From 4d1fd365f3e4b5e3634d86d2b816b16909c5f9df Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 28 Nov 2023 07:50:57 -0500 Subject: [PATCH 001/258] WIP on use of a generator script for JCL Signed-off-by: 1000TurquoisePogs --- example-zowe.yaml | 128 +++-- files/SZWEEXEC/ZWECHG | 7 + files/SZWEEXEC/ZWEGEN00 | 829 +++++++++++++++++++++++++++++++ files/SZWESAMP/ZWECSVSM | 27 +- files/SZWESAMP/ZWEGENER | 91 ++++ files/SZWESAMP/ZWEKRING | 121 ++--- workflows/templates/ZWESECUR.vtl | 316 +++++------- 7 files changed, 1179 insertions(+), 340 deletions(-) create mode 100644 files/SZWEEXEC/ZWECHG create mode 100644 files/SZWEEXEC/ZWEGEN00 create mode 100644 files/SZWESAMP/ZWEGENER diff --git a/example-zowe.yaml b/example-zowe.yaml index e82479c0dd..985028b19d 100644 --- a/example-zowe.yaml +++ b/example-zowe.yaml @@ -62,32 +62,32 @@ zowe: authPluginLib: IBMUSER.ZWEV2.CUST.ZWESAPL # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> - # # Security related configurations. This setup is optional. - # security: - # # security product name. Can be RACF, ACF2 or TSS - # product: RACF - # # security group name - # groups: - # # Zowe admin user group - # admin: ZWEADMIN - # # Zowe STC group - # stc: ZWEADMIN - # # Zowe SysProg group - # sysProg: ZWEADMIN - # # security user name - # users: - # # Zowe runtime user name of main service - # zowe: ZWESVUSR - # # Zowe runtime user name of ZIS - # zis: ZWESIUSR - # # STC names - # stcs: - # # STC name of Zowe main service - # zowe: ZWESLSTC - # # STC name of Zowe ZIS - # zis: ZWESISTC - # # STC name of Zowe ZIS Auxiliary Server - # aux: ZWESASTC + # Security related configurations. This setup is optional. + security: + # security product name. Can be RACF, ACF2 or TSS + product: RACF + # security group name + groups: + # Zowe admin user group + admin: ZWEADMIN + # Zowe STC group + stc: ZWEADMIN + # Zowe SysProg group + sysProg: ZWEADMIN + # security user name + users: + # Zowe runtime user name of main service + zowe: ZWESVUSR + # Zowe runtime user name of ZIS + zis: ZWESIUSR + # STC names + stcs: + # STC name of Zowe main service + zowe: ZWESLSTC + # STC name of Zowe ZIS + zis: ZWESISTC + # STC name of Zowe ZIS Auxiliary Server + aux: ZWESASTC # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # Certificate related configurations @@ -97,52 +97,50 @@ zowe: # >>>> Certificate setup scenario 1 # PKCS12 (keystore) with Zowe generate certificates. certificate: - # Type of certificate storage. Valid values are: PKCS12, JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS type: PKCS12 pkcs12: # **COMMONLY_CUSTOMIZED** # Keystore directory directory: /var/zowe/keystore - # # Lock the keystore directory to only accessible by Zowe runtime user and group. - # lock: true + # Lock the keystore directory to only accessible by Zowe runtime user and group. + lock: true # **COMMONLY_CUSTOMIZED** - # # Certificate alias name. Optional, default value is localhost. - # # Note: please use all lower cases as alias. - # name: localhost + # Certificate alias name. Optional, default value is localhost. + # Note: please use all lower cases as alias. + name: localhost # **COMMONLY_CUSTOMIZED** - # # Keystore password. Optional, default value is password. - # password: password + # Keystore password. Optional, default value is password. + password: password # **COMMONLY_CUSTOMIZED** - # # Alias name of self-signed certificate authority. Optional, default value is local_ca. - # # Note: please use all lower cases as alias. - # caAlias: local_ca + # Alias name of self-signed certificate authority. Optional, default value is local_ca. + # Note: please use all lower cases as alias. + caAlias: local_ca # **COMMONLY_CUSTOMIZED** - # # Password of keystore stored self-signed certificate authority. Optional, default value is local_ca_password. - # caPassword: local_ca_password - # # Distinguished name for Zowe generated certificates. All optional. - # dname: - # caCommonName: "" - # commonName: "" - # orgUnit: "" - # org: "" - # locality: "" - # state: "" - # country: "" - # # Validity days for Zowe generated certificates - # validity: 3650 - # # Domain names and IPs should be added into certificate SAN - # # If this field is not defined, `zwe init` command will use - # # `zowe.externalDomains`. + # Password of keystore stored self-signed certificate authority. Optional, default value is local_ca_password. + caPassword: local_ca_password + # Distinguished name for Zowe generated certificates. All optional. + dname: + caCommonName: "" + commonName: "Zowe Development Instances" + orgUnit: "API Mediation Layer" + org: "Zowe Sample" + locality: "Prague" + state: "Prague" + country: "" + # Validity days for Zowe generated certificates + validity: 3650 + # Domain names and IPs should be added into certificate SAN + # If this field is not defined, `zwe init` command will use + # `zowe.externalDomains`. # san: - # # sample domain name - # - dvipa.my-company.com - # # sample IP address + # # sample domain name + # - dvipa.my-company.com + # # sample IP address # - 12.34.56.78 # # >>>> Certificate setup scenario 2 # # PKCS12 (keystore) with importing certificate generated by other CA. # certificate: - # # Type of certificate storage. Valid values are: PKCS12, JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS # type: PKCS12 # pkcs12: # # **COMMONLY_CUSTOMIZED** @@ -175,7 +173,7 @@ zowe: # # >>>> Certificate setup scenario 3 # # z/OS Keyring with Zowe generated certificates. # certificate: - # # Type of certificate storage. Valid values are: PKCS12, JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS + # # Type of certificate storage. Valid values are: JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS # type: JCERACFKS # createZosmfTrust: true # keyring: @@ -191,11 +189,11 @@ zowe: # # # Distinguished name for Zowe generated certificates. All optional. # # dname: # # caCommonName: "" - # # commonName: "" - # # orgUnit: "" - # # org: "" - # # locality: "" - # # state: "" + # # commonName: "Zowe Development Instances" + # # orgUnit: "API Mediation Layer" + # # org: "Zowe Sample" + # # locality: "Prague" + # # state: "Prague" # # country: "" # # # Validity days for Zowe generated certificates # # validity: 3650 @@ -211,7 +209,7 @@ zowe: # # >>>> Certificate setup scenario 4 # # z/OS Keyring and connect to existing certificate # certificate: - # # Type of certificate storage. Valid values are: PKCS12, JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS + # # Type of certificate storage. Valid values are: JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS # type: JCERACFKS # keyring: # # **COMMONLY_CUSTOMIZED** @@ -235,7 +233,7 @@ zowe: # # >>>> Certificate setup scenario 5 # # z/OS Keyring with importing certificate stored in data set # certificate: - # # Type of certificate storage. Valid values are: PKCS12, JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS + # # Type of certificate storage. Valid values are: JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS # type: JCERACFKS # keyring: # # **COMMONLY_CUSTOMIZED** diff --git a/files/SZWEEXEC/ZWECHG b/files/SZWEEXEC/ZWECHG new file mode 100644 index 0000000000..3058ffe14a --- /dev/null +++ b/files/SZWEEXEC/ZWECHG @@ -0,0 +1,7 @@ +/* REXX */ +parse pull args +changeFrom = word(args, 1) +changeTo = word(args, 2) +address isredit 'macro' +address isredit 'change all 'changeFrom changeTo +address isredit 'end' diff --git a/files/SZWEEXEC/ZWEGEN00 b/files/SZWEEXEC/ZWEGEN00 new file mode 100644 index 0000000000..6c62c96e8d --- /dev/null +++ b/files/SZWEEXEC/ZWEGEN00 @@ -0,0 +1,829 @@ +/* REXX */ + +/********************************************************************/ +/* This program and the accompanying materials are made available */ +/* under the terms of the Eclipse Public License v2.0 which */ +/* accompanies this distribution, and is available at */ +/* https://www.eclipse.org/legal/epl-v20.html */ +/* */ +/* SPDX-License-Identifier: EPL-2.0 */ +/* */ +/* Copyright Contributors to the Zowe Project. 2023, 2023 */ +/********************************************************************/ + +/* +================================================================================ + Functionality + 1. Edit the jcl to reflect the current configuration. + 2. Create a cache of the configuration for use outside Zowe context. + + Notes + 1. If a variable starts with an exclamation point, it is exposed in the + global scope. +================================================================================ +*/ + +parse arg operation verbosity + +!verbose = COMPARE(verbosity, 'noverbose') + +/* +================================================================================ + ConfigMgr requires a concatenated list of json and yaml files as input. + Read the in-stream data sets to determine which files to include. +================================================================================ +*/ + +schemaChain = GetSchemaChain() +configChain = GetConfigChain() + +/* +================================================================================ + Use ConfigMgr to validate the current configuration. +================================================================================ +*/ + +if Validate(schemaChain, configChain) > 0 then do + ExitWithRC(8) +end + +/* +================================================================================ + If we should generate jcl, then use ConfigMgr to get the configuration + values. +================================================================================ +*/ + +if COMPARE(operation, 'nogenerate') = 0 then do + exit 0 +end +else do + if GetConfiguration() > 0 then do + ExitWithRC(8) + end +end + +/* +================================================================================ + Prepare header information ahead of time so that it gets substituted in + each member. +================================================================================ +*/ + +CFG.zwe.header.user = USERID() +CFG.zwe.header.date = TRANSLATE(DATE(), '-', ' ') +CFG.zwe.header.time = TIME() + +/* +================================================================================ + Determine the external security manager on the system so that the correct + jcl templates can be used. +================================================================================ +*/ + +CVT_ADDR = C2X(STORAGE(D2X(16), 4)) +CVTRAC_ADDR = C2X(STORAGE(D2X(X2D(CVT_ADDR) + 992), 4)) +CVTRAC_VAL = STORAGE(CVTRAC_ADDR, 4) + +esm.0 = 3 + +esm.1.search = 'RCVT' +esm.1.prefix = 'ZWEKRR' + +esm.2.search = 'RTSS' +esm.2.prefix = 'ZWEKRT' + +esm.3.search = 'ACF2' +esm.3.prefix = 'ZWEKRA' + +ringType = 0 + +/* attempt to handle getting only 1 keyring jcl +if WORDINDEX(CFG.zowe.setup.certificate.type, 'JCE') > 0 then do + if LENGTH(CFG.zowe.setup.certificate.keyring.connect) > 0 then do + say 'connect exists, it is 'CFG.zowe.setup.certificate.keyring.connect'.' + ringType = 2 + else if LENGTH(CFG.zowe.setup.certificate.keyring.import) > 0 then do + say 'import exists, it is 'CFG.zowe.setup.certificate.keyring.import'.' + ringType = 3 + else do + say 'ring to be created' + ringType = 1 + end +else do + say 'pkcs12 to be used' +end + +if ringType > 0 then do + do i = 1 to esm.0 + if COMPARE(esm.i.search, CVTRAC_VAL) = 0 then do + ringMember = 'ZWEKR'esm.i.prefix''ringType + end + end +end +*/ + +/* +================================================================================ + Create a data set with attributes like the original jcl library and copy + all the members of esm jcl. +================================================================================ +*/ + +jcl = CFG.zowe.setup.dataset.prefix'.SZWESAMP' +jclCopy = CFG.zowe.setup.dataset.jcllib + +say 'Creating a fresh copy of 'jcl' named 'jclCopy'.' + +x = DeleteDataSet(jclCopy) + +if CreatePartitionedDataSet(jclCopy, 80, 'f,b') > 0 then do + ExitWithRC(8) +end + +if AllocateDataSet(jclCopy, 'zweto') > 0 then do + ExitWithRC(8) +end + +if AllocateDataSet(jcl, 'zwefrom') > 0 then do + ExitWithRC(8) +end + +if GetDataIDFromDD('zwefrom') > 0 then do + ExitWithRC(8) +end + +zwefrid = !dataid + +if GetDataIDFromDD('zweto') > 0 then do + ExitWithRC(8) +end + +zwetoid = !dataid + +if CopyDataSetByDataID(zwefrid, zwetoid) > 0 then do + ExitWithRC(8) +end + +if FreeDataID(zwefrid) > 0 then do + ExitWithRC(8) +end + +if FreeDataID(zwetoid) > 0 then do + ExitWithRC(8) +end + +if FreeByDD('zwefrom') > 0 then do + ExitWithRC(8) +end + +if FreeByDD('zweto') > 0 then do + ExitWithRC(8) +end + + +/* members which are not JCL */ +x = DeleteDataSet(jclCopy'(ZWEGENER)') +x = DeleteDataSet(jclCopy'(ZWESLSTC)') +x = DeleteDataSet(jclCopy'(ZWESISTC)') +x = DeleteDataSet(jclCopy'(ZWESIP00)') +x = DeleteDataSet(jclCopy'(ZWESISCH)') +x = DeleteDataSet(jclCopy'(ZWESASTC)') + +say jcl' has been copied to 'jclCopy'.' + +/* +================================================================================ + Get a list of all members in the data set. +================================================================================ +*/ + +say 'Recording a list of members in 'jclCopy'.' + +call outtrap 'output.','*' +address tso 'listd '"'"jclCopy"'"' members' +call outtrap 'off' + +members. = 0 + +do i = output.0 to 1 by -1 + output.i = strip(output.i) + if COMPARE(output.i, '--MEMBERS--') = 0 then do + leave + end + call Print 'member - 'output.i + j = members.0 + 1 + members.j.name = output.i + members.j.substitutions.0 = 0 + members.0 = j +end + +say 'The 'output.0' members in 'jclCopy' have been recorded.' + +/* +================================================================================ + Read each member record by record and store the substitutions required + for use later when the edit macro is invoked. +================================================================================ +*/ + +say 'Finding the substitutions in each member.' + +do i = 1 to members.0 + if AllocateDataSet(jclCopy'('members.i.name')', 'zwejcl') > 0 then do + ExitWithRC(8) + end + if ReadFromDataSet('zwejcl') > 0 then do + ExitWithRC(8) + end + if FreeByDD('zwejcl') > 0 then do + ExitWithRC(8) + end + do j = 1 to !contentToRead.0 + firstChar = POS('{', !contentToRead.j) + 1 + do while firstChar > 1 + lastChar = POS('}', !contentToRead.j, firstChar) - 1 + len = lastChar - firstChar + 1 + if len > 0 then do + sub = SUBSTR(!contentToRead.j, firstChar, len) + call Print 'Substitution found for' sub'.' + isFound = 0 + do n = 1 to members.i.substitutions.0 + if COMPARE(members.i.substitutions.n, sub) = 0 then do + call Print 'Substitution 'sub' already noted. Skipping.' + isFound = 1 + leave + end + end + if isFound <> 1 then do + k = members.i.substitutions.0 + 1 + members.i.substitutions.k = sub + members.i.substitutions.0 = k + end + end + if lastChar < 0 then do + leave + end + firstChar = POS('{', !contentToRead.j, lastChar) + 1 + end + end +end + +say 'All of the substitutions were found.' + +/* +================================================================================ + Invoke the edit macro on the substitutions for each member. +================================================================================ +*/ + +say 'Invoking the edit macro on each member.' + +do i = 1 to members.0 + if members.i.substitutions.0 > 0 then do + do j = 1 to members.i.substitutions.0 + d = jclCopy'('members.i.name')' + call Print 'Edit 'd'.' + old = '{'members.i.substitutions.j'}' + new = value('CFG.'members.i.substitutions.j) + queue old new + call Print 'Change' old 'to' new'.' + cmd = 'edit dataset('"'"d"'"') macro(zwechg)' + call Print cmd + address ispexec cmd + if RC <= 4 then do + call Print 'Edit successful.' + end + else do + say 'Stopping at 'd'.' + ExitWithRC(8) + end + end + end +end + +say 'The edit macro was invoked on each member.' + +/* +================================================================================ + Add the job card to each member if filled out. +================================================================================ +*/ + +card.0 = 0 + +do i = 0 to 99 + if COMPARE(SYMBOL('CFG.setup.jobCard.'i), 'VAR') = 0 then do + j = card.0 + 1 + card.j = VALUE('CFG.setup.jobCard.'i) + card.0 = j + end + else do + leave + end +end + +if card.0 > 0 then do + say 'The job card has 'card.0' lines.' + say 'Adding the job card to each member.' + do i = 1 to members.0 + if AllocateDataSet(jclCopy'('members.i.name')', 'zwejcl') > 0 then do + ExitWithRC(8) + end + if ReadFromDataSet('zwejcl') > 0 then do + ExitWithRC(8) + end + !contentToWrite.0 = !contentToRead.0 + card.0 - 1 + do j = 1 to card.0 + !contentToWrite.j = card.j + end + j = card.0 + 1 + do k = 2 to !contentToRead.0 + !contentToWrite.j = !contentToRead.k + j = j + 1 + end + if WriteToDataSet('zwejcl') > 0 then do + ExitWithRC(8) + end + if FreeByDD('zwejcl') > 0 then do + ExitWithRC(8) + end + end + say 'The job card was added to each member.' +end + +/* +================================================================================ + Validate(schema, yaml) +================================================================================ +*/ +Validate: + procedure expose !verbose + + if arg() <> 2 then do + return 1 + end + + say 'ConfigMgr is about to add a configuration.' + status = ZWECFG31('addConfig', 'MYCFG') + if status > 0 then do + say 'ConfigMgr could not add a configuration.' + say 'status = 'status + return 1 + end + say 'ConfigMgr added a configuration.' + + say 'ConfigMgr is about to set trace level to '!verbose'.' + status = ZWECFG31('setTraceLevel', !verbose) + if status > 0 then do + say 'ConfigMgr could not set trace level.' + say 'status = 'status + return 1 + end + say 'ConfigMgr set trace level to '!verbose'.' + + say 'ConfigMgr is about to load your schemas.' + status = ZWECFG31('loadSchemas', 'MYCFG', ARG(1)) + if status > 0 then do + say 'ConfigMgr could not add load your schemas.' + say 'status = 'status + say 'SchemaChain - 'ARG(1) + return 1 + end + say 'ConfigMgr loaded your schemas.' + + say 'ConfigMgr is about to set the member name for parameter library.' + status = ZWECFG31('setParmlibMemberName', 'MYCFG', 'ZWEYAML') + if status > 0 then do + say 'ConfigMgr could not set member name for parameter library.' + say 'status = 'status + return 1 + end + say 'ConfigMgr set the parameter library member name.' + + say 'ConfigMgr is about to process your configuration.' + status = ZWECFG31('setConfigPath', 'MYCFG', ARG(2)) + if status > 0 then do + say 'ConfigMgr could not process your configuration.' + say 'status = 'status + say 'ConfigChain - 'ARG(2) + return 1 + end + say 'ConfigMgr has processed your configuration.' + + say 'ConfigMgr is about to load your configuration.' + status = ZWECFG31('loadConfiguration', 'MYCFG') + if status > 0 then do + say 'ConfigMgr could not load your configuration.' + say 'status = 'status + return 1 + end + say 'ConfigMgr has loaded your configuration.' + + say 'ConfigMgr is about to validate your configuration.' + status = ZWECFG31('validate', 'MYCFG', 'STDOUT') + if status > 0 then do + say 'ConfigMgr could not validate your configuration.' + say 'status = 'status + return 1 + end + say 'ConfigMgr has validated your configuration.' + + return 0 + +/* +================================================================================ + GetConfiguration() +================================================================================ +*/ +GetConfiguration: + procedure expose CFG. + + say 'ConfigMgr is about to get configuration data.' + status = ZWECFG31('getConfigData', 'MYCFG', 'CFG', '.') + if status > 0 then do + say 'ConfigMgr could not get configuration data.' + say 'status = 'status + return 1 + end + say 'ConfigMgr got configuration data.' + + return 0 + +/* +================================================================================ + CopyDataSetByDataID('fromid', 'toid') +================================================================================ +*/ +CopyDataSetByDataID: + procedure expose !verbose + + if ARG() <> 2 then do + return 1 + end + + cmd = 'lmcopy' + cmd = cmd 'fromid('arg(1)')' + cmd = cmd 'frommem(*)' + cmd = cmd 'todataid('arg(2)')' + cmd = cmd 'replace trunc' + call Print cmd + address ispexec cmd + + return rc + +/* +================================================================================ + FreeDataID('dataid') +================================================================================ +*/ +FreeDataID: + procedure expose !verbose + + if ARG() <> 1 then do + return 1 + end + + cmd = 'lmfree' + cmd = cmd 'dataid('ARG(1)')' + call Print cmd + address ispexec cmd + + return rc + +/* +================================================================================ + GetDataIDFromDD('dd') +================================================================================ +*/ +GetDataIDFromDD: + procedure expose !dataid !verbose + + if ARG() <> 1 then do + return 1 + end + + drop !dataid + + cmd = 'lminit' + cmd = cmd 'dataid(zwedid)' + cmd = cmd 'ddname('ARG(1)')' + cmd = cmd 'enq(shr)' + call Print cmd + address ispexec cmd + + !dataid = zwedid + + return rc + +/* +================================================================================ + WriteToDataSet('dd') +================================================================================ +*/ +WriteToDataSet: + procedure expose !contentToWrite. !verbose + + if ARG() <> 1 then do + return 1 + end + + cmd = 'execio * diskw' + cmd = cmd ARG(1) + cmd = cmd '(finis stem !contentToWrite.' + call Print cmd + address tso cmd + + drop !contentToWrite. + !contentToWrite.0 = 0 + + return rc + +/* +================================================================================ + ReadFromDataSet('dd') +================================================================================ +*/ +ReadFromDataSet: + procedure expose !contentToRead. !verbose + + if ARG() <> 1 then do + return 1 + end + + drop !contentToRead. + !contentToRead.0 = 0 + + cmd = 'execio * diskr' + cmd = cmd ARG(1) + cmd = cmd '(finis stem !contentToRead.' + call Print cmd + address tso cmd + + return rc + +/* +================================================================================ + CreateSequentialDataSet('dsn', 'lrecl', 'recfm') +================================================================================ +*/ +CreateSequentialDataSet: + procedure expose !verbose + + if ARG() <> 3 then do + return 1 + end + + cmd = 'alloc' + cmd = cmd 'da('"'"ARG(1)"'"')' + cmd = cmd 'dsorg(ps)' + cmd = cmd 'space(50,5)' + cmd = cmd 'tracks' + cmd = cmd 'lrecl('ARG(2)')' + cmd = cmd 'recfm('ARG(3)')' + cmd = cmd 'new' + call Print cmd + address tso cmd + + return rc + +/* +================================================================================ + CreatePartitionedDataSet('dsn', 'lrecl', 'recfm') +================================================================================ +*/ +CreatePartitionedDataSet: + procedure expose !verbose + + if ARG() <> 3 then do + return 1 + end + + cmd = 'alloc' + cmd = cmd 'da('"'"ARG(1)"'"')' + cmd = cmd 'dsorg(po)' + cmd = cmd 'space(50,5)' + cmd = cmd 'tracks' + cmd = cmd 'lrecl('ARG(2)')' + cmd = cmd 'recfm('ARG(3)')' + cmd = cmd 'dir(10)' + cmd = cmd 'new' + call Print cmd + address tso cmd + + return rc + +/* +================================================================================ + CreateDataSetLike('new', 'old', 'dd') +================================================================================ +*/ +CreateDataSetLike: + procedure expose !verbose + + if ARG() <> 3 then do + return 1 + end + + cmd = 'alloc' + cmd = cmd 'da('"'"ARG(1)"'"')' + cmd = cmd 'like('"'"ARG(2)"'"')' + cmd = cmd 'f('ARG(3)')' + call Print cmd + address tso cmd + + return rc + +/* +================================================================================ + DeleteDataSet('dsn') +================================================================================ +*/ +DeleteDataSet: + procedure expose !verbose + + if ARG() <> 1 then do + return 1 + end + + cmd = 'delete' + cmd = cmd "'"ARG(1)"'" + call Print cmd + call outtrap 'output.',0 + address tso cmd + call outtrap 'off' + + return rc + +/* +================================================================================ + AllocateFile('path', 'dd') +================================================================================ +*/ +AllocateFile: + procedure expose !verbose + + if ARG() <> 2 then do + return 1 + end + + cmd = 'alloc' + cmd = cmd "path('"ARG(1)"')" + cmd = cmd 'f('ARG(2)')' + cmd = cmd 'pathopts(ordonly)' + call Print cmd + address tso cmd + + return rc + +/* +================================================================================ + AllocateDataSet('dsn', 'dd') +================================================================================ +*/ +AllocateDataSet: + procedure expose !verbose + + if ARG() <> 2 then do + return 1 + end + + cmd = 'alloc' + cmd = cmd 'da('"'"ARG(1)"'"')' + cmd = cmd 'f('ARG(2)')' + cmd = cmd 'shr reuse' + call Print cmd + address tso cmd + + return rc + +/* +================================================================================ + FreeByDD('dd') +================================================================================ +*/ +FreeByDD: + procedure expose !verbose + + if ARG() <> 1 then do + return 1 + end + + cmd = 'free' + cmd = cmd 'f('ARG(1)')' + call Print cmd + address tso cmd + + return rc + +/* +================================================================================ + FreeByDSN('dsn') +================================================================================ +*/ +FreeByDSN: + procedure expose !verbose + + if ARG() <> 1 then do + return 1 + end + + cmd = 'free' + cmd = cmd 'da('ARG(1)')' + call Print cmd + address tso cmd + + return rc + +/* +================================================================================ + GetConfigChain() +================================================================================ +*/ + GetConfigChain: + procedure expose !verbose + + configChain = '' + + if ReadFromDataSet('myconfig') = 0 then do + do j = 1 to !contentToRead.0 + type = WORD(!contentToRead.j, 1) + location = WORD(!contentToRead.j, 2) + element = type'('location')' + configChain = AddToChain(configChain, element) + end + end + + return configChain + +/* +================================================================================ + GetSchemaChain() +================================================================================ +*/ +GetSchemaChain: + procedure expose !verbose + + schemaChain = '' + + if ReadFromDataSet('myschema') = 0 then do + do j = 1 to !contentToRead.0 + type = WORD(!contentToRead.j, 1) + location = WORD(!contentToRead.j, 2) + element = location + schemaChain = AddToChain(schemaChain, element) + end + end + + return schemaChain + +/* +================================================================================ + AddToChain('chain', 'element') +================================================================================ +*/ +AddToChain: + procedure expose !verbose + + if ARG() <> 2 then do + return '' + end + + chain = ARG(1) + element = ARG(2) + + newChain = '' + + if chain = '' then do + newChain = element + end + else do + newChain = chain':'element + end + + return newChain + +/* +================================================================================ + Print('msg') +================================================================================ +*/ +Print: + procedure expose !verbose + + if !verbose = 1 then do + say ARG(1) + end + + return 0 + +/* +================================================================================ + ExitWithRC(exitCode) +================================================================================ +*/ +ExitWithRC: + exitCode = ARG(1) + ZISPFRC = exitCode + ADDRESS "ISPEXEC" "VPUT (ZISPFRC) " + exit exitCode diff --git a/files/SZWESAMP/ZWECSVSM b/files/SZWESAMP/ZWECSVSM index b0f5591805..04ceefae6b 100644 --- a/files/SZWESAMP/ZWECSVSM +++ b/files/SZWESAMP/ZWECSVSM @@ -22,24 +22,11 @@ //* 1) Add job name and job parameters to the JOB statement, to //* meet your system requirements. //* -//* 2) Change all #dsname placeholders to the desired data set name -//* of the VSAM cluster. The maximum length is 38 characters. -//* -//* 3) Select whether the VSAM will utilize Record Level Sharing (RLS) -//* services or not by updating the SET MODE= statement to specify -//* either RLS or NONRLS. -//* //* When using RLS, customize the definitions in the RLS DD: //* -//* 4) Change the #storclas placeholder to the desired storage class -//* name. -//* //* 5) Optionally, change LOG option NONE to UNDO or ALL to set the //* desired recovery options for the RLS VSAM. //* -//* When NOT using RLS, customize the definitions in the NONRLS DD: -//* -//* 6) Change the #volume placeholder to the desired volume label. //* //* Note(s): //* @@ -47,27 +34,25 @@ //* //******************************************************************** //* -// SET MODE=NONRLS RLS or NONRLS -//* //ALLOC EXEC PGM=IDCAMS,REGION=0M //SYSPRINT DD SYSOUT=* //SYSIN DD * DEFINE CLUSTER - - (NAME(#dsname) - -// DD DDNAME=&MODE + (NAME({components.caching-service.storage.vsam.name}) - +// DD DDNAME={zowe.setup.vsam.mode} // DD * REC(80 20) - INDEXED) - - DATA(NAME(#dsname.DATA) - + DATA(NAME({components.caching-service.storage.vsam.name}.DATA) - RECSZ(4096 4096) - UNIQUE - KEYS(128 0)) - - INDEX(NAME(#dsname.INDEX) - + INDEX(NAME({components.caching-service.storage.vsam.name}.INDEX) - UNIQUE) //RLS DD * - STORCLAS(#storclas) - + STORCLAS({zowe.setup.vsam.storageClass}) - LOG(NONE) - //NONRLS DD * - VOLUME(#volume) - + VOLUME({zowe.setup.vsam.volume}) - SHAREOPTIONS(2 3) - //* diff --git a/files/SZWESAMP/ZWEGENER b/files/SZWESAMP/ZWEGENER new file mode 100644 index 0000000000..67d6750e8b --- /dev/null +++ b/files/SZWESAMP/ZWEGENER @@ -0,0 +1,91 @@ +//ZWEGENER JOB +//* +//* This job is responsible for generating other jobs required +//* to configure Zowe. +//* +//* The method of validating your configuration is using +//* JSON Schema . Zowe provides +//* the ConfigMgr to assist in this. This job will invoke +//* the ConfigMgr to validate your current configuration +//* before generating any jobs. If there are any values +//* that are incorrect, you will be notified. You should +//* fix the value and then run this job again. You can run +//* this job as many times as you need. +//* +//* Configmgr documentation: +//* docs.zowe.org/stable/user-guide/configmgr-using +//* +//* Note: Any string with braces has an associated yaml value +//* in one of the yaml definitions for Zowe. +//* You should find the value and substitute it. +//* +//* {key} -> value +//* +//GENER EXEC PGM=IKJEFT1B +//ISPPROF DD DSN=,DISP=(NEW,DELETE),UNIT=, +// DCB=(RECFM=FB,LRECL=80,BLKSIZE=3120,DSORG=PO), +// SPACE=(3120,(20,5,10)) +//* +//* Replace {zowe.setup.dataset.prefix} with the +//* HLQ where SMP/E installed data sets are located. +//* +//SYSPROC DD DSN={zowe.setup.dataset.prefix}.SZWEEXEC,DISP=SHR +//* +//* Replace {zowe.setup.dataset.loadlib} with the data set +//* that contains Zowe executables. This data set will have +//* the suffix 'SZWELOAD'. +//* +//* +//STEPLIB DD DSN={zowe.setup.dataset.loadlib},DISP=SHR +//ISPPLIB DD DSN=ISP.SISPPENU,DISP=SHR +//ISPMLIB DD DSN=ISP.SISPMENU,DISP=SHR +//ISPTLIB DD DSN=ISP.SISPTENU,DISP=SHR +//ISPSLIB DD DSN=ISP.SISPSENU,DISP=SHR +//* +//* The order must be as follows. +//* +//* zowe-yaml-schema.json +//* server-common.json +//* +//* Replace {zowe.runtimeDirectory} with where your Zowe run time +//* directory is. +//* +//MYSCHEMA DD *,DLM=$$ +FILE {zowe.runtimeDirectory}/schemas/zowe-yaml-schema.json +FILE {zowe.runtimeDirectory}/schemas/server-common.json +$$ +//* +//* The DD below must include one or more FILE or PARMLIB +//* Entries. The lower entries have their values +//* Overridden by the higher entries. +//* PARMLIB member must be named "ZWEYAML" +//* +//* Ex. PARMLIB MY.ZOWE.CUSTOMIZATIONS +//* FILE /the/zowe/defaults.yaml +//MYCONFIG DD *,DLM=$$ +FILE +$$ +//CMGROUT DD SYSOUT=* +//SYSPRINT DD SYSOUT=* +//SYSTSPRT DD SYSOUT=* +//* +//* Change 'generate' to 'nogenerate' if you only +//* want to validate your configuration. The default +//* option, 'generate', will validate and then generate +//* jobs based on your configuration. +//* +//* - generate +//* - nogenerate +//* +//* Change 'noverbose' to 'verbose' below for +//* advanced logging. This is not needed unless +//* there is an error. +//* +//* - verbose +//* - noverbose +//* +//SYSTSIN DD * +ISPSTART CMD(%ZWEGEN00 - +generate - +noverbose - +) diff --git a/files/SZWESAMP/ZWEKRING b/files/SZWESAMP/ZWEKRING index 43f5dcb2f0..e317389816 100644 --- a/files/SZWESAMP/ZWEKRING +++ b/files/SZWESAMP/ZWEKRING @@ -43,9 +43,6 @@ //* 1) Add job name and job parameters to the JOB statement, to //* meet your system requirements. //* -//* 2) Update the SET PRODUCT= statement to match your security -//* product. -//* //* 3) Update the SET ZOWEUSER= statement to match the existing //* user ID for the Zowe started task. //* @@ -117,8 +114,6 @@ //********************************************************************* // EXPORT SYMLIST=* //* -// SET PRODUCT=RACF * RACF, ACF2, or TSS -//* 12345678 // SET ZOWEUSER=ZWESVUSR * userid for Zowe started task //* 12345678 //* @@ -132,14 +127,8 @@ // SET LABEL='localhost' //* * Zowe's local CA name // SET LOCALCA='localca' -//* * Zowe's local CA common name -// SET CN='Zowe Development Instances' //* * Zowe's local CA organizational unit // SET OU='API Mediation Layer' -//* * Zowe's local CA organization -// SET O='Zowe Sample' -//* * Zowe's local CA city/locality -// SET L='Prague' //* * Zowe's local CA state/province // SET SP='Prague' //* * Zowe's local CA country @@ -182,7 +171,7 @@ //* //RUNRACF EXEC PGM=IKJEFT01,REGION=0M //SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT +//SYSTSIN DD DDNAME={zowe.setup.security.product} //* //********************************************************************* //* @@ -191,7 +180,7 @@ //RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Create the keyring .............................................. */ - RACDCERT ADDRING(&ZOWERING.) ID(&ZOWEUSER.) + RACDCERT ADDRING({zowe.setup.certificate.keyring.name}.) ID(&ZOWEUSER.) SETROPTS RACLIST(DIGTRING) REFRESH $$ //IFOPT1 IF (&OPTION EQ 1) THEN @@ -204,11 +193,11 @@ $$ /* Create Zowe's local CA authority .................................*/ RACDCERT GENCERT CERTAUTH + SUBJECTSDN( + - CN('&CN. CA') + - OU('&OU.') + - O('&O.') + - L('&L.') + - SP('&SP.') + + CN('{zowe.setup.certificate.dname}. CA') + + OU('{zowe.setup.certificate.dname.orgUnit}.') + + O('{zowe.setup.certificate.dname.org}.') + + L('{zowe.setup.certificate.dname.locality}.') + + SP('{zowe.setup.certificate.dname.state}.') + C('&C.')) + SIZE(2048) + NOTAFTER(DATE(2030-05-01)) + @@ -217,17 +206,17 @@ $$ /* Connect Zowe's local CA authority to the keyring ................ */ RACDCERT CONNECT(CERTAUTH LABEL('&LOCALCA') + - RING(&ZOWERING.)) + + RING({zowe.setup.certificate.keyring.name}.)) + ID(&ZOWEUSER.) /* Create a certificate signed by local zowe's CA .................. */ RACDCERT GENCERT ID(&ZOWEUSER.) + SUBJECTSDN( + - CN('&CN. certificate') + - OU('&OU.') + - O('&O.') + - L('&L.') + - SP('&SP.') + + CN('{zowe.setup.certificate.dname}. certificate') + + OU('{zowe.setup.certificate.dname.orgUnit}.') + + O('{zowe.setup.certificate.dname.org}.') + + L('{zowe.setup.certificate.dname.locality}.') + + SP('{zowe.setup.certificate.dname.state}.') + C('&C.')) + SIZE(2048) + NOTAFTER(DATE(2030-05-01)) + @@ -240,7 +229,7 @@ $$ /* Connect a Zowe's certificate with the keyring ................... */ RACDCERT CONNECT(ID(&ZOWEUSER.) + LABEL('&LABEL.') + - RING(&ZOWERING.) + + RING({zowe.setup.certificate.keyring.name}.) + USAGE(PERSONAL) DEFAULT) + ID(&ZOWEUSER.) @@ -260,7 +249,7 @@ $$ /* Connect a Zowe's certificate with the keyring ................... */ RACDCERT CONNECT(SITE | ID(userid) + LABEL('certlabel') + - RING(&ZOWERING.) + + RING({zowe.setup.certificate.keyring.name}.) + USAGE(PERSONAL) DEFAULT) + ID(&ZOWEUSER.) @@ -287,7 +276,7 @@ $$ /* Connect a Zowe's certificate with the keyring ................... */ RACDCERT CONNECT(ID(&ZOWEUSER.) + LABEL('&LABEL.') + - RING(&ZOWERING.) + + RING({zowe.setup.certificate.keyring.name}.) + USAGE(PERSONAL) DEFAULT) + ID(&ZOWEUSER.) @@ -307,12 +296,12 @@ $$ /* keyring ......................................................... */ RACDCERT CONNECT(CERTAUTH + LABEL('&ITRMZWCA.') + - RING(&ZOWERING.) USAGE(CERTAUTH)) + + RING({zowe.setup.certificate.keyring.name}.) USAGE(CERTAUTH)) + ID(&ZOWEUSER.) RACDCERT CONNECT(CERTAUTH + LABEL('&ROOTZWCA.') + - RING(&ZOWERING.) USAGE(CERTAUTH)) + + RING({zowe.setup.certificate.keyring.name}.) USAGE(CERTAUTH)) + ID(&ZOWEUSER.) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH @@ -329,7 +318,7 @@ $$ /* authority (CA) with the keyring ................................. */ RACDCERT CONNECT(CERTAUTH + LABEL('&ROOTZFCA.') + - RING(&ZOWERING.) USAGE(CERTAUTH)) + + RING({zowe.setup.certificate.keyring.name}.) USAGE(CERTAUTH)) + ID(&ZOWEUSER.) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH @@ -350,15 +339,15 @@ $$ SETROPTS CLASSACT(RDATALIB) RACLIST(RDATALIB) /* Define profiles that control certificate access ................. */ - RDEFINE RDATALIB &ZOWEUSER..&ZOWERING..LST UACC(NONE) + RDEFINE RDATALIB &ZOWEUSER..{zowe.setup.certificate.keyring.name}..LST UACC(NONE) /* Permit server user ID to access key ring and related ............ */ /* private keys. ................................................... */ - PERMIT &ZOWEUSER..&ZOWERING..LST CLASS(RDATALIB) ID(&ZOWEUSER.) + + PERMIT &ZOWEUSER..{zowe.setup.certificate.keyring.name}..LST CLASS(RDATALIB) ID(&ZOWEUSER.) + ACCESS(CONTROL) /* Uncomment this command to allow other user to access key ring ... */ -/* PERMIT &ZOWEUSER..&ZOWERING..LST CLASS(RDATALIB) ID() + */ +/* PERMIT &ZOWEUSER..{zowe.setup.certificate.keyring.name}..LST CLASS(RDATALIB) ID() + */ /* ACCESS(READ) */ /* Refresh to dynamically activate the changes. .................... */ @@ -382,13 +371,13 @@ $$ SETROPTS RACLIST(FACILITY) REFRESH /* show results .................................................... */ - RLIST RDATALIB &ZOWEUSER..&ZOWERING..LST ALL + RLIST RDATALIB &ZOWEUSER..{zowe.setup.certificate.keyring.name}..LST ALL RLIST FACILITY IRR.DIGTCERT.LISTRING ALL RLIST FACILITY IRR.DIGTCERT.LIST ALL RLIST FACILITY IRR.DIGTCERT.GENCERT ALL /* List the keyring ................................................ */ - RACDCERT LISTRING(&ZOWERING.) ID(&ZOWEUSER.) + RACDCERT LISTRING({zowe.setup.certificate.keyring.name}.) ID(&ZOWEUSER.) /* Common part - END ............................................... */ /* only the last RC is returned, this command ensures it is a 0 .... */ @@ -408,7 +397,7 @@ ACF // * Create the keyring .............................................. */ SET PROFILE(USER) DIVISION(KEYRING) - INSERT &ZOWEUSER..ZOWERING RINGNAME(&ZOWERING.) + INSERT &ZOWEUSER..ZOWERING RINGNAME({zowe.setup.certificate.keyring.name}.) F ACF2,REBUILD(USR),CLASS(P),DIVISION(KEYRING) $$ //IFOPT1 IF (&OPTION EQ 1) THEN @@ -422,29 +411,29 @@ ACF * Create Zowe's local CA authority ................................ */ SET PROFILE(USER) DIVISION(CERTDATA) GENCERT CERTAUTH.ZOWECA LABEL(&LOCALCA) SIZE(2048) - - SUBJSDN(CN='&CN. CA' - - OU='&OU.' - - O='&O.' - - L='&L.' - - SP='&SP.' - + SUBJSDN(CN='{zowe.setup.certificate.dname}. CA' - + OU='{zowe.setup.certificate.dname.orgUnit}.' - + O='{zowe.setup.certificate.dname.org}.' - + L='{zowe.setup.certificate.dname.locality}.' - + SP='{zowe.setup.certificate.dname.state}.' - C='&C.') - EXPIRE(05/01/30) - KEYUSAGE(CERTSIGN) * * Connect Zowe's local CA authority to the keyring ................ */ SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA(CERTAUTH.ZOWECA) RINGNAME(&ZOWERING.) - + CONNECT CERTDATA(CERTAUTH.ZOWECA) RINGNAME({zowe.setup.certificate.keyring.name}.) - KEYRING(&ZOWEUSER..ZOWERING) USAGE(CERTAUTH) CHKCERT CERTAUTH.ZOWECA * * Create a certificate signed by local zowe's CA .................. */ SET PROFILE(USER) DIV(CERTDATA) GENCERT &ZOWEUSER..ZOWECERT - - SUBJSDN(CN='&CN. certificate' - - OU='&OU.' - - O='&O.' - - L='&L.' - - SP='&SP.' - + SUBJSDN(CN='{zowe.setup.certificate.dname}. certificate' - + OU='{zowe.setup.certificate.dname.orgUnit}.' - + O='{zowe.setup.certificate.dname.org}.' - + L='{zowe.setup.certificate.dname.locality}.' - + SP='{zowe.setup.certificate.dname.state}.' - C='&C.') - SIZE(2048) - EXPIRE(05/01/30) - @@ -517,10 +506,10 @@ ACF * Connect all CAs of the Zowe certificate's signing chain with the */ * keyring ......................................................... */ SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA(CERTAUTH.&ITRMZWCA.) RINGNAME(&ZOWERING.) - + CONNECT CERTDATA(CERTAUTH.&ITRMZWCA.) RINGNAME({zowe.setup.certificate.keyring.name}.) - KEYRING(&ZOWEUSER..ZOWERING) USAGE(CERTAUTH) * - CONNECT CERTDATA(CERTAUTH.&ROOTZWCA.) RINGNAME(&ZOWERING.) - + CONNECT CERTDATA(CERTAUTH.&ROOTZWCA.) RINGNAME({zowe.setup.certificate.keyring.name}.) - KEYRING(&ZOWEUSER..ZOWERING) USAGE(CERTAUTH) $$ //IFZWCAED ENDIF @@ -535,7 +524,7 @@ ACF * Connect the z/OSMF root CA signed by a recognized certificate ... */ * authority (CA) with the keyring ................................. */ SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA(CERTAUTH.&ROOTZFCA.) RINGNAME(&ZOWERING.) - + CONNECT CERTDATA(CERTAUTH.&ROOTZFCA.) RINGNAME({zowe.setup.certificate.keyring.name}.) - KEYRING(&ZOWEUSER..ZOWERING) USAGE(CERTAUTH) $$ //IFZFCAED ENDIF @@ -576,7 +565,7 @@ $$ //TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Create the keyring .............................................. */ - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING(&ZOWERING.) + TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) $$ //IFOPT1 IF (&OPTION EQ 1) THEN //RUNOPT1 EXEC PGM=IKJEFT01,REGION=0M @@ -588,11 +577,11 @@ $$ TSS GENCERT(CERTAUTH) + DIGICERT(ZOWECA) + SUBJECTN( + - 'CN="&CN. CA" + - OU="&OU." + - O="&O." + - L="&L." + - SP="&SP." + + 'CN="{zowe.setup.certificate.dname}. CA" + + OU="{zowe.setup.certificate.dname.orgUnit}." + + O="{zowe.setup.certificate.dname.org}." + + L="{zowe.setup.certificate.dname.locality}." + + SP="{zowe.setup.certificate.dname.state}." + C="&C." ') + KEYSIZE(2048) + NADATE(05/01/30) + @@ -600,18 +589,18 @@ $$ KEYUSAGE('CERTSIGN') /* Connect Zowe's local CA authority to the keyring ................ */ - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING(&ZOWERING.) + + TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + RINGDATA(CERTAUTH,ZOWECA) /* Create a certificate signed by local zowe's CA .................. */ TSS GENCERT(&ZOWEUSER.) + DIGICERT(ZOWECERT) + SUBJECTN( + - 'CN="&CN. certificate" + - OU="&OU." + - O="&O." + - L="&L." + - SP="&SP." + + 'CN="{zowe.setup.certificate.dname}. certificate" + + OU="{zowe.setup.certificate.dname.orgUnit}." + + O="{zowe.setup.certificate.dname.org}." + + L="{zowe.setup.certificate.dname.locality}." + + SP="{zowe.setup.certificate.dname.state}." + C="&C." ') + KEYSIZE(2048) + NADATE(05/01/30) + @@ -677,10 +666,10 @@ $$ /* Connect all CAs of the Zowe certificate's signing chain with the */ /* keyring ......................................................... */ - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING(&ZOWERING.) + + TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + RINGDATA(CERTAUTH,&ITRMZWCA.) USAGE(CERTAUTH) - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING(&ZOWERING.) + + TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + RINGDATA(CERTAUTH,&ROOTZWCA.) USAGE(CERTAUTH) $$ //IFZWCAED ENDIF @@ -693,7 +682,7 @@ $$ /* Connect the z/OSMF root CA signed by a recognized certificate ... */ /* authority (CA) with the keyring ................................. */ - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING(&ZOWERING.) + + TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + RINGDATA(CERTAUTH,&ROOTZFCA.) USAGE(CERTAUTH) $$ //IFZFCAED ENDIF @@ -712,7 +701,7 @@ $$ /* TSS PERMIT(&ZOWEUSER.) IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) /* List the keyring ................................................ */ - TSS LIST(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING(&ZOWERING.) + TSS LIST(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) /* Common part - END ............................................... */ /* only the last RC is returned, this command ensures it is a 0 */ diff --git a/workflows/templates/ZWESECUR.vtl b/workflows/templates/ZWESECUR.vtl index d32ecb48dc..93f12ac639 100644 --- a/workflows/templates/ZWESECUR.vtl +++ b/workflows/templates/ZWESECUR.vtl @@ -35,40 +35,6 @@ //* 1) Add job name and job parameters to the JOB statement, to //* meet your system requirements. //* -//* 2) Update the SET PRODUCT= statement to match your security -//* product. -//* -//* 3) Update the SET ADMINGRP= statement to match the desired -//* group name for Zowe administrators. -//* -//* 4) Update the SET STCGRP= statement to match the desired -//* group name for started tasks. -//* -//* 5) Update the SET ZOWEUSER= statement to match the desired -//* user ID for the ZOWE started task. -//* -//* 6) Update the SET ZISUSER= statement to match the desired -//* user ID for the ZIS started task. -//* -//* 7) Update the SET ZOWESTC= statement to match the desired -//* Zowe started task name. -//* -//* 8) Update the SET ZLNCHSTC= statement to match the desired -//* Zowe launcher started task name. It is applicable if you -//* run Zowe for high availability. -//* -//* 9) Update the SET ZISSTC= statement to match the desired -//* ZIS started task name. -//* -//* 10) Update the SET AUXSTC= statement to match the desired -//* ZIS Auxiliary started task name. -//* -//* 11) Update the SET HLQ= statement to match the desired -//* Zowe data set high level qualifier. -//* -//* 12) Update the SET SYSPROG= statement to match the existing -//* user ID or group used by z/OS system programmers. -//* //* 13) When not using AUTOUID and AUTOGID to assign z/OS UNIX UID //* and GID values, update the SET *ID= statements to match the //* desired UID and GID values. @@ -103,19 +69,6 @@ #if($ibmTemplate == 'YES') // EXPORT SYMLIST=* //* -// SET PRODUCT=RACF * RACF, ACF2, or TSS -//* 12345678 -// SET ADMINGRP=ZWEADMIN * group for Zowe administrators -// SET STCGRP=&ADMINGRP. * group for Zowe started tasks -// SET ZOWEUSER=ZWESVUSR * userid for Zowe started task -// SET ZISUSER=ZWESIUSR * userid for ZIS started task -// SET ZOWESTC=ZWESVSTC * Zowe started task name -// SET ZLNCHSTC=ZWESLSTC * Zowe started task name for HA -// SET ZISSTC=ZWESISTC * ZIS started task name -// SET AUXSTC=ZWESASTC * ZIS AUX started task name -// SET HLQ=ZWE * data set high level qualifier -// SET SYSPROG=&ADMINGRP. * system programmer user ID/group -//* 12345678 //* //* The sample RACF and ACF2 commands assume AUTOUID and AUTOGID are //* enabled. When this is not the case, or you are using Top Secret, @@ -145,19 +98,6 @@ #if($ibmTemplate != 'YES') // EXPORT SYMLIST=* //* -// SET PRODUCT=${PRODUCT} * RACF, ACF2, or TSS -//* 12345678 -// SET ADMINGRP=${ADMINGRP} * group for Zowe administrators -// SET STCGRP=${STCGRP} * group for Zowe started tasks -// SET ZOWEUSER=${ZOWEUSER} * userid for Zowe started task -// SET ZISUSER=${ZISUSER} * userid for ZIS started task -// SET ZOWESTC=${ZOWESTC} * Zowe started task name -// SET ZLNCHSTC=${ZLNCHSTC} * Zowe started task name for HA -// SET ZISSTC=${ZISSTC} * ZIS started task name -// SET AUXSTC=${AUXSTC} * ZIS AUX started task name -// SET HLQ=${HLQ} * data set high level qualifier -// SET SYSPROG=${SYSPROG} * system programmer user ID/group -//* 12345678 //* //* The sample RACF and ACF2 commands assume AUTOUID and AUTOGID are //* enabled. When this is not the case, or you are using Top Secret, @@ -193,7 +133,7 @@ //* //RUN EXEC PGM=IKJEFT01,REGION=0M //SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT +//SYSTSIN DD DDNAME={zowe.setup.security.product} //* //********************************************************************* //* @@ -232,12 +172,12 @@ /* group for administrators */ /* replace AUTOGID with GID(&ADMINGID.) if AUTOGID not enabled */ - LISTGRP &ADMINGRP. OMVS - ADDGROUP &ADMINGRP. OMVS(AUTOGID) - + LISTGRP {zowe.setup.security.groups.admin}. OMVS + ADDGROUP {zowe.setup.security.groups.admin}. OMVS(AUTOGID) - DATA('ZOWE ADMINISTRATORS') /* uncomment to add existing user IDs to the &ADMINGRP group */ -/* CONNECT (userid,userid,...) GROUP(&ADMINGRP.) AUTH(USE) */ +/* CONNECT (userid,userid,...) GROUP({zowe.setup.security.groups.admin}.) AUTH(USE) */ /* DEFINE STARTED TASK ............................................. */ @@ -249,28 +189,28 @@ /* warning messages otherwise */ /* group for started tasks */ /* replace AUTOGID with GID(&STCGID.) if AUTOGID not enabled */ - LISTGRP &STCGRP. OMVS - ADDGROUP &STCGRP. OMVS(AUTOGID) - + LISTGRP {zowe.setup.security.groups.stc}. OMVS + ADDGROUP {zowe.setup.security.groups.stc}. OMVS(AUTOGID) - DATA('STARTED TASK GROUP WITH OMVS SEGMENT') /* */ /* userid for ZOWE main server */ /* replace AUTOUID with UID(&ZOWEUID.) if AUTOUID not enabled */ - LISTUSER &ZOWEUSER. OMVS - ADDUSER &ZOWEUSER. - + LISTUSER {zowe.setup.security.users.zowe}. OMVS + ADDUSER {zowe.setup.security.users.zowe}. - NOPASSWORD - - DFLTGRP(&STCGRP.) - + DFLTGRP({zowe.setup.security.groups.stc}.) - OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) - NAME('ZOWE SERVER') - DATA('ZOWE MAIN SERVER') /* userid for ZIS cross memory server */ /* replace AUTOUID with UID(&ZISUID.) if AUTOUID not enabled */ - LISTUSER &ZISUSER. OMVS - ADDUSER &ZISUSER. - + LISTUSER {zowe.setup.security.users.zis}. OMVS + ADDUSER {zowe.setup.security.users.zis}. - NOPASSWORD - - DFLTGRP(&STCGRP.) - + DFLTGRP({zowe.setup.security.groups.stc}.) - OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) - NAME('ZOWE ZIS SERVER') - DATA('ZOWE ZIS CROSS MEMORY SERVER') @@ -278,39 +218,39 @@ /* */ /* started task for ZOWE main server */ - RLIST STARTED &ZOWESTC..* ALL STDATA - RDEFINE STARTED &ZOWESTC..* - - STDATA(USER(&ZOWEUSER.) GROUP(&STCGRP.) TRUSTED(NO)) - + RLIST STARTED {zowe.setup.security.stcs.zowe}..* ALL STDATA + RDEFINE STARTED {zowe.setup.security.stcs.zowe}..* - + STDATA(USER({zowe.setup.security.users.zowe}.) GROUP({zowe.setup.security.groups.stc}.) TRUSTED(NO)) - DATA('ZOWE MAIN SERVER') /* started task for ZOWE Launcher in high availability */ - RLIST STARTED &ZLNCHSTC..* ALL STDATA - RDEFINE STARTED &ZLNCHSTC..* - - STDATA(USER(&ZOWEUSER.) GROUP(&STCGRP.) TRUSTED(NO)) - + RLIST STARTED {zowe.setup.security.stcs.zowe}..* ALL STDATA + RDEFINE STARTED {zowe.setup.security.stcs.zowe}..* - + STDATA(USER({zowe.setup.security.users.zowe}.) GROUP({zowe.setup.security.groups.stc}.) TRUSTED(NO)) - DATA('ZOWE LAUNCHER SERVER') /* started task for ZIS cross memory server */ - RLIST STARTED &ZISSTC..* ALL STDATA - RDEFINE STARTED &ZISSTC..* - - STDATA(USER(&ZISUSER.) GROUP(&STCGRP.) TRUSTED(NO)) - + RLIST STARTED {zowe.setup.security.stcs.zis}..* ALL STDATA + RDEFINE STARTED {zowe.setup.security.stcs.zis}..* - + STDATA(USER({zowe.setup.security.users.zis}.) GROUP({zowe.setup.security.groups.stc}.) TRUSTED(NO)) - DATA('ZOWE ZIS CROSS MEMORY SERVER') /* started task for ZIS Auxiliary cross memory server */ - RLIST STARTED &AUXSTC..* ALL STDATA - RDEFINE STARTED &AUXSTC..* - - STDATA(USER(&ZISUSER.) GROUP(&STCGRP.) TRUSTED(NO)) - + RLIST STARTED {zowe.setup.security.stcs.aux}..* ALL STDATA + RDEFINE STARTED {zowe.setup.security.stcs.aux}..* - + STDATA(USER({zowe.setup.security.users.zis}.) GROUP({zowe.setup.security.groups.stc}.) TRUSTED(NO)) - DATA('ZOWE ZIS AUX CROSS MEMORY SERVER') SETROPTS RACLIST(STARTED) REFRESH /* show results .................................................... */ - LISTGRP &STCGRP. OMVS - LISTUSER &ZOWEUSER. OMVS - LISTUSER &ZISUSER. OMVS - RLIST STARTED &ZOWESTC..* ALL STDATA - RLIST STARTED &ZLNCHSTC..* ALL STDATA - RLIST STARTED &ZISSTC..* ALL STDATA - RLIST STARTED &AUXSTC..* ALL STDATA + LISTGRP {zowe.setup.security.groups.stc}. OMVS + LISTUSER {zowe.setup.security.users.zowe}. OMVS + LISTUSER {zowe.setup.security.users.zis}. OMVS + RLIST STARTED {zowe.setup.security.stcs.zowe}..* ALL STDATA + RLIST STARTED {zowe.setup.security.stcs.zowe}..* ALL STDATA + RLIST STARTED {zowe.setup.security.stcs.zis}..* ALL STDATA + RLIST STARTED {zowe.setup.security.stcs.aux}..* ALL STDATA /* DEFINE ZIS SECURITY RESOURCES ................................... */ @@ -321,13 +261,13 @@ /* DEFINE AUX SERVER PERMISIONS .................................... */ /* permit AUX STC to use ZIS cross memory server */ - PERMIT ZWES.IS CLASS(FACILITY) ACCESS(READ) ID(&ZISUSER.) + PERMIT ZWES.IS CLASS(FACILITY) ACCESS(READ) ID({zowe.setup.security.users.zis}.) SETROPTS RACLIST(FACILITY) REFRESH /* DEFINE ZOWE SERVER PERMISIONS ................................... */ /* permit Zowe main server to use ZIS cross memory server */ - PERMIT ZWES.IS CLASS(FACILITY) ACCESS(READ) ID(&ZOWEUSER.) + PERMIT ZWES.IS CLASS(FACILITY) ACCESS(READ) ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(FACILITY) REFRESH /* permit Zowe main server to create a user's security environment */ @@ -338,22 +278,22 @@ /* it on a production system. */ RLIST FACILITY BPX.DAEMON ALL RDEFINE FACILITY BPX.DAEMON UACC(NONE) - PERMIT BPX.DAEMON CLASS(FACILITY) ACCESS(UPDATE) ID(&ZOWEUSER.) + PERMIT BPX.DAEMON CLASS(FACILITY) ACCESS(UPDATE) ID({zowe.setup.security.users.zowe}.) RLIST FACILITY BPX.SERVER ALL RDEFINE FACILITY BPX.SERVER UACC(NONE) - PERMIT BPX.SERVER CLASS(FACILITY) ACCESS(UPDATE) ID(&ZOWEUSER.) + PERMIT BPX.SERVER CLASS(FACILITY) ACCESS(UPDATE) ID({zowe.setup.security.users.zowe}.) /* permit Zowe main server to create a user's security environment */ /* comment out the following 2 lines if the OMVSAPPL is not defined */ /* in your environment */ - PERMIT OMVSAPPL CLASS(APPL) ID(&ZOWEUSER.) ACCESS(READ) + PERMIT OMVSAPPL CLASS(APPL) ID({zowe.setup.security.users.zowe}.) ACCESS(READ) SETROPTS RACLIST(APPL) REFRESH /* permit Zowe main server to set job name */ RLIST FACILITY BPX.JOBNAME ALL RDEFINE FACILITY BPX.JOBNAME UACC(NONE) - PERMIT BPX.JOBNAME CLASS(FACILITY) ACCESS(READ) ID(&ZOWEUSER.) + PERMIT BPX.JOBNAME CLASS(FACILITY) ACCESS(READ) ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(FACILITY) REFRESH @@ -362,26 +302,26 @@ RLIST UNIXPRIV SUPERUSER.FILESYS ALL RDEFINE UNIXPRIV SUPERUSER.FILESYS UACC(NONE) PERMIT SUPERUSER.FILESYS CLASS(UNIXPRIV) ACCESS(CONTROL) - - ID(&ZOWEUSER.) + ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(UNIXPRIV) REFRESH /* permit Zowe main server to use client certificate mapping service */ RLIST FACILITY IRR.RUSERMAP ALL RDEFINE FACILITY IRR.RUSERMAP UACC(NONE) - PERMIT IRR.RUSERMAP CLASS(FACILITY) ACCESS(READ) ID(&ZOWEUSER.) + PERMIT IRR.RUSERMAP CLASS(FACILITY) ACCESS(READ) ID({zowe.setup.security.users.zowe}.) /* permit Zowe main server to use distributed identity mapping */ /* service RLIST FACILITY IRR.IDIDMAP.QUERY ALL RDEFINE FACILITY IRR.IDIDMAP.QUERY UACC(NONE) PERMIT IRR.IDIDMAP.QUERY CLASS(FACILITY) ACCESS(READ) - - ID(&ZOWEUSER.) + ID({zowe.setup.security.users.zowe}.) /* permit Zowe main server to cut SMF records */ RLIST FACILITY IRR.RAUDITX ALL RDEFINE FACILITY IRR.RAUDITX UACC(NONE) - PERMIT IRR.RAUDITX CLASS(FACILITY) ACCESS(READ) ID(&ZOWEUSER.) + PERMIT IRR.RAUDITX CLASS(FACILITY) ACCESS(READ) ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(FACILITY) REFRESH /* show results .................................................... */ @@ -403,19 +343,19 @@ /* EGN is not active on your system. */ /* HLQ stub */ - LISTGRP &HLQ. - ADDGROUP &HLQ. DATA('Zowe - HLQ STUB') + LISTGRP {zowe.setup.dataset.prefix}. + ADDGROUP {zowe.setup.dataset.prefix}. DATA('Zowe - HLQ STUB') /* general data set protection */ - LISTDSD PREFIX(&HLQ.) ALL - ADDSD '&HLQ..*.**' UACC(READ) DATA('Zowe') - PERMIT '&HLQ..*.**' CLASS(DATASET) ACCESS(ALTER) ID(&SYSPROG.) + LISTDSD PREFIX({zowe.setup.dataset.prefix}.) ALL + ADDSD '{zowe.setup.dataset.prefix}..*.**' UACC(READ) DATA('Zowe') + PERMIT '{zowe.setup.dataset.prefix}..*.**' CLASS(DATASET) ACCESS(ALTER) ID({zowe.setup.security.groups.sysProg}.) SETROPTS GENERIC(DATASET) REFRESH /* show results .................................................... */ - LISTGRP &HLQ. - LISTDSD PREFIX(&HLQ.) ALL + LISTGRP {zowe.setup.dataset.prefix}. + LISTDSD PREFIX({zowe.setup.dataset.prefix}.) ALL /* DEFINE ZOWE RESOURCE PROTECTION ................................. */ @@ -470,13 +410,13 @@ ACF * replace AUTOGID with GID(&ADMINGID.) if AUTOGID is not enabled * SET PROFILE(GROUP) DIV(OMVS) -INSERT &ADMINGRP. AUTOGID +INSERT {zowe.setup.security.groups.admin}. AUTOGID F ACF2,REBUILD(GRP),CLASS(P) * * uncomment and customize to add an existing userid as administrator * * SET X(ROL) -* INSERT &ADMINGRP. INCLUDE(userid) ROLE +* INSERT {zowe.setup.security.groups.admin}. INCLUDE(userid) ROLE * F ACF2,NEWXREF,TYPE(ROL) * * DEFINE STARTED TASK ............................................. @@ -487,7 +427,7 @@ F ACF2,REBUILD(GRP),CLASS(P) * replace AUTOGID with GID(&STCGID.) if AUTOGID is not enabled * SET PROFILE(GROUP) DIV(OMVS) -INSERT &STCGRP. AUTOGID +INSERT {zowe.setup.security.groups.stc}. AUTOGID F ACF2,REBUILD(GRP),CLASS(P) * ***** @@ -496,18 +436,18 @@ F ACF2,REBUILD(GRP),CLASS(P) * replace AUTOUID with UID(&ZOWEUID.) if AUTOUID is not enabled * SET LID -INSERT &ZOWEUSER. STC GROUP(&STCGRP.) +INSERT {zowe.setup.security.users.zowe}. STC GROUP({zowe.setup.security.groups.stc}.) SET PROFILE(USER) DIV(OMVS) -INSERT &ZOWEUSER. AUTOUID HOME(/tmp) OMVSPGM(/bin/sh) +INSERT {zowe.setup.security.users.zowe}. AUTOUID HOME(/tmp) OMVSPGM(/bin/sh) F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) * * userid for ZIS cross memory server * replace AUTOUID with UID(&ZISUID.) if AUTOUID is not enabled * SET LID -INSERT &ZISUSER. STC GROUP(&STCGRP.) +INSERT {zowe.setup.security.users.zis}. STC GROUP({zowe.setup.security.groups.stc}.) SET PROFILE(USER) DIV(OMVS) -INSERT &ZISUSER. AUTOUID HOME(/tmp) OMVSPGM(/bin/sh) +INSERT {zowe.setup.security.users.zis}. AUTOUID HOME(/tmp) OMVSPGM(/bin/sh) F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) * ***** @@ -515,44 +455,44 @@ F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) * started task for ZOWE main server * SET CONTROL(GSO) -INSERT STC.&ZOWESTC. LOGONID(&ZOWEUSER.) + -GROUP(&STCGRP.) + -STCID(&ZOWESTC.) +INSERT STC.{zowe.setup.security.stcs.zowe}. LOGONID({zowe.setup.security.users.zowe}.) + +GROUP({zowe.setup.security.groups.stc}.) + +STCID({zowe.setup.security.stcs.zowe}.) F ACF2,REFRESH(STC) * * started task for ZOWE Launcher in high availability * SET CONTROL(GSO) -INSERT STC.&ZLNCHSTC. LOGONID(&ZOWEUSER.) + -GROUP(&STCGRP.) + -STCID(&ZLNCHSTC.) +INSERT STC.{zowe.setup.security.stcs.zowe}. LOGONID({zowe.setup.security.users.zowe}.) + +GROUP({zowe.setup.security.groups.stc}.) + +STCID({zowe.setup.security.stcs.zowe}.) F ACF2,REFRESH(STC) * * started task for ZIS cross memory server * SET CONTROL(GSO) -INSERT STC.&ZISSTC. LOGONID(&ZISUSER.) + -GROUP(&STCGRP.) + -STCID(&ZISSTC.) +INSERT STC.{zowe.setup.security.stcs.zis}. LOGONID({zowe.setup.security.users.zis}.) + +GROUP({zowe.setup.security.groups.stc}.) + +STCID({zowe.setup.security.stcs.zis}.) F ACF2,REFRESH(STC) * * started task for ZIS Auxiliary cross memory server * SET CONTROL(GSO) -INSERT STC.&AUXSTC. LOGONID(&ZISUSER.) + -GROUP(&STCGRP.) + -STCID(&AUXSTC.) +INSERT STC.{zowe.setup.security.stcs.aux}. LOGONID({zowe.setup.security.users.zis}.) + +GROUP({zowe.setup.security.groups.stc}.) + +STCID({zowe.setup.security.stcs.aux}.) F ACF2,REFRESH(STC) * * DEFINE ZIS SECURITY RESOURCES .................................. * -* define a role holding the permissions, add &ZISUSER and -* &ZOWEUSER to it +* define a role holding the permissions, add {zowe.setup.security.users.zis} and +* {zowe.setup.security.users.zowe} to it * SET X(ROL) -INSERT &STCGRP. INCLUDE(&ZOWEUSER.) ROLE +INSERT {zowe.setup.security.groups.stc}. INCLUDE({zowe.setup.security.users.zowe}.) ROLE F ACF2,NEWXREF,TYPE(ROL) -CHANGE &STCGRP. INCLUDE(&ZISUSER.) ADD +CHANGE {zowe.setup.security.groups.stc}. INCLUDE({zowe.setup.security.users.zis}.) ADD F ACF2,NEWXREF,TYPE(ROL) * * DEFINE STC SERVER PERMISIONS .................................... @@ -560,7 +500,7 @@ F ACF2,NEWXREF,TYPE(ROL) * permit AUX and Zowe main server to use ZIS cross memory server * SET RESOURCE(FAC) -RECKEY ZWES ADD(IS SERVICE(READ) ROLE(&STCGRP.) ALLOW) +RECKEY ZWES ADD(IS SERVICE(READ) ROLE({zowe.setup.security.groups.stc}.) ALLOW) F ACF2,REBUILD(FAC) * * DEFINE ZOWE SERVER PERMISIONS ................................... @@ -573,18 +513,18 @@ F ACF2,REBUILD(FAC) * it on a production system. * SET RESOURCE(FAC) -RECKEY BPX ADD(DAEMON SERVICE(UPDATE) ROLE(&STCGRP.) ALLOW) -RECKEY BPX ADD(SERVER SERVICE(UPDATE) ROLE(&STCGRP.) ALLOW) +RECKEY BPX ADD(DAEMON SERVICE(UPDATE) ROLE({zowe.setup.security.groups.stc}.) ALLOW) +RECKEY BPX ADD(SERVER SERVICE(UPDATE) ROLE({zowe.setup.security.groups.stc}.) ALLOW) * * permit Zowe main server to create a user's security environment * comment out the following 3 lines if the OMVSAPPL is not defined * in your environment SET RESOURCE(APL) -RECKEY OMVSAPPL ADD(SERVICE(READ) ROLE(&STCGRP.) ALLOW) +RECKEY OMVSAPPL ADD(SERVICE(READ) ROLE({zowe.setup.security.groups.stc}.) ALLOW) F ACF2,REBUILD(APL) * * Allow STCGRP role access to BPX.JOBNAME -RECKEY BPX ADD(JOBNAME SERVICE(READ) ROLE(&STCGRP.) ALLOW) +RECKEY BPX ADD(JOBNAME SERVICE(READ) ROLE({zowe.setup.security.groups.stc}.) ALLOW) F ACF2,REBUILD(FAC) * ** comment out to not use SUPERUSER.FILESYS, see JCL comments @@ -595,27 +535,27 @@ COMPILE * $KEY(SUPERUSER.FILESYS) $TYPE(UNI) $ROLESET - ROLE(&STCGRP.) ALLOW + ROLE({zowe.setup.security.groups.stc}.) ALLOW STORE * SET RESOURCE(UNI) -* RECKEY SUPERUSER.FILESYS ADD(SERVICE(READ) ROLE(&STCGRP.) ALLOW) +* RECKEY SUPERUSER.FILESYS ADD(SERVICE(READ) ROLE({zowe.setup.security.groups.stc}.) ALLOW) F ACF2,REBUILD(UNI) * allow STCGRP role to use client certificate mapping service SET RESOURCE(FAC) -RECKEY IRR ADD(RUSERMAP ROLE(&STCGRP.) SERVICE(READ) ALLOW) +RECKEY IRR ADD(RUSERMAP ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * allow STCGRP role to use distributed identity mapping service SET RESOURCE(FAC) -RECKEY IRR ADD(IDIDMAP.QUERY ROLE(&STCGRP.) SERVICE(READ) ALLOW) +RECKEY IRR ADD(IDIDMAP.QUERY ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * permit Zowe main server to cut SMF records SET RESOURCE(FAC) -RECKEY IRR ADD(RAUDITX ROLE(&STCGRP.) SERVICE(READ) ALLOW) +RECKEY IRR ADD(RAUDITX ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * @@ -627,13 +567,13 @@ F ACF2,REBUILD(FAC) * HLQ stub SET RULE * general data set protection -LIST &HLQ. -RECKEY &HLQ. ADD(- UID(-) READ(A) EXEC(P)) -RECKEY &HLQ. + -ADD(- UID(&SYSPROG.) READ(A) EXEC(A) ALLOC(A) WRITE(A)) +LIST {zowe.setup.dataset.prefix}. +RECKEY {zowe.setup.dataset.prefix}. ADD(- UID(-) READ(A) EXEC(P)) +RECKEY {zowe.setup.dataset.prefix}. + +ADD(- UID({zowe.setup.security.groups.sysProg}.) READ(A) EXEC(A) ALLOC(A) WRITE(A)) * * show results -LIST &HLQ. +LIST {zowe.setup.dataset.prefix}. * * @@ -674,67 +614,67 @@ $$ /* DEFINE ADMINISTRATORS ........................................... */ /* group for administrators */ - TSS LIST(&ADMINGRP.) SEGMENT(OMVS) - TSS CREATE(&ADMINGRP.) TYPE(GROUP) + + TSS LIST({zowe.setup.security.groups.admin}.) SEGMENT(OMVS) + TSS CREATE({zowe.setup.security.groups.admin}.) TYPE(GROUP) + NAME('ZOWE ADMINISTRATORS') + DEPT(&ADMINDEP.) - TSS ADD(&ADMINGRP.) GID(&ADMINGID.) + TSS ADD({zowe.setup.security.groups.admin}.) GID(&ADMINGID.) /* uncomment to add existing user IDs to the &ADMINGRP group */ -/* TSS ADD(userid) GROUP(&ADMINGRP.) */ +/* TSS ADD(userid) GROUP({zowe.setup.security.groups.admin}.) */ /* DEFINE STARTED TASK ............................................. */ /* comment out if STCGRP matches ADMINGRP (default), expect */ /* warning messages otherwise */ /* group for started tasks */ - TSS LIST(&STCGRP.) SEGMENT(OMVS) - TSS CREATE(&STCGRP.) TYPE(GROUP) + + TSS LIST({zowe.setup.security.groups.stc}.) SEGMENT(OMVS) + TSS CREATE({zowe.setup.security.groups.stc}.) TYPE(GROUP) + NAME('STC GROUP WITH OMVS SEGMENT') + DEPT(&STCGDEP.) - TSS ADD(&STCGRP.) GID(&STCGID.) + TSS ADD({zowe.setup.security.groups.stc}.) GID(&STCGID.) /* */ /* userid for ZOWE main server */ - TSS LIST(&ZOWEUSER.) SEGMENT(OMVS) - TSS CREATE(&ZOWEUSER.) TYPE(USER) PASS(NOPW,0) + + TSS LIST({zowe.setup.security.users.zowe}.) SEGMENT(OMVS) + TSS CREATE({zowe.setup.security.users.zowe}.) TYPE(USER) PASS(NOPW,0) + NAME('ZOWE MAIN SERVER') + DEPT(&STCUDEP.) - TSS ADD(&ZOWEUSER.) GROUP(&STCGRP.) + - DFLTGRP(&STCGRP.) + + TSS ADD({zowe.setup.security.users.zowe}.) GROUP({zowe.setup.security.groups.stc}.) + + DFLTGRP({zowe.setup.security.groups.stc}.) + HOME(/tmp) OMVSPGM(/bin/sh) UID(&ZOWEUID.) /* userid for ZIS cross memory server */ - TSS LIST(&ZISUSER.) SEGMENT(OMVS) - TSS CREATE(&ZISUSER.) TYPE(USER) PASS(NOPW,0) + + TSS LIST({zowe.setup.security.users.zis}.) SEGMENT(OMVS) + TSS CREATE({zowe.setup.security.users.zis}.) TYPE(USER) PASS(NOPW,0) + NAME('ZOWE ZIS CROSS MEMORY SERVER') + DEPT(&STCUDEP.) - TSS ADD(&ZISUSER.) GROUP(&STCGRP.) + - DFLTGRP(&STCGRP.) + + TSS ADD({zowe.setup.security.users.zis}.) GROUP({zowe.setup.security.groups.stc}.) + + DFLTGRP({zowe.setup.security.groups.stc}.) + HOME(/tmp) OMVSPGM(/bin/sh) UID(&ZISUID.) /* */ /* started task for ZOWE main server */ - TSS LIST(STC) PROCNAME(&ZOWESTC.) PREFIX - TSS ADD(STC) PROCNAME(&ZOWESTC.) ACID(&ZOWEUSER.) - TSS ADD(&ZOWEUSER.) FAC(STC) + TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.zowe}.) PREFIX + TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.zowe}.) ACID({zowe.setup.security.users.zowe}.) + TSS ADD({zowe.setup.security.users.zowe}.) FAC(STC) /* started task for ZOWE Launcher in high availability */ - TSS LIST(STC) PROCNAME(&ZLNCHSTC.) PREFIX - TSS ADD(STC) PROCNAME(&ZLNCHSTC.) ACID(&ZOWEUSER.) - TSS ADD(&ZOWEUSER.) FAC(STC) + TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.zowe}.) PREFIX + TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.zowe}.) ACID({zowe.setup.security.users.zowe}.) + TSS ADD({zowe.setup.security.users.zowe}.) FAC(STC) /* started task for ZIS cross memory server */ - TSS LIST(STC) PROCNAME(&ZISSTC.) PREFIX - TSS ADD(STC) PROCNAME(&ZISSTC.) ACID(&ZISUSER.) - TSS ADD(&ZISUSER.) FAC(STC) + TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.zis}.) PREFIX + TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.zis}.) ACID({zowe.setup.security.users.zis}.) + TSS ADD({zowe.setup.security.users.zis}.) FAC(STC) /* started task for ZIS Auxiliary cross memory server */ - TSS LIST(STC) PROCNAME(&AUXSTC.) PREFIX - TSS ADD(STC) PROCNAME(&AUXSTC.) ACID(&ZISUSER.) - TSS ADD(&ZISUSER.) FAC(STC) + TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.aux}.) PREFIX + TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.aux}.) ACID({zowe.setup.security.users.zis}.) + TSS ADD({zowe.setup.security.users.zis}.) FAC(STC) /* DEFINE ZIS SECURITY RESOURCES ................................... */ @@ -745,7 +685,7 @@ $$ /* permit AUX STC to use ZIS cross memory server */ TSS WHOHAS IBMFAC(ZWES.IS) - TSS PERMIT(&ZISUSER.) IBMFAC(ZWES.IS) ACCESS(READ) + TSS PERMIT({zowe.setup.security.users.zis}.) IBMFAC(ZWES.IS) ACCESS(READ) #if($ibmTemplate != 'YES') /* The ZOWESTC started task is a multi-user address space therefore */ @@ -779,7 +719,7 @@ $$ /* permit Zowe main server to use ZIS cross memory server */ TSS WHOHAS IBMFAC(ZWES.IS) - TSS PERMIT(&ZOWEUSER.) IBMFAC(ZWES.IS) ACCESS(READ) + TSS PERMIT({zowe.setup.security.users.zowe}.) IBMFAC(ZWES.IS) ACCESS(READ) /* permit Zowe main server to create a user's security environment */ /* ATTENTION: Defining the BPX.DAEMON or BPX.SERVER profile makes */ @@ -789,37 +729,37 @@ $$ /* it on a production system. */ TSS ADD(&FACACID.) IBMFAC(BPX.) TSS WHOHAS IBMFAC(BPX.DAEMON) - TSS PER(&ZOWEUSER.) IBMFAC(BPX.DAEMON) ACCESS(UPDATE) + TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(BPX.DAEMON) ACCESS(UPDATE) TSS WHOHAS IBMFAC(BPX.SERVER) - TSS PER(&ZOWEUSER.) IBMFAC(BPX.SERVER) ACCESS(UPDATE) + TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(BPX.SERVER) ACCESS(UPDATE) /* permit Zowe main server to create a user's security environment */ /* comment out the following line if the OMVSAPPL is not defined */ /* in your environment */ -TSS PERMIT(&ZOWEUSER.) APPL(OMVSAPPL) +TSS PERMIT({zowe.setup.security.users.zowe}.) APPL(OMVSAPPL) /* Allow ZOWEUSER access to BPX.JOBNAME */ TSS WHOHAS IBMFAC(BPX.JOBNAME) - TSS PER(&ZOWEUSER.) IBMFAC(BPX.JOBNAME) ACCESS(READ) + TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(BPX.JOBNAME) ACCESS(READ) /* comment out to not use SUPERUSER.FILESYS, see JCL comments */ /* permit Zowe main server to write persistent data */ TSS ADD(&FACACID.) UNIXPRIV(SUPERUSE) TSS WHOHAS UNIXPRIV(SUPERUSER.FILESYS) - TSS PER(&ZOWEUSER.) UNIXPRIV(SUPERUSER.FILESYS) ACCESS(CONTROL) + TSS PER({zowe.setup.security.users.zowe}.) UNIXPRIV(SUPERUSER.FILESYS) ACCESS(CONTROL) /* permit Zowe main server to use client certificate mapping service */ TSS WHOHAS IBMFAC(IRR.RUSERMAP) - TSS PER(&ZOWEUSER.) IBMFAC(IRR.RUSERMAP) ACCESS(READ) + TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(IRR.RUSERMAP) ACCESS(READ) /* permit Zowe main server to use distributed identity mapping */ /* service TSS WHOHAS IBMFAC(IRR.IDIDMAP.QUERY) - TSS PER(&ZOWEUSER.) IBMFAC(IRR.IDIDMAP.QUERY) ACCESS(READ) + TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(IRR.IDIDMAP.QUERY) ACCESS(READ) /* permit Zowe main server to cut SMF records */ TSS WHOHAS IBMFAC(IRR.RAUDITX) - TSS PER(&ZOWEUSER.) IBMFAC(IRR.RAUDITX) ACCESS(READ) + TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(IRR.RAUDITX) ACCESS(READ) /* DEFINE ZOWE DATA SET PROTECTION ................................. */ @@ -827,15 +767,15 @@ TSS PERMIT(&ZOWEUSER.) APPL(OMVSAPPL) /* advised to protect it against updates. */ /* HLQ stub */ - TSS ADD(&ADMINDEP.) DATASET(&HLQ..) + TSS ADD(&ADMINDEP.) DATASET({zowe.setup.dataset.prefix}..) /* general data set protection */ - TSS WHOHAS DATASET(&HLQ.) - TSS PER(ALL) DATASET(&HLQ..) ACCESS(READ) - TSS PER(&SYSPROG) DATASET(&HLQ..) ACCESS(ALL) + TSS WHOHAS DATASET({zowe.setup.dataset.prefix}.) + TSS PER(ALL) DATASET({zowe.setup.dataset.prefix}..) ACCESS(READ) + TSS PER({zowe.setup.security.groups.sysProg}) DATASET({zowe.setup.dataset.prefix}..) ACCESS(ALL) /* show results */ - TSS WHOHAS DATASET(&HLQ.) + TSS WHOHAS DATASET({zowe.setup.dataset.prefix}.) /* DEFINE ZOWE RESOURCE PROTECTION ................................. */ From 3dff61f05da4838f46142352490e1f359cc7d098 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 23 Jan 2024 14:20:26 -0500 Subject: [PATCH 002/258] Added 2 more samplib contents to omit as not jcl Signed-off-by: 1000TurquoisePogs --- files/SZWEEXEC/ZWEGEN00 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/files/SZWEEXEC/ZWEGEN00 b/files/SZWEEXEC/ZWEGEN00 index 6c62c96e8d..60fff0aef9 100644 --- a/files/SZWEEXEC/ZWEGEN00 +++ b/files/SZWEEXEC/ZWEGEN00 @@ -185,10 +185,13 @@ end /* members which are not JCL */ x = DeleteDataSet(jclCopy'(ZWEGENER)') x = DeleteDataSet(jclCopy'(ZWESLSTC)') +x = DeleteDataSet(jclCopy'(ZWESASTC)') x = DeleteDataSet(jclCopy'(ZWESISTC)') x = DeleteDataSet(jclCopy'(ZWESIP00)') +x = DeleteDataSet(jclCopy'(ZWESIPRG)') x = DeleteDataSet(jclCopy'(ZWESISCH)') -x = DeleteDataSet(jclCopy'(ZWESASTC)') +x = DeleteDataSet(jclCopy'(ZWESECKG)') + say jcl' has been copied to 'jclCopy'.' From 64156d98a861fa11b53442d2daf3030d348652e9 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 29 Jan 2024 14:55:44 -0500 Subject: [PATCH 003/258] Add 'zwe init generate' for running ZWEGENER. Migrate init mvs logic to 'ZWEIMVS' JCL. Uncomment defaults in example-zowe.yaml for ZWEGENER success. Improve templates of ZWEKRING, ZWENOKYR, ZWENOSEC. Add zos-jes from PR 3135 for use in generate. Add dry-run mode to init mvs. Signed-off-by: 1000TurquoisePogs --- bin/commands/init/generate/.parameters | 1 + bin/commands/init/generate/cli.ts | 18 ++ bin/commands/init/generate/index.ts | 48 +++++ bin/commands/init/index.sh | 1 + bin/commands/init/mvs/.parameters | 1 + bin/commands/init/mvs/index.sh | 83 ++++----- bin/libs/zos-jes.ts | 152 ++++++++++++++++ example-zowe.yaml | 40 ++--- files/SZWESAMP/ZWEIMVS | 67 +++++++ files/SZWESAMP/ZWEKRING | 232 ++++++++++--------------- files/SZWESAMP/ZWENOKYR | 72 ++------ files/SZWESAMP/ZWENOSEC | 207 +++++++++------------- 12 files changed, 536 insertions(+), 386 deletions(-) create mode 100644 bin/commands/init/generate/.parameters create mode 100644 bin/commands/init/generate/cli.ts create mode 100644 bin/commands/init/generate/index.ts create mode 100644 bin/libs/zos-jes.ts create mode 100644 files/SZWESAMP/ZWEIMVS diff --git a/bin/commands/init/generate/.parameters b/bin/commands/init/generate/.parameters new file mode 100644 index 0000000000..e056f70374 --- /dev/null +++ b/bin/commands/init/generate/.parameters @@ -0,0 +1 @@ +dry-run||boolean|||||Prints out existing JCL templates but does not generate resolved JCL. diff --git a/bin/commands/init/generate/cli.ts b/bin/commands/init/generate/cli.ts new file mode 100644 index 0000000000..77c37779ae --- /dev/null +++ b/bin/commands/init/generate/cli.ts @@ -0,0 +1,18 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as std from 'cm_std'; +import * as index from './index'; +import * as configmgr from '../../../libs/configmgr'; + +index.execute(!!std.getenv('ZWE_CLI_PARAMETER_DRY_RUN')); + +configmgr.cleanupTempDir(); diff --git a/bin/commands/init/generate/index.ts b/bin/commands/init/generate/index.ts new file mode 100644 index 0000000000..bc667a57d2 --- /dev/null +++ b/bin/commands/init/generate/index.ts @@ -0,0 +1,48 @@ +/* +// This program and the accompanying materials are made available +// under the terms of the Eclipse Public License v2.0 which +// accompanies this distribution, and is available at +// https://www.eclipse.org/legal/epl-v20.html +// +// SPDX-License-Identifier: EPL-2.0 +// +// Copyright Contributors to the Zowe Project. +*/ + +import * as std from 'cm_std'; +import * as os from "cm_os"; +import * as xplatform from "xplatform"; +import * as fs from '../../../libs/fs'; +import * as config from '../../../libs/config'; +import * as common from '../../../libs/common'; +import * as zosFs from '../../../libs/zos-fs'; +import * as zosJes from '../../../libs/zos-jes'; + +export function execute(dryRun?: boolean) { + common.requireZoweYaml(); + const ZOWE_CONFIG=config.getZoweConfig(); + const tempFile = fs.createTmpFile(); + zosFs.copyMvsToUss(ZOWE_CONFIG.zowe.setup.dataset.prefix + 'SZWESAMP(ZWEGENER)', tempFile); + const jclContents = xplatform.loadFileUTF8(tempFile, xplatform.AUTO_DETECT); + os.remove(tempFile); + + common.printMessage(`Template JCL: ${ZOWE_CONFIG.zowe.setup.dataset.prefix + 'SZWESAMP(ZWEGENER)'}`); + common.printMessage('JCL content:'); + common.printMessage(jclContents); + + if (dryRun) { + common.printMessage('JCL not submitted, command run with dry run flag.'); + common.printMessage('To perform command, re-run command without dry run flag, or submit the JCL directly.'); + } else { //TODO can we generate just for one step, or no reason? + common.printMessage('Submitting Job ZWEGENER'); + const jobid = zosJes.submitJob(jclContents); + const result = zosJes.waitForJob(jobid); + common.printMessage(`Job completed with RC=${result.rc}`); + if (result.rc == 0) { + common.printMessage("Zowe JCL generated successfully"); + } else { + common.printMessage(`Zowe JCL generated with errors, check job log. Job completion code=${result.jobcccode}, Job completion text=${result.jobcctext}`); + } + // print if succesful + } +} diff --git a/bin/commands/init/index.sh b/bin/commands/init/index.sh index a2815f2b49..ea19713b18 100755 --- a/bin/commands/init/index.sh +++ b/bin/commands/init/index.sh @@ -87,6 +87,7 @@ else fi ############################### +zwecli_inline_execute_command init generate zwecli_inline_execute_command init mvs zwecli_inline_execute_command init vsam if [ "${ZWE_CLI_PARAMETER_SKIP_SECURITY_SETUP}" != "true" ]; then diff --git a/bin/commands/init/mvs/.parameters b/bin/commands/init/mvs/.parameters index 7d4e1ac58c..5182058f4b 100644 --- a/bin/commands/init/mvs/.parameters +++ b/bin/commands/init/mvs/.parameters @@ -1 +1,2 @@ allow-overwrite,allow-overwritten||boolean|||||Allow overwritten existing MVS data set. +dry-run||boolean|||||Generates and prints JCL but does not execute \ No newline at end of file diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index 7f1102c95d..65effbc77f 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -1,5 +1,4 @@ #!/bin/sh - ####################################################################### # This program and the accompanying materials are made available # under the terms of the Eclipse Public License v2.0 which @@ -15,10 +14,10 @@ print_level1_message "Initialize Zowe custom data sets" ############################### # constants -cust_ds_list="parmlib|Zowe parameter library|dsntype(library) dsorg(po) recfm(f b) lrecl(80) unit(sysallda) space(15,15) tracks -jcllib|Zowe JCL library|dsntype(library) dsorg(po) recfm(f b) lrecl(80) unit(sysallda) space(15,15) tracks -authLoadlib|Zowe authorized load library|dsntype(library) dsorg(po) recfm(u) lrecl(0) blksize(32760) unit(sysallda) space(30,15) tracks -authPluginLib|Zowe authorized plugin library|dsntype(library) dsorg(po) recfm(u) lrecl(0) blksize(32760) unit(sysallda) space(30,15) tracks" +cust_ds_list="parmlib|Zowe parameter library +jcllib|Zowe JCL library +authLoadlib|Zowe authorized load library +authPluginLib|Zowe authorized plugin library ############################### # validation @@ -30,13 +29,20 @@ if [ -z "${prefix}" ]; then print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 fi +jcllib_location=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") +does_jcl_exist=$(is_data_set_exists "${jcllib_location}(ZWEIMVS)") +if [ "${does_jcl_exist}" = "false" ]; then + print_error_and_exit "Error ZWEL0999E: ${jcllib_location}(ZWEIMVS) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 +fi + + + ############################### # create data sets if they do not exist print_message "Create data sets if they do not exist" while read -r line; do key=$(echo "${line}" | awk -F"|" '{print $1}') name=$(echo "${line}" | awk -F"|" '{print $2}') - spec=$(echo "${line}" | awk -F"|" '{print $3}') # read def and validate ds=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.${key}") @@ -59,56 +65,41 @@ while read -r line; do # warning print_message "Warning ZWEL0301W: ${ds} already exists and will not be overwritten. For upgrades, you must use --allow-overwrite." fi - else - print_message "Creating ${ds}" - create_data_set "${ds}" "${spec}" - if [ $? -ne 0 ]; then - print_error_and_exit "Error ZWEL0111E: Command aborts with error." "" 111 - fi fi done <&1`); + if (catResult.rc != 0) { + common.printTrace(` * Failed`); + common.printTrace(` * Exit code: ${catResult.rc}`); + common.printTrace(` * Output:`); + common.printTrace(stringlib.paddingLeft(catResult.out, " ")); + return undefined; + } + else { + common.printTrace(stringlib.paddingLeft(catResult.out, " ")); + } + + const result=shell.execOutSync('sh', '-c', `submit "${jclFile}" 2>&1`); + // expected: JOB JOB????? submitted from path '...' + const code=result.rc; + if (code==0) { + let jobidlines = result.out.split('\n').filter(line=>line.indexOf('submitted')!=-1); + const jobid = jobidlines.length > 0 ? jobidlines[0].split(' ')[1] : undefined; + if (!jobid) { + common.printDebug(` * Failed to find job ID`); + common.printError(` * Exit code: ${code}`); + common.printError(` * Output:`); + if (result.out) { + common.printError(stringlib.paddingLeft(result.out, " ")); + } + return undefined; + } else { + common.printDebug(` * Succeeded with job ID ${jobid}`); + common.printTrace(` * Exit code: ${code}`); + common.printTrace(` * Output:`); + if (result.out) { + common.printTrace(stringlib.paddingLeft(result.out, " ")); + } + return jobid; + } + } else { + common.printDebug(` * Failed`); + common.printError(` * Exit code: ${code}`); + common.printError(` * Output:`); + if (result.out) { + common.printError(stringlib.paddingLeft(result.out, " ")); + } + + return undefined; + } +} + +export function waitForJob(jobid: string): {jobcctext?: string, jobcccode?: string, jobid?: string, jobname?: string, rc: number} { + let jobstatus; + let jobname; + let jobcctext; + let jobcccode; + let is_jes3; + + common.printDebug(`- Wait for job ${jobid} completed, starting at ${new Date().toString()}.`); + // wait for job to finish + const timesSec = [1, 5, 10, 30, 100, 300, 500]; + for (let i = 0; i < timesSec.length; i++) { + jobcctext = undefined; + jobcccode = undefined; + jobname = undefined; + is_jes3 = false; + const secs = timesSec[i]; + common.printTrace(` * Wait for ${secs} seconds`); + os.sleep(secs*1000); + + let result=zoslib.operatorCommand(`\\$D ${jobid},CC`); + // if it's JES3, we receive this: + // ... ISF031I CONSOLE IBMUSER ACTIVATED + // ... -$D JOB00132,CC + // ... IBMUSER7 IEE305I $D COMMAND INVALID + is_jes3=result.out ? result.out.match(new RegExp('\$D \+COMMAND INVALID')) : false; + if (is_jes3) { + common.printDebug(` * JES3 identified`); + const show_jobid=jobid.substring(3); + result=zoslib.operatorCommand(`*I J=${show_jobid}`); + // $I J= gives ... + // ... -*I J=00132 + // ... JES3 IAT8674 JOB BPXAS (JOB00132) P=15 CL=A OUTSERV(PENDING WTR) + // ... JES3 IAT8699 INQUIRY ON JOB STATUS COMPLETE, 1 JOB DISPLAYED + try { + jobname=result.out.split('\n').filter(line=>line.indexOf('IAT8674') != -1)[0].replace(new RegExp('^.*IAT8674 *JOB *', 'g'), '').split(' ')[0]; + } catch (e) { + + } + break; + } else { + // $DJ gives ... + // ... $HASP890 JOB(JOB1) CC=(COMPLETED,RC=0) <-- accept this value + // ... $HASP890 JOB(GIMUNZIP) CC=() <-- reject this value + try { + const jobline = result.out.split('\n').filter(line => line.indexOf('$HASP890') != -1)[0]; + const nameIndex = jobline.indexOf('JOB('); + const ccIndex = jobline.indexOf('CC=('); + jobname = jobline.substring(nameIndex+4, jobline.indexOf(')', nameIndex)); + const cc = jobline.substring(ccIndex+4, jobline.indexOf(')', ccIndex)).split(','); + jobcctext = cc[0]; + if (cc.length > 1) { + const equalSplit = cc[1].split('='); + if (equalSplit.length > 1) { + jobcccode = equalSplit[1]; + } + } + common.printTrace(` * Job (${jobname}) status is ${jobcctext},RC=${jobcccode}`); + if ((jobcctext && jobcctext.length > 0) || (jobcccode && jobcccode.length > 0)) { + // job have CC state + break; + } + } catch (e) { + break; + } + } + } + common.printTrace(` * Job status check done at ${new Date().toString()}.`); + + if (jobcctext || jobcccode) { + common.printDebug(` * Job (${jobname}) exits with code ${jobcccode} (${jobcctext}).`); + if (jobcccode == "0") { + return {jobcctext, jobcccode, jobname, rc: 0}; + } else { + // ${jobcccode} could be greater than 255 + return {jobcctext, jobcccode, jobname, rc: 2}; + } + } else if (is_jes3) { + common.printTrace(` * Cannot determine job complete code. Please check job log manually.`); + return {jobcctext, jobcccode, jobname, rc: 0}; + } else { + common.printError(` * Job (${jobname? jobname : jobid}) doesn't finish within max waiting period.`); + return {jobcctext, jobcccode, jobname, rc: 1}; + } +} diff --git a/example-zowe.yaml b/example-zowe.yaml index 985028b19d..9fbd556c19 100644 --- a/example-zowe.yaml +++ b/example-zowe.yaml @@ -181,27 +181,27 @@ zowe: # # keyring name # name: ZoweKeyring # # **COMMONLY_CUSTOMIZED** - # # # Label of Zowe certificate. Optional, default value is localhost. - # # label: localhost + # # Label of Zowe certificate. Optional, default value is localhost. + # label: localhost # # **COMMONLY_CUSTOMIZED** - # # # label of Zowe CA certificate. Optional, default value is localca. - # # caLabel: localca - # # # Distinguished name for Zowe generated certificates. All optional. - # # dname: - # # caCommonName: "" - # # commonName: "Zowe Development Instances" - # # orgUnit: "API Mediation Layer" - # # org: "Zowe Sample" - # # locality: "Prague" - # # state: "Prague" - # # country: "" - # # # Validity days for Zowe generated certificates - # # validity: 3650 - # # # Domain names and IPs should be added into certificate SAN - # # # If this field is not defined, `zwe init` command will use - # # # `zowe.externalDomains`. - # # # **NOTE**: due to the limitation of RACDCERT command, this field should - # # # contain exactly 2 entries with the domain name and IP address. + # # label of Zowe CA certificate. Optional, default value is localca. + # caLabel: localca + # # Distinguished name for Zowe generated certificates. All optional. + # dname: + # caCommonName: "" + # commonName: "Zowe Development Instances" + # orgUnit: "API Mediation Layer" + # org: "Zowe Sample" + # locality: "Prague" + # state: "Prague" + # country: "CZ" + # # Validity days for Zowe generated certificates + # validity: 3650 + # # Domain names and IPs should be added into certificate SAN + # # If this field is not defined, `zwe init` command will use + # # `zowe.externalDomains`. + # # **NOTE**: due to the limitation of RACDCERT command, this field should + # # contain exactly 2 entries with the domain name and IP address. # # san: # # - dvipa.my-company.com # # - 12.34.56.78 diff --git a/files/SZWESAMP/ZWEIMVS b/files/SZWESAMP/ZWEIMVS new file mode 100644 index 0000000000..2940c66685 --- /dev/null +++ b/files/SZWESAMP/ZWEIMVS @@ -0,0 +1,67 @@ +//ZWEIMVS JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* +//MKPARML EXEC PGM=IKJEFT01 +//SYSTSPRT DD SYSOUT=A +//SYSTSIN DD * +ALLOC NEW DA('{zowe.setup.dataset.parmlib}') + +dsntype(library) dsorg(po) recfm(f b) lrecl(80) + +unit(sysallda) space(15,15) tracks +//* +//MKJCLL EXEC PGM=IKJEFT01 +//SYSTSPRT DD SYSOUT=A +//SYSTSIN DD * +ALLOC NEW DA('{zowe.setup.dataset.jcllib}') + +dsntype(library) dsorg(po) recfm(f b) lrecl(80) + +unit(sysallda) space(15,15) tracks +//* +//MKAUTHL EXEC PGM=IKJEFT01 +//SYSTSPRT DD SYSOUT=A +//SYSTSIN DD * +ALLOC NEW DA('{zowe.setup.dataset.authLoadLib}') + +dsntype(library) dsorg(po) recfm(u) lrecl(0) + +blksize(32760) unit(sysallda) space(30,15) tracks +//* +//MKAUTHP EXEC PGM=IKJEFT01 +//SYSTSPRT DD SYSOUT=A +//SYSTSIN DD * +ALLOC NEW DA('{zowe.setup.dataset.authPluginLib}') + +dsntype(library) dsorg(po) recfm(u) lrecl(0) + +blksize(32760) unit(sysallda) space(30,15) tracks +//* +//MCOPY1 EXEC PGM=IEBCOPY +//SYSPRINT DD SYSOUT=A +//SYSUT1 DD DSN={zowe.setup.dataset.prefix}.SZWESAMP,DISP=SHR +//SYSUT2 DD DSN={zowe.setup.dataset.jcllib},DISP=OLD +//SYSIN DD * + COPY OUTDD=SYSUT2,INDD=SYSUT1 + SELECT MEMBER=(ZWESIP00) +//* +//AUTHCPY EXEC PGM=BPXBATCH +//BPXPRINT DD SYSOUT=* +//STDOUT DD SYSOUT=* +//STDERR DD SYSOUT=* +//STDPARM DD * +SH cd {zowe.runtimeDirectory} && +cd components/zss && +cp LOADLIB/ZWESIS01 +"//'{zowe.setup.dataset.authLoadLib}(ZWESIS01)'" && +cp LOADLIB/ZWESAUX +"//'{zowe.setup.dataset.authLoadLib}(ZWESAUX)'" && +cp LOADLIB/ZWESISDL +"//'{zowe.setup.dataset.authLoadLib}(ZWESISDL)'" && +cd ../launcher/bin && +cp zowe_launcher +"//'{zowe.setup.dataset.authLoadLib}(ZWELNCH)'" +/* diff --git a/files/SZWESAMP/ZWEKRING b/files/SZWESAMP/ZWEKRING index e317389816..d7cf125975 100644 --- a/files/SZWESAMP/ZWEKRING +++ b/files/SZWESAMP/ZWEKRING @@ -43,57 +43,33 @@ //* 1) Add job name and job parameters to the JOB statement, to //* meet your system requirements. //* -//* 3) Update the SET ZOWEUSER= statement to match the existing -//* user ID for the Zowe started task. -//* -//* 4) Update the SET ZOWERING= statement to match the desired -//* name of the keyring owned by the &ZOWEUSER user ID. -//* -//* 5) Specify the option number which is suitable for your +//* 2) Specify the option number which is suitable for your //* environment by the SET OPTION statement. //* Option 1 considers as default option. -//* -//* 6) Update the SET LABEL= statement with the name of the Zowe -//* certificate that will be defined, or added to the security -//* database or if that is already stored in the security database. -//* -//* 7) Specify the distinguished name of the Zowe's local CA by -//* updating the SET statements CN=, OU=, O=, L=, SP=, C=, and -//* LOCALCA=. -//* -//* 8) Update the SET HOSTNAME= variable to match the hostname where -//* Zowe is to run. -//* -//* 9) Update the SET IPADDRES= variable to match the IP address +//* 3) Update the SET IPADDRES= variable to match the IP address //* where Zowe is to run. //* -//* 10) Update the SET DSNAME= statement if you plan to add the Zowe -//* certificate from a data set in PKCS12 format. -//* -//* 11) Update the SET PKCSPASS= statement to match the password for -//* the PKCS12 data set. -//* -//* 12) If you have external certificate authorities for ITRMZWCA +//* 4) If you have external certificate authorities for ITRMZWCA //* and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. //* -//* 13) Update the SET ITRMZWCA= variable to match the intermediate +//* 5) Update the SET ITRMZWCA= variable to match the intermediate //* CA of the Zowe certificate. It is only applicable if Zowe //* certificate signed by a recognized certificate authority (CA). //* -//* 14) Update the SET ROOTZWCA= variable to match the root CA of the +//* 6) Update the SET ROOTZWCA= variable to match the root CA of the //* Zowe certificate. It is only applicable if Zowe certificate //* signed by a recognized certificate authority (CA). //* -//* 15) If you enable VERIFY_CERTIFICATES or +//* 7) If you enable VERIFY_CERTIFICATES or //* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set //* IFROZFCA to 1 to connect z/OSMF certificate authority to //* Zowe keyring. Otherwise set to 0. //* -//* 16) Update the SET ROOTZFCA= variable to match the root CA of the +//* 8) Update the SET ROOTZFCA= variable to match the root CA of the //* z/OSMF certificate. It is only applicable if z/OSMF //* certificate signed by a recognized certificate authority (CA). //* -//* 17) Customize the commands in the DD statement that matches your +//* 9) Customize the commands in the DD statement that matches your //* security product so that they meet your system requirements. //* //* Note(s): @@ -114,33 +90,12 @@ //********************************************************************* // EXPORT SYMLIST=* //* -// SET ZOWEUSER=ZWESVUSR * userid for Zowe started task -//* 12345678 -//* -//* * Keyring for the Zowe userid -// SET ZOWERING='ZoweKeyring' //* * Option number to configure Zowe certificate //* * Valid options: 1,2,3 //* * Default option is 1 // SET OPTION=1 -//* * Zowe's certificate label -// SET LABEL='localhost' -//* * Zowe's local CA name -// SET LOCALCA='localca' -//* * Zowe's local CA organizational unit -// SET OU='API Mediation Layer' -//* * Zowe's local CA state/province -// SET SP='Prague' -//* * Zowe's local CA country -// SET C='CZ' -//* * Hostname of the system where Zowe is to run -// SET HOSTNAME='' //* * IP address of the system where Zowe is to run // SET IPADDRES='' -//* * Name of the data set containing Zowe's certificate (PKCS12) -// SET DSNAME= -//* * Password for the PKCS12 data set -// SET PKCSPASS='' //* * If you have external certificate authorities for ITRMZWCA //* * and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. // SET IFZOWECA=0 @@ -158,13 +113,6 @@ //* applicable // SET ROOTZFCA='' //* -//* ACF2 ONLY - - - - - - - - - - - - - - - - - -//* 12345678 -// SET STCGRP= * group for Zowe started tasks -//* 12345678 -//* -//* end ACF2 ONLY - - - - - - - - - - - - - - - - -//* //********************************************************************* //* //* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT @@ -180,7 +128,7 @@ //RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Create the keyring .............................................. */ - RACDCERT ADDRING({zowe.setup.certificate.keyring.name}.) ID(&ZOWEUSER.) + RACDCERT ADDRING({zowe.setup.certificate.keyring.name}.) ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(DIGTRING) REFRESH $$ //IFOPT1 IF (&OPTION EQ 1) THEN @@ -198,40 +146,40 @@ $$ O('{zowe.setup.certificate.dname.org}.') + L('{zowe.setup.certificate.dname.locality}.') + SP('{zowe.setup.certificate.dname.state}.') + - C('&C.')) + + C('{zowe.setup.certificate.dname.country}.')) + SIZE(2048) + NOTAFTER(DATE(2030-05-01)) + - WITHLABEL('&LOCALCA') + + WITHLABEL('{zowe.setup.certificate.keyring.caLabel}') + KEYUSAGE(CERTSIGN) /* Connect Zowe's local CA authority to the keyring ................ */ - RACDCERT CONNECT(CERTAUTH LABEL('&LOCALCA') + + RACDCERT CONNECT(CERTAUTH LABEL('{zowe.setup.certificate.keyring.caLabel}') + RING({zowe.setup.certificate.keyring.name}.)) + - ID(&ZOWEUSER.) + ID({zowe.setup.security.users.zowe}.) /* Create a certificate signed by local zowe's CA .................. */ - RACDCERT GENCERT ID(&ZOWEUSER.) + + RACDCERT GENCERT ID({zowe.setup.security.users.zowe}.) + SUBJECTSDN( + CN('{zowe.setup.certificate.dname}. certificate') + OU('{zowe.setup.certificate.dname.orgUnit}.') + O('{zowe.setup.certificate.dname.org}.') + L('{zowe.setup.certificate.dname.locality}.') + SP('{zowe.setup.certificate.dname.state}.') + - C('&C.')) + + C('{zowe.setup.certificate.dname.country}.')) + SIZE(2048) + NOTAFTER(DATE(2030-05-01)) + - WITHLABEL('&LABEL.') + + WITHLABEL('{zowe.setup.certificate.keyring.label}.') + KEYUSAGE(HANDSHAKE) + ALTNAME(IP(&IPADDRES) + - DOMAIN('&HOSTNAME')) + - SIGNWITH(CERTAUTH LABEL('&LOCALCA')) + DOMAIN('{zowe.externalDomains[0]}')) + + SIGNWITH(CERTAUTH LABEL('{zowe.setup.certificate.keyring.caLabel}')) /* Connect a Zowe's certificate with the keyring ................... */ - RACDCERT CONNECT(ID(&ZOWEUSER.) + - LABEL('&LABEL.') + + RACDCERT CONNECT(ID({zowe.setup.security.users.zowe}.) + + LABEL('{zowe.setup.certificate.keyring.label}.') + RING({zowe.setup.certificate.keyring.name}.) + USAGE(PERSONAL) DEFAULT) + - ID(&ZOWEUSER.) + ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH @@ -247,11 +195,11 @@ $$ /* Option 2 - BEGINNING ............................................ */ /* Connect a Zowe's certificate with the keyring ................... */ - RACDCERT CONNECT(SITE | ID(userid) + - LABEL('certlabel') + + RACDCERT CONNECT(SITE | ID({zowe.setup.certificate.keyring.connect.user}) + + LABEL({zowe.setup.certificate.keyring.connect.label}) + RING({zowe.setup.certificate.keyring.name}.) + USAGE(PERSONAL) DEFAULT) + - ID(&ZOWEUSER.) + ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH @@ -267,18 +215,18 @@ $$ /* Option 3 - BEGINNING ............................................ */ /* Import external certificate from data set ....................... */ - RACDCERT ADD('&DSNAME.') + - ID(&ZOWEUSER.) + - WITHLABEL('&LABEL.') + - PASSWORD('&PKCSPASS.') + + RACDCERT ADD('{zowe.setup.certificate.keyring.import.dsName}.') + + ID({zowe.setup.security.users.zowe}.) + + WITHLABEL('{zowe.setup.certificate.keyring.label}') + + PASSWORD('{zowe.setup.certificate.keyring.import.password}.') + TRUST /* Connect a Zowe's certificate with the keyring ................... */ - RACDCERT CONNECT(ID(&ZOWEUSER.) + - LABEL('&LABEL.') + + RACDCERT CONNECT(ID({zowe.setup.security.users.zowe}.) + + LABEL('{zowe.setup.certificate.keyring.label}') + RING({zowe.setup.certificate.keyring.name}.) + USAGE(PERSONAL) DEFAULT) + - ID(&ZOWEUSER.) + ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH @@ -297,12 +245,12 @@ $$ RACDCERT CONNECT(CERTAUTH + LABEL('&ITRMZWCA.') + RING({zowe.setup.certificate.keyring.name}.) USAGE(CERTAUTH)) + - ID(&ZOWEUSER.) + ID({zowe.setup.security.users.zowe}.) RACDCERT CONNECT(CERTAUTH + LABEL('&ROOTZWCA.') + RING({zowe.setup.certificate.keyring.name}.) USAGE(CERTAUTH)) + - ID(&ZOWEUSER.) + ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH $$ @@ -319,7 +267,7 @@ $$ RACDCERT CONNECT(CERTAUTH + LABEL('&ROOTZFCA.') + RING({zowe.setup.certificate.keyring.name}.) USAGE(CERTAUTH)) + - ID(&ZOWEUSER.) + ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH $$ @@ -339,15 +287,15 @@ $$ SETROPTS CLASSACT(RDATALIB) RACLIST(RDATALIB) /* Define profiles that control certificate access ................. */ - RDEFINE RDATALIB &ZOWEUSER..{zowe.setup.certificate.keyring.name}..LST UACC(NONE) + RDEFINE RDATALIB {zowe.setup.security.users.zowe}..{zowe.setup.certificate.keyring.name}..LST UACC(NONE) /* Permit server user ID to access key ring and related ............ */ /* private keys. ................................................... */ - PERMIT &ZOWEUSER..{zowe.setup.certificate.keyring.name}..LST CLASS(RDATALIB) ID(&ZOWEUSER.) + + PERMIT {zowe.setup.security.users.zowe}..{zowe.setup.certificate.keyring.name}..LST CLASS(RDATALIB) ID({zowe.setup.security.users.zowe}.) + ACCESS(CONTROL) /* Uncomment this command to allow other user to access key ring ... */ -/* PERMIT &ZOWEUSER..{zowe.setup.certificate.keyring.name}..LST CLASS(RDATALIB) ID() + */ +/* PERMIT {zowe.setup.security.users.zowe}..{zowe.setup.certificate.keyring.name}..LST CLASS(RDATALIB) ID() + */ /* ACCESS(READ) */ /* Refresh to dynamically activate the changes. .................... */ @@ -359,25 +307,25 @@ $$ /* continue using their existing IRR.DIGTCERT setup. Note that the . */ /* PERMIT commands will fail if the IRR.DIGTCERT profiles do not ... */ /* already exist. .................................................. */ - PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) ID(&ZOWEUSER.) + + PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) ID({zowe.setup.security.users.zowe}.) + ACCESS(READ) - PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) ID(&ZOWEUSER.) + + PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) ID({zowe.setup.security.users.zowe}.) + ACCESS(READ) /* Uncomment this command if SITE user owns the Zowe certificate ... */ -/* PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) ID(&ZOWEUSER.) + */ +/* PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) ID({zowe.setup.security.users.zowe}.) + */ /* ACCESS(CONTROL) */ SETROPTS RACLIST(FACILITY) REFRESH /* show results .................................................... */ - RLIST RDATALIB &ZOWEUSER..{zowe.setup.certificate.keyring.name}..LST ALL + RLIST RDATALIB {zowe.setup.security.users.zowe}..{zowe.setup.certificate.keyring.name}..LST ALL RLIST FACILITY IRR.DIGTCERT.LISTRING ALL RLIST FACILITY IRR.DIGTCERT.LIST ALL RLIST FACILITY IRR.DIGTCERT.GENCERT ALL /* List the keyring ................................................ */ - RACDCERT LISTRING({zowe.setup.certificate.keyring.name}.) ID(&ZOWEUSER.) + RACDCERT LISTRING({zowe.setup.certificate.keyring.name}.) ID({zowe.setup.security.users.zowe}.) /* Common part - END ............................................... */ /* only the last RC is returned, this command ensures it is a 0 .... */ @@ -397,7 +345,7 @@ ACF // * Create the keyring .............................................. */ SET PROFILE(USER) DIVISION(KEYRING) - INSERT &ZOWEUSER..ZOWERING RINGNAME({zowe.setup.certificate.keyring.name}.) + INSERT {zowe.setup.security.users.zowe}..ZOWERING RINGNAME({zowe.setup.certificate.keyring.name}.) F ACF2,REBUILD(USR),CLASS(P),DIVISION(KEYRING) $$ //IFOPT1 IF (&OPTION EQ 1) THEN @@ -410,43 +358,43 @@ ACF * Option 1 - Default Option - BEGINNING ........................... */ * Create Zowe's local CA authority ................................ */ SET PROFILE(USER) DIVISION(CERTDATA) - GENCERT CERTAUTH.ZOWECA LABEL(&LOCALCA) SIZE(2048) - + GENCERT CERTAUTH.ZOWECA LABEL({zowe.setup.certificate.keyring.caLabel}) SIZE(2048) - SUBJSDN(CN='{zowe.setup.certificate.dname}. CA' - OU='{zowe.setup.certificate.dname.orgUnit}.' - O='{zowe.setup.certificate.dname.org}.' - L='{zowe.setup.certificate.dname.locality}.' - SP='{zowe.setup.certificate.dname.state}.' - - C='&C.') - + C='{zowe.setup.certificate.dname.country}.') - EXPIRE(05/01/30) - KEYUSAGE(CERTSIGN) * * Connect Zowe's local CA authority to the keyring ................ */ SET PROFILE(USER) DIVISION(CERTDATA) CONNECT CERTDATA(CERTAUTH.ZOWECA) RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING(&ZOWEUSER..ZOWERING) USAGE(CERTAUTH) + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) CHKCERT CERTAUTH.ZOWECA * * Create a certificate signed by local zowe's CA .................. */ SET PROFILE(USER) DIV(CERTDATA) - GENCERT &ZOWEUSER..ZOWECERT - + GENCERT {zowe.setup.security.users.zowe}..ZOWECERT - SUBJSDN(CN='{zowe.setup.certificate.dname}. certificate' - OU='{zowe.setup.certificate.dname.orgUnit}.' - O='{zowe.setup.certificate.dname.org}.' - L='{zowe.setup.certificate.dname.locality}.' - SP='{zowe.setup.certificate.dname.state}.' - - C='&C.') - + C='{zowe.setup.certificate.dname.country}.') - SIZE(2048) - EXPIRE(05/01/30) - - LABEL(&LABEL.) - + LABEL({zowe.setup.certificate.keyring.label}.) - KEYUSAGE(HANDSHAKE) - - ALTNAME(IP=&IPADDRES DOMAIN=&HOSTNAME) - + ALTNAME(IP=&IPADDRES DOMAIN={zowe.externalDomains[0]}) - SIGNWITH(CERTAUTH.ZOWECA) * * Connect a Zowe's certificate with the keyring ................... */ SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA(&ZOWEUSER..ZOWECERT) - - KEYRING(&ZOWEUSER..ZOWERING) USAGE(PERSONAL) DEFAULT - CHKCERT &ZOWEUSER..ZOWECERT + CONNECT CERTDATA({zowe.setup.security.users.zowe}..ZOWECERT) - + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(PERSONAL) DEFAULT + CHKCERT {zowe.setup.security.users.zowe}..ZOWECERT * * Option 1 - Default Option - END ................................. */ $$ @@ -463,8 +411,8 @@ ACF * Connect a Zowe's certificate with the keyring ................... */ SET PROFILE(USER) DIVISION(CERTDATA) CONNECT CERTDATA(SITECERT.digicert | userid.digicert) - - KEYRING(&ZOWEUSER..ZOWERING) USAGE(PERSONAL) DEFAULT - CHKCERT &ZOWEUSER..ZOWECERT + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(PERSONAL) DEFAULT + CHKCERT {zowe.setup.security.users.zowe}..ZOWECERT * * Option 2 - END .................................................. */ $$ @@ -480,17 +428,17 @@ ACF * Option 3 - BEGINNING ............................................ */ * Import external certificate from data set ....................... */ SET PROFILE(USER) DIV(CERTDATA) - INSERT &ZOWEUSER..ZOWECERT - - DSNAME('&DSNAME.') - + INSERT {zowe.setup.security.users.zowe}..ZOWECERT - + DSNAME('{zowe.setup.certificate.keyring.import.dsName}.') - LABEL(&LABEL.) - - PASSWORD('&PKCSPASS.') - + PASSWORD('{zowe.setup.certificate.keyring.import.password}.') - TRUST * * Connect a Zowe's certificate with the keyring ................... */ SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA(&ZOWEUSER..ZOWECERT) - - KEYRING(&ZOWEUSER..ZOWERING) USAGE(PERSONAL) DEFAULT - CHKCERT &ZOWEUSER..ZOWECERT + CONNECT CERTDATA({zowe.setup.security.users.zowe}..ZOWECERT) - + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(PERSONAL) DEFAULT + CHKCERT {zowe.setup.security.users.zowe}..ZOWECERT * * Option 3 - END .................................................. */ $$ @@ -507,10 +455,10 @@ ACF * keyring ......................................................... */ SET PROFILE(USER) DIVISION(CERTDATA) CONNECT CERTDATA(CERTAUTH.&ITRMZWCA.) RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING(&ZOWEUSER..ZOWERING) USAGE(CERTAUTH) + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) * CONNECT CERTDATA(CERTAUTH.&ROOTZWCA.) RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING(&ZOWEUSER..ZOWERING) USAGE(CERTAUTH) + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) $$ //IFZWCAED ENDIF //* @@ -525,7 +473,7 @@ ACF * authority (CA) with the keyring ................................. */ SET PROFILE(USER) DIVISION(CERTDATA) CONNECT CERTDATA(CERTAUTH.&ROOTZFCA.) RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING(&ZOWEUSER..ZOWERING) USAGE(CERTAUTH) + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) $$ //IFZFCAED ENDIF //* @@ -539,18 +487,18 @@ ACF * * Allow ZOWEUSER to access keyring ................................ */ SET RESOURCE(FAC) - RECKEY IRR ADD(DIGTCERT.LISTRING ROLE(&STCGRP) - + RECKEY IRR ADD(DIGTCERT.LISTRING ROLE({zowe.setup.security.groups.stc}) - SERVICE(READ) ALLOW) * * Uncomment this command if SITE acid owns the Zowe certificate ... */ -* RECKEY IRR ADD(DIGTCERT.GENCERT ROLE(&STCGRP) - +* RECKEY IRR ADD(DIGTCERT.GENCERT ROLE({zowe.setup.security.groups.stc}) - * SERVICE(CONTROL) ALLOW) * F ACF2,REBUILD(FAC) * * List the keyring ................................................ */ SET PROFILE(USER) DIVISION(KEYRING) - LIST &ZOWEUSER..ZOWERING + LIST {zowe.setup.security.users.zowe}..ZOWERING * Common part - END ............................................... */ $$ //******************************************************************** @@ -565,7 +513,7 @@ $$ //TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Create the keyring .............................................. */ - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) $$ //IFOPT1 IF (&OPTION EQ 1) THEN //RUNOPT1 EXEC PGM=IKJEFT01,REGION=0M @@ -582,18 +530,18 @@ $$ O="{zowe.setup.certificate.dname.org}." + L="{zowe.setup.certificate.dname.locality}." + SP="{zowe.setup.certificate.dname.state}." + - C="&C." ') + + C="{zowe.setup.certificate.dname.country}." ') + KEYSIZE(2048) + NADATE(05/01/30) + - LABLCERT(&LOCALCA) + + LABLCERT({zowe.setup.certificate.keyring.caLabel}) + KEYUSAGE('CERTSIGN') /* Connect Zowe's local CA authority to the keyring ................ */ - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + RINGDATA(CERTAUTH,ZOWECA) /* Create a certificate signed by local zowe's CA .................. */ - TSS GENCERT(&ZOWEUSER.) + + TSS GENCERT({zowe.setup.security.users.zowe}.) + DIGICERT(ZOWECERT) + SUBJECTN( + 'CN="{zowe.setup.certificate.dname}. certificate" + @@ -601,17 +549,17 @@ $$ O="{zowe.setup.certificate.dname.org}." + L="{zowe.setup.certificate.dname.locality}." + SP="{zowe.setup.certificate.dname.state}." + - C="&C." ') + + C="{zowe.setup.certificate.dname.country}." ') + KEYSIZE(2048) + NADATE(05/01/30) + - LABLCERT(&LABEL.) + + LABLCERT({zowe.setup.certificate.keyring.label}.) + KEYUSAGE('HANDSHAKE') + - ALTNAME('DOMAIN=&HOSTNAME') + + ALTNAME('DOMAIN={zowe.externalDomains[0]}') + SIGNWITH(CERTAUTH,ZOWECA) /* Connect a Zowe's certificate with the keyring ................... */ - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) + - RINGDATA(&ZOWEUSER.,ZOWECERT) + + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + RINGDATA({zowe.setup.security.users.zowe}.,ZOWECERT) + USAGE(PERSONAL) DEFAULT /* Option 1 - Default Option - END ................................. */ @@ -626,7 +574,7 @@ $$ /* Option 2 - BEGINNING ............................................ */ /* Connect a Zowe's certificate with the keyring ................... */ - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) + + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + RINGDATA(CERTSITE|userid,digicert) + USAGE(PERSONAL) DEFAULT @@ -642,16 +590,16 @@ $$ /* Option 3 - BEGINNING ............................................ */ /* Import external certificate from data set ....................... */ - TSS ADD(&ZOWEUSER.) + + TSS ADD({zowe.setup.security.users.zowe}.) + DIGICERT(ZOWECERT) + - DCDSN(&DSNAME.) + - LABLCERT(&LABEL.) + - PKCSPASS('&PKCSPASS.') + + DCDSN({zowe.setup.certificate.keyring.import.dsName}.) + + LABLCERT({zowe.setup.certificate.keyring.label}.) + + PKCSPASS('{zowe.setup.certificate.keyring.import.password}.') + TRUST /* Connect a Zowe's certificate with the keyring ................... */ - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) + - RINGDATA(&ZOWEUSER.,ZOWECERT) + + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + RINGDATA({zowe.setup.security.users.zowe}.,ZOWECERT) + USAGE(PERSONAL) DEFAULT /* Option 3 - END .................................................. */ @@ -666,10 +614,10 @@ $$ /* Connect all CAs of the Zowe certificate's signing chain with the */ /* keyring ......................................................... */ - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + RINGDATA(CERTAUTH,&ITRMZWCA.) USAGE(CERTAUTH) - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + RINGDATA(CERTAUTH,&ROOTZWCA.) USAGE(CERTAUTH) $$ //IFZWCAED ENDIF @@ -682,7 +630,7 @@ $$ /* Connect the z/OSMF root CA signed by a recognized certificate ... */ /* authority (CA) with the keyring ................................. */ - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + RINGDATA(CERTAUTH,&ROOTZFCA.) USAGE(CERTAUTH) $$ //IFZFCAED ENDIF @@ -695,13 +643,13 @@ $$ /* A common part for all options starts here ....................... */ /* Allow ZOWEUSER to access keyring ................................ */ - TSS PERMIT(&ZOWEUSER.) IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) + TSS PERMIT({zowe.setup.security.users.zowe}.) IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) /* Uncomment this command if SITE acid owns the Zowe certificate ... */ -/* TSS PERMIT(&ZOWEUSER.) IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) +/* TSS PERMIT({zowe.setup.security.users.zowe}.) IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) /* List the keyring ................................................ */ - TSS LIST(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + TSS LIST({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) /* Common part - END ............................................... */ /* only the last RC is returned, this command ensures it is a 0 */ diff --git a/files/SZWESAMP/ZWENOKYR b/files/SZWESAMP/ZWENOKYR index 6f990e9fac..b7ba95b2b4 100644 --- a/files/SZWESAMP/ZWENOKYR +++ b/files/SZWESAMP/ZWENOKYR @@ -22,22 +22,7 @@ //* 1) Add job name and job parameters to the JOB statement, to //* meet your system requirements. //* -//* 2) Update the SET PRODUCT= statement to match your security -//* product. -//* -//* 3) Update the SET ZOWEUSER= statement to match the existing -//* user ID for the Zowe started task. -//* -//* 4) Update the SET ZOWERING= statement to match the desired -//* name of the keyring owned by the &ZOWEUSER user ID. -//* -//* 5) Update the SET LABEL= statement with the name of the Zowe -//* certificate that will be added to the security database or -//* that is already stored in the security database. -//* -//* 6) Specify the Zowe's local CA by updating the SET LOCALCA= -//* -//* 7) Customize the commands in the DD statement that matches your +//* 2) Customize the commands in the DD statement that matches your //* security product so that they meet your system requirements. //* //* Note(s): @@ -51,32 +36,13 @@ //********************************************************************* // EXPORT SYMLIST=* //* -// SET PRODUCT=RACF * RACF, ACF2, or TSS -//* 12345678 -// SET ZOWEUSER=ZWESVUSR * userid for Zowe started task -//* 12345678 -//* -//* * Keyring for the Zowe userid -// SET ZOWERING='ZoweKeyring' -//* * Zowe's certificate label -// SET LABEL='localhost' -//* * Zowe's local CA name -// SET LOCALCA='localca' -//* -//* ACF2 ONLY - - - - - - - - - - - - - - - - - -//* 12345678 -// SET STCGRP= * group for Zowe started tasks -//* 12345678 -//* -//* end ACF2 ONLY - - - - - - - - - - - - - - - - -//* //********************************************************************* //* //* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT //* //RUN EXEC PGM=IKJEFT01,REGION=0M //SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT +//SYSTSIN DD DDNAME={zowe.setup.security.product} //* //********************************************************************* //* @@ -85,30 +51,30 @@ //RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Remove permit to use SITE owned certificate's private key */ - PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) DELETE ID(&ZOWEUSER.) + PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) /* Remove permit to read keyring ................................... */ - PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) DELETE ID(&ZOWEUSER.) + PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(FACILITY) REFRESH /* Remove keyring profile defined on RDATALIB class ................ */ - RLIST RDATALIB &ZOWEUSER..&ZOWERING..LST ALL - PERMIT &ZOWEUSER..&ZOWERING..LST CLASS(RDATALIB) DELETE + - ID(&ZOWEUSER.) - RDELETE RDATALIB &ZOWEUSER..&ZOWERING..LST + RLIST RDATALIB {zowe.setup.security.users.zowe}..{zowe.setup.certificate.keyring.name}..LST ALL + PERMIT {zowe.setup.security.users.zowe}..{zowe.setup.certificate.keyring.name}..LST CLASS(RDATALIB) DELETE + + ID({zowe.setup.security.users.zowe}.) + RDELETE RDATALIB {zowe.setup.security.users.zowe}..{zowe.setup.certificate.keyring.name}..LST /* Refresh to dynamically activate the changes. .................... */ SETROPTS RACLIST(RDATALIB) REFRESH /* Delete LABEL certificate ........................................*/ - RACDCERT DELETE(LABEL('&LABEL.')) ID(&ZOWEUSER.) + RACDCERT DELETE(LABEL('{zowe.setup.certificate.keyring.label}.')) ID({zowe.setup.security.users.zowe}.) /* Delete LOCALCA certificate ......................................*/ - RACDCERT DELETE(LABEL('&LOCALCA.')) CERTAUTH + RACDCERT DELETE(LABEL('{zowe.setup.certificate.keyring.caLabel}.')) CERTAUTH /* Delete keyring ...................................................*/ - RACDCERT DELRING(&ZOWERING.) ID(&ZOWEUSER.) + RACDCERT DELRING({zowe.setup.certificate.keyring.name}.) ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(DIGTCERT, DIGTRING) REFRESH @@ -126,24 +92,24 @@ ACF * Remove permit to use SITE owned certificate's private key SET RESOURCE(FAC) - RECKEY IRR DEL(DIGTCERT.GENCERT ROLE(&STCGRP) + + RECKEY IRR DEL(DIGTCERT.GENCERT ROLE({zowe.setup.security.groups.stc}) + SERVICE(CONTROL) ALLOW) * Remove permit to read keyring ....................................*/ - RECKEY IRR DEL(DIGTCERT.LISTRING ROLE(&STCGRP) + + RECKEY IRR DEL(DIGTCERT.LISTRING ROLE({zowe.setup.security.groups.stc}) + SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * Delete LABEL certificate ........................................*/ - DELETE &ZOWEUSER..ZOWECERT + DELETE {zowe.setup.security.users.zowe}..ZOWECERT * Delete LOCALCA certificate ......................................*/ DELETE CERTAUTH.ZOWECA * Delete keyring ...................................................*/ SET PROFILE(USER) DIVISION(KEYRING) - DELETE &ZOWEUSER..ZOWERING + DELETE {zowe.setup.security.users.zowe}..ZOWERING F ACF2,REBUILD(USR),CLASS(P),DIVISION(KEYRING) @@ -157,19 +123,19 @@ $$ //TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Remove permit to use SITE owned certificate's private key */ - TSS REVOKE(&ZOWEUSER.) IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) + TSS REVOKE({zowe.setup.security.users.zowe}.) IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) /* Remove permit to read keyring ................................... */ - TSS REVOKE(&ZOWEUSER.) IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) + TSS REVOKE({zowe.setup.security.users.zowe}.) IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) /* Delete LABEL certificate ........................................*/ - TSS REM(&ZOWEUSER.) DIGICERT(ZOWECERT) + TSS REM({zowe.setup.security.users.zowe}.) DIGICERT(ZOWECERT) /* Delete LOCALCA certificate ......................................*/ TSS REM(CERTAUTH) DIGICERT(ZOWECA) /* Delete keyring ...................................................*/ - TSS REM(&ZOWEUSER.) KEYRING(ZOWERING) + TSS REM({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) /* ................................................................. */ /* only the last RC is returned, this command ensures it is a 0 */ diff --git a/files/SZWESAMP/ZWENOSEC b/files/SZWESAMP/ZWENOSEC index ed23a934cc..f769e82e9a 100644 --- a/files/SZWESAMP/ZWENOSEC +++ b/files/SZWESAMP/ZWENOSEC @@ -22,37 +22,7 @@ //* 1) Add job name and job parameters to the JOB statement, to //* meet your system requirements. //* -//* 2) Update the SET PRODUCT= statement to match your security -//* product. -//* -//* 3) Update the SET ADMINGRP= statement to match the desired -//* group name for Zowe administrators. -//* -//* 4) Update the SET STCGRP= statement to match the desired -//* group name for started tasks. -//* -//* 5) Update the SET ZOWEUSER= statement to match the desired -//* user ID for the ZOWE started task. -//* -//* 6) Update the SET ZISUSER= statement to match the desired -//* user ID for the ZIS started task. -//* -//* 7) Update the SET ZOWESTC= statement to match the desired -//* Zowe started task name. -//* -//* 8) Update the SET ZISSTC= statement to match the desired -//* ZIS started task name. -//* -//* 9) Update the SET AUXSTC= statement to match the desired -//* ZIS Auxiliary Server started task name. -//* -//* 10) Update the SET HLQ= statement to match the desired -//* Zowe data set high level qualifier. -//* -//* 11) Update the SET SYSPROG= statement to match the existing -//* user ID or group used by z/OS system programmers. -//* -//* 12) Customize the commands in the DD statement that matches your +//* 2) Customize the commands in the DD statement that matches your //* security product so that they meet your system requirements. //* //* Note(s): @@ -69,19 +39,6 @@ //********************************************************************* // EXPORT SYMLIST=* //* -// SET PRODUCT=RACF * RACF, ACF2, or TSS -//* 12345678 -// SET ADMINGRP=ZWEADMIN * group for Zowe administrators -// SET STCGRP=&ADMINGRP. * group for Zowe started tasks -// SET ZOWEUSER=ZWESVUSR * userid for Zowe started task -// SET ZISUSER=ZWESIUSR * userid for ZIS started task -// SET ZOWESTC=ZWESVSTC * Zowe started task name -// SET ZISSTC=ZWESISTC * ZIS started task name -// SET AUXSTC=ZWESASTC * ZIS AUX started task name -// SET HLQ=ZWE * data set high level qualifier -// SET SYSPROG=&ADMINGRP. * system programmer user ID/group -//* 12345678 -//* //* Top Secret ONLY - - - - - - - - - - - - - - - - - //* 12345678 // SET ADMINDEP=SYSPDEPT * department owning admin group @@ -96,7 +53,7 @@ //* //RUN EXEC PGM=IKJEFT01,REGION=0M //SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT +//SYSTSIN DD DDNAME={zowe.setup.security.product} //* //********************************************************************* //* @@ -112,13 +69,13 @@ /* EGN is not active on your system. */ /* remove general data set protection */ - LISTDSD PREFIX(&HLQ.) ALL - PERMIT '&HLQ..*.**' CLASS(DATASET) DELETE ID(&SYSPROG.) - DELDSD '&HLQ..*.**' + LISTDSD PREFIX({zowe.setup.datasets.prefix}.) ALL + PERMIT '{zowe.setup.datasets.prefix}..*.**' CLASS(DATASET) DELETE ID({zowe.setup.security.groups.sysProg}.) + DELDSD '{zowe.setup.datasets.prefix}..*.**' /* remove HLQ stub */ - LISTGRP &HLQ. - DELGROUP &HLQ. + LISTGRP {zowe.setup.datasets.prefix}. + DELGROUP {zowe.setup.datasets.prefix}. SETROPTS GENERIC(DATASET) REFRESH @@ -126,33 +83,33 @@ /* remove permit to use ZIS */ RLIST FACILITY ZWES.IS ALL - PERMIT ZWES.IS CLASS(FACILITY) DELETE ID(&ZOWEUSER.) + PERMIT ZWES.IS CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) /* remove permit to create a user's security environment */ RLIST FACILITY BPX.DAEMON ALL - PERMIT BPX.DAEMON CLASS(FACILITY) DELETE ID(&ZOWEUSER.) + PERMIT BPX.DAEMON CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) RLIST FACILITY BPX.SERVER ALL - PERMIT BPX.SERVER CLASS(FACILITY) DELETE ID(&ZOWEUSER.) + PERMIT BPX.SERVER CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) - PERMIT OMVSAPPL CLASS(APPL) DELETE ID(&ZOWEUSER.) + PERMIT OMVSAPPL CLASS(APPL) DELETE ID({zowe.setup.security.users.zowe}.) /* remove permit to set jobname */ RLIST FACILITY BPX.JOBNAME ALL - PERMIT BPX.JOBNAME CLASS(FACILITY) DELETE ID(&ZOWEUSER.) + PERMIT BPX.JOBNAME CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) /* remove permit to write persistent data */ RLIST UNIXPRIV SUPERUSER.FILESYS ALL - PERMIT SUPERUSER.FILESYS CLASS(UNIXPRIV) DELETE ID(&ZOWEUSER.) + PERMIT SUPERUSER.FILESYS CLASS(UNIXPRIV) DELETE ID({zowe.setup.security.users.zowe}.) /* remove permit to use client certificate mapping service */ - PERMIT IRR.RUSERMAP CLASS(FACILITY) DELETE ID(&ZOWEUSER.) + PERMIT IRR.RUSERMAP CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) /* remove permit to use distributed identity mapping service */ - PERMIT IRR.IDIDMAP.QUERY CLASS(FACILITY) DELETE ID(&ZOWEUSER.) + PERMIT IRR.IDIDMAP.QUERY CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) /* remove permit Zowe main server to cut SMF records */ - PERMIT IRR.RAUDITX CLASS(FACILITY) DELETE ID(&ZOWEUSER.) + PERMIT IRR.RAUDITX CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(FACILITY) REFRESH SETROPTS RACLIST(UNIXPRIV) REFRESH @@ -161,46 +118,46 @@ /* remove permit to use ZIS */ RLIST FACILITY ZWES.IS ALL - PERMIT ZWES.IS CLASS(FACILITY) DELETE ID(&ZISUSER.) + PERMIT ZWES.IS CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zis}.) /* REMOVE STARTED TASKS ............................................ */ /* remove userid for ZOWE main server */ - LISTUSER &ZOWEUSER. OMVS - DELUSER &ZOWEUSER. + LISTUSER {zowe.setup.security.users.zowe}. OMVS + DELUSER {zowe.setup.security.users.zowe}. /* remove userid for ZIS */ - LISTUSER &ZISUSER. OMVS - DELUSER &ZISUSER. + LISTUSER {zowe.setup.security.users.zis}. OMVS + DELUSER {zowe.setup.security.users.zis}. -/* comment out if &STCGRP matches &ADMINGRP (default), expect */ +/* comment out if {zowe.setup.security.groups.stc} matches {zowe.setup.security.groups.admin} (default), expect */ /* warning messages otherwise */ /* remove group for started tasks */ - LISTGRP &STCGRP. OMVS - DELGROUP &STCGRP. + LISTGRP {zowe.setup.security.groups.stc}. OMVS + DELGROUP {zowe.setup.security.groups.stc}. /* remove started task for ZOWE main server */ - RLIST STARTED &ZOWESTC..* ALL STDATA - RDELETE STARTED &ZOWESTC..* + RLIST STARTED {zowe.setup.security.stcs.zowe}..* ALL STDATA + RDELETE STARTED {zowe.setup.security.stcs.zowe}..* /* remove started task for ZIS */ - RLIST STARTED &ZISSTC..* ALL STDATA - RDELETE STARTED &ZISSTC..* + RLIST STARTED {zowe.setup.security.stcs.zis}..* ALL STDATA + RDELETE STARTED {zowe.setup.security.stcs.zis}..* /* remove started task for ZIS Auxiliary server */ - RLIST STARTED &AUXSTC..* ALL STDATA - RDELETE STARTED &AUXSTC..* + RLIST STARTED {zowe.setup.security.stcs.aux}..* ALL STDATA + RDELETE STARTED {zowe.setup.security.stcs.aux}..* SETROPTS RACLIST(STARTED) REFRESH /* REMOVE ADMINISTRATORS ........................................... */ -/* uncomment to remove user IDs from the &ADMINGRP group */ -/* REMOVE (userid,userid,...) GROUP(&ADMINGRP.) */ +/* uncomment to remove user IDs from the {zowe.setup.security.groups.admin} group */ +/* REMOVE (userid,userid,...) GROUP({zowe.setup.security.groups.admin}.) */ /* remove group for administrators */ - LISTGRP &ADMINGRP. OMVS - DELGROUP &ADMINGRP. + LISTGRP {zowe.setup.security.groups.admin}. OMVS + DELGROUP {zowe.setup.security.groups.admin}. /* REMOVE ZOWE RESOURCE CLASS ...................................... */ /* uncomment commands to below if the ZOWE class has been created */ @@ -230,30 +187,30 @@ ACF * group for administrators * SET PROFILE(GROUP) DIV(OMVS) -DELETE &ADMINGRP. +DELETE {zowe.setup.security.groups.admin}. F ACF2,REBUILD(GRP),CLASS(P) * * SET LID SET PROFILE(USER) DIV(OMVS) -DELETE &ZOWEUSER. +DELETE {zowe.setup.security.users.zowe}. F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) * SET LID SET PROFILE(USER) DIV(OMVS) -DELETE &ZISUSER. +DELETE {zowe.setup.security.users.zis}. F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) * * remove userid for ZOWE main server (ZISSTC,AUXSTC have same user id) SET LID -LIST &ZOWEUSER -DELETE &ZOWEUSER. +LIST {zowe.setup.security.users.zowe} +DELETE {zowe.setup.security.users.zowe}. * * * remove userid for ZIS */ SET LID -LIST &ZISUSER -DELETE &ZISUSER. +LIST {zowe.setup.security.users.zis} +DELETE {zowe.setup.security.users.zis}. * * ***** @@ -262,35 +219,35 @@ DELETE &ZISUSER. * SET CONTROL(GSO) LIST LIKE(STC.Z-) -DELETE STC.&ZOWESTC. +DELETE STC.{zowe.setup.security.stcs.zowe}. F ACF2,REFRESH(STC) * * started task for ZIS * SET CONTROL(GSO) -DELETE STC.&ZISSTC. +DELETE STC.{zowe.setup.security.stcs.zis}. F ACF2,REFRESH(STC) * * started task for ZIS Auxiliary server * SET CONTROL(GSO) -DELETE STC.&AUXSTC. +DELETE STC.{zowe.setup.security.stcs.aux}. F ACF2,REFRESH(STC) * * Revoke access to ZIS SET RESOURCE(FAC) -RECKEY ZWES DEL(IS ROLE(&STCGRP.) SERVICE(READ) ALLOW) +RECKEY ZWES DEL(IS ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * * Remove Zowe main server * SET RESOURCE(FAC) -RECKEY BPX DEL(DAEMON ROLE(&STCGRP.) SERVICE(UPDATE) ALLOW) -RECKEY BPX DEL(SERVER ROLE(&STCGRP.) SERVICE(UPDATE) ALLOW) -RECKEY BPX DEL(JOBNAME ROLE(&STCGRP.) SERVICE(READ) ALLOW) +RECKEY BPX DEL(DAEMON ROLE({zowe.setup.security.groups.stc}.) SERVICE(UPDATE) ALLOW) +RECKEY BPX DEL(SERVER ROLE({zowe.setup.security.groups.stc}.) SERVICE(UPDATE) ALLOW) +RECKEY BPX DEL(JOBNAME ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) SET RESOURCE(APL) -RECKEY OMVSAPPL DEL(SERVICE(READ) ROLE(&STCGRP.) ALLOW) +RECKEY OMVSAPPL DEL(SERVICE(READ) ROLE({zowe.setup.security.groups.stc}.) ALLOW) F ACF2,REBUILD(APL) * Remove UNI * @@ -303,24 +260,24 @@ F ACF2,REBUILD(UNI) * Remove STCGRP role permission to use client certificate mapping * service SET RESOURCE(FAC) -RECKEY IRR DEL(RUSERMAP ROLE(&STCGRP.) SERVICE(READ) ALLOW) +RECKEY IRR DEL(RUSERMAP ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * Remove STCGRP role permission to use distributed certificate mapping * service SET RESOURCE(FAC) -RECKEY IRR DEL(IDIDMAP.QUERY ROLE(&STCGRP.) SERVICE(READ) ALLOW) +RECKEY IRR DEL(IDIDMAP.QUERY ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * Remove STCGRP role permission to cut SMF records SET RESOURCE(FAC) -RECKEY IRR DEL(RAUDITX ROLE(&STCGRP.) SERVICE(READ) ALLOW) +RECKEY IRR DEL(RAUDITX ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * Remove data set protection SET RULE -LIST &HLQ. -DELETE &HLQ. +LIST {zowe.setup.datasets.prefix}. +DELETE {zowe.setup.datasets.prefix}. * * Remove ZOWE resource class @@ -344,88 +301,88 @@ $$ /* REMOVE ZOWE DATA SET PROTECTION ................................. */ /* removE general data set protection */ -TSS WHOHAS DATASET(&HLQ) -TSS REVOKE(ALL) DATASET(&HLQ..) -TSS REVOKE(&SYSPROG) DATASET(&HLQ..) -TSS REMOVE(&ADMINDEP) DATASET(&HLQ..) +TSS WHOHAS DATASET({zowe.setup.datasets.prefix}) +TSS REVOKE(ALL) DATASET({zowe.setup.datasets.prefix}..) +TSS REVOKE({zowe.setup.security.groups.sysProg}) DATASET({zowe.setup.datasets.prefix}..) +TSS REMOVE(&ADMINDEP) DATASET({zowe.setup.datasets.prefix}..) /* REMOVE ZOWE SERVER PERMISIONS ................................... */ /* remove permit to use ZIS */ TSS WHOHAS IBMFAC(ZWES.IS) -TSS REVOKE(&ZOWEUSER) IBMFAC(ZWES.IS) +TSS REVOKE({zowe.setup.security.users.zowe}) IBMFAC(ZWES.IS) /* remove permit to create a user's security environment */ TSS WHOHAS IBMFAC(BPX.DAEMON) -TSS REVOKE(&ZOWEUSER) IBMFAC(BPX.DAEMON) +TSS REVOKE({zowe.setup.security.users.zowe}) IBMFAC(BPX.DAEMON) TSS WHOHAS IBMFAC(BPX.SERVER) -TSS REVOKE(&ZOWEUSER) IBMFAC(BPX.SERVER) +TSS REVOKE({zowe.setup.security.users.zowe}) IBMFAC(BPX.SERVER) TSS WHOHAS APPL(OMVSAPPL) -TSS REVOKE(&ZOWEUSER) APPL(OMVSAPPL) +TSS REVOKE({zowe.setup.security.users.zowe}) APPL(OMVSAPPL) /* remove permit to set jobname */ TSS WHOHAS IBMFAC(BPX.JOBNAME) -TSS REVOKE(&ZOWEUSER) IBMFAC(BPX.JOBNAME) +TSS REVOKE({zowe.setup.security.users.zowe}) IBMFAC(BPX.JOBNAME) /* remove permit to write persistent data */ TSS WHOHAS UNIXPRIV(SUPERUSER.FILESYS) -TSS REVOKE(&ZOWEUSER) UNIXPRIV(SUPERUSER.FILESYS) +TSS REVOKE({zowe.setup.security.users.zowe}) UNIXPRIV(SUPERUSER.FILESYS) /* remove permit Zowe main server to use client certificate mapping */ /* service */ TSS WHOHAS IBMFAC(IRR.RUSERMAP) -TSS REVOKE(&ZOWEUSER.) IBMFAC(IRR.RUSERMAP) +TSS REVOKE({zowe.setup.security.users.zowe}.) IBMFAC(IRR.RUSERMAP) /* remove permit Zowe main server to use distributed identity */ /* mapping service */ TSS WHOHAS IBMFAC(IRR.IDIDMAP.QUERY) -TSS REVOKE(&ZOWEUSER.) IBMFAC(IRR.IDIDMAP.QUERY) +TSS REVOKE({zowe.setup.security.users.zowe}.) IBMFAC(IRR.IDIDMAP.QUERY) /* remove permit Zowe main server to cut SMF records */ TSS WHOHAS IBMFAC(IRR.RAUDITX) -TSS REVOKE(&ZOWEUSER.) IBMFAC(IRR.RAUDITX) +TSS REVOKE({zowe.setup.security.users.zowe}.) IBMFAC(IRR.RAUDITX) /* REMOVE AUX SERVER PERMISIONS .................................... */ /* remove permit to use ZIS */ TSS WHOHAS IBMFAC(ZWES.IS) -TSS REVOKE(&ZISUSER) IBMFAC(ZWES.IS) +TSS REVOKE({zowe.setup.security.users.zis}) IBMFAC(ZWES.IS) /* REMOVE STARTED TASKS ............................................ */ /* remove userid for ZOWE main server */ -TSS LIST(&ZOWEUSER) -TSS DELETE(&ZOWEUSER) +TSS LIST({zowe.setup.security.users.zowe}) +TSS DELETE({zowe.setup.security.users.zowe}) /* remove userid for ZIS */ -TSS LIST(&ZISUSER) -TSS DELETE(&ZISUSER) +TSS LIST({zowe.setup.security.users.zis}) +TSS DELETE({zowe.setup.security.users.zis}) -/* comment out if &STCGRP matches &ADMINGRP (default), expect */ +/* comment out if {zowe.setup.security.groups.stc} matches {zowe.setup.security.groups.admin} (default), expect */ /* warning messages otherwise */ /* remove group for started tasks */ -TSS LIST(&STCGRP) -TSS DELETE(&STCGRP) +TSS LIST({zowe.setup.security.groups.stc}) +TSS DELETE({zowe.setup.security.groups.stc}) /* remove started task for ZOWE main server */ TSS LIST(STC) -TSS REMOVE(STC) PROCNAME(&ZOWESTC) +TSS REMOVE(STC) PROCNAME({zowe.setup.security.stcs.zowe}) /* remove started task for ZIS */ TSS LIST(STC) -TSS REMOVE(STC) PROCNAME(&ZISSTC) +TSS REMOVE(STC) PROCNAME({zowe.setup.security.stcs.zis}) /* remove started task for ZIS Auxiliary server */ TSS LIST(STC) -TSS REMOVE(STC) PROCNAME(&AUXSTC) +TSS REMOVE(STC) PROCNAME({zowe.setup.security.stcs.aux}) /* REMOVE ADMINISTRATORS ........................................... */ -/* uncomment to remove user IDs from the &ADMINGRP group */ -/* TSS REMOVE (userid) GROUP(&ADMINGRP.) */ +/* uncomment to remove user IDs from the {zowe.setup.security.groups.admin} group */ +/* TSS REMOVE (userid) GROUP({zowe.setup.security.groups.admin}.) */ /* remove group for administrators */ -TSS LIST(&ADMINGRP) -TSS DELETE(&ADMINGRP) +TSS LIST({zowe.setup.security.groups.admin}) +TSS DELETE({zowe.setup.security.groups.admin}) /* REMOVE ZOWE RESOURCE CLASS ...................................... */ /* uncomment commands to below if the ZOWE class has been created */ From 86559df7f2ba7ce0f5a8ec191720098b3fe626ba Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 29 Jan 2024 15:13:48 -0500 Subject: [PATCH 004/258] Do string replace on zwegener in zwe init generate to fill in required params Signed-off-by: 1000TurquoisePogs --- bin/commands/init/generate/index.ts | 6 +++++- files/SZWESAMP/ZWEGENER | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/bin/commands/init/generate/index.ts b/bin/commands/init/generate/index.ts index bc667a57d2..dc598c8855 100644 --- a/bin/commands/init/generate/index.ts +++ b/bin/commands/init/generate/index.ts @@ -23,7 +23,11 @@ export function execute(dryRun?: boolean) { const ZOWE_CONFIG=config.getZoweConfig(); const tempFile = fs.createTmpFile(); zosFs.copyMvsToUss(ZOWE_CONFIG.zowe.setup.dataset.prefix + 'SZWESAMP(ZWEGENER)', tempFile); - const jclContents = xplatform.loadFileUTF8(tempFile, xplatform.AUTO_DETECT); + let jclContents = xplatform.loadFileUTF8(tempFile, xplatform.AUTO_DETECT); + jclContents = jclContents.replaceAll('{zowe.setup.dataset.prefix}', ZOWE_CONFIG.zowe.setup.dataset.prefix); + jclContents = jclContents.replaceAll('{zowe.setup.dataset.loadlib}', ZOWE_CONFIG.zowe.setup.dataset.loadlib); + jclContents = jclContents.replaceAll('{zowe.runtimeDirectory}', ZOWE_CONFIG.zowe.runtimeDirectory); + jclContents = jclContents.replace('FILE ', 'FILE '+ZOWE_CONFIG.zowe.workspaceDirectory+'/.env/.zowe-merged.yaml'); os.remove(tempFile); common.printMessage(`Template JCL: ${ZOWE_CONFIG.zowe.setup.dataset.prefix + 'SZWESAMP(ZWEGENER)'}`); diff --git a/files/SZWESAMP/ZWEGENER b/files/SZWESAMP/ZWEGENER index 67d6750e8b..554f068e3c 100644 --- a/files/SZWESAMP/ZWEGENER +++ b/files/SZWESAMP/ZWEGENER @@ -17,7 +17,7 @@ //* //* Note: Any string with braces has an associated yaml value //* in one of the yaml definitions for Zowe. -//* You should find the value and substitute it. +//* You must find the value and substitute it. //* //* {key} -> value //* From a77797ae79ab6f89f0a12953c3f9effc5deab992 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 29 Jan 2024 15:21:56 -0500 Subject: [PATCH 005/258] Bump tsconfig to es2021 due to replaceAll Signed-off-by: 1000TurquoisePogs --- build/zwe/tsconfig.dev.json | 6 +++--- build/zwe/tsconfig.prod.json | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/build/zwe/tsconfig.dev.json b/build/zwe/tsconfig.dev.json index f4688ea240..9c6e9d4fae 100644 --- a/build/zwe/tsconfig.dev.json +++ b/build/zwe/tsconfig.dev.json @@ -1,8 +1,8 @@ { "compilerOptions": { - "lib": [ "ES2020" ], - "module": "ES2020", - "target": "ES2020", + "lib": [ "ES2021" ], + "module": "ES2021", + "target": "ES2021", "moduleResolution": "node", "removeComments": false, "preserveConstEnums": true, diff --git a/build/zwe/tsconfig.prod.json b/build/zwe/tsconfig.prod.json index 99cb80c872..db1d1689f9 100644 --- a/build/zwe/tsconfig.prod.json +++ b/build/zwe/tsconfig.prod.json @@ -1,8 +1,8 @@ { "compilerOptions": { - "lib": [ "ES2020" ], - "module": "ES2020", - "target": "ES2020", + "lib": [ "ES2021" ], + "module": "ES2021", + "target": "ES2021", "moduleResolution": "node", "removeComments": false, "preserveConstEnums": true, From 45b9218b6a1124f96f76c8be3e9632630cf0225d Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 29 Jan 2024 15:52:59 -0500 Subject: [PATCH 006/258] Revert to es2020 and use replace instead of replaceall Signed-off-by: 1000TurquoisePogs --- bin/commands/init/generate/index.ts | 7 ++++--- build/zwe/tsconfig.dev.json | 6 +++--- build/zwe/tsconfig.prod.json | 6 +++--- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/bin/commands/init/generate/index.ts b/bin/commands/init/generate/index.ts index dc598c8855..73bb143ade 100644 --- a/bin/commands/init/generate/index.ts +++ b/bin/commands/init/generate/index.ts @@ -24,9 +24,10 @@ export function execute(dryRun?: boolean) { const tempFile = fs.createTmpFile(); zosFs.copyMvsToUss(ZOWE_CONFIG.zowe.setup.dataset.prefix + 'SZWESAMP(ZWEGENER)', tempFile); let jclContents = xplatform.loadFileUTF8(tempFile, xplatform.AUTO_DETECT); - jclContents = jclContents.replaceAll('{zowe.setup.dataset.prefix}', ZOWE_CONFIG.zowe.setup.dataset.prefix); - jclContents = jclContents.replaceAll('{zowe.setup.dataset.loadlib}', ZOWE_CONFIG.zowe.setup.dataset.loadlib); - jclContents = jclContents.replaceAll('{zowe.runtimeDirectory}', ZOWE_CONFIG.zowe.runtimeDirectory); + + jclContents = jclContents.replace("DSN={zowe.setup.dataset.prefix}", "DSN="+ZOWE_CONFIG.zowe.setup.dataset.prefix); + jclContents = jclContents.replace("{zowe.setup.dataset.loadlib}", ZOWE_CONFIG.zowe.setup.dataset.loadlib); + jclContents = jclContents.replace(/\{zowe\.runtimeDirectory\}/gi, ZOWE_CONFIG.zowe.runtimeDirectory); jclContents = jclContents.replace('FILE ', 'FILE '+ZOWE_CONFIG.zowe.workspaceDirectory+'/.env/.zowe-merged.yaml'); os.remove(tempFile); diff --git a/build/zwe/tsconfig.dev.json b/build/zwe/tsconfig.dev.json index 9c6e9d4fae..f4688ea240 100644 --- a/build/zwe/tsconfig.dev.json +++ b/build/zwe/tsconfig.dev.json @@ -1,8 +1,8 @@ { "compilerOptions": { - "lib": [ "ES2021" ], - "module": "ES2021", - "target": "ES2021", + "lib": [ "ES2020" ], + "module": "ES2020", + "target": "ES2020", "moduleResolution": "node", "removeComments": false, "preserveConstEnums": true, diff --git a/build/zwe/tsconfig.prod.json b/build/zwe/tsconfig.prod.json index db1d1689f9..99cb80c872 100644 --- a/build/zwe/tsconfig.prod.json +++ b/build/zwe/tsconfig.prod.json @@ -1,8 +1,8 @@ { "compilerOptions": { - "lib": [ "ES2021" ], - "module": "ES2021", - "target": "ES2021", + "lib": [ "ES2020" ], + "module": "ES2020", + "target": "ES2020", "moduleResolution": "node", "removeComments": false, "preserveConstEnums": true, From 985b71d8c156c5e185c7dd4ce296c66964bcd9bd Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 29 Jan 2024 16:24:16 -0500 Subject: [PATCH 007/258] Revert ZWESECUR for now. VTL template issues. Signed-off-by: 1000TurquoisePogs --- workflows/templates/ZWESECUR.vtl | 316 ++++++++++++++++++------------- 1 file changed, 188 insertions(+), 128 deletions(-) diff --git a/workflows/templates/ZWESECUR.vtl b/workflows/templates/ZWESECUR.vtl index 93f12ac639..d32ecb48dc 100644 --- a/workflows/templates/ZWESECUR.vtl +++ b/workflows/templates/ZWESECUR.vtl @@ -35,6 +35,40 @@ //* 1) Add job name and job parameters to the JOB statement, to //* meet your system requirements. //* +//* 2) Update the SET PRODUCT= statement to match your security +//* product. +//* +//* 3) Update the SET ADMINGRP= statement to match the desired +//* group name for Zowe administrators. +//* +//* 4) Update the SET STCGRP= statement to match the desired +//* group name for started tasks. +//* +//* 5) Update the SET ZOWEUSER= statement to match the desired +//* user ID for the ZOWE started task. +//* +//* 6) Update the SET ZISUSER= statement to match the desired +//* user ID for the ZIS started task. +//* +//* 7) Update the SET ZOWESTC= statement to match the desired +//* Zowe started task name. +//* +//* 8) Update the SET ZLNCHSTC= statement to match the desired +//* Zowe launcher started task name. It is applicable if you +//* run Zowe for high availability. +//* +//* 9) Update the SET ZISSTC= statement to match the desired +//* ZIS started task name. +//* +//* 10) Update the SET AUXSTC= statement to match the desired +//* ZIS Auxiliary started task name. +//* +//* 11) Update the SET HLQ= statement to match the desired +//* Zowe data set high level qualifier. +//* +//* 12) Update the SET SYSPROG= statement to match the existing +//* user ID or group used by z/OS system programmers. +//* //* 13) When not using AUTOUID and AUTOGID to assign z/OS UNIX UID //* and GID values, update the SET *ID= statements to match the //* desired UID and GID values. @@ -69,6 +103,19 @@ #if($ibmTemplate == 'YES') // EXPORT SYMLIST=* //* +// SET PRODUCT=RACF * RACF, ACF2, or TSS +//* 12345678 +// SET ADMINGRP=ZWEADMIN * group for Zowe administrators +// SET STCGRP=&ADMINGRP. * group for Zowe started tasks +// SET ZOWEUSER=ZWESVUSR * userid for Zowe started task +// SET ZISUSER=ZWESIUSR * userid for ZIS started task +// SET ZOWESTC=ZWESVSTC * Zowe started task name +// SET ZLNCHSTC=ZWESLSTC * Zowe started task name for HA +// SET ZISSTC=ZWESISTC * ZIS started task name +// SET AUXSTC=ZWESASTC * ZIS AUX started task name +// SET HLQ=ZWE * data set high level qualifier +// SET SYSPROG=&ADMINGRP. * system programmer user ID/group +//* 12345678 //* //* The sample RACF and ACF2 commands assume AUTOUID and AUTOGID are //* enabled. When this is not the case, or you are using Top Secret, @@ -98,6 +145,19 @@ #if($ibmTemplate != 'YES') // EXPORT SYMLIST=* //* +// SET PRODUCT=${PRODUCT} * RACF, ACF2, or TSS +//* 12345678 +// SET ADMINGRP=${ADMINGRP} * group for Zowe administrators +// SET STCGRP=${STCGRP} * group for Zowe started tasks +// SET ZOWEUSER=${ZOWEUSER} * userid for Zowe started task +// SET ZISUSER=${ZISUSER} * userid for ZIS started task +// SET ZOWESTC=${ZOWESTC} * Zowe started task name +// SET ZLNCHSTC=${ZLNCHSTC} * Zowe started task name for HA +// SET ZISSTC=${ZISSTC} * ZIS started task name +// SET AUXSTC=${AUXSTC} * ZIS AUX started task name +// SET HLQ=${HLQ} * data set high level qualifier +// SET SYSPROG=${SYSPROG} * system programmer user ID/group +//* 12345678 //* //* The sample RACF and ACF2 commands assume AUTOUID and AUTOGID are //* enabled. When this is not the case, or you are using Top Secret, @@ -133,7 +193,7 @@ //* //RUN EXEC PGM=IKJEFT01,REGION=0M //SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME={zowe.setup.security.product} +//SYSTSIN DD DDNAME=&PRODUCT //* //********************************************************************* //* @@ -172,12 +232,12 @@ /* group for administrators */ /* replace AUTOGID with GID(&ADMINGID.) if AUTOGID not enabled */ - LISTGRP {zowe.setup.security.groups.admin}. OMVS - ADDGROUP {zowe.setup.security.groups.admin}. OMVS(AUTOGID) - + LISTGRP &ADMINGRP. OMVS + ADDGROUP &ADMINGRP. OMVS(AUTOGID) - DATA('ZOWE ADMINISTRATORS') /* uncomment to add existing user IDs to the &ADMINGRP group */ -/* CONNECT (userid,userid,...) GROUP({zowe.setup.security.groups.admin}.) AUTH(USE) */ +/* CONNECT (userid,userid,...) GROUP(&ADMINGRP.) AUTH(USE) */ /* DEFINE STARTED TASK ............................................. */ @@ -189,28 +249,28 @@ /* warning messages otherwise */ /* group for started tasks */ /* replace AUTOGID with GID(&STCGID.) if AUTOGID not enabled */ - LISTGRP {zowe.setup.security.groups.stc}. OMVS - ADDGROUP {zowe.setup.security.groups.stc}. OMVS(AUTOGID) - + LISTGRP &STCGRP. OMVS + ADDGROUP &STCGRP. OMVS(AUTOGID) - DATA('STARTED TASK GROUP WITH OMVS SEGMENT') /* */ /* userid for ZOWE main server */ /* replace AUTOUID with UID(&ZOWEUID.) if AUTOUID not enabled */ - LISTUSER {zowe.setup.security.users.zowe}. OMVS - ADDUSER {zowe.setup.security.users.zowe}. - + LISTUSER &ZOWEUSER. OMVS + ADDUSER &ZOWEUSER. - NOPASSWORD - - DFLTGRP({zowe.setup.security.groups.stc}.) - + DFLTGRP(&STCGRP.) - OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) - NAME('ZOWE SERVER') - DATA('ZOWE MAIN SERVER') /* userid for ZIS cross memory server */ /* replace AUTOUID with UID(&ZISUID.) if AUTOUID not enabled */ - LISTUSER {zowe.setup.security.users.zis}. OMVS - ADDUSER {zowe.setup.security.users.zis}. - + LISTUSER &ZISUSER. OMVS + ADDUSER &ZISUSER. - NOPASSWORD - - DFLTGRP({zowe.setup.security.groups.stc}.) - + DFLTGRP(&STCGRP.) - OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) - NAME('ZOWE ZIS SERVER') - DATA('ZOWE ZIS CROSS MEMORY SERVER') @@ -218,39 +278,39 @@ /* */ /* started task for ZOWE main server */ - RLIST STARTED {zowe.setup.security.stcs.zowe}..* ALL STDATA - RDEFINE STARTED {zowe.setup.security.stcs.zowe}..* - - STDATA(USER({zowe.setup.security.users.zowe}.) GROUP({zowe.setup.security.groups.stc}.) TRUSTED(NO)) - + RLIST STARTED &ZOWESTC..* ALL STDATA + RDEFINE STARTED &ZOWESTC..* - + STDATA(USER(&ZOWEUSER.) GROUP(&STCGRP.) TRUSTED(NO)) - DATA('ZOWE MAIN SERVER') /* started task for ZOWE Launcher in high availability */ - RLIST STARTED {zowe.setup.security.stcs.zowe}..* ALL STDATA - RDEFINE STARTED {zowe.setup.security.stcs.zowe}..* - - STDATA(USER({zowe.setup.security.users.zowe}.) GROUP({zowe.setup.security.groups.stc}.) TRUSTED(NO)) - + RLIST STARTED &ZLNCHSTC..* ALL STDATA + RDEFINE STARTED &ZLNCHSTC..* - + STDATA(USER(&ZOWEUSER.) GROUP(&STCGRP.) TRUSTED(NO)) - DATA('ZOWE LAUNCHER SERVER') /* started task for ZIS cross memory server */ - RLIST STARTED {zowe.setup.security.stcs.zis}..* ALL STDATA - RDEFINE STARTED {zowe.setup.security.stcs.zis}..* - - STDATA(USER({zowe.setup.security.users.zis}.) GROUP({zowe.setup.security.groups.stc}.) TRUSTED(NO)) - + RLIST STARTED &ZISSTC..* ALL STDATA + RDEFINE STARTED &ZISSTC..* - + STDATA(USER(&ZISUSER.) GROUP(&STCGRP.) TRUSTED(NO)) - DATA('ZOWE ZIS CROSS MEMORY SERVER') /* started task for ZIS Auxiliary cross memory server */ - RLIST STARTED {zowe.setup.security.stcs.aux}..* ALL STDATA - RDEFINE STARTED {zowe.setup.security.stcs.aux}..* - - STDATA(USER({zowe.setup.security.users.zis}.) GROUP({zowe.setup.security.groups.stc}.) TRUSTED(NO)) - + RLIST STARTED &AUXSTC..* ALL STDATA + RDEFINE STARTED &AUXSTC..* - + STDATA(USER(&ZISUSER.) GROUP(&STCGRP.) TRUSTED(NO)) - DATA('ZOWE ZIS AUX CROSS MEMORY SERVER') SETROPTS RACLIST(STARTED) REFRESH /* show results .................................................... */ - LISTGRP {zowe.setup.security.groups.stc}. OMVS - LISTUSER {zowe.setup.security.users.zowe}. OMVS - LISTUSER {zowe.setup.security.users.zis}. OMVS - RLIST STARTED {zowe.setup.security.stcs.zowe}..* ALL STDATA - RLIST STARTED {zowe.setup.security.stcs.zowe}..* ALL STDATA - RLIST STARTED {zowe.setup.security.stcs.zis}..* ALL STDATA - RLIST STARTED {zowe.setup.security.stcs.aux}..* ALL STDATA + LISTGRP &STCGRP. OMVS + LISTUSER &ZOWEUSER. OMVS + LISTUSER &ZISUSER. OMVS + RLIST STARTED &ZOWESTC..* ALL STDATA + RLIST STARTED &ZLNCHSTC..* ALL STDATA + RLIST STARTED &ZISSTC..* ALL STDATA + RLIST STARTED &AUXSTC..* ALL STDATA /* DEFINE ZIS SECURITY RESOURCES ................................... */ @@ -261,13 +321,13 @@ /* DEFINE AUX SERVER PERMISIONS .................................... */ /* permit AUX STC to use ZIS cross memory server */ - PERMIT ZWES.IS CLASS(FACILITY) ACCESS(READ) ID({zowe.setup.security.users.zis}.) + PERMIT ZWES.IS CLASS(FACILITY) ACCESS(READ) ID(&ZISUSER.) SETROPTS RACLIST(FACILITY) REFRESH /* DEFINE ZOWE SERVER PERMISIONS ................................... */ /* permit Zowe main server to use ZIS cross memory server */ - PERMIT ZWES.IS CLASS(FACILITY) ACCESS(READ) ID({zowe.setup.security.users.zowe}.) + PERMIT ZWES.IS CLASS(FACILITY) ACCESS(READ) ID(&ZOWEUSER.) SETROPTS RACLIST(FACILITY) REFRESH /* permit Zowe main server to create a user's security environment */ @@ -278,22 +338,22 @@ /* it on a production system. */ RLIST FACILITY BPX.DAEMON ALL RDEFINE FACILITY BPX.DAEMON UACC(NONE) - PERMIT BPX.DAEMON CLASS(FACILITY) ACCESS(UPDATE) ID({zowe.setup.security.users.zowe}.) + PERMIT BPX.DAEMON CLASS(FACILITY) ACCESS(UPDATE) ID(&ZOWEUSER.) RLIST FACILITY BPX.SERVER ALL RDEFINE FACILITY BPX.SERVER UACC(NONE) - PERMIT BPX.SERVER CLASS(FACILITY) ACCESS(UPDATE) ID({zowe.setup.security.users.zowe}.) + PERMIT BPX.SERVER CLASS(FACILITY) ACCESS(UPDATE) ID(&ZOWEUSER.) /* permit Zowe main server to create a user's security environment */ /* comment out the following 2 lines if the OMVSAPPL is not defined */ /* in your environment */ - PERMIT OMVSAPPL CLASS(APPL) ID({zowe.setup.security.users.zowe}.) ACCESS(READ) + PERMIT OMVSAPPL CLASS(APPL) ID(&ZOWEUSER.) ACCESS(READ) SETROPTS RACLIST(APPL) REFRESH /* permit Zowe main server to set job name */ RLIST FACILITY BPX.JOBNAME ALL RDEFINE FACILITY BPX.JOBNAME UACC(NONE) - PERMIT BPX.JOBNAME CLASS(FACILITY) ACCESS(READ) ID({zowe.setup.security.users.zowe}.) + PERMIT BPX.JOBNAME CLASS(FACILITY) ACCESS(READ) ID(&ZOWEUSER.) SETROPTS RACLIST(FACILITY) REFRESH @@ -302,26 +362,26 @@ RLIST UNIXPRIV SUPERUSER.FILESYS ALL RDEFINE UNIXPRIV SUPERUSER.FILESYS UACC(NONE) PERMIT SUPERUSER.FILESYS CLASS(UNIXPRIV) ACCESS(CONTROL) - - ID({zowe.setup.security.users.zowe}.) + ID(&ZOWEUSER.) SETROPTS RACLIST(UNIXPRIV) REFRESH /* permit Zowe main server to use client certificate mapping service */ RLIST FACILITY IRR.RUSERMAP ALL RDEFINE FACILITY IRR.RUSERMAP UACC(NONE) - PERMIT IRR.RUSERMAP CLASS(FACILITY) ACCESS(READ) ID({zowe.setup.security.users.zowe}.) + PERMIT IRR.RUSERMAP CLASS(FACILITY) ACCESS(READ) ID(&ZOWEUSER.) /* permit Zowe main server to use distributed identity mapping */ /* service RLIST FACILITY IRR.IDIDMAP.QUERY ALL RDEFINE FACILITY IRR.IDIDMAP.QUERY UACC(NONE) PERMIT IRR.IDIDMAP.QUERY CLASS(FACILITY) ACCESS(READ) - - ID({zowe.setup.security.users.zowe}.) + ID(&ZOWEUSER.) /* permit Zowe main server to cut SMF records */ RLIST FACILITY IRR.RAUDITX ALL RDEFINE FACILITY IRR.RAUDITX UACC(NONE) - PERMIT IRR.RAUDITX CLASS(FACILITY) ACCESS(READ) ID({zowe.setup.security.users.zowe}.) + PERMIT IRR.RAUDITX CLASS(FACILITY) ACCESS(READ) ID(&ZOWEUSER.) SETROPTS RACLIST(FACILITY) REFRESH /* show results .................................................... */ @@ -343,19 +403,19 @@ /* EGN is not active on your system. */ /* HLQ stub */ - LISTGRP {zowe.setup.dataset.prefix}. - ADDGROUP {zowe.setup.dataset.prefix}. DATA('Zowe - HLQ STUB') + LISTGRP &HLQ. + ADDGROUP &HLQ. DATA('Zowe - HLQ STUB') /* general data set protection */ - LISTDSD PREFIX({zowe.setup.dataset.prefix}.) ALL - ADDSD '{zowe.setup.dataset.prefix}..*.**' UACC(READ) DATA('Zowe') - PERMIT '{zowe.setup.dataset.prefix}..*.**' CLASS(DATASET) ACCESS(ALTER) ID({zowe.setup.security.groups.sysProg}.) + LISTDSD PREFIX(&HLQ.) ALL + ADDSD '&HLQ..*.**' UACC(READ) DATA('Zowe') + PERMIT '&HLQ..*.**' CLASS(DATASET) ACCESS(ALTER) ID(&SYSPROG.) SETROPTS GENERIC(DATASET) REFRESH /* show results .................................................... */ - LISTGRP {zowe.setup.dataset.prefix}. - LISTDSD PREFIX({zowe.setup.dataset.prefix}.) ALL + LISTGRP &HLQ. + LISTDSD PREFIX(&HLQ.) ALL /* DEFINE ZOWE RESOURCE PROTECTION ................................. */ @@ -410,13 +470,13 @@ ACF * replace AUTOGID with GID(&ADMINGID.) if AUTOGID is not enabled * SET PROFILE(GROUP) DIV(OMVS) -INSERT {zowe.setup.security.groups.admin}. AUTOGID +INSERT &ADMINGRP. AUTOGID F ACF2,REBUILD(GRP),CLASS(P) * * uncomment and customize to add an existing userid as administrator * * SET X(ROL) -* INSERT {zowe.setup.security.groups.admin}. INCLUDE(userid) ROLE +* INSERT &ADMINGRP. INCLUDE(userid) ROLE * F ACF2,NEWXREF,TYPE(ROL) * * DEFINE STARTED TASK ............................................. @@ -427,7 +487,7 @@ F ACF2,REBUILD(GRP),CLASS(P) * replace AUTOGID with GID(&STCGID.) if AUTOGID is not enabled * SET PROFILE(GROUP) DIV(OMVS) -INSERT {zowe.setup.security.groups.stc}. AUTOGID +INSERT &STCGRP. AUTOGID F ACF2,REBUILD(GRP),CLASS(P) * ***** @@ -436,18 +496,18 @@ F ACF2,REBUILD(GRP),CLASS(P) * replace AUTOUID with UID(&ZOWEUID.) if AUTOUID is not enabled * SET LID -INSERT {zowe.setup.security.users.zowe}. STC GROUP({zowe.setup.security.groups.stc}.) +INSERT &ZOWEUSER. STC GROUP(&STCGRP.) SET PROFILE(USER) DIV(OMVS) -INSERT {zowe.setup.security.users.zowe}. AUTOUID HOME(/tmp) OMVSPGM(/bin/sh) +INSERT &ZOWEUSER. AUTOUID HOME(/tmp) OMVSPGM(/bin/sh) F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) * * userid for ZIS cross memory server * replace AUTOUID with UID(&ZISUID.) if AUTOUID is not enabled * SET LID -INSERT {zowe.setup.security.users.zis}. STC GROUP({zowe.setup.security.groups.stc}.) +INSERT &ZISUSER. STC GROUP(&STCGRP.) SET PROFILE(USER) DIV(OMVS) -INSERT {zowe.setup.security.users.zis}. AUTOUID HOME(/tmp) OMVSPGM(/bin/sh) +INSERT &ZISUSER. AUTOUID HOME(/tmp) OMVSPGM(/bin/sh) F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) * ***** @@ -455,44 +515,44 @@ F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) * started task for ZOWE main server * SET CONTROL(GSO) -INSERT STC.{zowe.setup.security.stcs.zowe}. LOGONID({zowe.setup.security.users.zowe}.) + -GROUP({zowe.setup.security.groups.stc}.) + -STCID({zowe.setup.security.stcs.zowe}.) +INSERT STC.&ZOWESTC. LOGONID(&ZOWEUSER.) + +GROUP(&STCGRP.) + +STCID(&ZOWESTC.) F ACF2,REFRESH(STC) * * started task for ZOWE Launcher in high availability * SET CONTROL(GSO) -INSERT STC.{zowe.setup.security.stcs.zowe}. LOGONID({zowe.setup.security.users.zowe}.) + -GROUP({zowe.setup.security.groups.stc}.) + -STCID({zowe.setup.security.stcs.zowe}.) +INSERT STC.&ZLNCHSTC. LOGONID(&ZOWEUSER.) + +GROUP(&STCGRP.) + +STCID(&ZLNCHSTC.) F ACF2,REFRESH(STC) * * started task for ZIS cross memory server * SET CONTROL(GSO) -INSERT STC.{zowe.setup.security.stcs.zis}. LOGONID({zowe.setup.security.users.zis}.) + -GROUP({zowe.setup.security.groups.stc}.) + -STCID({zowe.setup.security.stcs.zis}.) +INSERT STC.&ZISSTC. LOGONID(&ZISUSER.) + +GROUP(&STCGRP.) + +STCID(&ZISSTC.) F ACF2,REFRESH(STC) * * started task for ZIS Auxiliary cross memory server * SET CONTROL(GSO) -INSERT STC.{zowe.setup.security.stcs.aux}. LOGONID({zowe.setup.security.users.zis}.) + -GROUP({zowe.setup.security.groups.stc}.) + -STCID({zowe.setup.security.stcs.aux}.) +INSERT STC.&AUXSTC. LOGONID(&ZISUSER.) + +GROUP(&STCGRP.) + +STCID(&AUXSTC.) F ACF2,REFRESH(STC) * * DEFINE ZIS SECURITY RESOURCES .................................. * -* define a role holding the permissions, add {zowe.setup.security.users.zis} and -* {zowe.setup.security.users.zowe} to it +* define a role holding the permissions, add &ZISUSER and +* &ZOWEUSER to it * SET X(ROL) -INSERT {zowe.setup.security.groups.stc}. INCLUDE({zowe.setup.security.users.zowe}.) ROLE +INSERT &STCGRP. INCLUDE(&ZOWEUSER.) ROLE F ACF2,NEWXREF,TYPE(ROL) -CHANGE {zowe.setup.security.groups.stc}. INCLUDE({zowe.setup.security.users.zis}.) ADD +CHANGE &STCGRP. INCLUDE(&ZISUSER.) ADD F ACF2,NEWXREF,TYPE(ROL) * * DEFINE STC SERVER PERMISIONS .................................... @@ -500,7 +560,7 @@ F ACF2,NEWXREF,TYPE(ROL) * permit AUX and Zowe main server to use ZIS cross memory server * SET RESOURCE(FAC) -RECKEY ZWES ADD(IS SERVICE(READ) ROLE({zowe.setup.security.groups.stc}.) ALLOW) +RECKEY ZWES ADD(IS SERVICE(READ) ROLE(&STCGRP.) ALLOW) F ACF2,REBUILD(FAC) * * DEFINE ZOWE SERVER PERMISIONS ................................... @@ -513,18 +573,18 @@ F ACF2,REBUILD(FAC) * it on a production system. * SET RESOURCE(FAC) -RECKEY BPX ADD(DAEMON SERVICE(UPDATE) ROLE({zowe.setup.security.groups.stc}.) ALLOW) -RECKEY BPX ADD(SERVER SERVICE(UPDATE) ROLE({zowe.setup.security.groups.stc}.) ALLOW) +RECKEY BPX ADD(DAEMON SERVICE(UPDATE) ROLE(&STCGRP.) ALLOW) +RECKEY BPX ADD(SERVER SERVICE(UPDATE) ROLE(&STCGRP.) ALLOW) * * permit Zowe main server to create a user's security environment * comment out the following 3 lines if the OMVSAPPL is not defined * in your environment SET RESOURCE(APL) -RECKEY OMVSAPPL ADD(SERVICE(READ) ROLE({zowe.setup.security.groups.stc}.) ALLOW) +RECKEY OMVSAPPL ADD(SERVICE(READ) ROLE(&STCGRP.) ALLOW) F ACF2,REBUILD(APL) * * Allow STCGRP role access to BPX.JOBNAME -RECKEY BPX ADD(JOBNAME SERVICE(READ) ROLE({zowe.setup.security.groups.stc}.) ALLOW) +RECKEY BPX ADD(JOBNAME SERVICE(READ) ROLE(&STCGRP.) ALLOW) F ACF2,REBUILD(FAC) * ** comment out to not use SUPERUSER.FILESYS, see JCL comments @@ -535,27 +595,27 @@ COMPILE * $KEY(SUPERUSER.FILESYS) $TYPE(UNI) $ROLESET - ROLE({zowe.setup.security.groups.stc}.) ALLOW + ROLE(&STCGRP.) ALLOW STORE * SET RESOURCE(UNI) -* RECKEY SUPERUSER.FILESYS ADD(SERVICE(READ) ROLE({zowe.setup.security.groups.stc}.) ALLOW) +* RECKEY SUPERUSER.FILESYS ADD(SERVICE(READ) ROLE(&STCGRP.) ALLOW) F ACF2,REBUILD(UNI) * allow STCGRP role to use client certificate mapping service SET RESOURCE(FAC) -RECKEY IRR ADD(RUSERMAP ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) +RECKEY IRR ADD(RUSERMAP ROLE(&STCGRP.) SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * allow STCGRP role to use distributed identity mapping service SET RESOURCE(FAC) -RECKEY IRR ADD(IDIDMAP.QUERY ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) +RECKEY IRR ADD(IDIDMAP.QUERY ROLE(&STCGRP.) SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * permit Zowe main server to cut SMF records SET RESOURCE(FAC) -RECKEY IRR ADD(RAUDITX ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) +RECKEY IRR ADD(RAUDITX ROLE(&STCGRP.) SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * @@ -567,13 +627,13 @@ F ACF2,REBUILD(FAC) * HLQ stub SET RULE * general data set protection -LIST {zowe.setup.dataset.prefix}. -RECKEY {zowe.setup.dataset.prefix}. ADD(- UID(-) READ(A) EXEC(P)) -RECKEY {zowe.setup.dataset.prefix}. + -ADD(- UID({zowe.setup.security.groups.sysProg}.) READ(A) EXEC(A) ALLOC(A) WRITE(A)) +LIST &HLQ. +RECKEY &HLQ. ADD(- UID(-) READ(A) EXEC(P)) +RECKEY &HLQ. + +ADD(- UID(&SYSPROG.) READ(A) EXEC(A) ALLOC(A) WRITE(A)) * * show results -LIST {zowe.setup.dataset.prefix}. +LIST &HLQ. * * @@ -614,67 +674,67 @@ $$ /* DEFINE ADMINISTRATORS ........................................... */ /* group for administrators */ - TSS LIST({zowe.setup.security.groups.admin}.) SEGMENT(OMVS) - TSS CREATE({zowe.setup.security.groups.admin}.) TYPE(GROUP) + + TSS LIST(&ADMINGRP.) SEGMENT(OMVS) + TSS CREATE(&ADMINGRP.) TYPE(GROUP) + NAME('ZOWE ADMINISTRATORS') + DEPT(&ADMINDEP.) - TSS ADD({zowe.setup.security.groups.admin}.) GID(&ADMINGID.) + TSS ADD(&ADMINGRP.) GID(&ADMINGID.) /* uncomment to add existing user IDs to the &ADMINGRP group */ -/* TSS ADD(userid) GROUP({zowe.setup.security.groups.admin}.) */ +/* TSS ADD(userid) GROUP(&ADMINGRP.) */ /* DEFINE STARTED TASK ............................................. */ /* comment out if STCGRP matches ADMINGRP (default), expect */ /* warning messages otherwise */ /* group for started tasks */ - TSS LIST({zowe.setup.security.groups.stc}.) SEGMENT(OMVS) - TSS CREATE({zowe.setup.security.groups.stc}.) TYPE(GROUP) + + TSS LIST(&STCGRP.) SEGMENT(OMVS) + TSS CREATE(&STCGRP.) TYPE(GROUP) + NAME('STC GROUP WITH OMVS SEGMENT') + DEPT(&STCGDEP.) - TSS ADD({zowe.setup.security.groups.stc}.) GID(&STCGID.) + TSS ADD(&STCGRP.) GID(&STCGID.) /* */ /* userid for ZOWE main server */ - TSS LIST({zowe.setup.security.users.zowe}.) SEGMENT(OMVS) - TSS CREATE({zowe.setup.security.users.zowe}.) TYPE(USER) PASS(NOPW,0) + + TSS LIST(&ZOWEUSER.) SEGMENT(OMVS) + TSS CREATE(&ZOWEUSER.) TYPE(USER) PASS(NOPW,0) + NAME('ZOWE MAIN SERVER') + DEPT(&STCUDEP.) - TSS ADD({zowe.setup.security.users.zowe}.) GROUP({zowe.setup.security.groups.stc}.) + - DFLTGRP({zowe.setup.security.groups.stc}.) + + TSS ADD(&ZOWEUSER.) GROUP(&STCGRP.) + + DFLTGRP(&STCGRP.) + HOME(/tmp) OMVSPGM(/bin/sh) UID(&ZOWEUID.) /* userid for ZIS cross memory server */ - TSS LIST({zowe.setup.security.users.zis}.) SEGMENT(OMVS) - TSS CREATE({zowe.setup.security.users.zis}.) TYPE(USER) PASS(NOPW,0) + + TSS LIST(&ZISUSER.) SEGMENT(OMVS) + TSS CREATE(&ZISUSER.) TYPE(USER) PASS(NOPW,0) + NAME('ZOWE ZIS CROSS MEMORY SERVER') + DEPT(&STCUDEP.) - TSS ADD({zowe.setup.security.users.zis}.) GROUP({zowe.setup.security.groups.stc}.) + - DFLTGRP({zowe.setup.security.groups.stc}.) + + TSS ADD(&ZISUSER.) GROUP(&STCGRP.) + + DFLTGRP(&STCGRP.) + HOME(/tmp) OMVSPGM(/bin/sh) UID(&ZISUID.) /* */ /* started task for ZOWE main server */ - TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.zowe}.) PREFIX - TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.zowe}.) ACID({zowe.setup.security.users.zowe}.) - TSS ADD({zowe.setup.security.users.zowe}.) FAC(STC) + TSS LIST(STC) PROCNAME(&ZOWESTC.) PREFIX + TSS ADD(STC) PROCNAME(&ZOWESTC.) ACID(&ZOWEUSER.) + TSS ADD(&ZOWEUSER.) FAC(STC) /* started task for ZOWE Launcher in high availability */ - TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.zowe}.) PREFIX - TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.zowe}.) ACID({zowe.setup.security.users.zowe}.) - TSS ADD({zowe.setup.security.users.zowe}.) FAC(STC) + TSS LIST(STC) PROCNAME(&ZLNCHSTC.) PREFIX + TSS ADD(STC) PROCNAME(&ZLNCHSTC.) ACID(&ZOWEUSER.) + TSS ADD(&ZOWEUSER.) FAC(STC) /* started task for ZIS cross memory server */ - TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.zis}.) PREFIX - TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.zis}.) ACID({zowe.setup.security.users.zis}.) - TSS ADD({zowe.setup.security.users.zis}.) FAC(STC) + TSS LIST(STC) PROCNAME(&ZISSTC.) PREFIX + TSS ADD(STC) PROCNAME(&ZISSTC.) ACID(&ZISUSER.) + TSS ADD(&ZISUSER.) FAC(STC) /* started task for ZIS Auxiliary cross memory server */ - TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.aux}.) PREFIX - TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.aux}.) ACID({zowe.setup.security.users.zis}.) - TSS ADD({zowe.setup.security.users.zis}.) FAC(STC) + TSS LIST(STC) PROCNAME(&AUXSTC.) PREFIX + TSS ADD(STC) PROCNAME(&AUXSTC.) ACID(&ZISUSER.) + TSS ADD(&ZISUSER.) FAC(STC) /* DEFINE ZIS SECURITY RESOURCES ................................... */ @@ -685,7 +745,7 @@ $$ /* permit AUX STC to use ZIS cross memory server */ TSS WHOHAS IBMFAC(ZWES.IS) - TSS PERMIT({zowe.setup.security.users.zis}.) IBMFAC(ZWES.IS) ACCESS(READ) + TSS PERMIT(&ZISUSER.) IBMFAC(ZWES.IS) ACCESS(READ) #if($ibmTemplate != 'YES') /* The ZOWESTC started task is a multi-user address space therefore */ @@ -719,7 +779,7 @@ $$ /* permit Zowe main server to use ZIS cross memory server */ TSS WHOHAS IBMFAC(ZWES.IS) - TSS PERMIT({zowe.setup.security.users.zowe}.) IBMFAC(ZWES.IS) ACCESS(READ) + TSS PERMIT(&ZOWEUSER.) IBMFAC(ZWES.IS) ACCESS(READ) /* permit Zowe main server to create a user's security environment */ /* ATTENTION: Defining the BPX.DAEMON or BPX.SERVER profile makes */ @@ -729,37 +789,37 @@ $$ /* it on a production system. */ TSS ADD(&FACACID.) IBMFAC(BPX.) TSS WHOHAS IBMFAC(BPX.DAEMON) - TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(BPX.DAEMON) ACCESS(UPDATE) + TSS PER(&ZOWEUSER.) IBMFAC(BPX.DAEMON) ACCESS(UPDATE) TSS WHOHAS IBMFAC(BPX.SERVER) - TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(BPX.SERVER) ACCESS(UPDATE) + TSS PER(&ZOWEUSER.) IBMFAC(BPX.SERVER) ACCESS(UPDATE) /* permit Zowe main server to create a user's security environment */ /* comment out the following line if the OMVSAPPL is not defined */ /* in your environment */ -TSS PERMIT({zowe.setup.security.users.zowe}.) APPL(OMVSAPPL) +TSS PERMIT(&ZOWEUSER.) APPL(OMVSAPPL) /* Allow ZOWEUSER access to BPX.JOBNAME */ TSS WHOHAS IBMFAC(BPX.JOBNAME) - TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(BPX.JOBNAME) ACCESS(READ) + TSS PER(&ZOWEUSER.) IBMFAC(BPX.JOBNAME) ACCESS(READ) /* comment out to not use SUPERUSER.FILESYS, see JCL comments */ /* permit Zowe main server to write persistent data */ TSS ADD(&FACACID.) UNIXPRIV(SUPERUSE) TSS WHOHAS UNIXPRIV(SUPERUSER.FILESYS) - TSS PER({zowe.setup.security.users.zowe}.) UNIXPRIV(SUPERUSER.FILESYS) ACCESS(CONTROL) + TSS PER(&ZOWEUSER.) UNIXPRIV(SUPERUSER.FILESYS) ACCESS(CONTROL) /* permit Zowe main server to use client certificate mapping service */ TSS WHOHAS IBMFAC(IRR.RUSERMAP) - TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(IRR.RUSERMAP) ACCESS(READ) + TSS PER(&ZOWEUSER.) IBMFAC(IRR.RUSERMAP) ACCESS(READ) /* permit Zowe main server to use distributed identity mapping */ /* service TSS WHOHAS IBMFAC(IRR.IDIDMAP.QUERY) - TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(IRR.IDIDMAP.QUERY) ACCESS(READ) + TSS PER(&ZOWEUSER.) IBMFAC(IRR.IDIDMAP.QUERY) ACCESS(READ) /* permit Zowe main server to cut SMF records */ TSS WHOHAS IBMFAC(IRR.RAUDITX) - TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(IRR.RAUDITX) ACCESS(READ) + TSS PER(&ZOWEUSER.) IBMFAC(IRR.RAUDITX) ACCESS(READ) /* DEFINE ZOWE DATA SET PROTECTION ................................. */ @@ -767,15 +827,15 @@ TSS PERMIT({zowe.setup.security.users.zowe}.) APPL(OMVSAPPL) /* advised to protect it against updates. */ /* HLQ stub */ - TSS ADD(&ADMINDEP.) DATASET({zowe.setup.dataset.prefix}..) + TSS ADD(&ADMINDEP.) DATASET(&HLQ..) /* general data set protection */ - TSS WHOHAS DATASET({zowe.setup.dataset.prefix}.) - TSS PER(ALL) DATASET({zowe.setup.dataset.prefix}..) ACCESS(READ) - TSS PER({zowe.setup.security.groups.sysProg}) DATASET({zowe.setup.dataset.prefix}..) ACCESS(ALL) + TSS WHOHAS DATASET(&HLQ.) + TSS PER(ALL) DATASET(&HLQ..) ACCESS(READ) + TSS PER(&SYSPROG) DATASET(&HLQ..) ACCESS(ALL) /* show results */ - TSS WHOHAS DATASET({zowe.setup.dataset.prefix}.) + TSS WHOHAS DATASET(&HLQ.) /* DEFINE ZOWE RESOURCE PROTECTION ................................. */ From 79807a73a458161a838c423abe373bac71b682db Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 30 Jan 2024 11:23:57 -0500 Subject: [PATCH 008/258] Whitespace fixes for jcl Signed-off-by: 1000TurquoisePogs --- files/SZWESAMP/ZWECSVSM | 12 ++-- files/SZWESAMP/ZWEGENER | 10 ++-- files/SZWESAMP/ZWEKRING | 128 ++++++++++++++++++++++++++-------------- files/SZWESAMP/ZWENOKYR | 46 +++++++++++---- files/SZWESAMP/ZWENOSEC | 84 +++++++++++++++++--------- files/SZWESAMP/ZWESECKG | 2 +- 6 files changed, 186 insertions(+), 96 deletions(-) diff --git a/files/SZWESAMP/ZWECSVSM b/files/SZWESAMP/ZWECSVSM index 04ceefae6b..216c1f0bb9 100644 --- a/files/SZWESAMP/ZWECSVSM +++ b/files/SZWESAMP/ZWECSVSM @@ -38,21 +38,21 @@ //SYSPRINT DD SYSOUT=* //SYSIN DD * DEFINE CLUSTER - - (NAME({components.caching-service.storage.vsam.name}) - -// DD DDNAME={zowe.setup.vsam.mode} + (NAME({components.caching-service.storage.vsam.name}) - +// DD DDNAME={zowe.setup.vsam.mode} // DD * REC(80 20) - INDEXED) - - DATA(NAME({components.caching-service.storage.vsam.name}.DATA) - + DATA(NAME({components.caching-service.storage.vsam.name}.DATA) - RECSZ(4096 4096) - UNIQUE - KEYS(128 0)) - - INDEX(NAME({components.caching-service.storage.vsam.name}.INDEX) - + INDEX(NAME({components.caching-service.storage.vsam.name}.INDEX) - UNIQUE) //RLS DD * - STORCLAS({zowe.setup.vsam.storageClass}) - + STORCLAS({zowe.setup.vsam.storageClass}) - LOG(NONE) - //NONRLS DD * - VOLUME({zowe.setup.vsam.volume}) - + VOLUME({zowe.setup.vsam.volume}) - SHAREOPTIONS(2 3) - //* diff --git a/files/SZWESAMP/ZWEGENER b/files/SZWESAMP/ZWEGENER index 554f068e3c..425e2a12a8 100644 --- a/files/SZWESAMP/ZWEGENER +++ b/files/SZWESAMP/ZWEGENER @@ -1,8 +1,8 @@ -//ZWEGENER JOB -//* -//* This job is responsible for generating other jobs required -//* to configure Zowe. -//* +//ZWEGENER JOB +//* +//* This job is responsible for generating other jobs required +//* to configure Zowe. +//* //* The method of validating your configuration is using //* JSON Schema . Zowe provides //* the ConfigMgr to assist in this. This job will invoke diff --git a/files/SZWESAMP/ZWEKRING b/files/SZWESAMP/ZWEKRING index d7cf125975..816e7a63e4 100644 --- a/files/SZWESAMP/ZWEKRING +++ b/files/SZWESAMP/ZWEKRING @@ -112,6 +112,12 @@ //* * Label of the root CA of the z/OSMF certificate if //* applicable // SET ROOTZFCA='' +//******************************************************************* +//* +//* * You do NOT need to set USERNAME when running ZWEGENER. +//* * This is used to keep some lines under the column limit. +//* +// SET USERNAME={zowe.setup.security.users.zowe} //* //********************************************************************* //* @@ -128,7 +134,8 @@ //RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Create the keyring .............................................. */ - RACDCERT ADDRING({zowe.setup.certificate.keyring.name}.) ID({zowe.setup.security.users.zowe}.) + RACDCERT ADDRING({zowe.setup.certificate.keyring.name}.) + + ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(DIGTRING) REFRESH $$ //IFOPT1 IF (&OPTION EQ 1) THEN @@ -153,7 +160,8 @@ $$ KEYUSAGE(CERTSIGN) /* Connect Zowe's local CA authority to the keyring ................ */ - RACDCERT CONNECT(CERTAUTH LABEL('{zowe.setup.certificate.keyring.caLabel}') + + RACDCERT CONNECT(CERTAUTH + + LABEL('{zowe.setup.certificate.keyring.caLabel}') + RING({zowe.setup.certificate.keyring.name}.)) + ID({zowe.setup.security.users.zowe}.) @@ -172,7 +180,8 @@ $$ KEYUSAGE(HANDSHAKE) + ALTNAME(IP(&IPADDRES) + DOMAIN('{zowe.externalDomains[0]}')) + - SIGNWITH(CERTAUTH LABEL('{zowe.setup.certificate.keyring.caLabel}')) + SIGNWITH(CERTAUTH + + LABEL('{zowe.setup.certificate.keyring.caLabel}')) /* Connect a Zowe's certificate with the keyring ................... */ RACDCERT CONNECT(ID({zowe.setup.security.users.zowe}.) + @@ -195,7 +204,8 @@ $$ /* Option 2 - BEGINNING ............................................ */ /* Connect a Zowe's certificate with the keyring ................... */ - RACDCERT CONNECT(SITE | ID({zowe.setup.certificate.keyring.connect.user}) + + RACDCERT CONNECT(SITE | + + ID({zowe.setup.certificate.keyring.connect.user}) + LABEL({zowe.setup.certificate.keyring.connect.label}) + RING({zowe.setup.certificate.keyring.name}.) + USAGE(PERSONAL) DEFAULT) + @@ -216,10 +226,10 @@ $$ /* Option 3 - BEGINNING ............................................ */ /* Import external certificate from data set ....................... */ RACDCERT ADD('{zowe.setup.certificate.keyring.import.dsName}.') + - ID({zowe.setup.security.users.zowe}.) + - WITHLABEL('{zowe.setup.certificate.keyring.label}') + - PASSWORD('{zowe.setup.certificate.keyring.import.password}.') + - TRUST + ID({zowe.setup.security.users.zowe}.) + + WITHLABEL('{zowe.setup.certificate.keyring.label}') + + PASSWORD('{zowe.setup.certificate.keyring.import.password}.') + + TRUST /* Connect a Zowe's certificate with the keyring ................... */ RACDCERT CONNECT(ID({zowe.setup.security.users.zowe}.) + @@ -244,12 +254,14 @@ $$ /* keyring ......................................................... */ RACDCERT CONNECT(CERTAUTH + LABEL('&ITRMZWCA.') + - RING({zowe.setup.certificate.keyring.name}.) USAGE(CERTAUTH)) + + RING({zowe.setup.certificate.keyring.name}.) + + USAGE(CERTAUTH)) + ID({zowe.setup.security.users.zowe}.) RACDCERT CONNECT(CERTAUTH + LABEL('&ROOTZWCA.') + - RING({zowe.setup.certificate.keyring.name}.) USAGE(CERTAUTH)) + + RING({zowe.setup.certificate.keyring.name}.) + + USAGE(CERTAUTH)) + ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH @@ -266,7 +278,8 @@ $$ /* authority (CA) with the keyring ................................. */ RACDCERT CONNECT(CERTAUTH + LABEL('&ROOTZFCA.') + - RING({zowe.setup.certificate.keyring.name}.) USAGE(CERTAUTH)) + + RING({zowe.setup.certificate.keyring.name}.) + + USAGE(CERTAUTH)) + ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH @@ -287,15 +300,20 @@ $$ SETROPTS CLASSACT(RDATALIB) RACLIST(RDATALIB) /* Define profiles that control certificate access ................. */ - RDEFINE RDATALIB {zowe.setup.security.users.zowe}..{zowe.setup.certificate.keyring.name}..LST UACC(NONE) + RDEFINE RDATALIB + + &USERNAME..{zowe.setup.certificate.keyring.name}..LST + + UACC(NONE) /* Permit server user ID to access key ring and related ............ */ /* private keys. ................................................... */ - PERMIT {zowe.setup.security.users.zowe}..{zowe.setup.certificate.keyring.name}..LST CLASS(RDATALIB) ID({zowe.setup.security.users.zowe}.) + - ACCESS(CONTROL) + PERMIT + + &USERNAME..{zowe.setup.certificate.keyring.name}..LST + + CLASS(RDATALIB) ID({zowe.setup.security.users.zowe}.) + + ACCESS(CONTROL) /* Uncomment this command to allow other user to access key ring ... */ -/* PERMIT {zowe.setup.security.users.zowe}..{zowe.setup.certificate.keyring.name}..LST CLASS(RDATALIB) ID() + */ +/* PERMIT &USERNAME..{zowe.setup.certificate.keyring.name}..LST + */ +/* CLASS(RDATALIB) ID() + */ /* ACCESS(READ) */ /* Refresh to dynamically activate the changes. .................... */ @@ -307,25 +325,30 @@ $$ /* continue using their existing IRR.DIGTCERT setup. Note that the . */ /* PERMIT commands will fail if the IRR.DIGTCERT profiles do not ... */ /* already exist. .................................................. */ - PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) ID({zowe.setup.security.users.zowe}.) + + PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) + + ID({zowe.setup.security.users.zowe}.) + ACCESS(READ) - PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) ID({zowe.setup.security.users.zowe}.) + + PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) + + ID({zowe.setup.security.users.zowe}.) + ACCESS(READ) /* Uncomment this command if SITE user owns the Zowe certificate ... */ -/* PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) ID({zowe.setup.security.users.zowe}.) + */ +/* PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) */ +/* ID({zowe.setup.security.users.zowe}.) + */ /* ACCESS(CONTROL) */ SETROPTS RACLIST(FACILITY) REFRESH /* show results .................................................... */ - RLIST RDATALIB {zowe.setup.security.users.zowe}..{zowe.setup.certificate.keyring.name}..LST ALL + RLIST RDATALIB + + &USERNAME..{zowe.setup.certificate.keyring.name}..LST ALL RLIST FACILITY IRR.DIGTCERT.LISTRING ALL RLIST FACILITY IRR.DIGTCERT.LIST ALL RLIST FACILITY IRR.DIGTCERT.GENCERT ALL /* List the keyring ................................................ */ - RACDCERT LISTRING({zowe.setup.certificate.keyring.name}.) ID({zowe.setup.security.users.zowe}.) + RACDCERT LISTRING({zowe.setup.certificate.keyring.name}.) + + ID({zowe.setup.security.users.zowe}.) /* Common part - END ............................................... */ /* only the last RC is returned, this command ensures it is a 0 .... */ @@ -345,7 +368,8 @@ ACF // * Create the keyring .............................................. */ SET PROFILE(USER) DIVISION(KEYRING) - INSERT {zowe.setup.security.users.zowe}..ZOWERING RINGNAME({zowe.setup.certificate.keyring.name}.) + INSERT {zowe.setup.security.users.zowe}..ZOWERING + + RINGNAME({zowe.setup.certificate.keyring.name}.) F ACF2,REBUILD(USR),CLASS(P),DIVISION(KEYRING) $$ //IFOPT1 IF (&OPTION EQ 1) THEN @@ -358,7 +382,8 @@ ACF * Option 1 - Default Option - BEGINNING ........................... */ * Create Zowe's local CA authority ................................ */ SET PROFILE(USER) DIVISION(CERTDATA) - GENCERT CERTAUTH.ZOWECA LABEL({zowe.setup.certificate.keyring.caLabel}) SIZE(2048) - + GENCERT CERTAUTH.ZOWECA - + LABEL({zowe.setup.certificate.keyring.caLabel}) SIZE(2048) - SUBJSDN(CN='{zowe.setup.certificate.dname}. CA' - OU='{zowe.setup.certificate.dname.orgUnit}.' - O='{zowe.setup.certificate.dname.org}.' - @@ -370,7 +395,8 @@ ACF * * Connect Zowe's local CA authority to the keyring ................ */ SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA(CERTAUTH.ZOWECA) RINGNAME({zowe.setup.certificate.keyring.name}.) - + CONNECT CERTDATA(CERTAUTH.ZOWECA) - + RINGNAME({zowe.setup.certificate.keyring.name}.) - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) CHKCERT CERTAUTH.ZOWECA * @@ -393,7 +419,8 @@ ACF * Connect a Zowe's certificate with the keyring ................... */ SET PROFILE(USER) DIVISION(CERTDATA) CONNECT CERTDATA({zowe.setup.security.users.zowe}..ZOWECERT) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(PERSONAL) DEFAULT + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - + USAGE(PERSONAL) DEFAULT CHKCERT {zowe.setup.security.users.zowe}..ZOWECERT * * Option 1 - Default Option - END ................................. */ @@ -411,7 +438,8 @@ ACF * Connect a Zowe's certificate with the keyring ................... */ SET PROFILE(USER) DIVISION(CERTDATA) CONNECT CERTDATA(SITECERT.digicert | userid.digicert) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(PERSONAL) DEFAULT + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - + USAGE(PERSONAL) DEFAULT CHKCERT {zowe.setup.security.users.zowe}..ZOWECERT * * Option 2 - END .................................................. */ @@ -429,15 +457,16 @@ ACF * Import external certificate from data set ....................... */ SET PROFILE(USER) DIV(CERTDATA) INSERT {zowe.setup.security.users.zowe}..ZOWECERT - - DSNAME('{zowe.setup.certificate.keyring.import.dsName}.') - - LABEL(&LABEL.) - - PASSWORD('{zowe.setup.certificate.keyring.import.password}.') - - TRUST + DSNAME('{zowe.setup.certificate.keyring.import.dsName}.') - + LABEL(&LABEL.) - + PASSWORD('{zowe.setup.certificate.keyring.import.password}.') - + TRUST * * Connect a Zowe's certificate with the keyring ................... */ SET PROFILE(USER) DIVISION(CERTDATA) CONNECT CERTDATA({zowe.setup.security.users.zowe}..ZOWECERT) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(PERSONAL) DEFAULT + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - + USAGE(PERSONAL) DEFAULT CHKCERT {zowe.setup.security.users.zowe}..ZOWECERT * * Option 3 - END .................................................. */ @@ -454,10 +483,12 @@ ACF * Connect all CAs of the Zowe certificate's signing chain with the */ * keyring ......................................................... */ SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA(CERTAUTH.&ITRMZWCA.) RINGNAME({zowe.setup.certificate.keyring.name}.) - + CONNECT CERTDATA(CERTAUTH.&ITRMZWCA.) - + RINGNAME({zowe.setup.certificate.keyring.name}.) - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) * - CONNECT CERTDATA(CERTAUTH.&ROOTZWCA.) RINGNAME({zowe.setup.certificate.keyring.name}.) - + CONNECT CERTDATA(CERTAUTH.&ROOTZWCA.) - + RINGNAME({zowe.setup.certificate.keyring.name}.) - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) $$ //IFZWCAED ENDIF @@ -472,7 +503,8 @@ ACF * Connect the z/OSMF root CA signed by a recognized certificate ... */ * authority (CA) with the keyring ................................. */ SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA(CERTAUTH.&ROOTZFCA.) RINGNAME({zowe.setup.certificate.keyring.name}.) - + CONNECT CERTDATA(CERTAUTH.&ROOTZFCA.) - + RINGNAME({zowe.setup.certificate.keyring.name}.) - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) $$ //IFZFCAED ENDIF @@ -487,11 +519,13 @@ ACF * * Allow ZOWEUSER to access keyring ................................ */ SET RESOURCE(FAC) - RECKEY IRR ADD(DIGTCERT.LISTRING ROLE({zowe.setup.security.groups.stc}) - + RECKEY IRR ADD(DIGTCERT.LISTRING - + ROLE({zowe.setup.security.groups.stc}) - SERVICE(READ) ALLOW) * * Uncomment this command if SITE acid owns the Zowe certificate ... */ -* RECKEY IRR ADD(DIGTCERT.GENCERT ROLE({zowe.setup.security.groups.stc}) - +* RECKEY IRR ADD(DIGTCERT.GENCERT - +* ROLE({zowe.setup.security.groups.stc}) - * SERVICE(CONTROL) ALLOW) * F ACF2,REBUILD(FAC) @@ -513,7 +547,8 @@ $$ //TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Create the keyring .............................................. */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) $$ //IFOPT1 IF (&OPTION EQ 1) THEN //RUNOPT1 EXEC PGM=IKJEFT01,REGION=0M @@ -537,7 +572,8 @@ $$ KEYUSAGE('CERTSIGN') /* Connect Zowe's local CA authority to the keyring ................ */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + RINGDATA(CERTAUTH,ZOWECA) /* Create a certificate signed by local zowe's CA .................. */ @@ -614,10 +650,12 @@ $$ /* Connect all CAs of the Zowe certificate's signing chain with the */ /* keyring ......................................................... */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + RINGDATA(CERTAUTH,&ITRMZWCA.) USAGE(CERTAUTH) - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + RINGDATA(CERTAUTH,&ROOTZWCA.) USAGE(CERTAUTH) $$ //IFZWCAED ENDIF @@ -630,7 +668,8 @@ $$ /* Connect the z/OSMF root CA signed by a recognized certificate ... */ /* authority (CA) with the keyring ................................. */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + RINGDATA(CERTAUTH,&ROOTZFCA.) USAGE(CERTAUTH) $$ //IFZFCAED ENDIF @@ -643,13 +682,16 @@ $$ /* A common part for all options starts here ....................... */ /* Allow ZOWEUSER to access keyring ................................ */ - TSS PERMIT({zowe.setup.security.users.zowe}.) IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) + TSS PERMIT({zowe.setup.security.users.zowe}.) + + IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) /* Uncomment this command if SITE acid owns the Zowe certificate ... */ -/* TSS PERMIT({zowe.setup.security.users.zowe}.) IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) +/* TSS PERMIT({zowe.setup.security.users.zowe}.) + + IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) /* List the keyring ................................................ */ - TSS LIST({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + TSS LIST({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) /* Common part - END ............................................... */ /* only the last RC is returned, this command ensures it is a 0 */ diff --git a/files/SZWESAMP/ZWENOKYR b/files/SZWESAMP/ZWENOKYR index b7ba95b2b4..4212678c0f 100644 --- a/files/SZWESAMP/ZWENOKYR +++ b/files/SZWESAMP/ZWENOKYR @@ -33,6 +33,13 @@ //* 2. This job WILL complete with return code 0. //* The results of each command must be verified after completion. //* +//******************************************************************* +//* +//* * You do NOT need to set USERNAME when running ZWEGENER. +//* * This is used to keep some lines under the column limit. +//* +// SET USERNAME={zowe.setup.security.users.zowe} +//* //********************************************************************* // EXPORT SYMLIST=* //* @@ -51,30 +58,39 @@ //RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Remove permit to use SITE owned certificate's private key */ - PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) + PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) + + DELETE ID({zowe.setup.security.users.zowe}.) /* Remove permit to read keyring ................................... */ - PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) + PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) + + DELETE ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(FACILITY) REFRESH /* Remove keyring profile defined on RDATALIB class ................ */ - RLIST RDATALIB {zowe.setup.security.users.zowe}..{zowe.setup.certificate.keyring.name}..LST ALL - PERMIT {zowe.setup.security.users.zowe}..{zowe.setup.certificate.keyring.name}..LST CLASS(RDATALIB) DELETE + - ID({zowe.setup.security.users.zowe}.) - RDELETE RDATALIB {zowe.setup.security.users.zowe}..{zowe.setup.certificate.keyring.name}..LST + RLIST RDATALIB + + &USERNAME..{zowe.setup.certificate.keyring.name}..LST ALL + PERMIT + + &USERNAME..{zowe.setup.certificate.keyring.name}..LST + + CLASS(RDATALIB) DELETE + + ID({zowe.setup.security.users.zowe}.) + RDELETE RDATALIB + + &USERNAME..{zowe.setup.certificate.keyring.name}..LST /* Refresh to dynamically activate the changes. .................... */ SETROPTS RACLIST(RDATALIB) REFRESH /* Delete LABEL certificate ........................................*/ - RACDCERT DELETE(LABEL('{zowe.setup.certificate.keyring.label}.')) ID({zowe.setup.security.users.zowe}.) + RACDCERT DELETE(LABEL('{zowe.setup.certificate.keyring.label}.')) + + ID({zowe.setup.security.users.zowe}.) /* Delete LOCALCA certificate ......................................*/ - RACDCERT DELETE(LABEL('{zowe.setup.certificate.keyring.caLabel}.')) CERTAUTH + RACDCERT DELETE(LABEL( + + '{zowe.setup.certificate.keyring.caLabel}.')) CERTAUTH /* Delete keyring ...................................................*/ - RACDCERT DELRING({zowe.setup.certificate.keyring.name}.) ID({zowe.setup.security.users.zowe}.) + RACDCERT DELRING({zowe.setup.certificate.keyring.name}.) + + ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(DIGTCERT, DIGTRING) REFRESH @@ -92,11 +108,13 @@ ACF * Remove permit to use SITE owned certificate's private key SET RESOURCE(FAC) - RECKEY IRR DEL(DIGTCERT.GENCERT ROLE({zowe.setup.security.groups.stc}) + + RECKEY IRR DEL(DIGTCERT.GENCERT + + ROLE({zowe.setup.security.groups.stc}) + SERVICE(CONTROL) ALLOW) * Remove permit to read keyring ....................................*/ - RECKEY IRR DEL(DIGTCERT.LISTRING ROLE({zowe.setup.security.groups.stc}) + + RECKEY IRR DEL(DIGTCERT.LISTRING + + ROLE({zowe.setup.security.groups.stc}) + SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) @@ -123,10 +141,12 @@ $$ //TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Remove permit to use SITE owned certificate's private key */ - TSS REVOKE({zowe.setup.security.users.zowe}.) IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) + TSS REVOKE({zowe.setup.security.users.zowe}.) + + IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) /* Remove permit to read keyring ................................... */ - TSS REVOKE({zowe.setup.security.users.zowe}.) IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) + TSS REVOKE({zowe.setup.security.users.zowe}.) + + IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) /* Delete LABEL certificate ........................................*/ TSS REM({zowe.setup.security.users.zowe}.) DIGICERT(ZOWECERT) diff --git a/files/SZWESAMP/ZWENOSEC b/files/SZWESAMP/ZWENOSEC index f769e82e9a..44036f1f2b 100644 --- a/files/SZWESAMP/ZWENOSEC +++ b/files/SZWESAMP/ZWENOSEC @@ -70,7 +70,8 @@ /* remove general data set protection */ LISTDSD PREFIX({zowe.setup.datasets.prefix}.) ALL - PERMIT '{zowe.setup.datasets.prefix}..*.**' CLASS(DATASET) DELETE ID({zowe.setup.security.groups.sysProg}.) + PERMIT '{zowe.setup.datasets.prefix}..*.**' CLASS(DATASET) + + DELETE ID({zowe.setup.security.groups.sysProg}.) DELDSD '{zowe.setup.datasets.prefix}..*.**' /* remove HLQ stub */ @@ -83,33 +84,42 @@ /* remove permit to use ZIS */ RLIST FACILITY ZWES.IS ALL - PERMIT ZWES.IS CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) + PERMIT ZWES.IS CLASS(FACILITY) + + DELETE ID({zowe.setup.security.users.zowe}.) /* remove permit to create a user's security environment */ RLIST FACILITY BPX.DAEMON ALL - PERMIT BPX.DAEMON CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) + PERMIT BPX.DAEMON CLASS(FACILITY) DELETE + + ID({zowe.setup.security.users.zowe}.) RLIST FACILITY BPX.SERVER ALL - PERMIT BPX.SERVER CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) + PERMIT BPX.SERVER CLASS(FACILITY) DELETE + + ID({zowe.setup.security.users.zowe}.) - PERMIT OMVSAPPL CLASS(APPL) DELETE ID({zowe.setup.security.users.zowe}.) + PERMIT OMVSAPPL CLASS(APPL) DELETE + + ID({zowe.setup.security.users.zowe}.) /* remove permit to set jobname */ RLIST FACILITY BPX.JOBNAME ALL - PERMIT BPX.JOBNAME CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) + PERMIT BPX.JOBNAME CLASS(FACILITY) DELETE + + ID({zowe.setup.security.users.zowe}.) /* remove permit to write persistent data */ RLIST UNIXPRIV SUPERUSER.FILESYS ALL - PERMIT SUPERUSER.FILESYS CLASS(UNIXPRIV) DELETE ID({zowe.setup.security.users.zowe}.) + PERMIT SUPERUSER.FILESYS CLASS(UNIXPRIV) DELETE + + ID({zowe.setup.security.users.zowe}.) /* remove permit to use client certificate mapping service */ - PERMIT IRR.RUSERMAP CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) + PERMIT IRR.RUSERMAP CLASS(FACILITY) DELETE + + ID({zowe.setup.security.users.zowe}.) /* remove permit to use distributed identity mapping service */ - PERMIT IRR.IDIDMAP.QUERY CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) + PERMIT IRR.IDIDMAP.QUERY CLASS(FACILITY) DELETE + + ID({zowe.setup.security.users.zowe}.) /* remove permit Zowe main server to cut SMF records */ - PERMIT IRR.RAUDITX CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) + PERMIT IRR.RAUDITX CLASS(FACILITY) DELETE + + ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(FACILITY) REFRESH SETROPTS RACLIST(UNIXPRIV) REFRESH @@ -118,7 +128,8 @@ /* remove permit to use ZIS */ RLIST FACILITY ZWES.IS ALL - PERMIT ZWES.IS CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zis}.) + PERMIT ZWES.IS CLASS(FACILITY) DELETE + + ID({zowe.setup.security.users.zis}.) /* REMOVE STARTED TASKS ............................................ */ @@ -130,7 +141,8 @@ LISTUSER {zowe.setup.security.users.zis}. OMVS DELUSER {zowe.setup.security.users.zis}. -/* comment out if {zowe.setup.security.groups.stc} matches {zowe.setup.security.groups.admin} (default), expect */ +/* comment out if {zowe.setup.security.groups.stc} matches */ +/* {zowe.setup.security.groups.admin} (default), expect */ /* warning messages otherwise */ /* remove group for started tasks */ LISTGRP {zowe.setup.security.groups.stc}. OMVS @@ -152,8 +164,10 @@ /* REMOVE ADMINISTRATORS ........................................... */ -/* uncomment to remove user IDs from the {zowe.setup.security.groups.admin} group */ -/* REMOVE (userid,userid,...) GROUP({zowe.setup.security.groups.admin}.) */ +/* uncomment to remove user IDs from */ +/* the {zowe.setup.security.groups.admin} group */ +/* REMOVE (userid,userid,...) */ +/* GROUP({zowe.setup.security.groups.admin}.) */ /* remove group for administrators */ LISTGRP {zowe.setup.security.groups.admin}. OMVS @@ -236,18 +250,23 @@ F ACF2,REFRESH(STC) * * Revoke access to ZIS SET RESOURCE(FAC) -RECKEY ZWES DEL(IS ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) +RECKEY ZWES DEL(IS ROLE({zowe.setup.security.groups.stc}.) + + SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * * Remove Zowe main server * SET RESOURCE(FAC) -RECKEY BPX DEL(DAEMON ROLE({zowe.setup.security.groups.stc}.) SERVICE(UPDATE) ALLOW) -RECKEY BPX DEL(SERVER ROLE({zowe.setup.security.groups.stc}.) SERVICE(UPDATE) ALLOW) -RECKEY BPX DEL(JOBNAME ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) +RECKEY BPX DEL(DAEMON ROLE({zowe.setup.security.groups.stc}.) + + SERVICE(UPDATE) ALLOW) +RECKEY BPX DEL(SERVER ROLE({zowe.setup.security.groups.stc}.) + + SERVICE(UPDATE) ALLOW) +RECKEY BPX DEL(JOBNAME ROLE({zowe.setup.security.groups.stc}.) + + SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) SET RESOURCE(APL) -RECKEY OMVSAPPL DEL(SERVICE(READ) ROLE({zowe.setup.security.groups.stc}.) ALLOW) +RECKEY OMVSAPPL DEL(SERVICE(READ) + + ROLE({zowe.setup.security.groups.stc}.) ALLOW) F ACF2,REBUILD(APL) * Remove UNI * @@ -260,18 +279,21 @@ F ACF2,REBUILD(UNI) * Remove STCGRP role permission to use client certificate mapping * service SET RESOURCE(FAC) -RECKEY IRR DEL(RUSERMAP ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) +RECKEY IRR DEL(RUSERMAP ROLE({zowe.setup.security.groups.stc}.) + + SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * Remove STCGRP role permission to use distributed certificate mapping * service SET RESOURCE(FAC) -RECKEY IRR DEL(IDIDMAP.QUERY ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) +RECKEY IRR DEL(IDIDMAP.QUERY + + ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * Remove STCGRP role permission to cut SMF records SET RESOURCE(FAC) -RECKEY IRR DEL(RAUDITX ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) +RECKEY IRR DEL(RAUDITX ROLE({zowe.setup.security.groups.stc}.) + + SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * Remove data set protection @@ -303,7 +325,8 @@ $$ /* removE general data set protection */ TSS WHOHAS DATASET({zowe.setup.datasets.prefix}) TSS REVOKE(ALL) DATASET({zowe.setup.datasets.prefix}..) -TSS REVOKE({zowe.setup.security.groups.sysProg}) DATASET({zowe.setup.datasets.prefix}..) +TSS REVOKE({zowe.setup.security.groups.sysProg}) + + DATASET({zowe.setup.datasets.prefix}..) TSS REMOVE(&ADMINDEP) DATASET({zowe.setup.datasets.prefix}..) /* REMOVE ZOWE SERVER PERMISIONS ................................... */ @@ -326,7 +349,8 @@ TSS REVOKE({zowe.setup.security.users.zowe}) IBMFAC(BPX.JOBNAME) /* remove permit to write persistent data */ TSS WHOHAS UNIXPRIV(SUPERUSER.FILESYS) -TSS REVOKE({zowe.setup.security.users.zowe}) UNIXPRIV(SUPERUSER.FILESYS) +TSS REVOKE({zowe.setup.security.users.zowe}) + + UNIXPRIV(SUPERUSER.FILESYS) /* remove permit Zowe main server to use client certificate mapping */ /* service */ @@ -336,7 +360,8 @@ TSS REVOKE({zowe.setup.security.users.zowe}.) IBMFAC(IRR.RUSERMAP) /* remove permit Zowe main server to use distributed identity */ /* mapping service */ TSS WHOHAS IBMFAC(IRR.IDIDMAP.QUERY) -TSS REVOKE({zowe.setup.security.users.zowe}.) IBMFAC(IRR.IDIDMAP.QUERY) +TSS REVOKE({zowe.setup.security.users.zowe}.) + + IBMFAC(IRR.IDIDMAP.QUERY) /* remove permit Zowe main server to cut SMF records */ TSS WHOHAS IBMFAC(IRR.RAUDITX) @@ -358,7 +383,8 @@ TSS DELETE({zowe.setup.security.users.zowe}) TSS LIST({zowe.setup.security.users.zis}) TSS DELETE({zowe.setup.security.users.zis}) -/* comment out if {zowe.setup.security.groups.stc} matches {zowe.setup.security.groups.admin} (default), expect */ +/* comment out if {zowe.setup.security.groups.stc} matches */ +/* {zowe.setup.security.groups.admin} (default), expect */ /* warning messages otherwise */ /* remove group for started tasks */ TSS LIST({zowe.setup.security.groups.stc}) @@ -378,8 +404,10 @@ TSS REMOVE(STC) PROCNAME({zowe.setup.security.stcs.aux}) /* REMOVE ADMINISTRATORS ........................................... */ -/* uncomment to remove user IDs from the {zowe.setup.security.groups.admin} group */ -/* TSS REMOVE (userid) GROUP({zowe.setup.security.groups.admin}.) */ +/* uncomment to remove user IDs from */ +/* the {zowe.setup.security.groups.admin} group */ +/* TSS REMOVE (userid) + */ +/* GROUP({zowe.setup.security.groups.admin}.) */ /* remove group for administrators */ TSS LIST({zowe.setup.security.groups.admin}) TSS DELETE({zowe.setup.security.groups.admin}) diff --git a/files/SZWESAMP/ZWESECKG b/files/SZWESAMP/ZWESECKG index 6b8861aaa5..454085367c 100644 --- a/files/SZWESAMP/ZWESECKG +++ b/files/SZWESAMP/ZWESECKG @@ -133,6 +133,6 @@ void printHex(unsigned char *text, unsigned int len) } /* end printHex */ /* //BIND.SYSIN DD * - INCLUDE '/usr/lib/CSFDLL31.x' + INCLUDE '/usr/lib/CSFDLL31.x' /* // From 94a91513dbaf2e8c9f82eb056c02fd9537439993 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 30 Jan 2024 12:26:32 -0500 Subject: [PATCH 009/258] Add better mvs step logging and implement jcl cleanup for init vsam Signed-off-by: 1000TurquoisePogs --- bin/commands/init/mvs/.errors | 2 + bin/commands/init/mvs/index.sh | 23 ++++-- bin/commands/init/vsam/index.sh | 128 ++++++++++++-------------------- 3 files changed, 66 insertions(+), 87 deletions(-) diff --git a/bin/commands/init/mvs/.errors b/bin/commands/init/mvs/.errors index e0d97a80c7..1fdebba80c 100644 --- a/bin/commands/init/mvs/.errors +++ b/bin/commands/init/mvs/.errors @@ -2,3 +2,5 @@ ZWEL0157E|157|%s (%s) is not defined in Zowe YAML configuration file. ZWEL0300W||%s already exists. This data set member will be overwritten during configuration. ZWEL0301W||%s already exists and will not be overwritten. For upgrades, you must use --allow-overwrite. ZWEL0158E|158|%s already exists. +ZWEL0161E|161|Failed to run JCL %s. +ZWEL0162E|162|Failed to find job %s result. diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index 65effbc77f..36acb65d48 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -29,7 +29,7 @@ if [ -z "${prefix}" ]; then print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 fi -jcllib_location=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") +jcllib_location=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") does_jcl_exist=$(is_data_set_exists "${jcllib_location}(ZWEIMVS)") if [ "${does_jcl_exist}" = "false" ]; then print_error_and_exit "Error ZWEL0999E: ${jcllib_location}(ZWEIMVS) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 @@ -81,16 +81,29 @@ else copy_mvs_to_uss "${jcllib_location}(ZWEIMVS)" "${jcl_file}" jcl_contents=$(cat "${jcl_file}") - print_message "Template JCL: ${prefix}.SZWESAMP(ZWEIMVS) , Executable JCL: ${jcl_location}(ZWEIMVS)" + print_message "Template JCL: ${prefix}.SZWESAMP(ZWEIMVS) , Executable JCL: ${jcllib_location}(ZWEIMVS)" print_message "JCL Content:" print_message "$jcl_contents" if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then print_message "Submitting Job ZWEIMVS" jobid=$(submit_job "$jcl_contents") - rc=$(wait_for_job "${jobid}") - print_message "Job completed with RC=${rc}" - if [ "${rc}" -eq 0 ]; then + code=$? + if [ ${code} -ne 0 ]; then + print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib_location}(ZWEIMVS)." "" 161 + fi + print_debug "- job id ${jobid}" + + jobstate=$(wait_for_job "${jobid}") + code=$? + if [ ${code} -eq 1 ]; then + print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 + fi + jobname=$(echo "${jobstate}" | awk -F, '{print $2}') + jobcctext=$(echo "${jobstate}" | awk -F, '{print $3}') + jobcccode=$(echo "${jobstate}" | awk -F, '{print $4}') + + if [ "${code}" -eq 0 ]; then print_level2_message "Zowe custom data sets are initialized successfully." else print_level2_message "Zowe custom data sets initialized with errors." diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index acf3ae06cb..d12f7d812b 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -25,17 +25,20 @@ if [ "${caching_storage}" != "VSAM" ]; then print_error "Warning ZWEL0301W: Zowe Caching Service is not configured to use VSAM. Command skipped." return 0 fi - # read prefix and validate prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") if [ -z "${prefix}" ]; then print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 fi -# read JCL library and validate + jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") -if [ -z "${jcllib}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe custom JCL library (zowe.setup.dataset.jcllib) is not defined in Zowe YAML configuration file." "" 157 +does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEIMVS)") +if [ "${does_jcl_exist}" = "false" ]; then + print_error_and_exit "Error ZWEL0999E: ${jcllib}(ZWEIMVS) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 fi + + + vsam_mode=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.vsam.mode") if [ -z "${vsam_mode}" ]; then vsam_mode=NONRLS @@ -75,89 +78,50 @@ fi # FIXME: cat cannot be used to test VSAM data set vsam_existence=$(is_data_set_exists "${vsam_name}") if [ "${vsam_existence}" = "true" ]; then - # error - print_error_and_exit "Error ZWEL0158E: ${vsam_name} already exists." "" 158 -fi -if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then - # delete blindly and ignore errors - result=$(tso_command delete "'${vsam_name}'") + if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then + # delete blindly and ignore errors + result=$(tso_command delete "'${vsam_name}'") + fi + else + # error + print_error_and_exit "Error ZWEL0158E: ${vsam_name} already exists." "" 158 + fi fi -if [ "${jcl_existence}" = "true" ] && [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" != "true" ]; then - print_message "Skipped writing to ${jcllib}(ZWECSVSM). To write, you must use --allow-overwrite." -else - ############################### - # prepare STCs - # ZWESLSTC - print_message "Modify ZWECSVSM" - tmpfile=$(create_tmp_file $(echo "zwe ${ZWE_CLI_COMMANDS_LIST}" | sed "s# #-#g")) - print_debug "- Copy ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWECSVSM) to ${tmpfile}" - result=$(cat "//'${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWECSVSM)'" | \ - sed "s/^\/\/ \+SET \+MODE=.*\$/\/\/ SET MODE=${vsam_mode}/" | \ - sed "/^\/\/ALLOC/,9999s/#dsname/${vsam_name}/g" | \ - sed "/^\/\/ALLOC/,9999s/#volume/${vsam_volume}/g" | \ - sed "/^\/\/ALLOC/,9999s/#storclas/${vsam_storageClass}/g" \ - > "${tmpfile}") - code=$? - chmod 700 "${tmpfile}" - if [ ${code} -eq 0 ]; then - print_debug " * Succeeded" - print_trace " * Exit code: ${code}" - print_trace " * Output:" - if [ -n "${result}" ]; then - print_trace "$(padding_left "${result}" " ")" +jcl_file=$(create_tmp_file) +copy_mvs_to_uss "${jcllib}(ZWECSVSM)" "${jcl_file}" +jcl_contents=$(cat "${jcl_file}") + +print_message "Template JCL: ${prefix}.SZWESAMP(ZWECSVSM) , Executable JCL: ${jcllib}(ZWECSVSM)" +print_message "JCL Content:" +print_message "$jcl_contents" + +if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then + print_message "Submitting Job ZWECSVSM" + jobid=$(submit_job "$jcl_contents") + code=$? + if [ ${code} -ne 0 ]; then + print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib}(ZWECSVSM)." "" 161 fi - else - print_debug " * Failed" - print_error " * Exit code: ${code}" - print_error " * Output:" - if [ -n "${result}" ]; then - print_error "$(padding_left "${result}" " ")" + print_debug "- job id ${jobid}" + + jobstate=$(wait_for_job "${jobid}") + code=$? + if [ ${code} -eq 1 ]; then + print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 fi - fi - if [ ! -f "${tmpfile}" ]; then - print_error_and_exit "Error ZWEL0159E: Failed to modify ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWECSVSM)" "" 159 - fi - print_trace "- ${tmpfile} created with content" - print_trace "$(cat "${tmpfile}")" - print_trace "- ensure ${tmpfile} encoding before copying into data set" - ensure_file_encoding "${tmpfile}" "SPDX-License-Identifier" - print_trace "- copy to ${jcllib}(ZWECSVSM)" - copy_to_data_set "${tmpfile}" "${jcllib}(ZWECSVSM)" "" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" - code=$? - print_trace "- Delete ${tmpfile}" - rm -f "${tmpfile}" - if [ ${code} -ne 0 ]; then - print_error_and_exit "Error ZWEL0160E: Failed to write to ${jcllib}(ZWECSVSM). Please check if target data set is opened by others." "" 160 - fi - print_message "- ${jcllib}(ZWECSVSM) is prepared" - print_message -fi + jobname=$(echo "${jobstate}" | awk -F, '{print $2}') + jobcctext=$(echo "${jobstate}" | awk -F, '{print $3}') + jobcccode=$(echo "${jobstate}" | awk -F, '{print $4}') -############################### -# submit job -print_message "Submit ${jcllib}(ZWECSVSM)" -jobid=$(submit_job "//'${jcllib}(ZWECSVSM)'") -code=$? -if [ ${code} -ne 0 ]; then - print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib}(ZWECSVSM)." "" 161 -fi -print_debug "- job id ${jobid}" -jobstate=$(wait_for_job "${jobid}") -code=$? -if [ ${code} -eq 1 ]; then - print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 -fi -jobname=$(echo "${jobstate}" | awk -F, '{print $2}') -jobcctext=$(echo "${jobstate}" | awk -F, '{print $3}') -jobcccode=$(echo "${jobstate}" | awk -F, '{print $4}') -if [ ${code} -eq 0 ]; then - print_message "- Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." + if [ "${code}" -eq 0 ]; then + print_level2_message "Zowe Caching Service VSAM storage is created successfully." + else + print_error_and_exit "Error ZWEL0163E: Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." "" 163 + fi else - print_error_and_exit "Error ZWEL0163E: Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." "" 163 + print_message "JCL not submitted, command run with dry run flag." + print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" + print_level2_message "Zowe Caching Service VSAM storage is created successfully." fi - -############################### -# exit message -print_level2_message "Zowe Caching Service VSAM storage is created successfully." From e861049ed42178c1f45a04aa885317497ee5b456 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 30 Jan 2024 14:35:08 -0500 Subject: [PATCH 010/258] Add STC to jcl lib output. Fix whitespace on ZWEGENER Signed-off-by: 1000TurquoisePogs --- files/SZWEEXEC/ZWEGEN00 | 3 --- files/SZWESAMP/ZWEGENER | 10 +++++----- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/files/SZWEEXEC/ZWEGEN00 b/files/SZWEEXEC/ZWEGEN00 index 60fff0aef9..c39409178e 100644 --- a/files/SZWEEXEC/ZWEGEN00 +++ b/files/SZWEEXEC/ZWEGEN00 @@ -184,9 +184,6 @@ end /* members which are not JCL */ x = DeleteDataSet(jclCopy'(ZWEGENER)') -x = DeleteDataSet(jclCopy'(ZWESLSTC)') -x = DeleteDataSet(jclCopy'(ZWESASTC)') -x = DeleteDataSet(jclCopy'(ZWESISTC)') x = DeleteDataSet(jclCopy'(ZWESIP00)') x = DeleteDataSet(jclCopy'(ZWESIPRG)') x = DeleteDataSet(jclCopy'(ZWESISCH)') diff --git a/files/SZWESAMP/ZWEGENER b/files/SZWESAMP/ZWEGENER index 425e2a12a8..e1f8b2b562 100644 --- a/files/SZWESAMP/ZWEGENER +++ b/files/SZWESAMP/ZWEGENER @@ -1,8 +1,8 @@ -//ZWEGENER JOB -//* -//* This job is responsible for generating other jobs required -//* to configure Zowe. -//* +//ZWEGENER JOB +//* +//* This job is responsible for generating other jobs required +//* to configure Zowe. +//* //* The method of validating your configuration is using //* JSON Schema . Zowe provides //* the ConfigMgr to assist in this. This job will invoke From ebb9f7223381c9c1b9b18ce48509bd8f0547709b Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 30 Jan 2024 16:37:26 -0500 Subject: [PATCH 011/258] Fix zwekring reference and vsam breaking rexx Signed-off-by: 1000TurquoisePogs --- example-zowe.yaml | 8 +++++++- files/SZWESAMP/ZWECSVSM | 6 +++--- files/SZWESAMP/ZWEGENER | 12 +++++------- files/SZWESAMP/ZWEKRING | 6 +++--- schemas/zowe-yaml-schema.json | 4 ++++ 5 files changed, 22 insertions(+), 14 deletions(-) diff --git a/example-zowe.yaml b/example-zowe.yaml index 144ca7227b..e944ca9760 100644 --- a/example-zowe.yaml +++ b/example-zowe.yaml @@ -40,6 +40,10 @@ zowe: dataset: # **COMMONLY_CUSTOMIZED** # where Zowe MVS data sets will be installed + # This prefix is used for the Zowe runtime datasets + # Including: + # Auth Load Lib: SZWEAUTH + # Load Lib: SZWELOAD prefix: IBMUSER.ZWEV2 # **COMMONLY_CUSTOMIZED** # PROCLIB where Zowe STCs will be copied over @@ -176,7 +180,6 @@ zowe: # certificate: # # Type of certificate storage. Valid values are: JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS # type: JCERACFKS - # createZosmfTrust: true # keyring: # # **COMMONLY_CUSTOMIZED** # # keyring name @@ -254,6 +257,7 @@ zowe: # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # VSAM configurations if you are using VSAM as Caching Service storage + # This is used in the optional "zwe init vsam" command. vsam: # VSAM data set with Record-Level-Sharing enabled or not # Valid values could be: NONRLS or RLS. @@ -262,6 +266,8 @@ zowe: volume: "" # Storage class name if you are using VSAM in RLS mode storageClass: "" + # Data set name. Must match components.caching-service.storage.vsam.name + name: "" # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # **COMMONLY_CUSTOMIZED** diff --git a/files/SZWESAMP/ZWECSVSM b/files/SZWESAMP/ZWECSVSM index 216c1f0bb9..3f7b5c2412 100644 --- a/files/SZWESAMP/ZWECSVSM +++ b/files/SZWESAMP/ZWECSVSM @@ -38,16 +38,16 @@ //SYSPRINT DD SYSOUT=* //SYSIN DD * DEFINE CLUSTER - - (NAME({components.caching-service.storage.vsam.name}) - + (NAME({zowe.setup.vsam.name}) - // DD DDNAME={zowe.setup.vsam.mode} // DD * REC(80 20) - INDEXED) - - DATA(NAME({components.caching-service.storage.vsam.name}.DATA) - + DATA(NAME({zowe.setup.vsam.name}.DATA) - RECSZ(4096 4096) - UNIQUE - KEYS(128 0)) - - INDEX(NAME({components.caching-service.storage.vsam.name}.INDEX) - + INDEX(NAME({zowe.setup.vsam.name}.INDEX) - UNIQUE) //RLS DD * STORCLAS({zowe.setup.vsam.storageClass}) - diff --git a/files/SZWESAMP/ZWEGENER b/files/SZWESAMP/ZWEGENER index e1f8b2b562..3d84f4dcc5 100644 --- a/files/SZWESAMP/ZWEGENER +++ b/files/SZWESAMP/ZWEGENER @@ -27,16 +27,14 @@ // SPACE=(3120,(20,5,10)) //* //* Replace {zowe.setup.dataset.prefix} with the -//* HLQ where SMP/E installed data sets are located. +//* Value as seen in zowe.yaml //* //SYSPROC DD DSN={zowe.setup.dataset.prefix}.SZWEEXEC,DISP=SHR //* -//* Replace {zowe.setup.dataset.loadlib} with the data set -//* that contains Zowe executables. This data set will have -//* the suffix 'SZWELOAD'. -//* +//* Replace {zowe.setup.dataset.prefix} with the +//* Value as seen in zowe.yaml //* -//STEPLIB DD DSN={zowe.setup.dataset.loadlib},DISP=SHR +//STEPLIB DD DSN={zowe.setup.dataset.prefix}.SZWELOAD,DISP=SHR //ISPPLIB DD DSN=ISP.SISPPENU,DISP=SHR //ISPMLIB DD DSN=ISP.SISPMENU,DISP=SHR //ISPTLIB DD DSN=ISP.SISPTENU,DISP=SHR @@ -48,7 +46,7 @@ //* server-common.json //* //* Replace {zowe.runtimeDirectory} with where your Zowe run time -//* directory is. +//* directory is, as seen in zowe.yaml //* //MYSCHEMA DD *,DLM=$$ FILE {zowe.runtimeDirectory}/schemas/zowe-yaml-schema.json diff --git a/files/SZWESAMP/ZWEKRING b/files/SZWESAMP/ZWEKRING index 816e7a63e4..c62307b569 100644 --- a/files/SZWESAMP/ZWEKRING +++ b/files/SZWESAMP/ZWEKRING @@ -179,7 +179,7 @@ $$ WITHLABEL('{zowe.setup.certificate.keyring.label}.') + KEYUSAGE(HANDSHAKE) + ALTNAME(IP(&IPADDRES) + - DOMAIN('{zowe.externalDomains[0]}')) + + DOMAIN('{zowe.externalDomains.0}')) + SIGNWITH(CERTAUTH + LABEL('{zowe.setup.certificate.keyring.caLabel}')) @@ -413,7 +413,7 @@ ACF EXPIRE(05/01/30) - LABEL({zowe.setup.certificate.keyring.label}.) - KEYUSAGE(HANDSHAKE) - - ALTNAME(IP=&IPADDRES DOMAIN={zowe.externalDomains[0]}) - + ALTNAME(IP=&IPADDRES DOMAIN={zowe.externalDomains.0}) - SIGNWITH(CERTAUTH.ZOWECA) * * Connect a Zowe's certificate with the keyring ................... */ @@ -590,7 +590,7 @@ $$ NADATE(05/01/30) + LABLCERT({zowe.setup.certificate.keyring.label}.) + KEYUSAGE('HANDSHAKE') + - ALTNAME('DOMAIN={zowe.externalDomains[0]}') + + ALTNAME('DOMAIN={zowe.externalDomains.0}') + SIGNWITH(CERTAUTH,ZOWECA) /* Connect a Zowe's certificate with the keyring ................... */ diff --git a/schemas/zowe-yaml-schema.json b/schemas/zowe-yaml-schema.json index 32fe423772..01198bd6c8 100644 --- a/schemas/zowe-yaml-schema.json +++ b/schemas/zowe-yaml-schema.json @@ -382,6 +382,10 @@ "storageClass": { "type": "string", "description": "Storage class name if you are using VSAM in RLS mode" + }, + "name": { + "type": "string", + "description": "Data set name. Must match components.caching-service.storage.vsam.name" } } } From f4bdf394932eb1f9b5037802f63b8272dca222d1 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 31 Jan 2024 17:14:01 -0500 Subject: [PATCH 012/258] Fixes for job submission and update of stc jcl Signed-off-by: 1000TurquoisePogs --- bin/commands/init/generate/index.ts | 13 +++++++++---- bin/commands/init/mvs/index.sh | 4 +++- bin/commands/init/vsam/index.sh | 4 +++- bin/commands/install/index.sh | 2 +- bin/libs/zos-jes.sh | 3 +++ bin/libs/zos-jes.ts | 6 +++++- manifest.json.template | 4 ++-- 7 files changed, 26 insertions(+), 10 deletions(-) diff --git a/bin/commands/init/generate/index.ts b/bin/commands/init/generate/index.ts index 73bb143ade..f4a6c2e7a9 100644 --- a/bin/commands/init/generate/index.ts +++ b/bin/commands/init/generate/index.ts @@ -22,26 +22,31 @@ export function execute(dryRun?: boolean) { common.requireZoweYaml(); const ZOWE_CONFIG=config.getZoweConfig(); const tempFile = fs.createTmpFile(); - zosFs.copyMvsToUss(ZOWE_CONFIG.zowe.setup.dataset.prefix + 'SZWESAMP(ZWEGENER)', tempFile); + zosFs.copyMvsToUss(ZOWE_CONFIG.zowe.setup.dataset.prefix + '.SZWESAMP(ZWEGENER)', tempFile); let jclContents = xplatform.loadFileUTF8(tempFile, xplatform.AUTO_DETECT); jclContents = jclContents.replace("DSN={zowe.setup.dataset.prefix}", "DSN="+ZOWE_CONFIG.zowe.setup.dataset.prefix); jclContents = jclContents.replace("{zowe.setup.dataset.loadlib}", ZOWE_CONFIG.zowe.setup.dataset.loadlib); jclContents = jclContents.replace(/\{zowe\.runtimeDirectory\}/gi, ZOWE_CONFIG.zowe.runtimeDirectory); jclContents = jclContents.replace('FILE ', 'FILE '+ZOWE_CONFIG.zowe.workspaceDirectory+'/.env/.zowe-merged.yaml'); - os.remove(tempFile); + + xplatform.storeFileUTF8(tempFile, xplatform.AUTO_DETECT, jclContents); - common.printMessage(`Template JCL: ${ZOWE_CONFIG.zowe.setup.dataset.prefix + 'SZWESAMP(ZWEGENER)'}`); + common.printMessage(`Template JCL: ${ZOWE_CONFIG.zowe.setup.dataset.prefix + '.SZWESAMP(ZWEGENER)'}`); common.printMessage('JCL content:'); common.printMessage(jclContents); if (dryRun) { common.printMessage('JCL not submitted, command run with dry run flag.'); common.printMessage('To perform command, re-run command without dry run flag, or submit the JCL directly.'); + os.remove(tempFile); + } else { //TODO can we generate just for one step, or no reason? common.printMessage('Submitting Job ZWEGENER'); - const jobid = zosJes.submitJob(jclContents); + const jobid = zosJes.submitJob(tempFile); const result = zosJes.waitForJob(jobid); + os.remove(tempFile); + common.printMessage(`Job completed with RC=${result.rc}`); if (result.rc == 0) { common.printMessage("Zowe JCL generated successfully"); diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index 36acb65d48..52e2ef3ddd 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -87,7 +87,7 @@ else if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then print_message "Submitting Job ZWEIMVS" - jobid=$(submit_job "$jcl_contents") + jobid=$(submit_job $jcl_file) code=$? if [ ${code} -ne 0 ]; then print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib_location}(ZWEIMVS)." "" 161 @@ -96,6 +96,7 @@ else jobstate=$(wait_for_job "${jobid}") code=$? + rm $jcl_file if [ ${code} -eq 1 ]; then print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 fi @@ -112,6 +113,7 @@ else print_message "JCL not submitted, command run with dry run flag." print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" print_level2_message "Zowe custom data sets are initialized successfully." + rm $jcl_file fi fi diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index d12f7d812b..05b4f87de1 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -99,7 +99,7 @@ print_message "$jcl_contents" if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then print_message "Submitting Job ZWECSVSM" - jobid=$(submit_job "$jcl_contents") + jobid=$(submit_job $jcl_file) code=$? if [ ${code} -ne 0 ]; then print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib}(ZWECSVSM)." "" 161 @@ -108,6 +108,7 @@ if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then jobstate=$(wait_for_job "${jobid}") code=$? + rm $jcl_file if [ ${code} -eq 1 ]; then print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 fi @@ -124,4 +125,5 @@ else print_message "JCL not submitted, command run with dry run flag." print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" print_level2_message "Zowe Caching Service VSAM storage is created successfully." + rm $jcl_file fi diff --git a/bin/commands/install/index.sh b/bin/commands/install/index.sh index 0fc9e7fad6..a74da85c87 100644 --- a/bin/commands/install/index.sh +++ b/bin/commands/install/index.sh @@ -115,7 +115,7 @@ else # FIXME: move these parts to zss commands.install? # FIXME: ZWESIPRG is in zowe-install-packaging cd "${ZWE_zowe_runtimeDirectory}/components/zss" - zss_samplib="ZWESAUX=ZWESASTC ZWESIP00 ZWESIS01=ZWESISTC ZWESISCH" + zss_samplib="ZWESASTC ZWESIP00 ZWESISTC ZWESISCH" for mb in ${zss_samplib}; do mb_from=$(echo "${mb}" | awk -F= '{print $1}') mb_to=$(echo "${mb}" | awk -F= '{print $2}') diff --git a/bin/libs/zos-jes.sh b/bin/libs/zos-jes.sh index 7c6f564faf..6d9469c0fe 100644 --- a/bin/libs/zos-jes.sh +++ b/bin/libs/zos-jes.sh @@ -37,6 +37,9 @@ submit_job() { code=$? if [ ${code} -eq 0 ]; then jobid=$(echo "${result}" | grep submitted | awk '{print $2}') + if [ -z "${jobid}" ]; then + jobid=$(echo "${result}" | grep "$HASP" | awk '{print $2}') + fi if [ -z "${jobid}" ]; then print_debug " * Failed to find job ID" print_error " * Exit code: ${code}" diff --git a/bin/libs/zos-jes.ts b/bin/libs/zos-jes.ts index 0b78714667..b7808c14a2 100644 --- a/bin/libs/zos-jes.ts +++ b/bin/libs/zos-jes.ts @@ -36,7 +36,11 @@ export function submitJob(jclFile: string): string|undefined { const code=result.rc; if (code==0) { let jobidlines = result.out.split('\n').filter(line=>line.indexOf('submitted')!=-1); - const jobid = jobidlines.length > 0 ? jobidlines[0].split(' ')[1] : undefined; + let jobid = jobidlines.length > 0 ? jobidlines[0].split(' ')[1] : undefined; + if (!jobid) { + jobidlines = result.out.split('\n').filter(line=>line.indexOf('$HASP')!=-1); + jobid = jobidlines.length > 0 ? jobidlines[0].split(' ')[1] : undefined; + } if (!jobid) { common.printDebug(` * Failed to find job ID`); common.printError(` * Exit code: ${code}`); diff --git a/manifest.json.template b/manifest.json.template index 5f0645c5fa..cf4e920432 100644 --- a/manifest.json.template +++ b/manifest.json.template @@ -40,7 +40,7 @@ "artifact": "*.pax" }, "org.zowe.zss": { - "version": "^2.0.0-STAGING", + "version": "^2.14.0-PR-683", "artifact": "*.pax" }, "org.zowe.explorer.jobs.jobs-api-package": { @@ -124,7 +124,7 @@ "artifact": "*.pax" }, "org.zowe.launcher": { - "version": "^2.0.0-SNAPSHOT" + "version": "^2.15.0-PR-107" }, "org.zowe.keyring-utilities": { "version": "1.0.4", From 109b3d971f616bebda61540d6b247313880035f6 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 31 Jan 2024 18:01:02 -0500 Subject: [PATCH 013/258] Fixes after testing Signed-off-by: 1000TurquoisePogs --- bin/commands/init/generate/index.sh | 23 +++++++++++++++++++++++ bin/commands/init/generate/index.ts | 3 +-- bin/commands/init/mvs/index.sh | 2 +- files/SZWESAMP/ZWEIMVS | 2 +- 4 files changed, 26 insertions(+), 4 deletions(-) create mode 100644 bin/commands/init/generate/index.sh diff --git a/bin/commands/init/generate/index.sh b/bin/commands/init/generate/index.sh new file mode 100644 index 0000000000..e76e65d10a --- /dev/null +++ b/bin/commands/init/generate/index.sh @@ -0,0 +1,23 @@ +#!/bin/sh + +####################################################################### +# This program and the accompanying materials are made available +# under the terms of the Eclipse Public License v2.0 which +# accompanies this distribution, and is available at +# https://www.eclipse.org/legal/epl-v20.html +# +# SPDX-License-Identifier: EPL-2.0 +# +# Copyright Contributors to the Zowe Project. +####################################################################### + +USE_CONFIGMGR=$(check_configmgr_enabled) +if [ "${USE_CONFIGMGR}" = "true" ]; then + if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then + # user-facing command, use tmpdir to not mess up workspace permissions + export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 + fi + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/generate/cli.js" +else + echo "This command is only available when zowe.useConfigmgr=true" +fi diff --git a/bin/commands/init/generate/index.ts b/bin/commands/init/generate/index.ts index f4a6c2e7a9..6df1dc0e66 100644 --- a/bin/commands/init/generate/index.ts +++ b/bin/commands/init/generate/index.ts @@ -25,8 +25,7 @@ export function execute(dryRun?: boolean) { zosFs.copyMvsToUss(ZOWE_CONFIG.zowe.setup.dataset.prefix + '.SZWESAMP(ZWEGENER)', tempFile); let jclContents = xplatform.loadFileUTF8(tempFile, xplatform.AUTO_DETECT); - jclContents = jclContents.replace("DSN={zowe.setup.dataset.prefix}", "DSN="+ZOWE_CONFIG.zowe.setup.dataset.prefix); - jclContents = jclContents.replace("{zowe.setup.dataset.loadlib}", ZOWE_CONFIG.zowe.setup.dataset.loadlib); + jclContents = jclContents.replace(/\{zowe\.setup\.dataset\.prefix\}/gi, ZOWE_CONFIG.zowe.setup.dataset.prefix); jclContents = jclContents.replace(/\{zowe\.runtimeDirectory\}/gi, ZOWE_CONFIG.zowe.runtimeDirectory); jclContents = jclContents.replace('FILE ', 'FILE '+ZOWE_CONFIG.zowe.workspaceDirectory+'/.env/.zowe-merged.yaml'); diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index 52e2ef3ddd..f2a86379f6 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -17,7 +17,7 @@ print_level1_message "Initialize Zowe custom data sets" cust_ds_list="parmlib|Zowe parameter library jcllib|Zowe JCL library authLoadlib|Zowe authorized load library -authPluginLib|Zowe authorized plugin library +authPluginLib|Zowe authorized plugin library" ############################### # validation diff --git a/files/SZWESAMP/ZWEIMVS b/files/SZWESAMP/ZWEIMVS index 2940c66685..747655b25b 100644 --- a/files/SZWESAMP/ZWEIMVS +++ b/files/SZWESAMP/ZWEIMVS @@ -43,7 +43,7 @@ blksize(32760) unit(sysallda) space(30,15) tracks //MCOPY1 EXEC PGM=IEBCOPY //SYSPRINT DD SYSOUT=A //SYSUT1 DD DSN={zowe.setup.dataset.prefix}.SZWESAMP,DISP=SHR -//SYSUT2 DD DSN={zowe.setup.dataset.jcllib},DISP=OLD +//SYSUT2 DD DSN={zowe.setup.dataset.parmlib},DISP=OLD //SYSIN DD * COPY OUTDD=SYSUT2,INDD=SYSUT1 SELECT MEMBER=(ZWESIP00) From edec41067eea4304339336c891976d265f506466 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 1 Feb 2024 16:07:12 -0500 Subject: [PATCH 014/258] Add way to fill in config file into zweslstc. run gener in init steps that see it is missing. make clear start and end to jcl output Signed-off-by: 1000TurquoisePogs --- bin/commands/init/mvs/index.sh | 12 +++++++++--- bin/commands/init/vsam/index.sh | 28 ++++++++++------------------ files/SZWEEXEC/ZWEGEN00 | 32 ++++++++++++++++++++++++++++++++ 3 files changed, 51 insertions(+), 21 deletions(-) diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index f2a86379f6..75bc24671d 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -30,9 +30,14 @@ if [ -z "${prefix}" ]; then fi jcllib_location=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") -does_jcl_exist=$(is_data_set_exists "${jcllib_location}(ZWEIMVS)") +jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") +does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEIMVS)") if [ "${does_jcl_exist}" = "false" ]; then - print_error_and_exit "Error ZWEL0999E: ${jcllib_location}(ZWEIMVS) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 + zwecli_inline_execute_command init generate +fi +does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEIMVS)") +if [ "${does_jcl_exist}" = "false" ]; then + print_error_and_exit "Error ZWEL0999E: ${jcllib}(ZWEIMVS) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 fi @@ -82,8 +87,9 @@ else jcl_contents=$(cat "${jcl_file}") print_message "Template JCL: ${prefix}.SZWESAMP(ZWEIMVS) , Executable JCL: ${jcllib_location}(ZWEIMVS)" - print_message "JCL Content:" + print_message "--- JCL Content ---" print_message "$jcl_contents" + print_message "--- End of JCL ---" if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then print_message "Submitting Job ZWEIMVS" diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index 05b4f87de1..38937c17cc 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -32,12 +32,15 @@ if [ -z "${prefix}" ]; then fi jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") -does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEIMVS)") +does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWECSVSM)") if [ "${does_jcl_exist}" = "false" ]; then - print_error_and_exit "Error ZWEL0999E: ${jcllib}(ZWEIMVS) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 + zwecli_inline_execute_command init generate fi - - +does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWECSVSM)") +if [ "${does_jcl_exist}" = "false" ]; then + print_error_and_exit "Error ZWEL0999E: ${jcllib}(ZWECSVSM) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 +fi +[I vsam_mode=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.vsam.mode") if [ -z "${vsam_mode}" ]; then @@ -62,18 +65,6 @@ if [ -z "${vsam_name}" ]; then print_error_and_exit "Error ZWEL0157E: Zowe Caching Service VSAM data set name (components.caching-service.storage.vsam.name) is not defined in Zowe YAML configuration file." "" 157 fi -jcl_existence=$(is_data_set_exists "${jcllib}(ZWECSVSM)") -if [ "${jcl_existence}" = "true" ]; then - if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then - # warning - print_message "Warning ZWEL0300W: ${jcllib}(ZWECSVSM) already exists. This data set member will be overwritten during configuration." - else - # print_error_and_exit "Error ZWEL0158E: ${jcllib}(ZWECSVSM) already exists." "" 158 - # warning - print_message "Warning ZWEL0301W: ${jcllib}(ZWECSVSM) already exists and will not be overwritten. For upgrades, you must use --allow-overwrite." - fi -fi - # VSAM cache cannot be overwritten, must delete manually # FIXME: cat cannot be used to test VSAM data set vsam_existence=$(is_data_set_exists "${vsam_name}") @@ -88,14 +79,15 @@ if [ "${vsam_existence}" = "true" ]; then fi fi - + jcl_file=$(create_tmp_file) copy_mvs_to_uss "${jcllib}(ZWECSVSM)" "${jcl_file}" jcl_contents=$(cat "${jcl_file}") print_message "Template JCL: ${prefix}.SZWESAMP(ZWECSVSM) , Executable JCL: ${jcllib}(ZWECSVSM)" -print_message "JCL Content:" +print_message "--- JCL Content ---" print_message "$jcl_contents" +print_message "--- End of JCL ---" if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then print_message "Submitting Job ZWECSVSM" diff --git a/files/SZWEEXEC/ZWEGEN00 b/files/SZWEEXEC/ZWEGEN00 index c39409178e..9bcb957645 100644 --- a/files/SZWEEXEC/ZWEGEN00 +++ b/files/SZWEEXEC/ZWEGEN00 @@ -36,6 +36,7 @@ parse arg operation verbosity schemaChain = GetSchemaChain() configChain = GetConfigChain() +configChainWithMembers = GetConfigChainW[IithMembers() /* ================================================================================ @@ -73,6 +74,7 @@ end CFG.zwe.header.user = USERID() CFG.zwe.header.date = TRANSLATE(DATE(), '-', ' ') CFG.zwe.header.time = TIME() +CFG.ZWE_CLI_PARAMETER_CONFIG = configChainWithMembers /* ================================================================================ @@ -750,12 +752,42 @@ FreeByDSN: type = WORD(!contentToRead.j, 1) location = WORD(!contentToRead.j, 2) element = type'('location')' + if COMPARE(type, 'PARMLIB') = 0 then do + elementWithMember = 'PARMLIB('location'(ZWEYAML))' + end + configChain = AddToChain(configChain, element) + end + end + + return configChain + +/* +================================================================================ + GetConfigChainWithMembers() +================================================================================ +*/ + GetConfigChainWithMembers: + procedure expose !verbose + + configChain = '' + + if ReadFromDataSet('myconfig') = 0 then do + do j = 1 to !contentToRead.0 + type = WORD(!contentToRead.j, 1) + location = WORD(!contentToRead.j, 2) + if COMPARE(type, 'PARMLIB') = 0 then do + element = 'PARMLIB('location'(ZWEYAML))' + end + else do + element = type'('location')' + end configChain = AddToChain(configChain, element) end end return configChain + /* ================================================================================ GetSchemaChain() From 31584e8ff5c7321865e7bc425fccad6810095734 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 1 Feb 2024 17:19:09 -0500 Subject: [PATCH 015/258] Add missing error messages. Implement STC JCL and trim init stc. Signed-off-by: 1000TurquoisePogs --- bin/commands/init/generate/index.ts | 6 +- bin/commands/init/mvs/.errors | 1 + bin/commands/init/mvs/index.sh | 7 +- bin/commands/init/stc/.errors | 3 + bin/commands/init/stc/.parameters | 1 + bin/commands/init/stc/index.sh | 233 ++++++---------------------- bin/commands/init/vsam/.parameters | 1 + bin/commands/init/vsam/index.sh | 1 - bin/libs/configmgr.ts | 2 +- files/SZWEEXEC/ZWEGEN00 | 2 +- files/SZWESAMP/ZWEISTC | 38 +++++ 11 files changed, 99 insertions(+), 196 deletions(-) create mode 100644 files/SZWESAMP/ZWEISTC diff --git a/bin/commands/init/generate/index.ts b/bin/commands/init/generate/index.ts index 6df1dc0e66..3b6ee91adb 100644 --- a/bin/commands/init/generate/index.ts +++ b/bin/commands/init/generate/index.ts @@ -27,13 +27,15 @@ export function execute(dryRun?: boolean) { jclContents = jclContents.replace(/\{zowe\.setup\.dataset\.prefix\}/gi, ZOWE_CONFIG.zowe.setup.dataset.prefix); jclContents = jclContents.replace(/\{zowe\.runtimeDirectory\}/gi, ZOWE_CONFIG.zowe.runtimeDirectory); - jclContents = jclContents.replace('FILE ', 'FILE '+ZOWE_CONFIG.zowe.workspaceDirectory+'/.env/.zowe-merged.yaml'); + let absConfig = fs.convertToAbsolutePath(std.getenv('ZWE_PRIVATE_CONFIG_ORIG')); + jclContents = jclContents.replace('FILE ', 'FILE '+absConfig); xplatform.storeFileUTF8(tempFile, xplatform.AUTO_DETECT, jclContents); common.printMessage(`Template JCL: ${ZOWE_CONFIG.zowe.setup.dataset.prefix + '.SZWESAMP(ZWEGENER)'}`); - common.printMessage('JCL content:'); + common.printMessage('--- JCL content ---'); common.printMessage(jclContents); + common.printMessage('--- End of JCL ---'); if (dryRun) { common.printMessage('JCL not submitted, command run with dry run flag.'); diff --git a/bin/commands/init/mvs/.errors b/bin/commands/init/mvs/.errors index 1fdebba80c..0b0768cd21 100644 --- a/bin/commands/init/mvs/.errors +++ b/bin/commands/init/mvs/.errors @@ -4,3 +4,4 @@ ZWEL0301W||%s already exists and will not be overwritten. For upgrades, you must ZWEL0158E|158|%s already exists. ZWEL0161E|161|Failed to run JCL %s. ZWEL0162E|162|Failed to find job %s result. +ZWEL0163E|163|Job %s ends with code %s. \ No newline at end of file diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index 75bc24671d..fb1913442c 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -30,14 +30,13 @@ if [ -z "${prefix}" ]; then fi jcllib_location=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") -jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") -does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEIMVS)") +does_jcl_exist=$(is_data_set_exists "${jcllib_location}(ZWEIMVS)") if [ "${does_jcl_exist}" = "false" ]; then zwecli_inline_execute_command init generate fi -does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEIMVS)") +does_jcl_exist=$(is_data_set_exists "${jcllib_location}(ZWEIMVS)") if [ "${does_jcl_exist}" = "false" ]; then - print_error_and_exit "Error ZWEL0999E: ${jcllib}(ZWEIMVS) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 + print_error_and_exit "Error ZWEL0999E: ${jcllib_location}(ZWEIMVS) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 fi diff --git a/bin/commands/init/stc/.errors b/bin/commands/init/stc/.errors index 4109f9bdf2..801ae923f7 100644 --- a/bin/commands/init/stc/.errors +++ b/bin/commands/init/stc/.errors @@ -5,3 +5,6 @@ ZWEL0143E|143|Cannot find data set member %s. You may need to re-run `zwe instal ZWEL0158E|158|%s already exists. ZWEL0159E|159|Failed to modify %s. ZWEL0160E|160|Failed to write to %s. Please check if target data set is opened by others. +ZWEL0161E|161|Failed to run JCL %s. +ZWEL0162E|162|Failed to find job %s result. +ZWEL0163E|163|Job %s ends with code %s. \ No newline at end of file diff --git a/bin/commands/init/stc/.parameters b/bin/commands/init/stc/.parameters index 7d4e1ac58c..5182058f4b 100644 --- a/bin/commands/init/stc/.parameters +++ b/bin/commands/init/stc/.parameters @@ -1 +1,2 @@ allow-overwrite,allow-overwritten||boolean|||||Allow overwritten existing MVS data set. +dry-run||boolean|||||Generates and prints JCL but does not execute \ No newline at end of file diff --git a/bin/commands/init/stc/index.sh b/bin/commands/init/stc/index.sh index ec77fbabba..cbe43a04f7 100644 --- a/bin/commands/init/stc/index.sh +++ b/bin/commands/init/stc/index.sh @@ -13,10 +13,6 @@ print_level1_message "Install Zowe main started task" -############################### -# constants -proclibs="ZWESLSTC ZWESISTC ZWESASTC" - ############################### # validation require_zowe_yaml @@ -26,6 +22,7 @@ prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") if [ -z "${prefix}" ]; then print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 fi + # read PROCLIB and validate proclib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.proclib") if [ -z "${proclib}" ]; then @@ -33,60 +30,30 @@ if [ -z "${proclib}" ]; then fi # read JCL library and validate jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") -if [ -z "${jcllib}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe custom JCL library (zowe.setup.dataset.jcllib) is not defined in Zowe YAML configuration file." "" 157 -fi -# read PARMLIB and validate -parmlib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.parmlib") -if [ -z "${parmlib}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe custom parameter library (zowe.setup.dataset.parmlib) is not defined in Zowe YAML configuration file." "" 157 -fi -# read LOADLIB and validate -authLoadlib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.authLoadlib") -if [ -z "${authLoadlib}" ]; then - # authLoadlib can be empty - authLoadlib="${prefix}.${ZWE_PRIVATE_DS_SZWEAUTH}" +does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEISTC)") +if [ "${does_jcl_exist}" = "false" ]; then + zwecli_inline_execute_command init generate fi -authPluginLib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.authPluginLib") -if [ -z "${authPluginLib}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe custom load library (zowe.setup.dataset.authPluginLib) is not defined in Zowe YAML configuration file." "" 157 +does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEISTC)") +if [ "${does_jcl_exist}" = "false" ]; then + print_error_and_exit "Error ZWEL0999E: ${jcllib}(ZWEISTC) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 fi + security_stcs_zowe=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.stcs.zowe") if [ -z "${security_stcs_zowe}" ]; then - security_stcs_zowe=${ZWE_PRIVATE_DEFAULT_ZOWE_STC} + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.stcs.zowe) is not defined in Zowe YAML configuration file." "" 157 fi security_stcs_zis=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.stcs.zis") if [ -z "${security_stcs_zis}" ]; then - security_stcs_zis=${ZWE_PRIVATE_DEFAULT_ZIS_STC} + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.stcs.zis) is not defined in Zowe YAML configuration file." "" 157 fi security_stcs_aux=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.stcs.aux") if [ -z "${security_stcs_aux}" ]; then - security_stcs_aux=${ZWE_PRIVATE_DEFAULT_AUX_STC} + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.stcs.aux) is not defined in Zowe YAML configuration file." "" 157 fi target_proclibs="${security_stcs_zowe} ${security_stcs_zis} ${security_stcs_aux}" -# check existence -for mb in ${proclibs}; do - # source in SZWESAMP - samp_existence=$(is_data_set_exists "${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(${mb})") - if [ "${samp_existence}" != "true" ]; then - print_error_and_exit "Error ZWEL0143E: ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(${mb}) already exists. This data set member will be overwritten during configuration." "" 143 - fi -done for mb in ${target_proclibs}; do - # JCL for preview purpose - jcl_existence=$(is_data_set_exists "${jcllib}(${mb})") - if [ "${jcl_existence}" = "true" ]; then - if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then - # warning - print_message "Warning ZWEL0300W: ${jcllib}(${mb}) already exists. This data set member will be overwritten during configuration." - else - # print_error_and_exit "Error ZWEL0158E: ${jcllib}(${mb}) already exists." "" 158 - # warning - print_message "Warning ZWEL0301W: ${jcllib}(${mb}) already exists and will not be overwritten. For upgrades, you must use --allow-overwrite." - fi - fi - # STCs in target proclib stc_existence=$(is_data_set_exists "${proclib}(${mb})") if [ "${stc_existence}" = "true" ]; then @@ -101,157 +68,49 @@ for mb in ${target_proclibs}; do fi done -if [ "${jcl_existence}" = "true" ] && [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" != "true" ]; then - print_message "Skipped writing to ${jcllib}(${mb}). To write, you must use --allow-overwrite." +if [ "${stc_existence}" = "true" ] && [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" != "true" ]; then + print_message "Skipped writing to ${proclib}. To write, you must use --allow-overwrite." else - ############################### - # prepare STCs - # ZWESLSTC - print_message "Modify ZWESLSTC and save as ${jcllib}(${security_stcs_zowe})" - tmpfile=$(create_tmp_file $(echo "zwe ${ZWE_CLI_COMMANDS_LIST}" | sed "s# #-#g")) - print_debug "- Copy ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESLSTC) to ${tmpfile}" - if [[ "$ZWE_CLI_PARAMETER_CONFIG" != /* ]];then - print_message "CONFIG path defined in ZWESLSTC is converted into absolute path and may contain SYSNAME." - print_message "Please manually verify if this path works for your environment, especially when you are working in Sysplex environment." - fi - result=$(cat "//'${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESLSTC)'" | \ - sed "s/^\/\/STEPLIB .*\$/\/\/STEPLIB DD DSNAME=${authLoadlib},DISP=SHR/" | \ - sed "s#^CONFIG=.*\$#CONFIG=$(convert_to_absolute_path ${ZWE_CLI_PARAMETER_CONFIG})#" \ - > "${tmpfile}") - code=$? - chmod 700 "${tmpfile}" - if [ ${code} -eq 0 ]; then - print_debug " * Succeeded" - print_trace " * Exit code: ${code}" - print_trace " * Output:" - if [ -n "${result}" ]; then - print_trace "$(padding_left "${result}" " ")" - fi - else - print_debug " * Failed" - print_error " * Exit code: ${code}" - print_error " * Output:" - if [ -n "${result}" ]; then - print_error "$(padding_left "${result}" " ")" - fi - fi - if [ ! -f "${tmpfile}" ]; then - print_error_and_exit "Error ZWEL0159E: Failed to modify ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESLSTC)" "" 159 - fi - print_trace "- ensure ${tmpfile} encoding before copying into data set" - ensure_file_encoding "${tmpfile}" "SPDX-License-Identifier" - print_trace "- ${tmpfile} created, copy to ${jcllib}(${security_stcs_zowe})" - copy_to_data_set "${tmpfile}" "${jcllib}(${security_stcs_zowe})" "" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" - code=$? - print_trace "- Delete ${tmpfile}" - rm -f "${tmpfile}" - if [ ${code} -ne 0 ]; then - print_error_and_exit "Error ZWEL0160E: Failed to write to ${jcllib}(${security_stcs_zowe}). Please check if target data set is opened by others." "" 160 - fi - print_debug "- ${jcllib}(${security_stcs_zowe}) is prepared" - # ZWESISTC - print_message "Modify ZWESISTC and save as ${jcllib}(${security_stcs_zis})" - tmpfile=$(create_tmp_file $(echo "zwe ${ZWE_CLI_COMMANDS_LIST}" | sed "s# #-#g")) - print_debug "- Copy ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESISTC) to ${tmpfile}" - result=$(cat "//'${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESISTC)'" | \ - sed '/^..STEPLIB/c\ -\//STEPLIB DD DSNAME='${authLoadlib}',DISP=SHR\ -\// DD DSNAME='${authPluginLib}',DISP=SHR' | \ - sed "s/^\/\/PARMLIB .*\$/\/\/PARMLIB DD DSNAME=${parmlib},DISP=SHR/" \ - > "${tmpfile}") - code=$? - chmod 700 "${tmpfile}" - if [ ${code} -eq 0 ]; then - print_debug " * Succeeded" - print_trace " * Exit code: ${code}" - print_trace " * Output:" - if [ -n "${result}" ]; then - print_trace "$(padding_left "${result}" " ")" + jcl_file=$(create_tmp_file) + copy_mvs_to_uss "${jcllib}(ZWEISTC)" "${jcl_file}" + jcl_contents=$(cat "${jcl_file}") + + print_message "Template JCL: ${prefix}.SZWESAMP(ZWEISTC) , Executable JCL: ${jcllib}(ZWEISTC)" + print_message "--- JCL Content ---" + print_message "$jcl_contents" + print_message "--- End of JCL ---" + + if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then + print_message "Submitting Job ZWEISTC" + jobid=$(submit_job $jcl_file) + code=$? + if [ ${code} -ne 0 ]; then + print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib}(ZWEISTC)." "" 161 fi - else - print_debug " * Failed" - print_error " * Exit code: ${code}" - print_error " * Output:" - if [ -n "${result}" ]; then - print_error "$(padding_left "${result}" " ")" + print_debug "- job id ${jobid}" + + jobstate=$(wait_for_job "${jobid}") + code=$? + rm $jcl_file + if [ ${code} -eq 1 ]; then + print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 fi - exit 1 - fi - if [ ! -f "${tmpfile}" ]; then - print_error_and_exit "Error ZWEL0159E: Failed to modify ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESISTC)" "" 159 - fi - print_trace "- ensure ${tmpfile} encoding before copying into data set" - ensure_file_encoding "${tmpfile}" "SPDX-License-Identifier" - print_trace "- ${tmpfile} created, copy to ${jcllib}(${security_stcs_zis})" - copy_to_data_set "${tmpfile}" "${jcllib}(${security_stcs_zis})" "" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" - code=$? - print_trace "- Delete ${tmpfile}" - rm -f "${tmpfile}" - if [ ${code} -ne 0 ]; then - print_error_and_exit "Error ZWEL0160E: Failed to write to ${jcllib}(${security_stcs_zis}). Please check if target data set is opened by others." "" 160 - fi - print_debug "- ${jcllib}(${security_stcs_zis}) is prepared" + jobname=$(echo "${jobstate}" | awk -F, '{print $2}') + jobcctext=$(echo "${jobstate}" | awk -F, '{print $3}') + jobcccode=$(echo "${jobstate}" | awk -F, '{print $4}') - # ZWESASTC - print_message "Modify ZWESASTC and save as ${jcllib}(${security_stcs_aux})" - tmpfile=$(create_tmp_file $(echo "zwe ${ZWE_CLI_COMMANDS_LIST}" | sed "s# #-#g")) - print_debug "- Copy ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESASTC) to ${tmpfile}" - result=$(cat "//'${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESASTC)'" | \ - sed '/^..STEPLIB/c\ -\//STEPLIB DD DSNAME='${authLoadlib}',DISP=SHR\ -\// DD DSNAME='${authPluginLib}',DISP=SHR' \ - > "${tmpfile}") - code=$? - chmod 700 "${tmpfile}" - if [ ${code} -eq 0 ]; then - print_debug " * Succeeded" - print_trace " * Exit code: ${code}" - print_trace " * Output:" - if [ -n "${result}" ]; then - print_trace "$(padding_left "${result}" " ")" + if [ "${code}" -eq 0 ]; then + print_level2_message "Zowe main started tasks are installed successfully." + else + print_error_and_exit "Error ZWEL0163E: Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." "" 163 fi else - print_debug " * Failed" - print_error " * Exit code: ${code}" - print_error " * Output:" - if [ -n "${result}" ]; then - print_error "$(padding_left "${result}" " ")" - fi - exit 1 - fi - if [ ! -f "${tmpfile}" ]; then - print_error_and_exit "Error ZWEL0159E: Failed to modify ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESASTC)" "" 159 + print_message "JCL not submitted, command run with dry run flag." + print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" + print_level2_message "Zowe main started tasks are installed successfully." + rm $jcl_file fi - print_trace "- ensure ${tmpfile} encoding before copying into data set" - ensure_file_encoding "${tmpfile}" "SPDX-License-Identifier" - print_trace "- ${tmpfile} created, copy to ${jcllib}(${security_stcs_aux})" - copy_to_data_set "${tmpfile}" "${jcllib}(${security_stcs_aux})" "" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" - code=$? - print_trace "- Delete ${tmpfile}" - rm -f "${tmpfile}" - if [ ${code} -ne 0 ]; then - print_error_and_exit "Error ZWEL0160E: Failed to write to ${jcllib}(${security_stcs_aux}). Please check if target data set is opened by others." "" 160 - fi - print_debug "- ${jcllib}(${security_stcs_aux}) is prepared" - - print_message fi -if [ "${stc_existence}" = "true" ] && [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" != "true" ]; then - print_message "Skipped writing to ${proclib}(${mb}). To write, you must use --allow-overwrite." -else - ############################### - # copy to proclib - for mb in ${target_proclibs}; do - print_message "Copy ${jcllib}(${mb}) to ${proclib}(${mb})" - data_set_copy_to_data_set "${prefix}" "${jcllib}(${mb})" "${proclib}(${mb})" "-X" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" - if [ $? -ne 0 ]; then - print_error_and_exit "Error ZWEL0111E: Command aborts with error." "" 111 - fi - done -fi -############################### -# exit message -print_level2_message "Zowe main started tasks are installed successfully." diff --git a/bin/commands/init/vsam/.parameters b/bin/commands/init/vsam/.parameters index 7d4e1ac58c..5182058f4b 100644 --- a/bin/commands/init/vsam/.parameters +++ b/bin/commands/init/vsam/.parameters @@ -1 +1,2 @@ allow-overwrite,allow-overwritten||boolean|||||Allow overwritten existing MVS data set. +dry-run||boolean|||||Generates and prints JCL but does not execute \ No newline at end of file diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index 38937c17cc..764035afba 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -40,7 +40,6 @@ does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWECSVSM)") if [ "${does_jcl_exist}" = "false" ]; then print_error_and_exit "Error ZWEL0999E: ${jcllib}(ZWECSVSM) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 fi -[I vsam_mode=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.vsam.mode") if [ -z "${vsam_mode}" ]; then diff --git a/bin/libs/configmgr.ts b/bin/libs/configmgr.ts index ba16685f1e..faff668b71 100644 --- a/bin/libs/configmgr.ts +++ b/bin/libs/configmgr.ts @@ -30,7 +30,7 @@ CONFIG_MGR.setTraceLevel(0); //these show the list of files used for zowe config prior to merging into a unified one. // ZWE_CLI_PARAMETER_CONFIG gets updated to point to the unified one once written. const parameterConfig = std.getenv('ZWE_CLI_PARAMETER_CONFIG'); - +std.setenv('ZWE_PRIVATE_CONFIG_ORIG', parameterConfig); /* When using configmgr (--configmgr or zowe.useConfigmgr=true) the config property of Zowe can take a few shapes: diff --git a/files/SZWEEXEC/ZWEGEN00 b/files/SZWEEXEC/ZWEGEN00 index 9bcb957645..1e6d73bbc8 100644 --- a/files/SZWEEXEC/ZWEGEN00 +++ b/files/SZWEEXEC/ZWEGEN00 @@ -36,7 +36,7 @@ parse arg operation verbosity schemaChain = GetSchemaChain() configChain = GetConfigChain() -configChainWithMembers = GetConfigChainW[IithMembers() +configChainWithMembers = GetConfigChainWithMembers() /* ================================================================================ diff --git a/files/SZWESAMP/ZWEISTC b/files/SZWESAMP/ZWEISTC new file mode 100644 index 0000000000..106ad9ffa5 --- /dev/null +++ b/files/SZWESAMP/ZWEISTC @@ -0,0 +1,38 @@ +//ZWEISTC JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* +//MCOPYL EXEC PGM=IEBCOPY +//SYSPRINT DD SYSOUT=A +//SYSUT1 DD DSN={zowe.setup.dataset.jcllib},DISP=SHR +//SYSUT2 DD DSN={zowe.setup.dataset.proclib},DISP=OLD +//SYSIN DD * + COPY OUTDD=SYSUT2,INDD=SYSUT1 + SELECT MEMBER=((ZWESLSTC,{zowe.setup.security.stcs.zowe})) +//* +//MCOPYI EXEC PGM=IEBCOPY +//SYSPRINT DD SYSOUT=A +//SYSUT1 DD DSN={zowe.setup.dataset.jcllib},DISP=SHR +//SYSUT2 DD DSN={zowe.setup.dataset.proclib},DISP=OLD +//SYSIN DD * + COPY OUTDD=SYSUT2,INDD=SYSUT1 + SELECT MEMBER=((ZWESISTC,{zowe.setup.security.stcs.zis})) +//* +//MCOPYA EXEC PGM=IEBCOPY +//SYSPRINT DD SYSOUT=A +//SYSUT1 DD DSN={zowe.setup.dataset.jcllib},DISP=SHR +//SYSUT2 DD DSN={zowe.setup.dataset.proclib},DISP=OLD +//SYSIN DD * + COPY OUTDD=SYSUT2,INDD=SYSUT1 + SELECT MEMBER=((ZWESASTC,{zowe.setup.security.stcs.aux})) +//* From 24e1f2f3db48cc5e6961376883e70913503d9b6a Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 2 Feb 2024 11:48:18 -0500 Subject: [PATCH 016/258] Separate ZWESECUR into each security product, and simplify zwe init security to use it. Signed-off-by: 1000TurquoisePogs --- bin/commands/init/mvs/index.sh | 2 +- bin/commands/init/security/index.sh | 117 +++------ bin/commands/init/stc/index.sh | 2 +- bin/commands/init/vsam/index.sh | 2 +- files/SZWESAMP/ZWEIACF2 | 267 ++++++++++++++++++++ files/SZWESAMP/ZWEIRACF | 315 ++++++++++++++++++++++++ files/SZWESAMP/ZWEITSS | 267 ++++++++++++++++++++ workflows/templates/ZWESECUR.properties | 10 +- workflows/templates/ZWESECUR.vtl | 64 ++--- workflows/templates/ZWESECUR.xml | 10 - 10 files changed, 913 insertions(+), 143 deletions(-) create mode 100644 files/SZWESAMP/ZWEIACF2 create mode 100644 files/SZWESAMP/ZWEIRACF create mode 100644 files/SZWESAMP/ZWEITSS diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index fb1913442c..af2bf5dea1 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -117,7 +117,7 @@ else else print_message "JCL not submitted, command run with dry run flag." print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" - print_level2_message "Zowe custom data sets are initialized successfully." + print_level2_message "Command run successfully." rm $jcl_file fi fi diff --git a/bin/commands/init/security/index.sh b/bin/commands/init/security/index.sh index b0d2c48551..329c1a4099 100644 --- a/bin/commands/init/security/index.sh +++ b/bin/commands/init/security/index.sh @@ -13,9 +13,6 @@ print_level1_message "Run Zowe security configurations" -############################### -# constants - ############################### # validation require_zowe_yaml @@ -25,118 +22,86 @@ prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") if [ -z "${prefix}" ]; then print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 fi +security_product=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.product") +if [ -z "${security_product}" ]; then + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.product) is not defined in Zowe YAML configuration file." "" 157 +fi + # read JCL library and validate jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") -if [ -z "${jcllib}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe custom JCL library (zowe.setup.dataset.jcllib) is not defined in Zowe YAML configuration file." "" 157 +does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEI${security_product})") +if [ "${does_jcl_exist}" = "false" ]; then + zwecli_inline_execute_command init generate fi -security_product=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.product") -if [ -z "${security_product}" ]; then - security_product=RACF +does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEI${security_product})") +if [ "${does_jcl_exist}" = "false" ]; then + print_error_and_exit "Error ZWEL0999E: ${jcllib}(ZWEI${security_product}) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 fi + + + security_groups_admin=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.groups.admin") if [ -z "${security_groups_admin}" ]; then - security_groups_admin=${ZWE_PRIVATE_DEFAULT_ADMIN_GROUP} + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.groups.admin) is not defined in Zowe YAML configuration file." "" 157 fi security_groups_stc=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.groups.stc") if [ -z "${security_groups_stc}" ]; then - security_groups_stc=${ZWE_PRIVATE_DEFAULT_ADMIN_GROUP} + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.groups.stc) is not defined in Zowe YAML configuration file." "" 157 fi security_groups_sysProg=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.groups.sysProg") if [ -z "${security_groups_sysProg}" ]; then - security_groups_sysProg=${ZWE_PRIVATE_DEFAULT_ADMIN_GROUP} + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.groups.sysProg) is not defined in Zowe YAML configuration file." "" 157 fi security_users_zowe=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.users.zowe") if [ -z "${security_users_zowe}" ]; then - security_users_zowe=${ZWE_PRIVATE_DEFAULT_ZOWE_USER} + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.users.zowe) is not defined in Zowe YAML configuration file." "" 157 fi security_users_zis=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.users.zis") if [ -z "${security_users_zis}" ]; then - security_users_zis=${ZWE_PRIVATE_DEFAULT_ZIS_USER} + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.users.zis) is not defined in Zowe YAML configuration file." "" 157 fi security_stcs_zowe=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.stcs.zowe") if [ -z "${security_stcs_zowe}" ]; then - security_stcs_zowe=${ZWE_PRIVATE_DEFAULT_ZOWE_STC} + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.stcs.zowe) is not defined in Zowe YAML configuration file." "" 157 fi security_stcs_zis=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.stcs.zis") if [ -z "${security_stcs_zis}" ]; then - security_stcs_zis=${ZWE_PRIVATE_DEFAULT_ZIS_STC} + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.stcs.zis) is not defined in Zowe YAML configuration file." "" 157 fi security_stcs_aux=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.stcs.aux") if [ -z "${security_stcs_aux}" ]; then - security_stcs_aux=${ZWE_PRIVATE_DEFAULT_AUX_STC} + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.stcs.aux) is not defined in Zowe YAML configuration file." "" 157 fi -############################### -# prepare ZWESECUR JCL -print_message "Modify ZWESECUR" -tmpfile=$(create_tmp_file $(echo "zwe ${ZWE_CLI_COMMANDS_LIST}" | sed "s# #-#g")) -tmpdsm=$(create_data_set_tmp_member "${jcllib}" "ZW$(date +%H%M)") -print_debug "- Copy ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESECUR) to ${tmpfile}" -# cat "//'IBMUSER.ZWEV2.SZWESAMP(ZWESECUR)'" | sed "s/^\\/\\/ \\+SET \\+PRODUCT=.*\\$/\\/\\ SET PRODUCT=ACF2 * RACF, ACF2, or TSS/" -result=$(cat "//'${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESECUR)'" | \ - sed "s/^\/\/ \+SET \+PRODUCT=.*\$/\/\/ SET PRODUCT=${security_product}/" | \ - sed "s/^\/\/ \+SET \+ADMINGRP=.*\$/\/\/ SET ADMINGRP=${security_groups_admin}/" | \ - sed "s/^\/\/ \+SET \+STCGRP=.*\$/\/\/ SET STCGRP=${security_groups_stc}/" | \ - sed "s/^\/\/ \+SET \+ZOWEUSER=.*\$/\/\/ SET ZOWEUSER=${security_users_zowe}/" | \ - sed "s/^\/\/ \+SET \+ZISUSER=.*\$/\/\/ SET ZISUSER=${security_users_zis}/" | \ - sed "s/^\/\/ \+SET \+ZOWESTC=.*\$/\/\/ SET ZOWESTC=${security_stcs_zowe}/" | \ - sed "s/^\/\/ \+SET \+ZISSTC=.*\$/\/\/ SET ZISSTC=${security_stcs_zis}/" | \ - sed "s/^\/\/ \+SET \+AUXSTC=.*\$/\/\/ SET AUXSTC=${security_stcs_aux}/" | \ - sed "s/^\/\/ \+SET \+HLQ=.*\$/\/\/ SET HLQ=${prefix}/" | \ - sed "s/^\/\/ \+SET \+SYSPROG=.*\$/\/\/ SET SYSPROG=${security_groups_sysProg}/" \ - > "${tmpfile}") -code=$? -chmod 700 "${tmpfile}" -if [ ${code} -eq 0 ]; then - print_debug " * Succeeded" - print_trace " * Exit code: ${code}" - print_trace " * Output:" - if [ -n "${result}" ]; then - print_trace "$(padding_left "${result}" " ")" - fi -else - print_debug " * Failed" - print_error " * Exit code: ${code}" - print_error " * Output:" - if [ -n "${result}" ]; then - print_error "$(padding_left "${result}" " ")" - fi -fi -if [ ! -f "${tmpfile}" ]; then - print_error_and_exit "Error ZWEL0159E: Failed to modify ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESECUR)" "" 159 -fi -print_trace "- ensure ${tmpfile} encoding before copying into data set" -ensure_file_encoding "${tmpfile}" "SPDX-License-Identifier" -print_trace "- ${tmpfile} created, copy to ${jcllib}(${tmpdsm})" -copy_to_data_set "${tmpfile}" "${jcllib}(${tmpdsm})" "" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" -code=$? -print_trace "- Delete ${tmpfile}" -rm -f "${tmpfile}" -if [ ${code} -ne 0 ]; then - print_error_and_exit "Error ZWEL0160E: Failed to write to ${jcllib}(${tmpdsm}). Please check if target data set is opened by others." "" 160 -fi -print_message "- ${jcllib}(${tmpdsm}) is prepared" -print_message -############################### -# submit job +jcl_file=$(create_tmp_file) +copy_mvs_to_uss "${jcllib}(ZWEI${security_product})" "${jcl_file}" +jcl_contents=$(cat "${jcl_file}") + +print_message "Template JCL: ${prefix}.SZWESAMP(ZWEI${security_product}) , Executable JCL: ${jcllib}(ZWEI${security_product})" +print_message "--- JCL Content ---" +print_message "$jcl_contents" +print_message "--- End of JCL ---" + job_has_failures= if [ "${ZWE_CLI_PARAMETER_SECURITY_DRY_RUN}" = "true" ]; then - print_message "Dry-run mode, security setup is NOT performed on the system." - print_message "Please submit ${jcllib}(${tmpdsm}) manually." + print_message "JCL not submitted, command run with dry run flag." + print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" + rm $jcl_file else - print_message "Submit ${jcllib}(${tmpdsm})" - jobid=$(submit_job "//'${jcllib}(${tmpdsm})'") + ############################### + # submit job + print_message "Submitting Job ZWEI${security_product}" + jobid=$(submit_job "//'${jcllib}(ZWEI${security_product})'") code=$? if [ ${code} -ne 0 ]; then job_has_failures=true if [ "${ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES}" = "true" ]; then - print_error "Warning ZWEL0161W: Failed to run JCL ${jcllib}(${tmpdsm})." + print_error "Warning ZWEL0161W: Failed to run JCL ${jcllib}(ZWEI${security_product})." # skip wait for job status step jobid= else - print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib}(${tmpdsm})." "" 161 + print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib}(ZWEI${security_product})." "" 161 fi fi @@ -179,5 +144,5 @@ fi if [ "${job_has_failures}" = "true" ]; then print_level2_message "Failed to apply Zowe security configurations. Please check job log for details." else - print_level2_message "Zowe security configurations are applied successfully." + print_level2_message "Command run successfully." fi diff --git a/bin/commands/init/stc/index.sh b/bin/commands/init/stc/index.sh index cbe43a04f7..6eeac595ba 100644 --- a/bin/commands/init/stc/index.sh +++ b/bin/commands/init/stc/index.sh @@ -108,7 +108,7 @@ else else print_message "JCL not submitted, command run with dry run flag." print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" - print_level2_message "Zowe main started tasks are installed successfully." + print_level2_message "Command run successfully." rm $jcl_file fi fi diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index 764035afba..ec0212ae68 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -115,6 +115,6 @@ if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then else print_message "JCL not submitted, command run with dry run flag." print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" - print_level2_message "Zowe Caching Service VSAM storage is created successfully." + print_level2_message "Command run successfully." rm $jcl_file fi diff --git a/files/SZWESAMP/ZWEIACF2 b/files/SZWESAMP/ZWEIACF2 new file mode 100644 index 0000000000..c446614664 --- /dev/null +++ b/files/SZWESAMP/ZWEIACF2 @@ -0,0 +1,267 @@ +//ZWEIACF2 JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2018, 2020 +//* +//********************************************************************* +//* +//* Zowe Open Source Project +//* This JCL can be used to define security permits for Zowe +//* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* 2) When not using AUTOUID and AUTOGID to assign z/OS UNIX UID +//* and GID values, update the SET *ID= statements to match the +//* desired UID and GID values. +//* +//* 3) Customize the commands in the DD statement that matches your +//* security product so that they meet your system requirements. +//* +//* Note(s): +//* +//* 1. THE USER ID THAT RUNS THIS JOB MUST HAVE SUFFICIENT AUTHORITY +//* TO ALTER SECURITY DEFINITONS +//* +//* 2. The sample ACF2 commands create ROLEs that match the group +//* names. Due to permits assigned to the &STCGRP ROLE, it is +//* advised to ensure this ROLE has a unique identifier. +//* +//* 3. The Zowe started task user ID 'zowe.setup.security.users.zowe' +//* Writes persistent data to 'zowe.workspaceDirectory' +//* This sample JCL makes the Zowe started task part of +//* the Zowe admin group 'zowe.setup.security.groups.admin' +//* to facilitate admin access to this directory. +//* +//* 4. This job WILL complete with return code 0. +//* The results of each command must be verified after completion. +//* +//********************************************************************* +// EXPORT SYMLIST=* +//* +//* The sample commands assume AUTOUID and AUTOGID are +//* enabled. When this is not the case, +//* provide appropriate (numeric) values to these SET commands. +// SET ADMINGID= * Group ID for ZOWE administrators +// SET STCGID=&ADMINGID. * Group ID for ZOWE started tasks +// SET ZOWEUID= * UID for ZOWE started task User +// SET ZISUID= * UID for ZIS started task User +//* +//* If using AUTOUID and AUTOGID, an AUTOIDOM GSO Record must exist. +//* +//********************************************************************* +//* +//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT +//* +//RUN EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +* +* DEFINE ADMINISTRATORS ........................................... +* +* group for administrators +* replace AUTOGID with GID(&ADMINGID.) if AUTOGID is not enabled +* +SET PROFILE(GROUP) DIV(OMVS) +INSERT {zowe.setup.security.groups.admin}. AUTOGID +F ACF2,REBUILD(GRP),CLASS(P) +* +* uncomment and customize to add an existing userid as administrator +* +* SET X(ROL) +* INSERT {zowe.setup.security.groups.admin}. INCLUDE(userid) ROLE +* F ACF2,NEWXREF,TYPE(ROL) +* +* DEFINE STARTED TASK ............................................. +* +* comment out if STCGRP matches ADMINGRP (default), expect +* warning messages otherwise +* group for started tasks +* replace AUTOGID with GID(&STCGID.) if AUTOGID is not enabled +* +SET PROFILE(GROUP) DIV(OMVS) +INSERT {zowe.setup.security.groups.stc}. AUTOGID +F ACF2,REBUILD(GRP),CLASS(P) +* +***** +* +* userid for ZOWE main server +* replace AUTOUID with UID(&ZOWEUID.) if AUTOUID is not enabled +* +SET LID +INSERT {zowe.setup.security.users.zowe}. + + STC GROUP({zowe.setup.security.groups.stc}.) +SET PROFILE(USER) DIV(OMVS) +INSERT {zowe.setup.security.users.zowe}. + + AUTOUID HOME(/tmp) OMVSPGM(/bin/sh) +F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) +* +* userid for ZIS cross memory server +* replace AUTOUID with UID(&ZISUID.) if AUTOUID is not enabled +* +SET LID +INSERT {zowe.setup.security.users.zis}. + + STC GROUP({zowe.setup.security.groups.stc}.) +SET PROFILE(USER) DIV(OMVS) +INSERT {zowe.setup.security.users.zis}. + + AUTOUID HOME(/tmp) OMVSPGM(/bin/sh) +F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) +* +***** +* +* started task for ZOWE main server +* +SET CONTROL(GSO) +INSERT STC.{zowe.setup.security.stcs.zowe}. + + LOGONID({zowe.setup.security.users.zowe}.) + +GROUP({zowe.setup.security.groups.stc}.) + +STCID({zowe.setup.security.stcs.zowe}.) +F ACF2,REFRESH(STC) +* +* started task for ZIS cross memory server +* +SET CONTROL(GSO) +INSERT STC.{zowe.setup.security.stcs.zis}. + + LOGONID({zowe.setup.security.users.zis}.) + +GROUP({zowe.setup.security.groups.stc}.) + +STCID({zowe.setup.security.stcs.zis}.) +F ACF2,REFRESH(STC) +* +* started task for ZIS Auxiliary cross memory server +* +SET CONTROL(GSO) +INSERT STC.