From cee044e07c3282913b3807ef6dcac66795ea1234 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 24 Jul 2023 16:05:35 -0400 Subject: [PATCH] prototype of template-based yamls as an alternative to basic example yaml Signed-off-by: 1000TurquoisePogs --- defaults.yaml | 97 ++++++ example-zowe-connect-keyring.yaml | 479 ++++++++++++++++++++++++++ example-zowe-generated-keyring.yaml | 490 +++++++++++++++++++++++++++ example-zowe-generated-pkcs12.yaml | 498 ++++++++++++++++++++++++++++ example-zowe-imported-keyring.yaml | 479 ++++++++++++++++++++++++++ example-zowe-imported-pkcs12.yaml | 492 +++++++++++++++++++++++++++ 6 files changed, 2535 insertions(+) create mode 100644 defaults.yaml create mode 100644 example-zowe-connect-keyring.yaml create mode 100644 example-zowe-generated-keyring.yaml create mode 100644 example-zowe-generated-pkcs12.yaml create mode 100644 example-zowe-imported-keyring.yaml create mode 100644 example-zowe-imported-pkcs12.yaml diff --git a/defaults.yaml b/defaults.yaml new file mode 100644 index 0000000000..dcafb00909 --- /dev/null +++ b/defaults.yaml @@ -0,0 +1,97 @@ +################################################################################ +# This program and the accompanying materials are made available under the terms of the +# Eclipse Public License v2.0 which accompanies this distribution, and is available at +# https://www.eclipse.org/legal/epl-v20.html +# +# SPDX-License-Identifier: EPL-2.0 +# +# Copyright Contributors to the Zowe Project. +################################################################################ + +#=============================================================================== +# +# This is a YAML configuration file for Zowe instance. +# +# To learn more about YAML specifications, please check https://yaml.org/.# +# To learn more details about the entries, please check https://docs.zowe.org/. +# +# +# This is a default file for zowe configuration. +# You should not edit it. +# Instead, you can add it to your list of configuration files +# To reduce the amount of customization you need to do. +# To learn more about collecting a list of such files, +# See https://docs.zowe.org/stable/user-guide/configmgr-using/ +# +# Note: This file requires configmgr to use, zowe.useConfigmgr=true must be set. +#=============================================================================== + +zowe: + setup: + dataset: + parmlib: ${{ zowe.setup.dataset.prefix }}.CUST.PARMLIB + # Holds Zowe PARMLIB members for plugins + parmlibMembers: + # For ZIS plugins + zis: ZWESIP00 + # JCL library where Zowe will store temporary JCLs during initialization + jcllib: ${{ zowe.setup.dataset.prefix }}.CUST.JCLLIB + # Utilities for use by Zowe and extensions + loadlib: ${{ zowe.setup.dataset.prefix }}.SZWELOAD + # APF authorized LOADLIB for Zowe + authLoadlib: ${{ zowe.setup.dataset.prefix }}.SZWEAUTH + # APF authorized LOADLIB for Zowe ZIS Plugins + authPluginLib: ${{ zowe.setup.dataset.prefix }}.CUST.ZWESAPL + # Zowe workspace directory for storing settings + workspaceDirectory: ${{ zowe.templates.instanceDirectory }}/workspace + + # Where extensions are installed + extensionDirectory: ${{ zowe.templates.instanceDirectory }}/extensions + + useConfigmgr: true + # Setting to true will enable abilities as seen in the documentation: + # https://docs.zowe.org/stable/user-guide/configmgr-using/ + configmgr: + # STRICT=quit on any error, including missing schema + # COMPONENT-COMPAT=if component missing schema, skip it with warning instead of quit + validation: "COMPONENT-COMPAT" + + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # This is an ID you use to separate multiple Zowe installs when determining + # resource names used in RBAC authorization checks such as dataservices with RBAC + # expects this ID in SAF resources + rbacProfileIdentifier: ${{ zowe.template.instanceNickname }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # This is an ID that can be used by servers that distinguish their cookies from unrelated Zowe installs, + # for purposes such as to allow multiple copies of Zowe to be used within the same client + cookieIdentifier: ${{ zowe.template.instanceNickname }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # Enable debug mode for zowe launch scripts + launchScript: + # set to "debug" or "trace" to display extra debug information + logLevel: "${{ ()=> { if (zowe.templates.trace.zwe === true) { return 'trace' } else { return 'info' } }() }}" + + + + components: + gateway: + apiml: + security: + auth: + provider: "${{ ()-> {if (zOSMF.host) { return 'zosmf' } else { return 'saf' } }() }}" + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + jobs-api: + enabled: false + debug: ${{ zowe.templates.trace.components }} + port: 7558 + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + files-api: + enabled: false + debug: ${{ zowe.templates.trace.components }} + port: 7559 + diff --git a/example-zowe-connect-keyring.yaml b/example-zowe-connect-keyring.yaml new file mode 100644 index 0000000000..910d0dfc9b --- /dev/null +++ b/example-zowe-connect-keyring.yaml @@ -0,0 +1,479 @@ +################################################################################ +# This program and the accompanying materials are made available under the terms of the +# Eclipse Public License v2.0 which accompanies this distribution, and is available at +# https://www.eclipse.org/legal/epl-v20.html +# +# SPDX-License-Identifier: EPL-2.0 +# +# Copyright Contributors to the Zowe Project. +################################################################################ + +#=============================================================================== +# +# Zowe templated configuration example, keystore scenario 5 +# Keystore: z/OS key ring based, with certificates imported via connect +# +#=============================================================================== + +#=============================================================================== +# This is a YAML configuration file for Zowe instance. +# +# YAML is a human-friendly data serialization language for all programming languages. +# To learn more about YAML specifications, please check https://yaml.org/. +# To learn more details about the entries, please check https://docs.zowe.org/. +#=============================================================================== + +#=============================================================================== +# This is a templated configuration file for Zowe. +# Templates are simple javascript within ${{ }} code blocks that simplify +# Variable configuration, such as having one item based upon another or your system. +# You do not need to edit any section with ${{ }}, but it is possible. +# +# This file requires configmgr to use, so zowe.useConfigmgr=true must be set (default) +# +# This file must be used in combination with defaults.yaml, which is not to be edited. +# To use this file, you should copy it out to a location you wish to keep, +# And then reference it and defaults.yaml in your configuration as +# FILE(/path/to/your/zowe.yaml):FILE(/zowe/runtime/defaults.yaml) +# +# To learn more about templates, combining files, and configmgr, +# See https://docs.zowe.org/stable/user-guide/configmgr-using/ +# +# +# If you modify any settings listed in "zwe init --help" command, you may need to +# re-run "zwe init" command to make them take effect. +#=============================================================================== + +#=============================================================================== +# RECOMMENDATIONS +# +# This file is for running zowe with a file-based (PKCS12) keystore generated by Zowe. +# In this scenario, we recommend editing the following: +# +# Set zowe.templates to define the name and location of the new Zowe instance +# +# Customize the zowe.setup sections to your liking. +# +# Customize the zowe.externalDomains and zOSMF.host values if needed. +# If the &SYSNAME value is fine but you need a fully qualified name, +# you can append to the value, such as +# ${{ zos.resolveSymbol('&SYSNAME') }}.mycompany.com +# +# zOSMF is recommended but optional. If you don't use zOSMF, omit the section +# +# Customize each "port" entry you see to your liking. +# Each is a TCP port that must be accessible to the STC account, aside from zOSMF +# +# Define corect environment variable values +# for NODE_HOME and JAVA_HOME for the STC account, or +# customize the value of java.home and node.home. +#=============================================================================== + +#------------------------------------------------------------------------------- +# Zowe global configurations +# +# This section is used by most `zwe` commands such as install and start. +# It controls attributes of Zowe that are used by more than one component. +#------------------------------------------------------------------------------- +zowe: + # You can put anything here for controlling other properties via templating. + # See the documentation on templating: + # https://docs.zowe.org/stable/user-guide/configmgr-using/ + # + # Note: you should not remove the default templates here as they're used elsewhere + # and may be referenced in documentation or support. + templates: + instanceDirectory: /global/zowe + instanceNickname: "1" + features: + apiMediationLayer: true + appFramework: true + trace: + components: false + zwe: false + + #------------------------------------------------------------------------------- + # The "zowe.setup" section is used by the "zwe install" and "zwe init" commands. + #------------------------------------------------------------------------------- + setup: + #----------------------------------------------------------------------------- + # MVS data set related configurations + # "zowe.setup.dataset" is used by "zwe install", "zwe init mvs", "zwe init stc" + #----------------------------------------------------------------------------- + dataset: + prefix: IBM + # PROCLIB where Zowe STCs will be copied over + proclib: USER.PROCLIB + + #----------------------------------------------------------------------------- + # "zowe.setup.security" is used by "zwe init security" + #----------------------------------------------------------------------------- + security: + # security product name. Can be RACF, ACF2 or TSS + product: RACF + # security group name + groups: + # Zowe admin user group + admin: ZWEADMIN + stc: ${{ zowe.setup.security.groups.admin }} + sysProg: ${{ zowe.setup.security.groups.admin }} + users: + # Zowe runtime user name of main service + zowe: ZWESVUSR + # Zowe runtime user name of ZIS + zis: ZWESIUSR + # Names of STCs + stcs: + # Main service + zowe: ZWESLSTC + # APF service + zis: ZWESISTC + # Aux for APF service. Starts up as needed, do not start manually. + aux: ZWESASTC + + # >>>> Certificate setup scenario 5 + # z/OS Keyring with importing certificate stored in data set + #----------------------------------------------------------------------------- + # "zowe.setup.certificate" is used by "zwe init certificate" + #----------------------------------------------------------------------------- + certificate: + # Type of certificate storage. Valid values are: JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS + type: JCERACFKS + keyring: + # Case sensitive + name: ZoweKeyring + connect: + # Current owner of the existing certificate, can be SITE or an user ID. + user: IBMUSER + # Label of the existing certificate will be connected to Zowe keyring. + label: "" + # If you have other certificate authorities want to be trusted in Zowe keyring, + # list the certificate labels here. + # **NOTE**, due to the limitation of RACDCERT command, this field should + # contain maximum 2 entries. + importCertificateAuthorities: + - "" + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # VSAM configurations if you are using VSAM as Caching Service storage + #----------------------------------------------------------------------------- + # "zowe.setup.vsam" is used by "zwe init vsam" + #----------------------------------------------------------------------------- + vsam: + # VSAM data set with Record-Level-Sharing enabled or not + # Valid values could be: NONRLS or RLS. + mode: NONRLS + # Volume name if you are using VSAM in NONRLS mode + volume: "" + # Storage class name if you are using VSAM in RLS mode + storageClass: "" + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # Zowe runtime (root) directory + # + # **NOTE**: if it is not specified and you passed "--update-config" argument + # when you run "zwe init" command, this value will be updated with the Zowe + # runtime where the "zwe" command is located. + # + # This value is required by ZWESLSTC to know where is Zowe runtime. + runtimeDirectory: "" + + # Where to store runtime logs + logDirectory: ${{ zowe.templates.instanceDirectory }}/logs + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # runtime z/OS job name + job: + # Prefix of component address space + prefix: ZWE1 + # Zowe JES job name + name: ${{ zowe.job.prefix }} + + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # You can list your external domains how you want to access Zowe. + # This should be the domain list you would like to put into your web browser + # address bar. + externalDomains: + # this should be the domain name to access Zowe APIML Gateway + - ${{ zos.resolveSymbol('&SYSNAME') }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # This is the port you use to access Zowe Gateway from your web browser. + # + # In many use cases, this should be same as `components.gateway.port`. But in + # some use cases, like containerization, this port could be different. + externalPort: ${{ components.gateway.port }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # You can un-comment and define any extra environment variables as key/value + # pairs here. + # environments: + # # Example of a global environment variable for all components + # MY_ENV_VAR: my_env_val + + # # Another example to customize SSH port for VT Terminal Desktop app + # ZWED_SSH_PORT: 22 + # ZWED_TN3270_PORT: 23 + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # Controls for zwe behavior + launchScript: + # set to "exit" if you'd like startup to exit if any component has an error in the configure stage, otherwise zwe will warn but continue. + onComponentConfigureFail: "warn" + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # Default Zowe certificate + # + # **NOTE**: these fields can be updated automatically if you pass + # `--update-config` to `zwe init` command. The generated value will base on + # your setup in `zowe.setup.certificate` section. + certificate: + keystore: + type: ${{ zowe.setup.certificate.type }} + file: safkeyring://${{ zowe.setup.security.users.zowe }}/${{ zowe.setup.certificate.keyring.name }} + password: password + # alias is the name of your key/cert. When using keyrings, get the Case Sensitive, Space Sensitive value in a TSO list ring. + alias: localhost + truststore: + # truststore usually has same values as keystore (minus alias), but can be different if desired. + type: ${{ zowe.certificate.keystore.type }} + file: ${{ zowe.certificate.keystore.file }} + password: ${{ zowe.certificate.keystore.password }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # How we want to verify SSL certificates of services. Valid values are: + # - STRICT: will validate if the certificate is trusted in our trust store and + # if the certificate Command Name and Subject Alternative Name (SAN) + # is validate. This is recommended for the best security. + # - NONSTRICT: will validate if the certificate is trusted in our trust store. + # This mode does not validate certificate Common Name and Subject + # Alternative Name (SAN). + # - DISABLED: disable certificate validation. This is NOT recommended for + # security + verifyCertificates: STRICT + +#------------------------------------------------------------------------------- +# Java configuration - Needed for components that require java +#------------------------------------------------------------------------------- +java: + # Path to your Java home directory + # For example, if java is at /programs/java-vX.Y.Z/bin/java, the home would be + # at "/programs/java-vX.Y.Z", excluding /bin/java + home: ${{ std.getenv('JAVA_HOME') }} + + +#------------------------------------------------------------------------------- +# node.js configuration - Needed for components that require node.js +#------------------------------------------------------------------------------- +node: + # Path to your node.js home directory. + # For example, if node is at /programs/nodejs-vX.Y.Z/bin/node, the home would be + # at "/programs/nodejs-vX.Y.Z", excluding /bin/node + home: ${{ std.getenv('NODE_HOME') }} + + +#------------------------------------------------------------------------------- +# z/OSMF configuration - When present, provides useful APIs and features. +#------------------------------------------------------------------------------- +zOSMF: + # host name of your z/OSMF instance + host: ${{ zos.resolveSymbol('&SYSNAME') }} + port: 443 + applId: IZUDFLT + + +#------------------------------------------------------------------------------- +# Zowe components default configurations +# +# This section includes default configurations for all Zowe components installed +# on the Zowe instance. +# +# Every component should define their own section under `components` with their +# component ID. +# +# For each component, they can always have "enabled" property and "certificate" +# property. More configurations for each component can be found in component +# manifest file. +#------------------------------------------------------------------------------- +components: + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + gateway: + enabled: ${{ zowe.templates.features.apiMediationLayer }} + port: 7554 + debug: ${{ zowe.templates.trace.components }} + + apiml: + security: + auth: + zosmf: + jwtAutoconfiguration: auto + serviceId: zosmf + authorization: + endpoint: + enabled: false + provider: "" + x509: + enabled: false + server: + internal: + # gateway supports internal connector + enabled: false + port: 7550 + ssl: + enabled: false + # internal connector can use different certificate + # certificate: + # keystore: + # alias: "" + + # If we customize this to use different external certificate, than should also + # define "server.internal.ssl.certificate" and enable "server.internal.ssl.enabled". + # certificate: + # keystore: + # alias: "" + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + metrics-service: + enabled: false + port: 7551 + debug: ${{ zowe.templates.trace.components }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + cloud-gateway: + enabled: false + port: 7563 + debug: ${{ zowe.templates.trace.components }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + api-catalog: + enabled: ${{ zowe.templates.features.apiMediationLayer }} + port: 7552 + debug: ${{ zowe.templates.trace.components }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + discovery: + enabled: ${{ zowe.templates.features.apiMediationLayer }} + port: 7553 + debug: ${{ zowe.templates.trace.components }} + # Define this value to match your number of Discovery StatefulSet if you are running containerized Zowe + # replicas: 1 + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + caching-service: + enabled: ${{ zowe.templates.features.apiMediationLayer }} + port: 7555 + debug: ${{ zowe.templates.trace.components }} + + storage: + evictionStrategy: reject + # can be inMemory, VSAM, redis or infinispan + mode: VSAM + size: 10000 + vsam: + # your VSAM data set created by "zwe init vsam" command or ZWECSVSM JCL + # this is required if storage mode is VSAM + name: "" + infinispan: + # this is required if storage mode is infinispan + jgroups: + port: 7600 + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + app-server: + enabled: ${{ zowe.templates.features.appFramework }} + port: 7556 + debug: ${{ zowe.templates.trace.components }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + zss: + enabled: ${{ zowe.templates.features.appFramework }} + port: 7557 + crossMemoryServerName: ZWESIS_STD + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + explorer-jes: + enabled: ${{ zowe.templates.features.appFramework }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + explorer-mvs: + enabled: ${{ zowe.templates.features.appFramework }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + explorer-uss: + enabled: ${{ zowe.templates.features.appFramework }} + +#------------------------------------------------------------------------------- +# Zowe high availability instances customizations +# +# This section includes customizations for each Zowe high availability instance. +# +# You can start each HA instance with `zwe start --ha-instance `. +#------------------------------------------------------------------------------- +# haInstances: +# +# # HA instance ID +# lpar1: +# # hostname where this instance will be started +# hostname: lpar1.my-company.com +# # Your &SYSNAME for this LPAR +# # This sysname will be used to route your JES command to target system. +# sysname: LPR1 +# # for this HA instance, we did not customize "components", so it will use default value. + +# # HA instance ID, we will start 2 instances on LPAR2 +# # **NOTE**, we can only start one gateway in same LPAR. +# lpar2a: +# # hostname where this instance will be started +# hostname: lpar2.my-company.com +# # Your &SYSNAME for this LPAR +# # This sysname will be used to route your JES command to target system. +# sysname: LPR2 + +# # These configurations will overwrite highest level default "components" configuration +# components: +# discovery: +# # use customized port on this instance +# port: 17553 +# api-catalog: +# port: 17552 +# app-server: +# # no app-server in this instance +# enabled: false +# zss: +# # no app-server in this instance +# enabled: false +# jobs-api: +# port: 18545 +# enabled: true +# files-api: +# port: 18547 +# enabled: true +# caching-service: +# port: 17555 +# +# lpar2b: +# hostname: lpar2.my-company.com +# # your &SYSNAME for this LPAR +# sysname: LPR2 + +# # These configurations will overwrite highest level default "components" configuration +# components: +# gateway: +# enabled: false +# discovery: +# enabled: false +# api-catalog: +# enabled: false +# app-server: +# enabled: false +# port: 28544 +# zss: +# port: 28542 +# jobs-api: +# enabled: true +# files-api: +# enabled: false +# caching-service: +# enabled: false diff --git a/example-zowe-generated-keyring.yaml b/example-zowe-generated-keyring.yaml new file mode 100644 index 0000000000..0154da7951 --- /dev/null +++ b/example-zowe-generated-keyring.yaml @@ -0,0 +1,490 @@ +################################################################################ +# This program and the accompanying materials are made available under the terms of the +# Eclipse Public License v2.0 which accompanies this distribution, and is available at +# https://www.eclipse.org/legal/epl-v20.html +# +# SPDX-License-Identifier: EPL-2.0 +# +# Copyright Contributors to the Zowe Project. +################################################################################ + +#=============================================================================== +# +# Zowe templated configuration example, keystore scenario 3 +# Keystore: z/OS key ring based, with generated certificates +# +#=============================================================================== + +#=============================================================================== +# This