Chapter 4. Managing AMQ Interconnect on OpenShift Container Platform
After deploying AMQ Interconnect on OpenShift Container Platform, you can connect messaging endpoints to it, monitor the deployment, add and remove routers, and change the configuration of the routers.
4.1. Creating routes
In OpenShift Container Platform, routes expose the router mesh’s service so that external traffic can reach it (such as clients, message brokers, and routers running in different OpenShift clusters).
Procedure
-
Navigate to
. - Click .
Enter a Name for the route.
The name will be the first part of the route host name.
- If necessary, enter a Hostname and Path.
Select the Target Port.
To create a route for… Select this port… External clients or message brokers to connect to the router mesh without authentication
5672
External clients or message brokers to connect to the router mesh with authentication
5671
External routers to connect to the router mesh
55672
Accessing the web console
8672
If necessary, secure the route.
- Click Secure route.
In the TLS Termination drop-down, select Passthrough.
The route is secured using the security certificates that you created and passed to OpenShift as secrets.
Click
.The route is created.
4.2. Connecting clients to a router mesh
After deploying AMQ Interconnect on OpenShift Container Platform, the routers begin listening for client connections. Clients running in the same OpenShift cluster as the router mesh, a different cluster, or outside of OpenShift altogether can connect to the router mesh to exchange messages.
Prerequisites
If the client is in a different OpenShift cluster than the router mesh (or outside of OpenShift altogether), the service must be exposed as a route.
For more information, see Section 4.1, “Creating routes”.
Procedure
To connect a client to the router mesh, use the following connection URL syntax:
<scheme>://[<username>@]<host>[:<port>]
- <scheme>
-
For unencrypted TCP, use
amqp
. If you deployed the router mesh with SSL/TLS authentication, useamqps
. - <username>
- If you deployed the router mesh with SASL user name/password authentication, you must provide the client’s user name.
- <host>
- If the client is in the same OpenShift cluster as the router mesh, use the OpenShift service IP address. Otherwise, use the host name of the route.
- <port>
-
If you are connecting to a route, you must specify the port. Use
80
for unsecured connections, and443
for secured connections.
The following table shows some example connection URLs.
URL Description amqp://192.0.2.1
The client and router mesh are both in the same OpenShift cluster, so the service IP address is used for the connection URL.
amqps://amq-interconnect-myproject.192.0.2.1.nip.io:443
The client is outside of OpenShift, so the route host name is used for the connection URL. In this case, SSL/TLS authentication is implemented, which requires the
amqps
scheme and port443
.
4.3. Connecting to a message broker
You can connect a router mesh running in OpenShift to AMQ Broker brokers so that clients can exchange messages with brokers. You can connect to brokers that are also deployed in OpenShift, or brokers that are running outside of OpenShift.
To connect to a broker, you must add a connector to the router configuration.
Procedure
Navigate to
. The
amq-interconnect
config map contains the configuration for each router in the router mesh.-
Click
amq-interconnect
. -
Select
. In the
Value
text box, add aconnector
entity.A connector defines an outgoing connection from a router to an external AMQP container (in this case, a broker).
This example defines a connection to a broker:
connector { name: broker role: route-container host: 192.0.2.1 1 port: 61616 saslMechanisms: ANONYMOUS }
- 1
- If the broker is running in the same OpenShift cluster as the router mesh, then use the service IP address. If the broker is running in a different OpenShift cluster, then use the fully-qualified domain name of that OpenShift cluster’s route.
- Click .
To apply the changes, trigger a new deployment.
-
Navigate to
. -
Click
amq-interconnect
. Click
.A new deployment is started and becomes active.
-
Navigate to
In a terminal, run the
qdstat
command from one of the router pods to verify that the routers can connect to the broker.This example shows that the router is connected to the broker on the 192.0.2.1 host.
$ oc exec amq-interconnect-4-5qkqz -it -- qdstat -c Connections id host container role dir security authentication tenant ========================================================================================================================== 1 192.0.2.1:61616 0.0.0.0 route-container out no-security anonymous-user 6 203.0.113.10:49806 amq-interconnect-4-mshr4 inter-router in no-security anonymous-user 4 203.0.113.11:33312 amq-interconnect-4-5qkqz inter-router in no-security anonymous-user 5 203.0.113.3:40484 amq-interconnect-4-ds7lp inter-router in no-security anonymous-user 39 127.0.0.1:60678 e3c03c50-4d6d-4962-bc53-65480ab8ae0e normal in no-security no-auth
4.4. Connecting router meshes running in different OpenShift clusters
You can connect router meshes running in different OpenShift clusters. By doing this, you can create geographically distributed message routing networks that span cloud environments.
This procedure demonstrates how to connect two router meshes running in different OpenShift clusters.
Prerequisites
If you want the inter-router connections to be secure, both OpenShift clusters must contain a secret containing a private key, a certificate, and CA certificate. You do not need to use the same private key and certificates in both clusters, but they must be signed by the same CA.
For more information, see Section 2.2, “Creating secrets for SSL/TLS authentication”.
Procedure
In the first OpenShift cluster, create a route that is accessible to the second OpenShift cluster.
