search cancel

Facing issues with enabling SSL for JMX ActiveMQ in Performance Management DAs and DCs

book

Article ID: 252548

calendar_today

Updated On:

Products

DX NetOps

Issue/Introduction

I am following the steps detailed here: Configure the Data Aggregator to Use HTTPS Using the SSL Configuration Tool (broadcom.com) to enable SSL for JMX on the Data Aggregator and Data Collectors. I am having some issues - primarily that running <install_path>/scripts/sslConfig.sh restarts the activemq and dadaemon processes as part of execution, but the dadaemon process dies shortly after while activemq stays alive. I re-ran the script to disable SSL for JMX and tried starting it again but same issue - if activemq is active, dadaemon dies shortly after.

<install_path>/apache-karaf-4.3.3/data/karaf.out has the following:

OpenJDK 64-Bit Server VM warning: Ignoring option UnsyncloadClass; support was removed in 11.0OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.Exception in thread "JMX Connector Thread [service:jmx:rmi://127.0.0.1:44444/jndi/rmi://127.0.0.1:1099/karaf-root]" java.lang.RuntimeException: Could not start JMX connector server        at org.apache.karaf.management.ConnectorServerFactory.lambda$init$0(ConnectorServerFactory.java:438)        at java.base/java.lang.Thread.run(Unknown Source)Caused by: java.io.IOException: The server has been stopped.        at java.management.rmi/javax.management.remote.rmi.RMIConnectorServer.start(Unknown Source)        at org.apache.karaf.management.ConnectorServerFactory.lambda$init$0(ConnectorServerFactory.java:421)        ... 1 more

 

Adi

Any help in 

Environment

Release : 22.2.1

Cause

In DE544549, we found that when we did changes for 22.2.1 for preserving the keystore/truststore filenames, it broke setting up new installs.

 

The reason dadaemon didn't start up was caused by: com.vertica.support.exceptions.NonTransientConnectionException: [Vertica][VJDBC](100176) Failed to connect to host IVAPP1388096.NYP-LAB.MS.COM on port 5433. Reason: Failed to establish a connection to the primary server or any backup address.ERROR | ExtenderThread-1 | 2022-10-19T15:28:18,703 | shutdown | ces.shutdown.ShutdownManagerImpl 131 | ommon.core.services.impl | | Shutting down the data aggregator. The data aggregator can not be started until at least one data repository node is available.It was detected that no data repository nodes were contactable. The uncontactable hosts are:[IVAPP1388096.NYP-LAB.MS.COM]

Resolution

1. Find this line in IMDataAggregator/scripts/sslConfig.sh:

  cat $DA_HOME/apache-karaf-${KARAF_VER}/etc/jetty-https.xml | sed -e "s/@[email protected]/${STORE_PASS}/g" -e "s/@[email protected]/${HTTPS_PORT}/g" > $DA_HOME/apache-karaf-${KARAF_VER}/etc/jetty.xml

  and replace with:

  cat $DA_HOME/apache-karaf-${KARAF_VER}/etc/jetty-https.xml | sed -e "s/@[email protected]/keystore/g" -e "s/@[email protected]/${STORE_PASS}/g" -e "s/@[email protected]/truststore/g" -e     "s/@[email protected]/${STORE_PASS}/g" -e "s/@[email protected]/${HTTPS_PORT}/g" > $DA_HOME/apache-karaf-${KARAF_VER}/etc/jetty.xml

 

2. Same issue in DC sslConfig.sh, replace:

  cat $DC_HOME/apache-karaf/etc/jetty-https.xml | sed -e "s/@[email protected]/${STORE_PASS}/g" -e "s/@[email protected]/${STORE_PASS}/g" -e "s/@[email protected]/${HTTPS_PORT}/g" > $DC_HOME/apache-karaf/etc/jetty.xml
 
  With
 
  cat $DC_HOME/apache-karaf-${KARAF_VER}/etc/jetty-https.xml | sed -e "s/@[email protected]/keystore/g" -e "s/@[email protected]/${STORE_PASS}/g" -e "s/@[email protected]/truststore/g" -e   "s/@[email protected]/${STORE_PASS}/g" -e "s/@[email protected]/${HTTPS_PORT}/g" > $DC_HOME/apache-karaf-${KARAF_VER}/etc/jetty.xml

 

3. Run sslConfig.sh to configure HTTPS/JMX SSL correctly