Tuesday, 2 September 2014

AMQ5540 and AMQ5541 seen between WebSphere Application Server and WebSphere MQ

So I'm seeing: -

AMQ5540: Application 'WebSphere MQ Client for Java' did not supply a user ID and password

AMQ5541: The failed authentication check was caused by the queue manager
CONNAUTH CHCKCLNT(REQDADM) configuration.


from WebSphere MQ 8.0 when I attempt to connect from WebSphere Application Server (WAS) to a Queue Manager.

The solution ?

Read this IBM Technote: -


...
In MQ 8.0, a new function is introduced that requires MQ administrators using remote access to supply the userid and password. When the userid and password are not supplied or the password is incorrect, then the following error is displayed.
...

I chose to take the circumvention of setting the Queue Manager back to the pre-V8 days, with passing checking being optional: -

ALTER AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS) CHCKCLNT(OPTIONAL)

Obviously, this goes AGAINST good practices around security, but, in this particular case, it's MY environment.

YOUR mileage WILL vary.

Installing IBM WebSphere MQ on Linux

Following on from a previous post: -


I'm getting to grips with IBM Integration Bus 9.0.0.2 and it's prerequisite dependency IBM WebSphere MQ 8.0.

First I'm going to install WMQ ...

I downloaded WMQ from the IBM software download site, resulting in a single TAR file: -

-rw-r--r--@  1 hayd  staff  558767000  2 Sep 06:14 WS_MQ_LINUX_ON_X86_64_V8.0_IMG.tar.gz

This I expanded onto my target RHEL 6.3 box: -

mkdir /tmp/Repo/WMQ
cd /tmp/Repo/WMQ
tar xvzf /mnt/hgfs/Software/WMQ8/WS_MQ_LINUX_ON_X86_64_V8.0_IMG.tar.gz 

This results in a number ( 30 ) of RPMs: -

MQSeriesAMS-8.0.0-0.x86_64.rpm
MQSeriesClient-8.0.0-0.x86_64.rpm
MQSeriesExplorer-8.0.0-0.x86_64.rpm
MQSeriesFTAgent-8.0.0-0.x86_64.rpm
MQSeriesFTBase-8.0.0-0.x86_64.rpm
MQSeriesFTLogger-8.0.0-0.x86_64.rpm
MQSeriesFTService-8.0.0-0.x86_64.rpm
MQSeriesFTTools-8.0.0-0.x86_64.rpm
MQSeriesGSKit-8.0.0-0.x86_64.rpm
MQSeriesJava-8.0.0-0.x86_64.rpm
MQSeriesJRE-8.0.0-0.x86_64.rpm
MQSeriesMan-8.0.0-0.x86_64.rpm
MQSeriesMsg_cs-8.0.0-0.x86_64.rpm
MQSeriesMsg_de-8.0.0-0.x86_64.rpm
MQSeriesMsg_es-8.0.0-0.x86_64.rpm
MQSeriesMsg_fr-8.0.0-0.x86_64.rpm
MQSeriesMsg_hu-8.0.0-0.x86_64.rpm
MQSeriesMsg_it-8.0.0-0.x86_64.rpm
MQSeriesMsg_ja-8.0.0-0.x86_64.rpm
MQSeriesMsg_ko-8.0.0-0.x86_64.rpm
MQSeriesMsg_pl-8.0.0-0.x86_64.rpm
MQSeriesMsg_pt-8.0.0-0.x86_64.rpm
MQSeriesMsg_ru-8.0.0-0.x86_64.rpm
MQSeriesMsg_Zh_CN-8.0.0-0.x86_64.rpm
MQSeriesMsg_Zh_TW-8.0.0-0.x86_64.rpm
MQSeriesRuntime-8.0.0-0.x86_64.rpm
MQSeriesSamples-8.0.0-0.x86_64.rpm
MQSeriesSDK-8.0.0-0.x86_64.rpm
MQSeriesServer-8.0.0-0.x86_64.rpm
MQSeriesXRService-8.0.0-0.x86_64.rpm

First I needed to accept the license agreement: -

./mqlicense.sh 

...
Press Enter to continue viewing the license agreement, or 
enter "1" to accept the agreement, "2" to decline it, "3" 
to print it, "4" to read non-IBM terms, or "99" to go back 
to the previous screen.
1

Agreement accepted:  Proceed with install.

