</property>
</bean>
+ <!--
+ For more information about what MCollective requires in this file,
+ see http://docs.puppetlabs.com/mcollective/deploy/middleware/activemq.html
+ -->
+
+ <!--
+ WARNING: The elements that are direct children of <broker> MUST BE IN
+ ALPHABETICAL ORDER. This is fixed in ActiveMQ 5.6.0, but affects
+ previous versions back to 5.4.
+ https://issues.apache.org/jira/browse/AMQ-3570
+ -->
+
+ <!-- In a network of brokers, the brokerName attribute must be unique. -->
<broker xmlns="http://activemq.apache.org/schema/core" brokerName="broker1" useJmx="true" schedulePeriodForDestinationPurge="60000">
+ <!--
+ MCollective generally expects producer flow control to be turned off.
+ It will also generate a limitless number of single-use reply queues,
+ which should be garbage-collected after about five minutes to conserve
+ memory.
+
+ For more information, see:
+ http://activemq.apache.org/producer-flow-control.html
+ -->
<destinationPolicy>
<policyMap>
<policyEntries>
<managementContext createConnector="false"/>
</managementContext>
+ <!--
+ Configure network connectors for a network of brokers. The
+ MCollective ActiveMQ connector uses TWO bi-directional
+ connectors per link, because the short-lived reply queues
+ require conduitSubscriptions be set to false.
+
+ In this config, broker1 connects to both other brokers; neither
+ of the other two have a <networkConnectors> element.
+ -->
<networkConnectors>
<!-- broker1 -> broker2 -->
<networkConnector
name="broker1-broker2-topics"
- uri="static:(tcp://broker2:6166)"
+ uri="static:(tcp://broker2:61616)"
userName="amq"
password="secret"
duplex="true"
</networkConnector>
<networkConnector
name="broker1-broker2-queues"
- uri="static:(tcp://broker2:6166)"
+ uri="static:(tcp://broker2:61616)"
userName="amq"
password="secret"
duplex="true"
<!-- broker1 -> broker3 -->
<networkConnector
name="broker1-broker3-topics"
- uri="static:(tcp://broker3:6166)"
+ uri="static:(tcp://broker3:61616)"
userName="amq"
password="secret"
duplex="true"
</networkConnector>
<networkConnector
name="broker1-broker3-queues"
- uri="static:(tcp://broker3:6166)"
+ uri="static:(tcp://broker3:61616)"
userName="amq"
password="secret"
duplex="true"
</networkConnector>
</networkConnectors>
+ <!--
+ Configure message persistence for the broker. MCollective only
+ requires this in a network of brokers, where it's used to prevent
+ duplicate messages.
+
+ The default persistence mechanism is the KahaDB store (identified by
+ the kahaDB tag). For more information, see:
+
+ http://activemq.apache.org/persistence.html
+ -->
+ <persistenceAdapter>
+ <kahaDB directory="${activemq.base}/data/kahadb"/>
+ </persistenceAdapter>
+
<plugins>
<statisticsBrokerPlugin/>
+
+ <!--
+ This configures the users and groups used by this broker. Groups
+ are referenced below, in the write/read/admin attributes
+ of each authorizationEntry element.
+ -->
<simpleAuthenticationPlugin>
<users>
<authenticationUser username="amq" password="secret" groups="admins,everyone"/>
<authenticationUser username="mcollective" password="marionette" groups="mcollective,everyone"/>
- <authenticationUser username="admin" password="secret" groups="mcollective,admin,everyone"/>
+ <authenticationUser username="admin" password="secret" groups="mcollective,admins,everyone"/>
</users>
</simpleAuthenticationPlugin>
+
+ <!--
+ Configure which users are allowed to read and write where. Permissions
+ are organized by group; groups are configured above, in the
+ authentication plugin.
+
+ With the rules below, both servers and admin users belong to group
+ mcollective, which can both issue and respond to commands. For an
+ example that splits permissions and doesn't allow servers to issue
+ commands, see:
+ http://docs.puppetlabs.com/mcollective/deploy/middleware/activemq.html#detailed-restrictions
+ -->
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntry topic=">" write="admins" read="admins" admin="admins" />
<authorizationEntry topic="mcollective.>" write="mcollective" read="mcollective" admin="mcollective" />
<authorizationEntry queue="mcollective.>" write="mcollective" read="mcollective" admin="mcollective" />
+ <!--
+ The advisory topics are part of ActiveMQ, and all users need access to them.
+ The "everyone" group is not special; you need to ensure every user is a member.
+ -->
<authorizationEntry topic="ActiveMQ.Advisory.>" read="everyone" write="everyone" admin="everyone"/>
</authorizationEntries>
</authorizationMap>
</authorizationPlugin>
</plugins>
+ <!--
+ The systemUsage controls the maximum amount of space the broker will
+ use for messages. For more information, see:
+ http://docs.puppetlabs.com/mcollective/deploy/middleware/activemq.html#memory-and-temp-usage-for-messages-systemusage
+ -->
<systemUsage>
<systemUsage>
<memoryUsage>
</systemUsage>
</systemUsage>
+ <!--
+ The transport connectors allow ActiveMQ to listen for connections over
+ a given protocol. MCollective uses Stomp, and other ActiveMQ brokers
+ use OpenWire. You'll need different URLs depending on whether you are
+ using TLS. For more information, see:
+
+ http://docs.puppetlabs.com/mcollective/deploy/middleware/activemq.html#transport-connectors
+ -->
<transportConnectors>
- <transportConnector name="openwire" uri="tcp://0.0.0.0:6166"/>
- <transportConnector name="stomp" uri="stomp://0.0.0.0:6163"/>
+ <transportConnector name="openwire" uri="tcp://0.0.0.0:61616"/>
+ <transportConnector name="stomp" uri="stomp://0.0.0.0:61613"/>
</transportConnectors>
</broker>
+
+ <!--
+ Enable web consoles, REST and Ajax APIs and demos.
+ It also includes Camel (with its web console); see ${ACTIVEMQ_HOME}/conf/camel.xml for more info.
+
+ See ${ACTIVEMQ_HOME}/conf/jetty.xml for more details.
+ -->
<import resource="jetty.xml"/>
</beans>