このコンテンツは選択した言語では利用できません。
Chapter 9. Reference
9.1. Custom Resource Definition configuration reference
A Custom Resource Definition (CRD) is a schema of configuration items that you can modify for a custom OpenShift object deployed with an Operator. An accompanying Custom Resource (CR) file enables you to specify values for configuration items in the CRD.
The following sub-sections detail the configuration items available in the broker and addressing CRDs.
9.1.1. Broker CRD configuration reference
The broker Custom Resource Definition (CRD) enables you to configure a broker for deployment in an OpenShift project. The following table details the items that you can configure.
Configuration items marked with an asterisk (*) are required in any corresponding Custom Resource (CR) that you deploy. If you do not explicitly specify a value for a non-required item, the configuration uses the default value.
| Entry | Sub-entry | Type | Example | Default value | Description |
|---|---|---|---|---|---|
|
| string | my_user | Automatically-generated, random value | Password required for connecting to broker and management console.
If you do not specify a value, the value is automatically generated and stored in a secret. The default secret name has a format of | |
|
| string | my_password | Automatically-generated, random value | Password required for connecting to broker and management console.
If you do not specify a value, the value is automatically generated and stored in a secret. The default secret name has a format of | |
|
| Broker deployment configuration | ||||
|
| string | registry.redhat.io/amq7/amq-broker:latest | registry.redhat.io/amq7/amq-broker:7.5 | URL of broker container image to pull from Red Hat Container Registry. The default tag matches the broker Operator version. | |
|
| int | 2 | 2 | Number of broker Pods to create in deployment.
If you a specify a value of | |
|
| Boolean | true | true | Specify whether login credentials are required to connect to broker. | |
|
| Boolean | false | true | Specify whether to use journal storage via a persistent volume (PV) created with a persistent volume claim (PVC). | |
|
| string | aio | aio | Specify whether to use asynchronous I/O (AIO) or non-blocking I/O (NIO). | |
|
| Boolean | true | true | Specify whether to migrate messages upon broker scaledown. | |
|
| object | A single acceptor configuration instance. | |||
|
| string | my_acceptor | Not specified | Name of acceptor. | |
|
| int | 5672 | 61626 for the first acceptor that you define. Default value increments by 10 for every subsequent acceptor that you define. | Port number to be used for acceptor instance. | |
|
| string | amqp,core | all | Messaging protocols to enable on acceptor instance. | |
|
| Boolean | false | false |
Specify whether SSL is enabled on acceptor port. If set to | |
|
| string | ex-aao-my_acceptor-secret | Not specified |
Secret where client truststore and broker keystore (base64-encoded) and | |
|
| string | SSL_RSA_WITH_RC4_128_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA | Not specified | Comma-separated list of cipher suites to use for SSL communication. | |
|
| string | TLSv1,TLSv1.1,TLSv1.2 | Not specified | Comma-separated list of protocols to use for SSL communication. | |
|
| Boolean | true | Not specified |
Specify whether broker informs client that two-way SSL is required on acceptor. This property overrides | |
|
| Boolean | true | Not specified |
Specify whether broker tells client that two-way SSL is requested on acceptor, but not required. Overridden by | |
|
| Boolean | true | Not specified | Specify whether to compare the Common Name (CN) of client’s SSL certificate to its host name, to verify that they match. This option applies only when two-way SSL is used. | |
|
| string | JDK | JDK | Specify whether SSL provider is JDK or OPENSSL. | |
|
| string | some_regular_expression | Not specified |
Regular expression to match against | |
|
| Boolean | true | false | Specify whether to expose acceptor outside OpenShift Container Platform | |
|
| string | jms.topic. | Not specified |
Prefix used by client to specify that the | |
|
| string | /queue/ | Not specified |
Prefix used by client to specify that the | |
|
| integer | 2 | 0 |
Number of connections allowed on acceptor. When this limit is reached, a | |
|
| object | A single connector configuration instance. | |||
|
| string | my_connector | N/A | Name of connector | |
|
| string | tcp | tcp |
The type of connector to create, | |
|
| string | localhost | Not specified | Host name or IP address to connect to. | |
|
| int | 22222 | Not specified | Port number to be used for connector instance. | |
|
| Boolean | false | false |
Specify whether SSL is enabled on connector port. If set to | |
|
| string | ex-aao-my_connector-secret | Not specified |
Secret where client truststore and broker keystore (base64-encoded) and | |
|
| string | SSL_RSA_WITH_RC4_128_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA | Not specified | Comma-separated list of cipher suites to use for SSL communication. | |
|
| string | TLSv1,TLSv1.1,TLSv1.2 | Not specified | Comma-separated list of protocols to use for SSL communication. | |
|
| Boolean | true | Not specified |
Specify whether broker informs client that two-way SSL is required on connector. This property overrides | |
|
| Boolean | true | Not specified |
Specify whether broker informs client that two-way SSL is requested on connector, but not required. Overridden by | |
|
| Boolean | true | Not specified | Specify whether to compare Common Name (CN) of client’s SSL certificate to its host name, to verify that they match. This option applies only when two-way SSL is used. | |
|
| string | JDK | JDK |
Specify whether SSL provider is | |
|
| string | some_regular_expression | Not specified |
Regular expression to match against | |
|
| Boolean | true | false | Specify whether to expose connector outside OpenShift Container Platform. | |
|
| Configuration of broker management console. | ||||
|
| Boolean | true | false | Specify whether to expose management console port. | |
|
| Boolean | true | false | Specify whether to use SSL on management console port. | |
|
| string | ex-aao-my_console-secret | Not specified |
Secret where client truststore and broker keystore (base64-encoded) and | |
|
| Boolean | true | false | Specify whether management console requires client authorization. |
9.1.2. Addressing CRD configuration reference
The addressing Custom Resource Definition (CRD) enables you to define addresses and queues and associated routing types to be created in your broker. The following table details the items that you can configure.
