Run IBM MQ in Docker for local development

In a previous blogpost, I described how you can install IBM MQ on your local development machine. This is still a lot of work just to get MQ up and running…

This post describes how to run IBM MQ in Docker and get you up and running in less than 5 minutes! (you should have of course already a working installation of Docker Desktop on your machine)

The official GitHub repository of the MQ Container can be found here: https://github.com/ibm-messaging/mq-container.

Step 1 – Run MQ with default config

These instructions are based on the official usage documentation. In this example, I will not use the default MQ_DEV config.

# get image
docker pull ibmcom/mq

# create volume to sore settings and messages
docker volume create qm1data

# run container without default mq_dev config and attach the new volume
docker run --env LICENSE=accept --env MQ_QMGR_NAME=QM1 --env MQ_DEV=false --publish 1414:1414 --publish 9443:9443 --detach --volume qm1data:/mnt/mqm ibmcom/mq

# login to web console
https://localhost:9443/
u:admin	
p:passw0rd

Step 2 – Disable security

The default configuration has security configured out of the box. And that is a good thing! But it might be a bit annoying for local development.

Connect to your container using the cli. Use runmqsc to disable security and create a new channel that runs under the mqm user.

runmqsc

ALTER QMGR CHLAUTH (DISABLED)
ALTER QMGR CONNAUTH(' ')
REFRESH SECURITY TYPE(CONNAUTH)
define channel(DEMO.ADMIN.SVRCONN) chltype(SVRCONN) trptype(TCP) mcauser('mqm')

At this point, security is disabled and the channel “DEMO.ADMIN.SVRCONN” can be used for messaging (from Java / .NET) and admin purposes (MQ Explorer) without any security.

DISCLAIMER: you should only disable security like this in a development scenario!

Cntlm and a corporate web proxy

When working in a corporate context, you often get confronted with a corporate web proxy. This can become very annoying when working with various command-line tools that have issues with the authentication part of that web proxy.

Luckily, Cntlm can remove that friction by running a local proxy without authentication, that authenticates to the actual proxy for you.

Configuration

  1. Download and install Cntlm: https://sourceforge.net/projects/cntlm/
    It will install itself under”C:\Program Files (x86)\Cntlm”
  2. Edit “Cntlm.ini” and fill in your Username, Domain and Proxy. Remove the plain text password property and save the file.
  3. Use “cntlm -H” to generate a new password hash. Copy the PassNTMLv2 hash to the Cntlm.ini file.
  4. Start the Cntlm service using “net start cntlm”
  5. Now you can use your local proxy (without authentication) at http://localhost:3128/

Conclusion

You only need 4 properties in the Cntlm.ini file to get Cntlm running in a secure way:

Username	testuser
Domain		corp-uk
Proxy		10.0.0.41:8080
PassNTLMv2      <output from cntlm -H>

Links

Getting started with Apache Kafka

Today I started with the excellent Pluralsight course “Getting Started with Apache Kafka“.

The course is focused on using an Ubuntu test server for Kafka and a Java development environment. This blog post is a list of resources that I found helpful while exploring Apache Kafka, with a focus on the Microsoft stack.

Hosting a Kafka environment

Multiple options exist for hosting your test environment. One option is to deploy Apache Kafka in an Azure HDInsight cluster (quickstart tutorial + Azure Friday). This option seemed a bit overkill for me as I was searching a “quick start” experience.

Another option are containers. While searching for Docker images, I stumbled upon the Bitnami Kafka Stack.
They offer both Docker and VM images that you can use for running locally on your machine or for deploying to the Azure cloud (Bitnami Azure Marketplace).

But, also this still takes some time before you can connect to your Kafka test cluster. So in the end, I went for a Confluent Kafka cluster, running in Azure. It took me less then 3 minutes to register a new Confluent account, create a new Kafka cluster and connect to it with Conduktor. This solution is of course not free. Luckily, it is possible to use the Confluent platform for 3 months with a 50 USD spending credit per month.

Connecting to Kafka from .NET

When it comes to connecting to Kafka with .NET, there is only one solution you should use and that is “confluent-kafka-dotnet“. All other packages are outdated and suggest you should use that one.

As mentioned in the beginning, the Pluralsight is focusing on the Java client for Kafka. Not all concepts are the same when using the Confluent .NET client, therefore you should dig into the wiki on the GitHub project. It provides all info needed to create your first simple producer and consumer application. Also, the blogpost ‘Designing the .NET API for Apache Kafka‘ gives some interesting back story.

What’s next?

After completing the ‘getting started course’ on Pluralsight I can recommend the following resources to continue your learnings: