Use different security domains for TLS and JMX #559

lordigon · 2023-04-05T09:51:06Z

lordigon
Apr 5, 2023

I read from your documentation that is possible use different security domains for SSL connections and other connections such as Jolokia ones (via user name and password). Currently I created a custom JAAS module to manage TLS but I have some question on how to configure this behaviour.
I created a custom login config mapped as secret inside my cluster

activemq {
    com.test.jaas.TestCertificateLoginModule required
        debug=true
        reload=true
        com.test.jaas.roles="test.jaas-roles.properties"
        com.test.jaas.identity-constraints-issuer-cn="test-identity-constraints-issuer-cn.properties";
};

and I get this value from bootstrap.xml inside Artemis broker container

<broker xmlns="http://activemq.apache.org/schema">

   <jaas-security domain="activemq"/>
   <server configuration="file:/home/jboss/amq-broker/etc//broker.xml"/>

   <!-- The web server is only bound to localhost by default -->
   <web customizer="org.eclipse.jetty.server.ForwardedRequestCustomizer" path="web" rootRedirectLocation="console">
       <binding uri="http://exoo-ss-0.exoo-hdls-svc.oneconnectivity.svc.cluster.local:8161">
           <app url="activemq-branding" war="activemq-branding.war"/>
           <app url="artemis-plugin" war="artemis-plugin.war"/>
           <app url="console" war="console.war"/>
       </binding>
   </web>
</broker>

So what I would like to do is use classic username and password for everything related to JMX (e.g Jolokia and web console) and use my custom JAAS module for TLS connections.
If I'm not wrong I have to create two different domains inside bootstrap.xml

<jaas-security domain="PropertiesLogin" certificate-domain="CertLogin"/>

and change my login.config file with something like

PropertiesLogin {
   org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule required
       debug=false
       org.apache.activemq.jaas.properties.user="artemis-users.properties"
       org.apache.activemq.jaas.properties.role="artemis-roles.properties";
};

CertLogin {
   com.test.jaas.TestCertificateLoginModule required
        debug=true
        reload=true
        com.test.jaas.roles="test.jaas-roles.properties"
        com.test.jaas.identity-constraints-issuer-cn="test-identity-constraints-issuer-cn.properties";
};

Is this correct?
What is the right approach to change bootstrap.xml? Is it possible via Artemis Cluster CRD or I need to change my custom init image to modify bootstrap.xml?

Answered by brusdev

Apr 6, 2023

@lordigon ActiveMQ Artemis use the jaas domain defined in the bootstrap.xml (jaas-security domain="activemq") file as default jaas domain to authenticate and authorize acceptor connections and the jaas domain defined in the artemis.profile file (-Dhawtio.realm=activemq) to authenticate and authorize console/jolokia connections.

You can define TestCertificateLoginModule in the activemq domain and PropertiesLoginModule in another domain, in this way you don't need to change he bootstrap.xml file, i.e

my-jaas-config

kind: ConfigMap
apiVersion: v1
metadata:
  name: cert-jaas-config
data:
  artemis-users.properties: |
    admin=admin
  artemis-roles.properties: |
    amq=admin
  login.config: …

View full answer

brusdev · 2023-04-06T15:45:43Z

brusdev
Apr 6, 2023
Maintainer

@lordigon ActiveMQ Artemis use the jaas domain defined in the bootstrap.xml (jaas-security domain="activemq") file as default jaas domain to authenticate and authorize acceptor connections and the jaas domain defined in the artemis.profile file (-Dhawtio.realm=activemq) to authenticate and authorize console/jolokia connections.

You can define TestCertificateLoginModule in the activemq domain and PropertiesLoginModule in another domain, in this way you don't need to change he bootstrap.xml file, i.e

my-jaas-config

kind: ConfigMap
apiVersion: v1
metadata:
  name: cert-jaas-config
data:
  artemis-users.properties: |
    admin=admin
  artemis-roles.properties: |
    amq=admin
  login.config: |-
    console {
       org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule required
           debug=false
           org.apache.activemq.jaas.properties.user="artemis-users.properties"
           org.apache.activemq.jaas.properties.role="artemis-roles.properties";
    };
    
    activemq {
       com.test.jaas.TestCertificateLoginModule required
            debug=true
            reload=true
            com.test.jaas.roles="test.jaas-roles.properties"
            com.test.jaas.identity-constraints-issuer-cn="test-identity-constraints-issuer-cn.properties";
    };

apiVersion: broker.amq.io/v1beta1
kind: ActiveMQArtemis
metadata:
  name: artemis-cert-broker
spec:
  deploymentPlan:
    extraMounts:
      configMaps:
        - my-jaas-config
  env:
    - name: JAVA_ARGS_APPEND
      value: -Dhawtio.realm=console -Djava.security.auth.login.config=/amq/extra/configmaps/my-jaas-config/login.config

12 replies

brusdev May 5, 2023
Maintainer

@lordigon your config LGTM, could you try the following working config?

apiVersion: broker.amq.io/v1beta1
kind: ActiveMQArtemis
metadata:
  name: artemis-split
spec:
  adminUser: admin
  adminPassword: admin
  deploymentPlan:
    extraMounts:
      secrets:
        - split-jaas-config
  env:
    - name: JAVA_ARGS_APPEND
      value: -Djavax.net.debug=all -Dhawtio.realm=console -Djava.security.auth.login.config=/amq/extra/secrets/split-jaas-config/login.config
  acceptors:
  - name: my-acceptor
    protocols: CORE
    port: 61626
    expose: true
    sslEnabled: true
    enabledProtocols: TLSv1.2
  console:
    expose: true
  brokerProperties:
    - 'acceptorConfigurations.my-acceptor.extraParams.securityDomain=activemq'

kind: Secret
apiVersion: v1
metadata:
  name: split-jaas-config
type: Opaque
stringData:
  artemis-users.properties: |
    admin=admin
  artemis-roles.properties: |
    amq=admin
  cert-users.properties: |
    admin=CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, ST=AMQ, C=AMQ
  cert-roles.properties: |
    amq=admin
  login.config: |-
    console {
       org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule required
           debug=false
           org.apache.activemq.jaas.properties.user="artemis-users.properties"
           org.apache.activemq.jaas.properties.role="artemis-roles.properties";
    };
    
    activemq {
        org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule sufficient
            debug=true
            org.apache.activemq.jaas.textfiledn.user="cert-users.properties"
            org.apache.activemq.jaas.textfiledn.role="cert-roles.properties";
    };

