Why not just use SAVEQMGR to save them all, send them to a "SAFE" place and
restore them again after the upgrade?
-Original Message-
From: Prithwiraj Basu [mailto:[EMAIL PROTECTED]
Sent: 15 October 2003 04:04 PM
To: [EMAIL PROTECTED]
Subject: Question about OS Upgrade and MQSeries
Hi All,
Hi Sid,
A few of things to try.
1. dis clusqmgr(*) all on both systems
Make sure the statuses all look Ok.
2. dis QC(*) on both systems. The queues should be visible on both systems
because they are both full repositories
3. In your client program, make sure that the QMGRNAME field is empty in
Howdy all,
I am trying to get two linux MQ server working as a cluster but I am having
odd rersults
The 2 machines are called MQMDEV and QMLMQM2 and both are full repositories,
the cluster is called "MQLINK".
I have two channels defined between the two machines:
on MQMDEV
define channel(LINK_TO
There's SRDF involved here too. What was the problem?
I think I will take your advice and write a tiny C program like you
recommend. We could probably find one of our non-MQ applications that
encountered the problem. But all of our applications will have something
besides basic file access involve
I am trying to get MQ to run my API exit, written in C++ (it's a hacked version of the
sample amqsaxe0.c). It works fine under Windows.
I am using the following to build the .so file:
CC -mt mqAPIExit.cpp -G -o mqAPIExit.so -lmqmzf -lmqm -lmqmcs -lmqmzse
and no errors are generated, and the out
Title: Penetrating an outbound firewall
Sorry,
I thought that was part of my quote at first glance. Yes, if the
channels are not protected anyone can connect to any inbound channel. The
total solution is to use an exit or SSL to restrict the inbound connections to
the appropriate channel, AND
I had a similar problem. It was even harder to detect because the bottleneck that time
was SRDF link and iowait does not show you anything meaningful when all these low
level buffers are full. To investigate, it took writing a very simple C application.
In pseudocode:
1. In a tight loop foreve
Well, with the exception of what Peter said about persistent messages and
your logs (possibly) being on a SAN, an MQPUT returns rather quickly. If it
is possible to narrow down a time frame when this happens, you might be
able to do a trace of the MQ layer and determine what is going on. I get
the
That would be a solution. It seems unnecessary for me to have to do any
further legwork on this, just to get them to take ownership of something
that's so obviously their problem.
Maybe I just need to vent. Arrrgh!!! There. That's better.
"Thomas, Don"
These puts are persistent messages? If so, MQ has to write to the log. If
the log is on the SAN, MQ needs it available. If it is temporarily out, MQ
waits.
I dealt with the same thing with my HUB a few weeks ago. Remember the thread
about fast and normal channels and persistent and non persistent
Doctor, doctor, it hurts when I do this.
Well, don't do that anymore.
But seriously, try to find other applications that are experiencing these
pause also, then they would look rather foolish asking everyone to defend
their apps. It's pretty apparent that whatever they are doing is hogging all
of
Actually, they agreed to do that. The pauses stopped. But they can't see
where it can be their fault, though, so now I'm required to defend MQSeries
in general, and MQPUT in particular.
Rick Tsujimoto
<[EMAIL PROTECTED]To: [EMAIL PROTECT
Jim,
If they're willing, have them turn off replication. Show them the audit
numbers from your apps. Turn on replication and show them the audit
numbers again.
Jim Ford
<[EMAIL PROTECTED] To: [EMAIL PROTECTED]
OM>
Jim,
When you sit down the SAN people ask them to run a little test with
you. Suggest to them a schedule of when they will run these replications
over the next week or two. During that time be sure to collect and maintain
the application audit logs. After the test period you should be able
Hi Arun,
Thanks for
the info, are you saying that i *have* to loop through till i get all the
segments ?? I was under an impression that issuing one MQGET should
reassemble all the segments and give me one single final message..
- Usha
At 10:05 AM 10/15/2003 -0700, you wrote:
HI Usha
I like to make my own templets that incorporate any "non default" object
attributes. For instance, I have a template called TEMPLATE.XMIT.QUEUE that
is all set up to be a triggered transmit queue. When I want a transmit
queue (and all of mine are triggered) in the script I say DEFINE QLOCAL(Q
NAME)
We have periodic "pauses" on some of our Solaris servers. CPU usage drops
down to nothing for a couple of minutes, then things begin to function
normally again. Many of our MQ apps on Solaris were written in the last two
years, and maintain exhaustive audit trails, Those audit trails showed that
th
Peter has described the problem well. That said, here is my two cents
In part what we are concerned with is the difference between authorization
and authentication. Making use of the MCAUSER attribute of a channel is
important to security, but is does NOTHING to validate that the connecting
applic
As this discussion has become a nice try to at least name all aspects of MQ security,
I would like to mention another two:
1. Dead letter queue handler rules that may allow messages to go to the queue where
they do not belong.
2. The problem of administering several queue managers belonging to t
Title: Message
HI Usha
I have used segmentation
but only in Server to Server to scenario.
MQPUTPMO MQPMO_LOGICAL_ORDERMD MQMF_SEGMENT
(all 3 segments)MQMF_LAST_SEGMENT (last segment )
MQGET1. Instead
of GMO MQGMO_COMPLETE_MSG I have used
following options
GMO MQGMO_LOGICAL_ORDER + M
Title: Message
That
is what I suspected, but didn't know if I was missing
anything.
Thanks
for all your post related to security. They are helpful. I am putting together a
doc on MQ Security for our company, and your ideas are good for some of our more
vulnerable servers (DMZ ones).
---
Luc-Michel,
SSL and MCAUSER address two completely different aspects of security.
Whereas SSL will authenticate the remote node, it does not prevent that node
from addressing messages to the command queue or anywhere else they should
not go. MCAUSER addresses this vulnerability and should be cons
Title: Message
Peter,
Working at a bank, my answer to that is that I'm going to strip away
all non-essential parts of MQ where external connectivity is
concerned. I can, through automation, just as easily recreate
the command queue on demand as I can start the command server. It's an
extra
Title: Penetrating an outbound firewall
Thanks
T.Rob.
What
about the channel question I had below. Am I missing something
there?
-Original Message-From: Wyatt, T. Rob
[mailto:[EMAIL PROTECTED]Sent: Wednesday, October 15,
2003 12:23 PMTo: [EMAIL PROTECTED]Subject: Re:
Penet
SSL will protect you from people you don't know from breaking in. You are
always sure of who the other side is with SSL.
I does nothing when the trusted guy on the other side decides to behave
badly. That is where all the other tricks come into play.
SSL in combination with all the other methods
Jeff -
The answer depends on what GMO options the receiving application is
using. If it uses MQGMO_ALL_MSGS_AVAILABLE, then a restart of the app
will not pick up the remaining messages from the groups -since some of
the messages are missing. If MQGMO_LOGICAL_ORDER is used, then this
will also f
Anybody done this kind
of side by side testing, comparing HTTP and psuedo-synchronous MQ
implementation. We are trying to rationalise that MQ, although async by
nature, can actually be better performing then the synchronous (probably SOAP
over) HTTP.
Cheers
Neil
Title: Penetrating an outbound firewall
No, it
just means you need to specify all the parameters. If you run a saveqmgr
it prints out runmqsc commands suitable for use on a QMgr with no SYSTEM.DEF*
objects. Use these as templates for your queue definitions if you need to
add or change anything
> T.Rob,
> What do you think of just stopping the command server? My thinking
> is if
> they have access to the box to start the command server locally,
> they can just as easily use runmqsc to create the queue. True, it is
> an extra step, but does it buy us anything really to delete the
> comma
Thanks Sam.
That did it.
-Original Message-
From: Sam Garforth [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 15, 2003 11:08 AM
To: [EMAIL PROTECTED]
Subject: Re: Penetrating an outbound firewall
I think you should be able to create queues using the
LIKE parameter.
Sam
--- "Potka
Thanks I have seen these very informative docs. They don't address T.Rob's
suggestion of deleting the queue altogether. I am curious if it is a
benificial extra step or not.
-Original Message-
From: Sam Garforth [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 15, 2003 11:48 AM
To: [EMA
Greetings,
Have anyone used MQ segmentation ?
Is it possible to activate MQ segmentation in a client server scenario ?
I mean between MQ client and MQ server.
This is what i am doing, say i have 3 segments,
MQPUT
PMO MQPMO_LOGICAL_ORDER
MD MQMF_SEGMENT (all 3 segments)
MQMF_LAST_SEGMENT (last
Try
http://www.sjg-enterpriseintegration.com/oamsecurity.asp
and
http://www.sjg-enterpriseintegration.com/closingmqholes.asp
--- "Potkay, Peter M (PLC, IT)"
<[EMAIL PROTECTED]> wrote: > T.Rob,
> What do you think of just stopping the command
> server? My thinking is if
> they have access to the
I think you should be able to create queues using the
LIKE parameter.
Sam
--- "Potkay, Peter M (PLC, IT)"
<[EMAIL PROTECTED]> wrote: > T.Rob wrote:
> "Every time I bring this up, people always reply
> that you can accomplish the
> same thing with an exit or MCAUSER. My answer to
> that is that
Title: Message
T.Rob,
What do you think of just stopping the command server? My thinking
is if they have access to the box to start the command server locally, they can
just as easily use runmqsc to create the queue. True, it is an extra step, but
does it buy us anything really to delete the co
I will be out of the office starting October 15, 2003 and will not return
until October 16, 2003.
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive
Title: Penetrating an outbound firewall
T.Rob
wrote:
"Every
time I bring this up, people always reply that you can accomplish the same thing
with an exit or MCAUSER. My answer to that is that you cannot restrict
traffic to a specific channel. For example, if you define XYZ.RCVR with
MCAUSER('x
Hi All,
We have upgraded our Unix OS from Sun Solaris 8 to Sun Solaris 9. While
doing so, the IT team blew away the old MQSeries objects. My question is:
Can this be avoided? I.e. can the OS be upgraded without blowing away the
MQSeries objects as that would help us in future? Thanks.
Prits
If the restore found files under /var/mqm/qmgrs but was
not listed in the mqs.ini file, then your MQ installation got out of synch
at some point. Not sure what to suggest at this point. You might want to
try renaming /var/mqm/qmgrs to something else and using crtmqm to
create a new . Then copy
A sending application uses message groups. It sends a large number
of messages (1000+) in each group.
The receiving application reads each message from the group and
does a MQCMIT every message. For some reason, the receiving
application cannot wait for the entire group to do the commit.
What hap
Hi Peter,
thanks a lot, this works fine.
I didn't know that there are any restrictions on working with strmqm and endmqm.
Best regards,
Michael
-Ursprüngliche Nachricht-
Von: Peter Uranyi [mailto:[EMAIL PROTECTED]
Gesendet: Dienstag, 14. Oktober 2003 21:18
An: [EMAIL PROTECTED]
Betref
Dmitry,
did you check CSQINP2 of the queuemanager for a DELETE QREMOTE(...) statement?
Do you have any cleanup Jobs started by automation after MQ shutdown / before MQ
restart?
Or maybe you coded a delete with a define afterwards (CSQINP2, jobs, ...but the
define fails for some reason?
Is the que
42 matches
Mail list logo