Administer MQIPT by using the command line
We can use the mqiptAdmin command on the command line to administer MQIPT.
We can use the mqiptAdmin command to perform the following administrative functions:- List active local instances of MQIPT.
- Refresh an instance of MQIPT after you make changes to the configuration file.
- Stop an instance of MQIPT.
The mqiptAdmin command is located in the bin subdirectory of the MQIPT installation directory. The mqiptAdmin command connects to the active instance of MQIPT to administer using one of the following methods:
- by making a network connection to a command port.
- by connecting to a local instance of MQIPT without using the command port.
The mqiptAdmin command is compatible with previous versions of MQIPT, but we cannot use the command to administer versions of MQIPT that are a higher version than the version of the mqiptAdmin command. In an environment that includes different versions of MQIPT, we must use the latest version of the mqiptAdmin command.
For more information about the syntax of the mqiptAdmin command, see mqiptAdmin (administer MQIPT).
Local administration without a command port
From Version 9.2.0, local instances of MQIPT can be administered without using a command port. Local administration allows you to administer MQIPT by using the mqiptAdmin command only when it is run on the same system as the MQIPT instance that we want to administer.
In order for mqiptAdmin to be authorized to administer a local instance of MQIPT without using the command port, the MQIPT instance must be running on the same system and under the same user ID as mqiptAdmin. Alternatively, on UNIX and Linux, mqiptAdmin can be run as root.
Local administration is enabled by default. To disable local administration, use the LocalAdmin configuration property. For more information about the LocalAdmin property, see LocalAdmin.
To administer local instances of MQIPT, we must give each instance a name. We can assign a name to an instance of MQIPT by using the -n parameter when starting MQIPT with the mqipt command. If we do not specify a name when starting MQIPT, the name of the home directory is used as the name of the MQIPT instance. For example, the following command starts MQIPT and assigns the name ipt1 to the instance:mqipt /opt/mqipt1 -n ipt1Once the instance has a name, we can administer that instance by specifying the name in the mqiptAdmin command with the -n parameter. For example, the following command stops the local instance of MQIPT with the name ipt1:
mqiptAdmin -stop -n ipt1We can list all local active instance of MQIPT that the mqiptAdmin command is authorized to administer without using a command port by using the mqiptAdmin command with the -list parameter. For example, the following command lists all local active instances of MQIPT that the user that started the mqiptAdmin command is authorized to administer:
mqiptAdmin -list
Administration using a command port
From Version 9.2.0, we can configure MQIPT with one command port that is unsecured and one command port that is secured with TLS. We can use these command ports to administer MQIPT as any user that is on the same system as the MQIPT instance that we want to administer, or from a remote system.
Previous versions of MQIPT only accepted administrative commands issued to the unsecured command port.Note: Connections to the unsecured command port are not encrypted, therefore data sent over the network to the unsecured command port, including the MQIPT access password, can be visible to other users on the network.In order for MQIPT to listen on a command port for commands issued by the mqiptAdmin command, a value must specified for either the CommandPort or SSLCommandPort properties in the global section of the mqipt.conf configuration file.
Review the security considerations in Other security considerations before enabling either of the MQIPT command ports. Consider enabling authentication for commands received by the command ports. For more information about command port authentication, see Command port authentication.
To administer an instance of MQIPT using a command port, specify the network address of the host where MQIPT is running, and the command port number, as parameters to the mqiptAdmin command. For example, to refresh the MQIPT instance that is running on mqipt.example.com, and has the unsecured command port configured to listen on port 1890, issue the following command:mqiptAdmin -refresh -r mqipt.example.com:1890If we do not specify the host name and port number, mqiptAdmin attempts to connect to localhost, port 1881.
For more information about administering MQIPT by using the TLS command port, see Administer MQIPT using the TLS command port.
- Administer MQIPT using the TLS command port
From Version 9.2.0, MQIPT can be configured to use a TLS command port to listen for administrative commands issued by the mqiptAdmin command. Using the TLS command port protects sensitive data such as the MQIPT access password on the network between mqiptAdmin and MQIPT. Use this procedure to configure the TLS command port and administer MQIPT using the TLS command port. - Command port authentication
MQIPT can be configured to authenticate commands received by the unsecured command port and TLS command port using a password. Use this procedure to enable command port authentication.
Parent topic: Administer IBM MQ Internet Pass-Thru