Search

MQ Articles

MQ Articles
Hits: 5739

MQ Tips and tricks

My intention with this page is to share some Gold Nuggets here of general Interest for WebSphere MA developers and system programmers.
Important Notice:   The suggestions on this site is free and without any guarantee of any kind. The intension of this page is to help WebSphere MQ system administrators managing their sites, and reduce the frustration reading the manuals and repeat the trouble I've gone thru.

How to improve triggering, and circumvent bad programming

A good way is always to use triggertype(FIRST), because it's the simplest one to manage.

When you have chosen to use triggertype(FIRST), it's a good idea to take a look on TRIGINT() on the queue manager. Normally all system administrators forgets this little beauty, and leaves it on the default (lot of 9), this means that the queue manager only will generate one trigger event, and only when the queue depth changes from 0 to 1. (we remember that the message might not be available yet due to syncpoint/commit!!).

 

On the queue managers I administer I chosen to set the TRIGINT(60000), this means that the queue manager will generate additional triggers even if the queue depth is above 1, but it still requires that the queue is not open for input.

 

There can be some issues when working with TRIGINT on z/OS,in some cases a low value of TRIGINT cause problems, this is typically seen when triggering batch jobs in Tivoli Workload Scheduler (TWS).

So a VERY good point here is of cause to read the MQSeries Application programming guide cover to cover, and take a look on TRIGINT() in MQSeries Command Guide under ALTER QMGR.

 

How to save a WebSphere Z/OS configuration

The CSQUTIL is a utility provided with WebSphere MQ to help issue commands, perform backup and restore, and reorganize tasks. 

MAKEDEF COMMAND 

In this example, MQSeries commands are passed from an input dataset referenced by DDname REBUILD to Queue Manager MQM1 on the Z/OS platform in batch. A list of DEFINE statements is produced that describes the objects in this WebSphere MQ subsystem. Any changes or new definitions are encompassed and the statements are used to regenerate all or part of MQM1's objects and storage classes.

 

//USERID JOB (ACCOUNT),'CSQUTIL',CLASS=X,MSGCLASS=X,
// NOTIFY=&USERID
//* PROGRAM CSQUTIL ISSUES COMMANDS TO QMGR IDENTIFIED BY
//* PARM='NNNN' ON THE EXEC CARD
//* MESSAGES ARE PRINTED TO DD SYSPRINT
//* REBUILD AN MQSERIES SUBSYSTEMS USER DEFINITIONS
//COPYDEFS EXEC PGM=CSQUTIL,PARM='MQM1'
//STEPLIB DD DISP=SHR,DSN=SYS1.SCSQANLE
// DD DISP=SHR,DSN=SYS1.SCSQAUTH
//REBUILD DD DISP=SHR,DSN=MQM1.REBUILD.DATASET(DEFMQM1)http://www.mrmq.dk/Download/mqclcpy.zip
//SYSPRINT DD SYSOUT=*
//SYSIN DD *
COMMAND DDNAME(REBUILD)

DEFMQM1 sample definitions
DISPLAY STGCLASS(*) ALL
DISPLAY QUEUE(*) ALL
DISPLAY NAMELIST(*) ALL
DISPLAY PROCESS(*) ALL
DISPLAY CHANNEL(*) ALL
DISPLAY CFSTRUCTURE(*) ALL

 

  Check actual JCL before publishing page.

 

Retired Security exit MS05

Security exit MS05 from IBM can be downloaded from here: Download ms05

MQ Queue copy routine

IBM MQ C++ Queue copy routine, designed to help moving messages around on the Queue Manager, preserving the original attributes (Requires correct authorization). If it's used for moving messages in Cluster, it checks for message looping (just one level), this was designed to avoid failures when moving a cluster queue.  Download mqclcpy.ccp

 

 

Password validation exit z/OS only (obsolete with MQ version 8.0)

Together with WebSphere MQ version 5.3 is there supplied an Security exit sample (CSQ4BCX3) placed in SYS1.SCSQC37S.

This exit is using Unix function BPX1PWD to validate the users credentials userid and password. This exit was supplied to help validating users using WebSphere Application Server or other JAVA client connections.

This exit is very easy to customize for your own purposes, tie it together with a security exit on the client end, and you're all most home.

IBM included password validation in MQ version 8.0, thanks IBM.

 

Password validation exit Windows only (obsolete with MQ version 8.0)

IBM SupportPac IC72 can be used as a password validation exit quite easy and work with for example WAS applications.

Allmost what you need is give the userid and password presented in MQCD to the windows LogonUser() API, you can ignore reason 1385 (user has not been granted priv....).

Remember also to add the version 6.0 exit point MQXR_SEC_PARMS.

You can also use the new fields here to pass-on userid/password from your client application.

It's far beyond my capabilities to describe in full details what's needed to change IC72 to do what you need. But this is meant as an inspiration.

You need to change the exits, because a new exit point (MQXR_SEC_PARAMS) was added with MQ version 6.0.

IBM included password validation in MQ version 8.0, thanks IBM.

LogIP security exit

Information on LogIP is here

BlockIP security exit

Information on BlockIP is here

 

 

Login Form