and bindings so that + the <emphasis>publish exchange</emphasis> ACL rules are unnecessary. + </para> + <!-- ######## --> <section id="sect-Messaging_User_Guide-Authorization-ACL_Syntax"> <title>ACL Syntax</title> <para> ACL rules must be on a single line and follow this syntax: <programlisting><![CDATA[ -user = username[/domain[@realm]] -user-list = user1 user2 user3 ... -group-name-list = group1 group2 group3 ... - -group <group-name> = [user-list] [group-name-list] - -permission = [allow|allow-log|deny|deny-log] -action = [consume|publish|create|access|bind|unbind|delete|purge|update] -object = [virtualhost|queue|exchange|broker|link|route|method] -property = [name|durable|owner|routingkey|autodelete|exclusive| - type|alternate|queuename|schemapackage|schemaclass| - queuemaxsizelowerlimit|queuemaxsizeupperlimit| - queuemaxcountlowerlimit|queuemaxcountupperlimit] - -acl permission {<group-name>|<user-name>|"all"} {action|"all"} [object|"all" - [property=<property-value> ...]] + user = username[/domain[@realm]] + user-list = user1 user2 user3 ... + group-name-list = group1 group2 group3 ... + + group <group-name> = [user-list] [group-name-list] + + permission = [allow | allow-log | deny | deny-log] + action = [consume | publish | create | access | + bind | unbind | delete | purge | update] + object = [queue | exchange | broker | link | method] + property = [name | durable | owner | routingkey | + autodelete | exclusive |type | + alternate | queuename | + schemapackage | schemaclass | + queuemaxsizelowerlimit | + queuemaxsizeupperlimit | + queuemaxcountlowerlimit | + queuemaxcountupperlimit | + filemaxsizelowerlimit | + filemaxsizeupperlimit | + filemaxcountlowerlimit | + filemaxcountupperlimit ] + + acl permission {<group-name>|<user-name>|"all"} {action|"all"} [object|"all" + [property=<property-value> ...]] ]]></programlisting> ACL rules can also include a single object name (or the keyword <parameter>all</parameter>) and one or more property name value pairs in the form <command>property=value</command> @@ -463,7 +498,9 @@ acl permission {<group-name>|<user-name>|"all"} {action|"all"} [object|"all" </entry> <entry> <para> - Applied on a per message basis on publish message transfers, this rule consumes the most resources + Applied on a per message basis + to verify that the user has rights to publish to the given + exchange with the given routingkey. </para> </entry> @@ -647,49 +684,49 @@ acl permission {<group-name>|<user-name>|"all"} {action|"all"} [object|"all" <entry> <command>name</command> </entry> <entry>String</entry> <entry>Object name, such as a queue name or exchange name.</entry> - <entry>.</entry> + <entry></entry> </row> <row> <entry> <command>durable</command> </entry> <entry>Boolean</entry> <entry>Indicates the object is durable</entry> - <entry>CREATE QUEUE, CREATE EXCHANGE</entry> + <entry>CREATE QUEUE, CREATE EXCHANGE, ACCESS QUEUE, ACCESS EXCHANGE</entry> </row> <row> <entry> <command>routingkey</command> </entry> <entry>String</entry> <entry>Specifies routing key</entry> - <entry>BIND EXCHANGE, UNBIND EXCHANGE, ACCESS EXCHANGE</entry> + <entry>BIND EXCHANGE, UNBIND EXCHANGE, ACCESS EXCHANGE, PUBLISH EXCHANGE</entry> </row> <row> <entry> <command>autodelete</command> </entry> <entry>Boolean</entry> <entry>Indicates whether or not the object gets deleted when the connection is closed</entry> - <entry>CREATE QUEUE</entry> + <entry>CREATE QUEUE, ACCESS QUEUE</entry> </row> <row> <entry> <command>exclusive</command> </entry> <entry>Boolean</entry> <entry>Indicates the presence of an <parameter>exclusive</parameter> flag</entry> - <entry>CREATE QUEUE</entry> + <entry>CREATE QUEUE, ACCESS QUEUE</entry> </row> <row> <entry> <command>type</command> </entry> <entry>String</entry> <entry>Type of exchange, such as topic, fanout, or xml</entry> - <entry>CREATE EXCHANGE</entry> + <entry>CREATE EXCHANGE, ACCESS EXCHANGE</entry> </row> <row> <entry> <command>alternate</command> </entry> <entry>String</entry> <entry>Name of the alternate exchange</entry> - <entry>CREATE EXCHANGE, CREATE QUEUE</entry> + <entry>CREATE EXCHANGE, CREATE QUEUE, ACCESS EXCHANGE, ACCESS QUEUE</entry> </row> <row> <entry> <command>queuename</command> </entry> <entry>String</entry> <entry>Name of the queue</entry> - <entry>ACCESS EXCHANGE</entry> + <entry>ACCESS EXCHANGE, BIND EXCHANGE, UNBIND EXCHANGE</entry> </row> <row> <entry> <command>schemapackage</command> </entry> @@ -706,119 +743,571 @@ acl permission {<group-name>|<user-name>|"all"} {action|"all"} [object|"all" <row> <entry> <command>queuemaxsizelowerlimit</command> </entry> <entry>Integer</entry> - <entry>Minimum value for queue.max_size</entry> - <entry>CREATE QUEUE</entry> + <entry>Minimum value for queue.max_size (memory bytes)</entry> + <entry>CREATE QUEUE, ACCESS QUEUE</entry> </row> <row> <entry> <command>queuemaxsizeupperlimit</command> </entry> <entry>Integer</entry> - <entry>Maximum value for queue.max_size</entry> - <entry>CREATE QUEUE</entry> + <entry>Maximum value for queue.max_size (memory bytes)</entry> + <entry>CREATE QUEUE, ACCESS QUEUE</entry> </row> <row> <entry> <command>queuemaxcountlowerlimit</command> </entry> <entry>Integer</entry> - <entry>Minimum value for queue.max_count</entry> - <entry>CREATE QUEUE</entry> + <entry>Minimum value for queue.max_count (messages)</entry> + <entry>CREATE QUEUE, ACCESS QUEUE</entry> </row> <row> <entry> <command>queuemaxcountupperlimit</command> </entry> <entry>Integer</entry> - <entry>Maximum value for queue.max_count</entry> - <entry>CREATE QUEUE</entry> + <entry>Maximum value for queue.max_count (messages)</entry> + <entry>CREATE QUEUE, ACCESS QUEUE</entry> + </row> + <row> + <entry> <command>filemaxsizelowerlimit</command> </entry> + <entry>Integer</entry> + <entry>Minimum value for file.max_size (64kb pages)</entry> + <entry>CREATE QUEUE, ACCESS QUEUE</entry> + </row> + <row> + <entry> <command>filemaxsizeupperlimit</command> </entry> + <entry>Integer</entry> + <entry>Maximum value for file.max_size (64kb pages)</entry> + <entry>CREATE QUEUE, ACCESS QUEUE</entry> + </row> + <row> + <entry> <command>filemaxcountlowerlimit</command> </entry> + <entry>Integer</entry> + <entry>Minimum value for file.max_count (files)</entry> + <entry>CREATE QUEUE, ACCESS QUEUE</entry> + </row> + <row> + <entry> <command>filemaxcountupperlimit</command> </entry> + <entry>Integer</entry> + <entry>Maximum value for file.max_count (files)</entry> + <entry>CREATE QUEUE, ACCESS QUEUE</entry> </row> - </tbody> - </tgroup> - </table> - + + <section id="sect-Messaging_User_Guide-Authorization-ACL_ActionObjectPropertyTuples"> + <title>ACL Action-Object-Property Tuples</title> + <para> + Not every ACL action is applicable to every ACL object. Furthermore, not every property may be + specified for every action-object pair. + The following table enumerates which action and object pairs are allowed. + The table also lists which optional ACL properties are allowed to qualify + action-object pairs. + </para> + <para> + The <emphasis>access</emphasis> action is called with different argument + lists for the <emphasis>exchange</emphasis> and <emphasis>queue</emphasis> objects. + A separate column shows the AMQP 0.10 method that the Access ACL rule is satisfying. + Write separate rules with the additional arguments for the <emphasis>declare</emphasis> + and <emphasis>bind</emphasis> methods and include these rules in the ACL file + before the rules for the <emphasis>query</emphasis> method. + <!-- The exact sequence of calling these methods is a product of the client + library. The user might not know anything about a 'declare' or a 'query' or + a passive declaration. --> + </para> + <table id="tabl-Messaging_User_Guide-ACL_Syntax-ACL_ActionObject_properties"> + <title>ACL Properties Allowed for each Action and Object</title> + <tgroup cols="4"> + <thead> + <row> + <entry>Action</entry> + <entry>Object</entry> + <entry>Properties</entry> + <entry>Method</entry> + </row> + </thead> + <tbody> + <row> + <entry>access</entry> + <entry>broker</entry> + <entry></entry> + </row> + <row> + <entry>access</entry> + <entry>exchange</entry> + <entry>name type alternate durable</entry> + <entry>declare</entry> + </row> + <row> + <entry>access</entry> + <entry>exchange</entry> + <entry>name queuename routingkey</entry> + <entry>bound</entry> + </row> + <row> + <entry>access</entry> + <entry>exchange</entry> + <entry>name</entry> + <entry>query</entry> + </row> + <row> + <entry>access</entry> + <entry>method</entry> + <entry>name schemapackage schemaclass</entry> + <entry></entry> + </row> + <row> + <entry>access</entry> + <entry>queue</entry> + <entry>name alternate durable exclusive autodelete policy queuemaxsizelowerlimit queuemaxsizeupperlimit queuemaxcountlowerlimit queuemaxcountupperlimit filemaxsizelowerlimit filemaxsizeupperlimit filemaxcountlowerlimit filemaxcountupperlimit</entry> + <entry>declare</entry> + </row> + <row> + <entry>access</entry> + <entry>queue</entry> + <entry>name</entry> + <entry>query</entry> + </row> + <row> + <entry>bind</entry> + <entry>exchange</entry> + <entry>name queuename routingkey</entry> + <entry></entry> + </row> + <row> + <entry>consume</entry> + <entry>queue</entry> + <entry>name</entry> + <entry></entry> + </row> + <row> + <entry>create</entry> + <entry>exchange</entry> + <entry>name type alternate durable</entry> + <entry></entry> + </row> + <row> + <entry>create</entry> + <entry>link</entry> + <entry>name</entry> + <entry></entry> + </row> + <row> + <entry>create</entry> + <entry>queue</entry> + <entry>name alternate durable exclusive autodelete policy queuemaxsizelowerlimit queuemaxsizeupperlimit queuemaxcountlowerlimit queuemaxcountupperlimit filemaxsizelowerlimit filemaxsizeupperlimit filemaxcountlowerlimit filemaxcountupperlimit</entry> + <entry></entry> + </row> + <row> + <entry>delete</entry> + <entry>exchange</entry> + <entry>name</entry> + <entry></entry> + </row> + <row> + <entry>delete</entry> + <entry>queue</entry> + <entry>name</entry> + <entry></entry> + </row> + <row> + <entry>publish</entry> + <entry>exchange</entry> + <entry>name routingkey</entry> + <entry></entry> + </row> + <row> + <entry>purge</entry> + <entry>queue</entry> + <entry>name</entry> + <entry></entry> + </row> + <row> + <entry>unbind</entry> + <entry>exchange</entry> + <entry>name queuename routingkey</entry> + <entry></entry> + </row> + <row> + <entry>update</entry> + <entry>broker</entry> + <entry></entry> + <entry></entry> + </row> + </tbody> + </tgroup> + </table> + <para> + + </para> + </section> </section> <section id="sect-Messaging_User_Guide-Authorization-ACL_Syntactic_Conventions"> <title>ACL Syntactic Conventions</title> - <para> - In ACL files, the following syntactic conventions apply: + <section id="sect-Messaging_User_Guide-Authorization-ACL_Syntactic_Conventions-comments"> + <title>Comments</title> + <para> + <itemizedlist> + <listitem> + <para> + A line starting with the <command>#</command> character is considered a comment and is ignored. + </para> + </listitem> + <listitem> + <para> + Embedded comments and trailing comments are not allowed. The <command>#</command> is commonly found in routing keys and other AMQP literals which occur naturally in ACL rule specifications. + </para> + </listitem> + </itemizedlist> + </para> + </section> + <section id="sect-Messaging_User_Guide-Authorization-ACL_Syntactic_Conventions-whitespace"> + <title>White Space</title> + <itemizedlist> + <listitem> + <para> + Empty lines and lines that contain only whitespace (' ', '\f', '\n', '\r', '\t', '\v') are ignored. + </para> + </listitem> + <listitem> + <para> + Additional whitespace between and after tokens is allowed. + </para> + </listitem> + <listitem> + <para> + Group and Acl definitions must start with <command>group</command> and <command>acl</command> respectively and with no preceding whitespace. + </para> + </listitem> + </itemizedlist> + </section> + <section id="sect-Messaging_User_Guide-Authorization-ACL_Syntactic_Conventions-characterset"> + <title>Character Set</title> + <itemizedlist> + <listitem> + <para> + ACL files use 7-bit ASCII characters only + </para> + </listitem> + <listitem> + <para> + Group names may contain only <itemizedlist> - <listitem> - <para> - A line starting with the <command>#</command> character is considered a comment and is ignored. - </para> - - </listitem> - <listitem> - <para> - Empty lines and lines that contain only whitespace (' ', '\f', '\n', '\r', '\t', '\v') are ignored. - </para> - - </listitem> - <listitem> - <para> - All tokens are case sensitive. <parameter>name1</parameter> is not the same as <parameter>Name1</parameter> and <parameter>create</parameter> is not the same as <parameter>CREATE</parameter>. - </para> - - </listitem> - <listitem> - <para> - Group lists can be extended to the following line by terminating the line with the <command>\</command> character. - </para> - - </listitem> - <listitem> - <para> - Additional whitespace - that is, where there is more than one whitespace character - between and after tokens is ignored. Group and ACL definitions must start with either <command>group</command> or <command>acl</command> and with no preceding whitespace. - </para> - - </listitem> - <listitem> - <para> - All ACL rules are limited to a single line of at most 1024 characters. - </para> - - </listitem> - <listitem> - <para> - Rules are interpreted from the top of the file down until a matching rule is obtained. The matching rule then controls the allow or deny decision. - </para> - - </listitem> - <listitem> - <para> - The keyword <parameter>all</parameter> is reserved and may be used in ACL rules to match all individuals and groups, all actions, or all objects. - </para> - - </listitem> - <listitem> - <para> - By default ACL files are in 'Deny Mode' and deny all actions by all users. That is, there is an implicit <parameter>acl deny all all</parameter> rule appended to the ACL rule list. - </para> - - </listitem> - <listitem> - <para> - Group names may contain only <parameter>a-z</parameter>, <parameter>A-Z</parameter>, <parameter>0-9</parameter>, <parameter>- hyphen</parameter> and <parameter>_ underscore</parameter>. - </para> - - </listitem> - <listitem> - <para> - Individual user names may contain only <parameter>a-z</parameter>, <parameter>A-Z</parameter>, <parameter>0-9</parameter>, <parameter>- hyphen</parameter>, <parameter>_ underscore</parameter>, <parameter>. period</parameter>, <parameter>@ ampersand</parameter>, and <parameter>/ slash</parameter>. - </para> - - </listitem> - <listitem> - <para> - Rules must be preceded by any group definitions they can use. Any name not defined as a group will be assumed to be that of an individual. - </para> - - </listitem> - + <listitem><command>[a-z]</command></listitem> + <listitem><command>[A-Z]</command></listitem> + <listitem><command>[0-9]</command></listitem> + <listitem><command>'-'</command> hyphen</listitem> + <listitem><command>'_'</command> underscore</listitem> + </itemizedlist> + </para> + </listitem> + <listitem> + <para> + Individual user names may contain only + <itemizedlist> + <listitem><command>[a-z]</command></listitem> + <listitem><command>[A-Z]</command></listitem> + <listitem><command>[0-9]</command></listitem> + <listitem><command>'-'</command> hyphen</listitem> + <listitem><command>'_'</command> underscore</listitem> + <listitem><command>'.'</command> period</listitem> + <listitem><command>'@'</command> ampersand</listitem> + <listitem><command>'/'</command> slash</listitem> </itemizedlist> + </para> + </listitem> + </itemizedlist> + </section> + <section id="sect-Messaging_User_Guide-Authorization-ACL_Syntactic_Conventions-casesensitivity"> + <title>Case Sensitivity</title> + <itemizedlist> + <listitem> + <para> + All tokens are case sensitive. <parameter>name1</parameter> is not the same as <parameter>Name1</parameter> and <parameter>create</parameter> is not the same as <parameter>CREATE</parameter>. + </para> + </listitem> + </itemizedlist> + </section> + <section id="sect-Messaging_User_Guide-Authorization-ACL_Syntactic_Conventions-linecontinuation"> + <title>Line Continuation</title> + <itemizedlist> + <listitem> + <para> + Group lists can be extended to the following line by terminating the line with the <command>'\'</command> character. No other ACL file lines may be continued. + </para> + </listitem> + <listitem> + <para> + Group specification lines may be continued only after the group name or any of the user names included in the group. See example below. + </para> + </listitem> + <listitem> + <para> + Lines consisting solely of a <command>'\'</command> character are not permitted. + </para> + </listitem> + <listitem> + <para> + The <command>'\'</command> continuation character is recognized only if it is the last character in the line. Any characters after the <command>'\'</command> are not permitted. + </para> + </listitem> + </itemizedlist> +<programlisting><![CDATA[ + # + # Examples of extending group lists using a trailing '\' character + # + group group1 name1 name2 \ + name3 name4 \ + name5 + + group group2 \ + group1 \ + name6 + # + # The following are illegal: + # + # '\' must be after group name + # + group \ + group3 name7 name8 + # + # No empty extension line + # + group group4 name9 \ + \ + name10 +]]></programlisting> - </para> + </section> + <section id="sect-Messaging_User_Guide-Authorization-ACL_Syntactic_Conventions-linelength"> + <title>Line Length</title> + <itemizedlist> + <listitem> + <para> + ACL file lines are limited to 1024 characters. + </para> + </listitem> + </itemizedlist> + </section> + + + <section id="sect-Messaging_User_Guide-Authorization-ACL_Syntactic_Conventions-keywords"> + <title>ACL File Keywords</title> + ACL reserves several words for convenience and for context sensitive substitution. + + <section id="sect-Messaging_User_Guide-Authorization-ACL_Syntactic_Conventions-keywords-all"> + <title>The <command>all</command> Keyword</title> + The keyword <command>all</command> is reserved. It may be used in ACL rules to match all individuals and groups, all actions, or all objects. + <itemizedlist> + <listitem>acl allow all create queue</listitem> + <listitem>acl allow bob@QPID all queue</listitem> + <listitem>acl allow bob@QPID create all</listitem> + </itemizedlist> + </section> + + <section id="sect-Messaging_User_Guide-Authorization-ACL_Syntactic_Conventions-keywords-userdomain"> + <title>User Name and Domain Name Keywords</title> + <para> + In the C++ Broker 0.20 a simple set of user name and domain name substitution variable keyword tokens is defined. This provides administrators with an easy way to describe private or shared resources. + </para> + <para> + Symbol substitution is allowed in the ACL file anywhere that text is supplied for a property value. + </para> + <para> + In the following table an authenticated user named bob.user@QPID.COM has his substitution keywords expanded. + + <table id="tabl-Messaging_User_Guide-ACL_Syntax-ACL_UsernameSubstitution"> + <title>ACL User Name and Domain Name Substitution Keywords</title> + <tgroup cols="2"> + <thead> + <row> + <entry>Keyword</entry> + <entry>Expansion</entry> + </row> + </thead> + <tbody> + <row> + <entry> <command>${userdomain}</command> </entry> + <entry>bob_user_QPID_COM</entry> + </row> + <row> + <entry> <command>${user}</command> </entry> + <entry>bob_user</entry> + </row> + <row> + <entry> <command>${domain}</command> </entry> + <entry>QPID_COM</entry> + </row> + </tbody> + </tgroup> + </table> + </para> + + <para> + <itemizedlist> + <listitem> + The original user name has the period “.” and ampersand “@” characters translated into underscore “_”. This allows substitution to work when the substitution keyword is used in a routingkey in the Acl file. + </listitem> + <listitem> + The Acl processing matches ${userdomain} before matching either ${user} or ${domain}. Rules that specify the combination ${user}_${domain} will never match. + </listitem> + </itemizedlist> + </para> + +<programlisting><![CDATA[ + # Example: + # + # Administrators can set up Acl rule files that allow every user to create a + # private exchange, a private queue, and a private binding between them. + # In this example the users are also allowed to create private backup exchanges, + # queues and bindings. This effectively provides limits to user's exchange, + # queue, and binding creation and guarantees that each user gets exclusive + # access to these resources. + # + # + # Create primary queue and exchange: + # + acl allow all create queue name=$\{user}-work alternate=$\{user}-work2 + acl deny all create queue name=$\{user}-work alternate=* + acl allow all create queue name=$\{user}-work + acl allow all create exchange name=$\{user}-work alternate=$\{user}-work2 + acl deny all create exchange name=$\{user}-work alternate=* + acl allow all create exchange name=$\{user}-work + # + # Create backup queue and exchange + # + acl deny all create queue name=$\{user}-work2 alternate=* + acl allow all create queue name=$\{user}-work2 + acl deny all create exchange name=$\{user}-work2 alternate=* + acl allow all create exchange name=$\{user}-work2 + # + # Bind/unbind primary exchange + # + acl allow all bind exchange name=$\{user}-work routingkey=$\{user} queuename=$\{user}-work + acl allow all unbind exchange name=$\{user}-work routingkey=$\{user} queuename=$\{user}-work + # + # Bind/unbind backup exchange + # + acl allow all bind exchange name=$\{user}-work2 routingkey=$\{user} queuename=$\{user}-work2 + acl allow all unbind exchange name=$\{user}-work2 routingkey=$\{user} queuename=$\{user}-work2 + # + # Access primary exchange + # + acl allow all access exchange name=$\{user}-work routingkey=$\{user} queuename=$\{user}-work + # + # Access backup exchange + # + acl allow all access exchange name=$\{user}-work2 routingkey=$\{user} queuename=$\{user}-work2 + # + # Publish primary exchange + # + acl allow all publish exchange name=$\{user}-work routingkey=$\{user} + # + # Publish backup exchange + # + acl allow all publish exchange name=$\{user}-work2 routingkey=$\{user} + # + # deny mode + # + acl deny all all +]]></programlisting> + </section> + + </section> + + <section id="sect-Messaging_User_Guide-Authorization-ACL_Syntatic_Conventions-wildcards"> + <title>Wildcards</title> + ACL privides two types of wildcard matching to provide flexibility in writing rules. + + <section id="sect-Messaging_User_Guide-Authorization-ACL_Syntatic_Conventions-wildcards-asterisk"> + <title>Property Value Wildcard</title> + <para> + Text specifying a property value may end with a single trailing <command>*</command> character. + This is a simple wildcard match indicating that strings which match up to that point are matches for the ACL property rule. + An ACL rule such as + </para> + <para> + <programlisting> acl allow bob@QPID create queue name=bob*</programlisting> + </para> + <para> + allow user bob@QPID to create queues named bob1, bob2, bobQueue3, and so on. + </para> + </section> + + <section id="sect-Messaging_User_Guide-Authorization-ACL_Syntatic_Conventions-wildcards-topickey"> + <title>Topic Routing Key Wildcard</title> + <para> + In the C++ Broker 0.20 the logic governing the ACL Match has changed for each ACL rule that contains a routingkey property. + The routingkey property is matched according to Topic Exchange match logic the broker uses when it distributes messages published to a topic exchange. + </para> + <para> + Routing keys are hierarchical where each level is separated by a period: + <itemizedlist> + <listitem>weather.usa</listitem> + <listitem>weather.europe.germany</listitem> + <listitem>weather.europe.germany.berlin</listitem> + <listitem>company.engineering.repository</listitem> + </itemizedlist> + </para> + <para> + Within the routing key hierarchy two wildcard characters are defined. + <itemizedlist> + <listitem><command>*</command> matches one field</listitem> + <listitem><command>#</command> matches zero or more fields</listitem> + </itemizedlist> + </para> + <para> + Suppose an ACL rule file is: + </para> + <para> + <programlisting> + acl allow-log uHash1@COMPANY publish exchange name=X routingkey=a.#.b + acl deny all all + </programlisting> + </para> + <para> + When user uHash1@COMPANY attempts to publish to exchange X the ACL will return these results: + + <table id="tabl-Messaging_User_Guide-ACL_Syntax-ACL_TopicExchangeMatch"> + <title>Topic Exchange Wildcard Match Examples</title> + <tgroup cols="2"> + <thead> + <row> + <entry>routingkey in publish to exchange X</entry> + <entry>result</entry> + </row> + </thead> + <tbody> + <row> + <entry> <command>a.b</command> </entry> + <entry>allow-log</entry> + </row> + <row> + <entry> <command>a.x.b</command> </entry> + <entry>allow-log</entry> + </row> + <row> + <entry> <command>a.x.y.zz.b</command> </entry> + <entry>allow-log</entry> + </row> + <row> + <entry> <command>a.b.</command> </entry> + <entry>deny</entry> + </row> + <row> + <entry> <command>q.x.b</command> </entry> + <entry>deny</entry> + </row> + </tbody> + </tgroup> + </table> - </section> + </para> + </section> + + </section> + + + + </section> <section id="sect-Messaging_User_Guide-Authorization-ACL_Rule_Matching"> <title>ACL Rule Matching</title> @@ -839,51 +1328,51 @@ acl permission {<group-name>|<user-name>|"all"} {action|"all"} [object|"all" <para> The following illustration shows how ACL rules are processed to find matching rules. <programlisting><![CDATA[ -# Example of rule matching -# -# Using this ACL file content: - -(1) acl deny bob create exchange name=test durable=true passive=true -(2) acl deny bob create exchange name=myEx type=direct -(3) acl allow all all - -# -# Lookup 1. id:bob action:create objectType:exchange name=test -# {durable=false passive=false type=direct alternate=} -# -# ACL Match Processing: -# 1. Rule 1 passes minimum criteria with user bob, action create, -# and object exchange. -# 2. Rule 1 matches name=test. -# 3. Rule 1 does not match the rule's durable=true with the requested -# lookup of durable=false. -# 4. Rule 1 does not control the decision and processing continues -# to Rule 2. -# 5. Rule 2 passes minimum criteria with user bob, action create, -# and object exchange. -# 6. Rule 2 does not match the rule's name=myEx with the requested -# lookup of name=test. -# 7. Rule 2 does not control the decision and processing continues -# to Rule 3. -# 8. Rule 3 matches everything and the decision is 'allow'. -# -# Lookup 2. id:bob action:create objectType:exchange name=myEx -# {durable=true passive=true type=direct alternate=} -# -# ACL Match Processing: -# 1. Rule 1 passes minimum criteria with user bob, action create, -# and object exchange. -# 6. Rule 1 does not match the rule's name=test with the requested -# lookup of name=myEx. -# 4. Rule 1 does not control the decision and processing continues -# to Rule 2. -# 5. Rule 2 passes minimum criteria with user bob, action create, -# and object exchange. -# 2. Rule 2 matches name=myEx. -# 3. Rule 2 matches the rule's type=direct with the requested -# lookup of type=direct. -# 8. Rule 2 is the matching rule and the decision is 'deny'. -# + # Example of rule matching + # + # Using this ACL file content: + + (1) acl deny bob create exchange name=test durable=true passive=true + (2) acl deny bob create exchange name=myEx type=direct + (3) acl allow all all + + # + # Lookup 1. id:bob action:create objectType:exchange name=test + # {durable=false passive=false type=direct alternate=} + # + # ACL Match Processing: + # 1. Rule 1 passes minimum criteria with user bob, action create, + # and object exchange. + # 2. Rule 1 matches name=test. + # 3. Rule 1 does not match the rule's durable=true with the requested + # lookup of durable=false. + # 4. Rule 1 does not control the decision and processing continues + # to Rule 2. + # 5. Rule 2 passes minimum criteria with user bob, action create, + # and object exchange. + # 6. Rule 2 does not match the rule's name=myEx with the requested + # lookup of name=test. + # 7. Rule 2 does not control the decision and processing continues + # to Rule 3. + # 8. Rule 3 matches everything and the decision is 'allow'. + # + # Lookup 2. id:bob action:create objectType:exchange name=myEx + # {durable=true passive=true type=direct alternate=} + # + # ACL Match Processing: + # 1. Rule 1 passes minimum criteria with user bob, action create, + # and object exchange. + # 2. Rule 1 does not match the rule's name=test with the requested + # lookup of name=myEx. + # 3. Rule 1 does not control the decision and processing continues + # to Rule 2. + # 4. Rule 2 passes minimum criteria with user bob, action create, + # and object exchange. + # 5. Rule 2 matches name=myEx. + # 6. Rule 2 matches the rule's type=direct with the requested + # lookup of type=direct. + # 7. Rule 2 is the matching rule and the decision is 'deny'. + # ]]></programlisting> </para> @@ -892,38 +1381,38 @@ acl permission {<group-name>|<user-name>|"all"} {action|"all"} [object|"all" <section id="sect-Messaging_User_Guide-Authorization-Specifying_ACL_Permissions"> <title>Specifying ACL Permissions</title> <para> - Now that we have seen the ACL syntax, we will provide representative examples and guidelines for ACL files. + Now that we have seen the ACL syntax, we will provide representative examples and guidelines for ACL files. </para> <para> Most ACL files begin by defining groups: </para> <programlisting> -group admin ted@QPID martin@QPID -group user-consume martin@QPID ted@QPID -group group2 kim@QPID user-consume rob@QPID -group publisher group2 \ -tom@QPID andrew@QPID debbie@QPID + group admin ted@QPID martin@QPID + group user-consume martin@QPID ted@QPID + group group2 kim@QPID user-consume rob@QPID + group publisher group2 \ + tom@QPID andrew@QPID debbie@QPID </programlisting> <para> Rules in an ACL file grant or deny specific permissions to users or groups: </para> <programlisting> -acl allow carlt@QPID create exchange name=carl.* -acl allow rob@QPID create queue -acl allow guest@QPID bind exchange name=amq.topic routingkey=stocks.rht.# -acl allow user-consume create queue name=tmp.* - -acl allow publisher publish all durable=false -acl allow publisher create queue name=RequestQueue -acl allow consumer consume queue durable=true -acl allow fred@QPID create all -acl allow bob@QPID all queue -acl allow admin all -acl allow all consume queue -acl allow all bind exchange -acl deny all all + acl allow carlt@QPID create exchange name=carl.* + acl allow rob@QPID create queue + acl allow guest@QPID bind exchange name=amq.topic routingkey=stocks.rht.# + acl allow user-consume create queue name=tmp.* + + acl allow publisher publish all durable=false + acl allow publisher create queue name=RequestQueue + acl allow consumer consume queue durable=true + acl allow fred@QPID create all + acl allow bob@QPID all queue + acl allow admin all + acl allow all consume queue + acl allow all bind exchange + acl deny all all </programlisting> <para> In the previous example, the last line, <literal>acl deny all all</literal>, denies all authorizations that have not been specifically granted. This is the default, but it is useful to include it explicitly on the last line for the sake of clarity. If you want to grant all rights by default, you can specify <literal>acl allow all all</literal> in the last line. @@ -933,10 +1422,10 @@ acl deny all all </para> <para> <programlisting> -group users alice@QPID bob@QPID charlie@QPID -acl deny charlie@QPID create queue -acl allow users create queue -acl deny all all + group users alice@QPID bob@QPID charlie@QPID + acl deny charlie@QPID create queue + acl allow users create queue + acl deny all all </programlisting> </para> <para> @@ -947,42 +1436,74 @@ acl deny all all </para> <programlisting> -group allUsers guest@QPID -.... -acl deny-log allUsers create link -acl deny-log allUsers access method name=connect -acl deny-log allUsers access method name=echo -acl allow all all + group allUsers guest@QPID + ... + acl deny-log allUsers create link + acl deny-log allUsers access method name=connect + acl deny-log allUsers access method name=echo + acl allow all all </programlisting> </section> - - <section id="sect-Messaging_User_Guide-Authorization-Specifying_ACL_Connection_Limits"> - <title>Specifying ACL Connection Limits</title> - <para> - The ACL module creates two broker command line switches that set limits on the number of connections allowed per user or per client host address. These settings are not specified in the ACL file. - </para> - <para> -<programlisting> ---acl-max-connect-per-user N_USER ---acl-max-connect-per-ip N_IP -</programlisting> - </para> - <para> - If either of these switches is not specified or the value specified is zero then the corresponding connection limit is not enforced. - </para> - <para> - If a limit is set for user connections then all users are limited to that number of connections regardless of the client IP address the users are coming from. - </para> - <para> - If a limit is set for IP connections then connections for a given IP address are limited regardless of the user credentials presented with the connection. - </para> - <para> - Note that addresses using different transports are counted separately even though the host is actually the same physical machine. In the setting illustrated above a host would allow N_IP connections from [::1] IPv6 transport localhost and another N_IP connections from [127.0.0.1] IPv4 transport localhost. - </para> - </section> - - </section> + </section> + + <section id="sect-Messaging_User_Guide-Authorization-Specifying_ACL_Quotas"> + <title>User Connection and Queue Quotas</title> + The ACL module enforces various quotas and thereby limits user activity. + + <section id="sect-Messaging_User_Guide-Authorization-Specifying_ACL_Connection_Limits"> + <title>Connection Limits</title> + <para> + The ACL module creates broker command line switches that set limits on the number of concurrent connections allowed per user or per client host address. These settings are not specified in the ACL file. + </para> + <para> + <programlisting> + --max-connections N + --max-connections-per-user N + --max-connections-per-ip N + </programlisting> + </para> + <para> + If a switch is not specified or the value specified is zero then the corresponding connection limit is not enforced. + </para> + <para> + <command>max-connections</command> specifies an upper limit for all user connections. + </para> + <para> + <command>max-connections-per-user</command> specifies an upper limit for each user based on the authenticated user name. This limit is enforced regardless of the client IP address from which the connection originates. + </para> + <para> + <command>max-connections-per-ip</command> specifies an upper limit for connections for all users based on the originating client IP address. This limit is enforced regardless of the user credentials presented with the connection. + <itemizedlist> + <listitem> + Note that addresses using different transports are counted separately even though the originating host is actually the same physical machine. In the setting illustrated above a host would allow N_IP connections from [::1] IPv6 transport localhost and another N_IP connections from [127.0.0.1] IPv4 transport localhost. + </listitem> + <listitem> + The max-connections-per-ip and max-connections-per-user counts are active simultaneously. From a given client system users may be denied access to the broker by either connection limit. + </listitem> + </itemizedlist> + </para> + </section> + + <section id="sect-Messaging_User_Guide-Authorization-Specifying_ACL_Queue_Limits"> + <title>Queue Limits</title> + <para> + The ACL module creates a broker command line switch that set limits on the number of queues each user is allowed to create. This settings is not specified in the ACL file. + </para> + <para> + <programlisting> + --max-queues-per-user N + </programlisting> + </para> + <para> + If this switch is not specified or the value specified is zero then the queue limit is not enforced. + </para> + <para> + The queue limit is set for all users on the broker based on the authenticated user name. + </para> + </section> + + </section> <!-- ########################### --> <section id="sect-Messaging_User_Guide-Security-Encryption_using_SSL"> <title>Encryption using SSL</title> diff --git a/doc/book/src/java-broker/AMQP-Messaging-Broker-Java-Book.xml b/doc/book/src/java-broker/AMQP-Messaging-Broker-Java-Book.xml index 54c2984d0a..b2dbd969bc 100644 --- a/doc/book/src/java-broker/AMQP-Messaging-Broker-Java-Book.xml +++ b/doc/book/src/java-broker/AMQP-Messaging-Broker-Java-Book.xml @@ -8,66 +8,33 @@ to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - + http://www.apache.org/licenses/LICENSE-2.0 - + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - ---> - -<book> - <title>AMQP Messaging Broker (Implemented in Java)</title> - <preface> - <title>Introduction</title> - <para>Qpid provides two AMQP messaging brokers:</para> - - <itemizedlist> - <listitem><para>Implemented in C++ - high performance, low latency, and RDMA support.</para></listitem> - <listitem><para>Implemented in Java - Fully JMS compliant, runs on any Java platform.</para></listitem> - </itemizedlist> - - <para>Both AMQP messaging brokers support clients in multiple languages, as long as the messaging client and the messaging broker use the same version of AMQP.</para> - - <para>This manual contains information specific to the broker that is implemented in Java.</para> - </preface> - -<chapter id="Java-General-User-Guides"> - <title>General User Guides</title> - - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Feature-Guide.xml"/> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Qpid-Java-FAQ.xml"/> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Environment-Variables.xml"/> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Qpid-Troubleshooting-Guide.xml"/> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Broker-Configuration-Guide.xml"/> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="HA-Guide.xml"/> -</chapter> - -<chapter id="Qpid-Java-Broker-HowTos"> -<title>How Tos</title> - - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Add-New-Users.xml"/> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Configure-ACLs.xml"/> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Configure-Java-Qpid-to-use-a-SSL-connection.xml"/> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Configure-Log4j-CompositeRolling-Appender.xml"/> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Configure-the-Broker-via-config.xml.xml"/> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Configure-the-Virtual-Hosts-via-virtualhosts.xml.xml"/> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Debug-using-log4j.xml"/> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="How-to-Tune-M3-Java-Broker-Performance.xml"/> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Qpid-Java-Build-How-To.xml"/> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="OtherQueueTypes.xml"/> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="How-to-Use-SlowConsumerDisconnect.xml"/> -</chapter> +--> -<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Qpid-JMX-Management-Console.xml"/> +<book xmlns:xi="http://www.w3.org/2001/XInclude"> +<title>AMQP Messaging Broker (Java)</title> + +<xi:include href="Java-Broker-Introduction.xml"/> +<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Installation.xml"/> +<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Getting-Started.xml"/> +<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Concepts.xml"/> +<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Virtual-Hosts.xml"/> +<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Exchanges.xml"/> +<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Queues.xml"/> +<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Stores.xml"/> +<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Configuring-And-Managing.xml"/> +<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Security.xml"/> +<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Runtime.xml"/> +<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-High-Availability.xml"/> +<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Miscellaneous.xml"/> -<chapter id="QpidJavaBroker-ManagementTools"> -<title>Management Tools</title> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Qpid-Java-Broker-Management-CLI.xml"/> -</chapter> </book> diff --git a/doc/book/src/java-broker/Add-New-Users.xml b/doc/book/src/java-broker/Add-New-Users.xml deleted file mode 100644 index dc34bcc5c9..0000000000 --- a/doc/book/src/java-broker/Add-New-Users.xml +++ /dev/null @@ -1,237 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!-- - - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - ---> - -<section><title> - Add New Users - </title><para> - The Qpid Java Broker has a single reference source (<xref linkend="qpid_PrincipalDatabase"/>) that - defines all the users in the system. - </para><para> - To add a new user to the broker the password file must be - updated. The details about adding entries and when these updates - take effect are dependent on the file format each of which are - described below. - </para> - - <section role="h2" id="AddNewUsers-AvailablePasswordfileformats"><title> - Available - Password file formats - </title> - <para> - There are currently two different file formats available for use - depending on the PrincipalDatabase that is desired. In all cases - the clients need not be aware of the type of PrincipalDatabase in - use they only need support the SASL mechanisms they provide. - </para><itemizedlist> - <listitem><para> - <xref linkend="AddNewUsers-Plain"/> - </para></listitem> - <listitem><para> - <xref linkend="AddNewUsers-Base64MD5PasswordFileFormat"/> - </para></listitem> - </itemizedlist><para> - - </para> - - <section role="h3" id="AddNewUsers-Plain"><title> - Plain - </title> - <para> - The plain file has the following format: - </para> - <programlisting> -# Plain password authentication file. -# default name : passwd -# Format <username>:<password> -#e.g. -martin:password -</programlisting> - <para> - As the contents of the file are plain text and the password is - taken to be everything to the right of the ':'(colon). The - password, therefore, cannot contain a ':' colon, but this can be - used to delimit the password. - </para><para> - Lines starting with a '#' are treated as comments. - </para> -<!--h3--></section> - - <section role="h3" id="AddNewUsers-Whereisthepasswordfileformybroker-3F"><title> - Where is - the password file for my broker ? - </title> - <para> - The location of the password file in use for your broker is as - configured in your config.xml file. - </para> - <programlisting> -<principal-databases> - <principal-database> - <name>passwordfile</name> - <class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class> - <attributes> - <attribute> - <name>passwordFile</name> - <value>${conf}/passwd</value> - </attribute> - </attributes> - </principal-database> - </principal-databases> -</programlisting> - <para> - So in the example config.xml file this password file lives in the - directory specified as the conf directory (at the top of your - config.xml file). - </para><para> - If you wish to use Base64 encoding for your password file, then - in the <class> element above you should specify - org.apache.qpid.server.security.auth.database.Base64MD5PasswordFilePrincipalDatabase - </para><para> - The default is: - </para> - <programlisting> - <conf>${prefix}/etc</conf> -</programlisting> -<!--h3--></section> - - - <section role="h3" id="AddNewUsers-Base64MD5PasswordFileFormat"><title> - Base64MD5 - Password File Format - </title> - <para> - This format can be used to ensure that SAs cannot read the plain - text password values from your password file on disk. - </para><para> - The Base64MD5 file uses the following format: - </para> - <programlisting> -# Base64MD5 password authentication file -# default name : qpid.passwd -# Format <username>:<Base64 Encoded MD5 hash of the users password> -#e.g. -martin:X03MO1qnZdYdgyfeuILPmQ== -</programlisting> - <para> - As with the Plain format the line is delimited by a ':'(colon). - The password field contains the MD5 Hash of the users password - encoded in Base64. - </para><para> - This file is read on broker start-up and is not re-read. - </para> -<!--h3--></section> - - <section role="h3" id="AddNewUsers-HowcanIupdateaBase64MD5passwordfile-3F"><title> - How can - I update a Base64MD5 password file ? - </title> - <para> - To update the file there are two options: - </para><orderedlist> - <listitem><para>Edit the file by hand using the <emphasis>qpid-passwd</emphasis> tool - that will generate the required lines. The output from the tool - is the text that needs to be copied in to your active password - file. This tool is located in the broker bin directory. - Eventually it is planned for this tool to emulate the - functionality of <xref linkend="qpid_htpasswd"/> - for qpid passwd files. - <emphasis>NOTE:</emphasis> For the changes to be seen by the broker you must - either restart the broker or reload the data with the - management tools (see <xref linkend="Qpid-JMX-Management-Console-User-Guide"/>) - </para></listitem> - <listitem><para>Use the management tools to create a new user. The changes - will be made by the broker to the password file and the new user - will be immediately available to the system (see <xref linkend="Qpid-JMX-Management-Console-User-Guide"/>). - </para></listitem> - </orderedlist> -<!--h3--></section> -<!--h2--></section> - - - <section role="h2" id="AddNewUsers-Dynamicchangestopasswordfiles."><title> - Dynamic - changes to password files. - </title> - <para> - The Plain password file and the Base64MD5 format file are both - only read once on start up. - </para><para> - To make changes dynamically there are two options, both require - administrator access via the Management Console (see <xref linkend="Qpid-JMX-Management-Console-User-Guide"/>) - </para><orderedlist> - <listitem><para>You can replace the file and use the console to reload its - contents. - </para></listitem> - <listitem><para>The management console provides an interface to create, - delete and amend the users. These changes are written back to the - active password file. - </para></listitem> - </orderedlist> -<!