ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » IIB deployment using Ant on secured Integration Node

Post new topic  Reply to topic Goto page 1, 2  Next
 IIB deployment using Ant on secured Integration Node « View previous topic :: View next topic » 
Author Message
saurabh25281
PostPosted: Thu Jun 23, 2016 10:33 am    Post subject: IIB deployment using Ant on secured Integration Node Reply with quote

Centurion

Joined: 05 Nov 2006
Posts: 107
Location: Bangalore

Hi All,

I am trying to perform a automated deployment using Ant script which connects to a remote broker using a .broker file and pass the userid/password from the ant script, but it fails. Apparently the .broker file only has the userid field but not the password field. It seems that the ant script is unable to read the password provided using the parameter inputstring="password"

I am using IIBv10 mqsideploy command on my windows machine and the target deployment server is also v10.

Can anyone have a look at my Ant script and tell me where I am going wrong. Attaching the build.xml part which does the deployment. I am getting the error "BIP1936E: Authentication failure when connecting to the secured remote integration node 'localhost:4415'. Please specify a valid userid and password."


Code:

   <target name="deployBar" description="deploys a bar file">
      <echo message="Executing mqsideploy -n '${broker}' -e '${integrationServer}' -a '${servicename}-${version}-${environment}.bar'"/>
      <exec executable="${mqsideploy.path}" inputstring="password" failonerror="false">
         <arg value="-n" />
         <arg value="${broker}" />
         <arg value="-e" />
         <arg value="${integrationServer}" />
         <arg value="-a" />
         <arg value="${servicename}-${version}-${environment}.bar" />
         <arg value="-w" />
         <arg value="2145336164" />
      </exec>
   </target>
Back to top
View user's profile Send private message Send e-mail Yahoo Messenger
fjb_saper
PostPosted: Thu Jun 23, 2016 11:14 am    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

well it appears that if you want to pass a userid and password you need to use
Code:
mqsideploy -i tcp://userid:passwd@hostname:port
with the usual % encoding of reserved chars.

Have fun :innocent:

_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
saurabh25281
PostPosted: Thu Jun 23, 2016 1:49 pm    Post subject: Reply with quote

Centurion

Joined: 05 Nov 2006
Posts: 107
Location: Bangalore

Thanks for responding fjb.

The option you have specified does not work because our Integration Node is configured with SSL and -i option does not have parameter to include the SSL configuration (truststore & truststorePassword).


Last edited by saurabh25281 on Fri Jun 24, 2016 11:31 am; edited 1 time in total
Back to top
View user's profile Send private message Send e-mail Yahoo Messenger
saurabh25281
PostPosted: Fri Jun 24, 2016 3:52 am    Post subject: Reply with quote

Centurion

Joined: 05 Nov 2006
Posts: 107
Location: Bangalore

We found a solution wherein we need to set the environment variable MQSI_CMP_USERNAME & MQSI_CMP_PASSWORD. so now the modified ant script work fine.

Code:

   <target name="deployBar" depends="applyBarOverride" description="deploys a bar file">
      <echo message="Executing mqsideploy -n '${broker}' -e '${integrationServer}' -a '${servicename}-${version}-${environment}.bar'"/>
      <exec executable="${mqsideploy.path}" failonerror="false" >
         <env key="MQSI_CMP_USERNAME" value="${userid}"/>
         <env key="MQSI_CMP_PASSWORD" value="${password}"/>
         <arg value="-n" />
         <arg value="${broker}" />
         <arg value="-e" />
         <arg value="${integrationServer}" />
         <arg value="-a" />
         <arg value="${servicename}-${version}-${environment}.bar" />
         <arg value="-w" />
         <arg value="2145336164" />
      </exec>
   </target>
Back to top
View user's profile Send private message Send e-mail Yahoo Messenger
smdavies99
PostPosted: Sat Jun 25, 2016 9:02 am    Post subject: Reply with quote

Jedi Council

Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.

saurabh25281 wrote:
We found a solution wherein we need to set the environment variable MQSI_CMP_USERNAME & MQSI_CMP_PASSWORD. so now the modified ant script work fine.


Saurabh, thanos for posting the solution here. I'm sure that others will find this answer useful in the future.
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995

Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions.
Back to top
View user's profile Send private message
zpat
PostPosted: Thu Jan 12, 2017 7:45 am    Post subject: Reply with quote

Jedi Council

Joined: 19 May 2001
Posts: 5849
Location: UK

Is it possible to get a remote mqsideploy on IIB v10 to work without having to code a password anywhere?

If the SSL option is used - does it still need a password?
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error.
Back to top
View user's profile Send private message
mqjeff
PostPosted: Thu Jan 12, 2017 9:01 am    Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447

zpat wrote:
Is it possible to get a remote mqsideploy on IIB v10 to work without having to code a password anywhere?

If the SSL option is used - does it still need a password?


um.

Disable security on the integration node, and then use firewall rules to control who can connect ?
_________________
chmod -R ugo-wx /
Back to top
View user's profile Send private message
zpat
PostPosted: Fri Jan 13, 2017 12:52 am    Post subject: Reply with quote

Jedi Council

Joined: 19 May 2001
Posts: 5849
Location: UK

Sigh....


Why do IBM have to "fix" things that are not broken (like the toolkit previously using MQ to connect)?
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error.
Back to top
View user's profile Send private message
smdavies99
PostPosted: Fri Jan 13, 2017 3:25 am    Post subject: Reply with quote

Jedi Council

Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.

zpat wrote:
Sigh....


Why do IBM have to "fix" things that are not broken (like the toolkit previously using MQ to connect)?


It is called

Progress

or

Planned Obsolescence

Either way, things like this keep you employed does it not?
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995

Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions.
Back to top
View user's profile Send private message
Vitor
PostPosted: Fri Jan 13, 2017 5:40 am    Post subject: Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA

zpat wrote:
Why do IBM have to "fix" things that are not broken (like the toolkit previously using MQ to connect)?


Because what we gain from removing MQ as a hard dependency outweighs what we lose from not having it.

I imagine that's IBM's view and I have to say I rather agree with it.

I support the right to not agree with it.
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
mqjeff
PostPosted: Fri Jan 13, 2017 5:46 am    Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447

Vitor wrote:
zpat wrote:
Why do IBM have to "fix" things that are not broken (like the toolkit previously using MQ to connect)?


Because what we gain from removing MQ as a hard dependency outweighs what we lose from not having it.


I'd suspect it was from customers complaining for a long time.
_________________
chmod -R ugo-wx /
Back to top
View user's profile Send private message
Vitor
PostPosted: Fri Jan 13, 2017 6:01 am    Post subject: Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA

mqjeff wrote:
Vitor wrote:
zpat wrote:
Why do IBM have to "fix" things that are not broken (like the toolkit previously using MQ to connect)?


Because what we gain from removing MQ as a hard dependency outweighs what we lose from not having it.


I'd suspect it was from customers complaining for a long time.


Including many of mine.
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
mqjeff
PostPosted: Fri Jan 13, 2017 12:21 pm    Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447

Vitor wrote:
mqjeff wrote:
I'd suspect it was from customers complaining for a long time.


Including many of mine.


It's important to remember whom to blame.
_________________
chmod -R ugo-wx /
Back to top
View user's profile Send private message
zpat
PostPosted: Sun Jan 15, 2017 11:53 pm    Post subject: Reply with quote

Jedi Council

Joined: 19 May 2001
Posts: 5849
Location: UK

IBM used to ensure previous configurations would still work.

I don't mind new features (or even new defaults) providing they are optional.
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error.
Back to top
View user's profile Send private message
zpat
PostPosted: Tue Jan 17, 2017 12:56 am    Post subject: Reply with quote

Jedi Council

Joined: 19 May 2001
Posts: 5849
Location: UK

Just to add some more info.

From IIB 10.0.0.6 - it's possible to code the user and password in the .broker file to avoid any prompt.

This user/password is created with mqsiwebadmin and the password can be "local" (IIB registry) or LDAP verified.

The IIB documentation does not really have an example of this, but I found a forum post with an example

Code:

<?xml version="1.0" encoding="utf-8"?>
<IntegrationNodeConnectionParameters
    Version="10.0.0"
    host="localhost"
    listenerPort="4414"
    integrationNodeName="TESTNODE_10006"
    userName="benthomp"
    password="password1234"
    xmlns="http://www.ibm.com/xmlns/prod/websphere/iib/8/IntegrationNodeConnectionParameters" />


This still means that a password has to be coded in clear text though, but at least a .broker file can be held centrally and updated periodically.

https://developer.ibm.com/integration/blog/2016/08/26/explore-new-features-ibm-integration-bus-version-10-0-0-6/
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Goto page 1, 2  Next Page 1 of 2

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » IIB deployment using Ant on secured Integration Node
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.