Managing integration with MainView Middleware Administrator with the CLI
The mqtool utility is used to manage integration with MainView Middleware Administrator (MVMA). It can be used to perform the following activities:
Installing a new MVMAlicense key
Use this option if an invalid key or MVMAmode was chosen during installation. See MainView Middleware Administrator integration options for information on the various modes of integration.
If you wish MVMAto use the same security service as MainView Middleware Monitor (MVMM) choose “y”. Otherwise, choose “n”.
mqtool --install-key license_key –configure-ldap y|n
user
Configuring the MVMAintegration
Use the --configure
option if you chose to configure MVMAlater during installation.
When using the following variation of the command the user used to configure with MVMAis the same user used to execute the mqtool utility. Refer to MainView Administrator integration options, Users and Security for more information on the users specified with this command option.
mqtool --configure --admin-url url --admin-ldap-user user
--admin-ldap-password password|console --admin-project project
--admin-ts-path filepath --admin-ts-password password user
When using the following variation, the user specified by –admin-user
specifies the user used to configure MVMA.
mqtool --configure --admin-url url --admin-user user --admin-password
password|console --admin-ldap-user user --admin-ldap-password
password|console --admin-project project --admin-ts-path filepath
--admin-ts-password password user
The –configure
command preserves the above values including the user for use with other commands and synchronization of WMQ Connections.
If for some reason you must re-install MVMA, you can reconfigure it again without specifying all the values again using --reconfigure
.
mqtool --reconfigure user
When using --configure or --reconfigure and MVMAhas previously been configured as determined by its security mode being LDAP_LDAP then most of the security settings are left untouched in case they have been manually altered and in a good working state. The exception is the LDAP Manager DN credentials which are always updated if they differ. You may alter this default behavior by using the -u option which indicates to update the MVMAvalues that differ with the MVMM values as defined in services.cfg. If the MVMA values are working and you do not wish to update them, you may specify the -g option to save them to services.cfg in case MVMAneeds to be re-installed and you wish those values to be used. Note that -g does not update the LDAP Manager DN credentials in services.cfg. The -u and -g options can not be specified at the same time. Basic user authentication must be working in order for MVMM to log into MVMAand -u to succeed.
When usiung --configure or --reconfigure and Active Directory is being used then a set of Active Directory configuration and functionality checks is performed prior to performing the configuration. If those checks fail, the configuration is not performed. If you are sure the Active Directory configuration is configured properly you may override these checks by adding -o to the commands. Note, these are the same checks as you see in the Security Configuration Tool and ADCheck CLI.
At any time, you can check the configuration using –check-config
. If Active Directory is being used the same configuration and functionality checks are performed as --configure and --reconfigure.
mqtool --check-config user
Updating configuration values
Use –update-admin-password
if you need to change the user or the user’s password that configures MVMA.
When using the following variation of the command the user used to configure with MVMAis the same user used to execute the mqtool utility. This user is preserved for use with other commands and synchronization of WMQ Connections.
These options use the user running mqtool.
mqtool --update-admin-password user
When using the following variation, the user specified by –admin-user
specifies the user used to configure MVMA.
mqtool --update-admin-password --admin-user user --admin-password
password|console user
Use the following option if you need to change the user or the user’s password that is used to authenticate users and retrieve user and group information with the security service.
mqtool --update-ldap-password --admin-ldap-user user --admin-ldap-password
password|console user
Use the following option if the hostname or port where MVMAis installed changed.
mqtool --update-admin-url url user
Use the following option to update the license key. For example, you may need to update your key if you have purchased a licensed version of MVMA.
mqtool --update-admin-key license_key user
Use the following option to change the name of the MVMAproject to which MVMM creates WMQ_Connections. When using the Monitor Edition of MVMAthe previous project will be removed and existing WMQ_Connections moved to the new project.
mqtool --update-admin-project project user
Use the following option to change whether the MVMAsecurity configuration should use the same security service as MVMM. For example, if you decide your licensed edition of MVMAshould now use the same security service as MVMM. Note that the Monitor Edition of MVMAmust use the same security service.
If your licensed edition of MVMA should use the same security service as MVMM, specify “y” to indicate the MVMA ldap security settings will be configured. Otherwise, always specify “n” to indicate only the security settings will not be configured.
mqtool --update-configure-ldap y|n user
Use the following option to add all groups with the “MVMAUser” permission to the MVMA project. This only applies to the Monitor Edition of MVMA and the licensed edition of MVMA when you have chosen to use the same security service as MVMM. It also only applies if synchronization of the project’s WMQ_Connections is enabled. This feature is on by default.
mqtool --update-sync-groups y|n user
Use the following option to control how often synchronization of the project’s WMQ Connections occurs. A value of 0 disables synchronization but can be one manually using this utility. The minimum value is 300 seconds (5 minutes) and is the default.
mqtool --update-sync-interval seconds user
Use the following option to update trust store certificates for connecting to MVMA. If you install your certificates in MVMA, you may need to update the certificate that you used to configure MVMA.
mqtool --update-cert user
Creating a queue manager list file to work with other commands
There are several ways to specify the queue managers to which a mqtool command is applied. This command creates a file containing a list of queue managers that match the agent and queue manager regular expressions.
mqtool --create-qm-list filename --filter-agent regex --filter-qm regex
user
Creating a channel definition inputs file
A channel definition input file contains all user defined input for creating the MQ server conn channel and supporting objects like listeners, authority records, etc., and a corresponding MVMAWMQ Connection.
The format of the file is JSON, but you should not manually alter the file; use the mqtool utility to avoid mistakes in formatting the file. The file is intended to be re-usable for sets of queue managers for the fastest way to configure large numbers of queue managers. For example, you would not use a channel name of CHANNEL_MYQUEUE_MANAGER as that would only apply to that queue manager. Instead, use something generic like MVMA_SERVER_CONN that easily identifies the server conn as one used by the MVMA product.
Not all options are required. Refer to the Option Details section for a description of each parameter. You may also use alternative ways of specifying a single or multiple queue manager(s).
mqtool --create-json filename --chl-name channel name
(--chl-port port | --chl-port-min port --chl-port-max port) user
mqtool --create-json filename --chl-name channel name
(--chl-port port | --chl-port-min port --chl-port-max port)
--chl-ip ip --chl-user user --chl-password password --chl-mqsc mqsc
--chl-replace user
Preserving a channel definition file
You can preserve a channel definition for a queue manager using –-save-chl-inputs
. You can specify the channel definition inputs at the same time or import form a channel definition inputs file.
You can also use alternative ways of specifying a single or multiple queue manager(s).
mqtool --qm-list filename --chl-name channel name
(--chl-port port | --chl-port-min port --chl-port-max port)
--save-chl-inputs user
mqtool --qm-list filename --chl-json-file filename --save-chl-inputs user
Showing a preserved channel definition file
You can display the currently saved channel definition inputs. You can also use alternative ways of specifying a single or multiple queue manager(s).
mqtool --qm-list filename --show-chl-inputs user
Applying the mq changes
You can apply the mq changes that would be made for defining a client connection to queue managers using --apply-mq-changes
.
You can also use alternative ways of specifying a single or multiple queue manager(s).
mqtool --qm-list filename --apply-mq-changes user
When applying the mq changes PCF is used. If required, you can specify -m and mqsc scripts are used when possible. Agentless configurations do not support mq changes using mqsc scripts. When using mqsc scripts all the commands are issued once and continue regardless of whether they fail. For example, if you stop the listener it often takes some time for it to actually stop and if you attempt to delete it right away you will get an object in use error. It is advised to use PCF where possible as operations are retried as necessary for temporary errors like this. If you wish to manually use mqsc scripts you can use --zip-mqsc
to obtain the scripts that would have been executed and --run-mqsc
to execute a script.
Note that when issuing mq changes against a version 7.x agent, either an IP address or a user can be specified to restrict access to the queue manager via the server connection channel, but not both. If both are required, you must alter the channel authority records manually. You can define your own mqsc script and use --runmqsc
to execute it if the queue manager is not using an agentless configuration.
Reporting the result of applying the mq changes
You can report the result of the last application of the mq changes against queue managers using --report
. This is the same output displayed at the time the last --apply-mq-changes
was used.
You can also use alternative ways of specifying a single or multiple queue manager(s).
mqtool --qm-list filename --report user
Checking the status of the MQ configuration of the queue managers
You can check the status of the server conn channel, listener and WMQ Connection for the specified queue manager(s) using --check-status
.
You can also use alternative ways of specifying a single or multiple queue manager(s).
mqtool --qm-list filename --check-status user
Creating the mqsc file
A mqsc file is a command file using the mqsc syntax that the MQ runmqsc command understands. MVMM uses this to create the server conn channel and other required objects.
You can create the mqsc file that would be used for defining a client connection to queue managers using --create-mqsc
. You can also use alternative ways of specifying a single or multiple queue manager(s).
mqtool --qm-list filename --create-mqsc user
Manually applying the mqsc files
If your company policies prohibit MVMM from creating the server conn channel, you can create and zip up the mqsc files for defining the client connection to a queue manager for manual application.
You can also use alternative ways of specifying a single or multiple queue manager(s).
mqtool --qm-list filename --zip-mqsc filename user
Note that the mqsc script can contain commands to stop and remove listeners, channels and channel authority records. You should execute those commands separately and verify they have been removed prior to executing the remaining script that creates (or recreates) those objects. Otherwise, object in-use or object already exist error codes may occur.
Applying your own mqsc file
You can run your own mqsc file against queue managers. This is useful with the --zip-mqsc
command if you need to alter the script to suit your environment.
You can also use alternative ways of specifying a single or multiple queue manager(s).
mqtool --qm-list filename --runmqsc filename user
Converting Configuration Manager message files to MVMAformat
If you have upgraded MVMM from an earlier version that used the Configuration Manager, you can use the --msg-file-convert
option to convert any preserved messages to the MVMAfile format for use with MVMA.
mqtool --msg-file-convert filename user
Checking the input queue managers list
Use the --check-qm-list
option to verify the contents of the file. It displays the list for verification.
You can also use alternative ways of specifying a single or multiple queue manager(s).
mqtool --check-qm-list filename user
Updating MVMAWMQ Connections
Use the --update-connections
option to update the WMQ Connection with the current channel definitions. If necessary, the WMQ Connection will be created.
You can also use alternative ways of specifying a single or multiple queue manager(s).
mqtool --qm-list filename --update-connections user
Removing MVMAWMQ Connections
Use the --remove-connections
option to remove a WMQ Connection. Only use this option if the queue manager no longer exists in the MVMM object repository.
You can also use alternative ways of specifying a single or multiple queue manager(s).
mqtool --qm-list filename --remove-connections user
Manually synchronizing the MVMAWMQ Connections
Use --sync-integration
to manually remove, create or update WMQ Connections to match the queue mangers in the MVMM object repository.
mqtool --sync-integration user
Testing MVMAWMQ Connections
Use --test-connections
to test that MVMA can connect over the defined server conn channel.
You can also use alternative ways of specifying a single or multiple queue manager(s).
mqtool --qm-list filename --test-connections user
Getting information about a queue manager
Use the following commands to display MQ information about the queue manager(s).
You can also use alternative ways of specifying a single or multiple queue manager(s).
mqtool --qm-list filename --list-qm-authrec user
mqtool --qm-list filename --list-listeners user
mqtool --qm-list filename --list-srvrconn-channels user
mqtool --qm-list filename --list-chlauth user
Alternative ways of specifying a single or multiple queue manager(s)
Rather than a list using --qm-list
you can specify a single queue manager using the following alternatives:
--agent agent_name --qm queue_manager_name
--qm-oid hi_lo_typeid
--agent-oid hi_lo_typeid --qm queue_manager_name
You can also use regular expressions to specify multiple queue managers.
--filter-agent regex --filter-qm regex
Defining password entry for specific operations
You can specify 'console' for passwords for which you would rather be prompted. The agent connection options [--agent-port port] [--secured-agent-user
and user --secured-agent-password password|console]
are supported on the following operations:
--check-status
--create-mqsc
--apply-mq-changes
--zip-mqsc
--list-listeners
--list-srvrconn-channels
--list-chlauth
--list-qm-authrec
--runmqsc
mqtool options
Option | Description |
---|---|
--admin-ldap-password password|console | Password used for LDAP access by MVMAfor the user specified by |
--admin-ldap-user user | User used for LDAP access by MVMA. |
--admin-password password|console | Password used for administrative access to MVMAfor the user specified by |
--admin-project project | Project to use in MVMA. |
--admin-ts-password password | Password for trust store with the certificate to access MVMA. |
--admin-ts-path filepath | File path for trust store with the certificate to access MVMA. |
--admin-url url | URL to MVMA. |
--admin-user user | User used for administrative access to MVMArather than the mqtool user. |
--agent agent_name | Agent name. |
--agent-oid hi_lo_typeid | Agent OID. |
--agent-port port | Port of pre-8.0 agent. Applies to ALL pre-8.0 agents in |
--apply-mq-changes | Apply mq changes for queue managers, |
--as-host host_name | Application Service host. |
--as-port port_number | Application Service port. |
--check-config | Check the configuration for integration with MVMA. |
--check-qm-list filename | Check queue manager list, --qm-list . |
--check-status | Check the status of MQ configuration for queue managers, |
--chl-ip ip | IP address of MVMAused to restrict channel access. |
--chl-json-file filename | JSON file containing input parameters. |
--chl-mqsc mqsc | Additional mqsc keywords. |
--chl-name channel name | Name of server conn channel(s) used by MVMA. |
--chl-password password | Password for user used to restrict channel access. |
--chl-port port | Listener port of queue manager of server conn channel(s) used by MVMA. |
--chl-port-max | Maximum listener port range of queue manager of server conn channel(s) used by MVMA. |
--chl-port-min | Minimum listener port range of queue manager of server conn channel(s) used by MVMA. |
--chl-replace | Replace an existing channel. |
--chl-user user | User used to restrict channel access. |
--configure | Save configuration information and configure integration with MVMA. |
--configure-ldap y|n | Specifies whether MVMAand MVMM have a common LDAP access. Must be |
--create-json filename | Create a JSON file containing input parameters. |
--create-mqsc | Create and show mqsc scripts for queue managers, |
--create-qm-list filename | Create a list of queue managers, --qm-list . |
--list-qm-authrec | List queue manager authority records (authrec) definitions for queue managers, |
--filter-agent regex | Restricts |
--filter-qm regex | Restricts |
--install-key license_key | Install MVMA key used to configure MVMA. Requires |
--list-chlauth | Lists server conn channel authentication (chlauth) definitions for queue managers, |
--list-listeners | Lists listeners for queue managers, --qm-list . |
--list-srvrconn-channels | Lists server conn channels for queue managers, --qm-list . |
--msg-file-convert filename | Convert message file to MVMAformat. Output has the same filename with .json appended for use with MVMA. |
--qm queue_manager_name | Queue manager name. |
--qm-list filename | List of queue managers. |
--qm-oid hi_lo_typeid | Queue manager OID. |
--reconfigure | Reconfigure using preserved configuration information from |
--remove-connections | Remove MVMAWMQ connections. |
--report | Report on the last result of running mqsc scripts for queue managers, |
--runmqsc filename | Run a MQSC script. |
--save-chl-inputs | Save channel inputs for queue managers, --qm-list . |
--secured-agent-password password|console | Pre-8.1 secured agent password for user specified by |
--secured-agent-user user | Pre-8.1 secured agent user used for authentication with MQ. Applies to ALL secured agents in |
--show-chl-inputs | Show saved channel inputs for queue managers, --qm-list . |
--sync-groups y|n | Synchronize by adding groups to or removing groups from the MVMAproject based on whether they have the 'Run Configuration Manager' permission. |
--sync-integration | Immediately adds or removes WMQ Connections to MVMAto keep in sync with queue managers in the object repository rather than waiting for the next periodic synchronization. |
--sync-interval seconds | How often to periodically synchronize WMQ_Connections and groups to the MVMA project. Value must be >= 300 or 0 to disable. |
--test-connections | Test MVMA WMQ connections for queue managers. |
--update-admin-key license_key | Update MVMAkey. |
--update-admin-password | Update password for connecting to MVMA. |
--update-admin-project project | Update MVMAproject name. |
--update-admin-url url | Update MVMAURL. |
--update-cert | Update security certificate for integration with MVMA. |
--update-configure-ldap y|n | Updates whether MVMAand MVMM have a common LDAP access. Must be |
--update-connections | Update channel definitions in MVMAWMQ connections for queue managers, |
--update-ldap-password | Update password used for LDAP access by MVMA. |
--update-sync-groups y|n | Update --sync-groups setting. |
--update-sync-interval seconds | Update |
--zip-mqsc filename | Zip mqsc scripts for queue managers, |
-c | Continue with other queue managers when errors are encountered. |
-h|-? | Give this help summary. |
-i | Ignore agents or queue managers that are not connected or active. |
-m | Use mqsc to apply MQ changes. The default is to use APIs that use PCF. |
-o | Override AD checks and continue configuration attempt when errors detected. Default is discontinue when errors detected. |
-p password | Password. |
-r | Replace channel definition in media if it exists. The default is to use the one previously saved. |
-s|--stdin | Specify password via stdin. This is mutually exclusive with |
-v | Run in verbose mode. |
-y | Do not prompt, create trust store file and add cert if necessary from MVMAconnection. This option is not recommended. |
-g | Get any MVMAsecurity settings manually altered in MVMA. |
-u | Update MVMAsecurity settings even if previously configured. |
Comments
Log in or register to comment.