Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added Configuring Zowe via JCL topic #3828

Merged
merged 32 commits into from
Sep 12, 2024

Conversation

lparadkar-rocket
Copy link
Collaborator

Describe your pull request here: Added Configuring Zowe via JCL

List the file(s) included in this PR: configuring-zowe-via-jcl, zos-components-installation-checklist

After creating the PR, follow the instructions in the comments.

Signed-off-by: lparadkar-rocket <lparadkar@rocketsoftware.com>
Signed-off-by: lparadkar-rocket <lparadkar@rocketsoftware.com>
Signed-off-by: lparadkar-rocket <lparadkar@rocketsoftware.com>
@lparadkar-rocket lparadkar-rocket added area: install and config Issues related to z/OS install and config release: V2 Zowe V2 content review: doc Needs review by Doc Squad member review: sme Needs review by an SME labels Aug 26, 2024
@lparadkar-rocket lparadkar-rocket self-assigned this Aug 26, 2024
Copy link

😺 Thank you for creating this PR! To publish your content to Zowe Docs, follow these steps.

  • Add the label review: sme if an SME needs to check your content.
  • Identify your content topic with a label. (Examples: area: apiml, area: cli, area: install and config, etc.)
  • Specify the major Zowe release(s) for your content. (Examples: release: V1, release: V2, release: V3)
    • If adding content that needs to be removed from V3 documentation, add the V3 N/A tag.
  • Link any Doc Issues related to this PR.
  • Fix broken links found in your content areas.
  • Notify the SME to review this PR (if applicable).
  • Merge to the master branch if your PR updates content that is on the live site. Merge to docs-staging if your PR updates content for a future release.

Copy link

📁 The PR description is missing the file name(s) for the updated content. List all the files included in this PR so this information displays in our Zowe Docs GitHub Slack channel.

If you have addressed this issue already, refresh this page in your browser to remove this comment.

Signed-off-by: Andrew Jandacek <andrew.jandacek@broadcom.com>
Signed-off-by: Andrew Jandacek <andrew.jandacek@broadcom.com>
@@ -0,0 +1,60 @@
# Configuring Zowe via JCL

One option to configure Zowe is by directly customizing JCLs. The Zowe Runtime Dataset `SZWESAMP` contains JCL samples that have templates referencing Zowe YAML parameters. These samples cannot be submitted without modification.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe change to
These samples should not be submitted without modification, as they will end unsuccessfully with a JCL ERROR status.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

# Configuring Zowe via JCL

One option to configure Zowe is by directly customizing JCLs. The Zowe Runtime Dataset `SZWESAMP` contains JCL samples that have templates referencing Zowe YAML parameters. These samples cannot be submitted without modification.
Edit and submit the job `SZWESAMP(ZWEGENER)` to validate the contents of your Zowe `YAML` before resolving the `JCL templates` and placing the resulting JCL into a separate `PDSE` created during installation. The location is specified in `zowe.setup.dataset.jcllib`.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should
Zowe YAML
instead be
Zowe configuration file zowe.yaml
to make it explicit with the file name ?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

agree. done

# Configuring Zowe via JCL

One option to configure Zowe is by directly customizing JCLs. The Zowe Runtime Dataset `SZWESAMP` contains JCL samples that have templates referencing Zowe YAML parameters. These samples cannot be submitted without modification.
Edit and submit the job `SZWESAMP(ZWEGENER)` to validate the contents of your Zowe `YAML` before resolving the `JCL templates` and placing the resulting JCL into a separate `PDSE` created during installation. The location is specified in `zowe.setup.dataset.jcllib`.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Strictly speaking I think it can be a PDS and doesn't need to be called out as a PDSE which is an extended partitioned data set. Maybe just say
... placing the resulting JCL into a separate data set created during installation.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

changed as per your comment

| Task | Description | Sample JCL|
|------|-------------|-----------|
|Create Instance Datasets | <br />**Purpose:**<br /> Create datasets for Zowe's PARMLIB content and non-ZFS extension content for a given Zowe Instance <br /> **Action:**<br /> 1) Allocate the PDSE FB80 dataset with at least 15 tracks named from Zowe parameter `zowe.setup.dataset.parmlib`<br/>2) Allocate the PDSE FB80 dataset with at least 30 tracks named from Zowe parameter `zowe.setup.dataset.authPluginLib`<br/>3) Copy the member `ZWESIP00` from `zowe.setup.dataset.prefix.SZWESAMP` into `zowe.setup.dataset.parmlib` | [ZWEIMVS](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIMVS)
|APF Authorize privileged content | <br />**Purpose:**<br /> Zowe contains one privileged component, ZIS, which enables the security model by which the majority of Zowe is unprivileged and in key 8. The load library for the ZIS component and its extension library must be set APF authorized and run in key 4 to use ZIS and components that depend upon it. <br /> **Action:**<br />1) APF authorize the datasets defined at zowe.setup.dataset.authLoadlib and zowe.setup.dataset.authPluginLib. <br />2) Define PPT entries for the members ZWESIS01 and ZWESAUX as Key 4, NOSWAP in the SCHEDxx member of the system PARMLIB. | [ZWEIAPF](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIAPF) <br />
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