{zowe.setup.security.stcs.aux}. + + LOGONID({zowe.setup.security.users.zis}.) + +GROUP({zowe.setup.security.groups.stc}.) + +STCID({zowe.setup.security.stcs.aux}.) +F ACF2,REFRESH(STC) +* +* DEFINE ZIS SECURITY RESOURCES .................................. +* +* define a role holding the permissions, add ZISUSER and +* ZOWEUSER to it +* +SET X(ROL) +INSERT {zowe.setup.security.groups.stc}. + + INCLUDE({zowe.setup.security.users.zowe}.) ROLE +F ACF2,NEWXREF,TYPE(ROL) +CHANGE {zowe.setup.security.groups.stc}. + + INCLUDE({zowe.setup.security.users.zis}.) ADD +F ACF2,NEWXREF,TYPE(ROL) +* +* DEFINE STC SERVER PERMISIONS .................................... +* +* permit AUX and Zowe main server to use ZIS cross memory server +* +SET RESOURCE(FAC) +RECKEY ZWES ADD(IS SERVICE(READ) + + ROLE({zowe.setup.security.groups.stc}.) ALLOW) +F ACF2,REBUILD(FAC) +* +* DEFINE ZOWE SERVER PERMISIONS ................................... +* +* permit Zowe main server to create a user's security environment +* ATTENTION: Defining the BPX.DAEMON or BPX.SERVER profile makes +* z/OS UNIX switch to z/OS UNIX level security. This is +* more secure, but it can impact operation of existing +* applications. Test this thoroughly before activating +* it on a production system. +* +SET RESOURCE(FAC) +RECKEY BPX ADD(DAEMON SERVICE(UPDATE) + + ROLE({zowe.setup.security.groups.stc}.) ALLOW) +RECKEY BPX ADD(SERVER SERVICE(UPDATE) + + ROLE({zowe.setup.security.groups.stc}.) ALLOW) +* +* permit Zowe main server to create a user's security environment +* comment out the following 3 lines if the OMVSAPPL is not defined +* in your environment +SET RESOURCE(APL) +RECKEY OMVSAPPL ADD(SERVICE(READ) + + ROLE({zowe.setup.security.groups.stc}.) ALLOW) +F ACF2,REBUILD(APL) +* +* Allow STCGRP role access to BPX.JOBNAME +RECKEY BPX ADD(JOBNAME SERVICE(READ) + + ROLE({zowe.setup.security.groups.stc}.) ALLOW) +F ACF2,REBUILD(FAC) + +* allow STCGRP role to use client certificate mapping service +SET RESOURCE(FAC) +RECKEY IRR ADD(RUSERMAP ROLE({zowe.setup.security.groups.stc}.) + + SERVICE(READ) ALLOW) +F ACF2,REBUILD(FAC) + +* allow STCGRP role to use distributed identity mapping service +SET RESOURCE(FAC) +RECKEY IRR ADD(IDIDMAP.QUERY + + ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) +F ACF2,REBUILD(FAC) + +* permit Zowe main server to cut SMF records +SET RESOURCE(FAC) +RECKEY IRR ADD(RAUDITX ROLE({zowe.setup.security.groups.stc}.) + + SERVICE(READ) ALLOW) +F ACF2,REBUILD(FAC) + +* +* DEFINE ZOWE DATA SET PROTECTION ................................. +* +* - HLQ..SZWEAUTH is an APF authorized data set. It is strongly +* advised to protect it against updates. +* +* HLQ stub +SET RULE +* general data set protection +LIST {zowe.setup.dataset.prefix}. +RECKEY {zowe.setup.dataset.prefix}. ADD(- UID(-) READ(A) EXEC(P)) +RECKEY {zowe.setup.dataset.prefix}. + +ADD(- UID({zowe.setup.security.groups.sysProg}.) + + READ(A) EXEC(A) ALLOC(A) WRITE(A)) +* +* show results +LIST {zowe.setup.dataset.prefix}. +* + +* +* DEFINE ZOWE RESOURCE PROTECTION ................................. +* +* - Defines new resource class for Zowe that protects access to +* sensitive Zowe resources. +* - Defines resource APIML.SERVICES that controls access to +* detailed information about API services to Zowe users. + +* define ZOWE resource type and class mapping +* skip this section if the ZOWE resource class already exists +SET CONTROL(GSO) +INSERT CLASMAP.ZOWE RESOURCE(ZOWE) RSRCTYPE(ZWE) +F ACF2,REFRESH(CLASMAP),TYPE(GSO) +CHANGE INFODIR TYPES(R-RZWE) +F ACF2,REFRESH(INFODIR) +SET CONTROL(GSO) + +* uncomment and replace "user" to permit Zowe users to access +* the resource: +* SET RESOURCE(ZWE) +* RECKEY APIML ADD(SERVICES - +* UID(user) SERVICE(READ) ALLOW) +* F ACF2,REBUILD(ZWE) + +* show results +SET RESOURCE(ZWE) +LIST LIKE(-) +$$ +//* diff --git a/files/SZWESAMP/ZWEIRACF b/files/SZWESAMP/ZWEIRACF new file mode 100644 index 0000000000..764208bc58 --- /dev/null +++ b/files/SZWESAMP/ZWEIRACF @@ -0,0 +1,315 @@ +//ZWEIRACF JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2018, 2020 +//* +//********************************************************************* +//* +//* Zowe Open Source Project +//* This JCL can be used to define security permits for Zowe +//* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* 2) When not using AUTOUID and AUTOGID to assign z/OS UNIX UID +//* and GID values, update the SET *ID= statements to match the +//* desired UID and GID values. +//* +//* 3) Customize the commands in the DD statement that matches your +//* security product so that they meet your system requirements. +//* +//* Note(s): +//* +//* 1. THE USER ID THAT RUNS THIS JOB MUST HAVE SUFFICIENT AUTHORITY +//* TO ALTER SECURITY DEFINITONS +//* +//* 2. The Zowe started task user ID 'zowe.setup.security.users.zowe' +//* Writes persistent data to 'zowe.workspaceDirectory' +//* This sample JCL makes the Zowe started task part of +//* the Zowe admin group 'zowe.setup.security.groups.admin' +//* to facilitate admin access to this directory. +//* +//* 3. This job WILL complete with return code 0. +//* The results of each command must be verified after completion. +//* +//********************************************************************* +// EXPORT SYMLIST=* +//* +//* The sample commands assume AUTOUID and AUTOGID are +//* enabled. When this is not the case, +//* provide appropriate (numeric) values to these SET commands. +// SET ADMINGID= * Group ID for ZOWE administrators +// SET STCGID=&ADMINGID. * Group ID for ZOWE started tasks +// SET ZOWEUID= * UID for ZOWE started task User +// SET ZISUID= * UID for ZIS started task User +//* +//* If using AUTOUID and AUTOGID, the RACF database must be +//* at AIM 2 or higher, and BPX.NEXT.USER must exist. +//* +//********************************************************************* +//* +//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT +//* +//RUN EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=RACF +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* ACTIVATE REQUIRED RACF SETTINGS AND CLASSES ..................... */ + +/* - Comment out the activation statements for the classes that are */ +/* already active. */ + +/* display current settings */ +/*SETROPTS LIST */ + +/* activate FACILITY class for z/OS UNIX & Zowe ZIS profiles */ + SETROPTS GENERIC(FACILITY) + SETROPTS CLASSACT(FACILITY) RACLIST(FACILITY) + +/* activate started task class */ + SETROPTS GENERIC(STARTED) + SETROPTS CLASSACT(STARTED) RACLIST(STARTED) + +/* show results .................................................... */ + SETROPTS LIST + +/* DEFINE ADMINISTRATORS ........................................... */ + +/* - The sample commands assume automatic generation of GID is */ +/* enabled. */ + +/* group for administrators */ +/* replace AUTOGID with GID(&ADMINGID.) if AUTOGID not enabled */ + LISTGRP {zowe.setup.security.groups.admin}. OMVS + ADDGROUP {zowe.setup.security.groups.admin}. OMVS(AUTOGID) - + DATA('ZOWE ADMINISTRATORS') + +/* uncomment to add existing user IDs to the ADMINGRP group */ +/* CONNECT (userid,userid,...) - */ +/* GROUP({zowe.setup.security.groups.admin}.) AUTH(USE) */ + +/* DEFINE STARTED TASK ............................................. */ + +/* - Ensure that user IDs are protected with the NOPASSWORD keyword. */ +/* - The sample commands assume automatic generation of UID and GID */ +/* is enabled. */ + +/* comment out if STCGRP matches ADMINGRP (default), expect */ +/* warning messages otherwise */ +/* group for started tasks */ +/* replace AUTOGID with GID(&STCGID.) if AUTOGID not enabled */ + LISTGRP {zowe.setup.security.groups.stc}. OMVS + ADDGROUP {zowe.setup.security.groups.stc}. OMVS(AUTOGID) - + DATA('STARTED TASK GROUP WITH OMVS SEGMENT') + +/* */ + +/* userid for ZOWE main server */ +/* replace AUTOUID with UID(&ZOWEUID.) if AUTOUID not enabled */ + LISTUSER {zowe.setup.security.users.zowe}. OMVS + ADDUSER {zowe.setup.security.users.zowe}. - + NOPASSWORD - + DFLTGRP({zowe.setup.security.groups.stc}.) - + OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) - + NAME('ZOWE SERVER') - + DATA('ZOWE MAIN SERVER') + +/* userid for ZIS cross memory server */ +/* replace AUTOUID with UID(&ZISUID.) if AUTOUID not enabled */ + LISTUSER {zowe.setup.security.users.zis}. OMVS + ADDUSER {zowe.setup.security.users.zis}. - + NOPASSWORD - + DFLTGRP({zowe.setup.security.groups.stc}.) - + OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) - + NAME('ZOWE ZIS SERVER') - + DATA('ZOWE ZIS CROSS MEMORY SERVER') + +/* */ + +/* started task for ZOWE main server */ + RLIST STARTED {zowe.setup.security.stcs.zowe}..* ALL STDATA + RDEFINE STARTED {zowe.setup.security.stcs.zowe}..* - + STDATA(USER({zowe.setup.security.users.zowe}.) - + GROUP({zowe.setup.security.groups.stc}.) - + TRUSTED(NO)) DATA('ZOWE MAIN SERVER') + +/* started task for ZIS cross memory server */ + RLIST STARTED {zowe.setup.security.stcs.zis}..* ALL STDATA + RDEFINE STARTED {zowe.setup.security.stcs.zis}..* - + STDATA(USER({zowe.setup.security.users.zis}.) - + GROUP({zowe.setup.security.groups.stc}.) - + TRUSTED(NO)) DATA('ZOWE ZIS CROSS MEMORY SERVER') + +/* started task for ZIS Auxiliary cross memory server */ + RLIST STARTED {zowe.setup.security.stcs.aux}..* ALL STDATA + RDEFINE STARTED {zowe.setup.security.stcs.aux}..* - + STDATA(USER({zowe.setup.security.users.zis}.) - + GROUP({zowe.setup.security.groups.stc}.) - + TRUSTED(NO)) DATA('ZOWE ZIS AUX CROSS MEMORY SERVER') + + SETROPTS RACLIST(STARTED) REFRESH + +/* show results .................................................... */ + LISTGRP {zowe.setup.security.groups.stc}. OMVS + LISTUSER {zowe.setup.security.users.zowe}. OMVS + LISTUSER {zowe.setup.security.users.zis}. OMVS + RLIST STARTED {zowe.setup.security.stcs.zowe}..* ALL STDATA + RLIST STARTED {zowe.setup.security.stcs.zis}..* ALL STDATA + RLIST STARTED {zowe.setup.security.stcs.aux}..* ALL STDATA + +/* DEFINE ZIS SECURITY RESOURCES ................................... */ + +/* define ZIS security profile */ + RLIST FACILITY ZWES.IS ALL + RDEFINE FACILITY ZWES.IS UACC(NONE) + +/* DEFINE AUX SERVER PERMISIONS .................................... */ + +/* permit AUX STC to use ZIS cross memory server */ + PERMIT ZWES.IS CLASS(FACILITY) ACCESS(READ) - + ID({zowe.setup.security.users.zis}.) + SETROPTS RACLIST(FACILITY) REFRESH + +/* DEFINE ZOWE SERVER PERMISIONS ................................... */ + +/* permit Zowe main server to use ZIS cross memory server */ + PERMIT ZWES.IS CLASS(FACILITY) ACCESS(READ) - + ID({zowe.setup.security.users.zowe}.) + SETROPTS RACLIST(FACILITY) REFRESH + +/* permit Zowe main server to create a user's security environment */ +/* ATTENTION: Defining the BPX.DAEMON or BPX.SERVER profile makes */ +/* z/OS UNIX switch to z/OS UNIX level security. This is */ +/* more secure, but it can impact operation of existing */ +/* applications. Test this thoroughly before activating */ +/* it on a production system. */ + RLIST FACILITY BPX.DAEMON ALL + RDEFINE FACILITY BPX.DAEMON UACC(NONE) + PERMIT BPX.DAEMON CLASS(FACILITY) ACCESS(UPDATE) 0 + ID({zowe.setup.security.users.zowe}.) + + RLIST FACILITY BPX.SERVER ALL + RDEFINE FACILITY BPX.SERVER UACC(NONE) + PERMIT BPX.SERVER CLASS(FACILITY) ACCESS(UPDATE) - + ID({zowe.setup.security.users.zowe}.) + +/* permit Zowe main server to create a user's security environment */ +/* comment out the following 2 lines if the OMVSAPPL is not defined */ +/* in your environment */ + PERMIT OMVSAPPL CLASS(APPL) ID({zowe.setup.security.users.zowe}.) - + ACCESS(READ) + SETROPTS RACLIST(APPL) REFRESH + +/* permit Zowe main server to set job name */ + RLIST FACILITY BPX.JOBNAME ALL + RDEFINE FACILITY BPX.JOBNAME UACC(NONE) + PERMIT BPX.JOBNAME CLASS(FACILITY) ACCESS(READ) - + ID({zowe.setup.security.users.zowe}.) + + SETROPTS RACLIST(FACILITY) REFRESH + +/* permit Zowe main server to use client certificate mapping service */ + RLIST FACILITY IRR.RUSERMAP ALL + RDEFINE FACILITY IRR.RUSERMAP UACC(NONE) + PERMIT IRR.RUSERMAP CLASS(FACILITY) ACCESS(READ) - + ID({zowe.setup.security.users.zowe}.) + +/* permit Zowe main server to use distributed identity mapping */ +/* service + RLIST FACILITY IRR.IDIDMAP.QUERY ALL + RDEFINE FACILITY IRR.IDIDMAP.QUERY UACC(NONE) + PERMIT IRR.IDIDMAP.QUERY CLASS(FACILITY) ACCESS(READ) - + ID({zowe.setup.security.users.zowe}.) + +/* permit Zowe main server to cut SMF records */ + RLIST FACILITY IRR.RAUDITX ALL + RDEFINE FACILITY IRR.RAUDITX UACC(NONE) + PERMIT IRR.RAUDITX CLASS(FACILITY) ACCESS(READ) - + ID({zowe.setup.security.users.zowe}.) + + SETROPTS RACLIST(FACILITY) REFRESH +/* show results .................................................... */ + RLIST FACILITY ZWES.IS ALL + RLIST FACILITY BPX.DAEMON ALL + RLIST FACILITY BPX.SERVER ALL + RLIST FACILITY BPX.JOBNAME ALL + RLIST FACILITY IRR.RUSERMAP ALL + RLIST FACILITY IRR.RAUDITX ALL + +/* DEFINE ZOWE DATA SET PROTECTION ................................. */ + +/* - HLQ..SZWEAUTH is an APF authorized data set. It is strongly */ +/* advised to protect it against updates. */ +/* - The sample commands assume that EGN (Enhanced Generic Naming) */ +/* is active, which allows the usage of ** to represent any number */ +/* of qualifiers in the DATASET class. Substitute *.** with * if */ +/* EGN is not active on your system. */ + +/* HLQ stub */ + LISTGRP {zowe.setup.dataset.prefix}. + ADDGROUP {zowe.setup.dataset.prefix}. DATA('Zowe - HLQ STUB') + +/* general data set protection */ + LISTDSD PREFIX({zowe.setup.dataset.prefix}.) ALL + ADDSD '{zowe.setup.dataset.prefix}..*.**' UACC(READ) DATA('Zowe') + PERMIT '{zowe.setup.dataset.prefix}..*.**' CLASS(DATASET) - + ACCESS(ALTER) ID({zowe.setup.security.groups.sysProg}.) + + SETROPTS GENERIC(DATASET) REFRESH + +/* show results .................................................... */ + LISTGRP {zowe.setup.dataset.prefix}. + LISTDSD PREFIX({zowe.setup.dataset.prefix}.) ALL + +/* DEFINE ZOWE RESOURCE PROTECTION ................................. */ + +/* - Defines new resource class for Zowe that protects access to */ +/* sensitive Zowe resources. */ +/* - Defines resource APIML.SERVICES that controls access to */ +/* detailed information about API services to Zowe users. */ + +/* uncomment to activate CDT class to define ZOWE resource class */ +/* SETROPTS CLASSACT(CDT) RACLIST(CDT) */ + +/* define ZOWE resource class */ +/* skip this command if the ZOWE resource class already exists */ +/* use a unique value in POSIT */ + RDEFINE CDT ZOWE - + UACC(NONE) - + CDTINFO(DEFAULTUACC(NONE) - + FIRST(ALPHA) - + OTHER(ALPHA,NATIONAL,NUMERIC,SPECIAL) - + MAXLENGTH(246) - + POSIT(607) - + RACLIST(DISALLOWED)) + + SETROPTS RACLIST(CDT) REFRESH + SETROPTS CLASSACT(ZOWE) + +/* define resource for information about API services */ + RDEFINE ZOWE APIML.SERVICES UACC(NONE) + +/* uncomment and replace "user" to permit Zowe users to access */ +/* the resource: */ +/* PERMIT APIML.SERVICES CLASS(ZOWE) ID(user) ACCESS(READ) */ + +/* show results */ + RLIST ZOWE * + +/* ................................................................. */ +/* only the last RC is returned, this command ensures it is a 0 */ +PROFILE +$$ +//* diff --git a/files/SZWESAMP/ZWEITSS b/files/SZWESAMP/ZWEITSS new file mode 100644 index 0000000000..8b0d10c962 --- /dev/null +++ b/files/SZWESAMP/ZWEITSS @@ -0,0 +1,267 @@ +//ZWEITSS JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2018, 2020 +//* +//********************************************************************* +//* +//* Zowe Open Source Project +//* This JCL can be used to define security permits for Zowe +//* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* 2) When not using AUTOUID and AUTOGID to assign z/OS UNIX UID +//* and GID values, update the SET *ID= statements to match the +//* desired UID and GID values. +//* +//* 3) Customize the commands in the DD statement that matches your +//* security product so that they meet your system requirements. +//* +//* Note(s): +//* +//* 1. THE USER ID THAT RUNS THIS JOB MUST HAVE SUFFICIENT AUTHORITY +//* TO ALTER SECURITY DEFINITONS +//* +//* 2. The Zowe started task user ID 'zowe.setup.security.users.zowe' +//* Writes persistent data to 'zowe.workspaceDirectory' +//* This sample JCL makes the Zowe started task part of +//* the Zowe admin group 'zowe.setup.security.groups.admin' +//* to facilitate admin access to this directory. +//* +//* 3. This job WILL complete with return code 0. +//* The results of each command must be verified after completion. +//* +//********************************************************************* +// EXPORT SYMLIST=* +//* +//* Provide appropriate (numeric) values to these SET commands. +// SET ADMINGID= * Group ID for ZOWE administrators +// SET STCGID=&ADMINGID. * Group ID for ZOWE started tasks +// SET ZOWEUID= * UID for ZOWE started task User +// SET ZISUID= * UID for ZIS started task User +//* +//* If a default UID and GID range is defined, you can specify '?' +//* in the SET *ID= statements to utilize auto-assignment +//* of UID and GID. +//* +//* 12345678 +// SET ADMINDEP= * department owning admin group +// SET STCGDEP= * department owning STC group +// SET STCUDEP= * department owning STC user IDs +// SET ZOWEDEP= * department owning Zowe resources +// SET FACACID= * ACID owning IBMFAC +//* 12345678 +//* +//********************************************************************* +//* +//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT +//* +//RUN EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* DEFINE ADMINISTRATORS ........................................... */ + +/* group for administrators */ + TSS LIST({zowe.setup.security.groups.admin}.) SEGMENT(OMVS) + TSS CREATE({zowe.setup.security.groups.admin}.) TYPE(GROUP) + + NAME('ZOWE ADMINISTRATORS') + + DEPT(&ADMINDEP.) + TSS ADD({zowe.setup.security.groups.admin}.) GID(&ADMINGID.) + +/* uncomment to add existing user IDs to the Zowe admin group */ +/* TSS ADD(userid) GROUP({zowe.setup.security.groups.admin}.) */ + +/* DEFINE STARTED TASK ............................................. */ + +/* comment out if STCGRP matches ADMINGRP (default), expect */ +/* warning messages otherwise */ +/* group for started tasks */ + TSS LIST({zowe.setup.security.groups.stc}.) SEGMENT(OMVS) + TSS CREATE({zowe.setup.security.groups.stc}.) TYPE(GROUP) + + NAME('STC GROUP WITH OMVS SEGMENT') + + DEPT(&STCGDEP.) + TSS ADD({zowe.setup.security.groups.stc}.) GID(&STCGID.) + +/* */ + +/* userid for ZOWE main server */ + TSS LIST({zowe.setup.security.users.zowe}.) SEGMENT(OMVS) + TSS CREATE({zowe.setup.security.users.zowe}.) TYPE(USER) PASS(NOPW,0) + + NAME('ZOWE MAIN SERVER') + + DEPT(&STCUDEP.) + TSS ADD({zowe.setup.security.users.zowe}.) + + GROUP({zowe.setup.security.groups.stc}.) + + DFLTGRP({zowe.setup.security.groups.stc}.) + + HOME(/tmp) OMVSPGM(/bin/sh) UID(&ZOWEUID.) + +/* userid for ZIS cross memory server */ + TSS LIST({zowe.setup.security.users.zis}.) SEGMENT(OMVS) + TSS CREATE({zowe.setup.security.users.zis}.) TYPE(USER) PASS(NOPW,0) + + NAME('ZOWE ZIS CROSS MEMORY SERVER') + + DEPT(&STCUDEP.) + TSS ADD({zowe.setup.security.users.zis}.) + + GROUP({zowe.setup.security.groups.stc}.) + + DFLTGRP({zowe.setup.security.groups.stc}.) + + HOME(/tmp) OMVSPGM(/bin/sh) UID(&ZISUID.) + +/* */ + +/* started task for ZOWE main server */ + TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.zowe}.) PREFIX + TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.zowe}.) + + ACID({zowe.setup.security.users.zowe}.) + TSS ADD({zowe.setup.security.users.zowe}.) FAC(STC) + +/* started task for ZIS cross memory server */ + TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.zis}.) PREFIX + TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.zis}.) + + ACID({zowe.setup.security.users.zis}.) + TSS ADD({zowe.setup.security.users.zis}.) FAC(STC) + +/* started task for ZIS Auxiliary cross memory server */ + TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.aux}.) PREFIX + TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.aux}.) + + ACID({zowe.setup.security.users.zis}.) + TSS ADD({zowe.setup.security.users.zis}.) FAC(STC) + +/* DEFINE ZIS SECURITY RESOURCES ................................... */ + +/* define ZIS security profile */ + TSS ADD(&FACACID.) IBMFAC(ZWES.IS) + +/* DEFINE AUX SERVER PERMISIONS .................................... */ + +/* permit AUX STC to use ZIS cross memory server */ + TSS WHOHAS IBMFAC(ZWES.IS) + TSS PERMIT({zowe.setup.security.users.zis}.) IBMFAC(ZWES.IS) + + ACCESS(READ) + +/* DEFINE ZOWE SERVER PERMISIONS ................................... */ + +/* permit Zowe main server to use ZIS cross memory server */ + TSS WHOHAS IBMFAC(ZWES.IS) + TSS PERMIT({zowe.setup.security.users.zowe}.) IBMFAC(ZWES.IS) + + ACCESS(READ) + +/* permit Zowe main server to create a user's security environment */ +/* ATTENTION: Defining the BPX.DAEMON or BPX.SERVER profile makes */ +/* z/OS UNIX switch to z/OS UNIX level security. This is */ +/* more secure, but it can impact operation of existing */ +/* applications. Test this thoroughly before activating */ +/* it on a production system. */ + TSS ADD(&FACACID.) IBMFAC(BPX.) + TSS WHOHAS IBMFAC(BPX.DAEMON) + TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(BPX.DAEMON) + + ACCESS(UPDATE) + TSS WHOHAS IBMFAC(BPX.SERVER) + TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(BPX.SERVER) + + ACCESS(UPDATE) + +/* permit Zowe main server to create a user's security environment */ +/* comment out the following line if the OMVSAPPL is not defined */ +/* in your environment */ +TSS PERMIT({zowe.setup.security.users.zowe}.) APPL(OMVSAPPL) + +/* Allow ZOWEUSER access to BPX.JOBNAME */ + TSS WHOHAS IBMFAC(BPX.JOBNAME) + TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(BPX.JOBNAME) + + ACCESS(READ) + +/* permit Zowe main server to use client certificate mapping service */ + TSS WHOHAS IBMFAC(IRR.RUSERMAP) + TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(IRR.RUSERMAP) + + ACCESS(READ) + +/* permit Zowe main server to use distributed identity mapping */ +/* service + TSS WHOHAS IBMFAC(IRR.IDIDMAP.QUERY) + TSS PER({zowe.setup.security.users.zowe}.) + + IBMFAC(IRR.IDIDMAP.QUERY) ACCESS(READ) + +/* permit Zowe main server to cut SMF records */ + TSS WHOHAS IBMFAC(IRR.RAUDITX) + TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(IRR.RAUDITX) + + ACCESS(READ) + +/* DEFINE ZOWE DATA SET PROTECTION ................................. */ + +/* - HLQ..SZWEAUTH is an APF authorized data set. It is strongly */ +/* advised to protect it against updates. */ + +/* HLQ stub */ + TSS ADD(&ADMINDEP.) DATASET({zowe.setup.dataset.prefix}..) + +/* general data set protection */ + TSS WHOHAS DATASET({zowe.setup.dataset.prefix}.) + TSS PER(ALL) DATASET({zowe.setup.dataset.prefix}..) ACCESS(READ) + TSS PER({zowe.setup.security.groups.sysProg}) + + DATASET({zowe.setup.dataset.prefix}..) ACCESS(ALL) + +/* show results */ + TSS WHOHAS DATASET({zowe.setup.dataset.prefix}.) + +/* DEFINE ZOWE RESOURCE PROTECTION ................................. */ + +/* - Defines new resource class for Zowe that protects access to */ +/* sensitive Zowe resources. */ +/* - Defines resource APIML.SERVICES that controls access to */ +/* detailed information about API services to Zowe users. */ + +/* define ZOWE resource class */ +/* skip this command if the ZOWE resource class already exists */ + TSS ADDTO(RDT) RESCLASS(ZOWE) MAXLEN(246) + + ACLST(NONE,READ,UPDATE,CONTROL) DEFACC(NONE) + +/* define resource for information about API services */ + TSS ADDTO(&ZOWEDEP.) ZOWE(APIML.) + +/* uncomment and replace "user" to permit Zowe users to access */ +/* the resource: */ +/* TSS PERMIT(user) ZOWE(APIML.SERVICES) ACCESS(READ) */ + +/* show results */ + TSS LIST(RDT) RESCLASS(ZOWE) + +/* If any of these started tasks are multiusers address spaces */ +/* a TSS FACILITY needs to be defined and assigned to the started */ +/* and should not be using the STC FACILITY . The all acids signing */ +/* on to the started tasks will need to be authorized to the */ +/* FACILITY. */ +/* */ +/* Create FACILITY example: */ +/* In the TSSPARMS add the following lines to create */ +/* the new FACILITY. */ +/* */ +/* FACILITY(USER11=NAME=ZOWE) */ +/* FACILITY(ZOWE=MODE=FAIL) */ +/* FACILITY(ZOWE=RES) */ +/* */ +/* To assign the FACILITY to the started task issue the following */ +/* command: */ +/* */ +/* TSS ADD(started_task_acid) MASTFAC(ZOWE) */ +/* */ +/* To authorize a user to signon to the FACILITY, issues the */ +/* following command. */ +/* */ +/* TSS ADD(user_acid) FAC(ZOWE) */ + +/* ................................................................. */ +/* only the last RC is returned, this command ensures it is a 0 */ +PROFILE +$$ +//* diff --git a/workflows/templates/ZWESECUR.properties b/workflows/templates/ZWESECUR.properties index 11543d4aa5..029ea6f982 100644 --- a/workflows/templates/ZWESECUR.properties +++ b/workflows/templates/ZWESECUR.properties @@ -177,15 +177,7 @@ ZISUSER: '#ZWESIUSR' # Category: General Security # Description: # Zowe started task name -ZOWESTC: '#ZWESVSTC' - -# ZLNCHSTC -# Label: ZLNCHSTC -# Abstract: Zowe started task name for HA -# Category: General Security -# Description: -# Zowe started task name for HA -ZLNCHSTC: '#ZWESLSTC' +ZOWESTC: '#ZWESLSTC' # ZISSTC # Label: ZISSTC diff --git a/workflows/templates/ZWESECUR.vtl b/workflows/templates/ZWESECUR.vtl index d32ecb48dc..84d86af7ab 100644 --- a/workflows/templates/ZWESECUR.vtl +++ b/workflows/templates/ZWESECUR.vtl @@ -35,6 +35,7 @@ //* 1) Add job name and job parameters to the JOB statement, to //* meet your system requirements. //* +#if($ibmTemplate != 'YES') //* 2) Update the SET PRODUCT= statement to match your security //* product. //* @@ -53,30 +54,27 @@ //* 7) Update the SET ZOWESTC= statement to match the desired //* Zowe started task name. //* -//* 8) Update the SET ZLNCHSTC= statement to match the desired -//* Zowe launcher started task name. It is applicable if you -//* run Zowe for high availability. -//* -//* 9) Update the SET ZISSTC= statement to match the desired +//* 8) Update the SET ZISSTC= statement to match the desired //* ZIS started task name. //* -//* 10) Update the SET AUXSTC= statement to match the desired +//* 9) Update the SET AUXSTC= statement to match the desired //* ZIS Auxiliary started task name. //* -//* 11) Update the SET HLQ= statement to match the desired +//* 10) Update the SET HLQ= statement to match the desired //* Zowe data set high level qualifier. //* -//* 12) Update the SET SYSPROG= statement to match the existing +//* 11) Update the SET SYSPROG= statement to match the existing //* user ID or group used by z/OS system programmers. //* -//* 13) When not using AUTOUID and AUTOGID to assign z/OS UNIX UID +#end +//* 12) When not using AUTOUID and AUTOGID to assign z/OS UNIX UID //* and GID values, update the SET *ID= statements to match the //* desired UID and GID values. //* -//* 14) When using Top Secret, update the Top Secret specific SET +//* 13) When using Top Secret, update the Top Secret specific SET //* statements. //* -//* 15) Customize the commands in the DD statement that matches your +//* 14) Customize the commands in the DD statement that matches your //* security product so that they meet your system requirements. //* //* Note(s): @@ -103,19 +101,16 @@ #if($ibmTemplate == 'YES') // EXPORT SYMLIST=* //* -// SET PRODUCT=RACF * RACF, ACF2, or TSS -//* 12345678 -// SET ADMINGRP=ZWEADMIN * group for Zowe administrators -// SET STCGRP=&ADMINGRP. * group for Zowe started tasks -// SET ZOWEUSER=ZWESVUSR * userid for Zowe started task -// SET ZISUSER=ZWESIUSR * userid for ZIS started task -// SET ZOWESTC=ZWESVSTC * Zowe started task name -// SET ZLNCHSTC=ZWESLSTC * Zowe started task name for HA -// SET ZISSTC=ZWESISTC * ZIS started task name -// SET AUXSTC=ZWESASTC * ZIS AUX started task name -// SET HLQ=ZWE * data set high level qualifier -// SET SYSPROG=&ADMINGRP. * system programmer user ID/group -//* 12345678 +// SET PRODUCT=#[[{zowe.setup.security.product}]]# +// SET ADMINGRP=#[[{zowe.setup.security.groups.admin}]]# +// SET STCGRP=#[[{zowe.setup.security.groups.stc}]]# +// SET ZOWEUSER=#[[{zowe.setup.security.users.zowe}]]# +// SET ZISUSER=#[[{zowe.setup.security.users.zis}]]# +// SET ZOWESTC=#[[{zowe.setup.security.stcs.zowe}]]# +// SET ZISSTC=#[[{zowe.setup.security.stcs.zis}]]# +// SET AUXSTC=#[[zowe.setup.security.stcs.aux}]]# +// SET HLQ=#[[{zowe.setup.dataset.prefix}]]# +// SET SYSPROG=#[[{zowe.setup.security.groups.sysProg}]]# //* //* The sample RACF and ACF2 commands assume AUTOUID and AUTOGID are //* enabled. When this is not the case, or you are using Top Secret, @@ -152,7 +147,6 @@ // SET ZOWEUSER=${ZOWEUSER} * userid for Zowe started task // SET ZISUSER=${ZISUSER} * userid for ZIS started task // SET ZOWESTC=${ZOWESTC} * Zowe started task name -// SET ZLNCHSTC=${ZLNCHSTC} * Zowe started task name for HA // SET ZISSTC=${ZISSTC} * ZIS started task name // SET AUXSTC=${AUXSTC} * ZIS AUX started task name // SET HLQ=${HLQ} * data set high level qualifier @@ -283,12 +277,6 @@ STDATA(USER(&ZOWEUSER.) GROUP(&STCGRP.) TRUSTED(NO)) - DATA('ZOWE MAIN SERVER') -/* started task for ZOWE Launcher in high availability */ - RLIST STARTED &ZLNCHSTC..* ALL STDATA - RDEFINE STARTED &ZLNCHSTC..* - - STDATA(USER(&ZOWEUSER.) GROUP(&STCGRP.) TRUSTED(NO)) - - DATA('ZOWE LAUNCHER SERVER') - /* started task for ZIS cross memory server */ RLIST STARTED &ZISSTC..* ALL STDATA RDEFINE STARTED &ZISSTC..* - @@ -308,7 +296,6 @@ LISTUSER &ZOWEUSER. OMVS LISTUSER &ZISUSER. OMVS RLIST STARTED &ZOWESTC..* ALL STDATA - RLIST STARTED &ZLNCHSTC..* ALL STDATA RLIST STARTED &ZISSTC..* ALL STDATA RLIST STARTED &AUXSTC..* ALL STDATA @@ -520,14 +507,6 @@ GROUP(&STCGRP.) + STCID(&ZOWESTC.) F ACF2,REFRESH(STC) * -* started task for ZOWE Launcher in high availability -* -SET CONTROL(GSO) -INSERT STC.&ZLNCHSTC. LOGONID(&ZOWEUSER.) + -GROUP(&STCGRP.) + -STCID(&ZLNCHSTC.) -F ACF2,REFRESH(STC) -* * started task for ZIS cross memory server * SET CONTROL(GSO) @@ -721,11 +700,6 @@ $$ TSS ADD(STC) PROCNAME(&ZOWESTC.) ACID(&ZOWEUSER.) TSS ADD(&ZOWEUSER.) FAC(STC) -/* started task for ZOWE Launcher in high availability */ - TSS LIST(STC) PROCNAME(&ZLNCHSTC.) PREFIX - TSS ADD(STC) PROCNAME(&ZLNCHSTC.) ACID(&ZOWEUSER.) - TSS ADD(&ZOWEUSER.) FAC(STC) - /* started task for ZIS cross memory server */ TSS LIST(STC) PROCNAME(&ZISSTC.) PREFIX TSS ADD(STC) PROCNAME(&ZISSTC.) ACID(&ZISUSER.) diff --git a/workflows/templates/ZWESECUR.xml b/workflows/templates/ZWESECUR.xml index 2616c0e018..4508e22a2f 100644 --- a/workflows/templates/ZWESECUR.xml +++ b/workflows/templates/ZWESECUR.xml @@ -122,15 +122,6 @@ Zowe started task name Zowe started task name General Security - - #ZWESVSTC - - - - - Zowe started task name for HA - Zowe started task name for HA - General Security #ZWESLSTC @@ -265,7 +256,6 @@ - Run this step to initialize variable values.<br/> Note(s):<br/> 1. THE USER ID THAT RUNS THIS JOB MUST HAVE SUFFICIENT AUTHORITY <br/> From f54b42f3cc195723ff7eeb738deee8ca3a5c7564 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 2 Feb 2024 14:55:55 -0500 Subject: [PATCH 017/258] split zwekring into 9 parts, 3 for each esm. printing of jcl to not use temp file. add zosmf keyring info to example-zowe Signed-off-by: 1000TurquoisePogs --- bin/commands/init/certificate/.parameters | 1 + bin/commands/init/mvs/index.sh | 8 +- bin/commands/init/security/.parameters | 2 +- bin/commands/init/security/index.sh | 5 +- bin/commands/init/vsam/index.sh | 8 +- bin/libs/certificate.sh | 178 ++++---------- example-zowe.yaml | 17 ++ files/SZWESAMP/ZWEIKRA1 | 241 ++++++++++++++++++ files/SZWESAMP/ZWEIKRA2 | 207 ++++++++++++++++ files/SZWESAMP/ZWEIKRA3 | 214 ++++++++++++++++ files/SZWESAMP/ZWEIKRR1 | 287 ++++++++++++++++++++++ files/SZWESAMP/ZWEIKRR2 | 255 +++++++++++++++++++ files/SZWESAMP/ZWEIKRR3 | 258 +++++++++++++++++++ files/SZWESAMP/ZWEIKRT1 | 227 +++++++++++++++++ files/SZWESAMP/ZWEIKRT2 | 194 +++++++++++++++ files/SZWESAMP/ZWEIKRT3 | 199 +++++++++++++++ 16 files changed, 2154 insertions(+), 147 deletions(-) create mode 100644 files/SZWESAMP/ZWEIKRA1 create mode 100644 files/SZWESAMP/ZWEIKRA2 create mode 100644 files/SZWESAMP/ZWEIKRA3 create mode 100644 files/SZWESAMP/ZWEIKRR1 create mode 100644 files/SZWESAMP/ZWEIKRR2 create mode 100644 files/SZWESAMP/ZWEIKRR3 create mode 100644 files/SZWESAMP/ZWEIKRT1 create mode 100644 files/SZWESAMP/ZWEIKRT2 create mode 100644 files/SZWESAMP/ZWEIKRT3 diff --git a/bin/commands/init/certificate/.parameters b/bin/commands/init/certificate/.parameters index 3c989a374d..6d54bacd99 100644 --- a/bin/commands/init/certificate/.parameters +++ b/bin/commands/init/certificate/.parameters @@ -1,3 +1,4 @@ allow-overwrite,allow-overwritten||boolean|||||Allow overwritten existing MVS data set. update-config||boolean|||||Whether to update YAML configuration file with initialization result. ignore-security-failures||boolean|||||Whether to ignore security setup job failures. +security-dry-run,dry-run||boolean|||||Generates and prints JCL but does not execute \ No newline at end of file diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index af2bf5dea1..314ecc92a0 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -81,9 +81,7 @@ if [ "${ds_existence}" = "true" ] && [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" ! print_level2_message "Zowe custom data sets initialized with errors." else - jcl_file=$(create_tmp_file) - copy_mvs_to_uss "${jcllib_location}(ZWEIMVS)" "${jcl_file}" - jcl_contents=$(cat "${jcl_file}") + jcl_contents=$(cat "//'${jcllib_location}(ZWEIMVS)'") print_message "Template JCL: ${prefix}.SZWESAMP(ZWEIMVS) , Executable JCL: ${jcllib_location}(ZWEIMVS)" print_message "--- JCL Content ---" @@ -92,7 +90,7 @@ else if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then print_message "Submitting Job ZWEIMVS" - jobid=$(submit_job $jcl_file) + jobid=$(submit_job "//'${jcllib_location}(ZWEIMVS)'") code=$? if [ ${code} -ne 0 ]; then print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib_location}(ZWEIMVS)." "" 161 @@ -101,7 +99,6 @@ else jobstate=$(wait_for_job "${jobid}") code=$? - rm $jcl_file if [ ${code} -eq 1 ]; then print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 fi @@ -118,7 +115,6 @@ else print_message "JCL not submitted, command run with dry run flag." print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" print_level2_message "Command run successfully." - rm $jcl_file fi fi diff --git a/bin/commands/init/security/.parameters b/bin/commands/init/security/.parameters index 62b1a05778..aa7b7c7da6 100644 --- a/bin/commands/init/security/.parameters +++ b/bin/commands/init/security/.parameters @@ -1,2 +1,2 @@ -security-dry-run||boolean|||||Whether to dry run security related setup. +security-dry-run,dry-run||boolean|||||Generates and prints JCL but does not execute ignore-security-failures||boolean|||||Whether to ignore security setup job failures. diff --git a/bin/commands/init/security/index.sh b/bin/commands/init/security/index.sh index 329c1a4099..e93639def7 100644 --- a/bin/commands/init/security/index.sh +++ b/bin/commands/init/security/index.sh @@ -74,9 +74,7 @@ if [ -z "${security_stcs_aux}" ]; then fi -jcl_file=$(create_tmp_file) -copy_mvs_to_uss "${jcllib}(ZWEI${security_product})" "${jcl_file}" -jcl_contents=$(cat "${jcl_file}") +jcl_contents=$(cat "//'${jcllib}(ZWEI${security_product})'") print_message "Template JCL: ${prefix}.SZWESAMP(ZWEI${security_product}) , Executable JCL: ${jcllib}(ZWEI${security_product})" print_message "--- JCL Content ---" @@ -87,7 +85,6 @@ job_has_failures= if [ "${ZWE_CLI_PARAMETER_SECURITY_DRY_RUN}" = "true" ]; then print_message "JCL not submitted, command run with dry run flag." print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" - rm $jcl_file else ############################### # submit job diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index ec0212ae68..8dc32044d5 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -79,9 +79,7 @@ if [ "${vsam_existence}" = "true" ]; then fi -jcl_file=$(create_tmp_file) -copy_mvs_to_uss "${jcllib}(ZWECSVSM)" "${jcl_file}" -jcl_contents=$(cat "${jcl_file}") +jcl_contents=$(cat "//'${jcllib}(ZWECSVSM)") print_message "Template JCL: ${prefix}.SZWESAMP(ZWECSVSM) , Executable JCL: ${jcllib}(ZWECSVSM)" print_message "--- JCL Content ---" @@ -90,7 +88,7 @@ print_message "--- End of JCL ---" if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then print_message "Submitting Job ZWECSVSM" - jobid=$(submit_job $jcl_file) + jobid=$(submit_job "//'${jcllib}(ZWECSVSM)'") code=$? if [ ${code} -ne 0 ]; then print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib}(ZWECSVSM)." "" 161 @@ -99,7 +97,6 @@ if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then jobstate=$(wait_for_job "${jobid}") code=$? - rm $jcl_file if [ ${code} -eq 1 ]; then print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 fi @@ -116,5 +113,4 @@ else print_message "JCL not submitted, command run with dry run flag." print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" print_level2_message "Command run successfully." - rm $jcl_file fi diff --git a/bin/libs/certificate.sh b/bin/libs/certificate.sh index 49fcc232ef..f5a5c03c39 100644 --- a/bin/libs/certificate.sh +++ b/bin/libs/certificate.sh @@ -838,6 +838,15 @@ keyring_run_zwekring_jcl() { validity="${16:-${ZWE_PRIVATE_DEFAULT_CERTIFICATE_VALIDITY}}" security_product=${17:-RACF} + member_prefix="ZWEIK" + if [ "${security_product}" = "TSS" ]; then + member_name="${member_prefix}T${jcloption}" + elif [ "${security_product}" = "ACF2" ]; then + member_name="${member_prefix}A${jcloption}" + else + member_name="${member_prefix}R${jcloption}" + fi + # generate from domains list domain_name= ip_address= @@ -887,67 +896,20 @@ EOF validity_ymd=$("${date_add_util}" ${validity} YYYY-MM-DD) validity_mdy=$("${date_add_util}" ${validity} MM/DD/YY) - # option 2 needs further changes on JCL - racf_connect1="s/dummy/dummy/" - racf_connect2="s/dummy/dummy/" - acf2_connect="s/dummy/dummy/" - tss_connect="s/dummy/dummy/" - if [ "${jcloption}" = "2" ]; then - if [ "${connect_user}" = "SITE" ]; then - racf_connect1="s/^ \+RACDCERT CONNECT[(]SITE | ID[(]userid[)].*\$/ RACDCERT CONNECT(SITE +/" - acf2_connect="s/^ \+CONNECT CERTDATA[(]SITECERT\.digicert | userid\.digicert[)].*\$/ CONNECT CERTDATA(SITECERT.${connect_label}) -/" - tss_connect="s/^ \+RINGDATA[(]CERTSITE|userid,digicert[)].*\$/ RINGDATA(CERTSITE,${connect_label}) +/" - elif [ -n "${connect_user}" ]; then - racf_connect1="s/^ \+RACDCERT CONNECT[(]SITE | ID[(]userid[)].*\$/ RACDCERT CONNECT(ID(${connect_user}) +/" - acf2_connect="s/^ \+CONNECT CERTDATA[(]SITECERT\.digicert | userid\.digicert[)].*\$/ CONNECT CERTDATA(${connect_user}.${connect_label}) -/" - tss_connect="s/^ \+RINGDATA[(]CERTSITE|userid,digicert[)].*\$/ RINGDATA(${connect_user},${connect_label}) +/" - fi - racf_connect2="s/^ \+LABEL[(]'certlabel'[)].*\$/ LABEL('${connect_label}') +/" - fi - - # used by ACF2 - stc_group=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.groups.stc") - if [ -z "${stc_group}" ]; then - stc_group=${ZWE_PRIVATE_DEFAULT_ADMIN_GROUP} - fi - ############################### # prepare ZWEKRING JCL - print_message ">>>> Modify ZWEKRING" + print_debug ">>>> Prepare ${member_name}" print_debug "- Create temp file" tmpfile=$(create_tmp_file $(echo "zwe ${ZWE_CLI_COMMANDS_LIST}" | sed "s# #-#g")) - print_debug " > temp file: ${tmpfile}" - print_debug "- Create temp data set member" - tmpdsm=$(create_data_set_tmp_member "${jcllib}" "ZW$(date +%H%M)") print_debug " > data set member: ${jcllib}(tmpdsm)" - print_debug "- Copy ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWEKRING) to ${tmpfile}" - result=$(cat "//'${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWEKRING)'" | \ - sed "s/^\/\/ \+SET \+PRODUCT=.*\$/\/\/ SET PRODUCT=${security_product}/" | \ - sed "s/^\/\/ \+SET \+ZOWEUSER=.*\$/\/\/ SET ZOWEUSER=${keyring_owner:-${ZWE_PRIVATE_DEFAULT_ZOWE_USER}}/" | \ - sed "s/^\/\/ \+SET \+ZOWERING=.*\$/\/\/ SET ZOWERING='${keyring_name}'/" | \ - sed "s/^\/\/ \+SET \+OPTION=.*\$/\/\/ SET OPTION=${jcloption}/" | \ - sed "s/^\/\/ \+SET \+LABEL=.*\$/\/\/ SET LABEL='${alias}'/" | \ - sed "s/^\/\/ \+SET \+LOCALCA=.*\$/\/\/ SET LOCALCA='${ca_alias}'/" | \ - sed "s/^\/\/ \+SET \+CN=.*\$/\/\/ SET CN='${ZWE_PRIVATE_CERTIFICATE_COMMON_NAME:-${ZWE_PRIVATE_DEFAULT_CERTIFICATE_COMMON_NAME}}'/" | \ - sed "s/^\/\/ \+SET \+OU=.*\$/\/\/ SET OU='${ZWE_PRIVATE_CERTIFICATE_ORG_UNIT:-${ZWE_PRIVATE_DEFAULT_CERTIFICATE_ORG_UNIT}}'/" | \ - sed "s/^\/\/ \+SET \+O=.*\$/\/\/ SET O='${ZWE_PRIVATE_CERTIFICATE_ORG:-${ZWE_PRIVATE_DEFAULT_CERTIFICATE_ORG}}'/" | \ - sed "s/^\/\/ \+SET \+L=.*\$/\/\/ SET L='${ZWE_PRIVATE_CERTIFICATE_LOCALITY:-${ZWE_PRIVATE_DEFAULT_CERTIFICATE_LOCALITY}}'/" | \ - sed "s/^\/\/ \+SET \+SP=.*\$/\/\/ SET SP='${ZWE_PRIVATE_CERTIFICATE_STATE:-${ZWE_PRIVATE_DEFAULT_CERTIFICATE_STATE}}'/" | \ - sed "s/^\/\/ \+SET \+C=.*\$/\/\/ SET C='${ZWE_PRIVATE_CERTIFICATE_COUNTRY:-${ZWE_PRIVATE_DEFAULT_CERTIFICATE_COUNTRY}}'/" | \ - sed "s/^\/\/ \+SET \+HOSTNAME=.*\$/\/\/ SET HOSTNAME='${domain_name}'/" | \ + print_debug "- Copy ${jcllib}(${member_name}) to ${tmpfile}" + result=$(cat "//'${jcllib}(${member_name})'" | \ sed "s/^\/\/ \+SET \+IPADDRES=.*\$/\/\/ SET IPADDRES='${ip_address}'/" | \ - sed "s/^\/\/ \+SET \+DSNAME=.*\$/\/\/ SET DSNAME=${import_ds_name}/" | \ - sed "s/^\/\/ \+SET \+PKCSPASS=.*\$/\/\/ SET PKCSPASS='${import_ds_password}'/" | \ sed "s/^\/\/ \+SET \+IFZOWECA=.*\$/\/\/ SET IFZOWECA=${import_ext_ca}/" | \ sed "s/^\/\/ \+SET \+ITRMZWCA=.*\$/\/\/ SET ITRMZWCA='${import_ext_intermediate_ca_label}'/" | \ sed "s/^\/\/ \+SET \+ROOTZWCA=.*\$/\/\/ SET ROOTZWCA='${import_ext_root_ca_label}'/" | \ sed "s/^\/\/ \+SET \+IFROZFCA=.*\$/\/\/ SET IFROZFCA=${trust_zosmf}/" | \ sed "s/^\/\/ \+SET \+ROOTZFCA=.*\$/\/\/ SET ROOTZFCA='${zosmf_root_ca}'/" | \ - sed "s/^\/\/ \+SET \+STCGRP=.*\$/\/\/ SET STCGRP=${stc_group}/" | \ - sed "${racf_connect1}" | \ - sed "${racf_connect2}" | \ - sed "${acf2_connect}" | \ - sed "${tss_connect}" | \ sed "s/2030-05-01/${validity_ymd}/g" | \ sed "s#05/01/30#${validity_mdy}#g" \ > "${tmpfile}") @@ -969,30 +931,38 @@ EOF fi fi if [ ! -f "${tmpfile}" ]; then - print_error "Error ZWEL0159E: Failed to modify ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWEKRING)" + print_error "Error ZWEL0159E: Failed to modify ${jcllib}(${member_name})" return 159 fi - print_trace "- Ensure ${tmpfile} encoding before copying into data set" - ensure_file_encoding "${tmpfile}" "SPDX-License-Identifier" - print_trace "- ${tmpfile} created, copy to ${jcllib}(${tmpdsm})" - copy_to_data_set "${tmpfile}" "${jcllib}(${tmpdsm})" "" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" - code=$? - print_trace "- Delete ${tmpfile}" - rm -f "${tmpfile}" - if [ ${code} -ne 0 ]; then - print_error "Error ZWEL0160E: Failed to write to ${jcllib}(${tmpdsm}). Please check if target data set is opened by others." - return 160 - fi - print_message " - ${jcllib}(${tmpdsm}) is prepared" - print_message - ############################### - # submit job + jcl_contents=$(cat "${tmpfile}") + + print_message "Template JCL: ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(${member_name}) , Executable JCL: ${jcllib}(${member_name})" + print_message "--- JCL Content ---" + print_message "$jcl_contents" + print_message "--- End of JCL ---" + if [ "${ZWE_CLI_PARAMETER_SECURITY_DRY_RUN}" = "true" ]; then - print_message "Dry-run mode, JCL will NOT be submitted on the system." - print_message "Please submit ${jcllib}(${tmpdsm}) manually." + print_message "JCL not submitted, command run with dry run flag." + print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" + rm "${tmpfile}" else - print_message ">>>> Submit ${jcllib}(${tmpdsm})" + print_trace "- Ensure ${tmpfile} encoding before copying into data set" + ensure_file_encoding "${tmpfile}" "SPDX-License-Identifier" + print_trace "- ${tmpfile} created, writing back to ${jcllib}(${member_name})" + copy_to_data_set "${tmpfile}" "${jcllib}(${member_name})" "" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" + code=$? + print_trace "- Delete ${tmpfile}" + rm -f "${tmpfile}" + if [ ${code} -ne 0 ]; then + print_error "Error ZWEL0160E: Failed to write to ${jcllib}(${tmpdsm}). Please check if target data set is opened by others." + return 160 + fi + print_debug " - ${jcllib}(${member_name}) is prepared" + + ############################### + # submit job + print_message "Submitting Job ${member_name})" jobid=$(submit_job "//'${jcllib}(${tmpdsm})'") code=$? if [ ${code} -ne 0 ]; then @@ -1033,72 +1003,20 @@ keyring_run_zwenokyr_jcl() { ca_alias="${6}" security_product=${7:-RACF} - # used by ACF2 - stc_group=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.groups.stc") - if [ -z "${stc_group}" ]; then - stc_group=${ZWE_PRIVATE_DEFAULT_ADMIN_GROUP} - fi - - ############################### - # prepare ZWENOKYR JCL - print_message ">>>> Modify ZWENOKYR" - print_debug "- Create temp file" - tmpfile=$(create_tmp_file $(echo "zwe ${ZWE_CLI_COMMANDS_LIST}" | sed "s# #-#g")) - print_debug " > temp file: ${tmpfile}" - print_debug "- Create temp data set member" - tmpdsm=$(create_data_set_tmp_member "${jcllib}" "ZW$(date +%H%M)") - print_debug " > data set member: ${jcllib}(tmpdsm)" - print_debug "- Copy ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWENOKYR) to ${tmpfile}" - result=$(cat "//'${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWENOKYR)'" | \ - sed "s/^\/\/ \+SET \+PRODUCT=.*\$/\/\/ SET PRODUCT=${security_product}/" | \ - sed "s/^\/\/ \+SET \+ZOWEUSER=.*\$/\/\/ SET ZOWEUSER=${keyring_owner:-${ZWE_PRIVATE_DEFAULT_ZOWE_USER}}/" | \ - sed "s/^\/\/ \+SET \+ZOWERING=.*\$/\/\/ SET ZOWERING='${keyring_name}'/" | \ - sed "s/^\/\/ \+SET \+LABEL=.*\$/\/\/ SET LABEL='${alias}'/" | \ - sed "s/^\/\/ \+SET \+LOCALCA=.*\$/\/\/ SET LOCALCA='${ca_alias}'/" | \ - sed "s/^\/\/ \+SET \+STCGRP=.*\$/\/\/ SET STCGRP=${stc_group}/" \ - > "${tmpfile}") - code=$? - chmod 700 "${tmpfile}" - if [ ${code} -eq 0 ]; then - print_debug " * Succeeded" - print_trace " * Exit code: ${code}" - print_trace " * Output:" - if [ -n "${result}" ]; then - print_trace "$(padding_left "${result}" " ")" - fi - else - print_debug " * Failed" - print_error " * Exit code: ${code}" - print_error " * Output:" - if [ -n "${result}" ]; then - print_error "$(padding_left "${result}" " ")" - fi - fi - if [ ! -f "${tmpfile}" ]; then - print_error "Error ZWEL0159E: Failed to modify ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWENOKYR)" - return 159 - fi - print_trace "- Ensure ${tmpfile} encoding before copying into data set" - ensure_file_encoding "${tmpfile}" "SPDX-License-Identifier" - print_trace "- ${tmpfile} created, copy to ${jcllib}(${tmpdsm})" - copy_to_data_set "${tmpfile}" "${jcllib}(${tmpdsm})" "" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" - code=$? - print_trace "- Delete ${tmpfile}" - rm -f "${tmpfile}" - if [ ${code} -ne 0 ]; then - print_error "Error ZWEL0160E: Failed to write to ${jcllib}(${tmpdsm}). Please check if target data set is opened by others." - return 160 - fi - print_message " - ${jcllib}(${tmpdsm}) is prepared" - print_message + jcl_contents=$(cat "//'${jcllib}(ZWENOKYR)'") + print_message "Template JCL: ${prefix}.SZWESAMP(ZWENOKYR) , Executable JCL: ${jcllib}(ZWENOKYR)" + print_message "--- JCL Content ---" + print_message "$jcl_contents" + print_message "--- End of JCL ---" + ############################### # submit job if [ "${ZWE_CLI_PARAMETER_SECURITY_DRY_RUN}" = "true" ]; then - print_message "Dry-run mode, JCL will NOT be submitted on the system." - print_message "Please submit ${jcllib}(${tmpdsm}) manually." + print_message "JCL not submitted, command run with dry run flag." + print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" else - print_message ">>>> Submit ${jcllib}(${tmpdsm})" + print_message "Submitting Job ZWENOKYR" jobid=$(submit_job "//'${jcllib}(${tmpdsm})'") code=$? if [ ${code} -ne 0 ]; then diff --git a/example-zowe.yaml b/example-zowe.yaml index e944ca9760..9540b5f92e 100644 --- a/example-zowe.yaml +++ b/example-zowe.yaml @@ -190,6 +190,11 @@ zowe: # # **COMMONLY_CUSTOMIZED** # # label of Zowe CA certificate. Optional, default value is localca. # caLabel: localca + # # If zowe.verifyCertificates is not DISABLED, zOSMF certificate + # # Will be registered with the truststore. You can customize how this is performed here. + # zOSMF: + # ca: "_auto_" + # user: "IZUSVR" # # Distinguished name for Zowe generated certificates. All optional. # dname: # caCommonName: "" @@ -210,6 +215,7 @@ zowe: # # - dvipa.my-company.com # # - 12.34.56.78 + # # >>>> Certificate setup scenario 4 # # Zowe generated z/OS Keyring and connect to existing certificate # certificate: @@ -226,6 +232,12 @@ zowe: # # **COMMONLY_CUSTOMIZED** # # Label of the existing certificate will be connected to Zowe keyring. # label: "" + # # If zowe.verifyCertificates is not DISABLED, zOSMF certificate + # # Will be registered with the truststore. You can customize how this is performed here. + # zOSMF: + # ca: "_auto_" + # user: "IZUSVR" + # # **COMMONLY_CUSTOMIZED** # # If you have other certificate authorities want to be trusted in Zowe keyring, # # list the certificate labels here. @@ -254,6 +266,11 @@ zowe: # # **COMMONLY_CUSTOMIZED** # # Password for the PKCS12 data set. # password: "" + # # If zowe.verifyCertificates is not DISABLED, zOSMF certificate + # # Will be registered with the truststore. You can customize how this is performed here. + # zOSMF: + # ca: "_auto_" + # user: "IZUSVR" # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # VSAM configurations if you are using VSAM as Caching Service storage diff --git a/files/SZWESAMP/ZWEIKRA1 b/files/SZWESAMP/ZWEIKRA1 new file mode 100644 index 0000000000..b27c1db2e6 --- /dev/null +++ b/files/SZWESAMP/ZWEIKRA1 @@ -0,0 +1,241 @@ +//ZWEIKRA1 JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* Zowe Open Source Project +//* This JCL can be used to define key ring and certificates for Zowe +//* +//********************************************************************* +//* ATTENTION! +//* Configure certificate for Zowe +//* Select one of three options which is the most suitable for your +//* environment and follow the appropriate action +//* +//* Options: +//* 1. (default option) Generate Zowe's certificate that will be +//* signed by the Zowe's local CA +//* +//* 2. Zowe's certificate is already loaded in RACF database +//* ACTION: +//* a. modify the following snippet +//* CONNECT(SITE | ID(userid) + +//* LABEL('certlabel') + +//* to match the owner of the desired certificate +//* +//* 3. Import external Zowe's certificate from a data set in PKCS12 +//* format +//* +//********************************************************************* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* 2) Update the SET IPADDRES= variable to match the IP address +//* where Zowe is to run. +//* +//* 3) If you have external certificate authorities for ITRMZWCA +//* and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +//* +//* 4) Update the SET ITRMZWCA= variable to match the intermediate +//* CA of the Zowe certificate. It is only applicable if Zowe +//* certificate signed by a recognized certificate authority (CA). +//* +//* 5) Update the SET ROOTZWCA= variable to match the root CA of the +//* Zowe certificate. It is only applicable if Zowe certificate +//* signed by a recognized certificate authority (CA). +//* +//* 6) If you enable VERIFY_CERTIFICATES or +//* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* IFROZFCA to 1 to connect z/OSMF certificate authority to +//* Zowe keyring. Otherwise set to 0. +//* +//* 7) Customize the commands in the DD statement that matches your +//* security product so that they meet your system requirements. +//* +//* Note(s): +//* +//* 1. The userid that runs this job must have sufficient authority +//* to alter security definitions +//* +//* 2. Assumption: signing CA chain of the Zowe external certificate is +//* added to the security database under the CERTAUTH userid. +//* +//* 3. If the Zowe certificate is imported from a data set then +//* the certificate has to be in PKCS12 format and has to +//* contain Zowe certificate's signing CA chain and private key. +//* +//* 4. This job WILL complete with return code 0. +//* The results of each command must be verified after completion. +//* +//********************************************************************* +// EXPORT SYMLIST=* +//* +//* * IP address of the system where Zowe is to run +// SET IPADDRES='' +//* * If you have external certificate authorities for ITRMZWCA +//* * and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +// SET IFZOWECA=0 +//* * Label of the intermediate CA of the Zowe certificate +//* if applicable +// SET ITRMZWCA='' +//* * Label of the root CA of the Zowe certificate if applicable +// SET ROOTZWCA='' +//* * If you enable VERIFY_CERTIFICATES or +//* * NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* * IFROZFCA to 1 to connect z/OSMF certificate authority to +//* * Zowe keyring. Otherwise set to 0. +// SET IFROZFCA=0 +//******************************************************************* +//* +//* * You do NOT need to set USERNAME when running ZWEGENER. +//* * This is used to keep some lines under the column limit. +//* +// SET USERNAME={zowe.setup.security.users.zowe} +//* +//********************************************************************* +//* +//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT +//* +//RUNACF2 EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +// +* Create the keyring .............................................. */ + SET PROFILE(USER) DIVISION(KEYRING) + INSERT {zowe.setup.security.users.zowe}..ZOWERING + + RINGNAME({zowe.setup.certificate.keyring.name}.) + F ACF2,REBUILD(USR),CLASS(P),DIVISION(KEYRING) +$$ +//RUNOPT1 EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +// +* Option 1 - Default Option - BEGINNING ........................... */ +* Create Zowe's local CA authority ................................ */ + SET PROFILE(USER) DIVISION(CERTDATA) + GENCERT CERTAUTH.ZOWECA - + LABEL({zowe.setup.certificate.keyring.caLabel}) SIZE(2048) - + SUBJSDN(CN='{zowe.setup.certificate.dname}. CA' - + OU='{zowe.setup.certificate.dname.orgUnit}.' - + O='{zowe.setup.certificate.dname.org}.' - + L='{zowe.setup.certificate.dname.locality}.' - + SP='{zowe.setup.certificate.dname.state}.' - + C='{zowe.setup.certificate.dname.country}.') - + EXPIRE(05/01/30) - + KEYUSAGE(CERTSIGN) +* +* Connect Zowe's local CA authority to the keyring ................ */ + SET PROFILE(USER) DIVISION(CERTDATA) + CONNECT CERTDATA(CERTAUTH.ZOWECA) - + RINGNAME({zowe.setup.certificate.keyring.name}.) - + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) + CHKCERT CERTAUTH.ZOWECA +* +* Create a certificate signed by local zowe's CA .................. */ + SET PROFILE(USER) DIV(CERTDATA) + GENCERT {zowe.setup.security.users.zowe}..ZOWECERT - + SUBJSDN(CN='{zowe.setup.certificate.dname}. certificate' - + OU='{zowe.setup.certificate.dname.orgUnit}.' - + O='{zowe.setup.certificate.dname.org}.' - + L='{zowe.setup.certificate.dname.locality}.' - + SP='{zowe.setup.certificate.dname.state}.' - + C='{zowe.setup.certificate.dname.country}.') - + SIZE(2048) - + EXPIRE(05/01/30) - + LABEL({zowe.setup.certificate.keyring.label}.) - + KEYUSAGE(HANDSHAKE) - + ALTNAME(IP=&IPADDRES DOMAIN={zowe.externalDomains.0}) - + SIGNWITH(CERTAUTH.ZOWECA) +* +* Connect a Zowe's certificate with the keyring ................... */ + SET PROFILE(USER) DIVISION(CERTDATA) + CONNECT CERTDATA({zowe.setup.security.users.zowe}..ZOWECERT) - + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - + USAGE(PERSONAL) DEFAULT + CHKCERT {zowe.setup.security.users.zowe}..ZOWECERT +* +* Option 1 - Default Option - END ................................. */ +$$ +//* +//IFZWCA IF (&IFZOWECA EQ 1) THEN +//RUNZWCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +// +* Connect all CAs of the Zowe certificate's signing chain with the */ +* keyring ......................................................... */ + SET PROFILE(USER) DIVISION(CERTDATA) + CONNECT CERTDATA(CERTAUTH.&ITRMZWCA.) - + RINGNAME({zowe.setup.certificate.keyring.name}.) - + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) +* + CONNECT CERTDATA(CERTAUTH.&ROOTZWCA.) - + RINGNAME({zowe.setup.certificate.keyring.name}.) - + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) +$$ +//IFZWCAED ENDIF +//* +//IFZFCA IF (&IFROZFCA EQ 1) THEN +//RUNZFCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +// +* Connect the z/OSMF root CA signed by a recognized certificate ... */ +* authority (CA) with the keyring ................................. */ + SET PROFILE(USER) DIVISION(CERTDATA) + CONNECT - + CERTDATA(CERTAUTH.{zowe.setup.certificate.keyring.zOSMF.ca}.) - + RINGNAME({zowe.setup.certificate.keyring.name}.) - + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - + USAGE(CERTAUTH) +$$ +//IFZFCAED ENDIF +//* +//COMACF2 EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +// +* A common part for all options - BEGINNING ....................... */ +* +* Allow ZOWEUSER to access keyring ................................ */ + SET RESOURCE(FAC) + RECKEY IRR ADD(DIGTCERT.LISTRING - + ROLE({zowe.setup.security.groups.stc}) - + SERVICE(READ) ALLOW) +* +* Uncomment this command if SITE acid owns the Zowe certificate ... */ +* RECKEY IRR ADD(DIGTCERT.GENCERT - +* ROLE({zowe.setup.security.groups.stc}) - +* SERVICE(CONTROL) ALLOW) +* + F ACF2,REBUILD(FAC) +* +* List the keyring ................................................ */ + SET PROFILE(USER) DIVISION(KEYRING) + LIST {zowe.setup.security.users.zowe}..ZOWERING +* Common part - END ............................................... */ +$$ +//* diff --git a/files/SZWESAMP/ZWEIKRA2 b/files/SZWESAMP/ZWEIKRA2 new file mode 100644 index 0000000000..d30cce8599 --- /dev/null +++ b/files/SZWESAMP/ZWEIKRA2 @@ -0,0 +1,207 @@ +//ZWEIKRA2 JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* Zowe Open Source Project +//* This JCL can be used to define key ring and certificates for Zowe +//* +//********************************************************************* +//* ATTENTION! +//* Configure certificate for Zowe +//* Select one of three options which is the most suitable for your +//* environment and follow the appropriate action +//* +//* Options: +//* 1. (default option) Generate Zowe's certificate that will be +//* signed by the Zowe's local CA +//* +//* 2. Zowe's certificate is already loaded in RACF database +//* ACTION: +//* a. modify the following snippet +//* CONNECT(SITE | ID(userid) + +//* LABEL('certlabel') + +//* to match the owner of the desired certificate +//* +//* 3. Import external Zowe's certificate from a data set in PKCS12 +//* format +//* +//********************************************************************* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* 2) Update the SET IPADDRES= variable to match the IP address +//* where Zowe is to run. +//* +//* 3) If you have external certificate authorities for ITRMZWCA +//* and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +//* +//* 4) Update the SET ITRMZWCA= variable to match the intermediate +//* CA of the Zowe certificate. It is only applicable if Zowe +//* certificate signed by a recognized certificate authority (CA). +//* +//* 5) Update the SET ROOTZWCA= variable to match the root CA of the +//* Zowe certificate. It is only applicable if Zowe certificate +//* signed by a recognized certificate authority (CA). +//* +//* 6) If you enable VERIFY_CERTIFICATES or +//* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* IFROZFCA to 1 to connect z/OSMF certificate authority to +//* Zowe keyring. Otherwise set to 0. +//* +//* 7) Customize the commands in the DD statement that matches your +//* security product so that they meet your system requirements. +//* +//* Note(s): +//* +//* 1. The userid that runs this job must have sufficient authority +//* to alter security definitions +//* +//* 2. Assumption: signing CA chain of the Zowe external certificate is +//* added to the security database under the CERTAUTH userid. +//* +//* 3. If the Zowe certificate is imported from a data set then +//* the certificate has to be in PKCS12 format and has to +//* contain Zowe certificate's signing CA chain and private key. +//* +//* 4. This job WILL complete with return code 0. +//* The results of each command must be verified after completion. +//* +//********************************************************************* +// EXPORT SYMLIST=* +//* +//* * IP address of the system where Zowe is to run +// SET IPADDRES='' +//* * If you have external certificate authorities for ITRMZWCA +//* * and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +// SET IFZOWECA=0 +//* * Label of the intermediate CA of the Zowe certificate +//* if applicable +// SET ITRMZWCA='' +//* * Label of the root CA of the Zowe certificate if applicable +// SET ROOTZWCA='' +//* * If you enable VERIFY_CERTIFICATES or +//* * NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* * IFROZFCA to 1 to connect z/OSMF certificate authority to +//* * Zowe keyring. Otherwise set to 0. +// SET IFROZFCA=0 +//******************************************************************* +//* +//* * You do NOT need to set USERNAME when running ZWEGENER. +//* * This is used to keep some lines under the column limit. +//* +// SET USERNAME={zowe.setup.security.users.zowe} +//* +//********************************************************************* +//* +//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT +//* +//RUNACF2 EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +// +* Create the keyring .............................................. */ + SET PROFILE(USER) DIVISION(KEYRING) + INSERT {zowe.setup.security.users.zowe}..ZOWERING + + RINGNAME({zowe.setup.certificate.keyring.name}.) + F ACF2,REBUILD(USR),CLASS(P),DIVISION(KEYRING) +$$ +//* +//RUNOPT2 EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +// +* Option 2 - BEGINNING ............................................ */ +* Connect a Zowe's certificate with the keyring ................... */ + SET PROFILE(USER) DIVISION(CERTDATA) + CONNECT CERTDATA(SITECERT.digicert | userid.digicert) - + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - + USAGE(PERSONAL) DEFAULT + CHKCERT {zowe.setup.security.users.zowe}..ZOWECERT +* +* Option 2 - END .................................................. */ +$$ +//IFOPT2ED ENDIF +//* +//IFZWCA IF (&IFZOWECA EQ 1) THEN +//RUNZWCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +// +* Connect all CAs of the Zowe certificate's signing chain with the */ +* keyring ......................................................... */ + SET PROFILE(USER) DIVISION(CERTDATA) + CONNECT CERTDATA(CERTAUTH.&ITRMZWCA.) - + RINGNAME({zowe.setup.certificate.keyring.name}.) - + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) +* + CONNECT CERTDATA(CERTAUTH.&ROOTZWCA.) - + RINGNAME({zowe.setup.certificate.keyring.name}.) - + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) +$$ +//IFZWCAED ENDIF +//* +//IFZFCA IF (&IFROZFCA EQ 1) THEN +//RUNZFCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +// +* Connect the z/OSMF root CA signed by a recognized certificate ... */ +* authority (CA) with the keyring ................................. */ + SET PROFILE(USER) DIVISION(CERTDATA) + CONNECT - + CERTDATA(CERTAUTH.{zowe.setup.certificate.keyring.zOSMF.ca}.) - + RINGNAME({zowe.setup.certificate.keyring.name}.) - + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - + USAGE(CERTAUTH) +$$ +//IFZFCAED ENDIF +//* +//COMACF2 EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +// +* A common part for all options - BEGINNING ....................... */ +* +* Allow ZOWEUSER to access keyring ................................ */ + SET RESOURCE(FAC) + RECKEY IRR ADD(DIGTCERT.LISTRING - + ROLE({zowe.setup.security.groups.stc}) - + SERVICE(READ) ALLOW) +* +* Uncomment this command if SITE acid owns the Zowe certificate ... */ +* RECKEY IRR ADD(DIGTCERT.GENCERT - +* ROLE({zowe.setup.security.groups.stc}) - +* SERVICE(CONTROL) ALLOW) +* + F ACF2,REBUILD(FAC) +* +* List the keyring ................................................ */ + SET PROFILE(USER) DIVISION(KEYRING) + LIST {zowe.setup.security.users.zowe}..ZOWERING +* Common part - END ............................................... */ +$$ +//* diff --git a/files/SZWESAMP/ZWEIKRA3 b/files/SZWESAMP/ZWEIKRA3 new file mode 100644 index 0000000000..a971eb141b --- /dev/null +++ b/files/SZWESAMP/ZWEIKRA3 @@ -0,0 +1,214 @@ +//ZWEIKRA3 JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* Zowe Open Source Project +//* This JCL can be used to define key ring and certificates for Zowe +//* +//********************************************************************* +//* ATTENTION! +//* Configure certificate for Zowe +//* Select one of three options which is the most suitable for your +//* environment and follow the appropriate action +//* +//* Options: +//* 1. (default option) Generate Zowe's certificate that will be +//* signed by the Zowe's local CA +//* +//* 2. Zowe's certificate is already loaded in RACF database +//* ACTION: +//* a. modify the following snippet +//* CONNECT(SITE | ID(userid) + +//* LABEL('certlabel') + +//* to match the owner of the desired certificate +//* +//* 3. Import external Zowe's certificate from a data set in PKCS12 +//* format +//* +//********************************************************************* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* 2) Update the SET IPADDRES= variable to match the IP address +//* where Zowe is to run. +//* +//* 3) If you have external certificate authorities for ITRMZWCA +//* and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +//* +//* 4) Update the SET ITRMZWCA= variable to match the intermediate +//* CA of the Zowe certificate. It is only applicable if Zowe +//* certificate signed by a recognized certificate authority (CA). +//* +//* 5) Update the SET ROOTZWCA= variable to match the root CA of the +//* Zowe certificate. It is only applicable if Zowe certificate +//* signed by a recognized certificate authority (CA). +//* +//* 6) If you enable VERIFY_CERTIFICATES or +//* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* IFROZFCA to 1 to connect z/OSMF certificate authority to +//* Zowe keyring. Otherwise set to 0. +//* +//* 7) Customize the commands in the DD statement that matches your +//* security product so that they meet your system requirements. +//* +//* Note(s): +//* +//* 1. The userid that runs this job must have sufficient authority +//* to alter security definitions +//* +//* 2. Assumption: signing CA chain of the Zowe external certificate is +//* added to the security database under the CERTAUTH userid. +//* +//* 3. If the Zowe certificate is imported from a data set then +//* the certificate has to be in PKCS12 format and has to +//* contain Zowe certificate's signing CA chain and private key. +//* +//* 4. This job WILL complete with return code 0. +//* The results of each command must be verified after completion. +//* +//********************************************************************* +// EXPORT SYMLIST=* +//* +//* * IP address of the system where Zowe is to run +// SET IPADDRES='' +//* * If you have external certificate authorities for ITRMZWCA +//* * and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +// SET IFZOWECA=0 +//* * Label of the intermediate CA of the Zowe certificate +//* if applicable +// SET ITRMZWCA='' +//* * Label of the root CA of the Zowe certificate if applicable +// SET ROOTZWCA='' +//* * If you enable VERIFY_CERTIFICATES or +//* * NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* * IFROZFCA to 1 to connect z/OSMF certificate authority to +//* * Zowe keyring. Otherwise set to 0. +// SET IFROZFCA=0 +//******************************************************************* +//* +//* * You do NOT need to set USERNAME when running ZWEGENER. +//* * This is used to keep some lines under the column limit. +//* +// SET USERNAME={zowe.setup.security.users.zowe} +//* +//********************************************************************* +//* +//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT +//* +//RUNACF2 EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +// +* Create the keyring .............................................. */ + SET PROFILE(USER) DIVISION(KEYRING) + INSERT {zowe.setup.security.users.zowe}..ZOWERING + + RINGNAME({zowe.setup.certificate.keyring.name}.) + F ACF2,REBUILD(USR),CLASS(P),DIVISION(KEYRING) +$$ +//* +//RUNOPT3 EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +// +* Option 3 - BEGINNING ............................................ */ +* Import external certificate from data set ....................... */ + SET PROFILE(USER) DIV(CERTDATA) + INSERT {zowe.setup.security.users.zowe}..ZOWECERT - + DSNAME('{zowe.setup.certificate.keyring.import.dsName}.') - + LABEL(&LABEL.) - + PASSWORD('{zowe.setup.certificate.keyring.import.password}.') - + TRUST +* +* Connect a Zowe's certificate with the keyring ................... */ + SET PROFILE(USER) DIVISION(CERTDATA) + CONNECT CERTDATA({zowe.setup.security.users.zowe}..ZOWECERT) - + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - + USAGE(PERSONAL) DEFAULT + CHKCERT {zowe.setup.security.users.zowe}..ZOWECERT +* +* Option 3 - END .................................................. */ +$$ +//* +//IFZWCA IF (&IFZOWECA EQ 1) THEN +//RUNZWCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +// +* Connect all CAs of the Zowe certificate's signing chain with the */ +* keyring ......................................................... */ + SET PROFILE(USER) DIVISION(CERTDATA) + CONNECT CERTDATA(CERTAUTH.&ITRMZWCA.) - + RINGNAME({zowe.setup.certificate.keyring.name}.) - + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) +* + CONNECT CERTDATA(CERTAUTH.&ROOTZWCA.) - + RINGNAME({zowe.setup.certificate.keyring.name}.) - + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) +$$ +//IFZWCAED ENDIF +//* +//IFZFCA IF (&IFROZFCA EQ 1) THEN +//RUNZFCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +// +* Connect the z/OSMF root CA signed by a recognized certificate ... */ +* authority (CA) with the keyring ................................. */ + SET PROFILE(USER) DIVISION(CERTDATA) + CONNECT - + CERTDATA(CERTAUTH.{zowe.setup.certificate.keyring.zOSMF.ca}.) - + RINGNAME({zowe.setup.certificate.keyring.name}.) - + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - + USAGE(CERTAUTH) +$$ +//IFZFCAED ENDIF +//* +//COMACF2 EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +// +* A common part for all options - BEGINNING ....................... */ +* +* Allow ZOWEUSER to access keyring ................................ */ + SET RESOURCE(FAC) + RECKEY IRR ADD(DIGTCERT.LISTRING - + ROLE({zowe.setup.security.groups.stc}) - + SERVICE(READ) ALLOW) +* +* Uncomment this command if SITE acid owns the Zowe certificate ... */ +* RECKEY IRR ADD(DIGTCERT.GENCERT - +* ROLE({zowe.setup.security.groups.stc}) - +* SERVICE(CONTROL) ALLOW) +* + F ACF2,REBUILD(FAC) +* +* List the keyring ................................................ */ + SET PROFILE(USER) DIVISION(KEYRING) + LIST {zowe.setup.security.users.zowe}..ZOWERING +* Common part - END ............................................... */ +$$ +//* diff --git a/files/SZWESAMP/ZWEIKRR1 b/files/SZWESAMP/ZWEIKRR1 new file mode 100644 index 0000000000..7c74d618b0 --- /dev/null +++ b/files/SZWESAMP/ZWEIKRR1 @@ -0,0 +1,287 @@ +//ZWEIKRR1 JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* Zowe Open Source Project +//* This JCL can be used to define key ring and certificates for Zowe +//* +//********************************************************************* +//* ATTENTION! +//* Configure certificate for Zowe +//* Select one of three options which is the most suitable for your +//* environment and follow the appropriate action +//* +//* Options: +//* 1. (default option) Generate Zowe's certificate that will be +//* signed by the Zowe's local CA +//* +//* 2. Zowe's certificate is already loaded in RACF database +//* ACTION: +//* a. modify the following snippet +//* CONNECT(SITE | ID(userid) + +//* LABEL('certlabel') + +//* to match the owner of the desired certificate +//* +//* 3. Import external Zowe's certificate from a data set in PKCS12 +//* format +//* +//********************************************************************* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* 2) Update the SET IPADDRES= variable to match the IP address +//* where Zowe is to run. +//* +//* 3) If you have external certificate authorities for ITRMZWCA +//* and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +//* +//* 4) Update the SET ITRMZWCA= variable to match the intermediate +//* CA of the Zowe certificate. It is only applicable if Zowe +//* certificate signed by a recognized certificate authority (CA). +//* +//* 5) Update the SET ROOTZWCA= variable to match the root CA of the +//* Zowe certificate. It is only applicable if Zowe certificate +//* signed by a recognized certificate authority (CA). +//* +//* 6) If you enable VERIFY_CERTIFICATES or +//* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* IFROZFCA to 1 to connect z/OSMF certificate authority to +//* Zowe keyring. Otherwise set to 0. +//* +//* 7) Customize the commands in the DD statement that matches your +//* security product so that they meet your system requirements. +//* +//* Note(s): +//* +//* 1. The userid that runs this job must have sufficient authority +//* to alter security definitions +//* +//* 2. Assumption: signing CA chain of the Zowe external certificate is +//* added to the security database under the CERTAUTH userid. +//* +//* 3. If the Zowe certificate is imported from a data set then +//* the certificate has to be in PKCS12 format and has to +//* contain Zowe certificate's signing CA chain and private key. +//* +//* 4. This job WILL complete with return code 0. +//* The results of each command must be verified after completion. +//* +//********************************************************************* +// EXPORT SYMLIST=* +//* +//* * IP address of the system where Zowe is to run +// SET IPADDRES='' +//* * If you have external certificate authorities for ITRMZWCA +//* * and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +// SET IFZOWECA=0 +//* * Label of the intermediate CA of the Zowe certificate +//* if applicable +// SET ITRMZWCA='' +//* * Label of the root CA of the Zowe certificate if applicable +// SET ROOTZWCA='' +//* * If you enable VERIFY_CERTIFICATES or +//* * NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* * IFROZFCA to 1 to connect z/OSMF certificate authority to +//* * Zowe keyring. Otherwise set to 0. +// SET IFROZFCA=0 +//******************************************************************* +//* +//* * You do NOT need to set USERNAME when running ZWEGENER. +//* * This is used to keep some lines under the column limit. +//* +// SET USERNAME={zowe.setup.security.users.zowe} +//* +//********************************************************************* +//* +//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT +//* +//RUNRACF EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=RACF +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Create the keyring .............................................. */ + RACDCERT ADDRING({zowe.setup.certificate.keyring.name}.) + + ID({zowe.setup.security.users.zowe}.) + SETROPTS RACLIST(DIGTRING) REFRESH +$$ +//RUNOPT1 EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=RACF +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Option 1 - Default Option - BEGINNING ........................... */ +/* Create Zowe's local CA authority .................................*/ + RACDCERT GENCERT CERTAUTH + + SUBJECTSDN( + + CN('{zowe.setup.certificate.dname}. CA') + + OU('{zowe.setup.certificate.dname.orgUnit}.') + + O('{zowe.setup.certificate.dname.org}.') + + L('{zowe.setup.certificate.dname.locality}.') + + SP('{zowe.setup.certificate.dname.state}.') + + C('{zowe.setup.certificate.dname.country}.')) + + SIZE(2048) + + NOTAFTER(DATE(2030-05-01)) + + WITHLABEL('{zowe.setup.certificate.keyring.caLabel}') + + KEYUSAGE(CERTSIGN) + +/* Connect Zowe's local CA authority to the keyring ................ */ + RACDCERT CONNECT(CERTAUTH + + LABEL('{zowe.setup.certificate.keyring.caLabel}') + + RING({zowe.setup.certificate.keyring.name}.)) + + ID({zowe.setup.security.users.zowe}.) + +/* Create a certificate signed by local zowe's CA .................. */ + RACDCERT GENCERT ID({zowe.setup.security.users.zowe}.) + + SUBJECTSDN( + + CN('{zowe.setup.certificate.dname}. certificate') + + OU('{zowe.setup.certificate.dname.orgUnit}.') + + O('{zowe.setup.certificate.dname.org}.') + + L('{zowe.setup.certificate.dname.locality}.') + + SP('{zowe.setup.certificate.dname.state}.') + + C('{zowe.setup.certificate.dname.country}.')) + + SIZE(2048) + + NOTAFTER(DATE(2030-05-01)) + + WITHLABEL('{zowe.setup.certificate.keyring.label}.') + + KEYUSAGE(HANDSHAKE) + + ALTNAME(IP(&IPADDRES) + + DOMAIN('{zowe.externalDomains.0}')) + + SIGNWITH(CERTAUTH + + LABEL('{zowe.setup.certificate.keyring.caLabel}')) + +/* Connect a Zowe's certificate with the keyring ................... */ + RACDCERT CONNECT(ID({zowe.setup.security.users.zowe}.) + + LABEL('{zowe.setup.certificate.keyring.label}.') + + RING({zowe.setup.certificate.keyring.name}.) + + USAGE(PERSONAL) DEFAULT) + + ID({zowe.setup.security.users.zowe}.) + + SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH + +$$ +//* +//IFZWCA IF (&IFZOWECA EQ 1) THEN +//RUNZWCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=RACF +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Connect all CAs of the Zowe certificate's signing chain with the */ +/* keyring ......................................................... */ + RACDCERT CONNECT(CERTAUTH + + LABEL('&ITRMZWCA.') + + RING({zowe.setup.certificate.keyring.name}.) + + USAGE(CERTAUTH)) + + ID({zowe.setup.security.users.zowe}.) + + RACDCERT CONNECT(CERTAUTH + + LABEL('&ROOTZWCA.') + + RING({zowe.setup.certificate.keyring.name}.) + + USAGE(CERTAUTH)) + + ID({zowe.setup.security.users.zowe}.) + + SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH +$$ +//IFZWCAED ENDIF +//* +//IFZFCA IF (&IFROZFCA EQ 1) THEN +//RUNZFCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=RACF +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Connect the z/OSMF root CA signed by a recognized certificate ... */ +/* authority (CA) with the keyring ................................. */ + RACDCERT CONNECT(CERTAUTH + + LABEL('{zowe.setup.certificate.keyring.zOSMF.ca}.') + + RING({zowe.setup.certificate.keyring.name}.) + + USAGE(CERTAUTH)) + + ID({zowe.setup.security.users.zowe}.) + + SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH +$$ +//IFZFCAED ENDIF +//* +//COMRACF EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=RACF +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* A common part for all options - BEGINNING ....................... */ + +/* Allow ZOWEUSER to access keyring ................................ */ + +/* Activate RDATALIB class holding profiles that control ........... */ +/* certificate access ............................................. */ + SETROPTS CLASSACT(RDATALIB) RACLIST(RDATALIB) + +/* Define profiles that control certificate access ................. */ + RDEFINE RDATALIB + + &USERNAME..{zowe.setup.certificate.keyring.name}..LST + + UACC(NONE) + +/* Permit server user ID to access key ring and related ............ */ +/* private keys. ................................................... */ + PERMIT + + &USERNAME..{zowe.setup.certificate.keyring.name}..LST + + CLASS(RDATALIB) ID({zowe.setup.security.users.zowe}.) + + ACCESS(CONTROL) + +/* Uncomment this command to allow other user to access key ring ... */ +/* PERMIT &USERNAME..{zowe.setup.certificate.keyring.name}..LST + */ +/* CLASS(RDATALIB) ID() + */ +/* ACCESS(READ) */ + +/* Refresh to dynamically activate the changes. .................... */ + SETROPTS RACLIST(RDATALIB) REFRESH + +/* IRR.DIGTCERT logic pre-dates RDATALIB logic, and is not used when */ +/* the RDATALIB profile is used. The following PERMIT commands are . */ +/* present for customers who do not wish to use RDATALIB and want to */ +/* continue using their existing IRR.DIGTCERT setup. Note that the . */ +/* PERMIT commands will fail if the IRR.DIGTCERT profiles do not ... */ +/* already exist. .................................................. */ + PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) + + ID({zowe.setup.security.users.zowe}.) + + ACCESS(READ) + PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) + + ID({zowe.setup.security.users.zowe}.) + + ACCESS(READ) + +/* Uncomment this command if SITE user owns the Zowe certificate ... */ +/* PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) */ +/* ID({zowe.setup.security.users.zowe}.) + */ +/* ACCESS(CONTROL) */ + + SETROPTS RACLIST(FACILITY) REFRESH + +/* show results .................................................... */ + RLIST RDATALIB + + &USERNAME..{zowe.setup.certificate.keyring.name}..LST ALL + RLIST FACILITY IRR.DIGTCERT.LISTRING ALL + RLIST FACILITY IRR.DIGTCERT.LIST ALL + RLIST FACILITY IRR.DIGTCERT.GENCERT ALL + +/* List the keyring ................................................ */ + RACDCERT LISTRING({zowe.setup.certificate.keyring.name}.) + + ID({zowe.setup.security.users.zowe}.) + +/* Common part - END ............................................... */ +/* only the last RC is returned, this command ensures it is a 0 .... */ +PROFILE +$$ +//* diff --git a/files/SZWESAMP/ZWEIKRR2 b/files/SZWESAMP/ZWEIKRR2 new file mode 100644 index 0000000000..b2083d0829 --- /dev/null +++ b/files/SZWESAMP/ZWEIKRR2 @@ -0,0 +1,255 @@ +//ZWEIKRR2 JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* Zowe Open Source Project +//* This JCL can be used to define key ring and certificates for Zowe +//* +//********************************************************************* +//* ATTENTION! +//* Configure certificate for Zowe +//* Select one of three options which is the most suitable for your +//* environment and follow the appropriate action +//* +//* Options: +//* 1. (default option) Generate Zowe's certificate that will be +//* signed by the Zowe's local CA +//* +//* 2. Zowe's certificate is already loaded in RACF database +//* ACTION: +//* a. modify the following snippet +//* CONNECT(SITE | ID(userid) + +//* LABEL('certlabel') + +//* to match the owner of the desired certificate +//* +//* 3. Import external Zowe's certificate from a data set in PKCS12 +//* format +//* +//********************************************************************* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* 2) Update the SET IPADDRES= variable to match the IP address +//* where Zowe is to run. +//* +//* 3) If you have external certificate authorities for ITRMZWCA +//* and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +//* +//* 4) Update the SET ITRMZWCA= variable to match the intermediate +//* CA of the Zowe certificate. It is only applicable if Zowe +//* certificate signed by a recognized certificate authority (CA). +//* +//* 5) Update the SET ROOTZWCA= variable to match the root CA of the +//* Zowe certificate. It is only applicable if Zowe certificate +//* signed by a recognized certificate authority (CA). +//* +//* 6) If you enable VERIFY_CERTIFICATES or +//* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* IFROZFCA to 1 to connect z/OSMF certificate authority to +//* Zowe keyring. Otherwise set to 0. +//* +//* 7) Customize the commands in the DD statement that matches your +//* security product so that they meet your system requirements. +//* +//* Note(s): +//* +//* 1. The userid that runs this job must have sufficient authority +//* to alter security definitions +//* +//* 2. Assumption: signing CA chain of the Zowe external certificate is +//* added to the security database under the CERTAUTH userid. +//* +//* 3. If the Zowe certificate is imported from a data set then +//* the certificate has to be in PKCS12 format and has to +//* contain Zowe certificate's signing CA chain and private key. +//* +//* 4. This job WILL complete with return code 0. +//* The results of each command must be verified after completion. +//* +//********************************************************************* +// EXPORT SYMLIST=* +//* * IP address of the system where Zowe is to run +// SET IPADDRES='' +//* * If you have external certificate authorities for ITRMZWCA +//* * and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +// SET IFZOWECA=0 +//* * Label of the intermediate CA of the Zowe certificate +//* if applicable +// SET ITRMZWCA='' +//* * Label of the root CA of the Zowe certificate if applicable +// SET ROOTZWCA='' +//* * If you enable VERIFY_CERTIFICATES or +//* * NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* * IFROZFCA to 1 to connect z/OSMF certificate authority to +//* * Zowe keyring. Otherwise set to 0. +// SET IFROZFCA=0 +//******************************************************************* +//* +//* * You do NOT need to set USERNAME when running ZWEGENER. +//* * This is used to keep some lines under the column limit. +//* +// SET USERNAME={zowe.setup.security.users.zowe} +//* +//********************************************************************* +//* +//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT +//* +//RUNRACF EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME={zowe.setup.security.product} +//* +//********************************************************************* +//* +//* RACF ONLY, customize to meet your system requirements +//* +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Create the keyring .............................................. */ + RACDCERT ADDRING({zowe.setup.certificate.keyring.name}.) + + ID({zowe.setup.security.users.zowe}.) + SETROPTS RACLIST(DIGTRING) REFRESH +$$ +//* +//RUNOPT2 EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=RACF +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Option 2 - BEGINNING ............................................ */ +/* Connect a Zowe's certificate with the keyring ................... */ + RACDCERT CONNECT(SITE | + + ID({zowe.setup.certificate.keyring.connect.user}) + + LABEL({zowe.setup.certificate.keyring.connect.label}) + + RING({zowe.setup.certificate.keyring.name}.) + + USAGE(PERSONAL) DEFAULT) + + ID({zowe.setup.security.users.zowe}.) + + SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH + +$$ +//* +//IFZWCA IF (&IFZOWECA EQ 1) THEN +//RUNZWCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=RACF +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Connect all CAs of the Zowe certificate's signing chain with the */ +/* keyring ......................................................... */ + RACDCERT CONNECT(CERTAUTH + + LABEL('&ITRMZWCA.') + + RING({zowe.setup.certificate.keyring.name}.) + + USAGE(CERTAUTH)) + + ID({zowe.setup.security.users.zowe}.) + + RACDCERT CONNECT(CERTAUTH + + LABEL('&ROOTZWCA.') + + RING({zowe.setup.certificate.keyring.name}.) + + USAGE(CERTAUTH)) + + ID({zowe.setup.security.users.zowe}.) + + SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH +$$ +//IFZWCAED ENDIF +//* +//IFZFCA IF (&IFROZFCA EQ 1) THEN +//RUNZFCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=RACF +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Connect the z/OSMF root CA signed by a recognized certificate ... */ +/* authority (CA) with the keyring ................................. */ + RACDCERT CONNECT(CERTAUTH + + LABEL('{zowe.setup.certificate.keyring.zOSMF.ca}.') + + RING({zowe.setup.certificate.keyring.name}.) + + USAGE(CERTAUTH)) + + ID({zowe.setup.security.users.zowe}.) + + SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH +$$ +//IFZFCAED ENDIF +//* +//COMRACF EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=RACF +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* A common part for all options - BEGINNING ....................... */ + +/* Allow ZOWEUSER to access keyring ................................ */ + +/* Activate RDATALIB class holding profiles that control ........... */ +/* certificate access ............................................. */ + SETROPTS CLASSACT(RDATALIB) RACLIST(RDATALIB) + +/* Define profiles that control certificate access ................. */ + RDEFINE RDATALIB + + &USERNAME..{zowe.setup.certificate.keyring.name}..LST + + UACC(NONE) + +/* Permit server user ID to access key ring and related ............ */ +/* private keys. ................................................... */ + PERMIT + + &USERNAME..{zowe.setup.certificate.keyring.name}..LST + + CLASS(RDATALIB) ID({zowe.setup.security.users.zowe}.) + + ACCESS(CONTROL) + +/* Uncomment this command to allow other user to access key ring ... */ +/* PERMIT &USERNAME..{zowe.setup.certificate.keyring.name}..LST + */ +/* CLASS(RDATALIB) ID() + */ +/* ACCESS(READ) */ + +/* Refresh to dynamically activate the changes. .................... */ + SETROPTS RACLIST(RDATALIB) REFRESH + +/* IRR.DIGTCERT logic pre-dates RDATALIB logic, and is not used when */ +/* the RDATALIB profile is used. The following PERMIT commands are . */ +/* present for customers who do not wish to use RDATALIB and want to */ +/* continue using their existing IRR.DIGTCERT setup. Note that the . */ +/* PERMIT commands will fail if the IRR.DIGTCERT profiles do not ... */ +/* already exist. .................................................. */ + PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) + + ID({zowe.setup.security.users.zowe}.) + + ACCESS(READ) + PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) + + ID({zowe.setup.security.users.zowe}.) + + ACCESS(READ) + +/* Uncomment this command if SITE user owns the Zowe certificate ... */ +/* PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) */ +/* ID({zowe.setup.security.users.zowe}.) + */ +/* ACCESS(CONTROL) */ + + SETROPTS RACLIST(FACILITY) REFRESH + +/* show results .................................................... */ + RLIST RDATALIB + + &USERNAME..{zowe.setup.certificate.keyring.name}..LST ALL + RLIST FACILITY IRR.DIGTCERT.LISTRING ALL + RLIST FACILITY IRR.DIGTCERT.LIST ALL + RLIST FACILITY IRR.DIGTCERT.GENCERT ALL + +/* List the keyring ................................................ */ + RACDCERT LISTRING({zowe.setup.certificate.keyring.name}.) + + ID({zowe.setup.security.users.zowe}.) + +/* Common part - END ............................................... */ +/* only the last RC is returned, this command ensures it is a 0 .... */ +PROFILE +$$ +//* diff --git a/files/SZWESAMP/ZWEIKRR3 b/files/SZWESAMP/ZWEIKRR3 new file mode 100644 index 0000000000..a9c98be34b --- /dev/null +++ b/files/SZWESAMP/ZWEIKRR3 @@ -0,0 +1,258 @@ +//ZWEIKRR3 JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* Zowe Open Source Project +//* This JCL can be used to define key ring and certificates for Zowe +//* +//********************************************************************* +//* ATTENTION! +//* Configure certificate for Zowe +//* Select one of three options which is the most suitable for your +//* environment and follow the appropriate action +//* +//* Options: +//* 1. (default option) Generate Zowe's certificate that will be +//* signed by the Zowe's local CA +//* +//* 2. Zowe's certificate is already loaded in RACF database +//* ACTION: +//* a. modify the following snippet +//* CONNECT(SITE | ID(userid) + +//* LABEL('certlabel') + +//* to match the owner of the desired certificate +//* +//* 3. Import external Zowe's certificate from a data set in PKCS12 +//* format +//* +//********************************************************************* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* 2) Update the SET IPADDRES= variable to match the IP address +//* where Zowe is to run. +//* +//* 3) If you have external certificate authorities for ITRMZWCA +//* and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +//* +//* 4) Update the SET ITRMZWCA= variable to match the intermediate +//* CA of the Zowe certificate. It is only applicable if Zowe +//* certificate signed by a recognized certificate authority (CA). +//* +//* 5) Update the SET ROOTZWCA= variable to match the root CA of the +//* Zowe certificate. It is only applicable if Zowe certificate +//* signed by a recognized certificate authority (CA). +//* +//* 6) If you enable VERIFY_CERTIFICATES or +//* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* IFROZFCA to 1 to connect z/OSMF certificate authority to +//* Zowe keyring. Otherwise set to 0. +//* +//* 7) Customize the commands in the DD statement that matches your +//* security product so that they meet your system requirements. +//* +//* Note(s): +//* +//* 1. The userid that runs this job must have sufficient authority +//* to alter security definitions +//* +//* 2. Assumption: signing CA chain of the Zowe external certificate is +//* added to the security database under the CERTAUTH userid. +//* +//* 3. If the Zowe certificate is imported from a data set then +//* the certificate has to be in PKCS12 format and has to +//* contain Zowe certificate's signing CA chain and private key. +//* +//* 4. This job WILL complete with return code 0. +//* The results of each command must be verified after completion. +//* +//********************************************************************* +// EXPORT SYMLIST=* +//* +//* * IP address of the system where Zowe is to run +// SET IPADDRES='' +//* * If you have external certificate authorities for ITRMZWCA +//* * and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +// SET IFZOWECA=0 +//* * Label of the intermediate CA of the Zowe certificate +//* if applicable +// SET ITRMZWCA='' +//* * Label of the root CA of the Zowe certificate if applicable +// SET ROOTZWCA='' +//* * If you enable VERIFY_CERTIFICATES or +//* * NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* * IFROZFCA to 1 to connect z/OSMF certificate authority to +//* * Zowe keyring. Otherwise set to 0. +// SET IFROZFCA=0 +//******************************************************************* +//* +//* * You do NOT need to set USERNAME when running ZWEGENER. +//* * This is used to keep some lines under the column limit. +//* +// SET USERNAME={zowe.setup.security.users.zowe} +//* +//********************************************************************* +//* +//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT +//* +//RUNRACF EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME={zowe.setup.security.product} +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Create the keyring .............................................. */ + RACDCERT ADDRING({zowe.setup.certificate.keyring.name}.) + + ID({zowe.setup.security.users.zowe}.) + SETROPTS RACLIST(DIGTRING) REFRESH +$$ +//* +//RUNOPT3 EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=RACF +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Option 3 - BEGINNING ............................................ */ +/* Import external certificate from data set ....................... */ + RACDCERT ADD('{zowe.setup.certificate.keyring.import.dsName}.') + + ID({zowe.setup.security.users.zowe}.) + + WITHLABEL('{zowe.setup.certificate.keyring.label}') + + PASSWORD('{zowe.setup.certificate.keyring.import.password}.') + + TRUST + +/* Connect a Zowe's certificate with the keyring ................... */ + RACDCERT CONNECT(ID({zowe.setup.security.users.zowe}.) + + LABEL('{zowe.setup.certificate.keyring.label}') + + RING({zowe.setup.certificate.keyring.name}.) + + USAGE(PERSONAL) DEFAULT) + + ID({zowe.setup.security.users.zowe}.) + + SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH + +/* Option 3 - END .................................................. */ +$$ +//* +//IFZWCA IF (&IFZOWECA EQ 1) THEN +//RUNZWCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=RACF +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Connect all CAs of the Zowe certificate's signing chain with the */ +/* keyring ......................................................... */ + RACDCERT CONNECT(CERTAUTH + + LABEL('&ITRMZWCA.') + + RING({zowe.setup.certificate.keyring.name}.) + + USAGE(CERTAUTH)) + + ID({zowe.setup.security.users.zowe}.) + + RACDCERT CONNECT(CERTAUTH + + LABEL('&ROOTZWCA.') + + RING({zowe.setup.certificate.keyring.name}.) + + USAGE(CERTAUTH)) + + ID({zowe.setup.security.users.zowe}.) + + SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH +$$ +//IFZWCAED ENDIF +//* +//IFZFCA IF (&IFROZFCA EQ 1) THEN +//RUNZFCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=RACF +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Connect the z/OSMF root CA signed by a recognized certificate ... */ +/* authority (CA) with the keyring ................................. */ + RACDCERT CONNECT(CERTAUTH + + LABEL('{zowe.setup.certificate.keyring.zOSMF.ca}.') + + RING({zowe.setup.certificate.keyring.name}.) + + USAGE(CERTAUTH)) + + ID({zowe.setup.security.users.zowe}.) + + SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH +$$ +//IFZFCAED ENDIF +//* +//COMRACF EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=RACF +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* A common part for all options - BEGINNING ....................... */ + +/* Allow ZOWEUSER to access keyring ................................ */ + +/* Activate RDATALIB class holding profiles that control ........... */ +/* certificate access ............................................. */ + SETROPTS CLASSACT(RDATALIB) RACLIST(RDATALIB) + +/* Define profiles that control certificate access ................. */ + RDEFINE RDATALIB + + &USERNAME..{zowe.setup.certificate.keyring.name}..LST + + UACC(NONE) + +/* Permit server user ID to access key ring and related ............ */ +/* private keys. ................................................... */ + PERMIT + + &USERNAME..{zowe.setup.certificate.keyring.name}..LST + + CLASS(RDATALIB) ID({zowe.setup.security.users.zowe}.) + + ACCESS(CONTROL) + +/* Uncomment this command to allow other user to access key ring ... */ +/* PERMIT &USERNAME..{zowe.setup.certificate.keyring.name}..LST + */ +/* CLASS(RDATALIB) ID() + */ +/* ACCESS(READ) */ + +/* Refresh to dynamically activate the changes. .................... */ + SETROPTS RACLIST(RDATALIB) REFRESH + +/* IRR.DIGTCERT logic pre-dates RDATALIB logic, and is not used when */ +/* the RDATALIB profile is used. The following PERMIT commands are . */ +/* present for customers who do not wish to use RDATALIB and want to */ +/* continue using their existing IRR.DIGTCERT setup. Note that the . */ +/* PERMIT commands will fail if the IRR.DIGTCERT profiles do not ... */ +/* already exist. .................................................. */ + PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) + + ID({zowe.setup.security.users.zowe}.) + + ACCESS(READ) + PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) + + ID({zowe.setup.security.users.zowe}.) + + ACCESS(READ) + +/* Uncomment this command if SITE user owns the Zowe certificate ... */ +/* PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) */ +/* ID({zowe.setup.security.users.zowe}.) + */ +/* ACCESS(CONTROL) */ + + SETROPTS RACLIST(FACILITY) REFRESH + +/* show results .................................................... */ + RLIST RDATALIB + + &USERNAME..{zowe.setup.certificate.keyring.name}..LST ALL + RLIST FACILITY IRR.DIGTCERT.LISTRING ALL + RLIST FACILITY IRR.DIGTCERT.LIST ALL + RLIST FACILITY IRR.DIGTCERT.GENCERT ALL + +/* List the keyring ................................................ */ + RACDCERT LISTRING({zowe.setup.certificate.keyring.name}.) + + ID({zowe.setup.security.users.zowe}.) + +/* Common part - END ............................................... */ +/* only the last RC is returned, this command ensures it is a 0 .... */ +PROFILE +$$ +//* diff --git a/files/SZWESAMP/ZWEIKRT1 b/files/SZWESAMP/ZWEIKRT1 new file mode 100644 index 0000000000..d6de622ff2 --- /dev/null +++ b/files/SZWESAMP/ZWEIKRT1 @@ -0,0 +1,227 @@ +//ZWEIKRT1 JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* Zowe Open Source Project +//* This JCL can be used to define key ring and certificates for Zowe +//* +//********************************************************************* +//* ATTENTION! +//* Configure certificate for Zowe +//* Select one of three options which is the most suitable for your +//* environment and follow the appropriate action +//* +//* Options: +//* 1. (default option) Generate Zowe's certificate that will be +//* signed by the Zowe's local CA +//* +//* 2. Zowe's certificate is already loaded in RACF database +//* ACTION: +//* a. modify the following snippet +//* CONNECT(SITE | ID(userid) + +//* LABEL('certlabel') + +//* to match the owner of the desired certificate +//* +//* 3. Import external Zowe's certificate from a data set in PKCS12 +//* format +//* +//********************************************************************* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* 2) Update the SET IPADDRES= variable to match the IP address +//* where Zowe is to run. +//* +//* 3) If you have external certificate authorities for ITRMZWCA +//* and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +//* +//* 4) Update the SET ITRMZWCA= variable to match the intermediate +//* CA of the Zowe certificate. It is only applicable if Zowe +//* certificate signed by a recognized certificate authority (CA). +//* +//* 5) Update the SET ROOTZWCA= variable to match the root CA of the +//* Zowe certificate. It is only applicable if Zowe certificate +//* signed by a recognized certificate authority (CA). +//* +//* 6) If you enable VERIFY_CERTIFICATES or +//* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* IFROZFCA to 1 to connect z/OSMF certificate authority to +//* Zowe keyring. Otherwise set to 0. +//* +//* 7) Customize the commands in the DD statement that matches your +//* security product so that they meet your system requirements. +//* +//* Note(s): +//* +//* 1. The userid that runs this job must have sufficient authority +//* to alter security definitions +//* +//* 2. Assumption: signing CA chain of the Zowe external certificate is +//* added to the security database under the CERTAUTH userid. +//* +//* 3. If the Zowe certificate is imported from a data set then +//* the certificate has to be in PKCS12 format and has to +//* contain Zowe certificate's signing CA chain and private key. +//* +//* 4. This job WILL complete with return code 0. +//* The results of each command must be verified after completion. +//* +//********************************************************************* +// EXPORT SYMLIST=* +//* +//* * IP address of the system where Zowe is to run +// SET IPADDRES='' +//* * If you have external certificate authorities for ITRMZWCA +//* * and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +// SET IFZOWECA=0 +//* * Label of the intermediate CA of the Zowe certificate +//* if applicable +// SET ITRMZWCA='' +//* * Label of the root CA of the Zowe certificate if applicable +// SET ROOTZWCA='' +//* * If you enable VERIFY_CERTIFICATES or +//* * NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* * IFROZFCA to 1 to connect z/OSMF certificate authority to +//* * Zowe keyring. Otherwise set to 0. +// SET IFROZFCA=0 +//******************************************************************* +//* +//* * You do NOT need to set USERNAME when running ZWEGENER. +//* * This is used to keep some lines under the column limit. +//* +// SET USERNAME={zowe.setup.security.users.zowe} +//* +//********************************************************************* +//* +//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT +//* +//RUNTSS EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Create the keyring .............................................. */ + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) +$$ +//RUNOPT1 EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Create Zowe's local CA authority ............................... */ + TSS GENCERT(CERTAUTH) + + DIGICERT(ZOWECA) + + SUBJECTN( + + 'CN="{zowe.setup.certificate.dname}. CA" + + OU="{zowe.setup.certificate.dname.orgUnit}." + + O="{zowe.setup.certificate.dname.org}." + + L="{zowe.setup.certificate.dname.locality}." + + SP="{zowe.setup.certificate.dname.state}." + + C="{zowe.setup.certificate.dname.country}." ') + + KEYSIZE(2048) + + NADATE(05/01/30) + + LABLCERT({zowe.setup.certificate.keyring.caLabel}) + + KEYUSAGE('CERTSIGN') + +/* Connect Zowe's local CA authority to the keyring ................ */ + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + + RINGDATA(CERTAUTH,ZOWECA) + +/* Create a certificate signed by local zowe's CA .................. */ + TSS GENCERT({zowe.setup.security.users.zowe}.) + + DIGICERT(ZOWECERT) + + SUBJECTN( + + 'CN="{zowe.setup.certificate.dname}. certificate" + + OU="{zowe.setup.certificate.dname.orgUnit}." + + O="{zowe.setup.certificate.dname.org}." + + L="{zowe.setup.certificate.dname.locality}." + + SP="{zowe.setup.certificate.dname.state}." + + C="{zowe.setup.certificate.dname.country}." ') + + KEYSIZE(2048) + + NADATE(05/01/30) + + LABLCERT({zowe.setup.certificate.keyring.label}.) + + KEYUSAGE('HANDSHAKE') + + ALTNAME('DOMAIN={zowe.externalDomains.0}') + + SIGNWITH(CERTAUTH,ZOWECA) + +/* Connect a Zowe's certificate with the keyring ................... */ + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + RINGDATA({zowe.setup.security.users.zowe}.,ZOWECERT) + + USAGE(PERSONAL) DEFAULT + +/* Option 1 - Default Option - END ................................. */ +$$ +//* +//IFZWCA IF (&IFZOWECA EQ 1) THEN +//RUNZWCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Connect all CAs of the Zowe certificate's signing chain with the */ +/* keyring ......................................................... */ + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + + RINGDATA(CERTAUTH,&ITRMZWCA.) USAGE(CERTAUTH) + + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + + RINGDATA(CERTAUTH,&ROOTZWCA.) USAGE(CERTAUTH) +$$ +//IFZWCAED ENDIF +//* +//IFZFCA IF (&IFROZFCA EQ 1) THEN +//RUNZFCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Connect the z/OSMF root CA signed by a recognized certificate ... */ +/* authority (CA) with the keyring ................................. */ + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + + RINGDATA(CERTAUTH,{zowe.setup.certificate.keyring.zOSMF.ca}.) + + USAGE(CERTAUTH) +$$ +//IFZFCAED ENDIF +//* +//COMTSS EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* A common part for all options starts here ....................... */ + +/* Allow ZOWEUSER to access keyring ................................ */ + TSS PERMIT({zowe.setup.security.users.zowe}.) + + IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) + +/* Uncomment this command if SITE acid owns the Zowe certificate ... */ +/* TSS PERMIT({zowe.setup.security.users.zowe}.) + + IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) + +/* List the keyring ................................................ */ + TSS LIST({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + +/* Common part - END ............................................... */ +/* only the last RC is returned, this command ensures it is a 0 */ +PROFILE +$$ +//* diff --git a/files/SZWESAMP/ZWEIKRT2 b/files/SZWESAMP/ZWEIKRT2 new file mode 100644 index 0000000000..4c78a78d8e --- /dev/null +++ b/files/SZWESAMP/ZWEIKRT2 @@ -0,0 +1,194 @@ +//ZWEIKRT2 JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* Zowe Open Source Project +//* This JCL can be used to define key ring and certificates for Zowe +//* +//********************************************************************* +//* ATTENTION! +//* Configure certificate for Zowe +//* Select one of three options which is the most suitable for your +//* environment and follow the appropriate action +//* +//* Options: +//* 1. (default option) Generate Zowe's certificate that will be +//* signed by the Zowe's local CA +//* +//* 2. Zowe's certificate is already loaded in RACF database +//* ACTION: +//* a. modify the following snippet +//* CONNECT(SITE | ID(userid) + +//* LABEL('certlabel') + +//* to match the owner of the desired certificate +//* +//* 3. Import external Zowe's certificate from a data set in PKCS12 +//* format +//* +//********************************************************************* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* 2) Update the SET IPADDRES= variable to match the IP address +//* where Zowe is to run. +//* +//* 3) If you have external certificate authorities for ITRMZWCA +//* and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +//* +//* 4) Update the SET ITRMZWCA= variable to match the intermediate +//* CA of the Zowe certificate. It is only applicable if Zowe +//* certificate signed by a recognized certificate authority (CA). +//* +//* 5) Update the SET ROOTZWCA= variable to match the root CA of the +//* Zowe certificate. It is only applicable if Zowe certificate +//* signed by a recognized certificate authority (CA). +//* +//* 6) If you enable VERIFY_CERTIFICATES or +//* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* IFROZFCA to 1 to connect z/OSMF certificate authority to +//* Zowe keyring. Otherwise set to 0. +//* +//* 7) Customize the commands in the DD statement that matches your +//* security product so that they meet your system requirements. +//* +//* Note(s): +//* +//* 1. The userid that runs this job must have sufficient authority +//* to alter security definitions +//* +//* 2. Assumption: signing CA chain of the Zowe external certificate is +//* added to the security database under the CERTAUTH userid. +//* +//* 3. If the Zowe certificate is imported from a data set then +//* the certificate has to be in PKCS12 format and has to +//* contain Zowe certificate's signing CA chain and private key. +//* +//* 4. This job WILL complete with return code 0. +//* The results of each command must be verified after completion. +//* +//********************************************************************* +// EXPORT SYMLIST=* +//* +//* * IP address of the system where Zowe is to run +// SET IPADDRES='' +//* * If you have external certificate authorities for ITRMZWCA +//* * and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +// SET IFZOWECA=0 +//* * Label of the intermediate CA of the Zowe certificate +//* if applicable +// SET ITRMZWCA='' +//* * Label of the root CA of the Zowe certificate if applicable +// SET ROOTZWCA='' +//* * If you enable VERIFY_CERTIFICATES or +//* * NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* * IFROZFCA to 1 to connect z/OSMF certificate authority to +//* * Zowe keyring. Otherwise set to 0. +// SET IFROZFCA=0 +//******************************************************************* +//* +//* * You do NOT need to set USERNAME when running ZWEGENER. +//* * This is used to keep some lines under the column limit. +//* +// SET USERNAME={zowe.setup.security.users.zowe} +//* +//********************************************************************* +//* +//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT +//* +//RUNTSS EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Create the keyring .............................................. */ + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) +$$ +//* +//IFOPT2 IF (&OPTION EQ 2) THEN +//RUNOPT2 EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Option 2 - BEGINNING ............................................ */ +/* Connect a Zowe's certificate with the keyring ................... */ + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + RINGDATA(CERTSITE|userid,digicert) + + USAGE(PERSONAL) DEFAULT + +/* Option 2 - END .................................................. */ +$$ +//IFOPT2ED ENDIF +//* +//IFZWCA IF (&IFZOWECA EQ 1) THEN +//RUNZWCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Connect all CAs of the Zowe certificate's signing chain with the */ +/* keyring ......................................................... */ + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + + RINGDATA(CERTAUTH,&ITRMZWCA.) USAGE(CERTAUTH) + + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + + RINGDATA(CERTAUTH,&ROOTZWCA.) USAGE(CERTAUTH) +$$ +//IFZWCAED ENDIF +//* +//IFZFCA IF (&IFROZFCA EQ 1) THEN +//RUNZFCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Connect the z/OSMF root CA signed by a recognized certificate ... */ +/* authority (CA) with the keyring ................................. */ + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + + RINGDATA(CERTAUTH,{zowe.setup.certificate.keyring.zOSMF.ca}.) + + USAGE(CERTAUTH) +$$ +//IFZFCAED ENDIF +//* +//COMTSS EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* A common part for all options starts here ....................... */ + +/* Allow ZOWEUSER to access keyring ................................ */ + TSS PERMIT({zowe.setup.security.users.zowe}.) + + IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) + +/* Uncomment this command if SITE acid owns the Zowe certificate ... */ +/* TSS PERMIT({zowe.setup.security.users.zowe}.) + + IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) + +/* List the keyring ................................................ */ + TSS LIST({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + +/* Common part - END ............................................... */ +/* only the last RC is returned, this command ensures it is a 0 */ +PROFILE +$$ +//* diff --git a/files/SZWESAMP/ZWEIKRT3 b/files/SZWESAMP/ZWEIKRT3 new file mode 100644 index 0000000000..24d0f54c43 --- /dev/null +++ b/files/SZWESAMP/ZWEIKRT3 @@ -0,0 +1,199 @@ +//ZWEIKRT3 JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* Zowe Open Source Project +//* This JCL can be used to define key ring and certificates for Zowe +//* +//********************************************************************* +//* ATTENTION! +//* Configure certificate for Zowe +//* Select one of three options which is the most suitable for your +//* environment and follow the appropriate action +//* +//* Options: +//* 1. (default option) Generate Zowe's certificate that will be +//* signed by the Zowe's local CA +//* +//* 2. Zowe's certificate is already loaded in RACF database +//* ACTION: +//* a. modify the following snippet +//* CONNECT(SITE | ID(userid) + +//* LABEL('certlabel') + +//* to match the owner of the desired certificate +//* +//* 3. Import external Zowe's certificate from a data set in PKCS12 +//* format +//* +//********************************************************************* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* 2) Update the SET IPADDRES= variable to match the IP address +//* where Zowe is to run. +//* +//* 3) If you have external certificate authorities for ITRMZWCA +//* and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +//* +//* 4) Update the SET ITRMZWCA= variable to match the intermediate +//* CA of the Zowe certificate. It is only applicable if Zowe +//* certificate signed by a recognized certificate authority (CA). +//* +//* 5) Update the SET ROOTZWCA= variable to match the root CA of the +//* Zowe certificate. It is only applicable if Zowe certificate +//* signed by a recognized certificate authority (CA). +//* +//* 6) If you enable VERIFY_CERTIFICATES or +//* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* IFROZFCA to 1 to connect z/OSMF certificate authority to +//* Zowe keyring. Otherwise set to 0. +//* +//* 7) Customize the commands in the DD statement that matches your +//* security product so that they meet your system requirements. +//* +//* Note(s): +//* +//* 1. The userid that runs this job must have sufficient authority +//* to alter security definitions +//* +//* 2. Assumption: signing CA chain of the Zowe external certificate is +//* added to the security database under the CERTAUTH userid. +//* +//* 3. If the Zowe certificate is imported from a data set then +//* the certificate has to be in PKCS12 format and has to +//* contain Zowe certificate's signing CA chain and private key. +//* +//* 4. This job WILL complete with return code 0. +//* The results of each command must be verified after completion. +//* +//********************************************************************* +// EXPORT SYMLIST=* +//* +//* * IP address of the system where Zowe is to run +// SET IPADDRES='' +//* * If you have external certificate authorities for ITRMZWCA +//* * and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +// SET IFZOWECA=0 +//* * Label of the intermediate CA of the Zowe certificate +//* if applicable +// SET ITRMZWCA='' +//* * Label of the root CA of the Zowe certificate if applicable +// SET ROOTZWCA='' +//* * If you enable VERIFY_CERTIFICATES or +//* * NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* * IFROZFCA to 1 to connect z/OSMF certificate authority to +//* * Zowe keyring. Otherwise set to 0. +// SET IFROZFCA=0 +//******************************************************************* +//* +//* * You do NOT need to set USERNAME when running ZWEGENER. +//* * This is used to keep some lines under the column limit. +//* +// SET USERNAME={zowe.setup.security.users.zowe} +//* +//********************************************************************* +//* +//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT +//* +//RUNTSS EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Create the keyring .............................................. */ + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) +$$ +//RUNOPT3 EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Option 3 - BEGINNING ............................................ */ +/* Import external certificate from data set ....................... */ + TSS ADD({zowe.setup.security.users.zowe}.) + + DIGICERT(ZOWECERT) + + DCDSN({zowe.setup.certificate.keyring.import.dsName}.) + + LABLCERT({zowe.setup.certificate.keyring.label}.) + + PKCSPASS('{zowe.setup.certificate.keyring.import.password}.') + + TRUST + +/* Connect a Zowe's certificate with the keyring ................... */ + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + RINGDATA({zowe.setup.security.users.zowe}.,ZOWECERT) + + USAGE(PERSONAL) DEFAULT + +/* Option 3 - END .................................................. */ +$$ +//IFOPT3ED ENDIF +//* +//IFZWCA IF (&IFZOWECA EQ 1) THEN +//RUNZWCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Connect all CAs of the Zowe certificate's signing chain with the */ +/* keyring ......................................................... */ + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + + RINGDATA(CERTAUTH,&ITRMZWCA.) USAGE(CERTAUTH) + + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + + RINGDATA(CERTAUTH,&ROOTZWCA.) USAGE(CERTAUTH) +$$ +//* +//IFZFCA IF (&IFROZFCA EQ 1) THEN +//RUNZFCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Connect the z/OSMF root CA signed by a recognized certificate ... */ +/* authority (CA) with the keyring ................................. */ + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + + RINGDATA(CERTAUTH,{zowe.setup.certificate.keyring.zOSMF.ca}.) + + USAGE(CERTAUTH) +$$ +//IFZFCAED ENDIF +//* +//COMTSS EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* A common part for all options starts here ....................... */ + +/* Allow ZOWEUSER to access keyring ................................ */ + TSS PERMIT({zowe.setup.security.users.zowe}.) + + IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) + +/* Uncomment this command if SITE acid owns the Zowe certificate ... */ +/* TSS PERMIT({zowe.setup.security.users.zowe}.) + + IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) + +/* List the keyring ................................................ */ + TSS LIST({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + +/* Common part - END ............................................... */ +/* only the last RC is returned, this command ensures it is a 0 */ +PROFILE +$$ +//* From fcfed8ac6462377da32cd7b8e6d1525b4e4d592a Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 5 Feb 2024 09:01:55 -0500 Subject: [PATCH 018/258] Fixes for getting gener to run if an init subcommand called directly, and having wait for job wait properly Signed-off-by: 1000TurquoisePogs --- bin/commands/init/certificate/index.sh | 23 +++++++++++++++-- bin/commands/init/mvs/index.sh | 20 ++++++++++++--- bin/commands/init/security/index.sh | 20 ++++++++++++--- bin/commands/init/stc/index.sh | 20 ++++++++++++--- bin/commands/init/vsam/index.sh | 19 +++++++++++--- bin/libs/zos-jes.sh | 19 ++++++++------ bin/libs/zos-jes.ts | 35 ++++++++++++++------------ 7 files changed, 116 insertions(+), 40 deletions(-) diff --git a/bin/commands/init/certificate/index.sh b/bin/commands/init/certificate/index.sh index 478b3c745a..139baa16a5 100644 --- a/bin/commands/init/certificate/index.sh +++ b/bin/commands/init/certificate/index.sh @@ -23,9 +23,28 @@ if [ -z "${prefix}" ]; then fi # read JCL library and validate jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") -if [ -z "${jcllib}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe custom JCL library (zowe.setup.dataset.jcllib) is not defined in Zowe YAML configuration file." "" 157 +does_jcl_exist=$(is_data_set_exists "${jcllib}") +if [ -z "${does_jcl_exist}" ]; then + zwecli_inline_execute_command init generate fi + +# should be created, but may take time to discover. +if [ -z "${does_jcl_exist"} ]; then +does_jcl_exist= +for secs in 1 5 10 ; do + does_jcl_exist=$(is_data_set_exists "${jcllib}") + if [ -z "${does_jcl_exist}" ]; then + sleep ${secs} + else + break + fi +done + +if [ -z "${does_jcl_exist}" ]; then + print_error_and_exit "Error ZWEL0999E: ${jcllib} does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 +fi +fi + security_product=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.product") security_users_zowe=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.users.zowe") security_groups_admin=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.groups.admin") diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index 314ecc92a0..823843d3c6 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -31,14 +31,26 @@ fi jcllib_location=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") does_jcl_exist=$(is_data_set_exists "${jcllib_location}(ZWEIMVS)") -if [ "${does_jcl_exist}" = "false" ]; then +if [ -z "${does_jcl_exist}" ]; then zwecli_inline_execute_command init generate fi -does_jcl_exist=$(is_data_set_exists "${jcllib_location}(ZWEIMVS)") -if [ "${does_jcl_exist}" = "false" ]; then + +# should be created, but may take time to discover. +if [ -z "${does_jcl_exist"} ]; then +does_jcl_exist= +for secs in 1 5 10 ; do + does_jcl_exist=$(is_data_set_exists "${jcllib_location}(ZWEIMVS)") + if [ -z "${does_jcl_exist}" ]; then + sleep ${secs} + else + break + fi +done + +if [ -z "${does_jcl_exist}" ]; then print_error_and_exit "Error ZWEL0999E: ${jcllib_location}(ZWEIMVS) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 fi - +fi ############################### diff --git a/bin/commands/init/security/index.sh b/bin/commands/init/security/index.sh index e93639def7..8405cb746f 100644 --- a/bin/commands/init/security/index.sh +++ b/bin/commands/init/security/index.sh @@ -30,14 +30,26 @@ fi # read JCL library and validate jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEI${security_product})") -if [ "${does_jcl_exist}" = "false" ]; then +if [ -z "${does_jcl_exist}" ]; then zwecli_inline_execute_command init generate fi -does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEI${security_product})") -if [ "${does_jcl_exist}" = "false" ]; then + +# should be created, but may take time to discover. +if [ -z "${does_jcl_exist"} ]; then +does_jcl_exist= +for secs in 1 5 10 ; do + does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEI${security_product})") + if [ -z "${does_jcl_exist}" ]; then + sleep ${secs} + else + break + fi +done + +if [ -z "${does_jcl_exist}" ]; then print_error_and_exit "Error ZWEL0999E: ${jcllib}(ZWEI${security_product}) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 fi - +fi security_groups_admin=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.groups.admin") diff --git a/bin/commands/init/stc/index.sh b/bin/commands/init/stc/index.sh index 6eeac595ba..1b7ddbab98 100644 --- a/bin/commands/init/stc/index.sh +++ b/bin/commands/init/stc/index.sh @@ -31,13 +31,27 @@ fi # read JCL library and validate jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEISTC)") -if [ "${does_jcl_exist}" = "false" ]; then +if [ -z "${does_jcl_exist}" ]; then zwecli_inline_execute_command init generate fi -does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEISTC)") -if [ "${does_jcl_exist}" = "false" ]; then + +# should be created, but may take time to discover. +if [ -z "${does_jcl_exist"} ]; then +does_jcl_exist= +for secs in 1 5 10 ; do + does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEISTC)") + if [ -z "${does_jcl_exist}" ]; then + sleep ${secs} + else + break + fi +done + +if [ -z "${does_jcl_exist}" ]; then print_error_and_exit "Error ZWEL0999E: ${jcllib}(ZWEISTC) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 fi +fi + security_stcs_zowe=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.stcs.zowe") if [ -z "${security_stcs_zowe}" ]; then diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index 8dc32044d5..2ef16739c9 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -33,13 +33,26 @@ fi jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWECSVSM)") -if [ "${does_jcl_exist}" = "false" ]; then +if [ -z "${does_jcl_exist}" ]; then zwecli_inline_execute_command init generate fi -does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWECSVSM)") -if [ "${does_jcl_exist}" = "false" ]; then + +# should be created, but may take time to discover. +if [ -z "${does_jcl_exist"} ]; then +does_jcl_exist= +for secs in 1 5 10 ; do + does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWECSVSM)") + if [ -z "${does_jcl_exist}" ]; then + sleep ${secs} + else + break + fi +done + +if [ -z "${does_jcl_exist}" ]; then print_error_and_exit "Error ZWEL0999E: ${jcllib}(ZWECSVSM) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 fi +fi vsam_mode=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.vsam.mode") if [ -z "${vsam_mode}" ]; then diff --git a/bin/libs/zos-jes.sh b/bin/libs/zos-jes.sh index 6d9469c0fe..82592b5e48 100644 --- a/bin/libs/zos-jes.sh +++ b/bin/libs/zos-jes.sh @@ -103,14 +103,17 @@ wait_for_job() { # $DJ gives ... # ... $HASP890 JOB(JOB1) CC=(COMPLETED,RC=0) <-- accept this value # ... $HASP890 JOB(GIMUNZIP) CC=() <-- reject this value - jobstatus=$(echo "${result}" | grep '$HASP890' | sed 's#^.*\$HASP890 *JOB(\(.*\)) *CC=(\(.*\)).*$#\1,\2#') - jobname=$(echo "${jobstatus}" | awk -F, '{print $1}') - jobcctext=$(echo "${jobstatus}" | awk -F, '{print $2}') - jobcccode=$(echo "${jobstatus}" | awk -F, '{print $3}' | awk -F= '{print $2}') - print_trace " * Job (${jobname}) status is ${jobcctext},RC=${jobcccode}" - if [ -n "${jobcctext}" -o -n "${jobcccode}" ]; then - # job have CC state - break + haspline=$(echo "${result}" | grep '$HASP890') + if [ -n "${haspline}" ]; then + jobstatus=$(echo "${haspline} | sed 's#^.*\$HASP890 *JOB(\(.*\)) *CC=(\(.*\)).*$#\1,\2#') + jobname=$(echo "${jobstatus}" | awk -F, '{print $1}') + jobcctext=$(echo "${jobstatus}" | awk -F, '{print $2}') + jobcccode=$(echo "${jobstatus}" | awk -F, '{print $3}' | awk -F= '{print $2}') + print_trace " * Job (${jobname}) status is ${jobcctext},RC=${jobcccode}" + if [ -n "${jobcctext}" -o -n "${jobcccode}" ]; then + # job have CC state + break + fi fi fi done diff --git a/bin/libs/zos-jes.ts b/bin/libs/zos-jes.ts index b7808c14a2..6586f88913 100644 --- a/bin/libs/zos-jes.ts +++ b/bin/libs/zos-jes.ts @@ -79,7 +79,7 @@ export function waitForJob(jobid: string): {jobcctext?: string, jobcccode?: stri common.printDebug(`- Wait for job ${jobid} completed, starting at ${new Date().toString()}.`); // wait for job to finish - const timesSec = [1, 5, 10, 30, 100, 300, 500]; + const timesSec = [1, 5, 10, 20, 30, 60, 100, 300, 500]; for (let i = 0; i < timesSec.length; i++) { jobcctext = undefined; jobcccode = undefined; @@ -114,22 +114,25 @@ export function waitForJob(jobid: string): {jobcctext?: string, jobcccode?: stri // ... $HASP890 JOB(JOB1) CC=(COMPLETED,RC=0) <-- accept this value // ... $HASP890 JOB(GIMUNZIP) CC=() <-- reject this value try { - const jobline = result.out.split('\n').filter(line => line.indexOf('$HASP890') != -1)[0]; - const nameIndex = jobline.indexOf('JOB('); - const ccIndex = jobline.indexOf('CC=('); - jobname = jobline.substring(nameIndex+4, jobline.indexOf(')', nameIndex)); - const cc = jobline.substring(ccIndex+4, jobline.indexOf(')', ccIndex)).split(','); - jobcctext = cc[0]; - if (cc.length > 1) { - const equalSplit = cc[1].split('='); - if (equalSplit.length > 1) { - jobcccode = equalSplit[1]; + const hasplines = result.out.split('\n').filter(line => line.indexOf('$HASP890') != -1); + if (hasplines && hasplines.length > 0) { + const jobline = hasplines[0]; + const nameIndex = jobline.indexOf('JOB('); + const ccIndex = jobline.indexOf('CC=('); + jobname = jobline.substring(nameIndex+4, jobline.indexOf(')', nameIndex)); + const cc = jobline.substring(ccIndex+4, jobline.indexOf(')', ccIndex)).split(','); + jobcctext = cc[0]; + if (cc.length > 1) { + const equalSplit = cc[1].split('='); + if (equalSplit.length > 1) { + jobcccode = equalSplit[1]; + } + } + common.printTrace(` * Job (${jobname}) status is ${jobcctext},RC=${jobcccode}`); + if ((jobcctext && jobcctext.length > 0) || (jobcccode && jobcccode.length > 0)) { + // job have CC state + break; } - } - common.printTrace(` * Job (${jobname}) status is ${jobcctext},RC=${jobcccode}`); - if ((jobcctext && jobcctext.length > 0) || (jobcccode && jobcccode.length > 0)) { - // job have CC state - break; } } catch (e) { break; From d95f5294003f0119f00f2e3a008cdf4abe4b0986 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 5 Feb 2024 10:14:17 -0500 Subject: [PATCH 019/258] Fix missing quote in the shell zos-jes Signed-off-by: 1000TurquoisePogs --- bin/libs/zos-jes.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/libs/zos-jes.sh b/bin/libs/zos-jes.sh index 82592b5e48..b8aa6a813d 100644 --- a/bin/libs/zos-jes.sh +++ b/bin/libs/zos-jes.sh @@ -105,7 +105,7 @@ wait_for_job() { # ... $HASP890 JOB(GIMUNZIP) CC=() <-- reject this value haspline=$(echo "${result}" | grep '$HASP890') if [ -n "${haspline}" ]; then - jobstatus=$(echo "${haspline} | sed 's#^.*\$HASP890 *JOB(\(.*\)) *CC=(\(.*\)).*$#\1,\2#') + jobstatus=$(echo "${haspline}" | sed 's#^.*\$HASP890 *JOB(\(.*\)) *CC=(\(.*\)).*$#\1,\2#') jobname=$(echo "${jobstatus}" | awk -F, '{print $1}') jobcctext=$(echo "${jobstatus}" | awk -F, '{print $2}') jobcccode=$(echo "${jobstatus}" | awk -F, '{print $3}' | awk -F= '{print $2}') From f172bb5ef7d739db4c062cc13ff43b4272345b06 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 5 Feb 2024 13:23:44 -0500 Subject: [PATCH 020/258] Fix quote syntax error Signed-off-by: 1000TurquoisePogs --- bin/commands/init/certificate/index.sh | 2 +- bin/commands/init/mvs/index.sh | 2 +- bin/commands/init/security/index.sh | 2 +- bin/commands/init/stc/index.sh | 2 +- bin/commands/init/vsam/index.sh | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/bin/commands/init/certificate/index.sh b/bin/commands/init/certificate/index.sh index 139baa16a5..4b9da621cb 100644 --- a/bin/commands/init/certificate/index.sh +++ b/bin/commands/init/certificate/index.sh @@ -29,7 +29,7 @@ if [ -z "${does_jcl_exist}" ]; then fi # should be created, but may take time to discover. -if [ -z "${does_jcl_exist"} ]; then +if [ -z "${does_jcl_exist}" ]; then does_jcl_exist= for secs in 1 5 10 ; do does_jcl_exist=$(is_data_set_exists "${jcllib}") diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index 823843d3c6..a6defe0b10 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -36,7 +36,7 @@ if [ -z "${does_jcl_exist}" ]; then fi # should be created, but may take time to discover. -if [ -z "${does_jcl_exist"} ]; then +if [ -z "${does_jcl_exist}" ]; then does_jcl_exist= for secs in 1 5 10 ; do does_jcl_exist=$(is_data_set_exists "${jcllib_location}(ZWEIMVS)") diff --git a/bin/commands/init/security/index.sh b/bin/commands/init/security/index.sh index 8405cb746f..97d8639ef5 100644 --- a/bin/commands/init/security/index.sh +++ b/bin/commands/init/security/index.sh @@ -35,7 +35,7 @@ if [ -z "${does_jcl_exist}" ]; then fi # should be created, but may take time to discover. -if [ -z "${does_jcl_exist"} ]; then +if [ -z "${does_jcl_exist}" ]; then does_jcl_exist= for secs in 1 5 10 ; do does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEI${security_product})") diff --git a/bin/commands/init/stc/index.sh b/bin/commands/init/stc/index.sh index 1b7ddbab98..bf194de51a 100644 --- a/bin/commands/init/stc/index.sh +++ b/bin/commands/init/stc/index.sh @@ -36,7 +36,7 @@ if [ -z "${does_jcl_exist}" ]; then fi # should be created, but may take time to discover. -if [ -z "${does_jcl_exist"} ]; then +if [ -z "${does_jcl_exist}" ]; then does_jcl_exist= for secs in 1 5 10 ; do does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEISTC)") diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index 2ef16739c9..5b8a63ffd8 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -38,7 +38,7 @@ if [ -z "${does_jcl_exist}" ]; then fi # should be created, but may take time to discover. -if [ -z "${does_jcl_exist"} ]; then +if [ -z "${does_jcl_exist}" ]; then does_jcl_exist= for secs in 1 5 10 ; do does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWECSVSM)") From 2d018a2672b4b1bc9debfb658a75e881158d6ff8 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 5 Feb 2024 16:05:07 -0500 Subject: [PATCH 021/258] Fix wait for job and submit job hanging Signed-off-by: 1000TurquoisePogs --- bin/libs/zos-jes.sh | 5 +++-- bin/libs/zos-jes.ts | 3 ++- files/SZWESAMP/ZWEIMVS | 21 ++++++--------------- 3 files changed, 11 insertions(+), 18 deletions(-) diff --git a/bin/libs/zos-jes.sh b/bin/libs/zos-jes.sh index b8aa6a813d..50a86d196c 100644 --- a/bin/libs/zos-jes.sh +++ b/bin/libs/zos-jes.sh @@ -32,13 +32,14 @@ submit_job() { return ${code} fi - result=$(submit "${jcl}") + # cat seems to work more reliably. sometimes, submit by itself just says it cannot find a real dataset. + result=$(cat "${jcl}" | submit 2>&1) # expected: JOB JOB????? submitted from path '...' code=$? if [ ${code} -eq 0 ]; then jobid=$(echo "${result}" | grep submitted | awk '{print $2}') if [ -z "${jobid}" ]; then - jobid=$(echo "${result}" | grep "$HASP" | awk '{print $2}') + jobid=$(echo "${result}" | grep "$HASP" | head -n 1 | awk '{print $2}') fi if [ -z "${jobid}" ]; then print_debug " * Failed to find job ID" diff --git a/bin/libs/zos-jes.ts b/bin/libs/zos-jes.ts index 6586f88913..0a0954a8d0 100644 --- a/bin/libs/zos-jes.ts +++ b/bin/libs/zos-jes.ts @@ -31,7 +31,8 @@ export function submitJob(jclFile: string): string|undefined { common.printTrace(stringlib.paddingLeft(catResult.out, " ")); } - const result=shell.execOutSync('sh', '-c', `submit "${jclFile}" 2>&1`); + // cat seems to work more reliably. sometimes, submit by itself just says it cannot find a real dataset. + const result=shell.execOutSync('sh', '-c', `cat "${jclFile}" | submit 2>&1`); // expected: JOB JOB????? submitted from path '...' const code=result.rc; if (code==0) { diff --git a/files/SZWESAMP/ZWEIMVS b/files/SZWESAMP/ZWEIMVS index 747655b25b..3a81ce582e 100644 --- a/files/SZWESAMP/ZWEIMVS +++ b/files/SZWESAMP/ZWEIMVS @@ -12,41 +12,32 @@ //********************************************************************* //* //* -//MKPARML EXEC PGM=IKJEFT01 +//MKPDSE EXEC PGM=IKJEFT01 //SYSTSPRT DD SYSOUT=A //SYSTSIN DD * ALLOC NEW DA('{zowe.setup.dataset.parmlib}') + dsntype(library) dsorg(po) recfm(f b) lrecl(80) + unit(sysallda) space(15,15) tracks -//* -//MKJCLL EXEC PGM=IKJEFT01 -//SYSTSPRT DD SYSOUT=A -//SYSTSIN DD * + ALLOC NEW DA('{zowe.setup.dataset.jcllib}') + dsntype(library) dsorg(po) recfm(f b) lrecl(80) + unit(sysallda) space(15,15) tracks -//* -//MKAUTHL EXEC PGM=IKJEFT01 -//SYSTSPRT DD SYSOUT=A -//SYSTSIN DD * + ALLOC NEW DA('{zowe.setup.dataset.authLoadLib}') + dsntype(library) dsorg(po) recfm(u) lrecl(0) + blksize(32760) unit(sysallda) space(30,15) tracks -//* -//MKAUTHP EXEC PGM=IKJEFT01 -//SYSTSPRT DD SYSOUT=A -//SYSTSIN DD * + ALLOC NEW DA('{zowe.setup.dataset.authPluginLib}') + dsntype(library) dsorg(po) recfm(u) lrecl(0) + blksize(32760) unit(sysallda) space(30,15) tracks //* -//MCOPY1 EXEC PGM=IEBCOPY +//MEMBCPY EXEC PGM=IEBCOPY //SYSPRINT DD SYSOUT=A //SYSUT1 DD DSN={zowe.setup.dataset.prefix}.SZWESAMP,DISP=SHR //SYSUT2 DD DSN={zowe.setup.dataset.parmlib},DISP=OLD //SYSIN DD * COPY OUTDD=SYSUT2,INDD=SYSUT1 - SELECT MEMBER=(ZWESIP00) + SELECT MEMBER=((ZWESIP00,,R)) //* //AUTHCPY EXEC PGM=BPXBATCH //BPXPRINT DD SYSOUT=* From e4ebe36365e85d2655ad9ecd44001dff95026522 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 6 Feb 2024 15:43:42 -0500 Subject: [PATCH 022/258] bugfix vsam, simplify stc, and bugfix stc rename if same name Signed-off-by: 1000TurquoisePogs --- bin/commands/init/stc/index.sh | 7 + bin/commands/init/vsam/index.sh | 1 - files/SZWESAMP/ZWEISTC | 16 +- files/SZWESAMP/ZWEKRING | 700 -------------------------------- 4 files changed, 10 insertions(+), 714 deletions(-) delete mode 100644 files/SZWESAMP/ZWEKRING diff --git a/bin/commands/init/stc/index.sh b/bin/commands/init/stc/index.sh index bf194de51a..aacc11b39d 100644 --- a/bin/commands/init/stc/index.sh +++ b/bin/commands/init/stc/index.sh @@ -88,6 +88,13 @@ else jcl_file=$(create_tmp_file) copy_mvs_to_uss "${jcllib}(ZWEISTC)" "${jcl_file}" + + # TODO limitation... if STC names are default, JCL IEBCOPY wont work, + # because in member selection argument, the "rename" operation cannot be from/to the same name. + # yet if we don't have the rename option, then name customization wont work either! + # so, we have to have some conditional logic somewhere. until figuring out how to fix this in ZWEGENER, i am putting it here... + jcl_edit=$(cat "${jcl_file}" | sed "s/ZWESLSTC,ZWESLSTC/ZWESLSTC/" | sed "s/ZWESISTC,ZWESISTC/ZWESISTC/" | sed "s/ZWESASTC,ZWESASTC/ZWESASTC/") + echo "${jcl_edit}" > "${jcl_file}" jcl_contents=$(cat "${jcl_file}") print_message "Template JCL: ${prefix}.SZWESAMP(ZWEISTC) , Executable JCL: ${jcllib}(ZWEISTC)" diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index 5b8a63ffd8..060d257a70 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -84,7 +84,6 @@ if [ "${vsam_existence}" = "true" ]; then if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then # delete blindly and ignore errors result=$(tso_command delete "'${vsam_name}'") - fi else # error print_error_and_exit "Error ZWEL0158E: ${vsam_name} already exists." "" 158 diff --git a/files/SZWESAMP/ZWEISTC b/files/SZWESAMP/ZWEISTC index 106ad9ffa5..c8858bfb8f 100644 --- a/files/SZWESAMP/ZWEISTC +++ b/files/SZWESAMP/ZWEISTC @@ -12,27 +12,17 @@ //********************************************************************* //* //* -//MCOPYL EXEC PGM=IEBCOPY +//MCOPY EXEC PGM=IEBCOPY //SYSPRINT DD SYSOUT=A //SYSUT1 DD DSN={zowe.setup.dataset.jcllib},DISP=SHR //SYSUT2 DD DSN={zowe.setup.dataset.proclib},DISP=OLD //SYSIN DD * COPY OUTDD=SYSUT2,INDD=SYSUT1 SELECT MEMBER=((ZWESLSTC,{zowe.setup.security.stcs.zowe})) -//* -//MCOPYI EXEC PGM=IEBCOPY -//SYSPRINT DD SYSOUT=A -//SYSUT1 DD DSN={zowe.setup.dataset.jcllib},DISP=SHR -//SYSUT2 DD DSN={zowe.setup.dataset.proclib},DISP=OLD -//SYSIN DD * + COPY OUTDD=SYSUT2,INDD=SYSUT1 SELECT MEMBER=((ZWESISTC,{zowe.setup.security.stcs.zis})) -//* -//MCOPYA EXEC PGM=IEBCOPY -//SYSPRINT DD SYSOUT=A -//SYSUT1 DD DSN={zowe.setup.dataset.jcllib},DISP=SHR -//SYSUT2 DD DSN={zowe.setup.dataset.proclib},DISP=OLD -//SYSIN DD * + COPY OUTDD=SYSUT2,INDD=SYSUT1 SELECT MEMBER=((ZWESASTC,{zowe.setup.security.stcs.aux})) //* diff --git a/files/SZWESAMP/ZWEKRING b/files/SZWESAMP/ZWEKRING deleted file mode 100644 index c62307b569..0000000000 --- a/files/SZWESAMP/ZWEKRING +++ /dev/null @@ -1,700 +0,0 @@ -//ZWEKRING JOB -//* -//* This program and the accompanying materials are made available -//* under the terms of the Eclipse Public License v2.0 which -//* accompanies this distribution, and is available at -//* https://www.eclipse.org/legal/epl-v20.html -//* -//* SPDX-License-Identifier: EPL-2.0 -//* -//* Copyright Contributors to the Zowe Project. 2020, 2020 -//* -//********************************************************************* -//* -//* Zowe Open Source Project -//* This JCL can be used to define key ring and certificates for Zowe -//* -//********************************************************************* -//* ATTENTION! -//* Configure certificate for Zowe -//* Select one of three options which is the most suitable for your -//* environment and follow the appropriate action -//* -//* Options: -//* 1. (default option) Generate Zowe's certificate that will be -//* signed by the Zowe's local CA -//* -//* 2. Zowe's certificate is already loaded in RACF database -//* ACTION: -//* a. modify the following snippet -//* CONNECT(SITE | ID(userid) + -//* LABEL('certlabel') + -//* to match the owner of the desired certificate -//* -//* 3. Import external Zowe's certificate from a data set in PKCS12 -//* format -//* -//********************************************************************* -//* -//* CAUTION: This is neither a JCL procedure nor a complete job. -//* Before using this JCL, you will have to make the following -//* modifications: -//* -//* 1) Add job name and job parameters to the JOB statement, to -//* meet your system requirements. -//* -//* 2) Specify the option number which is suitable for your -//* environment by the SET OPTION statement. -//* Option 1 considers as default option. -//* 3) Update the SET IPADDRES= variable to match the IP address -//* where Zowe is to run. -//* -//* 4) If you have external certificate authorities for ITRMZWCA -//* and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. -//* -//* 5) Update the SET ITRMZWCA= variable to match the intermediate -//* CA of the Zowe certificate. It is only applicable if Zowe -//* certificate signed by a recognized certificate authority (CA). -//* -//* 6) Update the SET ROOTZWCA= variable to match the root CA of the -//* Zowe certificate. It is only applicable if Zowe certificate -//* signed by a recognized certificate authority (CA). -//* -//* 7) If you enable VERIFY_CERTIFICATES or -//* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set -//* IFROZFCA to 1 to connect z/OSMF certificate authority to -//* Zowe keyring. Otherwise set to 0. -//* -//* 8) Update the SET ROOTZFCA= variable to match the root CA of the -//* z/OSMF certificate. It is only applicable if z/OSMF -//* certificate signed by a recognized certificate authority (CA). -//* -//* 9) Customize the commands in the DD statement that matches your -//* security product so that they meet your system requirements. -//* -//* Note(s): -//* -//* 1. The userid that runs this job must have sufficient authority -//* to alter security definitions -//* -//* 2. Assumption: signing CA chain of the Zowe external certificate is -//* added to the security database under the CERTAUTH userid. -//* -//* 3. If the Zowe certificate is imported from a data set then -//* the certificate has to be in PKCS12 format and has to -//* contain Zowe certificate's signing CA chain and private key. -//* -//* 4. This job WILL complete with return code 0. -//* The results of each command must be verified after completion. -//* -//********************************************************************* -// EXPORT SYMLIST=* -//* -//* * Option number to configure Zowe certificate -//* * Valid options: 1,2,3 -//* * Default option is 1 -// SET OPTION=1 -//* * IP address of the system where Zowe is to run -// SET IPADDRES='' -//* * If you have external certificate authorities for ITRMZWCA -//* * and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. -// SET IFZOWECA=0 -//* * Label of the intermediate CA of the Zowe certificate -//* if applicable -// SET ITRMZWCA='' -//* * Label of the root CA of the Zowe certificate if applicable -// SET ROOTZWCA='' -//* * If you enable VERIFY_CERTIFICATES or -//* * NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set -//* * IFROZFCA to 1 to connect z/OSMF certificate authority to -//* * Zowe keyring. Otherwise set to 0. -// SET IFROZFCA=0 -//* * Label of the root CA of the z/OSMF certificate if -//* applicable -// SET ROOTZFCA='' -//******************************************************************* -//* -//* * You do NOT need to set USERNAME when running ZWEGENER. -//* * This is used to keep some lines under the column limit. -//* -// SET USERNAME={zowe.setup.security.users.zowe} -//* -//********************************************************************* -//* -//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT -//* -//RUNRACF EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME={zowe.setup.security.product} -//* -//********************************************************************* -//* -//* RACF ONLY, customize to meet your system requirements -//* -//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Create the keyring .............................................. */ - RACDCERT ADDRING({zowe.setup.certificate.keyring.name}.) + - ID({zowe.setup.security.users.zowe}.) - SETROPTS RACLIST(DIGTRING) REFRESH -$$ -//IFOPT1 IF (&OPTION EQ 1) THEN -//RUNOPT1 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Option 1 - Default Option - BEGINNING ........................... */ -/* Create Zowe's local CA authority .................................*/ - RACDCERT GENCERT CERTAUTH + - SUBJECTSDN( + - CN('{zowe.setup.certificate.dname}. CA') + - OU('{zowe.setup.certificate.dname.orgUnit}.') + - O('{zowe.setup.certificate.dname.org}.') + - L('{zowe.setup.certificate.dname.locality}.') + - SP('{zowe.setup.certificate.dname.state}.') + - C('{zowe.setup.certificate.dname.country}.')) + - SIZE(2048) + - NOTAFTER(DATE(2030-05-01)) + - WITHLABEL('{zowe.setup.certificate.keyring.caLabel}') + - KEYUSAGE(CERTSIGN) - -/* Connect Zowe's local CA authority to the keyring ................ */ - RACDCERT CONNECT(CERTAUTH + - LABEL('{zowe.setup.certificate.keyring.caLabel}') + - RING({zowe.setup.certificate.keyring.name}.)) + - ID({zowe.setup.security.users.zowe}.) - -/* Create a certificate signed by local zowe's CA .................. */ - RACDCERT GENCERT ID({zowe.setup.security.users.zowe}.) + - SUBJECTSDN( + - CN('{zowe.setup.certificate.dname}. certificate') + - OU('{zowe.setup.certificate.dname.orgUnit}.') + - O('{zowe.setup.certificate.dname.org}.') + - L('{zowe.setup.certificate.dname.locality}.') + - SP('{zowe.setup.certificate.dname.state}.') + - C('{zowe.setup.certificate.dname.country}.')) + - SIZE(2048) + - NOTAFTER(DATE(2030-05-01)) + - WITHLABEL('{zowe.setup.certificate.keyring.label}.') + - KEYUSAGE(HANDSHAKE) + - ALTNAME(IP(&IPADDRES) + - DOMAIN('{zowe.externalDomains.0}')) + - SIGNWITH(CERTAUTH + - LABEL('{zowe.setup.certificate.keyring.caLabel}')) - -/* Connect a Zowe's certificate with the keyring ................... */ - RACDCERT CONNECT(ID({zowe.setup.security.users.zowe}.) + - LABEL('{zowe.setup.certificate.keyring.label}.') + - RING({zowe.setup.certificate.keyring.name}.) + - USAGE(PERSONAL) DEFAULT) + - ID({zowe.setup.security.users.zowe}.) - - SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH - -/* Option 1 - Default Option - END ................................. */ -$$ -//IFOPT1ED ENDIF -//* -//IFOPT2 IF (&OPTION EQ 2) THEN -//RUNOPT2 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Option 2 - BEGINNING ............................................ */ -/* Connect a Zowe's certificate with the keyring ................... */ - RACDCERT CONNECT(SITE | + - ID({zowe.setup.certificate.keyring.connect.user}) + - LABEL({zowe.setup.certificate.keyring.connect.label}) + - RING({zowe.setup.certificate.keyring.name}.) + - USAGE(PERSONAL) DEFAULT) + - ID({zowe.setup.security.users.zowe}.) - - SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH - -/* Option 2 - END .................................................. */ -$$ -//IFOPT2ED ENDIF -//* -//IFOPT3 IF (&OPTION EQ 3) THEN -//RUNOPT3 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Option 3 - BEGINNING ............................................ */ -/* Import external certificate from data set ....................... */ - RACDCERT ADD('{zowe.setup.certificate.keyring.import.dsName}.') + - ID({zowe.setup.security.users.zowe}.) + - WITHLABEL('{zowe.setup.certificate.keyring.label}') + - PASSWORD('{zowe.setup.certificate.keyring.import.password}.') + - TRUST - -/* Connect a Zowe's certificate with the keyring ................... */ - RACDCERT CONNECT(ID({zowe.setup.security.users.zowe}.) + - LABEL('{zowe.setup.certificate.keyring.label}') + - RING({zowe.setup.certificate.keyring.name}.) + - USAGE(PERSONAL) DEFAULT) + - ID({zowe.setup.security.users.zowe}.) - - SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH - -/* Option 3 - END .................................................. */ -$$ -//IFOPT3ED ENDIF -//* -//IFZWCA IF (&IFZOWECA EQ 1) THEN -//RUNZWCA EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Connect all CAs of the Zowe certificate's signing chain with the */ -/* keyring ......................................................... */ - RACDCERT CONNECT(CERTAUTH + - LABEL('&ITRMZWCA.') + - RING({zowe.setup.certificate.keyring.name}.) + - USAGE(CERTAUTH)) + - ID({zowe.setup.security.users.zowe}.) - - RACDCERT CONNECT(CERTAUTH + - LABEL('&ROOTZWCA.') + - RING({zowe.setup.certificate.keyring.name}.) + - USAGE(CERTAUTH)) + - ID({zowe.setup.security.users.zowe}.) - - SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH -$$ -//IFZWCAED ENDIF -//* -//IFZFCA IF (&IFROZFCA EQ 1) THEN -//RUNZFCA EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Connect the z/OSMF root CA signed by a recognized certificate ... */ -/* authority (CA) with the keyring ................................. */ - RACDCERT CONNECT(CERTAUTH + - LABEL('&ROOTZFCA.') + - RING({zowe.setup.certificate.keyring.name}.) + - USAGE(CERTAUTH)) + - ID({zowe.setup.security.users.zowe}.) - - SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH -$$ -//IFZFCAED ENDIF -//* -//COMRACF EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* A common part for all options - BEGINNING ....................... */ - -/* Allow ZOWEUSER to access keyring ................................ */ - -/* Activate RDATALIB class holding profiles that control ........... */ -/* certificate access ............................................. */ - SETROPTS CLASSACT(RDATALIB) RACLIST(RDATALIB) - -/* Define profiles that control certificate access ................. */ - RDEFINE RDATALIB + - &USERNAME..{zowe.setup.certificate.keyring.name}..LST + - UACC(NONE) - -/* Permit server user ID to access key ring and related ............ */ -/* private keys. ................................................... */ - PERMIT + - &USERNAME..{zowe.setup.certificate.keyring.name}..LST + - CLASS(RDATALIB) ID({zowe.setup.security.users.zowe}.) + - ACCESS(CONTROL) - -/* Uncomment this command to allow other user to access key ring ... */ -/* PERMIT &USERNAME..{zowe.setup.certificate.keyring.name}..LST + */ -/* CLASS(RDATALIB) ID() + */ -/* ACCESS(READ) */ - -/* Refresh to dynamically activate the changes. .................... */ - SETROPTS RACLIST(RDATALIB) REFRESH - -/* IRR.DIGTCERT logic pre-dates RDATALIB logic, and is not used when */ -/* the RDATALIB profile is used. The following PERMIT commands are . */ -/* present for customers who do not wish to use RDATALIB and want to */ -/* continue using their existing IRR.DIGTCERT setup. Note that the . */ -/* PERMIT commands will fail if the IRR.DIGTCERT profiles do not ... */ -/* already exist. .................................................. */ - PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) + - ID({zowe.setup.security.users.zowe}.) + - ACCESS(READ) - PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) + - ID({zowe.setup.security.users.zowe}.) + - ACCESS(READ) - -/* Uncomment this command if SITE user owns the Zowe certificate ... */ -/* PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) */ -/* ID({zowe.setup.security.users.zowe}.) + */ -/* ACCESS(CONTROL) */ - - SETROPTS RACLIST(FACILITY) REFRESH - -/* show results .................................................... */ - RLIST RDATALIB + - &USERNAME..{zowe.setup.certificate.keyring.name}..LST ALL - RLIST FACILITY IRR.DIGTCERT.LISTRING ALL - RLIST FACILITY IRR.DIGTCERT.LIST ALL - RLIST FACILITY IRR.DIGTCERT.GENCERT ALL - -/* List the keyring ................................................ */ - RACDCERT LISTRING({zowe.setup.certificate.keyring.name}.) + - ID({zowe.setup.security.users.zowe}.) - -/* Common part - END ............................................... */ -/* only the last RC is returned, this command ensures it is a 0 .... */ -PROFILE -$$ -//******************************************************************* -//* -//* ACF2 ONLY, customize to meet your system requirements -//* -//******************************************************************* -//RUNACF2 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//* -//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY -ACF -// -* Create the keyring .............................................. */ - SET PROFILE(USER) DIVISION(KEYRING) - INSERT {zowe.setup.security.users.zowe}..ZOWERING + - RINGNAME({zowe.setup.certificate.keyring.name}.) - F ACF2,REBUILD(USR),CLASS(P),DIVISION(KEYRING) -$$ -//IFOPT1 IF (&OPTION EQ 1) THEN -//RUNOPT1 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY -ACF -// -* Option 1 - Default Option - BEGINNING ........................... */ -* Create Zowe's local CA authority ................................ */ - SET PROFILE(USER) DIVISION(CERTDATA) - GENCERT CERTAUTH.ZOWECA - - LABEL({zowe.setup.certificate.keyring.caLabel}) SIZE(2048) - - SUBJSDN(CN='{zowe.setup.certificate.dname}. CA' - - OU='{zowe.setup.certificate.dname.orgUnit}.' - - O='{zowe.setup.certificate.dname.org}.' - - L='{zowe.setup.certificate.dname.locality}.' - - SP='{zowe.setup.certificate.dname.state}.' - - C='{zowe.setup.certificate.dname.country}.') - - EXPIRE(05/01/30) - - KEYUSAGE(CERTSIGN) -* -* Connect Zowe's local CA authority to the keyring ................ */ - SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA(CERTAUTH.ZOWECA) - - RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) - CHKCERT CERTAUTH.ZOWECA -* -* Create a certificate signed by local zowe's CA .................. */ - SET PROFILE(USER) DIV(CERTDATA) - GENCERT {zowe.setup.security.users.zowe}..ZOWECERT - - SUBJSDN(CN='{zowe.setup.certificate.dname}. certificate' - - OU='{zowe.setup.certificate.dname.orgUnit}.' - - O='{zowe.setup.certificate.dname.org}.' - - L='{zowe.setup.certificate.dname.locality}.' - - SP='{zowe.setup.certificate.dname.state}.' - - C='{zowe.setup.certificate.dname.country}.') - - SIZE(2048) - - EXPIRE(05/01/30) - - LABEL({zowe.setup.certificate.keyring.label}.) - - KEYUSAGE(HANDSHAKE) - - ALTNAME(IP=&IPADDRES DOMAIN={zowe.externalDomains.0}) - - SIGNWITH(CERTAUTH.ZOWECA) -* -* Connect a Zowe's certificate with the keyring ................... */ - SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA({zowe.setup.security.users.zowe}..ZOWECERT) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - - USAGE(PERSONAL) DEFAULT - CHKCERT {zowe.setup.security.users.zowe}..ZOWECERT -* -* Option 1 - Default Option - END ................................. */ -$$ -//IFOPT1ED ENDIF -//* -//IFOPT2 IF (&OPTION EQ 2) THEN -//RUNOPT2 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY -ACF -// -* Option 2 - BEGINNING ............................................ */ -* Connect a Zowe's certificate with the keyring ................... */ - SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA(SITECERT.digicert | userid.digicert) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - - USAGE(PERSONAL) DEFAULT - CHKCERT {zowe.setup.security.users.zowe}..ZOWECERT -* -* Option 2 - END .................................................. */ -$$ -//IFOPT2ED ENDIF -//* -//IFOPT3 IF (&OPTION EQ 3) THEN -//RUNOPT3 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY -ACF -// -* Option 3 - BEGINNING ............................................ */ -* Import external certificate from data set ....................... */ - SET PROFILE(USER) DIV(CERTDATA) - INSERT {zowe.setup.security.users.zowe}..ZOWECERT - - DSNAME('{zowe.setup.certificate.keyring.import.dsName}.') - - LABEL(&LABEL.) - - PASSWORD('{zowe.setup.certificate.keyring.import.password}.') - - TRUST -* -* Connect a Zowe's certificate with the keyring ................... */ - SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA({zowe.setup.security.users.zowe}..ZOWECERT) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - - USAGE(PERSONAL) DEFAULT - CHKCERT {zowe.setup.security.users.zowe}..ZOWECERT -* -* Option 3 - END .................................................. */ -$$ -//IFOPT3ED ENDIF -//* -//IFZWCA IF (&IFZOWECA EQ 1) THEN -//RUNZWCA EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY -ACF -// -* Connect all CAs of the Zowe certificate's signing chain with the */ -* keyring ......................................................... */ - SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA(CERTAUTH.&ITRMZWCA.) - - RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) -* - CONNECT CERTDATA(CERTAUTH.&ROOTZWCA.) - - RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) -$$ -//IFZWCAED ENDIF -//* -//IFZFCA IF (&IFROZFCA EQ 1) THEN -//RUNZFCA EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY -ACF -// -* Connect the z/OSMF root CA signed by a recognized certificate ... */ -* authority (CA) with the keyring ................................. */ - SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA(CERTAUTH.&ROOTZFCA.) - - RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) -$$ -//IFZFCAED ENDIF -//* -//COMACF2 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY -ACF -// -* A common part for all options - BEGINNING ....................... */ -* -* Allow ZOWEUSER to access keyring ................................ */ - SET RESOURCE(FAC) - RECKEY IRR ADD(DIGTCERT.LISTRING - - ROLE({zowe.setup.security.groups.stc}) - - SERVICE(READ) ALLOW) -* -* Uncomment this command if SITE acid owns the Zowe certificate ... */ -* RECKEY IRR ADD(DIGTCERT.GENCERT - -* ROLE({zowe.setup.security.groups.stc}) - -* SERVICE(CONTROL) ALLOW) -* - F ACF2,REBUILD(FAC) -* -* List the keyring ................................................ */ - SET PROFILE(USER) DIVISION(KEYRING) - LIST {zowe.setup.security.users.zowe}..ZOWERING -* Common part - END ............................................... */ -$$ -//******************************************************************** -//* -//* Top Secret ONLY, customize to meet your system requirements -//* -//******************************************************************** -//RUNTSS EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//* -//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Create the keyring .............................................. */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) -$$ -//IFOPT1 IF (&OPTION EQ 1) THEN -//RUNOPT1 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Create Zowe's local CA authority ............................... */ - TSS GENCERT(CERTAUTH) + - DIGICERT(ZOWECA) + - SUBJECTN( + - 'CN="{zowe.setup.certificate.dname}. CA" + - OU="{zowe.setup.certificate.dname.orgUnit}." + - O="{zowe.setup.certificate.dname.org}." + - L="{zowe.setup.certificate.dname.locality}." + - SP="{zowe.setup.certificate.dname.state}." + - C="{zowe.setup.certificate.dname.country}." ') + - KEYSIZE(2048) + - NADATE(05/01/30) + - LABLCERT({zowe.setup.certificate.keyring.caLabel}) + - KEYUSAGE('CERTSIGN') - -/* Connect Zowe's local CA authority to the keyring ................ */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + - RINGDATA(CERTAUTH,ZOWECA) - -/* Create a certificate signed by local zowe's CA .................. */ - TSS GENCERT({zowe.setup.security.users.zowe}.) + - DIGICERT(ZOWECERT) + - SUBJECTN( + - 'CN="{zowe.setup.certificate.dname}. certificate" + - OU="{zowe.setup.certificate.dname.orgUnit}." + - O="{zowe.setup.certificate.dname.org}." + - L="{zowe.setup.certificate.dname.locality}." + - SP="{zowe.setup.certificate.dname.state}." + - C="{zowe.setup.certificate.dname.country}." ') + - KEYSIZE(2048) + - NADATE(05/01/30) + - LABLCERT({zowe.setup.certificate.keyring.label}.) + - KEYUSAGE('HANDSHAKE') + - ALTNAME('DOMAIN={zowe.externalDomains.0}') + - SIGNWITH(CERTAUTH,ZOWECA) - -/* Connect a Zowe's certificate with the keyring ................... */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - RINGDATA({zowe.setup.security.users.zowe}.,ZOWECERT) + - USAGE(PERSONAL) DEFAULT - -/* Option 1 - Default Option - END ................................. */ -$$ -//IFOPT1ED ENDIF -//* -//IFOPT2 IF (&OPTION EQ 2) THEN -//RUNOPT2 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Option 2 - BEGINNING ............................................ */ -/* Connect a Zowe's certificate with the keyring ................... */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - RINGDATA(CERTSITE|userid,digicert) + - USAGE(PERSONAL) DEFAULT - -/* Option 2 - END .................................................. */ -$$ -//IFOPT2ED ENDIF -//* -//IFOPT3 IF (&OPTION EQ 3) THEN -//RUNOPT3 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Option 3 - BEGINNING ............................................ */ -/* Import external certificate from data set ....................... */ - TSS ADD({zowe.setup.security.users.zowe}.) + - DIGICERT(ZOWECERT) + - DCDSN({zowe.setup.certificate.keyring.import.dsName}.) + - LABLCERT({zowe.setup.certificate.keyring.label}.) + - PKCSPASS('{zowe.setup.certificate.keyring.import.password}.') + - TRUST - -/* Connect a Zowe's certificate with the keyring ................... */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - RINGDATA({zowe.setup.security.users.zowe}.,ZOWECERT) + - USAGE(PERSONAL) DEFAULT - -/* Option 3 - END .................................................. */ -$$ -//IFOPT3ED ENDIF -//* -//IFZWCA IF (&IFZOWECA EQ 1) THEN -//RUNZWCA EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Connect all CAs of the Zowe certificate's signing chain with the */ -/* keyring ......................................................... */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + - RINGDATA(CERTAUTH,&ITRMZWCA.) USAGE(CERTAUTH) - - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + - RINGDATA(CERTAUTH,&ROOTZWCA.) USAGE(CERTAUTH) -$$ -//IFZWCAED ENDIF -//* -//IFZFCA IF (&IFROZFCA EQ 1) THEN -//RUNZFCA EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Connect the z/OSMF root CA signed by a recognized certificate ... */ -/* authority (CA) with the keyring ................................. */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + - RINGDATA(CERTAUTH,&ROOTZFCA.) USAGE(CERTAUTH) -$$ -//IFZFCAED ENDIF -//* -//COMTSS EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* A common part for all options starts here ....................... */ - -/* Allow ZOWEUSER to access keyring ................................ */ - TSS PERMIT({zowe.setup.security.users.zowe}.) + - IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) - -/* Uncomment this command if SITE acid owns the Zowe certificate ... */ -/* TSS PERMIT({zowe.setup.security.users.zowe}.) + - IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) - -/* List the keyring ................................................ */ - TSS LIST({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) - -/* Common part - END ............................................... */ -/* only the last RC is returned, this command ensures it is a 0 */ -PROFILE -$$ -//* From 24fd69b1de616af7c9165fef09f11b5b95823b6b Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 7 Feb 2024 08:01:09 -0500 Subject: [PATCH 023/258] Added setting zowe.setup.vsam.name to automated tests Signed-off-by: 1000TurquoisePogs --- bin/commands/init/vsam/.parameters | 3 ++- bin/commands/init/vsam/index.sh | 6 +++++- playbooks/roles/configfmid/tasks/main.yml | 1 + playbooks/roles/configure/tasks/main.yml | 1 + 4 files changed, 9 insertions(+), 2 deletions(-) diff --git a/bin/commands/init/vsam/.parameters b/bin/commands/init/vsam/.parameters index 5182058f4b..c04e8f38ea 100644 --- a/bin/commands/init/vsam/.parameters +++ b/bin/commands/init/vsam/.parameters @@ -1,2 +1,3 @@ allow-overwrite,allow-overwritten||boolean|||||Allow overwritten existing MVS data set. -dry-run||boolean|||||Generates and prints JCL but does not execute \ No newline at end of file +dry-run||boolean|||||Generates and prints JCL but does not execute +update-config||boolean|||||Whether to update YAML configuration for caching-service to match vsam name. \ No newline at end of file diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index 060d257a70..6b46b10535 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -72,7 +72,7 @@ if [ "${vsam_mode}" = "RLS" ]; then print_error_and_exit "Error ZWEL0157E: Zowe Caching Service VSAM data set RLS storage class (zowe.setup.vsam.storageClass) is not defined in Zowe YAML configuration file." "" 157 fi fi -vsam_name=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".components.caching-service.storage.vsam.name") +vsam_name=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.vsam.name") if [ -z "${vsam_name}" ]; then print_error_and_exit "Error ZWEL0157E: Zowe Caching Service VSAM data set name (components.caching-service.storage.vsam.name) is not defined in Zowe YAML configuration file." "" 157 fi @@ -118,6 +118,10 @@ if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then if [ "${code}" -eq 0 ]; then print_level2_message "Zowe Caching Service VSAM storage is created successfully." + if [ "${ZWE_CLI_PARAMETER_UPDATE_CONFIG}" = "true" ]; then + update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "components.caching-service.storage.vsam.name" "${vsam_name}" + print_level2_message "Zowe configuration is updated successfully." + fi else print_error_and_exit "Error ZWEL0163E: Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." "" 163 fi diff --git a/playbooks/roles/configfmid/tasks/main.yml b/playbooks/roles/configfmid/tasks/main.yml index 7b2ad2c6c5..2c7dca58e7 100644 --- a/playbooks/roles/configfmid/tasks/main.yml +++ b/playbooks/roles/configfmid/tasks/main.yml @@ -224,6 +224,7 @@ "zowe.setup.vsam.volume": "{{ zowe_caching_vsam_volume }}" "zowe.setup.vsam.storageClass": "{{ zowe_caching_vsam_storage_class }}" "components.caching-service.storage.mode": "{{ zowe_caching_service_persistent }}" + "zowe.setup.vsam.name": "{{ zowe_dataset_prefix }}.{{ zowe_caching_service_vsam_dsprefix }}{{ zowe_instance_id }}" "components.caching-service.storage.vsam.name": "{{ zowe_dataset_prefix }}.{{ zowe_caching_service_vsam_dsprefix }}{{ zowe_instance_id }}" - name: Update zowe.yaml zowe.setup.vsam.mode to NONRLS diff --git a/playbooks/roles/configure/tasks/main.yml b/playbooks/roles/configure/tasks/main.yml index 0cc6b1f017..024eab6b27 100644 --- a/playbooks/roles/configure/tasks/main.yml +++ b/playbooks/roles/configure/tasks/main.yml @@ -225,6 +225,7 @@ "zowe.setup.vsam.volume": "{{ zowe_caching_vsam_volume }}" "zowe.setup.vsam.storageClass": "{{ zowe_caching_vsam_storage_class }}" "components.caching-service.storage.mode": "{{ zowe_caching_service_persistent }}" + "zowe.setup.vsam.name": "{{ zowe_dataset_prefix }}.{{ zowe_caching_service_vsam_dsprefix }}{{ zowe_instance_id }}" "components.caching-service.storage.vsam.name": "{{ zowe_dataset_prefix }}.{{ zowe_caching_service_vsam_dsprefix }}{{ zowe_instance_id }}" - name: Update zowe.yaml zowe.setup.vsam.mode to NONRLS From 272191efb703fc1166ffe6b9c90a99430ebd5c70 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 7 Feb 2024 14:16:50 -0500 Subject: [PATCH 024/258] Fix extra . present in some jcl after templating. make zwegen00 not copy un-needed jcl. add jcl for init apfauth command. start to deduplicate boilerplate Signed-off-by: 1000TurquoisePogs --- bin/commands/init/apfauth/.parameters | 3 +- bin/commands/init/apfauth/index.sh | 49 +++-------- bin/libs/zos-jes.sh | 59 ++++++++++++++ bin/libs/zos.sh | 26 ++++++ files/SZWEEXEC/ZWEGEN00 | 112 +++++++++++++++----------- files/SZWESAMP/ZWEIACF2 | 44 +++++----- files/SZWESAMP/ZWEIAPF | 17 ++++ files/SZWESAMP/ZWEIKRA1 | 66 ++++++--------- files/SZWESAMP/ZWEIKRA2 | 51 ++++-------- files/SZWESAMP/ZWEIKRA3 | 56 +++++-------- files/SZWESAMP/ZWEIKRR1 | 102 ++++++++++------------- files/SZWESAMP/ZWEIKRR2 | 69 ++++++---------- files/SZWESAMP/ZWEIKRR3 | 73 +++++++---------- files/SZWESAMP/ZWEIKRT1 | 64 +++++---------- files/SZWESAMP/ZWEIKRT2 | 55 ++++--------- files/SZWESAMP/ZWEIKRT3 | 60 +++++--------- files/SZWESAMP/ZWEIRACF | 64 +++++++-------- files/SZWESAMP/ZWEISTC | 6 +- files/SZWESAMP/ZWEITSS | 86 ++++++++++---------- files/SZWESAMP/ZWENOKYR | 24 +++--- files/SZWESAMP/ZWENOSEC | 72 ++++++++--------- 21 files changed, 533 insertions(+), 625 deletions(-) create mode 100644 files/SZWESAMP/ZWEIAPF diff --git a/bin/commands/init/apfauth/.parameters b/bin/commands/init/apfauth/.parameters index 62b1a05778..56143b1254 100644 --- a/bin/commands/init/apfauth/.parameters +++ b/bin/commands/init/apfauth/.parameters @@ -1,2 +1 @@ -security-dry-run||boolean|||||Whether to dry run security related setup. -ignore-security-failures||boolean|||||Whether to ignore security setup job failures. +security-dry-run,dry-run||boolean|||||Whether to dry run security related setup. diff --git a/bin/commands/init/apfauth/index.sh b/bin/commands/init/apfauth/index.sh index d248cbb904..4e04ae7ae8 100644 --- a/bin/commands/init/apfauth/index.sh +++ b/bin/commands/init/apfauth/index.sh @@ -15,51 +15,20 @@ print_level1_message "APF authorize load libraries" ############################### # constants -auth_libs="authLoadlib authPluginLib" +required_yaml_content="prefix authLoadlib authPluginLib" ############################### # validation require_zowe_yaml -# read prefix and validate -prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") -if [ -z "${prefix}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 -fi - -############################### -# APF authorize loadlib -job_has_failures= -for key in ${auth_libs}; do - # read def and validate - ds=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.${key}") - if [ -z "${ds}" ]; then - # authLoadlib can be empty - if [ "${key}" = "authLoadlib" ]; then - ds="${prefix}.${ZWE_PRIVATE_DS_SZWEAUTH}" - else - print_error_and_exit "Error ZWEL0157E: ${name} (zowe.setup.dataset.${key}) is not defined in Zowe YAML configuration file." "" 157 - fi - fi - - print_message "APF authorize ${ds}" - apf_authorize_data_set "${ds}" - code=$? - if [ $code -ne 0 ]; then - if [ "${ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES}" = "true" ]; then - job_has_failures=true - else - exit $code - fi - else - print_debug "- APF authorized successfully." +for key in ${required_params}; do + eval "${key}=$(read_yaml \"${ZWE_CLI_PARAMETER_CONFIG}\" \".zowe.setup.dataset.${key}\")" + if [ -z "${key}" ]; then + print_error_and_exit "Error ZWEL0157E: Dataset parameter (zowe.setup.dataset.${key}) is not defined in Zowe YAML configuration file." "" 157 fi done -############################### -# exit message -if [ "${job_has_failures}" = "true" ]; then - print_level2_message "Failed to APF authorize Zowe load libraries. Please check log for details." -else - print_level2_message "Zowe load libraries are APF authorized successfully." -fi +jcllib=$(verify_generated_jcl) + +print_and_handle_jcl "//'${jcllib}(ZWEIAPF)'" "ZWEIAPF" "${jcllib}" "${prefix}" +print_level2_message "Zowe load libraries are APF authorized successfully." diff --git a/bin/libs/zos-jes.sh b/bin/libs/zos-jes.sh index 50a86d196c..d97445e164 100644 --- a/bin/libs/zos-jes.sh +++ b/bin/libs/zos-jes.sh @@ -137,3 +137,62 @@ wait_for_job() { return 1 fi } + +print_and_handle_jcl() + jcl_location="${1}" + job_name="{2}" + jcllib="${3}" + prefix="${4}" + remove_jcl_on_finish="${5}" + jcl_contents=$(cat "${jcl_location}") + + print_message "Template JCL: ${prefix}.SZWESAMP(${job_name}) , Executable JCL: ${jcllib}(${job_name})" + print_message "--- JCL Content ---" + print_message "$jcl_contents" + print_message "--- End of JCL ---" + + if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then + print_message "Submitting Job ${job_name}" + jobid=$(submit_job "${jcl_location}'") + code=$? + if [ ${code} -ne 0 ]; then + if [ "${remove_jcl_on_finish}" = "true" ]; then + rm "${jcl_location}" + fi + print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib}(${job_name})." "" 161 + fi + print_debug "- job id ${jobid}" + + jobstate=$(wait_for_job "${jobid}") + code=$? + if [ ${code} -eq 1 ]; then + if [ "${remove_jcl_on_finish}" = "true" ]; then + rm "${jcl_location}" + fi + print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 + fi + jobname=$(echo "${jobstate}" | awk -F, '{print $2}') + jobcctext=$(echo "${jobstate}" | awk -F, '{print $3}') + jobcccode=$(echo "${jobstate}" | awk -F, '{print $4}') + + if [ "${code}" -eq 0 ]; then + else + if [ "${remove_jcl_on_finish}" = "true" ]; then + rm "${jcl_location}" + fi + print_error_and_exit "Error ZWEL0163E: Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." "" 163 + fi + if [ "${remove_jcl_on_finish}" = "true" ]; then + rm "${jcl_location}" + fi + return 0 + else + print_message "JCL not submitted, command run with dry run flag." + print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" + print_level2_message "Command run successfully." + if [ "${remove_jcl_on_finish}" = "true" ]; then + rm "${jcl_location}" + fi + return 0 + fi +} diff --git a/bin/libs/zos.sh b/bin/libs/zos.sh index a39c6df6aa..fb4418bd7e 100644 --- a/bin/libs/zos.sh +++ b/bin/libs/zos.sh @@ -66,3 +66,29 @@ operator_command() { return ${code} } + +verify_generated_jcl() { + # read JCL library and validate + jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") + does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEISTC)") + if [ -z "${does_jcl_exist}" ]; then + zwecli_inline_execute_command init generate + fi + + # should be created, but may take time to discover. + if [ -z "${does_jcl_exist}" ]; then + does_jcl_exist= + for secs in 1 5 10 ; do + does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEISTC)") + if [ -z "${does_jcl_exist}" ]; then + sleep ${secs} + else + break + fi + done + if [ -z "${does_jcl_exist}" ]; then + print_error_and_exit "Error ZWEL0999E: ${jcllib} does not exist, cannot run command. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 + else + echo "${jcllib}" + fi +} diff --git a/files/SZWEEXEC/ZWEGEN00 b/files/SZWEEXEC/ZWEGEN00 index 1e6d73bbc8..2483948ac9 100644 --- a/files/SZWEEXEC/ZWEGEN00 +++ b/files/SZWEEXEC/ZWEGEN00 @@ -76,55 +76,6 @@ CFG.zwe.header.date = TRANSLATE(DATE(), '-', ' ') CFG.zwe.header.time = TIME() CFG.ZWE_CLI_PARAMETER_CONFIG = configChainWithMembers -/* -================================================================================ - Determine the external security manager on the system so that the correct - jcl templates can be used. -================================================================================ -*/ - -CVT_ADDR = C2X(STORAGE(D2X(16), 4)) -CVTRAC_ADDR = C2X(STORAGE(D2X(X2D(CVT_ADDR) + 992), 4)) -CVTRAC_VAL = STORAGE(CVTRAC_ADDR, 4) - -esm.0 = 3 - -esm.1.search = 'RCVT' -esm.1.prefix = 'ZWEKRR' - -esm.2.search = 'RTSS' -esm.2.prefix = 'ZWEKRT' - -esm.3.search = 'ACF2' -esm.3.prefix = 'ZWEKRA' - -ringType = 0 - -/* attempt to handle getting only 1 keyring jcl -if WORDINDEX(CFG.zowe.setup.certificate.type, 'JCE') > 0 then do - if LENGTH(CFG.zowe.setup.certificate.keyring.connect) > 0 then do - say 'connect exists, it is 'CFG.zowe.setup.certificate.keyring.connect'.' - ringType = 2 - else if LENGTH(CFG.zowe.setup.certificate.keyring.import) > 0 then do - say 'import exists, it is 'CFG.zowe.setup.certificate.keyring.import'.' - ringType = 3 - else do - say 'ring to be created' - ringType = 1 - end -else do - say 'pkcs12 to be used' -end - -if ringType > 0 then do - do i = 1 to esm.0 - if COMPARE(esm.i.search, CVTRAC_VAL) = 0 then do - ringMember = 'ZWEKR'esm.i.prefix''ringType - end - end -end -*/ - /* ================================================================================ Create a data set with attributes like the original jcl library and copy @@ -192,6 +143,69 @@ x = DeleteDataSet(jclCopy'(ZWESISCH)') x = DeleteDataSet(jclCopy'(ZWESECKG)') +/* +================================================================================ + Determine the external security manager on the system so that the correct + jcl templates can be used. +================================================================================ +*/ + +CVT_ADDR = C2X(STORAGE(D2X(16), 4)) +CVTRAC_ADDR = C2X(STORAGE(D2X(X2D(CVT_ADDR) + 992), 4)) +CVTRAC_VAL = STORAGE(CVTRAC_ADDR, 4) + +ringType = 0 + +/* attempt to handle getting only 1 keyring jcl +if WORDINDEX(CFG.zowe.setup.certificate.type, 'JCE') > 0 then do + if LENGTH(CFG.zowe.setup.certificate.keyring.connect) > 0 then do + say 'connect exists, it is 'CFG.zowe.setup.certificate.keyring.connect'.' + ringType = 2 + end + if LENGTH(CFG.zowe.setup.certificate.keyring.import) > 0 then do + say 'import exists, it is 'CFG.zowe.setup.certificate.keyring.import'.' + ringType = 3 + end + else do + say 'ring to be created' + ringType = 1 + end +else do + say 'pkcs12 to be used' +end +*/ + +if COMPARE('RCVT', CVTRAC_VAL) = 0 then do + x = DeleteDataSet(jclCopy'(ZWEIKRA1)') + x = DeleteDataSet(jclCopy'(ZWEIKRA2)') + x = DeleteDataSet(jclCopy'(ZWEIKRA3)') + x = DeleteDataSet(jclCopy'(ZWEIKRT1)') + x = DeleteDataSet(jclCopy'(ZWEIKRT2)') + x = DeleteDataSet(jclCopy'(ZWEIKRT3)') + x = DeleteDataSet(jclCopy'(ZWEIACF2)') + x = DeleteDataSet(jclCopy'(ZWEITSS)') +end +if COMPARE('RTSS', CVTRAC_VAL) = 0 then do + x = DeleteDataSet(jclCopy'(ZWEIKRA1)') + x = DeleteDataSet(jclCopy'(ZWEIKRA2)') + x = DeleteDataSet(jclCopy'(ZWEIKRA3)') + x = DeleteDataSet(jclCopy'(ZWEIKRR1)') + x = DeleteDataSet(jclCopy'(ZWEIKRR2)') + x = DeleteDataSet(jclCopy'(ZWEIKRR3)') + x = DeleteDataSet(jclCopy'(ZWEIACF2)') + x = DeleteDataSet(jclCopy'(ZWEIRACF)') +end +else do + x = DeleteDataSet(jclCopy'(ZWEIKRT1)') + x = DeleteDataSet(jclCopy'(ZWEIKRT2)') + x = DeleteDataSet(jclCopy'(ZWEIKRT3)') + x = DeleteDataSet(jclCopy'(ZWEIKRR1)') + x = DeleteDataSet(jclCopy'(ZWEIKRR2)') + x = DeleteDataSet(jclCopy'(ZWEIKRR3)') + x = DeleteDataSet(jclCopy'(ZWEIRACF)') + x = DeleteDataSet(jclCopy'(ZWEITSS)') +end + say jcl' has been copied to 'jclCopy'.' /* diff --git a/files/SZWESAMP/ZWEIACF2 b/files/SZWESAMP/ZWEIACF2 index c446614664..7e93a5bf19 100644 --- a/files/SZWESAMP/ZWEIACF2 +++ b/files/SZWESAMP/ZWEIACF2 @@ -103,7 +103,7 @@ F ACF2,REBUILD(GRP),CLASS(P) * SET LID INSERT {zowe.setup.security.users.zowe}. + - STC GROUP({zowe.setup.security.groups.stc}.) + STC GROUP({zowe.setup.security.groups.stc}) SET PROFILE(USER) DIV(OMVS) INSERT {zowe.setup.security.users.zowe}. + AUTOUID HOME(/tmp) OMVSPGM(/bin/sh) @@ -114,7 +114,7 @@ F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) * SET LID INSERT {zowe.setup.security.users.zis}. + - STC GROUP({zowe.setup.security.groups.stc}.) + STC GROUP({zowe.setup.security.groups.stc}) SET PROFILE(USER) DIV(OMVS) INSERT {zowe.setup.security.users.zis}. + AUTOUID HOME(/tmp) OMVSPGM(/bin/sh) @@ -126,27 +126,27 @@ F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) * SET CONTROL(GSO) INSERT STC.{zowe.setup.security.stcs.zowe}. + - LOGONID({zowe.setup.security.users.zowe}.) + -GROUP({zowe.setup.security.groups.stc}.) + -STCID({zowe.setup.security.stcs.zowe}.) + LOGONID({zowe.setup.security.users.zowe}) + +GROUP({zowe.setup.security.groups.stc}) + +STCID({zowe.setup.security.stcs.zowe}) F ACF2,REFRESH(STC) * * started task for ZIS cross memory server * SET CONTROL(GSO) INSERT STC.{zowe.setup.security.stcs.zis}. + - LOGONID({zowe.setup.security.users.zis}.) + -GROUP({zowe.setup.security.groups.stc}.) + -STCID({zowe.setup.security.stcs.zis}.) + LOGONID({zowe.setup.security.users.zis}) + +GROUP({zowe.setup.security.groups.stc}) + +STCID({zowe.setup.security.stcs.zis}) F ACF2,REFRESH(STC) * * started task for ZIS Auxiliary cross memory server * SET CONTROL(GSO) INSERT STC.{zowe.setup.security.stcs.aux}. + - LOGONID({zowe.setup.security.users.zis}.) + -GROUP({zowe.setup.security.groups.stc}.) + -STCID({zowe.setup.security.stcs.aux}.) + LOGONID({zowe.setup.security.users.zis}) + +GROUP({zowe.setup.security.groups.stc}) + +STCID({zowe.setup.security.stcs.aux}) F ACF2,REFRESH(STC) * * DEFINE ZIS SECURITY RESOURCES .................................. @@ -156,10 +156,10 @@ F ACF2,REFRESH(STC) * SET X(ROL) INSERT {zowe.setup.security.groups.stc}. + - INCLUDE({zowe.setup.security.users.zowe}.) ROLE + INCLUDE({zowe.setup.security.users.zowe}) ROLE F ACF2,NEWXREF,TYPE(ROL) CHANGE {zowe.setup.security.groups.stc}. + - INCLUDE({zowe.setup.security.users.zis}.) ADD + INCLUDE({zowe.setup.security.users.zis}) ADD F ACF2,NEWXREF,TYPE(ROL) * * DEFINE STC SERVER PERMISIONS .................................... @@ -168,7 +168,7 @@ F ACF2,NEWXREF,TYPE(ROL) * SET RESOURCE(FAC) RECKEY ZWES ADD(IS SERVICE(READ) + - ROLE({zowe.setup.security.groups.stc}.) ALLOW) + ROLE({zowe.setup.security.groups.stc}) ALLOW) F ACF2,REBUILD(FAC) * * DEFINE ZOWE SERVER PERMISIONS ................................... @@ -182,38 +182,38 @@ F ACF2,REBUILD(FAC) * SET RESOURCE(FAC) RECKEY BPX ADD(DAEMON SERVICE(UPDATE) + - ROLE({zowe.setup.security.groups.stc}.) ALLOW) + ROLE({zowe.setup.security.groups.stc}) ALLOW) RECKEY BPX ADD(SERVER SERVICE(UPDATE) + - ROLE({zowe.setup.security.groups.stc}.) ALLOW) + ROLE({zowe.setup.security.groups.stc}) ALLOW) * * permit Zowe main server to create a user's security environment * comment out the following 3 lines if the OMVSAPPL is not defined * in your environment SET RESOURCE(APL) RECKEY OMVSAPPL ADD(SERVICE(READ) + - ROLE({zowe.setup.security.groups.stc}.) ALLOW) + ROLE({zowe.setup.security.groups.stc}) ALLOW) F ACF2,REBUILD(APL) * * Allow STCGRP role access to BPX.JOBNAME RECKEY BPX ADD(JOBNAME SERVICE(READ) + - ROLE({zowe.setup.security.groups.stc}.) ALLOW) + ROLE({zowe.setup.security.groups.stc}) ALLOW) F ACF2,REBUILD(FAC) * allow STCGRP role to use client certificate mapping service SET RESOURCE(FAC) -RECKEY IRR ADD(RUSERMAP ROLE({zowe.setup.security.groups.stc}.) + +RECKEY IRR ADD(RUSERMAP ROLE({zowe.setup.security.groups.stc}) + SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * allow STCGRP role to use distributed identity mapping service SET RESOURCE(FAC) RECKEY IRR ADD(IDIDMAP.QUERY + - ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) + ROLE({zowe.setup.security.groups.stc}) SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * permit Zowe main server to cut SMF records SET RESOURCE(FAC) -RECKEY IRR ADD(RAUDITX ROLE({zowe.setup.security.groups.stc}.) + +RECKEY IRR ADD(RAUDITX ROLE({zowe.setup.security.groups.stc}) + SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) @@ -229,7 +229,7 @@ SET RULE LIST {zowe.setup.dataset.prefix}. RECKEY {zowe.setup.dataset.prefix}. ADD(- UID(-) READ(A) EXEC(P)) RECKEY {zowe.setup.dataset.prefix}. + -ADD(- UID({zowe.setup.security.groups.sysProg}.) + +ADD(- UID({zowe.setup.security.groups.sysProg}) + READ(A) EXEC(A) ALLOC(A) WRITE(A)) * * show results diff --git a/files/SZWESAMP/ZWEIAPF b/files/SZWESAMP/ZWEIAPF new file mode 100644 index 0000000000..e1da539a48 --- /dev/null +++ b/files/SZWESAMP/ZWEIAPF @@ -0,0 +1,17 @@ +//ZWEIAPF JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//APFLOAD COMMAND 'SETPROG APF,ADD,DSN={zowe.setup.dataset.authLoadLib}' +//* +//APFLIB COMMAND 'SETPROG APF,ADD,DSN={zowe.setup.dataset.authPluginLib}' +//* diff --git a/files/SZWESAMP/ZWEIKRA1 b/files/SZWESAMP/ZWEIKRA1 index b27c1db2e6..8672305306 100644 --- a/files/SZWESAMP/ZWEIKRA1 +++ b/files/SZWESAMP/ZWEIKRA1 @@ -11,28 +11,12 @@ //* //********************************************************************* //* -//* Zowe Open Source Project //* This JCL can be used to define key ring and certificates for Zowe //* -//********************************************************************* //* ATTENTION! -//* Configure certificate for Zowe -//* Select one of three options which is the most suitable for your -//* environment and follow the appropriate action -//* -//* Options: -//* 1. (default option) Generate Zowe's certificate that will be -//* signed by the Zowe's local CA -//* -//* 2. Zowe's certificate is already loaded in RACF database -//* ACTION: -//* a. modify the following snippet -//* CONNECT(SITE | ID(userid) + -//* LABEL('certlabel') + -//* to match the owner of the desired certificate -//* -//* 3. Import external Zowe's certificate from a data set in PKCS12 -//* format +//* Each ZWEIKR JCL is for different ESM and Keyring options. +//* This one is for generating new certificates +//* Signed by a Zowe-generated local certificate authority (CA) //* //********************************************************************* //* @@ -73,11 +57,7 @@ //* 2. Assumption: signing CA chain of the Zowe external certificate is //* added to the security database under the CERTAUTH userid. //* -//* 3. If the Zowe certificate is imported from a data set then -//* the certificate has to be in PKCS12 format and has to -//* contain Zowe certificate's signing CA chain and private key. -//* -//* 4. This job WILL complete with return code 0. +//* 3. This job WILL complete with return code 0. //* The results of each command must be verified after completion. //* //********************************************************************* @@ -117,8 +97,8 @@ ACF // * Create the keyring .............................................. */ SET PROFILE(USER) DIVISION(KEYRING) - INSERT {zowe.setup.security.users.zowe}..ZOWERING + - RINGNAME({zowe.setup.certificate.keyring.name}.) + INSERT {zowe.setup.security.users.zowe}.ZOWERING + + RINGNAME({zowe.setup.certificate.keyring.name}) F ACF2,REBUILD(USR),CLASS(P),DIVISION(KEYRING) $$ //RUNOPT1 EXEC PGM=IKJEFT01,REGION=0M @@ -137,39 +117,39 @@ ACF O='{zowe.setup.certificate.dname.org}.' - L='{zowe.setup.certificate.dname.locality}.' - SP='{zowe.setup.certificate.dname.state}.' - - C='{zowe.setup.certificate.dname.country}.') - + C='{zowe.setup.certificate.dname.country}') - EXPIRE(05/01/30) - KEYUSAGE(CERTSIGN) * * Connect Zowe's local CA authority to the keyring ................ */ SET PROFILE(USER) DIVISION(CERTDATA) CONNECT CERTDATA(CERTAUTH.ZOWECA) - - RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) + RINGNAME({zowe.setup.certificate.keyring.name}) - + KEYRING({zowe.setup.security.users.zowe}.ZOWERING) USAGE(CERTAUTH) CHKCERT CERTAUTH.ZOWECA * * Create a certificate signed by local zowe's CA .................. */ SET PROFILE(USER) DIV(CERTDATA) - GENCERT {zowe.setup.security.users.zowe}..ZOWECERT - + GENCERT {zowe.setup.security.users.zowe}.ZOWECERT - SUBJSDN(CN='{zowe.setup.certificate.dname}. certificate' - OU='{zowe.setup.certificate.dname.orgUnit}.' - O='{zowe.setup.certificate.dname.org}.' - L='{zowe.setup.certificate.dname.locality}.' - SP='{zowe.setup.certificate.dname.state}.' - - C='{zowe.setup.certificate.dname.country}.') - + C='{zowe.setup.certificate.dname.country}') - SIZE(2048) - EXPIRE(05/01/30) - - LABEL({zowe.setup.certificate.keyring.label}.) - + LABEL({zowe.setup.certificate.keyring.label}) - KEYUSAGE(HANDSHAKE) - ALTNAME(IP=&IPADDRES DOMAIN={zowe.externalDomains.0}) - SIGNWITH(CERTAUTH.ZOWECA) * * Connect a Zowe's certificate with the keyring ................... */ SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA({zowe.setup.security.users.zowe}..ZOWECERT) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - + CONNECT CERTDATA({zowe.setup.security.users.zowe}.ZOWECERT) - + KEYRING({zowe.setup.security.users.zowe}.ZOWERING) - USAGE(PERSONAL) DEFAULT - CHKCERT {zowe.setup.security.users.zowe}..ZOWECERT + CHKCERT {zowe.setup.security.users.zowe}.ZOWECERT * * Option 1 - Default Option - END ................................. */ $$ @@ -185,12 +165,12 @@ ACF * keyring ......................................................... */ SET PROFILE(USER) DIVISION(CERTDATA) CONNECT CERTDATA(CERTAUTH.&ITRMZWCA.) - - RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) + RINGNAME({zowe.setup.certificate.keyring.name}) - + KEYRING({zowe.setup.security.users.zowe}.ZOWERING) USAGE(CERTAUTH) * CONNECT CERTDATA(CERTAUTH.&ROOTZWCA.) - - RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) + RINGNAME({zowe.setup.certificate.keyring.name}) - + KEYRING({zowe.setup.security.users.zowe}.ZOWERING) USAGE(CERTAUTH) $$ //IFZWCAED ENDIF //* @@ -205,9 +185,9 @@ ACF * authority (CA) with the keyring ................................. */ SET PROFILE(USER) DIVISION(CERTDATA) CONNECT - - CERTDATA(CERTAUTH.{zowe.setup.certificate.keyring.zOSMF.ca}.) - - RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - + CERTDATA(CERTAUTH.{zowe.setup.certificate.keyring.zOSMF.ca}) - + RINGNAME({zowe.setup.certificate.keyring.name}) - + KEYRING({zowe.setup.security.users.zowe}.ZOWERING) - USAGE(CERTAUTH) $$ //IFZFCAED ENDIF @@ -235,7 +215,7 @@ ACF * * List the keyring ................................................ */ SET PROFILE(USER) DIVISION(KEYRING) - LIST {zowe.setup.security.users.zowe}..ZOWERING + LIST {zowe.setup.security.users.zowe}.ZOWERING * Common part - END ............................................... */ $$ //* diff --git a/files/SZWESAMP/ZWEIKRA2 b/files/SZWESAMP/ZWEIKRA2 index d30cce8599..c30a3db8c4 100644 --- a/files/SZWESAMP/ZWEIKRA2 +++ b/files/SZWESAMP/ZWEIKRA2 @@ -11,28 +11,11 @@ //* //********************************************************************* //* -//* Zowe Open Source Project //* This JCL can be used to define key ring and certificates for Zowe //* -//********************************************************************* //* ATTENTION! -//* Configure certificate for Zowe -//* Select one of three options which is the most suitable for your -//* environment and follow the appropriate action -//* -//* Options: -//* 1. (default option) Generate Zowe's certificate that will be -//* signed by the Zowe's local CA -//* -//* 2. Zowe's certificate is already loaded in RACF database -//* ACTION: -//* a. modify the following snippet -//* CONNECT(SITE | ID(userid) + -//* LABEL('certlabel') + -//* to match the owner of the desired certificate -//* -//* 3. Import external Zowe's certificate from a data set in PKCS12 -//* format +//* Each ZWEIKR JCL is for different ESM and Keyring options. +//* This one is for connecting a certificate already in the ESM DB. //* //********************************************************************* //* @@ -73,11 +56,7 @@ //* 2. Assumption: signing CA chain of the Zowe external certificate is //* added to the security database under the CERTAUTH userid. //* -//* 3. If the Zowe certificate is imported from a data set then -//* the certificate has to be in PKCS12 format and has to -//* contain Zowe certificate's signing CA chain and private key. -//* -//* 4. This job WILL complete with return code 0. +//* 3. This job WILL complete with return code 0. //* The results of each command must be verified after completion. //* //********************************************************************* @@ -117,8 +96,8 @@ ACF // * Create the keyring .............................................. */ SET PROFILE(USER) DIVISION(KEYRING) - INSERT {zowe.setup.security.users.zowe}..ZOWERING + - RINGNAME({zowe.setup.certificate.keyring.name}.) + INSERT {zowe.setup.security.users.zowe}.ZOWERING + + RINGNAME({zowe.setup.certificate.keyring.name}) F ACF2,REBUILD(USR),CLASS(P),DIVISION(KEYRING) $$ //* @@ -132,9 +111,9 @@ ACF * Connect a Zowe's certificate with the keyring ................... */ SET PROFILE(USER) DIVISION(CERTDATA) CONNECT CERTDATA(SITECERT.digicert | userid.digicert) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - + KEYRING({zowe.setup.security.users.zowe}.ZOWERING) - USAGE(PERSONAL) DEFAULT - CHKCERT {zowe.setup.security.users.zowe}..ZOWECERT + CHKCERT {zowe.setup.security.users.zowe}.ZOWECERT * * Option 2 - END .................................................. */ $$ @@ -151,12 +130,12 @@ ACF * keyring ......................................................... */ SET PROFILE(USER) DIVISION(CERTDATA) CONNECT CERTDATA(CERTAUTH.&ITRMZWCA.) - - RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) + RINGNAME({zowe.setup.certificate.keyring.name}) - + KEYRING({zowe.setup.security.users.zowe}.ZOWERING) USAGE(CERTAUTH) * CONNECT CERTDATA(CERTAUTH.&ROOTZWCA.) - - RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) + RINGNAME({zowe.setup.certificate.keyring.name}) - + KEYRING({zowe.setup.security.users.zowe}.ZOWERING) USAGE(CERTAUTH) $$ //IFZWCAED ENDIF //* @@ -171,9 +150,9 @@ ACF * authority (CA) with the keyring ................................. */ SET PROFILE(USER) DIVISION(CERTDATA) CONNECT - - CERTDATA(CERTAUTH.{zowe.setup.certificate.keyring.zOSMF.ca}.) - - RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - + CERTDATA(CERTAUTH.{zowe.setup.certificate.keyring.zOSMF.ca}) - + RINGNAME({zowe.setup.certificate.keyring.name}) - + KEYRING({zowe.setup.security.users.zowe}.ZOWERING) - USAGE(CERTAUTH) $$ //IFZFCAED ENDIF @@ -201,7 +180,7 @@ ACF * * List the keyring ................................................ */ SET PROFILE(USER) DIVISION(KEYRING) - LIST {zowe.setup.security.users.zowe}..ZOWERING + LIST {zowe.setup.security.users.zowe}.ZOWERING * Common part - END ............................................... */ $$ //* diff --git a/files/SZWESAMP/ZWEIKRA3 b/files/SZWESAMP/ZWEIKRA3 index a971eb141b..1d646a558d 100644 --- a/files/SZWESAMP/ZWEIKRA3 +++ b/files/SZWESAMP/ZWEIKRA3 @@ -11,28 +11,11 @@ //* //********************************************************************* //* -//* Zowe Open Source Project //* This JCL can be used to define key ring and certificates for Zowe //* -//********************************************************************* //* ATTENTION! -//* Configure certificate for Zowe -//* Select one of three options which is the most suitable for your -//* environment and follow the appropriate action -//* -//* Options: -//* 1. (default option) Generate Zowe's certificate that will be -//* signed by the Zowe's local CA -//* -//* 2. Zowe's certificate is already loaded in RACF database -//* ACTION: -//* a. modify the following snippet -//* CONNECT(SITE | ID(userid) + -//* LABEL('certlabel') + -//* to match the owner of the desired certificate -//* -//* 3. Import external Zowe's certificate from a data set in PKCS12 -//* format +//* Each ZWEIKR JCL is for different ESM and Keyring options. +// This one is for importing a PKCS12 certificate from a data set. //* //********************************************************************* //* @@ -73,8 +56,7 @@ //* 2. Assumption: signing CA chain of the Zowe external certificate is //* added to the security database under the CERTAUTH userid. //* -//* 3. If the Zowe certificate is imported from a data set then -//* the certificate has to be in PKCS12 format and has to +//* 3. The imported PKCS12-formatted data set has to //* contain Zowe certificate's signing CA chain and private key. //* //* 4. This job WILL complete with return code 0. @@ -117,8 +99,8 @@ ACF // * Create the keyring .............................................. */ SET PROFILE(USER) DIVISION(KEYRING) - INSERT {zowe.setup.security.users.zowe}..ZOWERING + - RINGNAME({zowe.setup.certificate.keyring.name}.) + INSERT {zowe.setup.security.users.zowe}.ZOWERING + + RINGNAME({zowe.setup.certificate.keyring.name}) F ACF2,REBUILD(USR),CLASS(P),DIVISION(KEYRING) $$ //* @@ -131,18 +113,18 @@ ACF * Option 3 - BEGINNING ............................................ */ * Import external certificate from data set ....................... */ SET PROFILE(USER) DIV(CERTDATA) - INSERT {zowe.setup.security.users.zowe}..ZOWECERT - - DSNAME('{zowe.setup.certificate.keyring.import.dsName}.') - + INSERT {zowe.setup.security.users.zowe}.ZOWECERT - + DSNAME('{zowe.setup.certificate.keyring.import.dsName}') - LABEL(&LABEL.) - - PASSWORD('{zowe.setup.certificate.keyring.import.password}.') - + PASSWORD('{zowe.setup.certificate.keyring.import.password}') - TRUST * * Connect a Zowe's certificate with the keyring ................... */ SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA({zowe.setup.security.users.zowe}..ZOWECERT) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - + CONNECT CERTDATA({zowe.setup.security.users.zowe}.ZOWECERT) - + KEYRING({zowe.setup.security.users.zowe}.ZOWERING) - USAGE(PERSONAL) DEFAULT - CHKCERT {zowe.setup.security.users.zowe}..ZOWECERT + CHKCERT {zowe.setup.security.users.zowe}.ZOWECERT * * Option 3 - END .................................................. */ $$ @@ -158,12 +140,12 @@ ACF * keyring ......................................................... */ SET PROFILE(USER) DIVISION(CERTDATA) CONNECT CERTDATA(CERTAUTH.&ITRMZWCA.) - - RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) + RINGNAME({zowe.setup.certificate.keyring.name}) - + KEYRING({zowe.setup.security.users.zowe}.ZOWERING) USAGE(CERTAUTH) * CONNECT CERTDATA(CERTAUTH.&ROOTZWCA.) - - RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) + RINGNAME({zowe.setup.certificate.keyring.name}) - + KEYRING({zowe.setup.security.users.zowe}.ZOWERING) USAGE(CERTAUTH) $$ //IFZWCAED ENDIF //* @@ -178,9 +160,9 @@ ACF * authority (CA) with the keyring ................................. */ SET PROFILE(USER) DIVISION(CERTDATA) CONNECT - - CERTDATA(CERTAUTH.{zowe.setup.certificate.keyring.zOSMF.ca}.) - - RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - + CERTDATA(CERTAUTH.{zowe.setup.certificate.keyring.zOSMF.ca}) - + RINGNAME({zowe.setup.certificate.keyring.name}) - + KEYRING({zowe.setup.security.users.zowe}.ZOWERING) - USAGE(CERTAUTH) $$ //IFZFCAED ENDIF @@ -208,7 +190,7 @@ ACF * * List the keyring ................................................ */ SET PROFILE(USER) DIVISION(KEYRING) - LIST {zowe.setup.security.users.zowe}..ZOWERING + LIST {zowe.setup.security.users.zowe}.ZOWERING * Common part - END ............................................... */ $$ //* diff --git a/files/SZWESAMP/ZWEIKRR1 b/files/SZWESAMP/ZWEIKRR1 index 7c74d618b0..ec7c0be3ef 100644 --- a/files/SZWESAMP/ZWEIKRR1 +++ b/files/SZWESAMP/ZWEIKRR1 @@ -11,28 +11,12 @@ //* //********************************************************************* //* -//* Zowe Open Source Project //* This JCL can be used to define key ring and certificates for Zowe //* -//********************************************************************* //* ATTENTION! -//* Configure certificate for Zowe -//* Select one of three options which is the most suitable for your -//* environment and follow the appropriate action -//* -//* Options: -//* 1. (default option) Generate Zowe's certificate that will be -//* signed by the Zowe's local CA -//* -//* 2. Zowe's certificate is already loaded in RACF database -//* ACTION: -//* a. modify the following snippet -//* CONNECT(SITE | ID(userid) + -//* LABEL('certlabel') + -//* to match the owner of the desired certificate -//* -//* 3. Import external Zowe's certificate from a data set in PKCS12 -//* format +//* Each ZWEIKR JCL is for different ESM and Keyring options. +//* This one is for generating new certificates +//* Signed by a Zowe-generated local certificate authority (CA) //* //********************************************************************* //* @@ -73,11 +57,7 @@ //* 2. Assumption: signing CA chain of the Zowe external certificate is //* added to the security database under the CERTAUTH userid. //* -//* 3. If the Zowe certificate is imported from a data set then -//* the certificate has to be in PKCS12 format and has to -//* contain Zowe certificate's signing CA chain and private key. -//* -//* 4. This job WILL complete with return code 0. +//* 3. This job WILL complete with return code 0. //* The results of each command must be verified after completion. //* //********************************************************************* @@ -115,8 +95,8 @@ //RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Create the keyring .............................................. */ - RACDCERT ADDRING({zowe.setup.certificate.keyring.name}.) + - ID({zowe.setup.security.users.zowe}.) + RACDCERT ADDRING({zowe.setup.certificate.keyring.name}) + + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(DIGTRING) REFRESH $$ //RUNOPT1 EXEC PGM=IKJEFT01,REGION=0M @@ -129,11 +109,11 @@ $$ RACDCERT GENCERT CERTAUTH + SUBJECTSDN( + CN('{zowe.setup.certificate.dname}. CA') + - OU('{zowe.setup.certificate.dname.orgUnit}.') + - O('{zowe.setup.certificate.dname.org}.') + - L('{zowe.setup.certificate.dname.locality}.') + - SP('{zowe.setup.certificate.dname.state}.') + - C('{zowe.setup.certificate.dname.country}.')) + + OU('{zowe.setup.certificate.dname.orgUnit}') + + O('{zowe.setup.certificate.dname.org}') + + L('{zowe.setup.certificate.dname.locality}') + + SP('{zowe.setup.certificate.dname.state}') + + C('{zowe.setup.certificate.dname.country}')) + SIZE(2048) + NOTAFTER(DATE(2030-05-01)) + WITHLABEL('{zowe.setup.certificate.keyring.caLabel}') + @@ -142,21 +122,21 @@ $$ /* Connect Zowe's local CA authority to the keyring ................ */ RACDCERT CONNECT(CERTAUTH + LABEL('{zowe.setup.certificate.keyring.caLabel}') + - RING({zowe.setup.certificate.keyring.name}.)) + - ID({zowe.setup.security.users.zowe}.) + RING({zowe.setup.certificate.keyring.name})) + + ID({zowe.setup.security.users.zowe}) /* Create a certificate signed by local zowe's CA .................. */ - RACDCERT GENCERT ID({zowe.setup.security.users.zowe}.) + + RACDCERT GENCERT ID({zowe.setup.security.users.zowe}) + SUBJECTSDN( + CN('{zowe.setup.certificate.dname}. certificate') + - OU('{zowe.setup.certificate.dname.orgUnit}.') + - O('{zowe.setup.certificate.dname.org}.') + - L('{zowe.setup.certificate.dname.locality}.') + - SP('{zowe.setup.certificate.dname.state}.') + - C('{zowe.setup.certificate.dname.country}.')) + + OU('{zowe.setup.certificate.dname.orgUnit}') + + O('{zowe.setup.certificate.dname.org}') + + L('{zowe.setup.certificate.dname.locality}') + + SP('{zowe.setup.certificate.dname.state}') + + C('{zowe.setup.certificate.dname.country}')) + SIZE(2048) + NOTAFTER(DATE(2030-05-01)) + - WITHLABEL('{zowe.setup.certificate.keyring.label}.') + + WITHLABEL('{zowe.setup.certificate.keyring.label}') + KEYUSAGE(HANDSHAKE) + ALTNAME(IP(&IPADDRES) + DOMAIN('{zowe.externalDomains.0}')) + @@ -164,11 +144,11 @@ $$ LABEL('{zowe.setup.certificate.keyring.caLabel}')) /* Connect a Zowe's certificate with the keyring ................... */ - RACDCERT CONNECT(ID({zowe.setup.security.users.zowe}.) + - LABEL('{zowe.setup.certificate.keyring.label}.') + - RING({zowe.setup.certificate.keyring.name}.) + + RACDCERT CONNECT(ID({zowe.setup.security.users.zowe}) + + LABEL('{zowe.setup.certificate.keyring.label}') + + RING({zowe.setup.certificate.keyring.name}) + USAGE(PERSONAL) DEFAULT) + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH @@ -184,15 +164,15 @@ $$ /* keyring ......................................................... */ RACDCERT CONNECT(CERTAUTH + LABEL('&ITRMZWCA.') + - RING({zowe.setup.certificate.keyring.name}.) + + RING({zowe.setup.certificate.keyring.name}) + USAGE(CERTAUTH)) + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) RACDCERT CONNECT(CERTAUTH + LABEL('&ROOTZWCA.') + - RING({zowe.setup.certificate.keyring.name}.) + + RING({zowe.setup.certificate.keyring.name}) + USAGE(CERTAUTH)) + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH $$ @@ -207,10 +187,10 @@ $$ /* Connect the z/OSMF root CA signed by a recognized certificate ... */ /* authority (CA) with the keyring ................................. */ RACDCERT CONNECT(CERTAUTH + - LABEL('{zowe.setup.certificate.keyring.zOSMF.ca}.') + - RING({zowe.setup.certificate.keyring.name}.) + + LABEL('{zowe.setup.certificate.keyring.zOSMF.ca}') + + RING({zowe.setup.certificate.keyring.name}) + USAGE(CERTAUTH)) + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH $$ @@ -231,18 +211,18 @@ $$ /* Define profiles that control certificate access ................. */ RDEFINE RDATALIB + - &USERNAME..{zowe.setup.certificate.keyring.name}..LST + + &USERNAME..{zowe.setup.certificate.keyring.name}.LST + UACC(NONE) /* Permit server user ID to access key ring and related ............ */ /* private keys. ................................................... */ PERMIT + - &USERNAME..{zowe.setup.certificate.keyring.name}..LST + - CLASS(RDATALIB) ID({zowe.setup.security.users.zowe}.) + + &USERNAME..{zowe.setup.certificate.keyring.name}.LST + + CLASS(RDATALIB) ID({zowe.setup.security.users.zowe}) + ACCESS(CONTROL) /* Uncomment this command to allow other user to access key ring ... */ -/* PERMIT &USERNAME..{zowe.setup.certificate.keyring.name}..LST + */ +/* PERMIT &USERNAME..{zowe.setup.certificate.keyring.name}.LST + */ /* CLASS(RDATALIB) ID() + */ /* ACCESS(READ) */ @@ -256,29 +236,29 @@ $$ /* PERMIT commands will fail if the IRR.DIGTCERT profiles do not ... */ /* already exist. .................................................. */ PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) + - ID({zowe.setup.security.users.zowe}.) + + ID({zowe.setup.security.users.zowe}) + ACCESS(READ) PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) + - ID({zowe.setup.security.users.zowe}.) + + ID({zowe.setup.security.users.zowe}) + ACCESS(READ) /* Uncomment this command if SITE user owns the Zowe certificate ... */ /* PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) */ -/* ID({zowe.setup.security.users.zowe}.) + */ +/* ID({zowe.setup.security.users.zowe}) + */ /* ACCESS(CONTROL) */ SETROPTS RACLIST(FACILITY) REFRESH /* show results .................................................... */ RLIST RDATALIB + - &USERNAME..{zowe.setup.certificate.keyring.name}..LST ALL + &USERNAME..{zowe.setup.certificate.keyring.name}.LST ALL RLIST FACILITY IRR.DIGTCERT.LISTRING ALL RLIST FACILITY IRR.DIGTCERT.LIST ALL RLIST FACILITY IRR.DIGTCERT.GENCERT ALL /* List the keyring ................................................ */ - RACDCERT LISTRING({zowe.setup.certificate.keyring.name}.) + - ID({zowe.setup.security.users.zowe}.) + RACDCERT LISTRING({zowe.setup.certificate.keyring.name}) + + ID({zowe.setup.security.users.zowe}) /* Common part - END ............................................... */ /* only the last RC is returned, this command ensures it is a 0 .... */ diff --git a/files/SZWESAMP/ZWEIKRR2 b/files/SZWESAMP/ZWEIKRR2 index b2083d0829..a6298b11be 100644 --- a/files/SZWESAMP/ZWEIKRR2 +++ b/files/SZWESAMP/ZWEIKRR2 @@ -11,28 +11,11 @@ //* //********************************************************************* //* -//* Zowe Open Source Project //* This JCL can be used to define key ring and certificates for Zowe //* -//********************************************************************* //* ATTENTION! -//* Configure certificate for Zowe -//* Select one of three options which is the most suitable for your -//* environment and follow the appropriate action -//* -//* Options: -//* 1. (default option) Generate Zowe's certificate that will be -//* signed by the Zowe's local CA -//* -//* 2. Zowe's certificate is already loaded in RACF database -//* ACTION: -//* a. modify the following snippet -//* CONNECT(SITE | ID(userid) + -//* LABEL('certlabel') + -//* to match the owner of the desired certificate -//* -//* 3. Import external Zowe's certificate from a data set in PKCS12 -//* format +//* Each ZWEIKR JCL is for different ESM and Keyring options. +//* This one is for connecting a certificate already in the ESM DB. //* //********************************************************************* //* @@ -73,11 +56,7 @@ //* 2. Assumption: signing CA chain of the Zowe external certificate is //* added to the security database under the CERTAUTH userid. //* -//* 3. If the Zowe certificate is imported from a data set then -//* the certificate has to be in PKCS12 format and has to -//* contain Zowe certificate's signing CA chain and private key. -//* -//* 4. This job WILL complete with return code 0. +//* 3. This job WILL complete with return code 0. //* The results of each command must be verified after completion. //* //********************************************************************* @@ -119,8 +98,8 @@ //RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Create the keyring .............................................. */ - RACDCERT ADDRING({zowe.setup.certificate.keyring.name}.) + - ID({zowe.setup.security.users.zowe}.) + RACDCERT ADDRING({zowe.setup.certificate.keyring.name}) + + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(DIGTRING) REFRESH $$ //* @@ -134,9 +113,9 @@ $$ RACDCERT CONNECT(SITE | + ID({zowe.setup.certificate.keyring.connect.user}) + LABEL({zowe.setup.certificate.keyring.connect.label}) + - RING({zowe.setup.certificate.keyring.name}.) + + RING({zowe.setup.certificate.keyring.name}) + USAGE(PERSONAL) DEFAULT) + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH @@ -152,15 +131,15 @@ $$ /* keyring ......................................................... */ RACDCERT CONNECT(CERTAUTH + LABEL('&ITRMZWCA.') + - RING({zowe.setup.certificate.keyring.name}.) + + RING({zowe.setup.certificate.keyring.name}) + USAGE(CERTAUTH)) + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) RACDCERT CONNECT(CERTAUTH + LABEL('&ROOTZWCA.') + - RING({zowe.setup.certificate.keyring.name}.) + + RING({zowe.setup.certificate.keyring.name}) + USAGE(CERTAUTH)) + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH $$ @@ -175,10 +154,10 @@ $$ /* Connect the z/OSMF root CA signed by a recognized certificate ... */ /* authority (CA) with the keyring ................................. */ RACDCERT CONNECT(CERTAUTH + - LABEL('{zowe.setup.certificate.keyring.zOSMF.ca}.') + - RING({zowe.setup.certificate.keyring.name}.) + + LABEL('{zowe.setup.certificate.keyring.zOSMF.ca}') + + RING({zowe.setup.certificate.keyring.name}) + USAGE(CERTAUTH)) + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH $$ @@ -199,18 +178,18 @@ $$ /* Define profiles that control certificate access ................. */ RDEFINE RDATALIB + - &USERNAME..{zowe.setup.certificate.keyring.name}..LST + + &USERNAME..{zowe.setup.certificate.keyring.name}.LST + UACC(NONE) /* Permit server user ID to access key ring and related ............ */ /* private keys. ................................................... */ PERMIT + - &USERNAME..{zowe.setup.certificate.keyring.name}..LST + - CLASS(RDATALIB) ID({zowe.setup.security.users.zowe}.) + + &USERNAME..{zowe.setup.certificate.keyring.name}.LST + + CLASS(RDATALIB) ID({zowe.setup.security.users.zowe}) + ACCESS(CONTROL) /* Uncomment this command to allow other user to access key ring ... */ -/* PERMIT &USERNAME..{zowe.setup.certificate.keyring.name}..LST + */ +/* PERMIT &USERNAME..{zowe.setup.certificate.keyring.name}.LST + */ /* CLASS(RDATALIB) ID() + */ /* ACCESS(READ) */ @@ -224,29 +203,29 @@ $$ /* PERMIT commands will fail if the IRR.DIGTCERT profiles do not ... */ /* already exist. .................................................. */ PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) + - ID({zowe.setup.security.users.zowe}.) + + ID({zowe.setup.security.users.zowe}) + ACCESS(READ) PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) + - ID({zowe.setup.security.users.zowe}.) + + ID({zowe.setup.security.users.zowe}) + ACCESS(READ) /* Uncomment this command if SITE user owns the Zowe certificate ... */ /* PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) */ -/* ID({zowe.setup.security.users.zowe}.) + */ +/* ID({zowe.setup.security.users.zowe}) + */ /* ACCESS(CONTROL) */ SETROPTS RACLIST(FACILITY) REFRESH /* show results .................................................... */ RLIST RDATALIB + - &USERNAME..{zowe.setup.certificate.keyring.name}..LST ALL + &USERNAME..{zowe.setup.certificate.keyring.name}.LST ALL RLIST FACILITY IRR.DIGTCERT.LISTRING ALL RLIST FACILITY IRR.DIGTCERT.LIST ALL RLIST FACILITY IRR.DIGTCERT.GENCERT ALL /* List the keyring ................................................ */ - RACDCERT LISTRING({zowe.setup.certificate.keyring.name}.) + - ID({zowe.setup.security.users.zowe}.) + RACDCERT LISTRING({zowe.setup.certificate.keyring.name}) + + ID({zowe.setup.security.users.zowe}) /* Common part - END ............................................... */ /* only the last RC is returned, this command ensures it is a 0 .... */ diff --git a/files/SZWESAMP/ZWEIKRR3 b/files/SZWESAMP/ZWEIKRR3 index a9c98be34b..7280cc194c 100644 --- a/files/SZWESAMP/ZWEIKRR3 +++ b/files/SZWESAMP/ZWEIKRR3 @@ -14,25 +14,9 @@ //* Zowe Open Source Project //* This JCL can be used to define key ring and certificates for Zowe //* -//********************************************************************* //* ATTENTION! -//* Configure certificate for Zowe -//* Select one of three options which is the most suitable for your -//* environment and follow the appropriate action -//* -//* Options: -//* 1. (default option) Generate Zowe's certificate that will be -//* signed by the Zowe's local CA -//* -//* 2. Zowe's certificate is already loaded in RACF database -//* ACTION: -//* a. modify the following snippet -//* CONNECT(SITE | ID(userid) + -//* LABEL('certlabel') + -//* to match the owner of the desired certificate -//* -//* 3. Import external Zowe's certificate from a data set in PKCS12 -//* format +//* Each ZWEIKR JCL is for different ESM and Keyring options. +// This one is for importing a PKCS12 certificate from a data set. //* //********************************************************************* //* @@ -73,8 +57,7 @@ //* 2. Assumption: signing CA chain of the Zowe external certificate is //* added to the security database under the CERTAUTH userid. //* -//* 3. If the Zowe certificate is imported from a data set then -//* the certificate has to be in PKCS12 format and has to +//* 3. The imported PKCS12-formatted data set has to //* contain Zowe certificate's signing CA chain and private key. //* //* 4. This job WILL complete with return code 0. @@ -115,8 +98,8 @@ //RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Create the keyring .............................................. */ - RACDCERT ADDRING({zowe.setup.certificate.keyring.name}.) + - ID({zowe.setup.security.users.zowe}.) + RACDCERT ADDRING({zowe.setup.certificate.keyring.name}) + + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(DIGTRING) REFRESH $$ //* @@ -127,18 +110,18 @@ $$ /* Option 3 - BEGINNING ............................................ */ /* Import external certificate from data set ....................... */ - RACDCERT ADD('{zowe.setup.certificate.keyring.import.dsName}.') + - ID({zowe.setup.security.users.zowe}.) + + RACDCERT ADD('{zowe.setup.certificate.keyring.import.dsName}') + + ID({zowe.setup.security.users.zowe}) + WITHLABEL('{zowe.setup.certificate.keyring.label}') + - PASSWORD('{zowe.setup.certificate.keyring.import.password}.') + + PASSWORD('{zowe.setup.certificate.keyring.import.password}') + TRUST /* Connect a Zowe's certificate with the keyring ................... */ - RACDCERT CONNECT(ID({zowe.setup.security.users.zowe}.) + + RACDCERT CONNECT(ID({zowe.setup.security.users.zowe}) + LABEL('{zowe.setup.certificate.keyring.label}') + - RING({zowe.setup.certificate.keyring.name}.) + + RING({zowe.setup.certificate.keyring.name}) + USAGE(PERSONAL) DEFAULT) + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH @@ -155,15 +138,15 @@ $$ /* keyring ......................................................... */ RACDCERT CONNECT(CERTAUTH + LABEL('&ITRMZWCA.') + - RING({zowe.setup.certificate.keyring.name}.) + + RING({zowe.setup.certificate.keyring.name}) + USAGE(CERTAUTH)) + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) RACDCERT CONNECT(CERTAUTH + LABEL('&ROOTZWCA.') + - RING({zowe.setup.certificate.keyring.name}.) + + RING({zowe.setup.certificate.keyring.name}) + USAGE(CERTAUTH)) + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH $$ @@ -178,10 +161,10 @@ $$ /* Connect the z/OSMF root CA signed by a recognized certificate ... */ /* authority (CA) with the keyring ................................. */ RACDCERT CONNECT(CERTAUTH + - LABEL('{zowe.setup.certificate.keyring.zOSMF.ca}.') + - RING({zowe.setup.certificate.keyring.name}.) + + LABEL('{zowe.setup.certificate.keyring.zOSMF.ca}') + + RING({zowe.setup.certificate.keyring.name}) + USAGE(CERTAUTH)) + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH $$ @@ -202,18 +185,18 @@ $$ /* Define profiles that control certificate access ................. */ RDEFINE RDATALIB + - &USERNAME..{zowe.setup.certificate.keyring.name}..LST + + &USERNAME..{zowe.setup.certificate.keyring.name}.LST + UACC(NONE) /* Permit server user ID to access key ring and related ............ */ /* private keys. ................................................... */ PERMIT + - &USERNAME..{zowe.setup.certificate.keyring.name}..LST + - CLASS(RDATALIB) ID({zowe.setup.security.users.zowe}.) + + &USERNAME..{zowe.setup.certificate.keyring.name}.LST + + CLASS(RDATALIB) ID({zowe.setup.security.users.zowe}) + ACCESS(CONTROL) /* Uncomment this command to allow other user to access key ring ... */ -/* PERMIT &USERNAME..{zowe.setup.certificate.keyring.name}..LST + */ +/* PERMIT &USERNAME..{zowe.setup.certificate.keyring.name}.LST + */ /* CLASS(RDATALIB) ID() + */ /* ACCESS(READ) */ @@ -227,29 +210,29 @@ $$ /* PERMIT commands will fail if the IRR.DIGTCERT profiles do not ... */ /* already exist. .................................................. */ PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) + - ID({zowe.setup.security.users.zowe}.) + + ID({zowe.setup.security.users.zowe}) + ACCESS(READ) PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) + - ID({zowe.setup.security.users.zowe}.) + + ID({zowe.setup.security.users.zowe}) + ACCESS(READ) /* Uncomment this command if SITE user owns the Zowe certificate ... */ /* PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) */ -/* ID({zowe.setup.security.users.zowe}.) + */ +/* ID({zowe.setup.security.users.zowe}) + */ /* ACCESS(CONTROL) */ SETROPTS RACLIST(FACILITY) REFRESH /* show results .................................................... */ RLIST RDATALIB + - &USERNAME..{zowe.setup.certificate.keyring.name}..LST ALL + &USERNAME..{zowe.setup.certificate.keyring.name}.LST ALL RLIST FACILITY IRR.DIGTCERT.LISTRING ALL RLIST FACILITY IRR.DIGTCERT.LIST ALL RLIST FACILITY IRR.DIGTCERT.GENCERT ALL /* List the keyring ................................................ */ - RACDCERT LISTRING({zowe.setup.certificate.keyring.name}.) + - ID({zowe.setup.security.users.zowe}.) + RACDCERT LISTRING({zowe.setup.certificate.keyring.name}) + + ID({zowe.setup.security.users.zowe}) /* Common part - END ............................................... */ /* only the last RC is returned, this command ensures it is a 0 .... */ diff --git a/files/SZWESAMP/ZWEIKRT1 b/files/SZWESAMP/ZWEIKRT1 index d6de622ff2..06cedec321 100644 --- a/files/SZWESAMP/ZWEIKRT1 +++ b/files/SZWESAMP/ZWEIKRT1 @@ -11,28 +11,12 @@ //* //********************************************************************* //* -//* Zowe Open Source Project //* This JCL can be used to define key ring and certificates for Zowe //* -//********************************************************************* //* ATTENTION! -//* Configure certificate for Zowe -//* Select one of three options which is the most suitable for your -//* environment and follow the appropriate action -//* -//* Options: -//* 1. (default option) Generate Zowe's certificate that will be -//* signed by the Zowe's local CA -//* -//* 2. Zowe's certificate is already loaded in RACF database -//* ACTION: -//* a. modify the following snippet -//* CONNECT(SITE | ID(userid) + -//* LABEL('certlabel') + -//* to match the owner of the desired certificate -//* -//* 3. Import external Zowe's certificate from a data set in PKCS12 -//* format +//* Each ZWEIKR JCL is for different ESM and Keyring options. +//* This one is for generating new certificates +//* Signed by a Zowe-generated local certificate authority (CA) //* //********************************************************************* //* @@ -73,11 +57,7 @@ //* 2. Assumption: signing CA chain of the Zowe external certificate is //* added to the security database under the CERTAUTH userid. //* -//* 3. If the Zowe certificate is imported from a data set then -//* the certificate has to be in PKCS12 format and has to -//* contain Zowe certificate's signing CA chain and private key. -//* -//* 4. This job WILL complete with return code 0. +//* 3. This job WILL complete with return code 0. //* The results of each command must be verified after completion. //* //********************************************************************* @@ -115,8 +95,8 @@ //TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Create the keyring .............................................. */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) $$ //RUNOPT1 EXEC PGM=IKJEFT01,REGION=0M //SYSTSPRT DD SYSOUT=* @@ -139,12 +119,12 @@ $$ KEYUSAGE('CERTSIGN') /* Connect Zowe's local CA authority to the keyring ................ */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) + RINGDATA(CERTAUTH,ZOWECA) /* Create a certificate signed by local zowe's CA .................. */ - TSS GENCERT({zowe.setup.security.users.zowe}.) + + TSS GENCERT({zowe.setup.security.users.zowe}) + DIGICERT(ZOWECERT) + SUBJECTN( + 'CN="{zowe.setup.certificate.dname}. certificate" + @@ -155,13 +135,13 @@ $$ C="{zowe.setup.certificate.dname.country}." ') + KEYSIZE(2048) + NADATE(05/01/30) + - LABLCERT({zowe.setup.certificate.keyring.label}.) + + LABLCERT({zowe.setup.certificate.keyring.label}) + KEYUSAGE('HANDSHAKE') + ALTNAME('DOMAIN={zowe.externalDomains.0}') + SIGNWITH(CERTAUTH,ZOWECA) /* Connect a Zowe's certificate with the keyring ................... */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + RINGDATA({zowe.setup.security.users.zowe}.,ZOWECERT) + USAGE(PERSONAL) DEFAULT @@ -176,12 +156,12 @@ $$ /* Connect all CAs of the Zowe certificate's signing chain with the */ /* keyring ......................................................... */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) + RINGDATA(CERTAUTH,&ITRMZWCA.) USAGE(CERTAUTH) - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) + RINGDATA(CERTAUTH,&ROOTZWCA.) USAGE(CERTAUTH) $$ //IFZWCAED ENDIF @@ -194,9 +174,9 @@ $$ /* Connect the z/OSMF root CA signed by a recognized certificate ... */ /* authority (CA) with the keyring ................................. */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + - RINGDATA(CERTAUTH,{zowe.setup.certificate.keyring.zOSMF.ca}.) + + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) + + RINGDATA(CERTAUTH,{zowe.setup.certificate.keyring.zOSMF.ca}) + USAGE(CERTAUTH) $$ //IFZFCAED ENDIF @@ -209,16 +189,16 @@ $$ /* A common part for all options starts here ....................... */ /* Allow ZOWEUSER to access keyring ................................ */ - TSS PERMIT({zowe.setup.security.users.zowe}.) + + TSS PERMIT({zowe.setup.security.users.zowe}) + IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) /* Uncomment this command if SITE acid owns the Zowe certificate ... */ -/* TSS PERMIT({zowe.setup.security.users.zowe}.) + +/* TSS PERMIT({zowe.setup.security.users.zowe}) + IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) /* List the keyring ................................................ */ - TSS LIST({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + TSS LIST({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) /* Common part - END ............................................... */ /* only the last RC is returned, this command ensures it is a 0 */ diff --git a/files/SZWESAMP/ZWEIKRT2 b/files/SZWESAMP/ZWEIKRT2 index 4c78a78d8e..c24bf4d509 100644 --- a/files/SZWESAMP/ZWEIKRT2 +++ b/files/SZWESAMP/ZWEIKRT2 @@ -11,28 +11,11 @@ //* //********************************************************************* //* -//* Zowe Open Source Project //* This JCL can be used to define key ring and certificates for Zowe //* -//********************************************************************* //* ATTENTION! -//* Configure certificate for Zowe -//* Select one of three options which is the most suitable for your -//* environment and follow the appropriate action -//* -//* Options: -//* 1. (default option) Generate Zowe's certificate that will be -//* signed by the Zowe's local CA -//* -//* 2. Zowe's certificate is already loaded in RACF database -//* ACTION: -//* a. modify the following snippet -//* CONNECT(SITE | ID(userid) + -//* LABEL('certlabel') + -//* to match the owner of the desired certificate -//* -//* 3. Import external Zowe's certificate from a data set in PKCS12 -//* format +//* Each ZWEIKR JCL is for different ESM and Keyring options. +//* This one is for connecting a certificate already in the ESM DB. //* //********************************************************************* //* @@ -73,11 +56,7 @@ //* 2. Assumption: signing CA chain of the Zowe external certificate is //* added to the security database under the CERTAUTH userid. //* -//* 3. If the Zowe certificate is imported from a data set then -//* the certificate has to be in PKCS12 format and has to -//* contain Zowe certificate's signing CA chain and private key. -//* -//* 4. This job WILL complete with return code 0. +//* 3. This job WILL complete with return code 0. //* The results of each command must be verified after completion. //* //********************************************************************* @@ -115,8 +94,8 @@ //TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Create the keyring .............................................. */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) $$ //* //IFOPT2 IF (&OPTION EQ 2) THEN @@ -127,7 +106,7 @@ $$ /* Option 2 - BEGINNING ............................................ */ /* Connect a Zowe's certificate with the keyring ................... */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + RINGDATA(CERTSITE|userid,digicert) + USAGE(PERSONAL) DEFAULT @@ -143,12 +122,12 @@ $$ /* Connect all CAs of the Zowe certificate's signing chain with the */ /* keyring ......................................................... */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) + RINGDATA(CERTAUTH,&ITRMZWCA.) USAGE(CERTAUTH) - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) + RINGDATA(CERTAUTH,&ROOTZWCA.) USAGE(CERTAUTH) $$ //IFZWCAED ENDIF @@ -161,9 +140,9 @@ $$ /* Connect the z/OSMF root CA signed by a recognized certificate ... */ /* authority (CA) with the keyring ................................. */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + - RINGDATA(CERTAUTH,{zowe.setup.certificate.keyring.zOSMF.ca}.) + + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) + + RINGDATA(CERTAUTH,{zowe.setup.certificate.keyring.zOSMF.ca}) + USAGE(CERTAUTH) $$ //IFZFCAED ENDIF @@ -176,16 +155,16 @@ $$ /* A common part for all options starts here ....................... */ /* Allow ZOWEUSER to access keyring ................................ */ - TSS PERMIT({zowe.setup.security.users.zowe}.) + + TSS PERMIT({zowe.setup.security.users.zowe}) + IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) /* Uncomment this command if SITE acid owns the Zowe certificate ... */ -/* TSS PERMIT({zowe.setup.security.users.zowe}.) + +/* TSS PERMIT({zowe.setup.security.users.zowe}) + IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) /* List the keyring ................................................ */ - TSS LIST({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + TSS LIST({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) /* Common part - END ............................................... */ /* only the last RC is returned, this command ensures it is a 0 */ diff --git a/files/SZWESAMP/ZWEIKRT3 b/files/SZWESAMP/ZWEIKRT3 index 24d0f54c43..b12a8b0c08 100644 --- a/files/SZWESAMP/ZWEIKRT3 +++ b/files/SZWESAMP/ZWEIKRT3 @@ -11,28 +11,11 @@ //* //********************************************************************* //* -//* Zowe Open Source Project //* This JCL can be used to define key ring and certificates for Zowe //* -//********************************************************************* //* ATTENTION! -//* Configure certificate for Zowe -//* Select one of three options which is the most suitable for your -//* environment and follow the appropriate action -//* -//* Options: -//* 1. (default option) Generate Zowe's certificate that will be -//* signed by the Zowe's local CA -//* -//* 2. Zowe's certificate is already loaded in RACF database -//* ACTION: -//* a. modify the following snippet -//* CONNECT(SITE | ID(userid) + -//* LABEL('certlabel') + -//* to match the owner of the desired certificate -//* -//* 3. Import external Zowe's certificate from a data set in PKCS12 -//* format +//* Each ZWEIKR JCL is for different ESM and Keyring options. +// This one is for importing a PKCS12 certificate from a data set. //* //********************************************************************* //* @@ -73,8 +56,7 @@ //* 2. Assumption: signing CA chain of the Zowe external certificate is //* added to the security database under the CERTAUTH userid. //* -//* 3. If the Zowe certificate is imported from a data set then -//* the certificate has to be in PKCS12 format and has to +//* 3. The imported PKCS12-formatted data set has to //* contain Zowe certificate's signing CA chain and private key. //* //* 4. This job WILL complete with return code 0. @@ -115,8 +97,8 @@ //TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Create the keyring .............................................. */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) $$ //RUNOPT3 EXEC PGM=IKJEFT01,REGION=0M //SYSTSPRT DD SYSOUT=* @@ -125,15 +107,15 @@ $$ /* Option 3 - BEGINNING ............................................ */ /* Import external certificate from data set ....................... */ - TSS ADD({zowe.setup.security.users.zowe}.) + + TSS ADD({zowe.setup.security.users.zowe}) + DIGICERT(ZOWECERT) + - DCDSN({zowe.setup.certificate.keyring.import.dsName}.) + - LABLCERT({zowe.setup.certificate.keyring.label}.) + - PKCSPASS('{zowe.setup.certificate.keyring.import.password}.') + + DCDSN({zowe.setup.certificate.keyring.import.dsName}) + + LABLCERT({zowe.setup.certificate.keyring.label}) + + PKCSPASS('{zowe.setup.certificate.keyring.import.password}') + TRUST /* Connect a Zowe's certificate with the keyring ................... */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + RINGDATA({zowe.setup.security.users.zowe}.,ZOWECERT) + USAGE(PERSONAL) DEFAULT @@ -149,12 +131,12 @@ $$ /* Connect all CAs of the Zowe certificate's signing chain with the */ /* keyring ......................................................... */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) + RINGDATA(CERTAUTH,&ITRMZWCA.) USAGE(CERTAUTH) - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) + RINGDATA(CERTAUTH,&ROOTZWCA.) USAGE(CERTAUTH) $$ //* @@ -166,9 +148,9 @@ $$ /* Connect the z/OSMF root CA signed by a recognized certificate ... */ /* authority (CA) with the keyring ................................. */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + - RINGDATA(CERTAUTH,{zowe.setup.certificate.keyring.zOSMF.ca}.) + + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) + + RINGDATA(CERTAUTH,{zowe.setup.certificate.keyring.zOSMF.ca}) + USAGE(CERTAUTH) $$ //IFZFCAED ENDIF @@ -181,16 +163,16 @@ $$ /* A common part for all options starts here ....................... */ /* Allow ZOWEUSER to access keyring ................................ */ - TSS PERMIT({zowe.setup.security.users.zowe}.) + + TSS PERMIT({zowe.setup.security.users.zowe}) + IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) /* Uncomment this command if SITE acid owns the Zowe certificate ... */ -/* TSS PERMIT({zowe.setup.security.users.zowe}.) + +/* TSS PERMIT({zowe.setup.security.users.zowe}) + IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) /* List the keyring ................................................ */ - TSS LIST({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + TSS LIST({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) /* Common part - END ............................................... */ /* only the last RC is returned, this command ensures it is a 0 */ diff --git a/files/SZWESAMP/ZWEIRACF b/files/SZWESAMP/ZWEIRACF index 764208bc58..1185882d5a 100644 --- a/files/SZWESAMP/ZWEIRACF +++ b/files/SZWESAMP/ZWEIRACF @@ -98,7 +98,7 @@ /* uncomment to add existing user IDs to the ADMINGRP group */ /* CONNECT (userid,userid,...) - */ -/* GROUP({zowe.setup.security.groups.admin}.) AUTH(USE) */ +/* GROUP({zowe.setup.security.groups.admin}) AUTH(USE) */ /* DEFINE STARTED TASK ............................................. */ @@ -121,7 +121,7 @@ LISTUSER {zowe.setup.security.users.zowe}. OMVS ADDUSER {zowe.setup.security.users.zowe}. - NOPASSWORD - - DFLTGRP({zowe.setup.security.groups.stc}.) - + DFLTGRP({zowe.setup.security.groups.stc}) - OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) - NAME('ZOWE SERVER') - DATA('ZOWE MAIN SERVER') @@ -131,7 +131,7 @@ LISTUSER {zowe.setup.security.users.zis}. OMVS ADDUSER {zowe.setup.security.users.zis}. - NOPASSWORD - - DFLTGRP({zowe.setup.security.groups.stc}.) - + DFLTGRP({zowe.setup.security.groups.stc}) - OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) - NAME('ZOWE ZIS SERVER') - DATA('ZOWE ZIS CROSS MEMORY SERVER') @@ -139,24 +139,24 @@ /* */ /* started task for ZOWE main server */ - RLIST STARTED {zowe.setup.security.stcs.zowe}..* ALL STDATA - RDEFINE STARTED {zowe.setup.security.stcs.zowe}..* - - STDATA(USER({zowe.setup.security.users.zowe}.) - - GROUP({zowe.setup.security.groups.stc}.) - + RLIST STARTED {zowe.setup.security.stcs.zowe}.* ALL STDATA + RDEFINE STARTED {zowe.setup.security.stcs.zowe}.* - + STDATA(USER({zowe.setup.security.users.zowe}) - + GROUP({zowe.setup.security.groups.stc}) - TRUSTED(NO)) DATA('ZOWE MAIN SERVER') /* started task for ZIS cross memory server */ - RLIST STARTED {zowe.setup.security.stcs.zis}..* ALL STDATA - RDEFINE STARTED {zowe.setup.security.stcs.zis}..* - - STDATA(USER({zowe.setup.security.users.zis}.) - - GROUP({zowe.setup.security.groups.stc}.) - + RLIST STARTED {zowe.setup.security.stcs.zis}.* ALL STDATA + RDEFINE STARTED {zowe.setup.security.stcs.zis}.* - + STDATA(USER({zowe.setup.security.users.zis}) - + GROUP({zowe.setup.security.groups.stc}) - TRUSTED(NO)) DATA('ZOWE ZIS CROSS MEMORY SERVER') /* started task for ZIS Auxiliary cross memory server */ - RLIST STARTED {zowe.setup.security.stcs.aux}..* ALL STDATA - RDEFINE STARTED {zowe.setup.security.stcs.aux}..* - - STDATA(USER({zowe.setup.security.users.zis}.) - - GROUP({zowe.setup.security.groups.stc}.) - + RLIST STARTED {zowe.setup.security.stcs.aux}.* ALL STDATA + RDEFINE STARTED {zowe.setup.security.stcs.aux}.* - + STDATA(USER({zowe.setup.security.users.zis}) - + GROUP({zowe.setup.security.groups.stc}) - TRUSTED(NO)) DATA('ZOWE ZIS AUX CROSS MEMORY SERVER') SETROPTS RACLIST(STARTED) REFRESH @@ -165,9 +165,9 @@ LISTGRP {zowe.setup.security.groups.stc}. OMVS LISTUSER {zowe.setup.security.users.zowe}. OMVS LISTUSER {zowe.setup.security.users.zis}. OMVS - RLIST STARTED {zowe.setup.security.stcs.zowe}..* ALL STDATA - RLIST STARTED {zowe.setup.security.stcs.zis}..* ALL STDATA - RLIST STARTED {zowe.setup.security.stcs.aux}..* ALL STDATA + RLIST STARTED {zowe.setup.security.stcs.zowe}.* ALL STDATA + RLIST STARTED {zowe.setup.security.stcs.zis}.* ALL STDATA + RLIST STARTED {zowe.setup.security.stcs.aux}.* ALL STDATA /* DEFINE ZIS SECURITY RESOURCES ................................... */ @@ -179,14 +179,14 @@ /* permit AUX STC to use ZIS cross memory server */ PERMIT ZWES.IS CLASS(FACILITY) ACCESS(READ) - - ID({zowe.setup.security.users.zis}.) + ID({zowe.setup.security.users.zis}) SETROPTS RACLIST(FACILITY) REFRESH /* DEFINE ZOWE SERVER PERMISIONS ................................... */ /* permit Zowe main server to use ZIS cross memory server */ PERMIT ZWES.IS CLASS(FACILITY) ACCESS(READ) - - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(FACILITY) REFRESH /* permit Zowe main server to create a user's security environment */ @@ -198,17 +198,17 @@ RLIST FACILITY BPX.DAEMON ALL RDEFINE FACILITY BPX.DAEMON UACC(NONE) PERMIT BPX.DAEMON CLASS(FACILITY) ACCESS(UPDATE) 0 - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) RLIST FACILITY BPX.SERVER ALL RDEFINE FACILITY BPX.SERVER UACC(NONE) PERMIT BPX.SERVER CLASS(FACILITY) ACCESS(UPDATE) - - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) /* permit Zowe main server to create a user's security environment */ /* comment out the following 2 lines if the OMVSAPPL is not defined */ /* in your environment */ - PERMIT OMVSAPPL CLASS(APPL) ID({zowe.setup.security.users.zowe}.) - + PERMIT OMVSAPPL CLASS(APPL) ID({zowe.setup.security.users.zowe}) - ACCESS(READ) SETROPTS RACLIST(APPL) REFRESH @@ -216,7 +216,7 @@ RLIST FACILITY BPX.JOBNAME ALL RDEFINE FACILITY BPX.JOBNAME UACC(NONE) PERMIT BPX.JOBNAME CLASS(FACILITY) ACCESS(READ) - - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(FACILITY) REFRESH @@ -224,20 +224,20 @@ RLIST FACILITY IRR.RUSERMAP ALL RDEFINE FACILITY IRR.RUSERMAP UACC(NONE) PERMIT IRR.RUSERMAP CLASS(FACILITY) ACCESS(READ) - - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) /* permit Zowe main server to use distributed identity mapping */ /* service RLIST FACILITY IRR.IDIDMAP.QUERY ALL RDEFINE FACILITY IRR.IDIDMAP.QUERY UACC(NONE) PERMIT IRR.IDIDMAP.QUERY CLASS(FACILITY) ACCESS(READ) - - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) /* permit Zowe main server to cut SMF records */ RLIST FACILITY IRR.RAUDITX ALL RDEFINE FACILITY IRR.RAUDITX UACC(NONE) PERMIT IRR.RAUDITX CLASS(FACILITY) ACCESS(READ) - - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(FACILITY) REFRESH /* show results .................................................... */ @@ -262,16 +262,16 @@ ADDGROUP {zowe.setup.dataset.prefix}. DATA('Zowe - HLQ STUB') /* general data set protection */ - LISTDSD PREFIX({zowe.setup.dataset.prefix}.) ALL - ADDSD '{zowe.setup.dataset.prefix}..*.**' UACC(READ) DATA('Zowe') - PERMIT '{zowe.setup.dataset.prefix}..*.**' CLASS(DATASET) - - ACCESS(ALTER) ID({zowe.setup.security.groups.sysProg}.) + LISTDSD PREFIX({zowe.setup.dataset.prefix}) ALL + ADDSD '{zowe.setup.dataset.prefix}.*.**' UACC(READ) DATA('Zowe') + PERMIT '{zowe.setup.dataset.prefix}.*.**' CLASS(DATASET) - + ACCESS(ALTER) ID({zowe.setup.security.groups.sysProg}) SETROPTS GENERIC(DATASET) REFRESH /* show results .................................................... */ LISTGRP {zowe.setup.dataset.prefix}. - LISTDSD PREFIX({zowe.setup.dataset.prefix}.) ALL + LISTDSD PREFIX({zowe.setup.dataset.prefix}) ALL /* DEFINE ZOWE RESOURCE PROTECTION ................................. */ diff --git a/files/SZWESAMP/ZWEISTC b/files/SZWESAMP/ZWEISTC index c8858bfb8f..152ef524a3 100644 --- a/files/SZWESAMP/ZWEISTC +++ b/files/SZWESAMP/ZWEISTC @@ -18,11 +18,11 @@ //SYSUT2 DD DSN={zowe.setup.dataset.proclib},DISP=OLD //SYSIN DD * COPY OUTDD=SYSUT2,INDD=SYSUT1 - SELECT MEMBER=((ZWESLSTC,{zowe.setup.security.stcs.zowe})) + SELECT MEMBER=((ZWESLSTC,{zowe.setup.security.stcs.zowe},R)) COPY OUTDD=SYSUT2,INDD=SYSUT1 - SELECT MEMBER=((ZWESISTC,{zowe.setup.security.stcs.zis})) + SELECT MEMBER=((ZWESISTC,{zowe.setup.security.stcs.zis},R)) COPY OUTDD=SYSUT2,INDD=SYSUT1 - SELECT MEMBER=((ZWESASTC,{zowe.setup.security.stcs.aux})) + SELECT MEMBER=((ZWESASTC,{zowe.setup.security.stcs.aux},R)) //* diff --git a/files/SZWESAMP/ZWEITSS b/files/SZWESAMP/ZWEITSS index 8b0d10c962..eb5f756cb9 100644 --- a/files/SZWESAMP/ZWEITSS +++ b/files/SZWESAMP/ZWEITSS @@ -76,67 +76,67 @@ /* DEFINE ADMINISTRATORS ........................................... */ /* group for administrators */ - TSS LIST({zowe.setup.security.groups.admin}.) SEGMENT(OMVS) - TSS CREATE({zowe.setup.security.groups.admin}.) TYPE(GROUP) + + TSS LIST({zowe.setup.security.groups.admin}) SEGMENT(OMVS) + TSS CREATE({zowe.setup.security.groups.admin}) TYPE(GROUP) + NAME('ZOWE ADMINISTRATORS') + DEPT(&ADMINDEP.) - TSS ADD({zowe.setup.security.groups.admin}.) GID(&ADMINGID.) + TSS ADD({zowe.setup.security.groups.admin}) GID(&ADMINGID.) /* uncomment to add existing user IDs to the Zowe admin group */ -/* TSS ADD(userid) GROUP({zowe.setup.security.groups.admin}.) */ +/* TSS ADD(userid) GROUP({zowe.setup.security.groups.admin}) */ /* DEFINE STARTED TASK ............................................. */ /* comment out if STCGRP matches ADMINGRP (default), expect */ /* warning messages otherwise */ /* group for started tasks */ - TSS LIST({zowe.setup.security.groups.stc}.) SEGMENT(OMVS) - TSS CREATE({zowe.setup.security.groups.stc}.) TYPE(GROUP) + + TSS LIST({zowe.setup.security.groups.stc}) SEGMENT(OMVS) + TSS CREATE({zowe.setup.security.groups.stc}) TYPE(GROUP) + NAME('STC GROUP WITH OMVS SEGMENT') + DEPT(&STCGDEP.) - TSS ADD({zowe.setup.security.groups.stc}.) GID(&STCGID.) + TSS ADD({zowe.setup.security.groups.stc}) GID(&STCGID.) /* */ /* userid for ZOWE main server */ - TSS LIST({zowe.setup.security.users.zowe}.) SEGMENT(OMVS) - TSS CREATE({zowe.setup.security.users.zowe}.) TYPE(USER) PASS(NOPW,0) + + TSS LIST({zowe.setup.security.users.zowe}) SEGMENT(OMVS) + TSS CREATE({zowe.setup.security.users.zowe}) TYPE(USER) PASS(NOPW,0) + NAME('ZOWE MAIN SERVER') + DEPT(&STCUDEP.) - TSS ADD({zowe.setup.security.users.zowe}.) + - GROUP({zowe.setup.security.groups.stc}.) + - DFLTGRP({zowe.setup.security.groups.stc}.) + + TSS ADD({zowe.setup.security.users.zowe}) + + GROUP({zowe.setup.security.groups.stc}) + + DFLTGRP({zowe.setup.security.groups.stc}) + HOME(/tmp) OMVSPGM(/bin/sh) UID(&ZOWEUID.) /* userid for ZIS cross memory server */ - TSS LIST({zowe.setup.security.users.zis}.) SEGMENT(OMVS) - TSS CREATE({zowe.setup.security.users.zis}.) TYPE(USER) PASS(NOPW,0) + + TSS LIST({zowe.setup.security.users.zis}) SEGMENT(OMVS) + TSS CREATE({zowe.setup.security.users.zis}) TYPE(USER) PASS(NOPW,0) + NAME('ZOWE ZIS CROSS MEMORY SERVER') + DEPT(&STCUDEP.) - TSS ADD({zowe.setup.security.users.zis}.) + - GROUP({zowe.setup.security.groups.stc}.) + - DFLTGRP({zowe.setup.security.groups.stc}.) + + TSS ADD({zowe.setup.security.users.zis}) + + GROUP({zowe.setup.security.groups.stc}) + + DFLTGRP({zowe.setup.security.groups.stc}) + HOME(/tmp) OMVSPGM(/bin/sh) UID(&ZISUID.) /* */ /* started task for ZOWE main server */ - TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.zowe}.) PREFIX - TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.zowe}.) + - ACID({zowe.setup.security.users.zowe}.) - TSS ADD({zowe.setup.security.users.zowe}.) FAC(STC) + TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.zowe}) PREFIX + TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.zowe}) + + ACID({zowe.setup.security.users.zowe}) + TSS ADD({zowe.setup.security.users.zowe}) FAC(STC) /* started task for ZIS cross memory server */ - TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.zis}.) PREFIX - TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.zis}.) + - ACID({zowe.setup.security.users.zis}.) - TSS ADD({zowe.setup.security.users.zis}.) FAC(STC) + TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.zis}) PREFIX + TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.zis}) + + ACID({zowe.setup.security.users.zis}) + TSS ADD({zowe.setup.security.users.zis}) FAC(STC) /* started task for ZIS Auxiliary cross memory server */ - TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.aux}.) PREFIX - TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.aux}.) + - ACID({zowe.setup.security.users.zis}.) - TSS ADD({zowe.setup.security.users.zis}.) FAC(STC) + TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.aux}) PREFIX + TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.aux}) + + ACID({zowe.setup.security.users.zis}) + TSS ADD({zowe.setup.security.users.zis}) FAC(STC) /* DEFINE ZIS SECURITY RESOURCES ................................... */ @@ -147,14 +147,14 @@ /* permit AUX STC to use ZIS cross memory server */ TSS WHOHAS IBMFAC(ZWES.IS) - TSS PERMIT({zowe.setup.security.users.zis}.) IBMFAC(ZWES.IS) + + TSS PERMIT({zowe.setup.security.users.zis}) IBMFAC(ZWES.IS) + ACCESS(READ) /* DEFINE ZOWE SERVER PERMISIONS ................................... */ /* permit Zowe main server to use ZIS cross memory server */ TSS WHOHAS IBMFAC(ZWES.IS) - TSS PERMIT({zowe.setup.security.users.zowe}.) IBMFAC(ZWES.IS) + + TSS PERMIT({zowe.setup.security.users.zowe}) IBMFAC(ZWES.IS) + ACCESS(READ) /* permit Zowe main server to create a user's security environment */ @@ -165,36 +165,36 @@ /* it on a production system. */ TSS ADD(&FACACID.) IBMFAC(BPX.) TSS WHOHAS IBMFAC(BPX.DAEMON) - TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(BPX.DAEMON) + + TSS PER({zowe.setup.security.users.zowe}) IBMFAC(BPX.DAEMON) + ACCESS(UPDATE) TSS WHOHAS IBMFAC(BPX.SERVER) - TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(BPX.SERVER) + + TSS PER({zowe.setup.security.users.zowe}) IBMFAC(BPX.SERVER) + ACCESS(UPDATE) /* permit Zowe main server to create a user's security environment */ /* comment out the following line if the OMVSAPPL is not defined */ /* in your environment */ -TSS PERMIT({zowe.setup.security.users.zowe}.) APPL(OMVSAPPL) +TSS PERMIT({zowe.setup.security.users.zowe}) APPL(OMVSAPPL) /* Allow ZOWEUSER access to BPX.JOBNAME */ TSS WHOHAS IBMFAC(BPX.JOBNAME) - TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(BPX.JOBNAME) + + TSS PER({zowe.setup.security.users.zowe}) IBMFAC(BPX.JOBNAME) + ACCESS(READ) /* permit Zowe main server to use client certificate mapping service */ TSS WHOHAS IBMFAC(IRR.RUSERMAP) - TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(IRR.RUSERMAP) + + TSS PER({zowe.setup.security.users.zowe}) IBMFAC(IRR.RUSERMAP) + ACCESS(READ) /* permit Zowe main server to use distributed identity mapping */ /* service TSS WHOHAS IBMFAC(IRR.IDIDMAP.QUERY) - TSS PER({zowe.setup.security.users.zowe}.) + + TSS PER({zowe.setup.security.users.zowe}) + IBMFAC(IRR.IDIDMAP.QUERY) ACCESS(READ) /* permit Zowe main server to cut SMF records */ TSS WHOHAS IBMFAC(IRR.RAUDITX) - TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(IRR.RAUDITX) + + TSS PER({zowe.setup.security.users.zowe}) IBMFAC(IRR.RAUDITX) + ACCESS(READ) /* DEFINE ZOWE DATA SET PROTECTION ................................. */ @@ -203,16 +203,16 @@ TSS PERMIT({zowe.setup.security.users.zowe}.) APPL(OMVSAPPL) /* advised to protect it against updates. */ /* HLQ stub */ - TSS ADD(&ADMINDEP.) DATASET({zowe.setup.dataset.prefix}..) + TSS ADD(&ADMINDEP.) DATASET({zowe.setup.dataset.prefix}.) /* general data set protection */ - TSS WHOHAS DATASET({zowe.setup.dataset.prefix}.) - TSS PER(ALL) DATASET({zowe.setup.dataset.prefix}..) ACCESS(READ) + TSS WHOHAS DATASET({zowe.setup.dataset.prefix}) + TSS PER(ALL) DATASET({zowe.setup.dataset.prefix}.) ACCESS(READ) TSS PER({zowe.setup.security.groups.sysProg}) + - DATASET({zowe.setup.dataset.prefix}..) ACCESS(ALL) + DATASET({zowe.setup.dataset.prefix}.) ACCESS(ALL) /* show results */ - TSS WHOHAS DATASET({zowe.setup.dataset.prefix}.) + TSS WHOHAS DATASET({zowe.setup.dataset.prefix}) /* DEFINE ZOWE RESOURCE PROTECTION ................................. */ diff --git a/files/SZWESAMP/ZWENOKYR b/files/SZWESAMP/ZWENOKYR index 4212678c0f..4699af99f6 100644 --- a/files/SZWESAMP/ZWENOKYR +++ b/files/SZWESAMP/ZWENOKYR @@ -59,11 +59,11 @@ /* Remove permit to use SITE owned certificate's private key */ PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) + - DELETE ID({zowe.setup.security.users.zowe}.) + DELETE ID({zowe.setup.security.users.zowe}) /* Remove permit to read keyring ................................... */ PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) + - DELETE ID({zowe.setup.security.users.zowe}.) + DELETE ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(FACILITY) REFRESH @@ -73,7 +73,7 @@ PERMIT + &USERNAME..{zowe.setup.certificate.keyring.name}..LST + CLASS(RDATALIB) DELETE + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) RDELETE RDATALIB + &USERNAME..{zowe.setup.certificate.keyring.name}..LST @@ -81,16 +81,16 @@ SETROPTS RACLIST(RDATALIB) REFRESH /* Delete LABEL certificate ........................................*/ - RACDCERT DELETE(LABEL('{zowe.setup.certificate.keyring.label}.')) + - ID({zowe.setup.security.users.zowe}.) + RACDCERT DELETE(LABEL('{zowe.setup.certificate.keyring.label}')) + + ID({zowe.setup.security.users.zowe}) /* Delete LOCALCA certificate ......................................*/ RACDCERT DELETE(LABEL( + - '{zowe.setup.certificate.keyring.caLabel}.')) CERTAUTH + '{zowe.setup.certificate.keyring.caLabel}')) CERTAUTH /* Delete keyring ...................................................*/ - RACDCERT DELRING({zowe.setup.certificate.keyring.name}.) + - ID({zowe.setup.security.users.zowe}.) + RACDCERT DELRING({zowe.setup.certificate.keyring.name}) + + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(DIGTCERT, DIGTRING) REFRESH @@ -141,21 +141,21 @@ $$ //TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Remove permit to use SITE owned certificate's private key */ - TSS REVOKE({zowe.setup.security.users.zowe}.) + + TSS REVOKE({zowe.setup.security.users.zowe}) + IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) /* Remove permit to read keyring ................................... */ - TSS REVOKE({zowe.setup.security.users.zowe}.) + + TSS REVOKE({zowe.setup.security.users.zowe}) + IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) /* Delete LABEL certificate ........................................*/ - TSS REM({zowe.setup.security.users.zowe}.) DIGICERT(ZOWECERT) + TSS REM({zowe.setup.security.users.zowe}) DIGICERT(ZOWECERT) /* Delete LOCALCA certificate ......................................*/ TSS REM(CERTAUTH) DIGICERT(ZOWECA) /* Delete keyring ...................................................*/ - TSS REM({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + TSS REM({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) /* ................................................................. */ /* only the last RC is returned, this command ensures it is a 0 */ diff --git a/files/SZWESAMP/ZWENOSEC b/files/SZWESAMP/ZWENOSEC index 44036f1f2b..623b1e166e 100644 --- a/files/SZWESAMP/ZWENOSEC +++ b/files/SZWESAMP/ZWENOSEC @@ -69,10 +69,10 @@ /* EGN is not active on your system. */ /* remove general data set protection */ - LISTDSD PREFIX({zowe.setup.datasets.prefix}.) ALL - PERMIT '{zowe.setup.datasets.prefix}..*.**' CLASS(DATASET) + - DELETE ID({zowe.setup.security.groups.sysProg}.) - DELDSD '{zowe.setup.datasets.prefix}..*.**' + LISTDSD PREFIX({zowe.setup.datasets.prefix}) ALL + PERMIT '{zowe.setup.datasets.prefix}.*.**' CLASS(DATASET) + + DELETE ID({zowe.setup.security.groups.sysProg}) + DELDSD '{zowe.setup.datasets.prefix}.*.**' /* remove HLQ stub */ LISTGRP {zowe.setup.datasets.prefix}. @@ -85,41 +85,41 @@ /* remove permit to use ZIS */ RLIST FACILITY ZWES.IS ALL PERMIT ZWES.IS CLASS(FACILITY) + - DELETE ID({zowe.setup.security.users.zowe}.) + DELETE ID({zowe.setup.security.users.zowe}) /* remove permit to create a user's security environment */ RLIST FACILITY BPX.DAEMON ALL PERMIT BPX.DAEMON CLASS(FACILITY) DELETE + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) RLIST FACILITY BPX.SERVER ALL PERMIT BPX.SERVER CLASS(FACILITY) DELETE + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) PERMIT OMVSAPPL CLASS(APPL) DELETE + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) /* remove permit to set jobname */ RLIST FACILITY BPX.JOBNAME ALL PERMIT BPX.JOBNAME CLASS(FACILITY) DELETE + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) /* remove permit to write persistent data */ RLIST UNIXPRIV SUPERUSER.FILESYS ALL PERMIT SUPERUSER.FILESYS CLASS(UNIXPRIV) DELETE + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) /* remove permit to use client certificate mapping service */ PERMIT IRR.RUSERMAP CLASS(FACILITY) DELETE + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) /* remove permit to use distributed identity mapping service */ PERMIT IRR.IDIDMAP.QUERY CLASS(FACILITY) DELETE + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) /* remove permit Zowe main server to cut SMF records */ PERMIT IRR.RAUDITX CLASS(FACILITY) DELETE + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(FACILITY) REFRESH SETROPTS RACLIST(UNIXPRIV) REFRESH @@ -129,7 +129,7 @@ /* remove permit to use ZIS */ RLIST FACILITY ZWES.IS ALL PERMIT ZWES.IS CLASS(FACILITY) DELETE + - ID({zowe.setup.security.users.zis}.) + ID({zowe.setup.security.users.zis}) /* REMOVE STARTED TASKS ............................................ */ @@ -149,16 +149,16 @@ DELGROUP {zowe.setup.security.groups.stc}. /* remove started task for ZOWE main server */ - RLIST STARTED {zowe.setup.security.stcs.zowe}..* ALL STDATA - RDELETE STARTED {zowe.setup.security.stcs.zowe}..* + RLIST STARTED {zowe.setup.security.stcs.zowe}.* ALL STDATA + RDELETE STARTED {zowe.setup.security.stcs.zowe}.* /* remove started task for ZIS */ - RLIST STARTED {zowe.setup.security.stcs.zis}..* ALL STDATA - RDELETE STARTED {zowe.setup.security.stcs.zis}..* + RLIST STARTED {zowe.setup.security.stcs.zis}.* ALL STDATA + RDELETE STARTED {zowe.setup.security.stcs.zis}.* /* remove started task for ZIS Auxiliary server */ - RLIST STARTED {zowe.setup.security.stcs.aux}..* ALL STDATA - RDELETE STARTED {zowe.setup.security.stcs.aux}..* + RLIST STARTED {zowe.setup.security.stcs.aux}.* ALL STDATA + RDELETE STARTED {zowe.setup.security.stcs.aux}.* SETROPTS RACLIST(STARTED) REFRESH @@ -167,7 +167,7 @@ /* uncomment to remove user IDs from */ /* the {zowe.setup.security.groups.admin} group */ /* REMOVE (userid,userid,...) */ -/* GROUP({zowe.setup.security.groups.admin}.) */ +/* GROUP({zowe.setup.security.groups.admin}) */ /* remove group for administrators */ LISTGRP {zowe.setup.security.groups.admin}. OMVS @@ -250,23 +250,23 @@ F ACF2,REFRESH(STC) * * Revoke access to ZIS SET RESOURCE(FAC) -RECKEY ZWES DEL(IS ROLE({zowe.setup.security.groups.stc}.) + +RECKEY ZWES DEL(IS ROLE({zowe.setup.security.groups.stc}) + SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * * Remove Zowe main server * SET RESOURCE(FAC) -RECKEY BPX DEL(DAEMON ROLE({zowe.setup.security.groups.stc}.) + +RECKEY BPX DEL(DAEMON ROLE({zowe.setup.security.groups.stc}) + SERVICE(UPDATE) ALLOW) -RECKEY BPX DEL(SERVER ROLE({zowe.setup.security.groups.stc}.) + +RECKEY BPX DEL(SERVER ROLE({zowe.setup.security.groups.stc}) + SERVICE(UPDATE) ALLOW) -RECKEY BPX DEL(JOBNAME ROLE({zowe.setup.security.groups.stc}.) + +RECKEY BPX DEL(JOBNAME ROLE({zowe.setup.security.groups.stc}) + SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) SET RESOURCE(APL) RECKEY OMVSAPPL DEL(SERVICE(READ) + - ROLE({zowe.setup.security.groups.stc}.) ALLOW) + ROLE({zowe.setup.security.groups.stc}) ALLOW) F ACF2,REBUILD(APL) * Remove UNI * @@ -279,7 +279,7 @@ F ACF2,REBUILD(UNI) * Remove STCGRP role permission to use client certificate mapping * service SET RESOURCE(FAC) -RECKEY IRR DEL(RUSERMAP ROLE({zowe.setup.security.groups.stc}.) + +RECKEY IRR DEL(RUSERMAP ROLE({zowe.setup.security.groups.stc}) + SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) @@ -287,12 +287,12 @@ F ACF2,REBUILD(FAC) * service SET RESOURCE(FAC) RECKEY IRR DEL(IDIDMAP.QUERY + - ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) + ROLE({zowe.setup.security.groups.stc}) SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * Remove STCGRP role permission to cut SMF records SET RESOURCE(FAC) -RECKEY IRR DEL(RAUDITX ROLE({zowe.setup.security.groups.stc}.) + +RECKEY IRR DEL(RAUDITX ROLE({zowe.setup.security.groups.stc}) + SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) @@ -324,10 +324,10 @@ $$ /* REMOVE ZOWE DATA SET PROTECTION ................................. */ /* removE general data set protection */ TSS WHOHAS DATASET({zowe.setup.datasets.prefix}) -TSS REVOKE(ALL) DATASET({zowe.setup.datasets.prefix}..) +TSS REVOKE(ALL) DATASET({zowe.setup.datasets.prefix}) TSS REVOKE({zowe.setup.security.groups.sysProg}) + - DATASET({zowe.setup.datasets.prefix}..) -TSS REMOVE(&ADMINDEP) DATASET({zowe.setup.datasets.prefix}..) + DATASET({zowe.setup.datasets.prefix}) +TSS REMOVE(&ADMINDEP) DATASET({zowe.setup.datasets.prefix}) /* REMOVE ZOWE SERVER PERMISIONS ................................... */ @@ -355,17 +355,17 @@ TSS REVOKE({zowe.setup.security.users.zowe}) + /* remove permit Zowe main server to use client certificate mapping */ /* service */ TSS WHOHAS IBMFAC(IRR.RUSERMAP) -TSS REVOKE({zowe.setup.security.users.zowe}.) IBMFAC(IRR.RUSERMAP) +TSS REVOKE({zowe.setup.security.users.zowe}) IBMFAC(IRR.RUSERMAP) /* remove permit Zowe main server to use distributed identity */ /* mapping service */ TSS WHOHAS IBMFAC(IRR.IDIDMAP.QUERY) -TSS REVOKE({zowe.setup.security.users.zowe}.) + +TSS REVOKE({zowe.setup.security.users.zowe}) + IBMFAC(IRR.IDIDMAP.QUERY) /* remove permit Zowe main server to cut SMF records */ TSS WHOHAS IBMFAC(IRR.RAUDITX) -TSS REVOKE({zowe.setup.security.users.zowe}.) IBMFAC(IRR.RAUDITX) +TSS REVOKE({zowe.setup.security.users.zowe}) IBMFAC(IRR.RAUDITX) /* REMOVE AUX SERVER PERMISIONS .................................... */ @@ -407,7 +407,7 @@ TSS REMOVE(STC) PROCNAME({zowe.setup.security.stcs.aux}) /* uncomment to remove user IDs from */ /* the {zowe.setup.security.groups.admin} group */ /* TSS REMOVE (userid) + */ -/* GROUP({zowe.setup.security.groups.admin}.) */ +/* GROUP({zowe.setup.security.groups.admin}) */ /* remove group for administrators */ TSS LIST({zowe.setup.security.groups.admin}) TSS DELETE({zowe.setup.security.groups.admin}) From 8d1168b7f59c1d2885f7fd5696f48eff9cfb0580 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 7 Feb 2024 14:46:43 -0500 Subject: [PATCH 025/258] Switch to tso version of is_data_set_exists Signed-off-by: 1000TurquoisePogs --- bin/libs/zos.sh | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/bin/libs/zos.sh b/bin/libs/zos.sh index fb4418bd7e..c45e511270 100644 --- a/bin/libs/zos.sh +++ b/bin/libs/zos.sh @@ -70,25 +70,18 @@ operator_command() { verify_generated_jcl() { # read JCL library and validate jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") - does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEISTC)") + does_jcl_exist=$(tso_is_data_set_exists "${jcllib}") if [ -z "${does_jcl_exist}" ]; then zwecli_inline_execute_command init generate fi - # should be created, but may take time to discover. if [ -z "${does_jcl_exist}" ]; then - does_jcl_exist= - for secs in 1 5 10 ; do - does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEISTC)") + does_jcl_exist=$(tso_is_data_set_exists "${jcllib}") if [ -z "${does_jcl_exist}" ]; then - sleep ${secs} - else - break + prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") + print_error_and_exit "Error ZWEL0999E: ${jcllib} does not exist, cannot run command. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 fi - done - if [ -z "${does_jcl_exist}" ]; then - print_error_and_exit "Error ZWEL0999E: ${jcllib} does not exist, cannot run command. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 - else - echo "${jcllib}" fi + echo "${jcllib}" + return 0 } From 72744788ff3742d094c85f6f5ffb45d02e0eed7d Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 7 Feb 2024 14:58:35 -0500 Subject: [PATCH 026/258] Fix syntax error preventing build Signed-off-by: 1000TurquoisePogs --- bin/libs/zos-jes.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/libs/zos-jes.sh b/bin/libs/zos-jes.sh index d97445e164..4f9fc80f53 100644 --- a/bin/libs/zos-jes.sh +++ b/bin/libs/zos-jes.sh @@ -138,7 +138,7 @@ wait_for_job() { fi } -print_and_handle_jcl() +print_and_handle_jcl() { jcl_location="${1}" job_name="{2}" jcllib="${3}" From 3af22ed42df6eb1d5b54d4898570092947d58e97 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 8 Feb 2024 08:19:08 -0500 Subject: [PATCH 027/258] Fix line length on zweiapf Signed-off-by: 1000TurquoisePogs --- files/SZWESAMP/ZWEIAPF | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/files/SZWESAMP/ZWEIAPF b/files/SZWESAMP/ZWEIAPF index e1da539a48..2aad71c0d6 100644 --- a/files/SZWESAMP/ZWEIAPF +++ b/files/SZWESAMP/ZWEIAPF @@ -9,9 +9,22 @@ //* //* Copyright Contributors to the Zowe Project. 2020, 2020 //* -//********************************************************************* +//********************************************************************* //* -//APFLOAD COMMAND 'SETPROG APF,ADD,DSN={zowe.setup.dataset.authLoadLib}' -//* -//APFLIB COMMAND 'SETPROG APF,ADD,DSN={zowe.setup.dataset.authPluginLib}' +//* This JCL is used to set APF for the two datasets of Zowe +//* Which need it. You can issue this, or use another +//* Way to accomplish the task. +//* +//* +//* +//* This dataset holds the APF portion of Zowe +// SET LOADLIB='{zowe.setup.dataset.authLoadLib}' +//* +//* This dataset holds product plugins for ZIS, +//* ZIS is located in the LOADLIB. +// SET PLUGINLIB='{zowe.setup.dataset.authPluginLib}' +//* +//APFLOAD COMMAND 'SETPROG APF,ADD,DSN=&LOADLIB' +//* +//APFLIB COMMAND 'SETPROG APF,ADD,DSN=&PLUGINLIB' //* From 41bb33ad73958f9618a28877db31be9b54c20acd Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 8 Feb 2024 14:14:29 -0500 Subject: [PATCH 028/258] Split mvs task into 2 because usually authloadlib doesnt need to be created. trim vsam and mvs files Signed-off-by: 1000TurquoisePogs --- bin/commands/init/mvs/index.sh | 68 ++++------------------ bin/commands/init/vsam/index.sh | 99 ++++++--------------------------- files/SZWESAMP/ZWEIMVS | 35 +++--------- files/SZWESAMP/ZWEIMVS2 | 45 +++++++++++++++ files/SZWESAMP/ZWENOKYR | 10 ++-- 5 files changed, 89 insertions(+), 168 deletions(-) create mode 100644 files/SZWESAMP/ZWEIMVS2 diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index a6defe0b10..e51cac14ad 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -29,29 +29,7 @@ if [ -z "${prefix}" ]; then print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 fi -jcllib_location=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") -does_jcl_exist=$(is_data_set_exists "${jcllib_location}(ZWEIMVS)") -if [ -z "${does_jcl_exist}" ]; then - zwecli_inline_execute_command init generate -fi - -# should be created, but may take time to discover. -if [ -z "${does_jcl_exist}" ]; then -does_jcl_exist= -for secs in 1 5 10 ; do - does_jcl_exist=$(is_data_set_exists "${jcllib_location}(ZWEIMVS)") - if [ -z "${does_jcl_exist}" ]; then - sleep ${secs} - else - break - fi -done - -if [ -z "${does_jcl_exist}" ]; then - print_error_and_exit "Error ZWEL0999E: ${jcllib_location}(ZWEIMVS) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 -fi -fi - +jcllib_location=$(verify_generated_jcl) ############################### # create data sets if they do not exist @@ -69,6 +47,12 @@ while read -r line; do else print_error_and_exit "Error ZWEL0157E: ${name} (zowe.setup.dataset.${key}) is not defined in Zowe YAML configuration file." "" 157 fi + elif [ "${key}" = "authLoadlib" ]; then + if [ "${ds}" = "${prefix}.SZWESAMP" ]; then + run_aloadlib_create="false" + else + run_aloadlib_create="true" + fi fi # check existence ds_existence=$(is_data_set_exists "${ds}") @@ -93,41 +77,13 @@ if [ "${ds_existence}" = "true" ] && [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" ! print_level2_message "Zowe custom data sets initialized with errors." else - jcl_contents=$(cat "//'${jcllib_location}(ZWEIMVS)'") - print_message "Template JCL: ${prefix}.SZWESAMP(ZWEIMVS) , Executable JCL: ${jcllib_location}(ZWEIMVS)" - print_message "--- JCL Content ---" - print_message "$jcl_contents" - print_message "--- End of JCL ---" - - if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then - print_message "Submitting Job ZWEIMVS" - jobid=$(submit_job "//'${jcllib_location}(ZWEIMVS)'") - code=$? - if [ ${code} -ne 0 ]; then - print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib_location}(ZWEIMVS)." "" 161 - fi - print_debug "- job id ${jobid}" - - jobstate=$(wait_for_job "${jobid}") - code=$? - if [ ${code} -eq 1 ]; then - print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 - fi - jobname=$(echo "${jobstate}" | awk -F, '{print $2}') - jobcctext=$(echo "${jobstate}" | awk -F, '{print $3}') - jobcccode=$(echo "${jobstate}" | awk -F, '{print $4}') - - if [ "${code}" -eq 0 ]; then - print_level2_message "Zowe custom data sets are initialized successfully." - else - print_level2_message "Zowe custom data sets initialized with errors." - fi - else - print_message "JCL not submitted, command run with dry run flag." - print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" - print_level2_message "Command run successfully." + print_and_handle_jcl "//'${jcllib_location}(ZWEIMVS)'" "ZWEIMVS" "${jcllib_location}" "${prefix}" + if [ "${run_aloadlib_create}" = "true" ]; then + print_and_handle_jcl "//'${jcllib_location}(ZWEIMVS2)'" "ZWEIMVS2" "${jcllib_location}" "${prefix}" fi + + print_level2_message "Zowe custom data sets are initialized successfully." fi diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index 6b46b10535..5aefd266b6 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -31,102 +31,39 @@ if [ -z "${prefix}" ]; then print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 fi -jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") -does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWECSVSM)") -if [ -z "${does_jcl_exist}" ]; then - zwecli_inline_execute_command init generate -fi +jcllib=$(verify_generated_jcl) -# should be created, but may take time to discover. -if [ -z "${does_jcl_exist}" ]; then -does_jcl_exist= -for secs in 1 5 10 ; do - does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWECSVSM)") - if [ -z "${does_jcl_exist}" ]; then - sleep ${secs} - else - break - fi -done +required_yaml_content="mode volume storageClass name" -if [ -z "${does_jcl_exist}" ]; then - print_error_and_exit "Error ZWEL0999E: ${jcllib}(ZWECSVSM) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 -fi -fi - -vsam_mode=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.vsam.mode") -if [ -z "${vsam_mode}" ]; then - vsam_mode=NONRLS -fi -vsam_volume= -if [ "${vsam_mode}" = "NONRLS" ]; then - vsam_volume=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.vsam.volume") - if [ -z "${vsam_volume}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe Caching Service VSAM data set Non-RLS volume (zowe.setup.vsam.volume) is not defined in Zowe YAML configuration file." "" 157 +for key in ${required_params}; do + eval "${key}=$(read_yaml \"${ZWE_CLI_PARAMETER_CONFIG}\" \".zowe.setup.vsam.${key}\")" + if [ -z "${key}" ]; then + print_error_and_exit "Error ZWEL0157E: VSAM parameter (zowe.setup.vsam.${key}) is not defined in Zowe YAML configuration file." "" 157 fi -fi -vsam_storageClass= -if [ "${vsam_mode}" = "RLS" ]; then - vsam_storageClass=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.vsam.storageClass") - if [ -z "${vsam_storageClass}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe Caching Service VSAM data set RLS storage class (zowe.setup.vsam.storageClass) is not defined in Zowe YAML configuration file." "" 157 - fi -fi -vsam_name=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.vsam.name") -if [ -z "${vsam_name}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe Caching Service VSAM data set name (components.caching-service.storage.vsam.name) is not defined in Zowe YAML configuration file." "" 157 -fi +done # VSAM cache cannot be overwritten, must delete manually # FIXME: cat cannot be used to test VSAM data set -vsam_existence=$(is_data_set_exists "${vsam_name}") +vsam_existence=$(is_data_set_exists "${name}") if [ "${vsam_existence}" = "true" ]; then if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then # delete blindly and ignore errors - result=$(tso_command delete "'${vsam_name}'") + result=$(tso_command delete "'${name}'") else # error - print_error_and_exit "Error ZWEL0158E: ${vsam_name} already exists." "" 158 + print_error_and_exit "Error ZWEL0158E: ${name} already exists." "" 158 fi fi - -jcl_contents=$(cat "//'${jcllib}(ZWECSVSM)") -print_message "Template JCL: ${prefix}.SZWESAMP(ZWECSVSM) , Executable JCL: ${jcllib}(ZWECSVSM)" -print_message "--- JCL Content ---" -print_message "$jcl_contents" -print_message "--- End of JCL ---" +############################### +# execution (or dry-run) +print_and_handle_jcl "//'${jcllib}(ZWECSVSM)" "ZWECSVSM" "${jcllib}" "${prefix}" if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then - print_message "Submitting Job ZWECSVSM" - jobid=$(submit_job "//'${jcllib}(ZWECSVSM)'") - code=$? - if [ ${code} -ne 0 ]; then - print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib}(ZWECSVSM)." "" 161 - fi - print_debug "- job id ${jobid}" - - jobstate=$(wait_for_job "${jobid}") - code=$? - if [ ${code} -eq 1 ]; then - print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 - fi - jobname=$(echo "${jobstate}" | awk -F, '{print $2}') - jobcctext=$(echo "${jobstate}" | awk -F, '{print $3}') - jobcccode=$(echo "${jobstate}" | awk -F, '{print $4}') - - if [ "${code}" -eq 0 ]; then - print_level2_message "Zowe Caching Service VSAM storage is created successfully." - if [ "${ZWE_CLI_PARAMETER_UPDATE_CONFIG}" = "true" ]; then - update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "components.caching-service.storage.vsam.name" "${vsam_name}" - print_level2_message "Zowe configuration is updated successfully." - fi - else - print_error_and_exit "Error ZWEL0163E: Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." "" 163 - fi -else - print_message "JCL not submitted, command run with dry run flag." - print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" - print_level2_message "Command run successfully." + print_level2_message "Zowe Caching Service VSAM storage is created successfully." + if [ "${ZWE_CLI_PARAMETER_UPDATE_CONFIG}" = "true" ]; then + update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "components.caching-service.storage.vsam.name" "${name}" + print_level2_message "Zowe configuration is updated successfully." + fi fi diff --git a/files/SZWESAMP/ZWEIMVS b/files/SZWESAMP/ZWEIMVS index 3a81ce582e..098852eedb 100644 --- a/files/SZWESAMP/ZWEIMVS +++ b/files/SZWESAMP/ZWEIMVS @@ -11,7 +11,15 @@ //* //********************************************************************* //* -//* +//* This job is used to create datasets used by a Zowe "instance" +//* Instances represent a configuration of Zowe, different from the +//* "runtime" datasets that are created upon install of Zowe / SMPE. +//* +//* If your choosen value of 'zowe.setup.dataset.authLoadLib' is not +//* Equal to 'zowe.setup.prefix' + 'SZWELOAD', +//* Then you must also run "ZWEIMVS2". +//* +//********************************************************************* //MKPDSE EXEC PGM=IKJEFT01 //SYSTSPRT DD SYSOUT=A //SYSTSIN DD * @@ -19,14 +27,6 @@ ALLOC NEW DA('{zowe.setup.dataset.parmlib}') + dsntype(library) dsorg(po) recfm(f b) lrecl(80) + unit(sysallda) space(15,15) tracks -ALLOC NEW DA('{zowe.setup.dataset.jcllib}') + -dsntype(library) dsorg(po) recfm(f b) lrecl(80) + -unit(sysallda) space(15,15) tracks - -ALLOC NEW DA('{zowe.setup.dataset.authLoadLib}') + -dsntype(library) dsorg(po) recfm(u) lrecl(0) + -blksize(32760) unit(sysallda) space(30,15) tracks - ALLOC NEW DA('{zowe.setup.dataset.authPluginLib}') + dsntype(library) dsorg(po) recfm(u) lrecl(0) + blksize(32760) unit(sysallda) space(30,15) tracks @@ -39,20 +39,3 @@ blksize(32760) unit(sysallda) space(30,15) tracks COPY OUTDD=SYSUT2,INDD=SYSUT1 SELECT MEMBER=((ZWESIP00,,R)) //* -//AUTHCPY EXEC PGM=BPXBATCH -//BPXPRINT DD SYSOUT=* -//STDOUT DD SYSOUT=* -//STDERR DD SYSOUT=* -//STDPARM DD * -SH cd {zowe.runtimeDirectory} && -cd components/zss && -cp LOADLIB/ZWESIS01 -"//'{zowe.setup.dataset.authLoadLib}(ZWESIS01)'" && -cp LOADLIB/ZWESAUX -"//'{zowe.setup.dataset.authLoadLib}(ZWESAUX)'" && -cp LOADLIB/ZWESISDL -"//'{zowe.setup.dataset.authLoadLib}(ZWESISDL)'" && -cd ../launcher/bin && -cp zowe_launcher -"//'{zowe.setup.dataset.authLoadLib}(ZWELNCH)'" -/* diff --git a/files/SZWESAMP/ZWEIMVS2 b/files/SZWESAMP/ZWEIMVS2 new file mode 100644 index 0000000000..3fb3874470 --- /dev/null +++ b/files/SZWESAMP/ZWEIMVS2 @@ -0,0 +1,45 @@ +//ZWEIMVS2 JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* This job is used to create the APF load library for an instance +//* Of Zowe. It is not needed if your choosen value of +//* 'zowe.setup.dataset.authLoadlib' is equal to +//* 'zowe.setup.prefix' + 'SZWELOAD'. +//* +//* When running this job, you should also run ZwEIMVS +//* +//********************************************************************* +//MKPDSE EXEC PGM=IKJEFT01 +//SYSTSPRT DD SYSOUT=A +//SYSTSIN DD * +ALLOC NEW DA('{zowe.setup.dataset.authLoadlib}') + +dsntype(library) dsorg(po) recfm(u) lrecl(0) + +blksize(32760) unit(sysallda) space(30,15) tracks +//* +//AUTHCPY EXEC PGM=BPXBATCH +//BPXPRINT DD SYSOUT=* +//STDOUT DD SYSOUT=* +//STDERR DD SYSOUT=* +//STDPARM DD * +SH cd {zowe.runtimeDirectory} && +cd components/zss && +cp LOADLIB/ZWESIS01 +"//'{zowe.setup.dataset.authLoadlib}(ZWESIS01)'" && +cp LOADLIB/ZWESAUX +"//'{zowe.setup.dataset.authLoadlib}(ZWESAUX)'" && +cp LOADLIB/ZWESISDL +"//'{zowe.setup.dataset.authLoadlib}(ZWESISDL)'" && +cd ../launcher/bin && +cp zowe_launcher +"//'{zowe.setup.dataset.authLoadlib}(ZWELNCH)'" +/* diff --git a/files/SZWESAMP/ZWENOKYR b/files/SZWESAMP/ZWENOKYR index 4699af99f6..990dcb889f 100644 --- a/files/SZWESAMP/ZWENOKYR +++ b/files/SZWESAMP/ZWENOKYR @@ -69,13 +69,13 @@ /* Remove keyring profile defined on RDATALIB class ................ */ RLIST RDATALIB + - &USERNAME..{zowe.setup.certificate.keyring.name}..LST ALL + &USERNAME..{zowe.setup.certificate.keyring.name}.LST ALL PERMIT + - &USERNAME..{zowe.setup.certificate.keyring.name}..LST + + &USERNAME..{zowe.setup.certificate.keyring.name}.LST + CLASS(RDATALIB) DELETE + ID({zowe.setup.security.users.zowe}) RDELETE RDATALIB + - &USERNAME..{zowe.setup.certificate.keyring.name}..LST + &USERNAME..{zowe.setup.certificate.keyring.name}.LST /* Refresh to dynamically activate the changes. .................... */ SETROPTS RACLIST(RDATALIB) REFRESH @@ -120,14 +120,14 @@ ACF F ACF2,REBUILD(FAC) * Delete LABEL certificate ........................................*/ - DELETE {zowe.setup.security.users.zowe}..ZOWECERT + DELETE {zowe.setup.security.users.zowe}.ZOWECERT * Delete LOCALCA certificate ......................................*/ DELETE CERTAUTH.ZOWECA * Delete keyring ...................................................*/ SET PROFILE(USER) DIVISION(KEYRING) - DELETE {zowe.setup.security.users.zowe}..ZOWERING + DELETE {zowe.setup.security.users.zowe}.ZOWERING F ACF2,REBUILD(USR),CLASS(P),DIVISION(KEYRING) From 15f0163c3b5c5f27c4529a890e0bcc00594138d1 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 8 Feb 2024 16:13:09 -0500 Subject: [PATCH 029/258] Reduce duplicate code in each init phase Signed-off-by: 1000TurquoisePogs --- bin/commands/init/certificate/index.sh | 23 +--- bin/commands/init/mvs/index.sh | 36 ++++--- bin/commands/init/security/index.sh | 140 +++---------------------- bin/commands/init/stc/index.sh | 65 +----------- bin/libs/zos-jes.sh | 43 ++++++-- bin/libs/zos.sh | 21 ++-- files/SZWEEXEC/ZWEGEN00 | 2 +- files/SZWESAMP/ZWEIAPF | 4 +- files/SZWESAMP/ZWEIMVS | 2 +- 9 files changed, 93 insertions(+), 243 deletions(-) diff --git a/bin/commands/init/certificate/index.sh b/bin/commands/init/certificate/index.sh index 4b9da621cb..315c0d783d 100644 --- a/bin/commands/init/certificate/index.sh +++ b/bin/commands/init/certificate/index.sh @@ -21,29 +21,8 @@ prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") if [ -z "${prefix}" ]; then print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 fi -# read JCL library and validate -jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") -does_jcl_exist=$(is_data_set_exists "${jcllib}") -if [ -z "${does_jcl_exist}" ]; then - zwecli_inline_execute_command init generate -fi -# should be created, but may take time to discover. -if [ -z "${does_jcl_exist}" ]; then -does_jcl_exist= -for secs in 1 5 10 ; do - does_jcl_exist=$(is_data_set_exists "${jcllib}") - if [ -z "${does_jcl_exist}" ]; then - sleep ${secs} - else - break - fi -done - -if [ -z "${does_jcl_exist}" ]; then - print_error_and_exit "Error ZWEL0999E: ${jcllib} does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 -fi -fi +jcllib=$(verify_generated_jcl) security_product=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.product") security_users_zowe=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.users.zowe") diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index e51cac14ad..60b582b545 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -15,7 +15,6 @@ print_level1_message "Initialize Zowe custom data sets" ############################### # constants cust_ds_list="parmlib|Zowe parameter library -jcllib|Zowe JCL library authLoadlib|Zowe authorized load library authPluginLib|Zowe authorized plugin library" @@ -47,23 +46,32 @@ while read -r line; do else print_error_and_exit "Error ZWEL0157E: ${name} (zowe.setup.dataset.${key}) is not defined in Zowe YAML configuration file." "" 157 fi - elif [ "${key}" = "authLoadlib" ]; then - if [ "${ds}" = "${prefix}.SZWESAMP" ]; then + fi + + if [ "${key}" = "authLoadlib" ]; then + if [ "${ds}" = "${prefix}.SZWEAUTH" ]; then run_aloadlib_create="false" else run_aloadlib_create="true" + # check existence + ds_existence=$(is_data_set_exists "${ds}") + if [ "${ds_existence}" = "true" ]; then + if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then + print_message "Warning ZWEL0300W: ${ds} already exists. Members in this data set will be overwritten." + else + print_message "Warning ZWEL0301W: ${ds} already exists and will not be overwritten. For upgrades, you must use --allow-overwrite." + fi + fi fi - fi - # check existence - ds_existence=$(is_data_set_exists "${ds}") - if [ "${ds_existence}" = "true" ]; then - if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then - # warning - print_message "Warning ZWEL0300W: ${ds} already exists. Members in this data set will be overwritten." - else - # print_error_and_exit "Error ZWEL0158E: ${ds} already exists." "" 158 - # warning - print_message "Warning ZWEL0301W: ${ds} already exists and will not be overwritten. For upgrades, you must use --allow-overwrite." + else + # check existence + ds_existence=$(is_data_set_exists "${ds}") + if [ "${ds_existence}" = "true" ]; then + if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then + print_message "Warning ZWEL0300W: ${ds} already exists. Members in this data set will be overwritten." + else + print_message "Warning ZWEL0301W: ${ds} already exists and will not be overwritten. For upgrades, you must use --allow-overwrite." + fi fi fi done < "${jcl_file}" - jcl_contents=$(cat "${jcl_file}") - - print_message "Template JCL: ${prefix}.SZWESAMP(ZWEISTC) , Executable JCL: ${jcllib}(ZWEISTC)" - print_message "--- JCL Content ---" - print_message "$jcl_contents" - print_message "--- End of JCL ---" - if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then - print_message "Submitting Job ZWEISTC" - jobid=$(submit_job $jcl_file) - code=$? - if [ ${code} -ne 0 ]; then - print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib}(ZWEISTC)." "" 161 - fi - print_debug "- job id ${jobid}" - - jobstate=$(wait_for_job "${jobid}") - code=$? - rm $jcl_file - if [ ${code} -eq 1 ]; then - print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 - fi - jobname=$(echo "${jobstate}" | awk -F, '{print $2}') - jobcctext=$(echo "${jobstate}" | awk -F, '{print $3}') - jobcccode=$(echo "${jobstate}" | awk -F, '{print $4}') - - if [ "${code}" -eq 0 ]; then - print_level2_message "Zowe main started tasks are installed successfully." - else - print_error_and_exit "Error ZWEL0163E: Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." "" 163 - fi - else - print_message "JCL not submitted, command run with dry run flag." - print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" - print_level2_message "Command run successfully." - rm $jcl_file - fi + print_and_handle_jcl "${jcl_file}" "ZWEISTC" "${jcllib}" "${prefix}" "true" + print_level2_message "Zowe main started tasks are installed successfully." fi diff --git a/bin/libs/zos-jes.sh b/bin/libs/zos-jes.sh index 4f9fc80f53..520e0bf356 100644 --- a/bin/libs/zos-jes.sh +++ b/bin/libs/zos-jes.sh @@ -140,11 +140,13 @@ wait_for_job() { print_and_handle_jcl() { jcl_location="${1}" - job_name="{2}" + job_name="${2}" jcllib="${3}" prefix="${4}" remove_jcl_on_finish="${5}" + continue_on_failure="${6}" jcl_contents=$(cat "${jcl_location}") + job_has_failures=false print_message "Template JCL: ${prefix}.SZWESAMP(${job_name}) , Executable JCL: ${jcllib}(${job_name})" print_message "--- JCL Content ---" @@ -153,23 +155,34 @@ print_and_handle_jcl() { if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then print_message "Submitting Job ${job_name}" - jobid=$(submit_job "${jcl_location}'") + jobid=$(submit_job "${jcl_location}") code=$? if [ ${code} -ne 0 ]; then - if [ "${remove_jcl_on_finish}" = "true" ]; then - rm "${jcl_location}" + job_has_failures=true + if [ "${continue_on_failure}" = "true" ]; then + print_error "Warning ZWEL0161W: Failed to run JCL ${jcllib}(${job_name})" + jobid= + else + if [ "${remove_jcl_on_finish}" = "true" ]; then + rm "${jcl_location}" + fi + print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib}(${job_name})." "" 161 fi - print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib}(${job_name})." "" 161 fi print_debug "- job id ${jobid}" jobstate=$(wait_for_job "${jobid}") code=$? if [ ${code} -eq 1 ]; then - if [ "${remove_jcl_on_finish}" = "true" ]; then - rm "${jcl_location}" + job_has_failures=true + if [ "${continue_on_failure}" = "true" ]; then + print_error "Warning ZWEL0162W: Failed to find job ${jobid} result." + else + if [ "${remove_jcl_on_finish}" = "true" ]; then + rm "${jcl_location}" + fi + print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 fi - print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 fi jobname=$(echo "${jobstate}" | awk -F, '{print $2}') jobcctext=$(echo "${jobstate}" | awk -F, '{print $3}') @@ -177,14 +190,22 @@ print_and_handle_jcl() { if [ "${code}" -eq 0 ]; then else - if [ "${remove_jcl_on_finish}" = "true" ]; then - rm "${jcl_location}" + job_has_failures=true + if [ "${continue_on_failure}" = "true" ]; then + print_error "Warning ZWEL0163W: Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." + else + if [ "${remove_jcl_on_finish}" = "true" ]; then + rm "${jcl_location}" + fi + print_error_and_exit "Error ZWEL0163E: Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." "" 163 fi - print_error_and_exit "Error ZWEL0163E: Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." "" 163 fi if [ "${remove_jcl_on_finish}" = "true" ]; then rm "${jcl_location}" fi + if [ "${job_has_failures}" = "true" ]; then + print_level2_message "Job ended with some failures. Please check job log for details." + fi return 0 else print_message "JCL not submitted, command run with dry run flag." diff --git a/bin/libs/zos.sh b/bin/libs/zos.sh index c45e511270..10fe29702c 100644 --- a/bin/libs/zos.sh +++ b/bin/libs/zos.sh @@ -69,17 +69,26 @@ operator_command() { verify_generated_jcl() { # read JCL library and validate - jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") - does_jcl_exist=$(tso_is_data_set_exists "${jcllib}") + does_jcl_exist=$(is_data_set_exists "${jcllib}") if [ -z "${does_jcl_exist}" ]; then - zwecli_inline_execute_command init generate + result=$(zwecli_inline_execute_command init generate) fi + # should be created, but may take time to discover. if [ -z "${does_jcl_exist}" ]; then - does_jcl_exist=$(tso_is_data_set_exists "${jcllib}") + does_jcl_exist= + for secs in 1 5 10 ; do + does_jcl_exist=$(is_data_set_exists "${jcllib}") + if [ -z "${does_jcl_exist}" ]; then + sleep ${secs} + else + break + fi + done + if [ -z "${does_jcl_exist}" ]; then - prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") - print_error_and_exit "Error ZWEL0999E: ${jcllib} does not exist, cannot run command. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 + print_error_and_exit "Error ZWEL0999E: ${jcllib} does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 + return 999 fi fi echo "${jcllib}" diff --git a/files/SZWEEXEC/ZWEGEN00 b/files/SZWEEXEC/ZWEGEN00 index 2483948ac9..9c3a0afc3d 100644 --- a/files/SZWEEXEC/ZWEGEN00 +++ b/files/SZWEEXEC/ZWEGEN00 @@ -195,7 +195,7 @@ if COMPARE('RTSS', CVTRAC_VAL) = 0 then do x = DeleteDataSet(jclCopy'(ZWEIACF2)') x = DeleteDataSet(jclCopy'(ZWEIRACF)') end -else do +if COMPARE('ACF2', CVTRAC_VAL) = 0 then do x = DeleteDataSet(jclCopy'(ZWEIKRT1)') x = DeleteDataSet(jclCopy'(ZWEIKRT2)') x = DeleteDataSet(jclCopy'(ZWEIKRT3)') diff --git a/files/SZWESAMP/ZWEIAPF b/files/SZWESAMP/ZWEIAPF index 2aad71c0d6..dc59bd3ca9 100644 --- a/files/SZWESAMP/ZWEIAPF +++ b/files/SZWESAMP/ZWEIAPF @@ -15,10 +15,10 @@ //* Which need it. You can issue this, or use another //* Way to accomplish the task. //* -//* +//********************************************************************* //* //* This dataset holds the APF portion of Zowe -// SET LOADLIB='{zowe.setup.dataset.authLoadLib}' +// SET LOADLIB='{zowe.setup.dataset.authLoadlib}' //* //* This dataset holds product plugins for ZIS, //* ZIS is located in the LOADLIB. diff --git a/files/SZWESAMP/ZWEIMVS b/files/SZWESAMP/ZWEIMVS index 098852eedb..e8e94c7ab4 100644 --- a/files/SZWESAMP/ZWEIMVS +++ b/files/SZWESAMP/ZWEIMVS @@ -15,7 +15,7 @@ //* Instances represent a configuration of Zowe, different from the //* "runtime" datasets that are created upon install of Zowe / SMPE. //* -//* If your choosen value of 'zowe.setup.dataset.authLoadLib' is not +//* If your choosen value of 'zowe.setup.dataset.authLoadlib' is not //* Equal to 'zowe.setup.prefix' + 'SZWELOAD', //* Then you must also run "ZWEIMVS2". //* From 4fff5027d75ca4af20329b2113a0cf2d5881e7f5 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 9 Feb 2024 11:25:07 -0500 Subject: [PATCH 030/258] fixed regression on finding jcllib and exiting on not Signed-off-by: 1000TurquoisePogs --- bin/commands/init/apfauth/index.sh | 3 +++ bin/commands/init/certificate/index.sh | 3 +++ bin/commands/init/mvs/index.sh | 3 +++ bin/commands/init/security/index.sh | 4 ++++ bin/commands/init/stc/index.sh | 3 +++ bin/commands/init/vsam/index.sh | 4 ++++ bin/libs/zos.sh | 4 ++-- 7 files changed, 22 insertions(+), 2 deletions(-) diff --git a/bin/commands/init/apfauth/index.sh b/bin/commands/init/apfauth/index.sh index 4e04ae7ae8..b5753ebfe2 100644 --- a/bin/commands/init/apfauth/index.sh +++ b/bin/commands/init/apfauth/index.sh @@ -29,6 +29,9 @@ for key in ${required_params}; do done jcllib=$(verify_generated_jcl) +if [ "$?" -eq 1 ]; then + print_error_and_exit "Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 +fi print_and_handle_jcl "//'${jcllib}(ZWEIAPF)'" "ZWEIAPF" "${jcllib}" "${prefix}" print_level2_message "Zowe load libraries are APF authorized successfully." diff --git a/bin/commands/init/certificate/index.sh b/bin/commands/init/certificate/index.sh index 315c0d783d..8fe98560ae 100644 --- a/bin/commands/init/certificate/index.sh +++ b/bin/commands/init/certificate/index.sh @@ -23,6 +23,9 @@ if [ -z "${prefix}" ]; then fi jcllib=$(verify_generated_jcl) +if [ "$?" -eq 1 ]; then + print_error_and_exit "Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 +fi security_product=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.product") security_users_zowe=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.users.zowe") diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index 60b582b545..8cf2c376a9 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -29,6 +29,9 @@ if [ -z "${prefix}" ]; then fi jcllib_location=$(verify_generated_jcl) +if [ "$?" -eq 1 ]; then + print_error_and_exit "Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 +fi ############################### # create data sets if they do not exist diff --git a/bin/commands/init/security/index.sh b/bin/commands/init/security/index.sh index f9893e8446..e1a459e0bb 100644 --- a/bin/commands/init/security/index.sh +++ b/bin/commands/init/security/index.sh @@ -24,6 +24,10 @@ if [ -z "${prefix}" ]; then fi jcllib=$(verify_generated_jcl) +if [ "$?" -eq 1 ]; then + print_error_and_exit "Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 +fi + validation_list="product groups.admin groups.stc groups.sysProg users.zowe users.zis stcs.zowe stcs.zis stcs.aux" diff --git a/bin/commands/init/stc/index.sh b/bin/commands/init/stc/index.sh index 0cac01dcd2..a73edb1433 100644 --- a/bin/commands/init/stc/index.sh +++ b/bin/commands/init/stc/index.sh @@ -30,6 +30,9 @@ if [ -z "${proclib}" ]; then fi jcllib=$(verify_generated_jcl) +if [ "$?" -eq 1 ]; then + print_error_and_exit "Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 +fi security_stcs_zowe=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.stcs.zowe") if [ -z "${security_stcs_zowe}" ]; then diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index 5aefd266b6..5d99a41942 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -32,6 +32,10 @@ if [ -z "${prefix}" ]; then fi jcllib=$(verify_generated_jcl) +if [ "$?" -eq 1 ]; then + print_error_and_exit "Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 +fi + required_yaml_content="mode volume storageClass name" diff --git a/bin/libs/zos.sh b/bin/libs/zos.sh index 10fe29702c..8e3eb5ebc3 100644 --- a/bin/libs/zos.sh +++ b/bin/libs/zos.sh @@ -68,6 +68,7 @@ operator_command() { } verify_generated_jcl() { + jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") # read JCL library and validate does_jcl_exist=$(is_data_set_exists "${jcllib}") if [ -z "${does_jcl_exist}" ]; then @@ -87,8 +88,7 @@ verify_generated_jcl() { done if [ -z "${does_jcl_exist}" ]; then - print_error_and_exit "Error ZWEL0999E: ${jcllib} does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 - return 999 + return 1 fi fi echo "${jcllib}" From 3d67b463ae7cd3fa6c0a2e0e148c98a9bd022821 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 9 Feb 2024 13:42:27 -0500 Subject: [PATCH 031/258] Add TS code from https://github.com/zowe/zowe-install-packaging/pull/3135 and adapt to new init stype Signed-off-by: 1000TurquoisePogs --- bin/commands/init/apfauth/cli.ts | 17 +++ bin/commands/init/apfauth/index.sh | 13 +++ bin/commands/init/apfauth/index.ts | 47 +++++++++ bin/commands/init/cli.ts | 18 ++++ bin/commands/init/index.sh | 13 +++ bin/commands/init/index.ts | 121 +++++++++++++++++++++ bin/commands/init/mvs/cli.ts | 18 ++++ bin/commands/init/mvs/index.sh | 19 +++- bin/commands/init/mvs/index.ts | 90 ++++++++++++++++ bin/commands/init/security/cli.ts | 18 ++++ bin/commands/init/security/index.sh | 22 +++- bin/commands/init/security/index.ts | 62 +++++++++++ bin/commands/init/stc/cli.ts | 18 ++++ bin/commands/init/stc/index.sh | 13 +++ bin/commands/init/stc/index.ts | 122 ++++++++++++++++++++++ bin/commands/init/vsam/cli.ts | 18 ++++ bin/commands/init/vsam/index.sh | 15 ++- bin/commands/init/vsam/index.ts | 63 +++++++++++ bin/commands/internal/config/set/index.ts | 2 +- bin/libs/json.ts | 6 ++ bin/libs/zos-jes.ts | 71 +++++++++++++ bin/libs/zos.ts | 35 ++++++- 22 files changed, 813 insertions(+), 8 deletions(-) create mode 100644 bin/commands/init/apfauth/cli.ts create mode 100644 bin/commands/init/apfauth/index.ts create mode 100644 bin/commands/init/cli.ts create mode 100644 bin/commands/init/index.ts create mode 100644 bin/commands/init/mvs/cli.ts create mode 100644 bin/commands/init/mvs/index.ts create mode 100644 bin/commands/init/security/cli.ts create mode 100644 bin/commands/init/security/index.ts create mode 100644 bin/commands/init/stc/cli.ts create mode 100644 bin/commands/init/stc/index.ts create mode 100644 bin/commands/init/vsam/cli.ts create mode 100644 bin/commands/init/vsam/index.ts diff --git a/bin/commands/init/apfauth/cli.ts b/bin/commands/init/apfauth/cli.ts new file mode 100644 index 0000000000..4d4953fbc4 --- /dev/null +++ b/bin/commands/init/apfauth/cli.ts @@ -0,0 +1,17 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as index from './index'; +import * as configmgr from '../../../libs/configmgr'; + +index.execute(); + +configmgr.cleanupTempDir(); diff --git a/bin/commands/init/apfauth/index.sh b/bin/commands/init/apfauth/index.sh index b5753ebfe2..4f4e0023b0 100644 --- a/bin/commands/init/apfauth/index.sh +++ b/bin/commands/init/apfauth/index.sh @@ -11,6 +11,19 @@ # Copyright Contributors to the Zowe Project. ####################################################################### +USE_CONFIGMGR=$(check_configmgr_enabled) +if [ "${USE_CONFIGMGR}" = "true" ]; then + if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then + + # user-facing command, use tmpdir to not mess up workspace permissions + export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 + fi + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/apfauth/cli.js" +else + print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 +fi + + print_level1_message "APF authorize load libraries" ############################### diff --git a/bin/commands/init/apfauth/index.ts b/bin/commands/init/apfauth/index.ts new file mode 100644 index 0000000000..361ec74643 --- /dev/null +++ b/bin/commands/init/apfauth/index.ts @@ -0,0 +1,47 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as zosJes from '../../../libs/zos-jes'; +import * as zoslib from '../../../libs/zos'; +import * as common from '../../../libs/common'; +import * as config from '../../../libs/config'; + +export function execute() { + + common.printLevel1Message(`APF authorize load libraries`); + + // Validation + common.requireZoweYaml(); + const ZOWE_CONFIG = config.getZoweConfig(); + + // read prefix and validate + const prefix=ZOWE_CONFIG.zowe?.setup?.dataset?.prefix; + if (!prefix) { + common.printErrorAndExit(`Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + + // read JCL library and validate + const jcllib = zoslib.verifyGeneratedJcl(ZOWE_CONFIG); + if (!jcllib) { + return common.printErrorAndExit(`Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command.`, undefined, 999); + } + + + ['authLoadlib', 'authPluginLib'].forEach((key)=> { + if (!ZOWE_CONFIG.zowe?.setup?.dataset || !ZOWE_CONFIG.zowe?.setup?.dataset[key]) { + common.printErrorAndExit(`Error ZWEL0157E: zowe.setup.dataset.${key} is not defined in Zowe YAML configuration file.`, undefined, 157); + } + }); + + + zosJes.printAndHandleJcl(`//'${jcllib}(ZWEIAPF)'`, `ZWEIAPF`, jcllib, prefix); + common.printLevel2Message(`Zowe load libraries are APF authorized successfully.`); +} diff --git a/bin/commands/init/cli.ts b/bin/commands/init/cli.ts new file mode 100644 index 0000000000..1f0812f9ea --- /dev/null +++ b/bin/commands/init/cli.ts @@ -0,0 +1,18 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as std from 'cm_std'; +import * as index from './index'; +import * as configmgr from '../../libs/configmgr'; + +index.execute(std.getenv("ZWE_CLI_PARAMETER_ALLOW_OVERWRITE") == 'true', std.getenv('ZWE_CLI_PARAMETER_SECURITY_DRY_RUN') == 'true', std.getenv('ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES') == 'true', std.getenv("ZWE_CLI_PARAMETER_UPDATE_CONFIG") == 'true'); + +configmgr.cleanupTempDir(); diff --git a/bin/commands/init/index.sh b/bin/commands/init/index.sh index ea19713b18..754aef8a88 100755 --- a/bin/commands/init/index.sh +++ b/bin/commands/init/index.sh @@ -11,6 +11,19 @@ # Copyright Contributors to the Zowe Project. ####################################################################### +USE_CONFIGMGR=$(check_configmgr_enabled) +if [ "${USE_CONFIGMGR}" = "true" ]; then + if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then + + # user-facing command, use tmpdir to not mess up workspace permissions + export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 + fi + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/cli.js" +else + print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 +fi + + print_level0_message "Configure Zowe" ############################### diff --git a/bin/commands/init/index.ts b/bin/commands/init/index.ts new file mode 100644 index 0000000000..f2a402013b --- /dev/null +++ b/bin/commands/init/index.ts @@ -0,0 +1,121 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as std from 'cm_std'; +import * as shell from '../../libs/shell'; +import * as zoslib from '../../libs/zos'; +import * as json from '../../libs/json'; +import * as zosJes from '../../libs/zos-jes'; +import * as zosDataset from '../../libs/zos-dataset'; +import * as common from '../../libs/common'; +import * as config from '../../libs/config'; +import * as node from '../../libs/node'; +import * as java from '../../libs/java'; + +import * as initGenerate from './generate/index'; +import * as initMvs from './mvs/index'; +import * as initVsam from './vsam/index'; +import * as initApfAuth from './apfauth/index'; +import * as initSecurity from './security/index'; +//import * as initCertificate from './certificate/index'; +import * as initStc from './stc/index'; + +export function execute(allowOverwrite?: boolean, dryRun?: boolean, ignoreSecurityFailures?: boolean, updateConfig?: boolean) { + common.printLevel0Message(`Configure Zowe`); + + // Validation + common.requireZoweYaml(); + + // Read job name and validate + const zoweConfig = config.getZoweConfig(); + + + common.printLevel1Message(`Check if need to update runtime directory, Java and/or node.js settings in Zowe YAML configuration`); + // node.home + let newNodeHome; + const configNodeHome=zoweConfig.node?.home; + // only try to update if it's not defined + if (!configNodeHome || configNodeHome == 'DETECT') { + node.requireNode(); + newNodeHome=std.getenv('NODE_HOME'); + } + + // java.home + let newJavaHome; + const configJavaHome=zoweConfig.java?.home; + // only try to update if it's not defined + if (!configJavaHome || configJavaHome == 'DETECT') { + java.requireJava(); + newJavaHome=std.getenv('JAVA_HOME'); + } + + // zowe.runtimeDirectory + let newZoweRuntimeDir; + // do we have zowe.runtimeDirectory defined in zowe.yaml? + const configRuntimeDir = zoweConfig.zowe?.runtimeDirectory; + if (configRuntimeDir) { + if (configRuntimeDir != std.getenv('ZWE_zowe_runtimeDirectory')) { + common.printErrorAndExit(`Error ZWEL0105E: The Zowe YAML config file is associated to Zowe runtime "${configRuntimeDir}", which is not same as where zwe command is located.`, undefined, 105); + } + } else { + newZoweRuntimeDir = std.getenv('ZWE_zowe_runtimeDirectory'); + } + + if (newNodeHome || newJavaHome || newZoweRuntimeDir) { + if (std.getenv("ZWE_CLI_PARAMETER_UPDATE_CONFIG") == "true") { + let updateObj:any = {}; + if (newNodeHome) { + updateObj.node = {home: newNodeHome}; + } + if (newJavaHome) { + updateObj.java = {home: newJavaHome}; + } + if (newZoweRuntimeDir) { + updateObj.zowe = {runtimeDirectory: newZoweRuntimeDir}; + } + json.updateZoweYamlFromObj(std.getenv('ZOWE_CLI_PARAMETER_CONFIG'), updateObj); + + common.printLevel2Message(`Runtime directory, Java and/or node.js settings are updated successfully.`); + } else { + common.printMessage(`These configurations need to be added to your YAML configuration file:`); + common.printMessage(``); + if (newZoweRuntimeDir) { + common.printMessage(`zowe:`); + common.printMessage(` runtimeDirectory: "${newZoweRuntimeDir}"`); + } + if (newNodeHome) { + common.printMessage(`node:`); + common.printMessage(` home: "${newNodeHome}"`); + } + if (newJavaHome) { + common.printMessage(`java:`); + common.printMessage(` home: "${newJavaHome}"`); + } + + common.printLevel2Message(`Please manually update "${std.getenv('ZWE_CLI_PARAMETER_CONFIG')}" before you start Zowe.`); + } + } else { + common.printLevel2Message(`No need to update runtime directory, Java and node.js settings.`); + } + + initGenerate.execute(dryRun); + initMvs.execute(allowOverwrite); + initVsam.execute(allowOverwrite, dryRun, updateConfig); + if (std.getenv("ZWE_CLI_PARAMETER_SKIP_SECURITY_SETUP") != 'true') { + initApfAuth.execute(); + initSecurity.execute(dryRun, ignoreSecurityFailures); + } + //initCertificate.execute(); + let result = shell.execSync('sh', '-c', `${std.getenv('ZWE_zowe_runtimeDirectory')}/bin/zwe init certificate ${dryRun?'--dry-run':''} ${updateConfig?'--update-config':''} ${allowOverwrite?'--alow-overwrite':''} ${ignoreSecurityFailures?'--ignore-security-failures':''} -c "${std.getenv('ZWE_CLI_PARAMETER_CONFIG')}"`); + initStc.execute(allowOverwrite); + + common.printLevel1Message(`Zowe is configured successfully.`); +} diff --git a/bin/commands/init/mvs/cli.ts b/bin/commands/init/mvs/cli.ts new file mode 100644 index 0000000000..a040d57a34 --- /dev/null +++ b/bin/commands/init/mvs/cli.ts @@ -0,0 +1,18 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as std from 'cm_std'; +import * as index from './index'; +import * as configmgr from '../../../libs/configmgr'; + +index.execute(std.getenv("ZWE_CLI_PARAMETER_ALLOW_OVERWRITE") == 'true'); + +configmgr.cleanupTempDir(); diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index 8cf2c376a9..cf7b4a2f68 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -10,6 +10,19 @@ # Copyright Contributors to the Zowe Project. ####################################################################### +USE_CONFIGMGR=$(check_configmgr_enabled) +if [ "${USE_CONFIGMGR}" = "true" ]; then + if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then + + # user-facing command, use tmpdir to not mess up workspace permissions + export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 + fi + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/mvs/cli.js" +else + print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 +fi + + print_level1_message "Initialize Zowe custom data sets" ############################### @@ -28,7 +41,7 @@ if [ -z "${prefix}" ]; then print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 fi -jcllib_location=$(verify_generated_jcl) +jcllib=$(verify_generated_jcl) if [ "$?" -eq 1 ]; then print_error_and_exit "Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 fi @@ -89,9 +102,9 @@ if [ "${ds_existence}" = "true" ] && [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" ! else - print_and_handle_jcl "//'${jcllib_location}(ZWEIMVS)'" "ZWEIMVS" "${jcllib_location}" "${prefix}" + print_and_handle_jcl "//'${jcllib}(ZWEIMVS)'" "ZWEIMVS" "${jcllib}" "${prefix}" if [ "${run_aloadlib_create}" = "true" ]; then - print_and_handle_jcl "//'${jcllib_location}(ZWEIMVS2)'" "ZWEIMVS2" "${jcllib_location}" "${prefix}" + print_and_handle_jcl "//'${jcllib}(ZWEIMVS2)'" "ZWEIMVS2" "${jcllib}" "${prefix}" fi print_level2_message "Zowe custom data sets are initialized successfully." diff --git a/bin/commands/init/mvs/index.ts b/bin/commands/init/mvs/index.ts new file mode 100644 index 0000000000..4ae9acd768 --- /dev/null +++ b/bin/commands/init/mvs/index.ts @@ -0,0 +1,90 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as zoslib from '../../../libs/zos'; +import * as zosJes from '../../../libs/zos-jes'; +import * as zosdataset from '../../../libs/zos-dataset'; +import * as common from '../../../libs/common'; +import * as config from '../../../libs/config'; + +export function execute(allowOverwrite?: boolean) { + common.printLevel1Message(`Initialize Zowe custom data sets`); + common.requireZoweYaml(); + const ZOWE_CONFIG = config.getZoweConfig(); + + const datasets = [ + { configKey: 'parmlib', + description: 'Zowe parameter library' + }, + { configKey: 'authLoadlib', + description: 'Zowe authorized load library' + }, + { configKey: 'authPluginLib', + description: 'Zowe authorized plugin library' + } + ]; + + const prefix=ZOWE_CONFIG.zowe.setup?.dataset?.prefix; + if (!prefix) { + common.printErrorAndExit(`Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + + const jcllib = zoslib.verifyGeneratedJcl(ZOWE_CONFIG); + if (!jcllib) { + common.printErrorAndExit(`Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command.`, undefined, 999); + } + + let runALoadlibCreate: boolean; + + common.printMessage(`Create data sets if they do not exist`); + let skippedDatasets: boolean = false; + + datasets.forEach((datasetDef) => { + // read def and validate + let skip:boolean = false; + const ds=ZOWE_CONFIG.zowe.setup?.dataset ? ZOWE_CONFIG.zowe.setup.dataset[datasetDef.configKey] : undefined; + if (!ds) { + // authLoadlib can be empty + if (datasetDef.configKey == 'authLoadlib') { + skip=true; + } else { + common.printErrorAndExit(`Error ZWEL0157E: ${datasetDef.configKey} (zowe.setup.dataset.${datasetDef.configKey}) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + } + + if (datasetDef.configKey == 'authLoadlib') { + runALoadlibCreate = ds == prefix+'SZWEAUTH' ? false : true; + } + + if (!skip) { + const datasetExists=zosdataset.isDatasetExists(ds); + if (datasetExists) { + if (allowOverwrite) { + common.printMessage(`Warning ZWEL0300W: ${ds} already exists. Members in this data set will be overwritten.`); + } else { + skippedDatasets = true; + common.printMessage(`Warning ZWEL0301W: ${ds} already exists and will not be overwritten. For upgrades, you must use --allow-overwrite.`); + } + } + } + }); + + if (skippedDatasets && !allowOverwrite) { + common.printMessage(`Skipped writing to a dataset. To write, you must use --allow-overwrite.`); + } else { + zosJes.printAndHandleJcl(`//'${jcllib}(ZWEIMVS)'`, `ZWEIMVS`, jcllib, prefix); + if (runALoadlibCreate === true) { + zosJes.printAndHandleJcl(`//'${jcllib}(ZWEIMVS2)'`, `ZWEIMVS2`, jcllib, prefix); + } + } + + common.printLevel2Message(`Zowe custom data sets are initialized successfully.`); +} diff --git a/bin/commands/init/security/cli.ts b/bin/commands/init/security/cli.ts new file mode 100644 index 0000000000..77f4743531 --- /dev/null +++ b/bin/commands/init/security/cli.ts @@ -0,0 +1,18 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as std from 'cm_std'; +import * as index from './index'; +import * as configmgr from '../../../libs/configmgr'; + +index.execute(std.getenv('ZWE_CLI_PARAMETER_SECURITY_DRY_RUN') == 'true', std.getenv('ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES') == 'true'); + +configmgr.cleanupTempDir(); diff --git a/bin/commands/init/security/index.sh b/bin/commands/init/security/index.sh index e1a459e0bb..54f4193f67 100644 --- a/bin/commands/init/security/index.sh +++ b/bin/commands/init/security/index.sh @@ -11,6 +11,19 @@ # Copyright Contributors to the Zowe Project. ####################################################################### +USE_CONFIGMGR=$(check_configmgr_enabled) +if [ "${USE_CONFIGMGR}" = "true" ]; then + if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then + + # user-facing command, use tmpdir to not mess up workspace permissions + export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 + fi + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/security/cli.js" +else + print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 +fi + + print_level1_message "Run Zowe security configurations" ############################### @@ -29,7 +42,7 @@ if [ "$?" -eq 1 ]; then fi -validation_list="product groups.admin groups.stc groups.sysProg users.zowe users.zis stcs.zowe stcs.zis stcs.aux" +validation_list="groups.admin groups.stc groups.sysProg users.zowe users.zis stcs.zowe stcs.zis stcs.aux" for item in ${validation_list}; do result=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.${item}") @@ -38,11 +51,16 @@ for item in ${validation_list}; do fi done +security_product=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.product") +if [ -z "${security_product}" ]; then + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.product) is not defined in Zowe YAML configuration file." "" 157 +fi + ############################### # submit job print_and_handle_jcl "//'${jcllib}(ZWEI${security_product})'" "ZWEI${security_product}" "${jcllib}" "${prefix}" "false" "${ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES}" print_message "" -print_message "WARNING: Due to the limitation of the ZWESECUR job, exit with 0 does not mean" +print_message "WARNING: Due to the limitation of the ZWEI${security_product} job, exit with 0 does not mean" print_message " the job is fully successful. Please check the job log to determine" print_message " if there are any inline errors." print_message "" diff --git a/bin/commands/init/security/index.ts b/bin/commands/init/security/index.ts new file mode 100644 index 0000000000..92e673f49a --- /dev/null +++ b/bin/commands/init/security/index.ts @@ -0,0 +1,62 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as common from '../../../libs/common'; +import * as config from '../../../libs/config'; +import * as zoslib from '../../../libs/zos'; +import * as zosJes from '../../../libs/zos-jes'; + +export function execute(dryRun?: boolean, ignoreSecurityFailures?: boolean) { + common.printLevel1Message(`Run Zowe security configurations`); + + // Validation + common.requireZoweYaml(); + const ZOWE_CONFIG = config.getZoweConfig(); + + // read prefix and validate + const prefix=ZOWE_CONFIG.zowe.setup?.dataset?.prefix; + if (!prefix) { + common.printErrorAndExit(`Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + // read JCL library and validate + const jcllib = zoslib.verifyGeneratedJcl(ZOWE_CONFIG); + if (!jcllib) { + return common.printErrorAndExit(`Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command.`, undefined, 999); + } + + let securityProduct = ZOWE_CONFIG.zowe.setup?.security?.product; + if (!securityProduct) { + common.printErrorAndExit(`Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + ['admin', 'stc', 'sysProg'].forEach((key)=> { + if (!ZOWE_CONFIG.zowe.setup?.security?.groups || !ZOWE_CONFIG.zowe.setup?.security?.groups[key]) { + common.printErrorAndExit(`Error ZWEL0157E: (zowe.setup.dataset.groups.${key}) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + }); + ['zowe', 'zis'].forEach((key)=> { + if (!ZOWE_CONFIG.zowe.setup?.security?.users || !ZOWE_CONFIG.zowe.setup?.security?.users[key]) { + common.printErrorAndExit(`Error ZWEL0157E: (zowe.setup.dataset.users.${key}) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + }); + ['zowe', 'zis', 'aux'].forEach((key)=> { + if (!ZOWE_CONFIG.zowe.setup?.security?.stcs || !ZOWE_CONFIG.zowe.setup?.security?.stcs[key]) { + common.printErrorAndExit(`Error ZWEL0157E: (zowe.setup.dataset.stcs.${key}) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + }); + + zosJes.printAndHandleJcl(`//'${jcllib}(ZWEI${securityProduct})'`, `ZWEI${securityProduct}`, jcllib, prefix, false, ignoreSecurityFailures); + common.printMessage(``); + common.printMessage(`WARNING: Due to the limitation of the ZWEI${securityProduct} job, exit with 0 does not mean`); + common.printMessage(` the job is fully successful. Please check the job log to determine`); + common.printMessage(` if there are any inline errors.`); + common.printMessage(``); + common.printLevel2Message(`Command run successfully.`); +} diff --git a/bin/commands/init/stc/cli.ts b/bin/commands/init/stc/cli.ts new file mode 100644 index 0000000000..dde5f23c94 --- /dev/null +++ b/bin/commands/init/stc/cli.ts @@ -0,0 +1,18 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as std from 'cm_std'; +import * as index from './index'; +import * as configmgr from '../../../libs/configmgr'; + +index.execute(std.getenv('ZWE_CLI_PARAMETER_ALLOW_OVERWRITE') == 'true'); + +configmgr.cleanupTempDir(); diff --git a/bin/commands/init/stc/index.sh b/bin/commands/init/stc/index.sh index a73edb1433..a28703654a 100644 --- a/bin/commands/init/stc/index.sh +++ b/bin/commands/init/stc/index.sh @@ -11,6 +11,19 @@ # Copyright Contributors to the Zowe Project. ####################################################################### +USE_CONFIGMGR=$(check_configmgr_enabled) +if [ "${USE_CONFIGMGR}" = "true" ]; then + if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then + + # user-facing command, use tmpdir to not mess up workspace permissions + export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 + fi + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/stc/cli.js" +else + print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 +fi + + print_level1_message "Install Zowe main started task" ############################### diff --git a/bin/commands/init/stc/index.ts b/bin/commands/init/stc/index.ts new file mode 100644 index 0000000000..35debe9263 --- /dev/null +++ b/bin/commands/init/stc/index.ts @@ -0,0 +1,122 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + + +import * as std from 'cm_std'; +import * as zos from 'zos'; +import * as xplatform from 'xplatform'; + +import * as fs from '../../../libs/fs'; +import * as common from '../../../libs/common'; +import * as stringlib from '../../../libs/string'; +import * as shell from '../../../libs/shell'; +import * as config from '../../../libs/config'; +import * as zoslib from '../../../libs/zos'; +import * as zosJes from '../../../libs/zos-jes'; +import * as zosdataset from '../../../libs/zos-dataset'; + + +export function execute(allowOverwrite: boolean = false) { + + common.printLevel1Message(`Install Zowe main started task`); + + // constants + const COMMAND_LIST = std.getenv('ZWE_CLI_COMMANDS_LIST'); + + let stcExistence: boolean; + + // validation + common.requireZoweYaml(); + const ZOWE_CONFIG=config.getZoweConfig(); + + // read prefix and validate + const prefix=ZOWE_CONFIG.zowe?.setup?.dataset?.prefix; + if (!prefix) { + common.printErrorAndExit(`Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + // read PROCLIB and validate + const proclib=ZOWE_CONFIG.zowe.setup?.dataset?.proclib; + if (!proclib) { + common.printErrorAndExit(`Error ZWEL0157E: PROCLIB (zowe.setup.dataset.proclib) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + // read JCL library and validate + const jcllib = zoslib.verifyGeneratedJcl(ZOWE_CONFIG); + if (!jcllib) { + return common.printErrorAndExit(`Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command.`, undefined, 999); + } + + let security_stcs_zowe=ZOWE_CONFIG.zowe.setup?.security?.stcs?.zowe; + if (!security_stcs_zowe) { + common.printErrorAndExit(`Error ZWEL0157E: (zowe.setup.security.stcs.zowe) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + let security_stcs_zis=ZOWE_CONFIG.zowe.setup?.security?.stcs?.zis; + if (!security_stcs_zis) { + common.printErrorAndExit(`Error ZWEL0157E: (zowe.setup.security.stcs.zis) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + let security_stcsAux=ZOWE_CONFIG.zowe.setup?.security?.stcs?.aux; + if (!security_stcsAux) { + common.printErrorAndExit(`Error ZWEL0157E: (zowe.setup.security.stcs.aux) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + + [security_stcs_zowe, security_stcs_zis, security_stcsAux].forEach((mb: string) => { + // STCs in target proclib + stcExistence=zosdataset.isDatasetExists(`${proclib}(${mb})`); + if (stcExistence == true) { + if (allowOverwrite) { + // warning + common.printMessage(`Warning ZWEL0300W: ${proclib}(${mb}) already exists. This data set member will be overwritten during configuration.`); + } else { + // common.printErrorAndExit(`Error ZWEL0158E: ${proclib}(${mb}) already exists.`, undefined, 158); + // warning + common.printMessage(`Warning ZWEL0301W: ${proclib}(${mb}) already exists and will not be overwritten. For upgrades, you must use --allow-overwrite.`); + } + } + }); + + if (stcExistence == true && !allowOverwrite) { + common.printMessage(`Skipped writing to ${proclib}. To write, you must use --allow-overwrite.`); + } else { + // prepare STCs + + // ZWESISTC + const tmpfile = fs.createTmpFile(`zwe ${COMMAND_LIST}`.replace(new RegExp('\ ', 'g'), '-')); + common.printDebug(`- Copy ${jcllib}(ZWESISTC) to ${tmpfile}`); + const sistcContent = shell.execOutSync('sh', '-c', `cat "//'${jcllib}(ZWESISTC)'" 2>&1`); + if (sistcContent.out && sistcContent.rc == 0) { + common.printDebug(` * Succeeded`); + common.printTrace(` * Output:`); + common.printTrace(stringlib.paddingLeft(sistcContent.out, " ")); + + const tmpFileContent = sistcContent.out.replace("ZWESLSTC,ZWESLSTC", "ZWESLSTC") + .replace("ZWESISTC,ZWESISTC", "ZWESISTC") + .replace("ZWESASTC,ZWESASTC", "ZWESASTC"); + xplatform.storeFileUTF8(tmpfile, xplatform.AUTO_DETECT, tmpFileContent); + common.printTrace(` * Stored:`); + common.printTrace(stringlib.paddingLeft(tmpFileContent, " ")); + + shell.execSync('chmod', '700', tmpfile); + } else { + common.printDebug(` * Failed`); + common.printError(` * Exit code: ${sistcContent.rc}`); + common.printError(` * Output:`); + if (sistcContent.out) { + common.printError(stringlib.paddingLeft(sistcContent.out, " ")); + } + std.exit(1); + } + if (!fs.fileExists(tmpfile)) { + common.printErrorAndExit(`Error ZWEL0159E: Failed to prepare ZWEISTC`, undefined, 159); + } + + zosJes.printAndHandleJcl(tmpfile, `ZWEISTC`, jcllib, prefix, true); + common.printLevel2Message(`Zowe main started tasks are installed successfully.`); + } +} diff --git a/bin/commands/init/vsam/cli.ts b/bin/commands/init/vsam/cli.ts new file mode 100644 index 0000000000..190ca1c6e6 --- /dev/null +++ b/bin/commands/init/vsam/cli.ts @@ -0,0 +1,18 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as std from 'cm_std'; +import * as index from './index'; +import * as configmgr from '../../../libs/configmgr'; + +index.execute(std.getenv("ZWE_CLI_PARAMETER_ALLOW_OVERWRITE") == 'true', std.getenv("ZWE_CLI_PARAMETER_DRY_RUN") == 'true', std.getenv("ZWE_CLI_PARAMETER_UPDATE_CONFIG") == 'true'); + +configmgr.cleanupTempDir(); diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index 5d99a41942..8086bb3988 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -11,6 +11,19 @@ # Copyright Contributors to the Zowe Project. ####################################################################### +USE_CONFIGMGR=$(check_configmgr_enabled) +if [ "${USE_CONFIGMGR}" = "true" ]; then + if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then + + # user-facing command, use tmpdir to not mess up workspace permissions + export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 + fi + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/vsam/cli.js" +else + print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 +fi + + print_level1_message "Create VSAM storage for Zowe Caching Service" ############################### @@ -65,9 +78,9 @@ fi print_and_handle_jcl "//'${jcllib}(ZWECSVSM)" "ZWECSVSM" "${jcllib}" "${prefix}" if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then - print_level2_message "Zowe Caching Service VSAM storage is created successfully." if [ "${ZWE_CLI_PARAMETER_UPDATE_CONFIG}" = "true" ]; then update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "components.caching-service.storage.vsam.name" "${name}" print_level2_message "Zowe configuration is updated successfully." fi fi +print_level2_message "Zowe Caching Service VSAM storage is created successfully." diff --git a/bin/commands/init/vsam/index.ts b/bin/commands/init/vsam/index.ts new file mode 100644 index 0000000000..16de81412b --- /dev/null +++ b/bin/commands/init/vsam/index.ts @@ -0,0 +1,63 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as std from 'cm_std'; +import * as zoslib from '../../../libs/zos'; +import * as json from '../../../libs/json'; +import * as zosJes from '../../../libs/zos-jes'; +import * as zosDataset from '../../../libs/zos-dataset'; +import * as common from '../../../libs/common'; +import * as config from '../../../libs/config'; + +export function execute(allowOverwrite?: boolean, dryRun?: boolean, updateConfig?: boolean) { + common.printLevel1Message(`Initialize Zowe custom data sets`); + common.requireZoweYaml(); + const ZOWE_CONFIG = config.getZoweConfig(); + + const cachingStorage = ZOWE_CONFIG.components['caching-service']?.storage?.mode; + if (!cachingStorage || (cachingStorage.toUpperCase() != 'VSAM')) { + common.printError(`Warning ZWEL0301W: Zowe Caching Service is not configured to use VSAM. Command skipped.`); + return; + } + + const prefix=ZOWE_CONFIG.zowe.setup?.dataset?.prefix; + if (!prefix) { + return common.printErrorAndExit(`Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + + const jcllib = zoslib.verifyGeneratedJcl(ZOWE_CONFIG); + if (!jcllib) { + return common.printErrorAndExit(`Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command.`, undefined, 999); + } + + ['mode', 'volume', 'storageClass', 'name'].forEach((key)=> { + if (!ZOWE_CONFIG.zowe.setup.vsam || !ZOWE_CONFIG.zowe.setup.vsam[key]) { + return common.printErrorAndExit(`Error ZWEL0157E: VSAM parameter (zowe.setup.vsam.${key}) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + }); + + const name = ZOWE_CONFIG.zowe.setup.vsam.name; + + const vsamExistence = zosDataset.isDatasetExists(name); + if (vsamExistence && allowOverwrite) { + zosDataset.deleteDataset(name); + } else if (vsamExistence) { + return common.printErrorAndExit(`Error ZWEL0158E: ${name} already exists.`, undefined, 158); + } + + zosJes.printAndHandleJcl(`//'${jcllib}(ZWECSVSM)'`, `ZWECSVSM`, jcllib, prefix); + if (!dryRun && updateConfig) { + json.updateZoweYaml(std.getenv('ZWE_CLI_PARAMETER_CONFIG_ORIG'), '.components.caching-service.storage.vsam.name', name); + common.printLevel2Message(`Zowe configuration is updated successfully.`); + } + + common.printLevel2Message(`Zowe Caching Service VSAM storage is created successfully.`); +} diff --git a/bin/commands/internal/config/set/index.ts b/bin/commands/internal/config/set/index.ts index a933254ca6..e184216d6a 100644 --- a/bin/commands/internal/config/set/index.ts +++ b/bin/commands/internal/config/set/index.ts @@ -17,7 +17,7 @@ import * as fakejq from '../../../../libs/fakejq'; export function execute(configPath:string, newValue: any, haInstance?: string, valueAsString?: boolean) { common.requireZoweYaml(); - const configFiles=std.getenv('ZWE_CLI_PARAMETER_CONFIG'); + const configFiles=std.getenv('ZWE_CLI_PARAMETER_CONFIG_ORIG'); const ZOWE_CONFIG=config.getZoweConfig(); if (!valueAsString) { diff --git a/bin/libs/json.ts b/bin/libs/json.ts index 70243b8901..4b9b11d097 100644 --- a/bin/libs/json.ts +++ b/bin/libs/json.ts @@ -165,6 +165,12 @@ export function updateZoweYaml(file: string, key: string, val: any) { } } +export function updateZoweYamlFromObj(file: string, updateObj: any) { + common.printMessage(`- update zowe config ${file} with obj=${JSON.stringify(updateObj, null, 2)}`); + config.updateZoweConfig(updateObj, true, 1); //TODO externalize array merge strategy = 1 +} + + //TODO: PARMLIB not supported. export function deleteYaml(file: string, key: string, expectedSample: string) { const ZOWE_CONFIG=config.getZoweConfig(); diff --git a/bin/libs/zos-jes.ts b/bin/libs/zos-jes.ts index 0a0954a8d0..749c62c991 100644 --- a/bin/libs/zos-jes.ts +++ b/bin/libs/zos-jes.ts @@ -10,6 +10,7 @@ */ import * as os from 'cm_os'; +import * as std from 'cm_std'; import * as zoslib from './zos'; import * as common from './common'; import * as stringlib from './string'; @@ -158,3 +159,73 @@ export function waitForJob(jobid: string): {jobcctext?: string, jobcccode?: stri return {jobcctext, jobcccode, jobname, rc: 1}; } } + +export function printAndHandleJcl(jclLocation: string, jobName: string, jcllib: string, prefix: string, removeJclOnFinish?: boolean, continueOnFailure?: boolean){ + const jclContents = shell.execOutSync('sh', '-c', `cat "${jclLocation}" 2>&1`).out; + + let jobHasFailures = false; + + common.printMessage(`Template JCL: ${prefix}.SZWESAMP(${jobName}) , Executable JCL: ${jcllib}(${jobName})`); + common.printMessage(`--- JCL Content ---`); + common.printMessage(jclContents); + common.printMessage(`--- End of JCL ---`); + + let removeRc: number; + + let jobId: string|undefined; + if (!std.getenv('ZWE_CLI_PARAMETER_DRY_RUN')) { + common.printMessage(`Submitting Job ${jobName}`); + jobId=submitJob(jclLocation); + if (!jobId) { + jobHasFailures=true; + if (continueOnFailure) { + common.printError(`Warning ZWEL0161W: Failed to run JCL ${jcllib}(${jobName})`); + jobId=undefined; + } else { + if (removeJclOnFinish) { + removeRc = os.remove(jclLocation); + } + common.printErrorAndExit(`Error ZWEL0161E: Failed to run JCL ${jcllib}(${jobName}).`, undefined, 161); + } + } + common.printDebug(`- job id ${jobId}`); + + let {jobcctext, jobcccode, jobname, rc} = waitForJob(jobId); + if (rc) { + jobHasFailures=true; + if (continueOnFailure) { + common.printError(`Warning ZWEL0162W: Failed to find job ${jobId} result.`); + } else { + if (removeJclOnFinish) { + removeRc = os.remove(jclLocation); + } + common.printErrorAndExit(`Error ZWEL0162E: Failed to find job ${jobId} result.`, undefined, 162); + } + + jobHasFailures=true + if (continueOnFailure) { + common.printError(`Warning ZWEL0163W: Job ${jobname}(${jobId}) ends with code ${jobcccode} (${jobcctext}).`); + } else { + if (removeJclOnFinish) { + removeRc = os.remove(jclLocation); + } + common.printErrorAndExit(`Error ZWEL0163E: Job ${jobname}(${jobId}) ends with code ${jobcccode} (${jobcctext}).`, undefined, 163); + } + } + if (removeJclOnFinish) { + removeRc = os.remove(jclLocation); + } + if (jobHasFailures) { + common.printLevel2Message(`Job ended with some failures. Please check job log for details.`); + } + return 0 + } else { + common.printMessage(`JCL not submitted, command run with dry run flag.`); + common.printMessage(`To perform command, re-run command without dry run flag, or submit the JCL directly`); + common.printLevel2Message(`Command run successfully.`); + if (removeJclOnFinish) { + removeRc = os.remove(jclLocation); + } + return 0 + } +} diff --git a/bin/libs/zos.ts b/bin/libs/zos.ts index b49e81451b..ba3c6207be 100644 --- a/bin/libs/zos.ts +++ b/bin/libs/zos.ts @@ -10,10 +10,12 @@ */ import * as std from 'cm_std'; - +import * as os from 'cm_os'; import * as common from './common'; import * as shell from './shell'; import * as stringlib from './string'; +import * as zosDataset from './zos-dataset'; +import * as initGenerate from '../commands/init/generate/index'; export function tsoCommand(...args:string[]): { rc: number, out: string } { let message="tsocmd "+args.join(' '); @@ -64,3 +66,34 @@ export function operatorCommand(command: string): { rc: number, out: string } { //we strip the '.' we added above return { rc: result.rc, out: result.out ? result.out.substring(0, result.out.length-1) : '' }; } + +export function verifyGeneratedJcl(config:any): string { + const jcllib = config.zowe.setup.dataset.jcllib; + if (!jcllib) { + return undefined; + } + // read JCL library and validate + let doesJclExist=zosDataset.isDatasetExists(jcllib); + if (!doesJclExist) { + initGenerate.execute(); + } + + // should be created, but may take time to discover. + if (!doesJclExist) { + const interval = [1,5,10]; + for (let i = 0; i < interval.length; i++) { + let secs = interval[i]; + doesJclExist=zosDataset.isDatasetExists(jcllib); + if (!doesJclExist) { + os.sleep(secs*1000); + } else { + break; + } + } + + if (!doesJclExist) { + return undefined; + } + } + return jcllib; +} From bda8687d52108569225f32867bbedaf1664a1068 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 9 Feb 2024 14:05:54 -0500 Subject: [PATCH 032/258] remove shell code and prevent duplicate job logging in verbose mode Signed-off-by: 1000TurquoisePogs --- bin/commands/init/apfauth/index.sh | 26 --------- bin/commands/init/index.sh | 89 ---------------------------- bin/commands/init/mvs/index.sh | 90 ----------------------------- bin/commands/init/mvs/index.ts | 36 +++++------- bin/commands/init/security/index.sh | 47 --------------- bin/commands/init/stc/index.sh | 70 ---------------------- bin/commands/init/vsam/index.sh | 62 -------------------- bin/libs/zos-jes.ts | 30 +++++----- 8 files changed, 29 insertions(+), 421 deletions(-) diff --git a/bin/commands/init/apfauth/index.sh b/bin/commands/init/apfauth/index.sh index 4f4e0023b0..e65221b252 100644 --- a/bin/commands/init/apfauth/index.sh +++ b/bin/commands/init/apfauth/index.sh @@ -22,29 +22,3 @@ if [ "${USE_CONFIGMGR}" = "true" ]; then else print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 fi - - -print_level1_message "APF authorize load libraries" - -############################### -# constants -required_yaml_content="prefix authLoadlib authPluginLib" - -############################### -# validation -require_zowe_yaml - -for key in ${required_params}; do - eval "${key}=$(read_yaml \"${ZWE_CLI_PARAMETER_CONFIG}\" \".zowe.setup.dataset.${key}\")" - if [ -z "${key}" ]; then - print_error_and_exit "Error ZWEL0157E: Dataset parameter (zowe.setup.dataset.${key}) is not defined in Zowe YAML configuration file." "" 157 - fi -done - -jcllib=$(verify_generated_jcl) -if [ "$?" -eq 1 ]; then - print_error_and_exit "Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 -fi - -print_and_handle_jcl "//'${jcllib}(ZWEIAPF)'" "ZWEIAPF" "${jcllib}" "${prefix}" -print_level2_message "Zowe load libraries are APF authorized successfully." diff --git a/bin/commands/init/index.sh b/bin/commands/init/index.sh index 754aef8a88..3c707ba227 100755 --- a/bin/commands/init/index.sh +++ b/bin/commands/init/index.sh @@ -22,92 +22,3 @@ if [ "${USE_CONFIGMGR}" = "true" ]; then else print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 fi - - -print_level0_message "Configure Zowe" - -############################### -print_level1_message "Check if need to update runtime directory, Java and/or node.js settings in Zowe YAML configuration" -# node.home -update_node_home= -yaml_node_home="$(shell_read_yaml_node_home "${ZWE_CLI_PARAMETER_CONFIG}")" -# only try to update if it's not defined -if [ -z "${yaml_node_home}" ]; then - require_node - if [ -n "${NODE_HOME}" ]; then - update_node_home="${NODE_HOME}" - fi -fi -# java.home -update_java_home= -yaml_java_home="$(shell_read_yaml_java_home "${ZWE_CLI_PARAMETER_CONFIG}")" -# only try to update if it's not defined -if [ -z "${yaml_java_home}" ]; then - require_java - if [ -n "${JAVA_HOME}" ]; then - update_java_home="${JAVA_HOME}" - fi -fi -# zowe.runtimeDirectory -require_zowe_yaml -update_zowe_runtime_dir= -# do we have zowe.runtimeDirectory defined in zowe.yaml? -yaml_runtime_dir=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.runtimeDirectory") -if [ -n "${yaml_runtime_dir}" ]; then - result=$(are_directories_same "${yaml_runtime_dir}" "${ZWE_zowe_runtimeDirectory}") - code=$? - if [ ${code} -ne 0 ]; then - print_error_and_exit "Error ZWEL0105E: The Zowe YAML config file is associated to Zowe runtime \"${yaml_runtime_dir}\", which is not same as where zwe command is located." "" 105 - fi - # no need to update -else - update_zowe_runtime_dir="${ZWE_zowe_runtimeDirectory}" -fi - -if [ -n "${update_node_home}" -o -n "${update_java_home}" -o -n "${update_zowe_runtime_dir}" ]; then - if [ "${ZWE_CLI_PARAMETER_UPDATE_CONFIG}" = "true" ]; then - if [ -n "${update_node_home}" ]; then - update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "node.home" "${update_node_home}" - fi - if [ -n "${update_java_home}" ]; then - update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "java.home" "${update_java_home}" - fi - if [ -n "${update_zowe_runtime_dir}" ]; then - update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "zowe.runtimeDirectory" "${update_zowe_runtime_dir}" - fi - - print_level2_message "Runtime directory, Java and/or node.js settings are updated successfully." - else - print_message "These configurations need to be added to your YAML configuration file:" - print_message "" - if [ -n "${update_zowe_runtime_dir}" ]; then - print_message "zowe:" - print_message " runtimeDirectory: \"${update_zowe_runtime_dir}\"" - fi - if [ -n "${update_node_home}" ]; then - print_message "node:" - print_message " home: \"${update_node_home}\"" - fi - if [ -n "${update_java_home}" ]; then - print_message "java:" - print_message " home: \"${update_java_home}\"" - fi - - print_level2_message "Please manually update \"${ZWE_CLI_PARAMETER_CONFIG}\" before you start Zowe." - fi -else - print_level2_message "No need to update runtime directory, Java and node.js settings." -fi - -############################### -zwecli_inline_execute_command init generate -zwecli_inline_execute_command init mvs -zwecli_inline_execute_command init vsam -if [ "${ZWE_CLI_PARAMETER_SKIP_SECURITY_SETUP}" != "true" ]; then - zwecli_inline_execute_command init apfauth - zwecli_inline_execute_command init security -fi -zwecli_inline_execute_command init certificate -zwecli_inline_execute_command init stc - -print_level1_message "Zowe is configured successfully." diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index cf7b4a2f68..5831eb54fb 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -21,93 +21,3 @@ if [ "${USE_CONFIGMGR}" = "true" ]; then else print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 fi - - -print_level1_message "Initialize Zowe custom data sets" - -############################### -# constants -cust_ds_list="parmlib|Zowe parameter library -authLoadlib|Zowe authorized load library -authPluginLib|Zowe authorized plugin library" - -############################### -# validation -require_zowe_yaml - -# read prefix and validate -prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") -if [ -z "${prefix}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 -fi - -jcllib=$(verify_generated_jcl) -if [ "$?" -eq 1 ]; then - print_error_and_exit "Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 -fi - -############################### -# create data sets if they do not exist -print_message "Create data sets if they do not exist" -while read -r line; do - key=$(echo "${line}" | awk -F"|" '{print $1}') - name=$(echo "${line}" | awk -F"|" '{print $2}') - - # read def and validate - ds=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.${key}") - if [ -z "${ds}" ]; then - # authLoadlib can be empty - if [ "${key}" = "authLoadlib" ]; then - continue - else - print_error_and_exit "Error ZWEL0157E: ${name} (zowe.setup.dataset.${key}) is not defined in Zowe YAML configuration file." "" 157 - fi - fi - - if [ "${key}" = "authLoadlib" ]; then - if [ "${ds}" = "${prefix}.SZWEAUTH" ]; then - run_aloadlib_create="false" - else - run_aloadlib_create="true" - # check existence - ds_existence=$(is_data_set_exists "${ds}") - if [ "${ds_existence}" = "true" ]; then - if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then - print_message "Warning ZWEL0300W: ${ds} already exists. Members in this data set will be overwritten." - else - print_message "Warning ZWEL0301W: ${ds} already exists and will not be overwritten. For upgrades, you must use --allow-overwrite." - fi - fi - fi - else - # check existence - ds_existence=$(is_data_set_exists "${ds}") - if [ "${ds_existence}" = "true" ]; then - if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then - print_message "Warning ZWEL0300W: ${ds} already exists. Members in this data set will be overwritten." - else - print_message "Warning ZWEL0301W: ${ds} already exists and will not be overwritten. For upgrades, you must use --allow-overwrite." - fi - fi - fi -done < { + for (let i = 0; i < datasets.length; i++) { + let key = datasets[i]; // read def and validate - let skip:boolean = false; - const ds=ZOWE_CONFIG.zowe.setup?.dataset ? ZOWE_CONFIG.zowe.setup.dataset[datasetDef.configKey] : undefined; + let skip: boolean = false; + const ds = ZOWE_CONFIG.zowe.setup?.dataset ? ZOWE_CONFIG.zowe.setup.dataset[key] : undefined; if (!ds) { // authLoadlib can be empty - if (datasetDef.configKey == 'authLoadlib') { + if (key == 'authLoadlib') { skip=true; } else { - common.printErrorAndExit(`Error ZWEL0157E: ${datasetDef.configKey} (zowe.setup.dataset.${datasetDef.configKey}) is not defined in Zowe YAML configuration file.`, undefined, 157); + common.printErrorAndExit(`Error ZWEL0157E: ${key} (zowe.setup.dataset.${key}) is not defined in Zowe YAML configuration file.`, undefined, 157); } } - - if (datasetDef.configKey == 'authLoadlib') { - runALoadlibCreate = ds == prefix+'SZWEAUTH' ? false : true; - } - if (!skip) { + if (key == 'authLoadlib') { + runALoadlibCreate = ds == prefix+'SZWEAUTH' ? false : true; + } + const datasetExists=zosdataset.isDatasetExists(ds); if (datasetExists) { if (allowOverwrite) { @@ -75,7 +65,7 @@ export function execute(allowOverwrite?: boolean) { } } } - }); + } if (skippedDatasets && !allowOverwrite) { common.printMessage(`Skipped writing to a dataset. To write, you must use --allow-overwrite.`); diff --git a/bin/commands/init/security/index.sh b/bin/commands/init/security/index.sh index 54f4193f67..5bab5bb233 100644 --- a/bin/commands/init/security/index.sh +++ b/bin/commands/init/security/index.sh @@ -22,50 +22,3 @@ if [ "${USE_CONFIGMGR}" = "true" ]; then else print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 fi - - -print_level1_message "Run Zowe security configurations" - -############################### -# validation -require_zowe_yaml - -# read prefix and validate -prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") -if [ -z "${prefix}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 -fi - -jcllib=$(verify_generated_jcl) -if [ "$?" -eq 1 ]; then - print_error_and_exit "Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 -fi - - -validation_list="groups.admin groups.stc groups.sysProg users.zowe users.zis stcs.zowe stcs.zis stcs.aux" - -for item in ${validation_list}; do - result=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.${item}") - if [ -z "${result}" ]; then - print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.${item}) is not defined in Zowe YAML configuration file." "" 157 - fi -done - -security_product=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.product") -if [ -z "${security_product}" ]; then - print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.product) is not defined in Zowe YAML configuration file." "" 157 -fi - -############################### -# submit job -print_and_handle_jcl "//'${jcllib}(ZWEI${security_product})'" "ZWEI${security_product}" "${jcllib}" "${prefix}" "false" "${ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES}" -print_message "" -print_message "WARNING: Due to the limitation of the ZWEI${security_product} job, exit with 0 does not mean" -print_message " the job is fully successful. Please check the job log to determine" -print_message " if there are any inline errors." -print_message "" -print_level2_message "Command run successfully." - - - - diff --git a/bin/commands/init/stc/index.sh b/bin/commands/init/stc/index.sh index a28703654a..51ecc442be 100644 --- a/bin/commands/init/stc/index.sh +++ b/bin/commands/init/stc/index.sh @@ -22,73 +22,3 @@ if [ "${USE_CONFIGMGR}" = "true" ]; then else print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 fi - - -print_level1_message "Install Zowe main started task" - -############################### -# validation -require_zowe_yaml - -# read prefix and validate -prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") -if [ -z "${prefix}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 -fi - -# read PROCLIB and validate -proclib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.proclib") -if [ -z "${proclib}" ]; then - print_error_and_exit "Error ZWEL0157E: PROCLIB (zowe.setup.dataset.proclib) is not defined in Zowe YAML configuration file." "" 157 -fi - -jcllib=$(verify_generated_jcl) -if [ "$?" -eq 1 ]; then - print_error_and_exit "Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 -fi - -security_stcs_zowe=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.stcs.zowe") -if [ -z "${security_stcs_zowe}" ]; then - print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.stcs.zowe) is not defined in Zowe YAML configuration file." "" 157 -fi -security_stcs_zis=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.stcs.zis") -if [ -z "${security_stcs_zis}" ]; then - print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.stcs.zis) is not defined in Zowe YAML configuration file." "" 157 -fi -security_stcs_aux=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.stcs.aux") -if [ -z "${security_stcs_aux}" ]; then - print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.stcs.aux) is not defined in Zowe YAML configuration file." "" 157 -fi -target_proclibs="${security_stcs_zowe} ${security_stcs_zis} ${security_stcs_aux}" - -for mb in ${target_proclibs}; do - # STCs in target proclib - stc_existence=$(is_data_set_exists "${proclib}(${mb})") - if [ "${stc_existence}" = "true" ]; then - if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then - print_message "Warning ZWEL0300W: ${proclib}(${mb}) already exists. This data set member will be overwritten during configuration." - else - print_message "Warning ZWEL0301W: ${proclib}(${mb}) already exists and will not be overwritten. For upgrades, you must use --allow-overwrite." - fi - fi -done - -if [ "${stc_existence}" = "true" ] && [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" != "true" ]; then - print_message "Skipped writing to ${proclib}. To write, you must use --allow-overwrite." -else - - jcl_file=$(create_tmp_file) - copy_mvs_to_uss "${jcllib}(ZWEISTC)" "${jcl_file}" - - # TODO limitation... if STC names are default, JCL IEBCOPY wont work, - # because in member selection argument, the "rename" operation cannot be from/to the same name. - # yet if we don't have the rename option, then name customization wont work either! - # so, we have to have some conditional logic somewhere. until figuring out how to fix this in ZWEGENER, i am putting it here... - jcl_edit=$(cat "${jcl_file}" | sed "s/ZWESLSTC,ZWESLSTC/ZWESLSTC/" | sed "s/ZWESISTC,ZWESISTC/ZWESISTC/" | sed "s/ZWESASTC,ZWESASTC/ZWESASTC/") - echo "${jcl_edit}" > "${jcl_file}" - - print_and_handle_jcl "${jcl_file}" "ZWEISTC" "${jcllib}" "${prefix}" "true" - print_level2_message "Zowe main started tasks are installed successfully." -fi - - diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index 8086bb3988..a8f8e777a1 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -22,65 +22,3 @@ if [ "${USE_CONFIGMGR}" = "true" ]; then else print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 fi - - -print_level1_message "Create VSAM storage for Zowe Caching Service" - -############################### -# constants - -############################### -# validation -require_zowe_yaml - -caching_storage=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".components.caching-service.storage.mode" | upper_case) -if [ "${caching_storage}" != "VSAM" ]; then - print_error "Warning ZWEL0301W: Zowe Caching Service is not configured to use VSAM. Command skipped." - return 0 -fi -# read prefix and validate -prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") -if [ -z "${prefix}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 -fi - -jcllib=$(verify_generated_jcl) -if [ "$?" -eq 1 ]; then - print_error_and_exit "Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 -fi - - -required_yaml_content="mode volume storageClass name" - -for key in ${required_params}; do - eval "${key}=$(read_yaml \"${ZWE_CLI_PARAMETER_CONFIG}\" \".zowe.setup.vsam.${key}\")" - if [ -z "${key}" ]; then - print_error_and_exit "Error ZWEL0157E: VSAM parameter (zowe.setup.vsam.${key}) is not defined in Zowe YAML configuration file." "" 157 - fi -done - -# VSAM cache cannot be overwritten, must delete manually -# FIXME: cat cannot be used to test VSAM data set -vsam_existence=$(is_data_set_exists "${name}") -if [ "${vsam_existence}" = "true" ]; then - if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then - # delete blindly and ignore errors - result=$(tso_command delete "'${name}'") - else - # error - print_error_and_exit "Error ZWEL0158E: ${name} already exists." "" 158 - fi -fi - - -############################### -# execution (or dry-run) - -print_and_handle_jcl "//'${jcllib}(ZWECSVSM)" "ZWECSVSM" "${jcllib}" "${prefix}" -if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then - if [ "${ZWE_CLI_PARAMETER_UPDATE_CONFIG}" = "true" ]; then - update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "components.caching-service.storage.vsam.name" "${name}" - print_level2_message "Zowe configuration is updated successfully." - fi -fi -print_level2_message "Zowe Caching Service VSAM storage is created successfully." diff --git a/bin/libs/zos-jes.ts b/bin/libs/zos-jes.ts index 749c62c991..09ae97acac 100644 --- a/bin/libs/zos-jes.ts +++ b/bin/libs/zos-jes.ts @@ -16,20 +16,22 @@ import * as common from './common'; import * as stringlib from './string'; import * as shell from './shell'; -export function submitJob(jclFile: string): string|undefined { - common.printDebug(`- submit job ${jclFile}`); +export function submitJob(jclFile: string, printJobDebug:boolean=true): string|undefined { + if (printJobDebug) { + common.printDebug(`- submit job ${jclFile}`); - common.printTrace(`- content of ${jclFile}`); - const catResult = shell.execOutSync('sh', '-c', `cat "${jclFile}" 2>&1`); - if (catResult.rc != 0) { - common.printTrace(` * Failed`); - common.printTrace(` * Exit code: ${catResult.rc}`); - common.printTrace(` * Output:`); - common.printTrace(stringlib.paddingLeft(catResult.out, " ")); - return undefined; - } - else { - common.printTrace(stringlib.paddingLeft(catResult.out, " ")); + common.printTrace(`- content of ${jclFile}`); + const catResult = shell.execOutSync('sh', '-c', `cat "${jclFile}" 2>&1`); + if (catResult.rc != 0) { + common.printTrace(` * Failed`); + common.printTrace(` * Exit code: ${catResult.rc}`); + common.printTrace(` * Output:`); + common.printTrace(stringlib.paddingLeft(catResult.out, " ")); + return undefined; + } + else { + common.printTrace(stringlib.paddingLeft(catResult.out, " ")); + } } // cat seems to work more reliably. sometimes, submit by itself just says it cannot find a real dataset. @@ -175,7 +177,7 @@ export function printAndHandleJcl(jclLocation: string, jobName: string, jcllib: let jobId: string|undefined; if (!std.getenv('ZWE_CLI_PARAMETER_DRY_RUN')) { common.printMessage(`Submitting Job ${jobName}`); - jobId=submitJob(jclLocation); + jobId=submitJob(jclLocation, false); if (!jobId) { jobHasFailures=true; if (continueOnFailure) { From ce48ee23ce9389ea6ed0917261e646b704b33ddd Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 9 Feb 2024 15:07:07 -0500 Subject: [PATCH 033/258] Add TS version of zwe install Signed-off-by: 1000TurquoisePogs --- bin/commands/init/mvs/index.ts | 2 +- bin/commands/init/vsam/index.ts | 8 +- bin/commands/install/cli.ts | 18 ++++ bin/commands/install/index.sh | 144 ++------------------------------ bin/commands/install/index.ts | 85 +++++++++++++++++++ bin/libs/zos-jes.ts | 52 +++++++----- example-zowe.yaml | 14 +--- files/SZWEEXEC/ZWEGEN00 | 1 + files/SZWESAMP/ZWEINSTL | 55 ++++++++++++ 9 files changed, 206 insertions(+), 173 deletions(-) create mode 100644 bin/commands/install/cli.ts create mode 100644 bin/commands/install/index.ts create mode 100644 files/SZWESAMP/ZWEINSTL diff --git a/bin/commands/init/mvs/index.ts b/bin/commands/init/mvs/index.ts index fc43b6d3de..06655bbb75 100644 --- a/bin/commands/init/mvs/index.ts +++ b/bin/commands/init/mvs/index.ts @@ -52,7 +52,7 @@ export function execute(allowOverwrite?: boolean) { } if (!skip) { if (key == 'authLoadlib') { - runALoadlibCreate = ds == prefix+'SZWEAUTH' ? false : true; + runALoadlibCreate = ds == (prefix+'.SZWEAUTH') ? false : true; } const datasetExists=zosdataset.isDatasetExists(ds); diff --git a/bin/commands/init/vsam/index.ts b/bin/commands/init/vsam/index.ts index 16de81412b..8462cde0b5 100644 --- a/bin/commands/init/vsam/index.ts +++ b/bin/commands/init/vsam/index.ts @@ -38,7 +38,13 @@ export function execute(allowOverwrite?: boolean, dryRun?: boolean, updateConfig return common.printErrorAndExit(`Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command.`, undefined, 999); } - ['mode', 'volume', 'storageClass', 'name'].forEach((key)=> { + const mode = ZOWE_CONFIG.zowe.setup?.vsam?.mode; + if (!mode) { + return common.printErrorAndExit(`Error ZWEL0999E: VSAM parameter (zowe.setup.vsam.mode) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + let keys = mode == 'NONRLS' ? ['volume', 'name'] : ['storageClass', 'name']; + + keys.forEach((key)=> { if (!ZOWE_CONFIG.zowe.setup.vsam || !ZOWE_CONFIG.zowe.setup.vsam[key]) { return common.printErrorAndExit(`Error ZWEL0157E: VSAM parameter (zowe.setup.vsam.${key}) is not defined in Zowe YAML configuration file.`, undefined, 157); } diff --git a/bin/commands/install/cli.ts b/bin/commands/install/cli.ts new file mode 100644 index 0000000000..bb5cb1c23b --- /dev/null +++ b/bin/commands/install/cli.ts @@ -0,0 +1,18 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as std from 'cm_std'; +import * as index from './index'; +import * as configmgr from '../../libs/configmgr'; + +index.execute(std.getenv("ZWE_CLI_PARAMETER_ALLOW_OVERWRITE") == 'true', std.getenv("ZWE_CLI_PARAMETER_DATASET_PREFIX")); + +configmgr.cleanupTempDir(); diff --git a/bin/commands/install/index.sh b/bin/commands/install/index.sh index a74da85c87..09a1059aa7 100644 --- a/bin/commands/install/index.sh +++ b/bin/commands/install/index.sh @@ -1,4 +1,4 @@ -#!/bin/sh + #!/bin/sh ####################################################################### # This program and the accompanying materials are made available @@ -11,142 +11,14 @@ # Copyright Contributors to the Zowe Project. ####################################################################### -print_level0_message "Install Zowe MVS data sets" +USE_CONFIGMGR=$(check_configmgr_enabled) +if [ "${USE_CONFIGMGR}" = "true" ]; then + if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then -############################### -# constants -# keep in sync with workflows/templates/smpe-install/ZWE3ALOC.vtl -cust_ds_list="${ZWE_PRIVATE_DS_SZWESAMP}|Zowe sample library|dsntype(library) dsorg(po) recfm(f b) lrecl(80) unit(sysallda) space(15,15) tracks -${ZWE_PRIVATE_DS_SZWEAUTH}|Zowe authorized load library|dsntype(library) dsorg(po) recfm(u) lrecl(0) blksize(32760) unit(sysallda) space(30,15) tracks -${ZWE_PRIVATE_DS_SZWELOAD}|Zowe load library|dsntype(library) dsorg(po) recfm(u) lrecl(0) blksize(32760) unit(sysallda) space(30,15) tracks -${ZWE_PRIVATE_DS_SZWEEXEC}|Zowe executable utilities library|dsntype(library) dsorg(po) recfm(f b) lrecl(80) unit(sysallda) space(15,15) tracks" - -############################### -# validation -if [ -n "${ZWE_CLI_PARAMETER_DATASET_PREFIX}" ]; then - prefix="${ZWE_CLI_PARAMETER_DATASET_PREFIX}" -else - require_zowe_yaml - - # read prefix and validate - prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") - if [ -z "${prefix}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 - fi -fi - -############################### -# create data sets if they do not exist -print_message "Create MVS data sets if they do not exist" -while read -r line; do - ds=$(echo "${line}" | awk -F"|" '{print $1}') - name=$(echo "${line}" | awk -F"|" '{print $2}') - spec=$(echo "${line}" | awk -F"|" '{print $3}') - - # check existence - ds_existence=$(is_data_set_exists "${prefix}.${ds}") - if [ "${ds_existence}" = "true" ]; then - if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then - # warning - print_message "Warning ZWEL0300W: ${prefix}.${ds} already exists. Members in this data set will be overwritten." - else - # print_error_and_exit "Error ZWEL0158E: ${prefix}.${ds} already exists." "" 158 - # warning - print_message "Warning ZWEL0301W: ${prefix}.${ds} already exists and will not be overwritten. For upgrades, you must use --allow-overwrite." - fi - else - print_message "Creating ${name} - ${prefix}.${ds}" - create_data_set "${prefix}.${ds}" "${spec}" - if [ $? -ne 0 ]; then - print_error_and_exit "Error ZWEL0111E: Command aborts with error." "" 111 - fi + # user-facing command, use tmpdir to not mess up workspace permissions + export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi -done < --help\" (for example, \"zwe init stc --help\") to get more information." -print_message diff --git a/bin/commands/install/index.ts b/bin/commands/install/index.ts new file mode 100644 index 0000000000..e029f93221 --- /dev/null +++ b/bin/commands/install/index.ts @@ -0,0 +1,85 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as std from 'cm_std'; +import * as xplatform from 'xplatform'; +import * as common from '../../libs/common'; +import * as config from '../../libs/config'; +import * as zosJes from '../../libs/zos-jes'; +import * as zosDataset from '../../libs/zos-dataset'; + +export function execute(allowOverwrite?: boolean, datasetPrefix?: string) { + common.printLevel0Message("Install Zowe MVS data sets"); + + + // constants + // keep in sync with workflows/templates/smpe-install/ZWE3ALOC.vtl + const custDsList = [ std.getenv('ZWE_PRIVATE_DS_SZWESAMP'), + std.getenv('ZWE_PRIVATE_DS_SZWEAUTH'), + std.getenv('ZWE_PRIVATE_DS_SZWELOAD'), + std.getenv('ZWE_PRIVATE_DS_SZWEEXEC') ]; + + let prefix: string; + + // validation + if (datasetPrefix) { + prefix = datasetPrefix; + } else { + common.requireZoweYaml(); + const zoweConfig = config.getZoweConfig(); + + // read prefix and validate + prefix = zoweConfig.zowe.setup.dataset.prefix; + if (!prefix) { + common.printErrorAndExit(`Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + } + + + // create data sets if they do not exist + common.printMessage(`Create MVS data sets if they do not exist`); + let dsExistence: boolean = false; + custDsList.forEach((ds)=> { + // check existence + dsExistence = zosDataset.isDatasetExists(prefix+'.'+ds); + if (dsExistence) { + if (allowOverwrite) { + // warning + common.printMessage(`Warning ZWEL0300W: ${prefix}.${ds} already exists. Members in this data set will be overwritten.`); + } else { + // warning + common.printMessage(`Warning ZWEL0301W: ${prefix}.${ds} already exists and will not be overwritten. For upgrades, you must use --allow-overwrite.`); + } + } + }); + common.printMessage(``); + + if (dsExistence && !allowOverwrite) { + common.printLevel1Message(`Zowe MVS data sets installation skipped.`); + } else { + let jclContents = xplatform.loadFileUTF8(std.getenv('ZWE_zowe_runtimeDirectory')+'/files/SZWESAMP/ZWEINSTL', xplatform.AUTO_DETECT); + jclContents = jclContents.replace(/\{zowe\.runtimeDirectory\}/gi, std.getenv('ZWE_zowe_runtimeDirectory')) + .replace(/\{zowe\.setup\.dataset\.prefix\}/gi, prefix) + + zosJes.printAndHandleJcl(jclContents, `ZWEINSTL`, prefix, prefix, false, false, true); + + // exit message + common.printLevel1Message(`Zowe MVS data sets are installed successfully.`); + } + + + common.printMessage(`Zowe installation completed. In order to use Zowe, you need to run \"zwe init\" command to initialize Zowe instance.`); + common.printMessage(`- Type \"zwe init --help\" to get more information.`); + common.printMessage(``); + common.printMessage(`You can also run individual init sub-commands: mvs, certificate, security, vsam, apfauth, and stc.`); + common.printMessage(`- Type \"zwe init --help\" (for example, \"zwe init stc --help\") to get more information.`); + common.printMessage(``); +} diff --git a/bin/libs/zos-jes.ts b/bin/libs/zos-jes.ts index 09ae97acac..f60803f383 100644 --- a/bin/libs/zos-jes.ts +++ b/bin/libs/zos-jes.ts @@ -16,26 +16,31 @@ import * as common from './common'; import * as stringlib from './string'; import * as shell from './shell'; -export function submitJob(jclFile: string, printJobDebug:boolean=true): string|undefined { +export function submitJob(jclFileOrContent: string, printJobDebug:boolean=true, jclIsContent?:boolean): string|undefined { if (printJobDebug) { - common.printDebug(`- submit job ${jclFile}`); + common.printDebug(`- submit job ${jclFileOrContent}`); - common.printTrace(`- content of ${jclFile}`); - const catResult = shell.execOutSync('sh', '-c', `cat "${jclFile}" 2>&1`); - if (catResult.rc != 0) { - common.printTrace(` * Failed`); - common.printTrace(` * Exit code: ${catResult.rc}`); - common.printTrace(` * Output:`); - common.printTrace(stringlib.paddingLeft(catResult.out, " ")); - return undefined; - } - else { - common.printTrace(stringlib.paddingLeft(catResult.out, " ")); + common.printTrace(`- content of ${jclFileOrContent}`); + if (!jclIsContent) { + const catResult = shell.execOutSync('sh', '-c', `cat "${jclFileOrContent}" 2>&1`); + if (catResult.rc != 0) { + common.printTrace(` * Failed`); + common.printTrace(` * Exit code: ${catResult.rc}`); + common.printTrace(` * Output:`); + common.printTrace(stringlib.paddingLeft(catResult.out, " ")); + return undefined; + } + else { + common.printTrace(stringlib.paddingLeft(catResult.out, " ")); + } + } else { + common.printTrace(jclFileOrContent); } } // cat seems to work more reliably. sometimes, submit by itself just says it cannot find a real dataset. - const result=shell.execOutSync('sh', '-c', `cat "${jclFile}" | submit 2>&1`); + const result = shell.execOutSync('sh', '-c', jclIsContent ? `echo "${jclFileOrContent}" | submit 2>&1` + : `cat "${jclFileOrContent}" | submit 2>&1`); // expected: JOB JOB????? submitted from path '...' const code=result.rc; if (code==0) { @@ -162,10 +167,13 @@ export function waitForJob(jobid: string): {jobcctext?: string, jobcccode?: stri } } -export function printAndHandleJcl(jclLocation: string, jobName: string, jcllib: string, prefix: string, removeJclOnFinish?: boolean, continueOnFailure?: boolean){ - const jclContents = shell.execOutSync('sh', '-c', `cat "${jclLocation}" 2>&1`).out; +export function printAndHandleJcl(jclLocationOrContent: string, jobName: string, jcllib: string, prefix: string, removeJclOnFinish?: boolean, continueOnFailure?: boolean, jclIsContent?: boolean){ + const jclContents = jclIsContent ? jclLocationOrContent : shell.execOutSync('sh', '-c', `cat "${jclLocationOrContent}" 2>&1`).out; let jobHasFailures = false; + if (jclIsContent) { + removeJclOnFinish = false; + } common.printMessage(`Template JCL: ${prefix}.SZWESAMP(${jobName}) , Executable JCL: ${jcllib}(${jobName})`); common.printMessage(`--- JCL Content ---`); @@ -177,7 +185,7 @@ export function printAndHandleJcl(jclLocation: string, jobName: string, jcllib: let jobId: string|undefined; if (!std.getenv('ZWE_CLI_PARAMETER_DRY_RUN')) { common.printMessage(`Submitting Job ${jobName}`); - jobId=submitJob(jclLocation, false); + jobId=submitJob(jclLocationOrContent, false, jclIsContent); if (!jobId) { jobHasFailures=true; if (continueOnFailure) { @@ -185,7 +193,7 @@ export function printAndHandleJcl(jclLocation: string, jobName: string, jcllib: jobId=undefined; } else { if (removeJclOnFinish) { - removeRc = os.remove(jclLocation); + removeRc = os.remove(jclLocationOrContent); } common.printErrorAndExit(`Error ZWEL0161E: Failed to run JCL ${jcllib}(${jobName}).`, undefined, 161); } @@ -199,7 +207,7 @@ export function printAndHandleJcl(jclLocation: string, jobName: string, jcllib: common.printError(`Warning ZWEL0162W: Failed to find job ${jobId} result.`); } else { if (removeJclOnFinish) { - removeRc = os.remove(jclLocation); + removeRc = os.remove(jclLocationOrContent); } common.printErrorAndExit(`Error ZWEL0162E: Failed to find job ${jobId} result.`, undefined, 162); } @@ -209,13 +217,13 @@ export function printAndHandleJcl(jclLocation: string, jobName: string, jcllib: common.printError(`Warning ZWEL0163W: Job ${jobname}(${jobId}) ends with code ${jobcccode} (${jobcctext}).`); } else { if (removeJclOnFinish) { - removeRc = os.remove(jclLocation); + removeRc = os.remove(jclLocationOrContent); } common.printErrorAndExit(`Error ZWEL0163E: Job ${jobname}(${jobId}) ends with code ${jobcccode} (${jobcctext}).`, undefined, 163); } } if (removeJclOnFinish) { - removeRc = os.remove(jclLocation); + removeRc = os.remove(jclLocationOrContent); } if (jobHasFailures) { common.printLevel2Message(`Job ended with some failures. Please check job log for details.`); @@ -226,7 +234,7 @@ export function printAndHandleJcl(jclLocation: string, jobName: string, jcllib: common.printMessage(`To perform command, re-run command without dry run flag, or submit the JCL directly`); common.printLevel2Message(`Command run successfully.`); if (removeJclOnFinish) { - removeRc = os.remove(jclLocation); + removeRc = os.remove(jclLocationOrContent); } return 0 } diff --git a/example-zowe.yaml b/example-zowe.yaml index 9540b5f92e..ef96de9672 100644 --- a/example-zowe.yaml +++ b/example-zowe.yaml @@ -314,22 +314,10 @@ zowe: # Where extensions are installed extensionDirectory: /global/zowe/extensions - # **COMMONLY_CUSTOMIZED** - useConfigmgr: true - # Setting to true will enable: - # * schema-backed validation of zowe.yaml - # * should greatly improve startup time. - # * can supply multiple zowe.yaml as defaults & overrides in the format of - # FILE(/my/customizations.yaml):PARMLIB(MYORG.ZOWE(YAML)):FILE(/zowe/defaults.yaml) - # * allows templating in zowe.yaml by putting references within ${{ }} blocks such as - # rewriting the job section below as - # job: - # name: ${{ zowe.job.prefix }}SV - # prefix: ZWE1 configmgr: # STRICT=quit on any error, including missing schema # COMPONENT-COMPAT=if component missing schema, skip it with warning instead of quit - validation: "COMPONENT-COMPAT" + validation: "STRICT" # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # runtime z/OS job name diff --git a/files/SZWEEXEC/ZWEGEN00 b/files/SZWEEXEC/ZWEGEN00 index 9c3a0afc3d..36d308a198 100644 --- a/files/SZWEEXEC/ZWEGEN00 +++ b/files/SZWEEXEC/ZWEGEN00 @@ -141,6 +141,7 @@ x = DeleteDataSet(jclCopy'(ZWESIP00)') x = DeleteDataSet(jclCopy'(ZWESIPRG)') x = DeleteDataSet(jclCopy'(ZWESISCH)') x = DeleteDataSet(jclCopy'(ZWESECKG)') +x = DeleteDataSet(jclCopy'(ZWEINSTL)') /* diff --git a/files/SZWESAMP/ZWEINSTL b/files/SZWESAMP/ZWEINSTL new file mode 100644 index 0000000000..3ee0b2ecd9 --- /dev/null +++ b/files/SZWESAMP/ZWEINSTL @@ -0,0 +1,55 @@ +//ZWEINSTL JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//MKPDSE EXEC PGM=IKJEFT01 +//SYSTSPRT DD SYSOUT=A +//SYSTSIN DD * +ALLOC NEW DA('{zowe.setup.dataset.prefix}.SZWESAMP') + +dsntype(library) dsorg(po) recfm(f b) lrecl(80) + +unit(sysallda) space(15,15) tracks + +ALLOC NEW DA('{zowe.setup.dataset.prefix}.SZWEEXEC') + +dsntype(library) dsorg(po) recfm(f b) lrecl(80) + +unit(sysallda) space(15,15) tracks + +ALLOC NEW DA('{zowe.setup.dataset.prefix}.SZWEAUTH') + +dsntype(library) dsorg(po) recfm(u) lrecl(0) + +blksize(32760) unit(sysallda) space(30,15) tracks + +ALLOC NEW DA('{zowe.setup.dataset.prefix}.SZWELOAD') + +dsntype(library) dsorg(po) recfm(u) lrecl(0) + +blksize(32760) unit(sysallda) space(30,15) tracks +//* +//* +//AUTHCPY EXEC PGM=BPXBATCH +//BPXPRINT DD SYSOUT=* +//STDOUT DD SYSOUT=* +//STDERR DD SYSOUT=* +//STDPARM DD * +SH cd {zowe.runtimeDirectory} && +cd files/SZWESAMP && +cp * "//'{zowe.setup.dataset.prefix}.SZWESAMP'" && +cd ../SZWEEXEC && +cp * "//'{zowe.setup.dataset.prefix}.SZWEEXEC'" && +cd ../SZWELOAD && +cp * "//'{zowe.setup.dataset.prefix}.SZWELOAD'" && +cd ../../components/launcher/bin +cp zowe_launcher "//'{zowe.setup.dataset.prefix}.SZWEAUTH'" && +cd ../../zss/SAMPLIB && +cp ZWESASTC ZWESIP00 ZWESISTC ZWESISCH + "//'{zowe.setup.dataset.prefix}.SZWESAMP'" && +cd ../LOADLIB && +cp ZWESIS01 ZWESAUX ZWESISDL + "//'{zowe.setup.dataset.prefix}.SZWEAUTH'" +/* + From 4479db9241dfca1eb6a9c784e31171090052addf Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 9 Feb 2024 15:33:09 -0500 Subject: [PATCH 034/258] Revert install command for now while more testing is done Signed-off-by: 1000TurquoisePogs --- bin/commands/install/index.sh | 144 ++++++++++++++++++++++++++++++++-- 1 file changed, 136 insertions(+), 8 deletions(-) diff --git a/bin/commands/install/index.sh b/bin/commands/install/index.sh index 09a1059aa7..0fc9e7fad6 100644 --- a/bin/commands/install/index.sh +++ b/bin/commands/install/index.sh @@ -1,4 +1,4 @@ - #!/bin/sh +#!/bin/sh ####################################################################### # This program and the accompanying materials are made available @@ -11,14 +11,142 @@ # Copyright Contributors to the Zowe Project. ####################################################################### -USE_CONFIGMGR=$(check_configmgr_enabled) -if [ "${USE_CONFIGMGR}" = "true" ]; then - if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then +print_level0_message "Install Zowe MVS data sets" - # user-facing command, use tmpdir to not mess up workspace permissions - export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 +############################### +# constants +# keep in sync with workflows/templates/smpe-install/ZWE3ALOC.vtl +cust_ds_list="${ZWE_PRIVATE_DS_SZWESAMP}|Zowe sample library|dsntype(library) dsorg(po) recfm(f b) lrecl(80) unit(sysallda) space(15,15) tracks +${ZWE_PRIVATE_DS_SZWEAUTH}|Zowe authorized load library|dsntype(library) dsorg(po) recfm(u) lrecl(0) blksize(32760) unit(sysallda) space(30,15) tracks +${ZWE_PRIVATE_DS_SZWELOAD}|Zowe load library|dsntype(library) dsorg(po) recfm(u) lrecl(0) blksize(32760) unit(sysallda) space(30,15) tracks +${ZWE_PRIVATE_DS_SZWEEXEC}|Zowe executable utilities library|dsntype(library) dsorg(po) recfm(f b) lrecl(80) unit(sysallda) space(15,15) tracks" + +############################### +# validation +if [ -n "${ZWE_CLI_PARAMETER_DATASET_PREFIX}" ]; then + prefix="${ZWE_CLI_PARAMETER_DATASET_PREFIX}" +else + require_zowe_yaml + + # read prefix and validate + prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") + if [ -z "${prefix}" ]; then + print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 + fi +fi + +############################### +# create data sets if they do not exist +print_message "Create MVS data sets if they do not exist" +while read -r line; do + ds=$(echo "${line}" | awk -F"|" '{print $1}') + name=$(echo "${line}" | awk -F"|" '{print $2}') + spec=$(echo "${line}" | awk -F"|" '{print $3}') + + # check existence + ds_existence=$(is_data_set_exists "${prefix}.${ds}") + if [ "${ds_existence}" = "true" ]; then + if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then + # warning + print_message "Warning ZWEL0300W: ${prefix}.${ds} already exists. Members in this data set will be overwritten." + else + # print_error_and_exit "Error ZWEL0158E: ${prefix}.${ds} already exists." "" 158 + # warning + print_message "Warning ZWEL0301W: ${prefix}.${ds} already exists and will not be overwritten. For upgrades, you must use --allow-overwrite." + fi + else + print_message "Creating ${name} - ${prefix}.${ds}" + create_data_set "${prefix}.${ds}" "${spec}" + if [ $? -ne 0 ]; then + print_error_and_exit "Error ZWEL0111E: Command aborts with error." "" 111 + fi fi - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/install/cli.js" +done < --help\" (for example, \"zwe init stc --help\") to get more information." +print_message From 10e8340185295036e23d6dc846ea664e328cf196 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 12 Feb 2024 07:32:54 -0500 Subject: [PATCH 035/258] Do not rename members Signed-off-by: 1000TurquoisePogs --- bin/commands/install/index.sh | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/bin/commands/install/index.sh b/bin/commands/install/index.sh index 0fc9e7fad6..df76a4c66e 100644 --- a/bin/commands/install/index.sh +++ b/bin/commands/install/index.sh @@ -115,15 +115,10 @@ else # FIXME: move these parts to zss commands.install? # FIXME: ZWESIPRG is in zowe-install-packaging cd "${ZWE_zowe_runtimeDirectory}/components/zss" - zss_samplib="ZWESAUX=ZWESASTC ZWESIP00 ZWESIS01=ZWESISTC ZWESISCH" + zss_samplib="ZWESASTC ZWESIP00 ZWESISTC ZWESISCH" for mb in ${zss_samplib}; do - mb_from=$(echo "${mb}" | awk -F= '{print $1}') - mb_to=$(echo "${mb}" | awk -F= '{print $2}') - if [ -z "${mb_to}" ]; then - mb_to="${mb_from}" - fi - print_message "Copy components/zss/SAMPLIB/${mb_from} to ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(${mb_to})" - copy_to_data_set "SAMPLIB/${mb_from}" "${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(${mb_to})" "" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" + print_message "Copy components/zss/SAMPLIB/${mb} to ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(${mb})" + copy_to_data_set "SAMPLIB/${mb}" "${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(${mb})" "" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" if [ $? -ne 0 ]; then print_error_and_exit "Error ZWEL0111E: Command aborts with error." "" 111 fi From c9aa8b1d551166ab1eabce5b43177b7a448e12da Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 12 Feb 2024 08:42:54 -0500 Subject: [PATCH 036/258] Split ZWENOKYR, fix bug on submitting right job for ZWEKRING replacements, and update workflows to reference right job names Signed-off-by: 1000TurquoisePogs --- bin/libs/certificate.sh | 40 +++++----- files/SZWEEXEC/ZWEGEN00 | 6 ++ files/SZWESAMP/ZWENOKRA | 79 +++++++++++++++++++ files/SZWESAMP/{ZWENOKYR => ZWENOKRR} | 70 +--------------- files/SZWESAMP/ZWENOKRT | 72 +++++++++++++++++ playbooks/roles/configure/tasks/show_logs.yml | 18 ++++- .../roles/zowe/tasks/purge_job_outputs.yml | 18 ++++- 7 files changed, 207 insertions(+), 96 deletions(-) create mode 100644 files/SZWESAMP/ZWENOKRA rename files/SZWESAMP/{ZWENOKYR => ZWENOKRR} (59%) create mode 100644 files/SZWESAMP/ZWENOKRT diff --git a/bin/libs/certificate.sh b/bin/libs/certificate.sh index f5a5c03c39..8e09e982df 100644 --- a/bin/libs/certificate.sh +++ b/bin/libs/certificate.sh @@ -816,11 +816,7 @@ keyring_run_zwekring_jcl() { jcllib="${2}" # should be 1, 2 or 3 jcloption="${3}" - keyring_owner="${4}" - keyring_name="${5}" domains="${6}" - alias="${7}" - ca_alias="${8}" # external CA labels separated by comma (label can have spaces) ext_cas="${9}" # set to 1 or true to import z/OSMF CA @@ -829,12 +825,6 @@ keyring_run_zwekring_jcl() { trust_zosmf=1 fi zosmf_root_ca="${11}" - # option 2 - connect existing - connect_user="${12}" - connect_label="${13}" - # option 3 - import from data set - import_ds_name="${14}" - import_ds_password="${15}" validity="${16:-${ZWE_PRIVATE_DEFAULT_CERTIFICATE_VALIDITY}}" security_product=${17:-RACF} @@ -963,10 +953,10 @@ EOF ############################### # submit job print_message "Submitting Job ${member_name})" - jobid=$(submit_job "//'${jcllib}(${tmpdsm})'") + jobid=$(submit_job "${tmpfile}") code=$? if [ ${code} -ne 0 ]; then - print_error "Error ZWEL0161E: Failed to run JCL ${jcllib}(${tmpdsm})." + print_error "Error ZWEL0161E: Failed to run JCL ${jcllib}(${member_name})." return 161 fi print_debug "- job id ${jobid}" @@ -997,15 +987,21 @@ EOF keyring_run_zwenokyr_jcl() { prefix="${1}" jcllib="${2}" - keyring_owner="${3}" - keyring_name="${4}" - alias="${5}" - ca_alias="${6}" - security_product=${7:-RACF} + security_product="${3}" - jcl_contents=$(cat "//'${jcllib}(ZWENOKYR)'") + member_prefix="ZWEINOKR" + if [ "${security_product}" = "TSS" ]; then + member_name="${member_prefix}T" + elif [ "${security_product}" = "ACF2" ]; then + member_name="${member_prefix}A" + else + member_name="${member_prefix}R" + fi + + + jcl_contents=$(cat "//'${jcllib}(${member_name})'") - print_message "Template JCL: ${prefix}.SZWESAMP(ZWENOKYR) , Executable JCL: ${jcllib}(ZWENOKYR)" + print_message "Template JCL: ${prefix}.SZWESAMP(${member_name}) , Executable JCL: ${jcllib}(${member_name})" print_message "--- JCL Content ---" print_message "$jcl_contents" print_message "--- End of JCL ---" @@ -1016,11 +1012,11 @@ keyring_run_zwenokyr_jcl() { print_message "JCL not submitted, command run with dry run flag." print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" else - print_message "Submitting Job ZWENOKYR" - jobid=$(submit_job "//'${jcllib}(${tmpdsm})'") + print_message "Submitting Job ${member_name}" + jobid=$(submit_job "//'${jcllib}(${member_name}})'") code=$? if [ ${code} -ne 0 ]; then - print_error "Error ZWEL0161E: Failed to run JCL ${jcllib}(${tmpdsm})." + print_error "Error ZWEL0161E: Failed to run JCL ${jcllib}(${member_name})." return 161 fi print_debug "- job id ${jobid}" diff --git a/files/SZWEEXEC/ZWEGEN00 b/files/SZWEEXEC/ZWEGEN00 index 36d308a198..6dbaa1ffa6 100644 --- a/files/SZWEEXEC/ZWEGEN00 +++ b/files/SZWEEXEC/ZWEGEN00 @@ -185,6 +185,8 @@ if COMPARE('RCVT', CVTRAC_VAL) = 0 then do x = DeleteDataSet(jclCopy'(ZWEIKRT3)') x = DeleteDataSet(jclCopy'(ZWEIACF2)') x = DeleteDataSet(jclCopy'(ZWEITSS)') + x = DeleteDataSet(jclCopy'(ZWENOKRA)') + x = DeleteDataSet(jclCopy'(ZWENOKRT)') end if COMPARE('RTSS', CVTRAC_VAL) = 0 then do x = DeleteDataSet(jclCopy'(ZWEIKRA1)') @@ -195,6 +197,8 @@ if COMPARE('RTSS', CVTRAC_VAL) = 0 then do x = DeleteDataSet(jclCopy'(ZWEIKRR3)') x = DeleteDataSet(jclCopy'(ZWEIACF2)') x = DeleteDataSet(jclCopy'(ZWEIRACF)') + x = DeleteDataSet(jclCopy'(ZWENOKRA)') + x = DeleteDataSet(jclCopy'(ZWENOKRR)') end if COMPARE('ACF2', CVTRAC_VAL) = 0 then do x = DeleteDataSet(jclCopy'(ZWEIKRT1)') @@ -205,6 +209,8 @@ if COMPARE('ACF2', CVTRAC_VAL) = 0 then do x = DeleteDataSet(jclCopy'(ZWEIKRR3)') x = DeleteDataSet(jclCopy'(ZWEIRACF)') x = DeleteDataSet(jclCopy'(ZWEITSS)') + x = DeleteDataSet(jclCopy'(ZWENOKRT)') + x = DeleteDataSet(jclCopy'(ZWENOKRR)') end say jcl' has been copied to 'jclCopy'.' diff --git a/files/SZWESAMP/ZWENOKRA b/files/SZWESAMP/ZWENOKRA new file mode 100644 index 0000000000..edd66603d8 --- /dev/null +++ b/files/SZWESAMP/ZWENOKRA @@ -0,0 +1,79 @@ +//ZWENOKRA JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* Zowe Open Source Project +//* This JCL can be used to remove key ring and certificates for Zowe +//* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* Note(s): +//* +//* 1. THE USER ID THAT RUNS THIS JOB MUST HAVE SUFFICIENT AUTHORITY +//* TO ALTER SECURITY DEFINITIONS +//* +//* 2. This job WILL complete with return code 0. +//* The results of each command must be verified after completion. +//* +//******************************************************************* +// EXPORT SYMLIST=* +//* +//********************************************************************* +//* +//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT +//* +//RUN EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//* +//********************************************************************* +//* +//* ACF2 ONLY, customize to meet your system requirements +//* +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF + +* Remove permit to use SITE owned certificate's private key + SET RESOURCE(FAC) + RECKEY IRR DEL(DIGTCERT.GENCERT + + ROLE({zowe.setup.security.groups.stc}) + + SERVICE(CONTROL) ALLOW) + +* Remove permit to read keyring ....................................*/ + RECKEY IRR DEL(DIGTCERT.LISTRING + + ROLE({zowe.setup.security.groups.stc}) + + SERVICE(READ) ALLOW) + + F ACF2,REBUILD(FAC) + +* Delete LABEL certificate ........................................*/ + DELETE {zowe.setup.security.users.zowe}.ZOWECERT + +* Delete LOCALCA certificate ......................................*/ + DELETE CERTAUTH.ZOWECA + +* Delete keyring ...................................................*/ + SET PROFILE(USER) DIVISION(KEYRING) + DELETE {zowe.setup.security.users.zowe}.ZOWERING + + F ACF2,REBUILD(USR),CLASS(P),DIVISION(KEYRING) + +END +$$ +//* + diff --git a/files/SZWESAMP/ZWENOKYR b/files/SZWESAMP/ZWENOKRR similarity index 59% rename from files/SZWESAMP/ZWENOKYR rename to files/SZWESAMP/ZWENOKRR index 990dcb889f..adc0f95f5c 100644 --- a/files/SZWESAMP/ZWENOKYR +++ b/files/SZWESAMP/ZWENOKRR @@ -1,4 +1,4 @@ -//ZWENOKYR JOB +//ZWENOKRR JOB //* //* This program and the accompanying materials are made available //* under the terms of the Eclipse Public License v2.0 which @@ -22,9 +22,6 @@ //* 1) Add job name and job parameters to the JOB statement, to //* meet your system requirements. //* -//* 2) Customize the commands in the DD statement that matches your -//* security product so that they meet your system requirements. -//* //* Note(s): //* //* 1. THE USER ID THAT RUNS THIS JOB MUST HAVE SUFFICIENT AUTHORITY @@ -49,7 +46,7 @@ //* //RUN EXEC PGM=IKJEFT01,REGION=0M //SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME={zowe.setup.security.product} +//SYSTSIN DD DDNAME=RACF //* //********************************************************************* //* @@ -99,67 +96,4 @@ PROFILE $$ //* -//********************************************************************* -//* -//* ACF2 ONLY, customize to meet your system requirements -//* -//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY -ACF - -* Remove permit to use SITE owned certificate's private key - SET RESOURCE(FAC) - RECKEY IRR DEL(DIGTCERT.GENCERT + - ROLE({zowe.setup.security.groups.stc}) + - SERVICE(CONTROL) ALLOW) - -* Remove permit to read keyring ....................................*/ - RECKEY IRR DEL(DIGTCERT.LISTRING + - ROLE({zowe.setup.security.groups.stc}) + - SERVICE(READ) ALLOW) - - F ACF2,REBUILD(FAC) - -* Delete LABEL certificate ........................................*/ - DELETE {zowe.setup.security.users.zowe}.ZOWECERT - -* Delete LOCALCA certificate ......................................*/ - DELETE CERTAUTH.ZOWECA - -* Delete keyring ...................................................*/ - SET PROFILE(USER) DIVISION(KEYRING) - DELETE {zowe.setup.security.users.zowe}.ZOWERING - - F ACF2,REBUILD(USR),CLASS(P),DIVISION(KEYRING) - -END -$$ -//* -//********************************************************************* -//* -//* Top Secret ONLY, customize to meet your system requirements -//* -//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Remove permit to use SITE owned certificate's private key */ - TSS REVOKE({zowe.setup.security.users.zowe}) + - IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) - -/* Remove permit to read keyring ................................... */ - TSS REVOKE({zowe.setup.security.users.zowe}) + - IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) - -/* Delete LABEL certificate ........................................*/ - TSS REM({zowe.setup.security.users.zowe}) DIGICERT(ZOWECERT) - -/* Delete LOCALCA certificate ......................................*/ - TSS REM(CERTAUTH) DIGICERT(ZOWECA) - -/* Delete keyring ...................................................*/ - TSS REM({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) - -/* ................................................................. */ -/* only the last RC is returned, this command ensures it is a 0 */ -PROFILE -$$ -//* diff --git a/files/SZWESAMP/ZWENOKRT b/files/SZWESAMP/ZWENOKRT new file mode 100644 index 0000000000..9a14e5be05 --- /dev/null +++ b/files/SZWESAMP/ZWENOKRT @@ -0,0 +1,72 @@ +//ZWENOKRT JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* Zowe Open Source Project +//* This JCL can be used to remove key ring and certificates for Zowe +//* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* Note(s): +//* +//* 1. THE USER ID THAT RUNS THIS JOB MUST HAVE SUFFICIENT AUTHORITY +//* TO ALTER SECURITY DEFINITIONS +//* +//* 2. This job WILL complete with return code 0. +//* The results of each command must be verified after completion. +//* +//******************************************************************* +// EXPORT SYMLIST=* +//* +//********************************************************************* +//* +//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT +//* +//RUN EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//* +//********************************************************************* +//* +//* Top Secret ONLY, customize to meet your system requirements +//* +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Remove permit to use SITE owned certificate's private key */ + TSS REVOKE({zowe.setup.security.users.zowe}) + + IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) + +/* Remove permit to read keyring ................................... */ + TSS REVOKE({zowe.setup.security.users.zowe}) + + IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) + +/* Delete LABEL certificate ........................................*/ + TSS REM({zowe.setup.security.users.zowe}) DIGICERT(ZOWECERT) + +/* Delete LOCALCA certificate ......................................*/ + TSS REM(CERTAUTH) DIGICERT(ZOWECA) + +/* Delete keyring ...................................................*/ + TSS REM({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + +/* ................................................................. */ +/* only the last RC is returned, this command ensures it is a 0 */ +PROFILE +$$ +//* + diff --git a/playbooks/roles/configure/tasks/show_logs.yml b/playbooks/roles/configure/tasks/show_logs.yml index c6c266738c..2d36f5b77f 100644 --- a/playbooks/roles/configure/tasks/show_logs.yml +++ b/playbooks/roles/configure/tasks/show_logs.yml @@ -37,9 +37,21 @@ vars: show_jobs_name: "{{ job_name_to_show }}" loop: - - ZWESECUR - - ZWEKRING - - ZWENOKYR + - ZWEIACF2 + - ZWEIRACF + - ZWEITSS + - ZWEIKRR1 + - ZWEIKRR2 + - ZWEIKRR3 + - ZWEIKRA1 + - ZWEIKRA2 + - ZWEIKRA3 + - ZWEIKRT1 + - ZWEIKRT2 + - ZWEIKRT3 + - ZWENOKRR + - ZWENOKRT + - ZWENOKRA - ZWECSVSM loop_control: loop_var: job_name_to_show diff --git a/playbooks/roles/zowe/tasks/purge_job_outputs.yml b/playbooks/roles/zowe/tasks/purge_job_outputs.yml index f8ebf58894..7bd234a937 100644 --- a/playbooks/roles/zowe/tasks/purge_job_outputs.yml +++ b/playbooks/roles/zowe/tasks/purge_job_outputs.yml @@ -45,8 +45,20 @@ vars: purge_jobs_name: "{{ job_name_to_purge }}" loop: - - ZWESECUR - - ZWEKRING - - ZWENOKYR + - ZWEIACF2 + - ZWEIRACF + - ZWEITSS + - ZWEIKRR1 + - ZWEIKRR2 + - ZWEIKRR3 + - ZWEIKRA1 + - ZWEIKRA2 + - ZWEIKRA3 + - ZWEIKRT1 + - ZWEIKRT2 + - ZWEIKRT3 + - ZWENOKRR + - ZWENOKRT + - ZWENOKRA loop_control: loop_var: job_name_to_purge From 3ffb478a3d2911ca8f726434645e4810f9a7a4da Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 12 Feb 2024 10:02:02 -0500 Subject: [PATCH 037/258] Fixes to bugs found by @Martin-Zeithaml Signed-off-by: 1000TurquoisePogs --- bin/commands/install/.help | 1 + files/SZWESAMP/ZWEIAPF | 4 ++-- files/SZWESAMP/ZWEIKRA3 | 2 +- files/SZWESAMP/ZWEIKRR3 | 2 +- files/SZWESAMP/ZWEIKRT3 | 2 +- 5 files changed, 6 insertions(+), 5 deletions(-) diff --git a/bin/commands/install/.help b/bin/commands/install/.help index 3e21d52635..5934904669 100644 --- a/bin/commands/install/.help +++ b/bin/commands/install/.help @@ -19,3 +19,4 @@ Expected outputs: * `SZWEAUTH` contains few Zowe load modules (++PROGRAM). * `SZWESAMP` contains several sample configurations. * `SZWEEXEC` contains few utilities used by Zowe. + * `SZWELOAD` contains config manager for rexx. \ No newline at end of file diff --git a/files/SZWESAMP/ZWEIAPF b/files/SZWESAMP/ZWEIAPF index dc59bd3ca9..ba329bb8af 100644 --- a/files/SZWESAMP/ZWEIAPF +++ b/files/SZWESAMP/ZWEIAPF @@ -22,9 +22,9 @@ //* //* This dataset holds product plugins for ZIS, //* ZIS is located in the LOADLIB. -// SET PLUGINLIB='{zowe.setup.dataset.authPluginLib}' +// SET PLUGLIB='{zowe.setup.dataset.authPluginLib}' //* //APFLOAD COMMAND 'SETPROG APF,ADD,DSN=&LOADLIB' //* -//APFLIB COMMAND 'SETPROG APF,ADD,DSN=&PLUGINLIB' +//APFLIB COMMAND 'SETPROG APF,ADD,DSN=&PLUGLIB' //* diff --git a/files/SZWESAMP/ZWEIKRA3 b/files/SZWESAMP/ZWEIKRA3 index 1d646a558d..e475a378a6 100644 --- a/files/SZWESAMP/ZWEIKRA3 +++ b/files/SZWESAMP/ZWEIKRA3 @@ -15,7 +15,7 @@ //* //* ATTENTION! //* Each ZWEIKR JCL is for different ESM and Keyring options. -// This one is for importing a PKCS12 certificate from a data set. +//* This one is for importing a PKCS12 certificate from a data set. //* //********************************************************************* //* diff --git a/files/SZWESAMP/ZWEIKRR3 b/files/SZWESAMP/ZWEIKRR3 index 7280cc194c..3fd354d4bb 100644 --- a/files/SZWESAMP/ZWEIKRR3 +++ b/files/SZWESAMP/ZWEIKRR3 @@ -16,7 +16,7 @@ //* //* ATTENTION! //* Each ZWEIKR JCL is for different ESM and Keyring options. -// This one is for importing a PKCS12 certificate from a data set. +//* This one is for importing a PKCS12 certificate from a data set. //* //********************************************************************* //* diff --git a/files/SZWESAMP/ZWEIKRT3 b/files/SZWESAMP/ZWEIKRT3 index b12a8b0c08..25b63b27e4 100644 --- a/files/SZWESAMP/ZWEIKRT3 +++ b/files/SZWESAMP/ZWEIKRT3 @@ -15,7 +15,7 @@ //* //* ATTENTION! //* Each ZWEIKR JCL is for different ESM and Keyring options. -// This one is for importing a PKCS12 certificate from a data set. +//* This one is for importing a PKCS12 certificate from a data set. //* //********************************************************************* //* From ce6b0854c55b11c81d3ea8477631d8ac358743b0 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 12 Feb 2024 13:47:00 -0500 Subject: [PATCH 038/258] Fix bug in init stc where it said ZWE**S**ISTC accidentally. Fix string replace logic there too where a comma , was lost in string replace. Also improve code as suggested by @Martin-Zeithaml Signed-off-by: 1000TurquoisePogs --- bin/commands/init/generate/index.ts | 16 +++++++++++++++- bin/commands/init/stc/index.ts | 26 +++++++++++++------------- files/SZWESAMP/ZWEGENER | 2 +- 3 files changed, 29 insertions(+), 15 deletions(-) diff --git a/bin/commands/init/generate/index.ts b/bin/commands/init/generate/index.ts index 3b6ee91adb..956fb59709 100644 --- a/bin/commands/init/generate/index.ts +++ b/bin/commands/init/generate/index.ts @@ -27,7 +27,21 @@ export function execute(dryRun?: boolean) { jclContents = jclContents.replace(/\{zowe\.setup\.dataset\.prefix\}/gi, ZOWE_CONFIG.zowe.setup.dataset.prefix); jclContents = jclContents.replace(/\{zowe\.runtimeDirectory\}/gi, ZOWE_CONFIG.zowe.runtimeDirectory); - let absConfig = fs.convertToAbsolutePath(std.getenv('ZWE_PRIVATE_CONFIG_ORIG')); + let originalConfig = std.getenv('ZWE_PRIVATE_CONFIG_ORIG'); + let fileIndex = originalConfig.indexOf('FILE('); + let lastIndex = 0; + let absConfig = ''; + while (fileIndex != -1) { + absConfig += originalConfig.substring(lastIndex, fileIndex+5); + let parenIndex = originalConfig.indexOf(')', fileIndex+5); + let fileRef = originalConfig.substring(fileIndex+5, parenIndex); + let absRef = fs.convertToAbsolutePath(fileRef); + absConfig += absRef + ')'; + lastIndex = parenIndex+1; + fileIndex = originalConfig.indexOf('FILE(', lastIndex); + } + absConfig += originalConfig.substring(lastIndex); + jclContents = jclContents.replace('FILE ', 'FILE '+absConfig); xplatform.storeFileUTF8(tempFile, xplatform.AUTO_DETECT, jclContents); diff --git a/bin/commands/init/stc/index.ts b/bin/commands/init/stc/index.ts index 35debe9263..7b1fa212d5 100644 --- a/bin/commands/init/stc/index.ts +++ b/bin/commands/init/stc/index.ts @@ -84,20 +84,20 @@ export function execute(allowOverwrite: boolean = false) { if (stcExistence == true && !allowOverwrite) { common.printMessage(`Skipped writing to ${proclib}. To write, you must use --allow-overwrite.`); } else { - // prepare STCs - - // ZWESISTC + // Fix JCL if needed - cannot copy member with same name via (foo,foo,R) + // must instead be (foo,,R), so do string replace if see dual name. + const tmpfile = fs.createTmpFile(`zwe ${COMMAND_LIST}`.replace(new RegExp('\ ', 'g'), '-')); - common.printDebug(`- Copy ${jcllib}(ZWESISTC) to ${tmpfile}`); - const sistcContent = shell.execOutSync('sh', '-c', `cat "//'${jcllib}(ZWESISTC)'" 2>&1`); - if (sistcContent.out && sistcContent.rc == 0) { + common.printDebug(`- Copy ${jcllib}(ZWEISTC) to ${tmpfile}`); + const jclContent = shell.execOutSync('sh', '-c', `cat "//'${jcllib}(ZWEISTC)'" 2>&1`); + if (jclContent.out && jclContent.rc == 0) { common.printDebug(` * Succeeded`); common.printTrace(` * Output:`); - common.printTrace(stringlib.paddingLeft(sistcContent.out, " ")); + common.printTrace(stringlib.paddingLeft(jclContent.out, " ")); - const tmpFileContent = sistcContent.out.replace("ZWESLSTC,ZWESLSTC", "ZWESLSTC") - .replace("ZWESISTC,ZWESISTC", "ZWESISTC") - .replace("ZWESASTC,ZWESASTC", "ZWESASTC"); + const tmpFileContent = jclContent.out.replace("ZWESLSTC,ZWESLSTC", "ZWESLSTC,") + .replace("ZWESISTC,ZWESISTC", "ZWESISTC,") + .replace("ZWESASTC,ZWESASTC", "ZWESASTC,"); xplatform.storeFileUTF8(tmpfile, xplatform.AUTO_DETECT, tmpFileContent); common.printTrace(` * Stored:`); common.printTrace(stringlib.paddingLeft(tmpFileContent, " ")); @@ -105,10 +105,10 @@ export function execute(allowOverwrite: boolean = false) { shell.execSync('chmod', '700', tmpfile); } else { common.printDebug(` * Failed`); - common.printError(` * Exit code: ${sistcContent.rc}`); + common.printError(` * Exit code: ${jclContent.rc}`); common.printError(` * Output:`); - if (sistcContent.out) { - common.printError(stringlib.paddingLeft(sistcContent.out, " ")); + if (jclContent.out) { + common.printError(stringlib.paddingLeft(jclContent.out, " ")); } std.exit(1); } diff --git a/files/SZWESAMP/ZWEGENER b/files/SZWESAMP/ZWEGENER index 3d84f4dcc5..ae147824e9 100644 --- a/files/SZWESAMP/ZWEGENER +++ b/files/SZWESAMP/ZWEGENER @@ -13,7 +13,7 @@ //* this job as many times as you need. //* //* Configmgr documentation: -//* docs.zowe.org/stable/user-guide/configmgr-using +//* https://docs.zowe.org/stable/user-guide/configmgr-using //* //* Note: Any string with braces has an associated yaml value //* in one of the yaml definitions for Zowe. From 0acee7e5d25ae2cfdb2c280f86128531bef91fc4 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 12 Feb 2024 14:31:18 -0500 Subject: [PATCH 039/258] Simplify init certificate shell code by removing certificate/keyring-jcl middleman (unused elsewhere) and putting read-yaml usage into only the conditions that will need them, so that unused vars do not slow down execution Signed-off-by: 1000TurquoisePogs --- bin/commands/certificate/.examples | 2 - .../certificate/keyring-jcl/.examples | 3 - bin/commands/certificate/keyring-jcl/.help | 1 - .../certificate/keyring-jcl/clean/.errors | 1 - .../certificate/keyring-jcl/clean/.examples | 1 - .../certificate/keyring-jcl/clean/.help | 1 - .../certificate/keyring-jcl/clean/.parameters | 9 - .../certificate/keyring-jcl/clean/index.sh | 48 --- .../certificate/keyring-jcl/connect/.errors | 1 - .../certificate/keyring-jcl/connect/.examples | 1 - .../certificate/keyring-jcl/connect/.help | 1 - .../keyring-jcl/connect/.parameters | 13 - .../certificate/keyring-jcl/connect/index.sh | 59 ---- .../certificate/keyring-jcl/generate/.errors | 1 - .../keyring-jcl/generate/.examples | 1 - .../certificate/keyring-jcl/generate/.help | 1 - .../keyring-jcl/generate/.parameters | 21 -- .../certificate/keyring-jcl/generate/index.sh | 65 ---- .../certificate/keyring-jcl/import-ds/.errors | 1 - .../keyring-jcl/import-ds/.examples | 1 - .../certificate/keyring-jcl/import-ds/.help | 1 - .../keyring-jcl/import-ds/.parameters | 14 - .../keyring-jcl/import-ds/index.sh | 59 ---- bin/commands/init/certificate/index.sh | 314 ++++++++---------- bin/libs/certificate.sh | 12 +- 25 files changed, 146 insertions(+), 486 deletions(-) delete mode 100644 bin/commands/certificate/keyring-jcl/.examples delete mode 100644 bin/commands/certificate/keyring-jcl/.help delete mode 100644 bin/commands/certificate/keyring-jcl/clean/.errors delete mode 100644 bin/commands/certificate/keyring-jcl/clean/.examples delete mode 100644 bin/commands/certificate/keyring-jcl/clean/.help delete mode 100644 bin/commands/certificate/keyring-jcl/clean/.parameters delete mode 100644 bin/commands/certificate/keyring-jcl/clean/index.sh delete mode 100644 bin/commands/certificate/keyring-jcl/connect/.errors delete mode 100644 bin/commands/certificate/keyring-jcl/connect/.examples delete mode 100644 bin/commands/certificate/keyring-jcl/connect/.help delete mode 100644 bin/commands/certificate/keyring-jcl/connect/.parameters delete mode 100644 bin/commands/certificate/keyring-jcl/connect/index.sh delete mode 100644 bin/commands/certificate/keyring-jcl/generate/.errors delete mode 100644 bin/commands/certificate/keyring-jcl/generate/.examples delete mode 100644 bin/commands/certificate/keyring-jcl/generate/.help delete mode 100644 bin/commands/certificate/keyring-jcl/generate/.parameters delete mode 100644 bin/commands/certificate/keyring-jcl/generate/index.sh delete mode 100644 bin/commands/certificate/keyring-jcl/import-ds/.errors delete mode 100644 bin/commands/certificate/keyring-jcl/import-ds/.examples delete mode 100644 bin/commands/certificate/keyring-jcl/import-ds/.help delete mode 100644 bin/commands/certificate/keyring-jcl/import-ds/.parameters delete mode 100644 bin/commands/certificate/keyring-jcl/import-ds/index.sh diff --git a/bin/commands/certificate/.examples b/bin/commands/certificate/.examples index 8bbffda262..47961df6d7 100644 --- a/bin/commands/certificate/.examples +++ b/bin/commands/certificate/.examples @@ -1,3 +1 @@ -zwe certificate keyring-jcl clean --dataset-prefix my-dataset-prefix --jcllib my-jcllib --security-dry-run --keyring-owner my-keyring-owner --keyring-name my-keyring-name -a certificate-alias -ca ca-alias - zwe certificate verify-service --host service-hostname --port service-port diff --git a/bin/commands/certificate/keyring-jcl/.examples b/bin/commands/certificate/keyring-jcl/.examples deleted file mode 100644 index ffda4b8d9b..0000000000 --- a/bin/commands/certificate/keyring-jcl/.examples +++ /dev/null @@ -1,3 +0,0 @@ -zwe certificate keyring-jcl clean --dataset-prefix my-dataset-prefix --jcllib my-jcllib --security-dry-run --keyring-owner my-keyring-owner --keyring-name my-keyring-name -a certificate-alias -ca ca-alias - -zwe certificate keyring-jcl connect --dataset-prefix my-dataset-prefix --jcllib my-jcllib --security-dry-run --keyring-owner my-keyring-owner --keyring-name my-keyring-name --connect-user cert-owner --connect-label cert-label diff --git a/bin/commands/certificate/keyring-jcl/.help b/bin/commands/certificate/keyring-jcl/.help deleted file mode 100644 index bd0aa74d74..0000000000 --- a/bin/commands/certificate/keyring-jcl/.help +++ /dev/null @@ -1 +0,0 @@ -Manage z/OS Keyring with JCL. diff --git a/bin/commands/certificate/keyring-jcl/clean/.errors b/bin/commands/certificate/keyring-jcl/clean/.errors deleted file mode 100644 index 3fb2da7665..0000000000 --- a/bin/commands/certificate/keyring-jcl/clean/.errors +++ /dev/null @@ -1 +0,0 @@ -ZWEL0176E|176|Failed to clean up Zowe keyring "%s". diff --git a/bin/commands/certificate/keyring-jcl/clean/.examples b/bin/commands/certificate/keyring-jcl/clean/.examples deleted file mode 100644 index 12b82ea995..0000000000 --- a/bin/commands/certificate/keyring-jcl/clean/.examples +++ /dev/null @@ -1 +0,0 @@ -zwe certificate keyring-jcl clean --dataset-prefix my-dataset-prefix --jcllib my-jcllib --security-dry-run --keyring-owner my-keyring-owner --keyring-name my-keyring-name -a certificate-alias -ca ca-alias diff --git a/bin/commands/certificate/keyring-jcl/clean/.help b/bin/commands/certificate/keyring-jcl/clean/.help deleted file mode 100644 index 1277a96b7f..0000000000 --- a/bin/commands/certificate/keyring-jcl/clean/.help +++ /dev/null @@ -1 +0,0 @@ -Remove Zowe keyring. diff --git a/bin/commands/certificate/keyring-jcl/clean/.parameters b/bin/commands/certificate/keyring-jcl/clean/.parameters deleted file mode 100644 index cd0d2f0bf0..0000000000 --- a/bin/commands/certificate/keyring-jcl/clean/.parameters +++ /dev/null @@ -1,9 +0,0 @@ -dataset-prefix,ds-prefix||string|required||||Dataset prefix where Zowe is installed. -jcllib||string|required||||JCLLIB data set name where the JCL will be placed. -security-dry-run||boolean|||||Whether to dry run security related setup. -security-product||string||RACF|||Security product. Can be a value of RACF, ACF2 or TSS. -keyring-owner||string|required||||Owner of the keyring. -keyring-name||string|required||||Name of the keyring. -alias|a|string|required|localhost|||Certificate alias name. -ca-alias|ca|string|required|localca|||Certificate authority alias name. -ignore-security-failures||boolean|||||Whether to ignore security setup job failures. diff --git a/bin/commands/certificate/keyring-jcl/clean/index.sh b/bin/commands/certificate/keyring-jcl/clean/index.sh deleted file mode 100644 index 33c7715e9b..0000000000 --- a/bin/commands/certificate/keyring-jcl/clean/index.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/sh - -####################################################################### -# This program and the accompanying materials are made available -# under the terms of the Eclipse Public License v2.0 which -# accompanies this distribution, and is available at -# https://www.eclipse.org/legal/epl-v20.html -# -# SPDX-License-Identifier: EPL-2.0 -# -# Copyright Contributors to the Zowe Project. -####################################################################### - -print_level1_message "Remove Zowe keyring" - -############################### -# constants & variables -job_has_failures= - -############################### -# validation - -############################### -# run ZWENOKYR JCL -keyring_run_zwenokyr_jcl \ - "${ZWE_CLI_PARAMETER_DATASET_PREFIX}" \ - "${ZWE_CLI_PARAMETER_JCLLIB}" \ - "${ZWE_CLI_PARAMETER_KEYRING_OWNER}" \ - "${ZWE_CLI_PARAMETER_KEYRING_NAME}" \ - "${ZWE_CLI_PARAMETER_ALIAS}" \ - "${ZWE_CLI_PARAMETER_CA_ALIAS}" \ - "${ZWE_CLI_PARAMETER_SECURITY_PRODUCT}" -if [ $? -ne 0 ]; then - job_has_failures=true - if [ "${ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES}" = "true" ]; then - print_error "Error ZWEL0176E: Failed to clean up Zowe keyring \"${ZWE_CLI_PARAMETER_KEYRING_OWNER}/${ZWE_CLI_PARAMETER_KEYRING_NAME}\"." - else - print_error_and_exit "Error ZWEL0176E: Failed to clean up Zowe keyring \"${ZWE_CLI_PARAMETER_KEYRING_OWNER}/${ZWE_CLI_PARAMETER_KEYRING_NAME}\"." "" 176 - fi -fi - -############################### -# exit message -if [ "${job_has_failures}" = "true" ]; then - print_level2_message "Failed to remove Zowe keyring. Please check job log for details." -else - print_level2_message "Zowe keyring is removed successfully." -fi diff --git a/bin/commands/certificate/keyring-jcl/connect/.errors b/bin/commands/certificate/keyring-jcl/connect/.errors deleted file mode 100644 index 149f5cdcd7..0000000000 --- a/bin/commands/certificate/keyring-jcl/connect/.errors +++ /dev/null @@ -1 +0,0 @@ -ZWEL0175E|175|Failed to connect existing certificate to Zowe keyring "%s". diff --git a/bin/commands/certificate/keyring-jcl/connect/.examples b/bin/commands/certificate/keyring-jcl/connect/.examples deleted file mode 100644 index 75ec5078f8..0000000000 --- a/bin/commands/certificate/keyring-jcl/connect/.examples +++ /dev/null @@ -1 +0,0 @@ -zwe certificate keyring-jcl connect --dataset-prefix my-dataset-prefix --jcllib my-jcllib --security-dry-run --keyring-owner my-keyring-owner --keyring-name my-keyring-name --connect-user cert-owner --connect-label cert-label diff --git a/bin/commands/certificate/keyring-jcl/connect/.help b/bin/commands/certificate/keyring-jcl/connect/.help deleted file mode 100644 index 7b3f1cb35c..0000000000 --- a/bin/commands/certificate/keyring-jcl/connect/.help +++ /dev/null @@ -1 +0,0 @@ -Connect existing certificate to Zowe keyring. diff --git a/bin/commands/certificate/keyring-jcl/connect/.parameters b/bin/commands/certificate/keyring-jcl/connect/.parameters deleted file mode 100644 index 8ae86cb266..0000000000 --- a/bin/commands/certificate/keyring-jcl/connect/.parameters +++ /dev/null @@ -1,13 +0,0 @@ -dataset-prefix,ds-prefix||string|required||||Dataset prefix where Zowe is installed. -jcllib||string|required||||JCLLIB data set name where the JCL will be placed. -security-dry-run||boolean|||||Whether to dry run security related setup. -security-product||string||RACF|||Security product. Can be a value of RACF, ACF2 or TSS. -keyring-owner||string|required||||Owner of the keyring. -keyring-name||string|required||||Name of the keyring. -trust-cas||string|||||Labels of extra certificate authorities should be trusted, separated by comma (Maximum 2). -connect-user||string|required||||Certificate owner. Can be `SITE` or a user ID. -connect-label||string|required||||Certificate label to connect. -trust-zosmf||boolean|||||Whether to trust z/OSMF CA. -zosmf-ca||string||_auto_|||Labels of z/OSMF root certificate authorities. Specify "_auto_" to let Zowe to detect automatically. This only works for RACF. -zosmf-user||string||IZUSVR|||z/OSMF user name. This is used to automatically detect z/OSMF root certificate authorities. -ignore-security-failures||boolean|||||Whether to ignore security setup job failures. diff --git a/bin/commands/certificate/keyring-jcl/connect/index.sh b/bin/commands/certificate/keyring-jcl/connect/index.sh deleted file mode 100644 index 86fbaa028b..0000000000 --- a/bin/commands/certificate/keyring-jcl/connect/index.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/sh - -####################################################################### -# This program and the accompanying materials are made available -# under the terms of the Eclipse Public License v2.0 which -# accompanies this distribution, and is available at -# https://www.eclipse.org/legal/epl-v20.html -# -# SPDX-License-Identifier: EPL-2.0 -# -# Copyright Contributors to the Zowe Project. -####################################################################### - -print_level1_message "Connect existing certificate to Zowe keyring" - -############################### -# constants & variables -job_has_failures= - -############################### -# validation - -############################### -# run ZWEKRING JCL -ZWE_PRIVATE_ZOSMF_USER="${ZWE_CLI_PARAMETER_ZOSMF_USER}" \ - keyring_run_zwekring_jcl \ - "${ZWE_CLI_PARAMETER_DATASET_PREFIX}" \ - "${ZWE_CLI_PARAMETER_JCLLIB}" \ - 2 \ - "${ZWE_CLI_PARAMETER_KEYRING_OWNER}" \ - "${ZWE_CLI_PARAMETER_KEYRING_NAME}" \ - "" \ - "" \ - "" \ - "${ZWE_CLI_PARAMETER_TRUST_CAS}" \ - "${ZWE_CLI_PARAMETER_TRUST_ZOSMF}" \ - "${ZWE_CLI_PARAMETER_ZOSMF_CA}" \ - "${ZWE_CLI_PARAMETER_CONNECT_USER}" \ - "${ZWE_CLI_PARAMETER_CONNECT_LABEL}" \ - "" \ - "" \ - "" \ - "${ZWE_CLI_PARAMETER_SECURITY_PRODUCT}" -if [ $? -ne 0 ]; then - job_has_failures=true - if [ "${ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES}" = "true" ]; then - print_error "Error ZWEL0175E: Failed to connect existing certificate to Zowe keyring \"${ZWE_CLI_PARAMETER_KEYRING_OWNER}/${ZWE_CLI_PARAMETER_KEYRING_NAME}\"." - else - print_error_and_exit "Error ZWEL0175E: Failed to connect existing certificate to Zowe keyring \"${ZWE_CLI_PARAMETER_KEYRING_OWNER}/${ZWE_CLI_PARAMETER_KEYRING_NAME}\"." "" 175 - fi -fi - -############################### -# exit message -if [ "${job_has_failures}" = "true" ]; then - print_level2_message "Failed to connect existing certificate to Zowe keyring. Please check job log for details." -else - print_level2_message "Certificate is connected to Zowe keyring successfully." -fi diff --git a/bin/commands/certificate/keyring-jcl/generate/.errors b/bin/commands/certificate/keyring-jcl/generate/.errors deleted file mode 100644 index 6c902d7f5b..0000000000 --- a/bin/commands/certificate/keyring-jcl/generate/.errors +++ /dev/null @@ -1 +0,0 @@ -ZWEL0174E|174|Failed to generate certificate in Zowe keyring "%s". diff --git a/bin/commands/certificate/keyring-jcl/generate/.examples b/bin/commands/certificate/keyring-jcl/generate/.examples deleted file mode 100644 index b7dcd586c7..0000000000 --- a/bin/commands/certificate/keyring-jcl/generate/.examples +++ /dev/null @@ -1 +0,0 @@ -zwe certificate keyring-jcl generate --dataset-prefix my-dataset-prefix --jcllib my-jcllib --security-dry-run --keyring-owner my-keyring-owner --keyring-name my-keyring-name -d my-domain -a certificate-alias -ca ca-alias diff --git a/bin/commands/certificate/keyring-jcl/generate/.help b/bin/commands/certificate/keyring-jcl/generate/.help deleted file mode 100644 index 09a593039e..0000000000 --- a/bin/commands/certificate/keyring-jcl/generate/.help +++ /dev/null @@ -1 +0,0 @@ -Generate new set of certificate in Zowe keyring. diff --git a/bin/commands/certificate/keyring-jcl/generate/.parameters b/bin/commands/certificate/keyring-jcl/generate/.parameters deleted file mode 100644 index 6017cd675d..0000000000 --- a/bin/commands/certificate/keyring-jcl/generate/.parameters +++ /dev/null @@ -1,21 +0,0 @@ -dataset-prefix,ds-prefix||string|required||||Dataset prefix where Zowe is installed. -jcllib||string|required||||JCLLIB data set name where the JCL will be placed. -security-dry-run||boolean|||||Whether to dry run security related setup. -security-product||string||RACF|||Security product. Can be a value of RACF, ACF2 or TSS. -keyring-owner||string|required||||Owner of the keyring. -keyring-name||string|required||||Name of the keyring. -domains|d|string|required||||Domain and IP for the certificate separated by comma. (Please note RACDCERT is limited to only have one domain and one IP.) -alias|a|string|required|localhost|||Certificate alias name. -ca-alias|ca|string|required|localca|||Certificate authority alias name. -common-name|cn|string|||||Common name of certificate and certificate authority. -org-unit||string|||||Organization unit of certificate and certificate authority. -org||string|||||Organization of certificate and certificate authority. -locality||string|||||Locality of certificate and certificate authority. -state||string|||||State of certificate and certificate authority. -country||string|||||Country of certificate and certificate authority. -validity||string|||||Validity days of certificate. -trust-cas||string|||||Labels of extra certificate authorities should be trusted, separated by comma (Maximum 2). -trust-zosmf||boolean|||||Whether to trust z/OSMF CA. -zosmf-ca||string||_auto_|||Labels of z/OSMF root certificate authorities. Specify "_auto_" to let Zowe to detect automatically. This only works for RACF. -zosmf-user||string||IZUSVR|||z/OSMF user name. This is used to automatically detect z/OSMF root certificate authorities. -ignore-security-failures||boolean|||||Whether to ignore security setup job failures. diff --git a/bin/commands/certificate/keyring-jcl/generate/index.sh b/bin/commands/certificate/keyring-jcl/generate/index.sh deleted file mode 100644 index f1290e0c86..0000000000 --- a/bin/commands/certificate/keyring-jcl/generate/index.sh +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/sh - -####################################################################### -# This program and the accompanying materials are made available -# under the terms of the Eclipse Public License v2.0 which -# accompanies this distribution, and is available at -# https://www.eclipse.org/legal/epl-v20.html -# -# SPDX-License-Identifier: EPL-2.0 -# -# Copyright Contributors to the Zowe Project. -####################################################################### - -print_level1_message "Generate Zowe certificate in keyring" - -############################### -# constants & variables -job_has_failures= - -############################### -# validation - -############################### -# run ZWEKRING JCL -ZWE_PRIVATE_CERTIFICATE_CA_ORG_UNIT="${ZWE_CLI_PARAMETER_ORG_UNIT}" \ - ZWE_PRIVATE_CERTIFICATE_CA_ORG="${ZWE_CLI_PARAMETER_ORG}" \ - ZWE_PRIVATE_CERTIFICATE_CA_LOCALITY="${ZWE_CLI_PARAMETER_LOCALITY}" \ - ZWE_PRIVATE_CERTIFICATE_CA_STATE="${ZWE_CLI_PARAMETER_STATE}" \ - ZWE_PRIVATE_CERTIFICATE_CA_COUNTRY="${ZWE_CLI_PARAMETER_COUNTRY}" \ - ZWE_PRIVATE_CERTIFICATE_CA_VALIDITY="${ZWE_CLI_PARAMETER_VALIDITY}" \ - ZWE_PRIVATE_ZOSMF_USER="${ZWE_CLI_PARAMETER_ZOSMF_USER}" \ - keyring_run_zwekring_jcl \ - "${ZWE_CLI_PARAMETER_DATASET_PREFIX}" \ - "${ZWE_CLI_PARAMETER_JCLLIB}" \ - 1 \ - "${ZWE_CLI_PARAMETER_KEYRING_OWNER}" \ - "${ZWE_CLI_PARAMETER_KEYRING_NAME}" \ - "${ZWE_CLI_PARAMETER_DOMAINS}" \ - "${ZWE_CLI_PARAMETER_ALIAS}" \ - "${ZWE_CLI_PARAMETER_CA_ALIAS}" \ - "${ZWE_CLI_PARAMETER_TRUST_CAS}" \ - "${ZWE_CLI_PARAMETER_TRUST_ZOSMF}" \ - "${ZWE_CLI_PARAMETER_ZOSMF_CA}" \ - "" \ - "" \ - "" \ - "" \ - "${ZWE_CLI_PARAMETER_VALIDITY}" \ - "${ZWE_CLI_PARAMETER_SECURITY_PRODUCT}" -if [ $? -ne 0 ]; then - job_has_failures=true - if [ "${ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES}" = "true" ]; then - print_error "Error ZWEL0174E: Failed to generate certificate in Zowe keyring \"${ZWE_CLI_PARAMETER_KEYRING_OWNER}/${ZWE_CLI_PARAMETER_KEYRING_NAME}\"." - else - print_error_and_exit "Error ZWEL0174E: Failed to generate certificate in Zowe keyring \"${ZWE_CLI_PARAMETER_KEYRING_OWNER}/${ZWE_CLI_PARAMETER_KEYRING_NAME}\"." "" 174 - fi -fi - -############################### -# exit message -if [ "${job_has_failures}" = "true" ]; then - print_level2_message "Failed to generate certificate to Zowe keyring. Please check job log for details." -else - print_level2_message "Certificate is generated in keyring successfully." -fi diff --git a/bin/commands/certificate/keyring-jcl/import-ds/.errors b/bin/commands/certificate/keyring-jcl/import-ds/.errors deleted file mode 100644 index baec706241..0000000000 --- a/bin/commands/certificate/keyring-jcl/import-ds/.errors +++ /dev/null @@ -1 +0,0 @@ -ZWEL0173E|173|Failed to import certificate to Zowe keyring "%s". diff --git a/bin/commands/certificate/keyring-jcl/import-ds/.examples b/bin/commands/certificate/keyring-jcl/import-ds/.examples deleted file mode 100644 index 82be8a3546..0000000000 --- a/bin/commands/certificate/keyring-jcl/import-ds/.examples +++ /dev/null @@ -1 +0,0 @@ -zwe certificate keyring-jcl import-ds --dataset-prefix my-dataset-prefix --jcllib my-jcllib --security-dry-run --keyring-owner my-keyring-owner --keyring-name my-keyring-name -a certificate-alias --import-ds-name my-ds-name --import-ds-password my-ds-password diff --git a/bin/commands/certificate/keyring-jcl/import-ds/.help b/bin/commands/certificate/keyring-jcl/import-ds/.help deleted file mode 100644 index 663e244500..0000000000 --- a/bin/commands/certificate/keyring-jcl/import-ds/.help +++ /dev/null @@ -1 +0,0 @@ -Import certificate stored in MVS data set into Zowe keyring. diff --git a/bin/commands/certificate/keyring-jcl/import-ds/.parameters b/bin/commands/certificate/keyring-jcl/import-ds/.parameters deleted file mode 100644 index f0cb41275a..0000000000 --- a/bin/commands/certificate/keyring-jcl/import-ds/.parameters +++ /dev/null @@ -1,14 +0,0 @@ -dataset-prefix,ds-prefix||string|required||||Dataset prefix where Zowe is installed. -jcllib||string|required||||JCLLIB data set name where the JCL will be placed. -security-dry-run||boolean|||||Whether to dry run security related setup. -security-product||string||RACF|||Security product. Can be a value of RACF, ACF2 or TSS. -keyring-owner||string|required||||Owner of the keyring. -keyring-name||string|required||||Name of the keyring. -alias|a|string|required|localhost|||Certificate alias name. -trust-cas||string|||||Labels of extra certificate authorities should be trusted, separated by comma (Maximum 2). -trust-zosmf||boolean|||||Whether to trust z/OSMF CA. -zosmf-ca||string||_auto_|||Labels of z/OSMF root certificate authorities. Specify "_auto_" to let Zowe to detect automatically. This only works for RACF. -zosmf-user||string||IZUSVR|||z/OSMF user name. This is used to automatically detect z/OSMF root certificate authorities. -import-ds-name||string|required||||Name of the data set holds certificate to import into keyring. -import-ds-password||string|required||||Password of the data set holds certificate to import. -ignore-security-failures||boolean|||||Whether to ignore security setup job failures. diff --git a/bin/commands/certificate/keyring-jcl/import-ds/index.sh b/bin/commands/certificate/keyring-jcl/import-ds/index.sh deleted file mode 100644 index e4d5f62dd6..0000000000 --- a/bin/commands/certificate/keyring-jcl/import-ds/index.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/sh - -####################################################################### -# This program and the accompanying materials are made available -# under the terms of the Eclipse Public License v2.0 which -# accompanies this distribution, and is available at -# https://www.eclipse.org/legal/epl-v20.html -# -# SPDX-License-Identifier: EPL-2.0 -# -# Copyright Contributors to the Zowe Project. -####################################################################### - -print_level1_message "Import certificate to Zowe keyring" - -############################### -# constants & variables -job_has_failures= - -############################### -# validation - -############################### -# run ZWEKRING JCL -ZWE_PRIVATE_ZOSMF_USER="${ZWE_CLI_PARAMETER_ZOSMF_USER}" \ - keyring_run_zwekring_jcl \ - "${ZWE_CLI_PARAMETER_DATASET_PREFIX}" \ - "${ZWE_CLI_PARAMETER_JCLLIB}" \ - 3 \ - "${ZWE_CLI_PARAMETER_KEYRING_OWNER}" \ - "${ZWE_CLI_PARAMETER_KEYRING_NAME}" \ - "" \ - "${ZWE_CLI_PARAMETER_ALIAS}" \ - "" \ - "${ZWE_CLI_PARAMETER_TRUST_CAS}" \ - "${ZWE_CLI_PARAMETER_TRUST_ZOSMF}" \ - "${ZWE_CLI_PARAMETER_ZOSMF_CA}" \ - "" \ - "" \ - "${ZWE_CLI_PARAMETER_IMPORT_DS_NAME}" \ - "${ZWE_CLI_PARAMETER_IMPORT_DS_PASSWORD}" \ - "" \ - "${ZWE_CLI_PARAMETER_SECURITY_PRODUCT}" -if [ $? -ne 0 ]; then - job_has_failures=true - if [ "${ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES}" = "true" ]; then - print_error "Error ZWEL0173E: Failed to import certificate to Zowe keyring \"${ZWE_CLI_PARAMETER_KEYRING_OWNER}/${ZWE_CLI_PARAMETER_KEYRING_NAME}\"." - else - print_error_and_exit "Error ZWEL0173E: Failed to import certificate to Zowe keyring \"${ZWE_CLI_PARAMETER_KEYRING_OWNER}/${ZWE_CLI_PARAMETER_KEYRING_NAME}\"." "" 173 - fi -fi - -############################### -# exit message -if [ "${job_has_failures}" = "true" ]; then - print_level2_message "Failed to import certificate to Zowe keyring. Please check job log for details." -else - print_level2_message "Certificate is imported to Zowe keyring successfully." -fi diff --git a/bin/commands/init/certificate/index.sh b/bin/commands/init/certificate/index.sh index 8fe98560ae..e52868c0d6 100644 --- a/bin/commands/init/certificate/index.sh +++ b/bin/commands/init/certificate/index.sh @@ -27,29 +27,20 @@ if [ "$?" -eq 1 ]; then print_error_and_exit "Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 fi -security_product=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.product") -security_users_zowe=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.users.zowe") -security_groups_admin=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.groups.admin") # read cert type and validate cert_type=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.type") if [ -z "${cert_type}" ]; then print_error_and_exit "Error ZWEL0157E: Certificate type (zowe.setup.certificate.type) is not defined in Zowe YAML configuration file." "" 157 fi + [[ "$cert_type" == "PKCS12" || "$cert_type" == JCE*KS ]] if [ $? -ne 0 ]; then print_error_and_exit "Error ZWEL0164E: Value of certificate type (zowe.setup.certificate.type) defined in Zowe YAML configuration file is invalid. Valid values are PKCS12, JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS." "" 164 fi -# read cert dname -for item in caCommonName commonName orgUnit org locality state country; do - var_name="dname_${item}" - var_val=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.dname.${item}") - eval "${var_name}=\"${var_val}\"" -done -# read cert validity -cert_validity=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.validity") + if [ "${cert_type}" = "PKCS12" ]; then # read keystore info - for item in directory lock name password caAlias caPassword; do + for item in directory lock name password; do var_name="pkcs12_${item}" var_val=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.pkcs12.${item}") eval "${var_name}=\"${var_val}\"" @@ -58,44 +49,68 @@ if [ "${cert_type}" = "PKCS12" ]; then print_error_and_exit "Error ZWEL0157E: Keystore directory (zowe.setup.certificate.pkcs12.directory) is not defined in Zowe YAML configuration file." "" 157 fi # read keystore import info - for item in keystore password alias; do - var_name="pkcs12_import_${item}" - var_val=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.pkcs12.import.${item}") - eval "${var_name}=\"${var_val}\"" - done - if [ -n "${pkcs12_import_keystore}" ]; then - if [ -z "${pkcs12_import_password}" ]; then - print_error_and_exit "Error ZWEL0157E: Password for import keystore (zowe.setup.certificate.pkcs12.import.password) is not defined in Zowe YAML configuration file." "" 157 - fi - if [ -z "${pkcs12_import_alias}" ]; then - print_error_and_exit "Error ZWEL0157E: Certificate alias of import keystore (zowe.setup.certificate.pkcs12.import.alias) is not defined in Zowe YAML configuration file." "" 157 - fi - fi -elif [[ "${cert_type}" == JCE*KS ]]; then + pkcs12_import_keystore=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.pkcs12.import.keystore") + +else # JCE* content + security_product=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.product") + keyring_option=1 # read keyring info - for item in owner name label caLabel; do + # TODO removed "owner" here because it wasnt being read in the JCL. + for item in name label caLabel; do var_name="keyring_${item}" var_val=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.keyring.${item}") eval "${var_name}=\"${var_val}\"" done + # FIXME: currently ZWEKRING jcl will import the cert and chain, CA will also be added to CERTAUTH, but the CA will not be connected to keyring. + # the CA imported could have label like LABEL00000001. + yaml_keyring_label="${keyring_label}" if [ -z "${keyring_name}" ]; then print_error_and_exit "Error ZWEL0157E: Zowe keyring name (zowe.setup.certificate.keyring.name) is not defined in Zowe YAML configuration file." "" 157 fi + keyring_import_dsName=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.keyring.import.dsName") - keyring_import_password=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.keyring.import.password") if [ -n "${keyring_import_dsName}" ]; then keyring_option=3 + keyring_import_password=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.keyring.import.password") if [ -z "${keyring_import_password}" ]; then print_error_and_exit "Error ZWEL0157E: The password for data set storing importing certificate (zowe.setup.certificate.keyring.import.password) is not defined in Zowe YAML configuration file." "" 157 fi + else + keyring_connect_label=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.keyring.connect.label") + if [ -n "${keyring_connect_label}" ]; then + keyring_option=2 + keyring_connect_user=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.keyring.connect.user") + if [ -z "${keyring_connect_user}" ]; then + print_error_and_exit "Error ZWEL0157E: (zowe.setup.certificate.keyring.connect.user) is not defined in Zowe YAML configuration file." "" 157 + fi + yaml_keyring_label="${keyring_connect_label}" + fi fi - keyring_connect_user=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.keyring.connect.user") - keyring_connect_label=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.keyring.connect.label") - if [ -n "${keyring_connect_label}" ]; then - keyring_option=2 + + if [ "${keyring_option}" -eq 1 ]; then + # validate parameters only needed for creation of certificate + for item in caCommonName commonName orgUnit org locality state country; do + var_val=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.dname.${item}") + if [ -z "${var_val}" ]; then + print_error_and_exit "Error ZWEL0157E: Certificate creation parameter (zowe.setup.certificate.dname.${item}) is not defined in Zowe YAML configuration file." "" 157 + fi + done + # read cert validity + cert_validity=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.validity") + if [ -z "${cert_validity}" ]; then + print_error_and_exit "Error ZWEL0157E: Certificate creation parameter (zowe.setup.certificate.validity) is not defined in Zowe YAML configuration file." "" 157 + fi fi + + # read keyring-specific z/OSMF info + for item in user ca; do + var_name="zosmf_${item}" + var_val=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.keyring.zOSMF.${item}") + eval "${var_name}=\"${var_val}\"" + done fi + # read keystore domains cert_import_CAs=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.importCertificateAuthorities" | tr '\n' ',') # read keystore domains @@ -104,12 +119,6 @@ if [ -z "${cert_domains}" ]; then cert_domains=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.externalDomains" | tr '\n' ',') fi -# read z/OSMF info -for item in user ca; do - var_name="zosmf_${item}" - var_val=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.keyring.zOSMF.${item}") - eval "${var_name}=\"${var_val}\"" -done for item in host port; do var_name="zosmf_${item}" var_val=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zOSMF.${item}") @@ -127,56 +136,77 @@ fi ############################### -# set default values -if [ -z "${security_product}" ]; then - security_product=RACF -fi -if [ -z "${security_users_zowe}" ]; then - security_users_zowe=${ZWE_PRIVATE_DEFAULT_ZOWE_USER} -fi -if [ -z "${security_groups_admin}" ]; then - security_groups_admin=${ZWE_PRIVATE_DEFAULT_ADMIN_GROUP} -fi +# set default values or quit on missing ones + if [ "${cert_type}" = "PKCS12" ]; then - if [ -z "${pkcs12_caAlias}" ]; then - pkcs12_caAlias=local_ca - fi - if [ -z "${pkcs12_caPassword}" ]; then - pkcs12_caPassword=local_ca_password - fi if [ -z "${pkcs12_name}" ]; then - pkcs12_name=localhost + print_error_and_exit "Error ZWEL0157E: (zowe.setup.certificate.pkcs12.name) is not defined in Zowe YAML configuration file." "" 157 fi if [ -z "${pkcs12_password}" ]; then - pkcs12_password=password + print_error_and_exit "Error ZWEL0157E: (zowe.setup.certificate.pkcs12.password) is not defined in Zowe YAML configuration file." "" 157 fi -elif [[ "${cert_type}" == JCE*KS ]]; then + + + if [ "$(lower_case "${pkcs12_lock}")" = "true" ]; then + security_users_zowe=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.users.zowe") + security_groups_admin=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.groups.admin") + if [ -z "${security_users_zowe}" ]; then + security_users_zowe=${ZWE_PRIVATE_DEFAULT_ZOWE_USER} + fi + if [ -z "${security_groups_admin}" ]; then + security_groups_admin=${ZWE_PRIVATE_DEFAULT_ADMIN_GROUP} + fi + fi +else # JCE* content + if [ -z "${security_product}" ]; then + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.product) is not defined in Zowe YAML configuration file." "" 157 + fi + security_users_zowe=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.users.zowe") + if [ -z "${security_users_zowe}" ]; then + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.users.zowe) is not defined in Zowe YAML configuration file." "" 157 + fi + # TODO this seems to not actually be used... was this an unusual user request? is it even possible to be a different owner? if [ -z "${keyring_owner}" ]; then keyring_owner=${security_users_zowe} fi - if [ -z "${keyring_label}" ]; then - keyring_label=localhost - fi + if [ "${keyring_option}" = "1" ]; then if [ -z "${keyring_caLabel}" ]; then - keyring_caLabel=localca + print_error_and_exit "Error ZWEL0157E: (zowe.setup.certificate.keyring.caLabel) is not defined in Zowe YAML configuration file." "" 157 + fi + fi + if [ "${keyring_option}" != "2" ]; then + if [ -z "${keyring_label}" ]; then + print_error_and_exit "Error ZWEL0157E: (zowe.setup.certificate.keyring.label) is not defined in Zowe YAML configuration file." "" 157 fi - else - # for import case, this variable is not used - keyring_caLabel= fi + if [ "${security_product}" = "ACF2" ]; then + security_groups_stc=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.groups.stc") + if [ -z "${security_groups_stc}" ]; then + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.groups.stc) is not defined in Zowe YAML configuration file." "" 157 + fi + fi + if [ -z "${zosmf_ca}" -a "${security_product}" = "RACF" -a -n "${zosmf_host}" ]; then zosmf_ca="_auto_" fi fi -pkcs12_name_lc=$(echo "${pkcs12_name}" | lower_case) -pkcs12_caAlias_lc=$(echo "${pkcs12_caAlias}" | lower_case) -# what PEM format CAs we should tell Zowe to use -yaml_pem_cas= ############################### if [ "${cert_type}" = "PKCS12" ]; then + # what PEM format CAs we should tell Zowe to use + yaml_pem_cas= + if [ -n "${pkcs12_import_keystore}" ]; then + pkcs12_import_password=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.pkcs12.import.password") + if [ -z "${pkcs12_import_password}" ]; then + print_error_and_exit "Error ZWEL0157E: Password for import keystore (zowe.setup.certificate.pkcs12.import.password) is not defined in Zowe YAML configuration file." "" 157 + fi + pkcs12_import_alias=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.pkcs12.import.alias") + if [ -z "${pkcs12_import_alias}" ]; then + print_error_and_exit "Error ZWEL0157E: Certificate alias of import keystore (zowe.setup.certificate.pkcs12.import.alias) is not defined in Zowe YAML configuration file." "" 157 + fi + # import from another keystore zwecli_inline_execute_command \ certificate pkcs12 import \ @@ -187,6 +217,18 @@ if [ "${cert_type}" = "PKCS12" ]; then --source-password "${pkcs12_import_password}" \ --source-alias "${pkcs12_import_alias}" else + # cert to be created, read creation parameters. + for item in caCommonName commonName orgUnit org locality state country; do + var_name="dname_${item}" + var_val=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.dname.${item}") + eval "${var_name}=\"${var_val}\"" + done + # read cert validity + cert_validity=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.validity") + + pkcs12_caPassword=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.pkcs12.caPassword") + pkcs12_caAlias=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.pkcs12.caAlias") + pkcs12_caAlias_lc=$(echo "${pkcs12_caAlias}" | lower_case) # create CA zwecli_inline_execute_command \ certificate pkcs12 create ca \ @@ -299,6 +341,8 @@ if [ "${cert_type}" = "PKCS12" ]; then --group-permission none fi + pkcs12_name_lc=$(echo "${pkcs12_name}" | lower_case) + # update zowe.yaml if [ "${ZWE_CLI_PARAMETER_UPDATE_CONFIG}" = "true" ]; then print_level1_message "Update certificate configuration to ${ZWE_CLI_PARAMETER_CONFIG}" @@ -336,129 +380,56 @@ if [ "${cert_type}" = "PKCS12" ]; then print_level2_message "Zowe configuration requires manual updates." fi ############################### -elif [[ "${cert_type}" == JCE*KS ]]; then +else # JCE* content # FIXME: how do we check if keyring exists without permission on RDATALIB? # should we clean up before creating new if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then # warning print_message "Warning ZWEL0300W: Keyring \"safkeyring:///${keyring_owner}/${keyring_name}\" will be overwritten during configuration." - zwecli_inline_execute_command \ - certificate keyring-jcl clean \ - --dataset-prefix "${prefix}" \ - --jcllib "${jcllib}" \ - --keyring-owner "${keyring_owner}" \ - --keyring-name "${keyring_name}" \ - --alias "${keyring_label}" \ - --ca-alias "${keyring_caLabel}" \ - --security-product "${security_product}" + keyring_run_zwenokyr_jcl "${prefix}" "${jcllib}" "${security_product}" else # error # print_error_and_exit "Error ZWEL0158E: Keyring \"safkeyring:///${keyring_owner}/${keyring_name}\" already exists." "" 158 fi - yaml_keyring_label= - case ${keyring_option} in - 1) - # generate new cert in keyring - zwecli_inline_execute_command \ - certificate keyring-jcl generate \ - --dataset-prefix "${prefix}" \ - --jcllib "${jcllib}" \ - --keyring-owner "${keyring_owner}" \ - --keyring-name "${keyring_name}" \ - --alias "${keyring_label}" \ - --ca-alias "${keyring_caLabel}" \ - --trust-cas "${cert_import_CAs}" \ - --common-name "${dname_commonName}" \ - --org-unit "${dname_orgUnit}" \ - --org "${dname_org}" \ - --locality "${dname_locality}" \ - --state "${dname_state}" \ - --country "${dname_country}" \ - --validity "${cert_validity}" \ - --security-product "${security_product}" \ - --domains "${cert_domains}" \ - "${keyring_trust_zosmf}" \ - --zosmf-ca "${zosmf_ca}" \ - --zosmf-user "${zosmf_user}" - - yaml_keyring_label="${keyring_label}" - # keyring string for self-signed CA - yaml_pem_cas="safkeyring:////${keyring_owner}/${keyring_name}&${keyring_caLabel}" - ;; - 2) - # connect existing certs to zowe keyring - zwecli_inline_execute_command \ - certificate keyring-jcl connect \ - --dataset-prefix "${prefix}" \ - --jcllib "${jcllib}" \ - --keyring-owner "${keyring_owner}" \ - --keyring-name "${keyring_name}" \ - --trust-cas "${cert_import_CAs}" \ - --connect-user "${keyring_connect_user}" \ - --connect-label "${keyring_connect_label}" \ - --security-product "${security_product}" \ - "${keyring_trust_zosmf}" \ - --zosmf-ca "${zosmf_ca}" \ - --zosmf-user "${zosmf_user}" - - yaml_keyring_label="${keyring_connect_label}" - ;; - 3) - # import certs from data set into zowe keyring - zwecli_inline_execute_command \ - certificate keyring-jcl import-ds \ - --dataset-prefix "${prefix}" \ - --jcllib "${jcllib}" \ - --keyring-owner "${keyring_owner}" \ - --keyring-name "${keyring_name}" \ - --alias "${keyring_label}" \ - --trust-cas "${cert_import_CAs}" \ - --import-ds-name "${keyring_import_dsName}" \ - --import-ds-password "${keyring_import_password}" \ - --security-product "${security_product}" \ - "${keyring_trust_zosmf}" \ - --zosmf-ca "${zosmf_ca}" \ - --zosmf-user "${zosmf_user}" - # FIXME: currently ZWEKRING jcl will import the cert and chain, CA will also be added to CERTAUTH, but the CA will not be connected to keyring. - # the CA imported could have label like LABEL00000001. - - yaml_keyring_label="${keyring_label}" - ;; - esac + keyring_run_zwekring_jcl "${prefix}" \ + "${jcllib}" \ + "${keyring_option}" \ + "${cert_domains}" \ + "${cert_import_CAs}" \ + "${keyring_trust_zosmf}" \ + "${zosmf_ca}" \ + "${cert_validity}" \ + "${security_product}" + + if [ $? -ne 0 ]; then + job_has_failures=true + if [ "${ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES}" = "true" ]; then + print_error "Error ZWEL0174E: Failed to generate certificate in Zowe keyring \"${ZWE_CLI_PARAMETER_KEYRING_OWNER}/${ZWE_CLI_PARAMETER_KEYRING_NAME}\"." + else + print_error_and_exit "Error ZWEL0174E: Failed to generate certificate in Zowe keyring \"${ZWE_CLI_PARAMETER_KEYRING_OWNER}/${ZWE_CLI_PARAMETER_KEYRING_NAME}\"." "" 174 + fi + fi - if [ -n "${cert_import_CAs}" ]; then - # append imported CAs to list - while read -r item; do - item=$(echo "${item}" | trim) - if [ -n "${item}" ]; then - if [ -n "${yaml_pem_cas}" ]; then - yaml_pem_cas="${yaml_pem_cas},safkeyring:////${keyring_owner}/${keyring_name}&${item}" - else - yaml_pem_cas="safkeyring:////${keyring_owner}/${keyring_name}&${item}" - fi - fi - done < Date: Mon, 12 Feb 2024 15:27:18 -0500 Subject: [PATCH 040/258] Fix bug in keyring generation where commonname fields were not substituted Signed-off-by: 1000TurquoisePogs --- example-zowe.yaml | 8 ++++---- files/SZWESAMP/ZWEIKRA1 | 4 ++-- files/SZWESAMP/ZWEIKRR1 | 4 ++-- files/SZWESAMP/ZWEIKRT1 | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/example-zowe.yaml b/example-zowe.yaml index ef96de9672..3d8dd63cdc 100644 --- a/example-zowe.yaml +++ b/example-zowe.yaml @@ -125,8 +125,8 @@ zowe: caPassword: local_ca_password # Distinguished name for Zowe generated certificates. All optional. dname: - caCommonName: "" - commonName: "Zowe Development Instances" + caCommonName: "Zowe Development Instances CA" + commonName: "Zowe Development Instances Certificate" orgUnit: "API Mediation Layer" org: "Zowe Sample" locality: "Prague" @@ -197,8 +197,8 @@ zowe: # user: "IZUSVR" # # Distinguished name for Zowe generated certificates. All optional. # dname: - # caCommonName: "" - # commonName: "Zowe Development Instances" + # caCommonName: "Zowe Development Instances CA" + # commonName: "Zowe Development Instances Certificate" # orgUnit: "API Mediation Layer" # org: "Zowe Sample" # locality: "Prague" diff --git a/files/SZWESAMP/ZWEIKRA1 b/files/SZWESAMP/ZWEIKRA1 index 8672305306..b0b2d22a44 100644 --- a/files/SZWESAMP/ZWEIKRA1 +++ b/files/SZWESAMP/ZWEIKRA1 @@ -112,7 +112,7 @@ ACF SET PROFILE(USER) DIVISION(CERTDATA) GENCERT CERTAUTH.ZOWECA - LABEL({zowe.setup.certificate.keyring.caLabel}) SIZE(2048) - - SUBJSDN(CN='{zowe.setup.certificate.dname}. CA' - + SUBJSDN(CN='{zowe.setup.certificate.dname.caCommonName}' - OU='{zowe.setup.certificate.dname.orgUnit}.' - O='{zowe.setup.certificate.dname.org}.' - L='{zowe.setup.certificate.dname.locality}.' - @@ -131,7 +131,7 @@ ACF * Create a certificate signed by local zowe's CA .................. */ SET PROFILE(USER) DIV(CERTDATA) GENCERT {zowe.setup.security.users.zowe}.ZOWECERT - - SUBJSDN(CN='{zowe.setup.certificate.dname}. certificate' - + SUBJSDN(CN='{zowe.setup.certificate.dname.commonName}' - OU='{zowe.setup.certificate.dname.orgUnit}.' - O='{zowe.setup.certificate.dname.org}.' - L='{zowe.setup.certificate.dname.locality}.' - diff --git a/files/SZWESAMP/ZWEIKRR1 b/files/SZWESAMP/ZWEIKRR1 index ec7c0be3ef..a7cf76b81b 100644 --- a/files/SZWESAMP/ZWEIKRR1 +++ b/files/SZWESAMP/ZWEIKRR1 @@ -108,7 +108,7 @@ $$ /* Create Zowe's local CA authority .................................*/ RACDCERT GENCERT CERTAUTH + SUBJECTSDN( + - CN('{zowe.setup.certificate.dname}. CA') + + CN('{zowe.setup.certificate.dname.caCommonName}') + OU('{zowe.setup.certificate.dname.orgUnit}') + O('{zowe.setup.certificate.dname.org}') + L('{zowe.setup.certificate.dname.locality}') + @@ -128,7 +128,7 @@ $$ /* Create a certificate signed by local zowe's CA .................. */ RACDCERT GENCERT ID({zowe.setup.security.users.zowe}) + SUBJECTSDN( + - CN('{zowe.setup.certificate.dname}. certificate') + + CN('{zowe.setup.certificate.dname.commonName}') + OU('{zowe.setup.certificate.dname.orgUnit}') + O('{zowe.setup.certificate.dname.org}') + L('{zowe.setup.certificate.dname.locality}') + diff --git a/files/SZWESAMP/ZWEIKRT1 b/files/SZWESAMP/ZWEIKRT1 index 06cedec321..5587d405aa 100644 --- a/files/SZWESAMP/ZWEIKRT1 +++ b/files/SZWESAMP/ZWEIKRT1 @@ -107,7 +107,7 @@ $$ TSS GENCERT(CERTAUTH) + DIGICERT(ZOWECA) + SUBJECTN( + - 'CN="{zowe.setup.certificate.dname}. CA" + + 'CN="{zowe.setup.certificate.dname.caCommonName}" + OU="{zowe.setup.certificate.dname.orgUnit}." + O="{zowe.setup.certificate.dname.org}." + L="{zowe.setup.certificate.dname.locality}." + @@ -127,7 +127,7 @@ $$ TSS GENCERT({zowe.setup.security.users.zowe}) + DIGICERT(ZOWECERT) + SUBJECTN( + - 'CN="{zowe.setup.certificate.dname}. certificate" + + 'CN="{zowe.setup.certificate.dname.commonName}" + OU="{zowe.setup.certificate.dname.orgUnit}." + O="{zowe.setup.certificate.dname.org}." + L="{zowe.setup.certificate.dname.locality}." + From 0dd2d90d8c0dba2827291118b34204a59b48a33c Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Tue, 13 Feb 2024 09:44:51 +0100 Subject: [PATCH 041/258] Added EXEC statement Signed-off-by: Martin Zeithaml --- files/SZWESAMP/ZWEIAPF | 2 ++ 1 file changed, 2 insertions(+) diff --git a/files/SZWESAMP/ZWEIAPF b/files/SZWESAMP/ZWEIAPF index ba329bb8af..a0ff01325c 100644 --- a/files/SZWESAMP/ZWEIAPF +++ b/files/SZWESAMP/ZWEIAPF @@ -17,6 +17,8 @@ //* //********************************************************************* //* +//EXEC14 EXEC PGM=IEFBR14 +//* //* This dataset holds the APF portion of Zowe // SET LOADLIB='{zowe.setup.dataset.authLoadlib}' //* From 20c0aebba9925f17db084623e0510ac62973163a Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Tue, 13 Feb 2024 13:14:09 +0100 Subject: [PATCH 042/258] RACF specific JCL Signed-off-by: Martin Zeithaml --- files/SZWESAMP/ZWEIKRR2 | 2 +- files/SZWESAMP/ZWEIKRR3 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/files/SZWESAMP/ZWEIKRR2 b/files/SZWESAMP/ZWEIKRR2 index a6298b11be..0702d15130 100644 --- a/files/SZWESAMP/ZWEIKRR2 +++ b/files/SZWESAMP/ZWEIKRR2 @@ -89,7 +89,7 @@ //* //RUNRACF EXEC PGM=IKJEFT01,REGION=0M //SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME={zowe.setup.security.product} +//SYSTSIN DD DDNAME=RACF //* //********************************************************************* //* diff --git a/files/SZWESAMP/ZWEIKRR3 b/files/SZWESAMP/ZWEIKRR3 index 3fd354d4bb..8aa7983a29 100644 --- a/files/SZWESAMP/ZWEIKRR3 +++ b/files/SZWESAMP/ZWEIKRR3 @@ -94,7 +94,7 @@ //* //RUNRACF EXEC PGM=IKJEFT01,REGION=0M //SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME={zowe.setup.security.product} +//SYSTSIN DD DDNAME=RACF //RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Create the keyring .............................................. */ From 781f6888dbcca94988d7e6f84db4060e7c2c645e Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 13 Feb 2024 13:48:04 -0500 Subject: [PATCH 043/258] Remove extra periods '.' in various JCL. Add quotes around runtime directory pathname in JCL. Add 'remove' JCL that is needed when using commands with --allow-overwrite Signed-off-by: 1000TurquoisePogs --- bin/commands/init/mvs/index.ts | 4 +++ bin/commands/init/stc/index.ts | 3 +++ bin/commands/init/vsam/index.ts | 2 +- files/SZWESAMP/ZWECSRVS | 30 +++++++++++++++++++++ files/SZWESAMP/ZWEIACF2 | 32 +++++++++++------------ files/SZWESAMP/ZWEIKRA1 | 14 +++++----- files/SZWESAMP/ZWEIKRT1 | 22 ++++++++-------- files/SZWESAMP/ZWEIKRT3 | 2 +- files/SZWESAMP/ZWEIMVS2 | 4 +-- files/SZWESAMP/ZWEIRACF | 46 ++++++++++++++++----------------- files/SZWESAMP/ZWEISTC | 6 +++++ files/SZWESAMP/ZWEITSS | 6 ++--- files/SZWESAMP/ZWENOKRR | 2 +- files/SZWESAMP/ZWERMVS | 29 +++++++++++++++++++++ files/SZWESAMP/ZWERMVS2 | 27 +++++++++++++++++++ files/SZWESAMP/ZWERSTC | 34 ++++++++++++++++++++++++ 16 files changed, 198 insertions(+), 65 deletions(-) create mode 100644 files/SZWESAMP/ZWECSRVS create mode 100644 files/SZWESAMP/ZWERMVS create mode 100644 files/SZWESAMP/ZWERMVS2 create mode 100644 files/SZWESAMP/ZWERSTC diff --git a/bin/commands/init/mvs/index.ts b/bin/commands/init/mvs/index.ts index 06655bbb75..c48c7c8b70 100644 --- a/bin/commands/init/mvs/index.ts +++ b/bin/commands/init/mvs/index.ts @@ -59,6 +59,10 @@ export function execute(allowOverwrite?: boolean) { if (datasetExists) { if (allowOverwrite) { common.printMessage(`Warning ZWEL0300W: ${ds} already exists. Members in this data set will be overwritten.`); + zosJes.printAndHandleJcl(`//'${jcllib}(ZWERMVS)'`, `ZWERMVS`, jcllib, prefix); + if (runALoadlibCreate === true) { + zosJes.printAndHandleJcl(`//'${jcllib}(ZWERMVS2)'`, `ZWERMVS2`, jcllib, prefix); + } } else { skippedDatasets = true; common.printMessage(`Warning ZWEL0301W: ${ds} already exists and will not be overwritten. For upgrades, you must use --allow-overwrite.`); diff --git a/bin/commands/init/stc/index.ts b/bin/commands/init/stc/index.ts index 7b1fa212d5..663c6955d8 100644 --- a/bin/commands/init/stc/index.ts +++ b/bin/commands/init/stc/index.ts @@ -86,6 +86,9 @@ export function execute(allowOverwrite: boolean = false) { } else { // Fix JCL if needed - cannot copy member with same name via (foo,foo,R) // must instead be (foo,,R), so do string replace if see dual name. + if (stcExistence == true) { + zosJes.printAndHandleJcl(`//'${jcllib}(ZWERSTC)'`, `ZWERSTC`, jcllib, prefix); + } const tmpfile = fs.createTmpFile(`zwe ${COMMAND_LIST}`.replace(new RegExp('\ ', 'g'), '-')); common.printDebug(`- Copy ${jcllib}(ZWEISTC) to ${tmpfile}`); diff --git a/bin/commands/init/vsam/index.ts b/bin/commands/init/vsam/index.ts index 8462cde0b5..db417394d8 100644 --- a/bin/commands/init/vsam/index.ts +++ b/bin/commands/init/vsam/index.ts @@ -54,7 +54,7 @@ export function execute(allowOverwrite?: boolean, dryRun?: boolean, updateConfig const vsamExistence = zosDataset.isDatasetExists(name); if (vsamExistence && allowOverwrite) { - zosDataset.deleteDataset(name); + zosJes.printAndHandleJcl(`//'${jcllib}(ZWECSRVS)'`, `ZWECSRVS`, jcllib, prefix); } else if (vsamExistence) { return common.printErrorAndExit(`Error ZWEL0158E: ${name} already exists.`, undefined, 158); } diff --git a/files/SZWESAMP/ZWECSRVS b/files/SZWESAMP/ZWECSRVS new file mode 100644 index 0000000000..024786bf13 --- /dev/null +++ b/files/SZWESAMP/ZWECSRVS @@ -0,0 +1,30 @@ +//ZWECSRVS JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* This JCL removes the VSAM data set for the Caching Service. +//* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//******************************************************************** +//RMVSAM EXEC PGM=IKJEFT01 +//SYSTSPRT DD SYSOUT=A +//SYSTSIN DD * +DELETE '{zowe.setup.vsam.name}' + + CLUSTER +//* diff --git a/files/SZWESAMP/ZWEIACF2 b/files/SZWESAMP/ZWEIACF2 index 7e93a5bf19..2b7b58b4fc 100644 --- a/files/SZWESAMP/ZWEIACF2 +++ b/files/SZWESAMP/ZWEIACF2 @@ -76,13 +76,13 @@ ACF * replace AUTOGID with GID(&ADMINGID.) if AUTOGID is not enabled * SET PROFILE(GROUP) DIV(OMVS) -INSERT {zowe.setup.security.groups.admin}. AUTOGID +INSERT {zowe.setup.security.groups.admin} AUTOGID F ACF2,REBUILD(GRP),CLASS(P) * * uncomment and customize to add an existing userid as administrator * * SET X(ROL) -* INSERT {zowe.setup.security.groups.admin}. INCLUDE(userid) ROLE +* INSERT {zowe.setup.security.groups.admin} INCLUDE(userid) ROLE * F ACF2,NEWXREF,TYPE(ROL) * * DEFINE STARTED TASK ............................................. @@ -93,7 +93,7 @@ F ACF2,REBUILD(GRP),CLASS(P) * replace AUTOGID with GID(&STCGID.) if AUTOGID is not enabled * SET PROFILE(GROUP) DIV(OMVS) -INSERT {zowe.setup.security.groups.stc}. AUTOGID +INSERT {zowe.setup.security.groups.stc} AUTOGID F ACF2,REBUILD(GRP),CLASS(P) * ***** @@ -102,10 +102,10 @@ F ACF2,REBUILD(GRP),CLASS(P) * replace AUTOUID with UID(&ZOWEUID.) if AUTOUID is not enabled * SET LID -INSERT {zowe.setup.security.users.zowe}. + +INSERT {zowe.setup.security.users.zowe} + STC GROUP({zowe.setup.security.groups.stc}) SET PROFILE(USER) DIV(OMVS) -INSERT {zowe.setup.security.users.zowe}. + +INSERT {zowe.setup.security.users.zowe} + AUTOUID HOME(/tmp) OMVSPGM(/bin/sh) F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) * @@ -113,10 +113,10 @@ F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) * replace AUTOUID with UID(&ZISUID.) if AUTOUID is not enabled * SET LID -INSERT {zowe.setup.security.users.zis}. + +INSERT {zowe.setup.security.users.zis} + STC GROUP({zowe.setup.security.groups.stc}) SET PROFILE(USER) DIV(OMVS) -INSERT {zowe.setup.security.users.zis}. + +INSERT {zowe.setup.security.users.zis} + AUTOUID HOME(/tmp) OMVSPGM(/bin/sh) F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) * @@ -125,7 +125,7 @@ F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) * started task for ZOWE main server * SET CONTROL(GSO) -INSERT STC.{zowe.setup.security.stcs.zowe}. + +INSERT STC.{zowe.setup.security.stcs.zowe} + LOGONID({zowe.setup.security.users.zowe}) + GROUP({zowe.setup.security.groups.stc}) + STCID({zowe.setup.security.stcs.zowe}) @@ -134,7 +134,7 @@ F ACF2,REFRESH(STC) * started task for ZIS cross memory server * SET CONTROL(GSO) -INSERT STC.{zowe.setup.security.stcs.zis}. + +INSERT STC.{zowe.setup.security.stcs.zis} + LOGONID({zowe.setup.security.users.zis}) + GROUP({zowe.setup.security.groups.stc}) + STCID({zowe.setup.security.stcs.zis}) @@ -143,7 +143,7 @@ F ACF2,REFRESH(STC) * started task for ZIS Auxiliary cross memory server * SET CONTROL(GSO) -INSERT STC.{zowe.setup.security.stcs.aux}. + +INSERT STC.{zowe.setup.security.stcs.aux} + LOGONID({zowe.setup.security.users.zis}) + GROUP({zowe.setup.security.groups.stc}) + STCID({zowe.setup.security.stcs.aux}) @@ -155,10 +155,10 @@ F ACF2,REFRESH(STC) * ZOWEUSER to it * SET X(ROL) -INSERT {zowe.setup.security.groups.stc}. + +INSERT {zowe.setup.security.groups.stc} + INCLUDE({zowe.setup.security.users.zowe}) ROLE F ACF2,NEWXREF,TYPE(ROL) -CHANGE {zowe.setup.security.groups.stc}. + +CHANGE {zowe.setup.security.groups.stc} + INCLUDE({zowe.setup.security.users.zis}) ADD F ACF2,NEWXREF,TYPE(ROL) * @@ -226,14 +226,14 @@ F ACF2,REBUILD(FAC) * HLQ stub SET RULE * general data set protection -LIST {zowe.setup.dataset.prefix}. -RECKEY {zowe.setup.dataset.prefix}. ADD(- UID(-) READ(A) EXEC(P)) -RECKEY {zowe.setup.dataset.prefix}. + +LIST {zowe.setup.dataset.prefix} +RECKEY {zowe.setup.dataset.prefix} ADD(- UID(-) READ(A) EXEC(P)) +RECKEY {zowe.setup.dataset.prefix} + ADD(- UID({zowe.setup.security.groups.sysProg}) + READ(A) EXEC(A) ALLOC(A) WRITE(A)) * * show results -LIST {zowe.setup.dataset.prefix}. +LIST {zowe.setup.dataset.prefix} * * diff --git a/files/SZWESAMP/ZWEIKRA1 b/files/SZWESAMP/ZWEIKRA1 index b0b2d22a44..fef0764e5b 100644 --- a/files/SZWESAMP/ZWEIKRA1 +++ b/files/SZWESAMP/ZWEIKRA1 @@ -113,10 +113,10 @@ ACF GENCERT CERTAUTH.ZOWECA - LABEL({zowe.setup.certificate.keyring.caLabel}) SIZE(2048) - SUBJSDN(CN='{zowe.setup.certificate.dname.caCommonName}' - - OU='{zowe.setup.certificate.dname.orgUnit}.' - - O='{zowe.setup.certificate.dname.org}.' - - L='{zowe.setup.certificate.dname.locality}.' - - SP='{zowe.setup.certificate.dname.state}.' - + OU='{zowe.setup.certificate.dname.orgUnit}' - + O='{zowe.setup.certificate.dname.org}' - + L='{zowe.setup.certificate.dname.locality}' - + SP='{zowe.setup.certificate.dname.state}' - C='{zowe.setup.certificate.dname.country}') - EXPIRE(05/01/30) - KEYUSAGE(CERTSIGN) @@ -133,9 +133,9 @@ ACF GENCERT {zowe.setup.security.users.zowe}.ZOWECERT - SUBJSDN(CN='{zowe.setup.certificate.dname.commonName}' - OU='{zowe.setup.certificate.dname.orgUnit}.' - - O='{zowe.setup.certificate.dname.org}.' - - L='{zowe.setup.certificate.dname.locality}.' - - SP='{zowe.setup.certificate.dname.state}.' - + O='{zowe.setup.certificate.dname.org}' - + L='{zowe.setup.certificate.dname.locality}' - + SP='{zowe.setup.certificate.dname.state}' - C='{zowe.setup.certificate.dname.country}') - SIZE(2048) - EXPIRE(05/01/30) - diff --git a/files/SZWESAMP/ZWEIKRT1 b/files/SZWESAMP/ZWEIKRT1 index 5587d405aa..33fa8d88f3 100644 --- a/files/SZWESAMP/ZWEIKRT1 +++ b/files/SZWESAMP/ZWEIKRT1 @@ -108,11 +108,11 @@ $$ DIGICERT(ZOWECA) + SUBJECTN( + 'CN="{zowe.setup.certificate.dname.caCommonName}" + - OU="{zowe.setup.certificate.dname.orgUnit}." + - O="{zowe.setup.certificate.dname.org}." + - L="{zowe.setup.certificate.dname.locality}." + - SP="{zowe.setup.certificate.dname.state}." + - C="{zowe.setup.certificate.dname.country}." ') + + OU="{zowe.setup.certificate.dname.orgUnit}" + + O="{zowe.setup.certificate.dname.org}" + + L="{zowe.setup.certificate.dname.locality}" + + SP="{zowe.setup.certificate.dname.state}" + + C="{zowe.setup.certificate.dname.country}" ') + KEYSIZE(2048) + NADATE(05/01/30) + LABLCERT({zowe.setup.certificate.keyring.caLabel}) + @@ -128,11 +128,11 @@ $$ DIGICERT(ZOWECERT) + SUBJECTN( + 'CN="{zowe.setup.certificate.dname.commonName}" + - OU="{zowe.setup.certificate.dname.orgUnit}." + - O="{zowe.setup.certificate.dname.org}." + - L="{zowe.setup.certificate.dname.locality}." + - SP="{zowe.setup.certificate.dname.state}." + - C="{zowe.setup.certificate.dname.country}." ') + + OU="{zowe.setup.certificate.dname.orgUnit}" + + O="{zowe.setup.certificate.dname.org}" + + L="{zowe.setup.certificate.dname.locality}" + + SP="{zowe.setup.certificate.dname.state}" + + C="{zowe.setup.certificate.dname.country}" ') + KEYSIZE(2048) + NADATE(05/01/30) + LABLCERT({zowe.setup.certificate.keyring.label}) + @@ -142,7 +142,7 @@ $$ /* Connect a Zowe's certificate with the keyring ................... */ TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + - RINGDATA({zowe.setup.security.users.zowe}.,ZOWECERT) + + RINGDATA({zowe.setup.security.users.zowe},ZOWECERT) + USAGE(PERSONAL) DEFAULT /* Option 1 - Default Option - END ................................. */ diff --git a/files/SZWESAMP/ZWEIKRT3 b/files/SZWESAMP/ZWEIKRT3 index 25b63b27e4..1ef90d17a4 100644 --- a/files/SZWESAMP/ZWEIKRT3 +++ b/files/SZWESAMP/ZWEIKRT3 @@ -116,7 +116,7 @@ $$ /* Connect a Zowe's certificate with the keyring ................... */ TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + - RINGDATA({zowe.setup.security.users.zowe}.,ZOWECERT) + + RINGDATA({zowe.setup.security.users.zowe},ZOWECERT) + USAGE(PERSONAL) DEFAULT /* Option 3 - END .................................................. */ diff --git a/files/SZWESAMP/ZWEIMVS2 b/files/SZWESAMP/ZWEIMVS2 index 3fb3874470..bed84772d0 100644 --- a/files/SZWESAMP/ZWEIMVS2 +++ b/files/SZWESAMP/ZWEIMVS2 @@ -16,7 +16,7 @@ //* 'zowe.setup.dataset.authLoadlib' is equal to //* 'zowe.setup.prefix' + 'SZWELOAD'. //* -//* When running this job, you should also run ZwEIMVS +//* When running this job, you should also run ZWEIMVS //* //********************************************************************* //MKPDSE EXEC PGM=IKJEFT01 @@ -31,7 +31,7 @@ blksize(32760) unit(sysallda) space(30,15) tracks //STDOUT DD SYSOUT=* //STDERR DD SYSOUT=* //STDPARM DD * -SH cd {zowe.runtimeDirectory} && +SH cd "{zowe.runtimeDirectory}" && cd components/zss && cp LOADLIB/ZWESIS01 "//'{zowe.setup.dataset.authLoadlib}(ZWESIS01)'" && diff --git a/files/SZWESAMP/ZWEIRACF b/files/SZWESAMP/ZWEIRACF index 1185882d5a..007a7a85e3 100644 --- a/files/SZWESAMP/ZWEIRACF +++ b/files/SZWESAMP/ZWEIRACF @@ -92,8 +92,8 @@ /* group for administrators */ /* replace AUTOGID with GID(&ADMINGID.) if AUTOGID not enabled */ - LISTGRP {zowe.setup.security.groups.admin}. OMVS - ADDGROUP {zowe.setup.security.groups.admin}. OMVS(AUTOGID) - + LISTGRP {zowe.setup.security.groups.admin} OMVS + ADDGROUP {zowe.setup.security.groups.admin} OMVS(AUTOGID) - DATA('ZOWE ADMINISTRATORS') /* uncomment to add existing user IDs to the ADMINGRP group */ @@ -110,16 +110,16 @@ /* warning messages otherwise */ /* group for started tasks */ /* replace AUTOGID with GID(&STCGID.) if AUTOGID not enabled */ - LISTGRP {zowe.setup.security.groups.stc}. OMVS - ADDGROUP {zowe.setup.security.groups.stc}. OMVS(AUTOGID) - + LISTGRP {zowe.setup.security.groups.stc} OMVS + ADDGROUP {zowe.setup.security.groups.stc} OMVS(AUTOGID) - DATA('STARTED TASK GROUP WITH OMVS SEGMENT') /* */ /* userid for ZOWE main server */ /* replace AUTOUID with UID(&ZOWEUID.) if AUTOUID not enabled */ - LISTUSER {zowe.setup.security.users.zowe}. OMVS - ADDUSER {zowe.setup.security.users.zowe}. - + LISTUSER {zowe.setup.security.users.zowe} OMVS + ADDUSER {zowe.setup.security.users.zowe} - NOPASSWORD - DFLTGRP({zowe.setup.security.groups.stc}) - OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) - @@ -128,8 +128,8 @@ /* userid for ZIS cross memory server */ /* replace AUTOUID with UID(&ZISUID.) if AUTOUID not enabled */ - LISTUSER {zowe.setup.security.users.zis}. OMVS - ADDUSER {zowe.setup.security.users.zis}. - + LISTUSER {zowe.setup.security.users.zis} OMVS + ADDUSER {zowe.setup.security.users.zis} - NOPASSWORD - DFLTGRP({zowe.setup.security.groups.stc}) - OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) - @@ -139,22 +139,22 @@ /* */ /* started task for ZOWE main server */ - RLIST STARTED {zowe.setup.security.stcs.zowe}.* ALL STDATA - RDEFINE STARTED {zowe.setup.security.stcs.zowe}.* - + RLIST STARTED {zowe.setup.security.stcs.zowe}* ALL STDATA + RDEFINE STARTED {zowe.setup.security.stcs.zowe}* - STDATA(USER({zowe.setup.security.users.zowe}) - GROUP({zowe.setup.security.groups.stc}) - TRUSTED(NO)) DATA('ZOWE MAIN SERVER') /* started task for ZIS cross memory server */ - RLIST STARTED {zowe.setup.security.stcs.zis}.* ALL STDATA - RDEFINE STARTED {zowe.setup.security.stcs.zis}.* - + RLIST STARTED {zowe.setup.security.stcs.zis}* ALL STDATA + RDEFINE STARTED {zowe.setup.security.stcs.zis}* - STDATA(USER({zowe.setup.security.users.zis}) - GROUP({zowe.setup.security.groups.stc}) - TRUSTED(NO)) DATA('ZOWE ZIS CROSS MEMORY SERVER') /* started task for ZIS Auxiliary cross memory server */ - RLIST STARTED {zowe.setup.security.stcs.aux}.* ALL STDATA - RDEFINE STARTED {zowe.setup.security.stcs.aux}.* - + RLIST STARTED {zowe.setup.security.stcs.aux}* ALL STDATA + RDEFINE STARTED {zowe.setup.security.stcs.aux}* - STDATA(USER({zowe.setup.security.users.zis}) - GROUP({zowe.setup.security.groups.stc}) - TRUSTED(NO)) DATA('ZOWE ZIS AUX CROSS MEMORY SERVER') @@ -162,12 +162,12 @@ SETROPTS RACLIST(STARTED) REFRESH /* show results .................................................... */ - LISTGRP {zowe.setup.security.groups.stc}. OMVS - LISTUSER {zowe.setup.security.users.zowe}. OMVS - LISTUSER {zowe.setup.security.users.zis}. OMVS - RLIST STARTED {zowe.setup.security.stcs.zowe}.* ALL STDATA - RLIST STARTED {zowe.setup.security.stcs.zis}.* ALL STDATA - RLIST STARTED {zowe.setup.security.stcs.aux}.* ALL STDATA + LISTGRP {zowe.setup.security.groups.stc} OMVS + LISTUSER {zowe.setup.security.users.zowe} OMVS + LISTUSER {zowe.setup.security.users.zis} OMVS + RLIST STARTED {zowe.setup.security.stcs.zowe}* ALL STDATA + RLIST STARTED {zowe.setup.security.stcs.zis}* ALL STDATA + RLIST STARTED {zowe.setup.security.stcs.aux}* ALL STDATA /* DEFINE ZIS SECURITY RESOURCES ................................... */ @@ -258,8 +258,8 @@ /* EGN is not active on your system. */ /* HLQ stub */ - LISTGRP {zowe.setup.dataset.prefix}. - ADDGROUP {zowe.setup.dataset.prefix}. DATA('Zowe - HLQ STUB') + LISTGRP {zowe.setup.dataset.prefix} + ADDGROUP {zowe.setup.dataset.prefix} DATA('Zowe - HLQ STUB') /* general data set protection */ LISTDSD PREFIX({zowe.setup.dataset.prefix}) ALL @@ -270,7 +270,7 @@ SETROPTS GENERIC(DATASET) REFRESH /* show results .................................................... */ - LISTGRP {zowe.setup.dataset.prefix}. + LISTGRP {zowe.setup.dataset.prefix} LISTDSD PREFIX({zowe.setup.dataset.prefix}) ALL /* DEFINE ZOWE RESOURCE PROTECTION ................................. */ diff --git a/files/SZWESAMP/ZWEISTC b/files/SZWESAMP/ZWEISTC index 152ef524a3..e708229a33 100644 --- a/files/SZWESAMP/ZWEISTC +++ b/files/SZWESAMP/ZWEISTC @@ -11,6 +11,12 @@ //* //********************************************************************* //* +//* This job is used to add proclib members +//* Used to start a Zowe "instance" +//* Instances represent a configuration of Zowe, different from the +//* "runtime" datasets that are created upon install of Zowe / SMPE. +//* +//********************************************************************* //* //MCOPY EXEC PGM=IEBCOPY //SYSPRINT DD SYSOUT=A diff --git a/files/SZWESAMP/ZWEITSS b/files/SZWESAMP/ZWEITSS index eb5f756cb9..d78d031495 100644 --- a/files/SZWESAMP/ZWEITSS +++ b/files/SZWESAMP/ZWEITSS @@ -203,13 +203,13 @@ TSS PERMIT({zowe.setup.security.users.zowe}) APPL(OMVSAPPL) /* advised to protect it against updates. */ /* HLQ stub */ - TSS ADD(&ADMINDEP.) DATASET({zowe.setup.dataset.prefix}.) + TSS ADD(&ADMINDEP.) DATASET({zowe.setup.dataset.prefix}) /* general data set protection */ TSS WHOHAS DATASET({zowe.setup.dataset.prefix}) - TSS PER(ALL) DATASET({zowe.setup.dataset.prefix}.) ACCESS(READ) + TSS PER(ALL) DATASET({zowe.setup.dataset.prefix}) ACCESS(READ) TSS PER({zowe.setup.security.groups.sysProg}) + - DATASET({zowe.setup.dataset.prefix}.) ACCESS(ALL) + DATASET({zowe.setup.dataset.prefix}) ACCESS(ALL) /* show results */ TSS WHOHAS DATASET({zowe.setup.dataset.prefix}) diff --git a/files/SZWESAMP/ZWENOKRR b/files/SZWESAMP/ZWENOKRR index adc0f95f5c..db07aa46d5 100644 --- a/files/SZWESAMP/ZWENOKRR +++ b/files/SZWESAMP/ZWENOKRR @@ -32,7 +32,7 @@ //* //******************************************************************* //* -//* * You do NOT need to set USERNAME when running ZWEGENER. +//* * You do NOT need to change USERNAME when running ZWEGENER. //* * This is used to keep some lines under the column limit. //* // SET USERNAME={zowe.setup.security.users.zowe} diff --git a/files/SZWESAMP/ZWERMVS b/files/SZWESAMP/ZWERMVS new file mode 100644 index 0000000000..fa4938cebc --- /dev/null +++ b/files/SZWESAMP/ZWERMVS @@ -0,0 +1,29 @@ +//ZWERMVS JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* This job is used to remove datasets used by a Zowe "instance" +//* Instances represent a configuration of Zowe, different from the +//* "runtime" datasets that are created upon install of Zowe / SMPE. +//* +//* If your choosen value of 'zowe.setup.dataset.authLoadlib' is not +//* Equal to 'zowe.setup.prefix' + 'SZWELOAD', +//* Then you must also run "ZWERMVS2". +//* +//********************************************************************* +//RMPDSE EXEC PGM=IKJEFT01 +//SYSTSPRT DD SYSOUT=A +//SYSTSIN DD * +DELETE ('{zowe.setup.dataset.parmlib}', + + '{zowe.setup.dataset.authPluginLib}') + + SCRATCH NONVSAM +//* diff --git a/files/SZWESAMP/ZWERMVS2 b/files/SZWESAMP/ZWERMVS2 new file mode 100644 index 0000000000..e42a8c178d --- /dev/null +++ b/files/SZWESAMP/ZWERMVS2 @@ -0,0 +1,27 @@ +//ZWERMVS2 JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* This job is used to remove the APF load library for an instance +//* Of Zowe. It is not needed if your choosen value of +//* 'zowe.setup.dataset.authLoadlib' is equal to +//* 'zowe.setup.prefix' + 'SZWELOAD'. +//* +//* When running this job, you should also run ZWERMVS +//* +//********************************************************************* +//RMPDSE EXEC PGM=IKJEFT01 +//SYSTSPRT DD SYSOUT=A +//SYSTSIN DD * +DELETE '{zowe.setup.dataset.authLoadLib}' + + SCRATCH NONVSAM +//* diff --git a/files/SZWESAMP/ZWERSTC b/files/SZWESAMP/ZWERSTC new file mode 100644 index 0000000000..2d5980d051 --- /dev/null +++ b/files/SZWESAMP/ZWERSTC @@ -0,0 +1,34 @@ +//ZWERSTC JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* This job is used to remove proclib members +//* Used to start a Zowe "instance" +//* Instances represent a configuration of Zowe, different from the +//* "runtime" datasets that are created upon install of Zowe / SMPE. +//* +//********************************************************************* +//* +//* * You do NOT need to change PROCLIB when running ZWEGENER. +//* * This is used to keep some lines under the column limit. +//* +// SET PROCLIB={zowe.setup.dataset.proclib} +//* +//********************************************************************* +//RMPROC EXEC PGM=IKJEFT01 +//SYSTSPRT DD SYSOUT=A +//SYSTSIN DD * +DELETE ('&PROCLIB.({zowe.setup.security.stcs.zowe})', + + '&PROCLIB.({zowe.setup.security.stcs.zis})', + + '&PROCLIB.({zowe.setup.security.stcs.aux})') + + SCRATCH NONVSAM +//* \ No newline at end of file From 4cc018f112e9d82889e92220d64a0fb9d0917ada Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 13 Feb 2024 14:24:19 -0500 Subject: [PATCH 044/258] Add in node and java DETECT code from init ts PR to avoid schema errors Signed-off-by: 1000TurquoisePogs --- bin/libs/java.sh | 4 +++- bin/libs/java.ts | 4 ++-- bin/libs/node.sh | 4 +++- bin/libs/node.ts | 4 ++-- example-zowe.yaml | 8 +++++--- 5 files changed, 15 insertions(+), 9 deletions(-) diff --git a/bin/libs/java.sh b/bin/libs/java.sh index 3bf49d3329..8a06b518c6 100644 --- a/bin/libs/java.sh +++ b/bin/libs/java.sh @@ -75,7 +75,9 @@ require_java() { if [ -n "${ZWE_CLI_PARAMETER_CONFIG}" ]; then custom_java_home="$(shell_read_yaml_java_home "${ZWE_CLI_PARAMETER_CONFIG}")" if [ -n "${custom_java_home}" ]; then - export JAVA_HOME="${custom_java_home}" + if [ "${custom_java_home}" != "DETECT" ]; then + export JAVA_HOME="${custom_java_home}" + fi fi fi if [ -z "${JAVA_HOME}" ]; then diff --git a/bin/libs/java.ts b/bin/libs/java.ts index a2a67e55ca..12290de6d0 100644 --- a/bin/libs/java.ts +++ b/bin/libs/java.ts @@ -61,7 +61,7 @@ export function requireJava() { } if (std.getenv('ZWE_CLI_PARAMETER_CONFIG')) { const customJavaHome = shellReadYamlJavaHome(); - if (customJavaHome) { + if (customJavaHome && customJavaHome != "DETECT") { std.setenv('JAVA_HOME', customJavaHome); } } @@ -72,7 +72,7 @@ export function requireJava() { } } if (!std.getenv('JAVA_HOME')) { - common.printErrorAndExit("Error ZWEL0122E: Cannot find java. Please define JAVA_HOME environment variable.", undefined, 122); + common.printErrorAndExit("Error ZWEL0122E: Cannot find java. Please define JAVA_HOME environment variable or set java.home in the YAML config file.", undefined, 122); } ensureJavaIsOnPath(); diff --git a/bin/libs/node.sh b/bin/libs/node.sh index 068fa7abc7..5330ea06a2 100644 --- a/bin/libs/node.sh +++ b/bin/libs/node.sh @@ -86,7 +86,9 @@ require_node() { if [ -n "${ZWE_CLI_PARAMETER_CONFIG}" ]; then custom_node_home=$(shell_read_yaml_node_home "${ZWE_CLI_PARAMETER_CONFIG}") if [ -n "${custom_node_home}" ]; then - export NODE_HOME="${custom_node_home}" + if [ "${custom_node_home}" != "DETECT" ]; then + export NODE_HOME="${custom_node_home}" + fi fi fi if [ -z "${NODE_HOME}" ]; then diff --git a/bin/libs/node.ts b/bin/libs/node.ts index b1e9c57884..d88fdc5c75 100644 --- a/bin/libs/node.ts +++ b/bin/libs/node.ts @@ -67,7 +67,7 @@ export function requireNode() { } if (std.getenv('ZWE_CLI_PARAMETER_CONFIG')) { const customNodeHome = shellReadYamlNodeHome(); - if (customNodeHome) { + if (customNodeHome && customNodeHome != "DETECT") { std.setenv('NODE_HOME', customNodeHome); } } @@ -78,7 +78,7 @@ export function requireNode() { } } if (!std.getenv('NODE_HOME')) { - common.printErrorAndExit("Error ZWEL0121E: Cannot find node. Please define NODE_HOME environment variable.", undefined, 121); + common.printErrorAndExit("Error ZWEL0121E: Cannot find node. Please define NODE_HOME environment variable or set node.home in the YAML config file.", undefined, 121); } ensureNodeIsOnPath(); diff --git a/example-zowe.yaml b/example-zowe.yaml index 3d8dd63cdc..fd690f364e 100644 --- a/example-zowe.yaml +++ b/example-zowe.yaml @@ -452,8 +452,9 @@ zowe: #------------------------------------------------------------------------------- java: # **COMMONLY_CUSTOMIZED** - # Path to your Java home directory - home: "" + # Path to your Java home directory. + # If "DETECT", will check for java in PATH + home: "DETECT" #------------------------------------------------------------------------------- @@ -468,7 +469,8 @@ java: node: # **COMMONLY_CUSTOMIZED** # Path to your node.js home directory - home: "" + # If "DETECT", will check for node in PATH + home: "DETECT" #------------------------------------------------------------------------------- From b81bfdf18e4292a6296e4f99cec578a96091703a Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 13 Feb 2024 15:49:29 -0500 Subject: [PATCH 045/258] Allow remover jcls to continue execution even if bad rc, because we dont check for full existence before full removal Signed-off-by: 1000TurquoisePogs --- bin/commands/init/mvs/index.ts | 20 +++++++++++++++----- bin/commands/init/stc/index.ts | 2 +- bin/commands/init/vsam/index.ts | 2 +- 3 files changed, 17 insertions(+), 7 deletions(-) diff --git a/bin/commands/init/mvs/index.ts b/bin/commands/init/mvs/index.ts index c48c7c8b70..d2f96840fa 100644 --- a/bin/commands/init/mvs/index.ts +++ b/bin/commands/init/mvs/index.ts @@ -36,7 +36,9 @@ export function execute(allowOverwrite?: boolean) { common.printMessage(`Create data sets if they do not exist`); let skippedDatasets: boolean = false; - + let needCleanup: boolean = false; + let needAuthCleanup: boolean = false; + for (let i = 0; i < datasets.length; i++) { let key = datasets[i]; // read def and validate @@ -58,11 +60,12 @@ export function execute(allowOverwrite?: boolean) { const datasetExists=zosdataset.isDatasetExists(ds); if (datasetExists) { if (allowOverwrite) { - common.printMessage(`Warning ZWEL0300W: ${ds} already exists. Members in this data set will be overwritten.`); - zosJes.printAndHandleJcl(`//'${jcllib}(ZWERMVS)'`, `ZWERMVS`, jcllib, prefix); - if (runALoadlibCreate === true) { - zosJes.printAndHandleJcl(`//'${jcllib}(ZWERMVS2)'`, `ZWERMVS2`, jcllib, prefix); + if (key != 'authLoadLib') { + needCleanup = true; + } else { + needAuthCleanup = true; } + common.printMessage(`Warning ZWEL0300W: ${ds} already exists. Members in this data set will be overwritten.`); } else { skippedDatasets = true; common.printMessage(`Warning ZWEL0301W: ${ds} already exists and will not be overwritten. For upgrades, you must use --allow-overwrite.`); @@ -74,6 +77,13 @@ export function execute(allowOverwrite?: boolean) { if (skippedDatasets && !allowOverwrite) { common.printMessage(`Skipped writing to a dataset. To write, you must use --allow-overwrite.`); } else { + if (allowOverwrite && needCleanup) { + zosJes.printAndHandleJcl(`//'${jcllib}(ZWERMVS)'`, `ZWERMVS`, jcllib, prefix, false, true); + } + if (allowOverwrite && runALoadlibCreate === true && needAuthCleanup) { + zosJes.printAndHandleJcl(`//'${jcllib}(ZWERMVS2)'`, `ZWERMVS2`, jcllib, prefix, false, true); + } + zosJes.printAndHandleJcl(`//'${jcllib}(ZWEIMVS)'`, `ZWEIMVS`, jcllib, prefix); if (runALoadlibCreate === true) { zosJes.printAndHandleJcl(`//'${jcllib}(ZWEIMVS2)'`, `ZWEIMVS2`, jcllib, prefix); diff --git a/bin/commands/init/stc/index.ts b/bin/commands/init/stc/index.ts index 663c6955d8..06cc47f0a8 100644 --- a/bin/commands/init/stc/index.ts +++ b/bin/commands/init/stc/index.ts @@ -87,7 +87,7 @@ export function execute(allowOverwrite: boolean = false) { // Fix JCL if needed - cannot copy member with same name via (foo,foo,R) // must instead be (foo,,R), so do string replace if see dual name. if (stcExistence == true) { - zosJes.printAndHandleJcl(`//'${jcllib}(ZWERSTC)'`, `ZWERSTC`, jcllib, prefix); + zosJes.printAndHandleJcl(`//'${jcllib}(ZWERSTC)'`, `ZWERSTC`, jcllib, prefix, false, true); } const tmpfile = fs.createTmpFile(`zwe ${COMMAND_LIST}`.replace(new RegExp('\ ', 'g'), '-')); diff --git a/bin/commands/init/vsam/index.ts b/bin/commands/init/vsam/index.ts index db417394d8..75c634025e 100644 --- a/bin/commands/init/vsam/index.ts +++ b/bin/commands/init/vsam/index.ts @@ -54,7 +54,7 @@ export function execute(allowOverwrite?: boolean, dryRun?: boolean, updateConfig const vsamExistence = zosDataset.isDatasetExists(name); if (vsamExistence && allowOverwrite) { - zosJes.printAndHandleJcl(`//'${jcllib}(ZWECSRVS)'`, `ZWECSRVS`, jcllib, prefix); + zosJes.printAndHandleJcl(`//'${jcllib}(ZWECSRVS)'`, `ZWECSRVS`, jcllib, prefix, false, true); } else if (vsamExistence) { return common.printErrorAndExit(`Error ZWEL0158E: ${name} already exists.`, undefined, 158); } From 2c5c17c2c0c3eb101a931c81f599dda44216624f Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Tue, 20 Feb 2024 11:36:00 +0100 Subject: [PATCH 046/258] Valid DSN example Signed-off-by: Martin Zeithaml --- files/SZWESAMP/ZWEGENER | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/SZWESAMP/ZWEGENER b/files/SZWESAMP/ZWEGENER index ae147824e9..ff5f149a50 100644 --- a/files/SZWESAMP/ZWEGENER +++ b/files/SZWESAMP/ZWEGENER @@ -58,7 +58,7 @@ $$ //* Overridden by the higher entries. //* PARMLIB member must be named "ZWEYAML" //* -//* Ex. PARMLIB MY.ZOWE.CUSTOMIZATIONS +//* Ex. PARMLIB MY.ZOWE.CUSTOM.PARMLIB //* FILE /the/zowe/defaults.yaml //MYCONFIG DD *,DLM=$$ FILE From 08b0d1cde0861e05406164a472029b11454f9598 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Wed, 21 Feb 2024 14:11:06 +0100 Subject: [PATCH 047/258] Schema validations: datasets Signed-off-by: Martin Zeithaml --- schemas/server-common.json | 22 ++++++++++++++++++---- schemas/zowe-yaml-schema.json | 22 +++++++++++----------- 2 files changed, 29 insertions(+), 15 deletions(-) diff --git a/schemas/server-common.json b/schemas/server-common.json index 4eaa81feb1..1a96a5d449 100644 --- a/schemas/server-common.json +++ b/schemas/server-common.json @@ -17,12 +17,26 @@ "pattern": "^(([\\^\\~\\>\\<]?)|(>=?)|(<=?))[0-9]*\\.[0-9]*\\.[0-9]*(-*[a-zA-Z][0-9a-zA-Z\\-\\.]*)?(\\+[0-9a-zA-Z\\-\\.]*)?$" }, "dataset": { - "$anchor": "zoweDataset", "type": "string", - "description": "A 44-char all caps dotted ZOS name", - "pattern": "^([A-Z\\$\\#\\@]){1}([A-Z0-9\\$\\#\\@\\-]){0,7}(\\.([A-Z\\$\\#\\@]){1}([A-Z0-9\\$\\#\\@\\-]){0,7}){0,11}$", "minLength": 3, - "maxLength": 44 + "pattern": "^([A-Z\\$\\#\\@]){1}([A-Z0-9\\$\\#\\@\\-]){0,7}(\\.([A-Z\\$\\#\\@]){1}([A-Z0-9\\$\\#\\@\\-]){0,7}){0,11}$", + "oneOf": [ + { + "$anchor": "zoweDataset", + "description": "A 44-char all caps dotted ZOS name", + "maxLength": 44 + }, + { + "$anchor": "zoweDatasetPrefix", + "description": "A 35-char all caps dotted ZOS name (space for '.SZWEnnnn')", + "maxLength": 35 + }, + { + "$anchor": "zoweDatasetVsam", + "description": "A 38-char all caps dotted ZOS name (space for '.INDEX')", + "maxLength": 38 + } + ] }, "datasetMember": { "$anchor": "zoweDatasetMember", diff --git a/schemas/zowe-yaml-schema.json b/schemas/zowe-yaml-schema.json index 01198bd6c8..dc73acbf99 100644 --- a/schemas/zowe-yaml-schema.json +++ b/schemas/zowe-yaml-schema.json @@ -21,15 +21,15 @@ "description": "MVS data set related configurations", "properties": { "prefix": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDatasetPrefix", "description": "Where Zowe MVS data sets will be installed" }, "proclib": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDataset", "description": "PROCLIB where Zowe STCs will be copied over" }, "parmlib": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDataset", "description": "Zowe PARMLIB" }, "parmlibMembers": { @@ -44,21 +44,21 @@ } }, "jcllib": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDataset", "description": "JCL library where Zowe will store temporary JCLs during initialization" }, "loadlib": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDataset", "description": "States the dataset where Zowe executable utilities are located", "default": ".SZWELOAD" }, "authLoadlib": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDataset", "description": "The dataset that contains any Zowe core code that needs to run APF-authorized, such as ZIS", "default": ".SZWEAUTH" }, "authPluginLib": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDataset", "description": "APF authorized LOADLIB for Zowe ZIS Plugins" } } @@ -142,17 +142,17 @@ "description": "STC names", "properties": { "zowe": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDatasetMember", "description": "STC name of main service", "default": "ZWESLSTC" }, "zis": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDatasetMember", "description": "STC name of ZIS", "default": "ZWESISTC" }, "aux": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDatasetMember", "description": "STC name of Auxiliary Service", "default": "ZWESASTC" } @@ -384,7 +384,7 @@ "description": "Storage class name if you are using VSAM in RLS mode" }, "name": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDatasetVsam", "description": "Data set name. Must match components.caching-service.storage.vsam.name" } } From 36dff34d4e6125dccd57d5cbaf4d48b5cef84e34 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Fri, 27 Oct 2023 10:21:16 +0200 Subject: [PATCH 048/258] zwe diagnose running under configmgr Signed-off-by: Martin Zeithaml --- CHANGELOG.md | 6 +-- bin/commands/diagnose/index.sh | 70 ++++++++++++++++++++++++--------- bin/commands/diagnose/index.ts | 71 ++++++++++++++++++++++++---------- 3 files changed, 104 insertions(+), 43 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index be6da56e68..c3292093c2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,8 @@ All notable changes to the Zowe Installer will be documented in this file. #### Minor enhancements/defect fixes - Bugfix: Workflow files in the Zowe PAX are now ASCII-encoded. Fixes [#3591](https://github.com/zowe/zowe-install-packaging/issues/3591). +- Enhancement: `/bin/utils/date-add.rex` utility is accepting the date formatting as combination of YY|YYYY, MM, DD and any separator. +- Bugfix: `zwe diagnose` running under comfigmgr and output formatted. Fixes #[3627](https://github.com/zowe/zowe-install-packaging/issues/3627). ## `2.12.0` @@ -25,10 +27,6 @@ All notable changes to the Zowe Installer will be documented in this file. #### Minor enhancements/defect fixes -## `2.13.0` -#### Minor enhancements/defect fixes -- Enhancement: `/bin/utils/date-add.rex` utility is accepting the date formatting as combination of YY|YYYY, MM, DD and any separator. - ## `2.11.0` ### New features and enhancements diff --git a/bin/commands/diagnose/index.sh b/bin/commands/diagnose/index.sh index e843993523..d1f07e8ebe 100644 --- a/bin/commands/diagnose/index.sh +++ b/bin/commands/diagnose/index.sh @@ -11,25 +11,59 @@ # Copyright Contributors to the Zowe Project. ####################################################################### -error_code="${ZWE_CLI_PARAMETER_ERROR_CODE}" +USE_CONFIGMGR=$(check_configmgr_enabled) +if [ "${USE_CONFIGMGR}" = "true" ]; then + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/diagnose/cli.js" +else + + error_code="${ZWE_CLI_PARAMETER_ERROR_CODE}" -server_code=$(echo "${error_code}" | cut -c4) + print_message "" -if echo $error_code | grep -q -E "^[zZ][wW][eE][AaSsDdLl][A-Za-z]?[0-9]{3,4}[A-Za-z]$"; then - if [[ "$server_code" == [Dd] ]]; then - print_message "This code corresponds to the errors related to the ZOWE Desktop and the App Server." - print_message "To find the description of this error code, refer to the Zowe documentation at https://github.com/zowe/docs-site/blob/master/docs/troubleshoot/app-framework/appserver-error-codes.md" - elif [[ "$server_code" == [Ss] ]]; then - print_message "This code corresponds to the errors related to the Zowe Subsystem Services (ZSS) and Zowe Installation Services (ZIS)" - print_message "To find the description of this error code, refer to the Zowe documentation for ZSS at https://docs.zowe.org/stable/troubleshoot/app-framework/zss-error-codes and for ZIS at https://github.com/zowe/docs-site/blob/master/docs/troubleshoot/app-framework/zis-error-codes.md" - elif [[ "$server_code" == [Aa] ]]; then - print_message "This code corresponds to the errors related to the Zowe API Mediation Layer (APIML)." - print_message "To find the description of this error code, refer to the Zowe documentation at https://docs.zowe.org/stable/troubleshoot/troubleshoot-apiml-error-codes" - elif [[ "$server_code" == [Ll] ]]; then - print_message "This code corresponds to the errors related to the Zowe Launcher and ZWE" - print_message "To find the description of this error code, refer to the Zowe documentation for the Launcher at https://docs.zowe.org/stable/troubleshoot/launcher/launcher-error-codes and https://github.com/zowe/launcher/blob/v2.x/master/src/msg.h, and for ZWE at https://docs.zowe.org/stable/appendix/zwe_server_command_reference/zwe/ " + if echo $error_code | grep -q -E "^[zZ][wW][eE][AaSsDdLl][A-Za-z]?[0-9]{3,4}[A-Za-z]$"; then + server_code=$(echo "${error_code}" | cut -c4) + if [[ "$server_code" == [Dd] ]]; then + print_message "This code corresponds to the errors related to the ZOWE Desktop and the App Server." + print_message "" + print_message "To find the description of this error code, refer to the:" + print_message "" + print_message " Zowe documentation for Application framework" + print_message " https://docs.zowe.org/stable/troubleshoot/app-framework/appserver-error-codes" + elif [[ "$server_code" == [Ss] ]]; then + print_message "This code corresponds to the errors related to the Zowe Subsystem Services (ZSS) and Zowe Installation Services (ZIS)." + print_message "" + print_message "To find the description of this error code, refer to the:" + print_message "" + print_message " Zowe documentation for ZSS" + print_message " https://docs.zowe.org/stable/troubleshoot/app-framework/zss-error-codes" + print_message " Zowe documentation for ZIS" + print_message " https://docs.zowe.org/stable/troubleshoot/app-framework/zis-error-codes" + elif [[ "$server_code" == [Aa] ]]; then + print_message "This code corresponds to the errors related to the Zowe API Mediation Layer (APIML)." + print_message "" + print_message "To find the description of this error code, refer to the:" + print_message "" + print_message " Zowe documentation for API Mediation Layer" + print_message " https://docs.zowe.org/stable/troubleshoot/troubleshoot-apiml-error-codes" + elif [[ "$server_code" == [Ll] ]]; then + print_message "This code corresponds to the errors related to the Zowe Launcher and ZWE." + print_message "" + print_message "To find the description of this error code, refer to the:" + print_message "" + print_message " Zowe documentation for Launcher" + print_message " https://docs.zowe.org/stable/troubleshoot/launcher/launcher-error-codes" + print_message " Launcher error codes" + print_message " https://github.com/zowe/launcher/blob/v2.x/master/src/msg.h" + print_message " Zowe documentation for ZWE" + print_message " https://docs.zowe.org/stable/appendix/zwe_server_command_reference/zwe/" + fi + print_message "" + print_message "You may also explore reports from other users experiencing the same error by searching" + print_message "https://github.com/search?q=org%3Azowe+${error_code}&type=discussions" + else + print_error_and_exit "ZWEL0102E: Invalid parameter --error-code='${error_code}'" "" 102 fi - print_message "You may also explore reports from other users experiencing the same error by searching here https://github.com/search?q=org%3Azowe+${error_code}&type=discussions" -else - print_error_and_exit "Invalid Error Code" "" 102 + + print_message "" + fi diff --git a/bin/commands/diagnose/index.ts b/bin/commands/diagnose/index.ts index 1fe91dc198..8fb6518277 100644 --- a/bin/commands/diagnose/index.ts +++ b/bin/commands/diagnose/index.ts @@ -8,31 +8,60 @@ Copyright Contributors to the Zowe Project. */ - import * as std from 'cm_std'; import * as common from '../../libs/common'; -export function execute() { - const errorCode: string = std.getenv('ZWE_CLI_PARAMETER_ERROR_CODE'); +const THIS_CODE = "\nThis code corresponds to the errors related to the"; +const FIND_DESC = "To find the description of this error code, refer to the:\n "; +const URL = { + apiML: "https://docs.zowe.org/stable/troubleshoot/troubleshoot-apiml-error-codes", + appFW : "https://docs.zowe.org/stable/troubleshoot/app-framework/appserver-error-codes", + launcher: "https://docs.zowe.org/stable/troubleshoot/launcher/launcher-error-codes", + launcherGit: "https://github.com/zowe/launcher/blob/v2.x/master/src/msg.h", + zss: "https://docs.zowe.org/stable/troubleshoot/app-framework/zss-error-codes", + zis: "https://docs.zowe.org/stable/troubleshoot/app-framework/zis-error-codes", + zwe: "https://docs.zowe.org/stable/appendix/zwe_server_command_reference/zwe/" +} + +function thisCodeCorrespondsTo(component: string){ + common.printMessage(`${THIS_CODE} ${component}.\n`); + common.printMessage(`${FIND_DESC}`); +} - const serverCode: string = errorCode.charAt(3); +function printLinks(description: string, link: string){ + if (link.indexOf('github') > 0) + common.printMessage(` ${description}`) + else + common.printMessage(` Zowe documentation for ${description}`) + common.printMessage(` ${link}`); +} - if (/^[zZ][wW][eE][AaSsDdLl][A-Za-z]?[0-9]{3,4}[A-Za-z]$/.test(errorCode)) { - if (serverCode.toLowerCase() === 'd') { - common.printMessage("This code corresponds to the errors related to the ZOWE Desktop and the App Server."); - common.printMessage("To find the description of this error code, refer to the Zowe documentation at https://github.com/zowe/docs-site/blob/master/docs/troubleshoot/app-framework/appserver-error-codes.md"); - } else if (serverCode.toLowerCase() === 's') { - common.printMessage("This code corresponds to the errors related to the Zowe Subsystem Services (ZSS) and Zowe Installation Services (ZIS)"); - common.printMessage("To find the description of this error code, refer to the Zowe documentation for ZSS at https://docs.zowe.org/stable/troubleshoot/app-framework/zss-error-codes and for ZIS at https://github.com/zowe/docs-site/blob/master/docs/troubleshoot/app-framework/zis-error-codes.md"); - } else if (serverCode.toLowerCase() === 'a') { - common.printMessage("This code corresponds to the errors related to the Zowe API Mediation Layer (APIML)."); - common.printMessage("To find the description of this error code, refer to the Zowe documentation at https://docs.zowe.org/stable/troubleshoot/troubleshoot-apiml-error-codes"); - } else if (serverCode.toLowerCase() === 'l') { - common.printMessage("This code corresponds to the errors related to the Zowe Launcher and ZWE"); - common.printMessage("To find the description of this error code, refer to the Zowe documentation for the Launcher at https://docs.zowe.org/stable/troubleshoot/launcher/launcher-error-codes and https://github.com/zowe/launcher/blob/v2.x/master/src/msg.h, and for ZWE at https://docs.zowe.org/stable/appendix/zwe_server_command_reference/zwe/"); +export function execute() { + const errorCode = std.getenv('ZWE_CLI_PARAMETER_ERROR_CODE'); + if (/^[zZ][wW][eE][AaSsDdLl][A-Za-z]?[0-9]{3,4}[A-Za-z]$/.test(errorCode)) { + const serverCode = errorCode.charAt(3); + if (serverCode.toLowerCase() === 'd') { + thisCodeCorrespondsTo('ZOWE Desktop and the App Server'); + printLinks('Application framework', `${URL.appFW}`); + } + else if (serverCode.toLowerCase() === 's') { + thisCodeCorrespondsTo('Zowe Subsystem Services (ZSS) and Zowe Installation Services (ZIS)'); + printLinks('ZSS', `${URL.zss}`); + printLinks('ZIS', `${URL.zis}`); + } + else if (serverCode.toLowerCase() === 'a') { + thisCodeCorrespondsTo('Zowe API Mediation Layer (APIML)'); + printLinks('API Mediation Layer', `${URL.apiML}`); + } + else if (serverCode.toLowerCase() === 'l') { + thisCodeCorrespondsTo('Zowe Launcher and ZWE'); + printLinks('Launcher', `${URL.launcher}`); + printLinks('Launcher error codes', `${URL.launcherGit}`); + printLinks('ZWE', `${URL.zwe}`); + } + common.printMessage(`\nYou may also explore reports from other users experiencing the same error by searching\nhttps://github.com/search?q=org%3Azowe+${errorCode}&type=discussions\n`); + } + else { + common.printErrorAndExit(`ZWEL0102E: Invalid parameter --error-code='${errorCode}'`, undefined, 102); } - common.printMessage(`You may also explore reports from other users experiencing the same error by searching here https://github.com/search?q=org%3Azowe+${errorCode}&type=discussions`) - } else { - common.printErrorAndExit("Invalid Error Code", undefined, 102); - } } From 9d5a7388023bde8f4e1c8bdc0ebaf550d829a4f7 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml <66114686+Martin-Zeithaml@users.noreply.github.com> Date: Wed, 31 Jan 2024 13:57:53 +0100 Subject: [PATCH 049/258] bin/libs/string.sh: trim update Signed-off-by: Martin Zeithaml <66114686+Martin-Zeithaml@users.noreply.github.com> --- bin/libs/string.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/libs/string.sh b/bin/libs/string.sh index 1c1be161ba..c5b95d38bb 100755 --- a/bin/libs/string.sh +++ b/bin/libs/string.sh @@ -22,7 +22,7 @@ trim() { input=${1} fi - echo "${input}" | xargs + echo "${input}" | sed -e 's/^[[:space:]]*//;s/[[:space:]]*$//' } ############################### From cdb1741899b95333a09af0f88de9c259f461c968 Mon Sep 17 00:00:00 2001 From: MarkAckert Date: Mon, 22 Jan 2024 12:24:04 -0500 Subject: [PATCH 050/258] build: sigstore sign build artifacts Signed-off-by: MarkAckert --- .github/workflows/build-packaging.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build-packaging.yml b/.github/workflows/build-packaging.yml index 1591457df4..a3c3fec7ff 100644 --- a/.github/workflows/build-packaging.yml +++ b/.github/workflows/build-packaging.yml @@ -265,6 +265,7 @@ jobs: timeout-minutes: 10 uses: zowe-actions/shared-actions/publish@main with: + sigstore-sign-artifacts: true artifacts: | .pax/zowe.pax .pax/zowe-smpe.zip From 1ffb83456a830683b8e51701a58d5c9b98ee6081 Mon Sep 17 00:00:00 2001 From: MarkAckert Date: Mon, 22 Jan 2024 12:47:46 -0500 Subject: [PATCH 051/258] build: add id-token permissions for sigstore Signed-off-by: MarkAckert --- .github/workflows/build-packaging.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/build-packaging.yml b/.github/workflows/build-packaging.yml index a3c3fec7ff..8df9ac8d69 100644 --- a/.github/workflows/build-packaging.yml +++ b/.github/workflows/build-packaging.yml @@ -1,4 +1,8 @@ name: Zowe Build and Packaging + +permissions: + id-token: write + on: push: branches: From b90883f8de96a407a3e1618c9d8682ab472697ec Mon Sep 17 00:00:00 2001 From: MarkAckert Date: Mon, 22 Jan 2024 12:51:24 -0500 Subject: [PATCH 052/258] build: discrete permissions cont.. Signed-off-by: MarkAckert --- .github/workflows/build-packaging.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-packaging.yml b/.github/workflows/build-packaging.yml index 8df9ac8d69..131fe2cae2 100644 --- a/.github/workflows/build-packaging.yml +++ b/.github/workflows/build-packaging.yml @@ -2,6 +2,7 @@ name: Zowe Build and Packaging permissions: id-token: write + issues: write on: push: @@ -134,7 +135,7 @@ jobs: echo BUILD_WHAT=$BUILD_WHAT >> $GITHUB_OUTPUT - - name: '[Prep 7] Comment on PR to indicate build is started' + - name: '[Prep 7] Comment on PR to indicate build is started' uses: actions/github-script@v5 id: create-comment if: (github.event_name == 'workflow_dispatch' || github.event_name == 'pull_request') && startsWith(env.CURRENT_BRANCH, 'PR-') From fcf21c0cad188935e05a7156d8ed5bf7284e91ca Mon Sep 17 00:00:00 2001 From: MarkAckert Date: Mon, 22 Jan 2024 12:57:06 -0500 Subject: [PATCH 053/258] build: discrete permissions cont... PR Signed-off-by: MarkAckert --- .github/workflows/build-packaging.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build-packaging.yml b/.github/workflows/build-packaging.yml index 131fe2cae2..254b17187b 100644 --- a/.github/workflows/build-packaging.yml +++ b/.github/workflows/build-packaging.yml @@ -3,6 +3,7 @@ name: Zowe Build and Packaging permissions: id-token: write issues: write + pull-requests: write on: push: From 5679583e06c6f94e5a6b01f722ed982a173502ff Mon Sep 17 00:00:00 2001 From: MarkAckert Date: Mon, 22 Jan 2024 14:29:39 -0500 Subject: [PATCH 054/258] build: update contents permissions (ack locks) Signed-off-by: MarkAckert --- .github/workflows/build-packaging.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build-packaging.yml b/.github/workflows/build-packaging.yml index 254b17187b..dc6dda480d 100644 --- a/.github/workflows/build-packaging.yml +++ b/.github/workflows/build-packaging.yml @@ -4,6 +4,7 @@ permissions: id-token: write issues: write pull-requests: write + contents: write on: push: From c14385a7a477481a786711de93b08949222a3298 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml <66114686+Martin-Zeithaml@users.noreply.github.com> Date: Tue, 6 Feb 2024 13:27:19 +0100 Subject: [PATCH 055/258] Update zwe for handeling missing parms Signed-off-by: Martin Zeithaml <66114686+Martin-Zeithaml@users.noreply.github.com> --- bin/zwe | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bin/zwe b/bin/zwe index baaf43bb9d..80e6247115 100755 --- a/bin/zwe +++ b/bin/zwe @@ -69,7 +69,9 @@ while [ $# -gt 0 ]; do print_error_and_exit "Error ZWEL0103E: Invalid type of parameter ${arg}" "" 103 fi fi - shift + if [ $# -gt 0 ]; then + shift + fi done # debug results From f1611632b117f5fb91e495e21cbabe4c4b51e2c4 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml <66114686+Martin-Zeithaml@users.noreply.github.com> Date: Wed, 14 Feb 2024 17:35:12 +0100 Subject: [PATCH 056/258] Use the zos function for getFileEncoding (#3642) * Use the zos function Signed-off-by: Martin Zeithaml * CCSID only for platform=zos Signed-off-by: Martin Zeithaml * Update type declaration file Signed-off-by: Martin Zeithaml --------- Signed-off-by: Martin Zeithaml Co-authored-by: Mark Ackert <35308966+MarkAckert@users.noreply.github.com> --- bin/libs/zos-fs.ts | 12 +++++++----- build/zwe/types/@qjstypes/zos.d.ts | 5 +++++ 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/bin/libs/zos-fs.ts b/bin/libs/zos-fs.ts index 99305bc4b9..64eae0b2fd 100644 --- a/bin/libs/zos-fs.ts +++ b/bin/libs/zos-fs.ts @@ -20,11 +20,13 @@ import * as shell from './shell'; // Get file encoding from z/OS USS tagging export function getFileEncoding(filePath: string): number|undefined { //zos.changeTag(file, id) - let returnArray = os.stat(filePath); - if (!returnArray[1] && ((returnArray[0].mode & os.S_IFREG) == os.S_IFREG)) { //no error, and is file - return returnArray[0].ccsid; - } else { - common.printError(`getFileEncoding path=${filePath}, err=${returnArray[1]}`); + if (os.platform == 'zos') { + let returnArray = zos.zstat(filePath); + if (!returnArray[1] && ((returnArray[0].mode & os.S_IFMT) == os.S_IFREG)) { //no error, and is file + return returnArray[0].ccsid; + } else { + common.printError(`getFileEncoding path=${filePath}, err=${returnArray[1]}`); + } } return undefined; } diff --git a/build/zwe/types/@qjstypes/zos.d.ts b/build/zwe/types/@qjstypes/zos.d.ts index ec41ae6571..551948c5c2 100644 --- a/build/zwe/types/@qjstypes/zos.d.ts +++ b/build/zwe/types/@qjstypes/zos.d.ts @@ -11,8 +11,13 @@ export type ZStat = { dev: number; ino: number; + mode: number; + nlink: number; uid: number; gid: number; + rdev: number; + size: number; + blocks: number; atime: number; mtime: number; ctime: number; From 38b99d6f22a23ca1214a09b891bf29cc582df44e Mon Sep 17 00:00:00 2001 From: MarkAckert Date: Wed, 14 Feb 2024 14:02:20 -0500 Subject: [PATCH 057/258] update changelog to align with 2.15.0 Signed-off-by: MarkAckert --- CHANGELOG.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c3292093c2..9edb889b67 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to the Zowe Installer will be documented in this file. +## `2.15.0` + +## New features and enhancements + +## Minor enhancements/defect fixes +- Bugfix: `zwe diagnose` running under comfigmgr and output formatted. Fixes #[3627](https://github.com/zowe/zowe-install-packaging/issues/3627). + ## `2.14.0` ### New features and enhancements @@ -18,8 +25,6 @@ All notable changes to the Zowe Installer will be documented in this file. #### Minor enhancements/defect fixes - Bugfix: Workflow files in the Zowe PAX are now ASCII-encoded. Fixes [#3591](https://github.com/zowe/zowe-install-packaging/issues/3591). - Enhancement: `/bin/utils/date-add.rex` utility is accepting the date formatting as combination of YY|YYYY, MM, DD and any separator. -- Bugfix: `zwe diagnose` running under comfigmgr and output formatted. Fixes #[3627](https://github.com/zowe/zowe-install-packaging/issues/3627). - ## `2.12.0` From 44f1316296413913354a40246ee92db28d7589c2 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml <66114686+Martin-Zeithaml@users.noreply.github.com> Date: Thu, 15 Feb 2024 14:12:18 +0100 Subject: [PATCH 058/258] TSS: Detect zOSMF Root CA (#3725) * TSS: Detect zOSMF Root CA Signed-off-by: Martin Zeithaml * Parameters updated Signed-off-by: Martin Zeithaml * Minor text change Signed-off-by: Martin Zeithaml --------- Signed-off-by: Martin Zeithaml Signed-off-by: Martin Zeithaml Co-authored-by: Mark Ackert <35308966+MarkAckert@users.noreply.github.com> --- bin/libs/certificate.sh | 80 ++++++++++++++++++++++++++++++++++++++--- 1 file changed, 76 insertions(+), 4 deletions(-) diff --git a/bin/libs/certificate.sh b/bin/libs/certificate.sh index 8cdeeca026..8b6e28b77c 100644 --- a/bin/libs/certificate.sh +++ b/bin/libs/certificate.sh @@ -875,7 +875,15 @@ EOF if [ "${trust_zosmf}" = "1" ]; then if [ "${zosmf_root_ca}" = "_auto_" ]; then - zosmf_root_ca=$(detect_zosmf_root_ca "${ZWE_PRIVATE_ZOSMF_USER}") + if [ "${security_product}" = "RACF" ]; then + zosmf_root_ca=$(detect_zosmf_root_ca_racf "${ZWE_PRIVATE_ZOSMF_USER}") + fi + if [ "${security_product}" = "TSS" ]; then + zosmf_root_ca=$(detect_zosmf_root_ca_tss "${ZWE_PRIVATE_ZOSMF_USER}") + fi + if [ "${security_product}" = "ACF2" ]; then + zosmf_root_ca=$(detect_zosmf_root_ca_acf2 "${ZWE_PRIVATE_ZOSMF_USER}") + fi fi if [ -z "${zosmf_root_ca}" ]; then print_error_and_exit "Error ZWEL0137E: z/OSMF root certificate authority is not provided (or cannot be detected) with trusting z/OSMF option enabled." "" 137 @@ -1311,12 +1319,76 @@ EOF "${labels_with_private_key}" } -# this only works for RACF -detect_zosmf_root_ca() { +# FIXME +# - Support for multiple? | long | special characters entries +detect_zosmf_root_ca_tss() { + zosmf_user=${1:-IZUSVR} + zosmf_root_ca= + + print_trace "- Detect z/OSMF keyring by listing ID(${zosmf_user}) [TSS]" + zosmf_certs=$(tsocmd "TSS LIST(${zosmf_user}) KEYRING(ALL)" 2>&1) + code=$? + if [ ${code} -ne 0 ]; then + print_trace " * Exit code: ${code}" + print_trace " * Output:" + if [ -n "${zosmf_certs}" ]; then + print_trace "$(padding_left "${zosmf_certs}" " ")" + fi + return 1 + fi + + # Output example: + # KEYRING LABEL = KEYRING.IZUDFLT + zosmf_keyring_name=$(echo "${zosmf_certs}" | grep "KEYRING LABEL = " | awk -F= '{ print $2 }' | head -n 1) + if [ -n "${zosmf_keyring_name}" ]; then + print_trace " * z/OSMF keyring name is ${zosmf_keyring_name}" + # Output example: + # ACID(CERTAUTH) DIGICERT(ABCDEFGH) DEFAULT(NO ) USAGE(CERTAUTH) + # LABLCERT(ZOSMF_ROOT_CA ) + zosmf_root_ca=$(echo "${zosmf_certs}" | grep -A 1 "ACID(CERTAUTH)" | grep "LABLCERT(" | head -n 1) + zosmf_root_ca=$(echo "${zosmf_root_ca}" | awk '{ print substr( $0, 12, length($0)-13) }') + zosmf_root_ca=$(echo "${zosmf_root_ca}" | sed -e 's/^[[:space:]]*//;s/[[:space:]]*$//') + if [ -n "${zosmf_root_ca}" ]; then + print_trace " * z/OSMF root certificate authority found: ${zosmf_root_ca}" + echo "${zosmf_root_ca}" + return 0 + else + print_trace " * Error: cannot detect z/OSMF root certificate authority" + return 2 + fi + else + print_trace " * Error: failed to detect z/OSMF keyring name" + return 3 + fi +} + +# FIXME +# - add similar code using ACFUNIX instead of tsocmd +# - or use JCLs to be sure it will always works +detect_zosmf_root_ca_acf2() { + zosmf_user=${1:-IZUSVR} + zosmf_root_ca= + + print_trace "- Detect z/OSMF keyring by listing ID(${zosmf_user}) [ACF2]" + echo "${zosmf_root_ca}" + return 1 +} + +# FIXME +# - Support for multiple? | long | special characters entries +# - RACDCERT LISTRING will be confused if label contains 'CERTAUTH' word: +# +# Certificate Label Name Cert Owner USAGE DEFAULT +# -------------------------------- ------------ -------- ------- +# CERTAUTH_FOR_T800 ID(SKYNET) DEADLY YES +# JOHN_CONNOR CERTAUTH CERTAUTH NO +# +# Will return CERTAUTH_FOR_T800 instead of JOHN_CONNOR +detect_zosmf_root_ca_racf() { zosmf_user=${1:-IZUSVR} zosmf_root_ca= - print_trace "- Detect z/OSMF keyring by listing ID(${zosmf_user})" + print_trace "- Detect z/OSMF keyring by listing ID(${zosmf_user}) [RACF]" zosmf_certs=$(tsocmd "RACDCERT LIST ID(${zosmf_user})" 2>&1) code=$? if [ ${code} -ne 0 ]; then From 820979e02e6d3504ef227c99b57f778adde64095 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 21 Feb 2024 09:13:58 -0500 Subject: [PATCH 059/258] Split zowe class creation out of the security jcls because its not needed on newer zos. fix vsam existence check with new function. Signed-off-by: 1000TurquoisePogs --- bin/commands/init/mvs/index.ts | 2 +- bin/commands/init/security/index.ts | 21 ++- bin/commands/init/vsam/index.ts | 2 +- bin/libs/zos-dataset.ts | 207 ++------------------------- build/zwe/types/@qjstypes/zos.d.ts | 2 + files/SZWEEXEC/ZWEGEN00 | 14 +- files/SZWESAMP/{ZWEIACF2 => ZWEIACF} | 17 +-- files/SZWESAMP/ZWEIACFZ | 60 ++++++++ files/SZWESAMP/{ZWEIRACF => ZWEIRAC} | 25 +--- files/SZWESAMP/ZWEIRACZ | 66 +++++++++ files/SZWESAMP/ZWEITSS | 10 +- files/SZWESAMP/ZWEITSSZ | 54 +++++++ manifest.json.template | 2 +- 13 files changed, 222 insertions(+), 260 deletions(-) rename files/SZWESAMP/{ZWEIACF2 => ZWEIACF} (94%) create mode 100644 files/SZWESAMP/ZWEIACFZ rename files/SZWESAMP/{ZWEIRACF => ZWEIRAC} (93%) create mode 100644 files/SZWESAMP/ZWEIRACZ create mode 100644 files/SZWESAMP/ZWEITSSZ diff --git a/bin/commands/init/mvs/index.ts b/bin/commands/init/mvs/index.ts index d2f96840fa..3fbe8dab16 100644 --- a/bin/commands/init/mvs/index.ts +++ b/bin/commands/init/mvs/index.ts @@ -80,7 +80,7 @@ export function execute(allowOverwrite?: boolean) { if (allowOverwrite && needCleanup) { zosJes.printAndHandleJcl(`//'${jcllib}(ZWERMVS)'`, `ZWERMVS`, jcllib, prefix, false, true); } - if (allowOverwrite && runALoadlibCreate === true && needAuthCleanup) { + if (allowOverwrite && needAuthCleanup) { zosJes.printAndHandleJcl(`//'${jcllib}(ZWERMVS2)'`, `ZWERMVS2`, jcllib, prefix, false, true); } diff --git a/bin/commands/init/security/index.ts b/bin/commands/init/security/index.ts index 92e673f49a..b8956fa495 100644 --- a/bin/commands/init/security/index.ts +++ b/bin/commands/init/security/index.ts @@ -9,6 +9,7 @@ Copyright Contributors to the Zowe Project. */ +import * as zos from 'zos'; import * as common from '../../../libs/common'; import * as config from '../../../libs/config'; import * as zoslib from '../../../libs/zos'; @@ -32,10 +33,14 @@ export function execute(dryRun?: boolean, ignoreSecurityFailures?: boolean) { return common.printErrorAndExit(`Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command.`, undefined, 999); } - let securityProduct = ZOWE_CONFIG.zowe.setup?.security?.product; - if (!securityProduct) { - common.printErrorAndExit(`Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file.`, undefined, 157); + let securityProduct = zos.getEsm(); + if (!securityProduct || securityProduct == 'NONE') { + securityProduct = ZOWE_CONFIG.zowe.setup?.security?.product; + if (!securityProduct) { + common.printErrorAndExit(`Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file.`, undefined, 157); + } } + ['admin', 'stc', 'sysProg'].forEach((key)=> { if (!ZOWE_CONFIG.zowe.setup?.security?.groups || !ZOWE_CONFIG.zowe.setup?.security?.groups[key]) { common.printErrorAndExit(`Error ZWEL0157E: (zowe.setup.dataset.groups.${key}) is not defined in Zowe YAML configuration file.`, undefined, 157); @@ -52,9 +57,15 @@ export function execute(dryRun?: boolean, ignoreSecurityFailures?: boolean) { } }); - zosJes.printAndHandleJcl(`//'${jcllib}(ZWEI${securityProduct})'`, `ZWEI${securityProduct}`, jcllib, prefix, false, ignoreSecurityFailures); + const securityPrefix = securityProduct.substring(0,3); + + if (zos.zosVersion() < 0x1020500) { + zosJes.printAndHandleJcl(`//'${jcllib}(ZWEI${securityPrefix}Z)'`, `ZWEI${securityPrefix}Z`, jcllib, prefix, false, ignoreSecurityFailures); + } + + zosJes.printAndHandleJcl(`//'${jcllib}(ZWEI${securityPrefix})'`, `ZWEI${securityPrefix}`, jcllib, prefix, false, ignoreSecurityFailures); common.printMessage(``); - common.printMessage(`WARNING: Due to the limitation of the ZWEI${securityProduct} job, exit with 0 does not mean`); + common.printMessage(`WARNING: Due to the limitation of the ZWEI${securityPrefix} job, exit with 0 does not mean`); common.printMessage(` the job is fully successful. Please check the job log to determine`); common.printMessage(` if there are any inline errors.`); common.printMessage(``); diff --git a/bin/commands/init/vsam/index.ts b/bin/commands/init/vsam/index.ts index 75c634025e..1f06abd541 100644 --- a/bin/commands/init/vsam/index.ts +++ b/bin/commands/init/vsam/index.ts @@ -52,7 +52,7 @@ export function execute(allowOverwrite?: boolean, dryRun?: boolean, updateConfig const name = ZOWE_CONFIG.zowe.setup.vsam.name; - const vsamExistence = zosDataset.isDatasetExists(name); + const vsamExistence = zosDataset.isVsamDatasetExists(name); if (vsamExistence && allowOverwrite) { zosJes.printAndHandleJcl(`//'${jcllib}(ZWECSRVS)'`, `ZWECSRVS`, jcllib, prefix, false, true); } else if (vsamExistence) { diff --git a/bin/libs/zos-dataset.ts b/bin/libs/zos-dataset.ts index c1960ec929..103f4a0598 100644 --- a/bin/libs/zos-dataset.ts +++ b/bin/libs/zos-dataset.ts @@ -17,6 +17,14 @@ import * as stringlib from './string'; import * as shell from './shell'; import * as zoslib from './zos'; +//TODO a bit of a hack. "cat" cant output a vsam, so it will always give errors. +// however, the errors it gives are different depending on if the vsam exists or not. +export function isVsamDatasetExists(datasetName: string): boolean { + const result = shell.execErrSync('sh', '-c', `cat "//'${datasetName}'" 1>/dev/null 2>&1`); + return !(result.err && result.err.includes('EDC5049I')); + // EDC5049I = file not found +} + export function isDatasetExists(datasetName: string): boolean { const result = shell.execSync('sh', '-c', `cat "//'${datasetName}'" 1>/dev/null 2>&1`); return result.rc === 0; @@ -72,144 +80,6 @@ export function copyToDataset(filePath: string, dsName: string, cpOptions: strin return result.rc; } -export function datasetCopyToDataset(prefix: string, datasetFrom: string, datasetTo: string, allowOverwrite: boolean): number { - if (allowOverwrite != true) { - if (isDatasetExists(datasetTo)) { - common.printErrorAndExit(`Error ZWEL0133E: Data set ${datasetTo} already exists`, undefined, 133); - } - } - - const cmd=`exec '${prefix}.${std.getenv('ZWE_PRIVATE_DS_SZWEEXEC')}(ZWEMCOPY)' '${datasetFrom} ${datasetTo}'`; - const result = zoslib.tsoCommand(cmd); - return result.rc; -} - -// List users of a data set -// -// @param dsn data set name to check -// @return 0: no users -// 1: there are some users -// @output output of operator command "d grs" -export function listDatasetUser(datasetName: string): number { - const cmd=`D GRS,RES=(*,${datasetName})`; - const result=zoslib.operatorCommand(cmd); - return result.out.includes('NO REQUESTORS FOR RESOURCE') ? 0 : 1; - // example outputs: - // - // server 2021040 22:29:30.60 ISF031I CONSOLE MYCONS ACTIVATED - // server 2021040 22:29:30.60 -D GRS,RES=(*,IBMUSER.PARMLIB) - // server 2021040 22:29:30.60 ISG343I 22.29.30 GRS STATUS 336 - // S=SYSTEM SYSDSN IBMUSER.PARMLIB - // SYSNAME JOBNAME ASID TCBADDR EXC/SHR STATUS - // server ZWESISTC 0045 006FED90 SHARE OWN - // ISF754I Command 'SET CONSOLE MYCONS' generated from associated variable ISFCONS. - // ISF776I Processing started for action 1 of 1. - // ISF769I System command issued, command text: D GRS,RES=(*,IBMUSER.PARMLIB). - // ISF766I Request completed, status: COMMAND ISSUED. - // - // example output: - // - // server 2021040 22:31:07.32 ISF031I CONSOLE MYCONS ACTIVATED - // server 2021040 22:31:07.32 -D GRS,RES=(*,IBMUSER.LOADLIB) - // server 2021040 22:31:07.32 ISG343I 22.31.07 GRS STATUS 363 - // NO REQUESTORS FOR RESOURCE * IBMUSER.LOADLIB - // ISF754I Command 'SET CONSOLE MYCONS' generated from associated variable ISFCONS. - // ISF776I Processing started for action 1 of 1. - // ISF769I System command issued, command text: D GRS,RES=(*,IBMUSER.LOADLIB). - // ISF766I Request completed, status: COMMAND ISSUED. -} - -// Delete data set -// -// @param dsn data set (or with member) name to delete -// @return 0: exist -// 1: data set doesn't exist -// 2: data set member doesn't exist -// 3: data set is in use -// @output tso listds label output -export function deleteDataset(dataset: string): number { - const cmd=`delete '${dataset}'`; - const result=zoslib.tsoCommand(cmd); - if (result.rc != 0) { - if (result.out.includes('NOT IN CATALOG')) { - return 1; - } else if (result.out.includes('NOT FOUND')) { - return 2; - } else if (result.out.includes('IN USE BY')) { - return 3; - } - // some other error we don't know yet - return 9; - } - return 0; -} - -export function isDatasetSmsManaged(dataset: string): { rc: number, smsManaged?: boolean } { - // REF: https://www.ibm.com/docs/en/zos/2.3.0?topic=dscbs-how-found - // bit DS1SMSDS at offset 78(X'4E') - // - // Example of listds response: - // - // listds 'IBMUSER.LOADLIB' label - // IBMUSER.LOADLIB - // --RECFM-LRECL-BLKSIZE-DSORG - // U ** 6144 PO - // --VOLUMES-- - // VPMVSH - // --FORMAT 1 DSCB-- - // F1 E5D7D4E5E2C8 0001 780034 000000 09 00 00 C9C2D4D6E2E5E2F24040404040 - // 78003708000000 0200 C0 00 1800 0000 00 0000 82 80000002 000000 0000 0000 - // 0100037D000A037E0004 01010018000C0018000D 0102006F000D006F000E 0000000217 - // --FORMAT 3 DSCB-- - // 03030303 0103009200090092000A 01040092000B0092000C 01050092000D0092000E - // 0106035B0006035B0007 F3 0107035B0008035B0009 0108035B000A035B000B - // 00000000000000000000 00000000000000000000 00000000000000000000 - // 00000000000000000000 00000000000000000000 00000000000000000000 - // 00000000000000000000 0000000000 - // - // SMS flag is in `FORMAT 1 DSCB` section second line, after 780037 - - common.printTrace(`- Check if ${dataset} is SMS managed`); - const labelResult = zoslib.tsoCommand(`listds '${dataset}' label`); - const datasetLabel=labelResult.out; - if (labelResult.rc == 0) { - let formatIndex = datasetLabel.indexOf('--FORMAT 1 DSCB--'); - let dscb_fmt1: string; - if (formatIndex == -1) { - formatIndex = datasetLabel.indexOf('--FORMAT 8 DSCB--'); - } - if (formatIndex != -1) { - let startIndex = formatIndex + '--FORMAT 8 DSCB--'.length; - let endIndex = datasetLabel.indexOf('--',startIndex); - dscb_fmt1 = datasetLabel.substring(startIndex, endIndex); - } - if (!dscb_fmt1) { - common.printError(" * Failed to find format 1 data set control block information."); - return { rc: 2 }; - } else { - const lines = dscb_fmt1.split('\n'); - const line = lines.length > 1 ? lines[1] : ''; - const ds1smsfg = line.substring(6,8); - common.printTrace(` * DS1SMSFG: ${ds1smsfg}`); - if (!ds1smsfg) { - common.printError(" * Failed to find system managed storage indicators from format 1 data set control block."); - return { rc: 3 }; - } else { - const ds1smsds=parseInt(ds1smsfg, 16) & 0x80; - common.printTrace(` * DS1SMSDS: ${ds1smsds}`); - if (ds1smsds == 128) { - // sms managed - return { rc: 0, smsManaged: true }; - } else { - return { rc: 0, smsManaged: false }; - } - } - } - } else { - return { rc: 1 }; - } -} - export function getDatasetVolume(dataset: string): { rc: number, volume?: string } { common.printTrace(`- Find volume of data set ${dataset}`); const result = zoslib.tsoCommand(`listds '${dataset}'`); @@ -231,64 +101,3 @@ export function getDatasetVolume(dataset: string): { rc: number, volume?: string return { rc: 1 } } } - -export function apfAuthorizeDataset(dataset: string): number { - const result = isDatasetSmsManaged(dataset); - if (result.rc) { - common.printError("Error ZWEL0134E: Failed to find SMS status of data set ${dataset}."); - return 134; - } - - let apfVolumeParam:string; - if (result.smsManaged) { - common.printDebug(`- ${dataset} is SMS managed`); - apfVolumeParam="SMS" - } else { - common.printDebug(`- ${dataset} is not SMS managed`); - const volumeResult = getDatasetVolume(dataset); - const dsVolume=volumeResult.volume; - if (volumeResult.rc == 0) { - common.printDebug(`- Volume of ${dataset} is ${dsVolume}`); - apfVolumeParam=`VOLUME=${dsVolume}`; - } else { - common.printError(`Error ZWEL0135E: Failed to find volume of data set ${dataset}.`); - return 135; - } - } - - const apfCmd="SETPROG APF,ADD,DSNAME=${dataset},${apfVolumeParam}" - if (std.getenv('ZWE_CLI_PARAMETER_SECURITY_DRY_RUN') == "true") { - common.printMessage("- Dry-run mode, security setup is NOT performed on the system."); - common.printMessage(" Please apply this operator command manually:"); - common.printMessage(''); - common.printMessage(` ${apfCmd}`); - common.printMessage(''); - } else { - const authResult = zoslib.operatorCommand(apfCmd); - const apfAuthSuccess=authResult.out && authResult.out.includes('ADDED TO APF LIST'); - if (result.rc == 0 && apfAuthSuccess) { - return 0; - } else { - common.printError(`Error ZWEL0136E: Failed to APF authorize data set ${dataset}.`); - return 136; - } - } - return 0; -} - -export function createDatasetTmpMember(dataset: string, prefix: string='ZW'): string | null { - common.printTrace(` > create_data_set_tmp_member in ${dataset}`); - for (var i = 0; i < 100; i++) { - let rnd=Math.floor(Math.random()*10000); - - let member=`${prefix}${rnd}`.substring(0,8); - common.printTrace(` - test ${member}`); - let memberExist=isDatasetExists(`${dataset}(${member})`); - common.printTrace(` - exist? ${memberExist}`); - if (!memberExist) { - common.printTrace(" - good"); - return member; - } - } - return null; -} diff --git a/build/zwe/types/@qjstypes/zos.d.ts b/build/zwe/types/@qjstypes/zos.d.ts index 551948c5c2..a1fb69517a 100644 --- a/build/zwe/types/@qjstypes/zos.d.ts +++ b/build/zwe/types/@qjstypes/zos.d.ts @@ -26,6 +26,8 @@ export type ZStat = { ccsid: number; }; +export function getEsm(): string; +export function getZosVersion(): number; export function changeTag(path:string, ccsid:number):number; export function changeExtAttr(path: string, extattr:number, onOff:boolean):number; export function zstat(path:string):[ZStat, number]; diff --git a/files/SZWEEXEC/ZWEGEN00 b/files/SZWEEXEC/ZWEGEN00 index 6dbaa1ffa6..0a8873171b 100644 --- a/files/SZWEEXEC/ZWEGEN00 +++ b/files/SZWEEXEC/ZWEGEN00 @@ -183,8 +183,10 @@ if COMPARE('RCVT', CVTRAC_VAL) = 0 then do x = DeleteDataSet(jclCopy'(ZWEIKRT1)') x = DeleteDataSet(jclCopy'(ZWEIKRT2)') x = DeleteDataSet(jclCopy'(ZWEIKRT3)') - x = DeleteDataSet(jclCopy'(ZWEIACF2)') + x = DeleteDataSet(jclCopy'(ZWEIACF)') + x = DeleteDataSet(jclCopy'(ZWEIACFZ)') x = DeleteDataSet(jclCopy'(ZWEITSS)') + x = DeleteDataSet(jclCopy'(ZWEITSSZ)') x = DeleteDataSet(jclCopy'(ZWENOKRA)') x = DeleteDataSet(jclCopy'(ZWENOKRT)') end @@ -195,8 +197,10 @@ if COMPARE('RTSS', CVTRAC_VAL) = 0 then do x = DeleteDataSet(jclCopy'(ZWEIKRR1)') x = DeleteDataSet(jclCopy'(ZWEIKRR2)') x = DeleteDataSet(jclCopy'(ZWEIKRR3)') - x = DeleteDataSet(jclCopy'(ZWEIACF2)') - x = DeleteDataSet(jclCopy'(ZWEIRACF)') + x = DeleteDataSet(jclCopy'(ZWEIACF)') + x = DeleteDataSet(jclCopy'(ZWEIACFZ)') + x = DeleteDataSet(jclCopy'(ZWEIRAC)') + x = DeleteDataSet(jclCopy'(ZWEIRACZ)') x = DeleteDataSet(jclCopy'(ZWENOKRA)') x = DeleteDataSet(jclCopy'(ZWENOKRR)') end @@ -207,8 +211,10 @@ if COMPARE('ACF2', CVTRAC_VAL) = 0 then do x = DeleteDataSet(jclCopy'(ZWEIKRR1)') x = DeleteDataSet(jclCopy'(ZWEIKRR2)') x = DeleteDataSet(jclCopy'(ZWEIKRR3)') - x = DeleteDataSet(jclCopy'(ZWEIRACF)') + x = DeleteDataSet(jclCopy'(ZWEIRAC)') + x = DeleteDataSet(jclCopy'(ZWEIRACZ)') x = DeleteDataSet(jclCopy'(ZWEITSS)') + x = DeleteDataSet(jclCopy'(ZWEITSSZ)') x = DeleteDataSet(jclCopy'(ZWENOKRT)') x = DeleteDataSet(jclCopy'(ZWENOKRR)') end diff --git a/files/SZWESAMP/ZWEIACF2 b/files/SZWESAMP/ZWEIACF similarity index 94% rename from files/SZWESAMP/ZWEIACF2 rename to files/SZWESAMP/ZWEIACF index 2b7b58b4fc..62910ee95c 100644 --- a/files/SZWESAMP/ZWEIACF2 +++ b/files/SZWESAMP/ZWEIACF @@ -1,4 +1,4 @@ -//ZWEIACF2 JOB +//ZWEIACF JOB //* //* This program and the accompanying materials are made available //* under the terms of the Eclipse Public License v2.0 which @@ -11,7 +11,6 @@ //* //********************************************************************* //* -//* Zowe Open Source Project //* This JCL can be used to define security permits for Zowe //* //* @@ -239,20 +238,9 @@ LIST {zowe.setup.dataset.prefix} * * DEFINE ZOWE RESOURCE PROTECTION ................................. * -* - Defines new resource class for Zowe that protects access to -* sensitive Zowe resources. * - Defines resource APIML.SERVICES that controls access to * detailed information about API services to Zowe users. -* define ZOWE resource type and class mapping -* skip this section if the ZOWE resource class already exists -SET CONTROL(GSO) -INSERT CLASMAP.ZOWE RESOURCE(ZOWE) RSRCTYPE(ZWE) -F ACF2,REFRESH(CLASMAP),TYPE(GSO) -CHANGE INFODIR TYPES(R-RZWE) -F ACF2,REFRESH(INFODIR) -SET CONTROL(GSO) - * uncomment and replace "user" to permit Zowe users to access * the resource: * SET RESOURCE(ZWE) @@ -260,8 +248,5 @@ SET CONTROL(GSO) * UID(user) SERVICE(READ) ALLOW) * F ACF2,REBUILD(ZWE) -* show results -SET RESOURCE(ZWE) -LIST LIKE(-) $$ //* diff --git a/files/SZWESAMP/ZWEIACFZ b/files/SZWESAMP/ZWEIACFZ new file mode 100644 index 0000000000..1d613d4d6b --- /dev/null +++ b/files/SZWESAMP/ZWEIACFZ @@ -0,0 +1,60 @@ +//ZWEIACFZ JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2018, 2020 +//* +//********************************************************************* +//* +//* This JCL creates the Zowe resource class. +//* This already exists on z/OS 2.5 or higher. +//* Only run this on z/OS 2.4 or lower. +//* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* Note(s): +//* +//* 1. THE USER ID THAT RUNS THIS JOB MUST HAVE SUFFICIENT AUTHORITY +//* TO ALTER SECURITY DEFINITONS +//* +//********************************************************************* +// EXPORT SYMLIST=* +//* +//* +//RUN EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +* +* DEFINE ZOWE RESOURCE PROTECTION ................................. +* +* - Defines new resource class for Zowe that protects access to +* sensitive Zowe resources. + +* define ZOWE resource type and class mapping +* skip this section if the ZOWE resource class already exists +SET CONTROL(GSO) +INSERT CLASMAP.ZOWE RESOURCE(ZOWE) RSRCTYPE(ZWE) +F ACF2,REFRESH(CLASMAP),TYPE(GSO) +CHANGE INFODIR TYPES(R-RZWE) +F ACF2,REFRESH(INFODIR) +SET CONTROL(GSO) + +* show results +SET RESOURCE(ZWE) +LIST LIKE(-) + +$$ +//* diff --git a/files/SZWESAMP/ZWEIRACF b/files/SZWESAMP/ZWEIRAC similarity index 93% rename from files/SZWESAMP/ZWEIRACF rename to files/SZWESAMP/ZWEIRAC index 007a7a85e3..56ce343c77 100644 --- a/files/SZWESAMP/ZWEIRACF +++ b/files/SZWESAMP/ZWEIRAC @@ -1,4 +1,4 @@ -//ZWEIRACF JOB +//ZWEIRAC JOB //* //* This program and the accompanying materials are made available //* under the terms of the Eclipse Public License v2.0 which @@ -11,7 +11,6 @@ //* //********************************************************************* //* -//* Zowe Open Source Project //* This JCL can be used to define security permits for Zowe //* //* @@ -59,8 +58,6 @@ //* //********************************************************************* //* -//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT -//* //RUN EXEC PGM=IKJEFT01,REGION=0M //SYSTSPRT DD SYSOUT=* //SYSTSIN DD DDNAME=RACF @@ -275,29 +272,9 @@ /* DEFINE ZOWE RESOURCE PROTECTION ................................. */ -/* - Defines new resource class for Zowe that protects access to */ -/* sensitive Zowe resources. */ /* - Defines resource APIML.SERVICES that controls access to */ /* detailed information about API services to Zowe users. */ -/* uncomment to activate CDT class to define ZOWE resource class */ -/* SETROPTS CLASSACT(CDT) RACLIST(CDT) */ - -/* define ZOWE resource class */ -/* skip this command if the ZOWE resource class already exists */ -/* use a unique value in POSIT */ - RDEFINE CDT ZOWE - - UACC(NONE) - - CDTINFO(DEFAULTUACC(NONE) - - FIRST(ALPHA) - - OTHER(ALPHA,NATIONAL,NUMERIC,SPECIAL) - - MAXLENGTH(246) - - POSIT(607) - - RACLIST(DISALLOWED)) - - SETROPTS RACLIST(CDT) REFRESH - SETROPTS CLASSACT(ZOWE) - /* define resource for information about API services */ RDEFINE ZOWE APIML.SERVICES UACC(NONE) diff --git a/files/SZWESAMP/ZWEIRACZ b/files/SZWESAMP/ZWEIRACZ new file mode 100644 index 0000000000..0c393bde43 --- /dev/null +++ b/files/SZWESAMP/ZWEIRACZ @@ -0,0 +1,66 @@ +//ZWEIRACZ JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2018, 2020 +//* +//********************************************************************* +//* +//* This JCL creates the Zowe resource class. +//* This already exists on z/OS 2.5 or higher. +//* Only run this on z/OS 2.4 or lower. +//* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* Note(s): +//* +//* 1. THE USER ID THAT RUNS THIS JOB MUST HAVE SUFFICIENT AUTHORITY +//* TO ALTER SECURITY DEFINITONS +//* +//********************************************************************* +// EXPORT SYMLIST=* +//* +//RUN EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=RACF +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* DEFINE ZOWE RESOURCE PROTECTION ................................. */ + +/* - Defines new resource class for Zowe that protects access to */ +/* sensitive Zowe resources. */ + +/* uncomment to activate CDT class to define ZOWE resource class */ +/* SETROPTS CLASSACT(CDT) RACLIST(CDT) */ + +/* define ZOWE resource class */ +/* skip this command if the ZOWE resource class already exists */ +/* use a unique value in POSIT */ + RDEFINE CDT ZOWE - + UACC(NONE) - + CDTINFO(DEFAULTUACC(NONE) - + FIRST(ALPHA) - + OTHER(ALPHA,NATIONAL,NUMERIC,SPECIAL) - + MAXLENGTH(246) - + POSIT(607) - + RACLIST(DISALLOWED)) + + SETROPTS RACLIST(CDT) REFRESH + SETROPTS CLASSACT(ZOWE) + +/* show results */ + RLIST ZOWE * + +$$ +//* diff --git a/files/SZWESAMP/ZWEITSS b/files/SZWESAMP/ZWEITSS index d78d031495..03ed3c0804 100644 --- a/files/SZWESAMP/ZWEITSS +++ b/files/SZWESAMP/ZWEITSS @@ -11,7 +11,6 @@ //* //********************************************************************* //* -//* Zowe Open Source Project //* This JCL can be used to define security permits for Zowe //* //* @@ -216,18 +215,11 @@ TSS PERMIT({zowe.setup.security.users.zowe}) APPL(OMVSAPPL) /* DEFINE ZOWE RESOURCE PROTECTION ................................. */ -/* - Defines new resource class for Zowe that protects access to */ -/* sensitive Zowe resources. */ /* - Defines resource APIML.SERVICES that controls access to */ /* detailed information about API services to Zowe users. */ -/* define ZOWE resource class */ -/* skip this command if the ZOWE resource class already exists */ - TSS ADDTO(RDT) RESCLASS(ZOWE) MAXLEN(246) + - ACLST(NONE,READ,UPDATE,CONTROL) DEFACC(NONE) - /* define resource for information about API services */ - TSS ADDTO(&ZOWEDEP.) ZOWE(APIML.) + TSS ADDTO(&ZOWEDEP.) ZOWE(APIML.) /* uncomment and replace "user" to permit Zowe users to access */ /* the resource: */ diff --git a/files/SZWESAMP/ZWEITSSZ b/files/SZWESAMP/ZWEITSSZ new file mode 100644 index 0000000000..6669c3b5c0 --- /dev/null +++ b/files/SZWESAMP/ZWEITSSZ @@ -0,0 +1,54 @@ +//ZWEITSSZ JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2018, 2020 +//* +//********************************************************************* +//* +//* This JCL creates the Zowe resource class. +//* This already exists on z/OS 2.5 or higher. +//* Only run this on z/OS 2.4 or lower. +//* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* Note(s): +//* +//* 1. THE USER ID THAT RUNS THIS JOB MUST HAVE SUFFICIENT AUTHORITY +//* TO ALTER SECURITY DEFINITONS +//* +//********************************************************************* +// EXPORT SYMLIST=* +//* +//RUN EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* DEFINE ZOWE RESOURCE PROTECTION ................................. */ + +/* - Defines new resource class for Zowe that protects access to */ +/* sensitive Zowe resources. */ + +/* define ZOWE resource class */ +/* skip this command if the ZOWE resource class already exists */ + TSS ADDTO(RDT) RESCLASS(ZOWE) MAXLEN(246) + + ACLST(NONE,READ,UPDATE,CONTROL) DEFACC(NONE) + +/* show results */ + TSS LIST(RDT) RESCLASS(ZOWE) + +PROFILE +$$ +//* diff --git a/manifest.json.template b/manifest.json.template index cf4e920432..a8086ae810 100644 --- a/manifest.json.template +++ b/manifest.json.template @@ -116,7 +116,7 @@ "artifact": "*.pax" }, "org.zowe.configmgr": { - "version": "^2.0.0-V2.X-STAGING", + "version": "^2.15.0-FEATURE-V2-ZOS-VERSION-GET-ESM", "artifact": "*.pax" }, "org.zowe.configmgr-rexx": { From 2b1def897826d78b5465af127fdeeeb84cd5bfb9 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 28 Nov 2023 07:50:57 -0500 Subject: [PATCH 060/258] WIP on use of a generator script for JCL Signed-off-by: 1000TurquoisePogs --- example-zowe.yaml | 128 +++-- files/SZWEEXEC/ZWECHG | 7 + files/SZWEEXEC/ZWEGEN00 | 829 +++++++++++++++++++++++++++++++ files/SZWESAMP/ZWECSVSM | 27 +- files/SZWESAMP/ZWEGENER | 91 ++++ files/SZWESAMP/ZWEKRING | 121 ++--- workflows/templates/ZWESECUR.vtl | 316 +++++------- 7 files changed, 1179 insertions(+), 340 deletions(-) create mode 100644 files/SZWEEXEC/ZWECHG create mode 100644 files/SZWEEXEC/ZWEGEN00 create mode 100644 files/SZWESAMP/ZWEGENER diff --git a/example-zowe.yaml b/example-zowe.yaml index 347230414d..4b8de5acae 100644 --- a/example-zowe.yaml +++ b/example-zowe.yaml @@ -63,32 +63,32 @@ zowe: authPluginLib: IBMUSER.ZWEV2.CUST.ZWESAPL # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> - # # Security related configurations. This setup is optional. - # security: - # # security product name. Can be RACF, ACF2 or TSS - # product: RACF - # # security group name - # groups: - # # Zowe admin user group - # admin: ZWEADMIN - # # Zowe STC group - # stc: ZWEADMIN - # # Zowe SysProg group - # sysProg: ZWEADMIN - # # security user name - # users: - # # Zowe runtime user name of main service - # zowe: ZWESVUSR - # # Zowe runtime user name of ZIS - # zis: ZWESIUSR - # # STC names - # stcs: - # # STC name of Zowe main service - # zowe: ZWESLSTC - # # STC name of Zowe ZIS - # zis: ZWESISTC - # # STC name of Zowe ZIS Auxiliary Server - # aux: ZWESASTC + # Security related configurations. This setup is optional. + security: + # security product name. Can be RACF, ACF2 or TSS + product: RACF + # security group name + groups: + # Zowe admin user group + admin: ZWEADMIN + # Zowe STC group + stc: ZWEADMIN + # Zowe SysProg group + sysProg: ZWEADMIN + # security user name + users: + # Zowe runtime user name of main service + zowe: ZWESVUSR + # Zowe runtime user name of ZIS + zis: ZWESIUSR + # STC names + stcs: + # STC name of Zowe main service + zowe: ZWESLSTC + # STC name of Zowe ZIS + zis: ZWESISTC + # STC name of Zowe ZIS Auxiliary Server + aux: ZWESASTC # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # Certificate related configurations @@ -98,52 +98,50 @@ zowe: # >>>> Certificate setup scenario 1 # PKCS12 (keystore) with Zowe generate certificates. certificate: - # Type of certificate storage. Valid values are: PKCS12, JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS type: PKCS12 pkcs12: # **COMMONLY_CUSTOMIZED** # Keystore directory directory: /var/zowe/keystore - # # Lock the keystore directory to only accessible by Zowe runtime user and group. - # lock: true + # Lock the keystore directory to only accessible by Zowe runtime user and group. + lock: true # **COMMONLY_CUSTOMIZED** - # # Certificate alias name. Optional, default value is localhost. - # # Note: please use all lower cases as alias. - # name: localhost + # Certificate alias name. Optional, default value is localhost. + # Note: please use all lower cases as alias. + name: localhost # **COMMONLY_CUSTOMIZED** - # # Keystore password. Optional, default value is password. - # password: password + # Keystore password. Optional, default value is password. + password: password # **COMMONLY_CUSTOMIZED** - # # Alias name of self-signed certificate authority. Optional, default value is local_ca. - # # Note: please use all lower cases as alias. - # caAlias: local_ca + # Alias name of self-signed certificate authority. Optional, default value is local_ca. + # Note: please use all lower cases as alias. + caAlias: local_ca # **COMMONLY_CUSTOMIZED** - # # Password of keystore stored self-signed certificate authority. Optional, default value is local_ca_password. - # caPassword: local_ca_password - # # Distinguished name for Zowe generated certificates. All optional. - # dname: - # caCommonName: "" - # commonName: "" - # orgUnit: "" - # org: "" - # locality: "" - # state: "" - # country: "" - # # Validity days for Zowe generated certificates - # validity: 3650 - # # Domain names and IPs should be added into certificate SAN - # # If this field is not defined, `zwe init` command will use - # # `zowe.externalDomains`. + # Password of keystore stored self-signed certificate authority. Optional, default value is local_ca_password. + caPassword: local_ca_password + # Distinguished name for Zowe generated certificates. All optional. + dname: + caCommonName: "" + commonName: "Zowe Development Instances" + orgUnit: "API Mediation Layer" + org: "Zowe Sample" + locality: "Prague" + state: "Prague" + country: "" + # Validity days for Zowe generated certificates + validity: 3650 + # Domain names and IPs should be added into certificate SAN + # If this field is not defined, `zwe init` command will use + # `zowe.externalDomains`. # san: - # # sample domain name - # - dvipa.my-company.com - # # sample IP address + # # sample domain name + # - dvipa.my-company.com + # # sample IP address # - 12.34.56.78 # # >>>> Certificate setup scenario 2 # # PKCS12 (keystore) with importing certificate generated by other CA. # certificate: - # # Type of certificate storage. Valid values are: PKCS12, JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS # type: PKCS12 # pkcs12: # # **COMMONLY_CUSTOMIZED** @@ -176,7 +174,7 @@ zowe: # # >>>> Certificate setup scenario 3 # # Zowe generated z/OS Keyring with Zowe generated certificates. # certificate: - # # Type of certificate storage. Valid values are: PKCS12, JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS + # # Type of certificate storage. Valid values are: JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS # type: JCERACFKS # createZosmfTrust: true # keyring: @@ -192,11 +190,11 @@ zowe: # # # Distinguished name for Zowe generated certificates. All optional. # # dname: # # caCommonName: "" - # # commonName: "" - # # orgUnit: "" - # # org: "" - # # locality: "" - # # state: "" + # # commonName: "Zowe Development Instances" + # # orgUnit: "API Mediation Layer" + # # org: "Zowe Sample" + # # locality: "Prague" + # # state: "Prague" # # country: "" # # # Validity days for Zowe generated certificates # # validity: 3650 @@ -212,7 +210,7 @@ zowe: # # >>>> Certificate setup scenario 4 # # Zowe generated z/OS Keyring and connect to existing certificate # certificate: - # # Type of certificate storage. Valid values are: PKCS12, JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS + # # Type of certificate storage. Valid values are: JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS # type: JCERACFKS # keyring: # # **COMMONLY_CUSTOMIZED** @@ -236,7 +234,7 @@ zowe: # # >>>> Certificate setup scenario 5 # # Zowe generated z/OS Keyring with importing certificate stored in data set # certificate: - # # Type of certificate storage. Valid values are: PKCS12, JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS + # # Type of certificate storage. Valid values are: JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS # type: JCERACFKS # keyring: # # **COMMONLY_CUSTOMIZED** diff --git a/files/SZWEEXEC/ZWECHG b/files/SZWEEXEC/ZWECHG new file mode 100644 index 0000000000..3058ffe14a --- /dev/null +++ b/files/SZWEEXEC/ZWECHG @@ -0,0 +1,7 @@ +/* REXX */ +parse pull args +changeFrom = word(args, 1) +changeTo = word(args, 2) +address isredit 'macro' +address isredit 'change all 'changeFrom changeTo +address isredit 'end' diff --git a/files/SZWEEXEC/ZWEGEN00 b/files/SZWEEXEC/ZWEGEN00 new file mode 100644 index 0000000000..6c62c96e8d --- /dev/null +++ b/files/SZWEEXEC/ZWEGEN00 @@ -0,0 +1,829 @@ +/* REXX */ + +/********************************************************************/ +/* This program and the accompanying materials are made available */ +/* under the terms of the Eclipse Public License v2.0 which */ +/* accompanies this distribution, and is available at */ +/* https://www.eclipse.org/legal/epl-v20.html */ +/* */ +/* SPDX-License-Identifier: EPL-2.0 */ +/* */ +/* Copyright Contributors to the Zowe Project. 