Setting up a queue manager to accept client connections

Configure your queue manager to securely accept incoming connection requests from an IBM® MQ client.

About this task

You must complete this task before you can run commands from a client, or run sample programs to put or get messages, publish or subscribe to topics, or browse message queues.

This procedure requires that you enter MQSC commands. You use the runmqsc command on the IBM MQ Appliance to enter MQSC commands interactively. See runmqsc (run MQSC commands).

Procedure

  1. Type mqcli to enter IBM MQ administration mode.
  2. Obtain a messaging user ID on the appliance your queue manager is running on (see Administering messaging users). This user ID is the authority under which the client connection runs on the queue manager.
    For example: 
    usercreate -u testuser -p passw0rd
  3. Create and start a queue manager (see Message queue control commands): 
    crtmqm -p port queue_manager_name
strmqm queue_manager_name
    For example: 
    crtmqm -p 1440 test1
strmqm test1
  4. Enter the runmqsc command so that you can enter MQSC commands interactively.
    For example: 
    runmqsc test1
  5. Define a queue to be used by the sample programs.
    For example: 
    DEFINE QLOCAL(Q)
  6. Define a channel for the sample program to use: 
    DEFINE CHANNEL('channel-name') CHLTYPE(SVRCONN) TRPTYPE(TCP) +
DESCR('Channel for use by sample programs')
    For example: 
    DEFINE CHANNEL ('MDB.SVRCONN') CHLTYPE(SVRCONN) TRPTYPE(TCP)
  7. Create a channel authentication rule that allows only the IP address of your client system to use the channel by entering the MQSC command: 
    SET CHLAUTH('channel-name') TYPE(ADDRESSMAP) ADDRESS('client-machine-IP-address') +
MCAUSER('messaging-user-id')
    • channel-name is the name of your channel.
    • client-machine-IP-address is the IP address of your client system.
    • messaging-user-id is the user ID you obtained in step 2.
    For example: 
    SET CHLAUTH ('MDB.SVRCONN') TYPE(ADDRESSMAP) ADDRESS(192.0.2.0) MCAUSER('testuser')
  8. Grant access to connect to and inquire the queue manager by entering the following MQSC command: 
    SET AUTHREC OBJTYPE(QMGR) PRINCIPAL('messaging-user-id') +
AUTHADD(CONNECT, INQ)
    • messaging-user-id is the user ID you obtained in step 2.
    For example: 
    SET AUTHREC OBJTYPE(QMGR) PRINCIPAL('testuser') AUTHADD(CONNECT,INQ)
  9. For put and get sample programs, grant access to your queue to allow inquiring and the putting and getting messages by the messaging user ID. Enter the following MQSC commands: 
    SET AUTHREC PROFILE('queue-name') OBJTYPE(QUEUE) +
PRINCIPAL('messaging-user-id') AUTHADD(PUT, GET, INQ, BROWSE)
    • queue-name is the name of your queue.
    • messaging-user-id is the user ID you obtained in step 2.
    For example: 
    SET AUTHREC PROFILE('Q') OBJTYPE(QUEUE) PRINCIPAL('testuser') AUTHADD(PUT,GET,INQ,BROWSE)
  10. For publish/subscribe sample programs, grant access to your topic by the messaging user ID to allow publishing and subscribing. Enter the following MQSC commands: 
    SET AUTHREC PROFILE('SYSTEM.BASE.TOPIC') OBJTYPE(TOPIC) +
PRINCIPAL('messaging-user-id') AUTHADD(PUB, SUB)
    • messaging-user-id is the user ID you obtained in step 2.
    • (This command gives messaging-user-id access to any topic in the topic tree. Alternatively, you can define a topic object by using DEFINE TOPIC and grant accesses only to the part of the topic tree that is referenced by that topic object.)
    For example: 
    SET AUTHREC PROFILE('SYSTEM.BASE.TOPIC') OBJTYPE(TOPIC) PRINCIPAL('testuser') AUTHADD(PUB, SUB)
  11. Set up the following environment variables on your client system:
    • Set the MQSAMP_USER_ID environment variable to identify the user that is running the sample programs, as defined in step 2. On Windows, enter: 
      SET MQSAMP_USER_ID=userID
      On Linux®, enter: 
      export MQSAMP_USER_ID='userID'
      For example: 
      SET MQSAMP_USER_ID=testuser
    • Set the MQSERVER environment variable to identify the channel and port that is used for running the sample programs, as defined in step 6. The ConnectionName parameter identifies the IP and port of the appliance. On Windows, enter: 
      SET MQSERVER=ChannelName/TransportType/ConnectionName
      On Linux, enter: 
      export MQSERVER='ChannelName/TransportType/ConnectionName'
      For example: 
      SET MQSERVER=MDB.SVRCONN/TCP/192.0.2.24(1440)

What to do next

Your client application can now run the sample programs to put and get messages to a queue, publish and subscribe to a topic, or browse a message queue.