Skip to main content
Redhat Developers  Logo
  • Products

    Featured

    • Red Hat Enterprise Linux
      Red Hat Enterprise Linux Icon
    • Red Hat OpenShift AI
      Red Hat OpenShift AI
    • Red Hat Enterprise Linux AI
      Linux icon inside of a brain
    • Image mode for Red Hat Enterprise Linux
      RHEL image mode
    • Red Hat OpenShift
      Openshift icon
    • Red Hat Ansible Automation Platform
      Ansible icon
    • Red Hat Developer Hub
      Developer Hub
    • View All Red Hat Products
    • Linux

      • Red Hat Enterprise Linux
      • Image mode for Red Hat Enterprise Linux
      • Red Hat Universal Base Images (UBI)
    • Java runtimes & frameworks

      • JBoss Enterprise Application Platform
      • Red Hat build of OpenJDK
    • Kubernetes

      • Red Hat OpenShift
      • Microsoft Azure Red Hat OpenShift
      • Red Hat OpenShift Virtualization
      • Red Hat OpenShift Lightspeed
    • Integration & App Connectivity

      • Red Hat Build of Apache Camel
      • Red Hat Service Interconnect
      • Red Hat Connectivity Link
    • AI/ML

      • Red Hat OpenShift AI
      • Red Hat Enterprise Linux AI
    • Automation

      • Red Hat Ansible Automation Platform
      • Red Hat Ansible Lightspeed
    • Developer tools

      • Red Hat Trusted Software Supply Chain
      • Podman Desktop
      • Red Hat OpenShift Dev Spaces
    • Developer Sandbox

      Developer Sandbox
      Try Red Hat products and technologies without setup or configuration fees for 30 days with this shared Openshift and Kubernetes cluster.
    • Try at no cost
  • Technologies

    Featured

    • AI/ML
      AI/ML Icon
    • Linux
      Linux Icon
    • Kubernetes
      Cloud icon
    • Automation
      Automation Icon showing arrows moving in a circle around a gear
    • View All Technologies
    • Programming Languages & Frameworks

      • Java
      • Python
      • JavaScript
    • System Design & Architecture

      • Red Hat architecture and design patterns
      • Microservices
      • Event-Driven Architecture
      • Databases
    • Developer Productivity

      • Developer productivity
      • Developer Tools
      • GitOps
    • Secure Development & Architectures

      • Security
      • Secure coding
    • Platform Engineering

      • DevOps
      • DevSecOps
      • Ansible automation for applications and services
    • Automated Data Processing

      • AI/ML
      • Data Science
      • Apache Kafka on Kubernetes
      • View All Technologies
    • Start exploring in the Developer Sandbox for free

      sandbox graphic
      Try Red Hat's products and technologies without setup or configuration.
    • Try at no cost
  • Learn

    Featured

    • Kubernetes & Cloud Native
      Openshift icon
    • Linux
      Rhel icon
    • Automation
      Ansible cloud icon
    • Java
      Java icon
    • AI/ML
      AI/ML Icon
    • View All Learning Resources

    E-Books

    • GitOps Cookbook
    • Podman in Action
    • Kubernetes Operators
    • The Path to GitOps
    • View All E-books

    Cheat Sheets

    • Linux Commands
    • Bash Commands
    • Git
    • systemd Commands
    • View All Cheat Sheets

    Documentation

    • API Catalog
    • Product Documentation
    • Legacy Documentation
    • Red Hat Learning

      Learning image
      Boost your technical skills to expert-level with the help of interactive lessons offered by various Red Hat Learning programs.
    • Explore Red Hat Learning
  • Developer Sandbox

    Developer Sandbox

    • Access Red Hat’s products and technologies without setup or configuration, and start developing quicker than ever before with our new, no-cost sandbox environments.
    • Explore Developer Sandbox

    Featured Developer Sandbox activities

    • Get started with your Developer Sandbox
    • OpenShift virtualization and application modernization using the Developer Sandbox
    • Explore all Developer Sandbox activities

    Ready to start developing apps?

    • Try at no cost
  • Blog
  • Events
  • Videos

Red Hat AMQ 6.3 on OpenShift: Set up, connect SSL client, and configure logging

 

March 28, 2019
Chandra Shekhar Pandey
Related topics:
Kubernetes
Related products:
AMQ BrokerAMQ ClientsStreams for Apache KafkaRed Hat OpenShift

Share:

    In this article, we will discuss how to set up Red Hat AMQ 6.3 on OpenShift. We will also set up an external Camel-based SSL client to connect to AMQ Broker, a pure-Java multiprotocol message broker.