is a YAML configuration file for Zowe instance. +# +# YAML is a human-friendly data serialization language for all programming languages. +# To learn more about YAML specifications, please check https://yaml.org/. +# To learn more details about the entries, please check https://docs.zowe.org/. +#=============================================================================== + +#=============================================================================== +# This is a templated configuration file for Zowe. +# Templates are simple javascript within ${{ }} code blocks that simplify +# Variable configuration, such as having one item based upon another or your system. +# You do not need to edit any section with ${{ }}, but it is possible. +# +# This file requires configmgr to use, so zowe.useConfigmgr=true must be set (default) +# +# This file must be used in combination with defaults.yaml, which is not to be edited. +# To use this file, you should copy it out to a location you wish to keep, +# And then reference it and defaults.yaml in your configuration as +# FILE(/path/to/your/zowe.yaml):FILE(/zowe/runtime/defaults.yaml) +# +# To learn more about templates, combining files, and configmgr, +# See https://docs.zowe.org/stable/user-guide/configmgr-using/ +# +# +# If you modify any settings listed in "zwe init --help" command, you may need to +# re-run "zwe init" command to make them take effect. +#=============================================================================== + +#=============================================================================== +# RECOMMENDATIONS +# +# This file is for running zowe with a file-based (PKCS12) keystore generated by Zowe. +# In this scenario, we recommend editing the following: +# +# Set zowe.templates to define the name and location of the new Zowe instance +# +# Customize the zowe.setup sections to your liking. +# +# Customize the zowe.externalDomains and zOSMF.host values if needed. +# If the &SYSNAME value is fine but you need a fully qualified name, +# you can append to the value, such as +# ${{ zos.resolveSymbol('&SYSNAME') }}.mycompany.com +# +# zOSMF is recommended but optional. If you don't use zOSMF, omit the section +# +# Customize each "port" entry you see to your liking. +# Each is a TCP port that must be accessible to the STC account, aside from zOSMF +# +# Define corect environment variable values +# for NODE_HOME and JAVA_HOME for the STC account, or +# customize the value of java.home and node.home. +#=============================================================================== + +#------------------------------------------------------------------------------- +# Zowe global configurations +# +# This section is used by most `zwe` commands such as install and start. +# It controls attributes of Zowe that are used by more than one component. +#------------------------------------------------------------------------------- +zowe: + # You can put anything here for controlling other properties via templating. + # See the documentation on templating: + # https://docs.zowe.org/stable/user-guide/configmgr-using/ + # + # Note: you should not remove the default templates here as they're used elsewhere + # and may be referenced in documentation or support. + templates: + instanceDirectory: /global/zowe + instanceNickname: "1" + features: + apiMediationLayer: true + appFramework: true + trace: + components: false + zwe: false + + #------------------------------------------------------------------------------- + # The "zowe.setup" section is used by the "zwe install" and "zwe init" commands. + #------------------------------------------------------------------------------- + setup: + #----------------------------------------------------------------------------- + # MVS data set related configurations + # "zowe.setup.dataset" is used by "zwe install", "zwe init mvs", "zwe init stc" + #----------------------------------------------------------------------------- + dataset: + prefix: IBM + # PROCLIB where Zowe STCs will be copied over + proclib: USER.PROCLIB + + #----------------------------------------------------------------------------- + # "zowe.setup.security" is used by "zwe init security" + #----------------------------------------------------------------------------- + security: + # security product name. Can be RACF, ACF2 or TSS + product: RACF + # security group name + groups: + # Zowe admin user group + admin: ZWEADMIN + stc: ${{ zowe.setup.security.groups.admin }} + sysProg: ${{ zowe.setup.security.groups.admin }} + users: + # Zowe runtime user name of main service + zowe: ZWESVUSR + # Zowe runtime user name of ZIS + zis: ZWESIUSR + # Names of STCs + stcs: + # Main service + zowe: ZWESLSTC + # APF service + zis: ZWESISTC + # Aux for APF service. Starts up as needed, do not start manually. + aux: ZWESASTC + + # >>>> Certificate setup scenario 3 + # z/OS key ring with Zowe generate certificates. + #----------------------------------------------------------------------------- + # "zowe.setup.certificate" is used by "zwe init certificate" + #----------------------------------------------------------------------------- + certificate: + # Type of certificate storage. Valid values are: JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS + type: JCERACFKS + createZosmfTrust: true + keyring: + name: ZoweKeyring + # Label of Zowe certificate. + label: localhost + # label of Zowe CA certificate. + caLabel: localca + # Distinguished name for Zowe generated certificates. + dname: + caCommonName: "" + commonName: "" + orgUnit: "" + org: "" + locality: "" + state: "" + country: "" + # Validity days for Zowe generated certificates + validity: 3650 + # Domain names and IPs should be added into certificate SAN + # **NOTE**: due to the limitation of RACDCERT command, this field should + # contain exactly 2 entries with the domain name and IP address. + san: ${{ zowe.externalDomains }} + + + + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # VSAM configurations if you are using VSAM as Caching Service storage + #----------------------------------------------------------------------------- + # "zowe.setup.vsam" is used by "zwe init vsam" + #----------------------------------------------------------------------------- + vsam: + # VSAM data set with Record-Level-Sharing enabled or not + # Valid values could be: NONRLS or RLS. + mode: NONRLS + # Volume name if you are using VSAM in NONRLS mode + volume: "" + # Storage class name if you are using VSAM in RLS mode + storageClass: "" + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # Zowe runtime (root) directory + # + # **NOTE**: if it is not specified and you passed "--update-config" argument + # when you run "zwe init" command, this value will be updated with the Zowe + # runtime where the "zwe" command is located. + # + # This value is required by ZWESLSTC to know where is Zowe runtime. + runtimeDirectory: "" + + # Where to store runtime logs + logDirectory: ${{ zowe.templates.instanceDirectory }}/logs + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # runtime z/OS job name + job: + # Prefix of component address space + prefix: ZWE1 + # Zowe JES job name + name: ${{ zowe.job.prefix }} + + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # You can list your external domains how you want to access Zowe. + # This should be the domain list you would like to put into your web browser + # address bar. + externalDomains: + # this should be the domain name to access Zowe APIML Gateway + - ${{ zos.resolveSymbol('&SYSNAME') }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # This is the port you use to access Zowe Gateway from your web browser. + # + # In many use cases, this should be same as `components.gateway.port`. But in + # some use cases, like containerization, this port could be different. + externalPort: ${{ components.gateway.port }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # You can un-comment and define any extra environment variables as key/value + # pairs here. + # environments: + # # Example of a global environment variable for all components + # MY_ENV_VAR: my_env_val + + # # Another example to customize SSH port for VT Terminal Desktop app + # ZWED_SSH_PORT: 22 + # ZWED_TN3270_PORT: 23 + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # Controls for zwe behavior + launchScript: + # set to "exit" if you'd like startup to exit if any component has an error in the configure stage, otherwise zwe will warn but continue. + onComponentConfigureFail: "warn" + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # Default Zowe certificate + # + # **NOTE**: these fields can be updated automatically if you pass + # `--update-config` to `zwe init` command. The generated value will base on + # your setup in `zowe.setup.certificate` section. + certificate: + keystore: + type: ${{ zowe.setup.certificate.type }} + file: safkeyring://${{ zowe.setup.security.users.zowe }}/${{ zowe.setup.certificate.keyring.name }} + password: password + # alias is the name of your key/cert. When using keyrings, get the Case Sensitive, Space Sensitive value in a TSO list ring. + alias: localhost + truststore: + # truststore usually has same values as keystore (minus alias), but can be different if desired. + type: ${{ zowe.certificate.keystore.type }} + file: ${{ zowe.certificate.keystore.file }} + password: ${{ zowe.certificate.keystore.password }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # How we want to verify SSL certificates of services. Valid values are: + # - STRICT: will validate if the certificate is trusted in our trust store and + # if the certificate Command Name and Subject Alternative Name (SAN) + # is validate. This is recommended for the best security. + # - NONSTRICT: will validate if the certificate is trusted in our trust store. + # This mode does not validate certificate Common Name and Subject + # Alternative Name (SAN). + # - DISABLED: disable certificate validation. This is NOT recommended for + # security + verifyCertificates: STRICT + +#------------------------------------------------------------------------------- +# Java configuration - Needed for components that require java +#------------------------------------------------------------------------------- +java: + # Path to your Java home directory + # For example, if java is at /programs/java-vX.Y.Z/bin/java, the home would be + # at "/programs/java-vX.Y.Z", excluding /bin/java + home: ${{ std.getenv('JAVA_HOME') }} + + +#------------------------------------------------------------------------------- +# node.js configuration - Needed for components that require node.js +#------------------------------------------------------------------------------- +node: + # Path to your node.js home directory. + # For example, if node is at /programs/nodejs-vX.Y.Z/bin/node, the home would be + # at "/programs/nodejs-vX.Y.Z", excluding /bin/node + home: ${{ std.getenv('NODE_HOME') }} + + +#------------------------------------------------------------------------------- +# z/OSMF configuration - When present, provides useful APIs and features. +#------------------------------------------------------------------------------- +zOSMF: + # host name of your z/OSMF instance + host: ${{ zos.resolveSymbol('&SYSNAME') }} + port: 443 + applId: IZUDFLT + + +#------------------------------------------------------------------------------- +# Zowe components default configurations +# +# This section includes default configurations for all Zowe components installed +# on the Zowe instance. +# +# Every component should define their own section under `components` with their +# component ID. +# +# For each component, they can always have "enabled" property and "certificate" +# property. More configurations for each component can be found in component +# manifest file. +#------------------------------------------------------------------------------- +components: + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + gateway: + enabled: ${{ zowe.templates.features.apiMediationLayer }} + port: 7554 + debug: ${{ zowe.templates.trace.components }} + + apiml: + security: + auth: + zosmf: + jwtAutoconfiguration: auto + serviceId: zosmf + authorization: + endpoint: + enabled: false + provider: "" + x509: + enabled: false + server: + internal: + # gateway supports internal connector + enabled: false + port: 7550 + ssl: + enabled: false + # internal connector can use different certificate + # certificate: + # keystore: + # alias: "" + + # If we customize this to use different external certificate, than should also + # define "server.internal.ssl.certificate" and enable "server.internal.ssl.enabled". + # certificate: + # keystore: + # alias: "" + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + metrics-service: + enabled: false + port: 7551 + debug: ${{ zowe.templates.trace.components }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + cloud-gateway: + enabled: false + port: 7563 + debug: ${{ zowe.templates.trace.components }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + api-catalog: + enabled: ${{ zowe.templates.features.apiMediationLayer }} + port: 7552 + debug: ${{ zowe.templates.trace.components }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + discovery: + enabled: ${{ zowe.templates.features.apiMediationLayer }} + port: 7553 + debug: ${{ zowe.templates.trace.components }} + # Define this value to match your number of Discovery StatefulSet if you are running containerized Zowe + # replicas: 1 + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + caching-service: + enabled: ${{ zowe.templates.features.apiMediationLayer }} + port: 7555 + debug: ${{ zowe.templates.trace.components }} + + storage: + evictionStrategy: reject + # can be inMemory, VSAM, redis or infinispan + mode: VSAM + size: 10000 + vsam: + # your VSAM data set created by "zwe init vsam" command or ZWECSVSM JCL + # this is required if storage mode is VSAM + name: "" + infinispan: + # this is required if storage mode is infinispan + jgroups: + port: 7600 + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + app-server: + enabled: ${{ zowe.templates.features.appFramework }} + port: 7556 + debug: ${{ zowe.templates.trace.components }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + zss: + enabled: ${{ zowe.templates.features.appFramework }} + port: 7557 + crossMemoryServerName: ZWESIS_STD + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + explorer-jes: + enabled: ${{ zowe.templates.features.appFramework }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + explorer-mvs: + enabled: ${{ zowe.templates.features.appFramework }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + explorer-uss: + enabled: ${{ zowe.templates.features.appFramework }} + +#------------------------------------------------------------------------------- +# Zowe high availability instances customizations +# +# This section includes customizations for each Zowe high availability instance. +# +# You can start each HA instance with `zwe start --ha-instance `. +#------------------------------------------------------------------------------- +# haInstances: +# +# # HA instance ID +# lpar1: +# # hostname where this instance will be started +# hostname: lpar1.my-company.com +# # Your &SYSNAME for this LPAR +# # This sysname will be used to route your JES command to target system. +# sysname: LPR1 +# # for this HA instance, we did not customize "components", so it will use default value. + +# # HA instance ID, we will start 2 instances on LPAR2 +# # **NOTE**, we can only start one gateway in same LPAR. +# lpar2a: +# # hostname where this instance will be started +# hostname: lpar2.my-company.com +# # Your &SYSNAME for this LPAR +# # This sysname will be used to route your JES command to target system. +# sysname: LPR2 + +# # These configurations will overwrite highest level default "components" configuration +# components: +# discovery: +# # use customized port on this instance +# port: 17553 +# api-catalog: +# port: 17552 +# app-server: +# # no app-server in this instance +# enabled: false +# zss: +# # no app-server in this instance +# enabled: false +# jobs-api: +# port: 18545 +# enabled: true +# files-api: +# port: 18547 +# enabled: true +# caching-service: +# port: 17555 +# +# lpar2b: +# hostname: lpar2.my-company.com +# # your &SYSNAME for this LPAR +# sysname: LPR2 + +# # These configurations will overwrite highest level default "components" configuration +# components: +# gateway: +# enabled: false +# discovery: +# enabled: false +# api-catalog: +# enabled: false +# app-server: +# enabled: false +# port: 28544 +# zss: +# port: 28542 +# jobs-api: +# enabled: true +# files-api: +# enabled: false +# caching-service: +# enabled: false diff --git a/example-zowe-generated-pkcs12.yaml b/example-zowe-generated-pkcs12.yaml new file mode 100644 index 0000000000..5223bbcfc9 --- /dev/null +++ b/example-zowe-generated-pkcs12.yaml @@ -0,0 +1,498 @@ +################################################################################ +# This program and the accompanying materials are made available under the terms of the +# Eclipse Public License v2.0 which accompanies this distribution, and is available at +# https://www.eclipse.org/legal/epl-v20.html +# +# SPDX-License-Identifier: EPL-2.0 +# +# Copyright Contributors to the Zowe Project. +################################################################################ + +#=============================================================================== +# +# Zowe templated configuration example, keystore scenario 1 +# Keystore: File-based (PKCS12), generated automatically by Zowe. +# +#=============================================================================== + +#=============================================================================== +# This is a YAML configuration file for Zowe instance. +# +# YAML is a human-friendly data serialization language for all programming languages. +# To learn more about YAML specifications, please check https://yaml.org/. +# To learn more details about the entries, please check https://docs.zowe.org/. +#=============================================================================== + +#=============================================================================== +# This is a templated configuration file for Zowe. +# Templates are simple javascript within ${{ }} code blocks that simplify +# Variable configuration, such as having one item based upon another or your system. +# You do not need to edit any section with ${{ }}, but it is possible. +# +# This file requires configmgr to use, so zowe.useConfigmgr=true must be set (default) +# +# This file must be used in combination with defaults.yaml, which is not to be edited. +# To use this file, you should copy it out to a location you wish to keep, +# And then reference it and defaults.yaml in your configuration as +# FILE(/path/to/your/zowe.yaml):FILE(/zowe/runtime/defaults.yaml) +# +# To learn more about templates, combining files, and configmgr, +# See https://docs.zowe.org/stable/user-guide/configmgr-using/ +# +# +# If you modify any settings listed in "zwe init --help" command, you may need to +# re-run "zwe init" command to make them take effect. +#=============================================================================== + +#=============================================================================== +# RECOMMENDATIONS +# +# This file is for running zowe with a file-based (PKCS12) keystore generated by Zowe. +# In this scenario, we recommend editing the following: +# +# Set zowe.templates to define the name and location of the new Zowe instance +# +# Customize the zowe.setup sections to your liking. +# +# Customize the zowe.externalDomains and zOSMF.host values if needed. +# If the &SYSNAME value is fine but you need a fully qualified name, +# you can append to the value, such as +# ${{ zos.resolveSymbol('&SYSNAME') }}.mycompany.com +# +# zOSMF is recommended but optional. If you don't use zOSMF, omit the section +# +# Customize each "port" entry you see to your liking. +# Each is a TCP port that must be accessible to the STC account, aside from zOSMF +# +# Define corect environment variable values +# for NODE_HOME and JAVA_HOME for the STC account, or +# customize the value of java.home and node.home. +#=============================================================================== + +#------------------------------------------------------------------------------- +# Zowe global configurations +# +# This section is used by most `zwe` commands such as install and start. +# It controls attributes of Zowe that are used by more than one component. +#------------------------------------------------------------------------------- +zowe: + # You can put anything here for controlling other properties via templating. + # See the documentation on templating: + # https://docs.zowe.org/stable/user-guide/configmgr-using/ + # + # Note: you should not remove the default templates here as they're used elsewhere + # and may be referenced in documentation or support. + templates: + instanceDirectory: /global/zowe + instanceNickname: "1" + features: + apiMediationLayer: true + appFramework: true + trace: + components: false + zwe: false + + #------------------------------------------------------------------------------- + # The "zowe.setup" section is used by the "zwe install" and "zwe init" commands. + #------------------------------------------------------------------------------- + setup: + #----------------------------------------------------------------------------- + # MVS data set related configurations + # "zowe.setup.dataset" is used by "zwe install" and "zwe init mvs" + # "zowe.setup.dataset" is used by "zwe install", "zwe init mvs", "zwe init stc" + #----------------------------------------------------------------------------- + dataset: + prefix: IBM + # PROCLIB where Zowe STCs will be copied over + proclib: USER.PROCLIB + + #----------------------------------------------------------------------------- + # "zowe.setup.security" is used by "zwe init security" + #----------------------------------------------------------------------------- + security: + # security product name. Can be RACF, ACF2 or TSS + product: RACF + # security group name + groups: + # Zowe admin user group + admin: ZWEADMIN + stc: ${{ zowe.setup.security.groups.admin }} + sysProg: ${{ zowe.setup.security.groups.admin }} + users: + # Zowe runtime user name of main service + zowe: ZWESVUSR + # Zowe runtime user name of ZIS + zis: ZWESIUSR + # Names of STCs + stcs: + # Main service + zowe: ZWESLSTC + # APF service + zis: ZWESISTC + # Aux for APF service. Starts up as needed, do not start manually. + aux: ZWESASTC + + # >>>> Certificate setup scenario 1 + # PKCS12 (keystore) with Zowe generate certificates. + #----------------------------------------------------------------------------- + # "zowe.setup.certificate" is used by "zwe init certificate" + #----------------------------------------------------------------------------- + certificate: + type: PKCS12 + pkcs12: + # Keystore directory + directory: /var/zowe/keystore + # Lock the keystore directory to only accessible by Zowe runtime user and group. + lock: true + # Certificate label (aka alias) name. + # Note: please use all lower case here. + name: localhost + # Keystore password. + password: password + # Alias name of self-signed certificate authority. + # Note: please use all lower cases as alias. + caAlias: local_ca + # Password of