moving the user. Internally the roles are keyed off the user so
when the user is removed the role entries for that user are removed as well.
Justin
On Fri, Jun 14, 2024 at 2:53 PM Vilius Šumskas
wrote:
> Hi,
>
> we use ActiveMQBasicSecurityManager so I assume roles are stored in
>
on of roles
As far as the broker is concerned I don't think there's any specific reason to
delete roles. Of course, you may want to delete them for other reasons (e.g.
the artemis-roles.properties file is taking up a bunch of disk space).
Justin
On Thu, Jun 13, 2024 at 2:34 AM Vilius
Hi,
just wondering, if I delete Artemis user, do I also need to somehow delete
their role too? (assuming that this role is not used anywhere else)
Or are roles just like “labels” on user objects and there is no need to delete
them separately?
--
Best Regards,
Vilius Šumskas
. Looking forward to see the fix in next releases ;)
Best regards
-Ursprüngliche Nachricht-
Von: Vilius Šumskas
Gesendet: Mittwoch, 10. April 2024 13:34
An: users@activemq.apache.org
Betreff: RE: Disabled authentication ActiveMQ Classic Webapps since V6.x
Hi,
oh, I remember this. This is
Hi,
oh, I remember this. This is exactly what I did in
https://github.com/apache/activemq/commit/c67ada04c77e9379ef25ac62d5ea1fcf20cf8b8f
, and at least /admin endpoint was tested and was properly protected after
that fix. However, I see that configuration went through couple of changes
again
Hi,
are you able to reproduce your issue without Kubernetes layer on Artemis
instances? I’m not sure how exactly do you kill a pod, but 40 second timeout
very much looks like default pod grace timeout + 10 seconds.
--
Vilius
From: John Lilley
Sent: Wednesday, February 21, 2024 8:45 PM
To:
Version number in the HTML page title could help too I think:
https://pasteboard.co/X78nH017BiGS.png
--
Vilius
-Original Message-
From: Vilius Šumskas
Sent: Thursday, January 25, 2024 12:26 PM
To: users@activemq.apache.org
Subject: RE: REST Interface for Artemis Broker
I think
I think you should consider adopting
https://developers.google.com/search/blog/2009/02/specify-your-canonical or
similar strategy, so that user search always points to the most up-to-date
documentation.
I've managed to stumble upon old version Artemis docs multiple times myself
(especially on
You need to add you slave to on master (and master host to slave
). Command line doesn't do that automatically, it only creates
initial configuration.
--
Vilius
-Original Message-
From: Adrija Basu
Sent: Tuesday, November 21, 2023 7:19 AM
To: users@activemq.apache.org
Subject: R
e at least some advanced configuration parameters to not kill the MQ system
itself, like caching or similar. But we can always hope for better tomorrow :)
--
Best Regards,
Vilius Šumskas
Rivile
IT manager
+370 614 75713
-Original Message-
From: ski n
Sent: Wednesday
s long as your backup broker isn't running while your primary broker is
running then there's no issue.
FWIW, shared storage configurations are relatively immune to split brain due to
the file locks enforced by the shared store.
Justin
On Fri, Sep 1, 2023 at 10:25 AM Vilius Šumskas
w
Hi,
we have upgraded some of our environments from 2.28 to 2.30, others from 2.24
to 2.30 and all upgraded instances now show this strange log message during
live node restart cycle:
There is a possible split brain on nodeID 165c6eec-0429-11ed-a12a-42010a961402.
Topology update ignored
Full r
Hi,
you don't need whole repo, artemis-docker folder is enough.
Regarding your docker error, you have to have Docker installed in order to
build the image. I suspect you are running bash script from WSL, but
environment doesn't have docker installed _inside_ WSL.
--
Vilius
-Original
Hi,
check the mailing list archives. This question comes up regulary.
--
Vilius
-Original Message-
From: prateekjai...@gmail.com
Sent: Monday, March 13, 2023 11:46 AM
To: users@activemq.apache.org
Subject: cloud-native deployment
Hi All,
How are you? I am trying to deploy arte
Hi,
depending on what you need to change, you could probably use 'bin/artemis
create' to generate correct broker.xml in the first place. This is what
docker-run.sh script with EXTRA_ARGS does.
Check available options at
https://activemq.apache.org/components/artemis/documentation/latest/using-s
K if you are unable to restart Artemis
broker at the same time. Else you will have problems later, for example when
reloading Hawtio console for TLS certificate change.
Thank you for your help Justin!
--
Best Regards,
Vilius
-----Original Message-
From: Vilius Šumskas
Sent: Thurs
ver restart failed
>
> If not, could you perhaps get a thread dump?