The route should target port 55672, and it should be secured with SSL/TLS passthrough. For more information, see Section 4.1, “Creating routes”.
In the second OpenShift cluster, create a connector to the route that you created in the previous step.
Navigate to
. The
amq-interconnect
config map contains the configuration for each router in the router mesh.-
Click
amq-interconnect
. -
Select
. In the
Value
text box, add aconnector
entity.A connector defines an outgoing connection from a router to an external AMQP container (in this case, the routers in the first OpenShift cluster).
This example defines a connection to a router running in a different OpenShift cluster:
connector { name: router role: inter-router host: first-router-mesh-myproject.192.0.2.1.nip.io 1 port: 443 sslProfile: inter_router_tls 2 verifyHostname: no }
- Click .
Start a new deployment to apply the configuration change to the routers.
-
Navigate to
. -
Click
amq-interconnect
. Click
.A new deployment is started and becomes active. The routers in the second OpenShift cluster connect to the routers in the first OpenShift cluster to form a distributed router mesh that spans OpenShift clusters.
-
Navigate to
4.5. Monitoring the router mesh using the web console
The AMQ Interconnect container image includes the Red Hat AMQ Interconnect Console, which enables you to monitor the status and performance of your router mesh.
Prerequisites
An OpenShift route that targets port 8672 (HTTP) must exist.
For more information, see Section 4.1, “Creating routes”.
Procedure
Navigate to the URL for the HTTP route.
To see a list of routes for your OpenShift cluster, navigate to
. The Red Hat AMQ Interconnect Console opens. If you deployed AMQ Interconnect using the
Red Hat AMQ Interconnect Router 1.x with TLS authentication
template, theConnect
tab is displayed.If necessary, log in to the web console.
If you deployed AMQ Interconnect using the
Red Hat AMQ Interconnect Router 1.x with TLS authentication
template, use the user name and password that you entered when you deployed the template. To find the user name and password, navigate to. The syntax for the user name is <user>@<domain> (the domain is the OpenShift application name;
amq-interconnect
is the default value). For example,admin@amq-interconnect
.Use the tabs to monitor the router mesh.
This tab… Provides… Overview
Aggregate information about routers, addresses, links, connections, and logs.
Entities
Detailed information about each AMQP management entity for each router in the router mesh.
Topology
A graphical view of the router network. The topology shows how the routers are connected, and how messages are flowing through the network.
Charts
Graphs of the information that is displayed on the
Entities
tab.Message Flow
A chord diagram showing the real-time message flow by address.
Schema
The management schema that controls each of the routers in the router mesh.
4.6. Monitoring the router mesh using the CLI
You can use the qdstat
command line tool from within a router pod to view statistics about the routers in your router mesh. For example, you can view information about the attached links and configured addresses, available connections, and nodes in the router network.
Procedure
In a terminal, run the
qdstat
command from within a router pod.This command displays the router mesh topology from the perspective of router
amq-interconnect-4-5qkqz
.$ oc exec amq-interconnect-4-5qkqz -it -- qdstat -n Routers in the Network Last Topology Change: Tuesday Sep 25 20:35:54 2018 GMT router-id next-hop link ========================================== amq-interconnect-4-5qkqz (self) - amq-interconnect-4-8wbfg - 3 amq-interconnect-4-ds7lp - 1 amq-interconnect-4-mshr4 - 0
Additional resources
- Monitoring AMQ Interconnect using qdstat in Using AMQ Interconnect
- qdstat man page
4.7. Scaling the router mesh
You can scale your deployment to add or remove routers from the router mesh. When you scale up the router mesh, a new pod is deployed with a router, which automatically connects to any other running routers.
Procedure
- Navigate to the Overview page.
Do one of the following:
To add routers to the mesh, click the up arrow next to the pods diagram.
A new pod is deployed, with a router running inside of it. The router automatically connects to each router in the mesh to maintain a full mesh topology.
To remove routes from the mesh, click the down arrow next to the pods diagram.
A pod is removed from the deployment, and its router is shut down. Any clients that were connected to the router are disconnected, but can fail over to any of the remaining routers in the mesh.
4.8. Changing the router configuration
The AMQ Interconnect application templates include a basic router configuration that is applied to the router when it is deployed. The configuration is stored in the amq-interconnect
config map. You can edit this config map to change the configuration of the routers in the router mesh.
Procedure
Navigate to
. The
amq-interconnect
config map contains the configuration for each router in the router mesh.- Click amq-interconnect.
-
Select
. -
In the
Value
text box, change the router configuration as needed. - Click .
-
Navigate to
. - Click amq-interconnect.
Click
.A new deployment is started and becomes active. The configuration changes you made are applied to each router in the router mesh.
Additional resources
- For more information about the router configuration file, see Configuration in Using AMQ Interconnect.
- For more information about the router configuration entities and attributes, see the qdrouterd.conf man page.
4.9. How AMQ Interconnect upgrades work
The AMQ Interconnect application templates include an ImageChange
trigger. This means that when a new version of the AMQ Interconnect container image is available, the new image is deployed to the router mesh automatically. You do not need to deploy new image versions manually.
Revised on 2019-04-23 12:10:41 UTC