Configuring ActiveMQ for High Availability Environments (v9.0.0)
The ActiveMQ implementation is intended for sending messages between two applications, or two components inside one application. In CxSAST the Active MQ is used to pass the results from the engines to the manager and also to pass the incremental file list. In addition it is also used to sync users between Access Control and the CxSAST application.
ActiveMQ supports distributed messaging across a network of brokers. This allows a client to connect to any broker in the network and fail over to another broker in case there there is a failure, providing a high availability cluster of brokers from the client’s perspective.
This instruction defines the procedure for configuring ActiveMQ in High Availability (Cluster) environments for v9.0.0.
ActiveMQ Servers operate as an active-passive cluster with failover and without failback.
Make sure that port 61616 is open in all relevant firewalls between the ActiveMQ server and the following components:
- CxManager servers (for Access Control, Scan Manager and Results Services). This includes high availability configurations with multiple CxManagers.
- CxEngine servers
- M&O server
Configuring ActiveMQ Brokers
To configure ActiveMQ brokers:
Once CxSAST (v9.0.0 and up) environment is setup and fully configured, do the following:
1. Navigate to the Checkmarx ActiveMQ\conf folder and open the ‘activemq.xml’ file.
2. Edit the <persistenceAdapter> tag to point to a valid shared storage location, such as:
Make sure that the database directory navigates to your shared directory.
3. Perform the same procedure for all ActiveMQ brokers in the high availability cluster.
4. Reassure that the ActiveMQ service account has read and write access to the shared storage location. ActiveMQ will create the directory if it doesn't exist.
Once you have completed the ActiveMQ broker configuration, you can now configure the ActiveMQ clients.
Shared file system should be set up and configured according to the official ActiveMQ documentation
Configuring ActiveMQ Clients
To configure ActiveMQ clients:
1. Open MS SQL Server Management Studio.
2. Connect to the SQL server.
3. Go to Databases > CxDB > Tables.
4. Expand the Tables repository to view its content and navigate to dbo.CxComponentConfiguration.
5. Right-click dbo.CxComponentConfiguration and then select Edit Rows.
6. In the ActiveMessageQueueURL key field, enter the ActiveMQ URI.
Use the following URI format: failover:<protocol>://<FQDN>:<port>,<protocol>://<FQDN>:<port>
Example for ActiveMQ URI for High Availability: failover:tcp://broker1:61616,tcp://broker2:61616
Example for ActiveMQ URI for High Availability with TLS: failover:ssl://broker1:61616,ssl://broker2:61616
7. Return to the Tables repository, navigate to and right-click Config.CxEngineConfigurationKeysMeta and then select Edit Rows.
8. In the ACTIVE_MESSAGE_QUEUE_URL key field, enter the ActiveMQ URI.
These steps can be performed by using the following DB TSQL script:
(replace <broker1> and <broker2> with your respective values)
DECLARE @AmqString varchar(1000)
SET @AmqString = 'failover:tcp://<broker1>:61616,tcp://<broker2>:61616'
Update [CxDB].[dbo].CxComponentConfiguration
set [Value] = @AmqString
where [Key] = 'ActiveMessageQueueURL'
Update [CxDB].[Config].[CxEngineConfigurationKeysMeta]
set [DefaultValue] = @AmqString
where [KeyName] = 'ACTIVE_MESSAGE_QUEUE_URL'
Final steps:
1. Open the Windows Services and stop the ActiveMQ service.
2. Once the file lock inside the shared ActiveMQ folder disappears, delete the data folder.
Restarting ActiveMQ Client Services
Restart the following services for the changes to take effect in all manager environments:
Scans Manager Service
Results Service
Access Control (IIS)