TIBCO BUSINESS WORKS VIDEOS

SSL Configuration in Tibco EMS SERVER

There is a sample SSL configuration you should start with in <tibco_home>/ems/<version>/samples/config called tibemsdssl.conf.

Start it with “tibemsd -config tibemsdssl.conf”.

Take a look at the properties.

The EMS Server is using the certificate “server.cert.pem” as its identity, adn it will trust certificates that were signed by

client_root.cert.pem.

ssl_server_identity = ../certs/server.cert.pem

ssl_server_key = ../certs/server.key.pem

ssl_password = $man$WjtSRCpaXu7hoTkDlcEPr6KNKRr

# Server Issuer certificate(s).# Supports PEM, DER and PKCS#12.# This may be a part of PKCS12 specified by

ssl_server_identity

ssl_server_issuer =

# Trusted issuers of client certificates. Supports PEM, DER and PKCS7.

ssl_server_trusted = ../certs/client_root.cert.pem

So…you can use client_identity.p12 in your BW project as an Identity (there is a README in the certs directory explaining the relationships), and use server_root.cert.pem so you can trust the server.cert.pem by importing it into a Trusted Certificates folder in your BW project.

There are also SSL properties for FT heartbeats:

ft_ssl_identity =

ft_ssl_issuer =

ft_ssl_private_key =

ft_ssl_password =

ft_ssl_trusted =

ft_ssl_verify_host =

ft_ssl_verify_hostname =

ft_ssl_expected_hostname=

ft_ssl_ciphers =

Gems (Graphical Administration Tool for EMS)

Gems v3.2

Gems is a graphical user interface utility for TIBCO Enterprise Message Service (EMS). It can be used by JMS developers as a general purpose test debugging tool and by administrative support staff as a management and monitorig tool.

Gems provides the following main features:

•Server Monitoring. Server state and main statistics are automtically updated, warning and error limits may be configured. Server generated events are also captured.

•Server Management. Including, general server configuration, JMS destinations, JNDI factories, users/groups, permissions, bridges, routes etc.

•JMS support. Messages may be sent/received, queues may be browsed and message contents inspected. Selectors and filters may be specified.

•JMS Message Monitoring. Messages may be monitored (snooped) as they pass trough the server. Request and reply messages can be correlated to provide service response times.

•JMS Message Management. Eg; purging messages, copy messages from a queue to another queue on a different server.

•Charting. Server statistics may be charted in real time, data may be saved to CSV files for export to other tools such as Excel.

•Logging. Server statistics may be logged automatically when warning or error limits are breached.

•Security. SSL connectivity, view only mode.

•Customisable display and look and feel.

•Support for Managing and Monitoring TIBCO SubStation

Requires:

•Tibco EMS 4.x, EMS 5., EMS 6.x

•JRE 1.5 or higher

Tibco EMS Monitoring

If you are using Tibco EMS, you should be aware that there is a decent tool that comes with the Tibco SDK that allows you to monitor all activity that goes on in your broker. In the directory c:\tibco\ems\bin, you will find a command-line application called tibemsmonitor.exe. If you run this utility, you can see every connect/disconnect, every creation and destruction of a MessageProducer and MessageConsumer, every creation of a topic or queue.

tibemsmonitor -monitor <topic>

[-server <server-url>]

[-user <name>]

[-password <password>]

[-selector <text>]

[-short]

[-help]

[-helpssl]

tibemsmonitor -server “tcp://emshost:7222″ -monitor “>”

tibemsadmin [-server] [-user] [-password]

tibemsadmin.exe -server “tcp://emshost:7222″ -user admin -password admin123

tibemsd

[-config <filename>]

[-ft_active <active_url>]

[-ft_heartbeat <seconds>]

[-ft_activation <seconds>]

[-ssl_password <string>]

[-trace <items>]

[-ssl_trace]

[-ssl_debug_trace]

[-help]

tibemsd -config c:\tibco\cfgmgmt\ems\data\tibemsd.conf

How to handle corrupted message in EMS datastore?

Problem Description

When a message is corrupted in the EMS database, you may notice the following errors in the EMS log file:

SEVERE ERROR: Exception trying to read message from store.

ERROR: Exception trying to create message from store: IO failed.

SEVERE ERROR: Exception trying to create valid messages record, Invalid message.

SEVERE ERROR: Persisted message possibly corrupt.

SEVERE ERROR: Exception trying to create valid messages record, Invalid message.

When your client tries to consume the message, you may get a “javax.jms.JMSException: Corrupted incoming data message” exception.

