| Author |
Message
|
| ivanachukapawn |
 Posted: Tue Mar 15, 2016 8:17 am Post subject: RETRYING CLUSTER SENDERS dis chstatus shows wrong conname |
 |
|
Knight
Joined: 27 Oct 2003
Posts: 561
|
RETRYING CLUSTER SENDERS dis chstatus shows wrong conname
I have two MQ8.0.0.4 qmgrs running on VirtualBox CentOS. These qmgrs (TEST1 and MQTT1) are both full repos for a single cluster. The TEST1 qmgr has configured cluster sender (TO.MQTT1) with conname 10.55.175.55(1441) and MQTT1 qmgr has configured cluster sender (TO.TEST1) with conname
10.55.175.55(1421) - obviously both qmgrs on the same host. The channel status display on TEST1 looks like this:
display chstatus (*)
1 : display chstatus (*)
AMQ8417: Display Channel Status details.
CHANNEL(TEST1.ADMIN) CHLTYPE(SVRCONN)
CONNAME(10.55.174.16) CURRENT
STATUS(RUNNING) SUBSTATE(RECEIVE)
AMQ8417: Display Channel Status details.
CHANNEL(TO.MQTT1) CHLTYPE(CLUSSDR)
CONNAME(127.0.0.1) CURRENT
RQMNAME( ) STATUS(RETRYING)
SUBSTATE( ) XMITQ(SYSTEM.CLUSTER.TRANSMIT.QUEUE)
Question #1: why does the retrying cluster sender display a conname of (127.0.0.1) with no port? That's not what is configured.
Question #2: why does the admin SVRCONN display a connection name of (10.55.174.16) which does not match the host IP for the qmgr?
The ifconfig for the host:
mqm@localhost.localdomain(/var/mqm/scripts): ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:93:C3:1C
inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe93:c31c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1296 (1.2 KiB) TX bytes:1828 (1.7 KiB)
eth1 Link encap:Ethernet HWaddr 08:00:27:26:69:A6
inet addr:10.55.175.55 Bcast:10.55.175.255 Mask:255.255.254.0
inet6 addr: fe80::a00:27ff:fe26:69a6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8276 errors:0 dropped:0 overruns:0 frame:0
TX packets:6849 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:884930 (864.1 KiB) TX bytes:2442665 (2.3 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:350 errors:0 dropped:0 overruns:0 frame:0
TX packets:350 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:33204 (32.4 KiB) TX bytes:33204 (32 |
|
| Back to top |
|
 |
| bruce2359 |
| Posted: Tue Mar 15, 2016 8:39 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9442
Location: US: west coast, almost. Otherwise, enroute.
|
To complete the connection, CLUSSDR channels use the CLUSRCVR channel definition from the other qmgr.
Post here your CLUSSDR channel definition.
Post here the CLUSRCVR channel from the other qmgr.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Tue Mar 15, 2016 8:46 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20729
Location: LI,NY
|
A few observations:
a) to check the connectivity you could use localhost and the loopback. Both servers are on the same host.... (I know not good for clusters ...)
b) Check your output from ifconfig:
eth0: inet addr:10.0.2.15 mask 255.255.255.0
eth1: inet addr:10.55.175.55 mask: 255.255.254.0
You conname in the channel status shows (127.0.0.1) as origin for the channel (which is not wrong).
The same way it shows 10.55.175.16 as the origin for the call to the svrconn.
Finding out why the channel is in retry mode can be a little bit more challenging.
Try the following runmqsc command:
| Code: |
| dis chlauth(to.mqtt1) type(all) match(runcheck) qmname(test1) address('127.0.0.1') |
And make sure you check both qmgrs' error logs
and let us know the result... 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| ivanachukapawn |
| Posted: Tue Mar 15, 2016 8:53 am Post subject: |
|
|
Knight
Joined: 27 Oct 2003
Posts: 561
|
Bruce,
Here are the channel definitions you requested:
display channel (TO.MQTT1) ALL
1 : display channel (TO.MQTT1) ALL
AMQ8414: Display Channel details.
