Updated 23rd November 2015 to reflect current details.
We’re pleased to announce the availability of a technical preview of an MQ Advanced for Developers image for Docker. The source code for this image is available on GitHub. This allows you to run an MQ queue manager inside a Docker container, which those familiar with Docker will know, can be useful for several reasons:
- MQ is running inside a container managed by the Linux kernel so helps you to isolate MQ from the rest of your system:
- Process isolation – all the processes associated with MQ are run in their own process space, and can’t see any other processes running on your server
- Resource isolation – you can limit the amount of memory and CPU you allocate to a container
- Dependency isolation - all software which MQ depends on is included in the MQ image, except the Linux kernel itself. You don’t have to worry about having other incompatible software installed, as the MQ processes will see their own private filesystem. This also means that even though the MQ image uses an Ubuntu Linux filesystem, you can run it on a server with a different Linux distribution (as long as it has a kernel capable of running Docker).
- The efficient use of images and containers can be very helpful with continuous delivery (see Understanding Docker for more information).
Check out this short demo video.
Building an image and running a queue manager
After extracting the code from the GitHub repository, you can build the image using the following command:
sudo docker build --tag mq-for-developers ./8.0.0/
This build step downloads a minimal Ubuntu Linux image, then downloads and installs MQ for Developers. Next, you're going to have to apply your own configuration to allow secure access. The recommended way to do this is to create your own Docker image, using this image as a parent. The first thing to do is to create a new directory, and add a file called
config.mqsc, with the following contents:
DEFINE CHANNEL(PASSWORD.SVRCONN) CHLTYPE(SVRCONN) SET CHLAUTH(PASSWORD.SVRCONN) TYPE(BLOCKUSER) USERLIST('nobody') DESCR('Allow privileged users on this channel') SET CHLAUTH('*') TYPE(ADDRESSMAP) ADDRESS('*') USERSRC(NOACCESS) DESCR('BackStop rule') SET CHLAUTH(PASSWORD.SVRCONN) TYPE(ADDRESSMAP) ADDRESS('*') USERSRC(CHANNEL) CHCKCLNT(REQUIRED) ALTER AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS) ADOPTCTX(YES) REFRESH SECURITY TYPE(CONNAUTH)
These MQSC commands were taken from Morag Hughson's recent blog post. You can of course, apply any security configuration, but this simple user/password authentication is a good place to start. The next thing to do is to create a file called
Dockerfile, with the following contents:
FROM mq-for-developers RUN useradd alice -G mqm && \ echo alice:passw0rd | chpasswd COPY config.mqsc /etc/mqm/
You can then build your custom Docker image using the following command (where "." is the directory containing the two files we've just created).
sudo docker build -t mymq .
Docker then creates a temporary container using that image, and runs the remaining commands. The RUN command adds a user named "alice" with password "passw0rd", and the COPY command adds the config.mqsc into a specific location known by the parent image.
You can now run your new customized image as follows:
sudo docker run \ --env LICENSE=accept \ --env MQ_QMGR_NAME=QM1 \ --volume /var/example:/var/mqm \ --publish 1414:1414 \ --detach \ mymq
This command creates a new container, with the disk image we just created. Your new image layer didn't specify any particular command to run, so that has been inherited from the parent image. The parent's entrypoint (code available on GitHub) creates a queue manager, starts it, creates a default listener, and then runs any MQSC commands from
/etc/mqm/config.mqsc. So what are those parameters doing?
- The first
--envparameter passes an environment variable into the container, which acknowledges your acceptance of the IBM license for MQ Advanced for Developers. You can also set the
viewto view the license.
- The second
--envparameter sets the queue manager name to use.
--volumeparameter tells the container that whatever MQ writes to
/var/mqmshould actually be written to
/var/exampleon the host. This is so that we can easily delete the container later, and still keep any persistent data. It also makes it easier to view logs.
--publishparameters map ports on the host system to ports in the container. The container runs by default with its own internal IP address, which means that you need to specifically map any ports that you want to expose. In this case, that means mapping port 1414 on the host to port 1414 in the container.
--detachparameter runs the container in the background.
You can view running containers using
docker ps command. You can view the MQ processes running in your container using the
docker top command.