Management Design notes
Status
of This Document
This document does not track any current development activity. It
is the specification of the management framework implemented in
the M3 release of the C++ broker and will be left here for user
and developer reference.
Development continues on the Qpid Management Framework (QMF) for
M4. If you are using M3, this is the document you need. If you
are using the SVN trunk, please refer to for
up-to-date information.
Introduction
This document describes the management features that are used in
the QPID C++ broker as of the M3 milestone. These features do not
appear in earlier milestones nor are they implemented in the Java
broker.
This specification is not a standard and is not endorsed
by the AMQP working group. When such a standard is adopted, the
QPID implementation will be brought into compliance with that
standard.
Links
The schema is checked into .
Design
note for getting info in and out via JMX
Management
Requirements
Must operate from a formally defined management schema.
Must natively use the AMQP protocol and its type system.
Must support the following operations
SET operation on configurable (persistent) aspects of
objects
GET operation on all aspects of objects
METHOD invocation on schema-defined object-specific
methods
Distribution of unsolicited periodic updates of
instrumentation data
Data updates shall carry an accurate sample timestamp
for rate calculation
Updates shall carry object create/delete timestamps.
Transient objects shall be fully accounted for via
updates. Note that short-lived transient objects may come
and go within a single update interval. All of the
information pertaining to such an object must be captured
and transmitted.
Distribution of unsolicited event and/or alert
indications (schema defined)
Role-based access control at object, operation, and method
granularity
End-to-end encryption and signing of management content
Schema must be self-describing so the management client need
not have prior knowledge of the management model of the system
under management.
Must be extensible to support the management of objects
beyond the QPID component set. This allows AMQP to be used as a
general-purpose management protocol.
Definition
of Terms
class
A type definition for a manageable object.
package
A grouping of class definitions that are related to a
single software component. The package concept is used to
extend the management schema beyond just the QPID software
components.
object
Also "manageable object". An instantiation of a class. An
object represents a physical or logical component in the
core function of the system under management.
property
A typed member of a class which represents a configurable
attribute of the class. In general, properties don't change
frequently or may not change at all.
statistic
A typed member of a class which represents an
instrumentation attribute of the class. Statistics are
always read-only in nature and tend to change rapidly.
method
A member of a class which represents a callable procedure
on an object of the class. Methods may have an arbitrary
set of typed arguments and may supply a return code.
Methods typically have side effects on the associated
object.
event
A member of a class which represents the occurence of an
event of interest within the system under management.
management broker
A software component built into the messaging broker that
handles management traffic and distributes management data.
management agent
A software component that is separate from the messaging
broker, connected to the management broker via an AMQP
connection, which allows any software component to be
managed remotely by QPID.
Operational
Scenarios: Basic vs. Extended
The extensibility requirement introduces complexity to the
management protocol that is unnecessary and undesirable for the
user/developer that wishes only to manage QPID message brokers.
For this reason, the protocol is partitioned into two parts: The
basic protocol, which contains only the capability to
manage a single broker; and the extended protocol, which
provides the hooks for managing an extended set of components. A
management console can be implemented using only the basic
protocol if the extended capabilities are not needed.
The
Management Exchange
The management exchange (called "qpid.management" currently) is a
special type of exchange used for remote management access to the
Qpid broker. The management exchange is an extension of the
standard "Topic" exchange. It behaves like a topic exchange with
the following exceptions:
When a queue is successfully bound to the exchange, a method
is invoked on the broker's management agent to notify it of the
presence of a new remote managment client.
When messages arrive at the exchange for routing, the
exchange examines the message's routing key and if the key
represents a management command or method, it routes it directly
to the management agent rather than routing it to queues using
the topic algorithm.
The management exchange is used by the management agent to
distribute unsolicited management data. Such data is classified
by the routing key allowing management clients to register for
only the data they need.
Routing
Key Structure
As noted above, the structure of the binding and routing keys
used on the management exchange is important to the function of
the management architecture. The routing key of a management
message determines:
The type of message (i.e. operation request or unsolicited
update).
The class of the object that the message pertains to.
The specific operation or update type.
The namespace in which the class belongs. This allows for
plug-in expansion of the management schema for manageable objects
that are outside of the broker itself.
Placing this information in the routing key provides the ability
to enforce access control at class, operation, and method
granularity. It also separates the command structure from the
content of the management message (i.e. element values) allowing
the content to be encrypted and signed end-to-end while still
allowing access control at the message-transport level. This
means that special access control code need not be written for
the management agent.
There are two general types of routing/binding key:
Command messages use the key:
agent.<bank#> or broker
Unsolicited keys have the structure:
mgmt.<agent>.<type>.<package>.<class>.<severity>
where
<agent> is the uuid of the originating
management agent,
<type> is one of "schema", "prop", "stat",
or "event",
<package> is the namespace in which the
<class> name is valid, and
<class> is the name of the class as defined
in the schema.
<severity> is relevant for events only. It
is one of "critical", "error", "warning", or "info".
In both cases, the content of the message (i.e. method arguments,
element values, etc.) is carried in the body segment of the
message.
The <package> namespace allows this management
framework to be extended with the addition of other software
packages.
The Protocol
Protocol
Exchange Patterns
The following patterns are followed in the design of the
protocol:
Request-Response
Query-Indication
Unsolicited Indication
The
Request-Response Pattern
In the request-response pattern, a requestor sends a
request message to one of its peers. The peer then does
one of two things: If the request can be successfully processed,
a single response message is sent back to the requestor.
This response contains the requested results and serves as the
positive acknowledgement that the request was successfully
completed.
If the request cannot be successfully completed, the peer sends a
command complete message back to the requestor with an
error code and error text describing what went wrong.
The sequence number in the response or command
complete message is the same as the sequence number in the
request.
Requestor Peer
| |
| --- Request (seq) ------------------------------------------> |
| |
| <----------------------------------------- Response (seq) --- |
| |
Requestor Peer
| |
| --- Request (seq) ------------------------------------------> |
| |
| <-------------------------- Command Complete (seq, error) --- |
| |
The
Query-Indication Pattern
The query-indication pattern is used when there may be zero or
more answers to a question. In this case, the requestor sends a
query message to its peer. The peer processes the query,
sending as many indication messages as needed back to the
requestor (zero or more). Once the last indication has
been sent, the peer then sends a command complete message
with a success code indicating that the query is complete.
If there is an error in the query, the peer may reply with
a command complete message containg an error code. In this
case, no indication messages may be sent.
All indication and command complete messages shall
have the same sequence number that appeared in the query
message.
Requestor Peer
| |
| --- Query (seq) --------------------------------------------> |
| |
| <--------------------------------------- Indication (seq) --- |
| <--------------------------------------- Indication (seq) --- |
| <--------------------------------------- Indication (seq) --- |
| <--------------------------------------- Indication (seq) --- |
| <--------------------------------------- Indication (seq) --- |
| |
| <------------------------ Command Complete (seq, success) --- |
| |
Requestor Peer
| |
| --- Query (seq) --------------------------------------------> |
| |
| <-------------------------- Command Complete (seq, error) --- |
| |
The
Unsolicited-Indication Pattern
The unsolicited-indication pattern is used when one peer needs to
send unsolicited information to another peer, or to broadcast
information to multiple peers via a topic exchange. In this case,
indication messages are sent with the sequence number field set
to zero.
Peer Peer
| |
| <----------------------------------- Indication (seq = 0) --- |
| <----------------------------------- Indication (seq = 0) --- |
| <----------------------------------- Indication (seq = 0) --- |
| <----------------------------------- Indication (seq = 0) --- |
| |
Object
Identifiers
Manageable objects are tagged with a unique 64-bit object
identifier. The object identifier space is owned and managed by
the management broker. Objects managed by a single management
broker shall have unique object identifiers. Objects managed by
separate management brokers may have the same object identifier.
If a management console is designed to manage multiple management
brokers, it must use the broker identifier as well as the object
identifier to ensure global uniqueness.
62 48 47 24 23 0
+-+-------------+-----------------------+-----------------------+
|0| sequence | bank | object |
+-+-------------+-----------------------+-----------------------+
bit 63 - reserved, must be zero
bits 63 .. 48 - broker boot sequence (32K)
bits 47 .. 24 - bank (16M)
bits 23 .. 0 - object (16M)
For persistent IDs, boot-sequence is zero
For non-persistent IDs, boot sequence is a constant number
which increments each time the management broker is restarted.
Bank number:
0 - reserved
1 - broker-persistent objects
2..4 - store-persistent objects
> 4 - transient objects
Establishing Communication Between Client and Agent
Communication is established between the management client and
management agent using normal AMQP procedures. The client creates
a connection to the broker and then establishes a session with
its corresponding channel.
Two private queues are then declared (only one if method
invocation is not needed). A management queue is declared and
bound to the qpid.management exchange. If the binding key is
"mgmt.#", all management-related messages sent to the exchange
will be received by this client. A more specific binding key will
result in a more restricted set of messages being received (see
the section on Routing Key Structure below).
If methods are going to be invoked on managed objects, a second
private queue must be declared so the client can receive method
replies. This queue is bound to the amq.direct exchange using a
routing key equal to the name of the queue.
When a client successfully binds to the qpid.management exchange,
the management agent schedules a schema broadcast to be sent to
the exchange. The agent will publish, via the exchange, a
description of the schema for all manageable objects in its
control.
Client Broker
| |
| --- AMQP Connection and Session Setup ----------------------> |
| |
| --- Queue.declare (private data queue) ---------------------> |
| --- Bind queue to exchange 'qpid.management' key 'mgmt.#' --> |
| |
| --- Queue.declare (private method-reply queue) -------------> |
| --- Bind queue to exchange 'amq.direct' --------------------> |
| |
| --- Broker Request -----------------------------------------> |
| <---------------------------------------- Broker Response --- |
| |
| |
| |
| <------- Management schema via exchange 'qpid.management' --- |
| |
Broadcast of Configuration and Instrumentation Updates
The management agent will periodically publish updates to the
configuration and instrumentation of management objects under its
control. Under normal circumstances, these updates are published
only if they have changed since the last time they were
published. Configuration updates are only published if
configuration has changed and instrumentation updates are only
published if instrumentation has changed. The exception to this
rule is that after a management client binds to the
qpid.management exchange, all configuration and instrumentation
records are published as though they had changed whether or not
they actually did.
Client Broker
| |
| <------------------ Object properties via 'mgmt.*.prop.#' --- | |
| <------------------ Object statistics via 'mgmt.*.stat.#' --- | |
| | |
| | | Publish Interval
| | |
| | |
| | V
| <------------------ Object properties via 'mgmt.*.prop.#' --- |
| <------------------ Object statistics via 'mgmt.*.stat.#' --- |
| |
Invoking
a Method on a Managed Object
When the management client wishes to invoke a method on a managed
object, it sends a method request message to the qpid.management
exchange. The routing key contains the object class and method
name (refer to Routing Key Structure below). The method request
must have a header entry (reply-to) that contains the name of the
method-reply queue so that the method response can be properly
routed back to the requestor.
The method request contains a sequence number that is copied to
the method reply. This number is opaque to the management agent
and may be used by the management client to correlate the reply
to the request. The asynchronous nature of requests and replies
allows any number of methods to be in-flight at a time. Note that
there is no guarantee that methods will be replied to in the
order in which they were requested.
Client Broker
| |
| --- Method Request (to exchange 'qpid.management') ---------> |
| |
| |
| <--------------- Method Reply (via exchange 'amq.direct') --- |
| |
Messages
for the Basic Scenario
The principals in a management exchange are the management
client and the management agent. The management
agent is integrated into the QPID broker and the management
client is a remote entity. A management agent may be managed by
zero or more management clients at any given time. Additionally,
a management client may manage multiple management agents at the
same time.
For authentication and access control, management relies on the
mechanisms supplied by the AMQP protocol.
Basic Opcodes
opcode
message
description
'B'
Broker Request
This message contains a broker request, sent from the
management console to the broker to initiate a management
session.
'b'
Broker Response
This message contains a broker response, sent from the
broker in response to a broker request message.
'z'
Command Completion
This message is sent to indicate the completion of a
request.
'Q'
Class Query
Class query messages are used by a management console to
request a list of schema classes that are known by the
management broker.
'q'
Class Indication
Sent by the management broker, a class indication notifies
the peer of the existence of a schema class.
'S'
Schema Request
Schema request messages are used to request the full schema
details for a class.
's'
Schema Response
Schema response message contain a full description of the
schema for a class.
'h'
Heartbeat Indication
This message is published once per publish-interval. It can
be used by a client to positively determine which objects
did not change during the interval (since updates are not
published for objects with no changes).
'c', 'i', 'g'
Content Indication
This message contains a content record. Content records
contain the values of all properties or statistics in an
object. Such records are broadcast on a periodic interval
if 1) a change has been made in the value of one of the
elements, or 2) if a new management client has bound a
queue to the management exchange.
'G'
Get Query
Sent by a management console, a get query requests that the
management broker provide content indications for all
objects that match the query criteria.
'M'
Method Request
This message contains a method request.
'm'
Method Response
This message contains a method result.
Broker
Request Message
When a management client first establishes contact with the
broker, it sends a Hello message to initiate the exchange.
+-----+-----+-----+-----+-----------------------+
| 'A' | 'M' | '1' | 'B' | 0 |
+-----+-----+-----+-----+-----------------------+
The Broker Request message has no payload.
Broker
Response Message
When the broker receives a Broker Request message, it responds
with a Broker Response message. This message contains an
identifier unique to the broker.
+-----+-----+-----+-----+-----------------------+
| 'A' | 'M' | '1' | 'b' | 0 |
+-----+-----+-----+-----+-----------------------+----------------------------+
| brokerId (uuid) |
+----------------------------------------------------------------------------+
Command
Completion Message
+-----+-----+-----+-----+-----------------------+
| 'A' | 'M' | '1' | 'z' | seq |
+-----+-----+-----+-----+-----------------------+
| Completion Code |
+-----------------------+-----------------------------------------+
| Completion Text |
+-----------------------------------------------------------------+
Class Query
+-----+-----+-----+-----+-----------------------+
| 'A' | 'M' | '1' | 'Q' | seq |
+-----+-----+-----+-----+-----------------------+----------+
| package name (str8) |
+----------------------------------------------------------+
Class
Indication
+-----+-----+-----+-----+-----------------------+
| 'A' | 'M' | '1' | 'q' | seq |
+-----+-----+-----+-----+-----------------------+----------+
| package name (str8) |
+----------------------------------------------------------+
| class name (str8) |
+----------------------------------------------------------+
| schema hash (bin128) |
+----------------------------------------------------------+
Schema Request
+-----+-----+-----+-----+-----------------------+
| 'A' | 'M' | '1' | 'S' | seq |
+-----+-----+-----+-----+-----------------------+----------+
| packageName (str8) |
+----------------------------------------------------------+
| className (str8) |
+----------------------------------------------------------+
| schema-hash (bin128) |
+----------------------------------------------------------+
Schema
Response
+-----+-----+-----+-----+-----------------------+
| 'A' | 'M' | '1' | 's' | seq |
+-----+-----+-----+-----+-----------------------+----------+
| packageName (str8) |
+----------------------------------------------------------+
| className (str8) |
+----------------------------------------------------------+
| schema-hash (bin128) |
+-----------+-----------+-----------+-----------+----------+
| propCnt | statCnt | methodCnt | eventCnt |
+-----------+-----------+-----------+-----------+----------------------------+
| propCnt property records |
+----------------------------------------------------------------------------+
| statCnt statistic records |
+----------------------------------------------------------------------------+
| methodCnt method records |
+----------------------------------------------------------------------------+
| eventCnt event records |
+----------------------------------------------------------------------------+
Each property record is an AMQP map with the following
fields. Optional fields may optionally be omitted from the map.
field name
optional
description
name
no
Name of the property
type
no
Type code for the property
access
no
Access code for the property
index
no
1 = index element, 0 = not an index element
optional
no
1 = optional element (may be not present), 0 = mandatory
(always present)
unit
yes
Units for numeric values (i.e. seconds, bytes, etc.)
min
yes
Minimum value for numerics
max
yes
Maximum value for numerics
maxlen
yes
Maximum length for strings
desc
yes
Description of the property
Each statistic record is an AMQP map with the following
fields:
field name
optional
description
name
no
Name of the statistic
type
no
Type code for the statistic
unit
yes
Units for numeric values (i.e. seconds, bytes, etc.)
desc
yes
Description of the statistic
method and event records contain a main map that
describes the method or header followed by zero or more maps
describing arguments. The main map contains the following fields:
field name
optional
description
name
no
Name of the method or event
argCount
no
Number of argument records to follow
desc
yes
Description of the method or event
Argument maps contain the following fields:
field name
method
event
optional
description
name
yes
yes
no
Argument name
type
yes
yes
no
Type code for the argument
dir
yes
no
yes
Direction code for method arguments
unit
yes
yes
yes
Units for numeric values (i.e. seconds, bytes, etc.)
min
yes
no
yes
Minimum value for numerics
max
yes
no
yes
Maximum value for numerics
maxlen
yes
no
yes
Maximum length for strings
desc
yes
yes
yes
Description of the argument
default
yes
no
yes
Default value for the argument
type codes are numerics with the following values:
value
type
1
uint8
2
uint16
3
uint32
4
uint64
6
str8
7
str16
8
absTime(uint64)
9
deltaTime(uint64)
10
objectReference(uint64)
11
boolean(uint8)
12
float
13
double
14
uuid
15
map
16
int8
17
int16
18
int32
19
int64
access codes are numerics with the following values:
value
access
1
Read-Create access
2
Read-Write access
3
Read-Only access
direction codes are numerics with the following values:
value
direction
1
Input (from client to broker)
2
Output (from broker to client)
3
IO (bidirectional)
Heartbeat
Indication
+-----+-----+-----+-----+-----------------------+
| 'A' | 'M' | '1' | 'h' | 0 |
+-----+-----+-----+-----+-----------------------+
| timestamp of current interval (datetime) |
+-----------------------------------------------+
Configuration and Instrumentation Content Messages
Content messages are published when changes are made to the
values of properties or statistics or when new management clients
bind a queue to the management exchange.
+-----+-----+-----+-------+-----------------------+
| 'A' | 'M' | '1' |'g/c/i'| seq |
+-----+-----+-----+-------+-----------------------+--------+
| packageName (str8) |
+----------------------------------------------------------+
| className (str8) |
+----------------------------------------------------------+
| class hash (bin128) |
+-----+-----+-----+-----+-----+-----+-----+-----+----------+
| timestamp of current sample (datetime) |
+-----+-----+-----+-----+-----+-----+-----+-----+
| time object was created (datetime) |
+-----+-----+-----+-----+-----+-----+-----+-----+
| time object was deleted (datetime) |
+-----+-----+-----+-----+-----+-----+-----+-----+
| objectId (uint64) |
+-----+-----+-----+-----+-----+-----+-----+-----+
| presence bitmasks (0 or more uint8 fields) |
+-----+-----+-----+-----+-----+-----+-----+-----+------------------------+
| config/inst values (in schema order) |
+------------------------------------------------------------------------+
All timestamps are uint64 values representing nanoseconds since
the epoch (January 1, 1970). The objectId is a uint64 value that
uniquely identifies this object instance.
If any of the properties in the object are defined as optional,
there will be 1 or more "presence bitmask" octets. There are as
many octets as are needed to provide one bit per optional
property. The bits are assigned to the optional properties in
schema order (first octet first, lowest order bit first).
For example: If there are two optional properties in the schema
called "option1" and "option2" (defined in that order), there
will be one presence bitmask octet and the bits will be assigned
as bit 0 controls option1 and bit 1 controls option2.
If the bit for a particular optional property is set (1), the
property will be encoded normally in the "values" portion of the
message. If the bit is clear (0), the property will be omitted
from the list of encoded values and will be considered "NULL" or
"not present".
The element values are encoded by their type into the message in
the order in which they appeared in the schema message.
Get Query
Message
A Get Request may be sent by the management console to cause a
management agent to immediately send content information for
objects of a class.
+-----+-----+-----+-----+-----------------------+
| 'A' | 'M' | '1' | 'G' | seq |
+-----+-----+-----+-----+-----------------------+----------+
| Get request field table |
+----------------------------------------------------------+
The content of a get request is a field table that specifies what
objects are being requested. Most of the fields are optional and
are available for use in more extensive deployments.
Field Key
Mandatory
Type
Description
"_class"
yes
short-string
The name of the class of objects being requested.
"_package"
no
short-string
The name of the extension package the class belongs to. If
omitted, the package defaults to "qpid" for access to
objects in the connected broker.
"_agent"
no
uuid
The management agent that is the target of the request. If
omitted, agent defaults to the connected broker.
When the management agent receives a get request, it sends
content messages describing the requested objects. Once the last
content message is sent, it then sends a Command Completion
message with the same sequence number supplied in the request to
indicate to the requestor that there are no more messages coming.
Method Request
Method request messages have the following structure. The
sequence number is opaque to the management agent. It is returned
unchanged in the method reply so the calling client can correctly
associate the reply to the request. The objectId is the unique ID
of the object on which the method is to be executed.
+-----+-----+-----+-----+-----------------------+
| 'A' | 'M' | '1' | 'M' | seq |
+-----+-----+-----+-----+-----------------------+
| objectId (uint64) |
+-----------------------------------------------+
| methodName (str8) |
+-----------------------------------------------+------------------------+
| input and bidirectional argument values (in schema order) |
+------------------------------------------------------------------------+
Method
Response
Method reply messages have the following structure. The sequence
number is identical to that supplied in the method request. The
status code (and text) indicate whether or not the method was
successful and if not, what the error was. Output and
bidirectional arguments are only included if the status code was
0 (STATUS_OK).
+-----+-----+-----+-----+-----------------------+
| 'A' | 'M' | '1' | 'm' | seq |
+-----+-----+-----+-----+-----------------------+
| status code |
+-----------------------+----------------------------------+
| status text (str8) |
+-----------------------+----------------------------------+-------------+
| output and bidirectional argument values (in schema order) |
+------------------------------------------------------------------------+
status code values are:
value
description
0
STATUS_OK - successful completion
1
STATUS_UNKNOWN_OBJECT - objectId not found in the agent
2
STATUS_UNKNOWN_METHOD - method is not known by the object
type
3
STATUS_NOT_IMPLEMENTED - method is not currently
implemented
Messages
for Extended Scenario
Extended
Management Protocol
Qpid supports management extensions that allow the management
broker to be a central point for the management of multiple
external entities with their own management schemas.
Broker Remote Agent
| |
| <----------------------------------------- Attach Request --- |
| --- Attach Response ----------------------------------------> |
| |
| <------------------------------------- Package Indication --- |
| <------------------------------------- Package Indication --- |
| |
| <--------------------------------------- Class Indication --- |
| <--------------------------------------- Class Indication --- |
| <--------------------------------------- Class Indication --- |
| <--------------------------------------- Class Indication --- |
| <--------------------------------------- Class Indication --- |
| |
| --- Schema Request (class key) -----------------------------> |
| <---------------------------------------- Schema Response --- |
| |
| --- Schema Request (class key) -----------------------------> |
| <---------------------------------------- Schema Response --- |
| |
| |
Extended
Opcodes
opcode
message
description
'P'
Package Query
This message contains a schema package query request,
requesting that the broker dump the list of known packages
'p'
Package Indication
This message contains a schema package indication,
identifying a package known by the broker
'A'
Agent Attach Request
This message is sent by a remote agent when it wishes to
attach to a management broker
'a'
Agent Attach Response
The management broker sends this response if an attaching
remote agent is permitted to join
'x'
Console Added Indication
This message is sent to all remote agents by the management
broker when a new console binds to the management exchange
Package Query
+-----+-----+-----+-----+-----------------------+
| 'A' | 'M' | '1' | 'P' | seq |
+-----+-----+-----+-----+-----------------------+
Package
Indication
+-----+-----+-----+-----+-----------------------+
| 'A' | 'M' | '1' | 'p' | seq |
+-----+-----+-----+-----+-----------------------+----------+
| package name (str8) |
+----------------------------------------------------------+
Attach Request
+-----+-----+-----+-----+-----------------------+
| 'A' | 'M' | '1' | 'A' | seq |
+-----+-----+-----+-----+-----------------------+----------+
| label (str8) |
+-----------------------+----------------------------------+
| system-id (uuid) |
+-----------------------+----------------------------------+
| requested objId bank |
+-----------------------+
Attach
Response (success)
+-----+-----+-----+-----+-----------------------+
| 'A' | 'M' | '1' | 'a' | seq |
+-----+-----+-----+-----+-----------------------+
| assigned broker bank |
+-----------------------+
| assigned objId bank |
+-----------------------+
Console Added
Indication
+-----+-----+-----+-----+-----------------------+
| 'A' | 'M' | '1' | 'x' | seq |
+-----+-----+-----+-----+-----------------------+