Configuration items marked with an asterisk (*) are required in any corresponding Custom Resource (CR) that you deploy. If you do not explicitly specify a value for a non-required item, the configuration uses the default value.
| Entry | Type | Example | Default value | Description |
|---|---|---|---|---|
|
| string | address0 | Not specified | Address name to be created in broker. |
|
| string | queue0 | Not specified | Queue name to be created in broker. |
|
| string | anycast | Not specified | Routing type to be used - anycast or multicast. |
9.2. Application template parameters
Configuration of the AMQ Broker on OpenShift Container Platform image is performed by specifying values of application template parameters. You can configure the following parameters:
| Parameter | Description |
|---|---|
|
| Specifies the addresses available by default on the broker on its startup, in a comma-separated list. |
|
| Specifies the anycast prefix applied to the multiplexed protocol ports 61616 and 61617. |
|
| Enables clustering. |
|
| Specifies the password to use for clustering. The AMQ Broker application templates use the value of this parameter stored in the secret named in AMQ_CREDENTIAL_SECRET. |
|
| Specifies the cluster user to use for clustering. The AMQ Broker application templates use the value of this parameter stored in the secret named in AMQ_CREDENTIAL_SECRET. |
|
| Specifies the secret in which sensitive credentials such as broker user name/password, cluster user name/password, and truststore and keystore passwords are stored. |
|
| Specifies the directory for the data. Used in stateful sets. |
|
| Specifies the directory for the data directory logging. |
|
|
Specifies additional arguments to pass to |
|
| Specifies the maximum amount of memory that message data can consume. If no value is specified, half of the system’s memory is allocated. |
|
| Specifies the SSL keystore file name. If no value is specified, a random password is generated but SSL will not be configured. |
|
| (Optional) Specifies the password used to decrypt the SSL keystore. The AMQ Broker application templates use the value of this parameter stored in the secret named in AMQ_CREDENTIAL_SECRET. |
|
|
Specifies the directory where the secrets are mounted. The default value is |
|
| For SSL only, specifies the maximum number of connections that an acceptor will accept. |
|
| Specifies the multicast prefix applied to the multiplexed protocol ports 61616 and 61617. |
|
|
Specifies the name of the broker instance. The default value is |
|
| Specifies the password used for authentication to the broker. The AMQ Broker application templates use the value of this parameter stored in the secret named in AMQ_CREDENTIAL_SECRET. |
|
|
Specifies the messaging protocols used by the broker in a comma-separated list. Available options are |
|
| Specifies the queues available by default on the broker on its startup, in a comma-separated list. |
|
|
If set to |
|
|
Specifies the name for the role created. The default value is |
|
| Specifies the SSL truststore file name. If no value is specified, a random password is generated but SSL will not be configured. |
|
| (Optional) Specifies the password used to decrypt the SSL truststore. The AMQ Broker application templates use the value of this parameter stored in the secret named in AMQ_CREDENTIAL_SECRET. |
|
| Specifies the user name used for authentication to the broker. The AMQ Broker application templates use the value of this parameter stored in the secret named in AMQ_CREDENTIAL_SECRET. |
|
| Specifies the name of the application used internally within OpenShift. It is used in names of services, pods, and other objects within the application. |
|
|
Specifies the image. Used in the |
|
|
Specifies the image stream name space. Used in the |
|
| Specifies the port number for the OpenShift DNS ping service. |
|
|
Specifies the name of the OpenShift DNS ping service. The default value is |
|
| Specifies the size of the persistent storage for database volumes. |
If you use broker.xml for a custom configuration, any values specified in that file for the following parameters will override values specified for the same parameters in the your application templates.
- AMQ_NAME
- AMQ_ROLE
- AMQ_CLUSTER_USER
- AMQ_CLUSTER_PASSWORD
9.3. Logging
In addition to viewing the OpenShift logs, you can troubleshoot a running AMQ Broker on OpenShift Container Platform image by viewing the AMQ logs that are output to the container’s console.
Procedure
- At the command line, run the following command:
$ oc logs -f <pass:quotes[<pod-name>]> <pass:quotes[<container-name>]>
Revised on 2020-06-18 16:02:31 UTC
