Merge pull request #291 from parrobe/sing2

Add non-root to singularity branch
fix broken devsecure test
2019-03-19 16:06:26 +00:00 · 2019-03-19 14:46:42 +00:00 · 2019-03-19 13:45:40 +00:00 · 2019-03-19 13:19:54 +00:00 · 2019-03-19 11:29:33 +00:00 · 2019-03-18 13:21:39 +00:00
120 changed files with 2321 additions and 5940 deletions
--- a/.travis.yml
+++ b/.travis.yml
@@ -35,18 +35,20 @@ jobs:
      env:
        - BASE_IMAGE=ubuntu:16.04
        - DOCKER_DOWNGRADE="echo nothing to be done"
-    # TEMPORARY removal of Docker 1.12 test, due to errors from apt repository
+    - env:
-    # - if: type IN (pull_request) OR tag IS present
+        - BASE_IMAGE=centos:7
-    #   env: 
+        - DOCKER_DOWNGRADE="echo nothing to be done"
-    #     - BASE_IMAGE=ubuntu:16.04
+    - if: type IN (pull_request) OR tag IS present
-    #     - DOCKER_DOWNGRADE="docker save -o images.tar mqadvanced-server-dev mq-dev-jms-test &&
+      env: 
-    #       sudo apt-get autoremove -y docker-ce &&
+        - BASE_IMAGE=ubuntu:16.04
-    #       curl -fsSL \"https://apt.dockerproject.org/gpg\" | sudo apt-key add - &&
+        - DOCKER_DOWNGRADE="docker save -o images.tar mqadvanced-server-dev mq-dev-jms-test &&
-    #       sudo apt-add-repository \"deb https://apt.dockerproject.org/repo ubuntu-$(lsb_release -cs) main\" &&
+          sudo apt-get autoremove -y docker-ce &&
-    #       sudo apt-get update &&
+          curl -fsSL \"https://apt.dockerproject.org/gpg\" | sudo apt-key add - &&
-    #       sudo apt-get install docker-engine=1.12.6-0~ubuntu-$(lsb_release -cs) &&
+          sudo apt-add-repository \"deb https://apt.dockerproject.org/repo ubuntu-$(lsb_release -cs) main\" &&
-    #       docker load -q -i images.tar &&
+          sudo apt-get update &&
-    #       export DOCKER_API_VERSION=\"1.24\""
+          sudo apt-get install docker-engine=1.12.6-0~ubuntu-$(lsb_release -cs) &&
          docker load -q -i images.tar &&
          export DOCKER_API_VERSION=\"1.24\""
 before_install:
  - ./install-build-deps-ubuntu.sh
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,38 +1,13 @@
 # Change log
-## 9.1.3.0 (2019-07-19)
+## vNext
 * Updated to MQ version 9.1.3.0
 * Allow generation of TLS certificate with given hostname
 * Fixes for the following issues:
  * `MQ_EPHEMERAL_PREFIX` UNIX sockets fix
  * Fix Makefile for Windows
  * Use -a option on crtmqdir
  * Remove check for certificate environment variable
 ## 9.1.2.0-UBI (2019-06-21)
 **Breaking changes**:
 * UID of the mqm user is now 888.  You need to run the container with an entrypoint of `runmqserver -i` under the root user to update any existing files.
 * MQSC files supplied will be verified before being run. Files containing invalid MQSC will cause the container to fail to start
 **Other changes**:
 * Security fixes
 * Web console added to production image
 * Container built on RedHat host
 ## 9.1.2.0 (2019-03-21)
 * Updated to MQ version 9.1.2.0
 * Now runs using the "mqm" user instead of root.  See new [security doc](https://github.com/ibm-messaging/mq-container/blob/master/docs/security.md)
 * New [IGNSTATE](https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_9.1.0/com.ibm.mq.pro.doc/q132310_.htm#q132310___ignstateparm) parameter used in default developer config
 * Termination log moved from `/dev/termination-log` to `/run/termination-log`, to make permissions easier to handle
 * Fixes for the following issues:
    * Brackets no longer appear in termination log
    * Test timeouts weren't being used correctly
    * Building on subscribed and unsubscribed hosts ([#273](https://github.com/ibm-messaging/mq-container/pull/273))
    * Gosec failures ([#286](https://github.com/ibm-messaging/mq-container/pull/286))
    * Security fix for perl-base ([#253](https://github.com/ibm-messaging/mq-container/pull/253))
 ## 9.1.1.0 (2018-11-30)
--- a/134
+++ b/134
@@ -12,37 +12,24 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-ARG BASE_IMAGE=registry.access.redhat.com/ubi7/ubi-minimal
+ARG BASE_IMAGE=ubuntu:16.04
-ARG BASE_TAG=7.7-98
+ARG BUILDER_IMAGE=mq-golang-sdk:9.1.1.0-x86_64-ubuntu-16.04
 ###############################################################################
 # Build stage to build Go code
 ###############################################################################
-FROM registry.access.redhat.com/devtools/go-toolset-7-rhel7 as builder
+FROM $BUILDER_IMAGE as builder
-# FROM docker.io/centos/go-toolset-7-centos7 as builder
+WORKDIR /go/src/github.com/ibm-messaging/mq-container/
 # The URL to download the MQ installer from in tar.gz format
 # This assumes an archive containing the MQ RPM install packages
 ARG MQ_URL="https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/mqadv_dev912_linux_x86-64.tar.gz"
 ARG IMAGE_REVISION="Not specified"
 ARG IMAGE_SOURCE="Not specified"
 ARG IMAGE_TAG="Not specified"
 ARG MQM_UID=888
 USER 0
 COPY install-mq.sh /usr/local/bin/
 RUN chmod a+x /usr/local/bin/install-mq.sh \
  && sleep 1 \
  && MQ_PACKAGES="MQSeriesRuntime-*.rpm MQSeriesSDK-*.rpm MQSeriesSamples*.rpm" install-mq.sh $MQM_UID
 WORKDIR /opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/
 COPY cmd/ ./cmd
 COPY internal/ ./internal
 COPY vendor/ ./vendor
 ENV PATH="${PATH}:/opt/rh/go-toolset-7/root/usr/bin" \
    CGO_CFLAGS="-I/opt/mqm/inc/" \
    CGO_LDFLAGS_ALLOW="-Wl,-rpath.*"
 RUN go build -ldflags "-X \"main.ImageCreated=$(date --iso-8601=seconds)\" -X \"main.ImageRevision=$IMAGE_REVISION\" -X \"main.ImageSource=$IMAGE_SOURCE\" -X \"main.ImageTag=$IMAGE_TAG\"" ./cmd/runmqserver/
 RUN go build ./cmd/chkmqready/
 RUN go build ./cmd/chkmqhealthy/
-RUN go build ./cmd/runmqdevserver/
+# Run all unit tests
 RUN go test -v ./cmd/runmqdevserver/...
 RUN go test -v ./cmd/runmqserver/
 RUN go test -v ./cmd/chkmqready/
 RUN go test -v ./cmd/chkmqhealthy/
@@ -52,101 +39,50 @@ RUN go vet ./cmd/... ./internal/...
 ###############################################################################
 # Main build stage, to build MQ image
 ###############################################################################
-FROM $BASE_IMAGE:$BASE_TAG AS mq-server
+FROM $BASE_IMAGE
 # The URL to download the MQ installer from in tar.gz format
 # This assumes an archive containing the MQ Debian (.deb) install packages
 ARG MQ_URL
 # The MQ packages to install - see install-mq.sh for default value
-ARG MQ_URL="https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/mqadv_dev912_linux_x86-64.tar.gz"
+ARG MQ_PACKAGES
-ARG MQ_PACKAGES="MQSeriesRuntime-*.rpm MQSeriesServer-*.rpm MQSeriesJava*.rpm MQSeriesJRE*.rpm MQSeriesGSKit*.rpm MQSeriesMsg*.rpm MQSeriesSamples*.rpm MQSeriesWeb*.rpm MQSeriesAMS-*.rpm"
+
-#ARG MQ_PACKAGES="ibmmq-server ibmmq-java ibmmq-jre ibmmq-gskit ibmmq-msg-.* ibmmq-samples ibmmq-web ibmmq-ams"
+# The UID to use for the "mqm" user
-ARG MQM_UID=888
+ARG MQM_UID=999
-ARG BASE_IMAGE
+
 ARG BASE_TAG
 LABEL summary="IBM MQ Advanced Server"
 LABEL description="Simplify, accelerate and facilitate the reliable exchange of data with a security-rich messaging solution — trusted by the world’s most successful enterprises"
 LABEL vendor="IBM"
 LABEL distribution-scope="private"
 LABEL authoritative-source-url="https://www.ibm.com/software/passportadvantage/"
 LABEL url="https://www.ibm.com/products/mq/advanced"
 LABEL io.openshift.tags="mq messaging"
 LABEL io.k8s.display-name="IBM MQ Advanced Server"
 LABEL io.k8s.description="Simplify, accelerate and facilitate the reliable exchange of data with a security-rich messaging solution — trusted by the world’s most successful enterprises"
 LABEL base-image=$BASE_IMAGE
 LABEL base-image-release=$BASE_TAG
 COPY install-mq.sh /usr/local/bin/
-COPY install-mq-server-prereqs.sh /usr/local/bin/
+
 # Install MQ.  To avoid a "text file busy" error here, we sleep before installing.
-RUN env && chmod u+x /usr/local/bin/install-*.sh \
+RUN chmod u+x /usr/local/bin/install-mq.sh \
  && sleep 1 \
  && install-mq-server-prereqs.sh $MQM_UID \
  && install-mq.sh $MQM_UID
 # Create a directory for runtime data from runmqserver
 RUN mkdir -p /run/runmqserver \
  && chown mqm:mqm /run/runmqserver
-COPY --from=builder /opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/runmqserver /usr/local/bin/
+
-COPY --from=builder /opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/chkmq* /usr/local/bin/
+COPY --from=builder /go/src/github.com/ibm-messaging/mq-container/runmqserver /usr/local/bin/
 COPY --from=builder /go/src/github.com/ibm-messaging/mq-container/chkmq* /usr/local/bin/
 COPY NOTICES.txt /opt/mqm/licenses/notices-container.txt
-# Copy web XML files
+
 COPY web /etc/mqm/web
 COPY etc/mqm/*.tpl /etc/mqm/
 RUN chmod ug+x /usr/local/bin/runmqserver \
  && chown mqm:mqm /usr/local/bin/*mq* \
  && chmod ug+xs /usr/local/bin/chkmq* \
  && chown -R mqm:mqm /etc/mqm/* \
  && install --directory --mode 0775 --owner mqm --group root /run/runmqserver \
  && install --directory --mode 0775 --owner mqm --group root /run/tls \
  && touch /run/termination-log \
  && chown mqm:root /run/termination-log \
  && chmod 0660 /run/termination-log
 # Always use port 1414 for MQ & 9157 for the metrics
 EXPOSE 1414 9157 9443
 ENV LANG=en_US.UTF-8 AMQ_DIAGNOSTIC_MSG_SEVERITY=1 AMQ_ADDITIONAL_JSON_LOG=1 LOG_FORMAT=basic
 USER $MQM_UID
 ENTRYPOINT ["runmqserver"]
-###############################################################################
+# Always use port 1414 for MQ, 9157 for the metrics & 9443 for the web console
-# Add default developer config
+EXPOSE 1414 9157 9443
-###############################################################################
+
-FROM mq-server AS mq-dev-server
+# Copy web XML files
-ARG MQM_UID=888
+COPY web /etc/mqm/web
-ARG BASE_IMAGE
+
-ARG BASE_TAG
+ENV LANG=en_US.UTF-8 AMQ_DIAGNOSTIC_MSG_SEVERITY=1 AMQ_ADDITIONAL_JSON_LOG=1 LOG_FORMAT=basic
-# Enable MQ developer default configuration
+
 ENV MQ_DEV=true
 # Default administrator password
 ENV MQ_ADMIN_PASSWORD=passw0rd
 LABEL summary="IBM MQ Advanced for Developers Server"
 LABEL description="Simplify, accelerate and facilitate the reliable exchange of data with a security-rich messaging solution — trusted by the world’s most successful enterprises"
 LABEL vendor="IBM"
 LABEL distribution-scope="private"
 LABEL authoritative-source-url="https://www.ibm.com/software/passportadvantage/"
 LABEL url="https://www.ibm.com/products/mq/advanced"
 LABEL io.openshift.tags="mq messaging"
 LABEL io.k8s.display-name="IBM MQ Advanced for Developers Server"
 LABEL io.k8s.description="Simplify, accelerate and facilitate the reliable exchange of data with a security-rich messaging solution — trusted by the world’s most successful enterprises"
 LABEL base-image=$BASE_IMAGE
 LABEL base-image-release=$BASE_TAG
 USER 0
 COPY incubating/mqadvanced-server-dev/install-extra-packages.sh /usr/local/bin/
 RUN chmod u+x /usr/local/bin/install-extra-packages.sh \
  && sleep 1 \
  && install-extra-packages.sh
 # WARNING: This is what allows the mqm user to change the password of any other user
 # It's used by runmqdevserver to change the admin/app passwords.
 RUN echo "mqm    ALL = NOPASSWD: /usr/sbin/chpasswd" > /etc/sudoers.d/mq-dev-config
 ## Add admin and app users, and set a default password for admin
 RUN useradd admin -G mqm \
  && groupadd mqclient \
  && useradd app -G mqclient \
  && echo admin:$MQ_ADMIN_PASSWORD | chpasswd
 # Create a directory for runtime data from runmqserver
 RUN mkdir -p /run/runmqdevserver \
  && chown mqm:mqm /run/runmqdevserver
 COPY --from=builder /opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/runmqdevserver /usr/local/bin/
 # Copy template files
 COPY incubating/mqadvanced-server-dev/*.tpl /etc/mqm/
 # Copy web XML files for default developer configuration
 COPY incubating/mqadvanced-server-dev/web /etc/mqm/web
 RUN chown -R mqm:mqm /etc/mqm/* \
  && chmod +x /usr/local/bin/runmq* \
  && install --directory --mode 0775 --owner mqm --group root /run/runmqdevserver
 ENV MQ_ENABLE_EMBEDDED_WEB_SERVER=1
 USER $MQM_UID
-ENTRYPOINT ["runmqdevserver"]
+
 ENTRYPOINT ["runmqserver"]
--- a/332
+++ b/332
@@ -1,4 +1,4 @@
-# © Copyright IBM Corporation 2017, 2019
+# © Copyright IBM Corporation 2018, 2019
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -13,267 +13,106 @@
 # limitations under the License.
 ###############################################################################
-# Conditional variables - you can override the values of these variables from
+# Variables
 # the command line
 ###############################################################################
 # MQ_VERSION is the fully qualified MQ version number to build
 MQ_VERSION ?= 9.1.3.0
 # RELEASE shows what release of the container code has been built
 RELEASE ?= 2
 # MQ_ARCHIVE is the name of the file, under the downloads directory, from which MQ Advanced can
 # be installed. The default value is derived from MQ_VERSION, BASE_IMAGE and architecture
 # Does not apply to MQ Advanced for Developers.
 MQ_ARCHIVE ?= IBM_MQ_$(MQ_VERSION_VRM)_$(MQ_ARCHIVE_TYPE)_$(MQ_ARCHIVE_ARCH).tar.gz
 # MQ_ARCHIVE_DEV is the name of the file, under the downloads directory, from which MQ Advanced
 # for Developers can be installed
 MQ_ARCHIVE_DEV ?= $(MQ_ARCHIVE_DEV_$(MQ_VERSION))
 # MQ_SDK_ARCHIVE specifies the archive to use for building the golang programs.  Defaults vary on developer or advanced.
 MQ_SDK_ARCHIVE ?= $(MQ_ARCHIVE_DEV_$(MQ_VERSION))
 # Options to `go test` for the Docker tests
 TEST_OPTS_DOCKER ?=
 # MQ_IMAGE_ADVANCEDSERVER is the name of the built MQ Advanced image
 MQ_IMAGE_ADVANCEDSERVER ?=mqadvanced-server
 # MQ_IMAGE_DEVSERVER is the name of the built MQ Advanced for Developers image
 MQ_IMAGE_DEVSERVER ?=mqadvanced-server-dev
 # MQ_TAG is the tag of the built MQ Advanced image & MQ Advanced for Developers image
 MQ_TAG ?=$(MQ_VERSION)-$(ARCH)
 # MQ_PACKAGES specifies the MQ packages (.deb or .rpm) to install.  Defaults vary on base image.
 MQ_PACKAGES ?=MQSeriesRuntime-*.rpm MQSeriesServer-*.rpm MQSeriesJava*.rpm MQSeriesJRE*.rpm MQSeriesGSKit*.rpm MQSeriesMsg*.rpm MQSeriesSamples*.rpm MQSeriesWeb*.rpm MQSeriesAMS-*.rpm
 # MQM_UID is the UID to use for the "mqm" user
 MQM_UID ?= 888
 # COMMAND is the container command to run.  "podman" or "docker"
 COMMAND ?=$(shell type -p podman 2>&1 >/dev/null && echo podman || echo docker)
 ###############################################################################
 # Other variables
 ###############################################################################
 GO_PKG_DIRS = ./cmd ./internal ./test
 MQ_ARCHIVE_TYPE=LINUX
 MQ_ARCHIVE_DEV_PLATFORM=linux
 # ARCH is the platform architecture (e.g. amd64, ppc64le or s390x)
 ARCH=$(if $(findstring x86_64,$(shell uname -m)),amd64,$(shell uname -m))
 # BUILD_SERVER_CONTAINER is the name of the web server container used at build time
 BUILD_SERVER_CONTAINER=build-server
 # NUM_CPU is the number of CPUs available to Docker.  Used to control how many
 # test run in parallel
 NUM_CPU = $(or $(shell docker info --format "{{ .NCPU }}"),2)
 # BASE_IMAGE_TAG is a normalized version of BASE_IMAGE, suitable for use in a Docker tag
 BASE_IMAGE_TAG=$(lastword $(subst /, ,$(subst :,-,$(BASE_IMAGE))))
 #BASE_IMAGE_TAG=$(subst /,-,$(subst :,-,$(BASE_IMAGE)))
 MQ_IMAGE_DEVSERVER_BASE=mqadvanced-server-dev-base
 # Docker image name to use for JMS tests
 DEV_JMS_IMAGE=mq-dev-jms-test
 # Variables for versioning
 IMAGE_REVISION=$(shell git rev-parse HEAD)
 IMAGE_SOURCE=$(shell git config --get remote.origin.url)
 EMPTY:=
 SPACE:= $(EMPTY) $(EMPTY)
 # MQ_VERSION_VRM is MQ_VERSION with only the Version, Release and Modifier fields (no Fix field).  e.g. 9.1.3 instead of 9.1.3.0
 MQ_VERSION_VRM=$(subst $(SPACE),.,$(wordlist 1,3,$(subst .,$(SPACE),$(MQ_VERSION))))
-ifneq (,$(findstring Microsoft,$(shell uname -r)))
+# Set variable if running on a Red Hat Enterprise Linux host
-	DOWNLOADS_DIR=$(patsubst /mnt/c%,C:%,$(realpath ./downloads/))
+ifneq ($(wildcard /etc/redhat-release),)
-else ifneq (,$(findstring Windows,$(shell echo ${OS})))
+REDHAT_RELEASE = $(shell cat /etc/redhat-release)
-	DOWNLOADS_DIR=$(shell pwd)/downloads/
+ifeq "$(findstring Red Hat,$(REDHAT_RELEASE))" "Red Hat"
-else
+    RHEL_HOST = "true"
 	DOWNLOADS_DIR=$(realpath ./downloads/)
 endif
 # Try to figure out which archive to use from the architecture
 ifeq "$(ARCH)" "amd64"
 	MQ_ARCHIVE_ARCH=X86-64
 	MQ_DEV_ARCH=x86-64
 else ifeq "$(ARCH)" "ppc64le"
 	MQ_ARCHIVE_ARCH=LE_POWER
 	MQ_DEV_ARCH=ppcle
 else ifeq "$(ARCH)" "s390x"
 	MQ_ARCHIVE_ARCH=SYSTEM_Z
 	MQ_DEV_ARCH=s390x
 endif
 # Archive names for IBM MQ Advanced for Developers
 MQ_ARCHIVE_DEV_9.1.0.0=mqadv_dev910_$(MQ_ARCHIVE_DEV_PLATFORM)_$(MQ_DEV_ARCH).tar.gz
 MQ_ARCHIVE_DEV_9.1.1.0=mqadv_dev911_$(MQ_ARCHIVE_DEV_PLATFORM)_$(MQ_DEV_ARCH).tar.gz
 MQ_ARCHIVE_DEV_9.1.2.0=mqadv_dev912_$(MQ_ARCHIVE_DEV_PLATFORM)_$(MQ_DEV_ARCH).tar.gz
 MQ_ARCHIVE_DEV_9.1.3.0=mqadv_dev913_$(MQ_ARCHIVE_DEV_PLATFORM)_$(MQ_DEV_ARCH).tar.gz
 ###############################################################################
 # Build targets
 ###############################################################################
 .PHONY: default
 default: build-devserver
-# Build all components (except incubating ones)
+# Targets default to a RHEL image on a RHEL host, or an Ubuntu image everywhere else
 .PHONY: all
 all: build-devserver build-advancedserver
 .PHONY: test-all
 test-all: build-devjmstest test-devserver test-advancedserver
 .PHONY: devserver
 devserver: build-devserver build-devjmstest test-devserver
 # Build incubating components
 .PHONY: incubating
 incubating: build-explorer
 downloads/$(MQ_ARCHIVE_DEV):
 	$(info $(SPACER)$(shell printf $(TITLE)"Downloading IBM MQ Advanced for Developers "$(MQ_VERSION)$(END)))
 	mkdir -p downloads
 	cd downloads; curl -LO https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/$(MQ_ARCHIVE_DEV)
 downloads/$(MQ_SDK_ARCHIVE):
 	$(info $(SPACER)$(shell printf $(TITLE)"Downloading IBM MQ Advanced for Developers "$(MQ_VERSION)$(END)))
 	mkdir -p downloads
 	cd downloads; curl -LO https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/$(MQ_SDK_ARCHIVE)
 .PHONY: downloads
 downloads: downloads/$(MQ_ARCHIVE_DEV) downloads/$(MQ_SDK_ARCHIVE)
 # Vendor Go dependencies for the Docker tests
 test/docker/vendor:
 	cd test/docker && dep ensure -vendor-only
 # Shortcut to just run the unit tests
 .PHONY: test-unit
 test-unit:
 	docker build --target builder --file Dockerfile-server .
 .PHONY: test-advancedserver
 test-advancedserver: test/docker/vendor
 	$(info $(SPACER)$(shell printf $(TITLE)"Test $(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG) on $(shell docker --version)"$(END)))
 	docker inspect $(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG)
 	cd test/docker && TEST_IMAGE=$(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG) EXPECTED_LICENSE=Production go test -parallel $(NUM_CPU) $(TEST_OPTS_DOCKER)
 .PHONY: build-devjmstest
 build-devjmstest:
 	$(info $(SPACER)$(shell printf $(TITLE)"Build JMS tests for developer config"$(END)))
 	cd test/messaging && docker build --tag $(DEV_JMS_IMAGE) .
 .PHONY: test-devserver
 test-devserver: test/docker/vendor
 	$(info $(SPACER)$(shell printf $(TITLE)"Test $(MQ_IMAGE_DEVSERVER):$(MQ_TAG) on $(shell docker --version)"$(END)))
 	docker inspect $(MQ_IMAGE_DEVSERVER):$(MQ_TAG)
 	cd test/docker && TEST_IMAGE=$(MQ_IMAGE_DEVSERVER):$(MQ_TAG) EXPECTED_LICENSE=Developer DEV_JMS_IMAGE=$(DEV_JMS_IMAGE) IBMJRE=true go test -parallel $(NUM_CPU) -tags mqdev $(TEST_OPTS_DOCKER) 
 .PHONY: coverage
 coverage:
 	mkdir coverage
 .PHONY: test-advancedserver-cover
 test-advancedserver-cover: test/docker/vendor coverage
 	$(info $(SPACER)$(shell printf $(TITLE)"Test $(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG) with code coverage on $(shell docker --version)"$(END)))
 	rm -f ./coverage/unit*.cov
 	# Run unit tests with coverage, for each package under 'internal'
 	go list -f '{{.Name}}' ./internal/... | xargs -I {} go test -cover -covermode count -coverprofile ./coverage/unit-{}.cov ./internal/{}
 #	ls -1 ./cmd | xargs -I {} go test -cover -covermode count -coverprofile ./coverage/unit-{}.cov ./cmd/{}/...
 	echo 'mode: count' > ./coverage/unit.cov
 	tail -q -n +2 ./coverage/unit-*.cov >> ./coverage/unit.cov
 	go tool cover -html=./coverage/unit.cov -o ./coverage/unit.html
 	rm -f ./test/docker/coverage/*.cov
 	rm -f ./coverage/docker.*
 	mkdir -p ./test/docker/coverage/
 	cd test/docker && TEST_IMAGE=$(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG)-cover TEST_COVER=true go test $(TEST_OPTS_DOCKER)
 	echo 'mode: count' > ./coverage/docker.cov
 	tail -q -n +2 ./test/docker/coverage/*.cov >> ./coverage/docker.cov
 	go tool cover -html=./coverage/docker.cov -o ./coverage/docker.html
 	echo 'mode: count' > ./coverage/combined.cov
 	tail -q -n +2 ./coverage/unit.cov ./coverage/docker.cov  >> ./coverage/combined.cov
 	go tool cover -html=./coverage/combined.cov -o ./coverage/combined.html
 # Build an MQ image.  The commands used are slightly different between Docker and Podman
 define build-mq
 	$(if $(findstring docker,$(COMMAND)), @docker network create build,)
 	$(if $(findstring docker,$(COMMAND)), @docker run --rm --name $(BUILD_SERVER_CONTAINER) --network build --network-alias build --volume $(DOWNLOADS_DIR):/usr/share/nginx/html:ro --detach docker.io/nginx:alpine,)
 	$(eval EXTRA_ARGS=$(if $(findstring docker,$(COMMAND)), --network build --build-arg MQ_URL=http://build:80/$4, --volume $(DOWNLOADS_DIR):/var/downloads --build-arg MQ_URL=file:///var/downloads/$4))
 	# Build the new image
 	$(COMMAND) build \
 	  --tag $1:$2 \
 	  --file $3 \
 		$(EXTRA_ARGS) \
 	  --build-arg MQ_PACKAGES="$(MQ_PACKAGES)" \
 	  --build-arg IMAGE_REVISION="$(IMAGE_REVISION)" \
 	  --build-arg IMAGE_SOURCE="$(IMAGE_SOURCE)" \
 	  --build-arg IMAGE_TAG="$1:$2" \
 	  --build-arg MQM_UID=$(MQM_UID) \
 	  --label version=$(MQ_VERSION) \
 	  --label name=$1 \
 	  --label build-date=$(shell date +%Y-%m-%dT%H:%M:%S%z) \
 	  --label release="$(RELEASE)" \
 	  --label architecture="$(ARCH)" \
 	  --label run="docker run -d -e LICENSE=accept $1:$2" \
 	  --label vcs-ref=$(IMAGE_REVISION) \
 	  --label vcs-type=git \
 	  --label vcs-url=$(IMAGE_SOURCE) \
 	  --target $5 \
 	  .
 	$(if $(findstring docker,$(COMMAND)), @docker kill $(BUILD_SERVER_CONTAINER))
 	$(if $(findstring docker,$(COMMAND)), @docker network rm build)
 endef
 DOCKER_SERVER_VERSION=$(shell docker version --format "{{ .Server.Version }}")
 DOCKER_CLIENT_VERSION=$(shell docker version --format "{{ .Client.Version }}")
 PODMAN_VERSION=$(shell podman version --format "{{ .Version }}")
 .PHONY: command-version
 command-version:
 # If we're using Docker, then check it's recent enough to support multi-stage builds
 ifneq (,$(findstring docker,$(COMMAND)))
 	@test "$(word 1,$(subst ., ,$(DOCKER_CLIENT_VERSION)))" -ge "17" || ("$(word 1,$(subst ., ,$(DOCKER_CLIENT_VERSION)))" -eq "17" && "$(word 2,$(subst ., ,$(DOCKER_CLIENT_VERSION)))" -ge "05") || (echo "Error: Docker client 17.05 or greater is required" && exit 1)
 	@test "$(word 1,$(subst ., ,$(DOCKER_SERVER_VERSION)))" -ge "17" || ("$(word 1,$(subst ., ,$(DOCKER_SERVER_VERSION)))" -eq "17" && "$(word 2,$(subst ., ,$(DOCKER_CLIENT_VERSION)))" -ge "05") || (echo "Error: Docker server 17.05 or greater is required" && exit 1)
 endif
 ifneq (,$(findstring podman,$(COMMAND)))
 	@test "$(word 1,$(subst ., ,$(PODMAN_VERSION)))" -ge "1" || (echo "Error: Podman version 1.0 or greater is required" && exit 1)
 endif
 .PHONY: build-advancedserver-host
 build-advancedserver-host: build-advancedserver
 .PHONY: build-advancedserver
 build-advancedserver: log-build-env downloads/$(MQ_ARCHIVE) command-version
 	$(info $(SPACER)$(shell printf $(TITLE)"Build $(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG)"$(END)))
 	$(call build-mq,$(MQ_IMAGE_ADVANCEDSERVER),$(MQ_TAG),Dockerfile-server,$(MQ_ARCHIVE),mq-server)
 .PHONY: build-devserver-host
 build-devserver-host: build-devserver
 .PHONY: build-devserver
-build-devserver: log-build-env downloads/$(MQ_ARCHIVE_DEV) command-version
+ifdef RHEL_HOST
-	$(info $(shell printf $(TITLE)"Build $(MQ_IMAGE_DEVSERVER):$(MQ_TAG)"$(END)))
+build-devserver: build-devserver-rhel
-	$(call build-mq,$(MQ_IMAGE_DEVSERVER),$(MQ_TAG),Dockerfile-server,$(MQ_ARCHIVE_DEV),mq-dev-server)
+else
 build-devserver: build-devserver-ubuntu
 endif
-.PHONY: build-advancedserver-cover
+.PHONY: build-advancedserver
-build-advancedserver-cover: command-version
+ifdef RHEL_HOST
-	$(COMMAND) build --build-arg BASE_IMAGE=$(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG) -t $(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG)-cover -f Dockerfile-server.cover .
+build-advancedserver: build-advancedserver-rhel
 else
 build-advancedserver: build-advancedserver-ubuntu
 endif
 .PHONY: build-explorer
 build-explorer: downloads/$(MQ_ARCHIVE_DEV)
 	$(call build-mq,mq-explorer,latest-$(ARCH),incubating/mq-explorer/Dockerfile,$(MQ_ARCHIVE_DEV),mq-explorer)
-.PHONY: build-sdk
+.PHONY: test-devserver
-build-sdk: downloads/$(MQ_ARCHIVE_DEV)
+ifdef RHEL_HOST
-	$(info $(shell printf $(TITLE)"Build $(MQ_IMAGE_SDK)"$(END)))
+test-devserver: test-devserver-rhel
-	$(call build-mq,mq-sdk,$(MQ_TAG),incubating/mq-sdk/Dockerfile,$(MQ_SDK_ARCHIVE),mq-sdk)
+else
 test-devserver: test-devserver-ubuntu
 endif
-.PHONY: log-build-env
+.PHONY: test-advancedserver
-log-build-vars:
+ifdef RHEL_HOST
-	$(info $(SPACER)$(shell printf $(TITLE)"Build environment"$(END)))
+test-advancedserver: test-advancedserver-rhel
-	@echo ARCH=$(ARCH)
+else
-	@echo MQ_VERSION=$(MQ_VERSION)
+test-advancedserver: test-advancedserver-ubuntu
-	@echo MQ_ARCHIVE=$(MQ_ARCHIVE)
+endif
 	@echo MQ_IMAGE_DEVSERVER=$(MQ_IMAGE_DEVSERVER)
 	@echo MQ_IMAGE_ADVANCEDSERVER=$(MQ_IMAGE_ADVANCEDSERVER)
 	@echo COMMAND=$(COMMAND)
 	@echo MQM_UID=$(MQM_UID)
-.PHONY: log-build-env
+.PHONY: build-devjmstest
-log-build-env: log-build-vars
+ifdef RHEL_HOST
-	$(info $(SPACER)$(shell printf $(TITLE)"Build environment - $(COMMAND) info"$(END)))
+build-devjmstest: build-devjmstest-rhel
-	@echo Command version: $(shell $(COMMAND) --version)
+else
-	$(COMMAND) info
+build-devjmstest: build-devjmstest-ubuntu
 endif
-include formatting.mk
+# UBUNTU building targets
 .PHONY: build-devserver-ubuntu
 build-devserver-ubuntu: 
 	$(MAKE) -f Makefile-UBUNTU build-devserver
 .PHONY: test-devserver-ubuntu
 test-devserver-ubuntu: 
 	$(MAKE) -f Makefile-UBUNTU test-devserver
 .PHONY: build-devjmstest-ubuntu
 	$(MAKE) -f Makefile-UBUNTU build-devjmstest
 .PHONY: build-advancedserver-ubuntu
 build-advancedserver-ubuntu: 
 	$(MAKE) -f Makefile-UBUNTU build-advancedserver
 .PHONY: test-advancedserver-ubuntu
 test-advancedserver-ubuntu: 
 	$(MAKE) -f Makefile-UBUNTU test-advancedserver
 .PHONY: build-devjmstest-ubuntu
 build-devjmstest-ubuntu:
 	$(MAKE) -f Makefile-UBUNTU build-devjmstest
 # RHEL building targets
 .PHONY: build-devserver-rhel
 build-devserver-rhel: 
 	$(MAKE) -f Makefile-RHEL build-devserver
 .PHONY: test-devserver-rhel
 test-devserver-rhel: 
 	$(MAKE) -f Makefile-RHEL test-devserver
 .PHONY: build-advancedserver-rhel
 build-advancedserver-rhel: 
 	$(MAKE) -f Makefile-RHEL build-advancedserver
 .PHONY: test-advancedserver-rhel
 test-advancedserver-rhel: 
 	$(MAKE) -f Makefile-RHEL test-advancedserver
 .PHONY: build-devjmstest-rhel
 build-devjmstest-rhel:
 	$(MAKE) -f Makefile-RHEL build-devjmstest
 # Common targets
 .PHONY: clean
 clean:
 	rm -rf ./coverage
@@ -303,7 +142,7 @@ lint: $(addsuffix /$(wildcard *.go), $(GO_PKG_DIRS))
 	golint -set_exit_status $(sort $(dir $(wildcard $(addsuffix /*/*.go, $(GO_PKG_DIRS)))))
 .PHONY: gosec
-gosec: $(info $(SPACER)$(shell printf "Running gosec test"$(END)))
+gosec: $(info $(SPACER)$(shell printf "Running gosec test"$(END))) 
 	@gosec -fmt=json -out=gosec_results.json cmd/... internal/... 2> /dev/null ;\
 	cat "gosec_results.json" ;\
 	cat gosec_results.json | grep HIGH | grep severity > /dev/null ;\
@@ -328,4 +167,9 @@ gosec: $(info $(SPACER)$(shell printf "Running gosec test"$(END)))
 		printf "\ngosec found no LOW severity issues\n" ;\
 fi ;\
 .PHONY: unknownos
 unknownos:
 	$(info $(SPACER)$(shell printf "ERROR: Unknown OS ("$(BASE_OS)") please run specific make targets"$(END)))
 	exit 1
 include formatting.mk
--- a/203
+++ b/203
@@ -0,0 +1,203 @@
 # © Copyright IBM Corporation 2018, 2019
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ###############################################################################
 # Conditional variables - you can override the values of these variables from
 # the command line
 ###############################################################################
 # BASE_IMAGE is the base image to use for MQ, for example "ubuntu" or "rhel"
 BASE_IMAGE ?= rhel
 # MQ_VERSION is the fully qualified MQ version number to build
 MQ_VERSION ?= 9.1.1.0
 # MQ_ARCHIVE is the name of the file, under the downloads directory, from which MQ Advanced can
 # be installed. The default value is derived from MQ_VERSION, BASE_IMAGE and architecture
 # Does not apply to MQ Advanced for Developers.
 MQ_ARCHIVE ?= IBM_MQ_$(MQ_VERSION_VRM)_LINUX_$(MQ_ARCHIVE_ARCH).tar.gz
 # MQ_ARCHIVE_DEV is the name of the file, under the downloads directory, from which MQ Advanced
 # for Developers can be installed
 MQ_ARCHIVE_DEV ?= $(MQ_ARCHIVE_DEV_$(MQ_VERSION))
 # MQ_SDK_ARCHIVE specifies the archive to use for the MQ redistributable client, which is used for building the golang programs.
 MQ_SDK_ARCHIVE ?= 9.1.1.0-IBM-MQC-Redist-LinuxX64.tar.gz
 # Options to `go test` for the Docker tests
 TEST_OPTS_DOCKER ?=
 # MQ_IMAGE_ADVANCEDSERVER is the name and tag of the built MQ Advanced image
 MQ_IMAGE_ADVANCEDSERVER ?=mqadvanced-server:$(MQ_VERSION)-integration-$(ARCH)
 # MQ_IMAGE_DEVSERVER is the name and tag of the built MQ Advanced for Developers image
 MQ_IMAGE_DEVSERVER ?=mqadvanced-server-dev:$(MQ_VERSION)-integration-$(ARCH)
 # MQ_IMAGE_SDK is the name and tag of the built MQ Advanced for Developers SDK image
 MQ_IMAGE_SDK ?=mq-sdk:$(MQ_VERSION)-$(ARCH)-$(BASE_IMAGE_TAG)
 # MQ_IMAGE_GOLANG_SDK is the name and tag of the built MQ Advanced for Developers SDK image, plus Go tools
 MQ_IMAGE_GOLANG_SDK ?=mq-golang-sdk:$(MQ_VERSION)-$(ARCH)-$(BASE_IMAGE_TAG)
 # MQ_PACKAGES specifies the MQ packages to install.  Defaults vary on base image.
 MQ_PACKAGES ?= MQSeriesRuntime-*.rpm MQSeriesServer-*.rpm MQSeriesJava*.rpm MQSeriesJRE*.rpm MQSeriesGSKit*.rpm MQSeriesMsg*.rpm MQSeriesSamples*.rpm MQSeriesAMS-*.rpm MQSeriesWeb-*.rpm
 ###############################################################################
 # Other variables
 ###############################################################################
 # ARCH is the platform architecture (e.g. x86_64, ppc64le or s390x)
 ARCH = $(shell uname -m)
 # BASE_IMAGE_TAG is a normalized version of BASE_IMAGE, suitable for use in a Docker tag
 BASE_IMAGE_TAG=$(subst /,-,$(subst :,-,$(BASE_IMAGE)))
 MQ_IMAGE_DEVSERVER_BASE=mqadvanced-server-dev-base:$(MQ_VERSION)-$(ARCH)-$(BASE_IMAGE_TAG)
 # Docker image name to use for JMS tests
 DEV_JMS_IMAGE=mq-dev-jms-test:latest
 # Variables for versioning
 IMAGE_REVISION=$(shell git rev-parse HEAD)
 IMAGE_SOURCE=$(shell git config --get remote.origin.url)
 MQDEV=
 EMPTY:=
 SPACE:= $(EMPTY) $(EMPTY)
 # MQ_VERSION_VRM is MQ_VERSION with only the Version, Release and Modifier fields (no Fix field).  e.g. 9.1.1 instead of 9.1.1.0
 MQ_VERSION_VRM=$(subst $(SPACE),.,$(wordlist 1,3,$(subst .,$(SPACE),$(MQ_VERSION))))
 ifneq (,$(findstring Microsoft,$(shell uname -r)))
    DOWNLOADS_DIR=$(patsubst /mnt/c%,C:%,$(realpath ./downloads/))
 else
    DOWNLOADS_DIR=$(realpath ./downloads/)
 endif
 # Try to figure out which archive to use from the architecture
 ifeq "$(ARCH)" "x86_64"
    MQ_ARCHIVE_ARCH=X86-64
    MQ_DEV_ARCH=x86-64
 else ifeq "$(ARCH)" "ppc64le"
    MQ_ARCHIVE_ARCH=LE_POWER
    MQ_DEV_ARCH=ppcle
 else ifeq "$(ARCH)" "s390x"
    MQ_ARCHIVE_ARCH=SYSTEM_Z
    MQ_DEV_ARCH=s390x
 endif
 # Archive names for IBM MQ Advanced for Developers
 MQ_ARCHIVE_DEV_9.0.5.0=mqadv_dev905_linux_x86-64.tar.gz
 MQ_ARCHIVE_DEV_9.1.0.0=mqadv_dev910_linux_$(MQ_DEV_ARCH).tar.gz
 MQ_ARCHIVE_DEV_9.1.1.0=mqadv_dev911_linux_$(MQ_DEV_ARCH).tar.gz
 ###############################################################################
 # Build targets
 ###############################################################################
 .PHONY: vars
 vars:
 #ifeq "$(findstring ubuntu,$(BASE_IMAGE))","ubuntu"
 	@echo $(MQ_ARCHIVE_ARCH)
 	@echo $(MQ_ARCHIVE_TYPE)
 	@echo $(MQ_ARCHIVE)
 .PHONY: default
 default: build-devserver test-devserver
 # Build all components (except incubating ones)
 .PHONY: all
 all: build-devserver build-advancedserver
 .PHONY: test-all
 test-all: build-devjmstest test-devserver test-advancedserver
 .PHONY: devserver
 devserver: build-devserver build-devjmstest test-devserver
 # Build incubating components
 .PHONY: incubating
 incubating: build-explorer
 downloads/$(MQ_ARCHIVE_DEV):
 	$(info $(SPACER)$(shell printf $(TITLE)"Downloading IBM MQ Advanced for Developers "$(MQ_VERSION)$(END)))
 	mkdir -p downloads
 	cd downloads; curl -LO https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/$(MQ_ARCHIVE_DEV)
 downloads/$(MQ_SDK_ARCHIVE):
 	$(info $(SPACER)$(shell printf $(TITLE)"Downloading IBM MQ Advanced redistributable client "$(MQ_VERSION)$(END)))
 	mkdir -p downloads
 	cd downloads; curl -LO https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqdev/redist/$(MQ_SDK_ARCHIVE)
 .PHONY: downloads
 downloads: downloads/$(MQ_ARCHIVE_DEV) downloads/$(MQ_SDK_ARCHIVE)
 # Vendor Go dependencies for the Docker tests
 test/docker/vendor:
 	cd test/docker && dep ensure -vendor-only
 .PHONY: check-prereqs
 check-prereqs:
 	$(info $(SPACER)$(shell printf $(TITLE)"Checking for prereqs"$(END)))
 	which buildah || (echo "Missing required program buildah" && exit 1)
 	which podman || (echo "Missing required program podman" && exit 1)
 	yum list | grep yum-utils || (echo "Missing required package yum-utils" && exit 1)
 .PHONY: check-test-prereqs
 check-test-prereqs:
 	$(info $(SPACER)$(shell printf $(TITLE)"Checking for prereqs"$(END)))
 	which buildah || (echo "Missing required program buildah" && exit 1)
 	which docker || (echo "Missing required program docker" && exit 1)
 .PHONY: test-advancedserver
 test-advancedserver: check-test-prereqs test/docker/vendor
 	$(info $(SPACER)$(shell printf $(TITLE)"Test $(MQ_IMAGE_ADVANCEDSERVER) on $(shell docker --version)"$(END)))
 	sudo buildah push $(MQ_IMAGE_ADVANCEDSERVER) docker-daemon:$(MQ_IMAGE_ADVANCEDSERVER)
 	docker tag docker.io/$(MQ_IMAGE_ADVANCEDSERVER) $(MQ_IMAGE_ADVANCEDSERVER)
 	cd test/docker && TEST_IMAGE=$(MQ_IMAGE_ADVANCEDSERVER) EXPECTED_LICENSE=Production go test $(TEST_OPTS_DOCKER)
 .PHONY: test-devserver
 test-devserver: check-test-prereqs test/docker/vendor
 	$(info $(SPACER)$(shell printf $(TITLE)"Test $(MQ_IMAGE_DEVSERVER) on $(shell docker --version)"$(END)))
 	sudo buildah push $(MQ_IMAGE_DEVSERVER) docker-daemon:$(MQ_IMAGE_DEVSERVER)
 	docker tag docker.io/$(MQ_IMAGE_DEVSERVER) $(MQ_IMAGE_DEVSERVER)
 	cd test/docker && TEST_IMAGE=$(MQ_IMAGE_DEVSERVER) EXPECTED_LICENSE=Developer DEV_JMS_IMAGE=$(DEV_JMS_IMAGE) go test -tags mqdev $(TEST_OPTS_DOCKER)
 .PHONY: build-advancedserver
 build-advancedserver: check-prereqs downloads/$(MQ_ARCHIVE) build-go-programs
 	$(info $(SPACER)$(shell printf $(TITLE)"Build $(MQ_IMAGE_ADVANCEDSERVER)"$(END)))
 	sudo mq-advanced-server-rhel/mq-buildah.sh "$(MQ_ARCHIVE)" "$(MQ_PACKAGES)" "$(MQ_IMAGE_ADVANCEDSERVER)" "$(MQ_VERSION)" "$(MQDEV)"
 .PHONY: build-devserver
 build-devserver: MQDEV=TRUE
 build-devserver: check-prereqs downloads/$(MQ_ARCHIVE_DEV) build-go-programs
 	$(info $(SPACER)$(shell printf $(TITLE)"Build $(MQ_IMAGE_DEVSERVER)"$(END)))
 	sudo mq-advanced-server-rhel/mq-buildah.sh "$(MQ_ARCHIVE_DEV)" "$(MQ_PACKAGES)" "$(MQ_IMAGE_DEVSERVER_BASE)" "$(MQ_VERSION)" "$(MQDEV)"
 	sudo mq-advanced-server-rhel/mqdev-buildah.sh "$(MQ_IMAGE_DEVSERVER_BASE)" "$(MQ_IMAGE_DEVSERVER)" "$(MQ_VERSION)"
 .PHONY: build-mqgolang-sdk
 build-mqgolang-sdk: check-prereqs downloads/$(MQ_SDK_ARCHIVE)
 	$(info $(SPACER)$(shell printf $(TITLE)"Build mq-golang SDK"$(END)))
 	sudo mq-advanced-server-rhel/mq-golang-sdk-buildah.sh "$(MQ_SDK_ARCHIVE)" "$(MQ_IMAGE_GOLANG_SDK)"
 .PHONY: build-go-programs
 build-go-programs: check-prereqs downloads/$(MQ_SDK_ARCHIVE) build-mqgolang-sdk
 	$(info $(SPACER)$(shell printf $(TITLE)"Build go programs"$(END)))
 	IMAGE_REVISION=$(IMAGE_REVISION) IMAGE_SOURCE=$(IMAGE_SOURCE) sudo --preserve-env mq-advanced-server-rhel/go-buildah.sh "$(MQ_IMAGE_GOLANG_SDK)" "$(MQDEV)"
 .PHONY: build-devjmstest
 build-devjmstest: check-test-prereqs
 	$(info $(SPACER)$(shell printf $(TITLE)"Build JMS tests for developer config"$(END)))
 	cd test/messaging && sudo ./buildah.sh $(DEV_JMS_IMAGE)
 	sudo buildah push $(DEV_JMS_IMAGE) docker-daemon:$(DEV_JMS_IMAGE)
 	docker tag docker.io/$(DEV_JMS_IMAGE) $(DEV_JMS_IMAGE)
 .PHONY: debug-vars
 debug-vars:
 	@echo MQ_VERSION=$(MQ_VERSION)
 	@echo MQ_VERSION_VRM=$(MQ_VERSION_VRM)
 	@echo MQ_ARCHIVE=$(MQ_ARCHIVE)
 	@echo MQ_SDK_ARCHIVE=$(MQ_SDK_ARCHIVE)
 	@echo MQ_IMAGE_GOLANG_SDK=$(MQ_IMAGE_GOLANG_SDK)
 	@echo MQ_IMAGE_DEVSERVER_BASE=$(MQ_IMAGE_DEVSERVER_BASE)
 	@echo MQ_IMAGE_DEVSERVER=$(MQ_IMAGE_DEVSERVER)
 	@echo MQ_IMAGE_ADVANCEDSERVER=$(MQ_IMAGE_ADVANCEDSERVER)
 include formatting.mk
--- a/283
+++ b/283
@@ -0,0 +1,283 @@
 # © Copyright IBM Corporation 2017, 2019
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ###############################################################################
 # Conditional variables - you can override the values of these variables from
 # the command line
 ###############################################################################
 # BASE_IMAGE is the base image to use for MQ, for example "ubuntu" or "rhel"
 BASE_IMAGE ?= ubuntu:16.04
 # MQ_VERSION is the fully qualified MQ version number to build
 MQ_VERSION ?= 9.1.1.0
 # MQ_ARCHIVE is the name of the file, under the downloads directory, from which MQ Advanced can
 # be installed. The default value is derived from MQ_VERSION, BASE_IMAGE and architecture
 # Does not apply to MQ Advanced for Developers.
 MQ_ARCHIVE ?= IBM_MQ_$(MQ_VERSION_VRM)_$(MQ_ARCHIVE_TYPE)_$(MQ_ARCHIVE_ARCH).tar.gz
 # MQ_ARCHIVE_DEV is the name of the file, under the downloads directory, from which MQ Advanced
 # for Developers can be installed
 MQ_ARCHIVE_DEV ?= $(MQ_ARCHIVE_DEV_$(MQ_VERSION))
 # MQ_SDK_ARCHIVE specifies the archive to use for building the golang programs.  Defaults vary on developer or advanced.
 MQ_SDK_ARCHIVE ?= $(MQ_ARCHIVE_DEV_$(MQ_VERSION))
 # Options to `go test` for the Docker tests
 TEST_OPTS_DOCKER ?=
 # MQ_IMAGE_ADVANCEDSERVER is the name and tag of the built MQ Advanced image
 MQ_IMAGE_ADVANCEDSERVER ?=mqadvanced-server:$(MQ_VERSION)-integration-$(ARCH)
 # MQ_IMAGE_DEVSERVER is the name and tag of the built MQ Advanced for Developers image
 MQ_IMAGE_DEVSERVER ?=mqadvanced-server-dev:$(MQ_VERSION)-integration-$(ARCH)
 # MQ_IMAGE_SDK is the name and tag of the built MQ Advanced for Developers SDK image
 MQ_IMAGE_SDK ?=mq-sdk:$(MQ_VERSION)-$(ARCH)-$(BASE_IMAGE_TAG)
 # MQ_IMAGE_GOLANG_SDK is the name and tag of the built MQ Advanced for Developers SDK image, plus Go tools
 MQ_IMAGE_GOLANG_SDK ?=mq-golang-sdk:$(MQ_VERSION)-$(ARCH)-$(BASE_IMAGE_TAG)
 # DOCKER is the Docker command to run
 DOCKER ?= docker
 # MQ_PACKAGES specifies the MQ packages (.deb or .rpm) to install.  Defaults vary on base image.
 MQ_PACKAGES ?=
 ###############################################################################
 # Other variables
 ###############################################################################
 # ARCH is the platform architecture (e.g. x86_64, ppc64le or s390x)
 ARCH = $(shell uname -m)
 # BUILD_SERVER_CONTAINER is the name of the web server container used at build time
 BUILD_SERVER_CONTAINER=build-server
 # NUM_CPU is the number of CPUs available to Docker.  Used to control how many
 # test run in parallel
 NUM_CPU = $(or $(shell docker info --format "{{ .NCPU }}"),2)
 # BASE_IMAGE_TAG is a normalized version of BASE_IMAGE, suitable for use in a Docker tag
 BASE_IMAGE_TAG=$(subst /,-,$(subst :,-,$(BASE_IMAGE)))
 MQ_IMAGE_DEVSERVER_BASE=mqadvanced-server-dev-base:$(MQ_VERSION)-$(ARCH)-$(BASE_IMAGE_TAG)
 # Docker image name to use for JMS tests
 DEV_JMS_IMAGE=mq-dev-jms-test
 # Variables for versioning
 IMAGE_REVISION=$(shell git rev-parse HEAD)
 IMAGE_SOURCE=$(shell git config --get remote.origin.url)
 EMPTY:=
 SPACE:= $(EMPTY) $(EMPTY)
 # MQ_VERSION_VRM is MQ_VERSION with only the Version, Release and Modifier fields (no Fix field).  e.g. 9.1.1 instead of 9.1.1.0
 MQ_VERSION_VRM=$(subst $(SPACE),.,$(wordlist 1,3,$(subst .,$(SPACE),$(MQ_VERSION))))
 ifneq (,$(findstring Microsoft,$(shell uname -r)))
 	DOWNLOADS_DIR=$(patsubst /mnt/c%,C:%,$(realpath ./downloads/))
 else
 	DOWNLOADS_DIR=$(realpath ./downloads/)
 endif
 # Try to figure out which archive to use from the BASE_IMAGE
 ifeq "$(findstring ubuntu,$(BASE_IMAGE))" "ubuntu"
 	MQ_ARCHIVE_TYPE=UBUNTU
 	MQ_ARCHIVE_DEV_PLATFORM=ubuntu
 	MQM_UID=999
 else
 	MQ_ARCHIVE_TYPE=LINUX
 	MQ_ARCHIVE_DEV_PLATFORM=linux
 	MQM_UID=888
 endif
 # Try to figure out which archive to use from the architecture
 ifeq "$(ARCH)" "x86_64"
 	MQ_ARCHIVE_ARCH=X86-64
 	MQ_DEV_ARCH=x86-64
 else ifeq "$(ARCH)" "ppc64le"
 	MQ_ARCHIVE_ARCH=LE_POWER
 	MQ_DEV_ARCH=ppcle
 else ifeq "$(ARCH)" "s390x"
 	MQ_ARCHIVE_ARCH=SYSTEM_Z
 	MQ_DEV_ARCH=s390x
 endif
 # Archive names for IBM MQ Advanced for Developers
 MQ_ARCHIVE_DEV_9.0.5.0=mqadv_dev905_$(MQ_ARCHIVE_DEV_PLATFORM)_x86-64.tar.gz
 MQ_ARCHIVE_DEV_9.1.0.0=mqadv_dev910_$(MQ_ARCHIVE_DEV_PLATFORM)_$(MQ_DEV_ARCH).tar.gz
 MQ_ARCHIVE_DEV_9.1.1.0=mqadv_dev911_$(MQ_ARCHIVE_DEV_PLATFORM)_$(MQ_DEV_ARCH).tar.gz
 ###############################################################################
 # Build targets
 ###############################################################################
 .PHONY: vars
 vars:
 #ifeq "$(findstring ubuntu,$(BASE_IMAGE))","ubuntu"
 	@echo $(MQ_ARCHIVE_ARCH)
 	@echo $(MQ_ARCHIVE_TYPE)
 	@echo $(MQ_ARCHIVE)
 .PHONY: default
 default: build-devserver test
 # Build all components (except incubating ones)
 .PHONY: all
 all: build-devserver build-advancedserver
 .PHONY: test-all
 test-all: build-devjmstest test-devserver test-advancedserver
 .PHONY: devserver
 devserver: build-devserver build-devjmstest test-devserver
 # Build incubating components
 .PHONY: incubating
 incubating: build-explorer
 downloads/$(MQ_ARCHIVE_DEV):
 	$(info $(SPACER)$(shell printf $(TITLE)"Downloading IBM MQ Advanced for Developers "$(MQ_VERSION)$(END)))
 	mkdir -p downloads
 	cd downloads; curl -LO https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/$(MQ_ARCHIVE_DEV)
 downloads/$(MQ_SDK_ARCHIVE):
 	$(info $(SPACER)$(shell printf $(TITLE)"Downloading IBM MQ Advanced for Developers "$(MQ_VERSION)$(END)))
 	mkdir -p downloads
 	cd downloads; curl -LO https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/$(MQ_SDK_ARCHIVE)
 .PHONY: downloads
 downloads: downloads/$(MQ_ARCHIVE_DEV) downloads/$(MQ_SDK_ARCHIVE)
 # Vendor Go dependencies for the Docker tests
 test/docker/vendor:
 	cd test/docker && dep ensure -vendor-only
 # Shortcut to just run the unit tests
 .PHONY: test-unit
 test-unit:
 	docker build --target builder --file Dockerfile-server .
 .PHONY: test-advancedserver
 test-advancedserver: test/docker/vendor
 	$(info $(SPACER)$(shell printf $(TITLE)"Test $(MQ_IMAGE_ADVANCEDSERVER) on $(shell docker --version)"$(END)))
 	docker inspect $(MQ_IMAGE_ADVANCEDSERVER)
 	cd test/docker && TEST_IMAGE=$(MQ_IMAGE_ADVANCEDSERVER) EXPECTED_LICENSE=Production go test -parallel $(NUM_CPU) $(TEST_OPTS_DOCKER)
 .PHONY: build-devjmstest
 build-devjmstest:
 	$(info $(SPACER)$(shell printf $(TITLE)"Build JMS tests for developer config"$(END)))
 	cd test/messaging && docker build --tag $(DEV_JMS_IMAGE) .
 .PHONY: test-devserver
 test-devserver: test/docker/vendor
 	$(info $(SPACER)$(shell printf $(TITLE)"Test $(MQ_IMAGE_DEVSERVER) on $(shell docker --version)"$(END)))
 	docker inspect $(MQ_IMAGE_DEVSERVER)
 	cd test/docker && TEST_IMAGE=$(MQ_IMAGE_DEVSERVER) EXPECTED_LICENSE=Developer DEV_JMS_IMAGE=$(DEV_JMS_IMAGE) IBMJRE=true go test -parallel $(NUM_CPU) -tags mqdev $(TEST_OPTS_DOCKER)
 coverage:
 	mkdir coverage
 .PHONY: test-advancedserver-cover
 test-advancedserver-cover: test/docker/vendor coverage
 	$(info $(SPACER)$(shell printf $(TITLE)"Test $(MQ_IMAGE_ADVANCEDSERVER) with code coverage on $(shell docker --version)"$(END)))
 	rm -f ./coverage/unit*.cov
 	# Run unit tests with coverage, for each package under 'internal'
 	go list -f '{{.Name}}' ./internal/... | xargs -I {} go test -cover -covermode count -coverprofile ./coverage/unit-{}.cov ./internal/{}
 #	ls -1 ./cmd | xargs -I {} go test -cover -covermode count -coverprofile ./coverage/unit-{}.cov ./cmd/{}/...
 	echo 'mode: count' > ./coverage/unit.cov
 	tail -q -n +2 ./coverage/unit-*.cov >> ./coverage/unit.cov
 	go tool cover -html=./coverage/unit.cov -o ./coverage/unit.html
 	rm -f ./test/docker/coverage/*.cov
 	rm -f ./coverage/docker.*
 	mkdir -p ./test/docker/coverage/
 	cd test/docker && TEST_IMAGE=$(MQ_IMAGE_ADVANCEDSERVER)-cover TEST_COVER=true go test $(TEST_OPTS_DOCKER)
 	echo 'mode: count' > ./coverage/docker.cov
 	tail -q -n +2 ./test/docker/coverage/*.cov >> ./coverage/docker.cov
 	go tool cover -html=./coverage/docker.cov -o ./coverage/docker.html
 	echo 'mode: count' > ./coverage/combined.cov
 	tail -q -n +2 ./coverage/unit.cov ./coverage/docker.cov  >> ./coverage/combined.cov
 	go tool cover -html=./coverage/combined.cov -o ./coverage/combined.html
 define docker-build-mq
 	# Create a temporary network to use for the build
 	$(DOCKER) network create build
 	# Start a web server to host the MQ downloadable (tar.gz) file
 	$(DOCKER) run \
 	  --rm \
 	  --name $(BUILD_SERVER_CONTAINER) \
 	  --network build \
 	  --network-alias build \
 	  --volume $(DOWNLOADS_DIR):/usr/share/nginx/html:ro \
 	  --detach \
 	  nginx:alpine
 	# Build the new image
 	$(DOCKER) build \
 	  --tag $1 \
 	  --file $2 \
 	  --network build \
 	  --build-arg MQ_URL=http://build:80/$3 \
 	  --build-arg BASE_IMAGE=$(BASE_IMAGE) \
 	  --build-arg BUILDER_IMAGE=$(MQ_IMAGE_GOLANG_SDK) \
 	  --build-arg IMAGE_REVISION="$(IMAGE_REVISION)" \
 	  --build-arg IMAGE_SOURCE="$(IMAGE_SOURCE)" \
 	  --build-arg IMAGE_TAG="$1" \
 	  --build-arg MQM_UID=$(MQM_UID) \
 	  --label IBM_PRODUCT_ID=$4 \
 	  --label IBM_PRODUCT_NAME=$5 \
 	  --label IBM_PRODUCT_VERSION=$6 \
 	  --build-arg MQ_PACKAGES="$(MQ_PACKAGES)" \
 	  . ; $(DOCKER) kill $(BUILD_SERVER_CONTAINER) && $(DOCKER) network rm build
 endef
 DOCKER_SERVER_VERSION=$(shell docker version --format "{{ .Server.Version }}")
 DOCKER_CLIENT_VERSION=$(shell docker version --format "{{ .Client.Version }}")
 .PHONY: docker-version
 docker-version:
 	@test "$(word 1,$(subst ., ,$(DOCKER_CLIENT_VERSION)))" -ge "17" || ("$(word 1,$(subst ., ,$(DOCKER_CLIENT_VERSION)))" -eq "17" && "$(word 2,$(subst ., ,$(DOCKER_CLIENT_VERSION)))" -ge "05") || (echo "Error: Docker client 17.05 or greater is required" && exit 1)
 	@test "$(word 1,$(subst ., ,$(DOCKER_SERVER_VERSION)))" -ge "17" || ("$(word 1,$(subst ., ,$(DOCKER_SERVER_VERSION)))" -eq "17" && "$(word 2,$(subst ., ,$(DOCKER_CLIENT_VERSION)))" -ge "05") || (echo "Error: Docker server 17.05 or greater is required" && exit 1)
 .PHONY: build-advancedserver
 build-advancedserver: MQ_SDK_ARCHIVE=$(MQ_ARCHIVE)
 build-advancedserver: downloads/$(MQ_ARCHIVE) docker-version build-golang-sdk-ex
 	$(info $(SPACER)$(shell printf $(TITLE)"Build $(MQ_IMAGE_ADVANCEDSERVER)"$(END)))
 	$(call docker-build-mq,$(MQ_IMAGE_ADVANCEDSERVER),Dockerfile-server,$(MQ_ARCHIVE),"4486e8c4cc9146fd9b3ce1f14a2dfc5b","IBM MQ Advanced",$(MQ_VERSION))
 .PHONY: build-devserver
 build-devserver: MQ_SDK_ARCHIVE=$(MQ_ARCHIVE_DEV)
 build-devserver: downloads/$(MQ_ARCHIVE_DEV) docker-version build-golang-sdk-ex
 	$(info $(shell printf $(TITLE)"Build $(MQ_IMAGE_DEVSERVER_BASE)"$(END)))
 	$(call docker-build-mq,$(MQ_IMAGE_DEVSERVER_BASE),Dockerfile-server,$(MQ_ARCHIVE_DEV),"98102d16795c4263ad9ca075190a2d4d","IBM MQ Advanced for Developers (Non-Warranted)",$(MQ_VERSION))
 	$(DOCKER) build --tag $(MQ_IMAGE_DEVSERVER) --build-arg IMAGE_SOURCE="$(IMAGE_SOURCE)" --build-arg IMAGE_REVISION="$(IMAGE_REVISION)" --build-arg IMAGE_TAG="$(MQ_IMAGE_DEVSERVER)" --build-arg BASE_IMAGE=$(MQ_IMAGE_DEVSERVER_BASE) --build-arg BUILDER_IMAGE=$(MQ_IMAGE_GOLANG_SDK) --build-arg MQM_UID=$(MQM_UID) --file incubating/mqadvanced-server-dev/Dockerfile .
 .PHONY: build-advancedserver-cover
 build-advancedserver-cover: docker-version
 	$(DOCKER) build --build-arg BASE_IMAGE=$(MQ_IMAGE_ADVANCEDSERVER) -t $(MQ_IMAGE_ADVANCEDSERVER)-cover -f Dockerfile-server.cover .
 .PHONY: build-explorer 
 ifeq "$(findstring ubuntu,$(BASE_IMAGE))" "ubuntu"
 build-explorer: MQ_PACKAGES=ibmmq-explorer
 else 
 build-explorer: MQ_PACKAGES=MQSeriesRuntime*.rpm MQSeriesJRE*.rpm MQSeriesExplorer*.rpm 
 endif
 build-explorer: downloads/$(MQ_ARCHIVE_DEV) docker-pull
 	$(call docker-build-mq,mq-explorer:latest-$(ARCH),incubating/mq-explorer/Dockerfile,$(MQ_ARCHIVE_DEV),"98102d16795c4263ad9ca075190a2d4d","IBM MQ Advanced for Developers (Non-Warranted)",$(MQ_VERSION))
 .PHONY: build-sdk
 build-sdk: downloads/$(MQ_SDK_ARCHIVE) build-sdk-ex
 .PHONY: build-sdk-ex
 ifeq "$(findstring ubuntu,$(BASE_IMAGE))" "ubuntu"
 build-sdk-ex: MQ_PACKAGES=ibmmq-sdk ibmmq-samples build-essential
 else
 build-sdk-ex: MQ_PACKAGES=MQSeriesRuntime-*.rpm MQSeriesSDK-*.rpm MQSeriesSamples*.rpm
 endif
 build-sdk-ex: docker-version docker-pull
 	$(info $(shell printf $(TITLE)"Build $(MQ_IMAGE_SDK)"$(END)))
 	$(call docker-build-mq,$(MQ_IMAGE_SDK),incubating/mq-sdk/Dockerfile,$(MQ_SDK_ARCHIVE),"98102d16795c4263ad9ca075190a2d4d","IBM MQ Advanced for Developers SDK (Non-Warranted)",$(MQ_VERSION))
 .PHONY: build-golang-sdk
 build-golang-sdk: downloads/$(MQ_SDK_ARCHIVE) build-golang-sdk-ex
 .PHONY: build-golang-sdk-ex
 build-golang-sdk-ex: docker-version build-sdk-ex
 	$(info $(shell printf $(TITLE)"Build $(MQ_IMAGE_GOLANG_SDK)"$(END)))
 	$(DOCKER) build --build-arg BASE_IMAGE=$(MQ_IMAGE_SDK) -t $(MQ_IMAGE_GOLANG_SDK) -f incubating/mq-golang-sdk/Dockerfile .
 .PHONY: docker-pull
 docker-pull:
 	$(DOCKER) pull $(BASE_IMAGE)
 include formatting.mk
--- a/README.md
+++ b/README.md
@@ -2,8 +2,10 @@
 [![Build Status](https://travis-ci.org/ibm-messaging/mq-container.svg?branch=master)](https://travis-ci.org/ibm-messaging/mq-container)
-**Note**: The `master` branch may be in an *unstable or even broken state* during development.
+**Note**: The `singularity` branch may be in an *unstable or even broken state* during development.
-To get a stable version, please use the correct [branch](https://github.com/ibm-messaging/mq-container/branches) for your MQ version, instead of the `master` branch.
+To get a stable version, please use the correct [branch](https://github.com/ibm-messaging/mq-container/branches) for your MQ version, instead of the `singularity` branch.
 <img src="https://raw.githubusercontent.com/IBM/charts/master/logo/ibm-mq-icon.svg?sanitize=true" width="100" alt="IBM MQ logo" />
 ## Overview
@@ -44,12 +46,12 @@ For issues relating specifically to the container image or Helm chart, please us
 The Dockerfiles and associated code and scripts are licensed under the [Apache License 2.0](http://www.apache.org/licenses/LICENSE-2.0.html).
 Licenses for the products installed within the images are as follows:
- [IBM MQ Advanced for Developers](http://www14.software.ibm.com/cgi-bin/weblap/lap.pl?la_formnum=Z125-3301-14&li_formnum=L-APIG-BBZHCQ) (International License Agreement for Non-Warranted Programs). This license may be viewed from an image using the `LICENSE=view` environment variable as described above or by following the link above.
+- [IBM MQ Advanced for Developers](http://www14.software.ibm.com/cgi-bin/weblap/lap.pl?la_formnum=Z125-3301-14&li_formnum=L-APIG-AVCJ4S) (International License Agreement for Non-Warranted Programs). This license may be viewed from an image using the `LICENSE=view` environment variable as described above or by following the link above.
- [IBM MQ Advanced](http://www14.software.ibm.com/cgi-bin/weblap/lap.pl?la_formnum=Z125-3301-14&li_formnum=L-APIG-BBSHJL) (International Program License Agreement). This license may be viewed from an image using the `LICENSE=view` environment variable as described above or by following the link above.
+- [IBM MQ Advanced](http://www14.software.ibm.com/cgi-bin/weblap/lap.pl?la_formnum=Z125-3301-14&li_formnum=L-APIG-AZYF4X) (International Program License Agreement). This license may be viewed from an image using the `LICENSE=view` environment variable as described above or by following the link above.
 - License information for Ubuntu packages may be found in `/usr/share/doc/${package}/copyright`
 Note: The IBM MQ Advanced for Developers license does not permit further distribution and the terms restrict usage to a developer machine.
 ## Copyright
-© Copyright IBM Corporation 2015, 2019
+© Copyright IBM Corporation 2015, 2018
--- a/cmd/chkmqhealthy/main.go
+++ b/cmd/chkmqhealthy/main.go
@@ -41,7 +41,7 @@ func queueManagerHealthy() (bool, error) {
 		return false, err
 	}
 	fmt.Printf("%s", out)
-	if !strings.Contains(string(out), "(RUNNING)") && !strings.Contains(string(out), "(RUNNING AS STANDBY)") && !strings.Contains(string(out), "(STARTING)") {
+	if !strings.Contains(string(out), "(RUNNING)") {
 		return false, nil
 	}
 	return true, nil
--- a/cmd/chkmqready/main.go
+++ b/cmd/chkmqready/main.go
@@ -22,7 +22,6 @@ import (
 	"net"
 	"os"
 	"github.com/ibm-messaging/mq-container/internal/name"
 	"github.com/ibm-messaging/mq-container/internal/ready"
 )
@@ -32,25 +31,14 @@ func main() {
 	if !r || err != nil {
 		os.Exit(1)
 	}
-	name, err := name.GetQueueManagerName()
+	// Check if the queue manager has a running listener
 	conn, err := net.Dial("tcp", "127.0.0.1:1414")
 	if err != nil {
 		fmt.Println(err)
 		os.Exit(1)
 	}
-
+	err = conn.Close()
-	// Check if the queue manager has a running listener
+	if err != nil {
-	if standby, _ := ready.IsRunningAsStandbyQM(name); !standby {
+		fmt.Println(err)
 		conn, err := net.Dial("tcp", "127.0.0.1:1414")
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
 		}
 		err = conn.Close()
 		if err != nil {
 			fmt.Println(err)
 		}
 	} else {
 		fmt.Printf("Detected queue manager running in standby mode")
 		os.Exit(10)
 	}
 }
--- a/cmd/runmqdevserver/logruntime.go
+++ b/cmd/runmqdevserver/logruntime.go
@@ -0,0 +1,68 @@
 /*
 © Copyright IBM Corporation 2017, 2019
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package main
 import (
 	"runtime"
 	"strings"
 	containerruntime "github.com/ibm-messaging/mq-container/internal/containerruntime"
 	"github.com/ibm-messaging/mq-container/internal/user"
 )
 func logContainerDetails() {
 	log.Printf("CPU architecture: %v", runtime.GOARCH)
 	kv, err := containerruntime.GetKernelVersion()
 	if err == nil {
 		log.Printf("Linux kernel version: %v", kv)
 	}
 	cr, err := containerruntime.GetContainerRuntime()
 	if err == nil {
 		log.Printf("Container runtime: %v", cr)
 	}
 	bi, err := containerruntime.GetBaseImage()
 	if err == nil {
 		log.Printf("Base image: %v", bi)
 	}
 	u, err := user.GetUser()
 	if err == nil {
 		if len(u.SupplementalGID) == 0 {
 			log.Printf("Running as user ID %v (%v) with primary group %v", u.UID, u.Name, u.PrimaryGID)
 		} else {
 			log.Printf("Running as user ID %v (%v) with primary group %v, and supplementary groups %v", u.UID, u.Name, u.PrimaryGID, strings.Join(u.SupplementalGID, ","))
 		}
 	}
 	caps, err := containerruntime.GetCapabilities()
 	capLogged := false
 	if err == nil {
 		for k, v := range caps {
 			if len(v) > 0 {
 				log.Printf("Capabilities (%s set): %v", strings.ToLower(k), strings.Join(v, ","))
 				capLogged = true
 			}
 		}
 		if !capLogged {
 			log.Print("Capabilities: none")
 		}
 	} else {
 		log.Errorf("Error getting capabilities: %v", err)
 	}
 	sc, err := containerruntime.GetSeccomp()
 	if err == nil {
 		log.Printf("seccomp enforcing mode: %v", sc)
 	}
 	log.Printf("Process security attributes: %v", containerruntime.GetSecurityAttributes())
 }
--- a/cmd/runmqdevserver/main.go
+++ b/cmd/runmqdevserver/main.go
@@ -23,7 +23,6 @@ import (
 	"syscall"
 	"github.com/ibm-messaging/mq-container/internal/command"
 	"github.com/ibm-messaging/mq-container/internal/containerruntimelogger"
 	"github.com/ibm-messaging/mq-container/internal/logger"
 	"github.com/ibm-messaging/mq-container/internal/mqtemplate"
 	"github.com/ibm-messaging/mq-container/internal/name"
@@ -119,11 +118,7 @@ func doMain() error {
 		return err
 	}
-	err = containerruntimelogger.LogContainerDetails(log)
+	logContainerDetails()
 	if err != nil {
 		logTermination(err)
 		return err
 	}
 	adminPassword, set := os.LookupEnv("MQ_ADMIN_PASSWORD")
 	if set {
@@ -153,6 +148,14 @@ func doMain() error {
 		logTerminationf("Error getting queue manager name: %v", err)
 		return err
 	}
 	ks, set := os.LookupEnv("MQ_TLS_KEYSTORE")
 	if set {
 		err = configureTLS(name, ks, os.Getenv("MQ_TLS_PASSPHRASE"))
 		if err != nil {
 			logTerminationf("Error configuring TLS: %v", err)
 			return err
 		}
 	}
 	err = configureWeb(name)
 	if err != nil {
--- a/cmd/runmqdevserver/tls.go
+++ b/cmd/runmqdevserver/tls.go
@@ -0,0 +1,167 @@
 /*
 © Copyright IBM Corporation 2018, 2019
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package main
 import (
 	"fmt"
 	"os"
 	"path/filepath"
 	"github.com/ibm-messaging/mq-container/internal/command"
 	"github.com/ibm-messaging/mq-container/internal/keystore"
 	"github.com/ibm-messaging/mq-container/internal/mqtemplate"
 )
 func configureWebTLS(cms *keystore.KeyStore) error {
 	dir := "/run/runmqdevserver/tls"
 	ks := keystore.NewJKSKeyStore(filepath.Join(dir, "key.jks"), cms.Password)
 	ts := keystore.NewJKSKeyStore(filepath.Join(dir, "trust.jks"), cms.Password)
 	log.Debug("Creating key store")
 	err := ks.Create(log)
 	if err != nil {
 		return err
 	}
 	log.Debug("Creating trust store")
 	err = ts.Create(log)
 	if err != nil {
 		return err
 	}
 	log.Debug("Importing keys")
 	err = ks.Import(cms.Filename, cms.Password)
 	if err != nil {
 		return err
 	}
 	webConfigDir := "/etc/mqm/web/installations/Installation1/servers/mqweb"
 	tlsConfig := filepath.Join(webConfigDir, "tls.xml")
 	newTLSConfig := filepath.Join(webConfigDir, "tls-dev.xml")
 	err = os.Remove(tlsConfig)
 	if err != nil {
 		return err
 	}
 	// we symlink here to prevent issues on restart
 	err = os.Symlink(newTLSConfig, tlsConfig)
 	if err != nil {
 		return err
 	}
 	return nil
 }
 func configureTLS(qmName string, inputFile string, passPhrase string) error {
 	err := createDevTLSDir()
 	if err != nil {
 		return err
 	}
 	log.Debug("Configuring TLS")
 	_, err = os.Stat(inputFile)
 	if err != nil {
 		return err
 	}
 	// TODO: Use a persisted file (on the volume) instead?
 	dir := "/run/runmqdevserver/tls"
 	keyFile := filepath.Join(dir, "key.kdb")
 	cms := keystore.NewCMSKeyStore(keyFile, passPhrase)
 	err = cms.Create(log)
 	if err != nil {
 		return err
 	}
 	err = cms.CreateStash(log)
 	if err != nil {
 		return err
 	}
 	err = cms.Import(inputFile, passPhrase)
 	if err != nil {
 		return err
 	}
 	labels, err := cms.GetCertificateLabels()
 	if err != nil {
 		return err
 	}
 	if len(labels) == 0 {
 		return fmt.Errorf("unable to find certificate label")
 	}
 	log.Debugf("Renaming certificate from %v", labels[0])
 	const newLabel string = "devcert"
 	err = cms.RenameCertificate(labels[0], newLabel)
 	if err != nil {
 		return err
 	}
 	var sslCipherSpec string
 	if os.Getenv("MQ_DEV") == "true" {
 		sslCipherSpec = "TLS_RSA_WITH_AES_128_CBC_SHA256"
 	} else {
 		sslCipherSpec = "' '"
 	}
 	const mqsc string = "/etc/mqm/20-dev-tls.mqsc"
 	const mqscTemplate string = mqsc + ".tpl"
 	err = mqtemplate.ProcessTemplateFile(mqscTemplate, mqsc, map[string]string{
 		"SSLKeyR":          filepath.Join(dir, "key"),
 		"CertificateLabel": newLabel,
 		"SSLCipherSpec":    sslCipherSpec,
 	}, log)
 	if err != nil {
 		return err
 	}
 	err = configureWebTLS(cms)
 	if err != nil {
 		return err
 	}
 	return nil
 }
 func createDevTLSDir() error {
 	// TODO: Use a persisted file (on the volume) instead?
 	dir := "/run/runmqdevserver/tls"
 	_, err := os.Stat(dir)
 	if err != nil {
 		if os.IsNotExist(err) {
 			// #nosec G301
 			err = os.MkdirAll(dir, 0770)
 			if err != nil {
 				return err
 			}
 			mqmUID, mqmGID, err := command.LookupMQM()
 			if err != nil {
 				log.Error(err)
 				return err
 			}
 			err = os.Chown(dir, mqmUID, mqmGID)
 			if err != nil {
 				log.Error(err)
 				return err
 			}
 		} else {
 			return err
 		}
 	}
 	return nil
 }
--- a/cmd/runmqserver/crtmqvol.go
+++ b/cmd/runmqserver/crtmqvol.go
@@ -17,13 +17,15 @@ package main
 import (
 	"os"
 	"path/filepath"
 	"runtime"
 	"syscall"
 	"github.com/ibm-messaging/mq-container/internal/command"
 )
-func createVolume(dataPath string) error {
+func createVolume(path string) error {
 	dataPath := filepath.Join(path, "data")
 	fi, err := os.Stat(dataPath)
 	if err != nil {
 		if os.IsNotExist(err) {
@@ -58,3 +60,61 @@ func createVolume(dataPath string) error {
 	}
 	return nil
 }
 func createWebConsoleTLSDirStructure() error {
 	// Create tls directory
 	dir := "/run/tls"
 	_, err := os.Stat(dir)
 	if err != nil {
 		if os.IsNotExist(err) {
 			err = os.MkdirAll(dir, 0770)
 			if err != nil {
 				return err
 			}
 			mqmUID, mqmGID, err := command.LookupMQM()
 			if err != nil {
 				log.Error(err)
 				return err
 			}
 			err = os.Chown(dir, mqmUID, mqmGID)
 			if err != nil {
 				log.Error(err)
 				return err
 			}
 		} else {
 			return err
 		}
 	}
 	return nil
 }
 /* TODO: remove duplicated code */
 func createDevTLSDir() error {
 	// TODO: Use a persisted file (on the volume) instead?