...

I then ran a loop to install the RPMs: -

for i in *.rpm; do rpm --prefix /opt/ibm/mqm -ivh $i; done

I needed to run this several times as  some RPMs depend upon others that have yet to be installed.

Eventually, all were installed: -

...
Preparing...                ########################################### [100%]
package MQSeriesMsg_Zh_TW-8.0.0-0.x86_64 is already installed
Preparing...                ########################################### [100%]
package MQSeriesRuntime-8.0.0-0.x86_64 is already installed

...

which I validated: -

rpm -qa | grep MQSeries

MQSeriesServer-8.0.0-0.x86_64
MQSeriesJRE-8.0.0-0.x86_64
MQSeriesMsg_es-8.0.0-0.x86_64
MQSeriesMsg_ja-8.0.0-0.x86_64
MQSeriesMsg_ru-8.0.0-0.x86_64
MQSeriesExplorer-8.0.0-0.x86_64
MQSeriesGSKit-8.0.0-0.x86_64
MQSeriesRuntime-8.0.0-0.x86_64
MQSeriesSDK-8.0.0-0.x86_64
MQSeriesAMS-8.0.0-0.x86_64
MQSeriesJava-8.0.0-0.x86_64
MQSeriesMan-8.0.0-0.x86_64
MQSeriesMsg_de-8.0.0-0.x86_64
MQSeriesMsg_fr-8.0.0-0.x86_64
MQSeriesMsg_it-8.0.0-0.x86_64
MQSeriesMsg_ko-8.0.0-0.x86_64
MQSeriesMsg_pt-8.0.0-0.x86_64
MQSeriesMsg_Zh_CN-8.0.0-0.x86_64
MQSeriesXRService-8.0.0-0.x86_64
MQSeriesFTBase-8.0.0-0.x86_64
MQSeriesFTTools-8.0.0-0.x86_64
MQSeriesFTAgent-8.0.0-0.x86_64
MQSeriesSamples-8.0.0-0.x86_64
MQSeriesClient-8.0.0-0.x86_64
MQSeriesMsg_cs-8.0.0-0.x86_64
MQSeriesMsg_hu-8.0.0-0.x86_64
MQSeriesMsg_pl-8.0.0-0.x86_64
MQSeriesMsg_Zh_TW-8.0.0-0.x86_64
MQSeriesFTLogger-8.0.0-0.x86_64
MQSeriesFTService-8.0.0-0.x86_64

rpm -qa | grep MQSeries | wc

     30      30     905

I did have one small fright - when I listed the contents of the /opt/ibm/mqm/bin directory, this is what I saw: -


and I assumed that the use of the red font indicated a problem with the installation :-(

Actually, it's NOT a problem - it's merely my shell's way of showing me that the red-flagged binaries have the sticky bit set, meaning that they'll always be executed with the mqm user.

Unlike earlier versions, the MQConfig command is shipped with WMQ 8: -

ls -al `locate mqconfig`

-r-xr-xr-x 1 mqm mqm 51989 Apr 29 15:54 /opt/mqm/bin/mqconfig

This I ran: -

/opt/mqm/bin/mqconfig 

mqconfig: V3.7 analyzing Red Hat Enterprise Linux Server release 6.3
          (Santiago) settings for WebSphere MQ V8.0

System V Semaphores
  semmsl     (sem:1)  250 semaphores                     IBM>=32           PASS
  semmns     (sem:2)  122 of 256000 semaphores   (0%)    IBM>=4096         PASS
  semopm     (sem:3)  32 operations                      IBM>=32           PASS
  semmni     (sem:4)  109 of 2048 sets           (5%)    IBM>=128          PASS

