search

quarkusio / quarkus

Quarkus: Supersonic Subatomic Java.
https://quarkus.io
Apache License 2.0
13.8k stars 2.68k forks source link

Support Failover and SSL protocol for Artemis JMS #6130

Open jcordes73 opened 4 years ago

jcordes73 commented 4 years ago

Description Communication to an Artemis message broker sometimes needs to be secured via TLS. Also for high-availability a client side failover should be possible.

Implementation ideas Use Artemis "ssl" and "failover" protocol extensions, i.e.

failover://ssl://:443

This would also require the ability to add key- and truststores.

gsmet commented 4 years ago

/cc @middagj

middagj commented 4 years ago

Client fail over should be working by adding the ?ha=true to the connection url. This configures artemis to get the cluster information when connected and use that when reconnecting. The plumbing to reconnect could be in Quarkus, but is not at the moment. TLS is certainly something that could be added, should not be difficult.

I don't know what the ambition is, but a general framework to ease the use of JMS is missing at the moment. Would be the best to use an API, like Jakarta Messaging. In our own projects we have our own custom small plumbing which suffices our needs, but not something that I am feeling comfortable to put in Quarkus. Except maybe for an option to quickly use pooling, but therefore I think the old jms-pooling library should first be replaced by something based on stormpot instead of commons-pool2.

Is it an idea to put those improvements in a project to have some discussion about the path forward and for people to start on tasks which are in concordance with the Quarkus team?

jcordes73 commented 4 years ago

Artemis is used in several projects that I know of, there is not a particular one that has started using Quarkus yet. We could have a conversation with an early adopter to start their journey ...

jeremyrdavis commented 4 years ago

I believe the OpenShift Operator requires SSL for external connections

jochenr commented 1 year ago

Hi,

I just asked this question to the Red Hat support and got a solution👍

Using Artemis core protocol the configuration for failover and ssl can directly be added to the URL

quarkus.artemis.url=(tcp://artemis-master-host:61616?sslEnabled=true;enabledProtocols=TLSv1.3;verifyHost=false....,tcp://artemisslave-host:61616?sslEnabled=true;enabledProtocols=TLSv1.3;verifyHost=false....)
quarkus.artemis.username=user
quarkus.artemis.password=secret