Tuesday, September 6, 2011

AM SFO: Dual instances on single machine

We have just won a project to migrate from Sun Access Manager 7 to ForgeRock OpenAM 9.5.3. This site has high concurrent access and many Policy Agents. It also needs to support Session Failover. 


There are many ways to scale OpenAM and the corresponding AMSFO.

In my test labs, I was trying to get 2 instances of AMSFO to run concurrently. I followed this Wiki (Extending to a Dual Instance Deployment) from OpenAM.

Everything runs fine for the 1st instance (port 7777). I just could not get the 2nd instance (port 8777) to start up properly on the same physical machine.

It kept throwing the following error:

Sep 6, 2011 3:06:08 PM com.sun.messaging.jmq.jmsclient.ExceptionHandler throwConnectionException
WARNING: [C4003]: Error occurred on connection creation [am2.sg.azlabs:8777]. - cause: java.net.ConnectException: Connection refused

I think there must be a mis-configuration in the Java Message Queue. OpenAM 9.5.3 uses Sun GlassFish(tm) Message Queue 4.4.

So I searched Google and located this document. I think what was missing is to instruct each MQ to bind to its own dedicated IP address ( imq.hostname - Default host name or IP address for all connection services ).

I also learnt that there are many other listening ports when AMSFO is started, besides the broker port 7777.

Before AMSFO is started:


After AMSFO is started:


So, it's very obvious there was a clash in ports when the 2nd instance was trying to start. (e.g. 50722, 55044 etc.. It's random port numbers.. But so lucky of me to keep clashing on used ports)

Resolution?

In the start-up script amsfo, edit the following:
#BROKER_OPTIONS="-silent"
BROKER_OPTIONS="-silent -Dimq.hostname=am1.sg.azlabs"
Apply the same to the start-up script in the 2nd instance, but change the imq.hostname to am2.sg.azlabs.

 

 Solved!

.


No comments:

Post a Comment