.Zowe contains one privileged component, ZIS, which enables the security model by which the majority of Zowe is unprivileged and in key 8
maybe reverse the order to rewrite as
The majority of Zowe is unprivileged code running in key8, relying on a single component called ZIS to own all of the privileged code logic.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

agree. done

Signed-off-by: Andrew Jandacek <andrew.jandacek@broadcom.com>
Signed-off-by: Andrew Jandacek <andrew.jandacek@broadcom.com>
Signed-off-by: Andrew Jandacek <andrew.jandacek@broadcom.com>

One option to configure Zowe is by directly customizing JCLs. The Zowe Runtime Dataset `SZWESAMP` contains JCL samples that have templates referencing Zowe YAML parameters. These samples should not be submitted without modification. Samples that are submitted without modification will end unsuccessfully with a JCL ERROR status.

Edit and submit the job `SZWESAMP(ZWEGENER)` to validate the contents of your `zowe.yaml` before resolving the `JCL templates` and placing the resulting JCL into a separate data set created during installation. The location is specified in `zowe.setup.dataset.jcllib`.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

jcllib is not created by zwe install. This dataset is created by zwe init (generate):
...into a separate data set created by ZWEGENER job.

| Task | Description | Sample JCL|
|------|-------------|-----------|
|Create Instance Datasets | <br />**Purpose:**<br /> Create datasets for Zowe's PARMLIB content and non-ZFS extension content for a given Zowe Instance <br /> **Action:**<br /> 1) Allocate the PDSE FB80 dataset with at least 15 tracks named from Zowe parameter `zowe.setup.dataset.parmlib`<br/>2) Allocate the PDSE FB80 dataset with at least 30 tracks named from Zowe parameter `zowe.setup.dataset.authPluginLib`<br/>3) Copy the member `ZWESIP00` from `zowe.setup.dataset.prefix.SZWESAMP` into `zowe.setup.dataset.parmlib` | [ZWEIMVS](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIMVS)
|APF Authorize privileged content | <br />**Purpose:**<br /> The majority of Zowe is unprivileged code running in key8. Zowe relies on a single component called ZIS to own all of the privileged code logic. The load library for the ZIS component and its extension library must be set as APF authorized and run in key 4 to use ZIS and components that depend upon it. <br /> **Action:**<br />1) APF authorize the datasets defined at `zowe.setup.dataset.authLoadlib` and `zowe.setup.dataset.authPluginLib`. <br />2) Define PPT entries for the members `ZWESIS01` and `ZWESAUX` as Key 4, NOSWAP in the `SCHEDxx` member of the system PARMLIB. | [ZWEIAPF](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIAPF) <br />
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

key8 -> Key 8

|APF Authorize privileged content | <br />**Purpose:**<br /> The majority of Zowe is unprivileged code running in key8. Zowe relies on a single component called ZIS to own all of the privileged code logic. The load library for the ZIS component and its extension library must be set as APF authorized and run in key 4 to use ZIS and components that depend upon it. <br /> **Action:**<br />1) APF authorize the datasets defined at `zowe.setup.dataset.authLoadlib` and `zowe.setup.dataset.authPluginLib`. <br />2) Define PPT entries for the members `ZWESIS01` and `ZWESAUX` as Key 4, NOSWAP in the `SCHEDxx` member of the system PARMLIB. | [ZWEIAPF](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIAPF) <br />
Grant SAF premissions | <br />**Purpose:**<br /> The STC accounts for Zowe need permissions for operating servers, and users need permissions for interacting with the servers. <br />**Action:**<br /> [Set SAF permissions for accounts](https://docs.zowe.org/stable/user-guide/assign-security-permissions-to-users#security-permissions-reference-table) | RACF: [ZWEIRAC](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIRAC) <br /> TSS: [ZWEITSS](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEITSS) <br /> ACF2: [ZWEIACF](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/SZWIACF) <br />
|(z/OS v2.4 ONLY) Create Zowe SAF Resource Class | On z/OS v2.4, the SAF resource class for Zowe is not included, and must be created. This step is not needed on z/OS v2.5 and later versions. | RACF: [ZWEIRACZ](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIRACZ) <br />TSS: [ZWEITSSZ](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEITSSZ) <br />ACF2: [ZWEIACFZ](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIACFZ)
Copy STC JCL to PROCLIB | <br />**Purpose:**<br /> The job ZWESLSTC runs Zowe's webservers. and The job ZWESISTC runs the APF authorized cross-memory server. The job ZWESASTC is started by ZWESISTC on an as-needed basis. <br /> **Action:**<br /> Copy the members ZWESLSTC, ZWESISTC, and ZWESASTC into your desired PROCLIB. If the job names are customized, also modify the YAML values of them in `zowe.setup.security.stcs`. | [ZWEISTC](ZWEISTC)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The job ZWESLSTC runs Zowe's webservers. and The job ZWESISTC
->
The job ZWESLSTC runs Zowe's webservers and the job ZWESISTC

