AS4 MQSSL Workaround

  1. Enable ExtraPVC and verify mounting.
    ex: extraPVCs: 
   - name: "janauserexitpvc" 
     storageClassName: "standard" 
     selector: 
       label: "intent" 
       value: "janauserexitpvc" 
     accessMode: ReadWriteMany 
     size: 500Mi 
     mountPath: /opt/ibm/resources/userexit 
      subPath: userexit
    Note: Ensure that mountPath and subPath remain unchanged.
  2. Copy files to the mounted directory.
    Execute the following commands from the running as4-container:
    cp /opt/ibm/as4service/Members/bin/as4serviceDockerStart.sh  /opt/ibm/resources/userexit 
cp /opt/ibm/as4service/Members/bin/execute /opt/ibm/resources/userexit
  3. Prepare the UserExit (ExtraPVC) directory.
    • Copy required files.
      • MQ client jars and JSON jar:
        (com.ibm.mq.osgi.allclient-9.3.0.20.jar, com.ibm.mq.osgi.allclientprereqs-9.3.0.20.jar, 
com.ibm.mq.osgi.allclient-9.3.0.20.jar and com.ibm.mq.osgi.allclientprereqs-9.3.0.20.jar)
      • keystore/truststore jks files.

        Copy with the name mqkeystore.jks mqtruststore.jks.

    • Run the below command:
      chmod 777 as4serviceDockerStart.sh  
	chmod 777 execute
  4. Edit the execute file.
    • Replace the following line: 
      "${JAVA_CMD}" -Xquickstart -Xshareclasses:nonfatal,silent -Xmx1024m -XX:MaxPermSize=256m \
    • With
      "${JAVA_CMD}" -Xquickstart -Xshareclasses:nonfatal,silent -Xmx1024m -XX:MaxPermSize=256m \ 
-Dcom.ibm.mq.cfg.useIBMCipherMappings=false \
  5. Edit as4serviceDockerStart.sh.
    • Update the generateMFLoaderProperties function:
      From:
      generateMFLoaderProperties() { 
 sed –i "s/MQSERVER_CONNECTION_NAME_LIST/$MQSERVER_CONNECTION_NAME_LIST/g" ${1}  
 sed -i "s/MQSERVER_CHNL/$MQSERVER_CHNL/g" ${1}  
 sed -i "s/MQSERVER_QMGR/$MQSERVER_QMGR/g" ${1}  
 sed -i "s/MQSERVER_USER/$MQSERVER_USER/g" ${1}  
 sed -i "s/MQSERVER_PWD/$MQSERVER_PWD/g" ${1} 
}
      To:
      generateMFLoaderProperties() {  
 sed -i "s/MQSERVER_CONNECTION_NAME_LIST/$MQSERVER_CONNECTION_NAME_LIST/g" ${1}  
 sed -i "s/MQSERVER_CHNL/$MQSERVER_CHNL/g" ${1}  
 sed -i "s/MQSERVER_QMGR/$MQSERVER_QMGR/g" ${1}  
 sed -i "s/MQSERVER_USER/$MQSERVER_USER/g" ${1}  
 sed -i "s/MQSERVER_PWD/$MQSERVER_PWD/g" ${1} 
 
export CLASSPATH=$CLASSPATH:/opt/ibm/as4service/Members/bin/cmd_lib/mq/com.ibm.mq.allclient.jar 
 
for libDir in  
       "${B2BAC_INSTALL_DIR}/Members/WXSContainer/usr/extension/lib/"  
       "${B2BAC_INSTALL_DIR}/Members/WXSCatalog/usr/extension/lib/"  
       "${B2BAC_INSTALL_DIR}/Members/Informational/usr/extension/lib/"     
       "${B2BAC_INSTALL_DIR}/Members/Operational/usr/extension/lib/"  
      do 
 
# remove old lib 
                  rm $libDir/com.ibm.mq.osgi.allclient-9.2.0.28.jar 
                  rm $libDir/com.ibm.mq.osgi.allclientprereqs-9.2.0.28.jar 
# copy new jars 
                  cp /opt/ibm/resources/userexit/com.ibm.mq.osgi.allclient-9.3.0.20.jar $libDir/com.ibm.mq.osgi.allclient-9.3.0.20.jar 
                  cp /opt/ibm/resources/userexit/com.ibm.mq.osgi.allclientprereqs-9.3.0.20.jar $libDir/com.ibm.mq.osgi.allclientprereqs-9.3.0.20.jar 
 
# update MF file: 
                   sed -i "s/com.ibm.mq.osgi.allclient-9.2.0.28.jar/com.ibm.mq.osgi.allclient-9.3.0.20.jar/" ${libDir}/features/webspheremq-1.0.mf 
                   sed -i "s/com.ibm.mq.osgi.allclientprereqs-9.2.0.28.jar/com.ibm.mq.osgi.allclientprereqs-9.3.0.20.jar/" ${libDir}/features/webspheremq-1.0.mf	 
          done 
 
    cp /opt/ibm/resources/userexit/execute ${B2BAC_INSTALL_DIR}/Members/bin/execute  
    rm -rf ${B2BAC_INSTALL_DIR}/Members/bin/cmd_lib/mq/com.ibm.mq.allclient-9.2.0.28.jar 
 
   cp /opt/ibm/resources/userexit/com.ibm.mq.allclient.jar ${B2BAC_INSTALL_DIR}/Members/bin/cmd_lib/mq/com.ibm.mq.allclient.jar  
   cp /opt/ibm/resources/userexit/org.json.jar ${B2BAC_INSTALL_DIR}/Members/bin/cmd_lib/mq/org.json.jar 
 
# new properties will go here for ssl  
      echo "messagefabric.meg.jms.webspheremq.ssl.trustStoreFilename=/opt/ibm/resources/userexit/mqtruststore.jks" >> ${1}  
      echo "messagefabric.meg.jms.webspheremq.ssl.trustStorePassword=password" >> ${1}  
      echo "messagefabric.meg.jms.webspheremq.ssl.keyStoreFilename=/opt/ibm/resources/userexit/mqkeystore.jks" >> ${1}   
      echo "messagefabric.meg.jms.webspheremq.ssl.keyStorePassword=password" >> ${1}  
      echo "messagefabric.jms.webspheremq.XMSC_WMQ_SSL_CIPHER_SUITE=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" >> ${1}  
      echo "messagefabric.meg.jms.webspheremq.ssl.protocol=TLSv1.2" >> ${1}  
 
}
      Note: Replace placeholder passwords with actual values
    • In the as4serviceDockerStart.sh script, the following lines need to be commented out:
      From:
      checkDB 
if [ $AC_DEPLOY != "db_create" ]; then  
checkMQ  
fi
      To:
      #checkDB 
#if [ $AC_DEPLOY != "db_create" ]; then  
#  checkMQ  
#fi
    • The following four statefulset.yaml files in the Helm charts need to be updated:
      charts/ibm-as4service-prod/templates/as4catalog-statefulset.yaml  
charts/ibm-as4service-prod/templates/as4container-statefulset.yaml  
charts/ibm-as4service-prod/templates/as4operational-statefulset.yaml  
charts/ibm-as4service-prod/templates/as4informational-statefulset.yaml
      Uncomment and modify the following line:
       
# command: ["/opt/ibm/resources/as4serviceDockerStart.sh"]
      To:
      command: ["/opt/ibm/resources/userexit/as4serviceDockerStart.sh"]
  6. Add the following JVM parameter to all pods in the Helm configuration:
    -Dcom.ibm.mq.cfg.useIBMCipherMappings=false
    Example:
    as4catalog.env.jvmOptions: "-Dcom.ibm.mq.cfg.useIBMCipherMappings=false" 
as4container.env.jvmOptions: "-Dcom.ibm.mq.cfg.useIBMCipherMappings=false" 
as4operational.env.jvmOptions: "-Dcom.ibm.mq.cfg.useIBMCipherMappings=false" 
as4informational.env.jvmOptions: "-Dcom.ibm.mq.cfg.useIBMCipherMappings=false"
  7. After making the above changes, perform a Helm upgrade for B2BI/AS4.