1

我们正在 linux 上设置客户端应用程序以连接到 IBM i(旧名称 - iSeries/AS400)上的远程 mq。

  • ppc64le 服务器上的 linux 上的 mq 客户端
  • IBM i(旧名称 iSeries)上的 mq 管理器、通道和队列
  • 蟒蛇3.7.3

首先pymqi.connect是失败并出现错误2393: MQRC_SSL_INITIALIZATION_ERROR

这是2393错误描述:

AMQ9641E: Remote CipherSpec error for channel 'SVRCHLSSL256' to host 'remote IBM I host here'
(10.239.53.242)(1414)'.

EXPLANATION:
The remote end of channel 'SVRCHLSSL256' on host 'remote IBM I host here'
(1414)' has indicated a CipherSpec error 'SSLCIPH(' ') ->
SSLCIPH(????)'. The channel did not start.
ACTION:
Check that the CipherSpec values specified on the SVRCHLSSL256 channel
definition on both the local and remote system match. If necessary, review the
queue manager error logs on the remote system to discover more information
about the CipherSpec error. When using the the 'ANY' type CipherSpecs, check
that the Client CipherSpec value would meet the requirements of the
SVRCHLSSL256 channel definition CipherSpec requirements. If the client is set
to use the 'ANY' type CipherSpecs then the TLS handshake may use a higher
protocol than is allowed by the SVRCHLSSL256 channel definition CipherSpec.

我们通过在文件中添加以下内容来修复它/var/mqm/mqclient.ini

SSL:
   AllowedCipherSpecs=ANY_TLS12_OR_HIGHER

但现在pymqi.connect因错误而失败2059: MQRC_Q_MGR_NOT_AVAILABLE。MQ 管理器和通道都在 IBM i 上启动和运行。所以不知道为什么我会收到错误?感谢您帮助解决此问题。

这是我的代码片段:

queue_manager = 'quename here' 
channel = 'channel name here' 
host ='remote host-name here'
port = '1414'
conn_info = '%s(%s)' % (host, port)
user = 'user id here'
password = 'my pwd here'
ssl_cipher_spec = 'TLS_RSA_WITH_AES_256_CBC_SHA256'
key_repo_location = '/var/mqm/qmgrs/QM1/ssl'

cd = pymqi.CD()
cd.ChannelName = channel.encode()
cd.ConnectionName = conn_info.encode()
cd.ChannelType = pymqi.CMQC.MQCHT_CLNTCONN
cd.TransportType = pymqi.CMQC.MQXPT_TCP
cd.SSLCipherSpec = ssl_cipher_spec.encode()

sco = pymqi.SCO()
sco.KeyRepository = key_repo_location

_MQmgr = pymqi.QueueManager(None)
_MQmgr.connect_with_options(queue_manager, cd=cd, sco=sco, user=user, password=password)

旧代码

queue_manager = 'quename here' 
channel = 'channel name here' 
host ='remote host-name here'
port = '1414'
conn_info = '%s(%s)' % (host, port)
user = 'user id here'
password = 'my pwd here'
_MQmgr = pymqi.connect(queue_manager, channel, conn_info, user, password)

有关错误消息的更多详细信息:

Traceback (most recent call last):
  File "/opt/class-python/'host-name here'/app/routing/src/main.py", line 61, in <module>
    qmgr = get_MQmanager()
  File "/opt/class-python/'host-name here'/utility/classMQ.py", line 49, in get_MQmanager
    _MQmgr = pymqi.connect(queue_manager, channel, conn_info, user, password)
  File "/opt/class-python/python-venv/'host-name here'/env3.6/lib64/python3.6/site-packages/pymqi/__init__.py", line 3024, in connect
    qmgr.connect_tcp_client(queue_manager or '', CD(), channel, conn_info, user, password)
  File "/opt/class-python/python-venv/'host-name here'/env3.6/lib64/python3.6/site-packages/pymqi/__init__.py", line 1649, in connect_tcp_client
    self.connect_with_options(name, **kwargs)
  File "/opt/class-python/python-venv/'host-name here'/env3.6/lib64/python3.6/site-packages/pymqi/__init__.py", line 1624, in connect_with_options
    raise MQMIError(rv[1], rv[2])
pymqi.MQMIError: MQI Error. Comp: 2, Reason 2059: FAILED: MQRC_Q_MGR_NOT_AVAILABLE

这是 2059 错误描述:

10/27/2020 01:38:42 PM - Process(16087.1) User(classpy) Program(python)
                    Host('linux host-name here') Installation(Installation1)
                    VRMF(9.2.0.0)
                    Time(2020-10-27T18:38:42.796Z)
                    ArithInsert1(1073766407)
                    CommentInsert1(xcsGetRandomBytes)

AMQ9546E: Error return code received.

EXPLANATION:
The program has ended because return code 1073766407 was returned from function
xcsGetRandomBytes
ACTION:
Correct the cause of the failure and retry the operation.
----- amqrmssa.c : 514 --------------------------------------------------------

这是 SVRCONN 定义

Channel name . . . . . . . . . :   SVRCHLSSL256                      
Message Queue Manager name . . :   APPSVRDEV                                                                                   
Channel type . . . . . . . . . :   *SVRCN                            
Transport type . . . . . . . . :   *TCP                              
Text 'description' . . . . . . :   SSL Server Conn Channel - SHA256  
Maximum message length . . . . :   20480000                          
Heartbeat interval . . . . . . :   300                               
Last alter date  . . . . . . . :   2019-09-28                        
Last alter time  . . . . . . . :   08.33.15                          
SSL CipherSpec . . . . . . . . :   *TLS_RSA_WITH_AES_256_CBC_SHA256  
SSL client authentication  . . :   *OPTIONAL
4

1 回答 1

2

正如所有评论所暗示的,您的 python 代码缺少 TLS 设置。您应该使用 connect_with_options 进行连接。

请参阅 pymqi 示例 - https://dsuch.github.io/pymqi/examples.html#how-to-use-ssl-tls

从上面的链接复制的代码(也有解释)

import logging

import pymqi

logging.basicConfig(level=logging.INFO)

queue_manager = 'QM1'
channel = 'SSL.SVRCONN.1'
host = '127.0.0.1'
port = '1414'
queue_name = 'TEST.1'
conn_info = '%s(%s)' % (host, port)
ssl_cipher_spec = 'TLS_RSA_WITH_AES_256_CBC_SHA'
key_repo_location = '/var/mqm/ssl-db/client/KeyringClient'
message = 'Hello from Python!'

cd = pymqi.CD()
cd.ChannelName = channel
cd.ConnectionName = conn_info
cd.ChannelType = pymqi.CMQC.MQCHT_CLNTCONN
cd.TransportType = pymqi.CMQC.MQXPT_TCP
cd.SSLCipherSpec = ssl_cipher_spec

sco = pymqi.SCO()
sco.KeyRepository = key_repo_location

qmgr = pymqi.QueueManager(None)
qmgr.connect_with_options(queue_manager, cd, sco)

...
于 2020-10-29T10:37:15.087 回答