>
> In any event, if you want to start the embedded web server you can do
> so using JMX directly (e.g. via JConsole). Just invoke the
> startEmbeddedWebServer operation on the ActiveMQServerControl MBe
tart failed
If not, could you perhaps get a thread dump?
In any event, if you want to start the embedded web server you can do so using
JMX directly (e.g. via JConsole). Just invoke the startEmbeddedWebServer
operation on the ActiveMQServerControl MBean.
Justin
On Wed, Jan 11, 2023 at 6:41 AM Vil
hout restarting the broker?
--
Vilius
-Original Message-----
From: Vilius Šumskas
Sent: Wednesday, January 11, 2023 1:55 PM
To: users@activemq.apache.org
Subject: reloading TLS certificate for Jolokia
Hi,
since because of https://issues.apache.org/jira/browse/ARTEMIS-3117 ActiveMQ
reload() on
„artemis-ssl“ acceptor, but I just cannot figure out a way to reload it for
console itself.
--
Best Regards,
Vilius Šumskas
Rivile
IT manager
M: +1 7209385761 |
john.lil...@redpointglobal.com<mailto:john.lil...@redpointglobal.com>
From: Vilius Šumskas mailto:vilius.sums...@rivile.lt>>
Sent: Friday, November 4, 2022 12:24 AM
To: users@activemq.apache.org<mailto:users@activemq.apache.org>
Subject: RE: Problem with Ar
P.S. You probably will need to remove (ignore) system addresses, like
activemq.management, from the addresses.txt in order to keep them.
--
Vilius
From: Vilius Šumskas
Sent: Friday, November 4, 2022 8:24 AM
To: users@activemq.apache.org
Subject: RE: Problem with Artemis auto-delete queues
Hi,
we needed similar cleanup being made on our testing environment, but to keep
data folder, so we have used this script:
/var/lib/artemis/bin/artemis address show --url tcp://localhost:61616 --user
admin --password adminpassword > addresses.txt
while read -r queue; do ./artemis queue delete -
One additional note regarding HA and shared storage on K8s. Check what shared
storage options are available in your K8S environment beforehand, because there
are not so many, and both Artemis and “Classic” is pretty picky about shared
storage filesystem.
For example, for us, on Google Cloud, it
Hi,
how large is the message? Have you checked max_allowed_packet configuration
parameter, specifically
https://dev.mysql.com/doc/mysql-replication-excerpt/8.0/en/replication-features-max-allowed-packet.html
?
--
Vilius
-Original Message-
From: Stephen Baker
Sent: Thursday, Sep
Hawtio console -> Runtime.
--
Best Regards,
Vilius Šumskas
Rivile
IT manager
+370 614 75713
Correct. This is exactly what we are doing.
By the way, as far as we found out, permissions created on-demand will be
stored in the journal independently which user/role storage mechanism you
choose. That was one more reasons for us to go with
ActiveMQBasicSecurityManager because we won't have
Hi,
we have very similar requirements. You can search this mailing list for my
recent questions and answers from others for details.
Basically we have chosen ActiveMQBasicSecurityManager as a backend, and we are
creating users, their permissions and queues on-demand, using
activemq.management
ts. It wouldn't be very useful if it worked the way you
describe.
Justin
On Thu, Apr 7, 2022 at 2:15 PM Vilius Šumskas
wrote:
> Wait, so does this mean that if I add or delete a user I have to
> restart a broker for the ActiveMQBasicSecurityManager to pickup changes?
&g
ead from or written to the
journal during authentication. The broker simply uses the data it has in memory.
Justin
On Thu, Apr 7, 2022 at 1:20 PM Vilius Šumskas
wrote:
> >> Correct me if I'm wrong on my understandings. My proposal was to
> >> not
> > store ha
>> Correct me if I'm wrong on my understandings. My proposal was to not
> store hashes (or plaintext passwords) in b) type records.
> As far as I can tell, you believe that "surviving records" and "operational
> records" are two fundamentally different things which is, in fact, not the
> case. A
>> Yes, hashes should be stored somewhere, e.g. in surviving records, but
>> my point was about operational journal.
>
> I don't understand what you mean. The "surviving records" are *in* the
> "operational journal." The "data print" command simply lists the surviving
> records as a convenience
's worth, stale records will be removed from the journal by the
compaction process which runs automatically during broker runtime or you can
compact the journal manually using the "data compact" command.
Justin
On Thu, Mar 31, 2022 at 4:18 PM Vilius Šumskas
wrote:
> Looks
stop an acceptor, delete messages from a queue, create an address, etc.).
Hope that helps!
