Bridge example #1

README.adoc

@@ -147,7 +147,7 @@ Consumer ActiveMQQueue[TEST], thread=0 Consumed: 10 messages
 Consumer ActiveMQQueue[TEST], thread=0 Consumer thread finished
 -----
 
-## Bridge Scenario [WIP]
+## Bridge Scenario
 
 . Create two OpenShift project.
 +
@@ -191,26 +191,47 @@ spec:
 
 . Install AMQ Broker Helm Chart on brk2
 +
-`helm upgrade --install mycluster2 amq-broker -n brk2`
+`helm upgrade --install mycluster2 amq-broker -n brk2 -f examples/bridge/values.brk2.yaml`
+
+. Test the installation on brk2
++
+`helm test mycluster2 -n brk2`
 
 . In case of SSL Connector to brk2, create a secret on brk1 to able to connect to brk2.
 +
 [source,bash]
 -----
-mkdir brk2-pki
+mkdir -p examples/bridge/brk2-certs
 
-oc extract secret/mycluster2-amq-broker-all-secret --to=brk2-pki -n brk2
+oc extract secret/mycluster2-amq-broker-all-secret --to=examples/bridge/brk2-certs -n brk2
 
-oc create secret generic mycluster2-amq-broker-all-brk2-secret --from-file=brk2-pki/ -n brk1
+oc create secret generic mycluster2-amq-broker-all-brk2-secret --from-file=examples/bridge/brk2-certs/ -n brk1
 -----
 
 . Install AMQ Broker Helm Chart on brk1
 +
-`helm upgrade --install mycluster amq-broker -n brk1`
+`helm upgrade --install mycluster amq-broker -n brk1 -f examples/bridge/values.brk1.yaml`
 
-. Launch Helm Test to test the bridge connection
+. Test the installation on brk1
 +
-`helm test mycluster1 -n brk1`
+`helm test mycluster -n brk1`
+
+### Test the bridge connection
+
+NOTE: Check <<Test External Client Communication>> to launch producer and consumer command.
+
+. Produce message on brk1
+[source,bash]
+-----
+./artemis producer --user amq --password amq --message-count 10 --url="tcp://${AMQ_ENDPOINT}:443?sslEnabled=true;trustStorePath=./client.ts;trustStorePassword=password" --destination=bridge.test.address
+-----
+
+. Consume message on brk2
+
+[source,bash]
+-----
+./artemis consumer --user amq --password amq --message-count 10 --url="tcp://${AMQ_ENDPOINT}:443?sslEnabled=true;trustStorePath=./client.ts;trustStorePassword=password" --destination=bridge.test.forwarding
+-----
 
 ## Uninstall it
 

amq-broker/templates/_helpers.tpl

@@ -116,7 +116,8 @@ TODO: Read the connector ssl secret automatically
 {{- with $ }}
 <connector name="{{ $connector.name }}">{{ $connector.type }}://{{ $connector.host }}:{{ $connector.port }}
 {{- if $connector.sslEnabled -}}
-;sslEnabled=true;keyStorePath=/etc/{{ $connector.sslSecret }}-volume/broker.ks;keyStorePassword={{ .Values.pki.keyStorePassword }};trustStorePath=/etc/{{ $connector.sslSecret }}-volume/client.ts;trustStorePassword={{ .Values.pki.trustStorePassword }}
+{{- $secret := (lookup "v1" "Secret" .Release.Namespace $connector.sslSecret) -}}
+;sslEnabled=true;keyStorePath=/etc/{{ $connector.sslSecret }}-volume/broker.ks;keyStorePassword={{ get $secret.data "keyStorePassword" }};trustStorePath=/etc/{{ $connector.sslSecret }}-volume/client.ts;trustStorePassword={{ get $secret.data "trustStorePassword" }}
 {{- else -}}
 ;
 {{- end -}}

amq-broker/values.yaml

@@ -66,15 +66,15 @@ acceptors:
   protocols: amqp
   port: 5672
 
-connectors:
-- port: 61617
-  host: mycluster2-amq-broker-all-0-svc.brk2.svc.cluster.local
-  needClientAuth: false
-  name: bridge
-  type: tcp
-# Requires secret created in Advanced.
-  sslEnabled: true
-  sslSecret: mycluster2-amq-broker-all-brk2-secret
+connectors: []
+# - port: 61617
+#   host: mycluster2-amq-broker-all-0-svc.brk2.svc.cluster.local
+#   needClientAuth: false
+#   name: bridge
+#   type: tcp
+# # Requires secret created in Advanced.
+#   sslEnabled: true
+#   sslSecret: mycluster2-amq-broker-all-brk2-secret
 
 addressSettings:
   addressSetting:
@@ -118,6 +118,12 @@ securitySettings:
    manage: admin
 
 bridges: []
+# - name: bridge.test
+#   queueName: bridge.test.address
+#   forwardingAddress: bridge.test.forwarding
+#   user: amq
+#   password: amq
+#   connectorRef: bridge
 
 diverts:
 - name: divert.test

examples/bridge/brk2-certs/ca.crt

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/TCCAeWgAwIBAgIRAN98qPc6QG2UmGzZ+/QHs4swDQYJKoZIhvcNAQELBQAw
+GDEWMBQGA1UEAxMNYW1xLWJyb2tlci1jYTAeFw0yMDEyMTMxOTQwMjdaFw0yMTEy
+MTMxOTQwMjdaMBgxFjAUBgNVBAMTDWFtcS1icm9rZXItY2EwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDM8r2DD30UW5pI6DDmrDbRlo890irtBYq4grRK
+Qc8bpIfLSrmkQGcXmZT3L3OqI0rHilaVKZ5Qwa+FzJdZ0QmKSVuY7Z6eTfxH2R30
+xZHVHZSWUBCyRhNvCvS0sQ+zVLvOzbVZ4xirR6rZoZYYAHULhR2A53S5IK7csGbX
+eEK1RPf+eczZqDvnmIsGWEbqmQQrinKtbj7Rqdv8QnGxDkYhoK8bl6bYGWy7O0i0
+orSmF1gUaB9zQCF213SIQiHMrRtX4NeoyC4x6H2tZJC7Ya1se06u7CE/lcr1Gcuj
+3eutmSw/VwDIrrnt5X1JQqs3jrOZOXMIyHAMIneDFnCrmtgVAgMBAAGjQjBAMA4G
+A1UdDwEB/wQEAwICpDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYD
+VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAbNpWg8sJZh0+vieYITng
+6vndNUtTfyhYnJsSMLTUIHcIfOywoOdU7YFB41kX2LftkZk+witn8w61BriT9Jds
+nk3i2ANJAJ7Bs9zjBI009FkEJpfxbwcAguYmKf2lqOIPAlSYcHOyrS2QLG2+snky
+L2aftD/HC9Or4shIjSKwdEwlzJKr1i0zzqKiDEUVS02I7DvwLpHDIq8NwcfLUBwH
+gLY31dcmcZdeJy73yz2FxOEiTjI0skzLzLwMmOBDsywoLWxYLoUpBw8lqRDigMkc
+fdafmoHim/e3e67fysRTnCtGiW7r9z5Eexf7I1tlYL+peIkgW+tqHPCyDnwbml/k
+fQ==
+-----END CERTIFICATE-----

examples/bridge/brk2-certs/keyStorePassword

@@ -0,0 +1 @@
+password

examples/bridge/brk2-certs/tls.crt

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIQLrzuyjM/AQqQkH1C1vxcIjANBgkqhkiG9w0BAQsFADAY
+MRYwFAYDVQQDEw1hbXEtYnJva2VyLWNhMB4XDTIwMTIxMzE5NDAyN1oXDTIxMTIx
+MzE5NDAyN1owRDFCMEAGA1UEAww5bXljbHVzdGVyMi1hbXEtYnJva2VyLSotc3Zj
+LXJ0ZS1icmsyLmFwcHMuZGV2Lm9wZW5sYWIucmVkMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEA1Lsfhw+8q9j/hm5gVcHUCvNSLuJCGKw6xI8pHr5wIt7Q
+IW5YPr3NBJFYyEO9cyXYinwL/cZkYc631AAku7tUuRF+AtzDI2w17GbQYoF/tIbD
+vV2QNzCF6Kf7r3rlSENGMcWxlX9ctgDpWfL7+6EMUKablO1jzCRuLPCTIUEC/IZy
+QaQhYHGK38nW5I4eQ/kVKTyydt7Hl8HOJ7Zu5cMl7tctRGgD4UZuPONzWnJkbrgA
+uiP/iCMtgbY/Xw4ToXxEmN4pCll7l1uvxNdriLIeJ3mlrU21zL4TNbUPhxES8QCb
+aayeGvnK0F30iKDlG7DRwPOBLuw2A7pexwDo/V7zUwIDAQABo4GsMIGpMA4GA1Ud
+DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0T
+AQH/BAIwADBqBgNVHREEYzBhgjlteWNsdXN0ZXIyLWFtcS1icm9rZXItKi1zdmMt
+cnRlLWJyazIuYXBwcy5kZXYub3BlbmxhYi5yZWSCJG15Y2x1c3RlcjItYW1xLWJy
+b2tlci0qLXN2Yy5icmsyLnN2YzANBgkqhkiG9w0BAQsFAAOCAQEAhcqKQBYWM5yT
+xx7byGegPQBU2WyHp6Tq7xrTlVKrv5/RKjKxKGpegBgY8gFXUTDf0INCVatwH1Pw
+zv0gpemug+Zit4Xt/7aV9AfwAzcrZI8806/+bSpgWqHhDUfoX1pAgg7uIaCntmEg
+9lxs1Z9Use2ImfW15geWOs9F4sjaT4trd5QJDOpSUYjyG+MkEriS2/8nrLrNx7BR
+x5gkod8J+9P5Kkfg8g1tNpWjdx3ZWOALSz96dFtdeRxKEXeagAXfze/LzVmO0/j8
+GK1gQsvrwvMa4gftSra+TCx05rw9v8/MFT2zCRuIs7eK9+D5Eu6niRGqr0aRxSUi
+Cj6gczLnnA==
+-----END CERTIFICATE-----

examples/bridge/brk2-certs/tls.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA1Lsfhw+8q9j/hm5gVcHUCvNSLuJCGKw6xI8pHr5wIt7QIW5Y
+Pr3NBJFYyEO9cyXYinwL/cZkYc631AAku7tUuRF+AtzDI2w17GbQYoF/tIbDvV2Q
+NzCF6Kf7r3rlSENGMcWxlX9ctgDpWfL7+6EMUKablO1jzCRuLPCTIUEC/IZyQaQh
+YHGK38nW5I4eQ/kVKTyydt7Hl8HOJ7Zu5cMl7tctRGgD4UZuPONzWnJkbrgAuiP/
+iCMtgbY/Xw4ToXxEmN4pCll7l1uvxNdriLIeJ3mlrU21zL4TNbUPhxES8QCbaaye
+GvnK0F30iKDlG7DRwPOBLuw2A7pexwDo/V7zUwIDAQABAoIBAGKq7AOb8/mM62+x
+sDL2dOAjXWHrhZamA5f5gqwEzkQOLmDjKkDnjbjppVE1wiAvVJFe2bz6EMMguzi0
+XFVKnRA9ocG4HTZH0Xb1dP/Laq0TuKQTSnmeou13RJBuovvyYBNjy2s4qIquP419
+2wwp9WlO7WiU9q3P0946MzPAUJ9I70beHmig7qnbVqHa7LNVpelIzuHdYjJ5Yleu
+x7My+8aS41wG8A+9fDTSMbhH+EQRvLzrnhVtcnseVA6nVhwFudsjUs79me84WLRu
+tmL5lljD5m0s/h4vdc0gjRo4HsdnNc5bMs4SlCP2rHAnM2xvs3fv5A7dQvoNFZcZ
+i/6omYECgYEA/2undnqZ9tufHuCqOUXn3ItS+z407biedxkHgLXOx4AEDLwvkYJO
+27imJAV5JRkzcbs3CxawpoMYfRB87kWNimIXRC1Upub1AAqNUzaTU/d9tioSS5Xa
+6xJExJOUFbBJingB1YkEK6w8D2MtAqJXgKcWjZkaoYNJl2UK+k1WnhMCgYEA1Tas
+4FY4iXCuzbMtuXdJ9zrbbCBL9qAJUWfckuTvYiJDorW615AHQ0OZIQ7fWpqRnTb+
+2fBpRb7Y69gCQPrYsDflQV3eyAhQloopzHE2zmmJhc8Vn5lm0xssfqNedb+qqtuK
+9LCrvBL8rOgLGEA0kqse5z/No9XYqnGKPa7j/cECgYEAypGOlqBVSzqSz+JOHm4a
+nQbCIRAM2hv5UWtAUAvgmsgkbhUxhK1b7VZcLWVJ1upNqn1YAitUnjqKSWWyLyZq
+Qr3YxfFNmbDBze6QdtZpscYupTJooBmRLa2nbF++qhTNvku+6KNp81j9qRZ2tAgc
+baQWduZeAIom6zLvqeN8NpECgYBBjfv9RcVATMsSJ8MpQQoW35vTVOLGQ1JaGyrw
+Zz9K1uogvuthl8ED52bPiTkXLGsVAXG+JHLZpOIhMVsQC5BQLf9o56m1qwjMIFLV
+rwGA2WYVJCSr24iH49T8YtKKNZIN0k6ZCTDkNJpHt1ih7iu75K0twKpDc16YmSw9
+5uXmgQKBgQDE485D4ozKu0gOaSGHCuvTgPA93VtwqPwjF6NAeaan1D5mouZkzuV0
+q6uMYmyO6flyLh1XqSakwDmRkx2lObryuHnPLvCtEyFf8Xoq6PxhhtNt97e/h6NS
+d55b5csFTTwkL4dVmluIykqqWXIG0RK3C1DMtDcxt+odpJJ/OQLCAw==
+-----END RSA PRIVATE KEY-----

