MQ

Hey guys

I'm testing the new version of IBM MQ that I saw in last week's training, 9.4. I'm testing the new version of IBM MQ that I saw in last week's training, 9.4. I was wanting to test a solution in Docker and they suggested this link to me:

IBM Developer

I was able to deploy the application and everything works correctly. However, if I create a new queue, I cannot place or consume messages in the new queue I created.

I see that the default objects created when starting the container, such as queue manager "QM1", "DEV.AUTHINFO", "SYSTEM.LISTENER.TCP.1", APP channel "DEV.APP.SVRCONN" and local queue "DEV. QUEUE.1", have an app and mqm user. When accessing the command line inside the container, I can't find this app user in /etc/passwd or mqm group in /etc/group

I would like to know if anyone is also experiencing difficulties when queuing. Pois na versão 9.2 que estava utilizando, estava autenticando por usuário criado no Linux Ubuntu.

The use of operating system (Linux) users is not recommended in containers, for security reasons.  To help you get started quickly, the IBM MQ Advanced for Developers sample container adds an MQ auth service plugin to provide two users: "admin" and "app".  These are not operating system users, but they are defined to MQ directly via this plugin.

I suspect you haven't authorized the "app" user for your new queue.  There is an MQ authority record defined as part of the default developer config, which authorizes the "app" user to put/get/inquire/browse queues beginning with "DEV.".  This can be done with MQSC as follows:

SET AUTHREC PROFILE('DEV.**') PRINCIPAL('app') OBJTYPE(QUEUE) AUTHADD(BROWSE,GET,INQ,PUT)

If you create a queue with a different name, you'll need to create the appropriate authority record, so that the queue manager knows who is allowed to use your new queue.

Hey guys

I'm testing the new version of IBM MQ that I saw in last week's training, 9.4. I'm testing the new version of IBM MQ that I saw in last week's training, 9.4. I was wanting to test a solution in Docker and they suggested this link to me:

IBM Developer

I was able to deploy the application and everything works correctly. However, if I create a new queue, I cannot place or consume messages in the new queue I created.

I see that the default objects created when starting the container, such as queue manager "QM1", "DEV.AUTHINFO", "SYSTEM.LISTENER.TCP.1", APP channel "DEV.APP.SVRCONN" and local queue "DEV. QUEUE.1", have an app and mqm user. When accessing the command line inside the container, I can't find this app user in /etc/passwd or mqm group in /etc/group

I would like to know if anyone is also experiencing difficulties when queuing. Pois na versão 9.2 que estava utilizando, estava autenticando por usuário criado no Linux Ubuntu.

Hello

Thanks for the feedback

But the "app" user, I'm using as per the instructions in the link (https://developer.ibm.com/tutorials/mq-connect-app-queue-manager-containers/) Applications use an MQ channel to connect to the queue manager. Access to these three objects is restricted in different ways. For example, user "app", who is a member of the group "mqclient" is permitted to use the channel DEV.APP.SVRCONN to connect to the queue manager QM1 and is authorized to put and get messages to and from the queue DEV .QUEUE.1. I believe that the container is already created with the "AUTHREC PROFILE('DEV.**')" already defined where the user "app" is already authorized.

I would like to test creating new access credentials. Where do I find the MQ authentication service plug-in settings in this Docker image?

The use of operating system (Linux) users is not recommended in containers, for security reasons.  To help you get started quickly, the IBM MQ Advanced for Developers sample container adds an MQ auth service plugin to provide two users: "admin" and "app".  These are not operating system users, but they are defined to MQ directly via this plugin.

I suspect you haven't authorized the "app" user for your new queue.  There is an MQ authority record defined as part of the default developer config, which authorizes the "app" user to put/get/inquire/browse queues beginning with "DEV.".  This can be done with MQSC as follows:

SET AUTHREC PROFILE('DEV.**') PRINCIPAL('app') OBJTYPE(QUEUE) AUTHADD(BROWSE,GET,INQ,PUT)

If you create a queue with a different name, you'll need to create the appropriate authority record, so that the queue manager knows who is allowed to use your new queue.

Hey guys

I'm testing the new version of IBM MQ that I saw in last week's training, 9.4. I'm testing the new version of IBM MQ that I saw in last week's training, 9.4. I was wanting to test a solution in Docker and they suggested this link to me:

IBM Developer

I was able to deploy the application and everything works correctly. However, if I create a new queue, I cannot place or consume messages in the new queue I created.

I see that the default objects created when starting the container, such as queue manager "QM1", "DEV.AUTHINFO", "SYSTEM.LISTENER.TCP.1", APP channel "DEV.APP.SVRCONN" and local queue "DEV. QUEUE.1", have an app and mqm user. When accessing the command line inside the container, I can't find this app user in /etc/passwd or mqm group in /etc/group

I would like to know if anyone is also experiencing difficulties when queuing. Pois na versão 9.2 que estava utilizando, estava autenticando por usuário criado no Linux Ubuntu.

The auth plugin is just a sample, and is fixed to the "admin" and "app" users.  It is just intended to help getting started quickly.  You can authorize those users for additional resources (e.g. more queues), but you can't add more users.  For follow-on work, you need to look at one of the production-ready ways of managing users: https://www.ibm.com/docs/en/ibm-mq/9.4?topic=containers-user-authentication-authorization-mq-in

Hello

Thanks for the feedback

But the "app" user, I'm using as per the instructions in the link (https://developer.ibm.com/tutorials/mq-connect-app-queue-manager-containers/) Applications use an MQ channel to connect to the queue manager. Access to these three objects is restricted in different ways. For example, user "app", who is a member of the group "mqclient" is permitted to use the channel DEV.APP.SVRCONN to connect to the queue manager QM1 and is authorized to put and get messages to and from the queue DEV .QUEUE.1. I believe that the container is already created with the "AUTHREC PROFILE('DEV.**')" already defined where the user "app" is already authorized.

I would like to test creating new access credentials. Where do I find the MQ authentication service plug-in settings in this Docker image?

The use of operating system (Linux) users is not recommended in containers, for security reasons.  To help you get started quickly, the IBM MQ Advanced for Developers sample container adds an MQ auth service plugin to provide two users: "admin" and "app".  These are not operating system users, but they are defined to MQ directly via this plugin.

I suspect you haven't authorized the "app" user for your new queue.  There is an MQ authority record defined as part of the default developer config, which authorizes the "app" user to put/get/inquire/browse queues beginning with "DEV.".  This can be done with MQSC as follows:

SET AUTHREC PROFILE('DEV.**') PRINCIPAL('app') OBJTYPE(QUEUE) AUTHADD(BROWSE,GET,INQ,PUT)

If you create a queue with a different name, you'll need to create the appropriate authority record, so that the queue manager knows who is allowed to use your new queue.

Hey guys

I'm testing the new version of IBM MQ that I saw in last week's training, 9.4. I'm testing the new version of IBM MQ that I saw in last week's training, 9.4. I was wanting to test a solution in Docker and they suggested this link to me:

IBM Developer

I was able to deploy the application and everything works correctly. However, if I create a new queue, I cannot place or consume messages in the new queue I created.

I see that the default objects created when starting the container, such as queue manager "QM1", "DEV.AUTHINFO", "SYSTEM.LISTENER.TCP.1", APP channel "DEV.APP.SVRCONN" and local queue "DEV. QUEUE.1", have an app and mqm user. When accessing the command line inside the container, I can't find this app user in /etc/passwd or mqm group in /etc/group

I would like to know if anyone is also experiencing difficulties when queuing. Pois na versão 9.2 que estava utilizando, estava autenticando por usuário criado no Linux Ubuntu.