HI Matt,
I updated the configs as below,
Activemq.xml:
<managementContext>
<managementContext createConnector="false"/>
</managementContext>
Added the below parameter in activemq: env file:
ACTIVEMQ_SUNJMX_CONTROL="-Dcom.sun.management.jmxremote.port=5014
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.password.file=$ACTIVEMQ_BASE/conf/jmx.password
-Dcom.sun.management.jmxremote.access.file=$ACTIVEMQ_BASE/conf/jmx.access”
Observations:
1. Port 5014 is not listening when the broker is started.
2. I see the below message when the broker is stopped
INFO: failed to resolve jmxUrl for pid:946, using default JMX url
Connecting to JMX URL: service:jmx:rmi:///jndi/rmi://localhost:1099/jmxrmi
.INFO: Broker not available at:
service:jmx:rmi:///jndi/rmi://localhost:1099/jmxrmi
Please let me know if I am doing something incorrectly.
BR/Kashyap.
> On 08-Nov-2022, at 12:26 AM, Matt Pavlovich <[email protected]> wrote:
>
> Hello Manjunath-
>
> Looks like you are creating multiple JMX connectors (one is JVM default, the
> other is ActiveMQ creating one per your non-default configuration). ActiveMQ
> does not need a dedicated connector, so you can modify the <managementContext
> createConnector=“false” /> and just use the -D parameters.
>
> ref: https://activemq.apache.org/jmx <https://activemq.apache.org/jmx>
>
> Thanks,
> Matt Pavlovich
>
>> On Nov 7, 2022, at 12:21 PM, Manjunath Kashyap <[email protected]>
>> wrote:
>>
>> Hi All,
>>
>> ISSUE:
>>
>> We have Installed AMQ in a MASTER/SLAVE pair for both Consumers and
>> Producers.
>> We also have installed the Web console to list all the queues using the
>> MBEAN connector.
>> AS part of this implementation, we have provided the JMX plain username and
>> password in the Catalina.sh script.
>>
>> We have been told this is a Security threat and are requested to remove the
>> Plain password from the process.The config and output is as shown below.
>>
>> activemq.xml:
>>
>> <managementContext>
>> <managementContext createConnector="true"
>> connectorPort="5014">
>> <property
>> xmlns="http://www.springframework.org/schema/beans"; name="environment">
>> <map xmlns="http://www.springframework.org/schema/beans";>
>> <entry xmlns="http://www.springframework.org/schema/beans";
>> key="jmx.remote.x.password.file"
>> value="${activemq.base}/conf/jmx.password"/>
>> <entry xmlns="http://www.springframework.org/schema/beans";
>> key="jmx.remote.x.access.file"
>> value="${activemq.base}/conf/jmx.access"/>
>> </map>
>> </property>
>> </managementContext>
>>
>>
>> Catalina.sh :
>>
>> JAVA_OPTS="$JAVA_OPTS -Dwebconsole.type=properties
>> -Dwebconsole.jms.url=failover:\(tcp://MASTER:52671,tcp://SLAVE:52671\)
>> -Dwebconsole.jmx.url=service:jmx:rmi:///jndi/rmi://MASTER:5014/jmxrmi,service:jmx:rmi:///jndi/rmi://SLAVE:5014/jmxrmi
>> -Dwebconsole.jmx.user=admin -Dwebconsole.jmx.password=*******”
>>
>>
>> The process displays the password in plain text. So to overcome this issue
>> we tried the below configuration in Catalina.sh but no luck,
>>
>> JAVA_OPTS="$JAVA_OPTS -Dwebconsole.type=properties
>> -Dwebconsole.jms.url=failover:\(tcp://MASTER:52671,tcp://SLAVE:52671\)
>> -Dwebconsole.jmx.url=service:jmx:rmi:///jndi/rmi://MASTER:5014/jmxrmi,service:jmx:rmi:///jndi/rmi://SLAVE:5014/jmxrmi
>> -Dcom.sun.management.jmxremote.ssl=false
>> -Dcom.sun.management.jmxremote.password.file=/opt/sncr/product/ActiveMQ/DEV/AMQ_ETL_MASTER/apache-activemq-5.16.4/conf/jmx.password
>>
>> -Dcom.sun.management.jmxremote.access.file=/opt/sncr/product/ActiveMQ/DEV/AMQ_ETL_MASTER/apache-activemq-5.16.4/conf/jmx.access
>> -Dcom.sun.management.jmxremote.rmi.port=5014
>> -Dcom.sun.management.jmxremote.authenticate=true”
>>
>>
>> Question: Is there a way to hide the password in the tomcat configuration to
>> authenticate to the brokers?
>>
>>
>> Thanks,
>> Kashyap.
>