Ensure that your Zowe keyring has the following elements:

* **Private key & certificate pair**
The Zowe Servers will use this certificate. Ensure that the certificate either does not have the `Extended Key Usage` attribute, or alternatively, that the certificate does have `Extended Key Usage` with both `Server Authorization` and `Client Authorization` values.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Collaborator

@Martin-Zeithaml Martin-Zeithaml left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved. This doc is referring only new samples, which were already added to 2.17. This can go to v2.

Signed-off-by: Andrew Jandacek <andrew.jandacek@broadcom.com>
Signed-off-by: Andrew Jandacek <andrew.jandacek@broadcom.com>
Signed-off-by: Andrew Jandacek <andrew.jandacek@broadcom.com>
Copy link
Collaborator

@janan07 janan07 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed and edited by doc squad

Signed-off-by: Andrew Jandacek <andrew.jandacek@broadcom.com>
Signed-off-by: Andrew Jandacek <andrew.jandacek@broadcom.com>
Comment on lines 9 to 13
permissions:
deployments: write
issues: write
pull-requests: write
statuses: write
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lparadkar-rocket
Please revert these changes
Also, please avoid changing workflows without discussing with other squads 😋

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed, but I don't see in the list of commits where these permissions were removed in the first place.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lparadkar-rocket, I'm sorry for incorrectly tagging you.

After looking through the history a bit more closely, I noticed that it was someone else.
My apologies 😢

Copy link

github-actions bot commented Sep 11, 2024

@github-actions github-actions bot temporarily deployed to pull request September 11, 2024 14:10 Inactive
DCO Remediation Commit for Andrew Jandacek <andrew.jandacek@broadcom.com>

I, Andrew Jandacek <andrew.jandacek@broadcom.com>, hereby add my Signed-off-by to this commit: 4a0ee65

Signed-off-by: Andrew Jandacek <andrew.jandacek@broadcom.com>
@github-actions github-actions bot temporarily deployed to pull request September 11, 2024 14:27 Inactive
|------|-----------|
|Remove Instance Datasets | [ZWERMVS](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWERMVS)
|Remove SAF Permissions | [ZWENOSEC](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWENOSEC)
|Remove Keyring | [ZWENOKR](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWENOKR) |
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is ESM (External Security Manager) dependent, there is no ZWENOKR anymore, but ZWENOKRA, ZWENOKRR and ZWENOKRT (last letter is ESM: A=ACF2, R=RACF and T=TSS).

|------|-------------|-----------|
|Create Instance Datasets | <br />**Purpose:**<br /> Create datasets for Zowe's PARMLIB content and non-ZFS extension content for a given Zowe Instance <br /> **Action:**<br /> 1) Allocate the PDSE FB80 dataset with at least 15 tracks named from Zowe parameter `zowe.setup.dataset.parmlib`<br/>2) Allocate the PDSE FB80 dataset with at least 30 tracks named from Zowe parameter `zowe.setup.dataset.authPluginLib`<br/>3) Copy the member `ZWESIP00` from `zowe.setup.dataset.prefix.SZWESAMP` into `zowe.setup.dataset.parmlib` | [ZWEIMVS](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIMVS)
|APF Authorize privileged content | <br />**Purpose:**<br /> The majority of Zowe is unprivileged code running in Key 8. Zowe relies on a single component called ZIS to own all of the privileged code logic. The load library for the ZIS component and its extension library must be set as APF authorized and run in Key 4 to use ZIS and components that depend upon it. <br /> **Action:**<br />1) APF authorize the datasets defined at `zowe.setup.dataset.authLoadlib` and `zowe.setup.dataset.authPluginLib`. <br />2) Define PPT entries for the members `ZWESIS01` and `ZWESAUX` as Key 4, NOSWAP in the `SCHEDxx` member of the system PARMLIB. | [ZWEIAPF](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIAPF) <br />
Grant SAF premissions | <br />**Purpose:**<br /> The STC accounts for Zowe need permissions for operating servers, and users need permissions for interacting with the servers. <br />**Action:**<br /> [Set SAF permissions for accounts](https://docs.zowe.org/stable/user-guide/assign-security-permissions-to-users#security-permissions-reference-table) | RACF: [ZWEIRAC](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIRAC) <br /> TSS: [ZWEITSS](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEITSS) <br /> ACF2: [ZWEIACF](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/SZWIACF) <br />
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SZWIACF -> ZWEIACF

