The issue was with java keystore:
pe-activemq started fine
$ sudo /etc/init.d/pe-activemq start
* pe-activemq started
However by watching PS I noticed activemq tried to start but failed almost immediately. I modified the startup script to do some debugging:
start() {
echo -n "Starting $APP_NAME... "
getpid
if [ "X$pid" = "X" ]
then
# original command
# COMMAND_LINE="$CMDNICE $WRAPPER_CMD $WRAPPER_CONF wrapper.syslog.ident=$APP_NAME wrapper.pidfile=$PIDFILE wrapper.daemonize=TRUE $ANCHORPROP $IGNOREPROP $LOCKPROP"
# custom command with deamonize=FALSE
COMMAND_LINE="$CMDNICE $WRAPPER_CMD $WRAPPER_CONF wrapper.syslog.ident=$APP_NAME wrapper.pidfile=$PIDFILE wrapper.daemonize=FALSE $ANCHORPROP $IGNOREPROP $LOCKPROP"
echo "executing [$COMMAND_LINE]"
Starting pe-activemq gave the following error
jvm 1 | ERROR | Failed to start ActiveMQ JMS Message Broker. Reason: java.io.IOException: Transport Connector could not be registered in JMX: Failed to bind to server socket: stomp+ssl://0.0.0.0:61613 due to: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.DefaultSSLContextImpl)
It looked like an issue with the keystore. The /opt/puppet/activemq/conf/activemq-wrapper.conf configuration file gives you the following details:
set.default.ACTIVEMQ_BASE=/opt/puppet/activemq
wrapper.working.dir=/var/log/pe-activemq
[...]
# Enable SSL of the Stomp Connection (Note, this provides encryption only as per #10596)
wrapper.java.additional.7=-Djavax.net.ssl.keyStorePassword=puppet
wrapper.java.additional.8=-Djavax.net.ssl.keyStore=%ACTIVEMQ_BASE%/conf/broker.ks
# The trust store need not be present.
wrapper.java.additional.9=-Djavax.net.ssl.trustStorePassword=puppet
wrapper.java.additional.10=-Djavax.net.ssl.trustStore=%ACTIVEMQ_BASE%/conf/broker.ts
FYI /opt/puppet/activemq/conf is a symlink to /etc/puppetlabs/activemq
In that directory, the broket.ts file exists, but broker.ks was missing
Based on this page (http://activemq.apache.org/how-do-i-use-ssl.html), I did the following
$ cd /etc/puppetlabs/activemq
$ sudo keytool -genkey -alias broker -keyalg RSA -keystore broker.ks
=> provided puppet password everywhere
Then activemq was starting fine
jvm 1 | INFO | Using Persistence Adapter: KahaDBPersistenceAdapter[/opt/puppet/activemq/data/kahadb]
jvm 1 | INFO | KahaDB is version 3
jvm 1 | INFO | Recovering from the journal ...
jvm 1 | INFO | Recovery replayed 1 operations from the journal in 0.022 seconds.
jvm 1 | INFO | ActiveMQ 5.5.0 JMS Message Broker (localhost) is starting
jvm 1 | INFO | For help or more information please see: http://activemq.apache.org/
jvm 1 | INFO | Installing StaticsBroker
jvm 1 | INFO | Starting StatisticsBroker
jvm 1 | INFO | Listening for connections at: tcp://myserver:61616
jvm 1 | INFO | Connector openwire Started
jvm 1 | INFO | Listening for connections at: stomp+ssl://myserver:61613
jvm 1 | INFO | Connector stomp+ssl Started
jvm 1 | INFO | ActiveMQ JMS Message Broker (localhost, ID:myserver-44300-1324455724257-0:1) started
jvm 1 | INFO | jetty-7.1.6.v20100715
jvm 1 | INFO | ActiveMQ WebConsole initialized.
jvm 1 | INFO | Initializing Spring FrameworkServlet 'dispatcher'
jvm 1 | INFO | ActiveMQ Console at http://0.0.0.0:8161/admin
jvm 1 | INFO | WebApp@2109578614 at http://0.0.0.0:8161/camel
jvm 1 | INFO | WebApp@2109578614 at http://0.0.0.0:8161/demo
jvm 1 | INFO | WebApp@2109578614 at http://0.0.0.0:8161/fileserver
jvm 1 | INFO | Started SelectChannelConnector@0.0.0.0:8161
ISSUE RESOLVED
You are on the right track with the External Node Classifier. It is a bit difficult to wrap your head around, but one you get it working you will never look back and I cannot recommend doing it strongly enough. I went to the puppet IRC room when i had trouble and they helped me get mine working.
Applying different modules based on OS is fine. I run a 300+ node environment with BSD and RHEL and we do it. Instead of having the the OS be a node, we have it as own class because . So instead of "node OS inherits basenode", we do have the ENC pass back something like this:
node web-prod-007 {
$node_environment="production"
include web_server_class # this then inherits basenode
include centos6::server #
include logging::rsyslog
}
...etc
how you do it depends on how you want your inheritance to work, if you want to modify the things in basenode depending on operating system, then having OS inherit basenode is the right way to go.
TLDR, what you are doing is okay, and look into ENC's because they make life easier.
EDIT: 2. I dont use Dashboard so I dont know.
Best Answer
Turns out I misunderstood how the dashboard worked. One creates the base classes manually, and then uses the dashboard to group classes and nodes. The policy does not get itself modified in the process except to modify the base classes.