How to Peek inside your ActiveMQ Server
This post describes steps that can be taken for sysadmins to peek inside an ActiveMQ server. We assume root capability, otherwise we need a user which has access to ActiveMQ configuration files.
We got a java process running ActiveMQ :
[root@broker ~]# ps auxw | grep activemq
activemq 1236 0.1 0.0 19124 696 ? Sl 07:00 0:02 /usr/lib/activemq/linux/wrapper /etc/activemq/wrapper.conf wrapper.syslog.ident=ActiveMQ wrapper.pidfile=/var/run/activemq//ActiveMQ.pid wrapper.daemonize=TRUE wrapper.lockfile=/var/lock/subsys/ActiveMQ
activemq 1243 3.2 12.2 2016568 125264 ? Sl 07:00 1:06 java -Dactivemq.home=/usr/share/activemq -Dactivemq.base=/usr/share/activemq -Djavax.net.ssl.keyStorePassword=password -Djavax.net.ssl.trustStorePassword=password -Djavax.net.ssl.keyStore=/usr/share/activemq/conf/broker.ks -Djavax.net.ssl.trustStore=/usr/share/activemq/conf/broker.ts -Dcom.sun.management.jmxremote -Dorg.apache.activemq.UseDedicatedTaskRunner=true -Djava.util.logging.config.file=logging.properties -Dactivemq.conf=/usr/share/activemq/conf -Dactivemq.data=/usr/share/activemq/data -Xmx1024m -Djava.library.path=/usr/share/activemq/bin/linux-x86-64/ -classpath /usr/share/activemq/bin/wrapper.jar:/usr/share/activemq/bin/activemq.jar -Dwrapper.key=zvZTrwPTV6sBMrMd -Dwrapper.port=32000 -Dwrapper.jvm.port.min=31000 -Dwrapper.jvm.port.max=31999 -Dwrapper.pid=1236 -Dwrapper.version=3.2.3 -Dwrapper.native_library=wrapper -Dwrapper.service=TRUE -Dwrapper.cpu.timeout=10 -Dwrapper.jvmid=1 org.tanukisoftware.wrapper.WrapperSimpleApp org.apache.activemq.console.Main start
root 10249 0.0 0.0 103244 860 pts/0 S+ 07:35 0:00 grep activemq
From the result above, we know that the configuration file is in /usr/share/activemq/conf
find the jetty.xml part, and make sure that it is enabled.
before:
after:
Check the jetty.xml too for console's port number.
vi /usr/share/activemq/conf/jetty.xml
service activemq restart
Right next to "admin:" is the admin's password.
If the server is not your localhost, please use SSH tunneling to port forward 8161 to 127.0.0.1:8161. Otherwise, just open a browser and type http://localhost:8161/
Use the admin password we got in step 4. No, you must check your own admin password, I won't tell you mine.
Click on the 'Manage ActiveMQ broker'.
Click on the Connections on the top menu.
Now we see one client using Stomp connected to the activeMQ server. click on it.
The client, in this case, an Openshift Origin Node in the same VM as Broker, registered as a listener for:
Step 1. Determine running ActiveMQ process
ps auxw | grep activemqWe got a java process running ActiveMQ :
[root@broker ~]# ps auxw | grep activemq
activemq 1236 0.1 0.0 19124 696 ? Sl 07:00 0:02 /usr/lib/activemq/linux/wrapper /etc/activemq/wrapper.conf wrapper.syslog.ident=ActiveMQ wrapper.pidfile=/var/run/activemq//ActiveMQ.pid wrapper.daemonize=TRUE wrapper.lockfile=/var/lock/subsys/ActiveMQ
activemq 1243 3.2 12.2 2016568 125264 ? Sl 07:00 1:06 java -Dactivemq.home=/usr/share/activemq -Dactivemq.base=/usr/share/activemq -Djavax.net.ssl.keyStorePassword=password -Djavax.net.ssl.trustStorePassword=password -Djavax.net.ssl.keyStore=/usr/share/activemq/conf/broker.ks -Djavax.net.ssl.trustStore=/usr/share/activemq/conf/broker.ts -Dcom.sun.management.jmxremote -Dorg.apache.activemq.UseDedicatedTaskRunner=true -Djava.util.logging.config.file=logging.properties -Dactivemq.conf=/usr/share/activemq/conf -Dactivemq.data=/usr/share/activemq/data -Xmx1024m -Djava.library.path=/usr/share/activemq/bin/linux-x86-64/ -classpath /usr/share/activemq/bin/wrapper.jar:/usr/share/activemq/bin/activemq.jar -Dwrapper.key=zvZTrwPTV6sBMrMd -Dwrapper.port=32000 -Dwrapper.jvm.port.min=31000 -Dwrapper.jvm.port.max=31999 -Dwrapper.pid=1236 -Dwrapper.version=3.2.3 -Dwrapper.native_library=wrapper -Dwrapper.service=TRUE -Dwrapper.cpu.timeout=10 -Dwrapper.jvmid=1 org.tanukisoftware.wrapper.WrapperSimpleApp org.apache.activemq.console.Main start
root 10249 0.0 0.0 103244 860 pts/0 S+ 07:35 0:00 grep activemq
Step 2. Determine whether ActiveMQ console are enabled
vi /usr/share/activemq/conf/activemq.xmlfind the jetty.xml part, and make sure that it is enabled.
before:
after:
Check the jetty.xml too for console's port number.
vi /usr/share/activemq/conf/jetty.xml
Step 3. If we had changed activemq.xml, restart it
service activemq restart
Step 4. Obtain admin password
vi /usr/share/activemq/conf/jetty-realm.propertiesRight next to "admin:" is the admin's password.
Step 5. Finally, we could browse to localhost port 8161
If the server is not your localhost, please use SSH tunneling to port forward 8161 to 127.0.0.1:8161. Otherwise, just open a browser and type http://localhost:8161/
Use the admin password we got in step 4. No, you must check your own admin password, I won't tell you mine.
http://localhost:8161/ |
home |
Now we see one client using Stomp connected to the activeMQ server. click on it.
The client, in this case, an Openshift Origin Node in the same VM as Broker, registered as a listener for:
- Queue mcollective.nodes
- Topic mcollective.discovery.agent
- Topic mcollective.mcollective.agent
- Topic mcollective.rpcutil.agent
- Topic mcollective.openshift.agent
Summary
In this post, I have shown how to enable ActiveMQ web console in an ActiveMQ server configuration, and using the ActiveMQ web console to examine a client connecting to the server.
Comments