System V Shared Memory
  shmmax              68719476736 bytes                  IBM>=268435456    PASS
  shmmni              8 of 4096 sets             (0%)    IBM>=4096         PASS
  shmall              425311 of 4294967296 pages (0%)    IBM>=2097152      PASS

System Settings
  file-max            4992 of 792980 files       (0%)    IBM>=524288       PASS

Current User Limits (root)
  nofile       (-Hn)  8800 files                         IBM>=10240        WARN
  nofile       (-Sn)  8800 files                         IBM>=10240        WARN

  nproc        (-Hu)  0 of 8800 processes        (0%)    IBM>=4096         PASS
  nproc        (-Su)  0 of 8800 processes        (0%)    IBM>=4096         PASS


Following the recommendations, I increased the nofile ulimits from 8800 to 10240, by editing /etc/security/limits.conf from: -

# End of file
* hard nofile 8800
* soft nofile 8800

to: -

# End of file
* hard nofile 10240
* soft nofile 10240

One log out later, and we're good to go: -

mqconfig: V3.7 analyzing Red Hat Enterprise Linux Server release 6.3
          (Santiago) settings for WebSphere MQ V8.0

System V Semaphores
  semmsl     (sem:1)  250 semaphores                     IBM>=32           PASS
  semmns     (sem:2)  122 of 256000 semaphores   (0%)    IBM>=4096         PASS
  semopm     (sem:3)  32 operations                      IBM>=32           PASS
  semmni     (sem:4)  109 of 2048 sets           (5%)    IBM>=128          PASS

System V Shared Memory
  shmmax              68719476736 bytes                  IBM>=268435456    PASS
  shmmni              8 of 4096 sets             (0%)    IBM>=4096         PASS
  shmall              425311 of 4294967296 pages (0%)    IBM>=2097152      PASS

System Settings
  file-max            4992 of 792980 files       (0%)    IBM>=524288       PASS

Current User Limits (root)
  nofile       (-Hn)  10240 files                        IBM>=10240        PASS
  nofile       (-Sn)  10240 files                        IBM>=10240        PASS
  nproc        (-Hu)  0 of 8800 processes        (0%)    IBM>=4096         PASS
  nproc        (-Su)  0 of 8800 processes        (0%)    IBM>=4096         PASS


I created a dedicated group/user for WMQ: -

groupadd mqm
useradd -g mqm -d /home/mqm mqm
passwd mqm

To test WMQ, I following part of the instructions in this excellent IBM White Paper: -


as user mqm.

...
Create queue manager, with a Dead Letter Queue (DLQ)

crtmqm -u SYSTEM.DEAD.LETTER.QUEUE QM_MDB

Start the queue manager

strmqm QM_MDB

Invoke the administration utility

runmqsc QM_MDB

Within runmqsc, define and start an MQ Listener:

DEFINE LISTENER(TCP.LISTENER) TRPTYPE(TCP) CONTROL(QMGR) PORT(1420)

START LISTENER(TCP.LISTENER)

Define a channel to be used with the MQ Explorer (optional but very useful!):

DEFINE CHANNEL(SYSTEM.ADMIN.SVRCONN) CHLTYPE(SVRCONN)

Define a local queue:

DEFINE QLOCAL(Q_MDB)


Define a topic object:

DEFINE TOPIC(T_MDB) TOPICSTR('sports')

For MQ 7.1 and 7.5, and if desiring to allow remote connections by an MQ Administrator:

set CHLAUTH(*) TYPE(BLOCKUSER) USERLIST('nobody','*MQADMIN')
set CHLAUTH(SYSTEM.ADMIN.*) TYPE(BLOCKUSER) USERLIST('nobody')

Exit runmqsc:

END
...

I then continued to follow the White Paper to configure WebSphere Application Server (WAS) to access the QM_MDB Queue Manager, using JMS / Activation Specifications.

Which is nice :-)

Creating a standalone Process Center profile in IBM Business Process Manager V8.5

Creating a standalone Process Center profile in IBM Business Process Manager V8.5

A standalone Process Center profile is useful for situations where memory and disk space are limited. Rather than install the Process Center as a network deployment environment with at least three profiles running, plus an additional profile to support the unit test environment server, this article describes how a single profile can provide both a Process Center server and a unit test environment server.

Monday, 1 September 2014

IBM HTTP Server - CTGSK3024W Invalid value for parameter from GSK

I hit a wee problem with the Global Security Toolkit (GSK) when creating a certificate for IBM HTTP Server 8.5.5.2

This is the command that I was running: - 

/opt/ibm/HTTPServer/bin/gskcapicmd -cert -create -db /opt/ibm/HTTPServer/ssl/keystore.kdb -pw passw0rd -size 2048 -dn "bam8012.uk.ibm.com,o=ibm,c=us" -label "bam8012.uk.ibm.com" -default_cert yes

which resulted in: -

CTGSK3024W Invalid value for parameter "-dn" (bam8012.uk.ibm.com,o=ibm,c=us). 

It was, of course, user error.

This is what I should have run: -

/opt/ibm/HTTPServer/bin/gskcapicmd -cert -create -db /opt/ibm/HTTPServer/ssl/keystore.kdb -pw rlmp56Hn3uWh -size 2048 -dn "bam8012.uk.ibm.com\\,o=ibm\\,c=us\\" -label "bam8012.uk.ibm.com" -default_cert yes

In other words, I needed to insert '\\' before each comma ( , )

Saturday, 30 August 2014

Cognos on Linux - Dependencies - Soup to Nuts

A follow-up: -



Replicate the problem

cd /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/cognos/SupClusterMember1/bin
./BIBusTKServerMain

./BIBusTKServerMain: error while loading shared libraries: libX11.so.6: cannot open shared object file: No such file or directory

Diagnose using LDD

cd /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/cognos/SupClusterMember1/bin
ldd BIBusTKServerMain
linux-gate.so.1 =>  (0x00917000)
libtcmalloc_minimal.so.0 => ./libtcmalloc_minimal.so.0 (0x00b27000)
libBIBusTK.so => ./libBIBusTK.so (0x00a31000)
libBIBusTKServer.so => ./libBIBusTKServer.so (0x007d5000)
libCCLCore.so => ./libCCLCore.so (0x00110000)
libX11.so.6 => not found
libdl.so.2 => /lib/libdl.so.2 (0x006e5000)
libnsl.so.1 => /lib/libnsl.so.1 (0x00663000)
libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x004af000)
libm.so.6 => /lib/libm.so.6 (0x002e9000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x00273000)
libpthread.so.0 => /lib/libpthread.so.0 (0x00ef6000)
libc.so.6 => /lib/libc.so.6 (0x00b63000)
libxerces-c.so.27 => ./libxerces-c.so.27 (0x00f11000)
librt.so.1 => /lib/librt.so.1 (0x00291000)
libCCLCryptoShared.so => ./libCCLCryptoShared.so (0x003f6000)
libCCLIDOM.so => ./libCCLIDOM.so (0x00d16000)
libCCLHttptools.so => ./libCCLHttptools.so (0x0096c000)
libIBJStreamsDLL.so => ./libIBJStreamsDLL.so (0x00abc000)
libX11.so.6 => not found
libCCLCFGAPI.so => ./libCCLCFGAPI.so (0x0029a000)
libcogipf2.so => ./libcogipf2.so (0x00415000)
coglog4ccl.so => ./coglog4ccl.so (0x0059a000)
libX11.so.6 => not found
libz.so.1 => ./libz.so.1 (0x002c9000)
libicucogi18n.so.40 => ./libicucogi18n.so.40 (0x07541000)
libicucoguc.so.40 => ./libicucoguc.so.40 (0x00d61000)
/lib/ld-linux.so.2 (0x003a3000)
libX11.so.6 => not found
libicucogdata.so.40 => ./libicucogdata.so.40 (0xf6ac7000)
libX11.so.6 => not found
libX11.so.6 => not found
libX11.so.6 => not found
libX11.so.6 => not found
libX11.so.6 => not found
libX11.so.6 => not found
libX11.so.6 => not found


