rasmus/mq-container
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Rasmus Lauritsen
2024-10-28 23:04:48 +01:00
commit 1ee55157f1
911 changed files with 325331 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
incubating/Dockerfile-sfbridge Normal file
View File

@@ -0,0 +1,32 @@
# © Copyright IBM Corporation 2015, 2019
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FROM ubuntu:16.04
# The URL to download the MQ installer from in tar.gz format
ARG MQ_URL=https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/mqadv_dev911_ubuntu_x86-64.tar.gz
# The MQ packages to install
ARG MQ_PACKAGES="ibmmq-sfbridge"
ARG MQM_UID=999
ADD install-mq.sh /usr/local/bin/
RUN chmod u+x /usr/local/bin/install-mq.sh \
&& install-mq.sh $MQM_UID
ENV LANG=en_US.UTF-8
# TODO: Create configuration file from environment variables?
# TODO: Add entrypoint to run the bridge

51
incubating/mqadvanced-server-dev/10-dev.mqsc.tpl Normal file
View File

@@ -0,0 +1,51 @@
* © Copyright IBM Corporation 2017, 2024
*
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* Developer queues
DEFINE QLOCAL('DEV.QUEUE.1') REPLACE
DEFINE QLOCAL('DEV.QUEUE.2') REPLACE
DEFINE QLOCAL('DEV.QUEUE.3') REPLACE
DEFINE QLOCAL('DEV.DEAD.LETTER.QUEUE') REPLACE
DEFINE QMODEL('DEV.APP.MODEL.QUEUE') REPLACE
* Use a different dead letter queue, for undeliverable messages
ALTER QMGR DEADQ('DEV.DEAD.LETTER.QUEUE')
* Developer topics
DEFINE TOPIC('DEV.BASE.TOPIC') TOPICSTR('dev/') REPLACE
* Developer connection authentication
DEFINE AUTHINFO('DEV.AUTHINFO') AUTHTYPE(IDPWOS) CHCKCLNT(REQDADM) CHCKLOCL(OPTIONAL) ADOPTCTX(YES) REPLACE
ALTER QMGR CONNAUTH('DEV.AUTHINFO')
REFRESH SECURITY(*) TYPE(CONNAUTH)
* Developer channels (Application + Admin)
* Developer channels (Application + Admin)
DEFINE CHANNEL('DEV.ADMIN.SVRCONN') CHLTYPE(SVRCONN) REPLACE
DEFINE CHANNEL('DEV.APP.SVRCONN') CHLTYPE(SVRCONN) MCAUSER('app') REPLACE
* Developer channel authentication rules
SET CHLAUTH('*') TYPE(ADDRESSMAP) ADDRESS('*') USERSRC(NOACCESS) DESCR('Back-stop rule - Blocks everyone') ACTION(REPLACE)
SET CHLAUTH('DEV.APP.SVRCONN') TYPE(ADDRESSMAP) ADDRESS('*') USERSRC(CHANNEL) CHCKCLNT({{ .ChckClnt }}) DESCR('Allows connection via APP channel') ACTION(REPLACE)
SET CHLAUTH('DEV.ADMIN.SVRCONN') TYPE(BLOCKUSER) USERLIST('nobody') DESCR('Allows admins on ADMIN channel') ACTION(REPLACE)
SET CHLAUTH('DEV.ADMIN.SVRCONN') TYPE(USERMAP) CLNTUSER('admin') USERSRC(CHANNEL) DESCR('Allows admin user to connect via ADMIN channel') ACTION(REPLACE)
SET CHLAUTH('DEV.ADMIN.SVRCONN') TYPE(USERMAP) CLNTUSER('admin') USERSRC(MAP) MCAUSER ('mqm') DESCR ('Allow admin as MQ-admin') ACTION(REPLACE)
* Developer authority records
SET AUTHREC PRINCIPAL('app') OBJTYPE(QMGR) AUTHADD(CONNECT,INQ)
SET AUTHREC PROFILE('DEV.**') PRINCIPAL('app') OBJTYPE(QUEUE) AUTHADD(BROWSE,GET,INQ,PUT)
SET AUTHREC PROFILE('DEV.**') PRINCIPAL('app') OBJTYPE(TOPIC) AUTHADD(PUB,SUB)
SET AUTHREC PROFILE('DEV.APP.MODEL.QUEUE') PRINCIPAL('app') OBJTYPE(QUEUE) AUTHADD(BROWSE,DSP,GET,INQ,PUT)

18
incubating/mqadvanced-server-dev/20-dev-tls.mqsc.tpl Normal file
View File

@@ -0,0 +1,18 @@
* © Copyright IBM Corporation 2018, 2022
*
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* Set the cipherspec for dev channels
ALTER CHANNEL('DEV.APP.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(ANY_TLS12_OR_HIGHER) SSLCAUTH(OPTIONAL)
ALTER CHANNEL('DEV.ADMIN.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(ANY_TLS12_OR_HIGHER) SSLCAUTH(OPTIONAL)

78
incubating/mqadvanced-server-dev/admin.json.tpl Normal file
View File

@@ -0,0 +1,78 @@
{
"version": 0.1,
"tabs": [
{
"title": "IBM MQ Container",
"numColumns": 2,
"model": {
"title": "",
"rows": [
{
"columns": [
{
"widgets": [
{
"type": "channel",
"config": {
"selectedQM": "{{ .QueueManagerName }}",
"showSysObjs": false,
"sizex": 1,
"sizey": 1,
"subType": "all"
},
"title": "Channels on {{ .QueueManagerName }}",
"titleTemplateUrl": "adf/templates/widget-title.html",
"gridsterrow": 0,
"gridstercol": 1
},
{
"type": "topic",
"config": {
"selectedQM": "{{ .QueueManagerName }}",
"showSysObjs": false,
"sizex": 1,
"sizey": 1
},
"title": "Topics on {{ .QueueManagerName }}",
"titleTemplateUrl": "adf/templates/widget-title.html",
"gridsterrow": 1,
"gridstercol": 1
},
{
"type": "queue",
"config": {
"selectedQM": "{{ .QueueManagerName }}",
"showSysObjs": false,
"sizex": 1,
"sizey": 1,
"subType": "all"
},
"title": "Queues on {{ .QueueManagerName }}",
"titleTemplateUrl": "adf/templates/widget-title.html",
"gridsterrow": 1,
"gridstercol": 0
},
{
"type": "queuemanager",
"gridstercol": 0,
"gridsterrow": 0,
"config": {
"type": "local",
"sizex": 1,
"sizey": 1,
"customTitle": "Queue Manager"
},
"title": "Queue Manager",
"titleTemplateUrl": "adf/templates/widget-title.html"
}
]
}
]
}
],
"titleTemplateUrl": "adf/templates/dashboard-title.html"
},
"isMobile": false
}
]
}

42
incubating/mqadvanced-server-dev/web/installations/Installation1/servers/mqweb/mqwebcontainer.xml.dev Normal file
View File

@@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<server>
<featureManager>
<feature>appSecurity-2.0</feature>
<feature>basicAuthenticationMQ-1.0</feature>
</featureManager>
<enterpriseApplication id="com.ibm.mq.console">
<application-bnd>
<security-role name="MQWebAdmin">
<group name="MQWebUI" realm="defaultRealm"/>
</security-role>
</application-bnd>
</enterpriseApplication>
<enterpriseApplication id="com.ibm.mq.rest">
<application-bnd>
<security-role name="MQWebAdmin">
<group name="MQWebUI" realm="defaultRealm"/>
</security-role>
<security-role name="MQWebUser">
<group name="MQWebMessaging" realm="defaultRealm"/>
</security-role>
</application-bnd>
</enterpriseApplication>
<basicRegistry id="basic" realm="defaultRealm">
<user name="admin" password="${env.MQ_ADMIN_PASSWORD_SECURE}"/>
<user name="app" password="${env.MQ_APP_PASSWORD_SECURE}"/>
<group name="MQWebUI">
<member name="admin"/>
</group>
<group name="MQWebMessaging">
<member name="app"/>
</group>
</basicRegistry>
<variable name="httpHost" value="*"/>
<variable name="managementMode" value="externallyprovisioned"/>
<variable name="mqConsoleRemoteSupportEnabled" value="false"/>
<variable name="mqConsoleEnableUnsafeInline" value="true"/>
<jndiEntry jndiName="mqConsoleDefaultCCDTHostname" value="${env.MQ_CONSOLE_DEFAULT_CCDT_HOSTNAME}"/>
<jndiEntry jndiName="mqConsoleDefaultCCDTPort" value="${env.MQ_CONSOLE_DEFAULT_CCDT_PORT}"/>
<httpDispatcher enableWelcomePage="false" appOrContextRootMissingMessage='&lt;script&gt;document.location.href="/ibmmq/console/";&lt;/script&gt;' />
<include location="tls.xml"/>
</server>

26
incubating/mqipt/Dockerfile Normal file
View File

@@ -0,0 +1,26 @@
# © Copyright IBM Corporation 2018, 2023
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FROM registry.access.redhat.com/ubi8/ubi-minimal
ARG MQIPT_ARCHIVE=./IBM-MQIPT-LinuxX64.tar
RUN microdnf --disableplugin=subscription-manager install bash grep procps-ng sed which
ADD $MQIPT_ARCHIVE /opt
COPY startMQIPT.sh /usr/local/bin
ENV MQIPT_PATH=/opt/mqipt
RUN chown -R 1001:0 $MQIPT_PATH \
&& chown -R 1001:0 /usr/local/bin/startMQIPT.sh \
&& chmod -R 550 /usr/local/bin/startMQIPT.sh
VOLUME /var/mqipt
USER 1001
ENTRYPOINT ["startMQIPT.sh"]

41
incubating/mqipt/README.md Normal file
View File

@@ -0,0 +1,41 @@
# IBM MQ Internet Pass-Thru in a container
IBM® MQ Internet Pass-Thru (MQIPT) is an optional component of IBM MQ. MQIPT runs as a stand-alone service that can receive and forward IBM MQ message flows, either between two IBM MQ queue managers, or between an IBM MQ client and an IBM MQ queue manager.
MQIPT enables this connection when the client and server are not on the same physical network.
This repository contains all the resources that you will need to create a container image that contains MQIPT.
## How to build this image
1. Download MQIPT for Linux x86_64 from [Fix Central](https://ibm.biz/mq93ipt). The name of the download file is similar to `9.3.x.x-IBM-MQIPT-LinuxX64.tar.gz`.
2. Ensure the MQIPT downloaded tar file is available in this directory.
3. Run the following command in this directory to build the container image:
`docker build --build-arg MQIPT_ARCHIVE=<tar_file_name> -t mqipt .`
Once the build has completed you will have a new container image called `mqipt:latest` which contains MQIPT.
## How to run this image
Before you run the MQIPT container image you should understand how MQIPT operates. You can read about MQIPT in the [IBM MQ documentation](https://www.ibm.com/docs/en/ibm-mq/9.3?topic=overview-mq-internet-pass-thru).
1. Create a MQIPT home directory that can be [mounted to a container](https://docs.docker.com/storage/). The MQIPT home directory contains configuration files and log files that are produced when MQIPT runs.
2. Create your [MQIPT configuration file](https://www.ibm.com/docs/en/ibm-mq/9.3?topic=reference-mq-internet-pass-thru-configuration) in the MQIPT home directory. This file **must** be called `mqipt.conf`. A sample configuration file is supplied with MQIPT in `samples/mqiptSample.conf`.
3. Run the following command to start a container with your built MQIPT image:
`docker run -d --volume <mqiptHome>:/var/mqipt -p <hostPort>:<containerPort> mqipt`
where `mqiptHome` is the MQIPT home directory you created in step 1, and `containerPort` is a port to be exposed that MQIPT is listening on, such as a route port.
If you want the container ports to be accessible outside of the host you must expose the required ports. This maps the container port to a port on the host, so that you can connect to the port on the host and access MQIPT. You might need to provide more than one `-p` parameters to expose all the ports that are required by your MQIPT configuration. **Note:** These ports must be available on the host. If the ports are not available, the Docker container will not start.
For more information about how to expose container ports, see [Docker Run reference](https://docs.docker.com/engine/reference/run/#expose-incoming-ports).
## Further information
For more information about MQIPT, see MQIPT documentation in the [IBM MQ documentation](https://www.ibm.com/docs/en/ibm-mq/9.3?topic=overview-mq-internet-pass-thru).
## License
The Dockerfile and associated code and scripts are provided as-is and licensed under the [Apache License 2.0](http://www.apache.org/licenses/LICENSE-2.0.html).
## Copyright
© Copyright IBM Corporation 2018, 2023

28
incubating/mqipt/startMQIPT.sh Normal file
View File

@@ -0,0 +1,28 @@
#!/bin/bash
# -*- mode: sh -*-
# © Copyright IBM Corporation 2018, 2023
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
stop()
{
/opt/mqipt/bin/mqiptAdmin -stop -n ipt1
}
trap stop SIGTERM SIGINT
# Run MQIPT and then wait on the process to end.
/opt/mqipt/bin/mqipt /var/mqipt -n ipt1 &
MQIPTPROCESS=$!
wait "$MQIPTPROCESS"