--h2--></section> - - <section role="h2" id="AddNewUsers-HowpasswordfilesandPrincipalDatabasesrelatetoauthenticationmechanisms"><title> - How password files and PrincipalDatabases relate to - authentication mechanisms - </title> - <para> - For each type of password file a PrincipalDatabase exists that - parses the contents. These PrincipalDatabases load various SASL - mechanism based on their supportability. e.g. the Base64MD5 file - format can't support Plain authentication as the plain password - is not available. Any client connecting need only be concerned - about the SASL module they support and not the type of - PrincipalDatabase. So I client that understands CRAM-MD5 will - work correctly with a Plain and Base64MD5 PrincipalDatabase. - </para><table> - <title>File Format and Principal Database</title><tgroup cols="2"> - <tbody> - <row> - <entry> - FileFormat/PrincipalDatabase - </entry> - <entry> - SASL - </entry> - </row> - <row> - <entry> - Plain - </entry> - <entry> - AMQPLAIN PLAIN CRAM-MD5 - </entry> - </row> - <row> - <entry> - Base64MD5 - </entry> - <entry> - CRAM-MD5 CRAM-MD5-HASHED - </entry> - </row> - </tbody> - </tgroup></table><para> - For details of SASL support see <xref linkend="qpid_Qpid-Interoperability-Documentation"/> - </para> -<!--h2--></section> - -</section> diff --git a/doc/book/src/java-broker/Broker-Configuration-Guide.xml b/doc/book/src/java-broker/Broker-Configuration-Guide.xml deleted file mode 100644 index 558d17c63c..0000000000 --- a/doc/book/src/java-broker/Broker-Configuration-Guide.xml +++ /dev/null @@ -1,28 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!-- - - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - ---> - -<section id="Java-Broker-Configuration-Guide"> - <title>Broker Configuration Guide </title> - - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Producer-Flow-Control.xml"/> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Topic-Configuration.xml"/> -</section> diff --git a/doc/book/src/java-broker/Configure-Java-Qpid-to-use-a-SSL-connection.xml b/doc/book/src/java-broker/Configure-Java-Qpid-to-use-a-SSL-connection.xml deleted file mode 100644 index 838b899337..0000000000 --- a/doc/book/src/java-broker/Configure-Java-Qpid-to-use-a-SSL-connection.xml +++ /dev/null @@ -1,84 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> - -<!-- - - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - ---> - -<section id="Qpid-Java-SSL"><title> - Configure Java Qpid to use a SSL connection. - </title> - - <section role="h2" id="ConfigureJavaQpidtouseaSSLconnection.-UsingSSLconnectionwithQpidJava."><title> - Using SSL connection with Qpid Java. - </title> - <para> - This section will show how to use SSL to enable secure - connections between a Java client and broker. - </para> -<!--h2--></section> - <section role="h2" id="ConfigureJavaQpidtouseaSSLconnection.-Setup"><title> - Setup - </title> - <section role="h3" id="ConfigureJavaQpidtouseaSSLconnection.-BrokerSetup"><title> - Broker - Setup - </title> - <para> - The broker configuration file (config.xml) needs to be updated to - include the SSL keystore location details. - </para> - -<programlisting> -<!-- Additions required to Connector Section --> - -<ssl> - <enabled>true</enabled> - <sslOnly>true</sslOnly> - <keyStorePath>/path/to/keystore.ks</keyStorePath> - <keyStorePassword>keystorepass</keyStorePassword> -</ssl> -</programlisting> - - <para> - The sslOnly option is included here for completeness however this - will disable the unencrypted port and leave only the SSL port - listening for connections. - </para> -<!--h3--></section> - <section role="h3" id="ConfigureJavaQpidtouseaSSLconnection.-ClientSetup"><title> - Client - Setup - </title> - <para> - The best place to start looking is class - <emphasis>SSLConfiguration</emphasis> this is provided to the connection - during creation however there is currently no example that - demonstrates its use. - </para> -<!--h3--></section> -<!--h2--></section> - - <section role="h2" id="ConfigureJavaQpidtouseaSSLconnection.-Performingtheconnection."><title> - Performing - the connection. - </title> - <para/> - <!--h2--></section> -</section> diff --git a/doc/book/src/java-broker/Configure-Log4j-CompositeRolling-Appender.xml b/doc/book/src/java-broker/Configure-Log4j-CompositeRolling-Appender.xml deleted file mode 100644 index f52bc55399..0000000000 --- a/doc/book/src/java-broker/Configure-Log4j-CompositeRolling-Appender.xml +++ /dev/null @@ -1,150 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> - -<!-- - - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - ---> - -<section id="Qpid-Java-Log4j"><title> - Configure Log4j CompositeRolling Appender - </title> - <section role="h2" id="ConfigureLog4jCompositeRollingAppender-HowtoconfiguretheCompositeRollinglog4jAppender"><title> - How to configure the CompositeRolling log4j Appender - </title> - <para> - There are several sections of our default log4j file that will - need your attention if you wish to fully use this Appender. - </para> - - <orderedlist> - <listitem> - <para>Enable the Appender</para> - <para> - The default log4j.xml file uses the FileAppender, swap this for - the ArchivingFileAppender as follows: - </para> - <programlisting> - <!-- Log all info events to file --> - <root> - <priority value="info"/> - - <appender-ref ref="ArchivingFileAppender"/> - </root> -</programlisting> - </listitem> - <listitem> - <para> - Configure the Appender - </para> - - <para> - The Appender has a number of parameters that can be adjusted - depending on what you are trying to achieve. For clarity lets - take a quick look at the complete default appender: - </para> - <programlisting> - <appender name="ArchivingFileAppender" class="org.apache.log4j.QpidCompositeRollingAppender"> - <!-- Ensure that logs allways have the dateFormat set--> - <param name="StaticLogFileName" value="false"/> - <param name="File" value="${QPID_WORK}/log/${logprefix}qpid${logsuffix}.log"/> - <param name="Append" value="false"/> - <!-- Change the direction so newer files have bigger numbers --> - <!-- So log.1 is written then log.2 etc This prevents a lot of file renames at log rollover --> - <param name="CountDirection" value="1"/> - <!-- Use default 10MB --> - <!--param name="MaxFileSize" value="100000"/--> - <param name="DatePattern" value="'.'yyyy-MM-dd-HH-mm"/> - <!-- Unlimited number of backups --> - <param name="MaxSizeRollBackups" value="-1"/> - <!-- Compress(gzip) the backup files--> - <param name="CompressBackupFiles" value="true"/> - <!-- Compress the backup files using a second thread --> - <param name="CompressAsync" value="true"/> - <!-- Start at zero numbered files--> - <param name="ZeroBased" value="true"/> - <!-- Backup Location --> - <param name="backupFilesToPath" value="${QPID_WORK}/backup/log"/> - - <layout class="org.apache.log4j.PatternLayout"> - <param name="ConversionPattern" value="%d %-5p [%t] %C{2} (%F:%L) - %m%n"/> - </layout> - </appender> -</programlisting> - <para> - The appender configuration has three groups of parameter - configuration. - </para><para> - The first group is for configuration of the file name. The - default is to write a log file to QPID_WORK/log/qpid.log - (Remembering you can use the logprefix and logsuffix values to - modify the file name, see Property Config). - </para> - <programlisting> - <!-- Ensure that logs always have the dateFormat set--> - <param name="StaticLogFileName" value="false"/> - <param name="File" value="${QPID_WORK}/log/${logprefix}qpid${logsuffix}.log"/> - <param name="Append" value="false"/> -</programlisting> - <para> - The second section allows the specification of a Maximum File - Size and a DatePattern that will be used to move on to the next - file. - </para><para> - When MaxFileSize is reached a new log file will be created - The DataPattern is used to decide when to create a new log file, - so here a new file will be created for every minute and every - 10Meg of data. So if 15MB of data is made every minute then there - will be two log files created each minute. One at the start of - the minute and a second when the file hit 10MB. When the next - minute arrives a new file will be made even though it only has - 5MB of content. For a production system it would be expected to - be changed to something like 'yyyy-MM-dd' which would make a new - log file each day and keep the files to a max of 10MB. - </para><para> - The final MaxSizeRollBackups allows you to limit the amount of - disk you are using by only keeping the last n backups. - </para> - <programlisting> - <!-- Change the direction so newer files have bigger numbers --> - <!-- So log.1 is written then log.2 etc This prevents a lot of file renames at log rollover --> - <param name="CountDirection" value="1"/> - <!-- Use default 10MB --> - <!--param name="MaxFileSize" value="100000"/--> - <param name="DatePattern" value="'.'yyyy-MM-dd-HH-mm"/> - <!-- Unlimited number of backups --> - <param name="MaxSizeRollBackups" value="-1"/> -</programlisting> - <para> - The final section allows the old log files to be compressed and - copied to a new location. - </para> - <programlisting> - <!-- Compress(gzip) the backup files--> - <param name="CompressBackupFiles" value="true"/> - <!-- Compress the backup files using a second thread --> - <param name="CompressAsync" value="true"/> - <!-- Start at zero numbered files--> - <param name="ZeroBased" value="true"/> - <!-- Backup Location --> - <param name="backupFilesToPath" value="${QPID_WORK}/backup/log"/> -</programlisting> -</listitem> -</orderedlist> -<!--h2--></section> -</section> diff --git a/doc/book/src/java-broker/Configure-the-Broker-via-config.xml.xml b/doc/book/src/java-broker/Configure-the-Broker-via-config.xml.xml deleted file mode 100644 index 6a7729acd8..0000000000 --- a/doc/book/src/java-broker/Configure-the-Broker-via-config.xml.xml +++ /dev/null @@ -1,71 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> - -<!-- - - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - ---> - -<section id="Qpid-Java-Broker-Config-File"> - <title> - Configure the Broker via config.xml - </title> - <section role="h2" id="ConfiguretheBrokerviaconfig.xml-Brokerconfig.xmlOverview"> - <title> - Broker config.xml Overview - </title> - <para> - The broker config.xml file which is shipped in the etc directory - of any Qpid binary distribution details various options and - configuration for the Java Qpid broker implementation. - </para> - <para> - In tandem with the virtualhosts.xml file, the config.xml file - allows you to control much of the deployment detail for your Qpid - broker in a flexible fashion. - </para> - <para> - Note that you can pass the config.xml you wish to use for your - broker instance to the broker using the -c command line option. - In turn, you can specify the paths for the broker password file - and virtualhosts.xml files in your config.xml for simplicity. - </para> - <para> - For more information about command line configuration options - please see <xref linkend="QpidDesign-Configuration-ConfigurationMethods"/>. - </para> - <!--h2--> - </section> - - <section role="h2" id="ConfiguretheBrokerviaconfig.xml-QpidVersion"> - <title> - Qpid - Version - </title> - <para> - The config format has changed between versions here you can find - the configuration details on a per version basis. - </para> - <para> - <xref linkend="qpid_M2-20--20config.xml"/> - <xref linkend="qpid_M2.1-20--20config.xml"/> - </para> - <!--h2--> - </section> - -</section> diff --git a/doc/book/src/java-broker/Configure-the-Virtual-Hosts-via-virtualhosts.xml.xml b/doc/book/src/java-broker/Configure-the-Virtual-Hosts-via-virtualhosts.xml.xml deleted file mode 100644 index 804970b923..0000000000 --- a/doc/book/src/java-broker/Configure-the-Virtual-Hosts-via-virtualhosts.xml.xml +++ /dev/null @@ -1,131 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> - -<!-- - - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - ---> - -<section id="Qpid-Java-Broker-Virtualhosts-Config"><title> - Configure the Virtual Hosts via virtualhosts.xml - </title><section role="h2" id="ConfiguretheVirtualHostsviavirtualhosts.xml-virtualhosts.xmlOverview"><title> - virtualhosts.xml Overview - </title> - <para> - This configuration file contains details of all queues and - topics, and associated properties, to be created on broker - startup. These details are configured on a per virtual host - basis. - </para><para> - Note that if you do not add details of a queue or topic you - intend to use to this file, you must first create a consumer on a - queue/topic before you can publish to it using Qpid. - </para><para> - Thus most application deployments need a virtualhosts.xml file - with at least some minimal detail. - </para> - - <section role="h3" id="ConfiguretheVirtualHostsviavirtualhosts.xml-XMLFormatwithComments"><title> - XML Format with Comments - </title> - <para> - The virtualhosts.xml which currently ships as part of the Qpid - distribution is really targeted at development use, and supports - various artifacts commonly used by the Qpid development team. - </para><para> - As a result, it is reasonably complex. In the example XML below, - I have tried to simplify one example virtual host setup which is - possibly more useful for new users of Qpid or development teams - looking to simply make use of the Qpid broker in their - deployment. - </para><para> - I have also added some inline comments on each section, which - should give some extra information on the purpose of the various - elements. - </para> - - - - <programlisting> -<virtualhosts> - <!-- Sets the default virtual host for connections which do not specify a vh --> - <default>localhost</default> - <!-- Define a virtual host and all it's config --> - <virtualhost> - <name>localhost</name> - <localhost> - <!-- Define the types of additional AMQP exchange available for this vh --> - <!-- Always get amq.direct (for queues) and amq.topic (for topics) by default --> - <exchanges> - <!-- Example of declaring an additional exchanges type for developer use only --> - <exchange> - <type>direct</type> - <name>test.direct</name> - <durable>true</durable> - </exchange> - </exchanges> - - <!-- Define the set of queues to be created at broker startup --> - <queues> - <!-- The properties configured here will be applied as defaults to all --> - <!-- queues subsequently defined unless explicitly overridden --> - <exchange>amq.direct</exchange> - <!-- Set threshold values for queue monitor alerting to log --> - <maximumQueueDepth>4235264</maximumQueueDepth> <!-- 4Mb --> - <maximumMessageSize>2117632</maximumMessageSize> <!-- 2Mb --> - <maximumMessageAge>600000</maximumMessageAge> <!-- 10 mins --> - - <!-- Define a queue with all default settings --> - <queue> - <name>ping</name> - </queue> - <!-- Example definitions of queues with overriden settings --> - <queue> - <name>test-queue</name> - <test-queue> - <exchange>test.direct</exchange> - <durable>true</durable> - </test-queue> - </queue> - <queue> - <name>test-ping</name> - <test-ping> - <exchange>test.direct</exchange> - </test-ping> - </queue> - </queues> - </localhost> - </virtualhost> -</virtualhosts> -</programlisting> -<!--h3--></section> - <section role="h3" id="ConfiguretheVirtualHostsviavirtualhosts.xml-Usingyourownvirtualhosts.xml"><title> - Using your own virtualhosts.xml - </title> - - <para> - Note that the config.xml file shipped as an example (or developer - default) in the Qpid distribution contains an element which - defines the path to the virtualhosts.xml. - </para><para> - When using your own virtualhosts.xml you must edit this path to - point at the location of your file. - </para> -<!--h3--></section> -<!--h2--></section> -</section> diff --git a/doc/book/src/java-broker/Configuring-Management-Users.xml b/doc/book/src/java-broker/Configuring-Management-Users.xml deleted file mode 100644 index a2a8d46d88..0000000000 --- a/doc/book/src/java-broker/Configuring-Management-Users.xml +++ /dev/null @@ -1,117 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> - -<!-- - - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - ---> - -<section><title> - Configuring Management Users - </title><para> - The Qpid Java broker has a single source of users for the system. - So a user can connect to the broker to send messages and via the - JMX console to check the state of the broker. - </para><para> - - </para> - - <section role="h2" id="ConfiguringManagementUsers-Addinganewmanagementuser"><title> - Adding - a new management user - </title> - <para> - The broker does have some minimal configuration available to - limit which users can connect to the JMX console and what they - can do when they are there. - </para><para> - There are two steps required to add a new user with rights for - the JMX console. - </para><orderedlist> - <listitem><para>Create a new user login, see HowTo:<xref linkend="qpid_Add-New-Users"/> - </para></listitem> - <listitem><para>Grant the new user permission to the JMX Console - </para></listitem> - </orderedlist> - - <section role="h3" id="ConfiguringManagementUsers-GrantingJMXConsolePermissions"><title> - Granting - JMX Console Permissions - </title> - <para> - By default new users do not have access to the JMX console. The - access to the console is controlled via the file - <emphasis>jmxremote.access</emphasis>. - </para><para> - This file contains a mapping from user to privilege. - </para><para> - There are three privileges available: - </para><orderedlist> - <listitem><para>readonly - The user is able to log in and view queues but not - make any changes. - </para></listitem> - <listitem><para>readwrite - Grants user ability to read and write queue - attributes such as alerting values. - </para></listitem> - <listitem><para>admin - Grants the user full access including ability to edit - Users and JMX Permissions in addition to readwrite access. - </para></listitem> - </orderedlist><para> - This file is read at start up and can forcibly be reloaded by an - admin user through the management console. - </para> -<!--h3--></section> - - <section role="h3" id="ConfiguringManagementUsers-AccessFileFormat"><title> - Access - File Format - </title> - <para> - The file is a standard Java properties file and has the following - format - </para> - <programlisting> -<username>=<privilege> -</programlisting> - <para> - If the username value is not a valid user (list in the specified - PrincipalDatabase) then the broker will print a warning when it - reads the file as that entry will have no meaning. - </para><para> - Only when the the username exists in both the access file and the - PrincipalDatabase password file will the user be able to login - via the JMX Console. - </para><section role="h4" id="ConfiguringManagementUsers-ExampleFile"><title> - Example File - </title> - <para> - The file will be timestamped by the management console if edited - through the console. - </para> - <programlisting> -#Generated by JMX Console : Last edited by user:admin -#Tue Jun 12 16:46:39 BST 2007 -admin=admin -guest=readonly -user=readwrite -</programlisting> - -<!--h4--></section> -<!--h3--></section> -<!--h2--></section> -</section> diff --git a/doc/book/src/java-broker/Configuring-Qpid-JMX-Management-Console.xml b/doc/book/src/java-broker/Configuring-Qpid-JMX-Management-Console.xml deleted file mode 100644 index 72e4ba8969..0000000000 --- a/doc/book/src/java-broker/Configuring-Qpid-JMX-Management-Console.xml +++ /dev/null @@ -1,181 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> - -<!-- - - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - ---> - -<section><title> - Configuring Qpid JMX Management Console - </title><section role="h2" id="ConfiguringQpidJMXManagementConsole-ConfiguringQpidJMXManagementConsole"><title> - Configuring Qpid JMX Management Console - </title> - - <para> - Qpid has a JMX management interface that exposes a number of - components of the running broker. - You can find out more about the features exposed by the JMX - interfaces <xref linkend="qpid_Qpid-Management-Features"/>. - </para><para> - - </para> - - <section role="h3" id="ConfiguringQpidJMXManagementConsole-InstallingtheQpidJMXManagementConsole"><title> - Installing the Qpid JMX Management Console - </title> - - <orderedlist> - <listitem><para>Unzip the archive to a suitable location.</para> - - <note><title>SSL encrypted connections</title> - <para> - Recent versions of the broker can make use of SSL to - encrypt their RMI based JMX connections. If a broker - being connected to is making use of this ability then - additional console configuration may be required, - particularly when using self-signed certificates. See - <xref linkend="qpid_Management-Console-Security"/> for details. - </para> - </note> - </listitem> - </orderedlist> - - <note> - <title>JMXMP based connections</title> - <para> - In previous releases of Qpid (M4 and below) the broker - JMX connections could make use of the JMXMPConnector for - additional security over its default RMI based JMX - configuration. This is no longer the case, with SSL - encrypted RMI being the favored approach going forward. - However, if you wish to connect to an older broker using - JMXMP the console will support this so long as the - <emphasis>jmxremote_optional.jar</emphasis> file is provided to it. - For details see <xref linkend="qpid_Management-Console-Security"/>. - </para> - </note> -<!--h3--></section> - - - <section role="h3" id="ConfiguringQpidJMXManagementConsole-RunningtheQpidJMXManagementConsole"><title> - Running the Qpid JMX Management Console - </title> - - <para> - The console can be started in the following way, depending on - platform: - </para><itemizedlist> - <listitem><para>Windows: by running the 'qpidmc.exe' executable file. - </para></listitem> - </itemizedlist><itemizedlist> - <listitem><para>Linux: by running the 'qpidmc' executable. - </para></listitem> - </itemizedlist><itemizedlist> - <listitem><para>Mac OS X: by launching the consoles application bundle (.app - file). - </para></listitem> - </itemizedlist> -<!--h3--></section> - - - <section role="h3" id="ConfiguringQpidJMXManagementConsole-UsingtheQpidJMXManagementConsole"><title> - Using the Qpid JMX Management Console - </title> - - <para> - Please see <xref linkend="Qpid-JMX-Management-Console-User-Guide"/> for details on using this Eclipse RCP - application. - </para> - -<!--h3--></section> -<!--h2--></section> - - <section role="h2" id="ConfiguringQpidJMXManagementConsole-UsingJConsole"><title> - Using - JConsole - </title> - - <para> - See <xref linkend="qpid_JConsole"/> - </para> -<!--h2--></section> - - - <section role="h2" id="ConfiguringQpidJMXManagementConsole-UsingHermesJMS"><title> - Using - HermesJMS - </title> - - <para> - HermesJMS also offers integration with the Qpid management - interfaces. You can get instructions and more information from - <ulink url="http://cwiki.apache.org/confluence/display/qpid/HermesJMS">HermesJMS</ulink>. - </para> -<!--h2--></section> - - <section role="h2" id="ConfiguringQpidJMXManagementConsole-UsingMC4J"><title> - Using - MC4J - </title> - - <para> - <ulink url="qpid_www.mc4j.org">MC4J</ulink> is an alternative - management tool. It provide a richer "dashboard" that can - customise the raw MBeans. - </para> - <section role="h4" id="ConfiguringQpidJMXManagementConsole-Installation"><title> - Installation - </title> - - <itemizedlist> - <listitem><para>First download and install MC4J for your platform. Version - 1.2 beta 9 is the latest version that has been tested. - </para></listitem> - <listitem><para>Copy the directory blaze/java/management/mc4j into - the directory <MC4J-Installation>/dashboards - </para></listitem> - </itemizedlist> -<!--h4--></section> - - <section role="h4" id="ConfiguringQpidJMXManagementConsole-Configuration"><title> - Configuration - </title> - - <para> - You should create a connection the JVM to be managed. Using the - Management->Create Server Connection menu option. The - connection URL should be of the form: - service:jmx:rmi:///jndi/rmi://localhost:8999/jmxrmi - making the appropriate host and post changes. - </para> -<!--h4--></section> - - <section role="h4" id="ConfiguringQpidJMXManagementConsole-Operation"><title> - Operation - </title> - - <para> - You can view tabular summaries of the queues, exchanges and - connections using the Global Dashboards->QPID tree view. To - drill down on individual beans you can right click on the bean. - This will show any available graphs too. - </para> -<!--h4--></section> -<!--h2--></section> -</section> diff --git a/doc/book/src/java-broker/Debug-using-log4j.xml b/doc/book/src/java-broker/Debug-using-log4j.xml deleted file mode 100644 index 615fd9e560..0000000000 --- a/doc/book/src/java-broker/Debug-using-log4j.xml +++ /dev/null @@ -1,298 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> - -<!-- - - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - ---> - -<section id="Java-Broker-Debug-Logging"><title> - Debug using log4j - </title> - - <section role="h2" id="Debugusinglog4j-Debuggingwithlog4jconfigurations"><title> - Debugging - with log4j configurations - </title> - <para> - Unfortunately setting of logging in the Java Broker is not simply - a matter of setting one of WARN,INFO,DEBUG. At some point in the - future we may have more BAU logging that falls in to that - category but more likely is that we will have a varioius config - files that can be swapped in (dynamically) to understand what is - going on. - </para><para> - This page will be host to a variety of useful configuration - setups that will allow a user or developer to extract only the - information they are interested in logging. Each section will be - targeted at logging in a particular area and will include a full - log4j file that can be used. In addition the logging - <emphasis>category</emphasis> elements will be presented and discussed so - that the user can create their own file. - </para><para> - Currently the configuration that is available has not been fully - documented and as such there are gaps in what is desired and what - is available. Some times this is due to the desire to reduce the - overhead in message processing, but sometimes it is simply an - oversight. Hopefully in future releases the latter will be - addressed but care needs to be taken when adding logging to the - 'Message Flow' path as this will have performance implications. - </para> - - <section role="h3" id="Debugusinglog4j-LoggingConnectionState-5CDeprecated-5C"><title> - Logging - Connection State *Deprecated* - </title> - <para> - <emphasis>deprecation notice</emphasis> Version 0.6 of the Java broker includes - <xref linkend="qpid_Configure-Operational-Status-Logging"/> functionality which improves upon these messages and - as such enabling status logging would be more beneficial. - The configuration file has been left here for assistence with - broker versions prior to 0.6. - </para><para> - The goals of this configuration are to record: - </para><itemizedlist> - <listitem><para>New Connections - </para></listitem> - <listitem><para>New Consumers - </para></listitem> - <listitem><para>Identify slow consumers - </para></listitem> - <listitem><para>Closing of Consumers - </para></listitem> - <listitem><para>Closing of Connections - </para></listitem> - </itemizedlist><para> - An additional goal of this configuration is to minimise any - impact to the 'message flow' path. So it should not adversely - affect production systems. - </para> -<programlisting> -<![CDATA[ -<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/"> - <appender name="FileAppender" class="org.apache.log4j.FileAppender"> - <param name="File" value="${QPID_WORK}/log/${logprefix}qpid${logsuffix}.log"/> - <param name="Append" value="false"/> - - <layout class="org.apache.log4j.PatternLayout"> - <param name="ConversionPattern" value="%d %-5p [%t] %C{2} (%F:%L) - %m%n"/> - </layout> - - </appender> - - <appender name="STDOUT" class="org.apache.log4j.ConsoleAppender"> - - <layout class="org.apache.log4j.PatternLayout"> - <param name="ConversionPattern" value="%d %-5p [%t] %C{2} (%F:%L) - %m%n"/> - </layout> - </appender> - - <category name="Qpid.Broker"> - - <priority value="debug"/> - </category> - - - <!-- Provide warnings to standard output --> - <category name="org.apache.qpid"> - <priority value="warn"/> - </category> - - - <!-- Connection Logging --> - - <!-- Log details of client starting connection --> - <category name="org.apache.qpid.server.handler.ConnectionStartOkMethodHandler"> - <priority value="info"/> - </category> - <!-- Log details of client closing connection --> - <category name="org.apache.qpid.server.handler.ConnectionCloseMethodHandler"> - <priority value="info"/> - </category> - <!-- Log details of client responding to be asked to closing connection --> - - <category name="org.apache.qpid.server.handler.ConnectionCloseOkMethodHandler"> - <priority value="info"/> - </category> - - - <!-- Consumer Logging --> - <!-- Provide details of Consumers connecting--> - <category name="org.apache.qpid.server.handler.BasicConsumeMethodHandler"> - <priority value="debug"/> - </category> - - <!-- Provide details of Consumers disconnecting, if the call it--> - <category name="org.apache.qpid.server.handler.BasicCancelMethodHandler"> - <priority value="debug"/> - </category> - <!-- Provide details of when a channel closes to attempt to match to the Consume as a Cancel is not always issued--> - <category name="org.apache.qpid.server.handler.ChannelCloseHandler"> - <priority value="info"/> - </category> - - <!-- Provide details of Consumers starting to consume--> - <category name="org.apache.qpid.server.handler.ChannelFlowHandler"> - <priority value="debug"/> - </category> - <!-- Provide details of what consumers are going to be consuming--> - <category name="org.apache.qpid.server.handler.QueueBindHandler"> - <priority value="info"/> - </category> - - <!-- No way of determining if publish message is returned, client log should show it.--> - - <root> - <priority value="debug"/> - <appender-ref ref="STDOUT"/> - <appender-ref ref="FileAppender"/> - </root> - -</log4j:configuration> -]]> -</programlisting> - <!--h3--></section> - - <section role="h3" id="Debugusinglog4j-DebuggingMyApplication"><title> - Debugging My - Application - </title> - <para> - This is the most often asked for set of configuration. The goals - of this configuration are to record: - </para><itemizedlist> - <listitem><para>New Connections - </para></listitem> - <listitem><para>New Consumers - </para></listitem> - <listitem><para>Message Publications - </para></listitem> - <listitem><para>Message Consumption - </para></listitem> - <listitem><para>Identify slow consumers - </para></listitem> - <listitem><para>Closing of Consumers - </para></listitem> - <listitem><para>Closing of Connections - </para></listitem> - </itemizedlist><para> - NOTE: This configuration enables message logging on the 'message - flow' path so should only be used were message volume is - low. - <emphasis>Every message that is sent to the broker will generate at - least four logging statements</emphasis> - </para> -<programlisting> -<![CDATA[ -<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/"> - <appender name="FileAppender" class="org.apache.log4j.FileAppender"> - <param name="File" value="${QPID_WORK}/log/${logprefix}qpid${logsuffix}.log"/> - <param name="Append" value="false"/> - - <layout class="org.apache.log4j.PatternLayout"> - <param name="ConversionPattern" value="%d %-5p [%t] %C{2} (%F:%L) - %m%n"/> - </layout> - - </appender> - - <appender name="STDOUT" class="org.apache.log4j.ConsoleAppender"> - - <layout class="org.apache.log4j.PatternLayout"> - <param name="ConversionPattern" value="%d %-5p [%t] %C{2} (%F:%L) - %m%n"/> - </layout> - </appender> - - <category name="Qpid.Broker"> - - <priority value="debug"/> - </category> - - - <!-- Provide warnings to standard output --> - <category name="org.apache.qpid"> - <priority value="warn"/> - </category> - - - <!-- Connection Logging --> - - <!-- Log details of client starting connection --> - <category name="org.apache.qpid.server.handler.ConnectionStartOkMethodHandler"> - <priority value="info"/> - </category> - <!-- Log details of client closing connection --> - <category name="org.apache.qpid.server.handler.ConnectionCloseMethodHandler"> - <priority value="info"/> - </category> - <!-- Log details of client responding to be asked to closing connection --> - - <category name="org.apache.qpid.server.handler.ConnectionCloseOkMethodHandler"> - <priority value="info"/> - </category> - - <!-- Consumer Logging --> - <!-- Provide details of Consumers connecting--> - <category name="org.apache.qpid.server.handler.BasicConsumeMethodHandler"> - <priority value="debug"/> - </category> - - <!-- Provide details of Consumers disconnecting, if the call it--> - <category name="org.apache.qpid.server.handler.BasicCancelMethodHandler"> - <priority value="debug"/> - </category> - <!-- Provide details of when a channel closes to attempt to match to the Consume as a Cancel is not always issued--> - <category name="org.apache.qpid.server.handler.ChannelCloseHandler"> - <priority value="info"/> - </category> - - <!-- Provide details of Consumers starting to consume--> - <category name="org.apache.qpid.server.handler.ChannelFlowHandler"> - <priority value="debug"/> - </category> - <!-- Provide details of what consumers are going to be consuming--> - <category name="org.apache.qpid.server.handler.QueueBindHandler"> - <priority value="info"/> - </category> - - <!-- No way of determining if publish message is returned, client log should show it.--> - - <!-- WARNING DO NOT ENABLE THIS IN PRODUCTION --> - <!-- Will generate minimum one log statements per published message --> - <!-- Will generate will log receiving of all body frame, count will vary on size of message.--> - <!-- Empty Message = no body, Body is up to 64kb of data --> - <!-- Will generate three log statements per recevied message --> - - <!-- Log messages flow--> - <category name="org.apache.qpid.server.AMQChannel"> - - <priority value="debug"/> - </category> - - <root> - <priority value="debug"/> - <appender-ref ref="STDOUT"/> - <appender-ref ref="FileAppender"/> - </root> - -</log4j:configuration> -]]> -</programlisting> - -<!--h3--></section> -<!--h2--></section> -</section> diff --git a/doc/book/src/java-broker/How-to-Tune-M3-Java-Broker-Performance.xml b/doc/book/src/java-broker/How-to-Tune-M3-Java-Broker-Performance.xml deleted file mode 100644 index f7fffbaceb..0000000000 --- a/doc/book/src/java-broker/How-to-Tune-M3-Java-Broker-Performance.xml +++ /dev/null @@ -1,172 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> - -<!-- - - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - ---> -<section id="How-to-Tune-M3-Java-Broker-Performance"> - <title> - How to Tune M3 Java Broker Performance - </title> - <section role="h3" id="HowtoTuneM3JavaBrokerPerformance-ProblemStatement"> - <title> - Problem - Statement - </title> - <para> - During destructive testing of the Qpid M3 Java Broker, we tested - some tuning techniques and deployment changes to improve the Qpid - M3 Java Broker's capacity to maintain high levels of throughput, - particularly in the case of a slower consumer than produceer - (i.e. a growing backlog). - </para> - <para> - The focus of this page is to detail the results of tuning & - deployment changes trialled. - </para> - <para> - The successful tuning changes are applicable for any deployment - expecting to see bursts of high volume throughput (1000s of - persistent messages in large batches). Any user wishing to use - these options <emphasis>must test them thoroughly in their own - environment with representative volumes</emphasis>. - </para> - <!--h3--> - </section> - - <section role="h3" id="HowtoTuneM3JavaBrokerPerformance-SuccessfulTuningOptions"> - <title> - Successful - Tuning Options - </title> - <para> - The key scenario being taregetted by these changes is a broker - under heavy load (processing a large batch of persistent - messages)can be seen to perform slowly when filling up with an - influx of high volume transient messages which are queued behind - the persistent backlog. However, the changes suggested will be - equally applicable to general heavy load scenarios. - </para> - <para> - The easiest way to address this is to separate streams of - messages. Thus allowing the separate streams of messages to be - processed, and preventing a backlog behind a particular slow - consumer. - </para> - <para> - These strategies have been successfully tested to mitigate this - problem: - </para> - <table> - <title/> - <tgroup cols="2"> - <tbody> - <row> - <entry> - Strategy - </entry> - <entry> - Result - </entry> - </row> - <row> - <entry> - Seperate connections to one broker for separate streams of - messages. - </entry> - <entry> - Messages processed successfully, no problems experienced - </entry> - </row> - <row> - <entry> - Seperate brokers for transient and persistent messages. - </entry> - <entry> - Messages processed successfully, no problems experienced - </entry> - </row> - </tbody> - </tgroup> - </table> - <para> - <emphasis>Separate Connections</emphasis> - Using separate connections effectively means that the two streams - of data are not being processed via the same buffer, and thus the - broker gets & processes the transient messages while - processing the persistent messages. Thus any build up of - unprocessed data is minimal and transitory. - </para> - <para> - <emphasis>Separate Brokers</emphasis> - Using separate brokers may mean more work in terms of client - connection details being changed, and from an operational - perspective. However, it is certainly the most clear cut way of - isolating the two streams of messages and the heaps impacted. - </para> - <section role="h4" id="HowtoTuneM3JavaBrokerPerformance-Additionaltuning"> - <title> - Additional - tuning - </title> - <para> - It is worth testing if changing the size of the Qpid read/write - thread pool improves performance (eg. by setting - JAVA_OPTS="-Damqj.read_write_pool_size=32" before running - qpid-server). By default this is equal to the number of CPU - cores, but a higher number may show better performance with some - work loads. - </para> - <para> - It is also important to note that you should give the Qpid broker - plenty of memory - for any serious application at least a -Xmx of - 3Gb. If you are deploying on a 64 bit platform, a larger heap is - definitely worth testing with. We will be testing tuning options - around a larger heap shortly. - </para> - <!--h4--> - </section> - <!--h3--> - </section> - - <section role="h3" id="HowtoTuneM3JavaBrokerPerformance-NextSteps"> - <title> - Next - Steps - </title> - <para> - These two options have been testing using a Qpid test case, and - demonstrated that for a test case with a profile of persistent - heavy load following by constant transient high load traffic they - provide significant improvment. - </para> - <para> - However, the deploying project <emphasis>must</emphasis> complete their own - testing, using the same destructive test cases, representative - message paradigms & volumes, in order to verify the proposed - mitigation options. - </para> - <para> - The using programme should then choose the option most applicable - for their deployment and perform BAU testing before any - implementation into a production or pilot environment. - </para> - <!--h3--> - </section> -</section> diff --git a/doc/book/src/java-broker/How-to-Use-SlowConsumerDisconnect.xml b/doc/book/src/java-broker/How-to-Use-SlowConsumerDisconnect.xml deleted file mode 100644 index 4e0ce0f7e0..0000000000 --- a/doc/book/src/java-broker/How-to-Use-SlowConsumerDisconnect.xml +++ /dev/null @@ -1,280 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> -<!-- - - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - ---> -<section id="Java-Broker-Slow-Consumer-Disconnect"> - <title>Slow Consumer Disconnect - User Guide</title> - - <section> -<title>Introduction</title> - <para>Slow Consumer Disconnect (SCD) is a new feature in Qpid that provides a configurable - mechanism to prevent a single slow consumer from causing a back up of unconsumed messages on - the broker. </para> - - <para>This is most relevant where Topics are in use, since a published message is not removed - from the broker's memory until all subscribers have acknowledged that message. </para> - - <para>Cases where a consumer is 'slow' can arise due to one of the following: poor network - connectivity exists; a transient system issue affects a single client; a single subscriber - written by a client team is behaving incorrectly and not acknowledging messages; a - downstream resource such as a database is non-responsive. </para> - - <para>SCD will enable the application owner to configure limits for a given consumer's queue and - the behaviour to execute when those limits are reached. </para> - - </section> - - <section> -<title>What can it do?</title> - <para>SCD is only applicable to topics or durable subscriptions and can be configured on either - a topic or a subscription name. </para> - - <para>On triggering of a specified threshold the offending client will be disconnected from the - broker with a 506 error code wrapped in a JMSException returned to the client via the - ExceptionListener registered on the Connection object. </para> - - <para>Note that it is essential that an ExceptionListener be specified by the client on - creation of the connection and that exceptions coming back on that listener are handled - correctly. </para> - - </section> - - <section> -<title>Frequency of SCD Checking</title> - <section> -<title><emphasis role='bold'>Configuring Frequency</emphasis></title> - <para>You can configure the frequency with which the SCD process will check for slow consumers, - along with the unit of time used to specify that frequency. </para> - - <para>The <emphasis role="italic">virtualhosts.virtualhost.hostname.slow-consumer-detection</emphasis> - elements <emphasis role="italic">delay</emphasis> and <emphasis role="italic">timeunit</emphasis> - are used to specify the frequency and timeunit respectively in the virtualhosts.xml - file e.g. </para> - -<programlisting> -<virtualhosts> - <default>test</default> - <virtualhost> - <name>test</name> - <test> - <slow-consumer-detection> - <delay>60<delay/> - <timeunit>seconds<timeunit/> - <slow-consumer-detection/> - </test> - </virtualhost> -</virtualhosts> -</programlisting> - - </section> - - <section> -<title><emphasis role='bold'>SCD Log output</emphasis></title> - <para>When the SCD component finds a queue with a configured threshold to check, the operational - logging component (if enabled) will output the following line:</para> - - <programlisting> - SCD-1003 : Checking Status of Queue - </programlisting> - - </section> - - </section> - - <section> -<title>Client Exception<emphasis role='bold'>s</emphasis></title> - <para>When a Slow Consumer is disconnected, the client receives a 506 error from the broker - wrapped in a JMSException and the Session and Connection are closed:</para> - -<programlisting> -Dispatcher-Channel-1 2010-09-01 16:23:34,206 INFO [qpid.client.AMQSession.Dispatcher] - Dispatcher-Channel-1 thread terminating for channel 1:org.apache.qpid.client.AMQSession_0_8@1de8aa8 -pool-2-thread-3 2010-09-01 16:23:34,238 INFO [apache.qpid.client.AMQConnection] Closing AMQConnection due to - :org.apache.qpid.AMQChannelClosedException: Error: Consuming to slow. [error code 506: resource error] -javax.jms.JMSException: 506 -at org.apache.qpid.client.AMQConnection.exceptionReceived(AMQConnection.java:1396) -at org.apache.qpid.client.protocol.AMQProtocolHandler.exception(AMQProtocolHandler.java:329) -at org.apache.qpid.client.protocol.AMQProtocolHandler.methodBodyReceived(AMQProtocolHandler.java:536) -at org.apache.qpid.client.protocol.AMQProtocolSession.methodFrameReceived(AMQProtocolSession.java:453) -at org.apache.qpid.framing.AMQMethodBodyImpl.handle(AMQMethodBodyImpl.java:93) -at org.apache.qpid.client.protocol.AMQProtocolHandler$1.run(AMQProtocolHandler.java:462) -at org.apache.qpid.pool.Job.processAll(Job.java:110) -at org.apache.qpid.pool.Job.run(Job.java:149) -at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885) -at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907) -at java.lang.Thread.run(Thread.java:619) -Caused by: org.apache.qpid.AMQChannelClosedException: Error: Consuming to slow. [error code 506: resource error] -at org.apache.qpid.client.handler.ChannelCloseMethodHandler.methodReceived(ChannelCloseMethodHandler.java:96) -at org.apache.qpid.client.handler.ClientMethodDispatcherImpl.dispatchChannelClose(ClientMethodDispatcherImpl.java:163) -at org.apache.qpid.framing.amqp_8_0.ChannelCloseBodyImpl.execute(ChannelCloseBodyImpl.java:140) -at org.apache.qpid.client.state.AMQStateManager.methodReceived(AMQStateManager.java:112) -at org.apache.qpid.client.protocol.AMQProtocolHandler.methodBodyReceived(AMQProtocolHandler.java:511) -... 