/usr/share/puppet/modules.available/puppet-community-mcollective/templates/activemq.xml.erb is in puppet-module-puppet-community-mcollective 0.6.2-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 | <beans
xmlns="http://www.springframework.org/schema/beans"
xmlns:amq="http://activemq.apache.org/schema/core"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd
http://activemq.apache.org/camel/schema/spring http://activemq.apache.org/camel/schema/spring/camel-spring.xsd">
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<!-- <property name="locations">
<value>file:${activemq.base}/conf/credentials.properties</value>
</property> -->
</bean>
<!--
For more information about what MCollective requires in this file,
see http://docs.puppetlabs.com/mcollective/deploy/middleware/activemq.html
-->
<!--
WARNING: The elements that are direct children of <broker> MUST BE IN
ALPHABETICAL ORDER. This is fixed in ActiveMQ 5.6.0, but affects
previous versions back to 5.4.
https://issues.apache.org/jira/browse/AMQ-3570
-->
<broker xmlns="http://activemq.apache.org/schema/core" brokerName="localhost" useJmx="true" schedulePeriodForDestinationPurge="60000" persistent="false">
<!--
MCollective generally expects producer flow control to be turned off.
It will also generate a limitless number of single-use reply queues,
which should be garbage-collected after about five minutes to conserve
memory.
For more information, see:
http://activemq.apache.org/producer-flow-control.html
-->
<destinationPolicy>
<policyMap>
<policyEntries>
<policyEntry topic=">" producerFlowControl="false"/>
<policyEntry queue="*.reply.>" gcInactiveDestinations="true" inactiveTimoutBeforeGC="300000" />
</policyEntries>
</policyMap>
</destinationPolicy>
<managementContext>
<managementContext createConnector="false"/>
</managementContext>
<plugins>
<statisticsBrokerPlugin/>
<!--
This configures the users and groups used by this broker. Groups
are referenced below, in the write/read/admin attributes
of each authorizationEntry element.
-->
<simpleAuthenticationPlugin>
<users>
<authenticationUser username="<%= scope["mcollective::middleware_user"] %>" password="<%= scope["mcollective::middleware_password"] %>" groups="mcollective,everyone"/>
<authenticationUser username="<%= scope['mcollective::middleware_admin_user'] %>" password="<%= scope['mcollective::middleware_admin_password'] %>" groups="mcollective,admins,everyone"/>
</users>
</simpleAuthenticationPlugin>
<!--
Configure which users are allowed to read and write where. Permissions
are organized by group; groups are configured above, in the
authentication plugin.
With the rules below, both servers and admin users belong to group
mcollective, which can both issue and respond to commands. For an
example that splits permissions and doesn't allow servers to issue
commands, see:
http://docs.puppetlabs.com/mcollective/deploy/middleware/activemq.html#detailed-restrictions
-->
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" write="admins" read="admins" admin="admins" />
<authorizationEntry topic=">" write="admins" read="admins" admin="admins" />
<authorizationEntry topic="mcollective.>" write="mcollective" read="mcollective" admin="mcollective" />
<authorizationEntry queue="mcollective.>" write="mcollective" read="mcollective" admin="mcollective" />
<!--
The advisory topics are part of ActiveMQ, and all users need access to them.
The "everyone" group is not special; you need to ensure every user is a member.
-->
<authorizationEntry topic="ActiveMQ.Advisory.>" read="everyone" write="everyone" admin="everyone"/>
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
<% if scope['mcollective::middleware_ssl'] %>
<sslContext>
<sslContext
keyStore="keystore.jks" keyStorePassword="puppet"
trustStore="truststore.jks" trustStorePassword="puppet"
/>
</sslContext>
<% end %>
<!--
The systemUsage controls the maximum amount of space the broker will
use for messages. For more information, see:
http://docs.puppetlabs.com/mcollective/deploy/middleware/activemq.html#memory-and-temp-usage-for-messages-systemusage
-->
<systemUsage>
<systemUsage>
<memoryUsage>
<memoryUsage limit="<%= scope["mcollective::activemq_memoryUsage"] %>"/>
</memoryUsage>
<storeUsage>
<storeUsage limit="<%= scope["mcollective::activemq_storeUsage"] %>" name="foo"/>
</storeUsage>
<tempUsage>
<tempUsage limit="<%= scope["mcollective::activemq_tempUsage"] %>"/>
</tempUsage>
</systemUsage>
</systemUsage>
<!--
The transport connectors allow ActiveMQ to listen for connections over
a given protocol. MCollective uses Stomp, and other ActiveMQ brokers
use OpenWire. You'll need different URLs depending on whether you are
using TLS. For more information, see:
http://docs.puppetlabs.com/mcollective/deploy/middleware/activemq.html#transport-connectors
-->
<transportConnectors>
<% if scope['mcollective::middleware_ssl'] %>
<transportConnector name="stomp+ssl" uri="stomp+ssl://0.0.0.0:<%= scope['mcollective::middleware_ssl_port'] %>?needClientAuth=true"/>
<% else %>
<transportConnector name="stomp" uri="stomp://0.0.0.0:<%= scope['mcollective::middleware_port'] %>"/>
<% end %>
</transportConnectors>
</broker>
<% if scope['mcollective::activemq_console'] %>
<!--
Enable web consoles, REST and Ajax APIs and demos.
It also includes Camel (with its web console); see ${ACTIVEMQ_HOME}/conf/camel.xml for more info.
See ${ACTIVEMQ_HOME}/conf/jetty.xml for more details.
-->
<import resource="jetty.xml"/>
<% end %>
</beans>
|