| Author |
Message
|
| LMD |
 Posted: Fri Aug 22, 2014 7:09 am Post subject: IIB9 multi-instance broker problem with MQ service |
 |
|
Acolyte
Joined: 30 Oct 2002
Posts: 56
Location: Paris - France
|
Hi all,
I am trying to configure a multi-instance broker on Linux.
I am running IIB 9.0.0.2 on MQ 7.5.0.2.
Broker LMD01 is defined on QM VA01, with "-d defined" (start broker with QM)
On "side A", the broker start with the QM.
I failover on side B (endmqm -s) but after the QM have restarted, the broker doesn't start.
On the stderr log file for the MQ service, i got :
| Quote: |
MQSI 9.0.0.2
/opt/ibm/mqsi/9.0.0.2
Failed to open file /var/mqsi/registry/LMD01BRK/HASharedWorkPath with error Permission denied
Failed to open file /var/mqsi/registry/LMD01BRK/HASharedWorkPath with error Permission denied
BIP8081 An exception was caught while processing the command, 'Unable to format an ImbException message for output, ImbException message number is BIP2113'. |
But :
| Quote: |
| -rw-rw-rw- 1 root mqbrkrs 19 Jul 11 16:05 HASharedWorkPath |
and
| Quote: |
view /etc/group
mqm:x:504:root
mqbrkrs:x:10301:root,mqm |
on both sides.
If I fail back again on A side, the broker start with the QM.
AFAIK, the two servers as configured with same permissions.
Any ideas ?
_________________
lmd_at_demey-consulting.fr - http://demey-consulting.fr - Paris, France.
WMQ, WAS & IIB Certified.
#IBMChampion |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Fri Aug 22, 2014 7:26 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Make sure the ids (sid) and groups (gid) are the same on both machines! And of course group membership...
Did you create the broker with the corresponding flag for accessing the shared path (-B I think)? 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| LMD |
| Posted: Fri Aug 22, 2014 7:44 am Post subject: |
|
|
Acolyte
Joined: 30 Oct 2002
Posts: 56
Location: Paris - France
|
Hi,
uid, sid et membership are identicals.
When I do not use service (-d undefined), the broker works like advertised, so I doubt there is something with the shared path.
The broker has been created with :
on A side : mqsicreatebroker LMD01BRK -q VA01 -e /var/iibshared -d defined
on B side : mqsiaddbrokerinstance LMD01BRK -e /var/iibshared
The -b switch seems to be used for cachePolicy.
_________________
lmd_at_demey-consulting.fr - http://demey-consulting.fr - Paris, France.
WMQ, WAS & IIB Certified.
#IBMChampion |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Fri Aug 22, 2014 7:54 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Sorry -B is a windows thing...
What is the content of the script starting the broker? (On both machines)
Is the user part of some sudo setup that is missing in the second machine?
Which user is starting MQ (rc.d) on both machines? I trust the qmgr is multi-instance as well?
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| LMD |
| Posted: Fri Aug 22, 2014 7:59 am Post subject: |
|
|
Acolyte
Joined: 30 Oct 2002
Posts: 56
Location: Paris - France
|
Yes the QM is multi-instance, started by mqm.
The broker is started by the mq service.
When not using the mq service, the broker is started by root.
_________________
lmd_at_demey-consulting.fr - http://demey-consulting.fr - Paris, France.
WMQ, WAS & IIB Certified.
#IBMChampion |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Aug 22, 2014 8:00 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
|
| Back to top |
|
|
| LMD |
| Posted: Fri Aug 22, 2014 8:05 am Post subject: |
|
|
Acolyte
Joined: 30 Oct 2002
Posts: 56
Location: Paris - France
|
yes.
But I have a problem with :
| Code: |
Ensure that the IIB directories are owned by user and group mqbrkrs, and that the access permissions are set to rwx for user and group. For example ls -al displays:
drwxrwxr–x mqbrkrs mqbrkrs 4096 Jun 14 14:39 IIB
|
There is no mqbrkrs user on my systems, nor in any other place of the infocenter.
_________________
lmd_at_demey-consulting.fr - http://demey-consulting.fr - Paris, France.
WMQ, WAS & IIB Certified.
#IBMChampion |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Aug 22, 2014 8:10 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| LMD wrote: |
| There is no mqbrkrs user on my systems, nor in any other place of the infocenter. |
| LMD wrote: |
But :
-rw-rw-rw- 1 root mqbrkrs 19 Jul 11 16:05 HASharedWorkPath
and
view /etc/group
mqm:x:504:root
mqbrkrs:x:10301:root,mqm
on both sides. |
| Quote: |
| the access permissions are set to rwx for user and group |
|
|
| Back to top |
|
|
| smdavies99 |
| Posted: Fri Aug 22, 2014 8:22 am Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
| LMD wrote: |
When not using the mq service, the broker is started by root. |
If the Broker runs under the root Id then you are not starting it correctly.
the script invoked by root to start it should do something like
| Code: |
su -<brokerIDaccount> -c 'mqsistart <brokername>'
|
BrokerIDAccount is the user you specified when creating the broker. This is the account under which the broker will run. It should be setup with the mqbrkrs group as the primary group with mqm as a secondary group.
This
| Quote: |
The broker has been created with :
on A side : mqsicreatebroker LMD01BRK -q VA01 -e /var/iibshared -d defined
on B side : mqsiaddbrokerinstance LMD01BRK -e /var/iibshared
|
is IMHO where you are going wrong. You really need to define a username/password for the broker to run under. Running anything under 'root' is a really bad idea (and a huge security hole)
The IBM documentation is IMHO very deficient in this area. The examples they give are (again IMHO) very poor and can lead you to go down a number of dead ends.
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Aug 22, 2014 8:26 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| smdavies99 wrote: |
| You really need to define a username/password for the broker to run under. |
On *unix*, the id that executes mqsistart is the id that runs broker. Always.
So it makes no difference what you pass to mqsicreatebroker. mqsistart will always run the broker as the user that is running mqsistart.
Unlike on windows, where mqsistart essentially starts the windows service that starts the broker.
| smdavies99 wrote: |
| Running anything under 'root' is a really bad idea (and a huge security hole) |
Yes. |
|
| Back to top |
|
|
| JosephGramig |
| Posted: Fri Aug 22, 2014 9:26 am Post subject: |
|
|
Grand Master
Joined: 09 Feb 2006
Posts: 1244
Location: Gold Coast of Florida, USA
|
| smdavies99 wrote: |
| It should be setup with the mqbrkrs group as the primary group with mqm as a secondary group. |
NO! Every ID in the mqm group should have the mqm group as their primary group because every object they create will implicitly grant the primary group full privileges to the object just created (*UNIX* only). Do it the other way around.
The only IDs that should ever be in the mqm group is the ID that runs MQ and the ID that runs the broker. |
|
| Back to top |
|
|
| LMD |
| Posted: Tue Aug 26, 2014 4:39 am Post subject: SOLVED: IIB9 multi-instance broker problem with MQ service |
|
|
Acolyte
Joined: 30 Oct 2002
Posts: 56
Location: Paris - France
|
After numerous tests, I finally solved this problem. It was not an ID problem or a rights issue.
On B side, a TCP / IP listener was started via a runmqslr (explicit mode) and remained active even after a switch:
| Code: |
-eaf ps | grep mq
mqm 2771 1 0 JUL09? 0:00:18 / opt / mqm / bin / amqzmgr0 -m LMD01
mqm 2968 2771 0 JUL09? 0:00:25 / opt / mqm / bin / r runmqlsr -m LMD01 t TCP |
There were also AMQ9255 messages in amqerrlog:
| Code: |
AMQ9255: Listener already running.
EXPLANATION:
The request to start the WebSphere MQ listener failed Because there is already a listener running against the specified network resources. |
I killed the runmqlsr process, and from there, the broker normally restarted in service mode on both sides after a switchover.
Now that the HA part of the broker is OK, I'm going to work on accounts and rights to use to start and manage all his.
Thank you all for your help.
_________________
lmd_at_demey-consulting.fr - http://demey-consulting.fr - Paris, France.
WMQ, WAS & IIB Certified.
#IBMChampion |
|
| Back to top |
|
|
|
|
