MQ V9.1.3.0 (#348)

* MQ 9.1.3 changes * Use crtmqdir -a * Allow generation of TLS certificate with given hostname * Remove check for certificate env variable * Updated manifests and changelog for 913 * Use MQ externals to configure console frame ancestors * Create /run/mqm * Go sec fixes * Set SAN when generating certificates * Remove image source and commit
2019-07-24 12:01:21 +01:00
parent dc00231ec1
commit b8a7167c4e
18 changed files with 149 additions and 116 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,15 @@
 # Change log

+## 9.1.3.0 (2019-07-19)
+
+* Updated to MQ version 9.1.3.0
+* Allow generation of TLS certificate with given hostname
+* Fixes for the following issues:
+  * `MQ_EPHEMERAL_PREFIX` UNIX sockets fix
+  * Fix Makefile for Windows
+  * Use -a option on crtmqdir
+  * Remove check for certificate environment variable
+
 ## 9.1.2.0-UBI (2019-06-21)

 **Breaking changes**:
@@ -13,6 +23,7 @@
  
 ## 9.1.2.0 (2019-03-21)

+* Updated to MQ version 9.1.2.0
 * Now runs using the "mqm" user instead of root.  See new [security doc](https://github.com/ibm-messaging/mq-container/blob/master/docs/security.md)
 * New [IGNSTATE](https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_9.1.0/com.ibm.mq.pro.doc/q132310_.htm#q132310___ignstateparm) parameter used in default developer config
 * Termination log moved from `/dev/termination-log` to `/run/termination-log`, to make permissions easier to handle
--- a/7
+++ b/7
@@ -17,9 +17,9 @@
 # the command line
 ###############################################################################
 # MQ_VERSION is the fully qualified MQ version number to build
-MQ_VERSION ?= 9.1.2.0
+MQ_VERSION ?= 9.1.3.0
 # RELEASE shows what release of the container code has been built
-RELEASE ?= 3
+RELEASE ?= 1
 # MQ_ARCHIVE is the name of the file, under the downloads directory, from which MQ Advanced can
 # be installed. The default value is derived from MQ_VERSION, BASE_IMAGE and architecture
 # Does not apply to MQ Advanced for Developers.
@@ -68,7 +68,7 @@ IMAGE_REVISION=$(shell git rev-parse HEAD)
 IMAGE_SOURCE=$(shell git config --get remote.origin.url)
 EMPTY:=
 SPACE:= $(EMPTY) $(EMPTY)
-# MQ_VERSION_VRM is MQ_VERSION with only the Version, Release and Modifier fields (no Fix field).  e.g. 9.1.2 instead of 9.1.2.0
+# MQ_VERSION_VRM is MQ_VERSION with only the Version, Release and Modifier fields (no Fix field).  e.g. 9.1.3 instead of 9.1.3.0
 MQ_VERSION_VRM=$(subst $(SPACE),.,$(wordlist 1,3,$(subst .,$(SPACE),$(MQ_VERSION))))

 # Set variable if running on a Red Hat Enterprise Linux host
@@ -102,6 +102,7 @@ endif
 MQ_ARCHIVE_DEV_9.1.0.0=mqadv_dev910_$(MQ_ARCHIVE_DEV_PLATFORM)_$(MQ_DEV_ARCH).tar.gz
 MQ_ARCHIVE_DEV_9.1.1.0=mqadv_dev911_$(MQ_ARCHIVE_DEV_PLATFORM)_$(MQ_DEV_ARCH).tar.gz
 MQ_ARCHIVE_DEV_9.1.2.0=mqadv_dev912_$(MQ_ARCHIVE_DEV_PLATFORM)_$(MQ_DEV_ARCH).tar.gz
+MQ_ARCHIVE_DEV_9.1.3.0=mqadv_dev913_$(MQ_ARCHIVE_DEV_PLATFORM)_$(MQ_DEV_ARCH).tar.gz

 ###############################################################################
 # Build targets
--- a/README.md
+++ b/README.md
@@ -44,8 +44,8 @@ For issues relating specifically to the container image or Helm chart, please us
 The Dockerfiles and associated code and scripts are licensed under the [Apache License 2.0](http://www.apache.org/licenses/LICENSE-2.0.html).
 Licenses for the products installed within the images are as follows:

- [IBM MQ Advanced for Developers](http://www14.software.ibm.com/cgi-bin/weblap/lap.pl?la_formnum=Z125-3301-14&li_formnum=L-APIG-AVCJ4S) (International License Agreement for Non-Warranted Programs). This license may be viewed from an image using the `LICENSE=view` environment variable as described above or by following the link above.
- [IBM MQ Advanced](http://www14.software.ibm.com/cgi-bin/weblap/lap.pl?la_formnum=Z125-3301-14&li_formnum=L-APIG-AZYF4X) (International Program License Agreement). This license may be viewed from an image using the `LICENSE=view` environment variable as described above or by following the link above.
+- [IBM MQ Advanced for Developers](http://www14.software.ibm.com/cgi-bin/weblap/lap.pl?la_formnum=Z125-3301-14&li_formnum=L-APIG-BBZHCQ) (International License Agreement for Non-Warranted Programs). This license may be viewed from an image using the `LICENSE=view` environment variable as described above or by following the link above.
+- [IBM MQ Advanced](http://www14.software.ibm.com/cgi-bin/weblap/lap.pl?la_formnum=Z125-3301-14&li_formnum=L-APIG-BBSHJL) (International Program License Agreement). This license may be viewed from an image using the `LICENSE=view` environment variable as described above or by following the link above.
 - License information for Ubuntu packages may be found in `/usr/share/doc/${package}/copyright`

 Note: The IBM MQ Advanced for Developers license does not permit further distribution and the terms restrict usage to a developer machine.
--- a/cmd/runmqserver/main.go
+++ b/cmd/runmqserver/main.go
@@ -117,29 +117,6 @@ func doMain() error {
 		return err
 	}

-	// handle /var/mqm/ permissions in upgrade to UBI
-	if *initFlag {
-		varMqmDirs := []string{
-			"/var/mqm/config",
-			"/var/mqm/conv",
-			"/var/mqm/errors",
-			"/var/mqm/exits",
-			"/var/mqm/exits64",
-			"/var/mqm/log",
-			"/var/mqm/mqft",
-			"/var/mqm/qmgrs",
-			"/var/mqm/shared",
-			"/var/mqm/sockets",
-			"/var/mqm/trace",
-			"/var/mqm/web",
-		}
-		err = configureOwnership(varMqmDirs)
-		if err != nil {
-			logTermination(err)
-			return err
-		}
-	}
-
 	// If init flag is set, exit now
 	if *initFlag {
 		return nil
--- a/cmd/runmqserver/qmgr.go
+++ b/cmd/runmqserver/qmgr.go
@@ -24,8 +24,6 @@ import (
 	"path/filepath"
 	"strings"

-	"golang.org/x/sys/unix"
-
 	"github.com/ibm-messaging/mq-container/internal/command"
 	containerruntime "github.com/ibm-messaging/mq-container/internal/containerruntime"
 	"github.com/ibm-messaging/mq-container/internal/mqscredact"
@@ -34,7 +32,7 @@ import (

 // createDirStructure creates the default MQ directory structure under /var/mqm
 func createDirStructure() error {
-	out, _, err := command.Run("/opt/mqm/bin/crtmqdir", "-f", "-s")
+	out, _, err := command.Run("/opt/mqm/bin/crtmqdir", "-f", "-a")
 	if err != nil {
 		log.Printf("Error creating directory structure: %v\n", string(out))
 		return err
@@ -43,47 +41,6 @@ func createDirStructure() error {
 	return nil
 }

-// configureOwnership recursively handles ownership of files within the given filepath
-func configureOwnership(paths []string) error {
-	uid, gid, err := command.LookupMQM()
-	if err != nil {
-		return err
-	}
-	var fileInfo *unix.Stat_t
-	fileInfo = new(unix.Stat_t)
-	for _, root := range paths {
-		_, err = os.Stat(root)
-		if err != nil {
-			if os.IsNotExist(err) {
-				continue
-			}
-			return err
-		}
-		err = filepath.Walk(root, func(from string, info os.FileInfo, err error) error {
-			if err != nil {
-				return err
-			}
-			to := fmt.Sprintf("%v%v", root, from[len(root):])
-			err = unix.Stat(to, fileInfo)
-			if err != nil {
-				return err
-			}
-			fileUID := fmt.Sprint(fileInfo.Uid)
-			if strings.Compare(fileUID, "999") == 0 {
-				err = os.Chown(to, uid, gid)
-				if err != nil {
-					return err
-				}
-			}
-			return nil
-		})
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
 // createQueueManager creates a queue manager, if it doesn't already exist.
 // It returns true if one was created (or a standby was created), or false if one already existed
 func createQueueManager(name string) (bool, error) {
--- a/cmd/runmqserver/tls.go
+++ b/cmd/runmqserver/tls.go
@@ -22,6 +22,7 @@ import (
 	"strings"