 	dir := "/run/runmqdevserver/tls"
 	_, err := os.Stat(dir)
 	if err != nil {
 		if os.IsNotExist(err) {
 			// #nosec G301
 			err = os.MkdirAll(dir, 0770)
 			if err != nil {
 				return err
 			}
 			mqmUID, mqmGID, err := command.LookupMQM()
 			if err != nil {
 				log.Error(err)
 				return err
 			}
 			err = os.Chown(dir, mqmUID, mqmGID)
 			if err != nil {
 				log.Error(err)
 				return err
 			}
 		} else {
 			return err
 		}
 	}
 	return nil
 }
--- a/cmd/runmqserver/license.go
+++ b/cmd/runmqserver/license.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2017, 2018
+© Copyright IBM Corporation 2017, 2019
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
--- a/cmd/runmqserver/logging.go
+++ b/cmd/runmqserver/logging.go
@@ -23,7 +23,6 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
 	"strings"
 	"sync"
 	"github.com/ibm-messaging/mq-container/internal/command"
@@ -67,7 +66,7 @@ func formatSimple(datetime string, message string) string {
 // mirrorSystemErrorLogs starts a goroutine to mirror the contents of the MQ system error logs
 func mirrorSystemErrorLogs(ctx context.Context, wg *sync.WaitGroup, mf mirrorFunc) (chan error, error) {
 	// Always use the JSON log as the source
-	return mirrorLog(ctx, wg, "/var/mqm/errors/AMQERR01.json", false, mf, false)
+	return mirrorLog(ctx, wg, "/var/mqm/errors/AMQERR01.json", false, mf)
 }
 // mirrorQueueManagerErrorLogs starts a goroutine to mirror the contents of the MQ queue manager error logs
@@ -79,7 +78,7 @@ func mirrorQueueManagerErrorLogs(ctx context.Context, wg *sync.WaitGroup, name s
 		return nil, err
 	}
 	f := filepath.Join(mqini.GetErrorLogDirectory(qm), "AMQERR01.json")
-	return mirrorLog(ctx, wg, f, fromStart, mf, true)
+	return mirrorLog(ctx, wg, f, fromStart, mf)
 }
 func getDebug() bool {
@@ -100,35 +99,21 @@ func configureLogger(name string) (mirrorFunc, error) {
 		if err != nil {
 			return nil, err
 		}
-		return func(msg string, isQMLog bool) bool {
+		return log.LogDirect, nil
 			obj, err := processLogMessage(msg)
 			if err == nil && isQMLog && filterQMLogMessage(obj) {
 				return false
 			}
 			if err != nil {
 				log.Printf("Failed to unmarshall JSON - %v", msg)
 			} else {
 				fmt.Println(msg)
 			}
 			return true
 		}, nil
 	case "basic":
 		log, err = logger.NewLogger(os.Stderr, d, false, name)
 		if err != nil {
 			return nil, err
 		}
-		return func(msg string, isQMLog bool) bool {
+		return func(msg string) {
 			// Parse the JSON message, and print a simplified version
-			obj, err := processLogMessage(msg)
+			var obj map[string]interface{}
-			if err == nil && isQMLog && filterQMLogMessage(obj) {
+			err := json.Unmarshal([]byte(msg), &obj)
 				return false
 			}
 			if err != nil {
-				log.Printf("Failed to unmarshall JSON - %v", err)
+				fmt.Printf("Failed to Unmarshall JSON - %v", err)
 			} else {
 				fmt.Printf(formatSimple(obj["ibm_datetime"].(string), obj["message"].(string)))
 			}
 			return true
 		}, nil
 	default:
 		log, err = logger.NewLogger(os.Stdout, d, false, name)
@@ -139,20 +124,6 @@ func configureLogger(name string) (mirrorFunc, error) {
 	}
 }
 func processLogMessage(msg string) (map[string]interface{}, error) {
 	var obj map[string]interface{}
 	err := json.Unmarshal([]byte(msg), &obj)
 	return obj, err
 }
 func filterQMLogMessage(obj map[string]interface{}) bool {
 	hostname, err := os.Hostname()
 	if os.Getenv("MQ_MULTI_INSTANCE") == "true" && err == nil && !strings.Contains(obj["host"].(string), hostname) {
 		return true
 	}
 	return false
 }
 func logDiagnostics() {
 	log.Debug("--- Start Diagnostics ---")
@@ -167,20 +138,14 @@ func logDiagnostics() {
 	out, _, _ = command.Run("ls", "-l", "/mnt/mqm/data")
 	log.Debugf("/mnt/mqm/data:\n%s", out)
 	// #nosec G104
-	out, _, _ = command.Run("ls", "-l", "/mnt/mqm-log/log")
+	out, _, _ = command.Run("ls", "-l", "/etc/mqm")
-	log.Debugf("/mnt/mqm-log/log:\n%s", out)
+	log.Debugf("/etc/mqm:\n%s", out)
 	// #nosec G104
 	out, _, _ = command.Run("ls", "-l", "/mnt/mqm-data/qmgrs")
 	log.Debugf("/mnt/mqm-data/qmgrs:\n%s", out)
 	// #nosec G104
 	out, _, _ = command.Run("ls", "-l", "/var/mqm")
 	log.Debugf("/var/mqm:\n%s", out)
 	// #nosec G104
 	out, _, _ = command.Run("ls", "-l", "/var/mqm/errors")
 	log.Debugf("/var/mqm/errors:\n%s", out)
 	// #nosec G104
 	out, _, _ = command.Run("ls", "-l", "/etc/mqm")
 	log.Debugf("/etc/mqm:\n%s", out)
 	// Print out summary of any FDCs
 	// #nosec G204
--- a/internal/containerruntimelogger/logruntime.go
+++ b/internal/containerruntimelogger/logruntime.go
@@ -13,21 +13,18 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
-package containerruntimelogger
+package main
 import (
 	"fmt"
 	"os"
 	"runtime"
 	"strings"
-	"github.com/ibm-messaging/mq-container/internal/containerruntime"
+	containerruntime "github.com/ibm-messaging/mq-container/internal/containerruntime"
 	"github.com/ibm-messaging/mq-container/internal/logger"
 	"github.com/ibm-messaging/mq-container/internal/user"
 )
-// LogContainerDetails logs details about the container runtime
+func logContainerDetails() error {
 func LogContainerDetails(log *logger.Logger) error {
 	if runtime.GOOS != "linux" {
 		return fmt.Errorf("Unsupported platform: %v", runtime.GOOS)
 	}
@@ -85,19 +82,5 @@ func LogContainerDetails(log *logger.Logger) error {
 			}
 		}
 	}
 	// For a multi-instance queue manager - check all required mounts exist & validate filesystem type
 	if os.Getenv("MQ_MULTI_INSTANCE") == "true" {
 		log.Println("Multi-instance queue manager: enabled")
 		reqMounts := []string{"/mnt/mqm", "/mnt/mqm-log", "/mnt/mqm-data"}
 		for _, mountPoint := range reqMounts {
 			if fsType, ok := m[mountPoint]; ok {
 				if !containerruntime.ValidMultiInstanceFilesystem(fsType) {
 					return fmt.Errorf("%v uses filesystem type '%v' which is invalid for a multi-instance queue manager", mountPoint, fsType)
 				}
 			} else {
 				return fmt.Errorf("Missing required mount '%v' for a multi-instance queue manager", mountPoint)
 			}
 		}
 	}
 	return nil
 }
--- a/cmd/runmqserver/main.go
+++ b/cmd/runmqserver/main.go
@@ -24,12 +24,9 @@ import (
 	"os"
 	"sync"
 	"github.com/ibm-messaging/mq-container/internal/containerruntimelogger"
 	"github.com/ibm-messaging/mq-container/internal/metrics"
 	"github.com/ibm-messaging/mq-container/internal/name"
 	"github.com/ibm-messaging/mq-container/internal/ready"
 	"github.com/ibm-messaging/mq-container/internal/tls"
 	"github.com/ibm-messaging/mq-container/internal/mqini"
 )
 func doMain() error {
@@ -48,7 +45,7 @@ func doMain() error {
 	// Check whether they only want debug info
 	if *infoFlag {
 		logVersionInfo()
-		err = containerruntimelogger.LogContainerDetails(log)
+		err = logContainerDetails()
 		if err != nil {
 			log.Printf("Error displaying container details: %v", err)
 		}
@@ -89,35 +86,38 @@ func doMain() error {
 	collectDiagOnFail = true
 	if *devFlag == false {
-		err = containerruntimelogger.LogContainerDetails(log)
+		err = logContainerDetails()
 		if err != nil {
 			logTermination(err)
 			return err
 		}
 	}
-	err = createVolume("/mnt/mqm/data")
+	err = createVolume("/mnt/mqm")
 	if err != nil {
 		logTermination(err)
 		return err
 	}
-	err = createVolume("/mnt/mqm-log/log")
+	err = createDirStructure()
 	if err != nil {
 		logTermination(err)
 		return err
 	}
 	err = createVolume("/mnt/mqm-data/qmgrs")
 	if err != nil {
 		logTermination(err)
 		return err
 	}
-	err = createDirStructure()
+	err = createWebConsoleTLSDirStructure()
 	if err != nil {
 		logTermination(err)
 		return err
 	}
 	if *devFlag == true {
 		err = createDevTLSDir()
 		if err != nil {
 			logTermination(err)
 			return err
 		}
 	}
 	// If init flag is set, exit now
 	if *initFlag {
 		return nil
@@ -126,19 +126,7 @@ func doMain() error {
 	// Print out versioning information
 	logVersionInfo()
-	keylabel, cmsDB, p12Trust, _, err := tls.ConfigureTLSKeystores(keyDir, trustDir, keyStoreDir)
+	err = postInit(name)
 	if err != nil {
 		logTermination(err)
 		return err
 	}
 	err = configureTLS(keylabel, cmsDB, *devFlag)
 	if err != nil {
 		logTermination(err)
 		return err
 	}
 	err = postInit(name, keylabel, p12Trust)
 	if err != nil {
 		logTermination(err)
 		return err
@@ -175,25 +163,16 @@ func doMain() error {
 		logTermination(err)
 		return err
 	}
-
+	err = startQueueManager()
 	err = mqini.AddStanzas(name)
 	if err != nil {
 		logTermination(err)
 		return err
 	}
-
+	err = configureQueueManager()
 	err = startQueueManager(name)
 	if err != nil {
 		logTermination(err)
 		return err
 	}
 	if standby, _ := ready.IsRunningAsStandbyQM(name); !standby {
 		err = configureQueueManager()
 		if err != nil {
 			logTermination(err)
 			return err
 		}
 	}
 	enableMetrics := os.Getenv("MQ_ENABLE_METRICS")
 	if enableMetrics == "true" || enableMetrics == "1" {
--- a/cmd/runmqserver/mirror.go
+++ b/cmd/runmqserver/mirror.go
@@ -49,17 +49,16 @@ func waitForFile(ctx context.Context, path string) (os.FileInfo, error) {
 	}
 }
-type mirrorFunc func(msg string, isQMLog bool) bool
+type mirrorFunc func(msg string)
 // mirrorAvailableMessages prints lines from the file, until no more are available
-func mirrorAvailableMessages(f *os.File, mf mirrorFunc, isQMLog bool) {
+func mirrorAvailableMessages(f *os.File, mf mirrorFunc) {
 	scanner := bufio.NewScanner(f)
 	count := 0
 	for scanner.Scan() {
 		t := scanner.Text()
-		if mf(t, isQMLog) {
+		mf(t)
-			count++
+		count++
 		}
 	}
 	if count > 0 {
 		log.Debugf("Mirrored %v log entries from %v", count, f.Name())
@@ -74,7 +73,7 @@ func mirrorAvailableMessages(f *os.File, mf mirrorFunc, isQMLog bool) {
 // mirrorLog tails the specified file, and logs each line to stdout.
 // This is useful for usability, as the container console log can show
 // messages from the MQ error logs.
-func mirrorLog(ctx context.Context, wg *sync.WaitGroup, path string, fromStart bool, mf mirrorFunc, isQMLog bool) (chan error, error) {
+func mirrorLog(ctx context.Context, wg *sync.WaitGroup, path string, fromStart bool, mf mirrorFunc) (chan error, error) {
 	errorChannel := make(chan error, 1)
 	var offset int64 = -1
 	var f *os.File
@@ -148,7 +147,7 @@ func mirrorLog(ctx context.Context, wg *sync.WaitGroup, path string, fromStart b
 		closing := false
 		for {
 			// If there's already data there, mirror it now.
-			mirrorAvailableMessages(f, mf, isQMLog)
+			mirrorAvailableMessages(f, mf)
 			// Wait for the new log file (after rotation)
 			newFI, err := waitForFile(ctx, path)
 			if err != nil {
@@ -162,7 +161,7 @@ func mirrorLog(ctx context.Context, wg *sync.WaitGroup, path string, fromStart b
 				// log rotation happens before we can open the new file, then we
 				// could skip all those messages.  This could happen with a very small
 				// MQ error log size.
-				mirrorAvailableMessages(f, mf, isQMLog)
+				mirrorAvailableMessages(f, mf)
 				err = f.Close()
 				if err != nil {
 					log.Errorf("Unable to close mirror file handle: %v", err)
@@ -177,7 +176,7 @@ func mirrorLog(ctx context.Context, wg *sync.WaitGroup, path string, fromStart b
 				}
 				fi = newFI
 				// Don't seek this time, because we know it's a new file
-				mirrorAvailableMessages(f, mf, isQMLog)
+				mirrorAvailableMessages(f, mf)
 			}
 			select {
 			case <-ctx.Done():
--- a/cmd/runmqserver/mirror_test.go
+++ b/cmd/runmqserver/mirror_test.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2018, 2019
+© Copyright IBM Corporation 2018
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -41,10 +41,9 @@ func TestMirrorLogWithoutRotation(t *testing.T) {
 			count := 0
 			ctx, cancel := context.WithCancel(context.Background())
 			var wg sync.WaitGroup
-			_, err = mirrorLog(ctx, &wg, tmp.Name(), true, func(msg string, isQMLog bool) bool {
+			_, err = mirrorLog(ctx, &wg, tmp.Name(), true, func(msg string) {
 				count++
-				return true
+			})
 			}, false)
 			if err != nil {
 				t.Fatal(err)
 			}
@@ -83,10 +82,9 @@ func TestMirrorLogWithRotation(t *testing.T) {
 			count := 0
 			ctx, cancel := context.WithCancel(context.Background())
 			var wg sync.WaitGroup
-			_, err = mirrorLog(ctx, &wg, tmp.Name(), true, func(msg string, isQMLog bool) bool {
+			_, err = mirrorLog(ctx, &wg, tmp.Name(), true, func(msg string) {
 				count++
-				return true
+			})
 			}, false)
 			if err != nil {
 				t.Fatal(err)
 			}
@@ -137,10 +135,9 @@ func testMirrorLogExistingFile(t *testing.T, newQM bool) int {
 	count := 0
 	ctx, cancel := context.WithCancel(context.Background())
 	var wg sync.WaitGroup
-	_, err = mirrorLog(ctx, &wg, tmp.Name(), newQM, func(msg string, isQMLog bool) bool {
+	_, err = mirrorLog(ctx, &wg, tmp.Name(), newQM, func(msg string) {
 		count++
-		return true
+	})
 	}, false)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -182,9 +179,8 @@ func TestMirrorLogCancelWhileWaiting(t *testing.T) {
 		cancel()
 		wg.Wait()
 	}()
-	_, err := mirrorLog(ctx, &wg, "fake.log", true, func(msg string, isQMLog bool) bool {
+	_, err := mirrorLog(ctx, &wg, "fake.log", true, func(msg string) {
-		return true
+	})
 	}, false)
 	if err != nil {
 		t.Error(err)
 	}
--- a/cmd/runmqserver/post_init.go
+++ b/cmd/runmqserver/post_init.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2018, 2019
+© Copyright IBM Corporation 2018
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -17,26 +17,31 @@ package main
 import (
 	"os"
 	"github.com/ibm-messaging/mq-container/internal/tls"
 )
 // postInit is run after /var/mqm is set up
-func postInit(name, keylabel string, p12Trust tls.KeyStoreData) error {
+func postInit(name string) error {
-	enableWebServer := os.Getenv("MQ_ENABLE_EMBEDDED_WEB_SERVER")
+	disable := os.Getenv("MQ_DISABLE_WEB_CONSOLE")
-	if enableWebServer == "true" || enableWebServer == "1" {
+	if disable != "true" && disable != "1" {
-		// Configure the web server (if enabled)
+
-		keystore, err := configureWebServer(keylabel, p12Trust)
+		// Configure Single-Sign-On for the web server (if enabled)
 		enableSSO := os.Getenv("MQ_ENABLE_SSO")
 		if enableSSO == "true" || enableSSO == "1" {
 			err := configureSSO()
 			if err != nil {
 				return err
 			}
 		}
 		// Configure the web server (if installed)
 		err := configureWebServer()
 		if err != nil {
 			return err
 		}
 		// Start the web server, in the background (if installed)
 		// WARNING: No error handling or health checking available for the web server
 		go func() {
-			err = startWebServer(keystore, p12Trust.Password)
+			startWebServer()
 			if err != nil {
 				log.Printf("Error starting web server: %v", err)
 			}
 		}()
 	}
 	return nil
--- a/cmd/runmqserver/process.go
+++ b/cmd/runmqserver/process.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2018
+© Copyright IBM Corporation 2018, 2019
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
--- a/cmd/runmqserver/qmgr.go
+++ b/cmd/runmqserver/qmgr.go
@@ -16,8 +16,7 @@ limitations under the License.
 package main
 import (
-	"bytes"
+	"io"
 	"fmt"
 	"io/ioutil"
 	"os"
 	"os/exec"
@@ -25,65 +24,35 @@ import (
 	"strings"
 	"github.com/ibm-messaging/mq-container/internal/command"
 	containerruntime "github.com/ibm-messaging/mq-container/internal/containerruntime"
 	"github.com/ibm-messaging/mq-container/internal/mqscredact"
 	"github.com/ibm-messaging/mq-container/internal/ready"
 )
 // createDirStructure creates the default MQ directory structure under /var/mqm
 func createDirStructure() error {
-	out, _, err := command.Run("/opt/mqm/bin/crtmqdir", "-f", "-a")
+	out, _, err := command.Run("/opt/mqm/bin/crtmqdir", "-f", "-s")
 	if err != nil {
 		log.Printf("Error creating directory structure: %v\n", string(out))
 		return err
 	}
 	log.Println("Created directory structure under /var/mqm")
 	return nil
 }
 // createQueueManager creates a queue manager, if it doesn't already exist.
-// It returns true if one was created (or a standby was created), or false if one already existed
+// It returns true if one was created, or false if one already existed
 func createQueueManager(name string) (bool, error) {
 	log.Printf("Creating queue manager %v", name)
-
+	out, rc, err := command.Run("crtmqm", "-q", "-p", "1414", name)
 	// Run 'dspmqinf' to check if 'mqs.ini' configuration file exists
 	// If command succeeds, the queue manager (or standby queue manager) has already been created
 	_, _, err := command.Run("dspmqinf", name)
 	if err == nil {
 		log.Printf("Detected existing queue manager %v", name)
 		return false, nil
 	}
 	mounts, err := containerruntime.GetMounts()
 	if err != nil {
-		log.Printf("Error getting mounts for queue manager")
+		// 8=Queue manager exists, which is fine
 		if rc == 8 {
 			log.Printf("Detected existing queue manager %v", name)
 			return false, nil
 		}
 		log.Printf("crtmqm returned %v", rc)
 		log.Println(string(out))
 		return false, err
 	}
 	// Check if 'qm.ini' configuration file exists for the queue manager
 	// TODO : handle possible race condition - use a file lock?
 	dataDir := getQueueManagerDataDir(mounts, name)
 	_, err = os.Stat(filepath.Join(dataDir, "qm.ini"))
 	if err != nil {
 		// If 'qm.ini' is not found - run 'crtmqm' to create a new queue manager
 		args := getCreateQueueManagerArgs(mounts, name)
 		out, rc, err := command.Run("crtmqm", args...)
 		if err != nil {
 			log.Printf("Error %v creating queue manager: %v", rc, string(out))
 			return false, err
 		}
 	} else {
 		// If 'qm.ini' is found - run 'addmqinf' to create a standby queue manager with existing configuration
 		args := getCreateStandbyQueueManagerArgs(name)
 		out, rc, err := command.Run("addmqinf", args...)
 		if err != nil {
 			log.Printf("Error %v creating standby queue manager: %v", rc, string(out))
 			return false, err
 		}
 		log.Println("Created standby queue manager")
 		return true, nil
 	}
 	log.Println("Created queue manager")
 	return true, nil
 }
@@ -100,15 +69,10 @@ func updateCommandLevel() error {
 	return nil
 }
-func startQueueManager(name string) error {
+func startQueueManager() error {
 	log.Println("Starting queue manager")
-	out, rc, err := command.Run("strmqm", "-x", name)
+	out, rc, err := command.Run("strmqm")
 	if err != nil {
 		// 30=standby queue manager started, which is fine
 		if rc == 30 {
 			log.Printf("Started standby queue manager")
 			return nil
 		}
 		log.Printf("Error %v starting queue manager: %v", rc, string(out))
 		return err
 	}
@@ -123,49 +87,43 @@ func configureQueueManager() error {
 		log.Println(err)
 		return err
 	}
 	for _, file := range files {
 		if strings.HasSuffix(file.Name(), ".mqsc") {
 			abs := filepath.Join(configDir, file.Name())
 			// #nosec G204
 			verify := exec.Command("runmqsc", "-v", "-e")
 			// #nosec G204 - command is fixed, no injection vector
 			cmd := exec.Command("runmqsc")
-			// Read mqsc file into variable
+			stdin, err := cmd.StdinPipe()
 			// #nosec G304 - filename variable is derived from contents of 'configDir' which is a defined constant
 			mqsc, err := ioutil.ReadFile(abs)
 			if err != nil {
-				log.Printf("Error reading file %v: %v", abs, err)
+				log.Println(err)
-				continue
+				return err
 			}
-			// Write mqsc to buffer
+			// Open the MQSC file for reading
-			var buffer bytes.Buffer
+			// #nosec G304
-			_, err = buffer.Write(mqsc)
+			f, err := os.Open(abs)
 			if err != nil {
-				log.Printf("Error writing MQSC file %v to buffer: %v", abs, err)
+				log.Printf("Error opening %v: %v", abs, err)
 				continue
 			}
-			verifyBuffer := buffer
+			// Copy the contents to stdin of the runmqsc process
-
+			_, err = io.Copy(stdin, f)
 			// Buffer mqsc to stdin of runmqsc
 			cmd.Stdin = &buffer
 			verify.Stdin = &verifyBuffer
 			// Verify the MQSC commands
 			out, err := verify.CombinedOutput()
 			if err != nil {
-				log.Errorf("Error verifying MQSC file %v (%v):\n\t%v", file.Name(), err, formatMQSCOutput(string(out)))
+				log.Errorf("Error reading %v: %v", abs, err)
 				return fmt.Errorf("Error verifying MQSC file %v (%v):\n\t%v", file.Name(), err, formatMQSCOutput(string(out)))
 			}
-
+			err = f.Close()
 			// Run runmqsc command
 			out, err = cmd.CombinedOutput()
 			if err != nil {
-				log.Errorf("Error running MQSC file %v (%v):\n\t%v", file.Name(), err, formatMQSCOutput(string(out)))
+				log.Errorf("Failed to close MQSC file handle: %v", err)
 				continue
 			} else {
 				// Print the runmqsc output, adding tab characters to make it more readable as part of the log
 				log.Printf("Output for \"runmqsc\" with %v:\n\t%v", abs, formatMQSCOutput(string(out)))
 			}
 			err = stdin.Close()
 			if err != nil {
 				log.Errorf("Failed to close MQSC stdin: %v", err)
 			}
 			// Run the command and wait for completion
 			out, err := cmd.CombinedOutput()
 			if err != nil {
 				log.Errorf("Error running MQSC file %v (%v):\n\t%v", file.Name(), err, strings.Replace(string(out), "\n", "\n\t", -1))
 			}
 			// Print the runmqsc output, adding tab characters to make it more readable as part of the log
 			log.Printf("Output for \"runmqsc\" with %v:\n\t%v", abs, strings.Replace(string(out), "\n", "\n\t", -1))
 		}
 	}
 	return nil
@@ -173,77 +131,11 @@ func configureQueueManager() error {
 func stopQueueManager(name string) error {
 	log.Println("Stopping queue manager")
-	isStandby, err := ready.IsRunningAsStandbyQM(name)
+	out, _, err := command.Run("endmqm", "-w", "-r", name)
 	if err != nil {
-		log.Printf("Error getting status for queue manager %v: ", name, err.Error())
+		log.Printf("Error stopping queue manager: %v", string(out))
 		return err
 	}
-	args := []string{"-w", "-r", name}
+	log.Println("Stopped queue manager")
 	if os.Getenv("MQ_MULTI_INSTANCE") == "true" {
 		if isStandby {
 			args = []string{"-x", name}
 		} else {
 			args = []string{"-s", "-w", "-r", name}
 		}
 	}
 	out, rc, err := command.Run("endmqm", args...)
 	if err != nil {
 		log.Printf("Error %v stopping queue manager: %v", rc, string(out))
 		return err
 	}
 	if isStandby {
 		log.Printf("Stopped standby queue manager")
 	} else {
 		log.Println("Stopped queue manager")
 	}
 	return nil
 }
 func formatMQSCOutput(out string) string {
 	// redact sensitive information
 	out, _ = mqscredact.Redact(out)
 	// add tab characters to make it more readable as part of the log
 	return strings.Replace(string(out), "\n", "\n\t", -1)
 }
 func isStandbyQueueManager(name string) (bool, error) {
 	out, rc, err := command.Run("dspmq", "-n", "-m", name)
 	if err != nil {
 		log.Printf("Error %v getting status for queue manager %v: %v", rc, name, string(out))
 		return false, err
 	}
 	if strings.Contains(string(out), "(RUNNING AS STANDBY)") {
 		return true, nil
 	}
 	return false, nil
 }
 func getQueueManagerDataDir(mounts map[string]string, name string) string {
 	dataDir := filepath.Join("/var/mqm/qmgrs", name)
 	if _, ok := mounts["/mnt/mqm-data"]; ok {
 		dataDir = filepath.Join("/mnt/mqm-data/qmgrs", name)
 	}
 	return dataDir
 }
 func getCreateQueueManagerArgs(mounts map[string]string, name string) []string {
 	args := []string{"-q", "-p", "1414"}
 	if _, ok := mounts["/mnt/mqm-log"]; ok {
 		args = append(args, "-ld", "/mnt/mqm-log/log")
 	}
 	if _, ok := mounts["/mnt/mqm-data"]; ok {
 		args = append(args, "-md", "/mnt/mqm-data/qmgrs")
 	}
 	args = append(args, name)
 	return args
 }
 func getCreateStandbyQueueManagerArgs(name string) []string {
 	args := []string{"-s", "QueueManager"}
 	args = append(args, "-v", fmt.Sprintf("Name=%v", name))
 	args = append(args, "-v", fmt.Sprintf("Directory=%v", name))
 	args = append(args, "-v", "Prefix=/var/mqm")
 	args = append(args, "-v", fmt.Sprintf("DataPath=/mnt/mqm-data/qmgrs/%v", name))
 	return args
 }
--- a/cmd/runmqserver/signals.go
+++ b/cmd/runmqserver/signals.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2017, 2018
+© Copyright IBM Corporation 2017, 2019
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
--- a/cmd/runmqserver/tls.go
+++ b/cmd/runmqserver/tls.go
@@ -1,163 +0,0 @@
 /*
 © Copyright IBM Corporation 2018, 2019
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package main
 import (
 	"fmt"
 	"os"
 	"path/filepath"
 	"strings"
 	"github.com/ibm-messaging/mq-container/internal/command"
 	"github.com/ibm-messaging/mq-container/internal/keystore"
 	"github.com/ibm-messaging/mq-container/internal/mqtemplate"
 	"github.com/ibm-messaging/mq-container/internal/tls"
 )
 // Location to store the keystores
 const keyStoreDir = "/run/runmqserver/tls/"
 // KeyDir is the location of the certificate keys to import
 const keyDir = "/etc/mqm/pki/keys"
 // TrustDir is the location of the Certifates to add
 const trustDir = "/etc/mqm/pki/trust"
 // configureWebTLS configures TLS for Web Console
 func configureWebTLS(label string) error {
 	// Return immediately if we have no certificate to use as identity
 	if label == "" && os.Getenv("MQ_GENERATE_CERTIFICATE_HOSTNAME") == "" {
 		return nil
 	}
 	webConfigDir := "/etc/mqm/web/installations/Installation1/servers/mqweb"
 	tls := "tls.xml"
 	tlsConfig := filepath.Join(webConfigDir, tls)
 	newTLSConfig := filepath.Join(webConfigDir, tls+".tpl")
 	err := os.Remove(tlsConfig)
 	if err != nil {
 		return fmt.Errorf("Could not delete file %s: %v", tlsConfig, err)
 	}
 	// we symlink here to prevent issues on restart
 	err = os.Symlink(newTLSConfig, tlsConfig)
 	if err != nil {
 		return fmt.Errorf("Could not create symlink %s->%s: %v", newTLSConfig, tlsConfig, err)
 	}
 	mqmUID, mqmGID, err := command.LookupMQM()
 	if err != nil {
 		return fmt.Errorf("Could not find mqm user or group: %v", err)
 	}
 	err = os.Chown(tlsConfig, mqmUID, mqmGID)
 	if err != nil {
 		return fmt.Errorf("Could change ownership of %s to mqm: %v", tlsConfig, err)
 	}
 	return nil
 }
 // configureTLSDev configures TLS for developer defaults
 func configureTLSDev() error {
 	const mqsc string = "/etc/mqm/20-dev-tls.mqsc"
 	const mqscTemplate string = mqsc + ".tpl"
 	if os.Getenv("MQ_DEV") == "true" {
 		err := mqtemplate.ProcessTemplateFile(mqscTemplate, mqsc, map[string]string{}, log)
 		if err != nil {
 			return err
 		}
 	} else {
 		_, err := os.Stat(mqsc)
 		if !os.IsNotExist(err) {
 			err = os.Remove(mqsc)
 			if err != nil {
 				log.Errorf("Error removing file %s: %v", mqsc, err)
 				return err
 			}
 		}
 	}
 	return nil
 }
 // configureTLS configures TLS for queue manager
 func configureTLS(certLabel string, cmsKeystore tls.KeyStoreData, devmode bool) error {
 	log.Debug("Configuring TLS")
 	const mqsc string = "/etc/mqm/15-tls.mqsc"
 	const mqscTemplate string = mqsc + ".tpl"
 	err := mqtemplate.ProcessTemplateFile(mqscTemplate, mqsc, map[string]string{
 		"SSLKeyR":          strings.TrimSuffix(cmsKeystore.Keystore.Filename, ".kdb"),
 		"CertificateLabel": certLabel,
 	}, log)
 	if err != nil {
 		return err
 	}
 	if devmode && certLabel != "" {
 		err = configureTLSDev()
 		if err != nil {
 			return err
 		}
 	}
 	return nil
 }
 // configureSSOTLS configures MQ Console TLS for Single Sign-On
 func configureSSOTLS(p12TrustStore tls.KeyStoreData) (string, error) {
 	// TODO find way to supply this
 	// Override the webstore variables to hard coded defaults
 	webKeyStoreName := tls.IntegrationDefaultLabel + ".p12"
 	// Check keystore exists
 	ks := filepath.Join(keyStoreDir, webKeyStoreName)
 	_, err := os.Stat(ks)
 	// Now we know if the file exists let's check whether we should have it or not.
 	// Check if we're being told to generate the certificate
 	genHostName := os.Getenv("MQ_GENERATE_CERTIFICATE_HOSTNAME")
 	if genHostName != "" {
 		// We've got to generate the certificate with the hostname given
 		if err == nil {
 			log.Printf("Replacing existing keystore %s - generating new certificate", ks)
 		}
 		// Keystore doesn't exist so create it and populate a certificate
 		newKS := keystore.NewPKCS12KeyStore(ks, p12TrustStore.Password)
 		err = newKS.Create()
 		if err != nil {
 			return "", fmt.Errorf("Failed to create keystore %s: %v", ks, err)
 		}
 		err = newKS.CreateSelfSignedCertificate("default", fmt.Sprintf("CN=%s", genHostName), genHostName)
 		if err != nil {
 			return "", fmt.Errorf("Failed to generate certificate in keystore %s with DN of 'CN=%s': %v", ks, genHostName, err)
 		}
 	} else {
 		// Keystore should already exist
 		if err != nil {
 			return "", fmt.Errorf("Failed to find existing keystore %s: %v", ks, err)
 		}
 	}
 	// Check truststore exists
 	_, err = os.Stat(p12TrustStore.Keystore.Filename)
 	if err != nil {
 		return "", fmt.Errorf("Failed to find existing truststore %s: %v", p12TrustStore.Keystore.Filename, err)
 	}
 	return webKeyStoreName, nil
 }
--- a/cmd/runmqserver/version.go
+++ b/cmd/runmqserver/version.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2018
+© Copyright IBM Corporation 2018, 2019
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -38,11 +38,11 @@ func logDateStamp() {
 }
 func logGitRepo() {
-	// log.Printf("Image revision: %v", ImageRevision)
+	log.Printf("Image revision: %v", ImageRevision)
 }
 func logGitCommit() {
-	// log.Printf("Image source: %v", ImageSource)
+	log.Printf("Image source: %v", ImageSource)
 }
 func logImageTag() {
--- a/cmd/runmqserver/webserver.go
+++ b/cmd/runmqserver/webserver.go
@@ -17,6 +17,7 @@ package main
 import (
 	"fmt"
 	"io"
 	"os"
 	"os/exec"
 	"os/user"
@@ -26,35 +27,24 @@ import (
 	"syscall"
 	"github.com/ibm-messaging/mq-container/internal/command"
-	"github.com/ibm-messaging/mq-container/internal/copy"
+	"github.com/ibm-messaging/mq-container/internal/keystore"
 	"github.com/ibm-messaging/mq-container/internal/mqtemplate"
 	"github.com/ibm-messaging/mq-container/internal/tls"
 )
-func startWebServer(keystore, keystorepw string) error {
+func startWebServer() error {
 	_, err := os.Stat("/opt/mqm/bin/strmqweb")
 	if err != nil && os.IsNotExist(err) {
 		log.Debug("Skipping web server, because it's not installed")
 		return nil
 	}
 	log.Println("Starting web server")
 	// #nosec G204 - command is fixed, no injection vector
 	cmd := exec.Command("strmqweb")
 	// Set a default app password for the web server, if one isn't already set
 	_, set := os.LookupEnv("MQ_APP_PASSWORD")
 	if !set {
 		// Take all current environment variables, and add the app password
 		cmd.Env = append(os.Environ(), "MQ_APP_PASSWORD=passw0rd")
 	} else {
 		cmd.Env = os.Environ()
 	}
 	// TLS enabled
 	if keystore != "" {
 		cmd.Env = append(cmd.Env, "AMQ_WEBKEYSTORE="+keystore)
 		cmd.Env = append(cmd.Env, "AMQ_WEBKEYSTOREPW="+keystorepw)
 	}
 	uid, gid, err := command.LookupMQM()
 	if err != nil {
 		return err
@@ -81,7 +71,28 @@ func startWebServer(keystore, keystorepw string) error {
 	return nil
 }
-func configureSSO(p12TrustStore tls.KeyStoreData) (string, error) {
+// CopyFile copies the specified file
 func CopyFile(src, dest string) error {
 	log.Debugf("Copying file %v to %v", src, dest)
 	in, err := os.Open(src)
 	if err != nil {
 		return err
 	}
 	defer in.Close()
 	out, err := os.OpenFile(dest, os.O_CREATE|os.O_WRONLY, 0770)
 	defer out.Close()
 	_, err = io.Copy(out, in)
 	if err != nil {
 		return err
 	}
 	err = out.Close()
 	return err
 }
 func configureSSO() error {
 	// Ensure all required environment variables are set for SSO
 	requiredEnvVars := []string{
 		"MQ_WEB_ADMIN_USERS",
@@ -92,10 +103,11 @@ func configureSSO(p12TrustStore tls.KeyStoreData) (string, error) {
 		"MQ_OIDC_TOKEN_ENDPOINT",
 		"MQ_OIDC_JWK_ENDPOINT",
 		"MQ_OIDC_ISSUER_IDENTIFIER",
 		"MQ_OIDC_CERTIFICATE",
 	}
 	for _, envVar := range requiredEnvVars {
 		if len(os.Getenv(envVar)) == 0 {
-			return "", fmt.Errorf("%v must be set when MQ_BETA_ENABLE_SSO=true", envVar)
+			return fmt.Errorf("%v must be set when MQ_ENABLE_SSO=true", envVar)
 		}
 	}
@@ -104,59 +116,72 @@ func configureSSO(p12TrustStore tls.KeyStoreData) (string, error) {
 	_, err := os.Stat(mqwebDir)
 	if err != nil {
 		if os.IsNotExist(err) {
-			return "", nil
+			return nil
 		}
-		return "", err
+		return err
 	}
 	// Process SSO template for generating file mqwebuser.xml
 	adminUsers := strings.Split(os.Getenv("MQ_WEB_ADMIN_USERS"), "\n")
 	err = mqtemplate.ProcessTemplateFile(mqwebDir+"/mqwebuser.xml.tpl", mqwebDir+"/mqwebuser.xml", map[string][]string{"AdminUser": adminUsers}, log)
 	if err != nil {
-		return "", err
+		return err
 	}
 	// Configure SSO TLS
-	return configureSSOTLS(p12TrustStore)
+	return configureSSO_TLS()
 }
-func configureWebServer(keyLabel string, p12Trust tls.KeyStoreData) (string, error) {
+func configureSSO_TLS() error {
 	var keystore string
 	// Configure TLS for Web Console first if we have a certificate to use
 	err := configureWebTLS(keyLabel)
 	if err != nil {
 		return keystore, err
 	}
 	if keyLabel != "" {
 		keystore = keyLabel + ".p12"
 	}
-	// Configure Single-Sign-On for the web server (if enabled)
+	// Create tls directory
-	enableSSO := os.Getenv("MQ_BETA_ENABLE_SSO")
+	dir := "/run/tls"
-	if enableSSO == "true" || enableSSO == "1" {
+	mntdir := "/mnt/tls/"
-		keystore, err = configureSSO(p12Trust)
+
-		if err != nil {
+	// Setup key store & trust store
-			return keystore, err
+	ks := keystore.NewJKSKeyStore(filepath.Join(dir, "key.jks"), "password")
-		}
+	ts := keystore.NewJKSKeyStore(filepath.Join(dir, "trust.jks"), "password")
 	log.Debug("Creating key store")
 	err := ks.Create(log)
 	if err != nil {
 		return err
 	}
-	_, err = os.Stat("/opt/mqm/bin/strmqweb")
+	log.Debug("Creating trust store")
 	err = ts.Create(log)
 	if err != nil {
 		return err
 	}
 	log.Debug("Generating PKCS12 file")
 	err = ks.GeneratePKCS12(filepath.Join(mntdir, "tls.key"), filepath.Join(mntdir, "tls.crt"), filepath.Join(dir, "tls.p12"), "default", "password")
 	if err != nil {
 		return err
 	}
 	log.Debug("Importing certificate into key store")
 	err = ks.Import(filepath.Join(dir, "tls.p12"), "password")
 	if err != nil {
 		return err
 	}
 	log.Debug("Adding OIDC certificate to trust store")
 	err = ts.Add(os.Getenv("MQ_OIDC_CERTIFICATE"), "OIDC")
 	return err
 }
 func configureWebServer() error {
 	_, err := os.Stat("/opt/mqm/bin/strmqweb")
 	if err != nil {
 		if os.IsNotExist(err) {
-			return keystore, nil
+			return nil
 		}
-		return keystore, err
+		return err
 	}
 	const webConfigDir string = "/etc/mqm/web"
 	_, err = os.Stat(webConfigDir)
 	if err != nil {
 		if os.IsNotExist(err) {
-			return keystore, nil
+			return nil
 		}
-		return keystore, err
+		return err
 	}
 	uid, gid, err := command.LookupMQM()
 	if err != nil {
 		return keystore, err
 	}
 	const prefix string = "/etc/mqm/web"
 	err = filepath.Walk(prefix, func(from string, info os.FileInfo, err error) error {
@@ -175,7 +200,6 @@ func configureWebServer(keyLabel string, p12Trust tls.KeyStoreData) (string, err
 		}
 		if info.IsDir() {
 			if !exists {
 				// #nosec G301 - write group permissions are required
 				err := os.MkdirAll(to, 0770)
 				if err != nil {
 					return err
@@ -188,17 +212,13 @@ func configureWebServer(keyLabel string, p12Trust tls.KeyStoreData) (string, err
 					return err
 				}
 			}
-			err := copy.CopyFile(from, to)
+			err := CopyFile(from, to)
 			if err != nil {
 				log.Error(err)
 				return err
 			}
 		}
 		err = os.Chown(to, uid, gid)
 		if err != nil {
 			return err
 		}
 		return nil
 	})
-	return keystore, err
+	return err
 }
--- a/docs/building.md
+++ b/docs/building.md
@@ -2,22 +2,46 @@
 ## Prerequisites
-You need to have the following tools installed:
+### Prerequisites for building an Ubuntu image
 If you want to build a container image with Ubuntu Linux as the base OS, then you need to have the following tools installed:
-* [Docker](https://www.docker.com/) V17.06.1 or later, or [Podman](https://podman.io) V1.0 or later
+* [Docker](https://www.docker.com/) V17.06.1 or later
 * [GNU make](https://www.gnu.org/software/make/)
 If you are working in the Windows Subsystem for Linux, follow [this guide by Microsoft to set up Docker](https://blogs.msdn.microsoft.com/commandline/2017/12/08/cross-post-wsl-interoperability-with-docker/) first.
-## Building a production image
+### Prerequisites for building a Red Hat Enterprise Linux image
 If you want to build a container image with Red Hat Enterprise Linux as the base OS, then you need to use a host server with Red Hat Enterprise Linux.  You must also have the following tools installed:
-This procedure works for building the MQ Continuous Delivery release, on `amd64`, `ppc64le` and `s390x` architectures.
+* [`buildah`](https://buildah.io) (available in `rhel-7-server-extras`)
 * [`podman`](https://podman.io) (available in `rhel-7-server-extras`)
 In addition, you need the following commonly installed tools:
 * `bash`
 * `coreutils`
 * `findutils`
 * `make`
 * `sed`
 * `shadow-utils`
 * `tar`
 ## Building a production image
 This procedure works for building the MQ Continuous Delivery release, on `x86_64`, `ppc64le` and `s390x` architectures.
 1. Create a `downloads` directory in the root of this repository
-2. Download MQ from [IBM Passport Advantage](https://www.ibm.com/software/passportadvantage/) or [IBM Fix Central](https://www.ibm.com/support/fixcentral), and place the downloaded file (for example, `IBM_MQ_9.1.3_LINUX_X86-64.tar.gz`) in the `downloads` directory
+2. Download MQ from [IBM Passport Advantage](https://www.ibm.com/software/passportadvantage/) or [IBM Fix Central](https://www.ibm.com/support/fixcentral), and place the downloaded file (for example, `IBM_MQ_9.1.1_UBUNTU_X86-64.tar.gz` for MQ V9.1.1 for Ubuntu on x86_64 architecture) in the `downloads` directory
 3. Run `make build-advancedserver`
-> **Warning**: Note that MQ offers two different sets of packaging on Linux: one is called "MQ for Linux" and contains RPM files for installing on Red Hat Enterprise Linux and SUSE Linux Enterprise Server; the other is for Ubuntu.  The MQ container build uses a Red Hat Universal Base Image, so you need the "MQ for Linux" RPM files.
