Skip to content

Commit acb307b

Browse files
alisonbibmalisonbibm
committed
The scripts have been updated to allow the MQ full image (only installing the client parts), the MQ client image, and also the MQ redistributable client (cut-down free package). This requires different installation methods and also different key management.
1 parent adca0dc commit acb307b

File tree

3 files changed

+125
-34
lines changed

3 files changed

+125
-34
lines changed

ubi/Dockerfile.mqclient

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,20 +8,22 @@ USER root
88
ARG MQ_URL
99
ARG MQ_URL_USER
1010
ARG MQ_URL_PASS
11+
ARG MQ_PACKAGES="MQSeriesRuntime*.rpm MQSeriesJava*.rpm MQSeriesJRE*.rpm MQSeriesGSKit*.rpm MQSeriesClient*.rpm"
1112
ARG INSTALL_JRE=1
1213

1314
COPY ubi/install-mq.sh /usr/local/bin/
1415
COPY ubi/install-mq-client-prereqs.sh /usr/local/bin/
16+
COPY ubi/create-default-mq-kdb.sh /usr/local/bin/
1517
# Install MQ. To avoid a "text file busy" error here, we sleep before installing.
16-
RUN chmod u+x /usr/local/bin/install-*.sh \
18+
RUN chmod u+x /usr/local/bin/install-*.sh /usr/local/bin/create-*.sh \
1719
&& sleep 1 \
1820
&& install-mq-client-prereqs.sh \
1921
&& install-mq.sh \
2022
&& chown -R 1001:root /opt/mqm/*
2123

2224
RUN . /opt/ibm/ace-12/server/bin/mqsiprofile \
2325
&& echo $MQSI_JREPATH \
24-
&& /opt/mqm/bin/runmqckm -keydb -convert -db $MQSI_JREPATH/lib/security/cacerts -old_format jks -new_format kdb -pw changeit -target /tmp/mqcacerts.kdb -stash
26+
&& /usr/local/bin/create-default-mq-kdb.sh
2527

2628
# This is to delete any flash files which some customers consider a vulnerability - mostly used by googlelibs
2729
RUN echo "Removing the following swf files" \
@@ -36,6 +38,7 @@ USER root
3638
ARG MQ_URL
3739
ARG MQ_URL_USER
3840
ARG MQ_URL_PASS
41+
ARG MQ_PACKAGES="MQSeriesRuntime*.rpm MQSeriesJava*.rpm MQSeriesJRE*.rpm MQSeriesGSKit*.rpm MQSeriesClient*.rpm"
3942
ARG INSTALL_JRE=0
4043

4144
ARG MQM_UID=888
@@ -60,6 +63,7 @@ ENV AMQ_DIAGNOSTIC_MSG_SEVERITY=1 AMQ_ADDITIONAL_JSON_LOG=1
6063
# Set the integration server to use it by default. A user provided server.conf.yaml will override this behaviour if the mqKeyRepository property is set.
6164
RUN mkdir /home/aceuser/truststores
6265
COPY --from=truststore-builder /tmp/mqcacerts.kdb /home/aceuser/truststores/mqcacerts.kdb
66+
COPY --from=truststore-builder /tmp/mqcacerts.sth /home/aceuser/truststores/mqcacerts.sth
6367
RUN chmod -R 777 /home/aceuser/truststores \
6468
&& sed -i 's/#.*mqKeyRepository:.*/mqKeyRepository: \/home\/aceuser\/truststores\/mqcacerts/g' /home/aceuser/ace-server/server.conf.yaml
6569

ubi/create-default-mq-kdb.sh

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
#!/bin/bash
2+
# -*- mode: sh -*-
3+
# © Copyright IBM Corporation 2022
4+
#
5+
#
6+
# Licensed under the Apache License, Version 2.0 (the "License");
7+
# you may not use this file except in compliance with the License.
8+
# You may obtain a copy of the License at
9+
#
10+
# http://www.apache.org/licenses/LICENSE-2.0
11+
#
12+
# Unless required by applicable law or agreed to in writing, software
13+
# distributed under the License is distributed on an "AS IS" BASIS,
14+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15+
# See the License for the specific language governing permissions and
16+
# limitations under the License.
17+
18+
# Fail on any non-zero return code
19+
set -ex
20+
21+
22+
if [ -f "/opt/mqm/bin/runmqckm" ]
23+
then
24+
#
25+
# Used if the downloaded package is the MQ client package from FixCentral. Example URL:
26+
#
27+
# https://ak-delivery04-mul.dhe.ibm.com/sdfdl/v2/sar/CM/WS/0a3ih/0/Xa.2/Xb.jusyLTSp44S0BnrSUlhcQXsmOX33PXiMu_opTWF4XkF7jFZV8UxrP0RFSE0/Xc.CM/WS/0a3ih/0/9.2.0.4-IBM-MQC-LinuxX64.tar.gz/Xd./Xf.LPR.D1VK/Xg.11634360/Xi.habanero/XY.habanero/XZ.m7uIgNXpo_VTCGzC-hylOC79m0eKS5pi/9.2.0.4-IBM-MQC-LinuxX64.tar.gz
28+
#
29+
# Also used if the downloaded package is the full MQ developer package. Example URL:
30+
#
31+
# https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/mqadv_dev924_linux_x86-64.tar.gz
32+
#
33+
echo "Using runmqckm to create default MQ kdb from Java cacerts"
34+
/opt/mqm/bin/runmqckm -keydb -convert -db $MQSI_JREPATH/lib/security/cacerts -old_format jks -new_format kdb -pw changeit -target /tmp/mqcacerts.kdb -stash
35+
else
36+
#
37+
# Used if the downloaded package is the MQ redistributable client. Example URL:
38+
#
39+
# https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqdev/redist/9.2.0.4-IBM-MQC-Redist-LinuxX64.tar.gz
40+
#
41+
echo "Did not find runmqckm; using keytool and runmqakm to create default MQ kdb from Java cacerts"
42+
$MQSI_JREPATH/bin/keytool -importkeystore -srckeystore $MQSI_JREPATH/lib/security/cacerts -srcstorepass changeit -destkeystore /tmp/java-cacerts.p12 -deststoretype pkcs12 -deststorepass changeit
43+
/opt/mqm/bin/runmqakm -keydb -convert -db /tmp/java-cacerts.p12 -old_format p12 -new_format kdb -pw changeit -target /tmp/mqcacerts.kdb -stash
44+
fi
45+

ubi/install-mq.sh

Lines changed: 74 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
# Fail on any non-zero return code
1919
set -ex
2020

21-
# Download and extract the MQ unzippable files
21+
# Download and extract the MQ files
2222
DIR_TMP=/tmp/mq
2323
mkdir -p ${DIR_TMP}
2424
cd ${DIR_TMP}
@@ -32,38 +32,80 @@ tar -xzf ./*.tar.gz
3232
rm -f ./*.tar.gz
3333
ls -la ${DIR_TMP}
3434

35-
# Generate MQ package in INSTALLATION_DIR
36-
export genmqpkg_inc32=0
37-
export genmqpkg_incadm=1
38-
export genmqpkg_incamqp=0
39-
export genmqpkg_incams=0
40-
export genmqpkg_inccbl=0
41-
export genmqpkg_inccics=0
42-
export genmqpkg_inccpp=1
43-
export genmqpkg_incdnet=0
44-
export genmqpkg_incjava=1
45-
export genmqpkg_incjre=${INSTALL_JRE}
46-
export genmqpkg_incman=0
47-
export genmqpkg_incmqbc=0
48-
export genmqpkg_incmqft=0
49-
export genmqpkg_incmqsf=0
50-
export genmqpkg_incmqxr=0
51-
export genmqpkg_incnls=0
52-
export genmqpkg_incras=1
53-
export genmqpkg_incsamp=0
54-
export genmqpkg_incsdk=0
55-
export genmqpkg_incserver=0
56-
export genmqpkg_inctls=1
57-
export genmqpkg_incunthrd=0
58-
export genmqpkg_incweb=0
59-
export INSTALLATION_DIR=/opt/mqm
60-
${DIR_TMP}/bin/genmqpkg.sh -b ${INSTALLATION_DIR}
61-
ls -la ${INSTALLATION_DIR}
62-
rm -rf ${DIR_TMP}
35+
# Check what sort of MQ package was downloaded
36+
if [ -f "${DIR_TMP}/bin/genmqpkg.sh" ]
37+
then
38+
# Generate MQ package in INSTALLATION_DIR
39+
#
40+
# Used if the downloaded package is the MQ redistributable client. Example URL:
41+
#
42+
# https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqdev/redist/9.2.0.4-IBM-MQC-Redist-LinuxX64.tar.gz
43+
#
44+
echo "Detected genmqpkg.sh; installing MQ client components"
45+
export genmqpkg_inc32=0
46+
export genmqpkg_incadm=1
47+
export genmqpkg_incamqp=0
48+
export genmqpkg_incams=0
49+
export genmqpkg_inccbl=0
50+
export genmqpkg_inccics=0
51+
export genmqpkg_inccpp=1
52+
export genmqpkg_incdnet=0
53+
export genmqpkg_incjava=1
54+
export genmqpkg_incjre=${INSTALL_JRE}
55+
export genmqpkg_incman=0
56+
export genmqpkg_incmqbc=0
57+
export genmqpkg_incmqft=0
58+
export genmqpkg_incmqsf=0
59+
export genmqpkg_incmqxr=0
60+
export genmqpkg_incnls=0
61+
export genmqpkg_incras=1
62+
export genmqpkg_incsamp=0
63+
export genmqpkg_incsdk=0
64+
export genmqpkg_incserver=0
65+
export genmqpkg_inctls=1
66+
export genmqpkg_incunthrd=0
67+
export genmqpkg_incweb=0
68+
export INSTALLATION_DIR=/opt/mqm
69+
70+
# Install requested parts
71+
${DIR_TMP}/bin/genmqpkg.sh -b ${INSTALLATION_DIR}
72+
ls -la ${INSTALLATION_DIR}
73+
74+
# Accept the MQ license
75+
${INSTALLATION_DIR}/bin/mqlicense -accept
76+
else
77+
# Check if should try install using RPM
78+
test -f /usr/bin/rpm && RPM=true || RPM=false
79+
if [ ! $RPM ]; then
80+
echo "Did not find the rpm command; cannot continue MQ client install without rpm"
81+
exit 9
82+
fi
83+
#
84+
# Used if the downloaded package is the MQ client package from FixCentral. Example URL:
85+
#
86+
# https://ak-delivery04-mul.dhe.ibm.com/sdfdl/v2/sar/CM/WS/0a3ih/0/Xa.2/Xb.jusyLTSp44S0BnrSUlhcQXsmOX33PXiMu_opTWF4XkF7jFZV8UxrP0RFSE0/Xc.CM/WS/0a3ih/0/9.2.0.4-IBM-MQC-LinuxX64.tar.gz/Xd./Xf.LPR.D1VK/Xg.11634360/Xi.habanero/XY.habanero/XZ.m7uIgNXpo_VTCGzC-hylOC79m0eKS5pi/9.2.0.4-IBM-MQC-LinuxX64.tar.gz
87+
#
88+
# Also used if the downloaded package is the full MQ developer package. Example URL:
89+
#
90+
# https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/mqadv_dev924_linux_x86-64.tar.gz
91+
#
92+
echo "Did not find genmqpkg.sh; installing MQ client components using rpm"
93+
$RPM && DIR_RPM=$(find ${DIR_TMP} -name "*.rpm" -printf "%h\n" | sort -u | head -1)
6394

64-
# Accept the MQ license
65-
${INSTALLATION_DIR}/bin/mqlicense -accept
95+
# Find location of mqlicense.sh
96+
MQLICENSE=$(find ${DIR_TMP} -name "mqlicense.sh")
97+
98+
# Accept the MQ license
99+
${MQLICENSE} -text_only -accept
100+
101+
# Install MQ using the rpm packages
102+
$RPM && cd $DIR_RPM && rpm -ivh $MQ_PACKAGES
103+
104+
# Remove tar.gz files unpacked by RPM postinst scripts
105+
find /opt/mqm -name '*.tar.gz' -delete
106+
fi
107+
108+
rm -rf ${DIR_TMP}
66109

67110
# Create the directory for MQ configuration files
68111
install --directory --mode 2775 --owner 1001 --group root /etc/mqm
69-

0 commit comments

Comments
 (0)