kind: Secret
apiVersion: v1
metadata:
  name: artemis-split-my-acceptor-secret
data:
  broker.ks: >-
    /u3+7QAAAAIAAAACAAAAAQAGc2VydmVyAAABexh/uNIAAAUBMIIE/TAOBgorBgEEASoCEQEBBQAEggTph4O27sSdwKlhdiQUYMyGR0YWqKbreH+OQQriB3+EcYISk0t15ygl2Ajf5ISLIU766uhGUx4Vf0IT3yvXw3HHRq7rGWOWA2+cF6tNYyp8vC+NxDDLBpgPcCnLHFfbKNdFR3C8iryEAC97j1r5mTQqR51Ccxp7VQhLpexveSJQhRwV3GgsIzHTY8LPEY6565jbZ9FTD9FbTC5Unx4lOPz6IRaQWJMfOE5NDxSq0Mh6fA2QXt59VsMxhqLMhZuwivw3RkPyaUmRdoZAAtNbSEIjhthXztA0kLCC+Y5Pdje8i0TczAIjOByr3oSCLzRbNtN90aSo0uPjw24lb1lmg1oUpjWICxmxDeRxKIGaVlfgs7CFJ71W86Yy0OqJzBvoJRqvsE1gieAxnfk9Qp939Dtj2jAqaw9VWrYSjN9mNxPs7orsJwZNoVVgBJA81c5J68uqhLl5wdRJZgdfEJnKZ1UYkdElQB4e7jgj9vGu6F2n533pyxzDKnbvXbfO5+U00S0LdgRwnA8pSNYx7gyrRBOLl24ZpQkWba7ErURYbrPwM+UCHMxe9XE+INJR6pXXruPR02AuxofV4z5phvxDLGqm8vuBAASOh7sSDTaUcWXIn7egfYXB9mCOzbEkO2cahvEJCq1touONRGpO0eb6YAI32IgwOjNy6nrU/I6JRJXfkLH857adpzSp6leZhPF63jNfBEnfzYnaennQ2tBtBgZzwwAuNlXrO45Ga+7BAyEUVX8wnzCalZGr6xQHNyMU1Qt+H8DY+27YthI4lqbTrmzn0rJAkGJnmIAcLba1qIV6GFS0FMkK1yBCfreVLasIvO/bMBEhw4TAxfxLMcCkU60B+hK3PEXB3f+Rq/JMzmaYyzJyoduCmI7ODwBS8cJlYPgOIfFBzm1A14SqFT4WuoYqOUBkIZ0mGb5tlw6qgrsmoiPhjD122a/xrXeCwzIWpUGZ0XaVvGkaJekPhwElai2XYOX2ZxRb9qDxaLx0qdSMGTkHEyaOILJQBnGBUC4ewHPiwr5DjeV7n69LArGa6Rzwh7+LZq98JynBmY3Xt87mE91zqh8LrtT8DhEMo3QiquXCV8Os8L+/R6FsTiUX4Vc/HN6r/1ylYh+vq4+HIXEnRPt6u9HGbwDTz+HDFg49nxPC3XNVzO2G4jCRcRKSQw1YReMVfzrurO1/GpBID7hxqG1ThIVNuEJRNQQFfs2IGmx7DdIwVEryXAQDzDE8I2cV0mbPiLWifY7NPVZw3cjEIbM3vj6KXltCgJHUwbM2WvYI8UTyz14lh0Slocye8JVHIe9lu3zmfLhi1+WAH2OZaQtcryx6OIBXm271HPIbzunw/R/c2VBEGaDm+Xh6i1tcZKrhf0xbpYjOfTTztp2P25MsSdtkXzBNJ4uql/RSkn45+ncwWIu9KiRq1g/XAqM9LDW7V8/1gGfLekfi4fpUCLgtrDLSeCcr4V5KbLvBxCuTfc4qw6/tJqa4HHv51aNbCeCbuzfrBXGSoFgoWf/yb+Tg4iVOtiRHKCob9/c6G8V+2sSU7Pl570nrEUuKPDw2Mtft+1m7qPKwqbq0wpYBMCpUHEeiFpXxhK11O+e8qeCEuzHydvdCYxbVozMMEboedpVbvo56WcJ0UIjSg+RW+MNW1dQFwa70RU1MQ9KsRW4CbypQ1PadplstAAAAAgAFWC41MDkAAAPsMIID6DCCAtCgAwIBAgIEIb1UHzANBgkqhkiG9w0BAQsFADBfMREwDwYDVQQKEwhBY3RpdmVNUTEQMA4GA1UECxMHQXJ0ZW1pczE4MDYGA1UEAxMvQWN0aXZlTVEgQXJ0ZW1pcyBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMjEwODA1MjI0NzA2WhgPMjEyMTA3MTIyMjQ3MDZaMHExDDAKBgNVBAYTA0FNUTEMMAoGA1UECBMDQU1RMQwwCgYDVQQHEwNBTVExETAPBgNVBAoTCEFjdGl2ZU1RMRAwDgYDVQQLEwdBcnRlbWlzMSAwHgYDVQQDExdBY3RpdmVNUSBBcnRlbWlzIFNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALRM6DT86vllpuDwLARz5Pgl9cpIzDPjUcAol6H+PhXVB2/mVLhYuGMVQq0kUyWuGNp25gL6czTkkiW33HJ6Cq5HoCudI/GF9GoWFfQCPi2Y5IKJbdYyIoI4giUxRKAsqsYC44O+6H4UKrARTrVuz9kBA+wFM5rym3tqARbJ5MaOYHuXxkS/iMPTLc7WtP4tYbvobjbgRk/4IzTB44NFdYRWD/9mfYe+Gjlcv8YGD2NEY3pAKcaurEq7C7B11lfibYp1o2m21Cc+abqXssqTc6Muj2mLrESN4ebO4w6SodZ332UVuKo24GgDu+pZeHjLHYe4cRkPTGvG/8CC4ygvSZkCAwEAAaOBlzCBlDAfBgNVHSMEGDAWgBSD2llvJVse39vTxx3xQXKp+1Om+jAJBgNVHRMEAjAAMEcGA1UdEQRAMD6CCWxvY2FsaG9zdIIVbG9jYWxob3N0LmxvY2FsZG9tYWlughRhcnRlbWlzLmxvY2FsdGVzdC5tZYcEfwAAATAdBgNVHQ4EFgQU3J8Ct30RyQ15p7ekflkV8IJspPUwDQYJKoZIhvcNAQELBQADggEBAFaKiId3xsHvbgUDNsrFXkJx76OA97E0fTsAsCK4XdA3fnh5fMh/W+f/DOHQ6e4qxK4LPV8o82KcfKXDzDvueVvKIkbYjX1vTo9FCnqNvgNLDUxKk6Ph7lHOFhNq+zSPtVHsCs5EiW9e3lbptjw0LBAbW4joQ4y6IP3JZIx5zdUkCfAPzgiRWN4LugpQ8ZMuFXGOWzP8nWzZTJrsWXyPk9WPQTuoq4cuZandFgyniRnCmrSF6NzY9t6PmNguXkjfMw9rLXYdl6uLrHFBbN1G2ZBR0Img88aJloZaNs9f/WpL4rnaNQtP+VwV1dn22R1Kh/h7Ih8r1CWf3/0yKjqX2IoABVguNTA5AAADdDCCA3AwggJYoAMCAQICBFQjrcIwDQYJKoZIhvcNAQELBQAwXzERMA8GA1UEChMIQWN0aXZlTVExEDAOBgNVBAsTB0FydGVtaXMxODA2BgNVBAMTL0FjdGl2ZU1RIEFydGVtaXMgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIxMDgwNTIyNDcwM1oYDzMwMjAxMjA2MjI0NzAzWjBfMREwDwYDVQQKEwhBY3RpdmVNUTEQMA4GA1UECxMHQXJ0ZW1pczE4MDYGA1UEAxMvQWN0aXZlTVEgQXJ0ZW1pcyBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYRlaCSUXLtzgJQ1+Q1CNlkBMJtsM4PIfRhwH/0C1HHRJRh7Q87k7BbUwL1ZPPcydw2OKnpw9mdDOVrwS82vV8W/KsQWVCAzdvR/rQ4wwnUfjFl2Na6cJFdNeq8APSgBv5r81DuLK09deNqm3wYc2I3Tw+8cbNddbG2CEFVdJ+SrUtUn8SzzI6QFNIBW+Mgo4SffbK2TmKJ3PbY0SxU7vw7G5pv6r226pC5lUlLc2dJKJOUvsAKHWolm1JQbH7s1GrTXnoMAEPSFuWrOlN4X9Vep2zn2bry+sllXf0xGybpNnwVa5uIt+muuYoyyH8NE4NbGEncMYaCaQARVCbfykNAgMBAAGjMjAwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIPaWW8lWx7f29PHHfFBcqn7U6b6MA0GCSqGSIb3DQEBCwUAA4IBAQAMFDX6aJwfdQuX6u8R2JYQnhJmdYCDmbZ9aEvjQKVamFMLT3mCJu4HMGnSTw6gGPtsp23hkYksu+v8R+ztGcAJB9yZkTRD1bfKh7TNtyB+QVT90z6VT6rBD4tp8XOjkXToHlkYNcOZZ3g40Ail7pjrz/s2CgkaP0nKB4Xg//BIYyw6E7le0lF78CAuAxgU5s2My9HseYLnFGHLfUyx1PLzapJ9FCf1qrYmfFHnua6/pCkUsk9AnE4k+VXzXSd/1DCMSlHWeyTeYiLPuQVIwZ9yO8eyofq25kdK8kq2h683Zdi0yyKyVfdTxDPrYWvFplL8LDXEyugdBBc/VF2PnLYzAAAAAgAJc2VydmVyLWNhAAABexh/uNMABVguNTA5AAADdDCCA3AwggJYoAMCAQICBFQjrcIwDQYJKoZIhvcNAQELBQAwXzERMA8GA1UEChMIQWN0aXZlTVExEDAOBgNVBAsTB0FydGVtaXMxODA2BgNVBAMTL0FjdGl2ZU1RIEFydGVtaXMgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIxMDgwNTIyNDcwM1oYDzMwMjAxMjA2MjI0NzAzWjBfMREwDwYDVQQKEwhBY3RpdmVNUTEQMA4GA1UECxMHQXJ0ZW1pczE4MDYGA1UEAxMvQWN0aXZlTVEgQXJ0ZW1pcyBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYRlaCSUXLtzgJQ1+Q1CNlkBMJtsM4PIfRhwH/0C1HHRJRh7Q87k7BbUwL1ZPPcydw2OKnpw9mdDOVrwS82vV8W/KsQWVCAzdvR/rQ4wwnUfjFl2Na6cJFdNeq8APSgBv5r81DuLK09deNqm3wYc2I3Tw+8cbNddbG2CEFVdJ+SrUtUn8SzzI6QFNIBW+Mgo4SffbK2TmKJ3PbY0SxU7vw7G5pv6r226pC5lUlLc2dJKJOUvsAKHWolm1JQbH7s1GrTXnoMAEPSFuWrOlN4X9Vep2zn2bry+sllXf0xGybpNnwVa5uIt+muuYoyyH8NE4NbGEncMYaCaQARVCbfykNAgMBAAGjMjAwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIPaWW8lWx7f29PHHfFBcqn7U6b6MA0GCSqGSIb3DQEBCwUAA4IBAQAMFDX6aJwfdQuX6u8R2JYQnhJmdYCDmbZ9aEvjQKVamFMLT3mCJu4HMGnSTw6gGPtsp23hkYksu+v8R+ztGcAJB9yZkTRD1bfKh7TNtyB+QVT90z6VT6rBD4tp8XOjkXToHlkYNcOZZ3g40Ail7pjrz/s2CgkaP0nKB4Xg//BIYyw6E7le0lF78CAuAxgU5s2My9HseYLnFGHLfUyx1PLzapJ9FCf1qrYmfFHnua6/pCkUsk9AnE4k+VXzXSd/1DCMSlHWeyTeYiLPuQVIwZ9yO8eyofq25kdK8kq2h683Zdi0yyKyVfdTxDPrYWvFplL8LDXEyugdBBc/VF2PnLYzJkYYB7zM7fQwXqnkYhUZAk8pwUM=
  client.ts: >-
    /u3+7QAAAAIAAAABAAAAAgAJY2xpZW50LWNhAAABexh/4KIABVguNTA5AAADdDCCA3AwggJYoAMCAQICBHd2PiwwDQYJKoZIhvcNAQELBQAwXzERMA8GA1UEChMIQWN0aXZlTVExEDAOBgNVBAsTB0FydGVtaXMxODA2BgNVBAMTL0FjdGl2ZU1RIEFydGVtaXMgQ2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIxMDgwNTIyNDcxN1oYDzMwMjAxMjA2MjI0NzE3WjBfMREwDwYDVQQKEwhBY3RpdmVNUTEQMA4GA1UECxMHQXJ0ZW1pczE4MDYGA1UEAxMvQWN0aXZlTVEgQXJ0ZW1pcyBDbGllbnQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf8s5tfHnara0Gc0qtw7VdaQjXxBhfH6AQ/XbTOzHMF6FtTzWWTEq6wqoUuP1Y4WLob67O3ZRQ+RMNV+C4eFgH9e7LlZ6gU7DWEk40WkKVQ/sTW3/4ul/F7ScFtyTvZ4zvNa6Qr0np4rB+SJlOy5yBZlNgmU2H+J/OsxEJDkw+Q+lz1Q/d6QevnfgBu5/Ka/aYtia2fPduufIfDn/UbLe+AANnO8z1NQ9ocOSgCcuocOmCssSZNGFXtf8qjMhZypO2c/bmZnuki+yQQhnD+yrOPbJMgcfL3jIesjNCu5kapmEGJBeGFtEgilegLYpYVTvF3RURjaqy2t3jY36sysXZAgMBAAGjMjAwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMFVcOyZypHdV4FG7MdubG6tIrIkMA0GCSqGSIb3DQEBCwUAA4IBAQAwx0Va758YclLMAghBUYoUiMSwtxeDHm+qqDTwqPRxrKDHLXp+rCpuPJ1zp4VSJ81/jgpIBh4x5eN7Z2kjFQuZp1T9PHEY6MsWcsX8CnfxV6zVWCvB/GgCKls1xrmZCd7s2ov+XpnXBRmGqWd+Ef5AZWLDuakw6mluI/DZ3JJ7tbpMY/V6Kbv87nZVQwhYysJw8Ztu2kkTu0f4cfKAwsnpz2Xv4DFtKvCyvAjpPQLslxGUipbkkrBj9KIXkzUU0xKT0JaKvgOLdecRgxi0BBp5/gesacwi10nRozUcWgfglJd5TTBAkoKZlxay8uuk3pae3AcSl5Q/ptqJYNDJArHL7LLVTX/vGgj573ElpUY28iUqnuY=
  keyStorePassword: c2VjdXJlcGFzcw==
  trustStorePassword: c2VjdXJlcGFzcw==
type: Opaque

lordigon May 8, 2023
Author

@brusdev Same issue. These are the logs taken from the operator POD

2023-05-08T09:52:03.084Z    INFO    Trying finding pod artemis-split-ss-0    {"Request.Namespace": "oneconnectivity", "Request.Name": "artemis-split"}
2023-05-08T09:52:03.084Z    INFO    Pod found    {"Request.Namespace": "oneconnectivity", "Request.Name": "artemis-split", "Namespace": "oneconnectivity", "Name": "artemis-split"}
2023-05-08T09:52:03.084Z    INFO    package k8s_actions    Retrieving *v1.Secret    {"ActiveMQArtemis Name": "artemis-split-jolokia-secret"}
2023-05-08T09:52:03.084Z    INFO    package secrets    No secret found    {"name": "artemis-split-jolokia-secret"}
2023-05-08T09:52:03.084Z    INFO    package k8s_actions    Retrieving *v1.Secret    {"ActiveMQArtemis Name": "artemis-split-credentials-secret"}
2023-05-08T09:52:03.085Z    INFO    package k8s_actions    Retrieving *v1.Secret    {"ActiveMQArtemis Name": "artemis-split-credentials-secret"}
2023-05-08T09:52:03.085Z    INFO    New Jolokia with     {"Request.Namespace": "oneconnectivity", "Request.Name": "artemis-split", "User: ": "admin", "Protocol: ": "http", "broker ip": "10.244.0.9"}
2023-05-08T09:52:03.085Z    INFO    Finally we gathered some mgmt array    {"Request.Namespace": "oneconnectivity", "Request.Name": "artemis-split", "size": 1}
2023-05-08T09:52:03.129Z    INFO    unknown status reported from Jolokia.    {"ActiveMQArtemis Name": "artemis-split", "IP": "10.244.0.9", "Ordinal": "0", "error": "EOF"}
2023-05-08T09:52:03.129Z    INFO    Now retrieve ss    {"Request.Namespace": "oneconnectivity", "Request.Name": "artemis-split", "order": 0, "ssName": {"namespace": "oneconnectivity", "name": "artemis-split-ss"}}
2023-05-08T09:52:03.130Z    INFO    package statefulsets    Retrieving StatefulSet artemis-split-ss    {"ActiveMQArtemis Name": "artemis-split-ss"}
2023-05-08T09:52:03.130Z    INFO    Statefulset: artemis-split-ss found    {"Request.Namespace": "oneconnectivity", "Request.Name": "artemis-split"}
2023-05-08T09:52:03.130Z    INFO    finding pods in ss    {"Request.Namespace": "oneconnectivity", "Request.Name": "artemis-split", "replicas": 1}
2023-05-08T09:52:03.130Z    INFO    Trying finding pod artemis-split-ss-0    {"Request.Namespace": "oneconnectivity", "Request.Name": "artemis-split"}
2023-05-08T09:52:03.130Z    INFO    Pod found    {"Request.Namespace": "oneconnectivity", "Request.Name": "artemis-split", "Namespace": "oneconnectivity", "Name": "artemis-split"}
2023-05-08T09:52:03.130Z    INFO    package k8s_actions    Retrieving *v1.Secret    {"ActiveMQArtemis Name": "artemis-split-jolokia-secret"}
2023-05-08T09:52:03.130Z    INFO    package secrets    No secret found    {"name": "artemis-split-jolokia-secret"}
2023-05-08T09:52:03.130Z    INFO    package k8s_actions    Retrieving *v1.Secret    {"ActiveMQArtemis Name": "artemis-split-credentials-secret"}
2023-05-08T09:52:03.131Z    INFO    package k8s_actions    Retrieving *v1.Secret    {"ActiveMQArtemis Name": "artemis-split-credentials-secret"}
2023-05-08T09:52:03.131Z    INFO    New Jolokia with     {"Request.Namespace": "oneconnectivity", "Request.Name": "artemis-split", "User: ": "admin", "Protocol: ": "http", "broker ip": "10.244.0.9"}
2023-05-08T09:52:03.131Z    INFO    Finally we gathered some mgmt array    {"Request.Namespace": "oneconnectivity", "Request.Name": "artemis-split", "size": 1}
2023-05-08T09:52:03.133Z    INFO    unknown status reported from Jolokia.    {"ActiveMQArtemis Name": "artemis-split", "IP": "10.244.0.9", "Ordinal": "0", "error": "EOF"}
2023-05-08T09:52:03.133Z    INFO    Pods status unchanged    {"ActiveMQArtemis Name": "artemis-split"}
2023-05-08T09:52:03.142Z    INFO    resource successfully reconciled    {"Request.Namespace": "oneconnectivity", "Request.Name": "artemis-split", "Reconciling": "ActiveMQArtemis"}
2023-05-08T09:52:03.142Z    INFO    resource has extraMounts, requeuing for periodic sync    {"Request.Namespace": "oneconnectivity", "Request.Name": "artemis-split", "Reconciling": "ActiveMQArtemis"}
2023-05-08T09:52:03.144Z    INFO    controller_v1beta1activemqartemis    Reconciler Processing...    {"Operator version": "1.0.11", "ActiveMQArtemis release": ""}
2023-05-08T09:52:03.144Z    INFO    controller_v1beta1activemqartemis    Reconciler Processing...    {"CRD.Name": "artemis-split", "CRD ver": "4831", "CRD Gen": 1}
2023-05-08T09:52:03.144Z    INFO    controller_v1beta1activemqartemis    currentDeployedResources    {"ActiveMQArtemis Name": "artemis-split"}
2023-05-08T09:52:03.144Z    INFO    package environments    environment is not openshift
2023-05-08T09:52:03.144Z    INFO    controller_v1beta1activemqartemis    Deployed     {"ActiveMQArtemis Name": "artemis-split", "Type": "v1.Ingress", "Name": "artemis-split-wconsj-0-svc-ing"}
2023-05-08T09:52:03.144Z    INFO    controller_v1beta1activemqartemis    Deployed     {"ActiveMQArtemis Name": "artemis-split", "Type": "v1.Ingress", "Name": "artemis-split-my-acceptor-0-svc-ing"}
2023-05-08T09:52:03.144Z    INFO    controller_v1beta1activemqartemis    Deployed     {"ActiveMQArtemis Name": "artemis-split", "Type": "v1.Secret", "Name": "artemis-split-props"}
2023-05-08T09:52:03.144Z    INFO    controller_v1beta1activemqartemis    Deployed     {"ActiveMQArtemis Name": "artemis-split", "Type": "v1.Secret", "Name": "artemis-split-credentials-secret"}
2023-05-08T09:52:03.144Z    INFO    controller_v1beta1activemqartemis    Deployed     {"ActiveMQArtemis Name": "artemis-split", "Type": "v1.Secret", "Name": "artemis-split-netty-secret"}
2023-05-08T09:52:03.144Z    INFO    controller_v1beta1activemqartemis    Deployed     {"ActiveMQArtemis Name": "artemis-split", "Type": "v1.Service", "Name": "artemis-split-my-acceptor-0-svc"}
2023-05-08T09:52:03.144Z    INFO    controller_v1beta1activemqartemis    Deployed     {"ActiveMQArtemis Name": "artemis-split", "Type": "v1.Service", "Name": "artemis-split-wconsj-0-svc"}
2023-05-08T09:52:03.144Z    INFO    controller_v1beta1activemqartemis    Deployed     {"ActiveMQArtemis Name": "artemis-split", "Type": "v1.Service", "Name": "artemis-split-ping-svc"}
2023-05-08T09:52:03.144Z    INFO    controller_v1beta1activemqartemis    Deployed     {"ActiveMQArtemis Name": "artemis-split", "Type": "v1.Service", "Name": "artemis-split-hdls-svc"}
2023-05-08T09:52:03.144Z    INFO    controller_v1beta1activemqartemis    Deployed     {"ActiveMQArtemis Name": "artemis-split", "Type": "v1.StatefulSet", "Name": "artemis-split-ss"}