8 more -main 2010-09-01 16:23:34,316 INFO [apache.qpid.client.AMQSession] Closing session: - org.apache.qpid.client.AMQSession_0_8@ffeef1 -</programlisting> - - </section> - - <section> -<title>Disconnection Thresholds</title> - <section> -<title>Topic Subscriptions</title> - <para>One key feature of SCD is the disconnection of a consuming client when a specified - threshold is exceeded. For a pub-sub model using topics, this means that messages will no - longer be delivered to the private queue which was associated with that consuming client, - thus reducing any associated backlog in the broker. </para> - - </section> - - <section> -<title>Durable Topic Subscriptions</title> - <para>For durable subscriptions, simply disconnecting the consuming client will not suffice - since the associated queue is by definition durable and messages would continue to flow to - it after disconnection, potentially worsening any backing up of data on the broker. </para> - - <para>The solution is to configure durable subscriptions to delete the underlying queue on - disconnection. This means that messages will no longer be delivered to the private queue - associated with the subscription, thus preventing any backlog. </para> - - <para>Full details of how to configure the thresholds are provided below. </para> - - </section> - - <section> -<title>Message Age Threshold</title> - <para>You can configure SCD to be triggered on a topic or subscription when the oldest message - in the associated private queue for the consumer ages beyond the specified value, in - milliseconds. </para> - - </section> - - <section> -<title>Queue Depth Threshold</title> - <para>You can opt to use the depth of the queue in bytes as a threshold. SCD will be triggered - by a queue depth greater than the threshold specified i.e. when a broker receives a - message that takes the queue depth over the threshold. </para> - - </section> - - <section> -<title>Message Count Threshold</title> - <para>You can use the message count for the consumer's queue as the trigger, where a count - higher than that specified will trigger disconnection. </para> - - </section> - - <section> -<title><emphasis role='bold'>Delete Policy</emphasis></title> - <para>You can configure the policy you wish to apply in your broker configuration. There are - currently 2 policies available: </para> - - <para> -<emphasis role='bold'>Delete Temporary Queues Only</emphasis> - </para> - - <para>If you do not specify a <topicDelete/> element in your configuration, then only temporary - queues associated with a topic subscription will be deleted on client disconnect. This is - the default behaviour. </para> - <para/> - - <para> -<emphasis role='bold'>Delete Durable Subscription Queues</emphasis> - </para> - - <para>If you add the <topicDelete/> element with the sub-element - <delete-persistent/> to your config, then the persistent queue which is associated - with durable subscriptions to a topic will also be deleted. This is an important - consideration since without deleting the underlying queue the client's unconsumed data - will grow indefinitely while they will be unable to reconnect to that queue due to the SCD - threshold configured, potentially having an adverse effect on the application or broker in - use.</para> - <para/> - - <para><emphasis role="bold"> Example Topic Configuration </emphasis></para> - - <para/> - - <para> -The following steps are required to configure SCD: - </para> - -<itemizedlist> - <listitem> - <para>Enable SCD checking for your virtual host</para> - </listitem> - <listitem> - <para>Specify frequency for SCD checking</para> - </listitem> - <listitem> - <para>Define thresholds for the topic</para> - </listitem> - <listitem> - <para>Define the policy to apply on trigger </para> - </listitem> -</itemizedlist> - - <para>The example below shows a simple definition, with all three thresholds specified and a - simple disconnection, with deletion of any temporary queue, defined. </para> - - <para>For a durable subscription to this topic, no queue deletion would be applied on disconnect - - which is likely to be undesirable (see section above). </para> - -<programlisting> -<topics> - <topic> - <name>stocks.us.*</name> - <slow-consumer-detection> - <!-- The maximum depth before which --> - <!-- the policy will be applied--> - <depth>4235264</depth> - <!-- The maximum message age before which --> - <!-- the policy will be applied--> - <messageAge>600000</messageAge> - <!-- The maximum number of message before --> - <!-- which the policy will be applied--> - <messageCount>50</messageCount> - <!-- Policy Selection --> - <policy name="TopicDelete"/> - </slow-consumer-detection> - </topic> -</topics> -</programlisting> - - </section> - - </section> - - <section> -<title>Important Points To Note</title> - <para> Client application developers should be educated about how to correctly handle being - disconnected with a 506 error code, to avoid them getting into a thrashing state where they - continually attempt to connect, fail to consume fast enough and are disconnected again. </para> - - <para>Clients affected by slow consumer disconnect configuration should always use transactions - where duplicate processing of an incoming message would have adverse affects, since they may - receive a message more than once if disconnected before acknowledging a message in flight. </para> - - </section> - - </section> - diff --git a/doc/book/src/java-broker/Java-Broker-Concepts-Authentication-Providers.xml b/doc/book/src/java-broker/Java-Broker-Concepts-Authentication-Providers.xml new file mode 100644 index 0000000000..3a2825826b --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Concepts-Authentication-Providers.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<section id="Java-Broker-Concepts-Authentication-Providers"> +<title>Authentication Providers</title> + +</section> diff --git a/doc/book/src/java-broker/Java-Broker-Concepts-Exchanges.xml b/doc/book/src/java-broker/Java-Broker-Concepts-Exchanges.xml new file mode 100644 index 0000000000..af14b46a69 --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Concepts-Exchanges.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<section id="Java-Broker-Concepts-Exchanges"> +<title>Exchanges</title> + +</section> diff --git a/doc/book/src/java-broker/Java-Broker-Concepts-Other-Services.xml b/doc/book/src/java-broker/Java-Broker-Concepts-Other-Services.xml new file mode 100644 index 0000000000..bb694d81da --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Concepts-Other-Services.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<section id="Java-Broker-Concepts-Other-Services"> +<title>Other Services</title> + +</section> diff --git a/doc/book/src/java-broker/Java-Broker-Concepts-Ports.xml b/doc/book/src/java-broker/Java-Broker-Concepts-Ports.xml new file mode 100644 index 0000000000..afbb612bc4 --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Concepts-Ports.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<section id="Java-Broker-Concepts-Ports"> +<title>Ports</title> + +</section> diff --git a/doc/book/src/java-broker/Java-Broker-Concepts-Protocols.xml b/doc/book/src/java-broker/Java-Broker-Concepts-Protocols.xml new file mode 100644 index 0000000000..45a62ce5ab --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Concepts-Protocols.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<section id="Java-Broker-Concepts-Protocols"> +<title>Protocols</title> + +</section> diff --git a/doc/book/src/java-broker/Java-Broker-Concepts-Queues.xml b/doc/book/src/java-broker/Java-Broker-Concepts-Queues.xml new file mode 100644 index 0000000000..a4b0995a7e --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Concepts-Queues.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<section id="Java-Broker-Concepts-Queues"> +<title>Queues</title> + +</section> diff --git a/doc/book/src/java-broker/Java-Broker-Concepts-Virtual-Hosts.xml b/doc/book/src/java-broker/Java-Broker-Concepts-Virtual-Hosts.xml new file mode 100644 index 0000000000..c12a543140 --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Concepts-Virtual-Hosts.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<section id="Java-Broker-Concepts-Virtual-Hosts"> +<title>Virtual Hosts</title> + +</section> diff --git a/doc/book/src/java-broker/Java-Broker-Concepts.xml b/doc/book/src/java-broker/Java-Broker-Concepts.xml new file mode 100644 index 0000000000..013308fb8f --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Concepts.xml @@ -0,0 +1,32 @@ +<?xml version="1.0"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<chapter id="Java-Broker-Concepts"> + <title>Concepts</title> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Concepts-Virtual-Hosts.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Concepts-Exchanges.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Concepts-Queues.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Concepts-Ports.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Concepts-Protocols.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Concepts-Authentication-Providers.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Concepts-Other-Services.xml"/> +</chapter> diff --git a/doc/book/src/java-broker/Java-Broker-Configuring-And-Managing-Config-Files.xml b/doc/book/src/java-broker/Java-Broker-Configuring-And-Managing-Config-Files.xml new file mode 100644 index 0000000000..66d471fb37 --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Configuring-And-Managing-Config-Files.xml @@ -0,0 +1,178 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<section id="Java-Broker-Configuring-And-Managing-Config-Files"> +<title>Config Files</title> + + <para> + This section shows how to configure and manage broker. + </para> + + <section role="h2" id="Java-Broker-Configuring-And-Managing-Config-Files-Configuration"> + <title>Configuration file</title> + <para>Broker can be configured using XML configuration files. By default, broker is looking for configuration file at ${QPID_HOME}/etc/config.xml. The default configuration location can be overridden by specifying command line option <emphasis>-c <path to configuration></emphasis> on broker start up.</para> + </section> + + <section role="h2" id="Java-Broker-Configuring-And-Managing-Config-Files-Management"> + <title>Management Configuration</title> + <para> + Management interfaces can be configured in <emphasis>management</emphasis> section of broker configuration file. The example of the management section is provided below. + </para> + <example> + <title>Management configuration</title> + <programlisting><![CDATA[ + <broker> + ... + <management> + <enabled>true</enabled> + <jmxport> + <registryServer>8999</registryServer> + </jmxport> + <ssl> + <enabled>false</enabled> + <keyStorePath>${conf}/qpid.keystore</keyStorePath> + <keyStorePassword>password</keyStorePassword> + </ssl> + <http> + <enabled>true</enabled> + </http> + <https> + <enabled>false</enabled> + </https> + </management> + ... + </broker>]]></programlisting> + </example> + </section> + <section role="h2" id="Java-Broker-Configuring-And-Managing-Config-Files-JMX-Management"> + <title>JMX Management Configuration</title> + <para> + JMX management can be configured in <emphasis>management</emphasis> section of broker configuration file. + </para> + <para>An <emphasis>enabled</emphasis> element in the <emphasis>management</emphasis> section is used to enable or disable the JMX interfaces. Setting it to <emphasis>true</emphasis> causes the broker to start the management plugin if such is available on the broker classpath.</para> + <para>JMX management requires two ports which can be configured in <emphasis>jmxport</emphasis> sub-section of <emphasis>management</emphasis>: + <itemizedlist> + <listitem><para>RMI port (8999 by default) can be configured in an element <emphasis>jmxport/registryServer</emphasis></para></listitem> + <listitem><para>Connector port can be configured in an element <emphasis>jmxport/connectorServer</emphasis>. If configuration element <emphasis>connectorServer</emphasis> is not provided than the connector port defaults to <emphasis>100 + registryServer port</emphasis>.</para></listitem> + </itemizedlist> + </para> + <example> + <title>Enabling JMX Management and configuring JMX ports</title> + <programlisting> +<broker> +... +<management> + <emphasis><enabled>true</enabled></emphasis> <co id="java-broker-example-jmx-management-0"/> + <jmxport> + <emphasis><registryServer>7999</registryServer></emphasis> <co id="java-broker-example-jmx-management-1"/> + <emphasis><connectorServer>7998</connectorServer></emphasis> <co id="java-broker-example-jmx-management-2"/> + </jmxport> +</management> +... +</broker></programlisting> + </example> + <para>In the snippet above the following is configured:</para> + <calloutlist> + <callout arearefs="java-broker-example-jmx-management-0"><para>Enable JMX management</para></callout> + <callout arearefs="java-broker-example-jmx-management-1"><para>Set RMI port to 7999</para></callout> + <callout arearefs="java-broker-example-jmx-management-2"><para>Set connector port to 7998</para></callout> + </calloutlist> + <para>SSL can be configured to use on the connector port in the sub-section <emphasis>ssl</emphasis> of the <emphasis>management</emphasis> section. See <xref linkend="Java-Broker-Configuring-And-Managing-Config-Files-SSL-keystore-configuration"/> for details.</para> + <para>In order to use SSL with JMX management an element <emphasis>ssl/enabled</emphasis> needs to be set to <emphasis>true</emphasis>.</para> + </section> + <section role="h2" id="Java-Broker-Configuring-And-Managing-Config-Files-SSL-keystore-configuration"> + <title>Management SSL key store configuration</title> + <para> + This section describes how to configure the key store to use in SSL connections in both JMX and Web management interfaces. + </para> + <para>The following examples demonstrates how to configure keystore for management</para> + <example> + <title>Management key store configuration</title> + <programlisting> +<broker> +... +<management> +... + <ssl> + <enabled>true</enabled> <co id="java-broker-example-management-keystore-0"/> + <keyStorePath>${conf}/qpid.keystore</keyStorePath> <co id="java-broker-example-management-keystore-1"/> + <keyStorePassword>password</keyStorePassword> <co id="java-broker-example-management-keystore-2"/> + </ssl> +... +</management> +... +</broker></programlisting> + </example> + <calloutlist> + <callout arearefs="java-broker-example-management-keystore-0"><para>Enable SSL on JMX connector port only. This setting does not effect the web management interfaces.</para></callout> + <callout arearefs="java-broker-example-management-keystore-1"><para>Set path to the key store file</para></callout> + <callout arearefs="java-broker-example-management-keystore-2"><para>Set keystore password</para></callout> + </calloutlist> + </section> + <section role="h2" id="Java-Broker-Configuring-And-Managing-Config-Files-Web-Management"> + <title>Web Management Configuration</title> + <para> + Web management can be configured in <emphasis>management</emphasis> section of broker configuration file. + </para> + <para>Sub-section <emphasis>http</emphasis> is used to enable web management on http port.</para> + <para>Sub-section <emphasis>https</emphasis> is used to enable web management on https port.</para> + <para>The following example shows how to configure http and https ports</para> + <example> + <title>Enabling web management</title> + <programlisting> +<broker> +... +<management> +... + <http> + <enabled>true</enabled> <co id="java-broker-example-management-web-0"/> + <port>9090</port> <co id="java-broker-example-management-web-1"/> + <basic-auth>false</basic-auth> <co id="java-broker-example-management-web-2"/> + <sasl-auth>true</sasl-auth> <co id="java-broker-example-management-web-3"/> + <session-timeout>600</session-timeout> <co id="java-broker-example-management-web-4"/> + </http> + + <https> + <enabled>true</enabled> <co id="java-broker-example-management-web-5"/> + <port>9443</port> <co id="java-broker-example-management-web-6"/> + <sasl-auth>true</sasl-auth> <co id="java-broker-example-management-web-7"/> + <basic-auth>true</basic-auth> <co id="java-broker-example-management-web-8"/> + </https> +... +</management> +... +</broker></programlisting> + </example> + <calloutlist> + <callout arearefs="java-broker-example-management-web-0"><para>Enable web management on http port. Default is true.</para></callout> + <callout arearefs="java-broker-example-management-web-1"><para>Set web management http port to 9090. Default is 8080.</para></callout> + <callout arearefs="java-broker-example-management-web-2"><para>Disable basic authentication on http port for REST services only. Default is false.</para></callout> + <callout arearefs="java-broker-example-management-web-3"><para>Enable SASL authentication on http port for REST services and web console. Default is true.</para></callout> + <callout arearefs="java-broker-example-management-web-4"><para>Set session timeout in seconds. Default is 15 minutes.</para></callout> + <callout arearefs="java-broker-example-management-web-5"><para>Enable web management on https port. Default is false.</para></callout> + <callout arearefs="java-broker-example-management-web-6"><para>Set web management https port to 9443. Default is 8443.</para></callout> + <callout arearefs="java-broker-example-management-web-7"><para>Enable SASL authentication on https port for REST services and web console. Default is true.</para></callout> + <callout arearefs="java-broker-example-management-web-8"><para>Enable basic authentication on https port for REST services only. Default is true.</para></callout> + </calloutlist> + <note><para>Please configure the keystore to use with the https web management port. See <xref linkend="Java-Broker-Configuring-And-Managing-Config-Files-SSL-keystore-configuration"/> for details.</para></note> + </section> +</section> diff --git a/doc/book/src/java-broker/Java-Broker-Configuring-And-Managing-JMX.xml b/doc/book/src/java-broker/Java-Broker-Configuring-And-Managing-JMX.xml new file mode 100644 index 0000000000..122da6d267 --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Configuring-And-Managing-JMX.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<section id="Java-Broker-Configuring-And-Managing-JMX"> +<title>JMX</title> + +</section> diff --git a/doc/book/src/java-broker/Java-Broker-Configuring-And-Managing-Other-Tooling.xml b/doc/book/src/java-broker/Java-Broker-Configuring-And-Managing-Other-Tooling.xml new file mode 100644 index 0000000000..cf9d9497dd --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Configuring-And-Managing-Other-Tooling.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<section id="Java-Broker-Configuring-And-Managing-Other-Tooling"> +<title>Other Tooling</title> + +</section> diff --git a/doc/book/src/java-broker/Java-Broker-Configuring-And-Managing-REST-API.xml b/doc/book/src/java-broker/Java-Broker-Configuring-And-Managing-REST-API.xml new file mode 100644 index 0000000000..8bd63ade7a --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Configuring-And-Managing-REST-API.xml @@ -0,0 +1,263 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<section id="Java-Broker-Configuring-And-Managing-REST-API"> +<title>REST API</title> + <section id="Java-Broker-Configuring-And-Managing-REST-API-Overview"> + <title>REST API Overview</title> + <para>This section provides an overview of REST management API.</para> + <para>If web management is enabled (see <xref linkend="Java-Broker-Configuring-And-Managing-Config-Files-Web-Management"/>) + the REST API can be used to monitor and manage the broker instance.</para> + <para>The Qpid broker REST services support traditional REST model which uses the GET method requests to retrieve + the information about broker configured objects, DELETE method requests to delete the configured object, + PUT to create the configured object and POST to update the configured objects.</para> + <para>The table below lists the available REST services with brief description how they can be used.</para> + + <table> + <title>Rest services</title> + <tgroup cols="6"> + <thead> + <row> + <entry>Rest service URL</entry> + <entry>Description</entry> + <entry>GET</entry> + <entry>PUT</entry> + <entry>POST</entry> + <entry>DELETE</entry> + </row> + </thead> + <tbody> + <row> + <entry><para>/rest/broker</para></entry> + <entry><para>Rest service to manage broker instance</para></entry> + <entry><para>Retrieves the details of broker configuration</para></entry> + <entry><para>Not implemented yet</para></entry> + <entry><para>Not implemented yet</para></entry> + <entry><para>Not implemented yet</para></entry> + </row> + <row> + <entry><para>/rest/authenticationprovider</para> + <para>/rest/authenticationprovider/<authentication provider name></para> + </entry> + <entry>Rest service to manage authentication providers on the broker</entry> + <entry>Retrieves the details about authentication providers</entry> + <entry>Not implemented yet</entry> + <entry>Not implemented yet</entry> + <entry>Not implemented yet</entry> + </row> + <row> + <entry><para>/rest/user</para> + <para>/rest/user/<authentication provider name>/<user name></para> + </entry> + <entry>Rest service to manage user account</entry> + <entry>Retrieves the details about user account</entry> + <entry>Creates user account</entry> + <entry>Updates user password</entry> + <entry>Deletes user account</entry> + </row> + <row> + <entry><para>/rest/groupprovider</para> + <para>/rest/groupprovider/<group provider name></para> + </entry> + <entry>Rest service to manage group providers</entry> + <entry>Retrieves the details about group provider(s)</entry> + <entry>Not implemented yet</entry> + <entry>Not implemented yet</entry> + <entry>Not implemented yet</entry> + </row> + <row> + <entry><para>/rest/group</para> + <para>/rest/group/<group provider name>/<group name></para> + </entry> + <entry>Rest service to manage user group</entry> + <entry>Retrieves the details about user group</entry> + <entry>Creates group</entry> + <entry>Not implemented yet</entry> + <entry>Deletes group</entry> + </row> + <row> + <entry><para>/rest/groupmember</para> + <para>/rest/groupmember/<group provider name >/<group name>/<user name></para> + </entry> + <entry>Rest service to manage group member(s)</entry> + <entry>Retrieves the details about group member(s)</entry> + <entry>Add user to group</entry> + <entry>Not implemented yet</entry> + <entry>Deletes user from group</entry> + </row> + <row> + <entry> + <para>/rest/port</para> + <para>/rest/port/<port name></para> + </entry> + <entry>Rest service to manage broker ports(s)</entry> + <entry>Retrieves the details about the broker port(s)</entry> + <entry>Not implemented yet</entry> + <entry>Not implemented yet</entry> + <entry>Not implemented yet</entry> + </row> + <row> + <entry> + <para>/rest/port</para> + <para>/rest/port/<port name></para> + </entry> + <entry>Rest service to manage broker ports(s)</entry> + <entry>Retrieves the details about the broker port(s)</entry> + <entry>Not implemented yet</entry> + <entry>Not implemented yet</entry> + <entry>Not implemented yet</entry> + </row> + <row> + <entry> + <para>/rest/queue</para> + <para>/rest/queue/<virtual host name>/>queue name></para> + </entry> + <entry>Rest service to manage queue(s)</entry> + <entry>Retrieves the details about the queue(s)</entry> + <entry>Creates queue</entry> + <entry>Not implemented yet</entry> + <entry>Deletes queue</entry> + </row> + <row> + <entry> + <para>/rest/exchange</para> + <para>/rest/exchange/<virtual host name>/<exchange name></para> + </entry> + <entry>Rest service to manage exchange(s)</entry> + <entry>Retrieves the details about the exchange(s)</entry> + <entry>Creates exchange</entry> + <entry>Not implemented yet</entry> + <entry>Deletes exchange</entry> + </row> + <row> + <entry> + <para>/rest/binding</para> + <para>/rest/binding/<virtual host name>/<exchange name>/<queue name>/<binding name></para> + </entry> + <entry>Rest service to manage binding(s)</entry> + <entry>Retrieves the details about the binding(s)</entry> + <entry>Binds a queue to an exchange</entry> + <entry>Not implemented yet</entry> + <entry>Deletes binding</entry> + </row> + <row> + <entry> + <para>/rest/connection</para> + <para>/rest/connection/<virtual host name>/<connection name></para> + </entry> + <entry>Rest service to manage connection(s)</entry> + <entry>Retrieves the details about the connection(s)</entry> + <entry>Not implemented yet</entry> + <entry>Not implemented yet</entry> + <entry>Not implemented yet</entry> + </row> + <row> + <entry> + <para>/rest/session</para> + <para>/rest/session/<virtual host name>/<connection name>/<session name></para> + </entry> + <entry>Rest service to manage session(s)</entry> + <entry>Retrieves the details about the session(s)</entry> + <entry>Not implemented yet</entry> + <entry>Not implemented yet</entry> + <entry>Not implemented yet</entry> + </row> + <row> + <entry> + <para>/rest/message/*</para> + </entry> + <entry>Rest service to manage messages(s)</entry> + <entry>Retrieves the details about the messages(s)</entry> + <entry>Not implemented yet</entry> + <entry>Copies, moves messages</entry> + <entry>Deletes messages</entry> + </row> + <row> + <entry> + <para>/rest/message-content/*</para> + </entry> + <entry>Rest service to retrieve message content</entry> + <entry>Retrieves the message content</entry> + <entry>Not implemented yet</entry> + <entry>Not implemented yet</entry> + <entry>Not implemented yet</entry> + </row> + <row> + <entry> + <para>/rest/logrecords</para> + </entry> + <entry>Rest service to retrieve broker logs</entry> + <entry>Retrieves the broker logs</entry> + <entry>Not implemented yet</entry> + <entry>Not implemented yet</entry> + <entry>Not implemented yet</entry> + </row> + <row> + <entry> + <para>/rest/sasl</para> + </entry> + <entry>Sasl authentication</entry> + <entry>Retrieves user current authentication status and broker supported SASL mechanisms</entry> + <entry>Authenticates user using supported SASL mechanisms</entry> + <entry>Not implemented yet</entry> + <entry>Not implemented yet</entry> + </row> + <row> + <entry> + <para>/rest/logout</para> + </entry> + <entry>Log outs</entry> + <entry>Log outs user</entry> + <entry>Not implemented yet</entry> + <entry>Not implemented yet</entry> + <entry>Not implemented yet</entry> + </row> + </tbody> + </tgroup> + </table> + <para>Rest URL are hierarchical. It is permitted to replace rest URL elements with an "asterisks" in GET requests to denote + all object of a particular type. Additionally, trailing object type in the URL hierarchy can be omitted. + In this case GET request will return all of the object underneath of the current object.</para> + <para>For example, for binding URL http://localhost:8080/rest/binding/<vhost>/<exchange>/<queue>/<binding> + replacing of <emphasis><exchange></emphasis> with "asterisks" (http://localhost:8080/rest/binding/<vhost>/*/<queue>/<binding>) + will result in the GET response containing the list of bindings for all of the exchanges in the virtual host having the given name and given queue. + If <emphasis><binding></emphasis> and <emphasis><queue></emphasis> are omitted in binding REST URL + (http://localhost:8080/rest/binding/<vhostname>/<exchangename>) the GET request will result in returning + all bindings for all queues for the given exchange in the virtual host. + </para> + <example> + <title>Examples of queue creation using curl:</title> + <programlisting><![CDATA[ +#create a durable queue +curl -X PUT -d '{"durable":true}' http://localhost:8080/rest/queue/<vhostname>/<queuename> +#create a durable priority queue +curl -X PUT -d '{"durable":true,"type":"priority"}' http://localhost:8080/rest/queue/<vhostname>/<queuename> + ]]></programlisting> + </example><example> + <title>Example of binding a queue to an exchange using curl</title> + <programlisting><![CDATA[ +curl -X PUT -d '{}' http://localhost:8080/rest/binding/<vhostname>/<exchangename>/<queue-name>/<binding-name> + ]]></programlisting> + </example> + <para>Qpid broker web management console calls rest interfaces internally to manage the broker.</para> + </section> +</section> diff --git a/doc/book/src/java-broker/Java-Broker-Configuring-And-Managing-Web-Console.xml b/doc/book/src/java-broker/Java-Broker-Configuring-And-Managing-Web-Console.xml new file mode 100644 index 0000000000..406f2fbe08 --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Configuring-And-Managing-Web-Console.xml @@ -0,0 +1,35 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<section id="Java-Broker-Configuring-And-Managing-Web-Console"> + <title>Web Console</title> + <para>If web management is enabled (see <xref linkend="Java-Broker-Configuring-And-Managing-Config-Files-Web-Management"/>) the web management console can be accessed from web browser using URL http(s)://<hostname>:<port>/management, where</para> + <itemizedlist> + <listitem><para><emphasis>hostname</emphasis> is the broker host</para></listitem> + <listitem><para><emphasis>port</emphasis> is the broker port(either http or https)</para></listitem> + </itemizedlist> + <para>The page like following is displayed on navigation to the management URL.</para> + <figure> + <title>Web management Console</title> + <graphic fileref="images/Management-Web-Console.png"/> + </figure> +</section> diff --git a/doc/book/src/java-broker/Java-Broker-Configuring-And-Managing.xml b/doc/book/src/java-broker/Java-Broker-Configuring-And-Managing.xml new file mode 100644 index 0000000000..d0858a80c0 --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Configuring-And-Managing.xml @@ -0,0 +1,30 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<chapter id="Java-Broker-Configuring-And-Managing"> + <title>Configuring And Managing</title> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Configuring-And-Managing-Config-Files.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Configuring-And-Managing-Web-Console.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Configuring-And-Managing-REST-API.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Configuring-And-Managing-JMX.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Configuring-And-Managing-Other-Tooling.xml"/> +</chapter> diff --git a/doc/book/src/java-broker/Java-Broker-Exchanges-Binding-Arguments.xml b/doc/book/src/java-broker/Java-Broker-Exchanges-Binding-Arguments.xml new file mode 100644 index 0000000000..06c5ee7336 --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Exchanges-Binding-Arguments.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<section id=""> +<title></title> + +</section> diff --git a/doc/book/src/java-broker/Java-Broker-Exchanges.xml b/doc/book/src/java-broker/Java-Broker-Exchanges.xml new file mode 100644 index 0000000000..f6272fb0f3 --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Exchanges.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<chapter id="Java-Broker-Exchanges"> + <title>Exchanges</title> + +</chapter> diff --git a/doc/book/src/java-broker/Java-Broker-Feature-Guide.xml b/doc/book/src/java-broker/Java-Broker-Feature-Guide.xml deleted file mode 100644 index bbc2a1aaf0..0000000000 --- a/doc/book/src/java-broker/Java-Broker-Feature-Guide.xml +++ /dev/null @@ -1,84 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!-- - - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - ---> - -<section> - <title> - Java Broker Feature Guide - </title> - <section role="h3" id="JavaBrokerFeatureGuide-TheQpidpureJavabrokercurrentlysupportsthefollowingfeatures-3A"> - <title> - The Qpid pure Java broker currently supports the following - features: - </title> - <itemizedlist> - <listitem><para>All features required by the Sun JMS 1.1 specification, fully - tested - </para></listitem> - <listitem><para>Transaction support - </para></listitem> - <listitem><para>Persistence using a pluggable layer - </para></listitem> - <listitem><para>Pluggable security using SASL - </para></listitem> - <listitem><para>Management using JMX and an Eclipse Management Console - application - </para></listitem> - <listitem><para>High performance header-based routing for messages - </para></listitem> - <listitem><para>Message Priorities - </para></listitem> - <listitem><para>Configurable logging and log archiving - </para></listitem> - <listitem><para>Threshold alerting - </para></listitem> - <listitem><para>ACLs - </para></listitem> - <listitem><para>Extensively tested on each release, including performance - & reliability testing - </para></listitem> - <listitem><para>Automatic client failover using configurable connection - properties - </para></listitem> - <listitem><para>Durable Queues/Subscriptions - </para></listitem> - </itemizedlist> - <section role="h3" id="JavaBrokerFeatureGuide-Upcomingfeatures-3A"> - <title> - Upcoming - features: - </title> - <itemizedlist> - <listitem><para>Flow To Disk - </para></listitem> - <listitem><para>IP Whitelist - </para></listitem> - <listitem><para>AMQP 0-10 Support (for interoperability) - </para></listitem> - </itemizedlist> - - <!--h3--> - </section> - - <!--h3--> - </section> - -</section> diff --git a/doc/book/src/java-broker/Java-Broker-Getting-Started.xml b/doc/book/src/java-broker/Java-Broker-Getting-Started.xml new file mode 100644 index 0000000000..630c27ce89 --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Getting-Started.xml @@ -0,0 +1,140 @@ +<?xml version="1.0"?> +<!DOCTYPE entities [ +<!ENTITY % entities SYSTEM "commonEntities.xml"> +%entities; +]> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<chapter id="Java-Broker-Getting-Started"> + <title>Getting Started</title> + <para>This section describes how to start the Java Broker for the first time.</para> + <section role="h2" id="Java-Broker-Getting-Started-Starting"> + <title>Starting/Stopping the Broker</title> + <para>To start the Broker, use the <command>qpid-server</command> script (UNIX) or <command>qpid-server.bat</command> (Windows) + provided within distribution.</para> + </section> + <section role="h2" id="Java-Broker-Getting-Started-Starting-Stopping-Windows"> + <title>Starting/Stopping on Windows</title> + <para>Firstly change to the installation directory used during the <link linkend="Java-Broker-Installation-InstallationWindows">installation</link> + and ensure that the <link linkend="Java-Broker-Installation-InstallationWindows-SettingQPIDWORK">QPID_WORK environment variable is set</link>.</para> + <para>Now use the <command>qpid-server.bat</command> to start the server</para> + <programlisting><![CDATA[bin\qpid-server.bat]]></programlisting> + <para>Output similar to the following will be seen:</para> + <screen>[Broker] BRK-1006 : Using configuration : C:\qpid\qpid-broker-&qpidCurrentRelease;\etc\config.xml +[Broker] BRK-1007 : Using logging configuration : C:\qpid\qpid-broker-&qpidCurrentRelease;\etc\log4j.xml +[Broker] BRK-1001 : Startup : Version: &qpidCurrentRelease; Build: 1411386 +[Broker] BRK-1010 : Platform : JVM : Sun Microsystems Inc. version: 1.6.0_24-b07 OS : Windows 7 version: 6.1 arch: amd64 +[Broker] BRK-1011 : Maximum Memory : 1,069,416,448 bytes +[Broker] MNG-1001 : Web Management Startup +[Broker] MNG-1002 : Starting : HTTP : Listening on port 8080 +[Broker] MNG-1004 : Web Management Ready +[Broker] MNG-1001 : JMX Management Startup +[Broker] MNG-1002 : Starting : RMI Registry : Listening on port 8999 +[Broker] MNG-1002 : Starting : JMX RMIConnectorServer : Listening on port 9099 +[Broker] MNG-1004 : JMX Management Ready +[Broker] BRK-1002 : Starting : Listening on TCP port 5672 +[Broker] BRK-1004 : Qpid Broker Ready</screen> + <para>The BRK-1004 message confirms that the Broker is ready for work. The MNG-1002 and BRK-1002 confirm the ports to + which the Broker is listening (for HTTP/JMX management and AMQP respectively).</para> + <para>To stop the Broker, use Control-C or use the Shutdown MBean made from the <xref + linkend="Java-Broker-Configuring-And-Managing-JMX"/></para> + </section> + <section role="h2" id="Java-Broker-Getting-Started-Starting-Stopping-Unix"> + <title>Starting/Stopping on Unix</title> + <para>Firstly change to the installation directory used during the <link linkend="Java-Broker-Installation-InstallationUnix">installation</link> + and ensure that the <link linkend="Java-Broker-Installation-InstallationUnix-SettingQPIDWORK">QPID_WORK environment variable is set</link>.</para> + <para>Now use the <command>qpid-server</command> script to start the server:</para> + <programlisting><![CDATA[bin\qpid-server]]></programlisting> + <para>Output similar to the following will be seen:</para> + <screen>[Broker] BRK-1006 : Using configuration : /usr/local/qpid/qpid-broker-&qpidCurrentRelease;/etc/config.xml +[Broker] BRK-1007 : Using logging configuration : /usr/local/qpid/qpid-broker-&qpidCurrentRelease;/etc/log4j.xml +[Broker] BRK-1001 : Startup : Version: &qpidCurrentRelease; Build: 1411386 +[Broker] BRK-1010 : Platform : JVM : Apple Inc. version: 1.6.0_35-b10-428-11M3811 OS : Mac OS X version: 10.8.2 arch: x86_64 +[Broker] BRK-1011 : Maximum Memory : 1,070,399,488 bytes +[Broker] MNG-1001 : Web Management Startup +[Broker] MNG-1002 : Starting : HTTP : Listening on port 8080 +[Broker] MNG-1004 : Web Management Ready +[Broker] MNG-1001 : JMX Management Startup +[Broker] MNG-1002 : Starting : RMI Registry : Listening on port 8999 +[Broker] MNG-1002 : Starting : JMX RMIConnectorServer : Listening on port 9099 +[Broker] MNG-1004 : JMX Management Ready +[Broker] BRK-1002 : Starting : Listening on TCP port 5672 +[Broker] BRK-1004 : Qpid Broker Ready</screen> + <para>The BRK-1004 message confirms that the Broker is ready for work. The MNG-1002 and BRK-1002 confirm the ports to + which the Broker is listening (for HTTP/JMX management and AMQP respectively).</para> + <para>To stop the Broker, use Control-C from the controlling shell, use the + <command>bin/qpid.stop</command> script, or use <command>kill -TERM <pid></command> or + the Shutdown MBean from <xref linkend="Java-Broker-Configuring-And-Managing-JMX"/></para> + </section> + <section role="h2" id="Java-Broker-Getting-Started-LogFile"> + <title>Log file</title> + <para>The Java Broker writes a log file to record both details of its normal operation and any exceptional + conditions. By default the log file is written within the log subdirectory beneath the work directory + - <computeroutput>$QPID_WORK/log/qpid.log</computeroutput> (UNIX) and + <computeroutput>%QPID_WORK%\log\qpid.log</computeroutput> (Windows).</para> + <para>For details of how to control the logging, see <xref linkend="Java-Broker-Runtime-Log-Files"/></para> + </section> + <section role="h2" id="Java-Broker-Getting-Started-CommandLine"> + <title>Using the command line</title> + <para>The Java Broker understands a number of command line options which may be used to override the configuration.</para> + <para>To see usage information for all command line options, use the option <option>--help</option></para> + <programlisting><![CDATA[bin/qpid-server --help]]></programlisting> + <screen><![CDATA[usage: Qpid [-b address>] [-c <file>] [--exclude-0-10 <port>] [--exclude-0-8 <port>] [--exclude-0-9 <port>] [--exclude-0-9-1 + <port>] [--exclude-1-0 <port>] [-h] [--include-0-10 <port>] [--include-0-8 <port>] [--include-0-9 <port>] [--include-0-9-1 + <port>] [--include-1-0 <port>] [--jmxconnectorport <port>] [-l <file>] [-m <port>] [-p <port>] [-s <port>] [-v] [-w <period>] + -b,--bind <address> bind to the specified address. Overrides any value in the config file + -c,--config <file> use given configuration file + --exclude-0-10 <port> when listening on the specified port do not accept AMQP0-10 connections. The + specified port must be one specified on the command line + --exclude-0-8 <port> when listening on the specified port do not accept AMQP0-8 connections. The + specified port must be one specified on the command line + --exclude-0-9 <port> when listening on the specified port do not accept AMQP0-9 connections. The + specified port must be one specified on the command line + --exclude-0-9-1 <port> when listening on the specified port do not accept AMQP0-9-1 connections. The + specified port must be one specified on the command line + --exclude-1-0 <port> when listening on the specified port do not accept AMQP1-0 connections. The + specified port must be one specified on the command line + -h,--help print this message + --include-0-10 <port> accept AMQP0-10 connections on this port, overriding configuration to the contrary. + The specified port must be one specified on the command line + --include-0-8 <port> accept AMQP0-8 connections on this port, overriding configuration to the contrary. + The specified port must be one specified on the command line + --include-0-9 <port> accept AMQP0-9 connections on this port, overriding configuration to the contrary. + The specified port must be one specified on the command line + --include-0-9-1 <port> accept AMQP0-9-1 connections on this port, overriding configuration to the contrary. + The specified port must be one specified on the command line + --include-1-0 <port> accept AMQP1-0 connections on this port, overriding configuration to the contrary. + The specified port must be one specified on the command line + --jmxconnectorport <port> listen on the specified management (connector server) port. Overrides any + value in the config file + -l,--logconfig <file> use the specified log4j xml configuration file. By default looks for a file named + etc/log4j.xml in the same directory as the configuration file + -m,--jmxregistryport <port> listen on the specified management (registry server) port. Overrides any + value in the config file + -p,--port <port> listen on the specified port. Overrides any value in the config file + -s,--sslport <port> SSL port. Overrides any value in the config file + -v,--version print the version information and exit + -w,--logwatch <period> monitor the log file configuration file for changes. Units are seconds. Zero means + do not check for changes.]]></screen> + </section> + +</chapter> diff --git a/doc/book/src/java-broker/HA-Guide.xml b/doc/book/src/java-broker/Java-Broker-High-Availability.xml index 041309d711..7ea9dae38a 100644 --- a/doc/book/src/java-broker/HA-Guide.xml +++ b/doc/book/src/java-broker/Java-Broker-High-Availability.xml @@ -1,10 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> -<!DOCTYPE urls [ -<!ENTITY oracleBdbProductOverviewUrl "http://www.oracle.com/technetwork/products/berkeleydb/overview/index-093405.html"> -<!ENTITY oracleBdbProductVersion "5.0.58"> -<!ENTITY oracleBdbRepGuideUrl "http://oracle.com/cd/E17277_02/html/ReplicationGuide/"> -<!ENTITY oracleBdbJavaDocUrl "http://docs.oracle.com/cd/E17277_02/html/java/"> -<!ENTITY oracleJdkDocUrl "http://oracle.com/javase/6/docs/api/"> +<!DOCTYPE entities [ +<!ENTITY % entities SYSTEM "commonEntities.xml"> +%entities; ]> <!-- @@ -26,10 +23,10 @@ under the License. --> -<section id="High-Availability"> +<chapter id="Java-Broker-High-Availability"> <title>High Availability</title> - <section role="h3" id="HAGeneralIntroduction"> + <section role="h3" id="Java-Broker-High-Availability-GeneralIntroduction"> <title>General Introduction</title> <para>The term High Availability (HA) usually refers to having a number of instances of a service such as a Message Broker available so that should a service unexpectedly fail, or requires to be shutdown for maintenance, users may quickly connect @@ -42,7 +39,7 @@ </para> </section> - <section role="h3" id="HAOfferingsOfJavaBroker"> + <section role="h3" id="Java-Broker-High-Availability-OfferingsOfJavaBroker"> <title>HA offerings of the Java Broker</title> <para>The Java Broker's HA offering became available at release <emphasis role="bold">0.18</emphasis>. HA is provided by way of the HA features built into the <ulink url="&oracleBdbProductOverviewUrl;">Java Edition of the Berkley Database (BDB JE)</ulink> and as such @@ -63,7 +60,7 @@ Message Store</emphasis>.</para> </section> - <section role="h3" id="HATwoNodeCluster"> + <section role="h3" id="Java-Broker-High-Availability-TwoNodeCluster"> <title>Two Node Cluster</title> <section role="h4"> <title>Overview</title> @@ -73,7 +70,7 @@ <para>All data and state required for the operation of the virtual host is automatically sent from the master to the replica. This is called the replication stream. The master virtual host confirms each message is on the replica before the client transaction completes. The exact way the client awaits - for the master and replica is gorverned by the <link linkend="HADurabilityGuarantee">durability</link> + for the master and replica is gorverned by the <link linkend="Java-Broker-High-Availability-DurabilityGuarantee">durability</link> configuration, which is discussed later. In this way, the replica remains ready to take over the role of the master if the master becomes unavailable. </para> @@ -86,7 +83,7 @@ In the event of a master failure, a third party must designate the replica as primary. This process is described in more detail later. </para> - <para>Clients connect to the cluster using a <link linkend="HAClientFailover">failover url</link>. + <para>Clients connect to the cluster using a <link linkend="Java-Broker-High-Availability-ClientFailover">failover url</link>. This allows the client to maintain a connection to the master in a way that is transparent to the client application.</para> </section> @@ -105,7 +102,7 @@ </textobject> </mediaobject> </figure> - <section role="h5" id="HATwoNodeNormalOperation"> + <section role="h5" id="Java-Broker-High-Availability-TwoNodeNormalOperation"> <title>Normal Operation</title> <para>The figure below illustrates normal operation. Clients connecting to the cluster by way of the failover URL achieve a connection to the master. As clients perform work (message @@ -123,7 +120,7 @@ </mediaobject> </figure> </section> - <section role="h5" id="HATwoNodeMasterFailure"> + <section role="h5" id="Java-Broker-High-Availability-TwoNodeMasterFailure"> <title>Master Failure and Recovery</title> <para>The figure below illustrates a sequence of events whereby the master suffers a failure and the replica is made the master to allow the clients to continue to work. Later the @@ -142,7 +139,7 @@ <para>A third-party (an operator, a script or a combination of the two) verifies that the master has truely failed <emphasis role="bold">and is no longer running</emphasis>. If it has truely failed, the decision is made to designate the replica as primary, allowing it to assume the role of master despite the other node being down. - This primary designation is performed using <link linkend="HAJMXAPI">JMX</link>.</para> + This primary designation is performed using <link linkend="Java-Broker-High-Availability-JMXAPI">JMX</link>.</para> </listitem> <listitem> <para>Client connections to the new master succeed and the <emphasis role="bold">service is restored @@ -165,7 +162,7 @@ </mediaobject> </figure> </section> - <section role="h5" id="HATwoNodeReplicaFailure"> + <section role="h5" id="Java-Broker-High-Availability-TwoNodeReplicaFailure"> <title>Replica Failure and Recovery</title> <para>The figure that follows illustrates a sequence of events whereby the replica suffers a failure leaving the master to continue processing alone. Later the replica is repaired and is restarted. @@ -205,11 +202,11 @@ </mediaobject> </figure> </section> - <section role="h5" id="HATwoNodeNetworkPartition"> + <section role="h5" id="Java-Broker-High-Availability-TwoNodeNetworkPartition"> <title>Network Partition and Recovery</title> <para>The figure below illustrates the sequence of events that would occur if the network between master and replica were to suffer a partition, and the nodes were out of contact with one and other.