 	"github.com/ibm-messaging/mq-container/internal/command"
+	"github.com/ibm-messaging/mq-container/internal/keystore"
 	"github.com/ibm-messaging/mq-container/internal/mqtemplate"
 	"github.com/ibm-messaging/mq-container/internal/tls"
 )
@@ -38,7 +39,7 @@ const trustDir = "/etc/mqm/pki/trust"
 // configureWebTLS configures TLS for Web Console
 func configureWebTLS(label string) error {
 	// Return immediately if we have no certificate to use as identity
-	if label == "" {
+	if label == "" && os.Getenv("MQ_GENERATE_CERTIFICATE_HOSTNAME") == "" {
 		return nil
 	}

@@ -129,8 +130,30 @@ func configureSSOTLS(p12TrustStore tls.KeyStoreData) (string, error) {
 	// Check keystore exists
 	ks := filepath.Join(keyStoreDir, webKeyStoreName)
 	_, err := os.Stat(ks)
-	if err != nil {
-		return "", fmt.Errorf("Failed to find existing keystore %s: %v", ks, err)
+	// Now we know if the file exists let's check whether we should have it or not.
+	// Check if we're being told to generate the certificate
+	genHostName := os.Getenv("MQ_GENERATE_CERTIFICATE_HOSTNAME")
+	if genHostName != "" {
+		// We've got to generate the certificate with the hostname given
+		if err == nil {
+			log.Printf("Replacing existing keystore %s - generating new certificate", ks)
+		}
+		// Keystore doesn't exist so create it and populate a certificate
+		newKS := keystore.NewPKCS12KeyStore(ks, p12TrustStore.Password)
+		err = newKS.Create()
+		if err != nil {
+			return "", fmt.Errorf("Failed to create keystore %s: %v", ks, err)
+		}
+
+		err = newKS.CreateSelfSignedCertificate("default", fmt.Sprintf("CN=%s", genHostName), genHostName)
+		if err != nil {
+			return "", fmt.Errorf("Failed to generate certificate in keystore %s with DN of 'CN=%s': %v", ks, genHostName, err)
+		}
+	} else {
+		// Keystore should already exist
+		if err != nil {
+			return "", fmt.Errorf("Failed to find existing keystore %s: %v", ks, err)
+		}
 	}

 	// Check truststore exists
--- a/cmd/runmqserver/version.go
+++ b/cmd/runmqserver/version.go
@@ -38,11 +38,11 @@ func logDateStamp() {
 }

 func logGitRepo() {
-	log.Printf("Image revision: %v", ImageRevision)
+	// log.Printf("Image revision: %v", ImageRevision)
 }

 func logGitCommit() {
-	log.Printf("Image source: %v", ImageSource)
+	// log.Printf("Image source: %v", ImageSource)
 }

 func logImageTag() {
--- a/cmd/runmqserver/webserver.go
+++ b/cmd/runmqserver/webserver.go
@@ -92,7 +92,6 @@ func configureSSO(p12TrustStore tls.KeyStoreData) (string, error) {
 		"MQ_OIDC_TOKEN_ENDPOINT",
 		"MQ_OIDC_JWK_ENDPOINT",
 		"MQ_OIDC_ISSUER_IDENTIFIER",
-		"MQ_OIDC_CERTIFICATE",
 	}
 	for _, envVar := range requiredEnvVars {
 		if len(os.Getenv(envVar)) == 0 {
--- a/docs/building.md
+++ b/docs/building.md
@@ -14,7 +14,7 @@ If you are working in the Windows Subsystem for Linux, follow [this guide by Mic
 This procedure works for building the MQ Continuous Delivery release, on `amd64`, `ppc64le` and `s390x` architectures.

