Release 9.2.0.1.0 for UNIX
Part No. A96196-01
 Contents |
 Index |
|
Oracle® Procedural Gateway and Tools for IBM MQSeries Installation and User's Guide
Release 9.2.0.1.0 for UNIX Part No. A96196-01 |
|
This chapter explains the following aspects of the gateway running environment:
MQSeries has its own authorization mechanism. Applications are allowed to perform certain operations on queues or queue managers only when their effective user ID has authorization for each operation. The effective user ID, typically the operating system user, depends on the MQSeries environment and the platform it runs on.
The effective user ID in an Oracle environment is not dependent on an operating system account or the platform. Because of this difference, the gateway provides two authorization models for Oracle applications to work with MQSeries:
relaxed
strict
Although Oracle and operating system user IDs can be longer than 12 characters, the length of user IDs used for either model cannot exceed 12 characters. Oracle user accounts do not have a minimum number of characters required for their passwords, but some platforms and operating systems do. Take their requirements into consideration when deciding on a password or user ID.
The authorization model is configured with the AUTHORIZATION_MODEL parameter in the gateway initialization file. Refer to Appendix C, " Gateway Initialization Parameters" for more information about AUTHORIZATION_MODEL.
This model discards the Oracle username and password. The authorizations granted to the effective user ID of the gateway by the queue manager are the only associations an Oracle application has. For example, if the gateway's user ID is granted permission to open or read messages, or place messages on a queue, then all Oracle applications that access the gateway can request those operations.
The effective user ID is determined by how the gateway is running:
If the gateway runs as an MQI client application, then the user ID is determined by the MQI channel definition (refer to IBM publications for more information about channel definitions)
If the gateway runs as an MQI server application, then the effective user ID of the gateway is the user who started the Oracle Net listener and who must have authorization to all the MQSeries objects that the Oracle application wants to access. Refer to "Authorization for MQSeries Objects" for more information
Oracle Corporation recommends against using the relaxed model unless your application has minimal security requirements.
This model uses the Oracle user ID and password provided in the Oracle CREATE DATABASE LINK statement when a database link is created, or the current Oracle user ID and password if none was provided with CREATE DATABASE LINK.
The Oracle user ID:
should match a user account for the computer that runs the gateway and for the computer that runs the MQSeries queue manager
must have authorization for all the accessed MQSeries objects. Refer to "Authorization for MQSeries Objects" for more information
The authorization process to verify the Oracle user ID and password varies depending on how the gateway is running.
If the gateway runs as an MQSeries server application, then the authorization process checks the user ID and password against the local or network password file. If they match, then the gateway performs a SET-UID for the user ID and continues to run under this user ID. Further MQSeries authorization checks happen for this user ID.
If the gateway runs as an MQSeries client application, then the authorization process checks the user ID and password against the local or network password file. If they match, then the MQSeries environment variables MQ_USER_ID and MQ_PASSWORD are set to the values of the user ID and password. If the channel definition has specified the MQSeries environment variable MCAUSER as blank characters, then MQSeries authorization checks occur for the user ID.
If MCAUSER is set, not set, or security exits are defined for the MQI channel, then these override the gateway efforts. Refer to IBM publications for more information about MQSeries environment variables.
The effective user ID for the relaxed model and the Oracle user ID for the strict model require the following MQSeries authorizations:
Table 8-1 MQ Series Access Authorization
| Type of Access | MQSeries Authorization Keywords | Alternate MQSeries Authorization Keywords |
|---|---|---|
| Permission to access the MQSeries queue manager | all or allmqi | connect
setid |
| Permission to send messages to an MQSeries queue | all or allmqi | passall
passid put setid |
| Permission to receive messages from an MQSeries queue | all or allmqi | browse
get passall passid setid |
Refer to IBM publications for more information about MQSeries authorizations.
For transactions that invoke MQSeries message queue operations and that are using the gateway, such transactions from an Oracle application are managed by the Oracle transaction coordinator at the Oracle server where the transaction originates.
This section describes generic transaction support features of Oracle Server.
When an Oracle distributed database contains a gateway, the gateway must be properly configured to take part in a distributed transaction. The outcome of a distributed transaction involving a gateway should be that all participating sites roll back or commit their parts of the distributed transaction. All participating sites, including gateway sites, that are updated during a distributed transaction must be protected against failure and must be able to take part in the two-phase commit mechanism. A gateway that updates a target system as part of a distributed transaction must be able to take part in the automatic recovery mechanism, which might require that recovery information be recorded in transaction memory at the target system.
If a SQL-based gateway is involved in a distributed transaction, the distributed database must be in a consistent state after the distributed transaction is committed.
A procedural gateway or a SQL-based gateway with the procedural option translates remote procedure calls into target system calls. From the viewpoint of the Oracle transaction model, the gateway appears to be an Oracle server executing a PL/SQL block containing SQL statements used to access an Oracle database.
For a procedural gateway, it is unknown whether a target system call alters data. To ensure the consistency of a distributed database, it must be assumed that a procedural gateway updates the target system. Accordingly, all remote procedure calls sent to a procedural gateway take part in a distributed transaction and must be protected by the two-phase commit protocol. For example, you could issue the following SQL*Plus statements:
EXECUTE REMOTE_PROC@FACTORY; INSERT INTO DEBIT@FINANCE ROLLBACK;
In the example, REMOTE_PROC is a remote procedure call to access a procedural gateway, DEBIT is an Oracle table residing in an Oracle database, and FACTORY and FINANCE are database links used to access the remote sites.
This section describes generic transaction support features of Oracle Server.
When gateways are involved in a distributed transaction, the transaction capabilities of the non-Oracle data source determine whether the data source can participate in two-phase commit operations or distributed transactions.
Depending on the transaction capabilities of the non-Oracle data source, it can be mapped to one of the following transaction types:
| Read-only | During a distributed transaction, the gateway provides readonly access to the data source, so the gateway can only be queried. Read-only is used for target systems that use the presumed-commit model or do not support rollback mechanisms. |
| Single-site | During a distributed transaction, the target system is readonly (other sites can be updated) or the only site updated (can participate in remote transactions). Single-site is used for target systems that support rollback, commit, and presumed-abort, but cannot prepare or commit-confirm as they have no distributed transaction memory, the ability to remember what happened during and after a distributed transaction identified by its transaction ID. |
| Commit-confirm | The gateway is a partial partner in the Oracle transaction mode. During a distributed transaction in which it is updated, the gateway must be the commit point site. Commit-confirm is used for target systems that support rollback, commit, presumed-abort, and commit-confirm, but do not support prepare. The commit-confirm capability requires distributed transaction memory. |
| Two-phase commit | The gateway is a partial partner in the Oracle transaction model. During a distributed transaction, the gateway cannot be the commit point site.
Two-phase commit is used for target systems that support rollback, commit, presumed-abort, and prepare, but do not support commit-confirm, because they have no distributed transaction memory. |
| Two-phase commit-commit confirm | The gateway is a full partner in the Oracle transaction model. During a distributed transaction, the gateway can be the commit point site, depending on the commit point strength defined in the gateway initialization file.
This transaction type is used for target systems that support a full two-phased commit transaction model. That is, the target system supports rollback, commit, presumed-abort, prepare, and commit-confirm. |
This section describes transaction capabilities of the Oracle Procedural Gateway for IBM MQSeries.
Transactions from an Oracle application (that invoke MQSeries message queue operations and that are using the gateway) are managed by the Oracle transaction coordinator at the Oracle server where the transaction originates. The procedural gateway for IBM MQSeries provides the following transaction types:
single-site
commit-confirm
Single-site is supported for all MQSeries environments and platforms. Single-Site means that the gateway can participate in a transaction only when queues belonging to the same MQSeries queue manager are updated. An Oracle application can select, but not update, data at any Oracle database within the same transaction that sends to, or receives a message from, an MQSeries queue. To update objects in the Oracle database, the transaction involving the MQSeries queue should first be committed or rolled back.
This default mode of the gateway is implemented using MQSeries single-phase, where the queue manager acts as the synchpoint coordinator.
This is an enhanced version of single-site and is supported for all MQSeries environments and platforms. Commit-confirm means that the gateway can participate in transactions when queues belonging to the same MQSeries queue manager are updated and, at the same time, any number of Oracle databases are updated. Only one gateway with the commit-confirm model can join the distributed transaction because the gateway operates as the focal point of the transaction. To apply changes to queues of more than one queue manager, updates applied to a queue manager need to be committed before a new transaction is started for the next queue manager.