When a corrupted message is sent to a client and the client application cannot process the corrupted message properly, the client will block successive messages sent to it. These messages will remain queued on the server and will not be consumed by the client.

Possible Reasons for Generating Corrupted Messages in the EMS Datastore

1. A hardware problem with the physical disk: Media error

2. Forced unmount of a physical disk when the disk is in use, or a hard disk in operation having been unplugged.

3. Locking problem, the record in the db file has been modified by different applications/threads of the application at the same time.

4. The EMS server receives a corrupt message.

5. The machine was terminated abruptly. For example: a running system in operation has been unplugged, etc.

Solution

When one or more messages are corrupted and a client cannot receive the corrupted messages, you can do the following to delete the corrupted messages:

1. If you have already enabled the “track_message_ids” then you should try to remove the corrupt message as follows. To enable track_message_ids, in EMS main configuration file, set: in tibemsd.conf

track_message_ids=enabled.

a) Use the tibemsadmin command (available in EMS_Home\bin directory) to set server console_trace = +MSG (or set log_trace if that is more appropriate).

b) Use the tibemsadmin command to set addprop queue trace.

c) When the server delivers the corrupted message to the consumer, the server should print the message ID.

d) Use the tibemsadmin command “delete message” with that message ID to remove the corrupted message.

e) Undo steps a) and b), if needed.

How to Configure EMS 5.x Server with Database Datastore?

EMS 5.x can be configured to use a database to store messages. The following steps have been tested on a Windows host to configure EMS 5.x with a database. For other platforms, the steps will be similar.

Setup Steps:

1. Install EMS 5.x

2. Download and install JDK 1.5 or later

3. Download and install Hibernate from the link provided at the EMS 5.x download on http:

download.tibco.com.

4. Download the corresponding database JDBC drivers. They can be found on the Internet. The corresponding jar files for the JDBC need to be added to dbstore_classpath in EMS main configuration file.

For example:

1). MySQL InnoDB

MySQL Connector:

mysql-connector-java-5.0.6-bin.jar

2). Microsoft SQL Server

Microsoft JDBC Driver for SQL Server:

sqljdbc.jar

3). Oracle 9i and 10g

Oracle JDBC Thin Driver:

ojdbc14.jar or ojdbc5.jar

4). IBM DB2 Server 8.1 and 9.1

DB2 Universal JDBC Driver:

db2jcc.jar and db2jcc_license_cu.jar

5. Modify the sample EMS main configuration file used for database: c:\tibco\ems\5.0\samples\config\tibemsd-db.conf:

Modify the variables: dbstore_classpath, dbstore_driver_name, dbstore_driver_dialect, jar_library to reflect your own settings and database.

Here is an example which uses the Oracle 10g database:

==============================================

dbstore_classpath = c:\tibco\components\eclipse\plugins\com.tibco.tpcl.org.hibernate_3.2.5.001\hibe rnate3.jar;c:\tibco\components\eclipse\plugins\com.tibco.tpcl.org.com.mchange.c3 p0_0.9.1.001\c3p0-0.9.1.jar;c:\tibco\EMS\5.0\bin\antlr-2.7.6.jar;c:\tibco\EMS\5. 0\bin\asm-attrs.jar;c:\tibco\EMS\5.0\bin\asm.jar;c:\tibco\EMS\5.0\bin\cglib-2.1. 3.jar;c:\tibco\EMS\5.0\bin\commons-collections-2.1.1.jar;c:\tibco\EMS\5.0\bin\co mmons-logging-1.0.4.jar;c:\tibco\EMS\5.0\bin\dom4j-1.6.1.jar;c:\tibco\EMS\5.0\bi n\ehcache-1.2.3.jar;c:\tibco\EMS\5.0\bin\jta.jar;C:\tibco\EMS\5.0\databaselib\oj dbc14.jar;C:\tibco\EMS\5.0\bin\ojdbc14.jar

dbstore_driver_name = oracle.jdbc.driver.OracleDriver

dbstore_driver_dialect = org.hibernate.dialect.Oracle10gDialect

jre_library = C:\jdk1.5.0_06\jre\bin\server\jvm.dll

==============================================

6. Create database users for EMS usage in the database. The users should have permissions to create, alter, delete, update for table, index and sequence.

7. Modify c:\tibco\ems\5.0\samples\config\stores-db.conf to put your own database store information:

Example, in stores-db.conf, defines oracle database information:

$sys.failsafe

type=dbstore

dbstore_driver_url=jdbc:oracle:thin:adminfs/[email protected]//osrv_1:1521/orclperf

dbstore_driver_username=adminfs

dbstore_driver_password=admin123

8. Modify the file queues.conf or topics.conf to define where the messages will be stored:

Example, in the file queues.conf:

TIBCO.quotes maxbytes=10MB,trace,store=$sys.failsafe

9. Use the schema export tool to export the EMS schema into database:

Example:

java -jar c:\tibco\ems\5.0\bin\tibemsd_util.jar -tibemsdconf c:\tibco\ems\5.0\samples\config\tibemsd-db.conf -createall -export

See the TIBCO Enterprise Message Service User’s Guide, Chapter 5, entitled “Running the EMS Server” for details about the schema export tool.

10. Start the EMS server using c:\tibco\ems\5.0\samples\config\tibemsd-db.conf

How to Secure the Database Password in EMS 5.x Configuration file?

When defining the database stores in EMS 5.x, you will need to define the following parameters in stores.conf:

dbstore_driver_url = JDBCURL

dbstore_driver_username = username

dbstore_driver_password = password

The database password can be entered as clear text for two parameters: dbstore_driver_password and dbstore_driver_url.

1. dbstore_driver_password

You can also use a mangled password for the dbstore_driver_password. That is, you can use the tibemsadmin tool to mangle a database password and define the mangled password for dbstore_driver_password.

For example, you can run the tibemsadmin command to mangle a clear text password:

===================================================

tibemsadmin.exe -mangle

TIBCO Enterprise Message Service Administration Tool.

Copyright 2003-2008 by TIBCO Software Inc.

All rights reserved.

Version 5.0.0 V27 4/29/2008

Enter phrase to mangle:

Confirm phrase to mangle:

$man$-RV84410jfkIKs3GET2dmcc5MPs

===================================================

In stores.conf, you can define the mangled password for dbstore_driver_password:

dbstore_driver_password=$man$-RV84410jfkIKs3GET2dmcc5MPs

2. dbstore_driver_url

When defining dbstore_driver_url for an Oracle database, the URL format is entered as following:

jdbc:oracle:thin:/@:/{remote database name} If you don’t want to enter the clear text database password within the URL, you can define the Oracle service name (aliase name) for the database using the following syntax: dbstore_driver_url=jdbc:oracle:thin:@:/{dbservice name}

This way you don’t need to define dbusername and dbpassword in the dbstore_driver_url parameter.

Hawk rule for monitoring queue

You can use the ems admin API to get the queue stats and check against the flowcontrol value to find out if it exceeds 80%. Call the API using a script from hawk & send mail when it exceeds.

Please find the below code.

/*

* Copyright 2007-2010 SRIK Solutions Pvt Ltd Inc.

* All rights reserved.

* For more information, please contact us :

*

*

*/

import java.util.*;

import javax.jms.Topic;

import javax.jms.Queue;

import javax.jms.Destination;

import com.tibco.tibjms.admin.*;

//

// The tibjmsServerAdministrator class is used by the tibjmsPerfMaster class

// to change various settings in the EMS server.

//

public class tibjmsServerAdministrator

{

TibjmsAdmin[] _admin = null;

String queue = null;

String topic = null;

/**

* Creates an admin client on the specified server

* and then walks any routes to other servers creating

* admin clients on the discovered servers as well.

*

* @param serverUrl server URL on which to connect

* @param userName the administrator name

* @param password the administrator password

*/

public tibjmsServerAdministrator(

String serverUrl,

String userName,

String password)

{

Map map = new HashMap();

addAdmin(serverUrl, userName, password, map);

_admin = new TibjmsAdmin[map.size()];

map.values().toArray(_admin);

}

private void addAdmin(String serverUrl, String userName, String password, Map map)

{

try

{

System.err.println(“connecting as “+userName+” to “+serverUrl);

TibjmsAdmin admin = new TibjmsAdmin(serverUrl,userName,password);

ServerInfo si = admin.getInfo();

// enable statistics

si.setStatisticsEnabled(true);

admin.updateServer(si);

if (!map.containsKey(si.getServerName()))

{

map.put(si.getServerName(), admin);

RouteInfo[] ri = admin.getRoutes();

for (int i = 0; i < ri.length; i++)

{

if (!map.containsKey(ri[i].getName()) && ri[i].isConnected())

addAdmin(ri[i].getURL(), userName, password, map);

}

}

else

{

admin.close();

}

}

catch (Exception e)

{

e.printStackTrace();

System.exit(-1);

}

}

/**

* Create a topic on all servers.

*

* @param name topic name

* @param failsafe failsafe setting

* @param flowControl flow control setting

*/

public void createTopic(String name, boolean failsafe, long flowControl)

{

try

{

TopicInfo ti = new TopicInfo(name);

ti.setGlobal(_admin.length > 1);

ti.setFailsafe(failsafe);

ti.setFlowControlMaxBytes(flowControl);

System.err.println(“creating topic “+name);

for (int i = 0; i < _admin.length; i++)

{

_admin[i].destroyTopic(name);

_admin[i].createTopic(ti);

}

topic = name;

}

catch (Exception e)

{

e.printStackTrace();

System.exit(-1);

}

}

/**

* Create a queue on all servers.

*

* @param name queue name

* @param server name of queue’s home server

* @param failsafe failsafe setting

* @param flowControl flow control setting

* @param prefetch prefetch setting

*/

public void createQueue(String name, String server, boolean failsafe, long flowControl, int prefetch)

{

String fullName = name;

if (server != null)

fullName = name + ‘@’ + server;

try

{

QueueInfo qi = new QueueInfo(fullName);

qi.setGlobal(_admin.length > 1);

qi.setFailsafe(failsafe);

qi.setFlowControlMaxBytes(flowControl);

qi.setPrefetch(prefetch);

System.err.println(“creating queue “+fullName);

for (int i = 0; i < _admin.length; i++)

{

_admin[i].destroyQueue(name);

_admin[i].createQueue(qi);

}

queue = name;

}

catch (Exception e)

{

e.printStackTrace();

System.exit(-1);

}

}

/**

* Return the number of receivers from all servers

* for a particular destination.

*

* @param dest the destination

* @return the number of receivers for the destination

*/

public int getNumberOfReceivers(Destination dest)

{

int numReceivers = 0;

try {

for (int i = 0; i < _admin.length; i++)

{

DestinationInfo info;

if (dest instanceof Topic)

info = _admin[i].getTopic(((Topic)dest).getTopicName());

else

info = _admin[i].getQueue(((Queue)dest).getQueueName());

ConsumerInfo[] ci = _admin[i].getConsumersStatistics(null, null, info);

if (ci != null)

numReceivers += ci.length;

}

}

catch (Exception e) {

e.printStackTrace();

System.exit(-1);

}

return numReceivers;

}

/**

* Check if flow control is enabled for all servers.

*

* @return true iff flow control is enabled on all servers

*/

public boolean isFlowControlEnabled()

{

boolean flowControlEnabled = true;

try

{

for (int i = 0; i < _admin.length; i++)

{

ServerInfo si = _admin[i].getInfo();

if (!si.isFlowControlEnabled())

flowControlEnabled = false;

}

}

catch (Exception e)

{

e.printStackTrace();

System.exit(-1);

}

return flowControlEnabled;

}

/**

* Remove the destination from all servers.

*/

public void cleanup(String controlTopic)

{

try

{

for (int i = 0; i < _admin.length; i++)

{

if (topic != null)

{

TopicInfo[] info = _admin[i].getTopics(topic);

for (int j = 0; j < info.length; j++)

{

if (!controlTopic.equals(info[j].getName()))

_admin[i].destroyTopic(info[j].getName());

}

}

if (queue != null)

{

QueueInfo[] info = _admin[i].getQueues(queue);

for (int j = 0; j < info.length; j++)

{

_admin[i].destroyQueue(info[j].getName());

}

}

}

}

catch (Exception e)

{

e.printStackTrace();

System.exit(-1);

}

}

}

To add EMS server to TIBCO administrator, follow these steps:

Note: To add the ems server, both Administrator and EMS should be up and running.

1. Make sure the TRA installalled on the machine where EMS server is running.

2. Run Domain Utility from TIBCO_HOME/TRA/<version that matches to ur domain>/BIN/DomainUtility.exe (Windows) or .bin (Unix)

3. In windows you can double click the domain utility, but in unix use ./<PATH to TRA BIN>/DomainUtility

Note: To enable GUI mode in Unix, your desktop must have xwindows terminal like reflection,cygwin or xwindows etc. Puty does not support xwindows properly.

4. Choose EMS administration from the menu list.

5. Click Add EMS server to TIBCO domain and next.

6. Enter all the details that is required for EMS (Version, path of tibemsd executable (.exe in windows, .bin in unix)

7. Enter the port number, user name and password

8. Test the connection

9. Finish the rest

10. Stop the EMS and start from TIBCO administrator.

Leave a Comment

October 16, 2010

Installing the TIBCO EMS Central Administration Server

Filed under: Tibco EMS — SRIK @ 3:42 pm

I’d like to share my experience about installation of the TIBCO Enterprise Message Service Central Administration (EMSCA) server and client. At this time, TIBCO provides EMSCA server software only for Linux (Red Hat Enterprise Linux 4 and 5 (x86), Oracle Enterprise Linux 4 and 5 (x86) and SUSE Enterprise 10 (x86)) and EMSCA client only for Windows, but as client is Eclipse based, I think that it could be ported easily.

I will start with the server side installation on my Red Hat Linux. The new TIBCO Universal Installer can run in GUI (default), console or silent mode. If you prefer GUI, don’t forget to set DISPLAY:

LOGINFROM=`who am i | cut -f2 -d"(" | cut -f1 -d")"`

DISPLAY=${LOGINFROM}:0.0

export LOGINFROM DISPLAY

Run the installer # ./TIBCOUniversalInstaller-lnx-x86.bin, accept the license agreement, create a new or select an existing environment. Installation will perform quickly. When installation is complete, it is necessary to do some post installation tasks:

•    Environment variables from the file <emsca_home>/1.0/bin/setenv must be set. Perhaps it is good idea to call this file from the user’s profile or add content of this file to the profile;

•    Make Apache run as the user ‘nobody’:

# cd <emsca_home>/1.0/httpd/conf

# vi httpd.conf

User nobody

Group nobody

and make sure that user and group ‘nobody’ are in the system;

•    Configure an authentication in Apache:

# vi httpd.conf

AuthBasicProvider file

AuthUserFile conf/users.txt

Then prepare users file, I will define the ‘admin’ user only:

# cd ../bin

# ./htpasswd -c ../conf/users.txt admin

New password:

Re-type new password:

Adding password for user admin

Then check the file:

# cd ../conf/

# cat users.txt

admin:GfwLuEIw320SY

•    Adding Subversion users and change folders owners:

# cd /opt/tibco/ems/ca/1.0/repos/conf

# cat pre-commit.perms

admin

So, ‘admin’ is already here. Next check/set owner for the repos and temp Subversion’s folders:

# pwd

/opt/tibco/ems/ca/1.0

# chown -R nobody:nobody repos temp

Owner should be the same user as running apache (‘nobody’ in my case).

Then I can start emsca:

# emsca start

Starting TIBCO EMS Central Administration

Started Apache httpd: pid=20119

Started Tomcat: pid=20140

and check Apache logs in the <emsca_home>/1.0/httpd/logs folder.

Next step is to create a new deployment server. Deployment server is one per project, can be one for many EMS.

# emsca server create rhl01

Created directory 'rhl01' in the repository

Created directory /opt/tibco/ems/ca/1.0/servers/rhl01

Created configuration file '/opt/tibco/ems/ca/1.0/servers/rhl01/conf/configuration.xml'

Created deployment server 'rhl01'

Now creating a new central administration agent. One agent per one EMS.

# emsca agent create rhl01 name=agent_EMS-SERVER1 path=/ems-server1.emsserver url=tcp://10.2.148.82:7222

Created agent on deployment server 'rhl01'

It is possible to provide a username and a password to connect to the EMS. If is not included, the agent uses ‘admin’ ad username and an empty password. ems-server-username – the username used to connect to the tibemsd, ems-server-password – used with ems-server-username to connect to the tibemsd. Also it has options to grant agent some additional rights, find in the docs.

To check EMSCA server use:

# emsca list

TIBCO EMS Central Administration

Deployment Servers

------------------

rhl01 (started)

# emsca status

TIBCO EMS Central Administration Status

Apache httpd is running: pid=1427

Tomcat is running: pid=1448

Installing the TIBCO EMS Central Administration Client

There is the same Universal Installer by TIBCO, it helps to make installation process easy. Execute it, accept the license agreement, create a new or select an existing environment, check the summary and complete the installation.

Then I can star EMSCA from my Start menu. This is Eclipse, I have to create a new workspace. Then File => New EMS Central Administration Project. Enter host name and port, where is EMSCA Server is installed. Enter username and password to connect, select the deployment to create a project for.

Next step is synchronizing with EMS. TIBCO EMS => Synchronize Configurations With EMS Servers. Enter username and password, select EMS server to synchronize.

Now I can change the server configuration. Then save to SVN repository. TIBCO EMS => Save Configurations to Repository.

Then it is possible to deploy changes to the server. TIBCO EMS => Deploy EMS Project.

So, this was short description of the TIBCO EMS Central Administration, very helpful tool to manage configurations of multiple EMS instances.