CHANNEL(TO.MQTT1) CHLTYPE(CLUSSDR)
ALTDATE(2016-03-15) ALTTIME(08.31.53)
BATCHHB(0) BATCHINT(0)
BATCHLIM(5000) BATCHSZ(50)
CLUSNL( ) CLUSTER(MQ8cluster)
CLWLPRTY(0) CLWLRANK(0)
CLWLWGHT(50) COMPHDR(NONE)
COMPMSG(NONE) CONNAME(10.55.175.55(1441))
CONVERT(NO) DESCR( )
DISCINT(6000) HBINT(300)
KAINT(AUTO) LOCLADDR( )
LONGRTY(999999999) LONGTMR(1200)
MAXMSGL(4194304) MCANAME( )
MCATYPE(THREAD) MCAUSER( )
MODENAME( ) MONCHL(QMGR)
MSGDATA( ) MSGEXIT( )
NPMSPEED(FAST) PASSWORD( )
PROPCTL(COMPAT) RCVDATA( )
RCVEXIT( ) RESETSEQ(NO)
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SEQWRAP(999999999) SHORTRTY(10)
SHORTTMR(60) SSLCIPH( )
SSLPEER( ) STATCHL(QMGR)
TPNAME( ) TRPTYPE(TCP)
USEDLQ(YES) USERID( )
display channel (TO.MQTT1) ALL
1 : display channel (TO.MQTT1) ALL
AMQ8414: Display Channel details.
CHANNEL(TO.MQTT1) CHLTYPE(CLUSRCVR)
ALTDATE(2016-03-15) ALTTIME(09.16.45)
BATCHHB(0) BATCHINT(0)
BATCHLIM(5000) BATCHSZ(50)
CERTLABL( ) CLUSNL( )
CLUSTER(MQ8cluster) CLWLPRTY(0)
CLWLRANK(0) CLWLWGHT(50)
COMPHDR(NONE) COMPMSG(NONE)
CONNAME(10.55.175.55(1441)) CONVERT(NO)
DESCR( ) DISCINT(6000)
HBINT(300) KAINT(AUTO)
LOCLADDR( ) LONGRTY(999999999)
LONGTMR(1200) MAXMSGL(4194304)
MCANAME( ) MCATYPE(THREAD)
MCAUSER( ) MODENAME( )
MONCHL(QMGR) MRDATA( )
MREXIT( ) MRRTY(10)
MRTMR(1000) MSGDATA( )
MSGEXIT( ) NETPRTY(0)
NPMSPEED(FAST) PROPCTL(COMPAT)
PUTAUT(DEF) RCVDATA( )
RCVEXIT( ) RESETSEQ(NO)
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SEQWRAP(999999999) SHORTRTY(10)
SHORTTMR(60) SSLCAUTH(REQUIRED)
SSLCIPH( ) SSLPEER( )
STATCHL(QMGR) TPNAME( )
TRPTYPE(TCP) USEDLQ(YES) |
|
| Back to top |
|
|
| ivanachukapawn |
| Posted: Tue Mar 15, 2016 9:08 am Post subject: |
|
|
Knight
Joined: 27 Oct 2003
Posts: 561
|
Grand Poobah,
I ran the suggested command (Morag?) on the TEST1 qmgr with this result:
Starting MQSC for queue manager TEST1.
dis chlauth(to.mqtt1) type(all) match(runcheck) qmname(test1) address('127.0.0.1')
1 : dis chlauth(to.mqtt1) type(all) match(runcheck) qmname(test1) address('127.0.0.1')
AMQ8878: Display channel authentication record details.
CHLAUTH(*) TYPE(ADDRESSMAP)
DESCR(Back-stop rule) CUSTOM( )
ADDRESS(*) USERSRC(NOACCESS)
WARN(NO) ALTDATE(2015-07-0
ALTTIME(07.30.49)
My brain is sizzled. I think this means that this connection is blocked by the back-stop rule - but according to Morag, the backstop rule can be defeated by any more specific allow rule which I believe I have configured - i.e.
AMQ8878: Display channel authentication record details.
CHLAUTH(TO.TEST1) TYPE(QMGRMAP)
ADDRESS(*) QMNAME(*)
MCAUSER(mqm)
what's going on? |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Tue Mar 15, 2016 9:09 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20729
Location: LI,NY
|
Could be due to channel auth running into backstop rule for 127.0.0.1
Note there is no information in LOCLADDR forcing it to any other interface...
I usually give a blanket authorization for localhost (127.0.0.1) ... makes things easier...
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Tue Mar 15, 2016 9:18 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20729
Location: LI,NY
|
| Quote: |
| Code: |
My brain is sizzled. I think this means that this connection is blocked by the back-stop rule - but according to Morag, the backstop rule can be defeated by any more specific allow rule which I believe I have configured - i.e.
AMQ8878: Display channel authentication record details.
CHLAUTH(TO.TEST1) TYPE(QMGRMAP)
ADDRESS(*) QMNAME(*)
MCAUSER(mqm)
|
|
Well you created the exception for channel TO.TEST1.
You are checking the rules for channel TO.MQTT1.
Not the same channel...not the same rules...
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| ivanachukapawn |
| Posted: Wed Mar 16, 2016 5:18 am Post subject: |
|
|
Knight
Joined: 27 Oct 2003
Posts: 561
|
I specified the IP for LOCALADDR and put in a blanket chlauth for 127.0.0.1 as suggested. I'm including both TEST1 and MQTT1 channel defs and CHLAUTH.
TEST1:
Starting MQSC for queue manager TEST1.
dis channel (TO.TEST1) all
1 : dis channel (TO.TEST1) all
AMQ8414: Display Channel details.
CHANNEL(TO.TEST1) CHLTYPE(CLUSRCVR)
ALTDATE(2016-03-16) ALTTIME(06.50.2
BATCHHB(0) BATCHINT(0)
BATCHLIM(5000) BATCHSZ(50)
CERTLABL( ) CLUSNL( )
CLUSTER(MQ8cluster) CLWLPRTY(0)
CLWLRANK(0) CLWLWGHT(50)
COMPHDR(NONE) COMPMSG(NONE)
CONNAME(10.55.175.55(1421)) CONVERT(NO)
DESCR( ) DISCINT(6000)
HBINT(300) KAINT(AUTO)
LOCLADDR(10.55.175.55) LONGRTY(999999999)
LONGTMR(1200) MAXMSGL(4194304)
MCANAME( ) MCATYPE(THREAD)
MCAUSER( ) MODENAME( )
MONCHL(QMGR) MRDATA( )
MREXIT( ) MRRTY(10)
MRTMR(1000) MSGDATA( )
MSGEXIT( ) NETPRTY(0)
NPMSPEED(FAST) PROPCTL(COMPAT)
PUTAUT(DEF) RCVDATA( )
RCVEXIT( ) RESETSEQ(NO)
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SEQWRAP(999999999) SHORTRTY(10)
SHORTTMR(60) SSLCAUTH(REQUIRED)
SSLCIPH( ) SSLPEER( )
STATCHL(QMGR) TPNAME( )
TRPTYPE(TCP) USEDLQ(YES)
display channel (TO.MQTT1) ALL
2 : display channel (TO.MQTT1) ALL
AMQ8414: Display Channel details.
CHANNEL(TO.MQTT1) CHLTYPE(CLUSSDR)
ALTDATE(2016-03-16) ALTTIME(06.50.4
BATCHHB(0) BATCHINT(0)
BATCHLIM(5000) BATCHSZ(50)
CLUSNL( ) CLUSTER(MQ8cluster)
CLWLPRTY(0) CLWLRANK(0)
CLWLWGHT(50) COMPHDR(NONE)
COMPMSG(NONE) CONNAME(10.55.175.55(1441))
CONVERT(NO) DESCR( )
DISCINT(6000) HBINT(300)
KAINT(AUTO) LOCLADDR(10.55.175.55)
LONGRTY(999999999) LONGTMR(1200)
MAXMSGL(4194304) MCANAME( )
MCATYPE(THREAD) MCAUSER( )
MODENAME( ) MONCHL(QMGR)
MSGDATA( ) MSGEXIT( )
NPMSPEED(FAST) PASSWORD( )
PROPCTL(COMPAT) RCVDATA( )
RCVEXIT( ) RESETSEQ(NO)
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SEQWRAP(999999999) SHORTRTY(10)
SHORTTMR(60) SSLCIPH( )
SSLPEER( ) STATCHL(QMGR)
TPNAME( ) TRPTYPE(TCP)
USEDLQ(YES) USERID( )
display CHLAUTH (*) ALL
3 : display CHLAUTH (*) ALL
AMQ8878: Display channel authentication record details.
