Deploying Red Hat AMQ on Openshift 4

Introduction

This article describes how to deploy the Red Hat AMQ on Openshift 4, there are different solutions to install software on it. We'll use a template that describes a set of objects that can be parameterized and processed to produce a list of objects for creation by the OpenShift Container Platform. A template can be processed to create anything you have permission to create within a project, for example, services, build configurations, and deployment configurations. A template can also define a set of labels to apply to every object defined in the template.

Let's follow the steps in this article to set up and deploy the Red Hat AMQ broker and expose it. We have to create a route for the broker so that clients outside of the OpenShift Container Platform can connect using SSL. The broker protocols are available through the 61617/TCP port, however, we configure the 5671/TCP for AMQP traffic secured with TLS authentication.

Deploying the Red Hat AMQ.

To deploy the Red Hat AMQ SSL, the template that will be used is here. We have to follow 5 steps to deploy the broker and expose it to external access.

• Create a project or use an existing one.

$ oc login -u admin -p password <master-api>
$ oc new-project amq-broker

• Set up the Keystore and Trustore. There is a script to generate the certificates here.

$ ./certs.sh

• Create a secret to store the broker Trustore and Keystore generated above.

$ ls
broker_cert  broker.ks  broker.ts  certsh.sh  client_cert  client.ks  client.ts

$ oc create secret generic amq-dev-app-secret \
	--from-file=broker.ks --from-file=broker.ts

• Create a secret containing the broker credentials and the trustore password.

$ oc create secret generic amq-credential-secret \
	--from-literal username=admin --from-literal password=admin \
    --from-literal  amq_truststore_password=<trustore_password_generated> \
    --from-literal amq_keystore_password==<keystore_password_generated>

• Import the template.

$ oc create -f https://raw.githubusercontent.com/rafamqrs/amq-ssl-ocp-dzone/main/template/amq-broker-74-ssl.yaml

• Check if the broker is running.

$ oc get pods -n amq-dev
NAME                      READY   STATUS      RESTARTS   AGE
amq-broker-amq-1-b4t74    1/1     Running     0          5h47m
amq-broker-amq-1-deploy   0/1     Completed   0          5h47m

• The last step is to create a route passthrough to external access. In some cases, it is necessary for external access, however, if your application is running inside the Openshift, use the Service.

$ oc create route passthrough --service=amq-dev-amq-amqp-ssl --port=5671

Testing the AMQ Broker

Finally, we are able to test the connection with the broker and producer/consumer some messages. There is an application built using the spring-boot and amqp-10-jms library, you can find the application code on the Github repository. If you want to use it, just change the application.properties and modify these values:

• amqphub.amqp10jms.remote-url=<amq-openshift-route>?transport.trustStoreLocation=<clientsdirectory>/client.ts&transport.trustStorePassword=<trustorepassword>&transport.verifyHost=false
• amqphub.amqp10jms.username=<amq-user>
• amqphub.amqp10jms.password=<amq-password>

Run the application and check if the logging is showing messages are produced and consumed by the app.

$ mvn clean spring-boot:run
2022-01-26 00:26:33.460  INFO 826541 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 8080 (http) with context path ''
2022-01-26 00:26:35.105  INFO 826541 --- [pentlc.com:443]] org.apache.qpid.jms.JmsConnection        : Connection ID:688b249b-1395-4099-9e1b-8e6981994b19:1 connected to server: amqps://<openshift-route>:443
2022-01-26 00:26:35.135  INFO 826541 --- [           main] com.amq.jms.client.AmqJMSClientApp       : Started AmqJMSClientApp in 2.59 seconds (JVM running for 2.781)
Sending 'The Godfather (1972)'
Received 'The Godfather: Part II (1974)'
2022-01-26 00:26:36.562  INFO 826541 --- [pentlc.com:443]] org.apache.qpid.jms.JmsConnection        : Connection ID:852e9cee-f59e-4c6c-9a7e-47aee4076b0f:2 connected to server: amqps://<openshift-route>:443
Received 'The Godfather (1972)'
Sending 'The Godfather: Part II (1974)'
2022-01-26 00:26:38.853  INFO 826541 --- [pentlc.com:443]] org.apache.qpid.jms.JmsConnection        : Connection ID:0683216c-ce90-416d-90e9-44a3c7f81954:3 connected to server: amqps://<openshift-route>:443
Received 'The Godfather: Part II (1974)'
Sending 'Eddie Murphy: Raw (1987)'
2022-01-26 00:26:41.103  INFO 826541 --- [pentlc.com:443]] org.apache.qpid.jms.JmsConnection        : Connection ID:b105db0d-d04a-435b-9f77-774401dd7b26:4 connected to server: amqps://<openshift-route>:443
Received 'Eddie Murphy: Raw (1987)'
Sending 'Gladiator (2000)'