2023-05-08T09:52:03.145Z    INFO    controller_v1beta1activemqartemis    Reconciling desired statefulset    {"name": "oneconnectivity/artemis-split-ss", "current": "&StatefulSet{ObjectMeta:{artemis-split-ss  oneconnectivity  cf10d548-2076-4194-8a4a-a6b1c90c7d5c 4829 2 2023-05-08 09:43:25 +0000 UTC <nil> <nil> map[ActiveMQArtemis:artemis-split application:artemis-split-app] map[kubectl.kubernetes.io/last-applied-configuration:{\"apiVersion\":\"broker.amq.io/v1beta1\",\"kind\":\"ActiveMQArtemis\",\"metadata\":{\"annotations\":{},\"name\":\"artemis-split\",\"namespace\":\"oneconnectivity\"},\"spec\":{\"acceptors\":[{\"enabledProtocols\":\"TLSv1.2\",\"expose\":true,\"name\":\"my-acceptor\",\"port\":61626,\"protocols\":\"CORE\",\"sslEnabled\":true}],\"adminPassword\":\"admin\",\"adminUser\":\"admin\",\"brokerProperties\":[\"acceptorConfigurations.my-acceptor.extraParams.securityDomain=activemq\"],\"console\":{\"expose\":true},\"deploymentPlan\":{\"extraMounts\":{\"secrets\":[\"split-jaas-config\"]}},\"env\":[{\"name\":\"JAVA_ARGS_APPEND\",\"value\":\"-Djavax.net.debug=all -Dhawtio.realm=console -Djava.security.auth.login.config=/amq/extra/secrets/split-jaas-config/login.config\"}]}}\n] [{broker.amq.io/v1beta1 ActiveMQArtemis artemis-split aa507b70-cb7e-4406-8407-4c82ca36abe4 0xc0007033d8 <nil>}] []  [{activemq-artemis-operator Update apps/v1 2023-05-08 09:51:26 +0000 UTC FieldsV1 {\"f:metadata\":{\"f:annotations\":{\".\":{},\"f:kubectl.kubernetes.io/last-applied-configuration\":{}},\"f:labels\":{\".\":{},\"f:ActiveMQArtemis\":{},\"f:application\":{}},\"f:ownerReferences\":{\".\":{},\"k:{\\\"uid\\\":\\\"aa507b70-cb7e-4406-8407-4c82ca36abe4\\\"}\":{}}},\"f:spec\":{\"f:podManagementPolicy\":{},\"f:replicas\":{},\"f:revisionHistoryLimit\":{},\"f:selector\":{},\"f:serviceName\":{},\"f:template\":{\"f:metadata\":{\"f:labels\":{\".\":{},\"f:ActiveMQArtemis\":{},\"f:application\":{}}},\"f:spec\":{\"f:affinity\":{},\"f:containers\":{\"k:{\\\"name\\\":\\\"artemis-split-container\\\"}\":{\".\":{},\"f:command\":{},\"f:env\":{\".\":{},\"k:{\\\"name\\\":\\\"AMQ_ACCEPTORS\\\"}\":{\".\":{},\"f:name\":{},\"f:valueFrom\":{\".\":{},\"f:secretKeyRef\":{}}},\"k:{\\\"name\\\":\\\"AMQ_ADDRESSES\\\"}\":{\".\":{},\"f:name\":{}},\"k:{\\\"name\\\":\\\"AMQ_ANYCAST_PREFIX\\\"}\":{\".\":{},\"f:name\":{}},\"k:{\\\"name\\\":\\\"AMQ_CLUSTERED\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"AMQ_CLUSTER_PASSWORD\\\"}\":{\".\":{},\"f:name\":{},\"f:valueFrom\":{\".\":{},\"f:secretKeyRef\":{}}},\"k:{\\\"name\\\":\\\"AMQ_CLUSTER_USER\\\"}\":{\".\":{},\"f:name\":{},\"f:valueFrom\":{\".\":{},\"f:secretKeyRef\":{}}},\"k:{\\\"name\\\":\\\"AMQ_CONNECTORS\\\"}\":{\".\":{},\"f:name\":{},\"f:valueFrom\":{\".\":{},\"f:secretKeyRef\":{}}},\"k:{\\\"name\\\":\\\"AMQ_ENABLE_JOLOKIA_AGENT\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"AMQ_ENABLE_MANAGEMENT_RBAC\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"AMQ_ENABLE_METRICS_PLUGIN\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"AMQ_EXTRA_ARGS\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"AMQ_GLOBAL_MAX_SIZE\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"AMQ_JOURNAL_TYPE\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"AMQ_MULTICAST_PREFIX\\\"}\":{\".\":{},\"f:name\":{}},\"k:{\\\"name\\\":\\\"AMQ_NAME\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"AMQ_PASSWORD\\\"}\":{\".\":{},\"f:name\":{},\"f:valueFrom\":{\".\":{},\"f:secretKeyRef\":{}}},\"k:{\\\"name\\\":\\\"AMQ_QUEUES\\\"}\":{\".\":{},\"f:name\":{}},\"k:{\\\"name\\\":\\\"AMQ_REQUIRE_LOGIN\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"AMQ_ROLE\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"AMQ_TRANSPORTS\\\"}\":{\".\":{},\"f:name\":{}},\"k:{\\\"name\\\":\\\"AMQ_USER\\\"}\":{\".\":{},\"f:name\":{},\"f:valueFrom\":{\".\":{},\"f:secretKeyRef\":{}}},\"k:{\\\"name\\\":\\\"CONFIG_BROKER\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"CONFIG_INSTANCE_DIR\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"DEBUG_ARGS\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"JAVA_ARGS_APPEND\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"OPENSHIFT_DNS_PING_SERVICE_PORT\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"PING_SVC_NAME\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"POD_NAMESPACE\\\"}\":{\".\":{},\"f:name\":{}},\"k:{\\\"name\\\":\\\"TRIGGERED_ROLL_COUNT\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}}},\"f:image\":{},\"f:imagePullPolicy\":{},\"f:livenessProbe\":{\".\":{},\"f:failureThreshold\":{},\"f:initialDelaySeconds\":{},\"f:periodSeconds\":{},\"f:successThreshold\":{},\"f:tcpSocket\":{\".\":{},\"f:port\":{}},\"f:timeoutSeconds\":{}},\"f:name\":{},\"f:ports\":{\".\":{},\"k:{\\\"containerPort\\\":8161,\\\"protocol\\\":\\\"TCP\\\"}\":{\".\":{},\"f:containerPort\":{},\"f:name\":{},\"f:protocol\":{}}},\"f:readinessProbe\":{\".\":{},\"f:exec\":{\".\":{},\"f:command\":{}},\"f:failureThreshold\":{},\"f:initialDelaySeconds\":{},\"f:periodSeconds\":{},\"f:successThreshold\":{},\"f:timeoutSeconds\":{}},\"f:resources\":{},\"f:terminationMessagePath\":{},\"f:terminationMessagePolicy\":{},\"f:volumeMounts\":{\".\":{},\"k:{\\\"mountPath\\\":\\\"/amq/extra/secrets/artemis-split-props\\\"}\":{\".\":{},\"f:mountPath\":{},\"f:name\":{},\"f:readOnly\":{}},\"k:{\\\"mountPath\\\":\\\"/amq/extra/secrets/split-jaas-config\\\"}\":{\".\":{},\"f:mountPath\":{},\"f:name\":{},\"f:readOnly\":{}},\"k:{\\\"mountPath\\\":\\\"/amq/init/config\\\"}\":{\".\":{},\"f:mountPath\":{},\"f:name\":{}},\"k:{\\\"mountPath\\\":\\\"/etc/artemis-split-my-acceptor-secret-volume\\\"}\":{\".\":{},\"f:mountPath\":{},\"f:name\":{},\"f:readOnly\":{}}}}},\"f:dnsPolicy\":{},\"f:initContainers\":{\".\":{},\"k:{\\\"name\\\":\\\"artemis-split-container-init\\\"}\":{\".\":{},\"f:args\":{},\"f:command\":{},\"f:env\":{\".\":{},\"k:{\\\"name\\\":\\\"AMQ_ACCEPTORS\\\"}\":{\".\":{},\"f:name\":{},\"f:valueFrom\":{\".\":{},\"f:secretKeyRef\":{}}},\"k:{\\\"name\\\":\\\"AMQ_ADDRESSES\\\"}\":{\".\":{},\"f:name\":{}},\"k:{\\\"name\\\":\\\"AMQ_ANYCAST_PREFIX\\\"}\":{\".\":{},\"f:name\":{}},\"k:{\\\"name\\\":\\\"AMQ_CLUSTERED\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"AMQ_CLUSTER_PASSWORD\\\"}\":{\".\":{},\"f:name\":{},\"f:valueFrom\":{\".\":{},\"f:secretKeyRef\":{}}},\"k:{\\\"name\\\":\\\"AMQ_CLUSTER_USER\\\"}\":{\".\":{},\"f:name\":{},\"f:valueFrom\":{\".\":{},\"f:secretKeyRef\":{}}},\"k:{\\\"name\\\":\\\"AMQ_CONNECTORS\\\"}\":{\".\":{},\"f:name\":{},\"f:valueFrom\":{\".\":{},\"f:secretKeyRef\":{}}},\"k:{\\\"name\\\":\\\"AMQ_ENABLE_JOLOKIA_AGENT\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"AMQ_ENABLE_MANAGEMENT_RBAC\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"AMQ_ENABLE_METRICS_PLUGIN\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"AMQ_EXTRA_ARGS\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"AMQ_GLOBAL_MAX_SIZE\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"AMQ_JOURNAL_TYPE\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"AMQ_MULTICAST_PREFIX\\\"}\":{\".\":{},\"f:name\":{}},\"k:{\\\"name\\\":\\\"AMQ_NAME\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"AMQ_PASSWORD\\\"}\":{\".\":{},\"f:name\":{},\"f:valueFrom\":{\".\":{},\"f:secretKeyRef\":{}}},\"k:{\\\"name\\\":\\\"AMQ_QUEUES\\\"}\":{\".\":{},\"f:name\":{}},\"k:{\\\"name\\\":\\\"AMQ_REQUIRE_LOGIN\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"AMQ_ROLE\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"AMQ_TRANSPORTS\\\"}\":{\".\":{},\"f:name\":{}},\"k:{\\\"name\\\":\\\"AMQ_USER\\\"}\":{\".\":{},\"f:name\":{},\"f:valueFrom\":{\".\":{},\"f:secretKeyRef\":{}}},\"k:{\\\"name\\\":\\\"CONFIG_INSTANCE_DIR\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"JAVA_ARGS_APPEND\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"JAVA_OPTS\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"OPENSHIFT_DNS_PING_SERVICE_PORT\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"PING_SVC_NAME\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"POD_NAMESPACE\\\"}\":{\".\":{},\"f:name\":{}},\"k:{\\\"name\\\":\\\"RUN_BROKER\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}},\"k:{\\\"name\\\":\\\"TRIGGERED_ROLL_COUNT\\\"}\":{\".\":{},\"f:name\":{},\"f:value\":{}}},\"f:image\":{},\"f:imagePullPolicy\":{},\"f:name\":{},\"f:resources\":{},\"f:terminationMessagePath\":{},\"f:terminationMessagePolicy\":{},\"f:volumeMounts\":{\".