 1. Create a `downloads` directory in the root of this repository
-2. Download MQ from [IBM Passport Advantage](https://www.ibm.com/software/passportadvantage/) or [IBM Fix Central](https://www.ibm.com/support/fixcentral), and place the downloaded file (for example, `IBM_MQ_9.1.2_UBUNTU_X86-64.tar.gz`) in the `downloads` directory
+2. Download MQ from [IBM Passport Advantage](https://www.ibm.com/software/passportadvantage/) or [IBM Fix Central](https://www.ibm.com/support/fixcentral), and place the downloaded file (for example, `IBM_MQ_9.1.3_LINUX_X86-64.tar.gz`) in the `downloads` directory
 3. Run `make build-advancedserver`

 > **Warning**: Note that MQ offers two different sets of packaging on Linux: one is called "MQ for Linux" and contains RPM files for installing on Red Hat Enterprise Linux and SUSE Linux Enterprise Server.  The MQ container build uses a Red Hat Universal Base Image, so you need the "MQ for Linux" RPM files.
--- a/docs/security.md
+++ b/docs/security.md
@@ -16,7 +16,7 @@ docker run \
  --env LICENSE=accept \
  --env MQ_QMGR_NAME=QM1 \
  --detach \
-  mqadvanced-server:9.1.2.0-amd64
+  mqadvanced-server:9.1.3.0-amd64
 ```

 The MQ Advanced for Developers image does require the "chown", "setuid", "setgid" and "audit_write" capabilities (plus "dac_override" if you're using an image based on Red Hat Enterprise Linux).  This is because it uses the "sudo" command to change passwords inside the container.  For example, in Docker, you could do the following:
@@ -31,7 +31,7 @@ docker run \
  --env LICENSE=accept \
  --env MQ_QMGR_NAME=QM1 \
  --detach \
-  mqadvanced-server-dev:9.1.2.0-amd64
+  mqadvanced-server-dev:9.1.3.0-amd64
 ```

 ### SELinux
--- a/docs/testing.md
+++ b/docs/testing.md
@@ -24,7 +24,7 @@ make test-advancedserver
 You can specify the image to use directly by using the `MQ_IMAGE_ADVANCEDSERVER` or `MQ_IMAGE_DEVSERVER` variables, for example:

 ```
-MQ_IMAGE_ADVANCEDSERVER=mqadvanced-server:9.1.2.0-amd64 make test-advancedserver
+MQ_IMAGE_ADVANCEDSERVER=mqadvanced-server:9.1.3.0-amd64 make test-advancedserver
 ```

 You can pass parameters to `go test` with an environment variable.  For example, to run the "TestGoldenPath" test, run the following command::
@@ -33,10 +33,10 @@ You can pass parameters to `go test` with an environment variable.  For example,
 TEST_OPTS_DOCKER="-run TestGoldenPath" make test-advancedserver
 ```

-You can also use the same environment variables you specified when [building](./building), for example, the following will try and test an image called `mqadvanced-server:9.1.2.0-amd64`:
+You can also use the same environment variables you specified when [building](./building), for example, the following will try and test an image called `mqadvanced-server:9.1.3.0-amd64`:

 ```
-MQ_VERSION=9.1.2.0 make test-advancedserver
+MQ_VERSION=9.1.3.0 make test-advancedserver
 ```

 ### Running the Docker tests with code coverage
--- a/install-mq.sh
+++ b/install-mq.sh
@@ -84,6 +84,9 @@ install --directory --mode 0775 --owner mqm --group root /mnt/mqm-data/qmgrs
 # Create the directory for MQ configuration files
 install --directory --mode 0775 --owner mqm --group root /etc/mqm

+# Create the directory for MQ runtime files
+install --directory --mode 0775 --owner mqm --group root /run/mqm
+
 # Create a symlink for /var/mqm -> /mnt/mqm/data
 ln -s /mnt/mqm/data /var/mqm

--- a/internal/keystore/keystore.go
+++ b/internal/keystore/keystore.go
@@ -151,8 +151,8 @@ func (ks *KeyStore) Import(inputFile, password string) error {
 }

 // CreateSelfSignedCertificate creates a self-signed certificate in the keystore
-func (ks *KeyStore) CreateSelfSignedCertificate(label, dn string) error {
-	out, _, err := command.Run(ks.command, "-cert", "-create", "-db", ks.Filename, "-pw", ks.Password, "-label", label, "-dn", dn)
+func (ks *KeyStore) CreateSelfSignedCertificate(label, dn, hostname string) error {
+	out, _, err := command.Run(ks.command, "-cert", "-create", "-db", ks.Filename, "-pw", ks.Password, "-label", label, "-dn", dn, "-san_dnsname", hostname)
 	if err != nil {
 		return fmt.Errorf("error running \"%v -cert -create\": %v %s", ks.command, err, out)
 	}
@@ -203,6 +203,8 @@ func (ks *KeyStore) GetCertificateLabels() ([]string, error) {
 func (ks *KeyStore) RenameCertificate(from, to string) error {
 	if ks.command == "/opt/mqm/bin/runmqakm" {
 		// runmqakm can't handle certs with ' in them so just use capicmd
+		// Overriding gosec here as this function is in an internal package and only callable by our internal functions.
+		// #nosec G204
 		cmd := exec.Command("/opt/mqm/gskit8/bin/gsk8capicmd_64", "-cert", "-rename", "-db", ks.Filename, "-pw", ks.Password, "-label", from, "-new_label", to)
 		cmd.Env = append(os.Environ(), "LD_LIBRARY_PATH=/opt/mqm/gskit8/lib64/:/opt/mqm/gskit8/lib")
 		out, _, err := command.RunCmd(cmd)
@@ -219,7 +221,7 @@ func (ks *KeyStore) RenameCertificate(from, to string) error {
 	return nil
 }

-// ListCertificates Lists all certificates in the keystore
+// ListAllCertificates Lists all certificates in the keystore
 func (ks *KeyStore) ListAllCertificates() ([]string, error) {
 	out, _, err := command.Run(ks.command, "-cert", "-list", "-type", ks.keyStoreType, "-db", ks.Filename, "-pw", ks.Password)
 	if err != nil {
--- a/manifests/dockerhub/manifest-9.1.3.yaml
+++ b/manifests/dockerhub/manifest-9.1.3.yaml
@@ -0,0 +1,28 @@
+# © Copyright IBM Corporation 2019
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+image: ibmcom/mq:9.1.3.0
+manifests:
+  - image: ibmcom/mq:9.1.3.0-amd64
+    platform:
+      architecture: amd64
+      os: linux
+  - image: ibmcom/mq:9.1.3.0-ppc64le
+    platform:
+      architecture: ppc64le
+      os: linux
+  - image: ibmcom/mq:9.1.3.0-s390x
+    platform:
+      architecture: s390x
+      os: linux
--- a/manifests/dockerhub/manifest-latest.yaml
+++ b/manifests/dockerhub/manifest-latest.yaml
@@ -14,15 +14,15 @@

 image: ibmcom/mq:latest
 manifests:
-  - image: ibmcom/mq:9.1.2.0-UBI-amd64
+  - image: ibmcom/mq:9.1.3.0-amd64
    platform:
      architecture: amd64
      os: linux
-  - image: ibmcom/mq:9.1.2.0-UBI-ppc64le
+  - image: ibmcom/mq:9.1.3.0-ppc64le
    platform:
      architecture: ppc64le
      os: linux
-  - image: ibmcom/mq:9.1.2.0-UBI-s390x
+  - image: ibmcom/mq:9.1.3.0-s390x
    platform:
      architecture: s390x
      os: linux
--- a/manifests/dockerstore/manifest-9.1.3.yaml
+++ b/manifests/dockerstore/manifest-9.1.3.yaml
@@ -0,0 +1,28 @@
+# © Copyright IBM Corporation 2019
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+image: ibmcorp/mqadvanced-server-dev:9.1.3.0
+manifests:
+  - image: ibmcorp/mqadvanced-server-dev:9.1.3.0-amd64
+    platform:
+      architecture: amd64
+      os: linux
+  - image: ibmcorp/mqadvanced-server-dev:9.1.3.0-ppc64le
+    platform:
+      architecture: ppc64le
+      os: linux
+  - image: ibmcorp/mqadvanced-server-dev:9.1.3.0-s390x
+    platform:
+      architecture: s390x
+      os: linux
--- a/test/docker/docker_api_test.go
+++ b/test/docker/docker_api_test.go
@@ -1086,8 +1086,8 @@ func TestVersioning(t *testing.T) {

 	total := 6
 	foundCreated := false
-	foundRevision := false
-	foundSource := false
+	// foundRevision := false
+	// foundSource := false
 	foundMQVersion := false
 	foundMQLevel := false
 	foundMQLicense := false
@@ -1108,30 +1108,30 @@ func TestVersioning(t *testing.T) {
 			}
 		}

-		if strings.Contains(line, "Image revision:") && !foundRevision {
-			total--
-			foundRevision = true
-			dataAr := strings.Split(line, " ")
-			data := dataAr[len(dataAr)-1]
+		// if strings.Contains(line, "Image revision:") && !foundRevision {
+		// 	total--
+		// 	foundRevision = true
+		// 	dataAr := strings.Split(line, " ")
+		// 	data := dataAr[len(dataAr)-1]

-			// Verify revision
-			pattern := regexp.MustCompile("^[a-fA-F0-9]{40}$")
-			if !pattern.MatchString(data) {
-				t.Errorf("Failed to validate revision (%v)", data)
-			}
-		}
+		// 	// Verify revision
+		// 	pattern := regexp.MustCompile("^[a-fA-F0-9]{40}$")
+		// 	if !pattern.MatchString(data) {
+		// 		t.Errorf("Failed to validate revision (%v)", data)
+		// 	}
+		// }

-		if strings.Contains(line, "Image source:") && !foundSource {
-			total--
-			foundSource = true
-			dataAr := strings.Split(line, " ")
-			data := dataAr[len(dataAr)-1]
+		// if strings.Contains(line, "Image source:") && !foundSource {
+		// 	total--
+		// 	foundSource = true
+		// 	dataAr := strings.Split(line, " ")
+		// 	data := dataAr[len(dataAr)-1]

-			// Verify source
-			if !strings.Contains(data, "github") {
-				t.Errorf("Failed to validate source (%v)", data)
-			}
-		}
+		// 	// Verify source
+		// 	if !strings.Contains(data, "github") {
+		// 		t.Errorf("Failed to validate source (%v)", data)
+		// 	}
+		// }

 		if strings.Contains(line, "MQ version:") && !foundMQVersion {
 			total--
@@ -1177,7 +1177,11 @@ func TestVersioning(t *testing.T) {
 		}
 	}

-	if !foundCreated || !foundRevision || !foundSource || !foundMQVersion || !foundMQLevel || !foundMQLicense {
-		t.Errorf("Failed to find one or more version strings: created(%v) revision(%v) source(%v) mqversion(%v) mqlevel(%v) mqlicense(%v)", foundCreated, foundRevision, foundSource, foundMQVersion, foundMQLevel, foundMQLicense)
+	// if !foundCreated || !foundRevision || !foundSource || !foundMQVersion || !foundMQLevel || !foundMQLicense {
+	if !foundCreated || !foundMQVersion || !foundMQLevel || !foundMQLicense {
+
+		// t.Errorf("Failed to find one or more version strings: created(%v) revision(%v) source(%v) mqversion(%v) mqlevel(%v) mqlicense(%v)", foundCreated, foundRevision, foundSource, foundMQVersion, foundMQLevel, foundMQLicense)
+		t.Errorf("Failed to find one or more version strings: created(%v) mqversion(%v) mqlevel(%v) mqlicense(%v)", foundCreated, foundMQVersion, foundMQLevel, foundMQLicense)
+
 	}
 }
--- a/web/installations/Installation1/servers/mqweb/mqwebuser.xml.tpl
+++ b/web/installations/Installation1/servers/mqweb/mqwebuser.xml.tpl
@@ -38,7 +38,7 @@
    </openidConnectClient>
    <variable name="httpHost" value="*"/>
    <variable name="managementMode" value="externallyprovisioned"/>
-    <jndiEntry jndiName="xframeAllowedSourceList" value="${env.MQ_HOSTS}"/>
+    <variable name="mqConsoleFrameAncestors" value="${env.MQ_HOSTS}"/> 
    <httpDispatcher enableWelcomePage="false" appOrContextRootMissingMessage='&lt;script&gt;document.location.href="/ibmmq/console";&lt;/script&gt;' />
    <include location="tls.xml"/>
 </server>