It never fails to amaze me how often the same question gets asked by different people from different projects at around the same time. This time, I was asked by two people about resolving subscription authorisation failures. I could find lots of information about IBM MQ publish/subscribe, and general descriptions of what security checks are made. But there was not so much on how to use information from the queue manager that can help to deal with the inevitable failures.
Continue reading “Resolving subscription authorisation failures”Decoding MQI constants
On Twitter, Michael asked: “any logic or hints on how to interpret the PCF parameter names returned as multiples from the com.ibm.mq.headers.pcf?” Which is a very good question but a proper answer is far too long to type there. There are several different ways that you can approach the problem, depending on what you are trying to do. So this post talks about decoding MQI constants.
Continue reading “Decoding MQI constants”Event formatter changes with MQ 9.2.4
IBM has just announced MQ 9.2.4. No matter how hard you search the announcement letters you will still not be able to find anything about the event formatter changes that I was able to slip into the release. That’s because changes to samples don’t normally deserve highlighting in formal marketing documents. But I hope this change still turns out to be useful.
Continue reading “Event formatter changes with MQ 9.2.4”Warning: is it an error
Something I dealt with recently in independent exchanges with several different people was about programming with IBM MQ, and dealing with MQI errors that might not be errors. This post is a short discussion about the not-quite-failed status of a warning. Is it an error? What is the difference between MQI errors and warnings?
Continue reading “Warning: is it an error”Memories are made of NIS
I was reading this article about the potential removal of the NIS (Network Information System) component from Fedora systems. It reminded me of an old experience managing our department’s systems.
Continue reading “Memories are made of NIS”Skeleton of a site attack
Last week I went to edit a draft post, and found that I couldn’t access the blogging system. The web server returned errors – usually 504 (Gateway Timeout) but there were sometimes 4xx errors. This all runs on a local NAS device just a few metres away from where I was typing. The rest of my network seemed fine. So it seemed unlikely to be a network or service provider problem. I started to investigate. As there is no high-value or personal information stored here, I didn’t initially suspect an attacker. But that’s what it turned out to be. I decided to write up my experience, written to show the skeleton of how a site attack might appear, along with some thoughts on what helped diagnose and repel it.
Continue reading “Skeleton of a site attack”Controlling queue creation
A recent thread on mqseries.net asked about controlling queue creation in MQ. In particular, how to set authorities so that one user can create queues like “ABC…” but not “DEF…”. There are answers given in that thread both on the ability to do it, and the reason why it’s not usually something that’s needed.
In summary, it’s not possible to control it with setmqaut commands. And since queue creation is usually done by administrators, there’s not really any need to restrict it further.
But the thread did remind me of some code I’d written a few years ago while considering the same question as part of a larger piece of work. And so I thought I’d dredge up that PoC and make it a bit more readable. It shows how you can, in fact, implement that level of control on platforms where you can install extensions to the MQ Authorisation interface.
Continue reading “Controlling queue creation”Variation on a theme: an MQI mistake
Theme
One of the common mistakes that people make when they first start programming with the MQI can be seen in this pseudo-code example:
MQMD md = {MQMD_DEFAULT}
MQGMO gmo = {MQGMO_DEFAULT}
int bufsize = 128
PMQCHAR buf = malloc(bufsize)
do {
MQGET(&md,&gmo,buf,bufsize))
} while (rc != MQRC_NO_MSG_AVAILABLE)
They complain that despite pre-loading the queue, only a single message is returned. Anyone reading this is likely to recognise immediately the problem: the MsgId of the first message is returned in the md variable. The next iteration of the loop tries to match that MsgID and doesn’t find any more messages.
There are aspects of the MQI that try to minimise your chances of getting this wrong, like the MatchOptions flag in the MQGMO structure. But that in turn requires you know a) to set it and b) override the default version of the structure.
Having worked with MQ for so many years, I am hopefully not going to make that kind of mistake. But I still got caught out recently by a very similar problem.
Continue reading “Variation on a theme: an MQI mistake”New features with the MQ Go metric collectors
The mq-metric-samples collectors that send IBM MQ metrics and status data to a range of databases, ready to be viewed in Grafana, have just been enhanced to collect additional information. The Prometheus collector has also been extended so that it can continue providing limited status even when the queue manager is down.
The new metrics have all been suggested by users of the package either directly or via issues raised in the GitHub repository. Many previous articles on here show more about the collectors.
The InfluxDB collector is also refreshed for a new version of the database.
Continue reading “New features with the MQ Go metric collectors”Same location, different times
I was talking to someone tonight who said that it looked like there would be a new layer of bureaucracy applied to how their z/OS system was managed. It made me think of way back, when I first worked for IBM … Hursley’s “production” systems had a level of process and change control. Though as those boxes were all used for development activity it was still less hidebound than you might get (or hope for) in a banking datacentre. But our department had its own mainframe, under more local control. The sysprogs lived on the same corridor, and would do pretty much whatever you needed. Especially after a lunch meeting at the Dolphin.
And then I realised that our MVS system – probably an IBM 4381 if I remember right – was likely sited at pretty much where my desk is now. A desk which I’ve only seen a couple of times over the last year, but where I had to go yesterday after an area-wide power outage that had taken out an old desktop Linux box that would blow away that 4381 with its processing capability. Some of what’s now desks used to be a mini-machine room.
