Configuring ActiveMQ for High Availability Environments
The ActiveMQ implementation is intended for sending messages between two applications, or two components inside one application. ActiveMQ supports distributed messaging across a network of brokers. This allows a client to connect to any broker in the network and fail over to another broker in case there there is a failure, providing a high availability cluster of brokers from the client’s perspective.
This instruction defines the procedure for configuring ActiveMQ in High Availability (Cluster) environments for v9.3.0 and up.
Configuring High Availability for the First Time
Follow the instructions provided in ActiveMQ for High Availability Environments Configuration Guide.
Upgrading from v9.0.0
During the upgrade, the following two files are backed up in the ..\Checkmarx\Checkmarx ActiveMQ\conf path:
activemq.xml is backed up in the file: activemq_backup.xml
credentials-enc.properties is backed up in the file: credentials-enc_backup
Changes in the files above are automatically merged during the upgrade process.
Configuring Environment Variables
In version 9.3.0, several environment variables have been introduced to CxSAST Manager and CxSAST Engine environments.
Access Control Environment Variables
In every Manager environment:
Set the ActiveMessageQueueURL environment variable with the ActiveMQ URI
Engine Service Environment Variables
In every Engine environment:
Set the CX_ES_MESSAGE_QUEUE_URL environment variable with the ActiveMQ URI
Notice
ActiveMQ URIis defined with theActiveMQ Connection URIStep in the ActiveMQ for High Availability Environments Configuration Guide.
Restarting ActiveMQ Client Services
After you finished configuring, you have to restart the services listed below as outlined for changes to take effect:
After editing database (DB) values:
Scans Manager Service
Results Service
After editing Access Control (AC) environment variables:
Access Control Service (IIS)
After editing Engine Services (ES) environment variables:
Engine Service
ActiveMQ for High Availability Environments Configuration Guide
The ActiveMQ implementation is intended for sending messages between two applications, or two components inside one application. In CxSAST the Active MQ is used to pass the results from the engines to the manager and also to pass the incremental file list. In addition it is also used to sync users between Access Control and the CxSAST application.
ActiveMQ supports distributed messaging across a network of brokers. This allows a client to connect to any broker in the network and fail over to another broker in case there there is a failure, providing a high availability cluster of brokers from the client’s perspective.
This instruction defines the procedure for configuring ActiveMQ in High Availability (Cluster) environments.
Notice
ActiveMQ Servers operate as an active-passive cluster with failover and without failback.
Notice
Make sure that port 61616 is open in all relevant firewalls between the ActiveMQ server and the following components:
CxManager servers (for Access Control, Scan Manager and Results Services). This includes high availability configurations with multiple CxManagers.
CxEngine servers
M&O server
Configuring ActiveMQ Brokers
To configure ActiveMQ brokers:
Once CxSAST (v9.0.0 and up) environment is setup and fully configured, do the following:
1. Navigate to the Checkmarx ActiveMQ\conf folder and open the ‘activemq.xml’ file.
2. Edit the <persistenceAdapter> tag to point to a valid shared storage location, such as:
Notice
Make sure that the database directory navigates to your shared directory.
3. Perform the same procedure for all ActiveMQ brokers in the high availability cluster.
4. Reassure that the ActiveMQ service account has read and write access to the shared storage location. ActiveMQ will create the directory if it doesn't exist.
Once you have completed the ActiveMQ broker configuration, you can now configure the ActiveMQ clients.
Notice
Shared file system should be set up and configured according to the official ActiveMQ documentation
Configuring ActiveMQ Clients
To configure ActiveMQ clients:
1. Open MS SQL Server Management Studio.
2. Connect to the SQL server.
3. Go to Databases > CxDB > Tables.
4. Expand the Tables repository to view its content and navigate to dbo.CxComponentConfiguration.
5. Right-click dbo.CxComponentConfiguration and then select Edit Rows.
6. In the ActiveMessageQueueURL key field, enter the ActiveMQ URI.
Use the following URI format: failover:<protocol>://<FQDN>:<port>,<protocol>://<FQDN>:<port>
Example for ActiveMQ URI for High Availability: failover:tcp://broker1:61616,tcp://broker2:61616
Example for ActiveMQ URI for High Availability with TLS: failover:ssl://broker1:61616,ssl://broker2:61616
7. Return to the Tables repository, navigate to and right-click Config.CxEngineConfigurationKeysMeta and then select Edit Rows.
8. In the ACTIVE_MESSAGE_QUEUE_URL key field, enter the ActiveMQ URI.
Notice
These steps can be performed by using the following DB TSQL script:
(replace <broker1> and <broker2> with your respective values)
DECLARE @AmqString varchar(1000)
SET @AmqString = 'failover:tcp://<broker1>:61616,tcp://<broker2>:61616'
Update [CxDB].[dbo].CxComponentConfiguration
set [Value] = @AmqString
where [Key] = 'ActiveMessageQueueURL'
Update [CxDB].[Config].[CxEngineConfigurationKeysMeta]
set [DefaultValue] = @AmqString
where [KeyName] = 'ACTIVE_MESSAGE_QUEUE_URL'
Final steps:
1. Open the Windows Services and stop the ActiveMQ service.
2. Once the file lock inside the shared ActiveMQ folder disappears, delete the data folder.
Restarting ActiveMQ Client Services
Restart the following services for the changes to take effect in all manager environments:
Scans Manager Service
Results Service
Access Control (IIS)