| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| MQ Openshift - tools for message administration |
« View previous topic :: View next topic » |
| Author |
Message
|
| avs01 |
 Posted: Thu Feb 16, 2023 12:51 am Post subject: MQ Openshift - tools for message administration |
 |
|
Newbie
Joined: 16 Feb 2023
Posts: 6
|
Hi,
We are moving from MQ AIX to MQ Openshift.
On MQ AIX, we are using support pack ma01 (q) and dmpmqmsg for (local) message administration.
Ma01 (q) is great for putting files as messages on queue’s and other functionality.
dmpmqmsg can only put files in ‘dmpmqmsg-format’ to a queue, as far as I known.
On MQ Openshift we use mutual TLS for all client connections, so also for remote administration.
Of course, in the MQ container image there is:
dmpmqmsg – great for message reading and copying messages
amqsput – not as powerful as ma01 (q)
So, I’m looking for possibilities for message administration on Openshift.
Based on the IBM article 'What options are available for putting the contents of a file as messages into an MQ queue', I considered:
1. MA01 - Compile the ma01 source (github mq-q-qload) and run it on a pod in the same namespace as the qmgrs. Then it can connect as a client using a non-TLS channel since we are in the same namespace, so we won’t have to using Openshift routes (TLS SNI mapping).
Does anyone know if ma01 is available as a container image?
2. RFHUtil with mTLS
I get RFHUtil with one-way TLS working, but not with mutual TLS. Is mTLS supported in RFHUtil?
3. MQ Explorer – I can put messages with MQ Explorer, but missing the flexibility for putting multiple and large custom files.
Any advise would be appreciated! |
|
| Back to top |
|
 |
| hughson |
| Posted: Thu Feb 16, 2023 1:51 am Post subject: |
|
|
Padawan
Joined: 09 May 2013
Posts: 1959
Location: Bay of Plenty, New Zealand
|
MA01 (The Q program) is also built and fully supported by MQGem. Please get in touch if you would like to discuss any improvements to it, e.g. making it available as a container image.
You can contact us through our About page.
QLOAD from MQGem can put all sorts of additional formats of messages, over and above what dmpmqmsg can do. Check out this as an example: QLOAD: Using delimited files
RFHUtil probably can't control whether the IBM MQ client it uses allows mTLS or not. You'll have to give us more details about this issue for us to help you. Perhaps open a separate thread on that subject?
Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Feb 16, 2023 7:48 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| hughson wrote: |
RFHUtil probably can't control whether the IBM MQ client it uses allows mTLS or not. You'll have to give us more details about this issue for us to help you. Perhaps open a separate thread on that subject?
|
It does support mutual TLS. However the client certificate will have to be labelled ibmwebspheremquserid and of course the cert needs a key length and algorithm that will be accepted etc... 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| avs01 |
| Posted: Mon Feb 20, 2023 3:03 am Post subject: |
|
|
Newbie
Joined: 16 Feb 2023
Posts: 6
|
Thx fjb_saper,
I had everything setup, except for the certificate label ibmwebspheremquserid. I thought it would just use the (only) default certificate in the keystore, but the label did the trick. Now using RFHUtil with mTLS.
Kind regards,
Arthur |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Tue Feb 21, 2023 6:52 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| avs01 wrote: |
Thx fjb_saper,
I had everything setup, except for the certificate label ibmwebspheremquserid. I thought it would just use the (only) default certificate in the keystore, but the label did the trick. Now using RFHUtil with mTLS.
Kind regards,
Arthur |
Great it worked for you. Just so that you know the "userid" part of the label is variable and you're supposed to have an actual userid there.
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| zpat |
| Posted: Wed Feb 22, 2023 11:27 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
I would imagine a C program like MA01 can connect with TLS channels if you supply a suitable CCDT file to set the cipher and set the keystore in the usual way.
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
