Skip to main content

Configuring ActiveMQ for High Availability Environments

The ActiveMQ implementation is intended for sending messages between two applications, or two components inside one application. ActiveMQ supports distributed messaging across a network of brokers. This allows a client to connect to any broker in the network and fail over to another broker in case there there is a failure, providing a high availability cluster of brokers from the client’s perspective.

This instruction defines the procedure for configuring ActiveMQ in High Availability (Cluster) environments for v9.3.0 and up.

Configuring High Availability for the First Time

Follow the instructions provided in ActiveMQ for High Availability Environments Configuration Guide.

Upgrading from v9.0.0

During the upgrade, the following two files are backed up in the ..\Checkmarx\Checkmarx ActiveMQ\conf path:

  • activemq.xml is backed up in the file: activemq_backup.xml

  • credentials-enc.properties is backed up in the file: credentials-enc_backup

Changes in the files above are automatically merged during the upgrade process.

Configuring Environment Variables

In version 9.3.0, several environment variables have been introduced to CxSAST Manager and CxSAST Engine environments.

Access Control Environment Variables

In every Manager environment:

  • Set the ActiveMessageQueueURL environment variable with the ActiveMQ URI

Engine Service Environment Variables

In every Engine environment:

  • Set the CX_ES_MESSAGE_QUEUE_URL environment variable with the ActiveMQ URI

Notice

ActiveMQ URIis defined with theActiveMQ Connection URIStep in the ActiveMQ for High Availability Environments Configuration Guide.

Restarting ActiveMQ Client Services

After you finished configuring, you have to restart the services listed below as outlined for changes to take effect:

  • After editing database (DB) values:

    • Scans Manager Service

    • Results Service

  • After editing Access Control (AC) environment variables:

    • Access Control Service (IIS)

  • After editing Engine Services (ES) environment variables:

    • Engine Service

ActiveMQ for High Availability Environments Configuration Guide

The ActiveMQ implementation is intended for sending messages between two applications, or two components inside one application. In CxSAST the Active MQ is used to pass the results from the engines to the manager and also to pass the incremental file list. In addition it is also used to sync users between Access Control and the CxSAST application.

ActiveMQ supports distributed messaging across a network of brokers. This allows a client to connect to any broker in the network and fail over to another broker in case there there is a failure, providing a high availability cluster of brokers from the client’s perspective.

This instruction defines the procedure for configuring ActiveMQ in High Availability (Cluster) environments.

Notice

ActiveMQ Servers operate as an active-passive cluster with failover and without failback.

Notice

Make sure that port 61616 is open in all relevant firewalls between the ActiveMQ server and the following components:

  • CxManager servers (for Access Control, Scan Manager and Results Services). This includes high availability configurations with multiple CxManagers.

  • CxEngine servers

  • M&O server

Configuring ActiveMQ Brokers

To configure ActiveMQ brokers:

Once CxSAST (v9.0.0 and up) environment is setup and fully configured, do the following:

1. Navigate to the Checkmarx ActiveMQ\conf folder and open the ‘activemq.xml’ file.

2. Edit the <persistenceAdapter> tag to point to a valid shared storage location, such as:

Notice

Make sure that the database directory navigates to your shared directory.

3. Perform the same procedure for all ActiveMQ brokers in the high availability cluster.

4. Reassure that the ActiveMQ service account has read and write access to the shared storage location. ActiveMQ will create the directory if it doesn't exist.

Once you have completed the ActiveMQ broker configuration, you can now configure the ActiveMQ clients.

Notice

Shared file system should be set up and configured according to the official ActiveMQ documentation

Configuring ActiveMQ Clients

To configure ActiveMQ clients:

1. Open MS SQL Server Management Studio.

2. Connect to the SQL server.

3. Go to Databases > CxDB > Tables.

6436183685.png

4. Expand the Tables repository to view its content and navigate to dbo.CxComponentConfiguration.

5. Right-click dbo.CxComponentConfiguration and then select Edit Rows.

6. In the ActiveMessageQueueURL key field, enter the ActiveMQ URI.

Use the following URI format: failover:<protocol>://<FQDN>:<port>,<protocol>://<FQDN>:<port>

Example for ActiveMQ URI for High Availability: failover:tcp://broker1:61616,tcp://broker2:61616

Example for ActiveMQ URI for High Availability with TLS: failover:ssl://broker1:61616,ssl://broker2:61616

7. Return to the Tables repository, navigate to and right-click Config.CxEngineConfigurationKeysMeta and then select Edit Rows.

8. In the ACTIVE_MESSAGE_QUEUE_URL key field, enter the ActiveMQ URI.

Notice

These steps can be performed by using the following DB TSQL script:

(replace <broker1> and <broker2> with your respective values)

DECLARE @AmqString varchar(1000)

SET @AmqString = 'failover:tcp://<broker1>:61616,tcp://<broker2>:61616'

Update [CxDB].[dbo].CxComponentConfiguration

set [Value] = @AmqString

where [Key] = 'ActiveMessageQueueURL'

Update [CxDB].[Config].[CxEngineConfigurationKeysMeta]

set [DefaultValue] = @AmqString

where [KeyName] = 'ACTIVE_MESSAGE_QUEUE_URL'

Final steps:

1. Open the Windows Services and stop the ActiveMQ service.

2. Once the file lock inside the shared ActiveMQ folder disappears, delete the data folder.

Restarting ActiveMQ Client Services

Restart the following services for the changes to take effect in all manager environments:

  • Scans Manager Service

  • Results Service

  • Access Control (IIS)