MQclient.pl - Client access program for WebsphereMQ
Mandatory parameters: -s|server=ip|hostname - server running the queueumanager we connect to -qm=queuemanager - queuemanager on server -q=queuename - queue on server -ch|channel=channelname - channel the client connects to -p|port=N - port N the channel is running on -t|type=(get|put) - 'get'-download from queue, 'put'-add to queue, default:"get" Optional parameters: -file=filename - write messages to filename, not defined: STDOUT(if -type=get) -file=filename|dir - read messages from filename/dir (if -type=put) -debug=0|1|2 - default is 1 (0=none, 1=filestatus, 2=messages) -dump - dump the objects with Dumper() -wait=# - wait # millisec when queue is empty -ncount=# - process # messages before reporting stat and waiting -wl|waitnline='rN1-N2|rN|N' - wait N, randomN or random [N1,N2] millisec between block of ncount messages. -wf|waitfull='rN1-N2|rN|N1' - wait # millisecs before retrying if queue is full (default is 1sec) -backout - do not commit, do a backout to keep message on queue -sslkey=dir - directory where to find ssl keyrepository made by gsk7ikm, gsk7cmd (need more testing, works for verisign certificates) -sslcipherspec=spec - spec is the cipher used by mq
Press ctrl+c to quit, and then a summary of all transactions will be printed. Please notice the random waiting is very approximate, it is just to create some variance in streams.
To run this program you need IBM WebsphereMQ client >= v6 and Perl module MQSeries >= 1.23 installed. The MQserver can reside anywhere in your network or on localhost, just ensure the socket you'll use is not firewalled.
Client needs minimum the following packages: MQSeriesRuntime MQSeriesClient Server needs minimum: MQSeriesRuntime MQSeriesServer If you need ssl install on server: MQSeriesKeyMan gsk7bas (holds gsk7cmd which creates the certificates which is created with script mq-ca.pl)
This program is useless without a MQserver to connect to, So if you do not have one around to test with here is a recipe to setup a simple setup. WebsphereMQ has a 60 day free trial period. You can reinstall afterwards to get 60 new days.
The user which runs MQclient.pl on the client is member of mqm group on client. It _MUST_ also exists on mqserver with the same username and being member of group mqm there aswell. Otherwhise you will get MQRC 2035 - 'not authorized to connect' in non SSL mode. With SSL you only get MQRC 2059 - 'MQRC_Q_MGR_NOT_AVAILABLE'.
MQclient.pl -> put -> MQserver -> get -> MQclient.pl
I recommend creating a script which set up the mqserver, This example set up mqserver swolinux using self signed ssl 'NULL_MD5' certificate where all the certificates are generated using gsk7cmd on the same server using the my script mq-ca.pl. See the perldoc on mq-ca.pl.
root@swolinux$ ./MQmanager-swolinux-sslclient.sh (output is abbreviated for readability) 1 : DEFINE QLOCAL('secana.queue') REPLACE + : DESCR('queue used for secana transactions') + : PUT(ENABLED) + : DEFPRTY(0) + : DEFPSIST(YES) + : GET(ENABLED) + : MAXDEPTH(10000) + : * MAXMSGL(15000) + : DEFSOPT(SHARED) + : NOHARDENBO + : USAGE(NORMAL) + : NOTRIGGER; AMQ8006: WebSphere MQ queue created. : 1 : DIS Q('secana.queue') ALL; AMQ8409: Display Queue details. QUEUE(secana.queue) TYPE(QLOCAL) ACCTQ(QMGR) ALTDATE(2008-03-05) ALTTIME(09.47.27) BOQNAME( ) BOTHRESH(0) CLUSNL( ) CLUSTER( ) CLWLPRTY(0) CLWLRANK(0) CLWLUSEQ(QMGR) CRDATE(2008-03-04) CRTIME(15.49.27) CURDEPTH(0) DEFBIND(OPEN) DEFPRTY(0) DEFPSIST(YES) DEFSOPT(SHARED) DEFTYPE(PREDEFINED) DESCR(queue used for secana transactions) DISTL(NO) GET(ENABLED) NOHARDENBO INITQ( ) IPPROCS(0) MAXDEPTH(10000) MAXMSGL(4194304) MONQ(QMGR) MSGDLVSQ(PRIORITY) NOTRIGGER NPMCLASS(NORMAL) OPPROCS(0) PROCESS( ) PUT(ENABLED) QDEPTHHI(80) QDEPTHLO(20) QDPHIEV(DISABLED) QDPLOEV(DISABLED) QDPMAXEV(ENABLED) QSVCIEV(NONE) QSVCINT(999999999) RETINTVL(999999999) SCOPE(QMGR) SHARE STATQ(QMGR) TRIGDATA( ) TRIGDPTH(1) TRIGMPRI(0) TRIGTYPE(FIRST) USAGE(NORMAL) : 1 : DEFINE LISTENER('listener') + : TRPTYPE(TCP) PORT(6666) CONTROL(QMGR) + : DESCR('TCP/IP Listener for this queue-manager') + : REPLACE; AMQ8626: WebSphere MQ listener created. : : * SVRCONN channels are used for clients to connect to 1 : DEFINE CHANNEL('secana.ssl') + : CHLTYPE(SVRCONN) TRPTYPE(TCP) + : MCAUSER('') + : SSLCAUTH(REQUIRED) + : * SSLPEER('OU=Decision Analytics*') + : SSLCIPH('NULL_MD5') + : REPLACE; AMQ8014: WebSphere MQ channel created. : 1 : ALTER QMGR SSLKEYR('/var/mqm/ssl/swolinux') AMQ8005: WebSphere MQ queue manager changed. : * display channel 1 : DIS CHANNEL('secana.ssl') ALL; AMQ8414: Display Channel details. CHANNEL(secana.ssl) CHLTYPE(SVRCONN) ALTDATE(2008-03-05) ALTTIME(09.47.27) COMPHDR(NONE) COMPMSG(NONE) DESCR( ) HBINT(300) KAINT(AUTO) MAXMSGL(4194304) MCAUSER( ) MONCHL(QMGR) RCVDATA( ) RCVEXIT( ) SCYDATA( ) SCYEXIT( ) SENDDATA( ) SENDEXIT( ) SSLCAUTH(REQUIRED) SSLCIPH(NULL_MD5) SSLPEER( ) TRPTYPE(TCP) : : * start channel 1 : START CHANNEL('secana.ssl') AMQ8018: Start WebSphere MQ channel accepted. : : * start listener 1 : START LISTENER('listener') AMQ8021: Request to start WebSphere MQ Listener accepted. 1 : dis listener('listener') all AMQ8630: Display listener information details. LISTENER(listener) CONTROL(QMGR) TRPTYPE(TCP) PORT(6666) IPADDR( ) BACKLOG(0) DESCR(TCP/IP Listener for this queue-manager) ALTDATE(2008-03-05) ALTTIME(09.53.54)
We now have a channel 'secana.ssl' waiting. First we need to set up the clients we'll use and copy across the client certificate we created with mq-ca.pl with the username which will run MQclient.pl --sslkey (mqsslkeyrepository) is copied to /tmp/mqssl/
mbj@demolinux$ ./MQclient.pl -s=192.168.2.100 -qm=swolinux -q=secana.queue \ -channel=secana.ssl -p=6666 --sslkey=/tmp/mqssl/mbj -t=put -file=/raid/scp21_bench/authdata/all Connecting to 192.168.2.100:swolinux:secana.queue:secana.ssl:6666 Will try reading 1412 files from /raid/scp21_bench/authdata/all Pushed 100 transactions in 0.15 sec (662.40 trans/sec) Pushed 100 transactions in 0.15 sec (662.88 trans/sec) Pushed 100 transactions in 0.15 sec (654.99 trans/sec) Pushed 100 transactions in 0.16 sec (641.30 trans/sec) Pushed 100 transactions in 0.15 sec (652.76 trans/sec) Pushed 100 transactions in 0.15 sec (650.14 trans/sec) Pushed 100 transactions in 0.16 sec (643.36 trans/sec) <ctrl+c> Total input 770 transactions in 2.40 sec (320.53 trans/sec) Pushed 771 transactions in 2.43 sec (317.52 trans/sec)
if --file points to a directory it pushes all files in directory
You can see how many messages are waiting on the queue with the following command: root@swolinux$ echo "dis q('secana.queue') CURDEPTH;" | runmqsc swolinux : CURDEPTH(771) :
You see there are 188 messages waiting.
