2 xmlns="http://www.springframework.org/schema/beans"
3 xmlns:amq="http://activemq.apache.org/schema/core"
4 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
5 xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
6 http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd
7 http://activemq.apache.org/camel/schema/spring http://activemq.apache.org/camel/schema/spring/camel-spring.xsd">
9 <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
10 <property name="locations">
11 <value>file:${activemq.base}/conf/credentials.properties</value>
16 For more information about what MCollective requires in this file,
17 see http://docs.puppetlabs.com/mcollective/deploy/middleware/activemq.html
21 WARNING: The elements that are direct children of <broker> MUST BE IN
22 ALPHABETICAL ORDER. This is fixed in ActiveMQ 5.6.0, but affects
23 previous versions back to 5.4.
24 https://issues.apache.org/jira/browse/AMQ-3570
27 <!-- In a network of brokers, the brokerName attribute must be unique. -->
28 <broker xmlns="http://activemq.apache.org/schema/core" brokerName="broker1" useJmx="true" schedulePeriodForDestinationPurge="60000">
30 MCollective generally expects producer flow control to be turned off.
31 It will also generate a limitless number of single-use reply queues,
32 which should be garbage-collected after about five minutes to conserve
35 For more information, see:
36 http://activemq.apache.org/producer-flow-control.html
41 <policyEntry topic=">" producerFlowControl="false"/>
42 <policyEntry queue="*.reply.>" gcInactiveDestinations="true" inactiveTimoutBeforeGC="300000" />
48 <managementContext createConnector="false"/>
52 Configure network connectors for a network of brokers. The
53 MCollective ActiveMQ connector uses TWO bi-directional
54 connectors per link, because the short-lived reply queues
55 require conduitSubscriptions be set to false.
57 In this config, broker1 connects to both other brokers; neither
58 of the other two have a <networkConnectors> element.
61 <!-- broker1 -> broker2 -->
63 name="broker1-broker2-topics"
64 uri="static:(tcp://broker2:61616)"
68 decreaseNetworkConsumerPriority="true"
71 <excludedDestinations>
72 <queue physicalName=">" />
73 </excludedDestinations>
76 name="broker1-broker2-queues"
77 uri="static:(tcp://broker2:61616)"
81 decreaseNetworkConsumerPriority="true"
84 conduitSubscriptions="false">
85 <excludedDestinations>
86 <topic physicalName=">" />
87 </excludedDestinations>
90 <!-- broker1 -> broker3 -->
92 name="broker1-broker3-topics"
93 uri="static:(tcp://broker3:61616)"
97 decreaseNetworkConsumerPriority="true"
100 <excludedDestinations>
101 <queue physicalName=">" />
102 </excludedDestinations>
105 name="broker1-broker3-queues"
106 uri="static:(tcp://broker3:61616)"
110 decreaseNetworkConsumerPriority="true"
113 conduitSubscriptions="false">
114 <excludedDestinations>
115 <topic physicalName=">" />
116 </excludedDestinations>
121 Configure message persistence for the broker. MCollective only
122 requires this in a network of brokers, where it's used to prevent
125 The default persistence mechanism is the KahaDB store (identified by
126 the kahaDB tag). For more information, see:
128 http://activemq.apache.org/persistence.html
131 <kahaDB directory="${activemq.base}/data/kahadb"/>
132 </persistenceAdapter>
135 <statisticsBrokerPlugin/>
138 This configures the users and groups used by this broker. Groups
139 are referenced below, in the write/read/admin attributes
140 of each authorizationEntry element.
142 <simpleAuthenticationPlugin>
144 <authenticationUser username="amq" password="secret" groups="admins,everyone"/>
145 <authenticationUser username="mcollective" password="marionette" groups="mcollective,everyone"/>
146 <authenticationUser username="admin" password="secret" groups="mcollective,admins,everyone"/>
148 </simpleAuthenticationPlugin>
151 Configure which users are allowed to read and write where. Permissions
152 are organized by group; groups are configured above, in the
153 authentication plugin.
155 With the rules below, both servers and admin users belong to group
156 mcollective, which can both issue and respond to commands. For an
157 example that splits permissions and doesn't allow servers to issue
159 http://docs.puppetlabs.com/mcollective/deploy/middleware/activemq.html#detailed-restrictions
161 <authorizationPlugin>
164 <authorizationEntries>
165 <authorizationEntry queue=">" write="admins" read="admins" admin="admins" />
166 <authorizationEntry topic=">" write="admins" read="admins" admin="admins" />
167 <authorizationEntry topic="mcollective.>" write="mcollective" read="mcollective" admin="mcollective" />
168 <authorizationEntry queue="mcollective.>" write="mcollective" read="mcollective" admin="mcollective" />
170 The advisory topics are part of ActiveMQ, and all users need access to them.
171 The "everyone" group is not special; you need to ensure every user is a member.
173 <authorizationEntry topic="ActiveMQ.Advisory.>" read="everyone" write="everyone" admin="everyone"/>
174 </authorizationEntries>
177 </authorizationPlugin>
181 The systemUsage controls the maximum amount of space the broker will
182 use for messages. For more information, see:
183 http://docs.puppetlabs.com/mcollective/deploy/middleware/activemq.html#memory-and-temp-usage-for-messages-systemusage
188 <memoryUsage limit="20 mb"/>
191 <storeUsage limit="1 gb" name="foo"/>
194 <tempUsage limit="100 mb"/>
200 The transport connectors allow ActiveMQ to listen for connections over
201 a given protocol. MCollective uses Stomp, and other ActiveMQ brokers
202 use OpenWire. You'll need different URLs depending on whether you are
203 using TLS. For more information, see:
205 http://docs.puppetlabs.com/mcollective/deploy/middleware/activemq.html#transport-connectors
207 <transportConnectors>
208 <transportConnector name="openwire" uri="tcp://0.0.0.0:61616"/>
209 <transportConnector name="stomp+nio" uri="stomp+nio://0.0.0.0:61613"/>
210 <!-- If using TLS, uncomment this and comment out the previous connector:
211 <transportConnector name="stomp+ssl" uri="stomp+ssl://0.0.0.0:61614?needClientAuth=true"/>
213 </transportConnectors>
217 Enable web consoles, REST and Ajax APIs and demos.
218 It also includes Camel (with its web console); see ${ACTIVEMQ_HOME}/conf/camel.xml for more info.
220 See ${ACTIVEMQ_HOME}/conf/jetty.xml for more details.
222 <import resource="jetty.xml"/>