我无法使用来自 IBM MQ v9.0.1.0 的 Node JS v6 和 mqlight v2.0 发布和订阅 运行
I can't get AMQP publish and subscribe to run with Node JS v6 and mqlight v2.0 from IBM MQ v9.0.1.0
我正在尝试让示例片段在下面发布和订阅,我无法使用 Node JS 6 和 mqlight v2.0 运行
// Receive:
var mqlight = require('mqlight');
var recvClient = mqlight.createClient({service: 'amqp://user:user@localhost:5672'});
recvClient.on('started', function() {
recvClient.subscribe('/TEST/#','sub1');
recvClient.on('message', function(data, delivery) {
console.log(data);
});
});
// Send:
var sendClient = mqlight.createClient({service: 'amqp://user:user@localhost:5672'});
sendClient.on('started', function() {
sendClient.send('TEST');
});
i 运行 示例代码 mqlight 2.0 with node js v6
$node mqlight_sample.js
events.js:160
throw er; // Unhandled 'error' event
^
SecurityError: AMQXR0100E: A connection from 172.17.0.1 was not authorized.
at lookupError (/media/Data/mqlight/node_modules/mqlight/mqlight.js:1034:11)
at AMQPClient.<anonymous> (/media/anonim/Data/mqlight/node_modules/mqlight/mqlight.js:1925:13)
at emitOne (events.js:96:13)
at AMQPClient.emit (events.js:188:7)
at Connection.<anonymous> (/media/anonim/Data/mqlight/node_modules/amqp10/lib/amqp_client.js:388:10)
at emitOne (events.js:96:13)
at Connection.emit (events.js:188:7)
at Connection._processCloseFrame (/media/anonim/Data/mqlight/node_modules/amqp10/lib/connection.js:495:10)
at Connection._receiveAny (/media/anonim/Data/mqlight/node_modules/amqp10/lib/connection.js:423:12)
at Connection._receiveData (/media/anonim/Data/mqlight/node_modules/amqp10/lib/connection.js:357:8)
at NetTransport.<anonymous> (/media/anonim/Data/mqlight/node_modules/amqp10/lib/connection.js:515:38)
at emitOne (events.js:96:13)
at NetTransport.emit (events.js:188:7)
at Socket.<anonymous> (/media/anonim/Data/mqlight/node_modules/amqp10/lib/transport/net_transport.js:26:49)
at emitOne (events.js:96:13)
at Socket.emit (events.js:188:7)
这是来自 MQ 服务器的错误日志
# tail -100f /var/mqm/qmgrs/QM1/errors/amqp_0.log
3/31/17 19:14:44.115 AMQXR0041E: A connection was not authorized for channel SYSTEM.DEF.AMQP received from 172.17.0.1. MQRC 2035 MQRC_NOT_AUTHORIZED
3/31/17 19:14:45.142 AMQXR0041E: A connection was not authorized for channel SYSTEM.DEF.AMQP received from 172.17.0.1. MQRC 2035 MQRC_NOT_AUTHORIZED
如果 CONNAUTH 和 CHCKCLNT 需要更改为禁用,则实际上启用了 AMQP 身份验证我可以连接 Node JS 6
START SERVICE(SYSTEM.AMQP.SERVICE)
SET CHLAUTH(SYSTEM.DEF.AMQP) TYPE(BLOCKUSER) USERLIST('nobody')
SET CHLAUTH(SYSTEM.DEF.AMQP) TYPE(ADDRESSMAP) ADDRESS(*) USERSRC(CHANNEL) CHCKCLNT(REQUIRED)
REFRESH SECURITY TYPE(CONNAUTH)
START CHANNEL(SYSTEM.DEF.AMQP)
DISPLAY CHSTATUS(SYSTEM.DEF.AMQP) CHLTYPE(AMQP)
在 /var/mqm/qmgrs/QM1/errors/AMQERR01.LOG
的错误日志下方
04/02/17 07:10:16 - Process(587.6) User(mqm) Program(java)
Host(770e29171038) Installation(Installation1)
VRMF(9.0.1.0) QMgr(QM1)
AMQ5534: User ID 'user' authentication failed
EXPLANATION:
The user ID and password supplied by the 'AMQP' program could not be
authenticated.
Additional information: 'N/A'.
ACTION:
Ensure that the correct user ID and password are provided by the application.
Ensure that the authentication repository is correctly configured. Look at
previous error messages for any additional information.
----- amqzfuca.c : 4486 -------------------------------------------------------
04/02/17 07:10:16 - Process(587.6) User(mqm) Program(java)
Host(770e29171038) Installation(Installation1)
VRMF(9.0.1.0) QMgr(QM1)
AMQ5542: The failed authentication check was caused by the queue manager
CONNAUTH CHCKCLNT(REQDADM) configuration.
EXPLANATION:
The user ID 'user' and its password were checked because the queue manager
connection authority (CONNAUTH) configuration refers to an authentication
information (AUTHINFO) object named 'USE.OS' with CHCKCLNT(REQDADM).
This message accompanies a previous error to clarify the reason for the user ID
and password check.
ACTION:
Refer to the previous error for more information.
Ensure that a password is specified by the client application and that the
password is correct for the user ID. The authentication configuration of the
queue manager connection determines the user ID repository. For example, the
local operating system user database or an LDAP server.
If the CHCKCLNT setting is OPTIONAL, the authentication check can be avoided by
not passing a user ID across the channel. For example, by omitting the MQCSP
structure from the client MQCONNX API call.
To avoid the authentication check, you can amend the authentication
configuration of the queue manager connection, but you should generally not
allow unauthenticated remote access.
-------------------------------------------------------------------------------
04/02/17 07:10:17 - Process(587.6) User(mqm) Program(java)
Host(770e29171038) Installation(Installation1)
VRMF(9.0.1.0) QMgr(QM1)
AMQ5534: User ID 'user' authentication failed
EXPLANATION:
The user ID and password supplied by the 'AMQP' program could not be
authenticated.
Additional information: 'N/A'.
ACTION:
Ensure that the correct user ID and password are provided by the application.
Ensure that the authentication repository is correctly configured. Look at
previous error messages for any additional information.
----- amqzfuca.c : 4486 -------------------------------------------------------
04/02/17 07:10:17 - Process(587.6) User(mqm) Program(java)
Host(770e29171038) Installation(Installation1)
VRMF(9.0.1.0) QMgr(QM1)
AMQ5542: The failed authentication check was caused by the queue manager
CONNAUTH CHCKCLNT(REQDADM) configuration.
EXPLANATION:
The user ID 'user' and its password were checked because the queue manager
connection authority (CONNAUTH) configuration refers to an authentication
information (AUTHINFO) object named 'USE.OS' with CHCKCLNT(REQDADM).
This message accompanies a previous error to clarify the reason for the user ID
and password check.
ACTION:
Refer to the previous error for more information.
Ensure that a password is specified by the client application and that the
password is correct for the user ID. The authentication configuration of the
queue manager connection determines the user ID repository. For example, the
local operating system user database or an LDAP server.
If the CHCKCLNT setting is OPTIONAL, the authentication check can be avoided by
not passing a user ID across the channel. For example, by omitting the MQCSP
structure from the client MQCONNX API call.
To avoid the authentication check, you can amend the authentication
configuration of the queue manager connection, but you should generally not
allow unauthenticated remote access.
-------------------------------------------------------------------------------
在查看来自队列管理器的错误日志时,似乎 MQ 无法验证通过 mqlight_sample.js 程序传递到 AMQP 通道的用户。
请尝试以下两个命令并注意输出:
echo 'goodpassword' | /opt/mqm/bin/security/amqoamax user ; echo $?
echo 'badpassword' | /opt/mqm/bin/security/amqoamax user ; echo $?
OP 注意到上述命令的输出是 0 和 1。这意味着 MQ 可以使用正确的密码正确验证 UserId "user" 因为它 returns 0.
接下来请在队列管理器上创建一个正常的 SVRCONN 通道并尝试以下示例程序,这将再次排除 MQ 和 CONNAUTH 的问题。
echo 'goodpassword' | amqscnxc -x 'localhost(5672)' -c SVRCONN.CHANNEL -u user QM1; echo $?
输出结果应该是这样的:
Sample AMQSCNXC start
Connecting to queue manager QM1
using the server connection channel SVRCONN.CHANNEL
on connection name localhost(5672).
Enter password: Connection established to queue manager QM1
Sample AMQSCNXC end
0
如果失败输出应该是这样的:
Sample AMQSCNXC start
Connecting to queue manager QM1
using the server connection channel SVRCONN.CHANNEL
on connection name localhost(5672).
Enter password: MQCONNX ended with reason code 2035
243
如果上述测试也成功,请验证 mqlight_sample.js 具有与这两个测试相同的用户和密码值。
如果您发现 UserID 和密码是正确的,则可能是 amqp 程序没有正确传递密码,需要其他具有更多 AMQP 知识的人提供帮助。
更新2017-04-28
OP @dhaavhincy 发布了一个新的答案,根据 IBM 的说法,这个问题是由于 Node JS v6 中的 SASL 流被更改并且与 IBM MQ AMQP 不兼容造成的。 IBM 已提供将通过尚未发布到 Web 的 APAR IT20283 修复此问题。
更新2017-06-20
APAR IT20283 于 5 月 22 日左右发布到网上。
SASL 流程已在新的 Node JS 客户端版本中更改。 IBM AMQP 服务器当前不支持新的 SASL 流程。 AMQP 服务器认为此时它应该已经有足够的数据用于客户端用户的身份验证和授权。但是,由于新的 Node JS 客户端发生了变化,当服务器尝试对客户端进行身份验证时,所需的其余数据尚未发送。这就是日志显示仅设置了用户 'mqm' 而没有向 QMgr 提供密码的原因。从而导致授权错误 APAR IT20283
我正在尝试让示例片段在下面发布和订阅,我无法使用 Node JS 6 和 mqlight v2.0 运行
// Receive:
var mqlight = require('mqlight');
var recvClient = mqlight.createClient({service: 'amqp://user:user@localhost:5672'});
recvClient.on('started', function() {
recvClient.subscribe('/TEST/#','sub1');
recvClient.on('message', function(data, delivery) {
console.log(data);
});
});
// Send:
var sendClient = mqlight.createClient({service: 'amqp://user:user@localhost:5672'});
sendClient.on('started', function() {
sendClient.send('TEST');
});
i 运行 示例代码 mqlight 2.0 with node js v6
$node mqlight_sample.js
events.js:160
throw er; // Unhandled 'error' event
^
SecurityError: AMQXR0100E: A connection from 172.17.0.1 was not authorized.
