Chapter 10. Reference
10.1. Custom Resource configuration reference
A Custom Resource Definition (CRD) is a schema of configuration items for a custom OpenShift object deployed with an Operator. By deploying a corresponding Custom Resource (CR) instance, you specify values for configuration items shown in the CRD.
The following sub-sections detail the configuration items that you can set in Custom Resource instances based on the main broker and addressing CRDs.
10.1.1. Broker Custom Resource configuration reference
A CR instance based on the main broker CRD enables you to configure brokers for deployment in an OpenShift project. The following table describes the items that you can configure in the CR instance.
Configuration items marked with an asterisk (*) are required in any corresponding Custom Resource (CR) that you deploy. If you do not explicitly specify a value for a non-required item, the configuration uses the default value.
Entry | Sub-entry | Description and usage |
---|---|---|
| Administrator user name required for connecting to the broker and management console.
If you do not specify a value, the value is automatically generated and stored in a secret. The default secret name has a format of Type: string Example: my-user Default value: Automatically-generated, random value | |
| Administrator password required for connecting to the broker and management console.
If you do not specify a value, the value is automatically generated and stored in a secret. The default secret name has a format of Type: string Example: my-password Default value: Automatically-generated, random value | |
| Broker deployment configuration | |
| Full path of the broker container image to be pulled from the Red Hat Container Registry. The default container image tag matches the AMQ Broker version. Type: string Example: registry.redhat.io/amq7/amq-broker:latest Default value: registry.redhat.io/amq7/amq-broker:7.6 | |
| Number of broker Pods to create in the deployment.
If you a specify a value of 2 or greater, your broker deployment is clustered by default. The cluster user name and password are automatically generated and stored in the same secret as Type: int Example: 1 Default value: 2 | |
| Specify whether login credentials are required to connect to the broker. Type: Boolean Example: false Default value: true | |
|
Specify whether to use journal storage for each broker Pod in the deployment. If set to Type: Boolean Example: false Default value: true | |
| Specify whether to use asynchronous I/O (AIO) or non-blocking I/O (NIO). Type: string Example: aio Default value: nio | |
| When a broker Pod shuts down due to a failure or intentional scaledown of the broker deployment, specify whether to migrate messages to another broker Pod that is still running in the broker cluster. Type: Boolean Example: false Default value: true | |
| A single acceptor configuration instance. | |
| Name of acceptor. Type: string Example: my-acceptor Default value: Not applicable | |
| Port number to use for the acceptor instance. Type: int Example: 5672 Default value: 61626 for the first acceptor that you define. The default value then increments by 10 for every subsequent acceptor that you define. | |
| Messaging protocols to be enabled on the acceptor instance. Type: string Example: amqp,core Default value: all | |
|
Specify whether SSL is enabled on the acceptor port. If set to Type: Boolean Example: true Default value: false | |
| Secret where broker key store, trust store, and their corresponding passwords (all Base64-encoded) are stored.
If you do not specify a custom secret name for You must always create this secret yourself, even when the acceptor assumes a default name. Type: string Example: my-broker-deployment-my-acceptor-secret Default value: <Custom Resource name>-<acceptor name>-secret | |
| Comma-separated list of cipher suites to use for TLS/SSL communication.
Specify the most secure cipher suite(s) supported by your client application. If you use a comma-separated list to specify a set of cipher suites that is common to both the broker and the client, or you do not specify any cipher suites, the broker and client mutually negotiate a cipher suite to use. If you do not know which cipher suites to specify, it is recommended that you first establish a broker-client connection with your client running in debug mode, to verify the cipher suites that are common to both the broker and the client. Then, configure Type: string Default value: Not specified | |
| Comma-separated list of protocols to use for TLS/SSL communication. Type: string Example: TLSv1,TLSv1.1,TLSv1.2 Default value: Not specified | |
|
Specify whether the broker informs clients that two-way TLS is required on the acceptor. This property overrides Type: Boolean Example: true Default value: Not specified | |
|
Specify whether the broker informs clients that two-way TLS is requested on the acceptor, but not required. This property is overridden by Type: Boolean Example: true Default value: Not specified | |
| Specify whether to compare the Common Name (CN) of a client’s certificate to its host name, to verify that they match. This option applies only when two-way TLS is used. Type: Boolean Example: true Default value: Not specified | |
| Specify whether the SSL provider is JDK or OPENSSL. Type: string Example: OPENSSL Default value: JDK | |
|
Regular expression to match against the Type: string Example: some_regular_expression Default value: Not specified | |
| Specify whether to expose the acceptor to clients outside OpenShift Container Platform. Type: Boolean Example: true Default value: false | |
|
Prefix used by a client to specify that the Type: string Example: jms.queue Default value: Not specified | |
|
Prefix used by a client to specify that the Type: string Example: /topic/ Default value: Not specified | |
| Number of connections allowed on the acceptor. When this limit is reached, a DEBUG message is issued to the log, and the connection is refused. The type of client in use determines what happens when the connection is refused. Type: integer Example: 2 Default value: 0 (unlimited connections) | |
| A single connector configuration instance. | |
| Name of connector. Type: string Example: my-connector Default value: Not applicable | |
|
The type of connector to create; Type: string Example: vm Default value: tcp | |
| Host name or IP address to connect to. Type: string Example: 192.168.0.58 Default value: Not specified | |
| Port number to be used for the connector instance. Type: int Example: 22222 Default value: Not specified | |
|
Specify whether SSL is enabled on the connector port. If set to Type: Boolean Example: true Default value: false | |
| Secret where broker key store, trust store, and their corresponding passwords (all Base64-encoded) are stored.
If you do not specify a custom secret name for You must always create this secret yourself, even when the connector assumes a default name. Type: string Example: my-broker-deployment-my-connector-secret Default value: <Custom Resource name>-<connector name>-secret | |
| Comma-separated list of cipher suites to use for TLS/SSL communication. Type: string NOTE: For a connector, it is recommended that you do not specify a list of cipher suites. Default value: Not specified | |
| Comma-separated list of protocols to use for TLS/SSL communication. Type: string Example: TLSv1,TLSv1.1,TLSv1.2 Default value: Not specified | |
|
Specify whether the broker informs clients that two-way TLS is required on the connector. This property overrides Type: Boolean Example: true Default value: Not specified | |
|
Specify whether the broker informs clients that two-way TLS is requested on the connector, but not required. This property is overridden by Type: Boolean Example: true Default value: Not specified | |
| Specify whether to compare the Common Name (CN) of client’s certificate to its host name, to verify that they match. This option applies only when two-way TLS is used. Type: Boolean Example: true Default value: Not specified | |
|
Specify whether the SSL provider is Type: string Example: OPENSSL Default value: JDK | |
|
Regular expression to match against the Type: string Example: some_regular_expression Default value: Not specified | |
| Specify whether to expose the connector to clients outside OpenShift Container Platform. Type: Boolean Example: true Default value: false | |
| Configuration of broker management console. | |
| Specify whether to expose the management console port. Type: Boolean Example: true Default value: false | |
| Specify whether to use SSL on the management console port. Type: Boolean Example: true Default value: false | |
|
Secret where broker key store, trust store, and their corresponding passwords (all Base64-encoded) are stored. If you do not specify a value for Type: string Example: my-broker-deployment-console-secret Default value: Not specified | |
| Specify whether the management console requires client authorization. Type: Boolean Example: true Default value: false |
10.1.2. Address Custom Resource configuration reference
A CR instance based on the address CRD enables you to define addresses and queues for the brokers in your deployment. The following table details the items that you can configure.
Configuration items marked with an asterisk (*) are required in any corresponding Custom Resource (CR) that you deploy. If you do not explicitly specify a value for a non-required item, the configuration uses the default value.
Entry | Description and usage |
---|---|
| Address name to be created on broker. Type: string Example: address0 Default value: Not specified |
| Queue name to be created on broker. Type: string Example: queue0 Default value: Not specified |
|
Routing type to be used; Type: string Example: anycast Default value: Not specified |
10.2. Application template parameters
Configuration of the AMQ Broker on OpenShift Container Platform image is performed by specifying values of application template parameters. You can configure the following parameters:
Parameter | Description |
---|---|
| Specifies the addresses available by default on the broker on its startup, in a comma-separated list. |
| Specifies the anycast prefix applied to the multiplexed protocol ports 61616 and 61617. |
| Enables clustering. |
| Specifies the password to use for clustering. The AMQ Broker application templates use the value of this parameter stored in the secret named in AMQ_CREDENTIAL_SECRET. |
| Specifies the cluster user to use for clustering. The AMQ Broker application templates use the value of this parameter stored in the secret named in AMQ_CREDENTIAL_SECRET. |
| Specifies the secret in which sensitive credentials such as broker user name/password, cluster user name/password, and truststore and keystore passwords are stored. |
| Specifies the directory for the data. Used in stateful sets. |
| Specifies the directory for the data directory logging. |
|
Specifies additional arguments to pass to |
| Specifies the maximum amount of memory that message data can consume. If no value is specified, half of the system’s memory is allocated. |
| Specifies the SSL keystore file name. If no value is specified, a random password is generated but SSL will not be configured. |
| (Optional) Specifies the password used to decrypt the SSL keystore. The AMQ Broker application templates use the value of this parameter stored in the secret named in AMQ_CREDENTIAL_SECRET. |
|
Specifies the directory where the secrets are mounted. The default value is |
| For SSL only, specifies the maximum number of connections that an acceptor will accept. |
| Specifies the multicast prefix applied to the multiplexed protocol ports 61616 and 61617. |
|
Specifies the name of the broker instance. The default value is |
| Specifies the password used for authentication to the broker. The AMQ Broker application templates use the value of this parameter stored in the secret named in AMQ_CREDENTIAL_SECRET. |
|
Specifies the messaging protocols used by the broker in a comma-separated list. Available options are |
| Specifies the queues available by default on the broker on its startup, in a comma-separated list. |
|
If set to |
|
Specifies the name for the role created. The default value is |
| Specifies the SSL truststore file name. If no value is specified, a random password is generated but SSL will not be configured. |
| (Optional) Specifies the password used to decrypt the SSL truststore. The AMQ Broker application templates use the value of this parameter stored in the secret named in AMQ_CREDENTIAL_SECRET. |
| Specifies the user name used for authentication to the broker. The AMQ Broker application templates use the value of this parameter stored in the secret named in AMQ_CREDENTIAL_SECRET. |
| Specifies the name of the application used internally within OpenShift. It is used in names of services, pods, and other objects within the application. |
|
Specifies the image. Used in the |
|
Specifies the image stream name space. Used in the |
| Specifies the port number for the OpenShift DNS ping service. |
|
Specifies the name of the OpenShift DNS ping service. The default value is |
| Specifies the size of the persistent storage for database volumes. |
If you use broker.xml
for a custom configuration, any values specified in that file for the following parameters will override values specified for the same parameters in the your application templates.
- AMQ_NAME
- AMQ_ROLE
- AMQ_CLUSTER_USER
- AMQ_CLUSTER_PASSWORD
10.3. Logging
In addition to viewing the OpenShift logs, you can troubleshoot a running AMQ Broker on OpenShift Container Platform image by viewing the AMQ logs that are output to the container’s console.
Procedure
- At the command line, run the following command:
$ oc logs -f <pass:quotes[<pod-name>]> <pass:quotes[<container-name>]>
Revised on 2020-11-24 10:23:19 UTC