MQ-Advanced-pot

IBM MQ NativeHA on RHEL

---

Table of Contents

• 1. Introduction
• 2. Workshop Environments
• 3. Live Environment Setup
  • 3a. Create Queue Manager
  • 3b. Create TLS Certificates
  • 3c. Update qm.ini
  • 3d. Start Queue Manager
  • 3e. Disable Security
  • 3f. Enable systemd Monitoring
• 4. Testing High Availability (HA) in Live Environment
  • 4a. Put and Get messages (amqsphac, amqsghac)
  • 4b. Failover the Queue Manager
• 5. Summary

---

Return to Main Menu

1. Introduction

In this lab, you will investigate the process of configuring the NativeHA Queue Manager on RHEL Virtual Machines. Additionally, you will conduct High Availability testing in the Live environment and monitoring the transition of client connections.

2. Workshop Environments

You need to reserve Techzone environment which will have 6 RHEL VMs, and 1 WIndows VM.
For this lab we will be using acemq1,acemq2,acemq3 for doing the MQ nativeHA.
We will launch everything from the Windows image.

Click on the Windows image console to open it.

3. Live Environment Setup

1. From the Windows console click on the CAD to get to the login page. Click on OK for the Business Use Notice

   

2. Login to the windows using techzone/IBMDem0s

   

3. From the Windows VM’s Console, open Putty program and open acemq1, acemq2, acemq3 Virtual Machine sessions.
   

4. Arrange the windows on your desktop and you should have the 3 RH vms. Login to each VM using ibmuser/engage.

3a. Create Queue Manager

1. Run the following commands on each of the Virtual Machines (acemq1, acemq2, acemq3).
   

   Create Queue Manager MQ01HA
   

   crtmqm -lr `hostname` -lf 8192 -lp 10 -ls 10 -p 1414 MQ01HA
   

   

3b. Create TLS Certificates

1. Run the below steps on acemq1 to enable TLS on Queue Manager.
   Create TLS certificates.
   

   runmqakm -keydb -create -db /var/mqm/qmgrs/MQ01HA/ssl/key.kdb -pw passw0rd -stash
   

   runmqakm -cert -create -db /var/mqm/qmgrs/MQ01HA/ssl/key.kdb -pw passw0rd -label selfsigned -dn CN=MQ01HA -size 2048
   

   sudo chown -R :mqm /var/mqm/qmgrs/MQ01HA/ssl/key.*
   

   sudo chmod g+r /var/mqm/qmgrs/MQ01HA/ssl/key.*
   

   

2. Copy all key.* files to acemq2 Virtual Machines using sftp. Login to acemq2 using password engageibm
   

   sftp ibmuser@acemq2
   

   mput /var/mqm/qmgrs/MQ01HA/ssl/key.* /var/mqm/qmgrs/MQ01HA/ssl
   

   quit
   

3. Copy all key.* files to acemq3 Virtual Machines using sftp. Login to acemq3 using password engageibm
   

   sftp ibmuser@acemq3 
   Enter password 
   

   mput /var/mqm/qmgrs/MQ01HA/ssl/key.* /var/mqm/qmgrs/MQ01HA/ssl
   

   quit
   

   

4. On acemq2, acemq3 run the following commands.
   

   sudo chown -R :mqm /var/mqm/qmgrs/MQ01HA/ssl/key.*
   

   sudo chmod g+r /var/mqm/qmgrs/MQ01HA/ssl/key.*
   

   

3c. Update qm.ini

1. On each VM (acemq1,2,3), we will add the TLS parameters as well as all 3 NativeHAInstances to qm.ini.

   You can run the following command on all 3 images to look at the current qm.ini files.

   cat /var/mqm/qmgrs/MQ01HA/qm.ini
   

   

2. We will now from the acemq1 putty session we will run the update script that will update all 3 qm.ini files on the 3 instances.

   The output will show that you have updated all 3 instances.

   cd  mqha-crr
   

   ./1-qm-ha.sh
   

   

3. When done run the following command on all 3 instances to verify that the qm.ini was updated correctly.

cat /var/mqm/qmgrs/MQ01HA/qm.ini

3d. Start Queue Manager

1. Run the following commands to restart the queue manager on all 3 vm’s (acemq1,2,3).
   

   strmqm MQ01HA
   

2. Once all 3 QMgrs are running go to one of the VMs and run the following command.

   The Queue Manager should be active in one of Virtual Machines.
   

   dspmq -o nativeha -x
   

   

3e. Disable Security

1. Find the node that the QMgr is running as Active using this command.

   dspmq -o nativeha -x 
   

2. Run the following command, on the node where the queue manager is Active,
   This will disable security and define the channel and local Queue used for testing.

runmqsc MQ01HA
ALTER QMGR CHLAUTH(DISABLED) CONNAUTH(' ')
REFRESH SECURITY TYPE(CONNAUTH)
DEFINE CHANNEL(NATIVEHACHL.SVRCONN) CHLTYPE(SVRCONN)
DEFINE QLOCAL(APPQ) DEFPSIST(YES)

3f. Enable systemd Monitoring

Reference:
https://www.ibm.com/docs/en/ibm-mq/9.4.x?topic=ha-monitoring-restarting-ending-queue-manager-instances

You must implement a method to ensure that the queue manager instances in the Native HA configuration are still running, and restart them if required.

Run the following commands on each RHEL VM.

ln -s /opt/mqm/samp/mqmonitor@.service /etc/systemd/system 

sudo systemctl enable mqmonitor@MQ01HA

sudo systemctl start mqmonitor@MQ01HA

4. Testing High Availability (HA) in Live Environment

4a. Put and Get messages (amqsphac, amqsghac)

1. On the Windows VM
   Open the MQ-Labs folder and start the putter and getter batch files.
   

   

4b. Failover the Queue Manager

1. We will now manually failover the Queue Manager from where it’s running.
   Run dspmq on each of the RH VMs and you will see where the QMgr is currently running.
   
   Next from that location run the following command to failover the QMgr.

   sudo systemctl restart mqmonitor@MQ01HA
   

   Notice that the amqsphac, amqsghac getting reconnected.
   

2. This indicates that the NativeHA is functioning as intended, and the queue manager is currently Active in a different Standby node, allowing the amqsphac and amqsghac to reconnect.

   
   
   
   

5. Summary

Congratulations! At this point, you ought to be familiar with the process of configuring IBM MQ HA in a Primary region.

Return to Main Menu