CHLAUTH(SYSTEM.ADMIN.SVRCONN) TYPE(ADDRESSMAP)
DESCR(SVRCONN Access from all addresses)
CUSTOM( ) ADDRESS(*)
USERSRC(CHANNEL) CHCKCLNT(ASQMGR)
ALTDATE(2015-07-0 ALTTIME(07.30.49)
AMQ8878: Display channel authentication record details.
CHLAUTH(TEST1.ADMIN) TYPE(USERMAP)
DESCR(WebSphere MQ Administrator) CUSTOM( )
ADDRESS( ) CLNTUSER(j.b.davis)
MCAUSER(mqm) USERSRC(MAP)
CHCKCLNT(ASQMGR) ALTDATE(2015-07-0
ALTTIME(07.30.50)
AMQ8878: Display channel authentication record details.
CHLAUTH(TEST1.ADMIN) TYPE(USERMAP)
DESCR(WebSphere MQ Administrator) CUSTOM( )
ADDRESS( ) CLNTUSER(j.jackson)
MCAUSER(mqm) USERSRC(MAP)
CHCKCLNT(ASQMGR) ALTDATE(2015-07-0
ALTTIME(07.30.50)
AMQ8878: Display channel authentication record details.
CHLAUTH(TEST1.ADMIN) TYPE(USERMAP)
DESCR(WebSphere MQ Administrator) CUSTOM( )
ADDRESS( ) CLNTUSER(ronnie.k)
MCAUSER(mqm) USERSRC(MAP)
CHCKCLNT(ASQMGR) ALTDATE(2015-07-0
ALTTIME(07.30.50)
AMQ8878: Display channel authentication record details.
CHLAUTH(TO.TEST1) TYPE(QMGRMAP)
DESCR(Remote QMGR Access) CUSTOM( )
ADDRESS(*) QMNAME(*)
MCAUSER(mqm) USERSRC(MAP)
ALTDATE(2015-07-0 ALTTIME(07.30.49)
AMQ8878: Display channel authentication record details.
CHLAUTH(SYSTEM.*) TYPE(ADDRESSMAP)
DESCR(Prevents non-privilege users from SYSTEM channels)
CUSTOM( ) ADDRESS(*)
USERSRC(NOACCESS) WARN(NO)
ALTDATE(2015-07-0 ALTTIME(07.30.50)
AMQ8878: Display channel authentication record details.
CHLAUTH(*) TYPE(ADDRESSMAP)
DESCR( ) CUSTOM( )
ADDRESS(10.2.2.2) USERSRC(NOACCESS)
WARN(NO) ALTDATE(2016-02-29)
ALTTIME(07.39.27)
AMQ8878: Display channel authentication record details.
CHLAUTH(*) TYPE(ADDRESSMAP)
DESCR( ) CUSTOM( )
ADDRESS(127.0.0.1) MCAUSER(mqm)
USERSRC(MAP) CHCKCLNT(ASQMGR)
ALTDATE(2016-03-16) ALTTIME(07.46.00)
AMQ8878: Display channel authentication record details.
CHLAUTH(*) TYPE(ADDRESSMAP)
DESCR(Back-stop rule) CUSTOM( )
ADDRESS(*) USERSRC(NOACCESS)
WARN(NO) ALTDATE(2015-07-0
ALTTIME(07.30.49)
AMQ8878: Display channel authentication record details.
CHLAUTH(*) TYPE(BLOCKADDR)
DESCR( ) CUSTOM( )
ADDRLIST(10.4.4.4) WARN(NO)
ALTDATE(2016-02-29) ALTTIME(09.19.14)
MQTT1:
Starting MQSC for queue manager MQTT1.
display channel (TO.TEST1) all
1 : display channel (TO.TEST1) all
AMQ8414: Display Channel details.