Justin
On Fri, Apr 1, 2022 at 5:32 AM Vilius Šumskas
wrote:
> Hi,
>
> I‘m trying to understand how exactly Artemis roles work and I have a
> simple question: is “manage” role global? For e
Hi,
I‘m trying to understand how exactly Artemis roles work and I have a simple
question: is “manage” role global? For example, if I use addSecuritySettings(),
match the address to “somequeue.input.#” and add the role of the user to
manageRoles attribute will the user then be able to send manag
in
On Tue, Mar 29, 2022 at 10:49 PM Justin Bertram wrote:
> I would say that's a bug.
>
>
> Justin
>
> On Tue, Mar 29, 2022 at 4:58 PM Vilius Šumskas
>
> wrote:
>
>> Hello,
>>
>> >> Would you still advice to remove bootstrapUser configur
l testing. I would expect the basic security manager
to be a bit faster since it uses the journal which is optimized for speed, but
I wouldn't expect the difference to be significant.
Justin
On Thu, Mar 24, 2022 at 3:56 PM Vilius Šumskas
wrote:
> Thank you for very detailed answers!
journal which is optimized for speed, but
I wouldn't expect the difference to be significant.
Justin
On Thu, Mar 24, 2022 at 3:56 PM Vilius Šumskas
wrote:
> Thank you for very detailed answers! This helps a lot actually.
>
> Follow-up question regarding item 5. We have an int
I to hash the passwords then they will be hashed.
Hope that helps!
Justin
[1]
https://activemq.apache.org/components/artemis/documentation/latest/security.html#basic-security-manager
On Thu, Mar 24, 2022 at 11:01 AM Vilius Šumskas
wrote:
> Hello list,
>
> since, according to documentation,
ntralized
repository for that (e.g. LDAP).
Justin
On Thu, Mar 24, 2022 at 11:01 AM Vilius Šumskas
wrote:
> Hello list,
>
> since, according to documentation, PropertiesLogin JAAS module is not
> recommended for production use, and .properties files are not synched
> in a clust
t list all the users in the journal, or this is
only possible calling some kind of API?
8. From the security perspective, are users’ passwords in binding journal
properly hashed and cannot be retrieved if someone pokes at the data?
Thank you in advance for any pointers.
--
Best Regards,
olean parameter that indicates whether or not to
hash the password.
Justin
On Mon, Mar 21, 2022, 10:13 AM Vilius Šumskas
wrote:
> I mean using activemq.management queue via
> org.apache.activemq.artemis.api.jms.management.JMSManagementHelper.
>
> S
day, March 21, 2022 4:50 PM
To: users@activemq.apache.org
Subject: Re: encoding passwords for JMS created accounts in Artemis
What do you mean by "JMS commands"?
Justin
On Mon, Mar 21, 2022 at 8:36 AM Vilius Šumskas
wrote:
> Hello,
>
> we are using JMS commands in our code
a way to use some kind of hashing or should we look at completely
different SecurityManager provider for production purposes?
We are using Artemis 2.20 with the default
org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule in the
configuration.
--
Best Regards,
Vilius
.html
[2] https://github.com/jbertram/artemis-prometheus-metrics-plugin
On Tue, Mar 1, 2022 at 1:51 PM Vilius Šumskas
wrote:
> Hi,
>
> we have Artemis 2.20.0 cluster which is used by external
> producers/consumers. Every such producer/consumer pair represents
> different commerci
RAM. Address memory is barely used ~12 MB.
Or maybe we are doing something wrong? Maybe switching to temporary queues
would help?
--
Best Regards,
Vilius Šumskas
Rivile
IT manager
+370 614 75713
L] Re: Artemis file locking not released
I'm using NFS v3. What is the recommended version? I don't see the minimum
NFS requirement in
https://activemq.apache.org/components/artemis/documentation/2.19.0/ha.html.
Thanks
Rahman
-Original Message-----
From: Vilius Šumskas
Sent: Mond
Are you using NFS version 4.1 and what's are your mount options?
--
Vilius
-Original Message-
From: Gunawan, Rahman (GSFC-703.H)[Halvik Corp]
Sent: Monday, February 28, 2022 2:55 PM
To: users@activemq.apache.org
Subject: RE: [EXTERNAL] Re: Artemis file locking not released
The ba
At least under normal circumstances backup should be accessible via console. I
just checked on my shared storage cluster. It even shows cluster diagram
(without consumers and producers).
Didn't try with allow-failback set to false though.
--
Vilius
-Original Message-
From: Justin
Hi,
+1 from me on the recommendations regarding Artemis on Kubernetes from core
developers.
I can only share how we are currently doing our HA.
I've invested weeks of my time to investigate regarding having master/slave
Artemis shared disk cluster with the following configurations:
1) Artemis
Hi,
most of the distributions have libaio packaged and ready. You just need to "dnf
install" or "apt-get" it in your container image.