keystore stored self-signed certificate authority. + caPassword: local_ca_password + # Distinguished name for Zowe generated certificates. + dname: + caCommonName: "" + commonName: "" + orgUnit: "" + org: "" + locality: "" + state: "" + country: "" + # Validity days for Zowe generated certificates + validity: 3650 + # Domain names and IPs should be added into certificate SAN + san: ${{ zowe.externalDomains }} + + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # VSAM configurations if you are using VSAM as Caching Service storage + #----------------------------------------------------------------------------- + # "zowe.setup.vsam" is used by "zwe init vsam" + #----------------------------------------------------------------------------- + vsam: + # VSAM data set with Record-Level-Sharing enabled or not + # Valid values could be: NONRLS or RLS. + mode: NONRLS + # Volume name if you are using VSAM in NONRLS mode + volume: "" + # Storage class name if you are using VSAM in RLS mode + storageClass: "" + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # Zowe runtime (root) directory + # + # **NOTE**: if it is not specified and you passed "--update-config" argument + # when you run "zwe init" command, this value will be updated with the Zowe + # runtime where the "zwe" command is located. + # + # This value is required by ZWESLSTC to know where is Zowe runtime. + runtimeDirectory: "" + + # Where to store runtime logs + logDirectory: ${{ zowe.templates.instanceDirectory }}/logs + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # runtime z/OS job name + job: + # Prefix of component address space + prefix: ZWE1 + # Zowe JES job name + name: ${{ zowe.job.prefix }} + + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # You can list your external domains how you want to access Zowe. + # This should be the domain list you would like to put into your web browser + # address bar. + externalDomains: + # this should be the domain name to access Zowe APIML Gateway + - ${{ zos.resolveSymbol('&SYSNAME') }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # This is the port you use to access Zowe Gateway from your web browser. + # + # In many use cases, this should be same as `components.gateway.port`. But in + # some use cases, like containerization, this port could be different. + externalPort: ${{ components.gateway.port }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # You can un-comment and define any extra environment variables as key/value + # pairs here. + # environments: + # # Example of a global environment variable for all components + # MY_ENV_VAR: my_env_val + + # # Another example to customize SSH port for VT Terminal Desktop app + # ZWED_SSH_PORT: 22 + # ZWED_TN3270_PORT: 23 + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # Controls for zwe behavior + launchScript: + # set to "exit" if you'd like startup to exit if any component has an error in the configure stage, otherwise zwe will warn but continue. + onComponentConfigureFail: "warn" + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # Default Zowe certificate + # + # **NOTE**: these fields can be updated automatically if you pass + # `--update-config` to `zwe init` command. The generated value will base on + # your setup in `zowe.setup.certificate` section. + certificate: + keystore: + type: PKCS12 + file: ${{ zowe.setup.certificate.pkcs12.directory }}/localhost/localhost.keystore.p12 + password: ${{ zowe.setup.certificate.pkcs12.password }} + # alias is the name of your key/cert. When using keyrings, get the Case Sensitive, Space Sensitive value in a TSO list ring. + alias: localhost + truststore: + # truststore usually has same values as keystore (minus alias), but can be different if desired. + type: ${{ zowe.certificate.keystore.type }} + file: ${{ zowe.setup.certificate.pkcs12.directory }}/localhost/localhost.truststore.p12 + password: ${{ zowe.certificate.keystore.password }} + pem: + key: ${{ zowe.setup.certificate.pkcs12.directory }}/localhost/localhost.key + certificate: ${{ zowe.setup.certificate.pkcs12.directory }}/localhost/localhost.cer + certificateAuthorities: ${{ zowe.setup.certificate.pkcs12.directory }}/local_ca/local_ca.cer + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # How we want to verify SSL certificates of services. Valid values are: + # - STRICT: will validate if the certificate is trusted in our trust store and + # if the certificate Command Name and Subject Alternative Name (SAN) + # is validate. This is recommended for the best security. + # - NONSTRICT: will validate if the certificate is trusted in our trust store. + # This mode does not validate certificate Common Name and Subject + # Alternative Name (SAN). + # - DISABLED: disable certificate validation. This is NOT recommended for + # security + verifyCertificates: STRICT + +#------------------------------------------------------------------------------- +# Java configuration - Needed for components that require java +#------------------------------------------------------------------------------- +java: + # Path to your Java home directory + # For example, if java is at /programs/java-vX.Y.Z/bin/java, the home would be + # at "/programs/java-vX.Y.Z", excluding /bin/java + home: ${{ std.getenv('JAVA_HOME') }} + + +#------------------------------------------------------------------------------- +# node.js configuration - Needed for components that require node.js +#------------------------------------------------------------------------------- +node: + # Path to your node.js home directory. + # For example, if node is at /programs/nodejs-vX.Y.Z/bin/node, the home would be + # at "/programs/nodejs-vX.Y.Z", excluding /bin/node + home: ${{ std.getenv('NODE_HOME') }} + + +#------------------------------------------------------------------------------- +# z/OSMF configuration - When present, provides useful APIs and features. +#------------------------------------------------------------------------------- +zOSMF: + # host name of your z/OSMF instance + host: ${{ zos.resolveSymbol('&SYSNAME') }} + port: 443 + applId: IZUDFLT + + +#------------------------------------------------------------------------------- +# Zowe components default configurations +# +# This section includes default configurations for all Zowe components installed +# on the Zowe instance. +# +# Every component should define their own section under `components` with their +# component ID. +# +# For each component, they can always have "enabled" property and "certificate" +# property. More configurations for each component can be found in component +# manifest file. +#------------------------------------------------------------------------------- +components: + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + gateway: + enabled: ${{ zowe.templates.features.apiMediationLayer }} + port: 7554 + debug: ${{ zowe.templates.trace.components }} + + apiml: + security: + auth: + zosmf: + jwtAutoconfiguration: auto + serviceId: zosmf + authorization: + endpoint: + enabled: false + provider: "" + x509: + enabled: false + server: + internal: + # gateway supports internal connector + enabled: false + port: 7550 + ssl: + enabled: false + # internal connector can use different certificate + # certificate: + # keystore: + # alias: "" + + # If we customize this to use different external certificate, than should also + # define "server.internal.ssl.certificate" and enable "server.internal.ssl.enabled". + # certificate: + # keystore: + # alias: "" + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + metrics-service: + enabled: false + port: 7551 + debug: ${{ zowe.templates.trace.components }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + cloud-gateway: + enabled: false + port: 7563 + debug: ${{ zowe.templates.trace.components }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + api-catalog: + enabled: ${{ zowe.templates.features.apiMediationLayer }} + port: 7552 + debug: ${{ zowe.templates.trace.components }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + discovery: + enabled: ${{ zowe.templates.features.apiMediationLayer }} + port: 7553 + debug: ${{ zowe.templates.trace.components }} + # Define this value to match your number of Discovery StatefulSet if you are running containerized Zowe + # replicas: 1 + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + caching-service: + enabled: ${{ zowe.templates.features.apiMediationLayer }} + port: 7555 + debug: ${{ zowe.templates.trace.components }} + + storage: + evictionStrategy: reject + # can be inMemory, VSAM, redis or infinispan + mode: VSAM + size: 10000 + vsam: + # your VSAM data set created by "zwe init vsam" command or ZWECSVSM JCL + # this is required if storage mode is VSAM + name: "" + infinispan: + # this is required if storage mode is infinispan + jgroups: + port: 7600 + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + app-server: + enabled: ${{ zowe.templates.features.appFramework }} + port: 7556 + debug: ${{ zowe.templates.trace.components }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + zss: + enabled: ${{ zowe.templates.features.appFramework }} + port: 7557 + crossMemoryServerName: ZWESIS_STD + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + explorer-jes: + enabled: ${{ zowe.templates.features.appFramework }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + explorer-mvs: + enabled: ${{ zowe.templates.features.appFramework }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + explorer-uss: + enabled: ${{ zowe.templates.features.appFramework }} + +#------------------------------------------------------------------------------- +# Zowe high availability instances customizations +# +# This section includes customizations for each Zowe high availability instance. +# +# You can start each HA instance with `zwe start --ha-instance `. +#------------------------------------------------------------------------------- +# haInstances: +# +# # HA instance ID +# lpar1: +# # hostname where this instance will be started +# hostname: lpar1.my-company.com +# # Your &SYSNAME for this LPAR +# # This sysname will be used to route your JES command to target system. +# sysname: LPR1 +# # for this HA instance, we did not customize "components", so it will use default value. + +# # HA instance ID, we will start 2 instances on LPAR2 +# # **NOTE**, we can only start one gateway in same LPAR. +# lpar2a: +# # hostname where this instance will be started +# hostname: lpar2.my-company.com +# # Your &SYSNAME for this LPAR +# # This sysname will be used to route your JES command to target system. +# sysname: LPR2 + +# # These configurations will overwrite highest level default "components" configuration +# components: +# discovery: +# # use customized port on this instance +# port: 17553 +# api-catalog: +# port: 17552 +# app-server: +# # no app-server in this instance +# enabled: false +# zss: +# # no app-server in this instance +# enabled: false +# jobs-api: +# port: 18545 +# enabled: true +# files-api: +# port: 18547 +# enabled: true +# caching-service: +# port: 17555 +# +# lpar2b: +# hostname: lpar2.my-company.com +# # your &SYSNAME for this LPAR +# sysname: LPR2 + +# # These configurations will overwrite highest level default "components" configuration +# components: +# gateway: +# enabled: false +# discovery: +# enabled: false +# api-catalog: +# enabled: false +# app-server: +# enabled: false +# port: 28544 +# zss: +# port: 28542 +# jobs-api: +# enabled: true +# files-api: +# enabled: false +# caching-service: +# enabled: false diff --git a/example-zowe-imported-keyring.yaml b/example-zowe-imported-keyring.yaml new file mode 100644 index 0000000000..7698e3adc6 --- /dev/null +++ b/example-zowe-imported-keyring.yaml @@ -0,0 +1,479 @@ +################################################################################ +# This program and the accompanying materials are made available under the terms of the +# Eclipse Public License v2.0 which accompanies this distribution, and is available at +# https://www.eclipse.org/legal/epl-v20.html +# +# SPDX-License-Identifier: EPL-2.0 +# +# Copyright Contributors to the Zowe Project. +################################################################################ + +#=============================================================================== +# +# Zowe templated configuration example, keystore scenario 4 +# Keystore: z/OS key ring based, with certificates imported via dataset +# +#=============================================================================== + +#=============================================================================== +# This is a YAML configuration file for Zowe instance. +# +# YAML is a human-friendly data serialization language for all programming languages. +# To learn more about YAML specifications, please check https://yaml.org/. +# To learn more details about the entries, please check https://docs.zowe.org/. +#=============================================================================== + +#=============================================================================== +# This is a templated configuration file for Zowe. +# Templates are simple javascript within ${{ }} code blocks that simplify +# Variable configuration, such as having one item based upon another or your system. +# You do not need to edit any section with ${{ }}, but it is possible. +# +# This file requires configmgr to use, so zowe.useConfigmgr=true must be set (default) +# +# This file must be used in combination with defaults.yaml, which is not to be edited. +# To use this file, you should copy it out to a location you wish to keep, +# And then reference it and defaults.yaml in your configuration as +# FILE(/path/to/your/zowe.yaml):FILE(/zowe/runtime/defaults.yaml) +# +# To learn more about templates, combining files, and configmgr, +# See https://docs.zowe.org/stable/user-guide/configmgr-using/ +# +# +# If you modify any settings listed in "zwe init --help" command, you may need to +# re-run "zwe init" command to make them take effect. +#=============================================================================== + +#=============================================================================== +# RECOMMENDATIONS +# +# This file is for running zowe with a file-based (PKCS12) keystore generated by Zowe. +# In this scenario, we recommend editing the following: +# +# Set zowe.templates to define the name and location of the new Zowe instance +# +# Customize the zowe.setup sections to your liking. +# +# Customize the zowe.externalDomains and zOSMF.host values if needed. +# If the &SYSNAME value is fine but you need a fully qualified name, +# you can append to the value, such as +# ${{ zos.resolveSymbol('&SYSNAME') }}.mycompany.com +# +# zOSMF is recommended but optional. If you don't use zOSMF, omit the section +# +# Customize each "port" entry you see to your liking. +# Each is a TCP port that must be accessible to the STC account, aside from zOSMF +# +# Define corect environment variable values +# for NODE_HOME and JAVA_HOME for the STC account, or +# customize the value of java.home and node.home. +#=============================================================================== + +#------------------------------------------------------------------------------- +# Zowe global configurations +# +# This section is used by most `zwe` commands such as install and start. +# It controls attributes of Zowe that are used by more than one component. +#------------------------------------------------------------------------------- +zowe: + # You can put anything here for controlling other properties via templating. + # See the documentation on templating: + # https://docs.zowe.org/stable/user-guide/configmgr-using/ + # + # Note: you should not remove the default templates here as they're used elsewhere + # and may be referenced in documentation or support. + templates: + instanceDirectory: /global/zowe + instanceNickname: "1" + features: + apiMediationLayer: true + appFramework: true + trace: + components: false + zwe: false + + #------------------------------------------------------------------------------- + # The "zowe.setup" section is used by the "zwe install" and "zwe init" commands. + #------------------------------------------------------------------------------- + setup: + #----------------------------------------------------------------------------- + # MVS data set related configurations + # "zowe.setup.dataset" is used by "zwe install", "zwe init mvs", "zwe init stc" + #----------------------------------------------------------------------------- + dataset: + prefix: IBM + # PROCLIB where Zowe STCs will be copied over + proclib: USER.PROCLIB + + #----------------------------------------------------------------------------- + # "zowe.setup.security" is used by "zwe init security" + #----------------------------------------------------------------------------- + security: + # security product name. Can be RACF, ACF2 or TSS + product: RACF + # security group name + groups: + # Zowe admin user group + admin: ZWEADMIN + stc: ${{ zowe.setup.security.groups.admin }} + sysProg: ${{ zowe.setup.security.groups.admin }} + users: + # Zowe runtime user name of main service + zowe: ZWESVUSR + # Zowe runtime user name of ZIS + zis: ZWESIUSR + # Names of STCs + stcs: + # Main service + zowe: ZWESLSTC + # APF service + zis: ZWESISTC + # Aux for APF service. Starts up as needed, do not start manually. + aux: ZWESASTC + + + + # >>>> Certificate setup scenario 4 + # z/OS Keyring with importing certificate via connecting + #----------------------------------------------------------------------------- + # "zowe.setup.certificate" is used by "zwe init certificate" + #----------------------------------------------------------------------------- + certificate: + # Type of certificate storage. Valid values are: JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS + type: JCERACFKS + keyring: + # Case sensitive + name: ZoweKeyring + # Label (aka alias) of Zowe certificate. + label: localhost + import: + # Name of the data set holds the certificate issued by other CA. + # This data set should be in PKCS12 format and contain private key. + dsName: "" + # Password for the PKCS12 data set. + password: "" + + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # VSAM configurations if you are using VSAM as Caching Service storage + #----------------------------------------------------------------------------- + # "zowe.setup.vsam" is used by "zwe init vsam" + #----------------------------------------------------------------------------- + vsam: + # VSAM data set with Record-Level-Sharing enabled or not + # Valid values could be: NONRLS or RLS. + mode: NONRLS + # Volume name if you are using VSAM in NONRLS mode + volume: "" + # Storage class name if you are using VSAM in RLS mode + storageClass: "" + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # Zowe runtime (root) directory + # + # **NOTE**: if it is not specified and you passed "--update-config" argument + # when you run "zwe init" command, this value will be updated with the Zowe + # runtime where the "zwe" command is located. + # + # This value is required by ZWESLSTC to know where is Zowe runtime. + runtimeDirectory: "" + + # Where to store runtime logs + logDirectory: ${{ zowe.templates.instanceDirectory }}/logs + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # runtime z/OS job name + job: + # Prefix of component address space + prefix: ZWE1 + # Zowe JES job name + name: ${{ zowe.job.prefix }} + + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # You can list your external domains how you want to access Zowe. + # This should be the domain list you would like to put into your web browser + # address bar. + externalDomains: + # this should be the domain name to access Zowe APIML Gateway + - ${{ zos.resolveSymbol('&SYSNAME') }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # This is the port you use to access Zowe Gateway from your web browser. + # + # In many use cases, this should be same as `components.gateway.port`. But in + # some use cases, like containerization, this port could be different. + externalPort: ${{ components.gateway.port }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # You can un-comment and define any extra environment variables as key/value + # pairs here. + # environments: + # # Example of a global environment variable for all components + # MY_ENV_VAR: my_env_val + + # # Another example to customize SSH port for VT Terminal Desktop app + # ZWED_SSH_PORT: 22 + # ZWED_TN3270_PORT: 23 + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # Controls for zwe behavior + launchScript: + # set to "exit" if you'd like startup to exit if any component has an error in the configure stage, otherwise zwe will warn but continue. + onComponentConfigureFail: "warn" + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # Default Zowe certificate + # + # **NOTE**: these fields can be updated automatically if you pass + # `--update-config` to `zwe init` command. The generated value will base on + # your setup in `zowe.setup.certificate` section. + certificate: + keystore: + type: ${{ zowe.setup.certificate.type }} + file: safkeyring://${{ zowe.setup.security.users.zowe }}/${{ zowe.setup.certificate.keyring.name }} + password: password + # alias is the name of your key/cert. When using keyrings, get the Case Sensitive, Space Sensitive value in a TSO list ring. + alias: localhost + truststore: + # truststore usually has same values as keystore (minus alias), but can be different if desired. + type: ${{ zowe.certificate.keystore.type }} + file: ${{ zowe.certificate.keystore.file }} + password: ${{ zowe.certificate.keystore.password }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # How we want to verify SSL certificates of services. Valid values are: + # - STRICT: will validate if the certificate is trusted in our trust store and + # if the certificate Command Name and Subject Alternative Name (SAN) + # is validate. This is recommended for the best security. + # - NONSTRICT: will validate if the certificate is trusted in our trust store. + # This mode does not validate certificate Common Name and Subject + # Alternative Name (SAN). + # - DISABLED: disable certificate validation. This is NOT recommended for + # security + verifyCertificates: STRICT + +#------------------------------------------------------------------------------- +# Java configuration - Needed for components that require java +#------------------------------------------------------------------------------- +java: + # Path to your Java home directory + # For example, if java is at /programs/java-vX.Y.Z/bin/java, the home would be + # at "/programs/java-vX.Y.Z", excluding /bin/java + home: ${{ std.getenv('JAVA_HOME') }} + + +#------------------------------------------------------------------------------- +# node.js configuration - Needed for components that require node.js +#------------------------------------------------------------------------------- +node: + # Path to your node.js home directory. + # For example, if node is at /programs/nodejs-vX.Y.Z/bin/node, the home would be + # at "/programs/nodejs-vX.Y.Z", excluding /bin/node + home: ${{ std.getenv('NODE_HOME') }} + + +#------------------------------------------------------------------------------- +# z/OSMF configuration - When present, provides useful APIs and features. +#------------------------------------------------------------------------------- +zOSMF: + # host name of your z/OSMF instance + host: ${{ zos.resolveSymbol('&SYSNAME') }} + port: 443 + applId: IZUDFLT + + +#------------------------------------------------------------------------------- +# Zowe components default configurations +# +# This section includes default configurations for all Zowe components installed +# on the Zowe instance. +# +# Every component should define their own section under `components` with their +# component ID. +# +# For each component, they can always have "enabled" property and "certificate" +# property. More configurations for each component can be found in component +# manifest file. +#------------------------------------------------------------------------------- +components: + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + gateway: + enabled: ${{ zowe.templates.features.apiMediationLayer }} + port: 7554 + debug: ${{ zowe.templates.trace.components }} + + apiml: + security: + auth: + zosmf: + jwtAutoconfiguration: auto + serviceId: zosmf + authorization: + endpoint: + enabled: false + provider: "" + x509: + enabled: false + server: + internal: + # gateway supports internal connector + enabled: false + port: 7550 + ssl: + enabled: false + # internal connector can use different certificate + # certificate: + # keystore: + # alias: "" + + # If we customize this to use different external certificate, than should also + # define "server.internal.ssl.certificate" and enable "server.internal.ssl.enabled". + # certificate: + # keystore: + # alias: "" + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + metrics-service: + enabled: false + port: 7551 + debug: ${{ zowe.templates.trace.components }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + cloud-gateway: + enabled: false + port: 7563 + debug: ${{ zowe.templates.trace.components }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + api-catalog: + enabled: ${{ zowe.templates.features.apiMediationLayer }} + port: 7552 + debug: ${{ zowe.templates.trace.components }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + discovery: + enabled: ${{ zowe.templates.features.apiMediationLayer }} + port: 7553 + debug: ${{ zowe.templates.trace.components }} + # Define this value to match your number of Discovery StatefulSet if you are running containerized Zowe + # replicas: 1 + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + caching-service: + enabled: ${{ zowe.templates.features.apiMediationLayer }} + port: 7555 + debug: ${{ zowe.templates.trace.components }} + + storage: + evictionStrategy: reject + # can be inMemory, VSAM, redis or infinispan + mode: VSAM + size: 10000 + vsam: + # your VSAM data set created by "zwe init vsam" command or ZWECSVSM JCL + # this is required if storage mode is VSAM + name: "" + infinispan: + # this is required if storage mode is infinispan + jgroups: + port: 7600 + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + app-server: + enabled: ${{ zowe.templates.features.appFramework }} + port: 7556 + debug: ${{ zowe.templates.trace.components }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + zss: + enabled: ${{ zowe.templates.features.appFramework }} + port: 7557 + crossMemoryServerName: ZWESIS_STD + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + explorer-jes: + enabled: ${{ zowe.templates.features.appFramework }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + explorer-mvs: + enabled: ${{ zowe.templates.features.appFramework }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + explorer-uss: + enabled: ${{ zowe.templates.features.appFramework }} + +#------------------------------------------------------------------------------- +# Zowe high availability instances customizations +# +# This section includes customizations for each Zowe high availability instance. +# +# You can start each HA instance with `zwe start --ha-instance `. +#------------------------------------------------------------------------------- +# haInstances: +# +# # HA instance ID +# lpar1: +# # hostname where this instance will be started +# hostname: lpar1.my-company.com +# # Your &SYSNAME for this LPAR +# # This sysname will be used to route your JES command to target system. +# sysname: LPR1 +# # for this HA instance, we did not customize "components", so it will use default value. + +# # HA instance ID, we will start 2 instances on LPAR2 +# # **NOTE**, we can only start one gateway in same LPAR. +# lpar2a: +# # hostname where this instance will be started +# hostname: lpar2.my-company.com +# # Your &SYSNAME for this LPAR +# # This sysname will be used to route your JES command to target system. +# sysname: LPR2 + +# # These configurations will overwrite highest level default "components" configuration +# components: +# discovery: +# # use customized port on this instance +# port: 17553 +# api-catalog: +# port: 17552 +# app-server: +# # no app-server in this instance +# enabled: false +# zss: +# # no app-server in this instance +# enabled: false +# jobs-api: +# port: 18545 +# enabled: true +# files-api: +# port: 18547 +# enabled: true +# caching-service: +# port: 17555 +# +# lpar2b: +# hostname: lpar2.my-company.com +# # your &SYSNAME for this LPAR +# sysname: LPR2 + +# # These configurations will overwrite highest level default "components" configuration +# components: +# gateway: +# enabled: false +# discovery: +# enabled: false +# api-catalog: +# enabled: false +# app-server: +# enabled: false +# port: 28544 +# zss: +# port: 28542 +# jobs-api: +# enabled: true +# files-api: +# enabled: false +# caching-service: +# enabled: false diff --git a/example-zowe-imported-pkcs12.yaml b/example-zowe-imported-pkcs12.yaml new file mode 100644 index 0000000000..c2085c6af6 --- /dev/null +++ b/example-zowe-imported-pkcs12.yaml @@ -0,0 +1,492 @@ +################################################################################ +# This program and the accompanying materials are made available under the terms of the +# Eclipse Public License v2.0 which accompanies this distribution, and is available at +# https://www.eclipse.org/legal/epl-v20.html +# +# SPDX-License-Identifier: EPL-2.0 +# +# Copyright Contributors to the Zowe Project. +################################################################################ + +#=============================================================================== +# +# Zowe templated configuration example, keystore scenario 2 +# Keystore: File-based (PKCS12), with imported certificates +# +#=============================================================================== + +#=============================================================================== +# This is a YAML configuration file for Zowe instance. +# +# YAML is a human-friendly data serialization language for all programming languages. +# To learn more about YAML specifications, please check https://yaml.org/. +# To learn more details about the entries, please check https://docs.zowe.org/. +#=============================================================================== + +#=============================================================================== +# This is a templated configuration file for Zowe. +# Templates are simple javascript within ${{ }} code blocks that simplify +# Variable configuration, such as having one item based upon another or your system. +# You do not need to edit any section with ${{ }}, but it is possible. +# +# This file requires configmgr to use, so zowe.useConfigmgr=true must be set (default) +# +# This file must be used in combination with defaults.yaml, which is not to be edited. +# To use this file, you should copy it out to a location you wish to keep, +# And then reference it and defaults.yaml in your configuration as +# FILE(/path/to/your/zowe.yaml):FILE(/zowe/runtime/defaults.yaml) +# +# To learn more about templates, combining files, and configmgr, +# See https://docs.zowe.org/stable/user-guide/configmgr-using/ +# +# +# If you modify any settings listed in "zwe init --help" command, you may need to +# re-run "zwe init" command to make them take effect. +#=============================================================================== + +#=============================================================================== +# RECOMMENDATIONS +# +# This file is for running zowe with a file-based (PKCS12) keystore generated by Zowe. +# In this scenario, we recommend editing the following: +# +# Set zowe.templates to define the name and location of the new Zowe instance +# +# Customize the zowe.setup sections to your liking. +# +# Customize the zowe.externalDomains and zOSMF.host values if needed. +# If the &SYSNAME value is fine but you need a fully qualified name, +# you can append to the value, such as +# ${{ zos.resolveSymbol('&SYSNAME') }}.mycompany.com +# +# zOSMF is recommended but optional. If you don't use zOSMF, omit the section +# +# Customize each "port" entry you see to your liking. +# Each is a TCP port that must be accessible to the STC account, aside from zOSMF +# +# Define corect environment variable values +# for NODE_HOME and JAVA_HOME for the STC account, or +# customize the value of java.home and node.home. +#=============================================================================== + +#------------------------------------------------------------------------------- +# Zowe global configurations +# +# This section is used by most `zwe` commands such as install and start. +# It controls attributes of Zowe that are used by more than one component. +#------------------------------------------------------------------------------- +zowe: + # You can put anything here for controlling other properties via templating. + # See the documentation on templating: + # https://docs.zowe.org/stable/user-guide/configmgr-using/ + # + # Note: you should not remove the default templates here as they're used elsewhere + # and may be referenced in documentation or support. + templates: + instanceDirectory: /global/zowe + instanceNickname: "1" + features: + apiMediationLayer: true + appFramework: true + trace: + components: false + zwe: false + + #------------------------------------------------------------------------------- + # The "zowe.setup" section is used by the "zwe install" and "zwe init" commands. + #------------------------------------------------------------------------------- + setup: + #----------------------------------------------------------------------------- + # MVS data set related configurations + # "zowe.setup.dataset" is used by "zwe install", "zwe init mvs", "zwe init stc" + #----------------------------------------------------------------------------- + dataset: + prefix: IBM + # PROCLIB where Zowe STCs will be copied over + proclib: USER.PROCLIB + + #----------------------------------------------------------------------------- + # "zowe.setup.security" is used by "zwe init security" + #----------------------------------------------------------------------------- + security: + # security product name. Can be RACF, ACF2 or TSS + product: RACF + # security group name + groups: + # Zowe admin user group + admin: ZWEADMIN + stc: ${{ zowe.setup.security.groups.admin }} + sysProg: ${{ zowe.setup.security.groups.admin }} + users: + # Zowe runtime user name of main service + zowe: ZWESVUSR + # Zowe runtime user name of ZIS + zis: ZWESIUSR + # Names of STCs + stcs: + # Main service + zowe: ZWESLSTC + # APF service + zis: ZWESISTC + # Aux for APF service. Starts up as needed, do not start manually. + aux: ZWESASTC + + # >>>> Certificate setup scenario 2 + # PKCS12 (keystore) with importing certificate generated by other CA. + #----------------------------------------------------------------------------- + # "zowe.setup.certificate" is used by "zwe init certificate" + #----------------------------------------------------------------------------- + certificate: + type: PKCS12 + pkcs12: + # Keystore directory + directory: /var/zowe/keystore + # Lock