+> **Warning**: Note that MQ offers two different sets of packaging on Linux: one is called "MQ for Linux" and contains RPM files for installing on Red Hat Enterprise Linux and SUSE Linux Enterprise Server.  The other package is called "MQ for Ubuntu", and contains DEB files for installing on Ubuntu.
 On a Red Hat Enterprise Linux host, the command `make build-advancedserver` will build a container image using Red Hat Enterprise Linux as the base.  On all other hosts, the base image will be Ubuntu.
 You can build a different version of MQ by setting the `MQ_VERSION` environment variable, for example:
 ```bash
 MQ_VERSION=9.1.0.0 make build-advancedserver
 ```
 If you have an MQ archive file with a different file name, you can specify a particular file (which must be in the `downloads` directory).  You should also specify the MQ version, so that the resulting image is tagged correctly, for example:
@@ -26,10 +50,10 @@ MQ_ARCHIVE=mq-1.2.3.4.tar.gz MQ_VERSION=1.2.3.4 make build-advancedserver
 ```
 ## Building a developer image
-Run `make build-devserver`, which will download the latest version of MQ Advanced for Developers from IBM developerWorks.  This is currently only available on the `amd64` architecture.
+Run `make build-devserver`, which will download the latest version of MQ Advanced for Developers from IBM developerWorks.  This is currently only available on the `x86_64` architecture.  On a Red Hat Enterprise Linux host, this command will build a container image using Red Hat Enterprise Linux as the base.  On all other hosts, the base image will be Ubuntu.
 You can use the environment variable `MQ_ARCHIVE_DEV` to specify an alternative local file to install from (which must be in the `downloads` directory).
 ## Installed components
-This image includes the core MQ server, Java, language packs, GSKit, and web server.  This can be configured by setting the `MQ_PACKAGES` argument to `make`.
+This image includes the core MQ server, Java, language packs, and GSKit.  This can be configured by setting the `MQ_PACKAGES` argument to `make`.  For the Ubuntu-based image, you can also directly set a [Docker build argument](https://docs.docker.com/engine/reference/commandline/build/#set-build-time-variables-build-arg).
--- a/docs/developer-config.md
+++ b/docs/developer-config.md
@@ -9,8 +9,8 @@ The MQ Developer Defaults supports some customization options, these are all con
 * **MQ_DEV** - Set this to `false` to stop the default objects being created.
 * **MQ_ADMIN_PASSWORD** - Changes the password of the `admin` user. Must be at least 8 characters long.
 * **MQ_APP_PASSWORD** - Changes the password of the app user. If set, this will cause the `DEV.APP.SVRCONN` channel to become secured and only allow connections that supply a valid userid and password. Must be at least 8 characters long.
-* **MQ_TLS_KEYSTORE** - **DEPRECATED**. See section `Supplying TLS certificates` in [usage document](usage.md).  Allows you to supply the location of a PKCS#12 keystore containing a single certificate which you want to use in both the web console and the queue manager. Requires `MQ_TLS_PASSPHRASE`. When enabled the channels created will be secured using the `TLS_RSA_WITH_AES_128_CBC_SHA256` CipherSpec. *Note*: you will need to make the keystore available inside your container, this can be done by mounting a volume to your container.
+* **MQ_TLS_KEYSTORE** - Allows you to supply the location of a PKCS#12 keystore containing a single certificate which you want to use in both the web console and the queue manager. Requires `MQ_TLS_PASSPHRASE`. When enabled the channels created will be secured using the `TLS_RSA_WITH_AES_128_CBC_SHA256` CipherSpec. *Note*: you will need to make the keystore available inside your container, this can be done by mounting a volume to your container.
-* **MQ_TLS_PASSPHRASE** - **DEPRECATED**. See section `Supplying TLS certificates` in [usage document](usage.md). Passphrase for the keystore referenced in `MQ_TLS_KEYSTORE`.
+* **MQ_TLS_PASSPHRASE** - Passphrase for the keystore referenced in `MQ_TLS_KEYSTORE`.
 ## Details of the default configuration
@@ -52,4 +52,4 @@ If you choose to accept the security warning, you will be presented with the log
 If you wish to change the password for the admin user, this can be done using the `MQ_ADMIN_PASSWORD` environment variable. If you supply a PKCS#12 keystore using the `MQ_TLS_KEYSTORE` environment variable, then the web console will be configured to use the certificate inside the keystore for HTTPS operations.
-If you do not wish the web console to run, you can disable it by setting the environment variable `MQ_ENABLE_EMBEDDED_WEB_SERVER` to `false`.
+If you do not wish the web console to run, you can disable it by setting the environment variable `MQ_DISABLE_WEB_CONSOLE` to `true`.
--- a/docs/internals.md
+++ b/docs/internals.md
@@ -24,7 +24,6 @@ The `runmqserver` command has the following responsibilities:
    - Works as PID 1, so is responsible for [reaping zombie processes](https://blog.phusion.nl/2015/01/20/docker-and-the-pid-1-zombie-reaping-problem/)
 * Creating and starting a queue manager
 * Configuring the queue manager, by running any MQSC scripts found under `/etc/mqm`
 * Starts the MQ web server (if enabled)
 * Starting Prometheus metrics generation for the queue manager (if enabled)
 * Indicates to the `chkmqready` command that configuration is complete, and that normal readiness checking can happen.  This is done by writing a file into `/run/runmqserver`
@@ -37,6 +36,8 @@ The `runmqdevserver` command is added to the MQ Advanced for Developers image on
 2. Generates MQSC files to put in `/etc/mqm`, based on a template, which is updated with values based on supplied environment variables.
 3. If requested, it creates TLS key stores under `/run/runmqdevserver`, and configures MQ and the web server to use them
 A special version of `runmqserver` is used in the developer image, which performs extra actions like starting the web server.  This is built using the `mqdev` [build constraint](https://golang.org/pkg/go/build/#hdr-Build_Constraints).
 ## Prometheus metrics
 [Prometheus](https://prometheus.io) metrics are generated for the queue manager as follows:
--- a/docs/security.md
+++ b/docs/security.md
@@ -4,7 +4,7 @@
 ### User
-The MQ server image is run using the "mqm" user, with a fixed UID and GID of 888.
+The MQ server image is run using the "mqm" user.  On the Ubuntu-based image, this uses the UID and GID of 999.  On the Red Hat Enterprise Linux image, it uses the UID and GID of 888.
 ### Capabilities
@@ -16,10 +16,10 @@ docker run \
  --env LICENSE=accept \
  --env MQ_QMGR_NAME=QM1 \
  --detach \
-  mqadvanced-server:9.1.3.0-amd64
+  mqadvanced-server:9.1.1.0-x86_64-ubuntu-16.04
 ```
-The MQ Advanced for Developers image does require the "chown", "setuid", "setgid" and "audit_write" capabilities (plus "dac_override" if you're using an image based on Red Hat Enterprise Linux).  This is because it uses the "sudo" command to change passwords inside the container.  For example, in Docker, you could do the following:
+The MQ Advanced for Developers image does requires the "chown", "setuid", "setgid" and "audit_write" capabilities (plus "dac_override" if you're using an image based on Red Hat Enterprise Linux).  This is because it uses the "sudo" command to change passwords inside the container.  For example, in Docker, you could do the following:
 ```sh
 docker run \
@@ -31,9 +31,9 @@ docker run \
  --env LICENSE=accept \
  --env MQ_QMGR_NAME=QM1 \
  --detach \
-  mqadvanced-server-dev:9.1.3.0-amd64
+  mqadvanced-server-dev:9.1.1.0-x86_64-ubuntu-16.04
 ```
 ### SELinux
-The SELinux label "spc_t" (super-privileged container) is needed to run the MQ container on a host with SELinux enabled.  This is due to a current limitation in how MQ data is stored on volumes, which violates the usual policy applied when using the standard "container_t" label.
+The SELinux label "spc_t" (super-privileged container) is needed to run the MQ container on a host with SELinux enabled.  This is due to a current limitation in how MQ data is stored on volumes, which violates the usual policy applied when using the standard "container_t" label.
--- a/docs/testing.md
+++ b/docs/testing.md
@@ -6,6 +6,13 @@ You need to ensure you have the following tools installed:
 * [GNU make](https://www.gnu.org/software/make/)
 * [Go](https://golang.org/) - only needed for running the tests
 * [dep](https://github.com/golang/dep) (official Go dependency management tool) - needed to prepare for running the tests
 * [Helm](https://helm.sh) - only needed for running the Kubernetes tests
 ### Prerequisites for testing a RedHat image
 If you want to test a container image with Red Hat Enterprise Linux as the base OS, then you need to use a host server with Red Hat Enterprise Linux.  You must also have the following tools installed:
 * [Yum](http://yum.baseurl.org/) (available in `rhel-7-server-extras`)
 * [Buildah](https://buildah.io) (available in `rhel-7-server-extras`)
 ## Running the tests
 There are two main sets of tests:
@@ -24,7 +31,7 @@ make test-advancedserver
 You can specify the image to use directly by using the `MQ_IMAGE_ADVANCEDSERVER` or `MQ_IMAGE_DEVSERVER` variables, for example:
 ```
-MQ_IMAGE_ADVANCEDSERVER=mqadvanced-server:9.1.3.0-amd64 make test-advancedserver
+MQ_IMAGE_ADVANCEDSERVER=mqadvanced-server:9.1.1.0-x86_64-ubuntu-16.04 make test-advancedserver
 ```
 You can pass parameters to `go test` with an environment variable.  For example, to run the "TestGoldenPath" test, run the following command::
@@ -33,10 +40,10 @@ You can pass parameters to `go test` with an environment variable.  For example,
 TEST_OPTS_DOCKER="-run TestGoldenPath" make test-advancedserver
 ```
-You can also use the same environment variables you specified when [building](./building), for example, the following will try and test an image called `mqadvanced-server:9.1.3.0-amd64`:
+You can also use the same environment variables you specified when [building](./building), for example, the following will try and test an image called `mqadvanced-server:9.1.0.0-x86_64-ubuntu-16.04`:
 ```
-MQ_VERSION=9.1.3.0 make test-advancedserver
+MQ_VERSION=9.1.0.0 make test-advancedserver
 ```
 ### Running the Docker tests with code coverage
--- a/docs/usage.md
+++ b/docs/usage.md
@@ -2,8 +2,6 @@
 In order to use the image, it is necessary to accept the terms of the IBM MQ license.  This is achieved by specifying the environment variable `LICENSE` equal to `accept` when running the image.  You can also view the license terms by setting this variable to `view`. Failure to set the variable will result in the termination of the container with a usage statement.  You can view the license in a different language by also setting the `LANG` environment variable.
 > **Note**: You can use `podman` instead of `docker` in any of the examples on this page.
 ## Running with the default configuration
 You can run a queue manager with the default configuration and a listener on port 1414 using the following command.  For example, the following command creates and starts a queue manager called `QM1`, and maps port 1414 on the host to the MQ listener on port 1414 inside the container, as well as port 9443 on the host to the web console on port 9443 inside the container:
@@ -98,22 +96,3 @@ docker exec \
 ```
 Using this technique, you can have full control over all aspects of the MQ installation.  Note that if you use this technique to make changes to the filesystem, then those changes would be lost if you re-created your container unless you make those changes in volumes.
 ## Supplying TLS certificates
 If you wish to supply TLS Certificates that the queue manager and MQ Console should use for TLS operations then you must supply a PKCS#1 or unencrypted PKCS#8 PEM files for both the certificates and private keys in the following directories:
 * `/etc/mqm/pki/keys/<Label>` - for certificates with public and private keys
 * `/etc/mqm/pki/trust/<index>` - for certificates with only the public key
 For example, if you have an identity certificate you wish to add with the label `mykey` and 2 certificates you wish to add as trusted then you would need to add the files into the following locations where files ending in `.key` contain private keys and `.crt` contain certificates:
 - `/etc/mqm/pki/keys/mykey/tls.key`
 - `/etc/mqm/pki/keys/mykey/tls.crt`
 - `/etc/mqm/pki/keys/mykey/ca.crt`
 - `/etc/mqm/pki/trust/0/tls.crt`
 - `/etc/mqm/pki/trust/1/tls.crt`
 This can be achieved by either mounting the directories or files into the container when you run it or by baking the files into the correct location in the image. 
 If you supply multiple identity certificates then the first label alphabetically will be chosen as the certificate to be used by the MQ Console and the default certificate for the queue manager. If you wish to use a different certificate on the queue manager then you can change the certificate to use at runtime by executing the MQSC command `ALTER QMGR CERTLABL('<newlabel>')`
--- a/glide.lock
+++ b/glide.lock
@@ -1,5 +1,5 @@
-hash: 6ebd5fb1c39729378c7256da6f312e9699bff1ddff9941d3c8c1ba785e22acfd
+hash: b02555ebf3957ece0ae5ecf132fa4e415a4f66a7f4c27a82d484f4fb78f56e41
-updated: 2019-05-21T10:38:01.227081+01:00
+updated: 2018-07-13T08:50:32.923040349+01:00
 imports:
 - name: github.com/beorn7/perks
  version: 3a771d992973f24aa725d07868b467d1ddfceafb
@@ -50,8 +50,4 @@ imports:
  version: 1b2967e3c290b7c545b3db0deeda16e9be4f98a2
  subpackages:
  - unix
 - name: software.sslmate.com/src/go-pkcs12
  version: 6e380ad96778cc63c6ea17649a9b74224bceafe9
  subpackages:
  - internal/rc2
 testImports: []
--- a/glide.yaml
+++ b/glide.yaml
@@ -1,4 +1,4 @@
-# © Copyright IBM Corporation 2017, 2019
+# © Copyright IBM Corporation 2017
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -25,6 +25,4 @@ import:
 - package: github.com/ibm-messaging/mq-golang
  version: 2.0.0
 - package: github.com/genuinetools/amicontained
-  version: 0.4.0
+  version: 0.4.0
 - package: software.sslmate.com/src/go-pkcs12
  commit: 6e380ad96778cc63c6ea17649a9b74224bceafe9
--- a/incubating/mq-explorer/Dockerfile
+++ b/incubating/mq-explorer/Dockerfile
@@ -12,33 +12,29 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-FROM registry.access.redhat.com/ubi7/ubi-minimal AS mq-explorer
+FROM ubuntu:16.04
 # The URL to download the MQ installer from in tar.gz format
-ARG MQ_URL="https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/mqadv_dev912_linux_x86-64.tar.gz"
+ARG MQ_URL=https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/mqadv_dev911_ubuntu_x86-64.tar.gz
 # The MQ packages to install
-ENV MQ_PACKAGES="MQSeriesRuntime*.rpm MQSeriesJRE*.rpm MQSeriesExplorer*.rpm"
+ARG MQ_PACKAGES
-ARG MQM_UID=888
+ARG MQM_UID=999
-RUN microdnf install -y --nodocs gtk2 libXtst \
+RUN export DEBIAN_FRONTEND=noninteractive \
-  && microdnf clean all
+  && apt-get update \
  && apt-get install -y \
    libgtk2.0-0 \
    libxtst6
 ADD install-mq.sh /usr/local/bin/
 # Install MQ Explorer.  To avoid a "text file busy" error here, we sleep before installing.
 # Need to re-instate the `/var/mqm` directory after installation, to avoid MQ 
 # errors with some commands (e.g. `dspmqver`)
 RUN chmod u+x /usr/local/bin/install-mq.sh \
-  && sleep 1 \
+  && install-mq.sh
  && install-mq.sh $MQM_UID \
  && rm -rf /var/mqm \
  && /opt/mqm/bin/crtmqdir -f -s
 ENV LANG=en_US.UTF-8
-# Run as mqm
+# Run as mqm (999)
-USER $MQM_UID
+USER 999
 ENTRYPOINT ["MQExplorer"]
--- a/manifests/dockerstore/manifest-9.1.2.yaml
+++ b/manifests/dockerstore/manifest-9.1.2.yaml
@@ -11,19 +11,23 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ARG BASE_IMAGE=mq-sdk:9.1.1.0-x86_64-ubuntu-16.04
-image: ibmcorp/mqadvanced-server-dev:9.1.2.0
+FROM $BASE_IMAGE
 manifests:
  - image: ibmcorp/mqadvanced-server-dev:9.1.2.0-x86_64
    platform:
      architecture: amd64
      os: linux
  - image: ibmcorp/mqadvanced-server-dev:9.1.2.0-ppc64le
    platform:
      architecture: ppc64le
      os: linux
  - image: ibmcorp/mqadvanced-server-dev:9.1.2.0-s390x
    platform:
      architecture: s390x
      os: linux
 COPY incubating/mq-golang-sdk/install-golang.sh /usr/local/bin
 ENV GO_VERSION=1.10
 ENV PATH="${PATH}:/usr/lib/go-${GO_VERSION}/bin:/go/bin:/usr/local/go/bin" \
    CGO_CFLAGS="-I/opt/mqm/inc/"                                           \
    CGO_LDFLAGS_ALLOW="-Wl,-rpath.*"                                       \
    GOPATH="/go"
 # Install the Go compiler and Git
 RUN chmod +x /usr/local/bin/install-golang.sh \
    && sleep 1 \
    && install-golang.sh 
 WORKDIR $GOPATH
--- a/incubating/mq-golang-sdk/README.md
+++ b/incubating/mq-golang-sdk/README.md
@@ -0,0 +1,5 @@
 # IBM MQ Software Developer Kit (SDK) with Go
 This image contains the MQ SDK, Git, the Go compiler, and the `build-essential` package (which includes GNU C and C++ compilers plus other essential tools like `make`).
 This image doesn't contain any Go code for MQ.  You can add a CGO wrapper for the MQ C client, for example [mq-golang](https://github.com/ibm-messaging/mq-golang), via your vendor directory, or directly using `go get`.
--- a/incubating/mq-golang-sdk/install-golang.sh
+++ b/incubating/mq-golang-sdk/install-golang.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # -*- mode: sh -*-
-# © Copyright IBM Corporation 2015, 2019
+# © Copyright IBM Corporation 2018
 #
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -18,9 +18,7 @@
 # Fail on any non-zero return code
 set -ex
-test -f /usr/bin/yum && YUM=true || YUM=false
+test -f /usr/bin/yum && RHEL=true || RHEL=false
 test -f /usr/bin/microdnf && MICRODNF=true || MICRODNF=false
 test -f /usr/bin/rpm && RPM=true || RPM=false
 test -f /usr/bin/apt-get && UBUNTU=true || UBUNTU=false
 if ($UBUNTU); then
@@ -39,43 +37,37 @@ if ($UBUNTU); then
  # This ensures no unsupported code gets installed, and makes the build faster
  echo "deb ${APT_URL} ${UBUNTU_CODENAME} main restricted" > /etc/apt/sources.list
  echo "deb ${APT_URL} ${UBUNTU_CODENAME}-updates main restricted" >> /etc/apt/sources.list
  echo "deb ${APT_URL} ${UBUNTU_CODENAME}-backports main restricted universe" >> /etc/apt/sources.list;
  echo "deb ${APT_URL} ${UBUNTU_CODENAME}-security main restricted" >> /etc/apt/sources.list
-  # Install additional packages required by MQ, this install process and the runtime scripts
+  
-  apt-get update
+  apt-get update 
  apt-get install -y --no-install-recommends \
-    bash \
+    golang-${GO_VERSION} \
-    bc \
+    git \
-    ca-certificates \
+    ca-certificates
    coreutils \
    curl \
    debianutils \
    file \
    findutils \
    gawk \
    grep \
    libc-bin \
    mount \
    passwd \
    procps \
    sed \
    tar \
    util-linux 
 fi
-if ($RPM); then
+if ($RHEL); then
  EXTRA_RPMS="bash bc ca-certificates coreutils file findutils gawk glibc-common grep passwd procps-ng sed shadow-utils tar util-linux which"
  # Install additional packages required by MQ, this install process and the runtime scripts
-  $YUM && yum -y install --setopt install_weak_deps=false ${EXTRA_RPMS}
+  yum -y install \
-  $MICRODNF && microdnf install --nodocs ${EXTRA_RPMS}
+    git \
    curl \
    tar \
    gcc
    cd /tmp
    curl -LO https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz
    tar -C /usr/local -xzf go${GO_VERSION}.linux-amd64.tar.gz
 fi
-# Apply any bug fixes not included in base Ubuntu or MQ image.
+# Remove any orphaned packages
-# Don't upgrade everything based on Docker best practices https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#run
+$UBUNTU && apt-get autoremove -y
 $UBUNTU && apt-get install -y libapparmor1 libsystemd0 systemd systemd-sysv libudev1 perl-base --only-upgrade
 # End of bug fixes
 # Clean up cached files
 $UBUNTU && rm -rf /var/lib/apt/lists/*
-$YUM && yum -y clean all
+$RHEL && yum -y clean all
-$YUM && rm -rf /var/cache/yum/*
+$RHEL && rm -rf /var/cache/yum/*
-$MICRODNF && microdnf clean all
+
 # Make the GOLANG directories 
 mkdir -p $GOPATH/src $GOPATH/bin
 chmod -R 777 $GOPATH
--- a/incubating/mq-sdk/Dockerfile
+++ b/incubating/mq-sdk/Dockerfile
@@ -12,19 +12,19 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-FROM registry.access.redhat.com/rhscl/devtoolset-7-toolchain-rhel7 AS mq-sdk
+ARG BASE_IMAGE=ubuntu:16.04
-#FROM docker.io/centos/devtoolset-7-toolchain-centos7 AS mq-sdk
+
 FROM $BASE_IMAGE
 # The URL to download the MQ installer from in tar.gz format
 # This assumes an archive containing the MQ Debian (.deb) install packages
 ARG MQ_URL
 # The packages to install in install-mq.sh
-ENV MQ_PACKAGES="MQSeriesRuntime-*.rpm MQSeriesSDK-*.rpm MQSeriesSamples*.rpm"
+ARG MQ_PACKAGES
-ENV MQM_UID=888
+ARG MQM_UID=999
 USER 0
 COPY install-mq.sh /usr/local/bin/
 # Install MQ.  To avoid a "text file busy" error here, we sleep before installing.
@@ -35,4 +35,3 @@ RUN chmod u+x /usr/local/bin/install-mq.sh \
  && install-mq.sh $MQM_UID \
  && rm -rf /var/mqm \
  && /opt/mqm/bin/crtmqdir -f -s
 USER 1001
--- a/incubating/mqadvanced-server-dev/10-dev.mqsc.tpl
+++ b/incubating/mqadvanced-server-dev/10-dev.mqsc.tpl
@@ -14,7 +14,6 @@
 * limitations under the License.
 STOP LISTENER('SYSTEM.LISTENER.TCP.1') IGNSTATE(YES)
 ALTER LISTENER('SYSTEM.LISTENER.TCP.1') TRPTYPE(TCP) CONTROL(MANUAL)
 * Developer queues
 DEFINE QLOCAL('DEV.QUEUE.1') REPLACE
--- a/incubating/mqadvanced-server-dev/20-dev-tls.mqsc.tpl
+++ b/incubating/mqadvanced-server-dev/20-dev-tls.mqsc.tpl
@@ -1,4 +1,4 @@
-* © Copyright IBM Corporation 2018, 2019
+* © Copyright IBM Corporation 2018
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
@@ -13,6 +13,10 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 * Set the keystore location for the queue manager
 ALTER QMGR SSLKEYR('{{ .SSLKeyR }}')
 ALTER QMGR CERTLABL('{{ .CertificateLabel }}')
 * Set the cipherspec for dev channels
-ALTER CHANNEL('DEV.APP.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(ANY_TLS12) SSLCAUTH(OPTIONAL)
+ALTER CHANNEL('DEV.APP.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH({{ .SSLCipherSpec }}) SSLCAUTH(OPTIONAL)
-ALTER CHANNEL('DEV.ADMIN.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(ANY_TLS12) SSLCAUTH(OPTIONAL)
+ALTER CHANNEL('DEV.ADMIN.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH({{ .SSLCipherSpec }}) SSLCAUTH(OPTIONAL)
--- a/incubating/mqadvanced-server-dev/Dockerfile
+++ b/incubating/mqadvanced-server-dev/Dockerfile
@@ -0,0 +1,84 @@
 # © Copyright IBM Corporation 2015, 2019
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ARG BASE_IMAGE=mqadvanced-server-dev-base:9.1.1.0-x86_64-ubuntu-16.04
 ARG BUILDER_IMAGE=mq-golang-sdk:9.1.1.0-x86_64-ubuntu-16.04
 ###############################################################################
 # Build stage to build Go code
 ###############################################################################
 FROM $BUILDER_IMAGE as builder
 ARG IMAGE_REVISION="Not specified"
 ARG IMAGE_SOURCE="Not specified"
 ARG IMAGE_TAG="Not specified"
 WORKDIR /go/src/github.com/ibm-messaging/mq-container/
 COPY cmd/ ./cmd
 COPY internal/ ./internal
 COPY vendor/ ./vendor
 # Re-build runmqserver, with code tagged with 'mqdev' enabled
 RUN go build -ldflags "-X \"main.ImageCreated=$(date --iso-8601=seconds)\" -X \"main.ImageRevision=$IMAGE_REVISION\" -X \"main.ImageSource=$IMAGE_SOURCE\" -X \"main.ImageTag=$IMAGE_TAG\"" --tags 'mqdev'  ./cmd/runmqserver
 RUN go build ./cmd/runmqdevserver/
 # Run all unit tests
 RUN go test -v ./cmd/runmqdevserver/...
 ###############################################################################
 # Main build stage
 ###############################################################################
 FROM $BASE_IMAGE
 # Enable MQ developer default configuration
 ENV MQ_DEV=true
 # Default administrator password
 ENV MQ_ADMIN_PASSWORD=passw0rd
 ARG MQM_UID=999
 USER root
 COPY incubating/mqadvanced-server-dev/install-extra-packages.sh /usr/local/bin/
 RUN chmod u+x /usr/local/bin/install-extra-packages.sh \
  && sleep 1 \
  && install-extra-packages.sh
 # WARNING: This is what allows the mqm user to change the password of any other user
 # It's used by runmqdevserver to change the admin/app passwords.
 RUN echo "mqm    ALL = NOPASSWD: /usr/sbin/chpasswd" > /etc/sudoers.d/mq-dev-config
 ## Add admin and app users, and set a default password for admin
 RUN useradd admin -G mqm \
  && groupadd mqclient \
  && useradd app -G mqclient \
  && echo admin:$MQ_ADMIN_PASSWORD | chpasswd
 # Create a directory for runtime data from runmqserver
 RUN mkdir -p /run/runmqdevserver \
  && chown mqm:mqm /run/runmqdevserver
 COPY --from=builder /go/src/github.com/ibm-messaging/mq-container/runmqserver /usr/local/bin/
 COPY --from=builder /go/src/github.com/ibm-messaging/mq-container/runmqdevserver /usr/local/bin/
 # Copy template files
 COPY incubating/mqadvanced-server-dev/*.tpl /etc/mqm/
 # Copy web XML files for default developer configuration
 COPY incubating/mqadvanced-server-dev/web /etc/mqm/web
 RUN chown -R mqm:mqm /etc/mqm/* \
  && chmod +x /usr/local/bin/runmq* \
  && install --directory --mode 0775 --owner mqm --group root /run/runmqdevserver
 USER $MQM_UID
 ENTRYPOINT ["runmqdevserver"]
--- a/incubating/mqadvanced-server-dev/entrypoint.sh
+++ b/incubating/mqadvanced-server-dev/entrypoint.sh
@@ -0,0 +1,17 @@
 #!/bin/bash
 # Change admin password
 if [ -n "${MQ_ADMIN_PASSWORD}" ]; then
    echo admin:${MQ_ADMIN_PASSWORD} | chpasswd
 fi
 # Change app password
 if [ -n "${MQ_APP_PASSWORD}" ]; then
    echo app:${MQ_APP_PASSWORD} | chpasswd
 fi
 # Delete the MQSC with developer defaults, if requested
 if [ "${MQ_DEV}" != "true" ]; then
    rm -f /etc/mqm/dev.mqsc
 fi
 exec runmqserver
--- a/incubating/mqadvanced-server-dev/install-extra-packages.sh
+++ b/incubating/mqadvanced-server-dev/install-extra-packages.sh
@@ -15,8 +15,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-test -f /usr/bin/yum && YUM=true || YUM=false
+test -f /usr/bin/yum && RHEL=true || RHEL=false
 test -f /usr/bin/microdnf && MICRODNF=true || MICRODNF=false
 test -f /usr/bin/apt-get && UBUNTU=true || UBUNTU=false
 if ($UBUNTU); then
@@ -26,13 +25,8 @@ if ($UBUNTU); then
    rm -rf /var/lib/apt/lists/*
 fi
-if ($YUM); then
+if ($RHEL); then
    yum -y install sudo
    yum -y clean all
    rm -rf /var/cache/yum/*
 fi
 if ($MICRODNF); then
    microdnf install --nodocs sudo
    microdnf clean all
 fi
--- a/incubating/mqadvanced-server-dev/web/installations/Installation1/servers/mqweb/mqwebuser.xml
+++ b/incubating/mqadvanced-server-dev/web/installations/Installation1/servers/mqweb/mqwebuser.xml
@@ -1,5 +1,30 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <server>
 	<!-- ****************************************************************** -->
 	<!--                                                                    -->
 	<!--  IBM MQ security configuration for MQ Console and REST API.        -->
 	<!--                                                                    -->
 	<!--  Name: mqwebuser.xml                                               -->
 	<!--                                                                    -->
 	<!--  Description:  Default webconsole configuration                    -->
 	<!--                                                                    -->
 	<!-- ****************************************************************** -->
 	<!-- <copyright                                                         -->
 	<!--     notice='lm-source-program'                                     -->
 	<!--     pids='5724-H72'                                                -->
 	<!--     years='2018,2019'                                              -->
 	<!--     crc='0' >                                                      -->
 	<!--                                                                    -->
 	<!--     Licensed Materials - Property of IBM                           -->
 	<!--                                                                    -->
 	<!--     5724-H72                                                       -->
 	<!--                                                                    -->
 	<!--     (C) Copyright IBM Corp. 2018, 2019 All Rights Reserved.        -->
 	<!--                                                                    -->
 	<!--     US Government Users Restricted Rights - Use, duplication or    -->
 	<!--     disclosure restricted by GSA ADP Schedule Contract with        -->
 	<!--     IBM Corp.                                                      -->
 	<!-- </copyright>                                                       -->
    <featureManager>
        <feature>appSecurity-2.0</feature>
        <feature>basicAuthenticationMQ-1.0</feature>
--- a/incubating/mqadvanced-server-dev/web/installations/Installation1/servers/mqweb/tls-dev.xml
+++ b/incubating/mqadvanced-server-dev/web/installations/Installation1/servers/mqweb/tls-dev.xml
@@ -0,0 +1,32 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <server>
 	<!-- ****************************************************************** -->
 	<!--                                                                    -->
 	<!--  IBM MQ security configuration for MQ Console and REST API.        -->
 	<!--                                                                    -->
 	<!--  Name: mqwebuser.xml                                               -->
 	<!--                                                                    -->
 	<!--  Description:  Default webconsole configuration                    -->
 	<!--                                                                    -->
 	<!-- ****************************************************************** -->
 	<!-- <copyright                                                         -->
 	<!--     notice='lm-source-program'                                     -->
 	<!--     pids='5724-H72'                                                -->
 	<!--     years='2018,2019'                                              -->
 	<!--     crc='0' >                                                      -->
 	<!--                                                                    -->
 	<!--     Licensed Materials - Property of IBM                           -->
 	<!--                                                                    -->
 	<!--     5724-H72                                                       -->
 	<!--                                                                    -->
 	<!--     (C) Copyright IBM Corp. 2018, 2019 All Rights Reserved.        -->
 	<!--                                                                    -->
 	<!--     US Government Users Restricted Rights - Use, duplication or    -->
 	<!--     disclosure restricted by GSA ADP Schedule Contract with        -->
 	<!--     IBM Corp.                                                      -->
 	<!-- </copyright>                                                       -->
    <keyStore id="MQWebKeyStore" location="/run/runmqdevserver/tls/key.jks" type="JKS" password="${env.MQ_TLS_PASSPHRASE}"/>
    <keyStore id="MQWebTrustStore" location="/run/runmqdevserver/tls/trust.jks" type="JKS" password="${env.MQ_TLS_PASSPHRASE}"/>
    <ssl id="thisSSLConfig" clientAuthenticationSupported="true" keyStoreRef="MQWebKeyStore" trustStoreRef="MQWebTrustStore" sslProtocol="TLSv1.2" serverKeyAlias="devcert"/>
    <sslDefault sslRef="thisSSLConfig"/>
 </server>
--- a/install-mq.sh
+++ b/install-mq.sh
@@ -18,19 +18,92 @@
 # Fail on any non-zero return code
 set -ex
-mqm_uid=${1:-888}
+mqm_uid=${1:-999}
-test -f /usr/bin/yum && YUM=true || YUM=false
+test -f /usr/bin/yum && RHEL=true || RHEL=false
 test -f /usr/bin/microdnf && MICRODNF=true || MICRODNF=false
 test -f /usr/bin/rpm && RPM=true || RPM=false
 test -f /usr/bin/apt-get && UBUNTU=true || UBUNTU=false
 # If MQ_PACKAGES isn't specifically set, then choose a valid set of defaults
 if [ -z "$MQ_PACKAGES" ]; then
  $UBUNTU && MQ_PACKAGES="ibmmq-server ibmmq-java ibmmq-jre ibmmq-gskit ibmmq-msg-.* ibmmq-samples ibmmq-ams ibmmq-web"
  $RHEL && MQ_PACKAGES="MQSeriesRuntime-*.rpm MQSeriesServer-*.rpm MQSeriesJava*.rpm MQSeriesJRE*.rpm MQSeriesGSKit*.rpm MQSeriesMsg*.rpm MQSeriesSamples*.rpm MQSeriesAMS-*.rpm MQSeriesWeb-*.rpm"
 fi
 if ($UBUNTU); then
  export DEBIAN_FRONTEND=noninteractive
  # Use a reduced set of apt repositories.
  # This ensures no unsupported code gets installed, and makes the build faster
  source /etc/os-release
  # Figure out the correct apt URL based on the CPU architecture
  CPU_ARCH=$(uname -p)
  if [ ${CPU_ARCH} == "x86_64" ]; then
     APT_URL="http://archive.ubuntu.com/ubuntu/"
  else
     APT_URL="http://ports.ubuntu.com/ubuntu-ports/"
  fi
  # Use a reduced set of apt repositories.
  # This ensures no unsupported code gets installed, and makes the build faster
  echo "deb ${APT_URL} ${UBUNTU_CODENAME} main restricted" > /etc/apt/sources.list
  echo "deb ${APT_URL} ${UBUNTU_CODENAME}-updates main restricted" >> /etc/apt/sources.list
  echo "deb ${APT_URL} ${UBUNTU_CODENAME}-security main restricted" >> /etc/apt/sources.list
  # Install additional packages required by MQ, this install process and the runtime scripts
  apt-get update
  apt-get install -y --no-install-recommends \
    bash \
    bc \
    ca-certificates \
    coreutils \
    curl \
    debianutils \
    file \
    findutils \
    gawk \
    grep \
    libc-bin \
    mount \
    passwd \
    procps \
    sed \
    tar \
    util-linux \
    openssl
 fi
 # Install additional packages required by MQ, this install process and the runtime scripts
 $RHEL && yum -y install \
  bash \
  bc \
  ca-certificates \
  coreutils \
  curl \
  file \
  findutils \
  gawk \
  glibc-common \
  grep \
  passwd \
  procps-ng \
  sed \
  tar \
  util-linux \
  openssl
 # Download and extract the MQ installation files
 DIR_EXTRACT=/tmp/mq
 mkdir -p ${DIR_EXTRACT}
 cd ${DIR_EXTRACT}
 curl -LO $MQ_URL
-tar -zxf ./*.tar.gz
+tar -zxvf ./*.tar.gz
 # Remove packages only needed by this script
 $UBUNTU && apt-get purge -y \
  ca-certificates \
  curl
 # Note: ca-certificates and curl are installed by default in RHEL
 # Remove any orphaned packages
 $UBUNTU && apt-get autoremove -y
 # Recommended: Create the mqm user ID with a fixed UID and group, so that the file permissions work between different images
 groupadd --system --gid ${mqm_uid} mqm
@@ -38,7 +111,7 @@ useradd --system --uid ${mqm_uid} --gid mqm --groups 0 mqm
 # Find directory containing .deb files
 $UBUNTU && DIR_DEB=$(find ${DIR_EXTRACT} -name "*.deb" -printf "%h\n" | sort -u | head -1)
-$RPM && DIR_RPM=$(find ${DIR_EXTRACT} -name "*.rpm" -printf "%h\n" | sort -u | head -1)
+$RHEL && DIR_RPM=$(find ${DIR_EXTRACT} -name "*.rpm" -printf "%h\n" | sort -u | head -1)
 # Find location of mqlicense.sh
 MQLICENSE=$(find ${DIR_EXTRACT} -name "mqlicense.sh")
@@ -50,11 +123,10 @@ $UBUNTU && echo "deb [trusted=yes] file:${DIR_DEB} ./" > /etc/apt/sources.list.d
 $UBUNTU && apt-get update
 $UBUNTU && apt-get install -y $MQ_PACKAGES
-$RPM && cd $DIR_RPM && rpm -ivh $MQ_PACKAGES
+$RHEL && cd $DIR_RPM && rpm -ivh $MQ_PACKAGES
 # Remove 32-bit libraries from 64-bit container
-# The "file" utility isn't installed by default in UBI, so only try this if it's installed
+find /opt/mqm /var/mqm -type f -exec file {} \; | awk -F: '/ELF 32-bit/{print $1}' | xargs --no-run-if-empty rm -f
 which file && find /opt/mqm /var/mqm -type f -exec file {} \; | awk -F: '/ELF 32-bit/{print $1}' | xargs --no-run-if-empty rm -f
 # Remove tar.gz files unpacked by RPM postinst scripts
 find /opt/mqm -name '*.tar.gz' -delete
@@ -66,6 +138,16 @@ find /opt/mqm -name '*.tar.gz' -delete
 $UBUNTU && rm -f /etc/apt/sources.list.d/IBM_MQ.list
 rm -rf ${DIR_EXTRACT}
 # Apply any bug fixes not included in base Ubuntu or MQ image.
 # Don't upgrade everything based on Docker best practices https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#run
 $UBUNTU && apt-get install -y libapparmor1 libsystemd0 systemd systemd-sysv libudev1 perl-base --only-upgrade
 # End of bug fixes
 # Clean up cached files
 $UBUNTU && rm -rf /var/lib/apt/lists/*
 $RHEL && yum -y clean all
 $RHEL && rm -rf /var/cache/yum/*
 # Optional: Update the command prompt with the MQ version
 $UBUNTU && echo "mq:$(dspmqver -b -f 2)" > /etc/debian_chroot
@@ -76,34 +158,17 @@ rm -rf /var/mqm
 install --directory --mode 0775 --owner mqm --group root /mnt
 install --directory --mode 0775 --owner mqm --group root /mnt/mqm
 install --directory --mode 0775 --owner mqm --group root /mnt/mqm/data
 install --directory --mode 0775 --owner mqm --group root /mnt/mqm-log
 install --directory --mode 0775 --owner mqm --group root /mnt/mqm-log/log
 install --directory --mode 0775 --owner mqm --group root /mnt/mqm-data
 install --directory --mode 0775 --owner mqm --group root /mnt/mqm-data/qmgrs
 # Create the directory for MQ configuration files
 install --directory --mode 0775 --owner mqm --group root /etc/mqm
 # Create the directory for MQ runtime files
 install --directory --mode 0775 --owner mqm --group root /run/mqm
 # Create a symlink for /var/mqm -> /mnt/mqm/data
 ln -s /mnt/mqm/data /var/mqm
 # Optional: Ensure any passwords expire in a timely manner
 sed -i 's/PASS_MAX_DAYS\t99999/PASS_MAX_DAYS\t90/' /etc/login.defs
 sed -i 's/PASS_MIN_DAYS\t0/PASS_MIN_DAYS\t1/' /etc/login.defs
 sed -i 's/PASS_MIN_LEN\t5/PASS_MIN_LEN\t8/' /etc/login.defs
 sed -i 's/# minlen = 9/minlen = 8/' /etc/security/pwquality.conf
 $UBUNTU && PAM_FILE=/etc/pam.d/common-password
-$RPM && PAM_FILE=/etc/pam.d/password-auth
+$RHEL && PAM_FILE=/etc/pam.d/password-auth
 sed -i 's/password\t\[success=1 default=ignore\]\tpam_unix\.so obscure sha512/password\t[success=1 default=ignore]\tpam_unix.so obscure sha512 minlen=8/' $PAM_FILE
 # List all the installed packages, for the build log
 $RPM && rpm -q --all || true
 $UBUNTU && dpkg --list || true
 # Copy MQ Licenses into the correct location
 mkdir -p /licenses
 cp /opt/mqm/licenses/*.txt /licenses/
--- a/internal/command/command.go
+++ b/internal/command/command.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2017, 2018
+© Copyright IBM Corporation 2017, 2019
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
--- a/internal/containerruntime/runtime.go
+++ b/internal/containerruntime/runtime.go
@@ -13,7 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
-package containerruntime
+package runtime
 import (
 	"fmt"
@@ -107,22 +107,3 @@ func GetKernelVersion() (string, error) {
 func GetMaxFileHandles() (string, error) {
 	return readProc("/proc/sys/fs/file-max")
 }
 // SupportedFilesystem returns true if the supplied filesystem type is supported for MQ data
 func SupportedFilesystem(fsType string) bool {
 	switch fsType {
 	case "aufs", "overlayfs", "tmpfs":
 		return false
 	default:
 		return true
 	}
 }
 // ValidMultiInstanceFilesystem returns true if the supplied filesystem type is valid for a multi-instance queue manager
 func ValidMultiInstanceFilesystem(fsType string) bool {
 	if !SupportedFilesystem(fsType) {
 		return false
 	}
 	// TODO : check for non-shared filesystems & shared filesystems which are known not to work
 	return true
 }
--- a/internal/containerruntime/runtime_linux.go
+++ b/internal/containerruntime/runtime_linux.go
@@ -15,7 +15,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
-package containerruntime
+package runtime
 import (
 	"golang.org/x/sys/unix"
@@ -113,3 +113,13 @@ func GetFilesystem(path string) (string, error) {
 	}
 	return t, nil
 }
 // SupportedFilesystem returns true if the supplied filesystem type is supported for MQ data
 func SupportedFilesystem(fsType string) bool {
 	switch fsType {
 	case "aufs", "overlayfs", "tmpfs":
 		return false
 	default:
 		return true
 	}
 }
--- a/internal/containerruntime/runtime_other.go
+++ b/internal/containerruntime/runtime_other.go
@@ -15,7 +15,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
-package containerruntime
+package runtime
 // Dummy version of this function, only for non-Linux systems.