Look at the missing library

locate libX11.so.6

/usr/lib64/libX11.so.6
/usr/lib64/libX11.so.6.3.0


See, there's a 64-bit version, but no 32-bit version :-(

Look at the RPMs that provide that library

yum list | grep -i libX11

libX11.x86_64                           1.3-2.el6                        @anaconda-RedHatEnterpriseLinux-201206132210.x86_64/6.3
libX11-common.noarch                    1.3-2.el6                        @anaconda-RedHatEnterpriseLinux-201206132210.x86_64/6.3
libX11.i686                             1.3-2.el6                        server 
libX11-devel.i686                       1.3-2.el6                        server 
libX11-devel.x86_64                     1.3-2.el6                        server 

Look at what's installed

rpm -qa | grep -i libX11

libX11-1.3-2.el6.x86_64
libX11-common-1.3-2.el6.noarch


Install the missing RPM ( the 386 version )

yum install libX11.i686

Test again using LDD

ldd BIBusTKServerMain

linux-gate.so.1 =>  (0x00f48000)
libtcmalloc_minimal.so.0 => ./libtcmalloc_minimal.so.0 (0x00110000)
libBIBusTK.so => ./libBIBusTK.so (0x004a3000)
libBIBusTKServer.so => ./libBIBusTKServer.so (0x002f7000)
libCCLCore.so => ./libCCLCore.so (0x00dcd000)
libX11.so.6 => /usr/lib/libX11.so.6 (0x0014c000)
libdl.so.2 => /lib/libdl.so.2 (0x00bab000)
libnsl.so.1 => /lib/libnsl.so.1 (0x00661000)
libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00c33000)
libm.so.6 => /lib/libm.so.6 (0x0061d000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x00284000)
libpthread.so.0 => /lib/libpthread.so.0 (0x00ace000)
libc.so.6 => /lib/libc.so.6 (0x0067c000)
libxerces-c.so.27 => ./libxerces-c.so.27 (0x00f49000)
librt.so.1 => /lib/librt.so.1 (0x004f1000)
libCCLCryptoShared.so => ./libCCLCryptoShared.so (0x00522000)
libCCLIDOM.so => ./libCCLIDOM.so (0x00d64000)
libCCLHttptools.so => ./libCCLHttptools.so (0x002a2000)
libIBJStreamsDLL.so => ./libIBJStreamsDLL.so (0x002c4000)
libCCLCFGAPI.so => ./libCCLCFGAPI.so (0x005e3000)
libcogipf2.so => ./libcogipf2.so (0x0032b000)
coglog4ccl.so => ./coglog4ccl.so (0x0053c000)
libz.so.1 => ./libz.so.1 (0x00419000)
libicucogi18n.so.40 => ./libicucogi18n.so.40 (0x00904000)
libicucoguc.so.40 => ./libicucoguc.so.40 (0x06517000)
libxcb.so.1 => /usr/lib/libxcb.so.1 (0x0036a000)
/lib/ld-linux.so.2 (0x003a3000)
libicucogdata.so.40 => ./libicucogdata.so.40 (0xf6b5e000)
libXau.so.6 => /usr/lib/libXau.so.6 (0x002e5000)


Now try and run the binary

./BIBusTKServerMain

port=33768 pid=40133

Sorted :-)

I love this stuff :-)

Alias command on Unix - why am I late to the party ?

So I regularly make use of this Linux command: -

history | cut -c 8-

to get the Bash history but without the numbers.

Before

  131  /opt/IBM/WebSphere/AppServer/bin/sibDDLGenerator.sh -system db2 -version 9.7 -platform unix -schema MONCM00 -statementend ";" -user db2user1 >> ~/createMESchemas.sql
  132  /opt/IBM/WebSphere/AppServer/bin/sibDDLGenerator.sh -system db2 -version 9.7 -platform unix -schema MONME00 -statementend ";" -user db2user1 >> ~/createMESchemas.sql
  133  db2 -tvf createMESchemas.sql


After

/opt/IBM/WebSphere/AppServer/bin/sibDDLGenerator.sh -system db2 -version 9.7 -platform unix -schema MONCM00 -statementend ";" -user db2user1 >> ~/createMESchemas.sql
/opt/IBM/WebSphere/AppServer/bin/sibDDLGenerator.sh -system db2 -version 9.7 -platform unix -schema MONME00 -statementend ";" -user db2user1 >> ~/createMESchemas.sql
db2 -tvf createMESchemas.sql


See, easy documentation :-)

However, I can never remember the format of the improved history command, so I end up opening a text file on my Mac to find it.

So why don't I use the alias command, I hear you say ?

Well, I do now :-)

This is the relevant alias command: -

alias hist='history | cut -c 8-'

which now gives me a shortened command ( so I actually type less ! ) which achieves my requirement.

On it's own, the alias command shows me ALL of my aliases: -

alias

alias hist='history | cut -c 8-'
alias l.='ls -d .* --color=auto'
alias ll='ls -l --color=auto'
alias ls='ls --color=auto'
alias vi='vim'
alias which='alias | /usr/bin/which --tty-only --read-alias --show-dot --show-tilde'


Guess what I've added to my .bashrc :-)

Friday, 29 August 2014

Notes to self - Setting up DB2 Client connectivity

It's been ~10 years since I last did this ( DB2 on Unix to DB2 on z/OS or OS/400 ), but I now have a requirement to deliver a DB2 client for WebSphere MQ interaction ( MQ will use ODBC rather than JDBC ).

I knocked this up using a pair of VMs on my Macbook .....

Response File -  ~/db2client.rsp

PROD                      = CLIENT
FILE                      = /opt/ibm/db2/V10.1
LIC_AGREEMENT             = ACCEPT
INSTALL_TYPE              = TYPICAL

Install DB2 Client Binaries - as root

./db2setup -r ~/db2client.rsp

Create DB2 User and Group - as root

groupadd db2users
useradd -g db2users -d /home/db2user1 db2user1
passwd db2user1

Create DB2 Instance ( required for client connectivity ) - as root

/opt/ibm/db2/V10.1/instance/db2icrt -a CLIENT db2user1

Catalog Remote DB2 Server ( Node ) - as db2user1

db2 catalog tcpip node rhel6 remote rhel6 server DB2c_db2inst1

( node and remote refer to DB2 server hostname, server refers to DB2 service name in /etc/services )

Validate Node Directory

db2 list node directory

Test Connectivity - as db2user1

db2 attach to rhel6 user db2inst1 using passw0rd
db2 list applications
db2 detach

Catalog Remote Database - as db2user1

db2 catalog database foobar at node rhel6

( database refers to database alias on remote server, node refers to previously catalogued node )

Validate DB Directory - as db2user1

db2 list db directory

Create Database on Server - as db2inst1

db2 "create table snafu(surname char(16) not null,firstname char(10) not null)"

Use Database - as db2user1

db2 connect to foobar user db2inst1 using passw0rd
db2 list tables for all | more
db2 "select * from db2inst1.snafu"
db2 "describe select * from db2inst1.snafu"
db2 "insert into db2inst1.snafu(surname,firstname) values('Hay','Dave')"
db2 "select * from db2inst1.snafu"
db2 terminate

Shiny :-)