Running IBM MQ Container Image with Custom Configuration and Creating JMS JNDI Bindings


Recently I need to test some J2EE integration work on IBM MQ. Since it is for testing purposes I run it as a container instead of the full-blown VM.

Preparing a custom QMSC file

Other than the default MQ settings, I need to use my custom queue definition and security controls. In the MQ container, this is achieved by defining a custom MQSC file and put it into the specific /etc/mqm directory.

Create the following file 80-my-test.mqsc

Define a listener on port 1414.

Define a authinfo named as my.authinfo and let the queue manager use it.

Create/re-create a channel with the default system channel name, SYSTEM.ADMIN.SVRCONN

Once the channel is defined, we set the access permission step by step. First, block all access from any IP address. Then we block the access for the channel of SYSTEM.ADMIN.SVRCONN. Lastly, we enable the user “admin” to access this channel.

Starting from version 9.1.5, the OS-based user authentication is not supported anymore. You have to use LDAP to authenticate the users other than the default available admin and app. Meantime, the container is running MQ with a specific user id 1000. In order for the admin user to access the MQ, we need to map user admin to the MQ process user id, 1000. This is what the line of mcauser(1000) does.

At the last of the authorization, we assign the admin the full admin access for any action in the resources for queue and queue manager.

With these settings, we will be able to access the MQ with MQ explorer and allow the application to connect the MQ through the admin channel.

At the end of the MQSC file, we create the local queues for the testing.

Launch of the Container

Instead of creating a new image, we can bring the custom MQSC file through a volume map. Run the container with podman,

Expose the MQ port 1414 for the external app to connect. Expose the web console access on port 9443.

Map the /mnt/mq folder for data persistence. Map the custom mqsc file into the container at /etc/mqm/80-my-test.mqsc

Set couples of the environment variables to define the queue manager’s name and to disable the default DEV queues.

Once the container is running we can use MQ Explorer to connect with the admin and password defined in MQ_ADMIN_PASSWORD. The application can be configured to connect to the MQ with the admin account for testing purposes.

JMS JNDI Bindings

The app is using file-based JNDI bindings to access the queues through JMS. We need to generate the JNDI bindings before running the app. Let's do it with the MQ container.

Create the following JMS definition file, jms.queues.txt

Create the following JNDI config file, JMSAdmin.config

Run podman cp to copy the above two files into the container.

Launch a podman exec session to the MQ container, run the following

watch the bindings file is created,

The .bindings file can be copied to external apps to perform the JNDI lookup and connections.