| Author |
Message
|
| belchman |
 Posted: Tue May 11, 2021 8:47 am Post subject: Disallow bindings connections |
 |
|
Partisan
Joined: 31 Mar 2006
Posts: 386
Location: Ohio, USA
|
Is there a way for me to completely disallow bindings connections to the queue manager? I want to mandate client connections only unless an application has shown evidence that they require bindings connections.
DefaultBindType, based on the name, is a default and will not stop an application from connecting in bindings mode.
Thank you
_________________
Make three correct guesses consecutively and you will establish a reputation as an expert. ~ Laurence J. Peter |
|
| Back to top |
|
 |
| belchman |
| Posted: Tue May 11, 2021 9:22 am Post subject: |
|
|
Partisan
Joined: 31 Mar 2006
Posts: 386
Location: Ohio, USA
|
Perhaps I can be sneaky and disallow them access to mqjbnd-- perhaps by renaming it to mqjbnd.nowayjose
_________________
Make three correct guesses consecutively and you will establish a reputation as an expert. ~ Laurence J. Peter |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Tue May 11, 2021 10:03 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9470
Location: US: west coast, almost. Otherwise, enroute.
|
Do you literally mean ALL server-bindings connection? Or just some specific apps?
Why precisely? What issue are you facing?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| belchman |
| Posted: Tue May 11, 2021 10:10 am Post subject: |
|
|
Partisan
Joined: 31 Mar 2006
Posts: 386
Location: Ohio, USA
|
We have WebsphereAS cells that connect to MQ in which applications can set up their QCFs to connect in BINDINGs mode even though I tell them to stop doing that. If they need BINDINGs mode, I want the to show me proof that they need it and not just do it to "be safe".
Since I do not have purview over WAS, I cannot control what they do and what they do controls me in that I cannot bounce a queue manager in which the application is connected in BINDINGs mode.
This makes our patching and upgrade cycles painfully slow.
My dream is to force client mode and allow bindings mode after a debate.
We have a distributed architecture and basically a queue manager is for a specific WAS node.
_________________
Make three correct guesses consecutively and you will establish a reputation as an expert. ~ Laurence J. Peter |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Tue May 11, 2021 10:34 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9470
Location: US: west coast, almost. Otherwise, enroute.
|
I don’t understand your rationale for/against bindings- and client-mode apps?
Other than policy, what prevents you from cycling a qmgr with a server-bindings app? Is it a long-running app?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| belchman |
| Posted: Tue May 11, 2021 10:38 am Post subject: |
|
|
Partisan
Joined: 31 Mar 2006
Posts: 386
Location: Ohio, USA
|
If they are connected to the queue manager in bindings mode, they are running in the MQ memory space and the queue manager will not come back up until they shut down their JVMs.
Getting them to shut down their JVMs is time consuming.
If they are connecting in client mode, I can bounce the queue manager and it will come back up. Then they can bounce their JVMs at their leisure without forcing me to wait on them.
_________________
Make three correct guesses consecutively and you will establish a reputation as an expert. ~ Laurence J. Peter |
|
| Back to top |
|
|
| belchman |
| Posted: Tue May 11, 2021 11:05 am Post subject: |
|
|
Partisan
Joined: 31 Mar 2006
Posts: 386
Location: Ohio, USA
|
We have WebsphereAS cells that connect to MQ in which applications can set up their QCFs to connect in BINDINGs mode even though I tell them to stop doing that. If they need BINDINGs mode, I want the to show me proof that they need it and not just do it to "be safe".
Since I do not have purview over WAS, I cannot control what they do and what they do controls me in that I cannot bounce a queue manager in which the application is connected in BINDINGs mode.
This makes our patching and upgrade cycles painfully slow.
My dream is to force client mode and allow bindings mode after a debate.
We have a distributed architecture and basically a queue manager is for a specific WAS node.
_________________
Make three correct guesses consecutively and you will establish a reputation as an expert. ~ Laurence J. Peter |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Tue May 11, 2021 12:33 pm Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
I agree with Bruce. You are taking the wrong approach.
First off, having applications connect in bindings mode is far more efficient - the queue manager uses less resources i.e. CPU & memory. And the application will get a higher throughput rate.
How did the applications ever pass integration testing if you cannot bounce a queue manager (in a timely manner) and then the application automatically reconnects when the queue manager is re-started??? Something was totally missed.
Basically what is screwing you is a badly configured application(s). The QCF and or Q JNDI definitions are missing the FailIfQuiesce parameter.
i.e.
| Code: |
DEFINE QCF(myQCF) QMANAGER(MQA1) TRANSPORT(BINDINGS) FAILIFQUIESCE(YES)
DEFINE Q(dev.test.q) QUEUE(TEST.Q1) QMANAGER(MQA1) TARGCLIENT(JMS) FAILIFQUIESCE(YES) |
The whole point of the FailIfQuiesce parameter is to allow MQAdmins to gracefully shutdown and then restart a queue manager.
Get the applications to correctly configure their application(s) and then you won't have any problems.
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Tue May 11, 2021 3:12 pm Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
If you don't grant MQ Auth Recs for the ID (or parent group) their local app runs as, they can't connect in bindings mode.
When they complain, you tell them they can connect via this nice shiny SVRCONN channel you defined for them. You can control who can use that channel and what ID that channel will run as, which will have MQ Auth Recs to connect.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| gbaddeley |
| Posted: Tue May 11, 2021 6:10 pm Post subject: |
|
|
Jedi Knight
Joined: 25 Mar 2003
Posts: 2538
Location: Melbourne, Australia
|
| belchman wrote: |
..I cannot bounce a queue manager in which the application is connected in BINDINGs mode.
This makes our patching and upgrade cycles painfully slow.
My dream is to force client mode and allow bindings mode after a debate. |
Have you tried endmqm -i QMNAME ? This generally safe. We do it in production with no apparent consequences.
_________________
Glenn |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Wed May 12, 2021 4:19 am Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
| Quote: |
| If they are connected to the queue manager in bindings mode, they are running in the MQ memory space and the queue manager will not come back up until they shut down their JVMs. |
The problem is not the QM ending, but rather starting it back up?
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Wed May 12, 2021 4:47 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9470
Location: US: west coast, almost. Otherwise, enroute.
|
| PeterPotkay wrote: |
| Quote: |
| If they are connected to the queue manager in bindings mode, they are running in the MQ memory space and the queue manager will not come back up until they shut down their JVMs. |
The problem is not the QM ending, but rather starting it back up? |
Or, is the issue that the applications fail to reconnect once the qmgr restarts?
If the qmgr fails to restart, post the errors logged.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| gbaddeley |
| Posted: Wed May 12, 2021 3:58 pm Post subject: |
|
|
Jedi Knight
Joined: 25 Mar 2003
Posts: 2538
Location: Melbourne, Australia
|
| belchman wrote: |
| If they are connected to the queue manager in bindings mode, they are running in the MQ memory space and the queue manager will not come back up until they shut down their JVMs. |
Why won't the queue manager come up? More information please. This seems to be very unusual.
_________________
Glenn |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Wed May 12, 2021 4:08 pm Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
I remember years ago I would run into something like this with a monitoring agent that was connected to the QMGR in bindings mode. The QMGR would sometimes complain about a previous process still running.
In fact, very rarely the QMGR would complain about a previous process still running, blocking the QM start up, and ps -ef would show it was runmqlsr! 
Haven't seen this issue in years though.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| gbaddeley |
| Posted: Thu May 13, 2021 3:06 pm Post subject: |
|
|
Jedi Knight
Joined: 25 Mar 2003
Posts: 2538
Location: Melbourne, Australia
|
| PeterPotkay wrote: |
| ...Haven't seen this issue in years though. |
Ditto. I don't think I've had this issue since MQ v7.0. Maybe the MQI's release their connections much quicker than in the past, when the qmgr goes down unexpectedly.
_________________
Glenn |
|
| Back to top |
|
|
|
|