2023, 2023 */ +/********************************************************************/ + +/* +================================================================================ + Functionality + 1. Edit the jcl to reflect the current configuration. + 2. Create a cache of the configuration for use outside Zowe context. + + Notes + 1. If a variable starts with an exclamation point, it is exposed in the + global scope. +================================================================================ +*/ + +parse arg operation verbosity + +!verbose = COMPARE(verbosity, 'noverbose') + +/* +================================================================================ + ConfigMgr requires a concatenated list of json and yaml files as input. + Read the in-stream data sets to determine which files to include. +================================================================================ +*/ + +schemaChain = GetSchemaChain() +configChain = GetConfigChain() + +/* +================================================================================ + Use ConfigMgr to validate the current configuration. +================================================================================ +*/ + +if Validate(schemaChain, configChain) > 0 then do + ExitWithRC(8) +end + +/* +================================================================================ + If we should generate jcl, then use ConfigMgr to get the configuration + values. +================================================================================ +*/ + +if COMPARE(operation, 'nogenerate') = 0 then do + exit 0 +end +else do + if GetConfiguration() > 0 then do + ExitWithRC(8) + end +end + +/* +================================================================================ + Prepare header information ahead of time so that it gets substituted in + each member. +================================================================================ +*/ + +CFG.zwe.header.user = USERID() +CFG.zwe.header.date = TRANSLATE(DATE(), '-', ' ') +CFG.zwe.header.time = TIME() + +/* +================================================================================ + Determine the external security manager on the system so that the correct + jcl templates can be used. +================================================================================ +*/ + +CVT_ADDR = C2X(STORAGE(D2X(16), 4)) +CVTRAC_ADDR = C2X(STORAGE(D2X(X2D(CVT_ADDR) + 992), 4)) +CVTRAC_VAL = STORAGE(CVTRAC_ADDR, 4) + +esm.0 = 3 + +esm.1.search = 'RCVT' +esm.1.prefix = 'ZWEKRR' + +esm.2.search = 'RTSS' +esm.2.prefix = 'ZWEKRT' + +esm.3.search = 'ACF2' +esm.3.prefix = 'ZWEKRA' + +ringType = 0 + +/* attempt to handle getting only 1 keyring jcl +if WORDINDEX(CFG.zowe.setup.certificate.type, 'JCE') > 0 then do + if LENGTH(CFG.zowe.setup.certificate.keyring.connect) > 0 then do + say 'connect exists, it is 'CFG.zowe.setup.certificate.keyring.connect'.' + ringType = 2 + else if LENGTH(CFG.zowe.setup.certificate.keyring.import) > 0 then do + say 'import exists, it is 'CFG.zowe.setup.certificate.keyring.import'.' + ringType = 3 + else do + say 'ring to be created' + ringType = 1 + end +else do + say 'pkcs12 to be used' +end + +if ringType > 0 then do + do i = 1 to esm.0 + if COMPARE(esm.i.search, CVTRAC_VAL) = 0 then do + ringMember = 'ZWEKR'esm.i.prefix''ringType + end + end +end +*/ + +/* +================================================================================ + Create a data set with attributes like the original jcl library and copy + all the members of esm jcl. +================================================================================ +*/ + +jcl = CFG.zowe.setup.dataset.prefix'.SZWESAMP' +jclCopy = CFG.zowe.setup.dataset.jcllib + +say 'Creating a fresh copy of 'jcl' named 'jclCopy'.' + +x = DeleteDataSet(jclCopy) + +if CreatePartitionedDataSet(jclCopy, 80, 'f,b') > 0 then do + ExitWithRC(8) +end + +if AllocateDataSet(jclCopy, 'zweto') > 0 then do + ExitWithRC(8) +end + +if AllocateDataSet(jcl, 'zwefrom') > 0 then do + ExitWithRC(8) +end + +if GetDataIDFromDD('zwefrom') > 0 then do + ExitWithRC(8) +end + +zwefrid = !dataid + +if GetDataIDFromDD('zweto') > 0 then do + ExitWithRC(8) +end + +zwetoid = !dataid + +if CopyDataSetByDataID(zwefrid, zwetoid) > 0 then do + ExitWithRC(8) +end + +if FreeDataID(zwefrid) > 0 then do + ExitWithRC(8) +end + +if FreeDataID(zwetoid) > 0 then do + ExitWithRC(8) +end + +if FreeByDD('zwefrom') > 0 then do + ExitWithRC(8) +end + +if FreeByDD('zweto') > 0 then do + ExitWithRC(8) +end + + +/* members which are not JCL */ +x = DeleteDataSet(jclCopy'(ZWEGENER)') +x = DeleteDataSet(jclCopy'(ZWESLSTC)') +x = DeleteDataSet(jclCopy'(ZWESISTC)') +x = DeleteDataSet(jclCopy'(ZWESIP00)') +x = DeleteDataSet(jclCopy'(ZWESISCH)') +x = DeleteDataSet(jclCopy'(ZWESASTC)') + +say jcl' has been copied to 'jclCopy'.' + +/* +================================================================================ + Get a list of all members in the data set. +================================================================================ +*/ + +say 'Recording a list of members in 'jclCopy'.' + +call outtrap 'output.','*' +address tso 'listd '"'"jclCopy"'"' members' +call outtrap 'off' + +members. = 0 + +do i = output.0 to 1 by -1 + output.i = strip(output.i) + if COMPARE(output.i, '--MEMBERS--') = 0 then do + leave + end + call Print 'member - 'output.i + j = members.0 + 1 + members.j.name = output.i + members.j.substitutions.0 = 0 + members.0 = j +end + +say 'The 'output.0' members in 'jclCopy' have been recorded.' + +/* +================================================================================ + Read each member record by record and store the substitutions required + for use later when the edit macro is invoked. +================================================================================ +*/ + +say 'Finding the substitutions in each member.' + +do i = 1 to members.0 + if AllocateDataSet(jclCopy'('members.i.name')', 'zwejcl') > 0 then do + ExitWithRC(8) + end + if ReadFromDataSet('zwejcl') > 0 then do + ExitWithRC(8) + end + if FreeByDD('zwejcl') > 0 then do + ExitWithRC(8) + end + do j = 1 to !contentToRead.0 + firstChar = POS('{', !contentToRead.j) + 1 + do while firstChar > 1 + lastChar = POS('}', !contentToRead.j, firstChar) - 1 + len = lastChar - firstChar + 1 + if len > 0 then do + sub = SUBSTR(!contentToRead.j, firstChar, len) + call Print 'Substitution found for' sub'.' + isFound = 0 + do n = 1 to members.i.substitutions.0 + if COMPARE(members.i.substitutions.n, sub) = 0 then do + call Print 'Substitution 'sub' already noted. Skipping.' + isFound = 1 + leave + end + end + if isFound <> 1 then do + k = members.i.substitutions.0 + 1 + members.i.substitutions.k = sub + members.i.substitutions.0 = k + end + end + if lastChar < 0 then do + leave + end + firstChar = POS('{', !contentToRead.j, lastChar) + 1 + end + end +end + +say 'All of the substitutions were found.' + +/* +================================================================================ + Invoke the edit macro on the substitutions for each member. +================================================================================ +*/ + +say 'Invoking the edit macro on each member.' + +do i = 1 to members.0 + if members.i.substitutions.0 > 0 then do + do j = 1 to members.i.substitutions.0 + d = jclCopy'('members.i.name')' + call Print 'Edit 'd'.' + old = '{'members.i.substitutions.j'}' + new = value('CFG.'members.i.substitutions.j) + queue old new + call Print 'Change' old 'to' new'.' + cmd = 'edit dataset('"'"d"'"') macro(zwechg)' + call Print cmd + address ispexec cmd + if RC <= 4 then do + call Print 'Edit successful.' + end + else do + say 'Stopping at 'd'.' + ExitWithRC(8) + end + end + end +end + +say 'The edit macro was invoked on each member.' + +/* +================================================================================ + Add the job card to each member if filled out. +================================================================================ +*/ + +card.0 = 0 + +do i = 0 to 99 + if COMPARE(SYMBOL('CFG.setup.jobCard.'i), 'VAR') = 0 then do + j = card.0 + 1 + card.j = VALUE('CFG.setup.jobCard.'i) + card.0 = j + end + else do + leave + end +end + +if card.0 > 0 then do + say 'The job card has 'card.0' lines.' + say 'Adding the job card to each member.' + do i = 1 to members.0 + if AllocateDataSet(jclCopy'('members.i.name')', 'zwejcl') > 0 then do + ExitWithRC(8) + end + if ReadFromDataSet('zwejcl') > 0 then do + ExitWithRC(8) + end + !contentToWrite.0 = !contentToRead.0 + card.0 - 1 + do j = 1 to card.0 + !contentToWrite.j = card.j + end + j = card.0 + 1 + do k = 2 to !contentToRead.0 + !contentToWrite.j = !contentToRead.k + j = j + 1 + end + if WriteToDataSet('zwejcl') > 0 then do + ExitWithRC(8) + end + if FreeByDD('zwejcl') > 0 then do + ExitWithRC(8) + end + end + say 'The job card was added to each member.' +end + +/* +================================================================================ + Validate(schema, yaml) +================================================================================ +*/ +Validate: + procedure expose !verbose + + if arg() <> 2 then do + return 1 + end + + say 'ConfigMgr is about to add a configuration.' + status = ZWECFG31('addConfig', 'MYCFG') + if status > 0 then do + say 'ConfigMgr could not add a configuration.' + say 'status = 'status + return 1 + end + say 'ConfigMgr added a configuration.' + + say 'ConfigMgr is about to set trace level to '!verbose'.' + status = ZWECFG31('setTraceLevel', !verbose) + if status > 0 then do + say 'ConfigMgr could not set trace level.' + say 'status = 'status + return 1 + end + say 'ConfigMgr set trace level to '!verbose'.' + + say 'ConfigMgr is about to load your schemas.' + status = ZWECFG31('loadSchemas', 'MYCFG', ARG(1)) + if status > 0 then do + say 'ConfigMgr could not add load your schemas.' + say 'status = 'status + say 'SchemaChain - 'ARG(1) + return 1 + end + say 'ConfigMgr loaded your schemas.' + + say 'ConfigMgr is about to set the member name for parameter library.' + status = ZWECFG31('setParmlibMemberName', 'MYCFG', 'ZWEYAML') + if status > 0 then do + say 'ConfigMgr could not set member name for parameter library.' + say 'status = 'status + return 1 + end + say 'ConfigMgr set the parameter library member name.' + + say 'ConfigMgr is about to process your configuration.' + status = ZWECFG31('setConfigPath', 'MYCFG', ARG(2)) + if status > 0 then do + say 'ConfigMgr could not process your configuration.' + say 'status = 'status + say 'ConfigChain - 'ARG(2) + return 1 + end + say 'ConfigMgr has processed your configuration.' + + say 'ConfigMgr is about to load your configuration.' + status = ZWECFG31('loadConfiguration', 'MYCFG') + if status > 0 then do + say 'ConfigMgr could not load your configuration.' + say 'status = 'status + return 1 + end + say 'ConfigMgr has loaded your configuration.' + + say 'ConfigMgr is about to validate your configuration.' + status = ZWECFG31('validate', 'MYCFG', 'STDOUT') + if status > 0 then do + say 'ConfigMgr could not validate your configuration.' + say 'status = 'status + return 1 + end + say 'ConfigMgr has validated your configuration.' + + return 0 + +/* +================================================================================ + GetConfiguration() +================================================================================ +*/ +GetConfiguration: + procedure expose CFG. + + say 'ConfigMgr is about to get configuration data.' + status = ZWECFG31('getConfigData', 'MYCFG', 'CFG', '.') + if status > 0 then do + say 'ConfigMgr could not get configuration data.' + say 'status = 'status + return 1 + end + say 'ConfigMgr got configuration data.' + + return 0 + +/* +================================================================================ + CopyDataSetByDataID('fromid', 'toid') +================================================================================ +*/ +CopyDataSetByDataID: + procedure expose !verbose + + if ARG() <> 2 then do + return 1 + end + + cmd = 'lmcopy' + cmd = cmd 'fromid('arg(1)')' + cmd = cmd 'frommem(*)' + cmd = cmd 'todataid('arg(2)')' + cmd = cmd 'replace trunc' + call Print cmd + address ispexec cmd + + return rc + +/* +================================================================================ + FreeDataID('dataid') +================================================================================ +*/ +FreeDataID: + procedure expose !verbose + + if ARG() <> 1 then do + return 1 + end + + cmd = 'lmfree' + cmd = cmd 'dataid('ARG(1)')' + call Print cmd + address ispexec cmd + + return rc + +/* +================================================================================ + GetDataIDFromDD('dd') +================================================================================ +*/ +GetDataIDFromDD: + procedure expose !dataid !verbose + + if ARG() <> 1 then do + return 1 + end + + drop !dataid + + cmd = 'lminit' + cmd = cmd 'dataid(zwedid)' + cmd = cmd 'ddname('ARG(1)')' + cmd = cmd 'enq(shr)' + call Print cmd + address ispexec cmd + + !dataid = zwedid + + return rc + +/* +================================================================================ + WriteToDataSet('dd') +================================================================================ +*/ +WriteToDataSet: + procedure expose !contentToWrite. !verbose + + if ARG() <> 1 then do + return 1 + end + + cmd = 'execio * diskw' + cmd = cmd ARG(1) + cmd = cmd '(finis stem !contentToWrite.' + call Print cmd + address tso cmd + + drop !contentToWrite. + !contentToWrite.0 = 0 + + return rc + +/* +================================================================================ + ReadFromDataSet('dd') +================================================================================ +*/ +ReadFromDataSet: + procedure expose !contentToRead. !verbose + + if ARG() <> 1 then do + return 1 + end + + drop !contentToRead. + !contentToRead.0 = 0 + + cmd = 'execio * diskr' + cmd = cmd ARG(1) + cmd = cmd '(finis stem !contentToRead.' + call Print cmd + address tso cmd + + return rc + +/* +================================================================================ + CreateSequentialDataSet('dsn', 'lrecl', 'recfm') +================================================================================ +*/ +CreateSequentialDataSet: + procedure expose !verbose + + if ARG() <> 3 then do + return 1 + end + + cmd = 'alloc' + cmd = cmd 'da('"'"ARG(1)"'"')' + cmd = cmd 'dsorg(ps)' + cmd = cmd 'space(50,5)' + cmd = cmd 'tracks' + cmd = cmd 'lrecl('ARG(2)')' + cmd = cmd 'recfm('ARG(3)')' + cmd = cmd 'new' + call Print cmd + address tso cmd + + return rc + +/* +================================================================================ + CreatePartitionedDataSet('dsn', 'lrecl', 'recfm') +================================================================================ +*/ +CreatePartitionedDataSet: + procedure expose !verbose + + if ARG() <> 3 then do + return 1 + end + + cmd = 'alloc' + cmd = cmd 'da('"'"ARG(1)"'"')' + cmd = cmd 'dsorg(po)' + cmd = cmd 'space(50,5)' + cmd = cmd 'tracks' + cmd = cmd 'lrecl('ARG(2)')' + cmd = cmd 'recfm('ARG(3)')' + cmd = cmd 'dir(10)' + cmd = cmd 'new' + call Print cmd + address tso cmd + + return rc + +/* +================================================================================ + CreateDataSetLike('new', 'old', 'dd') +================================================================================ +*/ +CreateDataSetLike: + procedure expose !verbose + + if ARG() <> 3 then do + return 1 + end + + cmd = 'alloc' + cmd = cmd 'da('"'"ARG(1)"'"')' + cmd = cmd 'like('"'"ARG(2)"'"')' + cmd = cmd 'f('ARG(3)')' + call Print cmd + address tso cmd + + return rc + +/* +================================================================================ + DeleteDataSet('dsn') +================================================================================ +*/ +DeleteDataSet: + procedure expose !verbose + + if ARG() <> 1 then do + return 1 + end + + cmd = 'delete' + cmd = cmd "'"ARG(1)"'" + call Print cmd + call outtrap 'output.',0 + address tso cmd + call outtrap 'off' + + return rc + +/* +================================================================================ + AllocateFile('path', 'dd') +================================================================================ +*/ +AllocateFile: + procedure expose !verbose + + if ARG() <> 2 then do + return 1 + end + + cmd = 'alloc' + cmd = cmd "path('"ARG(1)"')" + cmd = cmd 'f('ARG(2)')' + cmd = cmd 'pathopts(ordonly)' + call Print cmd + address tso cmd + + return rc + +/* +================================================================================ + AllocateDataSet('dsn', 'dd') +================================================================================ +*/ +AllocateDataSet: + procedure expose !verbose + + if ARG() <> 2 then do + return 1 + end + + cmd = 'alloc' + cmd = cmd 'da('"'"ARG(1)"'"')' + cmd = cmd 'f('ARG(2)')' + cmd = cmd 'shr reuse' + call Print cmd + address tso cmd + + return rc + +/* +================================================================================ + FreeByDD('dd') +================================================================================ +*/ +FreeByDD: + procedure expose !verbose + + if ARG() <> 1 then do + return 1 + end + + cmd = 'free' + cmd = cmd 'f('ARG(1)')' + call Print cmd + address tso cmd + + return rc + +/* +================================================================================ + FreeByDSN('dsn') +================================================================================ +*/ +FreeByDSN: + procedure expose !verbose + + if ARG() <> 1 then do + return 1 + end + + cmd = 'free' + cmd = cmd 'da('ARG(1)')' + call Print cmd + address tso cmd + + return rc + +/* +================================================================================ + GetConfigChain() +================================================================================ +*/ + GetConfigChain: + procedure expose !verbose + + configChain = '' + + if ReadFromDataSet('myconfig') = 0 then do + do j = 1 to !contentToRead.0 + type = WORD(!contentToRead.j, 1) + location = WORD(!contentToRead.j, 2) + element = type'('location')' + configChain = AddToChain(configChain, element) + end + end + + return configChain + +/* +================================================================================ + GetSchemaChain() +================================================================================ +*/ +GetSchemaChain: + procedure expose !verbose + + schemaChain = '' + + if ReadFromDataSet('myschema') = 0 then do + do j = 1 to !contentToRead.0 + type = WORD(!contentToRead.j, 1) + location = WORD(!contentToRead.j, 2) + element = location + schemaChain = AddToChain(schemaChain, element) + end + end + + return schemaChain + +/* +================================================================================ + AddToChain('chain', 'element') +================================================================================ +*/ +AddToChain: + procedure expose !verbose + + if ARG() <> 2 then do + return '' + end + + chain = ARG(1) + element = ARG(2) + + newChain = '' + + if chain = '' then do + newChain = element + end + else do + newChain = chain':'element + end + + return newChain + +/* +================================================================================ + Print('msg') +================================================================================ +*/ +Print: + procedure expose !verbose + + if !verbose = 1 then do + say ARG(1) + end + + return 0 + +/* +================================================================================ + ExitWithRC(exitCode) +================================================================================ +*/ +ExitWithRC: + exitCode = ARG(1) + ZISPFRC = exitCode + ADDRESS "ISPEXEC" "VPUT (ZISPFRC) " + exit exitCode diff --git a/files/SZWESAMP/ZWECSVSM b/files/SZWESAMP/ZWECSVSM index b0f5591805..04ceefae6b 100644 --- a/files/SZWESAMP/ZWECSVSM +++ b/files/SZWESAMP/ZWECSVSM @@ -22,24 +22,11 @@ //* 1) Add job name and job parameters to the JOB statement, to //* meet your system requirements. //* -//* 2) Change all #dsname placeholders to the desired data set name -//* of the VSAM cluster. The maximum length is 38 characters. -//* -//* 3) Select whether the VSAM will utilize Record Level Sharing (RLS) -//* services or not by updating the SET MODE= statement to specify -//* either RLS or NONRLS. -//* //* When using RLS, customize the definitions in the RLS DD: //* -//* 4) Change the #storclas placeholder to the desired storage class -//* name. -//* //* 5) Optionally, change LOG option NONE to UNDO or ALL to set the //* desired recovery options for the RLS VSAM. //* -//* When NOT using RLS, customize the definitions in the NONRLS DD: -//* -//* 6) Change the #volume placeholder to the desired volume label. //* //* Note(s): //* @@ -47,27 +34,25 @@ //* //******************************************************************** //* -// SET MODE=NONRLS RLS or NONRLS -//* //ALLOC EXEC PGM=IDCAMS,REGION=0M //SYSPRINT DD SYSOUT=* //SYSIN DD * DEFINE CLUSTER - - (NAME(#dsname) - -// DD DDNAME=&MODE + (NAME({components.caching-service.storage.vsam.name}) - +// DD DDNAME={zowe.setup.vsam.mode} // DD * REC(80 20) - INDEXED) - - DATA(NAME(#dsname.DATA) - + DATA(NAME({components.caching-service.storage.vsam.name}.DATA) - RECSZ(4096 4096) - UNIQUE - KEYS(128 0)) - - INDEX(NAME(#dsname.INDEX) - + INDEX(NAME({components.caching-service.storage.vsam.name}.INDEX) - UNIQUE) //RLS DD * - STORCLAS(#storclas) - + STORCLAS({zowe.setup.vsam.storageClass}) - LOG(NONE) - //NONRLS DD * - VOLUME(#volume) - + VOLUME({zowe.setup.vsam.volume}) - SHAREOPTIONS(2 3) - //* diff --git a/files/SZWESAMP/ZWEGENER b/files/SZWESAMP/ZWEGENER new file mode 100644 index 0000000000..67d6750e8b --- /dev/null +++ b/files/SZWESAMP/ZWEGENER @@ -0,0 +1,91 @@ +//ZWEGENER JOB +//* +//* This job is responsible for generating other jobs required +//* to configure Zowe. +//* +//* The method of validating your configuration is using +//* JSON Schema . Zowe provides +//* the ConfigMgr to assist in this. This job will invoke +//* the ConfigMgr to validate your current configuration +//* before generating any jobs. If there are any values +//* that are incorrect, you will be notified. You should +//* fix the value and then run this job again. You can run +//* this job as many times as you need. +//* +//* Configmgr documentation: +//* docs.zowe.org/stable/user-guide/configmgr-using +//* +//* Note: Any string with braces has an associated yaml value +//* in one of the yaml definitions for Zowe. +//* You should find the value and substitute it. +//* +//* {key} -> value +//* +//GENER EXEC PGM=IKJEFT1B +//ISPPROF DD DSN=,DISP=(NEW,DELETE),UNIT=, +// DCB=(RECFM=FB,LRECL=80,BLKSIZE=3120,DSORG=PO), +// SPACE=(3120,(20,5,10)) +//* +//* Replace {zowe.setup.dataset.prefix} with the +//* HLQ where SMP/E installed data sets are located. +//* +//SYSPROC DD DSN={zowe.setup.dataset.prefix}.SZWEEXEC,DISP=SHR +//* +//* Replace {zowe.setup.dataset.loadlib} with the data set +//* that contains Zowe executables. This data set will have +//* the suffix 'SZWELOAD'. +//* +//* +//STEPLIB DD DSN={zowe.setup.dataset.loadlib},DISP=SHR +//ISPPLIB DD DSN=ISP.SISPPENU,DISP=SHR +//ISPMLIB DD DSN=ISP.SISPMENU,DISP=SHR +//ISPTLIB DD DSN=ISP.SISPTENU,DISP=SHR +//ISPSLIB DD DSN=ISP.SISPSENU,DISP=SHR +//* +//* The order must be as follows. +//* +//* zowe-yaml-schema.json +//* server-common.json +//* +//* Replace {zowe.runtimeDirectory} with where your Zowe run time +//* directory is. +//* +//MYSCHEMA DD *,DLM=$$ +FILE {zowe.runtimeDirectory}/schemas/zowe-yaml-schema.json +FILE {zowe.runtimeDirectory}/schemas/server-common.json +$$ +//* +//* The DD below must include one or more FILE or PARMLIB +//* Entries. The lower entries have their values +//* Overridden by the higher entries. +//* PARMLIB member must be named "ZWEYAML" +//* +//* Ex. PARMLIB MY.ZOWE.CUSTOMIZATIONS +//* FILE /the/zowe/defaults.yaml +//MYCONFIG DD *,DLM=$$ +FILE +$$ +//CMGROUT DD SYSOUT=* +//SYSPRINT DD SYSOUT=* +//SYSTSPRT DD SYSOUT=* +//* +//* Change 'generate' to 'nogenerate' if you only +//* want to validate your configuration. The default +//* option, 'generate', will validate and then generate +//* jobs based on your configuration. +//* +//* - generate +//* - nogenerate +//* +//* Change 'noverbose' to 'verbose' below for +//* advanced logging. This is not needed unless +//* there is an error. +//* +//* - verbose +//* - noverbose +//* +//SYSTSIN DD * +ISPSTART CMD(%ZWEGEN00 - +generate - +noverbose - +) diff --git a/files/SZWESAMP/ZWEKRING b/files/SZWESAMP/ZWEKRING index 43f5dcb2f0..e317389816 100644 --- a/files/SZWESAMP/ZWEKRING +++ b/files/SZWESAMP/ZWEKRING @@ -43,9 +43,6 @@ //* 1) Add job name and job parameters to the JOB statement, to //* meet your system requirements. //* -//* 2) Update the SET PRODUCT= statement to match your security -//* product. -//* //* 3) Update the SET ZOWEUSER= statement to match the existing //* user ID for the Zowe started task. //* @@ -117,8 +114,6 @@ //********************************************************************* // EXPORT SYMLIST=* //* -// SET PRODUCT=RACF * RACF, ACF2, or TSS -//* 12345678 // SET ZOWEUSER=ZWESVUSR * userid for Zowe started task //* 12345678 //* @@ -132,14 +127,8 @@ // SET LABEL='localhost' //* * Zowe's local CA name // SET LOCALCA='localca' -//* * Zowe's local CA common name -// SET CN='Zowe Development Instances' //* * Zowe's local CA organizational unit // SET OU='API Mediation Layer' -//* * Zowe's local CA organization -// SET O='Zowe Sample' -//* * Zowe's local CA city/locality -// SET L='Prague' //* * Zowe's local CA state/province // SET SP='Prague' //* * Zowe's local CA country @@ -182,7 +171,7 @@ //* //RUNRACF EXEC PGM=IKJEFT01,REGION=0M //SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT +//SYSTSIN DD DDNAME={zowe.setup.security.product} //* //********************************************************************* //* @@ -191,7 +180,7 @@ //RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Create the keyring .............................................. */ - RACDCERT ADDRING(&ZOWERING.) ID(&ZOWEUSER.) + RACDCERT ADDRING({zowe.setup.certificate.keyring.name}.) ID(&ZOWEUSER.) SETROPTS RACLIST(DIGTRING) REFRESH $$ //IFOPT1 IF (&OPTION EQ 1) THEN @@ -204,11 +193,11 @@ $$ /* Create Zowe's local CA authority .................................*/ RACDCERT GENCERT CERTAUTH + SUBJECTSDN( + - CN('&CN. CA') + - OU('&OU.') + - O('&O.') + - L('&L.') + - SP('&SP.') + + CN('{zowe.setup.certificate.dname}. CA') + + OU('{zowe.setup.certificate.dname.orgUnit}.') + + O('{zowe.setup.certificate.dname.org}.') + + L('{zowe.setup.certificate.dname.locality}.') + + SP('{zowe.setup.certificate.dname.state}.') + C('&C.')) + SIZE(2048) + NOTAFTER(DATE(2030-05-01)) + @@ -217,17 +206,17 @@ $$ /* Connect Zowe's local CA authority to the keyring ................ */ RACDCERT CONNECT(CERTAUTH LABEL('&LOCALCA') + - RING(&ZOWERING.)) + + RING({zowe.setup.certificate.keyring.name}.)) + ID(&ZOWEUSER.) /* Create a certificate signed by local zowe's CA .................. */ RACDCERT GENCERT ID(&ZOWEUSER.) + SUBJECTSDN( + - CN('&CN. certificate') + - OU('&OU.') + - O('&O.') + - L('&L.') + - SP('&SP.') + + CN('{zowe.setup.certificate.dname}. certificate') + + OU('{zowe.setup.certificate.dname.orgUnit}.') + + O('{zowe.setup.certificate.dname.org}.') + + L('{zowe.setup.certificate.dname.locality}.') + + SP('{zowe.setup.certificate.dname.state}.') + C('&C.')) + SIZE(2048) + NOTAFTER(DATE(2030-05-01)) + @@ -240,7 +229,7 @@ $$ /* Connect a Zowe's certificate with the keyring ................... */ RACDCERT CONNECT(ID(&ZOWEUSER.) + LABEL('&LABEL.') + - RING(&ZOWERING.) + + RING({zowe.setup.certificate.keyring.name}.) + USAGE(PERSONAL) DEFAULT) + ID(&ZOWEUSER.) @@ -260,7 +249,7 @@ $$ /* Connect a Zowe's certificate with the keyring ................... */ RACDCERT CONNECT(SITE | ID(userid) + LABEL('certlabel') + - RING(&ZOWERING.) + + RING({zowe.setup.certificate.keyring.name}.) + USAGE(PERSONAL) DEFAULT) + ID(&ZOWEUSER.) @@ -287,7 +276,7 @@ $$ /* Connect a Zowe's certificate with the keyring ................... */ RACDCERT CONNECT(ID(&ZOWEUSER.) + LABEL('&LABEL.') + - RING(&ZOWERING.) + + RING({zowe.setup.certificate.keyring.name}.) + USAGE(PERSONAL) DEFAULT) + ID(&ZOWEUSER.) @@ -307,12 +296,12 @@ $$ /* keyring ......................................................... */ RACDCERT CONNECT(CERTAUTH + LABEL('&ITRMZWCA.') + - RING(&ZOWERING.) USAGE(CERTAUTH)) + + RING({zowe.setup.certificate.keyring.name}.) USAGE(CERTAUTH)) + ID(&ZOWEUSER.) RACDCERT CONNECT(CERTAUTH + LABEL('&ROOTZWCA.') + - RING(&ZOWERING.) USAGE(CERTAUTH)) + + RING({zowe.setup.certificate.keyring.name}.) USAGE(CERTAUTH)) + ID(&ZOWEUSER.) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH @@ -329,7 +318,7 @@ $$ /* authority (CA) with the keyring ................................. */ RACDCERT CONNECT(CERTAUTH + LABEL('&ROOTZFCA.') + - RING(&ZOWERING.) USAGE(CERTAUTH)) + + RING({zowe.setup.certificate.keyring.name}.) USAGE(CERTAUTH)) + ID(&ZOWEUSER.) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH @@ -350,15 +339,15 @@ $$ SETROPTS CLASSACT(RDATALIB) RACLIST(RDATALIB) /* Define profiles that control certificate access ................. */ - RDEFINE RDATALIB &ZOWEUSER..&ZOWERING..LST UACC(NONE) + RDEFINE RDATALIB &ZOWEUSER..{zowe.setup.certificate.keyring.name}..LST UACC(NONE) /* Permit server user ID to access key ring and related ............ */ /* private keys. ................................................... */ - PERMIT &ZOWEUSER..&ZOWERING..LST CLASS(RDATALIB) ID(&ZOWEUSER.) + + PERMIT &ZOWEUSER..{zowe.setup.certificate.keyring.name}..LST CLASS(RDATALIB) ID(&ZOWEUSER.) + ACCESS(CONTROL) /* Uncomment this command to allow other user to access key ring ... */ -/* PERMIT &ZOWEUSER..&ZOWERING..LST CLASS(RDATALIB) ID() + */ +/* PERMIT &ZOWEUSER..{zowe.setup.certificate.keyring.name}..LST CLASS(RDATALIB) ID() + */ /* ACCESS(READ) */ /* Refresh to dynamically activate the changes. .................... */ @@ -382,13 +371,13 @@ $$ SETROPTS RACLIST(FACILITY) REFRESH /* show results .................................................... */ - RLIST RDATALIB &ZOWEUSER..&ZOWERING..LST ALL + RLIST RDATALIB &ZOWEUSER..{zowe.setup.certificate.keyring.name}..LST ALL RLIST FACILITY IRR.DIGTCERT.LISTRING ALL RLIST FACILITY IRR.DIGTCERT.LIST ALL RLIST FACILITY IRR.DIGTCERT.GENCERT ALL /* List the keyring ................................................ */ - RACDCERT LISTRING(&ZOWERING.) ID(&ZOWEUSER.) + RACDCERT LISTRING({zowe.setup.certificate.keyring.name}.) ID(&ZOWEUSER.) /* Common part - END ............................................... */ /* only the last RC is returned, this command ensures it is a 0 .... */ @@ -408,7 +397,7 @@ ACF // * Create the keyring .............................................. */ SET PROFILE(USER) DIVISION(KEYRING) - INSERT &ZOWEUSER..ZOWERING RINGNAME(&ZOWERING.) + INSERT &ZOWEUSER..ZOWERING RINGNAME({zowe.setup.certificate.keyring.name}.) F ACF2,REBUILD(USR),CLASS(P),DIVISION(KEYRING) $$ //IFOPT1 IF (&OPTION EQ 1) THEN @@ -422,29 +411,29 @@ ACF * Create Zowe's local CA authority ................................ */ SET PROFILE(USER) DIVISION(CERTDATA) GENCERT CERTAUTH.ZOWECA LABEL(&LOCALCA) SIZE(2048) - - SUBJSDN(CN='&CN. CA' - - OU='&OU.' - - O='&O.' - - L='&L.' - - SP='&SP.' - + SUBJSDN(CN='{zowe.setup.certificate.dname}. CA' - + OU='{zowe.setup.certificate.dname.orgUnit}.' - + O='{zowe.setup.certificate.dname.org}.' - + L='{zowe.setup.certificate.dname.locality}.' - + SP='{zowe.setup.certificate.dname.state}.' - C='&C.') - EXPIRE(05/01/30) - KEYUSAGE(CERTSIGN) * * Connect Zowe's local CA authority to the keyring ................ */ SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA(CERTAUTH.ZOWECA) RINGNAME(&ZOWERING.) - + CONNECT CERTDATA(CERTAUTH.ZOWECA) RINGNAME({zowe.setup.certificate.keyring.name}.) - KEYRING(&ZOWEUSER..ZOWERING) USAGE(CERTAUTH) CHKCERT CERTAUTH.ZOWECA * * Create a certificate signed by local zowe's CA .................. */ SET PROFILE(USER) DIV(CERTDATA) GENCERT &ZOWEUSER..ZOWECERT - - SUBJSDN(CN='&CN. certificate' - - OU='&OU.' - - O='&O.' - - L='&L.' - - SP='&SP.' - + SUBJSDN(CN='{zowe.setup.certificate.dname}. certificate' - + OU='{zowe.setup.certificate.dname.orgUnit}.' - + O='{zowe.setup.certificate.dname.org}.' - + L='{zowe.setup.certificate.dname.locality}.' - + SP='{zowe.setup.certificate.dname.state}.' - C='&C.') - SIZE(2048) - EXPIRE(05/01/30) - @@ -517,10 +506,10 @@ ACF * Connect all CAs of the Zowe certificate's signing chain with the */ * keyring ......................................................... */ SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA(CERTAUTH.&ITRMZWCA.) RINGNAME(&ZOWERING.) - + CONNECT CERTDATA(CERTAUTH.&ITRMZWCA.) RINGNAME({zowe.setup.certificate.keyring.name}.) - KEYRING(&ZOWEUSER..ZOWERING) USAGE(CERTAUTH) * - CONNECT CERTDATA(CERTAUTH.&ROOTZWCA.) RINGNAME(&ZOWERING.) - + CONNECT CERTDATA(CERTAUTH.&ROOTZWCA.) RINGNAME({zowe.setup.certificate.keyring.name}.) - KEYRING(&ZOWEUSER..ZOWERING) USAGE(CERTAUTH) $$ //IFZWCAED ENDIF @@ -535,7 +524,7 @@ ACF * Connect the z/OSMF root CA signed by a recognized certificate ... */ * authority (CA) with the keyring ................................. */ SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA(CERTAUTH.&ROOTZFCA.) RINGNAME(&ZOWERING.) - + CONNECT CERTDATA(CERTAUTH.&ROOTZFCA.) RINGNAME({zowe.setup.certificate.keyring.name}.) - KEYRING(&ZOWEUSER..ZOWERING) USAGE(CERTAUTH) $$ //IFZFCAED ENDIF @@ -576,7 +565,7 @@ $$ //TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Create the keyring .............................................. */ - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING(&ZOWERING.) + TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) $$ //IFOPT1 IF (&OPTION EQ 1) THEN //RUNOPT1 EXEC PGM=IKJEFT01,REGION=0M @@ -588,11 +577,11 @@ $$ TSS GENCERT(CERTAUTH) + DIGICERT(ZOWECA) + SUBJECTN( + - 'CN="&CN. CA" + - OU="&OU." + - O="&O." + - L="&L." + - SP="&SP." + + 'CN="{zowe.setup.certificate.dname}. CA" + + OU="{zowe.setup.certificate.dname.orgUnit}." + + O="{zowe.setup.certificate.dname.org}." + + L="{zowe.setup.certificate.dname.locality}." + + SP="{zowe.setup.certificate.dname.state}." + C="&C." ') + KEYSIZE(2048) + NADATE(05/01/30) + @@ -600,18 +589,18 @@ $$ KEYUSAGE('CERTSIGN') /* Connect Zowe's local CA authority to the keyring ................ */ - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING(&ZOWERING.) + + TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + RINGDATA(CERTAUTH,ZOWECA) /* Create a certificate signed by local zowe's CA .................. */ TSS GENCERT(&ZOWEUSER.) + DIGICERT(ZOWECERT) + SUBJECTN( + - 'CN="&CN. certificate" + - OU="&OU." + - O="&O." + - L="&L." + - SP="&SP." + + 'CN="{zowe.setup.certificate.dname}. certificate" + + OU="{zowe.setup.certificate.dname.orgUnit}." + + O="{zowe.setup.certificate.dname.org}." + + L="{zowe.setup.certificate.dname.locality}." + + SP="{zowe.setup.certificate.dname.state}." + C="&C." ') + KEYSIZE(2048) + NADATE(05/01/30) + @@ -677,10 +666,10 @@ $$ /* Connect all CAs of the Zowe certificate's signing chain with the */ /* keyring ......................................................... */ - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING(&ZOWERING.) + + TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + RINGDATA(CERTAUTH,&ITRMZWCA.) USAGE(CERTAUTH) - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING(&ZOWERING.) + + TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + RINGDATA(CERTAUTH,&ROOTZWCA.) USAGE(CERTAUTH) $$ //IFZWCAED ENDIF @@ -693,7 +682,7 @@ $$ /* Connect the z/OSMF root CA signed by a recognized certificate ... */ /* authority (CA) with the keyring ................................. */ - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING(&ZOWERING.) + + TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + RINGDATA(CERTAUTH,&ROOTZFCA.) USAGE(CERTAUTH) $$ //IFZFCAED ENDIF @@ -712,7 +701,7 @@ $$ /* TSS PERMIT(&ZOWEUSER.) IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) /* List the keyring ................................................ */ - TSS LIST(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING(&ZOWERING.) + TSS LIST(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) /* Common part - END ............................................... */ /* only the last RC is returned, this command ensures it is a 0 */ diff --git a/workflows/templates/ZWESECUR.vtl b/workflows/templates/ZWESECUR.vtl index d32ecb48dc..93f12ac639 100644 --- a/workflows/templates/ZWESECUR.vtl +++ b/workflows/templates/ZWESECUR.vtl @@ -35,40 +35,6 @@ //* 1) Add job name and job parameters to the JOB statement, to //* meet your system requirements. //* -//* 2) Update the SET PRODUCT= statement to match your security -//* product. -//* -//* 3) Update the SET ADMINGRP= statement to match the desired -//* group name for Zowe administrators. -//* -//* 4) Update the SET STCGRP= statement to match the desired -//* group name for started tasks. -//* -//* 5) Update the SET ZOWEUSER= statement to match the desired -//* user ID for the ZOWE started task. -//* -//* 6) Update the SET ZISUSER= statement to match the desired -//* user ID for the ZIS started task. -//* -//* 7) Update the SET ZOWESTC= statement to match the desired -//* Zowe started task name. -//* -//* 8) Update the SET ZLNCHSTC= statement to match the desired -//* Zowe launcher started task name. It is applicable if you -//* run Zowe for high availability. -//* -//* 9) Update the SET ZISSTC= statement to match the desired -//* ZIS started task name. -//* -//* 10) Update the SET AUXSTC= statement to match the desired -//* ZIS Auxiliary started task name. -//* -//* 11) Update the SET HLQ= statement to match the desired -//* Zowe data set high level qualifier. -//* -//* 12) Update the SET SYSPROG= statement to match the existing -//* user ID or group used by z/OS system programmers. -//* //* 13) When not using AUTOUID and AUTOGID to assign z/OS UNIX UID //* and GID values, update the SET *ID= statements to match the //* desired UID and GID values. @@ -103,19 +69,6 @@ #if($ibmTemplate == 'YES') // EXPORT SYMLIST=* //* -// SET PRODUCT=RACF * RACF, ACF2, or TSS -//* 12345678 -// SET ADMINGRP=ZWEADMIN * group for Zowe administrators -// SET STCGRP=&ADMINGRP. * group for Zowe started tasks -// SET ZOWEUSER=ZWESVUSR * userid for Zowe started task -// SET ZISUSER=ZWESIUSR * userid for ZIS started task -// SET ZOWESTC=ZWESVSTC * Zowe started task name -// SET ZLNCHSTC=ZWESLSTC * Zowe started task name for HA -// SET ZISSTC=ZWESISTC * ZIS started task name -// SET AUXSTC=ZWESASTC * ZIS AUX started task name -// SET HLQ=ZWE * data set high level qualifier -// SET SYSPROG=&ADMINGRP. * system programmer user ID/group -//* 12345678 //* //* The sample RACF and ACF2 commands assume AUTOUID and AUTOGID are //* enabled. When this is not the case, or you are using Top Secret, @@ -145,19 +98,6 @@ #if($ibmTemplate != 'YES') // EXPORT SYMLIST=* //* -// SET PRODUCT=${PRODUCT} * RACF, ACF2, or TSS -//* 12345678 -// SET ADMINGRP=${ADMINGRP} * group for Zowe administrators -// SET STCGRP=${STCGRP} * group for Zowe started tasks -// SET ZOWEUSER=${ZOWEUSER} * userid for Zowe started task -// SET ZISUSER=${ZISUSER} * userid for ZIS started task -// SET ZOWESTC=${ZOWESTC} * Zowe started task name -// SET ZLNCHSTC=${ZLNCHSTC} * Zowe started task name for HA -// SET ZISSTC=${ZISSTC} * ZIS started task name -// SET AUXSTC=${AUXSTC} * ZIS AUX started task name -// SET HLQ=${HLQ} * data set high level qualifier -// SET SYSPROG=${SYSPROG} * system programmer user ID/group -//* 12345678 //* //* The sample RACF and ACF2 commands assume AUTOUID and AUTOGID are //* enabled. When this is not the case, or you are using Top Secret, @@ -193,7 +133,7 @@ //* //RUN EXEC PGM=IKJEFT01,REGION=0M //SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT +//SYSTSIN DD DDNAME={zowe.setup.security.product} //* //********************************************************************* //* @@ -232,12 +172,12 @@ /* group for administrators */ /* replace AUTOGID with GID(&ADMINGID.) if AUTOGID not enabled */ - LISTGRP &ADMINGRP. OMVS - ADDGROUP &ADMINGRP. OMVS(AUTOGID) - + LISTGRP {zowe.setup.security.groups.admin}. OMVS + ADDGROUP {zowe.setup.security.groups.admin}. OMVS(AUTOGID) - DATA('ZOWE ADMINISTRATORS') /* uncomment to add existing user IDs to the &ADMINGRP group */ -/* CONNECT (userid,userid,...) GROUP(&ADMINGRP.) AUTH(USE) */ +/* CONNECT (userid,userid,...) GROUP({zowe.setup.security.groups.admin}.) AUTH(USE) */ /* DEFINE STARTED TASK ............................................. */ @@ -249,28 +189,28 @@ /* warning messages otherwise */ /* group for started tasks */ /* replace AUTOGID with GID(&STCGID.) if AUTOGID not enabled */ - LISTGRP &STCGRP. OMVS - ADDGROUP &STCGRP. OMVS(AUTOGID) - + LISTGRP {zowe.setup.security.groups.stc}. OMVS + ADDGROUP {zowe.setup.security.groups.stc}. OMVS(AUTOGID) - DATA('STARTED TASK GROUP WITH OMVS SEGMENT') /* */ /* userid for ZOWE main server */ /* replace AUTOUID with UID(&ZOWEUID.) if AUTOUID not enabled */ - LISTUSER &ZOWEUSER. OMVS - ADDUSER &ZOWEUSER. - + LISTUSER {zowe.setup.security.users.zowe}. OMVS + ADDUSER {zowe.setup.security.users.zowe}. - NOPASSWORD - - DFLTGRP(&STCGRP.) - + DFLTGRP({zowe.setup.security.groups.stc}.) - OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) - NAME('ZOWE SERVER') - DATA('ZOWE MAIN SERVER') /* userid for ZIS cross memory server */ /* replace AUTOUID with UID(&ZISUID.) if AUTOUID not enabled */ - LISTUSER &ZISUSER. OMVS - ADDUSER &ZISUSER. - + LISTUSER {zowe.setup.security.users.zis}. OMVS + ADDUSER {zowe.setup.security.users.zis}. - NOPASSWORD - - DFLTGRP(&STCGRP.) - + DFLTGRP({zowe.setup.security.groups.stc}.) - OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) - NAME('ZOWE ZIS SERVER') - DATA('ZOWE ZIS CROSS MEMORY SERVER') @@ -278,39 +218,39 @@ /* */ /* started task for ZOWE main server */ - RLIST STARTED &ZOWESTC..* ALL STDATA - RDEFINE STARTED &ZOWESTC..* - - STDATA(USER(&ZOWEUSER.) GROUP(&STCGRP.) TRUSTED(NO)) - + RLIST STARTED {zowe.setup.security.stcs.zowe}..* ALL STDATA + RDEFINE STARTED {zowe.setup.security.stcs.zowe}..* - + STDATA(USER({zowe.setup.security.users.zowe}.) GROUP({zowe.setup.security.groups.stc}.) TRUSTED(NO)) - DATA('ZOWE MAIN SERVER') /* started task for ZOWE Launcher in high availability */ - RLIST STARTED &ZLNCHSTC..* ALL STDATA - RDEFINE STARTED &ZLNCHSTC..* - - STDATA(USER(&ZOWEUSER.) GROUP(&STCGRP.) TRUSTED(NO)) - + RLIST STARTED {zowe.setup.security.stcs.zowe}..* ALL STDATA + RDEFINE STARTED {zowe.setup.security.stcs.zowe}..* - + STDATA(USER({zowe.setup.security.users.zowe}.) GROUP({zowe.setup.security.groups.stc}.) TRUSTED(NO)) - DATA('ZOWE LAUNCHER SERVER') /* started task for ZIS cross memory server */ - RLIST STARTED &ZISSTC..* ALL STDATA - RDEFINE STARTED &ZISSTC..* - - STDATA(USER(&ZISUSER.) GROUP(&STCGRP.) TRUSTED(NO)) - + RLIST STARTED {zowe.setup.security.stcs.zis}..* ALL STDATA + RDEFINE STARTED {zowe.setup.security.stcs.zis}..* - + STDATA(USER({zowe.setup.security.users.zis}.) GROUP({zowe.setup.security.groups.stc}.) TRUSTED(NO)) - DATA('ZOWE ZIS CROSS MEMORY SERVER') /* started task for ZIS Auxiliary cross memory server */ - RLIST STARTED &AUXSTC..* ALL STDATA - RDEFINE STARTED &AUXSTC..* - - STDATA(USER(&ZISUSER.) GROUP(&STCGRP.) TRUSTED(NO)) - + RLIST STARTED {zowe.setup.security.stcs.aux}..* ALL STDATA + RDEFINE STARTED {zowe.setup.security.stcs.aux}..* - + STDATA(USER({zowe.setup.security.users.zis}.) GROUP({zowe.setup.security.groups.stc}.) TRUSTED(NO)) - DATA('ZOWE ZIS AUX CROSS MEMORY SERVER') SETROPTS RACLIST(STARTED) REFRESH /* show results .................................................... */ - LISTGRP &STCGRP. OMVS - LISTUSER &ZOWEUSER. OMVS - LISTUSER &ZISUSER. OMVS - RLIST STARTED &ZOWESTC..* ALL STDATA - RLIST STARTED &ZLNCHSTC..* ALL STDATA - RLIST STARTED &ZISSTC..* ALL STDATA - RLIST STARTED &AUXSTC..* ALL STDATA + LISTGRP {zowe.setup.security.groups.stc}. OMVS + LISTUSER {zowe.setup.security.users.zowe}. OMVS + LISTUSER {zowe.setup.security.users.zis}. OMVS + RLIST STARTED {zowe.setup.security.stcs.zowe}..* ALL STDATA + RLIST STARTED {zowe.setup.security.stcs.zowe}..* ALL STDATA + RLIST STARTED {zowe.setup.security.stcs.zis}..* ALL STDATA + RLIST STARTED {zowe.setup.security.stcs.aux}..* ALL STDATA /* DEFINE ZIS SECURITY RESOURCES ................................... */ @@ -321,13 +261,13 @@ /* DEFINE AUX SERVER PERMISIONS .................................... */ /* permit AUX STC to use ZIS cross memory server */ - PERMIT ZWES.IS CLASS(FACILITY) ACCESS(READ) ID(&ZISUSER.) + PERMIT ZWES.IS CLASS(FACILITY) ACCESS(READ) ID({zowe.setup.security.users.zis}.) SETROPTS RACLIST(FACILITY) REFRESH /* DEFINE ZOWE SERVER PERMISIONS ................................... */ /* permit Zowe main server to use ZIS cross memory server */ - PERMIT ZWES.IS CLASS(FACILITY) ACCESS(READ) ID(&ZOWEUSER.) + PERMIT ZWES.IS CLASS(FACILITY) ACCESS(READ) ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(FACILITY) REFRESH /* permit Zowe main server to create a user's security environment */ @@ -338,22 +278,22 @@ /* it on a production system. */ RLIST FACILITY BPX.DAEMON ALL RDEFINE FACILITY BPX.DAEMON UACC(NONE) - PERMIT BPX.DAEMON CLASS(FACILITY) ACCESS(UPDATE) ID(&ZOWEUSER.) + PERMIT BPX.DAEMON CLASS(FACILITY) ACCESS(UPDATE) ID({zowe.setup.security.users.zowe}.) RLIST FACILITY BPX.SERVER ALL RDEFINE FACILITY BPX.SERVER UACC(NONE) - PERMIT BPX.SERVER CLASS(FACILITY) ACCESS(UPDATE) ID(&ZOWEUSER.) + PERMIT BPX.SERVER CLASS(FACILITY) ACCESS(UPDATE) ID({zowe.setup.security.users.zowe}.) /* permit Zowe main server to create a user's security environment */ /* comment out the following 2 lines if the OMVSAPPL is not defined */ /* in your environment */ - PERMIT OMVSAPPL CLASS(APPL) ID(&ZOWEUSER.) ACCESS(READ) + PERMIT OMVSAPPL CLASS(APPL) ID({zowe.setup.security.users.zowe}.) ACCESS(READ) SETROPTS RACLIST(APPL) REFRESH /* permit Zowe main server to set job name */ RLIST FACILITY BPX.JOBNAME ALL RDEFINE FACILITY BPX.JOBNAME UACC(NONE) - PERMIT BPX.JOBNAME CLASS(FACILITY) ACCESS(READ) ID(&ZOWEUSER.) + PERMIT BPX.JOBNAME CLASS(FACILITY) ACCESS(READ) ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(FACILITY) REFRESH @@ -362,26 +302,26 @@ RLIST UNIXPRIV SUPERUSER.FILESYS ALL RDEFINE UNIXPRIV SUPERUSER.FILESYS UACC(NONE) PERMIT SUPERUSER.FILESYS CLASS(UNIXPRIV) ACCESS(CONTROL) - - ID(&ZOWEUSER.) + ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(UNIXPRIV) REFRESH /* permit Zowe main server to use client certificate mapping service */ RLIST FACILITY IRR.RUSERMAP ALL RDEFINE FACILITY IRR.RUSERMAP UACC(NONE) - PERMIT IRR.RUSERMAP CLASS(FACILITY) ACCESS(READ) ID(&ZOWEUSER.) + PERMIT IRR.RUSERMAP CLASS(FACILITY) ACCESS(READ) ID({zowe.setup.security.users.zowe}.) /* permit Zowe main server to use distributed identity mapping */ /* service RLIST FACILITY IRR.IDIDMAP.QUERY ALL RDEFINE FACILITY IRR.IDIDMAP.QUERY UACC(NONE) PERMIT IRR.IDIDMAP.QUERY CLASS(FACILITY) ACCESS(READ) - - ID(&ZOWEUSER.) + ID({zowe.setup.security.users.zowe}.) /* permit Zowe main server to cut SMF records */ RLIST FACILITY IRR.RAUDITX ALL RDEFINE FACILITY IRR.RAUDITX UACC(NONE) - PERMIT IRR.RAUDITX CLASS(FACILITY) ACCESS(READ) ID(&ZOWEUSER.) + PERMIT IRR.RAUDITX CLASS(FACILITY) ACCESS(READ) ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(FACILITY) REFRESH /* show results .................................................... */ @@ -403,19 +343,19 @@ /* EGN is not active on your system. */ /* HLQ stub */ - LISTGRP &HLQ. - ADDGROUP &HLQ. DATA('Zowe - HLQ STUB') + LISTGRP {zowe.setup.dataset.prefix}. + ADDGROUP {zowe.setup.dataset.prefix}. DATA('Zowe - HLQ STUB') /* general data set protection */ - LISTDSD PREFIX(&HLQ.) ALL - ADDSD '&HLQ..*.**' UACC(READ) DATA('Zowe') - PERMIT '&HLQ..*.**' CLASS(DATASET) ACCESS(ALTER) ID(&SYSPROG.) + LISTDSD PREFIX({zowe.setup.dataset.prefix}.) ALL + ADDSD '{zowe.setup.dataset.prefix}..*.**' UACC(READ) DATA('Zowe') + PERMIT '{zowe.setup.dataset.prefix}..*.**' CLASS(DATASET) ACCESS(ALTER) ID({zowe.setup.security.groups.sysProg}.) SETROPTS GENERIC(DATASET) REFRESH /* show results .................................................... */ - LISTGRP &HLQ. - LISTDSD PREFIX(&HLQ.) ALL + LISTGRP {zowe.setup.dataset.prefix}. + LISTDSD PREFIX({zowe.setup.dataset.prefix}.) ALL /* DEFINE ZOWE RESOURCE PROTECTION ................................. */ @@ -470,13 +410,13 @@ ACF * replace AUTOGID with GID(&ADMINGID.) if AUTOGID is not enabled * SET PROFILE(GROUP) DIV(OMVS) -INSERT &ADMINGRP. AUTOGID +INSERT {zowe.setup.security.groups.admin}. AUTOGID F ACF2,REBUILD(GRP),CLASS(P) * * uncomment and customize to add an existing userid as administrator * * SET X(ROL) -* INSERT &ADMINGRP. INCLUDE(userid) ROLE +* INSERT {zowe.setup.security.groups.admin}. INCLUDE(userid) ROLE * F ACF2,NEWXREF,TYPE(ROL) * * DEFINE STARTED TASK ............................................. @@ -487,7 +427,7 @@ F ACF2,REBUILD(GRP),CLASS(P) * replace AUTOGID with GID(&STCGID.) if AUTOGID is not enabled * SET PROFILE(GROUP) DIV(OMVS) -INSERT &STCGRP. AUTOGID +INSERT {zowe.setup.security.groups.stc}. AUTOGID F ACF2,REBUILD(GRP),CLASS(P) * ***** @@ -496,18 +436,18 @@ F ACF2,REBUILD(GRP),CLASS(P) * replace AUTOUID with UID(&ZOWEUID.) if AUTOUID is not enabled * SET LID -INSERT &ZOWEUSER. STC GROUP(&STCGRP.) +INSERT {zowe.setup.security.users.zowe}. STC GROUP({zowe.setup.security.groups.stc}.) SET PROFILE(USER) DIV(OMVS) -INSERT &ZOWEUSER. AUTOUID HOME(/tmp) OMVSPGM(/bin/sh) +INSERT {zowe.setup.security.users.zowe}. AUTOUID HOME(/tmp) OMVSPGM(/bin/sh) F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) * * userid for ZIS cross memory server * replace AUTOUID with UID(&ZISUID.) if AUTOUID is not enabled * SET LID -INSERT &ZISUSER. STC GROUP(&STCGRP.) +INSERT {zowe.setup.security.users.zis}. STC GROUP({zowe.setup.security.groups.stc}.) SET PROFILE(USER) DIV(OMVS) -INSERT &ZISUSER. AUTOUID HOME(/tmp) OMVSPGM(/bin/sh) +INSERT {zowe.setup.security.users.zis}. AUTOUID HOME(/tmp) OMVSPGM(/bin/sh) F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) * ***** @@ -515,44 +455,44 @@ F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) * started task for ZOWE main server * SET CONTROL(GSO) -INSERT STC.&ZOWESTC. LOGONID(&ZOWEUSER.) + -GROUP(&STCGRP.) + -STCID(&ZOWESTC.) +INSERT STC.{zowe.setup.security.stcs.zowe}. LOGONID({zowe.setup.security.users.zowe}.) + +GROUP({zowe.setup.security.groups.stc}.) + +STCID({zowe.setup.security.stcs.zowe}.) F ACF2,REFRESH(STC) * * started task for ZOWE Launcher in high availability * SET CONTROL(GSO) -INSERT STC.&ZLNCHSTC. LOGONID(&ZOWEUSER.) + -GROUP(&STCGRP.) + -STCID(&ZLNCHSTC.) +INSERT STC.{zowe.setup.security.stcs.zowe}. LOGONID({zowe.setup.security.users.zowe}.) + +GROUP({zowe.setup.security.groups.stc}.) + +STCID({zowe.setup.security.stcs.zowe}.) F ACF2,REFRESH(STC) * * started task for ZIS cross memory server * SET CONTROL(GSO) -INSERT STC.&ZISSTC. LOGONID(&ZISUSER.) + -GROUP(&STCGRP.) + -STCID(&ZISSTC.) +INSERT STC.{zowe.setup.security.stcs.zis}. LOGONID({zowe.setup.security.users.zis}.) + +GROUP({zowe.setup.security.groups.stc}.) + +STCID({zowe.setup.security.stcs.zis}.) F ACF2,REFRESH(STC) * * started task for ZIS Auxiliary cross memory server * SET CONTROL(GSO) -INSERT STC.&AUXSTC. LOGONID(&ZISUSER.) + -GROUP(&STCGRP.) + -STCID(&AUXSTC.) +INSERT STC.{zowe.setup.security.stcs.aux}. LOGONID({zowe.setup.security.users.zis}.) + +GROUP({zowe.setup.security.groups.stc}.) + +STCID({zowe.setup.security.stcs.aux}.) F ACF2,REFRESH(STC) * * DEFINE ZIS SECURITY RESOURCES .................................. * -* define a role holding the permissions, add &ZISUSER and -* &ZOWEUSER to it +* define a role holding the permissions, add {zowe.setup.security.users.zis} and +* {zowe.setup.security.users.zowe} to it * SET X(ROL) -INSERT &STCGRP. INCLUDE(&ZOWEUSER.) ROLE +INSERT {zowe.setup.security.groups.stc}. INCLUDE({zowe.setup.security.users.zowe}.) ROLE F ACF2,NEWXREF,TYPE(ROL) -CHANGE &STCGRP. INCLUDE(&ZISUSER.) ADD +CHANGE {zowe.setup.security.groups.stc}. INCLUDE({zowe.setup.security.users.zis}.) ADD F ACF2,NEWXREF,TYPE(ROL) * * DEFINE STC SERVER PERMISIONS .................................... @@ -560,7 +500,7 @@ F ACF2,NEWXREF,TYPE(ROL) * permit AUX and Zowe main server to use ZIS cross memory server * SET RESOURCE(FAC) -RECKEY ZWES ADD(IS SERVICE(READ) ROLE(&STCGRP.) ALLOW) +RECKEY ZWES ADD(IS SERVICE(READ) ROLE({zowe.setup.security.groups.stc}.) ALLOW) F ACF2,REBUILD(FAC) * * DEFINE ZOWE SERVER PERMISIONS ................................... @@ -573,18 +513,18 @@ F ACF2,REBUILD(FAC) * it on a production system. * SET RESOURCE(FAC) -RECKEY BPX ADD(DAEMON SERVICE(UPDATE) ROLE(&STCGRP.) ALLOW) -RECKEY BPX ADD(SERVER SERVICE(UPDATE) ROLE(&STCGRP.) ALLOW) +RECKEY BPX ADD(DAEMON SERVICE(UPDATE) ROLE({zowe.setup.security.groups.stc}.) ALLOW) +RECKEY BPX ADD(SERVER SERVICE(UPDATE) ROLE({zowe.setup.security.groups.stc}.) ALLOW) * * permit Zowe main server to create a user's security environment * comment out the following 3 lines if the OMVSAPPL is not defined * in your environment SET RESOURCE(APL) -RECKEY OMVSAPPL ADD(SERVICE(READ) ROLE(&STCGRP.) ALLOW) +RECKEY OMVSAPPL ADD(SERVICE(READ) ROLE({zowe.setup.security.groups.stc}.) ALLOW) F ACF2,REBUILD(APL) * * Allow STCGRP role access to BPX.JOBNAME -RECKEY BPX ADD(JOBNAME SERVICE(READ) ROLE(&STCGRP.) ALLOW) +RECKEY BPX ADD(JOBNAME SERVICE(READ) ROLE({zowe.setup.security.groups.stc}.) ALLOW) F ACF2,REBUILD(FAC) * ** comment out to not use SUPERUSER.FILESYS, see JCL comments @@ -595,27 +535,27 @@ COMPILE * $KEY(SUPERUSER.FILESYS) $TYPE(UNI) $ROLESET - ROLE(&STCGRP.) ALLOW + ROLE({zowe.setup.security.groups.stc}.) ALLOW STORE * SET RESOURCE(UNI) -* RECKEY SUPERUSER.FILESYS ADD(SERVICE(READ) ROLE(&STCGRP.) ALLOW) +* RECKEY SUPERUSER.FILESYS ADD(SERVICE(READ) ROLE({zowe.setup.security.groups.stc}.) ALLOW) F ACF2,REBUILD(UNI) * allow STCGRP role to use client certificate mapping service SET RESOURCE(FAC) -RECKEY IRR ADD(RUSERMAP ROLE(&STCGRP.) SERVICE(READ) ALLOW) +RECKEY IRR ADD(RUSERMAP ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * allow STCGRP role to use distributed identity mapping service SET RESOURCE(FAC) -RECKEY IRR ADD(IDIDMAP.QUERY ROLE(&STCGRP.) SERVICE(READ) ALLOW) +RECKEY IRR ADD(IDIDMAP.QUERY ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * permit Zowe main server to cut SMF records SET RESOURCE(FAC) -RECKEY IRR ADD(RAUDITX ROLE(&STCGRP.) SERVICE(READ) ALLOW) +RECKEY IRR ADD(RAUDITX ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * @@ -627,13 +567,13 @@ F ACF2,REBUILD(FAC) * HLQ stub SET RULE * general data set protection -LIST &HLQ. -RECKEY &HLQ. ADD(- UID(-) READ(A) EXEC(P)) -RECKEY &HLQ. + -ADD(- UID(&SYSPROG.) READ(A) EXEC(A) ALLOC(A) WRITE(A)) +LIST {zowe.setup.dataset.prefix}. +RECKEY {zowe.setup.dataset.prefix}. ADD(- UID(-) READ(A) EXEC(P)) +RECKEY {zowe.setup.dataset.prefix}. + +ADD(- UID({zowe.setup.security.groups.sysProg}.) READ(A) EXEC(A) ALLOC(A) WRITE(A)) * * show results -LIST &HLQ. +LIST {zowe.setup.dataset.prefix}. * * @@ -674,67 +614,67 @@ $$ /* DEFINE ADMINISTRATORS ........................................... */ /* group for administrators */ - TSS LIST(&ADMINGRP.) SEGMENT(OMVS) - TSS CREATE(&ADMINGRP.) TYPE(GROUP) + + TSS LIST({zowe.setup.security.groups.admin}.) SEGMENT(OMVS) + TSS CREATE({zowe.setup.security.groups.admin}.) TYPE(GROUP) + NAME('ZOWE ADMINISTRATORS') + DEPT(&ADMINDEP.) - TSS ADD(&ADMINGRP.) GID(&ADMINGID.) + TSS ADD({zowe.setup.security.groups.admin}.) GID(&ADMINGID.) /* uncomment to add existing user IDs to the &ADMINGRP group */ -/* TSS ADD(userid) GROUP(&ADMINGRP.) */ +/* TSS ADD(userid) GROUP({zowe.setup.security.groups.admin}.) */ /* DEFINE STARTED TASK ............................................. */ /* comment out if STCGRP matches ADMINGRP (default), expect */ /* warning messages otherwise */ /* group for started tasks */ - TSS LIST(&STCGRP.) SEGMENT(OMVS) - TSS CREATE(&STCGRP.) TYPE(GROUP) + + TSS LIST({zowe.setup.security.groups.stc}.) SEGMENT(OMVS) + TSS CREATE({zowe.setup.security.groups.stc}.) TYPE(GROUP) + NAME('STC GROUP WITH OMVS SEGMENT') + DEPT(&STCGDEP.) - TSS ADD(&STCGRP.) GID(&STCGID.) + TSS ADD({zowe.setup.security.groups.stc}.) GID(&STCGID.) /* */ /* userid for ZOWE main server */ - TSS LIST(&ZOWEUSER.) SEGMENT(OMVS) - TSS CREATE(&ZOWEUSER.) TYPE(USER) PASS(NOPW,0) + + TSS LIST({zowe.setup.security.users.zowe}.) SEGMENT(OMVS) + TSS CREATE({zowe.setup.security.users.zowe}.) TYPE(USER) PASS(NOPW,0) + NAME('ZOWE MAIN SERVER') + DEPT(&STCUDEP.) - TSS ADD(&ZOWEUSER.) GROUP(&STCGRP.) + - DFLTGRP(&STCGRP.) + + TSS ADD({zowe.setup.security.users.zowe}.) GROUP({zowe.setup.security.groups.stc}.) + + DFLTGRP({zowe.setup.security.groups.stc}.) + HOME(/tmp) OMVSPGM(/bin/sh) UID(&ZOWEUID.) /* userid for ZIS cross memory server */ - TSS LIST(&ZISUSER.) SEGMENT(OMVS) - TSS CREATE(&ZISUSER.) TYPE(USER) PASS(NOPW,0) + + TSS LIST({zowe.setup.security.users.zis}.) SEGMENT(OMVS) + TSS CREATE({zowe.setup.security.users.zis}.) TYPE(USER) PASS(NOPW,0) + NAME('ZOWE ZIS CROSS MEMORY SERVER') + DEPT(&STCUDEP.) - TSS ADD(&ZISUSER.) GROUP(&STCGRP.) + - DFLTGRP(&STCGRP.) + + TSS ADD({zowe.setup.security.users.zis}.) GROUP({zowe.setup.security.groups.stc}.) + + DFLTGRP({zowe.setup.security.groups.stc}.) + HOME(/tmp) OMVSPGM(/bin/sh) UID(&ZISUID.) /* */ /* started task for ZOWE main server */ - TSS LIST(STC) PROCNAME(&ZOWESTC.) PREFIX - TSS ADD(STC) PROCNAME(&ZOWESTC.) ACID(&ZOWEUSER.) - TSS ADD(&ZOWEUSER.) FAC(STC) + TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.zowe}.) PREFIX + TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.zowe}.) ACID({zowe.setup.security.users.zowe}.) + TSS ADD({zowe.setup.security.users.zowe}.) FAC(STC) /* started task for ZOWE Launcher in high availability */ - TSS LIST(STC) PROCNAME(&ZLNCHSTC.) PREFIX - TSS ADD(STC) PROCNAME(&ZLNCHSTC.) ACID(&ZOWEUSER.) - TSS ADD(&ZOWEUSER.) FAC(STC) + TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.zowe}.) PREFIX + TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.zowe}.) ACID({zowe.setup.security.users.zowe}.) + TSS ADD({zowe.setup.security.users.zowe}.) FAC(STC) /* started task for ZIS cross memory server */ - TSS LIST(STC) PROCNAME(&ZISSTC.) PREFIX - TSS ADD(STC) PROCNAME(&ZISSTC.) ACID(&ZISUSER.) - TSS ADD(&ZISUSER.) FAC(STC) + TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.zis}.) PREFIX + TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.zis}.) ACID({zowe.setup.security.users.zis}.) + TSS ADD({zowe.setup.security.users.zis}.) FAC(STC) /* started task for ZIS Auxiliary cross memory server */ - TSS LIST(STC) PROCNAME(&AUXSTC.) PREFIX - TSS ADD(STC) PROCNAME(&AUXSTC.) ACID(&ZISUSER.) - TSS ADD(&ZISUSER.) FAC(STC) + TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.aux}.) PREFIX + TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.aux}.) ACID({zowe.setup.security.users.zis}.) + TSS ADD({zowe.setup.security.users.zis}.) FAC(STC) /* DEFINE ZIS SECURITY RESOURCES ................................... */ @@ -745,7 +685,7 @@ $$ /* permit AUX STC to use ZIS cross memory server */ TSS WHOHAS IBMFAC(ZWES.IS) - TSS PERMIT(&ZISUSER.) IBMFAC(ZWES.IS) ACCESS(READ) + TSS PERMIT({zowe.setup.security.users.zis}.) IBMFAC(ZWES.IS) ACCESS(READ) #if($ibmTemplate != 'YES') /* The ZOWESTC started task is a multi-user address space therefore */ @@ -779,7 +719,7 @@ $$ /* permit Zowe main server to use ZIS cross memory server */ TSS WHOHAS IBMFAC(ZWES.IS) - TSS PERMIT(&ZOWEUSER.) IBMFAC(ZWES.IS) ACCESS(READ) + TSS PERMIT({zowe.setup.security.users.zowe}.) IBMFAC(ZWES.IS) ACCESS(READ) /* permit Zowe main server to create a user's security environment */ /* ATTENTION: Defining the BPX.DAEMON or BPX.SERVER profile makes */ @@ -789,37 +729,37 @@ $$ /* it on a production system. */ TSS ADD(&FACACID.) IBMFAC(BPX.) TSS WHOHAS IBMFAC(BPX.DAEMON) - TSS PER(&ZOWEUSER.) IBMFAC(BPX.DAEMON) ACCESS(UPDATE) + TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(BPX.DAEMON) ACCESS(UPDATE) TSS WHOHAS IBMFAC(BPX.SERVER) - TSS PER(&ZOWEUSER.) IBMFAC(BPX.SERVER) ACCESS(UPDATE) + TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(BPX.SERVER) ACCESS(UPDATE) /* permit Zowe main server to create a user's security environment */ /* comment out the following line if the OMVSAPPL is not defined */ /* in your environment */ -TSS PERMIT(&ZOWEUSER.) APPL(OMVSAPPL) +TSS PERMIT({zowe.setup.security.users.zowe}.) APPL(OMVSAPPL) /* Allow ZOWEUSER access to BPX.JOBNAME */ TSS WHOHAS IBMFAC(BPX.JOBNAME) - TSS PER(&ZOWEUSER.) IBMFAC(BPX.JOBNAME) ACCESS(READ) + TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(BPX.JOBNAME) ACCESS(READ) /* comment out to not use SUPERUSER.FILESYS, see JCL comments */ /* permit Zowe main server to write persistent data */ TSS ADD(&FACACID.) UNIXPRIV(SUPERUSE) TSS WHOHAS UNIXPRIV(SUPERUSER.FILESYS) - TSS PER(&ZOWEUSER.) UNIXPRIV(SUPERUSER.FILESYS) ACCESS(CONTROL) + TSS PER({zowe.setup.security.users.zowe}.) UNIXPRIV(SUPERUSER.FILESYS) ACCESS(CONTROL) /* permit Zowe main server to use client certificate mapping service */ TSS WHOHAS IBMFAC(IRR.RUSERMAP) - TSS PER(&ZOWEUSER.) IBMFAC(IRR.RUSERMAP) ACCESS(READ) + TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(IRR.RUSERMAP) ACCESS(READ) /* permit Zowe main server to use distributed identity mapping */ /* service TSS WHOHAS IBMFAC(IRR.IDIDMAP.QUERY) - TSS PER(&ZOWEUSER.) IBMFAC(IRR.IDIDMAP.QUERY) ACCESS(READ) + TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(IRR.IDIDMAP.QUERY) ACCESS(READ) /* permit Zowe main server to cut SMF records */ TSS WHOHAS IBMFAC(IRR.RAUDITX) - TSS PER(&ZOWEUSER.) IBMFAC(IRR.RAUDITX) ACCESS(READ) + TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(IRR.RAUDITX) ACCESS(READ) /* DEFINE ZOWE DATA SET PROTECTION ................................. */ @@ -827,15 +767,15 @@ TSS PERMIT(&ZOWEUSER.) APPL(OMVSAPPL) /* advised to protect it against updates. */ /* HLQ stub */ - TSS ADD(&ADMINDEP.) DATASET(&HLQ..) + TSS ADD(&ADMINDEP.) DATASET({zowe.setup.dataset.prefix}..) /* general data set protection */ - TSS WHOHAS DATASET(&HLQ.) - TSS PER(ALL) DATASET(&HLQ..) ACCESS(READ) - TSS PER(&SYSPROG) DATASET(&HLQ..) ACCESS(ALL) + TSS WHOHAS DATASET({zowe.setup.dataset.prefix}.) + TSS PER(ALL) DATASET({zowe.setup.dataset.prefix}..) ACCESS(READ) + TSS PER({zowe.setup.security.groups.sysProg}) DATASET({zowe.setup.dataset.prefix}..) ACCESS(ALL) /* show results */ - TSS WHOHAS DATASET(&HLQ.) + TSS WHOHAS DATASET({zowe.setup.dataset.prefix}.) /* DEFINE ZOWE RESOURCE PROTECTION ................................. */ From a882a72ad73c2dc7bcc81a76099d8381917542f0 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 23 Jan 2024 14:20:26 -0500 Subject: [PATCH 061/258] Added 2 more samplib contents to omit as not jcl Signed-off-by: 1000TurquoisePogs --- files/SZWEEXEC/ZWEGEN00 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/files/SZWEEXEC/ZWEGEN00 b/files/SZWEEXEC/ZWEGEN00 index 6c62c96e8d..60fff0aef9 100644 --- a/files/SZWEEXEC/ZWEGEN00 +++ b/files/SZWEEXEC/ZWEGEN00 @@ -185,10 +185,13 @@ end /* members which are not JCL */ x = DeleteDataSet(jclCopy'(ZWEGENER)') x = DeleteDataSet(jclCopy'(ZWESLSTC)') +x = DeleteDataSet(jclCopy'(ZWESASTC)') x = DeleteDataSet(jclCopy'(ZWESISTC)') x = DeleteDataSet(jclCopy'(ZWESIP00)') +x = DeleteDataSet(jclCopy'(ZWESIPRG)') x = DeleteDataSet(jclCopy'(ZWESISCH)') -x = DeleteDataSet(jclCopy'(ZWESASTC)') +x = DeleteDataSet(jclCopy'(ZWESECKG)') + say jcl' has been copied to 'jclCopy'.' From eb43f5694a541431566fde7bf3f2962af315697b Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 29 Jan 2024 14:55:44 -0500 Subject: [PATCH 062/258] Add 'zwe init generate' for running ZWEGENER. Migrate init mvs logic to 'ZWEIMVS' JCL. Uncomment defaults in example-zowe.yaml for ZWEGENER success. Improve templates of ZWEKRING, ZWENOKYR, ZWENOSEC. Add zos-jes from PR 3135 for use in generate. Add dry-run mode to init mvs. Signed-off-by: 1000TurquoisePogs --- bin/commands/init/generate/.parameters | 1 + bin/commands/init/generate/cli.ts | 18 ++ bin/commands/init/generate/index.ts | 48 +++++ bin/commands/init/index.sh | 1 + bin/commands/init/mvs/.parameters | 1 + bin/commands/init/mvs/index.sh | 83 ++++----- bin/libs/zos-jes.ts | 152 ++++++++++++++++ example-zowe.yaml | 40 ++--- files/SZWESAMP/ZWEIMVS | 67 +++++++ files/SZWESAMP/ZWEKRING | 232 ++++++++++--------------- files/SZWESAMP/ZWENOKYR | 72 ++------ files/SZWESAMP/ZWENOSEC | 207 +++++++++------------- 12 files changed, 536 insertions(+), 386 deletions(-) create mode 100644 bin/commands/init/generate/.parameters create mode 100644 bin/commands/init/generate/cli.ts create mode 100644 bin/commands/init/generate/index.ts create mode 100644 bin/libs/zos-jes.ts create mode 100644 files/SZWESAMP/ZWEIMVS diff --git a/bin/commands/init/generate/.parameters b/bin/commands/init/generate/.parameters new file mode 100644 index 0000000000..e056f70374 --- /dev/null +++ b/bin/commands/init/generate/.parameters @@ -0,0 +1 @@ +dry-run||boolean|||||Prints out existing JCL templates but does not generate resolved JCL. diff --git a/bin/commands/init/generate/cli.ts b/bin/commands/init/generate/cli.ts new file mode 100644 index 0000000000..77c37779ae --- /dev/null +++ b/bin/commands/init/generate/cli.ts @@ -0,0 +1,18 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as std from 'cm_std'; +import * as index from './index'; +import * as configmgr from '../../../libs/configmgr'; + +index.execute(!!std.getenv('ZWE_CLI_PARAMETER_DRY_RUN')); + +configmgr.cleanupTempDir(); diff --git a/bin/commands/init/generate/index.ts b/bin/commands/init/generate/index.ts new file mode 100644 index 0000000000..bc667a57d2 --- /dev/null +++ b/bin/commands/init/generate/index.ts @@ -0,0 +1,48 @@ +/* +// This program and the accompanying materials are made available +// under the terms of the Eclipse Public License v2.0 which +// accompanies this distribution, and is available at +// https://www.eclipse.org/legal/epl-v20.html +// +// SPDX-License-Identifier: EPL-2.0 +// +// Copyright Contributors to the Zowe Project. +*/ + +import * as std from 'cm_std'; +import * as os from "cm_os"; +import * as xplatform from "xplatform"; +import * as fs from '../../../libs/fs'; +import * as config from '../../../libs/config'; +import * as common from '../../../libs/common'; +import * as zosFs from '../../../libs/zos-fs'; +import * as zosJes from '../../../libs/zos-jes'; + +export function execute(dryRun?: boolean) { + common.requireZoweYaml(); + const ZOWE_CONFIG=config.getZoweConfig(); + const tempFile = fs.createTmpFile(); + zosFs.copyMvsToUss(ZOWE_CONFIG.zowe.setup.dataset.prefix + 'SZWESAMP(ZWEGENER)', tempFile); + const jclContents = xplatform.loadFileUTF8(tempFile, xplatform.AUTO_DETECT); + os.remove(tempFile); + + common.printMessage(`Template JCL: ${ZOWE_CONFIG.zowe.setup.dataset.prefix + 'SZWESAMP(ZWEGENER)'}`); + common.printMessage('JCL content:'); + common.printMessage(jclContents); + + if (dryRun) { + common.printMessage('JCL not submitted, command run with dry run flag.'); + common.printMessage('To perform command, re-run command without dry run flag, or submit the JCL directly.'); + } else { //TODO can we generate just for one step, or no reason? + common.printMessage('Submitting Job ZWEGENER'); + const jobid = zosJes.submitJob(jclContents); + const result = zosJes.waitForJob(jobid); + common.printMessage(`Job completed with RC=${result.rc}`); + if (result.rc == 0) { + common.printMessage("Zowe JCL generated successfully"); + } else { + common.printMessage(`Zowe JCL generated with errors, check job log. Job completion code=${result.jobcccode}, Job completion text=${result.jobcctext}`); + } + // print if succesful + } +} diff --git a/bin/commands/init/index.sh b/bin/commands/init/index.sh index a2815f2b49..ea19713b18 100755 --- a/bin/commands/init/index.sh +++ b/bin/commands/init/index.sh @@ -87,6 +87,7 @@ else fi ############################### +zwecli_inline_execute_command init generate zwecli_inline_execute_command init mvs zwecli_inline_execute_command init vsam if [ "${ZWE_CLI_PARAMETER_SKIP_SECURITY_SETUP}" != "true" ]; then diff --git a/bin/commands/init/mvs/.parameters b/bin/commands/init/mvs/.parameters index 7d4e1ac58c..5182058f4b 100644 --- a/bin/commands/init/mvs/.parameters +++ b/bin/commands/init/mvs/.parameters @@ -1 +1,2 @@ allow-overwrite,allow-overwritten||boolean|||||Allow overwritten existing MVS data set. +dry-run||boolean|||||Generates and prints JCL but does not execute \ No newline at end of file diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index 7f1102c95d..65effbc77f 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -1,5 +1,4 @@ #!/bin/sh - ####################################################################### # This program and the accompanying materials are made available # under the terms of the Eclipse Public License v2.0 which @@ -15,10 +14,10 @@ print_level1_message "Initialize Zowe custom data sets" ############################### # constants -cust_ds_list="parmlib|Zowe parameter library|dsntype(library) dsorg(po) recfm(f b) lrecl(80) unit(sysallda) space(15,15) tracks -jcllib|Zowe JCL library|dsntype(library) dsorg(po) recfm(f b) lrecl(80) unit(sysallda) space(15,15) tracks -authLoadlib|Zowe authorized load library|dsntype(library) dsorg(po) recfm(u) lrecl(0) blksize(32760) unit(sysallda) space(30,15) tracks -authPluginLib|Zowe authorized plugin library|dsntype(library) dsorg(po) recfm(u) lrecl(0) blksize(32760) unit(sysallda) space(30,15) tracks" +cust_ds_list="parmlib|Zowe parameter library +jcllib|Zowe JCL library +authLoadlib|Zowe authorized load library +authPluginLib|Zowe authorized plugin library ############################### # validation @@ -30,13 +29,20 @@ if [ -z "${prefix}" ]; then print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 fi +jcllib_location=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") +does_jcl_exist=$(is_data_set_exists "${jcllib_location}(ZWEIMVS)") +if [ "${does_jcl_exist}" = "false" ]; then + print_error_and_exit "Error ZWEL0999E: ${jcllib_location}(ZWEIMVS) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 +fi + + + ############################### # create data sets if they do not exist print_message "Create data sets if they do not exist" while read -r line; do key=$(echo "${line}" | awk -F"|" '{print $1}') name=$(echo "${line}" | awk -F"|" '{print $2}') - spec=$(echo "${line}" | awk -F"|" '{print $3}') # read def and validate ds=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.${key}") @@ -59,56 +65,41 @@ while read -r line; do # warning print_message "Warning ZWEL0301W: ${ds} already exists and will not be overwritten. For upgrades, you must use --allow-overwrite." fi - else - print_message "Creating ${ds}" - create_data_set "${ds}" "${spec}" - if [ $? -ne 0 ]; then - print_error_and_exit "Error ZWEL0111E: Command aborts with error." "" 111 - fi fi done <&1`); + if (catResult.rc != 0) { + common.printTrace(` * Failed`); + common.printTrace(` * Exit code: ${catResult.rc}`); + common.printTrace(` * Output:`); + common.printTrace(stringlib.paddingLeft(catResult.out, " ")); + return undefined; + } + else { + common.printTrace(stringlib.paddingLeft(catResult.out, " ")); + } + + const result=shell.execOutSync('sh', '-c', `submit "${jclFile}" 2>&1`); + // expected: JOB JOB????? submitted from path '...' + const code=result.rc; + if (code==0) { + let jobidlines = result.out.split('\n').filter(line=>line.indexOf('submitted')!=-1); + const jobid = jobidlines.length > 0 ? jobidlines[0].split(' ')[1] : undefined; + if (!jobid) { + common.printDebug(` * Failed to find job ID`); + common.printError(` * Exit code: ${code}`); + common.printError(` * Output:`); + if (result.out) { + common.printError(stringlib.paddingLeft(result.out, " ")); + } + return undefined; + } else { + common.printDebug(` * Succeeded with job ID ${jobid}`); + common.printTrace(` * Exit code: ${code}`); + common.printTrace(` * Output:`); + if (result.out) { + common.printTrace(stringlib.paddingLeft(result.out, " ")); + } + return jobid; + } + } else { + common.printDebug(` * Failed`); + common.printError(` * Exit code: ${code}`); + common.printError(` * Output:`); + if (result.out) { + common.printError(stringlib.paddingLeft(result.out, " ")); + } + + return undefined; + } +} + +export function waitForJob(jobid: string): {jobcctext?: string, jobcccode?: string, jobid?: string, jobname?: string, rc: number} { + let jobstatus; + let jobname; + let jobcctext; + let jobcccode; + let is_jes3; + + common.printDebug(`- Wait for job ${jobid} completed, starting at ${new Date().toString()}.`); + // wait for job to finish + const timesSec = [1, 5, 10, 30, 100, 300, 500]; + for (let i = 0; i < timesSec.length; i++) { + jobcctext = undefined; + jobcccode = undefined; + jobname = undefined; + is_jes3 = false; + const secs = timesSec[i]; + common.printTrace(` * Wait for ${secs} seconds`); + os.sleep(secs*1000); + + let result=zoslib.operatorCommand(`\\$D ${jobid},CC`); + // if it's JES3, we receive this: + // ... ISF031I CONSOLE IBMUSER ACTIVATED + // ... -$D JOB00132,CC + // ... IBMUSER7 IEE305I $D COMMAND INVALID + is_jes3=result.out ? result.out.match(new RegExp('\$D \+COMMAND INVALID')) : false; + if (is_jes3) { + common.printDebug(` * JES3 identified`); + const show_jobid=jobid.substring(3); + result=zoslib.operatorCommand(`*I J=${show_jobid}`); + // $I J= gives ... + // ... -*I J=00132 + // ... JES3 IAT8674 JOB BPXAS (JOB00132) P=15 CL=A OUTSERV(PENDING WTR) + // ... JES3 IAT8699 INQUIRY ON JOB STATUS COMPLETE, 1 JOB DISPLAYED + try { + jobname=result.out.split('\n').filter(line=>line.indexOf('IAT8674') != -1)[0].replace(new RegExp('^.*IAT8674 *JOB *', 'g'), '').split(' ')[0]; + } catch (e) { + + } + break; + } else { + // $DJ gives ... + // ... $HASP890 JOB(JOB1) CC=(COMPLETED,RC=0) <-- accept this value + // ... $HASP890 JOB(GIMUNZIP) CC=() <-- reject this value + try { + const jobline = result.out.split('\n').filter(line => line.indexOf('$HASP890') != -1)[0]; + const nameIndex = jobline.indexOf('JOB('); + const ccIndex = jobline.indexOf('CC=('); + jobname = jobline.substring(nameIndex+4, jobline.indexOf(')', nameIndex)); + const cc = jobline.substring(ccIndex+4, jobline.indexOf(')', ccIndex)).split(','); + jobcctext = cc[0]; + if (cc.length > 1) { + const equalSplit = cc[1].split('='); + if (equalSplit.length > 1) { + jobcccode = equalSplit[1]; + } + } + common.printTrace(` * Job (${jobname}) status is ${jobcctext},RC=${jobcccode}`); + if ((jobcctext && jobcctext.length > 0) || (jobcccode && jobcccode.length > 0)) { + // job have CC state + break; + } + } catch (e) { + break; + } + } + } + common.printTrace(` * Job status check done at ${new Date().toString()}.`); + + if (jobcctext || jobcccode) { + common.printDebug(` * Job (${jobname}) exits with code ${jobcccode} (${jobcctext}).`); + if (jobcccode == "0") { + return {jobcctext, jobcccode, jobname, rc: 0}; + } else { + // ${jobcccode} could be greater than 255 + return {jobcctext, jobcccode, jobname, rc: 2}; + } + } else if (is_jes3) { + common.printTrace(` * Cannot determine job complete code. Please check job log manually.`); + return {jobcctext, jobcccode, jobname, rc: 0}; + } else { + common.printError(` * Job (${jobname? jobname : jobid}) doesn't finish within max waiting period.`); + return {jobcctext, jobcccode, jobname, rc: 1}; + } +} diff --git a/example-zowe.yaml b/example-zowe.yaml index 4b8de5acae..144ca7227b 100644 --- a/example-zowe.yaml +++ b/example-zowe.yaml @@ -182,27 +182,27 @@ zowe: # # keyring name # name: ZoweKeyring # # **COMMONLY_CUSTOMIZED** - # # # Label of Zowe certificate. Optional, default value is localhost. - # # label: localhost + # # Label of Zowe certificate. Optional, default value is localhost. + # label: localhost # # **COMMONLY_CUSTOMIZED** - # # # label of Zowe CA certificate. Optional, default value is localca. - # # caLabel: localca - # # # Distinguished name for Zowe generated certificates. All optional. - # # dname: - # # caCommonName: "" - # # commonName: "Zowe Development Instances" - # # orgUnit: "API Mediation Layer" - # # org: "Zowe Sample" - # # locality: "Prague" - # # state: "Prague" - # # country: "" - # # # Validity days for Zowe generated certificates - # # validity: 3650 - # # # Domain names and IPs should be added into certificate SAN - # # # If this field is not defined, `zwe init` command will use - # # # `zowe.externalDomains`. - # # # **NOTE**: due to the limitation of RACDCERT command, this field should - # # # contain exactly 2 entries with the domain name and IP address. + # # label of Zowe CA certificate. Optional, default value is localca. + # caLabel: localca + # # Distinguished name for Zowe generated certificates. All optional. + # dname: + # caCommonName: "" + # commonName: "Zowe Development Instances" + # orgUnit: "API Mediation Layer" + # org: "Zowe Sample" + # locality: "Prague" + # state: "Prague" + # country: "CZ" + # # Validity days for Zowe generated certificates + # validity: 3650 + # # Domain names and IPs should be added into certificate SAN + # # If this field is not defined, `zwe init` command will use + # # `zowe.externalDomains`. + # # **NOTE**: due to the limitation of RACDCERT command, this field should + # # contain exactly 2 entries with the domain name and IP address. # # san: # # - dvipa.my-company.com # # - 12.34.56.78 diff --git a/files/SZWESAMP/ZWEIMVS b/files/SZWESAMP/ZWEIMVS new file mode 100644 index 0000000000..2940c66685 --- /dev/null +++ b/files/SZWESAMP/ZWEIMVS @@ -0,0 +1,67 @@ +//ZWEIMVS JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* +//MKPARML EXEC PGM=IKJEFT01 +//SYSTSPRT DD SYSOUT=A +//SYSTSIN DD * +ALLOC NEW DA('{zowe.setup.dataset.parmlib}') + +dsntype(library) dsorg(po) recfm(f b) lrecl(80) + +unit(sysallda) space(15,15) tracks +//* +//MKJCLL EXEC PGM=IKJEFT01 +//SYSTSPRT DD SYSOUT=A +//SYSTSIN DD * +ALLOC NEW DA('{zowe.setup.dataset.jcllib}') + +dsntype(library) dsorg(po) recfm(f b) lrecl(80) + +unit(sysallda) space(15,15) tracks +//* +//MKAUTHL EXEC PGM=IKJEFT01 +//SYSTSPRT DD SYSOUT=A +//SYSTSIN DD * +ALLOC NEW DA('{zowe.setup.dataset.authLoadLib}') + +dsntype(library) dsorg(po) recfm(u) lrecl(0) + +blksize(32760) unit(sysallda) space(30,15) tracks +//* +//MKAUTHP EXEC PGM=IKJEFT01 +//SYSTSPRT DD SYSOUT=A +//SYSTSIN DD * +ALLOC NEW DA('{zowe.setup.dataset.authPluginLib}') + +dsntype(library) dsorg(po) recfm(u) lrecl(0) + +blksize(32760) unit(sysallda) space(30,15) tracks +//* +//MCOPY1 EXEC PGM=IEBCOPY +//SYSPRINT DD SYSOUT=A +//SYSUT1 DD DSN={zowe.setup.dataset.prefix}.SZWESAMP,DISP=SHR +//SYSUT2 DD DSN={zowe.setup.dataset.jcllib},DISP=OLD +//SYSIN DD * + COPY OUTDD=SYSUT2,INDD=SYSUT1 + SELECT MEMBER=(ZWESIP00) +//* +//AUTHCPY EXEC PGM=BPXBATCH +//BPXPRINT DD SYSOUT=* +//STDOUT DD SYSOUT=* +//STDERR DD SYSOUT=* +//STDPARM DD * +SH cd {zowe.runtimeDirectory} && +cd components/zss && +cp LOADLIB/ZWESIS01 +"//'{zowe.setup.dataset.authLoadLib}(ZWESIS01)'" && +cp LOADLIB/ZWESAUX +"//'{zowe.setup.dataset.authLoadLib}(ZWESAUX)'" && +cp LOADLIB/ZWESISDL +"//'{zowe.setup.dataset.authLoadLib}(ZWESISDL)'" && +cd ../launcher/bin && +cp zowe_launcher +"//'{zowe.setup.dataset.authLoadLib}(ZWELNCH)'" +/* diff --git a/files/SZWESAMP/ZWEKRING b/files/SZWESAMP/ZWEKRING index e317389816..d7cf125975 100644 --- a/files/SZWESAMP/ZWEKRING +++ b/files/SZWESAMP/ZWEKRING @@ -43,57 +43,33 @@ //* 1) Add job name and job parameters to the JOB statement, to //* meet your system requirements. //* -//* 3) Update the SET ZOWEUSER= statement to match the existing -//* user ID for the Zowe started task. -//* -//* 4) Update the SET ZOWERING= statement to match the desired -//* name of the keyring owned by the &ZOWEUSER user ID. -//* -//* 5) Specify the option number which is suitable for your +//* 2) Specify the option number which is suitable for your //* environment by the SET OPTION statement. //* Option 1 considers as default option. -//* -//* 6) Update the SET LABEL= statement with the name of the Zowe -//* certificate that will be defined, or added to the security -//* database or if that is already stored in the security database. -//* -//* 7) Specify the distinguished name of the Zowe's local CA by -//* updating the SET statements CN=, OU=, O=, L=, SP=, C=, and -//* LOCALCA=. -//* -//* 8) Update the SET HOSTNAME= variable to match the hostname where -//* Zowe is to run. -//* -//* 9) Update the SET IPADDRES= variable to match the IP address +//* 3) Update the SET IPADDRES= variable to match the IP address //* where Zowe is to run. //* -//* 10) Update the SET DSNAME= statement if you plan to add the Zowe -//* certificate from a data set in PKCS12 format. -//* -//* 11) Update the SET PKCSPASS= statement to match the password for -//* the PKCS12 data set. -//* -//* 12) If you have external certificate authorities for ITRMZWCA +//* 4) If you have external certificate authorities for ITRMZWCA //* and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. //* -//* 13) Update the SET ITRMZWCA= variable to match the intermediate +//* 5) Update the SET ITRMZWCA= variable to match the intermediate //* CA of the Zowe certificate. It is only applicable if Zowe //* certificate signed by a recognized certificate authority (CA). //* -//* 14) Update the SET ROOTZWCA= variable to match the root CA of the +//* 6) Update the SET ROOTZWCA= variable to match the root CA of the //* Zowe certificate. It is only applicable if Zowe certificate //* signed by a recognized certificate authority (CA). //* -//* 15) If you enable VERIFY_CERTIFICATES or +//* 7) If you enable VERIFY_CERTIFICATES or //* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set //* IFROZFCA to 1 to connect z/OSMF certificate authority to //* Zowe keyring. Otherwise set to 0. //* -//* 16) Update the SET ROOTZFCA= variable to match the root CA of the +//* 8) Update the SET ROOTZFCA= variable to match the root CA of the //* z/OSMF certificate. It is only applicable if z/OSMF //* certificate signed by a recognized certificate authority (CA). //* -//* 17) Customize the commands in the DD statement that matches your +//* 9) Customize the commands in the DD statement that matches your //* security product so that they meet your system requirements. //* //* Note(s): @@ -114,33 +90,12 @@ //********************************************************************* // EXPORT SYMLIST=* //* -// SET ZOWEUSER=ZWESVUSR * userid for Zowe started task -//* 12345678 -//* -//* * Keyring for the Zowe userid -// SET ZOWERING='ZoweKeyring' //* * Option number to configure Zowe certificate //* * Valid options: 1,2,3 //* * Default option is 1 // SET OPTION=1 -//* * Zowe's certificate label -// SET LABEL='localhost' -//* * Zowe's local CA name -// SET LOCALCA='localca' -//* * Zowe's local CA organizational unit -// SET OU='API Mediation Layer' -//* * Zowe's local CA state/province -// SET SP='Prague' -//* * Zowe's local CA country -// SET C='CZ' -//* * Hostname of the system where Zowe is to run -// SET HOSTNAME='' //* * IP address of the system where Zowe is to run // SET IPADDRES='' -//* * Name of the data set containing Zowe's certificate (PKCS12) -// SET DSNAME= -//* * Password for the PKCS12 data set -// SET PKCSPASS='' //* * If you have external certificate authorities for ITRMZWCA //* * and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. // SET IFZOWECA=0 @@ -158,13 +113,6 @@ //* applicable // SET ROOTZFCA='' //* -//* ACF2 ONLY - - - - - - - - - - - - - - - - - -//* 12345678 -// SET STCGRP= * group for Zowe started tasks -//* 12345678 -//* -//* end ACF2 ONLY - - - - - - - - - - - - - - - - -//* //********************************************************************* //* //* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT @@ -180,7 +128,7 @@ //RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Create the keyring .............................................. */ - RACDCERT ADDRING({zowe.setup.certificate.keyring.name}.) ID(&ZOWEUSER.) + RACDCERT ADDRING({zowe.setup.certificate.keyring.name}.) ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(DIGTRING) REFRESH $$ //IFOPT1 IF (&OPTION EQ 1) THEN @@ -198,40 +146,40 @@ $$ O('{zowe.setup.certificate.dname.org}.') + L('{zowe.setup.certificate.dname.locality}.') + SP('{zowe.setup.certificate.dname.state}.') + - C('&C.')) + + C('{zowe.setup.certificate.dname.country}.')) + SIZE(2048) + NOTAFTER(DATE(2030-05-01)) + - WITHLABEL('&LOCALCA') + + WITHLABEL('{zowe.setup.certificate.keyring.caLabel}') + KEYUSAGE(CERTSIGN) /* Connect Zowe's local CA authority to the keyring ................ */ - RACDCERT CONNECT(CERTAUTH LABEL('&LOCALCA') + + RACDCERT CONNECT(CERTAUTH LABEL('{zowe.setup.certificate.keyring.caLabel}') + RING({zowe.setup.certificate.keyring.name}.)) + - ID(&ZOWEUSER.) + ID({zowe.setup.security.users.zowe}.) /* Create a certificate signed by local zowe's CA .................. */ - RACDCERT GENCERT ID(&ZOWEUSER.) + + RACDCERT GENCERT ID({zowe.setup.security.users.zowe}.) + SUBJECTSDN( + CN('{zowe.setup.certificate.dname}. certificate') + OU('{zowe.setup.certificate.dname.orgUnit}.') + O('{zowe.setup.certificate.dname.org}.') + L('{zowe.setup.certificate.dname.locality}.') + SP('{zowe.setup.certificate.dname.state}.') + - C('&C.')) + + C('{zowe.setup.certificate.dname.country}.')) + SIZE(2048) + NOTAFTER(DATE(2030-05-01)) + - WITHLABEL('&LABEL.') + + WITHLABEL('{zowe.setup.certificate.keyring.label}.') + KEYUSAGE(HANDSHAKE) + ALTNAME(IP(&IPADDRES) + - DOMAIN('&HOSTNAME')) + - SIGNWITH(CERTAUTH LABEL('&LOCALCA')) + DOMAIN('{zowe.externalDomains[0]}')) + + SIGNWITH(CERTAUTH LABEL('{zowe.setup.certificate.keyring.caLabel}')) /* Connect a Zowe's certificate with the keyring ................... */ - RACDCERT CONNECT(ID(&ZOWEUSER.) + - LABEL('&LABEL.') + + RACDCERT CONNECT(ID({zowe.setup.security.users.zowe}.) + + LABEL('{zowe.setup.certificate.keyring.label}.') + RING({zowe.setup.certificate.keyring.name}.) + USAGE(PERSONAL) DEFAULT) + - ID(&ZOWEUSER.) + ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH @@ -247,11 +195,11 @@ $$ /* Option 2 - BEGINNING ............................................ */ /* Connect a Zowe's certificate with the keyring ................... */ - RACDCERT CONNECT(SITE | ID(userid) + - LABEL('certlabel') + + RACDCERT CONNECT(SITE | ID({zowe.setup.certificate.keyring.connect.user}) + + LABEL({zowe.setup.certificate.keyring.connect.label}) + RING({zowe.setup.certificate.keyring.name}.) + USAGE(PERSONAL) DEFAULT) + - ID(&ZOWEUSER.) + ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH @@ -267,18 +215,18 @@ $$ /* Option 3 - BEGINNING ............................................ */ /* Import external certificate from data set ....................... */ - RACDCERT ADD('&DSNAME.') + - ID(&ZOWEUSER.) + - WITHLABEL('&LABEL.') + - PASSWORD('&PKCSPASS.') + + RACDCERT ADD('{zowe.setup.certificate.keyring.import.dsName}.') + + ID({zowe.setup.security.users.zowe}.) + + WITHLABEL('{zowe.setup.certificate.keyring.label}') + + PASSWORD('{zowe.setup.certificate.keyring.import.password}.') + TRUST /* Connect a Zowe's certificate with the keyring ................... */ - RACDCERT CONNECT(ID(&ZOWEUSER.) + - LABEL('&LABEL.') + + RACDCERT CONNECT(ID({zowe.setup.security.users.zowe}.) + + LABEL('{zowe.setup.certificate.keyring.label}') + RING({zowe.setup.certificate.keyring.name}.) + USAGE(PERSONAL) DEFAULT) + - ID(&ZOWEUSER.) + ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH @@ -297,12 +245,12 @@ $$ RACDCERT CONNECT(CERTAUTH + LABEL('&ITRMZWCA.') + RING({zowe.setup.certificate.keyring.name}.) USAGE(CERTAUTH)) + - ID(&ZOWEUSER.) + ID({zowe.setup.security.users.zowe}.) RACDCERT CONNECT(CERTAUTH + LABEL('&ROOTZWCA.') + RING({zowe.setup.certificate.keyring.name}.) USAGE(CERTAUTH)) + - ID(&ZOWEUSER.) + ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH $$ @@ -319,7 +267,7 @@ $$ RACDCERT CONNECT(CERTAUTH + LABEL('&ROOTZFCA.') + RING({zowe.setup.certificate.keyring.name}.) USAGE(CERTAUTH)) + - ID(&ZOWEUSER.) + ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH $$ @@ -339,15 +287,15 @@ $$ SETROPTS CLASSACT(RDATALIB) RACLIST(RDATALIB) /* Define profiles that control certificate access ................. */ - RDEFINE RDATALIB &ZOWEUSER..{zowe.setup.certificate.keyring.name}..LST UACC(NONE) + RDEFINE RDATALIB {zowe.setup.security.users.zowe}..{zowe.setup.certificate.keyring.name}..LST UACC(NONE) /* Permit server user ID to access key ring and related ............ */ /* private keys. ................................................... */ - PERMIT &ZOWEUSER..{zowe.setup.certificate.keyring.name}..LST CLASS(RDATALIB) ID(&ZOWEUSER.) + + PERMIT {zowe.setup.security.users.zowe}..{zowe.setup.certificate.keyring.name}..LST CLASS(RDATALIB) ID({zowe.setup.security.users.zowe}.) + ACCESS(CONTROL) /* Uncomment this command to allow other user to access key ring ... */ -/* PERMIT &ZOWEUSER..{zowe.setup.certificate.keyring.name}..LST CLASS(RDATALIB) ID() + */ +/* PERMIT {zowe.setup.security.users.zowe}..{zowe.setup.certificate.keyring.name}..LST CLASS(RDATALIB) ID() + */ /* ACCESS(READ) */ /* Refresh to dynamically activate the changes. .................... */ @@ -359,25 +307,25 @@ $$ /* continue using their existing IRR.DIGTCERT setup. Note that the . */ /* PERMIT commands will fail if the IRR.DIGTCERT profiles do not ... */ /* already exist. .................................................. */ - PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) ID(&ZOWEUSER.) + + PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) ID({zowe.setup.security.users.zowe}.) + ACCESS(READ) - PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) ID(&ZOWEUSER.) + + PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) ID({zowe.setup.security.users.zowe}.) + ACCESS(READ) /* Uncomment this command if SITE user owns the Zowe certificate ... */ -/* PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) ID(&ZOWEUSER.) + */ +/* PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) ID({zowe.setup.security.users.zowe}.) + */ /* ACCESS(CONTROL) */ SETROPTS RACLIST(FACILITY) REFRESH /* show results .................................................... */ - RLIST RDATALIB &ZOWEUSER..{zowe.setup.certificate.keyring.name}..LST ALL + RLIST RDATALIB {zowe.setup.security.users.zowe}..{zowe.setup.certificate.keyring.name}..LST ALL RLIST FACILITY IRR.DIGTCERT.LISTRING ALL RLIST FACILITY IRR.DIGTCERT.LIST ALL RLIST FACILITY IRR.DIGTCERT.GENCERT ALL /* List the keyring ................................................ */ - RACDCERT LISTRING({zowe.setup.certificate.keyring.name}.) ID(&ZOWEUSER.) + RACDCERT LISTRING({zowe.setup.certificate.keyring.name}.) ID({zowe.setup.security.users.zowe}.) /* Common part - END ............................................... */ /* only the last RC is returned, this command ensures it is a 0 .... */ @@ -397,7 +345,7 @@ ACF // * Create the keyring .............................................. */ SET PROFILE(USER) DIVISION(KEYRING) - INSERT &ZOWEUSER..ZOWERING RINGNAME({zowe.setup.certificate.keyring.name}.) + INSERT {zowe.setup.security.users.zowe}..ZOWERING RINGNAME({zowe.setup.certificate.keyring.name}.) F ACF2,REBUILD(USR),CLASS(P),DIVISION(KEYRING) $$ //IFOPT1 IF (&OPTION EQ 1) THEN @@ -410,43 +358,43 @@ ACF * Option 1 - Default Option - BEGINNING ........................... */ * Create Zowe's local CA authority ................................ */ SET PROFILE(USER) DIVISION(CERTDATA) - GENCERT CERTAUTH.ZOWECA LABEL(&LOCALCA) SIZE(2048) - + GENCERT CERTAUTH.ZOWECA LABEL({zowe.setup.certificate.keyring.caLabel}) SIZE(2048) - SUBJSDN(CN='{zowe.setup.certificate.dname}. CA' - OU='{zowe.setup.certificate.dname.orgUnit}.' - O='{zowe.setup.certificate.dname.org}.' - L='{zowe.setup.certificate.dname.locality}.' - SP='{zowe.setup.certificate.dname.state}.' - - C='&C.') - + C='{zowe.setup.certificate.dname.country}.') - EXPIRE(05/01/30) - KEYUSAGE(CERTSIGN) * * Connect Zowe's local CA authority to the keyring ................ */ SET PROFILE(USER) DIVISION(CERTDATA) CONNECT CERTDATA(CERTAUTH.ZOWECA) RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING(&ZOWEUSER..ZOWERING) USAGE(CERTAUTH) + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) CHKCERT CERTAUTH.ZOWECA * * Create a certificate signed by local zowe's CA .................. */ SET PROFILE(USER) DIV(CERTDATA) - GENCERT &ZOWEUSER..ZOWECERT - + GENCERT {zowe.setup.security.users.zowe}..ZOWECERT - SUBJSDN(CN='{zowe.setup.certificate.dname}. certificate' - OU='{zowe.setup.certificate.dname.orgUnit}.' - O='{zowe.setup.certificate.dname.org}.' - L='{zowe.setup.certificate.dname.locality}.' - SP='{zowe.setup.certificate.dname.state}.' - - C='&C.') - + C='{zowe.setup.certificate.dname.country}.') - SIZE(2048) - EXPIRE(05/01/30) - - LABEL(&LABEL.) - + LABEL({zowe.setup.certificate.keyring.label}.) - KEYUSAGE(HANDSHAKE) - - ALTNAME(IP=&IPADDRES DOMAIN=&HOSTNAME) - + ALTNAME(IP=&IPADDRES DOMAIN={zowe.externalDomains[0]}) - SIGNWITH(CERTAUTH.ZOWECA) * * Connect a Zowe's certificate with the keyring ................... */ SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA(&ZOWEUSER..ZOWECERT) - - KEYRING(&ZOWEUSER..ZOWERING) USAGE(PERSONAL) DEFAULT - CHKCERT &ZOWEUSER..ZOWECERT + CONNECT CERTDATA({zowe.setup.security.users.zowe}..ZOWECERT) - + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(PERSONAL) DEFAULT + CHKCERT {zowe.setup.security.users.zowe}..ZOWECERT * * Option 1 - Default Option - END ................................. */ $$ @@ -463,8 +411,8 @@ ACF * Connect a Zowe's certificate with the keyring ................... */ SET PROFILE(USER) DIVISION(CERTDATA) CONNECT CERTDATA(SITECERT.digicert | userid.digicert) - - KEYRING(&ZOWEUSER..ZOWERING) USAGE(PERSONAL) DEFAULT - CHKCERT &ZOWEUSER..ZOWECERT + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(PERSONAL) DEFAULT + CHKCERT {zowe.setup.security.users.zowe}..ZOWECERT * * Option 2 - END .................................................. */ $$ @@ -480,17 +428,17 @@ ACF * Option 3 - BEGINNING ............................................ */ * Import external certificate from data set ....................... */ SET PROFILE(USER) DIV(CERTDATA) - INSERT &ZOWEUSER..ZOWECERT - - DSNAME('&DSNAME.') - + INSERT {zowe.setup.security.users.zowe}..ZOWECERT - + DSNAME('{zowe.setup.certificate.keyring.import.dsName}.') - LABEL(&LABEL.) - - PASSWORD('&PKCSPASS.') - + PASSWORD('{zowe.setup.certificate.keyring.import.password}.') - TRUST * * Connect a Zowe's certificate with the keyring ................... */ SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA(&ZOWEUSER..ZOWECERT) - - KEYRING(&ZOWEUSER..ZOWERING) USAGE(PERSONAL) DEFAULT - CHKCERT &ZOWEUSER..ZOWECERT + CONNECT CERTDATA({zowe.setup.security.users.zowe}..ZOWECERT) - + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(PERSONAL) DEFAULT + CHKCERT {zowe.setup.security.users.zowe}..ZOWECERT * * Option 3 - END .................................................. */ $$ @@ -507,10 +455,10 @@ ACF * keyring ......................................................... */ SET PROFILE(USER) DIVISION(CERTDATA) CONNECT CERTDATA(CERTAUTH.&ITRMZWCA.) RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING(&ZOWEUSER..ZOWERING) USAGE(CERTAUTH) + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) * CONNECT CERTDATA(CERTAUTH.&ROOTZWCA.) RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING(&ZOWEUSER..ZOWERING) USAGE(CERTAUTH) + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) $$ //IFZWCAED ENDIF //* @@ -525,7 +473,7 @@ ACF * authority (CA) with the keyring ................................. */ SET PROFILE(USER) DIVISION(CERTDATA) CONNECT CERTDATA(CERTAUTH.&ROOTZFCA.) RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING(&ZOWEUSER..ZOWERING) USAGE(CERTAUTH) + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) $$ //IFZFCAED ENDIF //* @@ -539,18 +487,18 @@ ACF * * Allow ZOWEUSER to access keyring ................................ */ SET RESOURCE(FAC) - RECKEY IRR ADD(DIGTCERT.LISTRING ROLE(&STCGRP) - + RECKEY IRR ADD(DIGTCERT.LISTRING ROLE({zowe.setup.security.groups.stc}) - SERVICE(READ) ALLOW) * * Uncomment this command if SITE acid owns the Zowe certificate ... */ -* RECKEY IRR ADD(DIGTCERT.GENCERT ROLE(&STCGRP) - +* RECKEY IRR ADD(DIGTCERT.GENCERT ROLE({zowe.setup.security.groups.stc}) - * SERVICE(CONTROL) ALLOW) * F ACF2,REBUILD(FAC) * * List the keyring ................................................ */ SET PROFILE(USER) DIVISION(KEYRING) - LIST &ZOWEUSER..ZOWERING + LIST {zowe.setup.security.users.zowe}..ZOWERING * Common part - END ............................................... */ $$ //******************************************************************** @@ -565,7 +513,7 @@ $$ //TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Create the keyring .............................................. */ - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) $$ //IFOPT1 IF (&OPTION EQ 1) THEN //RUNOPT1 EXEC PGM=IKJEFT01,REGION=0M @@ -582,18 +530,18 @@ $$ O="{zowe.setup.certificate.dname.org}." + L="{zowe.setup.certificate.dname.locality}." + SP="{zowe.setup.certificate.dname.state}." + - C="&C." ') + + C="{zowe.setup.certificate.dname.country}." ') + KEYSIZE(2048) + NADATE(05/01/30) + - LABLCERT(&LOCALCA) + + LABLCERT({zowe.setup.certificate.keyring.caLabel}) + KEYUSAGE('CERTSIGN') /* Connect Zowe's local CA authority to the keyring ................ */ - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + RINGDATA(CERTAUTH,ZOWECA) /* Create a certificate signed by local zowe's CA .................. */ - TSS GENCERT(&ZOWEUSER.) + + TSS GENCERT({zowe.setup.security.users.zowe}.) + DIGICERT(ZOWECERT) + SUBJECTN( + 'CN="{zowe.setup.certificate.dname}. certificate" + @@ -601,17 +549,17 @@ $$ O="{zowe.setup.certificate.dname.org}." + L="{zowe.setup.certificate.dname.locality}." + SP="{zowe.setup.certificate.dname.state}." + - C="&C." ') + + C="{zowe.setup.certificate.dname.country}." ') + KEYSIZE(2048) + NADATE(05/01/30) + - LABLCERT(&LABEL.) + + LABLCERT({zowe.setup.certificate.keyring.label}.) + KEYUSAGE('HANDSHAKE') + - ALTNAME('DOMAIN=&HOSTNAME') + + ALTNAME('DOMAIN={zowe.externalDomains[0]}') + SIGNWITH(CERTAUTH,ZOWECA) /* Connect a Zowe's certificate with the keyring ................... */ - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) + - RINGDATA(&ZOWEUSER.,ZOWECERT) + + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + RINGDATA({zowe.setup.security.users.zowe}.,ZOWECERT) + USAGE(PERSONAL) DEFAULT /* Option 1 - Default Option - END ................................. */ @@ -626,7 +574,7 @@ $$ /* Option 2 - BEGINNING ............................................ */ /* Connect a Zowe's certificate with the keyring ................... */ - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) + + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + RINGDATA(CERTSITE|userid,digicert) + USAGE(PERSONAL) DEFAULT @@ -642,16 +590,16 @@ $$ /* Option 3 - BEGINNING ............................................ */ /* Import external certificate from data set ....................... */ - TSS ADD(&ZOWEUSER.) + + TSS ADD({zowe.setup.security.users.zowe}.) + DIGICERT(ZOWECERT) + - DCDSN(&DSNAME.) + - LABLCERT(&LABEL.) + - PKCSPASS('&PKCSPASS.') + + DCDSN({zowe.setup.certificate.keyring.import.dsName}.) + + LABLCERT({zowe.setup.certificate.keyring.label}.) + + PKCSPASS('{zowe.setup.certificate.keyring.import.password}.') + TRUST /* Connect a Zowe's certificate with the keyring ................... */ - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) + - RINGDATA(&ZOWEUSER.,ZOWECERT) + + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + RINGDATA({zowe.setup.security.users.zowe}.,ZOWECERT) + USAGE(PERSONAL) DEFAULT /* Option 3 - END .................................................. */ @@ -666,10 +614,10 @@ $$ /* Connect all CAs of the Zowe certificate's signing chain with the */ /* keyring ......................................................... */ - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + RINGDATA(CERTAUTH,&ITRMZWCA.) USAGE(CERTAUTH) - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + RINGDATA(CERTAUTH,&ROOTZWCA.) USAGE(CERTAUTH) $$ //IFZWCAED ENDIF @@ -682,7 +630,7 @@ $$ /* Connect the z/OSMF root CA signed by a recognized certificate ... */ /* authority (CA) with the keyring ................................. */ - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + RINGDATA(CERTAUTH,&ROOTZFCA.) USAGE(CERTAUTH) $$ //IFZFCAED ENDIF @@ -695,13 +643,13 @@ $$ /* A common part for all options starts here ....................... */ /* Allow ZOWEUSER to access keyring ................................ */ - TSS PERMIT(&ZOWEUSER.) IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) + TSS PERMIT({zowe.setup.security.users.zowe}.) IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) /* Uncomment this command if SITE acid owns the Zowe certificate ... */ -/* TSS PERMIT(&ZOWEUSER.) IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) +/* TSS PERMIT({zowe.setup.security.users.zowe}.) IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) /* List the keyring ................................................ */ - TSS LIST(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + TSS LIST({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) /* Common part - END ............................................... */ /* only the last RC is returned, this command ensures it is a 0 */ diff --git a/files/SZWESAMP/ZWENOKYR b/files/SZWESAMP/ZWENOKYR index 6f990e9fac..b7ba95b2b4 100644 --- a/files/SZWESAMP/ZWENOKYR +++ b/files/SZWESAMP/ZWENOKYR @@ -22,22 +22,7 @@ //* 1) Add job name and job parameters to the JOB statement, to //* meet your system requirements. //* -//* 2) Update the SET PRODUCT= statement to match your security -//* product. -//* -//* 3) Update the SET ZOWEUSER= statement to match the existing -//* user ID for the Zowe started task. -//* -//* 4) Update the SET ZOWERING= statement to match the desired -//* name of the keyring owned by the &ZOWEUSER user ID. -//* -//* 5) Update the SET LABEL= statement with the name of the Zowe -//* certificate that will be added to the security database or -//* that is already stored in the security database. -//* -//* 6) Specify the Zowe's local CA by updating the SET LOCALCA= -//* -//* 7) Customize the commands in the DD statement that matches your +//* 2) Customize the commands in the DD statement that matches your //* security product so that they meet your system requirements. //* //* Note(s): @@ -51,32 +36,13 @@ //********************************************************************* // EXPORT SYMLIST=* //* -// SET PRODUCT=RACF * RACF, ACF2, or TSS -//* 12345678 -// SET ZOWEUSER=ZWESVUSR * userid for Zowe started task -//* 12345678 -//* -//* * Keyring for the Zowe userid -// SET ZOWERING='ZoweKeyring' -//* * Zowe's certificate label -// SET LABEL='localhost' -//* * Zowe's local CA name -// SET LOCALCA='localca' -//* -//* ACF2 ONLY - - - - - - - - - - - - - - - - - -//* 12345678 -// SET STCGRP= * group for Zowe started tasks -//* 12345678 -//* -//* end ACF2 ONLY - - - - - - - - - - - - - - - - -//* //********************************************************************* //* //* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT //* //RUN EXEC PGM=IKJEFT01,REGION=0M //SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT +//SYSTSIN DD DDNAME={zowe.setup.security.product} //* //********************************************************************* //* @@ -85,30 +51,30 @@ //RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Remove permit to use SITE owned certificate's private key */ - PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) DELETE ID(&ZOWEUSER.) + PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) /* Remove permit to read keyring ................................... */ - PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) DELETE ID(&ZOWEUSER.) + PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(FACILITY) REFRESH /* Remove keyring profile defined on RDATALIB class ................ */ - RLIST RDATALIB &ZOWEUSER..&ZOWERING..LST ALL - PERMIT &ZOWEUSER..&ZOWERING..LST CLASS(RDATALIB) DELETE + - ID(&ZOWEUSER.) - RDELETE RDATALIB &ZOWEUSER..&ZOWERING..LST + RLIST RDATALIB {zowe.setup.security.users.zowe}..{zowe.setup.certificate.keyring.name}..LST ALL + PERMIT {zowe.setup.security.users.zowe}..{zowe.setup.certificate.keyring.name}..LST CLASS(RDATALIB) DELETE + + ID({zowe.setup.security.users.zowe}.) + RDELETE RDATALIB {zowe.setup.security.users.zowe}..{zowe.setup.certificate.keyring.name}..LST /* Refresh to dynamically activate the changes. .................... */ SETROPTS RACLIST(RDATALIB) REFRESH /* Delete LABEL certificate ........................................*/ - RACDCERT DELETE(LABEL('&LABEL.')) ID(&ZOWEUSER.) + RACDCERT DELETE(LABEL('{zowe.setup.certificate.keyring.label}.')) ID({zowe.setup.security.users.zowe}.) /* Delete LOCALCA certificate ......................................*/ - RACDCERT DELETE(LABEL('&LOCALCA.')) CERTAUTH + RACDCERT DELETE(LABEL('{zowe.setup.certificate.keyring.caLabel}.')) CERTAUTH /* Delete keyring ...................................................*/ - RACDCERT DELRING(&ZOWERING.) ID(&ZOWEUSER.) + RACDCERT DELRING({zowe.setup.certificate.keyring.name}.) ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(DIGTCERT, DIGTRING) REFRESH @@ -126,24 +92,24 @@ ACF * Remove permit to use SITE owned certificate's private key SET RESOURCE(FAC) - RECKEY IRR DEL(DIGTCERT.GENCERT ROLE(&STCGRP) + + RECKEY IRR DEL(DIGTCERT.GENCERT ROLE({zowe.setup.security.groups.stc}) + SERVICE(CONTROL) ALLOW) * Remove permit to read keyring ....................................*/ - RECKEY IRR DEL(DIGTCERT.LISTRING ROLE(&STCGRP) + + RECKEY IRR DEL(DIGTCERT.LISTRING ROLE({zowe.setup.security.groups.stc}) + SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * Delete LABEL certificate ........................................*/ - DELETE &ZOWEUSER..ZOWECERT + DELETE {zowe.setup.security.users.zowe}..ZOWECERT * Delete LOCALCA certificate ......................................*/ DELETE CERTAUTH.ZOWECA * Delete keyring ...................................................*/ SET PROFILE(USER) DIVISION(KEYRING) - DELETE &ZOWEUSER..ZOWERING + DELETE {zowe.setup.security.users.zowe}..ZOWERING F ACF2,REBUILD(USR),CLASS(P),DIVISION(KEYRING) @@ -157,19 +123,19 @@ $$ //TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Remove permit to use SITE owned certificate's private key */ - TSS REVOKE(&ZOWEUSER.) IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) + TSS REVOKE({zowe.setup.security.users.zowe}.) IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) /* Remove permit to read keyring ................................... */ - TSS REVOKE(&ZOWEUSER.) IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) + TSS REVOKE({zowe.setup.security.users.zowe}.) IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) /* Delete LABEL certificate ........................................*/ - TSS REM(&ZOWEUSER.) DIGICERT(ZOWECERT) + TSS REM({zowe.setup.security.users.zowe}.) DIGICERT(ZOWECERT) /* Delete LOCALCA certificate ......................................*/ TSS REM(CERTAUTH) DIGICERT(ZOWECA) /* Delete keyring ...................................................*/ - TSS REM(&ZOWEUSER.) KEYRING(ZOWERING) + TSS REM({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) /* ................................................................. */ /* only the last RC is returned, this command ensures it is a 0 */ diff --git a/files/SZWESAMP/ZWENOSEC b/files/SZWESAMP/ZWENOSEC index ed23a934cc..f769e82e9a 100644 --- a/files/SZWESAMP/ZWENOSEC +++ b/files/SZWESAMP/ZWENOSEC @@ -22,37 +22,7 @@ //* 1) Add job name and job parameters to the JOB statement, to //* meet your system requirements. //* -//* 2) Update the SET PRODUCT= statement to match your security -//* product. -//* -//* 3) Update the SET ADMINGRP= statement to match the desired -//* group name for Zowe administrators. -//* -//* 4) Update the SET STCGRP= statement to match the desired -//* group name for started tasks. -//* -//* 5) Update the SET ZOWEUSER= statement to match the desired -//* user ID for the ZOWE started task. -//* -//* 6) Update the SET ZISUSER= statement to match the desired -//* user ID for the ZIS started task. -//* -//* 7) Update the SET ZOWESTC= statement to match the desired -//* Zowe started task name. -//* -//* 8) Update the SET ZISSTC= statement to match the desired -//* ZIS started task name. -//* -//* 9) Update the SET AUXSTC= statement to match the desired -//* ZIS Auxiliary Server started task name. -//* -//* 10) Update the SET HLQ= statement to match the desired -//* Zowe data set high level qualifier. -//* -//* 11) Update the SET SYSPROG= statement to match the existing -//* user ID or group used by z/OS system programmers. -//* -//* 12) Customize the commands in the DD statement that matches your +//* 2) Customize the commands in the DD statement that matches your //* security product so that they meet your system requirements. //* //* Note(s): @@ -69,19 +39,6 @@ //********************************************************************* // EXPORT SYMLIST=* //* -// SET PRODUCT=RACF * RACF, ACF2, or TSS -//* 12345678 -// SET ADMINGRP=ZWEADMIN * group for Zowe administrators -// SET STCGRP=&ADMINGRP. * group for Zowe started tasks -// SET ZOWEUSER=ZWESVUSR * userid for Zowe started task -// SET ZISUSER=ZWESIUSR * userid for ZIS started task -// SET ZOWESTC=ZWESVSTC * Zowe started task name -// SET ZISSTC=ZWESISTC * ZIS started task name -// SET AUXSTC=ZWESASTC * ZIS AUX started task name -// SET HLQ=ZWE * data set high level qualifier -// SET SYSPROG=&ADMINGRP. * system programmer user ID/group -//* 12345678 -//* //* Top Secret ONLY - - - - - - - - - - - - - - - - - //* 12345678 // SET ADMINDEP=SYSPDEPT * department owning admin group @@ -96,7 +53,7 @@ //* //RUN EXEC PGM=IKJEFT01,REGION=0M //SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT +//SYSTSIN DD DDNAME={zowe.setup.security.product} //* //********************************************************************* //* @@ -112,13 +69,13 @@ /* EGN is not active on your system. */ /* remove general data set protection */ - LISTDSD PREFIX(&HLQ.) ALL - PERMIT '&HLQ..*.**' CLASS(DATASET) DELETE ID(&SYSPROG.) - DELDSD '&HLQ..*.**' + LISTDSD PREFIX({zowe.setup.datasets.prefix}.) ALL + PERMIT '{zowe.setup.datasets.prefix}..*.**' CLASS(DATASET) DELETE ID({zowe.setup.security.groups.sysProg}.) + DELDSD '{zowe.setup.datasets.prefix}..*.**' /* remove HLQ stub */ - LISTGRP &HLQ. - DELGROUP &HLQ. + LISTGRP {zowe.setup.datasets.prefix}. + DELGROUP {zowe.setup.datasets.prefix}. SETROPTS GENERIC(DATASET) REFRESH @@ -126,33 +83,33 @@ /* remove permit to use ZIS */ RLIST FACILITY ZWES.IS ALL - PERMIT ZWES.IS CLASS(FACILITY) DELETE ID(&ZOWEUSER.) + PERMIT ZWES.IS CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) /* remove permit to create a user's security environment */ RLIST FACILITY BPX.DAEMON ALL - PERMIT BPX.DAEMON CLASS(FACILITY) DELETE ID(&ZOWEUSER.) + PERMIT BPX.DAEMON CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) RLIST FACILITY BPX.SERVER ALL - PERMIT BPX.SERVER CLASS(FACILITY) DELETE ID(&ZOWEUSER.) + PERMIT BPX.SERVER CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) - PERMIT OMVSAPPL CLASS(APPL) DELETE ID(&ZOWEUSER.) + PERMIT OMVSAPPL CLASS(APPL) DELETE ID({zowe.setup.security.users.zowe}.) /* remove permit to set jobname */ RLIST FACILITY BPX.JOBNAME ALL - PERMIT BPX.JOBNAME CLASS(FACILITY) DELETE ID(&ZOWEUSER.) + PERMIT BPX.JOBNAME CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) /* remove permit to write persistent data */ RLIST UNIXPRIV SUPERUSER.FILESYS ALL - PERMIT SUPERUSER.FILESYS CLASS(UNIXPRIV) DELETE ID(&ZOWEUSER.) + PERMIT SUPERUSER.FILESYS CLASS(UNIXPRIV) DELETE ID({zowe.setup.security.users.zowe}.) /* remove permit to use client certificate mapping service */ - PERMIT IRR.RUSERMAP CLASS(FACILITY) DELETE ID(&ZOWEUSER.) + PERMIT IRR.RUSERMAP CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) /* remove permit to use distributed identity mapping service */ - PERMIT IRR.IDIDMAP.QUERY CLASS(FACILITY) DELETE ID(&ZOWEUSER.) + PERMIT IRR.IDIDMAP.QUERY CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) /* remove permit Zowe main server to cut SMF records */ - PERMIT IRR.RAUDITX CLASS(FACILITY) DELETE ID(&ZOWEUSER.) + PERMIT IRR.RAUDITX CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(FACILITY) REFRESH SETROPTS RACLIST(UNIXPRIV) REFRESH @@ -161,46 +118,46 @@ /* remove permit to use ZIS */ RLIST FACILITY ZWES.IS ALL - PERMIT ZWES.IS CLASS(FACILITY) DELETE ID(&ZISUSER.) + PERMIT ZWES.IS CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zis}.) /* REMOVE STARTED TASKS ............................................ */ /* remove userid for ZOWE main server */ - LISTUSER &ZOWEUSER. OMVS - DELUSER &ZOWEUSER. + LISTUSER {zowe.setup.security.users.zowe}. OMVS + DELUSER {zowe.setup.security.users.zowe}. /* remove userid for ZIS */ - LISTUSER &ZISUSER. OMVS - DELUSER &ZISUSER. + LISTUSER {zowe.setup.security.users.zis}. OMVS + DELUSER {zowe.setup.security.users.zis}. -/* comment out if &STCGRP matches &ADMINGRP (default), expect */ +/* comment out if {zowe.setup.security.groups.stc} matches {zowe.setup.security.groups.admin} (default), expect */ /* warning messages otherwise */ /* remove group for started tasks */ - LISTGRP &STCGRP. OMVS - DELGROUP &STCGRP. + LISTGRP {zowe.setup.security.groups.stc}. OMVS + DELGROUP {zowe.setup.security.groups.stc}. /* remove started task for ZOWE main server */ - RLIST STARTED &ZOWESTC..* ALL STDATA - RDELETE STARTED &ZOWESTC..* + RLIST STARTED {zowe.setup.security.stcs.zowe}..* ALL STDATA + RDELETE STARTED {zowe.setup.security.stcs.zowe}..* /* remove started task for ZIS */ - RLIST STARTED &ZISSTC..* ALL STDATA - RDELETE STARTED &ZISSTC..* + RLIST STARTED {zowe.setup.security.stcs.zis}..* ALL STDATA + RDELETE STARTED {zowe.setup.security.stcs.zis}..* /* remove started task for ZIS Auxiliary server */ - RLIST STARTED &AUXSTC..* ALL STDATA - RDELETE STARTED &AUXSTC..* + RLIST STARTED {zowe.setup.security.stcs.aux}..* ALL STDATA + RDELETE STARTED {zowe.setup.security.stcs.aux}..* SETROPTS RACLIST(STARTED) REFRESH /* REMOVE ADMINISTRATORS ........................................... */ -/* uncomment to remove user IDs from the &ADMINGRP group */ -/* REMOVE (userid,userid,...) GROUP(&ADMINGRP.) */ +/* uncomment to remove user IDs from the {zowe.setup.security.groups.admin} group */ +/* REMOVE (userid,userid,...) GROUP({zowe.setup.security.groups.admin}.) */ /* remove group for administrators */ - LISTGRP &ADMINGRP. OMVS - DELGROUP &ADMINGRP. + LISTGRP {zowe.setup.security.groups.admin}. OMVS + DELGROUP {zowe.setup.security.groups.admin}. /* REMOVE ZOWE RESOURCE CLASS ...................................... */ /* uncomment commands to below if the ZOWE class has been created */ @@ -230,30 +187,30 @@ ACF * group for administrators * SET PROFILE(GROUP) DIV(OMVS) -DELETE &ADMINGRP. +DELETE {zowe.setup.security.groups.admin}. F ACF2,REBUILD(GRP),CLASS(P) * * SET LID SET PROFILE(USER) DIV(OMVS) -DELETE &ZOWEUSER. +DELETE {zowe.setup.security.users.zowe}. F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) * SET LID SET PROFILE(USER) DIV(OMVS) -DELETE &ZISUSER. +DELETE {zowe.setup.security.users.zis}. F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) * * remove userid for ZOWE main server (ZISSTC,AUXSTC have same user id) SET LID -LIST &ZOWEUSER -DELETE &ZOWEUSER. +LIST {zowe.setup.security.users.zowe} +DELETE {zowe.setup.security.users.zowe}. * * * remove userid for ZIS */ SET LID -LIST &ZISUSER -DELETE &ZISUSER. +LIST {zowe.setup.security.users.zis} +DELETE {zowe.setup.security.users.zis}. * * ***** @@ -262,35 +219,35 @@ DELETE &ZISUSER. * SET CONTROL(GSO) LIST LIKE(STC.Z-) -DELETE STC.&ZOWESTC. +DELETE STC.{zowe.setup.security.stcs.zowe}. F ACF2,REFRESH(STC) * * started task for ZIS * SET CONTROL(GSO) -DELETE STC.&ZISSTC. +DELETE STC.{zowe.setup.security.stcs.zis}. F ACF2,REFRESH(STC) * * started task for ZIS Auxiliary server * SET CONTROL(GSO) -DELETE STC.&AUXSTC. +DELETE STC.{zowe.setup.security.stcs.aux}. F ACF2,REFRESH(STC) * * Revoke access to ZIS SET RESOURCE(FAC) -RECKEY ZWES DEL(IS ROLE(&STCGRP.) SERVICE(READ) ALLOW) +RECKEY ZWES DEL(IS ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * * Remove Zowe main server * SET RESOURCE(FAC) -RECKEY BPX DEL(DAEMON ROLE(&STCGRP.) SERVICE(UPDATE) ALLOW) -RECKEY BPX DEL(SERVER ROLE(&STCGRP.) SERVICE(UPDATE) ALLOW) -RECKEY BPX DEL(JOBNAME ROLE(&STCGRP.) SERVICE(READ) ALLOW) +RECKEY BPX DEL(DAEMON ROLE({zowe.setup.security.groups.stc}.) SERVICE(UPDATE) ALLOW) +RECKEY BPX DEL(SERVER ROLE({zowe.setup.security.groups.stc}.) SERVICE(UPDATE) ALLOW) +RECKEY BPX DEL(JOBNAME ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) SET RESOURCE(APL) -RECKEY OMVSAPPL DEL(SERVICE(READ) ROLE(&STCGRP.) ALLOW) +RECKEY OMVSAPPL DEL(SERVICE(READ) ROLE({zowe.setup.security.groups.stc}.) ALLOW) F ACF2,REBUILD(APL) * Remove UNI * @@ -303,24 +260,24 @@ F ACF2,REBUILD(UNI) * Remove STCGRP role permission to use client certificate mapping * service SET RESOURCE(FAC) -RECKEY IRR DEL(RUSERMAP ROLE(&STCGRP.) SERVICE(READ) ALLOW) +RECKEY IRR DEL(RUSERMAP ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * Remove STCGRP role permission to use distributed certificate mapping * service SET RESOURCE(FAC) -RECKEY IRR DEL(IDIDMAP.QUERY ROLE(&STCGRP.) SERVICE(READ) ALLOW) +RECKEY IRR DEL(IDIDMAP.QUERY ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * Remove STCGRP role permission to cut SMF records SET RESOURCE(FAC) -RECKEY IRR DEL(RAUDITX ROLE(&STCGRP.) SERVICE(READ) ALLOW) +RECKEY IRR DEL(RAUDITX ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * Remove data set protection SET RULE -LIST &HLQ. -DELETE &HLQ. +LIST {zowe.setup.datasets.prefix}. +DELETE {zowe.setup.datasets.prefix}. * * Remove ZOWE resource class @@ -344,88 +301,88 @@ $$ /* REMOVE ZOWE DATA SET PROTECTION ................................. */ /* removE general data set protection */ -TSS WHOHAS DATASET(&HLQ) -TSS REVOKE(ALL) DATASET(&HLQ..) -TSS REVOKE(&SYSPROG) DATASET(&HLQ..) -TSS REMOVE(&ADMINDEP) DATASET(&HLQ..) +TSS WHOHAS DATASET({zowe.setup.datasets.prefix}) +TSS REVOKE(ALL) DATASET({zowe.setup.datasets.prefix}..) +TSS REVOKE({zowe.setup.security.groups.sysProg}) DATASET({zowe.setup.datasets.prefix}..) +TSS REMOVE(&ADMINDEP) DATASET({zowe.setup.datasets.prefix}..) /* REMOVE ZOWE SERVER PERMISIONS ................................... */ /* remove permit to use ZIS */ TSS WHOHAS IBMFAC(ZWES.IS) -TSS REVOKE(&ZOWEUSER) IBMFAC(ZWES.IS) +TSS REVOKE({zowe.setup.security.users.zowe}) IBMFAC(ZWES.IS) /* remove permit to create a user's security environment */ TSS WHOHAS IBMFAC(BPX.DAEMON) -TSS REVOKE(&ZOWEUSER) IBMFAC(BPX.DAEMON) +TSS REVOKE({zowe.setup.security.users.zowe}) IBMFAC(BPX.DAEMON) TSS WHOHAS IBMFAC(BPX.SERVER) -TSS REVOKE(&ZOWEUSER) IBMFAC(BPX.SERVER) +TSS REVOKE({zowe.setup.security.users.zowe}) IBMFAC(BPX.SERVER) TSS WHOHAS APPL(OMVSAPPL) -TSS REVOKE(&ZOWEUSER) APPL(OMVSAPPL) +TSS REVOKE({zowe.setup.security.users.zowe}) APPL(OMVSAPPL) /* remove permit to set jobname */ TSS WHOHAS IBMFAC(BPX.JOBNAME) -TSS REVOKE(&ZOWEUSER) IBMFAC(BPX.JOBNAME) +TSS REVOKE({zowe.setup.security.users.zowe}) IBMFAC(BPX.JOBNAME) /* remove permit to write persistent data */ TSS WHOHAS UNIXPRIV(SUPERUSER.FILESYS) -TSS REVOKE(&ZOWEUSER) UNIXPRIV(SUPERUSER.FILESYS) +TSS REVOKE({zowe.setup.security.users.zowe}) UNIXPRIV(SUPERUSER.FILESYS) /* remove permit Zowe main server to use client certificate mapping */ /* service */ TSS WHOHAS IBMFAC(IRR.RUSERMAP) -TSS REVOKE(&ZOWEUSER.) IBMFAC(IRR.RUSERMAP) +TSS REVOKE({zowe.setup.security.users.zowe}.) IBMFAC(IRR.RUSERMAP) /* remove permit Zowe main server to use distributed identity */ /* mapping service */ TSS WHOHAS IBMFAC(IRR.IDIDMAP.QUERY) -TSS REVOKE(&ZOWEUSER.) IBMFAC(IRR.IDIDMAP.QUERY) +TSS REVOKE({zowe.setup.security.users.zowe}.) IBMFAC(IRR.IDIDMAP.QUERY) /* remove permit Zowe main server to cut SMF records */ TSS WHOHAS IBMFAC(IRR.RAUDITX) -TSS REVOKE(&ZOWEUSER.) IBMFAC(IRR.RAUDITX) +TSS REVOKE({zowe.setup.security.users.zowe}.) IBMFAC(IRR.RAUDITX) /* REMOVE AUX SERVER PERMISIONS .................................... */ /* remove permit to use ZIS */ TSS WHOHAS IBMFAC(ZWES.IS) -TSS REVOKE(&ZISUSER) IBMFAC(ZWES.IS) +TSS REVOKE({zowe.setup.security.users.zis}) IBMFAC(ZWES.IS) /* REMOVE STARTED TASKS ............................................ */ /* remove userid for ZOWE main server */ -TSS LIST(&ZOWEUSER) -TSS DELETE(&ZOWEUSER) +TSS LIST({zowe.setup.security.users.zowe}) +TSS DELETE({zowe.setup.security.users.zowe}) /* remove userid for ZIS */ -TSS LIST(&ZISUSER) -TSS DELETE(&ZISUSER) +TSS LIST({zowe.setup.security.users.zis}) +TSS DELETE({zowe.setup.security.users.zis}) -/* comment out if &STCGRP matches &ADMINGRP (default), expect */ +/* comment out if {zowe.setup.security.groups.stc} matches {zowe.setup.security.groups.admin} (default), expect */ /* warning messages otherwise */ /* remove group for started tasks */ -TSS LIST(&STCGRP) -TSS DELETE(&STCGRP) +TSS LIST({zowe.setup.security.groups.stc}) +TSS DELETE({zowe.setup.security.groups.stc}) /* remove started task for ZOWE main server */ TSS LIST(STC) -TSS REMOVE(STC) PROCNAME(&ZOWESTC) +TSS REMOVE(STC) PROCNAME({zowe.setup.security.stcs.zowe}) /* remove started task for ZIS */ TSS LIST(STC) -TSS REMOVE(STC) PROCNAME(&ZISSTC) +TSS REMOVE(STC) PROCNAME({zowe.setup.security.stcs.zis}) /* remove started task for ZIS Auxiliary server */ TSS LIST(STC) -TSS REMOVE(STC) PROCNAME(&AUXSTC) +TSS REMOVE(STC) PROCNAME({zowe.setup.security.stcs.aux}) /* REMOVE ADMINISTRATORS ........................................... */ -/* uncomment to remove user IDs from the &ADMINGRP group */ -/* TSS REMOVE (userid) GROUP(&ADMINGRP.) */ +/* uncomment to remove user IDs from the {zowe.setup.security.groups.admin} group */ +/* TSS REMOVE (userid) GROUP({zowe.setup.security.groups.admin}.) */ /* remove group for administrators */ -TSS LIST(&ADMINGRP) -TSS DELETE(&ADMINGRP) +TSS LIST({zowe.setup.security.groups.admin}) +TSS DELETE({zowe.setup.security.groups.admin}) /* REMOVE ZOWE RESOURCE CLASS ...................................... */ /* uncomment commands to below if the ZOWE class has been created */ From b98d25409dcb4a18d1344bdb0f6ef770fccd3cca Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 29 Jan 2024 15:13:48 -0500 Subject: [PATCH 063/258] Do string replace on zwegener in zwe init generate to fill in required params Signed-off-by: 1000TurquoisePogs --- bin/commands/init/generate/index.ts | 6 +++++- files/SZWESAMP/ZWEGENER | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/bin/commands/init/generate/index.ts b/bin/commands/init/generate/index.ts index bc667a57d2..dc598c8855 100644 --- a/bin/commands/init/generate/index.ts +++ b/bin/commands/init/generate/index.ts @@ -23,7 +23,11 @@ export function execute(dryRun?: boolean) { const ZOWE_CONFIG=config.getZoweConfig(); const tempFile = fs.createTmpFile(); zosFs.copyMvsToUss(ZOWE_CONFIG.zowe.setup.dataset.prefix + 'SZWESAMP(ZWEGENER)', tempFile); - const jclContents = xplatform.loadFileUTF8(tempFile, xplatform.AUTO_DETECT); + let jclContents = xplatform.loadFileUTF8(tempFile, xplatform.AUTO_DETECT); + jclContents = jclContents.replaceAll('{zowe.setup.dataset.prefix}', ZOWE_CONFIG.zowe.setup.dataset.prefix); + jclContents = jclContents.replaceAll('{zowe.setup.dataset.loadlib}', ZOWE_CONFIG.zowe.setup.dataset.loadlib); + jclContents = jclContents.replaceAll('{zowe.runtimeDirectory}', ZOWE_CONFIG.zowe.runtimeDirectory); + jclContents = jclContents.replace('FILE ', 'FILE '+ZOWE_CONFIG.zowe.workspaceDirectory+'/.env/.zowe-merged.yaml'); os.remove(tempFile); common.printMessage(`Template JCL: ${ZOWE_CONFIG.zowe.setup.dataset.prefix + 'SZWESAMP(ZWEGENER)'}`); diff --git a/files/SZWESAMP/ZWEGENER b/files/SZWESAMP/ZWEGENER index 67d6750e8b..554f068e3c 100644 --- a/files/SZWESAMP/ZWEGENER +++ b/files/SZWESAMP/ZWEGENER @@ -17,7 +17,7 @@ //* //* Note: Any string with braces has an associated yaml value //* in one of the yaml definitions for Zowe. -//* You should find the value and substitute it. +//* You must find the value and substitute it. //* //* {key} -> value //* From 6ec8559baeedd255a7722639a460da234c39bfc2 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 29 Jan 2024 15:21:56 -0500 Subject: [PATCH 064/258] Bump tsconfig to es2021 due to replaceAll Signed-off-by: 1000TurquoisePogs --- build/zwe/tsconfig.dev.json | 6 +++--- build/zwe/tsconfig.prod.json | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/build/zwe/tsconfig.dev.json b/build/zwe/tsconfig.dev.json index f4688ea240..9c6e9d4fae 100644 --- a/build/zwe/tsconfig.dev.json +++ b/build/zwe/tsconfig.dev.json @@ -1,8 +1,8 @@ { "compilerOptions": { - "lib": [ "ES2020" ], - "module": "ES2020", - "target": "ES2020", + "lib": [ "ES2021" ], + "module": "ES2021", + "target": "ES2021", "moduleResolution": "node", "removeComments": false, "preserveConstEnums": true, diff --git a/build/zwe/tsconfig.prod.json b/build/zwe/tsconfig.prod.json index 99cb80c872..db1d1689f9 100644 --- a/build/zwe/tsconfig.prod.json +++ b/build/zwe/tsconfig.prod.json @@ -1,8 +1,8 @@ { "compilerOptions": { - "lib": [ "ES2020" ], - "module": "ES2020", - "target": "ES2020", + "lib": [ "ES2021" ], + "module": "ES2021", + "target": "ES2021", "moduleResolution": "node", "removeComments": false, "preserveConstEnums": true, From 52016548a24e2923cef25cd649abeaa5117a84fb Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 29 Jan 2024 15:52:59 -0500 Subject: [PATCH 065/258] Revert to es2020 and use replace instead of replaceall Signed-off-by: 1000TurquoisePogs --- bin/commands/init/generate/index.ts | 7 ++++--- build/zwe/tsconfig.dev.json | 6 +++--- build/zwe/tsconfig.prod.json | 6 +++--- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/bin/commands/init/generate/index.ts b/bin/commands/init/generate/index.ts index dc598c8855..73bb143ade 100644 --- a/bin/commands/init/generate/index.ts +++ b/bin/commands/init/generate/index.ts @@ -24,9 +24,10 @@ export function execute(dryRun?: boolean) { const tempFile = fs.createTmpFile(); zosFs.copyMvsToUss(ZOWE_CONFIG.zowe.setup.dataset.prefix + 'SZWESAMP(ZWEGENER)', tempFile); let jclContents = xplatform.loadFileUTF8(tempFile, xplatform.AUTO_DETECT); - jclContents = jclContents.replaceAll('{zowe.setup.dataset.prefix}', ZOWE_CONFIG.zowe.setup.dataset.prefix); - jclContents = jclContents.replaceAll('{zowe.setup.dataset.loadlib}', ZOWE_CONFIG.zowe.setup.dataset.loadlib); - jclContents = jclContents.replaceAll('{zowe.runtimeDirectory}', ZOWE_CONFIG.zowe.runtimeDirectory); + + jclContents = jclContents.replace("DSN={zowe.setup.dataset.prefix}", "DSN="+ZOWE_CONFIG.zowe.setup.dataset.prefix); + jclContents = jclContents.replace("{zowe.setup.dataset.loadlib}", ZOWE_CONFIG.zowe.setup.dataset.loadlib); + jclContents = jclContents.replace(/\{zowe\.runtimeDirectory\}/gi, ZOWE_CONFIG.zowe.runtimeDirectory); jclContents = jclContents.replace('FILE ', 'FILE '+ZOWE_CONFIG.zowe.workspaceDirectory+'/.env/.zowe-merged.yaml'); os.remove(tempFile); diff --git a/build/zwe/tsconfig.dev.json b/build/zwe/tsconfig.dev.json index 9c6e9d4fae..f4688ea240 100644 --- a/build/zwe/tsconfig.dev.json +++ b/build/zwe/tsconfig.dev.json @@ -1,8 +1,8 @@ { "compilerOptions": { - "lib": [ "ES2021" ], - "module": "ES2021", - "target": "ES2021", + "lib": [ "ES2020" ], + "module": "ES2020", + "target": "ES2020", "moduleResolution": "node", "removeComments": false, "preserveConstEnums": true, diff --git a/build/zwe/tsconfig.prod.json b/build/zwe/tsconfig.prod.json index db1d1689f9..99cb80c872 100644 --- a/build/zwe/tsconfig.prod.json +++ b/build/zwe/tsconfig.prod.json @@ -1,8 +1,8 @@ { "compilerOptions": { - "lib": [ "ES2021" ], - "module": "ES2021", - "target": "ES2021", + "lib": [ "ES2020" ], + "module": "ES2020", + "target": "ES2020", "moduleResolution": "node", "removeComments": false, "preserveConstEnums": true, From 79c2d68f196f620ba4979cf892bb8c1cc010324f Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 29 Jan 2024 16:24:16 -0500 Subject: [PATCH 066/258] Revert ZWESECUR for now. VTL template issues. Signed-off-by: 1000TurquoisePogs --- workflows/templates/ZWESECUR.vtl | 316 ++++++++++++++++++------------- 1 file changed, 188 insertions(+), 128 deletions(-) diff --git a/workflows/templates/ZWESECUR.vtl b/workflows/templates/ZWESECUR.vtl index 93f12ac639..d32ecb48dc 100644 --- a/workflows/templates/ZWESECUR.vtl +++ b/workflows/templates/ZWESECUR.vtl @@ -35,6 +35,40 @@ //* 1) Add job name and job parameters to the JOB statement, to //* meet your system requirements. //* +//* 2) Update the SET PRODUCT= statement to match your security +//* product. +//* +//* 3) Update the SET ADMINGRP= statement to match the desired +//* group name for Zowe administrators. +//* +//* 4) Update the SET STCGRP= statement to match the desired +//* group name for started tasks. +//* +//* 5) Update the SET ZOWEUSER= statement to match the desired +//* user ID for the ZOWE started task. +//* +//* 6) Update the SET ZISUSER= statement to match the desired +//* user ID for the ZIS started task. +//* +//* 7) Update the SET ZOWESTC= statement to match the desired +//* Zowe started task name. +//* +//* 8) Update the SET ZLNCHSTC= statement to match the desired +//* Zowe launcher started task name. It is applicable if you +//* run Zowe for high availability. +//* +//* 9) Update the SET ZISSTC= statement to match the desired +//* ZIS started task name. +//* +//* 10) Update the SET AUXSTC= statement to match the desired +//* ZIS Auxiliary started task name. +//* +//* 11) Update the SET HLQ= statement to match the desired +//* Zowe data set high level qualifier. +//* +//* 12) Update the SET SYSPROG= statement to match the existing +//* user ID or group used by z/OS system programmers. +//* //* 13) When not using AUTOUID and AUTOGID to assign z/OS UNIX UID //* and GID values, update the SET *ID= statements to match the //* desired UID and GID values. @@ -69,6 +103,19 @@ #if($ibmTemplate == 'YES') // EXPORT SYMLIST=* //* +// SET PRODUCT=RACF * RACF, ACF2, or TSS +//* 12345678 +// SET ADMINGRP=ZWEADMIN * group for Zowe administrators +// SET STCGRP=&ADMINGRP. * group for Zowe started tasks +// SET ZOWEUSER=ZWESVUSR * userid for Zowe started task +// SET ZISUSER=ZWESIUSR * userid for ZIS started task +// SET ZOWESTC=ZWESVSTC * Zowe started task name +// SET ZLNCHSTC=ZWESLSTC * Zowe started task name for HA +// SET ZISSTC=ZWESISTC * ZIS started task name +// SET AUXSTC=ZWESASTC * ZIS AUX started task name +// SET HLQ=ZWE * data set high level qualifier +// SET SYSPROG=&ADMINGRP. * system programmer user ID/group +//* 12345678 //* //* The sample RACF and ACF2 commands assume AUTOUID and AUTOGID are //* enabled. When this is not the case, or you are using Top Secret, @@ -98,6 +145,19 @@ #if($ibmTemplate != 'YES') // EXPORT SYMLIST=* //* +// SET PRODUCT=${PRODUCT} * RACF, ACF2, or TSS +//* 12345678 +// SET ADMINGRP=${ADMINGRP} * group for Zowe administrators +// SET STCGRP=${STCGRP} * group for Zowe started tasks +// SET ZOWEUSER=${ZOWEUSER} * userid for Zowe started task +// SET ZISUSER=${ZISUSER} * userid for ZIS started task +// SET ZOWESTC=${ZOWESTC} * Zowe started task name +// SET ZLNCHSTC=${ZLNCHSTC} * Zowe started task name for HA +// SET ZISSTC=${ZISSTC} * ZIS started task name +// SET AUXSTC=${AUXSTC} * ZIS AUX started task name +// SET HLQ=${HLQ} * data set high level qualifier +// SET SYSPROG=${SYSPROG} * system programmer user ID/group +//* 12345678 //* //* The sample RACF and ACF2 commands assume AUTOUID and AUTOGID are //* enabled. When this is not the case, or you are using Top Secret, @@ -133,7 +193,7 @@ //* //RUN EXEC PGM=IKJEFT01,REGION=0M //SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME={zowe.setup.security.product} +//SYSTSIN DD DDNAME=&PRODUCT //* //********************************************************************* //* @@ -172,12 +232,12 @@ /* group for administrators */ /* replace AUTOGID with GID(&ADMINGID.) if AUTOGID not enabled */ - LISTGRP {zowe.setup.security.groups.admin}. OMVS - ADDGROUP {zowe.setup.security.groups.admin}. OMVS(AUTOGID) - + LISTGRP &ADMINGRP. OMVS + ADDGROUP &ADMINGRP. OMVS(AUTOGID) - DATA('ZOWE ADMINISTRATORS') /* uncomment to add existing user IDs to the &ADMINGRP group */ -/* CONNECT (userid,userid,...) GROUP({zowe.setup.security.groups.admin}.) AUTH(USE) */ +/* CONNECT (userid,userid,...) GROUP(&ADMINGRP.) AUTH(USE) */ /* DEFINE STARTED TASK ............................................. */ @@ -189,28 +249,28 @@ /* warning messages otherwise */ /* group for started tasks */ /* replace AUTOGID with GID(&STCGID.) if AUTOGID not enabled */ - LISTGRP {zowe.setup.security.groups.stc}. OMVS - ADDGROUP {zowe.setup.security.groups.stc}. OMVS(AUTOGID) - + LISTGRP &STCGRP. OMVS + ADDGROUP &STCGRP. OMVS(AUTOGID) - DATA('STARTED TASK GROUP WITH OMVS SEGMENT') /* */ /* userid for ZOWE main server */ /* replace AUTOUID with UID(&ZOWEUID.) if AUTOUID not enabled */ - LISTUSER {zowe.setup.security.users.zowe}. OMVS - ADDUSER {zowe.setup.security.users.zowe}. - + LISTUSER &ZOWEUSER. OMVS + ADDUSER &ZOWEUSER. - NOPASSWORD - - DFLTGRP({zowe.setup.security.groups.stc}.) - + DFLTGRP(&STCGRP.) - OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) - NAME('ZOWE SERVER') - DATA('ZOWE MAIN SERVER') /* userid for ZIS cross memory server */ /* replace AUTOUID with UID(&ZISUID.) if AUTOUID not enabled */ - LISTUSER {zowe.setup.security.users.zis}. OMVS - ADDUSER {zowe.setup.security.users.zis}. - + LISTUSER &ZISUSER. OMVS + ADDUSER &ZISUSER. - NOPASSWORD - - DFLTGRP({zowe.setup.security.groups.stc}.) - + DFLTGRP(&STCGRP.) - OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) - NAME('ZOWE ZIS SERVER') - DATA('ZOWE ZIS CROSS MEMORY SERVER') @@ -218,39 +278,39 @@ /* */ /* started task for ZOWE main server */ - RLIST STARTED {zowe.setup.security.stcs.zowe}..* ALL STDATA - RDEFINE STARTED {zowe.setup.security.stcs.zowe}..* - - STDATA(USER({zowe.setup.security.users.zowe}.) GROUP({zowe.setup.security.groups.stc}.) TRUSTED(NO)) - + RLIST STARTED &ZOWESTC..* ALL STDATA + RDEFINE STARTED &ZOWESTC..* - + STDATA(USER(&ZOWEUSER.) GROUP(&STCGRP.) TRUSTED(NO)) - DATA('ZOWE MAIN SERVER') /* started task for ZOWE Launcher in high availability */ - RLIST STARTED {zowe.setup.security.stcs.zowe}..* ALL STDATA - RDEFINE STARTED {zowe.setup.security.stcs.zowe}..* - - STDATA(USER({zowe.setup.security.users.zowe}.) GROUP({zowe.setup.security.groups.stc}.) TRUSTED(NO)) - + RLIST STARTED &ZLNCHSTC..* ALL STDATA + RDEFINE STARTED &ZLNCHSTC..* - + STDATA(USER(&ZOWEUSER.) GROUP(&STCGRP.) TRUSTED(NO)) - DATA('ZOWE LAUNCHER SERVER') /* started task for ZIS cross memory server */ - RLIST STARTED {zowe.setup.security.stcs.zis}..* ALL STDATA - RDEFINE STARTED {zowe.setup.security.stcs.zis}..* - - STDATA(USER({zowe.setup.security.users.zis}.) GROUP({zowe.setup.security.groups.stc}.) TRUSTED(NO)) - + RLIST STARTED &ZISSTC..* ALL STDATA + RDEFINE STARTED &ZISSTC..* - + STDATA(USER(&ZISUSER.) GROUP(&STCGRP.) TRUSTED(NO)) - DATA('ZOWE ZIS CROSS MEMORY SERVER') /* started task for ZIS Auxiliary cross memory server */ - RLIST STARTED {zowe.setup.security.stcs.aux}..* ALL STDATA - RDEFINE STARTED {zowe.setup.security.stcs.aux}..* - - STDATA(USER({zowe.setup.security.users.zis}.) GROUP({zowe.setup.security.groups.stc}.) TRUSTED(NO)) - + RLIST STARTED &AUXSTC..* ALL STDATA + RDEFINE STARTED &AUXSTC..* - + STDATA(USER(&ZISUSER.) GROUP(&STCGRP.) TRUSTED(NO)) - DATA('ZOWE ZIS AUX CROSS MEMORY SERVER') SETROPTS RACLIST(STARTED) REFRESH /* show results .................................................... */ - LISTGRP {zowe.setup.security.groups.stc}. OMVS - LISTUSER {zowe.setup.security.users.zowe}. OMVS - LISTUSER {zowe.setup.security.users.zis}. OMVS - RLIST STARTED {zowe.setup.security.stcs.zowe}..* ALL STDATA - RLIST STARTED {zowe.setup.security.stcs.zowe}..* ALL STDATA - RLIST STARTED {zowe.setup.security.stcs.zis}..* ALL STDATA - RLIST STARTED {zowe.setup.security.stcs.aux}..* ALL STDATA + LISTGRP &STCGRP. OMVS + LISTUSER &ZOWEUSER. OMVS + LISTUSER &ZISUSER. OMVS + RLIST STARTED &ZOWESTC..* ALL STDATA + RLIST STARTED &ZLNCHSTC..* ALL STDATA + RLIST STARTED &ZISSTC..* ALL STDATA + RLIST STARTED &AUXSTC..* ALL STDATA /* DEFINE ZIS SECURITY RESOURCES ................................... */ @@ -261,13 +321,13 @@ /* DEFINE AUX SERVER PERMISIONS .................................... */ /* permit AUX STC to use ZIS cross memory server */ - PERMIT ZWES.IS CLASS(FACILITY) ACCESS(READ) ID({zowe.setup.security.users.zis}.) + PERMIT ZWES.IS CLASS(FACILITY) ACCESS(READ) ID(&ZISUSER.) SETROPTS RACLIST(FACILITY) REFRESH /* DEFINE ZOWE SERVER PERMISIONS ................................... */ /* permit Zowe main server to use ZIS cross memory server */ - PERMIT ZWES.IS CLASS(FACILITY) ACCESS(READ) ID({zowe.setup.security.users.zowe}.) + PERMIT ZWES.IS CLASS(FACILITY) ACCESS(READ) ID(&ZOWEUSER.) SETROPTS RACLIST(FACILITY) REFRESH /* permit Zowe main server to create a user's security environment */ @@ -278,22 +338,22 @@ /* it on a production system. */ RLIST FACILITY BPX.DAEMON ALL RDEFINE FACILITY BPX.DAEMON UACC(NONE) - PERMIT BPX.DAEMON CLASS(FACILITY) ACCESS(UPDATE) ID({zowe.setup.security.users.zowe}.) + PERMIT BPX.DAEMON CLASS(FACILITY) ACCESS(UPDATE) ID(&ZOWEUSER.) RLIST FACILITY BPX.SERVER ALL RDEFINE FACILITY BPX.SERVER UACC(NONE) - PERMIT BPX.SERVER CLASS(FACILITY) ACCESS(UPDATE) ID({zowe.setup.security.users.zowe}.) + PERMIT BPX.SERVER CLASS(FACILITY) ACCESS(UPDATE) ID(&ZOWEUSER.) /* permit Zowe main server to create a user's security environment */ /* comment out the following 2 lines if the OMVSAPPL is not defined */ /* in your environment */ - PERMIT OMVSAPPL CLASS(APPL) ID({zowe.setup.security.users.zowe}.) ACCESS(READ) + PERMIT OMVSAPPL CLASS(APPL) ID(&ZOWEUSER.) ACCESS(READ) SETROPTS RACLIST(APPL) REFRESH /* permit Zowe main server to set job name */ RLIST FACILITY BPX.JOBNAME ALL RDEFINE FACILITY BPX.JOBNAME UACC(NONE) - PERMIT BPX.JOBNAME CLASS(FACILITY) ACCESS(READ) ID({zowe.setup.security.users.zowe}.) + PERMIT BPX.JOBNAME CLASS(FACILITY) ACCESS(READ) ID(&ZOWEUSER.) SETROPTS RACLIST(FACILITY) REFRESH @@ -302,26 +362,26 @@ RLIST UNIXPRIV SUPERUSER.FILESYS ALL RDEFINE UNIXPRIV SUPERUSER.FILESYS UACC(NONE) PERMIT SUPERUSER.FILESYS CLASS(UNIXPRIV) ACCESS(CONTROL) - - ID({zowe.setup.security.users.zowe}.) + ID(&ZOWEUSER.) SETROPTS RACLIST(UNIXPRIV) REFRESH /* permit Zowe main server to use client certificate mapping service */ RLIST FACILITY IRR.RUSERMAP ALL RDEFINE FACILITY IRR.RUSERMAP UACC(NONE) - PERMIT IRR.RUSERMAP CLASS(FACILITY) ACCESS(READ) ID({zowe.setup.security.users.zowe}.) + PERMIT IRR.RUSERMAP CLASS(FACILITY) ACCESS(READ) ID(&ZOWEUSER.) /* permit Zowe main server to use distributed identity mapping */ /* service RLIST FACILITY IRR.IDIDMAP.QUERY ALL RDEFINE FACILITY IRR.IDIDMAP.QUERY UACC(NONE) PERMIT IRR.IDIDMAP.QUERY CLASS(FACILITY) ACCESS(READ) - - ID({zowe.setup.security.users.zowe}.) + ID(&ZOWEUSER.) /* permit Zowe main server to cut SMF records */ RLIST FACILITY IRR.RAUDITX ALL RDEFINE FACILITY IRR.RAUDITX UACC(NONE) - PERMIT IRR.RAUDITX CLASS(FACILITY) ACCESS(READ) ID({zowe.setup.security.users.zowe}.) + PERMIT IRR.RAUDITX CLASS(FACILITY) ACCESS(READ) ID(&ZOWEUSER.) SETROPTS RACLIST(FACILITY) REFRESH /* show results .................................................... */ @@ -343,19 +403,19 @@ /* EGN is not active on your system. */ /* HLQ stub */ - LISTGRP {zowe.setup.dataset.prefix}. - ADDGROUP {zowe.setup.dataset.prefix}. DATA('Zowe - HLQ STUB') + LISTGRP &HLQ. + ADDGROUP &HLQ. DATA('Zowe - HLQ STUB') /* general data set protection */ - LISTDSD PREFIX({zowe.setup.dataset.prefix}.) ALL - ADDSD '{zowe.setup.dataset.prefix}..*.**' UACC(READ) DATA('Zowe') - PERMIT '{zowe.setup.dataset.prefix}..*.**' CLASS(DATASET) ACCESS(ALTER) ID({zowe.setup.security.groups.sysProg}.) + LISTDSD PREFIX(&HLQ.) ALL + ADDSD '&HLQ..*.**' UACC(READ) DATA('Zowe') + PERMIT '&HLQ..*.**' CLASS(DATASET) ACCESS(ALTER) ID(&SYSPROG.) SETROPTS GENERIC(DATASET) REFRESH /* show results .................................................... */ - LISTGRP {zowe.setup.dataset.prefix}. - LISTDSD PREFIX({zowe.setup.dataset.prefix}.) ALL + LISTGRP &HLQ. + LISTDSD PREFIX(&HLQ.) ALL /* DEFINE ZOWE RESOURCE PROTECTION ................................. */ @@ -410,13 +470,13 @@ ACF * replace AUTOGID with GID(&ADMINGID.) if AUTOGID is not enabled * SET PROFILE(GROUP) DIV(OMVS) -INSERT {zowe.setup.security.groups.admin}. AUTOGID +INSERT &ADMINGRP. AUTOGID F ACF2,REBUILD(GRP),CLASS(P) * * uncomment and customize to add an existing userid as administrator * * SET X(ROL) -* INSERT {zowe.setup.security.groups.admin}. INCLUDE(userid) ROLE +* INSERT &ADMINGRP. INCLUDE(userid) ROLE * F ACF2,NEWXREF,TYPE(ROL) * * DEFINE STARTED TASK ............................................. @@ -427,7 +487,7 @@ F ACF2,REBUILD(GRP),CLASS(P) * replace AUTOGID with GID(&STCGID.) if AUTOGID is not enabled * SET PROFILE(GROUP) DIV(OMVS) -INSERT {zowe.setup.security.groups.stc}. AUTOGID +INSERT &STCGRP. AUTOGID F ACF2,REBUILD(GRP),CLASS(P) * ***** @@ -436,18 +496,18 @@ F ACF2,REBUILD(GRP),CLASS(P) * replace AUTOUID with UID(&ZOWEUID.) if AUTOUID is not enabled * SET LID -INSERT {zowe.setup.security.users.zowe}. STC GROUP({zowe.setup.security.groups.stc}.) +INSERT &ZOWEUSER. STC GROUP(&STCGRP.) SET PROFILE(USER) DIV(OMVS) -INSERT {zowe.setup.security.users.zowe}. AUTOUID HOME(/tmp) OMVSPGM(/bin/sh) +INSERT &ZOWEUSER. AUTOUID HOME(/tmp) OMVSPGM(/bin/sh) F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) * * userid for ZIS cross memory server * replace AUTOUID with UID(&ZISUID.) if AUTOUID is not enabled * SET LID -INSERT {zowe.setup.security.users.zis}. STC GROUP({zowe.setup.security.groups.stc}.) +INSERT &ZISUSER. STC GROUP(&STCGRP.) SET PROFILE(USER) DIV(OMVS) -INSERT {zowe.setup.security.users.zis}. AUTOUID HOME(/tmp) OMVSPGM(/bin/sh) +INSERT &ZISUSER. AUTOUID HOME(/tmp) OMVSPGM(/bin/sh) F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) * ***** @@ -455,44 +515,44 @@ F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) * started task for ZOWE main server * SET CONTROL(GSO) -INSERT STC.{zowe.setup.security.stcs.zowe}. LOGONID({zowe.setup.security.users.zowe}.) + -GROUP({zowe.setup.security.groups.stc}.) + -STCID({zowe.setup.security.stcs.zowe}.) +INSERT STC.&ZOWESTC. LOGONID(&ZOWEUSER.) + +GROUP(&STCGRP.) + +STCID(&ZOWESTC.) F ACF2,REFRESH(STC) * * started task for ZOWE Launcher in high availability * SET CONTROL(GSO) -INSERT STC.{zowe.setup.security.stcs.zowe}. LOGONID({zowe.setup.security.users.zowe}.) + -GROUP({zowe.setup.security.groups.stc}.) + -STCID({zowe.setup.security.stcs.zowe}.) +INSERT STC.&ZLNCHSTC. LOGONID(&ZOWEUSER.) + +GROUP(&STCGRP.) + +STCID(&ZLNCHSTC.) F ACF2,REFRESH(STC) * * started task for ZIS cross memory server * SET CONTROL(GSO) -INSERT STC.{zowe.setup.security.stcs.zis}. LOGONID({zowe.setup.security.users.zis}.) + -GROUP({zowe.setup.security.groups.stc}.) + -STCID({zowe.setup.security.stcs.zis}.) +INSERT STC.&ZISSTC. LOGONID(&ZISUSER.) + +GROUP(&STCGRP.) + +STCID(&ZISSTC.) F ACF2,REFRESH(STC) * * started task for ZIS Auxiliary cross memory server * SET CONTROL(GSO) -INSERT STC.{zowe.setup.security.stcs.aux}. LOGONID({zowe.setup.security.users.zis}.) + -GROUP({zowe.setup.security.groups.stc}.) + -STCID({zowe.setup.security.stcs.aux}.) +INSERT STC.&AUXSTC. LOGONID(&ZISUSER.) + +GROUP(&STCGRP.) + +STCID(&AUXSTC.) F ACF2,REFRESH(STC) * * DEFINE ZIS SECURITY RESOURCES .................................. * -* define a role holding the permissions, add {zowe.setup.security.users.zis} and -* {zowe.setup.security.users.zowe} to it +* define a role holding the permissions, add &ZISUSER and +* &ZOWEUSER to it * SET X(ROL) -INSERT {zowe.setup.security.groups.stc}. INCLUDE({zowe.setup.security.users.zowe}.) ROLE +INSERT &STCGRP. INCLUDE(&ZOWEUSER.) ROLE F ACF2,NEWXREF,TYPE(ROL) -CHANGE {zowe.setup.security.groups.stc}. INCLUDE({zowe.setup.security.users.zis}.) ADD +CHANGE &STCGRP. INCLUDE(&ZISUSER.) ADD F ACF2,NEWXREF,TYPE(ROL) * * DEFINE STC SERVER PERMISIONS .................................... @@ -500,7 +560,7 @@ F ACF2,NEWXREF,TYPE(ROL) * permit AUX and Zowe main server to use ZIS cross memory server * SET RESOURCE(FAC) -RECKEY ZWES ADD(IS SERVICE(READ) ROLE({zowe.setup.security.groups.stc}.) ALLOW) +RECKEY ZWES ADD(IS SERVICE(READ) ROLE(&STCGRP.) ALLOW) F ACF2,REBUILD(FAC) * * DEFINE ZOWE SERVER PERMISIONS ................................... @@ -513,18 +573,18 @@ F ACF2,REBUILD(FAC) * it on a production system. * SET RESOURCE(FAC) -RECKEY BPX ADD(DAEMON SERVICE(UPDATE) ROLE({zowe.setup.security.groups.stc}.) ALLOW) -RECKEY BPX ADD(SERVER SERVICE(UPDATE) ROLE({zowe.setup.security.groups.stc}.) ALLOW) +RECKEY BPX ADD(DAEMON SERVICE(UPDATE) ROLE(&STCGRP.) ALLOW) +RECKEY BPX ADD(SERVER SERVICE(UPDATE) ROLE(&STCGRP.) ALLOW) * * permit Zowe main server to create a user's security environment * comment out the following 3 lines if the OMVSAPPL is not defined * in your environment SET RESOURCE(APL) -RECKEY OMVSAPPL ADD(SERVICE(READ) ROLE({zowe.setup.security.groups.stc}.) ALLOW) +RECKEY OMVSAPPL ADD(SERVICE(READ) ROLE(&STCGRP.) ALLOW) F ACF2,REBUILD(APL) * * Allow STCGRP role access to BPX.JOBNAME -RECKEY BPX ADD(JOBNAME SERVICE(READ) ROLE({zowe.setup.security.groups.stc}.) ALLOW) +RECKEY BPX ADD(JOBNAME SERVICE(READ) ROLE(&STCGRP.) ALLOW) F ACF2,REBUILD(FAC) * ** comment out to not use SUPERUSER.FILESYS, see JCL comments @@ -535,27 +595,27 @@ COMPILE * $KEY(SUPERUSER.FILESYS) $TYPE(UNI) $ROLESET - ROLE({zowe.setup.security.groups.stc}.) ALLOW + ROLE(&STCGRP.) ALLOW STORE * SET RESOURCE(UNI) -* RECKEY SUPERUSER.FILESYS ADD(SERVICE(READ) ROLE({zowe.setup.security.groups.stc}.) ALLOW) +* RECKEY SUPERUSER.FILESYS ADD(SERVICE(READ) ROLE(&STCGRP.) ALLOW) F ACF2,REBUILD(UNI) * allow STCGRP role to use client certificate mapping service SET RESOURCE(FAC) -RECKEY IRR ADD(RUSERMAP ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) +RECKEY IRR ADD(RUSERMAP ROLE(&STCGRP.) SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * allow STCGRP role to use distributed identity mapping service SET RESOURCE(FAC) -RECKEY IRR ADD(IDIDMAP.QUERY ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) +RECKEY IRR ADD(IDIDMAP.QUERY ROLE(&STCGRP.) SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * permit Zowe main server to cut SMF records SET RESOURCE(FAC) -RECKEY IRR ADD(RAUDITX ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) +RECKEY IRR ADD(RAUDITX ROLE(&STCGRP.) SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * @@ -567,13 +627,13 @@ F ACF2,REBUILD(FAC) * HLQ stub SET RULE * general data set protection -LIST {zowe.setup.dataset.prefix}. -RECKEY {zowe.setup.dataset.prefix}. ADD(- UID(-) READ(A) EXEC(P)) -RECKEY {zowe.setup.dataset.prefix}. + -ADD(- UID({zowe.setup.security.groups.sysProg}.) READ(A) EXEC(A) ALLOC(A) WRITE(A)) +LIST &HLQ. +RECKEY &HLQ. ADD(- UID(-) READ(A) EXEC(P)) +RECKEY &HLQ. + +ADD(- UID(&SYSPROG.) READ(A) EXEC(A) ALLOC(A) WRITE(A)) * * show results -LIST {zowe.setup.dataset.prefix}. +LIST &HLQ. * * @@ -614,67 +674,67 @@ $$ /* DEFINE ADMINISTRATORS ........................................... */ /* group for administrators */ - TSS LIST({zowe.setup.security.groups.admin}.) SEGMENT(OMVS) - TSS CREATE({zowe.setup.security.groups.admin}.) TYPE(GROUP) + + TSS LIST(&ADMINGRP.) SEGMENT(OMVS) + TSS CREATE(&ADMINGRP.) TYPE(GROUP) + NAME('ZOWE ADMINISTRATORS') + DEPT(&ADMINDEP.) - TSS ADD({zowe.setup.security.groups.admin}.) GID(&ADMINGID.) + TSS ADD(&ADMINGRP.) GID(&ADMINGID.) /* uncomment to add existing user IDs to the &ADMINGRP group */ -/* TSS ADD(userid) GROUP({zowe.setup.security.groups.admin}.) */ +/* TSS ADD(userid) GROUP(&ADMINGRP.) */ /* DEFINE STARTED TASK ............................................. */ /* comment out if STCGRP matches ADMINGRP (default), expect */ /* warning messages otherwise */ /* group for started tasks */ - TSS LIST({zowe.setup.security.groups.stc}.) SEGMENT(OMVS) - TSS CREATE({zowe.setup.security.groups.stc}.) TYPE(GROUP) + + TSS LIST(&STCGRP.) SEGMENT(OMVS) + TSS CREATE(&STCGRP.) TYPE(GROUP) + NAME('STC GROUP WITH OMVS SEGMENT') + DEPT(&STCGDEP.) - TSS ADD({zowe.setup.security.groups.stc}.) GID(&STCGID.) + TSS ADD(&STCGRP.) GID(&STCGID.) /* */ /* userid for ZOWE main server */ - TSS LIST({zowe.setup.security.users.zowe}.) SEGMENT(OMVS) - TSS CREATE({zowe.setup.security.users.zowe}.) TYPE(USER) PASS(NOPW,0) + + TSS LIST(&ZOWEUSER.) SEGMENT(OMVS) + TSS CREATE(&ZOWEUSER.) TYPE(USER) PASS(NOPW,0) + NAME('ZOWE MAIN SERVER') + DEPT(&STCUDEP.) - TSS ADD({zowe.setup.security.users.zowe}.) GROUP({zowe.setup.security.groups.stc}.) + - DFLTGRP({zowe.setup.security.groups.stc}.) + + TSS ADD(&ZOWEUSER.) GROUP(&STCGRP.) + + DFLTGRP(&STCGRP.) + HOME(/tmp) OMVSPGM(/bin/sh) UID(&ZOWEUID.) /* userid for ZIS cross memory server */ - TSS LIST({zowe.setup.security.users.zis}.) SEGMENT(OMVS) - TSS CREATE({zowe.setup.security.users.zis}.) TYPE(USER) PASS(NOPW,0) + + TSS LIST(&ZISUSER.) SEGMENT(OMVS) + TSS CREATE(&ZISUSER.) TYPE(USER) PASS(NOPW,0) + NAME('ZOWE ZIS CROSS MEMORY SERVER') + DEPT(&STCUDEP.) - TSS ADD({zowe.setup.security.users.zis}.) GROUP({zowe.setup.security.groups.stc}.) + - DFLTGRP({zowe.setup.security.groups.stc}.) + + TSS ADD(&ZISUSER.) GROUP(&STCGRP.) + + DFLTGRP(&STCGRP.) + HOME(/tmp) OMVSPGM(/bin/sh) UID(&ZISUID.) /* */ /* started task for ZOWE main server */ - TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.zowe}.) PREFIX - TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.zowe}.) ACID({zowe.setup.security.users.zowe}.) - TSS ADD({zowe.setup.security.users.zowe}.) FAC(STC) + TSS LIST(STC) PROCNAME(&ZOWESTC.) PREFIX + TSS ADD(STC) PROCNAME(&ZOWESTC.) ACID(&ZOWEUSER.) + TSS ADD(&ZOWEUSER.) FAC(STC) /* started task for ZOWE Launcher in high availability */ - TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.zowe}.) PREFIX - TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.zowe}.) ACID({zowe.setup.security.users.zowe}.) - TSS ADD({zowe.setup.security.users.zowe}.) FAC(STC) + TSS LIST(STC) PROCNAME(&ZLNCHSTC.) PREFIX + TSS ADD(STC) PROCNAME(&ZLNCHSTC.) ACID(&ZOWEUSER.) + TSS ADD(&ZOWEUSER.) FAC(STC) /* started task for ZIS cross memory server */ - TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.zis}.) PREFIX - TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.zis}.) ACID({zowe.setup.security.users.zis}.) - TSS ADD({zowe.setup.security.users.zis}.) FAC(STC) + TSS LIST(STC) PROCNAME(&ZISSTC.) PREFIX + TSS ADD(STC) PROCNAME(&ZISSTC.) ACID(&ZISUSER.) + TSS ADD(&ZISUSER.) FAC(STC) /* started task for ZIS Auxiliary cross memory server */ - TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.aux}.) PREFIX - TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.aux}.) ACID({zowe.setup.security.users.zis}.) - TSS ADD({zowe.setup.security.users.zis}.) FAC(STC) + TSS LIST(STC) PROCNAME(&AUXSTC.) PREFIX + TSS ADD(STC) PROCNAME(&AUXSTC.) ACID(&ZISUSER.) + TSS ADD(&ZISUSER.) FAC(STC) /* DEFINE ZIS SECURITY RESOURCES ................................... */ @@ -685,7 +745,7 @@ $$ /* permit AUX STC to use ZIS cross memory server */ TSS WHOHAS IBMFAC(ZWES.IS) - TSS PERMIT({zowe.setup.security.users.zis}.) IBMFAC(ZWES.IS) ACCESS(READ) + TSS PERMIT(&ZISUSER.) IBMFAC(ZWES.IS) ACCESS(READ) #if($ibmTemplate != 'YES') /* The ZOWESTC started task is a multi-user address space therefore */ @@ -719,7 +779,7 @@ $$ /* permit Zowe main server to use ZIS cross memory server */ TSS WHOHAS IBMFAC(ZWES.IS) - TSS PERMIT({zowe.setup.security.users.zowe}.) IBMFAC(ZWES.IS) ACCESS(READ) + TSS PERMIT(&ZOWEUSER.) IBMFAC(ZWES.IS) ACCESS(READ) /* permit Zowe main server to create a user's security environment */ /* ATTENTION: Defining the BPX.DAEMON or BPX.SERVER profile makes */ @@ -729,37 +789,37 @@ $$ /* it on a production system. */ TSS ADD(&FACACID.) IBMFAC(BPX.) TSS WHOHAS IBMFAC(BPX.DAEMON) - TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(BPX.DAEMON) ACCESS(UPDATE) + TSS PER(&ZOWEUSER.) IBMFAC(BPX.DAEMON) ACCESS(UPDATE) TSS WHOHAS IBMFAC(BPX.SERVER) - TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(BPX.SERVER) ACCESS(UPDATE) + TSS PER(&ZOWEUSER.) IBMFAC(BPX.SERVER) ACCESS(UPDATE) /* permit Zowe main server to create a user's security environment */ /* comment out the following line if the OMVSAPPL is not defined */ /* in your environment */ -TSS PERMIT({zowe.setup.security.users.zowe}.) APPL(OMVSAPPL) +TSS PERMIT(&ZOWEUSER.) APPL(OMVSAPPL) /* Allow ZOWEUSER access to BPX.JOBNAME */ TSS WHOHAS IBMFAC(BPX.JOBNAME) - TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(BPX.JOBNAME) ACCESS(READ) + TSS PER(&ZOWEUSER.) IBMFAC(BPX.JOBNAME) ACCESS(READ) /* comment out to not use SUPERUSER.FILESYS, see JCL comments */ /* permit Zowe main server to write persistent data */ TSS ADD(&FACACID.) UNIXPRIV(SUPERUSE) TSS WHOHAS UNIXPRIV(SUPERUSER.FILESYS) - TSS PER({zowe.setup.security.users.zowe}.) UNIXPRIV(SUPERUSER.FILESYS) ACCESS(CONTROL) + TSS PER(&ZOWEUSER.) UNIXPRIV(SUPERUSER.FILESYS) ACCESS(CONTROL) /* permit Zowe main server to use client certificate mapping service */ TSS WHOHAS IBMFAC(IRR.RUSERMAP) - TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(IRR.RUSERMAP) ACCESS(READ) + TSS PER(&ZOWEUSER.) IBMFAC(IRR.RUSERMAP) ACCESS(READ) /* permit Zowe main server to use distributed identity mapping */ /* service TSS WHOHAS IBMFAC(IRR.IDIDMAP.QUERY) - TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(IRR.IDIDMAP.QUERY) ACCESS(READ) + TSS PER(&ZOWEUSER.) IBMFAC(IRR.IDIDMAP.QUERY) ACCESS(READ) /* permit Zowe main server to cut SMF records */ TSS WHOHAS IBMFAC(IRR.RAUDITX) - TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(IRR.RAUDITX) ACCESS(READ) + TSS PER(&ZOWEUSER.) IBMFAC(IRR.RAUDITX) ACCESS(READ) /* DEFINE ZOWE DATA SET PROTECTION ................................. */ @@ -767,15 +827,15 @@ TSS PERMIT({zowe.setup.security.users.zowe}.) APPL(OMVSAPPL) /* advised to protect it against updates. */ /* HLQ stub */ - TSS ADD(&ADMINDEP.) DATASET({zowe.setup.dataset.prefix}..) + TSS ADD(&ADMINDEP.) DATASET(&HLQ..) /* general data set protection */ - TSS WHOHAS DATASET({zowe.setup.dataset.prefix}.) - TSS PER(ALL) DATASET({zowe.setup.dataset.prefix}..) ACCESS(READ) - TSS PER({zowe.setup.security.groups.sysProg}) DATASET({zowe.setup.dataset.prefix}..) ACCESS(ALL) + TSS WHOHAS DATASET(&HLQ.) + TSS PER(ALL) DATASET(&HLQ..) ACCESS(READ) + TSS PER(&SYSPROG) DATASET(&HLQ..) ACCESS(ALL) /* show results */ - TSS WHOHAS DATASET({zowe.setup.dataset.prefix}.) + TSS WHOHAS DATASET(&HLQ.) /* DEFINE ZOWE RESOURCE PROTECTION ................................. */ From e63120301c659157a68846fd51d7cec64fd47bd5 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 30 Jan 2024 11:23:57 -0500 Subject: [PATCH 067/258] Whitespace fixes for jcl Signed-off-by: 1000TurquoisePogs --- files/SZWESAMP/ZWECSVSM | 12 ++-- files/SZWESAMP/ZWEGENER | 10 ++-- files/SZWESAMP/ZWEKRING | 128 ++++++++++++++++++++++++++-------------- files/SZWESAMP/ZWENOKYR | 46 +++++++++++---- files/SZWESAMP/ZWENOSEC | 84 +++++++++++++++++--------- files/SZWESAMP/ZWESECKG | 2 +- 6 files changed, 186 insertions(+), 96 deletions(-) diff --git a/files/SZWESAMP/ZWECSVSM b/files/SZWESAMP/ZWECSVSM index 04ceefae6b..216c1f0bb9 100644 --- a/files/SZWESAMP/ZWECSVSM +++ b/files/SZWESAMP/ZWECSVSM @@ -38,21 +38,21 @@ //SYSPRINT DD SYSOUT=* //SYSIN DD * DEFINE CLUSTER - - (NAME({components.caching-service.storage.vsam.name}) - -// DD DDNAME={zowe.setup.vsam.mode} + (NAME({components.caching-service.storage.vsam.name}) - +// DD DDNAME={zowe.setup.vsam.mode} // DD * REC(80 20) - INDEXED) - - DATA(NAME({components.caching-service.storage.vsam.name}.DATA) - + DATA(NAME({components.caching-service.storage.vsam.name}.DATA) - RECSZ(4096 4096) - UNIQUE - KEYS(128 0)) - - INDEX(NAME({components.caching-service.storage.vsam.name}.INDEX) - + INDEX(NAME({components.caching-service.storage.vsam.name}.INDEX) - UNIQUE) //RLS DD * - STORCLAS({zowe.setup.vsam.storageClass}) - + STORCLAS({zowe.setup.vsam.storageClass}) - LOG(NONE) - //NONRLS DD * - VOLUME({zowe.setup.vsam.volume}) - + VOLUME({zowe.setup.vsam.volume}) - SHAREOPTIONS(2 3) - //* diff --git a/files/SZWESAMP/ZWEGENER b/files/SZWESAMP/ZWEGENER index 554f068e3c..425e2a12a8 100644 --- a/files/SZWESAMP/ZWEGENER +++ b/files/SZWESAMP/ZWEGENER @@ -1,8 +1,8 @@ -//ZWEGENER JOB -//* -//* This job is responsible for generating other jobs required -//* to configure Zowe. -//* +//ZWEGENER JOB +//* +//* This job is responsible for generating other jobs required +//* to configure Zowe. +//* //* The method of validating your configuration is using //* JSON Schema . Zowe provides //* the ConfigMgr to assist in this. This job will invoke diff --git a/files/SZWESAMP/ZWEKRING b/files/SZWESAMP/ZWEKRING index d7cf125975..816e7a63e4 100644 --- a/files/SZWESAMP/ZWEKRING +++ b/files/SZWESAMP/ZWEKRING @@ -112,6 +112,12 @@ //* * Label of the root CA of the z/OSMF certificate if //* applicable // SET ROOTZFCA='' +//******************************************************************* +//* +//* * You do NOT need to set USERNAME when running ZWEGENER. +//* * This is used to keep some lines under the column limit. +//* +// SET USERNAME={zowe.setup.security.users.zowe} //* //********************************************************************* //* @@ -128,7 +134,8 @@ //RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Create the keyring .............................................. */ - RACDCERT ADDRING({zowe.setup.certificate.keyring.name}.) ID({zowe.setup.security.users.zowe}.) + RACDCERT ADDRING({zowe.setup.certificate.keyring.name}.) + + ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(DIGTRING) REFRESH $$ //IFOPT1 IF (&OPTION EQ 1) THEN @@ -153,7 +160,8 @@ $$ KEYUSAGE(CERTSIGN) /* Connect Zowe's local CA authority to the keyring ................ */ - RACDCERT CONNECT(CERTAUTH LABEL('{zowe.setup.certificate.keyring.caLabel}') + + RACDCERT CONNECT(CERTAUTH + + LABEL('{zowe.setup.certificate.keyring.caLabel}') + RING({zowe.setup.certificate.keyring.name}.)) + ID({zowe.setup.security.users.zowe}.) @@ -172,7 +180,8 @@ $$ KEYUSAGE(HANDSHAKE) + ALTNAME(IP(&IPADDRES) + DOMAIN('{zowe.externalDomains[0]}')) + - SIGNWITH(CERTAUTH LABEL('{zowe.setup.certificate.keyring.caLabel}')) + SIGNWITH(CERTAUTH + + LABEL('{zowe.setup.certificate.keyring.caLabel}')) /* Connect a Zowe's certificate with the keyring ................... */ RACDCERT CONNECT(ID({zowe.setup.security.users.zowe}.) + @@ -195,7 +204,8 @@ $$ /* Option 2 - BEGINNING ............................................ */ /* Connect a Zowe's certificate with the keyring ................... */ - RACDCERT CONNECT(SITE | ID({zowe.setup.certificate.keyring.connect.user}) + + RACDCERT CONNECT(SITE | + + ID({zowe.setup.certificate.keyring.connect.user}) + LABEL({zowe.setup.certificate.keyring.connect.label}) + RING({zowe.setup.certificate.keyring.name}.) + USAGE(PERSONAL) DEFAULT) + @@ -216,10 +226,10 @@ $$ /* Option 3 - BEGINNING ............................................ */ /* Import external certificate from data set ....................... */ RACDCERT ADD('{zowe.setup.certificate.keyring.import.dsName}.') + - ID({zowe.setup.security.users.zowe}.) + - WITHLABEL('{zowe.setup.certificate.keyring.label}') + - PASSWORD('{zowe.setup.certificate.keyring.import.password}.') + - TRUST + ID({zowe.setup.security.users.zowe}.) + + WITHLABEL('{zowe.setup.certificate.keyring.label}') + + PASSWORD('{zowe.setup.certificate.keyring.import.password}.') + + TRUST /* Connect a Zowe's certificate with the keyring ................... */ RACDCERT CONNECT(ID({zowe.setup.security.users.zowe}.) + @@ -244,12 +254,14 @@ $$ /* keyring ......................................................... */ RACDCERT CONNECT(CERTAUTH + LABEL('&ITRMZWCA.') + - RING({zowe.setup.certificate.keyring.name}.) USAGE(CERTAUTH)) + + RING({zowe.setup.certificate.keyring.name}.) + + USAGE(CERTAUTH)) + ID({zowe.setup.security.users.zowe}.) RACDCERT CONNECT(CERTAUTH + LABEL('&ROOTZWCA.') + - RING({zowe.setup.certificate.keyring.name}.) USAGE(CERTAUTH)) + + RING({zowe.setup.certificate.keyring.name}.) + + USAGE(CERTAUTH)) + ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH @@ -266,7 +278,8 @@ $$ /* authority (CA) with the keyring ................................. */ RACDCERT CONNECT(CERTAUTH + LABEL('&ROOTZFCA.') + - RING({zowe.setup.certificate.keyring.name}.) USAGE(CERTAUTH)) + + RING({zowe.setup.certificate.keyring.name}.) + + USAGE(CERTAUTH)) + ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH @@ -287,15 +300,20 @@ $$ SETROPTS CLASSACT(RDATALIB) RACLIST(RDATALIB) /* Define profiles that control certificate access ................. */ - RDEFINE RDATALIB {zowe.setup.security.users.zowe}..{zowe.setup.certificate.keyring.name}..LST UACC(NONE) + RDEFINE RDATALIB + + &USERNAME..{zowe.setup.certificate.keyring.name}..LST + + UACC(NONE) /* Permit server user ID to access key ring and related ............ */ /* private keys. ................................................... */ - PERMIT {zowe.setup.security.users.zowe}..{zowe.setup.certificate.keyring.name}..LST CLASS(RDATALIB) ID({zowe.setup.security.users.zowe}.) + - ACCESS(CONTROL) + PERMIT + + &USERNAME..{zowe.setup.certificate.keyring.name}..LST + + CLASS(RDATALIB) ID({zowe.setup.security.users.zowe}.) + + ACCESS(CONTROL) /* Uncomment this command to allow other user to access key ring ... */ -/* PERMIT {zowe.setup.security.users.zowe}..{zowe.setup.certificate.keyring.name}..LST CLASS(RDATALIB) ID() + */ +/* PERMIT &USERNAME..{zowe.setup.certificate.keyring.name}..LST + */ +/* CLASS(RDATALIB) ID() + */ /* ACCESS(READ) */ /* Refresh to dynamically activate the changes. .................... */ @@ -307,25 +325,30 @@ $$ /* continue using their existing IRR.DIGTCERT setup. Note that the . */ /* PERMIT commands will fail if the IRR.DIGTCERT profiles do not ... */ /* already exist. .................................................. */ - PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) ID({zowe.setup.security.users.zowe}.) + + PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) + + ID({zowe.setup.security.users.zowe}.) + ACCESS(READ) - PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) ID({zowe.setup.security.users.zowe}.) + + PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) + + ID({zowe.setup.security.users.zowe}.) + ACCESS(READ) /* Uncomment this command if SITE user owns the Zowe certificate ... */ -/* PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) ID({zowe.setup.security.users.zowe}.) + */ +/* PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) */ +/* ID({zowe.setup.security.users.zowe}.) + */ /* ACCESS(CONTROL) */ SETROPTS RACLIST(FACILITY) REFRESH /* show results .................................................... */ - RLIST RDATALIB {zowe.setup.security.users.zowe}..{zowe.setup.certificate.keyring.name}..LST ALL + RLIST RDATALIB + + &USERNAME..{zowe.setup.certificate.keyring.name}..LST ALL RLIST FACILITY IRR.DIGTCERT.LISTRING ALL RLIST FACILITY IRR.DIGTCERT.LIST ALL RLIST FACILITY IRR.DIGTCERT.GENCERT ALL /* List the keyring ................................................ */ - RACDCERT LISTRING({zowe.setup.certificate.keyring.name}.) ID({zowe.setup.security.users.zowe}.) + RACDCERT LISTRING({zowe.setup.certificate.keyring.name}.) + + ID({zowe.setup.security.users.zowe}.) /* Common part - END ............................................... */ /* only the last RC is returned, this command ensures it is a 0 .... */ @@ -345,7 +368,8 @@ ACF // * Create the keyring .............................................. */ SET PROFILE(USER) DIVISION(KEYRING) - INSERT {zowe.setup.security.users.zowe}..ZOWERING RINGNAME({zowe.setup.certificate.keyring.name}.) + INSERT {zowe.setup.security.users.zowe}..ZOWERING + + RINGNAME({zowe.setup.certificate.keyring.name}.) F ACF2,REBUILD(USR),CLASS(P),DIVISION(KEYRING) $$ //IFOPT1 IF (&OPTION EQ 1) THEN @@ -358,7 +382,8 @@ ACF * Option 1 - Default Option - BEGINNING ........................... */ * Create Zowe's local CA authority ................................ */ SET PROFILE(USER) DIVISION(CERTDATA) - GENCERT CERTAUTH.ZOWECA LABEL({zowe.setup.certificate.keyring.caLabel}) SIZE(2048) - + GENCERT CERTAUTH.ZOWECA - + LABEL({zowe.setup.certificate.keyring.caLabel}) SIZE(2048) - SUBJSDN(CN='{zowe.setup.certificate.dname}. CA' - OU='{zowe.setup.certificate.dname.orgUnit}.' - O='{zowe.setup.certificate.dname.org}.' - @@ -370,7 +395,8 @@ ACF * * Connect Zowe's local CA authority to the keyring ................ */ SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA(CERTAUTH.ZOWECA) RINGNAME({zowe.setup.certificate.keyring.name}.) - + CONNECT CERTDATA(CERTAUTH.ZOWECA) - + RINGNAME({zowe.setup.certificate.keyring.name}.) - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) CHKCERT CERTAUTH.ZOWECA * @@ -393,7 +419,8 @@ ACF * Connect a Zowe's certificate with the keyring ................... */ SET PROFILE(USER) DIVISION(CERTDATA) CONNECT CERTDATA({zowe.setup.security.users.zowe}..ZOWECERT) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(PERSONAL) DEFAULT + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - + USAGE(PERSONAL) DEFAULT CHKCERT {zowe.setup.security.users.zowe}..ZOWECERT * * Option 1 - Default Option - END ................................. */ @@ -411,7 +438,8 @@ ACF * Connect a Zowe's certificate with the keyring ................... */ SET PROFILE(USER) DIVISION(CERTDATA) CONNECT CERTDATA(SITECERT.digicert | userid.digicert) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(PERSONAL) DEFAULT + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - + USAGE(PERSONAL) DEFAULT CHKCERT {zowe.setup.security.users.zowe}..ZOWECERT * * Option 2 - END .................................................. */ @@ -429,15 +457,16 @@ ACF * Import external certificate from data set ....................... */ SET PROFILE(USER) DIV(CERTDATA) INSERT {zowe.setup.security.users.zowe}..ZOWECERT - - DSNAME('{zowe.setup.certificate.keyring.import.dsName}.') - - LABEL(&LABEL.) - - PASSWORD('{zowe.setup.certificate.keyring.import.password}.') - - TRUST + DSNAME('{zowe.setup.certificate.keyring.import.dsName}.') - + LABEL(&LABEL.) - + PASSWORD('{zowe.setup.certificate.keyring.import.password}.') - + TRUST * * Connect a Zowe's certificate with the keyring ................... */ SET PROFILE(USER) DIVISION(CERTDATA) CONNECT CERTDATA({zowe.setup.security.users.zowe}..ZOWECERT) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(PERSONAL) DEFAULT + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - + USAGE(PERSONAL) DEFAULT CHKCERT {zowe.setup.security.users.zowe}..ZOWECERT * * Option 3 - END .................................................. */ @@ -454,10 +483,12 @@ ACF * Connect all CAs of the Zowe certificate's signing chain with the */ * keyring ......................................................... */ SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA(CERTAUTH.&ITRMZWCA.) RINGNAME({zowe.setup.certificate.keyring.name}.) - + CONNECT CERTDATA(CERTAUTH.&ITRMZWCA.) - + RINGNAME({zowe.setup.certificate.keyring.name}.) - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) * - CONNECT CERTDATA(CERTAUTH.&ROOTZWCA.) RINGNAME({zowe.setup.certificate.keyring.name}.) - + CONNECT CERTDATA(CERTAUTH.&ROOTZWCA.) - + RINGNAME({zowe.setup.certificate.keyring.name}.) - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) $$ //IFZWCAED ENDIF @@ -472,7 +503,8 @@ ACF * Connect the z/OSMF root CA signed by a recognized certificate ... */ * authority (CA) with the keyring ................................. */ SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA(CERTAUTH.&ROOTZFCA.) RINGNAME({zowe.setup.certificate.keyring.name}.) - + CONNECT CERTDATA(CERTAUTH.&ROOTZFCA.) - + RINGNAME({zowe.setup.certificate.keyring.name}.) - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) $$ //IFZFCAED ENDIF @@ -487,11 +519,13 @@ ACF * * Allow ZOWEUSER to access keyring ................................ */ SET RESOURCE(FAC) - RECKEY IRR ADD(DIGTCERT.LISTRING ROLE({zowe.setup.security.groups.stc}) - + RECKEY IRR ADD(DIGTCERT.LISTRING - + ROLE({zowe.setup.security.groups.stc}) - SERVICE(READ) ALLOW) * * Uncomment this command if SITE acid owns the Zowe certificate ... */ -* RECKEY IRR ADD(DIGTCERT.GENCERT ROLE({zowe.setup.security.groups.stc}) - +* RECKEY IRR ADD(DIGTCERT.GENCERT - +* ROLE({zowe.setup.security.groups.stc}) - * SERVICE(CONTROL) ALLOW) * F ACF2,REBUILD(FAC) @@ -513,7 +547,8 @@ $$ //TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Create the keyring .............................................. */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) $$ //IFOPT1 IF (&OPTION EQ 1) THEN //RUNOPT1 EXEC PGM=IKJEFT01,REGION=0M @@ -537,7 +572,8 @@ $$ KEYUSAGE('CERTSIGN') /* Connect Zowe's local CA authority to the keyring ................ */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + RINGDATA(CERTAUTH,ZOWECA) /* Create a certificate signed by local zowe's CA .................. */ @@ -614,10 +650,12 @@ $$ /* Connect all CAs of the Zowe certificate's signing chain with the */ /* keyring ......................................................... */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + RINGDATA(CERTAUTH,&ITRMZWCA.) USAGE(CERTAUTH) - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + RINGDATA(CERTAUTH,&ROOTZWCA.) USAGE(CERTAUTH) $$ //IFZWCAED ENDIF @@ -630,7 +668,8 @@ $$ /* Connect the z/OSMF root CA signed by a recognized certificate ... */ /* authority (CA) with the keyring ................................. */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + RINGDATA(CERTAUTH,&ROOTZFCA.) USAGE(CERTAUTH) $$ //IFZFCAED ENDIF @@ -643,13 +682,16 @@ $$ /* A common part for all options starts here ....................... */ /* Allow ZOWEUSER to access keyring ................................ */ - TSS PERMIT({zowe.setup.security.users.zowe}.) IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) + TSS PERMIT({zowe.setup.security.users.zowe}.) + + IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) /* Uncomment this command if SITE acid owns the Zowe certificate ... */ -/* TSS PERMIT({zowe.setup.security.users.zowe}.) IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) +/* TSS PERMIT({zowe.setup.security.users.zowe}.) + + IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) /* List the keyring ................................................ */ - TSS LIST({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) LABLRING({zowe.setup.certificate.keyring.name}.) + TSS LIST({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) /* Common part - END ............................................... */ /* only the last RC is returned, this command ensures it is a 0 */ diff --git a/files/SZWESAMP/ZWENOKYR b/files/SZWESAMP/ZWENOKYR index b7ba95b2b4..4212678c0f 100644 --- a/files/SZWESAMP/ZWENOKYR +++ b/files/SZWESAMP/ZWENOKYR @@ -33,6 +33,13 @@ //* 2. This job WILL complete with return code 0. //* The results of each command must be verified after completion. //* +//******************************************************************* +//* +//* * You do NOT need to set USERNAME when running ZWEGENER. +//* * This is used to keep some lines under the column limit. +//* +// SET USERNAME={zowe.setup.security.users.zowe} +//* //********************************************************************* // EXPORT SYMLIST=* //* @@ -51,30 +58,39 @@ //RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Remove permit to use SITE owned certificate's private key */ - PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) + PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) + + DELETE ID({zowe.setup.security.users.zowe}.) /* Remove permit to read keyring ................................... */ - PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) + PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) + + DELETE ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(FACILITY) REFRESH /* Remove keyring profile defined on RDATALIB class ................ */ - RLIST RDATALIB {zowe.setup.security.users.zowe}..{zowe.setup.certificate.keyring.name}..LST ALL - PERMIT {zowe.setup.security.users.zowe}..{zowe.setup.certificate.keyring.name}..LST CLASS(RDATALIB) DELETE + - ID({zowe.setup.security.users.zowe}.) - RDELETE RDATALIB {zowe.setup.security.users.zowe}..{zowe.setup.certificate.keyring.name}..LST + RLIST RDATALIB + + &USERNAME..{zowe.setup.certificate.keyring.name}..LST ALL + PERMIT + + &USERNAME..{zowe.setup.certificate.keyring.name}..LST + + CLASS(RDATALIB) DELETE + + ID({zowe.setup.security.users.zowe}.) + RDELETE RDATALIB + + &USERNAME..{zowe.setup.certificate.keyring.name}..LST /* Refresh to dynamically activate the changes. .................... */ SETROPTS RACLIST(RDATALIB) REFRESH /* Delete LABEL certificate ........................................*/ - RACDCERT DELETE(LABEL('{zowe.setup.certificate.keyring.label}.')) ID({zowe.setup.security.users.zowe}.) + RACDCERT DELETE(LABEL('{zowe.setup.certificate.keyring.label}.')) + + ID({zowe.setup.security.users.zowe}.) /* Delete LOCALCA certificate ......................................*/ - RACDCERT DELETE(LABEL('{zowe.setup.certificate.keyring.caLabel}.')) CERTAUTH + RACDCERT DELETE(LABEL( + + '{zowe.setup.certificate.keyring.caLabel}.')) CERTAUTH /* Delete keyring ...................................................*/ - RACDCERT DELRING({zowe.setup.certificate.keyring.name}.) ID({zowe.setup.security.users.zowe}.) + RACDCERT DELRING({zowe.setup.certificate.keyring.name}.) + + ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(DIGTCERT, DIGTRING) REFRESH @@ -92,11 +108,13 @@ ACF * Remove permit to use SITE owned certificate's private key SET RESOURCE(FAC) - RECKEY IRR DEL(DIGTCERT.GENCERT ROLE({zowe.setup.security.groups.stc}) + + RECKEY IRR DEL(DIGTCERT.GENCERT + + ROLE({zowe.setup.security.groups.stc}) + SERVICE(CONTROL) ALLOW) * Remove permit to read keyring ....................................*/ - RECKEY IRR DEL(DIGTCERT.LISTRING ROLE({zowe.setup.security.groups.stc}) + + RECKEY IRR DEL(DIGTCERT.LISTRING + + ROLE({zowe.setup.security.groups.stc}) + SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) @@ -123,10 +141,12 @@ $$ //TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Remove permit to use SITE owned certificate's private key */ - TSS REVOKE({zowe.setup.security.users.zowe}.) IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) + TSS REVOKE({zowe.setup.security.users.zowe}.) + + IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) /* Remove permit to read keyring ................................... */ - TSS REVOKE({zowe.setup.security.users.zowe}.) IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) + TSS REVOKE({zowe.setup.security.users.zowe}.) + + IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) /* Delete LABEL certificate ........................................*/ TSS REM({zowe.setup.security.users.zowe}.) DIGICERT(ZOWECERT) diff --git a/files/SZWESAMP/ZWENOSEC b/files/SZWESAMP/ZWENOSEC index f769e82e9a..44036f1f2b 100644 --- a/files/SZWESAMP/ZWENOSEC +++ b/files/SZWESAMP/ZWENOSEC @@ -70,7 +70,8 @@ /* remove general data set protection */ LISTDSD PREFIX({zowe.setup.datasets.prefix}.) ALL - PERMIT '{zowe.setup.datasets.prefix}..*.**' CLASS(DATASET) DELETE ID({zowe.setup.security.groups.sysProg}.) + PERMIT '{zowe.setup.datasets.prefix}..*.**' CLASS(DATASET) + + DELETE ID({zowe.setup.security.groups.sysProg}.) DELDSD '{zowe.setup.datasets.prefix}..*.**' /* remove HLQ stub */ @@ -83,33 +84,42 @@ /* remove permit to use ZIS */ RLIST FACILITY ZWES.IS ALL - PERMIT ZWES.IS CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) + PERMIT ZWES.IS CLASS(FACILITY) + + DELETE ID({zowe.setup.security.users.zowe}.) /* remove permit to create a user's security environment */ RLIST FACILITY BPX.DAEMON ALL - PERMIT BPX.DAEMON CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) + PERMIT BPX.DAEMON CLASS(FACILITY) DELETE + + ID({zowe.setup.security.users.zowe}.) RLIST FACILITY BPX.SERVER ALL - PERMIT BPX.SERVER CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) + PERMIT BPX.SERVER CLASS(FACILITY) DELETE + + ID({zowe.setup.security.users.zowe}.) - PERMIT OMVSAPPL CLASS(APPL) DELETE ID({zowe.setup.security.users.zowe}.) + PERMIT OMVSAPPL CLASS(APPL) DELETE + + ID({zowe.setup.security.users.zowe}.) /* remove permit to set jobname */ RLIST FACILITY BPX.JOBNAME ALL - PERMIT BPX.JOBNAME CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) + PERMIT BPX.JOBNAME CLASS(FACILITY) DELETE + + ID({zowe.setup.security.users.zowe}.) /* remove permit to write persistent data */ RLIST UNIXPRIV SUPERUSER.FILESYS ALL - PERMIT SUPERUSER.FILESYS CLASS(UNIXPRIV) DELETE ID({zowe.setup.security.users.zowe}.) + PERMIT SUPERUSER.FILESYS CLASS(UNIXPRIV) DELETE + + ID({zowe.setup.security.users.zowe}.) /* remove permit to use client certificate mapping service */ - PERMIT IRR.RUSERMAP CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) + PERMIT IRR.RUSERMAP CLASS(FACILITY) DELETE + + ID({zowe.setup.security.users.zowe}.) /* remove permit to use distributed identity mapping service */ - PERMIT IRR.IDIDMAP.QUERY CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) + PERMIT IRR.IDIDMAP.QUERY CLASS(FACILITY) DELETE + + ID({zowe.setup.security.users.zowe}.) /* remove permit Zowe main server to cut SMF records */ - PERMIT IRR.RAUDITX CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zowe}.) + PERMIT IRR.RAUDITX CLASS(FACILITY) DELETE + + ID({zowe.setup.security.users.zowe}.) SETROPTS RACLIST(FACILITY) REFRESH SETROPTS RACLIST(UNIXPRIV) REFRESH @@ -118,7 +128,8 @@ /* remove permit to use ZIS */ RLIST FACILITY ZWES.IS ALL - PERMIT ZWES.IS CLASS(FACILITY) DELETE ID({zowe.setup.security.users.zis}.) + PERMIT ZWES.IS CLASS(FACILITY) DELETE + + ID({zowe.setup.security.users.zis}.) /* REMOVE STARTED TASKS ............................................ */ @@ -130,7 +141,8 @@ LISTUSER {zowe.setup.security.users.zis}. OMVS DELUSER {zowe.setup.security.users.zis}. -/* comment out if {zowe.setup.security.groups.stc} matches {zowe.setup.security.groups.admin} (default), expect */ +/* comment out if {zowe.setup.security.groups.stc} matches */ +/* {zowe.setup.security.groups.admin} (default), expect */ /* warning messages otherwise */ /* remove group for started tasks */ LISTGRP {zowe.setup.security.groups.stc}. OMVS @@ -152,8 +164,10 @@ /* REMOVE ADMINISTRATORS ........................................... */ -/* uncomment to remove user IDs from the {zowe.setup.security.groups.admin} group */ -/* REMOVE (userid,userid,...) GROUP({zowe.setup.security.groups.admin}.) */ +/* uncomment to remove user IDs from */ +/* the {zowe.setup.security.groups.admin} group */ +/* REMOVE (userid,userid,...) */ +/* GROUP({zowe.setup.security.groups.admin}.) */ /* remove group for administrators */ LISTGRP {zowe.setup.security.groups.admin}. OMVS @@ -236,18 +250,23 @@ F ACF2,REFRESH(STC) * * Revoke access to ZIS SET RESOURCE(FAC) -RECKEY ZWES DEL(IS ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) +RECKEY ZWES DEL(IS ROLE({zowe.setup.security.groups.stc}.) + + SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * * Remove Zowe main server * SET RESOURCE(FAC) -RECKEY BPX DEL(DAEMON ROLE({zowe.setup.security.groups.stc}.) SERVICE(UPDATE) ALLOW) -RECKEY BPX DEL(SERVER ROLE({zowe.setup.security.groups.stc}.) SERVICE(UPDATE) ALLOW) -RECKEY BPX DEL(JOBNAME ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) +RECKEY BPX DEL(DAEMON ROLE({zowe.setup.security.groups.stc}.) + + SERVICE(UPDATE) ALLOW) +RECKEY BPX DEL(SERVER ROLE({zowe.setup.security.groups.stc}.) + + SERVICE(UPDATE) ALLOW) +RECKEY BPX DEL(JOBNAME ROLE({zowe.setup.security.groups.stc}.) + + SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) SET RESOURCE(APL) -RECKEY OMVSAPPL DEL(SERVICE(READ) ROLE({zowe.setup.security.groups.stc}.) ALLOW) +RECKEY OMVSAPPL DEL(SERVICE(READ) + + ROLE({zowe.setup.security.groups.stc}.) ALLOW) F ACF2,REBUILD(APL) * Remove UNI * @@ -260,18 +279,21 @@ F ACF2,REBUILD(UNI) * Remove STCGRP role permission to use client certificate mapping * service SET RESOURCE(FAC) -RECKEY IRR DEL(RUSERMAP ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) +RECKEY IRR DEL(RUSERMAP ROLE({zowe.setup.security.groups.stc}.) + + SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * Remove STCGRP role permission to use distributed certificate mapping * service SET RESOURCE(FAC) -RECKEY IRR DEL(IDIDMAP.QUERY ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) +RECKEY IRR DEL(IDIDMAP.QUERY + + ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * Remove STCGRP role permission to cut SMF records SET RESOURCE(FAC) -RECKEY IRR DEL(RAUDITX ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) +RECKEY IRR DEL(RAUDITX ROLE({zowe.setup.security.groups.stc}.) + + SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * Remove data set protection @@ -303,7 +325,8 @@ $$ /* removE general data set protection */ TSS WHOHAS DATASET({zowe.setup.datasets.prefix}) TSS REVOKE(ALL) DATASET({zowe.setup.datasets.prefix}..) -TSS REVOKE({zowe.setup.security.groups.sysProg}) DATASET({zowe.setup.datasets.prefix}..) +TSS REVOKE({zowe.setup.security.groups.sysProg}) + + DATASET({zowe.setup.datasets.prefix}..) TSS REMOVE(&ADMINDEP) DATASET({zowe.setup.datasets.prefix}..) /* REMOVE ZOWE SERVER PERMISIONS ................................... */ @@ -326,7 +349,8 @@ TSS REVOKE({zowe.setup.security.users.zowe}) IBMFAC(BPX.JOBNAME) /* remove permit to write persistent data */ TSS WHOHAS UNIXPRIV(SUPERUSER.FILESYS) -TSS REVOKE({zowe.setup.security.users.zowe}) UNIXPRIV(SUPERUSER.FILESYS) +TSS REVOKE({zowe.setup.security.users.zowe}) + + UNIXPRIV(SUPERUSER.FILESYS) /* remove permit Zowe main server to use client certificate mapping */ /* service */ @@ -336,7 +360,8 @@ TSS REVOKE({zowe.setup.security.users.zowe}.) IBMFAC(IRR.RUSERMAP) /* remove permit Zowe main server to use distributed identity */ /* mapping service */ TSS WHOHAS IBMFAC(IRR.IDIDMAP.QUERY) -TSS REVOKE({zowe.setup.security.users.zowe}.) IBMFAC(IRR.IDIDMAP.QUERY) +TSS REVOKE({zowe.setup.security.users.zowe}.) + + IBMFAC(IRR.IDIDMAP.QUERY) /* remove permit Zowe main server to cut SMF records */ TSS WHOHAS IBMFAC(IRR.RAUDITX) @@ -358,7 +383,8 @@ TSS DELETE({zowe.setup.security.users.zowe}) TSS LIST({zowe.setup.security.users.zis}) TSS DELETE({zowe.setup.security.users.zis}) -/* comment out if {zowe.setup.security.groups.stc} matches {zowe.setup.security.groups.admin} (default), expect */ +/* comment out if {zowe.setup.security.groups.stc} matches */ +/* {zowe.setup.security.groups.admin} (default), expect */ /* warning messages otherwise */ /* remove group for started tasks */ TSS LIST({zowe.setup.security.groups.stc}) @@ -378,8 +404,10 @@ TSS REMOVE(STC) PROCNAME({zowe.setup.security.stcs.aux}) /* REMOVE ADMINISTRATORS ........................................... */ -/* uncomment to remove user IDs from the {zowe.setup.security.groups.admin} group */ -/* TSS REMOVE (userid) GROUP({zowe.setup.security.groups.admin}.) */ +/* uncomment to remove user IDs from */ +/* the {zowe.setup.security.groups.admin} group */ +/* TSS REMOVE (userid) + */ +/* GROUP({zowe.setup.security.groups.admin}.) */ /* remove group for administrators */ TSS LIST({zowe.setup.security.groups.admin}) TSS DELETE({zowe.setup.security.groups.admin}) diff --git a/files/SZWESAMP/ZWESECKG b/files/SZWESAMP/ZWESECKG index 6b8861aaa5..454085367c 100644 --- a/files/SZWESAMP/ZWESECKG +++ b/files/SZWESAMP/ZWESECKG @@ -133,6 +133,6 @@ void printHex(unsigned char *text, unsigned int len) } /* end printHex */ /* //BIND.SYSIN DD * - INCLUDE '/usr/lib/CSFDLL31.x' + INCLUDE '/usr/lib/CSFDLL31.x' /* // From 22e00eacc79614415787cb5d9234d393a3603fce Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 30 Jan 2024 12:26:32 -0500 Subject: [PATCH 068/258] Add better mvs step logging and implement jcl cleanup for init vsam Signed-off-by: 1000TurquoisePogs --- bin/commands/init/mvs/.errors | 2 + bin/commands/init/mvs/index.sh | 23 ++++-- bin/commands/init/vsam/index.sh | 128 ++++++++++++-------------------- 3 files changed, 66 insertions(+), 87 deletions(-) diff --git a/bin/commands/init/mvs/.errors b/bin/commands/init/mvs/.errors index e0d97a80c7..1fdebba80c 100644 --- a/bin/commands/init/mvs/.errors +++ b/bin/commands/init/mvs/.errors @@ -2,3 +2,5 @@ ZWEL0157E|157|%s (%s) is not defined in Zowe YAML configuration file. ZWEL0300W||%s already exists. This data set member will be overwritten during configuration. ZWEL0301W||%s already exists and will not be overwritten. For upgrades, you must use --allow-overwrite. ZWEL0158E|158|%s already exists. +ZWEL0161E|161|Failed to run JCL %s. +ZWEL0162E|162|Failed to find job %s result. diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index 65effbc77f..36acb65d48 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -29,7 +29,7 @@ if [ -z "${prefix}" ]; then print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 fi -jcllib_location=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") +jcllib_location=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") does_jcl_exist=$(is_data_set_exists "${jcllib_location}(ZWEIMVS)") if [ "${does_jcl_exist}" = "false" ]; then print_error_and_exit "Error ZWEL0999E: ${jcllib_location}(ZWEIMVS) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 @@ -81,16 +81,29 @@ else copy_mvs_to_uss "${jcllib_location}(ZWEIMVS)" "${jcl_file}" jcl_contents=$(cat "${jcl_file}") - print_message "Template JCL: ${prefix}.SZWESAMP(ZWEIMVS) , Executable JCL: ${jcl_location}(ZWEIMVS)" + print_message "Template JCL: ${prefix}.SZWESAMP(ZWEIMVS) , Executable JCL: ${jcllib_location}(ZWEIMVS)" print_message "JCL Content:" print_message "$jcl_contents" if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then print_message "Submitting Job ZWEIMVS" jobid=$(submit_job "$jcl_contents") - rc=$(wait_for_job "${jobid}") - print_message "Job completed with RC=${rc}" - if [ "${rc}" -eq 0 ]; then + code=$? + if [ ${code} -ne 0 ]; then + print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib_location}(ZWEIMVS)." "" 161 + fi + print_debug "- job id ${jobid}" + + jobstate=$(wait_for_job "${jobid}") + code=$? + if [ ${code} -eq 1 ]; then + print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 + fi + jobname=$(echo "${jobstate}" | awk -F, '{print $2}') + jobcctext=$(echo "${jobstate}" | awk -F, '{print $3}') + jobcccode=$(echo "${jobstate}" | awk -F, '{print $4}') + + if [ "${code}" -eq 0 ]; then print_level2_message "Zowe custom data sets are initialized successfully." else print_level2_message "Zowe custom data sets initialized with errors." diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index acf3ae06cb..d12f7d812b 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -25,17 +25,20 @@ if [ "${caching_storage}" != "VSAM" ]; then print_error "Warning ZWEL0301W: Zowe Caching Service is not configured to use VSAM. Command skipped." return 0 fi - # read prefix and validate prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") if [ -z "${prefix}" ]; then print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 fi -# read JCL library and validate + jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") -if [ -z "${jcllib}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe custom JCL library (zowe.setup.dataset.jcllib) is not defined in Zowe YAML configuration file." "" 157 +does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEIMVS)") +if [ "${does_jcl_exist}" = "false" ]; then + print_error_and_exit "Error ZWEL0999E: ${jcllib}(ZWEIMVS) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 fi + + + vsam_mode=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.vsam.mode") if [ -z "${vsam_mode}" ]; then vsam_mode=NONRLS @@ -75,89 +78,50 @@ fi # FIXME: cat cannot be used to test VSAM data set vsam_existence=$(is_data_set_exists "${vsam_name}") if [ "${vsam_existence}" = "true" ]; then - # error - print_error_and_exit "Error ZWEL0158E: ${vsam_name} already exists." "" 158 -fi -if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then - # delete blindly and ignore errors - result=$(tso_command delete "'${vsam_name}'") + if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then + # delete blindly and ignore errors + result=$(tso_command delete "'${vsam_name}'") + fi + else + # error + print_error_and_exit "Error ZWEL0158E: ${vsam_name} already exists." "" 158 + fi fi -if [ "${jcl_existence}" = "true" ] && [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" != "true" ]; then - print_message "Skipped writing to ${jcllib}(ZWECSVSM). To write, you must use --allow-overwrite." -else - ############################### - # prepare STCs - # ZWESLSTC - print_message "Modify ZWECSVSM" - tmpfile=$(create_tmp_file $(echo "zwe ${ZWE_CLI_COMMANDS_LIST}" | sed "s# #-#g")) - print_debug "- Copy ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWECSVSM) to ${tmpfile}" - result=$(cat "//'${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWECSVSM)'" | \ - sed "s/^\/\/ \+SET \+MODE=.*\$/\/\/ SET MODE=${vsam_mode}/" | \ - sed "/^\/\/ALLOC/,9999s/#dsname/${vsam_name}/g" | \ - sed "/^\/\/ALLOC/,9999s/#volume/${vsam_volume}/g" | \ - sed "/^\/\/ALLOC/,9999s/#storclas/${vsam_storageClass}/g" \ - > "${tmpfile}") - code=$? - chmod 700 "${tmpfile}" - if [ ${code} -eq 0 ]; then - print_debug " * Succeeded" - print_trace " * Exit code: ${code}" - print_trace " * Output:" - if [ -n "${result}" ]; then - print_trace "$(padding_left "${result}" " ")" +jcl_file=$(create_tmp_file) +copy_mvs_to_uss "${jcllib}(ZWECSVSM)" "${jcl_file}" +jcl_contents=$(cat "${jcl_file}") + +print_message "Template JCL: ${prefix}.SZWESAMP(ZWECSVSM) , Executable JCL: ${jcllib}(ZWECSVSM)" +print_message "JCL Content:" +print_message "$jcl_contents" + +if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then + print_message "Submitting Job ZWECSVSM" + jobid=$(submit_job "$jcl_contents") + code=$? + if [ ${code} -ne 0 ]; then + print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib}(ZWECSVSM)." "" 161 fi - else - print_debug " * Failed" - print_error " * Exit code: ${code}" - print_error " * Output:" - if [ -n "${result}" ]; then - print_error "$(padding_left "${result}" " ")" + print_debug "- job id ${jobid}" + + jobstate=$(wait_for_job "${jobid}") + code=$? + if [ ${code} -eq 1 ]; then + print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 fi - fi - if [ ! -f "${tmpfile}" ]; then - print_error_and_exit "Error ZWEL0159E: Failed to modify ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWECSVSM)" "" 159 - fi - print_trace "- ${tmpfile} created with content" - print_trace "$(cat "${tmpfile}")" - print_trace "- ensure ${tmpfile} encoding before copying into data set" - ensure_file_encoding "${tmpfile}" "SPDX-License-Identifier" - print_trace "- copy to ${jcllib}(ZWECSVSM)" - copy_to_data_set "${tmpfile}" "${jcllib}(ZWECSVSM)" "" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" - code=$? - print_trace "- Delete ${tmpfile}" - rm -f "${tmpfile}" - if [ ${code} -ne 0 ]; then - print_error_and_exit "Error ZWEL0160E: Failed to write to ${jcllib}(ZWECSVSM). Please check if target data set is opened by others." "" 160 - fi - print_message "- ${jcllib}(ZWECSVSM) is prepared" - print_message -fi + jobname=$(echo "${jobstate}" | awk -F, '{print $2}') + jobcctext=$(echo "${jobstate}" | awk -F, '{print $3}') + jobcccode=$(echo "${jobstate}" | awk -F, '{print $4}') -############################### -# submit job -print_message "Submit ${jcllib}(ZWECSVSM)" -jobid=$(submit_job "//'${jcllib}(ZWECSVSM)'") -code=$? -if [ ${code} -ne 0 ]; then - print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib}(ZWECSVSM)." "" 161 -fi -print_debug "- job id ${jobid}" -jobstate=$(wait_for_job "${jobid}") -code=$? -if [ ${code} -eq 1 ]; then - print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 -fi -jobname=$(echo "${jobstate}" | awk -F, '{print $2}') -jobcctext=$(echo "${jobstate}" | awk -F, '{print $3}') -jobcccode=$(echo "${jobstate}" | awk -F, '{print $4}') -if [ ${code} -eq 0 ]; then - print_message "- Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." + if [ "${code}" -eq 0 ]; then + print_level2_message "Zowe Caching Service VSAM storage is created successfully." + else + print_error_and_exit "Error ZWEL0163E: Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." "" 163 + fi else - print_error_and_exit "Error ZWEL0163E: Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." "" 163 + print_message "JCL not submitted, command run with dry run flag." + print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" + print_level2_message "Zowe Caching Service VSAM storage is created successfully." fi - -############################### -# exit message -print_level2_message "Zowe Caching Service VSAM storage is created successfully." From 08a12f2c7d13b782721967b939f54cff94e4044b Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 30 Jan 2024 14:35:08 -0500 Subject: [PATCH 069/258] Add STC to jcl lib output. Fix whitespace on ZWEGENER Signed-off-by: 1000TurquoisePogs --- files/SZWEEXEC/ZWEGEN00 | 3 --- files/SZWESAMP/ZWEGENER | 10 +++++----- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/files/SZWEEXEC/ZWEGEN00 b/files/SZWEEXEC/ZWEGEN00 index 60fff0aef9..c39409178e 100644 --- a/files/SZWEEXEC/ZWEGEN00 +++ b/files/SZWEEXEC/ZWEGEN00 @@ -184,9 +184,6 @@ end /* members which are not JCL */ x = DeleteDataSet(jclCopy'(ZWEGENER)') -x = DeleteDataSet(jclCopy'(ZWESLSTC)') -x = DeleteDataSet(jclCopy'(ZWESASTC)') -x = DeleteDataSet(jclCopy'(ZWESISTC)') x = DeleteDataSet(jclCopy'(ZWESIP00)') x = DeleteDataSet(jclCopy'(ZWESIPRG)') x = DeleteDataSet(jclCopy'(ZWESISCH)') diff --git a/files/SZWESAMP/ZWEGENER b/files/SZWESAMP/ZWEGENER index 425e2a12a8..e1f8b2b562 100644 --- a/files/SZWESAMP/ZWEGENER +++ b/files/SZWESAMP/ZWEGENER @@ -1,8 +1,8 @@ -//ZWEGENER JOB -//* -//* This job is responsible for generating other jobs required -//* to configure Zowe. -//* +//ZWEGENER JOB +//* +//* This job is responsible for generating other jobs required +//* to configure Zowe. +//* //* The method of validating your configuration is using //* JSON Schema . Zowe provides //* the ConfigMgr to assist in this. This job will invoke From 0779be44c97c181aae8bcdbce0e50035cb578727 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 30 Jan 2024 16:37:26 -0500 Subject: [PATCH 070/258] Fix zwekring reference and vsam breaking rexx Signed-off-by: 1000TurquoisePogs --- example-zowe.yaml | 8 +++++++- files/SZWESAMP/ZWECSVSM | 6 +++--- files/SZWESAMP/ZWEGENER | 12 +++++------- files/SZWESAMP/ZWEKRING | 6 +++--- schemas/zowe-yaml-schema.json | 4 ++++ 5 files changed, 22 insertions(+), 14 deletions(-) diff --git a/example-zowe.yaml b/example-zowe.yaml index 144ca7227b..e944ca9760 100644 --- a/example-zowe.yaml +++ b/example-zowe.yaml @@ -40,6 +40,10 @@ zowe: dataset: # **COMMONLY_CUSTOMIZED** # where Zowe MVS data sets will be installed + # This prefix is used for the Zowe runtime datasets + # Including: + # Auth Load Lib: SZWEAUTH + # Load Lib: SZWELOAD prefix: IBMUSER.ZWEV2 # **COMMONLY_CUSTOMIZED** # PROCLIB where Zowe STCs will be copied over @@ -176,7 +180,6 @@ zowe: # certificate: # # Type of certificate storage. Valid values are: JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS # type: JCERACFKS - # createZosmfTrust: true # keyring: # # **COMMONLY_CUSTOMIZED** # # keyring name @@ -254,6 +257,7 @@ zowe: # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # VSAM configurations if you are using VSAM as Caching Service storage + # This is used in the optional "zwe init vsam" command. vsam: # VSAM data set with Record-Level-Sharing enabled or not # Valid values could be: NONRLS or RLS. @@ -262,6 +266,8 @@ zowe: volume: "" # Storage class name if you are using VSAM in RLS mode storageClass: "" + # Data set name. Must match components.caching-service.storage.vsam.name + name: "" # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # **COMMONLY_CUSTOMIZED** diff --git a/files/SZWESAMP/ZWECSVSM b/files/SZWESAMP/ZWECSVSM index 216c1f0bb9..3f7b5c2412 100644 --- a/files/SZWESAMP/ZWECSVSM +++ b/files/SZWESAMP/ZWECSVSM @@ -38,16 +38,16 @@ //SYSPRINT DD SYSOUT=* //SYSIN DD * DEFINE CLUSTER - - (NAME({components.caching-service.storage.vsam.name}) - + (NAME({zowe.setup.vsam.name}) - // DD DDNAME={zowe.setup.vsam.mode} // DD * REC(80 20) - INDEXED) - - DATA(NAME({components.caching-service.storage.vsam.name}.DATA) - + DATA(NAME({zowe.setup.vsam.name}.DATA) - RECSZ(4096 4096) - UNIQUE - KEYS(128 0)) - - INDEX(NAME({components.caching-service.storage.vsam.name}.INDEX) - + INDEX(NAME({zowe.setup.vsam.name}.INDEX) - UNIQUE) //RLS DD * STORCLAS({zowe.setup.vsam.storageClass}) - diff --git a/files/SZWESAMP/ZWEGENER b/files/SZWESAMP/ZWEGENER index e1f8b2b562..3d84f4dcc5 100644 --- a/files/SZWESAMP/ZWEGENER +++ b/files/SZWESAMP/ZWEGENER @@ -27,16 +27,14 @@ // SPACE=(3120,(20,5,10)) //* //* Replace {zowe.setup.dataset.prefix} with the -//* HLQ where SMP/E installed data sets are located. +//* Value as seen in zowe.yaml //* //SYSPROC DD DSN={zowe.setup.dataset.prefix}.SZWEEXEC,DISP=SHR //* -//* Replace {zowe.setup.dataset.loadlib} with the data set -//* that contains Zowe executables. This data set will have -//* the suffix 'SZWELOAD'. -//* +//* Replace {zowe.setup.dataset.prefix} with the +//* Value as seen in zowe.yaml //* -//STEPLIB DD DSN={zowe.setup.dataset.loadlib},DISP=SHR +//STEPLIB DD DSN={zowe.setup.dataset.prefix}.SZWELOAD,DISP=SHR //ISPPLIB DD DSN=ISP.SISPPENU,DISP=SHR //ISPMLIB DD DSN=ISP.SISPMENU,DISP=SHR //ISPTLIB DD DSN=ISP.SISPTENU,DISP=SHR @@ -48,7 +46,7 @@ //* server-common.json //* //* Replace {zowe.runtimeDirectory} with where your Zowe run time -//* directory is. +//* directory is, as seen in zowe.yaml //* //MYSCHEMA DD *,DLM=$$ FILE {zowe.runtimeDirectory}/schemas/zowe-yaml-schema.json diff --git a/files/SZWESAMP/ZWEKRING b/files/SZWESAMP/ZWEKRING index 816e7a63e4..c62307b569 100644 --- a/files/SZWESAMP/ZWEKRING +++ b/files/SZWESAMP/ZWEKRING @@ -179,7 +179,7 @@ $$ WITHLABEL('{zowe.setup.certificate.keyring.label}.') + KEYUSAGE(HANDSHAKE) + ALTNAME(IP(&IPADDRES) + - DOMAIN('{zowe.externalDomains[0]}')) + + DOMAIN('{zowe.externalDomains.0}')) + SIGNWITH(CERTAUTH + LABEL('{zowe.setup.certificate.keyring.caLabel}')) @@ -413,7 +413,7 @@ ACF EXPIRE(05/01/30) - LABEL({zowe.setup.certificate.keyring.label}.) - KEYUSAGE(HANDSHAKE) - - ALTNAME(IP=&IPADDRES DOMAIN={zowe.externalDomains[0]}) - + ALTNAME(IP=&IPADDRES DOMAIN={zowe.externalDomains.0}) - SIGNWITH(CERTAUTH.ZOWECA) * * Connect a Zowe's certificate with the keyring ................... */ @@ -590,7 +590,7 @@ $$ NADATE(05/01/30) + LABLCERT({zowe.setup.certificate.keyring.label}.) + KEYUSAGE('HANDSHAKE') + - ALTNAME('DOMAIN={zowe.externalDomains[0]}') + + ALTNAME('DOMAIN={zowe.externalDomains.0}') + SIGNWITH(CERTAUTH,ZOWECA) /* Connect a Zowe's certificate with the keyring ................... */ diff --git a/schemas/zowe-yaml-schema.json b/schemas/zowe-yaml-schema.json index 32fe423772..01198bd6c8 100644 --- a/schemas/zowe-yaml-schema.json +++ b/schemas/zowe-yaml-schema.json @@ -382,6 +382,10 @@ "storageClass": { "type": "string", "description": "Storage class name if you are using VSAM in RLS mode" + }, + "name": { + "type": "string", + "description": "Data set name. Must match components.caching-service.storage.vsam.name" } } } From f3cf28bb8e396560bb0eb9ce965a4dc1f0bac023 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 31 Jan 2024 17:14:01 -0500 Subject: [PATCH 071/258] Fixes for job submission and update of stc jcl Signed-off-by: 1000TurquoisePogs --- bin/commands/init/generate/index.ts | 13 +++++++++---- bin/commands/init/mvs/index.sh | 4 +++- bin/commands/init/vsam/index.sh | 4 +++- bin/commands/install/index.sh | 2 +- bin/libs/zos-jes.sh | 3 +++ bin/libs/zos-jes.ts | 6 +++++- manifest.json.template | 4 ++-- 7 files changed, 26 insertions(+), 10 deletions(-) diff --git a/bin/commands/init/generate/index.ts b/bin/commands/init/generate/index.ts index 73bb143ade..f4a6c2e7a9 100644 --- a/bin/commands/init/generate/index.ts +++ b/bin/commands/init/generate/index.ts @@ -22,26 +22,31 @@ export function execute(dryRun?: boolean) { common.requireZoweYaml(); const ZOWE_CONFIG=config.getZoweConfig(); const tempFile = fs.createTmpFile(); - zosFs.copyMvsToUss(ZOWE_CONFIG.zowe.setup.dataset.prefix + 'SZWESAMP(ZWEGENER)', tempFile); + zosFs.copyMvsToUss(ZOWE_CONFIG.zowe.setup.dataset.prefix + '.SZWESAMP(ZWEGENER)', tempFile); let jclContents = xplatform.loadFileUTF8(tempFile, xplatform.AUTO_DETECT); jclContents = jclContents.replace("DSN={zowe.setup.dataset.prefix}", "DSN="+ZOWE_CONFIG.zowe.setup.dataset.prefix); jclContents = jclContents.replace("{zowe.setup.dataset.loadlib}", ZOWE_CONFIG.zowe.setup.dataset.loadlib); jclContents = jclContents.replace(/\{zowe\.runtimeDirectory\}/gi, ZOWE_CONFIG.zowe.runtimeDirectory); jclContents = jclContents.replace('FILE ', 'FILE '+ZOWE_CONFIG.zowe.workspaceDirectory+'/.env/.zowe-merged.yaml'); - os.remove(tempFile); + + xplatform.storeFileUTF8(tempFile, xplatform.AUTO_DETECT, jclContents); - common.printMessage(`Template JCL: ${ZOWE_CONFIG.zowe.setup.dataset.prefix + 'SZWESAMP(ZWEGENER)'}`); + common.printMessage(`Template JCL: ${ZOWE_CONFIG.zowe.setup.dataset.prefix + '.SZWESAMP(ZWEGENER)'}`); common.printMessage('JCL content:'); common.printMessage(jclContents); if (dryRun) { common.printMessage('JCL not submitted, command run with dry run flag.'); common.printMessage('To perform command, re-run command without dry run flag, or submit the JCL directly.'); + os.remove(tempFile); + } else { //TODO can we generate just for one step, or no reason? common.printMessage('Submitting Job ZWEGENER'); - const jobid = zosJes.submitJob(jclContents); + const jobid = zosJes.submitJob(tempFile); const result = zosJes.waitForJob(jobid); + os.remove(tempFile); + common.printMessage(`Job completed with RC=${result.rc}`); if (result.rc == 0) { common.printMessage("Zowe JCL generated successfully"); diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index 36acb65d48..52e2ef3ddd 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -87,7 +87,7 @@ else if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then print_message "Submitting Job ZWEIMVS" - jobid=$(submit_job "$jcl_contents") + jobid=$(submit_job $jcl_file) code=$? if [ ${code} -ne 0 ]; then print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib_location}(ZWEIMVS)." "" 161 @@ -96,6 +96,7 @@ else jobstate=$(wait_for_job "${jobid}") code=$? + rm $jcl_file if [ ${code} -eq 1 ]; then print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 fi @@ -112,6 +113,7 @@ else print_message "JCL not submitted, command run with dry run flag." print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" print_level2_message "Zowe custom data sets are initialized successfully." + rm $jcl_file fi fi diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index d12f7d812b..05b4f87de1 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -99,7 +99,7 @@ print_message "$jcl_contents" if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then print_message "Submitting Job ZWECSVSM" - jobid=$(submit_job "$jcl_contents") + jobid=$(submit_job $jcl_file) code=$? if [ ${code} -ne 0 ]; then print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib}(ZWECSVSM)." "" 161 @@ -108,6 +108,7 @@ if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then jobstate=$(wait_for_job "${jobid}") code=$? + rm $jcl_file if [ ${code} -eq 1 ]; then print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 fi @@ -124,4 +125,5 @@ else print_message "JCL not submitted, command run with dry run flag." print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" print_level2_message "Zowe Caching Service VSAM storage is created successfully." + rm $jcl_file fi diff --git a/bin/commands/install/index.sh b/bin/commands/install/index.sh index 0fc9e7fad6..a74da85c87 100644 --- a/bin/commands/install/index.sh +++ b/bin/commands/install/index.sh @@ -115,7 +115,7 @@ else # FIXME: move these parts to zss commands.install? # FIXME: ZWESIPRG is in zowe-install-packaging cd "${ZWE_zowe_runtimeDirectory}/components/zss" - zss_samplib="ZWESAUX=ZWESASTC ZWESIP00 ZWESIS01=ZWESISTC ZWESISCH" + zss_samplib="ZWESASTC ZWESIP00 ZWESISTC ZWESISCH" for mb in ${zss_samplib}; do mb_from=$(echo "${mb}" | awk -F= '{print $1}') mb_to=$(echo "${mb}" | awk -F= '{print $2}') diff --git a/bin/libs/zos-jes.sh b/bin/libs/zos-jes.sh index 7c6f564faf..6d9469c0fe 100644 --- a/bin/libs/zos-jes.sh +++ b/bin/libs/zos-jes.sh @@ -37,6 +37,9 @@ submit_job() { code=$? if [ ${code} -eq 0 ]; then jobid=$(echo "${result}" | grep submitted | awk '{print $2}') + if [ -z "${jobid}" ]; then + jobid=$(echo "${result}" | grep "$HASP" | awk '{print $2}') + fi if [ -z "${jobid}" ]; then print_debug " * Failed to find job ID" print_error " * Exit code: ${code}" diff --git a/bin/libs/zos-jes.ts b/bin/libs/zos-jes.ts index 0b78714667..b7808c14a2 100644 --- a/bin/libs/zos-jes.ts +++ b/bin/libs/zos-jes.ts @@ -36,7 +36,11 @@ export function submitJob(jclFile: string): string|undefined { const code=result.rc; if (code==0) { let jobidlines = result.out.split('\n').filter(line=>line.indexOf('submitted')!=-1); - const jobid = jobidlines.length > 0 ? jobidlines[0].split(' ')[1] : undefined; + let jobid = jobidlines.length > 0 ? jobidlines[0].split(' ')[1] : undefined; + if (!jobid) { + jobidlines = result.out.split('\n').filter(line=>line.indexOf('$HASP')!=-1); + jobid = jobidlines.length > 0 ? jobidlines[0].split(' ')[1] : undefined; + } if (!jobid) { common.printDebug(` * Failed to find job ID`); common.printError(` * Exit code: ${code}`); diff --git a/manifest.json.template b/manifest.json.template index 5f0645c5fa..cf4e920432 100644 --- a/manifest.json.template +++ b/manifest.json.template @@ -40,7 +40,7 @@ "artifact": "*.pax" }, "org.zowe.zss": { - "version": "^2.0.0-STAGING", + "version": "^2.14.0-PR-683", "artifact": "*.pax" }, "org.zowe.explorer.jobs.jobs-api-package": { @@ -124,7 +124,7 @@ "artifact": "*.pax" }, "org.zowe.launcher": { - "version": "^2.0.0-SNAPSHOT" + "version": "^2.15.0-PR-107" }, "org.zowe.keyring-utilities": { "version": "1.0.4", From 0e5951087b2380917b41448ee2441aa4ca3f4c00 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 31 Jan 2024 18:01:02 -0500 Subject: [PATCH 072/258] Fixes after testing Signed-off-by: 1000TurquoisePogs --- bin/commands/init/generate/index.sh | 23 +++++++++++++++++++++++ bin/commands/init/generate/index.ts | 3 +-- bin/commands/init/mvs/index.sh | 2 +- files/SZWESAMP/ZWEIMVS | 2 +- 4 files changed, 26 insertions(+), 4 deletions(-) create mode 100644 bin/commands/init/generate/index.sh diff --git a/bin/commands/init/generate/index.sh b/bin/commands/init/generate/index.sh new file mode 100644 index 0000000000..e76e65d10a --- /dev/null +++ b/bin/commands/init/generate/index.sh @@ -0,0 +1,23 @@ +#!/bin/sh + +####################################################################### +# This program and the accompanying materials are made available +# under the terms of the Eclipse Public License v2.0 which +# accompanies this distribution, and is available at +# https://www.eclipse.org/legal/epl-v20.html +# +# SPDX-License-Identifier: EPL-2.0 +# +# Copyright Contributors to the Zowe Project. +####################################################################### + +USE_CONFIGMGR=$(check_configmgr_enabled) +if [ "${USE_CONFIGMGR}" = "true" ]; then + if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then + # user-facing command, use tmpdir to not mess up workspace permissions + export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 + fi + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/generate/cli.js" +else + echo "This command is only available when zowe.useConfigmgr=true" +fi diff --git a/bin/commands/init/generate/index.ts b/bin/commands/init/generate/index.ts index f4a6c2e7a9..6df1dc0e66 100644 --- a/bin/commands/init/generate/index.ts +++ b/bin/commands/init/generate/index.ts @@ -25,8 +25,7 @@ export function execute(dryRun?: boolean) { zosFs.copyMvsToUss(ZOWE_CONFIG.zowe.setup.dataset.prefix + '.SZWESAMP(ZWEGENER)', tempFile); let jclContents = xplatform.loadFileUTF8(tempFile, xplatform.AUTO_DETECT); - jclContents = jclContents.replace("DSN={zowe.setup.dataset.prefix}", "DSN="+ZOWE_CONFIG.zowe.setup.dataset.prefix); - jclContents = jclContents.replace("{zowe.setup.dataset.loadlib}", ZOWE_CONFIG.zowe.setup.dataset.loadlib); + jclContents = jclContents.replace(/\{zowe\.setup\.dataset\.prefix\}/gi, ZOWE_CONFIG.zowe.setup.dataset.prefix); jclContents = jclContents.replace(/\{zowe\.runtimeDirectory\}/gi, ZOWE_CONFIG.zowe.runtimeDirectory); jclContents = jclContents.replace('FILE ', 'FILE '+ZOWE_CONFIG.zowe.workspaceDirectory+'/.env/.zowe-merged.yaml'); diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index 52e2ef3ddd..f2a86379f6 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -17,7 +17,7 @@ print_level1_message "Initialize Zowe custom data sets" cust_ds_list="parmlib|Zowe parameter library jcllib|Zowe JCL library authLoadlib|Zowe authorized load library -authPluginLib|Zowe authorized plugin library +authPluginLib|Zowe authorized plugin library" ############################### # validation diff --git a/files/SZWESAMP/ZWEIMVS b/files/SZWESAMP/ZWEIMVS index 2940c66685..747655b25b 100644 --- a/files/SZWESAMP/ZWEIMVS +++ b/files/SZWESAMP/ZWEIMVS @@ -43,7 +43,7 @@ blksize(32760) unit(sysallda) space(30,15) tracks //MCOPY1 EXEC PGM=IEBCOPY //SYSPRINT DD SYSOUT=A //SYSUT1 DD DSN={zowe.setup.dataset.prefix}.SZWESAMP,DISP=SHR -//SYSUT2 DD DSN={zowe.setup.dataset.jcllib},DISP=OLD +//SYSUT2 DD DSN={zowe.setup.dataset.parmlib},DISP=OLD //SYSIN DD * COPY OUTDD=SYSUT2,INDD=SYSUT1 SELECT MEMBER=(ZWESIP00) From 639d2e48f5b20d9ecd23a7f35b63fcb5769284f1 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 1 Feb 2024 16:07:12 -0500 Subject: [PATCH 073/258] Add way to fill in config file into zweslstc. run gener in init steps that see it is missing. make clear start and end to jcl output Signed-off-by: 1000TurquoisePogs --- bin/commands/init/mvs/index.sh | 12 +++++++++--- bin/commands/init/vsam/index.sh | 28 ++++++++++------------------ files/SZWEEXEC/ZWEGEN00 | 32 ++++++++++++++++++++++++++++++++ 3 files changed, 51 insertions(+), 21 deletions(-) diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index f2a86379f6..75bc24671d 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -30,9 +30,14 @@ if [ -z "${prefix}" ]; then fi jcllib_location=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") -does_jcl_exist=$(is_data_set_exists "${jcllib_location}(ZWEIMVS)") +jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") +does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEIMVS)") if [ "${does_jcl_exist}" = "false" ]; then - print_error_and_exit "Error ZWEL0999E: ${jcllib_location}(ZWEIMVS) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 + zwecli_inline_execute_command init generate +fi +does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEIMVS)") +if [ "${does_jcl_exist}" = "false" ]; then + print_error_and_exit "Error ZWEL0999E: ${jcllib}(ZWEIMVS) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 fi @@ -82,8 +87,9 @@ else jcl_contents=$(cat "${jcl_file}") print_message "Template JCL: ${prefix}.SZWESAMP(ZWEIMVS) , Executable JCL: ${jcllib_location}(ZWEIMVS)" - print_message "JCL Content:" + print_message "--- JCL Content ---" print_message "$jcl_contents" + print_message "--- End of JCL ---" if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then print_message "Submitting Job ZWEIMVS" diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index 05b4f87de1..38937c17cc 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -32,12 +32,15 @@ if [ -z "${prefix}" ]; then fi jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") -does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEIMVS)") +does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWECSVSM)") if [ "${does_jcl_exist}" = "false" ]; then - print_error_and_exit "Error ZWEL0999E: ${jcllib}(ZWEIMVS) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 + zwecli_inline_execute_command init generate fi - - +does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWECSVSM)") +if [ "${does_jcl_exist}" = "false" ]; then + print_error_and_exit "Error ZWEL0999E: ${jcllib}(ZWECSVSM) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 +fi +[I vsam_mode=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.vsam.mode") if [ -z "${vsam_mode}" ]; then @@ -62,18 +65,6 @@ if [ -z "${vsam_name}" ]; then print_error_and_exit "Error ZWEL0157E: Zowe Caching Service VSAM data set name (components.caching-service.storage.vsam.name) is not defined in Zowe YAML configuration file." "" 157 fi -jcl_existence=$(is_data_set_exists "${jcllib}(ZWECSVSM)") -if [ "${jcl_existence}" = "true" ]; then - if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then - # warning - print_message "Warning ZWEL0300W: ${jcllib}(ZWECSVSM) already exists. This data set member will be overwritten during configuration." - else - # print_error_and_exit "Error ZWEL0158E: ${jcllib}(ZWECSVSM) already exists." "" 158 - # warning - print_message "Warning ZWEL0301W: ${jcllib}(ZWECSVSM) already exists and will not be overwritten. For upgrades, you must use --allow-overwrite." - fi -fi - # VSAM cache cannot be overwritten, must delete manually # FIXME: cat cannot be used to test VSAM data set vsam_existence=$(is_data_set_exists "${vsam_name}") @@ -88,14 +79,15 @@ if [ "${vsam_existence}" = "true" ]; then fi fi - + jcl_file=$(create_tmp_file) copy_mvs_to_uss "${jcllib}(ZWECSVSM)" "${jcl_file}" jcl_contents=$(cat "${jcl_file}") print_message "Template JCL: ${prefix}.SZWESAMP(ZWECSVSM) , Executable JCL: ${jcllib}(ZWECSVSM)" -print_message "JCL Content:" +print_message "--- JCL Content ---" print_message "$jcl_contents" +print_message "--- End of JCL ---" if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then print_message "Submitting Job ZWECSVSM" diff --git a/files/SZWEEXEC/ZWEGEN00 b/files/SZWEEXEC/ZWEGEN00 index c39409178e..9bcb957645 100644 --- a/files/SZWEEXEC/ZWEGEN00 +++ b/files/SZWEEXEC/ZWEGEN00 @@ -36,6 +36,7 @@ parse arg operation verbosity schemaChain = GetSchemaChain() configChain = GetConfigChain() +configChainWithMembers = GetConfigChainW[IithMembers() /* ================================================================================ @@ -73,6 +74,7 @@ end CFG.zwe.header.user = USERID() CFG.zwe.header.date = TRANSLATE(DATE(), '-', ' ') CFG.zwe.header.time = TIME() +CFG.ZWE_CLI_PARAMETER_CONFIG = configChainWithMembers /* ================================================================================ @@ -750,12 +752,42 @@ FreeByDSN: type = WORD(!contentToRead.j, 1) location = WORD(!contentToRead.j, 2) element = type'('location')' + if COMPARE(type, 'PARMLIB') = 0 then do + elementWithMember = 'PARMLIB('location'(ZWEYAML))' + end + configChain = AddToChain(configChain, element) + end + end + + return configChain + +/* +================================================================================ + GetConfigChainWithMembers() +================================================================================ +*/ + GetConfigChainWithMembers: + procedure expose !verbose + + configChain = '' + + if ReadFromDataSet('myconfig') = 0 then do + do j = 1 to !contentToRead.0 + type = WORD(!contentToRead.j, 1) + location = WORD(!contentToRead.j, 2) + if COMPARE(type, 'PARMLIB') = 0 then do + element = 'PARMLIB('location'(ZWEYAML))' + end + else do + element = type'('location')' + end configChain = AddToChain(configChain, element) end end return configChain + /* ================================================================================ GetSchemaChain() From f969f99a5c226a61cc6bb652219c24ff469d312b Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 1 Feb 2024 17:19:09 -0500 Subject: [PATCH 074/258] Add missing error messages. Implement STC JCL and trim init stc. Signed-off-by: 1000TurquoisePogs --- bin/commands/init/generate/index.ts | 6 +- bin/commands/init/mvs/.errors | 1 + bin/commands/init/mvs/index.sh | 7 +- bin/commands/init/stc/.errors | 3 + bin/commands/init/stc/.parameters | 1 + bin/commands/init/stc/index.sh | 233 ++++++---------------------- bin/commands/init/vsam/.parameters | 1 + bin/commands/init/vsam/index.sh | 1 - bin/libs/configmgr.ts | 2 +- files/SZWEEXEC/ZWEGEN00 | 2 +- files/SZWESAMP/ZWEISTC | 38 +++++ 11 files changed, 99 insertions(+), 196 deletions(-) create mode 100644 files/SZWESAMP/ZWEISTC diff --git a/bin/commands/init/generate/index.ts b/bin/commands/init/generate/index.ts index 6df1dc0e66..3b6ee91adb 100644 --- a/bin/commands/init/generate/index.ts +++ b/bin/commands/init/generate/index.ts @@ -27,13 +27,15 @@ export function execute(dryRun?: boolean) { jclContents = jclContents.replace(/\{zowe\.setup\.dataset\.prefix\}/gi, ZOWE_CONFIG.zowe.setup.dataset.prefix); jclContents = jclContents.replace(/\{zowe\.runtimeDirectory\}/gi, ZOWE_CONFIG.zowe.runtimeDirectory); - jclContents = jclContents.replace('FILE ', 'FILE '+ZOWE_CONFIG.zowe.workspaceDirectory+'/.env/.zowe-merged.yaml'); + let absConfig = fs.convertToAbsolutePath(std.getenv('ZWE_PRIVATE_CONFIG_ORIG')); + jclContents = jclContents.replace('FILE ', 'FILE '+absConfig); xplatform.storeFileUTF8(tempFile, xplatform.AUTO_DETECT, jclContents); common.printMessage(`Template JCL: ${ZOWE_CONFIG.zowe.setup.dataset.prefix + '.SZWESAMP(ZWEGENER)'}`); - common.printMessage('JCL content:'); + common.printMessage('--- JCL content ---'); common.printMessage(jclContents); + common.printMessage('--- End of JCL ---'); if (dryRun) { common.printMessage('JCL not submitted, command run with dry run flag.'); diff --git a/bin/commands/init/mvs/.errors b/bin/commands/init/mvs/.errors index 1fdebba80c..0b0768cd21 100644 --- a/bin/commands/init/mvs/.errors +++ b/bin/commands/init/mvs/.errors @@ -4,3 +4,4 @@ ZWEL0301W||%s already exists and will not be overwritten. For upgrades, you must ZWEL0158E|158|%s already exists. ZWEL0161E|161|Failed to run JCL %s. ZWEL0162E|162|Failed to find job %s result. +ZWEL0163E|163|Job %s ends with code %s. \ No newline at end of file diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index 75bc24671d..fb1913442c 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -30,14 +30,13 @@ if [ -z "${prefix}" ]; then fi jcllib_location=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") -jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") -does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEIMVS)") +does_jcl_exist=$(is_data_set_exists "${jcllib_location}(ZWEIMVS)") if [ "${does_jcl_exist}" = "false" ]; then zwecli_inline_execute_command init generate fi -does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEIMVS)") +does_jcl_exist=$(is_data_set_exists "${jcllib_location}(ZWEIMVS)") if [ "${does_jcl_exist}" = "false" ]; then - print_error_and_exit "Error ZWEL0999E: ${jcllib}(ZWEIMVS) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 + print_error_and_exit "Error ZWEL0999E: ${jcllib_location}(ZWEIMVS) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 fi diff --git a/bin/commands/init/stc/.errors b/bin/commands/init/stc/.errors index 4109f9bdf2..801ae923f7 100644 --- a/bin/commands/init/stc/.errors +++ b/bin/commands/init/stc/.errors @@ -5,3 +5,6 @@ ZWEL0143E|143|Cannot find data set member %s. You may need to re-run `zwe instal ZWEL0158E|158|%s already exists. ZWEL0159E|159|Failed to modify %s. ZWEL0160E|160|Failed to write to %s. Please check if target data set is opened by others. +ZWEL0161E|161|Failed to run JCL %s. +ZWEL0162E|162|Failed to find job %s result. +ZWEL0163E|163|Job %s ends with code %s. \ No newline at end of file diff --git a/bin/commands/init/stc/.parameters b/bin/commands/init/stc/.parameters index 7d4e1ac58c..5182058f4b 100644 --- a/bin/commands/init/stc/.parameters +++ b/bin/commands/init/stc/.parameters @@ -1 +1,2 @@ allow-overwrite,allow-overwritten||boolean|||||Allow overwritten existing MVS data set. +dry-run||boolean|||||Generates and prints JCL but does not execute \ No newline at end of file diff --git a/bin/commands/init/stc/index.sh b/bin/commands/init/stc/index.sh index ec77fbabba..cbe43a04f7 100644 --- a/bin/commands/init/stc/index.sh +++ b/bin/commands/init/stc/index.sh @@ -13,10 +13,6 @@ print_level1_message "Install Zowe main started task" -############################### -# constants -proclibs="ZWESLSTC ZWESISTC ZWESASTC" - ############################### # validation require_zowe_yaml @@ -26,6 +22,7 @@ prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") if [ -z "${prefix}" ]; then print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 fi + # read PROCLIB and validate proclib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.proclib") if [ -z "${proclib}" ]; then @@ -33,60 +30,30 @@ if [ -z "${proclib}" ]; then fi # read JCL library and validate jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") -if [ -z "${jcllib}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe custom JCL library (zowe.setup.dataset.jcllib) is not defined in Zowe YAML configuration file." "" 157 -fi -# read PARMLIB and validate -parmlib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.parmlib") -if [ -z "${parmlib}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe custom parameter library (zowe.setup.dataset.parmlib) is not defined in Zowe YAML configuration file." "" 157 -fi -# read LOADLIB and validate -authLoadlib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.authLoadlib") -if [ -z "${authLoadlib}" ]; then - # authLoadlib can be empty - authLoadlib="${prefix}.${ZWE_PRIVATE_DS_SZWEAUTH}" +does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEISTC)") +if [ "${does_jcl_exist}" = "false" ]; then + zwecli_inline_execute_command init generate fi -authPluginLib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.authPluginLib") -if [ -z "${authPluginLib}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe custom load library (zowe.setup.dataset.authPluginLib) is not defined in Zowe YAML configuration file." "" 157 +does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEISTC)") +if [ "${does_jcl_exist}" = "false" ]; then + print_error_and_exit "Error ZWEL0999E: ${jcllib}(ZWEISTC) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 fi + security_stcs_zowe=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.stcs.zowe") if [ -z "${security_stcs_zowe}" ]; then - security_stcs_zowe=${ZWE_PRIVATE_DEFAULT_ZOWE_STC} + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.stcs.zowe) is not defined in Zowe YAML configuration file." "" 157 fi security_stcs_zis=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.stcs.zis") if [ -z "${security_stcs_zis}" ]; then - security_stcs_zis=${ZWE_PRIVATE_DEFAULT_ZIS_STC} + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.stcs.zis) is not defined in Zowe YAML configuration file." "" 157 fi security_stcs_aux=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.stcs.aux") if [ -z "${security_stcs_aux}" ]; then - security_stcs_aux=${ZWE_PRIVATE_DEFAULT_AUX_STC} + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.stcs.aux) is not defined in Zowe YAML configuration file." "" 157 fi target_proclibs="${security_stcs_zowe} ${security_stcs_zis} ${security_stcs_aux}" -# check existence -for mb in ${proclibs}; do - # source in SZWESAMP - samp_existence=$(is_data_set_exists "${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(${mb})") - if [ "${samp_existence}" != "true" ]; then - print_error_and_exit "Error ZWEL0143E: ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(${mb}) already exists. This data set member will be overwritten during configuration." "" 143 - fi -done for mb in ${target_proclibs}; do - # JCL for preview purpose - jcl_existence=$(is_data_set_exists "${jcllib}(${mb})") - if [ "${jcl_existence}" = "true" ]; then - if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then - # warning - print_message "Warning ZWEL0300W: ${jcllib}(${mb}) already exists. This data set member will be overwritten during configuration." - else - # print_error_and_exit "Error ZWEL0158E: ${jcllib}(${mb}) already exists." "" 158 - # warning - print_message "Warning ZWEL0301W: ${jcllib}(${mb}) already exists and will not be overwritten. For upgrades, you must use --allow-overwrite." - fi - fi - # STCs in target proclib stc_existence=$(is_data_set_exists "${proclib}(${mb})") if [ "${stc_existence}" = "true" ]; then @@ -101,157 +68,49 @@ for mb in ${target_proclibs}; do fi done -if [ "${jcl_existence}" = "true" ] && [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" != "true" ]; then - print_message "Skipped writing to ${jcllib}(${mb}). To write, you must use --allow-overwrite." +if [ "${stc_existence}" = "true" ] && [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" != "true" ]; then + print_message "Skipped writing to ${proclib}. To write, you must use --allow-overwrite." else - ############################### - # prepare STCs - # ZWESLSTC - print_message "Modify ZWESLSTC and save as ${jcllib}(${security_stcs_zowe})" - tmpfile=$(create_tmp_file $(echo "zwe ${ZWE_CLI_COMMANDS_LIST}" | sed "s# #-#g")) - print_debug "- Copy ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESLSTC) to ${tmpfile}" - if [[ "$ZWE_CLI_PARAMETER_CONFIG" != /* ]];then - print_message "CONFIG path defined in ZWESLSTC is converted into absolute path and may contain SYSNAME." - print_message "Please manually verify if this path works for your environment, especially when you are working in Sysplex environment." - fi - result=$(cat "//'${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESLSTC)'" | \ - sed "s/^\/\/STEPLIB .*\$/\/\/STEPLIB DD DSNAME=${authLoadlib},DISP=SHR/" | \ - sed "s#^CONFIG=.*\$#CONFIG=$(convert_to_absolute_path ${ZWE_CLI_PARAMETER_CONFIG})#" \ - > "${tmpfile}") - code=$? - chmod 700 "${tmpfile}" - if [ ${code} -eq 0 ]; then - print_debug " * Succeeded" - print_trace " * Exit code: ${code}" - print_trace " * Output:" - if [ -n "${result}" ]; then - print_trace "$(padding_left "${result}" " ")" - fi - else - print_debug " * Failed" - print_error " * Exit code: ${code}" - print_error " * Output:" - if [ -n "${result}" ]; then - print_error "$(padding_left "${result}" " ")" - fi - fi - if [ ! -f "${tmpfile}" ]; then - print_error_and_exit "Error ZWEL0159E: Failed to modify ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESLSTC)" "" 159 - fi - print_trace "- ensure ${tmpfile} encoding before copying into data set" - ensure_file_encoding "${tmpfile}" "SPDX-License-Identifier" - print_trace "- ${tmpfile} created, copy to ${jcllib}(${security_stcs_zowe})" - copy_to_data_set "${tmpfile}" "${jcllib}(${security_stcs_zowe})" "" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" - code=$? - print_trace "- Delete ${tmpfile}" - rm -f "${tmpfile}" - if [ ${code} -ne 0 ]; then - print_error_and_exit "Error ZWEL0160E: Failed to write to ${jcllib}(${security_stcs_zowe}). Please check if target data set is opened by others." "" 160 - fi - print_debug "- ${jcllib}(${security_stcs_zowe}) is prepared" - # ZWESISTC - print_message "Modify ZWESISTC and save as ${jcllib}(${security_stcs_zis})" - tmpfile=$(create_tmp_file $(echo "zwe ${ZWE_CLI_COMMANDS_LIST}" | sed "s# #-#g")) - print_debug "- Copy ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESISTC) to ${tmpfile}" - result=$(cat "//'${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESISTC)'" | \ - sed '/^..STEPLIB/c\ -\//STEPLIB DD DSNAME='${authLoadlib}',DISP=SHR\ -\// DD DSNAME='${authPluginLib}',DISP=SHR' | \ - sed "s/^\/\/PARMLIB .*\$/\/\/PARMLIB DD DSNAME=${parmlib},DISP=SHR/" \ - > "${tmpfile}") - code=$? - chmod 700 "${tmpfile}" - if [ ${code} -eq 0 ]; then - print_debug " * Succeeded" - print_trace " * Exit code: ${code}" - print_trace " * Output:" - if [ -n "${result}" ]; then - print_trace "$(padding_left "${result}" " ")" + jcl_file=$(create_tmp_file) + copy_mvs_to_uss "${jcllib}(ZWEISTC)" "${jcl_file}" + jcl_contents=$(cat "${jcl_file}") + + print_message "Template JCL: ${prefix}.SZWESAMP(ZWEISTC) , Executable JCL: ${jcllib}(ZWEISTC)" + print_message "--- JCL Content ---" + print_message "$jcl_contents" + print_message "--- End of JCL ---" + + if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then + print_message "Submitting Job ZWEISTC" + jobid=$(submit_job $jcl_file) + code=$? + if [ ${code} -ne 0 ]; then + print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib}(ZWEISTC)." "" 161 fi - else - print_debug " * Failed" - print_error " * Exit code: ${code}" - print_error " * Output:" - if [ -n "${result}" ]; then - print_error "$(padding_left "${result}" " ")" + print_debug "- job id ${jobid}" + + jobstate=$(wait_for_job "${jobid}") + code=$? + rm $jcl_file + if [ ${code} -eq 1 ]; then + print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 fi - exit 1 - fi - if [ ! -f "${tmpfile}" ]; then - print_error_and_exit "Error ZWEL0159E: Failed to modify ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESISTC)" "" 159 - fi - print_trace "- ensure ${tmpfile} encoding before copying into data set" - ensure_file_encoding "${tmpfile}" "SPDX-License-Identifier" - print_trace "- ${tmpfile} created, copy to ${jcllib}(${security_stcs_zis})" - copy_to_data_set "${tmpfile}" "${jcllib}(${security_stcs_zis})" "" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" - code=$? - print_trace "- Delete ${tmpfile}" - rm -f "${tmpfile}" - if [ ${code} -ne 0 ]; then - print_error_and_exit "Error ZWEL0160E: Failed to write to ${jcllib}(${security_stcs_zis}). Please check if target data set is opened by others." "" 160 - fi - print_debug "- ${jcllib}(${security_stcs_zis}) is prepared" + jobname=$(echo "${jobstate}" | awk -F, '{print $2}') + jobcctext=$(echo "${jobstate}" | awk -F, '{print $3}') + jobcccode=$(echo "${jobstate}" | awk -F, '{print $4}') - # ZWESASTC - print_message "Modify ZWESASTC and save as ${jcllib}(${security_stcs_aux})" - tmpfile=$(create_tmp_file $(echo "zwe ${ZWE_CLI_COMMANDS_LIST}" | sed "s# #-#g")) - print_debug "- Copy ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESASTC) to ${tmpfile}" - result=$(cat "//'${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESASTC)'" | \ - sed '/^..STEPLIB/c\ -\//STEPLIB DD DSNAME='${authLoadlib}',DISP=SHR\ -\// DD DSNAME='${authPluginLib}',DISP=SHR' \ - > "${tmpfile}") - code=$? - chmod 700 "${tmpfile}" - if [ ${code} -eq 0 ]; then - print_debug " * Succeeded" - print_trace " * Exit code: ${code}" - print_trace " * Output:" - if [ -n "${result}" ]; then - print_trace "$(padding_left "${result}" " ")" + if [ "${code}" -eq 0 ]; then + print_level2_message "Zowe main started tasks are installed successfully." + else + print_error_and_exit "Error ZWEL0163E: Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." "" 163 fi else - print_debug " * Failed" - print_error " * Exit code: ${code}" - print_error " * Output:" - if [ -n "${result}" ]; then - print_error "$(padding_left "${result}" " ")" - fi - exit 1 - fi - if [ ! -f "${tmpfile}" ]; then - print_error_and_exit "Error ZWEL0159E: Failed to modify ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESASTC)" "" 159 + print_message "JCL not submitted, command run with dry run flag." + print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" + print_level2_message "Zowe main started tasks are installed successfully." + rm $jcl_file fi - print_trace "- ensure ${tmpfile} encoding before copying into data set" - ensure_file_encoding "${tmpfile}" "SPDX-License-Identifier" - print_trace "- ${tmpfile} created, copy to ${jcllib}(${security_stcs_aux})" - copy_to_data_set "${tmpfile}" "${jcllib}(${security_stcs_aux})" "" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" - code=$? - print_trace "- Delete ${tmpfile}" - rm -f "${tmpfile}" - if [ ${code} -ne 0 ]; then - print_error_and_exit "Error ZWEL0160E: Failed to write to ${jcllib}(${security_stcs_aux}). Please check if target data set is opened by others." "" 160 - fi - print_debug "- ${jcllib}(${security_stcs_aux}) is prepared" - - print_message fi -if [ "${stc_existence}" = "true" ] && [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" != "true" ]; then - print_message "Skipped writing to ${proclib}(${mb}). To write, you must use --allow-overwrite." -else - ############################### - # copy to proclib - for mb in ${target_proclibs}; do - print_message "Copy ${jcllib}(${mb}) to ${proclib}(${mb})" - data_set_copy_to_data_set "${prefix}" "${jcllib}(${mb})" "${proclib}(${mb})" "-X" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" - if [ $? -ne 0 ]; then - print_error_and_exit "Error ZWEL0111E: Command aborts with error." "" 111 - fi - done -fi -############################### -# exit message -print_level2_message "Zowe main started tasks are installed successfully." diff --git a/bin/commands/init/vsam/.parameters b/bin/commands/init/vsam/.parameters index 7d4e1ac58c..5182058f4b 100644 --- a/bin/commands/init/vsam/.parameters +++ b/bin/commands/init/vsam/.parameters @@ -1 +1,2 @@ allow-overwrite,allow-overwritten||boolean|||||Allow overwritten existing MVS data set. +dry-run||boolean|||||Generates and prints JCL but does not execute \ No newline at end of file diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index 38937c17cc..764035afba 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -40,7 +40,6 @@ does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWECSVSM)") if [ "${does_jcl_exist}" = "false" ]; then print_error_and_exit "Error ZWEL0999E: ${jcllib}(ZWECSVSM) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 fi -[I vsam_mode=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.vsam.mode") if [ -z "${vsam_mode}" ]; then diff --git a/bin/libs/configmgr.ts b/bin/libs/configmgr.ts index 26c16fa89a..d4ca618452 100644 --- a/bin/libs/configmgr.ts +++ b/bin/libs/configmgr.ts @@ -31,7 +31,7 @@ CONFIG_MGR.setTraceLevel(0); //these show the list of files used for zowe config prior to merging into a unified one. // ZWE_CLI_PARAMETER_CONFIG gets updated to point to the unified one once written. const parameterConfig = std.getenv('ZWE_CLI_PARAMETER_CONFIG'); - +std.setenv('ZWE_PRIVATE_CONFIG_ORIG', parameterConfig); /* When using configmgr (--configmgr or zowe.useConfigmgr=true) the config property of Zowe can take a few shapes: diff --git a/files/SZWEEXEC/ZWEGEN00 b/files/SZWEEXEC/ZWEGEN00 index 9bcb957645..1e6d73bbc8 100644 --- a/files/SZWEEXEC/ZWEGEN00 +++ b/files/SZWEEXEC/ZWEGEN00 @@ -36,7 +36,7 @@ parse arg operation verbosity schemaChain = GetSchemaChain() configChain = GetConfigChain() -configChainWithMembers = GetConfigChainW[IithMembers() +configChainWithMembers = GetConfigChainWithMembers() /* ================================================================================ diff --git a/files/SZWESAMP/ZWEISTC b/files/SZWESAMP/ZWEISTC new file mode 100644 index 0000000000..106ad9ffa5 --- /dev/null +++ b/files/SZWESAMP/ZWEISTC @@ -0,0 +1,38 @@ +//ZWEISTC JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* +//MCOPYL EXEC PGM=IEBCOPY +//SYSPRINT DD SYSOUT=A +//SYSUT1 DD DSN={zowe.setup.dataset.jcllib},DISP=SHR +//SYSUT2 DD DSN={zowe.setup.dataset.proclib},DISP=OLD +//SYSIN DD * + COPY OUTDD=SYSUT2,INDD=SYSUT1 + SELECT MEMBER=((ZWESLSTC,{zowe.setup.security.stcs.zowe})) +//* +//MCOPYI EXEC PGM=IEBCOPY +//SYSPRINT DD SYSOUT=A +//SYSUT1 DD DSN={zowe.setup.dataset.jcllib},DISP=SHR +//SYSUT2 DD DSN={zowe.setup.dataset.proclib},DISP=OLD +//SYSIN DD * + COPY OUTDD=SYSUT2,INDD=SYSUT1 + SELECT MEMBER=((ZWESISTC,{zowe.setup.security.stcs.zis})) +//* +//MCOPYA EXEC PGM=IEBCOPY +//SYSPRINT DD SYSOUT=A +//SYSUT1 DD DSN={zowe.setup.dataset.jcllib},DISP=SHR +//SYSUT2 DD DSN={zowe.setup.dataset.proclib},DISP=OLD +//SYSIN DD * + COPY OUTDD=SYSUT2,INDD=SYSUT1 + SELECT MEMBER=((ZWESASTC,{zowe.setup.security.stcs.aux})) +//* From d3ef23367a60cb32423923e70fb2afff46950630 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 2 Feb 2024 11:48:18 -0500 Subject: [PATCH 075/258] Separate ZWESECUR into each security product, and simplify zwe init security to use it. Signed-off-by: 1000TurquoisePogs --- bin/commands/init/mvs/index.sh | 2 +- bin/commands/init/security/index.sh | 117 +++------ bin/commands/init/stc/index.sh | 2 +- bin/commands/init/vsam/index.sh | 2 +- files/SZWESAMP/ZWEIACF2 | 267 ++++++++++++++++++++ files/SZWESAMP/ZWEIRACF | 315 ++++++++++++++++++++++++ files/SZWESAMP/ZWEITSS | 267 ++++++++++++++++++++ workflows/templates/ZWESECUR.properties | 10 +- workflows/templates/ZWESECUR.vtl | 64 ++--- workflows/templates/ZWESECUR.xml | 10 - 10 files changed, 913 insertions(+), 143 deletions(-) create mode 100644 files/SZWESAMP/ZWEIACF2 create mode 100644 files/SZWESAMP/ZWEIRACF create mode 100644 files/SZWESAMP/ZWEITSS diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index fb1913442c..af2bf5dea1 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -117,7 +117,7 @@ else else print_message "JCL not submitted, command run with dry run flag." print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" - print_level2_message "Zowe custom data sets are initialized successfully." + print_level2_message "Command run successfully." rm $jcl_file fi fi diff --git a/bin/commands/init/security/index.sh b/bin/commands/init/security/index.sh index b0d2c48551..329c1a4099 100644 --- a/bin/commands/init/security/index.sh +++ b/bin/commands/init/security/index.sh @@ -13,9 +13,6 @@ print_level1_message "Run Zowe security configurations" -############################### -# constants - ############################### # validation require_zowe_yaml @@ -25,118 +22,86 @@ prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") if [ -z "${prefix}" ]; then print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 fi +security_product=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.product") +if [ -z "${security_product}" ]; then + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.product) is not defined in Zowe YAML configuration file." "" 157 +fi + # read JCL library and validate jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") -if [ -z "${jcllib}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe custom JCL library (zowe.setup.dataset.jcllib) is not defined in Zowe YAML configuration file." "" 157 +does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEI${security_product})") +if [ "${does_jcl_exist}" = "false" ]; then + zwecli_inline_execute_command init generate fi -security_product=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.product") -if [ -z "${security_product}" ]; then - security_product=RACF +does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEI${security_product})") +if [ "${does_jcl_exist}" = "false" ]; then + print_error_and_exit "Error ZWEL0999E: ${jcllib}(ZWEI${security_product}) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 fi + + + security_groups_admin=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.groups.admin") if [ -z "${security_groups_admin}" ]; then - security_groups_admin=${ZWE_PRIVATE_DEFAULT_ADMIN_GROUP} + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.groups.admin) is not defined in Zowe YAML configuration file." "" 157 fi security_groups_stc=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.groups.stc") if [ -z "${security_groups_stc}" ]; then - security_groups_stc=${ZWE_PRIVATE_DEFAULT_ADMIN_GROUP} + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.groups.stc) is not defined in Zowe YAML configuration file." "" 157 fi security_groups_sysProg=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.groups.sysProg") if [ -z "${security_groups_sysProg}" ]; then - security_groups_sysProg=${ZWE_PRIVATE_DEFAULT_ADMIN_GROUP} + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.groups.sysProg) is not defined in Zowe YAML configuration file." "" 157 fi security_users_zowe=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.users.zowe") if [ -z "${security_users_zowe}" ]; then - security_users_zowe=${ZWE_PRIVATE_DEFAULT_ZOWE_USER} + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.users.zowe) is not defined in Zowe YAML configuration file." "" 157 fi security_users_zis=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.users.zis") if [ -z "${security_users_zis}" ]; then - security_users_zis=${ZWE_PRIVATE_DEFAULT_ZIS_USER} + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.users.zis) is not defined in Zowe YAML configuration file." "" 157 fi security_stcs_zowe=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.stcs.zowe") if [ -z "${security_stcs_zowe}" ]; then - security_stcs_zowe=${ZWE_PRIVATE_DEFAULT_ZOWE_STC} + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.stcs.zowe) is not defined in Zowe YAML configuration file." "" 157 fi security_stcs_zis=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.stcs.zis") if [ -z "${security_stcs_zis}" ]; then - security_stcs_zis=${ZWE_PRIVATE_DEFAULT_ZIS_STC} + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.stcs.zis) is not defined in Zowe YAML configuration file." "" 157 fi security_stcs_aux=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.stcs.aux") if [ -z "${security_stcs_aux}" ]; then - security_stcs_aux=${ZWE_PRIVATE_DEFAULT_AUX_STC} + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.stcs.aux) is not defined in Zowe YAML configuration file." "" 157 fi -############################### -# prepare ZWESECUR JCL -print_message "Modify ZWESECUR" -tmpfile=$(create_tmp_file $(echo "zwe ${ZWE_CLI_COMMANDS_LIST}" | sed "s# #-#g")) -tmpdsm=$(create_data_set_tmp_member "${jcllib}" "ZW$(date +%H%M)") -print_debug "- Copy ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESECUR) to ${tmpfile}" -# cat "//'IBMUSER.ZWEV2.SZWESAMP(ZWESECUR)'" | sed "s/^\\/\\/ \\+SET \\+PRODUCT=.*\\$/\\/\\ SET PRODUCT=ACF2 * RACF, ACF2, or TSS/" -result=$(cat "//'${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESECUR)'" | \ - sed "s/^\/\/ \+SET \+PRODUCT=.*\$/\/\/ SET PRODUCT=${security_product}/" | \ - sed "s/^\/\/ \+SET \+ADMINGRP=.*\$/\/\/ SET ADMINGRP=${security_groups_admin}/" | \ - sed "s/^\/\/ \+SET \+STCGRP=.*\$/\/\/ SET STCGRP=${security_groups_stc}/" | \ - sed "s/^\/\/ \+SET \+ZOWEUSER=.*\$/\/\/ SET ZOWEUSER=${security_users_zowe}/" | \ - sed "s/^\/\/ \+SET \+ZISUSER=.*\$/\/\/ SET ZISUSER=${security_users_zis}/" | \ - sed "s/^\/\/ \+SET \+ZOWESTC=.*\$/\/\/ SET ZOWESTC=${security_stcs_zowe}/" | \ - sed "s/^\/\/ \+SET \+ZISSTC=.*\$/\/\/ SET ZISSTC=${security_stcs_zis}/" | \ - sed "s/^\/\/ \+SET \+AUXSTC=.*\$/\/\/ SET AUXSTC=${security_stcs_aux}/" | \ - sed "s/^\/\/ \+SET \+HLQ=.*\$/\/\/ SET HLQ=${prefix}/" | \ - sed "s/^\/\/ \+SET \+SYSPROG=.*\$/\/\/ SET SYSPROG=${security_groups_sysProg}/" \ - > "${tmpfile}") -code=$? -chmod 700 "${tmpfile}" -if [ ${code} -eq 0 ]; then - print_debug " * Succeeded" - print_trace " * Exit code: ${code}" - print_trace " * Output:" - if [ -n "${result}" ]; then - print_trace "$(padding_left "${result}" " ")" - fi -else - print_debug " * Failed" - print_error " * Exit code: ${code}" - print_error " * Output:" - if [ -n "${result}" ]; then - print_error "$(padding_left "${result}" " ")" - fi -fi -if [ ! -f "${tmpfile}" ]; then - print_error_and_exit "Error ZWEL0159E: Failed to modify ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESECUR)" "" 159 -fi -print_trace "- ensure ${tmpfile} encoding before copying into data set" -ensure_file_encoding "${tmpfile}" "SPDX-License-Identifier" -print_trace "- ${tmpfile} created, copy to ${jcllib}(${tmpdsm})" -copy_to_data_set "${tmpfile}" "${jcllib}(${tmpdsm})" "" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" -code=$? -print_trace "- Delete ${tmpfile}" -rm -f "${tmpfile}" -if [ ${code} -ne 0 ]; then - print_error_and_exit "Error ZWEL0160E: Failed to write to ${jcllib}(${tmpdsm}). Please check if target data set is opened by others." "" 160 -fi -print_message "- ${jcllib}(${tmpdsm}) is prepared" -print_message -############################### -# submit job +jcl_file=$(create_tmp_file) +copy_mvs_to_uss "${jcllib}(ZWEI${security_product})" "${jcl_file}" +jcl_contents=$(cat "${jcl_file}") + +print_message "Template JCL: ${prefix}.SZWESAMP(ZWEI${security_product}) , Executable JCL: ${jcllib}(ZWEI${security_product})" +print_message "--- JCL Content ---" +print_message "$jcl_contents" +print_message "--- End of JCL ---" + job_has_failures= if [ "${ZWE_CLI_PARAMETER_SECURITY_DRY_RUN}" = "true" ]; then - print_message "Dry-run mode, security setup is NOT performed on the system." - print_message "Please submit ${jcllib}(${tmpdsm}) manually." + print_message "JCL not submitted, command run with dry run flag." + print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" + rm $jcl_file else - print_message "Submit ${jcllib}(${tmpdsm})" - jobid=$(submit_job "//'${jcllib}(${tmpdsm})'") + ############################### + # submit job + print_message "Submitting Job ZWEI${security_product}" + jobid=$(submit_job "//'${jcllib}(ZWEI${security_product})'") code=$? if [ ${code} -ne 0 ]; then job_has_failures=true if [ "${ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES}" = "true" ]; then - print_error "Warning ZWEL0161W: Failed to run JCL ${jcllib}(${tmpdsm})." + print_error "Warning ZWEL0161W: Failed to run JCL ${jcllib}(ZWEI${security_product})." # skip wait for job status step jobid= else - print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib}(${tmpdsm})." "" 161 + print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib}(ZWEI${security_product})." "" 161 fi fi @@ -179,5 +144,5 @@ fi if [ "${job_has_failures}" = "true" ]; then print_level2_message "Failed to apply Zowe security configurations. Please check job log for details." else - print_level2_message "Zowe security configurations are applied successfully." + print_level2_message "Command run successfully." fi diff --git a/bin/commands/init/stc/index.sh b/bin/commands/init/stc/index.sh index cbe43a04f7..6eeac595ba 100644 --- a/bin/commands/init/stc/index.sh +++ b/bin/commands/init/stc/index.sh @@ -108,7 +108,7 @@ else else print_message "JCL not submitted, command run with dry run flag." print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" - print_level2_message "Zowe main started tasks are installed successfully." + print_level2_message "Command run successfully." rm $jcl_file fi fi diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index 764035afba..ec0212ae68 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -115,6 +115,6 @@ if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then else print_message "JCL not submitted, command run with dry run flag." print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" - print_level2_message "Zowe Caching Service VSAM storage is created successfully." + print_level2_message "Command run successfully." rm $jcl_file fi diff --git a/files/SZWESAMP/ZWEIACF2 b/files/SZWESAMP/ZWEIACF2 new file mode 100644 index 0000000000..c446614664 --- /dev/null +++ b/files/SZWESAMP/ZWEIACF2 @@ -0,0 +1,267 @@ +//ZWEIACF2 JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2018, 2020 +//* +//********************************************************************* +//* +//* Zowe Open Source Project +//* This JCL can be used to define security permits for Zowe +//* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* 2) When not using AUTOUID and AUTOGID to assign z/OS UNIX UID +//* and GID values, update the SET *ID= statements to match the +//* desired UID and GID values. +//* +//* 3) Customize the commands in the DD statement that matches your +//* security product so that they meet your system requirements. +//* +//* Note(s): +//* +//* 1. THE USER ID THAT RUNS THIS JOB MUST HAVE SUFFICIENT AUTHORITY +//* TO ALTER SECURITY DEFINITONS +//* +//* 2. The sample ACF2 commands create ROLEs that match the group +//* names. Due to permits assigned to the &STCGRP ROLE, it is +//* advised to ensure this ROLE has a unique identifier. +//* +//* 3. The Zowe started task user ID 'zowe.setup.security.users.zowe' +//* Writes persistent data to 'zowe.workspaceDirectory' +//* This sample JCL makes the Zowe started task part of +//* the Zowe admin group 'zowe.setup.security.groups.admin' +//* to facilitate admin access to this directory. +//* +//* 4. This job WILL complete with return code 0. +//* The results of each command must be verified after completion. +//* +//********************************************************************* +// EXPORT SYMLIST=* +//* +//* The sample commands assume AUTOUID and AUTOGID are +//* enabled. When this is not the case, +//* provide appropriate (numeric) values to these SET commands. +// SET ADMINGID= * Group ID for ZOWE administrators +// SET STCGID=&ADMINGID. * Group ID for ZOWE started tasks +// SET ZOWEUID= * UID for ZOWE started task User +// SET ZISUID= * UID for ZIS started task User +//* +//* If using AUTOUID and AUTOGID, an AUTOIDOM GSO Record must exist. +//* +//********************************************************************* +//* +//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT +//* +//RUN EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +* +* DEFINE ADMINISTRATORS ........................................... +* +* group for administrators +* replace AUTOGID with GID(&ADMINGID.) if AUTOGID is not enabled +* +SET PROFILE(GROUP) DIV(OMVS) +INSERT {zowe.setup.security.groups.admin}. AUTOGID +F ACF2,REBUILD(GRP),CLASS(P) +* +* uncomment and customize to add an existing userid as administrator +* +* SET X(ROL) +* INSERT {zowe.setup.security.groups.admin}. INCLUDE(userid) ROLE +* F ACF2,NEWXREF,TYPE(ROL) +* +* DEFINE STARTED TASK ............................................. +* +* comment out if STCGRP matches ADMINGRP (default), expect +* warning messages otherwise +* group for started tasks +* replace AUTOGID with GID(&STCGID.) if AUTOGID is not enabled +* +SET PROFILE(GROUP) DIV(OMVS) +INSERT {zowe.setup.security.groups.stc}. AUTOGID +F ACF2,REBUILD(GRP),CLASS(P) +* +***** +* +* userid for ZOWE main server +* replace AUTOUID with UID(&ZOWEUID.) if AUTOUID is not enabled +* +SET LID +INSERT {zowe.setup.security.users.zowe}. + + STC GROUP({zowe.setup.security.groups.stc}.) +SET PROFILE(USER) DIV(OMVS) +INSERT {zowe.setup.security.users.zowe}. + + AUTOUID HOME(/tmp) OMVSPGM(/bin/sh) +F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) +* +* userid for ZIS cross memory server +* replace AUTOUID with UID(&ZISUID.) if AUTOUID is not enabled +* +SET LID +INSERT {zowe.setup.security.users.zis}. + + STC GROUP({zowe.setup.security.groups.stc}.) +SET PROFILE(USER) DIV(OMVS) +INSERT {zowe.setup.security.users.zis}. + + AUTOUID HOME(/tmp) OMVSPGM(/bin/sh) +F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) +* +***** +* +* started task for ZOWE main server +* +SET CONTROL(GSO) +INSERT STC.{zowe.setup.security.stcs.zowe}. + + LOGONID({zowe.setup.security.users.zowe}.) + +GROUP({zowe.setup.security.groups.stc}.) + +STCID({zowe.setup.security.stcs.zowe}.) +F ACF2,REFRESH(STC) +* +* started task for ZIS cross memory server +* +SET CONTROL(GSO) +INSERT STC.{zowe.setup.security.stcs.zis}. + + LOGONID({zowe.setup.security.users.zis}.) + +GROUP({zowe.setup.security.groups.stc}.) + +STCID({zowe.setup.security.stcs.zis}.) +F ACF2,REFRESH(STC) +* +* started task for ZIS Auxiliary cross memory server +* +SET CONTROL(GSO) +INSERT STC.{zowe.setup.security.stcs.aux}. + + LOGONID({zowe.setup.security.users.zis}.) + +GROUP({zowe.setup.security.groups.stc}.) + +STCID({zowe.setup.security.stcs.aux}.) +F ACF2,REFRESH(STC) +* +* DEFINE ZIS SECURITY RESOURCES .................................. +* +* define a role holding the permissions, add ZISUSER and +* ZOWEUSER to it +* +SET X(ROL) +INSERT {zowe.setup.security.groups.stc}. + + INCLUDE({zowe.setup.security.users.zowe}.) ROLE +F ACF2,NEWXREF,TYPE(ROL) +CHANGE {zowe.setup.security.groups.stc}. + + INCLUDE({zowe.setup.security.users.zis}.) ADD +F ACF2,NEWXREF,TYPE(ROL) +* +* DEFINE STC SERVER PERMISIONS .................................... +* +* permit AUX and Zowe main server to use ZIS cross memory server +* +SET RESOURCE(FAC) +RECKEY ZWES ADD(IS SERVICE(READ) + + ROLE({zowe.setup.security.groups.stc}.) ALLOW) +F ACF2,REBUILD(FAC) +* +* DEFINE ZOWE SERVER PERMISIONS ................................... +* +* permit Zowe main server to create a user's security environment +* ATTENTION: Defining the BPX.DAEMON or BPX.SERVER profile makes +* z/OS UNIX switch to z/OS UNIX level security. This is +* more secure, but it can impact operation of existing +* applications. Test this thoroughly before activating +* it on a production system. +* +SET RESOURCE(FAC) +RECKEY BPX ADD(DAEMON SERVICE(UPDATE) + + ROLE({zowe.setup.security.groups.stc}.) ALLOW) +RECKEY BPX ADD(SERVER SERVICE(UPDATE) + + ROLE({zowe.setup.security.groups.stc}.) ALLOW) +* +* permit Zowe main server to create a user's security environment +* comment out the following 3 lines if the OMVSAPPL is not defined +* in your environment +SET RESOURCE(APL) +RECKEY OMVSAPPL ADD(SERVICE(READ) + + ROLE({zowe.setup.security.groups.stc}.) ALLOW) +F ACF2,REBUILD(APL) +* +* Allow STCGRP role access to BPX.JOBNAME +RECKEY BPX ADD(JOBNAME SERVICE(READ) + + ROLE({zowe.setup.security.groups.stc}.) ALLOW) +F ACF2,REBUILD(FAC) + +* allow STCGRP role to use client certificate mapping service +SET RESOURCE(FAC) +RECKEY IRR ADD(RUSERMAP ROLE({zowe.setup.security.groups.stc}.) + + SERVICE(READ) ALLOW) +F ACF2,REBUILD(FAC) + +* allow STCGRP role to use distributed identity mapping service +SET RESOURCE(FAC) +RECKEY IRR ADD(IDIDMAP.QUERY + + ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) +F ACF2,REBUILD(FAC) + +* permit Zowe main server to cut SMF records +SET RESOURCE(FAC) +RECKEY IRR ADD(RAUDITX ROLE({zowe.setup.security.groups.stc}.) + + SERVICE(READ) ALLOW) +F ACF2,REBUILD(FAC) + +* +* DEFINE ZOWE DATA SET PROTECTION ................................. +* +* - HLQ..SZWEAUTH is an APF authorized data set. It is strongly +* advised to protect it against updates. +* +* HLQ stub +SET RULE +* general data set protection +LIST {zowe.setup.dataset.prefix}. +RECKEY {zowe.setup.dataset.prefix}. ADD(- UID(-) READ(A) EXEC(P)) +RECKEY {zowe.setup.dataset.prefix}. + +ADD(- UID({zowe.setup.security.groups.sysProg}.) + + READ(A) EXEC(A) ALLOC(A) WRITE(A)) +* +* show results +LIST {zowe.setup.dataset.prefix}. +* + +* +* DEFINE ZOWE RESOURCE PROTECTION ................................. +* +* - Defines new resource class for Zowe that protects access to +* sensitive Zowe resources. +* - Defines resource APIML.SERVICES that controls access to +* detailed information about API services to Zowe users. + +* define ZOWE resource type and class mapping +* skip this section if the ZOWE resource class already exists +SET CONTROL(GSO) +INSERT CLASMAP.ZOWE RESOURCE(ZOWE) RSRCTYPE(ZWE) +F ACF2,REFRESH(CLASMAP),TYPE(GSO) +CHANGE INFODIR TYPES(R-RZWE) +F ACF2,REFRESH(INFODIR) +SET CONTROL(GSO) + +* uncomment and replace "user" to permit Zowe users to access +* the resource: +* SET RESOURCE(ZWE) +* RECKEY APIML ADD(SERVICES - +* UID(user) SERVICE(READ) ALLOW) +* F ACF2,REBUILD(ZWE) + +* show results +SET RESOURCE(ZWE) +LIST LIKE(-) +$$ +//* diff --git a/files/SZWESAMP/ZWEIRACF b/files/SZWESAMP/ZWEIRACF new file mode 100644 index 0000000000..764208bc58 --- /dev/null +++ b/files/SZWESAMP/ZWEIRACF @@ -0,0 +1,315 @@ +//ZWEIRACF JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2018, 2020 +//* +//********************************************************************* +//* +//* Zowe Open Source Project +//* This JCL can be used to define security permits for Zowe +//* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* 2) When not using AUTOUID and AUTOGID to assign z/OS UNIX UID +//* and GID values, update the SET *ID= statements to match the +//* desired UID and GID values. +//* +//* 3) Customize the commands in the DD statement that matches your +//* security product so that they meet your system requirements. +//* +//* Note(s): +//* +//* 1. THE USER ID THAT RUNS THIS JOB MUST HAVE SUFFICIENT AUTHORITY +//* TO ALTER SECURITY DEFINITONS +//* +//* 2. The Zowe started task user ID 'zowe.setup.security.users.zowe' +//* Writes persistent data to 'zowe.workspaceDirectory' +//* This sample JCL makes the Zowe started task part of +//* the Zowe admin group 'zowe.setup.security.groups.admin' +//* to facilitate admin access to this directory. +//* +//* 3. This job WILL complete with return code 0. +//* The results of each command must be verified after completion. +//* +//********************************************************************* +// EXPORT SYMLIST=* +//* +//* The sample commands assume AUTOUID and AUTOGID are +//* enabled. When this is not the case, +//* provide appropriate (numeric) values to these SET commands. +// SET ADMINGID= * Group ID for ZOWE administrators +// SET STCGID=&ADMINGID. * Group ID for ZOWE started tasks +// SET ZOWEUID= * UID for ZOWE started task User +// SET ZISUID= * UID for ZIS started task User +//* +//* If using AUTOUID and AUTOGID, the RACF database must be +//* at AIM 2 or higher, and BPX.NEXT.USER must exist. +//* +//********************************************************************* +//* +//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT +//* +//RUN EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=RACF +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* ACTIVATE REQUIRED RACF SETTINGS AND CLASSES ..................... */ + +/* - Comment out the activation statements for the classes that are */ +/* already active. */ + +/* display current settings */ +/*SETROPTS LIST */ + +/* activate FACILITY class for z/OS UNIX & Zowe ZIS profiles */ + SETROPTS GENERIC(FACILITY) + SETROPTS CLASSACT(FACILITY) RACLIST(FACILITY) + +/* activate started task class */ + SETROPTS GENERIC(STARTED) + SETROPTS CLASSACT(STARTED) RACLIST(STARTED) + +/* show results .................................................... */ + SETROPTS LIST + +/* DEFINE ADMINISTRATORS ........................................... */ + +/* - The sample commands assume automatic generation of GID is */ +/* enabled. */ + +/* group for administrators */ +/* replace AUTOGID with GID(&ADMINGID.) if AUTOGID not enabled */ + LISTGRP {zowe.setup.security.groups.admin}. OMVS + ADDGROUP {zowe.setup.security.groups.admin}. OMVS(AUTOGID) - + DATA('ZOWE ADMINISTRATORS') + +/* uncomment to add existing user IDs to the ADMINGRP group */ +/* CONNECT (userid,userid,...) - */ +/* GROUP({zowe.setup.security.groups.admin}.) AUTH(USE) */ + +/* DEFINE STARTED TASK ............................................. */ + +/* - Ensure that user IDs are protected with the NOPASSWORD keyword. */ +/* - The sample commands assume automatic generation of UID and GID */ +/* is enabled. */ + +/* comment out if STCGRP matches ADMINGRP (default), expect */ +/* warning messages otherwise */ +/* group for started tasks */ +/* replace AUTOGID with GID(&STCGID.) if AUTOGID not enabled */ + LISTGRP {zowe.setup.security.groups.stc}. OMVS + ADDGROUP {zowe.setup.security.groups.stc}. OMVS(AUTOGID) - + DATA('STARTED TASK GROUP WITH OMVS SEGMENT') + +/* */ + +/* userid for ZOWE main server */ +/* replace AUTOUID with UID(&ZOWEUID.) if AUTOUID not enabled */ + LISTUSER {zowe.setup.security.users.zowe}. OMVS + ADDUSER {zowe.setup.security.users.zowe}. - + NOPASSWORD - + DFLTGRP({zowe.setup.security.groups.stc}.) - + OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) - + NAME('ZOWE SERVER') - + DATA('ZOWE MAIN SERVER') + +/* userid for ZIS cross memory server */ +/* replace AUTOUID with UID(&ZISUID.) if AUTOUID not enabled */ + LISTUSER {zowe.setup.security.users.zis}. OMVS + ADDUSER {zowe.setup.security.users.zis}. - + NOPASSWORD - + DFLTGRP({zowe.setup.security.groups.stc}.) - + OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) - + NAME('ZOWE ZIS SERVER') - + DATA('ZOWE ZIS CROSS MEMORY SERVER') + +/* */ + +/* started task for ZOWE main server */ + RLIST STARTED {zowe.setup.security.stcs.zowe}..* ALL STDATA + RDEFINE STARTED {zowe.setup.security.stcs.zowe}..* - + STDATA(USER({zowe.setup.security.users.zowe}.) - + GROUP({zowe.setup.security.groups.stc}.) - + TRUSTED(NO)) DATA('ZOWE MAIN SERVER') + +/* started task for ZIS cross memory server */ + RLIST STARTED {zowe.setup.security.stcs.zis}..* ALL STDATA + RDEFINE STARTED {zowe.setup.security.stcs.zis}..* - + STDATA(USER({zowe.setup.security.users.zis}.) - + GROUP({zowe.setup.security.groups.stc}.) - + TRUSTED(NO)) DATA('ZOWE ZIS CROSS MEMORY SERVER') + +/* started task for ZIS Auxiliary cross memory server */ + RLIST STARTED {zowe.setup.security.stcs.aux}..* ALL STDATA + RDEFINE STARTED {zowe.setup.security.stcs.aux}..* - + STDATA(USER({zowe.setup.security.users.zis}.) - + GROUP({zowe.setup.security.groups.stc}.) - + TRUSTED(NO)) DATA('ZOWE ZIS AUX CROSS MEMORY SERVER') + + SETROPTS RACLIST(STARTED) REFRESH + +/* show results .................................................... */ + LISTGRP {zowe.setup.security.groups.stc}. OMVS + LISTUSER {zowe.setup.security.users.zowe}. OMVS + LISTUSER {zowe.setup.security.users.zis}. OMVS + RLIST STARTED {zowe.setup.security.stcs.zowe}..* ALL STDATA + RLIST STARTED {zowe.setup.security.stcs.zis}..* ALL STDATA + RLIST STARTED {zowe.setup.security.stcs.aux}..* ALL STDATA + +/* DEFINE ZIS SECURITY RESOURCES ................................... */ + +/* define ZIS security profile */ + RLIST FACILITY ZWES.IS ALL + RDEFINE FACILITY ZWES.IS UACC(NONE) + +/* DEFINE AUX SERVER PERMISIONS .................................... */ + +/* permit AUX STC to use ZIS cross memory server */ + PERMIT ZWES.IS CLASS(FACILITY) ACCESS(READ) - + ID({zowe.setup.security.users.zis}.) + SETROPTS RACLIST(FACILITY) REFRESH + +/* DEFINE ZOWE SERVER PERMISIONS ................................... */ + +/* permit Zowe main server to use ZIS cross memory server */ + PERMIT ZWES.IS CLASS(FACILITY) ACCESS(READ) - + ID({zowe.setup.security.users.zowe}.) + SETROPTS RACLIST(FACILITY) REFRESH + +/* permit Zowe main server to create a user's security environment */ +/* ATTENTION: Defining the BPX.DAEMON or BPX.SERVER profile makes */ +/* z/OS UNIX switch to z/OS UNIX level security. This is */ +/* more secure, but it can impact operation of existing */ +/* applications. Test this thoroughly before activating */ +/* it on a production system. */ + RLIST FACILITY BPX.DAEMON ALL + RDEFINE FACILITY BPX.DAEMON UACC(NONE) + PERMIT BPX.DAEMON CLASS(FACILITY) ACCESS(UPDATE) 0 + ID({zowe.setup.security.users.zowe}.) + + RLIST FACILITY BPX.SERVER ALL + RDEFINE FACILITY BPX.SERVER UACC(NONE) + PERMIT BPX.SERVER CLASS(FACILITY) ACCESS(UPDATE) - + ID({zowe.setup.security.users.zowe}.) + +/* permit Zowe main server to create a user's security environment */ +/* comment out the following 2 lines if the OMVSAPPL is not defined */ +/* in your environment */ + PERMIT OMVSAPPL CLASS(APPL) ID({zowe.setup.security.users.zowe}.) - + ACCESS(READ) + SETROPTS RACLIST(APPL) REFRESH + +/* permit Zowe main server to set job name */ + RLIST FACILITY BPX.JOBNAME ALL + RDEFINE FACILITY BPX.JOBNAME UACC(NONE) + PERMIT BPX.JOBNAME CLASS(FACILITY) ACCESS(READ) - + ID({zowe.setup.security.users.zowe}.) + + SETROPTS RACLIST(FACILITY) REFRESH + +/* permit Zowe main server to use client certificate mapping service */ + RLIST FACILITY IRR.RUSERMAP ALL + RDEFINE FACILITY IRR.RUSERMAP UACC(NONE) + PERMIT IRR.RUSERMAP CLASS(FACILITY) ACCESS(READ) - + ID({zowe.setup.security.users.zowe}.) + +/* permit Zowe main server to use distributed identity mapping */ +/* service + RLIST FACILITY IRR.IDIDMAP.QUERY ALL + RDEFINE FACILITY IRR.IDIDMAP.QUERY UACC(NONE) + PERMIT IRR.IDIDMAP.QUERY CLASS(FACILITY) ACCESS(READ) - + ID({zowe.setup.security.users.zowe}.) + +/* permit Zowe main server to cut SMF records */ + RLIST FACILITY IRR.RAUDITX ALL + RDEFINE FACILITY IRR.RAUDITX UACC(NONE) + PERMIT IRR.RAUDITX CLASS(FACILITY) ACCESS(READ) - + ID({zowe.setup.security.users.zowe}.) + + SETROPTS RACLIST(FACILITY) REFRESH +/* show results .................................................... */ + RLIST FACILITY ZWES.IS ALL + RLIST FACILITY BPX.DAEMON ALL + RLIST FACILITY BPX.SERVER ALL + RLIST FACILITY BPX.JOBNAME ALL + RLIST FACILITY IRR.RUSERMAP ALL + RLIST FACILITY IRR.RAUDITX ALL + +/* DEFINE ZOWE DATA SET PROTECTION ................................. */ + +/* - HLQ..SZWEAUTH is an APF authorized data set. It is strongly */ +/* advised to protect it against updates. */ +/* - The sample commands assume that EGN (Enhanced Generic Naming) */ +/* is active, which allows the usage of ** to represent any number */ +/* of qualifiers in the DATASET class. Substitute *.** with * if */ +/* EGN is not active on your system. */ + +/* HLQ stub */ + LISTGRP {zowe.setup.dataset.prefix}. + ADDGROUP {zowe.setup.dataset.prefix}. DATA('Zowe - HLQ STUB') + +/* general data set protection */ + LISTDSD PREFIX({zowe.setup.dataset.prefix}.) ALL + ADDSD '{zowe.setup.dataset.prefix}..*.**' UACC(READ) DATA('Zowe') + PERMIT '{zowe.setup.dataset.prefix}..*.**' CLASS(DATASET) - + ACCESS(ALTER) ID({zowe.setup.security.groups.sysProg}.) + + SETROPTS GENERIC(DATASET) REFRESH + +/* show results .................................................... */ + LISTGRP {zowe.setup.dataset.prefix}. + LISTDSD PREFIX({zowe.setup.dataset.prefix}.) ALL + +/* DEFINE ZOWE RESOURCE PROTECTION ................................. */ + +/* - Defines new resource class for Zowe that protects access to */ +/* sensitive Zowe resources. */ +/* - Defines resource APIML.SERVICES that controls access to */ +/* detailed information about API services to Zowe users. */ + +/* uncomment to activate CDT class to define ZOWE resource class */ +/* SETROPTS CLASSACT(CDT) RACLIST(CDT) */ + +/* define ZOWE resource class */ +/* skip this command if the ZOWE resource class already exists */ +/* use a unique value in POSIT */ + RDEFINE CDT ZOWE - + UACC(NONE) - + CDTINFO(DEFAULTUACC(NONE) - + FIRST(ALPHA) - + OTHER(ALPHA,NATIONAL,NUMERIC,SPECIAL) - + MAXLENGTH(246) - + POSIT(607) - + RACLIST(DISALLOWED)) + + SETROPTS RACLIST(CDT) REFRESH + SETROPTS CLASSACT(ZOWE) + +/* define resource for information about API services */ + RDEFINE ZOWE APIML.SERVICES UACC(NONE) + +/* uncomment and replace "user" to permit Zowe users to access */ +/* the resource: */ +/* PERMIT APIML.SERVICES CLASS(ZOWE) ID(user) ACCESS(READ) */ + +/* show results */ + RLIST ZOWE * + +/* ................................................................. */ +/* only the last RC is returned, this command ensures it is a 0 */ +PROFILE +$$ +//* diff --git a/files/SZWESAMP/ZWEITSS b/files/SZWESAMP/ZWEITSS new file mode 100644 index 0000000000..8b0d10c962 --- /dev/null +++ b/files/SZWESAMP/ZWEITSS @@ -0,0 +1,267 @@ +//ZWEITSS JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2018, 2020 +//* +//********************************************************************* +//* +//* Zowe Open Source Project +//* This JCL can be used to define security permits for Zowe +//* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* 2) When not using AUTOUID and AUTOGID to assign z/OS UNIX UID +//* and GID values, update the SET *ID= statements to match the +//* desired UID and GID values. +//* +//* 3) Customize the commands in the DD statement that matches your +//* security product so that they meet your system requirements. +//* +//* Note(s): +//* +//* 1. THE USER ID THAT RUNS THIS JOB MUST HAVE SUFFICIENT AUTHORITY +//* TO ALTER SECURITY DEFINITONS +//* +//* 2. The Zowe started task user ID 'zowe.setup.security.users.zowe' +//* Writes persistent data to 'zowe.workspaceDirectory' +//* This sample JCL makes the Zowe started task part of +//* the Zowe admin group 'zowe.setup.security.groups.admin' +//* to facilitate admin access to this directory. +//* +//* 3. This job WILL complete with return code 0. +//* The results of each command must be verified after completion. +//* +//********************************************************************* +// EXPORT SYMLIST=* +//* +//* Provide appropriate (numeric) values to these SET commands. +// SET ADMINGID= * Group ID for ZOWE administrators +// SET STCGID=&ADMINGID. * Group ID for ZOWE started tasks +// SET ZOWEUID= * UID for ZOWE started task User +// SET ZISUID= * UID for ZIS started task User +//* +//* If a default UID and GID range is defined, you can specify '?' +//* in the SET *ID= statements to utilize auto-assignment +//* of UID and GID. +//* +//* 12345678 +// SET ADMINDEP= * department owning admin group +// SET STCGDEP= * department owning STC group +// SET STCUDEP= * department owning STC user IDs +// SET ZOWEDEP= * department owning Zowe resources +// SET FACACID= * ACID owning IBMFAC +//* 12345678 +//* +//********************************************************************* +//* +//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT +//* +//RUN EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* DEFINE ADMINISTRATORS ........................................... */ + +/* group for administrators */ + TSS LIST({zowe.setup.security.groups.admin}.) SEGMENT(OMVS) + TSS CREATE({zowe.setup.security.groups.admin}.) TYPE(GROUP) + + NAME('ZOWE ADMINISTRATORS') + + DEPT(&ADMINDEP.) + TSS ADD({zowe.setup.security.groups.admin}.) GID(&ADMINGID.) + +/* uncomment to add existing user IDs to the Zowe admin group */ +/* TSS ADD(userid) GROUP({zowe.setup.security.groups.admin}.) */ + +/* DEFINE STARTED TASK ............................................. */ + +/* comment out if STCGRP matches ADMINGRP (default), expect */ +/* warning messages otherwise */ +/* group for started tasks */ + TSS LIST({zowe.setup.security.groups.stc}.) SEGMENT(OMVS) + TSS CREATE({zowe.setup.security.groups.stc}.) TYPE(GROUP) + + NAME('STC GROUP WITH OMVS SEGMENT') + + DEPT(&STCGDEP.) + TSS ADD({zowe.setup.security.groups.stc}.) GID(&STCGID.) + +/* */ + +/* userid for ZOWE main server */ + TSS LIST({zowe.setup.security.users.zowe}.) SEGMENT(OMVS) + TSS CREATE({zowe.setup.security.users.zowe}.) TYPE(USER) PASS(NOPW,0) + + NAME('ZOWE MAIN SERVER') + + DEPT(&STCUDEP.) + TSS ADD({zowe.setup.security.users.zowe}.) + + GROUP({zowe.setup.security.groups.stc}.) + + DFLTGRP({zowe.setup.security.groups.stc}.) + + HOME(/tmp) OMVSPGM(/bin/sh) UID(&ZOWEUID.) + +/* userid for ZIS cross memory server */ + TSS LIST({zowe.setup.security.users.zis}.) SEGMENT(OMVS) + TSS CREATE({zowe.setup.security.users.zis}.) TYPE(USER) PASS(NOPW,0) + + NAME('ZOWE ZIS CROSS MEMORY SERVER') + + DEPT(&STCUDEP.) + TSS ADD({zowe.setup.security.users.zis}.) + + GROUP({zowe.setup.security.groups.stc}.) + + DFLTGRP({zowe.setup.security.groups.stc}.) + + HOME(/tmp) OMVSPGM(/bin/sh) UID(&ZISUID.) + +/* */ + +/* started task for ZOWE main server */ + TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.zowe}.) PREFIX + TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.zowe}.) + + ACID({zowe.setup.security.users.zowe}.) + TSS ADD({zowe.setup.security.users.zowe}.) FAC(STC) + +/* started task for ZIS cross memory server */ + TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.zis}.) PREFIX + TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.zis}.) + + ACID({zowe.setup.security.users.zis}.) + TSS ADD({zowe.setup.security.users.zis}.) FAC(STC) + +/* started task for ZIS Auxiliary cross memory server */ + TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.aux}.) PREFIX + TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.aux}.) + + ACID({zowe.setup.security.users.zis}.) + TSS ADD({zowe.setup.security.users.zis}.) FAC(STC) + +/* DEFINE ZIS SECURITY RESOURCES ................................... */ + +/* define ZIS security profile */ + TSS ADD(&FACACID.) IBMFAC(ZWES.IS) + +/* DEFINE AUX SERVER PERMISIONS .................................... */ + +/* permit AUX STC to use ZIS cross memory server */ + TSS WHOHAS IBMFAC(ZWES.IS) + TSS PERMIT({zowe.setup.security.users.zis}.) IBMFAC(ZWES.IS) + + ACCESS(READ) + +/* DEFINE ZOWE SERVER PERMISIONS ................................... */ + +/* permit Zowe main server to use ZIS cross memory server */ + TSS WHOHAS IBMFAC(ZWES.IS) + TSS PERMIT({zowe.setup.security.users.zowe}.) IBMFAC(ZWES.IS) + + ACCESS(READ) + +/* permit Zowe main server to create a user's security environment */ +/* ATTENTION: Defining the BPX.DAEMON or BPX.SERVER profile makes */ +/* z/OS UNIX switch to z/OS UNIX level security. This is */ +/* more secure, but it can impact operation of existing */ +/* applications. Test this thoroughly before activating */ +/* it on a production system. */ + TSS ADD(&FACACID.) IBMFAC(BPX.) + TSS WHOHAS IBMFAC(BPX.DAEMON) + TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(BPX.DAEMON) + + ACCESS(UPDATE) + TSS WHOHAS IBMFAC(BPX.SERVER) + TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(BPX.SERVER) + + ACCESS(UPDATE) + +/* permit Zowe main server to create a user's security environment */ +/* comment out the following line if the OMVSAPPL is not defined */ +/* in your environment */ +TSS PERMIT({zowe.setup.security.users.zowe}.) APPL(OMVSAPPL) + +/* Allow ZOWEUSER access to BPX.JOBNAME */ + TSS WHOHAS IBMFAC(BPX.JOBNAME) + TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(BPX.JOBNAME) + + ACCESS(READ) + +/* permit Zowe main server to use client certificate mapping service */ + TSS WHOHAS IBMFAC(IRR.RUSERMAP) + TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(IRR.RUSERMAP) + + ACCESS(READ) + +/* permit Zowe main server to use distributed identity mapping */ +/* service + TSS WHOHAS IBMFAC(IRR.IDIDMAP.QUERY) + TSS PER({zowe.setup.security.users.zowe}.) + + IBMFAC(IRR.IDIDMAP.QUERY) ACCESS(READ) + +/* permit Zowe main server to cut SMF records */ + TSS WHOHAS IBMFAC(IRR.RAUDITX) + TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(IRR.RAUDITX) + + ACCESS(READ) + +/* DEFINE ZOWE DATA SET PROTECTION ................................. */ + +/* - HLQ..SZWEAUTH is an APF authorized data set. It is strongly */ +/* advised to protect it against updates. */ + +/* HLQ stub */ + TSS ADD(&ADMINDEP.) DATASET({zowe.setup.dataset.prefix}..) + +/* general data set protection */ + TSS WHOHAS DATASET({zowe.setup.dataset.prefix}.) + TSS PER(ALL) DATASET({zowe.setup.dataset.prefix}..) ACCESS(READ) + TSS PER({zowe.setup.security.groups.sysProg}) + + DATASET({zowe.setup.dataset.prefix}..) ACCESS(ALL) + +/* show results */ + TSS WHOHAS DATASET({zowe.setup.dataset.prefix}.) + +/* DEFINE ZOWE RESOURCE PROTECTION ................................. */ + +/* - Defines new resource class for Zowe that protects access to */ +/* sensitive Zowe resources. */ +/* - Defines resource APIML.SERVICES that controls access to */ +/* detailed information about API services to Zowe users. */ + +/* define ZOWE resource class */ +/* skip this command if the ZOWE resource class already exists */ + TSS ADDTO(RDT) RESCLASS(ZOWE) MAXLEN(246) + + ACLST(NONE,READ,UPDATE,CONTROL) DEFACC(NONE) + +/* define resource for information about API services */ + TSS ADDTO(&ZOWEDEP.) ZOWE(APIML.) + +/* uncomment and replace "user" to permit Zowe users to access */ +/* the resource: */ +/* TSS PERMIT(user) ZOWE(APIML.SERVICES) ACCESS(READ) */ + +/* show results */ + TSS LIST(RDT) RESCLASS(ZOWE) + +/* If any of these started tasks are multiusers address spaces */ +/* a TSS FACILITY needs to be defined and assigned to the started */ +/* and should not be using the STC FACILITY . The all acids signing */ +/* on to the started tasks will need to be authorized to the */ +/* FACILITY. */ +/* */ +/* Create FACILITY example: */ +/* In the TSSPARMS add the following lines to create */ +/* the new FACILITY. */ +/* */ +/* FACILITY(USER11=NAME=ZOWE) */ +/* FACILITY(ZOWE=MODE=FAIL) */ +/* FACILITY(ZOWE=RES) */ +/* */ +/* To assign the FACILITY to the started task issue the following */ +/* command: */ +/* */ +/* TSS ADD(started_task_acid) MASTFAC(ZOWE) */ +/* */ +/* To authorize a user to signon to the FACILITY, issues the */ +/* following command. */ +/* */ +/* TSS ADD(user_acid) FAC(ZOWE) */ + +/* ................................................................. */ +/* only the last RC is returned, this command ensures it is a 0 */ +PROFILE +$$ +//* diff --git a/workflows/templates/ZWESECUR.properties b/workflows/templates/ZWESECUR.properties index 11543d4aa5..029ea6f982 100644 --- a/workflows/templates/ZWESECUR.properties +++ b/workflows/templates/ZWESECUR.properties @@ -177,15 +177,7 @@ ZISUSER: '#ZWESIUSR' # Category: General Security # Description: # Zowe started task name -ZOWESTC: '#ZWESVSTC' - -# ZLNCHSTC -# Label: ZLNCHSTC -# Abstract: Zowe started task name for HA -# Category: General Security -# Description: -# Zowe started task name for HA -ZLNCHSTC: '#ZWESLSTC' +ZOWESTC: '#ZWESLSTC' # ZISSTC # Label: ZISSTC diff --git a/workflows/templates/ZWESECUR.vtl b/workflows/templates/ZWESECUR.vtl index d32ecb48dc..84d86af7ab 100644 --- a/workflows/templates/ZWESECUR.vtl +++ b/workflows/templates/ZWESECUR.vtl @@ -35,6 +35,7 @@ //* 1) Add job name and job parameters to the JOB statement, to //* meet your system requirements. //* +#if($ibmTemplate != 'YES') //* 2) Update the SET PRODUCT= statement to match your security //* product. //* @@ -53,30 +54,27 @@ //* 7) Update the SET ZOWESTC= statement to match the desired //* Zowe started task name. //* -//* 8) Update the SET ZLNCHSTC= statement to match the desired -//* Zowe launcher started task name. It is applicable if you -//* run Zowe for high availability. -//* -//* 9) Update the SET ZISSTC= statement to match the desired +//* 8) Update the SET ZISSTC= statement to match the desired //* ZIS started task name. //* -//* 10) Update the SET AUXSTC= statement to match the desired +//* 9) Update the SET AUXSTC= statement to match the desired //* ZIS Auxiliary started task name. //* -//* 11) Update the SET HLQ= statement to match the desired +//* 10) Update the SET HLQ= statement to match the desired //* Zowe data set high level qualifier. //* -//* 12) Update the SET SYSPROG= statement to match the existing +//* 11) Update the SET SYSPROG= statement to match the existing //* user ID or group used by z/OS system programmers. //* -//* 13) When not using AUTOUID and AUTOGID to assign z/OS UNIX UID +#end +//* 12) When not using AUTOUID and AUTOGID to assign z/OS UNIX UID //* and GID values, update the SET *ID= statements to match the //* desired UID and GID values. //* -//* 14) When using Top Secret, update the Top Secret specific SET +//* 13) When using Top Secret, update the Top Secret specific SET //* statements. //* -//* 15) Customize the commands in the DD statement that matches your +//* 14) Customize the commands in the DD statement that matches your //* security product so that they meet your system requirements. //* //* Note(s): @@ -103,19 +101,16 @@ #if($ibmTemplate == 'YES') // EXPORT SYMLIST=* //* -// SET PRODUCT=RACF * RACF, ACF2, or TSS -//* 12345678 -// SET ADMINGRP=ZWEADMIN * group for Zowe administrators -// SET STCGRP=&ADMINGRP. * group for Zowe started tasks -// SET ZOWEUSER=ZWESVUSR * userid for Zowe started task -// SET ZISUSER=ZWESIUSR * userid for ZIS started task -// SET ZOWESTC=ZWESVSTC * Zowe started task name -// SET ZLNCHSTC=ZWESLSTC * Zowe started task name for HA -// SET ZISSTC=ZWESISTC * ZIS started task name -// SET AUXSTC=ZWESASTC * ZIS AUX started task name -// SET HLQ=ZWE * data set high level qualifier -// SET SYSPROG=&ADMINGRP. * system programmer user ID/group -//* 12345678 +// SET PRODUCT=#[[{zowe.setup.security.product}]]# +// SET ADMINGRP=#[[{zowe.setup.security.groups.admin}]]# +// SET STCGRP=#[[{zowe.setup.security.groups.stc}]]# +// SET ZOWEUSER=#[[{zowe.setup.security.users.zowe}]]# +// SET ZISUSER=#[[{zowe.setup.security.users.zis}]]# +// SET ZOWESTC=#[[{zowe.setup.security.stcs.zowe}]]# +// SET ZISSTC=#[[{zowe.setup.security.stcs.zis}]]# +// SET AUXSTC=#[[zowe.setup.security.stcs.aux}]]# +// SET HLQ=#[[{zowe.setup.dataset.prefix}]]# +// SET SYSPROG=#[[{zowe.setup.security.groups.sysProg}]]# //* //* The sample RACF and ACF2 commands assume AUTOUID and AUTOGID are //* enabled. When this is not the case, or you are using Top Secret, @@ -152,7 +147,6 @@ // SET ZOWEUSER=${ZOWEUSER} * userid for Zowe started task // SET ZISUSER=${ZISUSER} * userid for ZIS started task // SET ZOWESTC=${ZOWESTC} * Zowe started task name -// SET ZLNCHSTC=${ZLNCHSTC} * Zowe started task name for HA // SET ZISSTC=${ZISSTC} * ZIS started task name // SET AUXSTC=${AUXSTC} * ZIS AUX started task name // SET HLQ=${HLQ} * data set high level qualifier @@ -283,12 +277,6 @@ STDATA(USER(&ZOWEUSER.) GROUP(&STCGRP.) TRUSTED(NO)) - DATA('ZOWE MAIN SERVER') -/* started task for ZOWE Launcher in high availability */ - RLIST STARTED &ZLNCHSTC..* ALL STDATA - RDEFINE STARTED &ZLNCHSTC..* - - STDATA(USER(&ZOWEUSER.) GROUP(&STCGRP.) TRUSTED(NO)) - - DATA('ZOWE LAUNCHER SERVER') - /* started task for ZIS cross memory server */ RLIST STARTED &ZISSTC..* ALL STDATA RDEFINE STARTED &ZISSTC..* - @@ -308,7 +296,6 @@ LISTUSER &ZOWEUSER. OMVS LISTUSER &ZISUSER. OMVS RLIST STARTED &ZOWESTC..* ALL STDATA - RLIST STARTED &ZLNCHSTC..* ALL STDATA RLIST STARTED &ZISSTC..* ALL STDATA RLIST STARTED &AUXSTC..* ALL STDATA @@ -520,14 +507,6 @@ GROUP(&STCGRP.) + STCID(&ZOWESTC.) F ACF2,REFRESH(STC) * -* started task for ZOWE Launcher in high availability -* -SET CONTROL(GSO) -INSERT STC.&ZLNCHSTC. LOGONID(&ZOWEUSER.) + -GROUP(&STCGRP.) + -STCID(&ZLNCHSTC.) -F ACF2,REFRESH(STC) -* * started task for ZIS cross memory server * SET CONTROL(GSO) @@ -721,11 +700,6 @@ $$ TSS ADD(STC) PROCNAME(&ZOWESTC.) ACID(&ZOWEUSER.) TSS ADD(&ZOWEUSER.) FAC(STC) -/* started task for ZOWE Launcher in high availability */ - TSS LIST(STC) PROCNAME(&ZLNCHSTC.) PREFIX - TSS ADD(STC) PROCNAME(&ZLNCHSTC.) ACID(&ZOWEUSER.) - TSS ADD(&ZOWEUSER.) FAC(STC) - /* started task for ZIS cross memory server */ TSS LIST(STC) PROCNAME(&ZISSTC.) PREFIX TSS ADD(STC) PROCNAME(&ZISSTC.) ACID(&ZISUSER.) diff --git a/workflows/templates/ZWESECUR.xml b/workflows/templates/ZWESECUR.xml index 2616c0e018..4508e22a2f 100644 --- a/workflows/templates/ZWESECUR.xml +++ b/workflows/templates/ZWESECUR.xml @@ -122,15 +122,6 @@ Zowe started task name Zowe started task name General Security - - #ZWESVSTC - - - - - Zowe started task name for HA - Zowe started task name for HA - General Security #ZWESLSTC @@ -265,7 +256,6 @@ - Run this step to initialize variable values.<br/> Note(s):<br/> 1. THE USER ID THAT RUNS THIS JOB MUST HAVE SUFFICIENT AUTHORITY <br/> From 630818499f02df9c4488cd4c23db7523fd6a009f Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 2 Feb 2024 14:55:55 -0500 Subject: [PATCH 076/258] split zwekring into 9 parts, 3 for each esm. printing of jcl to not use temp file. add zosmf keyring info to example-zowe Signed-off-by: 1000TurquoisePogs --- bin/commands/init/certificate/.parameters | 1 + bin/commands/init/mvs/index.sh | 8 +- bin/commands/init/security/.parameters | 2 +- bin/commands/init/security/index.sh | 5 +- bin/commands/init/vsam/index.sh | 8 +- bin/libs/certificate.sh | 178 ++++---------- example-zowe.yaml | 17 ++ files/SZWESAMP/ZWEIKRA1 | 241 ++++++++++++++++++ files/SZWESAMP/ZWEIKRA2 | 207 ++++++++++++++++ files/SZWESAMP/ZWEIKRA3 | 214 ++++++++++++++++ files/SZWESAMP/ZWEIKRR1 | 287 ++++++++++++++++++++++ files/SZWESAMP/ZWEIKRR2 | 255 +++++++++++++++++++ files/SZWESAMP/ZWEIKRR3 | 258 +++++++++++++++++++ files/SZWESAMP/ZWEIKRT1 | 227 +++++++++++++++++ files/SZWESAMP/ZWEIKRT2 | 194 +++++++++++++++ files/SZWESAMP/ZWEIKRT3 | 199 +++++++++++++++ 16 files changed, 2154 insertions(+), 147 deletions(-) create mode 100644 files/SZWESAMP/ZWEIKRA1 create mode 100644 files/SZWESAMP/ZWEIKRA2 create mode 100644 files/SZWESAMP/ZWEIKRA3 create mode 100644 files/SZWESAMP/ZWEIKRR1 create mode 100644 files/SZWESAMP/ZWEIKRR2 create mode 100644 files/SZWESAMP/ZWEIKRR3 create mode 100644 files/SZWESAMP/ZWEIKRT1 create mode 100644 files/SZWESAMP/ZWEIKRT2 create mode 100644 files/SZWESAMP/ZWEIKRT3 diff --git a/bin/commands/init/certificate/.parameters b/bin/commands/init/certificate/.parameters index 3c989a374d..6d54bacd99 100644 --- a/bin/commands/init/certificate/.parameters +++ b/bin/commands/init/certificate/.parameters @@ -1,3 +1,4 @@ allow-overwrite,allow-overwritten||boolean|||||Allow overwritten existing MVS data set. update-config||boolean|||||Whether to update YAML configuration file with initialization result. ignore-security-failures||boolean|||||Whether to ignore security setup job failures. +security-dry-run,dry-run||boolean|||||Generates and prints JCL but does not execute \ No newline at end of file diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index af2bf5dea1..314ecc92a0 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -81,9 +81,7 @@ if [ "${ds_existence}" = "true" ] && [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" ! print_level2_message "Zowe custom data sets initialized with errors." else - jcl_file=$(create_tmp_file) - copy_mvs_to_uss "${jcllib_location}(ZWEIMVS)" "${jcl_file}" - jcl_contents=$(cat "${jcl_file}") + jcl_contents=$(cat "//'${jcllib_location}(ZWEIMVS)'") print_message "Template JCL: ${prefix}.SZWESAMP(ZWEIMVS) , Executable JCL: ${jcllib_location}(ZWEIMVS)" print_message "--- JCL Content ---" @@ -92,7 +90,7 @@ else if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then print_message "Submitting Job ZWEIMVS" - jobid=$(submit_job $jcl_file) + jobid=$(submit_job "//'${jcllib_location}(ZWEIMVS)'") code=$? if [ ${code} -ne 0 ]; then print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib_location}(ZWEIMVS)." "" 161 @@ -101,7 +99,6 @@ else jobstate=$(wait_for_job "${jobid}") code=$? - rm $jcl_file if [ ${code} -eq 1 ]; then print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 fi @@ -118,7 +115,6 @@ else print_message "JCL not submitted, command run with dry run flag." print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" print_level2_message "Command run successfully." - rm $jcl_file fi fi diff --git a/bin/commands/init/security/.parameters b/bin/commands/init/security/.parameters index 62b1a05778..aa7b7c7da6 100644 --- a/bin/commands/init/security/.parameters +++ b/bin/commands/init/security/.parameters @@ -1,2 +1,2 @@ -security-dry-run||boolean|||||Whether to dry run security related setup. +security-dry-run,dry-run||boolean|||||Generates and prints JCL but does not execute ignore-security-failures||boolean|||||Whether to ignore security setup job failures. diff --git a/bin/commands/init/security/index.sh b/bin/commands/init/security/index.sh index 329c1a4099..e93639def7 100644 --- a/bin/commands/init/security/index.sh +++ b/bin/commands/init/security/index.sh @@ -74,9 +74,7 @@ if [ -z "${security_stcs_aux}" ]; then fi -jcl_file=$(create_tmp_file) -copy_mvs_to_uss "${jcllib}(ZWEI${security_product})" "${jcl_file}" -jcl_contents=$(cat "${jcl_file}") +jcl_contents=$(cat "//'${jcllib}(ZWEI${security_product})'") print_message "Template JCL: ${prefix}.SZWESAMP(ZWEI${security_product}) , Executable JCL: ${jcllib}(ZWEI${security_product})" print_message "--- JCL Content ---" @@ -87,7 +85,6 @@ job_has_failures= if [ "${ZWE_CLI_PARAMETER_SECURITY_DRY_RUN}" = "true" ]; then print_message "JCL not submitted, command run with dry run flag." print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" - rm $jcl_file else ############################### # submit job diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index ec0212ae68..8dc32044d5 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -79,9 +79,7 @@ if [ "${vsam_existence}" = "true" ]; then fi -jcl_file=$(create_tmp_file) -copy_mvs_to_uss "${jcllib}(ZWECSVSM)" "${jcl_file}" -jcl_contents=$(cat "${jcl_file}") +jcl_contents=$(cat "//'${jcllib}(ZWECSVSM)") print_message "Template JCL: ${prefix}.SZWESAMP(ZWECSVSM) , Executable JCL: ${jcllib}(ZWECSVSM)" print_message "--- JCL Content ---" @@ -90,7 +88,7 @@ print_message "--- End of JCL ---" if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then print_message "Submitting Job ZWECSVSM" - jobid=$(submit_job $jcl_file) + jobid=$(submit_job "//'${jcllib}(ZWECSVSM)'") code=$? if [ ${code} -ne 0 ]; then print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib}(ZWECSVSM)." "" 161 @@ -99,7 +97,6 @@ if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then jobstate=$(wait_for_job "${jobid}") code=$? - rm $jcl_file if [ ${code} -eq 1 ]; then print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 fi @@ -116,5 +113,4 @@ else print_message "JCL not submitted, command run with dry run flag." print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" print_level2_message "Command run successfully." - rm $jcl_file fi diff --git a/bin/libs/certificate.sh b/bin/libs/certificate.sh index 13dec5e1d4..d82e205563 100644 --- a/bin/libs/certificate.sh +++ b/bin/libs/certificate.sh @@ -838,6 +838,15 @@ keyring_run_zwekring_jcl() { validity="${16:-${ZWE_PRIVATE_DEFAULT_CERTIFICATE_VALIDITY}}" security_product=${17:-RACF} + member_prefix="ZWEIK" + if [ "${security_product}" = "TSS" ]; then + member_name="${member_prefix}T${jcloption}" + elif [ "${security_product}" = "ACF2" ]; then + member_name="${member_prefix}A${jcloption}" + else + member_name="${member_prefix}R${jcloption}" + fi + # generate from domains list domain_name= ip_address= @@ -895,67 +904,20 @@ EOF validity_ymd=$("${date_add_util}" ${validity} YYYY-MM-DD) validity_mdy=$("${date_add_util}" ${validity} MM/DD/YY) - # option 2 needs further changes on JCL - racf_connect1="s/dummy/dummy/" - racf_connect2="s/dummy/dummy/" - acf2_connect="s/dummy/dummy/" - tss_connect="s/dummy/dummy/" - if [ "${jcloption}" = "2" ]; then - if [ "${connect_user}" = "SITE" ]; then - racf_connect1="s/^ \+RACDCERT CONNECT[(]SITE | ID[(]userid[)].*\$/ RACDCERT CONNECT(SITE +/" - acf2_connect="s/^ \+CONNECT CERTDATA[(]SITECERT\.digicert | userid\.digicert[)].*\$/ CONNECT CERTDATA(SITECERT.${connect_label}) -/" - tss_connect="s/^ \+RINGDATA[(]CERTSITE|userid,digicert[)].*\$/ RINGDATA(CERTSITE,${connect_label}) +/" - elif [ -n "${connect_user}" ]; then - racf_connect1="s/^ \+RACDCERT CONNECT[(]SITE | ID[(]userid[)].*\$/ RACDCERT CONNECT(ID(${connect_user}) +/" - acf2_connect="s/^ \+CONNECT CERTDATA[(]SITECERT\.digicert | userid\.digicert[)].*\$/ CONNECT CERTDATA(${connect_user}.${connect_label}) -/" - tss_connect="s/^ \+RINGDATA[(]CERTSITE|userid,digicert[)].*\$/ RINGDATA(${connect_user},${connect_label}) +/" - fi - racf_connect2="s/^ \+LABEL[(]'certlabel'[)].*\$/ LABEL('${connect_label}') +/" - fi - - # used by ACF2 - stc_group=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.groups.stc") - if [ -z "${stc_group}" ]; then - stc_group=${ZWE_PRIVATE_DEFAULT_ADMIN_GROUP} - fi - ############################### # prepare ZWEKRING JCL - print_message ">>>> Modify ZWEKRING" + print_debug ">>>> Prepare ${member_name}" print_debug "- Create temp file" tmpfile=$(create_tmp_file $(echo "zwe ${ZWE_CLI_COMMANDS_LIST}" | sed "s# #-#g")) - print_debug " > temp file: ${tmpfile}" - print_debug "- Create temp data set member" - tmpdsm=$(create_data_set_tmp_member "${jcllib}" "ZW$(date +%H%M)") print_debug " > data set member: ${jcllib}(tmpdsm)" - print_debug "- Copy ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWEKRING) to ${tmpfile}" - result=$(cat "//'${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWEKRING)'" | \ - sed "s/^\/\/ \+SET \+PRODUCT=.*\$/\/\/ SET PRODUCT=${security_product}/" | \ - sed "s/^\/\/ \+SET \+ZOWEUSER=.*\$/\/\/ SET ZOWEUSER=${keyring_owner:-${ZWE_PRIVATE_DEFAULT_ZOWE_USER}}/" | \ - sed "s/^\/\/ \+SET \+ZOWERING=.*\$/\/\/ SET ZOWERING='${keyring_name}'/" | \ - sed "s/^\/\/ \+SET \+OPTION=.*\$/\/\/ SET OPTION=${jcloption}/" | \ - sed "s/^\/\/ \+SET \+LABEL=.*\$/\/\/ SET LABEL='${alias}'/" | \ - sed "s/^\/\/ \+SET \+LOCALCA=.*\$/\/\/ SET LOCALCA='${ca_alias}'/" | \ - sed "s/^\/\/ \+SET \+CN=.*\$/\/\/ SET CN='${ZWE_PRIVATE_CERTIFICATE_COMMON_NAME:-${ZWE_PRIVATE_DEFAULT_CERTIFICATE_COMMON_NAME}}'/" | \ - sed "s/^\/\/ \+SET \+OU=.*\$/\/\/ SET OU='${ZWE_PRIVATE_CERTIFICATE_ORG_UNIT:-${ZWE_PRIVATE_DEFAULT_CERTIFICATE_ORG_UNIT}}'/" | \ - sed "s/^\/\/ \+SET \+O=.*\$/\/\/ SET O='${ZWE_PRIVATE_CERTIFICATE_ORG:-${ZWE_PRIVATE_DEFAULT_CERTIFICATE_ORG}}'/" | \ - sed "s/^\/\/ \+SET \+L=.*\$/\/\/ SET L='${ZWE_PRIVATE_CERTIFICATE_LOCALITY:-${ZWE_PRIVATE_DEFAULT_CERTIFICATE_LOCALITY}}'/" | \ - sed "s/^\/\/ \+SET \+SP=.*\$/\/\/ SET SP='${ZWE_PRIVATE_CERTIFICATE_STATE:-${ZWE_PRIVATE_DEFAULT_CERTIFICATE_STATE}}'/" | \ - sed "s/^\/\/ \+SET \+C=.*\$/\/\/ SET C='${ZWE_PRIVATE_CERTIFICATE_COUNTRY:-${ZWE_PRIVATE_DEFAULT_CERTIFICATE_COUNTRY}}'/" | \ - sed "s/^\/\/ \+SET \+HOSTNAME=.*\$/\/\/ SET HOSTNAME='${domain_name}'/" | \ + print_debug "- Copy ${jcllib}(${member_name}) to ${tmpfile}" + result=$(cat "//'${jcllib}(${member_name})'" | \ sed "s/^\/\/ \+SET \+IPADDRES=.*\$/\/\/ SET IPADDRES='${ip_address}'/" | \ - sed "s/^\/\/ \+SET \+DSNAME=.*\$/\/\/ SET DSNAME=${import_ds_name}/" | \ - sed "s/^\/\/ \+SET \+PKCSPASS=.*\$/\/\/ SET PKCSPASS='${import_ds_password}'/" | \ sed "s/^\/\/ \+SET \+IFZOWECA=.*\$/\/\/ SET IFZOWECA=${import_ext_ca}/" | \ sed "s/^\/\/ \+SET \+ITRMZWCA=.*\$/\/\/ SET ITRMZWCA='${import_ext_intermediate_ca_label}'/" | \ sed "s/^\/\/ \+SET \+ROOTZWCA=.*\$/\/\/ SET ROOTZWCA='${import_ext_root_ca_label}'/" | \ sed "s/^\/\/ \+SET \+IFROZFCA=.*\$/\/\/ SET IFROZFCA=${trust_zosmf}/" | \ sed "s/^\/\/ \+SET \+ROOTZFCA=.*\$/\/\/ SET ROOTZFCA='${zosmf_root_ca}'/" | \ - sed "s/^\/\/ \+SET \+STCGRP=.*\$/\/\/ SET STCGRP=${stc_group}/" | \ - sed "${racf_connect1}" | \ - sed "${racf_connect2}" | \ - sed "${acf2_connect}" | \ - sed "${tss_connect}" | \ sed "s/2030-05-01/${validity_ymd}/g" | \ sed "s#05/01/30#${validity_mdy}#g" \ > "${tmpfile}") @@ -977,30 +939,38 @@ EOF fi fi if [ ! -f "${tmpfile}" ]; then - print_error "Error ZWEL0159E: Failed to modify ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWEKRING)" + print_error "Error ZWEL0159E: Failed to modify ${jcllib}(${member_name})" return 159 fi - print_trace "- Ensure ${tmpfile} encoding before copying into data set" - ensure_file_encoding "${tmpfile}" "SPDX-License-Identifier" - print_trace "- ${tmpfile} created, copy to ${jcllib}(${tmpdsm})" - copy_to_data_set "${tmpfile}" "${jcllib}(${tmpdsm})" "" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" - code=$? - print_trace "- Delete ${tmpfile}" - rm -f "${tmpfile}" - if [ ${code} -ne 0 ]; then - print_error "Error ZWEL0160E: Failed to write to ${jcllib}(${tmpdsm}). Please check if target data set is opened by others." - return 160 - fi - print_message " - ${jcllib}(${tmpdsm}) is prepared" - print_message - ############################### - # submit job + jcl_contents=$(cat "${tmpfile}") + + print_message "Template JCL: ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(${member_name}) , Executable JCL: ${jcllib}(${member_name})" + print_message "--- JCL Content ---" + print_message "$jcl_contents" + print_message "--- End of JCL ---" + if [ "${ZWE_CLI_PARAMETER_SECURITY_DRY_RUN}" = "true" ]; then - print_message "Dry-run mode, JCL will NOT be submitted on the system." - print_message "Please submit ${jcllib}(${tmpdsm}) manually." + print_message "JCL not submitted, command run with dry run flag." + print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" + rm "${tmpfile}" else - print_message ">>>> Submit ${jcllib}(${tmpdsm})" + print_trace "- Ensure ${tmpfile} encoding before copying into data set" + ensure_file_encoding "${tmpfile}" "SPDX-License-Identifier" + print_trace "- ${tmpfile} created, writing back to ${jcllib}(${member_name})" + copy_to_data_set "${tmpfile}" "${jcllib}(${member_name})" "" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" + code=$? + print_trace "- Delete ${tmpfile}" + rm -f "${tmpfile}" + if [ ${code} -ne 0 ]; then + print_error "Error ZWEL0160E: Failed to write to ${jcllib}(${tmpdsm}). Please check if target data set is opened by others." + return 160 + fi + print_debug " - ${jcllib}(${member_name}) is prepared" + + ############################### + # submit job + print_message "Submitting Job ${member_name})" jobid=$(submit_job "//'${jcllib}(${tmpdsm})'") code=$? if [ ${code} -ne 0 ]; then @@ -1041,72 +1011,20 @@ keyring_run_zwenokyr_jcl() { ca_alias="${6}" security_product=${7:-RACF} - # used by ACF2 - stc_group=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.groups.stc") - if [ -z "${stc_group}" ]; then - stc_group=${ZWE_PRIVATE_DEFAULT_ADMIN_GROUP} - fi - - ############################### - # prepare ZWENOKYR JCL - print_message ">>>> Modify ZWENOKYR" - print_debug "- Create temp file" - tmpfile=$(create_tmp_file $(echo "zwe ${ZWE_CLI_COMMANDS_LIST}" | sed "s# #-#g")) - print_debug " > temp file: ${tmpfile}" - print_debug "- Create temp data set member" - tmpdsm=$(create_data_set_tmp_member "${jcllib}" "ZW$(date +%H%M)") - print_debug " > data set member: ${jcllib}(tmpdsm)" - print_debug "- Copy ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWENOKYR) to ${tmpfile}" - result=$(cat "//'${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWENOKYR)'" | \ - sed "s/^\/\/ \+SET \+PRODUCT=.*\$/\/\/ SET PRODUCT=${security_product}/" | \ - sed "s/^\/\/ \+SET \+ZOWEUSER=.*\$/\/\/ SET ZOWEUSER=${keyring_owner:-${ZWE_PRIVATE_DEFAULT_ZOWE_USER}}/" | \ - sed "s/^\/\/ \+SET \+ZOWERING=.*\$/\/\/ SET ZOWERING='${keyring_name}'/" | \ - sed "s/^\/\/ \+SET \+LABEL=.*\$/\/\/ SET LABEL='${alias}'/" | \ - sed "s/^\/\/ \+SET \+LOCALCA=.*\$/\/\/ SET LOCALCA='${ca_alias}'/" | \ - sed "s/^\/\/ \+SET \+STCGRP=.*\$/\/\/ SET STCGRP=${stc_group}/" \ - > "${tmpfile}") - code=$? - chmod 700 "${tmpfile}" - if [ ${code} -eq 0 ]; then - print_debug " * Succeeded" - print_trace " * Exit code: ${code}" - print_trace " * Output:" - if [ -n "${result}" ]; then - print_trace "$(padding_left "${result}" " ")" - fi - else - print_debug " * Failed" - print_error " * Exit code: ${code}" - print_error " * Output:" - if [ -n "${result}" ]; then - print_error "$(padding_left "${result}" " ")" - fi - fi - if [ ! -f "${tmpfile}" ]; then - print_error "Error ZWEL0159E: Failed to modify ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWENOKYR)" - return 159 - fi - print_trace "- Ensure ${tmpfile} encoding before copying into data set" - ensure_file_encoding "${tmpfile}" "SPDX-License-Identifier" - print_trace "- ${tmpfile} created, copy to ${jcllib}(${tmpdsm})" - copy_to_data_set "${tmpfile}" "${jcllib}(${tmpdsm})" "" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" - code=$? - print_trace "- Delete ${tmpfile}" - rm -f "${tmpfile}" - if [ ${code} -ne 0 ]; then - print_error "Error ZWEL0160E: Failed to write to ${jcllib}(${tmpdsm}). Please check if target data set is opened by others." - return 160 - fi - print_message " - ${jcllib}(${tmpdsm}) is prepared" - print_message + jcl_contents=$(cat "//'${jcllib}(ZWENOKYR)'") + print_message "Template JCL: ${prefix}.SZWESAMP(ZWENOKYR) , Executable JCL: ${jcllib}(ZWENOKYR)" + print_message "--- JCL Content ---" + print_message "$jcl_contents" + print_message "--- End of JCL ---" + ############################### # submit job if [ "${ZWE_CLI_PARAMETER_SECURITY_DRY_RUN}" = "true" ]; then - print_message "Dry-run mode, JCL will NOT be submitted on the system." - print_message "Please submit ${jcllib}(${tmpdsm}) manually." + print_message "JCL not submitted, command run with dry run flag." + print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" else - print_message ">>>> Submit ${jcllib}(${tmpdsm})" + print_message "Submitting Job ZWENOKYR" jobid=$(submit_job "//'${jcllib}(${tmpdsm})'") code=$? if [ ${code} -ne 0 ]; then diff --git a/example-zowe.yaml b/example-zowe.yaml index e944ca9760..9540b5f92e 100644 --- a/example-zowe.yaml +++ b/example-zowe.yaml @@ -190,6 +190,11 @@ zowe: # # **COMMONLY_CUSTOMIZED** # # label of Zowe CA certificate. Optional, default value is localca. # caLabel: localca + # # If zowe.verifyCertificates is not DISABLED, zOSMF certificate + # # Will be registered with the truststore. You can customize how this is performed here. + # zOSMF: + # ca: "_auto_" + # user: "IZUSVR" # # Distinguished name for Zowe generated certificates. All optional. # dname: # caCommonName: "" @@ -210,6 +215,7 @@ zowe: # # - dvipa.my-company.com # # - 12.34.56.78 + # # >>>> Certificate setup scenario 4 # # Zowe generated z/OS Keyring and connect to existing certificate # certificate: @@ -226,6 +232,12 @@ zowe: # # **COMMONLY_CUSTOMIZED** # # Label of the existing certificate will be connected to Zowe keyring. # label: "" + # # If zowe.verifyCertificates is not DISABLED, zOSMF certificate + # # Will be registered with the truststore. You can customize how this is performed here. + # zOSMF: + # ca: "_auto_" + # user: "IZUSVR" + # # **COMMONLY_CUSTOMIZED** # # If you have other certificate authorities want to be trusted in Zowe keyring, # # list the certificate labels here. @@ -254,6 +266,11 @@ zowe: # # **COMMONLY_CUSTOMIZED** # # Password for the PKCS12 data set. # password: "" + # # If zowe.verifyCertificates is not DISABLED, zOSMF certificate + # # Will be registered with the truststore. You can customize how this is performed here. + # zOSMF: + # ca: "_auto_" + # user: "IZUSVR" # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # VSAM configurations if you are using VSAM as Caching Service storage diff --git a/files/SZWESAMP/ZWEIKRA1 b/files/SZWESAMP/ZWEIKRA1 new file mode 100644 index 0000000000..b27c1db2e6 --- /dev/null +++ b/files/SZWESAMP/ZWEIKRA1 @@ -0,0 +1,241 @@ +//ZWEIKRA1 JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* Zowe Open Source Project +//* This JCL can be used to define key ring and certificates for Zowe +//* +//********************************************************************* +//* ATTENTION! +//* Configure certificate for Zowe +//* Select one of three options which is the most suitable for your +//* environment and follow the appropriate action +//* +//* Options: +//* 1. (default option) Generate Zowe's certificate that will be +//* signed by the Zowe's local CA +//* +//* 2. Zowe's certificate is already loaded in RACF database +//* ACTION: +//* a. modify the following snippet +//* CONNECT(SITE | ID(userid) + +//* LABEL('certlabel') + +//* to match the owner of the desired certificate +//* +//* 3. Import external Zowe's certificate from a data set in PKCS12 +//* format +//* +//********************************************************************* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* 2) Update the SET IPADDRES= variable to match the IP address +//* where Zowe is to run. +//* +//* 3) If you have external certificate authorities for ITRMZWCA +//* and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +//* +//* 4) Update the SET ITRMZWCA= variable to match the intermediate +//* CA of the Zowe certificate. It is only applicable if Zowe +//* certificate signed by a recognized certificate authority (CA). +//* +//* 5) Update the SET ROOTZWCA= variable to match the root CA of the +//* Zowe certificate. It is only applicable if Zowe certificate +//* signed by a recognized certificate authority (CA). +//* +//* 6) If you enable VERIFY_CERTIFICATES or +//* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* IFROZFCA to 1 to connect z/OSMF certificate authority to +//* Zowe keyring. Otherwise set to 0. +//* +//* 7) Customize the commands in the DD statement that matches your +//* security product so that they meet your system requirements. +//* +//* Note(s): +//* +//* 1. The userid that runs this job must have sufficient authority +//* to alter security definitions +//* +//* 2. Assumption: signing CA chain of the Zowe external certificate is +//* added to the security database under the CERTAUTH userid. +//* +//* 3. If the Zowe certificate is imported from a data set then +//* the certificate has to be in PKCS12 format and has to +//* contain Zowe certificate's signing CA chain and private key. +//* +//* 4. This job WILL complete with return code 0. +//* The results of each command must be verified after completion. +//* +//********************************************************************* +// EXPORT SYMLIST=* +//* +//* * IP address of the system where Zowe is to run +// SET IPADDRES='' +//* * If you have external certificate authorities for ITRMZWCA +//* * and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +// SET IFZOWECA=0 +//* * Label of the intermediate CA of the Zowe certificate +//* if applicable +// SET ITRMZWCA='' +//* * Label of the root CA of the Zowe certificate if applicable +// SET ROOTZWCA='' +//* * If you enable VERIFY_CERTIFICATES or +//* * NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* * IFROZFCA to 1 to connect z/OSMF certificate authority to +//* * Zowe keyring. Otherwise set to 0. +// SET IFROZFCA=0 +//******************************************************************* +//* +//* * You do NOT need to set USERNAME when running ZWEGENER. +//* * This is used to keep some lines under the column limit. +//* +// SET USERNAME={zowe.setup.security.users.zowe} +//* +//********************************************************************* +//* +//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT +//* +//RUNACF2 EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +// +* Create the keyring .............................................. */ + SET PROFILE(USER) DIVISION(KEYRING) + INSERT {zowe.setup.security.users.zowe}..ZOWERING + + RINGNAME({zowe.setup.certificate.keyring.name}.) + F ACF2,REBUILD(USR),CLASS(P),DIVISION(KEYRING) +$$ +//RUNOPT1 EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +// +* Option 1 - Default Option - BEGINNING ........................... */ +* Create Zowe's local CA authority ................................ */ + SET PROFILE(USER) DIVISION(CERTDATA) + GENCERT CERTAUTH.ZOWECA - + LABEL({zowe.setup.certificate.keyring.caLabel}) SIZE(2048) - + SUBJSDN(CN='{zowe.setup.certificate.dname}. CA' - + OU='{zowe.setup.certificate.dname.orgUnit}.' - + O='{zowe.setup.certificate.dname.org}.' - + L='{zowe.setup.certificate.dname.locality}.' - + SP='{zowe.setup.certificate.dname.state}.' - + C='{zowe.setup.certificate.dname.country}.') - + EXPIRE(05/01/30) - + KEYUSAGE(CERTSIGN) +* +* Connect Zowe's local CA authority to the keyring ................ */ + SET PROFILE(USER) DIVISION(CERTDATA) + CONNECT CERTDATA(CERTAUTH.ZOWECA) - + RINGNAME({zowe.setup.certificate.keyring.name}.) - + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) + CHKCERT CERTAUTH.ZOWECA +* +* Create a certificate signed by local zowe's CA .................. */ + SET PROFILE(USER) DIV(CERTDATA) + GENCERT {zowe.setup.security.users.zowe}..ZOWECERT - + SUBJSDN(CN='{zowe.setup.certificate.dname}. certificate' - + OU='{zowe.setup.certificate.dname.orgUnit}.' - + O='{zowe.setup.certificate.dname.org}.' - + L='{zowe.setup.certificate.dname.locality}.' - + SP='{zowe.setup.certificate.dname.state}.' - + C='{zowe.setup.certificate.dname.country}.') - + SIZE(2048) - + EXPIRE(05/01/30) - + LABEL({zowe.setup.certificate.keyring.label}.) - + KEYUSAGE(HANDSHAKE) - + ALTNAME(IP=&IPADDRES DOMAIN={zowe.externalDomains.0}) - + SIGNWITH(CERTAUTH.ZOWECA) +* +* Connect a Zowe's certificate with the keyring ................... */ + SET PROFILE(USER) DIVISION(CERTDATA) + CONNECT CERTDATA({zowe.setup.security.users.zowe}..ZOWECERT) - + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - + USAGE(PERSONAL) DEFAULT + CHKCERT {zowe.setup.security.users.zowe}..ZOWECERT +* +* Option 1 - Default Option - END ................................. */ +$$ +//* +//IFZWCA IF (&IFZOWECA EQ 1) THEN +//RUNZWCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +// +* Connect all CAs of the Zowe certificate's signing chain with the */ +* keyring ......................................................... */ + SET PROFILE(USER) DIVISION(CERTDATA) + CONNECT CERTDATA(CERTAUTH.&ITRMZWCA.) - + RINGNAME({zowe.setup.certificate.keyring.name}.) - + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) +* + CONNECT CERTDATA(CERTAUTH.&ROOTZWCA.) - + RINGNAME({zowe.setup.certificate.keyring.name}.) - + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) +$$ +//IFZWCAED ENDIF +//* +//IFZFCA IF (&IFROZFCA EQ 1) THEN +//RUNZFCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +// +* Connect the z/OSMF root CA signed by a recognized certificate ... */ +* authority (CA) with the keyring ................................. */ + SET PROFILE(USER) DIVISION(CERTDATA) + CONNECT - + CERTDATA(CERTAUTH.{zowe.setup.certificate.keyring.zOSMF.ca}.) - + RINGNAME({zowe.setup.certificate.keyring.name}.) - + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - + USAGE(CERTAUTH) +$$ +//IFZFCAED ENDIF +//* +//COMACF2 EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +// +* A common part for all options - BEGINNING ....................... */ +* +* Allow ZOWEUSER to access keyring ................................ */ + SET RESOURCE(FAC) + RECKEY IRR ADD(DIGTCERT.LISTRING - + ROLE({zowe.setup.security.groups.stc}) - + SERVICE(READ) ALLOW) +* +* Uncomment this command if SITE acid owns the Zowe certificate ... */ +* RECKEY IRR ADD(DIGTCERT.GENCERT - +* ROLE({zowe.setup.security.groups.stc}) - +* SERVICE(CONTROL) ALLOW) +* + F ACF2,REBUILD(FAC) +* +* List the keyring ................................................ */ + SET PROFILE(USER) DIVISION(KEYRING) + LIST {zowe.setup.security.users.zowe}..ZOWERING +* Common part - END ............................................... */ +$$ +//* diff --git a/files/SZWESAMP/ZWEIKRA2 b/files/SZWESAMP/ZWEIKRA2 new file mode 100644 index 0000000000..d30cce8599 --- /dev/null +++ b/files/SZWESAMP/ZWEIKRA2 @@ -0,0 +1,207 @@ +//ZWEIKRA2 JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* Zowe Open Source Project +//* This JCL can be used to define key ring and certificates for Zowe +//* +//********************************************************************* +//* ATTENTION! +//* Configure certificate for Zowe +//* Select one of three options which is the most suitable for your +//* environment and follow the appropriate action +//* +//* Options: +//* 1. (default option) Generate Zowe's certificate that will be +//* signed by the Zowe's local CA +//* +//* 2. Zowe's certificate is already loaded in RACF database +//* ACTION: +//* a. modify the following snippet +//* CONNECT(SITE | ID(userid) + +//* LABEL('certlabel') + +//* to match the owner of the desired certificate +//* +//* 3. Import external Zowe's certificate from a data set in PKCS12 +//* format +//* +//********************************************************************* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* 2) Update the SET IPADDRES= variable to match the IP address +//* where Zowe is to run. +//* +//* 3) If you have external certificate authorities for ITRMZWCA +//* and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +//* +//* 4) Update the SET ITRMZWCA= variable to match the intermediate +//* CA of the Zowe certificate. It is only applicable if Zowe +//* certificate signed by a recognized certificate authority (CA). +//* +//* 5) Update the SET ROOTZWCA= variable to match the root CA of the +//* Zowe certificate. It is only applicable if Zowe certificate +//* signed by a recognized certificate authority (CA). +//* +//* 6) If you enable VERIFY_CERTIFICATES or +//* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* IFROZFCA to 1 to connect z/OSMF certificate authority to +//* Zowe keyring. Otherwise set to 0. +//* +//* 7) Customize the commands in the DD statement that matches your +//* security product so that they meet your system requirements. +//* +//* Note(s): +//* +//* 1. The userid that runs this job must have sufficient authority +//* to alter security definitions +//* +//* 2. Assumption: signing CA chain of the Zowe external certificate is +//* added to the security database under the CERTAUTH userid. +//* +//* 3. If the Zowe certificate is imported from a data set then +//* the certificate has to be in PKCS12 format and has to +//* contain Zowe certificate's signing CA chain and private key. +//* +//* 4. This job WILL complete with return code 0. +//* The results of each command must be verified after completion. +//* +//********************************************************************* +// EXPORT SYMLIST=* +//* +//* * IP address of the system where Zowe is to run +// SET IPADDRES='' +//* * If you have external certificate authorities for ITRMZWCA +//* * and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +// SET IFZOWECA=0 +//* * Label of the intermediate CA of the Zowe certificate +//* if applicable +// SET ITRMZWCA='' +//* * Label of the root CA of the Zowe certificate if applicable +// SET ROOTZWCA='' +//* * If you enable VERIFY_CERTIFICATES or +//* * NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* * IFROZFCA to 1 to connect z/OSMF certificate authority to +//* * Zowe keyring. Otherwise set to 0. +// SET IFROZFCA=0 +//******************************************************************* +//* +//* * You do NOT need to set USERNAME when running ZWEGENER. +//* * This is used to keep some lines under the column limit. +//* +// SET USERNAME={zowe.setup.security.users.zowe} +//* +//********************************************************************* +//* +//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT +//* +//RUNACF2 EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +// +* Create the keyring .............................................. */ + SET PROFILE(USER) DIVISION(KEYRING) + INSERT {zowe.setup.security.users.zowe}..ZOWERING + + RINGNAME({zowe.setup.certificate.keyring.name}.) + F ACF2,REBUILD(USR),CLASS(P),DIVISION(KEYRING) +$$ +//* +//RUNOPT2 EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +// +* Option 2 - BEGINNING ............................................ */ +* Connect a Zowe's certificate with the keyring ................... */ + SET PROFILE(USER) DIVISION(CERTDATA) + CONNECT CERTDATA(SITECERT.digicert | userid.digicert) - + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - + USAGE(PERSONAL) DEFAULT + CHKCERT {zowe.setup.security.users.zowe}..ZOWECERT +* +* Option 2 - END .................................................. */ +$$ +//IFOPT2ED ENDIF +//* +//IFZWCA IF (&IFZOWECA EQ 1) THEN +//RUNZWCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +// +* Connect all CAs of the Zowe certificate's signing chain with the */ +* keyring ......................................................... */ + SET PROFILE(USER) DIVISION(CERTDATA) + CONNECT CERTDATA(CERTAUTH.&ITRMZWCA.) - + RINGNAME({zowe.setup.certificate.keyring.name}.) - + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) +* + CONNECT CERTDATA(CERTAUTH.&ROOTZWCA.) - + RINGNAME({zowe.setup.certificate.keyring.name}.) - + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) +$$ +//IFZWCAED ENDIF +//* +//IFZFCA IF (&IFROZFCA EQ 1) THEN +//RUNZFCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +// +* Connect the z/OSMF root CA signed by a recognized certificate ... */ +* authority (CA) with the keyring ................................. */ + SET PROFILE(USER) DIVISION(CERTDATA) + CONNECT - + CERTDATA(CERTAUTH.{zowe.setup.certificate.keyring.zOSMF.ca}.) - + RINGNAME({zowe.setup.certificate.keyring.name}.) - + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - + USAGE(CERTAUTH) +$$ +//IFZFCAED ENDIF +//* +//COMACF2 EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +// +* A common part for all options - BEGINNING ....................... */ +* +* Allow ZOWEUSER to access keyring ................................ */ + SET RESOURCE(FAC) + RECKEY IRR ADD(DIGTCERT.LISTRING - + ROLE({zowe.setup.security.groups.stc}) - + SERVICE(READ) ALLOW) +* +* Uncomment this command if SITE acid owns the Zowe certificate ... */ +* RECKEY IRR ADD(DIGTCERT.GENCERT - +* ROLE({zowe.setup.security.groups.stc}) - +* SERVICE(CONTROL) ALLOW) +* + F ACF2,REBUILD(FAC) +* +* List the keyring ................................................ */ + SET PROFILE(USER) DIVISION(KEYRING) + LIST {zowe.setup.security.users.zowe}..ZOWERING +* Common part - END ............................................... */ +$$ +//* diff --git a/files/SZWESAMP/ZWEIKRA3 b/files/SZWESAMP/ZWEIKRA3 new file mode 100644 index 0000000000..a971eb141b --- /dev/null +++ b/files/SZWESAMP/ZWEIKRA3 @@ -0,0 +1,214 @@ +//ZWEIKRA3 JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* Zowe Open Source Project +//* This JCL can be used to define key ring and certificates for Zowe +//* +//********************************************************************* +//* ATTENTION! +//* Configure certificate for Zowe +//* Select one of three options which is the most suitable for your +//* environment and follow the appropriate action +//* +//* Options: +//* 1. (default option) Generate Zowe's certificate that will be +//* signed by the Zowe's local CA +//* +//* 2. Zowe's certificate is already loaded in RACF database +//* ACTION: +//* a. modify the following snippet +//* CONNECT(SITE | ID(userid) + +//* LABEL('certlabel') + +//* to match the owner of the desired certificate +//* +//* 3. Import external Zowe's certificate from a data set in PKCS12 +//* format +//* +//********************************************************************* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* 2) Update the SET IPADDRES= variable to match the IP address +//* where Zowe is to run. +//* +//* 3) If you have external certificate authorities for ITRMZWCA +//* and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +//* +//* 4) Update the SET ITRMZWCA= variable to match the intermediate +//* CA of the Zowe certificate. It is only applicable if Zowe +//* certificate signed by a recognized certificate authority (CA). +//* +//* 5) Update the SET ROOTZWCA= variable to match the root CA of the +//* Zowe certificate. It is only applicable if Zowe certificate +//* signed by a recognized certificate authority (CA). +//* +//* 6) If you enable VERIFY_CERTIFICATES or +//* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* IFROZFCA to 1 to connect z/OSMF certificate authority to +//* Zowe keyring. Otherwise set to 0. +//* +//* 7) Customize the commands in the DD statement that matches your +//* security product so that they meet your system requirements. +//* +//* Note(s): +//* +//* 1. The userid that runs this job must have sufficient authority +//* to alter security definitions +//* +//* 2. Assumption: signing CA chain of the Zowe external certificate is +//* added to the security database under the CERTAUTH userid. +//* +//* 3. If the Zowe certificate is imported from a data set then +//* the certificate has to be in PKCS12 format and has to +//* contain Zowe certificate's signing CA chain and private key. +//* +//* 4. This job WILL complete with return code 0. +//* The results of each command must be verified after completion. +//* +//********************************************************************* +// EXPORT SYMLIST=* +//* +//* * IP address of the system where Zowe is to run +// SET IPADDRES='' +//* * If you have external certificate authorities for ITRMZWCA +//* * and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +// SET IFZOWECA=0 +//* * Label of the intermediate CA of the Zowe certificate +//* if applicable +// SET ITRMZWCA='' +//* * Label of the root CA of the Zowe certificate if applicable +// SET ROOTZWCA='' +//* * If you enable VERIFY_CERTIFICATES or +//* * NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* * IFROZFCA to 1 to connect z/OSMF certificate authority to +//* * Zowe keyring. Otherwise set to 0. +// SET IFROZFCA=0 +//******************************************************************* +//* +//* * You do NOT need to set USERNAME when running ZWEGENER. +//* * This is used to keep some lines under the column limit. +//* +// SET USERNAME={zowe.setup.security.users.zowe} +//* +//********************************************************************* +//* +//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT +//* +//RUNACF2 EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +// +* Create the keyring .............................................. */ + SET PROFILE(USER) DIVISION(KEYRING) + INSERT {zowe.setup.security.users.zowe}..ZOWERING + + RINGNAME({zowe.setup.certificate.keyring.name}.) + F ACF2,REBUILD(USR),CLASS(P),DIVISION(KEYRING) +$$ +//* +//RUNOPT3 EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +// +* Option 3 - BEGINNING ............................................ */ +* Import external certificate from data set ....................... */ + SET PROFILE(USER) DIV(CERTDATA) + INSERT {zowe.setup.security.users.zowe}..ZOWECERT - + DSNAME('{zowe.setup.certificate.keyring.import.dsName}.') - + LABEL(&LABEL.) - + PASSWORD('{zowe.setup.certificate.keyring.import.password}.') - + TRUST +* +* Connect a Zowe's certificate with the keyring ................... */ + SET PROFILE(USER) DIVISION(CERTDATA) + CONNECT CERTDATA({zowe.setup.security.users.zowe}..ZOWECERT) - + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - + USAGE(PERSONAL) DEFAULT + CHKCERT {zowe.setup.security.users.zowe}..ZOWECERT +* +* Option 3 - END .................................................. */ +$$ +//* +//IFZWCA IF (&IFZOWECA EQ 1) THEN +//RUNZWCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +// +* Connect all CAs of the Zowe certificate's signing chain with the */ +* keyring ......................................................... */ + SET PROFILE(USER) DIVISION(CERTDATA) + CONNECT CERTDATA(CERTAUTH.&ITRMZWCA.) - + RINGNAME({zowe.setup.certificate.keyring.name}.) - + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) +* + CONNECT CERTDATA(CERTAUTH.&ROOTZWCA.) - + RINGNAME({zowe.setup.certificate.keyring.name}.) - + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) +$$ +//IFZWCAED ENDIF +//* +//IFZFCA IF (&IFROZFCA EQ 1) THEN +//RUNZFCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +// +* Connect the z/OSMF root CA signed by a recognized certificate ... */ +* authority (CA) with the keyring ................................. */ + SET PROFILE(USER) DIVISION(CERTDATA) + CONNECT - + CERTDATA(CERTAUTH.{zowe.setup.certificate.keyring.zOSMF.ca}.) - + RINGNAME({zowe.setup.certificate.keyring.name}.) - + KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - + USAGE(CERTAUTH) +$$ +//IFZFCAED ENDIF +//* +//COMACF2 EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +// +* A common part for all options - BEGINNING ....................... */ +* +* Allow ZOWEUSER to access keyring ................................ */ + SET RESOURCE(FAC) + RECKEY IRR ADD(DIGTCERT.LISTRING - + ROLE({zowe.setup.security.groups.stc}) - + SERVICE(READ) ALLOW) +* +* Uncomment this command if SITE acid owns the Zowe certificate ... */ +* RECKEY IRR ADD(DIGTCERT.GENCERT - +* ROLE({zowe.setup.security.groups.stc}) - +* SERVICE(CONTROL) ALLOW) +* + F ACF2,REBUILD(FAC) +* +* List the keyring ................................................ */ + SET PROFILE(USER) DIVISION(KEYRING) + LIST {zowe.setup.security.users.zowe}..ZOWERING +* Common part - END ............................................... */ +$$ +//* diff --git a/files/SZWESAMP/ZWEIKRR1 b/files/SZWESAMP/ZWEIKRR1 new file mode 100644 index 0000000000..7c74d618b0 --- /dev/null +++ b/files/SZWESAMP/ZWEIKRR1 @@ -0,0 +1,287 @@ +//ZWEIKRR1 JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* Zowe Open Source Project +//* This JCL can be used to define key ring and certificates for Zowe +//* +//********************************************************************* +//* ATTENTION! +//* Configure certificate for Zowe +//* Select one of three options which is the most suitable for your +//* environment and follow the appropriate action +//* +//* Options: +//* 1. (default option) Generate Zowe's certificate that will be +//* signed by the Zowe's local CA +//* +//* 2. Zowe's certificate is already loaded in RACF database +//* ACTION: +//* a. modify the following snippet +//* CONNECT(SITE | ID(userid) + +//* LABEL('certlabel') + +//* to match the owner of the desired certificate +//* +//* 3. Import external Zowe's certificate from a data set in PKCS12 +//* format +//* +//********************************************************************* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* 2) Update the SET IPADDRES= variable to match the IP address +//* where Zowe is to run. +//* +//* 3) If you have external certificate authorities for ITRMZWCA +//* and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +//* +//* 4) Update the SET ITRMZWCA= variable to match the intermediate +//* CA of the Zowe certificate. It is only applicable if Zowe +//* certificate signed by a recognized certificate authority (CA). +//* +//* 5) Update the SET ROOTZWCA= variable to match the root CA of the +//* Zowe certificate. It is only applicable if Zowe certificate +//* signed by a recognized certificate authority (CA). +//* +//* 6) If you enable VERIFY_CERTIFICATES or +//* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* IFROZFCA to 1 to connect z/OSMF certificate authority to +//* Zowe keyring. Otherwise set to 0. +//* +//* 7) Customize the commands in the DD statement that matches your +//* security product so that they meet your system requirements. +//* +//* Note(s): +//* +//* 1. The userid that runs this job must have sufficient authority +//* to alter security definitions +//* +//* 2. Assumption: signing CA chain of the Zowe external certificate is +//* added to the security database under the CERTAUTH userid. +//* +//* 3. If the Zowe certificate is imported from a data set then +//* the certificate has to be in PKCS12 format and has to +//* contain Zowe certificate's signing CA chain and private key. +//* +//* 4. This job WILL complete with return code 0. +//* The results of each command must be verified after completion. +//* +//********************************************************************* +// EXPORT SYMLIST=* +//* +//* * IP address of the system where Zowe is to run +// SET IPADDRES='' +//* * If you have external certificate authorities for ITRMZWCA +//* * and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +// SET IFZOWECA=0 +//* * Label of the intermediate CA of the Zowe certificate +//* if applicable +// SET ITRMZWCA='' +//* * Label of the root CA of the Zowe certificate if applicable +// SET ROOTZWCA='' +//* * If you enable VERIFY_CERTIFICATES or +//* * NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* * IFROZFCA to 1 to connect z/OSMF certificate authority to +//* * Zowe keyring. Otherwise set to 0. +// SET IFROZFCA=0 +//******************************************************************* +//* +//* * You do NOT need to set USERNAME when running ZWEGENER. +//* * This is used to keep some lines under the column limit. +//* +// SET USERNAME={zowe.setup.security.users.zowe} +//* +//********************************************************************* +//* +//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT +//* +//RUNRACF EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=RACF +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Create the keyring .............................................. */ + RACDCERT ADDRING({zowe.setup.certificate.keyring.name}.) + + ID({zowe.setup.security.users.zowe}.) + SETROPTS RACLIST(DIGTRING) REFRESH +$$ +//RUNOPT1 EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=RACF +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Option 1 - Default Option - BEGINNING ........................... */ +/* Create Zowe's local CA authority .................................*/ + RACDCERT GENCERT CERTAUTH + + SUBJECTSDN( + + CN('{zowe.setup.certificate.dname}. CA') + + OU('{zowe.setup.certificate.dname.orgUnit}.') + + O('{zowe.setup.certificate.dname.org}.') + + L('{zowe.setup.certificate.dname.locality}.') + + SP('{zowe.setup.certificate.dname.state}.') + + C('{zowe.setup.certificate.dname.country}.')) + + SIZE(2048) + + NOTAFTER(DATE(2030-05-01)) + + WITHLABEL('{zowe.setup.certificate.keyring.caLabel}') + + KEYUSAGE(CERTSIGN) + +/* Connect Zowe's local CA authority to the keyring ................ */ + RACDCERT CONNECT(CERTAUTH + + LABEL('{zowe.setup.certificate.keyring.caLabel}') + + RING({zowe.setup.certificate.keyring.name}.)) + + ID({zowe.setup.security.users.zowe}.) + +/* Create a certificate signed by local zowe's CA .................. */ + RACDCERT GENCERT ID({zowe.setup.security.users.zowe}.) + + SUBJECTSDN( + + CN('{zowe.setup.certificate.dname}. certificate') + + OU('{zowe.setup.certificate.dname.orgUnit}.') + + O('{zowe.setup.certificate.dname.org}.') + + L('{zowe.setup.certificate.dname.locality}.') + + SP('{zowe.setup.certificate.dname.state}.') + + C('{zowe.setup.certificate.dname.country}.')) + + SIZE(2048) + + NOTAFTER(DATE(2030-05-01)) + + WITHLABEL('{zowe.setup.certificate.keyring.label}.') + + KEYUSAGE(HANDSHAKE) + + ALTNAME(IP(&IPADDRES) + + DOMAIN('{zowe.externalDomains.0}')) + + SIGNWITH(CERTAUTH + + LABEL('{zowe.setup.certificate.keyring.caLabel}')) + +/* Connect a Zowe's certificate with the keyring ................... */ + RACDCERT CONNECT(ID({zowe.setup.security.users.zowe}.) + + LABEL('{zowe.setup.certificate.keyring.label}.') + + RING({zowe.setup.certificate.keyring.name}.) + + USAGE(PERSONAL) DEFAULT) + + ID({zowe.setup.security.users.zowe}.) + + SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH + +$$ +//* +//IFZWCA IF (&IFZOWECA EQ 1) THEN +//RUNZWCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=RACF +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Connect all CAs of the Zowe certificate's signing chain with the */ +/* keyring ......................................................... */ + RACDCERT CONNECT(CERTAUTH + + LABEL('&ITRMZWCA.') + + RING({zowe.setup.certificate.keyring.name}.) + + USAGE(CERTAUTH)) + + ID({zowe.setup.security.users.zowe}.) + + RACDCERT CONNECT(CERTAUTH + + LABEL('&ROOTZWCA.') + + RING({zowe.setup.certificate.keyring.name}.) + + USAGE(CERTAUTH)) + + ID({zowe.setup.security.users.zowe}.) + + SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH +$$ +//IFZWCAED ENDIF +//* +//IFZFCA IF (&IFROZFCA EQ 1) THEN +//RUNZFCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=RACF +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Connect the z/OSMF root CA signed by a recognized certificate ... */ +/* authority (CA) with the keyring ................................. */ + RACDCERT CONNECT(CERTAUTH + + LABEL('{zowe.setup.certificate.keyring.zOSMF.ca}.') + + RING({zowe.setup.certificate.keyring.name}.) + + USAGE(CERTAUTH)) + + ID({zowe.setup.security.users.zowe}.) + + SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH +$$ +//IFZFCAED ENDIF +//* +//COMRACF EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=RACF +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* A common part for all options - BEGINNING ....................... */ + +/* Allow ZOWEUSER to access keyring ................................ */ + +/* Activate RDATALIB class holding profiles that control ........... */ +/* certificate access ............................................. */ + SETROPTS CLASSACT(RDATALIB) RACLIST(RDATALIB) + +/* Define profiles that control certificate access ................. */ + RDEFINE RDATALIB + + &USERNAME..{zowe.setup.certificate.keyring.name}..LST + + UACC(NONE) + +/* Permit server user ID to access key ring and related ............ */ +/* private keys. ................................................... */ + PERMIT + + &USERNAME..{zowe.setup.certificate.keyring.name}..LST + + CLASS(RDATALIB) ID({zowe.setup.security.users.zowe}.) + + ACCESS(CONTROL) + +/* Uncomment this command to allow other user to access key ring ... */ +/* PERMIT &USERNAME..{zowe.setup.certificate.keyring.name}..LST + */ +/* CLASS(RDATALIB) ID() + */ +/* ACCESS(READ) */ + +/* Refresh to dynamically activate the changes. .................... */ + SETROPTS RACLIST(RDATALIB) REFRESH + +/* IRR.DIGTCERT logic pre-dates RDATALIB logic, and is not used when */ +/* the RDATALIB profile is used. The following PERMIT commands are . */ +/* present for customers who do not wish to use RDATALIB and want to */ +/* continue using their existing IRR.DIGTCERT setup. Note that the . */ +/* PERMIT commands will fail if the IRR.DIGTCERT profiles do not ... */ +/* already exist. .................................................. */ + PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) + + ID({zowe.setup.security.users.zowe}.) + + ACCESS(READ) + PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) + + ID({zowe.setup.security.users.zowe}.) + + ACCESS(READ) + +/* Uncomment this command if SITE user owns the Zowe certificate ... */ +/* PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) */ +/* ID({zowe.setup.security.users.zowe}.) + */ +/* ACCESS(CONTROL) */ + + SETROPTS RACLIST(FACILITY) REFRESH + +/* show results .................................................... */ + RLIST RDATALIB + + &USERNAME..{zowe.setup.certificate.keyring.name}..LST ALL + RLIST FACILITY IRR.DIGTCERT.LISTRING ALL + RLIST FACILITY IRR.DIGTCERT.LIST ALL + RLIST FACILITY IRR.DIGTCERT.GENCERT ALL + +/* List the keyring ................................................ */ + RACDCERT LISTRING({zowe.setup.certificate.keyring.name}.) + + ID({zowe.setup.security.users.zowe}.) + +/* Common part - END ............................................... */ +/* only the last RC is returned, this command ensures it is a 0 .... */ +PROFILE +$$ +//* diff --git a/files/SZWESAMP/ZWEIKRR2 b/files/SZWESAMP/ZWEIKRR2 new file mode 100644 index 0000000000..b2083d0829 --- /dev/null +++ b/files/SZWESAMP/ZWEIKRR2 @@ -0,0 +1,255 @@ +//ZWEIKRR2 JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* Zowe Open Source Project +//* This JCL can be used to define key ring and certificates for Zowe +//* +//********************************************************************* +//* ATTENTION! +//* Configure certificate for Zowe +//* Select one of three options which is the most suitable for your +//* environment and follow the appropriate action +//* +//* Options: +//* 1. (default option) Generate Zowe's certificate that will be +//* signed by the Zowe's local CA +//* +//* 2. Zowe's certificate is already loaded in RACF database +//* ACTION: +//* a. modify the following snippet +//* CONNECT(SITE | ID(userid) + +//* LABEL('certlabel') + +//* to match the owner of the desired certificate +//* +//* 3. Import external Zowe's certificate from a data set in PKCS12 +//* format +//* +//********************************************************************* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* 2) Update the SET IPADDRES= variable to match the IP address +//* where Zowe is to run. +//* +//* 3) If you have external certificate authorities for ITRMZWCA +//* and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +//* +//* 4) Update the SET ITRMZWCA= variable to match the intermediate +//* CA of the Zowe certificate. It is only applicable if Zowe +//* certificate signed by a recognized certificate authority (CA). +//* +//* 5) Update the SET ROOTZWCA= variable to match the root CA of the +//* Zowe certificate. It is only applicable if Zowe certificate +//* signed by a recognized certificate authority (CA). +//* +//* 6) If you enable VERIFY_CERTIFICATES or +//* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* IFROZFCA to 1 to connect z/OSMF certificate authority to +//* Zowe keyring. Otherwise set to 0. +//* +//* 7) Customize the commands in the DD statement that matches your +//* security product so that they meet your system requirements. +//* +//* Note(s): +//* +//* 1. The userid that runs this job must have sufficient authority +//* to alter security definitions +//* +//* 2. Assumption: signing CA chain of the Zowe external certificate is +//* added to the security database under the CERTAUTH userid. +//* +//* 3. If the Zowe certificate is imported from a data set then +//* the certificate has to be in PKCS12 format and has to +//* contain Zowe certificate's signing CA chain and private key. +//* +//* 4. This job WILL complete with return code 0. +//* The results of each command must be verified after completion. +//* +//********************************************************************* +// EXPORT SYMLIST=* +//* * IP address of the system where Zowe is to run +// SET IPADDRES='' +//* * If you have external certificate authorities for ITRMZWCA +//* * and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +// SET IFZOWECA=0 +//* * Label of the intermediate CA of the Zowe certificate +//* if applicable +// SET ITRMZWCA='' +//* * Label of the root CA of the Zowe certificate if applicable +// SET ROOTZWCA='' +//* * If you enable VERIFY_CERTIFICATES or +//* * NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* * IFROZFCA to 1 to connect z/OSMF certificate authority to +//* * Zowe keyring. Otherwise set to 0. +// SET IFROZFCA=0 +//******************************************************************* +//* +//* * You do NOT need to set USERNAME when running ZWEGENER. +//* * This is used to keep some lines under the column limit. +//* +// SET USERNAME={zowe.setup.security.users.zowe} +//* +//********************************************************************* +//* +//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT +//* +//RUNRACF EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME={zowe.setup.security.product} +//* +//********************************************************************* +//* +//* RACF ONLY, customize to meet your system requirements +//* +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Create the keyring .............................................. */ + RACDCERT ADDRING({zowe.setup.certificate.keyring.name}.) + + ID({zowe.setup.security.users.zowe}.) + SETROPTS RACLIST(DIGTRING) REFRESH +$$ +//* +//RUNOPT2 EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=RACF +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Option 2 - BEGINNING ............................................ */ +/* Connect a Zowe's certificate with the keyring ................... */ + RACDCERT CONNECT(SITE | + + ID({zowe.setup.certificate.keyring.connect.user}) + + LABEL({zowe.setup.certificate.keyring.connect.label}) + + RING({zowe.setup.certificate.keyring.name}.) + + USAGE(PERSONAL) DEFAULT) + + ID({zowe.setup.security.users.zowe}.) + + SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH + +$$ +//* +//IFZWCA IF (&IFZOWECA EQ 1) THEN +//RUNZWCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=RACF +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Connect all CAs of the Zowe certificate's signing chain with the */ +/* keyring ......................................................... */ + RACDCERT CONNECT(CERTAUTH + + LABEL('&ITRMZWCA.') + + RING({zowe.setup.certificate.keyring.name}.) + + USAGE(CERTAUTH)) + + ID({zowe.setup.security.users.zowe}.) + + RACDCERT CONNECT(CERTAUTH + + LABEL('&ROOTZWCA.') + + RING({zowe.setup.certificate.keyring.name}.) + + USAGE(CERTAUTH)) + + ID({zowe.setup.security.users.zowe}.) + + SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH +$$ +//IFZWCAED ENDIF +//* +//IFZFCA IF (&IFROZFCA EQ 1) THEN +//RUNZFCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=RACF +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Connect the z/OSMF root CA signed by a recognized certificate ... */ +/* authority (CA) with the keyring ................................. */ + RACDCERT CONNECT(CERTAUTH + + LABEL('{zowe.setup.certificate.keyring.zOSMF.ca}.') + + RING({zowe.setup.certificate.keyring.name}.) + + USAGE(CERTAUTH)) + + ID({zowe.setup.security.users.zowe}.) + + SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH +$$ +//IFZFCAED ENDIF +//* +//COMRACF EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=RACF +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* A common part for all options - BEGINNING ....................... */ + +/* Allow ZOWEUSER to access keyring ................................ */ + +/* Activate RDATALIB class holding profiles that control ........... */ +/* certificate access ............................................. */ + SETROPTS CLASSACT(RDATALIB) RACLIST(RDATALIB) + +/* Define profiles that control certificate access ................. */ + RDEFINE RDATALIB + + &USERNAME..{zowe.setup.certificate.keyring.name}..LST + + UACC(NONE) + +/* Permit server user ID to access key ring and related ............ */ +/* private keys. ................................................... */ + PERMIT + + &USERNAME..{zowe.setup.certificate.keyring.name}..LST + + CLASS(RDATALIB) ID({zowe.setup.security.users.zowe}.) + + ACCESS(CONTROL) + +/* Uncomment this command to allow other user to access key ring ... */ +/* PERMIT &USERNAME..{zowe.setup.certificate.keyring.name}..LST + */ +/* CLASS(RDATALIB) ID() + */ +/* ACCESS(READ) */ + +/* Refresh to dynamically activate the changes. .................... */ + SETROPTS RACLIST(RDATALIB) REFRESH + +/* IRR.DIGTCERT logic pre-dates RDATALIB logic, and is not used when */ +/* the RDATALIB profile is used. The following PERMIT commands are . */ +/* present for customers who do not wish to use RDATALIB and want to */ +/* continue using their existing IRR.DIGTCERT setup. Note that the . */ +/* PERMIT commands will fail if the IRR.DIGTCERT profiles do not ... */ +/* already exist. .................................................. */ + PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) + + ID({zowe.setup.security.users.zowe}.) + + ACCESS(READ) + PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) + + ID({zowe.setup.security.users.zowe}.) + + ACCESS(READ) + +/* Uncomment this command if SITE user owns the Zowe certificate ... */ +/* PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) */ +/* ID({zowe.setup.security.users.zowe}.) + */ +/* ACCESS(CONTROL) */ + + SETROPTS RACLIST(FACILITY) REFRESH + +/* show results .................................................... */ + RLIST RDATALIB + + &USERNAME..{zowe.setup.certificate.keyring.name}..LST ALL + RLIST FACILITY IRR.DIGTCERT.LISTRING ALL + RLIST FACILITY IRR.DIGTCERT.LIST ALL + RLIST FACILITY IRR.DIGTCERT.GENCERT ALL + +/* List the keyring ................................................ */ + RACDCERT LISTRING({zowe.setup.certificate.keyring.name}.) + + ID({zowe.setup.security.users.zowe}.) + +/* Common part - END ............................................... */ +/* only the last RC is returned, this command ensures it is a 0 .... */ +PROFILE +$$ +//* diff --git a/files/SZWESAMP/ZWEIKRR3 b/files/SZWESAMP/ZWEIKRR3 new file mode 100644 index 0000000000..a9c98be34b --- /dev/null +++ b/files/SZWESAMP/ZWEIKRR3 @@ -0,0 +1,258 @@ +//ZWEIKRR3 JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* Zowe Open Source Project +//* This JCL can be used to define key ring and certificates for Zowe +//* +//********************************************************************* +//* ATTENTION! +//* Configure certificate for Zowe +//* Select one of three options which is the most suitable for your +//* environment and follow the appropriate action +//* +//* Options: +//* 1. (default option) Generate Zowe's certificate that will be +//* signed by the Zowe's local CA +//* +//* 2. Zowe's certificate is already loaded in RACF database +//* ACTION: +//* a. modify the following snippet +//* CONNECT(SITE | ID(userid) + +//* LABEL('certlabel') + +//* to match the owner of the desired certificate +//* +//* 3. Import external Zowe's certificate from a data set in PKCS12 +//* format +//* +//********************************************************************* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* 2) Update the SET IPADDRES= variable to match the IP address +//* where Zowe is to run. +//* +//* 3) If you have external certificate authorities for ITRMZWCA +//* and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +//* +//* 4) Update the SET ITRMZWCA= variable to match the intermediate +//* CA of the Zowe certificate. It is only applicable if Zowe +//* certificate signed by a recognized certificate authority (CA). +//* +//* 5) Update the SET ROOTZWCA= variable to match the root CA of the +//* Zowe certificate. It is only applicable if Zowe certificate +//* signed by a recognized certificate authority (CA). +//* +//* 6) If you enable VERIFY_CERTIFICATES or +//* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* IFROZFCA to 1 to connect z/OSMF certificate authority to +//* Zowe keyring. Otherwise set to 0. +//* +//* 7) Customize the commands in the DD statement that matches your +//* security product so that they meet your system requirements. +//* +//* Note(s): +//* +//* 1. The userid that runs this job must have sufficient authority +//* to alter security definitions +//* +//* 2. Assumption: signing CA chain of the Zowe external certificate is +//* added to the security database under the CERTAUTH userid. +//* +//* 3. If the Zowe certificate is imported from a data set then +//* the certificate has to be in PKCS12 format and has to +//* contain Zowe certificate's signing CA chain and private key. +//* +//* 4. This job WILL complete with return code 0. +//* The results of each command must be verified after completion. +//* +//********************************************************************* +// EXPORT SYMLIST=* +//* +//* * IP address of the system where Zowe is to run +// SET IPADDRES='' +//* * If you have external certificate authorities for ITRMZWCA +//* * and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +// SET IFZOWECA=0 +//* * Label of the intermediate CA of the Zowe certificate +//* if applicable +// SET ITRMZWCA='' +//* * Label of the root CA of the Zowe certificate if applicable +// SET ROOTZWCA='' +//* * If you enable VERIFY_CERTIFICATES or +//* * NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* * IFROZFCA to 1 to connect z/OSMF certificate authority to +//* * Zowe keyring. Otherwise set to 0. +// SET IFROZFCA=0 +//******************************************************************* +//* +//* * You do NOT need to set USERNAME when running ZWEGENER. +//* * This is used to keep some lines under the column limit. +//* +// SET USERNAME={zowe.setup.security.users.zowe} +//* +//********************************************************************* +//* +//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT +//* +//RUNRACF EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME={zowe.setup.security.product} +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Create the keyring .............................................. */ + RACDCERT ADDRING({zowe.setup.certificate.keyring.name}.) + + ID({zowe.setup.security.users.zowe}.) + SETROPTS RACLIST(DIGTRING) REFRESH +$$ +//* +//RUNOPT3 EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=RACF +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Option 3 - BEGINNING ............................................ */ +/* Import external certificate from data set ....................... */ + RACDCERT ADD('{zowe.setup.certificate.keyring.import.dsName}.') + + ID({zowe.setup.security.users.zowe}.) + + WITHLABEL('{zowe.setup.certificate.keyring.label}') + + PASSWORD('{zowe.setup.certificate.keyring.import.password}.') + + TRUST + +/* Connect a Zowe's certificate with the keyring ................... */ + RACDCERT CONNECT(ID({zowe.setup.security.users.zowe}.) + + LABEL('{zowe.setup.certificate.keyring.label}') + + RING({zowe.setup.certificate.keyring.name}.) + + USAGE(PERSONAL) DEFAULT) + + ID({zowe.setup.security.users.zowe}.) + + SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH + +/* Option 3 - END .................................................. */ +$$ +//* +//IFZWCA IF (&IFZOWECA EQ 1) THEN +//RUNZWCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=RACF +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Connect all CAs of the Zowe certificate's signing chain with the */ +/* keyring ......................................................... */ + RACDCERT CONNECT(CERTAUTH + + LABEL('&ITRMZWCA.') + + RING({zowe.setup.certificate.keyring.name}.) + + USAGE(CERTAUTH)) + + ID({zowe.setup.security.users.zowe}.) + + RACDCERT CONNECT(CERTAUTH + + LABEL('&ROOTZWCA.') + + RING({zowe.setup.certificate.keyring.name}.) + + USAGE(CERTAUTH)) + + ID({zowe.setup.security.users.zowe}.) + + SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH +$$ +//IFZWCAED ENDIF +//* +//IFZFCA IF (&IFROZFCA EQ 1) THEN +//RUNZFCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=RACF +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Connect the z/OSMF root CA signed by a recognized certificate ... */ +/* authority (CA) with the keyring ................................. */ + RACDCERT CONNECT(CERTAUTH + + LABEL('{zowe.setup.certificate.keyring.zOSMF.ca}.') + + RING({zowe.setup.certificate.keyring.name}.) + + USAGE(CERTAUTH)) + + ID({zowe.setup.security.users.zowe}.) + + SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH +$$ +//IFZFCAED ENDIF +//* +//COMRACF EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=RACF +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* A common part for all options - BEGINNING ....................... */ + +/* Allow ZOWEUSER to access keyring ................................ */ + +/* Activate RDATALIB class holding profiles that control ........... */ +/* certificate access ............................................. */ + SETROPTS CLASSACT(RDATALIB) RACLIST(RDATALIB) + +/* Define profiles that control certificate access ................. */ + RDEFINE RDATALIB + + &USERNAME..{zowe.setup.certificate.keyring.name}..LST + + UACC(NONE) + +/* Permit server user ID to access key ring and related ............ */ +/* private keys. ................................................... */ + PERMIT + + &USERNAME..{zowe.setup.certificate.keyring.name}..LST + + CLASS(RDATALIB) ID({zowe.setup.security.users.zowe}.) + + ACCESS(CONTROL) + +/* Uncomment this command to allow other user to access key ring ... */ +/* PERMIT &USERNAME..{zowe.setup.certificate.keyring.name}..LST + */ +/* CLASS(RDATALIB) ID() + */ +/* ACCESS(READ) */ + +/* Refresh to dynamically activate the changes. .................... */ + SETROPTS RACLIST(RDATALIB) REFRESH + +/* IRR.DIGTCERT logic pre-dates RDATALIB logic, and is not used when */ +/* the RDATALIB profile is used. The following PERMIT commands are . */ +/* present for customers who do not wish to use RDATALIB and want to */ +/* continue using their existing IRR.DIGTCERT setup. Note that the . */ +/* PERMIT commands will fail if the IRR.DIGTCERT profiles do not ... */ +/* already exist. .................................................. */ + PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) + + ID({zowe.setup.security.users.zowe}.) + + ACCESS(READ) + PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) + + ID({zowe.setup.security.users.zowe}.) + + ACCESS(READ) + +/* Uncomment this command if SITE user owns the Zowe certificate ... */ +/* PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) */ +/* ID({zowe.setup.security.users.zowe}.) + */ +/* ACCESS(CONTROL) */ + + SETROPTS RACLIST(FACILITY) REFRESH + +/* show results .................................................... */ + RLIST RDATALIB + + &USERNAME..{zowe.setup.certificate.keyring.name}..LST ALL + RLIST FACILITY IRR.DIGTCERT.LISTRING ALL + RLIST FACILITY IRR.DIGTCERT.LIST ALL + RLIST FACILITY IRR.DIGTCERT.GENCERT ALL + +/* List the keyring ................................................ */ + RACDCERT LISTRING({zowe.setup.certificate.keyring.name}.) + + ID({zowe.setup.security.users.zowe}.) + +/* Common part - END ............................................... */ +/* only the last RC is returned, this command ensures it is a 0 .... */ +PROFILE +$$ +//* diff --git a/files/SZWESAMP/ZWEIKRT1 b/files/SZWESAMP/ZWEIKRT1 new file mode 100644 index 0000000000..d6de622ff2 --- /dev/null +++ b/files/SZWESAMP/ZWEIKRT1 @@ -0,0 +1,227 @@ +//ZWEIKRT1 JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* Zowe Open Source Project +//* This JCL can be used to define key ring and certificates for Zowe +//* +//********************************************************************* +//* ATTENTION! +//* Configure certificate for Zowe +//* Select one of three options which is the most suitable for your +//* environment and follow the appropriate action +//* +//* Options: +//* 1. (default option) Generate Zowe's certificate that will be +//* signed by the Zowe's local CA +//* +//* 2. Zowe's certificate is already loaded in RACF database +//* ACTION: +//* a. modify the following snippet +//* CONNECT(SITE | ID(userid) + +//* LABEL('certlabel') + +//* to match the owner of the desired certificate +//* +//* 3. Import external Zowe's certificate from a data set in PKCS12 +//* format +//* +//********************************************************************* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* 2) Update the SET IPADDRES= variable to match the IP address +//* where Zowe is to run. +//* +//* 3) If you have external certificate authorities for ITRMZWCA +//* and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +//* +//* 4) Update the SET ITRMZWCA= variable to match the intermediate +//* CA of the Zowe certificate. It is only applicable if Zowe +//* certificate signed by a recognized certificate authority (CA). +//* +//* 5) Update the SET ROOTZWCA= variable to match the root CA of the +//* Zowe certificate. It is only applicable if Zowe certificate +//* signed by a recognized certificate authority (CA). +//* +//* 6) If you enable VERIFY_CERTIFICATES or +//* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* IFROZFCA to 1 to connect z/OSMF certificate authority to +//* Zowe keyring. Otherwise set to 0. +//* +//* 7) Customize the commands in the DD statement that matches your +//* security product so that they meet your system requirements. +//* +//* Note(s): +//* +//* 1. The userid that runs this job must have sufficient authority +//* to alter security definitions +//* +//* 2. Assumption: signing CA chain of the Zowe external certificate is +//* added to the security database under the CERTAUTH userid. +//* +//* 3. If the Zowe certificate is imported from a data set then +//* the certificate has to be in PKCS12 format and has to +//* contain Zowe certificate's signing CA chain and private key. +//* +//* 4. This job WILL complete with return code 0. +//* The results of each command must be verified after completion. +//* +//********************************************************************* +// EXPORT SYMLIST=* +//* +//* * IP address of the system where Zowe is to run +// SET IPADDRES='' +//* * If you have external certificate authorities for ITRMZWCA +//* * and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +// SET IFZOWECA=0 +//* * Label of the intermediate CA of the Zowe certificate +//* if applicable +// SET ITRMZWCA='' +//* * Label of the root CA of the Zowe certificate if applicable +// SET ROOTZWCA='' +//* * If you enable VERIFY_CERTIFICATES or +//* * NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* * IFROZFCA to 1 to connect z/OSMF certificate authority to +//* * Zowe keyring. Otherwise set to 0. +// SET IFROZFCA=0 +//******************************************************************* +//* +//* * You do NOT need to set USERNAME when running ZWEGENER. +//* * This is used to keep some lines under the column limit. +//* +// SET USERNAME={zowe.setup.security.users.zowe} +//* +//********************************************************************* +//* +//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT +//* +//RUNTSS EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Create the keyring .............................................. */ + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) +$$ +//RUNOPT1 EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Create Zowe's local CA authority ............................... */ + TSS GENCERT(CERTAUTH) + + DIGICERT(ZOWECA) + + SUBJECTN( + + 'CN="{zowe.setup.certificate.dname}. CA" + + OU="{zowe.setup.certificate.dname.orgUnit}." + + O="{zowe.setup.certificate.dname.org}." + + L="{zowe.setup.certificate.dname.locality}." + + SP="{zowe.setup.certificate.dname.state}." + + C="{zowe.setup.certificate.dname.country}." ') + + KEYSIZE(2048) + + NADATE(05/01/30) + + LABLCERT({zowe.setup.certificate.keyring.caLabel}) + + KEYUSAGE('CERTSIGN') + +/* Connect Zowe's local CA authority to the keyring ................ */ + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + + RINGDATA(CERTAUTH,ZOWECA) + +/* Create a certificate signed by local zowe's CA .................. */ + TSS GENCERT({zowe.setup.security.users.zowe}.) + + DIGICERT(ZOWECERT) + + SUBJECTN( + + 'CN="{zowe.setup.certificate.dname}. certificate" + + OU="{zowe.setup.certificate.dname.orgUnit}." + + O="{zowe.setup.certificate.dname.org}." + + L="{zowe.setup.certificate.dname.locality}." + + SP="{zowe.setup.certificate.dname.state}." + + C="{zowe.setup.certificate.dname.country}." ') + + KEYSIZE(2048) + + NADATE(05/01/30) + + LABLCERT({zowe.setup.certificate.keyring.label}.) + + KEYUSAGE('HANDSHAKE') + + ALTNAME('DOMAIN={zowe.externalDomains.0}') + + SIGNWITH(CERTAUTH,ZOWECA) + +/* Connect a Zowe's certificate with the keyring ................... */ + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + RINGDATA({zowe.setup.security.users.zowe}.,ZOWECERT) + + USAGE(PERSONAL) DEFAULT + +/* Option 1 - Default Option - END ................................. */ +$$ +//* +//IFZWCA IF (&IFZOWECA EQ 1) THEN +//RUNZWCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Connect all CAs of the Zowe certificate's signing chain with the */ +/* keyring ......................................................... */ + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + + RINGDATA(CERTAUTH,&ITRMZWCA.) USAGE(CERTAUTH) + + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + + RINGDATA(CERTAUTH,&ROOTZWCA.) USAGE(CERTAUTH) +$$ +//IFZWCAED ENDIF +//* +//IFZFCA IF (&IFROZFCA EQ 1) THEN +//RUNZFCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Connect the z/OSMF root CA signed by a recognized certificate ... */ +/* authority (CA) with the keyring ................................. */ + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + + RINGDATA(CERTAUTH,{zowe.setup.certificate.keyring.zOSMF.ca}.) + + USAGE(CERTAUTH) +$$ +//IFZFCAED ENDIF +//* +//COMTSS EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* A common part for all options starts here ....................... */ + +/* Allow ZOWEUSER to access keyring ................................ */ + TSS PERMIT({zowe.setup.security.users.zowe}.) + + IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) + +/* Uncomment this command if SITE acid owns the Zowe certificate ... */ +/* TSS PERMIT({zowe.setup.security.users.zowe}.) + + IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) + +/* List the keyring ................................................ */ + TSS LIST({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + +/* Common part - END ............................................... */ +/* only the last RC is returned, this command ensures it is a 0 */ +PROFILE +$$ +//* diff --git a/files/SZWESAMP/ZWEIKRT2 b/files/SZWESAMP/ZWEIKRT2 new file mode 100644 index 0000000000..4c78a78d8e --- /dev/null +++ b/files/SZWESAMP/ZWEIKRT2 @@ -0,0 +1,194 @@ +//ZWEIKRT2 JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* Zowe Open Source Project +//* This JCL can be used to define key ring and certificates for Zowe +//* +//********************************************************************* +//* ATTENTION! +//* Configure certificate for Zowe +//* Select one of three options which is the most suitable for your +//* environment and follow the appropriate action +//* +//* Options: +//* 1. (default option) Generate Zowe's certificate that will be +//* signed by the Zowe's local CA +//* +//* 2. Zowe's certificate is already loaded in RACF database +//* ACTION: +//* a. modify the following snippet +//* CONNECT(SITE | ID(userid) + +//* LABEL('certlabel') + +//* to match the owner of the desired certificate +//* +//* 3. Import external Zowe's certificate from a data set in PKCS12 +//* format +//* +//********************************************************************* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* 2) Update the SET IPADDRES= variable to match the IP address +//* where Zowe is to run. +//* +//* 3) If you have external certificate authorities for ITRMZWCA +//* and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +//* +//* 4) Update the SET ITRMZWCA= variable to match the intermediate +//* CA of the Zowe certificate. It is only applicable if Zowe +//* certificate signed by a recognized certificate authority (CA). +//* +//* 5) Update the SET ROOTZWCA= variable to match the root CA of the +//* Zowe certificate. It is only applicable if Zowe certificate +//* signed by a recognized certificate authority (CA). +//* +//* 6) If you enable VERIFY_CERTIFICATES or +//* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* IFROZFCA to 1 to connect z/OSMF certificate authority to +//* Zowe keyring. Otherwise set to 0. +//* +//* 7) Customize the commands in the DD statement that matches your +//* security product so that they meet your system requirements. +//* +//* Note(s): +//* +//* 1. The userid that runs this job must have sufficient authority +//* to alter security definitions +//* +//* 2. Assumption: signing CA chain of the Zowe external certificate is +//* added to the security database under the CERTAUTH userid. +//* +//* 3. If the Zowe certificate is imported from a data set then +//* the certificate has to be in PKCS12 format and has to +//* contain Zowe certificate's signing CA chain and private key. +//* +//* 4. This job WILL complete with return code 0. +//* The results of each command must be verified after completion. +//* +//********************************************************************* +// EXPORT SYMLIST=* +//* +//* * IP address of the system where Zowe is to run +// SET IPADDRES='' +//* * If you have external certificate authorities for ITRMZWCA +//* * and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +// SET IFZOWECA=0 +//* * Label of the intermediate CA of the Zowe certificate +//* if applicable +// SET ITRMZWCA='' +//* * Label of the root CA of the Zowe certificate if applicable +// SET ROOTZWCA='' +//* * If you enable VERIFY_CERTIFICATES or +//* * NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* * IFROZFCA to 1 to connect z/OSMF certificate authority to +//* * Zowe keyring. Otherwise set to 0. +// SET IFROZFCA=0 +//******************************************************************* +//* +//* * You do NOT need to set USERNAME when running ZWEGENER. +//* * This is used to keep some lines under the column limit. +//* +// SET USERNAME={zowe.setup.security.users.zowe} +//* +//********************************************************************* +//* +//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT +//* +//RUNTSS EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Create the keyring .............................................. */ + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) +$$ +//* +//IFOPT2 IF (&OPTION EQ 2) THEN +//RUNOPT2 EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Option 2 - BEGINNING ............................................ */ +/* Connect a Zowe's certificate with the keyring ................... */ + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + RINGDATA(CERTSITE|userid,digicert) + + USAGE(PERSONAL) DEFAULT + +/* Option 2 - END .................................................. */ +$$ +//IFOPT2ED ENDIF +//* +//IFZWCA IF (&IFZOWECA EQ 1) THEN +//RUNZWCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Connect all CAs of the Zowe certificate's signing chain with the */ +/* keyring ......................................................... */ + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + + RINGDATA(CERTAUTH,&ITRMZWCA.) USAGE(CERTAUTH) + + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + + RINGDATA(CERTAUTH,&ROOTZWCA.) USAGE(CERTAUTH) +$$ +//IFZWCAED ENDIF +//* +//IFZFCA IF (&IFROZFCA EQ 1) THEN +//RUNZFCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Connect the z/OSMF root CA signed by a recognized certificate ... */ +/* authority (CA) with the keyring ................................. */ + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + + RINGDATA(CERTAUTH,{zowe.setup.certificate.keyring.zOSMF.ca}.) + + USAGE(CERTAUTH) +$$ +//IFZFCAED ENDIF +//* +//COMTSS EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* A common part for all options starts here ....................... */ + +/* Allow ZOWEUSER to access keyring ................................ */ + TSS PERMIT({zowe.setup.security.users.zowe}.) + + IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) + +/* Uncomment this command if SITE acid owns the Zowe certificate ... */ +/* TSS PERMIT({zowe.setup.security.users.zowe}.) + + IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) + +/* List the keyring ................................................ */ + TSS LIST({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + +/* Common part - END ............................................... */ +/* only the last RC is returned, this command ensures it is a 0 */ +PROFILE +$$ +//* diff --git a/files/SZWESAMP/ZWEIKRT3 b/files/SZWESAMP/ZWEIKRT3 new file mode 100644 index 0000000000..24d0f54c43 --- /dev/null +++ b/files/SZWESAMP/ZWEIKRT3 @@ -0,0 +1,199 @@ +//ZWEIKRT3 JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* Zowe Open Source Project +//* This JCL can be used to define key ring and certificates for Zowe +//* +//********************************************************************* +//* ATTENTION! +//* Configure certificate for Zowe +//* Select one of three options which is the most suitable for your +//* environment and follow the appropriate action +//* +//* Options: +//* 1. (default option) Generate Zowe's certificate that will be +//* signed by the Zowe's local CA +//* +//* 2. Zowe's certificate is already loaded in RACF database +//* ACTION: +//* a. modify the following snippet +//* CONNECT(SITE | ID(userid) + +//* LABEL('certlabel') + +//* to match the owner of the desired certificate +//* +//* 3. Import external Zowe's certificate from a data set in PKCS12 +//* format +//* +//********************************************************************* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* 2) Update the SET IPADDRES= variable to match the IP address +//* where Zowe is to run. +//* +//* 3) If you have external certificate authorities for ITRMZWCA +//* and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +//* +//* 4) Update the SET ITRMZWCA= variable to match the intermediate +//* CA of the Zowe certificate. It is only applicable if Zowe +//* certificate signed by a recognized certificate authority (CA). +//* +//* 5) Update the SET ROOTZWCA= variable to match the root CA of the +//* Zowe certificate. It is only applicable if Zowe certificate +//* signed by a recognized certificate authority (CA). +//* +//* 6) If you enable VERIFY_CERTIFICATES or +//* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* IFROZFCA to 1 to connect z/OSMF certificate authority to +//* Zowe keyring. Otherwise set to 0. +//* +//* 7) Customize the commands in the DD statement that matches your +//* security product so that they meet your system requirements. +//* +//* Note(s): +//* +//* 1. The userid that runs this job must have sufficient authority +//* to alter security definitions +//* +//* 2. Assumption: signing CA chain of the Zowe external certificate is +//* added to the security database under the CERTAUTH userid. +//* +//* 3. If the Zowe certificate is imported from a data set then +//* the certificate has to be in PKCS12 format and has to +//* contain Zowe certificate's signing CA chain and private key. +//* +//* 4. This job WILL complete with return code 0. +//* The results of each command must be verified after completion. +//* +//********************************************************************* +// EXPORT SYMLIST=* +//* +//* * IP address of the system where Zowe is to run +// SET IPADDRES='' +//* * If you have external certificate authorities for ITRMZWCA +//* * and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. +// SET IFZOWECA=0 +//* * Label of the intermediate CA of the Zowe certificate +//* if applicable +// SET ITRMZWCA='' +//* * Label of the root CA of the Zowe certificate if applicable +// SET ROOTZWCA='' +//* * If you enable VERIFY_CERTIFICATES or +//* * NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set +//* * IFROZFCA to 1 to connect z/OSMF certificate authority to +//* * Zowe keyring. Otherwise set to 0. +// SET IFROZFCA=0 +//******************************************************************* +//* +//* * You do NOT need to set USERNAME when running ZWEGENER. +//* * This is used to keep some lines under the column limit. +//* +// SET USERNAME={zowe.setup.security.users.zowe} +//* +//********************************************************************* +//* +//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT +//* +//RUNTSS EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Create the keyring .............................................. */ + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) +$$ +//RUNOPT3 EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Option 3 - BEGINNING ............................................ */ +/* Import external certificate from data set ....................... */ + TSS ADD({zowe.setup.security.users.zowe}.) + + DIGICERT(ZOWECERT) + + DCDSN({zowe.setup.certificate.keyring.import.dsName}.) + + LABLCERT({zowe.setup.certificate.keyring.label}.) + + PKCSPASS('{zowe.setup.certificate.keyring.import.password}.') + + TRUST + +/* Connect a Zowe's certificate with the keyring ................... */ + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + RINGDATA({zowe.setup.security.users.zowe}.,ZOWECERT) + + USAGE(PERSONAL) DEFAULT + +/* Option 3 - END .................................................. */ +$$ +//IFOPT3ED ENDIF +//* +//IFZWCA IF (&IFZOWECA EQ 1) THEN +//RUNZWCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Connect all CAs of the Zowe certificate's signing chain with the */ +/* keyring ......................................................... */ + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + + RINGDATA(CERTAUTH,&ITRMZWCA.) USAGE(CERTAUTH) + + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + + RINGDATA(CERTAUTH,&ROOTZWCA.) USAGE(CERTAUTH) +$$ +//* +//IFZFCA IF (&IFROZFCA EQ 1) THEN +//RUNZFCA EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Connect the z/OSMF root CA signed by a recognized certificate ... */ +/* authority (CA) with the keyring ................................. */ + TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + + RINGDATA(CERTAUTH,{zowe.setup.certificate.keyring.zOSMF.ca}.) + + USAGE(CERTAUTH) +$$ +//IFZFCAED ENDIF +//* +//COMTSS EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* A common part for all options starts here ....................... */ + +/* Allow ZOWEUSER to access keyring ................................ */ + TSS PERMIT({zowe.setup.security.users.zowe}.) + + IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) + +/* Uncomment this command if SITE acid owns the Zowe certificate ... */ +/* TSS PERMIT({zowe.setup.security.users.zowe}.) + + IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) + +/* List the keyring ................................................ */ + TSS LIST({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}.) + +/* Common part - END ............................................... */ +/* only the last RC is returned, this command ensures it is a 0 */ +PROFILE +$$ +//* From 593da2e26127b3ffd019e77130355be558360c32 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 5 Feb 2024 09:01:55 -0500 Subject: [PATCH 077/258] Fixes for getting gener to run if an init subcommand called directly, and having wait for job wait properly Signed-off-by: 1000TurquoisePogs --- bin/commands/init/certificate/index.sh | 23 +++++++++++++++-- bin/commands/init/mvs/index.sh | 20 ++++++++++++--- bin/commands/init/security/index.sh | 20 ++++++++++++--- bin/commands/init/stc/index.sh | 20 ++++++++++++--- bin/commands/init/vsam/index.sh | 19 +++++++++++--- bin/libs/zos-jes.sh | 19 ++++++++------ bin/libs/zos-jes.ts | 35 ++++++++++++++------------ 7 files changed, 116 insertions(+), 40 deletions(-) diff --git a/bin/commands/init/certificate/index.sh b/bin/commands/init/certificate/index.sh index 478b3c745a..139baa16a5 100644 --- a/bin/commands/init/certificate/index.sh +++ b/bin/commands/init/certificate/index.sh @@ -23,9 +23,28 @@ if [ -z "${prefix}" ]; then fi # read JCL library and validate jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") -if [ -z "${jcllib}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe custom JCL library (zowe.setup.dataset.jcllib) is not defined in Zowe YAML configuration file." "" 157 +does_jcl_exist=$(is_data_set_exists "${jcllib}") +if [ -z "${does_jcl_exist}" ]; then + zwecli_inline_execute_command init generate fi + +# should be created, but may take time to discover. +if [ -z "${does_jcl_exist"} ]; then +does_jcl_exist= +for secs in 1 5 10 ; do + does_jcl_exist=$(is_data_set_exists "${jcllib}") + if [ -z "${does_jcl_exist}" ]; then + sleep ${secs} + else + break + fi +done + +if [ -z "${does_jcl_exist}" ]; then + print_error_and_exit "Error ZWEL0999E: ${jcllib} does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 +fi +fi + security_product=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.product") security_users_zowe=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.users.zowe") security_groups_admin=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.groups.admin") diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index 314ecc92a0..823843d3c6 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -31,14 +31,26 @@ fi jcllib_location=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") does_jcl_exist=$(is_data_set_exists "${jcllib_location}(ZWEIMVS)") -if [ "${does_jcl_exist}" = "false" ]; then +if [ -z "${does_jcl_exist}" ]; then zwecli_inline_execute_command init generate fi -does_jcl_exist=$(is_data_set_exists "${jcllib_location}(ZWEIMVS)") -if [ "${does_jcl_exist}" = "false" ]; then + +# should be created, but may take time to discover. +if [ -z "${does_jcl_exist"} ]; then +does_jcl_exist= +for secs in 1 5 10 ; do + does_jcl_exist=$(is_data_set_exists "${jcllib_location}(ZWEIMVS)") + if [ -z "${does_jcl_exist}" ]; then + sleep ${secs} + else + break + fi +done + +if [ -z "${does_jcl_exist}" ]; then print_error_and_exit "Error ZWEL0999E: ${jcllib_location}(ZWEIMVS) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 fi - +fi ############################### diff --git a/bin/commands/init/security/index.sh b/bin/commands/init/security/index.sh index e93639def7..8405cb746f 100644 --- a/bin/commands/init/security/index.sh +++ b/bin/commands/init/security/index.sh @@ -30,14 +30,26 @@ fi # read JCL library and validate jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEI${security_product})") -if [ "${does_jcl_exist}" = "false" ]; then +if [ -z "${does_jcl_exist}" ]; then zwecli_inline_execute_command init generate fi -does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEI${security_product})") -if [ "${does_jcl_exist}" = "false" ]; then + +# should be created, but may take time to discover. +if [ -z "${does_jcl_exist"} ]; then +does_jcl_exist= +for secs in 1 5 10 ; do + does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEI${security_product})") + if [ -z "${does_jcl_exist}" ]; then + sleep ${secs} + else + break + fi +done + +if [ -z "${does_jcl_exist}" ]; then print_error_and_exit "Error ZWEL0999E: ${jcllib}(ZWEI${security_product}) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 fi - +fi security_groups_admin=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.groups.admin") diff --git a/bin/commands/init/stc/index.sh b/bin/commands/init/stc/index.sh index 6eeac595ba..1b7ddbab98 100644 --- a/bin/commands/init/stc/index.sh +++ b/bin/commands/init/stc/index.sh @@ -31,13 +31,27 @@ fi # read JCL library and validate jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEISTC)") -if [ "${does_jcl_exist}" = "false" ]; then +if [ -z "${does_jcl_exist}" ]; then zwecli_inline_execute_command init generate fi -does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEISTC)") -if [ "${does_jcl_exist}" = "false" ]; then + +# should be created, but may take time to discover. +if [ -z "${does_jcl_exist"} ]; then +does_jcl_exist= +for secs in 1 5 10 ; do + does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEISTC)") + if [ -z "${does_jcl_exist}" ]; then + sleep ${secs} + else + break + fi +done + +if [ -z "${does_jcl_exist}" ]; then print_error_and_exit "Error ZWEL0999E: ${jcllib}(ZWEISTC) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 fi +fi + security_stcs_zowe=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.stcs.zowe") if [ -z "${security_stcs_zowe}" ]; then diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index 8dc32044d5..2ef16739c9 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -33,13 +33,26 @@ fi jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWECSVSM)") -if [ "${does_jcl_exist}" = "false" ]; then +if [ -z "${does_jcl_exist}" ]; then zwecli_inline_execute_command init generate fi -does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWECSVSM)") -if [ "${does_jcl_exist}" = "false" ]; then + +# should be created, but may take time to discover. +if [ -z "${does_jcl_exist"} ]; then +does_jcl_exist= +for secs in 1 5 10 ; do + does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWECSVSM)") + if [ -z "${does_jcl_exist}" ]; then + sleep ${secs} + else + break + fi +done + +if [ -z "${does_jcl_exist}" ]; then print_error_and_exit "Error ZWEL0999E: ${jcllib}(ZWECSVSM) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 fi +fi vsam_mode=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.vsam.mode") if [ -z "${vsam_mode}" ]; then diff --git a/bin/libs/zos-jes.sh b/bin/libs/zos-jes.sh index 6d9469c0fe..82592b5e48 100644 --- a/bin/libs/zos-jes.sh +++ b/bin/libs/zos-jes.sh @@ -103,14 +103,17 @@ wait_for_job() { # $DJ gives ... # ... $HASP890 JOB(JOB1) CC=(COMPLETED,RC=0) <-- accept this value # ... $HASP890 JOB(GIMUNZIP) CC=() <-- reject this value - jobstatus=$(echo "${result}" | grep '$HASP890' | sed 's#^.*\$HASP890 *JOB(\(.*\)) *CC=(\(.*\)).*$#\1,\2#') - jobname=$(echo "${jobstatus}" | awk -F, '{print $1}') - jobcctext=$(echo "${jobstatus}" | awk -F, '{print $2}') - jobcccode=$(echo "${jobstatus}" | awk -F, '{print $3}' | awk -F= '{print $2}') - print_trace " * Job (${jobname}) status is ${jobcctext},RC=${jobcccode}" - if [ -n "${jobcctext}" -o -n "${jobcccode}" ]; then - # job have CC state - break + haspline=$(echo "${result}" | grep '$HASP890') + if [ -n "${haspline}" ]; then + jobstatus=$(echo "${haspline} | sed 's#^.*\$HASP890 *JOB(\(.*\)) *CC=(\(.*\)).*$#\1,\2#') + jobname=$(echo "${jobstatus}" | awk -F, '{print $1}') + jobcctext=$(echo "${jobstatus}" | awk -F, '{print $2}') + jobcccode=$(echo "${jobstatus}" | awk -F, '{print $3}' | awk -F= '{print $2}') + print_trace " * Job (${jobname}) status is ${jobcctext},RC=${jobcccode}" + if [ -n "${jobcctext}" -o -n "${jobcccode}" ]; then + # job have CC state + break + fi fi fi done diff --git a/bin/libs/zos-jes.ts b/bin/libs/zos-jes.ts index b7808c14a2..6586f88913 100644 --- a/bin/libs/zos-jes.ts +++ b/bin/libs/zos-jes.ts @@ -79,7 +79,7 @@ export function waitForJob(jobid: string): {jobcctext?: string, jobcccode?: stri common.printDebug(`- Wait for job ${jobid} completed, starting at ${new Date().toString()}.`); // wait for job to finish - const timesSec = [1, 5, 10, 30, 100, 300, 500]; + const timesSec = [1, 5, 10, 20, 30, 60, 100, 300, 500]; for (let i = 0; i < timesSec.length; i++) { jobcctext = undefined; jobcccode = undefined; @@ -114,22 +114,25 @@ export function waitForJob(jobid: string): {jobcctext?: string, jobcccode?: stri // ... $HASP890 JOB(JOB1) CC=(COMPLETED,RC=0) <-- accept this value // ... $HASP890 JOB(GIMUNZIP) CC=() <-- reject this value try { - const jobline = result.out.split('\n').filter(line => line.indexOf('$HASP890') != -1)[0]; - const nameIndex = jobline.indexOf('JOB('); - const ccIndex = jobline.indexOf('CC=('); - jobname = jobline.substring(nameIndex+4, jobline.indexOf(')', nameIndex)); - const cc = jobline.substring(ccIndex+4, jobline.indexOf(')', ccIndex)).split(','); - jobcctext = cc[0]; - if (cc.length > 1) { - const equalSplit = cc[1].split('='); - if (equalSplit.length > 1) { - jobcccode = equalSplit[1]; + const hasplines = result.out.split('\n').filter(line => line.indexOf('$HASP890') != -1); + if (hasplines && hasplines.length > 0) { + const jobline = hasplines[0]; + const nameIndex = jobline.indexOf('JOB('); + const ccIndex = jobline.indexOf('CC=('); + jobname = jobline.substring(nameIndex+4, jobline.indexOf(')', nameIndex)); + const cc = jobline.substring(ccIndex+4, jobline.indexOf(')', ccIndex)).split(','); + jobcctext = cc[0]; + if (cc.length > 1) { + const equalSplit = cc[1].split('='); + if (equalSplit.length > 1) { + jobcccode = equalSplit[1]; + } + } + common.printTrace(` * Job (${jobname}) status is ${jobcctext},RC=${jobcccode}`); + if ((jobcctext && jobcctext.length > 0) || (jobcccode && jobcccode.length > 0)) { + // job have CC state + break; } - } - common.printTrace(` * Job (${jobname}) status is ${jobcctext},RC=${jobcccode}`); - if ((jobcctext && jobcctext.length > 0) || (jobcccode && jobcccode.length > 0)) { - // job have CC state - break; } } catch (e) { break; From 04dca127e5df46c7e0098238bc7ad95ce4a9e5db Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 5 Feb 2024 10:14:17 -0500 Subject: [PATCH 078/258] Fix missing quote in the shell zos-jes Signed-off-by: 1000TurquoisePogs --- bin/libs/zos-jes.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/libs/zos-jes.sh b/bin/libs/zos-jes.sh index 82592b5e48..b8aa6a813d 100644 --- a/bin/libs/zos-jes.sh +++ b/bin/libs/zos-jes.sh @@ -105,7 +105,7 @@ wait_for_job() { # ... $HASP890 JOB(GIMUNZIP) CC=() <-- reject this value haspline=$(echo "${result}" | grep '$HASP890') if [ -n "${haspline}" ]; then - jobstatus=$(echo "${haspline} | sed 's#^.*\$HASP890 *JOB(\(.*\)) *CC=(\(.*\)).*$#\1,\2#') + jobstatus=$(echo "${haspline}" | sed 's#^.*\$HASP890 *JOB(\(.*\)) *CC=(\(.*\)).*$#\1,\2#') jobname=$(echo "${jobstatus}" | awk -F, '{print $1}') jobcctext=$(echo "${jobstatus}" | awk -F, '{print $2}') jobcccode=$(echo "${jobstatus}" | awk -F, '{print $3}' | awk -F= '{print $2}') From 9273feda5ab0ba9f7d898e1689be49a8950e6cb4 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 5 Feb 2024 13:23:44 -0500 Subject: [PATCH 079/258] Fix quote syntax error Signed-off-by: 1000TurquoisePogs --- bin/commands/init/certificate/index.sh | 2 +- bin/commands/init/mvs/index.sh | 2 +- bin/commands/init/security/index.sh | 2 +- bin/commands/init/stc/index.sh | 2 +- bin/commands/init/vsam/index.sh | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/bin/commands/init/certificate/index.sh b/bin/commands/init/certificate/index.sh index 139baa16a5..4b9da621cb 100644 --- a/bin/commands/init/certificate/index.sh +++ b/bin/commands/init/certificate/index.sh @@ -29,7 +29,7 @@ if [ -z "${does_jcl_exist}" ]; then fi # should be created, but may take time to discover. -if [ -z "${does_jcl_exist"} ]; then +if [ -z "${does_jcl_exist}" ]; then does_jcl_exist= for secs in 1 5 10 ; do does_jcl_exist=$(is_data_set_exists "${jcllib}") diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index 823843d3c6..a6defe0b10 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -36,7 +36,7 @@ if [ -z "${does_jcl_exist}" ]; then fi # should be created, but may take time to discover. -if [ -z "${does_jcl_exist"} ]; then +if [ -z "${does_jcl_exist}" ]; then does_jcl_exist= for secs in 1 5 10 ; do does_jcl_exist=$(is_data_set_exists "${jcllib_location}(ZWEIMVS)") diff --git a/bin/commands/init/security/index.sh b/bin/commands/init/security/index.sh index 8405cb746f..97d8639ef5 100644 --- a/bin/commands/init/security/index.sh +++ b/bin/commands/init/security/index.sh @@ -35,7 +35,7 @@ if [ -z "${does_jcl_exist}" ]; then fi # should be created, but may take time to discover. -if [ -z "${does_jcl_exist"} ]; then +if [ -z "${does_jcl_exist}" ]; then does_jcl_exist= for secs in 1 5 10 ; do does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEI${security_product})") diff --git a/bin/commands/init/stc/index.sh b/bin/commands/init/stc/index.sh index 1b7ddbab98..bf194de51a 100644 --- a/bin/commands/init/stc/index.sh +++ b/bin/commands/init/stc/index.sh @@ -36,7 +36,7 @@ if [ -z "${does_jcl_exist}" ]; then fi # should be created, but may take time to discover. -if [ -z "${does_jcl_exist"} ]; then +if [ -z "${does_jcl_exist}" ]; then does_jcl_exist= for secs in 1 5 10 ; do does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEISTC)") diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index 2ef16739c9..5b8a63ffd8 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -38,7 +38,7 @@ if [ -z "${does_jcl_exist}" ]; then fi # should be created, but may take time to discover. -if [ -z "${does_jcl_exist"} ]; then +if [ -z "${does_jcl_exist}" ]; then does_jcl_exist= for secs in 1 5 10 ; do does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWECSVSM)") From 7b91d8a82e77d73b3658fc22f55e1f9342f118b4 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 5 Feb 2024 16:05:07 -0500 Subject: [PATCH 080/258] Fix wait for job and submit job hanging Signed-off-by: 1000TurquoisePogs --- bin/libs/zos-jes.sh | 5 +++-- bin/libs/zos-jes.ts | 3 ++- files/SZWESAMP/ZWEIMVS | 21 ++++++--------------- 3 files changed, 11 insertions(+), 18 deletions(-) diff --git a/bin/libs/zos-jes.sh b/bin/libs/zos-jes.sh index b8aa6a813d..50a86d196c 100644 --- a/bin/libs/zos-jes.sh +++ b/bin/libs/zos-jes.sh @@ -32,13 +32,14 @@ submit_job() { return ${code} fi - result=$(submit "${jcl}") + # cat seems to work more reliably. sometimes, submit by itself just says it cannot find a real dataset. + result=$(cat "${jcl}" | submit 2>&1) # expected: JOB JOB????? submitted from path '...' code=$? if [ ${code} -eq 0 ]; then jobid=$(echo "${result}" | grep submitted | awk '{print $2}') if [ -z "${jobid}" ]; then - jobid=$(echo "${result}" | grep "$HASP" | awk '{print $2}') + jobid=$(echo "${result}" | grep "$HASP" | head -n 1 | awk '{print $2}') fi if [ -z "${jobid}" ]; then print_debug " * Failed to find job ID" diff --git a/bin/libs/zos-jes.ts b/bin/libs/zos-jes.ts index 6586f88913..0a0954a8d0 100644 --- a/bin/libs/zos-jes.ts +++ b/bin/libs/zos-jes.ts @@ -31,7 +31,8 @@ export function submitJob(jclFile: string): string|undefined { common.printTrace(stringlib.paddingLeft(catResult.out, " ")); } - const result=shell.execOutSync('sh', '-c', `submit "${jclFile}" 2>&1`); + // cat seems to work more reliably. sometimes, submit by itself just says it cannot find a real dataset. + const result=shell.execOutSync('sh', '-c', `cat "${jclFile}" | submit 2>&1`); // expected: JOB JOB????? submitted from path '...' const code=result.rc; if (code==0) { diff --git a/files/SZWESAMP/ZWEIMVS b/files/SZWESAMP/ZWEIMVS index 747655b25b..3a81ce582e 100644 --- a/files/SZWESAMP/ZWEIMVS +++ b/files/SZWESAMP/ZWEIMVS @@ -12,41 +12,32 @@ //********************************************************************* //* //* -//MKPARML EXEC PGM=IKJEFT01 +//MKPDSE EXEC PGM=IKJEFT01 //SYSTSPRT DD SYSOUT=A //SYSTSIN DD * ALLOC NEW DA('{zowe.setup.dataset.parmlib}') + dsntype(library) dsorg(po) recfm(f b) lrecl(80) + unit(sysallda) space(15,15) tracks -//* -//MKJCLL EXEC PGM=IKJEFT01 -//SYSTSPRT DD SYSOUT=A -//SYSTSIN DD * + ALLOC NEW DA('{zowe.setup.dataset.jcllib}') + dsntype(library) dsorg(po) recfm(f b) lrecl(80) + unit(sysallda) space(15,15) tracks -//* -//MKAUTHL EXEC PGM=IKJEFT01 -//SYSTSPRT DD SYSOUT=A -//SYSTSIN DD * + ALLOC NEW DA('{zowe.setup.dataset.authLoadLib}') + dsntype(library) dsorg(po) recfm(u) lrecl(0) + blksize(32760) unit(sysallda) space(30,15) tracks -//* -//MKAUTHP EXEC PGM=IKJEFT01 -//SYSTSPRT DD SYSOUT=A -//SYSTSIN DD * + ALLOC NEW DA('{zowe.setup.dataset.authPluginLib}') + dsntype(library) dsorg(po) recfm(u) lrecl(0) + blksize(32760) unit(sysallda) space(30,15) tracks //* -//MCOPY1 EXEC PGM=IEBCOPY +//MEMBCPY EXEC PGM=IEBCOPY //SYSPRINT DD SYSOUT=A //SYSUT1 DD DSN={zowe.setup.dataset.prefix}.SZWESAMP,DISP=SHR //SYSUT2 DD DSN={zowe.setup.dataset.parmlib},DISP=OLD //SYSIN DD * COPY OUTDD=SYSUT2,INDD=SYSUT1 - SELECT MEMBER=(ZWESIP00) + SELECT MEMBER=((ZWESIP00,,R)) //* //AUTHCPY EXEC PGM=BPXBATCH //BPXPRINT DD SYSOUT=* From 276a4cf3ce9e1b56de4031bd2d5358db0cb34a73 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 6 Feb 2024 15:43:42 -0500 Subject: [PATCH 081/258] bugfix vsam, simplify stc, and bugfix stc rename if same name Signed-off-by: 1000TurquoisePogs --- bin/commands/init/stc/index.sh | 7 + bin/commands/init/vsam/index.sh | 1 - files/SZWESAMP/ZWEISTC | 16 +- files/SZWESAMP/ZWEKRING | 700 -------------------------------- 4 files changed, 10 insertions(+), 714 deletions(-) delete mode 100644 files/SZWESAMP/ZWEKRING diff --git a/bin/commands/init/stc/index.sh b/bin/commands/init/stc/index.sh index bf194de51a..aacc11b39d 100644 --- a/bin/commands/init/stc/index.sh +++ b/bin/commands/init/stc/index.sh @@ -88,6 +88,13 @@ else jcl_file=$(create_tmp_file) copy_mvs_to_uss "${jcllib}(ZWEISTC)" "${jcl_file}" + + # TODO limitation... if STC names are default, JCL IEBCOPY wont work, + # because in member selection argument, the "rename" operation cannot be from/to the same name. + # yet if we don't have the rename option, then name customization wont work either! + # so, we have to have some conditional logic somewhere. until figuring out how to fix this in ZWEGENER, i am putting it here... + jcl_edit=$(cat "${jcl_file}" | sed "s/ZWESLSTC,ZWESLSTC/ZWESLSTC/" | sed "s/ZWESISTC,ZWESISTC/ZWESISTC/" | sed "s/ZWESASTC,ZWESASTC/ZWESASTC/") + echo "${jcl_edit}" > "${jcl_file}" jcl_contents=$(cat "${jcl_file}") print_message "Template JCL: ${prefix}.SZWESAMP(ZWEISTC) , Executable JCL: ${jcllib}(ZWEISTC)" diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index 5b8a63ffd8..060d257a70 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -84,7 +84,6 @@ if [ "${vsam_existence}" = "true" ]; then if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then # delete blindly and ignore errors result=$(tso_command delete "'${vsam_name}'") - fi else # error print_error_and_exit "Error ZWEL0158E: ${vsam_name} already exists." "" 158 diff --git a/files/SZWESAMP/ZWEISTC b/files/SZWESAMP/ZWEISTC index 106ad9ffa5..c8858bfb8f 100644 --- a/files/SZWESAMP/ZWEISTC +++ b/files/SZWESAMP/ZWEISTC @@ -12,27 +12,17 @@ //********************************************************************* //* //* -//MCOPYL EXEC PGM=IEBCOPY +//MCOPY EXEC PGM=IEBCOPY //SYSPRINT DD SYSOUT=A //SYSUT1 DD DSN={zowe.setup.dataset.jcllib},DISP=SHR //SYSUT2 DD DSN={zowe.setup.dataset.proclib},DISP=OLD //SYSIN DD * COPY OUTDD=SYSUT2,INDD=SYSUT1 SELECT MEMBER=((ZWESLSTC,{zowe.setup.security.stcs.zowe})) -//* -//MCOPYI EXEC PGM=IEBCOPY -//SYSPRINT DD SYSOUT=A -//SYSUT1 DD DSN={zowe.setup.dataset.jcllib},DISP=SHR -//SYSUT2 DD DSN={zowe.setup.dataset.proclib},DISP=OLD -//SYSIN DD * + COPY OUTDD=SYSUT2,INDD=SYSUT1 SELECT MEMBER=((ZWESISTC,{zowe.setup.security.stcs.zis})) -//* -//MCOPYA EXEC PGM=IEBCOPY -//SYSPRINT DD SYSOUT=A -//SYSUT1 DD DSN={zowe.setup.dataset.jcllib},DISP=SHR -//SYSUT2 DD DSN={zowe.setup.dataset.proclib},DISP=OLD -//SYSIN DD * + COPY OUTDD=SYSUT2,INDD=SYSUT1 SELECT MEMBER=((ZWESASTC,{zowe.setup.security.stcs.aux})) //* diff --git a/files/SZWESAMP/ZWEKRING b/files/SZWESAMP/ZWEKRING deleted file mode 100644 index c62307b569..0000000000 --- a/files/SZWESAMP/ZWEKRING +++ /dev/null @@ -1,700 +0,0 @@ -//ZWEKRING JOB -//* -//* This program and the accompanying materials are made available -//* under the terms of the Eclipse Public License v2.0 which -//* accompanies this distribution, and is available at -//* https://www.eclipse.org/legal/epl-v20.html -//* -//* SPDX-License-Identifier: EPL-2.0 -//* -//* Copyright Contributors to the Zowe Project. 2020, 2020 -//* -//********************************************************************* -//* -//* Zowe Open Source Project -//* This JCL can be used to define key ring and certificates for Zowe -//* -//********************************************************************* -//* ATTENTION! -//* Configure certificate for Zowe -//* Select one of three options which is the most suitable for your -//* environment and follow the appropriate action -//* -//* Options: -//* 1. (default option) Generate Zowe's certificate that will be -//* signed by the Zowe's local CA -//* -//* 2. Zowe's certificate is already loaded in RACF database -//* ACTION: -//* a. modify the following snippet -//* CONNECT(SITE | ID(userid) + -//* LABEL('certlabel') + -//* to match the owner of the desired certificate -//* -//* 3. Import external Zowe's certificate from a data set in PKCS12 -//* format -//* -//********************************************************************* -//* -//* CAUTION: This is neither a JCL procedure nor a complete job. -//* Before using this JCL, you will have to make the following -//* modifications: -//* -//* 1) Add job name and job parameters to the JOB statement, to -//* meet your system requirements. -//* -//* 2) Specify the option number which is suitable for your -//* environment by the SET OPTION statement. -//* Option 1 considers as default option. -//* 3) Update the SET IPADDRES= variable to match the IP address -//* where Zowe is to run. -//* -//* 4) If you have external certificate authorities for ITRMZWCA -//* and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. -//* -//* 5) Update the SET ITRMZWCA= variable to match the intermediate -//* CA of the Zowe certificate. It is only applicable if Zowe -//* certificate signed by a recognized certificate authority (CA). -//* -//* 6) Update the SET ROOTZWCA= variable to match the root CA of the -//* Zowe certificate. It is only applicable if Zowe certificate -//* signed by a recognized certificate authority (CA). -//* -//* 7) If you enable VERIFY_CERTIFICATES or -//* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set -//* IFROZFCA to 1 to connect z/OSMF certificate authority to -//* Zowe keyring. Otherwise set to 0. -//* -//* 8) Update the SET ROOTZFCA= variable to match the root CA of the -//* z/OSMF certificate. It is only applicable if z/OSMF -//* certificate signed by a recognized certificate authority (CA). -//* -//* 9) Customize the commands in the DD statement that matches your -//* security product so that they meet your system requirements. -//* -//* Note(s): -//* -//* 1. The userid that runs this job must have sufficient authority -//* to alter security definitions -//* -//* 2. Assumption: signing CA chain of the Zowe external certificate is -//* added to the security database under the CERTAUTH userid. -//* -//* 3. If the Zowe certificate is imported from a data set then -//* the certificate has to be in PKCS12 format and has to -//* contain Zowe certificate's signing CA chain and private key. -//* -//* 4. This job WILL complete with return code 0. -//* The results of each command must be verified after completion. -//* -//********************************************************************* -// EXPORT SYMLIST=* -//* -//* * Option number to configure Zowe certificate -//* * Valid options: 1,2,3 -//* * Default option is 1 -// SET OPTION=1 -//* * IP address of the system where Zowe is to run -// SET IPADDRES='' -//* * If you have external certificate authorities for ITRMZWCA -//* * and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. -// SET IFZOWECA=0 -//* * Label of the intermediate CA of the Zowe certificate -//* if applicable -// SET ITRMZWCA='' -//* * Label of the root CA of the Zowe certificate if applicable -// SET ROOTZWCA='' -//* * If you enable VERIFY_CERTIFICATES or -//* * NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set -//* * IFROZFCA to 1 to connect z/OSMF certificate authority to -//* * Zowe keyring. Otherwise set to 0. -// SET IFROZFCA=0 -//* * Label of the root CA of the z/OSMF certificate if -//* applicable -// SET ROOTZFCA='' -//******************************************************************* -//* -//* * You do NOT need to set USERNAME when running ZWEGENER. -//* * This is used to keep some lines under the column limit. -//* -// SET USERNAME={zowe.setup.security.users.zowe} -//* -//********************************************************************* -//* -//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT -//* -//RUNRACF EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME={zowe.setup.security.product} -//* -//********************************************************************* -//* -//* RACF ONLY, customize to meet your system requirements -//* -//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Create the keyring .............................................. */ - RACDCERT ADDRING({zowe.setup.certificate.keyring.name}.) + - ID({zowe.setup.security.users.zowe}.) - SETROPTS RACLIST(DIGTRING) REFRESH -$$ -//IFOPT1 IF (&OPTION EQ 1) THEN -//RUNOPT1 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Option 1 - Default Option - BEGINNING ........................... */ -/* Create Zowe's local CA authority .................................*/ - RACDCERT GENCERT CERTAUTH + - SUBJECTSDN( + - CN('{zowe.setup.certificate.dname}. CA') + - OU('{zowe.setup.certificate.dname.orgUnit}.') + - O('{zowe.setup.certificate.dname.org}.') + - L('{zowe.setup.certificate.dname.locality}.') + - SP('{zowe.setup.certificate.dname.state}.') + - C('{zowe.setup.certificate.dname.country}.')) + - SIZE(2048) + - NOTAFTER(DATE(2030-05-01)) + - WITHLABEL('{zowe.setup.certificate.keyring.caLabel}') + - KEYUSAGE(CERTSIGN) - -/* Connect Zowe's local CA authority to the keyring ................ */ - RACDCERT CONNECT(CERTAUTH + - LABEL('{zowe.setup.certificate.keyring.caLabel}') + - RING({zowe.setup.certificate.keyring.name}.)) + - ID({zowe.setup.security.users.zowe}.) - -/* Create a certificate signed by local zowe's CA .................. */ - RACDCERT GENCERT ID({zowe.setup.security.users.zowe}.) + - SUBJECTSDN( + - CN('{zowe.setup.certificate.dname}. certificate') + - OU('{zowe.setup.certificate.dname.orgUnit}.') + - O('{zowe.setup.certificate.dname.org}.') + - L('{zowe.setup.certificate.dname.locality}.') + - SP('{zowe.setup.certificate.dname.state}.') + - C('{zowe.setup.certificate.dname.country}.')) + - SIZE(2048) + - NOTAFTER(DATE(2030-05-01)) + - WITHLABEL('{zowe.setup.certificate.keyring.label}.') + - KEYUSAGE(HANDSHAKE) + - ALTNAME(IP(&IPADDRES) + - DOMAIN('{zowe.externalDomains.0}')) + - SIGNWITH(CERTAUTH + - LABEL('{zowe.setup.certificate.keyring.caLabel}')) - -/* Connect a Zowe's certificate with the keyring ................... */ - RACDCERT CONNECT(ID({zowe.setup.security.users.zowe}.) + - LABEL('{zowe.setup.certificate.keyring.label}.') + - RING({zowe.setup.certificate.keyring.name}.) + - USAGE(PERSONAL) DEFAULT) + - ID({zowe.setup.security.users.zowe}.) - - SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH - -/* Option 1 - Default Option - END ................................. */ -$$ -//IFOPT1ED ENDIF -//* -//IFOPT2 IF (&OPTION EQ 2) THEN -//RUNOPT2 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Option 2 - BEGINNING ............................................ */ -/* Connect a Zowe's certificate with the keyring ................... */ - RACDCERT CONNECT(SITE | + - ID({zowe.setup.certificate.keyring.connect.user}) + - LABEL({zowe.setup.certificate.keyring.connect.label}) + - RING({zowe.setup.certificate.keyring.name}.) + - USAGE(PERSONAL) DEFAULT) + - ID({zowe.setup.security.users.zowe}.) - - SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH - -/* Option 2 - END .................................................. */ -$$ -//IFOPT2ED ENDIF -//* -//IFOPT3 IF (&OPTION EQ 3) THEN -//RUNOPT3 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Option 3 - BEGINNING ............................................ */ -/* Import external certificate from data set ....................... */ - RACDCERT ADD('{zowe.setup.certificate.keyring.import.dsName}.') + - ID({zowe.setup.security.users.zowe}.) + - WITHLABEL('{zowe.setup.certificate.keyring.label}') + - PASSWORD('{zowe.setup.certificate.keyring.import.password}.') + - TRUST - -/* Connect a Zowe's certificate with the keyring ................... */ - RACDCERT CONNECT(ID({zowe.setup.security.users.zowe}.) + - LABEL('{zowe.setup.certificate.keyring.label}') + - RING({zowe.setup.certificate.keyring.name}.) + - USAGE(PERSONAL) DEFAULT) + - ID({zowe.setup.security.users.zowe}.) - - SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH - -/* Option 3 - END .................................................. */ -$$ -//IFOPT3ED ENDIF -//* -//IFZWCA IF (&IFZOWECA EQ 1) THEN -//RUNZWCA EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Connect all CAs of the Zowe certificate's signing chain with the */ -/* keyring ......................................................... */ - RACDCERT CONNECT(CERTAUTH + - LABEL('&ITRMZWCA.') + - RING({zowe.setup.certificate.keyring.name}.) + - USAGE(CERTAUTH)) + - ID({zowe.setup.security.users.zowe}.) - - RACDCERT CONNECT(CERTAUTH + - LABEL('&ROOTZWCA.') + - RING({zowe.setup.certificate.keyring.name}.) + - USAGE(CERTAUTH)) + - ID({zowe.setup.security.users.zowe}.) - - SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH -$$ -//IFZWCAED ENDIF -//* -//IFZFCA IF (&IFROZFCA EQ 1) THEN -//RUNZFCA EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Connect the z/OSMF root CA signed by a recognized certificate ... */ -/* authority (CA) with the keyring ................................. */ - RACDCERT CONNECT(CERTAUTH + - LABEL('&ROOTZFCA.') + - RING({zowe.setup.certificate.keyring.name}.) + - USAGE(CERTAUTH)) + - ID({zowe.setup.security.users.zowe}.) - - SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH -$$ -//IFZFCAED ENDIF -//* -//COMRACF EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* A common part for all options - BEGINNING ....................... */ - -/* Allow ZOWEUSER to access keyring ................................ */ - -/* Activate RDATALIB class holding profiles that control ........... */ -/* certificate access ............................................. */ - SETROPTS CLASSACT(RDATALIB) RACLIST(RDATALIB) - -/* Define profiles that control certificate access ................. */ - RDEFINE RDATALIB + - &USERNAME..{zowe.setup.certificate.keyring.name}..LST + - UACC(NONE) - -/* Permit server user ID to access key ring and related ............ */ -/* private keys. ................................................... */ - PERMIT + - &USERNAME..{zowe.setup.certificate.keyring.name}..LST + - CLASS(RDATALIB) ID({zowe.setup.security.users.zowe}.) + - ACCESS(CONTROL) - -/* Uncomment this command to allow other user to access key ring ... */ -/* PERMIT &USERNAME..{zowe.setup.certificate.keyring.name}..LST + */ -/* CLASS(RDATALIB) ID() + */ -/* ACCESS(READ) */ - -/* Refresh to dynamically activate the changes. .................... */ - SETROPTS RACLIST(RDATALIB) REFRESH - -/* IRR.DIGTCERT logic pre-dates RDATALIB logic, and is not used when */ -/* the RDATALIB profile is used. The following PERMIT commands are . */ -/* present for customers who do not wish to use RDATALIB and want to */ -/* continue using their existing IRR.DIGTCERT setup. Note that the . */ -/* PERMIT commands will fail if the IRR.DIGTCERT profiles do not ... */ -/* already exist. .................................................. */ - PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) + - ID({zowe.setup.security.users.zowe}.) + - ACCESS(READ) - PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) + - ID({zowe.setup.security.users.zowe}.) + - ACCESS(READ) - -/* Uncomment this command if SITE user owns the Zowe certificate ... */ -/* PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) */ -/* ID({zowe.setup.security.users.zowe}.) + */ -/* ACCESS(CONTROL) */ - - SETROPTS RACLIST(FACILITY) REFRESH - -/* show results .................................................... */ - RLIST RDATALIB + - &USERNAME..{zowe.setup.certificate.keyring.name}..LST ALL - RLIST FACILITY IRR.DIGTCERT.LISTRING ALL - RLIST FACILITY IRR.DIGTCERT.LIST ALL - RLIST FACILITY IRR.DIGTCERT.GENCERT ALL - -/* List the keyring ................................................ */ - RACDCERT LISTRING({zowe.setup.certificate.keyring.name}.) + - ID({zowe.setup.security.users.zowe}.) - -/* Common part - END ............................................... */ -/* only the last RC is returned, this command ensures it is a 0 .... */ -PROFILE -$$ -//******************************************************************* -//* -//* ACF2 ONLY, customize to meet your system requirements -//* -//******************************************************************* -//RUNACF2 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//* -//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY -ACF -// -* Create the keyring .............................................. */ - SET PROFILE(USER) DIVISION(KEYRING) - INSERT {zowe.setup.security.users.zowe}..ZOWERING + - RINGNAME({zowe.setup.certificate.keyring.name}.) - F ACF2,REBUILD(USR),CLASS(P),DIVISION(KEYRING) -$$ -//IFOPT1 IF (&OPTION EQ 1) THEN -//RUNOPT1 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY -ACF -// -* Option 1 - Default Option - BEGINNING ........................... */ -* Create Zowe's local CA authority ................................ */ - SET PROFILE(USER) DIVISION(CERTDATA) - GENCERT CERTAUTH.ZOWECA - - LABEL({zowe.setup.certificate.keyring.caLabel}) SIZE(2048) - - SUBJSDN(CN='{zowe.setup.certificate.dname}. CA' - - OU='{zowe.setup.certificate.dname.orgUnit}.' - - O='{zowe.setup.certificate.dname.org}.' - - L='{zowe.setup.certificate.dname.locality}.' - - SP='{zowe.setup.certificate.dname.state}.' - - C='{zowe.setup.certificate.dname.country}.') - - EXPIRE(05/01/30) - - KEYUSAGE(CERTSIGN) -* -* Connect Zowe's local CA authority to the keyring ................ */ - SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA(CERTAUTH.ZOWECA) - - RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) - CHKCERT CERTAUTH.ZOWECA -* -* Create a certificate signed by local zowe's CA .................. */ - SET PROFILE(USER) DIV(CERTDATA) - GENCERT {zowe.setup.security.users.zowe}..ZOWECERT - - SUBJSDN(CN='{zowe.setup.certificate.dname}. certificate' - - OU='{zowe.setup.certificate.dname.orgUnit}.' - - O='{zowe.setup.certificate.dname.org}.' - - L='{zowe.setup.certificate.dname.locality}.' - - SP='{zowe.setup.certificate.dname.state}.' - - C='{zowe.setup.certificate.dname.country}.') - - SIZE(2048) - - EXPIRE(05/01/30) - - LABEL({zowe.setup.certificate.keyring.label}.) - - KEYUSAGE(HANDSHAKE) - - ALTNAME(IP=&IPADDRES DOMAIN={zowe.externalDomains.0}) - - SIGNWITH(CERTAUTH.ZOWECA) -* -* Connect a Zowe's certificate with the keyring ................... */ - SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA({zowe.setup.security.users.zowe}..ZOWECERT) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - - USAGE(PERSONAL) DEFAULT - CHKCERT {zowe.setup.security.users.zowe}..ZOWECERT -* -* Option 1 - Default Option - END ................................. */ -$$ -//IFOPT1ED ENDIF -//* -//IFOPT2 IF (&OPTION EQ 2) THEN -//RUNOPT2 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY -ACF -// -* Option 2 - BEGINNING ............................................ */ -* Connect a Zowe's certificate with the keyring ................... */ - SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA(SITECERT.digicert | userid.digicert) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - - USAGE(PERSONAL) DEFAULT - CHKCERT {zowe.setup.security.users.zowe}..ZOWECERT -* -* Option 2 - END .................................................. */ -$$ -//IFOPT2ED ENDIF -//* -//IFOPT3 IF (&OPTION EQ 3) THEN -//RUNOPT3 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY -ACF -// -* Option 3 - BEGINNING ............................................ */ -* Import external certificate from data set ....................... */ - SET PROFILE(USER) DIV(CERTDATA) - INSERT {zowe.setup.security.users.zowe}..ZOWECERT - - DSNAME('{zowe.setup.certificate.keyring.import.dsName}.') - - LABEL(&LABEL.) - - PASSWORD('{zowe.setup.certificate.keyring.import.password}.') - - TRUST -* -* Connect a Zowe's certificate with the keyring ................... */ - SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA({zowe.setup.security.users.zowe}..ZOWECERT) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - - USAGE(PERSONAL) DEFAULT - CHKCERT {zowe.setup.security.users.zowe}..ZOWECERT -* -* Option 3 - END .................................................. */ -$$ -//IFOPT3ED ENDIF -//* -//IFZWCA IF (&IFZOWECA EQ 1) THEN -//RUNZWCA EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY -ACF -// -* Connect all CAs of the Zowe certificate's signing chain with the */ -* keyring ......................................................... */ - SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA(CERTAUTH.&ITRMZWCA.) - - RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) -* - CONNECT CERTDATA(CERTAUTH.&ROOTZWCA.) - - RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) -$$ -//IFZWCAED ENDIF -//* -//IFZFCA IF (&IFROZFCA EQ 1) THEN -//RUNZFCA EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY -ACF -// -* Connect the z/OSMF root CA signed by a recognized certificate ... */ -* authority (CA) with the keyring ................................. */ - SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA(CERTAUTH.&ROOTZFCA.) - - RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) -$$ -//IFZFCAED ENDIF -//* -//COMACF2 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY -ACF -// -* A common part for all options - BEGINNING ....................... */ -* -* Allow ZOWEUSER to access keyring ................................ */ - SET RESOURCE(FAC) - RECKEY IRR ADD(DIGTCERT.LISTRING - - ROLE({zowe.setup.security.groups.stc}) - - SERVICE(READ) ALLOW) -* -* Uncomment this command if SITE acid owns the Zowe certificate ... */ -* RECKEY IRR ADD(DIGTCERT.GENCERT - -* ROLE({zowe.setup.security.groups.stc}) - -* SERVICE(CONTROL) ALLOW) -* - F ACF2,REBUILD(FAC) -* -* List the keyring ................................................ */ - SET PROFILE(USER) DIVISION(KEYRING) - LIST {zowe.setup.security.users.zowe}..ZOWERING -* Common part - END ............................................... */ -$$ -//******************************************************************** -//* -//* Top Secret ONLY, customize to meet your system requirements -//* -//******************************************************************** -//RUNTSS EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//* -//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Create the keyring .............................................. */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) -$$ -//IFOPT1 IF (&OPTION EQ 1) THEN -//RUNOPT1 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Create Zowe's local CA authority ............................... */ - TSS GENCERT(CERTAUTH) + - DIGICERT(ZOWECA) + - SUBJECTN( + - 'CN="{zowe.setup.certificate.dname}. CA" + - OU="{zowe.setup.certificate.dname.orgUnit}." + - O="{zowe.setup.certificate.dname.org}." + - L="{zowe.setup.certificate.dname.locality}." + - SP="{zowe.setup.certificate.dname.state}." + - C="{zowe.setup.certificate.dname.country}." ') + - KEYSIZE(2048) + - NADATE(05/01/30) + - LABLCERT({zowe.setup.certificate.keyring.caLabel}) + - KEYUSAGE('CERTSIGN') - -/* Connect Zowe's local CA authority to the keyring ................ */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + - RINGDATA(CERTAUTH,ZOWECA) - -/* Create a certificate signed by local zowe's CA .................. */ - TSS GENCERT({zowe.setup.security.users.zowe}.) + - DIGICERT(ZOWECERT) + - SUBJECTN( + - 'CN="{zowe.setup.certificate.dname}. certificate" + - OU="{zowe.setup.certificate.dname.orgUnit}." + - O="{zowe.setup.certificate.dname.org}." + - L="{zowe.setup.certificate.dname.locality}." + - SP="{zowe.setup.certificate.dname.state}." + - C="{zowe.setup.certificate.dname.country}." ') + - KEYSIZE(2048) + - NADATE(05/01/30) + - LABLCERT({zowe.setup.certificate.keyring.label}.) + - KEYUSAGE('HANDSHAKE') + - ALTNAME('DOMAIN={zowe.externalDomains.0}') + - SIGNWITH(CERTAUTH,ZOWECA) - -/* Connect a Zowe's certificate with the keyring ................... */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - RINGDATA({zowe.setup.security.users.zowe}.,ZOWECERT) + - USAGE(PERSONAL) DEFAULT - -/* Option 1 - Default Option - END ................................. */ -$$ -//IFOPT1ED ENDIF -//* -//IFOPT2 IF (&OPTION EQ 2) THEN -//RUNOPT2 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Option 2 - BEGINNING ............................................ */ -/* Connect a Zowe's certificate with the keyring ................... */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - RINGDATA(CERTSITE|userid,digicert) + - USAGE(PERSONAL) DEFAULT - -/* Option 2 - END .................................................. */ -$$ -//IFOPT2ED ENDIF -//* -//IFOPT3 IF (&OPTION EQ 3) THEN -//RUNOPT3 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Option 3 - BEGINNING ............................................ */ -/* Import external certificate from data set ....................... */ - TSS ADD({zowe.setup.security.users.zowe}.) + - DIGICERT(ZOWECERT) + - DCDSN({zowe.setup.certificate.keyring.import.dsName}.) + - LABLCERT({zowe.setup.certificate.keyring.label}.) + - PKCSPASS('{zowe.setup.certificate.keyring.import.password}.') + - TRUST - -/* Connect a Zowe's certificate with the keyring ................... */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - RINGDATA({zowe.setup.security.users.zowe}.,ZOWECERT) + - USAGE(PERSONAL) DEFAULT - -/* Option 3 - END .................................................. */ -$$ -//IFOPT3ED ENDIF -//* -//IFZWCA IF (&IFZOWECA EQ 1) THEN -//RUNZWCA EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Connect all CAs of the Zowe certificate's signing chain with the */ -/* keyring ......................................................... */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + - RINGDATA(CERTAUTH,&ITRMZWCA.) USAGE(CERTAUTH) - - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + - RINGDATA(CERTAUTH,&ROOTZWCA.) USAGE(CERTAUTH) -$$ -//IFZWCAED ENDIF -//* -//IFZFCA IF (&IFROZFCA EQ 1) THEN -//RUNZFCA EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Connect the z/OSMF root CA signed by a recognized certificate ... */ -/* authority (CA) with the keyring ................................. */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + - RINGDATA(CERTAUTH,&ROOTZFCA.) USAGE(CERTAUTH) -$$ -//IFZFCAED ENDIF -//* -//COMTSS EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* A common part for all options starts here ....................... */ - -/* Allow ZOWEUSER to access keyring ................................ */ - TSS PERMIT({zowe.setup.security.users.zowe}.) + - IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) - -/* Uncomment this command if SITE acid owns the Zowe certificate ... */ -/* TSS PERMIT({zowe.setup.security.users.zowe}.) + - IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) - -/* List the keyring ................................................ */ - TSS LIST({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) - -/* Common part - END ............................................... */ -/* only the last RC is returned, this command ensures it is a 0 */ -PROFILE -$$ -//* From db6a80943d66e554667cf64ded5cfd63a2ca2347 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 7 Feb 2024 08:01:09 -0500 Subject: [PATCH 082/258] Added setting zowe.setup.vsam.name to automated tests Signed-off-by: 1000TurquoisePogs --- bin/commands/init/vsam/.parameters | 3 ++- bin/commands/init/vsam/index.sh | 6 +++++- playbooks/roles/configfmid/tasks/main.yml | 1 + playbooks/roles/configure/tasks/main.yml | 1 + 4 files changed, 9 insertions(+), 2 deletions(-) diff --git a/bin/commands/init/vsam/.parameters b/bin/commands/init/vsam/.parameters index 5182058f4b..c04e8f38ea 100644 --- a/bin/commands/init/vsam/.parameters +++ b/bin/commands/init/vsam/.parameters @@ -1,2 +1,3 @@ allow-overwrite,allow-overwritten||boolean|||||Allow overwritten existing MVS data set. -dry-run||boolean|||||Generates and prints JCL but does not execute \ No newline at end of file +dry-run||boolean|||||Generates and prints JCL but does not execute +update-config||boolean|||||Whether to update YAML configuration for caching-service to match vsam name. \ No newline at end of file diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index 060d257a70..6b46b10535 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -72,7 +72,7 @@ if [ "${vsam_mode}" = "RLS" ]; then print_error_and_exit "Error ZWEL0157E: Zowe Caching Service VSAM data set RLS storage class (zowe.setup.vsam.storageClass) is not defined in Zowe YAML configuration file." "" 157 fi fi -vsam_name=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".components.caching-service.storage.vsam.name") +vsam_name=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.vsam.name") if [ -z "${vsam_name}" ]; then print_error_and_exit "Error ZWEL0157E: Zowe Caching Service VSAM data set name (components.caching-service.storage.vsam.name) is not defined in Zowe YAML configuration file." "" 157 fi @@ -118,6 +118,10 @@ if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then if [ "${code}" -eq 0 ]; then print_level2_message "Zowe Caching Service VSAM storage is created successfully." + if [ "${ZWE_CLI_PARAMETER_UPDATE_CONFIG}" = "true" ]; then + update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "components.caching-service.storage.vsam.name" "${vsam_name}" + print_level2_message "Zowe configuration is updated successfully." + fi else print_error_and_exit "Error ZWEL0163E: Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." "" 163 fi diff --git a/playbooks/roles/configfmid/tasks/main.yml b/playbooks/roles/configfmid/tasks/main.yml index 7b2ad2c6c5..2c7dca58e7 100644 --- a/playbooks/roles/configfmid/tasks/main.yml +++ b/playbooks/roles/configfmid/tasks/main.yml @@ -224,6 +224,7 @@ "zowe.setup.vsam.volume": "{{ zowe_caching_vsam_volume }}" "zowe.setup.vsam.storageClass": "{{ zowe_caching_vsam_storage_class }}" "components.caching-service.storage.mode": "{{ zowe_caching_service_persistent }}" + "zowe.setup.vsam.name": "{{ zowe_dataset_prefix }}.{{ zowe_caching_service_vsam_dsprefix }}{{ zowe_instance_id }}" "components.caching-service.storage.vsam.name": "{{ zowe_dataset_prefix }}.{{ zowe_caching_service_vsam_dsprefix }}{{ zowe_instance_id }}" - name: Update zowe.yaml zowe.setup.vsam.mode to NONRLS diff --git a/playbooks/roles/configure/tasks/main.yml b/playbooks/roles/configure/tasks/main.yml index 0cc6b1f017..024eab6b27 100644 --- a/playbooks/roles/configure/tasks/main.yml +++ b/playbooks/roles/configure/tasks/main.yml @@ -225,6 +225,7 @@ "zowe.setup.vsam.volume": "{{ zowe_caching_vsam_volume }}" "zowe.setup.vsam.storageClass": "{{ zowe_caching_vsam_storage_class }}" "components.caching-service.storage.mode": "{{ zowe_caching_service_persistent }}" + "zowe.setup.vsam.name": "{{ zowe_dataset_prefix }}.{{ zowe_caching_service_vsam_dsprefix }}{{ zowe_instance_id }}" "components.caching-service.storage.vsam.name": "{{ zowe_dataset_prefix }}.{{ zowe_caching_service_vsam_dsprefix }}{{ zowe_instance_id }}" - name: Update zowe.yaml zowe.setup.vsam.mode to NONRLS From 2645607911012e8f5a245efa3701899f3a95b612 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 7 Feb 2024 14:16:50 -0500 Subject: [PATCH 083/258] Fix extra . present in some jcl after templating. make zwegen00 not copy un-needed jcl. add jcl for init apfauth command. start to deduplicate boilerplate Signed-off-by: 1000TurquoisePogs --- bin/commands/init/apfauth/.parameters | 3 +- bin/commands/init/apfauth/index.sh | 49 +++-------- bin/libs/zos-jes.sh | 59 ++++++++++++++ bin/libs/zos.sh | 26 ++++++ files/SZWEEXEC/ZWEGEN00 | 112 +++++++++++++++----------- files/SZWESAMP/ZWEIACF2 | 44 +++++----- files/SZWESAMP/ZWEIAPF | 17 ++++ files/SZWESAMP/ZWEIKRA1 | 66 ++++++--------- files/SZWESAMP/ZWEIKRA2 | 51 ++++-------- files/SZWESAMP/ZWEIKRA3 | 56 +++++-------- files/SZWESAMP/ZWEIKRR1 | 102 ++++++++++------------- files/SZWESAMP/ZWEIKRR2 | 69 ++++++---------- files/SZWESAMP/ZWEIKRR3 | 73 +++++++---------- files/SZWESAMP/ZWEIKRT1 | 64 +++++---------- files/SZWESAMP/ZWEIKRT2 | 55 ++++--------- files/SZWESAMP/ZWEIKRT3 | 60 +++++--------- files/SZWESAMP/ZWEIRACF | 64 +++++++-------- files/SZWESAMP/ZWEISTC | 6 +- files/SZWESAMP/ZWEITSS | 86 ++++++++++---------- files/SZWESAMP/ZWENOKYR | 24 +++--- files/SZWESAMP/ZWENOSEC | 72 ++++++++--------- 21 files changed, 533 insertions(+), 625 deletions(-) create mode 100644 files/SZWESAMP/ZWEIAPF diff --git a/bin/commands/init/apfauth/.parameters b/bin/commands/init/apfauth/.parameters index 62b1a05778..56143b1254 100644 --- a/bin/commands/init/apfauth/.parameters +++ b/bin/commands/init/apfauth/.parameters @@ -1,2 +1 @@ -security-dry-run||boolean|||||Whether to dry run security related setup. -ignore-security-failures||boolean|||||Whether to ignore security setup job failures. +security-dry-run,dry-run||boolean|||||Whether to dry run security related setup. diff --git a/bin/commands/init/apfauth/index.sh b/bin/commands/init/apfauth/index.sh index d248cbb904..4e04ae7ae8 100644 --- a/bin/commands/init/apfauth/index.sh +++ b/bin/commands/init/apfauth/index.sh @@ -15,51 +15,20 @@ print_level1_message "APF authorize load libraries" ############################### # constants -auth_libs="authLoadlib authPluginLib" +required_yaml_content="prefix authLoadlib authPluginLib" ############################### # validation require_zowe_yaml -# read prefix and validate -prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") -if [ -z "${prefix}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 -fi - -############################### -# APF authorize loadlib -job_has_failures= -for key in ${auth_libs}; do - # read def and validate - ds=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.${key}") - if [ -z "${ds}" ]; then - # authLoadlib can be empty - if [ "${key}" = "authLoadlib" ]; then - ds="${prefix}.${ZWE_PRIVATE_DS_SZWEAUTH}" - else - print_error_and_exit "Error ZWEL0157E: ${name} (zowe.setup.dataset.${key}) is not defined in Zowe YAML configuration file." "" 157 - fi - fi - - print_message "APF authorize ${ds}" - apf_authorize_data_set "${ds}" - code=$? - if [ $code -ne 0 ]; then - if [ "${ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES}" = "true" ]; then - job_has_failures=true - else - exit $code - fi - else - print_debug "- APF authorized successfully." +for key in ${required_params}; do + eval "${key}=$(read_yaml \"${ZWE_CLI_PARAMETER_CONFIG}\" \".zowe.setup.dataset.${key}\")" + if [ -z "${key}" ]; then + print_error_and_exit "Error ZWEL0157E: Dataset parameter (zowe.setup.dataset.${key}) is not defined in Zowe YAML configuration file." "" 157 fi done -############################### -# exit message -if [ "${job_has_failures}" = "true" ]; then - print_level2_message "Failed to APF authorize Zowe load libraries. Please check log for details." -else - print_level2_message "Zowe load libraries are APF authorized successfully." -fi +jcllib=$(verify_generated_jcl) + +print_and_handle_jcl "//'${jcllib}(ZWEIAPF)'" "ZWEIAPF" "${jcllib}" "${prefix}" +print_level2_message "Zowe load libraries are APF authorized successfully." diff --git a/bin/libs/zos-jes.sh b/bin/libs/zos-jes.sh index 50a86d196c..d97445e164 100644 --- a/bin/libs/zos-jes.sh +++ b/bin/libs/zos-jes.sh @@ -137,3 +137,62 @@ wait_for_job() { return 1 fi } + +print_and_handle_jcl() + jcl_location="${1}" + job_name="{2}" + jcllib="${3}" + prefix="${4}" + remove_jcl_on_finish="${5}" + jcl_contents=$(cat "${jcl_location}") + + print_message "Template JCL: ${prefix}.SZWESAMP(${job_name}) , Executable JCL: ${jcllib}(${job_name})" + print_message "--- JCL Content ---" + print_message "$jcl_contents" + print_message "--- End of JCL ---" + + if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then + print_message "Submitting Job ${job_name}" + jobid=$(submit_job "${jcl_location}'") + code=$? + if [ ${code} -ne 0 ]; then + if [ "${remove_jcl_on_finish}" = "true" ]; then + rm "${jcl_location}" + fi + print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib}(${job_name})." "" 161 + fi + print_debug "- job id ${jobid}" + + jobstate=$(wait_for_job "${jobid}") + code=$? + if [ ${code} -eq 1 ]; then + if [ "${remove_jcl_on_finish}" = "true" ]; then + rm "${jcl_location}" + fi + print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 + fi + jobname=$(echo "${jobstate}" | awk -F, '{print $2}') + jobcctext=$(echo "${jobstate}" | awk -F, '{print $3}') + jobcccode=$(echo "${jobstate}" | awk -F, '{print $4}') + + if [ "${code}" -eq 0 ]; then + else + if [ "${remove_jcl_on_finish}" = "true" ]; then + rm "${jcl_location}" + fi + print_error_and_exit "Error ZWEL0163E: Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." "" 163 + fi + if [ "${remove_jcl_on_finish}" = "true" ]; then + rm "${jcl_location}" + fi + return 0 + else + print_message "JCL not submitted, command run with dry run flag." + print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" + print_level2_message "Command run successfully." + if [ "${remove_jcl_on_finish}" = "true" ]; then + rm "${jcl_location}" + fi + return 0 + fi +} diff --git a/bin/libs/zos.sh b/bin/libs/zos.sh index a39c6df6aa..fb4418bd7e 100644 --- a/bin/libs/zos.sh +++ b/bin/libs/zos.sh @@ -66,3 +66,29 @@ operator_command() { return ${code} } + +verify_generated_jcl() { + # read JCL library and validate + jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") + does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEISTC)") + if [ -z "${does_jcl_exist}" ]; then + zwecli_inline_execute_command init generate + fi + + # should be created, but may take time to discover. + if [ -z "${does_jcl_exist}" ]; then + does_jcl_exist= + for secs in 1 5 10 ; do + does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEISTC)") + if [ -z "${does_jcl_exist}" ]; then + sleep ${secs} + else + break + fi + done + if [ -z "${does_jcl_exist}" ]; then + print_error_and_exit "Error ZWEL0999E: ${jcllib} does not exist, cannot run command. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 + else + echo "${jcllib}" + fi +} diff --git a/files/SZWEEXEC/ZWEGEN00 b/files/SZWEEXEC/ZWEGEN00 index 1e6d73bbc8..2483948ac9 100644 --- a/files/SZWEEXEC/ZWEGEN00 +++ b/files/SZWEEXEC/ZWEGEN00 @@ -76,55 +76,6 @@ CFG.zwe.header.date = TRANSLATE(DATE(), '-', ' ') CFG.zwe.header.time = TIME() CFG.ZWE_CLI_PARAMETER_CONFIG = configChainWithMembers -/* -================================================================================ - Determine the external security manager on the system so that the correct - jcl templates can be used. -================================================================================ -*/ - -CVT_ADDR = C2X(STORAGE(D2X(16), 4)) -CVTRAC_ADDR = C2X(STORAGE(D2X(X2D(CVT_ADDR) + 992), 4)) -CVTRAC_VAL = STORAGE(CVTRAC_ADDR, 4) - -esm.0 = 3 - -esm.1.search = 'RCVT' -esm.1.prefix = 'ZWEKRR' - -esm.2.search = 'RTSS' -esm.2.prefix = 'ZWEKRT' - -esm.3.search = 'ACF2' -esm.3.prefix = 'ZWEKRA' - -ringType = 0 - -/* attempt to handle getting only 1 keyring jcl -if WORDINDEX(CFG.zowe.setup.certificate.type, 'JCE') > 0 then do - if LENGTH(CFG.zowe.setup.certificate.keyring.connect) > 0 then do - say 'connect exists, it is 'CFG.zowe.setup.certificate.keyring.connect'.' - ringType = 2 - else if LENGTH(CFG.zowe.setup.certificate.keyring.import) > 0 then do - say 'import exists, it is 'CFG.zowe.setup.certificate.keyring.import'.' - ringType = 3 - else do - say 'ring to be created' - ringType = 1 - end -else do - say 'pkcs12 to be used' -end - -if ringType > 0 then do - do i = 1 to esm.0 - if COMPARE(esm.i.search, CVTRAC_VAL) = 0 then do - ringMember = 'ZWEKR'esm.i.prefix''ringType - end - end -end -*/ - /* ================================================================================ Create a data set with attributes like the original jcl library and copy @@ -192,6 +143,69 @@ x = DeleteDataSet(jclCopy'(ZWESISCH)') x = DeleteDataSet(jclCopy'(ZWESECKG)') +/* +================================================================================ + Determine the external security manager on the system so that the correct + jcl templates can be used. +================================================================================ +*/ + +CVT_ADDR = C2X(STORAGE(D2X(16), 4)) +CVTRAC_ADDR = C2X(STORAGE(D2X(X2D(CVT_ADDR) + 992), 4)) +CVTRAC_VAL = STORAGE(CVTRAC_ADDR, 4) + +ringType = 0 + +/* attempt to handle getting only 1 keyring jcl +if WORDINDEX(CFG.zowe.setup.certificate.type, 'JCE') > 0 then do + if LENGTH(CFG.zowe.setup.certificate.keyring.connect) > 0 then do + say 'connect exists, it is 'CFG.zowe.setup.certificate.keyring.connect'.' + ringType = 2 + end + if LENGTH(CFG.zowe.setup.certificate.keyring.import) > 0 then do + say 'import exists, it is 'CFG.zowe.setup.certificate.keyring.import'.' + ringType = 3 + end + else do + say 'ring to be created' + ringType = 1 + end +else do + say 'pkcs12 to be used' +end +*/ + +if COMPARE('RCVT', CVTRAC_VAL) = 0 then do + x = DeleteDataSet(jclCopy'(ZWEIKRA1)') + x = DeleteDataSet(jclCopy'(ZWEIKRA2)') + x = DeleteDataSet(jclCopy'(ZWEIKRA3)') + x = DeleteDataSet(jclCopy'(ZWEIKRT1)') + x = DeleteDataSet(jclCopy'(ZWEIKRT2)') + x = DeleteDataSet(jclCopy'(ZWEIKRT3)') + x = DeleteDataSet(jclCopy'(ZWEIACF2)') + x = DeleteDataSet(jclCopy'(ZWEITSS)') +end +if COMPARE('RTSS', CVTRAC_VAL) = 0 then do + x = DeleteDataSet(jclCopy'(ZWEIKRA1)') + x = DeleteDataSet(jclCopy'(ZWEIKRA2)') + x = DeleteDataSet(jclCopy'(ZWEIKRA3)') + x = DeleteDataSet(jclCopy'(ZWEIKRR1)') + x = DeleteDataSet(jclCopy'(ZWEIKRR2)') + x = DeleteDataSet(jclCopy'(ZWEIKRR3)') + x = DeleteDataSet(jclCopy'(ZWEIACF2)') + x = DeleteDataSet(jclCopy'(ZWEIRACF)') +end +else do + x = DeleteDataSet(jclCopy'(ZWEIKRT1)') + x = DeleteDataSet(jclCopy'(ZWEIKRT2)') + x = DeleteDataSet(jclCopy'(ZWEIKRT3)') + x = DeleteDataSet(jclCopy'(ZWEIKRR1)') + x = DeleteDataSet(jclCopy'(ZWEIKRR2)') + x = DeleteDataSet(jclCopy'(ZWEIKRR3)') + x = DeleteDataSet(jclCopy'(ZWEIRACF)') + x = DeleteDataSet(jclCopy'(ZWEITSS)') +end + say jcl' has been copied to 'jclCopy'.' /* diff --git a/files/SZWESAMP/ZWEIACF2 b/files/SZWESAMP/ZWEIACF2 index c446614664..7e93a5bf19 100644 --- a/files/SZWESAMP/ZWEIACF2 +++ b/files/SZWESAMP/ZWEIACF2 @@ -103,7 +103,7 @@ F ACF2,REBUILD(GRP),CLASS(P) * SET LID INSERT {zowe.setup.security.users.zowe}. + - STC GROUP({zowe.setup.security.groups.stc}.) + STC GROUP({zowe.setup.security.groups.stc}) SET PROFILE(USER) DIV(OMVS) INSERT {zowe.setup.security.users.zowe}. + AUTOUID HOME(/tmp) OMVSPGM(/bin/sh) @@ -114,7 +114,7 @@ F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) * SET LID INSERT {zowe.setup.security.users.zis}. + - STC GROUP({zowe.setup.security.groups.stc}.) + STC GROUP({zowe.setup.security.groups.stc}) SET PROFILE(USER) DIV(OMVS) INSERT {zowe.setup.security.users.zis}. + AUTOUID HOME(/tmp) OMVSPGM(/bin/sh) @@ -126,27 +126,27 @@ F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) * SET CONTROL(GSO) INSERT STC.{zowe.setup.security.stcs.zowe}. + - LOGONID({zowe.setup.security.users.zowe}.) + -GROUP({zowe.setup.security.groups.stc}.) + -STCID({zowe.setup.security.stcs.zowe}.) + LOGONID({zowe.setup.security.users.zowe}) + +GROUP({zowe.setup.security.groups.stc}) + +STCID({zowe.setup.security.stcs.zowe}) F ACF2,REFRESH(STC) * * started task for ZIS cross memory server * SET CONTROL(GSO) INSERT STC.{zowe.setup.security.stcs.zis}. + - LOGONID({zowe.setup.security.users.zis}.) + -GROUP({zowe.setup.security.groups.stc}.) + -STCID({zowe.setup.security.stcs.zis}.) + LOGONID({zowe.setup.security.users.zis}) + +GROUP({zowe.setup.security.groups.stc}) + +STCID({zowe.setup.security.stcs.zis}) F ACF2,REFRESH(STC) * * started task for ZIS Auxiliary cross memory server * SET CONTROL(GSO) INSERT STC.{zowe.setup.security.stcs.aux}. + - LOGONID({zowe.setup.security.users.zis}.) + -GROUP({zowe.setup.security.groups.stc}.) + -STCID({zowe.setup.security.stcs.aux}.) + LOGONID({zowe.setup.security.users.zis}) + +GROUP({zowe.setup.security.groups.stc}) + +STCID({zowe.setup.security.stcs.aux}) F ACF2,REFRESH(STC) * * DEFINE ZIS SECURITY RESOURCES .................................. @@ -156,10 +156,10 @@ F ACF2,REFRESH(STC) * SET X(ROL) INSERT {zowe.setup.security.groups.stc}. + - INCLUDE({zowe.setup.security.users.zowe}.) ROLE + INCLUDE({zowe.setup.security.users.zowe}) ROLE F ACF2,NEWXREF,TYPE(ROL) CHANGE {zowe.setup.security.groups.stc}. + - INCLUDE({zowe.setup.security.users.zis}.) ADD + INCLUDE({zowe.setup.security.users.zis}) ADD F ACF2,NEWXREF,TYPE(ROL) * * DEFINE STC SERVER PERMISIONS .................................... @@ -168,7 +168,7 @@ F ACF2,NEWXREF,TYPE(ROL) * SET RESOURCE(FAC) RECKEY ZWES ADD(IS SERVICE(READ) + - ROLE({zowe.setup.security.groups.stc}.) ALLOW) + ROLE({zowe.setup.security.groups.stc}) ALLOW) F ACF2,REBUILD(FAC) * * DEFINE ZOWE SERVER PERMISIONS ................................... @@ -182,38 +182,38 @@ F ACF2,REBUILD(FAC) * SET RESOURCE(FAC) RECKEY BPX ADD(DAEMON SERVICE(UPDATE) + - ROLE({zowe.setup.security.groups.stc}.) ALLOW) + ROLE({zowe.setup.security.groups.stc}) ALLOW) RECKEY BPX ADD(SERVER SERVICE(UPDATE) + - ROLE({zowe.setup.security.groups.stc}.) ALLOW) + ROLE({zowe.setup.security.groups.stc}) ALLOW) * * permit Zowe main server to create a user's security environment * comment out the following 3 lines if the OMVSAPPL is not defined * in your environment SET RESOURCE(APL) RECKEY OMVSAPPL ADD(SERVICE(READ) + - ROLE({zowe.setup.security.groups.stc}.) ALLOW) + ROLE({zowe.setup.security.groups.stc}) ALLOW) F ACF2,REBUILD(APL) * * Allow STCGRP role access to BPX.JOBNAME RECKEY BPX ADD(JOBNAME SERVICE(READ) + - ROLE({zowe.setup.security.groups.stc}.) ALLOW) + ROLE({zowe.setup.security.groups.stc}) ALLOW) F ACF2,REBUILD(FAC) * allow STCGRP role to use client certificate mapping service SET RESOURCE(FAC) -RECKEY IRR ADD(RUSERMAP ROLE({zowe.setup.security.groups.stc}.) + +RECKEY IRR ADD(RUSERMAP ROLE({zowe.setup.security.groups.stc}) + SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * allow STCGRP role to use distributed identity mapping service SET RESOURCE(FAC) RECKEY IRR ADD(IDIDMAP.QUERY + - ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) + ROLE({zowe.setup.security.groups.stc}) SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * permit Zowe main server to cut SMF records SET RESOURCE(FAC) -RECKEY IRR ADD(RAUDITX ROLE({zowe.setup.security.groups.stc}.) + +RECKEY IRR ADD(RAUDITX ROLE({zowe.setup.security.groups.stc}) + SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) @@ -229,7 +229,7 @@ SET RULE LIST {zowe.setup.dataset.prefix}. RECKEY {zowe.setup.dataset.prefix}. ADD(- UID(-) READ(A) EXEC(P)) RECKEY {zowe.setup.dataset.prefix}. + -ADD(- UID({zowe.setup.security.groups.sysProg}.) + +ADD(- UID({zowe.setup.security.groups.sysProg}) + READ(A) EXEC(A) ALLOC(A) WRITE(A)) * * show results diff --git a/files/SZWESAMP/ZWEIAPF b/files/SZWESAMP/ZWEIAPF new file mode 100644 index 0000000000..e1da539a48 --- /dev/null +++ b/files/SZWESAMP/ZWEIAPF @@ -0,0 +1,17 @@ +//ZWEIAPF JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//APFLOAD COMMAND 'SETPROG APF,ADD,DSN={zowe.setup.dataset.authLoadLib}' +//* +//APFLIB COMMAND 'SETPROG APF,ADD,DSN={zowe.setup.dataset.authPluginLib}' +//* diff --git a/files/SZWESAMP/ZWEIKRA1 b/files/SZWESAMP/ZWEIKRA1 index b27c1db2e6..8672305306 100644 --- a/files/SZWESAMP/ZWEIKRA1 +++ b/files/SZWESAMP/ZWEIKRA1 @@ -11,28 +11,12 @@ //* //********************************************************************* //* -//* Zowe Open Source Project //* This JCL can be used to define key ring and certificates for Zowe //* -//********************************************************************* //* ATTENTION! -//* Configure certificate for Zowe -//* Select one of three options which is the most suitable for your -//* environment and follow the appropriate action -//* -//* Options: -//* 1. (default option) Generate Zowe's certificate that will be -//* signed by the Zowe's local CA -//* -//* 2. Zowe's certificate is already loaded in RACF database -//* ACTION: -//* a. modify the following snippet -//* CONNECT(SITE | ID(userid) + -//* LABEL('certlabel') + -//* to match the owner of the desired certificate -//* -//* 3. Import external Zowe's certificate from a data set in PKCS12 -//* format +//* Each ZWEIKR JCL is for different ESM and Keyring options. +//* This one is for generating new certificates +//* Signed by a Zowe-generated local certificate authority (CA) //* //********************************************************************* //* @@ -73,11 +57,7 @@ //* 2. Assumption: signing CA chain of the Zowe external certificate is //* added to the security database under the CERTAUTH userid. //* -//* 3. If the Zowe certificate is imported from a data set then -//* the certificate has to be in PKCS12 format and has to -//* contain Zowe certificate's signing CA chain and private key. -//* -//* 4. This job WILL complete with return code 0. +//* 3. This job WILL complete with return code 0. //* The results of each command must be verified after completion. //* //********************************************************************* @@ -117,8 +97,8 @@ ACF // * Create the keyring .............................................. */ SET PROFILE(USER) DIVISION(KEYRING) - INSERT {zowe.setup.security.users.zowe}..ZOWERING + - RINGNAME({zowe.setup.certificate.keyring.name}.) + INSERT {zowe.setup.security.users.zowe}.ZOWERING + + RINGNAME({zowe.setup.certificate.keyring.name}) F ACF2,REBUILD(USR),CLASS(P),DIVISION(KEYRING) $$ //RUNOPT1 EXEC PGM=IKJEFT01,REGION=0M @@ -137,39 +117,39 @@ ACF O='{zowe.setup.certificate.dname.org}.' - L='{zowe.setup.certificate.dname.locality}.' - SP='{zowe.setup.certificate.dname.state}.' - - C='{zowe.setup.certificate.dname.country}.') - + C='{zowe.setup.certificate.dname.country}') - EXPIRE(05/01/30) - KEYUSAGE(CERTSIGN) * * Connect Zowe's local CA authority to the keyring ................ */ SET PROFILE(USER) DIVISION(CERTDATA) CONNECT CERTDATA(CERTAUTH.ZOWECA) - - RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) + RINGNAME({zowe.setup.certificate.keyring.name}) - + KEYRING({zowe.setup.security.users.zowe}.ZOWERING) USAGE(CERTAUTH) CHKCERT CERTAUTH.ZOWECA * * Create a certificate signed by local zowe's CA .................. */ SET PROFILE(USER) DIV(CERTDATA) - GENCERT {zowe.setup.security.users.zowe}..ZOWECERT - + GENCERT {zowe.setup.security.users.zowe}.ZOWECERT - SUBJSDN(CN='{zowe.setup.certificate.dname}. certificate' - OU='{zowe.setup.certificate.dname.orgUnit}.' - O='{zowe.setup.certificate.dname.org}.' - L='{zowe.setup.certificate.dname.locality}.' - SP='{zowe.setup.certificate.dname.state}.' - - C='{zowe.setup.certificate.dname.country}.') - + C='{zowe.setup.certificate.dname.country}') - SIZE(2048) - EXPIRE(05/01/30) - - LABEL({zowe.setup.certificate.keyring.label}.) - + LABEL({zowe.setup.certificate.keyring.label}) - KEYUSAGE(HANDSHAKE) - ALTNAME(IP=&IPADDRES DOMAIN={zowe.externalDomains.0}) - SIGNWITH(CERTAUTH.ZOWECA) * * Connect a Zowe's certificate with the keyring ................... */ SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA({zowe.setup.security.users.zowe}..ZOWECERT) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - + CONNECT CERTDATA({zowe.setup.security.users.zowe}.ZOWECERT) - + KEYRING({zowe.setup.security.users.zowe}.ZOWERING) - USAGE(PERSONAL) DEFAULT - CHKCERT {zowe.setup.security.users.zowe}..ZOWECERT + CHKCERT {zowe.setup.security.users.zowe}.ZOWECERT * * Option 1 - Default Option - END ................................. */ $$ @@ -185,12 +165,12 @@ ACF * keyring ......................................................... */ SET PROFILE(USER) DIVISION(CERTDATA) CONNECT CERTDATA(CERTAUTH.&ITRMZWCA.) - - RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) + RINGNAME({zowe.setup.certificate.keyring.name}) - + KEYRING({zowe.setup.security.users.zowe}.ZOWERING) USAGE(CERTAUTH) * CONNECT CERTDATA(CERTAUTH.&ROOTZWCA.) - - RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) + RINGNAME({zowe.setup.certificate.keyring.name}) - + KEYRING({zowe.setup.security.users.zowe}.ZOWERING) USAGE(CERTAUTH) $$ //IFZWCAED ENDIF //* @@ -205,9 +185,9 @@ ACF * authority (CA) with the keyring ................................. */ SET PROFILE(USER) DIVISION(CERTDATA) CONNECT - - CERTDATA(CERTAUTH.{zowe.setup.certificate.keyring.zOSMF.ca}.) - - RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - + CERTDATA(CERTAUTH.{zowe.setup.certificate.keyring.zOSMF.ca}) - + RINGNAME({zowe.setup.certificate.keyring.name}) - + KEYRING({zowe.setup.security.users.zowe}.ZOWERING) - USAGE(CERTAUTH) $$ //IFZFCAED ENDIF @@ -235,7 +215,7 @@ ACF * * List the keyring ................................................ */ SET PROFILE(USER) DIVISION(KEYRING) - LIST {zowe.setup.security.users.zowe}..ZOWERING + LIST {zowe.setup.security.users.zowe}.ZOWERING * Common part - END ............................................... */ $$ //* diff --git a/files/SZWESAMP/ZWEIKRA2 b/files/SZWESAMP/ZWEIKRA2 index d30cce8599..c30a3db8c4 100644 --- a/files/SZWESAMP/ZWEIKRA2 +++ b/files/SZWESAMP/ZWEIKRA2 @@ -11,28 +11,11 @@ //* //********************************************************************* //* -//* Zowe Open Source Project //* This JCL can be used to define key ring and certificates for Zowe //* -//********************************************************************* //* ATTENTION! -//* Configure certificate for Zowe -//* Select one of three options which is the most suitable for your -//* environment and follow the appropriate action -//* -//* Options: -//* 1. (default option) Generate Zowe's certificate that will be -//* signed by the Zowe's local CA -//* -//* 2. Zowe's certificate is already loaded in RACF database -//* ACTION: -//* a. modify the following snippet -//* CONNECT(SITE | ID(userid) + -//* LABEL('certlabel') + -//* to match the owner of the desired certificate -//* -//* 3. Import external Zowe's certificate from a data set in PKCS12 -//* format +//* Each ZWEIKR JCL is for different ESM and Keyring options. +//* This one is for connecting a certificate already in the ESM DB. //* //********************************************************************* //* @@ -73,11 +56,7 @@ //* 2. Assumption: signing CA chain of the Zowe external certificate is //* added to the security database under the CERTAUTH userid. //* -//* 3. If the Zowe certificate is imported from a data set then -//* the certificate has to be in PKCS12 format and has to -//* contain Zowe certificate's signing CA chain and private key. -//* -//* 4. This job WILL complete with return code 0. +//* 3. This job WILL complete with return code 0. //* The results of each command must be verified after completion. //* //********************************************************************* @@ -117,8 +96,8 @@ ACF // * Create the keyring .............................................. */ SET PROFILE(USER) DIVISION(KEYRING) - INSERT {zowe.setup.security.users.zowe}..ZOWERING + - RINGNAME({zowe.setup.certificate.keyring.name}.) + INSERT {zowe.setup.security.users.zowe}.ZOWERING + + RINGNAME({zowe.setup.certificate.keyring.name}) F ACF2,REBUILD(USR),CLASS(P),DIVISION(KEYRING) $$ //* @@ -132,9 +111,9 @@ ACF * Connect a Zowe's certificate with the keyring ................... */ SET PROFILE(USER) DIVISION(CERTDATA) CONNECT CERTDATA(SITECERT.digicert | userid.digicert) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - + KEYRING({zowe.setup.security.users.zowe}.ZOWERING) - USAGE(PERSONAL) DEFAULT - CHKCERT {zowe.setup.security.users.zowe}..ZOWECERT + CHKCERT {zowe.setup.security.users.zowe}.ZOWECERT * * Option 2 - END .................................................. */ $$ @@ -151,12 +130,12 @@ ACF * keyring ......................................................... */ SET PROFILE(USER) DIVISION(CERTDATA) CONNECT CERTDATA(CERTAUTH.&ITRMZWCA.) - - RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) + RINGNAME({zowe.setup.certificate.keyring.name}) - + KEYRING({zowe.setup.security.users.zowe}.ZOWERING) USAGE(CERTAUTH) * CONNECT CERTDATA(CERTAUTH.&ROOTZWCA.) - - RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) + RINGNAME({zowe.setup.certificate.keyring.name}) - + KEYRING({zowe.setup.security.users.zowe}.ZOWERING) USAGE(CERTAUTH) $$ //IFZWCAED ENDIF //* @@ -171,9 +150,9 @@ ACF * authority (CA) with the keyring ................................. */ SET PROFILE(USER) DIVISION(CERTDATA) CONNECT - - CERTDATA(CERTAUTH.{zowe.setup.certificate.keyring.zOSMF.ca}.) - - RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - + CERTDATA(CERTAUTH.{zowe.setup.certificate.keyring.zOSMF.ca}) - + RINGNAME({zowe.setup.certificate.keyring.name}) - + KEYRING({zowe.setup.security.users.zowe}.ZOWERING) - USAGE(CERTAUTH) $$ //IFZFCAED ENDIF @@ -201,7 +180,7 @@ ACF * * List the keyring ................................................ */ SET PROFILE(USER) DIVISION(KEYRING) - LIST {zowe.setup.security.users.zowe}..ZOWERING + LIST {zowe.setup.security.users.zowe}.ZOWERING * Common part - END ............................................... */ $$ //* diff --git a/files/SZWESAMP/ZWEIKRA3 b/files/SZWESAMP/ZWEIKRA3 index a971eb141b..1d646a558d 100644 --- a/files/SZWESAMP/ZWEIKRA3 +++ b/files/SZWESAMP/ZWEIKRA3 @@ -11,28 +11,11 @@ //* //********************************************************************* //* -//* Zowe Open Source Project //* This JCL can be used to define key ring and certificates for Zowe //* -//********************************************************************* //* ATTENTION! -//* Configure certificate for Zowe -//* Select one of three options which is the most suitable for your -//* environment and follow the appropriate action -//* -//* Options: -//* 1. (default option) Generate Zowe's certificate that will be -//* signed by the Zowe's local CA -//* -//* 2. Zowe's certificate is already loaded in RACF database -//* ACTION: -//* a. modify the following snippet -//* CONNECT(SITE | ID(userid) + -//* LABEL('certlabel') + -//* to match the owner of the desired certificate -//* -//* 3. Import external Zowe's certificate from a data set in PKCS12 -//* format +//* Each ZWEIKR JCL is for different ESM and Keyring options. +// This one is for importing a PKCS12 certificate from a data set. //* //********************************************************************* //* @@ -73,8 +56,7 @@ //* 2. Assumption: signing CA chain of the Zowe external certificate is //* added to the security database under the CERTAUTH userid. //* -//* 3. If the Zowe certificate is imported from a data set then -//* the certificate has to be in PKCS12 format and has to +//* 3. The imported PKCS12-formatted data set has to //* contain Zowe certificate's signing CA chain and private key. //* //* 4. This job WILL complete with return code 0. @@ -117,8 +99,8 @@ ACF // * Create the keyring .............................................. */ SET PROFILE(USER) DIVISION(KEYRING) - INSERT {zowe.setup.security.users.zowe}..ZOWERING + - RINGNAME({zowe.setup.certificate.keyring.name}.) + INSERT {zowe.setup.security.users.zowe}.ZOWERING + + RINGNAME({zowe.setup.certificate.keyring.name}) F ACF2,REBUILD(USR),CLASS(P),DIVISION(KEYRING) $$ //* @@ -131,18 +113,18 @@ ACF * Option 3 - BEGINNING ............................................ */ * Import external certificate from data set ....................... */ SET PROFILE(USER) DIV(CERTDATA) - INSERT {zowe.setup.security.users.zowe}..ZOWECERT - - DSNAME('{zowe.setup.certificate.keyring.import.dsName}.') - + INSERT {zowe.setup.security.users.zowe}.ZOWECERT - + DSNAME('{zowe.setup.certificate.keyring.import.dsName}') - LABEL(&LABEL.) - - PASSWORD('{zowe.setup.certificate.keyring.import.password}.') - + PASSWORD('{zowe.setup.certificate.keyring.import.password}') - TRUST * * Connect a Zowe's certificate with the keyring ................... */ SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA({zowe.setup.security.users.zowe}..ZOWECERT) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - + CONNECT CERTDATA({zowe.setup.security.users.zowe}.ZOWECERT) - + KEYRING({zowe.setup.security.users.zowe}.ZOWERING) - USAGE(PERSONAL) DEFAULT - CHKCERT {zowe.setup.security.users.zowe}..ZOWECERT + CHKCERT {zowe.setup.security.users.zowe}.ZOWECERT * * Option 3 - END .................................................. */ $$ @@ -158,12 +140,12 @@ ACF * keyring ......................................................... */ SET PROFILE(USER) DIVISION(CERTDATA) CONNECT CERTDATA(CERTAUTH.&ITRMZWCA.) - - RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) + RINGNAME({zowe.setup.certificate.keyring.name}) - + KEYRING({zowe.setup.security.users.zowe}.ZOWERING) USAGE(CERTAUTH) * CONNECT CERTDATA(CERTAUTH.&ROOTZWCA.) - - RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) USAGE(CERTAUTH) + RINGNAME({zowe.setup.certificate.keyring.name}) - + KEYRING({zowe.setup.security.users.zowe}.ZOWERING) USAGE(CERTAUTH) $$ //IFZWCAED ENDIF //* @@ -178,9 +160,9 @@ ACF * authority (CA) with the keyring ................................. */ SET PROFILE(USER) DIVISION(CERTDATA) CONNECT - - CERTDATA(CERTAUTH.{zowe.setup.certificate.keyring.zOSMF.ca}.) - - RINGNAME({zowe.setup.certificate.keyring.name}.) - - KEYRING({zowe.setup.security.users.zowe}..ZOWERING) - + CERTDATA(CERTAUTH.{zowe.setup.certificate.keyring.zOSMF.ca}) - + RINGNAME({zowe.setup.certificate.keyring.name}) - + KEYRING({zowe.setup.security.users.zowe}.ZOWERING) - USAGE(CERTAUTH) $$ //IFZFCAED ENDIF @@ -208,7 +190,7 @@ ACF * * List the keyring ................................................ */ SET PROFILE(USER) DIVISION(KEYRING) - LIST {zowe.setup.security.users.zowe}..ZOWERING + LIST {zowe.setup.security.users.zowe}.ZOWERING * Common part - END ............................................... */ $$ //* diff --git a/files/SZWESAMP/ZWEIKRR1 b/files/SZWESAMP/ZWEIKRR1 index 7c74d618b0..ec7c0be3ef 100644 --- a/files/SZWESAMP/ZWEIKRR1 +++ b/files/SZWESAMP/ZWEIKRR1 @@ -11,28 +11,12 @@ //* //********************************************************************* //* -//* Zowe Open Source Project //* This JCL can be used to define key ring and certificates for Zowe //* -//********************************************************************* //* ATTENTION! -//* Configure certificate for Zowe -//* Select one of three options which is the most suitable for your -//* environment and follow the appropriate action -//* -//* Options: -//* 1. (default option) Generate Zowe's certificate that will be -//* signed by the Zowe's local CA -//* -//* 2. Zowe's certificate is already loaded in RACF database -//* ACTION: -//* a. modify the following snippet -//* CONNECT(SITE | ID(userid) + -//* LABEL('certlabel') + -//* to match the owner of the desired certificate -//* -//* 3. Import external Zowe's certificate from a data set in PKCS12 -//* format +//* Each ZWEIKR JCL is for different ESM and Keyring options. +//* This one is for generating new certificates +//* Signed by a Zowe-generated local certificate authority (CA) //* //********************************************************************* //* @@ -73,11 +57,7 @@ //* 2. Assumption: signing CA chain of the Zowe external certificate is //* added to the security database under the CERTAUTH userid. //* -//* 3. If the Zowe certificate is imported from a data set then -//* the certificate has to be in PKCS12 format and has to -//* contain Zowe certificate's signing CA chain and private key. -//* -//* 4. This job WILL complete with return code 0. +//* 3. This job WILL complete with return code 0. //* The results of each command must be verified after completion. //* //********************************************************************* @@ -115,8 +95,8 @@ //RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Create the keyring .............................................. */ - RACDCERT ADDRING({zowe.setup.certificate.keyring.name}.) + - ID({zowe.setup.security.users.zowe}.) + RACDCERT ADDRING({zowe.setup.certificate.keyring.name}) + + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(DIGTRING) REFRESH $$ //RUNOPT1 EXEC PGM=IKJEFT01,REGION=0M @@ -129,11 +109,11 @@ $$ RACDCERT GENCERT CERTAUTH + SUBJECTSDN( + CN('{zowe.setup.certificate.dname}. CA') + - OU('{zowe.setup.certificate.dname.orgUnit}.') + - O('{zowe.setup.certificate.dname.org}.') + - L('{zowe.setup.certificate.dname.locality}.') + - SP('{zowe.setup.certificate.dname.state}.') + - C('{zowe.setup.certificate.dname.country}.')) + + OU('{zowe.setup.certificate.dname.orgUnit}') + + O('{zowe.setup.certificate.dname.org}') + + L('{zowe.setup.certificate.dname.locality}') + + SP('{zowe.setup.certificate.dname.state}') + + C('{zowe.setup.certificate.dname.country}')) + SIZE(2048) + NOTAFTER(DATE(2030-05-01)) + WITHLABEL('{zowe.setup.certificate.keyring.caLabel}') + @@ -142,21 +122,21 @@ $$ /* Connect Zowe's local CA authority to the keyring ................ */ RACDCERT CONNECT(CERTAUTH + LABEL('{zowe.setup.certificate.keyring.caLabel}') + - RING({zowe.setup.certificate.keyring.name}.)) + - ID({zowe.setup.security.users.zowe}.) + RING({zowe.setup.certificate.keyring.name})) + + ID({zowe.setup.security.users.zowe}) /* Create a certificate signed by local zowe's CA .................. */ - RACDCERT GENCERT ID({zowe.setup.security.users.zowe}.) + + RACDCERT GENCERT ID({zowe.setup.security.users.zowe}) + SUBJECTSDN( + CN('{zowe.setup.certificate.dname}. certificate') + - OU('{zowe.setup.certificate.dname.orgUnit}.') + - O('{zowe.setup.certificate.dname.org}.') + - L('{zowe.setup.certificate.dname.locality}.') + - SP('{zowe.setup.certificate.dname.state}.') + - C('{zowe.setup.certificate.dname.country}.')) + + OU('{zowe.setup.certificate.dname.orgUnit}') + + O('{zowe.setup.certificate.dname.org}') + + L('{zowe.setup.certificate.dname.locality}') + + SP('{zowe.setup.certificate.dname.state}') + + C('{zowe.setup.certificate.dname.country}')) + SIZE(2048) + NOTAFTER(DATE(2030-05-01)) + - WITHLABEL('{zowe.setup.certificate.keyring.label}.') + + WITHLABEL('{zowe.setup.certificate.keyring.label}') + KEYUSAGE(HANDSHAKE) + ALTNAME(IP(&IPADDRES) + DOMAIN('{zowe.externalDomains.0}')) + @@ -164,11 +144,11 @@ $$ LABEL('{zowe.setup.certificate.keyring.caLabel}')) /* Connect a Zowe's certificate with the keyring ................... */ - RACDCERT CONNECT(ID({zowe.setup.security.users.zowe}.) + - LABEL('{zowe.setup.certificate.keyring.label}.') + - RING({zowe.setup.certificate.keyring.name}.) + + RACDCERT CONNECT(ID({zowe.setup.security.users.zowe}) + + LABEL('{zowe.setup.certificate.keyring.label}') + + RING({zowe.setup.certificate.keyring.name}) + USAGE(PERSONAL) DEFAULT) + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH @@ -184,15 +164,15 @@ $$ /* keyring ......................................................... */ RACDCERT CONNECT(CERTAUTH + LABEL('&ITRMZWCA.') + - RING({zowe.setup.certificate.keyring.name}.) + + RING({zowe.setup.certificate.keyring.name}) + USAGE(CERTAUTH)) + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) RACDCERT CONNECT(CERTAUTH + LABEL('&ROOTZWCA.') + - RING({zowe.setup.certificate.keyring.name}.) + + RING({zowe.setup.certificate.keyring.name}) + USAGE(CERTAUTH)) + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH $$ @@ -207,10 +187,10 @@ $$ /* Connect the z/OSMF root CA signed by a recognized certificate ... */ /* authority (CA) with the keyring ................................. */ RACDCERT CONNECT(CERTAUTH + - LABEL('{zowe.setup.certificate.keyring.zOSMF.ca}.') + - RING({zowe.setup.certificate.keyring.name}.) + + LABEL('{zowe.setup.certificate.keyring.zOSMF.ca}') + + RING({zowe.setup.certificate.keyring.name}) + USAGE(CERTAUTH)) + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH $$ @@ -231,18 +211,18 @@ $$ /* Define profiles that control certificate access ................. */ RDEFINE RDATALIB + - &USERNAME..{zowe.setup.certificate.keyring.name}..LST + + &USERNAME..{zowe.setup.certificate.keyring.name}.LST + UACC(NONE) /* Permit server user ID to access key ring and related ............ */ /* private keys. ................................................... */ PERMIT + - &USERNAME..{zowe.setup.certificate.keyring.name}..LST + - CLASS(RDATALIB) ID({zowe.setup.security.users.zowe}.) + + &USERNAME..{zowe.setup.certificate.keyring.name}.LST + + CLASS(RDATALIB) ID({zowe.setup.security.users.zowe}) + ACCESS(CONTROL) /* Uncomment this command to allow other user to access key ring ... */ -/* PERMIT &USERNAME..{zowe.setup.certificate.keyring.name}..LST + */ +/* PERMIT &USERNAME..{zowe.setup.certificate.keyring.name}.LST + */ /* CLASS(RDATALIB) ID() + */ /* ACCESS(READ) */ @@ -256,29 +236,29 @@ $$ /* PERMIT commands will fail if the IRR.DIGTCERT profiles do not ... */ /* already exist. .................................................. */ PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) + - ID({zowe.setup.security.users.zowe}.) + + ID({zowe.setup.security.users.zowe}) + ACCESS(READ) PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) + - ID({zowe.setup.security.users.zowe}.) + + ID({zowe.setup.security.users.zowe}) + ACCESS(READ) /* Uncomment this command if SITE user owns the Zowe certificate ... */ /* PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) */ -/* ID({zowe.setup.security.users.zowe}.) + */ +/* ID({zowe.setup.security.users.zowe}) + */ /* ACCESS(CONTROL) */ SETROPTS RACLIST(FACILITY) REFRESH /* show results .................................................... */ RLIST RDATALIB + - &USERNAME..{zowe.setup.certificate.keyring.name}..LST ALL + &USERNAME..{zowe.setup.certificate.keyring.name}.LST ALL RLIST FACILITY IRR.DIGTCERT.LISTRING ALL RLIST FACILITY IRR.DIGTCERT.LIST ALL RLIST FACILITY IRR.DIGTCERT.GENCERT ALL /* List the keyring ................................................ */ - RACDCERT LISTRING({zowe.setup.certificate.keyring.name}.) + - ID({zowe.setup.security.users.zowe}.) + RACDCERT LISTRING({zowe.setup.certificate.keyring.name}) + + ID({zowe.setup.security.users.zowe}) /* Common part - END ............................................... */ /* only the last RC is returned, this command ensures it is a 0 .... */ diff --git a/files/SZWESAMP/ZWEIKRR2 b/files/SZWESAMP/ZWEIKRR2 index b2083d0829..a6298b11be 100644 --- a/files/SZWESAMP/ZWEIKRR2 +++ b/files/SZWESAMP/ZWEIKRR2 @@ -11,28 +11,11 @@ //* //********************************************************************* //* -//* Zowe Open Source Project //* This JCL can be used to define key ring and certificates for Zowe //* -//********************************************************************* //* ATTENTION! -//* Configure certificate for Zowe -//* Select one of three options which is the most suitable for your -//* environment and follow the appropriate action -//* -//* Options: -//* 1. (default option) Generate Zowe's certificate that will be -//* signed by the Zowe's local CA -//* -//* 2. Zowe's certificate is already loaded in RACF database -//* ACTION: -//* a. modify the following snippet -//* CONNECT(SITE | ID(userid) + -//* LABEL('certlabel') + -//* to match the owner of the desired certificate -//* -//* 3. Import external Zowe's certificate from a data set in PKCS12 -//* format +//* Each ZWEIKR JCL is for different ESM and Keyring options. +//* This one is for connecting a certificate already in the ESM DB. //* //********************************************************************* //* @@ -73,11 +56,7 @@ //* 2. Assumption: signing CA chain of the Zowe external certificate is //* added to the security database under the CERTAUTH userid. //* -//* 3. If the Zowe certificate is imported from a data set then -//* the certificate has to be in PKCS12 format and has to -//* contain Zowe certificate's signing CA chain and private key. -//* -//* 4. This job WILL complete with return code 0. +//* 3. This job WILL complete with return code 0. //* The results of each command must be verified after completion. //* //********************************************************************* @@ -119,8 +98,8 @@ //RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Create the keyring .............................................. */ - RACDCERT ADDRING({zowe.setup.certificate.keyring.name}.) + - ID({zowe.setup.security.users.zowe}.) + RACDCERT ADDRING({zowe.setup.certificate.keyring.name}) + + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(DIGTRING) REFRESH $$ //* @@ -134,9 +113,9 @@ $$ RACDCERT CONNECT(SITE | + ID({zowe.setup.certificate.keyring.connect.user}) + LABEL({zowe.setup.certificate.keyring.connect.label}) + - RING({zowe.setup.certificate.keyring.name}.) + + RING({zowe.setup.certificate.keyring.name}) + USAGE(PERSONAL) DEFAULT) + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH @@ -152,15 +131,15 @@ $$ /* keyring ......................................................... */ RACDCERT CONNECT(CERTAUTH + LABEL('&ITRMZWCA.') + - RING({zowe.setup.certificate.keyring.name}.) + + RING({zowe.setup.certificate.keyring.name}) + USAGE(CERTAUTH)) + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) RACDCERT CONNECT(CERTAUTH + LABEL('&ROOTZWCA.') + - RING({zowe.setup.certificate.keyring.name}.) + + RING({zowe.setup.certificate.keyring.name}) + USAGE(CERTAUTH)) + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH $$ @@ -175,10 +154,10 @@ $$ /* Connect the z/OSMF root CA signed by a recognized certificate ... */ /* authority (CA) with the keyring ................................. */ RACDCERT CONNECT(CERTAUTH + - LABEL('{zowe.setup.certificate.keyring.zOSMF.ca}.') + - RING({zowe.setup.certificate.keyring.name}.) + + LABEL('{zowe.setup.certificate.keyring.zOSMF.ca}') + + RING({zowe.setup.certificate.keyring.name}) + USAGE(CERTAUTH)) + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH $$ @@ -199,18 +178,18 @@ $$ /* Define profiles that control certificate access ................. */ RDEFINE RDATALIB + - &USERNAME..{zowe.setup.certificate.keyring.name}..LST + + &USERNAME..{zowe.setup.certificate.keyring.name}.LST + UACC(NONE) /* Permit server user ID to access key ring and related ............ */ /* private keys. ................................................... */ PERMIT + - &USERNAME..{zowe.setup.certificate.keyring.name}..LST + - CLASS(RDATALIB) ID({zowe.setup.security.users.zowe}.) + + &USERNAME..{zowe.setup.certificate.keyring.name}.LST + + CLASS(RDATALIB) ID({zowe.setup.security.users.zowe}) + ACCESS(CONTROL) /* Uncomment this command to allow other user to access key ring ... */ -/* PERMIT &USERNAME..{zowe.setup.certificate.keyring.name}..LST + */ +/* PERMIT &USERNAME..{zowe.setup.certificate.keyring.name}.LST + */ /* CLASS(RDATALIB) ID() + */ /* ACCESS(READ) */ @@ -224,29 +203,29 @@ $$ /* PERMIT commands will fail if the IRR.DIGTCERT profiles do not ... */ /* already exist. .................................................. */ PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) + - ID({zowe.setup.security.users.zowe}.) + + ID({zowe.setup.security.users.zowe}) + ACCESS(READ) PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) + - ID({zowe.setup.security.users.zowe}.) + + ID({zowe.setup.security.users.zowe}) + ACCESS(READ) /* Uncomment this command if SITE user owns the Zowe certificate ... */ /* PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) */ -/* ID({zowe.setup.security.users.zowe}.) + */ +/* ID({zowe.setup.security.users.zowe}) + */ /* ACCESS(CONTROL) */ SETROPTS RACLIST(FACILITY) REFRESH /* show results .................................................... */ RLIST RDATALIB + - &USERNAME..{zowe.setup.certificate.keyring.name}..LST ALL + &USERNAME..{zowe.setup.certificate.keyring.name}.LST ALL RLIST FACILITY IRR.DIGTCERT.LISTRING ALL RLIST FACILITY IRR.DIGTCERT.LIST ALL RLIST FACILITY IRR.DIGTCERT.GENCERT ALL /* List the keyring ................................................ */ - RACDCERT LISTRING({zowe.setup.certificate.keyring.name}.) + - ID({zowe.setup.security.users.zowe}.) + RACDCERT LISTRING({zowe.setup.certificate.keyring.name}) + + ID({zowe.setup.security.users.zowe}) /* Common part - END ............................................... */ /* only the last RC is returned, this command ensures it is a 0 .... */ diff --git a/files/SZWESAMP/ZWEIKRR3 b/files/SZWESAMP/ZWEIKRR3 index a9c98be34b..7280cc194c 100644 --- a/files/SZWESAMP/ZWEIKRR3 +++ b/files/SZWESAMP/ZWEIKRR3 @@ -14,25 +14,9 @@ //* Zowe Open Source Project //* This JCL can be used to define key ring and certificates for Zowe //* -//********************************************************************* //* ATTENTION! -//* Configure certificate for Zowe -//* Select one of three options which is the most suitable for your -//* environment and follow the appropriate action -//* -//* Options: -//* 1. (default option) Generate Zowe's certificate that will be -//* signed by the Zowe's local CA -//* -//* 2. Zowe's certificate is already loaded in RACF database -//* ACTION: -//* a. modify the following snippet -//* CONNECT(SITE | ID(userid) + -//* LABEL('certlabel') + -//* to match the owner of the desired certificate -//* -//* 3. Import external Zowe's certificate from a data set in PKCS12 -//* format +//* Each ZWEIKR JCL is for different ESM and Keyring options. +// This one is for importing a PKCS12 certificate from a data set. //* //********************************************************************* //* @@ -73,8 +57,7 @@ //* 2. Assumption: signing CA chain of the Zowe external certificate is //* added to the security database under the CERTAUTH userid. //* -//* 3. If the Zowe certificate is imported from a data set then -//* the certificate has to be in PKCS12 format and has to +//* 3. The imported PKCS12-formatted data set has to //* contain Zowe certificate's signing CA chain and private key. //* //* 4. This job WILL complete with return code 0. @@ -115,8 +98,8 @@ //RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Create the keyring .............................................. */ - RACDCERT ADDRING({zowe.setup.certificate.keyring.name}.) + - ID({zowe.setup.security.users.zowe}.) + RACDCERT ADDRING({zowe.setup.certificate.keyring.name}) + + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(DIGTRING) REFRESH $$ //* @@ -127,18 +110,18 @@ $$ /* Option 3 - BEGINNING ............................................ */ /* Import external certificate from data set ....................... */ - RACDCERT ADD('{zowe.setup.certificate.keyring.import.dsName}.') + - ID({zowe.setup.security.users.zowe}.) + + RACDCERT ADD('{zowe.setup.certificate.keyring.import.dsName}') + + ID({zowe.setup.security.users.zowe}) + WITHLABEL('{zowe.setup.certificate.keyring.label}') + - PASSWORD('{zowe.setup.certificate.keyring.import.password}.') + + PASSWORD('{zowe.setup.certificate.keyring.import.password}') + TRUST /* Connect a Zowe's certificate with the keyring ................... */ - RACDCERT CONNECT(ID({zowe.setup.security.users.zowe}.) + + RACDCERT CONNECT(ID({zowe.setup.security.users.zowe}) + LABEL('{zowe.setup.certificate.keyring.label}') + - RING({zowe.setup.certificate.keyring.name}.) + + RING({zowe.setup.certificate.keyring.name}) + USAGE(PERSONAL) DEFAULT) + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH @@ -155,15 +138,15 @@ $$ /* keyring ......................................................... */ RACDCERT CONNECT(CERTAUTH + LABEL('&ITRMZWCA.') + - RING({zowe.setup.certificate.keyring.name}.) + + RING({zowe.setup.certificate.keyring.name}) + USAGE(CERTAUTH)) + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) RACDCERT CONNECT(CERTAUTH + LABEL('&ROOTZWCA.') + - RING({zowe.setup.certificate.keyring.name}.) + + RING({zowe.setup.certificate.keyring.name}) + USAGE(CERTAUTH)) + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH $$ @@ -178,10 +161,10 @@ $$ /* Connect the z/OSMF root CA signed by a recognized certificate ... */ /* authority (CA) with the keyring ................................. */ RACDCERT CONNECT(CERTAUTH + - LABEL('{zowe.setup.certificate.keyring.zOSMF.ca}.') + - RING({zowe.setup.certificate.keyring.name}.) + + LABEL('{zowe.setup.certificate.keyring.zOSMF.ca}') + + RING({zowe.setup.certificate.keyring.name}) + USAGE(CERTAUTH)) + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH $$ @@ -202,18 +185,18 @@ $$ /* Define profiles that control certificate access ................. */ RDEFINE RDATALIB + - &USERNAME..{zowe.setup.certificate.keyring.name}..LST + + &USERNAME..{zowe.setup.certificate.keyring.name}.LST + UACC(NONE) /* Permit server user ID to access key ring and related ............ */ /* private keys. ................................................... */ PERMIT + - &USERNAME..{zowe.setup.certificate.keyring.name}..LST + - CLASS(RDATALIB) ID({zowe.setup.security.users.zowe}.) + + &USERNAME..{zowe.setup.certificate.keyring.name}.LST + + CLASS(RDATALIB) ID({zowe.setup.security.users.zowe}) + ACCESS(CONTROL) /* Uncomment this command to allow other user to access key ring ... */ -/* PERMIT &USERNAME..{zowe.setup.certificate.keyring.name}..LST + */ +/* PERMIT &USERNAME..{zowe.setup.certificate.keyring.name}.LST + */ /* CLASS(RDATALIB) ID() + */ /* ACCESS(READ) */ @@ -227,29 +210,29 @@ $$ /* PERMIT commands will fail if the IRR.DIGTCERT profiles do not ... */ /* already exist. .................................................. */ PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) + - ID({zowe.setup.security.users.zowe}.) + + ID({zowe.setup.security.users.zowe}) + ACCESS(READ) PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) + - ID({zowe.setup.security.users.zowe}.) + + ID({zowe.setup.security.users.zowe}) + ACCESS(READ) /* Uncomment this command if SITE user owns the Zowe certificate ... */ /* PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) */ -/* ID({zowe.setup.security.users.zowe}.) + */ +/* ID({zowe.setup.security.users.zowe}) + */ /* ACCESS(CONTROL) */ SETROPTS RACLIST(FACILITY) REFRESH /* show results .................................................... */ RLIST RDATALIB + - &USERNAME..{zowe.setup.certificate.keyring.name}..LST ALL + &USERNAME..{zowe.setup.certificate.keyring.name}.LST ALL RLIST FACILITY IRR.DIGTCERT.LISTRING ALL RLIST FACILITY IRR.DIGTCERT.LIST ALL RLIST FACILITY IRR.DIGTCERT.GENCERT ALL /* List the keyring ................................................ */ - RACDCERT LISTRING({zowe.setup.certificate.keyring.name}.) + - ID({zowe.setup.security.users.zowe}.) + RACDCERT LISTRING({zowe.setup.certificate.keyring.name}) + + ID({zowe.setup.security.users.zowe}) /* Common part - END ............................................... */ /* only the last RC is returned, this command ensures it is a 0 .... */ diff --git a/files/SZWESAMP/ZWEIKRT1 b/files/SZWESAMP/ZWEIKRT1 index d6de622ff2..06cedec321 100644 --- a/files/SZWESAMP/ZWEIKRT1 +++ b/files/SZWESAMP/ZWEIKRT1 @@ -11,28 +11,12 @@ //* //********************************************************************* //* -//* Zowe Open Source Project //* This JCL can be used to define key ring and certificates for Zowe //* -//********************************************************************* //* ATTENTION! -//* Configure certificate for Zowe -//* Select one of three options which is the most suitable for your -//* environment and follow the appropriate action -//* -//* Options: -//* 1. (default option) Generate Zowe's certificate that will be -//* signed by the Zowe's local CA -//* -//* 2. Zowe's certificate is already loaded in RACF database -//* ACTION: -//* a. modify the following snippet -//* CONNECT(SITE | ID(userid) + -//* LABEL('certlabel') + -//* to match the owner of the desired certificate -//* -//* 3. Import external Zowe's certificate from a data set in PKCS12 -//* format +//* Each ZWEIKR JCL is for different ESM and Keyring options. +//* This one is for generating new certificates +//* Signed by a Zowe-generated local certificate authority (CA) //* //********************************************************************* //* @@ -73,11 +57,7 @@ //* 2. Assumption: signing CA chain of the Zowe external certificate is //* added to the security database under the CERTAUTH userid. //* -//* 3. If the Zowe certificate is imported from a data set then -//* the certificate has to be in PKCS12 format and has to -//* contain Zowe certificate's signing CA chain and private key. -//* -//* 4. This job WILL complete with return code 0. +//* 3. This job WILL complete with return code 0. //* The results of each command must be verified after completion. //* //********************************************************************* @@ -115,8 +95,8 @@ //TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Create the keyring .............................................. */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) $$ //RUNOPT1 EXEC PGM=IKJEFT01,REGION=0M //SYSTSPRT DD SYSOUT=* @@ -139,12 +119,12 @@ $$ KEYUSAGE('CERTSIGN') /* Connect Zowe's local CA authority to the keyring ................ */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) + RINGDATA(CERTAUTH,ZOWECA) /* Create a certificate signed by local zowe's CA .................. */ - TSS GENCERT({zowe.setup.security.users.zowe}.) + + TSS GENCERT({zowe.setup.security.users.zowe}) + DIGICERT(ZOWECERT) + SUBJECTN( + 'CN="{zowe.setup.certificate.dname}. certificate" + @@ -155,13 +135,13 @@ $$ C="{zowe.setup.certificate.dname.country}." ') + KEYSIZE(2048) + NADATE(05/01/30) + - LABLCERT({zowe.setup.certificate.keyring.label}.) + + LABLCERT({zowe.setup.certificate.keyring.label}) + KEYUSAGE('HANDSHAKE') + ALTNAME('DOMAIN={zowe.externalDomains.0}') + SIGNWITH(CERTAUTH,ZOWECA) /* Connect a Zowe's certificate with the keyring ................... */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + RINGDATA({zowe.setup.security.users.zowe}.,ZOWECERT) + USAGE(PERSONAL) DEFAULT @@ -176,12 +156,12 @@ $$ /* Connect all CAs of the Zowe certificate's signing chain with the */ /* keyring ......................................................... */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) + RINGDATA(CERTAUTH,&ITRMZWCA.) USAGE(CERTAUTH) - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) + RINGDATA(CERTAUTH,&ROOTZWCA.) USAGE(CERTAUTH) $$ //IFZWCAED ENDIF @@ -194,9 +174,9 @@ $$ /* Connect the z/OSMF root CA signed by a recognized certificate ... */ /* authority (CA) with the keyring ................................. */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + - RINGDATA(CERTAUTH,{zowe.setup.certificate.keyring.zOSMF.ca}.) + + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) + + RINGDATA(CERTAUTH,{zowe.setup.certificate.keyring.zOSMF.ca}) + USAGE(CERTAUTH) $$ //IFZFCAED ENDIF @@ -209,16 +189,16 @@ $$ /* A common part for all options starts here ....................... */ /* Allow ZOWEUSER to access keyring ................................ */ - TSS PERMIT({zowe.setup.security.users.zowe}.) + + TSS PERMIT({zowe.setup.security.users.zowe}) + IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) /* Uncomment this command if SITE acid owns the Zowe certificate ... */ -/* TSS PERMIT({zowe.setup.security.users.zowe}.) + +/* TSS PERMIT({zowe.setup.security.users.zowe}) + IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) /* List the keyring ................................................ */ - TSS LIST({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + TSS LIST({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) /* Common part - END ............................................... */ /* only the last RC is returned, this command ensures it is a 0 */ diff --git a/files/SZWESAMP/ZWEIKRT2 b/files/SZWESAMP/ZWEIKRT2 index 4c78a78d8e..c24bf4d509 100644 --- a/files/SZWESAMP/ZWEIKRT2 +++ b/files/SZWESAMP/ZWEIKRT2 @@ -11,28 +11,11 @@ //* //********************************************************************* //* -//* Zowe Open Source Project //* This JCL can be used to define key ring and certificates for Zowe //* -//********************************************************************* //* ATTENTION! -//* Configure certificate for Zowe -//* Select one of three options which is the most suitable for your -//* environment and follow the appropriate action -//* -//* Options: -//* 1. (default option) Generate Zowe's certificate that will be -//* signed by the Zowe's local CA -//* -//* 2. Zowe's certificate is already loaded in RACF database -//* ACTION: -//* a. modify the following snippet -//* CONNECT(SITE | ID(userid) + -//* LABEL('certlabel') + -//* to match the owner of the desired certificate -//* -//* 3. Import external Zowe's certificate from a data set in PKCS12 -//* format +//* Each ZWEIKR JCL is for different ESM and Keyring options. +//* This one is for connecting a certificate already in the ESM DB. //* //********************************************************************* //* @@ -73,11 +56,7 @@ //* 2. Assumption: signing CA chain of the Zowe external certificate is //* added to the security database under the CERTAUTH userid. //* -//* 3. If the Zowe certificate is imported from a data set then -//* the certificate has to be in PKCS12 format and has to -//* contain Zowe certificate's signing CA chain and private key. -//* -//* 4. This job WILL complete with return code 0. +//* 3. This job WILL complete with return code 0. //* The results of each command must be verified after completion. //* //********************************************************************* @@ -115,8 +94,8 @@ //TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Create the keyring .............................................. */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) $$ //* //IFOPT2 IF (&OPTION EQ 2) THEN @@ -127,7 +106,7 @@ $$ /* Option 2 - BEGINNING ............................................ */ /* Connect a Zowe's certificate with the keyring ................... */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + RINGDATA(CERTSITE|userid,digicert) + USAGE(PERSONAL) DEFAULT @@ -143,12 +122,12 @@ $$ /* Connect all CAs of the Zowe certificate's signing chain with the */ /* keyring ......................................................... */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) + RINGDATA(CERTAUTH,&ITRMZWCA.) USAGE(CERTAUTH) - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) + RINGDATA(CERTAUTH,&ROOTZWCA.) USAGE(CERTAUTH) $$ //IFZWCAED ENDIF @@ -161,9 +140,9 @@ $$ /* Connect the z/OSMF root CA signed by a recognized certificate ... */ /* authority (CA) with the keyring ................................. */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + - RINGDATA(CERTAUTH,{zowe.setup.certificate.keyring.zOSMF.ca}.) + + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) + + RINGDATA(CERTAUTH,{zowe.setup.certificate.keyring.zOSMF.ca}) + USAGE(CERTAUTH) $$ //IFZFCAED ENDIF @@ -176,16 +155,16 @@ $$ /* A common part for all options starts here ....................... */ /* Allow ZOWEUSER to access keyring ................................ */ - TSS PERMIT({zowe.setup.security.users.zowe}.) + + TSS PERMIT({zowe.setup.security.users.zowe}) + IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) /* Uncomment this command if SITE acid owns the Zowe certificate ... */ -/* TSS PERMIT({zowe.setup.security.users.zowe}.) + +/* TSS PERMIT({zowe.setup.security.users.zowe}) + IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) /* List the keyring ................................................ */ - TSS LIST({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + TSS LIST({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) /* Common part - END ............................................... */ /* only the last RC is returned, this command ensures it is a 0 */ diff --git a/files/SZWESAMP/ZWEIKRT3 b/files/SZWESAMP/ZWEIKRT3 index 24d0f54c43..b12a8b0c08 100644 --- a/files/SZWESAMP/ZWEIKRT3 +++ b/files/SZWESAMP/ZWEIKRT3 @@ -11,28 +11,11 @@ //* //********************************************************************* //* -//* Zowe Open Source Project //* This JCL can be used to define key ring and certificates for Zowe //* -//********************************************************************* //* ATTENTION! -//* Configure certificate for Zowe -//* Select one of three options which is the most suitable for your -//* environment and follow the appropriate action -//* -//* Options: -//* 1. (default option) Generate Zowe's certificate that will be -//* signed by the Zowe's local CA -//* -//* 2. Zowe's certificate is already loaded in RACF database -//* ACTION: -//* a. modify the following snippet -//* CONNECT(SITE | ID(userid) + -//* LABEL('certlabel') + -//* to match the owner of the desired certificate -//* -//* 3. Import external Zowe's certificate from a data set in PKCS12 -//* format +//* Each ZWEIKR JCL is for different ESM and Keyring options. +// This one is for importing a PKCS12 certificate from a data set. //* //********************************************************************* //* @@ -73,8 +56,7 @@ //* 2. Assumption: signing CA chain of the Zowe external certificate is //* added to the security database under the CERTAUTH userid. //* -//* 3. If the Zowe certificate is imported from a data set then -//* the certificate has to be in PKCS12 format and has to +//* 3. The imported PKCS12-formatted data set has to //* contain Zowe certificate's signing CA chain and private key. //* //* 4. This job WILL complete with return code 0. @@ -115,8 +97,8 @@ //TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Create the keyring .............................................. */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) $$ //RUNOPT3 EXEC PGM=IKJEFT01,REGION=0M //SYSTSPRT DD SYSOUT=* @@ -125,15 +107,15 @@ $$ /* Option 3 - BEGINNING ............................................ */ /* Import external certificate from data set ....................... */ - TSS ADD({zowe.setup.security.users.zowe}.) + + TSS ADD({zowe.setup.security.users.zowe}) + DIGICERT(ZOWECERT) + - DCDSN({zowe.setup.certificate.keyring.import.dsName}.) + - LABLCERT({zowe.setup.certificate.keyring.label}.) + - PKCSPASS('{zowe.setup.certificate.keyring.import.password}.') + + DCDSN({zowe.setup.certificate.keyring.import.dsName}) + + LABLCERT({zowe.setup.certificate.keyring.label}) + + PKCSPASS('{zowe.setup.certificate.keyring.import.password}') + TRUST /* Connect a Zowe's certificate with the keyring ................... */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + RINGDATA({zowe.setup.security.users.zowe}.,ZOWECERT) + USAGE(PERSONAL) DEFAULT @@ -149,12 +131,12 @@ $$ /* Connect all CAs of the Zowe certificate's signing chain with the */ /* keyring ......................................................... */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) + RINGDATA(CERTAUTH,&ITRMZWCA.) USAGE(CERTAUTH) - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) + RINGDATA(CERTAUTH,&ROOTZWCA.) USAGE(CERTAUTH) $$ //* @@ -166,9 +148,9 @@ $$ /* Connect the z/OSMF root CA signed by a recognized certificate ... */ /* authority (CA) with the keyring ................................. */ - TSS ADD({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + - RINGDATA(CERTAUTH,{zowe.setup.certificate.keyring.zOSMF.ca}.) + + TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) + + RINGDATA(CERTAUTH,{zowe.setup.certificate.keyring.zOSMF.ca}) + USAGE(CERTAUTH) $$ //IFZFCAED ENDIF @@ -181,16 +163,16 @@ $$ /* A common part for all options starts here ....................... */ /* Allow ZOWEUSER to access keyring ................................ */ - TSS PERMIT({zowe.setup.security.users.zowe}.) + + TSS PERMIT({zowe.setup.security.users.zowe}) + IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) /* Uncomment this command if SITE acid owns the Zowe certificate ... */ -/* TSS PERMIT({zowe.setup.security.users.zowe}.) + +/* TSS PERMIT({zowe.setup.security.users.zowe}) + IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) /* List the keyring ................................................ */ - TSS LIST({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + - LABLRING({zowe.setup.certificate.keyring.name}.) + TSS LIST({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + + LABLRING({zowe.setup.certificate.keyring.name}) /* Common part - END ............................................... */ /* only the last RC is returned, this command ensures it is a 0 */ diff --git a/files/SZWESAMP/ZWEIRACF b/files/SZWESAMP/ZWEIRACF index 764208bc58..1185882d5a 100644 --- a/files/SZWESAMP/ZWEIRACF +++ b/files/SZWESAMP/ZWEIRACF @@ -98,7 +98,7 @@ /* uncomment to add existing user IDs to the ADMINGRP group */ /* CONNECT (userid,userid,...) - */ -/* GROUP({zowe.setup.security.groups.admin}.) AUTH(USE) */ +/* GROUP({zowe.setup.security.groups.admin}) AUTH(USE) */ /* DEFINE STARTED TASK ............................................. */ @@ -121,7 +121,7 @@ LISTUSER {zowe.setup.security.users.zowe}. OMVS ADDUSER {zowe.setup.security.users.zowe}. - NOPASSWORD - - DFLTGRP({zowe.setup.security.groups.stc}.) - + DFLTGRP({zowe.setup.security.groups.stc}) - OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) - NAME('ZOWE SERVER') - DATA('ZOWE MAIN SERVER') @@ -131,7 +131,7 @@ LISTUSER {zowe.setup.security.users.zis}. OMVS ADDUSER {zowe.setup.security.users.zis}. - NOPASSWORD - - DFLTGRP({zowe.setup.security.groups.stc}.) - + DFLTGRP({zowe.setup.security.groups.stc}) - OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) - NAME('ZOWE ZIS SERVER') - DATA('ZOWE ZIS CROSS MEMORY SERVER') @@ -139,24 +139,24 @@ /* */ /* started task for ZOWE main server */ - RLIST STARTED {zowe.setup.security.stcs.zowe}..* ALL STDATA - RDEFINE STARTED {zowe.setup.security.stcs.zowe}..* - - STDATA(USER({zowe.setup.security.users.zowe}.) - - GROUP({zowe.setup.security.groups.stc}.) - + RLIST STARTED {zowe.setup.security.stcs.zowe}.* ALL STDATA + RDEFINE STARTED {zowe.setup.security.stcs.zowe}.* - + STDATA(USER({zowe.setup.security.users.zowe}) - + GROUP({zowe.setup.security.groups.stc}) - TRUSTED(NO)) DATA('ZOWE MAIN SERVER') /* started task for ZIS cross memory server */ - RLIST STARTED {zowe.setup.security.stcs.zis}..* ALL STDATA - RDEFINE STARTED {zowe.setup.security.stcs.zis}..* - - STDATA(USER({zowe.setup.security.users.zis}.) - - GROUP({zowe.setup.security.groups.stc}.) - + RLIST STARTED {zowe.setup.security.stcs.zis}.* ALL STDATA + RDEFINE STARTED {zowe.setup.security.stcs.zis}.* - + STDATA(USER({zowe.setup.security.users.zis}) - + GROUP({zowe.setup.security.groups.stc}) - TRUSTED(NO)) DATA('ZOWE ZIS CROSS MEMORY SERVER') /* started task for ZIS Auxiliary cross memory server */ - RLIST STARTED {zowe.setup.security.stcs.aux}..* ALL STDATA - RDEFINE STARTED {zowe.setup.security.stcs.aux}..* - - STDATA(USER({zowe.setup.security.users.zis}.) - - GROUP({zowe.setup.security.groups.stc}.) - + RLIST STARTED {zowe.setup.security.stcs.aux}.* ALL STDATA + RDEFINE STARTED {zowe.setup.security.stcs.aux}.* - + STDATA(USER({zowe.setup.security.users.zis}) - + GROUP({zowe.setup.security.groups.stc}) - TRUSTED(NO)) DATA('ZOWE ZIS AUX CROSS MEMORY SERVER') SETROPTS RACLIST(STARTED) REFRESH @@ -165,9 +165,9 @@ LISTGRP {zowe.setup.security.groups.stc}. OMVS LISTUSER {zowe.setup.security.users.zowe}. OMVS LISTUSER {zowe.setup.security.users.zis}. OMVS - RLIST STARTED {zowe.setup.security.stcs.zowe}..* ALL STDATA - RLIST STARTED {zowe.setup.security.stcs.zis}..* ALL STDATA - RLIST STARTED {zowe.setup.security.stcs.aux}..* ALL STDATA + RLIST STARTED {zowe.setup.security.stcs.zowe}.* ALL STDATA + RLIST STARTED {zowe.setup.security.stcs.zis}.* ALL STDATA + RLIST STARTED {zowe.setup.security.stcs.aux}.* ALL STDATA /* DEFINE ZIS SECURITY RESOURCES ................................... */ @@ -179,14 +179,14 @@ /* permit AUX STC to use ZIS cross memory server */ PERMIT ZWES.IS CLASS(FACILITY) ACCESS(READ) - - ID({zowe.setup.security.users.zis}.) + ID({zowe.setup.security.users.zis}) SETROPTS RACLIST(FACILITY) REFRESH /* DEFINE ZOWE SERVER PERMISIONS ................................... */ /* permit Zowe main server to use ZIS cross memory server */ PERMIT ZWES.IS CLASS(FACILITY) ACCESS(READ) - - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(FACILITY) REFRESH /* permit Zowe main server to create a user's security environment */ @@ -198,17 +198,17 @@ RLIST FACILITY BPX.DAEMON ALL RDEFINE FACILITY BPX.DAEMON UACC(NONE) PERMIT BPX.DAEMON CLASS(FACILITY) ACCESS(UPDATE) 0 - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) RLIST FACILITY BPX.SERVER ALL RDEFINE FACILITY BPX.SERVER UACC(NONE) PERMIT BPX.SERVER CLASS(FACILITY) ACCESS(UPDATE) - - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) /* permit Zowe main server to create a user's security environment */ /* comment out the following 2 lines if the OMVSAPPL is not defined */ /* in your environment */ - PERMIT OMVSAPPL CLASS(APPL) ID({zowe.setup.security.users.zowe}.) - + PERMIT OMVSAPPL CLASS(APPL) ID({zowe.setup.security.users.zowe}) - ACCESS(READ) SETROPTS RACLIST(APPL) REFRESH @@ -216,7 +216,7 @@ RLIST FACILITY BPX.JOBNAME ALL RDEFINE FACILITY BPX.JOBNAME UACC(NONE) PERMIT BPX.JOBNAME CLASS(FACILITY) ACCESS(READ) - - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(FACILITY) REFRESH @@ -224,20 +224,20 @@ RLIST FACILITY IRR.RUSERMAP ALL RDEFINE FACILITY IRR.RUSERMAP UACC(NONE) PERMIT IRR.RUSERMAP CLASS(FACILITY) ACCESS(READ) - - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) /* permit Zowe main server to use distributed identity mapping */ /* service RLIST FACILITY IRR.IDIDMAP.QUERY ALL RDEFINE FACILITY IRR.IDIDMAP.QUERY UACC(NONE) PERMIT IRR.IDIDMAP.QUERY CLASS(FACILITY) ACCESS(READ) - - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) /* permit Zowe main server to cut SMF records */ RLIST FACILITY IRR.RAUDITX ALL RDEFINE FACILITY IRR.RAUDITX UACC(NONE) PERMIT IRR.RAUDITX CLASS(FACILITY) ACCESS(READ) - - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(FACILITY) REFRESH /* show results .................................................... */ @@ -262,16 +262,16 @@ ADDGROUP {zowe.setup.dataset.prefix}. DATA('Zowe - HLQ STUB') /* general data set protection */ - LISTDSD PREFIX({zowe.setup.dataset.prefix}.) ALL - ADDSD '{zowe.setup.dataset.prefix}..*.**' UACC(READ) DATA('Zowe') - PERMIT '{zowe.setup.dataset.prefix}..*.**' CLASS(DATASET) - - ACCESS(ALTER) ID({zowe.setup.security.groups.sysProg}.) + LISTDSD PREFIX({zowe.setup.dataset.prefix}) ALL + ADDSD '{zowe.setup.dataset.prefix}.*.**' UACC(READ) DATA('Zowe') + PERMIT '{zowe.setup.dataset.prefix}.*.**' CLASS(DATASET) - + ACCESS(ALTER) ID({zowe.setup.security.groups.sysProg}) SETROPTS GENERIC(DATASET) REFRESH /* show results .................................................... */ LISTGRP {zowe.setup.dataset.prefix}. - LISTDSD PREFIX({zowe.setup.dataset.prefix}.) ALL + LISTDSD PREFIX({zowe.setup.dataset.prefix}) ALL /* DEFINE ZOWE RESOURCE PROTECTION ................................. */ diff --git a/files/SZWESAMP/ZWEISTC b/files/SZWESAMP/ZWEISTC index c8858bfb8f..152ef524a3 100644 --- a/files/SZWESAMP/ZWEISTC +++ b/files/SZWESAMP/ZWEISTC @@ -18,11 +18,11 @@ //SYSUT2 DD DSN={zowe.setup.dataset.proclib},DISP=OLD //SYSIN DD * COPY OUTDD=SYSUT2,INDD=SYSUT1 - SELECT MEMBER=((ZWESLSTC,{zowe.setup.security.stcs.zowe})) + SELECT MEMBER=((ZWESLSTC,{zowe.setup.security.stcs.zowe},R)) COPY OUTDD=SYSUT2,INDD=SYSUT1 - SELECT MEMBER=((ZWESISTC,{zowe.setup.security.stcs.zis})) + SELECT MEMBER=((ZWESISTC,{zowe.setup.security.stcs.zis},R)) COPY OUTDD=SYSUT2,INDD=SYSUT1 - SELECT MEMBER=((ZWESASTC,{zowe.setup.security.stcs.aux})) + SELECT MEMBER=((ZWESASTC,{zowe.setup.security.stcs.aux},R)) //* diff --git a/files/SZWESAMP/ZWEITSS b/files/SZWESAMP/ZWEITSS index 8b0d10c962..eb5f756cb9 100644 --- a/files/SZWESAMP/ZWEITSS +++ b/files/SZWESAMP/ZWEITSS @@ -76,67 +76,67 @@ /* DEFINE ADMINISTRATORS ........................................... */ /* group for administrators */ - TSS LIST({zowe.setup.security.groups.admin}.) SEGMENT(OMVS) - TSS CREATE({zowe.setup.security.groups.admin}.) TYPE(GROUP) + + TSS LIST({zowe.setup.security.groups.admin}) SEGMENT(OMVS) + TSS CREATE({zowe.setup.security.groups.admin}) TYPE(GROUP) + NAME('ZOWE ADMINISTRATORS') + DEPT(&ADMINDEP.) - TSS ADD({zowe.setup.security.groups.admin}.) GID(&ADMINGID.) + TSS ADD({zowe.setup.security.groups.admin}) GID(&ADMINGID.) /* uncomment to add existing user IDs to the Zowe admin group */ -/* TSS ADD(userid) GROUP({zowe.setup.security.groups.admin}.) */ +/* TSS ADD(userid) GROUP({zowe.setup.security.groups.admin}) */ /* DEFINE STARTED TASK ............................................. */ /* comment out if STCGRP matches ADMINGRP (default), expect */ /* warning messages otherwise */ /* group for started tasks */ - TSS LIST({zowe.setup.security.groups.stc}.) SEGMENT(OMVS) - TSS CREATE({zowe.setup.security.groups.stc}.) TYPE(GROUP) + + TSS LIST({zowe.setup.security.groups.stc}) SEGMENT(OMVS) + TSS CREATE({zowe.setup.security.groups.stc}) TYPE(GROUP) + NAME('STC GROUP WITH OMVS SEGMENT') + DEPT(&STCGDEP.) - TSS ADD({zowe.setup.security.groups.stc}.) GID(&STCGID.) + TSS ADD({zowe.setup.security.groups.stc}) GID(&STCGID.) /* */ /* userid for ZOWE main server */ - TSS LIST({zowe.setup.security.users.zowe}.) SEGMENT(OMVS) - TSS CREATE({zowe.setup.security.users.zowe}.) TYPE(USER) PASS(NOPW,0) + + TSS LIST({zowe.setup.security.users.zowe}) SEGMENT(OMVS) + TSS CREATE({zowe.setup.security.users.zowe}) TYPE(USER) PASS(NOPW,0) + NAME('ZOWE MAIN SERVER') + DEPT(&STCUDEP.) - TSS ADD({zowe.setup.security.users.zowe}.) + - GROUP({zowe.setup.security.groups.stc}.) + - DFLTGRP({zowe.setup.security.groups.stc}.) + + TSS ADD({zowe.setup.security.users.zowe}) + + GROUP({zowe.setup.security.groups.stc}) + + DFLTGRP({zowe.setup.security.groups.stc}) + HOME(/tmp) OMVSPGM(/bin/sh) UID(&ZOWEUID.) /* userid for ZIS cross memory server */ - TSS LIST({zowe.setup.security.users.zis}.) SEGMENT(OMVS) - TSS CREATE({zowe.setup.security.users.zis}.) TYPE(USER) PASS(NOPW,0) + + TSS LIST({zowe.setup.security.users.zis}) SEGMENT(OMVS) + TSS CREATE({zowe.setup.security.users.zis}) TYPE(USER) PASS(NOPW,0) + NAME('ZOWE ZIS CROSS MEMORY SERVER') + DEPT(&STCUDEP.) - TSS ADD({zowe.setup.security.users.zis}.) + - GROUP({zowe.setup.security.groups.stc}.) + - DFLTGRP({zowe.setup.security.groups.stc}.) + + TSS ADD({zowe.setup.security.users.zis}) + + GROUP({zowe.setup.security.groups.stc}) + + DFLTGRP({zowe.setup.security.groups.stc}) + HOME(/tmp) OMVSPGM(/bin/sh) UID(&ZISUID.) /* */ /* started task for ZOWE main server */ - TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.zowe}.) PREFIX - TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.zowe}.) + - ACID({zowe.setup.security.users.zowe}.) - TSS ADD({zowe.setup.security.users.zowe}.) FAC(STC) + TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.zowe}) PREFIX + TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.zowe}) + + ACID({zowe.setup.security.users.zowe}) + TSS ADD({zowe.setup.security.users.zowe}) FAC(STC) /* started task for ZIS cross memory server */ - TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.zis}.) PREFIX - TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.zis}.) + - ACID({zowe.setup.security.users.zis}.) - TSS ADD({zowe.setup.security.users.zis}.) FAC(STC) + TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.zis}) PREFIX + TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.zis}) + + ACID({zowe.setup.security.users.zis}) + TSS ADD({zowe.setup.security.users.zis}) FAC(STC) /* started task for ZIS Auxiliary cross memory server */ - TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.aux}.) PREFIX - TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.aux}.) + - ACID({zowe.setup.security.users.zis}.) - TSS ADD({zowe.setup.security.users.zis}.) FAC(STC) + TSS LIST(STC) PROCNAME({zowe.setup.security.stcs.aux}) PREFIX + TSS ADD(STC) PROCNAME({zowe.setup.security.stcs.aux}) + + ACID({zowe.setup.security.users.zis}) + TSS ADD({zowe.setup.security.users.zis}) FAC(STC) /* DEFINE ZIS SECURITY RESOURCES ................................... */ @@ -147,14 +147,14 @@ /* permit AUX STC to use ZIS cross memory server */ TSS WHOHAS IBMFAC(ZWES.IS) - TSS PERMIT({zowe.setup.security.users.zis}.) IBMFAC(ZWES.IS) + + TSS PERMIT({zowe.setup.security.users.zis}) IBMFAC(ZWES.IS) + ACCESS(READ) /* DEFINE ZOWE SERVER PERMISIONS ................................... */ /* permit Zowe main server to use ZIS cross memory server */ TSS WHOHAS IBMFAC(ZWES.IS) - TSS PERMIT({zowe.setup.security.users.zowe}.) IBMFAC(ZWES.IS) + + TSS PERMIT({zowe.setup.security.users.zowe}) IBMFAC(ZWES.IS) + ACCESS(READ) /* permit Zowe main server to create a user's security environment */ @@ -165,36 +165,36 @@ /* it on a production system. */ TSS ADD(&FACACID.) IBMFAC(BPX.) TSS WHOHAS IBMFAC(BPX.DAEMON) - TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(BPX.DAEMON) + + TSS PER({zowe.setup.security.users.zowe}) IBMFAC(BPX.DAEMON) + ACCESS(UPDATE) TSS WHOHAS IBMFAC(BPX.SERVER) - TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(BPX.SERVER) + + TSS PER({zowe.setup.security.users.zowe}) IBMFAC(BPX.SERVER) + ACCESS(UPDATE) /* permit Zowe main server to create a user's security environment */ /* comment out the following line if the OMVSAPPL is not defined */ /* in your environment */ -TSS PERMIT({zowe.setup.security.users.zowe}.) APPL(OMVSAPPL) +TSS PERMIT({zowe.setup.security.users.zowe}) APPL(OMVSAPPL) /* Allow ZOWEUSER access to BPX.JOBNAME */ TSS WHOHAS IBMFAC(BPX.JOBNAME) - TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(BPX.JOBNAME) + + TSS PER({zowe.setup.security.users.zowe}) IBMFAC(BPX.JOBNAME) + ACCESS(READ) /* permit Zowe main server to use client certificate mapping service */ TSS WHOHAS IBMFAC(IRR.RUSERMAP) - TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(IRR.RUSERMAP) + + TSS PER({zowe.setup.security.users.zowe}) IBMFAC(IRR.RUSERMAP) + ACCESS(READ) /* permit Zowe main server to use distributed identity mapping */ /* service TSS WHOHAS IBMFAC(IRR.IDIDMAP.QUERY) - TSS PER({zowe.setup.security.users.zowe}.) + + TSS PER({zowe.setup.security.users.zowe}) + IBMFAC(IRR.IDIDMAP.QUERY) ACCESS(READ) /* permit Zowe main server to cut SMF records */ TSS WHOHAS IBMFAC(IRR.RAUDITX) - TSS PER({zowe.setup.security.users.zowe}.) IBMFAC(IRR.RAUDITX) + + TSS PER({zowe.setup.security.users.zowe}) IBMFAC(IRR.RAUDITX) + ACCESS(READ) /* DEFINE ZOWE DATA SET PROTECTION ................................. */ @@ -203,16 +203,16 @@ TSS PERMIT({zowe.setup.security.users.zowe}.) APPL(OMVSAPPL) /* advised to protect it against updates. */ /* HLQ stub */ - TSS ADD(&ADMINDEP.) DATASET({zowe.setup.dataset.prefix}..) + TSS ADD(&ADMINDEP.) DATASET({zowe.setup.dataset.prefix}.) /* general data set protection */ - TSS WHOHAS DATASET({zowe.setup.dataset.prefix}.) - TSS PER(ALL) DATASET({zowe.setup.dataset.prefix}..) ACCESS(READ) + TSS WHOHAS DATASET({zowe.setup.dataset.prefix}) + TSS PER(ALL) DATASET({zowe.setup.dataset.prefix}.) ACCESS(READ) TSS PER({zowe.setup.security.groups.sysProg}) + - DATASET({zowe.setup.dataset.prefix}..) ACCESS(ALL) + DATASET({zowe.setup.dataset.prefix}.) ACCESS(ALL) /* show results */ - TSS WHOHAS DATASET({zowe.setup.dataset.prefix}.) + TSS WHOHAS DATASET({zowe.setup.dataset.prefix}) /* DEFINE ZOWE RESOURCE PROTECTION ................................. */ diff --git a/files/SZWESAMP/ZWENOKYR b/files/SZWESAMP/ZWENOKYR index 4212678c0f..4699af99f6 100644 --- a/files/SZWESAMP/ZWENOKYR +++ b/files/SZWESAMP/ZWENOKYR @@ -59,11 +59,11 @@ /* Remove permit to use SITE owned certificate's private key */ PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) + - DELETE ID({zowe.setup.security.users.zowe}.) + DELETE ID({zowe.setup.security.users.zowe}) /* Remove permit to read keyring ................................... */ PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) + - DELETE ID({zowe.setup.security.users.zowe}.) + DELETE ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(FACILITY) REFRESH @@ -73,7 +73,7 @@ PERMIT + &USERNAME..{zowe.setup.certificate.keyring.name}..LST + CLASS(RDATALIB) DELETE + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) RDELETE RDATALIB + &USERNAME..{zowe.setup.certificate.keyring.name}..LST @@ -81,16 +81,16 @@ SETROPTS RACLIST(RDATALIB) REFRESH /* Delete LABEL certificate ........................................*/ - RACDCERT DELETE(LABEL('{zowe.setup.certificate.keyring.label}.')) + - ID({zowe.setup.security.users.zowe}.) + RACDCERT DELETE(LABEL('{zowe.setup.certificate.keyring.label}')) + + ID({zowe.setup.security.users.zowe}) /* Delete LOCALCA certificate ......................................*/ RACDCERT DELETE(LABEL( + - '{zowe.setup.certificate.keyring.caLabel}.')) CERTAUTH + '{zowe.setup.certificate.keyring.caLabel}')) CERTAUTH /* Delete keyring ...................................................*/ - RACDCERT DELRING({zowe.setup.certificate.keyring.name}.) + - ID({zowe.setup.security.users.zowe}.) + RACDCERT DELRING({zowe.setup.certificate.keyring.name}) + + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(DIGTCERT, DIGTRING) REFRESH @@ -141,21 +141,21 @@ $$ //TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Remove permit to use SITE owned certificate's private key */ - TSS REVOKE({zowe.setup.security.users.zowe}.) + + TSS REVOKE({zowe.setup.security.users.zowe}) + IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) /* Remove permit to read keyring ................................... */ - TSS REVOKE({zowe.setup.security.users.zowe}.) + + TSS REVOKE({zowe.setup.security.users.zowe}) + IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) /* Delete LABEL certificate ........................................*/ - TSS REM({zowe.setup.security.users.zowe}.) DIGICERT(ZOWECERT) + TSS REM({zowe.setup.security.users.zowe}) DIGICERT(ZOWECERT) /* Delete LOCALCA certificate ......................................*/ TSS REM(CERTAUTH) DIGICERT(ZOWECA) /* Delete keyring ...................................................*/ - TSS REM({zowe.setup.security.users.zowe}.) KEYRING(ZOWERING) + TSS REM({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) /* ................................................................. */ /* only the last RC is returned, this command ensures it is a 0 */ diff --git a/files/SZWESAMP/ZWENOSEC b/files/SZWESAMP/ZWENOSEC index 44036f1f2b..623b1e166e 100644 --- a/files/SZWESAMP/ZWENOSEC +++ b/files/SZWESAMP/ZWENOSEC @@ -69,10 +69,10 @@ /* EGN is not active on your system. */ /* remove general data set protection */ - LISTDSD PREFIX({zowe.setup.datasets.prefix}.) ALL - PERMIT '{zowe.setup.datasets.prefix}..*.**' CLASS(DATASET) + - DELETE ID({zowe.setup.security.groups.sysProg}.) - DELDSD '{zowe.setup.datasets.prefix}..*.**' + LISTDSD PREFIX({zowe.setup.datasets.prefix}) ALL + PERMIT '{zowe.setup.datasets.prefix}.*.**' CLASS(DATASET) + + DELETE ID({zowe.setup.security.groups.sysProg}) + DELDSD '{zowe.setup.datasets.prefix}.*.**' /* remove HLQ stub */ LISTGRP {zowe.setup.datasets.prefix}. @@ -85,41 +85,41 @@ /* remove permit to use ZIS */ RLIST FACILITY ZWES.IS ALL PERMIT ZWES.IS CLASS(FACILITY) + - DELETE ID({zowe.setup.security.users.zowe}.) + DELETE ID({zowe.setup.security.users.zowe}) /* remove permit to create a user's security environment */ RLIST FACILITY BPX.DAEMON ALL PERMIT BPX.DAEMON CLASS(FACILITY) DELETE + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) RLIST FACILITY BPX.SERVER ALL PERMIT BPX.SERVER CLASS(FACILITY) DELETE + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) PERMIT OMVSAPPL CLASS(APPL) DELETE + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) /* remove permit to set jobname */ RLIST FACILITY BPX.JOBNAME ALL PERMIT BPX.JOBNAME CLASS(FACILITY) DELETE + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) /* remove permit to write persistent data */ RLIST UNIXPRIV SUPERUSER.FILESYS ALL PERMIT SUPERUSER.FILESYS CLASS(UNIXPRIV) DELETE + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) /* remove permit to use client certificate mapping service */ PERMIT IRR.RUSERMAP CLASS(FACILITY) DELETE + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) /* remove permit to use distributed identity mapping service */ PERMIT IRR.IDIDMAP.QUERY CLASS(FACILITY) DELETE + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) /* remove permit Zowe main server to cut SMF records */ PERMIT IRR.RAUDITX CLASS(FACILITY) DELETE + - ID({zowe.setup.security.users.zowe}.) + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(FACILITY) REFRESH SETROPTS RACLIST(UNIXPRIV) REFRESH @@ -129,7 +129,7 @@ /* remove permit to use ZIS */ RLIST FACILITY ZWES.IS ALL PERMIT ZWES.IS CLASS(FACILITY) DELETE + - ID({zowe.setup.security.users.zis}.) + ID({zowe.setup.security.users.zis}) /* REMOVE STARTED TASKS ............................................ */ @@ -149,16 +149,16 @@ DELGROUP {zowe.setup.security.groups.stc}. /* remove started task for ZOWE main server */ - RLIST STARTED {zowe.setup.security.stcs.zowe}..* ALL STDATA - RDELETE STARTED {zowe.setup.security.stcs.zowe}..* + RLIST STARTED {zowe.setup.security.stcs.zowe}.* ALL STDATA + RDELETE STARTED {zowe.setup.security.stcs.zowe}.* /* remove started task for ZIS */ - RLIST STARTED {zowe.setup.security.stcs.zis}..* ALL STDATA - RDELETE STARTED {zowe.setup.security.stcs.zis}..* + RLIST STARTED {zowe.setup.security.stcs.zis}.* ALL STDATA + RDELETE STARTED {zowe.setup.security.stcs.zis}.* /* remove started task for ZIS Auxiliary server */ - RLIST STARTED {zowe.setup.security.stcs.aux}..* ALL STDATA - RDELETE STARTED {zowe.setup.security.stcs.aux}..* + RLIST STARTED {zowe.setup.security.stcs.aux}.* ALL STDATA + RDELETE STARTED {zowe.setup.security.stcs.aux}.* SETROPTS RACLIST(STARTED) REFRESH @@ -167,7 +167,7 @@ /* uncomment to remove user IDs from */ /* the {zowe.setup.security.groups.admin} group */ /* REMOVE (userid,userid,...) */ -/* GROUP({zowe.setup.security.groups.admin}.) */ +/* GROUP({zowe.setup.security.groups.admin}) */ /* remove group for administrators */ LISTGRP {zowe.setup.security.groups.admin}. OMVS @@ -250,23 +250,23 @@ F ACF2,REFRESH(STC) * * Revoke access to ZIS SET RESOURCE(FAC) -RECKEY ZWES DEL(IS ROLE({zowe.setup.security.groups.stc}.) + +RECKEY ZWES DEL(IS ROLE({zowe.setup.security.groups.stc}) + SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * * Remove Zowe main server * SET RESOURCE(FAC) -RECKEY BPX DEL(DAEMON ROLE({zowe.setup.security.groups.stc}.) + +RECKEY BPX DEL(DAEMON ROLE({zowe.setup.security.groups.stc}) + SERVICE(UPDATE) ALLOW) -RECKEY BPX DEL(SERVER ROLE({zowe.setup.security.groups.stc}.) + +RECKEY BPX DEL(SERVER ROLE({zowe.setup.security.groups.stc}) + SERVICE(UPDATE) ALLOW) -RECKEY BPX DEL(JOBNAME ROLE({zowe.setup.security.groups.stc}.) + +RECKEY BPX DEL(JOBNAME ROLE({zowe.setup.security.groups.stc}) + SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) SET RESOURCE(APL) RECKEY OMVSAPPL DEL(SERVICE(READ) + - ROLE({zowe.setup.security.groups.stc}.) ALLOW) + ROLE({zowe.setup.security.groups.stc}) ALLOW) F ACF2,REBUILD(APL) * Remove UNI * @@ -279,7 +279,7 @@ F ACF2,REBUILD(UNI) * Remove STCGRP role permission to use client certificate mapping * service SET RESOURCE(FAC) -RECKEY IRR DEL(RUSERMAP ROLE({zowe.setup.security.groups.stc}.) + +RECKEY IRR DEL(RUSERMAP ROLE({zowe.setup.security.groups.stc}) + SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) @@ -287,12 +287,12 @@ F ACF2,REBUILD(FAC) * service SET RESOURCE(FAC) RECKEY IRR DEL(IDIDMAP.QUERY + - ROLE({zowe.setup.security.groups.stc}.) SERVICE(READ) ALLOW) + ROLE({zowe.setup.security.groups.stc}) SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * Remove STCGRP role permission to cut SMF records SET RESOURCE(FAC) -RECKEY IRR DEL(RAUDITX ROLE({zowe.setup.security.groups.stc}.) + +RECKEY IRR DEL(RAUDITX ROLE({zowe.setup.security.groups.stc}) + SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) @@ -324,10 +324,10 @@ $$ /* REMOVE ZOWE DATA SET PROTECTION ................................. */ /* removE general data set protection */ TSS WHOHAS DATASET({zowe.setup.datasets.prefix}) -TSS REVOKE(ALL) DATASET({zowe.setup.datasets.prefix}..) +TSS REVOKE(ALL) DATASET({zowe.setup.datasets.prefix}) TSS REVOKE({zowe.setup.security.groups.sysProg}) + - DATASET({zowe.setup.datasets.prefix}..) -TSS REMOVE(&ADMINDEP) DATASET({zowe.setup.datasets.prefix}..) + DATASET({zowe.setup.datasets.prefix}) +TSS REMOVE(&ADMINDEP) DATASET({zowe.setup.datasets.prefix}) /* REMOVE ZOWE SERVER PERMISIONS ................................... */ @@ -355,17 +355,17 @@ TSS REVOKE({zowe.setup.security.users.zowe}) + /* remove permit Zowe main server to use client certificate mapping */ /* service */ TSS WHOHAS IBMFAC(IRR.RUSERMAP) -TSS REVOKE({zowe.setup.security.users.zowe}.) IBMFAC(IRR.RUSERMAP) +TSS REVOKE({zowe.setup.security.users.zowe}) IBMFAC(IRR.RUSERMAP) /* remove permit Zowe main server to use distributed identity */ /* mapping service */ TSS WHOHAS IBMFAC(IRR.IDIDMAP.QUERY) -TSS REVOKE({zowe.setup.security.users.zowe}.) + +TSS REVOKE({zowe.setup.security.users.zowe}) + IBMFAC(IRR.IDIDMAP.QUERY) /* remove permit Zowe main server to cut SMF records */ TSS WHOHAS IBMFAC(IRR.RAUDITX) -TSS REVOKE({zowe.setup.security.users.zowe}.) IBMFAC(IRR.RAUDITX) +TSS REVOKE({zowe.setup.security.users.zowe}) IBMFAC(IRR.RAUDITX) /* REMOVE AUX SERVER PERMISIONS .................................... */ @@ -407,7 +407,7 @@ TSS REMOVE(STC) PROCNAME({zowe.setup.security.stcs.aux}) /* uncomment to remove user IDs from */ /* the {zowe.setup.security.groups.admin} group */ /* TSS REMOVE (userid) + */ -/* GROUP({zowe.setup.security.groups.admin}.) */ +/* GROUP({zowe.setup.security.groups.admin}) */ /* remove group for administrators */ TSS LIST({zowe.setup.security.groups.admin}) TSS DELETE({zowe.setup.security.groups.admin}) From 65c7035a396f839fa821460eb3255c76bf8cdc00 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 7 Feb 2024 14:46:43 -0500 Subject: [PATCH 084/258] Switch to tso version of is_data_set_exists Signed-off-by: 1000TurquoisePogs --- bin/libs/zos.sh | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/bin/libs/zos.sh b/bin/libs/zos.sh index fb4418bd7e..c45e511270 100644 --- a/bin/libs/zos.sh +++ b/bin/libs/zos.sh @@ -70,25 +70,18 @@ operator_command() { verify_generated_jcl() { # read JCL library and validate jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") - does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEISTC)") + does_jcl_exist=$(tso_is_data_set_exists "${jcllib}") if [ -z "${does_jcl_exist}" ]; then zwecli_inline_execute_command init generate fi - # should be created, but may take time to discover. if [ -z "${does_jcl_exist}" ]; then - does_jcl_exist= - for secs in 1 5 10 ; do - does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWEISTC)") + does_jcl_exist=$(tso_is_data_set_exists "${jcllib}") if [ -z "${does_jcl_exist}" ]; then - sleep ${secs} - else - break + prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") + print_error_and_exit "Error ZWEL0999E: ${jcllib} does not exist, cannot run command. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 fi - done - if [ -z "${does_jcl_exist}" ]; then - print_error_and_exit "Error ZWEL0999E: ${jcllib} does not exist, cannot run command. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 - else - echo "${jcllib}" fi + echo "${jcllib}" + return 0 } From bf6b470a3568249c531ee909cfd8763ad738a197 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 7 Feb 2024 14:58:35 -0500 Subject: [PATCH 085/258] Fix syntax error preventing build Signed-off-by: 1000TurquoisePogs --- bin/libs/zos-jes.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/libs/zos-jes.sh b/bin/libs/zos-jes.sh index d97445e164..4f9fc80f53 100644 --- a/bin/libs/zos-jes.sh +++ b/bin/libs/zos-jes.sh @@ -138,7 +138,7 @@ wait_for_job() { fi } -print_and_handle_jcl() +print_and_handle_jcl() { jcl_location="${1}" job_name="{2}" jcllib="${3}" From 92865d6c4dc78734b7082acb2d9df6d2e921f325 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 8 Feb 2024 08:19:08 -0500 Subject: [PATCH 086/258] Fix line length on zweiapf Signed-off-by: 1000TurquoisePogs --- files/SZWESAMP/ZWEIAPF | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/files/SZWESAMP/ZWEIAPF b/files/SZWESAMP/ZWEIAPF index e1da539a48..2aad71c0d6 100644 --- a/files/SZWESAMP/ZWEIAPF +++ b/files/SZWESAMP/ZWEIAPF @@ -9,9 +9,22 @@ //* //* Copyright Contributors to the Zowe Project. 2020, 2020 //* -//********************************************************************* +//********************************************************************* //* -//APFLOAD COMMAND 'SETPROG APF,ADD,DSN={zowe.setup.dataset.authLoadLib}' -//* -//APFLIB COMMAND 'SETPROG APF,ADD,DSN={zowe.setup.dataset.authPluginLib}' +//* This JCL is used to set APF for the two datasets of Zowe +//* Which need it. You can issue this, or use another +//* Way to accomplish the task. +//* +//* +//* +//* This dataset holds the APF portion of Zowe +// SET LOADLIB='{zowe.setup.dataset.authLoadLib}' +//* +//* This dataset holds product plugins for ZIS, +//* ZIS is located in the LOADLIB. +// SET PLUGINLIB='{zowe.setup.dataset.authPluginLib}' +//* +//APFLOAD COMMAND 'SETPROG APF,ADD,DSN=&LOADLIB' +//* +//APFLIB COMMAND 'SETPROG APF,ADD,DSN=&PLUGINLIB' //* From 8c5240e02e9796fa532e705b8ff8a05d9ce3c48a Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 8 Feb 2024 14:14:29 -0500 Subject: [PATCH 087/258] Split mvs task into 2 because usually authloadlib doesnt need to be created. trim vsam and mvs files Signed-off-by: 1000TurquoisePogs --- bin/commands/init/mvs/index.sh | 68 ++++------------------ bin/commands/init/vsam/index.sh | 99 ++++++--------------------------- files/SZWESAMP/ZWEIMVS | 35 +++--------- files/SZWESAMP/ZWEIMVS2 | 45 +++++++++++++++ files/SZWESAMP/ZWENOKYR | 10 ++-- 5 files changed, 89 insertions(+), 168 deletions(-) create mode 100644 files/SZWESAMP/ZWEIMVS2 diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index a6defe0b10..e51cac14ad 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -29,29 +29,7 @@ if [ -z "${prefix}" ]; then print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 fi -jcllib_location=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") -does_jcl_exist=$(is_data_set_exists "${jcllib_location}(ZWEIMVS)") -if [ -z "${does_jcl_exist}" ]; then - zwecli_inline_execute_command init generate -fi - -# should be created, but may take time to discover. -if [ -z "${does_jcl_exist}" ]; then -does_jcl_exist= -for secs in 1 5 10 ; do - does_jcl_exist=$(is_data_set_exists "${jcllib_location}(ZWEIMVS)") - if [ -z "${does_jcl_exist}" ]; then - sleep ${secs} - else - break - fi -done - -if [ -z "${does_jcl_exist}" ]; then - print_error_and_exit "Error ZWEL0999E: ${jcllib_location}(ZWEIMVS) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 -fi -fi - +jcllib_location=$(verify_generated_jcl) ############################### # create data sets if they do not exist @@ -69,6 +47,12 @@ while read -r line; do else print_error_and_exit "Error ZWEL0157E: ${name} (zowe.setup.dataset.${key}) is not defined in Zowe YAML configuration file." "" 157 fi + elif [ "${key}" = "authLoadlib" ]; then + if [ "${ds}" = "${prefix}.SZWESAMP" ]; then + run_aloadlib_create="false" + else + run_aloadlib_create="true" + fi fi # check existence ds_existence=$(is_data_set_exists "${ds}") @@ -93,41 +77,13 @@ if [ "${ds_existence}" = "true" ] && [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" ! print_level2_message "Zowe custom data sets initialized with errors." else - jcl_contents=$(cat "//'${jcllib_location}(ZWEIMVS)'") - print_message "Template JCL: ${prefix}.SZWESAMP(ZWEIMVS) , Executable JCL: ${jcllib_location}(ZWEIMVS)" - print_message "--- JCL Content ---" - print_message "$jcl_contents" - print_message "--- End of JCL ---" - - if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then - print_message "Submitting Job ZWEIMVS" - jobid=$(submit_job "//'${jcllib_location}(ZWEIMVS)'") - code=$? - if [ ${code} -ne 0 ]; then - print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib_location}(ZWEIMVS)." "" 161 - fi - print_debug "- job id ${jobid}" - - jobstate=$(wait_for_job "${jobid}") - code=$? - if [ ${code} -eq 1 ]; then - print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 - fi - jobname=$(echo "${jobstate}" | awk -F, '{print $2}') - jobcctext=$(echo "${jobstate}" | awk -F, '{print $3}') - jobcccode=$(echo "${jobstate}" | awk -F, '{print $4}') - - if [ "${code}" -eq 0 ]; then - print_level2_message "Zowe custom data sets are initialized successfully." - else - print_level2_message "Zowe custom data sets initialized with errors." - fi - else - print_message "JCL not submitted, command run with dry run flag." - print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" - print_level2_message "Command run successfully." + print_and_handle_jcl "//'${jcllib_location}(ZWEIMVS)'" "ZWEIMVS" "${jcllib_location}" "${prefix}" + if [ "${run_aloadlib_create}" = "true" ]; then + print_and_handle_jcl "//'${jcllib_location}(ZWEIMVS2)'" "ZWEIMVS2" "${jcllib_location}" "${prefix}" fi + + print_level2_message "Zowe custom data sets are initialized successfully." fi diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index 6b46b10535..5aefd266b6 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -31,102 +31,39 @@ if [ -z "${prefix}" ]; then print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 fi -jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") -does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWECSVSM)") -if [ -z "${does_jcl_exist}" ]; then - zwecli_inline_execute_command init generate -fi +jcllib=$(verify_generated_jcl) -# should be created, but may take time to discover. -if [ -z "${does_jcl_exist}" ]; then -does_jcl_exist= -for secs in 1 5 10 ; do - does_jcl_exist=$(is_data_set_exists "${jcllib}(ZWECSVSM)") - if [ -z "${does_jcl_exist}" ]; then - sleep ${secs} - else - break - fi -done +required_yaml_content="mode volume storageClass name" -if [ -z "${does_jcl_exist}" ]; then - print_error_and_exit "Error ZWEL0999E: ${jcllib}(ZWECSVSM) does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 -fi -fi - -vsam_mode=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.vsam.mode") -if [ -z "${vsam_mode}" ]; then - vsam_mode=NONRLS -fi -vsam_volume= -if [ "${vsam_mode}" = "NONRLS" ]; then - vsam_volume=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.vsam.volume") - if [ -z "${vsam_volume}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe Caching Service VSAM data set Non-RLS volume (zowe.setup.vsam.volume) is not defined in Zowe YAML configuration file." "" 157 +for key in ${required_params}; do + eval "${key}=$(read_yaml \"${ZWE_CLI_PARAMETER_CONFIG}\" \".zowe.setup.vsam.${key}\")" + if [ -z "${key}" ]; then + print_error_and_exit "Error ZWEL0157E: VSAM parameter (zowe.setup.vsam.${key}) is not defined in Zowe YAML configuration file." "" 157 fi -fi -vsam_storageClass= -if [ "${vsam_mode}" = "RLS" ]; then - vsam_storageClass=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.vsam.storageClass") - if [ -z "${vsam_storageClass}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe Caching Service VSAM data set RLS storage class (zowe.setup.vsam.storageClass) is not defined in Zowe YAML configuration file." "" 157 - fi -fi -vsam_name=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.vsam.name") -if [ -z "${vsam_name}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe Caching Service VSAM data set name (components.caching-service.storage.vsam.name) is not defined in Zowe YAML configuration file." "" 157 -fi +done # VSAM cache cannot be overwritten, must delete manually # FIXME: cat cannot be used to test VSAM data set -vsam_existence=$(is_data_set_exists "${vsam_name}") +vsam_existence=$(is_data_set_exists "${name}") if [ "${vsam_existence}" = "true" ]; then if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then # delete blindly and ignore errors - result=$(tso_command delete "'${vsam_name}'") + result=$(tso_command delete "'${name}'") else # error - print_error_and_exit "Error ZWEL0158E: ${vsam_name} already exists." "" 158 + print_error_and_exit "Error ZWEL0158E: ${name} already exists." "" 158 fi fi - -jcl_contents=$(cat "//'${jcllib}(ZWECSVSM)") -print_message "Template JCL: ${prefix}.SZWESAMP(ZWECSVSM) , Executable JCL: ${jcllib}(ZWECSVSM)" -print_message "--- JCL Content ---" -print_message "$jcl_contents" -print_message "--- End of JCL ---" +############################### +# execution (or dry-run) +print_and_handle_jcl "//'${jcllib}(ZWECSVSM)" "ZWECSVSM" "${jcllib}" "${prefix}" if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then - print_message "Submitting Job ZWECSVSM" - jobid=$(submit_job "//'${jcllib}(ZWECSVSM)'") - code=$? - if [ ${code} -ne 0 ]; then - print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib}(ZWECSVSM)." "" 161 - fi - print_debug "- job id ${jobid}" - - jobstate=$(wait_for_job "${jobid}") - code=$? - if [ ${code} -eq 1 ]; then - print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 - fi - jobname=$(echo "${jobstate}" | awk -F, '{print $2}') - jobcctext=$(echo "${jobstate}" | awk -F, '{print $3}') - jobcccode=$(echo "${jobstate}" | awk -F, '{print $4}') - - if [ "${code}" -eq 0 ]; then - print_level2_message "Zowe Caching Service VSAM storage is created successfully." - if [ "${ZWE_CLI_PARAMETER_UPDATE_CONFIG}" = "true" ]; then - update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "components.caching-service.storage.vsam.name" "${vsam_name}" - print_level2_message "Zowe configuration is updated successfully." - fi - else - print_error_and_exit "Error ZWEL0163E: Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." "" 163 - fi -else - print_message "JCL not submitted, command run with dry run flag." - print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" - print_level2_message "Command run successfully." + print_level2_message "Zowe Caching Service VSAM storage is created successfully." + if [ "${ZWE_CLI_PARAMETER_UPDATE_CONFIG}" = "true" ]; then + update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "components.caching-service.storage.vsam.name" "${name}" + print_level2_message "Zowe configuration is updated successfully." + fi fi diff --git a/files/SZWESAMP/ZWEIMVS b/files/SZWESAMP/ZWEIMVS index 3a81ce582e..098852eedb 100644 --- a/files/SZWESAMP/ZWEIMVS +++ b/files/SZWESAMP/ZWEIMVS @@ -11,7 +11,15 @@ //* //********************************************************************* //* -//* +//* This job is used to create datasets used by a Zowe "instance" +//* Instances represent a configuration of Zowe, different from the +//* "runtime" datasets that are created upon install of Zowe / SMPE. +//* +//* If your choosen value of 'zowe.setup.dataset.authLoadLib' is not +//* Equal to 'zowe.setup.prefix' + 'SZWELOAD', +//* Then you must also run "ZWEIMVS2". +//* +//********************************************************************* //MKPDSE EXEC PGM=IKJEFT01 //SYSTSPRT DD SYSOUT=A //SYSTSIN DD * @@ -19,14 +27,6 @@ ALLOC NEW DA('{zowe.setup.dataset.parmlib}') + dsntype(library) dsorg(po) recfm(f b) lrecl(80) + unit(sysallda) space(15,15) tracks -ALLOC NEW DA('{zowe.setup.dataset.jcllib}') + -dsntype(library) dsorg(po) recfm(f b) lrecl(80) + -unit(sysallda) space(15,15) tracks - -ALLOC NEW DA('{zowe.setup.dataset.authLoadLib}') + -dsntype(library) dsorg(po) recfm(u) lrecl(0) + -blksize(32760) unit(sysallda) space(30,15) tracks - ALLOC NEW DA('{zowe.setup.dataset.authPluginLib}') + dsntype(library) dsorg(po) recfm(u) lrecl(0) + blksize(32760) unit(sysallda) space(30,15) tracks @@ -39,20 +39,3 @@ blksize(32760) unit(sysallda) space(30,15) tracks COPY OUTDD=SYSUT2,INDD=SYSUT1 SELECT MEMBER=((ZWESIP00,,R)) //* -//AUTHCPY EXEC PGM=BPXBATCH -//BPXPRINT DD SYSOUT=* -//STDOUT DD SYSOUT=* -//STDERR DD SYSOUT=* -//STDPARM DD * -SH cd {zowe.runtimeDirectory} && -cd components/zss && -cp LOADLIB/ZWESIS01 -"//'{zowe.setup.dataset.authLoadLib}(ZWESIS01)'" && -cp LOADLIB/ZWESAUX -"//'{zowe.setup.dataset.authLoadLib}(ZWESAUX)'" && -cp LOADLIB/ZWESISDL -"//'{zowe.setup.dataset.authLoadLib}(ZWESISDL)'" && -cd ../launcher/bin && -cp zowe_launcher -"//'{zowe.setup.dataset.authLoadLib}(ZWELNCH)'" -/* diff --git a/files/SZWESAMP/ZWEIMVS2 b/files/SZWESAMP/ZWEIMVS2 new file mode 100644 index 0000000000..3fb3874470 --- /dev/null +++ b/files/SZWESAMP/ZWEIMVS2 @@ -0,0 +1,45 @@ +//ZWEIMVS2 JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* This job is used to create the APF load library for an instance +//* Of Zowe. It is not needed if your choosen value of +//* 'zowe.setup.dataset.authLoadlib' is equal to +//* 'zowe.setup.prefix' + 'SZWELOAD'. +//* +//* When running this job, you should also run ZwEIMVS +//* +//********************************************************************* +//MKPDSE EXEC PGM=IKJEFT01 +//SYSTSPRT DD SYSOUT=A +//SYSTSIN DD * +ALLOC NEW DA('{zowe.setup.dataset.authLoadlib}') + +dsntype(library) dsorg(po) recfm(u) lrecl(0) + +blksize(32760) unit(sysallda) space(30,15) tracks +//* +//AUTHCPY EXEC PGM=BPXBATCH +//BPXPRINT DD SYSOUT=* +//STDOUT DD SYSOUT=* +//STDERR DD SYSOUT=* +//STDPARM DD * +SH cd {zowe.runtimeDirectory} && +cd components/zss && +cp LOADLIB/ZWESIS01 +"//'{zowe.setup.dataset.authLoadlib}(ZWESIS01)'" && +cp LOADLIB/ZWESAUX +"//'{zowe.setup.dataset.authLoadlib}(ZWESAUX)'" && +cp LOADLIB/ZWESISDL +"//'{zowe.setup.dataset.authLoadlib}(ZWESISDL)'" && +cd ../launcher/bin && +cp zowe_launcher +"//'{zowe.setup.dataset.authLoadlib}(ZWELNCH)'" +/* diff --git a/files/SZWESAMP/ZWENOKYR b/files/SZWESAMP/ZWENOKYR index 4699af99f6..990dcb889f 100644 --- a/files/SZWESAMP/ZWENOKYR +++ b/files/SZWESAMP/ZWENOKYR @@ -69,13 +69,13 @@ /* Remove keyring profile defined on RDATALIB class ................ */ RLIST RDATALIB + - &USERNAME..{zowe.setup.certificate.keyring.name}..LST ALL + &USERNAME..{zowe.setup.certificate.keyring.name}.LST ALL PERMIT + - &USERNAME..{zowe.setup.certificate.keyring.name}..LST + + &USERNAME..{zowe.setup.certificate.keyring.name}.LST + CLASS(RDATALIB) DELETE + ID({zowe.setup.security.users.zowe}) RDELETE RDATALIB + - &USERNAME..{zowe.setup.certificate.keyring.name}..LST + &USERNAME..{zowe.setup.certificate.keyring.name}.LST /* Refresh to dynamically activate the changes. .................... */ SETROPTS RACLIST(RDATALIB) REFRESH @@ -120,14 +120,14 @@ ACF F ACF2,REBUILD(FAC) * Delete LABEL certificate ........................................*/ - DELETE {zowe.setup.security.users.zowe}..ZOWECERT + DELETE {zowe.setup.security.users.zowe}.ZOWECERT * Delete LOCALCA certificate ......................................*/ DELETE CERTAUTH.ZOWECA * Delete keyring ...................................................