Not able to login to IBM MQ console

[bkoti-optum]

I was able to install ibm mq using helm charts on GKE. Console came up using External IP but not able to login . Tried app/passw0rd but didnt work

[arthurbarr]

From MQ 9.3.4, there's no default password in the MQ Advanced for Developers container. You need to set the password:

1. In MQ 9.3.4 or 9.3.5 you need to use the MQ_APP_PASSWORD environment variable
2. From MQ 9.4.0, you should use a Secret: https://github.com/ibm-messaging/mq-container/blob/master/docs/developer-config.md#using-secrets-to-set-passwords-for-app--admin-users

[bkoti-optum]

Once deployed in GKE, how do we set environment variable MQ_APP_PASSWORD ? where should we configure it ? How shall pod accept environment variable ? When pod restarts ,how can it retain the variable ? what is IBM MQ version installed on GKE via helm chart ?

[bkoti-optum]

How can i send or receive message on Queue on IBM MQ installed via helm chart on GKE ? The samples folder does not have proper documentation

[arthurbarr]

This chart allows you to set environment variables by setting the queueManager.envVariables in the Helm chart's values. You can see that these values get mapped into the Pod's environment variables here. The setting will be on the StatefulSet, so the StatefulSet will re-create the Pod with those environment variables if the Pod were deleted.

The sample Helm chart in this repo deploys an unsupported MQ Advanced for Developers image, as defined by the image.tag value. See here. At the time of writing, the sample Helm chart version 9.0.0 deploys IBM MQ 9.3.5.0-r1.

[bkoti-optum]

Thanks @arthurbarr . I was able to configure MQ_APP_PASSWORD and MQ_ADMIN_PASSWORD variables on values.yaml .

When i login to console using app user , I got 403. Is it expected ?

I was able to login successfully using admin user .

For 9.4 version, can i create secret via kubectl or it has to via docker/podman ?

[arthurbarr]

The app user is not in a group for the web console, but is instead authorized for the REST APIs (as I think makes sense for an "application"). See https://github.com/ibm-messaging/mq-container/blob/034f9276bb78de4afd94ef54efdd0a7a80d188e6/incubating/mqadvanced-server-dev/web/installations/Installation1/servers/mqweb/mqwebcontainer.xml.dev#L31

The secret is a "file" on the filesystem. Podman by default uses the location /run/secrets, so that's what the MQ container users. So you can mount a file containing jus the password to one of the following:

• /run/secrets/mqAppPassword
• /run/secrets/mqAdminPassword

See https://github.com/ibm-messaging/mq-container/blob/034f9276bb78de4afd94ef54efdd0a7a80d188e6/authservice/mqsimpleauth/src/simpleauth.h#L23