    By using the procedures in this article, you can easily set up the broker in your OpenShift environment and also set up a Camel-based client to quickly produce and consume messages. Also, you can change the log level to get verbose logs, thus getting a better understanding of the complete setup.

    I recommend using a source-to-image (s2i) approach for deploying Red Hat AMQ 6.x on OpenShift, but if you do not use an s2i  approach, this article will help you to configure logging to get verbose logs.  Note that the Red Hat AMQ image used here is ephemeral; it doesn't support persistence.

    A. Generate the keystore and truststore

    1. First, we have to generate the keystore and truststore.

    [cpandey@cpandey certificate_amq_15Feb]$ keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048
    [cpandey@cpandey certificate_amq_15Feb]$ keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks
    [cpandey@cpandey certificate_amq_15Feb]$ keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore clientkeystore.jks
    

    2. Add keystore.jks as a secret.

    [cpandey@cpandey certificate_amq_15Feb]$ oc login https://openshift.cpandey.lab.pnq2.cee.redhat.com:443 -u username -p password
    [cpandey@cpandey certificate_amq_15Feb]$ echo '{"kind": "ServiceAccount", "apiVersion": "v1", "metadata": {"name": "amq-service-account"}}' | oc create -f -
    [cpandey@cpandey certificate_amq_15Feb]$ oc policy add-role-to-user view system:serviceaccount:amq-demo:amq-service-account
    [cpandey@cpandey certificate_amq_15Feb]$ oc secrets new amq-app-secret keystore.jks
    [cpandey@cpandey certificate_amq_15Feb]$ oc secrets add sa/amq-service-account secret/amq-app-secret
    

    B. Set up the broker

    1. The OpenShift GUI can be used for the broker setup. I used template  JBoss A-MQ 6.3 (Ephemeral with SSL) from the catalog. The following four images show the information I had to fill in for the broker setup.

    Image 1
    Image-1
    Image 1

     

    Image 2
    Image-2
    Image 2

     

    Image 3
    Image-3
    Image 3

     

    Image 4
    Image-4
    Image 4

    2. If everything goes well, we will have a pod that was created and is in the running state and services will also be visible and accessible.

    [cpandey@cpandey certificate_amq_15Feb]$ oc get pod|grep broker123
    broker123-amq-1-pl8lb 1/1 Running 0 2m
    
    [cpandey@cpandey certificate_amq_15Feb]$ oc get service |grep broker123
    broker123-amq-amqp ClusterIP 172.30.187.55 none 5672/TCP 2m
    broker123-amq-amqp-ssl ClusterIP 172.30.84.222 none 5671/TCP 2m
    broker123-amq-mesh ClusterIP None none 61616/TCP 2m
    broker123-amq-mqtt ClusterIP 172.30.172.5 none 1883/TCP 2m
    broker123-amq-mqtt-ssl ClusterIP 172.30.245.237 none 8883/TCP 2m
    broker123-amq-stomp ClusterIP 172.30.172.21 none 61613/TCP 2m
    broker123-amq-stomp-ssl ClusterIP 172.30.177.0 none 61612/TCP 2m
    broker123-amq-tcp ClusterIP 172.30.222.183 none 61616/TCP 2m
    broker123-amq-tcp-ssl ClusterIP 172.30.215.39 none 61617/TCP 2m
    

    C. Set up an SSL Camel-based client

    1. To access the broker externally, an OpenShift route is required. You can create a route using the following command:

    [cpandey@cpandey certificate_amq_15Feb]$ oc create route passthrough --service broker123-amq-tcp-ssl
    
    [cpandey@cpandey certificate_amq_15Feb]$ oc get route|grep broker123
    broker123-amq-tcp-ssl broker123-amq-tcp-ssl-amq-demo.apps.cpandey.lab.pnq2.cee.redhat.com broker123-amq-tcp-ssl all passthrough None
    

    2. Once you have route, you can use my GitHub code as a client to test broker.
    The first message would fail, because there is an exception thrown explicitly and that route will try to redeliver the message 6 times. This message will be in dead letter queue (DLQ), which will be automatically created.

    3. The next step is to get more-verbose logs for better analysis of runtime issues. It is always recommended to use an s2i approach for configuration, so I created a log4j.properties file with following content. The content here is copied from the log4j.properties file from the /opt/amq/conf/ directory of the broker pod, and I changed only the first few lines of the configuration so that it won't impact other default logging. For more information, check the default log4j.properties of the pod at /opt/amq/conf.

    log4j.rootLogger=DEBUG, logfile, console
    
    # Or for more fine grained debug logging uncomment one of these
    log4j.logger.org.apache.activemq=DEBUG
    log4j.logger.org.apache.camel=DEBUG
    
    # Console appender
    log4j.appender.console=org.apache.log4j.ConsoleAppender
    log4j.appender.console.layout=org.apache.log4j.PatternLayout
    log4j.appender.console.layout.ConversionPattern=%d | %5p | %m%n
    log4j.appender.console.threshold=INFO
    
    # File appender
    log4j.appender.logfile=org.apache.log4j.RollingFileAppender
    log4j.appender.logfile.file=${activemq.base}/data/activemq.log
    log4j.appender.logfile.maxFileSize=1024KB
    log4j.appender.logfile.maxBackupIndex=5
    log4j.appender.logfile.append=true
    log4j.appender.logfile.layout=org.apache.log4j.PatternLayout
    log4j.appender.logfile.layout.ConversionPattern=%d | %-5p | %m | %c | %t%n
    log4j.throwableRenderer=org.apache.log4j.EnhancedThrowableRenderer
    
    ###########
    # Audit log
    ###########
    
    log4j.additivity.org.apache.activemq.audit=false
    log4j.logger.org.apache.activemq.audit=INFO, audit
    
    log4j.appender.audit=org.apache.log4j.RollingFileAppender
    log4j.appender.audit.file=${activemq.base}/data/audit.log
    log4j.appender.audit.maxFileSize=1024KB
    log4j.appender.audit.maxBackupIndex=5
    log4j.appender.audit.append=true
    log4j.appender.audit.layout=org.apache.log4j.PatternLayout
    log4j.appender.audit.layout.ConversionPattern=%-5p | %m | %t%n
    

    D. Change the log level to the debug mode of the broker

    1. Create ConfigMap to load the log4j.properties file.

    [cpandey@cpandey certificate_amq_15Feb]$ oc create configmap logconfig --from-file=./log4j.properties
    

    2. Modify the deployment configuration with a subpath so that we only mount log4j.properties at location /opt/amq/conf and leave the other configuration file intact. Edit the deployment configuration using the command shown below and append volumeMounts and volume entries in the deployment configuration. We can edit the deployment config from the OpenShift GUI console too.

    The mount configuration
    mount-configuration
    The mount configuration

    That's it; happy integration! I hope this article helps you to have a basic understanding of a standalone AMQ 6.x setup on OpenShift, how to set up SSL clients to connect the broker, and how to configure a debug-level log configuration to have more verbose logging so you can analyze runtime issues. This configuration can also be used to modify other broker configuration files.

    Here are other Red Hat AMQ articles that you might find helpful:

    • How to set up LDAP authentication for the Red Hat AMQ 7 message broker console
    • Setting up RBAC on Red Hat AMQ Broker
    • Scaling AMQ 7 Brokers with AMQ Interconnect
    • Automating AMQ 7 High Availability Deployment
    Last updated: November 17, 2023

    Recent Posts

    • GuideLLM: Evaluate LLM deployments for real-world inference

    • Unleashing multimodal magic with RamaLama

    • Integrate Red Hat AI Inference Server & LangChain in agentic workflows

    • Streamline multi-cloud operations with Ansible and ServiceNow

    • Automate dynamic application security testing with RapiDAST

    Red Hat Developers logo LinkedIn YouTube Twitter Facebook

    Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform

    Build

    • Developer Sandbox
    • Developer Tools
    • Interactive Tutorials
    • API Catalog

    Quicklinks

    • Learning Resources
    • E-books
    • Cheat Sheets
    • Blog
    • Events
    • Newsletter

    Communicate

    • About us
    • Contact sales
    • Find a partner
    • Report a website issue
    • Site Status Dashboard
    • Report a security problem

    RED HAT DEVELOPER

    Build here. Go anywhere.

    We serve the builders. The problem solvers who create careers with code.

    Join us if you’re a developer, software engineer, web designer, front-end designer, UX designer, computer scientist, architect, tester, product manager, project manager or team lead.

    Sign me up

    Red Hat legal and privacy links

    • About Red Hat
    • Jobs
    • Events
    • Locations
    • Contact Red Hat
    • Red Hat Blog
    • Inclusion at Red Hat
    • Cool Stuff Store
    • Red Hat Summit

    Red Hat legal and privacy links

    • Privacy statement
    • Terms of use
    • All policies and guidelines
    • Digital accessibility

    Report a website issue