\":{},\"k:{\\\"mountPath\\\":\\\"/amq/extra/secrets/artemis-split-props\\\"}\":{\".\":{},\"f:mountPath\":{},\"f:name\":{},\"f:readOnly\":{}},\"k:{\\\"mountPath\\\":\\\"/amq/extra/secrets/split-jaas-config\\\"}\":{\".\":{},\"f:mountPath\":{},\"f:name\":{},\"f:readOnly\":{}},\"k:{\\\"mountPath\\\":\\\"/amq/init/config\\\"}\":{\".\":{},\"f:mountPath\":{},\"f:name\":{}},\"k:{\\\"mountPath\\\":\\\"/init_cfg_root\\\"}\":{\".\":{},\"f:mountPath\":{},\"f:name\":{}}}}},\"f:restartPolicy\":{},\"f:schedulerName\":{},\"f:securityContext\":{},\"f:terminationGracePeriodSeconds\":{},\"f:volumes\":{\".\":{},\"k:{\\\"name\\\":\\\"amq-cfg-dir\\\"}\":{\".\":{},\"f:emptyDir\":{},\"f:name\":{}},\"k:{\\\"name\\\":\\\"artemis-split-my-acceptor-secret-volume\\\"}\":{\".\":{},\"f:name\":{},\"f:secret\":{\".\":{},\"f:defaultMode\":{},\"f:secretName\":{}}},\"k:{\\\"name\\\":\\\"secret-artemis-split-props\\\"}\":{\".\":{},\"f:name\":{},\"f:secret\":{\".\":{},\"f:defaultMode\":{},\"f:secretName\":{}}},\"k:{\\\"name\\\":\\\"secret-split-jaas-config\\\"}\":{\".\":{},\"f:name\":{},\"f:secret\":{\".\":{},\"f:defaultMode\":{},\"f:secretName\":{}}},\"k:{\\\"name\\\":\\\"tool-dir\\\"}\":{\".\":{},\"f:emptyDir\":{},\"f:name\":{}}}}},\"f:updateStrategy\":{\"f:rollingUpdate\":{\".\":{},\"f:partition\":{}},\"f:type\":{}}}} } {kube-controller-manager Update apps/v1 2023-05-08 09:52:02 +0000 UTC FieldsV1 {\"f:status\":{\"f:availableReplicas\":{},\"f:collisionCount\":{},\"f:currentReplicas\":{},\"f:currentRevision\":{},\"f:observedGeneration\":{},\"f:readyReplicas\":{},\"f:replicas\":{},\"f:updateRevision\":{},\"f:updatedReplicas\":{}}} status}]},Spec:StatefulSetSpec{Replicas:*1,Selector:&v1.LabelSelector{MatchLabels:map[string]string{ActiveMQArtemis: artemis-split,application: artemis-split-app,},MatchExpressions:[]LabelSelectorRequirement{},},Template:{{      0 0001-01-01 00:00:00 +0000 UTC <nil> <nil> map[ActiveMQArtemis:artemis-split application:artemis-split-app] map[] [] []  []} {[{artemis-split-my-acceptor-secret-volume {nil nil nil nil nil SecretVolumeSource{SecretName:artemis-split-my-acceptor-secret,Items:[]KeyToPath{},DefaultMode:*420,Optional:nil,} nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil}} {secret-split-jaas-config {nil nil nil nil nil &SecretVolumeSource{SecretName:split-jaas-config,Items:[]KeyToPath{},DefaultMode:*420,Optional:nil,} nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil}} {secret-artemis-split-props {nil nil nil nil nil &SecretVolumeSource{SecretName:artemis-split-props,Items:[]KeyToPath{},DefaultMode:*420,Optional:nil,} nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil}} {amq-cfg-dir {nil &EmptyDirVolumeSource{Medium:,SizeLimit:<nil>,} nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil}} {tool-dir {nil &EmptyDirVolumeSource{Medium:,SizeLimit:<nil>,} nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil}}] [{artemis-split-container-init external-releases-quay-proxy.common.repositories.cloud.sap/artemiscloud/activemq-artemis-broker-init:1.0.15 [/bin/bash] [-c /opt/amq/bin/launch.sh && /opt/amq-broker/script/default.sh]  [] [] [{AMQ_ROLE admin nil} {AMQ_NAME amq-broker nil} {AMQ_TRANSPORTS  nil} {AMQ_QUEUES  nil} {AMQ_ADDRESSES  nil} {AMQ_GLOBAL_MAX_SIZE 100 mb nil} {AMQ_REQUIRE_LOGIN false nil} {AMQ_EXTRA_ARGS --no-autotune nil} {AMQ_ANYCAST_PREFIX  nil} {AMQ_MULTICAST_PREFIX  nil} {POD_NAMESPACE  nil} {AMQ_JOURNAL_TYPE nio nil} {TRIGGERED_ROLL_COUNT 0 nil} {PING_SVC_NAME artemis-split-ping-svc nil} {OPENSHIFT_DNS_PING_SERVICE_PORT 7800 nil} {AMQ_CLUSTERED true nil} {AMQ_ENABLE_JOLOKIA_AGENT false nil} {AMQ_ENABLE_MANAGEMENT_RBAC false nil} {AMQ_ENABLE_METRICS_PLUGIN false nil} {JAVA_ARGS_APPEND -Djavax.net.debug=all -Dhawtio.realm=console -Djava.security.auth.login.config=/amq/extra/secrets/split-jaas-config/login.config nil} {JAVA_OPTS -Dbroker.properties=/amq/extra/secrets/artemis-split-props/broker.properties nil} {RUN_BROKER false nil} {CONFIG_INSTANCE_DIR /amq/init/config nil} {AMQ_CLUSTER_PASSWORD  &EnvVarSource{FieldRef:nil,ResourceFieldRef:nil,ConfigMapKeyRef:nil,SecretKeyRef:&SecretKeySelector{LocalObjectReference:LocalObjectReference{Name:artemis-split-credentials-secret,},Key:AMQ_CLUSTER_PASSWORD,Optional:nil,},}} {AMQ_CLUSTER_USER  &EnvVarSource{FieldRef:nil,ResourceFieldRef:nil,ConfigMapKeyRef:nil,SecretKeyRef:&SecretKeySelector{LocalObjectReference:LocalObjectReference{Name:artemis-split-credentials-secret,},Key:AMQ_CLUSTER_USER,Optional:nil,},}} {AMQ_PASSWORD  &EnvVarSource{FieldRef:nil,ResourceFieldRef:nil,ConfigMapKeyRef:nil,SecretKeyRef:&SecretKeySelector{LocalObjectReference:LocalObjectReference{Name:artemis-split-credentials-secret,},Key:AMQ_PASSWORD,Optional:nil,},}} {AMQ_USER  &EnvVarSource{FieldRef:nil,ResourceFieldRef:nil,ConfigMapKeyRef:nil,SecretKeyRef:&SecretKeySelector{LocalObjectReference:LocalObjectReference{Name:artemis-split-credentials-secret,},Key:AMQ_USER,Optional:nil,},}} {AMQ_ACCEPTORS  &EnvVarSource{FieldRef:nil,ResourceFieldRef:nil,ConfigMapKeyRef:nil,SecretKeyRef:&SecretKeySelector{LocalObjectReference:LocalObjectReference{Name:artemis-split-netty-secret,},Key:AMQ_ACCEPTORS,Optional:nil,},}} {AMQ_CONNECTORS  &EnvVarSource{FieldRef:nil,ResourceFieldRef:nil,ConfigMapKeyRef:nil,SecretKeyRef:&SecretKeySelector{LocalObjectReference:LocalObjectReference{Name:artemis-split-netty-secret,},Key:AMQ_CONNECTORS,Optional:nil,},}}] {map[] map[]} [{amq-cfg-dir false /amq/init/config  <nil> } {tool-dir false /init_cfg_root  <nil> } {secret-split-jaas-config true /amq/extra/secrets/split-jaas-config  <nil> } {secret-artemis-split-props true /amq/extra/secrets/artemis-split-props  <nil> }] [] nil nil nil nil /dev/termination-log File IfNotPresent nil false false false}] [{artemis-split-container external-releases-quay-proxy.common.repositories.cloud.sap/artemiscloud/activemq-artemis-broker-kubernetes:1.0.15 [/bin/sh -c export STATEFUL_SET_ORDINAL=${HOSTNAME##*-};exec /opt/amq/bin/launch.sh start] []  [{wconsj 0 8161 TCP }] [] [{AMQ_ROLE admin nil} {AMQ_NAME amq-broker nil} {AMQ_TRANSPORTS  nil} {AMQ_QUEUES  nil} {AMQ_ADDRESSES  nil} {AMQ_GLOBAL_MAX_SIZE 100 mb nil} {AMQ_REQUIRE_LOGIN false nil} {AMQ_EXTRA_ARGS --no-autotune nil} {AMQ_ANYCAST_PREFIX  nil} {AMQ_MULTICAST_PREFIX  nil} {POD_NAMESPACE  nil} {AMQ_JOURNAL_TYPE nio nil} {TRIGGERED_ROLL_COUNT c048e714 nil} {PING_SVC_NAME artemis-split-ping-svc nil} {OPENSHIFT_DNS_PING_SERVICE_PORT 7800 nil} {AMQ_CLUSTERED true nil} {AMQ_ENABLE_JOLOKIA_AGENT false nil} {AMQ_ENABLE_MANAGEMENT_RBAC false nil} {AMQ_ENABLE_METRICS_PLUGIN false nil} {JAVA_ARGS_APPEND -Djavax.net.debug=all -Dhawtio.realm=console -Djava.security.auth.login.config=/amq/extra/secrets/split-jaas-config/login.config nil} {CONFIG_BROKER false nil} {CONFIG_INSTANCE_DIR /amq/init/config nil} {DEBUG_ARGS -Djava.security.auth.login.config=/amq/extra/secrets/split-jaas-config/login.config nil} {AMQ_CLUSTER_PASSWORD  &EnvVarSource{FieldRef:nil,ResourceFieldRef:nil,ConfigMapKeyRef:nil,SecretKeyRef:&SecretKeySelector{LocalObjectReference:LocalObjectReference{Name:artemis-split-credentials-secret,},Key:AMQ_CLUSTER_PASSWORD,Optional:nil,},}} {AMQ_CLUSTER_USER  &EnvVarSource{FieldRef:nil,ResourceFieldRef:nil,ConfigMapKeyRef:nil,SecretKeyRef:&SecretKeySelector{LocalObjectReference:LocalObjectReference{Name:artemis-split-credentials-secret,},Key:AMQ_CLUSTER_USER,Optional:nil,},}} {AMQ_PASSWORD  &EnvVarSource{FieldRef:nil,ResourceFieldRef:nil,ConfigMapKeyRef:nil,SecretKeyRef:&SecretKeySelector{LocalObjectReference:LocalObjectReference{Name:artemis-split-credentials-secret,},Key:AMQ_PASSWORD,Optional:nil,},}} {AMQ_USER  &EnvVarSource{FieldRef:nil,ResourceFieldRef:nil,ConfigMapKeyRef:nil,SecretKeyRef:&SecretKeySelector{LocalObjectReference:LocalObjectReference{Name:artemis-split-credentials-secret,},Key:AMQ_USER,Optional:nil,},}} {AMQ_ACCEPTORS  &EnvVarSource{FieldRef:nil,ResourceFieldRef:nil,ConfigMapKeyRef:nil,SecretKeyRef:&SecretKeySelector{LocalObjectReference:LocalObjectReference{Name:artemis-split-netty-secret,},Key:AMQ_ACCEPTORS,Optional:nil,},}} {AMQ_CONNECTORS  &EnvVarSource{FieldRef:nil,ResourceFieldRef:nil,ConfigMapKeyRef:nil,SecretKeyRef:&SecretKeySelector{LocalObjectReference:LocalObjectReference{Name:artemis-split-netty-secret,},Key:AMQ_CONNECTORS,Optional:nil,},}}] {map[] map[]} [{artemis-split-my-acceptor-secret-volume true /etc/artemis-split-my-acceptor-secret-volume  <nil> } {secret-split-jaas-config true /amq/extra/secrets/split-jaas-config  <nil> } {secret-artemis-split-props true /amq/extra/secrets/artemis-split-props  <nil> } {amq-cfg-dir false /amq/init/config  <nil> }] [] &Probe{ProbeHandler:ProbeHandler{Exec:nil,HTTPGet:nil,TCPSocket:&TCPSocketAction{Port:{0 8161 },Host:,},GRPC:nil,},InitialDelaySeconds:5,TimeoutSeconds:5,PeriodSeconds:10,SuccessThreshold:1,FailureThreshold:3,TerminationGracePeriodSeconds:nil,} &Probe{ProbeHandler:ProbeHandler{Exec:&ExecAction{Command:[/bin/bash -c /opt/amq/bin/readinessProbe.sh 1],},HTTPGet:nil,TCPSocket:nil,GRPC:nil,},InitialDelaySeconds:5,TimeoutSeconds:5,PeriodSeconds:10,SuccessThreshold:1,FailureThreshold:3,TerminationGracePeriodSeconds:nil,} nil nil /dev/termination-log File IfNotPresent nil false false false}] [] Always 0xc0007033f0 <nil> ClusterFirst map[]   <nil>  false false false <nil> &PodSecurityContext{SELinuxOptions:nil,RunAsUser:nil,RunAsNonRoot:nil,SupplementalGroups:[],FSGroup:nil,RunAsGroup:nil,Sysctls:[]Sysctl{},WindowsOptions:nil,FSGroupChangePolicy:nil,SeccompProfile:nil,} []   &Affinity{NodeAffinity:nil,PodAffinity:nil,PodAntiAffinity:nil,} default-scheduler [] []  <nil> nil [] <nil> <nil> <nil> map[] [] <nil> nil}},VolumeClaimTemplates:[]PersistentVolumeClaim{},ServiceName:artemis-split-hdls-svc,PodManagementPolicy:OrderedReady,UpdateStrategy:StatefulSetUpdateStrategy{Type:RollingUpdate,RollingUpdate:&RollingUpdateStatefulSetStrategy{Partition:*0,},},RevisionHistoryLimit:*10,MinReadySeconds:0,PersistentVolumeClaimRetentionPolicy:nil,},Status:StatefulSetStatus{ObservedGeneration:2,Replicas:1,ReadyReplicas:1,CurrentReplicas:1,UpdatedReplicas:1,CurrentRevision:artemis-split-ss-85d8d8f7f7,UpdateRevision:artemis-split-ss-85d8d8f7f7,CollisionCount:*0,Conditions:[]StatefulSetCondition{},AvailableReplicas:1,},}"}
2023-05-08T09:52:03.145Z    INFO    artemis-split    Checking out extraMounts    {"extra config": {"secrets":["split-jaas-config"]}}
2023-05-08T09:52:03.145Z    INFO    artemis-split    Extra volumes    {"volumes": [{"name":"secret-split-jaas-config","secret":{"secretName":"split-jaas-config","defaultMode":420}},{"name":"secret-artemis-split-props","secret":{"secretName":"artemis-split-props","defaultMode":420}}]}
2023-05-08T09:52:03.145Z    INFO    artemis-split    Extra mounts    {"mounts": [{"name":"secret-split-jaas-config","readOnly":true,"mountPath":"/amq/extra/secrets/split-jaas-config"},{"name":"secret-artemis-split-props","readOnly":true,"mountPath":"/amq/extra/secrets/artemis-split-props"}]}
2023-05-08T09:52:03.146Z    INFO    controller_v1beta1activemqartemis    Creating init container for broker configuration
2023-05-08T09:52:03.146Z    INFO    controller_v1beta1activemqartemis    No addressetings
2023-05-08T09:52:03.146Z    INFO    controller_v1beta1activemqartemis    making volume mounts
2023-05-08T09:52:03.146Z    INFO    controller_v1beta1activemqartemis    Total volumes     {"volumes": [{"name":"artemis-split-my-acceptor-secret-volume","secret":{"secretName":"artemis-split-my-acceptor-secret"}},{"name":"secret-split-jaas-config","secret":{"secretName":"split-jaas-config","defaultMode":420}},{"name":"secret-artemis-split-props","secret":{"secretName":"artemis-split-props","defaultMode":420}},{"name":"amq-cfg-dir","emptyDir":{}},{"name":"tool-dir","emptyDir":{}}]}
2023-05-08T09:52:03.146Z    INFO    controller_v1beta1activemqartemis    Checking if there are any config handlers    {"main cr": "oneconnectivity/artemis-split"}
2023-05-08T09:52:03.146Z    INFO    controller_v1beta1activemqartemis    The final init cmds to init     {"the cmd array": ["-c", "/opt/amq/bin/launch.sh && /opt/amq-broker/script/default.sh"]}
2023-05-08T09:52:03.146Z    INFO    controller_v1beta1activemqartemis    Added some extra mounts to init    {"total mounts: ": [{"name":"amq-cfg-dir","mountPath":"/amq/init/config"},{"name":"tool-dir","mountPath":"/init_cfg_root"},{"name":"secret-split-jaas-config","readOnly":true,"mountPath":"/amq/extra/secrets/split-jaas-config"},{"name":"secret-artemis-split-props","readOnly":true,"mountPath":"/amq/extra/secrets/artemis-split-props"}]}
2023-05-08T09:52:03.146Z    INFO    controller_v1beta1activemqartemis    Final Init spec    {"Detail": [{"name":"artemis-split-container-init","image":"external-releases-quay-proxy.common.repositories.cloud.sap/artemiscloud/activemq-artemis-broker-init:1.0.15","command":["/bin/bash"],"args":["-c","/opt/amq/bin/launch.sh && /opt/amq-broker/script/default.sh"],"env":[{"name":"AMQ_ROLE","value":"admin"},{"name":"AMQ_NAME","value":"amq-broker"},{"name":"AMQ_TRANSPORTS"},{"name":"AMQ_QUEUES"},{"name":"AMQ_ADDRESSES"},{"name":"AMQ_GLOBAL_MAX_SIZE","value":"100 mb"},{"name":"AMQ_REQUIRE_LOGIN","value":"false"},{"name":"AMQ_EXTRA_ARGS","value":"--no-autotune"},{"name":"AMQ_ANYCAST_PREFIX"},{"name":"AMQ_MULTICAST_PREFIX"},{"name":"POD_NAMESPACE"},{"name":"AMQ_JOURNAL_TYPE","value":"nio"},{"name":"TRIGGERED_ROLL_COUNT","value":"0"},{"name":"PING_SVC_NAME","value":"artemis-split-ping-svc"},{"name":"OPENSHIFT_DNS_PING_SERVICE_PORT","value":"7800"},{"name":"AMQ_CLUSTERED","value":"true"},{"name":"AMQ_ENABLE_JOLOKIA_AGENT","value":"false"},{"name":"AMQ_ENABLE_MANAGEMENT_RBAC","value":"false"},{"name":"AMQ_ENABLE_METRICS_PLUGIN","value":"false"},{"name":"JAVA_ARGS_APPEND","value":"-Djavax.net.debug=all -Dhawtio.realm=console -Djava.security.auth.login.config=/amq/extra/secrets/split-jaas-config/login.config"},{"name":"JAVA_OPTS","value":"-Dbroker.properties=/amq/extra/secrets/artemis-split-props/broker.properties"},{"name":"RUN_BROKER","value":"false"},{"name":"CONFIG_INSTANCE_DIR","value":"/amq/init/config"}],"resources":{},"volumeMounts":[{"name":"amq-cfg-dir","mountPath":"/amq/init/config"},{"name":"tool-dir","mountPath":"/init_cfg_root"},{"name":"secret-split-jaas-config","readOnly":true,"mountPath":"/amq/extra/secrets/split-jaas-config"},{"name":"secret-artemis-split-props","readOnly":true,"mountPath":"/amq/extra/secrets/artemis-split-props"}],"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File","imagePullPolicy":"IfNotPresent"}]}
2023-05-08T09:52:03.146Z    INFO    controller_v1beta1activemqartemis    Processing deployment plan    {"plan": {"resources":{},"storage":{},"extraMounts":{"secrets":["split-jaas-config"]},"podSecurity":{},"affinity":{}}, "broker cr": "artemis-split"}
2023-05-08T09:52:03.146Z    INFO    controller_v1beta1activemqartemis    Now sync Message migration    {"for cr": "artemis-split"}
2023-05-08T09:52:03.146Z    INFO    controller_v1beta1activemqartemis    Won't set up scaledown for non persistent deployment
2023-05-08T09:52:03.146Z    INFO    package k8s_actions    Retrieving *v1.Secret    {"ActiveMQArtemis Name": "artemis-split-credentials-secret"}
2023-05-08T09:52:03.147Z    INFO    controller_v1beta1activemqartemis.sourceEnvVarFromSecret    Populating env vars references, in order, from secret artemis-split-credentials-secret
2023-05-08T09:52:03.147Z    INFO    package k8s_actions    Retrieving *v1.Secret    {"ActiveMQArtemis Name": "artemis-split-my-acceptor-secret"}
2023-05-08T09:52:03.147Z    INFO    package environments    environment is not openshift
2023-05-08T09:52:03.147Z    INFO    controller_v1beta1activemqartemis    creating ingress for my-acceptor-0    {"service": "artemis-split-my-acceptor-0-svc"}
2023-05-08T09:52:03.147Z    INFO    package k8s_actions    Retrieving *v1.Secret    {"ActiveMQArtemis Name": "artemis-split-netty-secret"}
2023-05-08T09:52:03.147Z    INFO    controller_v1beta1activemqartemis.sourceEnvVarFromSecret    Populating env vars references, in order, from secret artemis-split-netty-secret
2023-05-08T09:52:03.147Z    INFO    package environments    environment is not openshift
2023-05-08T09:52:03.147Z    INFO    controller_v1beta1activemqartemis    ingress for wconsj-0
2023-05-08T09:52:03.147Z    INFO    controller_v1beta1activemqartemis    Processing resources    {"ActiveMQArtemis Name": "artemis-split", "num requested": 10, "num current": 10}
2023-05-08T09:52:03.147Z    INFO    controller_v1beta1activemqartemis        {"ActiveMQArtemis Name": "artemis-split", "instances of ": "v1.Secret", "Will create ": 0, "update ": 0, "and delete": 0}
2023-05-08T09:52:03.147Z    INFO    controller_v1beta1activemqartemis        {"ActiveMQArtemis Name": "artemis-split", "instances of ": "v1.StatefulSet", "Will create ": 0, "update ": 1, "and delete": 0}
2023-05-08T09:52:03.154Z    INFO    controller_v1beta1activemqartemis    updated    {"ActiveMQArtemis Name": "artemis-split", "kind ": "v1.StatefulSet", "named ": "artemis-split-ss"}
2023-05-08T09:52:03.154Z    INFO    controller_v1beta1activemqartemis        {"ActiveMQArtemis Name": "artemis-split", "instances of ": "v1.Service", "Will create ": 0, "update ": 0, "and delete": 0}
2023-05-08T09:52:03.155Z    INFO    controller_v1beta1activemqartemis        {"ActiveMQArtemis Name": "artemis-split", "instances of ": "v1.Ingress", "Will create ": 0, "update ": 0, "and delete": 0}
2023-05-08T09:52:03.155Z    INFO    controller_v1beta1activemqartemis    Reconciler Processing... complete    {"CRD ver:": "4831", "CRD Gen:": 1}
2023-05-08T09:52:03.155Z    INFO    Now retrieve ss    {"Request.Namespace": "oneconnectivity", "Request.Name": "artemis-split", "order": 0, "ssName": {"namespace": "oneconnectivity", "name": "artemis-split-ss"}}
2023-05-08T09:52:03.155Z    INFO    package statefulsets    Retrieving StatefulSet artemis-split-ss    {"ActiveMQArtemis Name": "artemis-split-ss"}
2023-05-08T09:52:03.155Z    INFO    Statefulset: artemis-split-ss found    {"Request.Namespace": "oneconnectivity", "Request.Name": "artemis-split"}
2023-05-08T09:52:03.155Z    INFO    finding pods in ss    {"Request.Namespace": "oneconnectivity", "Request.Name": "artemis-split", "replicas": 1}
2023-05-08T09:52:03.155Z    INFO    Trying finding pod artemis-split-ss-0    {"Request.Namespace": "oneconnectivity", "Request.Name": "artemis-split"}
2023-05-08T09:52:03.155Z    INFO    Pod found    {"Request.Namespace": "oneconnectivity", "Request.Name": "artemis-split", "Namespace": "oneconnectivity", "Name": "artemis-split"}
2023-05-08T09:52:03.155Z    INFO    package k8s_actions    Retrieving *v1.Secret    {"ActiveMQArtemis Name": "artemis-split-jolokia-secret"}
2023-05-08T09:52:03.155Z    INFO    package secrets    No secret found    {"name": "artemis-split-jolokia-secret"}
2023-05-08T09:52:03.155Z    INFO    package k8s_actions    Retrieving *v1.Secret    {"ActiveMQArtemis Name": "artemis-split-credentials-secret"}
2023-05-08T09:52:03.155Z    INFO    package k8s_actions    Retrieving *v1.Secret    {"ActiveMQArtemis Name": "artemis-split-credentials-secret"}
2023-05-08T09:52:03.155Z    INFO    New Jolokia with     {"Request.Namespace": "oneconnectivity", "Request.Name": "artemis-split", "User: ": "admin", "Protocol: ": "http", "broker ip": "10.244.0.9"}
2023-05-08T09:52:03.155Z    INFO    Finally we gathered some mgmt array    {"Request.Namespace": "oneconnectivity", "Request.Name": "artemis-split", "size": 1}
2023-05-08T09:52:03.158Z    INFO    unknown status reported from Jolokia.    {"ActiveMQArtemis Name": "artemis-split", "IP": "10.244.0.9", "Ordinal": "0", "error": "EOF"}
2023-05-08T09:52:03.159Z    INFO    Now retrieve ss    {"Request.Namespace": "oneconnectivity", "Request.Name": "artemis-split", "order": 0, "ssName": {"namespace": "oneconnectivity", "name": "artemis-split-ss"}}
2023-05-08T09:52:03.159Z    INFO    package statefulsets    Retrieving StatefulSet artemis-split-ss    {"ActiveMQArtemis Name": "artemis-split-ss"}
2023-05-08T09:52:03.159Z    INFO    Statefulset: artemis-split-ss found    {"Request.Namespace": "oneconnectivity", "Request.Name": "artemis-split"}
2023-05-08T09:52:03.159Z    INFO    finding pods in ss    {"Request.Namespace": "oneconnectivity", "Request.Name": "artemis-split", "replicas": 1}
2023-05-08T09:52:03.159Z    INFO    Trying finding pod artemis-split-ss-0    {"Request.Namespace": "oneconnectivity", "Request.Name": "artemis-split"}
2023-05-08T09:52:03.159Z    INFO    Pod found    {"Request.Namespace": "oneconnectivity", "Request.Name": "artemis-split", "Namespace": "oneconnectivity", "Name": "artemis-split"}
2023-05-08T09:52:03.159Z    INFO    package k8s_actions    Retrieving *v1.Secret    {"ActiveMQArtemis Name": "artemis-split-jolokia-secret"}
2023-05-08T09:52:03.159Z    INFO    package secrets    No secret found    {"name": "artemis-split-jolokia-secret"}
2023-05-08T09:52:03.159Z    INFO    package k8s_actions    Retrieving *v1.Secret    {"ActiveMQArtemis Name": "artemis-split-credentials-secret"}
2023-05-08T09:52:03.159Z    INFO    package k8s_actions    Retrieving *v1.Secret    {"ActiveMQArtemis Name": "artemis-split-credentials-secret"}
2023-05-08T09:52:03.159Z    INFO    New Jolokia with     {"Request.Namespace": "oneconnectivity", "Request.Name": "artemis-split", "User: ": "admin", "Protocol: ": "http", "broker ip": "10.244.0.9"}
2023-05-08T09:52:03.159Z    INFO    Finally we gathered some mgmt array    {"Request.Namespace": "oneconnectivity", "Request.Name": "artemis-split", "size": 1}
2023-05-08T09:52:03.160Z    INFO    unknown status reported from Jolokia.    {"ActiveMQArtemis Name": "artemis-split", "IP": "10.244.0.9", "Ordinal": "0", "error": "EOF"}
2023-05-08T09:52:03.161Z    INFO    Pods status unchanged    {"ActiveMQArtemis Name": "artemis-split"}
2023-05-08T09:52:03.161Z    INFO    resource successfully reconciled    {"Request.Namespace": "oneconnectivity", "Request.Name": "artemis-split", "Reconciling": "ActiveMQArtemis"}
2023-05-08T09:52:03.161Z    INFO    resource has extraMounts, requeuing for periodic sync    {"Request.Namespace": "oneconnectivity", "Request.Name": "artemis-split", "Reconciling": "ActiveMQArtemis"}

as you can see this logs

2023-05-08T09:52:03.160Z    INFO    unknown status reported from Jolokia.    {"ActiveMQArtemis Name": "artemis-split", "IP": "10.244.0.9", "Ordinal": "0", "error": "EOF"}

is the same error.

brusdev May 8, 2023
Maintainer

@lordigon you are tight, I got the same issue and I fixed it using the correct role admin,
Could you try again using the following split-jaas-config?

kind: Secret
apiVersion: v1
metadata:
  name: split-jaas-config
type: Opaque
stringData:
  artemis-users.properties: |
    admin=admin
  artemis-roles.properties: |
    admin=admin
  cert-users.properties: |
    admin=CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, ST=AMQ, C=AMQ
  cert-roles.properties: |
    admin=admin
  login.config: |-
    console {
       org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule required
           debug=false
           org.apache.activemq.jaas.properties.user="artemis-users.properties"
           org.apache.activemq.jaas.properties.role="artemis-roles.properties";
    };
    
    activemq {
        org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule sufficient
            debug=true
            org.apache.activemq.jaas.textfiledn.user="cert-users.properties"
            org.apache.activemq.jaas.textfiledn.role="cert-roles.properties";
    };

$ curl -H "Origin:http://$HOSTNAME:8161" -u admin:admin http://$HOSTNAME:8161/console/jolokia/read/org.apache.activemq.artemis:broker=\"amq-broker\"/Version
{"request":{"mbean":"org.apache.activemq.artemis:broker=\"amq-broker\"","attribute":"Version","type":"read"},"value":"2.28.0","timestamp":1683555396,"status":200}

lordigon May 9, 2023
Author

@brusdev It works also on my side. Can you please give me a little bit of context about this configuration? The change you made was about the amq role.
Does the operator use fixed username and role to connect to the Artemis broker?
What do I need if for example i want to define a custom role/username for the JMX configuration and be able to the Operator to use them?

brusdev May 9, 2023
Maintainer

@lordigon the operator uses the credentials in the credentials secret for the JMX connections, i.e. the credential secret for a CR with the name artemis-split is artemis-split-credentials-secret.

I added the adminUser and adminPassword fields to sync the credentials in the credentials secret with the credentials in artemis-users.properties.

The role in the management.xml file is hard-coded and its value is admin. This means that you need to change the management.xml file to execute management operations with another role.

The only way to change the management.xml file is to use a ActiveMQArtemisSecurity CR or a custom init container.

lordigon · 2023-04-07T10:13:28Z

lordigon
Apr 7, 2023
Author

Just another question: probably I would have to add another acceptor for plain connections. TLS will be used for external (to k8s cluster) client and MQTT plain for internal one something like

spec:
  acceptors:
  - expose: false
    name: tcp-mqtt
    port: 61616
    protocols: MQTT
    sslEnabled: false
  - expose: true
    name: mqtt-tls
    needClientAuth: true
    port: 61617
    protocols: MQTT
    sslEnabled: true
    verifyHost: false

this new acceptor will be influenced by the configuration you suggested?
Security Roles defined for TLS acceptor will be used also for plain one?

1 reply

brusdev Apr 12, 2023
Maintainer

Yes, security roles have a global scope but you could have a security domain per acceptor using broker properties, i.e.

spec:
  acceptors:
  - expose: false
    name: tcp-mqtt
    port: 61616
    protocols: MQTT
    sslEnabled: false
  - expose: true
    name: mqtt-tls
    needClientAuth: true
    port: 61617
    protocols: MQTT
    sslEnabled: true
    verifyHost: false
  brokerProperties:
    - 'acceptorConfigurations.tcp-mqtt.extraParams.securityDomain=InternalLogin'

The port 61616 is used internally, for custom acceptors use other ports.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use different security domains for TLS and JMX #559

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 2 comments 13 replies

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

Select a reply

Use different security domains for TLS and JMX #559

lordigon Apr 5, 2023

Replies: 2 comments · 13 replies

brusdev Apr 6, 2023 Maintainer

brusdev May 5, 2023 Maintainer

lordigon May 8, 2023 Author

brusdev May 8, 2023 Maintainer

lordigon May 9, 2023 Author

brusdev May 9, 2023 Maintainer

lordigon Apr 7, 2023 Author

brusdev Apr 12, 2023 Maintainer

lordigon
Apr 5, 2023

Replies: 2 comments 13 replies

brusdev
Apr 6, 2023
Maintainer

brusdev May 5, 2023
Maintainer

lordigon May 8, 2023
Author

brusdev May 8, 2023
Maintainer

lordigon May 9, 2023
Author

brusdev May 9, 2023
Maintainer

lordigon
Apr 7, 2023
Author

brusdev Apr 12, 2023
Maintainer