|APF Authorize privileged content | <br />**Purpose:**<br /> The majority of Zowe is unprivileged code running in Key 8. Zowe relies on a single component called ZIS to own all of the privileged code logic. The load library for the ZIS component and its extension library must be set as APF authorized and run in Key 4 to use ZIS and components that depend upon it. <br /> **Action:**<br />1) APF authorize the datasets defined at `zowe.setup.dataset.authLoadlib` and `zowe.setup.dataset.authPluginLib`. <br />2) Define PPT entries for the members `ZWESIS01` and `ZWESAUX` as Key 4, NOSWAP in the `SCHEDxx` member of the system PARMLIB. | [ZWEIAPF](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIAPF) <br />
Grant SAF premissions | <br />**Purpose:**<br /> The STC accounts for Zowe need permissions for operating servers, and users need permissions for interacting with the servers. <br />**Action:**<br /> [Set SAF permissions for accounts](https://docs.zowe.org/stable/user-guide/assign-security-permissions-to-users#security-permissions-reference-table) | RACF: [ZWEIRAC](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIRAC) <br /> TSS: [ZWEITSS](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEITSS) <br /> ACF2: [ZWEIACF](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/SZWIACF) <br />
|(z/OS v2.4 ONLY) Create Zowe SAF Resource Class | On z/OS v2.4, the SAF resource class for Zowe is not included, and must be created. This step is not needed on z/OS v2.5 and later versions. | RACF: [ZWEIRACZ](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIRACZ) <br />TSS: [ZWEITSSZ](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEITSSZ) <br />ACF2: [ZWEIACFZ](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIACFZ)
Copy STC JCL to PROCLIB | <br />**Purpose:**<br /> The job ZWESLSTC runs Zowe's webservers. The job ZWESISTC runs the APF authorized cross-memory server. The job ZWESASTC is started by ZWESISTC on an as-needed basis. <br /> **Action:**<br /> Copy the members ZWESLSTC, ZWESISTC, and ZWESASTC into your desired PROCLIB. If the job names are customized, also modify the YAML values of them in `zowe.setup.security.stcs`. | [ZWEISTC](ZWEISTC)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The correct link is
[ZWEISTC](https://github.com/zowe/zowe-install-packaging/blob/v2.x/staging/files/SZWESAMP/ZWEISTC)

Signed-off-by: Andrew Jandacek <andrew.jandacek@broadcom.com>
Signed-off-by: Andrew Jandacek <andrew.jandacek@broadcom.com>
@github-actions github-actions bot temporarily deployed to pull request September 12, 2024 09:36 Inactive
Signed-off-by: Andrew Jandacek <andrew.jandacek@broadcom.com>
@github-actions github-actions bot temporarily deployed to pull request September 12, 2024 10:02 Inactive
Signed-off-by: Andrew Jandacek <andrew.jandacek@broadcom.com>
Signed-off-by: Andrew Jandacek <andrew.jandacek@broadcom.com>
@github-actions github-actions bot temporarily deployed to pull request September 12, 2024 10:20 Inactive
Signed-off-by: Andrew Jandacek <andrew.jandacek@broadcom.com>
@github-actions github-actions bot temporarily deployed to pull request September 12, 2024 11:58 Inactive
@janan07 janan07 merged commit a1b30e0 into master Sep 12, 2024
4 checks passed
@janan07 janan07 deleted the LP_install_checklist_Add_Config_by_JCL branch September 12, 2024 12:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area: install and config Issues related to z/OS install and config release: V2 Zowe V2 content review: doc Needs review by Doc Squad member review: sme Needs review by an SME
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants