This document provides summaries of 20 tools, scripts, and utilities for working with WebSphere MQ on UNIX and Windows systems. It begins with some equivalents between UNIX and Windows commands, then describes each tool in 1-2 sentences, including parsing trigger messages from the command line, checking if a queue manager is running, finding queues with message depths above a threshold, stopping all channels on a queue manager, and enhancing MQSC scripts and FTE XML files.
Report
Share
Report
Share
1 of 35
Download to read offline
More Related Content
WMQ Toolbox: 20 Scripts, One-liners, & Utilities for UNIX & Windows
1. The WebSphere MQ
Toolbox
20 Scripts, 1-liners, & Utilities
for UNIX & Windows
T.Rob Wyatt
Managing Partner, IoPT Consulting
704-443-TROB (8762)
t.rob@ioptconsulting.com
https://ioptconsulting.com
Capitalware's MQ Technical Conference v2.0.1.4
2. Speed dating
• We have less than an hour to go over 20 tools
so this will necessarily be very high level.
• We’ll start with some Windows/UNIX
compatibility, then go into the utilities.
• The intent is to provide an introduction in the
session & provide sufficient detail to use the
deck as reference.
• Look for a download on the MQTC site and/or
my site at https://t-rob.net/links
Capitalware's MQ Technical Conference v2.0.1.4
3. UNIX/Windows equivalents
UNIX Windows
grep findstr
# Comment :: Comment
cp copy
rm del
mv move
& start
cat type
xargs for / in / do
wc find -c
Capitalware's MQ Technical Conference v2.0.1.4
4. Capitalware's MQ Technical Conference v2.0.1.4
20 Tools:
# Win *NIX Description
1/2 X X Parse A Trigger Message
3/4 X X Check for running QMgr
5/6 X X Check for admin privs
7/8 X X Find queues with depth
9/10 X X Enhanced MQSC scripts
11/12 X X Dump the cert from a remote QMgr
13/14 X X Age messages off of all queues on a QMgr
15/16 X X Stop all channels on a QMgr
17 XML Enhanced FTE XML files
18 N/A X Who’s in the mqm group, anyway?
19 OpenSSL Dump the cert from a remote QMgr
20 Perl Recover stashed password
5. Parse A Trigger Message - Structure
How do we get this from a single command-line parameter?
Trigger Message struct tagMQTMC2 {
MQCHAR4 StrucId; /* Structure identifier */
MQCHAR4 Version; /* Structure version number */
MQCHAR48 QName; /* Name of triggered queue */
MQCHAR48 ProcessName; /* Name of process object */
MQCHAR64 TriggerData; /* Trigger data */
MQCHAR4 ApplType; /* Application type */
MQCHAR256 ApplId; /* Application identifier */
MQCHAR128 EnvData; /* Environment data */
MQCHAR128 UserData; /* User data */
MQCHAR48 QMgrName; /* Queue manager name */
Capitalware's MQ Technical Conference v2.0.1.4
};
6. 1) Trigger Message - Windows
Assuming that the TMC2 is in %0, use positional substring extraction:
set TMC2StrucID=%0:~0,4%
set TMC2Version=%0:~4,4%
set TMC2Queue=%0:~8,48%
set TMC2Process=%0:~56,48%
set TMC2TrigData=%0:~104,64%
set TMC2ApplType=%0:~168,4%
set TMC2ApplID=%0:~172,256%
set TMC2EnvData=%0:~428,128%
set TMC2UserData=%0:~556,128%
set TMC2QMgr=%0:~684,48%
The parms may not be in the order you expect so test for the desired
TMC2StrucID and TMC2Version before using the values.
Capitalware's MQ Technical Conference v2.0.1.4
7. 2) Trigger Message – UNIX/Linux
Assuming that the TMC2 is in $1, use positional substring extraction:
TMC2StrucId=${1:0:4}
TMC2Version=${1:4:4}
TMC2QName=${1:8:48}
TMC2ProcessName=${1:56:48}
TMC2TriggerData=${1:104:64}
TMC2ApplType=${1:168:4}
TMC2ApplId=${1:172:256}
TMC2EnvData=${1:428:128}
TMC2UserData=${1:556:128}
TMC2QMgrName=${1:684:48}
The parms may not be in the order you expect so test for the desired
TMC2StrucID and TMC2Version before using the values.
Capitalware's MQ Technical Conference v2.0.1.4
8. Capitalware's MQ Technical Conference v2.0.1.4
Check for running QMgr
Prior to running a script, we want to make sure the QMgr is running.
Checking processes isn’t sufficient. What if the QMgr is quiescing? We
need to know what MQ thinks the status is.
Prereq: Script has already validated that dspmq is on PATH. Alternatively,
trap errors on the dspmq command.
If you use valid QMgr status values such as "Running" for a QMgr name,
there’s a 10th ring of Hell reserved just for you.
9. 3) Check for running QMgr: Windows
Assumes that the target QMgr name is in "$QMgr
for /f %%i in ('dspmq ^| findstr "($QMgr)" ^| find /i /c
"Running"') do set isrunning=%%i
if %isrunning% NEQ 1 (
echo %~nx0 $QMgr not found or not running
exit /B 2
Capitalware's MQ Technical Conference v2.0.1.4
)
Filters entries from a dspmq on the QMgr name in parenthesis. This avoids
getting a hit on TREES searching for TREE, for example.
Exclude any lines that do not have (RUNNING) as the status.
Set %isrunning% to the number of lines found. This will be zero or one.
Test the value of %isrunning% before continuing.
If you care whether %isrunning%==0 means "not here" or "not found" add
a nested IF to test the output of dspmq looking for the QMgr name.
10. 4) Check for running QMgr: UNIX/Linux
Assumes that the target QMgr name is in "$QMgr
[[ $(dspmq | grep '(Running)' | grep "$QMgr" | wc -l | tr -d "
") != 1 ]] && print "n${0##*/}: Queue Manager '$QMgr' not
found or not running.n" && exit 1
Filters running QMgr entries from a dspmq
Looks for a line with the QMgr name in parenthesis. This avoids searching
for a QMgr named TREE and getting a hit on TREES, for example.
Count the number of lines found. This will be zero or one.
If the result of the above does not equal 1, then the QMgr is either not
running or not here.
If you care which it is, go back and grep for the QMgr name and use the
same technique to display its status if there’s a line or a "not found" error.
Capitalware's MQ Technical Conference v2.0.1.4
11. Check for admin privileges
Prior to running a script, we want to make sure the user has MQ admin.
Does this by attempting to execute a command that
Requires admin privileges.
Is display-only.
Does not need to know the QMgr name in advance.
Minimal effect on monitoring programs.
Returns the same error code across platforms and versions.
Intentionally run dspmqtrn with invalid syntax.
AMQ7028 says the command ran OK but you didn’t give a QMgr name.
Assumes any other value means the command failed for authorization.
This may change over time so validate for each new release!
Capitalware's MQ Technical Conference v2.0.1.4
12. 5) Check for admin privs – Windows
:: Test to see if user has WMQ admin privileges
set Response=
set isAdmin=
for /f "tokens=*" %%a in ('dspmqtrn 2^>^&1') do @set
Response=%%a
Capitalware's MQ Technical Conference v2.0.1.4
set isAdmin=!Response:~0,7!
if NOT "%isAdmin%"=="AMQ7028" (
echo.
echo %0: This script must be run from an account with
WeSphere MQ adminstrator privileges.
exit /B 2
)
13. 6) Check for admin privs – UNIX/Linux
Most scripts must be run as mqm:
[[ $(whoami) != "mqm" ]] && print "n${0##*/}: Script must be
executed as the mqm user.n" && exit 1
Sometimes it’s OK just to be an admin:
[[ $(dspmqtrn 2>&1 | grep ‘AMQ7028' | wc -l | tr -d " ") != 1
]] && print "n${0##*/}: User `whoami` does not appear to have
MQ admin privileges.n" && exit 1
Capitalware's MQ Technical Conference v2.0.1.4
14. Capitalware's MQ Technical Conference v2.0.1.4
Find queues with depth
Need to find queues with depth > 0 (or some arbitrary number)
Possibly need to exclude SYSTEM.*
Possibly need to include/exclude Xmit Queues.
This is ridiculously easy with MQSCX from MQGem.
Unsolicited, unpaid endorsement but true.
The difference in productivity on any of my scripting engagements would pay for the
program several times over.
Several people in attendance wish their company had bought it.
We’ll make do with the built-in utils instead.
15. 7) Find queues with depth - Win
for /f "tokens=2 delims=()" %a in ('echo dis q^(*^)
where^(curdepth gt 0^) ^| runmqsc $QMgr ^| findstr " QUEUE("')
do { :: Something interesting here. }
Assumes the target QMgr name is in $QMgr
We just want the names, not the actual depths.
Passes the output to a ‘do’ block
Adjust accordingly to exclude SYSTEM.* queues:
for /f "tokens=2 delims=()" %a in ('echo dis q^(*^)
where^(curdepth gt 0^) ^| runmqsc $QMgr ^| findstr " QUEUE("
^| findstr /V "(SYSTEM." ') do { :: Something interesting
here. }
Capitalware's MQ Technical Conference v2.0.1.4
16. 8) Find queues with depth – UNIX/Linux
echo 'dis q(*) where(CURDEPTH gt 0)' | runmqsc $QMgr | tr ')'
'n' | grep "QUEUE(" | tr "(" "n" | grep -v "sQUEUE$"
Assumes the target QMgr name is in $QMgr.
Arguably easier with awk, but not as universally compatible as tr.
We just want the names, not the actual depths.
Wrap the output in a ‘for’ or an ‘xargs’
Adjust accordingly to exclude SYSTEM.* queues:
Capitalware's MQ Technical Conference v2.0.1.4
17. Capitalware's MQ Technical Conference v2.0.1.4
Enhanced MQSC scripts
Want to make sure output is logged on each run.
Would be great to allow substitutions inside the MQSC scripts.
Can make scripts dynamically adjust to platform, version, etc.
18. 9) Enhanced MQSC scripts - Win
for /f "tokens=2-4 delims=.:/ " %a in ("%date%") do set
filename=$~n0.%c-%a-%b.out
(date /t & echo.) > %filename%
runmqsc %QMgr% < commands.mqsc > %filename% 2>&1
Capitalware's MQ Technical Conference v2.0.1.4
Saves the output in [filename].[date].out
Captures STDERR to file as well
19. 10) Enhanced MQSC scripts – UNIX/Linux
$filename=$0.`date "+%y%m%d"`.out
(date;echo) >$filename
runmqsc $1 >>$filename 2>&1 << EOF
* -----------------------------------------------------------
* DLQ.ksh - Define DLQ on $1
* -----------------------------------------------------------
dis qmgr qmname
DEFINE QLOCAL ('$1.DLQ') REPLACE
ALTER QMGR DLQNAME('$1.DLQ')
* -----------------------------------------------------------
* E N D O F S C R I P T
* -----------------------------------------------------------
EOF
Same as Windows but MQSC commands are in the same file and can take
substitutions!
Capitalware's MQ Technical Conference v2.0.1.4
20. Age messages off of all queues
Need to delete all messages older than 30 days from all queues on the
QMgr.
Skip SYSTEM.* and AMQ.EXPLORER.* queues
Uses the QLoad program from SupportPac MO03
http://ibm.co/SupptPacMO03
Capitalware's MQ Technical Conference v2.0.1.4
21. 13) Age msgs from a QMgr - Windows
Assumes the QMgr name is in %QMgr%
FOR /F "delims=^(^); tokens=2" %%y IN ('echo dis q^(^*^)
TYPE^(QLOCAL^) ^| runmqsc %QMgr% ^| findstr " QUEUE(" ^|
findstr /V " QUEUE(SYSTEM" ^| findstr /V "
QUEUE(AMQ.EXPLORER"') DO qload -m %QMgr% -I%%y -T30:00:00 -
F%%x_%%y_%%c_%%HH%%M%%%S.txt
Capitalware's MQ Technical Conference v2.0.1.4
22. 14) Age msgs from a QMgr – UNIX/Linux
Assumes the QMgr name is in $QMgr
echo "DIS Q(*) TYPE(QLOCAL)" | runmqsc $QMgr | tr ")" "n" |
grep "^ QUEUE" | awk -F'(' '{print $2}' | grep -v ^SYSTEM. |
grep -v ^AMQ.EXPLORER. | {
Capitalware's MQ Technical Conference v2.0.1.4
while read QName;do
Cmd="qload -m $QMgr -I$QName -T30:00:00
-F${QMgr}_${QName}_%c_%HH%M%S.txt"
print "n$Cmd"
eval $Cmd
done
echo
}
23. Stop all channels on a QMgr
Prior to shutting QMgr down.
Prior to issuing REFRESH SECURITY TYPE(SSL) command.
Can be executed as a service.
Modify command to start channels.
May not want to issue START channel commands as a service.
Capitalware's MQ Technical Conference v2.0.1.4
24. 15) Stop all Channels - Win
for /f "tokens=2 delims=()" %%a in ('echo dis chl^(*^)
where^(chltype ne clntconn^) ^| runmqsc JMSDEMO ^| findstr "
CHANNEL("') DO echo stop chl(%%a) status^(inactive^) | runmqsc
JMSDEMO
Lists all channels that are not of type CLNTCONN.
Issues STOP command with status of INACTIVE
Capitalware's MQ Technical Conference v2.0.1.4
25. 16) Stop all Channels – UNIX/Linux
echo 'DIS CHL(*) where(CHLTYPE NE CLNTCONN)' | runmqsc $QMgr |
tr ')' "n" | grep ' CHANNEL(' | tr '(' 'n' | grep -v '
CHANNEL$' | {
Capitalware's MQ Technical Conference v2.0.1.4
while read ChlName;do
echo "stop chl($ChlName) status(inactive)" | runmqsc
$QMgr
done
}
Lists all channels that are not of type CLNTCONN.
Issues STOP command with status of INACTIVE
26. Capitalware's MQ Technical Conference v2.0.1.4
Enhanced FTE XML files
Metadata values normally spread throughout the XML file.
Some of these are repeated in different places.
Changes rely on the maintainer to find and update all the instances.
Can be difficult to track down.
Solution? Move all the metadata to the top!
27. 17) Enhanced FTE XML files
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE request [
<!ENTITY jobname "multicast">
<!ENTITY userID "fteadmin">
<!ENTITY Cost_Center "Unknown">
<!ENTITY sourceAgent "FTEHUBD1_0001">
<!ENTITY sourceQM "FTEAGT01">
<!ENTITY hostName "fteagents.example.com">
]>
<request version="4.00"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="FileTransfer.xsd">
<managedCall>
…
All the metadata fields are listed at the top of the XML file.
Capitalware's MQ Technical Conference v2.0.1.4
28. 17) Enhanced FTE XML files
<managedCall>
Capitalware's MQ Technical Conference v2.0.1.4
<originator>
<hostName>&hostName;</hostName>
<userID>&userID;</userID>
</originator>
<agent QMgr="&sourceQM;" agent="&sourceAgent;"/>
<transferSet priority="5">
<metaDataSet>
<metaData key="Cost_Center">&Cost_Center;</metaData>
<metaData key="BusinessUnit">&BusinessUnit;</metaData>
</metaDataSet>
…
Use the entities in the XML and the values are substituted
automatically at execution time.
Use the same variable in multiple places, it is reliably
updated everywhere at once.
29. Who’s in the mqm group, anyway?
We are really good at provisioning access.
We rather stink at decommissioning access.
Good to periodically look at membership of the different groups.
Mostly relevant to UNIX & Linux.
Efficacy may vary depending on PAM configuration, NIS+, AD, etc.
Capitalware's MQ Technical Conference v2.0.1.4
30. 18) Get the mqm group membership
Uses a Perl 1-liner to iterate over all the groups
# Get the /etc/passwd entries that have mqm as the primary group
awk -v gid=$(cat /etc/group | grep ^mqm: | cut -d: -f 3) 'BEGIN { FS = ":" } ;
$3==gid { print $1 }' /etc/passwd
# Get the mqm members from the /etc/group entry
perl -e 'while (($name,$members) = (getgrent)[0,3]) {print join("n", split(" ",
$members)) if $name eq 'mqm';}'
# Bonus points – combine, sort & undupe
(awk -v gid=$(cat /etc/group | grep ^mqm: | cut -d: -f 3) 'BEGIN { FS = ":" } ;
$3==gid { print $1 }' /etc/passwd && perl -e 'while (($name,$members) =
(getgrent)[0,3]) {print join("n", split(" ", $members)) if $name eq 'mqm';}' ) |
sort | uniq
Capitalware's MQ Technical Conference v2.0.1.4
31. Dump the cert of a remote QMgr
Easy to get the certs over the network from a central location.
Uses the features of the SSL protocol.
Requires preparation of a key file with a self-signed cert that the QMgr
does *not* know about.
Even works for your business partners.
When you call to tell them their cert is about to expire, they think you are a genius!
Capitalware's MQ Technical Conference v2.0.1.4
Requires OpenSSL to be installed.
IBM installs it with the JRE for just about everything.
Standard for nearly all UNIX/Linux distros.
32. 19) Dump remote QMgr cert
openssl s_client -connect %CONNAME% -cert Dummy.pem -prexit
2>&1 | openssl x509 -enddate -issuer -subject -noout 2>&1
CONNAME is host or IP followed by :port, for example 127.0.0.1:1414
Dummy.pem contains a self-signed cert in PEM format
Capitalware's MQ Technical Conference v2.0.1.4
33. Recover stashed password
You know you want to!
Mostly not needed with new -stashed option on runmqakm/runmqckm.
The people who you need to worry about already know this.
Understand the threat that obfuscating the stash file mitigates.
Capitalware's MQ Technical Conference v2.0.1.4
34. 20) Recover stashed password
#!/usr/bin/perl -w
use strict;
die "Usage: $0 stashfilen" if $#ARGV != 0;
open(F,$ARGV[0]) || die "Can't open $ARGV[0]: $!";
my $stash;
my $passwd = '';
read F,$stash,1024;
my @unstash=map { $_^0xf5 } unpack("C*",$stash);
foreach my $c (@unstash) {
Capitalware's MQ Technical Conference v2.0.1.4
last if $c eq 0;
$passwd =sprintf "$passwd%c",$c;
}
print "$passwdn";