search

kimptoc / ibmmq-with-ssl-test

3 stars 0 forks source link

AMQ7097: You gave an authorization specification that is not valid #1

Open nordleuchte opened 7 years ago

nordleuchte commented 7 years ago

Thanks for providing this! Unfortunately, I'm unable to get this to run. Setting up the mq-with-ssl container fails with error "AMQ7097: You gave an authorization specification that is not valid." when executing the command "su -l mqm -c "setmqaut -m $1 -t qmgr -g mqclient +connect +inq". I have no idea what is going wrong.

kimptoc commented 7 years ago

Hi @mcfly83 thanks for the feedback.

What command/platform/versions are you running on?

Works on my Mac (OSX 10.11.6) :), with Docker 17.0.3.1.

Running this command

$ docker-compose up ibmmq mqclient | tee ibmmq.log

Log file is here: https://gist.github.com/kimptoc/02be067e0f7705d3a4792a6db3a3ce28

The mqaut command seems to be working fine.

I did make one change - making file mq-with-ssl/mq-dev-config.sh executable.

Cheers, Chris

nordleuchte commented 7 years ago

Thank you for your response!

I'm using Docker 17.03.0-ce on CentOS 7.3.1611

Running docker-compose up ibmmq mqclient > mqlog.txt I get the following output mqlog.txt

I had to hardcode the path to my keystore into docker-compose.yml, because for some reason it did not recognize my certs_mount variable. But that shouldn't be the reason for the AMQ7097 error.

kimptoc commented 7 years ago

Are you providing your own keystore, rather than letting it create one?

I think the shell script checks for an existing keystore and if there, assumes its valid/configured with mq.

Suggest you try to mount a different/empty directory and let it create the keystore files itself. You can then use these to connect via your client (or run the mqclient test)

nordleuchte commented 7 years ago

I provided a keystore following the instructions at ibm-messaging/mq-docker.

After some further tests I don't think the keystore itself is the source of the problem. I commented out the three lines with setmqaut commands and was able to start up the mq-with-ssl container (without docker-compose) using my keystore.

A simple connection test from my remote client did also work (using SSL).