MQclient.pl in get mode works as a daemon reading from the queues for a defined period. Add --debug=2 if you like to see the messages.
mbj@mbjlinux$ ./MQclient.pl -s=192.168.2.100 -qm=swolinux -q=secana.queue \ -channel=secana.ssl -p=6666 --sslkey=/tmp/mqssl/mbj Connecting to 192.168.2.100:swolinux:secana.queue:secana.ssl:6666 Popped 100 transactions in 0.22 sec (463.16 trans/sec) Popped 100 transactions in 0.22 sec (464.90 trans/sec) Popped 100 transactions in 0.22 sec (458.82 trans/sec) Popped 100 transactions in 0.22 sec (460.90 trans/sec) Popped 100 transactions in 0.21 sec (465.57 trans/sec) Popped 100 transactions in 0.22 sec (458.80 trans/sec) Popped 100 transactions in 0.22 sec (461.81 trans/sec) swolinux:secana.queue - is empty swolinux:secana.queue - is empty <ctrl+c> Total output 771 transactions in 4.87 sec (158.47 trans/sec) swolinux:secana.queue - is empty
While communication is running you can browse the channelstatus on queuemanager:
echo "dis chs('secana.ssl') all" | runmqsc swolinux
AMQ8417: Display Channel Status details. CHANNEL(secana.ssl) CHLTYPE(SVRCONN) BUFSRCVD(20206) BUFSSENT(20205) BYTSRCVD(15818375) BYTSSENT(10909372) CHSTADA(2008-03-05) CHSTATI(10.19.33) COMPHDR(NONE,NONE) COMPMSG(NONE,NONE) COMPRATE(0,0) COMPTIME(0,0) CONNAME(192.168.2.28) CURRENT EXITTIME(0,0) HBINT(300) JOBNAME(0000534000000006) LOCLADDR(::ffff:192.168.2.100(6666)) LSTMSGDA(2008-03-05) LSTMSGTI(10.20.15) MCASTAT(RUNNING) MCAUSER(mbj) MONCHL(OFF) MSGS(20203) RAPPLTAG(MQclient.pl) RQMNAME( ) SSLCERTI(CN=Experian Secana CA,OU=Decision Analytics,O=Experian,L=Oslo,C=NO) SSLKEYDA( ) SSLKEYTI( ) SSLPEER(CN=mbj - client,OU=Decision Analytics,O=Experian,L=Oslo,C=NO) SSLRKEYS(0) STATUS(RUNNING) STOPREQ(NO) SUBSTATE(RECEIVE) XMITQ( )
If the channel is not used, channel status will not show.
There are several ways to create ssl certificates, you can optain from a trusted commercial ca-issuer, like verisign (tested well at customer), or you can do it yourselves with openssl, makecert, or IBM's gsk7cmd (command line) or gsk7ikm (java GUI)
Please see the script mq-ca.pl for more info. it uses gsk7cmd.
We must use the same cipher on each side, below are the different valid ciphers, I've only used NULL_MD5 which is the default, Please look up the Global Security Kit manuals for more info.
NULL_MD5 NULL_SHA RC4_MD5_EXPORT RC4_MD4_US RC4_SHA_US RC2_MD5_EXPORT DES_SHA_EXPORT RC4_56_SHA_EXPORT1024 DES_SHA_EXPORT1024 TRIPLE_DES_SHA_US TLS_RSA_WITH_128_CBC_SHA TLS_RSA_WITH_256_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA FIPS_WITH_DES_CBC_SHA FIPS_WITH_3DES_EDE_CBC_SHA
Morten Bjørnsvik - morten.bjornsvik@experian-scorex.no - 2006-2008
1 POD Error
The following errors were encountered while parsing the POD:
Non-ASCII character seen before =encoding in 'Bjørnsvik'. Assuming CP1252
To install MQSeries, copy and paste the appropriate command in to your terminal.
cpanm
cpanm MQSeries
CPAN shell
perl -MCPAN -e shell install MQSeries
For more information on module installation, please visit the detailed CPAN module installation guide.