at lookupError (/media/Data/mqlight/node_modules/mqlight/mqlight.js:1034:11)
at AMQPClient.<anonymous> (/media/anonim/Data/mqlight/node_modules/mqlight/mqlight.js:1925:13)
at emitOne (events.js:96:13)
at AMQPClient.emit (events.js:188:7)
at Connection.<anonymous> (/media/anonim/Data/mqlight/node_modules/amqp10/lib/amqp_client.js:388:10)
at emitOne (events.js:96:13)
at Connection.emit (events.js:188:7)
at Connection._processCloseFrame (/media/anonim/Data/mqlight/node_modules/amqp10/lib/connection.js:495:10)
at Connection._receiveAny (/media/anonim/Data/mqlight/node_modules/amqp10/lib/connection.js:423:12)
at Connection._receiveData (/media/anonim/Data/mqlight/node_modules/amqp10/lib/connection.js:357:8)
at NetTransport.<anonymous> (/media/anonim/Data/mqlight/node_modules/amqp10/lib/connection.js:515:38)
at emitOne (events.js:96:13)
at NetTransport.emit (events.js:188:7)
at Socket.<anonymous> (/media/anonim/Data/mqlight/node_modules/amqp10/lib/transport/net_transport.js:26:49)
at emitOne (events.js:96:13)
at Socket.emit (events.js:188:7)
这是来自 MQ 服务器的错误日志
# tail -100f /var/mqm/qmgrs/QM1/errors/amqp_0.log
3/31/17 19:14:44.115 AMQXR0041E: A connection was not authorized for channel SYSTEM.DEF.AMQP received from 172.17.0.1. MQRC 2035 MQRC_NOT_AUTHORIZED
3/31/17 19:14:45.142 AMQXR0041E: A connection was not authorized for channel SYSTEM.DEF.AMQP received from 172.17.0.1. MQRC 2035 MQRC_NOT_AUTHORIZED
如果 CONNAUTH 和 CHCKCLNT 需要更改为禁用,则实际上启用了 AMQP 身份验证我可以连接 Node JS 6
START SERVICE(SYSTEM.AMQP.SERVICE)
SET CHLAUTH(SYSTEM.DEF.AMQP) TYPE(BLOCKUSER) USERLIST('nobody')
SET CHLAUTH(SYSTEM.DEF.AMQP) TYPE(ADDRESSMAP) ADDRESS(*) USERSRC(CHANNEL) CHCKCLNT(REQUIRED)
REFRESH SECURITY TYPE(CONNAUTH)
START CHANNEL(SYSTEM.DEF.AMQP)
DISPLAY CHSTATUS(SYSTEM.DEF.AMQP) CHLTYPE(AMQP)
在 /var/mqm/qmgrs/QM1/errors/AMQERR01.LOG
的错误日志下方04/02/17 07:10:16 - Process(587.6) User(mqm) Program(java)
Host(770e29171038) Installation(Installation1)
VRMF(9.0.1.0) QMgr(QM1)
AMQ5534: User ID 'user' authentication failed
EXPLANATION:
The user ID and password supplied by the 'AMQP' program could not be
authenticated.
Additional information: 'N/A'.
ACTION:
Ensure that the correct user ID and password are provided by the application.
Ensure that the authentication repository is correctly configured. Look at
previous error messages for any additional information.
----- amqzfuca.c : 4486 -------------------------------------------------------
04/02/17 07:10:16 - Process(587.6) User(mqm) Program(java)
Host(770e29171038) Installation(Installation1)
VRMF(9.0.1.0) QMgr(QM1)
AMQ5542: The failed authentication check was caused by the queue manager
CONNAUTH CHCKCLNT(REQDADM) configuration.
EXPLANATION:
The user ID 'user' and its password were checked because the queue manager
connection authority (CONNAUTH) configuration refers to an authentication
information (AUTHINFO) object named 'USE.OS' with CHCKCLNT(REQDADM).
This message accompanies a previous error to clarify the reason for the user ID
and password check.
ACTION:
Refer to the previous error for more information.
Ensure that a password is specified by the client application and that the
password is correct for the user ID. The authentication configuration of the
queue manager connection determines the user ID repository. For example, the
local operating system user database or an LDAP server.
If the CHCKCLNT setting is OPTIONAL, the authentication check can be avoided by
not passing a user ID across the channel. For example, by omitting the MQCSP
structure from the client MQCONNX API call.
To avoid the authentication check, you can amend the authentication
configuration of the queue manager connection, but you should generally not
allow unauthenticated remote access.
-------------------------------------------------------------------------------
04/02/17 07:10:17 - Process(587.6) User(mqm) Program(java)
Host(770e29171038) Installation(Installation1)
VRMF(9.0.1.0) QMgr(QM1)
AMQ5534: User ID 'user' authentication failed
EXPLANATION:
The user ID and password supplied by the 'AMQP' program could not be
authenticated.
Additional information: 'N/A'.
ACTION:
Ensure that the correct user ID and password are provided by the application.
Ensure that the authentication repository is correctly configured. Look at
previous error messages for any additional information.
----- amqzfuca.c : 4486 -------------------------------------------------------
04/02/17 07:10:17 - Process(587.6) User(mqm) Program(java)
Host(770e29171038) Installation(Installation1)
VRMF(9.0.1.0) QMgr(QM1)
AMQ5542: The failed authentication check was caused by the queue manager
CONNAUTH CHCKCLNT(REQDADM) configuration.
EXPLANATION:
The user ID 'user' and its password were checked because the queue manager
connection authority (CONNAUTH) configuration refers to an authentication
information (AUTHINFO) object named 'USE.OS' with CHCKCLNT(REQDADM).
This message accompanies a previous error to clarify the reason for the user ID
and password check.
ACTION:
Refer to the previous error for more information.
Ensure that a password is specified by the client application and that the
password is correct for the user ID. The authentication configuration of the
queue manager connection determines the user ID repository. For example, the
local operating system user database or an LDAP server.
If the CHCKCLNT setting is OPTIONAL, the authentication check can be avoided by
not passing a user ID across the channel. For example, by omitting the MQCSP
structure from the client MQCONNX API call.
To avoid the authentication check, you can amend the authentication
configuration of the queue manager connection, but you should generally not
allow unauthenticated remote access.
-------------------------------------------------------------------------------
在查看来自队列管理器的错误日志时,似乎 MQ 无法验证通过 mqlight_sample.js 程序传递到 AMQP 通道的用户。
请尝试以下两个命令并注意输出:
echo 'goodpassword' | /opt/mqm/bin/security/amqoamax user ; echo $?
echo 'badpassword' | /opt/mqm/bin/security/amqoamax user ; echo $?
OP 注意到上述命令的输出是 0 和 1。这意味着 MQ 可以使用正确的密码正确验证 UserId "user" 因为它 returns 0.
接下来请在队列管理器上创建一个正常的 SVRCONN 通道并尝试以下示例程序,这将再次排除 MQ 和 CONNAUTH 的问题。
echo 'goodpassword' | amqscnxc -x 'localhost(5672)' -c SVRCONN.CHANNEL -u user QM1; echo $?
输出结果应该是这样的:
Sample AMQSCNXC start
Connecting to queue manager QM1
using the server connection channel SVRCONN.CHANNEL
on connection name localhost(5672).
Enter password: Connection established to queue manager QM1
Sample AMQSCNXC end
0
如果失败输出应该是这样的:
Sample AMQSCNXC start
Connecting to queue manager QM1
using the server connection channel SVRCONN.CHANNEL
on connection name localhost(5672).
Enter password: MQCONNX ended with reason code 2035
243
如果上述测试也成功,请验证 mqlight_sample.js 具有与这两个测试相同的用户和密码值。
如果您发现 UserID 和密码是正确的,则可能是 amqp 程序没有正确传递密码,需要其他具有更多 AMQP 知识的人提供帮助。
更新2017-04-28
OP @dhaavhincy 发布了一个新的答案,根据 IBM 的说法,这个问题是由于 Node JS v6 中的 SASL 流被更改并且与 IBM MQ AMQP 不兼容造成的。 IBM 已提供将通过尚未发布到 Web 的 APAR IT20283 修复此问题。
更新2017-06-20
APAR IT20283 于 5 月 22 日左右发布到网上。
SASL 流程已在新的 Node JS 客户端版本中更改。 IBM AMQP 服务器当前不支持新的 SASL 流程。 AMQP 服务器认为此时它应该已经有足够的数据用于客户端用户的身份验证和授权。但是,由于新的 Node JS 客户端发生了变化,当服务器尝试对客户端进行身份验证时,所需的其余数据尚未发送。这就是日志显示仅设置了用户 'mqm' 而没有向 QMgr 提供密码的原因。从而导致授权错误 APAR IT20283