Versions Compared

Version Old Version 19 New Version 20
Changes made by

Julio Polo

Julio Polo

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. This first step is optional, but it will save you from a lot of troubleshooting if you are able to perform it:
    1. Login to the system where your production application runs and connects to the UH Message Broker:
    2. Run this openssl command:

      • openssl s_client -connect 128.171.138.176:5671
        The first few lines should look like this

        No Format
        CONNECTED(00000003)
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = US, O = Internet2, CN = InCommon RSA Server CA 2
verify return:1
depth=0 C = US, ST = Hawaii, O = University of Hawaii at Manoa, CN = esb-test-future.its.hawaii.edu
verify return:1
write W BLOCK
---
Certificate chain
 0 s:/C=US/ST=Hawaii/O=University of Hawaii at Manoa/CN=esb-test-future.its.hawaii.edu
   i:/C=US/O=Internet2/CN=InCommon RSA Server CA 2
 1 s:/C=US/O=Internet2/CN=InCommon RSA Server CA 2
   i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
 2 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
   i:/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
 3 s:/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
   i:/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
---


  2. Set up a test instance of your application
    • Preferably set up this test instance on the same host that runs your production application (this will confirm that our firewall will allow you to connect after we upgrade).
    • If you need to test from a different host, please send us the IP address of this test host to its-iam-help@lists.hawaii.edu and wait for us to allow it through our firewall. You can also run the openssl command from step 1 above to check whether you are already allowed to connect.
    • (warning) Regardless of where it runs, this test instance must not make production data changes.  Be sure to keep production and test instances of your application completely separate and independent.
  3. Connect the test instance of your application to the following test broker:
    • Test broker host: esb-test-future.its.hawaii.edu
    • Test broker port: 5671 (TLS 1.1 no longer supported, must use TLS 1.2 or 1.3)
    • Test broker account and password: (same as production broker)
    • Test broker vhost: (add future- prefix to whatever vhost you are using in production, e.g. if vhost is uhims, then use future-uhims in this test broker)
    • Test broker exchanges and queues: (same names as in production broker)
    • If your application production environment has been using TLS 1.1, you must now use TLS 1.2 or 1.3.
  4. Once connected to the above test broker, Verify that the test instance of your application can :Test consuming messages from its queues (queue names are the same, you only need to add the future- prefix to the vhost)These consume messages from the above test broker.
    • You can skip this test if your application only publishes to the broker (only a couple of applications do this)
    • For these tests, remember to change the vhost to have the future- prefix.  The queue name should be the same as what you use in production
    • Your queues are getting copies of messages sent to the production broker since 4/18/2023 11:00 AM.
      • (warning) IMPORTANT: You should test consuming messages from these queues because we will use this message copying method during copied messages have additional metadata (message headers).  During the cut over to the new broker.  Copied messages may have additional metadata (message headers) and you should verify the metadata does not prevent you from consuming the copied message.
      Test publishing messages to exchanges (exchange names are the same, you only need
      • , we will need to copy any unconsumed messages from the old queues to the new queues.  Therefore, you should verify that you can consume these copied messages and that their extra headers are not a problem for you.
  5. If your application publishes to the broker, and we have not previously contacted you to test against this new version of the broker, please go ahead and test publishing.
    1. Remember to add the future- prefix to the vhost
    )If you publish to an exchange in this test broker, your messages should be delivered to the queues bound to that exchange.  However, keep in mind that during this testing period, we are also live-copying messages from the production broker to this test broker.  Therefore, some queues may have messages from both sources.  If you want to test with a new queue that captures only your published messages, please contact its-iam-help@lists.hawaii.edu and we will gladly set it up for you
    1. name for these tests.
    2. If you do not have access to a queue to confirm that your messages are being published, please contact us at the email address below.

Have more questions? Contact its-iam-help@lists.hawaii.edu

...