Red Hat Summit 红帽全球峰会支持控制台(Console)开发人员开始试用联系人

6.2. Managing AMQ Broker using JMX

You can use Java Management Extensions (JMX) to manage a broker. The management API is exposed by the broker using MBeans interfaces. The broker registers its resources with the domain org.apache.activemq.

For example, the ObjectName to manage a queue named exampleQueue is: 

org.apache.activemq.artemis:broker="__BROKER_NAME__",component=addresses,address="exampleQueue",subcomponent=queues,routingtype="anycast",queue="exampleQueue"

The MBean is: 

org.apache.activemq.artemis.api.management.QueueControl

The MBean’s ObjectName is built using the helper class org.apache.activemq.artemis.api.core.management.ObjectNameBuilder. You can also use jconsole to find the ObjectName of the MBeans you want to manage.

Managing the broker using JMX is identical to management of any Java applications using JMX. It can be done by reflection or by creating proxies of the MBeans.

6.2.1. Configuring JMX management
复制链接

By default, JMX is enabled to manage the broker. You can enable or disable JMX management by setting the jmx-management-enabled property in the broker.xml configuration file.

Procedure

  1. Open the <broker_instance_dir>/etc/broker.xml configuration file.

  2. Set <jmx-management-enabled>. 

    <jmx-management-enabled>true</jmx-management-enabled>

    If JMX is enabled, the broker can be managed locally using jconsole.

    注意

    Remote connections to JMX are not enabled by default for security reasons.

  3. If you want to manage multiple brokers from the same MBeanServer, configure the JMX domain for each of the brokers.

    By default, the broker uses the JMX domain org.apache.activemq.artemis. 

    <jmx-domain>my.org.apache.activemq</jmx-domain>
    注意

    If you are using AMQ Broker on a Windows system, system properties must be set in artemis, or artemis.cmd. A shell script is located under <install_dir>/bin.

Additional resources

  • For more information on configuring the broker for remote management, see Oracle’s Java Management Guide.

6.2.2. Configuring JMX management access
复制链接

By default, remote JMX access to a broker is disabled for security reasons. However, AMQ Broker has a JMX agent that allows remote access to JMX MBeans. You enable JMX access by configuring a connector element in the broker management.xml configuration file.

注意

While it is also possible to enable JMX access using the `com.sun.management.jmxremote ` JVM system property, that method is not supported and is not secure. Modifying that JVM system property can bypass RBAC on the broker. To minimize security risks, consider limited access to localhost.

重要

Exposing the JMX agent of a broker for remote management has security implications.

To secure your configuration as described in this procedure:

  • Use SSL for all connections.
  • Explicitly define the connector host, that is, the host and port to expose the agent on.
  • Explicitly define the port that the RMI (Remote Method Invocation) registry binds to.

Prerequisites

  • A working broker instance
  • The Java jconsole utility

Procedure

  1. Open the <broker-instance-dir>/etc/management.xml configuration file.

  2. Define a connector for the JMX agent. The connector-port setting establishes an RMI registry that clients such as jconsole query for the JMX connector server. For example, to allow remote access on port 1099: 

    <connector connector-port="1099"/>

  3. Verify the connection to the JMX agent using jconsole: 

    service:jmx:rmi:///jndi/rmi://localhost:1099/jmxrmi

  4. Define additional properties on the connector, as described below.

    connector-host
    The broker server host to expose the agent on. To prevent remote access, set connector-host to 127.0.0.1 (localhost).
    rmi-registry-port
    The port that the JMX RMI connector server binds to. If not set, the port is always random. Set this property to avoid problems with remote JMX connections tunnelled through a firewall.
    jmx-realm
    JMX realm to use for authentication. The default value is activemq to match the JAAS configuration.
    object-name
    Object name to expose the remote connector on. The default value is connector:name=rmi.
    secured
    Specify whether the connector is secured using SSL. The default value is false. Set the value to true to ensure secure communication.
    key-store-path
    Location of the keystore. Required if you have set secured="true".
    key-store-password
    Keystore password. Required if you have set secured="true". The password can be encrypted.
    key-store-provider
    Keystore provider. Required if you have set secured="true". The default value is JKS.
    trust-store-path
    Location of the truststore. Required if you have set secured="true".
    trust-store-password
    Truststore password. Required if you have set secured="true". The password can be encrypted.
    trust-store-provider
    Truststore provider. Required if you have set secured="true". The default value is JKS
    password-codec
    The fully qualified class name of the password codec to use. See the password masking documentation, linked below, for more details on how this works.
    注意

    The RMI registry picks an IP address to bind to. If you have multiple IP addresses/NICs present on the system, then you can choose the IP address to use by adding the following to the artemis.profile file: -Djava.rmi.server.hostname=localhost

  5. Set an appropriate value for the endpoint serialization using jdk.serialFilter as described in the Java Platform documentation.

Additional resources

6.2.3. MBeanServer configuration
复制链接

When the broker runs in standalone mode, it uses the Java Virtual Machine’s Platform MBeanServer to register its MBeans. By default, Jolokia is also deployed to allow access to the MBean server using REST.

6.2.4. How JMX is exposed with Jolokia
复制链接

By default, AMQ Broker ships with the Jolokia HTTP agent deployed as a web application. Jolokia is a remote JMX over HTTP bridge that exposes MBeans.

注意

To use Jolokia, the user must belong to the role defined by the hawtio.role system property in the <broker_instance_dir>/etc/artemis.profile configuration file. By default, this role is amq.

例 6.1. Using Jolokia to query the broker’s version

This example uses a Jolokia REST URL to find the version of a broker. The Origin flag should specify the domain name or DNS host name for the broker server. In addition, the value you specify for Origin must correspond to an entry for <allow-origin> in your Jolokia Cross-Origin Resource Sharing (CORS) specification. 

$ curl http://admin:admin@localhost:8161/console/jolokia/read/org.apache.activemq.artemis:broker=\"0.0.0.0\"/Version -H "Origin: mydomain.com"
{"request":{"mbean":"org.apache.activemq.artemis:broker=\"0.0.0.0\"","attribute":"Version","type":"read"},"value":"2.4.0.amq-710002-redhat-1","timestamp":1527105236,"status":200}

Additional resources

  • For more information on using a JMX-HTTP bridge, see the Jolokia documentation.
  • For more information on assigning a user to a role, see Adding Users.
  • For more information on specifying Jolokia Cross-Origin Resource Sharing (CORS), see section 4.1.5 of link: Security.

6.2.5. Subscribing to JMX management notifications
复制链接

If JMX is enabled in your environment, you can subscribe to management notifications.

Procedure

  • Subscribe to ObjectName org.apache.activemq.artemis:broker="<broker-name>".

Additional resources

Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。 了解我们当前的更新.

Legal Notice

Theme

© 2026 Red Hat返回顶部