Author |
Message
|
EricCox |
Posted: Wed Jan 16, 2013 9:40 am Post subject: Starting User Trace on AIX Throws Errors |
|
|
Master
Joined: 08 Apr 2011 Posts: 292
|
To all,
On WMB 7.0 I try to start a trace and receive this set of errors.
Am I missing paths or environment variables?
I am logging on with my own user and .profile. It is pretty default stuff right now.
exec(): 0509-036 Cannot load program /opt/IBM/mqsi/7.0/bin/mqsichangetrace because of the following errors:
0509-150 Dependent module libImbCmdLib.a(libImbCmdLib.a.so) could not be loaded.
Here are the two commands I run to start the trace:
mqsichangetrace BROKER7 -u -e EGTest -r
mqsichangetrace BROKER7 -u -e EGTest -l debug -c 200000
Thanks,
Eric |
|
Back to top |
|
 |
mqjeff |
Posted: Wed Jan 16, 2013 9:53 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008 Posts: 17447
|
you didn't source mqsiprofile. |
|
Back to top |
|
 |
EricCox |
Posted: Wed Jan 16, 2013 9:55 am Post subject: Source mqsiprofile |
|
|
Master
Joined: 08 Apr 2011 Posts: 292
|
Here is what I run and what comes back:
n099999@abkrrib00001d01:/home/n016438$ . /opt/IBM/mqsi/7.0/bin/mqsiprofile
MQSI 7.0.0.1
/opt/IBM/mqsi/7.0
Now when I try to run the trace I get:
Failed to open file /var/mqsi/registry/%1/HASharedWorkPath with error The file access permissions do not allow the specified action.
BIP2113E: Message broker internal error: diagnostic information ''The file access permissions do not allow the specified action.'', '13', ''/var/mqsi/registry/%1/HASharedWorkPath''.
An internal software error has occurred in the message broker. Further messages will indicate the effect of this error on the broker's transactions.
Shutdown and restart the message broker. If the problem continues to occur, then restart the system. If the problem still continues to occur contact your IBM support center.
BIP8081E: An error occurred while processing the command.
An error occurred while the command was running; the command has cleaned up and ended.
Last edited by EricCox on Wed Jan 16, 2013 10:14 am; edited 1 time in total |
|
Back to top |
|
 |
mqjeff |
Posted: Wed Jan 16, 2013 10:13 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008 Posts: 17447
|
sounds like you're not authorized to administer the broker. |
|
Back to top |
|
 |
EricCox |
Posted: Wed Jan 16, 2013 10:15 am Post subject: Authorized |
|
|
Master
Joined: 08 Apr 2011 Posts: 292
|
How do I get authorized?
Is it a group assignment? I'll be happy to read if you can point me to a doc.
Thanks a bunch Jeff! |
|
Back to top |
|
 |
mqjeff |
Posted: Wed Jan 16, 2013 10:24 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008 Posts: 17447
|
You probably actually need to run these commands as the broker service user. |
|
Back to top |
|
 |
EricCox |
Posted: Wed Jan 16, 2013 10:25 am Post subject: Request to Add to Admin Groups |
|
|
Master
Joined: 08 Apr 2011 Posts: 292
|
I've requested to be added to mqm and mqbrkrs groups on this aix box.
Is that all I need? |
|
Back to top |
|
 |
EricCox |
Posted: Wed Jan 16, 2013 10:28 am Post subject: Financial Institution |
|
|
Master
Joined: 08 Apr 2011 Posts: 292
|
We can run user traces on WMB 6.0 on Windows as our own user.
I'm hoping I can do that the same on AIX.
Running interactive commands as the service user in a financial institution is frowned upon and I understand why.
I'm hoping I can work around that. |
|
Back to top |
|
 |
mqjeff |
Posted: Wed Jan 16, 2013 10:29 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008 Posts: 17447
|
being a member of mqbrks *might* be sufficient.
But you *might* have to run these commands as the broker service user. |
|
Back to top |
|
 |
Vitor |
Posted: Wed Jan 16, 2013 10:33 am Post subject: Re: Financial Institution |
|
|
 Grand High Poobah
Joined: 11 Nov 2005 Posts: 26093 Location: Texas, USA
|
EricCox wrote: |
Running interactive commands as the service user in a financial institution is frowned upon and I understand why. |
As someone with more than a little financial experience, I find it's frowned on only if used directly. Set mqbrkrs as a non-terminal user, give a controlled & audited list of people rights to sudo into it & log the sudo command. Used that all over the place. Makes auditors go "Ooo..." and clap their hands. _________________ Honesty is the best policy.
Insanity is the best defence. |
|
Back to top |
|
 |
EricCox |
Posted: Wed Jan 16, 2013 10:43 am Post subject: Broker User |
|
|
Master
Joined: 08 Apr 2011 Posts: 292
|
I didn't set up the machine. I'm not sure what user is running broker. Is there a way to look?
I tried to $su mqbrkrs but it said the user doesn't exist.
Sudo'ing into a user is a good way. I like that idea. |
|
Back to top |
|
 |
Vitor |
Posted: Wed Jan 16, 2013 11:10 am Post subject: Re: Broker User |
|
|
 Grand High Poobah
Joined: 11 Nov 2005 Posts: 26093 Location: Texas, USA
|
EricCox wrote: |
I didn't set up the machine. I'm not sure what user is running broker. Is there a way to look? |
ps - ef | grep bip
EricCox wrote: |
I tried to $su mqbrkrs but it said the user doesn't exist. |
Speak to your sys admins. They may have a method they like better.
EricCox wrote: |
Sudo'ing into a user is a good way. I like that idea. |
It's great. You have logs the auditors can lose days checking, you can let them have audits of who's in the sudoers list while you do real work and you can easily produce documents describing the procedure of applying for sudo access with example forms people need to fill out. In colour. Or color, depending on Atlantic orientation.
My tip: include a procedure where you go through the sudoers list once a year and make people prove they still need that high level of access. Demonstrates you're committed to keeping the access as locked down as possible. You win points. _________________ Honesty is the best policy.
Insanity is the best defence. |
|
Back to top |
|
 |
EricCox |
Posted: Wed Jan 16, 2013 12:20 pm Post subject: ps -ef Results |
|
|
Master
Joined: 08 Apr 2011 Posts: 292
|
Here is what I get:
n000000@abkrrib000000000:/home/n000000$ ps -ef | grep bip
candle 7864402 13959338 0 Jan 09 - 0:42 biphttplistener BKRD711
candle 8781992 1 0 Jan 09 - 0:01 bipservice BKRD711
candle 13959338 8781992 0 Jan 09 - 2:42 bipbroker BKRD711
bkrd02 15990922 17629334 0 14:00:29 - 0:02 biphttplistener BKRD11
bkrd02 17629334 17825962 0 14:00:25 - 0:04 bipbroker BKRD11
bkrd02 17825962 1 0 14:00:25 - 0:00 bipservice BKRD11 |
|
Back to top |
|
 |
mqjeff |
Posted: Wed Jan 16, 2013 12:22 pm Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008 Posts: 17447
|
so you need to su to the candle user. |
|
Back to top |
|
 |
EricCox |
Posted: Wed Jan 16, 2013 12:30 pm Post subject: Two Pairs of Eyes |
|
|
Master
Joined: 08 Apr 2011 Posts: 292
|
Thanks for the second pair of eyes. That's what I'm seeing also.
UNIX is saying we don't have assignment to mqm and mqbrkrs groups. But that isn't true we do on our Dev Windows instance. We can logon as ourselves and run traces. |
|
Back to top |
|
 |
|