</para> - <para>As with <link linkend="HATwoNodeReplicaFailure">Replica Failure and Recovery</link>, the + <para>As with <link linkend="Java-Broker-High-Availability-TwoNodeReplicaFailure">Replica Failure and Recovery</link>, the behaviour is governed by the <varname>designatedPrimary</varname>. Only if <varname>designatedPrimary</varname> is true on the master, will the master continue solo.</para> <para>The item numbers in this list apply to the numbered boxes in the figure below. This example assumes @@ -243,7 +240,7 @@ </mediaobject> </figure> </section> - <section role="h5" id="HATwoNodeSplitBrain"> + <section role="h5" id="Java-Broker-High-Availability-TwoNodeSplitBrain"> <title>Split Brain</title> <para>A <ulink url="http://en.wikipedia.org/wiki/Split-brain_(computing)">split-brain</ulink> is a situation where the two node cluster has two masters. BDB normally strives to prevent @@ -287,16 +284,19 @@ </section> </section> - <section role="h3" id="HAMultiNodeCluster"> + <section role="h3" id="Java-Broker-High-Availability-MultiNodeCluster"> <title>Multi Node Cluster</title> <para>Multi node clusters, that is clusters where the number of nodes is three or more, are not yet ready for use.</para> </section> - <section role="h3" id="HAConfiguration"> + <section role="h3" id="Java-Broker-High-Availability-Configuration"> <title>Configuring a Virtual Host to be a node</title> <para>To configure a virtualhost as a cluster node, configure the virtualhost.xml in the following manner:</para> <para> + + <example> + <title>Configuring a VirtualHost to use the BDBHAMessageStore</title> <programlisting language="xml"><![CDATA[ <virtualhost> <name>myhost</name> @@ -317,6 +317,7 @@ ... </myvhost> </virtualhost>]]></programlisting> + </example> </para> <para>The <varname>groupName</varname> is the name of logical name of the cluster. All nodes within the cluster must use the same <varname>groupName</varname> in order to be considered part of the cluster.</para> @@ -331,28 +332,28 @@ nodes within the cluster when they are newly introduced to the cluster. When configuring the first node, set the <varname>helperHostPort</varname> to its own <varname>nodeHostPort</varname>. For the second and subsequent nodes, set their <varname>helperHostPort</varname> to that of the first node.</para> - <para><varname>durability</varname> controls the <link linkend="HADurabilityGuarantee">durability</link> + <para><varname>durability</varname> controls the <link linkend="Java-Broker-High-Availability-DurabilityGuarantee">durability</link> guarantees made by the cluster. It is important that all nodes use the same value for this property. The default value is NO_SYNC\,NO_SYNC\,SIMPLE_MAJORITY. Owing to the internal use of Apache Commons Config, it is currently necessary to escape the commas within the durability string.</para> - <para><varname>coalescingSync</varname> controls the <link linkend="HADurabilityGuarantee_CoalescingSync">coalescing-sync</link> + <para><varname>coalescingSync</varname> controls the <link linkend="Java-Broker-High-Availability-DurabilityGuarantee_CoalescingSync">coalescing-sync</link> mode of Qpid. It is important that all nodes use the same value. If omitted, it defaults to true.</para> - <para>The <varname>designatedPrimary</varname> is applicable only to the <link linkend="HATwoNodeCluster">two-node + <para>The <varname>designatedPrimary</varname> is applicable only to the <link linkend="Java-Broker-High-Availability-TwoNodeCluster">two-node case.</link> It governs the behaviour of a node when the other node fails or becomes uncontactable. If true, the node will be designated as primary at startup and will be able to continue operating as a single node master. If false, the node will transition to an unavailable state until a third-party manually designates the node as primary or the other node is restored. It is suggested that the node that normally fulfils the role of master is set true in config file and the node that is normally replica is set false. Be aware that setting both nodes to true will lead to a failure to start up, as both cannot be designated at the point of contact. Designating both - nodes as primary at runtime (using the JMX interface) will lead to a <link linkend="HATwoNodeSplitBrain">split-brain</link> + nodes as primary at runtime (using the JMX interface) will lead to a <link linkend="Java-Broker-High-Availability-TwoNodeSplitBrain">split-brain</link> in the case of network partition and must be avoided.</para> <note><para>Usage of domain names in <varname>helperHostPort</varname> and <varname>nodeHostPort</varname> is more preferebale over IP addresses due to the tendency of more frequent changes of the last over the former. If server IP address changes but domain name remains the same the HA cluster can continue working as normal in case when domain names are used in cluster configuration. In case when IP addresses are used and they are changed with the time - than Qpid <link linkend="HAJMXAPI">JMX API for HA</link> can be used to change the addresses or remove the nodes from the cluster.</para></note> + than Qpid <link linkend="Java-Broker-High-Availability-JMXAPI">JMX API for HA</link> can be used to change the addresses or remove the nodes from the cluster.</para></note> - <section role="h4" id="HAConfiguration_BDBEnvVars"> + <section role="h4" id="Java-Broker-High-Availability-Configuration_BDBEnvVars"> <title>Passing BDB environment and replication configuration options</title> <para>It is possible to pass BDB <ulink url="&oracleBdbJavaDocUrl;com/sleepycat/je/EnvironmentConfig.html"> environment</ulink> and <ulink url="&oracleBdbJavaDocUrl;com/sleepycat/je/rep/ReplicationConfig.html"> @@ -373,25 +374,21 @@ </envConfig> ... </store>]]></programlisting> - <para>And to override the BDB replication configuration options <varname>je.rep.insufficientReplicasTimeout</varname>.</para> + <para>And to override the BDB replication configuration options <varname>je.rep.electionsPrimaryRetries</varname>.</para> <programlisting language="xml"><![CDATA[ ... </highAvailability> ... <repConfig> - <name>je.rep.insufficientReplicasTimeout</name> - <value>2</value> - </envConfig> - <envConfig> - <name>je.txn.timeout</name> - <value>10 s</value> - </envConfig> + <name>je.rep.electionsPrimaryRetries</name> + <value>3</value> + </repConfig> ... </store>]]></programlisting> </section> </section> - <section role="h3" id="HADurabilityGuarantee"> + <section role="h3" id="Java-Broker-High-Availability-DurabilityGuarantee"> <title>Durability Guarantees</title> <para>The term <ulink url="http://en.wikipedia.org/wiki/ACID#Durability">durability</ulink> is used to mean that once a transaction is committed, it remains committed regardless of subsequent failures. A highly durable system is one where @@ -401,7 +398,7 @@ <ulink url="&oracleBdbRepGuideUrl;txn-management.html#durabilitycontrols">durability controls</ulink> offered by by BDB JE JA and a Qpid specific optimisation called <emphasis role="bold">coalescing-sync</emphasis> which defaults to enabled.</para> - <section role="h4" id="HADurabilityGuarantee_BDBControls"> + <section role="h4" id="Java-Broker-High-Availability-DurabilityGuarantee_BDBControls"> <title>BDB Durability Controls</title> <para>BDB expresses durability as a triplet with the following form:</para> <programlisting><![CDATA[<master sync policy>,<replica sync policy>,<replica acknowledgement policy>]]></programlisting> @@ -412,7 +409,7 @@ <ulink url="&oracleBdbJavaDocUrl;com/sleepycat/je/Durability.SyncPolicy.html#WRITE_NO_SYNC">WRITE_NO_SYNC</ulink>, <ulink url="&oracleBdbJavaDocUrl;com/sleepycat/je/Durability.SyncPolicy.html#NO_SYNC">NO_SYNC</ulink>. SYNC is offers the highest durability whereas NO_SYNC the lowest.</para> - <para>Note: the combination of a master sync policy of SYNC and <link linkend="HADurabilityGuarantee_CoalescingSync">coalescing-sync</link> + <para>Note: the combination of a master sync policy of SYNC and <link linkend="Java-Broker-High-Availability-DurabilityGuarantee_CoalescingSync">coalescing-sync</link> true would result in poor performance with no corresponding increase in durability guarantee. It cannot not be used.</para> <para>The acknowledgement policy defines whether when a master commits a transaction, it also awaits for the replica(s) to commit the same transaction before continuing. For the two-node case, ALL and SIMPLE_MAJORITY are equal.</para> @@ -421,7 +418,7 @@ <ulink url="&oracleBdbJavaDocUrl;com/sleepycat/je/Durability.ReplicaAckPolicy.html#SIMPLE_MAJORITY">SIMPLE_MAJORITY</ulink> <ulink url="&oracleBdbJavaDocUrl;com/sleepycat/je/Durability.ReplicaAckPolicy.html#NONE">NONE</ulink>.</para> </section> - <section role="h4" id="HADurabilityGuarantee_CoalescingSync"> + <section role="h4" id="Java-Broker-High-Availability-DurabilityGuarantee_CoalescingSync"> <title>Coalescing-sync</title> <para>If enabled (the default) Qpid works to reduce the number of separate <ulink url="&oracleJdkDocUrl;java/io/FileDescriptor.html#sync()">file-system sync</ulink> operations @@ -430,14 +427,14 @@ It does this in such a manner not to reduce the ACID guarantees of the system.</para> <para>Coalescing-sync has no effect on the behaviour of the replicas.</para> </section> - <section role="h4" id="HADurabilityGuarantee_Default"> + <section role="h4" id="Java-Broker-High-Availability-DurabilityGuarantee_Default"> <title>Default</title> <para>The default durability guarantee is <constant>NO_SYNC, NO_SYNC, SIMPLE_MAJORITY</constant> with coalescing-sync enabled. The effect of this combination is described in the table below. It offers a good compromise between durability guarantee and performance with writes being guaranteed on the master and the additional guarantee that a majority of replicas have received the transaction.</para> </section> - <section role="h4" id="HADurabilityGuarantee_Examples"> + <section role="h4" id="Java-Broker-High-Availability-DurabilityGuarantee_Examples"> <title>Examples</title> <para>Here are some examples illustrating the effects of the durability and coalescing-sync settings.</para> <para> @@ -487,7 +484,7 @@ </section> </section> - <section id="HAClientFailover"> + <section id="Java-Broker-High-Availability-ClientFailover"> <title>Client failover configuration</title> <para>The details about format of Qpid connection URLs can be found at section <ulink url="../../Programming-In-Apache-Qpid/html/QpidJNDI.html">Connection URLs</ulink> @@ -504,12 +501,12 @@ amqp://guest:guest@clientid/test?brokerlist='tcp://localhost:5672?connectdelay=' </section> - <section role="h3" id="HAJMXAPI"> + <section role="h3" id="Java-Broker-High-Availability-JMXAPI"> <title>Qpid JMX API for HA</title> <para>Qpid exposes the BDB HA store information via its JMX interface and provides APIs to remove a Node from the group, update a Node IP address, and assign a Node as the designated primary.</para> <para>An instance of the <classname>BDBHAMessageStore</classname> MBean is instantiated by the broker for the each virtualhost using the HA store.</para> - <para>The reference to this MBean can be obtained via JMX API using an ObjectName like <emphasis>org.apache.qpid:type=BDBHAMessageStore,name=<virtualhost name></emphasis> + <para>The reference to this MBean can be obtained via JMX API using an ObjectName like <emphasis>org.apache.qpid:type=BDBHAMessageStore,name="<virtualhost name>"</emphasis> where <virtualhost name> is the name of a specific virtualhost on the broker.</para> <table border="1"> <title>Mbean <classname>BDBHAMessageStore</classname> attributes</title> @@ -633,7 +630,7 @@ JMXServiceURL url = new JMXServiceURL("service:jmx:rmi:///jndi/rmi://localhost: JMXConnector jmxConnector = JMXConnectorFactory.connect(url, environment); MBeanServerConnection mbsc = jmxConnector.getMBeanServerConnection(); -ObjectName queueObjectName = new ObjectName("org.apache.qpid:type=BDBHAMessageStore,name=test"); +ObjectName queueObjectName = new ObjectName("org.apache.qpid:type=BDBHAMessageStore,name=\"test\""); String state = (String)mbsc.getAttribute(queueObjectName, "NodeState"); System.out.println("Node state:" + state); @@ -643,7 +640,7 @@ System.out.println("Node state:" + state); </example> </section> - <section id="BDB-HA-Monitoring-cluster"> + <section id="Java-Broker-High-Availability-Monitoring-cluster"> <title>Monitoring cluster</title> <para>In order to discover potential issues with HA Cluster early, all nodes in the Cluster should be monitored on regular basis using the following techniques:</para> @@ -711,26 +708,26 @@ Current state of node: Node-5001 from group: TestClusterGroup <para><emphasis>AllNodesInGroup</emphasis> lists of all nodes in the replication group including their names, hosts and ports.</para> </listitem> </itemizedlist> - <para>For more details about <classname>BDBHAMessageStore</classname> MBean please refer section <link linkend="HAJMXAPI">Qpid JMX API for HA</link></para> + <para>For more details about <classname>BDBHAMessageStore</classname> MBean please refer section <link linkend="Java-Broker-High-Availability-JMXAPI">Qpid JMX API for HA</link></para> </listitem> </itemizedlist> </section> - <section id="HADiskSpace"> + <section id="Java-Broker-High-Availability-DiskSpace"> <title>Disk space requirements</title> <para>Disk space is a critical resource for the HA Qpid broker.</para> <para>In case when a Replica goes down (or falls behind the Master in 2 node cluster where the Master is designated primary) and the Master continues running, the non-replicated store files are kept on the Masters disk for the period of time as specified in <emphasis>je.rep.repStreamTimeout</emphasis> JE setting in order to replicate this data later when the Replica is back. This setting is set to 1 hour by default by the broker. The setting can be overridden as described in - <xref linkend="HAConfiguration_BDBEnvVars"/>.</para> + <xref linkend="Java-Broker-High-Availability-Configuration_BDBEnvVars"/>.</para> <para>Depending from the application publishing/consuming rates and message sizes, the disk space might become overfull during this period of time due to preserved logs. Please, make sure to allocate enough space on your disk to avoid this from happening. </para> </section> - <section id="BDB-HA-Network-Requirements"> + <section id="Java-Broker-High-Availability-Network-Requirements"> <title>Network Requirements</title> <para>The HA Cluster performance depends on the network bandwidth, its use by existing traffic, and quality of service.</para> <para>In order to achieve the best performance it is recommended to use a separate network infrastructure for the Qpid HA Nodes @@ -738,7 +735,7 @@ Current state of node: Node-5001 from group: TestClusterGroup installing a cluster in a separate network not impacted by any other traffic.</para> </section> - <section id="BDB-HA-Security"> + <section id="Java-Broker-High-Availability-Security"> <title>Security</title> <para>At the moment Berkeley replication API supports only TCP/IP protocol to transfer replication data between Master and Replicas.</para> <para>As result, the replicated data is unprotected and can be intercepted by anyone having access to the replication network.</para> @@ -746,7 +743,7 @@ Current state of node: Node-5001 from group: TestClusterGroup <para>In order to reduce the security risks the entire HA cluster is recommended to run in a separate network protected from general access.</para> </section> - <section id="BDB-HA-Backup"> + <section id="Java-Broker-High-Availability-Backup"> <title>Backups</title> <para>In order to protect the entire cluster from some cataclysms which might destroy all cluster nodes, backups of the Master store should be taken on a regular basis.</para> @@ -768,7 +765,7 @@ Current state of node: Node-5001 from group: TestClusterGroup </note> </section> - <section id="HAMigrationFromNonHA"> + <section id="Java-Broker-High-Availability-MigrationFromNonHA"> <title>Migration of a non-HA store to HA</title> <para>Non HA stores starting from schema version 4 (0.14 Qpid release) can be automatically converted into HA store on broker startup if replication is first enabled with the <ulink url="&oracleBdbJavaDocUrl;com/sleepycat/je/rep/util/DbEnableReplication.html"><classname>DbEnableReplication</classname></ulink> utility from the BDB JE jar.</para> <para>DbEnableReplication converts a non HA store into an HA store and can be used as follows:</para> @@ -799,10 +796,10 @@ java -jar je-&oracleBdbProductVersion;.jar DbEnableReplication -h /path/to/store </note> </section> - <section id="HADisasterRecovery"> + <section id="Java-Broker-High-Availability-DisasterRecovery"> <title>Disaster Recovery</title> <para>This section describes the steps required to restore HA broker cluster from backup.</para> - <para>The detailed instructions how to perform backup on replicated environment can be found <link linkend="BDB-HA-Backup">here</link>.</para> + <para>The detailed instructions how to perform backup on replicated environment can be found <link linkend="Java-Broker-High-Availability-Backup">here</link>.</para> <para>At this point we assume that backups are collected on regular basis from Master node.</para> <para>Replication configuration of a cluster is stored internally in HA message store. This information includes IP addresses of the nodes. @@ -829,7 +826,7 @@ java -cp je-&oracleBdbProductVersion;.jar com.sleepycat.je.rep.util.DbResetRepGr </itemizedlist> </section> - <section id="HAPerformance"> + <section id="Java-Broker-High-Availability-Performance"> <title>Performance</title> <para>The aim of this section is not to provide exact performance metrics relating to HA, as this depends heavily on the test environment, but rather showing an impact of HA on Qpid broker performance in comparison with the Non HA case.</para> @@ -1000,9 +997,9 @@ java -cp je-&oracleBdbProductVersion;.jar com.sleepycat.je.rep.util.DbResetRepGr </figure> <para>On using durability <emphasis>SYNC,SYNC,ALL</emphasis> (without coalescing-sync) the performance drops significantly (by 62-95%) in comparison with non HA broker.</para> <para>Whilst, on using durability <emphasis>WRITE_NO_SYNC,WRITE_NO_SYNC,ALL</emphasis> (without coalescing-sync) the performance drops by only half, but with loss of durability guarantee, so is not recommended.</para> - <para>In order to have better performance with HA, Qpid Broker comes up with the special mode called <link linkend="HADurabilityGuarantee_CoalescingSync">coalescing-sync</link>, + <para>In order to have better performance with HA, Qpid Broker comes up with the special mode called <link linkend="Java-Broker-High-Availability-DurabilityGuarantee_CoalescingSync">coalescing-sync</link>, With this mode enabled, Qpid broker batches the concurrent transaction commits and syncs transaction data into Master disk in one go. As result, the HA performance only drops by 25-60% for durability <emphasis>NO_SYNC,NO_SYNC,ALL</emphasis> and by 10-90% for <emphasis>WRITE_NO_SYNC,WRITE_NO_SYNC,ALL</emphasis>.</para> </section> -</section> +</chapter> diff --git a/doc/book/src/java-broker/Java-Broker-Installation.xml b/doc/book/src/java-broker/Java-Broker-Installation.xml new file mode 100644 index 0000000000..218e39f578 --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Installation.xml @@ -0,0 +1,185 @@ +<?xml version="1.0"?> +<!DOCTYPE entities [ +<!ENTITY % entities SYSTEM "commonEntities.xml"> +%entities; +]> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<chapter id="Java-Broker-Installation"> + <title>Installation</title> + <section role="h2" id="Java-Broker-Installation-Introduction"> + <title>Introduction</title> + <para>This document describes how to install the Java Broker on both Windows and UNIX + platforms.</para> + </section> + <section role="h2" id="Java-Broker-Installation-Prerequistes"> + <title>Prerequisites</title> + <section role="h3" id="Java-Broker-Installation-Prerequistes-Java"> + <title>Java Platform</title> + <para> + The Java Broker is an 100% Java implementation and as such it can be used on any operating + system supporting Java 1.6 or higher. This includes Linux, Solaris, Mac OS X, and Windows XP/Vista/7/8.</para> + <para> + The broker has been tested with Java implementations from both Oracle and IBM. Whatever + platform you chose, it is recommended that you ensure it is patched with any critical updates made + available from the vendor. + </para> + <para> + Verify that your JVM is installed properly by following <link linkend="Java-Broker-Miscellaneous-JVM-Verification">these instructions.</link> + </para> + </section> + <section role="h3" id="Java-Broker-Installation-Prerequistes-Disk"> + <title>Disk</title> + <para>The Java Broker installation requires approximately 20MB of free disk space.</para> + <para>The Java Broker also requires a working directory. The working directory is used for + the message store, that is, the area of the file-system used to record persistent messages whilst they + are passing through the Broker. The working directory is also used for the default location of the log file. + The size of the working directory will depend on the how the Broker is used.</para> + <para>The performance of the file system hosting the work directory is key to the performance of Broker as + a whole. For best performance, choose a device that has low latency and one that is uncontended by other + applications.</para> + <para>Be aware that there are additional considerations if you are considering hosting the working directory on NFS. See + <xref linkend="Java-Broker-Stores"/> for further details.</para> + </section> + <section role="h3" id="Java-Broker-Installation-Prerequistes-Memory"> + <title>Memory</title> + <para>Qpid caches messages on the heap for performance reasons, so in general, the Broker will + benefit from as much heap as possible. However, on a 32bit JVM, the maximum addressable memory range + for a process is 4GB, after leaving space for the JVM's own use this will give a maximum heap size + of approximately ~3.7GB.</para> + </section> + <section role="h3" id="Java-Broker-Installation-Prerequistes-OperatingSystemAccount"> + <title>Operating System Account</title> + <para>Installation or operation of Qpid does <emphasis>not</emphasis> require a privileged account (i.e. root + on UNIX platforms or Administrator on Windows). However it is suggested that you use an dedicated account + (e.g. qpid) for the installation and operation of the Java Broker.</para> + </section> + </section> + + <section role="h2" id="Java-Broker-Installation-Download"> + <title>Download</title> + <section role="h3" id="Java-Broker-Installation-Download-Release"> + <title>Broker Release</title> + <para>You can download the latest qpid-java-broker-&qpidCurrentRelease;.tar.gz package from the <ulink + url="&qpidDownloadUrl;">Download Page</ulink>. + </para> + <para> It is recommended that you confirm the integrity of the download by verifying the PGP signature + matches that available on the site. Instrutions are given on the download page. + </para> + </section> + <section role="h3" id="Java-Broker-Installation-Download-OptionalDependencies"> + <title>Optional Dependencies</title> + <para>The broker has an optional message store implementations backed by Oracle BDB JE. If you wish to use these + stores you will need to provide the optional Oracle BDB JE dependency. For more details, see <xref linkend="Java-Broker-Stores-BDB-Store"></xref> + </para> + </section> + </section> + + <section role="h2" id="Java-Broker-Installation-InstallationWindows"> + <title>Installation on Windows</title> + <para> + Firstly, verify that your JVM is installed properly by following + <link linkend="Java-Broker-Miscellaneous-JVM-Verification-Windows">these instructions.</link> + </para> + <para>Now chose a directory for Qpid broker installation. This directory will be used for the Qpid JARs and configuration files. + It need not be the same location as the store used for the persistent messages or the log file (you will chose this + location later). For the remainder this example we will assumed that location c:\qpid has been chosen.</para> + <para>Now using WinZip<footnote><para>WinZip is a Registered Trademark of WinZip International LLC</para></footnote> (or similar) + extract the Qpid package qpid-java-broker-&qpidCurrentRelease;.tar.gz into the directory.</para> + <para>The extraction of the Qpid package will have created a directory qpid-broker-&qpidCurrentRelease; within c:\qpid</para> + <screen>Volume in drive C has no label + + Directory of c:\qpid\qpid-broker-&qpidCurrentRelease; + +07/25/2012 11:22 PM . +09/30/2012 10:51 AM .. +09/30/2012 12:24 AM bin +08/21/2012 11:17 PM etc +07/25/2012 11:22 PM lib +07/20/2012 08:10 PM 65,925 LICENSE +07/20/2012 08:10 PM 3,858 NOTICE +07/20/2012 08:10 PM 1,346 README.txt + 3 File(s) 71,129 bytes + 5 Dir(s) 743,228,796,928 bytes free</screen> + <section role="h3" id="Java-Broker-Installation-InstallationWindows-SettingQPIDWORK"> + <title>Setting the working directory</title> + <para>Qpid requires a work directory. This directory is used for the default location of the Qpid log + file and is used for the storage of persistent messages. The work directory can be set on the + command-line (for the lifetime of the command interpreter), but you will normally want to set + the environment variable permanently via the Advanced System Settings in the Control Panel.</para> + <screen>set QPID_WORK=S:\qpidwork</screen> + <para>If the directory referred to by QPID_WORK does not exist, the Java Broker will attempt to create it + on start-up.</para> + </section> + <section role="h3" id="Java-Broker-Installation-InstallationWindows-OptionalDependencies"> + <title>Optional Dependencies</title> + <para>The broker has an optional message store implementations backed by Oracle BDB JE. If you wish to use these + stores you will need to provide the optional Oracle BDB JE dependency. For more details, see <xref linkend="Java-Broker-Stores-BDB-Store"></xref> + </para> + </section> + </section> + + <section role="h2" id="Java-Broker-Installation-InstallationUnix"> + <title>Installation on UNIX platforms</title> + <para> + Firstly, verify that your JVM is installed properly by following + <link linkend="Java-Broker-Miscellaneous-JVM-Verification-Unix">these instructions.</link> + </para> + <para>Now chose a directory for Qpid broker installation. This directory will be used for the Qpid JARs and configuration files. + It need not be the same location as the store used for the persistent messages or the log file (you will chose this + location later). For the remainder this example we will assumed that location /usr/local/qpid has been chosen.</para> + <para>Extract the Qpid package qpid-java-broker-&qpidCurrentRelease;.tar.gz into the directory.</para> + <programlisting>mkdir /usr/local/qpid +cd /usr/local/qpid +tar xvzf qpid-java-broker-&qpidCurrentRelease;.tar.gz></programlisting> + <para>The extraction of the Qpid package will have created a directory qpid-broker-x.x</para> + <screen>ls -la qpid-broker-&qpidCurrentRelease;/ +total 152 +drwxr-xr-x 8 qpid qpid 272 25 Jul 23:22 . +drwxr-xr-x 45 qpid qpid 1530 30 Sep 10:51 .. +-rw-r--r--@ 1 qpid qpid 65925 20 Jul 20:10 LICENSE +-rw-r--r--@ 1 qpid qpid 3858 20 Jul 20:10 NOTICE +-rw-r--r--@ 1 qpid qpid 1346 20 Jul 20:10 README.txt +drwxr-xr-x 10 qpid qpid 340 30 Sep 00:24 bin +drwxr-xr-x 9 qpid qpid 306 21 Aug 23:17 etc +drwxr-xr-x 34 qpid qpid 1156 25 Jul 23:22 lib + </screen> + <section role="h3" id="Java-Broker-Installation-InstallationUnix-SettingQPIDWORK"> + <title>Setting the working directory</title> + <para>Qpid requires a work directory. This directory is used for the default location of the Qpid log + file and is used for the storage of persistent messages. The work directory can be set on the + command-line (for the lifetime of the current shell), but you will normally want to set + the environment variable permanently the user's shell profile file (~/.bash_profile for Bash etc).</para> + <screen><![CDATA[export QPID_WORK=/var/qpidwork]]> + </screen> + <para>If the directory referred to by QPID_WORK does not exist, the Java Broker will attempt to create it + on start-up. + </para> + </section> + <section role="h3" id="Java-Broker-Installation-InstallationUnix-OptionalDependencies"> + <title>Optional Dependencies</title> + <para>The broker has an optional message store implementations backed by Oracle BDB JE. If you wish to use these + stores you will need to provide the optional Oracle BDB JE dependency. For more details, see <xref linkend="Java-Broker-Stores-BDB-Store"></xref> + </para> + </section> + </section> +</chapter> diff --git a/doc/book/src/java-broker/Java-Broker-Introduction.xml b/doc/book/src/java-broker/Java-Broker-Introduction.xml new file mode 100644 index 0000000000..651389d0ac --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Introduction.xml @@ -0,0 +1,89 @@ +<?xml version="1.0"?> +<!DOCTYPE chapter[ +<!ENTITY % entities SYSTEM "commonEntities.xml"> +%entities; +]> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<chapter id="Java-Broker-Introduction"> + <title>Introduction</title> + <para>The Java Broker is a powerful open-source message broker that implements all versions of the + <ulink url="http://www.amqp.org"> Advanced Message Queuing Protocol (AMQP)</ulink>. The Java + Broker is actually one of two message brokers provided by the <ulink + url="http://qpid.apache.org">Apache Qpid project</ulink>: the Java Broker and the C++ + Broker.</para> + <para>This document relates to the Java Broker. The <ulink url="&qpidCppBook;">C++ Broker is + described separately</ulink>.</para> + <para><emphasis>Headline features</emphasis></para> + <itemizedlist mark="circle"> + <listitem> + <para>100% Java implementation - runs on any platform supporting Java 1.6 or higher</para> + </listitem> + <listitem> + <para>Messaging clients support in Java, C++, Python.</para> + </listitem> + <listitem> + <para>JMS 1.1 compliance (Java client).</para> + </listitem> + <listitem> + <para>Persistent and non-persistent (transient) message support</para> + </listitem> + <listitem> + <para>Supports for all common messaging patterns (point-to-point, publish/subscribe, fan-out + etc).</para> + </listitem> + <listitem> + <para>Transaction support including XA<footnote> + <para>XA provided when using AMQP 0-10</para> + </footnote></para> + </listitem> + <listitem> + <para>Supports for all versions of the AMQP protocol</para> + </listitem> + <listitem> + <para>Automatic message translation, allowing clients using different AMQP versions to communicate with each other.</para> + </listitem> + <listitem> + <para>Pluggable authentication architecture with out-of-the-box support for Kerberos, LDAP, + External, and file-based authentication mechanisms.</para> + </listitem> + <listitem> + <para>Pluggable message store architecture with implementations based on <ulink + url="http://db.apache.org/derby/">Apache Derby</ulink>, <ulink + url="&oracleBdbProductOverviewUrl;">Oracle BDB JE</ulink><footnote> + <para>Oracle BDB JE must be downloaded separately.</para> + </footnote>, and Memory Store</para> + </listitem> + <listitem> + <para>Web based management interface and programmatic management interfaces via REST and JMX + APIs.</para> + </listitem> + <listitem> + <para>SSL support</para> + </listitem> + <listitem> + <para>High availability (HA) support.<footnote> + <para>HA currently only available to users of the optional BDB JE HA based message store.</para> + </footnote></para> + </listitem> + </itemizedlist> +</chapter> diff --git a/doc/book/src/java-broker/Java-Broker-Miscellaneous.xml b/doc/book/src/java-broker/Java-Broker-Miscellaneous.xml new file mode 100644 index 0000000000..007d6cde5b --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Miscellaneous.xml @@ -0,0 +1,80 @@ +<?xml version="1.0"?> +<!DOCTYPE entities [ +<!ENTITY % entities SYSTEM "commonEntities.xml"> +%entities; +]> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<chapter id="Java-Broker-Miscellaneous"> + <title>Miscellaneous</title> + + <section role="h2" id="Java-Broker-Miscellaneous-JVM-Verification"> + <title>JVM Installation verification</title> + <section role="h2" id="Java-Broker-Miscellaneous-JVM-Verification-Windows"> + <title>Verify JVM on Windows</title> + <para> + Firstly confirm that the JAVA_HOME environment variable is set correctly by typing the + following at the command prompt: + </para> + <programlisting><![CDATA[echo %JAVA_HOME%]]></programlisting> + <para> + If JAVA_HOME is set you will see something similar to the following: + </para> + <screen><![CDATA[c:"\PROGRA~1"\Java\jdk1.6.0_24\]]> + </screen> + <para> + Then confirm that a Java installation (1.6 or higher) is available: + </para> + <programlisting><![CDATA[java -version]]></programlisting> + <para> + If java is available on the path, output similar to the following will be seen: + </para> + <screen><![CDATA[java version "1.6.0_24" +Java(TM) SE Runtime Environment (build 1.6.0_24-b07) +Java HotSpot(TM) 64-Bit Server VM (build 19.1-b02, mixed mode)]]></screen> + </section> + + <section role="h2" id="Java-Broker-Miscellaneous-JVM-Verification-Unix"> + <title>Verify JVM on Windows</title> + <para> + Firstly confirm that the JAVA_HOME environment variable is set correctly by typing the + following at the command prompt: + </para> + <programlisting><![CDATA[echo $JAVA_HOME]]></programlisting> + <para> + If JAVA_HOME is set you will see something similar to the following: + </para> + <screen><![CDATA[/usr/java/jdk1.6.0_35]]> + </screen> + <para> + Then confirm that a Java installation (1.6 or higher) is available: + </para> + <programlisting><![CDATA[java -version]]></programlisting> + <para> + If java is available on the path, output similar to the following will be seen: + </para> + <screen><![CDATA[java version "1.6.0_35" +Java(TM) SE Runtime Environment (build 1.6.0_35-b10-428-11M3811) +Java HotSpot(TM) 64-Bit Server VM (build 20.10-b01-428, mixed mode)]]></screen> + </section> + </section> +</chapter> diff --git a/doc/book/src/java-broker/Java-Broker-Queues-Messaging-Groups.xml b/doc/book/src/java-broker/Java-Broker-Queues-Messaging-Groups.xml new file mode 100644 index 0000000000..60413282a0 --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Queues-Messaging-Groups.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<section id="Queues-Messaging-Groups"> +<title>Messaging Groups</title> + +</section> diff --git a/doc/book/src/java-broker/OtherQueueTypes.xml b/doc/book/src/java-broker/Java-Broker-Queues-OtherTypes.xml index d42e4e62cb..471d73f283 100644 --- a/doc/book/src/java-broker/OtherQueueTypes.xml +++ b/doc/book/src/java-broker/Java-Broker-Queues-OtherTypes.xml @@ -1,6 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> -<!DOCTYPE urls [ -<!ENTITY oracleJeeDocUrl "http://docs.oracle.com/javaee/6/api/"> +<!DOCTYPE entities [ +<!ENTITY % entities SYSTEM "commonEntities.xml"> +%entities; ]> <!-- @@ -23,26 +24,26 @@ --> -<section id="OtherQueueTypes"> +<section id="Java-Broker-Queues-OtherTypes"> <title>Other Queue Types</title> - <section role="h2" id="OtherQueueTypes-Introduction"> + <section role="h2" id="Java-Broker-Queues-OtherTypes-Introduction"> <title>Introduction</title> <para> In addition to the standard queue type where messages are delivered in the same order that they were sent, the Java Broker supports three additional queue types which allows for - alternative delivery behaviours. These are <link linkend="OtherQueueTypes-Priority" - >priority-queues</link>, <link linkend="OtherQueueTypes-Sorted">sorted-queues</link>-, and - <link linkend="OtherQueueTypes-LVQ">last-value-queues</link> (LVQs). </para> + alternative delivery behaviours. These are <link linkend="Java-Broker-Queues-OtherTypes-Priority" + >priority-queues</link>, <link linkend="Java-Broker-Queues-OtherTypes-Sorted">sorted-queues</link>-, and + <link linkend="Java-Broker-Queues-OtherTypes-LVQ">last-value-queues</link> (LVQs). </para> <para> In the following sections, the semantics of each queue type is described, followed by a description of how instances of these queue can be created via <link - linkend="OtherQueueTypes-CreateUsingConfig">configuration</link> or <link - linkend="OtherQueueTypes-CreateUsingJmsOrJmx">programmatically</link>. </para> + linkend="Java-Broker-Queues-OtherTypes-CreateUsingConfig">configuration</link> or <link + linkend="Java-Broker-Queues-OtherTypes-CreateUsingJmsOrJmx">programmatically</link>. </para> <para>The final section discusses the importance of using a <link - linkend="OtherQueueTypes-SetLowPrefetch">low client pre-fetch</link> with these queued. + linkend="Java-Broker-Queues-OtherTypes-SetLowPrefetch">low client pre-fetch</link> with these queued. </para> </section> - <section role="h2" id="OtherQueueTypes-Priority"> + <section role="h2" id="Java-Broker-Queues-OtherTypes-Priority"> <title>Priority Queues</title> <para>In a priority queue, messages on the queue are delivered in an order determined by the <ulink url="&oracleJeeDocUrl;javax/jms/Message.html#getJMSPriority()">JMS priority message @@ -53,7 +54,7 @@ default message priority</ulink> as 4. Messages sent without a specified priority use this default. </para> </section> - <section role="h2" id="OtherQueueTypes-Sorted"> + <section role="h2" id="Java-Broker-Queues-OtherTypes-Sorted"> <title>Sorted Queues</title> <para>Sorted queues allow the message delivery order to be determined by value of an arbitrary <ulink url="&oracleJeeDocUrl;javax/jms/Message.html#getStringProperty()">JMS message @@ -62,7 +63,7 @@ <para>Messages sent to a sorted queue without the specified JMS message property will be inserted into the 'last' position in the queue.</para> </section> - <section role="h2" id="OtherQueueTypes-LVQ"> + <section role="h2" id="Java-Broker-Queues-OtherTypes-LVQ"> <title>Last Value Queues (LVQ)</title> <para>LVQs (or conflation queues) are special queues that automatically discard any message when a newer message arrives with the same key value. The key is specified by arbitrary <ulink @@ -78,7 +79,7 @@ <para>Messages sent to an LVQ without the specified property will be delivered as normal and will never be "replaced".</para> </section> - <section role="h2" id="OtherQueueTypes-Create"> + <section role="h2" id="Java-Broker-Queues-OtherTypes-Create"> <title>Creating a Priority, Sorted or LVQ Queue</title> <para>To create a priority, sorted or LVQ queue, it can be defined in the virtualhost configuration file, or the queue can be created programmtically from a client via AMQP (using @@ -86,12 +87,12 @@ <para>Once a queue is created you cannot change its type (without deleting it and re-creating). Also note you cannot currently mix the natures of these queue types, for instance, you cannot define a queue which it both an LVQ and a priority-queue.</para> - <section role="h2" id="OtherQueueTypes-CreateUsingConfig"> + <section role="h2" id="Java-Broker-Queues-OtherTypes-CreateUsingConfig"> <title>Using configuration</title> <para>To create a priority, sorted or LVQ queue within configuration, add the appropriate xml to the virtualhost.xml configuration file within the <varname>queues</varname> element.</para> - <section role="h3" id="OtherQueueTypes-CreateUsingConfig-Priority"> + <section role="h3" id="Java-Broker-Queues-OtherTypes-CreateUsingConfig-Priority"> <title>Priority</title> <para> To defining a priority queue, add a <priority>true</priority> element. By default the queue will have 10 distinct priorities. </para> @@ -124,7 +125,7 @@ </queue>]]></programlisting> </example> </section> - <section role="h3" id="OtherQueueTypes-CreateUsingConfig-Sorted"> + <section role="h3" id="Java-Broker-Queues-OtherTypes-CreateUsingConfig-Sorted"> <title>Sorted</title> <para> To define a sorted queue, add a <varname>sortKey</varname> element. The value of the <varname>sortKey</varname> element defines the message property to use the value of when @@ -140,7 +141,7 @@ </queue>]]></programlisting> </example> </section> - <section role="h3" id="OtherQueueTypes-CreateUsingConfig-LVQ"> + <section role="h3" id="Java-Broker-Queues-OtherTypes-CreateUsingConfig-LVQ"> <title>LVQ</title> <para> To define a LVQ, add a <varname>lvq</varname> element with the value <constant>true</constant>. Without any further configuration this will define an LVQ @@ -171,11 +172,12 @@ </example> </section> </section> - <section role="h2" id="OtherQueueTypes-CreateUsingJmsOrJmx"> - <title>Using JMS or AMQP</title> + <section role="h2" id="Java-Broker-Queues-OtherTypes-CreateUsingJmsOrJmx"> + <title>Using JMX or AMQP</title> <para>To create a priority, sorted or LVQ queue programmatically from JMX or using a Qpid extension to JMS, pass the appropriate queue-declare arguments.</para> <table> + <title>Queue-declare arguments understood for priority, sorted and LVQ queues</title> <tgroup cols="4"> <thead> <row> @@ -242,7 +244,7 @@ managedBroker.createNewQueue("myqueue", null, true, arguments);]]></programlisti </section> </section> - <section role="h2" id="OtherQueueTypes-SetLowPrefetch"> + <section role="h2" id="Java-Broker-Queues-OtherTypes-SetLowPrefetch"> <title>Low pre-fetch</title> <para>Qpid clients receive buffered messages in batches, sized according to the pre-fetch value. The current default is 500. </para> diff --git a/doc/book/src/java-broker/Java-Broker-Queues.xml b/doc/book/src/java-broker/Java-Broker-Queues.xml new file mode 100644 index 0000000000..050d4cdbce --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Queues.xml @@ -0,0 +1,27 @@ +<?xml version="1.0"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<chapter id="Java-Broker-Queues"> + <title>Queues</title> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Queues-Messaging-Groups.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Queues-OtherTypes.xml"/> +</chapter> diff --git a/doc/book/src/java-broker/Java-Broker-Runtime-Alerts.xml b/doc/book/src/java-broker/Java-Broker-Runtime-Alerts.xml new file mode 100644 index 0000000000..29ac68b937 --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Runtime-Alerts.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<section id="Java-Broker-Runtime-Alerts"> +<title>Alerts</title> + +</section> diff --git a/doc/book/src/java-broker/Producer-Flow-Control.xml b/doc/book/src/java-broker/Java-Broker-Runtime-Disk-Space-Management-Producer-Flow-Control.xml index 262279510e..8db014a6b7 100644 --- a/doc/book/src/java-broker/Producer-Flow-Control.xml +++ b/doc/book/src/java-broker/Java-Broker-Runtime-Disk-Space-Management-Producer-Flow-Control.xml @@ -23,7 +23,7 @@ <section id="Qpid-Producer-Flow-Control"> <title>Producer Flow Control</title> - <section role="h2" id="QpidProducerFlowControlGeneralInformation"> + <section role="h2" id="Java-Broker-Runtime-Disk-Space-Management-Producer-Flow-Control-GeneralInformation"> <title>General Information</title> <para> The Qpid 0.6 release introduced a simplistic producer-side flow control mechanism @@ -32,7 +32,7 @@ mechanism triggered by an overfull persistent message store on a virtual host. </para> </section> - <section role="h2" id="QpidProducerFlowControlServerConfiguration"> + <section role="h2" id="Java-Broker-Runtime-Disk-Space-Management-Producer-Flow-Control-ServerConfiguration"> <title>Server Configuration</title> <section role="h3"> <title>Configuring a Queue to use flow control</title> @@ -44,6 +44,9 @@ "capacity" of the Queue. A Queue becomes "underfull" when its size becomes less than the "flowResumeCapacity". + + <example> + <title>Configuring a queue depth limit</title> <programlisting> <![CDATA[ <queue> @@ -56,9 +59,12 @@ </queue> ]]> </programlisting> + </example> The default for all queues on a virtual host can also be set + <example> + <title>Configuring a default queue depth limit on a virtualhost</title> <programlisting> <![CDATA[ <virtualhosts> @@ -72,6 +78,7 @@ </virtualhosts> ]]> </programlisting> + </example> Where no flowResumeCapacity is set, the flowResumeCapacity is set to be equal to the capacity. Where no capacity is set, capacity is defaulted to 0 meaning @@ -127,6 +134,9 @@ MESSAGE [con:2(guest@anonymous(713889609)/test)/ch:1] [con:2(guest@anonymous(713 <para> An example of quota configuration for the BDB message store is provided below. </para> + + <example> + <title>Configuring a limit on a store</title> <programlisting> <![CDATA[ <store> @@ -137,6 +147,7 @@ MESSAGE [con:2(guest@anonymous(713889609)/test)/ch:1] [con:2(guest@anonymous(713 </store> ]]> </programlisting> + </example> <para> The disk quota functionality is based on "best effort" principle. This means the broker cannot guarantee that the disk space limit will not be exceeded. If several concurrent @@ -163,7 +174,7 @@ MESSAGE [con:2(guest@anonymous(713889609)/test)/ch:1] [con:2(guest@anonymous(713 </section><!-- Server configuration --> - <section role="h2" id="QpidProducerFlowControlClientImpact"> + <section role="h2" id="Java-Broker-Runtime-Disk-Space-Management-Producer-Flow-Control-ClientImpact"> <title>Client impact and configuration</title> <para> If a producer sends to a queue which is overfull, the broker will respond by diff --git a/doc/book/src/java-broker/Java-Broker-Runtime-Disk-Space-Management.xml b/doc/book/src/java-broker/Java-Broker-Runtime-Disk-Space-Management.xml new file mode 100644 index 0000000000..814b366d9d --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Runtime-Disk-Space-Management.xml @@ -0,0 +1,27 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<section id="Java-Broker-Runtime-Disk-Space-Management"> + <title>Disk Space Management</title> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Runtime-Disk-Space-Management-Producer-Flow-Control.xml"/> + +</section> diff --git a/doc/book/src/java-broker/Java-Broker-Runtime-Handling-Undeliverable-Messages.xml b/doc/book/src/java-broker/Java-Broker-Runtime-Handling-Undeliverable-Messages.xml new file mode 100644 index 0000000000..40c0e44629 --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Runtime-Handling-Undeliverable-Messages.xml @@ -0,0 +1,169 @@ +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE entities [ +<!ENTITY % entities SYSTEM "commonEntities.xml"> +%entities; +]> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<section id="Java-Broker-Runtime-Handling-Undeliverable-Messages"> + <title>Handing Undeliverable Messages</title> + + <section role="h2" id="Java-Broker-Runtime-Handling-Undeliverable-Messages-Introduction"> + <title>Introduction</title> + <para> Messages that cannot be delivered successfully to a consumer (for instance, because the + client is using a transacted session and rolls-back the transaction) can be made available on + the queue again and then subsequently be redelivered, depending on the precise session + acknowledgement mode and messaging model used by the application. This is normally desirable + behaviour that contributes to the ability of a system to withstand unexpected errors. However, it + leaves open the possibility for a message to be repeatedly redelivered (potentially indefinitely), + consuming system resources and preventing the delivery of other messages. Such undeliverable + messages are sometimes known as poison messages.</para> + <para>For an example, consider a stock ticker application that has been designed to consume prices + contained within JMS TextMessages. What if inadvertently a BytesMessage is placed onto the queue? + As the ticker application does not expect the BytesMessage, its processing might fail and cause it + to roll-back the transaction, however the default behavior of the Broker would mean that the + BytesMessage would be delivered over and over again, preventing the delivery of other legitimate + messages, until an operator intervenes and removes the erroneous message from the queue. </para> + <para>Qpid has maximum delivery count and dead-letter queue (DLQ) features which can be used in + concert to construct a system that automatically handles such a condition. These features are + described in the following sections.</para> + </section> + + <section role="h2" id="Java-Broker-Runtime-Handling-Undeliverable-Messages-Maximum-Delivery-Count"> + <title>Maximum Delivery Count</title> + <para> Maximum delivery count is a property of a queue. If a consumer application is unable to + process a message more than the specified number of times, then the broker will either route the + message to a dead-letter queue (if one has been defined), or will discard the message. </para> + <para> In order for a maximum delivery count to be enforced, the consuming client + <emphasis>must</emphasis> call <ulink url="&oracleJeeDocUrl;javax/jms/Session.html#rollback()" + >Session#rollback()</ulink> (or <ulink url="&oracleJeeDocUrl;javax/jms/Session.html#recover()" + >Session#recover()</ulink> if the session is not transacted). It is during the Broker's + processing of Session#rollback() (or Session#recover()) that if a message has been seen + at least the maximum number of times then it will move the message to the DLQ or discard the + message.</para> + <para>If the consuming client fails in another manner, for instance, closes the connection, the + message will not be re-routed and consumer application will see the same poison message again + once it reconnects.</para> + <para> If the consuming application is using AMQP 0-9-1, 0-9, or 0-8 protocols, it is necessary to + set the client system property <varname>qpid.reject.behaviour</varname> or connection or binding + URL option <varname>rejectbehaviour</varname> to the value <literal>system</literal>.</para> + <para>It is possible to determine the number of times a message has been sent to a consumer via + the Management interfaces, but is not possible to determine this information from a message client. + Specifically, the optional JMS message header <property>JMSXDeliveryCount</property> is not + supported.</para> + <para>Maximum Delivery Count can be enabled via management (see <xref + linkend="Java-Broker-Configuring-And-Managing"/>) using the the queue declare property + <property>x-qpid-maximum-delivery-count</property> or via <link + linkend="Java-Broker-Runtime-Handling-Undeliverable-Messages-Configuration">configuration</link> + as illustrated below.</para> + </section> + + <section role="h2" id="Java-Broker-Runtime-Handling-Undeliverable-Messages-Dead-Letter-Queues"> + <title>Dead Letter Queues (DLQ)</title> + <para>A Dead Letter Queue (DLQ) acts as an destination for messages that have somehow exceeded the + normal bounds of processing and is utilised to prevent disruption to flow of other messages. When + a DLQ is enabled for a given queue if a consuming client indicates it no longer wishes the + receive the message (typically by exceeding a Maximum Delivery Count) then the message is moved + onto the DLQ and removed from the original queue. </para> + <para>The DLQ feature causes generation of a Dead Letter Exchange and a Dead Letter Queue. These + are named convention QueueName<emphasis>_DLE</emphasis> and QueueName<emphasis>_DLQ</emphasis>.</para> + <para>DLQs can be enabled via management (see <xref linkend="Java-Broker-Configuring-And-Managing" + />) using the queue declare property <property>x-qpid-dlq-enabled</property> or via <link + linkend="Java-Broker-Runtime-Handling-Undeliverable-Messages-Configuration">configuration</link> + as illustrated below.</para> + <caution> + <title>Avoid excessive queue depth</title> + <para>Applications making use of DLQs <emphasis>should</emphasis> make provision for the frequent + examination of messages arriving on DLQs so that both corrective actions can be taken to resolve + the underlying cause and organise for their timely removal from the DLQ. Messages on DLQs + consume system resources in the same manner as messages on normal queues so excessive queue + depths should not be permitted to develop.</para> + </caution> + </section> + + <section role="h2" id="Java-Broker-Runtime-Handling-Undeliverable-Messages-Configuration"> + <title>Configuration</title> + <para>In the below configuration it can be seen that DLQs/Maximum Delivery Count are enabled at + the broker level with maximum delivery count set to 5, disabled at the virtualhost level for the + 'dev-only' virtualhost, and enabled specifically for the 'dev-only-main-queue' with maximum + delivery count overridden to 5. </para> + <para>As 'dev-only-main-queue' has its own configuration specified, this value overrides all + others and causes the features to be enabled for this queue. In contrast to this, + 'dev-only-other-queue' does not specify its own value and picks up the false value specified for + its parent virtualhost, causing the DLQ/Maximum Delivery Count features to be disabled for this + queue. Any such queue in the 'dev-only' virtualhost which does not specify its own configuration + value will have the DLQ/Maximum Delivery Count feature disabled.</para> + <para>The queue 'localhost-queue' has the DLQ/Maximum Delivery Count features enabled, as neither + the queue itself or the 'localhost' virtualhost specifies a configuration value and so the broker + level value of true is used. Any such queue in the 'localhost' virtualhost which does not specify + its own configuration value will have the features enabled.</para> + <example> + <title>Enabling DLQs and maximum delivery count at broker level within config.xml</title> + <programlisting><![CDATA[<broker> + ... + <deadLetterQueues>true</deadLetterQueues> + <maximumDeliveryCount>5</maximumDeliveryCount> + ... +</broker>]]></programlisting> + </example> + <example> + <title>Enabling DLQs and maximum delivery count at virtualhost and queue level within + virtualhosts.xml</title> + <programlisting><![CDATA[<virtualhosts> + ... + <virtualhost> + <name>dev-only</name> + <dev-only> + <queues> + <deadLetterQueues>false</deadLetterQueues> + <maximumDeliveryCount>0</maximumDeliveryCount> + <queue> + <name>dev-only-main-queue</name> + <dev-only-main-queue> + <deadLetterQueues>true</deadLetterQueues> + <maximumDeliveryCount>3</maximumDeliveryCount> + </dev-only-main-queue> + </queue> + <queue> + <name>dev-only-other-queue</name> + </queue> + </queues> + </dev-only> + </virtualhost> + <virtualhost> + <name>localhost</name> + <localhost> + <queues> + <queue> + <name>localhost-queue</name> + </queue> + </queues> + </localhost> + </virtualhost> + ... +</virtualhosts>]]> + </programlisting> + </example> + </section> + + +</section> diff --git a/doc/book/src/java-broker/Java-Broker-Runtime-Log-Files.xml b/doc/book/src/java-broker/Java-Broker-Runtime-Log-Files.xml new file mode 100644 index 0000000000..84ee4db6d3 --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Runtime-Log-Files.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<section id="Java-Broker-Runtime-Log-Files"> +<title>Log Files</title> + +</section> diff --git a/doc/book/src/java-broker/Java-Broker-Runtime-Producer-Transaction-Timeout.xml b/doc/book/src/java-broker/Java-Broker-Runtime-Producer-Transaction-Timeout.xml new file mode 100644 index 0000000000..04212d94ed --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Runtime-Producer-Transaction-Timeout.xml @@ -0,0 +1,181 @@ +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE entities [ +<!ENTITY % entities SYSTEM "commonEntities.xml"> +%entities; +]> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<section id="Java-Broker-Runtime-Producer-Transaction-Timeout"> + <title>Producer Transaction Timeout</title> + <section role="h2" id="Java-Broker-Runtime-Producer-Transaction-Timeout-GeneralInformation"> + <title>General Information</title> + <para> The transaction timeout mechanism is used to control broker resources when clients + producing messages using transactional sessions hang or otherwise become unresponsive, or simply + begin a transaction and keep using it without ever calling <ulink + url="&oracleJeeDocUrl;javax/jms/Session.html#commit">Session#commit()</ulink>.</para> + <para>Users can choose to configure an idleWarn or openWarn threshold, after which the identified + transaction should be logged as a WARN level alert as well as (more importantly) an idleClose or + openClose threshold after which the transaction and the connection it applies to will be + closed.</para> + <para>This feature is particularly useful in environments where the owner of the broker does not + have full control over the implementation of clients, such as in a shared services + deployment.</para> + <para>The following section provide more details on this feature and its use.</para> + </section> + <section role="h2" id="Java-Broker-Runtime-Producer-Transaction-Timeout-Purpose"> + <title>Purpose</title> + <para> This feature has been introduced to address the scenario where an open transaction on the + broker holds an open transaction on the persistent store. This can have undesirable consequences + if the store does not time out or close long-running transactions, such as with <link + linkend="Java-Broker-Stores-BDB-Store">BDB</link>. This can can result in a rapid increase in + disk usage size, bounded only by available space, due to growth of the transaction log. </para> + </section> + <section role="h2" id="Java-Broker-Runtime-Producer-Transaction-Timeout-Scope"> + <title>Scope</title> + <para>Note that only <ulink url="&oracleJeeDocUrl;javax/jms/MessageProducer.html" + >MessageProducer</ulink> clients will be affected by a transaction timeout, since store + transaction lifespan on a consumer only spans the execution of the call to Session#commit() and + there is no scope for a long-lived transaction to arise.</para> + <para>It is also important to note that the transaction timeout mechanism is purely a JMS + transaction timeout, and unrelated to any other timeouts in the Qpid client library and will have + no impact on any RDBMS your application may utilise.</para> + </section> + <section role="h2" id="Java-Broker-Runtime-Producer-Transaction-Timeout-Effect"> + <title>Effect</title> + <para>Full details of configuration options are provided in the sections that follow. This section + gives a brief overview of what the Transaction Timeout feature can do.</para> + <section role="h3" id="Java-Broker-Runtime-Producer-Transaction-Timeout-Effect-Broker-Side"> + <title>Broker Logging and Connection Close</title> + <para>When the openWarn or idleWarn specified threshold is exceeded, the broker will log a WARN + level alert with details of the connection and channel on which the threshold has been exceeded, + along with the age of the transaction.</para> + <para>When the openClose or idleClose specified threshold value is exceeded, the broker will + throw an exception back to the client connection via the <ulink + url="&oracleJeeDocUrl;javax/jms/ExceptionListener.html">ExceptionListener</ulink>, log the + action and then close the connection.</para> + <para>The example broker log output shown below is where the idleWarn threshold specified is + lower than the idleClose threshold and the broker therefore logs the idle transaction 3 times + before the close threshold is triggered and the connection closed out.</para> + <screen><![CDATA[CHN-1008 : Idle Transaction : 13,116 ms +CHN-1008 : Idle Transaction : 14,116 ms +CHN-1008 : Idle Transaction : 15,118 ms +CHN-1003 : Close]]> + </screen> + <para>The second example broker log output shown below illustrates the same mechanism operating + on an open transaction.</para> + <screen><![CDATA[ +CHN-1007 : Open Transaction : 12,406 ms +CHN-1007 : Open Transaction : 13,406 ms +CHN-1007 : Open Transaction : 14,406 ms +CHN-1003 : Close]]> + </screen> + </section> + <section role="h3" id="Java-Broker-Runtime-Producer-Transaction-Timeout-Effect-Client-Side"> + <title>Client Side Effect</title> + <para>After a Close threshold has been exceeded, the trigger client will receive this exception + on its <ulink url="&oracleJeeDocUrl;javax/jms/ExceptionListener.html">exception + listener</ulink>, prior to being disconnected:</para> + <computeroutput>org.apache.qpid.AMQConnectionClosedException: Error: Idle transaction timed out + [error code 506: resource error]</computeroutput> + <para>Any later attempt to use the connection will result in this exception being thrown:</para> + <screen><![CDATA[Producer: Caught an Exception: javax.jms.IllegalStateException: Object org.apache.qpid.client.AMQSession_0_8@129b0e1 has been closed + javax.jms.IllegalStateException: Object org.apache.qpid.client.AMQSession_0_8@129b0e1 has been closed + at org.apache.qpid.client.Closeable.checkNotClosed(Closeable.java:70) + at org.apache.qpid.client.AMQSession.checkNotClosed(AMQSession.java:555) + at org.apache.qpid.client.AMQSession.createBytesMessage(AMQSession.java:573)]]> + </screen> + <para>Thus clients must be able to handle this case successfully, reconnecting where required and + registering an exception listener on all connections. This is critical, and must be communicated + to client applications by any broker owner switching on transaction timeouts.</para> + </section> + + </section> + <section role="h2" id="Java-Broker-Runtime-Producer-Transaction-Timeout-Configuration"> + <title>Configuration</title> + <section role="h3" id="Java-Broker-Runtime-Producer-Transaction-Timeout-Configuration-Overview"> + <title>Configuration</title> + <para>Transaction timeouts are configurable separately on each defined virtual host, using the + virtualhosts.xml file.</para> + <para>We would recommend that only warnings are configured at first, which should allow broker + administrators to obtain an idea of the distribution of transaction lengths on their systems, + and configure production settings appropriately for both warning and closure. Ideally + establishing thresholds should be achieved in a representative UAT environment, with clients and + broker running, prior to any production deployment.</para> + <para>It is impossible to give suggested values, due to the large variation in usage depending on + the applications using a broker. However, clearly transactions should not span the expected + lifetime of any client application as this would indicate a hung client.</para> + <para>When configuring warning and closure timeouts, it should be noted that these only apply to + message producers that are connected to the broker, but that a timeout will cause the connection + to be closed - this disconnecting all producers and consumers created on that connection.</para> + <para>This should not be an issue for environments using Mule or Spring, where connection + factories can be configured appropriately to manage a single MessageProducer object per JMS + Session and Connection. Clients that use the JMS API directly should be aware that sessions + managing both consumers and producers, or multiple producers, will be affected by a single + producer hanging or leaving a transaction idle or open, and closed, and must take appropriate + action to handle that scenario.</para> + </section> + <section role="h3" + id="Java-Broker-Runtime-Producer-Transaction-Timeout-Configuration-Virtualhosts"> + <title>Virtualhosts.xml</title> + <para> The JMS transaction timeouts are configured on each virtual host defined in the XML + configuration files.</para> + <para> The default values for each of the parameters is 0, indicating that the particular check + is disabled.</para> + <para> Any or all of the parameters can be set, using the desired value in milliseconds, and will + be checked each time the housekeeping process runs, usually set to run every 30 seconds in + standard configuration. The meaning of each property is as follows:</para> + <para> + <itemizedlist> + <listitem> + <para>openWarn - the time a transaction can be open for (with activity occurring on it) after + which a warning alert will be issued.</para> + </listitem> + <listitem> + <para>openClose - the time a transaction can be open for before the connection it is on is + closed.</para> + </listitem> + <listitem> + <para>idleWarn - the time a transaction can be idle for (with no activity occurring on it) + after which a warning alert will be issued.</para> + </listitem> + <listitem> + <para>idleClose - the time a transaction can be idle for before the connection it is on is + closed.</para> + </listitem> + </itemizedlist> + </para> + <para> The virtualhosts configuration is shown below, and must occur inside the + //virtualhosts/virtualhost/name/ elements: </para> + <example> +<title>Configuring producer transaction timeout</title> + <programlisting><![CDATA[ +<transactionTimeout> + <openWarn>10000</openWarn> + <openClose>20000</openClose> + <idleWarn>5000</idleWarn> + <idleClose>15000</idleClose> +</transactionTimeout> + ]]></programlisting> + </example> + </section> + </section> +</section> diff --git a/doc/book/src/java-broker/Java-Broker-Runtime.xml b/doc/book/src/java-broker/Java-Broker-Runtime.xml new file mode 100644 index 0000000000..2af775d2fc --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Runtime.xml @@ -0,0 +1,30 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<chapter id="Java-Broker-Runtime"> + <title>Runtime</title> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Runtime-Log-Files.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Runtime-Alerts.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Runtime-Disk-Space-Management.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Runtime-Producer-Transaction-Timeout.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Runtime-Handling-Undeliverable-Messages.xml"/> +</chapter> diff --git a/doc/book/src/java-broker/Configure-ACLs.xml b/doc/book/src/java-broker/Java-Broker-Security-ACLs.xml index e82f2a86d0..21e1052183 100644 --- a/doc/book/src/java-broker/Configure-ACLs.xml +++ b/doc/book/src/java-broker/Java-Broker-Security-ACLs.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!-- - + Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information @@ -9,39 +9,39 @@ to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - + http://www.apache.org/licenses/LICENSE-2.0 - + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - + --> -<section id="Configuring-ACLS"> - <title> - Configuring ACLs - </title> +<section id="Java-Broker-Security-ACLs"> + <title>Access Control Lists</title> <para> - In Qpid, ACLs specify which actions can be performed by each authenticated user. To enable the ACL <acl/> element is used within the - <security/> element of the configuration XML. In the Java Broker, the ACL may be imposed broker wide or applied to individual virtual - hosts. The <acl/> references a text file containing the ACL rules. By convention, this file should have a .acl extension. + In Qpid, Access Control Lists (ACLs) specify which actions can be performed by each authenticated user. + To enable, the <acl/> element is used within the <security/> element of the configuration XML. + In the Java Broker, the ACL may be imposed broker wide or applied to individual virtual + hosts. The <acl/> configuration references a text file containing the ACL rules. + By convention, this file should have a .acl extension. </para> - <section role="h3" id="ConfigureACLs-EnablingACL"> + <section role="h3" id="Java-Broker-Security-ACLs-EnablingACL"> <title> Enabling ACLs </title> <para> - To apply an ACL broker-wide, add the following to the config.xml (Assuming that <replaceable>conf</replaceable> has been set to a suitable - location such as ${QPID_HOME}/etc) + To apply an ACL broker-wide, add the following to the config.xml (assuming that <replaceable>conf</replaceable> has been set to a suitable + location such as ${QPID_HOME}/etc): </para> - + <programlisting> <broker> ... @@ -58,7 +58,7 @@ <para> To apply an ACL on a single virtualhost named <replaceable>test</replaceable>, add the following to the config.xml: </para> - + <programlisting> <virtualhost> ... @@ -73,17 +73,16 @@ </programlisting> </section> - <section role="h3" id="ConfigureACLs-WriteACL"> + <section role="h3" id="Java-Broker-Security-ACLs-WriteACL"> <title> Writing .acl files </title> <para> - The ACL file consists of a series of rules and group definitions. Each rule grants or denies specific rights to a user or group. Group - definitions declare groups of users and serve to make the ACL file more concise. + The ACL file consists of a series of rules associating behaviour for a user or group. Use of groups can serve to make the ACL file more concise. See <link linkend="Java-Broker-Security-Group-Providers">Configuring Group Providers</link> for more information on defining groups. </para> <para> - Each ACL rule grants (or denies) a particular action on a object to a user. The rule may be augmented with one or more properties, restricting + Each ACL rule grants or denies a particular action on an object to a user/group. The rule may be augmented with one or more properties, restricting the rule's applicability. </para> <programlisting> @@ -103,46 +102,41 @@ If the desire is to allow bob to create all exchanges except "myexch", order of the rules must be reversed: </para> <programlisting> - ACL DENY bob CREATE EXCHANGE name="myexch" + ACL DENY bob CREATE EXCHANGE name="myexch" ACL ALLOW bob ALL EXCHANGE </programlisting> <para> - All ACL files end with a implict rule denying all operations to all users. It is as if each file ends with + All ACL files end with an implict rule denying all operations to all users. It is as if each file ends with <programlisting>ACL DENY ALL ALL </programlisting> - To allow all operations, other than those controlled by earlier use <programlisting>ACL ALLOW ALL ALL </programlisting> instead. + If instead you wish to <emphasis>allow</emphasis> all operations other than those controlled by earlier rules, + add <programlisting>ACL ALLOW ALL ALL</programlisting> to the bottom of the ACL file. </para> <para> When writing a new ACL, a good approach is to begin with an .acl file containing only <programlisting>ACL DENY-LOG ALL ALL</programlisting> which will cause the Broker to deny all operations with details of the denial logged to the Qpid log file. Build up the ACL rule by rule, - gradually working through the use-cases of your system. Once the ACL is complete, switch the DEBY-LOG to DENY for optimum performamce. + gradually working through the use-cases of your system. Once the ACL is complete, consider switching the DENY-LOG actions to DENY + to improve performamce and reduce log noise. </para> <para> - ACL rules are very powerful: it is possible to write very expressive rules permissioning every AMQP objects enumerating all object + ACL rules are very powerful: it is possible to write very granular rules specifying many broker objects and their properties. Most projects probably won't need this degree of flexibility. A reasonable approach is to choose to apply permissions - at a certain level of abstraction (i.e. QUEUE) and apply consistently across the whole system. + at a certain level of abstraction (e.g. QUEUE) and apply them consistently across the whole system. </para> </section> - <section role="h4" id="ConfigureACLs-Syntax"> + <section role="h4" id="Java-Broker-Security-ACLs-Syntax"> <title> Syntax </title> <para> - ACL rules must follow this syntax: + ACL rules follow this syntax: </para> <programlisting> ACL {permission} {<group-name>|<user-name>>|ALL} {action|ALL} [object|ALL] [property="<property-value>"] </programlisting> <para> - GROUP definitions must follow this syntax: - </para> - <programlisting> - GROUP {group name} {username 1}..{username n} # Where username is a username, or a groupname. - </programlisting> - - <para> Comments may be introduced with the hash (#) character and are ignored. Long lines can be broken with the slash (\) character. </para> <programlisting> @@ -150,12 +144,10 @@ ACL ALLOW admin CREATE ALL # Also a comment ACL DENY guest \ ALL ALL # A broken line - GROUP securegroup bob \ - alice # Another broker line </programlisting> </section> - <table id="tabl-ConfigureACLs-Syntax_permissions"> - <title>ACL Rules: permission</title> + <table id="table-Java-Broker-Security-ACLs-Syntax_permissions"> + <title>List of ACL permission</title> <tgroup cols="2"> <tbody> <row> @@ -177,8 +169,8 @@ </tbody> </tgroup> </table> - <table id="tabl-ConfigureACLs-Syntax_actions"> - <title>ACL Rules:action</title> + <table id="table-Java-Broker-Security-ACLs-Syntax_actions"> + <title>List of ACL actions</title> <tgroup cols="2"> <tbody> <row> @@ -220,39 +212,51 @@ </tbody> </tgroup> </table> - <table id="tabl-ConfigureACLs-Syntax_objects"> - <title>ACL Rules:object</title> + <table id="table-Java-Broker-Security-ACLs-Syntax_objects"> + <title>List of ACL objects</title> <tgroup cols="2"> <tbody> <row> + <entry> <command>VIRTUALHOST</command> </entry> + <entry> <para>A virtualhost (Java Broker only)</para> </entry> + </row> + <row> + <entry> <command>MANAGEMENT </command> </entry> + <entry> <para>Management - for web and JMX (Java Broker only)</para> </entry> + </row> + <row> <entry> <command>QUEUE</command> </entry> - <entry> <para> A queue </para> </entry> + <entry> <para>A queue </para> </entry> </row> <row> <entry> <command>EXCHANGE</command> </entry> - <entry> <para> An exchange </para> </entry> + <entry> <para>An exchange </para> </entry> </row> <row> - <entry> <command>VIRTUALHOST</command> </entry> - <entry> <para> A virtualhost (Java Broker only)</para> </entry> + <entry> <command>USER</command> </entry> + <entry> <para>A user (Java Broker only)</para> </entry> </row> <row> - <entry> <command>METHOD</command> </entry> - <entry> <para> Management or agent or broker method (Java Broker only)</para> </entry> + <entry> <command>GROUP</command> </entry> + <entry> <para>A group (Java Broker only)</para> </entry> </row> <row> - <entry> <command>BROKER</command> </entry> - <entry> <para> The broker (not currently used in Java Broker)</para> </entry> + <entry> <command>METHOD</command> </entry> + <entry> <para>Management or agent or broker method (Java Broker only)</para> </entry> </row> <row> <entry> <command>LINK</command> </entry> - <entry> <para> A federation or inter-broker link (not currently used in Java Broker)</para> </entry> + <entry> <para>A federation or inter-broker link (not currently used in Java Broker)</para> </entry> + </row> + <row> + <entry> <command>BROKER</command> </entry> + <entry> <para>The broker (not currently used in Java Broker)</para> </entry> </row> </tbody> </tgroup> </table> - <table id="tabl-ConfigureACLs-Syntax_properties"> - <title>ACL Rules:property</title> + <table id="table-Java-Broker-Security-ACLs-Syntax_properties"> + <title>List of ACL properties</title> <tgroup cols="2"> <tbody> <row> @@ -307,11 +311,63 @@ <entry> <command>schemaclass</command> </entry> <entry> <para> String. QMF schema class name (Not used in Java Broker)</para> </entry> </row> + <row> + <entry> <command>from_network</command> </entry> + <entry> + <para> + Comma-separated strings representing IPv4 address ranges. + </para> + <para> + Intended for use in ACCESS VIRTUALHOST rules to apply firewall-like restrictions. + </para> + <para> + The rule matches if any of the address ranges match the IPv4 address of the messaging client. + The address ranges are specified using either Classless Inter-Domain Routing notation + (e.g. 192.168.1.0/24; see <ulink url="http://tools.ietf.org/html/rfc4632">RFC 4632</ulink>) + or wildcards (e.g. 192.169.1.*). + </para> + <para> + Java Broker only. + </para> + </entry> + </row> + <row> + <entry> <command>from_hostname</command> </entry> + <entry> + <para> + Comma-separated strings representing hostnames, specified using Perl-style regular + expressions, e.g. .*\.example\.company\.com + </para> + <para> + Intended for use in ACCESS VIRTUALHOST rules to apply firewall-like restrictions. + </para> + <para> + The rule matches if any of the patterns match the hostname of the messaging client. + </para> + <para> + To look up the client's hostname, Qpid uses Java's DNS support, which internally caches its results. + </para> + <para> + You can modify the time-to-live of cached results using the *.ttl properties described on the + Java <ulink url="http://docs.oracle.com/javase/6/docs/technotes/guides/net/properties.html">Networking + Properties</ulink> page. + </para> + <para> + For example, you can either set system property sun.net.inetaddr.ttl from the command line + (e.g. export QPID_OPTS="-Dsun.net.inetaddr.ttl=0") or networkaddress.cache.ttl in + $JAVA_HOME/lib/security/java.security. The latter is preferred because it is JVM + vendor-independent. + </para> + <para> + Java Broker only. + </para> + </entry> + </row> </tbody> </tgroup> </table> - <table id="tabl-ConfigureACLs-Syntax_javacomponents"> - <title>ACL rules:components (Java Broker only)</title> + <table id="table-Java-Broker-Security-ACLs-Syntax_javacomponents"> + <title>List of ACL rules</title> <tgroup cols="3"> <tbody> <row> @@ -349,92 +405,131 @@ </tbody> </tgroup> </table> - <section role="h4" id="ConfigureACLs-WorkedExamples"> + <section role="h4" id="Java-Broker-Security-ACLs-WorkedExamples"> <title> Worked Examples </title> <para> - Here are three example ACLs illustrating some common use-cases. + Here are some example ACLs illustrating common use cases. + In addition, note that the Java broker provides a complete example ACL file, located at etc/broker_example.acl. </para> - <section role="h4" id="ConfigureACLs-WorkedExample1"> + <section role="h4" id="Java-Broker-Security-ACLs-WorkedExample1"> <title> Worked example 1 - Management rights </title> <para> - Suppose you wish to permission two users: a user 'operator' must be able to perform all Management operations, and - a user 'readonly' must be enable to perform only read-only functions. Neither 'operator' nor 'readonly' - should be allow to connect for messaging. + Suppose you wish to permission two users: a user 'operator' must be able to perform all Management operations, and + a user 'readonly' must be enable to perform only read-only functions. Neither 'operator' nor 'readonly' + should be allowed to connect clients for messaging. </para> <programlisting> - # Give operator permission to execute all JMX Methods - ACL ALLOW operator ALL METHOD - # Give operator permission to execute only read-only JMX Methods - ACL ALLOW readonly ACCESS METHOD - # Deny operator/readonly permission to perform messaging. - ACL DENY operator ACCESS VIRTUALHOST - ACL DENY readonly ACCESS VIRTUALHOST - ... - ... rules for other users - ... - # Explicitly deny all (log) to eveyone - ACL DENY-LOG ALL ALL +# Deny (loggged) operator/readonly permission to connect messaging clients. +ACL DENY-LOG operator ACCESS VIRTUALHOST +ACL DENY-LOG readonly ACCESS VIRTUALHOST +# Give operator permission to perfom all other actions +ACL ALLOW operator ALL ALL +# Give readonly permission to execute only read-only actions +ACL ALLOW readonly ACCESS ALL +... +... rules for other users +... +# Explicitly deny all (log) to eveyone +ACL DENY-LOG ALL ALL </programlisting> </section> - <section role="h4" id="ConfigureACLs-WorkedExample2"> + <section role="h4" id="Java-Broker-Security-ACLs-WorkedExample2"> <title> Worked example 2 - User maintainer group </title> <para> - Suppose you wish to restrict User Management operations to users belonging to a group 'usermaint'. No other user - is allowed to perform user maintainence This example illustrates the permissioning of a individual component - and a group definition. + Suppose you wish to restrict User Management operations to users belonging to a + <link linkend="Java-Broker-Security-Group-Providers">group</link> 'usermaint'. No other user + is allowed to perform user maintainence This example illustrates the permissioning of an individual component. </para> <programlisting> - # Create a group usermaint with members bob and alice - GROUP usermaint bob alice - # Give operator permission to execute all JMX Methods - ACL ALLOW usermaint ALL METHOD component="UserManagement" - ACL DENY ALL ALL METHOD component="UserManagement" - ... - ... rules for other users - ... - ACL DENY-LOG ALL ALL +# Give usermaint access to management and permission to execute all JMX Methods on the +# UserManagement MBean and perform all actions for USER objects +ACL ALLOW usermaint ACCESS MANAGEMENT +ACL ALLOW usermaint ALL METHOD component="UserManagement" +ACL ALLOW usermaint ALL USER +ACL DENY ALL ALL METHOD component="UserManagement" +ACL DENY ALL ALL USER +... +... rules for other users +... +ACL DENY-LOG ALL ALL </programlisting> </section> - <section role="h4" id="ConfigureACLs-WorkedExample3"> + <section role="h4" id="Java-Broker-Security-ACLs-WorkedExample3"> <title> Worked example 3 - Request/Response messaging </title> <para> - Suppose you wish to permission a system using a request/response paradigm. Two users: 'client' publishes requests; - 'server' consumes the requests and generates a response. This example illustrates the permissioning of AMQP exchanges - and queues. + Suppose you wish to permission a system using a request/response paradigm. Two users: 'client' publishes requests; + 'server' consumes the requests and generates a response. This example illustrates the permissioning of AMQP exchanges + and queues. + </para> + <programlisting> +# Allow client and server to connect to the virtual host. +ACL ALLOW client ACCESS VIRTUALHOST +ACL ALLOW server ACCESS VIRTUALHOST + +# Client side +# Allow the 'client' user to publish requests to the request queue. As is the norm for the request/response paradigm, the client +# is required to create a temporary queue on which the server will respond. Consequently, there are rules to allow the creation +# of the temporary queues and consumption of messages from it. +ACL ALLOW client CREATE QUEUE temporary="true" +ACL ALLOW client CONSUME QUEUE temporary="true" +ACL ALLOW client DELETE QUEUE temporary="true" +ACL ALLOW client BIND EXCHANGE name="amq.direct" temporary="true" +ACL ALLOW client UNBIND EXCHANGE name="amq.direct" temporary="true" +ACL ALLOW client PUBLISH EXCHANGE name="amq.direct" routingKey="example.RequestQueue" + +# Server side +# Allow the 'server' user to consume from the request queue and publish a response to the temporary response queue created by +# client. We also allow the server to create the request queue. +ACL ALLOW server CREATE QUEUE name="example.RequestQueue" +ACL ALLOW server CONSUME QUEUE name="example.RequestQueue" +ACL ALLOW server BIND EXCHANGE +ACL ALLOW server PUBLISH EXCHANGE name="amq.direct" routingKey="TempQueue*" + +ACL DENY-LOG all all + </programlisting> + </section> + <section role="h4" id="Java-Broker-Security-ACLs-WorkedExample4"> + <title> + Worked example 4 - firewall-like access control + </title> + <para> + This example illustrates how to set up an ACL that restricts the IP addresses and hostnames + of messaging clients that can access a virtual host. </para> <programlisting> - # Allow client and server to connect to the virtual host. - ACL ALLOW client ACCESS VIRTUALHOST - ACL ALLOW server ACCESS VIRTUALHOST +################ +# Hostname rules +################ + +# Allow messaging clients from company1.com and company1.co.uk to connect +ACL ALLOW all ACCESS VIRTUALHOST from_hostname=".*\.company1\.com,.*\.company1\.co\.uk" + +# Deny messaging clients from hosts within the dev subdomain +ACL DENY-LOG all ACCESS VIRTUALHOST from_hostname=".*\.dev\.company1\.com" + +################## +# IP address rules +################## + +# Deny access to all users in the IP ranges 192.168.1.0-192.168.1.255 and 192.168.2.0-192.168.2.255, +# using the notation specified in RFC 4632, "Classless Inter-domain Routing (CIDR)" +ACL DENY-LOG messaging-users ACCESS VIRTUALHOST \ + from_network="192.168.1.0/24,192.168.2.0/24" + +# Deny access to all users in the IP ranges 192.169.1.0-192.169.1.255 and 192.169.2.0-192.169.2.255, +# using wildcard notation. +ACL DENY-LOG messaging-users ACCESS VIRTUALHOST \ + from_network="192.169.1.*,192.169.2.*" - # Client side - # Allow the 'client' user to publish requests to the request queue. As is the norm for the request/response paradigm, the client - # is required to create a temporary queue on which the server will response. Consequently, there are rules to allow the creation - # of the temporary queues and consumption of messages from it. - ACL ALLOW client CREATE QUEUE temporary="true" - ACL ALLOW client CONSUME QUEUE temporary="true" - ACL ALLOW client DELETE QUEUE temporary="true" - ACL ALLOW client BIND EXCHANGE name="amq.direct" temporary="true" - ACL ALLOW client UNBIND EXCHANGE name="amq.direct" temporary="true" - ACL ALLOW client PUBLISH EXCHANGE name="amq.direct" routingKey="example.RequestQueue" - - # Server side - # Allow the 'server' user to consume from the request queue and publish a response to the temporary response queue created by - # client. We also allow the server to create the request queue. - ACL ALLOW server CREATE QUEUE name="example.RequestQueue" - ACL ALLOW server CONSUME QUEUE name="example.RequestQueue" - ACL ALLOW server BIND EXCHANGE - ACL ALLOW server PUBLISH EXCHANGE name="amq.direct" routingKey="TempQueue*" - - ACL DENY-LOG all all +ACL DENY-LOG all all </programlisting> </section> </section> diff --git a/doc/book/src/java-broker/Java-Broker-Security-Authentication-Providers.xml b/doc/book/src/java-broker/Java-Broker-Security-Authentication-Providers.xml new file mode 100644 index 0000000000..0974441ae5 --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Security-Authentication-Providers.xml @@ -0,0 +1,320 @@ +<?xml version="1.0" encoding="utf-8"?> + +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<section id="Java-Broker-Security-Authentication-Providers"> + <title>Authentication Providers</title> + <para> + In order to successfully establish a connection to the Java Broker, the connection must be + authenticated. The Java Broker supports a number of different authentication schemes, each + with its own "authentication manager". Each of these are outlined below, along with details + of <link linkend="MultipleAuthProviders"> using more than one at a time</link>. + </para> + + <section> + <title>Password File</title> + <para> + TODO + </para> + + </section> + + <section id="LDAPAuthManager"> + <title>LDAP</title> + + <para> + LDAP authentication can be configured using the <simple-ldap-auth-manager> element + within the <security> section. An example of how to configure this is shown below. + Please note this example also configures an unused <pd-auth-manager> to use an empty + password file, this is a workaround for an issue relating to registration of security providers. + </para> + + <para> + <emphasis>NOTE: When using LDAP authentication, you must also use SSL on the brokers AMQP messaging and + JMX/HTTP management ports in order to protect passwords during transmission to the broker.</emphasis> + </para> + <example> + <title>Configuring LDAP authentication</title> + <programlisting><![CDATA[ +<security> + <default-auth-manager>SimpleLDAPAuthenticationManager</default-auth-manager> + <simple-ldap-auth-manager> + <provider-url>ldaps://example.com:636/</provider-url> + <search-context>dc=example\,dc=com</search-context> + <search-filter>(uid={0})</search-filter> + </simple-ldap-auth-manager> + + <!-- Unused pd-auth-manager, a workaround to register the necessary security providers --> + <pd-auth-manager> + <principal-database> + <class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class> + <attributes> + <attribute> + <name>passwordFile</name> + <value>${conf}/emptyPasswdFile</value> + </attribute> + </attributes> + </principal-database> + <pd-auth-manager> + ... +</security>]]></programlisting> + </example> + + <para> + The authentication manager first connects to the ldap server anonymously and searches for the + ldap entity which is identified by the username provided over SASL. Essentially the + authentication manager calls + DirContext.search(Name name, String filterExpr, Object[] filterArgs, SearchControls cons) + with the values of search-context and search-filter as the first two arguments, and the username + as the only element in the array which is the third argument. + </para> + + <para> + If the search returns a name from the LDAP server, the AuthenticationManager then attempts to + login to the ldap server with the given name and the password. + </para> + + <para> + If the URL to open for authentication is different to that for the search, then the + authentication url can be overridden using <provider-auth-url> in addition to providing a + <provider-url>. Note that the URL used for authentication should use ldaps:// since + passwords will be being sent over it. + </para> + + <para> + By default com.sun.jndi.ldap.LdapCtxFactory is used to create the context, however this can be + overridden by specifying <ldap-context-factory> in the configuration. + </para> + </section> + + <section> + <title>Kerberos</title> + + <para> + Kereberos Authentication is configured using the <kerberos-auth-manager> element within + the <security> section. When referencing from the default-auth-manager or port-mapping + sections, its name is KerberosAuthenticationManager. + </para> + + <para> + Since Kerberos support only works where SASL authentication is available (e.g. not for JMX + authentication) you may wish to also include an alternative Authentication Manager + configuration, and use this for other ports: + </para> + + <example> + <title>Configuring Kerberos authentication</title> + <programlisting><![CDATA[ +<security> + <pd-auth-manager> + <principal-database> + <class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class> + <attributes> + <attribute> + <name>passwordFile</name> + <value>${conf}/passwd</value> + </attribute> + </attributes> + </principal-database> + </pd-auth-manager> + <kerberos-auth-manager/> + <default-auth-manager>PrincipalDatabaseAuthenticationManager</default-auth-manager> + <port-mappings> + <port-mapping> + <port>5672</port> + <auth-manager>KerberosAuthenticationManager</auth-manager> + </port-mapping> + </port-mappings> + ... +</security>]]></programlisting> + </example> + + <para> + Configuration of kerberos is done through system properties (there doesn't seem to be a way + around this unfortunately). + </para> + + <programlisting> + export QPID_OPTS=-Djavax.security.auth.useSubjectCredsOnly=false -Djava.security.auth.login.config=qpid.conf + ${QPID_HOME}/bin/qpid-server + </programlisting> + + <para>Where qpid.conf would look something like this:</para> + + <programlisting><![CDATA[ +com.sun.security.jgss.accept { + com.sun.security.auth.module.Krb5LoginModule required + useKeyTab=true + storeKey=true + doNotPrompt=true + realm="EXAMPLE.COM" + useSubjectCredsOnly=false + kdc="kerberos.example.com" + keyTab="/path/to/keytab-file" + principal="<name>/<host>"; +};]]></programlisting> + + <para> + Where realm, kdc, keyTab and principal should obviously be set correctly for the environment + where you are running (see the existing documentation for the C++ broker about creating a keytab + file). + </para> + + <para> + Note: You may need to install the "Java Cryptography Extension (JCE) Unlimited Strength + Jurisdiction Policy Files" appropriate for your JDK in order to get Kerberos support working. + </para> + </section> + + <section id="ExternalAuthManager"> + <title>External (SSL Client Certificates)</title> + + <para> + When <link linkend="SSL-Truststore-ClientCertificate"> requiring SSL Client Certificates</link> be + presented the ExternalAuthenticationManager can be used, such that the user is authenticated based on + trust of their certificate alone, and the X500Principal from the SSL session is then used as the username + for the connection, instead of also requiring the user to present a valid username and password. + </para> + + <para> + The ExternalAuthenticationManager may be enabled by adding an empty <external-auth-manager> element to + the <security> section, as shown below. When referencing it from the default-auth-manager or port-mapping + sections, its name is ExternalAuthenticationManager. + </para> + + <para> + <emphasis role="bold">Note:</emphasis> The ExternalAuthenticationManager should typically only be used on the + AMQP ports, in conjunction with <link linkend="SSL-Truststore-ClientCertificate">SSL client certificate + authentication</link>. It is not intended for other uses such as the JMX management port and will treat any + non-sasl authentication processes on these ports as successfull with the given username. As such you should + <link linkend="MultipleAuthProviders">include another Authentication Manager for use on non-AMQP ports</link>, + as is done in the example below. Perhaps the only exception to this would be where the broker is embedded in a + container that is itself externally protecting the HTTP interface and then providing the remote users name. + </para> + + <example> + <title>Configuring external authentication (SSL client auth)</title> + <programlisting><![CDATA[ +<security> + <pd-auth-manager> + <principal-database> + <class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class> + <attributes> + <attribute> + <name>passwordFile</name> + <value>${conf}/passwd</value> + </attribute> + </attributes> + </principal-database> + </pd-auth-manager> + <external-auth-manager/> + <default-auth-manager>PrincipalDatabaseAuthenticationManager</default-auth-manager> + <port-mappings> + <port-mapping> + <port>5672</port> + <auth-manager>ExternalAuthenticationManager</auth-manager> + </port-mapping> + </port-mappings> + ... +</security>]]></programlisting> + </example> + + </section> + + <section id="AnonymousAuthManager"> + <title>Anonymous</title> + + <para> + The AnonymousAuthenticationManager will allow users to connect with or without credentials and result + in their identification on the broker as the user ANONYMOUS. It may be enabled by adding an empty + anonymous-auth-manager element to the security configuration section, as shown below. + </para> + + <example> + <title>Configuring anonymous authentication</title> + + <programlisting><![CDATA[ +<security> + <anonymous-auth-manager/> + ... +</security>]]></programlisting> + </example> + + <para> + When referencing it from the default-auth-manager or port-mapping sections, its name is + AnonymousAuthenticationManager. + </para> + </section> + + <section id="MultipleAuthProviders"> + <title>Configuring multiple Authentication Providers</title> + <para> + Different managers may be used on different ports. Each manager has its own configuration element, + the presence of which within the <security> section denotes the use of that authentication + provider. Where only one such manager is configured, it will be used on all ports (including JMX + and HTTP). Where more than one authentication manager is configured the configuration must define + which is the "default", and (if required) the mapping of non-default authentication managers to + other ports. + </para> + <para> + The following configuration sets up three authentication managers, using a password file as the + default (e.g. for the JMX and HTTP ports), Kerberos on port 5672 (the regular AMQP port) and Anonymous + on port 5673 (e.g a second AMQP port the broker could have been configured with). + </para> + + <example> + <title>Configuring multiple (per-port) authentication schemes</title> + <programlisting><![CDATA[ +<security> + <pd-auth-manager> + <principal-database> + <class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class> + <attributes> + <attribute> + <name>passwordFile</name> + <value>${conf}/passwd</value> + </attribute> + </attributes> + </principal-database> + </pd-auth-manager> + <kerberos-auth-manager> + <auth-name>sib</auth-name> + </kerberos-auth-manager> + <anonymous-auth-manager/> + <default-auth-manager>PrincipalDatabaseAuthenticationManager</default-auth-manager> + <port-mappings> + <port-mapping> + <port>5672</port> + <auth-manager>KerberosAuthenticationManager</auth-manager> + </port-mapping> + <port-mapping> + <port>5673</port> + <auth-manager>AnonymousAuthenticationManager</auth-manager> + </port-mapping> + </port-mappings> + ... +</security>]]></programlisting> + </example> + </section> + +</section> + diff --git a/doc/book/src/java-broker/Java-Broker-Security-Group-Providers.xml b/doc/book/src/java-broker/Java-Broker-Security-Group-Providers.xml new file mode 100644 index 0000000000..eaecd85770 --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Security-Group-Providers.xml @@ -0,0 +1,73 @@ +<?xml version="1.0" encoding="utf-8"?> + +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<section id="Java-Broker-Security-Group-Providers"> + <title>Configuring Group Providers</title> + <para> + The Java broker utilises GroupProviders to allow assigning users to groups for use in <link linkend="Java-Broker-Security-ACLs">ACLs</link>. Following authentication by a given <link linkend="Java-Broker-Security-Authentication-Providers">Authentication Provider</link>, the configured Group Providers are consulted to allowing assignment of GroupPrincipals for a given authenticated user. + </para> + + + <section role="h3" id="File-Group-Manager"> + <title>FileGroupManager</title> + <para> + The FileGroupManager allows specifying group membership in a flat file on disk, and is also exposed for inspection and update through the brokers HTTP management interface. + </para> + <para> + To enable the FileGroupManager, add the following configuration to the config.xml, adjusting the groupFile attribute value to match your desired groups file location. + </para> + + <programlisting><![CDATA[ + ... + <security> + <file-group-manager> + <attributes> + <attribute> + <name>groupFile</name> + <value>${conf}/groups</value> + </attribute> + </attributes> + </file-group-manager> + </security>]]> + ... +</programlisting> + + <section role="h4" id="File-Group-Manager-FileFormat"> + <title>File Format</title> + <para> + The groups file has the following format: + </para> + <programlisting> + # <GroupName>.users = <comma deliminated user list> + # For example: + + administrators.users = admin,manager +</programlisting> + <para> + Only users can be added to a group currently, not other groups. Usernames can't contain commas. + </para><para> + Lines starting with a '#' are treated as comments when opening the file, but these are not preserved when the broker updates the file due to changes made through the management interface. + </para> + </section> + </section> +</section> diff --git a/doc/book/src/java-broker/Java-Broker-Security-SSL.xml b/doc/book/src/java-broker/Java-Broker-Security-SSL.xml new file mode 100644 index 0000000000..e415065a84 --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Security-SSL.xml @@ -0,0 +1,119 @@ +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE entities [ +<!ENTITY % entities SYSTEM "commonEntities.xml"> +%entities; +]> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<section id="Java-Broker-Security-SSL"> + <title>SSL</title> + + <para> + This section will show how to use SSL to enable secure + connections between an AMQP message client and the broker. + </para> + <section role="h2" id="SSL-Keystore"> + <title>Keystore Configuration</title> + <para> + The broker configuration file (config.xml) needs to be updated to include the required SSL keystore + configuration, an example of which can be found below. + </para> + + <example> + <title>Configuring an SSL Keystore</title> + <programlisting><![CDATA[ +<connector> + ... + <ssl> + <enabled>true</enabled> + <port>5671</port> + <sslOnly>false</sslOnly> + <keyStorePath>/path/to/keystore.ks</keyStorePath> + <keyStorePassword>keystorepass</keyStorePassword> + <certAlias>alias<certAlias> + </ssl> + ... +<connector>]]></programlisting> + </example> + + <para> + The certAlias element is an optional way of specifying which certificate the broker should use + if the keystore contains multiple entries. + </para> + + <para> + The sslOnly element controls whether the broker will <emphasis role="bold">only</emphasis> bind + the configured SSL port(s) or will also bind the non-SSL port(s). Setting sslOnly to true will + disable the non-SSL ports. + </para> + + <important> + <para> + The password of the certificate used by the Broker <emphasis role="bold">must</emphasis> + match the password of the keystore itself. This is a restriction of the Qpid Broker + implementation. If using the <ulink url="&oracleKeytool;">keytool</ulink> utility, + note that this means the argument to the <option>-keypass</option> option must match + the <option>-storepass</option> option. + </para> + </important> + </section> + + <section role="h2" id="SSL-Truststore-ClientCertificate"> + <title>Truststore / Client Certificate Authentication</title> + <para> + The SSL trustore and related Client Certificate Authentication behaviour can be configured with + additional configuration as shown in the example below, in which the broker requires client + certificate authentication. + </para> + + <example> + <title>Configuring an SSL Truststore and client auth</title> + <programlisting><![CDATA[ +<connector> + ... + <ssl> + ... + <trustStorePath>/path/to/truststore.ks</trustStorePath> + <trustStorePassword>truststorepass</trustStorePassword> + <needClientAuth>true</needClientAuth> + <wantClientAuth>false</wantClientAuth> + ... + </ssl> + ... +<connector>]]></programlisting> + </example> + + <para> + The needClientAuth and wantClientAuth elements allow control of whether the client must present an + SSL certificate. Only one of these elements is needed but both may be used at the same time. + A socket's client authentication setting is one of three states: required (needClientAuth = true), + requested (wantClientAuth = true), or none desired (both false, the default). If both elements are + set to true, needClientAuth takes precedence. + </para> + + <para> + When using Client Certificate Authentication it may be desirable to use the External Authentication + Manager, for details see <xref linkend="ExternalAuthManager"></xref> + </para> + + </section> +</section> diff --git a/doc/book/src/java-broker/Java-Broker-Security-Users-And-Groups.xml b/doc/book/src/java-broker/Java-Broker-Security-Users-And-Groups.xml new file mode 100644 index 0000000000..2125f3a3df --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Security-Users-And-Groups.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<section id="Java-Broker-Security-Users-And-Groups"> +<title>Users And Groups</title> + +</section> diff --git a/doc/book/src/java-broker/Java-Broker-Security.xml b/doc/book/src/java-broker/Java-Broker-Security.xml new file mode 100644 index 0000000000..3db672100e --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Security.xml @@ -0,0 +1,30 @@ +<?xml version="1.0"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<chapter id="Java-Broker-Security"> + <title>Security</title> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Security-Users-And-Groups.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Security-Group-Providers.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Security-Authentication-Providers.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Security-ACLs.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Security-SSL.xml"/> +</chapter> diff --git a/doc/book/src/java-broker/Java-Broker-Stores-BDB-Store.xml b/doc/book/src/java-broker/Java-Broker-Stores-BDB-Store.xml new file mode 100644 index 0000000000..c16d9aa227 --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Stores-BDB-Store.xml @@ -0,0 +1,94 @@ +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE entities [ +<!ENTITY % entities SYSTEM "commonEntities.xml"> +%entities; +]> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<section id="Java-Broker-Stores-BDB-Store"> + <title>BDB Store</title> + <para> + The Java broker has an <emphasis>optional</emphasis> message store implementation backed by Oracle BDB JE. + This section will detail where to download the optional dependency from, how to add it to the broker installation, + and provide an example configuration for using the BDBMessageStore. + </para> + + <section role="h3" id="Java-Broker-Stores-BDB-Store-BDBJE-Download"> + <title>Oracle BDB JE download</title> + <para> + The BDB based message store is optional due to its dependency on Oracle BDB JE, which is distributed under the Sleepycat + licence. As a result of this, the dependency cant be distributed by the Apache Qpid project as part of the broker release package. + </para> + <para> + If you wish to use the BDBMessageStore, then you must download the Oracle BDB JE &oracleBdbProductVersion; release + <ulink url="&oracleJeDownloadUrl;">from the Oracle website.</ulink> + </para> + <para> + The download has a name in the form je-&oracleBdbProductVersion;.tar.gz. It is recommended that you + confirm the integrity of the download by verifying the MD5. + </para> + </section> + + <section role="h3" id="Java-Broker-Stores-BDB-Store-BDBJE-Installation"> + <title>Oracle BDB JE jar installation</title> + <para> + If you wish to use the BDBMessageStore, copy the je-&oracleBdbProductVersion;.jar from within the release + downloaded <link linkend="Java-Broker-Stores-BDB-Store-BDBJE-Download">above</link> into the 'opt' sub-directory + of the brokers 'lib' directory. + </para> + + <programlisting>Unix: +cp je-&oracleBdbProductVersion;.jar qpid-broker-&qpidCurrentRelease;/lib/opt</programlisting> + + <programlisting>Windows: +copy je-&oracleBdbProductVersion;.jar qpid-broker-&qpidCurrentRelease;\lib\opt</programlisting> + </section> + + + + <section role="h3" id="Java-Broker-Stores-BDB-Store-Configuration"> + <title>Configuration</title> + <para> + In order to use the BDBMessageStore, you must configure it for each VirtualHost desired by updating the store element + to specify the associated store class and provide a directory location for the data to be written, as shown below. + </para> + + <example> + <title>Configuring a VirtualHost to use the BDBMessageStore</title> + <programlisting><![CDATA[ +<virtualhosts> + <virtualhost> + <name>vhostname</name> + <vhostname> + <store> + <class>org.apache.qpid.server.store.berkeleydb.BDBMessageStore</class> + <environment-path>${QPID_WORK}/bdbstore/vhostname</environment-path> + </store> + ... + </vhostname> + </virtualhost> +</virtualhosts> +]]></programlisting> + </example> + </section> + +</section> diff --git a/doc/book/src/java-broker/Java-Broker-Stores-Derby-Store.xml b/doc/book/src/java-broker/Java-Broker-Stores-Derby-Store.xml new file mode 100644 index 0000000000..042b2324de --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Stores-Derby-Store.xml @@ -0,0 +1,56 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<section id="Java-Broker-Stores-Derby-Store"> +<title>Derby Store</title> + <para> + The Java broker has a message store implementation backed by Apache Derby. + This section will detail configuration for using the DerbyMessageStore. + </para> + + <section role="h3" id="Java-Broker-Stores-Derby-Store-Configuration"> + <title>Configuration</title> + <para> + In order to use the DerbyMessageStore, you must configure it for each VirtualHost desired by updating the store element + to specify the associated store class and provide a directory location for the data to be written, as shown below. + </para> + + <example> + <title>Configuring a VirtualHost to use the DerbyMessageStore</title> + <programlisting><![CDATA[ +<virtualhosts> + <virtualhost> + <name>vhostname</name> + <vhostname> + <store> + <class>org.apache.qpid.server.store.DerbyMessageStore</class> + <environment-path>${QPID_WORK}/derbystore/vhostname</environment-path> + </store> + ... + </vhostname> + </virtualhost> +</virtualhosts> +]]></programlisting> + </example> + </section> + +</section> diff --git a/doc/book/src/java-broker/Java-Broker-Stores-HA-BDB-Store.xml b/doc/book/src/java-broker/Java-Broker-Stores-HA-BDB-Store.xml new file mode 100644 index 0000000000..e8a13c52dc --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Stores-HA-BDB-Store.xml @@ -0,0 +1,62 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<section id="Java-Broker-Stores-HA-BDB-Store"> + <title>High Availability BDB Store</title> + <para> + The Java broker has an <emphasis>optional</emphasis> High Availability message store implementation backed by Oracle BDB JE HA. + This section references information on where to download the optional dependency from, how to add it to the broker + installation, and how to configure the BDBHAMessageStore. + </para> + <para> + For more detailed information about use of this store, see <xref linkend="Java-Broker-High-Availability"></xref>. + </para> + + <section role="h3" id="Java-Broker-Stores-HA-BDB-Store-BDBJE-Download"> + <title>Oracle BDB JE download</title> + <para> + For details, see <xref linkend="Java-Broker-Stores-BDB-Store-BDBJE-Download"></xref>. + </para> + </section> + + <section role="h3" id="Java-Broker-Stores-HA-BDB-Store-BDBJE-Installation"> + <title>Oracle BDB JE jar installation</title> + <para> + For details, see <xref linkend="Java-Broker-Stores-BDB-Store-BDBJE-Installation"></xref>. + </para> + </section> + + <section role="h3" id="Java-Broker-Stores-HA-BDB-Store-Configuration"> + <title>Configuration</title> + <para> + In order to use the BDBHAMessageStore, you must configure it for each VirtualHost desired by updating the store element + to specify the associated store class, provide a directory location for the data to be written, and configure the + replication group and policies used by BDB JA HA. + </para> + <para> + A general configuration example is shown <link linkend="Java-Broker-High-Availability-Configuration">here</link>, however it + is strongly recommended you examine the wider context of <xref linkend="Java-Broker-High-Availability"></xref> for a fuller + discussion of the various configuration options and how to use them. + </para> + </section> + +</section> diff --git a/doc/book/src/java-broker/Java-Broker-Stores-Memory-Store.xml b/doc/book/src/java-broker/Java-Broker-Stores-Memory-Store.xml new file mode 100644 index 0000000000..b8694f3315 --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Stores-Memory-Store.xml @@ -0,0 +1,61 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<section id="Java-Broker-Stores-Memory-Store"> + <title>Memory Store</title> + <para> + The Java broker has an in-memory message store implementation. + This section will detail configuration for using the MemoryMessageStore. + </para> + <para> + Note: when using this store, the broker will store both persistent and non-persistent messages + in memory, which is to say that neither will be available following a broker restart, and the + ability to store new messages will be entirely constrained by the JVM heap size. + </para> + + <section role="h3" id="Java-Broker-Stores-Memory-Store-Configuration"> + <title>Configuration</title> + <para> + In order to use the MemoryMessageStore, you must configure it for each VirtualHost desired by updating the store element + to specify the associated store class, as shown below. + </para> + + <example> + <title>Configuring a VirtualHost to use the MemoryMessageStore</title> + <programlisting><![CDATA[ +<virtualhosts> + <virtualhost> + <name>vhostname</name> + <vhostname> + <store> + <class>org.apache.qpid.server.store.MemoryMessageStore</class + </store> + ... + </vhostname> + </virtualhost> +</virtualhosts> +]]></programlisting> + </example> + </section> + + +</section> diff --git a/doc/book/src/java-broker/Java-Broker-Stores-SQL-Store.xml b/doc/book/src/java-broker/Java-Broker-Stores-SQL-Store.xml new file mode 100644 index 0000000000..b6776c81e6 --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Stores-SQL-Store.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<section id="Java-Broker-Stores-SQL-Store"> +<title>SQL Store</title> + +</section> diff --git a/doc/book/src/java-broker/Java-Broker-Stores.xml b/doc/book/src/java-broker/Java-Broker-Stores.xml new file mode 100644 index 0000000000..aee3cdebdb --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Stores.xml @@ -0,0 +1,30 @@ +<?xml version="1.0"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<chapter id="Java-Broker-Stores"> + <title>Stores</title> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Stores-Memory-Store.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Stores-Derby-Store.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Stores-SQL-Store.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Stores-BDB-Store.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Stores-HA-BDB-Store.xml"/> +</chapter> diff --git a/doc/book/src/java-broker/Java-Broker-Virtual-Hosts.xml b/doc/book/src/java-broker/Java-Broker-Virtual-Hosts.xml new file mode 100644 index 0000000000..fc1a8b1dc5 --- /dev/null +++ b/doc/book/src/java-broker/Java-Broker-Virtual-Hosts.xml @@ -0,0 +1,25 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<chapter id="Java-Broker-Virtual-Hosts"> + <title>Virtual Hosts</title> +</chapter> diff --git a/doc/book/src/java-broker/Java-Environment-Variables.xml b/doc/book/src/java-broker/Java-Environment-Variables.xml deleted file mode 100644 index 12703190f2..0000000000 --- a/doc/book/src/java-broker/Java-Environment-Variables.xml +++ /dev/null @@ -1,84 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!-- - - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - ---> - -<section id="Java-Environment-Variables"> - <title> - Java Environment Variables - </title> - <section role="h2" id="JavaEnvironmentVariables-SettingQpidEnvironmentVariables"> - <title> - Setting - Qpid Environment Variables - </title> - - <section role="h3" id="JavaEnvironmentVariables-QpidDeploymentPathVariables"> - <title> - Qpid - Deployment Path Variables - </title> - <para> - There are two main Qpid environment variables which are required - to be set for Qpid deployments, QPID_HOME and QPID_WORK. - </para> - <para> - QPID_HOME - This variable is used to tell the Qpid broker where - it's installed home is, which is in turn used to find dependency - JARs which Qpid uses. - </para> - <para> - QPID_WORK - This variable is used by Qpid when creating all - 'writeable' directories that it uses. This includes the log - directory and the storage location for any BDB instances in use - by your deployment (if you're using persistence with BDB). If you - do not set this variable, then the broker will default (in the - qpid-server script) to use the current user's homedir as the root - directory for creating the writeable locations that it uses. - </para> - - <!--h3--> - </section> - - <section role="h3" id="JavaEnvironmentVariables-SettingMaxMemoryforthebroker"> - <title> - Setting - Max Memory for the broker - </title> - <para> - If you simply start the Qpid broker, it will default to use a - -Xmx setting of 1024M for the broker JVM. However, we would - recommend that you make the maximum -Xmx heap size available, if - possible, of 3Gb (for 32-bit platforms). - </para> - <para> - You can control the memory setting for your broker by setting the - QPID_JAVA_MEM variable before starting the broker e.g. -Xmx3668m - . Enclose your value within quotes if you also specify a -Xms - value. The value in use is echo'd by the qpid-server script on - startup. - </para> - <!--h3--> - </section> - - <!--h2--> - </section> - -</section> diff --git a/doc/book/src/java-broker/Management-Console-Security.xml b/doc/book/src/java-broker/Management-Console-Security.xml deleted file mode 100644 index 31f63c70da..0000000000 --- a/doc/book/src/java-broker/Management-Console-Security.xml +++ /dev/null @@ -1,251 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!-- - - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - ---> - -<section><title> - Management Console Security - </title><section role="h1" id="ManagementConsoleSecurity-ManagementConsoleSecurity"><title> - Management - Console Security - </title> - <itemizedlist> - <listitem><para> - <xref linkend="ManagementConsoleSecurity-SSLencryptedRMI-280.5andabove-29"/> - </para></listitem> - <listitem><para> - <xref linkend="ManagementConsoleSecurity-JMXMP-28M4andprevious-29"/> - </para></listitem> - <listitem><para> - <xref linkend="ManagementConsoleSecurity-UserAccounts-26AccessRights"/> - </para></listitem> - </itemizedlist> - <section role="h2" id="ManagementConsoleSecurity-SSLencryptedRMI-280.5andabove-29"><title> - SSL - encrypted RMI (0.5 and above) - </title> - <para> - Current versions of the broker make use of SSL encryption to - secure their RMI based JMX ConnectorServer for security purposes. - This ships enabled by default, although the test SSL keystore - used during development is not provided for security reasons - (using this would provide no security as anyone could have access - to it). - </para><section role="h3" id="ManagementConsoleSecurity-BrokerConfiguration"><title> - Broker - Configuration - </title> - - <para> - The broker configuration must be updated before the broker will - start. This can be done either by disabling the SSL support, - utilizing a purchased SSL certificate to create a keystore of - your own, or generating a self-signed keystore. - </para><para> - The broker must be configured with a keystore containing the - private and public keys associated with its SSL certificate. This - is accomplished by setting the Java environment properties - <emphasis>javax.net.ssl.keyStore</emphasis> and - <emphasis>javax.net.ssl.keyStorePassword</emphasis> respectively with the - location and password of an appropriate SSL keystore. Entries for - these properties exist in the brokers main configuration file - alongside the other management settings (see below), although the - command line options will still work and take precedence over the - configuration file. - </para> - <programlisting> -<management> - <ssl> - <enabled>true</enabled> - <!-- Update below path to your keystore location, eg ${conf}/qpid.keystore --> - <keyStorePath>${conf}/qpid.keystore</keyStorePath> - <keyStorePassword>password</keyStorePassword> - </ssl> -</management> -</programlisting> -<!--h3--></section> - - <section role="h3" id="ManagementConsoleSecurity-JMXManagementConsoleConfiguration"><title> - JMX - Management Console Configuration - </title> - - <para> - If the broker makes use of an SSL certificate signed by a known - signing CA (Certification Authority), the management console - needs no extra configuration, and will make use of Java's - built-in CA - truststore for certificate verification (you may however have to - update the system-wide default truststore if your CA is not - already present in it). - </para><para> - If however you wish to use a self-signed SSL certificate, then - the management console must be provided with an SSL truststore - containing a record for the SSL certificate so that it is able to - validate it when presented by the broker. This is performed by - setting the <emphasis>javax.net.ssl.trustStore</emphasis> and - <emphasis>javax.net.ssl.trustStorePassword</emphasis> environment variables - when starting the console. This can be done at the command line, - or alternatively an example configuration has been made within - the console's qpidmc.ini launcher configuration file that may - pre-configured in advance for repeated usage. See the <xref linkend="Qpid-JMX-Management-Console-User-Guide"/> for more - information on this configuration process. - </para> -<!--h3--></section> - - <section role="h3" id="ManagementConsoleSecurity-JConsoleConfiguration"><title> - JConsole - Configuration - </title> - - <para> - As with the JMX Management Console above, if the broker is using - a self-signed SSL certificate then in order to connect remotely - using JConsole, an appropriate trust store must be provided at - startup. See <xref linkend="qpid_JConsole"/> for further details on configuration. - </para> -<!--h3--></section> - - <section role="h3" id="ManagementConsoleSecurity-AdditionalInformation"><title> - Additional - Information - </title> - - <para> - More information on Java's handling of SSL certificate - verification and customizing the keystores can be found in the - <ulink url="http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CustomizingStores">http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CustomizingStores</ulink>. - </para> -<!--h3--></section> -<!--h2--></section> - - - - <section role="h2" id="ManagementConsoleSecurity-JMXMP-28M4andprevious-29"><title> - JMXMP - (M4 and previous) - </title> - - <para> - In previous releases of Qpid (M4 and below) the broker, can make - use of Sun's Java Management Extensions Messaging Protocol - (JMXMP) to provide encryption of the JMX connection, offering - increased security over the default unencrypted RMI based JMX - connection. - </para><section role="h3" id="ManagementConsoleSecurity-DownloadandInstall"><title> - Download and - Install - </title> - - <para> - This is possible by adding the jmxremote_optional.jar as provided - by Sun. This jar is covered by the Sun Binary Code License and is - not compatible with the Apache License which is why this - component is not bundled with Qpid. - </para><para> - Download the JMX Remote API 1.0.1_04 Reference Implementation - from <xref linkend="qpid_download.jsp"/>. The included - 'jmxremote-1_0_1-bin\lib\jmxremote_optional.jar' file must be - added to the broker classpath: - </para><para> - First set your classpath to something like this: - </para> - <programlisting> -CLASSPATH=jmxremote_optional.jar -</programlisting> - <para> - Then, run qpid-server passing the following additional flag: - </para> - <programlisting> -qpid-server -run:external-classpath=first -</programlisting> - <para> - Following this the configuration option can be updated to enabled - use of the JMXMP based JMXConnectorServer. - </para> -<!--h3--></section> - - <section role="h3" id="ManagementConsoleSecurity-BrokerConfiguration2"><title> - Broker - Configuration - </title> - - <para> - To enabled this security option change the - <emphasis>security-enabled</emphasis> value in your broker configuration - file. - </para> - <programlisting> - <management> - <security-enabled>true</security-enabled> - </management> -</programlisting> - <para> - You may also (for M2 and earlier) need to set the following - system properties using the environment variable QPID_OPTS: - </para><para> - QPID_OPTS="-Dcom.sun.management.jmxremote - -Dcom.sun.management.jmxremote.port=8999 - -Dcom.sun.management.jmxremote.authenticate=false - -Dcom.sun.management.jmxremote.ssl=false" - </para> -<!--h3--></section> - - <section role="h3" id="ManagementConsoleSecurity-JMXManagementConsoleConfiguration-2"><title> - JMX - Management Console Configuration - </title> - - <para> - If you wish to connect to a broker configured to use JMXMP then - the console also requires provision of the Optional sections of - the JMX Remote API that are not included within the JavaSE - platform. - </para><para> - In order to make it available to the console, place the - 'jmxremote_optional.jar' (rename the file if any additional - information is present in the file name) jar file within the - 'plugins/jmxremote.sasl_1.0.1/' folder of the console release (on - Mac OS X you will need to select 'Show package contents' from the - context menu whilst selecting the management console bundle in - order to reveal the inner file tree). - </para><para> - Following the the console will automatically load the JMX Remote - Optional classes and attempt the JMXMP connection when connecting - to a JMXMP enabled broker. - </para> -<!--h3--></section> -<!--h2--></section> - - <section role="h2" id="ManagementConsoleSecurity-UserAccounts-26AccessRights"><title> - User - Accounts & Access Rights - </title> - - <para> - In order to access the management operations via JMX, users must - have an account and have been assigned appropriate access rights. - See <xref linkend="qpid_Configuring-Management-Users"/> - </para> -<!--h2--></section> -<!--h1--></section> - - -</section> diff --git a/doc/book/src/java-broker/Qpid-JMX-Management-Console-FAQ.xml b/doc/book/src/java-broker/Qpid-JMX-Management-Console-FAQ.xml deleted file mode 100644 index 1806ab01b1..0000000000 --- a/doc/book/src/java-broker/Qpid-JMX-Management-Console-FAQ.xml +++ /dev/null @@ -1,96 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!-- - - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - ---> - -<section><title> - Qpid JMX Management Console FAQ - </title> -<!-- -h3. {toggle-cloak:id=qManagementConsoleSecurity} How do I connect the management console to my broker using security ? -{cloak:id=qManagementConsoleSecurity} - -The [Management Console Security] page will give you the instructions that you should use to set this up. -{cloak} - - -h3. {toggle-cloak:id=rmiServerHostname} I am unable to connect Qpid JMX MC/JConsole to a remote broker running on Linux, but connecting to localhost on that machine works ? -{cloak:id=rmiServerHostname} - -The RMI based JMX ConnectorServer used by the broker requries two ports to operate. The console connects to an RMI Registry running on the primary (default 8999) port and retrieves the information actually needed to connect to the JMX Server. This information embeds the hostname of the remote machine, and if this is incorrect or unreachable by the connecting client the connection will fail. - -This situation arises due to the hostname configuration on Linux and is generally encountered when the remote machine does not have a DNS hostname entry on the local network, causing the hostname command to return a loopback IP instead of a fully qualified domain name or IP address accessible by remote client machines. It is described in further detail at: http://java.sun.com/javase/6/docs/technotes/guides/management/faq.html#linux1 - -To remedy this issue you can set the _java.rmi.server.hostname_ system property to control the hostname/ip reported to the RMI runtime when advertising the JMX ConnectorServer. This can also be used to dictate the address returned on a computer with multiple network interfaces to control reachability. To do so, add the value _-Djava.rmi.server.hostname=<desired hostname/ip>_ to the QPID_OPTS environment variable before starting the _qpid-server_ script. ---> - - <section role="h2" id="QpidJMXManagementConsoleFAQ-Errors"><title> - Errors - </title> - - <section role="h3" id="QpidJMXManagementConsoleFAQ-HowdoIconnectthemanagementconsoletomybrokerusingsecurity-3F"><title> - How do I connect the management console to - my broker using security ? - </title> - - <para> - The <xref linkend="qpid_Management-Console-Security"/> page will give you the instructions that you should - use to set this up. - </para> -<!--h3--></section> - - <section role="h3" id="QpidJMXManagementConsoleFAQ-IamunabletoconnectQpidJMXMC-2FJConsoletoaremotebrokerrunningonLinux-2Cbutconnectingtolocalhostonthatmachineworks-3F"><title> - I am unable to connect Qpid JMX MC/JConsole - to a remote broker running on Linux, but connecting to localhost - on that machine works ? - </title> - - <para> - The RMI - based JMX ConnectorServer used by the broker requries two ports - to operate. The console connects to an RMI Registry running on - the primary (default 8999) port and retrieves the information - actually needed to connect to the JMX Server. This information - embeds the hostname of the remote machine, and if this is - incorrect or unreachable by the connecting client the connection - will fail. - </para><para> - This - situation arises due to the hostname configuration on Linux and - is generally encountered when the remote machine does not have a - DNS hostname entry on the local network, causing the hostname - command to return a loopback IP instead of a fully qualified - domain name or IP address accessible by remote client machines. - It is described in further detail at: <xref linkend="qpid_faq"/> - </para><para> - To - remedy this issue you can set the - <emphasis>java.rmi.server.hostname</emphasis> system property to control the - hostname/ip reported to the RMI runtime when advertising the JMX - ConnectorServer. This can also be used to dictate the address - returned on a computer with multiple network interfaces to - control reachability. To do so, add the value - <emphasis>-Djava.rmi.server.hostname=<desired hostname/ip></emphasis> - to the QPID_OPTS environment variable before starting the - <emphasis>qpid-server</emphasis> script. - </para> -<!--h3--></section> -<!--h2--></section> -</section> diff --git a/doc/book/src/java-broker/Qpid-JMX-Management-Console-User-Guide.xml b/doc/book/src/java-broker/Qpid-JMX-Management-Console-User-Guide.xml deleted file mode 100644 index 35bb5dfbe8..0000000000 --- a/doc/book/src/java-broker/Qpid-JMX-Management-Console-User-Guide.xml +++ /dev/null @@ -1,793 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!-- - - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - ---> - -<section id="Qpid-JMX-Management-Console-User-Guide"><title> - Qpid JMX Management Console User Guide - </title><section role="h1" id="QpidJMXManagementConsoleUserGuide-QpidJMXManagementConsoleUserGuide"><title> - Qpid JMX Management Console User Guide - </title> - - - <para> - - The Qpid JMX Management Console is a standalone Eclipse RCP - application for managing and monitoring the Qpid Java server - utilising its JMX management interfaces. - </para><para> - This guide will give an overview of configuring the console, the - features supported by it, and how to make use of the console in - managing the various JMX Management Beans (MBeans) offered by the - Qpid Java server. - </para> -<!--h1--></section> - - - <section role="h1" id="QpidJMXManagementConsoleUserGuide-Startup-26Configuration"><title> - - Startup & Configuration - </title> - - <para> - - </para> - <section role="h2" id="QpidJMXManagementConsoleUserGuide-Startup"><title> - Startup - </title> - - <para> - - The console can be started in the following way, depending on - platform: - </para><itemizedlist> - <listitem><para> - <emphasis>Windows:</emphasis> by running the <emphasis>qpidmc.exe</emphasis> executable - file. - </para></listitem> - <listitem><para> - <emphasis>Linux:</emphasis> by running the <emphasis>qpidmc</emphasis> executable. - </para></listitem> - <listitem><para> - <emphasis>Mac OS X:</emphasis> by launching the <emphasis>Qpid Management - Console.app</emphasis> application bundle. - </para></listitem> - </itemizedlist><para> - - </para> - </section> - - - <section role="h2" id="QpidJMXManagementConsoleUserGuide-SSLconfiguration"><title> - SSL - configuration - </title> - - <para> - - Newer Qpid Java servers can protect their JMX connections with - SSL, and this is enabled by default. When attempting to connect - to a server with this enabled, the console must be able to verify - the SSL certificate presented to it by the server or the - connection will fail. - </para><para> - If the server makes use of an SSL certificate signed by a known - Signing CA (Certification Authority) then the console needs no - extra configuration, and will make use of Java's default - system-wide CA TrustStore for certificate verification (you may - however have to update the system-wide default CA TrustStore if - your certified is signed by a less common CA that is not already - present in it). - </para><para> - If however the server is equipped with a self-signed SSL - certificate, then the management console must be provided with an - appropriate SSL TrustStore containing the public key for the SSL - certificate, so that it is able to validate it when presented by - the server. The server ships with a script to create an example - self-signed SSL certificate, and store the relevant entries in a - KeyStore and matching TrustStore. This script can serve as a - guide on how to use the Java Keytool security utility to - manipulate your own stores, and more information can be found in - the JSSE Reference Guide: - <ulink url="http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CustomizingStores">http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CustomizingStores</ulink>. - </para><para> - Supplying the necessary details to the console is performed by - setting the <emphasis>javax.net.ssl.trustStore</emphasis> and - <emphasis>javax.net.ssl.trustStorePassword</emphasis> environment variables - when starting it. This can be done at the command line, but the - preferred option is to set the configuration within the - <emphasis>qpidmc.ini</emphasis> launcher configuration file for repeated - usage. This file is equipped with a template to ease - configuration, this should be uncommented and edited to suit your - needs. It can be found in the root of the console releases for - Windows, and Linux. For Mac OS X the file is located within the - consoles <emphasis>.app</emphasis> application bundle, and to locate and edit - it you must select <emphasis>'Show Package Contents'</emphasis> when - accessing the context menu of the application, then browse to the - <emphasis>Contents/MacOS</emphasis> sub folder to locate the file. - </para> -<!--h2--></section> - - <section role="h2" id="QpidJMXManagementConsoleUserGuide-JMXMPconfiguration"><title> - JMXMP - configuration - </title> - - <para> - - Older releases of the Qpid Java server can make use of the Java - Management Extensions Messaging Protocol (JMXMP) to provide - protection for their JMX connections. This occurs when the server - has its main configuration set with the management - <emphasis>'security-enabled'</emphasis> property set to true. - </para><para> - In order to connect to this configuration of server, the console - needs an additional library that is not included within the Java - SE platform and cannot be distributed with the console due to - licensing restrictions. - </para><para> - You can download the JMX Remote API 1.0.1_04 Reference - Implementation from the Sun website <xref linkend="qpid_download.jsp"/>. The included - <emphasis>jmxremote-1_0_1-bin/lib/jmxremote_optional.jar</emphasis> file must - be added to the <emphasis>plugins/jmxremote.sasl_1.0.1</emphasis> folder of - the console release (again, in Mac OS X you will need to select - <emphasis>'Show package contents'</emphasis> from the context menu whilst - selecting the management console bundle in order to reveal the - inner file tree). - </para><para> - Following this the console will automatically load the JMX Remote - Optional classes and negotiate the SASL authentication profile - type when encountering a JMXMP enabled Qpid Java server. - </para> -<!--h2--></section> -<!--h1--></section> - <section role="h1" id="QpidJMXManagementConsoleUserGuide-ManagingServerConnections"><title> - - Managing Server Connections - </title> - - <para> - - </para> - <section role="h2" id="QpidJMXManagementConsoleUserGuide-MainToolbar"><title> - Main Toolbar - </title> - - <para> - - The main toolbar of the console can be seen in the image below. - The left most buttons respectively allow for adding a new server - connection, reconnecting to an existing server selected in the - connection tree, disconnecting the selected server connection, - and removing the server from the connection tree. - </para><para> - <mediaobject><imageobject><imagedata fileref="images/3113098.png" format="PNG" scalefit="1"/></imageobject><textobject><phrase/></textobject><caption><para/></caption></mediaobject> - - - Beside these buttons is a combo for selecting the refresh - interval; that is, how often the console requests updated - information to display for the currently open area in the main - view. Finally, the right-most button enables an immediate update. - </para> - </section> - - <section role="h2" id="QpidJMXManagementConsoleUserGuide-Connectingtoanewserver"><title> - Connecting - to a new server - </title> - - <para> - - To connect to a new server, press the <emphasis>Add New Server</emphasis> - toolbar button, or select the <emphasis>Qpid Manager -> Add New - Connection</emphasis> menu item. At this point a dialog box will be - displayed requesting the server details, namely the server - hostname, management port, and a username and password. An - example is shown below: - </para><para> - <mediaobject><imageobject><imagedata fileref="images/3113099.png" format="PNG" scalefit="1"/></imageobject><textobject><phrase/></textobject><caption><para/></caption></mediaobject> - </para><para> - - Once all the required details are entered, pressing Connect will - initiate a connection attempt to the server. It the attempt fails - a reason will be shown and the server will not be added to the - connection tree. If the attempt is successful the server will be - added to the connections list and the entry expanded to show the - initial administration MBeans the user has access to and any - VirtualHosts present on the server, as can be seen in the figure - below. - </para><para> - <mediaobject><imageobject><imagedata fileref="images/3113100.png" format="PNG" scalefit="1"/></imageobject><textobject><phrase/></textobject><caption><para/></caption></mediaobject> - </para><para> - - If the server supports a newer management API than the console in - use, once connected this initial screen will contain a message on - the right, indicating an upgraded console should be sought by the - user to ensure all management functionality supported by the - server is being utilised. - </para> -<!--h2--></section> - - <section role="h2" id="QpidJMXManagementConsoleUserGuide-Reconnectingtoaserver"><title> - Reconnecting - to a server - </title> - - <para> - - If a server has been connected to previously, it will be saved as - an entry in the connection tree for further use. On subsequent - connections the server can simply be selected from the tree and - using the <emphasis>Reconnect</emphasis> toolbar button or <emphasis>Qpid Manager - -> Reconnect</emphasis> menu item. At this stage the console will - prompt simply for the username and password with which the user - wishes to connect, and following a successful connection the - screen will appear as shown previously above. - </para> -<!--h2--></section> - - - <section role="h2" id="QpidJMXManagementConsoleUserGuide-Disconnectingfromaserver"><title> - Disconnecting - from a server - </title> - - <para> - - To disconnect from a server, select the connection tree node for - the server and press the <emphasis>Disconnect</emphasis> toolbar button, or - use the <emphasis>Qpid Manager -> Disconnect</emphasis> menu option. - </para> -<!--h2--></section> - - <section role="h2" id="QpidJMXManagementConsoleUserGuide-Removingaserver"><title> - Removing a - server - </title> - - <para> - - To remove a server from the connection list, select the - connection tree node for the server and press the <emphasis>Remove</emphasis> - toolbar button, or use the <emphasis>Qpid Manager -> Remove - Connection</emphasis> menu option. - </para> -<!--h2--></section> -<!