MQ

MQ

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

IBM MQ: Ask Us Anything!

  • 1.  IBM MQ: Ask Us Anything!

    Posted Thu October 01, 2020 05:35 PM
    Edited by Jess Leitsch Tue October 20, 2020 02:58 PM
    This webcast features an interactive conversation with a panel of IBM MQ experts. Join us to get live answers to your most pressing questions on all things MQ in our "Ask Me Anything" style session. Our panel of experts will provide answers to the most commonly asked questions, covering licensing and usage, strategy and roadmap, technical matters, and more.

    Join me and @Matt Sunley, @Amy McCormick, @MATTHEW LEMING in this on demand webinar, IBM MQ: Ask Us Anything!  where you can watch here.

    Reply with any of your questions below. 

    Cheers,

    ------------------------------
    David Ware
    STSM, IBM MQ Chief Architect
    Hursley, UK
    ------------------------------


  • 2.  RE: IBM MQ: Ask Us Anything!

    Posted Fri October 02, 2020 03:24 AM
    I am investigating setting up queue managers using the MQ 9.2 Operator on cloud environments. According to the manual, only LDAP based authentication is supported because of issues with privilege escalation which are not allowed in OpenShift. Fair Enough.

    However, what if I don't want to authenticate the users with a password (which would need the escalation) and just want to attach some OAM rules to an account for an MCAUSER, and I'll authenticate with mutual TLS.

    I've built a version of the MQ container image (as a PoC) with a bunch of local groups and users. The accounts are locked, have an invalid shell (/bin/false) and basically can't do anything. They have no rights within the OS image. I create them in the container build phase with AS ROOT, RUN and then groupadd and useradd. I don't care what id numbers they have because MQ doesn't care either.

    I can run the container via the operator and create channels which use TLS. The channels assert these userids, and I have granted permissions against them. Things work as they would on any other normal queue manager.

    The use case is for a queue manager which doesn't require password based authentication for client channels, and is using TLS authentication. Password based authentication of local connections doesn't really make sense in a container environment, so I'm not worried about that either. Setting up an LDAP just for hanging MQ permissions on isn't something I really want to do.

    Can I ask why this configuration is not supported?

    I may not be on the call (for timezone reasons) but I'll catch up with it after the fact if it is available for replay.

    ------------------------------
    Neil Casey
    Senior Consultant
    Syntegrity Solutions
    Melbourne, Victoria
    IBM Champion (Cloud) 2019-20
    +61 (0) 414 615 334
    ------------------------------

    Original Message


  • 3.  RE: IBM MQ: Ask Us Anything!

    Posted Fri October 02, 2020 10:10 AM
    Hi Neil,

    As you've seen, to be compatible with OpenShift's restricted SCC we're not supporting local OS users within the supported MQ container image. However, you're spot on with your reasoning for having a "user" simply to hang authority records from but unfortunately MQ currently requires either an OS user or one from LDAP.

    You'll actually find that the latest MQ developer image (https://github.com/ibm-messaging/mq-container - since 9.1.5 I think) has been tweaked to provide a couple of simple users that are neither in the OS or LDAP. Providing that type of capability in the fully supported product is something we're investigating.

    David.

    ------------------------------
    David Ware
    STSM, IBM MQ Chief Architect
    Hursley, UK
    ------------------------------

    Original Message


  • 4.  RE: IBM MQ: Ask Us Anything!

    Posted Mon October 05, 2020 07:08 PM
    Thanks David,

    would not adjusting the support statement such that "CONNAUTH using IDPWOS is only supported/permitted when CHCKCLNT and CHCKLOCL are both set to NONE" solve the issue, without needing to modify MQ to support a local user store?

    Regards,

    Neil


    -- 
    Neil Casey 
    Senior Consultant | Syntegrity Solutions

    Syntegrity Solutions Pty Ltd | PO Box 2008 | Moorabbin | VIC 3189
    Analyse  >>  Integrate  >>  Secure  >>  Educate

    CKA: Certified Kubernetes Administrator
    IBM Cloud Private - Foundation TechnologyIBM Cloud Private Infrastructure and Architecture
    IBM Cloud Private Installation and Configuration





    Original Message


  • 5.  RE: IBM MQ: Ask Us Anything!

