Create the configuration file for the IBM MQ Bridge to blockchain

Enter your queue manager and your blockchain network parameters to create the configuration file for the IBM MQ Bridge to blockchain to connect to your IBM MQ and IBM Blockchain networks.

Before starting

• You created and configured your Hyperledger Composer blockchain network.
• You installed the IBM MQ Bridge to blockchain on your z/OS environment.
• You started the IBM MQ Advanced for z/OS VUE queue manager.

This task takes you through the minimal setup that is needed to create the IBM MQ Bridge to blockchain configuration file and successfully connect to your IBM Blockchain and IBM MQ networks.

• Hyperledger Composer network that runs in Docker. For more information, see Installing Hyperledger Composer, and Generating a REST API.
• Hyperledger Composer network that runs in a Kubernetes cluster in IBM Cloud. For more information, see Develop in a cloud sandbox on IBM Blockchain Platform.

For more information on the meaning and options for all the IBM MQ Bridge to blockchain parameters, see the runmqbcb command. You must consider your own security requirements and customize the parameters appropriate to your deployment.

Procedure

1. Run the bridge in your UNIX System Shell (USS) environment, to create a configuration file. You need the parameters from your Hyperledger Composer security information, and from the IBM MQ Advanced for z/OS VUE queue manager. Run the bridge script from the mqbc/bin directory of the location in USS where IBM MQ is installed.

   ./runmqbcb -o config_file_name.cfg

   As the following example illustrates, the existing values are shown inside the brackets. Press Enter to accept existing values, press Space then Enter to clear values, and type inside the brackets then press Enter to add new values. We can separate lists of values (such as peers) by commas, or by entering each value on a new line. A blank line ends the list.Note: We cannot edit the existing values. We can keep, replace, or clear them.
2. Enter values for the connection to the IBM MQ Advanced for z/OS VUE queue manager. Minimum values that are needed for the connection, are the queue manager name and the names of the bridge input queues that you defined. For connections to remote IBM MQ Advanced for z/OS VUE queue managers, you also need MQ Channel and MQ Conname (host address and port where the queue manager is running). To use TLS for connecting to IBM MQ in step 5, we must use JNDI or CCDT and specify MQ CCDT URL or JNDI implementation class and JNDI provider URL accordingly.Note: The MQ CCDT or JNDI values take precedence over the configuration file where values overlap.

   Connection to Queue Manager
   ---------------------------
   Queue Manager                        : [z/OS_ADV_VUE_qmgr_name]
   Bridge Input Queue                   : [APPL1.BLOCKCHAIN.INPUT.QUEUE]
   MQ Channel                           : []
   MQ Conname                           : []
   MQ CCDT URL                          : []
   JNDI implementation class            : []
   JNDI provider URL                    : []
   MQ Userid                            : []
   MQ Password                          : []
   

3. Enter the credentials for the Hyperledger Composer REST server associated with your blockchain network (if configured). In the following example, the Hyperledger Composer REST server has been configured with an LDAP credentials store using the passport-ldapauth NodeJS module. Note, that we can use any of the passport-* modules that provide basic user and password style credentials in this manner. For more information see Enable authentication for the REST server.

   User Identification
   --------------------------------
   Userid                              : []admin
   Password                            : []******
   API path for Login                  : auth/ldap
   

4. Enter the address for the Hyperledger Composer REST server. Note that no protocol, that is http or https, is needed in this attribute and that the port number is mandatory. Whether the HTTP or HTTPS protocol is used is dependent on the security configuration of the REST server. If a certificate and private key pair are provided to the REST server, HTTPS is used. HTTPS is used. Otherwise, HTTP is used. For information about how to specify the certificate and private key pair, see step 5.

   REST Server
   ---------------------------
   Address for Composer REST server     : [composer-rest-server-ip-address:3000]
   

5. Enter certificate stores values for TLS connections. The bridge acts as an IBM MQ JMS client that is connecting to a queue manager, which means that it can be configured to use TLS security to connect securely in the same way as any other IBM MQ JMS client. Configuration of TLS connection details is exposed only after you specify JNDI or CCDT information in step 2. The certificate stores are used for Hyperledger Composer, and to the IBM MQ Advanced for z/OS VUE queue manager. If certificate stores are specified, the bridge always attempts to connect to the Hyperledger REST server using HTTPS. However, TLS can be disabled for IBM MQ connections, while still using TLS for Hyperledger Composer using the following option.

   Certificate stores for TLS connections
   --------------------------------------
   Personal keystore                    : []
   Keystore password                    : []
   Trusted store for signer certs       : []
   Trusted store password               : []
   Use TLS for MQ connection            : [N]
   Timeout for Blockchain operations    : [12]
   

   For more information, see Securing the REST server using HTTPS and TLS.
6. Optional: Enter the location for the log file for the IBM MQ Bridge to blockchain. We can specify the log file name and location, in the configuration file or on the command line.

   Behavior of bridge program
   --------------------------
   Runtime logfile for copy of stdout/stderr : [/var/mqm/errors/runmqbcb.log]
   Done.
   

Results

What to do next

Related information

• runmqbcb (run IBM MQ Bridge to blockchain)