As with single-site, commit-confirm is implemented using MQSeries single-phase, but it requires a dedicated recovery queue at the queue manager to log the transaction ID. At commit time, the gateway places a message in this queue with the message ID set to the Oracle transaction ID. After the gateway calls the queue manager to commit the transaction, the extra message on the transaction log queue becomes part of the overall transaction. This makes it possible to determine the outcome of the transaction in case of system failure, allowing the gateway to recover a failed transaction. When a transaction successfully completes, the gateway removes the associated message from the queue.
The MQSeries administrator must create a reserved queue at the queue manager. The name of this queue is specified in the gateway initialization file with the TRANSACTION_LOG_QUEUE parameter. All Oracle users that access MQSeries through the gateway should have full authorization for this queue. The transaction log queue is reserved for transaction logging only and must not be used, accessed, or updated other than by the gateway. When a system failure occurs, the Oracle recovery process checks the transaction log queue to determine the recovery strategy.
Two gateway initialization parameters, TRANSACTION_RECOVERY_USER and TRANSACTION_RECOVERY_PASSWORD, are set in the gateway initialization file to specify the user ID and password for recovery purposes. When set, the gateway uses this user ID and password combination for recovery work. The recovery user ID should have full authorization for the transaction log queue.
Refer to Appendix C, " Gateway Initialization Parameters" for more information about configuring the gateway for commit-confirm.
The troubleshooting topics include messages, error codes, gateway tracing, and gateway operations.
The gateway architecture includes a number of separate components. Any of these components can detect and report an error condition while processing PL/SQL code. An error condition can be complex, involving error codes and supporting data from multiple components. In all cases, the Oracle application receives a single Oracle error code upon which to act.
Error conditions are represented in three ways:
Errors from the Oracle integrating server
Messages from the Oracle integrating server are in the format ORA-xxxxx or PLS-xxxxx, where xxxxx is a code number. ORA-xxxxx is followed by text explaining the error code. Refer to the Oracle9i Database Error Messages for explanations of these errors.
Example:
PLS-00306: wrong number or types of arguments in call to 'MQOPEN' ORA-06550: line7, column 3: PL/SQL: Statement ignored
Most gateway error conditions are reported to your application using one of the gateway error codes in the range of ORA-00700 through ORA-00799, ORA-08502 through ORA-08599, or ORA-09100 through ORA-09199. If an error is detected by the Oracle integrating server, then the gateway message lines do not occur. For example, if the gateway cannot be accessed because of an Oracle Net or gateway installation problem, then the gateway message line is not present in the generated error.
The message format is explained under "Interpreting Gateway Messages". Refer to the Oracle Open Gateway Guide for SQL-Based and Procedural Gateways for an explanation of messages in these number ranges.
Example:
ORA-09119: Initialization file contains error. ORA-00718: Value "3" illegal for parameter "TRACE_LEVEl" ORA-02063: preceding 2 lines from PG4MQ
When possible, an MQSeries error code is converted to an Oracle error code. If that is not possible, then the Oracle error ORA-08500 with the corresponding MQSeries error code is returned. Refer to "Common Error Codes" for more information.
|
Note: Because the Oracle integrating server distinguishes only between a successful or failed outcome of all user operations, MQI calls that return a warning are reported as a successful operation. |
Example:
ORA-08500: The IBM MQSeries MQI call "MQOPEN" fails with reason code 2085 ORA-06512: at line 8
Error codes are generally accompanied by additional message text, beyond the text associated with the Oracle message number. The additional text includes details about the error.
Gateway messages have the following format:
ORA-nnnnn:error_message_text gateway_message_line ORA-02063: preceding n lines from dblink
where:
nnnn
|
is an Oracle error number. |
error_message_text
|
is the text of the message associated with the error. |
gateway_message_line
|
is additional messages generated by the gateway. |
n
|
is the total number of gateway message lines. |
dblink
|
is the database link name. |
Most gateway messages exceed the 70 character message area in the Oracle SQLCA. Use SQLGLM or OERHMS in the programmatic and Oracle Call Interfaces that you use with the gateway to view the entire message. Refer to the Programmer's Guide to the Oracle Precompilers for additional information about SQLGLM, and the Oracle Call Interface Programmer's Guide for additional information about OERHMS.
