Candlepin

1 Candlepin Basics

1.1 Overview

1.1.1 Glossary

1.2 Subscriptions and Engineering Products

1.3 Entitlements

1.4 Virtualization Entitlements

1.4.1 Virt Guest Limit Design
1.4.2 Associating Hosts and Guests in Candlepin

1.5 Jobs

1.5.1 Active Entitlement Job
1.5.2 Certificate Cleanup Job
1.5.3 Import Record Cleaner Job
1.5.4 Inactive Consumer Cleanup Job
1.5.5 Job Cleaner Job
1.5.6 Manifest Cleaner Job
1.5.7 Orphan Cleanup Job
1.5.8 Unmapped Guest Entitlement Cleaner Job

2 User Guide

2.1 Basic How To

3 Administration Guide

3.1 Setting Up Candlepin

3.1.1 Candlepin Configuration
3.1.2 Quartz Configuration
3.1.3 Configuring Candlepin to Use MySQL
3.1.4 Configuring A Remote Artemis Server
3.1.5 Allow Remote Connections to embedded Artemis

3.6 Data Transfer
3.7 Migrating to the Artemis Job System

4 Developers

4.1 Architecture

4.1.9.1 OAuth Authentication

4.1.10 Fail Fast Mechanism

4.2 Development

4.2.1 Setting up IntelliJ IDEA
4.2.2 Developer Deployment
4.2.3 Auto Generating candlepin.conf
4.2.4 Coding Conventions
4.2.5 Checkstyle
4.2.6 Logging in Candlepin
4.2.7 Internationalization
4.2.8 Paginating Results
4.2.9 Database Schema Updates
4.2.10 JSON and JAXB
4.2.11 The Certificate Revocation List
4.2.12 Hibernate Gotchas
4.2.13 Ruby Bindings for Candlepin
4.2.14 Caching - JCache and Candlepin Second Level Cache
4.2.15 What to look for in a Code Review

4.3 Implementation details

4.3.1 Revoke Entitlements Implementation
4.3.2 Bind Time Locks
4.3.3 Bind Operation Dependencies

4.4 Debugging

4.5 Testing

4.5.1 Spec test migration
4.5.2 Candlepin Database Validation

4.6 Documentation

4.6.1 Diagramming with PlantUml

4.7 Useful Queries

4.7.1 Clean up database backup

5 Reference

6 Design Documents

6.1 API Version Design
6.2 Compliance Snapshots
6.3 Environments Design
6.4 Federated Certificate Management
6.5 Lazy Certificate Regeneration
6.6 Manifest Consumer Association
6.7 Multi-Owner Users Design
6.8 Multi-Version Product Design
6.9 Owner Hierarchy
6.10 Plugins
6.11 Policy Design
6.12 Service Layer Guidelines
6.13 Supporting Multiple Servlet Containers

Allow Remote Connections to embedded Artemis
SSL
External broker.xml

Allow Remote Connections to embedded Artemis

Following changes need to be done in broker.xml.

First thing we need is to add an acceptor for the IP address the client will be calling.

<acceptor name="netty">tcp://192.168.121.77:61617</acceptor>

Next we define an address the client will be connecting to. We don’t need to define a queue as they will be created automatically for the connected clients.

<address name="event.artemis">
    <multicast/>
</address>

Settings for the address.

<address-setting match="event.artemis">
    <auto-create-queues>true</auto-create-queues>
    <max-size-bytes>10485760</max-size-bytes>
    <page-size-bytes>1048576</page-size-bytes>
    <redelivery-delay>30000</redelivery-delay>
    <max-redelivery-delay>3600000</max-redelivery-delay>
    <redelivery-delay-multiplier>2</redelivery-delay-multiplier>
    <max-delivery-attempts>0</max-delivery-attempts>
</address-setting>

Last change is to divert the messages from default queue to the artemis queue. This will copy all messages coming to event.default and send them to the event.artemis.

<divert name="artemis_divert">
    <exclusive>false</exclusive>
    <address>event.default</address>
    <forwarding-address>event.artemis</forwarding-address>
</divert>

After restart of Candlepin any client can connect and listen to the messages in the event.artemis queue.

SSL

In Artemis, Netty is responsible for all things related to the transport layer, so it handles SSL as well. All configuration options are set directly on the acceptor.

Note: the trustStorePath and trustStorePassword variables are optional, in case you want to enable 2-way SSL authentication as described here.

On the broker, the artemis-server.ks file is the key store file holding the server’s certificate, while artemis-server.ts file is the file holding the certificates which the broker trusts:

<acceptor name="netty-ssl">tcp://localhost:61617?sslEnabled=true;keyStorePath=${artemis.instance}/certs/artemis-server.ks;keyStorePassword=securepassword;needClientAuth=true;trustStorePath=${artemis.instance}/certs/artemis-server.ts;trustStorePassword=securepassword/acceptor>

On the URL used by the client side, the artemis-client.ts file is the file holding the certificates which the client trusts, while artemis-client.ks is the key store file holding the client’s certificate:

tcp://localhost:61617?sslEnabled=true&trustStorePath=<path_to_certs>/artemis-client.ts&trustStorePassword=securepassword&keyStorePath=<path_to_certs>/artemis-client.ks&keyStorePassword=securepassword

External broker.xml

By default Candlepin uses broker.xml packaged with it. Candlepin can be set to use external broker.xml by setting its path in Candlepin property candlepin.audit.hornetq.config_path.

Last modified on 19 April 2024

Table of Contents

Allow Remote Connections to embedded Artemis

SSL

External broker.xml