[Authors: Hou Fang Zhao, Peng Deng]
Do you want to monitor IBM App Connect Enterprise software by using IBM Observability by Instana?Read this blog for some useful tips about IBM App Connect Enterprise (ACE) sensor configuration. Ensure that you have explored the Instana documentation first.
Note: The commands used in this blog are verified in the following environments:
- Ubuntu 18.04
- ACE 11.0.0.11
- IBM MQ 9.2.0.0.
How to determine the REST API port
Run the command mqsilist, and then you can see the REST API port number in the administration URI for each broker.
How to test the ACE credentials and whether credentials are required
To test the ACE credentials, run either of the following commands. After you input the password, you can see the payload listed.
curl -u <USERNAME> --header "Accept: application/json" "http://<ACE_HOST>:<INTEGTATION_NODE_API_PORT>/apiv2" # If you are using IIB10, replace the apiv2 with apiv1
curl -k -u <USERNAME> --header "Accept: application/json" "https://<ACE_HOST>:<INTEGTATION_NODE_API_PORT>/apiv2" # If you are using IIB10, replace the apiv2 with apiv1. Use this command when TLS is enabled.
You can also remove the username to test whether the credentials are not required, by running either of the following commands. If you can see the payload output correctly after running the command, then it means ACE credentials are not required.
curl --header "Accept: application/json" "http://<ACE_HOST>:<INTEGTATION_NODE_API_PORT>/apiv2" # If you are using IIB10, replace the apiv2 with apiv1
curl -k --header "Accept: application/json" "https://<ACE_HOST>:<INTEGTATION_NODE_API_PORT>/apiv2" # If you are using IIB10, replace the apiv2 with apiv1. Use this command when TLS is enabled.
How to get TLS encryption information
If you don't know if your ACE is configured with TLS encryption, you can check the node.conf.yaml file of the broker.
For example, to check whether TLS is enabled for the broker BK2, run the command
cat /var/mqsi/components/BK2/overrides/node.conf.yaml
You can see the result as follows. If TLS encryption is enabled, you can get the keystore path and password in the node.conf.yaml file.
Note:
- If you are using local monitoring, you need to copy the path and password to your Instana configuration.yaml properly.
- If you are using remote monitoring, you need to copy the keystore file from the path defined with sslCertificate in node.conf.yaml to the Instana agent host, and set the configuration.yaml file by using the new target directory.
How to determine whether MQ or MQTT is in use
If you don't know whether MQTT or MQ is used in ACE, run the command mqsilist, and then you can get the information for each broker.
See the following snapshot.
Broker BRK1 is running and configured with MQ, and the queue manager name is QM1.
Broker BK3 and BK4 are running and configured with MQTT.
How to determine the MQ and MQTT port
For MQTT:
If you are using MQTT, the default port is 11883. But it might be different if you create many brokers. You can use the following ways to check the port number.
- Get the port number from the node.conf.yaml file of the broker.
For example, check the MQTT port for the broker BK3 by running the command
cat /var/mqsi/components/BK3/overrides/node.conf.yaml
Then, you can get the exact port number for BK3, such as the port number 11885 in the following screenshot.
- Get the port number from the process information by running the command ps -ef | grep bipMQTT | grep BROKER_NAME.
For example, run the command ps -ef | grep bipMQTT | grep BK3, and then you can see the following result, where the port number is 11885.
For MQ:
- If you are using MQ, get the listener port by running the command
ps -ef | grep runmqlsr | grep QueueManager_Name
.
- For example, run the command ps -ef | grep runmqlsr | grep QM1, and then you can see the following result, where the listener port is 1414
How to determine whether channel authentication is enabled
You can run the command MQSC to check whether the channel authentication or even the QMGR connection authentication is enabled.
- Start the MQSC by running the command runmqsc Your_Queue_Manager.
- Check whether the channel authentication is enabled by running the following command:
dis qmgr connauth #Check the QMGR connection authentication
dis qmgr chlauth # Check the channel authentication
dis chlauth(Your_Channel_Name) # Check the authentication record for specified channel
dis chanel(Your_Channel_Name) MCAUSER # Check whether a MCAUSER is set or not.
- If the connauth is empty and chlauth is disabled, when there is no specific mechanism to modify the userid associated with a channel, then by default, the OS userid associated with the running application program will be used for the connection.
- If the connauth is not empty, or chlauth is enabled, or some authentication records are defined, then confirm with your MQ admin to make sure the credentials you have are valid and have authority to access.
Notes: