SOA using Open ESB, SOA using Open ESB, BPEL, and NetBeans ...
Monitoring multiple ultra esb instances with u console
-
Upload
imeshlihinikaduarach -
Category
Engineering
-
view
142 -
download
2
Transcript of Monitoring multiple ultra esb instances with u console
Overview
1. Starting Uconsole for monitoring
2. Connecting to local instances
3. UltraESB configuration for remote JMX
monitoring
4. Connecting to UltraESB instances via
remote JMX
5. Management Console Authentication
6. UConsole Settings
a. Servers
b. Users
c. Roles
d. Access Rules
7. Switching between Servers
1. Starting Uconsole for monitoring
Navigate to the management distribution bin directory of the selected UltraESB node and run
UConsole. (Make sure you have the execution permission to the uconsole.sh file)
$ cd <path_to_ultraesb>/bin
$ ./uconsole.sh
After successfully running, you can access the UConsole management console at
https://localhost:8043/uconsole.
You can change the UConsole access properties (e.g. port & host) in UConsole server configuration
file ULTRA_HOME/uconsole/conf/jetty.xml.
<Property name="uconsole.port" default="8043"/>
<Property name="uconsole.host" default="localhost"/>
For SSL configuration, you can edit the properties in file jetty.xml in management distribution
uconsole conf directory.
2. Connecting to local instances
When one or more UltraESB instances are running locally, UConsole can easily connect to locally
running UltraESB instances with ‘Local instance’ option.
Local instance option exposes all the available UltraESB instances by their node names. ( Node
name of an instance is defined in ULTRA_HOME/conf/ultra-root.xml file under cluster-
manager bean as shown below).
<bean id="cluster-manager" …
<property name="nodeName" value="node1"/>
3. Configuring UltraESB for remote monitoring
Enable JMX
Uncomment ‘serverConnector’ and ‘registry’ beans ULTRA_HOME/conf/ultra-root.xml file.
Change the value of the service URL property as necessary (use unique values for JMX port and
JNDI port in different UltraESB nodes) in the bean serverConnector.
<bean id="serverConnector" … >
<property name="serviceUrl"
value="service:jmx:rmi://localhost:9994/jndi/rmi://localhost:1099/ultra"/>
Change the value of the port property as necessary (use the same JNDI port) in the bean registry.
<bean id="registry" … >
<property name="port" value="1099"/>
Make sure configuring ports are opened through the firewall.
User Authentication
UltraESB jmx access authentication and authorization can be done in two ways
- Plain text password file based access control
- JAAS (e.g. LDAP or ActiveDirectory) based access control
Plain text password file based access control
Configure the access.file and the password.file paths as environment properties by defining under
‘serverConnector’ bean , ‘environment’ property as shown below.
<bean id="serverConnector" … >
<property name="environment"> …
<map> …
<entry key="jmx.remote.x.access.file" value="conf/management/jmxremote.access"/>
<entry key="jmx.remote.x.password.file"
value="conf/management/jmxremote.password"/>
Add the user permissions and username - passwords of users in the above defined files as below
jmxremote.access
admin readwrite (user admin has read & write permissions for the node)
user readonly (user user has read only permissions for the node)
jmxremote.password
admin admin (user admin has the password admin for the node)
JAAS (e.g. LDAP or ActiveDirectory) based authentication
To enable LDAP authentication for the ultraesb node, add the environment property ‘
jmx.remote.x.login.config’ by uncommenting the following in ultra-root.xml file.
<bean id="serverConnector" … >
<property name="environment"> …
<map> …
<entry key="jmx.remote.x.login.config" value="LdapConfig"/>
Configure the ULTRA_HOME/conf/ldap.conf file to configure the ldap server properties.
If you are using JAAS authentication, make sure you uncomment and edit the following lines of
ULTRA_HOME/conf/wrapper.conf as necessary.
#wrapper.java.additional.<N>=-Djava.rmi.server.hostname=<your-ip-address>
#wrapper.java.additional.<N>=-Djava.security.auth.login.config=conf/ldap.conf
4. Connecting to UltraESB instances via remote JMX from UConsole web-UI
You can connect to an instance using …
JMX service URL - configured under ‘serviceUrl’ property in ultra-root.xml
JMX username, and JMX password - password files based or LDAP server based
5. Management Console Authentication
UConsole management console authentication configuration is in the file
ULTRA_HOME/uconsole/WEB-INF/classes/shiro-users.properties
- Password file based
user.chamath = pass, admin, user (This interprets as user 'chamath' with
password 'pass' and roles 'admin' and 'user')
role.admin = * (role 'admin' has all permissions)
role.user = user:read (role 'user' is only allowed to 'read'
anything with user:)
- LDAP server based
- uncommenting and configuring the relevant fields after following line in the
ULTRA_HOME/uconsole/WEB-INF/classes/shiro.ini file
;---- for LDAP / Active Directory ----
5. UConsole settings
After logging in to UConsole management console, you can change the monitoring server in
Settings on the top menu bar
Using the Console Settings window, you can edit Servers, Users, Roles, Access Rules
Adding predefined servers from the configuration file
Define nodes in ULTRA_HOME/uconsole/WEB-INF/classes/uconsole.properties file by adding
JMX service URL, JMX username, JMX password of each UltraESB nodes as shown below
ultra.jmx.url.node1=service:jmx:rmi://localhost:9995/jndi/rmi://localhost:1199/
ultra
ultra.jmx.username.node1=admin
ultra.jmx.password.node1=admin
Next time you open the UConsole management console in the browser, you'll see the defined
instances on login page and in the defined servers page
Users
● You can define management users and their roles for UConsole management console in the
Users tab in Console Settings
● User parameters can also be changed in the configuration file ULTRA_HOME/uconsole/WEB-
INF/classes/shiro-users.properties as mentioned earlier
Roles
You can define management roles for the users for UConsole management console in the Roles tab
in Console Settings
Role parameters can also be changed in the configuration file ULTRA_HOME/uconsole/WEB-
INF/classes/shiro-users.properties as mentioned earlier
Access Rules
You can define management users with their roles for UConsole management console in the Users
tab in Console Settings
Access control rules can also be changed in the configuration file ULTRA_HOME/uconsole/WEB-
INF/classes/shiro.ini
e.g. Access Control entry with Access URL /services/instances/** and Access
Rule roles[admin] can be defined in the configuration file as follows
/services/instances/** = roles[admin]
5. Switch between multiple ultraesb servers
UConsole management console provides the facility to switch between UltraESB instances with the
Switch Server link on the top menu
Here, you can switch to local instances, defined instances, an instance using Remote JMX URL,
username, password
Switch between servers in the same cluster
When the clustering is enabled for ESBs, users can switch between any other available UltraESB
instances in the same cluster by selecting nodes under ‘Detected Cluster Nodes‘