    Posted Tue October 06, 2020 09:32 AM
    Hi Neil,
    That's a possible route forward to avoid stepping outside the limits of restricted SCC, we'll have a think about that. I think moving to a world where no local OS users are actually required would be an even better solution, but obviously that would be something for the future.

    ------------------------------
    David Ware
    STSM, IBM MQ Chief Architect
    Hursley, UK
    ------------------------------

    Original Message


  • 6.  RE: IBM MQ: Ask Us Anything!

    Posted Tue October 20, 2020 07:30 AM

    In case I don't manage to stay awake until 3am, my question is:-

    What is your favourite little feature of IBM MQ?

    Cheers,
    Morag



    ------------------------------
    Morag Hughson
    MQ Technical Education Specialist
    MQGem Software Limited
    ------------------------------

    Original Message


  • 7.  RE: IBM MQ: Ask Us Anything!

    Posted Tue October 20, 2020 09:24 AM
    Are you aware of problems with RDQM on LTS versions ? I've been running into several problems trying to run RDQM queue managers using RHEL 7.6 and 8.2 with MQ 9.1.XX LTS versions as well as 9.2.0.0. I could not create a PMR yet as we are not ready with the systems on my employers site. The tests I've done so far are on my test lab with MQ Developer versions. I did not have any problems with CD versions like 9.1.4.0 and 9.1.5.0. I've posted a thread on the subject on the mqseries.net site: http://www.mqseries.net/phpBB2/viewtopic.php?t=77417

    Kind Regards,
    Gerhard Gubler
    Software Engineer

    ------------------------------
    gerhard gubler
    ------------------------------

    Original Message


  • 8.  RE: IBM MQ: Ask Us Anything!

    Posted Wed October 21, 2020 01:33 AM
    Hi Gerhard,

    I also had problems with installing RQDM, but with the help of @Morag Hughson  I have solved it. What I did was stick to the basics and don't install pacemaker yourself. IBM has a script for that.
    I can send you my install manuals if you want.​ They are in Dutch but I don't hink its a problem. I managed to ge the system working even on AWS on a couple of EC2 instances.
    Kind regards

    ------------------------------
    Bernard Pittens
    Integration Engeneer
    Sligro Foodgroup B.V.
    Veghel
    ------------------------------

    Original Message


  • 9.  RE: IBM MQ: Ask Us Anything!

    Posted Wed October 21, 2020 02:11 AM

    Hello Bernard,
    I would love to read your install manual. It might help (I do understand some basic Dutch :) ). For what it's worth, I've tried many different approaches already, with the installRDQMsupport script and also manually. It might also be worth noting that this script does not exist anymore in 9.2.0.0. What the script does is basically to determine your kernel version and install the matching kmod version. This can also be resolved manually with the matrix of this page : https://www.ibm.com/support/pages/ibm-mq-replicated-data-queue-manager-kernel-modules.

    Can you send me your document as private reply ? or do you need an email address ?

    Kind Regards,
    Gerhard Gubler
    Software Engineer



    ------------------------------
    gerhard gubler
    ------------------------------

    Original Message


  • 10.  RE: IBM MQ: Ask Us Anything!

    Posted Wed October 21, 2020 07:10 AM

    Hi Gerhard,

     

    Send you the manual via mail, and forgot to mention:

    I use  VMware workstation 12 on Windows to create the Centos 8 virtual machines.

     

    Met vriendelijke groeten, Kind regards,
    Sligro Food Group Nederland B.V.

     

     

    Bernard Pittens
    Software engineer IT Integration team

    IT Applicatiebeheer en Ontwikkeling

     

    T   0413 34 35 00
    F   0413 37 09 52
    E   bpittens@sligro.nl
    I    www.sligrofoodgroup.nl

     




    Original Message


  • 11.  RE: IBM MQ: Ask Us Anything!

    Posted Wed October 21, 2020 07:50 AM
    Hello Bernard,
    thank you a lot ! I will look into it the next days.
    Kind Regards,

    ------------------------------
    Gerhard Gubler
    Software Engineer
    ------------------------------

    Original Message


  • 12.  RE: IBM MQ: Ask Us Anything!

    Posted Wed October 21, 2020 10:16 AM
    Hi,

    Need info regarding configuring MQ HA in  RHEL 7.6 clustered environment. i

    Thanks
    MAG

    ------------------------------
    MA G
    ------------------------------

    Original Message


  • 13.  RE: IBM MQ: Ask Us Anything!

    Posted Fri October 23, 2020 07:20 AM
    Hello,

    There are a couple of ways of configuring HA which are documented here: https://www.ibm.com/support/knowledgecenter/SSFKSJ_9.2.0/com.ibm.mq.con.doc/q017820_.htm. A quick note on RDQM is that it relies on a kernel module to replicate data. You can see supported versions here: https://www.ibm.com/support/pages/ibm-mq-replicated-data-queue-manager-kernel-modules which includes RHEL 7.6.

    Thanks - Amy

    ------------------------------
    Amy McCormick
    Offering Manager
    IBM App Connect Enterprise, IBM App Connect service (Enterprise plans)
    IBM Integration Bus, IBM Integration Bus on Cloud, IIB industry packs
    ------------------------------

    Original Message


  • 14.  RE: IBM MQ: Ask Us Anything!

    Posted Thu October 22, 2020 12:28 PM
    Hello everyone, 

    Thanks for all the great questions during the LIVE Ask Us Anything for IBM MQ. 

    You can watch the on demand recording here and the slides can be downloaded from here. 



    Please let us know if there are any questions we can help you with! 

    Cheers,

    ------------------------------
    Matthew Sunley
    Senior Offering Manager, IBM MQ for z/OS and zGuild Lead
    IBM United Kingdom Ltd
    ------------------------------

    Original Message


  • 15.  RE: IBM MQ: Ask Us Anything!

    Posted Thu November 12, 2020 11:28 AM
    Hello experts. 

    I am new to MQ. I need to pull messages out of IBM MQ (in IBM cloud) into Kinesis Data Streams (in AWS). I have found source connectors for Kafka that can read messages from MQ, but I've no such connectors that can do the same for Kinesis Data Streams. The data out of Kinesis will be further processed down the line within AWS.

    Any guidance towards what I'm trying to do would be of great help.

    Thanks a lot.

    ------------------------------
    Ashish Naidu
    ------------------------------

    Original Message


  • 16.  RE: IBM MQ: Ask Us Anything!

    Posted Fri November 13, 2020 05:25 AM
    Well, IBM might disagree. MQ itself does not do much. You need applications for sending and reading messages.
    If you are interested in Amazon Kinesis Data Streams why not solve your business case without MQ?
    If you wanted to read messages from MQ and put them into KDS you could work with IBM App Connect.
    KDS provides an API.
    With App Connect you can build interfaces between MQ and Web Services (the API from KDS)
    With some luck there is already a built-in connector available that one could use.
    If not one can write it yourself.
    https://docs.aws.amazon.com/kinesis/latest/APIReference/API_PutRecords.html
    Especially if you are working with IBM App Connect on IBM Cloud the number of built-in connectors is going up quarter by quarter (perhaps month by month).
    At the communities from App Connect or Cloud Pak you might get more suitable replies.

    ------------------------------
    Matthias Jungbauer
    ------------------------------

    Original Message


  • 17.  RE: IBM MQ: Ask Us Anything!

    Posted Fri November 13, 2020 06:04 AM
    Thank you very much Matthias for your reply to my query. An application in IBM Cloud is already publishing messages to MQ that I need to bring into AWS Kinesis where other application within AWS will consume the messages. I will study the options you have mentioned.

    Thank you.

    ------------------------------
    Ashish Naidu
    Principal Architect
    InfoCepts
    India
    ------------------------------

    Original Message


  • 18.  RE: IBM MQ: Ask Us Anything!

    Posted Mon November 16, 2020 03:46 AM
    Perhaps it is an option to use ibm mq inside the AWS Cloud
    https://aws.amazon.com/quickstart/architecture/ibm-mq/
    https://aws-quickstart.github.io/quickstart-ibm-mq/
    App1 -> IBM Cloud QMGR -> AWS IBM QMGR -> App2 -> AWS Kinesis
    I would also ask IBM/AWS for advice what the best way is to exchange messages between both clouds.
    Kinesis is not considered to be a messaging system:
    https://aws.amazon.com/messaging/

    ------------------------------
    Matthias Jungbauer
    ------------------------------

    Original Message


  • 19.  RE: IBM MQ: Ask Us Anything!

    Posted Tue November 17, 2020 01:30 AM
    Thanks Matthias. This is what the data pipeline would look like.
    App1 -> IBM Cloud QMGR -> Bridge (on AWS) -> AWS Kinesis

    I'm exploring two option for the Bridge - 1.Apache Camel, and 2. PyMQI

    Would you have any preference or recommendation?

    ------------------------------
    Ashish Naidu
    Principal Architect
    InfoCepts
    India
    ------------------------------

    Original Message


  • 20.  RE: IBM MQ: Ask Us Anything!

    Posted Wed November 18, 2020 04:02 AM
    Hi Ashish,

    Welcome to the MQ community :) Matthias is right that you can use MQ inside the AWS Cloud. There are options including running a QM on AWS IaaS yourself (traditional s/w or container deployment) or making use of our MQ managed service on AWS. Either way this enables you to use MQ as a transport all the way into AWS. From there you'll need to make the bridge to Kinesis. The Kinesis connector API is Java so I imagine an MQ application could be written to take the messages and invoke that API.

    Cheers, Matt

    ------------------------------
    Matthew Sunley
    Senior Offering Manager, IBM MQ for z/OS and zGuild Lead
    IBM United Kingdom Ltd
    ------------------------------

    Original Message


  • 21.  RE: IBM MQ: Ask Us Anything!

    Posted Tue November 17, 2020 01:43 PM
    Ashish Naidu,

    You have to use Kafka MQ connectors:

    Take a look on this: 


    Obs.: event Streams is based on Kafka so you can extrapolate to all Kafka products.

    Regards,


    Fernando F. Tavares
    IT Architect - Senior Middleware Integration Engineer
    Hybrid Cloud Services
    +55 13 97406 2222 Mobile
    +55 19 5839 1796 Office
    fftav@br.ibm.com




    Original Message


  • 22.  RE: IBM MQ: Ask Us Anything!

    Posted Tue November 17, 2020 01:43 PM
    There are  key differences between MQ and Streams products like Kafka.
    MQ is a enterprise messaging middleware. It is intent to enterprise point-to-point messages and publish-subscribe integration models. It enables desired features in pub/sub and point-to-point that doesn't exist or are difficult to implement in Kafka.
    Some competitors of MQ are: AMQ (Apache, RedHat), Rabbit MQ, etc. Not Kafka directly. Which doesn't mean you can't choose between both depending on what challenge you have to integrate apps.
    Streams computing is different, and Kafka is better suite to it. Kafka is a log system utilized to compute on the fly data (streams). IBM has an implementation of Kafka called IBM Event Streams. There are other services implementations of Kafka in the cloud, as well implementations of MQ and other message systems. But Kafka has a extremely difficult implementation to address pub/sub management which is very common in the Enterprise pub/sub area.
    So it is not a matter of one is better than the other.Correct is to say they are focused in different areas: Enterprise middleware messaging versus Stream Computing.

    Hope this can elucidate a bit.

    Regards,


    Fernando F. Tavares
    IT Architect - Senior Middleware Integration Engineer
    Hybrid Cloud Services
    +55 13 97406 2222 Mobile
    +55 19 5839 1796 Office
    fftav@br.ibm.com




    Original Message