我无法获取AMQP发布和订阅,从IBM MQ v9.0.1.0开始使用Node JS v6和mqlight v2.0运行
我想获得下面的示例片段发布和订阅,我不能让它与节点JS 6和mqlight v2.0运行
https://www.npmjs.com/package/mqlight?cm_mc_uid=47189062138014548006442&cm_mc_sid_50200000=1490060435
// Receive: var mqlight = require('mqlight'); var recvClient = mqlight.createClient({service: 'amqp://user:user@localhost:5672'}); recvClient.on('started', function() { recvClient.subscribe('/TEST/#','sub1'); recvClient.on('message', function(data, delivery) { console.log(data); }); }); // Send: var sendClient = mqlight.createClient({service: 'amqp://user:user@localhost:5672'}); sendClient.on('started', function() { sendClient.send('TEST'); }); 我使用节点js v6运行示例代码mqlight 2.0
$node mqlight_sample.js events.js:160 throw er; // Unhandled 'error' event ^ SecurityError: AMQXR0100E: A connection from 172.17.0.1 was not authorized. at lookupError (/media/Data/mqlight/node_modules/mqlight/mqlight.js:1034:11) at AMQPClient.<anonymous> (/media/anonim/Data/mqlight/node_modules/mqlight/mqlight.js:1925:13) at emitOne (events.js:96:13) at AMQPClient.emit (events.js:188:7) at Connection.<anonymous> (/media/anonim/Data/mqlight/node_modules/amqp10/lib/amqp_client.js:388:10) at emitOne (events.js:96:13) at Connection.emit (events.js:188:7) at Connection._processCloseFrame (/media/anonim/Data/mqlight/node_modules/amqp10/lib/connection.js:495:10) at Connection._receiveAny (/media/anonim/Data/mqlight/node_modules/amqp10/lib/connection.js:423:12) at Connection._receiveData (/media/anonim/Data/mqlight/node_modules/amqp10/lib/connection.js:357:8) at NetTransport.<anonymous> (/media/anonim/Data/mqlight/node_modules/amqp10/lib/connection.js:515:38) at emitOne (events.js:96:13) at NetTransport.emit (events.js:188:7) at Socket.<anonymous> (/media/anonim/Data/mqlight/node_modules/amqp10/lib/transport/net_transport.js:26:49) at emitOne (events.js:96:13) at Socket.emit (events.js:188:7)
MQ Server的这一个错误日志
# tail -100f /var/mqm/qmgrs/QM1/errors/amqp_0.log 3/31/17 19:14:44.115 AMQXR0041E: A connection was not authorized for channel SYSTEM.DEF.AMQP received from 172.17.0.1. MQRC 2035 MQRC_NOT_AUTHORIZED 3/31/17 19:14:45.142 AMQXR0041E: A connection was not authorized for channel SYSTEM.DEF.AMQP received from 172.17.0.1. MQRC 2035 MQRC_NOT_AUTHORIZED
如果CONNAUTH和CHCKCLNT需要更改为禁用,则启用AMQP实际身份validation我可以连接到节点JS 6
START SERVICE(SYSTEM.AMQP.SERVICE) SET CHLAUTH(SYSTEM.DEF.AMQP) TYPE(BLOCKUSER) USERLIST('nobody') SET CHLAUTH(SYSTEM.DEF.AMQP) TYPE(ADDRESSMAP) ADDRESS(*) USERSRC(CHANNEL) CHCKCLNT(REQUIRED) REFRESH SECURITY TYPE(CONNAUTH) START CHANNEL(SYSTEM.DEF.AMQP) DISPLAY CHSTATUS(SYSTEM.DEF.AMQP) CHLTYPE(AMQP)
在/var/mqm/qmgrs/QM1/errors/AMQERR01.LOG错误日志的下面
04/02/17 07:10:16 - Process(587.6) User(mqm) Program(java) Host(770e29171038) Installation(Installation1) VRMF(9.0.1.0) QMgr(QM1) AMQ5534: User ID 'user' authentication failed EXPLANATION: The user ID and password supplied by the 'AMQP' program could not be authenticated. Additional information: 'N/A'. ACTION: Ensure that the correct user ID and password are provided by the application. Ensure that the authentication repository is correctly configured. Look at previous error messages for any additional information. ----- amqzfuca.c : 4486 ------------------------------------------------------- 04/02/17 07:10:16 - Process(587.6) User(mqm) Program(java) Host(770e29171038) Installation(Installation1) VRMF(9.0.1.0) QMgr(QM1) AMQ5542: The failed authentication check was caused by the queue manager CONNAUTH CHCKCLNT(REQDADM) configuration. EXPLANATION: The user ID 'user' and its password were checked because the queue manager connection authority (CONNAUTH) configuration refers to an authentication information (AUTHINFO) object named 'USE.OS' with CHCKCLNT(REQDADM). This message accompanies a previous error to clarify the reason for the user ID and password check. ACTION: Refer to the previous error for more information. Ensure that a password is specified by the client application and that the password is correct for the user ID. The authentication configuration of the queue manager connection determines the user ID repository. For example, the local operating system user database or an LDAP server. If the CHCKCLNT setting is OPTIONAL, the authentication check can be avoided by not passing a user ID across the channel. For example, by omitting the MQCSP structure from the client MQCONNX API call. To avoid the authentication check, you can amend the authentication configuration of the queue manager connection, but you should generally not allow unauthenticated remote access. ------------------------------------------------------------------------------- 04/02/17 07:10:17 - Process(587.6) User(mqm) Program(java) Host(770e29171038) Installation(Installation1) VRMF(9.0.1.0) QMgr(QM1) AMQ5534: User ID 'user' authentication failed EXPLANATION: The user ID and password supplied by the 'AMQP' program could not be authenticated. Additional information: 'N/A'. ACTION: Ensure that the correct user ID and password are provided by the application. Ensure that the authentication repository is correctly configured. Look at previous error messages for any additional information. ----- amqzfuca.c : 4486 ------------------------------------------------------- 04/02/17 07:10:17 - Process(587.6) User(mqm) Program(java) Host(770e29171038) Installation(Installation1) VRMF(9.0.1.0) QMgr(QM1) AMQ5542: The failed authentication check was caused by the queue manager CONNAUTH CHCKCLNT(REQDADM) configuration. EXPLANATION: The user ID 'user' and its password were checked because the queue manager connection authority (CONNAUTH) configuration refers to an authentication information (AUTHINFO) object named 'USE.OS' with CHCKCLNT(REQDADM). This message accompanies a previous error to clarify the reason for the user ID and password check. ACTION: Refer to the previous error for more information. Ensure that a password is specified by the client application and that the password is correct for the user ID. The authentication configuration of the queue manager connection determines the user ID repository. For example, the local operating system user database or an LDAP server. If the CHCKCLNT setting is OPTIONAL, the authentication check can be avoided by not passing a user ID across the channel. For example, by omitting the MQCSP structure from the client MQCONNX API call. To avoid the authentication check, you can amend the authentication configuration of the queue manager connection, but you should generally not allow unauthenticated remote access. -------------------------------------------------------------------------------
在新的节点JS客户端版本中,SASLstream程已被更改。 IBM AMQP服务器当前不支持新的SASLstream程。 AMQP服务器认为此时应该已经有足够的数据用于客户端用户的authentication和授权。 但是,由于新的Node JS客户端的更改,当服务器尝试对客户端进行身份validation时,所需数据的其余部分尚未发送。 这就是为什么日志显示只有用户“mqm”已经设置,没有密码提供给QMgr。 从而导致授权错误APAR IT20283
在查看来自队列pipe理器的错误日志时,看起来MQ不能通过mqlight_sample.js程序来validation传递给AMQP通道的用户。
请尝试以下两个命令并记下输出:
echo 'goodpassword' | /opt/mqm/bin/security/amqoamax user ; echo $? echo 'badpassword' | /opt/mqm/bin/security/amqoamax user ; echo $?
OP注意到上述命令的输出是0和1。 这意味着MQ可以使用正确的密码正确validationUserId“user”,因为它返回0。
接下来,请在队列pipe理器上创build一个正常的SVRCONN通道,并尝试下面的示例程序,这将再次排除MQ和CONNAUTH是一个问题。
echo 'goodpassword' | amqscnxc -x 'localhost(5672)' -c SVRCONN.CHANNEL -u user QM1; echo $?
输出如果好,应该是这样的:
Sample AMQSCNXC start Connecting to queue manager QM1 using the server connection channel SVRCONN.CHANNEL on connection name localhost(5672). Enter password: Connection established to queue manager QM1 Sample AMQSCNXC end 0
如果输出失败应该是这样的:
Sample AMQSCNXC start Connecting to queue manager QM1 using the server connection channel SVRCONN.CHANNEL on connection name localhost(5672). Enter password: MQCONNX ended with reason code 2035 243
如果上述testing也是成功的,那么请validationmqlight_sample.js具有与两个testing一起使用的相同的用户和良好口令值。
如果你发现用户名和密码是正确的,那么看起来amqp程序没有正确地传递密码,而具有更多AMQP知识的其他人则需要帮助。
更新2017-04-28
OP @dhaavhincy发布了一个新的答案,即每个IBM的问题是由于Node JS v6中的SASLstream被更改并与IBM MQ AMQP不兼容导致的。 IBM已经规定,这将通过尚未发布到networking上的APAR IT20283进行修复。
更新2017-06-20
APAR IT20283于5月22日左右在网上发布。