View Only

Using a web server to serve JSON CCDT files on Red Hat OpenShift

By Martin Evans posted Thu April 04, 2024 10:43 AM

Like

Using a web server to serve JSON CCDT files on Red Hat OpenShift

Whenever I am demonstrating IBM MQ running on Red Hat Openshift, something I find useful is providing a CCDT for my IBM MQ Client applications via a web server in JSON format. In case you aren’t already aware, IBM MQ Clients can consume a CCDT from a web server using an HTTP URL, this has the advantage of allowing you to put your CCDT information in a central place that can be easily maintained without having to copy it to multiple locations.

The IBM MQ Operator will create OpenShift Routes and Kubernetes Services for each queue manager. If you are using the default OpenShift Route (HAProxy based) you must use the SNI routing approach, you can use a TCP/IP port-based router to connect into your OpenShift cluster, but you will need to use an alternative router than the default HAProxy router provided with OpenShift. The HAProxy router uses the Server Name Identifier (SNI) in the TLS header provided by the MQ Client application to route to a queue manager, for details on how this is configured see,

https://www.ibm.com/docs/en/ibm-mq/9.3?topic=cqmumo-configuring-route-connect-queue-manager-from-outside-red-hat-openshift-cluster

How you connect to a queue manager running in OpenShift can depend upon whether your MQ Client application is deployed in the same OpenShift cluster as the queue manager or whether you are connecting to a queue manager from outside of the OpenShift cluster. If your client application is deployed in the same OpenShift cluster as your queue managers, you can use the URL that the Kubernetes Service provides with or without TLS and SNI as the routing is TCP/IP port based.

I have created a basic sample hosted on GitHub that shows how you can use an Nginx web server running on OpenShift to get you started, the sample leverages OpenShift GitOps (ArgoCD) to deploy and manage the components but I haven’t used Kustomize to patch or template it yet so you will have to manually edit and update the config maps that hold the CCDT information, you can also just take the YAML files and deploy them manually. The samples can be found here,

https://github.com/ibm-messaging/mq-gitops-samples/tree/main/ccdt-deployment

The readme on the GitHub repository has a detailed description of the samples so I will just summarise here. Please note that TLS or security for the Nginx web server is not covered here or by the samples.

The IBM MQ Operator creates Route and Service objects for you that in turn provide URLs that can be used to connect to queue managers, this information needs to be added to a CCDT JSON file contained within a config map, the file contents in the config map get copied to the Nginx web server’s file system.

The IBM MQ Client applications can then lookup the CCDT information using an HTTP URL that points to the Nginx web server, provided by the Nginx Service. Applications deployed inside the OpenShift cluster can use the Nginx Service address, applications outside of the OpenShift cluster can use the Nginx Route to get the CCDT information but they will have to use the /external/ccdt.json file as this has the external facing IBM MQ URLs provided by the MQ Route. Details on how to use a URL to access a CCDT can be found here,

https://www.ibm.com/docs/en/ibm-mq/9.3?topic=tables-url-access-ccdt

For a deep dive on CCDT files,

https://developer.ibm.com/articles/awb-deep-dive-ccdts

The sample uses two config maps to hold CCDT information, one has the external MQ Route URLs and the other has the internal MQ Service URLs. Adding the CCDT information to a config map hosted in a Git repository allows you to maintain and control the CCDT information and it will allow you to use ArgoCD to update it for you in the runtime environment. If you use the volume mount approach (no subPath) I have used in the deployment sample, the kubelet will update the file system without you needing to redeploy your Nginx web servers.

Using the provided sample, applications inside the OpenShift cluster should access the ccdt.json file at the root of the Nginx Service URL, and applications connecting from outside the cluster should use the URL provided by the Nginx Route URL with /external/ccdt.json.

Examples:

Inside the OpenShift cluster.

http://ccdt-service.mq-demo.svc.cluster.local:8080/ccdt.json

Outside of the OpenShift cluster,

http://ccdt-route-mq-demo.apps.mq-demo.my.public.domain.name.com/external/ccdt.json

Deployment Topology

1 comment

49 views

Permalink

Comments

Martin Evans

Mon April 08, 2024 09:00 AM

If you would like to see HTTP(S) TLS added please express your interest in this as a capability here, https://integration-development.ideas.ibm.com/ideas/MESNS-I-422

IBM Integration Community

Come for answers, stay for best practices. All we're missing is you.

MQ