Setting up a remote queue manager to use with the messaging REST API

You can use the messaging REST API to connect to remote queue managers for messaging. Before you can connect to a remote queue manager, you must set up the remote queue manager configuration. Then, you can connect to the remote queue manager by using the unique name that is defined in the configuration information.

Before you begin

Ensure that you configured the mqweb server for use by the administrative REST API, the administrative REST API for MFT, the messaging REST API, or IBM® MQ Console.For more information about configuring the mqweb server with a basic registry, see Basic configuration for the mqweb server.
If the mqweb server is already configured, ensure that you added the appropriate users to enable messaging in step 5 of Basic configuration for the mqweb server. Users of the messaging REST API must be a member of the MQWebUser role. The MQWebAdmin and MQWebAdminRO roles are not applicable for the messaging REST API.
- If mqRestMessagingAdoptWebUserContext is set to true in the mqweb server configuration, the users in the MQWebUser role must be authorized to access queues and topics that are used for messaging through OAM or RACF®.
- If mqRestMessagingAdoptWebUserContext is set to false in the mqweb server configuration, the user ID that is used to start the mqweb server must be authorized to access queues and topics that are used for messaging through OAM or RACF.
Ensure that the messaging REST API is configured to connect to remote queue managers. For more information, see Configuring the connection mode for the messaging REST API.

About this task

You can connect to remote queue managers by using the messaging REST API. A remote queue manager can be a queue manager on another system, a queue manager in another installation, or a queue manager in the same installation as the mqweb server.

To connect to a remote queue manager, you must complete the following configuration steps:

Configure a server-connection channel and a listener.
Give authority to an appropriate user to access the queue manager.
Create a CCDT file that contains the connection information for the queue manager.
Add the connection information to the messaging REST API by using the setmqweb remote command.

Then, you can use the remote queue manager by providing the unique name in the resource URL in place of the queue manager name.

You can also configure your remote queue managers as part of a queue manager group. For more information, see Setting up a queue manager group to use with the messaging REST API.

Procedure

On the remote queue manager, create a server-connection channel to allow remote connections to the queue manager. You can create server-connection channels by using the DEFINE CHANNEL MQSC command on the command line.
For example, to create a server-connection channel QM1.SVRCONN for queue manager QM1, enter the following command:
```
DEFINE CHANNEL(QM1.SVRCONN) CHLTYPE(SVRCONN) TRPTYPE(TCP)
```
For more information about DEFINE CHANNEL and the options available, see DEFINE CHANNEL.
Ensure that an appropriate user is authorized to access the queue manager. This user must also be authorized to access any queues or topics that you use for messaging. The user needs connect, inquire, alternate user, and set context authority on the queue manager. On UNIX, Linux®, and Windows use the setmqaut control command on the command line. On z/OS®, define RACF profiles to give the authorized user access to the queue manager.
For example, on UNIX, Linux, and Windows, to authorize a user, exampleUser, to access the queue manager QM1, enter the following command:
```
setmqaut -m QM1 -t qmgr -p exampleUser +connect +inq +altusr +setall
```
For more information about which user needs to be authorized, see Determining the security principal used by the messaging REST API.
If no listener exists on the remote queue manager, create a listener to accept incoming network connections by using the DEFINE LISTENER MQSC command on the command line.
For example, to create a listener REMOTE.LISTENER on port 1414 for remote queue manager QM1, enter the following command:
```
runmqsc QM1
DEFINE LISTENER(REMOTE.LISTENER) TRPTYPE(TCP) PORT(1414)
end
```
Ensure that the listener is running by using the START LISTENER MQSC command on the command line:
For example, on AIX®, Linux, and Windows to start the listener REMOTE.LISTENER for queue manager QM1, enter the following command:
```
runmqsc QM1
START LISTENER(REMOTE.LISTENER)
end
```
For example, on z/OS, to start the listener, enter the following command:
```
runmqsc QM1
START LISTENER TRPTYPE(TCP) PORT(1414)
end
```
The channel initiator address space must be started before you can start a listener on z/OS.
On the system where the mqweb server that hosts the messaging REST API is running, create or update a JSON CCDT file that contains the queue manager connection information.

The CCDT file must include the name, clientConnection, and type information. You can optionally include additional information such as transmissionSecurity information. For more information about all the CCDT channel attribute definitions, see Complete list of CCDT channel attribute definitions.
The following example shows a basic JSON CCDT file for a remote queue manager connection. It sets the name of the channel to the same name as the example server-connection channel created in step 1. The connection port is set to the same value as the port that is used by the listener. The connection host is set to the hostname of the system on which the remote queue manager, QM1, is running.
```
{
  "channel": [{
      "name": "QM1.SVRCONN",
      "clientConnection": {
        "connection": [{
            "host": "example.com",
            "port": 1414
          }],
        "queueManager": "QM1"
      },
      "type": "clientConnection"
    }]
}
```
From the installation that is running the mqweb server that hosts the messaging REST API, use the setmqweb remote command to add the remote queue manager information to the mqweb server configuration.
As a minimum, you must specify the following parameters:
- -qmgrName, where you specify the name of the queue manager.
- -ccdtURL, where you specify the CCDT URL for the queue manager.
- -uniqueName, where you specify a unique name for the queue manager. The unique name is used to differentiate remote queue managers that might have the same name, and therefore must not exist to identify another queue manager.
You can specify several other options, such as the username and password to use for the remote queue manager connection, or details of the truststore and keystore. For a full list of parameters that can be specified with the setmqweb remote command, see setmqweb remote.
For example, to add the remote queue manager QM1, with the example CCDT file, enter the following command:
```
setmqweb remote add -uniqueName "RemoteQM1" -qmgrName "QM1" -ccdtURL "c:\myccdts\ccdt.json"
```

Results

The remote queue manager can be used with the messaging REST API by using the unique name in the resource URL in place of the queue manager name.

Example

The following example sets up the remote queue manager connection for a queue manager QM1. The IBM MQ Console authorized to administer the queue manager based on the authorization that is given to the user exampleUser. The credentials of this user are provided to the IBM MQ Console when the setmqweb remote is used to configure the queue manager connection.

On the system where the remote queue manager QM1 is, a server-connection channel and a listener are created. The listener is started, and authorization is given for user exampleUser to connect to the queue manager and access a queue that is used for messaging:

runmqsc QM1
#Define the server connection channel that will accept connections from the Console
DEFINE CHANNEL(QM1.SVRCONN) CHLTYPE(SVRCONN) TRPTYPE(TCP)
# Define the listener to use for the connection from the Console
DEFINE LISTENER(REMOTE.LISTENER) TRPTYPE(TCP) PORT(1414)
# Start the listener
START LISTENER(REMOTE.LISTENER)
end

#Set mq authorization for exampleUser to access the queue manager and a queue for messaging
setmqaut -m QM1 -t qmgr -p exampleUser +connect +inq +setall +dsp
setmqaut -m QM1 -t queue -p exampleUser -n EXAMPLEQ +put +get +browse +inq

On the system where the mqweb server is running, a QM1_ccdt.json file is created with the following connection information:

{
  "channel": [{
      "name": "QM1.SVRCONN",
      "clientConnection": {
        "connection": [{
            "host": "example.com",
            "port": 1414
          }],
        "queueManager": "QM1"
      },
      "type": "clientConnection"
    }]
}

On the system where the mqweb server is running, the connection information for queue manager QM1 is added to the mqweb server. The credentials for exampleUser are included in the connection information:
```
setmqweb remote add -uniqueName "MACHINEAQM1" -qmgrName "QM1" -ccdtURL "c:\myccdts\QM1_ccdt.json" -username "exampleUser" -password "password"
```

The messaging REST API can connect to the remote queue manager QM1 by using the unique name for the queue manager connection in place of the queue manager name in the resource URL:


curl -k https://localhost:9443/ibmmq/rest/v2/messaging/qmgr/MACHINEAQM1/queue/EXAMPLEQ/message -X POST -u myuser:mypassword -H "ibm-mq-rest-csrf-token: value" -H "Content-Type: text/plain;charset=utf-8" --data "Hello World!"