--
Vilius
-Original Message-
From: Matthew Harris
Sent: Thursday, January 27, 2022 11:14 PM
To: users@activemq.apache.org
Subject: Difficulties fi
and I don't see a
randomise option in there
On Wed, 12 Jan 2022 at 21:49, Vilius Šumskas wrote:
>
> Thank you! We will try to apply your suggestions.
>
> One last thing, as I understood the proper URL string for external clients
> then would be:
> (tcp://external-cluster
ient to
do transparent failover.
On Wed, 12 Jan 2022 at 12:55, Vilius Šumskas wrote:
>
> Thanks, Gary. Ticket created
> https://issues.apache.org/jira/browse/ARTEMIS-3640
>
> We experimented a little bit more with this and found that if we use any of
> the following parameters fa
JIRA issue to track this need, and we can peek into how difficult
it is to resolve or if there are some alternatives that can help this use case.
On Mon, 10 Jan 2022 at 14:21, Vilius Šumskas wrote:
>
> Hi list,
>
> does anyone have more ideas regarding the issue with external cons
Hi list,
does anyone have more ideas regarding the issue with external consumers below?
--
Vilius
-Original Message-
From: Vilius Šumskas
Sent: Friday, January 7, 2022 11:43 AM
To: users@activemq.apache.org
Subject: RE: Artemis cluster topology and external clients
We are still
topology for load balancing and use static
connectors, i.e.
(tcp://external-cluster-dns-1:61616,tcp://external-cluster-dns-2:61616)?ha=true&reconnectAttempts=30&useTopologyForLoadBalancing=false
Regards,
Domenico
On Mon, 3 Jan 2022 at 10:00, Vilius Šumskas
wrote:
> Hello list,
ng and use static
connectors, i.e.
(tcp://external-cluster-dns-1:61616,tcp://external-cluster-dns-2:61616)?ha=true&reconnectAttempts=30&useTopologyForLoadBalancing=false
Regards,
Domenico
On Mon, 3 Jan 2022 at 10:00, Vilius Šumskas
wrote:
> Hello list,
>
> we are trying to us
pointers are much appreciated.
--
Best Regards,
Vilius Šumskas
Advantes technologies
IT manager
+370 614 75713
.com/articles/2191331
Regards,
Domenico
On Thu, 30 Dec 2021 at 17:33, Vilius Šumskas
wrote:
> Hi,
>
> not sure why you say artemis-service is for Windows. For me it looks
> like every normal init.d script written in bash. I would gladly run it
> via system, like I did it with
run
ActiveMQ Artemis as service on linux is using systemd. Your example LGTM indeed
yout service configuration includes the `User` and `Group` settings, can you
share the SELinux denial message?
Basic SELinux Troubleshooting in CLI
https://access.redhat.com/articles/2191331
Regards,
Domeni
x27;re trying to run Artemis? I assume you're not just
running the `artemis` command from the bin directory.
Justin
On Mon, Dec 27, 2021 at 6:34 AM Vilius Šumskas
wrote:
> Hello,
>
> I‘m trying to configure Artemis 2.20.0 to run under non-root user. So
> far searchi
expected).
Is there a way to run Artemis under non-root user, and if yes, how?
--
Best Regards,
Vilius Šumskas
Advantes technologies
IT manager
Hi,
log4j 1.2 series are vulnerable to CVE-2019-17571 which has a CVSS score of
9.8. This needs to be addressed too.
--
Vilius
-Original Message-
From: Jean-Baptiste Onofré
Sent: Monday, December 13, 2021 11:50 AM
To: users@activemq.apache.org
Subject: Re: ActiveMQ 5.16 and log4j
users@activemq.apache.org
Subject: Re: ActiveMQ 5.16.x Master/Slave topology question
On Tue, 2021-11-30 at 17:20:31 +0100, Vilius Šumskas wrote:
>[...]
> As an alternative, does anybody know if I can use non-HTTP SSL load balancer
> and set client URI to something like ssl://loadbalancer_ho
ome the new master
- your clients will automatically reconnect to brokerB
- you start brokerA, it's now a slave (as the lock is on brokerB)
Regards
JB
On 30/11/2021 09:45, Vilius Šumskas wrote:
> Thank you for your response!
>
> Just out of curiosity, what is this masterslave:() transpor
, whatever), and
you configure kahadb to point on the same filesystem in activemq.xml 2. On
client side, you can failover:(master,slave) on the brokerURL to allow client
to automatically switch to “new” master
Regards
JB
> Le 29 nov. 2021 à 21:54, Vilius Šumskas a
> écrit :
>
>
Hi,
I‘m trying to setup a simple ActiveMQ 5.16.x master/slave cluster using shared
filesystem option. I just need one broker running at any given time and a slave
for HA.
The filesystem part is clear and I have already configured it according to
ActiveMQ requirements.
What I don’t understand
67 matches
Mail list logo
