WebSphere Message Brokers
File: an28150_
Writer: Bill Oppenheimer

Reference topic

This build: July 31, 2007 21:34:11

mqsichangebroker command - Windows, Linux and UNIX systems

Syntax

Parameters

BrokerName
(Required) This parameter must be the first parameter. Specify the name of the broker to modify.
-a ServicePassword
(Optional) The password for the ServiceUserID.

For compatibility with existing systems, you can specify <password>. However, if you do not specify a password with this parameter when you run the command, you are prompted to enter a password during its invocation, and to enter the password a second time to verify that you have entered it correctly.

On Linux and UNIX systems, -a is required for compatibility with Windows systems, but is not used in relation to ServiceUserID; -a is used as a default only if -p is not specified. (See the -p parameter description for further details.)

If you have created your broker to use the ServiceUserID and ServicePassword for database access, ensure that you update both instances of the password on this command by specifying the -p DataSourcePassword parameter. Specify the -p DataSourcePassword parameter in the following circumstances:
  • You omitted the -u DataSourceUserID and -p DataSourcePassword parameters.
  • You included the -u DataSourceUserID and -p DataSourcePassword parameters, but provided the same user ID and password for the service user ID using -a ServicePassword and -i ServiceUserID.

To complete a password change successfully:

  • Stop the broker.
  • Change the password using the appropriate operating system function.
  • Use the mqsichangebroker command to update all parameters that reference this same password.
  • Restart the broker.
-i ServiceUserID
(Optional) The user ID under which the broker runs. You must also change the password (-a) if you change this value.

The user ID under which components run. You can specify the ServiceUserID in any valid user name syntax. On Windows systems, valid formats are:

  • domain\username
  • \\server\username
  • .\username
  • username

On Linux and UNIX systems, only the last format, username, is valid.

If you use the unqualified form for this user ID (username) on Windows systems, the operating system searches for the user ID throughout its domain, starting with the local system. This search might take some time to complete.

The ServiceUserID that you specify must be a member of the mqbrkrs local group. On Windows systems, the ID can be a direct or indirect member of the group. The ServiceUserID must also be authorized to access the home directory (where WebSphere Message Broker has been installed), and the working directory (if specified by the -w parameter).

On Windows systems, if you specify that the broker is to run as a WebSphere MQ trusted application (-t parameter), you must also add the service user ID to the mqm group. On Linux and UNIX systems, specify the ServiceUserID as mqm if you set the -t parameter.

The security requirements for the ServiceUserID are described in Security requirements for Windows platforms, and in Security requirements for Linux and UNIX platforms.

-p DataSourcePassword
(Optional) The password of the user ID with which the databases that contain broker tables and user data are to be accessed.

For compatibility with existing systems, you can still specify password. However, if you do not specify a password with this parameter when you run the command, you are prompted to enter a password during its invocation, and to enter the password a second time to verify that you have entered it correctly.

For DB2 on Linux and UNIX systems, you can specify -p as an empty string (two double quotation marks, ""). In this case, DB2 grants WebSphere Message Broker the privileges of the ServiceUserID, which results in a database connection as "already verified". If you specify an empty string for -a and -p, no passwords are stored by WebSphere Message Broker, creating the most secure configuration.

Ensure that you change all instances of the use of this password. If you have created (or changed) the broker to use the same user ID and password for its service user ID, as well as its database access, update both instances at the same time. (See the description of the -a parameter for further details.)

-s UserNameServerQueueManagerName
(Optional) The name of the WebSphere MQ queue manager that is associated with the User Name Server.

To remove topic-based security, specify an empty string (two quotation marks, "").

-j
(Optional) Publish/subscribe access is enabled for the broker. This parameter is valid only with the -s parameter.
-d
(Optional) Publish/subscribe access is not enabled for the broker.
-t
(Optional) The broker runs as a WebSphere MQ trusted application.

For more details about using WebSphere MQ trusted applications, see WebSphere MQ Intercommunication.

-n
(Optional) The broker ceases to run as a WebSphere MQ trusted application.
-l UserLilPath
(Optional) A list of paths (directories) from which the broker loads LILs (loadable implementation libraries) for user-defined message processing nodes.

On Linux and UNIX systems, directory names are case sensitive, and you must include the names in single quotation marks if they contain mixed case characters.

Do not include environment variables in the path; the broker ignores them.

Create your own directory for storing your .lil or .jar files. Do not save them in the WebSphere Message Broker installation directory.

If you specify more than one additional directory, each directory must be separated by the default platform-specific path separator: semicolon (;) on Windows systems; colon (:) on Linux and UNIX systems.

-g ConfigurationTimeout
(Optional) This parameter defines the length of time (in seconds) that an execution group in the broker can take to apply a change in configuration (for example, an update that you have deployed from the workbench).

A message flow cannot respond to a configuration change while it is processing an application message. An execution group that has been requested to change its configuration returns a negative response to the deployed configuration message if any one of its message flows does not finish processing an application message and apply the configuration change within this timeout.

The value that you set for this timeout depends on the system load (including CPU utilization), and on each execution group's load. You can make an initial estimate by deploying the broker's entire configuration. The time taken for this to complete successfully gives an indication of the minimum value to set.

Specify the value in seconds, in the range 10 to 3600. The default is 300.

The sum of the ConfigurationTimeout and the ConfigurationDelayTimeout represents the maximum length of time that a broker can take to process a deployed configuration message before it generates a negative response.

-k ConfigurationDelayTimeout
(Optional) The length of time (in seconds) that a broker can take to process a minimal change in configuration (for example, an update that you have deployed from the workbench).

This parameter represents the time that it takes for a broker and its execution groups to process a minimal deployed configuration message; it depends on queue manager network delays, the load on the broker's queue manager, and system load.

You can estimate this value by issuing a command to request a simple configuration change, for example:
mqsireporttrace brokerName -e "Execution Group Name" -u

The response time of each execution group differs according to system load and the load of its own processes. The value must reflect the longest response time that any execution group takes to respond. If the value is too low, the broker returns a negative response, and might issue error messages to the local error log.

Specify the value in seconds, in the range 10 to 3600. The default is 60.

If the broker is on a production system, increase the values for both ConfigurationTimeout and ConfigurationDelayTimeout to allow for application messages that are currently being processed by message flows to be completed before the configuration change is applied.

If the broker is on a development or test system, you might want to reduce time-outs (in particular, the ConfigurationTimeout) to improve perceived response times, and to force a response from a broker that is not showing expected behavior. However, reducing the timeout values decreases the probability of deploying a configuration change successfully.

-P HTTPListenerPort
(Optional) Enter the number of the port on which the Web Services support is listening.

The broker starts this listener when a message flow that includes Web Services support is started; the default is 7080.

Ensure that the port that you specify has not been specified for any other purpose.

-v StatisticsMajorInterval
(Optional) The timer interval (in minutes) at which WebSphere Message Broker statistics and accounting is told to output archive records. For internal accounting, the valid range is from 10 to 14400 minutes.

An interval of zero minutes indicates that the operating system has an external method of notification and is not using an internal timer within WebSphere Message Broker.

-y LdapPrincipal
(Optional, but mandatory when LdapCredentials is provided.) The user principal for access to an optional LDAP directory that holds the JNDI administered Initial Context for the JMS provider.
-z LdapCredentials
(Optional, but mandatory when LdapPrincipal is provided.) The user password for access to LDAP.
-c ICUConverterPath
(Optional) A delimited set of directories to search for additional code page converters. On Windows systems, the delimiter is a semicolon (;). On UNIX and Linux systems, the delimiter is a colon (:).

The code page converters must be either of the form icudt32_codepagename.cnv, or in an ICU data package called icudt32.dat.

Do not use this parameter to set the converter path if you are using a converter that matches one of the built-in converters that are provided with Version 6.0, and that converter is the local code page for the broker. Use the ICU_DATA environment variable instead.
-x UserExitPath
(Optional) The path that contains the location of all user exits to be loaded for 32-bit execution groups in this broker. This path is added to the system library search path (PATH,LIBPATH,LD_LIBRARY_PATH,SHLIBPATH) for the execution group process only.
-e ActiveUserExits
(Optional) Active user exits. By default, user exits are inactive. Adding a userExit name to this colon-separated list changes its default state to active for this broker. You can use the mqsichangeflowuserexits command to override the default state at the execution group or message flow level. If you specify a user exit name, and no library is found to provide that user exit when the execution group starts, a BIP2314 message is written to the system log, and the execution group fails to start.

To change other broker properties, first delete and re-create the broker, and then use the workbench to redeploy the broker's configuration. To change the user ID that is used for database access, see Administering the broker domain.

Examples

Windows, Linux, and UNIX systems:
mqsichangebroker WBRK_BROKER -s WBRK_UNS_QM
mqsichangebroker WBRK_BROKER -s ""
mqsichangebroker WBRK_BROKER -x /opt/3rdparty/wmbexit
Notices | Trademarks | Downloads | Library | Support | Feedback

Copyright IBM Corporation 1999, 2007Copyright IBM Corporation 1999, 2007. All Rights Reserved.
This build: July 31, 2007 21:34:11

an28150_ This topic's URL is: