Merge pull request #76 from ibm-messaging/v3

V3

Author: arthurbarr

CHANGELOG.md

@@ -1,5 +1,17 @@
 # Change log
 
+## 3.0.0 (2017-06-08)
+### Action required
+* Updated to install Ubuntu `.deb` files - Any changes to the `MQ_PACKAGES` variable will now need to use the new package names (for example, "ibmmq-web" instead of "MQSeriesWeb")
+
+### Other notable changes
+* Updated to MQ V9.0.3
+* Migrated from `amqicdir` to new official `crtmqdir` utility
+* Restructured startup scripts
+* Removed fixed UID numbers for developer config
+* Use HTTPS for MQ installer download
+* Reduced image size by purging 32-bit libraries
+
 ## 2.0.0 (2017-03-11)
 ### Action required
 * Ensure that you use the `REPLACE` keyword in all of your `DEFINE` MQSC statements.  With this change, any supplied MQSC files are run *every* time the queue manager runs.  This allows you to update the MQSC file, re-build the image, and then have the changes applied when you start a container based on that new image.

Dockerfile

@@ -14,23 +14,25 @@
 
 FROM ubuntu:16.04
 
-LABEL maintainer "Arthur Barr <arthur.barr@uk.ibm.com>"
+LABEL maintainer "Arthur Barr <arthur.barr@uk.ibm.com>, Rob Parker <PARROBE@uk.ibm.com>"
 
 # The URL to download the MQ installer from in tar.gz format
-ARG MQ_URL=http://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/mqadv_dev901_linux_x86-64.tar.gz
+ARG MQ_URL=https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/mqadv_dev903_ubuntu_x86-64.tar.gz
 
 # The MQ packages to install
-ARG MQ_PACKAGES="MQSeriesRuntime-*.rpm MQSeriesServer-*.rpm MQSeriesMsg*.rpm MQSeriesJava*.rpm MQSeriesJRE*.rpm MQSeriesGSKit*.rpm MQSeriesWeb*.rpm"
+ARG MQ_PACKAGES="ibmmq-server ibmmq-java ibmmq-jre ibmmq-gskit ibmmq-web ibmmq-msg-.*"
 
 RUN export DEBIAN_FRONTEND=noninteractive \
   # Install additional packages required by MQ, this install process and the runtime scripts
   && apt-get update -y \
   && apt-get install -y --no-install-recommends \
     bash \
     bc \
+    ca-certificates \
     coreutils \
     curl \
     debianutils \
+    file \
     findutils \
     gawk \
     grep \
@@ -39,7 +41,6 @@ RUN export DEBIAN_FRONTEND=noninteractive \
     mount \
     passwd \
     procps \
-    rpm \
     sed \
     tar \
     util-linux \
@@ -52,14 +53,22 @@ RUN export DEBIAN_FRONTEND=noninteractive \
   && groupadd --gid 1000 mqm \
   && useradd --uid 1000 --gid mqm mqm \
   && usermod -G mqm root \
-  && cd /tmp/mq/MQServer \
+  && cd /tmp/mq/DebianMQServer \
   # Accept the MQ license
   && ./mqlicense.sh -text_only -accept \
-  # Install MQ using the RPM packages
-  && rpm -ivh --force-debian $MQ_PACKAGES \
+  && echo "deb [trusted=yes] file:/tmp/mq/DebianMQServer ./" > /etc/apt/sources.list.d/IBM_MQ.list \
+  # Install MQ using the DEB packages
+  && apt-get update \
+  && apt-get install -y $MQ_PACKAGES \
+  # Remove 32-bit libraries from 64-bit container
+  && find /opt/mqm /var/mqm -type f -exec file {} \; \
+    | awk -F: '/ELF 32-bit/{print $1}' | xargs --no-run-if-empty rm -f \
+  # Remove tar.gz files unpacked by RPM postinst scripts
+  && find /opt/mqm -name '*.tar.gz' -delete \
   # Recommended: Set the default MQ installation (makes the MQ commands available on the PATH)
   && /opt/mqm/bin/setmqinst -p /opt/mqm -i \
   # Clean up all the downloaded files
+  && rm -f /etc/apt/sources.list.d/IBM_MQ.list \
   && rm -rf /tmp/mq \
   # Apply any bug fixes not included in base Ubuntu or MQ image.
   # Don't upgrade everything based on Docker best practices https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#run

