ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » MQ Openshift - tools for message administration

Post new topic  Reply to topic
 MQ Openshift - tools for message administration « View previous topic :: View next topic » 
Author Message
avs01
PostPosted: Thu Feb 16, 2023 12:51 am    Post subject: MQ Openshift - tools for message administration Reply with quote

Newbie

Joined: 16 Feb 2023
Posts: 6

Hi,

We are moving from MQ AIX to MQ Openshift.

On MQ AIX, we are using support pack ma01 (q) and dmpmqmsg for (local) message administration.
Ma01 (q) is great for putting files as messages on queue’s and other functionality.
dmpmqmsg can only put files in ‘dmpmqmsg-format’ to a queue, as far as I known.

On MQ Openshift we use mutual TLS for all client connections, so also for remote administration.
Of course, in the MQ container image there is:
dmpmqmsg – great for message reading and copying messages
amqsput – not as powerful as ma01 (q)

So, I’m looking for possibilities for message administration on Openshift.
Based on the IBM article 'What options are available for putting the contents of a file as messages into an MQ queue', I considered:

1. MA01 - Compile the ma01 source (github mq-q-qload) and run it on a pod in the same namespace as the qmgrs. Then it can connect as a client using a non-TLS channel since we are in the same namespace, so we won’t have to using Openshift routes (TLS SNI mapping).
Does anyone know if ma01 is available as a container image?

2. RFHUtil with mTLS
I get RFHUtil with one-way TLS working, but not with mutual TLS. Is mTLS supported in RFHUtil?

3. MQ Explorer – I can put messages with MQ Explorer, but missing the flexibility for putting multiple and large custom files.

Any advise would be appreciated!
Back to top
View user's profile Send private message
hughson
PostPosted: Thu Feb 16, 2023 1:51 am    Post subject: Reply with quote

Padawan

Joined: 09 May 2013
Posts: 1914
Location: Bay of Plenty, New Zealand

MA01 (The Q program) is also built and fully supported by MQGem. Please get in touch if you would like to discuss any improvements to it, e.g. making it available as a container image.

You can contact us through our About page.

QLOAD from MQGem can put all sorts of additional formats of messages, over and above what dmpmqmsg can do. Check out this as an example: QLOAD: Using delimited files

RFHUtil probably can't control whether the IBM MQ client it uses allows mTLS or not. You'll have to give us more details about this issue for us to help you. Perhaps open a separate thread on that subject?

Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
fjb_saper
PostPosted: Thu Feb 16, 2023 7:48 am    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

hughson wrote:

RFHUtil probably can't control whether the IBM MQ client it uses allows mTLS or not. You'll have to give us more details about this issue for us to help you. Perhaps open a separate thread on that subject?

It does support mutual TLS. However the client certificate will have to be labelled ibmwebspheremquserid and of course the cert needs a key length and algorithm that will be accepted etc...
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
avs01
PostPosted: Mon Feb 20, 2023 3:03 am    Post subject: Reply with quote

Newbie

Joined: 16 Feb 2023
Posts: 6

Thx fjb_saper,

I had everything setup, except for the certificate label ibmwebspheremquserid. I thought it would just use the (only) default certificate in the keystore, but the label did the trick. Now using RFHUtil with mTLS.

Kind regards,
Arthur
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Tue Feb 21, 2023 6:52 am    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

avs01 wrote:
Thx fjb_saper,

I had everything setup, except for the certificate label ibmwebspheremquserid. I thought it would just use the (only) default certificate in the keystore, but the label did the trick. Now using RFHUtil with mTLS.

Kind regards,
Arthur

Great it worked for you. Just so that you know the "userid" part of the label is variable and you're supposed to have an actual userid there.
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
zpat
PostPosted: Wed Feb 22, 2023 11:27 am    Post subject: Reply with quote

Jedi Council

Joined: 19 May 2001
Posts: 5849
Location: UK

I would imagine a C program like MA01 can connect with TLS channels if you supply a suitable CCDT file to set the cipher and set the keystore in the usual way.
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General IBM MQ Support » MQ Openshift - tools for message administration
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.