 // Having this allows unit tests to be run on other platforms (e.g. macOS)
--- a/internal/copy/copy.go
+++ b/internal/copy/copy.go
@@ -1,58 +0,0 @@
 /*
 © Copyright IBM Corporation 2019
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package copy
 import (
 	"fmt"
 	"io"
 	"os"
 	"github.com/ibm-messaging/mq-container/internal/filecheck"
 )
 func CopyFileMode(src, dest string, perm os.FileMode) error {
 	err := filecheck.CheckFileSource(src)
 	if err != nil {
 		return fmt.Errorf("failed to open %s for copy: %v", src, err)
 	}
 	// #nosec G304 - filename variable 'src' is checked above to ensure it is valid
 	in, err := os.Open(src)
 	if err != nil {
 		return fmt.Errorf("failed to open %s for copy: %v", src, err)
 	}
 	defer in.Close()
 	out, err := os.OpenFile(dest, os.O_CREATE|os.O_WRONLY, perm)
 	if err != nil {
 		return fmt.Errorf("failed to open %s for copy: %v", dest, err)
 	}
 	defer out.Close()
 	_, err = io.Copy(out, in)
 	if err != nil {
 		return err
 	}
 	err = out.Close()
 	return err
 }
 // CopyFile copies the specified file
 func CopyFile(src, dest string) error {
 	return CopyFileMode(src, dest, 0770)
 }
--- a/internal/filecheck/filecheck.go
+++ b/internal/filecheck/filecheck.go
@@ -1,37 +0,0 @@
 /*
 © Copyright IBM Corporation 2019
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package filecheck
 import (
 	"fmt"
 	"path/filepath"
 	"strings"
 )
 // CheckFileSource checks the filename is valid
 func CheckFileSource(fileName string) error {
 	absFile, _ := filepath.Abs(fileName)
 	prefixes := []string{"bin", "boot", "dev", "lib", "lib64", "proc", "sbin", "sys"}
 	for _, prefix := range prefixes {
 		if strings.HasPrefix(absFile, filepath.Join("/", prefix)) {
 			return fmt.Errorf("Filename resolves to invalid path '%v'", absFile)
 		}
 	}
 	return nil
 }
--- a/internal/filecheck/filecheck_test.go
+++ b/internal/filecheck/filecheck_test.go
@@ -1,40 +0,0 @@
 /*
 © Copyright IBM Corporation 2019
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package filecheck
 import (
 	"testing"
 )
 func TestCheckFileSource(t *testing.T) {
 	invalidFilenames := []string{"/bin", "/boot", "/dev", "/lib", "/lib64", "/proc", "/sbin", "/sys", "/bin/myfile", "/boot/mydir/myfile", "/var/../dev", "/var/../lib/myfile"}
 	for _, invalidFilename := range invalidFilenames {
 		err := CheckFileSource(invalidFilename)
 		if err == nil {
 			t.Errorf("Expected to receive an error for filename '%v'", invalidFilename)
 		}
 	}
 	validFilenames := []string{"/var", "/mydir/dev", "/mydir/dev/myfile"}
 	for _, validFilename := range validFilenames {
 		err := CheckFileSource(validFilename)
 		if err != nil {
 			t.Errorf("Unexpected error received: %v", err)
 		}
 	}
 }
--- a/internal/keystore/keystore.go
+++ b/internal/keystore/keystore.go
@@ -21,11 +21,11 @@ import (
 	"bufio"
 	"fmt"
 	"os"
 	"os/exec"
 	"path/filepath"
 	"strings"
 	"github.com/ibm-messaging/mq-container/internal/command"
 	"github.com/ibm-messaging/mq-container/internal/logger"
 )
 // KeyStore describes information about a keystore file
@@ -56,22 +56,13 @@ func NewCMSKeyStore(filename, password string) *KeyStore {
 	}
 }
 // NewPKCS12KeyStore creates a new PKCS12 Key Store, managed by the runmqakm command
 func NewPKCS12KeyStore(filename, password string) *KeyStore {
 	return &KeyStore{
 		Filename:     filename,
 		Password:     password,
 		keyStoreType: "p12",
 		command:      "/opt/mqm/bin/runmqakm",
 	}
 }
 // Create a key store, if it doesn't already exist
-func (ks *KeyStore) Create() error {
+func (ks *KeyStore) Create(log *logger.Logger) error {
 	_, err := os.Stat(ks.Filename)
 	if err == nil {
 		// Keystore already exists so we should refresh it by deleting it.
 		extension := filepath.Ext(ks.Filename)
 		log.Debugf("Refreshing keystore: %v", ks.Filename)
 		if ks.keyStoreType == "cms" {
 			// Only delete these when we are refreshing the kdb keystore
 			stashFile := ks.Filename[0:len(ks.Filename)-len(extension)] + ".sth"
@@ -79,19 +70,23 @@ func (ks *KeyStore) Create() error {
 			crlFile := ks.Filename[0:len(ks.Filename)-len(extension)] + ".crl"
 			err = os.Remove(stashFile)
 			if err != nil {
 				log.Errorf("Error removing %s: %v", stashFile, err)
 				return err
 			}
 			err = os.Remove(rdbFile)
 			if err != nil {
 				log.Errorf("Error removing %s: %v", rdbFile, err)
 				return err
 			}
 			err = os.Remove(crlFile)
 			if err != nil {
 				log.Errorf("Error removing %s: %v", crlFile, err)
 				return err
 			}
 		}
 		err = os.Remove(ks.Filename)
 		if err != nil {
 			log.Errorf("Error removing %s: %v", ks.Filename, err)
 			return err
 		}
 	} else if !os.IsNotExist(err) {
@@ -104,22 +99,14 @@ func (ks *KeyStore) Create() error {
 	if err != nil {
 		return fmt.Errorf("error running \"%v -keydb -create\": %v %s", ks.command, err, out)
 	}
 	mqmUID, mqmGID, err := command.LookupMQM()
 	if err != nil {
 		return err
 	}
 	err = os.Chown(ks.Filename, mqmUID, mqmGID)
 	if err != nil {
 		return err
 	}
 	return nil
 }
 // CreateStash creates a key stash, if it doesn't already exist
-func (ks *KeyStore) CreateStash() error {
+func (ks *KeyStore) CreateStash(log *logger.Logger) error {
 	extension := filepath.Ext(ks.Filename)
 	stashFile := ks.Filename[0:len(ks.Filename)-len(extension)] + ".sth"
 	log.Debugf("TLS stash file: %v", stashFile)
 	_, err := os.Stat(stashFile)
 	if err != nil {
 		if os.IsNotExist(err) {
@@ -130,13 +117,14 @@ func (ks *KeyStore) CreateStash() error {
 		}
 		return err
 	}
-	mqmUID, mqmGID, err := command.LookupMQM()
+	return nil
 }
 // GeneratePKCS12 generates a PKCS12 file
 func (ks *KeyStore) GeneratePKCS12(keyFile, crtFile, pkcs12File, label, password string) error {
 	out, _, err := command.Run("openssl", "pkcs12", "-export", "-inkey", keyFile, "-in", crtFile, "-out", pkcs12File, "-name", label, "-passout", "pass:"+password)
 	if err != nil {
-		return err
+		return fmt.Errorf("error running \"openssl pkcs12 -export\": %v %s", err, out)
 	}
 	err = os.Chown(stashFile, mqmUID, mqmGID)
 	if err != nil {
 		return err
 	}
 	return nil
 }
@@ -151,8 +139,8 @@ func (ks *KeyStore) Import(inputFile, password string) error {
 }
 // CreateSelfSignedCertificate creates a self-signed certificate in the keystore
-func (ks *KeyStore) CreateSelfSignedCertificate(label, dn, hostname string) error {
+func (ks *KeyStore) CreateSelfSignedCertificate(label, dn string) error {
-	out, _, err := command.Run(ks.command, "-cert", "-create", "-db", ks.Filename, "-pw", ks.Password, "-label", label, "-dn", dn, "-san_dnsname", hostname)
+	out, _, err := command.Run(ks.command, "-cert", "-create", "-db", ks.Filename, "-pw", ks.Password, "-label", label, "-dn", dn)
 	if err != nil {
 		return fmt.Errorf("error running \"%v -cert -create\": %v %s", ks.command, err, out)
 	}
@@ -168,15 +156,6 @@ func (ks *KeyStore) Add(inputFile, label string) error {
 	return nil
 }
 // Add adds a CA certificate to the keystore
 func (ks *KeyStore) AddNoLabel(inputFile string) error {
 	out, _, err := command.Run(ks.command, "-cert", "-add", "-db", ks.Filename, "-type", ks.keyStoreType, "-pw", ks.Password, "-file", inputFile)
 	if err != nil {
 		return fmt.Errorf("error running \"%v -cert -add\": %v %s", ks.command, err, out)
 	}
 	return nil
 }
 // GetCertificateLabels returns the labels of all certificates in the key store
 func (ks *KeyStore) GetCertificateLabels() ([]string, error) {
 	out, _, err := command.Run(ks.command, "-cert", "-list", "-type", ks.keyStoreType, "-db", ks.Filename, "-pw", ks.Password)
@@ -201,44 +180,9 @@ func (ks *KeyStore) GetCertificateLabels() ([]string, error) {
 // RenameCertificate renames the specified certificate
 func (ks *KeyStore) RenameCertificate(from, to string) error {
-	if ks.command == "/opt/mqm/bin/runmqakm" {
+	out, _, err := command.Run(ks.command, "-cert", "-rename", "-db", ks.Filename, "-pw", ks.Password, "-label", from, "-new_label", to)
-		// runmqakm can't handle certs with ' in them so just use capicmd
+	if err != nil {
-		// Overriding gosec here as this function is in an internal package and only callable by our internal functions.
+		return fmt.Errorf("error running \"%v -cert -rename\": %v %s", ks.command, err, out)
 		// #nosec G204
 		cmd := exec.Command("/opt/mqm/gskit8/bin/gsk8capicmd_64", "-cert", "-rename", "-db", ks.Filename, "-pw", ks.Password, "-label", from, "-new_label", to)
 		cmd.Env = append(os.Environ(), "LD_LIBRARY_PATH=/opt/mqm/gskit8/lib64/:/opt/mqm/gskit8/lib")
 		out, _, err := command.RunCmd(cmd)
 		if err != nil {
 			return fmt.Errorf("error running \"%v -cert -rename\": %v %s", "/opt/mqm/gskit8/bin/gsk8capicmd_64", err, out)
 		}
 	} else {
 		out, _, err := command.Run(ks.command, "-cert", "-rename", "-db", ks.Filename, "-pw", ks.Password, "-label", from, "-new_label", to)
 		if err != nil {
 			return fmt.Errorf("error running \"%v -cert -rename\": %v %s", ks.command, err, out)
 		}
 	}
 	return nil
 }
 // ListAllCertificates Lists all certificates in the keystore
 func (ks *KeyStore) ListAllCertificates() ([]string, error) {
 	out, _, err := command.Run(ks.command, "-cert", "-list", "-type", ks.keyStoreType, "-db", ks.Filename, "-pw", ks.Password)
 	if err != nil {
 		return nil, fmt.Errorf("error running \"%v -cert -list\": %v %s", ks.command, err, out)
 	}
 	scanner := bufio.NewScanner(strings.NewReader(out))
 	var labels []string
 	for scanner.Scan() {
 		s := scanner.Text()
 		if strings.HasPrefix(s, "-") || strings.HasPrefix(s, "*-") || strings.HasPrefix(s, "!") {
 			s := strings.TrimLeft(s, "-*!")
 			labels = append(labels, strings.TrimSpace(s))
 		}
 	}
 	err = scanner.Err()
 	if err != nil {
 		return nil, err
 	}
 	return labels, nil
 }
--- a/internal/logger/logger.go
+++ b/internal/logger/logger.go
@@ -114,6 +114,11 @@ func (l *Logger) log(level string, msg string) {
 	l.mutex.Unlock()
 }
 // LogDirect logs a message directly to stdout
 func (l *Logger) LogDirect(msg string) {
 	fmt.Println(msg)
 }
 // Debug logs a line as debug
 func (l *Logger) Debug(args ...interface{}) {
 	if l.debug {
--- a/internal/metrics/metrics.go
+++ b/internal/metrics/metrics.go
@@ -24,7 +24,6 @@ import (
 	"time"
 	"github.com/ibm-messaging/mq-container/internal/logger"
 	"github.com/ibm-messaging/mq-container/internal/ready"
 	"github.com/prometheus/client_golang/prometheus"
 )
@@ -40,15 +39,6 @@ var (
 // GatherMetrics gathers metrics for the queue manager
 func GatherMetrics(qmName string, log *logger.Logger) {
 	// If running in standby mode - wait until the queue manager becomes active
 	for {
 		active, _ := ready.IsRunningAsActiveQM(qmName)
 		if active {
 			break
 		}
 		time.Sleep(requestTimeout * time.Second)
 	}
 	metricsEnabled = true
 	err := startMetricsGathering(qmName, log)
--- a/internal/metrics/update.go
+++ b/internal/metrics/update.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2018
+© Copyright IBM Corporation 2018, 2019
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
--- a/internal/mqini/mqat.ini
+++ b/internal/mqini/mqat.ini
@@ -1,20 +0,0 @@
 #*******************************************************************#
 #* Module Name: mqat.ini                                           *#
 #* Type       : IBM MQ queue manager configuration file            *#
 #  Function   : Define the configuration of application activity   *#
 #*              trace for a single queue manager.                  *#
 #*******************************************************************#
 # Global settings stanza, default values
 AllActivityTrace:
  ActivityInterval=1
  ActivityCount=100
  TraceLevel=MEDIUM
  TraceMessageData=0
  StopOnGetTraceMsg=ON
  SubscriptionDelivery=BATCHED
 # Prevent the sample activity trace program from generating data
 ApplicationTrace:
  ApplName=amqsact*
  Trace=OFF
--- a/internal/mqini/mqini.go
+++ b/internal/mqini/mqini.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2018, 2019
+© Copyright IBM Corporation 2018
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -19,12 +19,7 @@ package mqini
 import (
 	"bufio"
 	"errors"
 	"fmt"
 	"io/ioutil"
 	"os"
 	"path/filepath"
 	"regexp"
 	"strings"
 	"github.com/ibm-messaging/mq-container/internal/command"
@@ -39,12 +34,6 @@ type QueueManager struct {
 	InstallationName string
 }
 var qmgrDir string
 var stanzasQMINI []string
 var stanzasMQATINI []string
 // getQueueManagerFromStanza parses a queue manager stanza
 func getQueueManagerFromStanza(stanza string) (*QueueManager, error) {
 	scanner := bufio.NewScanner(strings.NewReader(stanza))
@@ -82,247 +71,5 @@ func GetQueueManager(name string) (*QueueManager, error) {
 // GetErrorLogDirectory returns the directory holding the error logs for the
 // specified queue manager
 func GetErrorLogDirectory(qm *QueueManager) string {
 	if qm.DataPath != "" {
 		return filepath.Join(qm.DataPath, "errors")
 	}
 	return filepath.Join(qm.Prefix, "qmgrs", qm.Directory, "errors")
 }
 //AddStanzas Reads supplied mq ini configuration files and updates the stanzas
 //into queue manager's ini configuration files.
 func AddStanzas(qmname string) error {
 	//find the qmgr directory.
 	qm, err := GetQueueManager(qmname)
 	if err != nil {
 		return err
 	}
 	qmgrDir = filepath.Join(qm.Prefix, "qmgrs", qm.Directory)
 	//Find the users ini configuration file
 	files := getIniFileList()
 	if len(files) > 1 {
 		msg := fmt.Sprintf("[ %v ]", files)
 		return errors.New("Only a single ini file can be provided. Following ini files are found:" + msg)
 	}
 	if len(files) == 0 {
 		//no ini file update required.
 		return nil
 	}
 	iniFileBytes, err := ioutil.ReadFile(files[0])
 	if err != nil {
 		return err
 	}
 	userconfig := string(iniFileBytes)
 	if len(userconfig) == 0 {
 		return nil
 	}
 	//Prepare a list of all supported stanzas
 	PopulateAllAvailableStanzas()
 	//Update the qmgr ini file with user config.
 	qmConfig, atConfig, err := PrepareConfigStanzasToWrite(userconfig)
 	if err != nil {
 		return err
 	}
 	err = writeConfigStanzas(qmConfig, atConfig)
 	if err != nil {
 		return err
 	}
 	return nil
 }
 // PopulateAllAvailableStanzas initializes the ini stanzas prescribed by mq specification.
 func PopulateAllAvailableStanzas() {
 	stanzasQMINI = []string{"ExitPath",
 		"Log",
 		"Service",
 		"ServiceComponent",
 		"Channels",
 		"TCP",
 		"ApiExitLocal",
 		"AccessMode",
 		"RestrictedMode",
 		"XAResourceManager",
 		"DefaultBindType",
 		"SSL",
 		"DiagnosticMessages",
 		"Filesystem",
 		"Security",
 		"TuningParameters",
 		"ExitPropertiesLocal",
 		"LU62",
 		"NETBIOS"}
 	stanzasMQATINI = []string{"AllActivityTrace", "ApplicationTrace"}
 }
 // getIniFileList Checks for the user supplied ini file in /etc/mqm directory.
 func getIniFileList() []string {
 	fileList := []string{}
 	filepath.Walk("/etc/mqm", func(path string, f os.FileInfo, err error) error {
 		if strings.HasSuffix(path, ".ini") {
 			fileList = append(fileList, path)
 		}
 		return nil
 	})
 	return fileList
 }
 //PrepareConfigStanzasToWrite Reads through the user supplied ini config file and prepares list of
 //updates to be written into corresponding mq ini files (qm.ini and/or mqat.ini files.)
 func PrepareConfigStanzasToWrite(userconfig string) (string, string, error) {
 	var qminiConfigStr string
 	var mqatiniConfigStr string
 	//read the initial version.
 	iniFileBytes, err := ioutil.ReadFile(filepath.Join(qmgrDir, "qm.ini"))
 	if err != nil {
 		return "", "", err
 	}
 	qminiConfigStr = string(iniFileBytes)
 	iniFileBytes, err = ioutil.ReadFile(filepath.Join(qmgrDir, "mqat.ini"))
 	if err != nil {
 		return "", "", err
 	}
 	mqatiniConfigStr = string(iniFileBytes)
 	stanzaListMerge := make(map[string]strings.Builder)
 	stanzaListAppend := make(map[string]strings.Builder)
 	var sbAppend strings.Builder
 	var sbMerger strings.Builder
 	scanner := bufio.NewScanner(strings.NewReader(userconfig))
 	scanner.Split(bufio.ScanLines)
 	consumetoAppend := false
 	consumeToMerge := false
 	var stanza string
 	//read through the user file and prepare what we want.
 	for scanner.Scan() {
 		if strings.Contains(scanner.Text(), ":") {
 			consumetoAppend = false
 			consumeToMerge = false
 			stanza = scanner.Text()
 			//check if this stanza exists in the qm.ini/mqat.ini files
 			if strings.Contains(qminiConfigStr, stanza) ||
 				(strings.Contains(mqatiniConfigStr, stanza) && !(strings.Contains(stanza, "ApplicationTrace"))) {
 				consumeToMerge = true
 				sbMerger = strings.Builder{}
 				stanzaListMerge[stanza] = sbMerger
 			} else {
 				consumetoAppend = true
 				sbAppend = strings.Builder{}
 				stanzaListAppend[stanza] = sbAppend
 			}
 		} else {
 			if consumetoAppend {
 				sb := stanzaListAppend[stanza]
 				sb.WriteString(scanner.Text() + "\n")
 				stanzaListAppend[stanza] = sb
 			}
 			if consumeToMerge {
 				sb := stanzaListMerge[stanza]
 				sb.WriteString(scanner.Text() + "\n")
 				stanzaListMerge[stanza] = sb
 			}
 		}
 	}
 	//merge if stanza exits.
 	if len(stanzaListMerge) > 0 {
 		for key := range stanzaListMerge {
 			toWrite, filename := ValidateStanzaToWrite(key)
 			if toWrite {
 				attrList := stanzaListMerge[key]
 				switch filename {
 				case "qm.ini":
 					qminiConfigStr = prepareStanzasToMerge(key, attrList, qminiConfigStr)
 				case "mqat.ini":
 					mqatiniConfigStr = prepareStanzasToMerge(key, attrList, mqatiniConfigStr)
 				default:
 				}
 			}
 		}
 	}
 	//append new stanzas.
 	if len(stanzaListAppend) > 0 {
 		for key := range stanzaListAppend {
 			attrList := stanzaListAppend[key]
 			if strings.Contains(strings.Join(stanzasMQATINI, ", "), strings.TrimSuffix(strings.TrimSpace(key), ":")) {
 				mqatiniConfigStr = prepareStanzasToAppend(key, attrList, mqatiniConfigStr)
 			} else {
 				qminiConfigStr = prepareStanzasToAppend(key, attrList, qminiConfigStr)
 			}
 		}
 	}
 	return qminiConfigStr, mqatiniConfigStr, nil
 }
 //ValidateStanzaToWrite Validates stanza to be written and the file it belongs to.
 func ValidateStanzaToWrite(stanza string) (bool, string) {
 	stanza = strings.TrimSpace(stanza)
 	if strings.Contains(stanza, ":") {
 		stanza = stanza[:len(stanza)-1]
 	}
 	if strings.Contains(strings.Join(stanzasQMINI, ", "), stanza) {
 		return true, "qm.ini"
 	} else if strings.Contains(strings.Join(stanzasMQATINI, ", "), stanza) {
 		return true, "mqat.ini"
 	} else {
 		return false, ""
 	}
 }
 //prepareStanzasToAppend Prepares list of stanzas that are to be appended into qm ini files(qm.ini/mqat.ini)
 func prepareStanzasToAppend(key string, attrList strings.Builder, iniConfig string) string {
 	newVal := key + "\n" + attrList.String()
 	iniConfig = iniConfig + newVal
 	return iniConfig
 }
 //prepareStanzasToMerge Prepares list of stanzas that are to be updated into qm ini files(qm.ini/mqat.ini)
 //These stanzas are already present in mq ini files and their values have to be updated with user supplied ini.
 func prepareStanzasToMerge(key string, attrList strings.Builder, iniConfig string) string {
 	lineScanner := bufio.NewScanner(strings.NewReader(attrList.String()))
 	lineScanner.Split(bufio.ScanLines)
 	for lineScanner.Scan() {
 		attrLine := lineScanner.Text()
 		keyvalue := strings.Split(attrLine, "=")
 		//this line present in qm.ini, update value.
 		if strings.Contains(iniConfig, keyvalue[0]) {
 			re := regexp.MustCompile(keyvalue[0] + "=.*")
 			iniConfig = re.ReplaceAllString(iniConfig, attrLine)
 		} else { //this line not present in qm.ini file, add it.
 			re := regexp.MustCompile(key)
 			newVal := key + "\n" + attrLine
 			iniConfig = re.ReplaceAllString(iniConfig, newVal)
 		}
 	}
 	return iniConfig
 }
 //writeConfigStanzas Writes the ini file updates into corresponding mq ini files.
 func writeConfigStanzas(qmConfig string, atConfig string) error {
 	err := ioutil.WriteFile(filepath.Join(qmgrDir, "qm.ini"), []byte(qmConfig), 0644)
 	if err != nil {
 		return err
 	}
 	err = ioutil.WriteFile(filepath.Join(qmgrDir, "mqat.ini"), []byte(atConfig), 0644)
 	if err != nil {
 		return err
 	}
 	return nil
 }
--- a/internal/mqini/mqini_test.go
+++ b/internal/mqini/mqini_test.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2018, 2019
+© Copyright IBM Corporation 2018
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -16,9 +16,7 @@ limitations under the License.
 package mqini
 import (
 	"bufio"
 	"io/ioutil"
 	"strings"
 	"testing"
 )
@@ -64,139 +62,3 @@ func TestGetQueueManager(t *testing.T) {
 		})
 	}
 }
 func TestIniFileStanzas(t *testing.T) {
 	PopulateAllAvailableStanzas()
 	checkReturns("ApiExitLocal", true, true, t)
 	checkReturns("Channels", true, true, t)
 	checkReturns("TCP", true, true, t)
 	checkReturns("ServiceComponent", true, true, t)
 	checkReturns("Service", true, true, t)
 	checkReturns("AccessMode", true, true, t)
 	checkReturns("RestrictedMode", true, true, t)
 	checkReturns("XAResourceManager", true, true, t)
 	checkReturns("SSL", true, true, t)
 	checkReturns("Security", true, true, t)
 	checkReturns("TuningParameters", true, true, t)
 	checkReturns("ABC", false, false, t)
 	checkReturns("#1234ABD", true, false, t)
 	checkReturns("AllActivityTrace", false, true, t)
 	checkReturns("ApplicationTrace", false, true, t)
 	checkReturns("xyz123abvc", false, false, t)
 }
 func TestIniFile1Update(t *testing.T) {
 	iniFileBytes, err := ioutil.ReadFile("test1qm.ini")
 	if err != nil {
 		t.Errorf("Unexpected error: [%s]\n", err.Error())
 	}
 	userconfig := string(iniFileBytes)
 	qmConfig, atConfig, err := PrepareConfigStanzasToWrite(userconfig)
 	if err != nil {
 		t.Errorf("Unexpected error: [%s]\n", err.Error())
 	}
 	if len(atConfig) == 0 {
 		t.Errorf("Unexpected stanza file update: mqat.ini[%s]\n", atConfig)
 	}
 	if len(qmConfig) == 0 {
 		t.Errorf("Expected stanza file not found: qm.ini\n")
 	}
 	scanner := bufio.NewScanner(strings.NewReader(userconfig))
 	scanner.Split(bufio.ScanLines)
 	for scanner.Scan() {
 		line := scanner.Text()
 		if !strings.Contains(qmConfig, line) {
 			t.Errorf("Expected stanza line not found in updated string. line=%s\n, Stanza:%s\n", line, qmConfig)
 			break
 		}
 	}
 }
 func TestIniFile2Update(t *testing.T) {
 	iniFileBytes, err := ioutil.ReadFile("test2qm.ini")
 	if err != nil {
 		t.Errorf("Unexpected error: [%s]\n", err.Error())
 	}
 	userconfig := string(iniFileBytes)
 	qmConfig, atConfig, err := PrepareConfigStanzasToWrite(userconfig)
 	if err != nil {
 		t.Errorf("Unexpected error: [%s]\n", err.Error())
 	}
 	if len(atConfig) == 0 {
 		t.Errorf("Expected stanza file not found: mqat.ini\n")
 	}
 	if len(qmConfig) == 0 {
 		t.Errorf("Expected stanza file not found: qm.ini\n")
 	}
 	scanner := bufio.NewScanner(strings.NewReader(userconfig))
 	scanner.Split(bufio.ScanLines)
 	for scanner.Scan() {
 		line := scanner.Text()
 		if !strings.Contains(atConfig, line) {
 			t.Errorf("Expected stanza line not found in updated string. line=%s\n, Stanza:%s\n", line, qmConfig)
 			break
 		}
 	}
 }
 func TestIniFile3Update(t *testing.T) {
 	i := 0
 	iniFileBytes, err := ioutil.ReadFile("test3qm.ini")
 	if err != nil {
 		t.Errorf("Unexpected error: [%s]\n", err.Error())
 	}
 	userconfig := string(iniFileBytes)
 	qmConfig, atConfig, err := PrepareConfigStanzasToWrite(userconfig)
 	if err != nil {
 		t.Errorf("Unexpected error: [%s]\n", err.Error())
 	}
 	if len(qmConfig) == 0 {
 		t.Errorf("Unexpected stanza file update: qm.ini[%s]\n", atConfig)
 	}
 	if len(atConfig) == 0 {
 		t.Errorf("Expected stanza file not found: mqat.ini\n")
 	}
 	scanner := bufio.NewScanner(strings.NewReader(userconfig))
 	scanner.Split(bufio.ScanLines)
 	for scanner.Scan() {
 		line := scanner.Text()
 		i++
 		//first 20 lines of test3qm.ini shall go into qm.ini file and rest into mqat.ini file.
 		if i < 20 {
 			if !strings.Contains(qmConfig, line) {
 				t.Errorf("Expected stanza line not found in updated string. line=%s\n, Stanza:%s\n", line, qmConfig)
 			}
 		} else if i > 20 {
 			if !strings.Contains(atConfig, line) {
 				t.Errorf("Expected stanza line not found in updated string. line=%s\n, Stanza:%s\n", line, qmConfig)
 			}
 		}
 	}
 }
 func checkReturns(stanza string, isqmini bool, shouldexist bool, t *testing.T) {
 	exists, filename := ValidateStanzaToWrite(stanza)
 	if exists != shouldexist {
 		t.Errorf("Stanza should exist %t but found was %t", shouldexist, exists)
 	}
 	if shouldexist {
 		if isqmini {
 			if filename != "qm.ini" {
 				t.Errorf("Expected filename:qm.ini for stanza:%s. But got %s", stanza, filename)
 			}
 		} else {
 			if filename != "mqat.ini" {
 				t.Errorf("Expected filename:mqat.ini for stanza:%s. But got %s", stanza, filename)
 			}
 		}
 	}
 }
--- a/internal/mqini/qm.ini
+++ b/internal/mqini/qm.ini
@@ -1,45 +0,0 @@
 #*******************************************************************#
 #* Module Name: qm.ini                                             *#
 #* Type       : IBM MQ queue manager configuration file            *#
 #  Function   : Define the configuration of a single queue manager *#
 #*                                                                 *#
 #*******************************************************************#
 #* Notes      :                                                    *#
 #* 1) This file defines the configuration of the queue manager     *#
 #*                                                                 *#
 #*******************************************************************#
 ExitPath:
   ExitsDefaultPath=C:\ProgramData\IBM\MQ\exits
   ExitsDefaultPath64=C:\ProgramData\IBM\MQ\exits64
 InstanceData:
   InstanceID=1562831591
   Startup=ServiceManual
 #*                                                                 *#
 #*                                                                 *#
 Log:
   LogPrimaryFiles=3
   LogSecondaryFiles=2
   LogFilePages=4096
   LogType=CIRCULAR
   LogBufferPages=0
   LogPath=C:\ProgramData\IBM\MQ\log\INI1\
   LogWriteIntegrity=TripleWrite
 Service:
   Name=AuthorizationService
   EntryPoints=14
 ServiceComponent:
   Service=AuthorizationService
   Name=MQSeries.WindowsNT.auth.service
   Module=amqzfu.dll
   ComponentDataSize=0
 Channels:
   ChlauthEarlyAdopt=Y
 TCP:
   SndBuffSize=0
   RcvBuffSize=0
   RcvSndBuffSize=0
   RcvRcvBuffSize=0
   ClntSndBuffSize=0
   ClntRcvBuffSize=0
   SvrSndBuffSize=0
   SvrRcvBuffSize=0
--- a/internal/mqini/test1qm.ini
+++ b/internal/mqini/test1qm.ini
@@ -1,5 +0,0 @@
 ApiExitLocal:   
  Sequence=1
  Function=EntryPoint
  Module=/opt/mylibs/mylib.so
  Name=mylib
--- a/internal/mqini/test2qm.ini
+++ b/internal/mqini/test2qm.ini
@@ -1,7 +0,0 @@
 AllActivityTrace:
  ActivityInterval=11
  ActivityCount=1
  TraceLevel=INFO
 ApplicationTrace:
  ApplName=amqsget
  Trace=ON
--- a/internal/mqini/test3qm.ini
+++ b/internal/mqini/test3qm.ini
@@ -1,23 +0,0 @@
 ApiExitLocal:   
  Sequence=1
  Function=EntryPoint
  Module=/opt/MQOpenTracing/MQOpenTracingExit.so
  Name=MQOpenTracingExit
 Channels:
   MQIBindType=FASTPATH
 Log:
   LogPrimaryFiles=30
   LogType=CIRCULAR
   LogPath=/ProgramfILES/IBM/MQ/log/INI1/
 TCP:
   SndBuffSize=4095
   RcvBuffSize=4095
   RcvSndBuffSize=4095
   RcvRcvBuffSize=4095
   ClntSndBuffSize=2049
   ClntRcvBuffSize=2049
   SvrSndBuffSize=2049
   SvrRcvBuffSize=2049 
 ApplicationTrace:
  ApplName=amqsput
  Trace=ON
--- a/internal/mqscredact/mqscredact.go
+++ b/internal/mqscredact/mqscredact.go
@@ -1,264 +0,0 @@
 /*
 © Copyright IBM Corporation 2019
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package mqscredact
 import (
 	"bufio"
 	"io"
 	"regexp"
 	"strings"
 )
 /* List of sensitive MQ Parameters */
 var sensitiveParameters = []string{"LDAPPWD", "PASSWORD", "SSLCRYP"}
 // redactionString is what sensitive paramters will be replaced with
 const redactionString = "(*********)"
 func findEndOfParamterString(stringDenoter rune, r *bufio.Reader) string {
 	parameter := ""
 	for {
 		char, _, err := r.ReadRune()
 		if err != nil {
 			return parameter
 		}
 		parameter = parameter + string(char)
 		if char == stringDenoter {
 			break
 		} else if char == '\n' {
 			// Check if we're on a comment line
 		NewLineLoop:
 			for {
 				// Look at next character without moving buffer forwards
 				chars, err := r.Peek(1)
 				if err != nil {
 					return parameter
 				}
 				// Check if we're at the beginning of some data.
 				startOutput, _ := regexp.MatchString(`[^:0-9\s]`, string(chars[0]))
 				if startOutput {
 					// We are at the start, check if we're on a comment line
 					if chars[0] == '*' {
 						// found a comment line. go to the next newline chraracter
 					CommentLoop:
 						for {
 							char, _, err = r.ReadRune()
 							if err != nil {
 								return parameter
 							}
 							parameter = parameter + string(char)
 							if char == '\n' {
 								break CommentLoop
 							}
 						}
 						// Go round again as we're now on a new line
 						continue NewLineLoop
 					}
 					// We've checked for comment and it isn't a comment line so break without moving buffer forwards
 					break NewLineLoop
 				}
 				// Move the buffer forward and try again
 				char, _, _ = r.ReadRune()
 				parameter = parameter + string(char)
 			}
 		}
 	}
 	return parameter
 }
 // getParameterString reads from r in order to find the end of the MQSC Parameter value. This is enclosed in ( ).
 // This function will return what it finds and will increment the reader pointer along as it goes.
 func getParameterString(r *bufio.Reader) string {
 	// Add the ( in as it will have been dropped before.
 	parameter := "("
 Loop:
 	for {
 		char, _, err := r.ReadRune()
 		if err != nil {
 			return parameter
 		}
 		parameter = parameter + string(char)
 		switch char {
 		case ')':
 			break Loop
 		// TODO: Duplicate code..
 		case '\'', '"':
 			parameter = parameter + findEndOfParamterString(char, r)
 		}
 	}
 	return parameter
 }
 func resetAllParameters(currentVerb, originalString *string, lineContinuation, foundGap, parameterNext, redacting, checkComment *bool) {
 	*currentVerb = ""
 	*originalString = ""
 	*lineContinuation = false
 	*foundGap = false
 	*parameterNext = false
 	*redacting = false
 	*checkComment = true
 }
 // Redact is the main function for redacting sensitive parameters in MQSC strings
 // It accepts a string and redacts sensitive paramters such as LDAPPWD or PASSWORD
 func Redact(out string) (string, error) {
 	out = strings.TrimSpace(out)
 	var returnStr, currentVerb, originalString string
 	var lineContinuation, foundGap, parameterNext, redacting, checkComment bool
 	newline := true
 	resetAllParameters(&currentVerb, &originalString, &lineContinuation, &foundGap, &parameterNext, &redacting, &checkComment)
 	r := bufio.NewReader(strings.NewReader(out))
 MainLoop:
 	for {
 		// We have found a opening ( so use special parameter parsing
 		if parameterNext {
 			parameterStr := getParameterString(r)
 			if !redacting {
 				returnStr = returnStr + parameterStr
 			} else {
 				returnStr = returnStr + redactionString
 			}
 			resetAllParameters(&currentVerb, &originalString, &lineContinuation, &foundGap, &parameterNext, &redacting, &checkComment)
 		}
 		// Loop round getting hte next parameter
 		char, _, err := r.ReadRune()
 		if err == io.EOF {
 			if originalString != "" {
 				returnStr = returnStr + originalString
 			}
 			break
 		} else if err != nil {
 			return returnStr, err
 		}
 		/* We need to push forward until we find a non-whitespace, digit or colon character */
 		if newline {
 			startOutput, _ := regexp.MatchString(`[^:0-9\s]`, string(char))
 			if !startOutput {
 				originalString = originalString + string(char)
 				continue MainLoop
 			}
 			newline = false
 		}
 		switch char {
 		// Found a line continuation character
 		case '+', '-':
 			lineContinuation = true
 			foundGap = false
 			originalString = originalString + string(char)
 			continue MainLoop
 		// Found whitespace/new line
 		case '\n':
 			checkComment = true
 			newline = true
 			fallthrough
 		case '\t', '\r', ' ':
 			if !lineContinuation {
 				foundGap = true
 			}
 			originalString = originalString + string(char)
 			continue MainLoop
 		// Found a paramter value
 		case '(':
 			parameterNext = true
 			/* Do not continue as we need to do some checks */
 		// Found a comment, parse in a special manner
 		case '*':
 			if checkComment {
 				originalString = originalString + string(char)
 				// Loop round until we find the new line character that marks the end of the comment
 			CommentLoop:
 				for {
 					char, _, err := r.ReadRune()
 					if err == io.EOF {
 						if originalString != "" {
 							returnStr = returnStr + originalString
 						}
 						break MainLoop
 					} else if err != nil {
 						return returnStr, err
 					}
 					originalString = originalString + string(char)
 					if char == '\n' {
 						break CommentLoop
 					}
 				}
 				//Comment has been read and added to original string, go back to start
 				checkComment = true
 				newline = true
 				continue MainLoop
 			}
 			/* Do not continue as we need to do some checks */
 		} //end of switch
 		checkComment = false
 		if lineContinuation {
 			lineContinuation = false
 		}
 		if foundGap || parameterNext {
 			// we've completed an parameter so check whether it is sensitive
 			currentVerb = strings.ToUpper(currentVerb)
 			if isSensitiveCommand(currentVerb) {
 				redacting = true
 			}
 			// Add the unedited string to the return string
 			returnStr = returnStr + originalString
 			//reset some of the parameters
 			originalString = ""
 			currentVerb = ""
 			foundGap = false
 			lineContinuation = false
 		}
 		originalString = originalString + string(char)
 		currentVerb = currentVerb + string(char)
 	}
 	return returnStr, nil
 }
 // isSensitiveCommand checks whether the given string contains a sensitive parameter.
 // We use contains here because we can't determine whether a line continuation seperates
 // parts of a parameter or two different parameters.
 func isSensitiveCommand(command string) bool {
 	for _, v := range sensitiveParameters {
 		if strings.Contains(command, v) {
 			return true
 		}
 	}
 	return false
 }
--- a/internal/mqscredact/mqscredact_test.go
+++ b/internal/mqscredact/mqscredact_test.go
@@ -1,171 +0,0 @@
 /*
 © Copyright IBM Corporation 2019
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package mqscredact
 import (
 	"strings"
 	"testing"
 )
 const passwordString = passwordHalf1 + passwordHalf2
 const passwordHalf1 = "hippo"
 const passwordHalf2 = "123456"
 var testStrings = [...]string{
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD('" + passwordString + "')",
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD(\"" + passwordString + "\")",
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD     ('" + passwordString + "')",
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD\t\t('" + passwordString + "')",
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) ldappwd('" + passwordString + "')",
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LdApPwD('" + passwordString + "')",
 	"DEFINE CHANNEL(CHL) CHLTYPE(SOMETHING) PASSWORD('" + passwordString + "')",
 	"DEFINE CHANNEL(CHL) CHLTYPE(SOMETHING) PASSWORD(\"" + passwordString + "\")",
 	"DEFINE CHANNEL(CHL) CHLTYPE(SOMETHING) PASSWORD     ('" + passwordString + "')",
 	"DEFINE CHANNEL(CHL) CHLTYPE(SOMETHING) PASSWORD\t\t('" + passwordString + "')",
 	"DEFINE CHANNEL(CHL) CHLTYPE(SOMETHING) password('" + passwordString + "')",
 	"DEFINE CHANNEL(CHL) CHLTYPE(SOMETHING) pAsSwOrD('" + passwordString + "')",
 	"ALTER QMGR SSLCRYP('" + passwordString + "')",
 	"ALTER QMGR SSLCRYP(\"" + passwordString + "\")",
 	"ALTER QMGR SSLCRYP     ('" + passwordString + "')",
 	"ALTER QMGR SSLCRYP\t\t('" + passwordString + "')",
 	"ALTER QMGR sslcryp('" + passwordString + "')",
 	"ALTER QMGR sslCRYP('" + passwordString + "')",
 	// Line continuation ones
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD(\"" + passwordHalf1 + "+\n " + passwordHalf2 + "\")",
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD(\"" + passwordHalf1 + "+\n\t" + passwordHalf2 + "\")",
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD(\"" + passwordHalf1 + "+\n\t   " + passwordHalf2 + "\")",
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD('" + passwordHalf1 + "+\n " + passwordHalf2 + "')",
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD('" + passwordHalf1 + "+\n\t" + passwordHalf2 + "')",
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD('" + passwordHalf1 + "+\n\t   " + passwordHalf2 + "')",
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD(\"" + passwordHalf1 + "-\n" + passwordHalf2 + "\")",
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD('" + passwordHalf1 + "-\n" + passwordHalf2 + "')",
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD(\"" + passwordHalf1 + "+  \n " + passwordHalf2 + "\")",
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD(\"" + passwordHalf1 + "+\t\n " + passwordHalf2 + "\")",
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD(\"" + passwordHalf1 + "-  \n" + passwordHalf2 + "\")",
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD(\"" + passwordHalf1 + "-\t\n" + passwordHalf2 + "\")",
 	"DEFINE CHANNEL(CHL) CHLTYPE(SOMETHING) PASSWORD(\"" + passwordHalf1 + "+\n " + passwordHalf2 + "\")",
 	"ALTER QMGR SSLCRYP(\"" + passwordHalf1 + "+\n " + passwordHalf2 + "\")",
 	//edge cases
 	"ALTER QMGR SSLCRYP(\"" + passwordHalf1 + "+\n 123+\n 456\")",
 	"ALTER QMGR SSLCRYP(\"" + passwordHalf1 + "-\n123-\n456\")",
 	"ALTER QMGR SSLCRYP(\"" + passwordHalf1 + "+\n 1+\n 2+\n 3+\n   4+\n  5+\n  6\")",
 	"ALTER QMGR SSLCRYP(\"" + passwordHalf1 + "-\n1-\n2-\n3-\n4-\n5-\n6\")",
 	"ALTER QMGR SSLCRYP  + \n  (\"" + passwordHalf1 + "+\n 1+\n 2+\n 3+\n   4+\n  5+\n  6\")",
 	"ALTER QMGR SSLCRYP  -  \n(\"" + passwordHalf1 + "-\n1-\n2-\n3-\n4-\n5-\n6\")",
 	"ALTER QMGR SSL  +  \n    CRYP(\"" + passwordHalf1 + "+\n 1+\n 2+\n 3+\n   4+\n  5+\n  6\")",
 	"ALTER QMGR SSL  -     \nCRYP(\"" + passwordHalf1 + "-\n1-\n2-\n3-\n4-\n5-\n6\")",
 	"ALTER QMGR +   \n   SSL +\n CRYP(\"" + passwordHalf1 + "+\n 1+\n 2+\n 3+\n   4+\n  5+\n  6\") +\n TEST(1234)",
 	"ALTER QMGR    -\nSSL -\nCRYP(\"" + passwordHalf1 + "-\n1-\n2-\n3-\n4-\n5-\n6\") -\nTEST(1234)",
 	"ALTER QMGR +\n * COMMENT\n SSL +\n * COMMENT IN MIDDLE\n CRYP('" + passwordString + "')",
 	" 1: ALTER CHANNEL(TEST2) CHLTYPE(SDR) PASS+\n   : *test comment\n   : WORD('" + passwordString + "')",
 	" 2: ALTER CHANNEL(TEST3) CHLTYPE(SDR) PASSWORD('" + passwordHalf1 + "-\n*commentinmiddle with ' \n" + passwordHalf2 + "')",
 	" 3: ALTER CHANNEL(TEST3) CHLTYPE(SDR) PASSWORD('" + passwordHalf1 + "-\n*commentinmiddle with ') \n" + passwordHalf2 + "')",
 }
 var expected = [...]string{
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD" + redactionString,
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD" + redactionString,
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD     " + redactionString,
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD\t\t" + redactionString,
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) ldappwd" + redactionString,
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LdApPwD" + redactionString,
 	"DEFINE CHANNEL(CHL) CHLTYPE(SOMETHING) PASSWORD" + redactionString,
 	"DEFINE CHANNEL(CHL) CHLTYPE(SOMETHING) PASSWORD" + redactionString,
 	"DEFINE CHANNEL(CHL) CHLTYPE(SOMETHING) PASSWORD     " + redactionString,
 	"DEFINE CHANNEL(CHL) CHLTYPE(SOMETHING) PASSWORD\t\t" + redactionString,
 	"DEFINE CHANNEL(CHL) CHLTYPE(SOMETHING) password" + redactionString,
 	"DEFINE CHANNEL(CHL) CHLTYPE(SOMETHING) pAsSwOrD" + redactionString,
 	"ALTER QMGR SSLCRYP" + redactionString,
 	"ALTER QMGR SSLCRYP" + redactionString,
 	"ALTER QMGR SSLCRYP     " + redactionString,
 	"ALTER QMGR SSLCRYP\t\t" + redactionString,
 	"ALTER QMGR sslcryp" + redactionString,
 	"ALTER QMGR sslCRYP" + redactionString,
 	// Line continuation ones
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD" + redactionString,
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD" + redactionString,
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD" + redactionString,
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD" + redactionString,
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD" + redactionString,
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD" + redactionString,
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD" + redactionString,
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD" + redactionString,
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD" + redactionString,
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD" + redactionString,
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD" + redactionString,
 	"DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD" + redactionString,
 	"DEFINE CHANNEL(CHL) CHLTYPE(SOMETHING) PASSWORD" + redactionString,
 	"ALTER QMGR SSLCRYP" + redactionString,
 	//edge cases
 	"ALTER QMGR SSLCRYP" + redactionString,
 	"ALTER QMGR SSLCRYP" + redactionString,
 	"ALTER QMGR SSLCRYP" + redactionString,
 	"ALTER QMGR SSLCRYP" + redactionString,
 	"ALTER QMGR SSLCRYP  + \n    \t  " + redactionString,
 	"ALTER QMGR SSLCRYP  -  \n    " + redactionString,
 	"ALTER QMGR SSL  +  \n    CRYP" + redactionString,
 	"ALTER QMGR SSL  -     \nCRYP" + redactionString,
 	"ALTER QMGR +   \n   SSL +\n CRYP" + redactionString + " +\n TEST(1234)",
 	"ALTER QMGR    -\nSSL -\nCRYP" + redactionString + " -\nTEST(1234)",
 	"ALTER QMGR +\n * COMMENT\n SSL +\n * COMMENT IN MIDDLE\n CRYP" + redactionString,
 	"1: ALTER CHANNEL(TEST2) CHLTYPE(SDR) PASS+\n   : *test comment\n   : WORD" + redactionString,
 	"2: ALTER CHANNEL(TEST3) CHLTYPE(SDR) PASSWORD" + redactionString,
 	"3: ALTER CHANNEL(TEST3) CHLTYPE(SDR) PASSWORD" + redactionString,
 }
 // Returns true if the 2 strings are equal ignoring whitespace characters
 func compareIgnoreWhiteSpace(str1, str2 string) bool {
 	whiteSpaces := [...]string{" ", "\t", "\n", "\r"}
 	for _, w := range whiteSpaces {
 		str1 = strings.Replace(str1, w, "", -1)
 		str2 = strings.Replace(str2, w, "", -1)
 	}
 	return str1 == str2
 }
 func TestAll(t *testing.T) {
 	for i, v := range testStrings {
 		back, _ := Redact(v)
 		if strings.Contains(back, passwordHalf1) || strings.Contains(back, passwordHalf2) || strings.Contains(back, passwordString) {
 			t.Errorf("MAJOR FAIL[%d]: Found an instance of the password. ", i)
 		}
 		if !compareIgnoreWhiteSpace(back, expected[i]) {
 			t.Errorf("FAIL[%d]:\nGave    :%s\nexpected:%s\ngot     :%s", i, v, expected[i], back)
 		}
 	}
 }
--- a/internal/mqtemplate/mqtemplate.go
+++ b/internal/mqtemplate/mqtemplate.go
@@ -22,14 +22,12 @@ import (
 	"path"
 	"text/template"
 	"github.com/ibm-messaging/mq-container/internal/command"
 	"github.com/ibm-messaging/mq-container/internal/logger"
 )
 // ProcessTemplateFile takes a Go templateFile, and processes it with the
 // supplied data, writing to destFile
 func ProcessTemplateFile(templateFile, destFile string, data interface{}, log *logger.Logger) error {
 	// Re-configure channel if app password not set
 	t, err := template.ParseFiles(templateFile)
 	if err != nil {
 		log.Error(err)
@@ -45,16 +43,6 @@ func ProcessTemplateFile(templateFile, destFile string, data interface{}, log *l
 				log.Error(err)
 				return err
 			}
 			mqmUID, mqmGID, err := command.LookupMQM()
 			if err != nil {
 				log.Error(err)
 				return err
 			}
 			err = os.Chown(dir, mqmUID, mqmGID)
 			if err != nil {
 				log.Error(err)
 				return err
 			}
 		} else {
 			return err
 		}
@@ -67,15 +55,5 @@ func ProcessTemplateFile(templateFile, destFile string, data interface{}, log *l
 		log.Error(err)
 		return err
 	}
 	mqmUID, mqmGID, err := command.LookupMQM()
 	if err != nil {
 		log.Error(err)
 		return err
 	}
 	err = os.Chown(destFile, mqmUID, mqmGID)
 	if err != nil {
 		log.Error(err)
 		return err
 	}
 	return nil
 }
--- a/internal/ready/ready.go
+++ b/internal/ready/ready.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2018, 2019
+© Copyright IBM Corporation 2018
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -20,9 +20,6 @@ package ready
 import (
 	"io/ioutil"
 	"os"
 	"strings"
 	"github.com/ibm-messaging/mq-container/internal/command"
 )
 const fileName string = "/run/runmqserver/ready"
@@ -65,24 +62,3 @@ func Check() (bool, error) {
 	}
 	return exists, nil
 }
 // IsRunningAsActiveQM returns true if the queue manager is running in active mode
 func IsRunningAsActiveQM(name string) (bool, error) {
 	return isRunningQM(name, "(RUNNING)")
 }
 // IsRunningAsStandbyQM returns true if the queue manager is running in standby mode
 func IsRunningAsStandbyQM(name string) (bool, error) {
 	return isRunningQM(name, "(RUNNING AS STANDBY)")
 }
 func isRunningQM(name string, status string) (bool, error) {
 	out, _, err := command.Run("dspmq", "-n", "-m", name)
 	if err != nil {
 		return false, err
 	}
 	if strings.Contains(string(out), status) {
 		return true, nil
 	}
 	return false, nil
 }
--- a/internal/tls/tls.go
+++ b/internal/tls/tls.go
@@ -1,610 +0,0 @@
 /*
 © Copyright IBM Corporation 2019
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package tls
 import (
 	"bufio"
 	"fmt"
 	"io/ioutil"
 	pwr "math/rand"
 	"os"
 	"path/filepath"
 	"strings"
 	"time"
 	"crypto/rand"
 	"crypto/sha512"
 	"crypto/x509"
 	"encoding/pem"
 	"github.com/ibm-messaging/mq-container/internal/filecheck"
 	"github.com/ibm-messaging/mq-container/internal/keystore"
 	pkcs "software.sslmate.com/src/go-pkcs12"
 )
 // IntegrationDefaultLabel is the default certificate label used by Cloud Integration Platform
 const IntegrationDefaultLabel = "default"
 // P12TrustStoreName is the name of the PKCS#12 truststore used by the webconsole
 const P12TrustStoreName = "trust.p12"
 // CMSKeyStoreName is the name of the CMS Keystore used by the queue manager
 const CMSKeyStoreName = "key.kdb"
 type KeyStoreData struct {
 	Keystore          *keystore.KeyStore
 	Password          string
 	TrustedCerts      []*pem.Block
 	KnownFingerPrints []string
 	KeyLabels         []string
 }
 type P12KeyFiles struct {
 	Keystores []string
 	Password  string
 }
 func getCertFingerPrint(block *pem.Block) (string, error) {
 	// Add to future truststore and known certs (if not already there)
 	cert, err := x509.ParseCertificate(block.Bytes)
 	if err != nil {
 		return "", fmt.Errorf("could not parse x509 certificate: %v", err)
 	}
 	sha512Sum := sha512.Sum512(cert.Raw)
 	sha512str := string(sha512Sum[:])
 	return sha512str, nil
 }
 // Add to Keystores known certs (if not already there) and add to the
 // Keystore if "addToKeystore" is true.
 func addCertToKeyData(block *pem.Block, keyData *KeyStoreData, addToKeystore bool) error {
 	sha512str, err := getCertFingerPrint(block)
 	if err != nil {
 		return err
 	}
 	known := false
 	for _, fingerprint := range keyData.KnownFingerPrints {
 		if fingerprint == sha512str {
 			known = true
 			break
 		}
 	}
 	if !known {
 		// Sometimes we don't want to add to the keystore trust here.
 		// For example if it will be imported with the key later.
 		if addToKeystore {
 			keyData.TrustedCerts = append(keyData.TrustedCerts, block)
 		}
 		keyData.KnownFingerPrints = append(keyData.KnownFingerPrints, sha512str)
 	}
 	return nil
 }
 // Generates a random 12 character password from the characters a-z, A-Z, 0-9.
 func generateRandomPassword() string {
 	pwr.Seed(time.Now().Unix())
 	validChars := "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
 	validcharArray := []byte(validChars)
 	password := ""
 	for i := 0; i < 12; i++ {
 		password = password + string(validcharArray[pwr.Intn(len(validcharArray))])
 	}
 	return password
 }
 // Creates the PKCS#12 Truststore and the CMS Keystore.
 func generateAllStores(dir string) (KeyStoreData, KeyStoreData, error) {
 	var cmsKeystore, p12TrustStore KeyStoreData
 	pw := generateRandomPassword()
 	cmsKeystore.Password = pw
 	p12TrustStore.Password = pw
 	// Create the keystore Directory (if it doesn't already exist)
 	// #nosec G301 - write group permissions are required
 	err := os.MkdirAll(dir, 0770)
 	if err != nil {
 		return cmsKeystore, p12TrustStore, fmt.Errorf("Failed to create keystore directory: %v", err)
 	}
 	p12TrustStore.Keystore = keystore.NewPKCS12KeyStore(filepath.Join(dir, P12TrustStoreName), p12TrustStore.Password)
 	err = p12TrustStore.Keystore.Create()
 	if err != nil {
 		return cmsKeystore, p12TrustStore, fmt.Errorf("Failed to create PKCS#12 TrustStore: %v", err)
 	}
 	cmsKeystore.Keystore = keystore.NewCMSKeyStore(filepath.Join(dir, CMSKeyStoreName), cmsKeystore.Password)
 	err = cmsKeystore.Keystore.Create()
 	if err != nil {
 		return cmsKeystore, p12TrustStore, fmt.Errorf("Failed to create CMS KeyStore: %v", err)
 	}
 	return cmsKeystore, p12TrustStore, nil
 }
 // processKeys walks through the keyDir directory and imports any keys it finds to individual PKCS#12 keystores
 // and the CMS KeyStore. The label it uses is the name of the directory if finds the keys in.
 func processKeys(keyDir, outputDir string, cmsKeyDB, p12TrustDB *KeyStoreData) (string, P12KeyFiles, error) {
 	var p12s P12KeyFiles
 	var firstLabel string
 	pwToUse := cmsKeyDB.Password
 	p12s.Password = pwToUse
 	trustStoreReserveredName := P12TrustStoreName[0 : len(P12TrustStoreName)-len(filepath.Ext(P12TrustStoreName))]
 	keyList, err := ioutil.ReadDir(keyDir)
 	if err == nil && len(keyList) > 0 {
 		// Found some keys, verify the contents
 		for _, key := range keyList {
 			keys, _ := ioutil.ReadDir(filepath.Join(keyDir, key.Name()))
 			keyLabel := key.Name()
 			if keyLabel == trustStoreReserveredName {
 				return firstLabel, p12s, fmt.Errorf("Found key with same label set as same name as truststore(%s). This is not allowed", trustStoreReserveredName)
 			}
 			keyfilename := ""
 			var keyfile interface{}
 			var certFile *x509.Certificate
 			var caFile []*x509.Certificate
 			// find the keyfile name
 			for _, a := range keys {
 				if strings.HasSuffix(a.Name(), ".key") {
 					// #nosec G304 - filename variable is derived from contents of 'keyDir' which is a defined constant
 					keyFile, err := ioutil.ReadFile(filepath.Join(keyDir, key.Name(), a.Name()))
 					if err != nil {
 						return firstLabel, p12s, fmt.Errorf("Could not read keyfile %s: %v", filepath.Join(keyDir, key.Name(), a.Name()), err)
 					}
 					block, _ := pem.Decode(keyFile)
 					if block == nil {
 						return firstLabel, p12s, fmt.Errorf("Could not decode keyfile %s: pem.Decode returned nil", filepath.Join(keyDir, key.Name(), a.Name()))
 					}
 					//Test whether it is PKCS1
 					keyfile, err = x509.ParsePKCS1PrivateKey(block.Bytes)
 					if err != nil {
 						// Before we fail check whether it is PKCS8
 						keyfile, err = x509.ParsePKCS8PrivateKey(block.Bytes)
 						if err != nil {
 							fmt.Printf("key %s ParsePKCS1/8PrivateKey ERR: %v\n", filepath.Join(keyDir, key.Name(), a.Name()), err)
 							return firstLabel, p12s, err
 						}
 						//It was PKCS8 afterall
 					}
 					keyfilename = a.Name()
 				}
 			}
 			if keyfile == nil {
 				continue
 			}
 			// Find out what the keyfile was called without the extension
 			prefix := keyfilename[0 : len(keyfilename)-len(filepath.Ext(keyfilename))]
 			for _, a := range keys {
 				if strings.HasSuffix(a.Name(), ".key") {
 					continue
 				}
 				if strings.HasPrefix(a.Name(), prefix) && strings.HasSuffix(a.Name(), ".crt") {
 					// #nosec G304 - filename variable is derived from contents of 'keyDir' which is a defined constant
 					cert, err := ioutil.ReadFile(filepath.Join(keyDir, key.Name(), a.Name()))
 					if err != nil {
 						return firstLabel, p12s, fmt.Errorf("Could not read file %s: %v", filepath.Join(keyDir, key.Name(), a.Name()), err)
 					}
 					block, _ := pem.Decode(cert)
 					if block == nil {
 						return firstLabel, p12s, fmt.Errorf("Could not decode certificate %s: pem.Decode returned nil", filepath.Join(keyDir, key.Name(), a.Name()))
 					}
 					certFile, err = x509.ParseCertificate(block.Bytes)
 					if err != nil {
 						return firstLabel, p12s, fmt.Errorf("Could not parse certificate %s: %v", filepath.Join(keyDir, key.Name(), a.Name()), err)
 					}
 					// Add to the dup list for the CMS keystore but not the PKCS#12 Truststore
 					err = addCertToKeyData(block, cmsKeyDB, false)
 				} else if strings.HasSuffix(a.Name(), ".crt") {
 					// #nosec G304 - filename variable is derived from contents of 'keyDir' which is a defined constant
 					remainder, err := ioutil.ReadFile(filepath.Join(keyDir, key.Name(), a.Name()))
 					if err != nil {
 						return firstLabel, p12s, fmt.Errorf("Could not read file %s: %v", filepath.Join(keyDir, key.Name(), a.Name()), err)
 					}
 					for string(remainder) != "" {
 						var block *pem.Block
 						block, remainder = pem.Decode(remainder)
 						// If we can't decode the CA certificate then just exit.
 						if block == nil {
 							break
 						}
 						// Add to the dup list for the CMS keystore
 						err = addCertToKeyData(block, cmsKeyDB, false)
 						// Add to the p12 truststore
 						err = addCertToKeyData(block, p12TrustDB, true)
 						caCert, err := x509.ParseCertificate(block.Bytes)
 						if err != nil {
 							return firstLabel, p12s, fmt.Errorf("Could not parse CA certificate %s: %v", filepath.Join(keyDir, key.Name(), a.Name()), err)
 						}
 						caFile = append(caFile, caCert)
 					}
 				}
 			}
 			// Create p12 keystore
 			file, err := pkcs.Encode(rand.Reader, keyfile, certFile, caFile, pwToUse)
 			if err != nil {
 				return firstLabel, p12s, fmt.Errorf("Could not encode PKCS#12 Keystore %s: %v", keyLabel+".p12", err)
 			}
 			err = ioutil.WriteFile(filepath.Join(outputDir, keyLabel+".p12"), file, 0644)
 			if err != nil {
 				return firstLabel, p12s, fmt.Errorf("Could not write PKCS#12 Keystore %s: %v", filepath.Join(outputDir, keyLabel+".p12"), err)
 			}
 			p12s.Keystores = append(p12s.Keystores, keyLabel+".p12")
 			// Add to the CMS keystore
 			err = cmsKeyDB.Keystore.Import(filepath.Join(outputDir, keyLabel+".p12"), pwToUse)
 			if err != nil {
 				return firstLabel, p12s, fmt.Errorf("Could not import keys from %s into CMS Keystore: %v", filepath.Join(outputDir, keyLabel+".p12"), err)
 			}
 			// Relabel it
 			allLabels, err := cmsKeyDB.Keystore.GetCertificateLabels()
 			if err != nil {
 				return firstLabel, p12s, fmt.Errorf("Could not list keys in CMS Keystore: %v", err)
 			}
 			relabelled := false
 			for _, cl := range allLabels {
 				found := false
 				for _, kl := range cmsKeyDB.KeyLabels {
 					if strings.Trim(cl, "\"") == kl {
 						found = true
 						break
 					}
 				}
 				if !found {
 					// This is the one to rename
 					err = cmsKeyDB.Keystore.RenameCertificate(strings.Trim(cl, "\""), keyLabel)
 					if err != nil {
 						return firstLabel, p12s, err
 					}
 					relabelled = true
 					cmsKeyDB.KeyLabels = append(cmsKeyDB.KeyLabels, keyLabel)
 					break
 				}
 			}
 			if !relabelled {
 				return firstLabel, p12s, fmt.Errorf("Unable to find the added key for %s in CMS keystore", keyLabel)
 			}
 			// First key found so mark it as the one to use with the queue manager.
 			if firstLabel == "" {
 				firstLabel = keyLabel
 			}
 		}
 	}
 	return firstLabel, p12s, nil
 }
 // processTrustCertificates walks through the trustDir directory and adds any certificates it finds
 // to the PKCS#12 Truststore and the CMS KeyStore as long as has not already been added.
 func processTrustCertificates(trustDir string, cmsKeyDB, p12TrustDB *KeyStoreData) error {
 	certList, err := ioutil.ReadDir(trustDir)
 	if err == nil && len(certList) > 0 {
 		// Found some keys, verify the contents
 		for _, cert := range certList {
 			certs, _ := ioutil.ReadDir(filepath.Join(trustDir, cert.Name()))
 			for _, a := range certs {
 				if strings.HasSuffix(a.Name(), ".crt") {
 					// #nosec G304 - filename variable is derived from contents of 'trustDir' which is a defined constant
 					remainder, err := ioutil.ReadFile(filepath.Join(trustDir, cert.Name(), a.Name()))
 					if err != nil {
 						return fmt.Errorf("Could not read file %s: %v", filepath.Join(trustDir, cert.Name(), a.Name()), err)
 					}
 					for string(remainder) != "" {
 						var block *pem.Block
 						block, remainder = pem.Decode(remainder)
 						if block == nil {
 							break
 						}
 						// Add to the CMS keystore
 						err = addCertToKeyData(block, cmsKeyDB, true)
 						// Add to the p12 truststore
 						err = addCertToKeyData(block, p12TrustDB, true)
 					}
 				}
 			}
 		}
 	}
 	// We've potentially created two lists of certificates to import. Add them both to relevant Truststores
 	if len(p12TrustDB.TrustedCerts) > 0 {
 		// Do P12 TrustStore first
 		temporaryPemFile := filepath.Join("/tmp", "trust.pem")
 		_, err := os.Stat(temporaryPemFile)
 		if err == nil {
 			err = os.Remove(temporaryPemFile)
 			if err != nil {
 				return fmt.Errorf("Could not remove file %v: %v", temporaryPemFile, err)
 			}
 		}
 		err = writeCertsToFile(temporaryPemFile, p12TrustDB.TrustedCerts)
 		if err != nil {
 			return err
 		}
 		err = p12TrustDB.Keystore.AddNoLabel(temporaryPemFile)
 		if err != nil {
 			return fmt.Errorf("Could not add certificates to PKCS#12 Truststore: %v", err)
 		}
 		// We need to relabel everything because liberty doesn't play nicely with autolabelled certs
 		allCerts, err := p12TrustDB.Keystore.ListAllCertificates()
 		if err != nil || len(allCerts) <= 0 {
 			return fmt.Errorf("Could not get any certificates from PKCS#12 Truststore: %v", err)
 		}
 		for i, cert := range allCerts {
 			cert = strings.Trim(cert, "\"")
 			cert = strings.TrimSpace(cert)
 			newLabel := fmt.Sprintf("Trust%d", i)
 			err = p12TrustDB.Keystore.RenameCertificate(cert, newLabel)
 			if err != nil || len(allCerts) <= 0 {
 				return fmt.Errorf("Could not rename certificate %s to %s in PKCS#12 Truststore: %v", cert, newLabel, err)
 			}
 		}
 	}
 	if len(cmsKeyDB.TrustedCerts) > 0 {
 		// Now the CMS Keystore
 		temporaryPemFile := filepath.Join("/tmp", "cmsTrust.pem")
 		_, err := os.Stat(temporaryPemFile)
 		if err == nil {
 			err = os.Remove(temporaryPemFile)
 			if err != nil {
 				return fmt.Errorf("Could not remove file %v: %v", temporaryPemFile, err)
 			}
 		}
 		err = writeCertsToFile(temporaryPemFile, cmsKeyDB.TrustedCerts)
 		if err != nil {
 			return err
 		}
 		err = cmsKeyDB.Keystore.AddNoLabel(temporaryPemFile)
 		if err != nil {
 			return fmt.Errorf("Could not add certificates to CMS keystore: %v", err)
 		}
 	}
 	return nil
 }
 // Writes a given list of certificates to a file.
 func writeCertsToFile(file string, certs []*pem.Block) error {
 	f, err := os.Create(file)
 	if err != nil {
 		return fmt.Errorf("writeCertsToFile: Could not create file %s: %v", file, err)
 	}
 	defer f.Close()
 	w := bufio.NewWriter(f)
 	for i, c := range certs {
 		err := pem.Encode(w, c)
 		if err != nil {
 			return fmt.Errorf("writeCertsToFile: Could not encode certificate number %d: %v", i, err)
 		}
 		err = w.Flush()
 		if err != nil {
 			return fmt.Errorf("writeCertsToFile: Failed to write to file %s: %v", file, err)
 		}
 	}
 	return nil
 }
 // ConfigureTLSKeystores sets up the  TLS Trust and Keystores for use
 func ConfigureTLSKeystores(keyDir, certDir, outputDir string) (string, KeyStoreData, KeyStoreData, P12KeyFiles, error) {
 	var returnLabel, label string
 	var cmsKeyDB, p12TrustDB KeyStoreData
 	var keyFiles P12KeyFiles
 	var err error
 	cmsKeyDB, p12TrustDB, err = generateAllStores(outputDir)
 	if err != nil {
 		return returnLabel, cmsKeyDB, p12TrustDB, keyFiles, err
 	}
 	returnLabel, err = expandOldTLSVariable(keyDir, outputDir, &cmsKeyDB, &p12TrustDB)
 	if err != nil {
 		return returnLabel, cmsKeyDB, p12TrustDB, keyFiles, err
 	}
 	label, keyFiles, err = processKeys(keyDir, outputDir, &cmsKeyDB, &p12TrustDB)
 	if err != nil {
 		return returnLabel, cmsKeyDB, p12TrustDB, keyFiles, err
 	}
 	if returnLabel == "" {
 		returnLabel = label
 	}
 	err = processTrustCertificates(certDir, &cmsKeyDB, &p12TrustDB)
 	if err != nil {
 		return returnLabel, cmsKeyDB, p12TrustDB, keyFiles, err
 	}
 	return returnLabel, cmsKeyDB, p12TrustDB, keyFiles, err
 }
 // This function supports the old mechanism of importing certificates supplied by the MQ_TLS_KEYSTORE envvar
 func expandOldTLSVariable(keyDir, outputDir string, cmsKeyDB, p12TrustDB *KeyStoreData) (string, error) {
 	// TODO: Change this or find a way to set it
 	outputDirName := "acopiedcertificate"
 	// Check whether the old variable is set. If not exit quietly
 	keyfile := os.Getenv("MQ_TLS_KEYSTORE")
 	if keyfile == "" {
 		return "", nil
 	}
 	// There is a file to read and process
 	keyfilepw := os.Getenv("MQ_TLS_PASSPHRASE")
 	if !strings.HasSuffix(keyfile, ".p12") {
 		return "", fmt.Errorf("MQ_TLS_KEYSTORE (%s) does not point to a PKCS#12 file ending with the suffix .p12", keyfile)
 	}
 	_, err := os.Stat(keyfile)
 	if err != nil {
 		return "", fmt.Errorf("File %s referenced by MQ_TLS_KEYSTORE does not exist", keyfile)
 	}
 	err = filecheck.CheckFileSource(keyfile)
 	if err != nil {
 		return "", fmt.Errorf("File %s referenced by MQ_TLS_KEYSTORE is invalid: %v", keyfile, err)
 	}
 	// #nosec G304 - filename variable 'keyfile' is checked above to ensure it is valid
 	readkey, err := ioutil.ReadFile(keyfile)
 	if err != nil {
 		return "", fmt.Errorf("Failed to read %s: %v", keyfile, err)
 	}
 	// File has been checked and read, decode it.
 	pk, cert, cas, err := pkcs.DecodeChain(readkey, keyfilepw)
 	if err != nil {
 		return "", fmt.Errorf("Failed to decode %s: %v", keyfile, err)
 	}
 	// Find a directory name that doesn't exist
 	for {
 		_, err := os.Stat(filepath.Join(keyDir, outputDirName))
 		if err == nil {
 			outputDirName = outputDirName + "0"
 		} else {
 			break
 		}
 	}
 	//Bceause they supplied this certificate using the old method we should use this for qm & webconsole
 	overrideLabel := outputDirName
 	// Write out the certificate for the private key
 	if cert != nil {
 		block := pem.Block{
 			Type:    "CERTIFICATE",
 			Headers: nil,
 			Bytes:   cert.Raw,
 		}
 		err = addCertToKeyData(&block, cmsKeyDB, false)
 		if err != nil {
 			return "", fmt.Errorf("expandOldTLSVariable: Failed to add cert to CMS Keystore duplicate list: %v", err)
 		}
 		err = addCertToKeyData(&block, p12TrustDB, true)
 		if err != nil {
 			return "", fmt.Errorf("expandOldTLSVariable: Failed to add cert to P12 Truststore duplicate list: %v", err)
 		}
 	}
 	// now write out all the ca certificates
 	if cas != nil || len(cas) > 0 {
 		for i, c := range cas {
 			block := pem.Block{
 				Type:    "CERTIFICATE",
 				Headers: nil,
 				Bytes:   c.Raw,
 			}
 			// Add to the dup list for the CMS keystore
 			err = addCertToKeyData(&block, cmsKeyDB, false)
 			if err != nil {
 				return "", fmt.Errorf("expandOldTLSVariable: Failed to add CA cert %d to CMS Keystore duplicate list: %v", i, err)
 			}
 			// Add to the p12 truststore
 			err = addCertToKeyData(&block, p12TrustDB, true)
 			if err != nil {
 				return "", fmt.Errorf("expandOldTLSVariable: Failed to add CA cert %d to P12 Truststore duplicate list: %v", i, err)
 			}
 		}
 	}
 	// Now we've handled the certificates copy the keystore into place
 	destination := filepath.Join(outputDir, outputDirName+".p12")
 	// Create p12 keystore
 	file, err := pkcs.Encode(rand.Reader, pk, cert, cas, p12TrustDB.Password)
 	if err != nil {
 		return "", fmt.Errorf("Failed to re-encode p12 keystore: %v", err)
 	}
 	err = ioutil.WriteFile(destination, file, 0644)
 	if err != nil {
 		return "", fmt.Errorf("Failed to write p12 keystore: %v", err)
 	}
 	// Add to the CMS keystore
 	err = cmsKeyDB.Keystore.Import(destination, p12TrustDB.Password)
 	if err != nil {
 		return "", fmt.Errorf("Failed to import p12 keystore %s: %v", destination, err)
 	}
 	if pk != nil {
 		// Relabel the key
 		allLabels, err := cmsKeyDB.Keystore.GetCertificateLabels()
 		if err != nil {
 			fmt.Printf("cms GetCertificateLabels: %v\n", err)
 			return "", err
 		}
 		relabelled := false
 		for _, cl := range allLabels {
 			found := false
 			for _, kl := range cmsKeyDB.KeyLabels {
 				if strings.Trim(cl, "\"") == kl {
 					found = true
 					break
 				}
 			}
 			if !found {
 				// This is the one to rename
 				err = cmsKeyDB.Keystore.RenameCertificate(strings.Trim(cl, "\""), outputDirName)
 				if err != nil {
 					return "", err
 				}
 				relabelled = true
 				cmsKeyDB.KeyLabels = append(cmsKeyDB.KeyLabels, outputDirName)
 				break
 			}
 		}
 		if !relabelled {
 			return "", fmt.Errorf("Unable to find the added key in CMS keystore")
 		}
 	}
 	return overrideLabel, nil
 }
--- a/manifests/dockerhub/manifest-9.1.2-UBI.yaml
+++ b/manifests/dockerhub/manifest-9.1.2-UBI.yaml
@@ -1,28 +0,0 @@
 # © Copyright IBM Corporation 2019
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 image: ibmcom/mq:9.1.2.0-UBI
 manifests:
  - image: ibmcom/mq:9.1.2.0-UBI-amd64
    platform:
      architecture: amd64
      os: linux
  - image: ibmcom/mq:9.1.2.0-UBI-ppc64le
    platform:
      architecture: ppc64le
      os: linux
  - image: ibmcom/mq:9.1.2.0-UBI-s390x
    platform:
      architecture: s390x
      os: linux
--- a/manifests/dockerhub/manifest-latest.yaml
+++ b/manifests/dockerhub/manifest-latest.yaml
@@ -1,4 +1,4 @@
-# © Copyright IBM Corporation 2018, 2019
+# © Copyright IBM Corporation 2018
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,15 +14,16 @@
 image: ibmcom/mq:latest
 manifests:
-  - image: ibmcom/mq:9.1.3.0-r2-amd64
+  - image: ibmcom/mq:9.1.1.0-x86_64
    platform:
      architecture: amd64
      os: linux
-  - image: ibmcom/mq:9.1.3.0-r2-ppc64le
+  - image: ibmcom/mq:9.1.1.0-ppc64le
    platform:
      architecture: ppc64le
      os: linux
-  - image: ibmcom/mq:9.1.3.0-r2-s390x
+  - image: ibmcom/mq:9.1.1.0-s390x
    platform:
      architecture: s390x
      os: linux
--- a/manifests/dockerstore/manifest-9.1.2-UBI.yaml
+++ b/manifests/dockerstore/manifest-9.1.2-UBI.yaml
@@ -1,28 +0,0 @@
 # © Copyright IBM Corporation 2019
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 image: ibmcorp/mqadvanced-server-dev:9.1.2.0-UBI
 manifests:
  - image: ibmcorp/mqadvanced-server-dev:9.1.2.0-UBI-amd64
    platform:
      architecture: amd64
      os: linux
  - image: ibmcorp/mqadvanced-server-dev:9.1.2.0-UBI-ppc64le
    platform:
      architecture: ppc64le
      os: linux
  - image: ibmcorp/mqadvanced-server-dev:9.1.2.0-UBI-s390x
    platform:
      architecture: s390x
      os: linux
--- a/manifests/dockerstore/manifest-9.1.3.yaml
+++ b/manifests/dockerstore/manifest-9.1.3.yaml
@@ -1,28 +0,0 @@
 # © Copyright IBM Corporation 2019
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 image: ibmcorp/mqadvanced-server-dev:9.1.3.0-r2
 manifests:
  - image: ibmcorp/mqadvanced-server-dev:9.1.3.0-r2-amd64
    platform:
      architecture: amd64
      os: linux
  - image: ibmcorp/mqadvanced-server-dev:9.1.3.0-r2-ppc64le
    platform:
      architecture: ppc64le
      os: linux
  - image: ibmcorp/mqadvanced-server-dev:9.1.3.0-r2-s390x
    platform:
      architecture: s390x
      os: linux
--- a/mq-advanced-server-rhel/README.md
+++ b/mq-advanced-server-rhel/README.md
@@ -0,0 +1,3 @@
 # RHEL-based container build
 Build scripts for building a container image based on Red Hat Enterprise Linux (RHEL), using the [`buildah`](https://github.com/containers/buildah) tool.  buildah is supported on RHEL V7.5 and greater.
--- a/mq-advanced-server-rhel/go-build.sh
+++ b/mq-advanced-server-rhel/go-build.sh
@@ -0,0 +1,49 @@
 #!/bin/bash
 # -*- mode: sh -*-
 # © Copyright IBM Corporation 2018, 2019
 #
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # Builds and tests the golang programs used by the MQ image.
 set -ex
 # Handle a GOPATH with multiple entries (just choose the first one)
 IFS=':' read -ra DIR <<< "$GOPATH"
 cd ${DIR[0]}/src/github.com/ibm-messaging/mq-container/
 # Build and test the Go code
 mkdir -p build
 cd build
 rm -f chkmqready chkmqhealthy runmqserver runmqdevserver
 if [ "$MQDEV" = "TRUE" ]; then 
    # Build and test the Go code
    go build -ldflags "-X \"main.ImageCreated=$(date --iso-8601=seconds)\" -X \"main.ImageRevision=$IMAGE_REVISION\" -X \"main.ImageSource=$IMAGE_SOURCE\"" --tags 'mqdev' ../cmd/runmqserver/
    go build ../cmd/runmqdevserver/
 else 
    go build -ldflags "-X \"main.ImageCreated=$(date --iso-8601=seconds)\" -X \"main.ImageRevision=$IMAGE_REVISION\" -X \"main.ImageSource=$IMAGE_SOURCE\"" ../cmd/runmqserver/
 fi
 go build ../cmd/chkmqready/
 go build ../cmd/chkmqhealthy/
 go test -v ../cmd/runmqserver/
 go test -v ../cmd/chkmqready/
 go test -v ../cmd/chkmqhealthy/
 if [ "$MQDEV" = "TRUE" ]; then 
    go test -v ../cmd/runmqdevserver
 fi
 go test -v ../internal/...
 go vet ../cmd/... ../internal/...
--- a/mq-advanced-server-rhel/go-buildah.sh
+++ b/mq-advanced-server-rhel/go-buildah.sh
@@ -0,0 +1,49 @@
 #!/bin/bash
 # -*- mode: sh -*-
 # © Copyright IBM Corporation 2018, 2019
 #
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # Run the Go build script inside the Go container, mounting the source
 # directory in
 function usage {
  echo "Usage: $0 TAG DevModeFlag"
  exit 20
 }
 if [ "$#" -ne 2 ]; then
  echo "ERROR: Invalid number of parameters"
  usage
 fi
 readonly tag=$1
 readonly dev=$2
 IMAGE_REVISION=${IMAGE_REVISION:="Not Applicable"}
 IMAGE_SOURCE=${IMAGE_SOURCE:="Not Applicable"}
 # Run the build in a container
 # Note the ":Z" on the volume is to allow the container to access the files when SELinux is enabled
 # Note the "podman" network is used explicitly, to avoid problems other CNI networks (e.g. on an OpenShift node)
 podman run \
  --volume ${PWD}:/opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/:Z \
  --env IMAGE_REVISION="$IMAGE_REVISION" \
  --env IMAGE_SOURCE="$IMAGE_SOURCE" \
  --env MQDEV=${dev} \
  --user $(id -u) \
  --rm \
  --network podman \
  ${tag} \
  bash -c "cd /opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/ && ./mq-advanced-server-rhel/go-build.sh"
--- a/mq-advanced-server-rhel/install-mq-rhel.sh
+++ b/mq-advanced-server-rhel/install-mq-rhel.sh
@@ -0,0 +1,88 @@
 #!/bin/bash
 # -*- mode: sh -*-
 # © Copyright IBM Corporation 2018, 2019
 #
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # Install one or more MQ components into a buildah container
 set -ex
 function usage {
  echo "Usage: $0 MQContainer MountLocation ARCHIVENAME PACKAGES"
  exit 20
 }
 if [ "$#" -ne 4 ]; then
  echo "ERROR: Invalid number of parameters"
  usage
 fi
 readonly ctr_mq=$1
 readonly mnt_mq=$2
 readonly archive=$3
 readonly mq_packages=$4
 readonly dir_extract=/tmp/extract
 readonly mqm_uid=888
 readonly mqm_gid=888
 if [ ! -d ${dir_extract}/MQServer ]; then
  mkdir -p ${dir_extract}
  echo Extracting $archive
  tar -zxf $archive -C ${dir_extract}
  echo Extracting finished
 fi
 # Accept the MQ license
 buildah run --user root --volume ${dir_extract}:/mnt/mq-download:Z $ctr_mq -- /mnt/mq-download/MQServer/mqlicense.sh -text_only -accept
 # Install MQ
 buildah run --user root --volume ${dir_extract}:/mnt/mq-download:Z $ctr_mq -- bash -c "cd /mnt/mq-download/MQServer && rpm -ivh $mq_packages"
 rm -rf ${dir_extract}/MQServer
 # Remove 32-bit libraries from 64-bit container
 find $mnt_mq/opt/mqm $mnt_mq/var/mqm -type f -exec file {} \; | awk -F: '/ELF 32-bit/{print $1}' | xargs --no-run-if-empty rm -f
 # Remove tar.gz files unpacked by RPM postinst scripts
 find $mnt_mq/opt/mqm -name '*.tar.gz' -delete
 # Recommended: Set the default MQ installation (makes the MQ commands available on the PATH)
 buildah run $ctr_mq -- /opt/mqm/bin/setmqinst -p /opt/mqm -i
 mkdir -p $mnt_mq/run/runmqserver
 chown ${mqm_uid}:${mqm_gid} $mnt_mq/run/runmqserver
 # Remove the directory structure under /var/mqm which was created by the installer
 rm -rf $mnt_mq/var/mqm
 # Create the mount point for volumes, ensuring MQ has permissions to all directories
 mkdir -p $mnt_mq/mnt/mqm
 install --directory --mode 0775 --owner ${mqm_uid} --group root $mnt_mq/mnt
 install --directory --mode 0775 --owner ${mqm_uid} --group root $mnt_mq/mnt/mqm
 install --directory --mode 0775 --owner ${mqm_uid} --group root $mnt_mq/mnt/mqm/data
 # Create the directory for MQ configuration files
 mkdir -p /etc/mqm
 install --directory --mode 0775 --owner ${mqm_uid} --group root $mnt_mq/etc/mqm
 # Create a symlink for /var/mqm -> /mnt/mqm/data
 buildah run --user root $ctr_mq -- ln -s /mnt/mqm/data /var/mqm
 # Optional: Set these values for the IBM Cloud Vulnerability Report
 sed -i 's/PASS_MAX_DAYS\t99999/PASS_MAX_DAYS\t90/' $mnt_mq/etc/login.defs
 sed -i 's/PASS_MIN_DAYS\t0/PASS_MIN_DAYS\t1/' $mnt_mq/etc/login.defs
 sed -i 's/password\t\[success=1 default=ignore\]\tpam_unix\.so obscure sha512/password\t[success=1 default=ignore]\tpam_unix.so obscure sha512 minlen=8/' $mnt_mq/etc/pam.d/password-auth
 buildah run $ctr_mq -- cp -rs /opt/mqm/licenses/ /
--- a/mq-advanced-server-rhel/mq-buildah.sh
+++ b/mq-advanced-server-rhel/mq-buildah.sh
@@ -0,0 +1,173 @@
 #!/bin/bash
 # -*- mode: sh -*-
 # © Copyright IBM Corporation 2018, 2019
 #
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # Build a RHEL image, using the buildah tool
 set -x
 set -e
 function usage {
  echo "Usage: $0 ARCHIVE-NAME PACKAGES TAG VERSION MQDevFlag"
  exit 20
 }
 if [ "$#" -ne 5 ]; then
  echo "ERROR: Invalid number of parameters"
  usage
 fi
 ###############################################################################
 # Setup MQ server working container
 ###############################################################################
 # Use RHEL 7 minimal container (which doesn't include things like Python or Yum)
 readonly ctr_mq=$(buildah from rhel7-minimal)
 if [ -z "$ctr_mq" ]
 then
  echo "ERROR: ctr_mq is empty. Check above output for errors"
  exit 50
 fi
 readonly mnt_mq=$(buildah mount $ctr_mq)
 if [ -z "$mnt_mq" ]
 then
  echo "ERROR: mnt_mq is empty. Check above output for errors"
  exit 50
 fi
 readonly archive=downloads/$1
 readonly packages=$2
 readonly tag=$3
 readonly version=$4
 readonly mqdev=$5
 readonly mqm_uid=888
 readonly mqm_gid=888
 ###############################################################################
 # Install MQ server
 ###############################################################################
 microdnf_opts="--nodocs"
 # Check whether the host is registered with Red Hat
 if subscription-manager status ; then
  # Host is subscribed, but the minimal image has no enabled repos
  # Note that the "bc" package is the only one in "extras"
  microdnf_opts="${microdnf_opts} --enablerepo=rhel-7-server-rpms --enablerepo=rhel-7-server-extras-rpms"
 else
  # Use the Yum repositories configured on the host
  cp -R /etc/yum.repos.d/* ${mnt_mq}/etc/yum.repos.d/
 fi
 buildah run ${ctr_mq} -- microdnf ${microdnf_opts} install \
  bash \
  bc \
  coreutils \
  file \
  findutils \
  gawk \
  glibc-common \
  grep \
  passwd \
  procps-ng \
  sed \
  shadow-utils \
  tar \
  util-linux \
  openssl \
  which
 # Install "sudo" if using MQ Advanced for Developers
 if [ "$mqdev" = "TRUE" ]; then
  buildah run ${ctr_mq} -- microdnf ${microdnf_opts} install sudo
 fi
 # Clean up cached files
 buildah run ${ctr_mq} -- microdnf ${microdnf_opts} clean all
 rm -rf ${mnt_mq}/etc/yum.repos.d/*
 buildah run --user root $ctr_mq -- groupadd --system --gid ${mqm_gid} mqm
 buildah run --user root $ctr_mq -- useradd --system --uid ${mqm_uid} --gid mqm --groups 0 mqm
 # Install MQ server packages into the MQ builder image
 ./mq-advanced-server-rhel/install-mq-rhel.sh ${ctr_mq} "${mnt_mq}" "${archive}" "${packages}"
 # Create the directory for MQ configuration files
 mkdir -p ${mnt_mq}/etc/mqm
 chown ${mqm_uid}:${mqm_gid} ${mnt_mq}/etc/mqm
 # Install the Go binaries into the image
 install --mode 0750 --owner ${mqm_uid} --group 0 ./build/runmqserver ${mnt_mq}/usr/local/bin/
 install --mode 6750 --owner ${mqm_uid} --group 0 ./build/chk* ${mnt_mq}/usr/local/bin/
 install --mode 0750 --owner ${mqm_uid} --group 0 ./NOTICES.txt ${mnt_mq}/opt/mqm/licenses/notices-container.txt
 install --directory --mode 0775 --owner ${mqm_uid} --group 0 ${mnt_mq}/run/runmqserver
 buildah run --user root $ctr_mq -- touch /run/termination-log
 buildah run --user root $ctr_mq -- chown mqm:root /run/termination-log
 buildah run --user root $ctr_mq -- chmod 0660 /run/termination-log
 # Copy in licenses from installed packages
 install --mode 0550 --owner root --group root ./mq-advanced-server-rhel/writePackages.sh ${mnt_mq}/usr/local/bin/writePackages
 buildah run --user root $ctr_mq -- /usr/local/bin/writePackages
 # Copy web XML files
 cp -R web ${mnt_mq}/etc/mqm/web
 # Copy web XML files
 cp -R web ${mnt_mq}/etc/mqm/web
 ###############################################################################
 # Final Buildah commands
 ###############################################################################
 if [ "$mqdev" = "TRUE" ]; then
  OSTAG="mq messaging developer"
  DISNAME="IBM MQ Advanced Server Developer Edition"
  PID="98102d16795c4263ad9ca075190a2d4d"
 else
  OSTAG="mq messaging"
  DISNAME="IBM MQ Advanced Server"
  PID="4486e8c4cc9146fd9b3ce1f14a2dfc5b"
 fi
 buildah config \
  --port 1414/tcp \
  --port 9157/tcp \
  --port 9443/tcp \
  --os linux \
  --label architecture=x86_64 \
  --label io.openshift.tags="$OSTAG" \
  --label io.k8s.display-name="$DISNAME" \
  --label io.k8s.description="IBM MQ is messaging middleware that simplifies and accelerates the integration of diverse applications and business data across multiple platforms.  It uses message queues to facilitate the exchanges of information and offers a single messaging solution for cloud, mobile, Internet of Things (IoT) and on-premises environments." \
  --label name="${tag%:*}" \
  --label vendor="IBM" \
  --label version="$version" \
  --label release="1" \
  --label run="docker run -d -e LICENSE=accept --name ibm-mq ${tag%:*}" \
  --label summary="$DISNAME" \
  --label description="IBM MQ is messaging middleware that simplifies and accelerates the integration of diverse applications and business data across multiple platforms.  It uses message queues to facilitate the exchanges of information and offers a single messaging solution for cloud, mobile, Internet of Things (IoT) and on-premises environments." \
  --label IBM_PRODUCT_ID="$PID" \
  --label IBM_PRODUCT_NAME="$DISNAME" \
  --label IBM_PRODUCT_VERSION="$version" \
  --env AMQ_ADDITIONAL_JSON_LOG=1 \
  --env LANG=en_US.UTF-8 \
  --env LOG_FORMAT=basic \
  --entrypoint runmqserver \
  --user ${mqm_uid} \
  $ctr_mq
 buildah unmount $ctr_mq
 buildah commit $ctr_mq $tag
 buildah rm $ctr_mq
--- a/mq-advanced-server-rhel/mq-golang-sdk-buildah.sh
+++ b/mq-advanced-server-rhel/mq-golang-sdk-buildah.sh
@@ -0,0 +1,65 @@
 #!/bin/bash
 # -*- mode: sh -*-
 # © Copyright IBM Corporation 2018, 2019
 #
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # Build a RHEL image for building Go programs which use MQ
 set -ex
 function usage {
  echo "Usage: $0 REDIST-ARCHIVE-NAME TAG"
  exit 20
 }
 if [ "$#" -ne 2 ]; then
  echo "ERROR: Invalid number of parameters"
  usage
 fi
 readonly mq_redist_archive=downloads/$1
 readonly tag=$2
 # Use Red Hat's Go toolset image as the base
 readonly ctr_mq=$(buildah from devtools/go-toolset-7-rhel7)
 if [ -z "$ctr_mq" ]
 then
  echo "ERROR: ctr_mq is empty. Check above output for errors"
  exit 50
 fi
 readonly mnt_mq_go=$(buildah mount $ctr_mq)
 if [ -z "$mnt_mq_go" ]
 then
  echo "ERROR: mnt_mq_go is empty. Check above output for errors"
  exit 50
 fi
 # Install the MQ redistributable client (including header files) into the Go builder image
 mkdir -p ${mnt_mq_go}/opt/mqm
 tar -xzf ${mq_redist_archive} -C ${mnt_mq_go}/opt/mqm
 # Clean up Yum files
 rm -rf ${mnt_mq_go}/etc/yum.repos.d/*
 buildah unmount ${ctr_mq}
 # Set environment variables for MQ/Go compilation
 buildah config \
  --os linux \
  --env CGO_CFLAGS="-I/opt/mqm/inc/" \
  --env CGO_LDFLAGS_ALLOW="-Wl,-rpath.*" \
  ${ctr_mq}
 buildah commit ${ctr_mq} ${tag}
 buildah rm ${ctr_mq}
--- a/mq-advanced-server-rhel/mqdev-buildah.sh
+++ b/mq-advanced-server-rhel/mqdev-buildah.sh
@@ -0,0 +1,117 @@
 #!/bin/bash
 # -*- mode: sh -*-
 # © Copyright IBM Corporation 2018, 2019
 #
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # Build a RHEL image of MQ Advanced for Developers, using the buildah tool
 set -x
 set -e
 function usage {
  echo "Usage: $0 BASETAG TAG VERSION"
  exit 20
 }
 if [ "$#" -ne 3 ]; then
  echo "ERROR: Invalid number of parameters"
  usage
 fi
 ###############################################################################
 # Setup MQ server working container
 ###############################################################################
 # Use a "scratch" container, so the resulting image has minimal files
 # Resulting image won't have yum, for example
 readonly basetag=$1
 readonly ctr_mq=$(buildah from $basetag)
 if [ -z "$ctr_mq" ]
 then
  echo "ERROR: ctr_mq is empty. Check above output for errors"
  exit 50
 fi
 readonly mnt_mq=$(buildah mount $ctr_mq)
 if [ -z "$mnt_mq" ]
 then
  echo "ERROR: mnt_mq is empty. Check above output for errors"
  exit 50
 fi
 readonly tag=$2
 readonly version=$3
 readonly mqm_uid=888
 readonly mqm_gid=888
 # WARNING: This is what allows the mqm user to change the password of any other user
 # It's used by runmqdevserver to change the admin/app passwords.
 echo "mqm    ALL = NOPASSWD: /usr/sbin/chpasswd" > $mnt_mq/etc/sudoers.d/mq-dev-config
 # Run these commands inside the container so that the SELinux context is handled correctly
 buildah run --user root $ctr_mq -- useradd --gid mqm admin
 buildah run --user root $ctr_mq -- groupadd --system mqclient
 buildah run --user root $ctr_mq -- useradd --gid mqclient app
 buildah run --user root $ctr_mq -- bash -c "echo admin:passw0rd | chpasswd"
 mkdir --parents $mnt_mq/run/runmqdevserver
 chown ${mqm_uid}:${mqm_gid} $mnt_mq/run/runmqdevserver
 # Copy runmqdevserver program
 install --mode 0750 --owner ${mqm_uid} --group ${mqm_gid} ./build/runmqdevserver ${mnt_mq}/usr/local/bin/
 install --directory --mode 0775 --owner ${mqm_uid} --group 0 ${mnt_mq}/run/runmqdevserver
 # Copy template files
 cp ./incubating/mqadvanced-server-dev/*.tpl ${mnt_mq}/etc/mqm/
 # Copy web XML files for default developer configuration
 cp -R incubating/mqadvanced-server-dev/web/ ${mnt_mq}/etc/mqm/web
 ###############################################################################
 # Final Buildah commands
 ###############################################################################
 buildah config \
  --port 1414/tcp \
  --port 9157/tcp \
  --port 9443/tcp \
  --os linux \
  --label architecture=x86_64 \
  --label io.openshift.tags="mq messaging developer" \
  --label io.k8s.display-name="IBM MQ Advanced Server Developer Edition" \
  --label io.k8s.description="IBM MQ is messaging middleware that simplifies and accelerates the integration of diverse applications and business data across multiple platforms.  It uses message queues to facilitate the exchanges of information and offers a single messaging solution for cloud, mobile, Internet of Things (IoT) and on-premises environments." \
  --label name="${tag%:*}" \
  --label vendor="IBM" \
  --label version="$version" \
  --label release="1" \
  --label run="docker run -d -e LICENSE=accept --name ibm-mq-dev ${tag%:*}" \
  --label summary="IBM MQ Advanced Server Developer Edition" \
  --label description="IBM MQ is messaging middleware that simplifies and accelerates the integration of diverse applications and business data across multiple platforms.  It uses message queues to facilitate the exchanges of information and offers a single messaging solution for cloud, mobile, Internet of Things (IoT) and on-premises environments." \
  --label IBM_PRODUCT_ID="98102d16795c4263ad9ca075190a2d4d" \
  --label IBM_PRODUCT_NAME="IBM MQ Advanced Server Developer Edition" \
  --label IBM_PRODUCT_VERSION="$version" \
  --env AMQ_ADDITIONAL_JSON_LOG=1 \
  --env LANG=en_US.UTF-8 \
  --env LOG_FORMAT=basic \
  --env MQ_ADMIN_PASSWORD=passw0rd \
  --env MQ_DEV=true \
  --entrypoint runmqdevserver \
  --user ${mqm_uid} \
  $ctr_mq
 buildah unmount $ctr_mq
 buildah commit $ctr_mq $tag
 buildah rm $ctr_mq
--- a/mq-advanced-server-rhel/writePackages.sh
+++ b/mq-advanced-server-rhel/writePackages.sh
@@ -1,5 +1,8 @@
 #!/bin/bash
 # -*- mode: sh -*-
 # © Copyright IBM Corporation 2018, 2019
 #
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -12,18 +15,16 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-image: ibmcom/mq:9.1.2.0
+# Copy in licenses from installed packages
 manifests:
  - image: ibmcom/mq:9.1.2.0-x86_64
    platform:
      architecture: amd64
      os: linux
  - image: ibmcom/mq:9.1.2.0-ppc64le
    platform:
      architecture: ppc64le
      os: linux
  - image: ibmcom/mq:9.1.2.0-s390x
    platform:
      architecture: s390x
      os: linux
 set -e 
 rm -f /licenses/installed_package_notices
 for p in $(rpm -qa | sort)
 do 
  rpm -qi $p >> /licenses/installed_package_notices
  printf "\n" >> /licenses/installed_package_notices
 done
 chmod 0444 /licenses/installed_package_notices
--- a/test-image/20-config.mqsc
+++ b/test-image/20-config.mqsc
@@ -0,0 +1,19 @@
 * © Copyright IBM Corporation 2017
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 DEFINE CHANNEL(PASSWORD.SVRCONN) CHLTYPE(SVRCONN) REPLACE
 SET CHLAUTH(PASSWORD.SVRCONN) TYPE(BLOCKUSER) USERLIST('nobody') DESCR('Allow privileged users on this channel')
 SET CHLAUTH('*') TYPE(ADDRESSMAP) ADDRESS('*') USERSRC(NOACCESS) DESCR('BackStop rule')
 SET CHLAUTH(PASSWORD.SVRCONN) TYPE(ADDRESSMAP) ADDRESS('*') USERSRC(CHANNEL) CHCKCLNT(REQUIRED)
 ALTER AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS) ADOPTCTX(YES)
--- a/test-image/30-security.mqsc
+++ b/test-image/30-security.mqsc
@@ -1,5 +1,4 @@
-* © Copyright IBM Corporation 2019
+* © Copyright IBM Corporation 2017
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -13,7 +12,4 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
-* Set the keystore location for the queue manager
+REFRESH SECURITY TYPE(CONNAUTH)
 ALTER QMGR SSLKEYR('{{ .SSLKeyR }}')
 ALTER QMGR CERTLABL('{{ .CertificateLabel }}')
 REFRESH SECURITY(*) TYPE(SSL)
--- a/manifests/dockerhub/manifest-9.1.3.yaml
+++ b/manifests/dockerhub/manifest-9.1.3.yaml
@@ -1,4 +1,4 @@
-# © Copyright IBM Corporation 2019
+# © Copyright IBM Corporation 2015, 2017
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,17 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-image: ibmcom/mq:9.1.3.0-r2
+FROM mqadvanced
-manifests:
+RUN useradd alice -G mqm && \
-  - image: ibmcom/mq:9.1.3.0-r2-amd64
+    echo alice:passw0rd | chpasswd
-    platform:
+COPY *.mqsc /etc/mqm/
      architecture: amd64
      os: linux
  - image: ibmcom/mq:9.1.3.0-r2-ppc64le
    platform:
      architecture: ppc64le
      os: linux
  - image: ibmcom/mq:9.1.3.0-r2-s390x
    platform:
      architecture: s390x
      os: linux
--- a/test/docker/Gopkg.toml
+++ b/test/docker/Gopkg.toml
@@ -1,4 +1,4 @@
-# © Copyright IBM Corporation 2017, 2018
+# © Copyright IBM Corporation 2017, 2019
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
--- a/test/docker/devconfig_test.go
+++ b/test/docker/devconfig_test.go
@@ -1,7 +1,7 @@
 // +build mqdev
 /*
-© Copyright IBM Corporation 2018, 2019
+© Copyright IBM Corporation 2018
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -138,7 +138,7 @@ func TestDevWebDisabled(t *testing.T) {
 		Env: []string{
 			"LICENSE=accept",
 			"MQ_QMGR_NAME=qm1",
-			"MQ_ENABLE_EMBEDDED_WEB_SERVER=false",
+			"MQ_DISABLE_WEB_CONSOLE=true",
 		},
 	}
 	id := runContainer(t, cli, &containerConfig)
--- a/test/docker/docker_api_test.go
+++ b/test/docker/docker_api_test.go
@@ -24,6 +24,7 @@ import (
 	"os"
 	"path/filepath"
 	"regexp"
 	"runtime"
 	"strconv"
 	"strings"
 	"testing"
@@ -33,6 +34,8 @@ import (
 	"github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/client"
 	"github.com/docker/go-connections/nat"
 	"github.com/ibm-messaging/mq-container/internal/command"
 )
 func TestLicenseNotSet(t *testing.T) {
@@ -109,41 +112,75 @@ func goldenPath(t *testing.T, metric bool) {
 	stopContainer(t, cli, id)
 }
-// TestSecurityVulnerabilities checks for any vulnerabilities in the image, as reported
+// TestSecurityVulnerabilitiesUbuntu checks for any vulnerabilities in the image, as reported
-// by Red Hat
+// by Ubuntu
-func TestSecurityVulnerabilities(t *testing.T) {
+func TestSecurityVulnerabilitiesUbuntu(t *testing.T) {
 	t.Parallel()
 	cli, err := client.NewEnvClient()
 	if err != nil {
 		t.Fatal(err)
 	}
-	rc, _ := runContainerOneShot(t, cli, "bash", "-c", "command -v microdnf && test -e /etc/yum.repos.d/ubi.repo")
+	rc, _ := runContainerOneShot(t, cli, "bash", "-c", "test -d /etc/apt")
 	if rc != 0 {
-		t.Skip("Skipping test because container is based on ubi-minimal, which doesn't include yum")
+		t.Skip("Skipping test because container is not Ubuntu-based")
 	}
 	// Override the entrypoint to make "apt" only receive security updates, then check for updates
 	var url string
 	if runtime.GOARCH == "amd64" {
 		url = "http://security.ubuntu.com/ubuntu/"
 	} else {
 		url = "http://ports.ubuntu.com/ubuntu-ports/"
 	}
 	rc, log := runContainerOneShot(t, cli, "bash", "-c", "source /etc/os-release && echo \"deb "+url+" ${VERSION_CODENAME}-security main restricted\" > /etc/apt/sources.list && apt-get update 2>&1 >/dev/null && apt-get --simulate -qq upgrade")
 	if rc != 0 {
 		t.Fatalf("Expected success, got %v", rc)
 	}
 	lines := strings.Split(strings.TrimSpace(log), "\n")
 	if len(lines) > 0 && lines[0] != "" {
 		t.Errorf("Expected no vulnerabilities, found the following:\n%v", log)
 	}
 }
 // TestSecurityVulnerabilitiesRedHat checks for any vulnerabilities in the image, as reported
 // by Red Hat
 func TestSecurityVulnerabilitiesRedHat(t *testing.T) {
 	t.Parallel()
 	cli, err := client.NewEnvClient()
 	if err != nil {
 		t.Fatal(err)
 	}
 	_, ret, _ := command.Run("bash", "-c", "test -f /etc/redhat-release")
 	if ret != 0 {
 		t.Skip("Skipping test because host is not RedHat-based")
 	}
 	rc, _ := runContainerOneShot(t, cli, "bash", "-c", "test -f /etc/redhat-release")
 	if rc != 0 {
 		t.Skip("Skipping test because container is not RedHat-based")
 	}
 	id, _, err := command.Run("sudo", "buildah", "from", imageName())
 	if err != nil {
 		t.Log(id)
 		t.Fatal(err)
 	}
 	id = strings.TrimSpace(id)
 	defer command.Run("buildah", "rm", id)
 	mnt, _, err := command.Run("sudo", "buildah", "mount", id)
 	if err != nil {
 		t.Log(mnt)
 		t.Fatal(err)
 	}
 	mnt = strings.TrimSpace(mnt)
 	out, _, err := command.Run("bash", "-c", "sudo cp /etc/yum.repos.d/* "+filepath.Join(mnt, "/etc/yum.repos.d/"))
 	if err != nil {
 		t.Log(out)
 		t.Fatal(err)
 	}
 	out, ret, _ = command.Run("bash", "-c", "yum --installroot="+mnt+" updateinfo list sec | grep /Sec")
 	if ret != 1 {
 		t.Errorf("Expected no vulnerabilities, found the following:\n%v", out)
 	}
 	// id, _, err := command.Run("sudo", "buildah", "from", imageName())
 	// if err != nil {
 	// 	t.Log(id)
 	// 	t.Fatal(err)
 	// }
 	// id = strings.TrimSpace(id)
 	// defer command.Run("buildah", "rm", id)
 	// mnt, _, err := command.Run("sudo", "buildah", "mount", id)
 	// if err != nil {
 	// 	t.Log(mnt)
 	// 	t.Fatal(err)
 	// }
 	// mnt = strings.TrimSpace(mnt)
 	// out, _, err := command.Run("bash", "-c", "sudo cp /etc/yum.repos.d/* "+filepath.Join(mnt, "/etc/yum.repos.d/"))
 	// if err != nil {
 	// 	t.Log(out)
 	// 	t.Fatal(err)
 	// }
 	// out, ret, _ := command.Run("bash", "-c", "yum --installroot="+mnt+" updateinfo list sec | grep /Sec")
 	// if ret != 1 {
 	// 	t.Errorf("Expected no vulnerabilities, found the following:\n%v", out)
 	// }
 }
 func utilTestNoQueueManagerName(t *testing.T, hostName string, expectedName string) {
@@ -198,7 +235,7 @@ func withVolume(t *testing.T, metric bool) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	vol := createVolume(t, cli, t.Name())
+	vol := createVolume(t, cli)
 	defer removeVolume(t, cli, vol.Name)
 	containerConfig := container.Config{
 		Image: imageName(),
@@ -236,62 +273,6 @@ func withVolume(t *testing.T, metric bool) {
 	waitForReady(t, cli, ctr2.ID)
 }
 // TestWithSplitVolumesLogsData starts a queue manager with separate log/data mounts
 func TestWithSplitVolumesLogsData(t *testing.T) {
 	cli, err := client.NewEnvClient()
 	if err != nil {
 		t.Fatal(err)
 	}
 	qmsharedlogs := createVolume(t, cli, "qmsharedlogs")
 	defer removeVolume(t, cli, qmsharedlogs.Name)
 	qmshareddata := createVolume(t, cli, "qmshareddata")
 	defer removeVolume(t, cli, qmshareddata.Name)
 	err, qmID, qmVol := startMultiVolumeQueueManager(t, cli, true, qmsharedlogs.Name, qmshareddata.Name, []string{"LICENSE=accept", "MQ_QMGR_NAME=qm1"})
 	defer removeVolume(t, cli, qmVol)
 	defer cleanContainer(t, cli, qmID)
 	waitForReady(t, cli, qmID)
 }
 // TestWithSplitVolumesLogsOnly starts a queue manager with a separate log mount
 func TestWithSplitVolumesLogsOnly(t *testing.T) {
 	cli, err := client.NewEnvClient()
 	if err != nil {
 		t.Fatal(err)
 	}
 	qmsharedlogs := createVolume(t, cli, "qmsharedlogs")
 	defer removeVolume(t, cli, qmsharedlogs.Name)
 	err, qmID, qmVol := startMultiVolumeQueueManager(t, cli, true, qmsharedlogs.Name, "", []string{"LICENSE=accept", "MQ_QMGR_NAME=qm1"})
 	defer removeVolume(t, cli, qmVol)
 	defer cleanContainer(t, cli, qmID)
 	waitForReady(t, cli, qmID)
 }
 // TestWithSplitVolumesDataOnly starts a queue manager with a separate data mount
 func TestWithSplitVolumesDataOnly(t *testing.T) {
 	cli, err := client.NewEnvClient()
 	if err != nil {
 		t.Fatal(err)
 	}
 	qmshareddata := createVolume(t, cli, "qmshareddata")
 	defer removeVolume(t, cli, qmshareddata.Name)
 	err, qmID, qmVol := startMultiVolumeQueueManager(t, cli, true, "", qmshareddata.Name, []string{"LICENSE=accept", "MQ_QMGR_NAME=qm1"})
 	defer removeVolume(t, cli, qmVol)
 	defer cleanContainer(t, cli, qmID)
 	waitForReady(t, cli, qmID)
 }
 // TestNoVolumeWithRestart ensures a queue manager container can be stopped
 // and restarted cleanly
 func TestNoVolumeWithRestart(t *testing.T) {
@@ -317,11 +298,12 @@ func TestNoVolumeWithRestart(t *testing.T) {
 // where `runmqserver -i` is run to initialize the storage.  Then the
 // container can be run as normal.
 func TestVolumeRequiresRoot(t *testing.T) {
 	cli, err := client.NewEnvClient()
 	if err != nil {
 		t.Fatal(err)
 	}
-	vol := createVolume(t, cli, t.Name())
+	vol := createVolume(t, cli)
 	defer removeVolume(t, cli, vol.Name)
 	// Set permissions on the volume to only allow root to write it
@@ -457,7 +439,7 @@ func TestVolumeUnmount(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	vol := createVolume(t, cli, t.Name())
+	vol := createVolume(t, cli)
 	defer removeVolume(t, cli, vol.Name)
 	containerConfig := container.Config{
 		Image: imageName(),
@@ -572,237 +554,41 @@ func TestMQSC(t *testing.T) {
 	}
 }
 // TestLargeMQSC creates a new image with a large MQSC file in, starts a container based
 // on that image, and checks that the MQSC has been applied correctly.
 func TestLargeMQSC(t *testing.T) {
 	t.Parallel()
 	cli, err := client.NewEnvClient()
 	if err != nil {
 		t.Fatal(err)
 	}
 	const numQueues = 1000
 	var buf bytes.Buffer
 	for i := 1; i <= numQueues; i++ {
 		fmt.Fprintf(&buf, "* Test processing of a large MQSC file, defining queue test%v\nDEFINE QLOCAL(test%v)\n", i, i)
 	}
 	var files = []struct {
 		Name, Body string
 	}{
 		{"Dockerfile", fmt.Sprintf(`
          FROM %v
          USER root
          RUN rm -f /etc/mqm/*.mqsc
          ADD test.mqsc /etc/mqm/
          RUN chmod 0660 /etc/mqm/test.mqsc
          USER mqm`, imageName())},
 		{"test.mqsc", buf.String()},
 	}
 	tag := createImage(t, cli, files)
 	defer deleteImage(t, cli, tag)
 	containerConfig := container.Config{
 		Env:   []string{"LICENSE=accept", "MQ_QMGR_NAME=qm1"},
 		Image: tag,
 	}
 	id := runContainer(t, cli, &containerConfig)
 	defer cleanContainer(t, cli, id)
 	waitForReady(t, cli, id)
 	rc, mqscOutput := execContainer(t, cli, id, "mqm", []string{"bash", "-c", "echo 'DISPLAY QLOCAL(test" + strconv.Itoa(numQueues) + ")' | runmqsc"})
 	if rc != 0 {
 		r := regexp.MustCompile("AMQ[0-9][0-9][0-9][0-9]E")
 		t.Fatalf("Expected runmqsc to exit with rc=0, got %v with error %v", rc, r.FindString(mqscOutput))
 	}
 }
 // TestRedactValidMQSC creates a new image with a Valid MQSC file that contains sensitive information, starts a container based
 // on that image, and checks that the MQSC has been redacted in the logs.
 func TestRedactValidMQSC(t *testing.T) {
 	t.Parallel()
 	cli, err := client.NewEnvClient()
 	if err != nil {
 		t.Fatal(err)
 	}
 	var buf bytes.Buffer
 	passwords := "hippoman4567"
 	sslcryp := fmt.Sprintf("GSK_PKCS11=/usr/lib/pkcs11/PKCS11_API.so;token-label;%s;SYMMETRIC_CIPHER_ON;", passwords)
 	/* LDAPPWD*/
 	fmt.Fprintf(&buf, "DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) CONNAME('test(24)') SHORTUSR('sn') LDAPUSER('user') LDAPPWD('%v')\n", passwords)
 	fmt.Fprintf(&buf, "ALTER AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) ldappwd('%v')\n", passwords)
 	fmt.Fprintf(&buf, "ALTER AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) lDaPpWd('%v')\n", passwords)
 	fmt.Fprintf(&buf, "ALTER AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD \t('%v')\n", passwords)
 	fmt.Fprintf(&buf, "ALTER AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) +\n LDAP+\n PWD('%v')\n", passwords)
 	fmt.Fprintf(&buf, "ALTER AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) -\nLDAPP-\nWD('%v')\n", passwords)
 	fmt.Fprintf(&buf, "ALTER AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) +\n*test comment\n LDAPP-\n*test comment2\nWD('%v')\n", passwords)
 	fmt.Fprintf(&buf, "ALTER AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD(%v)\n", passwords)
 	/* PASSWORD */
 	fmt.Fprintf(&buf, "DEFINE CHANNEL(TEST2) CHLTYPE(SDR) CONNAME('test(24)') XMITQ('fake') PASSWORD('%v')\n", passwords)
 	fmt.Fprintf(&buf, "ALTER CHANNEL(TEST2) CHLTYPE(SDR) password('%v')\n", passwords)
 	fmt.Fprintf(&buf, "ALTER CHANNEL(TEST2) CHLTYPE(SDR) pAsSwOrD('%v')\n", passwords)
 	fmt.Fprintf(&buf, "ALTER CHANNEL(TEST2) CHLTYPE(SDR) PASSWORD \t('%v')\n", passwords)
 	fmt.Fprintf(&buf, "ALTER CHANNEL(TEST2) +\n CHLTYPE(SDR) PASS+\n WORD+\n ('%v')\n", passwords)
 	fmt.Fprintf(&buf, "ALTER CHANNEL(TEST2) -\nCHLTYPE(SDR) PASS-\nWORD-\n('%v')\n", passwords)
 	fmt.Fprintf(&buf, "ALTER CHANNEL(TEST2) +\n CHLTYPE(SDR) PASS-\n*comemnt 2\nWORD+\n*test comment\n ('%v')\n", passwords)
 	fmt.Fprintf(&buf, "ALTER CHANNEL(TEST2) CHLTYPE(SDR) PASSWORD(%s)\n", passwords)
 	/* SSLCRYP */
 	fmt.Fprintf(&buf, "ALTER QMGR SSLCRYP('%v')\n", sslcryp)
 	fmt.Fprintf(&buf, "ALTER QMGR sslcryp('%v')\n", sslcryp)
 	fmt.Fprintf(&buf, "ALTER QMGR SsLcRyP('%v')\n", sslcryp)
 	fmt.Fprintf(&buf, "ALTER QMGR SSLCRYP \t('%v')\n", sslcryp)
 	fmt.Fprintf(&buf, "ALTER QMGR +\n SSL+\n CRYP+\n ('%v')\n", sslcryp)
 	fmt.Fprintf(&buf, "ALTER QMGR -\nSSLC-\nRYP-\n('%v')\n", sslcryp)
 	fmt.Fprintf(&buf, "ALTER QMGR +\n*commenttime\n SSL-\n*commentagain\nCRYP+\n*last comment\n ('%v')\n", sslcryp)
 	var files = []struct {
 		Name, Body string
 	}{
 		{"Dockerfile", fmt.Sprintf(`
 		  FROM %v
 		  USER root
 		  RUN rm -f /etc/mqm/*.mqsc
 		  ADD test.mqsc /etc/mqm/
 		  RUN chmod 0660 /etc/mqm/test.mqsc
 		  USER mqm`, imageName())},
 		{"test.mqsc", buf.String()},
 	}
 	tag := createImage(t, cli, files)
 	defer deleteImage(t, cli, tag)
 	containerConfig := container.Config{
 		Env:   []string{"LICENSE=accept", "MQ_QMGR_NAME=qm1"},
 		Image: tag,
 	}
 	id := runContainer(t, cli, &containerConfig)
 	defer cleanContainer(t, cli, id)
 	waitForReady(t, cli, id)
 	stopContainer(t, cli, id)
 	scanner := bufio.NewScanner(strings.NewReader(inspectLogs(t, cli, id)))
 	for scanner.Scan() {
 		s := scanner.Text()
 		if strings.Contains(s, sslcryp) || strings.Contains(s, passwords) {
 			t.Fatalf("Expected redacted MQSC output, got: %v", s)
 		}
 	}
 	err = scanner.Err()
 	if err != nil {
 		t.Fatal(err)
 	}
 }
 // TestRedactValidMQSC creates a new image with a Invalid MQSC file that contains sensitive information, starts a container based
 // on that image, and checks that the MQSC has been redacted in the logs.
 func TestRedactInvalidMQSC(t *testing.T) {
 	t.Parallel()
 	cli, err := client.NewEnvClient()
 	if err != nil {
 		t.Fatal(err)
 	}
 	var buf bytes.Buffer
 	passwords := "hippoman4567"
 	sslcryp := fmt.Sprintf("GSK_PKCS11=/usr/lib/pkcs11/PKCS11_API.so;token-label;%s;SYMMETRIC_CIPHER_ON;", passwords)
 	/* LDAPPWD*/
 	fmt.Fprintf(&buf, "DEFINE AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) CONNAME('test(24)') SHORTUSR('sn') LDAPUSER('user') LDAPPWD('%v')\n", passwords)
 	fmt.Fprintf(&buf, "ALTER AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPPPPPP('%v')\n", passwords)
 	fmt.Fprintf(&buf, "ALTER AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD['%v']\n", passwords)
 	fmt.Fprintf(&buf, "ALTER AUTHINFO(TEST) AUTHTYPE(ARGHHH) LDAPPWD('%v')\n", passwords)
 	fmt.Fprintf(&buf, "ALTER AUTHINFO(TEST) LDAPPWD('%v')\n", passwords)
 	fmt.Fprintf(&buf, "ALTER AUTHINFO(TEST) ARGHAHA(IDPWLDAP) LDAPPWD('%v')\n", passwords)
 	fmt.Fprintf(&buf, "ALTER AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD '%v'\n", passwords)
 	fmt.Fprintf(&buf, "ALTER AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD('%v') badvalues\n", passwords)
 	fmt.Fprintf(&buf, "ALTER AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) badvales LDAPPWD('%v')\n", passwords)
 	fmt.Fprintf(&buf, "ALTER AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD{'%v'}\n", passwords)
 	fmt.Fprintf(&buf, "ALTER AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD<'%v'>\n", passwords)
 	fmt.Fprintf(&buf, "ALTER AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD('%v'+\n p['il6])\n", passwords)
 	fmt.Fprintf(&buf, "ALTER AUTHINFO(TEST) AUTHTYPE(IDPWLDAP) LDAPPWD('%v'/653***)\n", passwords)
 	fmt.Fprintf(&buf, "ALTER AUTHINFO(TEST) LDAPPWD('%v'\n DISPLAY QMGR", passwords)
 	fmt.Fprintf(&buf, "ALTER AUTHINFO(TEST) LDAPPWD('%v💩')\n", passwords)
 	fmt.Fprintf(&buf, "ALTER AUTHINFO(TEST) LDAPPWD💩('%v')\n", passwords)
 	fmt.Fprintf(&buf, "ALTER AUTHINFO(TEST) LDAP+\n 💩PWD('%v')\n", passwords)
 	fmt.Fprintf(&buf, "ALTER AUTHINFO(TEST) 💩 LDAPPWD('%v')\n", passwords)
 	fmt.Fprintf(&buf, "ALTER AUTHINFO(TEST) LDAPPWD 💩 ('%v')\n", passwords)
 	fmt.Fprintf(&buf, "ALTER AUTHINFO(TEST) LDAPPWD('%v') 💩\n", passwords)
 	fmt.Fprintf(&buf, "ALTER 💩 AUTHINFO(TEST) LDAPPWD('%v')\n", passwords)
 	var files = []struct {
 		Name, Body string
 	}{
 		{"Dockerfile", fmt.Sprintf(`
 		  FROM %v
 		  USER root
 		  RUN rm -f /etc/mqm/*.mqsc
 		  ADD test.mqsc /etc/mqm/
 		  RUN chmod 0660 /etc/mqm/test.mqsc
 		  USER mqm`, imageName())},
 		{"test.mqsc", buf.String()},
 	}
 	tag := createImage(t, cli, files)
 	defer deleteImage(t, cli, tag)
 	containerConfig := container.Config{
 		Env:   []string{"LICENSE=accept", "MQ_QMGR_NAME=qm1"},
 		Image: tag,
 	}
 	id := runContainer(t, cli, &containerConfig)
 	defer cleanContainer(t, cli, id)
 	rc := waitForContainer(t, cli, id, 20*time.Second)
 	if rc != 1 {
 		t.Errorf("Expected rc=1, got rc=%v", rc)
 	}
 	scanner := bufio.NewScanner(strings.NewReader(inspectLogs(t, cli, id)))
 	for scanner.Scan() {
 		s := scanner.Text()
 		if strings.Contains(s, sslcryp) || strings.Contains(s, passwords) {
 			t.Fatalf("Expected redacted MQSC output, got: %v", s)
 		}
 	}
 	err = scanner.Err()
 	if err != nil {
 		t.Fatal(err)
 	}
 }
 // TestInvalidMQSC creates a new image with an MQSC file containing invalid MQSC,
 // tries to start a container based on that image, and checks that container terminates
-func TestInvalidMQSC(t *testing.T) {
+// func TestInvalidMQSC(t *testing.T) {
-	t.Parallel()
+// 	t.Parallel()
-	cli, err := client.NewEnvClient()
+// 	cli, err := client.NewEnvClient()
-	if err != nil {
+// 	if err != nil {
-		t.Fatal(err)
+// 		t.Fatal(err)
-	}
+// 	}
-	var files = []struct {
+// 	var files = []struct {
-		Name, Body string
+// 		Name, Body string
-	}{
+// 	}{
-		{"Dockerfile", fmt.Sprintf(`
+// 		{"Dockerfile", fmt.Sprintf(`
-		FROM %v
+// 		FROM %v
-		USER root
+// 		USER root
-		RUN rm -f /etc/mqm/*.mqsc
+// 		RUN rm -f /etc/mqm/*.mqsc
-		ADD mqscTest.mqsc /etc/mqm/
+// 		ADD mqscTest.mqsc /etc/mqm/
-		RUN chmod 0660 /etc/mqm/mqscTest.mqsc
+// 		RUN chmod 0660 /etc/mqm/mqscTest.mqsc
-		USER mqm`, imageName())},
+// 		USER mqm`, imageName())},
-		{"mqscTest.mqsc", "DEFINE INVALIDLISTENER('TEST.LISTENER.TCP') TRPTYPE(TCP) PORT(1414) CONTROL(QMGR) REPLACE"},
+// 		{"mqscTest.mqsc", "DEFINE INVALIDLISTENER('TEST.LISTENER.TCP') TRPTYPE(TCP) PORT(1414) CONTROL(QMGR) REPLACE"},
-	}
+// 	}
-	tag := createImage(t, cli, files)
+// 	tag := createImage(t, cli, files)
-	defer deleteImage(t, cli, tag)
+// 	defer deleteImage(t, cli, tag)
-	containerConfig := container.Config{
+// 	containerConfig := container.Config{
-		Env:   []string{"LICENSE=accept", "MQ_QMGR_NAME=qm1"},
+// 		Env:   []string{"LICENSE=accept", "MQ_QMGR_NAME=qm1"},
-		Image: tag,
+// 		Image: tag,
-	}
+// 	}
-	id := runContainer(t, cli, &containerConfig)
+// 	id := runContainer(t, cli, &containerConfig)
-	defer cleanContainer(t, cli, id)
+// 	defer cleanContainer(t, cli, id)
-	rc := waitForContainer(t, cli, id, 60*time.Second)
+// 	rc := waitForContainer(t, cli, id, 60*time.Second)
-	if rc != 1 {
+// 	if rc != 1 {
-		t.Errorf("Expected rc=1, got rc=%v", rc)
+// 		t.Errorf("Expected rc=1, got rc=%v", rc)
-	}
+// 	}
-	expectTerminationMessage(t, cli, id)
+// 	expectTerminationMessage(t, cli, id)
-}
+// }
 // TestReadiness creates a new image with large amounts of MQSC in, to
 // ensure that the readiness check doesn't pass until configuration has finished.
