IBM MQ 不在 Openshift 4

大家好。
我在 Openshift 4 上部署了一个 IBM MQ 映像，出于某种原因，这些进程不使用用户 mqm，而是使用 Openshift 本身随机生成的用户。

因此，我有一个 Java 应用程序尝试连接到队列，但由于身份验证失败，因为它使用 mqm 作为用户。

在 Openshift 3 上运行的完全相同的映像的行为符合预期。更多详情：
自定义图片：

FROM ibmcom/mq
ENV HOME /root
copY config.mqsc /etc/mqm/

并且，在 config.mqsc 中：

DEFINE CHANNEL(PASSWORD.SVRCONN) CHLTYPE(SVRCONN)
SET CHLAUTH(PASSWORD.SVRCONN) TYPE(BLOCKUSER) USERLIST('nobody') DESCR('Allow privileged users on this channel')
SET CHLAUTH('*') TYPE(ADDRESSMAP) ADDRESS('*') USERSRC(NOACCESS) DESCR('BackStop rule')
SET CHLAUTH(PASSWORD.SVRCONN) TYPE(ADDRESSMAP) ADDRESS('*') USERSRC(CHANNEL) CHCKCLNT(required)
ALTER AUTHINFO(SYstem.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS) ADOPTCTX(YES)
REFRESH Security TYPE(CONNAUTH)

DEFINE QLOCAL(MYQUEUE.IN ) DEFPSIST(YES) MAXDEPTH(500000)
DEFINE QLOCAL(MYQUEUE.OUT ) DEFPSIST(YES) MAXDEPTH(500000)

DEFINE QLOCAL(CS.ERROR) DEFPSIST(YES) MAXDEPTH(500000)

ALTER QMGR CHLAUTH(disABLED) CONNAUTH(' ')
ALTER CHANNEL('SYstem.DEF.SVRCONN') CHLTYPE(SVRCONN) MCAUSER('mqm')
REFRESH Security TYPE(CONNAUTH)

在 Openshift 4 上运行的过程看起来像

1000790+     232  0.0  0.1 2308688 45776 ?       Ssl  09:39   0:00 /opt/mqm/bin/amqzxma0 -m QM1 -x -u 1000790000

但在 Openshift 3 中它看起来像

1000100+    152  0.0  0.0 2324200 33812 ?       Ssl  May03   0:06 /opt/mqm/bin/amqzxma0 -m QM1 -x -u mqm

另一个区别是 MQ 容器在启动时具有的“功能”和安全属性。
在 Openshift 3 上：

Capabilities (bounding set): chown,dac_override,fowner,fsetid,setpcap,net_bind_service,net_raw,sys_chroot,audit_write,setfcap
Process security attributes: system_u:system_r:container_t:s0:c0,c15

在 Openshift 4 上：

Capabilities (bounding set): chown,sys_chroot
Process security attributes: system_u:system_r:container_t:s0:c17,c28

应用程序生成的堆栈跟踪：

Caused by: org.springframework.jms.JmsSecurityException: JMSWMQ2013: The security authentication was not valid that was supplied for QueueManager 'QM1' with connection mode 'Client' and host name 'my-mq(1414)'.; nested exception is com.ibm.msg.client.jms.DetailedJMSSecurityException: JMSWMQ2013: The security authentication was not valid that was supplied for QueueManager 'QM1' with connection mode 'Client' and host name 'my-mq(1414)'.
Please check if the supplied username and password are correct on the QueueManager to which you are connecting.; nested exception is com.ibm.mq.MQException: JMSCMQ0001: IBM MQ call Failed with compcode '2' ('MQCC_Failed') reason '2035' ('MQRC_NOT_AUTHORIZED').
        at org.springframework.jms.support.JmsUtils.convertJmsAccessException(JmsUtils.java:286)
        at org.springframework.jms.support.JmsAccessor.convertJmsAccessException(JmsAccessor.java:185)
        at org.springframework.jms.core.jmstemplate.execute(jmstemplate.java:507)
        at org.springframework.jms.core.jmstemplate.browseSelected(jmstemplate.java:1029)
        at org.springframework.jms.core.jmstemplate.browse(jmstemplate.java:991)
        ... 78 more
    Caused by: com.ibm.msg.client.jms.DetailedJMSSecurityException: JMSWMQ2013: The security authentication was not valid that was supplied for QueueManager 'QM1' with connection mode 'Client' and host name 'my-mq(1414)'.
Please check if the supplied username and password are correct on the QueueManager to which you are connecting.
        at com.ibm.msg.client.wmq.common.internal.Reason.reasonToException(Reason.java:531)
        at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:215)
        at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.java:424)
        at com.ibm.msg.client.wmq.factories.WMQConnectionFactory.createV7ProviderConnection(WMQConnectionFactory.java:8475)
        at com.ibm.msg.client.wmq.factories.WMQConnectionFactory.createProviderConnection(WMQConnectionFactory.java:7815)
        at com.ibm.msg.client.jms.admin.JmsConnectionFactoryImpl._createConnection(JmsConnectionFactoryImpl.java:303)
        at com.ibm.msg.client.jms.admin.JmsConnectionFactoryImpl.createConnection(JmsConnectionFactoryImpl.java:236)
        at com.ibm.mq.jms.MQConnectionFactory.createCommonConnection(MQConnectionFactory.java:6016)
        at com.ibm.mq.jms.MQQueueConnectionFactory.createQueueConnection(MQQueueConnectionFactory.java:111)
        at com.ibm.mq.jms.MQQueueConnectionFactory.createConnection(MQQueueConnectionFactory.java:187)
        at org.springframework.jms.support.JmsAccessor.createConnection(JmsAccessor.java:196)
        at org.springframework.jms.core.jmstemplate.execute(jmstemplate.java:494)
        ... 80 more
    Caused by: com.ibm.mq.MQException: JMSCMQ0001: IBM MQ call Failed with compcode '2' ('MQCC_Failed') reason '2035' ('MQRC_NOT_AUTHORIZED').
        at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:203)
        ... 90 more

知道可能是什么问题吗？

解决方法