CHANNEL(TO.TEST1) CHLTYPE(CLUSSDR)
ALTDATE(2016-03-16) ALTTIME(06.51.21)
BATCHHB(0) BATCHINT(0)
BATCHLIM(5000) BATCHSZ(50)
CLUSNL( ) CLUSTER(MQ8cluster)
CLWLPRTY(0) CLWLRANK(0)
CLWLWGHT(50) COMPHDR(NONE)
COMPMSG(NONE) CONNAME(10.55.175.55(1421))
CONVERT(NO) DESCR( )
DISCINT(6000) HBINT(300)
KAINT(AUTO) LOCLADDR(10.55.175.55)
LONGRTY(999999999) LONGTMR(1200)
MAXMSGL(4194304) MCANAME( )
MCATYPE(THREAD) MCAUSER( )
MODENAME( ) MONCHL(QMGR)
MSGDATA( ) MSGEXIT( )
NPMSPEED(FAST) PASSWORD( )
PROPCTL(COMPAT) RCVDATA( )
RCVEXIT( ) RESETSEQ(NO)
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SEQWRAP(999999999) SHORTRTY(10)
SHORTTMR(60) SSLCIPH( )
SSLPEER( ) STATCHL(QMGR)
TPNAME( ) TRPTYPE(TCP)
USEDLQ(YES) USERID( )
display channel (TO.MQTT1) ALL
2 : display channel (TO.MQTT1) ALL
AMQ8414: Display Channel details.
CHANNEL(TO.MQTT1) CHLTYPE(CLUSRCVR)
ALTDATE(2016-03-16) ALTTIME(06.51.34)
BATCHHB(0) BATCHINT(0)
BATCHLIM(5000) BATCHSZ(50)
CERTLABL( ) CLUSNL( )
CLUSTER(MQ8cluster) CLWLPRTY(0)
CLWLRANK(0) CLWLWGHT(50)
COMPHDR(NONE) COMPMSG(NONE)
CONNAME(10.55.175.55(1441)) CONVERT(NO)
DESCR( ) DISCINT(6000)
HBINT(300) KAINT(AUTO)
LOCLADDR(10.55.175.55) LONGRTY(999999999)
LONGTMR(1200) MAXMSGL(4194304)
MCANAME( ) MCATYPE(THREAD)
MCAUSER( ) MODENAME( )
MONCHL(QMGR) MRDATA( )
MREXIT( ) MRRTY(10)
MRTMR(1000) MSGDATA( )
MSGEXIT( ) NETPRTY(0)
NPMSPEED(FAST) PROPCTL(COMPAT)
PUTAUT(DEF) RCVDATA( )
RCVEXIT( ) RESETSEQ(NO)
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SEQWRAP(999999999) SHORTRTY(10)
SHORTTMR(60) SSLCAUTH(REQUIRED)
SSLCIPH( ) SSLPEER( )
STATCHL(QMGR) TPNAME( )
TRPTYPE(TCP) USEDLQ(YES)
display chlauth (*) ALL
3 : display chlauth (*) ALL
AMQ8878: Display channel authentication record details.
CHLAUTH(MQTT1.ADMIN) TYPE(USERMAP)
DESCR(WebSphere MQ Administrator) CUSTOM( )
ADDRESS( ) CLNTUSER(j.b.davis)
MCAUSER(mqm) USERSRC(MAP)
CHCKCLNT(ASQMGR) ALTDATE(2015-07-0
ALTTIME(07.30.49)
AMQ8878: Display channel authentication record details.
CHLAUTH(MQTT1.ADMIN) TYPE(USERMAP)
DESCR(WebSphere MQ Administrator) CUSTOM( )
ADDRESS( ) CLNTUSER(j.jackson)
MCAUSER(mqm) USERSRC(MAP)
CHCKCLNT(ASQMGR) ALTDATE(2015-07-0
ALTTIME(07.30.49)
AMQ8878: Display channel authentication record details.
CHLAUTH(MQTT1.ADMIN) TYPE(USERMAP)
DESCR(WebSphere MQ Administrator) CUSTOM( )
ADDRESS( ) CLNTUSER(ronnie.k)
MCAUSER(mqm) USERSRC(MAP)
CHCKCLNT(ASQMGR) ALTDATE(2015-07-0
ALTTIME(07.30.49)
AMQ8878: Display channel authentication record details.
CHLAUTH(SYSTEM.ADMIN.SVRCONN) TYPE(ADDRESSMAP)
DESCR(SVRCONN Access from all addresses)
CUSTOM( ) ADDRESS(*)
USERSRC(CHANNEL) CHCKCLNT(ASQMGR)
ALTDATE(2015-07-0 ALTTIME(07.30.4
AMQ8878: Display channel authentication record details.
CHLAUTH(TO.MQTT1) TYPE(QMGRMAP)
DESCR(Remote QMGR Access) CUSTOM( )
ADDRESS(*) QMNAME(*)
MCAUSER(mqm) USERSRC(MAP)
ALTDATE(2015-07-0 ALTTIME(07.30.4
AMQ8878: Display channel authentication record details.
CHLAUTH(SYSTEM.*) TYPE(ADDRESSMAP)
DESCR(Prevents non-privilege users from SYSTEM channels)
CUSTOM( ) ADDRESS(*)
USERSRC(NOACCESS) WARN(NO)
ALTDATE(2015-07-0 ALTTIME(07.30.4
AMQ8878: Display channel authentication record details.
CHLAUTH(*) TYPE(ADDRESSMAP)
DESCR( ) CUSTOM( )
ADDRESS(127.0.0.1) MCAUSER(mqm)
USERSRC(MAP) CHCKCLNT(ASQMGR)
ALTDATE(2016-03-16) ALTTIME(08.12.02)
AMQ8878: Display channel authentication record details.
CHLAUTH(*) TYPE(ADDRESSMAP)
DESCR(Back-stop rule) CUSTOM( )
ADDRESS(*) USERSRC(NOACCESS)
WARN(NO) ALTDATE(2015-07-0
ALTTIME(07.30.4
RETRYING CLUSTER SENDER MQTT1:
display chstatus (*)
6 : display chstatus (*)
AMQ8417: Display Channel Status details.
CHANNEL(TO.TEST1) CHLTYPE(CLUSSDR)
CONNAME(127.0.0.1) CURRENT
RQMNAME( ) STATUS(RETRYING)
SUBSTATE( ) XMITQ(SYSTEM.CLUSTER.TRANSMIT.QUEUE)
AMQ8417: Display Channel Status details.
CHANNEL(MQTT1.ADMIN) CHLTYPE(SVRCONN)
CONNAME(10.55.174.16) CURRENT
STATUS(RUNNING) SUBSTATE(RECEIVE)
RETRYING CLUSTER SENDER TEST1:
dis chstatus (*)
1 : dis chstatus (*)
AMQ8417: Display Channel Status details.
CHANNEL(TEST1.ADMIN) CHLTYPE(SVRCONN)
CONNAME(10.55.174.16) CURRENT
STATUS(RUNNING) SUBSTATE(RECEIVE)
AMQ8417: Display Channel Status details.
CHANNEL(TO.MQTT1) CHLTYPE(CLUSSDR)
CONNAME(127.0.0.1) CURRENT
RQMNAME( ) STATUS(RETRYING)
SUBSTATE( ) XMITQ(SYSTEM.CLUSTER.TRANSMIT.QUEUE)
here's the runcheck:
dis chlauth(to.mqtt1) type(all) match(runcheck) qmname(test1) address('127.0.0.1')
2 : dis chlauth(to.mqtt1) type(all) match(runcheck) qmname(test1) address('127.0.0.1')
AMQ8878: Display channel authentication record details.
CHLAUTH(*) TYPE(ADDRESSMAP)
DESCR( ) CUSTOM( )
ADDRESS(127.0.0.1) MCAUSER(mqm)
USERSRC(MAP) CHCKCLNT(ASQMGR)
ALTDATE(2016-03-16) ALTTIME(07.46.00)
display authinfo (USE.PW)
6 : display authinfo (USE.PW)
AMQ8566: Display authentication information details.
AUTHINFO(USE.PW) AUTHTYPE(IDPWOS)
ADOPTCTX(NO) DESCR( )
CHCKCLNT(NONE) CHCKLOCL(OPTIONAL)
FAILDLAY(10) ALTDATE(2015-06-26)
ALTTIME(09.52.05) |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Mar 16, 2016 5:53 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
Maybe I'm missing something.
But I don't see any blockuser rules in there - to prevent the *MQADMIN users from being blocked.
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed Mar 16, 2016 6:27 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20729
Location: LI,NY
|
| mqjeff wrote: |
Maybe I'm missing something.
But I don't see any blockuser rules in there - to prevent the *MQADMIN users from being blocked. |
I thought those applied only to SVRCONN channels ??
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed Mar 16, 2016 6:34 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20729
Location: LI,NY
|
And are the channels running now? (you may have to start them manually)
If not what is in the qmgr's error logs?