the keystore directory to only accessible by Zowe runtime user and group. + lock: true + # Certificate label (aka alias) name. + # Note: please use lower case here. + name: localhost + # Keystore password. + password: password + import: + # Existing PKCS12 keystore which holds the certificate issued by external CA. + keystore: "" + # Password of the above keystore + password: "" + # Certificate alias (aka label) will be imported + # Note: please use all lower cases here. + alias: "" + # PEM format certificate authorities will also be imported and trusted. + importCertificateAuthorities: + # Path to the certificate authority signed the certificate will be imported. + - "" + + + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # VSAM configurations if you are using VSAM as Caching Service storage + #----------------------------------------------------------------------------- + # "zowe.setup.vsam" is used by "zwe init vsam" + #----------------------------------------------------------------------------- + vsam: + # VSAM data set with Record-Level-Sharing enabled or not + # Valid values could be: NONRLS or RLS. + mode: NONRLS + # Volume name if you are using VSAM in NONRLS mode + volume: "" + # Storage class name if you are using VSAM in RLS mode + storageClass: "" + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # Zowe runtime (root) directory + # + # **NOTE**: if it is not specified and you passed "--update-config" argument + # when you run "zwe init" command, this value will be updated with the Zowe + # runtime where the "zwe" command is located. + # + # This value is required by ZWESLSTC to know where is Zowe runtime. + runtimeDirectory: "" + + # Where to store runtime logs + logDirectory: ${{ zowe.templates.instanceDirectory }}/logs + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # runtime z/OS job name + job: + # Prefix of component address space + prefix: ZWE1 + # Zowe JES job name + name: ${{ zowe.job.prefix }} + + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # You can list your external domains how you want to access Zowe. + # This should be the domain list you would like to put into your web browser + # address bar. + externalDomains: + # this should be the domain name to access Zowe APIML Gateway + - ${{ zos.resolveSymbol('&SYSNAME') }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # This is the port you use to access Zowe Gateway from your web browser. + # + # In many use cases, this should be same as `components.gateway.port`. But in + # some use cases, like containerization, this port could be different. + externalPort: ${{ components.gateway.port }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # You can un-comment and define any extra environment variables as key/value + # pairs here. + # environments: + # # Example of a global environment variable for all components + # MY_ENV_VAR: my_env_val + + # # Another example to customize SSH port for VT Terminal Desktop app + # ZWED_SSH_PORT: 22 + # ZWED_TN3270_PORT: 23 + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # Controls for zwe behavior + launchScript: + # set to "exit" if you'd like startup to exit if any component has an error in the configure stage, otherwise zwe will warn but continue. + onComponentConfigureFail: "warn" + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # Default Zowe certificate + # + # **NOTE**: these fields can be updated automatically if you pass + # `--update-config` to `zwe init` command. The generated value will base on + # your setup in `zowe.setup.certificate` section. + certificate: + keystore: + type: PKCS12 + file: ${{ zowe.setup.certificate.pkcs12.directory }}/localhost/localhost.keystore.p12 + password: ${{ zowe.setup.certificate.pkcs12.password }} + # alias is the name of your key/cert. When using keyrings, get the Case Sensitive, Space Sensitive value in a TSO list ring. + alias: localhost + truststore: + # truststore usually has same values as keystore (minus alias), but can be different if desired. + type: ${{ zowe.certificate.keystore.type }} + file: ${{ zowe.setup.certificate.pkcs12.directory }}/localhost/localhost.truststore.p12 + password: ${{ zowe.certificate.keystore.password }} + pem: + key: ${{ zowe.setup.certificate.pkcs12.directory }}/localhost/localhost.key + certificate: ${{ zowe.setup.certificate.pkcs12.directory }}/localhost/localhost.cer + certificateAuthorities: ${{ zowe.setup.certificate.pkcs12.directory }}/local_ca/local_ca.cer + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # How we want to verify SSL certificates of services. Valid values are: + # - STRICT: will validate if the certificate is trusted in our trust store and + # if the certificate Command Name and Subject Alternative Name (SAN) + # is validate. This is recommended for the best security. + # - NONSTRICT: will validate if the certificate is trusted in our trust store. + # This mode does not validate certificate Common Name and Subject + # Alternative Name (SAN). + # - DISABLED: disable certificate validation. This is NOT recommended for + # security + verifyCertificates: STRICT + +#------------------------------------------------------------------------------- +# Java configuration - Needed for components that require java +#------------------------------------------------------------------------------- +java: + # Path to your Java home directory + # For example, if java is at /programs/java-vX.Y.Z/bin/java, the home would be + # at "/programs/java-vX.Y.Z", excluding /bin/java + home: ${{ std.getenv('JAVA_HOME') }} + + +#------------------------------------------------------------------------------- +# node.js configuration - Needed for components that require node.js +#------------------------------------------------------------------------------- +node: + # Path to your node.js home directory. + # For example, if node is at /programs/nodejs-vX.Y.Z/bin/node, the home would be + # at "/programs/nodejs-vX.Y.Z", excluding /bin/node + home: ${{ std.getenv('NODE_HOME') }} + + +#------------------------------------------------------------------------------- +# z/OSMF configuration - When present, provides useful APIs and features. +#------------------------------------------------------------------------------- +zOSMF: + # host name of your z/OSMF instance + host: ${{ zos.resolveSymbol('&SYSNAME') }} + port: 443 + applId: IZUDFLT + + +#------------------------------------------------------------------------------- +# Zowe components default configurations +# +# This section includes default configurations for all Zowe components installed +# on the Zowe instance. +# +# Every component should define their own section under `components` with their +# component ID. +# +# For each component, they can always have "enabled" property and "certificate" +# property. More configurations for each component can be found in component +# manifest file. +#------------------------------------------------------------------------------- +components: + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + gateway: + enabled: ${{ zowe.templates.features.apiMediationLayer }} + port: 7554 + debug: ${{ zowe.templates.trace.components }} + + apiml: + security: + auth: + zosmf: + jwtAutoconfiguration: auto + serviceId: zosmf + authorization: + endpoint: + enabled: false + provider: "" + x509: + enabled: false + server: + internal: + # gateway supports internal connector + enabled: false + port: 7550 + ssl: + enabled: false + # internal connector can use different certificate + # certificate: + # keystore: + # alias: "" + + # If we customize this to use different external certificate, than should also + # define "server.internal.ssl.certificate" and enable "server.internal.ssl.enabled". + # certificate: + # keystore: + # alias: "" + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + metrics-service: + enabled: false + port: 7551 + debug: ${{ zowe.templates.trace.components }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + cloud-gateway: + enabled: false + port: 7563 + debug: ${{ zowe.templates.trace.components }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + api-catalog: + enabled: ${{ zowe.templates.features.apiMediationLayer }} + port: 7552 + debug: ${{ zowe.templates.trace.components }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + discovery: + enabled: ${{ zowe.templates.features.apiMediationLayer }} + port: 7553 + debug: ${{ zowe.templates.trace.components }} + # Define this value to match your number of Discovery StatefulSet if you are running containerized Zowe + # replicas: 1 + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + caching-service: + enabled: ${{ zowe.templates.features.apiMediationLayer }} + port: 7555 + debug: ${{ zowe.templates.trace.components }} + + storage: + evictionStrategy: reject + # can be inMemory, VSAM, redis or infinispan + mode: VSAM + size: 10000 + vsam: + # your VSAM data set created by "zwe init vsam" command or ZWECSVSM JCL + # this is required if storage mode is VSAM + name: "" + infinispan: + # this is required if storage mode is infinispan + jgroups: + port: 7600 + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + app-server: + enabled: ${{ zowe.templates.features.appFramework }} + port: 7556 + debug: ${{ zowe.templates.trace.components }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + zss: + enabled: ${{ zowe.templates.features.appFramework }} + port: 7557 + crossMemoryServerName: ZWESIS_STD + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + explorer-jes: + enabled: ${{ zowe.templates.features.appFramework }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + explorer-mvs: + enabled: ${{ zowe.templates.features.appFramework }} + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + explorer-uss: + enabled: ${{ zowe.templates.features.appFramework }} + +#------------------------------------------------------------------------------- +# Zowe high availability instances customizations +# +# This section includes customizations for each Zowe high availability instance. +# +# You can start each HA instance with `zwe start --ha-instance `. +#------------------------------------------------------------------------------- +# haInstances: +# +# # HA instance ID +# lpar1: +# # hostname where this instance will be started +# hostname: lpar1.my-company.com +# # Your &SYSNAME for this LPAR +# # This sysname will be used to route your JES command to target system. +# sysname: LPR1 +# # for this HA instance, we did not customize "components", so it will use default value. + +# # HA instance ID, we will start 2 instances on LPAR2 +# # **NOTE**, we can only start one gateway in same LPAR. +# lpar2a: +# # hostname where this instance will be started +# hostname: lpar2.my-company.com +# # Your &SYSNAME for this LPAR +# # This sysname will be used to route your JES command to target system. +# sysname: LPR2 + +# # These configurations will overwrite highest level default "components" configuration +# components: +# discovery: +# # use customized port on this instance +# port: 17553 +# api-catalog: +# port: 17552 +# app-server: +# # no app-server in this instance +# enabled: false +# zss: +# # no app-server in this instance +# enabled: false +# jobs-api: +# port: 18545 +# enabled: true +# files-api: +# port: 18547 +# enabled: true +# caching-service: +# port: 17555 +# +# lpar2b: +# hostname: lpar2.my-company.com +# # your &SYSNAME for this LPAR +# sysname: LPR2 + +# # These configurations will overwrite highest level default "components" configuration +# components: +# gateway: +# enabled: false +# discovery: +# enabled: false +# api-catalog: +# enabled: false +# app-server: +# enabled: false +# port: 28544 +# zss: +# port: 28542 +# jobs-api: +# enabled: true +# files-api: +# enabled: false +# caching-service: +# enabled: false