--h1--></section> - - - <section role="h1" id="QpidJMXManagementConsoleUserGuide-Navigatingaconnectedserver"><title> - Navigating a connected server - </title> - - <para> - - Once connected to a server, the various areas available for - administration are accessed using the Qpid Connections tree at - the left side of the application. To open a particular MBean from - the tree for viewing, simply select it in the tree and it will be - opened in the main view. - <mediaobject><imageobject><imagedata fileref="images/3113101.png" format="PNG" scalefit="1"/></imageobject><textobject><phrase/></textobject><caption><para/></caption></mediaobject> - </para><para> - As there may be vast numbers of Queues, Connections, and - Exchanges on the server these MBeans are not automatically added - to the tree along with the general administration MBeans. - Instead, dedicated selection areas are provided to allow users to - select which Queue/Connection/Exchange they wish to view or add - to the tree. These areas can be found by clicking on the - Connections, Exchanges, and Queues nodes in the tree under each - VirtualHost, as shown in the figure above. One or more MBeans may - be selected and added to the tree as Favourites using the button - provided. These settings are saved for future use, and each time - the console connects to the server it will check for the presence - of the MBean previously in the tree and add them if they are - still present. Queue/Connection/Exchange MBeans can be removed - from the tree by right clicking on them to expose a context menu - allowing deletion. - </para><para> - <mediaobject><imageobject><imagedata fileref="images/3113102.png" format="PNG" scalefit="1"/></imageobject><textobject><phrase/></textobject><caption><para/></caption></mediaobject> - </para><para> - As an alternative way to open a particular MBean for viewing, - without first adding it to the tree, you can simply double click - an entry in the table within the Queue/Connection/Exchange - selection areas to open it immediately. It is also possible to - open some MBeans like this whilst viewing certain other MBeans. - When opening an MBean in either of these ways, a Back button is - enabled in the top right corner of the main view. Using this - button will return you to the selection area or MBean you were - previously viewing. The history resets each time the tree is used - to open a new area or MBean. - </para> -<!--h1--></section> - - - <section role="h1" id="QpidJMXManagementConsoleUserGuide-ConfigurationManagementMBean"><title> - - ConfigurationManagement MBean - </title> - - <para> - - The ConfigurationManagement MBean is available on newer servers, - to users with admin level management rights. It offers the - ability to perform a live reload of the <emphasis>Security</emphasis> - sections defined in the main server configuration file (e.g. - defaults to: <emphasis>etc/config.xml</emphasis>). This is mainly to allow - updating the server Firewall configuration to new settings - without a restart, and can be performed by clicking the Execute - button and confirming the prompt which follows. - </para><para> - <mediaobject><imageobject><imagedata fileref="images/3113103.png" format="PNG" scalefit="1"/></imageobject><textobject><phrase/></textobject><caption><para/></caption></mediaobject> - </para> -<!--h1--></section> - - <section role="h1" id="QpidJMXManagementConsoleUserGuide-LoggingManagementMBean"><title> - - LoggingManagement MBean - </title> - - <para> - - The LoggingManagement MBean is available on newer servers, and - accessible by admin level users. It allows live alteration of the - logging behaviour, both at a Runtime-only level and at the - configuration file level. The latter can optionally affect the - Runtime configuration, either through use of the servers - automated LogWatch ability which detects changes to the - configuration file and reloads it, or by manually requesting a - reload. This functionality is split across two management tabs, - Runtime Options and ConfigurationFile Options. - </para> - <section role="h2" id="QpidJMXManagementConsoleUserGuide-RuntimeOptions"><title> - Runtime - Options - </title> - - <para> - - <mediaobject><imageobject><imagedata fileref="images/3113104.png" format="PNG" scalefit="1"/></imageobject><textobject><phrase/></textobject><caption><para/></caption></mediaobject> - </para><para> - The Runtime Options tab allows manipulation of the logging - settings without affecting the configuration files (this means - the changes will be lost when the server restarts), and gives - individual access to every Logger active within the server. - </para><para> - As shown in the figure above, the table in this tab presents the - Effective Level of each Logger. This is because the Loggers form - a hierarchy in which those without an explicitly defined (in the - logging configuration file) Level will inherit the Level of their - immediate parent; that is, the Logger whose full name is a prefix - of their own, or if none satisfy that condition then the - RootLogger is their parent. As example, take the - <emphasis>org.apache.qpid</emphasis> Logger. It is parent to all those below - it which begin with <emphasis>org.apache.qpid</emphasis> and unless they have - a specific Level of their own, they will inherit its Level. This - can be seen in the figure, whereby all the children Loggers - visible have a level of WARN just like their parent, but the - RootLogger Level is INFO; the children have inherited the WARN - level from <emphasis>org.apache.qpid</emphasis> rather than INFO from the - RootLogger. - </para><para> - To aid with this distinction, the Logger Levels that are - currently defined in the configuration file are highlighted in - the List. Changing these levels at runtime will also change the - Level of all their children which haven't been set their own - Level using the runtime options. In the latest versions of the - LoggingManagement MBean, it is possible to restore a child logger - that has had an explicit level se, to inheriting that of its - parent by setting it to an INHERITED level that removes any - previously set Level of its own. - </para><para> - <mediaobject><imageobject><imagedata fileref="images/3113105.png" format="PNG" scalefit="1"/></imageobject><textobject><phrase/></textobject><caption><para/></caption></mediaobject> - </para><para> - In order to set one of more Loggers to a new Level, they should - be selected in the table (or double click an individual Logger to - modify it) and the <emphasis>Edit Selected Logger(s)</emphasis> button - pressed to load the dialog shown above. At this point, any of the - available Levels supported by the server can be applied to the - Loggers selected and they will immediately update, as will any - child Loggers without their own specific Level. - </para><para> - The RootLogger can be similarly edited using the button at the - bottom left of the window. - </para> -<!--h2--></section> - - <section role="h2" id="QpidJMXManagementConsoleUserGuide-ConfigurationFileOptions"><title> - ConfigurationFile - Options - </title> - - <para> - - The ConfigurationFile Options tab allows alteration of the Level - settings for the Loggers defined in the configuration file, - allowing changes to persist following a restart of the server. - Changes made to the configuration file are only applied - automatically while the sever is running if it was configured to - enable the LogWatch capability, meaning it will monitor the - configuration file for changes and apply the new configuration - when the change is detected. If this was not enabled, the changes - will be picked up when the server is restarted. The status of the - LogWatch feature is shown at the bottom of the tab. - Alternatively, in the latest versions of the LoggingManagement - MBean it is possible to reload the logging configuration file on - demand. - </para><para> - Manipulating the Levels is as on the Runtime Options tab, either - double-click an individual Logger entry or select multiple - Loggers and use the button to load the dialog to set the new - Level. - </para><para> - <mediaobject><imageobject><imagedata fileref="images/3113106.png" format="PNG" scalefit="1"/></imageobject><textobject><phrase/></textobject><caption><para/></caption></mediaobject> - </para><para> - One issue to note of when reloading the configuration file - settings, either automatically using LogWatch or manually, is - that any Logger set to a specific Level using the Runtime Options - tab that is not defined in the configuration file will maintain - that Level when the configuration file is reloaded. In other - words, if a Logger is defined in the configuration file, then the - configuration file will take precedence at reload, otherwise the - Runtime options take precedence. - </para><para> - This situation will be immediately obvious by examining the - Runtime Options tab to see the effective Level of each Logger - – unless it has been altered with the RuntimeOptions or - specifically set in the configuration file, a Logger Level should - match that of its parent. In the latest versions of the - LoggingManagement MBean, it is possible to use the RuntimeOptions - to restore a child logger to inheriting from its parent by - setting it with an INHERITED level that removes any previously - set Level of its own. - - </para> -<!--h2--></section> -<!--h1--></section> - - - - <section role="h1" id="QpidJMXManagementConsoleUserGuide-ServerInformationMBean"><title> - ServerInformation MBean - </title> - - <para> - - <mediaobject><imageobject><imagedata fileref="images/3113107.png" format="PNG" scalefit="1"/></imageobject><textobject><phrase/></textobject><caption><para/></caption></mediaobject> - </para><para> - The ServerInformation MBean currently only conveys various pieces - of version information to allow precise identification of the - server version and its management capabilities. In future it is - likely to convey additional server-wide details and/or - functionality. - </para> -<!--h1--></section> - - <section role="h1" id="QpidJMXManagementConsoleUserGuide-UserManagementMBean"><title> - - UserManagement MBean - </title> - - <para> - - The UserManagement MBean is accessible by admin level users, and - allows manipulation of existing user accounts and creation of new - user accounts. - </para><para> - <mediaobject><imageobject><imagedata fileref="images/3113108.png" format="PNG" scalefit="1"/></imageobject><textobject><phrase/></textobject><caption><para/></caption></mediaobject> - </para><para> - - To add a new user, press the <emphasis>Add New User</emphasis> button, which - will load the dialog shown below. - </para><para> - <mediaobject><imageobject><imagedata fileref="images/3113109.png" format="PNG" scalefit="1"/></imageobject><textobject><phrase/></textobject><caption><para/></caption></mediaobject> - </para><para> - Here you may enter the new users Username, Password, and select - their JMX Management Rights. This controls whether or not they - have access to the management interface, and if so what - capabilities are accessible. <emphasis>Read Only</emphasis> access allows - undertaking any operations that do not alter the server state, - such as viewing messages. <emphasis>Read + Write</emphasis> access allows use - of all operations which are not deemed admin-only (such as those - in the UserManagement MBean itself). <emphasis>Admin</emphasis> access allows - a user to utilize any operation, and view the admin-only MBeans - (currently these are ConfigurationManagement, LoggingManagement, - and UserManagement). - </para><para> - One or more users at a time may be deleted by selecting them in - the table and clicking the <emphasis>Delete User(s)</emphasis> button. The - console will then prompt for confirmation before undertaking the - removals. Similarly, the access rights for one or more users may - be updated by selecting them in the table and clicking the - <emphasis>Set Rights</emphasis> button. The console will then display a - dialog enabling selection of the new access level and - confirmation to undertake the update. - </para><para> - An individual user password may be updated by selecting the user - in the table in and clicking the <emphasis>Set Password</emphasis> button. - The console will then display a dialog enabling input of the new - password and confirmation to undertake the update. - </para><para> - - The server caches the user details in memory to aid performance. - If may sometimes be necessary to externally modify the password - and access right files on disk. In order for these changes to be - known to the server without a restart, it must be instructed to - reload the file contents. This can be done using the provided - <emphasis>Reload User Details</emphasis> button (on older servers, only the - management rights file is reloaded, on newer servers both files - are. The description on screen will indicate the behaviour). - After pressing this button the console will seek confirmation - before proceeding. - </para> -<!--h1--></section> - - - <section role="h1" id="QpidJMXManagementConsoleUserGuide-VirtualHostManagerMBean"><title> - - VirtualHostManager MBean - </title> - - <para> - - Each VirtualHost in the server has an associated - VirtualHostManager MBean. This allows viewing, creation, and - deletion of Queues and Exchanges within the VirtualHost. - </para><para> - Clicking the <emphasis>Create</emphasis> button in the Queue section will - open a dialog allowing specification of the Name, Owner - (optional), and durability properties of the new Queue, and - confirmation of the operation. - </para><para> - One or more Queues may be deleted by selecting them in the table - and clicking the <emphasis>Delete</emphasis> button. This will unregister the - Queue bindings, remove the subscriptions and delete the Queue(s). - The console will prompt for confirmation before undertaking the - operation. - </para><para> - <mediaobject><imageobject><imagedata fileref="images/3113110.png" format="PNG" scalefit="1"/></imageobject><textobject><phrase/></textobject><caption><para/></caption></mediaobject> - </para><para> - Clicking the <emphasis>Create</emphasis> button in the Exchange section will - open a dialog allowing specification of the Name, Type, and - Durable attributes of the new Exchange, and confirmation of the - operation. - </para><para> - One or more Exchanges may be deleted by selecting them in the - table and clicking the <emphasis>Delete</emphasis> button. This will - unregister all the related channels and Queue bindings then - delete the Exchange(s). The console will prompt for confirmation - before undertaking the operation. - </para><para> - - Double-clicking on a particular Queue or Exchange name in the - tables will open the MBean representing it. - </para> -<!--h1--></section> - - - - <section role="h1" id="QpidJMXManagementConsoleUserGuide-Notifications"><title> - - Notifications - </title> - - <para> - - MBeans on the server can potentially send Notifications that - users may subscribe to. When managing an individual MBean that - offers Notifications types for subscription, the console supplies - a Notifications tab to allow (un)subscription to the - Notifications if desired and viewing any that are received - following subscription. - </para><para> - In order to provide quicker access to/awareness of any received - Notifications, each VirtualHost area in the connection tree has a - Notifications area that aggregates all received Notifications for - MBeans in that VirtualHost. An example of this can be seen in the - figure below. - </para><para> - <mediaobject><imageobject><imagedata fileref="images/3113111.png" format="PNG" scalefit="1"/></imageobject><textobject><phrase/></textobject><caption><para/></caption></mediaobject> - </para><para> - All received Notifications will be displayed until such time as - the user removes them, either in this aggregated view, or in the - Notifications area of the individual MBean that generated the - Notification. - </para><para> - They may be cleared selectively or all at once. To clear - particular Notifications, they should be selected in the table - before pressing the <emphasis>Clear</emphasis> button. To clear all - Notifications, simply press the <emphasis>Clear</emphasis> button without - anything selected in the table, at which point the console will - request confirmation of this clear-all action. - </para> -<!--h1--></section> - - <section role="h1" id="QpidJMXManagementConsoleUserGuide-ManagingQueues"><title> - Managing - Queues - </title> - - <para> - - As mentioned in earlier discussion of Navigation, Queue MBeans - can be opened either by double clicking an entry in the Queues - selection area, or adding a queue to the tree as a favourite and - clicking on its tree node. Unique to the Queue selection screen - is the ability to view additional attributes beyond just that of - the Queue Name. This is helpful for determining which Queues - satisfy a particular condition, e.g. having <X> messages on - the queue. The example below shows the selection view with - additional attributes <emphasis>Consumer Count, Durable, MessageCount, - and QueueDepth</emphasis> (selected using the <emphasis>Select - Attributes</emphasis> button at the bottom right corner of the - table)<emphasis>.</emphasis> - </para><para> - <mediaobject><imageobject><imagedata fileref="images/3113112.png" format="PNG" scalefit="1"/></imageobject><textobject><phrase/></textobject><caption><para/></caption></mediaobject> - </para><para> - Upon opening a Queue MBean, the Attributes tab is displayed, as - shown below. This allows viewing the value all attributes, - editing those which are writable values (highlighted in blue) if - the users management permissions allow, viewing descriptions of - their purpose, and graphing certain numerical attribute values as - they change over time. - </para><para> - <mediaobject><imageobject><imagedata fileref="images/3113113.png" format="PNG" scalefit="1"/></imageobject><textobject><phrase/></textobject><caption><para/></caption></mediaobject> - </para><para> - The next tab contains the operations that can be performed on the - queue. The main table serves as a means of viewing the messages - on the queue, and later for selecting specific messages to - operate upon. It is possible to view any desired range of - messages on the queue by specifying the visible range using the - fields at the top and pressing the <emphasis>Set</emphasis> button. Next to - this there are helper buttons to enable faster browsing through - the messages on the queue; these allow moving forward and back by - whatever number of messages is made visible by the viewing range - set. The Queue Position column indicates the position of each - message on the queue, but is only present when connected to newer - servers as older versions cannot provide the necessary - information to show this (unless only a single message position - is requested). - </para><para> - <mediaobject><imageobject><imagedata fileref="images/3113114.png" format="PNG" scalefit="1"/></imageobject><textobject><phrase/></textobject><caption><para/></caption></mediaobject> - </para><para> - Upon selecting a message in the table, its header properties and - redelivery status are updated in the area below the table. Double - clicking a message in the table (or using the <emphasis>View Message - Content</emphasis> button to its right) will open a dialog window - displaying the contents of the message. - </para><para> - One or more messages can be selected in the table and moved to - another queue in the VirtualHost by using the <emphasis>Move - Message(s)</emphasis> button, which opens a dialog to enable selection - of the destination and confirmation of the operation. Newer - servers support the ability to similarly copy the selected - messages to another queue in a similar fashion, or delete the - selected messages from the queue after prompting for - confirmation. - </para><para> - Finally, all messages (that have not been acquired by consumers) - on the queue can be deleted using the <emphasis>Clear Queue</emphasis> - button, which will generate a prompt for confirmation. On newer - servers, the status bar at the lower left of the application will - report the number of messages actually removed. - </para> -<!--h1--></section> - - - <section role="h1" id="QpidJMXManagementConsoleUserGuide-ManagingExchanges"><title> - - Managing Exchanges - </title> - - <para> - Exchange MBeans are opened for management operations in similar - fashion as described for Queues, again showing an Attributes tab - initially, with the Operations tab next: - </para><para> - <mediaobject><imageobject><imagedata fileref="images/3113115.png" format="PNG" scalefit="1"/></imageobject><textobject><phrase/></textobject><caption><para/></caption></mediaobject> - </para><para> - Of the four default Exchange Types <emphasis>(direct, fanout, headers, - and topic)</emphasis> all but <emphasis>headers</emphasis> have their bindings - presented in the format shown above. The left table provides the - binding/routing keys present in the exchange. Selecting one of - these entries in the table prompts the right table to display all - the queues associated with this key. Pressing the <emphasis>Create</emphasis> - button opens a dialog allowing association of an existing queue - with the entered Binding. - </para><para> - <mediaobject><imageobject><imagedata fileref="images/3113116.png" format="PNG" scalefit="1"/></imageobject><textobject><phrase/></textobject><caption><para/></caption></mediaobject> - </para><para> - The <emphasis>headers</emphasis> Exchange type (default instantiation - <emphasis>amq.match or amq.headers</emphasis>) is presented as below: - </para><para> - <mediaobject><imageobject><imagedata fileref="images/3113117.png" format="PNG" scalefit="1"/></imageobject><textobject><phrase/></textobject><caption><para/></caption></mediaobject> - </para><para> - In the previous figure, the left table indicates the binding - number, and the Queue associated with the binding. Selecting one - of these entries in the table prompts the right table to display - the header values that control when the binding matches an - incoming message. - </para><para> - <mediaobject><imageobject><imagedata fileref="images/3113118.png" format="PNG" scalefit="1"/></imageobject><textobject><phrase/></textobject><caption><para/></caption></mediaobject> - </para><para> - Pressing the <emphasis>Create</emphasis> button when managing a - <emphasis>headers</emphasis> Exchange opens a dialog allowing creation of a - new binding, associating an existing Queue with a particular set - of header keys and values. The <emphasis>x-match</emphasis> key is required, - and instructs the server whether to match the binding with - incoming messages based on ANY or ALL of the further key-value - pairs entered. If it is desired to enter more than 4 pairs, you - may press the <emphasis>Add additional field</emphasis> button to create a - new row as many times as is required. - - When managing a <emphasis>headers</emphasis> Exchange, double clicking an - entry in the left-hand table will open the MBean for the Queue - specified in the binding properties. - </para><para> - When managing another Exchange Type, double clicking the Queue - Name in the right-hand table will open the MBean of the Queue - specified. - </para> -<!--h1--></section> - - <section role="h1" id="QpidJMXManagementConsoleUserGuide-ManagingConnections"><title> - - Managing Connections - </title> - - <para> - - Exchange MBeans are opened for management operations in similar - fashion as described for Queues, again showing an Attributes tab - initially, with the Operations tab next, and finally a - Notifications tab allowing subscription and viewing of - Notifications. The Operations tab can be seen in the figure - below. - </para><para> - <mediaobject><imageobject><imagedata fileref="images/3113119.png" format="PNG" scalefit="1"/></imageobject><textobject><phrase/></textobject><caption><para/></caption></mediaobject> - The main table shows the properties of all the Channels that are - present on the Connection, including whether they are - <emphasis>Transactional</emphasis>, the <emphasis>Number of Unacked Messages</emphasis> - on them, and the <emphasis>Default Queue</emphasis> if there is one (or - <emphasis>null</emphasis> if there is not). - </para><para> - The main operations supported on a connection are Commiting and - Rolling Back of Transactions on a particular Channel, if the - Channel is Transactional. This can be done by selecting a - particular Channel in the table and pressing the <emphasis>Commit - Transactions</emphasis> or <emphasis>Rollback Transactions</emphasis> buttons at - the lower right corner of the table, at which point the console - will prompt for confirmation of the action. These buttons are - only active when the selected Channel in the table is - Transactional. - </para><para> - The final operation supported is closing the Connection. After - pressing the <emphasis>Close Connection</emphasis> button, the console will - prompt for confirmation of the action. If this is carried out, - the MBean for the Connection being managed will be removed from - the server. The console will be notified of this by the server - and display an information dialog to that effect, as it would if - any other MBean were to be unregistered whilst being viewed. - </para><para> - Double clicking a row in the table will open the MBean of the - associated <emphasis>Default Queue</emphasis> if there is one. - </para> - -<!--h1--></section> -</section> diff --git a/doc/book/src/java-broker/Qpid-JMX-Management-Console.xml b/doc/book/src/java-broker/Qpid-JMX-Management-Console.xml deleted file mode 100644 index fb46f4a01a..0000000000 --- a/doc/book/src/java-broker/Qpid-JMX-Management-Console.xml +++ /dev/null @@ -1,53 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!-- - - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - ---> - -<chapter id="Qpid-JMX-Management-Console"> - - <title> - Qpid JMX Management Console - </title> - - <section role="h2" id="QpidJMXManagementConsole-QpidJMXManagementConsole"> - - <title> Qpid JMX Management Console </title> - - <section role="h3" id="QpidJMXManagementConsole-Overview"> - - <title> - Overview - </title> - - <para> - The Qpid JMX Management Console is a standalone Eclipse - RCP application that communicates with the broker using - JMX. - </para> - - <xi:include href="Configuring-Management-Users.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> - <xi:include href="Configuring-Qpid-JMX-Management-Console.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> - <xi:include href="Management-Console-Security.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> - <xi:include href="Qpid-JMX-Management-Console-FAQ.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> - <xi:include href="Qpid-JMX-Management-Console-User-Guide.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> - <xi:include href="Qpid-Management-Features.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> -<!--h3--></section> -<!--h2--></section> -</chapter> diff --git a/doc/book/src/java-broker/Qpid-Java-Broker-Management-CLI.xml b/doc/book/src/java-broker/Qpid-Java-Broker-Management-CLI.xml deleted file mode 100644 index 84c4b7b7a4..0000000000 --- a/doc/book/src/java-broker/Qpid-Java-Broker-Management-CLI.xml +++ /dev/null @@ -1,159 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!-- - - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - ---> - -<section id="Qpid-Java-Broker-Management-CLI"><title> - Qpid Java Broker Management CLI - </title> - <section role="h2" id="QpidJavaBrokerManagementCLI-HowtobuildApacheQpidCLI"><title> - How to - build Apache Qpid CLI - </title> - - - <section role="h3" id="QpidJavaBrokerManagementCLI-BuildInstructionsGeneral"><title> - Build - Instructions - General - </title> - - <para> - At the very beginning please build Apache Qpid by refering this - installation guide from here <xref linkend="qpid_qpid-java-build-how-to"/>. - </para><para> - After successfully build Apache Qpid you'll be able to start - Apache Qpid Java broker,then only you are in a position to use - Qpid CLI. - </para> -<!--h3--></section> - - <section role="h3" id="QpidJavaBrokerManagementCLI-CheckouttheSource"><title> - Check - out the Source - </title> - - <para> - First check out the source from subversion repository. Please - visit the following link for more information about different - versions of Qpid CLI. - </para><para> - <xref linkend="qpid_list"/> - </para> -<!--h3--></section> - - <section role="h3" id="QpidJavaBrokerManagementCLI-Prerequisites"><title> - Prerequisites - </title> - - <para> - For the broker code you need JDK 1.5.0_15 or later. You should - set JAVA_HOME and include the bin directory in your PATH. - </para><para> - Check it's ok by executing java -v ! - </para> -<!--h3--></section> - - <section role="h3" id="QpidJavaBrokerManagementCLI-BuildingApacheQpidCLI"><title> - Building - Apache Qpid CLI - </title> - - <para> - This project is currently having only an ant build system.Please - install ant build system before trying to install Qpid CLI. - </para> -<!--h3--></section> - - - - <section role="h3" id="QpidJavaBrokerManagementCLI-Compiling"><title> - Compiling - </title> - - <para> - To compile the source please run following command - </para> - <programlisting> -ant compile -</programlisting> - <para> - To compile the test source run the following command - </para> - <programlisting> -ant compile-tests -</programlisting> -<!--h3--></section> - - - <section role="h3" id="QpidJavaBrokerManagementCLI-RunningCLI"><title> - Running CLI - </title> - - <para> - After successful compilation set QPID_CLI environment variable to - the main source directory.(set the environment variable to the - directory where ant build script stored in the SVN - checkout).Please check whether the Qpid Java broker is up an - running in the appropriate location and run the following command - to start the Qpid CLI by running the qpid-cli script in the bin - directory. - </para><para> - $QPID_CLI/bin/qpid-cli -h <hostname of the broker> -p - <broker running port> - For more details please have a look in to README file which ships - with source package of Qpid CLI. - </para> -<!--h3--></section> - - - <section role="h3" id="QpidJavaBrokerManagementCLI-Otheranttargets"><title> - Other - ant targets - </title> - - <para>For now we are supporting those ant targets.</para> - - <variablelist> - <varlistentry> - <term>ant clean</term> - <listitem><para>Clean the complete build including CLI build and test build.</para></listitem> - </varlistentry> - <varlistentry> - <term>ant jar</term> - <listitem><para>Create the jar file for the project without test cases.</para></listitem> - </varlistentry> - <varlistentry> - <term>ant init</term> - <listitem><para>Create the directory structure for build.</para></listitem> - </varlistentry> - <varlistentry> - <term>ant compile-tests </term> - <listitem><para>This compiles all the test source.</para></listitem> - </varlistentry> - <varlistentry> - <term>ant test </term> - <listitem><para>Run all the test cases.</para></listitem> - </varlistentry> - - </variablelist> - -<!--h3--></section> -<!--h2--></section> -</section> diff --git a/doc/book/src/java-broker/Qpid-Java-Build-How-To.xml b/doc/book/src/java-broker/Qpid-Java-Build-How-To.xml deleted file mode 100644 index 9f3625760a..0000000000 --- a/doc/book/src/java-broker/Qpid-Java-Build-How-To.xml +++ /dev/null @@ -1,365 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!-- - - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - ---> - -<section id="Qpid-Java-Build-HowTo"><title> - Qpid Java Build How To - </title> - - <section role="h1" id="QpidJavaBuildHowTo-BuildInstructionsGeneral"><title> - Build - Instructions - General - </title> - - <section role="h2" id="QpidJavaBuildHowTo-Checkoutthesource"><title> - Check out the - source - </title> - <para> - Firstly, check the source for Qpid out of our subversion - repository: - </para><para> - <xref linkend="qpid_trunk"/> - </para> -<!--h2--></section> - <section role="h2" id="QpidJavaBuildHowTo-Prerequisites"><title> - Prerequisites - </title> - <para> - For the broker code you need JDK 1.5.0_15 or later. You should - set JAVA_HOME and include the bin directory in your PATH. - </para><para> - Check it's ok by executing java -v ! - </para><para> - If you are wanting to run the python tests against the broker you - will of course need a version of python. - </para> -<!--h2--></section> -<!--h1--></section> - - <section role="h1" id="QpidJavaBuildHowTo-BuildInstructionsTrunk"><title> - Build - Instructions - Trunk - </title> - <para> - Our build system has reverted to ant as of May 2008. - </para><para> - The ant target 'help' will tell you what you need to know about - the build system. - </para> - <section role="h2" id="QpidJavaBuildHowTo-AntBuildScripts"><title> - Ant Build - Scripts - </title> - <para> - Currently the Qpid java project builds using ant. - </para><para> - The ant build system is set up in a modular way, with a top level - build script and template for module builds and then a module - level build script which inherits from the template. - </para><para> - So, at the top level there are: - </para><table><title/><tgroup cols="2"> - <tbody> - <row> - <entry> - File - </entry> - <entry> - Description - </entry> - </row> - <row> - <entry> - build.xml - </entry> - <entry> - Top level build file for the project which defines all the - build targets - </entry> - </row> - <row> - <entry> - common.xml - </entry> - <entry> - Common properties used throughout the build system - </entry> - </row> - <row> - <entry> - module.xml - </entry> - <entry> - Template used by all modules which sets up properties for - module builds - </entry> - </row> - </tbody> - </tgroup></table><para> - Then, in each module subdirectory there is: - </para><table><title/><tgroup cols="2"> - <tbody> - <row> - <entry> - File - </entry> - <entry> - Description - </entry> - </row> - <row> - <entry> - build.xml - </entry> - <entry> - Defines all the module values for template properties - </entry> - </row> - </tbody> - </tgroup></table> -<!--h2--></section> - <section role="h2" id="QpidJavaBuildHowTo-Buildtargets"><title> - Build targets - </title> - <para> - The main build targets you are probably interested in are: - </para><table><title/><tgroup cols="2"> - <tbody> - <row> - <entry> - Target - </entry> - <entry> - Description - </entry> - </row> - <row> - <entry> - build - </entry> - <entry> - Builds all source code for Qpid - </entry> - </row> - <row> - <entry> - test - </entry> - <entry> - Runs the testsuite for Qpid - </entry> - </row> - </tbody> - </tgroup></table><para> - So, if you just want to compile everything you should run the - build target in the top level build.xml file. - </para><para> - If you want to build an installable version of Qpid, run the - archive task from the top level build.xml file. - </para><para> - If you want to compile an individual module, simply run the build - target from the appropriate module e.g. to compile the broker - source - </para> -<!--h2--></section> - <section role="h2" id="QpidJavaBuildHowTo-ConfiguringEclipse"><title> - Configuring - Eclipse - </title> - <para> - 1. Run the ant build from the root directory of Java trunk. - 2. New project -> create from existing file system for broker, - common, client, junit-toolkit, perftests, systests and each - directory under management - 4. Add the contents of lib/ to the build path - 5. Setup Generated Code - 6. Setup Dependencies - </para> - <section role="h3" id="QpidJavaBuildHowTo-GeneratedCode"><title> - Generated Code - </title> - <para> - The Broker and Common packages both depend on generated code. - After running 'ant' the build/scratch directory will contain this - generated code. - For the broker module add build/scratch/broker/src - For the common module add build/scratch/common/src - </para> -<!--h3--></section> - <section role="h3" id="QpidJavaBuildHowTo-Dependencies"><title> - Dependencies - </title> - <para> - These dependencies are correct at the time of writting however, - if things are not working you can check the dependencies by - looking in the modules build.xml file: - </para> - <programlisting> -for i in `find . -name build.xml` ; do echo "$i:"; grep module.depends $i ; done -</programlisting> - <para> - The <emphasis>module.depend</emphasis> value will detail which other modules - are dependencies. - </para><para> - broker - </para><itemizedlist> - <listitem><para>common - </para></listitem> - <listitem><para>management/common - </para></listitem> - </itemizedlist><para> - client - </para><itemizedlist> - <listitem><para>Common - </para></listitem> - </itemizedlist><para> - systest - </para><itemizedlist> - <listitem><para>client - </para></listitem> - <listitem><para>management/common - </para></listitem> - <listitem><para>broker - </para></listitem> - <listitem><para>broker/test - </para></listitem> - <listitem><para>common - </para></listitem> - <listitem><para>junit-toolkit - </para></listitem> - <listitem><para>management/tools/qpid-cli - </para></listitem> - </itemizedlist><para> - perftests - </para><itemizedlist> - <listitem><para>systests - </para></listitem> - <listitem><para>client - </para></listitem> - <listitem><para>broker - </para></listitem> - <listitem><para>common - </para></listitem> - <listitem><para>junit-toolkit - </para></listitem> - </itemizedlist><para> - management/eclipse-plugin - </para><itemizedlist> - <listitem><para>broker - </para></listitem> - <listitem><para>common - </para></listitem> - <listitem><para>management/common - </para></listitem> - </itemizedlist><para> - management/console - </para><itemizedlist> - <listitem><para>common - </para></listitem> - <listitem><para>client - </para></listitem> - </itemizedlist><para> - management/agent - </para><itemizedlist> - <listitem><para>common - </para></listitem> - <listitem><para>client - </para></listitem> - </itemizedlist><para> - management/tools/qpid-cli - </para><itemizedlist> - <listitem><para>common - </para></listitem> - <listitem><para>management/common - </para></listitem> - </itemizedlist><para> - management/client - </para><itemizedlist> - <listitem><para>common - </para></listitem> - <listitem><para>client - </para></listitem> - </itemizedlist><para> - integrationtests - </para><itemizedlist> - <listitem><para>systests - </para></listitem> - <listitem><para>client - </para></listitem> - <listitem><para>common - </para></listitem> - <listitem><para>junit-toolkit - </para></listitem> - </itemizedlist><para> - testkit - </para><itemizedlist> - <listitem><para>client - </para></listitem> - <listitem><para>broker - </para></listitem> - <listitem><para>common - </para></listitem> - </itemizedlist><para> - tools - </para><itemizedlist> - <listitem><para>client - </para></listitem> - <listitem><para>common - </para></listitem> - </itemizedlist><para> - client/examples - </para><itemizedlist> - <listitem><para>common - </para></listitem> - <listitem><para>client - </para></listitem> - </itemizedlist><para> - broker-plugins - </para><itemizedlist> - <listitem><para>client - </para></listitem> - <listitem><para>management/common - </para></listitem> - <listitem><para>broker - </para></listitem> - <listitem><para>common - </para></listitem> - <listitem><para>junit-toolkit - </para></listitem> - </itemizedlist> -<!--h3--></section> -<!--h2--></section> - - <section role="h2" id="QpidJavaBuildHowTo-Whatnext-3F"><title> - What next ? - </title> - <para> - If you want to run your built Qpid package, see our <xref linkend="qpid_Getting-Started-Guide"/> for details of - how to do that. - </para><para> - If you want to run our tests, you can use the ant test or - testreport (produces a useful report) targets. - </para> - -<!--h2--></section> -<!--h1--></section> -</section> diff --git a/doc/book/src/java-broker/Qpid-Java-FAQ.xml b/doc/book/src/java-broker/Qpid-Java-FAQ.xml deleted file mode 100644 index 2940e58138..0000000000 --- a/doc/book/src/java-broker/Qpid-Java-FAQ.xml +++ /dev/null @@ -1,890 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!-- - - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - ---> - -<section id="Qpid-Java-FAQ"><title> - Qpid Java FAQ - </title> - - <section role="h2" id="QpidJavaFAQ-Purpose"> - <title>Purpose</title> - <para> - Here are a list of commonly asked questions and answers. Click on - the the bolded questions for the answer to unfold. If you have - any questions which are not on this list, please email our - qpid-user list. - </para> - - <section role="h3" id="QpidJavaFAQ-WhatisQpid-3F"><title> - What is Qpid ? - </title> - - <para> - The java implementation of Qpid is a pure Java message broker - that implements the AMQP protocol. Essentially, Qpid is a robust, - performant middleware component that can handle your messaging - traffic. - </para><para> - It currently supports the following features: - </para><itemizedlist> - <listitem><para>High performance header-based routing for messages - </para></listitem> - <listitem><para>All features required by the JMS 1.1 specification. Qpid - passes all tests in the Sun JMS compliance test suite - </para></listitem> - <listitem><para>Transaction support - </para></listitem> - <listitem><para>Persistence using the high performance Berkeley DB Java - Edition. The persistence layer is also pluggable should an - alternative implementation be required. The BDB store is - available from the <xref linkend="qpid_3rd-Party-Libraries"/> page - </para></listitem> - <listitem><para>Pluggable security using SASL. Any Java SASL provider can be - used - </para></listitem> - <listitem><para>Management using JMX and a custom management console built - using Eclipse RCP - </para></listitem> - <listitem><para>Naturally, interoperability with other clients including the - Qpid .NET, Python, Ruby and C++ implementations - </para></listitem> - </itemizedlist> - <!--h3--></section> - - <section role="h3" id="QpidJavaFAQ-WhyamIgettingaConfigurationExceptionatbrokerstartup-3F"><title> - Why am I getting a ConfigurationException at broker startup ? - </title> - - <section role="h4" id="QpidJavaFAQ-InvocationTargetException"><title> - InvocationTargetException - </title> - <para> - If you get a java.lang.reflect.InvocationTargetException on - startup, wrapped as ConfigurationException like this: - </para> - <programlisting> -Error configuring message broker: org.apache.commons.configuration.ConfigurationException: java.lang.reflect.InvocationTargetException -2008-09-26 15:14:56,529 ERROR [main] server.Main (Main.java:206) - Error configuring message broker: org.apache.commons.configuration.ConfigurationException: java.lang.reflect.InvocationTargetException -org.apache.commons.configuration.ConfigurationException: java.lang.reflect.InvocationTargetException -at org.apache.qpid.server.security.auth.database.ConfigurationFilePrincipalDatabaseManager.initialisePrincipalDatabase(ConfigurationFilePrincipalDatabaseManager.java:158) -at org.apache.qpid.server.security.auth.database.ConfigurationFilePrincipalDatabaseManager.initialisePrincipalDatabases(ConfigurationFilePrincipalDatabaseManager.java:87) -at org.apache.qpid.server.security.auth.database.ConfigurationFilePrincipalDatabaseManager.<init>(ConfigurationFilePrincipalDatabaseManager.java:56) -at org.apache.qpid.server.registry.ConfigurationFileApplicationRegistry.initialise(ConfigurationFileApplicationRegistry.java:117) -at org.apache.qpid.server.registry.ApplicationRegistry.initialise(ApplicationRegistry.java:79) -at org.apache.qpid.server.registry.ApplicationRegistry.initialise(ApplicationRegistry.java:67) -at org.apache.qpid.server.Main.startup(Main.java:260) -at org.apache.qpid.server.Main.execute(Main.java:196) -at org.apache.qpid.server.Main.<init>(Main.java:96) -at org.apache.qpid.server.Main.main(Main.java:454) -at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) -at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) -at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) -at java.lang.reflect.Method.invoke(Method.java:597) -at com.intellij.rt.execution.application.AppMain.main(AppMain.java:90) -Caused by: java.lang.reflect.InvocationTargetException -at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) -at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) -at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) -at java.lang.reflect.Method.invoke(Method.java:597) -at org.apache.qpid.server.security.auth.database.ConfigurationFilePrincipalDatabaseManager.initialisePrincipalDatabase(ConfigurationFilePrincipalDatabaseManager.java:148) -</programlisting> - <para> - .. then it means you have a missing password file. - </para><para> - You need to create a password file for your deployment and update - your config.xml to reflect the location of the password file for - your instance. - </para><para> - The config.xml can be a little confusing in terms of element - names and file names for passwords. - </para><para> - To do this, you need to edit the passwordDir element for the - broker, which may have a comment to that effect: - </para> - <programlisting> -<passwordDir><!-- Change to the location --></passwordDir> -</programlisting> - <para> - The file should be named passwd by default but if you want to you - can change this by editing this element: - </para> - <programlisting> -<value>${passwordDir}/passwd</value> -</programlisting> - <!--h4--></section> - - - <section role="h4" id="QpidJavaFAQ-Cannotlocateconfigurationsourcenull-2Fvirtualhosts.xml"><title> - Cannot locate configuration source null/virtualhosts.xml - </title> - - <para> - If you get this message, wrapped inside a ConfigurationException - then you've come across a known issue, see JIRA <xref linkend="qpid_QPID-431"/> - </para><para> - The work around is to use a qualified path as the parameter value - for your -c option, rather than (as you migth be) starting the - broker from your installed etc directory. Even going up one level - and using a path relative to your £QPID_HOME directory - would sort this e.g qpid-server -c ./etc/myconfig.xml - </para> -<!--h4--></section> -<!--h3--></section> - - <section role="h3" id="QpidJavaFAQ-HowdoIruntheQpidbroker-3F"><title> - How do I run - the Qpid broker ? - </title> - - <para> - The broker comes with a script for unix/linux/cygwin called - qpid-server, which can be found in the bin directory of the - installed package. This command can be executed without any - paramters and will then use the default configuration file - provided on install. - </para><para> - For the Windows OS, please use qpid-server.bat. - </para><para> - There's no need to set your classpath for QPID as the scripts - take care of that by adding jar's with classpath defining - manifest files to your classpath. - </para><para> - For more information on running the broker please see our - <xref linkend="Getting-Started"/> page. - </para> -<!