You can use the back up and restore mechanism to convert an existing queue manager to
having an encrypted file system.
About this task
You can back up an existing non-encrypted queue manager, then restore it as an encrypted queue
manager.
Procedure
-
Enter the IBM® MQ administration mode by entering
the following command:
-
If this is the first time you have backed up a queue manager, you must first allocate space on
the appliance to write the back up to.
createbackupfs -s size -e [-p passphrase]
Where
size is the size of the space that is allocated in GB. A directory that is named
mqbackup:///QMgrs is created and allocated that storage. If you are going to
back up queue managers that have encrypted file systems, you should specify that the allocated space
is encrypted too. You can specify a passphrase as part of the command, or be prompted for it when
you run the command. The passphrase can be between 1 and 512 characters. You should store a copy of
the passphrase somewhere safe.
-
Type the following command to stop the queue manager:
endmqm QM_name
Where
QM_name is the
name of the queue manager that you want to stop. You must stop the queue manager before taking the
back up.
-
Type the following command to back up a queue manager:
mqbackup -m QM_name
Where
QM_name
is the name of the queue manager that you want to back up. The backup can take some time to run,
during which period you cannot use the CLI.
By default the archive file is named
QM_name.bak, but
you can add the
-o outfilename
argument to the
mqbackup command to specify a file name, if
required:
mqbackup -m QM_name -o outfilename
-
Delete the existing queue manager:
dltmqm QM_name
Where
QM_name is the
name of the queue manager that you want to delete. You must delete the original queue manager before
you restore, otherwise the restore will fail.
-
You now restore the back up, specifying that the queue manager file system is encrypted:
mqrestore -f filename -e [-p passphrase]
You
can specify the passphrase as part of the command, or be prompted for it when you run the command.
The passphrase can be between 1 and 512 characters. You should store a copy of the passphrase
somewhere safe.