@@ -1086,8 +872,8 @@ func TestVersioning(t *testing.T) {
 	total := 6
 	foundCreated := false
-	// foundRevision := false
+	foundRevision := false
-	// foundSource := false
+	foundSource := false
 	foundMQVersion := false
 	foundMQLevel := false
 	foundMQLicense := false
@@ -1108,30 +894,30 @@ func TestVersioning(t *testing.T) {
 			}
 		}
-		// if strings.Contains(line, "Image revision:") && !foundRevision {
+		if strings.Contains(line, "Image revision:") && !foundRevision {
-		// 	total--
+			total--
-		// 	foundRevision = true
+			foundRevision = true
-		// 	dataAr := strings.Split(line, " ")
+			dataAr := strings.Split(line, " ")
-		// 	data := dataAr[len(dataAr)-1]
+			data := dataAr[len(dataAr)-1]
-		// 	// Verify revision
+			// Verify revision
-		// 	pattern := regexp.MustCompile("^[a-fA-F0-9]{40}$")
+			pattern := regexp.MustCompile("^[a-fA-F0-9]{40}$")
-		// 	if !pattern.MatchString(data) {
+			if !pattern.MatchString(data) {
-		// 		t.Errorf("Failed to validate revision (%v)", data)
+				t.Errorf("Failed to validate revision (%v)", data)
-		// 	}
+			}
-		// }
+		}
-		// if strings.Contains(line, "Image source:") && !foundSource {
+		if strings.Contains(line, "Image source:") && !foundSource {
-		// 	total--
+			total--
-		// 	foundSource = true
+			foundSource = true
-		// 	dataAr := strings.Split(line, " ")
+			dataAr := strings.Split(line, " ")
-		// 	data := dataAr[len(dataAr)-1]
+			data := dataAr[len(dataAr)-1]
-		// 	// Verify source
+			// Verify source
-		// 	if !strings.Contains(data, "github") {
+			if !strings.Contains(data, "github") {
-		// 		t.Errorf("Failed to validate source (%v)", data)
+				t.Errorf("Failed to validate source (%v)", data)
-		// 	}
+			}
-		// }
+		}
 		if strings.Contains(line, "MQ version:") && !foundMQVersion {
 			total--
@@ -1177,11 +963,7 @@ func TestVersioning(t *testing.T) {
 		}
 	}
-	// if !foundCreated || !foundRevision || !foundSource || !foundMQVersion || !foundMQLevel || !foundMQLicense {
+	if !foundCreated || !foundRevision || !foundSource || !foundMQVersion || !foundMQLevel || !foundMQLicense {
-	if !foundCreated || !foundMQVersion || !foundMQLevel || !foundMQLicense {
+		t.Errorf("Failed to find one or more version strings: created(%v) revision(%v) source(%v) mqversion(%v) mqlevel(%v) mqlicense(%v)", foundCreated, foundRevision, foundSource, foundMQVersion, foundMQLevel, foundMQLicense)
 		// t.Errorf("Failed to find one or more version strings: created(%v) revision(%v) source(%v) mqversion(%v) mqlevel(%v) mqlicense(%v)", foundCreated, foundRevision, foundSource, foundMQVersion, foundMQLevel, foundMQLicense)
 		t.Errorf("Failed to find one or more version strings: created(%v) mqversion(%v) mqlevel(%v) mqlicense(%v)", foundCreated, foundMQVersion, foundMQLevel, foundMQLicense)
 	}
 }
--- a/test/docker/docker_api_test_util.go
+++ b/test/docker/docker_api_test_util.go
@@ -398,14 +398,6 @@ func stopContainer(t *testing.T, cli *client.Client, ID string) {
 	}
 }
 func killContainer(t *testing.T, cli *client.Client, ID string, signal string) {
 	t.Logf("Killing container: %v", ID)
 	err := cli.ContainerKill(context.Background(), ID, signal)
 	if err != nil {
 		t.Fatal(err)
 	}
 }
 func getExitCodeFilename(t *testing.T) string {
 	return t.Name() + "ExitCode"
 }
@@ -530,9 +522,6 @@ func waitForReady(t *testing.T, cli *client.Client, ID string) {
 			if rc == 0 {
 				t.Log("MQ is ready")
 				return
 			} else if rc == 10 {
 				t.Log("MQ Readiness: Queue Manager Running as Standby")
 				return
 			}
 		case <-ctx.Done():
 			t.Fatal("Timed out waiting for container to become ready")
@@ -568,17 +557,17 @@ func removeNetwork(t *testing.T, cli *client.Client, ID string) {
 	}
 }
-func createVolume(t *testing.T, cli *client.Client, name string) types.Volume {
+func createVolume(t *testing.T, cli *client.Client) types.Volume {
 	v, err := cli.VolumeCreate(context.Background(), volume.VolumesCreateBody{
 		Driver:     "local",
 		DriverOpts: map[string]string{},
 		Labels:     map[string]string{},
-		Name:       name,
+		Name:       t.Name(),
 	})
 	if err != nil {
 		t.Fatal(err)
 	}
-	t.Logf("Created volume %v", v.Name)
+	t.Logf("Created volume %v", t.Name())
 	return v
 }
--- a/test/docker/mq_multi_instance_test.go
+++ b/test/docker/mq_multi_instance_test.go
@@ -1,234 +0,0 @@
 /*
 © Copyright IBM Corporation 2019
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package main
 import (
 	"strings"
 	"testing"
 	"time"
 	"github.com/docker/docker/client"
 )
 var miEnv = []string{
 	"LICENSE=accept",
 	"MQ_QMGR_NAME=QM1",
 	"MQ_MULTI_INSTANCE=true",
 }
 // TestMultiInstanceStartStop creates 2 containers in a multi instance queue manager configuration
 // and starts/stop them checking we always have an active and standby
 func TestMultiInstanceStartStop(t *testing.T) {
 	cli, err := client.NewEnvClient()
 	if err != nil {
 		t.Fatal(err)
 	}
 	err, qm1aId, qm1bId, volumes := configureMultiInstance(t, cli)
 	if err != nil {
 		t.Fatal(err)
 	}
 	for _, volume := range volumes {
 		defer removeVolume(t, cli, volume)
 	}
 	defer cleanContainer(t, cli, qm1aId)
 	defer cleanContainer(t, cli, qm1bId)
 	waitForReady(t, cli, qm1aId)
 	waitForReady(t, cli, qm1bId)
 	err, active, standby := getActiveStandbyQueueManager(t, cli, qm1aId, qm1bId)
 	if err != nil {
 		t.Fatal(err)
 	}
 	killContainer(t, cli, active, "SIGTERM")
 	time.Sleep(2 * time.Second)
 	if status := getQueueManagerStatus(t, cli, standby, "QM1"); strings.Compare(status, "Running") != 0 {
 		t.Fatalf("Expected QM1 to be running as active queue manager, dspmq returned status of %v", status)
 	}
 	startContainer(t, cli, qm1aId)
 	waitForReady(t, cli, qm1aId)
 	err, _, _ = getActiveStandbyQueueManager(t, cli, qm1aId, qm1bId)
 	if err != nil {
 		t.Fatal(err)
 	}
 }
 // TestMultiInstanceContainerStop starts 2 containers in a multi instance queue manager configuration,
 // stops the active queue manager, then checks to ensure the backup queue manager becomes active
 func TestMultiInstanceContainerStop(t *testing.T) {
 	cli, err := client.NewEnvClient()
 	if err != nil {
 		t.Fatal(err)
 	}
 	err, qm1aId, qm1bId, volumes := configureMultiInstance(t, cli)
 	if err != nil {
 		t.Fatal(err)
 	}
 	for _, volume := range volumes {
 		defer removeVolume(t, cli, volume)
 	}
 	defer cleanContainer(t, cli, qm1aId)
 	defer cleanContainer(t, cli, qm1bId)
 	waitForReady(t, cli, qm1aId)
 	waitForReady(t, cli, qm1bId)
 	err, active, standby := getActiveStandbyQueueManager(t, cli, qm1aId, qm1bId)
 	if err != nil {
 		t.Fatal(err)
 	}
 	stopContainer(t, cli, active)
 	if status := getQueueManagerStatus(t, cli, standby, "QM1"); strings.Compare(status, "Running") != 0 {
 		t.Fatalf("Expected QM1 to be running as active queue manager, dspmq returned status of %v", status)
 	}
 }
 // TestMultiInstanceRace starts 2 containers in separate goroutines in a multi instance queue manager
 // configuration, then checks to ensure that both an active and standby queue manager have been started
 func TestMultiInstanceRace(t *testing.T) {
 	t.Skipf("Skipping %v until file lock is implemented", t.Name())
 	cli, err := client.NewEnvClient()
 	if err != nil {
 		t.Fatal(err)
 	}
 	qmsharedlogs := createVolume(t, cli, "qmsharedlogs")
 	defer removeVolume(t, cli, qmsharedlogs.Name)
 	qmshareddata := createVolume(t, cli, "qmshareddata")
 	defer removeVolume(t, cli, qmshareddata.Name)
 	qmsChannel := make(chan QMChan)
 	go singleMultiInstanceQueueManager(t, cli, qmsharedlogs.Name, qmshareddata.Name, qmsChannel)
 	go singleMultiInstanceQueueManager(t, cli, qmsharedlogs.Name, qmshareddata.Name, qmsChannel)
 	qm1a := <-qmsChannel
 	if qm1a.Error != nil {
 		t.Fatal(qm1a.Error)
 	}
 	qm1b := <-qmsChannel
 	if qm1b.Error != nil {
 		t.Fatal(qm1b.Error)
 	}
 	qm1aId, qm1aData := qm1a.QMId, qm1a.QMData
 	qm1bId, qm1bData := qm1b.QMId, qm1b.QMData
 	defer removeVolume(t, cli, qm1aData)
 	defer removeVolume(t, cli, qm1bData)
 	defer cleanContainer(t, cli, qm1aId)
 	defer cleanContainer(t, cli, qm1bId)
 	waitForReady(t, cli, qm1aId)
 	waitForReady(t, cli, qm1bId)
 	err, _, _ = getActiveStandbyQueueManager(t, cli, qm1aId, qm1bId)
 	if err != nil {
 		t.Fatal(err)
 	}
 }
 // TestMultiInstanceNoSharedMounts starts 2 multi instance queue managers without providing shared log/data
 // mounts, then checks to ensure that the container terminates with the expected message
 func TestMultiInstanceNoSharedMounts(t *testing.T) {
 	t.Parallel()
 	cli, err := client.NewEnvClient()
 	if err != nil {
 		t.Fatal(err)
 	}
 	err, qm1aId, qm1aData := startMultiVolumeQueueManager(t, cli, true, "", "", miEnv)
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer removeVolume(t, cli, qm1aData)
 	defer cleanContainer(t, cli, qm1aId)
 	waitForTerminationMessage(t, cli, qm1aId, "Missing required mount '/mnt/mqm-log'", 30*time.Second)
 }
 // TestMultiInstanceNoSharedLogs starts 2 multi instance queue managers without providing a shared log
 // mount, then checks to ensure that the container terminates with the expected message
 func TestMultiInstanceNoSharedLogs(t *testing.T) {
 	cli, err := client.NewEnvClient()
 	if err != nil {
 		t.Fatal(err)
 	}
 	qmshareddata := createVolume(t, cli, "qmshareddata")
 	defer removeVolume(t, cli, qmshareddata.Name)
 	err, qm1aId, qm1aData := startMultiVolumeQueueManager(t, cli, true, "", qmshareddata.Name, miEnv)
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer removeVolume(t, cli, qm1aData)
 	defer cleanContainer(t, cli, qm1aId)
 	waitForTerminationMessage(t, cli, qm1aId, "Missing required mount '/mnt/mqm-log'", 30*time.Second)
 }
 // TestMultiInstanceNoSharedData starts 2 multi instance queue managers without providing a shared data
 // mount, then checks to ensure that the container terminates with the expected message
 func TestMultiInstanceNoSharedData(t *testing.T) {
 	cli, err := client.NewEnvClient()
 	if err != nil {
 		t.Fatal(err)
 	}
 	qmsharedlogs := createVolume(t, cli, "qmsharedlogs")
 	defer removeVolume(t, cli, qmsharedlogs.Name)
 	err, qm1aId, qm1aData := startMultiVolumeQueueManager(t, cli, true, qmsharedlogs.Name, "", miEnv)
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer removeVolume(t, cli, qm1aData)
 	defer cleanContainer(t, cli, qm1aId)
 	waitForTerminationMessage(t, cli, qm1aId, "Missing required mount '/mnt/mqm-data'", 30*time.Second)
 }
 // TestMultiInstanceNoMounts starts 2 multi instance queue managers without providing a shared data
 // mount, then checks to ensure that the container terminates with the expected message
 func TestMultiInstanceNoMounts(t *testing.T) {
 	cli, err := client.NewEnvClient()
 	if err != nil {
 		t.Fatal(err)
 	}
 	err, qm1aId, qm1aData := startMultiVolumeQueueManager(t, cli, false, "", "", miEnv)
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer removeVolume(t, cli, qm1aData)
 	defer cleanContainer(t, cli, qm1aId)
 	waitForTerminationMessage(t, cli, qm1aId, "Missing required mount '/mnt/mqm'", 30*time.Second)
 }
--- a/test/docker/mq_multi_instance_test_util.go
+++ b/test/docker/mq_multi_instance_test_util.go
@@ -1,178 +0,0 @@
 /*
 © Copyright IBM Corporation 2019
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package main
 import (
 	"context"
 	"fmt"
 	"regexp"
 	"strconv"
 	"strings"
 	"testing"
 	"time"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/client"
 )
 type QMChan struct {
 	QMId   string
 	QMData string
 	Error  error
 }
 // configureMultiInstance creates the volumes and containers required for basic testing
 // of multi instance queue managers. Returns error, qm1a ID, qm1b ID, slice of volume names
 func configureMultiInstance(t *testing.T, cli *client.Client) (error, string, string, []string) {
 	qmsharedlogs := createVolume(t, cli, "qmsharedlogs")
 	qmshareddata := createVolume(t, cli, "qmshareddata")
 	err, qm1aId, qm1aData := startMultiVolumeQueueManager(t, cli, true, qmsharedlogs.Name, qmshareddata.Name, miEnv)
 	if err != nil {
 		return err, "", "", []string{}
 	}
 	time.Sleep(10 * time.Second)
 	err, qm1bId, qm1bData := startMultiVolumeQueueManager(t, cli, true, qmsharedlogs.Name, qmshareddata.Name, miEnv)
 	if err != nil {
 		return err, "", "", []string{}
 	}
 	volumes := []string{qmsharedlogs.Name, qmshareddata.Name, qm1aData, qm1bData}
 	return nil, qm1aId, qm1bId, volumes
 }
 func singleMultiInstanceQueueManager(t *testing.T, cli *client.Client, qmsharedlogs string, qmshareddata string, qmsChannel chan QMChan) {
 	err, qmId, qmData := startMultiVolumeQueueManager(t, cli, true, qmsharedlogs, qmshareddata, miEnv)
 	if err != nil {
 		qmsChannel <- QMChan{Error: err}
 	}
 	qmsChannel <- QMChan{QMId: qmId, QMData: qmData}
 }
 func getHostConfig(t *testing.T, mounts int, qmsharedlogs string, qmshareddata string, qmdata string) container.HostConfig {
 	var hostConfig container.HostConfig
 	switch mounts {
 	case 1:
 		hostConfig = container.HostConfig{
 			Binds: []string{
 				coverageBind(t),
 				qmdata + ":/mnt/mqm",
 			},
 		}
 	case 2:
 		hostConfig = container.HostConfig{
 			Binds: []string{
 				coverageBind(t),
 				qmdata + ":/mnt/mqm",
 				qmshareddata + ":/mnt/mqm-data",
 			},
 		}
 	case 3:
 		hostConfig = container.HostConfig{
 			Binds: []string{
 				coverageBind(t),
 				qmdata + ":/mnt/mqm",
 				qmsharedlogs + ":/mnt/mqm-log",
 			},
 		}
 	case 4:
 		hostConfig = container.HostConfig{
 			Binds: []string{
 				coverageBind(t),
 				qmdata + ":/mnt/mqm",
 				qmsharedlogs + ":/mnt/mqm-log",
 				qmshareddata + ":/mnt/mqm-data",
 			},
 		}
 	}
 	return hostConfig
 }
 func startMultiVolumeQueueManager(t *testing.T, cli *client.Client, dataVol bool, qmsharedlogs string, qmshareddata string, env []string) (error, string, string) {
 	id := strconv.FormatInt(time.Now().UnixNano(), 10)
 	qmdata := createVolume(t, cli, id)
 	containerConfig := container.Config{
 		Image: imageName(),
 		Env:   env,
 	}
 	var hostConfig container.HostConfig
 	if !dataVol {
 		hostConfig = container.HostConfig{}
 	} else if qmsharedlogs == "" && qmshareddata == "" {
 		hostConfig = getHostConfig(t, 1, "", "", qmdata.Name)
 	} else if qmsharedlogs == "" {
 		hostConfig = getHostConfig(t, 2, "", qmshareddata, qmdata.Name)
 	} else if qmshareddata == "" {
 		hostConfig = getHostConfig(t, 3, qmsharedlogs, "", qmdata.Name)
 	} else {
 		hostConfig = getHostConfig(t, 4, qmsharedlogs, qmshareddata, qmdata.Name)
 	}
 	networkingConfig := network.NetworkingConfig{}
 	qm, err := cli.ContainerCreate(context.Background(), &containerConfig, &hostConfig, &networkingConfig, t.Name()+id)
 	if err != nil {
 		return err, "", ""
 	}
 	startContainer(t, cli, qm.ID)
 	return nil, qm.ID, qmdata.Name
 }
 func getActiveStandbyQueueManager(t *testing.T, cli *client.Client, qm1aId string, qm1bId string) (error, string, string) {
 	qm1aStatus := getQueueManagerStatus(t, cli, qm1aId, "QM1")
 	qm1bStatus := getQueueManagerStatus(t, cli, qm1bId, "QM1")
 	if qm1aStatus == "Running" && qm1bStatus == "Running as standby" {
 		return nil, qm1aId, qm1bId
 	} else if qm1bStatus == "Running" && qm1aStatus == "Running as standby" {
 		return nil, qm1bId, qm1aId
 	}
 	err := fmt.Errorf("Expected to be running in multi instance configuration, got status 1) %v status 2) %v", qm1aStatus, qm1bStatus)
 	return err, "", ""
 }
 func getQueueManagerStatus(t *testing.T, cli *client.Client, containerID string, queueManagerName string) string {
 	_, dspmqOut := execContainer(t, cli, containerID, "mqm", []string{"bash", "-c", "dspmq", "-m", queueManagerName})
 	regex := regexp.MustCompile(`STATUS\(.*\)`)
 	status := regex.FindString(dspmqOut)
 	status = strings.TrimSuffix(strings.TrimPrefix(status, "STATUS("), ")")
 	return status
 }
 func waitForTerminationMessage(t *testing.T, cli *client.Client, qmId string, terminationString string, timeout time.Duration) {
 	ctx, cancel := context.WithTimeout(context.Background(), timeout)
 	defer cancel()
 	for {
 		select {
 		case <-time.After(1 * time.Second):
 			m := terminationMessage(t, cli, qmId)
 			if m != "" {
 				if !strings.Contains(m, terminationString) {
 					t.Fatalf("Expected container to fail on missing required mount. Got termination message: %v", m)
 				}
 				return
 			}
 		case <-ctx.Done():
 			t.Fatal("Timed out waiting for container to terminate")
 		}
 	}
 }
--- a/test/messaging/Dockerfile
+++ b/test/messaging/Dockerfile
@@ -1,4 +1,4 @@
-# © Copyright IBM Corporation 2018, 2019
+# © Copyright IBM Corporation 2018
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,7 +15,7 @@
 ###############################################################################
 # Application build environment (Maven)
 ###############################################################################
-FROM docker.io/maven:3-ibmjava as builder
+FROM maven:3-ibmjava as builder
 COPY pom.xml /usr/src/mymaven/
 WORKDIR /usr/src/mymaven
 # Download dependencies separately, so Docker caches them
@@ -30,7 +30,7 @@ RUN find /usr/src/mymaven
 ###############################################################################
 # Application runtime (JRE only, no build environment)
 ###############################################################################
-FROM docker.io/ibmjava:8-jre
+FROM ibmjava:8-jre
 COPY --from=builder /usr/src/mymaven/target/*.jar /opt/app/
 COPY --from=builder /usr/src/mymaven/target/lib/*.jar /opt/app/
 ENTRYPOINT ["java", "-classpath", "/opt/app/*", "org.junit.platform.console.ConsoleLauncher", "-p", "com.ibm.mqcontainer.test", "--details", "verbose"]
--- a/test/messaging/buildah.sh
+++ b/test/messaging/buildah.sh
@@ -73,7 +73,7 @@ rm -rf ${mnt_mq}/etc/yum.repos.d/*
 buildah config \
  --os linux \
-  --label architecture=amd64 \
+  --label architecture=x86_64 \
  --label name="${imagename%:*}" \
  --cmd "" \
  --entrypoint '["java", "-classpath", "/opt/app/*", "org.junit.platform.console.ConsoleLauncher", "-p", "com.ibm.mqcontainer.test", "--details", "verbose"]' \
--- a/test/messaging/pom.xml
+++ b/test/messaging/pom.xml
@@ -1,5 +1,5 @@
 <!--
-© Copyright IBM Corporation 2018
+© Copyright IBM Corporation 2018, 2019
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
--- a/test/tls/client-trust.jks
+++ b/test/tls/client-trust.jks
--- a/test/tls/generate-test-cert.sh
+++ b/test/tls/generate-test-cert.sh
@@ -23,7 +23,7 @@ PASSWORD=passw0rd
 openssl req \
       -newkey rsa:2048 -nodes -keyout ${KEY} \
       -subj "/CN=localhost" \
-       -x509 -days 3650 -out ${CERT}
+       -x509 -days 365 -out ${CERT}
 # Add the key and certificate to a PKCS #12 key store, for the server to use
 openssl pkcs12 \
--- a/test/tls/server.crt
+++ b/test/tls/server.crt
@@ -1,17 +1,17 @@
 -----BEGIN CERTIFICATE-----
-MIICpDCCAYwCCQC6vpJFnfYO6TANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAls
+MIICpDCCAYwCCQDft9xlN4fNFTANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAls
-b2NhbGhvc3QwHhcNMTkwMzIxMTYxMzUxWhcNMjkwMzE4MTYxMzUxWjAUMRIwEAYD
+b2NhbGhvc3QwHhcNMTgwMzIwMTUxODMwWhcNMTkwMzIwMTUxODMwWjAUMRIwEAYD
-VQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu
+VQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDk
-48qtIDwmihFqj2HY3dZjPfROA1MJ+D0c6aEA08ooOczthLB7XdZBQDapj8LFldyt
+XzX0xQIZzKVX8/lDQh5lSHr5U9cBL+kURA3fEgl3ks9KjZPggfxWl4Y5dekChW/s
-4ZMbTkqtF5QtPXmJY0wi39foLYlcGXPL1b7y3mypaFou88BcSM3VmfILKXhNeAlt
+iknVssoNw9vI1W25qtQ81zRFQbHbpej0lLdYsS8/yZCuAVjMTp6Q9IswTwhVA6OD
-rXevnuT5kDU7sLVgKGhGwas20T1MU7d0I3bQ5z5c7egL76Hk9fYucjN6RkbwlrJ3
+5orag5dH3XQH+GsnmGXRCY7Gs93onAe3i3ShX9qpUFOJXyxCX+pLAC6kWQ3f/HI8
-TrCXrGIziofn3Zq1t51ygv21c80JD3XJ44YmuCrede4rhOS/4NpwRuZyiwpJ6tlv
+dujVXKsg1vHgOgGqQGwnh8gm5OeWUeuTMdD2v7Hn1OxilgNMbcewA7bpvipgm2xt
-0L0QSDGCmt2JT3ty28UAsGznFzC5Qu9KyaR+9Gk4aftiyKxrYWZkgtJmMRU+C1X2
+ZD0PKFDmtQ4comr25Oo+eUf1N7jSpRPOWJNxoyS9/coQUPp1Gpbk7khYHjGn7f5a
-kFLOHsucGmJswjwubSR7AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAEdlmXVGy86P
+EZqQ4Hmwwh50uT+vKVxDAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAAHaywC7ZLOi
-XIX5a4ZmHQ5Ns4wm7rY8vzUxlymEQ86En1PN1zAO9gV94tLyNeMptjsFEEo/uJhC
+3PKlidj6PWe33dEVsDL6RRb3cOqR86Ld2aD91oLrpELRhz4v2mt/GfQMIg7rc6z7
-Yvg3l5TIr/WCiY2+2XsSHvnbXrlbF3S0fRHa9VaCMRKjzRT68uq2Y891906YGtUE
+26SuPzV/7zZAv1N/vGoIFyvBXWLYP5qCwUrmykcH/wfFM80S6FJxz5Wy5MA5UzTB
-m6fCjHqVzX8qaplDf79aVkPydYaYOIZ1a/mCfQcD9XMZ/v5zI9IUDhdoq97bgPhB
+HdpiQCPu4U0IKgATLDraz0xlQ61Rog56YhgJI8ulHuav5iYxqV2mwU09Hs0kXPJ7
-gBOzWLI+hkzyU8jxKAFw1Hwi9lD/P6RXL5arNb/+arOgA3vTW+xGWGevgjVK1Ay9
+g0PLRaSyidsXafxBKukeM9QHl8z8HN8er23oqecYo59b/Bt0c6jSrJCK39EUcoLP
-81beWiQmn0KbeLZxj+WJ9Nntlf1M4EqPYgsSYs/IlJTYS8W1B0mDJEoovPdFTryY
+HxR+Ma1SPhVKGqa3lPmaoAzsFTqaJ6fsIcbp+oEFAq0LPeqMPK7u3ygT4iTblAl8
-GyIuQEVcjUE=
+q3isCz4Ytx4=
 -----END CERTIFICATE-----
--- a/test/tls/server.key
+++ b/test/tls/server.key
@@ -1,28 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCu48qtIDwmihFq
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDkXzX0xQIZzKVX
-j2HY3dZjPfROA1MJ+D0c6aEA08ooOczthLB7XdZBQDapj8LFldyt4ZMbTkqtF5Qt
+8/lDQh5lSHr5U9cBL+kURA3fEgl3ks9KjZPggfxWl4Y5dekChW/siknVssoNw9vI
-PXmJY0wi39foLYlcGXPL1b7y3mypaFou88BcSM3VmfILKXhNeAltrXevnuT5kDU7
+1W25qtQ81zRFQbHbpej0lLdYsS8/yZCuAVjMTp6Q9IswTwhVA6OD5orag5dH3XQH
-sLVgKGhGwas20T1MU7d0I3bQ5z5c7egL76Hk9fYucjN6RkbwlrJ3TrCXrGIziofn
+GsnmGXRCY7Gs93onAe3i3ShX9qpUFOJXyxCX+pLAC6kWQ3f/HI8dujVXKsg1vHg
-3Zq1t51ygv21c80JD3XJ44YmuCrede4rhOS/4NpwRuZyiwpJ6tlv0L0QSDGCmt2J
+OgGqQGwnh8gm5OeWUeuTMdD2v7Hn1OxilgNMbcewA7bpvipgm2xtZD0PKFDmtQ4c
-T3ty28UAsGznFzC5Qu9KyaR+9Gk4aftiyKxrYWZkgtJmMRU+C1X2kFLOHsucGmJs
+omr25Oo+eUf1N7jSpRPOWJNxoyS9/coQUPp1Gpbk7khYHjGn7f5aEZqQ4Hmwwh50
-wjwubSR7AgMBAAECggEAH9t6teKjUlngJksMBdcTEGzerb9JRw2jBDtCisYJkx5E
+uT+vKVxDAgMBAAECggEBAL91kybChCBdEcHLKQ7aP+FqAq9FOtwj7qSu6XI7DPTS
-SBfdlftX5fbufiCj2B4eXsYyZ8zxKWqcIUmLdA1Udx3TVIXG+bHhOAYtjEwb+xf5
+gDdgurleQM/X+Q/zaoZSmKMWzQ/79KnVqk2VoYgnUAgx5ACsMxCS59slUxFoetRf
-JYhdR/IzHG+4eXQKaAIvpXztyl3lU9iC+eaMg4GYzRrGN2wSAG9XgZ5cLF2TLJYU
+iIxZVLj0sLuWSZsWp0We51eN0Juh9xKo9r435p4rhjDacnjkEwcQyOd4Yy9nzUpk
-jPxp7goz9X6V57aL2G/EFlbFsMaI/6cW7+XoRdo0I4N2Z766gz7GgyxtTVwR5Peq
+GDD5Vu1J9bOOKUQZ0qgjPyl/xWiwD1yfGJ0nHpQ5ucfrCO9p+n7SYsx01WcAkC8J
-LjOpqSNS0W57KJxReURfySok9CP1DfyigopsYW8O4jGVDDRLdiN3I8+JhWya2E0j
+WP9XSXgi5uIefTWb/4m2b32jzjIgzAHkNx6yktRTjBJ7QILnKq1P8JjkNA/Awj4P
-96hHpN04Oz6HnMm7bdZDVtkZCOiu6xIzLJJxZ4o+kQKBgQDYqOA/hSod7s7w4LBE
+OxAz9hHHnVRuq4ZlEqfvo9p9YAbN2IH5TnmN3rGCXwECgYEA9JitVIeXCS0qIMFA
-A6Mp+e0//PYH6/N9SKmSIgQNec9bMGI4yanoblMbg4GM1g7pkvjlC0nTdjnUbLkB
+dKCmm9CT7JXccdpVllwaaYCNTb+G2RBrJqAvQEetoYJodWTIm1mNwSEORFFw0W+N
-vIvtVh3XwTIlrZ/4lc7VB23/hmKU+lRc+NJP5fgasAQu0W3+qp2cXo0pnHVwBEku
+eaMzibJoJ+MZHRhiulDJaY0vwAKHkSJjDPJrPLgGMCUOLiWSAAnR4z35WfeY0e//
-Z7FwDPX0JNDIi/Or2I7dt8JojQKBgQDOpU1AnIXv1/cToYK4nz8BWLxRxwLTxy5A
+JbdZZemrJRyzy3o6rkRN9TQcUMUCgYEA7wTj5w5GZ8NQ7Nn8nIS2ayk+woIMHS+g
-ucafNKacPlxb5luZRCExiPZwAM8Z3zI9o99rYXOPQmsnknZWJV66Zx0Vo0yTD1CT
+RVFufJoBeopsNJfNzGak0s+nz5q0nMGMzQsxXkbmAOLMTU3woQ7cEGjkLAfoch23
-DWMUj0ugI1wORNMhwZP6YBYWjAeupyU9a7FyU1Geg4sdQt5rMyAEQOoECc8x8foP
+ACOe7M4rZbIk6kVNOlFESWdVdWViVd/B2a7oBqOIykoqX6VSqqrw+xghAUmd/2W1
-rySHuO/TJwKBgBjMM2ZxymFErQDa5rHSLMGoLmRtgodjlSnYwDfOluIn9/i67/MJ
+uxjg9v01OWcCgYApE5LYRUUKF3mhspKeg3Q3apnM+4Xf4OjKrYEKArq4OdftkCJO
-+d11iyOSCKji8y/+t2gXw6plVLcgfohZWTaf7ah9H006sx2Tn+m4APoHGo9sm21M
+hEwrIV55Zysfu+Mso6d4rZJ1yq+FnJRHvy6ii0GOoUbQag36eCK7BSjluAcISpwT
-uV2Vt7DuRnxJUiqcwo9cLxH9K1/Xzbx299MYWKpJ8G+TvR8FGUz9NE4dAoGAM5gs
+yopT0hvH7hEpksmoE/4ZiYjcoQYbC5DvxpDO2qURQHa5TzeXmIT3Dt9KeQKBgQC6
-KKSsAE1QwFMEG2qPRZvNMTHaL9w8XSbFQ7zWmI4tazihyCutifujZCWfj9sdZSyE
+UKeOXrRHAhs85ZdiMpk340jGujTTM2LNZfKoMixg5zH9tS9427IzmicHT2LmpoEo
-PQBQ5QT1UiUMbMfZ1fqm1V83YERjnsOp6Fk6zZnmgx2GBZiahNn2ydxekqni72nz
+/EaZZM65dhEnWU/vW/Py3rCuGeP5wGv8Mcgac4OknD7mVusiQGLojSIyhrsmkWs8
-HRNWfphjZIPsmqFiLg2zIBz+4X6EK+RT35s6LeMCgYEAwF/9jX8kONW5KKZdoNHa
+UnkPY76nYTSypd5Qpzt9n4tqw4XjpdcJZxVFso8glQKBgQCHlb15As73En/Q2AxL
-opkLpa9qkwTGQ9M3AZiRUjM4rtvggYt8FBEP+3BLDLHqfUOkPq82MCRXm+6Cz+sT
+5FY1Q1lLuO8y33ZZIRK4eynOKkbiuAh7X+ONZ4T9NtTm2J7mnltvTHZ7yeOI+VLS
-gyPnsPlAh/sr3Pys3olJbUDE9H24k1LU0CI/sSwAFkka0+Q7PVTTe/Dcavitrcrm
+LrTTBwnnNfdpp8UVPQlwzeizoDqSbr1sjFYvKOfdDDfxuzieT/4tfW9VTAxn4uOg
-+fyiT2oSPZeHSjQE9iIW3OY=
+qpg7aRMUYUuLAH+S5atdOqXB+g==
 -----END PRIVATE KEY-----
--- a/test/tls/server.p12
+++ b/test/tls/server.p12
--- a/vendor/software.sslmate.com/src/go-pkcs12/.gitattributes
+++ b/vendor/software.sslmate.com/src/go-pkcs12/.gitattributes
@@ -1,10 +0,0 @@
 # Treat all files in this repo as binary, with no git magic updating
 # line endings. Windows users contributing to Go will need to use a
 # modern version of git and editors capable of LF line endings.
 #
 # We'll prevent accidental CRLF line endings from entering the repo
 # via the git-review gofmt checks.
 #
 # See golang.org/issue/9281
 * -text
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Rob Parker	869ee6492d	Merge pull request #291 from parrobe/sing2 Add non-root to singularity branch	2019-03-19 16:06:26 +00:00
Robert Parker	cad3eb5dd9	fix broken devsecure test	2019-03-19 14:46:42 +00:00
Robert Parker	7b5e34e59e	update copyright dates	2019-03-19 13:45:40 +00:00
Rob Parker	3ae41d52d3	Merge branch 'singularity' into sing2	2019-03-19 13:19:54 +00:00
Robert Parker	c3f40c84a7	Extra changes to support non-root in CIP	2019-03-19 11:29:33 +00:00
Stephen Marshall	350b8318ee	Add TLS support (#243 ) * Add TLS support * Security fix for libsystemd0 systemd systemd-sysv libudev1	2019-03-18 13:21:39 +00:00
Stephen Marshall	fd262b173e	Add uniqueUserIdentifier	2019-03-18 13:18:58 +00:00
Stephen Marshall	227db5875a	Fix for iframe issue with web console (#238 )	2019-03-18 13:18:58 +00:00
Rob Parker	6f1268ffec	add integration into the docker tag (#233 )	2019-03-18 13:18:58 +00:00
Stephen Marshall	c455d696b2	Split SSO admin user list on newlines (#229 )	2019-03-18 13:18:06 +00:00
Stephen Marshall	4c1d124484	Configure Single-Sign-On for the web server	2019-03-18 13:18:06 +00:00
Stephen Marshall	9b3b1f7b9e	Move template and keystore functions to internal packages	2019-03-18 13:16:44 +00:00
Stephen Marshall	568ae6e34e	Enable web console for mqadvanced-server	2019-03-18 13:16:44 +00:00
Arthur Barr	0dd5f9c818	Replace master with singularity	2019-03-18 13:05:46 +00:00
Rob Parker	00a0ce0e0a	Merge pull request #254 from parrobe/sing update perl-base to fix security vulnerability	2018-12-05 13:55:50 +00:00
Robert Parker	e74ba3fd75	update perl-base to fix security vulnerability	2018-12-05 13:34:58 +00:00
Stephen Marshall	3064699198	Add TLS support (#243 ) * Add TLS support * Security fix for libsystemd0 systemd systemd-sysv libudev1	2018-11-07 11:47:41 +00:00
Stephen Marshall	b8227abf7f	Add uniqueUserIdentifier	2018-10-29 13:48:25 +00:00
Stephen Marshall	c88329d779	Fix for iframe issue with web console (#238 )	2018-10-25 10:17:02 +01:00
Rob Parker	e6049ecb93	add integration into the docker tag (#233 )	2018-10-18 13:43:48 +01:00
Stephen Marshall	574386fe82	Split SSO admin user list on newlines (#229 )	2018-10-12 14:13:20 +01:00
Robert Parker	5ba73c1d2a	update apparmor	2018-10-09 09:39:12 +01:00
Stephen Marshall	149915d587	Configure Single-Sign-On for the web server	2018-10-03 16:34:28 +01:00
Stephen Marshall	77eb7381e7	Move template and keystore functions to internal packages	2018-10-03 16:34:28 +01:00
Stephen Marshall	6abbbb0394	Enable web console for mqadvanced-server	2018-10-01 11:27:52 +01:00
Stephen Marshall	e7ba32d849	Merge pull request #215 from arthurbarr/singularity Fix .gitignore and README	2018-10-01 11:05:55 +01:00
Arthur Barr	0e567ccea7	Remove dynamic Prometheus files	2018-10-01 10:18:49 +01:00
Arthur Barr	80e7707deb	Replace master with singularity	2018-10-01 10:17:38 +01:00
		`@@ -0,0 +1,3 @@`
							`# RHEL-based container build`

							Build scripts for building a container image based on Red Hat Enterprise Linux (RHEL), using the [`buildah`](https://github.com/containers/buildah) tool. buildah is supported on RHEL V7.5 and greater.