--h3--></section> - - <section role="h3" id="QpidJavaFAQ-HowcanIcreateaconnectionusingaURL-3F"><title> - How can I - create a connection using a URL ? - </title> - - <para> - Please see the <xref linkend="qpid_Connection-URL-Format"/> documentation. - </para> -<!--h3--></section> - - <section role="h3" id="QpidJavaFAQ-HowdoIrepresentaJMSDestinationstringwithQPID-3F"><title> - How - do I represent a JMS Destination string with QPID ? - </title> - - <section role="h4" id="QpidJavaFAQ-Queues"><title> - Queues - </title> - - <para> - A queue can be created in QPID using the following URL format. - </para><para> - direct://amq.direct/<Destination>/<Queue - Name> - </para><para> - For example: - direct://amq.direct/<Destination>/simpleQueue - </para><para> - Queue names may consist of any mixture of digits, letters, and - underscores. - </para><para> - The <xref linkend="BindingURLFormat"/> is described in more - detail on it's own page. - </para> -<!--h4--></section> - - <section role="h4" id="QpidJavaFAQ-Topics"><title> - Topics - </title> - - <para> - A topic can be created in QPID using the following URL format. - </para><para> - topic://amq.topic/<Topic Subscription>/ - </para><para> - The topic subscription may only contain the letters A-Z and a-z - and digits 0-9. - </para><para> - The topic subscription is formed from a series of words that may - only contain the letters A-Z and a-z and digits 0-9. - The words are delimited by dots. Each dot represents a new level. - </para><para> - For example: stocks.nyse.ibm - </para><para> - Wildcards can be used on subscription with the following meaning. - </para><itemizedlist> - <listitem><para>match a single level - # match zero or more levels - </para></listitem> - </itemizedlist><para> - For example: - With two clients - 1 - stocks.*.ibm - 2 - stocks.#.ibm - </para><para> - Publishing stocks.nyse.ibm will be received by both - clients but stocks.ibm and stocks.world.us.ibm - will only be received by client 2. - </para><para> - The topic currently does not support wild cards. - </para> -<!--h4--></section> -<!--h3--></section> - - <section role="h3" id="QpidJavaFAQ-HowdoIconnecttothebrokerusingJNDI-3F"><title> - How do I - connect to the broker using JNDI ? - </title> - - <para> - see <xref linkend="How-to-Use-JNDI"/> - </para> -<!--h3--></section> - - <section role="h3" id="QpidJavaFAQ-I-27musingSpringandWeblogiccanyouhelpmewiththeconfigurationformovingovertoQpid-3F"><title> - I'm using Spring and Weblogic - can you help me with the - configuration for moving over to Qpid ? - </title> - - <para> - Here is a donated Spring configuration file <ulink - url="http://qpid.apache.org/qpid-java-faq.data/appContext.zip">appContext.zip</ulink> - which shows the config for Qpid side by side with - Weblogic. HtH ! - </para> -<!--h3--></section> - - <section role="h3" id="QpidJavaFAQ-HowdoIconfigurethelogginglevelforQpid-3F"><title> - How do - I configure the logging level for Qpid ? - </title> - - <para> - The system property - </para> - <programlisting> -amqj.logging.level -</programlisting> - <para> - can be used to configure the logging level. - For the broker, you can use the environment variable - AMQJ_LOGGING_LEVEL which is picked up by the qpid-run script - (called by qpid-server to start the broker) at runtime. - </para><para> - For client code that you've written, simply pass in a system - property to your command line to set it to the level you'd like - i.e. - </para> - <programlisting> --Damqj.logging.level=INFO -</programlisting> - <para> - The log level for the broker defaults to INFO if the env variable - is not set, but you may find that your log4j properties affect - this. Setting the property noted above should address this. - </para> -<!--h3--></section> - - <section role="h3" id="QpidJavaFAQ-HowcanIconfiguremyapplicationtouseQpidclientlogging-3F"><title> - How can I configure my application to use Qpid client - logging? - </title> - - <para> - If you don't already have a logging implementation in your - classpath you should add slf4-log4j12-1.4.0.jar and - log4j-1.2.12.jar. - </para> -<!--h3--></section> - - <section role="h3" id="QpidJavaFAQ-HowcanIconfigurethebroker-3F"><title> - How can I - configure the broker ? - </title> - - <para> - The broker configuration is contained in the - <installed-dir>/etc/config.xml file. You can copy and edit - this file and then specify your own configuration file as a - parameter to the startup script using the -c flag i.e. - qpid-server -c <your_config_file's_path> - </para><para> - For more detailed information on configuration, please see - <xref linkend="qpid_Qpid-Design---Configuration"/> - </para><para> - - </para> -<!--h3--></section> - - <section role="h3" id="QpidJavaFAQ-Whatportsdoesthebrokeruse"><title> - What ports - does the broker use? - </title> - - <para> - The broker defaults to use port 5672 at startup for AMQP - traffic. - If the management interface is enabled it starts on port 8999 by - default. - </para><para> - The JMX management interface actually requires 2 ports to - operate, the second of which is indicated to the client - application during connection initiation to the main (default: - 8999) port. Previously this second port has been chosen at random - during broker startup, however since Qpid 0.5 this has been fixed - to a port 100 higher than the main port(ie Default:9099) in order - to ease firewall navigation. - </para> -<!--h3--></section> - - <section role="h3" id="QpidJavaFAQ-HowcanIchangetheportthebrokerusesatruntime-3F"><title> - How - can I change the port the broker uses at runtime ? - </title> - - <para> - The broker defaults to use port 5672 at startup for AMQP - traffic. - The broker also uses port 8999 for the JMX Management interface. - </para><para> - To change the AMQP traffic port use the -p flag at startup. To - change the management port use -m - i.e. qpid-server -p <port_number_to_use> -m - <port_number_to_use> - </para><para> - Use this to get round any issues on your host server with port - 5672/8999 being in use/unavailable. - </para><para> - For additional details on what ports the broker uses see <xref linkend="QpidJavaFAQ-Whatportsdoesthebrokeruse"/> FAQ - entry. - For more detailed information on configuration, please see - <xref linkend="qpid_Qpid-Design---Configuration"/> - </para> -<!--h3--></section> - - <section role="h3" id="QpidJavaFAQ-WhatcommandlineoptionscanIpassintotheqpidserverscript-3F"><title> - What command line options can I pass into the qpid-server - script ? - </title> - - <para> - The following command line options are available: - </para> - - <para> - The following options are available: - </para><table> - <title> - Command Line Options - </title> - - <tgroup cols="3"> - <tbody> - <row> - <entry> - Option - </entry> - <entry> - Long Option - </entry> - <entry> - Description - </entry> - </row> - <row> - <entry> - b - </entry> - <entry> - bind - </entry> - <entry> - Bind to the specified address overriding any value in the - config file - </entry> - </row> - <row> - <entry> - c - </entry> - <entry> - config - </entry> - <entry> - Use the given configuration file - </entry> - </row> - <row> - <entry> - h - </entry> - <entry> - help - </entry> - <entry> - Prints list of options - </entry> - </row> - <row> - <entry> - l - </entry> - <entry> - logconfig - </entry> - <entry> - Use the specified log4j.xml file rather than that in the - etc directory - </entry> - </row> - <row> - <entry> - m - </entry> - <entry> - mport - </entry> - <entry> - Specify port to listen on for the JMX Management. Overrides - value in config file - </entry> - </row> - <row> - <entry> - p - </entry> - <entry> - port - </entry> - <entry> - Specify port to listen on. Overrides value in config file - </entry> - </row> - <row> - <entry> - v - </entry> - <entry> - version - </entry> - <entry> - Print version information and exit - </entry> - </row> - <row> - <entry> - w - </entry> - <entry> - logwatch - </entry> - <entry> - Specify interval for checking for logging config changes. - Zero means no checking - </entry> - </row> - </tbody> - </tgroup></table> - </section> - - <section role="h3" id="QpidJavaFAQ-HowdoIauthenticatewiththebroker-3FWhatuserid-26passwordshouldIuse-3F"><title> - How do I authenticate with the broker ? What user id & - password should I use ? - </title> - - <para> - You should login as user guest with password guest - </para> -<!--h3--></section> - - <section role="h3" id="QpidJavaFAQ-HowdoIcreatequeuesthatwillalwaysbeinstantiatedatbrokerstartup-3F"><title> - How do I create queues that will always be instantiated at - broker startup ? - </title> - - <para> - You can configure queues which will be created at broker startup - by tailoring a copy of the virtualhosts.xml file provided in the - installed qpid-version/etc directory. - </para><para> - So, if you're using a queue called 'devqueue' you can ensure that - it is created at startup by using an entry something like this: - </para> - <programlisting> -<virtualhosts> - <default>test</default> - <virtualhost> - <name>test</name> - <test> - <queue> - <name>devqueue</name> - <devqueue> - <exchange>amq.direct</exchange> - <maximumQueueDepth>4235264</maximumQueueDepth> <!-- 4Mb --> - <maximumMessageSize>2117632</maximumMessageSize> <!-- 2Mb --> - <maximumMessageAge>600000</maximumMessageAge> <!-- 10 mins --> - </devqueue> - </queue> - </test> - </virtualhost> -</virtualhosts> -</programlisting> - <para> - Note that the name (in thie example above the name is 'test') - element should match the virtualhost that you're using to create - connections to the broker. This is effectively a namespace used - to prevent queue name clashes etc. You can also see that we've - set the 'test' virtual host to be the default for any connections - which do not specify a virtual host (in the <default> tag). - </para><para> - You can amend the config.xml to point at a different - virtualhosts.xml file by editing the <virtualhosts/> - element. - </para><para> - So, for example, you could tell the broker to use a file in your - home directory by creating a new config.xml file with the - following entry: - </para><para> - <virtualhosts>/home/myhomedir/virtualhosts.xml</virtualhosts> - </para><para> - You can then pass this amended config.xml into the broker at - startup using the -c flag i.e. - qpid-server -c <path>/config.xml - </para> -<!--h3--></section> - - <section role="h3" id="QpidJavaFAQ-HowdoIcreatequeuesatruntime-3F"><title> - How do I - create queues at runtime? - </title> - - <para> - Queues can be dynamically created at runtime by creating a - consumer for them. After they have been created and bound (which - happens automatically when a JMS Consumer is created) a publisher - can send messages to them. - </para> -<!--h3--></section> - - <section role="h3" id="QpidJavaFAQ-HowdoItunethebroker-3F"><title> - How do I tune - the broker? - </title> - - <para> - There are a number of tuning options available, please see the - <xref linkend="How-to-Tune-M3-Java-Broker-Performance"/> page for more information. - </para> -<!--h3--></section> - - <section role="h3" id="QpidJavaFAQ-Wheredoundeliverablemessagesendup-3F"><title> - Where do - undeliverable messages end up ? - </title> - - <para> - At present, messages with an invalid routing key will be returned - to the sender. If you register an exception listener for your - publisher (easiest to do by making your publisher implement the - ExceptionListener interface and coding the onException method) - you'll see that you end up in onException in this case. You can - expect to be catching a subclass of - org.apache.qpid.AMQUndeliveredException. - </para> -<!--h3--></section> - - <section role="h3" id="QpidJavaFAQ-CanIconfigurethenameoftheQpidbrokerlogfileatruntime-3F"><title> - Can I configure the name of the Qpid broker log file at - runtime ? - </title> - - <para> - If you simply start the Qpid broker using the default - configuration, then the log file is written to - $QPID_WORK/log/qpid.log - </para><para> - This is not ideal if you want to run several instances from one - install, or acrhive logs to a shared drive from several hosts. - </para><para> - To make life easier, there are two optional ways to configure the - naming convention used for the broker log. - </para> - - <section role="h4" id="QpidJavaFAQ-Settingaprefixorsuffix"><title> - Setting a prefix - or suffix - </title> - - <para> - Users should set the following environment variables before - running qpid-server: - </para><para> - QPID_LOG_PREFIX - will prefix the log file name with the - specified value e.g. if you set this value to be the name of your - host (for example) it could look something like host123qpid.log - </para><para> - QPID_LOG_SUFFIX - will suffix the file name with the specified - value e.g. if you set this value to be the name of your - application (for example) if could look something like - qpidMyApp.log - </para> -<!--h4--></section> - - <section role="h4" id="QpidJavaFAQ-IncludingthePID"><title> - Including the PID - </title> - - <para> - Setting either of these variables to the special value PID will - introduce the process id of the java process into the file name - as a prefix or suffix as specified** - </para> -<!--h4--></section> -<!--h3--></section> - - <section role="h3" id="QpidJavaFAQ-Myclientapplicationappearstohavehung-3F"><title> - My - client application appears to have hung? - </title> - - <para> - The client code currently has various timeouts scattered - throughout the code. These can cause your client to appear like - it has hung when it is actually waiting for the timeout ot - compelete. One example is when the broker becomes non-responsive, - the client code has a hard coded 2 minute timeout that it will - wait when closing a connection. These timeouts need to be - consolidated and exposed. see <xref linkend="qpid_QPID-429"/> - </para> -<!--h3--></section> - - <section role="h3" id="QpidJavaFAQ-HowdoIcontacttheQpidteam-3F"><title> - How do I - contact the Qpid team ? - </title> - - <para> - For general questions, please subscribe to the - <ulink url="mailto:users@qpid.apache.org">users@qpid.apache.org</ulink> mailing list. - </para><para> - For development questions, please subscribe to the - <ulink url="mailto:dev@qpid.apache.org">dev@qpid.apache.org</ulink> mailing list. - </para><para> - More details on these lists are available on our <xref linkend="qpid_Mailing-Lists"/> - page. - </para> -<!--h3--></section> - - <section role="h3" id="QpidJavaFAQ-HowcanIchangeauser-27spasswordwhilethebrokerisup-3F"><title> - How can I change a user's password while the broker is up ? - </title> - - <para> - You can do this via the <xref linkend="qpid_Qpid-JMX-Management-Console"/>. To - do this simply log in to the management console as an admin user - (you need to have created an admin account in the - jmxremote.access file first) and then select the 'UserManagement' - mbean. Select the user in the table and click the Set Password - button. Alternatively, update the password file and use the - management console to reload the file with the button at the - bottom of the 'UserManagement' view. In both cases, this will - take effect when the user next logs in i.e. will not cause them - to be disconnected if they are already connected. - </para><para> - For more information on the Management Console please see our - <xref linkend="Qpid-JMX-Management-Console-User-Guide"/> - </para> -<!--h3--></section> - - <section role="h3" id="QpidJavaFAQ-HowdoIknowifthereisaconsumerforamessageIamgoingtosend-3F"><title> - How do I know if there is a consumer for a message I am going - to send? - </title> - - <para> - Knowing that there is a consumer for a message is quite tricky. - That said using the qpid.jms.Session#createProducer with - immediate and mandatory set to true will get you part of the way - there. - </para><para> - If you are publishing to a well known queue then immediate will - let you know if there is any consumer able to pre-fetch that - message at the time you send it. If not it will be returned to - you on your connection listener. - </para><para> - If you are sending to a queue that the consumer creates then the - mandatory flag will let you know if they have not yet created - that queue. - </para><para> - These flags will not be able to tell you if the consuming - application has received the message and is able to process it. - </para> -<!--h3--></section> - - <section role="h3" id="QpidJavaFAQ-HowcanIinspectthecontentsofmyMessageStore-3F"><title> - How - can I inspect the contents of my MessageStore? - </title> - - <para> - The management console can be used to interogate an active - broker and browse the contents of a queue.See the <xref linkend="qpid_Qpid-JMX-Management-Console"/> - page for further details. - </para> -<!--h3--></section> - - <section role="h3" id="QpidJavaFAQ-Whyaremytransientmessagesbeingsoslow-3F"><title> - Why are - my transient messages being so slow? - </title> - - <para> - You should check that you aren't sending persistent messages, - this is the default. If you want to send transient messages you - must explicitly set this option when instantiating your - MessageProducer or on the send() method. - </para> -<!--h3--></section> - - <section role="h3" id="QpidJavaFAQ-Whydoesmyproducerfillupthebrokerwithmessages-3F"><title> - Why - does my producer fill up the broker with messages? - </title> - - <para> - Switch on producer flow control to prevent temporary spikes in - message production over-filling the broker. - - Of course, if the long-term rate of message production exceeds - the rate of message - consumption then that is an architectural problem that can only - be temporarily mitigated by producer flow control. - </para> -<!--h3--></section> - - <section role="h3" id="QpidJavaFAQ-ThebrokerkeepsthrowinganOutOfMemoryexception-3F"><title> - The - broker keeps throwing an OutOfMemory exception? - </title> - - <para> - The broker can no longer store any more messages in memory. This - is particular evident if you are using the MemoryMessageStore. To - alleviate this issue you should ensure that your clients are - consuming all the messages from the broker. - </para><para> - You may also want to increase the memory allowance to the broker - though this will only delay the exception if you are publishing - messages faster than you are consuming. See <xref linkend="qpid_Java-Environment-Variables"/> for - details of changing the memory settings. - </para> -<!--h3--></section> - - <section role="h3" id="QpidJavaFAQ-WhyamIgettingabrokersideexceptionwhenItrytopublishtoaqueueoratopic-3F"><title> - Why am I getting a broker side exception when I try to - publish to a queue or a topic ? - </title> - - <para> - If you get a stack trace like this when you try to publish, then - you may have typo'd the exchange type in your queue or topic - declaration. Open your virtualhosts.xml and check that the - </para> - <programlisting> -<exchange>amq.direct</exchange> -</programlisting> - - <programlisting> -2009-01-12 15:26:27,957 ERROR [pool-11-thread-2] protocol.AMQMinaProtocolSession (AMQMinaProtocolSession.java:365) - Unexpected exception while processing frame. Closing connection. -java.lang.NullPointerException - at org.apache.qpid.server.security.access.PrincipalPermissions.authorise(PrincipalPermissions.java:398) - at org.apache.qpid.server.security.access.plugins.SimpleXML.authorise(SimpleXML.java:302) - at org.apache.qpid.server.handler.QueueBindHandler.methodReceived(QueueBindHandler.java:111) - at org.apache.qpid.server.handler.ServerMethodDispatcherImpl.dispatchQueueBind(ServerMethodDispatcherImpl.java:498) - at org.apache.qpid.framing.amqp_8_0.QueueBindBodyImpl.execute(QueueBindBodyImpl.java:167) - at org.apache.qpid.server.state.AMQStateManager.methodReceived(AMQStateManager.java:204) - at org.apache.qpid.server.protocol.AMQMinaProtocolSession.methodFrameReceived(AMQMinaProtocolSession.java:295) - at org.apache.qpid.framing.AMQMethodBodyImpl.handle(AMQMethodBodyImpl.java:93) - at org.apache.qpid.server.protocol.AMQMinaProtocolSession.frameReceived(AMQMinaProtocolSession.java:235) - at org.apache.qpid.server.protocol.AMQMinaProtocolSession.dataBlockReceived(AMQMinaProtocolSession.java:191) - at org.apache.qpid.server.protocol.AMQPFastProtocolHandler.messageReceived(AMQPFastProtocolHandler.java:244) - at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703) - at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362) - at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54) - at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800) - at org.apache.qpid.pool.PoolingFilter.messageReceived(PoolingFilter.java:371) - at org.apache.mina.filter.ReferenceCountingIoFilter.messageReceived(ReferenceCountingIoFilter.java:96) - at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362) - at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54) - at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800) - at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimpleProtocolDecoderOutput.java:60) - at org.apache.mina.filter.codec.QpidProtocolCodecFilter.messageReceived(QpidProtocolCodecFilter.java:174) - at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362) - at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54) - at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800) - at org.apache.qpid.pool.Event$ReceivedEvent.process(Event.java:86) - at org.apache.qpid.pool.Job.processAll(Job.java:110) - at org.apache.qpid.pool.Job.run(Job.java:149) - at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885) - at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907) - at java.lang.Thread.run(Thread.java:619) -</programlisting> -<!--h3--></section> - - <section role="h3" id="QpidJavaFAQ-WhyistherealotofAnonymousIoServicethreads"><title> - Why - is there a lot of AnonymousIoService threads - </title> - - <para> - These threads are part of the thread pool used by Mina to process - the socket. In the future we may provide tuning guidelines but at - this point we have seen no performance implications from the - current configuration. As the threads are part of a pool they - should remain inactive until required. - </para> -<!--h3--></section> - - <section role="h3" id="QpidJavaFAQ--22unabletocertifytheprovidedSSLcertificateusingthecurrentSSLtruststore-22whenconnectingtheManagementConsoletothebroker."><title> - "unable to certify the provided SSL certificate using the - current SSL trust store" when connecting the Management Console - to the broker. - </title> - - <para> - You have not configured the console's SSL trust store properly, - see <xref linkend="qpid_Management-Console-Security"/> for - more details. - </para> -<!--h3--></section> - - <section role="h3" id="QpidJavaFAQ-CanauseTCPKEEPALIVEorAMQPheartbeatingtokeepmyconnectionopen-3F"><title> - Can a use TCP_KEEPALIVE or AMQP heartbeating to keep my - connection open? - </title> - - <para> - See <xref linkend="qpid_Configure-Broker-and-Client-Heartbeating"/> - </para> - -<!--h3--></section> -<!--h2--></section> - - - -</section> diff --git a/doc/book/src/java-broker/Qpid-Management-Features.xml b/doc/book/src/java-broker/Qpid-Management-Features.xml deleted file mode 100644 index c90d7e97c6..0000000000 --- a/doc/book/src/java-broker/Qpid-Management-Features.xml +++ /dev/null @@ -1,185 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!-- - - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - ---> - -<section> - <title> - Qpid Management Features - </title> - <para> - <emphasis>Management tool:</emphasis> See our <xref linkend="qpid_Qpid-JMX-Management-Console"/> for - details of how to use various console options with the Qpid - management features. - </para> - <para> - The management of QPID is categorised into following types- - </para> - <orderedlist> - <listitem><para>Exchange - </para></listitem> - <listitem><para>Queue - </para></listitem> - <listitem><para>Connection - </para></listitem> - <listitem><para>Broker - </para></listitem> - </orderedlist> - <para> - <emphasis>1) Managing and Monitoring Exchanges</emphasis>: Following is - the list of features, which we can have available for managing - and monitoring an Exchange running on a Qpid Server Domain- - </para> - <orderedlist> - <listitem><para>Displaying the following information for monitoring purpose- - <orderedlist> - <listitem><para>The list of queues bound to the exchange along with the - routing keys. - </para></listitem> - <listitem><para> - General Exchange properties(like name, - durable etc). - </para></listitem> - </orderedlist> - </para></listitem> - <listitem><para> - Binding an existing queue with the - exchange. - </para></listitem> - </orderedlist> - <para> - <emphasis>2) Managing and Monitoring - Queues</emphasis>: Following are the - features, which we can have for a Queue on a Qpid Server - Domain- - </para> - <orderedlist> - <listitem><para> - Displaying the following information about - the queue for monitoring purpose- - <orderedlist> - <listitem><para> - General Queue properties(like name, - durable, etc.) - </para></listitem> - <listitem><para> - The maximum size of a message that can - be accepted from the message producer. - </para></listitem> - <listitem><para> - The number of the active consumers - accessing the Queue. - </para></listitem> - <listitem><para> - The total number of - consumers (Active and Suspended). - </para></listitem> - <listitem><para> - The number of undelivered messages - in the Queue. - </para></listitem> - <listitem><para> - The total number of messages received - on the Queue since startup. - </para></listitem> - <listitem><para> - The maximum number of bytes for - the Queue that can be stored on the Server. - </para></listitem> - <listitem><para>The maximum number of messages for the Queue that can be - stored on the Server. - </para></listitem> - </orderedlist> - </para></listitem> - <listitem><para> - Viewing the messages on the Queue. - </para></listitem> - <listitem><para> - Deleting message from top of the - Queue. - </para></listitem> - <listitem><para> - Clearing the Queue. - </para></listitem> - <listitem><para> - Browsing the DeadMessageQueue - Messages - which are expired or undelivered because of some reason are - routed to the DeadMessageQueue. This queue can not be - deleted. [Note: The is open because it depends on how - these kind of messages will be handeled?] - </para></listitem> - </orderedlist> - <para> - <emphasis>3) Managing and Monitoring - Connections</emphasis>: Following are the - features, which we can have for a connection on a QPID - Server Domain- - </para> - <orderedlist> - <listitem><para> - Displaying general connection - properties(like remote address, etc.). - </para></listitem> - <listitem><para>Setting maximum number of channels allowed for a - connection. - </para></listitem> - <listitem><para>View all related channels and channel properties. - </para></listitem> - <listitem><para>Closing a channel. - </para></listitem> - <listitem><para>Commit or Rollback transactions of a channel, if the channel - is transactional. - </para></listitem> - <listitem><para>Notification for exceeding the maximum number of - channels. - </para></listitem> - <listitem><para>Dropping a connection. - </para></listitem> - <listitem><para>The work for <xref linkend="qpid_Network-IO-Interface"/> implies that - there are potentially some additional requirements - <orderedlist> - <listitem><para>Alert when tcp flow control kicks in - </para></listitem> - <listitem><para>Information available about current memory usage - available through JMX interface - </para></listitem> - <listitem><para>Dynamic removal of buffer bounds? (fundamentally not - possible with TransportIO) - </para></listitem> - <listitem><para>Management functionality added to JMX interface - UI - changes? - </para></listitem> - </orderedlist> - </para></listitem> - </orderedlist> - <para> - <emphasis>4) Managing the Broker</emphasis>: Features for the Broker- - </para> - <orderedlist> - <listitem><para>Creating an Exchange. - </para></listitem> - <listitem><para>Unregistering an Exchange. - </para></listitem> - <listitem><para>Creating a Queue. - </para></listitem> - <listitem><para>Deleting a Queue. - </para></listitem> - </orderedlist> -</section> diff --git a/doc/book/src/java-broker/Qpid-Troubleshooting-Guide.xml b/doc/book/src/java-broker/Qpid-Troubleshooting-Guide.xml deleted file mode 100644 index 0920f18798..0000000000 --- a/doc/book/src/java-broker/Qpid-Troubleshooting-Guide.xml +++ /dev/null @@ -1,156 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!-- - - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - ---> - -<section id="Qpid-Troubleshooting-Guide"> - - <title> - Qpid Troubleshooting Guide - </title> - - <section role="h2" id="QpidTroubleshootingGuide-I-27mgettingajava.lang.UnsupportedClassVersionErrorwhenItrytostartthebroker.Whatdoesthismean-3F"><title> - I'm getting a java.lang.UnsupportedClassVersionError when I - try to start the broker. What does this mean ? - </title> - - <para> - The QPID broker requires JDK 1.5 or later. If you're seeing this - exception you don't have that version in your path. Set JAVA_HOME - to the correct version and ensure the bin directory is on your - path. - </para><para> - java.lang.UnsupportedClassVersionError: - org/apache/qpid/server/Main (Unsupported major.minor version - 49.0) - at - java.lang.ClassLoader.defineClass(Ljava.lang.String;[BIILjava.security.ProtectionDomain;)Ljava.lang.Class;(Unknown - Source) - at - java.security.SecureClassLoader.defineClass(Ljava.lang.String;[BIILjava.security.CodeSource;)Ljava.lang.Class;(SecureClassLoader.java:123) - - at - java.net.URLClassLoader.defineClass(Ljava.lang.String;Lsun.misc.Resource;)Ljava.lang.Class;(URLClassLoader.java:251) - - at - java.net.URLClassLoader.access$100(Ljava.net.URLClassLoader;Ljava.lang.String;Lsun.misc.Resource;)Ljava.lang.Class;(URLClassLoader.java:55) - - at java.net.URLClassLoader$1.run()Ljava.lang.Object; - (URLClassLoader.java:194) - at - jrockit.vm.AccessController.do_privileged_exc(Ljava.security.PrivilegedExceptionAction;Ljava.security.AccessControlContext;I)Ljava.lang.Object;(Unknown - Source) - at - jrockit.vm.AccessController.doPrivileged(Ljava.security.PrivilegedExceptionAction;Ljava.security.AccessControlContext;)Ljava.lang.Object;(Unknown - Source) - at - java.net.URLClassLoader.findClass(Ljava.lang.String;)Ljava.lang.Class;(URLClassLoader.java:187) - - at - java.lang.ClassLoader.loadClass(Ljava.lang.String;Z)Ljava.lang.Class; - (Unknown Source) - at - sun.misc.Launcher$AppClassLoader.loadClass(Ljava.lang.String;Z)Ljava.lang.Class;(Launcher.java:274) - - at - java.lang.ClassLoader.loadClass(Ljava.lang.String;)Ljava.lang.Class; - - (Unknown Source) - at - java.lang.ClassLoader.loadClassFromNative(II)Ljava.lang.Class; - - (Unknown Source) - </para> - -<!--h2--></section> - - <section role="h2" id="QpidTroubleshootingGuide-I-27mhavingaproblembindingtotherequiredhost-3Aportatbrokerstartup-3F"><title> - I'm having a problem binding to the required host:port at - broker startup ? - </title> - <para> - This error probably indicates that another process is using the - port you the broker is trying to listen on. If you haven't - amended the default configuration this will be 5672. To check - what process is using the port you can use 'netstat -an |grep - 5672'. - </para><para> - To change the port your broker uses, either edit the config.xml - you are using. You can specify an alternative config.xml from the - one provided in /etc by using the -c flag i.e. qpid-server -c - <my config file path>. - </para><para> - You can also amend the port more simply using the -p option to - qpid-server i.e. qpid-server -p <my port number' - </para> -<!--h2--></section> - - <section role="h2" id="QpidTroubleshootingGuide-I-27mhavingproblemswithmyclasspath.HowcanIensurethatmyclasspathisok-3F"><title> - I'm having problems with my classpath. How can I ensure that - my classpath is ok ? - </title> - <para> - When you are running the broker the classpath is taken care of - for you, via the manifest entries in the launch jars that the - qpid-server configuration file adds to the classpath. - </para><para> - However, if you are running your own client code and experiencing - classspath errors you need to ensure that the client-launch.jar - from the installed Qpid lib directory is on your classpath. The - manifest for this jar includes the common-launch.jar, and thus - all the code you need to run a client application. - </para> - </section> - - <section role="h2" id="QpidTroubleshootingGuide-Ican-27tgetthebrokertostart.HowcanIdiagnosetheproblem-3F"><title> - I can't get the broker to start. How can I diagnose the - problem ? - </title> - <para> - Firstly have a look at the broker log file - either on stdout or - in $QPID_WORK/log/qpid.log or in $HOME/log/qpid.log if you - haven't set QPID_WORK. - </para><para> - You should see the problem logged in here via log4j and a stack - trace. Have a look at the other entries on this page for common - problems. If the log file includes a line like: - </para><para> - "2006-10-13 09:58:14,672 INFO [main] server.Main (Main.java:343) - - Qpid.AMQP listening on non-SSL address 0.0.0.0/0.0.0.0:5672" - </para><para> - ... then you know the broker started up. If not, then it didn't. - </para> -<!--h2--></section> - - <section role="h2" id="QpidTroubleshootingGuide-WhenItrytosendmessagestoaqueueI-27mgettingaerrorasthequeuedoesnotexist.WhatcanIdo-3F"><title> - When I try to send messages to a queue I'm getting a error as - the queue does not exist. What can I do ? - </title> - <para> - In Qpid queues need a consumer before they really exist, unless - you have used the virtualhosts.xml file to specify queues which - should always be created at broker startup. If you don't want to - use this config, then simply ensure that you consume first from - queue before staring to publish to it. See the entry on our - <xref linkend="qpid_Qpid-Java-FAQ"/> for more details of using the virtualhosts.xml route. - </para> -<!--h2--></section> - -</section> diff --git a/doc/book/src/java-broker/Topic-Configuration.xml b/doc/book/src/java-broker/Topic-Configuration.xml deleted file mode 100644 index 1f73bbd7a4..0000000000 --- a/doc/book/src/java-broker/Topic-Configuration.xml +++ /dev/null @@ -1,107 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!-- - - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - ---> - -<section> - <title>Topic Configuration on Java Broker</title> - - <para>New in 0.8 is the ability to define configuration for topics. Currently this is limited to - configuration for slow consumer detection. This configuration is based on the work - designed on the <ulink - url="http://cwiki.apache.org/confluence/display/qpid/Topic+Configuration+Design">design - wiki</ulink>.</para> - - <section id="Topic Identification"> - <title>Topic Identification</title> - <para>A configuration section has two entries that can be used to identify how the - configuration will be applied: 'name' and 'subscriptionName'. - - <programlisting> - <topic> - <name>stocks.us</name> - </programlisting> - <programlisting> - <topic> - <subscriptionName>clientid:mysubscription</subscriptionName> - </programlisting> - - It is also possible to combine these two identifiers to specify a unique subscription to - a given topic. - - <programlisting> - <topic> - <name>stocks.us</name> - <subscriptionName>clientid:mysubscription</subscriptionName> - </programlisting> - </para> - </section> - - <section> - <title>Configuration Items</title> - <para> Currently only one element of the designed configuration is processed, that of the - slow consumer detection. This is setup as below using the 'slow-consumer-detection' - element. There are two required types of tag, first the trigger, which is one of - 'depth', 'messageAge' or 'messageCount' and secondly the 'policy'. </para> - <programlisting> - <slow-consumer-detection> - <!-- The maximum depth before which the policy will be applied--> - <depth>4235264</depth> - - <!-- The maximum message age before which the policy will be applied--> - <messageAge>600000</messageAge> - - <!-- The maximum number of message before which the policy will be applied--> - <messageCount>50</messageCount> - - <!-- Policy Selection --> - <policy name="TopicDelete"/> - </slow-consumer-detection> - </programlisting> - - <para> The trigger is used to determine when the policy should be applied. Currently we have - a simple policy 'topicdelete', this will disconnect consumers of topics where their - consumption rate falls sufficiently to hit one of the trigger values. </para> - </section> - - - <section id="Limitiations"> - <title>Limitiations</title> - <para> As of 0.8 the topic configuration is limited to straight string matching. This means - that given the following two topic configuring sections for 'stocks.us' and 'stocks.*' a - subscription for 'stocks.uk' will not match the expected 'stocks.*'. Nor will any - additional configuration listed in 'stocks.*' affect any 'stocks.us' subscriptions. </para> - <programlisting> - <topics> - <topic> - <name>stocks.us</name> - ... - </topic> - <topic> - <name>stocks.*</name> - ... - </topic> - </topics> - </programlisting> - <para> A subscription for 'stocks.us' will only receive configuration settings that are - defined in the 'stocks.us' section. </para> - </section> - -</section> diff --git a/doc/book/src/java-broker/commonEntities.xml b/doc/book/src/java-broker/commonEntities.xml new file mode 100644 index 0000000000..a53440a467 --- /dev/null +++ b/doc/book/src/java-broker/commonEntities.xml @@ -0,0 +1,39 @@ +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<!ENTITY qpidDownloadUrl "http://qpid.apache.org/download.html"> +<!ENTITY qpidProgrammingBook "../../Programming-In-Apache-Qpid/html/"> +<!ENTITY qpidCppBook "../../AMQP-Messaging-Broker-CPP-Book/html/"> + +<!ENTITY qpidCurrentRelease "0.21"> + +<!-- Oracle javadoc --> +<!ENTITY oracleJdkDocUrl "http://oracle.com/javase/6/docs/api/"> +<!ENTITY oracleJeeDocUrl "http://docs.oracle.com/javaee/6/api/"> +<!ENTITY oracleKeytool "http://docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html"> + +<!-- Oracle BDB JE--> +<!ENTITY oracleJeDownloadUrl "http://www.oracle.com/technetwork/products/berkeleydb/downloads/index.html?ssSourceSiteId=ocomen"> +<!ENTITY oracleBdbProductOverviewUrl "http://www.oracle.com/technetwork/products/berkeleydb/overview/index-093405.html"> +<!ENTITY oracleBdbRepGuideUrl "http://oracle.com/cd/E17277_02/html/ReplicationGuide/"> +<!ENTITY oracleBdbJavaDocUrl "http://docs.oracle.com/cd/E17277_02/html/java/"> +<!ENTITY oracleBdbProductVersion "5.0.58"> + diff --git a/doc/book/src/java-broker/images/3113098.png b/doc/book/src/java-broker/images/3113098.png Binary files differdeleted file mode 100644 index 7de85030c6..0000000000 --- a/doc/book/src/java-broker/images/3113098.png +++ /dev/null diff --git a/doc/book/src/java-broker/images/3113099.png b/doc/book/src/java-broker/images/3113099.png Binary files differdeleted file mode 100644 index fb6fc65d73..0000000000 --- a/doc/book/src/java-broker/images/3113099.png +++ /dev/null diff --git a/doc/book/src/java-broker/images/3113100.png b/doc/book/src/java-broker/images/3113100.png Binary files differdeleted file mode 100644 index a7d727b854..0000000000 --- a/doc/book/src/java-broker/images/3113100.png +++ /dev/null diff --git a/doc/book/src/java-broker/images/3113101.png b/doc/book/src/java-broker/images/3113101.png Binary files differdeleted file mode 100644 index 30731277c2..0000000000 --- a/doc/book/src/java-broker/images/3113101.png +++ /dev/null diff --git a/doc/book/src/java-broker/images/3113102.png b/doc/book/src/java-broker/images/3113102.png Binary files differdeleted file mode 100644 index f150a21b10..0000000000 --- a/doc/book/src/java-broker/images/3113102.png +++ /dev/null diff --git a/doc/book/src/java-broker/images/3113103.png b/doc/book/src/java-broker/images/3113103.png Binary files differdeleted file mode 100644 index a91efb4306..0000000000 --- a/doc/book/src/java-broker/images/3113103.png +++ /dev/null diff --git a/doc/book/src/java-broker/images/3113104.png b/doc/book/src/java-broker/images/3113104.png Binary files differdeleted file mode 100644 index c5ef12d8b1..0000000000 --- a/doc/book/src/java-broker/images/3113104.png +++ /dev/null diff --git a/doc/book/src/java-broker/images/3113105.png b/doc/book/src/java-broker/images/3113105.png Binary files differdeleted file mode 100644 index b155f9d9a1..0000000000 --- a/doc/book/src/java-broker/images/3113105.png +++ /dev/null diff --git a/doc/book/src/java-broker/images/3113106.png b/doc/book/src/java-broker/images/3113106.png Binary files differdeleted file mode 100644 index 22bcdd084e..0000000000 --- a/doc/book/src/java-broker/images/3113106.png +++ /dev/null diff --git a/doc/book/src/java-broker/images/3113107.png b/doc/book/src/java-broker/images/3113107.png Binary files differdeleted file mode 100644 index cf5dd97e89..0000000000 --- a/doc/book/src/java-broker/images/3113107.png +++ /dev/null diff --git a/doc/book/src/java-broker/images/3113108.png b/doc/book/src/java-broker/images/3113108.png Binary files differdeleted file mode 100644 index c0e5eafde2..0000000000 --- a/doc/book/src/java-broker/images/3113108.png +++ /dev/null diff --git a/doc/book/src/java-broker/images/3113109.png b/doc/book/src/java-broker/images/3113109.png Binary files differdeleted file mode 100644 index 139d81d849..0000000000 --- a/doc/book/src/java-broker/images/3113109.png +++ /dev/null diff --git a/doc/book/src/java-broker/images/3113110.png b/doc/book/src/java-broker/images/3113110.png Binary files differdeleted file mode 100644 index 2207f15cd7..0000000000 --- a/doc/book/src/java-broker/images/3113110.png +++ /dev/null diff --git a/doc/book/src/java-broker/images/3113111.png b/doc/book/src/java-broker/images/3113111.png Binary files differdeleted file mode 100644 index 5737f41caf..0000000000 --- a/doc/book/src/java-broker/images/3113111.png +++ /dev/null diff --git a/doc/book/src/java-broker/images/3113112.png b/doc/book/src/java-broker/images/3113112.png Binary files differdeleted file mode 100644 index d9ee094ab4..0000000000 --- a/doc/book/src/java-broker/images/3113112.png +++ /dev/null diff --git a/doc/book/src/java-broker/images/3113113.png b/doc/book/src/java-broker/images/3113113.png Binary files differdeleted file mode 100644 index e80812f83c..0000000000 --- a/doc/book/src/java-broker/images/3113113.png +++ /dev/null diff --git a/doc/book/src/java-broker/images/3113114.png b/doc/book/src/java-broker/images/3113114.png Binary files differdeleted file mode 100644 index b237181150..0000000000 --- a/doc/book/src/java-broker/images/3113114.png +++ /dev/null diff --git a/doc/book/src/java-broker/images/3113115.png b/doc/book/src/java-broker/images/3113115.png Binary files differdeleted file mode 100644 index 84ad42b567..0000000000 --- a/doc/book/src/java-broker/images/3113115.png +++ /dev/null diff --git a/doc/book/src/java-broker/images/3113116.png b/doc/book/src/java-broker/images/3113116.png Binary files differdeleted file mode 100644 index 18b979792f..0000000000 --- a/doc/book/src/java-broker/images/3113116.png +++ /dev/null diff --git a/doc/book/src/java-broker/images/3113117.png b/doc/book/src/java-broker/images/3113117.png Binary files differdeleted file mode 100644 index 3b33ef67ac..0000000000 --- a/doc/book/src/java-broker/images/3113117.png +++ /dev/null diff --git a/doc/book/src/java-broker/images/3113118.png b/doc/book/src/java-broker/images/3113118.png Binary files differdeleted file mode 100644 index 60451f88cf..0000000000 --- a/doc/book/src/java-broker/images/3113118.png +++ /dev/null diff --git a/doc/book/src/java-broker/images/3113119.png b/doc/book/src/java-broker/images/3113119.png Binary files differdeleted file mode 100644 index 16ded074bd..0000000000 --- a/doc/book/src/java-broker/images/3113119.png +++ /dev/null diff --git a/doc/book/src/java-broker/images/HA-BDBHAMessageStore-MBean-jconsole.png b/doc/book/src/java-broker/images/HA-BDBHAMessageStore-MBean-jconsole.png Binary files differindex 6caaacb1e1..29d5494746 100644 --- a/doc/book/src/java-broker/images/HA-BDBHAMessageStore-MBean-jconsole.png +++ b/doc/book/src/java-broker/images/HA-BDBHAMessageStore-MBean-jconsole.png diff --git a/doc/book/src/java-broker/images/Management-Web-Console.png b/doc/book/src/java-broker/images/Management-Web-Console.png Binary files differnew file mode 100644 index 0000000000..c752adec3b --- /dev/null +++ b/doc/book/src/java-broker/images/Management-Web-Console.png diff --git a/doc/book/src/programming/Programming-In-Apache-Qpid-Book.xml b/doc/book/src/programming/Programming-In-Apache-Qpid.xml index fd32f42f2e..e2f6d8756c 100644 --- a/doc/book/src/programming/Programming-In-Apache-Qpid-Book.xml +++ b/doc/book/src/programming/Programming-In-Apache-Qpid.xml @@ -3087,6 +3087,22 @@ spout - -content "$(cat rdu.xml | sed -e 's/70/45/')" xml/weather </para> </entry> </row> + <row> + <entry> + ssl + </entry> + <entry> + boolean + </entry> + <entry> + <para> + If <literal>ssl='true'</literal>, use SSL for all broker connections. Overrides any per-broker settings in the brokerlist (see below) entries. If not specified, the brokerlist entry for each given broker is used to determine whether SSL is used. + </para> + <para> + Introduced in version 0.22. + </para> + </entry> + </row> </tbody> </tgroup> </table> @@ -3237,6 +3253,7 @@ spout - -content "$(cat rdu.xml | sed -e 's/70/45/')" xml/weather trust_store_password </entry> <entry> + -- </entry> <entry> Trust store password @@ -3247,6 +3264,7 @@ spout - -content "$(cat rdu.xml | sed -e 's/70/45/')" xml/weather key_store </entry> <entry> + -- </entry> <entry> path to key store @@ -3271,7 +3289,9 @@ spout - -content "$(cat rdu.xml | sed -e 's/70/45/')" xml/weather Boolean </entry> <entry> - If <literal>ssl='true'</literal>, the JMS client will encrypt the connection using SSL. + <para>If <literal>ssl='true'</literal>, the JMS client will encrypt the connection to this broker using SSL.</para> + + <para>This can also be set/overridden for all brokers using the <link linkend="section-jms-connection-url">Connection URL</link> options.</para> </entry> </row> <row> @@ -3292,7 +3312,7 @@ spout - -content "$(cat rdu.xml | sed -e 's/70/45/')" xml/weather ssl_cert_alias </entry> <entry> - + -- </entry> <entry> If multiple certificates are present in the keystore, the alias will be used to extract the correct certificate. |