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| ivanachukapawn |
| Posted: Wed Mar 16, 2016 6:37 am Post subject: |
|
|
Knight
Joined: 27 Oct 2003
Posts: 561
|
Jeff,
you wrote
| Quote: |
| But I don't see any blockuser rules in there - to prevent the *MQADMIN users from being blocked. |
Now I'm really confused. If I had such a blockuser rule in there, wouldn't that be to block, not to prevent as you have written?
Nevertheless, what I do have in there is a
Morag-style back-stop rule that blocks all connections including *MQADMIN
Individual USERMAP rules for each admin that allow a connection on a specified SVRCONN and map the userID to MCAUSER mqm
A blocking rule for all SYSTEM.* channels (probably superfluous because of the back-stop rule
a specific allow rule for SYSTEM.ADMIN.SVRCONN connections only when they are requested by a channel (other than SYSTEM.ADMIN.SVRCONN)
But why is this relevant to MQ using 127.0.0.1 for the cluster sender connection instead of the configured IP(port) - and then retrying the channel connection?
I ran the runcheck on chlauth for 127.0.0.1 and displayed the output previously, but I don't understand the output. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Mar 16, 2016 6:41 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
You would use a BLOCKUSER to say "only block user-that-doesn't-exist ('TROBWASHERE, or etc.)" for the specific channel.
That way it won't fall through to the SYSTEM. etc. rule that blocks *MQADMIN. It only blocks the named user - which shouldn't be used...
Think BLOCKUSER applies to all channel types. Could be wrong.
Blockuser is applied after all of the address stuff is done - using the final resolved userid. So it shouldn't matter what IP address is used.
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
| ivanachukapawn |
| Posted: Wed Mar 16, 2016 6:46 am Post subject: |
|
|
Knight
Joined: 27 Oct 2003
Posts: 561
|
OK. The channel is retrying.
I stopped it, then I started it. It's still retrying.
The error log :
AMQ9202: Remote host 'localhost (127.0.0.1) (1414)' not available, retry later.
EXPLANATION:
The attempt to allocate a conversation using TCP/IP to host 'localhost
(127.0.0.1) (1414)' for channel TO.MQTT1 was not successful. However the error
may be a transitory one and it may be possible to successfully allocate a
TCP/IP conversation later.
so that's it then. Its trying the connection on 127.0.0.1(1414) - which raises again my original question:
Since I have specified the IP(port) when I configured the cluster sender, specifically,
display channel (TO.MQTT1) ALL
1 : display channel (TO.MQTT1) ALL
AMQ8414: Display Channel details.
CHANNEL(TO.MQTT1) CHLTYPE(CLUSSDR)
ALTDATE(2016-03-16) ALTTIME(06.50.4
BATCHHB(0) BATCHINT(0)
BATCHLIM(5000) BATCHSZ(50)
CLUSNL( ) CLUSTER(MQ8cluster)
CLWLPRTY(0) CLWLRANK(0)
CLWLWGHT(50) COMPHDR(NONE)
COMPMSG(NONE) CONNAME(10.55.175.55(1441))
CONVERT(NO) DESCR( )
DISCINT(6000) HBINT(300)
KAINT(AUTO) LOCLADDR(10.55.175.55)
LONGRTY(999999999) LONGTMR(1200)
MAXMSGL(4194304) MCANAME( )
MCATYPE(THREAD) MCAUSER( )
MODENAME( ) MONCHL(QMGR)
MSGDATA( ) MSGEXIT( )
NPMSPEED(FAST) PASSWORD( )
PROPCTL(COMPAT) RCVDATA( )
RCVEXIT( ) RESETSEQ(NO)
SCYDATA( ) SCYEXIT( )
SENDDATA( ) SENDEXIT( )
SEQWRAP(999999999) SHORTRTY(10)
SHORTTMR(60) SSLCIPH( )
SSLPEER( ) STATCHL(QMGR)
TPNAME( ) TRPTYPE(TCP)
USEDLQ(YES) USERID( )
why does MQ replace my IP(port) CONNAME(10.55.175.55(1441)) with 127.0.0.1 - and then it is apparently filling in a default port 1414 ? |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Wed Mar 16, 2016 7:26 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9442
Location: US: west coast, almost. Otherwise, enroute.
|
From inside your vm, can you successfully TCP/IP ping address 10.55.175.55?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
|
|
