How to connect to IBM MQ in Python with CCDT file, userid and password

Question

I am able to connect to TDE MQ using CCDT file with User id and password in Java. I am unable to do that in Python.

In Python I have set the environment variable for MQCHLLIB and MQCHLTAB, but when I try to connect using pymqi.connect, I am getting MQRC 2538. My code is as below

import pymqi
import os

os.environ['MQCHLLIB']='/root/pythonmq/'
os.environ['MQCHLTAB']='APPTDECH.TAB'

queue_manager = 'QM_APP'
user = "******" 
password = "*****"

qmgr = pymqi.connect(queue_manager, pymqi.CD(),None, user, password )

print('Connected')

qmgr.disconnect()

The exception is :

pymqi.MQMIError: MQI Error. Comp: 2, Reason 2538: FAILED: MQRC_HOST_NOT_AVAILABLE.

Please let me know if anybody know how can I make this happen.

Thanks Josh!..You are right.I have done changes but getting the same error. There is one more step to update channel definition. I am working on that. — SwapnilPuri, Oct 19 '18 at 19:52
Which version of pymqi are you using? Even the latest version 1.8.0 will not work with `mqccred` exit unless you specify the `Force=TRUE` option in the `mqccred.ini` file. The following issue has been fixed but is not in a release yet: [The MQCSP structure is sent even if no user or password is passed to connectWithOptions #71](https://github.com/dsuch/pymqi/issues/71) — JoshMc, Oct 20 '18 at 00:12
I am using pymqi version 1.8. I have the value "Force=True", but I am still getting the same error. As mentioned in the blog post link below, I guess I need to update CLNTCONN channel definition to have the SCYEXIT('mqccred(ChlExit)') attribute. — SwapnilPuri, Oct 20 '18 at 20:55
That is correct you can't use a client security exit without specifying it in the CCDT or programmatically. Is there a reason that you want to use a CCDT over specifying connection details via the pymqi connect calls directly? — JoshMc, Oct 21 '18 at 00:43
Yes! In ourcompany this is how we are suppose to connect to TDE MQ. The MQteam gives CCDT file, user ID and password. We are able to connect from Java and Camel Spring DSL using all the three things. — SwapnilPuri, Oct 21 '18 at 02:42
It is MQ on the cloud, you connect it using CCDT file, channel definition is encrypted in CCDT file. It is more secure and scalable. — SwapnilPuri, Oct 21 '18 at 14:46
There is nothing encrypted about the CCDT. The mq client 8 or higher comes with runmqsc. You can use this to display all the values in the CCDT and you are able to modify it. Specifying values in CCDT or programmatically is no different from a security point of view. — JoshMc, Oct 21 '18 at 15:51
Thanks for letting me know!! I was unaware of this. I am trying to execute the runmqsc utility to execute the second step mentioned above, but so far unable to do that. I am struggling with finding right mqsc command. I will again resume on it as first thing on Monday morning. — SwapnilPuri, Oct 22 '18 at 02:11
You must set MQCHLLIB and MQCHLTAB env variables to point at the CCDT you want to work with then run `runmqsc -n`. Commands are like `DIS CHL(*) ALL` or `ALTER CHL(CHL_NAME) CHLTYPE(CLNTCONN) SCYEXIT('mqccred(ChlExit)')`. Once you display it you can use the same values direct in Python. — JoshMc, Oct 22 '18 at 02:21
Tried! Didn't work. I get Reason 2540: FAILED: MQRC_UNKNOWN_CHANNEL_NAME. But I can see the channel exist. — SwapnilPuri, Oct 22 '18 at 04:34
Did you put a real channel name or did you just paste what I put which had a example name of `CHL_NAME`? MQCCSID should have nothing to do with the errors you are getting at this point. Look at the `/var/mqm/errors/AMQERR01.LOG` on the client to see what error is produced when you get the 2059. If you have access to the queue manager check under `/var/mqm/qmgrs/QMGR_NAME/errors/AMQERR01.LOG` to see what it shows, if not ask your MQ Admin. — JoshMc, Oct 22 '18 at 04:43

score 2 · Accepted Answer · answered Oct 19 '18 at 10:31

2

In order to use the CCDT, you have to use the version of pymqi.connect that doesn't specify channel stuff (e.g. pymqi.CD()), e.g.

qmgr = pymqi.connect(queue_manager)

However, then you don't have any parameters to put the user and password into.

In short, the Python interface doesn't have all the combinations you need.

IBM MQ supplied an exit called mqccred which can substitute in the credentials for you, for applications that either can't be changed, or in your case don't have the ability to, pass a user id and password.

Further Reading

answered Oct 19 '18 at 10:31

Morag Hughson

7,255
15
44

Hi Morag! Thanks for answer. I am working on the second part " invoke the channel exit by updating your CLNTCONN channel definition to have the SCYEXIT('mqccred(ChlExit)') attribute.". I am assuming that this to be done on the client side. – SwapnilPuri Oct 19 '18 at 20:44
That is to be done wherever you create your CCDT. The CLNTCONN definition is in the CCDT. You can certainly edit it on the client side using `runmqsc -n`. Also, in case it is not obvious, the exit and it's configuration is all done on the client side. – Morag Hughson Oct 21 '18 at 19:23
Thanks!! How to give reference to CCDT after running runmqsc -n? Sorry for asking too many questions! – SwapnilPuri Oct 22 '18 at 02:13
I have already set the environment variables. MQCHLLIB, MQCHLTAB and MQCCRED. – SwapnilPuri Oct 22 '18 at 02:26
I was able to edit by running runmqrc. The command executed successfully. Now MQRC code has changed to 2059. pymqi.MQMIError: MQI Error. Comp: 2, Reason 2059: FAILED: MQRC_Q_MGR_NOT_AVAILABLE. – SwapnilPuri Oct 22 '18 at 03:07
I will resume working on this. Please let me know if you have any idea on reolsving MQRC 2059. I have set the MQCCSID to what Java application is already setting. – SwapnilPuri Oct 22 '18 at 03:08
Look in the client error log, probably a problem with the exit. You don't say what you have done to set up the exit, so I can't tell what you might have done wrong. – Morag Hughson Oct 22 '18 at 10:44

How to connect to IBM MQ in Python with CCDT file, userid and password

1 Answers1