README.md

@@ -1,11 +1,12 @@
 # Contents
 * [Overview](#overview)
 * [Docker Hub](#docker-hub)
+* [Bluemix Container Service](#bluemix-container-service)
 * [Preparing your Docker host](#preparing-your-docker-host)
 * [Build](#build)
 * [Usage](#usage)
     * [Running with the default configuration](#running-with-the-default-configuration)
-    * [Running on Bluemix with volumes](#running-on-bluemix-with-volumes)
+    * [Running on Bluemix with volumes](#running-on-ibm-bluemix-with-volumes)
     * [Customizing the queue manager configuration](#customizing-the-queue-manager-configuration)
     * [Running MQ commands](#running-mq-commands)
     * [Installed components](#installed-components)
@@ -29,6 +30,11 @@ The image is available on Docker Hub as [`ibmcom/mq`](https://hub.docker.com/r/i
   * `cd`, `9-cd`, `9`, `latest` ([Dockerfile](https://github.com/ibm-messaging/mq-docker/blob/master/server/Dockerfile))
   * `lts`, `9-lts` ([Dockerfile](https://github.com/ibm-messaging/mq-docker/blob/mq-9-lts/Dockerfile))
   * `8` ([Dockerfile](https://github.com/ibm-messaging/mq-docker/blob/mq-8/Dockerfile))
+  
+# Bluemix Container Service
+This image is available on the Bluemix Container Service as a default image. 
+
+  * `latest` ([catalog](https://console.eu-gb.bluemix.net/catalog/images/ibm-mq?env_id=ibm:yp:eu-gb))
 
 # Preparing your Docker host
 You need to make sure that you either have a Linux kernel version of V3.16, or else you need to add the [`--ipc host`](http://docs.docker.com/reference/run/#ipc-settings) option when you run an MQ container.  The reason for this is that IBM MQ uses shared memory, and on Linux kernels prior to V3.16, containers are usually limited to 32 MB of shared memory.  In a [change](https://git.kernel.org/cgit/linux/kernel/git/mhocko/mm.git/commit/include/uapi/linux/shm.h?id=060028bac94bf60a65415d1d55a359c3a17d5c31

mq-configure-qmgr.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+# -*- mode: sh -*-
+# © Copyright IBM Corporation 2015, 2017
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Turn off script failing here because of listeners failing the script
+
+for MQSC_FILE in $(ls -v /etc/mqm/*.mqsc); do
+  runmqsc ${MQ_QMGR_NAME} < ${MQSC_FILE}
+done

mq-create-qmgr.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+# -*- mode: sh -*-
+# © Copyright IBM Corporation 2015, 2017
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -e
+
+if [ -z ${MQ_QMGR_NAME+x} ]; then
+  # no ${MQ_QMGR_NAME} supplied so set Queue Manager name as the hostname
+  # However make sure we remove any characters that are not valid.
+  echo "Hostname is: $(hostname)"
+  MQ_QMGR_NAME=`echo $(hostname) | sed 's/[^a-zA-Z0-9._%/]//g'`
+fi
+echo "Setting Queue Manager name to ${MQ_QMGR_NAME}"
+
+QMGR_EXISTS=`dspmq | grep ${MQ_QMGR_NAME} > /dev/null ; echo $?`
+
+if [ ${QMGR_EXISTS} -ne 0 ]; then
+  MQ_DEV=${MQ_DEV:-"true"}
+  if [ "${MQ_DEV}" == "true" ]; then
+    # Turns on early adopt if we're using Developer defaults
+    export AMQ_EXTRA_QM_STANZAS=Channels:ChlauthEarlyAdopt=Y
+  fi
+  crtmqm -q ${MQ_QMGR_NAME} || true
+fi

mq-dev-config.sh

@@ -19,36 +19,24 @@ set -e
 
 configure_os_user()
 {
-  # The UID of the user to configure
-  local -r ID_NUM=$1
   # The group ID of the user to configure
-  local -r GROUP_NUM=$2
+  local -r GROUP_NAME=$1
   # Name of environment variable containing the user name
-  local -r USER_VAR=$3
+  local -r USER_VAR=$2
   # Name of environment variable containing the password
-  local -r PASSWORD=$4
+  local -r PASSWORD=$3
   # Home directory for the user
-  local -r HOME=$5
+  local -r HOME=$4
   # Determine the login name of the user (assuming it exists already)
-  local -r LOGIN=$(getent passwd ${ID_NUM} | cut -f1 -d:)
-  if [ -z ${!USER_VAR+x} ]; then
-    # MQ_CLIENT_USER is unset
-    if id --user ${ID_NUM}; then
-      userdel --force --remove ${LOGIN} >/dev/null 2>&1
-    fi
-  else
-    # MQ_CLIENT_USER is set
-    if id --user ${ID_NUM}; then
-      # Modify the existing user
-      usermod -l ${!USER_VAR} ${LOGIN}
-    else
-      useradd --uid ${ID_NUM} --gid ${GROUP_NUM} --home ${HOME} ${!USER_VAR}
-    fi
-
-    # Change the user's password (if set)
-    if [ ! "${!PASSWORD}" == "" ]; then
-      echo ${!USER_VAR}:${!PASSWORD} | chpasswd
-    fi
+
+  # if user does not exist
+  if ! id ${!USER_VAR} 2>1 > /dev/null; then
+    # create
+    useradd --gid ${GROUP_NAME} --home ${HOME} ${!USER_VAR}
+  fi
+  # Change the user's password (if set)
+  if [ ! "${!PASSWORD}" == "" ]; then
+    echo ${!USER_VAR}:${!PASSWORD} | chpasswd
   fi
 }
 
@@ -89,24 +77,21 @@ configure_tls()
   # Now copy the key files
   chown mqm:mqm /tmp/tlsTemp/key.*
   chmod 640 /tmp/tlsTemp/key.*
-  su -c "cp -PTv /tmp/tlsTemp/key.kdb ${DATA_PATH}/qmgrs/$1/ssl/key.kdb" -l mqm
-  su -c "cp -PTv /tmp/tlsTemp/key.sth ${DATA_PATH}/qmgrs/$1/ssl/key.sth" -l mqm
+  su -c "cp -PTv /tmp/tlsTemp/key.kdb ${DATA_PATH}/qmgrs/${MQ_QMGR_NAME}/ssl/key.kdb" -l mqm
+  su -c "cp -PTv /tmp/tlsTemp/key.sth ${DATA_PATH}/qmgrs/${MQ_QMGR_NAME}/ssl/key.sth" -l mqm
 
   # Set up Dev default MQ objects
   # Make channel TLS CHANNEL
   # Create SSLPEERMAP Channel Authentication record
   if [ "${MQ_DEV}" == "true" ]; then
-    su -l mqm -c "echo \"ALTER CHANNEL('DEV.APP.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(TLS_RSA_WITH_AES_256_GCM_SHA384) SSLCAUTH(OPTIONAL)\" | runmqsc $1"
-    su -l mqm -c "echo \"ALTER CHANNEL('DEV.ADMIN.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(TLS_RSA_WITH_AES_256_GCM_SHA384) SSLCAUTH(OPTIONAL)\" | runmqsc $1"
+    su -l mqm -c "echo \"ALTER CHANNEL('DEV.APP.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(TLS_RSA_WITH_AES_256_GCM_SHA384) SSLCAUTH(OPTIONAL)\" | runmqsc ${MQ_QMGR_NAME}"
+    su -l mqm -c "echo \"ALTER CHANNEL('DEV.ADMIN.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(TLS_RSA_WITH_AES_256_GCM_SHA384) SSLCAUTH(OPTIONAL)\" | runmqsc ${MQ_QMGR_NAME}"
   fi
 }
 
 # Check valid parameters
 if [ ! -z ${MQ_TLS_KEYSTORE+x} ]; then
-  if [ -z ${MQ_TLS_PASSPHRASE+x} ]; then
-    echo "Error: If you supply MQ_TLS_KEYSTORE, you must supply MQ_TLS_PASSPHRASE"
-    exit 1;
-  fi
+  : ${MQ_TLS_PASSPHRASE?"Error: If you supply MQ_TLS_KEYSTORE, you must supply MQ_TLS_PASSPHRASE"}
 fi
 
 # Set default unless it is set
@@ -123,37 +108,38 @@ INSTALLATION=`dspmqver -b -f 512`
 echo "Configuring app user"
 if ! getent group mqclient; then
   # Group doesn't exist already
-  groupadd --gid 1002 mqclient
+  groupadd mqclient
 fi
-configure_os_user 1002 1002 MQ_APP_NAME MQ_APP_PASSWORD /home/app
+configure_os_user mqclient MQ_APP_NAME MQ_APP_PASSWORD /home/app
+
 # Set authorities to give access to qmgr, queues and topic
-su -l mqm -c "setmqaut -m $1 -t qmgr -g mqclient +connect +inq"
-su -l mqm -c "setmqaut -m $1 -n \"DEV.**\" -t queue -g mqclient +put +get +browse"
-su -l mqm -c "setmqaut -m $1 -n \"DEV.**\" -t topic -g mqclient +sub +pub"
+su -l mqm -c "setmqaut -m ${MQ_QMGR_NAME} -t qmgr -g mqclient +connect +inq"
+su -l mqm -c "setmqaut -m ${MQ_QMGR_NAME} -n \"DEV.**\" -t queue -g mqclient +put +get +browse"
+su -l mqm -c "setmqaut -m ${MQ_QMGR_NAME} -n \"DEV.**\" -t topic -g mqclient +sub +pub"
 
 echo "Configuring admin user"
-configure_os_user 1001 1000 MQ_ADMIN_NAME MQ_ADMIN_PASSWORD /home/admin
+configure_os_user mqm MQ_ADMIN_NAME MQ_ADMIN_PASSWORD /home/admin
 
 if [ "${MQ_DEV}" == "true" ]; then
-  echo "Configuring default objects for queue manager: $1"
+  echo "Configuring default objects for queue manager: ${MQ_QMGR_NAME}"
   set +e
-  runmqsc $1 < /etc/mqm/mq-dev-config
-  echo "ALTER CHANNEL('DEV.APP.SVRCONN') CHLTYPE(SVRCONN) MCAUSER('${MQ_APP_NAME}')" | runmqsc $1
+  runmqsc ${MQ_QMGR_NAME} < /etc/mqm/mq-dev-config
+  echo "ALTER CHANNEL('DEV.APP.SVRCONN') CHLTYPE(SVRCONN) MCAUSER('${MQ_APP_NAME}')" | runmqsc ${MQ_QMGR_NAME}
 
   # If client password set to "" allow users to connect to application channel without a userid
   if [ "${MQ_APP_PASSWORD}" == "" ]; then
-    echo "SET CHLAUTH('DEV.APP.SVRCONN') TYPE(ADDRESSMAP) ADDRESS('*') USERSRC(CHANNEL) CHCKCLNT(ASQMGR) ACTION(REPLACE)" | runmqsc $1
+    echo "SET CHLAUTH('DEV.APP.SVRCONN') TYPE(ADDRESSMAP) ADDRESS('*') USERSRC(CHANNEL) CHCKCLNT(ASQMGR) ACTION(REPLACE)" | runmqsc ${MQ_QMGR_NAME}
   fi
   set -e
 fi
 
 if [ ! -z ${MQ_TLS_KEYSTORE+x} ]; then
-  if [ ! -e "${DATA_PATH}/qmgrs/$1/ssl/key.kdb" ]; then
-    echo "Configuring TLS for queue manager $1"
+  if [ ! -e "${DATA_PATH}/qmgrs/${MQ_QMGR_NAME}/ssl/key.kdb" ]; then
+    echo "Configuring TLS for queue manager ${MQ_QMGR_NAME}"
     mkdir -p /tmp/tlsTemp
     chown mqm:mqm /tmp/tlsTemp
-    configure_tls $1
+    configure_tls
   else
-    echo "A key store already exists at '${DATA_PATH}/qmgrs/$1/ssl/key.kdb'"
+    echo "A key store already exists at '${DATA_PATH}/qmgrs/${MQ_QMGR_NAME}/ssl/key.kdb'"
   fi
 fi

mq-monitor-qmgr.sh

@@ -0,0 +1,52 @@
+#!/bin/bash
+# -*- mode: sh -*-
+# © Copyright IBM Corporation 2015, 2017
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -e
+
+MQ_QMGR_NAME=$1
+
+state()
+{
+  dspmq -n -m ${MQ_QMGR_NAME} | awk -F '[()]' '{ print $4 }'
+}
+
+trap "source mq-stop-container.sh" SIGTERM SIGINT
+
+echo "Monitoring Queue Manager ${MQ_QMGR_NAME}"
+
+# Loop until "dspmq" says the queue manager is running
+until [ "`state`" == "RUNNING" ]; do
+  sleep 1
+done
+dspmq
+
+echo "IBM MQ Queue Manager ${MQ_QMGR_NAME} is now fully running"
+
+# Loop until "dspmq" says the queue manager is not running any more
+until [ "`state`" != "RUNNING" ]; do
+  sleep 5
+done
+
+# Wait until queue manager has ended before exiting
+while true; do
+  STATE=`state`
+  case "$STATE" in
+    ENDED*) break;;
+    *) ;;
+  esac
+  sleep 1
+done
+dspmq

mq-parameter-check.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+# -*- mode: sh -*-
+# © Copyright IBM Corporation 2015, 2017
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -e
+
+# We want to do parameter checking early as then we can stop and error early before it looks
+# like everything is going to be ok (when it won't)
+if [ ! -z ${MQ_TLS_KEYSTORE+x} ]; then
+  : ${MQ_TLS_PASSPHRASE?"Error: If you supply MQ_TLS_KEYSTORE, you must supply MQ_TLS_PASSPHRASE"}
+fi

mq-pre-create-setup.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+# -*- mode: sh -*-
+# © Copyright IBM Corporation 2015, 2017
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -e
+
+source /opt/mqm/bin/setmqenv -s
+dspmqver
+echo "Checking filesystem..."
+amqmfsck /var/mqm