examples/bridge/brk2-certs/trustStorePassword

@@ -0,0 +1 @@
+password

examples/bridge/values.brk1.yaml

@@ -0,0 +1,137 @@
+# Default values for amq-broker.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+  repository: registry.redhat.io/amq7/amq-broker
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: ""
+
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+resources: {}
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+# OpenSSL and Keytool
+keytool:
+  image:
+    repository: docker.io/adoptopenjdk
+    pullPolicy: IfNotPresent
+    tag: 11
+
+# OpenShift Client
+oc:
+  image:
+    repository: quay.io/openshift/origin-cli
+    pullPolicy: IfNotPresent
+    tag: 4.6
+
+# AMQ Broker Specific
+
+adminPassword: amq
+adminUser: amq
+
+pki:
+  self: true
+  trustStorePassword: password
+  keyStorePassword: password
+
+console:
+  expose: true
+  sslEnabled: false
+
+acceptors:
+- name: all
+  protocols: all
+  port: 61617
+  expose: true
+  sslEnabled: true
+- name: amqp
+  protocols: amqp
+  port: 5672
+
+connectors:
+- port: 61617
+  host: mycluster2-amq-broker-all-0-svc.brk2.svc.cluster.local
+  needClientAuth: false
+  name: bridge
+  type: tcp
+# Requires secret created in Advanced.
+  sslEnabled: true
+  sslSecret: mycluster2-amq-broker-all-brk2-secret
+
+addressSettings:
+  addressSetting:
+  - addressFullPolicy: PAGE
+    autoCreateDeadLetterResources: true
+    autoCreateExpiryResources: true
+    deadLetterQueueSuffix: .eq
+    expiryQueueSuffix: .eq
+    maxSizeBytes: '52428800'
+    redeliveryDelay: 1000
+    match: '#'
+
+addresses:
+- addressName: com.my.queue
+  queueName: com.my.queue
+  routingType: anycast
+- addressName: divert.test.address
+  queueName: divert.test.address
+  routingType: anycast
+- addressName: divert.test.forwarding
+  queueName: divert.test.forwarding
+  routingType: anycast
+- addressName: bridge.test.address
+  queueName: bridge.test.address
+  routingType: anycast
+
+securitySettings:
+ users:
+ - name: test
+   password: test
+   role: guest
+ securitySetting:
+ - match: 'com.my.queue.#'
+   createNonDurableQueue: admin
+   deleteNonDurableQueue: admin
+   createDurableQueue: admin
+   deleteDurableQueue: admin
+   createAddress: admin
+   deleteAddress: admin
+   consume: admin
+   browse: admin
+   send: admin
+   manage: admin
+
+bridges:
+- name: bridge.test
+  queueName: bridge.test.address
+  forwardingAddress: bridge.test.forwarding
+  user: amq
+  password: amq
+  connectorRef: bridge
+
+diverts:
+- name: divert.test
+  address: divert.test.address
+  forwardingAddress: divert.test.forwarding
+  exclusive: true
+
+clusterDomain: apps.dev.openlab.red
+