| Author |
Message
|
| saurabh25281 |
 Posted: Thu Jun 23, 2016 10:33 am Post subject: IIB deployment using Ant on secured Integration Node |
 |
|
Centurion
Joined: 05 Nov 2006
Posts: 108
Location: Bangalore
|
Hi All,
I am trying to perform a automated deployment using Ant script which connects to a remote broker using a .broker file and pass the userid/password from the ant script, but it fails. Apparently the .broker file only has the userid field but not the password field. It seems that the ant script is unable to read the password provided using the parameter inputstring="password"
I am using IIBv10 mqsideploy command on my windows machine and the target deployment server is also v10.
Can anyone have a look at my Ant script and tell me where I am going wrong. Attaching the build.xml part which does the deployment. I am getting the error "BIP1936E: Authentication failure when connecting to the secured remote integration node 'localhost:4415'. Please specify a valid userid and password."
| Code: |
<target name="deployBar" description="deploys a bar file">
<echo message="Executing mqsideploy -n '${broker}' -e '${integrationServer}' -a '${servicename}-${version}-${environment}.bar'"/>
<exec executable="${mqsideploy.path}" inputstring="password" failonerror="false">
<arg value="-n" />
<arg value="${broker}" />
<arg value="-e" />
<arg value="${integrationServer}" />
<arg value="-a" />
<arg value="${servicename}-${version}-${environment}.bar" />
<arg value="-w" />
<arg value="2145336164" />
</exec>
</target>
|
|
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Thu Jun 23, 2016 11:14 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
well it appears that if you want to pass a userid and password you need to use
| Code: |
mqsideploy -i tcp://userid:passwd@hostname:port
with the usual % encoding of reserved chars.
Have fun :innocent: |
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| saurabh25281 |
| Posted: Thu Jun 23, 2016 1:49 pm Post subject: |
|
|
Centurion
Joined: 05 Nov 2006
Posts: 108
Location: Bangalore
|
Thanks for responding fjb.
The option you have specified does not work because our Integration Node is configured with SSL and -i option does not have parameter to include the SSL configuration (truststore & truststorePassword).
Last edited by saurabh25281 on Fri Jun 24, 2016 11:31 am; edited 1 time in total |
|
| Back to top |
|
|
| saurabh25281 |
| Posted: Fri Jun 24, 2016 3:52 am Post subject: |
|
|
Centurion
Joined: 05 Nov 2006
Posts: 108
Location: Bangalore
|
We found a solution wherein we need to set the environment variable MQSI_CMP_USERNAME & MQSI_CMP_PASSWORD. so now the modified ant script work fine.
| Code: |
<target name="deployBar" depends="applyBarOverride" description="deploys a bar file">
<echo message="Executing mqsideploy -n '${broker}' -e '${integrationServer}' -a '${servicename}-${version}-${environment}.bar'"/>
<exec executable="${mqsideploy.path}" failonerror="false" >
<env key="MQSI_CMP_USERNAME" value="${userid}"/>
<env key="MQSI_CMP_PASSWORD" value="${password}"/>
<arg value="-n" />
<arg value="${broker}" />
<arg value="-e" />
<arg value="${integrationServer}" />
<arg value="-a" />
<arg value="${servicename}-${version}-${environment}.bar" />
<arg value="-w" />
<arg value="2145336164" />
</exec>
</target>
|
|
|
| Back to top |
|
|
| smdavies99 |
| Posted: Sat Jun 25, 2016 9:02 am Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
| saurabh25281 wrote: |
We found a solution wherein we need to set the environment variable MQSI_CMP_USERNAME & MQSI_CMP_PASSWORD. so now the modified ant script work fine.
|
Saurabh, thanos for posting the solution here. I'm sure that others will find this answer useful in the future.
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| zpat |
| Posted: Thu Jan 12, 2017 7:45 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
Is it possible to get a remote mqsideploy on IIB v10 to work without having to code a password anywhere?
If the SSL option is used - does it still need a password?
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Thu Jan 12, 2017 9:01 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| zpat wrote: |
Is it possible to get a remote mqsideploy on IIB v10 to work without having to code a password anywhere?
If the SSL option is used - does it still need a password? |
um.
Disable security on the integration node, and then use firewall rules to control who can connect ?
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
| zpat |
| Posted: Fri Jan 13, 2017 12:52 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
Sigh.... 
Why do IBM have to "fix" things that are not broken (like the toolkit previously using MQ to connect)?
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
| smdavies99 |
| Posted: Fri Jan 13, 2017 3:25 am Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
| zpat wrote: |
Sigh....
Why do IBM have to "fix" things that are not broken (like the toolkit previously using MQ to connect)? |
It is called
Progress
or
Planned Obsolescence
Either way, things like this keep you employed does it not?
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| Vitor |
| Posted: Fri Jan 13, 2017 5:40 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| zpat wrote: |
| Why do IBM have to "fix" things that are not broken (like the toolkit previously using MQ to connect)? |
Because what we gain from removing MQ as a hard dependency outweighs what we lose from not having it.
I imagine that's IBM's view and I have to say I rather agree with it.
I support the right to not agree with it.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Jan 13, 2017 5:46 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| Vitor wrote: |
| zpat wrote: |
| Why do IBM have to "fix" things that are not broken (like the toolkit previously using MQ to connect)? |
Because what we gain from removing MQ as a hard dependency outweighs what we lose from not having it. |
I'd suspect it was from customers complaining for a long time.
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
| Vitor |
| Posted: Fri Jan 13, 2017 6:01 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| mqjeff wrote: |
| Vitor wrote: |
| zpat wrote: |
| Why do IBM have to "fix" things that are not broken (like the toolkit previously using MQ to connect)? |
Because what we gain from removing MQ as a hard dependency outweighs what we lose from not having it. |
I'd suspect it was from customers complaining for a long time. |
Including many of mine.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Jan 13, 2017 12:21 pm Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| Vitor wrote: |
| mqjeff wrote: |
| I'd suspect it was from customers complaining for a long time. |
Including many of mine. |
It's important to remember whom to blame.
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
| zpat |
| Posted: Sun Jan 15, 2017 11:53 pm Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
IBM used to ensure previous configurations would still work.
I don't mind new features (or even new defaults) providing they are optional.
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
| zpat |
| Posted: Tue Jan 17, 2017 12:56 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
Just to add some more info.
From IIB 10.0.0.6 - it's possible to code the user and password in the .broker file to avoid any prompt.
This user/password is created with mqsiwebadmin and the password can be "local" (IIB registry) or LDAP verified.
The IIB documentation does not really have an example of this, but I found a forum post with an example
| Code: |
<?xml version="1.0" encoding="utf-8"?>
<IntegrationNodeConnectionParameters
Version="10.0.0"
host="localhost"
listenerPort="4414"
integrationNodeName="TESTNODE_10006"
userName="benthomp"
password="password1234"
xmlns="http://www.ibm.com/xmlns/prod/websphere/iib/8/IntegrationNodeConnectionParameters" />
|
This still means that a password has to be coded in clear text though, but at least a .broker file can be held centrally and updated periodically.
https://developer.ibm.com/integration/blog/2016/08/26/explore-new-features-ibm-integration-bus-version-10-0-0-6/
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
|
|