The error conditions that are described in this section are common error conditions that an application might receive while using the gateway, but do not cover all error situations.
Cause: invalid username/password
Action: logon denied
Cause: The MQCONN call failed. The gateway could not complete the current operation. (Note: Reason codes are listed in IBM documentation.)
Action: If the gateway is configured for the relaxed security model, then use the IBM MQSeries administrative command interface to grant connect privileges to the user who started the Oracle Net listener. The connect privileges allow access to the MQSeries queue manager.
If the gateway is configured for the strict security model, then use the IBM MQSeries administrative command interface to grant connect privileges to the username specified in the CREATE DATABASE LINK statement. If no username was specified in the CREATE DATABASE LINK statement, then the privileges are granted to the current Oracle user ID. The connect privileges allow access to the MQSeries queue manager.
Refer to "Authorization for MQSeries Objects" and to IBM publications for information to verify and set access privileges.
Cause: The gateway TRANSACTION_MODEL parameter is set to SINGLE_SITE, but your application attempted a distributed transaction that involves an MQSeries operation and at least one Oracle database operation.
Action: Configure the gateway for distributed transactions by:
setting the TRANSACTION_MODEL parameter to COMMIT_CONFIRM
creating a transaction log queue in the MQSeries queue manager
setting the TRANSACTION_LOG_QUEUE, TRANSACTION_RECOVERY_USER, and TRANSACTION_RECOVERY_PASSWORD parameters with the correct information
Refer to Chapter 7, " Configuration " and Appendix C, " Gateway Initialization Parameters" for more information.
Cause: A problem occurred with the distributed transaction identified by n.n.nn.
Action: Verify the following:
A valid queue name is specified by the TRANSACTION_LOG_QUEUE parameter.
If the gateway is configured for the relaxed security model, then the user who started the Oracle Net listener must have sufficient MQSeries privileges to send or receive MQSeries messages for the transaction log queue.
If the gateway is configured for the strict security model, then the username specified in the CREATE DATABASE LINK statement or the current Oracle user ID must have sufficient MQSeries privileges to send or receive MQSeries messages for the transaction log queue.
Refer to IBM publications for information to verify and set access privileges.
Cause: An MQI call to an MQSeries queue manager failed. The gateway could not complete the current operation.
Action: If call_name is MQOPEN and mqi_code is 2035, then do the following:
If the gateway is configured for the relaxed security model, then use the IBM MQSeries administrative command interface to grant sufficient message privileges to the user who started the Oracle Net listener. These privileges allow the user to send and receive messages for the specified MQSeries queue. Refer to IBM publications for more information.
If the gateway is configured for the strict security model, use the IBM MQSeries administrative command interface to grant message privileges to the username specified in the CREATE DATABASE LINK statement. If no username was specified in the CREATE DATABASE LINK statement, the privileges are granted to the current Oracle user ID. These privileges allow the user to send and receive messages for the specified MQSeries queue. Refer to IBM publications for more information.
If call_name is MQOPEN, and if mqi_code is 2085, then verify that the queue that is specified in the MQSeries profile exists at the MQSeries queue manager that you are trying to access and that the queue name is correctly spelled and in the correct letter case.
For mqi_codes other than 2035 and 2085, refer to IBM publications.
Cause: The MQGET procedure was executed, but there was no message on the queue satisfying the selection criteria that was specified by the type definition MQMD.
Action: If this is an anticipated condition, then add exception handling code to the calling PL/SQL block for a NO_MORE_MESSAGES exception, as defined in the gateway PGM_SUP package. If this is not an anticipated condition, then check whether the message was successfully placed on the queue. Refer to "PGM_SUP Package" for information about PGM_SUP.
Cause: The gateway did not find a matching entry in the network or local password file for username.
Action: Verify that the gateway executables pg4mqs90 and pg4mqs90drv (MQSeries server configuration) or pg4mqc90 and pg4mc90drv (MQSeries client configuration) in the directory ORACLE_HOME/bin have root and SET-UID permission by using the ls command as follows:
$ ls -l pg4mq*
The result should look similar to the following:
-rwsr-xr-x 1 root root 3437292 Feb 28 15:18 pg4mqs92 -rwsr-xr-x 1 root root 13352 Feb 28 15:18 pg4mqs92drv
If you did not get this result, then run the root.sh script (refer to "Running root.sh").
Ensure that the username and password that are specified with the CREATE DATABASE LINK statement (or the current Oracle user ID and password if no username was specified with CREATE DATABASE LINK) match the user account and password on the computer where the gateway is running. The characters and letter case must match.
Refer to "Creating Database Links" and "Strict Model" for more information.
userid" or its password exceeds n characters."Cause: The specified user ID or password of the database link exceeds the maximum length of characters supported by MQSeries.
Action: Create or use another user ID to access MQSeries.
userid"
Cause: The gateway could not initiate MQSeries authorization for userid.
Action: Verify that the gateway has the necessary privileges.
The gateway has a trace feature for testing or debugging purposes. The trace feature collects information about the gateway running environment, MQI calls, and parameter values of MQI calls. How much trace data to collect is based on the tracing level selected with the TRACE_LEVEL parameter. Do not enable tracing when your application is running in a production environment because it reduces gateway performance. Refer to Appendix C, " Gateway Initialization Parameters" for more information about enabling tracing.
The trace data is written to the directory and file specified by the LOG_DESTINATION parameter.
This is a gateway initialization parameter.
The default depends on your system. See your gateway installation and user's guide (? where is this chap ?) for the default value.
LOG_DESTINATION = log_file
LOG_DESTINATION = log_file
LOG_DESTINATION specifies the filename or directory where the gateway writes logging information. When log_file already exists, logging information is written to the end of file.
If you do not specify LOG_DESTINATION, then the default log file is overwritten each time the gateway starts up.
The following example shows the trace data collected for MQI calls and their parameter values when gateway tracing was enabled by setting TRACE_LEVEL to 6:
Calling MQCONN() Name = mgr.nlsu41.1 pHconn = 273248 Returning from MQCONN() Name = mgr.nlsu41.1 Hconn = 2849264 CompCode = 0 Reason = 0 Calling MQOPEN() Hconn = 2849264 pObjDesc = efffed58 ObjectName = QUEUE2 Options = 16 pHobj = 274468 Returning from MQOPEN() Hconn = 2849264 pObjDesc = efffed58 Options = 16 Hobj = 239888 CompCode = 0 Reason = 0 Calling MQCMIT() Hconn = 2849264 Returning from MQCMIT() Hconn = 2849264 CompCode = 0 Reason = 0 Calling MQDISC() Hconn = 2849264 Returning from MQDISC() Hconn = -1 CompCode = 0
If your application cannot connect to the gateway, then rerun the application with the gateway trace feature enabled. If no trace information is written to the log file specified by LOG_DESTINATION, or if the log file is not created at all, then verify that:
the Oracle Net configuration for the gateway and the Oracle integrating server is set up properly (refer to "Configuring Oracle Net for the Gateway")
a database link between the Oracle integrating server and the gateway was created ("Administering Database Links")
If the Oracle Net configuration and database link are set up correctly, then check the gateway's operation with the test.sql script:
Change directory to the gateway sample directory by entering:
$ cd $ORACLE_HOME/pg4mqseries/sample
Using an editor, modify the test.sql script to:
Specify the database link name that you created for the gateway. To do this, replace the characters @pg4mq with @dblink, where dblink is the name you chose when the database link was created.
Replace the characters YOUR_QUEUE_NAME with a valid MQSeries queue name.
Using SQL*Plus, connect to your Oracle integrating server as a valid user.
Run test.sql, a script that sends and retrieves a message from an MQSeries queue. A successful completion displays the following output:
SQL> @test.sql message put on queue = 00102030405060708090 message read back = 00102030405060708090 PL/SQL procedure successfully completed.
An unsuccessful test displays the following output:
SQL> @test.sql message put on queue = 00102030405060708090 Error: Procedural Gateway for IBM MQSeries verification script failed. ORA-08500: The IBM MQSeries MQI call "MQOPEN" fails with reason code 2085
|
 Copyright © 2001, 2002 Oracle Corporation All rights reserved |
|