*/ SET PROFILE(USER) DIVISION(KEYRING) - DELETE {zowe.setup.security.users.zowe}..ZOWERING + DELETE {zowe.setup.security.users.zowe}.ZOWERING F ACF2,REBUILD(USR),CLASS(P),DIVISION(KEYRING) From ced83b673b24dc02d6f8786ee45d5e90f6bab77e Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 8 Feb 2024 16:13:09 -0500 Subject: [PATCH 088/258] Reduce duplicate code in each init phase Signed-off-by: 1000TurquoisePogs --- bin/commands/init/certificate/index.sh | 23 +--- bin/commands/init/mvs/index.sh | 36 ++++--- bin/commands/init/security/index.sh | 140 +++---------------------- bin/commands/init/stc/index.sh | 65 +----------- bin/libs/zos-jes.sh | 43 ++++++-- bin/libs/zos.sh | 21 ++-- files/SZWEEXEC/ZWEGEN00 | 2 +- files/SZWESAMP/ZWEIAPF | 4 +- files/SZWESAMP/ZWEIMVS | 2 +- 9 files changed, 93 insertions(+), 243 deletions(-) diff --git a/bin/commands/init/certificate/index.sh b/bin/commands/init/certificate/index.sh index 4b9da621cb..315c0d783d 100644 --- a/bin/commands/init/certificate/index.sh +++ b/bin/commands/init/certificate/index.sh @@ -21,29 +21,8 @@ prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") if [ -z "${prefix}" ]; then print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 fi -# read JCL library and validate -jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") -does_jcl_exist=$(is_data_set_exists "${jcllib}") -if [ -z "${does_jcl_exist}" ]; then - zwecli_inline_execute_command init generate -fi -# should be created, but may take time to discover. -if [ -z "${does_jcl_exist}" ]; then -does_jcl_exist= -for secs in 1 5 10 ; do - does_jcl_exist=$(is_data_set_exists "${jcllib}") - if [ -z "${does_jcl_exist}" ]; then - sleep ${secs} - else - break - fi -done - -if [ -z "${does_jcl_exist}" ]; then - print_error_and_exit "Error ZWEL0999E: ${jcllib} does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 -fi -fi +jcllib=$(verify_generated_jcl) security_product=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.product") security_users_zowe=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.users.zowe") diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index e51cac14ad..60b582b545 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -15,7 +15,6 @@ print_level1_message "Initialize Zowe custom data sets" ############################### # constants cust_ds_list="parmlib|Zowe parameter library -jcllib|Zowe JCL library authLoadlib|Zowe authorized load library authPluginLib|Zowe authorized plugin library" @@ -47,23 +46,32 @@ while read -r line; do else print_error_and_exit "Error ZWEL0157E: ${name} (zowe.setup.dataset.${key}) is not defined in Zowe YAML configuration file." "" 157 fi - elif [ "${key}" = "authLoadlib" ]; then - if [ "${ds}" = "${prefix}.SZWESAMP" ]; then + fi + + if [ "${key}" = "authLoadlib" ]; then + if [ "${ds}" = "${prefix}.SZWEAUTH" ]; then run_aloadlib_create="false" else run_aloadlib_create="true" + # check existence + ds_existence=$(is_data_set_exists "${ds}") + if [ "${ds_existence}" = "true" ]; then + if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then + print_message "Warning ZWEL0300W: ${ds} already exists. Members in this data set will be overwritten." + else + print_message "Warning ZWEL0301W: ${ds} already exists and will not be overwritten. For upgrades, you must use --allow-overwrite." + fi + fi fi - fi - # check existence - ds_existence=$(is_data_set_exists "${ds}") - if [ "${ds_existence}" = "true" ]; then - if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then - # warning - print_message "Warning ZWEL0300W: ${ds} already exists. Members in this data set will be overwritten." - else - # print_error_and_exit "Error ZWEL0158E: ${ds} already exists." "" 158 - # warning - print_message "Warning ZWEL0301W: ${ds} already exists and will not be overwritten. For upgrades, you must use --allow-overwrite." + else + # check existence + ds_existence=$(is_data_set_exists "${ds}") + if [ "${ds_existence}" = "true" ]; then + if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then + print_message "Warning ZWEL0300W: ${ds} already exists. Members in this data set will be overwritten." + else + print_message "Warning ZWEL0301W: ${ds} already exists and will not be overwritten. For upgrades, you must use --allow-overwrite." + fi fi fi done < "${jcl_file}" - jcl_contents=$(cat "${jcl_file}") - - print_message "Template JCL: ${prefix}.SZWESAMP(ZWEISTC) , Executable JCL: ${jcllib}(ZWEISTC)" - print_message "--- JCL Content ---" - print_message "$jcl_contents" - print_message "--- End of JCL ---" - if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then - print_message "Submitting Job ZWEISTC" - jobid=$(submit_job $jcl_file) - code=$? - if [ ${code} -ne 0 ]; then - print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib}(ZWEISTC)." "" 161 - fi - print_debug "- job id ${jobid}" - - jobstate=$(wait_for_job "${jobid}") - code=$? - rm $jcl_file - if [ ${code} -eq 1 ]; then - print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 - fi - jobname=$(echo "${jobstate}" | awk -F, '{print $2}') - jobcctext=$(echo "${jobstate}" | awk -F, '{print $3}') - jobcccode=$(echo "${jobstate}" | awk -F, '{print $4}') - - if [ "${code}" -eq 0 ]; then - print_level2_message "Zowe main started tasks are installed successfully." - else - print_error_and_exit "Error ZWEL0163E: Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." "" 163 - fi - else - print_message "JCL not submitted, command run with dry run flag." - print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" - print_level2_message "Command run successfully." - rm $jcl_file - fi + print_and_handle_jcl "${jcl_file}" "ZWEISTC" "${jcllib}" "${prefix}" "true" + print_level2_message "Zowe main started tasks are installed successfully." fi diff --git a/bin/libs/zos-jes.sh b/bin/libs/zos-jes.sh index 4f9fc80f53..520e0bf356 100644 --- a/bin/libs/zos-jes.sh +++ b/bin/libs/zos-jes.sh @@ -140,11 +140,13 @@ wait_for_job() { print_and_handle_jcl() { jcl_location="${1}" - job_name="{2}" + job_name="${2}" jcllib="${3}" prefix="${4}" remove_jcl_on_finish="${5}" + continue_on_failure="${6}" jcl_contents=$(cat "${jcl_location}") + job_has_failures=false print_message "Template JCL: ${prefix}.SZWESAMP(${job_name}) , Executable JCL: ${jcllib}(${job_name})" print_message "--- JCL Content ---" @@ -153,23 +155,34 @@ print_and_handle_jcl() { if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then print_message "Submitting Job ${job_name}" - jobid=$(submit_job "${jcl_location}'") + jobid=$(submit_job "${jcl_location}") code=$? if [ ${code} -ne 0 ]; then - if [ "${remove_jcl_on_finish}" = "true" ]; then - rm "${jcl_location}" + job_has_failures=true + if [ "${continue_on_failure}" = "true" ]; then + print_error "Warning ZWEL0161W: Failed to run JCL ${jcllib}(${job_name})" + jobid= + else + if [ "${remove_jcl_on_finish}" = "true" ]; then + rm "${jcl_location}" + fi + print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib}(${job_name})." "" 161 fi - print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib}(${job_name})." "" 161 fi print_debug "- job id ${jobid}" jobstate=$(wait_for_job "${jobid}") code=$? if [ ${code} -eq 1 ]; then - if [ "${remove_jcl_on_finish}" = "true" ]; then - rm "${jcl_location}" + job_has_failures=true + if [ "${continue_on_failure}" = "true" ]; then + print_error "Warning ZWEL0162W: Failed to find job ${jobid} result." + else + if [ "${remove_jcl_on_finish}" = "true" ]; then + rm "${jcl_location}" + fi + print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 fi - print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 fi jobname=$(echo "${jobstate}" | awk -F, '{print $2}') jobcctext=$(echo "${jobstate}" | awk -F, '{print $3}') @@ -177,14 +190,22 @@ print_and_handle_jcl() { if [ "${code}" -eq 0 ]; then else - if [ "${remove_jcl_on_finish}" = "true" ]; then - rm "${jcl_location}" + job_has_failures=true + if [ "${continue_on_failure}" = "true" ]; then + print_error "Warning ZWEL0163W: Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." + else + if [ "${remove_jcl_on_finish}" = "true" ]; then + rm "${jcl_location}" + fi + print_error_and_exit "Error ZWEL0163E: Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." "" 163 fi - print_error_and_exit "Error ZWEL0163E: Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." "" 163 fi if [ "${remove_jcl_on_finish}" = "true" ]; then rm "${jcl_location}" fi + if [ "${job_has_failures}" = "true" ]; then + print_level2_message "Job ended with some failures. Please check job log for details." + fi return 0 else print_message "JCL not submitted, command run with dry run flag." diff --git a/bin/libs/zos.sh b/bin/libs/zos.sh index c45e511270..10fe29702c 100644 --- a/bin/libs/zos.sh +++ b/bin/libs/zos.sh @@ -69,17 +69,26 @@ operator_command() { verify_generated_jcl() { # read JCL library and validate - jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") - does_jcl_exist=$(tso_is_data_set_exists "${jcllib}") + does_jcl_exist=$(is_data_set_exists "${jcllib}") if [ -z "${does_jcl_exist}" ]; then - zwecli_inline_execute_command init generate + result=$(zwecli_inline_execute_command init generate) fi + # should be created, but may take time to discover. if [ -z "${does_jcl_exist}" ]; then - does_jcl_exist=$(tso_is_data_set_exists "${jcllib}") + does_jcl_exist= + for secs in 1 5 10 ; do + does_jcl_exist=$(is_data_set_exists "${jcllib}") + if [ -z "${does_jcl_exist}" ]; then + sleep ${secs} + else + break + fi + done + if [ -z "${does_jcl_exist}" ]; then - prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") - print_error_and_exit "Error ZWEL0999E: ${jcllib} does not exist, cannot run command. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 + print_error_and_exit "Error ZWEL0999E: ${jcllib} does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 + return 999 fi fi echo "${jcllib}" diff --git a/files/SZWEEXEC/ZWEGEN00 b/files/SZWEEXEC/ZWEGEN00 index 2483948ac9..9c3a0afc3d 100644 --- a/files/SZWEEXEC/ZWEGEN00 +++ b/files/SZWEEXEC/ZWEGEN00 @@ -195,7 +195,7 @@ if COMPARE('RTSS', CVTRAC_VAL) = 0 then do x = DeleteDataSet(jclCopy'(ZWEIACF2)') x = DeleteDataSet(jclCopy'(ZWEIRACF)') end -else do +if COMPARE('ACF2', CVTRAC_VAL) = 0 then do x = DeleteDataSet(jclCopy'(ZWEIKRT1)') x = DeleteDataSet(jclCopy'(ZWEIKRT2)') x = DeleteDataSet(jclCopy'(ZWEIKRT3)') diff --git a/files/SZWESAMP/ZWEIAPF b/files/SZWESAMP/ZWEIAPF index 2aad71c0d6..dc59bd3ca9 100644 --- a/files/SZWESAMP/ZWEIAPF +++ b/files/SZWESAMP/ZWEIAPF @@ -15,10 +15,10 @@ //* Which need it. You can issue this, or use another //* Way to accomplish the task. //* -//* +//********************************************************************* //* //* This dataset holds the APF portion of Zowe -// SET LOADLIB='{zowe.setup.dataset.authLoadLib}' +// SET LOADLIB='{zowe.setup.dataset.authLoadlib}' //* //* This dataset holds product plugins for ZIS, //* ZIS is located in the LOADLIB. diff --git a/files/SZWESAMP/ZWEIMVS b/files/SZWESAMP/ZWEIMVS index 098852eedb..e8e94c7ab4 100644 --- a/files/SZWESAMP/ZWEIMVS +++ b/files/SZWESAMP/ZWEIMVS @@ -15,7 +15,7 @@ //* Instances represent a configuration of Zowe, different from the //* "runtime" datasets that are created upon install of Zowe / SMPE. //* -//* If your choosen value of 'zowe.setup.dataset.authLoadLib' is not +//* If your choosen value of 'zowe.setup.dataset.authLoadlib' is not //* Equal to 'zowe.setup.prefix' + 'SZWELOAD', //* Then you must also run "ZWEIMVS2". //* From 7d14e05860a5340b90990c6a3fd50968ecf9c13e Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 9 Feb 2024 11:25:07 -0500 Subject: [PATCH 089/258] fixed regression on finding jcllib and exiting on not Signed-off-by: 1000TurquoisePogs --- bin/commands/init/apfauth/index.sh | 3 +++ bin/commands/init/certificate/index.sh | 3 +++ bin/commands/init/mvs/index.sh | 3 +++ bin/commands/init/security/index.sh | 4 ++++ bin/commands/init/stc/index.sh | 3 +++ bin/commands/init/vsam/index.sh | 4 ++++ bin/libs/zos.sh | 4 ++-- 7 files changed, 22 insertions(+), 2 deletions(-) diff --git a/bin/commands/init/apfauth/index.sh b/bin/commands/init/apfauth/index.sh index 4e04ae7ae8..b5753ebfe2 100644 --- a/bin/commands/init/apfauth/index.sh +++ b/bin/commands/init/apfauth/index.sh @@ -29,6 +29,9 @@ for key in ${required_params}; do done jcllib=$(verify_generated_jcl) +if [ "$?" -eq 1 ]; then + print_error_and_exit "Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 +fi print_and_handle_jcl "//'${jcllib}(ZWEIAPF)'" "ZWEIAPF" "${jcllib}" "${prefix}" print_level2_message "Zowe load libraries are APF authorized successfully." diff --git a/bin/commands/init/certificate/index.sh b/bin/commands/init/certificate/index.sh index 315c0d783d..8fe98560ae 100644 --- a/bin/commands/init/certificate/index.sh +++ b/bin/commands/init/certificate/index.sh @@ -23,6 +23,9 @@ if [ -z "${prefix}" ]; then fi jcllib=$(verify_generated_jcl) +if [ "$?" -eq 1 ]; then + print_error_and_exit "Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 +fi security_product=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.product") security_users_zowe=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.users.zowe") diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index 60b582b545..8cf2c376a9 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -29,6 +29,9 @@ if [ -z "${prefix}" ]; then fi jcllib_location=$(verify_generated_jcl) +if [ "$?" -eq 1 ]; then + print_error_and_exit "Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 +fi ############################### # create data sets if they do not exist diff --git a/bin/commands/init/security/index.sh b/bin/commands/init/security/index.sh index f9893e8446..e1a459e0bb 100644 --- a/bin/commands/init/security/index.sh +++ b/bin/commands/init/security/index.sh @@ -24,6 +24,10 @@ if [ -z "${prefix}" ]; then fi jcllib=$(verify_generated_jcl) +if [ "$?" -eq 1 ]; then + print_error_and_exit "Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 +fi + validation_list="product groups.admin groups.stc groups.sysProg users.zowe users.zis stcs.zowe stcs.zis stcs.aux" diff --git a/bin/commands/init/stc/index.sh b/bin/commands/init/stc/index.sh index 0cac01dcd2..a73edb1433 100644 --- a/bin/commands/init/stc/index.sh +++ b/bin/commands/init/stc/index.sh @@ -30,6 +30,9 @@ if [ -z "${proclib}" ]; then fi jcllib=$(verify_generated_jcl) +if [ "$?" -eq 1 ]; then + print_error_and_exit "Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 +fi security_stcs_zowe=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.stcs.zowe") if [ -z "${security_stcs_zowe}" ]; then diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index 5aefd266b6..5d99a41942 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -32,6 +32,10 @@ if [ -z "${prefix}" ]; then fi jcllib=$(verify_generated_jcl) +if [ "$?" -eq 1 ]; then + print_error_and_exit "Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 +fi + required_yaml_content="mode volume storageClass name" diff --git a/bin/libs/zos.sh b/bin/libs/zos.sh index 10fe29702c..8e3eb5ebc3 100644 --- a/bin/libs/zos.sh +++ b/bin/libs/zos.sh @@ -68,6 +68,7 @@ operator_command() { } verify_generated_jcl() { + jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") # read JCL library and validate does_jcl_exist=$(is_data_set_exists "${jcllib}") if [ -z "${does_jcl_exist}" ]; then @@ -87,8 +88,7 @@ verify_generated_jcl() { done if [ -z "${does_jcl_exist}" ]; then - print_error_and_exit "Error ZWEL0999E: ${jcllib} does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 - return 999 + return 1 fi fi echo "${jcllib}" From ce165e2a43f3bd569a11caa2155295837f21c5aa Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 9 Feb 2024 13:42:27 -0500 Subject: [PATCH 090/258] Add TS code from https://github.com/zowe/zowe-install-packaging/pull/3135 and adapt to new init stype Signed-off-by: 1000TurquoisePogs --- bin/commands/init/apfauth/cli.ts | 17 +++ bin/commands/init/apfauth/index.sh | 13 +++ bin/commands/init/apfauth/index.ts | 47 +++++++++ bin/commands/init/cli.ts | 18 ++++ bin/commands/init/index.sh | 13 +++ bin/commands/init/index.ts | 121 +++++++++++++++++++++ bin/commands/init/mvs/cli.ts | 18 ++++ bin/commands/init/mvs/index.sh | 19 +++- bin/commands/init/mvs/index.ts | 90 ++++++++++++++++ bin/commands/init/security/cli.ts | 18 ++++ bin/commands/init/security/index.sh | 22 +++- bin/commands/init/security/index.ts | 62 +++++++++++ bin/commands/init/stc/cli.ts | 18 ++++ bin/commands/init/stc/index.sh | 13 +++ bin/commands/init/stc/index.ts | 122 ++++++++++++++++++++++ bin/commands/init/vsam/cli.ts | 18 ++++ bin/commands/init/vsam/index.sh | 15 ++- bin/commands/init/vsam/index.ts | 63 +++++++++++ bin/commands/internal/config/set/index.ts | 2 +- bin/libs/json.ts | 6 ++ bin/libs/zos-jes.ts | 71 +++++++++++++ bin/libs/zos.ts | 35 ++++++- 22 files changed, 813 insertions(+), 8 deletions(-) create mode 100644 bin/commands/init/apfauth/cli.ts create mode 100644 bin/commands/init/apfauth/index.ts create mode 100644 bin/commands/init/cli.ts create mode 100644 bin/commands/init/index.ts create mode 100644 bin/commands/init/mvs/cli.ts create mode 100644 bin/commands/init/mvs/index.ts create mode 100644 bin/commands/init/security/cli.ts create mode 100644 bin/commands/init/security/index.ts create mode 100644 bin/commands/init/stc/cli.ts create mode 100644 bin/commands/init/stc/index.ts create mode 100644 bin/commands/init/vsam/cli.ts create mode 100644 bin/commands/init/vsam/index.ts diff --git a/bin/commands/init/apfauth/cli.ts b/bin/commands/init/apfauth/cli.ts new file mode 100644 index 0000000000..4d4953fbc4 --- /dev/null +++ b/bin/commands/init/apfauth/cli.ts @@ -0,0 +1,17 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as index from './index'; +import * as configmgr from '../../../libs/configmgr'; + +index.execute(); + +configmgr.cleanupTempDir(); diff --git a/bin/commands/init/apfauth/index.sh b/bin/commands/init/apfauth/index.sh index b5753ebfe2..4f4e0023b0 100644 --- a/bin/commands/init/apfauth/index.sh +++ b/bin/commands/init/apfauth/index.sh @@ -11,6 +11,19 @@ # Copyright Contributors to the Zowe Project. ####################################################################### +USE_CONFIGMGR=$(check_configmgr_enabled) +if [ "${USE_CONFIGMGR}" = "true" ]; then + if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then + + # user-facing command, use tmpdir to not mess up workspace permissions + export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 + fi + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/apfauth/cli.js" +else + print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 +fi + + print_level1_message "APF authorize load libraries" ############################### diff --git a/bin/commands/init/apfauth/index.ts b/bin/commands/init/apfauth/index.ts new file mode 100644 index 0000000000..361ec74643 --- /dev/null +++ b/bin/commands/init/apfauth/index.ts @@ -0,0 +1,47 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as zosJes from '../../../libs/zos-jes'; +import * as zoslib from '../../../libs/zos'; +import * as common from '../../../libs/common'; +import * as config from '../../../libs/config'; + +export function execute() { + + common.printLevel1Message(`APF authorize load libraries`); + + // Validation + common.requireZoweYaml(); + const ZOWE_CONFIG = config.getZoweConfig(); + + // read prefix and validate + const prefix=ZOWE_CONFIG.zowe?.setup?.dataset?.prefix; + if (!prefix) { + common.printErrorAndExit(`Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + + // read JCL library and validate + const jcllib = zoslib.verifyGeneratedJcl(ZOWE_CONFIG); + if (!jcllib) { + return common.printErrorAndExit(`Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command.`, undefined, 999); + } + + + ['authLoadlib', 'authPluginLib'].forEach((key)=> { + if (!ZOWE_CONFIG.zowe?.setup?.dataset || !ZOWE_CONFIG.zowe?.setup?.dataset[key]) { + common.printErrorAndExit(`Error ZWEL0157E: zowe.setup.dataset.${key} is not defined in Zowe YAML configuration file.`, undefined, 157); + } + }); + + + zosJes.printAndHandleJcl(`//'${jcllib}(ZWEIAPF)'`, `ZWEIAPF`, jcllib, prefix); + common.printLevel2Message(`Zowe load libraries are APF authorized successfully.`); +} diff --git a/bin/commands/init/cli.ts b/bin/commands/init/cli.ts new file mode 100644 index 0000000000..1f0812f9ea --- /dev/null +++ b/bin/commands/init/cli.ts @@ -0,0 +1,18 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as std from 'cm_std'; +import * as index from './index'; +import * as configmgr from '../../libs/configmgr'; + +index.execute(std.getenv("ZWE_CLI_PARAMETER_ALLOW_OVERWRITE") == 'true', std.getenv('ZWE_CLI_PARAMETER_SECURITY_DRY_RUN') == 'true', std.getenv('ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES') == 'true', std.getenv("ZWE_CLI_PARAMETER_UPDATE_CONFIG") == 'true'); + +configmgr.cleanupTempDir(); diff --git a/bin/commands/init/index.sh b/bin/commands/init/index.sh index ea19713b18..754aef8a88 100755 --- a/bin/commands/init/index.sh +++ b/bin/commands/init/index.sh @@ -11,6 +11,19 @@ # Copyright Contributors to the Zowe Project. ####################################################################### +USE_CONFIGMGR=$(check_configmgr_enabled) +if [ "${USE_CONFIGMGR}" = "true" ]; then + if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then + + # user-facing command, use tmpdir to not mess up workspace permissions + export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 + fi + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/cli.js" +else + print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 +fi + + print_level0_message "Configure Zowe" ############################### diff --git a/bin/commands/init/index.ts b/bin/commands/init/index.ts new file mode 100644 index 0000000000..f2a402013b --- /dev/null +++ b/bin/commands/init/index.ts @@ -0,0 +1,121 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as std from 'cm_std'; +import * as shell from '../../libs/shell'; +import * as zoslib from '../../libs/zos'; +import * as json from '../../libs/json'; +import * as zosJes from '../../libs/zos-jes'; +import * as zosDataset from '../../libs/zos-dataset'; +import * as common from '../../libs/common'; +import * as config from '../../libs/config'; +import * as node from '../../libs/node'; +import * as java from '../../libs/java'; + +import * as initGenerate from './generate/index'; +import * as initMvs from './mvs/index'; +import * as initVsam from './vsam/index'; +import * as initApfAuth from './apfauth/index'; +import * as initSecurity from './security/index'; +//import * as initCertificate from './certificate/index'; +import * as initStc from './stc/index'; + +export function execute(allowOverwrite?: boolean, dryRun?: boolean, ignoreSecurityFailures?: boolean, updateConfig?: boolean) { + common.printLevel0Message(`Configure Zowe`); + + // Validation + common.requireZoweYaml(); + + // Read job name and validate + const zoweConfig = config.getZoweConfig(); + + + common.printLevel1Message(`Check if need to update runtime directory, Java and/or node.js settings in Zowe YAML configuration`); + // node.home + let newNodeHome; + const configNodeHome=zoweConfig.node?.home; + // only try to update if it's not defined + if (!configNodeHome || configNodeHome == 'DETECT') { + node.requireNode(); + newNodeHome=std.getenv('NODE_HOME'); + } + + // java.home + let newJavaHome; + const configJavaHome=zoweConfig.java?.home; + // only try to update if it's not defined + if (!configJavaHome || configJavaHome == 'DETECT') { + java.requireJava(); + newJavaHome=std.getenv('JAVA_HOME'); + } + + // zowe.runtimeDirectory + let newZoweRuntimeDir; + // do we have zowe.runtimeDirectory defined in zowe.yaml? + const configRuntimeDir = zoweConfig.zowe?.runtimeDirectory; + if (configRuntimeDir) { + if (configRuntimeDir != std.getenv('ZWE_zowe_runtimeDirectory')) { + common.printErrorAndExit(`Error ZWEL0105E: The Zowe YAML config file is associated to Zowe runtime "${configRuntimeDir}", which is not same as where zwe command is located.`, undefined, 105); + } + } else { + newZoweRuntimeDir = std.getenv('ZWE_zowe_runtimeDirectory'); + } + + if (newNodeHome || newJavaHome || newZoweRuntimeDir) { + if (std.getenv("ZWE_CLI_PARAMETER_UPDATE_CONFIG") == "true") { + let updateObj:any = {}; + if (newNodeHome) { + updateObj.node = {home: newNodeHome}; + } + if (newJavaHome) { + updateObj.java = {home: newJavaHome}; + } + if (newZoweRuntimeDir) { + updateObj.zowe = {runtimeDirectory: newZoweRuntimeDir}; + } + json.updateZoweYamlFromObj(std.getenv('ZOWE_CLI_PARAMETER_CONFIG'), updateObj); + + common.printLevel2Message(`Runtime directory, Java and/or node.js settings are updated successfully.`); + } else { + common.printMessage(`These configurations need to be added to your YAML configuration file:`); + common.printMessage(``); + if (newZoweRuntimeDir) { + common.printMessage(`zowe:`); + common.printMessage(` runtimeDirectory: "${newZoweRuntimeDir}"`); + } + if (newNodeHome) { + common.printMessage(`node:`); + common.printMessage(` home: "${newNodeHome}"`); + } + if (newJavaHome) { + common.printMessage(`java:`); + common.printMessage(` home: "${newJavaHome}"`); + } + + common.printLevel2Message(`Please manually update "${std.getenv('ZWE_CLI_PARAMETER_CONFIG')}" before you start Zowe.`); + } + } else { + common.printLevel2Message(`No need to update runtime directory, Java and node.js settings.`); + } + + initGenerate.execute(dryRun); + initMvs.execute(allowOverwrite); + initVsam.execute(allowOverwrite, dryRun, updateConfig); + if (std.getenv("ZWE_CLI_PARAMETER_SKIP_SECURITY_SETUP") != 'true') { + initApfAuth.execute(); + initSecurity.execute(dryRun, ignoreSecurityFailures); + } + //initCertificate.execute(); + let result = shell.execSync('sh', '-c', `${std.getenv('ZWE_zowe_runtimeDirectory')}/bin/zwe init certificate ${dryRun?'--dry-run':''} ${updateConfig?'--update-config':''} ${allowOverwrite?'--alow-overwrite':''} ${ignoreSecurityFailures?'--ignore-security-failures':''} -c "${std.getenv('ZWE_CLI_PARAMETER_CONFIG')}"`); + initStc.execute(allowOverwrite); + + common.printLevel1Message(`Zowe is configured successfully.`); +} diff --git a/bin/commands/init/mvs/cli.ts b/bin/commands/init/mvs/cli.ts new file mode 100644 index 0000000000..a040d57a34 --- /dev/null +++ b/bin/commands/init/mvs/cli.ts @@ -0,0 +1,18 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as std from 'cm_std'; +import * as index from './index'; +import * as configmgr from '../../../libs/configmgr'; + +index.execute(std.getenv("ZWE_CLI_PARAMETER_ALLOW_OVERWRITE") == 'true'); + +configmgr.cleanupTempDir(); diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index 8cf2c376a9..cf7b4a2f68 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -10,6 +10,19 @@ # Copyright Contributors to the Zowe Project. ####################################################################### +USE_CONFIGMGR=$(check_configmgr_enabled) +if [ "${USE_CONFIGMGR}" = "true" ]; then + if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then + + # user-facing command, use tmpdir to not mess up workspace permissions + export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 + fi + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/mvs/cli.js" +else + print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 +fi + + print_level1_message "Initialize Zowe custom data sets" ############################### @@ -28,7 +41,7 @@ if [ -z "${prefix}" ]; then print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 fi -jcllib_location=$(verify_generated_jcl) +jcllib=$(verify_generated_jcl) if [ "$?" -eq 1 ]; then print_error_and_exit "Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 fi @@ -89,9 +102,9 @@ if [ "${ds_existence}" = "true" ] && [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" ! else - print_and_handle_jcl "//'${jcllib_location}(ZWEIMVS)'" "ZWEIMVS" "${jcllib_location}" "${prefix}" + print_and_handle_jcl "//'${jcllib}(ZWEIMVS)'" "ZWEIMVS" "${jcllib}" "${prefix}" if [ "${run_aloadlib_create}" = "true" ]; then - print_and_handle_jcl "//'${jcllib_location}(ZWEIMVS2)'" "ZWEIMVS2" "${jcllib_location}" "${prefix}" + print_and_handle_jcl "//'${jcllib}(ZWEIMVS2)'" "ZWEIMVS2" "${jcllib}" "${prefix}" fi print_level2_message "Zowe custom data sets are initialized successfully." diff --git a/bin/commands/init/mvs/index.ts b/bin/commands/init/mvs/index.ts new file mode 100644 index 0000000000..4ae9acd768 --- /dev/null +++ b/bin/commands/init/mvs/index.ts @@ -0,0 +1,90 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as zoslib from '../../../libs/zos'; +import * as zosJes from '../../../libs/zos-jes'; +import * as zosdataset from '../../../libs/zos-dataset'; +import * as common from '../../../libs/common'; +import * as config from '../../../libs/config'; + +export function execute(allowOverwrite?: boolean) { + common.printLevel1Message(`Initialize Zowe custom data sets`); + common.requireZoweYaml(); + const ZOWE_CONFIG = config.getZoweConfig(); + + const datasets = [ + { configKey: 'parmlib', + description: 'Zowe parameter library' + }, + { configKey: 'authLoadlib', + description: 'Zowe authorized load library' + }, + { configKey: 'authPluginLib', + description: 'Zowe authorized plugin library' + } + ]; + + const prefix=ZOWE_CONFIG.zowe.setup?.dataset?.prefix; + if (!prefix) { + common.printErrorAndExit(`Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + + const jcllib = zoslib.verifyGeneratedJcl(ZOWE_CONFIG); + if (!jcllib) { + common.printErrorAndExit(`Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command.`, undefined, 999); + } + + let runALoadlibCreate: boolean; + + common.printMessage(`Create data sets if they do not exist`); + let skippedDatasets: boolean = false; + + datasets.forEach((datasetDef) => { + // read def and validate + let skip:boolean = false; + const ds=ZOWE_CONFIG.zowe.setup?.dataset ? ZOWE_CONFIG.zowe.setup.dataset[datasetDef.configKey] : undefined; + if (!ds) { + // authLoadlib can be empty + if (datasetDef.configKey == 'authLoadlib') { + skip=true; + } else { + common.printErrorAndExit(`Error ZWEL0157E: ${datasetDef.configKey} (zowe.setup.dataset.${datasetDef.configKey}) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + } + + if (datasetDef.configKey == 'authLoadlib') { + runALoadlibCreate = ds == prefix+'SZWEAUTH' ? false : true; + } + + if (!skip) { + const datasetExists=zosdataset.isDatasetExists(ds); + if (datasetExists) { + if (allowOverwrite) { + common.printMessage(`Warning ZWEL0300W: ${ds} already exists. Members in this data set will be overwritten.`); + } else { + skippedDatasets = true; + common.printMessage(`Warning ZWEL0301W: ${ds} already exists and will not be overwritten. For upgrades, you must use --allow-overwrite.`); + } + } + } + }); + + if (skippedDatasets && !allowOverwrite) { + common.printMessage(`Skipped writing to a dataset. To write, you must use --allow-overwrite.`); + } else { + zosJes.printAndHandleJcl(`//'${jcllib}(ZWEIMVS)'`, `ZWEIMVS`, jcllib, prefix); + if (runALoadlibCreate === true) { + zosJes.printAndHandleJcl(`//'${jcllib}(ZWEIMVS2)'`, `ZWEIMVS2`, jcllib, prefix); + } + } + + common.printLevel2Message(`Zowe custom data sets are initialized successfully.`); +} diff --git a/bin/commands/init/security/cli.ts b/bin/commands/init/security/cli.ts new file mode 100644 index 0000000000..77f4743531 --- /dev/null +++ b/bin/commands/init/security/cli.ts @@ -0,0 +1,18 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as std from 'cm_std'; +import * as index from './index'; +import * as configmgr from '../../../libs/configmgr'; + +index.execute(std.getenv('ZWE_CLI_PARAMETER_SECURITY_DRY_RUN') == 'true', std.getenv('ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES') == 'true'); + +configmgr.cleanupTempDir(); diff --git a/bin/commands/init/security/index.sh b/bin/commands/init/security/index.sh index e1a459e0bb..54f4193f67 100644 --- a/bin/commands/init/security/index.sh +++ b/bin/commands/init/security/index.sh @@ -11,6 +11,19 @@ # Copyright Contributors to the Zowe Project. ####################################################################### +USE_CONFIGMGR=$(check_configmgr_enabled) +if [ "${USE_CONFIGMGR}" = "true" ]; then + if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then + + # user-facing command, use tmpdir to not mess up workspace permissions + export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 + fi + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/security/cli.js" +else + print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 +fi + + print_level1_message "Run Zowe security configurations" ############################### @@ -29,7 +42,7 @@ if [ "$?" -eq 1 ]; then fi -validation_list="product groups.admin groups.stc groups.sysProg users.zowe users.zis stcs.zowe stcs.zis stcs.aux" +validation_list="groups.admin groups.stc groups.sysProg users.zowe users.zis stcs.zowe stcs.zis stcs.aux" for item in ${validation_list}; do result=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.${item}") @@ -38,11 +51,16 @@ for item in ${validation_list}; do fi done +security_product=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.product") +if [ -z "${security_product}" ]; then + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.product) is not defined in Zowe YAML configuration file." "" 157 +fi + ############################### # submit job print_and_handle_jcl "//'${jcllib}(ZWEI${security_product})'" "ZWEI${security_product}" "${jcllib}" "${prefix}" "false" "${ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES}" print_message "" -print_message "WARNING: Due to the limitation of the ZWESECUR job, exit with 0 does not mean" +print_message "WARNING: Due to the limitation of the ZWEI${security_product} job, exit with 0 does not mean" print_message " the job is fully successful. Please check the job log to determine" print_message " if there are any inline errors." print_message "" diff --git a/bin/commands/init/security/index.ts b/bin/commands/init/security/index.ts new file mode 100644 index 0000000000..92e673f49a --- /dev/null +++ b/bin/commands/init/security/index.ts @@ -0,0 +1,62 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as common from '../../../libs/common'; +import * as config from '../../../libs/config'; +import * as zoslib from '../../../libs/zos'; +import * as zosJes from '../../../libs/zos-jes'; + +export function execute(dryRun?: boolean, ignoreSecurityFailures?: boolean) { + common.printLevel1Message(`Run Zowe security configurations`); + + // Validation + common.requireZoweYaml(); + const ZOWE_CONFIG = config.getZoweConfig(); + + // read prefix and validate + const prefix=ZOWE_CONFIG.zowe.setup?.dataset?.prefix; + if (!prefix) { + common.printErrorAndExit(`Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + // read JCL library and validate + const jcllib = zoslib.verifyGeneratedJcl(ZOWE_CONFIG); + if (!jcllib) { + return common.printErrorAndExit(`Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command.`, undefined, 999); + } + + let securityProduct = ZOWE_CONFIG.zowe.setup?.security?.product; + if (!securityProduct) { + common.printErrorAndExit(`Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + ['admin', 'stc', 'sysProg'].forEach((key)=> { + if (!ZOWE_CONFIG.zowe.setup?.security?.groups || !ZOWE_CONFIG.zowe.setup?.security?.groups[key]) { + common.printErrorAndExit(`Error ZWEL0157E: (zowe.setup.dataset.groups.${key}) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + }); + ['zowe', 'zis'].forEach((key)=> { + if (!ZOWE_CONFIG.zowe.setup?.security?.users || !ZOWE_CONFIG.zowe.setup?.security?.users[key]) { + common.printErrorAndExit(`Error ZWEL0157E: (zowe.setup.dataset.users.${key}) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + }); + ['zowe', 'zis', 'aux'].forEach((key)=> { + if (!ZOWE_CONFIG.zowe.setup?.security?.stcs || !ZOWE_CONFIG.zowe.setup?.security?.stcs[key]) { + common.printErrorAndExit(`Error ZWEL0157E: (zowe.setup.dataset.stcs.${key}) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + }); + + zosJes.printAndHandleJcl(`//'${jcllib}(ZWEI${securityProduct})'`, `ZWEI${securityProduct}`, jcllib, prefix, false, ignoreSecurityFailures); + common.printMessage(``); + common.printMessage(`WARNING: Due to the limitation of the ZWEI${securityProduct} job, exit with 0 does not mean`); + common.printMessage(` the job is fully successful. Please check the job log to determine`); + common.printMessage(` if there are any inline errors.`); + common.printMessage(``); + common.printLevel2Message(`Command run successfully.`); +} diff --git a/bin/commands/init/stc/cli.ts b/bin/commands/init/stc/cli.ts new file mode 100644 index 0000000000..dde5f23c94 --- /dev/null +++ b/bin/commands/init/stc/cli.ts @@ -0,0 +1,18 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as std from 'cm_std'; +import * as index from './index'; +import * as configmgr from '../../../libs/configmgr'; + +index.execute(std.getenv('ZWE_CLI_PARAMETER_ALLOW_OVERWRITE') == 'true'); + +configmgr.cleanupTempDir(); diff --git a/bin/commands/init/stc/index.sh b/bin/commands/init/stc/index.sh index a73edb1433..a28703654a 100644 --- a/bin/commands/init/stc/index.sh +++ b/bin/commands/init/stc/index.sh @@ -11,6 +11,19 @@ # Copyright Contributors to the Zowe Project. ####################################################################### +USE_CONFIGMGR=$(check_configmgr_enabled) +if [ "${USE_CONFIGMGR}" = "true" ]; then + if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then + + # user-facing command, use tmpdir to not mess up workspace permissions + export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 + fi + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/stc/cli.js" +else + print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 +fi + + print_level1_message "Install Zowe main started task" ############################### diff --git a/bin/commands/init/stc/index.ts b/bin/commands/init/stc/index.ts new file mode 100644 index 0000000000..35debe9263 --- /dev/null +++ b/bin/commands/init/stc/index.ts @@ -0,0 +1,122 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + + +import * as std from 'cm_std'; +import * as zos from 'zos'; +import * as xplatform from 'xplatform'; + +import * as fs from '../../../libs/fs'; +import * as common from '../../../libs/common'; +import * as stringlib from '../../../libs/string'; +import * as shell from '../../../libs/shell'; +import * as config from '../../../libs/config'; +import * as zoslib from '../../../libs/zos'; +import * as zosJes from '../../../libs/zos-jes'; +import * as zosdataset from '../../../libs/zos-dataset'; + + +export function execute(allowOverwrite: boolean = false) { + + common.printLevel1Message(`Install Zowe main started task`); + + // constants + const COMMAND_LIST = std.getenv('ZWE_CLI_COMMANDS_LIST'); + + let stcExistence: boolean; + + // validation + common.requireZoweYaml(); + const ZOWE_CONFIG=config.getZoweConfig(); + + // read prefix and validate + const prefix=ZOWE_CONFIG.zowe?.setup?.dataset?.prefix; + if (!prefix) { + common.printErrorAndExit(`Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + // read PROCLIB and validate + const proclib=ZOWE_CONFIG.zowe.setup?.dataset?.proclib; + if (!proclib) { + common.printErrorAndExit(`Error ZWEL0157E: PROCLIB (zowe.setup.dataset.proclib) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + // read JCL library and validate + const jcllib = zoslib.verifyGeneratedJcl(ZOWE_CONFIG); + if (!jcllib) { + return common.printErrorAndExit(`Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command.`, undefined, 999); + } + + let security_stcs_zowe=ZOWE_CONFIG.zowe.setup?.security?.stcs?.zowe; + if (!security_stcs_zowe) { + common.printErrorAndExit(`Error ZWEL0157E: (zowe.setup.security.stcs.zowe) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + let security_stcs_zis=ZOWE_CONFIG.zowe.setup?.security?.stcs?.zis; + if (!security_stcs_zis) { + common.printErrorAndExit(`Error ZWEL0157E: (zowe.setup.security.stcs.zis) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + let security_stcsAux=ZOWE_CONFIG.zowe.setup?.security?.stcs?.aux; + if (!security_stcsAux) { + common.printErrorAndExit(`Error ZWEL0157E: (zowe.setup.security.stcs.aux) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + + [security_stcs_zowe, security_stcs_zis, security_stcsAux].forEach((mb: string) => { + // STCs in target proclib + stcExistence=zosdataset.isDatasetExists(`${proclib}(${mb})`); + if (stcExistence == true) { + if (allowOverwrite) { + // warning + common.printMessage(`Warning ZWEL0300W: ${proclib}(${mb}) already exists. This data set member will be overwritten during configuration.`); + } else { + // common.printErrorAndExit(`Error ZWEL0158E: ${proclib}(${mb}) already exists.`, undefined, 158); + // warning + common.printMessage(`Warning ZWEL0301W: ${proclib}(${mb}) already exists and will not be overwritten. For upgrades, you must use --allow-overwrite.`); + } + } + }); + + if (stcExistence == true && !allowOverwrite) { + common.printMessage(`Skipped writing to ${proclib}. To write, you must use --allow-overwrite.`); + } else { + // prepare STCs + + // ZWESISTC + const tmpfile = fs.createTmpFile(`zwe ${COMMAND_LIST}`.replace(new RegExp('\ ', 'g'), '-')); + common.printDebug(`- Copy ${jcllib}(ZWESISTC) to ${tmpfile}`); + const sistcContent = shell.execOutSync('sh', '-c', `cat "//'${jcllib}(ZWESISTC)'" 2>&1`); + if (sistcContent.out && sistcContent.rc == 0) { + common.printDebug(` * Succeeded`); + common.printTrace(` * Output:`); + common.printTrace(stringlib.paddingLeft(sistcContent.out, " ")); + + const tmpFileContent = sistcContent.out.replace("ZWESLSTC,ZWESLSTC", "ZWESLSTC") + .replace("ZWESISTC,ZWESISTC", "ZWESISTC") + .replace("ZWESASTC,ZWESASTC", "ZWESASTC"); + xplatform.storeFileUTF8(tmpfile, xplatform.AUTO_DETECT, tmpFileContent); + common.printTrace(` * Stored:`); + common.printTrace(stringlib.paddingLeft(tmpFileContent, " ")); + + shell.execSync('chmod', '700', tmpfile); + } else { + common.printDebug(` * Failed`); + common.printError(` * Exit code: ${sistcContent.rc}`); + common.printError(` * Output:`); + if (sistcContent.out) { + common.printError(stringlib.paddingLeft(sistcContent.out, " ")); + } + std.exit(1); + } + if (!fs.fileExists(tmpfile)) { + common.printErrorAndExit(`Error ZWEL0159E: Failed to prepare ZWEISTC`, undefined, 159); + } + + zosJes.printAndHandleJcl(tmpfile, `ZWEISTC`, jcllib, prefix, true); + common.printLevel2Message(`Zowe main started tasks are installed successfully.`); + } +} diff --git a/bin/commands/init/vsam/cli.ts b/bin/commands/init/vsam/cli.ts new file mode 100644 index 0000000000..190ca1c6e6 --- /dev/null +++ b/bin/commands/init/vsam/cli.ts @@ -0,0 +1,18 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as std from 'cm_std'; +import * as index from './index'; +import * as configmgr from '../../../libs/configmgr'; + +index.execute(std.getenv("ZWE_CLI_PARAMETER_ALLOW_OVERWRITE") == 'true', std.getenv("ZWE_CLI_PARAMETER_DRY_RUN") == 'true', std.getenv("ZWE_CLI_PARAMETER_UPDATE_CONFIG") == 'true'); + +configmgr.cleanupTempDir(); diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index 5d99a41942..8086bb3988 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -11,6 +11,19 @@ # Copyright Contributors to the Zowe Project. ####################################################################### +USE_CONFIGMGR=$(check_configmgr_enabled) +if [ "${USE_CONFIGMGR}" = "true" ]; then + if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then + + # user-facing command, use tmpdir to not mess up workspace permissions + export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 + fi + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/vsam/cli.js" +else + print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 +fi + + print_level1_message "Create VSAM storage for Zowe Caching Service" ############################### @@ -65,9 +78,9 @@ fi print_and_handle_jcl "//'${jcllib}(ZWECSVSM)" "ZWECSVSM" "${jcllib}" "${prefix}" if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then - print_level2_message "Zowe Caching Service VSAM storage is created successfully." if [ "${ZWE_CLI_PARAMETER_UPDATE_CONFIG}" = "true" ]; then update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "components.caching-service.storage.vsam.name" "${name}" print_level2_message "Zowe configuration is updated successfully." fi fi +print_level2_message "Zowe Caching Service VSAM storage is created successfully." diff --git a/bin/commands/init/vsam/index.ts b/bin/commands/init/vsam/index.ts new file mode 100644 index 0000000000..16de81412b --- /dev/null +++ b/bin/commands/init/vsam/index.ts @@ -0,0 +1,63 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as std from 'cm_std'; +import * as zoslib from '../../../libs/zos'; +import * as json from '../../../libs/json'; +import * as zosJes from '../../../libs/zos-jes'; +import * as zosDataset from '../../../libs/zos-dataset'; +import * as common from '../../../libs/common'; +import * as config from '../../../libs/config'; + +export function execute(allowOverwrite?: boolean, dryRun?: boolean, updateConfig?: boolean) { + common.printLevel1Message(`Initialize Zowe custom data sets`); + common.requireZoweYaml(); + const ZOWE_CONFIG = config.getZoweConfig(); + + const cachingStorage = ZOWE_CONFIG.components['caching-service']?.storage?.mode; + if (!cachingStorage || (cachingStorage.toUpperCase() != 'VSAM')) { + common.printError(`Warning ZWEL0301W: Zowe Caching Service is not configured to use VSAM. Command skipped.`); + return; + } + + const prefix=ZOWE_CONFIG.zowe.setup?.dataset?.prefix; + if (!prefix) { + return common.printErrorAndExit(`Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + + const jcllib = zoslib.verifyGeneratedJcl(ZOWE_CONFIG); + if (!jcllib) { + return common.printErrorAndExit(`Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command.`, undefined, 999); + } + + ['mode', 'volume', 'storageClass', 'name'].forEach((key)=> { + if (!ZOWE_CONFIG.zowe.setup.vsam || !ZOWE_CONFIG.zowe.setup.vsam[key]) { + return common.printErrorAndExit(`Error ZWEL0157E: VSAM parameter (zowe.setup.vsam.${key}) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + }); + + const name = ZOWE_CONFIG.zowe.setup.vsam.name; + + const vsamExistence = zosDataset.isDatasetExists(name); + if (vsamExistence && allowOverwrite) { + zosDataset.deleteDataset(name); + } else if (vsamExistence) { + return common.printErrorAndExit(`Error ZWEL0158E: ${name} already exists.`, undefined, 158); + } + + zosJes.printAndHandleJcl(`//'${jcllib}(ZWECSVSM)'`, `ZWECSVSM`, jcllib, prefix); + if (!dryRun && updateConfig) { + json.updateZoweYaml(std.getenv('ZWE_CLI_PARAMETER_CONFIG_ORIG'), '.components.caching-service.storage.vsam.name', name); + common.printLevel2Message(`Zowe configuration is updated successfully.`); + } + + common.printLevel2Message(`Zowe Caching Service VSAM storage is created successfully.`); +} diff --git a/bin/commands/internal/config/set/index.ts b/bin/commands/internal/config/set/index.ts index a933254ca6..e184216d6a 100644 --- a/bin/commands/internal/config/set/index.ts +++ b/bin/commands/internal/config/set/index.ts @@ -17,7 +17,7 @@ import * as fakejq from '../../../../libs/fakejq'; export function execute(configPath:string, newValue: any, haInstance?: string, valueAsString?: boolean) { common.requireZoweYaml(); - const configFiles=std.getenv('ZWE_CLI_PARAMETER_CONFIG'); + const configFiles=std.getenv('ZWE_CLI_PARAMETER_CONFIG_ORIG'); const ZOWE_CONFIG=config.getZoweConfig(); if (!valueAsString) { diff --git a/bin/libs/json.ts b/bin/libs/json.ts index 70243b8901..4b9b11d097 100644 --- a/bin/libs/json.ts +++ b/bin/libs/json.ts @@ -165,6 +165,12 @@ export function updateZoweYaml(file: string, key: string, val: any) { } } +export function updateZoweYamlFromObj(file: string, updateObj: any) { + common.printMessage(`- update zowe config ${file} with obj=${JSON.stringify(updateObj, null, 2)}`); + config.updateZoweConfig(updateObj, true, 1); //TODO externalize array merge strategy = 1 +} + + //TODO: PARMLIB not supported. export function deleteYaml(file: string, key: string, expectedSample: string) { const ZOWE_CONFIG=config.getZoweConfig(); diff --git a/bin/libs/zos-jes.ts b/bin/libs/zos-jes.ts index 0a0954a8d0..749c62c991 100644 --- a/bin/libs/zos-jes.ts +++ b/bin/libs/zos-jes.ts @@ -10,6 +10,7 @@ */ import * as os from 'cm_os'; +import * as std from 'cm_std'; import * as zoslib from './zos'; import * as common from './common'; import * as stringlib from './string'; @@ -158,3 +159,73 @@ export function waitForJob(jobid: string): {jobcctext?: string, jobcccode?: stri return {jobcctext, jobcccode, jobname, rc: 1}; } } + +export function printAndHandleJcl(jclLocation: string, jobName: string, jcllib: string, prefix: string, removeJclOnFinish?: boolean, continueOnFailure?: boolean){ + const jclContents = shell.execOutSync('sh', '-c', `cat "${jclLocation}" 2>&1`).out; + + let jobHasFailures = false; + + common.printMessage(`Template JCL: ${prefix}.SZWESAMP(${jobName}) , Executable JCL: ${jcllib}(${jobName})`); + common.printMessage(`--- JCL Content ---`); + common.printMessage(jclContents); + common.printMessage(`--- End of JCL ---`); + + let removeRc: number; + + let jobId: string|undefined; + if (!std.getenv('ZWE_CLI_PARAMETER_DRY_RUN')) { + common.printMessage(`Submitting Job ${jobName}`); + jobId=submitJob(jclLocation); + if (!jobId) { + jobHasFailures=true; + if (continueOnFailure) { + common.printError(`Warning ZWEL0161W: Failed to run JCL ${jcllib}(${jobName})`); + jobId=undefined; + } else { + if (removeJclOnFinish) { + removeRc = os.remove(jclLocation); + } + common.printErrorAndExit(`Error ZWEL0161E: Failed to run JCL ${jcllib}(${jobName}).`, undefined, 161); + } + } + common.printDebug(`- job id ${jobId}`); + + let {jobcctext, jobcccode, jobname, rc} = waitForJob(jobId); + if (rc) { + jobHasFailures=true; + if (continueOnFailure) { + common.printError(`Warning ZWEL0162W: Failed to find job ${jobId} result.`); + } else { + if (removeJclOnFinish) { + removeRc = os.remove(jclLocation); + } + common.printErrorAndExit(`Error ZWEL0162E: Failed to find job ${jobId} result.`, undefined, 162); + } + + jobHasFailures=true + if (continueOnFailure) { + common.printError(`Warning ZWEL0163W: Job ${jobname}(${jobId}) ends with code ${jobcccode} (${jobcctext}).`); + } else { + if (removeJclOnFinish) { + removeRc = os.remove(jclLocation); + } + common.printErrorAndExit(`Error ZWEL0163E: Job ${jobname}(${jobId}) ends with code ${jobcccode} (${jobcctext}).`, undefined, 163); + } + } + if (removeJclOnFinish) { + removeRc = os.remove(jclLocation); + } + if (jobHasFailures) { + common.printLevel2Message(`Job ended with some failures. Please check job log for details.`); + } + return 0 + } else { + common.printMessage(`JCL not submitted, command run with dry run flag.`); + common.printMessage(`To perform command, re-run command without dry run flag, or submit the JCL directly`); + common.printLevel2Message(`Command run successfully.`); + if (removeJclOnFinish) { + removeRc = os.remove(jclLocation); + } + return 0 + } +} diff --git a/bin/libs/zos.ts b/bin/libs/zos.ts index 8cc5dea000..1a63cc5e29 100644 --- a/bin/libs/zos.ts +++ b/bin/libs/zos.ts @@ -10,10 +10,12 @@ */ import * as std from 'cm_std'; - +import * as os from 'cm_os'; import * as common from './common'; import * as shell from './shell'; import * as stringlib from './string'; +import * as zosDataset from './zos-dataset'; +import * as initGenerate from '../commands/init/generate/index'; export function tsoCommand(...args:string[]): { rc: number, out: string } { let message = "tsocmd " + '"' + args.join(' ') + '"'; @@ -64,3 +66,34 @@ export function operatorCommand(command: string): { rc: number, out: string } { //we strip the '.' we added above return { rc: result.rc, out: result.out ? result.out.substring(0, result.out.length-1) : '' }; } + +export function verifyGeneratedJcl(config:any): string { + const jcllib = config.zowe.setup.dataset.jcllib; + if (!jcllib) { + return undefined; + } + // read JCL library and validate + let doesJclExist=zosDataset.isDatasetExists(jcllib); + if (!doesJclExist) { + initGenerate.execute(); + } + + // should be created, but may take time to discover. + if (!doesJclExist) { + const interval = [1,5,10]; + for (let i = 0; i < interval.length; i++) { + let secs = interval[i]; + doesJclExist=zosDataset.isDatasetExists(jcllib); + if (!doesJclExist) { + os.sleep(secs*1000); + } else { + break; + } + } + + if (!doesJclExist) { + return undefined; + } + } + return jcllib; +} From 74d6e64ff083be556be341adc74ca30258001c98 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 9 Feb 2024 14:05:54 -0500 Subject: [PATCH 091/258] remove shell code and prevent duplicate job logging in verbose mode Signed-off-by: 1000TurquoisePogs --- bin/commands/init/apfauth/index.sh | 26 --------- bin/commands/init/index.sh | 89 ---------------------------- bin/commands/init/mvs/index.sh | 90 ----------------------------- bin/commands/init/mvs/index.ts | 36 +++++------- bin/commands/init/security/index.sh | 47 --------------- bin/commands/init/stc/index.sh | 70 ---------------------- bin/commands/init/vsam/index.sh | 62 -------------------- bin/libs/zos-jes.ts | 30 +++++----- 8 files changed, 29 insertions(+), 421 deletions(-) diff --git a/bin/commands/init/apfauth/index.sh b/bin/commands/init/apfauth/index.sh index 4f4e0023b0..e65221b252 100644 --- a/bin/commands/init/apfauth/index.sh +++ b/bin/commands/init/apfauth/index.sh @@ -22,29 +22,3 @@ if [ "${USE_CONFIGMGR}" = "true" ]; then else print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 fi - - -print_level1_message "APF authorize load libraries" - -############################### -# constants -required_yaml_content="prefix authLoadlib authPluginLib" - -############################### -# validation -require_zowe_yaml - -for key in ${required_params}; do - eval "${key}=$(read_yaml \"${ZWE_CLI_PARAMETER_CONFIG}\" \".zowe.setup.dataset.${key}\")" - if [ -z "${key}" ]; then - print_error_and_exit "Error ZWEL0157E: Dataset parameter (zowe.setup.dataset.${key}) is not defined in Zowe YAML configuration file." "" 157 - fi -done - -jcllib=$(verify_generated_jcl) -if [ "$?" -eq 1 ]; then - print_error_and_exit "Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 -fi - -print_and_handle_jcl "//'${jcllib}(ZWEIAPF)'" "ZWEIAPF" "${jcllib}" "${prefix}" -print_level2_message "Zowe load libraries are APF authorized successfully." diff --git a/bin/commands/init/index.sh b/bin/commands/init/index.sh index 754aef8a88..3c707ba227 100755 --- a/bin/commands/init/index.sh +++ b/bin/commands/init/index.sh @@ -22,92 +22,3 @@ if [ "${USE_CONFIGMGR}" = "true" ]; then else print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 fi - - -print_level0_message "Configure Zowe" - -############################### -print_level1_message "Check if need to update runtime directory, Java and/or node.js settings in Zowe YAML configuration" -# node.home -update_node_home= -yaml_node_home="$(shell_read_yaml_node_home "${ZWE_CLI_PARAMETER_CONFIG}")" -# only try to update if it's not defined -if [ -z "${yaml_node_home}" ]; then - require_node - if [ -n "${NODE_HOME}" ]; then - update_node_home="${NODE_HOME}" - fi -fi -# java.home -update_java_home= -yaml_java_home="$(shell_read_yaml_java_home "${ZWE_CLI_PARAMETER_CONFIG}")" -# only try to update if it's not defined -if [ -z "${yaml_java_home}" ]; then - require_java - if [ -n "${JAVA_HOME}" ]; then - update_java_home="${JAVA_HOME}" - fi -fi -# zowe.runtimeDirectory -require_zowe_yaml -update_zowe_runtime_dir= -# do we have zowe.runtimeDirectory defined in zowe.yaml? -yaml_runtime_dir=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.runtimeDirectory") -if [ -n "${yaml_runtime_dir}" ]; then - result=$(are_directories_same "${yaml_runtime_dir}" "${ZWE_zowe_runtimeDirectory}") - code=$? - if [ ${code} -ne 0 ]; then - print_error_and_exit "Error ZWEL0105E: The Zowe YAML config file is associated to Zowe runtime \"${yaml_runtime_dir}\", which is not same as where zwe command is located." "" 105 - fi - # no need to update -else - update_zowe_runtime_dir="${ZWE_zowe_runtimeDirectory}" -fi - -if [ -n "${update_node_home}" -o -n "${update_java_home}" -o -n "${update_zowe_runtime_dir}" ]; then - if [ "${ZWE_CLI_PARAMETER_UPDATE_CONFIG}" = "true" ]; then - if [ -n "${update_node_home}" ]; then - update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "node.home" "${update_node_home}" - fi - if [ -n "${update_java_home}" ]; then - update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "java.home" "${update_java_home}" - fi - if [ -n "${update_zowe_runtime_dir}" ]; then - update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "zowe.runtimeDirectory" "${update_zowe_runtime_dir}" - fi - - print_level2_message "Runtime directory, Java and/or node.js settings are updated successfully." - else - print_message "These configurations need to be added to your YAML configuration file:" - print_message "" - if [ -n "${update_zowe_runtime_dir}" ]; then - print_message "zowe:" - print_message " runtimeDirectory: \"${update_zowe_runtime_dir}\"" - fi - if [ -n "${update_node_home}" ]; then - print_message "node:" - print_message " home: \"${update_node_home}\"" - fi - if [ -n "${update_java_home}" ]; then - print_message "java:" - print_message " home: \"${update_java_home}\"" - fi - - print_level2_message "Please manually update \"${ZWE_CLI_PARAMETER_CONFIG}\" before you start Zowe." - fi -else - print_level2_message "No need to update runtime directory, Java and node.js settings." -fi - -############################### -zwecli_inline_execute_command init generate -zwecli_inline_execute_command init mvs -zwecli_inline_execute_command init vsam -if [ "${ZWE_CLI_PARAMETER_SKIP_SECURITY_SETUP}" != "true" ]; then - zwecli_inline_execute_command init apfauth - zwecli_inline_execute_command init security -fi -zwecli_inline_execute_command init certificate -zwecli_inline_execute_command init stc - -print_level1_message "Zowe is configured successfully." diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index cf7b4a2f68..5831eb54fb 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -21,93 +21,3 @@ if [ "${USE_CONFIGMGR}" = "true" ]; then else print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 fi - - -print_level1_message "Initialize Zowe custom data sets" - -############################### -# constants -cust_ds_list="parmlib|Zowe parameter library -authLoadlib|Zowe authorized load library -authPluginLib|Zowe authorized plugin library" - -############################### -# validation -require_zowe_yaml - -# read prefix and validate -prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") -if [ -z "${prefix}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 -fi - -jcllib=$(verify_generated_jcl) -if [ "$?" -eq 1 ]; then - print_error_and_exit "Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 -fi - -############################### -# create data sets if they do not exist -print_message "Create data sets if they do not exist" -while read -r line; do - key=$(echo "${line}" | awk -F"|" '{print $1}') - name=$(echo "${line}" | awk -F"|" '{print $2}') - - # read def and validate - ds=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.${key}") - if [ -z "${ds}" ]; then - # authLoadlib can be empty - if [ "${key}" = "authLoadlib" ]; then - continue - else - print_error_and_exit "Error ZWEL0157E: ${name} (zowe.setup.dataset.${key}) is not defined in Zowe YAML configuration file." "" 157 - fi - fi - - if [ "${key}" = "authLoadlib" ]; then - if [ "${ds}" = "${prefix}.SZWEAUTH" ]; then - run_aloadlib_create="false" - else - run_aloadlib_create="true" - # check existence - ds_existence=$(is_data_set_exists "${ds}") - if [ "${ds_existence}" = "true" ]; then - if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then - print_message "Warning ZWEL0300W: ${ds} already exists. Members in this data set will be overwritten." - else - print_message "Warning ZWEL0301W: ${ds} already exists and will not be overwritten. For upgrades, you must use --allow-overwrite." - fi - fi - fi - else - # check existence - ds_existence=$(is_data_set_exists "${ds}") - if [ "${ds_existence}" = "true" ]; then - if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then - print_message "Warning ZWEL0300W: ${ds} already exists. Members in this data set will be overwritten." - else - print_message "Warning ZWEL0301W: ${ds} already exists and will not be overwritten. For upgrades, you must use --allow-overwrite." - fi - fi - fi -done < { + for (let i = 0; i < datasets.length; i++) { + let key = datasets[i]; // read def and validate - let skip:boolean = false; - const ds=ZOWE_CONFIG.zowe.setup?.dataset ? ZOWE_CONFIG.zowe.setup.dataset[datasetDef.configKey] : undefined; + let skip: boolean = false; + const ds = ZOWE_CONFIG.zowe.setup?.dataset ? ZOWE_CONFIG.zowe.setup.dataset[key] : undefined; if (!ds) { // authLoadlib can be empty - if (datasetDef.configKey == 'authLoadlib') { + if (key == 'authLoadlib') { skip=true; } else { - common.printErrorAndExit(`Error ZWEL0157E: ${datasetDef.configKey} (zowe.setup.dataset.${datasetDef.configKey}) is not defined in Zowe YAML configuration file.`, undefined, 157); + common.printErrorAndExit(`Error ZWEL0157E: ${key} (zowe.setup.dataset.${key}) is not defined in Zowe YAML configuration file.`, undefined, 157); } } - - if (datasetDef.configKey == 'authLoadlib') { - runALoadlibCreate = ds == prefix+'SZWEAUTH' ? false : true; - } - if (!skip) { + if (key == 'authLoadlib') { + runALoadlibCreate = ds == prefix+'SZWEAUTH' ? false : true; + } + const datasetExists=zosdataset.isDatasetExists(ds); if (datasetExists) { if (allowOverwrite) { @@ -75,7 +65,7 @@ export function execute(allowOverwrite?: boolean) { } } } - }); + } if (skippedDatasets && !allowOverwrite) { common.printMessage(`Skipped writing to a dataset. To write, you must use --allow-overwrite.`); diff --git a/bin/commands/init/security/index.sh b/bin/commands/init/security/index.sh index 54f4193f67..5bab5bb233 100644 --- a/bin/commands/init/security/index.sh +++ b/bin/commands/init/security/index.sh @@ -22,50 +22,3 @@ if [ "${USE_CONFIGMGR}" = "true" ]; then else print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 fi - - -print_level1_message "Run Zowe security configurations" - -############################### -# validation -require_zowe_yaml - -# read prefix and validate -prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") -if [ -z "${prefix}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 -fi - -jcllib=$(verify_generated_jcl) -if [ "$?" -eq 1 ]; then - print_error_and_exit "Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 -fi - - -validation_list="groups.admin groups.stc groups.sysProg users.zowe users.zis stcs.zowe stcs.zis stcs.aux" - -for item in ${validation_list}; do - result=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.${item}") - if [ -z "${result}" ]; then - print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.${item}) is not defined in Zowe YAML configuration file." "" 157 - fi -done - -security_product=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.product") -if [ -z "${security_product}" ]; then - print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.product) is not defined in Zowe YAML configuration file." "" 157 -fi - -############################### -# submit job -print_and_handle_jcl "//'${jcllib}(ZWEI${security_product})'" "ZWEI${security_product}" "${jcllib}" "${prefix}" "false" "${ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES}" -print_message "" -print_message "WARNING: Due to the limitation of the ZWEI${security_product} job, exit with 0 does not mean" -print_message " the job is fully successful. Please check the job log to determine" -print_message " if there are any inline errors." -print_message "" -print_level2_message "Command run successfully." - - - - diff --git a/bin/commands/init/stc/index.sh b/bin/commands/init/stc/index.sh index a28703654a..51ecc442be 100644 --- a/bin/commands/init/stc/index.sh +++ b/bin/commands/init/stc/index.sh @@ -22,73 +22,3 @@ if [ "${USE_CONFIGMGR}" = "true" ]; then else print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 fi - - -print_level1_message "Install Zowe main started task" - -############################### -# validation -require_zowe_yaml - -# read prefix and validate -prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") -if [ -z "${prefix}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 -fi - -# read PROCLIB and validate -proclib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.proclib") -if [ -z "${proclib}" ]; then - print_error_and_exit "Error ZWEL0157E: PROCLIB (zowe.setup.dataset.proclib) is not defined in Zowe YAML configuration file." "" 157 -fi - -jcllib=$(verify_generated_jcl) -if [ "$?" -eq 1 ]; then - print_error_and_exit "Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 -fi - -security_stcs_zowe=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.stcs.zowe") -if [ -z "${security_stcs_zowe}" ]; then - print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.stcs.zowe) is not defined in Zowe YAML configuration file." "" 157 -fi -security_stcs_zis=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.stcs.zis") -if [ -z "${security_stcs_zis}" ]; then - print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.stcs.zis) is not defined in Zowe YAML configuration file." "" 157 -fi -security_stcs_aux=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.stcs.aux") -if [ -z "${security_stcs_aux}" ]; then - print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.stcs.aux) is not defined in Zowe YAML configuration file." "" 157 -fi -target_proclibs="${security_stcs_zowe} ${security_stcs_zis} ${security_stcs_aux}" - -for mb in ${target_proclibs}; do - # STCs in target proclib - stc_existence=$(is_data_set_exists "${proclib}(${mb})") - if [ "${stc_existence}" = "true" ]; then - if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then - print_message "Warning ZWEL0300W: ${proclib}(${mb}) already exists. This data set member will be overwritten during configuration." - else - print_message "Warning ZWEL0301W: ${proclib}(${mb}) already exists and will not be overwritten. For upgrades, you must use --allow-overwrite." - fi - fi -done - -if [ "${stc_existence}" = "true" ] && [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" != "true" ]; then - print_message "Skipped writing to ${proclib}. To write, you must use --allow-overwrite." -else - - jcl_file=$(create_tmp_file) - copy_mvs_to_uss "${jcllib}(ZWEISTC)" "${jcl_file}" - - # TODO limitation... if STC names are default, JCL IEBCOPY wont work, - # because in member selection argument, the "rename" operation cannot be from/to the same name. - # yet if we don't have the rename option, then name customization wont work either! - # so, we have to have some conditional logic somewhere. until figuring out how to fix this in ZWEGENER, i am putting it here... - jcl_edit=$(cat "${jcl_file}" | sed "s/ZWESLSTC,ZWESLSTC/ZWESLSTC/" | sed "s/ZWESISTC,ZWESISTC/ZWESISTC/" | sed "s/ZWESASTC,ZWESASTC/ZWESASTC/") - echo "${jcl_edit}" > "${jcl_file}" - - print_and_handle_jcl "${jcl_file}" "ZWEISTC" "${jcllib}" "${prefix}" "true" - print_level2_message "Zowe main started tasks are installed successfully." -fi - - diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index 8086bb3988..a8f8e777a1 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -22,65 +22,3 @@ if [ "${USE_CONFIGMGR}" = "true" ]; then else print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 fi - - -print_level1_message "Create VSAM storage for Zowe Caching Service" - -############################### -# constants - -############################### -# validation -require_zowe_yaml - -caching_storage=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".components.caching-service.storage.mode" | upper_case) -if [ "${caching_storage}" != "VSAM" ]; then - print_error "Warning ZWEL0301W: Zowe Caching Service is not configured to use VSAM. Command skipped." - return 0 -fi -# read prefix and validate -prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") -if [ -z "${prefix}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 -fi - -jcllib=$(verify_generated_jcl) -if [ "$?" -eq 1 ]; then - print_error_and_exit "Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 -fi - - -required_yaml_content="mode volume storageClass name" - -for key in ${required_params}; do - eval "${key}=$(read_yaml \"${ZWE_CLI_PARAMETER_CONFIG}\" \".zowe.setup.vsam.${key}\")" - if [ -z "${key}" ]; then - print_error_and_exit "Error ZWEL0157E: VSAM parameter (zowe.setup.vsam.${key}) is not defined in Zowe YAML configuration file." "" 157 - fi -done - -# VSAM cache cannot be overwritten, must delete manually -# FIXME: cat cannot be used to test VSAM data set -vsam_existence=$(is_data_set_exists "${name}") -if [ "${vsam_existence}" = "true" ]; then - if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then - # delete blindly and ignore errors - result=$(tso_command delete "'${name}'") - else - # error - print_error_and_exit "Error ZWEL0158E: ${name} already exists." "" 158 - fi -fi - - -############################### -# execution (or dry-run) - -print_and_handle_jcl "//'${jcllib}(ZWECSVSM)" "ZWECSVSM" "${jcllib}" "${prefix}" -if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then - if [ "${ZWE_CLI_PARAMETER_UPDATE_CONFIG}" = "true" ]; then - update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "components.caching-service.storage.vsam.name" "${name}" - print_level2_message "Zowe configuration is updated successfully." - fi -fi -print_level2_message "Zowe Caching Service VSAM storage is created successfully." diff --git a/bin/libs/zos-jes.ts b/bin/libs/zos-jes.ts index 749c62c991..09ae97acac 100644 --- a/bin/libs/zos-jes.ts +++ b/bin/libs/zos-jes.ts @@ -16,20 +16,22 @@ import * as common from './common'; import * as stringlib from './string'; import * as shell from './shell'; -export function submitJob(jclFile: string): string|undefined { - common.printDebug(`- submit job ${jclFile}`); +export function submitJob(jclFile: string, printJobDebug:boolean=true): string|undefined { + if (printJobDebug) { + common.printDebug(`- submit job ${jclFile}`); - common.printTrace(`- content of ${jclFile}`); - const catResult = shell.execOutSync('sh', '-c', `cat "${jclFile}" 2>&1`); - if (catResult.rc != 0) { - common.printTrace(` * Failed`); - common.printTrace(` * Exit code: ${catResult.rc}`); - common.printTrace(` * Output:`); - common.printTrace(stringlib.paddingLeft(catResult.out, " ")); - return undefined; - } - else { - common.printTrace(stringlib.paddingLeft(catResult.out, " ")); + common.printTrace(`- content of ${jclFile}`); + const catResult = shell.execOutSync('sh', '-c', `cat "${jclFile}" 2>&1`); + if (catResult.rc != 0) { + common.printTrace(` * Failed`); + common.printTrace(` * Exit code: ${catResult.rc}`); + common.printTrace(` * Output:`); + common.printTrace(stringlib.paddingLeft(catResult.out, " ")); + return undefined; + } + else { + common.printTrace(stringlib.paddingLeft(catResult.out, " ")); + } } // cat seems to work more reliably. sometimes, submit by itself just says it cannot find a real dataset. @@ -175,7 +177,7 @@ export function printAndHandleJcl(jclLocation: string, jobName: string, jcllib: let jobId: string|undefined; if (!std.getenv('ZWE_CLI_PARAMETER_DRY_RUN')) { common.printMessage(`Submitting Job ${jobName}`); - jobId=submitJob(jclLocation); + jobId=submitJob(jclLocation, false); if (!jobId) { jobHasFailures=true; if (continueOnFailure) { From 2f8981577eef453f25ebe166b7d21a13865a9d93 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 9 Feb 2024 15:07:07 -0500 Subject: [PATCH 092/258] Add TS version of zwe install Signed-off-by: 1000TurquoisePogs --- bin/commands/init/mvs/index.ts | 2 +- bin/commands/init/vsam/index.ts | 8 +- bin/commands/install/cli.ts | 18 ++++ bin/commands/install/index.sh | 144 ++------------------------------ bin/commands/install/index.ts | 85 +++++++++++++++++++ bin/libs/zos-jes.ts | 52 +++++++----- example-zowe.yaml | 14 +--- files/SZWEEXEC/ZWEGEN00 | 1 + files/SZWESAMP/ZWEINSTL | 55 ++++++++++++ 9 files changed, 206 insertions(+), 173 deletions(-) create mode 100644 bin/commands/install/cli.ts create mode 100644 bin/commands/install/index.ts create mode 100644 files/SZWESAMP/ZWEINSTL diff --git a/bin/commands/init/mvs/index.ts b/bin/commands/init/mvs/index.ts index fc43b6d3de..06655bbb75 100644 --- a/bin/commands/init/mvs/index.ts +++ b/bin/commands/init/mvs/index.ts @@ -52,7 +52,7 @@ export function execute(allowOverwrite?: boolean) { } if (!skip) { if (key == 'authLoadlib') { - runALoadlibCreate = ds == prefix+'SZWEAUTH' ? false : true; + runALoadlibCreate = ds == (prefix+'.SZWEAUTH') ? false : true; } const datasetExists=zosdataset.isDatasetExists(ds); diff --git a/bin/commands/init/vsam/index.ts b/bin/commands/init/vsam/index.ts index 16de81412b..8462cde0b5 100644 --- a/bin/commands/init/vsam/index.ts +++ b/bin/commands/init/vsam/index.ts @@ -38,7 +38,13 @@ export function execute(allowOverwrite?: boolean, dryRun?: boolean, updateConfig return common.printErrorAndExit(`Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command.`, undefined, 999); } - ['mode', 'volume', 'storageClass', 'name'].forEach((key)=> { + const mode = ZOWE_CONFIG.zowe.setup?.vsam?.mode; + if (!mode) { + return common.printErrorAndExit(`Error ZWEL0999E: VSAM parameter (zowe.setup.vsam.mode) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + let keys = mode == 'NONRLS' ? ['volume', 'name'] : ['storageClass', 'name']; + + keys.forEach((key)=> { if (!ZOWE_CONFIG.zowe.setup.vsam || !ZOWE_CONFIG.zowe.setup.vsam[key]) { return common.printErrorAndExit(`Error ZWEL0157E: VSAM parameter (zowe.setup.vsam.${key}) is not defined in Zowe YAML configuration file.`, undefined, 157); } diff --git a/bin/commands/install/cli.ts b/bin/commands/install/cli.ts new file mode 100644 index 0000000000..bb5cb1c23b --- /dev/null +++ b/bin/commands/install/cli.ts @@ -0,0 +1,18 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as std from 'cm_std'; +import * as index from './index'; +import * as configmgr from '../../libs/configmgr'; + +index.execute(std.getenv("ZWE_CLI_PARAMETER_ALLOW_OVERWRITE") == 'true', std.getenv("ZWE_CLI_PARAMETER_DATASET_PREFIX")); + +configmgr.cleanupTempDir(); diff --git a/bin/commands/install/index.sh b/bin/commands/install/index.sh index a74da85c87..09a1059aa7 100644 --- a/bin/commands/install/index.sh +++ b/bin/commands/install/index.sh @@ -1,4 +1,4 @@ -#!/bin/sh + #!/bin/sh ####################################################################### # This program and the accompanying materials are made available @@ -11,142 +11,14 @@ # Copyright Contributors to the Zowe Project. ####################################################################### -print_level0_message "Install Zowe MVS data sets" +USE_CONFIGMGR=$(check_configmgr_enabled) +if [ "${USE_CONFIGMGR}" = "true" ]; then + if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then -############################### -# constants -# keep in sync with workflows/templates/smpe-install/ZWE3ALOC.vtl -cust_ds_list="${ZWE_PRIVATE_DS_SZWESAMP}|Zowe sample library|dsntype(library) dsorg(po) recfm(f b) lrecl(80) unit(sysallda) space(15,15) tracks -${ZWE_PRIVATE_DS_SZWEAUTH}|Zowe authorized load library|dsntype(library) dsorg(po) recfm(u) lrecl(0) blksize(32760) unit(sysallda) space(30,15) tracks -${ZWE_PRIVATE_DS_SZWELOAD}|Zowe load library|dsntype(library) dsorg(po) recfm(u) lrecl(0) blksize(32760) unit(sysallda) space(30,15) tracks -${ZWE_PRIVATE_DS_SZWEEXEC}|Zowe executable utilities library|dsntype(library) dsorg(po) recfm(f b) lrecl(80) unit(sysallda) space(15,15) tracks" - -############################### -# validation -if [ -n "${ZWE_CLI_PARAMETER_DATASET_PREFIX}" ]; then - prefix="${ZWE_CLI_PARAMETER_DATASET_PREFIX}" -else - require_zowe_yaml - - # read prefix and validate - prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") - if [ -z "${prefix}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 - fi -fi - -############################### -# create data sets if they do not exist -print_message "Create MVS data sets if they do not exist" -while read -r line; do - ds=$(echo "${line}" | awk -F"|" '{print $1}') - name=$(echo "${line}" | awk -F"|" '{print $2}') - spec=$(echo "${line}" | awk -F"|" '{print $3}') - - # check existence - ds_existence=$(is_data_set_exists "${prefix}.${ds}") - if [ "${ds_existence}" = "true" ]; then - if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then - # warning - print_message "Warning ZWEL0300W: ${prefix}.${ds} already exists. Members in this data set will be overwritten." - else - # print_error_and_exit "Error ZWEL0158E: ${prefix}.${ds} already exists." "" 158 - # warning - print_message "Warning ZWEL0301W: ${prefix}.${ds} already exists and will not be overwritten. For upgrades, you must use --allow-overwrite." - fi - else - print_message "Creating ${name} - ${prefix}.${ds}" - create_data_set "${prefix}.${ds}" "${spec}" - if [ $? -ne 0 ]; then - print_error_and_exit "Error ZWEL0111E: Command aborts with error." "" 111 - fi + # user-facing command, use tmpdir to not mess up workspace permissions + export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi -done < --help\" (for example, \"zwe init stc --help\") to get more information." -print_message diff --git a/bin/commands/install/index.ts b/bin/commands/install/index.ts new file mode 100644 index 0000000000..e029f93221 --- /dev/null +++ b/bin/commands/install/index.ts @@ -0,0 +1,85 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as std from 'cm_std'; +import * as xplatform from 'xplatform'; +import * as common from '../../libs/common'; +import * as config from '../../libs/config'; +import * as zosJes from '../../libs/zos-jes'; +import * as zosDataset from '../../libs/zos-dataset'; + +export function execute(allowOverwrite?: boolean, datasetPrefix?: string) { + common.printLevel0Message("Install Zowe MVS data sets"); + + + // constants + // keep in sync with workflows/templates/smpe-install/ZWE3ALOC.vtl + const custDsList = [ std.getenv('ZWE_PRIVATE_DS_SZWESAMP'), + std.getenv('ZWE_PRIVATE_DS_SZWEAUTH'), + std.getenv('ZWE_PRIVATE_DS_SZWELOAD'), + std.getenv('ZWE_PRIVATE_DS_SZWEEXEC') ]; + + let prefix: string; + + // validation + if (datasetPrefix) { + prefix = datasetPrefix; + } else { + common.requireZoweYaml(); + const zoweConfig = config.getZoweConfig(); + + // read prefix and validate + prefix = zoweConfig.zowe.setup.dataset.prefix; + if (!prefix) { + common.printErrorAndExit(`Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + } + + + // create data sets if they do not exist + common.printMessage(`Create MVS data sets if they do not exist`); + let dsExistence: boolean = false; + custDsList.forEach((ds)=> { + // check existence + dsExistence = zosDataset.isDatasetExists(prefix+'.'+ds); + if (dsExistence) { + if (allowOverwrite) { + // warning + common.printMessage(`Warning ZWEL0300W: ${prefix}.${ds} already exists. Members in this data set will be overwritten.`); + } else { + // warning + common.printMessage(`Warning ZWEL0301W: ${prefix}.${ds} already exists and will not be overwritten. For upgrades, you must use --allow-overwrite.`); + } + } + }); + common.printMessage(``); + + if (dsExistence && !allowOverwrite) { + common.printLevel1Message(`Zowe MVS data sets installation skipped.`); + } else { + let jclContents = xplatform.loadFileUTF8(std.getenv('ZWE_zowe_runtimeDirectory')+'/files/SZWESAMP/ZWEINSTL', xplatform.AUTO_DETECT); + jclContents = jclContents.replace(/\{zowe\.runtimeDirectory\}/gi, std.getenv('ZWE_zowe_runtimeDirectory')) + .replace(/\{zowe\.setup\.dataset\.prefix\}/gi, prefix) + + zosJes.printAndHandleJcl(jclContents, `ZWEINSTL`, prefix, prefix, false, false, true); + + // exit message + common.printLevel1Message(`Zowe MVS data sets are installed successfully.`); + } + + + common.printMessage(`Zowe installation completed. In order to use Zowe, you need to run \"zwe init\" command to initialize Zowe instance.`); + common.printMessage(`- Type \"zwe init --help\" to get more information.`); + common.printMessage(``); + common.printMessage(`You can also run individual init sub-commands: mvs, certificate, security, vsam, apfauth, and stc.`); + common.printMessage(`- Type \"zwe init --help\" (for example, \"zwe init stc --help\") to get more information.`); + common.printMessage(``); +} diff --git a/bin/libs/zos-jes.ts b/bin/libs/zos-jes.ts index 09ae97acac..f60803f383 100644 --- a/bin/libs/zos-jes.ts +++ b/bin/libs/zos-jes.ts @@ -16,26 +16,31 @@ import * as common from './common'; import * as stringlib from './string'; import * as shell from './shell'; -export function submitJob(jclFile: string, printJobDebug:boolean=true): string|undefined { +export function submitJob(jclFileOrContent: string, printJobDebug:boolean=true, jclIsContent?:boolean): string|undefined { if (printJobDebug) { - common.printDebug(`- submit job ${jclFile}`); + common.printDebug(`- submit job ${jclFileOrContent}`); - common.printTrace(`- content of ${jclFile}`); - const catResult = shell.execOutSync('sh', '-c', `cat "${jclFile}" 2>&1`); - if (catResult.rc != 0) { - common.printTrace(` * Failed`); - common.printTrace(` * Exit code: ${catResult.rc}`); - common.printTrace(` * Output:`); - common.printTrace(stringlib.paddingLeft(catResult.out, " ")); - return undefined; - } - else { - common.printTrace(stringlib.paddingLeft(catResult.out, " ")); + common.printTrace(`- content of ${jclFileOrContent}`); + if (!jclIsContent) { + const catResult = shell.execOutSync('sh', '-c', `cat "${jclFileOrContent}" 2>&1`); + if (catResult.rc != 0) { + common.printTrace(` * Failed`); + common.printTrace(` * Exit code: ${catResult.rc}`); + common.printTrace(` * Output:`); + common.printTrace(stringlib.paddingLeft(catResult.out, " ")); + return undefined; + } + else { + common.printTrace(stringlib.paddingLeft(catResult.out, " ")); + } + } else { + common.printTrace(jclFileOrContent); } } // cat seems to work more reliably. sometimes, submit by itself just says it cannot find a real dataset. - const result=shell.execOutSync('sh', '-c', `cat "${jclFile}" | submit 2>&1`); + const result = shell.execOutSync('sh', '-c', jclIsContent ? `echo "${jclFileOrContent}" | submit 2>&1` + : `cat "${jclFileOrContent}" | submit 2>&1`); // expected: JOB JOB????? submitted from path '...' const code=result.rc; if (code==0) { @@ -162,10 +167,13 @@ export function waitForJob(jobid: string): {jobcctext?: string, jobcccode?: stri } } -export function printAndHandleJcl(jclLocation: string, jobName: string, jcllib: string, prefix: string, removeJclOnFinish?: boolean, continueOnFailure?: boolean){ - const jclContents = shell.execOutSync('sh', '-c', `cat "${jclLocation}" 2>&1`).out; +export function printAndHandleJcl(jclLocationOrContent: string, jobName: string, jcllib: string, prefix: string, removeJclOnFinish?: boolean, continueOnFailure?: boolean, jclIsContent?: boolean){ + const jclContents = jclIsContent ? jclLocationOrContent : shell.execOutSync('sh', '-c', `cat "${jclLocationOrContent}" 2>&1`).out; let jobHasFailures = false; + if (jclIsContent) { + removeJclOnFinish = false; + } common.printMessage(`Template JCL: ${prefix}.SZWESAMP(${jobName}) , Executable JCL: ${jcllib}(${jobName})`); common.printMessage(`--- JCL Content ---`); @@ -177,7 +185,7 @@ export function printAndHandleJcl(jclLocation: string, jobName: string, jcllib: let jobId: string|undefined; if (!std.getenv('ZWE_CLI_PARAMETER_DRY_RUN')) { common.printMessage(`Submitting Job ${jobName}`); - jobId=submitJob(jclLocation, false); + jobId=submitJob(jclLocationOrContent, false, jclIsContent); if (!jobId) { jobHasFailures=true; if (continueOnFailure) { @@ -185,7 +193,7 @@ export function printAndHandleJcl(jclLocation: string, jobName: string, jcllib: jobId=undefined; } else { if (removeJclOnFinish) { - removeRc = os.remove(jclLocation); + removeRc = os.remove(jclLocationOrContent); } common.printErrorAndExit(`Error ZWEL0161E: Failed to run JCL ${jcllib}(${jobName}).`, undefined, 161); } @@ -199,7 +207,7 @@ export function printAndHandleJcl(jclLocation: string, jobName: string, jcllib: common.printError(`Warning ZWEL0162W: Failed to find job ${jobId} result.`); } else { if (removeJclOnFinish) { - removeRc = os.remove(jclLocation); + removeRc = os.remove(jclLocationOrContent); } common.printErrorAndExit(`Error ZWEL0162E: Failed to find job ${jobId} result.`, undefined, 162); } @@ -209,13 +217,13 @@ export function printAndHandleJcl(jclLocation: string, jobName: string, jcllib: common.printError(`Warning ZWEL0163W: Job ${jobname}(${jobId}) ends with code ${jobcccode} (${jobcctext}).`); } else { if (removeJclOnFinish) { - removeRc = os.remove(jclLocation); + removeRc = os.remove(jclLocationOrContent); } common.printErrorAndExit(`Error ZWEL0163E: Job ${jobname}(${jobId}) ends with code ${jobcccode} (${jobcctext}).`, undefined, 163); } } if (removeJclOnFinish) { - removeRc = os.remove(jclLocation); + removeRc = os.remove(jclLocationOrContent); } if (jobHasFailures) { common.printLevel2Message(`Job ended with some failures. Please check job log for details.`); @@ -226,7 +234,7 @@ export function printAndHandleJcl(jclLocation: string, jobName: string, jcllib: common.printMessage(`To perform command, re-run command without dry run flag, or submit the JCL directly`); common.printLevel2Message(`Command run successfully.`); if (removeJclOnFinish) { - removeRc = os.remove(jclLocation); + removeRc = os.remove(jclLocationOrContent); } return 0 } diff --git a/example-zowe.yaml b/example-zowe.yaml index 9540b5f92e..ef96de9672 100644 --- a/example-zowe.yaml +++ b/example-zowe.yaml @@ -314,22 +314,10 @@ zowe: # Where extensions are installed extensionDirectory: /global/zowe/extensions - # **COMMONLY_CUSTOMIZED** - useConfigmgr: true - # Setting to true will enable: - # * schema-backed validation of zowe.yaml - # * should greatly improve startup time. - # * can supply multiple zowe.yaml as defaults & overrides in the format of - # FILE(/my/customizations.yaml):PARMLIB(MYORG.ZOWE(YAML)):FILE(/zowe/defaults.yaml) - # * allows templating in zowe.yaml by putting references within ${{ }} blocks such as - # rewriting the job section below as - # job: - # name: ${{ zowe.job.prefix }}SV - # prefix: ZWE1 configmgr: # STRICT=quit on any error, including missing schema # COMPONENT-COMPAT=if component missing schema, skip it with warning instead of quit - validation: "COMPONENT-COMPAT" + validation: "STRICT" # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # runtime z/OS job name diff --git a/files/SZWEEXEC/ZWEGEN00 b/files/SZWEEXEC/ZWEGEN00 index 9c3a0afc3d..36d308a198 100644 --- a/files/SZWEEXEC/ZWEGEN00 +++ b/files/SZWEEXEC/ZWEGEN00 @@ -141,6 +141,7 @@ x = DeleteDataSet(jclCopy'(ZWESIP00)') x = DeleteDataSet(jclCopy'(ZWESIPRG)') x = DeleteDataSet(jclCopy'(ZWESISCH)') x = DeleteDataSet(jclCopy'(ZWESECKG)') +x = DeleteDataSet(jclCopy'(ZWEINSTL)') /* diff --git a/files/SZWESAMP/ZWEINSTL b/files/SZWESAMP/ZWEINSTL new file mode 100644 index 0000000000..3ee0b2ecd9 --- /dev/null +++ b/files/SZWESAMP/ZWEINSTL @@ -0,0 +1,55 @@ +//ZWEINSTL JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//MKPDSE EXEC PGM=IKJEFT01 +//SYSTSPRT DD SYSOUT=A +//SYSTSIN DD * +ALLOC NEW DA('{zowe.setup.dataset.prefix}.SZWESAMP') + +dsntype(library) dsorg(po) recfm(f b) lrecl(80) + +unit(sysallda) space(15,15) tracks + +ALLOC NEW DA('{zowe.setup.dataset.prefix}.SZWEEXEC') + +dsntype(library) dsorg(po) recfm(f b) lrecl(80) + +unit(sysallda) space(15,15) tracks + +ALLOC NEW DA('{zowe.setup.dataset.prefix}.SZWEAUTH') + +dsntype(library) dsorg(po) recfm(u) lrecl(0) + +blksize(32760) unit(sysallda) space(30,15) tracks + +ALLOC NEW DA('{zowe.setup.dataset.prefix}.SZWELOAD') + +dsntype(library) dsorg(po) recfm(u) lrecl(0) + +blksize(32760) unit(sysallda) space(30,15) tracks +//* +//* +//AUTHCPY EXEC PGM=BPXBATCH +//BPXPRINT DD SYSOUT=* +//STDOUT DD SYSOUT=* +//STDERR DD SYSOUT=* +//STDPARM DD * +SH cd {zowe.runtimeDirectory} && +cd files/SZWESAMP && +cp * "//'{zowe.setup.dataset.prefix}.SZWESAMP'" && +cd ../SZWEEXEC && +cp * "//'{zowe.setup.dataset.prefix}.SZWEEXEC'" && +cd ../SZWELOAD && +cp * "//'{zowe.setup.dataset.prefix}.SZWELOAD'" && +cd ../../components/launcher/bin +cp zowe_launcher "//'{zowe.setup.dataset.prefix}.SZWEAUTH'" && +cd ../../zss/SAMPLIB && +cp ZWESASTC ZWESIP00 ZWESISTC ZWESISCH + "//'{zowe.setup.dataset.prefix}.SZWESAMP'" && +cd ../LOADLIB && +cp ZWESIS01 ZWESAUX ZWESISDL + "//'{zowe.setup.dataset.prefix}.SZWEAUTH'" +/* + From 2965629adaf85ed6558fde090fb1e5ef8a7b14e6 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 9 Feb 2024 15:33:09 -0500 Subject: [PATCH 093/258] Revert install command for now while more testing is done Signed-off-by: 1000TurquoisePogs --- bin/commands/install/index.sh | 144 ++++++++++++++++++++++++++++++++-- 1 file changed, 136 insertions(+), 8 deletions(-) diff --git a/bin/commands/install/index.sh b/bin/commands/install/index.sh index 09a1059aa7..0fc9e7fad6 100644 --- a/bin/commands/install/index.sh +++ b/bin/commands/install/index.sh @@ -1,4 +1,4 @@ - #!/bin/sh +#!/bin/sh ####################################################################### # This program and the accompanying materials are made available @@ -11,14 +11,142 @@ # Copyright Contributors to the Zowe Project. ####################################################################### -USE_CONFIGMGR=$(check_configmgr_enabled) -if [ "${USE_CONFIGMGR}" = "true" ]; then - if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then +print_level0_message "Install Zowe MVS data sets" - # user-facing command, use tmpdir to not mess up workspace permissions - export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 +############################### +# constants +# keep in sync with workflows/templates/smpe-install/ZWE3ALOC.vtl +cust_ds_list="${ZWE_PRIVATE_DS_SZWESAMP}|Zowe sample library|dsntype(library) dsorg(po) recfm(f b) lrecl(80) unit(sysallda) space(15,15) tracks +${ZWE_PRIVATE_DS_SZWEAUTH}|Zowe authorized load library|dsntype(library) dsorg(po) recfm(u) lrecl(0) blksize(32760) unit(sysallda) space(30,15) tracks +${ZWE_PRIVATE_DS_SZWELOAD}|Zowe load library|dsntype(library) dsorg(po) recfm(u) lrecl(0) blksize(32760) unit(sysallda) space(30,15) tracks +${ZWE_PRIVATE_DS_SZWEEXEC}|Zowe executable utilities library|dsntype(library) dsorg(po) recfm(f b) lrecl(80) unit(sysallda) space(15,15) tracks" + +############################### +# validation +if [ -n "${ZWE_CLI_PARAMETER_DATASET_PREFIX}" ]; then + prefix="${ZWE_CLI_PARAMETER_DATASET_PREFIX}" +else + require_zowe_yaml + + # read prefix and validate + prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") + if [ -z "${prefix}" ]; then + print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 + fi +fi + +############################### +# create data sets if they do not exist +print_message "Create MVS data sets if they do not exist" +while read -r line; do + ds=$(echo "${line}" | awk -F"|" '{print $1}') + name=$(echo "${line}" | awk -F"|" '{print $2}') + spec=$(echo "${line}" | awk -F"|" '{print $3}') + + # check existence + ds_existence=$(is_data_set_exists "${prefix}.${ds}") + if [ "${ds_existence}" = "true" ]; then + if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then + # warning + print_message "Warning ZWEL0300W: ${prefix}.${ds} already exists. Members in this data set will be overwritten." + else + # print_error_and_exit "Error ZWEL0158E: ${prefix}.${ds} already exists." "" 158 + # warning + print_message "Warning ZWEL0301W: ${prefix}.${ds} already exists and will not be overwritten. For upgrades, you must use --allow-overwrite." + fi + else + print_message "Creating ${name} - ${prefix}.${ds}" + create_data_set "${prefix}.${ds}" "${spec}" + if [ $? -ne 0 ]; then + print_error_and_exit "Error ZWEL0111E: Command aborts with error." "" 111 + fi fi - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/install/cli.js" +done < --help\" (for example, \"zwe init stc --help\") to get more information." +print_message From db44b8fe8fab7349d131b290ed3bcdd943762f1b Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 12 Feb 2024 07:32:54 -0500 Subject: [PATCH 094/258] Do not rename members Signed-off-by: 1000TurquoisePogs --- bin/commands/install/index.sh | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/bin/commands/install/index.sh b/bin/commands/install/index.sh index 0fc9e7fad6..df76a4c66e 100644 --- a/bin/commands/install/index.sh +++ b/bin/commands/install/index.sh @@ -115,15 +115,10 @@ else # FIXME: move these parts to zss commands.install? # FIXME: ZWESIPRG is in zowe-install-packaging cd "${ZWE_zowe_runtimeDirectory}/components/zss" - zss_samplib="ZWESAUX=ZWESASTC ZWESIP00 ZWESIS01=ZWESISTC ZWESISCH" + zss_samplib="ZWESASTC ZWESIP00 ZWESISTC ZWESISCH" for mb in ${zss_samplib}; do - mb_from=$(echo "${mb}" | awk -F= '{print $1}') - mb_to=$(echo "${mb}" | awk -F= '{print $2}') - if [ -z "${mb_to}" ]; then - mb_to="${mb_from}" - fi - print_message "Copy components/zss/SAMPLIB/${mb_from} to ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(${mb_to})" - copy_to_data_set "SAMPLIB/${mb_from}" "${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(${mb_to})" "" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" + print_message "Copy components/zss/SAMPLIB/${mb} to ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(${mb})" + copy_to_data_set "SAMPLIB/${mb}" "${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(${mb})" "" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" if [ $? -ne 0 ]; then print_error_and_exit "Error ZWEL0111E: Command aborts with error." "" 111 fi From 088a21ca98104502ff95ba1635063a067d5bc68d Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 12 Feb 2024 08:42:54 -0500 Subject: [PATCH 095/258] Split ZWENOKYR, fix bug on submitting right job for ZWEKRING replacements, and update workflows to reference right job names Signed-off-by: 1000TurquoisePogs --- bin/libs/certificate.sh | 40 +++++----- files/SZWEEXEC/ZWEGEN00 | 6 ++ files/SZWESAMP/ZWENOKRA | 79 +++++++++++++++++++ files/SZWESAMP/{ZWENOKYR => ZWENOKRR} | 70 +--------------- files/SZWESAMP/ZWENOKRT | 72 +++++++++++++++++ playbooks/roles/configure/tasks/show_logs.yml | 18 ++++- .../roles/zowe/tasks/purge_job_outputs.yml | 18 ++++- 7 files changed, 207 insertions(+), 96 deletions(-) create mode 100644 files/SZWESAMP/ZWENOKRA rename files/SZWESAMP/{ZWENOKYR => ZWENOKRR} (59%) create mode 100644 files/SZWESAMP/ZWENOKRT diff --git a/bin/libs/certificate.sh b/bin/libs/certificate.sh index d82e205563..ff5697698a 100644 --- a/bin/libs/certificate.sh +++ b/bin/libs/certificate.sh @@ -816,11 +816,7 @@ keyring_run_zwekring_jcl() { jcllib="${2}" # should be 1, 2 or 3 jcloption="${3}" - keyring_owner="${4}" - keyring_name="${5}" domains="${6}" - alias="${7}" - ca_alias="${8}" # external CA labels separated by comma (label can have spaces) ext_cas="${9}" # set to 1 or true to import z/OSMF CA @@ -829,12 +825,6 @@ keyring_run_zwekring_jcl() { trust_zosmf=1 fi zosmf_root_ca="${11}" - # option 2 - connect existing - connect_user="${12}" - connect_label="${13}" - # option 3 - import from data set - import_ds_name="${14}" - import_ds_password="${15}" validity="${16:-${ZWE_PRIVATE_DEFAULT_CERTIFICATE_VALIDITY}}" security_product=${17:-RACF} @@ -971,10 +961,10 @@ EOF ############################### # submit job print_message "Submitting Job ${member_name})" - jobid=$(submit_job "//'${jcllib}(${tmpdsm})'") + jobid=$(submit_job "${tmpfile}") code=$? if [ ${code} -ne 0 ]; then - print_error "Error ZWEL0161E: Failed to run JCL ${jcllib}(${tmpdsm})." + print_error "Error ZWEL0161E: Failed to run JCL ${jcllib}(${member_name})." return 161 fi print_debug "- job id ${jobid}" @@ -1005,15 +995,21 @@ EOF keyring_run_zwenokyr_jcl() { prefix="${1}" jcllib="${2}" - keyring_owner="${3}" - keyring_name="${4}" - alias="${5}" - ca_alias="${6}" - security_product=${7:-RACF} + security_product="${3}" - jcl_contents=$(cat "//'${jcllib}(ZWENOKYR)'") + member_prefix="ZWEINOKR" + if [ "${security_product}" = "TSS" ]; then + member_name="${member_prefix}T" + elif [ "${security_product}" = "ACF2" ]; then + member_name="${member_prefix}A" + else + member_name="${member_prefix}R" + fi + + + jcl_contents=$(cat "//'${jcllib}(${member_name})'") - print_message "Template JCL: ${prefix}.SZWESAMP(ZWENOKYR) , Executable JCL: ${jcllib}(ZWENOKYR)" + print_message "Template JCL: ${prefix}.SZWESAMP(${member_name}) , Executable JCL: ${jcllib}(${member_name})" print_message "--- JCL Content ---" print_message "$jcl_contents" print_message "--- End of JCL ---" @@ -1024,11 +1020,11 @@ keyring_run_zwenokyr_jcl() { print_message "JCL not submitted, command run with dry run flag." print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" else - print_message "Submitting Job ZWENOKYR" - jobid=$(submit_job "//'${jcllib}(${tmpdsm})'") + print_message "Submitting Job ${member_name}" + jobid=$(submit_job "//'${jcllib}(${member_name}})'") code=$? if [ ${code} -ne 0 ]; then - print_error "Error ZWEL0161E: Failed to run JCL ${jcllib}(${tmpdsm})." + print_error "Error ZWEL0161E: Failed to run JCL ${jcllib}(${member_name})." return 161 fi print_debug "- job id ${jobid}" diff --git a/files/SZWEEXEC/ZWEGEN00 b/files/SZWEEXEC/ZWEGEN00 index 36d308a198..6dbaa1ffa6 100644 --- a/files/SZWEEXEC/ZWEGEN00 +++ b/files/SZWEEXEC/ZWEGEN00 @@ -185,6 +185,8 @@ if COMPARE('RCVT', CVTRAC_VAL) = 0 then do x = DeleteDataSet(jclCopy'(ZWEIKRT3)') x = DeleteDataSet(jclCopy'(ZWEIACF2)') x = DeleteDataSet(jclCopy'(ZWEITSS)') + x = DeleteDataSet(jclCopy'(ZWENOKRA)') + x = DeleteDataSet(jclCopy'(ZWENOKRT)') end if COMPARE('RTSS', CVTRAC_VAL) = 0 then do x = DeleteDataSet(jclCopy'(ZWEIKRA1)') @@ -195,6 +197,8 @@ if COMPARE('RTSS', CVTRAC_VAL) = 0 then do x = DeleteDataSet(jclCopy'(ZWEIKRR3)') x = DeleteDataSet(jclCopy'(ZWEIACF2)') x = DeleteDataSet(jclCopy'(ZWEIRACF)') + x = DeleteDataSet(jclCopy'(ZWENOKRA)') + x = DeleteDataSet(jclCopy'(ZWENOKRR)') end if COMPARE('ACF2', CVTRAC_VAL) = 0 then do x = DeleteDataSet(jclCopy'(ZWEIKRT1)') @@ -205,6 +209,8 @@ if COMPARE('ACF2', CVTRAC_VAL) = 0 then do x = DeleteDataSet(jclCopy'(ZWEIKRR3)') x = DeleteDataSet(jclCopy'(ZWEIRACF)') x = DeleteDataSet(jclCopy'(ZWEITSS)') + x = DeleteDataSet(jclCopy'(ZWENOKRT)') + x = DeleteDataSet(jclCopy'(ZWENOKRR)') end say jcl' has been copied to 'jclCopy'.' diff --git a/files/SZWESAMP/ZWENOKRA b/files/SZWESAMP/ZWENOKRA new file mode 100644 index 0000000000..edd66603d8 --- /dev/null +++ b/files/SZWESAMP/ZWENOKRA @@ -0,0 +1,79 @@ +//ZWENOKRA JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* Zowe Open Source Project +//* This JCL can be used to remove key ring and certificates for Zowe +//* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* Note(s): +//* +//* 1. THE USER ID THAT RUNS THIS JOB MUST HAVE SUFFICIENT AUTHORITY +//* TO ALTER SECURITY DEFINITIONS +//* +//* 2. This job WILL complete with return code 0. +//* The results of each command must be verified after completion. +//* +//******************************************************************* +// EXPORT SYMLIST=* +//* +//********************************************************************* +//* +//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT +//* +//RUN EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//* +//********************************************************************* +//* +//* ACF2 ONLY, customize to meet your system requirements +//* +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF + +* Remove permit to use SITE owned certificate's private key + SET RESOURCE(FAC) + RECKEY IRR DEL(DIGTCERT.GENCERT + + ROLE({zowe.setup.security.groups.stc}) + + SERVICE(CONTROL) ALLOW) + +* Remove permit to read keyring ....................................*/ + RECKEY IRR DEL(DIGTCERT.LISTRING + + ROLE({zowe.setup.security.groups.stc}) + + SERVICE(READ) ALLOW) + + F ACF2,REBUILD(FAC) + +* Delete LABEL certificate ........................................*/ + DELETE {zowe.setup.security.users.zowe}.ZOWECERT + +* Delete LOCALCA certificate ......................................*/ + DELETE CERTAUTH.ZOWECA + +* Delete keyring ...................................................*/ + SET PROFILE(USER) DIVISION(KEYRING) + DELETE {zowe.setup.security.users.zowe}.ZOWERING + + F ACF2,REBUILD(USR),CLASS(P),DIVISION(KEYRING) + +END +$$ +//* + diff --git a/files/SZWESAMP/ZWENOKYR b/files/SZWESAMP/ZWENOKRR similarity index 59% rename from files/SZWESAMP/ZWENOKYR rename to files/SZWESAMP/ZWENOKRR index 990dcb889f..adc0f95f5c 100644 --- a/files/SZWESAMP/ZWENOKYR +++ b/files/SZWESAMP/ZWENOKRR @@ -1,4 +1,4 @@ -//ZWENOKYR JOB +//ZWENOKRR JOB //* //* This program and the accompanying materials are made available //* under the terms of the Eclipse Public License v2.0 which @@ -22,9 +22,6 @@ //* 1) Add job name and job parameters to the JOB statement, to //* meet your system requirements. //* -//* 2) Customize the commands in the DD statement that matches your -//* security product so that they meet your system requirements. -//* //* Note(s): //* //* 1. THE USER ID THAT RUNS THIS JOB MUST HAVE SUFFICIENT AUTHORITY @@ -49,7 +46,7 @@ //* //RUN EXEC PGM=IKJEFT01,REGION=0M //SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME={zowe.setup.security.product} +//SYSTSIN DD DDNAME=RACF //* //********************************************************************* //* @@ -99,67 +96,4 @@ PROFILE $$ //* -//********************************************************************* -//* -//* ACF2 ONLY, customize to meet your system requirements -//* -//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY -ACF - -* Remove permit to use SITE owned certificate's private key - SET RESOURCE(FAC) - RECKEY IRR DEL(DIGTCERT.GENCERT + - ROLE({zowe.setup.security.groups.stc}) + - SERVICE(CONTROL) ALLOW) - -* Remove permit to read keyring ....................................*/ - RECKEY IRR DEL(DIGTCERT.LISTRING + - ROLE({zowe.setup.security.groups.stc}) + - SERVICE(READ) ALLOW) - - F ACF2,REBUILD(FAC) - -* Delete LABEL certificate ........................................*/ - DELETE {zowe.setup.security.users.zowe}.ZOWECERT - -* Delete LOCALCA certificate ......................................*/ - DELETE CERTAUTH.ZOWECA - -* Delete keyring ...................................................*/ - SET PROFILE(USER) DIVISION(KEYRING) - DELETE {zowe.setup.security.users.zowe}.ZOWERING - - F ACF2,REBUILD(USR),CLASS(P),DIVISION(KEYRING) - -END -$$ -//* -//********************************************************************* -//* -//* Top Secret ONLY, customize to meet your system requirements -//* -//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Remove permit to use SITE owned certificate's private key */ - TSS REVOKE({zowe.setup.security.users.zowe}) + - IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) - -/* Remove permit to read keyring ................................... */ - TSS REVOKE({zowe.setup.security.users.zowe}) + - IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) - -/* Delete LABEL certificate ........................................*/ - TSS REM({zowe.setup.security.users.zowe}) DIGICERT(ZOWECERT) - -/* Delete LOCALCA certificate ......................................*/ - TSS REM(CERTAUTH) DIGICERT(ZOWECA) - -/* Delete keyring ...................................................*/ - TSS REM({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) - -/* ................................................................. */ -/* only the last RC is returned, this command ensures it is a 0 */ -PROFILE -$$ -//* diff --git a/files/SZWESAMP/ZWENOKRT b/files/SZWESAMP/ZWENOKRT new file mode 100644 index 0000000000..9a14e5be05 --- /dev/null +++ b/files/SZWESAMP/ZWENOKRT @@ -0,0 +1,72 @@ +//ZWENOKRT JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* Zowe Open Source Project +//* This JCL can be used to remove key ring and certificates for Zowe +//* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* Note(s): +//* +//* 1. THE USER ID THAT RUNS THIS JOB MUST HAVE SUFFICIENT AUTHORITY +//* TO ALTER SECURITY DEFINITIONS +//* +//* 2. This job WILL complete with return code 0. +//* The results of each command must be verified after completion. +//* +//******************************************************************* +// EXPORT SYMLIST=* +//* +//********************************************************************* +//* +//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT +//* +//RUN EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//* +//********************************************************************* +//* +//* Top Secret ONLY, customize to meet your system requirements +//* +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* Remove permit to use SITE owned certificate's private key */ + TSS REVOKE({zowe.setup.security.users.zowe}) + + IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) + +/* Remove permit to read keyring ................................... */ + TSS REVOKE({zowe.setup.security.users.zowe}) + + IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) + +/* Delete LABEL certificate ........................................*/ + TSS REM({zowe.setup.security.users.zowe}) DIGICERT(ZOWECERT) + +/* Delete LOCALCA certificate ......................................*/ + TSS REM(CERTAUTH) DIGICERT(ZOWECA) + +/* Delete keyring ...................................................*/ + TSS REM({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + +/* ................................................................. */ +/* only the last RC is returned, this command ensures it is a 0 */ +PROFILE +$$ +//* + diff --git a/playbooks/roles/configure/tasks/show_logs.yml b/playbooks/roles/configure/tasks/show_logs.yml index c6c266738c..2d36f5b77f 100644 --- a/playbooks/roles/configure/tasks/show_logs.yml +++ b/playbooks/roles/configure/tasks/show_logs.yml @@ -37,9 +37,21 @@ vars: show_jobs_name: "{{ job_name_to_show }}" loop: - - ZWESECUR - - ZWEKRING - - ZWENOKYR + - ZWEIACF2 + - ZWEIRACF + - ZWEITSS + - ZWEIKRR1 + - ZWEIKRR2 + - ZWEIKRR3 + - ZWEIKRA1 + - ZWEIKRA2 + - ZWEIKRA3 + - ZWEIKRT1 + - ZWEIKRT2 + - ZWEIKRT3 + - ZWENOKRR + - ZWENOKRT + - ZWENOKRA - ZWECSVSM loop_control: loop_var: job_name_to_show diff --git a/playbooks/roles/zowe/tasks/purge_job_outputs.yml b/playbooks/roles/zowe/tasks/purge_job_outputs.yml index f8ebf58894..7bd234a937 100644 --- a/playbooks/roles/zowe/tasks/purge_job_outputs.yml +++ b/playbooks/roles/zowe/tasks/purge_job_outputs.yml @@ -45,8 +45,20 @@ vars: purge_jobs_name: "{{ job_name_to_purge }}" loop: - - ZWESECUR - - ZWEKRING - - ZWENOKYR + - ZWEIACF2 + - ZWEIRACF + - ZWEITSS + - ZWEIKRR1 + - ZWEIKRR2 + - ZWEIKRR3 + - ZWEIKRA1 + - ZWEIKRA2 + - ZWEIKRA3 + - ZWEIKRT1 + - ZWEIKRT2 + - ZWEIKRT3 + - ZWENOKRR + - ZWENOKRT + - ZWENOKRA loop_control: loop_var: job_name_to_purge From 9b764d88b4cb352dc91773e55018b128339889f2 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 12 Feb 2024 10:02:02 -0500 Subject: [PATCH 096/258] Fixes to bugs found by @Martin-Zeithaml Signed-off-by: 1000TurquoisePogs --- bin/commands/install/.help | 1 + files/SZWESAMP/ZWEIAPF | 4 ++-- files/SZWESAMP/ZWEIKRA3 | 2 +- files/SZWESAMP/ZWEIKRR3 | 2 +- files/SZWESAMP/ZWEIKRT3 | 2 +- 5 files changed, 6 insertions(+), 5 deletions(-) diff --git a/bin/commands/install/.help b/bin/commands/install/.help index 3e21d52635..5934904669 100644 --- a/bin/commands/install/.help +++ b/bin/commands/install/.help @@ -19,3 +19,4 @@ Expected outputs: * `SZWEAUTH` contains few Zowe load modules (++PROGRAM). * `SZWESAMP` contains several sample configurations. * `SZWEEXEC` contains few utilities used by Zowe. + * `SZWELOAD` contains config manager for rexx. \ No newline at end of file diff --git a/files/SZWESAMP/ZWEIAPF b/files/SZWESAMP/ZWEIAPF index dc59bd3ca9..ba329bb8af 100644 --- a/files/SZWESAMP/ZWEIAPF +++ b/files/SZWESAMP/ZWEIAPF @@ -22,9 +22,9 @@ //* //* This dataset holds product plugins for ZIS, //* ZIS is located in the LOADLIB. -// SET PLUGINLIB='{zowe.setup.dataset.authPluginLib}' +// SET PLUGLIB='{zowe.setup.dataset.authPluginLib}' //* //APFLOAD COMMAND 'SETPROG APF,ADD,DSN=&LOADLIB' //* -//APFLIB COMMAND 'SETPROG APF,ADD,DSN=&PLUGINLIB' +//APFLIB COMMAND 'SETPROG APF,ADD,DSN=&PLUGLIB' //* diff --git a/files/SZWESAMP/ZWEIKRA3 b/files/SZWESAMP/ZWEIKRA3 index 1d646a558d..e475a378a6 100644 --- a/files/SZWESAMP/ZWEIKRA3 +++ b/files/SZWESAMP/ZWEIKRA3 @@ -15,7 +15,7 @@ //* //* ATTENTION! //* Each ZWEIKR JCL is for different ESM and Keyring options. -// This one is for importing a PKCS12 certificate from a data set. +//* This one is for importing a PKCS12 certificate from a data set. //* //********************************************************************* //* diff --git a/files/SZWESAMP/ZWEIKRR3 b/files/SZWESAMP/ZWEIKRR3 index 7280cc194c..3fd354d4bb 100644 --- a/files/SZWESAMP/ZWEIKRR3 +++ b/files/SZWESAMP/ZWEIKRR3 @@ -16,7 +16,7 @@ //* //* ATTENTION! //* Each ZWEIKR JCL is for different ESM and Keyring options. -// This one is for importing a PKCS12 certificate from a data set. +//* This one is for importing a PKCS12 certificate from a data set. //* //********************************************************************* //* diff --git a/files/SZWESAMP/ZWEIKRT3 b/files/SZWESAMP/ZWEIKRT3 index b12a8b0c08..25b63b27e4 100644 --- a/files/SZWESAMP/ZWEIKRT3 +++ b/files/SZWESAMP/ZWEIKRT3 @@ -15,7 +15,7 @@ //* //* ATTENTION! //* Each ZWEIKR JCL is for different ESM and Keyring options. -// This one is for importing a PKCS12 certificate from a data set. +//* This one is for importing a PKCS12 certificate from a data set. //* //********************************************************************* //* From 10cdfc451b053a63a74ac0df42ddbb750a567035 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 12 Feb 2024 13:47:00 -0500 Subject: [PATCH 097/258] Fix bug in init stc where it said ZWE**S**ISTC accidentally. Fix string replace logic there too where a comma , was lost in string replace. Also improve code as suggested by @Martin-Zeithaml Signed-off-by: 1000TurquoisePogs --- bin/commands/init/generate/index.ts | 16 +++++++++++++++- bin/commands/init/stc/index.ts | 26 +++++++++++++------------- files/SZWESAMP/ZWEGENER | 2 +- 3 files changed, 29 insertions(+), 15 deletions(-) diff --git a/bin/commands/init/generate/index.ts b/bin/commands/init/generate/index.ts index 3b6ee91adb..956fb59709 100644 --- a/bin/commands/init/generate/index.ts +++ b/bin/commands/init/generate/index.ts @@ -27,7 +27,21 @@ export function execute(dryRun?: boolean) { jclContents = jclContents.replace(/\{zowe\.setup\.dataset\.prefix\}/gi, ZOWE_CONFIG.zowe.setup.dataset.prefix); jclContents = jclContents.replace(/\{zowe\.runtimeDirectory\}/gi, ZOWE_CONFIG.zowe.runtimeDirectory); - let absConfig = fs.convertToAbsolutePath(std.getenv('ZWE_PRIVATE_CONFIG_ORIG')); + let originalConfig = std.getenv('ZWE_PRIVATE_CONFIG_ORIG'); + let fileIndex = originalConfig.indexOf('FILE('); + let lastIndex = 0; + let absConfig = ''; + while (fileIndex != -1) { + absConfig += originalConfig.substring(lastIndex, fileIndex+5); + let parenIndex = originalConfig.indexOf(')', fileIndex+5); + let fileRef = originalConfig.substring(fileIndex+5, parenIndex); + let absRef = fs.convertToAbsolutePath(fileRef); + absConfig += absRef + ')'; + lastIndex = parenIndex+1; + fileIndex = originalConfig.indexOf('FILE(', lastIndex); + } + absConfig += originalConfig.substring(lastIndex); + jclContents = jclContents.replace('FILE ', 'FILE '+absConfig); xplatform.storeFileUTF8(tempFile, xplatform.AUTO_DETECT, jclContents); diff --git a/bin/commands/init/stc/index.ts b/bin/commands/init/stc/index.ts index 35debe9263..7b1fa212d5 100644 --- a/bin/commands/init/stc/index.ts +++ b/bin/commands/init/stc/index.ts @@ -84,20 +84,20 @@ export function execute(allowOverwrite: boolean = false) { if (stcExistence == true && !allowOverwrite) { common.printMessage(`Skipped writing to ${proclib}. To write, you must use --allow-overwrite.`); } else { - // prepare STCs - - // ZWESISTC + // Fix JCL if needed - cannot copy member with same name via (foo,foo,R) + // must instead be (foo,,R), so do string replace if see dual name. + const tmpfile = fs.createTmpFile(`zwe ${COMMAND_LIST}`.replace(new RegExp('\ ', 'g'), '-')); - common.printDebug(`- Copy ${jcllib}(ZWESISTC) to ${tmpfile}`); - const sistcContent = shell.execOutSync('sh', '-c', `cat "//'${jcllib}(ZWESISTC)'" 2>&1`); - if (sistcContent.out && sistcContent.rc == 0) { + common.printDebug(`- Copy ${jcllib}(ZWEISTC) to ${tmpfile}`); + const jclContent = shell.execOutSync('sh', '-c', `cat "//'${jcllib}(ZWEISTC)'" 2>&1`); + if (jclContent.out && jclContent.rc == 0) { common.printDebug(` * Succeeded`); common.printTrace(` * Output:`); - common.printTrace(stringlib.paddingLeft(sistcContent.out, " ")); + common.printTrace(stringlib.paddingLeft(jclContent.out, " ")); - const tmpFileContent = sistcContent.out.replace("ZWESLSTC,ZWESLSTC", "ZWESLSTC") - .replace("ZWESISTC,ZWESISTC", "ZWESISTC") - .replace("ZWESASTC,ZWESASTC", "ZWESASTC"); + const tmpFileContent = jclContent.out.replace("ZWESLSTC,ZWESLSTC", "ZWESLSTC,") + .replace("ZWESISTC,ZWESISTC", "ZWESISTC,") + .replace("ZWESASTC,ZWESASTC", "ZWESASTC,"); xplatform.storeFileUTF8(tmpfile, xplatform.AUTO_DETECT, tmpFileContent); common.printTrace(` * Stored:`); common.printTrace(stringlib.paddingLeft(tmpFileContent, " ")); @@ -105,10 +105,10 @@ export function execute(allowOverwrite: boolean = false) { shell.execSync('chmod', '700', tmpfile); } else { common.printDebug(` * Failed`); - common.printError(` * Exit code: ${sistcContent.rc}`); + common.printError(` * Exit code: ${jclContent.rc}`); common.printError(` * Output:`); - if (sistcContent.out) { - common.printError(stringlib.paddingLeft(sistcContent.out, " ")); + if (jclContent.out) { + common.printError(stringlib.paddingLeft(jclContent.out, " ")); } std.exit(1); } diff --git a/files/SZWESAMP/ZWEGENER b/files/SZWESAMP/ZWEGENER index 3d84f4dcc5..ae147824e9 100644 --- a/files/SZWESAMP/ZWEGENER +++ b/files/SZWESAMP/ZWEGENER @@ -13,7 +13,7 @@ //* this job as many times as you need. //* //* Configmgr documentation: -//* docs.zowe.org/stable/user-guide/configmgr-using +//* https://docs.zowe.org/stable/user-guide/configmgr-using //* //* Note: Any string with braces has an associated yaml value //* in one of the yaml definitions for Zowe. From 2536cd9f46ad080725b9823979e9aa3f26a4c915 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 12 Feb 2024 14:31:18 -0500 Subject: [PATCH 098/258] Simplify init certificate shell code by removing certificate/keyring-jcl middleman (unused elsewhere) and putting read-yaml usage into only the conditions that will need them, so that unused vars do not slow down execution Signed-off-by: 1000TurquoisePogs --- bin/commands/certificate/.examples | 2 - .../certificate/keyring-jcl/.examples | 3 - bin/commands/certificate/keyring-jcl/.help | 1 - .../certificate/keyring-jcl/clean/.errors | 1 - .../certificate/keyring-jcl/clean/.examples | 1 - .../certificate/keyring-jcl/clean/.help | 1 - .../certificate/keyring-jcl/clean/.parameters | 9 - .../certificate/keyring-jcl/clean/index.sh | 48 --- .../certificate/keyring-jcl/connect/.errors | 1 - .../certificate/keyring-jcl/connect/.examples | 1 - .../certificate/keyring-jcl/connect/.help | 1 - .../keyring-jcl/connect/.parameters | 13 - .../certificate/keyring-jcl/connect/index.sh | 59 ---- .../certificate/keyring-jcl/generate/.errors | 1 - .../keyring-jcl/generate/.examples | 1 - .../certificate/keyring-jcl/generate/.help | 1 - .../keyring-jcl/generate/.parameters | 21 -- .../certificate/keyring-jcl/generate/index.sh | 65 ---- .../certificate/keyring-jcl/import-ds/.errors | 1 - .../keyring-jcl/import-ds/.examples | 1 - .../certificate/keyring-jcl/import-ds/.help | 1 - .../keyring-jcl/import-ds/.parameters | 14 - .../keyring-jcl/import-ds/index.sh | 59 ---- bin/commands/init/certificate/index.sh | 314 ++++++++---------- bin/libs/certificate.sh | 12 +- 25 files changed, 146 insertions(+), 486 deletions(-) delete mode 100644 bin/commands/certificate/keyring-jcl/.examples delete mode 100644 bin/commands/certificate/keyring-jcl/.help delete mode 100644 bin/commands/certificate/keyring-jcl/clean/.errors delete mode 100644 bin/commands/certificate/keyring-jcl/clean/.examples delete mode 100644 bin/commands/certificate/keyring-jcl/clean/.help delete mode 100644 bin/commands/certificate/keyring-jcl/clean/.parameters delete mode 100644 bin/commands/certificate/keyring-jcl/clean/index.sh delete mode 100644 bin/commands/certificate/keyring-jcl/connect/.errors delete mode 100644 bin/commands/certificate/keyring-jcl/connect/.examples delete mode 100644 bin/commands/certificate/keyring-jcl/connect/.help delete mode 100644 bin/commands/certificate/keyring-jcl/connect/.parameters delete mode 100644 bin/commands/certificate/keyring-jcl/connect/index.sh delete mode 100644 bin/commands/certificate/keyring-jcl/generate/.errors delete mode 100644 bin/commands/certificate/keyring-jcl/generate/.examples delete mode 100644 bin/commands/certificate/keyring-jcl/generate/.help delete mode 100644 bin/commands/certificate/keyring-jcl/generate/.parameters delete mode 100644 bin/commands/certificate/keyring-jcl/generate/index.sh delete mode 100644 bin/commands/certificate/keyring-jcl/import-ds/.errors delete mode 100644 bin/commands/certificate/keyring-jcl/import-ds/.examples delete mode 100644 bin/commands/certificate/keyring-jcl/import-ds/.help delete mode 100644 bin/commands/certificate/keyring-jcl/import-ds/.parameters delete mode 100644 bin/commands/certificate/keyring-jcl/import-ds/index.sh diff --git a/bin/commands/certificate/.examples b/bin/commands/certificate/.examples index 8bbffda262..47961df6d7 100644 --- a/bin/commands/certificate/.examples +++ b/bin/commands/certificate/.examples @@ -1,3 +1 @@ -zwe certificate keyring-jcl clean --dataset-prefix my-dataset-prefix --jcllib my-jcllib --security-dry-run --keyring-owner my-keyring-owner --keyring-name my-keyring-name -a certificate-alias -ca ca-alias - zwe certificate verify-service --host service-hostname --port service-port diff --git a/bin/commands/certificate/keyring-jcl/.examples b/bin/commands/certificate/keyring-jcl/.examples deleted file mode 100644 index ffda4b8d9b..0000000000 --- a/bin/commands/certificate/keyring-jcl/.examples +++ /dev/null @@ -1,3 +0,0 @@ -zwe certificate keyring-jcl clean --dataset-prefix my-dataset-prefix --jcllib my-jcllib --security-dry-run --keyring-owner my-keyring-owner --keyring-name my-keyring-name -a certificate-alias -ca ca-alias - -zwe certificate keyring-jcl connect --dataset-prefix my-dataset-prefix --jcllib my-jcllib --security-dry-run --keyring-owner my-keyring-owner --keyring-name my-keyring-name --connect-user cert-owner --connect-label cert-label diff --git a/bin/commands/certificate/keyring-jcl/.help b/bin/commands/certificate/keyring-jcl/.help deleted file mode 100644 index bd0aa74d74..0000000000 --- a/bin/commands/certificate/keyring-jcl/.help +++ /dev/null @@ -1 +0,0 @@ -Manage z/OS Keyring with JCL. diff --git a/bin/commands/certificate/keyring-jcl/clean/.errors b/bin/commands/certificate/keyring-jcl/clean/.errors deleted file mode 100644 index 3fb2da7665..0000000000 --- a/bin/commands/certificate/keyring-jcl/clean/.errors +++ /dev/null @@ -1 +0,0 @@ -ZWEL0176E|176|Failed to clean up Zowe keyring "%s". diff --git a/bin/commands/certificate/keyring-jcl/clean/.examples b/bin/commands/certificate/keyring-jcl/clean/.examples deleted file mode 100644 index 12b82ea995..0000000000 --- a/bin/commands/certificate/keyring-jcl/clean/.examples +++ /dev/null @@ -1 +0,0 @@ -zwe certificate keyring-jcl clean --dataset-prefix my-dataset-prefix --jcllib my-jcllib --security-dry-run --keyring-owner my-keyring-owner --keyring-name my-keyring-name -a certificate-alias -ca ca-alias diff --git a/bin/commands/certificate/keyring-jcl/clean/.help b/bin/commands/certificate/keyring-jcl/clean/.help deleted file mode 100644 index 1277a96b7f..0000000000 --- a/bin/commands/certificate/keyring-jcl/clean/.help +++ /dev/null @@ -1 +0,0 @@ -Remove Zowe keyring. diff --git a/bin/commands/certificate/keyring-jcl/clean/.parameters b/bin/commands/certificate/keyring-jcl/clean/.parameters deleted file mode 100644 index cd0d2f0bf0..0000000000 --- a/bin/commands/certificate/keyring-jcl/clean/.parameters +++ /dev/null @@ -1,9 +0,0 @@ -dataset-prefix,ds-prefix||string|required||||Dataset prefix where Zowe is installed. -jcllib||string|required||||JCLLIB data set name where the JCL will be placed. -security-dry-run||boolean|||||Whether to dry run security related setup. -security-product||string||RACF|||Security product. Can be a value of RACF, ACF2 or TSS. -keyring-owner||string|required||||Owner of the keyring. -keyring-name||string|required||||Name of the keyring. -alias|a|string|required|localhost|||Certificate alias name. -ca-alias|ca|string|required|localca|||Certificate authority alias name. -ignore-security-failures||boolean|||||Whether to ignore security setup job failures. diff --git a/bin/commands/certificate/keyring-jcl/clean/index.sh b/bin/commands/certificate/keyring-jcl/clean/index.sh deleted file mode 100644 index 33c7715e9b..0000000000 --- a/bin/commands/certificate/keyring-jcl/clean/index.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/sh - -####################################################################### -# This program and the accompanying materials are made available -# under the terms of the Eclipse Public License v2.0 which -# accompanies this distribution, and is available at -# https://www.eclipse.org/legal/epl-v20.html -# -# SPDX-License-Identifier: EPL-2.0 -# -# Copyright Contributors to the Zowe Project. -####################################################################### - -print_level1_message "Remove Zowe keyring" - -############################### -# constants & variables -job_has_failures= - -############################### -# validation - -############################### -# run ZWENOKYR JCL -keyring_run_zwenokyr_jcl \ - "${ZWE_CLI_PARAMETER_DATASET_PREFIX}" \ - "${ZWE_CLI_PARAMETER_JCLLIB}" \ - "${ZWE_CLI_PARAMETER_KEYRING_OWNER}" \ - "${ZWE_CLI_PARAMETER_KEYRING_NAME}" \ - "${ZWE_CLI_PARAMETER_ALIAS}" \ - "${ZWE_CLI_PARAMETER_CA_ALIAS}" \ - "${ZWE_CLI_PARAMETER_SECURITY_PRODUCT}" -if [ $? -ne 0 ]; then - job_has_failures=true - if [ "${ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES}" = "true" ]; then - print_error "Error ZWEL0176E: Failed to clean up Zowe keyring \"${ZWE_CLI_PARAMETER_KEYRING_OWNER}/${ZWE_CLI_PARAMETER_KEYRING_NAME}\"." - else - print_error_and_exit "Error ZWEL0176E: Failed to clean up Zowe keyring \"${ZWE_CLI_PARAMETER_KEYRING_OWNER}/${ZWE_CLI_PARAMETER_KEYRING_NAME}\"." "" 176 - fi -fi - -############################### -# exit message -if [ "${job_has_failures}" = "true" ]; then - print_level2_message "Failed to remove Zowe keyring. Please check job log for details." -else - print_level2_message "Zowe keyring is removed successfully." -fi diff --git a/bin/commands/certificate/keyring-jcl/connect/.errors b/bin/commands/certificate/keyring-jcl/connect/.errors deleted file mode 100644 index 149f5cdcd7..0000000000 --- a/bin/commands/certificate/keyring-jcl/connect/.errors +++ /dev/null @@ -1 +0,0 @@ -ZWEL0175E|175|Failed to connect existing certificate to Zowe keyring "%s". diff --git a/bin/commands/certificate/keyring-jcl/connect/.examples b/bin/commands/certificate/keyring-jcl/connect/.examples deleted file mode 100644 index 75ec5078f8..0000000000 --- a/bin/commands/certificate/keyring-jcl/connect/.examples +++ /dev/null @@ -1 +0,0 @@ -zwe certificate keyring-jcl connect --dataset-prefix my-dataset-prefix --jcllib my-jcllib --security-dry-run --keyring-owner my-keyring-owner --keyring-name my-keyring-name --connect-user cert-owner --connect-label cert-label diff --git a/bin/commands/certificate/keyring-jcl/connect/.help b/bin/commands/certificate/keyring-jcl/connect/.help deleted file mode 100644 index 7b3f1cb35c..0000000000 --- a/bin/commands/certificate/keyring-jcl/connect/.help +++ /dev/null @@ -1 +0,0 @@ -Connect existing certificate to Zowe keyring. diff --git a/bin/commands/certificate/keyring-jcl/connect/.parameters b/bin/commands/certificate/keyring-jcl/connect/.parameters deleted file mode 100644 index 1160a03958..0000000000 --- a/bin/commands/certificate/keyring-jcl/connect/.parameters +++ /dev/null @@ -1,13 +0,0 @@ -dataset-prefix,ds-prefix||string|required||||Dataset prefix where Zowe is installed. -jcllib||string|required||||JCLLIB data set name where the JCL will be placed. -security-dry-run||boolean|||||Whether to dry run security related setup. -security-product||string||RACF|||Security product. Can be a value of RACF, ACF2 or TSS. -keyring-owner||string|required||||Owner of the keyring. -keyring-name||string|required||||Name of the keyring. -trust-cas||string|||||Labels of extra certificate authorities should be trusted, separated by comma (Maximum 2). -connect-user||string|required||||Certificate owner. Can be `SITE` or a user ID. -connect-label||string|required||||Certificate label to connect. -trust-zosmf||boolean|||||Whether to trust z/OSMF CA. -zosmf-ca||string||_auto_|||Labels of z/OSMF root certificate authorities. Specify `_auto_` to let Zowe to detect automatically. This works for RACF and TSS. -zosmf-user||string||IZUSVR|||z/OSMF user name. This is used to automatically detect z/OSMF root certificate authorities. -ignore-security-failures||boolean|||||Whether to ignore security setup job failures. diff --git a/bin/commands/certificate/keyring-jcl/connect/index.sh b/bin/commands/certificate/keyring-jcl/connect/index.sh deleted file mode 100644 index 86fbaa028b..0000000000 --- a/bin/commands/certificate/keyring-jcl/connect/index.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/sh - -####################################################################### -# This program and the accompanying materials are made available -# under the terms of the Eclipse Public License v2.0 which -# accompanies this distribution, and is available at -# https://www.eclipse.org/legal/epl-v20.html -# -# SPDX-License-Identifier: EPL-2.0 -# -# Copyright Contributors to the Zowe Project. -####################################################################### - -print_level1_message "Connect existing certificate to Zowe keyring" - -############################### -# constants & variables -job_has_failures= - -############################### -# validation - -############################### -# run ZWEKRING JCL -ZWE_PRIVATE_ZOSMF_USER="${ZWE_CLI_PARAMETER_ZOSMF_USER}" \ - keyring_run_zwekring_jcl \ - "${ZWE_CLI_PARAMETER_DATASET_PREFIX}" \ - "${ZWE_CLI_PARAMETER_JCLLIB}" \ - 2 \ - "${ZWE_CLI_PARAMETER_KEYRING_OWNER}" \ - "${ZWE_CLI_PARAMETER_KEYRING_NAME}" \ - "" \ - "" \ - "" \ - "${ZWE_CLI_PARAMETER_TRUST_CAS}" \ - "${ZWE_CLI_PARAMETER_TRUST_ZOSMF}" \ - "${ZWE_CLI_PARAMETER_ZOSMF_CA}" \ - "${ZWE_CLI_PARAMETER_CONNECT_USER}" \ - "${ZWE_CLI_PARAMETER_CONNECT_LABEL}" \ - "" \ - "" \ - "" \ - "${ZWE_CLI_PARAMETER_SECURITY_PRODUCT}" -if [ $? -ne 0 ]; then - job_has_failures=true - if [ "${ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES}" = "true" ]; then - print_error "Error ZWEL0175E: Failed to connect existing certificate to Zowe keyring \"${ZWE_CLI_PARAMETER_KEYRING_OWNER}/${ZWE_CLI_PARAMETER_KEYRING_NAME}\"." - else - print_error_and_exit "Error ZWEL0175E: Failed to connect existing certificate to Zowe keyring \"${ZWE_CLI_PARAMETER_KEYRING_OWNER}/${ZWE_CLI_PARAMETER_KEYRING_NAME}\"." "" 175 - fi -fi - -############################### -# exit message -if [ "${job_has_failures}" = "true" ]; then - print_level2_message "Failed to connect existing certificate to Zowe keyring. Please check job log for details." -else - print_level2_message "Certificate is connected to Zowe keyring successfully." -fi diff --git a/bin/commands/certificate/keyring-jcl/generate/.errors b/bin/commands/certificate/keyring-jcl/generate/.errors deleted file mode 100644 index 6c902d7f5b..0000000000 --- a/bin/commands/certificate/keyring-jcl/generate/.errors +++ /dev/null @@ -1 +0,0 @@ -ZWEL0174E|174|Failed to generate certificate in Zowe keyring "%s". diff --git a/bin/commands/certificate/keyring-jcl/generate/.examples b/bin/commands/certificate/keyring-jcl/generate/.examples deleted file mode 100644 index b7dcd586c7..0000000000 --- a/bin/commands/certificate/keyring-jcl/generate/.examples +++ /dev/null @@ -1 +0,0 @@ -zwe certificate keyring-jcl generate --dataset-prefix my-dataset-prefix --jcllib my-jcllib --security-dry-run --keyring-owner my-keyring-owner --keyring-name my-keyring-name -d my-domain -a certificate-alias -ca ca-alias diff --git a/bin/commands/certificate/keyring-jcl/generate/.help b/bin/commands/certificate/keyring-jcl/generate/.help deleted file mode 100644 index 09a593039e..0000000000 --- a/bin/commands/certificate/keyring-jcl/generate/.help +++ /dev/null @@ -1 +0,0 @@ -Generate new set of certificate in Zowe keyring. diff --git a/bin/commands/certificate/keyring-jcl/generate/.parameters b/bin/commands/certificate/keyring-jcl/generate/.parameters deleted file mode 100644 index 5a16628783..0000000000 --- a/bin/commands/certificate/keyring-jcl/generate/.parameters +++ /dev/null @@ -1,21 +0,0 @@ -dataset-prefix,ds-prefix||string|required||||Dataset prefix where Zowe is installed. -jcllib||string|required||||JCLLIB data set name where the JCL will be placed. -security-dry-run||boolean|||||Whether to dry run security related setup. -security-product||string||RACF|||Security product. Can be a value of RACF, ACF2 or TSS. -keyring-owner||string|required||||Owner of the keyring. -keyring-name||string|required||||Name of the keyring. -domains|d|string|required||||Domain and IP for the certificate separated by comma. (Please note RACDCERT is limited to only have one domain and one IP.) -alias|a|string|required|localhost|||Certificate alias name. -ca-alias|ca|string|required|localca|||Certificate authority alias name. -common-name|cn|string|||||Common name of certificate and certificate authority. -org-unit||string|||||Organization unit of certificate and certificate authority. -org||string|||||Organization of certificate and certificate authority. -locality||string|||||Locality of certificate and certificate authority. -state||string|||||State of certificate and certificate authority. -country||string|||||Country of certificate and certificate authority. -validity||string|||||Validity days of certificate. -trust-cas||string|||||Labels of extra certificate authorities should be trusted, separated by comma (Maximum 2). -trust-zosmf||boolean|||||Whether to trust z/OSMF CA. -zosmf-ca||string||_auto_|||Labels of z/OSMF root certificate authorities. Specify `_auto_` to let Zowe to detect automatically. This works for RACF and TSS. -zosmf-user||string||IZUSVR|||z/OSMF user name. This is used to automatically detect z/OSMF root certificate authorities. -ignore-security-failures||boolean|||||Whether to ignore security setup job failures. diff --git a/bin/commands/certificate/keyring-jcl/generate/index.sh b/bin/commands/certificate/keyring-jcl/generate/index.sh deleted file mode 100644 index f1290e0c86..0000000000 --- a/bin/commands/certificate/keyring-jcl/generate/index.sh +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/sh - -####################################################################### -# This program and the accompanying materials are made available -# under the terms of the Eclipse Public License v2.0 which -# accompanies this distribution, and is available at -# https://www.eclipse.org/legal/epl-v20.html -# -# SPDX-License-Identifier: EPL-2.0 -# -# Copyright Contributors to the Zowe Project. -####################################################################### - -print_level1_message "Generate Zowe certificate in keyring" - -############################### -# constants & variables -job_has_failures= - -############################### -# validation - -############################### -# run ZWEKRING JCL -ZWE_PRIVATE_CERTIFICATE_CA_ORG_UNIT="${ZWE_CLI_PARAMETER_ORG_UNIT}" \ - ZWE_PRIVATE_CERTIFICATE_CA_ORG="${ZWE_CLI_PARAMETER_ORG}" \ - ZWE_PRIVATE_CERTIFICATE_CA_LOCALITY="${ZWE_CLI_PARAMETER_LOCALITY}" \ - ZWE_PRIVATE_CERTIFICATE_CA_STATE="${ZWE_CLI_PARAMETER_STATE}" \ - ZWE_PRIVATE_CERTIFICATE_CA_COUNTRY="${ZWE_CLI_PARAMETER_COUNTRY}" \ - ZWE_PRIVATE_CERTIFICATE_CA_VALIDITY="${ZWE_CLI_PARAMETER_VALIDITY}" \ - ZWE_PRIVATE_ZOSMF_USER="${ZWE_CLI_PARAMETER_ZOSMF_USER}" \ - keyring_run_zwekring_jcl \ - "${ZWE_CLI_PARAMETER_DATASET_PREFIX}" \ - "${ZWE_CLI_PARAMETER_JCLLIB}" \ - 1 \ - "${ZWE_CLI_PARAMETER_KEYRING_OWNER}" \ - "${ZWE_CLI_PARAMETER_KEYRING_NAME}" \ - "${ZWE_CLI_PARAMETER_DOMAINS}" \ - "${ZWE_CLI_PARAMETER_ALIAS}" \ - "${ZWE_CLI_PARAMETER_CA_ALIAS}" \ - "${ZWE_CLI_PARAMETER_TRUST_CAS}" \ - "${ZWE_CLI_PARAMETER_TRUST_ZOSMF}" \ - "${ZWE_CLI_PARAMETER_ZOSMF_CA}" \ - "" \ - "" \ - "" \ - "" \ - "${ZWE_CLI_PARAMETER_VALIDITY}" \ - "${ZWE_CLI_PARAMETER_SECURITY_PRODUCT}" -if [ $? -ne 0 ]; then - job_has_failures=true - if [ "${ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES}" = "true" ]; then - print_error "Error ZWEL0174E: Failed to generate certificate in Zowe keyring \"${ZWE_CLI_PARAMETER_KEYRING_OWNER}/${ZWE_CLI_PARAMETER_KEYRING_NAME}\"." - else - print_error_and_exit "Error ZWEL0174E: Failed to generate certificate in Zowe keyring \"${ZWE_CLI_PARAMETER_KEYRING_OWNER}/${ZWE_CLI_PARAMETER_KEYRING_NAME}\"." "" 174 - fi -fi - -############################### -# exit message -if [ "${job_has_failures}" = "true" ]; then - print_level2_message "Failed to generate certificate to Zowe keyring. Please check job log for details." -else - print_level2_message "Certificate is generated in keyring successfully." -fi diff --git a/bin/commands/certificate/keyring-jcl/import-ds/.errors b/bin/commands/certificate/keyring-jcl/import-ds/.errors deleted file mode 100644 index baec706241..0000000000 --- a/bin/commands/certificate/keyring-jcl/import-ds/.errors +++ /dev/null @@ -1 +0,0 @@ -ZWEL0173E|173|Failed to import certificate to Zowe keyring "%s". diff --git a/bin/commands/certificate/keyring-jcl/import-ds/.examples b/bin/commands/certificate/keyring-jcl/import-ds/.examples deleted file mode 100644 index 82be8a3546..0000000000 --- a/bin/commands/certificate/keyring-jcl/import-ds/.examples +++ /dev/null @@ -1 +0,0 @@ -zwe certificate keyring-jcl import-ds --dataset-prefix my-dataset-prefix --jcllib my-jcllib --security-dry-run --keyring-owner my-keyring-owner --keyring-name my-keyring-name -a certificate-alias --import-ds-name my-ds-name --import-ds-password my-ds-password diff --git a/bin/commands/certificate/keyring-jcl/import-ds/.help b/bin/commands/certificate/keyring-jcl/import-ds/.help deleted file mode 100644 index 663e244500..0000000000 --- a/bin/commands/certificate/keyring-jcl/import-ds/.help +++ /dev/null @@ -1 +0,0 @@ -Import certificate stored in MVS data set into Zowe keyring. diff --git a/bin/commands/certificate/keyring-jcl/import-ds/.parameters b/bin/commands/certificate/keyring-jcl/import-ds/.parameters deleted file mode 100644 index 801991dcce..0000000000 --- a/bin/commands/certificate/keyring-jcl/import-ds/.parameters +++ /dev/null @@ -1,14 +0,0 @@ -dataset-prefix,ds-prefix||string|required||||Dataset prefix where Zowe is installed. -jcllib||string|required||||JCLLIB data set name where the JCL will be placed. -security-dry-run||boolean|||||Whether to dry run security related setup. -security-product||string||RACF|||Security product. Can be a value of RACF, ACF2 or TSS. -keyring-owner||string|required||||Owner of the keyring. -keyring-name||string|required||||Name of the keyring. -alias|a|string|required|localhost|||Certificate alias name. -trust-cas||string|||||Labels of extra certificate authorities should be trusted, separated by comma (Maximum 2). -trust-zosmf||boolean|||||Whether to trust z/OSMF CA. -zosmf-ca||string||_auto_|||Labels of z/OSMF root certificate authorities. Specify `_auto_` to let Zowe to detect automatically. This works for RACF and TSS. -zosmf-user||string||IZUSVR|||z/OSMF user name. This is used to automatically detect z/OSMF root certificate authorities. -import-ds-name||string|required||||Name of the data set holds certificate to import into keyring. -import-ds-password||string|required||||Password of the data set holds certificate to import. -ignore-security-failures||boolean|||||Whether to ignore security setup job failures. diff --git a/bin/commands/certificate/keyring-jcl/import-ds/index.sh b/bin/commands/certificate/keyring-jcl/import-ds/index.sh deleted file mode 100644 index e4d5f62dd6..0000000000 --- a/bin/commands/certificate/keyring-jcl/import-ds/index.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/sh - -####################################################################### -# This program and the accompanying materials are made available -# under the terms of the Eclipse Public License v2.0 which -# accompanies this distribution, and is available at -# https://www.eclipse.org/legal/epl-v20.html -# -# SPDX-License-Identifier: EPL-2.0 -# -# Copyright Contributors to the Zowe Project. -####################################################################### - -print_level1_message "Import certificate to Zowe keyring" - -############################### -# constants & variables -job_has_failures= - -############################### -# validation - -############################### -# run ZWEKRING JCL -ZWE_PRIVATE_ZOSMF_USER="${ZWE_CLI_PARAMETER_ZOSMF_USER}" \ - keyring_run_zwekring_jcl \ - "${ZWE_CLI_PARAMETER_DATASET_PREFIX}" \ - "${ZWE_CLI_PARAMETER_JCLLIB}" \ - 3 \ - "${ZWE_CLI_PARAMETER_KEYRING_OWNER}" \ - "${ZWE_CLI_PARAMETER_KEYRING_NAME}" \ - "" \ - "${ZWE_CLI_PARAMETER_ALIAS}" \ - "" \ - "${ZWE_CLI_PARAMETER_TRUST_CAS}" \ - "${ZWE_CLI_PARAMETER_TRUST_ZOSMF}" \ - "${ZWE_CLI_PARAMETER_ZOSMF_CA}" \ - "" \ - "" \ - "${ZWE_CLI_PARAMETER_IMPORT_DS_NAME}" \ - "${ZWE_CLI_PARAMETER_IMPORT_DS_PASSWORD}" \ - "" \ - "${ZWE_CLI_PARAMETER_SECURITY_PRODUCT}" -if [ $? -ne 0 ]; then - job_has_failures=true - if [ "${ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES}" = "true" ]; then - print_error "Error ZWEL0173E: Failed to import certificate to Zowe keyring \"${ZWE_CLI_PARAMETER_KEYRING_OWNER}/${ZWE_CLI_PARAMETER_KEYRING_NAME}\"." - else - print_error_and_exit "Error ZWEL0173E: Failed to import certificate to Zowe keyring \"${ZWE_CLI_PARAMETER_KEYRING_OWNER}/${ZWE_CLI_PARAMETER_KEYRING_NAME}\"." "" 173 - fi -fi - -############################### -# exit message -if [ "${job_has_failures}" = "true" ]; then - print_level2_message "Failed to import certificate to Zowe keyring. Please check job log for details." -else - print_level2_message "Certificate is imported to Zowe keyring successfully." -fi diff --git a/bin/commands/init/certificate/index.sh b/bin/commands/init/certificate/index.sh index 8fe98560ae..e52868c0d6 100644 --- a/bin/commands/init/certificate/index.sh +++ b/bin/commands/init/certificate/index.sh @@ -27,29 +27,20 @@ if [ "$?" -eq 1 ]; then print_error_and_exit "Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 fi -security_product=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.product") -security_users_zowe=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.users.zowe") -security_groups_admin=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.groups.admin") # read cert type and validate cert_type=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.type") if [ -z "${cert_type}" ]; then print_error_and_exit "Error ZWEL0157E: Certificate type (zowe.setup.certificate.type) is not defined in Zowe YAML configuration file." "" 157 fi + [[ "$cert_type" == "PKCS12" || "$cert_type" == JCE*KS ]] if [ $? -ne 0 ]; then print_error_and_exit "Error ZWEL0164E: Value of certificate type (zowe.setup.certificate.type) defined in Zowe YAML configuration file is invalid. Valid values are PKCS12, JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS." "" 164 fi -# read cert dname -for item in caCommonName commonName orgUnit org locality state country; do - var_name="dname_${item}" - var_val=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.dname.${item}") - eval "${var_name}=\"${var_val}\"" -done -# read cert validity -cert_validity=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.validity") + if [ "${cert_type}" = "PKCS12" ]; then # read keystore info - for item in directory lock name password caAlias caPassword; do + for item in directory lock name password; do var_name="pkcs12_${item}" var_val=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.pkcs12.${item}") eval "${var_name}=\"${var_val}\"" @@ -58,44 +49,68 @@ if [ "${cert_type}" = "PKCS12" ]; then print_error_and_exit "Error ZWEL0157E: Keystore directory (zowe.setup.certificate.pkcs12.directory) is not defined in Zowe YAML configuration file." "" 157 fi # read keystore import info - for item in keystore password alias; do - var_name="pkcs12_import_${item}" - var_val=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.pkcs12.import.${item}") - eval "${var_name}=\"${var_val}\"" - done - if [ -n "${pkcs12_import_keystore}" ]; then - if [ -z "${pkcs12_import_password}" ]; then - print_error_and_exit "Error ZWEL0157E: Password for import keystore (zowe.setup.certificate.pkcs12.import.password) is not defined in Zowe YAML configuration file." "" 157 - fi - if [ -z "${pkcs12_import_alias}" ]; then - print_error_and_exit "Error ZWEL0157E: Certificate alias of import keystore (zowe.setup.certificate.pkcs12.import.alias) is not defined in Zowe YAML configuration file." "" 157 - fi - fi -elif [[ "${cert_type}" == JCE*KS ]]; then + pkcs12_import_keystore=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.pkcs12.import.keystore") + +else # JCE* content + security_product=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.product") + keyring_option=1 # read keyring info - for item in owner name label caLabel; do + # TODO removed "owner" here because it wasnt being read in the JCL. + for item in name label caLabel; do var_name="keyring_${item}" var_val=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.keyring.${item}") eval "${var_name}=\"${var_val}\"" done + # FIXME: currently ZWEKRING jcl will import the cert and chain, CA will also be added to CERTAUTH, but the CA will not be connected to keyring. + # the CA imported could have label like LABEL00000001. + yaml_keyring_label="${keyring_label}" if [ -z "${keyring_name}" ]; then print_error_and_exit "Error ZWEL0157E: Zowe keyring name (zowe.setup.certificate.keyring.name) is not defined in Zowe YAML configuration file." "" 157 fi + keyring_import_dsName=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.keyring.import.dsName") - keyring_import_password=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.keyring.import.password") if [ -n "${keyring_import_dsName}" ]; then keyring_option=3 + keyring_import_password=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.keyring.import.password") if [ -z "${keyring_import_password}" ]; then print_error_and_exit "Error ZWEL0157E: The password for data set storing importing certificate (zowe.setup.certificate.keyring.import.password) is not defined in Zowe YAML configuration file." "" 157 fi + else + keyring_connect_label=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.keyring.connect.label") + if [ -n "${keyring_connect_label}" ]; then + keyring_option=2 + keyring_connect_user=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.keyring.connect.user") + if [ -z "${keyring_connect_user}" ]; then + print_error_and_exit "Error ZWEL0157E: (zowe.setup.certificate.keyring.connect.user) is not defined in Zowe YAML configuration file." "" 157 + fi + yaml_keyring_label="${keyring_connect_label}" + fi fi - keyring_connect_user=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.keyring.connect.user") - keyring_connect_label=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.keyring.connect.label") - if [ -n "${keyring_connect_label}" ]; then - keyring_option=2 + + if [ "${keyring_option}" -eq 1 ]; then + # validate parameters only needed for creation of certificate + for item in caCommonName commonName orgUnit org locality state country; do + var_val=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.dname.${item}") + if [ -z "${var_val}" ]; then + print_error_and_exit "Error ZWEL0157E: Certificate creation parameter (zowe.setup.certificate.dname.${item}) is not defined in Zowe YAML configuration file." "" 157 + fi + done + # read cert validity + cert_validity=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.validity") + if [ -z "${cert_validity}" ]; then + print_error_and_exit "Error ZWEL0157E: Certificate creation parameter (zowe.setup.certificate.validity) is not defined in Zowe YAML configuration file." "" 157 + fi fi + + # read keyring-specific z/OSMF info + for item in user ca; do + var_name="zosmf_${item}" + var_val=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.keyring.zOSMF.${item}") + eval "${var_name}=\"${var_val}\"" + done fi + # read keystore domains cert_import_CAs=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.importCertificateAuthorities" | tr '\n' ',') # read keystore domains @@ -104,12 +119,6 @@ if [ -z "${cert_domains}" ]; then cert_domains=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.externalDomains" | tr '\n' ',') fi -# read z/OSMF info -for item in user ca; do - var_name="zosmf_${item}" - var_val=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.keyring.zOSMF.${item}") - eval "${var_name}=\"${var_val}\"" -done for item in host port; do var_name="zosmf_${item}" var_val=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zOSMF.${item}") @@ -127,56 +136,77 @@ fi ############################### -# set default values -if [ -z "${security_product}" ]; then - security_product=RACF -fi -if [ -z "${security_users_zowe}" ]; then - security_users_zowe=${ZWE_PRIVATE_DEFAULT_ZOWE_USER} -fi -if [ -z "${security_groups_admin}" ]; then - security_groups_admin=${ZWE_PRIVATE_DEFAULT_ADMIN_GROUP} -fi +# set default values or quit on missing ones + if [ "${cert_type}" = "PKCS12" ]; then - if [ -z "${pkcs12_caAlias}" ]; then - pkcs12_caAlias=local_ca - fi - if [ -z "${pkcs12_caPassword}" ]; then - pkcs12_caPassword=local_ca_password - fi if [ -z "${pkcs12_name}" ]; then - pkcs12_name=localhost + print_error_and_exit "Error ZWEL0157E: (zowe.setup.certificate.pkcs12.name) is not defined in Zowe YAML configuration file." "" 157 fi if [ -z "${pkcs12_password}" ]; then - pkcs12_password=password + print_error_and_exit "Error ZWEL0157E: (zowe.setup.certificate.pkcs12.password) is not defined in Zowe YAML configuration file." "" 157 fi -elif [[ "${cert_type}" == JCE*KS ]]; then + + + if [ "$(lower_case "${pkcs12_lock}")" = "true" ]; then + security_users_zowe=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.users.zowe") + security_groups_admin=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.groups.admin") + if [ -z "${security_users_zowe}" ]; then + security_users_zowe=${ZWE_PRIVATE_DEFAULT_ZOWE_USER} + fi + if [ -z "${security_groups_admin}" ]; then + security_groups_admin=${ZWE_PRIVATE_DEFAULT_ADMIN_GROUP} + fi + fi +else # JCE* content + if [ -z "${security_product}" ]; then + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.product) is not defined in Zowe YAML configuration file." "" 157 + fi + security_users_zowe=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.users.zowe") + if [ -z "${security_users_zowe}" ]; then + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.users.zowe) is not defined in Zowe YAML configuration file." "" 157 + fi + # TODO this seems to not actually be used... was this an unusual user request? is it even possible to be a different owner? if [ -z "${keyring_owner}" ]; then keyring_owner=${security_users_zowe} fi - if [ -z "${keyring_label}" ]; then - keyring_label=localhost - fi + if [ "${keyring_option}" = "1" ]; then if [ -z "${keyring_caLabel}" ]; then - keyring_caLabel=localca + print_error_and_exit "Error ZWEL0157E: (zowe.setup.certificate.keyring.caLabel) is not defined in Zowe YAML configuration file." "" 157 + fi + fi + if [ "${keyring_option}" != "2" ]; then + if [ -z "${keyring_label}" ]; then + print_error_and_exit "Error ZWEL0157E: (zowe.setup.certificate.keyring.label) is not defined in Zowe YAML configuration file." "" 157 fi - else - # for import case, this variable is not used - keyring_caLabel= fi + if [ "${security_product}" = "ACF2" ]; then + security_groups_stc=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.groups.stc") + if [ -z "${security_groups_stc}" ]; then + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.groups.stc) is not defined in Zowe YAML configuration file." "" 157 + fi + fi + if [ -z "${zosmf_ca}" -a "${security_product}" = "RACF" -a -n "${zosmf_host}" ]; then zosmf_ca="_auto_" fi fi -pkcs12_name_lc=$(echo "${pkcs12_name}" | lower_case) -pkcs12_caAlias_lc=$(echo "${pkcs12_caAlias}" | lower_case) -# what PEM format CAs we should tell Zowe to use -yaml_pem_cas= ############################### if [ "${cert_type}" = "PKCS12" ]; then + # what PEM format CAs we should tell Zowe to use + yaml_pem_cas= + if [ -n "${pkcs12_import_keystore}" ]; then + pkcs12_import_password=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.pkcs12.import.password") + if [ -z "${pkcs12_import_password}" ]; then + print_error_and_exit "Error ZWEL0157E: Password for import keystore (zowe.setup.certificate.pkcs12.import.password) is not defined in Zowe YAML configuration file." "" 157 + fi + pkcs12_import_alias=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.pkcs12.import.alias") + if [ -z "${pkcs12_import_alias}" ]; then + print_error_and_exit "Error ZWEL0157E: Certificate alias of import keystore (zowe.setup.certificate.pkcs12.import.alias) is not defined in Zowe YAML configuration file." "" 157 + fi + # import from another keystore zwecli_inline_execute_command \ certificate pkcs12 import \ @@ -187,6 +217,18 @@ if [ "${cert_type}" = "PKCS12" ]; then --source-password "${pkcs12_import_password}" \ --source-alias "${pkcs12_import_alias}" else + # cert to be created, read creation parameters. + for item in caCommonName commonName orgUnit org locality state country; do + var_name="dname_${item}" + var_val=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.dname.${item}") + eval "${var_name}=\"${var_val}\"" + done + # read cert validity + cert_validity=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.validity") + + pkcs12_caPassword=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.pkcs12.caPassword") + pkcs12_caAlias=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.pkcs12.caAlias") + pkcs12_caAlias_lc=$(echo "${pkcs12_caAlias}" | lower_case) # create CA zwecli_inline_execute_command \ certificate pkcs12 create ca \ @@ -299,6 +341,8 @@ if [ "${cert_type}" = "PKCS12" ]; then --group-permission none fi + pkcs12_name_lc=$(echo "${pkcs12_name}" | lower_case) + # update zowe.yaml if [ "${ZWE_CLI_PARAMETER_UPDATE_CONFIG}" = "true" ]; then print_level1_message "Update certificate configuration to ${ZWE_CLI_PARAMETER_CONFIG}" @@ -336,129 +380,56 @@ if [ "${cert_type}" = "PKCS12" ]; then print_level2_message "Zowe configuration requires manual updates." fi ############################### -elif [[ "${cert_type}" == JCE*KS ]]; then +else # JCE* content # FIXME: how do we check if keyring exists without permission on RDATALIB? # should we clean up before creating new if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then # warning print_message "Warning ZWEL0300W: Keyring \"safkeyring:///${keyring_owner}/${keyring_name}\" will be overwritten during configuration." - zwecli_inline_execute_command \ - certificate keyring-jcl clean \ - --dataset-prefix "${prefix}" \ - --jcllib "${jcllib}" \ - --keyring-owner "${keyring_owner}" \ - --keyring-name "${keyring_name}" \ - --alias "${keyring_label}" \ - --ca-alias "${keyring_caLabel}" \ - --security-product "${security_product}" + keyring_run_zwenokyr_jcl "${prefix}" "${jcllib}" "${security_product}" else # error # print_error_and_exit "Error ZWEL0158E: Keyring \"safkeyring:///${keyring_owner}/${keyring_name}\" already exists." "" 158 fi - yaml_keyring_label= - case ${keyring_option} in - 1) - # generate new cert in keyring - zwecli_inline_execute_command \ - certificate keyring-jcl generate \ - --dataset-prefix "${prefix}" \ - --jcllib "${jcllib}" \ - --keyring-owner "${keyring_owner}" \ - --keyring-name "${keyring_name}" \ - --alias "${keyring_label}" \ - --ca-alias "${keyring_caLabel}" \ - --trust-cas "${cert_import_CAs}" \ - --common-name "${dname_commonName}" \ - --org-unit "${dname_orgUnit}" \ - --org "${dname_org}" \ - --locality "${dname_locality}" \ - --state "${dname_state}" \ - --country "${dname_country}" \ - --validity "${cert_validity}" \ - --security-product "${security_product}" \ - --domains "${cert_domains}" \ - "${keyring_trust_zosmf}" \ - --zosmf-ca "${zosmf_ca}" \ - --zosmf-user "${zosmf_user}" - - yaml_keyring_label="${keyring_label}" - # keyring string for self-signed CA - yaml_pem_cas="safkeyring:////${keyring_owner}/${keyring_name}&${keyring_caLabel}" - ;; - 2) - # connect existing certs to zowe keyring - zwecli_inline_execute_command \ - certificate keyring-jcl connect \ - --dataset-prefix "${prefix}" \ - --jcllib "${jcllib}" \ - --keyring-owner "${keyring_owner}" \ - --keyring-name "${keyring_name}" \ - --trust-cas "${cert_import_CAs}" \ - --connect-user "${keyring_connect_user}" \ - --connect-label "${keyring_connect_label}" \ - --security-product "${security_product}" \ - "${keyring_trust_zosmf}" \ - --zosmf-ca "${zosmf_ca}" \ - --zosmf-user "${zosmf_user}" - - yaml_keyring_label="${keyring_connect_label}" - ;; - 3) - # import certs from data set into zowe keyring - zwecli_inline_execute_command \ - certificate keyring-jcl import-ds \ - --dataset-prefix "${prefix}" \ - --jcllib "${jcllib}" \ - --keyring-owner "${keyring_owner}" \ - --keyring-name "${keyring_name}" \ - --alias "${keyring_label}" \ - --trust-cas "${cert_import_CAs}" \ - --import-ds-name "${keyring_import_dsName}" \ - --import-ds-password "${keyring_import_password}" \ - --security-product "${security_product}" \ - "${keyring_trust_zosmf}" \ - --zosmf-ca "${zosmf_ca}" \ - --zosmf-user "${zosmf_user}" - # FIXME: currently ZWEKRING jcl will import the cert and chain, CA will also be added to CERTAUTH, but the CA will not be connected to keyring. - # the CA imported could have label like LABEL00000001. - - yaml_keyring_label="${keyring_label}" - ;; - esac + keyring_run_zwekring_jcl "${prefix}" \ + "${jcllib}" \ + "${keyring_option}" \ + "${cert_domains}" \ + "${cert_import_CAs}" \ + "${keyring_trust_zosmf}" \ + "${zosmf_ca}" \ + "${cert_validity}" \ + "${security_product}" + + if [ $? -ne 0 ]; then + job_has_failures=true + if [ "${ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES}" = "true" ]; then + print_error "Error ZWEL0174E: Failed to generate certificate in Zowe keyring \"${ZWE_CLI_PARAMETER_KEYRING_OWNER}/${ZWE_CLI_PARAMETER_KEYRING_NAME}\"." + else + print_error_and_exit "Error ZWEL0174E: Failed to generate certificate in Zowe keyring \"${ZWE_CLI_PARAMETER_KEYRING_OWNER}/${ZWE_CLI_PARAMETER_KEYRING_NAME}\"." "" 174 + fi + fi - if [ -n "${cert_import_CAs}" ]; then - # append imported CAs to list - while read -r item; do - item=$(echo "${item}" | trim) - if [ -n "${item}" ]; then - if [ -n "${yaml_pem_cas}" ]; then - yaml_pem_cas="${yaml_pem_cas},safkeyring:////${keyring_owner}/${keyring_name}&${item}" - else - yaml_pem_cas="safkeyring:////${keyring_owner}/${keyring_name}&${item}" - fi - fi - done < Date: Mon, 12 Feb 2024 15:27:18 -0500 Subject: [PATCH 099/258] Fix bug in keyring generation where commonname fields were not substituted Signed-off-by: 1000TurquoisePogs --- example-zowe.yaml | 8 ++++---- files/SZWESAMP/ZWEIKRA1 | 4 ++-- files/SZWESAMP/ZWEIKRR1 | 4 ++-- files/SZWESAMP/ZWEIKRT1 | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/example-zowe.yaml b/example-zowe.yaml index ef96de9672..3d8dd63cdc 100644 --- a/example-zowe.yaml +++ b/example-zowe.yaml @@ -125,8 +125,8 @@ zowe: caPassword: local_ca_password # Distinguished name for Zowe generated certificates. All optional. dname: - caCommonName: "" - commonName: "Zowe Development Instances" + caCommonName: "Zowe Development Instances CA" + commonName: "Zowe Development Instances Certificate" orgUnit: "API Mediation Layer" org: "Zowe Sample" locality: "Prague" @@ -197,8 +197,8 @@ zowe: # user: "IZUSVR" # # Distinguished name for Zowe generated certificates. All optional. # dname: - # caCommonName: "" - # commonName: "Zowe Development Instances" + # caCommonName: "Zowe Development Instances CA" + # commonName: "Zowe Development Instances Certificate" # orgUnit: "API Mediation Layer" # org: "Zowe Sample" # locality: "Prague" diff --git a/files/SZWESAMP/ZWEIKRA1 b/files/SZWESAMP/ZWEIKRA1 index 8672305306..b0b2d22a44 100644 --- a/files/SZWESAMP/ZWEIKRA1 +++ b/files/SZWESAMP/ZWEIKRA1 @@ -112,7 +112,7 @@ ACF SET PROFILE(USER) DIVISION(CERTDATA) GENCERT CERTAUTH.ZOWECA - LABEL({zowe.setup.certificate.keyring.caLabel}) SIZE(2048) - - SUBJSDN(CN='{zowe.setup.certificate.dname}. CA' - + SUBJSDN(CN='{zowe.setup.certificate.dname.caCommonName}' - OU='{zowe.setup.certificate.dname.orgUnit}.' - O='{zowe.setup.certificate.dname.org}.' - L='{zowe.setup.certificate.dname.locality}.' - @@ -131,7 +131,7 @@ ACF * Create a certificate signed by local zowe's CA .................. */ SET PROFILE(USER) DIV(CERTDATA) GENCERT {zowe.setup.security.users.zowe}.ZOWECERT - - SUBJSDN(CN='{zowe.setup.certificate.dname}. certificate' - + SUBJSDN(CN='{zowe.setup.certificate.dname.commonName}' - OU='{zowe.setup.certificate.dname.orgUnit}.' - O='{zowe.setup.certificate.dname.org}.' - L='{zowe.setup.certificate.dname.locality}.' - diff --git a/files/SZWESAMP/ZWEIKRR1 b/files/SZWESAMP/ZWEIKRR1 index ec7c0be3ef..a7cf76b81b 100644 --- a/files/SZWESAMP/ZWEIKRR1 +++ b/files/SZWESAMP/ZWEIKRR1 @@ -108,7 +108,7 @@ $$ /* Create Zowe's local CA authority .................................*/ RACDCERT GENCERT CERTAUTH + SUBJECTSDN( + - CN('{zowe.setup.certificate.dname}. CA') + + CN('{zowe.setup.certificate.dname.caCommonName}') + OU('{zowe.setup.certificate.dname.orgUnit}') + O('{zowe.setup.certificate.dname.org}') + L('{zowe.setup.certificate.dname.locality}') + @@ -128,7 +128,7 @@ $$ /* Create a certificate signed by local zowe's CA .................. */ RACDCERT GENCERT ID({zowe.setup.security.users.zowe}) + SUBJECTSDN( + - CN('{zowe.setup.certificate.dname}. certificate') + + CN('{zowe.setup.certificate.dname.commonName}') + OU('{zowe.setup.certificate.dname.orgUnit}') + O('{zowe.setup.certificate.dname.org}') + L('{zowe.setup.certificate.dname.locality}') + diff --git a/files/SZWESAMP/ZWEIKRT1 b/files/SZWESAMP/ZWEIKRT1 index 06cedec321..5587d405aa 100644 --- a/files/SZWESAMP/ZWEIKRT1 +++ b/files/SZWESAMP/ZWEIKRT1 @@ -107,7 +107,7 @@ $$ TSS GENCERT(CERTAUTH) + DIGICERT(ZOWECA) + SUBJECTN( + - 'CN="{zowe.setup.certificate.dname}. CA" + + 'CN="{zowe.setup.certificate.dname.caCommonName}" + OU="{zowe.setup.certificate.dname.orgUnit}." + O="{zowe.setup.certificate.dname.org}." + L="{zowe.setup.certificate.dname.locality}." + @@ -127,7 +127,7 @@ $$ TSS GENCERT({zowe.setup.security.users.zowe}) + DIGICERT(ZOWECERT) + SUBJECTN( + - 'CN="{zowe.setup.certificate.dname}. certificate" + + 'CN="{zowe.setup.certificate.dname.commonName}" + OU="{zowe.setup.certificate.dname.orgUnit}." + O="{zowe.setup.certificate.dname.org}." + L="{zowe.setup.certificate.dname.locality}." + From 96b52de4d946353d7046ce02e2c0dcd0306d7d1d Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Tue, 13 Feb 2024 09:44:51 +0100 Subject: [PATCH 100/258] Added EXEC statement Signed-off-by: Martin Zeithaml --- files/SZWESAMP/ZWEIAPF | 2 ++ 1 file changed, 2 insertions(+) diff --git a/files/SZWESAMP/ZWEIAPF b/files/SZWESAMP/ZWEIAPF index ba329bb8af..a0ff01325c 100644 --- a/files/SZWESAMP/ZWEIAPF +++ b/files/SZWESAMP/ZWEIAPF @@ -17,6 +17,8 @@ //* //********************************************************************* //* +//EXEC14 EXEC PGM=IEFBR14 +//* //* This dataset holds the APF portion of Zowe // SET LOADLIB='{zowe.setup.dataset.authLoadlib}' //* From 72a49c1e58cf3a5344b4974160653d1687a5ea1a Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Tue, 13 Feb 2024 13:14:09 +0100 Subject: [PATCH 101/258] RACF specific JCL Signed-off-by: Martin Zeithaml --- files/SZWESAMP/ZWEIKRR2 | 2 +- files/SZWESAMP/ZWEIKRR3 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/files/SZWESAMP/ZWEIKRR2 b/files/SZWESAMP/ZWEIKRR2 index a6298b11be..0702d15130 100644 --- a/files/SZWESAMP/ZWEIKRR2 +++ b/files/SZWESAMP/ZWEIKRR2 @@ -89,7 +89,7 @@ //* //RUNRACF EXEC PGM=IKJEFT01,REGION=0M //SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME={zowe.setup.security.product} +//SYSTSIN DD DDNAME=RACF //* //********************************************************************* //* diff --git a/files/SZWESAMP/ZWEIKRR3 b/files/SZWESAMP/ZWEIKRR3 index 3fd354d4bb..8aa7983a29 100644 --- a/files/SZWESAMP/ZWEIKRR3 +++ b/files/SZWESAMP/ZWEIKRR3 @@ -94,7 +94,7 @@ //* //RUNRACF EXEC PGM=IKJEFT01,REGION=0M //SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME={zowe.setup.security.product} +//SYSTSIN DD DDNAME=RACF //RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY /* Create the keyring .............................................. */ From b66ed56396243a833d60cac259655820b634feb7 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 13 Feb 2024 13:48:04 -0500 Subject: [PATCH 102/258] Remove extra periods '.' in various JCL. Add quotes around runtime directory pathname in JCL. Add 'remove' JCL that is needed when using commands with --allow-overwrite Signed-off-by: 1000TurquoisePogs --- bin/commands/init/mvs/index.ts | 4 +++ bin/commands/init/stc/index.ts | 3 +++ bin/commands/init/vsam/index.ts | 2 +- files/SZWESAMP/ZWECSRVS | 30 +++++++++++++++++++++ files/SZWESAMP/ZWEIACF2 | 32 +++++++++++------------ files/SZWESAMP/ZWEIKRA1 | 14 +++++----- files/SZWESAMP/ZWEIKRT1 | 22 ++++++++-------- files/SZWESAMP/ZWEIKRT3 | 2 +- files/SZWESAMP/ZWEIMVS2 | 4 +-- files/SZWESAMP/ZWEIRACF | 46 ++++++++++++++++----------------- files/SZWESAMP/ZWEISTC | 6 +++++ files/SZWESAMP/ZWEITSS | 6 ++--- files/SZWESAMP/ZWENOKRR | 2 +- files/SZWESAMP/ZWERMVS | 29 +++++++++++++++++++++ files/SZWESAMP/ZWERMVS2 | 27 +++++++++++++++++++ files/SZWESAMP/ZWERSTC | 34 ++++++++++++++++++++++++ 16 files changed, 198 insertions(+), 65 deletions(-) create mode 100644 files/SZWESAMP/ZWECSRVS create mode 100644 files/SZWESAMP/ZWERMVS create mode 100644 files/SZWESAMP/ZWERMVS2 create mode 100644 files/SZWESAMP/ZWERSTC diff --git a/bin/commands/init/mvs/index.ts b/bin/commands/init/mvs/index.ts index 06655bbb75..c48c7c8b70 100644 --- a/bin/commands/init/mvs/index.ts +++ b/bin/commands/init/mvs/index.ts @@ -59,6 +59,10 @@ export function execute(allowOverwrite?: boolean) { if (datasetExists) { if (allowOverwrite) { common.printMessage(`Warning ZWEL0300W: ${ds} already exists. Members in this data set will be overwritten.`); + zosJes.printAndHandleJcl(`//'${jcllib}(ZWERMVS)'`, `ZWERMVS`, jcllib, prefix); + if (runALoadlibCreate === true) { + zosJes.printAndHandleJcl(`//'${jcllib}(ZWERMVS2)'`, `ZWERMVS2`, jcllib, prefix); + } } else { skippedDatasets = true; common.printMessage(`Warning ZWEL0301W: ${ds} already exists and will not be overwritten. For upgrades, you must use --allow-overwrite.`); diff --git a/bin/commands/init/stc/index.ts b/bin/commands/init/stc/index.ts index 7b1fa212d5..663c6955d8 100644 --- a/bin/commands/init/stc/index.ts +++ b/bin/commands/init/stc/index.ts @@ -86,6 +86,9 @@ export function execute(allowOverwrite: boolean = false) { } else { // Fix JCL if needed - cannot copy member with same name via (foo,foo,R) // must instead be (foo,,R), so do string replace if see dual name. + if (stcExistence == true) { + zosJes.printAndHandleJcl(`//'${jcllib}(ZWERSTC)'`, `ZWERSTC`, jcllib, prefix); + } const tmpfile = fs.createTmpFile(`zwe ${COMMAND_LIST}`.replace(new RegExp('\ ', 'g'), '-')); common.printDebug(`- Copy ${jcllib}(ZWEISTC) to ${tmpfile}`); diff --git a/bin/commands/init/vsam/index.ts b/bin/commands/init/vsam/index.ts index 8462cde0b5..db417394d8 100644 --- a/bin/commands/init/vsam/index.ts +++ b/bin/commands/init/vsam/index.ts @@ -54,7 +54,7 @@ export function execute(allowOverwrite?: boolean, dryRun?: boolean, updateConfig const vsamExistence = zosDataset.isDatasetExists(name); if (vsamExistence && allowOverwrite) { - zosDataset.deleteDataset(name); + zosJes.printAndHandleJcl(`//'${jcllib}(ZWECSRVS)'`, `ZWECSRVS`, jcllib, prefix); } else if (vsamExistence) { return common.printErrorAndExit(`Error ZWEL0158E: ${name} already exists.`, undefined, 158); } diff --git a/files/SZWESAMP/ZWECSRVS b/files/SZWESAMP/ZWECSRVS new file mode 100644 index 0000000000..024786bf13 --- /dev/null +++ b/files/SZWESAMP/ZWECSRVS @@ -0,0 +1,30 @@ +//ZWECSRVS JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* This JCL removes the VSAM data set for the Caching Service. +//* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//******************************************************************** +//RMVSAM EXEC PGM=IKJEFT01 +//SYSTSPRT DD SYSOUT=A +//SYSTSIN DD * +DELETE '{zowe.setup.vsam.name}' + + CLUSTER +//* diff --git a/files/SZWESAMP/ZWEIACF2 b/files/SZWESAMP/ZWEIACF2 index 7e93a5bf19..2b7b58b4fc 100644 --- a/files/SZWESAMP/ZWEIACF2 +++ b/files/SZWESAMP/ZWEIACF2 @@ -76,13 +76,13 @@ ACF * replace AUTOGID with GID(&ADMINGID.) if AUTOGID is not enabled * SET PROFILE(GROUP) DIV(OMVS) -INSERT {zowe.setup.security.groups.admin}. AUTOGID +INSERT {zowe.setup.security.groups.admin} AUTOGID F ACF2,REBUILD(GRP),CLASS(P) * * uncomment and customize to add an existing userid as administrator * * SET X(ROL) -* INSERT {zowe.setup.security.groups.admin}. INCLUDE(userid) ROLE +* INSERT {zowe.setup.security.groups.admin} INCLUDE(userid) ROLE * F ACF2,NEWXREF,TYPE(ROL) * * DEFINE STARTED TASK ............................................. @@ -93,7 +93,7 @@ F ACF2,REBUILD(GRP),CLASS(P) * replace AUTOGID with GID(&STCGID.) if AUTOGID is not enabled * SET PROFILE(GROUP) DIV(OMVS) -INSERT {zowe.setup.security.groups.stc}. AUTOGID +INSERT {zowe.setup.security.groups.stc} AUTOGID F ACF2,REBUILD(GRP),CLASS(P) * ***** @@ -102,10 +102,10 @@ F ACF2,REBUILD(GRP),CLASS(P) * replace AUTOUID with UID(&ZOWEUID.) if AUTOUID is not enabled * SET LID -INSERT {zowe.setup.security.users.zowe}. + +INSERT {zowe.setup.security.users.zowe} + STC GROUP({zowe.setup.security.groups.stc}) SET PROFILE(USER) DIV(OMVS) -INSERT {zowe.setup.security.users.zowe}. + +INSERT {zowe.setup.security.users.zowe} + AUTOUID HOME(/tmp) OMVSPGM(/bin/sh) F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) * @@ -113,10 +113,10 @@ F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) * replace AUTOUID with UID(&ZISUID.) if AUTOUID is not enabled * SET LID -INSERT {zowe.setup.security.users.zis}. + +INSERT {zowe.setup.security.users.zis} + STC GROUP({zowe.setup.security.groups.stc}) SET PROFILE(USER) DIV(OMVS) -INSERT {zowe.setup.security.users.zis}. + +INSERT {zowe.setup.security.users.zis} + AUTOUID HOME(/tmp) OMVSPGM(/bin/sh) F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) * @@ -125,7 +125,7 @@ F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) * started task for ZOWE main server * SET CONTROL(GSO) -INSERT STC.{zowe.setup.security.stcs.zowe}. + +INSERT STC.{zowe.setup.security.stcs.zowe} + LOGONID({zowe.setup.security.users.zowe}) + GROUP({zowe.setup.security.groups.stc}) + STCID({zowe.setup.security.stcs.zowe}) @@ -134,7 +134,7 @@ F ACF2,REFRESH(STC) * started task for ZIS cross memory server * SET CONTROL(GSO) -INSERT STC.{zowe.setup.security.stcs.zis}. + +INSERT STC.{zowe.setup.security.stcs.zis} + LOGONID({zowe.setup.security.users.zis}) + GROUP({zowe.setup.security.groups.stc}) + STCID({zowe.setup.security.stcs.zis}) @@ -143,7 +143,7 @@ F ACF2,REFRESH(STC) * started task for ZIS Auxiliary cross memory server * SET CONTROL(GSO) -INSERT STC.{zowe.setup.security.stcs.aux}. + +INSERT STC.{zowe.setup.security.stcs.aux} + LOGONID({zowe.setup.security.users.zis}) + GROUP({zowe.setup.security.groups.stc}) + STCID({zowe.setup.security.stcs.aux}) @@ -155,10 +155,10 @@ F ACF2,REFRESH(STC) * ZOWEUSER to it * SET X(ROL) -INSERT {zowe.setup.security.groups.stc}. + +INSERT {zowe.setup.security.groups.stc} + INCLUDE({zowe.setup.security.users.zowe}) ROLE F ACF2,NEWXREF,TYPE(ROL) -CHANGE {zowe.setup.security.groups.stc}. + +CHANGE {zowe.setup.security.groups.stc} + INCLUDE({zowe.setup.security.users.zis}) ADD F ACF2,NEWXREF,TYPE(ROL) * @@ -226,14 +226,14 @@ F ACF2,REBUILD(FAC) * HLQ stub SET RULE * general data set protection -LIST {zowe.setup.dataset.prefix}. -RECKEY {zowe.setup.dataset.prefix}. ADD(- UID(-) READ(A) EXEC(P)) -RECKEY {zowe.setup.dataset.prefix}. + +LIST {zowe.setup.dataset.prefix} +RECKEY {zowe.setup.dataset.prefix} ADD(- UID(-) READ(A) EXEC(P)) +RECKEY {zowe.setup.dataset.prefix} + ADD(- UID({zowe.setup.security.groups.sysProg}) + READ(A) EXEC(A) ALLOC(A) WRITE(A)) * * show results -LIST {zowe.setup.dataset.prefix}. +LIST {zowe.setup.dataset.prefix} * * diff --git a/files/SZWESAMP/ZWEIKRA1 b/files/SZWESAMP/ZWEIKRA1 index b0b2d22a44..fef0764e5b 100644 --- a/files/SZWESAMP/ZWEIKRA1 +++ b/files/SZWESAMP/ZWEIKRA1 @@ -113,10 +113,10 @@ ACF GENCERT CERTAUTH.ZOWECA - LABEL({zowe.setup.certificate.keyring.caLabel}) SIZE(2048) - SUBJSDN(CN='{zowe.setup.certificate.dname.caCommonName}' - - OU='{zowe.setup.certificate.dname.orgUnit}.' - - O='{zowe.setup.certificate.dname.org}.' - - L='{zowe.setup.certificate.dname.locality}.' - - SP='{zowe.setup.certificate.dname.state}.' - + OU='{zowe.setup.certificate.dname.orgUnit}' - + O='{zowe.setup.certificate.dname.org}' - + L='{zowe.setup.certificate.dname.locality}' - + SP='{zowe.setup.certificate.dname.state}' - C='{zowe.setup.certificate.dname.country}') - EXPIRE(05/01/30) - KEYUSAGE(CERTSIGN) @@ -133,9 +133,9 @@ ACF GENCERT {zowe.setup.security.users.zowe}.ZOWECERT - SUBJSDN(CN='{zowe.setup.certificate.dname.commonName}' - OU='{zowe.setup.certificate.dname.orgUnit}.' - - O='{zowe.setup.certificate.dname.org}.' - - L='{zowe.setup.certificate.dname.locality}.' - - SP='{zowe.setup.certificate.dname.state}.' - + O='{zowe.setup.certificate.dname.org}' - + L='{zowe.setup.certificate.dname.locality}' - + SP='{zowe.setup.certificate.dname.state}' - C='{zowe.setup.certificate.dname.country}') - SIZE(2048) - EXPIRE(05/01/30) - diff --git a/files/SZWESAMP/ZWEIKRT1 b/files/SZWESAMP/ZWEIKRT1 index 5587d405aa..33fa8d88f3 100644 --- a/files/SZWESAMP/ZWEIKRT1 +++ b/files/SZWESAMP/ZWEIKRT1 @@ -108,11 +108,11 @@ $$ DIGICERT(ZOWECA) + SUBJECTN( + 'CN="{zowe.setup.certificate.dname.caCommonName}" + - OU="{zowe.setup.certificate.dname.orgUnit}." + - O="{zowe.setup.certificate.dname.org}." + - L="{zowe.setup.certificate.dname.locality}." + - SP="{zowe.setup.certificate.dname.state}." + - C="{zowe.setup.certificate.dname.country}." ') + + OU="{zowe.setup.certificate.dname.orgUnit}" + + O="{zowe.setup.certificate.dname.org}" + + L="{zowe.setup.certificate.dname.locality}" + + SP="{zowe.setup.certificate.dname.state}" + + C="{zowe.setup.certificate.dname.country}" ') + KEYSIZE(2048) + NADATE(05/01/30) + LABLCERT({zowe.setup.certificate.keyring.caLabel}) + @@ -128,11 +128,11 @@ $$ DIGICERT(ZOWECERT) + SUBJECTN( + 'CN="{zowe.setup.certificate.dname.commonName}" + - OU="{zowe.setup.certificate.dname.orgUnit}." + - O="{zowe.setup.certificate.dname.org}." + - L="{zowe.setup.certificate.dname.locality}." + - SP="{zowe.setup.certificate.dname.state}." + - C="{zowe.setup.certificate.dname.country}." ') + + OU="{zowe.setup.certificate.dname.orgUnit}" + + O="{zowe.setup.certificate.dname.org}" + + L="{zowe.setup.certificate.dname.locality}" + + SP="{zowe.setup.certificate.dname.state}" + + C="{zowe.setup.certificate.dname.country}" ') + KEYSIZE(2048) + NADATE(05/01/30) + LABLCERT({zowe.setup.certificate.keyring.label}) + @@ -142,7 +142,7 @@ $$ /* Connect a Zowe's certificate with the keyring ................... */ TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + - RINGDATA({zowe.setup.security.users.zowe}.,ZOWECERT) + + RINGDATA({zowe.setup.security.users.zowe},ZOWECERT) + USAGE(PERSONAL) DEFAULT /* Option 1 - Default Option - END ................................. */ diff --git a/files/SZWESAMP/ZWEIKRT3 b/files/SZWESAMP/ZWEIKRT3 index 25b63b27e4..1ef90d17a4 100644 --- a/files/SZWESAMP/ZWEIKRT3 +++ b/files/SZWESAMP/ZWEIKRT3 @@ -116,7 +116,7 @@ $$ /* Connect a Zowe's certificate with the keyring ................... */ TSS ADD({zowe.setup.security.users.zowe}) KEYRING(ZOWERING) + - RINGDATA({zowe.setup.security.users.zowe}.,ZOWECERT) + + RINGDATA({zowe.setup.security.users.zowe},ZOWECERT) + USAGE(PERSONAL) DEFAULT /* Option 3 - END .................................................. */ diff --git a/files/SZWESAMP/ZWEIMVS2 b/files/SZWESAMP/ZWEIMVS2 index 3fb3874470..bed84772d0 100644 --- a/files/SZWESAMP/ZWEIMVS2 +++ b/files/SZWESAMP/ZWEIMVS2 @@ -16,7 +16,7 @@ //* 'zowe.setup.dataset.authLoadlib' is equal to //* 'zowe.setup.prefix' + 'SZWELOAD'. //* -//* When running this job, you should also run ZwEIMVS +//* When running this job, you should also run ZWEIMVS //* //********************************************************************* //MKPDSE EXEC PGM=IKJEFT01 @@ -31,7 +31,7 @@ blksize(32760) unit(sysallda) space(30,15) tracks //STDOUT DD SYSOUT=* //STDERR DD SYSOUT=* //STDPARM DD * -SH cd {zowe.runtimeDirectory} && +SH cd "{zowe.runtimeDirectory}" && cd components/zss && cp LOADLIB/ZWESIS01 "//'{zowe.setup.dataset.authLoadlib}(ZWESIS01)'" && diff --git a/files/SZWESAMP/ZWEIRACF b/files/SZWESAMP/ZWEIRACF index 1185882d5a..007a7a85e3 100644 --- a/files/SZWESAMP/ZWEIRACF +++ b/files/SZWESAMP/ZWEIRACF @@ -92,8 +92,8 @@ /* group for administrators */ /* replace AUTOGID with GID(&ADMINGID.) if AUTOGID not enabled */ - LISTGRP {zowe.setup.security.groups.admin}. OMVS - ADDGROUP {zowe.setup.security.groups.admin}. OMVS(AUTOGID) - + LISTGRP {zowe.setup.security.groups.admin} OMVS + ADDGROUP {zowe.setup.security.groups.admin} OMVS(AUTOGID) - DATA('ZOWE ADMINISTRATORS') /* uncomment to add existing user IDs to the ADMINGRP group */ @@ -110,16 +110,16 @@ /* warning messages otherwise */ /* group for started tasks */ /* replace AUTOGID with GID(&STCGID.) if AUTOGID not enabled */ - LISTGRP {zowe.setup.security.groups.stc}. OMVS - ADDGROUP {zowe.setup.security.groups.stc}. OMVS(AUTOGID) - + LISTGRP {zowe.setup.security.groups.stc} OMVS + ADDGROUP {zowe.setup.security.groups.stc} OMVS(AUTOGID) - DATA('STARTED TASK GROUP WITH OMVS SEGMENT') /* */ /* userid for ZOWE main server */ /* replace AUTOUID with UID(&ZOWEUID.) if AUTOUID not enabled */ - LISTUSER {zowe.setup.security.users.zowe}. OMVS - ADDUSER {zowe.setup.security.users.zowe}. - + LISTUSER {zowe.setup.security.users.zowe} OMVS + ADDUSER {zowe.setup.security.users.zowe} - NOPASSWORD - DFLTGRP({zowe.setup.security.groups.stc}) - OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) - @@ -128,8 +128,8 @@ /* userid for ZIS cross memory server */ /* replace AUTOUID with UID(&ZISUID.) if AUTOUID not enabled */ - LISTUSER {zowe.setup.security.users.zis}. OMVS - ADDUSER {zowe.setup.security.users.zis}. - + LISTUSER {zowe.setup.security.users.zis} OMVS + ADDUSER {zowe.setup.security.users.zis} - NOPASSWORD - DFLTGRP({zowe.setup.security.groups.stc}) - OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) - @@ -139,22 +139,22 @@ /* */ /* started task for ZOWE main server */ - RLIST STARTED {zowe.setup.security.stcs.zowe}.* ALL STDATA - RDEFINE STARTED {zowe.setup.security.stcs.zowe}.* - + RLIST STARTED {zowe.setup.security.stcs.zowe}* ALL STDATA + RDEFINE STARTED {zowe.setup.security.stcs.zowe}* - STDATA(USER({zowe.setup.security.users.zowe}) - GROUP({zowe.setup.security.groups.stc}) - TRUSTED(NO)) DATA('ZOWE MAIN SERVER') /* started task for ZIS cross memory server */ - RLIST STARTED {zowe.setup.security.stcs.zis}.* ALL STDATA - RDEFINE STARTED {zowe.setup.security.stcs.zis}.* - + RLIST STARTED {zowe.setup.security.stcs.zis}* ALL STDATA + RDEFINE STARTED {zowe.setup.security.stcs.zis}* - STDATA(USER({zowe.setup.security.users.zis}) - GROUP({zowe.setup.security.groups.stc}) - TRUSTED(NO)) DATA('ZOWE ZIS CROSS MEMORY SERVER') /* started task for ZIS Auxiliary cross memory server */ - RLIST STARTED {zowe.setup.security.stcs.aux}.* ALL STDATA - RDEFINE STARTED {zowe.setup.security.stcs.aux}.* - + RLIST STARTED {zowe.setup.security.stcs.aux}* ALL STDATA + RDEFINE STARTED {zowe.setup.security.stcs.aux}* - STDATA(USER({zowe.setup.security.users.zis}) - GROUP({zowe.setup.security.groups.stc}) - TRUSTED(NO)) DATA('ZOWE ZIS AUX CROSS MEMORY SERVER') @@ -162,12 +162,12 @@ SETROPTS RACLIST(STARTED) REFRESH /* show results .................................................... */ - LISTGRP {zowe.setup.security.groups.stc}. OMVS - LISTUSER {zowe.setup.security.users.zowe}. OMVS - LISTUSER {zowe.setup.security.users.zis}. OMVS - RLIST STARTED {zowe.setup.security.stcs.zowe}.* ALL STDATA - RLIST STARTED {zowe.setup.security.stcs.zis}.* ALL STDATA - RLIST STARTED {zowe.setup.security.stcs.aux}.* ALL STDATA + LISTGRP {zowe.setup.security.groups.stc} OMVS + LISTUSER {zowe.setup.security.users.zowe} OMVS + LISTUSER {zowe.setup.security.users.zis} OMVS + RLIST STARTED {zowe.setup.security.stcs.zowe}* ALL STDATA + RLIST STARTED {zowe.setup.security.stcs.zis}* ALL STDATA + RLIST STARTED {zowe.setup.security.stcs.aux}* ALL STDATA /* DEFINE ZIS SECURITY RESOURCES ................................... */ @@ -258,8 +258,8 @@ /* EGN is not active on your system. */ /* HLQ stub */ - LISTGRP {zowe.setup.dataset.prefix}. - ADDGROUP {zowe.setup.dataset.prefix}. DATA('Zowe - HLQ STUB') + LISTGRP {zowe.setup.dataset.prefix} + ADDGROUP {zowe.setup.dataset.prefix} DATA('Zowe - HLQ STUB') /* general data set protection */ LISTDSD PREFIX({zowe.setup.dataset.prefix}) ALL @@ -270,7 +270,7 @@ SETROPTS GENERIC(DATASET) REFRESH /* show results .................................................... */ - LISTGRP {zowe.setup.dataset.prefix}. + LISTGRP {zowe.setup.dataset.prefix} LISTDSD PREFIX({zowe.setup.dataset.prefix}) ALL /* DEFINE ZOWE RESOURCE PROTECTION ................................. */ diff --git a/files/SZWESAMP/ZWEISTC b/files/SZWESAMP/ZWEISTC index 152ef524a3..e708229a33 100644 --- a/files/SZWESAMP/ZWEISTC +++ b/files/SZWESAMP/ZWEISTC @@ -11,6 +11,12 @@ //* //********************************************************************* //* +//* This job is used to add proclib members +//* Used to start a Zowe "instance" +//* Instances represent a configuration of Zowe, different from the +//* "runtime" datasets that are created upon install of Zowe / SMPE. +//* +//********************************************************************* //* //MCOPY EXEC PGM=IEBCOPY //SYSPRINT DD SYSOUT=A diff --git a/files/SZWESAMP/ZWEITSS b/files/SZWESAMP/ZWEITSS index eb5f756cb9..d78d031495 100644 --- a/files/SZWESAMP/ZWEITSS +++ b/files/SZWESAMP/ZWEITSS @@ -203,13 +203,13 @@ TSS PERMIT({zowe.setup.security.users.zowe}) APPL(OMVSAPPL) /* advised to protect it against updates. */ /* HLQ stub */ - TSS ADD(&ADMINDEP.) DATASET({zowe.setup.dataset.prefix}.) + TSS ADD(&ADMINDEP.) DATASET({zowe.setup.dataset.prefix}) /* general data set protection */ TSS WHOHAS DATASET({zowe.setup.dataset.prefix}) - TSS PER(ALL) DATASET({zowe.setup.dataset.prefix}.) ACCESS(READ) + TSS PER(ALL) DATASET({zowe.setup.dataset.prefix}) ACCESS(READ) TSS PER({zowe.setup.security.groups.sysProg}) + - DATASET({zowe.setup.dataset.prefix}.) ACCESS(ALL) + DATASET({zowe.setup.dataset.prefix}) ACCESS(ALL) /* show results */ TSS WHOHAS DATASET({zowe.setup.dataset.prefix}) diff --git a/files/SZWESAMP/ZWENOKRR b/files/SZWESAMP/ZWENOKRR index adc0f95f5c..db07aa46d5 100644 --- a/files/SZWESAMP/ZWENOKRR +++ b/files/SZWESAMP/ZWENOKRR @@ -32,7 +32,7 @@ //* //******************************************************************* //* -//* * You do NOT need to set USERNAME when running ZWEGENER. +//* * You do NOT need to change USERNAME when running ZWEGENER. //* * This is used to keep some lines under the column limit. //* // SET USERNAME={zowe.setup.security.users.zowe} diff --git a/files/SZWESAMP/ZWERMVS b/files/SZWESAMP/ZWERMVS new file mode 100644 index 0000000000..fa4938cebc --- /dev/null +++ b/files/SZWESAMP/ZWERMVS @@ -0,0 +1,29 @@ +//ZWERMVS JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* This job is used to remove datasets used by a Zowe "instance" +//* Instances represent a configuration of Zowe, different from the +//* "runtime" datasets that are created upon install of Zowe / SMPE. +//* +//* If your choosen value of 'zowe.setup.dataset.authLoadlib' is not +//* Equal to 'zowe.setup.prefix' + 'SZWELOAD', +//* Then you must also run "ZWERMVS2". +//* +//********************************************************************* +//RMPDSE EXEC PGM=IKJEFT01 +//SYSTSPRT DD SYSOUT=A +//SYSTSIN DD * +DELETE ('{zowe.setup.dataset.parmlib}', + + '{zowe.setup.dataset.authPluginLib}') + + SCRATCH NONVSAM +//* diff --git a/files/SZWESAMP/ZWERMVS2 b/files/SZWESAMP/ZWERMVS2 new file mode 100644 index 0000000000..e42a8c178d --- /dev/null +++ b/files/SZWESAMP/ZWERMVS2 @@ -0,0 +1,27 @@ +//ZWERMVS2 JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* This job is used to remove the APF load library for an instance +//* Of Zowe. It is not needed if your choosen value of +//* 'zowe.setup.dataset.authLoadlib' is equal to +//* 'zowe.setup.prefix' + 'SZWELOAD'. +//* +//* When running this job, you should also run ZWERMVS +//* +//********************************************************************* +//RMPDSE EXEC PGM=IKJEFT01 +//SYSTSPRT DD SYSOUT=A +//SYSTSIN DD * +DELETE '{zowe.setup.dataset.authLoadLib}' + + SCRATCH NONVSAM +//* diff --git a/files/SZWESAMP/ZWERSTC b/files/SZWESAMP/ZWERSTC new file mode 100644 index 0000000000..2d5980d051 --- /dev/null +++ b/files/SZWESAMP/ZWERSTC @@ -0,0 +1,34 @@ +//ZWERSTC JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* This job is used to remove proclib members +//* Used to start a Zowe "instance" +//* Instances represent a configuration of Zowe, different from the +//* "runtime" datasets that are created upon install of Zowe / SMPE. +//* +//********************************************************************* +//* +//* * You do NOT need to change PROCLIB when running ZWEGENER. +//* * This is used to keep some lines under the column limit. +//* +// SET PROCLIB={zowe.setup.dataset.proclib} +//* +//********************************************************************* +//RMPROC EXEC PGM=IKJEFT01 +//SYSTSPRT DD SYSOUT=A +//SYSTSIN DD * +DELETE ('&PROCLIB.({zowe.setup.security.stcs.zowe})', + + '&PROCLIB.({zowe.setup.security.stcs.zis})', + + '&PROCLIB.({zowe.setup.security.stcs.aux})') + + SCRATCH NONVSAM +//* \ No newline at end of file From 6003c492d10f2a4e310814b473f3a010d17752d3 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 13 Feb 2024 14:24:19 -0500 Subject: [PATCH 103/258] Add in node and java DETECT code from init ts PR to avoid schema errors Signed-off-by: 1000TurquoisePogs --- bin/libs/java.sh | 4 +++- bin/libs/java.ts | 4 ++-- bin/libs/node.sh | 4 +++- bin/libs/node.ts | 4 ++-- example-zowe.yaml | 8 +++++--- 5 files changed, 15 insertions(+), 9 deletions(-) diff --git a/bin/libs/java.sh b/bin/libs/java.sh index 3bf49d3329..8a06b518c6 100644 --- a/bin/libs/java.sh +++ b/bin/libs/java.sh @@ -75,7 +75,9 @@ require_java() { if [ -n "${ZWE_CLI_PARAMETER_CONFIG}" ]; then custom_java_home="$(shell_read_yaml_java_home "${ZWE_CLI_PARAMETER_CONFIG}")" if [ -n "${custom_java_home}" ]; then - export JAVA_HOME="${custom_java_home}" + if [ "${custom_java_home}" != "DETECT" ]; then + export JAVA_HOME="${custom_java_home}" + fi fi fi if [ -z "${JAVA_HOME}" ]; then diff --git a/bin/libs/java.ts b/bin/libs/java.ts index a2a67e55ca..12290de6d0 100644 --- a/bin/libs/java.ts +++ b/bin/libs/java.ts @@ -61,7 +61,7 @@ export function requireJava() { } if (std.getenv('ZWE_CLI_PARAMETER_CONFIG')) { const customJavaHome = shellReadYamlJavaHome(); - if (customJavaHome) { + if (customJavaHome && customJavaHome != "DETECT") { std.setenv('JAVA_HOME', customJavaHome); } } @@ -72,7 +72,7 @@ export function requireJava() { } } if (!std.getenv('JAVA_HOME')) { - common.printErrorAndExit("Error ZWEL0122E: Cannot find java. Please define JAVA_HOME environment variable.", undefined, 122); + common.printErrorAndExit("Error ZWEL0122E: Cannot find java. Please define JAVA_HOME environment variable or set java.home in the YAML config file.", undefined, 122); } ensureJavaIsOnPath(); diff --git a/bin/libs/node.sh b/bin/libs/node.sh index 068fa7abc7..5330ea06a2 100644 --- a/bin/libs/node.sh +++ b/bin/libs/node.sh @@ -86,7 +86,9 @@ require_node() { if [ -n "${ZWE_CLI_PARAMETER_CONFIG}" ]; then custom_node_home=$(shell_read_yaml_node_home "${ZWE_CLI_PARAMETER_CONFIG}") if [ -n "${custom_node_home}" ]; then - export NODE_HOME="${custom_node_home}" + if [ "${custom_node_home}" != "DETECT" ]; then + export NODE_HOME="${custom_node_home}" + fi fi fi if [ -z "${NODE_HOME}" ]; then diff --git a/bin/libs/node.ts b/bin/libs/node.ts index b1e9c57884..d88fdc5c75 100644 --- a/bin/libs/node.ts +++ b/bin/libs/node.ts @@ -67,7 +67,7 @@ export function requireNode() { } if (std.getenv('ZWE_CLI_PARAMETER_CONFIG')) { const customNodeHome = shellReadYamlNodeHome(); - if (customNodeHome) { + if (customNodeHome && customNodeHome != "DETECT") { std.setenv('NODE_HOME', customNodeHome); } } @@ -78,7 +78,7 @@ export function requireNode() { } } if (!std.getenv('NODE_HOME')) { - common.printErrorAndExit("Error ZWEL0121E: Cannot find node. Please define NODE_HOME environment variable.", undefined, 121); + common.printErrorAndExit("Error ZWEL0121E: Cannot find node. Please define NODE_HOME environment variable or set node.home in the YAML config file.", undefined, 121); } ensureNodeIsOnPath(); diff --git a/example-zowe.yaml b/example-zowe.yaml index 3d8dd63cdc..fd690f364e 100644 --- a/example-zowe.yaml +++ b/example-zowe.yaml @@ -452,8 +452,9 @@ zowe: #------------------------------------------------------------------------------- java: # **COMMONLY_CUSTOMIZED** - # Path to your Java home directory - home: "" + # Path to your Java home directory. + # If "DETECT", will check for java in PATH + home: "DETECT" #------------------------------------------------------------------------------- @@ -468,7 +469,8 @@ java: node: # **COMMONLY_CUSTOMIZED** # Path to your node.js home directory - home: "" + # If "DETECT", will check for node in PATH + home: "DETECT" #------------------------------------------------------------------------------- From 2ef27eab5518d7ae55d66cca142ca015122bbb55 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 13 Feb 2024 15:49:29 -0500 Subject: [PATCH 104/258] Allow remover jcls to continue execution even if bad rc, because we dont check for full existence before full removal Signed-off-by: 1000TurquoisePogs --- bin/commands/init/mvs/index.ts | 20 +++++++++++++++----- bin/commands/init/stc/index.ts | 2 +- bin/commands/init/vsam/index.ts | 2 +- 3 files changed, 17 insertions(+), 7 deletions(-) diff --git a/bin/commands/init/mvs/index.ts b/bin/commands/init/mvs/index.ts index c48c7c8b70..d2f96840fa 100644 --- a/bin/commands/init/mvs/index.ts +++ b/bin/commands/init/mvs/index.ts @@ -36,7 +36,9 @@ export function execute(allowOverwrite?: boolean) { common.printMessage(`Create data sets if they do not exist`); let skippedDatasets: boolean = false; - + let needCleanup: boolean = false; + let needAuthCleanup: boolean = false; + for (let i = 0; i < datasets.length; i++) { let key = datasets[i]; // read def and validate @@ -58,11 +60,12 @@ export function execute(allowOverwrite?: boolean) { const datasetExists=zosdataset.isDatasetExists(ds); if (datasetExists) { if (allowOverwrite) { - common.printMessage(`Warning ZWEL0300W: ${ds} already exists. Members in this data set will be overwritten.`); - zosJes.printAndHandleJcl(`//'${jcllib}(ZWERMVS)'`, `ZWERMVS`, jcllib, prefix); - if (runALoadlibCreate === true) { - zosJes.printAndHandleJcl(`//'${jcllib}(ZWERMVS2)'`, `ZWERMVS2`, jcllib, prefix); + if (key != 'authLoadLib') { + needCleanup = true; + } else { + needAuthCleanup = true; } + common.printMessage(`Warning ZWEL0300W: ${ds} already exists. Members in this data set will be overwritten.`); } else { skippedDatasets = true; common.printMessage(`Warning ZWEL0301W: ${ds} already exists and will not be overwritten. For upgrades, you must use --allow-overwrite.`); @@ -74,6 +77,13 @@ export function execute(allowOverwrite?: boolean) { if (skippedDatasets && !allowOverwrite) { common.printMessage(`Skipped writing to a dataset. To write, you must use --allow-overwrite.`); } else { + if (allowOverwrite && needCleanup) { + zosJes.printAndHandleJcl(`//'${jcllib}(ZWERMVS)'`, `ZWERMVS`, jcllib, prefix, false, true); + } + if (allowOverwrite && runALoadlibCreate === true && needAuthCleanup) { + zosJes.printAndHandleJcl(`//'${jcllib}(ZWERMVS2)'`, `ZWERMVS2`, jcllib, prefix, false, true); + } + zosJes.printAndHandleJcl(`//'${jcllib}(ZWEIMVS)'`, `ZWEIMVS`, jcllib, prefix); if (runALoadlibCreate === true) { zosJes.printAndHandleJcl(`//'${jcllib}(ZWEIMVS2)'`, `ZWEIMVS2`, jcllib, prefix); diff --git a/bin/commands/init/stc/index.ts b/bin/commands/init/stc/index.ts index 663c6955d8..06cc47f0a8 100644 --- a/bin/commands/init/stc/index.ts +++ b/bin/commands/init/stc/index.ts @@ -87,7 +87,7 @@ export function execute(allowOverwrite: boolean = false) { // Fix JCL if needed - cannot copy member with same name via (foo,foo,R) // must instead be (foo,,R), so do string replace if see dual name. if (stcExistence == true) { - zosJes.printAndHandleJcl(`//'${jcllib}(ZWERSTC)'`, `ZWERSTC`, jcllib, prefix); + zosJes.printAndHandleJcl(`//'${jcllib}(ZWERSTC)'`, `ZWERSTC`, jcllib, prefix, false, true); } const tmpfile = fs.createTmpFile(`zwe ${COMMAND_LIST}`.replace(new RegExp('\ ', 'g'), '-')); diff --git a/bin/commands/init/vsam/index.ts b/bin/commands/init/vsam/index.ts index db417394d8..75c634025e 100644 --- a/bin/commands/init/vsam/index.ts +++ b/bin/commands/init/vsam/index.ts @@ -54,7 +54,7 @@ export function execute(allowOverwrite?: boolean, dryRun?: boolean, updateConfig const vsamExistence = zosDataset.isDatasetExists(name); if (vsamExistence && allowOverwrite) { - zosJes.printAndHandleJcl(`//'${jcllib}(ZWECSRVS)'`, `ZWECSRVS`, jcllib, prefix); + zosJes.printAndHandleJcl(`//'${jcllib}(ZWECSRVS)'`, `ZWECSRVS`, jcllib, prefix, false, true); } else if (vsamExistence) { return common.printErrorAndExit(`Error ZWEL0158E: ${name} already exists.`, undefined, 158); } From bfd8f6a43672e212da4c4d6cffd841beafabb6fd Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Tue, 20 Feb 2024 11:36:00 +0100 Subject: [PATCH 105/258] Valid DSN example Signed-off-by: Martin Zeithaml --- files/SZWESAMP/ZWEGENER | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/SZWESAMP/ZWEGENER b/files/SZWESAMP/ZWEGENER index ae147824e9..ff5f149a50 100644 --- a/files/SZWESAMP/ZWEGENER +++ b/files/SZWESAMP/ZWEGENER @@ -58,7 +58,7 @@ $$ //* Overridden by the higher entries. //* PARMLIB member must be named "ZWEYAML" //* -//* Ex. PARMLIB MY.ZOWE.CUSTOMIZATIONS +//* Ex. PARMLIB MY.ZOWE.CUSTOM.PARMLIB //* FILE /the/zowe/defaults.yaml //MYCONFIG DD *,DLM=$$ FILE From 7a72b635364d2e1a4b1ddbc528c81389a2ec2faa Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Wed, 21 Feb 2024 14:11:06 +0100 Subject: [PATCH 106/258] Schema validations: datasets Signed-off-by: Martin Zeithaml --- schemas/server-common.json | 22 ++++++++++++++++++---- schemas/zowe-yaml-schema.json | 22 +++++++++++----------- 2 files changed, 29 insertions(+), 15 deletions(-) diff --git a/schemas/server-common.json b/schemas/server-common.json index 4eaa81feb1..1a96a5d449 100644 --- a/schemas/server-common.json +++ b/schemas/server-common.json @@ -17,12 +17,26 @@ "pattern": "^(([\\^\\~\\>\\<]?)|(>=?)|(<=?))[0-9]*\\.[0-9]*\\.[0-9]*(-*[a-zA-Z][0-9a-zA-Z\\-\\.]*)?(\\+[0-9a-zA-Z\\-\\.]*)?$" }, "dataset": { - "$anchor": "zoweDataset", "type": "string", - "description": "A 44-char all caps dotted ZOS name", - "pattern": "^([A-Z\\$\\#\\@]){1}([A-Z0-9\\$\\#\\@\\-]){0,7}(\\.([A-Z\\$\\#\\@]){1}([A-Z0-9\\$\\#\\@\\-]){0,7}){0,11}$", "minLength": 3, - "maxLength": 44 + "pattern": "^([A-Z\\$\\#\\@]){1}([A-Z0-9\\$\\#\\@\\-]){0,7}(\\.([A-Z\\$\\#\\@]){1}([A-Z0-9\\$\\#\\@\\-]){0,7}){0,11}$", + "oneOf": [ + { + "$anchor": "zoweDataset", + "description": "A 44-char all caps dotted ZOS name", + "maxLength": 44 + }, + { + "$anchor": "zoweDatasetPrefix", + "description": "A 35-char all caps dotted ZOS name (space for '.SZWEnnnn')", + "maxLength": 35 + }, + { + "$anchor": "zoweDatasetVsam", + "description": "A 38-char all caps dotted ZOS name (space for '.INDEX')", + "maxLength": 38 + } + ] }, "datasetMember": { "$anchor": "zoweDatasetMember", diff --git a/schemas/zowe-yaml-schema.json b/schemas/zowe-yaml-schema.json index 01198bd6c8..dc73acbf99 100644 --- a/schemas/zowe-yaml-schema.json +++ b/schemas/zowe-yaml-schema.json @@ -21,15 +21,15 @@ "description": "MVS data set related configurations", "properties": { "prefix": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDatasetPrefix", "description": "Where Zowe MVS data sets will be installed" }, "proclib": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDataset", "description": "PROCLIB where Zowe STCs will be copied over" }, "parmlib": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDataset", "description": "Zowe PARMLIB" }, "parmlibMembers": { @@ -44,21 +44,21 @@ } }, "jcllib": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDataset", "description": "JCL library where Zowe will store temporary JCLs during initialization" }, "loadlib": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDataset", "description": "States the dataset where Zowe executable utilities are located", "default": ".SZWELOAD" }, "authLoadlib": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDataset", "description": "The dataset that contains any Zowe core code that needs to run APF-authorized, such as ZIS", "default": ".SZWEAUTH" }, "authPluginLib": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDataset", "description": "APF authorized LOADLIB for Zowe ZIS Plugins" } } @@ -142,17 +142,17 @@ "description": "STC names", "properties": { "zowe": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDatasetMember", "description": "STC name of main service", "default": "ZWESLSTC" }, "zis": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDatasetMember", "description": "STC name of ZIS", "default": "ZWESISTC" }, "aux": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDatasetMember", "description": "STC name of Auxiliary Service", "default": "ZWESASTC" } @@ -384,7 +384,7 @@ "description": "Storage class name if you are using VSAM in RLS mode" }, "name": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDatasetVsam", "description": "Data set name. Must match components.caching-service.storage.vsam.name" } } From cdd56eae7a7add30a2299f7f43b1493034cb510d Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 21 Feb 2024 09:13:58 -0500 Subject: [PATCH 107/258] Split zowe class creation out of the security jcls because its not needed on newer zos. fix vsam existence check with new function. Signed-off-by: 1000TurquoisePogs --- bin/commands/init/mvs/index.ts | 2 +- bin/commands/init/security/index.ts | 21 ++- bin/commands/init/vsam/index.ts | 2 +- bin/libs/zos-dataset.ts | 207 ++------------------------- build/zwe/types/@qjstypes/zos.d.ts | 2 + files/SZWEEXEC/ZWEGEN00 | 14 +- files/SZWESAMP/{ZWEIACF2 => ZWEIACF} | 17 +-- files/SZWESAMP/ZWEIACFZ | 60 ++++++++ files/SZWESAMP/{ZWEIRACF => ZWEIRAC} | 25 +--- files/SZWESAMP/ZWEIRACZ | 66 +++++++++ files/SZWESAMP/ZWEITSS | 10 +- files/SZWESAMP/ZWEITSSZ | 54 +++++++ manifest.json.template | 2 +- 13 files changed, 222 insertions(+), 260 deletions(-) rename files/SZWESAMP/{ZWEIACF2 => ZWEIACF} (94%) create mode 100644 files/SZWESAMP/ZWEIACFZ rename files/SZWESAMP/{ZWEIRACF => ZWEIRAC} (93%) create mode 100644 files/SZWESAMP/ZWEIRACZ create mode 100644 files/SZWESAMP/ZWEITSSZ diff --git a/bin/commands/init/mvs/index.ts b/bin/commands/init/mvs/index.ts index d2f96840fa..3fbe8dab16 100644 --- a/bin/commands/init/mvs/index.ts +++ b/bin/commands/init/mvs/index.ts @@ -80,7 +80,7 @@ export function execute(allowOverwrite?: boolean) { if (allowOverwrite && needCleanup) { zosJes.printAndHandleJcl(`//'${jcllib}(ZWERMVS)'`, `ZWERMVS`, jcllib, prefix, false, true); } - if (allowOverwrite && runALoadlibCreate === true && needAuthCleanup) { + if (allowOverwrite && needAuthCleanup) { zosJes.printAndHandleJcl(`//'${jcllib}(ZWERMVS2)'`, `ZWERMVS2`, jcllib, prefix, false, true); } diff --git a/bin/commands/init/security/index.ts b/bin/commands/init/security/index.ts index 92e673f49a..b8956fa495 100644 --- a/bin/commands/init/security/index.ts +++ b/bin/commands/init/security/index.ts @@ -9,6 +9,7 @@ Copyright Contributors to the Zowe Project. */ +import * as zos from 'zos'; import * as common from '../../../libs/common'; import * as config from '../../../libs/config'; import * as zoslib from '../../../libs/zos'; @@ -32,10 +33,14 @@ export function execute(dryRun?: boolean, ignoreSecurityFailures?: boolean) { return common.printErrorAndExit(`Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command.`, undefined, 999); } - let securityProduct = ZOWE_CONFIG.zowe.setup?.security?.product; - if (!securityProduct) { - common.printErrorAndExit(`Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file.`, undefined, 157); + let securityProduct = zos.getEsm(); + if (!securityProduct || securityProduct == 'NONE') { + securityProduct = ZOWE_CONFIG.zowe.setup?.security?.product; + if (!securityProduct) { + common.printErrorAndExit(`Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file.`, undefined, 157); + } } + ['admin', 'stc', 'sysProg'].forEach((key)=> { if (!ZOWE_CONFIG.zowe.setup?.security?.groups || !ZOWE_CONFIG.zowe.setup?.security?.groups[key]) { common.printErrorAndExit(`Error ZWEL0157E: (zowe.setup.dataset.groups.${key}) is not defined in Zowe YAML configuration file.`, undefined, 157); @@ -52,9 +57,15 @@ export function execute(dryRun?: boolean, ignoreSecurityFailures?: boolean) { } }); - zosJes.printAndHandleJcl(`//'${jcllib}(ZWEI${securityProduct})'`, `ZWEI${securityProduct}`, jcllib, prefix, false, ignoreSecurityFailures); + const securityPrefix = securityProduct.substring(0,3); + + if (zos.zosVersion() < 0x1020500) { + zosJes.printAndHandleJcl(`//'${jcllib}(ZWEI${securityPrefix}Z)'`, `ZWEI${securityPrefix}Z`, jcllib, prefix, false, ignoreSecurityFailures); + } + + zosJes.printAndHandleJcl(`//'${jcllib}(ZWEI${securityPrefix})'`, `ZWEI${securityPrefix}`, jcllib, prefix, false, ignoreSecurityFailures); common.printMessage(``); - common.printMessage(`WARNING: Due to the limitation of the ZWEI${securityProduct} job, exit with 0 does not mean`); + common.printMessage(`WARNING: Due to the limitation of the ZWEI${securityPrefix} job, exit with 0 does not mean`); common.printMessage(` the job is fully successful. Please check the job log to determine`); common.printMessage(` if there are any inline errors.`); common.printMessage(``); diff --git a/bin/commands/init/vsam/index.ts b/bin/commands/init/vsam/index.ts index 75c634025e..1f06abd541 100644 --- a/bin/commands/init/vsam/index.ts +++ b/bin/commands/init/vsam/index.ts @@ -52,7 +52,7 @@ export function execute(allowOverwrite?: boolean, dryRun?: boolean, updateConfig const name = ZOWE_CONFIG.zowe.setup.vsam.name; - const vsamExistence = zosDataset.isDatasetExists(name); + const vsamExistence = zosDataset.isVsamDatasetExists(name); if (vsamExistence && allowOverwrite) { zosJes.printAndHandleJcl(`//'${jcllib}(ZWECSRVS)'`, `ZWECSRVS`, jcllib, prefix, false, true); } else if (vsamExistence) { diff --git a/bin/libs/zos-dataset.ts b/bin/libs/zos-dataset.ts index 74d10aed9e..02d88c0c2c 100644 --- a/bin/libs/zos-dataset.ts +++ b/bin/libs/zos-dataset.ts @@ -17,6 +17,14 @@ import * as stringlib from './string'; import * as shell from './shell'; import * as zoslib from './zos'; +//TODO a bit of a hack. "cat" cant output a vsam, so it will always give errors. +// however, the errors it gives are different depending on if the vsam exists or not. +export function isVsamDatasetExists(datasetName: string): boolean { + const result = shell.execErrSync('sh', '-c', `cat "//'${datasetName}'" 1>/dev/null 2>&1`); + return !(result.err && result.err.includes('EDC5049I')); + // EDC5049I = file not found +} + export function isDatasetExists(datasetName: string): boolean { const result = shell.execSync('sh', '-c', `cat "//'${stringlib.escapeDollar(datasetName)}'" 1>/dev/null 2>&1`); return result.rc === 0; @@ -72,144 +80,6 @@ export function copyToDataset(filePath: string, dsName: string, cpOptions: strin return result.rc; } -export function datasetCopyToDataset(prefix: string, datasetFrom: string, datasetTo: string, allowOverwrite: boolean): number { - if (allowOverwrite != true) { - if (isDatasetExists(datasetTo)) { - common.printErrorAndExit(`Error ZWEL0133E: Data set ${datasetTo} already exists`, undefined, 133); - } - } - - const cmd = `exec '${stringlib.escapeDollar(prefix)}.${std.getenv('ZWE_PRIVATE_DS_SZWEEXEC')}(ZWEMCOPY)' '${stringlib.escapeDollar(datasetFrom)} ${stringlib.escapeDollar(datasetTo)}'`; - const result = zoslib.tsoCommand(cmd); - return result.rc; -} - -// List users of a data set -// -// @param dsn data set name to check -// @return 0: no users -// 1: there are some users -// @output output of operator command "d grs" -export function listDatasetUser(datasetName: string): number { - const cmd = `D GRS,RES=(*,'${stringlib.escapeDollar(datasetName)}')`; - const result=zoslib.operatorCommand(cmd); - return result.out.includes('NO REQUESTORS FOR RESOURCE') ? 0 : 1; - // example outputs: - // - // server 2021040 22:29:30.60 ISF031I CONSOLE MYCONS ACTIVATED - // server 2021040 22:29:30.60 -D GRS,RES=(*,IBMUSER.PARMLIB) - // server 2021040 22:29:30.60 ISG343I 22.29.30 GRS STATUS 336 - // S=SYSTEM SYSDSN IBMUSER.PARMLIB - // SYSNAME JOBNAME ASID TCBADDR EXC/SHR STATUS - // server ZWESISTC 0045 006FED90 SHARE OWN - // ISF754I Command 'SET CONSOLE MYCONS' generated from associated variable ISFCONS. - // ISF776I Processing started for action 1 of 1. - // ISF769I System command issued, command text: D GRS,RES=(*,IBMUSER.PARMLIB). - // ISF766I Request completed, status: COMMAND ISSUED. - // - // example output: - // - // server 2021040 22:31:07.32 ISF031I CONSOLE MYCONS ACTIVATED - // server 2021040 22:31:07.32 -D GRS,RES=(*,IBMUSER.LOADLIB) - // server 2021040 22:31:07.32 ISG343I 22.31.07 GRS STATUS 363 - // NO REQUESTORS FOR RESOURCE * IBMUSER.LOADLIB - // ISF754I Command 'SET CONSOLE MYCONS' generated from associated variable ISFCONS. - // ISF776I Processing started for action 1 of 1. - // ISF769I System command issued, command text: D GRS,RES=(*,IBMUSER.LOADLIB). - // ISF766I Request completed, status: COMMAND ISSUED. -} - -// Delete data set -// -// @param dsn data set (or with member) name to delete -// @return 0: exist -// 1: data set doesn't exist -// 2: data set member doesn't exist -// 3: data set is in use -// @output tso listds label output -export function deleteDataset(dataset: string): number { - const cmd=`delete '${stringlib.escapeDollar(dataset)}'`; - const result=zoslib.tsoCommand(cmd); - if (result.rc != 0) { - if (result.out.includes('NOT IN CATALOG')) { - return 1; - } else if (result.out.includes('NOT FOUND')) { - return 2; - } else if (result.out.includes('IN USE BY')) { - return 3; - } - // some other error we don't know yet - return 9; - } - return 0; -} - -export function isDatasetSmsManaged(dataset: string): { rc: number, smsManaged?: boolean } { - // REF: https://www.ibm.com/docs/en/zos/2.3.0?topic=dscbs-how-found - // bit DS1SMSDS at offset 78(X'4E') - // - // Example of listds response: - // - // listds 'IBMUSER.LOADLIB' label - // IBMUSER.LOADLIB - // --RECFM-LRECL-BLKSIZE-DSORG - // U ** 6144 PO - // --VOLUMES-- - // VPMVSH - // --FORMAT 1 DSCB-- - // F1 E5D7D4E5E2C8 0001 780034 000000 09 00 00 C9C2D4D6E2E5E2F24040404040 - // 78003708000000 0200 C0 00 1800 0000 00 0000 82 80000002 000000 0000 0000 - // 0100037D000A037E0004 01010018000C0018000D 0102006F000D006F000E 0000000217 - // --FORMAT 3 DSCB-- - // 03030303 0103009200090092000A 01040092000B0092000C 01050092000D0092000E - // 0106035B0006035B0007 F3 0107035B0008035B0009 0108035B000A035B000B - // 00000000000000000000 00000000000000000000 00000000000000000000 - // 00000000000000000000 00000000000000000000 00000000000000000000 - // 00000000000000000000 0000000000 - // - // SMS flag is in `FORMAT 1 DSCB` section second line, after 780037 - - common.printTrace(`- Check if ${dataset} is SMS managed`); - const labelResult = zoslib.tsoCommand(`listds '${stringlib.escapeDollar(dataset)}' label`); - const datasetLabel=labelResult.out; - if (labelResult.rc == 0) { - let formatIndex = datasetLabel.indexOf('--FORMAT 1 DSCB--'); - let dscb_fmt1: string; - if (formatIndex == -1) { - formatIndex = datasetLabel.indexOf('--FORMAT 8 DSCB--'); - } - if (formatIndex != -1) { - let startIndex = formatIndex + '--FORMAT 8 DSCB--'.length; - let endIndex = datasetLabel.indexOf('--',startIndex); - dscb_fmt1 = datasetLabel.substring(startIndex, endIndex); - } - if (!dscb_fmt1) { - common.printError(" * Failed to find format 1 data set control block information."); - return { rc: 2 }; - } else { - const lines = dscb_fmt1.split('\n'); - const line = lines.length > 1 ? lines[1] : ''; - const ds1smsfg = line.substring(6,8); - common.printTrace(` * DS1SMSFG: ${ds1smsfg}`); - if (!ds1smsfg) { - common.printError(" * Failed to find system managed storage indicators from format 1 data set control block."); - return { rc: 3 }; - } else { - const ds1smsds=parseInt(ds1smsfg, 16) & 0x80; - common.printTrace(` * DS1SMSDS: ${ds1smsds}`); - if (ds1smsds == 128) { - // sms managed - return { rc: 0, smsManaged: true }; - } else { - return { rc: 0, smsManaged: false }; - } - } - } - } else { - return { rc: 1 }; - } -} - export function getDatasetVolume(dataset: string): { rc: number, volume?: string } { common.printTrace(`- Find volume of data set ${dataset}`); const result = zoslib.tsoCommand(`listds '${stringlib.escapeDollar(dataset)}'`); @@ -230,64 +100,3 @@ export function getDatasetVolume(dataset: string): { rc: number, volume?: string return { rc: 1 } } } - -export function apfAuthorizeDataset(dataset: string): number { - const result = isDatasetSmsManaged(dataset); - if (result.rc) { - common.printError(`Error ZWEL0134E: Failed to find SMS status of data set ${dataset}.`); - return 134; - } - - let apfVolumeParam:string; - if (result.smsManaged) { - common.printDebug(`- ${dataset} is SMS managed`); - apfVolumeParam="SMS" - } else { - common.printDebug(`- ${dataset} is not SMS managed`); - const volumeResult = getDatasetVolume(dataset); - const dsVolume=volumeResult.volume; - if (volumeResult.rc == 0) { - common.printDebug(`- Volume of ${dataset} is ${dsVolume}`); - apfVolumeParam=`VOLUME=${dsVolume}`; - } else { - common.printError(`Error ZWEL0135E: Failed to find volume of data set ${dataset}.`); - return 135; - } - } - - const apfCmd=`SETPROG APF,ADD,DSNAME=${dataset},${apfVolumeParam}`; - if (std.getenv('ZWE_CLI_PARAMETER_SECURITY_DRY_RUN') == "true") { - common.printMessage("- Dry-run mode, security setup is NOT performed on the system."); - common.printMessage(" Please apply this operator command manually:"); - common.printMessage(''); - common.printMessage(` ${apfCmd}`); - common.printMessage(''); - } else { - const authResult = zoslib.operatorCommand(apfCmd); - const apfAuthSuccess=authResult.out && authResult.out.includes('ADDED TO APF LIST'); - if (result.rc == 0 && apfAuthSuccess) { - return 0; - } else { - common.printError(`Error ZWEL0136E: Failed to APF authorize data set ${dataset}.`); - return 136; - } - } - return 0; -} - -export function createDatasetTmpMember(dataset: string, prefix: string='ZW'): string | null { - common.printTrace(` > createDatasetTmpMember in ${dataset}`); - for (var i = 0; i < 100; i++) { - let rnd=Math.floor(Math.random()*10000); - - let member=`${prefix}${rnd}`.substring(0,8); - common.printTrace(` - test ${member}`); - let memberExist=isDatasetExists(`${dataset}(${member})`); - common.printTrace(` - exist? ${memberExist}`); - if (!memberExist) { - common.printTrace(" - good"); - return member; - } - } - return null; -} diff --git a/build/zwe/types/@qjstypes/zos.d.ts b/build/zwe/types/@qjstypes/zos.d.ts index 551948c5c2..a1fb69517a 100644 --- a/build/zwe/types/@qjstypes/zos.d.ts +++ b/build/zwe/types/@qjstypes/zos.d.ts @@ -26,6 +26,8 @@ export type ZStat = { ccsid: number; }; +export function getEsm(): string; +export function getZosVersion(): number; export function changeTag(path:string, ccsid:number):number; export function changeExtAttr(path: string, extattr:number, onOff:boolean):number; export function zstat(path:string):[ZStat, number]; diff --git a/files/SZWEEXEC/ZWEGEN00 b/files/SZWEEXEC/ZWEGEN00 index 6dbaa1ffa6..0a8873171b 100644 --- a/files/SZWEEXEC/ZWEGEN00 +++ b/files/SZWEEXEC/ZWEGEN00 @@ -183,8 +183,10 @@ if COMPARE('RCVT', CVTRAC_VAL) = 0 then do x = DeleteDataSet(jclCopy'(ZWEIKRT1)') x = DeleteDataSet(jclCopy'(ZWEIKRT2)') x = DeleteDataSet(jclCopy'(ZWEIKRT3)') - x = DeleteDataSet(jclCopy'(ZWEIACF2)') + x = DeleteDataSet(jclCopy'(ZWEIACF)') + x = DeleteDataSet(jclCopy'(ZWEIACFZ)') x = DeleteDataSet(jclCopy'(ZWEITSS)') + x = DeleteDataSet(jclCopy'(ZWEITSSZ)') x = DeleteDataSet(jclCopy'(ZWENOKRA)') x = DeleteDataSet(jclCopy'(ZWENOKRT)') end @@ -195,8 +197,10 @@ if COMPARE('RTSS', CVTRAC_VAL) = 0 then do x = DeleteDataSet(jclCopy'(ZWEIKRR1)') x = DeleteDataSet(jclCopy'(ZWEIKRR2)') x = DeleteDataSet(jclCopy'(ZWEIKRR3)') - x = DeleteDataSet(jclCopy'(ZWEIACF2)') - x = DeleteDataSet(jclCopy'(ZWEIRACF)') + x = DeleteDataSet(jclCopy'(ZWEIACF)') + x = DeleteDataSet(jclCopy'(ZWEIACFZ)') + x = DeleteDataSet(jclCopy'(ZWEIRAC)') + x = DeleteDataSet(jclCopy'(ZWEIRACZ)') x = DeleteDataSet(jclCopy'(ZWENOKRA)') x = DeleteDataSet(jclCopy'(ZWENOKRR)') end @@ -207,8 +211,10 @@ if COMPARE('ACF2', CVTRAC_VAL) = 0 then do x = DeleteDataSet(jclCopy'(ZWEIKRR1)') x = DeleteDataSet(jclCopy'(ZWEIKRR2)') x = DeleteDataSet(jclCopy'(ZWEIKRR3)') - x = DeleteDataSet(jclCopy'(ZWEIRACF)') + x = DeleteDataSet(jclCopy'(ZWEIRAC)') + x = DeleteDataSet(jclCopy'(ZWEIRACZ)') x = DeleteDataSet(jclCopy'(ZWEITSS)') + x = DeleteDataSet(jclCopy'(ZWEITSSZ)') x = DeleteDataSet(jclCopy'(ZWENOKRT)') x = DeleteDataSet(jclCopy'(ZWENOKRR)') end diff --git a/files/SZWESAMP/ZWEIACF2 b/files/SZWESAMP/ZWEIACF similarity index 94% rename from files/SZWESAMP/ZWEIACF2 rename to files/SZWESAMP/ZWEIACF index 2b7b58b4fc..62910ee95c 100644 --- a/files/SZWESAMP/ZWEIACF2 +++ b/files/SZWESAMP/ZWEIACF @@ -1,4 +1,4 @@ -//ZWEIACF2 JOB +//ZWEIACF JOB //* //* This program and the accompanying materials are made available //* under the terms of the Eclipse Public License v2.0 which @@ -11,7 +11,6 @@ //* //********************************************************************* //* -//* Zowe Open Source Project //* This JCL can be used to define security permits for Zowe //* //* @@ -239,20 +238,9 @@ LIST {zowe.setup.dataset.prefix} * * DEFINE ZOWE RESOURCE PROTECTION ................................. * -* - Defines new resource class for Zowe that protects access to -* sensitive Zowe resources. * - Defines resource APIML.SERVICES that controls access to * detailed information about API services to Zowe users. -* define ZOWE resource type and class mapping -* skip this section if the ZOWE resource class already exists -SET CONTROL(GSO) -INSERT CLASMAP.ZOWE RESOURCE(ZOWE) RSRCTYPE(ZWE) -F ACF2,REFRESH(CLASMAP),TYPE(GSO) -CHANGE INFODIR TYPES(R-RZWE) -F ACF2,REFRESH(INFODIR) -SET CONTROL(GSO) - * uncomment and replace "user" to permit Zowe users to access * the resource: * SET RESOURCE(ZWE) @@ -260,8 +248,5 @@ SET CONTROL(GSO) * UID(user) SERVICE(READ) ALLOW) * F ACF2,REBUILD(ZWE) -* show results -SET RESOURCE(ZWE) -LIST LIKE(-) $$ //* diff --git a/files/SZWESAMP/ZWEIACFZ b/files/SZWESAMP/ZWEIACFZ new file mode 100644 index 0000000000..1d613d4d6b --- /dev/null +++ b/files/SZWESAMP/ZWEIACFZ @@ -0,0 +1,60 @@ +//ZWEIACFZ JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2018, 2020 +//* +//********************************************************************* +//* +//* This JCL creates the Zowe resource class. +//* This already exists on z/OS 2.5 or higher. +//* Only run this on z/OS 2.4 or lower. +//* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* Note(s): +//* +//* 1. THE USER ID THAT RUNS THIS JOB MUST HAVE SUFFICIENT AUTHORITY +//* TO ALTER SECURITY DEFINITONS +//* +//********************************************************************* +// EXPORT SYMLIST=* +//* +//* +//RUN EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=ACF2 +//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY +ACF +* +* DEFINE ZOWE RESOURCE PROTECTION ................................. +* +* - Defines new resource class for Zowe that protects access to +* sensitive Zowe resources. + +* define ZOWE resource type and class mapping +* skip this section if the ZOWE resource class already exists +SET CONTROL(GSO) +INSERT CLASMAP.ZOWE RESOURCE(ZOWE) RSRCTYPE(ZWE) +F ACF2,REFRESH(CLASMAP),TYPE(GSO) +CHANGE INFODIR TYPES(R-RZWE) +F ACF2,REFRESH(INFODIR) +SET CONTROL(GSO) + +* show results +SET RESOURCE(ZWE) +LIST LIKE(-) + +$$ +//* diff --git a/files/SZWESAMP/ZWEIRACF b/files/SZWESAMP/ZWEIRAC similarity index 93% rename from files/SZWESAMP/ZWEIRACF rename to files/SZWESAMP/ZWEIRAC index 007a7a85e3..56ce343c77 100644 --- a/files/SZWESAMP/ZWEIRACF +++ b/files/SZWESAMP/ZWEIRAC @@ -1,4 +1,4 @@ -//ZWEIRACF JOB +//ZWEIRAC JOB //* //* This program and the accompanying materials are made available //* under the terms of the Eclipse Public License v2.0 which @@ -11,7 +11,6 @@ //* //********************************************************************* //* -//* Zowe Open Source Project //* This JCL can be used to define security permits for Zowe //* //* @@ -59,8 +58,6 @@ //* //********************************************************************* //* -//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT -//* //RUN EXEC PGM=IKJEFT01,REGION=0M //SYSTSPRT DD SYSOUT=* //SYSTSIN DD DDNAME=RACF @@ -275,29 +272,9 @@ /* DEFINE ZOWE RESOURCE PROTECTION ................................. */ -/* - Defines new resource class for Zowe that protects access to */ -/* sensitive Zowe resources. */ /* - Defines resource APIML.SERVICES that controls access to */ /* detailed information about API services to Zowe users. */ -/* uncomment to activate CDT class to define ZOWE resource class */ -/* SETROPTS CLASSACT(CDT) RACLIST(CDT) */ - -/* define ZOWE resource class */ -/* skip this command if the ZOWE resource class already exists */ -/* use a unique value in POSIT */ - RDEFINE CDT ZOWE - - UACC(NONE) - - CDTINFO(DEFAULTUACC(NONE) - - FIRST(ALPHA) - - OTHER(ALPHA,NATIONAL,NUMERIC,SPECIAL) - - MAXLENGTH(246) - - POSIT(607) - - RACLIST(DISALLOWED)) - - SETROPTS RACLIST(CDT) REFRESH - SETROPTS CLASSACT(ZOWE) - /* define resource for information about API services */ RDEFINE ZOWE APIML.SERVICES UACC(NONE) diff --git a/files/SZWESAMP/ZWEIRACZ b/files/SZWESAMP/ZWEIRACZ new file mode 100644 index 0000000000..0c393bde43 --- /dev/null +++ b/files/SZWESAMP/ZWEIRACZ @@ -0,0 +1,66 @@ +//ZWEIRACZ JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2018, 2020 +//* +//********************************************************************* +//* +//* This JCL creates the Zowe resource class. +//* This already exists on z/OS 2.5 or higher. +//* Only run this on z/OS 2.4 or lower. +//* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* Note(s): +//* +//* 1. THE USER ID THAT RUNS THIS JOB MUST HAVE SUFFICIENT AUTHORITY +//* TO ALTER SECURITY DEFINITONS +//* +//********************************************************************* +// EXPORT SYMLIST=* +//* +//RUN EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=RACF +//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* DEFINE ZOWE RESOURCE PROTECTION ................................. */ + +/* - Defines new resource class for Zowe that protects access to */ +/* sensitive Zowe resources. */ + +/* uncomment to activate CDT class to define ZOWE resource class */ +/* SETROPTS CLASSACT(CDT) RACLIST(CDT) */ + +/* define ZOWE resource class */ +/* skip this command if the ZOWE resource class already exists */ +/* use a unique value in POSIT */ + RDEFINE CDT ZOWE - + UACC(NONE) - + CDTINFO(DEFAULTUACC(NONE) - + FIRST(ALPHA) - + OTHER(ALPHA,NATIONAL,NUMERIC,SPECIAL) - + MAXLENGTH(246) - + POSIT(607) - + RACLIST(DISALLOWED)) + + SETROPTS RACLIST(CDT) REFRESH + SETROPTS CLASSACT(ZOWE) + +/* show results */ + RLIST ZOWE * + +$$ +//* diff --git a/files/SZWESAMP/ZWEITSS b/files/SZWESAMP/ZWEITSS index d78d031495..03ed3c0804 100644 --- a/files/SZWESAMP/ZWEITSS +++ b/files/SZWESAMP/ZWEITSS @@ -11,7 +11,6 @@ //* //********************************************************************* //* -//* Zowe Open Source Project //* This JCL can be used to define security permits for Zowe //* //* @@ -216,18 +215,11 @@ TSS PERMIT({zowe.setup.security.users.zowe}) APPL(OMVSAPPL) /* DEFINE ZOWE RESOURCE PROTECTION ................................. */ -/* - Defines new resource class for Zowe that protects access to */ -/* sensitive Zowe resources. */ /* - Defines resource APIML.SERVICES that controls access to */ /* detailed information about API services to Zowe users. */ -/* define ZOWE resource class */ -/* skip this command if the ZOWE resource class already exists */ - TSS ADDTO(RDT) RESCLASS(ZOWE) MAXLEN(246) + - ACLST(NONE,READ,UPDATE,CONTROL) DEFACC(NONE) - /* define resource for information about API services */ - TSS ADDTO(&ZOWEDEP.) ZOWE(APIML.) + TSS ADDTO(&ZOWEDEP.) ZOWE(APIML.) /* uncomment and replace "user" to permit Zowe users to access */ /* the resource: */ diff --git a/files/SZWESAMP/ZWEITSSZ b/files/SZWESAMP/ZWEITSSZ new file mode 100644 index 0000000000..6669c3b5c0 --- /dev/null +++ b/files/SZWESAMP/ZWEITSSZ @@ -0,0 +1,54 @@ +//ZWEITSSZ JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2018, 2020 +//* +//********************************************************************* +//* +//* This JCL creates the Zowe resource class. +//* This already exists on z/OS 2.5 or higher. +//* Only run this on z/OS 2.4 or lower. +//* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* Note(s): +//* +//* 1. THE USER ID THAT RUNS THIS JOB MUST HAVE SUFFICIENT AUTHORITY +//* TO ALTER SECURITY DEFINITONS +//* +//********************************************************************* +// EXPORT SYMLIST=* +//* +//RUN EXEC PGM=IKJEFT01,REGION=0M +//SYSTSPRT DD SYSOUT=* +//SYSTSIN DD DDNAME=TSS +//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY + +/* DEFINE ZOWE RESOURCE PROTECTION ................................. */ + +/* - Defines new resource class for Zowe that protects access to */ +/* sensitive Zowe resources. */ + +/* define ZOWE resource class */ +/* skip this command if the ZOWE resource class already exists */ + TSS ADDTO(RDT) RESCLASS(ZOWE) MAXLEN(246) + + ACLST(NONE,READ,UPDATE,CONTROL) DEFACC(NONE) + +/* show results */ + TSS LIST(RDT) RESCLASS(ZOWE) + +PROFILE +$$ +//* diff --git a/manifest.json.template b/manifest.json.template index cf4e920432..a8086ae810 100644 --- a/manifest.json.template +++ b/manifest.json.template @@ -116,7 +116,7 @@ "artifact": "*.pax" }, "org.zowe.configmgr": { - "version": "^2.0.0-V2.X-STAGING", + "version": "^2.15.0-FEATURE-V2-ZOS-VERSION-GET-ESM", "artifact": "*.pax" }, "org.zowe.configmgr-rexx": { From 5422ff2439a715e551ca151eee28bdd7e39dd8a4 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 21 Feb 2024 09:53:29 -0500 Subject: [PATCH 108/258] Fix error descriptions. Fix gener not checking for if config has right properties Signed-off-by: 1000TurquoisePogs --- bin/commands/init/apfauth/.errors | 1 + bin/commands/init/generate/index.sh | 2 +- bin/commands/init/generate/index.ts | 15 +++++++++++++-- bin/commands/init/mvs/.errors | 3 ++- bin/commands/init/security/.errors | 1 + bin/commands/init/stc/.errors | 3 ++- bin/commands/init/vsam/.errors | 1 + 7 files changed, 21 insertions(+), 5 deletions(-) diff --git a/bin/commands/init/apfauth/.errors b/bin/commands/init/apfauth/.errors index 8011cb8960..f6a394dbaa 100644 --- a/bin/commands/init/apfauth/.errors +++ b/bin/commands/init/apfauth/.errors @@ -1 +1,2 @@ ZWEL0157E|157|%s (%s) is not defined in Zowe YAML configuration file. +ZWEL0316E|316|Command requires zowe.useConfigmgr=true to use. \ No newline at end of file diff --git a/bin/commands/init/generate/index.sh b/bin/commands/init/generate/index.sh index e76e65d10a..f3dedacb2e 100644 --- a/bin/commands/init/generate/index.sh +++ b/bin/commands/init/generate/index.sh @@ -19,5 +19,5 @@ if [ "${USE_CONFIGMGR}" = "true" ]; then fi _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/generate/cli.js" else - echo "This command is only available when zowe.useConfigmgr=true" + print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 fi diff --git a/bin/commands/init/generate/index.ts b/bin/commands/init/generate/index.ts index 956fb59709..73a2b657d7 100644 --- a/bin/commands/init/generate/index.ts +++ b/bin/commands/init/generate/index.ts @@ -21,12 +21,23 @@ import * as zosJes from '../../../libs/zos-jes'; export function execute(dryRun?: boolean) { common.requireZoweYaml(); const ZOWE_CONFIG=config.getZoweConfig(); + + const prefix=ZOWE_CONFIG.zowe.setup?.dataset?.prefix; + if (!prefix) { + common.printErrorAndExit(`Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + + const runtimeDirectory=ZOWE_CONFIG.zowe.runtimeDirectory; + if (!runtimeDirectory) { + common.printErrorAndExit(`Error ZWEL0157E: Zowe runtime directory (zowe.runtimeDirecotry) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + const tempFile = fs.createTmpFile(); zosFs.copyMvsToUss(ZOWE_CONFIG.zowe.setup.dataset.prefix + '.SZWESAMP(ZWEGENER)', tempFile); let jclContents = xplatform.loadFileUTF8(tempFile, xplatform.AUTO_DETECT); - jclContents = jclContents.replace(/\{zowe\.setup\.dataset\.prefix\}/gi, ZOWE_CONFIG.zowe.setup.dataset.prefix); - jclContents = jclContents.replace(/\{zowe\.runtimeDirectory\}/gi, ZOWE_CONFIG.zowe.runtimeDirectory); + jclContents = jclContents.replace(/\{zowe\.setup\.dataset\.prefix\}/gi, prefix); + jclContents = jclContents.replace(/\{zowe\.runtimeDirectory\}/gi, runtimeDirectory); let originalConfig = std.getenv('ZWE_PRIVATE_CONFIG_ORIG'); let fileIndex = originalConfig.indexOf('FILE('); let lastIndex = 0; diff --git a/bin/commands/init/mvs/.errors b/bin/commands/init/mvs/.errors index 0b0768cd21..a104c3a36d 100644 --- a/bin/commands/init/mvs/.errors +++ b/bin/commands/init/mvs/.errors @@ -4,4 +4,5 @@ ZWEL0301W||%s already exists and will not be overwritten. For upgrades, you must ZWEL0158E|158|%s already exists. ZWEL0161E|161|Failed to run JCL %s. ZWEL0162E|162|Failed to find job %s result. -ZWEL0163E|163|Job %s ends with code %s. \ No newline at end of file +ZWEL0163E|163|Job %s ends with code %s. +ZWEL0316E|316|Command requires zowe.useConfigmgr=true to use. \ No newline at end of file diff --git a/bin/commands/init/security/.errors b/bin/commands/init/security/.errors index 0d944958a3..189ac1da34 100644 --- a/bin/commands/init/security/.errors +++ b/bin/commands/init/security/.errors @@ -7,3 +7,4 @@ ZWEL0162E|162|Failed to find job %s result. ZWEL0162W||Failed to find job %s result. ZWEL0163E|163|Job %s ends with code %s. ZWEL0163W||Job %s ends with code %s. +ZWEL0316E|316|Command requires zowe.useConfigmgr=true to use. \ No newline at end of file diff --git a/bin/commands/init/stc/.errors b/bin/commands/init/stc/.errors index 801ae923f7..7d928b8124 100644 --- a/bin/commands/init/stc/.errors +++ b/bin/commands/init/stc/.errors @@ -7,4 +7,5 @@ ZWEL0159E|159|Failed to modify %s. ZWEL0160E|160|Failed to write to %s. Please check if target data set is opened by others. ZWEL0161E|161|Failed to run JCL %s. ZWEL0162E|162|Failed to find job %s result. -ZWEL0163E|163|Job %s ends with code %s. \ No newline at end of file +ZWEL0163E|163|Job %s ends with code %s. +ZWEL0316E|316|Command requires zowe.useConfigmgr=true to use. \ No newline at end of file diff --git a/bin/commands/init/vsam/.errors b/bin/commands/init/vsam/.errors index fdbb5ac7a1..4b2cd0935b 100644 --- a/bin/commands/init/vsam/.errors +++ b/bin/commands/init/vsam/.errors @@ -8,3 +8,4 @@ ZWEL0161E|161|Failed to run JCL %s. ZWEL0162E|162|Failed to find job %s result. ZWEL0163E|163|Job %s ends with code %s. ZWEL0301W|0|Zowe Caching Service is not configured to use VSAM. Command skipped. +ZWEL0316E|316|Command requires zowe.useConfigmgr=true to use. \ No newline at end of file From 4adf4a5f36e7a0329b24214528b35b4dc402a890 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 21 Feb 2024 10:16:46 -0500 Subject: [PATCH 109/258] Fix wrong variable name Signed-off-by: 1000TurquoisePogs --- bin/commands/init/security/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/commands/init/security/index.ts b/bin/commands/init/security/index.ts index b8956fa495..e28dffeef0 100644 --- a/bin/commands/init/security/index.ts +++ b/bin/commands/init/security/index.ts @@ -59,7 +59,7 @@ export function execute(dryRun?: boolean, ignoreSecurityFailures?: boolean) { const securityPrefix = securityProduct.substring(0,3); - if (zos.zosVersion() < 0x1020500) { + if (zos.getZosVersion() < 0x1020500) { zosJes.printAndHandleJcl(`//'${jcllib}(ZWEI${securityPrefix}Z)'`, `ZWEI${securityPrefix}Z`, jcllib, prefix, false, ignoreSecurityFailures); } From aae7ba8ef3bfe669977f6c382248b9ef027af4c1 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 21 Feb 2024 14:19:36 -0500 Subject: [PATCH 110/258] dry run comes in 2 variable flavors, make sure both are accounted for Signed-off-by: 1000TurquoisePogs --- bin/libs/zos-jes.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/libs/zos-jes.ts b/bin/libs/zos-jes.ts index f60803f383..af01f5de43 100644 --- a/bin/libs/zos-jes.ts +++ b/bin/libs/zos-jes.ts @@ -183,7 +183,7 @@ export function printAndHandleJcl(jclLocationOrContent: string, jobName: string, let removeRc: number; let jobId: string|undefined; - if (!std.getenv('ZWE_CLI_PARAMETER_DRY_RUN')) { + if (!std.getenv('ZWE_CLI_PARAMETER_DRY_RUN') && !std.getenv('ZWE_CLI_PARAMETER_SECURITY_DRY_RUN')) { common.printMessage(`Submitting Job ${jobName}`); jobId=submitJob(jclLocationOrContent, false, jclIsContent); if (!jobId) { From f284db5724a23f5500f997ffffb58f346faab24c Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 21 Feb 2024 14:40:05 -0500 Subject: [PATCH 111/258] Remove duplicate end message Signed-off-by: 1000TurquoisePogs --- bin/commands/init/security/index.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/bin/commands/init/security/index.ts b/bin/commands/init/security/index.ts index e28dffeef0..859fdefed5 100644 --- a/bin/commands/init/security/index.ts +++ b/bin/commands/init/security/index.ts @@ -69,5 +69,4 @@ export function execute(dryRun?: boolean, ignoreSecurityFailures?: boolean) { common.printMessage(` the job is fully successful. Please check the job log to determine`); common.printMessage(` if there are any inline errors.`); common.printMessage(``); - common.printLevel2Message(`Command run successfully.`); } From e62c122004cb1f5e67fa73ffe39baeb68e167a4e Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 21 Feb 2024 15:07:09 -0500 Subject: [PATCH 112/258] Fix generate handling of multiple input files Signed-off-by: 1000TurquoisePogs --- bin/commands/init/generate/index.ts | 39 ++++++++++++++++++----------- 1 file changed, 25 insertions(+), 14 deletions(-) diff --git a/bin/commands/init/generate/index.ts b/bin/commands/init/generate/index.ts index 73a2b657d7..1266a081a9 100644 --- a/bin/commands/init/generate/index.ts +++ b/bin/commands/init/generate/index.ts @@ -33,27 +33,38 @@ export function execute(dryRun?: boolean) { } const tempFile = fs.createTmpFile(); - zosFs.copyMvsToUss(ZOWE_CONFIG.zowe.setup.dataset.prefix + '.SZWESAMP(ZWEGENER)', tempFile); + zosFs.copyMvsToUss(stringlib.escapeDollar(ZOWE_CONFIG.zowe.setup.dataset.prefix + '.SZWESAMP(ZWEGENER)'), tempFile); let jclContents = xplatform.loadFileUTF8(tempFile, xplatform.AUTO_DETECT); jclContents = jclContents.replace(/\{zowe\.setup\.dataset\.prefix\}/gi, prefix); jclContents = jclContents.replace(/\{zowe\.runtimeDirectory\}/gi, runtimeDirectory); let originalConfig = std.getenv('ZWE_PRIVATE_CONFIG_ORIG'); - let fileIndex = originalConfig.indexOf('FILE('); - let lastIndex = 0; - let absConfig = ''; - while (fileIndex != -1) { - absConfig += originalConfig.substring(lastIndex, fileIndex+5); - let parenIndex = originalConfig.indexOf(')', fileIndex+5); - let fileRef = originalConfig.substring(fileIndex+5, parenIndex); - let absRef = fs.convertToAbsolutePath(fileRef); - absConfig += absRef + ')'; - lastIndex = parenIndex+1; - fileIndex = originalConfig.indexOf('FILE(', lastIndex); + let startingConfig = originalConfig; + if ((originalConfig.indexOf('FILE(') == -1) && (originalConfig.indexOf('PARMLIB(') == -1)) { + startingConfig = 'FILE('+originalConfig+')'; } - absConfig += originalConfig.substring(lastIndex); - jclContents = jclContents.replace('FILE ', 'FILE '+absConfig); + let parts = startingConfig.split(/(FILE\(|PARMLIB\()/g).filter(item => item.length > 0); + let configLines = []; + let state = ''; + + for (let i = 0; i < parts.length; i++) { + let part = parts[i]; + if (part == 'FILE(') { + state = part; + } else if (part == 'PARMLIB(') { + state = part; + } else if (state == 'FILE(') { + let filename = part.substring(0, part.indexOf(')')); + configLines.push('FILE '+fs.convertToAbsolutePath(filename)); + state = null; + } else if (state == 'PARMLIB(') { + configLines.push('PARMLIB '+part.substring(0, part.indexOf('('))); + state = null; + } + } + + jclContents = jclContents.replace('FILE ', configLines.join('\n')); xplatform.storeFileUTF8(tempFile, xplatform.AUTO_DETECT, jclContents); From 2e32df366009d68f15333e90c50744e6d7985b29 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 21 Feb 2024 15:10:36 -0500 Subject: [PATCH 113/258] Add missing stringlib import Signed-off-by: 1000TurquoisePogs --- bin/commands/init/generate/index.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/commands/init/generate/index.ts b/bin/commands/init/generate/index.ts index 1266a081a9..8dde246e0d 100644 --- a/bin/commands/init/generate/index.ts +++ b/bin/commands/init/generate/index.ts @@ -15,6 +15,7 @@ import * as xplatform from "xplatform"; import * as fs from '../../../libs/fs'; import * as config from '../../../libs/config'; import * as common from '../../../libs/common'; +import * as stringlib from '../../../libs/string'; import * as zosFs from '../../../libs/zos-fs'; import * as zosJes from '../../../libs/zos-jes'; From fdf6cfe09196da301784eef85058d0be25eb7c2f Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Thu, 22 Feb 2024 09:59:27 +0100 Subject: [PATCH 114/258] escapeDollar already in copyMvsToUss Signed-off-by: Martin Zeithaml --- bin/commands/init/generate/index.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/commands/init/generate/index.ts b/bin/commands/init/generate/index.ts index 8dde246e0d..09db1f97b7 100644 --- a/bin/commands/init/generate/index.ts +++ b/bin/commands/init/generate/index.ts @@ -30,11 +30,11 @@ export function execute(dryRun?: boolean) { const runtimeDirectory=ZOWE_CONFIG.zowe.runtimeDirectory; if (!runtimeDirectory) { - common.printErrorAndExit(`Error ZWEL0157E: Zowe runtime directory (zowe.runtimeDirecotry) is not defined in Zowe YAML configuration file.`, undefined, 157); + common.printErrorAndExit(`Error ZWEL0157E: Zowe runtime directory (zowe.runtimeDirectory) is not defined in Zowe YAML configuration file.`, undefined, 157); } const tempFile = fs.createTmpFile(); - zosFs.copyMvsToUss(stringlib.escapeDollar(ZOWE_CONFIG.zowe.setup.dataset.prefix + '.SZWESAMP(ZWEGENER)'), tempFile); + zosFs.copyMvsToUss(ZOWE_CONFIG.zowe.setup.dataset.prefix + '.SZWESAMP(ZWEGENER)', tempFile); let jclContents = xplatform.loadFileUTF8(tempFile, xplatform.AUTO_DETECT); jclContents = jclContents.replace(/\{zowe\.setup\.dataset\.prefix\}/gi, prefix); From 17bf2df7c37d42462b486930525ade562de1430e Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 22 Feb 2024 16:14:45 -0500 Subject: [PATCH 115/258] Temporary hack to get logs on test system for bug fixing elsewhere Signed-off-by: 1000TurquoisePogs --- bin/libs/common.ts | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/bin/libs/common.ts b/bin/libs/common.ts index 7eabf33f5f..b1c59e7847 100644 --- a/bin/libs/common.ts +++ b/bin/libs/common.ts @@ -131,15 +131,15 @@ let logExists = false; let logFile:std.File|null = null; function writeLog(message: string): boolean { + const filename = std.getenv('ZWE_PRIVATE_LOG_FILE'); if (!logExists) { - const filename = std.getenv('ZWE_PRIVATE_LOG_FILE'); if (filename) { logExists = fs.fileExists(filename); if (!logExists) { fs.createFile(filename, 0o640, message); logExists = fs.fileExists(filename); } - if (logExists) { + if (logExists && (os.platform != 'zos')) { let errObj = {errno:undefined}; logFile = std.open(filename, 'w', errObj); if (errObj.errno) { @@ -153,9 +153,13 @@ function writeLog(message: string): boolean { } if (logFile===undefined || logFile===null) { return false; - } else { + } else if (os.platform != 'zos') { //TODO this does utf8. should we flip it to 1047 on zos? - logFile.puts(message); + logFile.puts(message+'\n'); + return true; + } else { + //TODO on zos, there is some printing bug in the JS code. configmgr functions work well for writing, but the native qjs ones dont. for now, just using an echo... + shell.execSync('sh', '-c', `echo ${message} >> ${filename}`); return true; } } @@ -173,7 +177,7 @@ export function printRawMessage(message: string, isError: boolean, writeTo:strin } } if (writeTo.includes('log')) { - writeLog(message+'\n'); + writeLog(message); } return true; } From f59c01e37a84a73e331f7c66da26723d9e90860d Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Mon, 26 Feb 2024 16:30:29 +0100 Subject: [PATCH 116/258] Exit before first procedures Signed-off-by: Martin Zeithaml --- files/SZWEEXEC/ZWEGEN00 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/files/SZWEEXEC/ZWEGEN00 b/files/SZWEEXEC/ZWEGEN00 index 0a8873171b..f277a556b7 100644 --- a/files/SZWEEXEC/ZWEGEN00 +++ b/files/SZWEEXEC/ZWEGEN00 @@ -381,6 +381,8 @@ if card.0 > 0 then do say 'The job card was added to each member.' end +exit + /* ================================================================================ Validate(schema, yaml) From 08c398a24379b00402235c9d721208bf0f034e17 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Mon, 26 Feb 2024 16:48:59 +0100 Subject: [PATCH 117/258] SET in in-stream Signed-off-by: Martin Zeithaml --- files/SZWESAMP/ZWERSTC | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/files/SZWESAMP/ZWERSTC b/files/SZWESAMP/ZWERSTC index 2d5980d051..80491c5d48 100644 --- a/files/SZWESAMP/ZWERSTC +++ b/files/SZWESAMP/ZWERSTC @@ -1,32 +1,34 @@ -//ZWERSTC JOB -//* -//* This program and the accompanying materials are made available -//* under the terms of the Eclipse Public License v2.0 which -//* accompanies this distribution, and is available at -//* https://www.eclipse.org/legal/epl-v20.html -//* -//* SPDX-License-Identifier: EPL-2.0 -//* -//* Copyright Contributors to the Zowe Project. 2020, 2020 -//* -//********************************************************************* +//ZWERSTC JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* //* //* This job is used to remove proclib members //* Used to start a Zowe "instance" //* Instances represent a configuration of Zowe, different from the //* "runtime" datasets that are created upon install of Zowe / SMPE. //* -//********************************************************************* +//********************************************************************* //* //* * You do NOT need to change PROCLIB when running ZWEGENER. //* * This is used to keep some lines under the column limit. //* +// EXPORT SYMLIST=* +//* // SET PROCLIB={zowe.setup.dataset.proclib} //* //********************************************************************* -//RMPROC EXEC PGM=IKJEFT01 -//SYSTSPRT DD SYSOUT=A -//SYSTSIN DD * +//RMPROC EXEC PGM=IKJEFT01 +//SYSTSPRT DD SYSOUT=A +//SYSTSIN DD *,SYMBOLS=JCLONLY DELETE ('&PROCLIB.({zowe.setup.security.stcs.zowe})', + '&PROCLIB.({zowe.setup.security.stcs.zis})', + '&PROCLIB.({zowe.setup.security.stcs.aux})') + From e7287172a918e2c59c9362c8427ce77855b265d2 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Mon, 26 Feb 2024 17:27:09 +0100 Subject: [PATCH 118/258] Copy executables with flag -X Signed-off-by: Martin Zeithaml --- files/SZWESAMP/ZWEIMVS2 | 72 ++++++++++++++++++++--------------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/files/SZWESAMP/ZWEIMVS2 b/files/SZWESAMP/ZWEIMVS2 index bed84772d0..ab0d17a6a9 100644 --- a/files/SZWESAMP/ZWEIMVS2 +++ b/files/SZWESAMP/ZWEIMVS2 @@ -1,15 +1,15 @@ -//ZWEIMVS2 JOB -//* -//* This program and the accompanying materials are made available -//* under the terms of the Eclipse Public License v2.0 which -//* accompanies this distribution, and is available at -//* https://www.eclipse.org/legal/epl-v20.html -//* -//* SPDX-License-Identifier: EPL-2.0 -//* -//* Copyright Contributors to the Zowe Project. 2020, 2020 -//* -//********************************************************************* +//ZWEIMVS2 JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* //* //* This job is used to create the APF load library for an instance //* Of Zowe. It is not needed if your choosen value of @@ -18,28 +18,28 @@ //* //* When running this job, you should also run ZWEIMVS //* -//********************************************************************* -//MKPDSE EXEC PGM=IKJEFT01 -//SYSTSPRT DD SYSOUT=A -//SYSTSIN DD * -ALLOC NEW DA('{zowe.setup.dataset.authLoadlib}') + -dsntype(library) dsorg(po) recfm(u) lrecl(0) + -blksize(32760) unit(sysallda) space(30,15) tracks -//* -//AUTHCPY EXEC PGM=BPXBATCH -//BPXPRINT DD SYSOUT=* -//STDOUT DD SYSOUT=* -//STDERR DD SYSOUT=* -//STDPARM DD * -SH cd "{zowe.runtimeDirectory}" && -cd components/zss && -cp LOADLIB/ZWESIS01 -"//'{zowe.setup.dataset.authLoadlib}(ZWESIS01)'" && -cp LOADLIB/ZWESAUX -"//'{zowe.setup.dataset.authLoadlib}(ZWESAUX)'" && -cp LOADLIB/ZWESISDL -"//'{zowe.setup.dataset.authLoadlib}(ZWESISDL)'" && -cd ../launcher/bin && -cp zowe_launcher -"//'{zowe.setup.dataset.authLoadlib}(ZWELNCH)'" +//********************************************************************* +//MKPDSE EXEC PGM=IKJEFT01 +//SYSTSPRT DD SYSOUT=A +//SYSTSIN DD * +ALLOC NEW DA('{zowe.setup.dataset.authLoadlib}') + +dsntype(library) dsorg(po) recfm(u) lrecl(0) + +blksize(32760) unit(sysallda) space(30,15) tracks +//* +//AUTHCPY EXEC PGM=BPXBATCH +//BPXPRINT DD SYSOUT=* +//STDOUT DD SYSOUT=* +//STDERR DD SYSOUT=* +//STDPARM DD * +SH cd "{zowe.runtimeDirectory}" && +cd components/zss && +cp -X LOADLIB/ZWESIS01 +"//'{zowe.setup.dataset.authLoadlib}(ZWESIS01)'" && +cp -X LOADLIB/ZWESAUX +"//'{zowe.setup.dataset.authLoadlib}(ZWESAUX)'" && +cp -X LOADLIB/ZWESISDL +"//'{zowe.setup.dataset.authLoadlib}(ZWESISDL)'" && +cd ../launcher/bin && +cp -X zowe_launcher +"//'{zowe.setup.dataset.authLoadlib}(ZWELNCH)'" /* From bd462469672b03967df96a5946555f85e08cfcb8 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Wed, 28 Feb 2024 11:24:25 +0100 Subject: [PATCH 119/258] Make room for the longest posible dsn Signed-off-by: Martin Zeithaml --- files/SZWESAMP/ZWEGENER | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/files/SZWESAMP/ZWEGENER b/files/SZWESAMP/ZWEGENER index ff5f149a50..753b0cc94b 100644 --- a/files/SZWESAMP/ZWEGENER +++ b/files/SZWESAMP/ZWEGENER @@ -29,16 +29,16 @@ //* Replace {zowe.setup.dataset.prefix} with the //* Value as seen in zowe.yaml //* -//SYSPROC DD DSN={zowe.setup.dataset.prefix}.SZWEEXEC,DISP=SHR +//SYSPROC DD DSN={zowe.setup.dataset.prefix}.SZWEEXEC,DISP=SHR //* //* Replace {zowe.setup.dataset.prefix} with the //* Value as seen in zowe.yaml //* -//STEPLIB DD DSN={zowe.setup.dataset.prefix}.SZWELOAD,DISP=SHR -//ISPPLIB DD DSN=ISP.SISPPENU,DISP=SHR -//ISPMLIB DD DSN=ISP.SISPMENU,DISP=SHR -//ISPTLIB DD DSN=ISP.SISPTENU,DISP=SHR -//ISPSLIB DD DSN=ISP.SISPSENU,DISP=SHR +//STEPLIB DD DSN={zowe.setup.dataset.prefix}.SZWELOAD,DISP=SHR +//ISPPLIB DD DSN=ISP.SISPPENU,DISP=SHR +//ISPMLIB DD DSN=ISP.SISPMENU,DISP=SHR +//ISPTLIB DD DSN=ISP.SISPTENU,DISP=SHR +//ISPSLIB DD DSN=ISP.SISPSENU,DISP=SHR //* //* The order must be as follows. //* From 017d4aca5fd6c8276a7fd697815d2af653916189 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Thu, 29 Feb 2024 09:25:41 +0100 Subject: [PATCH 120/258] Handle $ in DSN or runtime path Signed-off-by: Martin Zeithaml --- bin/commands/init/generate/index.ts | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/bin/commands/init/generate/index.ts b/bin/commands/init/generate/index.ts index 09db1f97b7..5abfd4e55c 100644 --- a/bin/commands/init/generate/index.ts +++ b/bin/commands/init/generate/index.ts @@ -37,8 +37,11 @@ export function execute(dryRun?: boolean) { zosFs.copyMvsToUss(ZOWE_CONFIG.zowe.setup.dataset.prefix + '.SZWESAMP(ZWEGENER)', tempFile); let jclContents = xplatform.loadFileUTF8(tempFile, xplatform.AUTO_DETECT); - jclContents = jclContents.replace(/\{zowe\.setup\.dataset\.prefix\}/gi, prefix); - jclContents = jclContents.replace(/\{zowe\.runtimeDirectory\}/gi, runtimeDirectory); + // Replace is using special replacement patterns, by doubling '$' we will avoid that + // Otherwise: let d4 = '$$$$'; console.log('a'.replace(/a/gi, d4)); --> '$$' (we want '$$$$') + // $$ inserts a '$', replace(/[$]/g, '$$$$') => double each '$' occurence + jclContents = jclContents.replace(/\{zowe\.setup\.dataset\.prefix\}/gi, prefix.replace(/[$]/g, '$$$$')); + jclContents = jclContents.replace(/\{zowe\.runtimeDirectory\}/gi, runtimeDirectory.replace(/[$]/g, '$$$$')); let originalConfig = std.getenv('ZWE_PRIVATE_CONFIG_ORIG'); let startingConfig = originalConfig; if ((originalConfig.indexOf('FILE(') == -1) && (originalConfig.indexOf('PARMLIB(') == -1)) { @@ -57,10 +60,10 @@ export function execute(dryRun?: boolean) { state = part; } else if (state == 'FILE(') { let filename = part.substring(0, part.indexOf(')')); - configLines.push('FILE '+fs.convertToAbsolutePath(filename)); + configLines.push('FILE ' + fs.convertToAbsolutePath(filename).replace(/[$]/g, '$$$$')); state = null; } else if (state == 'PARMLIB(') { - configLines.push('PARMLIB '+part.substring(0, part.indexOf('('))); + configLines.push('PARMLIB ' + part.substring(0, part.indexOf('(')).replace(/[$]/g, '$$$$')); state = null; } } @@ -75,8 +78,8 @@ export function execute(dryRun?: boolean) { common.printMessage('--- End of JCL ---'); if (dryRun) { - common.printMessage('JCL not submitted, command run with dry run flag.'); - common.printMessage('To perform command, re-run command without dry run flag, or submit the JCL directly.'); + common.printMessage('JCL not submitted, command run with "--dry-run" flag.'); + common.printMessage('To perform command, re-run command without "--dry-run" flag, or submit the JCL directly.'); os.remove(tempFile); } else { //TODO can we generate just for one step, or no reason? From a4ffe3046aa13cd5d59311d1f5b93d67f7e01518 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Thu, 29 Feb 2024 15:17:27 +0100 Subject: [PATCH 121/258] Init MVS prints JCL and enhanced trace Signed-off-by: Martin Zeithaml --- bin/commands/init/mvs/index.ts | 10 ++++++---- bin/libs/zos-jes.ts | 16 ++++++++++++++-- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/bin/commands/init/mvs/index.ts b/bin/commands/init/mvs/index.ts index 3fbe8dab16..0644dc8000 100644 --- a/bin/commands/init/mvs/index.ts +++ b/bin/commands/init/mvs/index.ts @@ -14,6 +14,7 @@ import * as zosJes from '../../../libs/zos-jes'; import * as zosdataset from '../../../libs/zos-dataset'; import * as common from '../../../libs/common'; import * as config from '../../../libs/config'; +import * as stringlib from '../../../libs/string'; export function execute(allowOverwrite?: boolean) { common.printLevel1Message(`Initialize Zowe custom data sets`); @@ -77,16 +78,17 @@ export function execute(allowOverwrite?: boolean) { if (skippedDatasets && !allowOverwrite) { common.printMessage(`Skipped writing to a dataset. To write, you must use --allow-overwrite.`); } else { + const jcllibEscaped = stringlib.escapeDollar(jcllib); if (allowOverwrite && needCleanup) { - zosJes.printAndHandleJcl(`//'${jcllib}(ZWERMVS)'`, `ZWERMVS`, jcllib, prefix, false, true); + zosJes.printAndHandleJcl(`//'${jcllibEscaped}(ZWERMVS)'`, `ZWERMVS`, jcllib, prefix, false, true); } if (allowOverwrite && needAuthCleanup) { - zosJes.printAndHandleJcl(`//'${jcllib}(ZWERMVS2)'`, `ZWERMVS2`, jcllib, prefix, false, true); + zosJes.printAndHandleJcl(`//'${jcllibEscaped}(ZWERMVS2)'`, `ZWERMVS2`, jcllib, prefix, false, true); } - zosJes.printAndHandleJcl(`//'${jcllib}(ZWEIMVS)'`, `ZWEIMVS`, jcllib, prefix); + zosJes.printAndHandleJcl(`//'${jcllibEscaped}(ZWEIMVS)'`, `ZWEIMVS`, jcllib, prefix); if (runALoadlibCreate === true) { - zosJes.printAndHandleJcl(`//'${jcllib}(ZWEIMVS2)'`, `ZWEIMVS2`, jcllib, prefix); + zosJes.printAndHandleJcl(`//'${jcllibEscaped}(ZWEIMVS2)'`, `ZWEIMVS2`, jcllib, prefix); } } diff --git a/bin/libs/zos-jes.ts b/bin/libs/zos-jes.ts index af01f5de43..47b5711891 100644 --- a/bin/libs/zos-jes.ts +++ b/bin/libs/zos-jes.ts @@ -180,6 +180,18 @@ export function printAndHandleJcl(jclLocationOrContent: string, jobName: string, common.printMessage(jclContents); common.printMessage(`--- End of JCL ---`); + common.printTrace(' * zos-jes.printAndHanleJcl'); + common.printTrace(' * JCL Lines Length'); + const jclContentsSplit = jclContents.split("\n"); + for (let jclLine in jclContentsSplit) { + const tracePad = 6; + common.printTrace(`${jclContentsSplit[jclLine].length.toString().padStart(tracePad, ' ')}: ${jclContentsSplit[jclLine]}`); + if (jclContentsSplit[jclLine].length > 71) { + common.printTrace(`${' '.repeat(tracePad + 2)}${'^'.repeat(jclContentsSplit[jclLine].length)}`); + } + } + common.printTrace(' * JCL Lines Length'); + let removeRc: number; let jobId: string|undefined; @@ -230,8 +242,8 @@ export function printAndHandleJcl(jclLocationOrContent: string, jobName: string, } return 0 } else { - common.printMessage(`JCL not submitted, command run with dry run flag.`); - common.printMessage(`To perform command, re-run command without dry run flag, or submit the JCL directly`); + common.printMessage(`JCL not submitted, command run with "--dry-run" flag.`); + common.printMessage(`To perform command, re-run command without "--dry-run" flag, or submit the JCL directly`); common.printLevel2Message(`Command run successfully.`); if (removeJclOnFinish) { removeRc = os.remove(jclLocationOrContent); From 52eea1cf79c7b3d48d00e156cf330ad2d109bab6 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Thu, 29 Feb 2024 16:26:36 +0100 Subject: [PATCH 122/258] Simplify JCL prinitng, isVsamDatasetExists bug Signed-off-by: Martin Zeithaml --- bin/commands/init/mvs/index.ts | 9 ++++----- bin/commands/init/vsam/index.ts | 2 +- bin/libs/zos-dataset.ts | 8 ++++++-- bin/libs/zos-jes.ts | 2 +- 4 files changed, 12 insertions(+), 9 deletions(-) diff --git a/bin/commands/init/mvs/index.ts b/bin/commands/init/mvs/index.ts index 0644dc8000..9818ddbc73 100644 --- a/bin/commands/init/mvs/index.ts +++ b/bin/commands/init/mvs/index.ts @@ -78,17 +78,16 @@ export function execute(allowOverwrite?: boolean) { if (skippedDatasets && !allowOverwrite) { common.printMessage(`Skipped writing to a dataset. To write, you must use --allow-overwrite.`); } else { - const jcllibEscaped = stringlib.escapeDollar(jcllib); if (allowOverwrite && needCleanup) { - zosJes.printAndHandleJcl(`//'${jcllibEscaped}(ZWERMVS)'`, `ZWERMVS`, jcllib, prefix, false, true); + zosJes.printAndHandleJcl(`//'${jcllib}(ZWERMVS)'`, `ZWERMVS`, jcllib, prefix, false, true); } if (allowOverwrite && needAuthCleanup) { - zosJes.printAndHandleJcl(`//'${jcllibEscaped}(ZWERMVS2)'`, `ZWERMVS2`, jcllib, prefix, false, true); + zosJes.printAndHandleJcl(`//'${jcllib}(ZWERMVS2)'`, `ZWERMVS2`, jcllib, prefix, false, true); } - zosJes.printAndHandleJcl(`//'${jcllibEscaped}(ZWEIMVS)'`, `ZWEIMVS`, jcllib, prefix); + zosJes.printAndHandleJcl(`//'${jcllib}(ZWEIMVS)'`, `ZWEIMVS`, jcllib, prefix); if (runALoadlibCreate === true) { - zosJes.printAndHandleJcl(`//'${jcllibEscaped}(ZWEIMVS2)'`, `ZWEIMVS2`, jcllib, prefix); + zosJes.printAndHandleJcl(`//'${jcllib}(ZWEIMVS2)'`, `ZWEIMVS2`, jcllib, prefix); } } diff --git a/bin/commands/init/vsam/index.ts b/bin/commands/init/vsam/index.ts index 1f06abd541..e0d8f5cbb1 100644 --- a/bin/commands/init/vsam/index.ts +++ b/bin/commands/init/vsam/index.ts @@ -22,7 +22,7 @@ export function execute(allowOverwrite?: boolean, dryRun?: boolean, updateConfig common.requireZoweYaml(); const ZOWE_CONFIG = config.getZoweConfig(); - const cachingStorage = ZOWE_CONFIG.components['caching-service']?.storage?.mode; + const cachingStorage = ZOWE_CONFIG.components !== undefined ? ZOWE_CONFIG.components['caching-service']?.storage?.mode : undefined; if (!cachingStorage || (cachingStorage.toUpperCase() != 'VSAM')) { common.printError(`Warning ZWEL0301W: Zowe Caching Service is not configured to use VSAM. Command skipped.`); return; diff --git a/bin/libs/zos-dataset.ts b/bin/libs/zos-dataset.ts index 02d88c0c2c..72d1c87047 100644 --- a/bin/libs/zos-dataset.ts +++ b/bin/libs/zos-dataset.ts @@ -20,12 +20,14 @@ import * as zoslib from './zos'; //TODO a bit of a hack. "cat" cant output a vsam, so it will always give errors. // however, the errors it gives are different depending on if the vsam exists or not. export function isVsamDatasetExists(datasetName: string): boolean { - const result = shell.execErrSync('sh', '-c', `cat "//'${datasetName}'" 1>/dev/null 2>&1`); + common.printTrace(` * isVsamDatasetExists: '${stringlib.escapeDollar(datasetName)}'`); + const result = shell.execErrSync('sh', '-c', `cat "//'${stringlib.escapeDollar(datasetName)}'" 1>/dev/null`); return !(result.err && result.err.includes('EDC5049I')); // EDC5049I = file not found } export function isDatasetExists(datasetName: string): boolean { + common.printTrace(` * isDatasetExists: '${stringlib.escapeDollar(datasetName)}'`); const result = shell.execSync('sh', '-c', `cat "//'${stringlib.escapeDollar(datasetName)}'" 1>/dev/null 2>&1`); return result.rc === 0; } @@ -35,6 +37,7 @@ export function isDatasetExists(datasetName: string): boolean { // 1: data set is not in catalog // 2: data set member doesn't exist export function tsoIsDatasetExists(datasetName: string): number { + common.printTrace(` * tsoIsDatasetExists: '${stringlib.escapeDollar(datasetName)}'`); const result = zoslib.tsoCommand(`listds '${stringlib.escapeDollar(datasetName)}' label`); if (result.rc != 0) { if (result.out.includes('NOT IN CATALOG')) { @@ -52,6 +55,7 @@ export function tsoIsDatasetExists(datasetName: string): number { } export function createDataSet(dsName: string, dsOptions: string): number { + common.printTrace(` * createDataSet: '${stringlib.escapeDollar(dsName)}' ${dsOptions}`); const result=zoslib.tsoCommand(`ALLOCATE NEW DA('${stringlib.escapeDollar(dsName)}') ${dsOptions}`); return result.rc; } @@ -81,7 +85,7 @@ export function copyToDataset(filePath: string, dsName: string, cpOptions: strin } export function getDatasetVolume(dataset: string): { rc: number, volume?: string } { - common.printTrace(`- Find volume of data set ${dataset}`); + common.printTrace(`- Find volume of data set ${stringlib.escapeDollar(dataset)}`); const result = zoslib.tsoCommand(`listds '${stringlib.escapeDollar(dataset)}'`); if (result.rc == 0) { let volumesIndex = result.out.indexOf('--VOLUMES--'); diff --git a/bin/libs/zos-jes.ts b/bin/libs/zos-jes.ts index 47b5711891..10d5a2a26f 100644 --- a/bin/libs/zos-jes.ts +++ b/bin/libs/zos-jes.ts @@ -168,7 +168,7 @@ export function waitForJob(jobid: string): {jobcctext?: string, jobcccode?: stri } export function printAndHandleJcl(jclLocationOrContent: string, jobName: string, jcllib: string, prefix: string, removeJclOnFinish?: boolean, continueOnFailure?: boolean, jclIsContent?: boolean){ - const jclContents = jclIsContent ? jclLocationOrContent : shell.execOutSync('sh', '-c', `cat "${jclLocationOrContent}" 2>&1`).out; + const jclContents = jclIsContent ? jclLocationOrContent : shell.execOutSync('sh', '-c', `cat "${stringlib.escapeDollar(jclLocationOrContent)}" 2>&1`).out; let jobHasFailures = false; if (jclIsContent) { From c8b54b5925dda0afcd367dc029c25ee25bc35cd9 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 29 Feb 2024 15:57:47 -0500 Subject: [PATCH 123/258] Create INSTALLATION.md Signed-off-by: 1000TurquoisePogs --- INSTALLATION.md | 230 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 230 insertions(+) create mode 100644 INSTALLATION.md diff --git a/INSTALLATION.md b/INSTALLATION.md new file mode 100644 index 0000000000..2cb825c8ed --- /dev/null +++ b/INSTALLATION.md @@ -0,0 +1,230 @@ +# Installing Zowe Server Components on z/OS + +Within the Zowe project, there exists several components for both client and server, z/OS and PC. +Among them are the Zowe servers; Software that is run usually on z/OS, though some of these servers may also be capable of running in linux environment such as in containers. + +This document covers installation and configuration of Zowe's core server components on z/OS. + +Table of contents: + +1. [Concepts](#concepts) + 1. [Installation Concepts](#installation-concepts) + 2. [Configuration Concepts](#configuration-concepts) +2. [Distribution](#distribution) +3. [Installation of Runtime](#installation-of-runtime) + 1. [SMPE or PSWI](#smpe-or-pswi) + 2. [PAX](#pax) +4. [Configuration of Instance](#configuration-of-instance) + 1. [Configuration by JCL](#configuration-by-jcl) + 1. [Core Tasks](#core-tasks) + 2. [Keyring Tasks](#keyring-tasks) + 3. [(Optional) Caching Service VSAM Task](#optional-caching-service-vsam-task) + 3. [Configuration by zwe](#configuration-by-zwe) + 1. [Keystore or Keyring Configuration](#keystore-or-keyring-configuration) + 2. [(Optional) Caching Service VSAM Configuration](#optional-caching-service-vsam-configuration) +5. [References](#references) + + +## Concepts + +Familiarize yourself with these core concepts of the Zowe servers, which are referenced during installation and configuration. + +### Installation Concepts +Runtime: The read-only content that comprises a version of Zowe. + +Instance: A collection of configuration and persistent data for Zowe that uses a particular Runtime. + +HA Instance: An optional subset of an Instance which varies its configuration for redundant copies of Zowe components across one or more LPARs for high avilability and fault tolerance. + +Component: A unit of software that is managed by Zowe's launcher and has a folder structure that allows Zowe's tools to manage it. Components may contain a webserver or an extension to another component. + +Extension: A component which is not part of the Zowe core server Components. This could be an extension from the Zowe project, or from a 3rd party. Extensions do not exist in the Runtime directory. They are instead linked to Zowe via the Extension directory. + +Keystore: Zowe has several HTTPS servers which require certificates to function. You can store these certificates in a Keyring, or in a ZFS Keystore directory in the form of PKCS12 files. + +### Configuration Concepts +Zowe YAML File: Each Instance is configured by a YAML document composed of one or more unix file or PDSE member. This can be as simple as a "zowe.yaml" unix file, or ZWEYAML parmlib member, or advanced configuration can ba accomplished by splitting configuration across multiple such files. This allows for defaults and customizations, splitting the configuration by administrative duty, or even splitting the configuration by core configuration versus extension configuration. + +Schema: The YAML file is backed by a Schema, found within `runtimeDirectory/schemas`. Whenever Zowe starts up, or when most `zwe` commands are used, Zowe will check that the YAML file is valid before executing the requested operation, to reduce chance of misconfiguration. The schema also details advanced configuration parameters that may not be needed in basic installs. + +Configuration Templates: Each YAML file can contain values that have templates within in the form of `${{ item }}` where the item within can be a reference to another property in the YAML, an environment variable, system symbol, or even simple conditional logic of them. This allows you to have configuration that works across multiple systems, such as by tying a hostname to `${{ zos.resolveSymbol(&SYSNAME) }}` to have the value be whatever the SYSNAME symbol is on a given LPAR. +Workspace: Each Instance has an area where Components can store data to persist across Zowe restarts or IPLs. Runtime state should instead be stored in the Caching Service component if high availability and fault tolerance is a concern, whereas the workspace instead covers items like user preferences. + +## Distribution + +The Zowe server components are distributed in multiple forms, such as SMPE, PSWI, and even PAX archive. You can find Zowe's official distributions at zowe.org + +## Installation of Runtime + +The following covers installation when not using the Zowe Server Install Wizard. When using that instead, please refer to the prompts within it instead of this guide. + +### SMPE or PSWI +1. When you install Zowe via SMPE or PSWI, the Runtime directory and datasets will be populated. +2. Navigate to the Runtime Directory and copy the `example-zowe.yaml` file to a location outside this folder, generally wherever you want to put the Zowe Instance. +3. Edit the YAML copy to set the values of "zowe.runtimeDirectory", "java.home", "node.home", and "zowe.setup.datasets", as follows + 1. zowe.runtimeDirectory: The location you extracted the PAX to. + 2. java.home: The location of the Java that will be used when installing & running Zowe. For example, if your java is located at /usr/lpp/java/J8.0_64/bin/java, then the java.home is /usr/lpp/java/J8.0_64 + 3. node.home: The location of the NodeJS that will be used when installing & running ZOwe. For example, if your node is located at /usr/lpp/node/v18/bin/node, then the java.home is /usr/lpp/node/v18 + 4. zowe.setup.datasets: This section defines where both Runtime and Instance datasets of Zowe will be created. + + +### PAX +1. Extract the PAX on some ZFS partition on z/OS. At least 1200MB of free space is required. (For example, `pax -ppx -rf zowe.pax`). The location you extract to is the "Runtime Directory" +2. Navigate to the Runtime Directory and copy the `example-zowe.yaml` file to a location outside this folder, generally wherever you want to put the Zowe Instance. +3. Edit the YAML copy to set the values of `zowe.runtimeDirectory`, `java.home`, `node.home`, and `zowe.setup.datasets`, as follows + 1. `zowe.runtimeDirectory`: The location you extracted the PAX to. + 2. `java.home`: The location of the Java that will be used when installing & running Zowe. For example, if your java is located at /usr/lpp/java/J8.0_64/bin/java, then the java.home is /usr/lpp/java/J8.0_64 + 3. `node.home`: The location of the NodeJS that will be used when installing & running ZOwe. For example, if your node is located at /usr/lpp/node/v18/bin/node, then the java.home is /usr/lpp/node/v18 + 4. `zowe.setup.datasets`: This section defines where both Runtime and Instance datasets of Zowe will be created. +5. Navigate to the `/bin` folder of the extracted location +6. Run `./zwe install -c /path/to/zowe.yaml`. This creates the Runtime datasets for the Zowe release. + + + +## Configuration of Instance + +The following covers configuration when not using the Zowe Server Install Wizard. When using that instead, please refer to the prompts within it instead of this guide. +Aside from the Zowe Server Install Wizard, there are three other ways to configure a Zowe Instance. +1. JCL samples: The Zowe Runtime dataset SZWESAMP contains templates of JCL that must be substituted with Zowe YAML parameters before executed. That can be done manually, or automatically via editing and submitting the job ZWEGENER, which will place resolved JCL into the PDSE defined at `zowe.setup.datasets.jcllib` +2. zwe operations: `zwe` is a Unix CLI program that has commands which will automate the execution of the JCL samples. +3. z/OSMF workflow: The z/OSMF workflows will prompt you for Zowe YAML parameters before submitting jobs equivalent to the actions seen in the JCL samples. + + +### Configuration by JCL +The Zowe Runtime Dataset SZWESAMP contains JCL samples that have templates referencing Zowe YAML parameters. +They cannot be submitted without modification as a result. + +It is recommended to edit and submit the job SZWESAMP(ZWEGENER) which will validate the contents of your Zowe YAML before resolving the JCL templates and placing the resulting JCL into a separate PDSE created during installation, located at the value of `zowe.setup.datasets.jcllib`. + +When the JCL is prepared, the following jobs can be submitted to perform the following Instance configuration actions: + +#### Core Tasks +|Task|Description|Sample JCL| +|---|---|---| +|Create Instance Datasets|Creates datasets for holding PARMLIB content and non-ZFS Extension content that is particular to one Zowe instance|ZWEIMVS| +|APF Authorize privileged content|Zowe contains one privileged component, ZIS, which enables the security model by which the majority of Zowe is unprivileged and in key 8. The load library for the ZIS component (SZWEAUTH, or customized via YAML value `zowe.setup.dataset.authLoadlib`) and its extension library (The value value `zowe.setup.dataset.authPluginLib`) must be set APF authorized and run in key 4 to use ZIS and components that depend upon it|ZWEIAPF| +|Grant SAF permissions|The STC accounts for Zowe need permissions for operating servers, and users need permissions for interacting with the servers.|RACF: ZWEIRAC

TSS: ZWEITSS

ACF2: ZWEIACF| +|(z/OS v2.4 ONLY) Create Zowe SAF Resource Class|This is not needed on z/OS v2.5+. On z/OS v2.4, the SAF resource class for Zowe is not included, and must be created|RACF: ZWEIRACZ

TSS: ZWEITSSZ

ACF2: ZWEIACFZ| +|Copy STC JCL to PROCLIB|The jobs for starting the Zowe webservers, ZWESLSTC, and the Zowe APF authorized cross-memory server, ZWESISTC, and its auxiliary address space, ZWESASTC, must be copied to the desired proclib for running. The YAML value `zowe.setup.dataset.proclib` defines where these members will be placed. The names of the members can be customized with YAML value `zowe.setup.security.stcs`|ZWEISTC| + + +#### Keyring Tasks + +**Certificate requirements**: Zowe's keyring must have the following +* Private key & certificate pair: The Zowe Servers will use this certificate, and it must either not have the "Extended Key Usage" attribute, or have it with both "Server Authorization" and "Client Authorization" values. +* Certificate Authorities: Every intermediate and root Certificate Authority (CA) Zowe interacts with must be within the Keyring, unless the YAML value `zowe.verifyCertificates` is set to `DISABLED`. CAs that must be within the keyring include z/OSMF's CAs if using z/OSMF, and Zowe's own certificate's CAs as Zowe servers must be able to verify each other. + +There are 4 options for setting up keyrings: Three scenarios covered by JCL samples where a keyring is created for you, or a fourth where you can bring your own keyring. + +|Keyring Setup Type|Description|Sample JCL| +|---|---|---| +|1|Zowe will create a keyring and populate it with a newly generated certificate and certificate authority. The certificate would be seen as "self-signed" by clients unless import of the CA to clients is performed|RACF:ZWEIKRR1

TSS:ZWEIKRT1

ACF2:ZWEIKRA1| +|2|Zowe will create a keyring and populate it by connecting pre-existing certificates and CAs that you specify.|RACF:ZWEIKRR2

TSS:ZWEIKRT2

ACF2:ZWEIKRA2| +|3|Zowe will create a keyring and populate it by importing PKCS12 content from a dataset that you specify.|RACF:ZWEIKRR3

TSS:ZWEIKRT3

ACF2:ZWEIKRA3| + +Alternatively, zowe can use a keyring provided by you as long as the contents meet Zowe's requirements and configure YAML values within `zowe.certificate` as follows: +```yaml +zowe: + certificate: + keystore: + type: JCERACFKS + name: "safkeyring:///" + alias: "" + password: "password" #literally "password". keyrings do not use passwords, so this is a placeholder. + truststore: + type: JCERACFKS + name: "safkeyring:///" + password: "password" #literally "password". keyrings do not use passwords, so this is a placeholder. +``` + +#### (Optional) Caching Service VSAM Task: +If you plan to use the Zowe caching service Component, such as for high availability and fault tolerance reasons, then you must choose a form of database for it to use. +Among the choices is for it to use a VSAM dataset of your choice. + +|Task|Description|Sample JCL| +|---|---|---| +|Create VSAM Dataset for Caching Service|Creates a RLM or NONRLM dataset for the caching service using the YAML values in `zowe.setup.vsam`|ZWECSVSM| + +JCL samples for removing Zowe configuration also exist. +|Action|Sample| +|---|---| +|Remove Instance Datasets|ZWERMVS| +|Remove SAF Permissions|ZWENOSEC| +|Remove Keyring|ZWENOKR| +|Remove Caching Service VSAM Dataset|ZWECSRVS| + +### Configuration by zwe + +`zwe` is a unix tool located in the `/bin` directory of Zowe. +If you type `zwe init --help`, you will see each configuration command that is available. +Each command reads configuration properties from the Zowe YAML files, and combines that with the JCL samples from the SZWESAMP dataset. +The commands resolve the JCL sample templates into usable JCL within the dataset defined by YAML value `zowe.setup.dataset.jcllib`. +Before each command runs, it will pritn the JCL that it is submitting. + +Every `zwe init` command also has a `--dry-run` option which validates the configuration, prints the JCL, but does not submit it. +This allows you to review the actions before performing them with the appropriate administrator. + +The following commands can be run to set up a Zowe Instance via `zwe` + +|Task|Description|Command| +|Create Instance Datasets|Creates datasets for holding PARMLIB content and non-ZFS Extension content that is particular to one Zowe instance|`zwe init mvs`| +|APF Authorize privileged content|Zowe contains one privileged component, ZIS, which enables the security model by which the majority of Zowe is unprivileged and in key 8. The load library for the ZIS component (SZWEAUTH, or customized via YAML value `zowe.setup.dataset.authLoadlib`) and its extension library (The value value `zowe.setup.dataset.authPluginLib`) must be set APF authorized and run in key 4 to use ZIS and components that depend upon it|`zwe init apfauth`| +|Grant SAF permissions|The STC accounts for Zowe need permissions for operating servers, and users need permissions for interacting with the servers.|`zwe init security`| +|Copy STC JCL to PROCLIB|The jobs for starting the Zowe webservers, ZWESLSTC, and the Zowe APF authorized cross-memory server, ZWESISTC, and its auxiliary address space, ZWESASTC, must be copied to the desired proclib for running. The YAML value `zowe.setup.dataset.proclib` defines where these members will be placed. The names of the members can be customized with YAML value `zowe.setup.security.stcs`|`zwe init stc`| + + +#### Keystore or Keyring Configuration + +**Certificate requirements**: Zowe's keystore or keyring must have the following +* Private key & certificate pair: The Zowe Servers will use this certificate, and it must either not have the "Extended Key Usage" attribute, or have it with both "Server Authorization" and "Client Authorization" values. +* Certificate Authorities: Every intermediate and root Certificate Authority (CA) Zowe interacts with must be within the Keyring, unless the YAML value `zowe.verifyCertificates` is set to `DISABLED`. CAs that must be within the keyring include z/OSMF's CAs if using z/OSMF, and Zowe's own certificate's CAs as Zowe servers must be able to verify each other. + +There are 6 scenarios for setting up certificates for Zowe to use. There are five scenarios in the YAML to have Zowe create a ZFS PKCS12 keystore, or z/OS keyring, and an additional sixth option to bring your own keyring. + +To have Zowe create a keystore or keyring for you, run `zwe init certificate` for one of the options below. +|Certificate scenario|Description| +|---|---| +|1|Zowe will create a ZFS keystore and populate it with newly generated PKCS12 certificate and certificate authority files. The certificate would be seen as "self-signed" by clients unless import of the CA to clients is performed| +|2|Zowe will create a ZFS keystore and populate it with PKCS12 certificate and certificate authority content that you provide.| +|3|Zowe will create a keyring and populate it with a newly generated certificate and certificate authority. The certificate would be seen as "self-signed" by clients unless import of the CA to clients is performed| +|4|Zowe will create a keyring and populate it by connecting pre-existing certificates and CAs that you specify.| +|5|Zowe will create a keyring and populate it by importing PKCS12 content from a dataset that you specify.| + +Alternatively, zowe can use a keyring provided by you as long as the contents meet Zowe's requirements and configure YAML values within `zowe.certificate` as follows: +```yaml +zowe: + certificate: + keystore: + type: JCERACFKS + name: "safkeyring:///" + alias: "" + password: "password" #literally "password". keyrings do not use passwords, so this is a placeholder. + truststore: + type: JCERACFKS + name: "safkeyring:///" + password: "password" #literally "password". keyrings do not use passwords, so this is a placeholder. +``` + +(Optional) Caching Service VSAM Configuration: +If you plan to use the Zowe caching service Component, such as for high availability and fault tolerance reasons, then you must choose a form of database for it to use. +Among the choices is for it to use a VSAM dataset of your choice. + +|Task|Description|Sample JCL| +|---|---|---| +|Create VSAM Dataset for Caching Service|Creates a RLM or NONRLM dataset for the caching service using the YAML values in `zowe.setup.vsam`|`zwe init vsam`| + + + +## References + +To learn about the requirements and prerequisites of Zowe, review https://docs.zowe.org/stable/user-guide/systemrequirements-zos + +To learn more about YAML and how Zowe uses it, review https://docs.zowe.org/stable/appendix/zowe-yaml-configuration + +To learn more about advanced YAML configuration, review https://docs.zowe.org/stable/user-guide/configmgr-using/ + +To learn more about certificates, review https://docs.zowe.org/stable/user-guide/configure-certificates + +To learn more about which SAF resources Zowe and its users need, review https://docs.zowe.org/stable/user-guide/assign-security-permissions-to-users + +To learn more about using z/OSMF workflows for setup, review https://docs.zowe.org/stable/user-guide/zosmf-install From 36611219f98c9576bbd8367df91fb090547f69c0 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 29 Feb 2024 15:58:59 -0500 Subject: [PATCH 124/258] Update README.md for pointing to installation doc Signed-off-by: 1000TurquoisePogs --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b913752be2..8a549978ce 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,7 @@ # zowe-install-packaging This repository includes Zowe installation script and pipelines to build Zowe. +If you are looking for a Zowe server installation guide, check out [docs.zowe.org](https://docs.zowe.org) or [INSTALLATION.md](https://github.com/zowe/zowe-install-packaging/blob/feature/v3/jcl/INSTALLATION.md) - [Branches](#branches) - [Manifest File](#manifest-file) From 3cf1a1ac93ecc53bc4aab26361c3f2cdc9768511 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 29 Feb 2024 15:59:14 -0500 Subject: [PATCH 125/258] Update README.md Signed-off-by: 1000TurquoisePogs --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 8a549978ce..c41103f077 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,7 @@ # zowe-install-packaging This repository includes Zowe installation script and pipelines to build Zowe. + If you are looking for a Zowe server installation guide, check out [docs.zowe.org](https://docs.zowe.org) or [INSTALLATION.md](https://github.com/zowe/zowe-install-packaging/blob/feature/v3/jcl/INSTALLATION.md) - [Branches](#branches) From 116d5132ebbe2c7396a8a702ca31bf74f8c4d8fb Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 29 Feb 2024 16:12:36 -0500 Subject: [PATCH 126/258] Update INSTALLATION.md formatting Signed-off-by: 1000TurquoisePogs --- INSTALLATION.md | 46 ++++++++++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 22 deletions(-) diff --git a/INSTALLATION.md b/INSTALLATION.md index 2cb825c8ed..f5146aa447 100644 --- a/INSTALLATION.md +++ b/INSTALLATION.md @@ -32,22 +32,22 @@ Familiarize yourself with these core concepts of the Zowe servers, which are ref ### Installation Concepts Runtime: The read-only content that comprises a version of Zowe. -Instance: A collection of configuration and persistent data for Zowe that uses a particular Runtime. +**Instance**: A collection of configuration and persistent data for Zowe that uses a particular Runtime. -HA Instance: An optional subset of an Instance which varies its configuration for redundant copies of Zowe components across one or more LPARs for high avilability and fault tolerance. +**HA Instance**: An optional subset of an Instance which varies its configuration for redundant copies of Zowe components across one or more LPARs for high avilability and fault tolerance. -Component: A unit of software that is managed by Zowe's launcher and has a folder structure that allows Zowe's tools to manage it. Components may contain a webserver or an extension to another component. +**Component**: A unit of software that is managed by Zowe's launcher and has a folder structure that allows Zowe's tools to manage it. Components may contain a webserver or an extension to another component. -Extension: A component which is not part of the Zowe core server Components. This could be an extension from the Zowe project, or from a 3rd party. Extensions do not exist in the Runtime directory. They are instead linked to Zowe via the Extension directory. +**Extension**: A component which is not part of the Zowe core server Components. This could be an extension from the Zowe project, or from a 3rd party. Extensions do not exist in the Runtime directory. They are instead linked to Zowe via the Extension directory. -Keystore: Zowe has several HTTPS servers which require certificates to function. You can store these certificates in a Keyring, or in a ZFS Keystore directory in the form of PKCS12 files. +**Keystore**: Zowe has several HTTPS servers which require certificates to function. You can store these certificates in a Keyring, or in a ZFS Keystore directory in the form of PKCS12 files. ### Configuration Concepts -Zowe YAML File: Each Instance is configured by a YAML document composed of one or more unix file or PDSE member. This can be as simple as a "zowe.yaml" unix file, or ZWEYAML parmlib member, or advanced configuration can ba accomplished by splitting configuration across multiple such files. This allows for defaults and customizations, splitting the configuration by administrative duty, or even splitting the configuration by core configuration versus extension configuration. +**Zowe YAML File**: Each Instance is configured by a YAML document composed of one or more unix file or PDSE member. It can be as simple as a "zowe.yaml" unix file, or ZWEYAML parmlib member, or advanced configuration can ba accomplished by splitting configuration across multiple such files. This allows for defaults and customizations, splitting the configuration by administrative duty, or even splitting the configuration by core configuration versus extension configuration. -Schema: The YAML file is backed by a Schema, found within `runtimeDirectory/schemas`. Whenever Zowe starts up, or when most `zwe` commands are used, Zowe will check that the YAML file is valid before executing the requested operation, to reduce chance of misconfiguration. The schema also details advanced configuration parameters that may not be needed in basic installs. +**Schema**: The YAML file is backed by a Schema, found within `runtimeDirectory/schemas`. Whenever Zowe starts up, or when most `zwe` commands are used, Zowe will check that the YAML file is valid before executing the requested operation, to reduce chance of misconfiguration. The schema also details advanced configuration parameters that may not be needed in basic installs. -Configuration Templates: Each YAML file can contain values that have templates within in the form of `${{ item }}` where the item within can be a reference to another property in the YAML, an environment variable, system symbol, or even simple conditional logic of them. This allows you to have configuration that works across multiple systems, such as by tying a hostname to `${{ zos.resolveSymbol(&SYSNAME) }}` to have the value be whatever the SYSNAME symbol is on a given LPAR. +**Configuration Templates**: Each YAML file can contain values that have templates within in the form of `${{ item }}` where the item within can be a reference to another property in the YAML, an environment variable, system symbol, or even simple conditional logic of them. This allows you to have configuration that works across multiple systems, such as by tying a hostname to `${{ zos.resolveSymbol(&SYSNAME) }}` to have the value be whatever the SYSNAME symbol is on a given LPAR. Workspace: Each Instance has an area where Components can store data to persist across Zowe restarts or IPLs. Runtime state should instead be stored in the Caching Service component if high availability and fault tolerance is a concern, whereas the workspace instead covers items like user preferences. ## Distribution @@ -61,7 +61,7 @@ The following covers installation when not using the Zowe Server Install Wizard. ### SMPE or PSWI 1. When you install Zowe via SMPE or PSWI, the Runtime directory and datasets will be populated. 2. Navigate to the Runtime Directory and copy the `example-zowe.yaml` file to a location outside this folder, generally wherever you want to put the Zowe Instance. -3. Edit the YAML copy to set the values of "zowe.runtimeDirectory", "java.home", "node.home", and "zowe.setup.datasets", as follows +3. Edit the YAML copy to set the values of `zowe.runtimeDirectory`, `java.home`, `node.home`, and `zowe.setup.datasets`, as follows 1. zowe.runtimeDirectory: The location you extracted the PAX to. 2. java.home: The location of the Java that will be used when installing & running Zowe. For example, if your java is located at /usr/lpp/java/J8.0_64/bin/java, then the java.home is /usr/lpp/java/J8.0_64 3. node.home: The location of the NodeJS that will be used when installing & running ZOwe. For example, if your node is located at /usr/lpp/node/v18/bin/node, then the java.home is /usr/lpp/node/v18 @@ -69,7 +69,7 @@ The following covers installation when not using the Zowe Server Install Wizard. ### PAX -1. Extract the PAX on some ZFS partition on z/OS. At least 1200MB of free space is required. (For example, `pax -ppx -rf zowe.pax`). The location you extract to is the "Runtime Directory" +1. Extract the PAX on some ZFS partition on z/OS (For example, `pax -ppx -rf zowe.pax`). At least 1200MB of free space is required. The location you extract to is the "Runtime Directory" 2. Navigate to the Runtime Directory and copy the `example-zowe.yaml` file to a location outside this folder, generally wherever you want to put the Zowe Instance. 3. Edit the YAML copy to set the values of `zowe.runtimeDirectory`, `java.home`, `node.home`, and `zowe.setup.datasets`, as follows 1. `zowe.runtimeDirectory`: The location you extracted the PAX to. @@ -85,16 +85,16 @@ The following covers installation when not using the Zowe Server Install Wizard. The following covers configuration when not using the Zowe Server Install Wizard. When using that instead, please refer to the prompts within it instead of this guide. Aside from the Zowe Server Install Wizard, there are three other ways to configure a Zowe Instance. -1. JCL samples: The Zowe Runtime dataset SZWESAMP contains templates of JCL that must be substituted with Zowe YAML parameters before executed. That can be done manually, or automatically via editing and submitting the job ZWEGENER, which will place resolved JCL into the PDSE defined at `zowe.setup.datasets.jcllib` -2. zwe operations: `zwe` is a Unix CLI program that has commands which will automate the execution of the JCL samples. -3. z/OSMF workflow: The z/OSMF workflows will prompt you for Zowe YAML parameters before submitting jobs equivalent to the actions seen in the JCL samples. +1. **JCL samples**: The Zowe Runtime dataset SZWESAMP contains templates of JCL that must be substituted with Zowe YAML parameters before executed. That can be done manually, or automatically via editing and submitting the job ZWEGENER, which will place resolved JCL into the PDSE defined at `zowe.setup.datasets.jcllib` +2. **zwe operations**: `zwe` is a Unix CLI program that has commands which will automate the execution of the JCL samples. +3. **z/OSMF workflow**: The z/OSMF workflows will prompt you for Zowe YAML parameters before submitting jobs equivalent to the actions seen in the JCL samples. ### Configuration by JCL -The Zowe Runtime Dataset SZWESAMP contains JCL samples that have templates referencing Zowe YAML parameters. +The Zowe Runtime Dataset `SZWESAMP` contains JCL samples that have templates referencing Zowe YAML parameters. They cannot be submitted without modification as a result. -It is recommended to edit and submit the job SZWESAMP(ZWEGENER) which will validate the contents of your Zowe YAML before resolving the JCL templates and placing the resulting JCL into a separate PDSE created during installation, located at the value of `zowe.setup.datasets.jcllib`. +It is recommended to edit and submit the job `SZWESAMP(ZWEGENER)` which will validate the contents of your Zowe YAML before resolving the JCL templates and placing the resulting JCL into a separate PDSE created during installation, located at the value of `zowe.setup.datasets.jcllib`. When the JCL is prepared, the following jobs can be submitted to perform the following Instance configuration actions: @@ -111,16 +111,16 @@ When the JCL is prepared, the following jobs can be submitted to perform the fol #### Keyring Tasks **Certificate requirements**: Zowe's keyring must have the following -* Private key & certificate pair: The Zowe Servers will use this certificate, and it must either not have the "Extended Key Usage" attribute, or have it with both "Server Authorization" and "Client Authorization" values. -* Certificate Authorities: Every intermediate and root Certificate Authority (CA) Zowe interacts with must be within the Keyring, unless the YAML value `zowe.verifyCertificates` is set to `DISABLED`. CAs that must be within the keyring include z/OSMF's CAs if using z/OSMF, and Zowe's own certificate's CAs as Zowe servers must be able to verify each other. +* **Private key & certificate pair**: The Zowe Servers will use this certificate, and it must either not have the "Extended Key Usage" attribute, or have it with both "Server Authorization" and "Client Authorization" values. +* **Certificate Authorities**: Every intermediate and root Certificate Authority (CA) Zowe interacts with must be within the Keyring, unless the YAML value `zowe.verifyCertificates` is set to `DISABLED`. CAs that must be within the keyring include z/OSMF's CAs if using z/OSMF, and Zowe's own certificate's CAs as Zowe servers must be able to verify each other. There are 4 options for setting up keyrings: Three scenarios covered by JCL samples where a keyring is created for you, or a fourth where you can bring your own keyring. |Keyring Setup Type|Description|Sample JCL| |---|---|---| -|1|Zowe will create a keyring and populate it with a newly generated certificate and certificate authority. The certificate would be seen as "self-signed" by clients unless import of the CA to clients is performed|RACF:ZWEIKRR1

TSS:ZWEIKRT1

ACF2:ZWEIKRA1| -|2|Zowe will create a keyring and populate it by connecting pre-existing certificates and CAs that you specify.|RACF:ZWEIKRR2

TSS:ZWEIKRT2

ACF2:ZWEIKRA2| -|3|Zowe will create a keyring and populate it by importing PKCS12 content from a dataset that you specify.|RACF:ZWEIKRR3

TSS:ZWEIKRT3

ACF2:ZWEIKRA3| +|1|Zowe will create a keyring and populate it with a newly generated certificate and certificate authority. The certificate would be seen as "self-signed" by clients unless import of the CA to clients is performed|RACF: ZWEIKRR1

TSS: ZWEIKRT1

ACF2: ZWEIKRA1| +|2|Zowe will create a keyring and populate it by connecting pre-existing certificates and CAs that you specify.|RACF: ZWEIKRR2

TSS: ZWEIKRT2

ACF2: ZWEIKRA2| +|3|Zowe will create a keyring and populate it by importing PKCS12 content from a dataset that you specify.|RACF: ZWEIKRR3

TSS: ZWEIKRT3

ACF2: ZWEIKRA3| Alternatively, zowe can use a keyring provided by you as long as the contents meet Zowe's requirements and configure YAML values within `zowe.certificate` as follows: ```yaml @@ -167,6 +167,7 @@ This allows you to review the actions before performing them with the appropriat The following commands can be run to set up a Zowe Instance via `zwe` |Task|Description|Command| +|---|---|---| |Create Instance Datasets|Creates datasets for holding PARMLIB content and non-ZFS Extension content that is particular to one Zowe instance|`zwe init mvs`| |APF Authorize privileged content|Zowe contains one privileged component, ZIS, which enables the security model by which the majority of Zowe is unprivileged and in key 8. The load library for the ZIS component (SZWEAUTH, or customized via YAML value `zowe.setup.dataset.authLoadlib`) and its extension library (The value value `zowe.setup.dataset.authPluginLib`) must be set APF authorized and run in key 4 to use ZIS and components that depend upon it|`zwe init apfauth`| |Grant SAF permissions|The STC accounts for Zowe need permissions for operating servers, and users need permissions for interacting with the servers.|`zwe init security`| @@ -176,12 +177,13 @@ The following commands can be run to set up a Zowe Instance via `zwe` #### Keystore or Keyring Configuration **Certificate requirements**: Zowe's keystore or keyring must have the following -* Private key & certificate pair: The Zowe Servers will use this certificate, and it must either not have the "Extended Key Usage" attribute, or have it with both "Server Authorization" and "Client Authorization" values. -* Certificate Authorities: Every intermediate and root Certificate Authority (CA) Zowe interacts with must be within the Keyring, unless the YAML value `zowe.verifyCertificates` is set to `DISABLED`. CAs that must be within the keyring include z/OSMF's CAs if using z/OSMF, and Zowe's own certificate's CAs as Zowe servers must be able to verify each other. +* **Private key & certificate pair**: The Zowe Servers will use this certificate, and it must either not have the "Extended Key Usage" attribute, or have it with both "Server Authorization" and "Client Authorization" values. +* **Certificate Authorities**: Every intermediate and root Certificate Authority (CA) Zowe interacts with must be within the Keyring, unless the YAML value `zowe.verifyCertificates` is set to `DISABLED`. CAs that must be within the keyring include z/OSMF's CAs if using z/OSMF, and Zowe's own certificate's CAs as Zowe servers must be able to verify each other. There are 6 scenarios for setting up certificates for Zowe to use. There are five scenarios in the YAML to have Zowe create a ZFS PKCS12 keystore, or z/OS keyring, and an additional sixth option to bring your own keyring. To have Zowe create a keystore or keyring for you, run `zwe init certificate` for one of the options below. + |Certificate scenario|Description| |---|---| |1|Zowe will create a ZFS keystore and populate it with newly generated PKCS12 certificate and certificate authority files. The certificate would be seen as "self-signed" by clients unless import of the CA to clients is performed| From 345ae3196e8f54aae6f2aa284490d3c2dd67b726 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 29 Feb 2024 16:17:46 -0500 Subject: [PATCH 127/258] Update INSTALLATION.md for formatting Signed-off-by: 1000TurquoisePogs --- INSTALLATION.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/INSTALLATION.md b/INSTALLATION.md index f5146aa447..ea7f3ea3f6 100644 --- a/INSTALLATION.md +++ b/INSTALLATION.md @@ -62,10 +62,10 @@ The following covers installation when not using the Zowe Server Install Wizard. 1. When you install Zowe via SMPE or PSWI, the Runtime directory and datasets will be populated. 2. Navigate to the Runtime Directory and copy the `example-zowe.yaml` file to a location outside this folder, generally wherever you want to put the Zowe Instance. 3. Edit the YAML copy to set the values of `zowe.runtimeDirectory`, `java.home`, `node.home`, and `zowe.setup.datasets`, as follows - 1. zowe.runtimeDirectory: The location you extracted the PAX to. - 2. java.home: The location of the Java that will be used when installing & running Zowe. For example, if your java is located at /usr/lpp/java/J8.0_64/bin/java, then the java.home is /usr/lpp/java/J8.0_64 - 3. node.home: The location of the NodeJS that will be used when installing & running ZOwe. For example, if your node is located at /usr/lpp/node/v18/bin/node, then the java.home is /usr/lpp/node/v18 - 4. zowe.setup.datasets: This section defines where both Runtime and Instance datasets of Zowe will be created. + 1. `zowe.runtimeDirectory`: The location you extracted the PAX to. + 2. `java.home`: The location of the Java that will be used when installing & running Zowe. For example, if your java is located at /usr/lpp/java/J8.0_64/bin/java, then the java.home is /usr/lpp/java/J8.0_64 + 3. `node.home`: The location of the NodeJS that will be used when installing & running ZOwe. For example, if your node is located at /usr/lpp/node/v18/bin/node, then the java.home is /usr/lpp/node/v18 + 4. `zowe.setup.datasets`: This section defines where both Runtime and Instance datasets of Zowe will be created. ### PAX From c927de9c90b0125130c9db489e388b3adc4494c0 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 29 Feb 2024 16:19:16 -0500 Subject: [PATCH 128/258] Update INSTALLATION.md datasets -> dataset typo Signed-off-by: 1000TurquoisePogs --- INSTALLATION.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/INSTALLATION.md b/INSTALLATION.md index ea7f3ea3f6..6833fe81cd 100644 --- a/INSTALLATION.md +++ b/INSTALLATION.md @@ -61,21 +61,21 @@ The following covers installation when not using the Zowe Server Install Wizard. ### SMPE or PSWI 1. When you install Zowe via SMPE or PSWI, the Runtime directory and datasets will be populated. 2. Navigate to the Runtime Directory and copy the `example-zowe.yaml` file to a location outside this folder, generally wherever you want to put the Zowe Instance. -3. Edit the YAML copy to set the values of `zowe.runtimeDirectory`, `java.home`, `node.home`, and `zowe.setup.datasets`, as follows +3. Edit the YAML copy to set the values of `zowe.runtimeDirectory`, `java.home`, `node.home`, and `zowe.setup.dataset`, as follows 1. `zowe.runtimeDirectory`: The location you extracted the PAX to. 2. `java.home`: The location of the Java that will be used when installing & running Zowe. For example, if your java is located at /usr/lpp/java/J8.0_64/bin/java, then the java.home is /usr/lpp/java/J8.0_64 3. `node.home`: The location of the NodeJS that will be used when installing & running ZOwe. For example, if your node is located at /usr/lpp/node/v18/bin/node, then the java.home is /usr/lpp/node/v18 - 4. `zowe.setup.datasets`: This section defines where both Runtime and Instance datasets of Zowe will be created. + 4. `zowe.setup.dataset`: This section defines where both Runtime and Instance datasets of Zowe will be created. ### PAX 1. Extract the PAX on some ZFS partition on z/OS (For example, `pax -ppx -rf zowe.pax`). At least 1200MB of free space is required. The location you extract to is the "Runtime Directory" 2. Navigate to the Runtime Directory and copy the `example-zowe.yaml` file to a location outside this folder, generally wherever you want to put the Zowe Instance. -3. Edit the YAML copy to set the values of `zowe.runtimeDirectory`, `java.home`, `node.home`, and `zowe.setup.datasets`, as follows +3. Edit the YAML copy to set the values of `zowe.runtimeDirectory`, `java.home`, `node.home`, and `zowe.setup.dataset`, as follows 1. `zowe.runtimeDirectory`: The location you extracted the PAX to. 2. `java.home`: The location of the Java that will be used when installing & running Zowe. For example, if your java is located at /usr/lpp/java/J8.0_64/bin/java, then the java.home is /usr/lpp/java/J8.0_64 3. `node.home`: The location of the NodeJS that will be used when installing & running ZOwe. For example, if your node is located at /usr/lpp/node/v18/bin/node, then the java.home is /usr/lpp/node/v18 - 4. `zowe.setup.datasets`: This section defines where both Runtime and Instance datasets of Zowe will be created. + 4. `zowe.setup.dataset`: This section defines where both Runtime and Instance datasets of Zowe will be created. 5. Navigate to the `/bin` folder of the extracted location 6. Run `./zwe install -c /path/to/zowe.yaml`. This creates the Runtime datasets for the Zowe release. @@ -85,7 +85,7 @@ The following covers installation when not using the Zowe Server Install Wizard. The following covers configuration when not using the Zowe Server Install Wizard. When using that instead, please refer to the prompts within it instead of this guide. Aside from the Zowe Server Install Wizard, there are three other ways to configure a Zowe Instance. -1. **JCL samples**: The Zowe Runtime dataset SZWESAMP contains templates of JCL that must be substituted with Zowe YAML parameters before executed. That can be done manually, or automatically via editing and submitting the job ZWEGENER, which will place resolved JCL into the PDSE defined at `zowe.setup.datasets.jcllib` +1. **JCL samples**: The Zowe Runtime dataset SZWESAMP contains templates of JCL that must be substituted with Zowe YAML parameters before executed. That can be done manually, or automatically via editing and submitting the job ZWEGENER, which will place resolved JCL into the PDSE defined at `zowe.setup.dataset.jcllib` 2. **zwe operations**: `zwe` is a Unix CLI program that has commands which will automate the execution of the JCL samples. 3. **z/OSMF workflow**: The z/OSMF workflows will prompt you for Zowe YAML parameters before submitting jobs equivalent to the actions seen in the JCL samples. @@ -94,7 +94,7 @@ Aside from the Zowe Server Install Wizard, there are three other ways to configu The Zowe Runtime Dataset `SZWESAMP` contains JCL samples that have templates referencing Zowe YAML parameters. They cannot be submitted without modification as a result. -It is recommended to edit and submit the job `SZWESAMP(ZWEGENER)` which will validate the contents of your Zowe YAML before resolving the JCL templates and placing the resulting JCL into a separate PDSE created during installation, located at the value of `zowe.setup.datasets.jcllib`. +It is recommended to edit and submit the job `SZWESAMP(ZWEGENER)` which will validate the contents of your Zowe YAML before resolving the JCL templates and placing the resulting JCL into a separate PDSE created during installation, located at the value of `zowe.setup.dataset.jcllib`. When the JCL is prepared, the following jobs can be submitted to perform the following Instance configuration actions: From 2bce6ff20a235bd68ca11fe759e9a4ed0619de73 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 29 Feb 2024 16:32:32 -0500 Subject: [PATCH 129/258] Update INSTALLATION.md with links Signed-off-by: 1000TurquoisePogs --- INSTALLATION.md | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/INSTALLATION.md b/INSTALLATION.md index 6833fe81cd..a1415b3922 100644 --- a/INSTALLATION.md +++ b/INSTALLATION.md @@ -94,18 +94,18 @@ Aside from the Zowe Server Install Wizard, there are three other ways to configu The Zowe Runtime Dataset `SZWESAMP` contains JCL samples that have templates referencing Zowe YAML parameters. They cannot be submitted without modification as a result. -It is recommended to edit and submit the job `SZWESAMP(ZWEGENER)` which will validate the contents of your Zowe YAML before resolving the JCL templates and placing the resulting JCL into a separate PDSE created during installation, located at the value of `zowe.setup.dataset.jcllib`. +It is recommended to edit and submit the job SZWESAMP([ZWEGENER](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEGENER)) which will validate the contents of your Zowe YAML before resolving the JCL templates and placing the resulting JCL into a separate PDSE created during installation, located at the value of `zowe.setup.dataset.jcllib`. When the JCL is prepared, the following jobs can be submitted to perform the following Instance configuration actions: #### Core Tasks |Task|Description|Sample JCL| |---|---|---| -|Create Instance Datasets|Creates datasets for holding PARMLIB content and non-ZFS Extension content that is particular to one Zowe instance|ZWEIMVS| -|APF Authorize privileged content|Zowe contains one privileged component, ZIS, which enables the security model by which the majority of Zowe is unprivileged and in key 8. The load library for the ZIS component (SZWEAUTH, or customized via YAML value `zowe.setup.dataset.authLoadlib`) and its extension library (The value value `zowe.setup.dataset.authPluginLib`) must be set APF authorized and run in key 4 to use ZIS and components that depend upon it|ZWEIAPF| -|Grant SAF permissions|The STC accounts for Zowe need permissions for operating servers, and users need permissions for interacting with the servers.|RACF: ZWEIRAC

TSS: ZWEITSS

ACF2: ZWEIACF| -|(z/OS v2.4 ONLY) Create Zowe SAF Resource Class|This is not needed on z/OS v2.5+. On z/OS v2.4, the SAF resource class for Zowe is not included, and must be created|RACF: ZWEIRACZ

TSS: ZWEITSSZ

ACF2: ZWEIACFZ| -|Copy STC JCL to PROCLIB|The jobs for starting the Zowe webservers, ZWESLSTC, and the Zowe APF authorized cross-memory server, ZWESISTC, and its auxiliary address space, ZWESASTC, must be copied to the desired proclib for running. The YAML value `zowe.setup.dataset.proclib` defines where these members will be placed. The names of the members can be customized with YAML value `zowe.setup.security.stcs`|ZWEISTC| +|Create Instance Datasets|Creates datasets for holding PARMLIB content and non-ZFS Extension content that is particular to one Zowe instance|[ZWEIMVS](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIMVS)| +|APF Authorize privileged content|Zowe contains one privileged component, ZIS, which enables the security model by which the majority of Zowe is unprivileged and in key 8. The load library for the ZIS component (SZWEAUTH, or customized via YAML value `zowe.setup.dataset.authLoadlib`) and its extension library (The value value `zowe.setup.dataset.authPluginLib`) must be set APF authorized and run in key 4 to use ZIS and components that depend upon it|[ZWEIAPF](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIAPF)| +|Grant SAF permissions|The STC accounts for Zowe need permissions for operating servers, and users need permissions for interacting with the servers.|RACF: [ZWEIRAC](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIRAC)

TSS: [ZWEITSS](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEITSS)

ACF2: [ZWEIACF](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/SZWIACF)| +|(z/OS v2.4 ONLY) Create Zowe SAF Resource Class|This is not needed on z/OS v2.5+. On z/OS v2.4, the SAF resource class for Zowe is not included, and must be created|RACF: [ZWEIRACZ](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIRACZ)

TSS: [ZWEITSSZ](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEITSSZ)

ACF2: [ZWEIACFZ](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIACFZ)| +|Copy STC JCL to PROCLIB|The jobs for starting the Zowe webservers, ZWESLSTC, and the Zowe APF authorized cross-memory server, ZWESISTC, and its auxiliary address space, ZWESASTC, must be copied to the desired proclib for running. The YAML value `zowe.setup.dataset.proclib` defines where these members will be placed. The names of the members can be customized with YAML value `zowe.setup.security.stcs`|[ZWEISTC](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEISTC)| #### Keyring Tasks @@ -118,9 +118,9 @@ There are 4 options for setting up keyrings: Three scenarios covered by JCL samp |Keyring Setup Type|Description|Sample JCL| |---|---|---| -|1|Zowe will create a keyring and populate it with a newly generated certificate and certificate authority. The certificate would be seen as "self-signed" by clients unless import of the CA to clients is performed|RACF: ZWEIKRR1

TSS: ZWEIKRT1

ACF2: ZWEIKRA1| -|2|Zowe will create a keyring and populate it by connecting pre-existing certificates and CAs that you specify.|RACF: ZWEIKRR2

TSS: ZWEIKRT2

ACF2: ZWEIKRA2| -|3|Zowe will create a keyring and populate it by importing PKCS12 content from a dataset that you specify.|RACF: ZWEIKRR3

TSS: ZWEIKRT3

ACF2: ZWEIKRA3| +|1|Zowe will create a keyring and populate it with a newly generated certificate and certificate authority. The certificate would be seen as "self-signed" by clients unless import of the CA to clients is performed|RACF: [ZWEIKRR1](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRR1)

TSS: [ZWEIKRT1](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRT1)

ACF2: [ZWEIKRA1](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRA1)| +|2|Zowe will create a keyring and populate it by connecting pre-existing certificates and CAs that you specify.|RACF: [ZWEIKRR2](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRR2)

TSS: [ZWEIKRT2](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRT2)

ACF2: [ZWEIKRA2](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRA2)| +|3|Zowe will create a keyring and populate it by importing PKCS12 content from a dataset that you specify.|RACF: [ZWEIKRR3](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRR3)

TSS: [ZWEIKRT3](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRT3)

ACF2: [ZWEIKRA3](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRA3)| Alternatively, zowe can use a keyring provided by you as long as the contents meet Zowe's requirements and configure YAML values within `zowe.certificate` as follows: ```yaml @@ -143,15 +143,15 @@ Among the choices is for it to use a VSAM dataset of your choice. |Task|Description|Sample JCL| |---|---|---| -|Create VSAM Dataset for Caching Service|Creates a RLM or NONRLM dataset for the caching service using the YAML values in `zowe.setup.vsam`|ZWECSVSM| +|Create VSAM Dataset for Caching Service|Creates a RLM or NONRLM dataset for the caching service using the YAML values in `zowe.setup.vsam`|[ZWECSVSM](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWECSVSM)| JCL samples for removing Zowe configuration also exist. -|Action|Sample| +|Action|Sample JCL| |---|---| -|Remove Instance Datasets|ZWERMVS| -|Remove SAF Permissions|ZWENOSEC| -|Remove Keyring|ZWENOKR| -|Remove Caching Service VSAM Dataset|ZWECSRVS| +|Remove Instance Datasets|[ZWERMVS](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWERMVS)| +|Remove SAF Permissions|[ZWENOSEC](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWENOSEC)| +|Remove Keyring|[ZWENOKR](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWENOKR)| +|Remove Caching Service VSAM Dataset|[ZWECSRVS](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWECSRVS)| ### Configuration by zwe @@ -166,12 +166,12 @@ This allows you to review the actions before performing them with the appropriat The following commands can be run to set up a Zowe Instance via `zwe` -|Task|Description|Command| -|---|---|---| -|Create Instance Datasets|Creates datasets for holding PARMLIB content and non-ZFS Extension content that is particular to one Zowe instance|`zwe init mvs`| -|APF Authorize privileged content|Zowe contains one privileged component, ZIS, which enables the security model by which the majority of Zowe is unprivileged and in key 8. The load library for the ZIS component (SZWEAUTH, or customized via YAML value `zowe.setup.dataset.authLoadlib`) and its extension library (The value value `zowe.setup.dataset.authPluginLib`) must be set APF authorized and run in key 4 to use ZIS and components that depend upon it|`zwe init apfauth`| -|Grant SAF permissions|The STC accounts for Zowe need permissions for operating servers, and users need permissions for interacting with the servers.|`zwe init security`| -|Copy STC JCL to PROCLIB|The jobs for starting the Zowe webservers, ZWESLSTC, and the Zowe APF authorized cross-memory server, ZWESISTC, and its auxiliary address space, ZWESASTC, must be copied to the desired proclib for running. The YAML value `zowe.setup.dataset.proclib` defines where these members will be placed. The names of the members can be customized with YAML value `zowe.setup.security.stcs`|`zwe init stc`| +|Task|Description|Command|Doc| +|---|---|---|---| +|Create Instance Datasets|Creates datasets for holding PARMLIB content and non-ZFS Extension content that is particular to one Zowe instance|`zwe init mvs`|[Doc](https://docs.zowe.org/stable/appendix/zwe_server_command_reference/zwe/init/zwe-init-mvs)| +|APF Authorize privileged content|Zowe contains one privileged component, ZIS, which enables the security model by which the majority of Zowe is unprivileged and in key 8. The load library for the ZIS component (SZWEAUTH, or customized via YAML value `zowe.setup.dataset.authLoadlib`) and its extension library (The value value `zowe.setup.dataset.authPluginLib`) must be set APF authorized and run in key 4 to use ZIS and components that depend upon it|`zwe init apfauth`|[Doc](https://docs.zowe.org/stable/appendix/zwe_server_command_reference/zwe/init/zwe-init-apfauth)| +|Grant SAF permissions|The STC accounts for Zowe need permissions for operating servers, and users need permissions for interacting with the servers.|`zwe init security`|[Doc](https://docs.zowe.org/stable/appendix/zwe_server_command_reference/zwe/init/zwe-init-security)| +|Copy STC JCL to PROCLIB|The jobs for starting the Zowe webservers, ZWESLSTC, and the Zowe APF authorized cross-memory server, ZWESISTC, and its auxiliary address space, ZWESASTC, must be copied to the desired proclib for running. The YAML value `zowe.setup.dataset.proclib` defines where these members will be placed. The names of the members can be customized with YAML value `zowe.setup.security.stcs`|`zwe init stc`|[Doc](https://docs.zowe.org/stable/appendix/zwe_server_command_reference/zwe/init/zwe-init-stc)| #### Keystore or Keyring Configuration @@ -211,9 +211,9 @@ zowe: If you plan to use the Zowe caching service Component, such as for high availability and fault tolerance reasons, then you must choose a form of database for it to use. Among the choices is for it to use a VSAM dataset of your choice. -|Task|Description|Sample JCL| -|---|---|---| -|Create VSAM Dataset for Caching Service|Creates a RLM or NONRLM dataset for the caching service using the YAML values in `zowe.setup.vsam`|`zwe init vsam`| +|Task|Description|Sample JCL|Doc| +|---|---|---|---| +|Create VSAM Dataset for Caching Service|Creates a RLM or NONRLM dataset for the caching service using the YAML values in `zowe.setup.vsam`|`zwe init vsam`|[Doc](https://docs.zowe.org/stable/appendix/zwe_server_command_reference/zwe/init/zwe-init-vsam)| From af6709d29227cb90d1afdd6b42c4e04495e5cc02 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 29 Feb 2024 16:35:15 -0500 Subject: [PATCH 130/258] Update INSTALLATION.md Signed-off-by: 1000TurquoisePogs --- INSTALLATION.md | 1 + 1 file changed, 1 insertion(+) diff --git a/INSTALLATION.md b/INSTALLATION.md index a1415b3922..1b0c63e7c9 100644 --- a/INSTALLATION.md +++ b/INSTALLATION.md @@ -4,6 +4,7 @@ Within the Zowe project, there exists several components for both client and ser Among them are the Zowe servers; Software that is run usually on z/OS, though some of these servers may also be capable of running in linux environment such as in containers. This document covers installation and configuration of Zowe's core server components on z/OS. +This document is meant as a quick-start guide. Advanced topics of configuration, including networking, are not covered here, but instead can be found on [docs.zowe.org](https://docs.zowe.org) Table of contents: From 693c5caf7b7b3dc938d05f928aee717ca9881ec9 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 29 Feb 2024 16:35:35 -0500 Subject: [PATCH 131/258] Update INSTALLATION.md with disclaimer Signed-off-by: 1000TurquoisePogs --- INSTALLATION.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/INSTALLATION.md b/INSTALLATION.md index 1b0c63e7c9..f658c8b014 100644 --- a/INSTALLATION.md +++ b/INSTALLATION.md @@ -4,7 +4,8 @@ Within the Zowe project, there exists several components for both client and ser Among them are the Zowe servers; Software that is run usually on z/OS, though some of these servers may also be capable of running in linux environment such as in containers. This document covers installation and configuration of Zowe's core server components on z/OS. -This document is meant as a quick-start guide. Advanced topics of configuration, including networking, are not covered here, but instead can be found on [docs.zowe.org](https://docs.zowe.org) + +**Note: This document is meant as a quick-start guide. Advanced topics of configuration, including networking, are not covered here, but instead can be found on [docs.zowe.org](https://docs.zowe.org)** Table of contents: From 262da5ac8d87cdf279cde95dc5535ec073afa959 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 8 Mar 2024 14:18:29 -0500 Subject: [PATCH 132/258] Add new, hacky approach to getting log file to be readable by setting chtag 819 on end of command Signed-off-by: 1000TurquoisePogs --- bin/commands/init/apfauth/cli.ts | 2 ++ bin/commands/init/cli.ts | 2 ++ bin/commands/init/generate/.errors | 2 ++ bin/commands/init/generate/cli.ts | 2 ++ bin/commands/init/mvs/cli.ts | 2 ++ bin/commands/init/security/cli.ts | 2 ++ bin/commands/init/stc/cli.ts | 2 ++ bin/commands/init/vsam/cli.ts | 2 ++ bin/libs/common.ts | 16 ++++++++++------ bin/libs/config.sh | 20 -------------------- bin/libs/config.ts | 15 --------------- bin/libs/configmgr.ts | 8 ++++---- 12 files changed, 30 insertions(+), 45 deletions(-) create mode 100644 bin/commands/init/generate/.errors diff --git a/bin/commands/init/apfauth/cli.ts b/bin/commands/init/apfauth/cli.ts index 4d4953fbc4..62cbc0c09b 100644 --- a/bin/commands/init/apfauth/cli.ts +++ b/bin/commands/init/apfauth/cli.ts @@ -11,7 +11,9 @@ import * as index from './index'; import * as configmgr from '../../../libs/configmgr'; +import * as common from '../../../libs/common'; index.execute(); configmgr.cleanupTempDir(); +common.finishLogFile(); diff --git a/bin/commands/init/cli.ts b/bin/commands/init/cli.ts index 1f0812f9ea..6efe50d87d 100644 --- a/bin/commands/init/cli.ts +++ b/bin/commands/init/cli.ts @@ -12,7 +12,9 @@ import * as std from 'cm_std'; import * as index from './index'; import * as configmgr from '../../libs/configmgr'; +import * as common from '../../libs/common'; index.execute(std.getenv("ZWE_CLI_PARAMETER_ALLOW_OVERWRITE") == 'true', std.getenv('ZWE_CLI_PARAMETER_SECURITY_DRY_RUN') == 'true', std.getenv('ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES') == 'true', std.getenv("ZWE_CLI_PARAMETER_UPDATE_CONFIG") == 'true'); configmgr.cleanupTempDir(); +common.finishLogFile(); diff --git a/bin/commands/init/generate/.errors b/bin/commands/init/generate/.errors new file mode 100644 index 0000000000..3cc0d0a247 --- /dev/null +++ b/bin/commands/init/generate/.errors @@ -0,0 +1,2 @@ +ZWEL0157E|157|%s (%s) is not defined in Zowe YAML configuration file. +ZWEL0316E|316|Command requires zowe.useConfigmgr=true to use. diff --git a/bin/commands/init/generate/cli.ts b/bin/commands/init/generate/cli.ts index 77c37779ae..129be979d6 100644 --- a/bin/commands/init/generate/cli.ts +++ b/bin/commands/init/generate/cli.ts @@ -12,7 +12,9 @@ import * as std from 'cm_std'; import * as index from './index'; import * as configmgr from '../../../libs/configmgr'; +import * as common from '../../../libs/common'; index.execute(!!std.getenv('ZWE_CLI_PARAMETER_DRY_RUN')); configmgr.cleanupTempDir(); +common.finishLogFile(); diff --git a/bin/commands/init/mvs/cli.ts b/bin/commands/init/mvs/cli.ts index a040d57a34..e2cc25d82e 100644 --- a/bin/commands/init/mvs/cli.ts +++ b/bin/commands/init/mvs/cli.ts @@ -12,7 +12,9 @@ import * as std from 'cm_std'; import * as index from './index'; import * as configmgr from '../../../libs/configmgr'; +import * as common from '../../../libs/common'; index.execute(std.getenv("ZWE_CLI_PARAMETER_ALLOW_OVERWRITE") == 'true'); configmgr.cleanupTempDir(); +common.finishLogFile(); diff --git a/bin/commands/init/security/cli.ts b/bin/commands/init/security/cli.ts index 77f4743531..08a8093e7e 100644 --- a/bin/commands/init/security/cli.ts +++ b/bin/commands/init/security/cli.ts @@ -12,7 +12,9 @@ import * as std from 'cm_std'; import * as index from './index'; import * as configmgr from '../../../libs/configmgr'; +import * as common from '../../../libs/common'; index.execute(std.getenv('ZWE_CLI_PARAMETER_SECURITY_DRY_RUN') == 'true', std.getenv('ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES') == 'true'); configmgr.cleanupTempDir(); +common.finishLogFile(); diff --git a/bin/commands/init/stc/cli.ts b/bin/commands/init/stc/cli.ts index dde5f23c94..1a483d0727 100644 --- a/bin/commands/init/stc/cli.ts +++ b/bin/commands/init/stc/cli.ts @@ -12,7 +12,9 @@ import * as std from 'cm_std'; import * as index from './index'; import * as configmgr from '../../../libs/configmgr'; +import * as common from '../../../libs/common'; index.execute(std.getenv('ZWE_CLI_PARAMETER_ALLOW_OVERWRITE') == 'true'); configmgr.cleanupTempDir(); +common.finishLogFile(); diff --git a/bin/commands/init/vsam/cli.ts b/bin/commands/init/vsam/cli.ts index 190ca1c6e6..295e208d4a 100644 --- a/bin/commands/init/vsam/cli.ts +++ b/bin/commands/init/vsam/cli.ts @@ -12,7 +12,9 @@ import * as std from 'cm_std'; import * as index from './index'; import * as configmgr from '../../../libs/configmgr'; +import * as common from '../../../libs/common'; index.execute(std.getenv("ZWE_CLI_PARAMETER_ALLOW_OVERWRITE") == 'true', std.getenv("ZWE_CLI_PARAMETER_DRY_RUN") == 'true', std.getenv("ZWE_CLI_PARAMETER_UPDATE_CONFIG") == 'true'); configmgr.cleanupTempDir(); +common.finishLogFile(); diff --git a/bin/libs/common.ts b/bin/libs/common.ts index b1c59e7847..6085bd3293 100644 --- a/bin/libs/common.ts +++ b/bin/libs/common.ts @@ -12,6 +12,7 @@ import * as std from 'cm_std'; import * as os from 'cm_os'; import * as xplatform from 'xplatform'; +import * as zos from 'zos'; import * as fs from './fs'; //import * as stringlib from './string'; @@ -130,6 +131,13 @@ export function date(...args: string[]): string|undefined { let logExists = false; let logFile:std.File|null = null; +export function finishLogFile() { + if (logFile) { + logFile.close(); + zos.changeTag(std.getenv('ZWE_PRIVATE_LOG_FILE'), 819); + } +} + function writeLog(message: string): boolean { const filename = std.getenv('ZWE_PRIVATE_LOG_FILE'); if (!logExists) { @@ -139,7 +147,7 @@ function writeLog(message: string): boolean { fs.createFile(filename, 0o640, message); logExists = fs.fileExists(filename); } - if (logExists && (os.platform != 'zos')) { + if (logExists) { let errObj = {errno:undefined}; logFile = std.open(filename, 'w', errObj); if (errObj.errno) { @@ -153,14 +161,10 @@ function writeLog(message: string): boolean { } if (logFile===undefined || logFile===null) { return false; - } else if (os.platform != 'zos') { + } else { //TODO this does utf8. should we flip it to 1047 on zos? logFile.puts(message+'\n'); return true; - } else { - //TODO on zos, there is some printing bug in the JS code. configmgr functions work well for writing, but the native qjs ones dont. for now, just using an echo... - shell.execSync('sh', '-c', `echo ${message} >> ${filename}`); - return true; } } diff --git a/bin/libs/config.sh b/bin/libs/config.sh index 8cd9fed649..64d41ef80e 100755 --- a/bin/libs/config.sh +++ b/bin/libs/config.sh @@ -13,26 +13,6 @@ ################################################################################ # @internal -############################### -# Convert instance.env to zowe.yaml file -convert_instance_env_to_yaml() { - instance_env="${1}" - zowe_yaml="${2}" - - # we need node for following commands - ensure_node_is_on_path 1>/dev/null 2>&1 - - if [ -z "${zowe_yaml}" ]; then - node "${ROOT_DIR}/bin/utils/config-converter/src/cli.js" env yaml "${instance_env}" - else - node "${ROOT_DIR}/bin/utils/config-converter/src/cli.js" env yaml "${instance_env}" -o "${zowe_yaml}" - - ensure_file_encoding "${zowe_yaml}" "zowe:" "IBM-1047" - - chmod 640 "${zowe_yaml}" - fi -} - ############################### # Check encoding of a file and convert to IBM-1047 if needed. # diff --git a/bin/libs/config.ts b/bin/libs/config.ts index d1cafe5771..65530c1234 100644 --- a/bin/libs/config.ts +++ b/bin/libs/config.ts @@ -48,21 +48,6 @@ export function updateZoweConfig(updateObj: any, writeUpdate: boolean, arrayMerg return configmgr.updateZoweConfig(updateObj, writeUpdate, arrayMergeStrategy); } -// Convert instance.env to zowe.yaml file -export function convertInstanceEnvToYaml(instanceEnv: string, zoweYaml?: string) { - // we need node for following commands - node.ensureNodeIsOnPath(); - - if (!zoweYaml) { - shell.execSync('node', `${std.getenv('ROOT_DIR')}/bin/utils/config-converter/src/cli.js`, `env`, `yaml`, instanceEnv); - } else { - shell.execSync('node', `${std.getenv('ROOT_DIR')}/bin/utils/config-converter/src/cli.js`, `env`, `yaml`, instanceEnv, `-o`, zoweYaml); - - zosfs.ensureFileEncoding(zoweYaml, "zowe:", 1047); - - shell.execSync('chmod', `640`, zoweYaml); - } -} ////////////////////////////////////////////////////////////// // Check encoding of a file and convert to IBM-1047 if needed. diff --git a/bin/libs/configmgr.ts b/bin/libs/configmgr.ts index d4ca618452..0f9e00f5a8 100644 --- a/bin/libs/configmgr.ts +++ b/bin/libs/configmgr.ts @@ -103,7 +103,9 @@ function getTempMergedYamlDir(): string|number { const mkdirrc = fs.mkdirp(zwePrivateWorkspaceEnvDir, 0o700); if (mkdirrc) { return mkdirrc; } - console.log(`Temporary directory '${zwePrivateWorkspaceEnvDir}' created.\nZowe will remove it on success, but if zwe exits with a non-zero code manual cleanup would be needed.`); + if (!std.getenv('ZWE_CLI_PARAMETER_SILENT')) { + console.log(`Temporary directory '${zwePrivateWorkspaceEnvDir}' created.\nZowe will remove it on success, but if zwe exits with a non-zero code manual cleanup would be needed.`); + } return zwePrivateWorkspaceEnvDir; } else { return 0; @@ -270,9 +272,7 @@ export function cleanupTempDir() { } const rc = os.exec(['rm', '-rf', tmpDir], {block: true, usePath: true}); - if (rc == 0) { - console.log(`Temporary directory ${tmpDir} removed successfully.`); - } else { + if (rc != 0) { console.log(`Error: Temporary directory ${tmpDir} was not removed successfully, manual cleanup is needed. rc=${rc}`); } } From 3c820fc0b59a086ce26631a5e23a2c24743a6de4 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 8 Mar 2024 15:36:50 -0500 Subject: [PATCH 133/258] Update manifest.json.template Signed-off-by: 1000TurquoisePogs --- manifest.json.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json.template b/manifest.json.template index a8086ae810..48735778ca 100644 --- a/manifest.json.template +++ b/manifest.json.template @@ -40,7 +40,7 @@ "artifact": "*.pax" }, "org.zowe.zss": { - "version": "^2.14.0-PR-683", + "version": "^2.15.0-PR-683", "artifact": "*.pax" }, "org.zowe.explorer.jobs.jobs-api-package": { From 081afc008c235fcbb98fcaa07f0b98c8fecbd302 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 11 Mar 2024 09:38:32 -0400 Subject: [PATCH 134/258] Change node and java detect behavior when empty in zowe.yaml Signed-off-by: 1000TurquoisePogs --- bin/libs/java.sh | 6 ++---- bin/libs/java.ts | 4 ++-- bin/libs/node.sh | 6 ++---- bin/libs/node.ts | 4 ++-- example-zowe.yaml | 10 ++++------ schemas/server-common.json | 6 ++++++ schemas/zowe-yaml-schema.json | 8 ++++---- 7 files changed, 22 insertions(+), 22 deletions(-) diff --git a/bin/libs/java.sh b/bin/libs/java.sh index 8a06b518c6..b610ebe58f 100644 --- a/bin/libs/java.sh +++ b/bin/libs/java.sh @@ -75,9 +75,7 @@ require_java() { if [ -n "${ZWE_CLI_PARAMETER_CONFIG}" ]; then custom_java_home="$(shell_read_yaml_java_home "${ZWE_CLI_PARAMETER_CONFIG}")" if [ -n "${custom_java_home}" ]; then - if [ "${custom_java_home}" != "DETECT" ]; then - export JAVA_HOME="${custom_java_home}" - fi + export JAVA_HOME="${custom_java_home}" fi fi if [ -z "${JAVA_HOME}" ]; then @@ -85,7 +83,7 @@ require_java() { fi if [ -z "${JAVA_HOME}" ]; then - print_error_and_exit "Error ZWEL0122E: Cannot find java. Please define JAVA_HOME environment variable." "" 122 + print_error_and_exit "Error ZWEL0122E: Cannot find java. Set the java.path value in the Zowe YAML, or include java in the PATH environment variable of any accounts that start or manage Zowe" "" 122 fi ensure_java_is_on_path diff --git a/bin/libs/java.ts b/bin/libs/java.ts index 12290de6d0..9904863c4b 100644 --- a/bin/libs/java.ts +++ b/bin/libs/java.ts @@ -61,7 +61,7 @@ export function requireJava() { } if (std.getenv('ZWE_CLI_PARAMETER_CONFIG')) { const customJavaHome = shellReadYamlJavaHome(); - if (customJavaHome && customJavaHome != "DETECT") { + if (customJavaHome) { std.setenv('JAVA_HOME', customJavaHome); } } @@ -72,7 +72,7 @@ export function requireJava() { } } if (!std.getenv('JAVA_HOME')) { - common.printErrorAndExit("Error ZWEL0122E: Cannot find java. Please define JAVA_HOME environment variable or set java.home in the YAML config file.", undefined, 122); + common.printErrorAndExit("Error ZWEL0122E: Cannot find java. Set the java.path value in the Zowe YAML, or include java in the PATH environment variable of any accounts that start or manage Zowe", undefined, 122); } ensureJavaIsOnPath(); diff --git a/bin/libs/node.sh b/bin/libs/node.sh index 5330ea06a2..4386be9005 100644 --- a/bin/libs/node.sh +++ b/bin/libs/node.sh @@ -86,9 +86,7 @@ require_node() { if [ -n "${ZWE_CLI_PARAMETER_CONFIG}" ]; then custom_node_home=$(shell_read_yaml_node_home "${ZWE_CLI_PARAMETER_CONFIG}") if [ -n "${custom_node_home}" ]; then - if [ "${custom_node_home}" != "DETECT" ]; then - export NODE_HOME="${custom_node_home}" - fi + export NODE_HOME="${custom_node_home}" fi fi if [ -z "${NODE_HOME}" ]; then @@ -96,7 +94,7 @@ require_node() { fi if [ -z "${NODE_HOME}" ]; then - print_error_and_exit "Error ZWEL0121E: Cannot find node. Please define NODE_HOME environment variable." "" 121 + print_error_and_exit "Error ZWEL0121E: Cannot find node. Set the node.path value in the Zowe YAML, or include node in the PATH environment variable of any accounts that start or manage Zowe" "" 121 fi ensure_node_is_on_path diff --git a/bin/libs/node.ts b/bin/libs/node.ts index d88fdc5c75..0732f6032d 100644 --- a/bin/libs/node.ts +++ b/bin/libs/node.ts @@ -67,7 +67,7 @@ export function requireNode() { } if (std.getenv('ZWE_CLI_PARAMETER_CONFIG')) { const customNodeHome = shellReadYamlNodeHome(); - if (customNodeHome && customNodeHome != "DETECT") { + if (customNodeHome) { std.setenv('NODE_HOME', customNodeHome); } } @@ -78,7 +78,7 @@ export function requireNode() { } } if (!std.getenv('NODE_HOME')) { - common.printErrorAndExit("Error ZWEL0121E: Cannot find node. Please define NODE_HOME environment variable or set node.home in the YAML config file.", undefined, 121); + common.printErrorAndExit("Error ZWEL0121E: Cannot find node. Set the node.path value in the Zowe YAML, or include node in the PATH environment variable of any accounts that start or manage Zowe", undefined, 121); } ensureNodeIsOnPath(); diff --git a/example-zowe.yaml b/example-zowe.yaml index fd690f364e..836c60973b 100644 --- a/example-zowe.yaml +++ b/example-zowe.yaml @@ -452,9 +452,8 @@ zowe: #------------------------------------------------------------------------------- java: # **COMMONLY_CUSTOMIZED** - # Path to your Java home directory. - # If "DETECT", will check for java in PATH - home: "DETECT" + # Path to Java home directory. If java is at '/java/home/bin/java', than this would be '/java/home' + home: "" #------------------------------------------------------------------------------- @@ -468,9 +467,8 @@ java: #------------------------------------------------------------------------------- node: # **COMMONLY_CUSTOMIZED** - # Path to your node.js home directory - # If "DETECT", will check for node in PATH - home: "DETECT" + # Path to Node home directory. If node is at '/node/home/bin/node', than this would be '/node/home' + home: "" #------------------------------------------------------------------------------- diff --git a/schemas/server-common.json b/schemas/server-common.json index 1a96a5d449..9506e380f7 100644 --- a/schemas/server-common.json +++ b/schemas/server-common.json @@ -67,6 +67,12 @@ "minLength": 1, "maxLength": 32 }, + "path": { + "$anchor": "zoweOptionalPath", + "type": "string", + "minLength": 0, + "maxLength": 1024 + }, "path": { "$anchor": "zowePath", "type": "string", diff --git a/schemas/zowe-yaml-schema.json b/schemas/zowe-yaml-schema.json index dc73acbf99..c844805339 100644 --- a/schemas/zowe-yaml-schema.json +++ b/schemas/zowe-yaml-schema.json @@ -556,8 +556,8 @@ "type": "object", "properties": { "home": { - "$ref": "/schemas/v2/server-common#zowePath", - "description": "Path to Java home directory." + "$ref": "/schemas/v2/server-common#zoweOptionalPath", + "description": "Path to Java home directory. If java is at '/java/home/bin/java', than this would be '/java/home' " } } }, @@ -565,8 +565,8 @@ "type": "object", "properties": { "home": { - "$ref": "/schemas/v2/server-common#zowePath", - "description": "Path to node.js home directory." + "$ref": "/schemas/v2/server-common#zoweOptionalPath", + "description": "Path to node.js home directory. If node is at '/node/home/bin/node', than this would be '/node/home' "" } } }, From 51f03f1d83bc9970c31c29d0f3efd45ad7318c80 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 11 Mar 2024 13:52:41 -0400 Subject: [PATCH 135/258] Fix syntax error on json and filename error in certificates Signed-off-by: 1000TurquoisePogs --- bin/libs/certificate.sh | 4 ++-- schemas/zowe-yaml-schema.json | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/bin/libs/certificate.sh b/bin/libs/certificate.sh index 8b6e28b77c..e8fbf9c651 100644 --- a/bin/libs/certificate.sh +++ b/bin/libs/certificate.sh @@ -828,7 +828,7 @@ keyring_run_zwekring_jcl() { validity="${8}" security_product="${9}" - member_prefix="ZWEIK" + member_prefix="ZWEIKR" if [ "${security_product}" = "TSS" ]; then member_name="${member_prefix}T${jcloption}" elif [ "${security_product}" = "ACF2" ]; then @@ -997,7 +997,7 @@ keyring_run_zwenokyr_jcl() { jcllib="${2}" security_product="${3}" - member_prefix="ZWEINOKR" + member_prefix="ZWENOKR" if [ "${security_product}" = "TSS" ]; then member_name="${member_prefix}T" elif [ "${security_product}" = "ACF2" ]; then diff --git a/schemas/zowe-yaml-schema.json b/schemas/zowe-yaml-schema.json index c844805339..afbe0b7a87 100644 --- a/schemas/zowe-yaml-schema.json +++ b/schemas/zowe-yaml-schema.json @@ -557,7 +557,7 @@ "properties": { "home": { "$ref": "/schemas/v2/server-common#zoweOptionalPath", - "description": "Path to Java home directory. If java is at '/java/home/bin/java', than this would be '/java/home' " + "description": "Path to Java home directory. If java is at '/java/home/bin/java', than this would be '/java/home'" } } }, @@ -566,7 +566,7 @@ "properties": { "home": { "$ref": "/schemas/v2/server-common#zoweOptionalPath", - "description": "Path to node.js home directory. If node is at '/node/home/bin/node', than this would be '/node/home' "" + "description": "Path to node.js home directory. If node is at '/node/home/bin/node', than this would be '/node/home'" } } }, From 5551e5d0b97cf5b8829606840c017d10f26f979c Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 11 Mar 2024 16:05:36 -0400 Subject: [PATCH 136/258] Update ZWEIAPF to handle sms vs volume modes Signed-off-by: 1000TurquoisePogs --- bin/commands/init/apfauth/index.ts | 51 ++++++++++++++++++++++- bin/libs/zos-dataset.ts | 67 ++++++++++++++++++++++++++++++ files/SZWESAMP/ZWEIAPF | 7 +++- 3 files changed, 121 insertions(+), 4 deletions(-) diff --git a/bin/commands/init/apfauth/index.ts b/bin/commands/init/apfauth/index.ts index 361ec74643..e378abbb1e 100644 --- a/bin/commands/init/apfauth/index.ts +++ b/bin/commands/init/apfauth/index.ts @@ -9,10 +9,16 @@ Copyright Contributors to the Zowe Project. */ +import * as std from 'cm_std'; import * as zosJes from '../../../libs/zos-jes'; +import * as zosDs from '../../../libs/zos-dataset'; import * as zoslib from '../../../libs/zos'; import * as common from '../../../libs/common'; import * as config from '../../../libs/config'; +import * as fs from '../../../libs/fs'; +import * as shell from '../../../libs/shell'; +import * as stringlib from '../../../libs/string'; +import * as xplatform from 'xplatform'; export function execute() { @@ -41,7 +47,48 @@ export function execute() { } }); - - zosJes.printAndHandleJcl(`//'${jcllib}(ZWEIAPF)'`, `ZWEIAPF`, jcllib, prefix); + let result1 = zosDs.isDatasetSmsManaged(ZOWE_CONFIG.zowe.setup.dataset.authLoadlib); + let result2 = zosDs.isDatasetSmsManaged(ZOWE_CONFIG.zowe.setup.dataset.authPluginLib); + if (!result1.smsManaged || !result2.smsManaged) { + const COMMAND_LIST = std.getenv('ZWE_CLI_COMMANDS_LIST'); + const tmpfile = fs.createTmpFile(`zwe ${COMMAND_LIST}`.replace(new RegExp('\ ', 'g'), '-')); + common.printDebug(`- Copy ${jcllib}(ZWEIAPF) to ${tmpfile}`); + let jclContent = shell.execOutSync('sh', '-c', `cat "//'${jcllib}(ZWEIAPF)'" 2>&1`); + if (jclContent.out && jclContent.rc == 0) { + common.printDebug(` * Succeeded`); + common.printTrace(` * Output:`); + common.printTrace(stringlib.paddingLeft(jclContent.out, " ")); + + if (!result1.smsManaged) { + let result3 = zosDs.getDatasetVolume(ZOWE_CONFIG.zowe.setup.dataset.authLoadlib); + jclContent.out = jclContent.out.replace("SET LOADLOC='SMS'", `SET LOADLOC='VOLUME=${result3.volume}'`); + } + if (!result2.smsManaged) { + let result4 = zosDs.getDatasetVolume(ZOWE_CONFIG.zowe.setup.dataset.authLoadlib); + jclContent.out = jclContent.out.replace("SET LOADLOC='SMS'", `SET PLUGLOC='VOLUME=${result4.volume}'`); + } + + xplatform.storeFileUTF8(tmpfile, xplatform.AUTO_DETECT, jclContent.out); + common.printTrace(` * Stored:`); + common.printTrace(stringlib.paddingLeft(jclContent.out, " ")); + + shell.execSync('chmod', '700', tmpfile); + if (!fs.fileExists(tmpfile)) { + common.printErrorAndExit(`Error ZWEL0159E: Failed to prepare ZWEIAPF`, undefined, 159); + } + + zosJes.printAndHandleJcl(tmpfile, `ZWEIAPF`, jcllib, prefix, true); + } else { + common.printDebug(` * Failed`); + common.printError(` * Exit code: ${jclContent.rc}`); + common.printError(` * Output:`); + if (jclContent.out) { + common.printError(stringlib.paddingLeft(jclContent.out, " ")); + } + std.exit(1); + } + } else { + zosJes.printAndHandleJcl(`//'${jcllib}(ZWEIAPF)'`, `ZWEIAPF`, jcllib, prefix); + } common.printLevel2Message(`Zowe load libraries are APF authorized successfully.`); } diff --git a/bin/libs/zos-dataset.ts b/bin/libs/zos-dataset.ts index 72d1c87047..0b850edb82 100644 --- a/bin/libs/zos-dataset.ts +++ b/bin/libs/zos-dataset.ts @@ -104,3 +104,70 @@ export function getDatasetVolume(dataset: string): { rc: number, volume?: string return { rc: 1 } } } + + +export function isDatasetSmsManaged(dataset: string): { rc: number, smsManaged?: boolean } { + // REF: https://www.ibm.com/docs/en/zos/2.3.0?topic=dscbs-how-found + // bit DS1SMSDS at offset 78(X'4E') + // + // Example of listds response: + // + // listds 'IBMUSER.LOADLIB' label + // IBMUSER.LOADLIB + // --RECFM-LRECL-BLKSIZE-DSORG + // U ** 6144 PO + // --VOLUMES-- + // VPMVSH + // --FORMAT 1 DSCB-- + // F1 E5D7D4E5E2C8 0001 780034 000000 09 00 00 C9C2D4D6E2E5E2F24040404040 + // 78003708000000 0200 C0 00 1800 0000 00 0000 82 80000002 000000 0000 0000 + // 0100037D000A037E0004 01010018000C0018000D 0102006F000D006F000E 0000000217 + // --FORMAT 3 DSCB-- + // 03030303 0103009200090092000A 01040092000B0092000C 01050092000D0092000E + // 0106035B0006035B0007 F3 0107035B0008035B0009 0108035B000A035B000B + // 00000000000000000000 00000000000000000000 00000000000000000000 + // 00000000000000000000 00000000000000000000 00000000000000000000 + // 00000000000000000000 0000000000 + // + // SMS flag is in `FORMAT 1 DSCB` section second line, after 780037 + + common.printTrace(`- Check if ${dataset} is SMS managed`); + const labelResult = zoslib.tsoCommand(`listds '${stringlib.escapeDollar(dataset)}' label`); + const datasetLabel=labelResult.out; + if (labelResult.rc == 0) { + let formatIndex = datasetLabel.indexOf('--FORMAT 1 DSCB--'); + let dscb_fmt1: string; + if (formatIndex == -1) { + formatIndex = datasetLabel.indexOf('--FORMAT 8 DSCB--'); + } + if (formatIndex != -1) { + let startIndex = formatIndex + '--FORMAT 8 DSCB--'.length; + let endIndex = datasetLabel.indexOf('--',startIndex); + dscb_fmt1 = datasetLabel.substring(startIndex, endIndex); + } + if (!dscb_fmt1) { + common.printError(" * Failed to find format 1 data set control block information."); + return { rc: 2 }; + } else { + const lines = dscb_fmt1.split('\n'); + const line = lines.length > 1 ? lines[1] : ''; + const ds1smsfg = line.substring(6,8); + common.printTrace(` * DS1SMSFG: ${ds1smsfg}`); + if (!ds1smsfg) { + common.printError(" * Failed to find system managed storage indicators from format 1 data set control block."); + return { rc: 3 }; + } else { + const ds1smsds=parseInt(ds1smsfg, 16) & 0x80; + common.printTrace(` * DS1SMSDS: ${ds1smsds}`); + if (ds1smsds == 128) { + // sms managed + return { rc: 0, smsManaged: true }; + } else { + return { rc: 0, smsManaged: false }; + } + } + } + } else { + return { rc: 1 }; + } +} diff --git a/files/SZWESAMP/ZWEIAPF b/files/SZWESAMP/ZWEIAPF index a0ff01325c..5944c91a27 100644 --- a/files/SZWESAMP/ZWEIAPF +++ b/files/SZWESAMP/ZWEIAPF @@ -21,12 +21,15 @@ //* //* This dataset holds the APF portion of Zowe // SET LOADLIB='{zowe.setup.dataset.authLoadlib}' +//* SMS may have to be replaced with VOLUME=SOME.DSN when not SMS +// SET LOADLOC='SMS' //* //* This dataset holds product plugins for ZIS, //* ZIS is located in the LOADLIB. // SET PLUGLIB='{zowe.setup.dataset.authPluginLib}' +// SET PLUGLOC='SMS' //* -//APFLOAD COMMAND 'SETPROG APF,ADD,DSN=&LOADLIB' +//APFLOAD COMMAND 'SETPROG APF,ADD,DSN=&LOADLIB.,&LOADLOC.' //* -//APFLIB COMMAND 'SETPROG APF,ADD,DSN=&PLUGLIB' +//APFLIB COMMAND 'SETPROG APF,ADD,DSN=&PLUGLIB.,&PLUGLOC.' //* From 79defd19b83bd728d5e0617fa827f7eb160379fe Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 12 Mar 2024 14:39:04 -0400 Subject: [PATCH 137/258] Update INSTALLATION.md Added networking info and action summaries for jcl Signed-off-by: 1000TurquoisePogs --- INSTALLATION.md | 134 +++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 116 insertions(+), 18 deletions(-) diff --git a/INSTALLATION.md b/INSTALLATION.md index f658c8b014..b7969a31b0 100644 --- a/INSTALLATION.md +++ b/INSTALLATION.md @@ -21,10 +21,14 @@ Table of contents: 1. [Core Tasks](#core-tasks) 2. [Keyring Tasks](#keyring-tasks) 3. [(Optional) Caching Service VSAM Task](#optional-caching-service-vsam-task) - 3. [Configuration by zwe](#configuration-by-zwe) + 2. [Configuration by zwe](#configuration-by-zwe) 1. [Keystore or Keyring Configuration](#keystore-or-keyring-configuration) 2. [(Optional) Caching Service VSAM Configuration](#optional-caching-service-vsam-configuration) -5. [References](#references) +5. [Networking](#networking) + 1. [Ports](#ports) + 2. [IP Addresses](#ip-addresses) + 3. [TLS Configuration](#tls-configuration) +6. [References](#references) ## Concepts @@ -91,8 +95,14 @@ Aside from the Zowe Server Install Wizard, there are three other ways to configu 2. **zwe operations**: `zwe` is a Unix CLI program that has commands which will automate the execution of the JCL samples. 3. **z/OSMF workflow**: The z/OSMF workflows will prompt you for Zowe YAML parameters before submitting jobs equivalent to the actions seen in the JCL samples. +
+
+
+
+
### Configuration by JCL +--- The Zowe Runtime Dataset `SZWESAMP` contains JCL samples that have templates referencing Zowe YAML parameters. They cannot be submitted without modification as a result. @@ -101,16 +111,19 @@ It is recommended to edit and submit the job SZWESAMP([ZWEGENER](https://github. When the JCL is prepared, the following jobs can be submitted to perform the following Instance configuration actions: #### Core Tasks +--- + |Task|Description|Sample JCL| |---|---|---| -|Create Instance Datasets|Creates datasets for holding PARMLIB content and non-ZFS Extension content that is particular to one Zowe instance|[ZWEIMVS](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIMVS)| -|APF Authorize privileged content|Zowe contains one privileged component, ZIS, which enables the security model by which the majority of Zowe is unprivileged and in key 8. The load library for the ZIS component (SZWEAUTH, or customized via YAML value `zowe.setup.dataset.authLoadlib`) and its extension library (The value value `zowe.setup.dataset.authPluginLib`) must be set APF authorized and run in key 4 to use ZIS and components that depend upon it|[ZWEIAPF](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIAPF)| -|Grant SAF permissions|The STC accounts for Zowe need permissions for operating servers, and users need permissions for interacting with the servers.|RACF: [ZWEIRAC](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIRAC)

TSS: [ZWEITSS](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEITSS)

ACF2: [ZWEIACF](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/SZWIACF)| +|Create Instance Datasets|**Purpose:** Create datasets for Zowe's PARMLIB content and non-ZFS extension content for a given Zowe Instance

**Action:**
1) Allocate PDSE FB80 dataset with at least 15 tracks named from Zowe parameter `zowe.setup.dataset.parmlib`
2) Allocate PDSE FB80 dataset with at least 30 tracks named from Zowe parameter `zowe.setup.dataset.authPluginLib`
3) Copy ZWESIP00 member from `zowe.setup.dataset.prefix`.SZWESAMP into `zowe.setup.dataset.parmlib`|[ZWEIMVS](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIMVS)| +|APF Authorize privileged content|**Purpose:** Zowe contains one privileged component, ZIS, which enables the security model by which the majority of Zowe is unprivileged and in key 8. The load library for the ZIS component and its extension library must be set APF authorized and run in key 4 to use ZIS and components that depend upon it.

**Action:**
1)APF authorize the datasets defined at `zowe.setup.dataset.authLoadlib` and `zowe.setup.dataset.authPluginLib`.
2) Define PPT entries for the members ZWESIS01 and ZWESAUX as Key 4, NOSWAP in the SCHEDxx member of the system PARMLIB.|[ZWEIAPF](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIAPF)| +|Grant SAF permissions|The STC accounts for Zowe need permissions for operating servers, and users need permissions for interacting with the servers.

**Action:** [Set SAF permissiosn for accounts](https://docs.zowe.org/stable/user-guide/assign-security-permissions-to-users#security-permissions-reference-table)|RACF: [ZWEIRAC](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIRAC)

TSS: [ZWEITSS](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEITSS)

ACF2: [ZWEIACF](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/SZWIACF)| |(z/OS v2.4 ONLY) Create Zowe SAF Resource Class|This is not needed on z/OS v2.5+. On z/OS v2.4, the SAF resource class for Zowe is not included, and must be created|RACF: [ZWEIRACZ](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIRACZ)

TSS: [ZWEITSSZ](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEITSSZ)

ACF2: [ZWEIACFZ](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIACFZ)| -|Copy STC JCL to PROCLIB|The jobs for starting the Zowe webservers, ZWESLSTC, and the Zowe APF authorized cross-memory server, ZWESISTC, and its auxiliary address space, ZWESASTC, must be copied to the desired proclib for running. The YAML value `zowe.setup.dataset.proclib` defines where these members will be placed. The names of the members can be customized with YAML value `zowe.setup.security.stcs`|[ZWEISTC](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEISTC)| +|Copy STC JCL to PROCLIB|**Purpose**: ZWESLSTC is the job for running Zowe's webservers, and ZWESISTC is for running the APF authorized cross-memory server. The ZWESASTC job is started by ZWESISTC on an as-needed basis.

**Action**: Copy the members ZWESLSTC, ZWESISTC, and ZWESASTC into your desired PROCLIB. If the job names are customized, also modify the YAML values of them in `zowe.setup.security.stcs`|[ZWEISTC](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEISTC)| #### Keyring Tasks +--- **Certificate requirements**: Zowe's keyring must have the following * **Private key & certificate pair**: The Zowe Servers will use this certificate, and it must either not have the "Extended Key Usage" attribute, or have it with both "Server Authorization" and "Client Authorization" values. @@ -140,12 +153,13 @@ zowe: ``` #### (Optional) Caching Service VSAM Task: +--- If you plan to use the Zowe caching service Component, such as for high availability and fault tolerance reasons, then you must choose a form of database for it to use. Among the choices is for it to use a VSAM dataset of your choice. |Task|Description|Sample JCL| |---|---|---| -|Create VSAM Dataset for Caching Service|Creates a RLM or NONRLM dataset for the caching service using the YAML values in `zowe.setup.vsam`|[ZWECSVSM](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWECSVSM)| +|Create VSAM Dataset for Caching Service|**Action**: Create a RLM or NONRLM dataset for the caching service, and set the name into the YAML value `components.caching-service.storage.vsam.name`|[ZWECSVSM](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWECSVSM)| JCL samples for removing Zowe configuration also exist. |Action|Sample JCL| @@ -155,7 +169,14 @@ JCL samples for removing Zowe configuration also exist. |Remove Keyring|[ZWENOKR](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWENOKR)| |Remove Caching Service VSAM Dataset|[ZWECSRVS](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWECSRVS)| +
+
+
+
+
+ ### Configuration by zwe +--- `zwe` is a unix tool located in the `/bin` directory of Zowe. If you type `zwe init --help`, you will see each configuration command that is available. @@ -177,6 +198,7 @@ The following commands can be run to set up a Zowe Instance via `zwe` #### Keystore or Keyring Configuration +--- **Certificate requirements**: Zowe's keystore or keyring must have the following * **Private key & certificate pair**: The Zowe Servers will use this certificate, and it must either not have the "Extended Key Usage" attribute, or have it with both "Server Authorization" and "Client Authorization" values. @@ -184,17 +206,8 @@ The following commands can be run to set up a Zowe Instance via `zwe` There are 6 scenarios for setting up certificates for Zowe to use. There are five scenarios in the YAML to have Zowe create a ZFS PKCS12 keystore, or z/OS keyring, and an additional sixth option to bring your own keyring. -To have Zowe create a keystore or keyring for you, run `zwe init certificate` for one of the options below. +Zowe can use a keyring provided by you as long as the contents meet Zowe's requirements and configure YAML values within `zowe.certificate` as follows: -|Certificate scenario|Description| -|---|---| -|1|Zowe will create a ZFS keystore and populate it with newly generated PKCS12 certificate and certificate authority files. The certificate would be seen as "self-signed" by clients unless import of the CA to clients is performed| -|2|Zowe will create a ZFS keystore and populate it with PKCS12 certificate and certificate authority content that you provide.| -|3|Zowe will create a keyring and populate it with a newly generated certificate and certificate authority. The certificate would be seen as "self-signed" by clients unless import of the CA to clients is performed| -|4|Zowe will create a keyring and populate it by connecting pre-existing certificates and CAs that you specify.| -|5|Zowe will create a keyring and populate it by importing PKCS12 content from a dataset that you specify.| - -Alternatively, zowe can use a keyring provided by you as long as the contents meet Zowe's requirements and configure YAML values within `zowe.certificate` as follows: ```yaml zowe: certificate: @@ -209,7 +222,19 @@ zowe: password: "password" #literally "password". keyrings do not use passwords, so this is a placeholder. ``` -(Optional) Caching Service VSAM Configuration: +To instead have Zowe create a keystore or keyring for you, run `zwe init certificate` for one of the options below. + +|Certificate scenario|Description| +|---|---| +|1|Zowe will create a ZFS keystore and populate it with newly generated PKCS12 certificate and certificate authority files. The certificate would be seen as "self-signed" by clients unless import of the CA to clients is performed| +|2|Zowe will create a ZFS keystore and populate it with PKCS12 certificate and certificate authority content that you provide.| +|3|Zowe will create a keyring and populate it with a newly generated certificate and certificate authority. The certificate would be seen as "self-signed" by clients unless import of the CA to clients is performed| +|4|Zowe will create a keyring and populate it by connecting pre-existing certificates and CAs that you specify.| +|5|Zowe will create a keyring and populate it by importing PKCS12 content from a dataset that you specify.| + + + +#### (Optional) Caching Service VSAM Configuration: If you plan to use the Zowe caching service Component, such as for high availability and fault tolerance reasons, then you must choose a form of database for it to use. Among the choices is for it to use a VSAM dataset of your choice. @@ -217,7 +242,80 @@ Among the choices is for it to use a VSAM dataset of your choice. |---|---|---|---| |Create VSAM Dataset for Caching Service|Creates a RLM or NONRLM dataset for the caching service using the YAML values in `zowe.setup.vsam`|`zwe init vsam`|[Doc](https://docs.zowe.org/stable/appendix/zwe_server_command_reference/zwe/init/zwe-init-vsam)| +
+
+
+
+
+ +## Networking + +Most of Zowe's servers are HTTPS servers that communicate with each other and to a client off the mainframe. This section covers the default behaviors and how to customize them. + +### Ports +The following lists the default ports of each server of Zowe that is enabled by default. + +These are customized within the YAML at `components..port`, such as `components.zss.port` to customize the ZSS port. + +|Component|Component Category|Default TCP Port|Jobname Suffix|Note| +|---|---|---|---|---| +|api-catalog|API Mediation Layer|7552|AC|Provides API documentation| +|discovery|API Mediation Layer|7553|AD|Used by the gateway to discover presence and health each server in a Zowe instance for routing| +|gateway|API Mediation Layer|7554|AG|When enabled, the port chosen should also be the value of `zowe.externalPort`. Zowe can be configured to have this port as the only externally-accessible port as the gateway can proxy the other Zowe servers.| +|caching-service|API Mediation Layer|7555|CS|Provides a cache for high-availability/fault-tolerant operation| +|app-server|App Framework|7556|DS|Provides the Desktop, requires NodeJS| +|zss|App Framework|7557|SZ|Provides APIs| + +Zowe also has a property, `zowe.externalPort` that describes where clients should connect to access Zowe. This must match the gateway port when the gateway is enabled. When it isn't, this port should match the primary server of Zowe that you are using. + +### IP Addresses +These servers by default use the TCP IP address `0.0.0.0` which assigns the servers to be available on all network interfaces available to the jobs. + +If this default is not desired, it is recommended to use [TCPIP port assignment statements](https://www.ibm.com/docs/en/zos/2.4.0?topic=assignments-profiletcpip-port) to restrict the IP & ports of each server by their jobnames. +The jobnames of each Zowe component is derived from the property `zowe.job.prefix` + ``, where the suffix is seen in the port table above. + +When `zowe.job.prefix` is "ZWE1", An example of port reservations could be: + +``` + 7552 TCP ZWE1AC ; Zowe API Catalog + 7553 TCP ZWE1AD ; Zowe Discovery + 7554 TCP ZWE1AG ; Zowe Gateway + 7555 TCP ZWE1CS ; Zowe Caching Service + 7556 TCP ZWE1DS ; Zowe App Server + 7557 TCP ZWE1SZ ; Zowe ZSS +``` + +### TLS configuration + +**Not all components support this yet.** + +Some components can have their TLS settings customized with the attribute `zowe.networkSettings`. + +This configuration can also be put under a component that supports it via `components..zowe.networkSettings` such as `components.zss.zowe.networkSettings` for ZSS. + +The configuration splits between server configuration (configuration of TLS for content the server sends content) and client configuration (configuration of TLS for when the server requests content from another server) + +```yaml +zowe: + network: + server: + listenAddresses: + - 0.0.0.0 # Can be an ipv4, ipv6, or hostname value. + tls: + ciphers: # is a list of IANA-named ciphers that overrides defaults. + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_CHACHA20_POLY1305_SHA256 + maxTls: "TLSv1.3" # Can be 1.2 or 1.3 + minTls: "TLSv1.2" # Can be 1.2 or 1.3 + client: + tls: "${{ zowe.network.server.tls }}" # this is a configmgr template which assigns the client config to the server config for convenience. +``` +
+
+
+
+
## References From e1cd402de63acc62d20ce88c01ca3ad89090d371 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 12 Mar 2024 14:41:39 -0400 Subject: [PATCH 138/258] Update INSTALLATION.md Add bind example to IPs Signed-off-by: 1000TurquoisePogs --- INSTALLATION.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/INSTALLATION.md b/INSTALLATION.md index b7969a31b0..fdb890099a 100644 --- a/INSTALLATION.md +++ b/INSTALLATION.md @@ -274,15 +274,15 @@ These servers by default use the TCP IP address `0.0.0.0` which assigns the serv If this default is not desired, it is recommended to use [TCPIP port assignment statements](https://www.ibm.com/docs/en/zos/2.4.0?topic=assignments-profiletcpip-port) to restrict the IP & ports of each server by their jobnames. The jobnames of each Zowe component is derived from the property `zowe.job.prefix` + ``, where the suffix is seen in the port table above. -When `zowe.job.prefix` is "ZWE1", An example of port reservations could be: +When `zowe.job.prefix` is "ZWE1", An example of port reservations with a fixed IP of "10.11.12.13" could be: ``` - 7552 TCP ZWE1AC ; Zowe API Catalog - 7553 TCP ZWE1AD ; Zowe Discovery - 7554 TCP ZWE1AG ; Zowe Gateway - 7555 TCP ZWE1CS ; Zowe Caching Service - 7556 TCP ZWE1DS ; Zowe App Server - 7557 TCP ZWE1SZ ; Zowe ZSS + 7552 TCP ZWE1AC BIND 10.11.12.13 ; Zowe API Catalog + 7553 TCP ZWE1AD BIND 10.11.12.13 ; Zowe Discovery + 7554 TCP ZWE1AG BIND 10.11.12.13 ; Zowe Gateway + 7555 TCP ZWE1CS BIND 10.11.12.13 ; Zowe Caching Service + 7556 TCP ZWE1DS BIND 10.11.12.13 ; Zowe App Server + 7557 TCP ZWE1SZ BIND 10.11.12.13 ; Zowe ZSS ``` ### TLS configuration From a48611bc0755e170872d1e756861f300c059808d Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 12 Mar 2024 14:53:29 -0400 Subject: [PATCH 139/258] Update INSTALLATION.md Formatting Signed-off-by: 1000TurquoisePogs --- INSTALLATION.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/INSTALLATION.md b/INSTALLATION.md index fdb890099a..c08717354d 100644 --- a/INSTALLATION.md +++ b/INSTALLATION.md @@ -51,14 +51,15 @@ Runtime: The read-only content that comprises a version of Zowe. ### Configuration Concepts **Zowe YAML File**: Each Instance is configured by a YAML document composed of one or more unix file or PDSE member. It can be as simple as a "zowe.yaml" unix file, or ZWEYAML parmlib member, or advanced configuration can ba accomplished by splitting configuration across multiple such files. This allows for defaults and customizations, splitting the configuration by administrative duty, or even splitting the configuration by core configuration versus extension configuration. -**Schema**: The YAML file is backed by a Schema, found within `runtimeDirectory/schemas`. Whenever Zowe starts up, or when most `zwe` commands are used, Zowe will check that the YAML file is valid before executing the requested operation, to reduce chance of misconfiguration. The schema also details advanced configuration parameters that may not be needed in basic installs. +**Schema**: The YAML file is backed by a Schema, found within `runtimeDirectory/schemas` ([link](https://github.com/zowe/zowe-install-packaging/tree/v2.x/staging/schemas)). Whenever Zowe starts up, or when most `zwe` commands are used, Zowe will check that the YAML file is valid before executing the requested operation, to reduce chance of misconfiguration. The schema also details advanced configuration parameters that may not be needed in basic installs. -**Configuration Templates**: Each YAML file can contain values that have templates within in the form of `${{ item }}` where the item within can be a reference to another property in the YAML, an environment variable, system symbol, or even simple conditional logic of them. This allows you to have configuration that works across multiple systems, such as by tying a hostname to `${{ zos.resolveSymbol(&SYSNAME) }}` to have the value be whatever the SYSNAME symbol is on a given LPAR. -Workspace: Each Instance has an area where Components can store data to persist across Zowe restarts or IPLs. Runtime state should instead be stored in the Caching Service component if high availability and fault tolerance is a concern, whereas the workspace instead covers items like user preferences. +**Configuration Templates**: Each YAML file can contain values that have templates within in the form of `${{ item }}` where the item within can be a reference to another property in the YAML, an environment variable, system symbol, or even simple conditional logic of them. This allows you to have configuration that works across multiple systems, such as by tying a hostname to `${{ zos.resolveSymbol('&SYSNAME') }}` to have the value be whatever the SYSNAME symbol is on a given LPAR.
([examples](https://github.com/zowe/docs-site/blob/c09f2a0763fa7c2925dc01489e89a71ba7b62fec/docs/images/configure/templating.png)) + +**Workspace**: Each Instance has an area where Components can store data to persist across Zowe restarts or IPLs. Runtime state should instead be stored in the Caching Service component if high availability and fault tolerance is a concern, whereas the workspace instead covers items like user preferences. ## Distribution -The Zowe server components are distributed in multiple forms, such as SMPE, PSWI, and even PAX archive. You can find Zowe's official distributions at zowe.org +The Zowe server components are distributed in multiple forms, such as SMPE, PSWI, and even PAX archive. You can find Zowe's official distributions at [zowe.org](https://www.zowe.org/download) ## Installation of Runtime @@ -66,7 +67,7 @@ The following covers installation when not using the Zowe Server Install Wizard. ### SMPE or PSWI 1. When you install Zowe via SMPE or PSWI, the Runtime directory and datasets will be populated. -2. Navigate to the Runtime Directory and copy the `example-zowe.yaml` file to a location outside this folder, generally wherever you want to put the Zowe Instance. +2. Navigate to the Runtime Directory and copy the [`example-zowe.yaml`](https://github.com/zowe/zowe-install-packaging/blob/v3.x/master/example-zowe.yaml) file to a location outside this folder, generally wherever you want to put the Zowe Instance. 3. Edit the YAML copy to set the values of `zowe.runtimeDirectory`, `java.home`, `node.home`, and `zowe.setup.dataset`, as follows 1. `zowe.runtimeDirectory`: The location you extracted the PAX to. 2. `java.home`: The location of the Java that will be used when installing & running Zowe. For example, if your java is located at /usr/lpp/java/J8.0_64/bin/java, then the java.home is /usr/lpp/java/J8.0_64 @@ -76,7 +77,7 @@ The following covers installation when not using the Zowe Server Install Wizard. ### PAX 1. Extract the PAX on some ZFS partition on z/OS (For example, `pax -ppx -rf zowe.pax`). At least 1200MB of free space is required. The location you extract to is the "Runtime Directory" -2. Navigate to the Runtime Directory and copy the `example-zowe.yaml` file to a location outside this folder, generally wherever you want to put the Zowe Instance. +2. Navigate to the Runtime Directory and copy the [`example-zowe.yaml`](https://github.com/zowe/zowe-install-packaging/blob/v3.x/master/example-zowe.yaml) file to a location outside this folder, generally wherever you want to put the Zowe Instance. 3. Edit the YAML copy to set the values of `zowe.runtimeDirectory`, `java.home`, `node.home`, and `zowe.setup.dataset`, as follows 1. `zowe.runtimeDirectory`: The location you extracted the PAX to. 2. `java.home`: The location of the Java that will be used when installing & running Zowe. For example, if your java is located at /usr/lpp/java/J8.0_64/bin/java, then the java.home is /usr/lpp/java/J8.0_64 @@ -117,7 +118,7 @@ When the JCL is prepared, the following jobs can be submitted to perform the fol |---|---|---| |Create Instance Datasets|**Purpose:** Create datasets for Zowe's PARMLIB content and non-ZFS extension content for a given Zowe Instance

**Action:**
1) Allocate PDSE FB80 dataset with at least 15 tracks named from Zowe parameter `zowe.setup.dataset.parmlib`
2) Allocate PDSE FB80 dataset with at least 30 tracks named from Zowe parameter `zowe.setup.dataset.authPluginLib`
3) Copy ZWESIP00 member from `zowe.setup.dataset.prefix`.SZWESAMP into `zowe.setup.dataset.parmlib`|[ZWEIMVS](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIMVS)| |APF Authorize privileged content|**Purpose:** Zowe contains one privileged component, ZIS, which enables the security model by which the majority of Zowe is unprivileged and in key 8. The load library for the ZIS component and its extension library must be set APF authorized and run in key 4 to use ZIS and components that depend upon it.

**Action:**
1)APF authorize the datasets defined at `zowe.setup.dataset.authLoadlib` and `zowe.setup.dataset.authPluginLib`.
2) Define PPT entries for the members ZWESIS01 and ZWESAUX as Key 4, NOSWAP in the SCHEDxx member of the system PARMLIB.|[ZWEIAPF](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIAPF)| -|Grant SAF permissions|The STC accounts for Zowe need permissions for operating servers, and users need permissions for interacting with the servers.

**Action:** [Set SAF permissiosn for accounts](https://docs.zowe.org/stable/user-guide/assign-security-permissions-to-users#security-permissions-reference-table)|RACF: [ZWEIRAC](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIRAC)

TSS: [ZWEITSS](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEITSS)

ACF2: [ZWEIACF](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/SZWIACF)| +|Grant SAF permissions|The STC accounts for Zowe need permissions for operating servers, and users need permissions for interacting with the servers.

**Action:** [Set SAF permissions for accounts](https://docs.zowe.org/stable/user-guide/assign-security-permissions-to-users#security-permissions-reference-table)|RACF: [ZWEIRAC](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIRAC)

TSS: [ZWEITSS](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEITSS)

ACF2: [ZWEIACF](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/SZWIACF)| |(z/OS v2.4 ONLY) Create Zowe SAF Resource Class|This is not needed on z/OS v2.5+. On z/OS v2.4, the SAF resource class for Zowe is not included, and must be created|RACF: [ZWEIRACZ](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIRACZ)

TSS: [ZWEITSSZ](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEITSSZ)

ACF2: [ZWEIACFZ](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIACFZ)| |Copy STC JCL to PROCLIB|**Purpose**: ZWESLSTC is the job for running Zowe's webservers, and ZWESISTC is for running the APF authorized cross-memory server. The ZWESASTC job is started by ZWESISTC on an as-needed basis.

**Action**: Copy the members ZWESLSTC, ZWESISTC, and ZWESASTC into your desired PROCLIB. If the job names are customized, also modify the YAML values of them in `zowe.setup.security.stcs`|[ZWEISTC](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEISTC)| From 50cae0da554aea78ce024d35ace058cd07591029 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Thu, 14 Mar 2024 16:57:16 +0100 Subject: [PATCH 140/258] isDatasetSmsManaged: check the correct flag Signed-off-by: Martin Zeithaml --- bin/commands/init/apfauth/index.ts | 2 +- bin/libs/zos-dataset.ts | 18 ++++++++++++++---- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/bin/commands/init/apfauth/index.ts b/bin/commands/init/apfauth/index.ts index e378abbb1e..2944ef2e34 100644 --- a/bin/commands/init/apfauth/index.ts +++ b/bin/commands/init/apfauth/index.ts @@ -53,7 +53,7 @@ export function execute() { const COMMAND_LIST = std.getenv('ZWE_CLI_COMMANDS_LIST'); const tmpfile = fs.createTmpFile(`zwe ${COMMAND_LIST}`.replace(new RegExp('\ ', 'g'), '-')); common.printDebug(`- Copy ${jcllib}(ZWEIAPF) to ${tmpfile}`); - let jclContent = shell.execOutSync('sh', '-c', `cat "//'${jcllib}(ZWEIAPF)'" 2>&1`); + let jclContent = shell.execOutSync('sh', '-c', `cat "//'${stringlib.escapeDollar(jcllib)}(ZWEIAPF)'" 2>&1`); if (jclContent.out && jclContent.rc == 0) { common.printDebug(` * Succeeded`); common.printTrace(` * Output:`); diff --git a/bin/libs/zos-dataset.ts b/bin/libs/zos-dataset.ts index 0b850edb82..6348b67b1e 100644 --- a/bin/libs/zos-dataset.ts +++ b/bin/libs/zos-dataset.ts @@ -130,20 +130,30 @@ export function isDatasetSmsManaged(dataset: string): { rc: number, smsManaged?: // 00000000000000000000 0000000000 // // SMS flag is in `FORMAT 1 DSCB` section second line, after 780037 + // The first flag 'F1' is DS1FMTID at offset 44(X'2C') + // + // Notes: + // The first section is --FORMAT 1 DSCB-- xor --FORMAT 8 DSCB-- + // The section --FORMAT 3 DSCB-- is optional + // common.printTrace(`- Check if ${dataset} is SMS managed`); const labelResult = zoslib.tsoCommand(`listds '${stringlib.escapeDollar(dataset)}' label`); const datasetLabel=labelResult.out; if (labelResult.rc == 0) { - let formatIndex = datasetLabel.indexOf('--FORMAT 1 DSCB--'); + let formatIndex = datasetLabel.indexOf("--FORMAT 1 DSCB--\n"); let dscb_fmt1: string; if (formatIndex == -1) { - formatIndex = datasetLabel.indexOf('--FORMAT 8 DSCB--'); + formatIndex = datasetLabel.indexOf("--FORMAT 8 DSCB--\n"); } if (formatIndex != -1) { - let startIndex = formatIndex + '--FORMAT 8 DSCB--'.length; + let startIndex = formatIndex + "--FORMAT 8 DSCB--\n".length; let endIndex = datasetLabel.indexOf('--',startIndex); - dscb_fmt1 = datasetLabel.substring(startIndex, endIndex); + if (endIndex != -1) { + dscb_fmt1 = datasetLabel.substring(startIndex, endIndex); + } else { + dscb_fmt1 = datasetLabel.substring(startIndex); + } } if (!dscb_fmt1) { common.printError(" * Failed to find format 1 data set control block information."); From 6d671bf973435008057d49c1d734e92c94d3b71b Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 14 Mar 2024 15:35:49 -0400 Subject: [PATCH 141/258] Update zos-dataset.ts Signed-off-by: 1000TurquoisePogs --- bin/libs/zos-dataset.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bin/libs/zos-dataset.ts b/bin/libs/zos-dataset.ts index 6348b67b1e..2dd7b9fac7 100644 --- a/bin/libs/zos-dataset.ts +++ b/bin/libs/zos-dataset.ts @@ -28,7 +28,8 @@ export function isVsamDatasetExists(datasetName: string): boolean { export function isDatasetExists(datasetName: string): boolean { common.printTrace(` * isDatasetExists: '${stringlib.escapeDollar(datasetName)}'`); - const result = shell.execSync('sh', '-c', `cat "//'${stringlib.escapeDollar(datasetName)}'" 1>/dev/null 2>&1`); + const result = shell.execOutSync('sh', '-c', `cat "//'${stringlib.escapeDollar(datasetName)}'" 2>&1`); + common.printTrace(` ** isDatasetExists output=${result.out}`); return result.rc === 0; } From b62e3d2f670b553d2a941f5b1218398c15a4a402 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Fri, 15 Mar 2024 08:35:32 +0100 Subject: [PATCH 142/258] cat DSN with dollar sign Signed-off-by: Martin Zeithaml --- bin/commands/init/stc/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/commands/init/stc/index.ts b/bin/commands/init/stc/index.ts index 06cc47f0a8..3053eacec6 100644 --- a/bin/commands/init/stc/index.ts +++ b/bin/commands/init/stc/index.ts @@ -92,7 +92,7 @@ export function execute(allowOverwrite: boolean = false) { const tmpfile = fs.createTmpFile(`zwe ${COMMAND_LIST}`.replace(new RegExp('\ ', 'g'), '-')); common.printDebug(`- Copy ${jcllib}(ZWEISTC) to ${tmpfile}`); - const jclContent = shell.execOutSync('sh', '-c', `cat "//'${jcllib}(ZWEISTC)'" 2>&1`); + const jclContent = shell.execOutSync('sh', '-c', `cat "//'${stringlib.escapeDollar(jcllib)}(ZWEISTC)'" 2>&1`); if (jclContent.out && jclContent.rc == 0) { common.printDebug(` * Succeeded`); common.printTrace(` * Output:`); From 5c582fa9da47f54b05a7334a63692d66573768de Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 15 Mar 2024 09:51:31 -0400 Subject: [PATCH 143/258] Fix mixed up pluginlib ref Signed-off-by: 1000TurquoisePogs --- bin/commands/init/apfauth/index.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/commands/init/apfauth/index.ts b/bin/commands/init/apfauth/index.ts index 2944ef2e34..190b20c8b1 100644 --- a/bin/commands/init/apfauth/index.ts +++ b/bin/commands/init/apfauth/index.ts @@ -64,8 +64,8 @@ export function execute() { jclContent.out = jclContent.out.replace("SET LOADLOC='SMS'", `SET LOADLOC='VOLUME=${result3.volume}'`); } if (!result2.smsManaged) { - let result4 = zosDs.getDatasetVolume(ZOWE_CONFIG.zowe.setup.dataset.authLoadlib); - jclContent.out = jclContent.out.replace("SET LOADLOC='SMS'", `SET PLUGLOC='VOLUME=${result4.volume}'`); + let result4 = zosDs.getDatasetVolume(ZOWE_CONFIG.zowe.setup.dataset.authPluginLib); + jclContent.out = jclContent.out.replace("SET PLUGLOC='SMS'", `SET PLUGLOC='VOLUME=${result4.volume}'`); } xplatform.storeFileUTF8(tmpfile, xplatform.AUTO_DETECT, jclContent.out); From 3b5221d55e898bd8f5ecb7aad0d9e7d006fdeac6 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 18 Mar 2024 14:22:50 -0400 Subject: [PATCH 144/258] Attempt to work-around test failures where existing dataset is not seen Signed-off-by: 1000TurquoisePogs --- bin/libs/zos.ts | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/bin/libs/zos.ts b/bin/libs/zos.ts index 1a63cc5e29..67997b6a75 100644 --- a/bin/libs/zos.ts +++ b/bin/libs/zos.ts @@ -73,19 +73,27 @@ export function verifyGeneratedJcl(config:any): string { return undefined; } // read JCL library and validate - let doesJclExist=zosDataset.isDatasetExists(jcllib); + let doesJclExist: boolean|number = zosDataset.isDatasetExists(jcllib); if (!doesJclExist) { - initGenerate.execute(); + doesJclExist = zosDataset.tsoIsDatasetExists(jcllib); + if (!doesJclExist) { + initGenerate.execute(); + } } // should be created, but may take time to discover. if (!doesJclExist) { - const interval = [1,5,10]; + const interval = [1,5,10,30]; for (let i = 0; i < interval.length; i++) { let secs = interval[i]; doesJclExist=zosDataset.isDatasetExists(jcllib); if (!doesJclExist) { - os.sleep(secs*1000); + doesJclExist = zosDataset.tsoIsDatasetExists(jcllib); + if (!doesJclExist) { + os.sleep(secs*1000); + } else { + break; + } } else { break; } From e0ccc21f9429af7df1bb2e6d4a97564e8919fc9a Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Tue, 19 Mar 2024 11:01:36 +0100 Subject: [PATCH 145/258] Typos Signed-off-by: Martin Zeithaml --- INSTALLATION.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/INSTALLATION.md b/INSTALLATION.md index c08717354d..2760a72bf7 100644 --- a/INSTALLATION.md +++ b/INSTALLATION.md @@ -40,7 +40,7 @@ Runtime: The read-only content that comprises a version of Zowe. **Instance**: A collection of configuration and persistent data for Zowe that uses a particular Runtime. -**HA Instance**: An optional subset of an Instance which varies its configuration for redundant copies of Zowe components across one or more LPARs for high avilability and fault tolerance. +**HA Instance**: An optional subset of an Instance which varies its configuration for redundant copies of Zowe components across one or more LPARs for high availability and fault tolerance. **Component**: A unit of software that is managed by Zowe's launcher and has a folder structure that allows Zowe's tools to manage it. Components may contain a webserver or an extension to another component. @@ -49,7 +49,7 @@ Runtime: The read-only content that comprises a version of Zowe. **Keystore**: Zowe has several HTTPS servers which require certificates to function. You can store these certificates in a Keyring, or in a ZFS Keystore directory in the form of PKCS12 files. ### Configuration Concepts -**Zowe YAML File**: Each Instance is configured by a YAML document composed of one or more unix file or PDSE member. It can be as simple as a "zowe.yaml" unix file, or ZWEYAML parmlib member, or advanced configuration can ba accomplished by splitting configuration across multiple such files. This allows for defaults and customizations, splitting the configuration by administrative duty, or even splitting the configuration by core configuration versus extension configuration. +**Zowe YAML File**: Each Instance is configured by a YAML document composed of one or more unix file or PDSE member. It can be as simple as a "zowe.yaml" unix file, or ZWEYAML parmlib member, or advanced configuration can be accomplished by splitting configuration across multiple such files. This allows for defaults and customizations, splitting the configuration by administrative duty, or even splitting the configuration by core configuration versus extension configuration. **Schema**: The YAML file is backed by a Schema, found within `runtimeDirectory/schemas` ([link](https://github.com/zowe/zowe-install-packaging/tree/v2.x/staging/schemas)). Whenever Zowe starts up, or when most `zwe` commands are used, Zowe will check that the YAML file is valid before executing the requested operation, to reduce chance of misconfiguration. The schema also details advanced configuration parameters that may not be needed in basic installs. @@ -183,7 +183,7 @@ JCL samples for removing Zowe configuration also exist. If you type `zwe init --help`, you will see each configuration command that is available. Each command reads configuration properties from the Zowe YAML files, and combines that with the JCL samples from the SZWESAMP dataset. The commands resolve the JCL sample templates into usable JCL within the dataset defined by YAML value `zowe.setup.dataset.jcllib`. -Before each command runs, it will pritn the JCL that it is submitting. +Before each command runs, it will print the JCL that it is submitting. Every `zwe init` command also has a `--dry-run` option which validates the configuration, prints the JCL, but does not submit it. This allows you to review the actions before performing them with the appropriate administrator. From ec40fa77bbbae3fa83ea22d8e34712a95f1b931e Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Tue, 19 Mar 2024 14:35:18 +0100 Subject: [PATCH 146/258] Sleep bug Signed-off-by: Martin Zeithaml --- bin/libs/zos-jes.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bin/libs/zos-jes.ts b/bin/libs/zos-jes.ts index 10d5a2a26f..1360d2dbc1 100644 --- a/bin/libs/zos-jes.ts +++ b/bin/libs/zos-jes.ts @@ -96,7 +96,8 @@ export function waitForJob(jobid: string): {jobcctext?: string, jobcccode?: stri is_jes3 = false; const secs = timesSec[i]; common.printTrace(` * Wait for ${secs} seconds`); - os.sleep(secs*1000); + //os.sleep(secs*1000); Bypass the problem with sleep + shell.execSync('sh', '-c', `sleep ${secs}`); let result=zoslib.operatorCommand(`\\$D ${jobid},CC`); // if it's JES3, we receive this: From 2188d7db55adde994b5677da01615e81f771001c Mon Sep 17 00:00:00 2001 From: Mark Ackert <35308966+MarkAckert@users.noreply.github.com> Date: Tue, 19 Mar 2024 10:30:09 -0400 Subject: [PATCH 147/258] Fix the SMP/e build (#3748) * update smpmcs with new samp members Signed-off-by: MarkAckert * fix member name Signed-off-by: MarkAckert --------- Signed-off-by: MarkAckert --- smpe/bld/SMPMCS.txt | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/smpe/bld/SMPMCS.txt b/smpe/bld/SMPMCS.txt index afa140f371..e9b9ab3ed6 100755 --- a/smpe/bld/SMPMCS.txt +++ b/smpe/bld/SMPMCS.txt @@ -29,12 +29,40 @@ ++SAMP(ZWE6DDEF) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(1) . ++SAMP(ZWE7APLY) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(1) . ++SAMP(ZWE8ACPT) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(1) . +++SAMP(ZWECHG) SYSLIB(SZWEEXEC) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWEGEN00) SYSLIB(SZWEEXEC) DISTLIB(AZWESAMP) RELFILE(2) . ++SAMP(ZWEMCOPY) SYSLIB(SZWEEXEC) DISTLIB(AZWESAMP) RELFILE(2) . ++SAMP(ZWEOCOPY) SYSLIB(SZWEEXEC) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWECSRVS) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . ++SAMP(ZWECSVSM) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . -++SAMP(ZWEKRING) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . -++SAMP(ZWENOKYR) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWEGENER) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWEIACF) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWEIACFZ) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWEIAPF) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWEIKRA1) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWEIKRA2) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWEIKRA3) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWEIKRR1) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWEIKRR2) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWEIKRR3) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWEIKRT1) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWEIKRT2) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWEIKRT3) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWEIMVS) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWEIMVS2) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWEINSTL) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWEIRAC) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWEIRACZ) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWEISTC) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWEITSS) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWEITSSZ) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWENOKRA) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWENOKRR) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWENOKRT) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . ++SAMP(ZWENOSEC) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWERMVS) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWERMVS2) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWERSTC) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . ++SAMP(ZWESECKG) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . ++SAMP(ZWESECUR) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . ++SAMP(ZWESIPRG) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . From 8d3aa0290a8bc4c49e02cbc6deaad48506270f92 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 20 Mar 2024 15:26:26 -0400 Subject: [PATCH 148/258] Re-test with os.sleep if fixed Signed-off-by: 1000TurquoisePogs --- bin/libs/zos-jes.ts | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/bin/libs/zos-jes.ts b/bin/libs/zos-jes.ts index 1360d2dbc1..5ca48453f2 100644 --- a/bin/libs/zos-jes.ts +++ b/bin/libs/zos-jes.ts @@ -96,8 +96,11 @@ export function waitForJob(jobid: string): {jobcctext?: string, jobcccode?: stri is_jes3 = false; const secs = timesSec[i]; common.printTrace(` * Wait for ${secs} seconds`); - //os.sleep(secs*1000); Bypass the problem with sleep - shell.execSync('sh', '-c', `sleep ${secs}`); + + // TODO os.sleep has a problem described in https://github.com/zowe/zowe-common-c/issues/439 that may be fixed in https://github.com/zowe/zowe-common-c/issues/439 + os.sleep(secs*1000); + // Use this to bypass the problem with sleep + // shell.execSync('sh', '-c', `sleep ${secs}`); let result=zoslib.operatorCommand(`\\$D ${jobid},CC`); // if it's JES3, we receive this: From e760e476473c6b14cd8264e3c043b08258a12258 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 21 Mar 2024 14:11:06 -0400 Subject: [PATCH 149/258] Split init steps on playbook to help troubleshoot Signed-off-by: 1000TurquoisePogs --- playbooks/roles/configure/tasks/main.yml | 45 ++++++++++++++++++- playbooks/roles/configure/tasks/show_logs.yml | 8 +++- 2 files changed, 49 insertions(+), 4 deletions(-) diff --git a/playbooks/roles/configure/tasks/main.yml b/playbooks/roles/configure/tasks/main.yml index 024eab6b27..237ac70eab 100644 --- a/playbooks/roles/configure/tasks/main.yml +++ b/playbooks/roles/configure/tasks/main.yml @@ -351,9 +351,50 @@ when: zowe_configure_ignore_security_failures # ============================================================================ -- name: Init Zowe +- name: Init Zowe mvs import_role: name: zos tasks_from: run_zwe vars: - parameters: "init {{ zwe_init_params }}" + parameters: "init mvs {{ zwe_init_params }}" + +# ============================================================================ +- name: Init Zowe vsam + import_role: + name: zos + tasks_from: run_zwe + vars: + parameters: "init vsam {{ zwe_init_params }}" + +# ============================================================================ +- name: Init Zowe stc + import_role: + name: zos + tasks_from: run_zwe + vars: + parameters: "init stc {{ zwe_init_params }}" + +# ============================================================================ +- name: Init Zowe security + import_role: + name: zos + tasks_from: run_zwe + vars: + parameters: "init security {{ zwe_init_params }}" + +# ============================================================================ +- name: Init Zowe apfauth + import_role: + name: zos + tasks_from: run_zwe + vars: + parameters: "init apfauth {{ zwe_init_params }}" + +# ============================================================================ +- name: Init Zowe certificate + import_role: + name: zos + tasks_from: run_zwe + vars: + parameters: "init certificate {{ zwe_init_params }}" + diff --git a/playbooks/roles/configure/tasks/show_logs.yml b/playbooks/roles/configure/tasks/show_logs.yml index 2d36f5b77f..f6fcf070e0 100644 --- a/playbooks/roles/configure/tasks/show_logs.yml +++ b/playbooks/roles/configure/tasks/show_logs.yml @@ -37,8 +37,12 @@ vars: show_jobs_name: "{{ job_name_to_show }}" loop: - - ZWEIACF2 - - ZWEIRACF + - ZWEGENER + - ZWEIMVS + - ZWEIMVS2 + - ZWEIAPF + - ZWEIACF + - ZWEIRAC - ZWEITSS - ZWEIKRR1 - ZWEIKRR2 From 41cea5a864b8d02eaec892b8adade5525ef1420b Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 22 Mar 2024 12:46:05 -0400 Subject: [PATCH 150/258] Fix tsoIsDatasetExists use Signed-off-by: 1000TurquoisePogs --- bin/libs/zos.ts | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/bin/libs/zos.ts b/bin/libs/zos.ts index 67997b6a75..884c4a21ec 100644 --- a/bin/libs/zos.ts +++ b/bin/libs/zos.ts @@ -73,11 +73,13 @@ export function verifyGeneratedJcl(config:any): string { return undefined; } // read JCL library and validate - let doesJclExist: boolean|number = zosDataset.isDatasetExists(jcllib); + let doesJclExist: boolean = zosDataset.isDatasetExists(jcllib); if (!doesJclExist) { - doesJclExist = zosDataset.tsoIsDatasetExists(jcllib); - if (!doesJclExist) { + let rc: number = zosDataset.tsoIsDatasetExists(jcllib); + if (rc != 0) { initGenerate.execute(); + } else { + doesJclExist = true; } } @@ -88,10 +90,11 @@ export function verifyGeneratedJcl(config:any): string { let secs = interval[i]; doesJclExist=zosDataset.isDatasetExists(jcllib); if (!doesJclExist) { - doesJclExist = zosDataset.tsoIsDatasetExists(jcllib); - if (!doesJclExist) { + let rc: number = zosDataset.tsoIsDatasetExists(jcllib); + if (rc != 0) { os.sleep(secs*1000); } else { + doesJclExist = true; break; } } else { From 928123075b12f487d686fca9ec47dc9155c646a1 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 22 Mar 2024 14:07:01 -0400 Subject: [PATCH 151/258] Fixed nokyr extra } Signed-off-by: 1000TurquoisePogs --- bin/libs/certificate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/libs/certificate.sh b/bin/libs/certificate.sh index e8fbf9c651..b50c72f3f7 100644 --- a/bin/libs/certificate.sh +++ b/bin/libs/certificate.sh @@ -1021,7 +1021,7 @@ keyring_run_zwenokyr_jcl() { print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" else print_message "Submitting Job ${member_name}" - jobid=$(submit_job "//'${jcllib}(${member_name}})'") + jobid=$(submit_job "//'${jcllib}(${member_name})'") code=$? if [ ${code} -ne 0 ]; then print_error "Error ZWEL0161E: Failed to run JCL ${jcllib}(${member_name})." From f965d41739625405a269d4114ee4ec75af62880b Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 22 Mar 2024 15:13:35 -0400 Subject: [PATCH 152/258] Add JCL for doing init apfauth action the same way as was done in v2 Signed-off-by: 1000TurquoisePogs --- bin/commands/init/apfauth/index.ts | 10 +++--- files/SZWESAMP/ZWEIAPF2 | 41 ++++++++++++++++++++++++ playbooks/roles/configure/tasks/main.yml | 16 +++++---- 3 files changed, 55 insertions(+), 12 deletions(-) create mode 100644 files/SZWESAMP/ZWEIAPF2 diff --git a/bin/commands/init/apfauth/index.ts b/bin/commands/init/apfauth/index.ts index 190b20c8b1..0e5478f3a3 100644 --- a/bin/commands/init/apfauth/index.ts +++ b/bin/commands/init/apfauth/index.ts @@ -52,8 +52,8 @@ export function execute() { if (!result1.smsManaged || !result2.smsManaged) { const COMMAND_LIST = std.getenv('ZWE_CLI_COMMANDS_LIST'); const tmpfile = fs.createTmpFile(`zwe ${COMMAND_LIST}`.replace(new RegExp('\ ', 'g'), '-')); - common.printDebug(`- Copy ${jcllib}(ZWEIAPF) to ${tmpfile}`); - let jclContent = shell.execOutSync('sh', '-c', `cat "//'${stringlib.escapeDollar(jcllib)}(ZWEIAPF)'" 2>&1`); + common.printDebug(`- Copy ${jcllib}(ZWEIAPF2) to ${tmpfile}`); + let jclContent = shell.execOutSync('sh', '-c', `cat "//'${stringlib.escapeDollar(jcllib)}(ZWEIAPF2)'" 2>&1`); if (jclContent.out && jclContent.rc == 0) { common.printDebug(` * Succeeded`); common.printTrace(` * Output:`); @@ -74,10 +74,10 @@ export function execute() { shell.execSync('chmod', '700', tmpfile); if (!fs.fileExists(tmpfile)) { - common.printErrorAndExit(`Error ZWEL0159E: Failed to prepare ZWEIAPF`, undefined, 159); + common.printErrorAndExit(`Error ZWEL0159E: Failed to prepare ZWEIAPF2`, undefined, 159); } - zosJes.printAndHandleJcl(tmpfile, `ZWEIAPF`, jcllib, prefix, true); + zosJes.printAndHandleJcl(tmpfile, `ZWEIAPF2`, jcllib, prefix, true); } else { common.printDebug(` * Failed`); common.printError(` * Exit code: ${jclContent.rc}`); @@ -88,7 +88,7 @@ export function execute() { std.exit(1); } } else { - zosJes.printAndHandleJcl(`//'${jcllib}(ZWEIAPF)'`, `ZWEIAPF`, jcllib, prefix); + zosJes.printAndHandleJcl(`//'${jcllib}(ZWEIAPF2)'`, `ZWEIAPF2`, jcllib, prefix); } common.printLevel2Message(`Zowe load libraries are APF authorized successfully.`); } diff --git a/files/SZWESAMP/ZWEIAPF2 b/files/SZWESAMP/ZWEIAPF2 new file mode 100644 index 0000000000..d994ccb7b2 --- /dev/null +++ b/files/SZWESAMP/ZWEIAPF2 @@ -0,0 +1,41 @@ +//ZWEIAPF2 JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* This JCL is used to set APF for the two datasets of Zowe +//* Which need it. You can issue this, or use another +//* Way to accomplish the task. +//* +//********************************************************************* +//* +//* This dataset holds the APF portion of Zowe +// SET LOADLIB='{zowe.setup.dataset.authLoadlib}' +//* SMS may have to be replaced with VOLUME=SOME.DSN when not SMS +// SET LOADLOC='SMS' +//* +//* This dataset holds product plugins for ZIS, +//* ZIS is located in the LOADLIB. +// SET PLUGLIB='{zowe.setup.dataset.authPluginLib}' +// SET PLUGLOC='SMS' +//* +//********************************************************************* +//* +//APFAUTH EXEC PGM=BPXBATCH +//BPXPRINT DD SYSOUT=* +//STDOUT DD SYSOUT=* +//STDERR DD SYSOUT=* +//STDPARM DD * +SH cd "{zowe.runtimeDirectory}" && +cd bin/utils && +./opercmd.rex "SETPROG APF,ADD,DSN=&LOADLIB.,&LOADLOC." && +./opercmd.rex "SETPROG APF,ADD,DSN=&PLUGLIB.,&PLUGLOC." +//* diff --git a/playbooks/roles/configure/tasks/main.yml b/playbooks/roles/configure/tasks/main.yml index 237ac70eab..405139c05c 100644 --- a/playbooks/roles/configure/tasks/main.yml +++ b/playbooks/roles/configure/tasks/main.yml @@ -358,6 +358,15 @@ vars: parameters: "init mvs {{ zwe_init_params }}" +# ============================================================================ +- name: Init Zowe apfauth + import_role: + name: zos + tasks_from: run_zwe + vars: + parameters: "init apfauth {{ zwe_init_params }}" + + # ============================================================================ - name: Init Zowe vsam import_role: @@ -382,13 +391,6 @@ vars: parameters: "init security {{ zwe_init_params }}" -# ============================================================================ -- name: Init Zowe apfauth - import_role: - name: zos - tasks_from: run_zwe - vars: - parameters: "init apfauth {{ zwe_init_params }}" # ============================================================================ - name: Init Zowe certificate From 3cb406209625d19659c37a69afcccc6ed5f1b885 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 22 Mar 2024 16:01:50 -0400 Subject: [PATCH 153/258] Cleanup sleep and existence logic now that sleep bug fixed Signed-off-by: 1000TurquoisePogs --- bin/libs/zos-dataset.ts | 3 +- bin/libs/zos-jes.ts | 4 -- bin/libs/zos.ts | 15 +----- playbooks/roles/configure/tasks/main.yml | 47 +------------------ playbooks/roles/configure/tasks/show_logs.yml | 2 +- 5 files changed, 6 insertions(+), 65 deletions(-) diff --git a/bin/libs/zos-dataset.ts b/bin/libs/zos-dataset.ts index 2dd7b9fac7..2177a44734 100644 --- a/bin/libs/zos-dataset.ts +++ b/bin/libs/zos-dataset.ts @@ -28,8 +28,7 @@ export function isVsamDatasetExists(datasetName: string): boolean { export function isDatasetExists(datasetName: string): boolean { common.printTrace(` * isDatasetExists: '${stringlib.escapeDollar(datasetName)}'`); - const result = shell.execOutSync('sh', '-c', `cat "//'${stringlib.escapeDollar(datasetName)}'" 2>&1`); - common.printTrace(` ** isDatasetExists output=${result.out}`); + const result = shell.execSync('sh', '-c', `cat "//'${stringlib.escapeDollar(datasetName)}'" 2>&1`); return result.rc === 0; } diff --git a/bin/libs/zos-jes.ts b/bin/libs/zos-jes.ts index 5ca48453f2..b9e6fd53ea 100644 --- a/bin/libs/zos-jes.ts +++ b/bin/libs/zos-jes.ts @@ -96,11 +96,7 @@ export function waitForJob(jobid: string): {jobcctext?: string, jobcccode?: stri is_jes3 = false; const secs = timesSec[i]; common.printTrace(` * Wait for ${secs} seconds`); - - // TODO os.sleep has a problem described in https://github.com/zowe/zowe-common-c/issues/439 that may be fixed in https://github.com/zowe/zowe-common-c/issues/439 os.sleep(secs*1000); - // Use this to bypass the problem with sleep - // shell.execSync('sh', '-c', `sleep ${secs}`); let result=zoslib.operatorCommand(`\\$D ${jobid},CC`); // if it's JES3, we receive this: diff --git a/bin/libs/zos.ts b/bin/libs/zos.ts index 884c4a21ec..dd1d535c77 100644 --- a/bin/libs/zos.ts +++ b/bin/libs/zos.ts @@ -75,12 +75,7 @@ export function verifyGeneratedJcl(config:any): string { // read JCL library and validate let doesJclExist: boolean = zosDataset.isDatasetExists(jcllib); if (!doesJclExist) { - let rc: number = zosDataset.tsoIsDatasetExists(jcllib); - if (rc != 0) { - initGenerate.execute(); - } else { - doesJclExist = true; - } + initGenerate.execute(); } // should be created, but may take time to discover. @@ -90,13 +85,7 @@ export function verifyGeneratedJcl(config:any): string { let secs = interval[i]; doesJclExist=zosDataset.isDatasetExists(jcllib); if (!doesJclExist) { - let rc: number = zosDataset.tsoIsDatasetExists(jcllib); - if (rc != 0) { - os.sleep(secs*1000); - } else { - doesJclExist = true; - break; - } + os.sleep(secs*1000); } else { break; } diff --git a/playbooks/roles/configure/tasks/main.yml b/playbooks/roles/configure/tasks/main.yml index 405139c05c..024eab6b27 100644 --- a/playbooks/roles/configure/tasks/main.yml +++ b/playbooks/roles/configure/tasks/main.yml @@ -351,52 +351,9 @@ when: zowe_configure_ignore_security_failures # ============================================================================ -- name: Init Zowe mvs +- name: Init Zowe import_role: name: zos tasks_from: run_zwe vars: - parameters: "init mvs {{ zwe_init_params }}" - -# ============================================================================ -- name: Init Zowe apfauth - import_role: - name: zos - tasks_from: run_zwe - vars: - parameters: "init apfauth {{ zwe_init_params }}" - - -# ============================================================================ -- name: Init Zowe vsam - import_role: - name: zos - tasks_from: run_zwe - vars: - parameters: "init vsam {{ zwe_init_params }}" - -# ============================================================================ -- name: Init Zowe stc - import_role: - name: zos - tasks_from: run_zwe - vars: - parameters: "init stc {{ zwe_init_params }}" - -# ============================================================================ -- name: Init Zowe security - import_role: - name: zos - tasks_from: run_zwe - vars: - parameters: "init security {{ zwe_init_params }}" - - -# ============================================================================ -- name: Init Zowe certificate - import_role: - name: zos - tasks_from: run_zwe - vars: - parameters: "init certificate {{ zwe_init_params }}" - + parameters: "init {{ zwe_init_params }}" diff --git a/playbooks/roles/configure/tasks/show_logs.yml b/playbooks/roles/configure/tasks/show_logs.yml index f6fcf070e0..29bd0e9ee3 100644 --- a/playbooks/roles/configure/tasks/show_logs.yml +++ b/playbooks/roles/configure/tasks/show_logs.yml @@ -40,7 +40,7 @@ - ZWEGENER - ZWEIMVS - ZWEIMVS2 - - ZWEIAPF + - ZWEIAPF2 - ZWEIACF - ZWEIRAC - ZWEITSS From 12a245985198fc7c521ee8c08b2756fd84ef6232 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 25 Mar 2024 16:21:51 -0400 Subject: [PATCH 154/258] Fix ZWEIRMVS running due to typo. Fix pds listing print out in existence check. fix apf not running due to substitution error, now just use exports Signed-off-by: 1000TurquoisePogs --- bin/commands/init/apfauth/index.ts | 4 ++-- bin/commands/init/mvs/index.ts | 2 +- bin/libs/zos-dataset.ts | 2 +- files/SZWESAMP/ZWEIAPF2 | 22 +++++++++------------- 4 files changed, 13 insertions(+), 17 deletions(-) diff --git a/bin/commands/init/apfauth/index.ts b/bin/commands/init/apfauth/index.ts index 0e5478f3a3..bcee97f722 100644 --- a/bin/commands/init/apfauth/index.ts +++ b/bin/commands/init/apfauth/index.ts @@ -61,11 +61,11 @@ export function execute() { if (!result1.smsManaged) { let result3 = zosDs.getDatasetVolume(ZOWE_CONFIG.zowe.setup.dataset.authLoadlib); - jclContent.out = jclContent.out.replace("SET LOADLOC='SMS'", `SET LOADLOC='VOLUME=${result3.volume}'`); + jclContent.out = jclContent.out.replace("export LOADLOC=SMS", `export LOADLOC="VOLUME=${result3.volume}"`); } if (!result2.smsManaged) { let result4 = zosDs.getDatasetVolume(ZOWE_CONFIG.zowe.setup.dataset.authPluginLib); - jclContent.out = jclContent.out.replace("SET PLUGLOC='SMS'", `SET PLUGLOC='VOLUME=${result4.volume}'`); + jclContent.out = jclContent.out.replace("export PLUGLOC=SMS", `export PLUGLOC="VOLUME=${result4.volume}"`); } xplatform.storeFileUTF8(tmpfile, xplatform.AUTO_DETECT, jclContent.out); diff --git a/bin/commands/init/mvs/index.ts b/bin/commands/init/mvs/index.ts index 9818ddbc73..8065605d71 100644 --- a/bin/commands/init/mvs/index.ts +++ b/bin/commands/init/mvs/index.ts @@ -61,7 +61,7 @@ export function execute(allowOverwrite?: boolean) { const datasetExists=zosdataset.isDatasetExists(ds); if (datasetExists) { if (allowOverwrite) { - if (key != 'authLoadLib') { + if (key != 'authLoadlib') { needCleanup = true; } else { needAuthCleanup = true; diff --git a/bin/libs/zos-dataset.ts b/bin/libs/zos-dataset.ts index 2177a44734..6348b67b1e 100644 --- a/bin/libs/zos-dataset.ts +++ b/bin/libs/zos-dataset.ts @@ -28,7 +28,7 @@ export function isVsamDatasetExists(datasetName: string): boolean { export function isDatasetExists(datasetName: string): boolean { common.printTrace(` * isDatasetExists: '${stringlib.escapeDollar(datasetName)}'`); - const result = shell.execSync('sh', '-c', `cat "//'${stringlib.escapeDollar(datasetName)}'" 2>&1`); + const result = shell.execSync('sh', '-c', `cat "//'${stringlib.escapeDollar(datasetName)}'" 1>/dev/null 2>&1`); return result.rc === 0; } diff --git a/files/SZWESAMP/ZWEIAPF2 b/files/SZWESAMP/ZWEIAPF2 index d994ccb7b2..1ff114870a 100644 --- a/files/SZWESAMP/ZWEIAPF2 +++ b/files/SZWESAMP/ZWEIAPF2 @@ -15,17 +15,9 @@ //* Which need it. You can issue this, or use another //* Way to accomplish the task. //* -//********************************************************************* -//* -//* This dataset holds the APF portion of Zowe -// SET LOADLIB='{zowe.setup.dataset.authLoadlib}' -//* SMS may have to be replaced with VOLUME=SOME.DSN when not SMS -// SET LOADLOC='SMS' -//* -//* This dataset holds product plugins for ZIS, -//* ZIS is located in the LOADLIB. -// SET PLUGLIB='{zowe.setup.dataset.authPluginLib}' -// SET PLUGLOC='SMS' +//* The following variables are derived from the zowe YAML config: +//* LOADLIB: the dataset that holds the APF portion of Zowe +//* PLUGLIB: The dataset that holds the extensions for ZIS. //* //********************************************************************* //* @@ -36,6 +28,10 @@ //STDPARM DD * SH cd "{zowe.runtimeDirectory}" && cd bin/utils && -./opercmd.rex "SETPROG APF,ADD,DSN=&LOADLIB.,&LOADLOC." && -./opercmd.rex "SETPROG APF,ADD,DSN=&PLUGLIB.,&PLUGLOC." +export LOADLIB={zowe.setup.dataset.authLoadlib} && +export LOADLOC=SMS && +export PLUGLIB={zowe.setup.dataset.authPluginLib} && +export PLUGLOC=SMS && +./opercmd.rex "SETPROG APF,ADD,DSN=$LOADLIB,$LOADLOC" && +./opercmd.rex "SETPROG APF,ADD,DSN=$PLUGLIB,$PLUGLOC" //* From f0824beb441f1b184c9d0037c8a428aeb0cc47f5 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 26 Mar 2024 09:30:35 -0400 Subject: [PATCH 155/258] Do not touch szweauth in init Signed-off-by: 1000TurquoisePogs --- bin/commands/init/mvs/index.ts | 6 ++-- playbooks/roles/configure/tasks/main.yml | 44 ++++++++++++++++++++++-- 2 files changed, 46 insertions(+), 4 deletions(-) diff --git a/bin/commands/init/mvs/index.ts b/bin/commands/init/mvs/index.ts index 8065605d71..46fc58cb1c 100644 --- a/bin/commands/init/mvs/index.ts +++ b/bin/commands/init/mvs/index.ts @@ -63,10 +63,12 @@ export function execute(allowOverwrite?: boolean) { if (allowOverwrite) { if (key != 'authLoadlib') { needCleanup = true; - } else { + common.printMessage(`Warning ZWEL0300W: ${ds} already exists. Members in this data set will be overwritten.`); + } else if (ds != (prefix+'.SZWEAUTH')) { + //Do not delete the shipped auth load lib. needAuthCleanup = true; } - common.printMessage(`Warning ZWEL0300W: ${ds} already exists. Members in this data set will be overwritten.`); + } else { skippedDatasets = true; common.printMessage(`Warning ZWEL0301W: ${ds} already exists and will not be overwritten. For upgrades, you must use --allow-overwrite.`); diff --git a/playbooks/roles/configure/tasks/main.yml b/playbooks/roles/configure/tasks/main.yml index 024eab6b27..777ae57b42 100644 --- a/playbooks/roles/configure/tasks/main.yml +++ b/playbooks/roles/configure/tasks/main.yml @@ -351,9 +351,49 @@ when: zowe_configure_ignore_security_failures # ============================================================================ -- name: Init Zowe +- name: Init mvs Zowe import_role: name: zos tasks_from: run_zwe vars: - parameters: "init {{ zwe_init_params }}" + parameters: "init mvs {{ zwe_init_params }}" + +# ============================================================================ +- name: Init vsam Zowe + import_role: + name: zos + tasks_from: run_zwe + vars: + parameters: "init vsam {{ zwe_init_params }}" + +# ============================================================================ +- name: Init stc Zowe + import_role: + name: zos + tasks_from: run_zwe + vars: + parameters: "init stc {{ zwe_init_params }}" + +# ============================================================================ +- name: Init apfauth Zowe + import_role: + name: zos + tasks_from: run_zwe + vars: + parameters: "init apfauth {{ zwe_init_params }}" + +# ============================================================================ +- name: Init security Zowe + import_role: + name: zos + tasks_from: run_zwe + vars: + parameters: "init security {{ zwe_init_params }}" + +# ============================================================================ +- name: Init certificate Zowe + import_role: + name: zos + tasks_from: run_zwe + vars: + parameters: "init certificate {{ zwe_init_params }}" From bb7958cbccf12ead199cc05fd8b3aa502e7303f1 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 26 Mar 2024 15:41:28 -0400 Subject: [PATCH 156/258] Fix that the testbed was not setting loadlib propertly Signed-off-by: 1000TurquoisePogs --- playbooks/roles/configure/tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/playbooks/roles/configure/tasks/main.yml b/playbooks/roles/configure/tasks/main.yml index 777ae57b42..e01e60e26e 100644 --- a/playbooks/roles/configure/tasks/main.yml +++ b/playbooks/roles/configure/tasks/main.yml @@ -95,7 +95,8 @@ "zowe.setup.dataset.proclib": "{{ zowe_proclib_dsname }}" "zowe.setup.dataset.parmlib": "{{ zowe_xmem_parmlib }}" "zowe.setup.dataset.jcllib": "{{ zowe_jcllib }}" - "zowe.setup.dataset.authLoadlib": "{{ zowe_xmem_loadlib }}" + "zowe.setup.dataset.loadlib": "{{ zowe_dataset_prefix }}.SZWELOAD" + "zowe.setup.dataset.authLoadlib": "{{ zowe_dataset_prefix }}.SZWEAUTH" "zowe.setup.dataset.authPluginLib": "{{ zowe_xmem_pluginlib }}" "zowe.useConfigmgr": "{{ zowe_use_config_manager|lower }}" From 61601269f12049e73d2672dcf1046a36487bcf93 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 27 Mar 2024 08:56:42 -0400 Subject: [PATCH 157/258] Use new launcher build Signed-off-by: 1000TurquoisePogs --- INSTALLATION.md | 1 + 1 file changed, 1 insertion(+) diff --git a/INSTALLATION.md b/INSTALLATION.md index 2760a72bf7..467dabfc64 100644 --- a/INSTALLATION.md +++ b/INSTALLATION.md @@ -318,6 +318,7 @@ zowe:

+ ## References To learn about the requirements and prerequisites of Zowe, review https://docs.zowe.org/stable/user-guide/systemrequirements-zos From a8d6dc348ebbf9fd5565a731f30669d31047986e Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 27 Mar 2024 15:17:45 -0400 Subject: [PATCH 158/258] Restore java and node and runtimedir setup in zwe init. Switch back to mainline configmgr Signed-off-by: 1000TurquoisePogs --- bin/commands/init/index.sh | 59 ++++++++++++++++++++++++++++++++++++++ manifest.json.template | 2 +- 2 files changed, 60 insertions(+), 1 deletion(-) diff --git a/bin/commands/init/index.sh b/bin/commands/init/index.sh index 3c707ba227..3cc22b7215 100755 --- a/bin/commands/init/index.sh +++ b/bin/commands/init/index.sh @@ -11,6 +11,65 @@ # Copyright Contributors to the Zowe Project. ####################################################################### +# Check if we can update node/java home, or runtime dir. +# Only possible right now if the config is a basic file. +# no FILE() or PARMLIB() syntax can be handled here yet. +if [ -e "${ZWE_CLI_PARAMETER_CONFIG}" ]; then + update_node_home= + found_node_home="$(shell_read_yaml_node_home "${ZWE_CLI_PARAMETER_CONFIG}")" + # only try to update if it's not defined + if [ -z "${found_node_home}" ]; then + update_node_home=$(detect_node_home) + fi + + update_java_home= + found_java_home="$(shell_read_yaml_java_home "${ZWE_CLI_PARAMETER_CONFIG}")" + # only try to update if it's not defined + if [ -z "${found_java_home}" ]; then + update_java_home=$(detect_java_home) + fi + + update_zowe_runtime_dir= + # do we have zowe.runtimeDirectory defined in zowe.yaml? + yaml_runtime_dir=$(shell_read_yaml_config "${ZWE_CLI_PARAMETER_CONFIG}" "zowe" "runtimeDirectory") + if [ -z "${yaml_runtime_dir}" ]; then + update_zowe_runtime_dir="${ZWE_zowe_runtimeDirectory}" + fi + + if [ -n "${update_node_home}" -o -n "${update_java_home}" -o -n "${update_zowe_runtime_dir}" ]; then + if [ "${ZWE_CLI_PARAMETER_UPDATE_CONFIG}" = "true" ]; then + if [ -n "${update_node_home}" ]; then + update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "node.home" "${update_node_home}" + fi + if [ -n "${update_java_home}" ]; then + update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "java.home" "${update_java_home}" + fi + if [ -n "${update_zowe_runtime_dir}" ]; then + update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "zowe.runtimeDirectory" "${update_zowe_runtime_dir}" + fi + + print_level2_message "Runtime directory, Java and/or node.js settings are updated successfully." + else + print_message "These configurations need to be added to your YAML configuration file:" + print_message "" + if [ -n "${update_zowe_runtime_dir}" ]; then + print_message "zowe:" + print_message " runtimeDirectory: \"${update_zowe_runtime_dir}\"" + fi + if [ -n "${update_node_home}" ]; then + print_message "node:" + print_message " home: \"${update_node_home}\"" + fi + if [ -n "${update_java_home}" ]; then + print_message "java:" + print_message " home: \"${update_java_home}\"" + fi + + print_level2_message "Please manually update \"${ZWE_CLI_PARAMETER_CONFIG}\" before you start Zowe." + fi + fi +fi + USE_CONFIGMGR=$(check_configmgr_enabled) if [ "${USE_CONFIGMGR}" = "true" ]; then if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then diff --git a/manifest.json.template b/manifest.json.template index d4731be9a1..2530774256 100644 --- a/manifest.json.template +++ b/manifest.json.template @@ -116,7 +116,7 @@ "artifact": "*.pax" }, "org.zowe.configmgr": { - "version": "^2.15.0-FEATURE-V2-ZOS-VERSION-GET-ESM", + "version": "^2.0.0-V2.X-STAGING", "artifact": "*.pax" }, "org.zowe.configmgr-rexx": { From a0ef3abfc66346ecb0b286a2de851a508a72cd7b Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 27 Mar 2024 16:35:22 -0400 Subject: [PATCH 159/258] Move home and runtime update logic into common function to run in both init and init mvs in an attempt to catch more users Signed-off-by: 1000TurquoisePogs --- bin/commands/init/index.sh | 59 +----------------------------- bin/commands/init/mvs/index.sh | 2 ++ bin/libs/json.sh | 66 ++++++++++++++++++++++++++++++++++ 3 files changed, 69 insertions(+), 58 deletions(-) diff --git a/bin/commands/init/index.sh b/bin/commands/init/index.sh index 3cc22b7215..4a7c9217ce 100755 --- a/bin/commands/init/index.sh +++ b/bin/commands/init/index.sh @@ -11,64 +11,7 @@ # Copyright Contributors to the Zowe Project. ####################################################################### -# Check if we can update node/java home, or runtime dir. -# Only possible right now if the config is a basic file. -# no FILE() or PARMLIB() syntax can be handled here yet. -if [ -e "${ZWE_CLI_PARAMETER_CONFIG}" ]; then - update_node_home= - found_node_home="$(shell_read_yaml_node_home "${ZWE_CLI_PARAMETER_CONFIG}")" - # only try to update if it's not defined - if [ -z "${found_node_home}" ]; then - update_node_home=$(detect_node_home) - fi - - update_java_home= - found_java_home="$(shell_read_yaml_java_home "${ZWE_CLI_PARAMETER_CONFIG}")" - # only try to update if it's not defined - if [ -z "${found_java_home}" ]; then - update_java_home=$(detect_java_home) - fi - - update_zowe_runtime_dir= - # do we have zowe.runtimeDirectory defined in zowe.yaml? - yaml_runtime_dir=$(shell_read_yaml_config "${ZWE_CLI_PARAMETER_CONFIG}" "zowe" "runtimeDirectory") - if [ -z "${yaml_runtime_dir}" ]; then - update_zowe_runtime_dir="${ZWE_zowe_runtimeDirectory}" - fi - - if [ -n "${update_node_home}" -o -n "${update_java_home}" -o -n "${update_zowe_runtime_dir}" ]; then - if [ "${ZWE_CLI_PARAMETER_UPDATE_CONFIG}" = "true" ]; then - if [ -n "${update_node_home}" ]; then - update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "node.home" "${update_node_home}" - fi - if [ -n "${update_java_home}" ]; then - update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "java.home" "${update_java_home}" - fi - if [ -n "${update_zowe_runtime_dir}" ]; then - update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "zowe.runtimeDirectory" "${update_zowe_runtime_dir}" - fi - - print_level2_message "Runtime directory, Java and/or node.js settings are updated successfully." - else - print_message "These configurations need to be added to your YAML configuration file:" - print_message "" - if [ -n "${update_zowe_runtime_dir}" ]; then - print_message "zowe:" - print_message " runtimeDirectory: \"${update_zowe_runtime_dir}\"" - fi - if [ -n "${update_node_home}" ]; then - print_message "node:" - print_message " home: \"${update_node_home}\"" - fi - if [ -n "${update_java_home}" ]; then - print_message "java:" - print_message " home: \"${update_java_home}\"" - fi - - print_level2_message "Please manually update \"${ZWE_CLI_PARAMETER_CONFIG}\" before you start Zowe." - fi - fi -fi +init_missing_yaml_properties USE_CONFIGMGR=$(check_configmgr_enabled) if [ "${USE_CONFIGMGR}" = "true" ]; then diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index 5831eb54fb..9998c9afd7 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -10,6 +10,8 @@ # Copyright Contributors to the Zowe Project. ####################################################################### +init_missing_yaml_properties + USE_CONFIGMGR=$(check_configmgr_enabled) if [ "${USE_CONFIGMGR}" = "true" ]; then if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then diff --git a/bin/libs/json.sh b/bin/libs/json.sh index 5b5342a4a3..481f8e11af 100644 --- a/bin/libs/json.sh +++ b/bin/libs/json.sh @@ -11,6 +11,72 @@ # Copyright Contributors to the Zowe Project. ####################################################################### +# If node.home, java.home, or zowe.runtimeDirectory are missing, +# And if the user desires, we can attempt to update the zowe.yaml +# With the paths we discover. +init_missing_yaml_properties() { + # Check if we can update node/java home, or runtime dir. + # Only possible right now if the config is a basic file. + # no FILE() or PARMLIB() syntax can be handled here yet. + if [ -e "${ZWE_CLI_PARAMETER_CONFIG}" ]; then + update_node_home= + found_node_home="$(shell_read_yaml_node_home "${ZWE_CLI_PARAMETER_CONFIG}")" + # only try to update if it's not defined + if [ -z "${found_node_home}" ]; then + update_node_home=$(detect_node_home) + fi + + update_java_home= + found_java_home="$(shell_read_yaml_java_home "${ZWE_CLI_PARAMETER_CONFIG}")" + # only try to update if it's not defined + if [ -z "${found_java_home}" ]; then + update_java_home=$(detect_java_home) + fi + + update_zowe_runtime_dir= + # do we have zowe.runtimeDirectory defined in zowe.yaml? + yaml_runtime_dir=$(shell_read_yaml_config "${ZWE_CLI_PARAMETER_CONFIG}" "zowe" "runtimeDirectory") + if [ -z "${yaml_runtime_dir}" ]; then + update_zowe_runtime_dir="${ZWE_zowe_runtimeDirectory}" + fi + + if [ -n "${update_node_home}" -o -n "${update_java_home}" -o -n "${update_zowe_runtime_dir}" ]; then + if [ "${ZWE_CLI_PARAMETER_UPDATE_CONFIG}" = "true" ]; then + if [ -n "${update_node_home}" ]; then + update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "node.home" "${update_node_home}" + fi + if [ -n "${update_java_home}" ]; then + update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "java.home" "${update_java_home}" + fi + if [ -n "${update_zowe_runtime_dir}" ]; then + update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "zowe.runtimeDirectory" "${update_zowe_runtime_dir}" + fi + + print_level2_message "Runtime directory, Java and/or node.js settings are updated successfully." + else + print_message "These configurations need to be added to your YAML configuration file:" + print_message "" + if [ -n "${update_zowe_runtime_dir}" ]; then + print_message "zowe:" + print_message " runtimeDirectory: \"${update_zowe_runtime_dir}\"" + fi + if [ -n "${update_node_home}" ]; then + print_message "node:" + print_message " home: \"${update_node_home}\"" + fi + if [ -n "${update_java_home}" ]; then + print_message "java:" + print_message " home: \"${update_java_home}\"" + fi + + print_level2_message "Please manually update \"${ZWE_CLI_PARAMETER_CONFIG}\" before you start Zowe." + fi + fi + fi +} + + + ############################### # Read JSON configuration from shell script # From 2fe99e9db7d58cd7b7c75c09cdc8a51e401815d1 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 28 Mar 2024 08:54:09 -0400 Subject: [PATCH 160/258] Use 2.15.0 apiml since saw staging errors in test Signed-off-by: 1000TurquoisePogs --- manifest.json.template | 45 +++++++++++++++++------------------------- 1 file changed, 18 insertions(+), 27 deletions(-) diff --git a/manifest.json.template b/manifest.json.template index 2530774256..6a1a1640a0 100644 --- a/manifest.json.template +++ b/manifest.json.template @@ -67,49 +67,40 @@ "artifact": "*.pax" }, "org.zowe.apiml.api-catalog-package": { - "version": "^2.1.1-SNAPSHOT", - "artifact": "api-catalog-*.zip", - "exclusions": ["*PR*.zip"] + "version": "2.15.0", + "artifact": "api-catalog*.zip" }, "org.zowe.apiml.discovery-package": { - "version": "^2.1.1-SNAPSHOT", - "artifact": "discovery-*.zip", - "exclusions": ["*PR*.zip"] + "version": "2.15.0", + "artifact": "discovery*.zip" }, "org.zowe.apiml.gateway-package": { - "version": "^2.1.1-SNAPSHOT", - "artifact": "gateway-*.zip", - "exclusions": ["*PR*.zip"] + "version": "2.15.0", + "artifact": "gateway*.zip" }, "org.zowe.apiml.caching-service-package": { - "version": "^2.1.1-SNAPSHOT", - "artifact": "caching-service-*.zip", - "exclusions": ["*PR*.zip"] + "version": "2.15.0", + "artifact": "caching-service*.zip" }, "org.zowe.apiml.metrics-service-package": { - "version": "^2.1.1-SNAPSHOT", - "artifact": "metrics-service-*.zip", - "exclusions": ["*PR*.zip"] + "version": "2.15.0", + "artifact": "metrics-service*.zip" }, "org.zowe.apiml.apiml-common-lib-package": { - "version": "^2.1.1-SNAPSHOT", - "artifact": "apiml-common-lib-*.zip", - "exclusions": ["*PR*.zip"] + "version": "2.15.0", + "artifact": "apiml-common-lib-*.zip" }, "org.zowe.apiml.sdk.common-java-lib-package": { - "version": "^2.0.0-SNAPSHOT", - "artifact": "common-java-lib-*.zip", - "exclusions": ["*PR*.zip"] + "version": "2.0.4", + "artifact": "common-java-lib-*.zip" }, "org.zowe.apiml.sdk.apiml-sample-extension-package": { - "version": "^2.1.1-SNAPSHOT", - "artifact": "apiml-sample-extension-*.zip", - "exclusions": ["*PR*.zip"] + "version": "2.15.0", + "artifact": "apiml-sample-extension-*.zip" }, "org.zowe.apiml.cloud-gateway-package": { - "version": "^2.4.4-SNAPSHOT", - "artifact": "cloud-gateway-*.zip", - "exclusions": ["*PR*.zip"] + "version": "2.15.0", + "artifact": "cloud-gateway-*.zip" }, "org.zowe.getesm": { "version": "^2.0.0-V2.X-STAGING", From 2c3c381b1463bae157499bb6d2bfc4d4c37f8e69 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 28 Mar 2024 11:46:02 -0400 Subject: [PATCH 161/258] replace null with empty for env var strings Signed-off-by: 1000TurquoisePogs --- bin/libs/config.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/libs/config.ts b/bin/libs/config.ts index 65530c1234..d1789ab1c5 100644 --- a/bin/libs/config.ts +++ b/bin/libs/config.ts @@ -175,6 +175,7 @@ export function generateInstanceEnvFromYamlConfig(haInstance: string) { componentFileArray.push(`ZWE_configs_${key}=${envs['ZWE_components_'+componentAlpha+'_'+key]}`); } }); + componentFileArray = componentFileArray.map((row)=> { return row.endsWith('=null') ? row.substring(0, row.length-5)+'=' : row }); const componentFileContent = componentFileArray.join('\n'); rc = xplatform.storeFileUTF8(`${folderName}/.instance-${haInstance}.env`, xplatform.AUTO_DETECT, componentFileContent); @@ -185,6 +186,7 @@ export function generateInstanceEnvFromYamlConfig(haInstance: string) { } }); + envFileArray = envFileArray.map((row)=> { return row.endsWith('=null') ? row.substring(0, row.length-5)+'=' : row }); let envFileContent = envFileArray.join('\n'); let rc = xplatform.storeFileUTF8(`${zwePrivateWorkspaceEnvDir}/.instance-${haInstance}.env`, xplatform.AUTO_DETECT, envFileContent); if (rc) { From fd656b434d97f0d5d5e8ca8b3a9e1ca7a7e600e4 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 28 Mar 2024 13:03:30 -0400 Subject: [PATCH 162/258] Update example-zowe.yaml Signed-off-by: 1000TurquoisePogs --- example-zowe.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/example-zowe.yaml b/example-zowe.yaml index 836c60973b..301da9399b 100644 --- a/example-zowe.yaml +++ b/example-zowe.yaml @@ -131,7 +131,7 @@ zowe: org: "Zowe Sample" locality: "Prague" state: "Prague" - country: "" + country: "CZ" # Validity days for Zowe generated certificates validity: 3650 # Domain names and IPs should be added into certificate SAN From db2a8da24b9978ac4427a4ef1a614b27ac318f08 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 28 Mar 2024 13:05:53 -0400 Subject: [PATCH 163/258] Switch back to staging apiml and normal init Signed-off-by: 1000TurquoisePogs --- manifest.json.template | 45 +++++++++++-------- playbooks/roles/configure/tasks/main.yml | 44 +----------------- playbooks/roles/configure/tasks/show_logs.yml | 1 - 3 files changed, 29 insertions(+), 61 deletions(-) diff --git a/manifest.json.template b/manifest.json.template index 6a1a1640a0..2530774256 100644 --- a/manifest.json.template +++ b/manifest.json.template @@ -67,40 +67,49 @@ "artifact": "*.pax" }, "org.zowe.apiml.api-catalog-package": { - "version": "2.15.0", - "artifact": "api-catalog*.zip" + "version": "^2.1.1-SNAPSHOT", + "artifact": "api-catalog-*.zip", + "exclusions": ["*PR*.zip"] }, "org.zowe.apiml.discovery-package": { - "version": "2.15.0", - "artifact": "discovery*.zip" + "version": "^2.1.1-SNAPSHOT", + "artifact": "discovery-*.zip", + "exclusions": ["*PR*.zip"] }, "org.zowe.apiml.gateway-package": { - "version": "2.15.0", - "artifact": "gateway*.zip" + "version": "^2.1.1-SNAPSHOT", + "artifact": "gateway-*.zip", + "exclusions": ["*PR*.zip"] }, "org.zowe.apiml.caching-service-package": { - "version": "2.15.0", - "artifact": "caching-service*.zip" + "version": "^2.1.1-SNAPSHOT", + "artifact": "caching-service-*.zip", + "exclusions": ["*PR*.zip"] }, "org.zowe.apiml.metrics-service-package": { - "version": "2.15.0", - "artifact": "metrics-service*.zip" + "version": "^2.1.1-SNAPSHOT", + "artifact": "metrics-service-*.zip", + "exclusions": ["*PR*.zip"] }, "org.zowe.apiml.apiml-common-lib-package": { - "version": "2.15.0", - "artifact": "apiml-common-lib-*.zip" + "version": "^2.1.1-SNAPSHOT", + "artifact": "apiml-common-lib-*.zip", + "exclusions": ["*PR*.zip"] }, "org.zowe.apiml.sdk.common-java-lib-package": { - "version": "2.0.4", - "artifact": "common-java-lib-*.zip" + "version": "^2.0.0-SNAPSHOT", + "artifact": "common-java-lib-*.zip", + "exclusions": ["*PR*.zip"] }, "org.zowe.apiml.sdk.apiml-sample-extension-package": { - "version": "2.15.0", - "artifact": "apiml-sample-extension-*.zip" + "version": "^2.1.1-SNAPSHOT", + "artifact": "apiml-sample-extension-*.zip", + "exclusions": ["*PR*.zip"] }, "org.zowe.apiml.cloud-gateway-package": { - "version": "2.15.0", - "artifact": "cloud-gateway-*.zip" + "version": "^2.4.4-SNAPSHOT", + "artifact": "cloud-gateway-*.zip", + "exclusions": ["*PR*.zip"] }, "org.zowe.getesm": { "version": "^2.0.0-V2.X-STAGING", diff --git a/playbooks/roles/configure/tasks/main.yml b/playbooks/roles/configure/tasks/main.yml index e01e60e26e..0863ffe267 100644 --- a/playbooks/roles/configure/tasks/main.yml +++ b/playbooks/roles/configure/tasks/main.yml @@ -352,49 +352,9 @@ when: zowe_configure_ignore_security_failures # ============================================================================ -- name: Init mvs Zowe +- name: Init Zowe import_role: name: zos tasks_from: run_zwe vars: - parameters: "init mvs {{ zwe_init_params }}" - -# ============================================================================ -- name: Init vsam Zowe - import_role: - name: zos - tasks_from: run_zwe - vars: - parameters: "init vsam {{ zwe_init_params }}" - -# ============================================================================ -- name: Init stc Zowe - import_role: - name: zos - tasks_from: run_zwe - vars: - parameters: "init stc {{ zwe_init_params }}" - -# ============================================================================ -- name: Init apfauth Zowe - import_role: - name: zos - tasks_from: run_zwe - vars: - parameters: "init apfauth {{ zwe_init_params }}" - -# ============================================================================ -- name: Init security Zowe - import_role: - name: zos - tasks_from: run_zwe - vars: - parameters: "init security {{ zwe_init_params }}" - -# ============================================================================ -- name: Init certificate Zowe - import_role: - name: zos - tasks_from: run_zwe - vars: - parameters: "init certificate {{ zwe_init_params }}" + parameters: "init {{ zwe_init_params }}" diff --git a/playbooks/roles/configure/tasks/show_logs.yml b/playbooks/roles/configure/tasks/show_logs.yml index 29bd0e9ee3..dc2cf554b3 100644 --- a/playbooks/roles/configure/tasks/show_logs.yml +++ b/playbooks/roles/configure/tasks/show_logs.yml @@ -39,7 +39,6 @@ loop: - ZWEGENER - ZWEIMVS - - ZWEIMVS2 - ZWEIAPF2 - ZWEIACF - ZWEIRAC From ad7b1b94323740c6cf7bcce163429d81119393eb Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Tue, 9 Apr 2024 10:29:45 +0200 Subject: [PATCH 164/258] Take the rest as the second argument and change in hex Signed-off-by: Martin Zeithaml --- files/SZWEEXEC/ZWECHG | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/files/SZWEEXEC/ZWECHG b/files/SZWEEXEC/ZWECHG index 3058ffe14a..515e2a00fe 100644 --- a/files/SZWEEXEC/ZWECHG +++ b/files/SZWEEXEC/ZWECHG @@ -1,7 +1,5 @@ /* REXX */ -parse pull args -changeFrom = word(args, 1) -changeTo = word(args, 2) +parse pull changeFrom changeTo address isredit 'macro' -address isredit 'change all 'changeFrom changeTo -address isredit 'end' +address isredit 'change all 'changeFrom "X'"||c2x(changeTo)"'" +address isredit 'end' \ No newline at end of file From 935404734e7ddcf11c96a814d95bb071b5ab066e Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Tue, 9 Apr 2024 10:33:36 +0200 Subject: [PATCH 165/258] Add new line at the end Signed-off-by: Martin Zeithaml --- files/SZWEEXEC/ZWECHG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/SZWEEXEC/ZWECHG b/files/SZWEEXEC/ZWECHG index 515e2a00fe..9960898b45 100644 --- a/files/SZWEEXEC/ZWECHG +++ b/files/SZWEEXEC/ZWECHG @@ -2,4 +2,4 @@ parse pull changeFrom changeTo address isredit 'macro' address isredit 'change all 'changeFrom "X'"||c2x(changeTo)"'" -address isredit 'end' \ No newline at end of file +address isredit 'end' From b6ffea9413b8f6c42b6855c48ca730c6dff638aa Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 9 Apr 2024 15:47:37 -0400 Subject: [PATCH 166/258] Fix keyring tmp file use Signed-off-by: 1000TurquoisePogs --- bin/libs/certificate.sh | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/bin/libs/certificate.sh b/bin/libs/certificate.sh index b50c72f3f7..1874f4a8a6 100644 --- a/bin/libs/certificate.sh +++ b/bin/libs/certificate.sh @@ -943,15 +943,9 @@ EOF if [ "${ZWE_CLI_PARAMETER_SECURITY_DRY_RUN}" = "true" ]; then print_message "JCL not submitted, command run with dry run flag." print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" + print_trace "- Delete ${tmpfile}" rm "${tmpfile}" else - print_trace "- Ensure ${tmpfile} encoding before copying into data set" - ensure_file_encoding "${tmpfile}" "SPDX-License-Identifier" - print_trace "- ${tmpfile} created, writing back to ${jcllib}(${member_name})" - copy_to_data_set "${tmpfile}" "${jcllib}(${member_name})" "" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" - code=$? - print_trace "- Delete ${tmpfile}" - rm -f "${tmpfile}" if [ ${code} -ne 0 ]; then print_error "Error ZWEL0160E: Failed to write to ${jcllib}(${tmpdsm}). Please check if target data set is opened by others." return 160 @@ -960,11 +954,13 @@ EOF ############################### # submit job - print_message "Submitting Job ${member_name})" + print_message "Submitting Job ${member_name}" jobid=$(submit_job "${tmpfile}") code=$? if [ ${code} -ne 0 ]; then print_error "Error ZWEL0161E: Failed to run JCL ${jcllib}(${member_name})." + print_trace "- Delete ${tmpfile}" + rm -f "${tmpfile}" return 161 fi print_debug "- job id ${jobid}" @@ -972,6 +968,8 @@ EOF code=$? if [ ${code} -eq 1 ]; then print_error "Error ZWEL0162E: Failed to find job ${jobid} result." + print_trace "- Delete ${tmpfile}" + rm -f "${tmpfile}" return 162 fi jobname=$(echo "${jobstate}" | awk -F, '{print $2}') @@ -987,8 +985,12 @@ EOF print_message "" else print_error "Error ZWEL0163E: Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." + print_trace "- Delete ${tmpfile}" + rm -f "${tmpfile}" return 163 fi + print_trace "- Delete ${tmpfile}" + rm -f "${tmpfile}" fi } From e38e8773122af14de3b5d1b102985291fb00b351 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 9 Apr 2024 16:51:03 -0400 Subject: [PATCH 167/258] Re-add updateZoweYamlFromObj removed in conflict resolution Signed-off-by: 1000TurquoisePogs --- bin/libs/json.ts | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/bin/libs/json.ts b/bin/libs/json.ts index 8e269e8374..c5e0821a5f 100644 --- a/bin/libs/json.ts +++ b/bin/libs/json.ts @@ -81,3 +81,8 @@ export function updateZoweYaml(file: string, key: string, val: any) { common.printError(` * Error`); } } + +export function updateZoweYamlFromObj(file: string, updateObj: any) { + common.printMessage(`- update zowe config ${file} with obj=${JSON.stringify(updateObj, null, 2)}`); + config.updateZoweConfig(updateObj, true, 1); //TODO externalize array merge strategy = 1 +} From 6be85657a911e23e89e92d8b62900ea8d4f86ecd Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Wed, 10 Apr 2024 10:09:13 +0200 Subject: [PATCH 168/258] Trace or debug for zwe -> verbose in REXX Signed-off-by: Martin Zeithaml --- bin/commands/init/generate/index.ts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bin/commands/init/generate/index.ts b/bin/commands/init/generate/index.ts index 5abfd4e55c..88a768b990 100644 --- a/bin/commands/init/generate/index.ts +++ b/bin/commands/init/generate/index.ts @@ -42,6 +42,9 @@ export function execute(dryRun?: boolean) { // $$ inserts a '$', replace(/[$]/g, '$$$$') => double each '$' occurence jclContents = jclContents.replace(/\{zowe\.setup\.dataset\.prefix\}/gi, prefix.replace(/[$]/g, '$$$$')); jclContents = jclContents.replace(/\{zowe\.runtimeDirectory\}/gi, runtimeDirectory.replace(/[$]/g, '$$$$')); + if (std.getenv('ZWE_PRIVATE_LOG_LEVEL_ZWELS') !== 'INFO') { + jclContents = jclContents.replace('noverbose -', 'verbose -'); + } let originalConfig = std.getenv('ZWE_PRIVATE_CONFIG_ORIG'); let startingConfig = originalConfig; if ((originalConfig.indexOf('FILE(') == -1) && (originalConfig.indexOf('PARMLIB(') == -1)) { From 9126333927225df22ea478c2bb1e927774560199 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 10 Apr 2024 09:43:37 -0500 Subject: [PATCH 169/258] Update INSTALLATION.md Change order of keyring description Signed-off-by: 1000TurquoisePogs --- INSTALLATION.md | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/INSTALLATION.md b/INSTALLATION.md index 467dabfc64..8ad3a8b309 100644 --- a/INSTALLATION.md +++ b/INSTALLATION.md @@ -132,13 +132,8 @@ When the JCL is prepared, the following jobs can be submitted to perform the fol There are 4 options for setting up keyrings: Three scenarios covered by JCL samples where a keyring is created for you, or a fourth where you can bring your own keyring. -|Keyring Setup Type|Description|Sample JCL| -|---|---|---| -|1|Zowe will create a keyring and populate it with a newly generated certificate and certificate authority. The certificate would be seen as "self-signed" by clients unless import of the CA to clients is performed|RACF: [ZWEIKRR1](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRR1)

TSS: [ZWEIKRT1](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRT1)

ACF2: [ZWEIKRA1](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRA1)| -|2|Zowe will create a keyring and populate it by connecting pre-existing certificates and CAs that you specify.|RACF: [ZWEIKRR2](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRR2)

TSS: [ZWEIKRT2](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRT2)

ACF2: [ZWEIKRA2](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRA2)| -|3|Zowe will create a keyring and populate it by importing PKCS12 content from a dataset that you specify.|RACF: [ZWEIKRR3](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRR3)

TSS: [ZWEIKRT3](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRT3)

ACF2: [ZWEIKRA3](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRA3)| +If you already have a keyring that meets the requirements, you can configure Zowe to use it by configuring Zowe YAML values within `zowe.certificate` as follows: -Alternatively, zowe can use a keyring provided by you as long as the contents meet Zowe's requirements and configure YAML values within `zowe.certificate` as follows: ```yaml zowe: certificate: @@ -153,6 +148,15 @@ zowe: password: "password" #literally "password". keyrings do not use passwords, so this is a placeholder. ``` +If you would like Zowe to create a keyring instead, you can do one of these three tasks: + +|Keyring Setup Type|Description|Sample JCL| +|---|---|---| +|1|Zowe will create a keyring and populate it with a newly generated certificate and certificate authority. The certificate would be seen as "self-signed" by clients unless import of the CA to clients is performed|RACF: [ZWEIKRR1](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRR1)

TSS: [ZWEIKRT1](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRT1)

ACF2: [ZWEIKRA1](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRA1)| +|2|Zowe will create a keyring and populate it by connecting pre-existing certificates and CAs that you specify.|RACF: [ZWEIKRR2](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRR2)

TSS: [ZWEIKRT2](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRT2)

ACF2: [ZWEIKRA2](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRA2)| +|3|Zowe will create a keyring and populate it by importing PKCS12 content from a dataset that you specify.|RACF: [ZWEIKRR3](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRR3)

TSS: [ZWEIKRT3](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRT3)

ACF2: [ZWEIKRA3](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRA3)| + + #### (Optional) Caching Service VSAM Task: --- If you plan to use the Zowe caching service Component, such as for high availability and fault tolerance reasons, then you must choose a form of database for it to use. From a2617d51e77ffd7c5032288deb208201f7263c07 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Fri, 19 Apr 2024 11:42:10 +0200 Subject: [PATCH 170/258] Deal with possible dollar sign in DSN Signed-off-by: Martin Zeithaml --- files/SZWESAMP/ZWEIAPF2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/files/SZWESAMP/ZWEIAPF2 b/files/SZWESAMP/ZWEIAPF2 index 1ff114870a..ca56310e4d 100644 --- a/files/SZWESAMP/ZWEIAPF2 +++ b/files/SZWESAMP/ZWEIAPF2 @@ -28,9 +28,9 @@ //STDPARM DD * SH cd "{zowe.runtimeDirectory}" && cd bin/utils && -export LOADLIB={zowe.setup.dataset.authLoadlib} && +export LOADLIB='{zowe.setup.dataset.authLoadlib}' && export LOADLOC=SMS && -export PLUGLIB={zowe.setup.dataset.authPluginLib} && +export PLUGLIB='{zowe.setup.dataset.authPluginLib}' && export PLUGLOC=SMS && ./opercmd.rex "SETPROG APF,ADD,DSN=$LOADLIB,$LOADLOC" && ./opercmd.rex "SETPROG APF,ADD,DSN=$PLUGLIB,$PLUGLOC" From e6b4ee8fbeb2040839c85ad6744515cf21d7d007 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Fri, 19 Apr 2024 16:21:59 +0200 Subject: [PATCH 171/258] Change OneOf to separate pieces Signed-off-by: Martin Zeithaml --- schemas/server-common.json | 36 +++++++++++++++++++----------------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/schemas/server-common.json b/schemas/server-common.json index 9506e380f7..c9b419ce95 100644 --- a/schemas/server-common.json +++ b/schemas/server-common.json @@ -17,26 +17,28 @@ "pattern": "^(([\\^\\~\\>\\<]?)|(>=?)|(<=?))[0-9]*\\.[0-9]*\\.[0-9]*(-*[a-zA-Z][0-9a-zA-Z\\-\\.]*)?(\\+[0-9a-zA-Z\\-\\.]*)?$" }, "dataset": { + "$anchor": "zoweDataset", "type": "string", + "description": "A 44-char all caps dotted ZOS name", + "pattern": "^([A-Z\\$\\#\\@]){1}([A-Z0-9\\$\\#\\@\\-]){0,7}(\\.([A-Z\\$\\#\\@]){1}([A-Z0-9\\$\\#\\@\\-]){0,7}){0,11}$", + "minLength": 3, + "maxLength": 44 + }, + "datasetPrefix": { + "$anchor": "zoweDatasetPrefix", + "type": "string", + "description": "A 35-char all caps dotted ZOS name (space for '.SZWEnnnn')", + "pattern": "^([A-Z\\$\\#\\@]){1}([A-Z0-9\\$\\#\\@\\-]){0,7}(\\.([A-Z\\$\\#\\@]){1}([A-Z0-9\\$\\#\\@\\-]){0,7}){0,11}$", "minLength": 3, + "maxLength": 35 + }, + "datasetVsam": { + "$anchor": "zoweDatasetVsam", + "type": "string", + "description": "A 38-char all caps dotted ZOS name (space for '.INDEX')", "pattern": "^([A-Z\\$\\#\\@]){1}([A-Z0-9\\$\\#\\@\\-]){0,7}(\\.([A-Z\\$\\#\\@]){1}([A-Z0-9\\$\\#\\@\\-]){0,7}){0,11}$", - "oneOf": [ - { - "$anchor": "zoweDataset", - "description": "A 44-char all caps dotted ZOS name", - "maxLength": 44 - }, - { - "$anchor": "zoweDatasetPrefix", - "description": "A 35-char all caps dotted ZOS name (space for '.SZWEnnnn')", - "maxLength": 35 - }, - { - "$anchor": "zoweDatasetVsam", - "description": "A 38-char all caps dotted ZOS name (space for '.INDEX')", - "maxLength": 38 - } - ] + "minLength": 3, + "maxLength": 38 }, "datasetMember": { "$anchor": "zoweDatasetMember", From 4dcd99764f0e7c482e41fcf87b7314e076c91cd4 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 19 Apr 2024 14:25:32 -0400 Subject: [PATCH 172/258] Add HEAPPOOLS64(OFF) Signed-off-by: 1000TurquoisePogs --- bin/commands/components/disable/index.sh | 2 +- bin/commands/components/enable/index.sh | 2 +- bin/commands/components/handlerutils.ts | 6 +++--- bin/commands/components/install/extract/index.sh | 2 +- bin/commands/components/install/index.sh | 2 +- bin/commands/components/install/process-hook/index.sh | 2 +- bin/commands/components/search/index.sh | 2 +- bin/commands/components/uninstall/index.sh | 2 +- bin/commands/components/upgrade/index.sh | 2 +- bin/commands/config/get/index.sh | 2 +- bin/commands/config/validate/index.sh | 2 +- bin/commands/diagnose/index.sh | 2 +- bin/commands/init/apfauth/index.sh | 2 +- bin/commands/init/generate/index.sh | 2 +- bin/commands/init/index.sh | 2 +- bin/commands/init/mvs/index.sh | 2 +- bin/commands/init/security/index.sh | 2 +- bin/commands/init/stc/index.sh | 2 +- bin/commands/init/vsam/index.sh | 2 +- bin/commands/internal/config/get/index.sh | 2 +- bin/commands/internal/config/set/index.sh | 2 +- bin/commands/internal/container/init/index.sh | 2 +- bin/commands/internal/get-launch-components/index.sh | 2 +- bin/commands/internal/start/component/index.sh | 2 +- bin/commands/internal/start/index.sh | 2 +- bin/commands/internal/start/prepare/index.sh | 2 +- bin/commands/start/index.sh | 2 +- bin/commands/stop/index.sh | 2 +- 28 files changed, 30 insertions(+), 30 deletions(-) diff --git a/bin/commands/components/disable/index.sh b/bin/commands/components/disable/index.sh index a11ffb64c9..5934f05032 100644 --- a/bin/commands/components/disable/index.sh +++ b/bin/commands/components/disable/index.sh @@ -17,7 +17,7 @@ if [ "${USE_CONFIGMGR}" = "true" ]; then # user-facing command, use tmpdir to not mess up workspace permissions export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/components/disable/cli.js" + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/components/disable/cli.js" else require_node diff --git a/bin/commands/components/enable/index.sh b/bin/commands/components/enable/index.sh index 572f5fa58f..2f421ed84f 100644 --- a/bin/commands/components/enable/index.sh +++ b/bin/commands/components/enable/index.sh @@ -17,7 +17,7 @@ if [ "${USE_CONFIGMGR}" = "true" ]; then # user-facing command, use tmpdir to not mess up workspace permissions export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/components/enable/cli.js" + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/components/enable/cli.js" else require_node diff --git a/bin/commands/components/handlerutils.ts b/bin/commands/components/handlerutils.ts index 805690a1f4..7ad4d29798 100644 --- a/bin/commands/components/handlerutils.ts +++ b/bin/commands/components/handlerutils.ts @@ -45,7 +45,7 @@ export class HandlerCaller { std.setenv('ZWE_CLI_REGISTRY_COMMAND', 'search'); common.printMessage(`Calling handler '${this.handler}' to search for ${componentName}`); - const result = shell.execSync('sh', '-c', `_CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${std.getenv('ZWE_zowe_runtimeDirectory')}/bin/utils/configmgr -script "${this.handlerPath}"`); + const result = shell.execSync('sh', '-c', `_CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${std.getenv('ZWE_zowe_runtimeDirectory')}/bin/utils/configmgr -script "${this.handlerPath}"`); common.printMessage(`Handler search exited with rc=${result.rc}`); return result.rc; } @@ -59,7 +59,7 @@ export class HandlerCaller { std.setenv('ZWE_CLI_REGISTRY_DRY_RUN', dryRun ? 'true' : 'false'); - const result = shell.execOutSync('sh', '-c', `_CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${std.getenv('ZWE_zowe_runtimeDirectory')}/bin/utils/configmgr -script "${this.handlerPath}"`); + const result = shell.execOutSync('sh', '-c', `_CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${std.getenv('ZWE_zowe_runtimeDirectory')}/bin/utils/configmgr -script "${this.handlerPath}"`); common.printMessage(`Handler uninstall exited with rc=${result.rc}`); if (result.rc) { @@ -95,7 +95,7 @@ export class HandlerCaller { std.setenv('ZWE_CLI_REGISTRY_DRY_RUN', dryRun ? 'true' : 'false'); - const result = shell.execOutSync('sh', '-c', `_CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${std.getenv('ZWE_zowe_runtimeDirectory')}/bin/utils/configmgr -script "${this.handlerPath}"`); + const result = shell.execOutSync('sh', '-c', `_CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${std.getenv('ZWE_zowe_runtimeDirectory')}/bin/utils/configmgr -script "${this.handlerPath}"`); common.printMessage(`Handler ${action} exited with rc=${result.rc}`); if (result.rc) { diff --git a/bin/commands/components/install/extract/index.sh b/bin/commands/components/install/extract/index.sh index 5468abaa87..7a3ad52226 100644 --- a/bin/commands/components/install/extract/index.sh +++ b/bin/commands/components/install/extract/index.sh @@ -13,7 +13,7 @@ USE_CONFIGMGR=$(check_configmgr_enabled) if [ "${USE_CONFIGMGR}" = "true" ]; then - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/components/install/extract/cli.js" + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/components/install/extract/cli.js" else diff --git a/bin/commands/components/install/index.sh b/bin/commands/components/install/index.sh index 04d8c355da..22b163b994 100644 --- a/bin/commands/components/install/index.sh +++ b/bin/commands/components/install/index.sh @@ -16,7 +16,7 @@ if [ "${USE_CONFIGMGR}" = "true" ]; then if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/components/install/cli.js" + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/components/install/cli.js" else zwecli_inline_execute_command components install extract diff --git a/bin/commands/components/install/process-hook/index.sh b/bin/commands/components/install/process-hook/index.sh index 1cbb8c0e6d..668950ad9e 100644 --- a/bin/commands/components/install/process-hook/index.sh +++ b/bin/commands/components/install/process-hook/index.sh @@ -13,7 +13,7 @@ USE_CONFIGMGR=$(check_configmgr_enabled) if [ "${USE_CONFIGMGR}" = "true" ]; then - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/components/install/process-hook/cli.js" + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/components/install/process-hook/cli.js" else diff --git a/bin/commands/components/search/index.sh b/bin/commands/components/search/index.sh index 48bec0b0a7..bd125ea92a 100644 --- a/bin/commands/components/search/index.sh +++ b/bin/commands/components/search/index.sh @@ -17,7 +17,7 @@ if [ "${USE_CONFIGMGR}" = "true" ]; then # user-facing command, use tmpdir to not mess up workspace permissions export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/components/search/cli.js" + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/components/search/cli.js" else print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 fi diff --git a/bin/commands/components/uninstall/index.sh b/bin/commands/components/uninstall/index.sh index 020b96c521..48d55e9659 100644 --- a/bin/commands/components/uninstall/index.sh +++ b/bin/commands/components/uninstall/index.sh @@ -17,7 +17,7 @@ if [ "${USE_CONFIGMGR}" = "true" ]; then # user-facing command, use tmpdir to not mess up workspace permissions export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/components/uninstall/cli.js" + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/components/uninstall/cli.js" else print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 fi diff --git a/bin/commands/components/upgrade/index.sh b/bin/commands/components/upgrade/index.sh index 2d188011d1..12d8c96be5 100644 --- a/bin/commands/components/upgrade/index.sh +++ b/bin/commands/components/upgrade/index.sh @@ -17,7 +17,7 @@ if [ "${USE_CONFIGMGR}" = "true" ]; then # user-facing command, use tmpdir to not mess up workspace permissions export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/components/upgrade/cli.js" + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/components/upgrade/cli.js" else print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 fi diff --git a/bin/commands/config/get/index.sh b/bin/commands/config/get/index.sh index 3242f1f566..d41f5e542d 100644 --- a/bin/commands/config/get/index.sh +++ b/bin/commands/config/get/index.sh @@ -17,7 +17,7 @@ if [ "${USE_CONFIGMGR}" = "true" ]; then # user-facing command, use tmpdir to not mess up workspace permissions export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/config/get/cli.js" + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/config/get/cli.js" else echo "This command is only available when zowe.useConfigmgr=true" fi diff --git a/bin/commands/config/validate/index.sh b/bin/commands/config/validate/index.sh index 0d854eb132..73bcbfd170 100644 --- a/bin/commands/config/validate/index.sh +++ b/bin/commands/config/validate/index.sh @@ -17,7 +17,7 @@ if [ "${USE_CONFIGMGR}" = "true" ]; then # user-facing command, use tmpdir to not mess up workspace permissions export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/config/validate/cli.js" + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/config/validate/cli.js" else echo "This command is only available when zowe.useConfigmgr=true" fi diff --git a/bin/commands/diagnose/index.sh b/bin/commands/diagnose/index.sh index d1f07e8ebe..e45a33a2bb 100644 --- a/bin/commands/diagnose/index.sh +++ b/bin/commands/diagnose/index.sh @@ -13,7 +13,7 @@ USE_CONFIGMGR=$(check_configmgr_enabled) if [ "${USE_CONFIGMGR}" = "true" ]; then - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/diagnose/cli.js" + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/diagnose/cli.js" else error_code="${ZWE_CLI_PARAMETER_ERROR_CODE}" diff --git a/bin/commands/init/apfauth/index.sh b/bin/commands/init/apfauth/index.sh index e65221b252..472d7192c4 100644 --- a/bin/commands/init/apfauth/index.sh +++ b/bin/commands/init/apfauth/index.sh @@ -18,7 +18,7 @@ if [ "${USE_CONFIGMGR}" = "true" ]; then # user-facing command, use tmpdir to not mess up workspace permissions export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/apfauth/cli.js" + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/apfauth/cli.js" else print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 fi diff --git a/bin/commands/init/generate/index.sh b/bin/commands/init/generate/index.sh index f3dedacb2e..d081d672c9 100644 --- a/bin/commands/init/generate/index.sh +++ b/bin/commands/init/generate/index.sh @@ -17,7 +17,7 @@ if [ "${USE_CONFIGMGR}" = "true" ]; then # user-facing command, use tmpdir to not mess up workspace permissions export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/generate/cli.js" + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/generate/cli.js" else print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 fi diff --git a/bin/commands/init/index.sh b/bin/commands/init/index.sh index 4a7c9217ce..13ef5ab299 100755 --- a/bin/commands/init/index.sh +++ b/bin/commands/init/index.sh @@ -20,7 +20,7 @@ if [ "${USE_CONFIGMGR}" = "true" ]; then # user-facing command, use tmpdir to not mess up workspace permissions export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/cli.js" + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/cli.js" else print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 fi diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index 9998c9afd7..bb087f43f6 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -19,7 +19,7 @@ if [ "${USE_CONFIGMGR}" = "true" ]; then # user-facing command, use tmpdir to not mess up workspace permissions export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/mvs/cli.js" + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/mvs/cli.js" else print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 fi diff --git a/bin/commands/init/security/index.sh b/bin/commands/init/security/index.sh index 5bab5bb233..0a1b87b5a7 100644 --- a/bin/commands/init/security/index.sh +++ b/bin/commands/init/security/index.sh @@ -18,7 +18,7 @@ if [ "${USE_CONFIGMGR}" = "true" ]; then # user-facing command, use tmpdir to not mess up workspace permissions export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/security/cli.js" + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/security/cli.js" else print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 fi diff --git a/bin/commands/init/stc/index.sh b/bin/commands/init/stc/index.sh index 51ecc442be..dcc6a73ba4 100644 --- a/bin/commands/init/stc/index.sh +++ b/bin/commands/init/stc/index.sh @@ -18,7 +18,7 @@ if [ "${USE_CONFIGMGR}" = "true" ]; then # user-facing command, use tmpdir to not mess up workspace permissions export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/stc/cli.js" + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/stc/cli.js" else print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 fi diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index 574f36d61a..88b1d30412 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -17,7 +17,7 @@ if [ "${USE_CONFIGMGR}" = "true" ]; then # user-facing command, use tmpdir to not mess up workspace permissions export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/vsam/cli.js" + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/vsam/cli.js" else print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 fi diff --git a/bin/commands/internal/config/get/index.sh b/bin/commands/internal/config/get/index.sh index e6b7803bdc..f4eb38eb4f 100644 --- a/bin/commands/internal/config/get/index.sh +++ b/bin/commands/internal/config/get/index.sh @@ -13,7 +13,7 @@ USE_CONFIGMGR=$(check_configmgr_enabled) if [ "${USE_CONFIGMGR}" = "true" ]; then - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/internal/config/get/cli.js" + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/internal/config/get/cli.js" else ############################### diff --git a/bin/commands/internal/config/set/index.sh b/bin/commands/internal/config/set/index.sh index 38aaa2a59e..dddc8c9f26 100644 --- a/bin/commands/internal/config/set/index.sh +++ b/bin/commands/internal/config/set/index.sh @@ -13,7 +13,7 @@ USE_CONFIGMGR=$(check_configmgr_enabled) if [ "${USE_CONFIGMGR}" = "true" ]; then - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/internal/config/set/cli.js" + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/internal/config/set/cli.js" else ############################### diff --git a/bin/commands/internal/container/init/index.sh b/bin/commands/internal/container/init/index.sh index 49970840e7..91f3b89359 100644 --- a/bin/commands/internal/container/init/index.sh +++ b/bin/commands/internal/container/init/index.sh @@ -13,7 +13,7 @@ USE_CONFIGMGR=$(check_configmgr_enabled) if [ "${USE_CONFIGMGR}" = "true" ]; then - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/internal/container/init/cli.js" + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/internal/container/init/cli.js" else diff --git a/bin/commands/internal/get-launch-components/index.sh b/bin/commands/internal/get-launch-components/index.sh index 11b64eff01..ed9fc01836 100644 --- a/bin/commands/internal/get-launch-components/index.sh +++ b/bin/commands/internal/get-launch-components/index.sh @@ -14,7 +14,7 @@ USE_CONFIGMGR=$(check_configmgr_enabled) if [ "${USE_CONFIGMGR}" = "true" ]; then - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/internal/get-launch-components/cli.js" + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/internal/get-launch-components/cli.js" else diff --git a/bin/commands/internal/start/component/index.sh b/bin/commands/internal/start/component/index.sh index a0d0fac1ff..1de4660459 100644 --- a/bin/commands/internal/start/component/index.sh +++ b/bin/commands/internal/start/component/index.sh @@ -13,7 +13,7 @@ USE_CONFIGMGR=$(check_configmgr_enabled) if [ "${USE_CONFIGMGR}" = "true" ]; then - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/internal/start/component/cli.js" + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/internal/start/component/cli.js" else diff --git a/bin/commands/internal/start/index.sh b/bin/commands/internal/start/index.sh index 1c2ea3b7d8..843d4e4a86 100644 --- a/bin/commands/internal/start/index.sh +++ b/bin/commands/internal/start/index.sh @@ -13,7 +13,7 @@ USE_CONFIGMGR=$(check_configmgr_enabled) if [ "${USE_CONFIGMGR}" = "true" ]; then - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/internal/start/cli.js" + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/internal/start/cli.js" else diff --git a/bin/commands/internal/start/prepare/index.sh b/bin/commands/internal/start/prepare/index.sh index 7927fbd231..85ca4ad100 100644 --- a/bin/commands/internal/start/prepare/index.sh +++ b/bin/commands/internal/start/prepare/index.sh @@ -17,7 +17,7 @@ USE_CONFIGMGR=$(check_configmgr_enabled) if [ "${USE_CONFIGMGR}" = "true" ]; then - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/internal/start/prepare/cli.js" + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/internal/start/prepare/cli.js" else diff --git a/bin/commands/start/index.sh b/bin/commands/start/index.sh index a0ed1b47ad..a24dcb93df 100644 --- a/bin/commands/start/index.sh +++ b/bin/commands/start/index.sh @@ -18,7 +18,7 @@ if [ "${USE_CONFIGMGR}" = "true" ]; then # user-facing command, use tmpdir to not mess up workspace permissions export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/start/cli.js" + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/start/cli.js" else diff --git a/bin/commands/stop/index.sh b/bin/commands/stop/index.sh index 912092ee0a..fba55a3836 100644 --- a/bin/commands/stop/index.sh +++ b/bin/commands/stop/index.sh @@ -17,7 +17,7 @@ if [ "${USE_CONFIGMGR}" = "true" ]; then # user-facing command, use tmpdir to not mess up workspace permissions export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/stop/cli.js" + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/stop/cli.js" else From 6e29cbb7d92f94dbf4f5840d010b2be4ba7bc3a2 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 19 Apr 2024 14:29:23 -0400 Subject: [PATCH 173/258] Split init up again for testing Signed-off-by: 1000TurquoisePogs --- playbooks/roles/configure/tasks/main.yml | 39 ++++++++++++++++++++++-- 1 file changed, 37 insertions(+), 2 deletions(-) diff --git a/playbooks/roles/configure/tasks/main.yml b/playbooks/roles/configure/tasks/main.yml index 0863ffe267..20ef9ea5b9 100644 --- a/playbooks/roles/configure/tasks/main.yml +++ b/playbooks/roles/configure/tasks/main.yml @@ -352,9 +352,44 @@ when: zowe_configure_ignore_security_failures # ============================================================================ -- name: Init Zowe +- name: Init Zowe mvs import_role: name: zos tasks_from: run_zwe vars: - parameters: "init {{ zwe_init_params }}" + parameters: "init mvs {{ zwe_init_params }}" + +- name: Init Zowe vsam + import_role: + name: zos + tasks_from: run_zwe + vars: + parameters: "init vsam {{ zwe_init_params }}" + +- name: Init Zowe security + import_role: + name: zos + tasks_from: run_zwe + vars: + parameters: "init security {{ zwe_init_params }}" + +- name: Init Zowe apfauth + import_role: + name: zos + tasks_from: run_zwe + vars: + parameters: "init apfauth {{ zwe_init_params }}" + +- name: Init Zowe certificate + import_role: + name: zos + tasks_from: run_zwe + vars: + parameters: "init certificate {{ zwe_init_params }}" + +- name: Init Zowe stc + import_role: + name: zos + tasks_from: run_zwe + vars: + parameters: "init stc {{ zwe_init_params }}" From d7b5a33e2fbd1b9ff00fcd30796b29cb0805cc95 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 2 May 2024 04:57:49 -0500 Subject: [PATCH 174/258] Fixed "name" -> "file" in certificate section Signed-off-by: 1000TurquoisePogs --- INSTALLATION.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/INSTALLATION.md b/INSTALLATION.md index 8ad3a8b309..6ebe3d9bc8 100644 --- a/INSTALLATION.md +++ b/INSTALLATION.md @@ -139,12 +139,12 @@ zowe: certificate: keystore: type: JCERACFKS - name: "safkeyring:///" + file: "safkeyring:///" alias: "" password: "password" #literally "password". keyrings do not use passwords, so this is a placeholder. truststore: type: JCERACFKS - name: "safkeyring:///" + file: "safkeyring:///" password: "password" #literally "password". keyrings do not use passwords, so this is a placeholder. ``` @@ -218,12 +218,12 @@ zowe: certificate: keystore: type: JCERACFKS - name: "safkeyring:///" + file: "safkeyring:///" alias: "" password: "password" #literally "password". keyrings do not use passwords, so this is a placeholder. truststore: type: JCERACFKS - name: "safkeyring:///" + file: "safkeyring:///" password: "password" #literally "password". keyrings do not use passwords, so this is a placeholder. ``` From 83b6b4224d8b797694b569e1c1000301a0aad5bc Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 2 May 2024 07:17:50 -0500 Subject: [PATCH 175/258] Update INSTALLATION.md Added log suffix to table Signed-off-by: 1000TurquoisePogs --- INSTALLATION.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/INSTALLATION.md b/INSTALLATION.md index 6ebe3d9bc8..4701e80d3d 100644 --- a/INSTALLATION.md +++ b/INSTALLATION.md @@ -262,14 +262,14 @@ The following lists the default ports of each server of Zowe that is enabled by These are customized within the YAML at `components..port`, such as `components.zss.port` to customize the ZSS port. -|Component|Component Category|Default TCP Port|Jobname Suffix|Note| -|---|---|---|---|---| -|api-catalog|API Mediation Layer|7552|AC|Provides API documentation| -|discovery|API Mediation Layer|7553|AD|Used by the gateway to discover presence and health each server in a Zowe instance for routing| -|gateway|API Mediation Layer|7554|AG|When enabled, the port chosen should also be the value of `zowe.externalPort`. Zowe can be configured to have this port as the only externally-accessible port as the gateway can proxy the other Zowe servers.| -|caching-service|API Mediation Layer|7555|CS|Provides a cache for high-availability/fault-tolerant operation| -|app-server|App Framework|7556|DS|Provides the Desktop, requires NodeJS| -|zss|App Framework|7557|SZ|Provides APIs| +|Component|Component Category|TCP Port|Job Suffix|Log Suffix|Note| +|---|---|---|---|---|---| +|api-catalog|API Mediation Layer|7552|AC|AAC|Provides API documentation| +|discovery|API Mediation Layer|7553|AD|ADS|Used by the gateway to discover presence and health each server in a Zowe instance for routing| +|gateway|API Mediation Layer|7554|AG|AGW|When enabled, the port chosen should also be the value of `zowe.externalPort`. Zowe can be configured to have this port as the only externally-accessible port as the gateway can proxy the other Zowe servers.| +|caching-service|API Mediation Layer|7555|CS|ACS|Provides a cache for high-availability/fault-tolerant operation| +|app-server|App Framework|7556|DS|D|Provides the Desktop, requires NodeJS| +|zss|App Framework|7557|SZ|SZ|Provides APIs| Zowe also has a property, `zowe.externalPort` that describes where clients should connect to access Zowe. This must match the gateway port when the gateway is enabled. When it isn't, this port should match the primary server of Zowe that you are using. From db8e85d8351d002dddec48c3cfc45672d0bbd960 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 7 May 2024 14:08:26 +0200 Subject: [PATCH 176/258] Fix bug where cert was self-signed due to incorrect name Signed-off-by: 1000TurquoisePogs --- bin/commands/init/certificate/index.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/commands/init/certificate/index.sh b/bin/commands/init/certificate/index.sh index e52868c0d6..4e1e187c63 100644 --- a/bin/commands/init/certificate/index.sh +++ b/bin/commands/init/certificate/index.sh @@ -258,7 +258,7 @@ if [ "${cert_type}" = "PKCS12" ]; then --keystore "${pkcs12_name}" \ --alias "${pkcs12_name}" \ --password "${pkcs12_password}" \ - --common-name "${dname_caCommonName}" \ + --common-name "${dname_commonName}" \ --org-unit "${dname_orgUnit}" \ --org "${dname_org}" \ --locality "${dname_locality}" \ From 149f3249202498806016938d68681f35d5ca5b66 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 7 May 2024 17:13:13 +0200 Subject: [PATCH 177/258] Fixed that the tests for keyring were not specifying values Signed-off-by: 1000TurquoisePogs --- playbooks/roles/configure/defaults/main.yml | 12 +++++++++++- playbooks/roles/configure/tasks/main.yml | 21 ++++++++++++++++++--- 2 files changed, 29 insertions(+), 4 deletions(-) diff --git a/playbooks/roles/configure/defaults/main.yml b/playbooks/roles/configure/defaults/main.yml index 24ff9b6446..085bfb42c5 100644 --- a/playbooks/roles/configure/defaults/main.yml +++ b/playbooks/roles/configure/defaults/main.yml @@ -102,11 +102,21 @@ zowe_external_certficate_alias: zowe_external_certficate_authorities: zowe_keystore_dir: ~/.zowe/keystore zowe_keystore_password: password +zowe_keystore_ca_password: ca-password +zowe_keystore_alias: localhost +zowe_keystore_ca_label: localca +zowe_keystore_cert_dname_ca_common_name: Zowe Development Instances CA +zowe_keystore_cert_dname_common_name: Zowe Development Instances Certificate +zowe_keystore_cert_dname_org_unit: API Mediation Layer +zowe_keystore_cert_dname_org: Zowe Sample +zowe_keystore_cert_dname_locality: Prague +zowe_keystore_cert_dname_state: Prague +zowe_keystore_cert_dname_country: CZ +zowe_keystore_cert_validity: 3650 zowe_keyring_alias: ZoweKeyring zowe_keyring_certname: ZoweCert zowe_keyring_external_intermediate_ca: zowe_keyring_external_root_ca: brcmso -zowe_keystore_alias: localhost zowe_jcllib: zowe_proclib_dsname: auto zowe_proclib_membername: ZWESLSTC diff --git a/playbooks/roles/configure/tasks/main.yml b/playbooks/roles/configure/tasks/main.yml index 20ef9ea5b9..7dfe550a6d 100644 --- a/playbooks/roles/configure/tasks/main.yml +++ b/playbooks/roles/configure/tasks/main.yml @@ -169,6 +169,22 @@ "zowe.setup.certificate.keyring.name": "{{ zowe_keyring_alias }}" "zowe.setup.certificate.keyring.label": "{{ zowe_keyring_certname }}" "zowe.setup.certificate.importCertificateAuthorities.0": "{{ zowe_external_certficate_authorities }},{{ zowe_keyring_external_intermediate_ca }},{{ zowe_keyring_external_root_ca }}" + - name: Update keyring setup when generating certificates + when: zowe_external_certficate == '' or zowe_external_certificate is undefined + import_role: + name: zos + tasks_from: update_zowe_yaml + vars: + configs: + "zowe.setup.certificate.keyring.caLabel": "{{ zowe_keyring_ca_label }}" + "zowe.setup.certificate.dname.caCommonName": "{{ zowe_keystore_cert_dname_ca_common_name }}" + "zowe.setup.certificate.dname.commonName": "{{ zowe_keystore_cert_dname_common_name }}" + "zowe.setup.certificate.dname.orgUnit": "{{ zowe_keystore_cert_dname_org_unit }}" + "zowe.setup.certificate.dname.org": "{{ zowe_keystore_cert_dname_org }}" + "zowe.setup.certificate.dname.locality": "{{ zowe_keystore_cert_dname_locality }}" + "zowe.setup.certificate.dname.state": "{{ zowe_keystore_cert_dname_state }}" + "zowe.setup.certificate.dname.country": "{{ zowe_keystore_cert_dname_country }}" + "zowe.setup.certificate.validity": "{{ zowe_keystore_cert_validity }}" - name: Update keyring setup when connecting to external certificate when: zowe_external_certficate is not none and zowe_external_certficate != '' import_role: @@ -176,11 +192,10 @@ tasks_from: update_zowe_yaml vars: configs: - # FIXME: import or connect? "zowe.setup.certificate.keyring.connect.user": "{{ zowe_external_certficate }}" "zowe.setup.certificate.keyring.connect.label": "{{ zowe_external_certficate_alias }}" - "zowe.setup.certificate.keyring.import.dsName": "{{ zowe_external_certficate }}" - "zowe.setup.certificate.keyring.import.password": "{{ zowe_external_certficate_alias }}" + # FIXME: Zowe has ignored "import" when "connect" exists. + # TODO: Write a test for "import" separately. - name: Update keyring setup to help import z/OSMF CA import_role: name: zos From ab669e0b0ab0187e863679d0511de234427d3c91 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 7 May 2024 17:33:21 +0200 Subject: [PATCH 178/258] Fix keyring -> keystore naming in the test file Signed-off-by: 1000TurquoisePogs --- playbooks/roles/configure/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/roles/configure/tasks/main.yml b/playbooks/roles/configure/tasks/main.yml index 7dfe550a6d..b838df0ed1 100644 --- a/playbooks/roles/configure/tasks/main.yml +++ b/playbooks/roles/configure/tasks/main.yml @@ -176,7 +176,7 @@ tasks_from: update_zowe_yaml vars: configs: - "zowe.setup.certificate.keyring.caLabel": "{{ zowe_keyring_ca_label }}" + "zowe.setup.certificate.keyring.caLabel": "{{ zowe_keystore_ca_label }}" "zowe.setup.certificate.dname.caCommonName": "{{ zowe_keystore_cert_dname_ca_common_name }}" "zowe.setup.certificate.dname.commonName": "{{ zowe_keystore_cert_dname_common_name }}" "zowe.setup.certificate.dname.orgUnit": "{{ zowe_keystore_cert_dname_org_unit }}" From cd8057c0ff2a4ff250aa7447fa66f13f88bdf994 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 8 May 2024 11:10:01 +0200 Subject: [PATCH 179/258] Simplify detection of zosmf flag and update incorrect jcl info on verify certificates value Signed-off-by: 1000TurquoisePogs --- bin/commands/init/certificate/index.sh | 4 ++-- bin/libs/certificate.sh | 7 ++----- files/SZWESAMP/ZWEIKRA1 | 7 +++---- files/SZWESAMP/ZWEIKRA2 | 7 +++---- files/SZWESAMP/ZWEIKRA3 | 7 +++---- files/SZWESAMP/ZWEIKRR1 | 7 +++---- files/SZWESAMP/ZWEIKRR2 | 7 +++---- files/SZWESAMP/ZWEIKRR3 | 7 +++---- files/SZWESAMP/ZWEIKRT1 | 7 +++---- files/SZWESAMP/ZWEIKRT2 | 7 +++---- files/SZWESAMP/ZWEIKRT3 | 7 +++---- 11 files changed, 31 insertions(+), 43 deletions(-) diff --git a/bin/commands/init/certificate/index.sh b/bin/commands/init/certificate/index.sh index 4e1e187c63..96f31cc55e 100644 --- a/bin/commands/init/certificate/index.sh +++ b/bin/commands/init/certificate/index.sh @@ -124,10 +124,10 @@ for item in host port; do var_val=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zOSMF.${item}") eval "${var_name}=\"${var_val}\"" done -keyring_trust_zosmf= +keyring_trust_zosmf=0 verify_certificates=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.verifyCertificates" | upper_case) if [ "${verify_certificates}" = "STRICT" -o "${verify_certificates}" = "NONSTRICT" ]; then - keyring_trust_zosmf="--trust-zosmf" + keyring_trust_zosmf=1 else # no need to trust z/OSMF service zosmf_host= diff --git a/bin/libs/certificate.sh b/bin/libs/certificate.sh index 1874f4a8a6..c7478626ce 100644 --- a/bin/libs/certificate.sh +++ b/bin/libs/certificate.sh @@ -819,11 +819,8 @@ keyring_run_zwekring_jcl() { domains="${4}" # external CA labels separated by comma (label can have spaces) ext_cas="${5}" - # set to 1 or true to import z/OSMF CA - trust_zosmf=0 - if [ "${6}" = "true" -o "${6}" = "1" ]; then - trust_zosmf=1 - fi + # set to 1 to import z/OSMF CA + trust_zosmf="${6}" zosmf_root_ca="${7}" validity="${8}" security_product="${9}" diff --git a/files/SZWESAMP/ZWEIKRA1 b/files/SZWESAMP/ZWEIKRA1 index fef0764e5b..ad5c778865 100644 --- a/files/SZWESAMP/ZWEIKRA1 +++ b/files/SZWESAMP/ZWEIKRA1 @@ -41,10 +41,9 @@ //* Zowe certificate. It is only applicable if Zowe certificate //* signed by a recognized certificate authority (CA). //* -//* 6) If you enable VERIFY_CERTIFICATES or -//* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set -//* IFROZFCA to 1 to connect z/OSMF certificate authority to -//* Zowe keyring. Otherwise set to 0. +//* 6) If you set zowe.verifyCertificates to +//* STRICT or NONSTRICT, then set IFROZFCA to 1 +//* to connect z/OSMF certificate authority to Zowe keyring. //* //* 7) Customize the commands in the DD statement that matches your //* security product so that they meet your system requirements. diff --git a/files/SZWESAMP/ZWEIKRA2 b/files/SZWESAMP/ZWEIKRA2 index c30a3db8c4..101e9f9cae 100644 --- a/files/SZWESAMP/ZWEIKRA2 +++ b/files/SZWESAMP/ZWEIKRA2 @@ -40,10 +40,9 @@ //* Zowe certificate. It is only applicable if Zowe certificate //* signed by a recognized certificate authority (CA). //* -//* 6) If you enable VERIFY_CERTIFICATES or -//* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set -//* IFROZFCA to 1 to connect z/OSMF certificate authority to -//* Zowe keyring. Otherwise set to 0. +//* 6) If you set zowe.verifyCertificates to +//* STRICT or NONSTRICT, then set IFROZFCA to 1 +//* to connect z/OSMF certificate authority to Zowe keyring. //* //* 7) Customize the commands in the DD statement that matches your //* security product so that they meet your system requirements. diff --git a/files/SZWESAMP/ZWEIKRA3 b/files/SZWESAMP/ZWEIKRA3 index e475a378a6..1200deb171 100644 --- a/files/SZWESAMP/ZWEIKRA3 +++ b/files/SZWESAMP/ZWEIKRA3 @@ -40,10 +40,9 @@ //* Zowe certificate. It is only applicable if Zowe certificate //* signed by a recognized certificate authority (CA). //* -//* 6) If you enable VERIFY_CERTIFICATES or -//* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set -//* IFROZFCA to 1 to connect z/OSMF certificate authority to -//* Zowe keyring. Otherwise set to 0. +//* 6) If you set zowe.verifyCertificates to +//* STRICT or NONSTRICT, then set IFROZFCA to 1 +//* to connect z/OSMF certificate authority to Zowe keyring. //* //* 7) Customize the commands in the DD statement that matches your //* security product so that they meet your system requirements. diff --git a/files/SZWESAMP/ZWEIKRR1 b/files/SZWESAMP/ZWEIKRR1 index a7cf76b81b..9e2dbdc595 100644 --- a/files/SZWESAMP/ZWEIKRR1 +++ b/files/SZWESAMP/ZWEIKRR1 @@ -41,10 +41,9 @@ //* Zowe certificate. It is only applicable if Zowe certificate //* signed by a recognized certificate authority (CA). //* -//* 6) If you enable VERIFY_CERTIFICATES or -//* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set -//* IFROZFCA to 1 to connect z/OSMF certificate authority to -//* Zowe keyring. Otherwise set to 0. +//* 6) If you set zowe.verifyCertificates to +//* STRICT or NONSTRICT, then set IFROZFCA to 1 +//* to connect z/OSMF certificate authority to Zowe keyring. //* //* 7) Customize the commands in the DD statement that matches your //* security product so that they meet your system requirements. diff --git a/files/SZWESAMP/ZWEIKRR2 b/files/SZWESAMP/ZWEIKRR2 index 0702d15130..180608dee5 100644 --- a/files/SZWESAMP/ZWEIKRR2 +++ b/files/SZWESAMP/ZWEIKRR2 @@ -40,10 +40,9 @@ //* Zowe certificate. It is only applicable if Zowe certificate //* signed by a recognized certificate authority (CA). //* -//* 6) If you enable VERIFY_CERTIFICATES or -//* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set -//* IFROZFCA to 1 to connect z/OSMF certificate authority to -//* Zowe keyring. Otherwise set to 0. +//* 6) If you set zowe.verifyCertificates to +//* STRICT or NONSTRICT, then set IFROZFCA to 1 +//* to connect z/OSMF certificate authority to Zowe keyring. //* //* 7) Customize the commands in the DD statement that matches your //* security product so that they meet your system requirements. diff --git a/files/SZWESAMP/ZWEIKRR3 b/files/SZWESAMP/ZWEIKRR3 index 8aa7983a29..d4f3320658 100644 --- a/files/SZWESAMP/ZWEIKRR3 +++ b/files/SZWESAMP/ZWEIKRR3 @@ -41,10 +41,9 @@ //* Zowe certificate. It is only applicable if Zowe certificate //* signed by a recognized certificate authority (CA). //* -//* 6) If you enable VERIFY_CERTIFICATES or -//* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set -//* IFROZFCA to 1 to connect z/OSMF certificate authority to -//* Zowe keyring. Otherwise set to 0. +//* 6) If you set zowe.verifyCertificates to +//* STRICT or NONSTRICT, then set IFROZFCA to 1 +//* to connect z/OSMF certificate authority to Zowe keyring. //* //* 7) Customize the commands in the DD statement that matches your //* security product so that they meet your system requirements. diff --git a/files/SZWESAMP/ZWEIKRT1 b/files/SZWESAMP/ZWEIKRT1 index 33fa8d88f3..d8f8e30d12 100644 --- a/files/SZWESAMP/ZWEIKRT1 +++ b/files/SZWESAMP/ZWEIKRT1 @@ -41,10 +41,9 @@ //* Zowe certificate. It is only applicable if Zowe certificate //* signed by a recognized certificate authority (CA). //* -//* 6) If you enable VERIFY_CERTIFICATES or -//* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set -//* IFROZFCA to 1 to connect z/OSMF certificate authority to -//* Zowe keyring. Otherwise set to 0. +//* 6) If you set zowe.verifyCertificates to +//* STRICT or NONSTRICT, then set IFROZFCA to 1 +//* to connect z/OSMF certificate authority to Zowe keyring. //* //* 7) Customize the commands in the DD statement that matches your //* security product so that they meet your system requirements. diff --git a/files/SZWESAMP/ZWEIKRT2 b/files/SZWESAMP/ZWEIKRT2 index c24bf4d509..2775e0148a 100644 --- a/files/SZWESAMP/ZWEIKRT2 +++ b/files/SZWESAMP/ZWEIKRT2 @@ -40,10 +40,9 @@ //* Zowe certificate. It is only applicable if Zowe certificate //* signed by a recognized certificate authority (CA). //* -//* 6) If you enable VERIFY_CERTIFICATES or -//* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set -//* IFROZFCA to 1 to connect z/OSMF certificate authority to -//* Zowe keyring. Otherwise set to 0. +//* 6) If you set zowe.verifyCertificates to +//* STRICT or NONSTRICT, then set IFROZFCA to 1 +//* to connect z/OSMF certificate authority to Zowe keyring. //* //* 7) Customize the commands in the DD statement that matches your //* security product so that they meet your system requirements. diff --git a/files/SZWESAMP/ZWEIKRT3 b/files/SZWESAMP/ZWEIKRT3 index 1ef90d17a4..f945239103 100644 --- a/files/SZWESAMP/ZWEIKRT3 +++ b/files/SZWESAMP/ZWEIKRT3 @@ -40,10 +40,9 @@ //* Zowe certificate. It is only applicable if Zowe certificate //* signed by a recognized certificate authority (CA). //* -//* 6) If you enable VERIFY_CERTIFICATES or -//* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set -//* IFROZFCA to 1 to connect z/OSMF certificate authority to -//* Zowe keyring. Otherwise set to 0. +//* 6) If you set zowe.verifyCertificates to +//* STRICT or NONSTRICT, then set IFROZFCA to 1 +//* to connect z/OSMF certificate authority to Zowe keyring. //* //* 7) Customize the commands in the DD statement that matches your //* security product so that they meet your system requirements. From 240393b6eb0254f98a90fdf4c86d25ca9c404a50 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 8 May 2024 04:51:58 -0500 Subject: [PATCH 180/258] Update SMPMCS.txt Was missing ZWEIAPF2 Signed-off-by: 1000TurquoisePogs --- smpe/bld/SMPMCS.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/smpe/bld/SMPMCS.txt b/smpe/bld/SMPMCS.txt index e9b9ab3ed6..76499349d8 100755 --- a/smpe/bld/SMPMCS.txt +++ b/smpe/bld/SMPMCS.txt @@ -39,6 +39,7 @@ ++SAMP(ZWEIACF) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . ++SAMP(ZWEIACFZ) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . ++SAMP(ZWEIAPF) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWEIAPF2) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . ++SAMP(ZWEIKRA1) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . ++SAMP(ZWEIKRA2) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . ++SAMP(ZWEIKRA3) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . From 319bacbde332c0d94afdde166aa116c8f63d6a23 Mon Sep 17 00:00:00 2001 From: MarkAckert Date: Fri, 10 May 2024 10:37:19 -0400 Subject: [PATCH 181/258] set config for zwe init (useconfigmgr?) Signed-off-by: MarkAckert --- playbooks/roles/configure/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/roles/configure/tasks/main.yml b/playbooks/roles/configure/tasks/main.yml index b838df0ed1..4589c8ab03 100644 --- a/playbooks/roles/configure/tasks/main.yml +++ b/playbooks/roles/configure/tasks/main.yml @@ -354,7 +354,7 @@ - name: Set zwe_init_params variables set_fact: # --allow-overwrite is needed to overwrite anything left by FMID install - zwe_init_params: "--update-config -l \"{{ zowe_install_logs_dir }}\" --allow-overwrite" + zwe_init_params: "--update-config -l \"{{ zowe_install_logs_dir }}\" --allow-overwrite --config {{ zowe_instance_dir }}/zowe.yaml" - name: Set --security-dry-run or not set_fact: From bb10e99565702829e33f5997fdd447a0cc9795d1 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 14 May 2024 10:33:29 +0200 Subject: [PATCH 182/258] Support runing gener if zweimvs is not found, such as in pre-existing jcllib (like smpe case) Signed-off-by: 1000TurquoisePogs --- bin/commands/init/apfauth/index.sh | 15 +++++---------- bin/commands/init/generate/index.sh | 14 +++++--------- bin/commands/init/index.sh | 14 ++++---------- bin/commands/init/mvs/index.sh | 15 +++++---------- bin/commands/init/security/index.sh | 14 ++++---------- bin/commands/init/stc/index.sh | 14 ++++---------- bin/commands/init/vsam/index.sh | 13 ++++--------- bin/libs/zos.ts | 7 ++++--- 8 files changed, 35 insertions(+), 71 deletions(-) diff --git a/bin/commands/init/apfauth/index.sh b/bin/commands/init/apfauth/index.sh index 472d7192c4..581636ffd5 100644 --- a/bin/commands/init/apfauth/index.sh +++ b/bin/commands/init/apfauth/index.sh @@ -11,14 +11,9 @@ # Copyright Contributors to the Zowe Project. ####################################################################### -USE_CONFIGMGR=$(check_configmgr_enabled) -if [ "${USE_CONFIGMGR}" = "true" ]; then - if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then - - # user-facing command, use tmpdir to not mess up workspace permissions - export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 - fi - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/apfauth/cli.js" -else - print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 +if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then + # user-facing command, use tmpdir to not mess up workspace permissions + export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi +_CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/apfauth/cli.js" + diff --git a/bin/commands/init/generate/index.sh b/bin/commands/init/generate/index.sh index d081d672c9..caf2d9acc6 100644 --- a/bin/commands/init/generate/index.sh +++ b/bin/commands/init/generate/index.sh @@ -11,13 +11,9 @@ # Copyright Contributors to the Zowe Project. ####################################################################### -USE_CONFIGMGR=$(check_configmgr_enabled) -if [ "${USE_CONFIGMGR}" = "true" ]; then - if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then - # user-facing command, use tmpdir to not mess up workspace permissions - export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 - fi - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/generate/cli.js" -else - print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 +if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then + # user-facing command, use tmpdir to not mess up workspace permissions + export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi +_CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/generate/cli.js" + diff --git a/bin/commands/init/index.sh b/bin/commands/init/index.sh index 13ef5ab299..50eda3f124 100755 --- a/bin/commands/init/index.sh +++ b/bin/commands/init/index.sh @@ -13,14 +13,8 @@ init_missing_yaml_properties -USE_CONFIGMGR=$(check_configmgr_enabled) -if [ "${USE_CONFIGMGR}" = "true" ]; then - if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then - - # user-facing command, use tmpdir to not mess up workspace permissions - export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 - fi - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/cli.js" -else - print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 +if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then + # user-facing command, use tmpdir to not mess up workspace permissions + export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi +_CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/cli.js" diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index bb087f43f6..fdc7dbe0e4 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -12,14 +12,9 @@ init_missing_yaml_properties -USE_CONFIGMGR=$(check_configmgr_enabled) -if [ "${USE_CONFIGMGR}" = "true" ]; then - if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then - - # user-facing command, use tmpdir to not mess up workspace permissions - export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 - fi - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/mvs/cli.js" -else - print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 +if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then + # user-facing command, use tmpdir to not mess up workspace permissions + export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi +_CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/mvs/cli.js" + diff --git a/bin/commands/init/security/index.sh b/bin/commands/init/security/index.sh index 0a1b87b5a7..dd44426811 100644 --- a/bin/commands/init/security/index.sh +++ b/bin/commands/init/security/index.sh @@ -11,14 +11,8 @@ # Copyright Contributors to the Zowe Project. ####################################################################### -USE_CONFIGMGR=$(check_configmgr_enabled) -if [ "${USE_CONFIGMGR}" = "true" ]; then - if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then - - # user-facing command, use tmpdir to not mess up workspace permissions - export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 - fi - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/security/cli.js" -else - print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 +if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then + # user-facing command, use tmpdir to not mess up workspace permissions + export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi +_CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/security/cli.js" diff --git a/bin/commands/init/stc/index.sh b/bin/commands/init/stc/index.sh index dcc6a73ba4..adc2d6fee1 100644 --- a/bin/commands/init/stc/index.sh +++ b/bin/commands/init/stc/index.sh @@ -11,14 +11,8 @@ # Copyright Contributors to the Zowe Project. ####################################################################### -USE_CONFIGMGR=$(check_configmgr_enabled) -if [ "${USE_CONFIGMGR}" = "true" ]; then - if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then - - # user-facing command, use tmpdir to not mess up workspace permissions - export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 - fi - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/stc/cli.js" -else - print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 +if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then + # user-facing command, use tmpdir to not mess up workspace permissions + export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi +_CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/stc/cli.js" diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index 88b1d30412..8ce07f4e45 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -11,13 +11,8 @@ # Copyright Contributors to the Zowe Project. ####################################################################### -USE_CONFIGMGR=$(check_configmgr_enabled) -if [ "${USE_CONFIGMGR}" = "true" ]; then - if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then - # user-facing command, use tmpdir to not mess up workspace permissions - export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 - fi - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/vsam/cli.js" -else - print_error_and_exit "Error ZWEL0316E: Command requires zowe.useConfigmgr=true to use." "" 316 +if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then + # user-facing command, use tmpdir to not mess up workspace permissions + export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi +_CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/vsam/cli.js" diff --git a/bin/libs/zos.ts b/bin/libs/zos.ts index dd1d535c77..e658fcc637 100644 --- a/bin/libs/zos.ts +++ b/bin/libs/zos.ts @@ -72,8 +72,9 @@ export function verifyGeneratedJcl(config:any): string { if (!jcllib) { return undefined; } - // read JCL library and validate - let doesJclExist: boolean = zosDataset.isDatasetExists(jcllib); + const expectedMember = jcllib+'(ZWEIMVS)'; + // read JCL library and validate using expected member ZWEIMVS (init mvs command) + let doesJclExist: boolean = zosDataset.isDatasetExists(expectedMember); if (!doesJclExist) { initGenerate.execute(); } @@ -83,7 +84,7 @@ export function verifyGeneratedJcl(config:any): string { const interval = [1,5,10,30]; for (let i = 0; i < interval.length; i++) { let secs = interval[i]; - doesJclExist=zosDataset.isDatasetExists(jcllib); + doesJclExist=zosDataset.isDatasetExists(expectedMember); if (!doesJclExist) { os.sleep(secs*1000); } else { From f4f1d31d383a72105d1b2f2a9f9a439676657310 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Tue, 14 May 2024 15:39:08 +0200 Subject: [PATCH 183/258] cat datasets with dollar sign Signed-off-by: Martin Zeithaml --- bin/libs/zos-jes.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/libs/zos-jes.ts b/bin/libs/zos-jes.ts index b9e6fd53ea..372a01e8a9 100644 --- a/bin/libs/zos-jes.ts +++ b/bin/libs/zos-jes.ts @@ -22,7 +22,7 @@ export function submitJob(jclFileOrContent: string, printJobDebug:boolean=true, common.printTrace(`- content of ${jclFileOrContent}`); if (!jclIsContent) { - const catResult = shell.execOutSync('sh', '-c', `cat "${jclFileOrContent}" 2>&1`); + const catResult = shell.execOutSync('sh', '-c', `cat "${stringlib.escapeDollar(jclFileOrContent)}" 2>&1`); if (catResult.rc != 0) { common.printTrace(` * Failed`); common.printTrace(` * Exit code: ${catResult.rc}`); @@ -40,7 +40,7 @@ export function submitJob(jclFileOrContent: string, printJobDebug:boolean=true, // cat seems to work more reliably. sometimes, submit by itself just says it cannot find a real dataset. const result = shell.execOutSync('sh', '-c', jclIsContent ? `echo "${jclFileOrContent}" | submit 2>&1` - : `cat "${jclFileOrContent}" | submit 2>&1`); + : `cat "${stringlib.escapeDollar(jclFileOrContent)}" | submit 2>&1`); // expected: JOB JOB????? submitted from path '...' const code=result.rc; if (code==0) { From c3f1fca9548dc324dfb6b944e67d76aea02ca520 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Tue, 14 May 2024 16:31:56 +0200 Subject: [PATCH 184/258] VSAM help update Signed-off-by: Martin Zeithaml --- bin/commands/init/vsam/.help | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/bin/commands/init/vsam/.help b/bin/commands/init/vsam/.help index fbcaf2694b..334284ba00 100644 --- a/bin/commands/init/vsam/.help +++ b/bin/commands/init/vsam/.help @@ -1,4 +1,4 @@ -This command will run ZWECSVSM jcl to create VSAM data set for Zowe APIML +This command will run ZWECSVSM JCL to create VSAM data set for Zowe APIML Caching Service. These Zowe YAML configurations showing with sample values are used: @@ -13,24 +13,28 @@ zowe: mode: NONRLS volume: VOL123 storageClass: + name: IBMUSER.ZWE.CUST.CACHE2 components: caching-service: storage: mode: VSAM vsam: - name: IBMUSER.ZWE.CUST.CACHE2 + name: ``` -- `zowe.setup.dataset.prefix` shows where the `SZWESAMP` data set is installed, -- `zowe.setup.dataset.jcllib` is the custom JCL library. Zowe will create customized - ZWESECUR JCL here before applying it. +- `zowe.setup.dataset.prefix` shows where the `SZWESAMP` data set is installed. +- `zowe.setup.dataset.jcllib` is the custom JCL library. Zowe server command may + generate sample JCLs and put into this data set. - `zowe.setup.vsam.mode` indicates whether the VSAM will utilize Record Level Sharing (RLS) services or not. Valid value is `RLS` or `NONRLS`. - `zowe.setup.vsam.volume` indicates the name of volume. This field is required if VSAM mode is `NONRLS`. - `zowe.setup.vsam.storageClass` indicates the name of RLS storage class. This field is required if VSAM mode is `RLS`. +- `zowe.setup.vsam.name` defines the VSAM data set name. - `components.caching-service.storage.mode` indicates what storage Zowe Caching Service will use. Only if this value is `VSAM`, this command will try to create VSAM data set. - `components.caching-service.storage.vsam.name` defines the VSAM data set name. + This field can be omitted and automatically updated with parameter + `--update-config`. From 3c9783665acafeb57dbadc8a0795a499e3099536 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 15 May 2024 12:16:26 +0200 Subject: [PATCH 185/258] Use defaults.yaml, a reduction of example-zowe.yaml, to have the right defaults in case of upgrades such as in smpe Signed-off-by: 1000TurquoisePogs --- bin/libs/configmgr.ts | 4 +- files/defaults.yaml | 346 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 349 insertions(+), 1 deletion(-) create mode 100644 files/defaults.yaml diff --git a/bin/libs/configmgr.ts b/bin/libs/configmgr.ts index 0f9e00f5a8..9ad83d16b3 100644 --- a/bin/libs/configmgr.ts +++ b/bin/libs/configmgr.ts @@ -40,7 +40,9 @@ std.setenv('ZWE_PRIVATE_CONFIG_ORIG', parameterConfig); 3. one or more parmlib paths with PARMLIB() syntax, ex PARMLIB(my.zowe(yaml)):PARMLIB(my.other.zowe(yaml)) ... note the member names must be the same for every PARMLIB mentioned! 4. one or more of FILE and PARMLIB syntax combined, ex FILE(/my/1.yaml):FILE(/my2.yaml):PARMLIB(my.zowe(yaml)):PARMLIB(my.other.zowe(yaml)) */ -const ZOWE_CONFIG_PATH = (parameterConfig && !parameterConfig.startsWith('FILE(') && !parameterConfig.startsWith('PARMLIB(')) ? `FILE(${parameterConfig})` : parameterConfig; +const ZOWE_CONFIG_PATH = (parameterConfig && !parameterConfig.startsWith('FILE(') && !parameterConfig.startsWith('PARMLIB(')) + ? `FILE(${parameterConfig}):FILE(${std.getenv('ZWE_zowe_runtimeDirectory')}/files/defaults.yaml)` + : parameterConfig + `:FILE(${std.getenv('ZWE_zowe_runtimeDirectory')}/files/defaults.yaml)`; let configLoaded = false; const COMMON_SCHEMA = `${std.getenv('ZWE_zowe_runtimeDirectory')}/schemas/server-common.json`; diff --git a/files/defaults.yaml b/files/defaults.yaml new file mode 100644 index 0000000000..a171983513 --- /dev/null +++ b/files/defaults.yaml @@ -0,0 +1,346 @@ +################################################################################ +# This program and the accompanying materials are made available under the terms of the +# Eclipse Public License v2.0 which accompanies this distribution, and is available at +# https://www.eclipse.org/legal/epl-v20.html +# +# SPDX-License-Identifier: EPL-2.0 +# +# Copyright Contributors to the Zowe Project. +################################################################################ + +#=============================================================================== +# This is the default YAML configuration file for a Zowe instance. +# +# It should not be edited. +# +# You should use "example-zowe.yaml" as a reference for customizing +# Your own Zowe configuration. +#=============================================================================== + +#------------------------------------------------------------------------------- +# Zowe global configurations +# +# This section includes Zowe setup information used by `zwe install` and +# `zwe init` command, as well as default configurations for Zowe runtime. +#------------------------------------------------------------------------------- +zowe: + #------------------------------------------------------------------------------- + # These configurations are used by "zwe install" or "zwe init" commands. + #------------------------------------------------------------------------------- + setup: + # MVS data set related configurations + dataset: + # where Zowe MVS data sets will be installed + # This prefix is used for the Zowe runtime datasets + # Including: + # Auth Load Lib: SZWEAUTH + # Load Lib: SZWELOAD + prefix: IBMUSER.ZWEV2 + + # PROCLIB where Zowe STCs will be copied over + proclib: USER.PROCLIB + + # Zowe PARMLIB + parmlib: IBMUSER.ZWEV2.CUST.PARMLIB + # Holds Zowe PARMLIB members for plugins + parmlibMembers: + # For ZIS plugins + zis: ZWESIP00 + + # JCL library where Zowe will store temporary JCLs during initialization + jcllib: IBMUSER.ZWEV2.CUST.JCLLIB + # Utilities for use by Zowe and extensions + loadlib: IBMUSER.ZWEV2.SZWELOAD + # APF authorized LOADLIB for Zowe + authLoadlib: IBMUSER.ZWEV2.SZWEAUTH + + # APF authorized LOADLIB for Zowe ZIS Plugins + authPluginLib: IBMUSER.ZWEV2.CUST.ZWESAPL + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # Security related configurations. This setup is optional. + security: + # security product name. Can be RACF, ACF2 or TSS + product: RACF + # security group name + groups: + # Zowe admin user group + admin: ZWEADMIN + # Zowe STC group + stc: ZWEADMIN + # Zowe SysProg group + sysProg: ZWEADMIN + # security user name + users: + # Zowe runtime user name of main service + zowe: ZWESVUSR + # Zowe runtime user name of ZIS + zis: ZWESIUSR + # STC names + stcs: + # STC name of Zowe main service + zowe: ZWESLSTC + # STC name of Zowe ZIS + zis: ZWESISTC + # STC name of Zowe ZIS Auxiliary Server + aux: ZWESASTC + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # Certificate related configurations + # + # There are 5 configurations cases. Please choose one from below. + + # >>>> Certificate setup scenario 1 + # PKCS12 (keystore) with Zowe generate certificates. + certificate: + type: PKCS12 + pkcs12: + + # Keystore directory + directory: /var/zowe/keystore + # Lock the keystore directory to only accessible by Zowe runtime user and group. + lock: true + + # Certificate alias name. + name: localhost + password: password + + # Alias name of self-signed certificate authority. + caAlias: local_ca + caPassword: local_ca_password + # Distinguished name for Zowe generated certificates. + dname: + caCommonName: "Zowe Development Instances CA" + commonName: "Zowe Development Instances Certificate" + orgUnit: "API Mediation Layer" + org: "Zowe Sample" + locality: "Prague" + state: "Prague" + country: "CZ" + # Validity days for Zowe generated certificates + validity: 3650 + + + # Where to store runtime logs + logDirectory: /global/zowe/logs + + + # Zowe runtime workspace directory + workspaceDirectory: /global/zowe/workspace + + + # Where extensions are installed + extensionDirectory: /global/zowe/extensions + + configmgr: + # STRICT=quit on any error, including missing schema + # COMPONENT-COMPAT=if component missing schema, skip it with warning instead of quit + validation: "STRICT" + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # runtime z/OS job name + job: + # Zowe JES job name + name: ZWE1SV + # Prefix of component address space + prefix: ZWE1 + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # This is an ID you use to separate multiple Zowe installs when determining + # resource names used in RBAC authorization checks such as dataservices with RBAC + # expects this ID in SAF resources + rbacProfileIdentifier: "1" + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # This is an ID that can be used by servers that distinguish their cookies from unrelated Zowe installs, + # for purposes such as to allow multiple copies of Zowe to be used within the same client + cookieIdentifier: "1" + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + + # You can list your external domains on how you want to access Zowe. + # This should be the domain list you would like to put into your web browser's + # address bar. + externalDomains: + # this should be the domain name to access Zowe APIML Gateway + - "${{ zos.resolveSymbol('&SYSNAME') }}" + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # This is the port you use to access Zowe Gateway from your web browser. + # + # In many use cases, this should be same as `components.gateway.port`. But in + # some use cases, like containerization, this port could be different. + externalPort: 7554 + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # You can define any Zowe message portions to be checked for and the message added to the + # system log upon its logging, truncated to 126 characters. + sysMessages: + # # Zowe starting + - "ZWEL0021I" + # # Zowe started + - "ZWEL0018I" + - "ZWEL0006I" + # # Zowe ready to use + - "ZWES1601I" + # # Zowe stopping + - "ZWEL0008I" + # # Zowe stopped + - "ZWEL0022I" + # # Zowe components starting + - "ZWEL0001I" + # # Zowe components stopped + - "ZWEL0002I" + # # API ML components ready + - "ZWEAM000I" + # # App server ready + - "ZWED0031I" + # # ZSS ready + - "ZWES1013I" + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # Enable debug mode for Zowe launch scripts + launchScript: + # Set to "debug" or "trace" to display extra debug information + logLevel: "info" + # Set to "exit" if you'd like startup to exit if any component has an error in the configure stage, otherwise zwe will warn but continue. + onComponentConfigureFail: "warn" + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + # How we want to verify SSL certificates of services. Valid values are: + # - STRICT: will validate if the certificate is trusted in our trust store and + # if the certificate Command Name and Subject Alternative Name (SAN) + # is validate. This is recommended for the best security. + # - NONSTRICT: will validate if the certificate is trusted in our trust store. + # This mode does not validate certificate Common Name and Subject + # Alternative Name (SAN). + # - DISABLED: disable certificate validation. This is NOT recommended for + # security. + verifyCertificates: STRICT + +#------------------------------------------------------------------------------- +# z/OSMF configuration +# +# If your Zowe instance is configured to use z/OSMF for authentication or other +# features. You need to define how to access your z/OSMF instance. +#------------------------------------------------------------------------------- +zOSMF: + host: "${{ zos.resolveSymbol('&SYSNAME') }}" + port: 443 + applId: IZUDFLT + + +#------------------------------------------------------------------------------- +# Zowe components default configurations +#------------------------------------------------------------------------------- +components: + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + gateway: + enabled: true + port: 7554 + debug: false + + apiml: + security: + auth: + provider: zosmf + zosmf: + jwtAutoconfiguration: auto + serviceId: zosmf + authorization: + endpoint: + enabled: false + provider: "" + x509: + enabled: false + server: + internal: + # gateway supports internal connector + enabled: false + port: 7550 + ssl: + enabled: false + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + metrics-service: + enabled: false + port: 7551 + debug: false + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + cloud-gateway: + enabled: false + port: 7563 + debug: false + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + api-catalog: + enabled: true + port: 7552 + debug: false + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + discovery: + enabled: true + port: 7553 + debug: false + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + caching-service: + enabled: true + port: 7555 + debug: false + + storage: + evictionStrategy: reject + # can be inMemory, VSAM, redis or infinispan + mode: VSAM + size: 10000 + vsam: + # your VSAM data set created by "zwe init vsam" command or ZWECSVSM JCL + # this is required if storage mode is VSAM + name: "" + infinispan: + # this is required if storage mode is infinispan + jgroups: + port: 7600 + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + app-server: + enabled: true + port: 7556 + debug: false + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + zss: + enabled: true + port: 7557 + crossMemoryServerName: ZWESIS_STD + agent: + jwt: + fallback: true + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + jobs-api: + enabled: false + debug: false + port: 7558 + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + files-api: + enabled: false + debug: false + port: 7559 + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + explorer-jes: + enabled: true + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + explorer-mvs: + enabled: true + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + explorer-uss: + enabled: true From bbe30a57c609cbacf9c2dbc82f7337ef39aa66ca Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Wed, 15 May 2024 15:53:06 +0200 Subject: [PATCH 186/258] Comment out sysMessages items in defaults.yaml Signed-off-by: Martin Zeithaml --- files/defaults.yaml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/files/defaults.yaml b/files/defaults.yaml index a171983513..6db14da726 100644 --- a/files/defaults.yaml +++ b/files/defaults.yaml @@ -175,28 +175,28 @@ zowe: # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # You can define any Zowe message portions to be checked for and the message added to the # system log upon its logging, truncated to 126 characters. - sysMessages: + #sysMessages: # # Zowe starting - - "ZWEL0021I" + # - "ZWEL0021I" # # Zowe started - - "ZWEL0018I" - - "ZWEL0006I" + # - "ZWEL0018I" + # - "ZWEL0006I" # # Zowe ready to use - - "ZWES1601I" + # - "ZWES1601I" # # Zowe stopping - - "ZWEL0008I" + # - "ZWEL0008I" # # Zowe stopped - - "ZWEL0022I" + # - "ZWEL0022I" # # Zowe components starting - - "ZWEL0001I" + # - "ZWEL0001I" # # Zowe components stopped - - "ZWEL0002I" + # - "ZWEL0002I" # # API ML components ready - - "ZWEAM000I" + # - "ZWEAM000I" # # App server ready - - "ZWED0031I" + # - "ZWED0031I" # # ZSS ready - - "ZWES1013I" + # - "ZWES1013I" # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # Enable debug mode for Zowe launch scripts From 7c7977d95209793194cefad56a00a7b3d80cd1a3 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 16 May 2024 07:48:33 -0400 Subject: [PATCH 187/258] Remove arrays that are unique This avoids schema failure Signed-off-by: 1000TurquoisePogs --- files/defaults.yaml | 35 ----------------------------------- 1 file changed, 35 deletions(-) diff --git a/files/defaults.yaml b/files/defaults.yaml index 6db14da726..d3d1f11ffa 100644 --- a/files/defaults.yaml +++ b/files/defaults.yaml @@ -155,15 +155,6 @@ zowe: # This is an ID that can be used by servers that distinguish their cookies from unrelated Zowe installs, # for purposes such as to allow multiple copies of Zowe to be used within the same client cookieIdentifier: "1" - - # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> - - # You can list your external domains on how you want to access Zowe. - # This should be the domain list you would like to put into your web browser's - # address bar. - externalDomains: - # this should be the domain name to access Zowe APIML Gateway - - "${{ zos.resolveSymbol('&SYSNAME') }}" # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # This is the port you use to access Zowe Gateway from your web browser. @@ -172,32 +163,6 @@ zowe: # some use cases, like containerization, this port could be different. externalPort: 7554 - # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> - # You can define any Zowe message portions to be checked for and the message added to the - # system log upon its logging, truncated to 126 characters. - #sysMessages: - # # Zowe starting - # - "ZWEL0021I" - # # Zowe started - # - "ZWEL0018I" - # - "ZWEL0006I" - # # Zowe ready to use - # - "ZWES1601I" - # # Zowe stopping - # - "ZWEL0008I" - # # Zowe stopped - # - "ZWEL0022I" - # # Zowe components starting - # - "ZWEL0001I" - # # Zowe components stopped - # - "ZWEL0002I" - # # API ML components ready - # - "ZWEAM000I" - # # App server ready - # - "ZWED0031I" - # # ZSS ready - # - "ZWES1013I" - # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # Enable debug mode for Zowe launch scripts launchScript: From cf70fe4995b9922fee441e1ff0ef16758a6ad5aa Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Thu, 16 May 2024 14:40:24 +0200 Subject: [PATCH 188/258] Validate ZIS Parmlib member as ZWESIPnn Signed-off-by: Martin Zeithaml --- schemas/server-common.json | 6 ++++++ schemas/zowe-yaml-schema.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/schemas/server-common.json b/schemas/server-common.json index c9b419ce95..d2468e9fbc 100644 --- a/schemas/server-common.json +++ b/schemas/server-common.json @@ -48,6 +48,12 @@ "minLength": 1, "maxLength": 8 }, + "zisParmlibMember": { + "$anchor": "zisParmlibMember", + "type": "string", + "description": "ZIS parmlib member name in format ZWESIPnn, where nn is suffix", + "pattern": "^ZWESIP[A-Z0-9\\$\\#\\@]{2}$" + }, "jobname": { "$anchor": "zoweJobname", "type": "string", diff --git a/schemas/zowe-yaml-schema.json b/schemas/zowe-yaml-schema.json index be143a0559..ddabae1beb 100644 --- a/schemas/zowe-yaml-schema.json +++ b/schemas/zowe-yaml-schema.json @@ -38,7 +38,7 @@ "description": "Holds Zowe PARMLIB members for plugins", "properties": { "zis": { - "$ref": "/schemas/v2/server-common#zoweDatasetMember", + "$ref": "/schemas/v2/server-common#zisParmlibMember", "description": "PARMLIB member used by ZIS" } } From 2db1e9e61900958c7f8418d5794f3cc278def955 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Thu, 16 May 2024 16:08:36 +0200 Subject: [PATCH 189/258] Minor JCL changes Signed-off-by: Martin Zeithaml --- files/SZWESAMP/ZWECSVSM | 116 ++++++++++++++++++++-------------------- files/SZWESAMP/ZWEGENER | 21 ++++++-- 2 files changed, 74 insertions(+), 63 deletions(-) diff --git a/files/SZWESAMP/ZWECSVSM b/files/SZWESAMP/ZWECSVSM index 3f7b5c2412..226b0dbd6f 100644 --- a/files/SZWESAMP/ZWECSVSM +++ b/files/SZWESAMP/ZWECSVSM @@ -1,58 +1,58 @@ -//ZWECSVSM JOB -//* -//* This program and the accompanying materials are made available -//* under the terms of the Eclipse Public License v2.0 which -//* accompanies this distribution, and is available at -//* https://www.eclipse.org/legal/epl-v20.html -//* -//* SPDX-License-Identifier: EPL-2.0 -//* -//* Copyright Contributors to the Zowe Project. 2020, 2020 -//* -//********************************************************************* -//* -//* Zowe Open Source Project -//* This JCL creates the VSAM data set for the Caching Service. -//* -//* -//* CAUTION: This is neither a JCL procedure nor a complete job. -//* Before using this JCL, you will have to make the following -//* modifications: -//* -//* 1) Add job name and job parameters to the JOB statement, to -//* meet your system requirements. -//* -//* When using RLS, customize the definitions in the RLS DD: -//* -//* 5) Optionally, change LOG option NONE to UNDO or ALL to set the -//* desired recovery options for the RLS VSAM. -//* -//* -//* Note(s): -//* -//* 1. This job should complete with return code 0. -//* -//******************************************************************** -//* -//ALLOC EXEC PGM=IDCAMS,REGION=0M -//SYSPRINT DD SYSOUT=* -//SYSIN DD * - DEFINE CLUSTER - - (NAME({zowe.setup.vsam.name}) - -// DD DDNAME={zowe.setup.vsam.mode} -// DD * - REC(80 20) - - INDEXED) - - DATA(NAME({zowe.setup.vsam.name}.DATA) - - RECSZ(4096 4096) - - UNIQUE - - KEYS(128 0)) - - INDEX(NAME({zowe.setup.vsam.name}.INDEX) - - UNIQUE) -//RLS DD * - STORCLAS({zowe.setup.vsam.storageClass}) - - LOG(NONE) - -//NONRLS DD * - VOLUME({zowe.setup.vsam.volume}) - - SHAREOPTIONS(2 3) - -//* +//ZWECSVSM JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* Zowe Open Source Project +//* This JCL creates the VSAM data set for the Caching Service. +//* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* When using RLS, customize the definitions in the RLS DD: +//* +//* 2) Optionally, change LOG option NONE to UNDO or ALL to set the +//* desired recovery options for the RLS VSAM. +//* +//* +//* Note(s): +//* +//* 1. This job should complete with return code 0. +//* +//******************************************************************** +//* +//ALLOC EXEC PGM=IDCAMS,REGION=0M +//SYSPRINT DD SYSOUT=* +//SYSIN DD * + DEFINE CLUSTER - + (NAME({zowe.setup.vsam.name}) - +// DD DDNAME={zowe.setup.vsam.mode} +// DD * + REC(80 20) - + INDEXED) - + DATA(NAME({zowe.setup.vsam.name}.DATA) - + RECSZ(4096 4096) - + UNIQUE - + KEYS(128 0)) - + INDEX(NAME({zowe.setup.vsam.name}.INDEX) - + UNIQUE) +//RLS DD * + STORCLAS({zowe.setup.vsam.storageClass}) - + LOG(NONE) - +//NONRLS DD * + VOLUME({zowe.setup.vsam.volume}) - + SHAREOPTIONS(2 3) - +//* diff --git a/files/SZWESAMP/ZWEGENER b/files/SZWESAMP/ZWEGENER index 753b0cc94b..e773895b6d 100644 --- a/files/SZWESAMP/ZWEGENER +++ b/files/SZWESAMP/ZWEGENER @@ -1,8 +1,19 @@ -//ZWEGENER JOB -//* -//* This job is responsible for generating other jobs required -//* to configure Zowe. -//* +//ZWEGENER JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* This job is responsible for generating other jobs required +//* to configure Zowe. +//* //* The method of validating your configuration is using //* JSON Schema . Zowe provides //* the ConfigMgr to assist in this. This job will invoke From 8aa1056cc1061a29fa57c360fe605127aaa225da Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 21 May 2024 04:17:38 -0400 Subject: [PATCH 190/258] Adding zwe internal config output as a way to have zwe init certificate have configmgr yaml without rewriting it Signed-off-by: 1000TurquoisePogs --- .gitignore | 2 +- bin/commands/init/certificate/index.sh | 15 +++++++++++++++ bin/commands/internal/config/output/.examples | 1 + bin/commands/internal/config/output/.help | 1 + bin/commands/internal/config/output/cli.ts | 13 +++++++++++++ bin/commands/internal/config/output/index.sh | 14 ++++++++++++++ bin/commands/internal/config/output/index.ts | 19 +++++++++++++++++++ bin/libs/common.sh | 3 +++ 8 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 bin/commands/internal/config/output/.examples create mode 100644 bin/commands/internal/config/output/.help create mode 100644 bin/commands/internal/config/output/cli.ts create mode 100644 bin/commands/internal/config/output/index.sh create mode 100644 bin/commands/internal/config/output/index.ts diff --git a/.gitignore b/.gitignore index e740da7bb7..9ca12300d3 100644 --- a/.gitignore +++ b/.gitignore @@ -46,7 +46,7 @@ manifest.json artifactory-download-spec.json # zowe jobs output -output/ +./output/ # release temporary folder .release/ diff --git a/bin/commands/init/certificate/index.sh b/bin/commands/init/certificate/index.sh index 96f31cc55e..61807f43f8 100644 --- a/bin/commands/init/certificate/index.sh +++ b/bin/commands/init/certificate/index.sh @@ -15,6 +15,15 @@ # validation require_zowe_yaml +if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then + # user-facing command, use tmpdir to not mess up workspace permissions + export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=$(create_tmp_file) + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/internal/config/output/cli.js" + # use the yaml configmgr returns because it will contain defaults for the version we are using. + ZWE_CLI_PARAMETER_CONFIG=${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}/.zowe-merged.yaml +fi + + ############################### # read prefix and validate prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") @@ -229,6 +238,7 @@ if [ "${cert_type}" = "PKCS12" ]; then pkcs12_caPassword=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.pkcs12.caPassword") pkcs12_caAlias=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.pkcs12.caAlias") pkcs12_caAlias_lc=$(echo "${pkcs12_caAlias}" | lower_case) + # create CA zwecli_inline_execute_command \ certificate pkcs12 create ca \ @@ -458,3 +468,8 @@ if [ -n "${zosmf_host}" -a "${verify_certificates}" = "STRICT" ]; then --host "${zosmf_host}" \ --port "${zosmf_port}" fi + +# cleanup temp file made at top. +if [ -n "$ZWE_PRIVATE_TMP_MERGED_YAML_DIR" ]; then + rm "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}/.zowe-merged.yaml" +fi diff --git a/bin/commands/internal/config/output/.examples b/bin/commands/internal/config/output/.examples new file mode 100644 index 0000000000..3234dd5106 --- /dev/null +++ b/bin/commands/internal/config/output/.examples @@ -0,0 +1 @@ +zwe internal config output -c /path/to/zowe.yaml diff --git a/bin/commands/internal/config/output/.help b/bin/commands/internal/config/output/.help new file mode 100644 index 0000000000..9ab013c019 --- /dev/null +++ b/bin/commands/internal/config/output/.help @@ -0,0 +1 @@ +Outputs the merged YAML used at Zowe runtime into zowe.workspaceDirectory/.env/.zowe-merged.yaml diff --git a/bin/commands/internal/config/output/cli.ts b/bin/commands/internal/config/output/cli.ts new file mode 100644 index 0000000000..3e9ae4c7de --- /dev/null +++ b/bin/commands/internal/config/output/cli.ts @@ -0,0 +1,13 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ +import * as std from 'cm_std'; +import * as index from './index'; +index.execute(); diff --git a/bin/commands/internal/config/output/index.sh b/bin/commands/internal/config/output/index.sh new file mode 100644 index 0000000000..d2765d6f5f --- /dev/null +++ b/bin/commands/internal/config/output/index.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +####################################################################### +# This program and the accompanying materials are made available +# under the terms of the Eclipse Public License v2.0 which +# accompanies this distribution, and is available at +# https://www.eclipse.org/legal/epl-v20.html +# +# SPDX-License-Identifier: EPL-2.0 +# +# Copyright Contributors to the Zowe Project. +####################################################################### + +_CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/internal/config/output/cli.js" diff --git a/bin/commands/internal/config/output/index.ts b/bin/commands/internal/config/output/index.ts new file mode 100644 index 0000000000..d89523ac8d --- /dev/null +++ b/bin/commands/internal/config/output/index.ts @@ -0,0 +1,19 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as common from '../../../../libs/common'; +import * as config from '../../../../libs/config'; + +export function execute(configPath:string, haInstance?: string) { + common.requireZoweYaml(); + const ZOWE_CONFIG=config.getZoweConfig(); + common.printMessage(`Runtime YAML placed at ${ZOWE_CONFIG.zowe.workspaceDirectory}/.env/.zowe-merged.yaml`); +} diff --git a/bin/libs/common.sh b/bin/libs/common.sh index 5db74cc256..404deb4857 100644 --- a/bin/libs/common.sh +++ b/bin/libs/common.sh @@ -123,6 +123,9 @@ print_error_and_exit() { exit_code=${3:-1} print_error "${message}" "${write_to}" + if [ -n "$ZWE_PRIVATE_TMP_MERGED_YAML_DIR" ]; then + rm "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}/.zowe-merged.yaml" + fi exit ${exit_code} } From ba2f480c06adc68e92b05df83cb5669bff84dd6d Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 21 May 2024 04:23:35 -0400 Subject: [PATCH 191/258] Remove unused function arguments Signed-off-by: 1000TurquoisePogs --- bin/commands/internal/config/output/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/commands/internal/config/output/index.ts b/bin/commands/internal/config/output/index.ts index d89523ac8d..bd87137ff2 100644 --- a/bin/commands/internal/config/output/index.ts +++ b/bin/commands/internal/config/output/index.ts @@ -12,7 +12,7 @@ import * as common from '../../../../libs/common'; import * as config from '../../../../libs/config'; -export function execute(configPath:string, haInstance?: string) { +export function execute() { common.requireZoweYaml(); const ZOWE_CONFIG=config.getZoweConfig(); common.printMessage(`Runtime YAML placed at ${ZOWE_CONFIG.zowe.workspaceDirectory}/.env/.zowe-merged.yaml`); From cac1dc284d46c93d29b2e23dcc148a35c1e1a239 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 21 May 2024 05:39:14 -0400 Subject: [PATCH 192/258] Create temp folder that is used in output command Signed-off-by: 1000TurquoisePogs --- bin/commands/init/certificate/index.sh | 1 + bin/commands/internal/config/output/index.ts | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/commands/init/certificate/index.sh b/bin/commands/init/certificate/index.sh index 61807f43f8..13eead787a 100644 --- a/bin/commands/init/certificate/index.sh +++ b/bin/commands/init/certificate/index.sh @@ -18,6 +18,7 @@ require_zowe_yaml if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then # user-facing command, use tmpdir to not mess up workspace permissions export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=$(create_tmp_file) + mkdir -p ${ZWE_PRIVATE_TMP_MERGED_YAML_DIR} _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/internal/config/output/cli.js" # use the yaml configmgr returns because it will contain defaults for the version we are using. ZWE_CLI_PARAMETER_CONFIG=${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}/.zowe-merged.yaml diff --git a/bin/commands/internal/config/output/index.ts b/bin/commands/internal/config/output/index.ts index bd87137ff2..5f6d98d054 100644 --- a/bin/commands/internal/config/output/index.ts +++ b/bin/commands/internal/config/output/index.ts @@ -15,5 +15,4 @@ import * as config from '../../../../libs/config'; export function execute() { common.requireZoweYaml(); const ZOWE_CONFIG=config.getZoweConfig(); - common.printMessage(`Runtime YAML placed at ${ZOWE_CONFIG.zowe.workspaceDirectory}/.env/.zowe-merged.yaml`); } From dfc90924cc38be2f3f5457e73eb7eda5be95dce2 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Tue, 21 May 2024 12:31:03 +0200 Subject: [PATCH 193/258] Error if dataset/member does not exist Signed-off-by: Martin Zeithaml --- bin/commands/init/generate/.errors | 1 + bin/commands/init/generate/index.ts | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/bin/commands/init/generate/.errors b/bin/commands/init/generate/.errors index 3cc0d0a247..53ffd637b5 100644 --- a/bin/commands/init/generate/.errors +++ b/bin/commands/init/generate/.errors @@ -1,2 +1,3 @@ +ZWEL0143E|143|Cannot find data set member %s. You may need to re-run zwe install. ZWEL0157E|157|%s (%s) is not defined in Zowe YAML configuration file. ZWEL0316E|316|Command requires zowe.useConfigmgr=true to use. diff --git a/bin/commands/init/generate/index.ts b/bin/commands/init/generate/index.ts index 88a768b990..86286f9395 100644 --- a/bin/commands/init/generate/index.ts +++ b/bin/commands/init/generate/index.ts @@ -34,7 +34,9 @@ export function execute(dryRun?: boolean) { } const tempFile = fs.createTmpFile(); - zosFs.copyMvsToUss(ZOWE_CONFIG.zowe.setup.dataset.prefix + '.SZWESAMP(ZWEGENER)', tempFile); + if (zosFs.copyMvsToUss(ZOWE_CONFIG.zowe.setup.dataset.prefix + '.SZWESAMP(ZWEGENER)', tempFile) !== 0) { + common.printErrorAndExit(`ZWEL0143E Cannot find data set member '${ZOWE_CONFIG.zowe.setup.dataset.prefix + '.SZWESAMP(ZWEGENER)'}'. You may need to re-run zwe install.`, undefined, 143); + } let jclContents = xplatform.loadFileUTF8(tempFile, xplatform.AUTO_DETECT); // Replace is using special replacement patterns, by doubling '$' we will avoid that From 0ec2829c7e864c977c0febda8cb18d7295c0a6c7 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 21 May 2024 07:45:14 -0400 Subject: [PATCH 194/258] Store and restore the config path after using merged yaml Signed-off-by: 1000TurquoisePogs --- bin/commands/init/certificate/index.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/commands/init/certificate/index.sh b/bin/commands/init/certificate/index.sh index 13eead787a..9e4d12222e 100644 --- a/bin/commands/init/certificate/index.sh +++ b/bin/commands/init/certificate/index.sh @@ -21,6 +21,7 @@ if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then mkdir -p ${ZWE_PRIVATE_TMP_MERGED_YAML_DIR} _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/internal/config/output/cli.js" # use the yaml configmgr returns because it will contain defaults for the version we are using. + CONFIG_TO_WRITE=${ZWE_CLI_PARAMETER_CONFIG} ZWE_CLI_PARAMETER_CONFIG=${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}/.zowe-merged.yaml fi @@ -354,6 +355,7 @@ if [ "${cert_type}" = "PKCS12" ]; then pkcs12_name_lc=$(echo "${pkcs12_name}" | lower_case) + ZWE_CLI_PARAMETER_CONFIG=${CONFIG_TO_WRITE} # update zowe.yaml if [ "${ZWE_CLI_PARAMETER_UPDATE_CONFIG}" = "true" ]; then print_level1_message "Update certificate configuration to ${ZWE_CLI_PARAMETER_CONFIG}" From adb8577a776fcdfe1a60a17f449894803285510d Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 22 May 2024 06:33:48 -0400 Subject: [PATCH 195/258] Use templates in defaults.yaml to avoid combining certificate scenario 1 with other scenarios Signed-off-by: 1000TurquoisePogs --- files/defaults.yaml | 59 +++++++++++++++------------------------------ 1 file changed, 20 insertions(+), 39 deletions(-) diff --git a/files/defaults.yaml b/files/defaults.yaml index d3d1f11ffa..b795de4f41 100644 --- a/files/defaults.yaml +++ b/files/defaults.yaml @@ -32,9 +32,6 @@ zowe: dataset: # where Zowe MVS data sets will be installed # This prefix is used for the Zowe runtime datasets - # Including: - # Auth Load Lib: SZWEAUTH - # Load Lib: SZWELOAD prefix: IBMUSER.ZWEV2 # PROCLIB where Zowe STCs will be copied over @@ -42,7 +39,6 @@ zowe: # Zowe PARMLIB parmlib: IBMUSER.ZWEV2.CUST.PARMLIB - # Holds Zowe PARMLIB members for plugins parmlibMembers: # For ZIS plugins zis: ZWESIP00 @@ -58,25 +54,18 @@ zowe: authPluginLib: IBMUSER.ZWEV2.CUST.ZWESAPL # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> - # Security related configurations. This setup is optional. security: # security product name. Can be RACF, ACF2 or TSS product: RACF - # security group name groups: - # Zowe admin user group admin: ZWEADMIN - # Zowe STC group stc: ZWEADMIN - # Zowe SysProg group sysProg: ZWEADMIN - # security user name users: # Zowe runtime user name of main service zowe: ZWESVUSR # Zowe runtime user name of ZIS zis: ZWESIUSR - # STC names stcs: # STC name of Zowe main service zowe: ZWESLSTC @@ -87,38 +76,30 @@ zowe: # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # Certificate related configurations - # - # There are 5 configurations cases. Please choose one from below. - - # >>>> Certificate setup scenario 1 - # PKCS12 (keystore) with Zowe generate certificates. + # This section fully defines a default for certificate scenario 1, but makes way when detecting any other scenarios. certificate: type: PKCS12 - pkcs12: - - # Keystore directory - directory: /var/zowe/keystore - # Lock the keystore directory to only accessible by Zowe runtime user and group. - lock: true - - # Certificate alias name. - name: localhost - password: password - - # Alias name of self-signed certificate authority. - caAlias: local_ca - caPassword: local_ca_password + pkcs12: + directory: "${{ zowe.setup.certificate.type != 'PKCS12' ? null : '/var/zowe/keystore' }}" + lock: "${{ zowe.setup.certificate.type != 'PKCS12' ? null : true }}" + name: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'localhost' : null }}" + password: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'password' : null }}" + caAlias: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'local_ca' : null }}" + caPassword: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'local_ca_password' : null }}" + +#"${{ zowe.setup.certificate.type != 'PKCS12' ? null : zowe.setup.certificate.pkcs12.import ? { directory: zowe.setup.certificate.pkcs12.directory, lock: zowe.setup.certificate.pkcs12.lock, import: zowe.setup.certificate.pkcs12.import } : { directory: '/var/zowe/keystore', lock: true, name: 'localhost', password: 'password', caAlias: 'local_ca', caPassword: 'local_ca_password'} }}" + # Distinguished name for Zowe generated certificates. - dname: - caCommonName: "Zowe Development Instances CA" - commonName: "Zowe Development Instances Certificate" - orgUnit: "API Mediation Layer" - org: "Zowe Sample" - locality: "Prague" - state: "Prague" - country: "CZ" + dname: + caCommonName: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Zowe Development Instances CA' : null }}" + commonName: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Zowe Development Instances Certificate' : null }}" + orgUnit: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'API Mediation Layer' : null }}" + org: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Zowe Sample' : null }}" + locality: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Prague' : null }}" + state: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Prague' : null }}" + country: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'CZ' : null }}" # Validity days for Zowe generated certificates - validity: 3650 + validity: "${{ (zowe.setup.certificate.pkcs12?.import || zowe.setup.certificate.keyring?.label) ? null : 3650 }}" # Where to store runtime logs From e33830b9a84ebc19fda9a7d9a8bf2f37667d1646 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 22 May 2024 09:28:43 -0400 Subject: [PATCH 196/258] Swap null for undefined. Assumed schema would tolerate null but did not. Signed-off-by: 1000TurquoisePogs --- files/defaults.yaml | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/files/defaults.yaml b/files/defaults.yaml index b795de4f41..45541202ef 100644 --- a/files/defaults.yaml +++ b/files/defaults.yaml @@ -80,26 +80,24 @@ zowe: certificate: type: PKCS12 pkcs12: - directory: "${{ zowe.setup.certificate.type != 'PKCS12' ? null : '/var/zowe/keystore' }}" - lock: "${{ zowe.setup.certificate.type != 'PKCS12' ? null : true }}" - name: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'localhost' : null }}" - password: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'password' : null }}" - caAlias: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'local_ca' : null }}" - caPassword: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'local_ca_password' : null }}" - -#"${{ zowe.setup.certificate.type != 'PKCS12' ? null : zowe.setup.certificate.pkcs12.import ? { directory: zowe.setup.certificate.pkcs12.directory, lock: zowe.setup.certificate.pkcs12.lock, import: zowe.setup.certificate.pkcs12.import } : { directory: '/var/zowe/keystore', lock: true, name: 'localhost', password: 'password', caAlias: 'local_ca', caPassword: 'local_ca_password'} }}" + directory: "${{ zowe.setup.certificate.type != 'PKCS12' ? undefined : '/var/zowe/keystore' }}" + lock: "${{ zowe.setup.certificate.type != 'PKCS12' ? undefined : true }}" + name: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'localhost' : undefined }}" + password: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'password' : undefined }}" + caAlias: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'local_ca' : undefined }}" + caPassword: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'local_ca_password' : undefined }}" # Distinguished name for Zowe generated certificates. dname: - caCommonName: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Zowe Development Instances CA' : null }}" - commonName: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Zowe Development Instances Certificate' : null }}" - orgUnit: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'API Mediation Layer' : null }}" - org: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Zowe Sample' : null }}" - locality: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Prague' : null }}" - state: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Prague' : null }}" - country: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'CZ' : null }}" + caCommonName: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Zowe Development Instances CA' : undefined }}" + commonName: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Zowe Development Instances Certificate' : undefined }}" + orgUnit: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'API Mediation Layer' : undefined }}" + org: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Zowe Sample' : undefined }}" + locality: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Prague' : undefined }}" + state: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Prague' : undefined }}" + country: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'CZ' : undefined }}" # Validity days for Zowe generated certificates - validity: "${{ (zowe.setup.certificate.pkcs12?.import || zowe.setup.certificate.keyring?.label) ? null : 3650 }}" + validity: "${{ (zowe.setup.certificate.pkcs12?.import || zowe.setup.certificate.keyring?.label) ? undefined : 3650 }}" # Where to store runtime logs From ea9f8ab33f0aeaac8afc2162893128cc213decf6 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 22 May 2024 11:40:30 -0400 Subject: [PATCH 197/258] Combine assignment of pkcs12 and dname objects into single statement Signed-off-by: 1000TurquoisePogs --- files/defaults.yaml | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) diff --git a/files/defaults.yaml b/files/defaults.yaml index 45541202ef..77251f0ffd 100644 --- a/files/defaults.yaml +++ b/files/defaults.yaml @@ -79,23 +79,15 @@ zowe: # This section fully defines a default for certificate scenario 1, but makes way when detecting any other scenarios. certificate: type: PKCS12 - pkcs12: - directory: "${{ zowe.setup.certificate.type != 'PKCS12' ? undefined : '/var/zowe/keystore' }}" - lock: "${{ zowe.setup.certificate.type != 'PKCS12' ? undefined : true }}" - name: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'localhost' : undefined }}" - password: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'password' : undefined }}" - caAlias: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'local_ca' : undefined }}" - caPassword: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'local_ca_password' : undefined }}" + # Quirk in templating and schema - undefined/null here will be rejected by a schema that wants a string, so instead of templating individual objects + # This templates the entire object. + # Templating the entire object as "pkcs12: zowe.setup.certificate.pkcs12" also does not work, because internal template attributes are added. + # This will work for pkcs12 and dname objects as long as they dont have 'required' fields. + pkcs12: "${{ zowe.setup.certificate.type != 'PKCS12' ? {} : zowe.setup.certificate.pkcs12.import ? { directory: zowe.setup.certificate.pkcs12.directory, lock: zowe.setup.certificate.pkcs12.lock, import: zowe.setup.certificate.pkcs12.import } : { directory: '/var/zowe/keystore', lock: true, name: 'localhost', password: 'password', caAlias: 'local_ca', caPassword: 'local_ca_password' } }}" # Distinguished name for Zowe generated certificates. - dname: - caCommonName: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Zowe Development Instances CA' : undefined }}" - commonName: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Zowe Development Instances Certificate' : undefined }}" - orgUnit: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'API Mediation Layer' : undefined }}" - org: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Zowe Sample' : undefined }}" - locality: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Prague' : undefined }}" - state: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Prague' : undefined }}" - country: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'CZ' : undefined }}" + dname: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? { caCommonName: 'Zowe Development Instances CA', commonName: 'Zowe Development Instances Certificate', orgUnit: 'API Mediation Layer', org: 'Zowe Sample', locality: 'Prague', state: 'Prague', country: 'CZ' } : {} }}" + # Validity days for Zowe generated certificates validity: "${{ (zowe.setup.certificate.pkcs12?.import || zowe.setup.certificate.keyring?.label) ? undefined : 3650 }}" From a47703f0018d7061467eb241370c6202ea6c18bf Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Thu, 23 May 2024 10:26:56 +0200 Subject: [PATCH 198/258] Safe cp for datasets with dollar sign Signed-off-by: Martin Zeithaml --- files/SZWESAMP/ZWEIAPF2 | 24 ++++++++++++------------ files/SZWESAMP/ZWEIMVS2 | 11 ++++++----- 2 files changed, 18 insertions(+), 17 deletions(-) diff --git a/files/SZWESAMP/ZWEIAPF2 b/files/SZWESAMP/ZWEIAPF2 index ca56310e4d..8d97849373 100644 --- a/files/SZWESAMP/ZWEIAPF2 +++ b/files/SZWESAMP/ZWEIAPF2 @@ -1,14 +1,14 @@ //ZWEIAPF2 JOB -//* -//* This program and the accompanying materials are made available -//* under the terms of the Eclipse Public License v2.0 which -//* accompanies this distribution, and is available at -//* https://www.eclipse.org/legal/epl-v20.html -//* -//* SPDX-License-Identifier: EPL-2.0 -//* -//* Copyright Contributors to the Zowe Project. 2020, 2020 -//* +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* //********************************************************************* //* //* This JCL is used to set APF for the two datasets of Zowe @@ -26,7 +26,7 @@ //STDOUT DD SYSOUT=* //STDERR DD SYSOUT=* //STDPARM DD * -SH cd "{zowe.runtimeDirectory}" && +SH cd '{zowe.runtimeDirectory}' && cd bin/utils && export LOADLIB='{zowe.setup.dataset.authLoadlib}' && export LOADLOC=SMS && @@ -34,4 +34,4 @@ export PLUGLIB='{zowe.setup.dataset.authPluginLib}' && export PLUGLOC=SMS && ./opercmd.rex "SETPROG APF,ADD,DSN=$LOADLIB,$LOADLOC" && ./opercmd.rex "SETPROG APF,ADD,DSN=$PLUGLIB,$PLUGLOC" -//* +//* diff --git a/files/SZWESAMP/ZWEIMVS2 b/files/SZWESAMP/ZWEIMVS2 index ab0d17a6a9..93a3213a62 100644 --- a/files/SZWESAMP/ZWEIMVS2 +++ b/files/SZWESAMP/ZWEIMVS2 @@ -31,15 +31,16 @@ blksize(32760) unit(sysallda) space(30,15) tracks //STDOUT DD SYSOUT=* //STDERR DD SYSOUT=* //STDPARM DD * -SH cd "{zowe.runtimeDirectory}" && +SH cd '{zowe.runtimeDirectory}' && cd components/zss && +ZWE_TMP_MVS2='{zowe.setup.dataset.authLoadlib}' && cp -X LOADLIB/ZWESIS01 -"//'{zowe.setup.dataset.authLoadlib}(ZWESIS01)'" && +"//'$ZWE_TMP_MVS2(ZWESIS01)'" && cp -X LOADLIB/ZWESAUX -"//'{zowe.setup.dataset.authLoadlib}(ZWESAUX)'" && +"//'$ZWE_TMP_MVS2(ZWESAUX)'" && cp -X LOADLIB/ZWESISDL -"//'{zowe.setup.dataset.authLoadlib}(ZWESISDL)'" && +"//'$ZWE_TMP_MVS2(ZWESISDL)'" && cd ../launcher/bin && cp -X zowe_launcher -"//'{zowe.setup.dataset.authLoadlib}(ZWELNCH)'" +"//'$ZWE_TMP_MVS2(ZWELNCH)'" /* From 88eebe0be7ddb3518e4b1472f8eadd925ecf9925 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 23 May 2024 05:43:55 -0400 Subject: [PATCH 199/258] Revert to null approach for zowe.setup.certificate. allow null in schema. This is a quirk of configmgr template and merge behavior that should be enhanced in the future. Signed-off-by: 1000TurquoisePogs --- files/defaults.yaml | 26 ++++++++++++++++++-------- schemas/zowe-yaml-schema.json | 28 ++++++++++++++-------------- 2 files changed, 32 insertions(+), 22 deletions(-) diff --git a/files/defaults.yaml b/files/defaults.yaml index 77251f0ffd..b795de4f41 100644 --- a/files/defaults.yaml +++ b/files/defaults.yaml @@ -79,17 +79,27 @@ zowe: # This section fully defines a default for certificate scenario 1, but makes way when detecting any other scenarios. certificate: type: PKCS12 - # Quirk in templating and schema - undefined/null here will be rejected by a schema that wants a string, so instead of templating individual objects - # This templates the entire object. - # Templating the entire object as "pkcs12: zowe.setup.certificate.pkcs12" also does not work, because internal template attributes are added. - # This will work for pkcs12 and dname objects as long as they dont have 'required' fields. - pkcs12: "${{ zowe.setup.certificate.type != 'PKCS12' ? {} : zowe.setup.certificate.pkcs12.import ? { directory: zowe.setup.certificate.pkcs12.directory, lock: zowe.setup.certificate.pkcs12.lock, import: zowe.setup.certificate.pkcs12.import } : { directory: '/var/zowe/keystore', lock: true, name: 'localhost', password: 'password', caAlias: 'local_ca', caPassword: 'local_ca_password' } }}" + pkcs12: + directory: "${{ zowe.setup.certificate.type != 'PKCS12' ? null : '/var/zowe/keystore' }}" + lock: "${{ zowe.setup.certificate.type != 'PKCS12' ? null : true }}" + name: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'localhost' : null }}" + password: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'password' : null }}" + caAlias: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'local_ca' : null }}" + caPassword: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'local_ca_password' : null }}" - # Distinguished name for Zowe generated certificates. - dname: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? { caCommonName: 'Zowe Development Instances CA', commonName: 'Zowe Development Instances Certificate', orgUnit: 'API Mediation Layer', org: 'Zowe Sample', locality: 'Prague', state: 'Prague', country: 'CZ' } : {} }}" +#"${{ zowe.setup.certificate.type != 'PKCS12' ? null : zowe.setup.certificate.pkcs12.import ? { directory: zowe.setup.certificate.pkcs12.directory, lock: zowe.setup.certificate.pkcs12.lock, import: zowe.setup.certificate.pkcs12.import } : { directory: '/var/zowe/keystore', lock: true, name: 'localhost', password: 'password', caAlias: 'local_ca', caPassword: 'local_ca_password'} }}" + # Distinguished name for Zowe generated certificates. + dname: + caCommonName: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Zowe Development Instances CA' : null }}" + commonName: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Zowe Development Instances Certificate' : null }}" + orgUnit: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'API Mediation Layer' : null }}" + org: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Zowe Sample' : null }}" + locality: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Prague' : null }}" + state: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Prague' : null }}" + country: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'CZ' : null }}" # Validity days for Zowe generated certificates - validity: "${{ (zowe.setup.certificate.pkcs12?.import || zowe.setup.certificate.keyring?.label) ? undefined : 3650 }}" + validity: "${{ (zowe.setup.certificate.pkcs12?.import || zowe.setup.certificate.keyring?.label) ? null : 3650 }}" # Where to store runtime logs diff --git a/schemas/zowe-yaml-schema.json b/schemas/zowe-yaml-schema.json index ddabae1beb..6c497e7526 100644 --- a/schemas/zowe-yaml-schema.json +++ b/schemas/zowe-yaml-schema.json @@ -190,31 +190,31 @@ "description": "PKCS#12 keystore settings", "properties": { "directory": { - "$ref": "/schemas/v2/server-common#zowePath", + "type": [ "string", "null" ], "description": "Keystore directory" }, "name": { - "type": "string", + "type": [ "string", "null" ], "description": "Certificate alias name. Note: please use all lower cases as alias.", "default": "localhost" }, "password": { - "type": "string", + "type": [ "string", "null" ], "description": "Keystore password", "default": "password" }, "caAlias": { - "type": "string", + "type": [ "string", "null" ], "description": "Alias name of self-signed certificate authority. Note: please use all lower cases as alias.", "default": "local_ca" }, "caPassword": { - "type": "string", + "type": [ "string", "null" ], "description": "Password of keystore stored self-signed certificate authority.", "default": "local_ca_password" }, "lock": { - "type": "boolean", + "type": [ "boolean", "null" ], "description": "Whether to restrict the permissions of the keystore after creation" }, "import": { @@ -314,37 +314,37 @@ "description": "Certificate distinguish name", "properties": { "caCommonName": { - "type": "string", + "type": [ "string", "null" ], "description": "Common name of certificate authority generated by Zowe." }, "commonName": { - "type": "string", + "type": [ "string", "null" ], "description": "Common name of certificate generated by Zowe." }, "orgUnit": { - "type": "string", + "type": [ "string", "null" ], "description": "Organization unit of certificate generated by Zowe." }, "org": { - "type": "string", + "type": [ "string", "null" ], "description": "Organization of certificate generated by Zowe." }, "locality": { - "type": "string", + "type": [ "string", "null" ], "description": "Locality of certificate generated by Zowe. This is usually the city name." }, "state": { - "type": "string", + "type": [ "string", "null" ], "description": "State of certificate generated by Zowe. You can also put province name here." }, "country": { - "type": "string", + "type": [ "string", "null" ], "description": "2 letters country code of certificate generated by Zowe." } } }, "validity": { - "type": "integer", + "type": [ "integer", "null" ], "description": "Validity days for Zowe generated certificates", "default": 3650 }, From eb02d0b324740242cb23cf116c980dd4fd1ca56a Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 24 May 2024 06:46:47 -0400 Subject: [PATCH 200/258] Fixed keyring yaml write to temp file, and run certificate init through main init Signed-off-by: 1000TurquoisePogs --- bin/commands/init/certificate/index.sh | 17 +++++++++-------- bin/commands/init/index.ts | 2 +- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/bin/commands/init/certificate/index.sh b/bin/commands/init/certificate/index.sh index 9e4d12222e..46a507f48c 100644 --- a/bin/commands/init/certificate/index.sh +++ b/bin/commands/init/certificate/index.sh @@ -14,17 +14,17 @@ ############################### # validation require_zowe_yaml - -if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then - # user-facing command, use tmpdir to not mess up workspace permissions - export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=$(create_tmp_file) - mkdir -p ${ZWE_PRIVATE_TMP_MERGED_YAML_DIR} - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/internal/config/output/cli.js" - # use the yaml configmgr returns because it will contain defaults for the version we are using. +if [ -n "${ZWE_PRIVATE_CONFIG_ORIG}" ]; then + CONFIG_TO_WRITE=${ZWE_PRIVATE_CONFIG_ORIG} +else CONFIG_TO_WRITE=${ZWE_CLI_PARAMETER_CONFIG} - ZWE_CLI_PARAMETER_CONFIG=${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}/.zowe-merged.yaml fi +export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=$(create_tmp_file) +mkdir -p ${ZWE_PRIVATE_TMP_MERGED_YAML_DIR} +_CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/internal/config/output/cli.js" +# use the yaml configmgr returns because it will contain defaults for the version we are using. +ZWE_CLI_PARAMETER_CONFIG=${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}/.zowe-merged.yaml ############################### # read prefix and validate @@ -431,6 +431,7 @@ else # JCE* content print_level2_message "Certificate is generated in keyring successfully." fi + ZWE_CLI_PARAMETER_CONFIG=${CONFIG_TO_WRITE} # update zowe.yaml if [ "${ZWE_CLI_PARAMETER_UPDATE_CONFIG}" = "true" ]; then print_level1_message "Update certificate configuration to ${ZWE_CLI_PARAMETER_CONFIG}" diff --git a/bin/commands/init/index.ts b/bin/commands/init/index.ts index f2a402013b..7ceb0aacaa 100644 --- a/bin/commands/init/index.ts +++ b/bin/commands/init/index.ts @@ -114,7 +114,7 @@ export function execute(allowOverwrite?: boolean, dryRun?: boolean, ignoreSecuri initSecurity.execute(dryRun, ignoreSecurityFailures); } //initCertificate.execute(); - let result = shell.execSync('sh', '-c', `${std.getenv('ZWE_zowe_runtimeDirectory')}/bin/zwe init certificate ${dryRun?'--dry-run':''} ${updateConfig?'--update-config':''} ${allowOverwrite?'--alow-overwrite':''} ${ignoreSecurityFailures?'--ignore-security-failures':''} -c "${std.getenv('ZWE_CLI_PARAMETER_CONFIG')}"`); + let result = shell.execSync('sh', '-c', `ZWE_PRIVATE_CLI_LIBRARY_LOADED= ${std.getenv('ZWE_zowe_runtimeDirectory')}/bin/zwe init certificate ${dryRun?'--dry-run':''} ${updateConfig?'--update-config':''} ${allowOverwrite?'--allow-overwrite':''} ${ignoreSecurityFailures?'--ignore-security-failures':''} -c "${std.getenv('ZWE_CLI_PARAMETER_CONFIG')}"`); initStc.execute(allowOverwrite); common.printLevel1Message(`Zowe is configured successfully.`); From 59dcb03117b868e06d84ea527aa007b189fc6f64 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Fri, 24 May 2024 13:34:35 +0200 Subject: [PATCH 201/258] Minor help update Signed-off-by: Martin Zeithaml --- bin/commands/init/.help | 6 +++--- bin/commands/init/certificate/.help | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bin/commands/init/.help b/bin/commands/init/.help index 94f2d87621..6d98c6e591 100644 --- a/bin/commands/init/.help +++ b/bin/commands/init/.help @@ -213,13 +213,13 @@ components: Zowe the label of existing certificate. - If `zowe.verifyCertificates` is not `DISABLED`, and z/OSMF host (`zOSMF.host`) is provided, Zowe will try to trust z/OSMF certificate. - * If you are using `RACF` security manager, Zowe will try to automatically - detect the z/OSMF CA based on certificate owner specified by + * If you are using `RACF` or `TSS` security manager, Zowe will try to + automatically detect the z/OSMF CA based on certificate owner specified by `zowe.setup.certificate.keyring.zOSMF.user`. Default value of this field is `IZUSVR`. If the automatic detection failed, you will need to define `zowe.setup.certificate.keyring.zOSMF.ca` indicates what is the label of z/OSMF root certificate authority. - * If you are using `ACF2` or `TSS` (Top Secret) security manager, + * If you are using `ACF2` security manager, `zowe.setup.certificate.keyring.zOSMF.ca` is required to indicates what is the label of z/OSMF root certificate authority. diff --git a/bin/commands/init/certificate/.help b/bin/commands/init/certificate/.help index 20bedc6c48..3a0861b8ed 100644 --- a/bin/commands/init/certificate/.help +++ b/bin/commands/init/certificate/.help @@ -148,12 +148,12 @@ zOSMF: Zowe the label of existing certificate. - If `zowe.verifyCertificates` is not `DISABLED`, and z/OSMF host (`zOSMF.host`) is provided, Zowe will try to trust z/OSMF certificate. - * If you are using `RACF` security manager, Zowe will try to automatically - detect the z/OSMF CA based on certificate owner specified by + * If you are using `RACF` or `TSS` security manager, Zowe will try to + automatically detect the z/OSMF CA based on certificate owner specified by `zowe.setup.certificate.keyring.zOSMF.user`. Default value of this field is `IZUSVR`. If the automatic detection failed, you will need to define `zowe.setup.certificate.keyring.zOSMF.ca` indicates what is the label of z/OSMF root certificate authority. - * If you are using `ACF2` or `TSS` (Top Secret) security manager, + * If you are using `ACF2` security manager, `zowe.setup.certificate.keyring.zOSMF.ca` is required to indicates what is the label of z/OSMF root certificate authority. From 8334e19fa162a68303a83a44e0931bed1e08ef7a Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Mon, 27 May 2024 12:26:45 +0200 Subject: [PATCH 202/258] Split possible long RACF statement Signed-off-by: Martin Zeithaml --- files/SZWESAMP/ZWEIRAC | 3 ++- workflows/templates/ZWESECUR.vtl | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/files/SZWESAMP/ZWEIRAC b/files/SZWESAMP/ZWEIRAC index 56ce343c77..6ac0aadb89 100644 --- a/files/SZWESAMP/ZWEIRAC +++ b/files/SZWESAMP/ZWEIRAC @@ -260,7 +260,8 @@ /* general data set protection */ LISTDSD PREFIX({zowe.setup.dataset.prefix}) ALL - ADDSD '{zowe.setup.dataset.prefix}.*.**' UACC(READ) DATA('Zowe') + ADDSD '{zowe.setup.dataset.prefix}.*.**' UACC(READ) - + DATA('Zowe') PERMIT '{zowe.setup.dataset.prefix}.*.**' CLASS(DATASET) - ACCESS(ALTER) ID({zowe.setup.security.groups.sysProg}) diff --git a/workflows/templates/ZWESECUR.vtl b/workflows/templates/ZWESECUR.vtl index 84d86af7ab..6f148e9d31 100644 --- a/workflows/templates/ZWESECUR.vtl +++ b/workflows/templates/ZWESECUR.vtl @@ -395,7 +395,8 @@ /* general data set protection */ LISTDSD PREFIX(&HLQ.) ALL - ADDSD '&HLQ..*.**' UACC(READ) DATA('Zowe') + ADDSD '&HLQ..*.**' UACC(READ) - + DATA('Zowe') PERMIT '&HLQ..*.**' CLASS(DATASET) ACCESS(ALTER) ID(&SYSPROG.) SETROPTS GENERIC(DATASET) REFRESH From b753b9102a40138c5c8648e938f0343fdd2e295f Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 28 May 2024 08:02:35 -0400 Subject: [PATCH 203/258] Remove error about needing configmgr set for init actions. It is not necessary. Add generate check to protect against known incompatibility with using a parmlib member not of name ZWEYAML Signed-off-by: 1000TurquoisePogs --- bin/commands/init/apfauth/.errors | 3 +-- bin/commands/init/generate/.errors | 2 +- bin/commands/init/generate/index.ts | 8 ++++++++ bin/commands/init/mvs/.errors | 1 - bin/commands/init/security/.errors | 3 +-- bin/commands/init/stc/.errors | 1 - bin/commands/init/vsam/.errors | 3 +-- 7 files changed, 12 insertions(+), 9 deletions(-) diff --git a/bin/commands/init/apfauth/.errors b/bin/commands/init/apfauth/.errors index f6a394dbaa..d7df198604 100644 --- a/bin/commands/init/apfauth/.errors +++ b/bin/commands/init/apfauth/.errors @@ -1,2 +1 @@ -ZWEL0157E|157|%s (%s) is not defined in Zowe YAML configuration file. -ZWEL0316E|316|Command requires zowe.useConfigmgr=true to use. \ No newline at end of file +ZWEL0157E|157|%s (%s) is not defined in Zowe YAML configuration file. \ No newline at end of file diff --git a/bin/commands/init/generate/.errors b/bin/commands/init/generate/.errors index 53ffd637b5..cddf4b1847 100644 --- a/bin/commands/init/generate/.errors +++ b/bin/commands/init/generate/.errors @@ -1,3 +1,3 @@ ZWEL0143E|143|Cannot find data set member %s. You may need to re-run zwe install. ZWEL0157E|157|%s (%s) is not defined in Zowe YAML configuration file. -ZWEL0316E|316|Command requires zowe.useConfigmgr=true to use. +ZWEL0318E|318|Configuration stored in PARMLIB must use member name ZWEYAML when using generate action. \ No newline at end of file diff --git a/bin/commands/init/generate/index.ts b/bin/commands/init/generate/index.ts index 86286f9395..7b15a61ce3 100644 --- a/bin/commands/init/generate/index.ts +++ b/bin/commands/init/generate/index.ts @@ -68,6 +68,14 @@ export function execute(dryRun?: boolean) { configLines.push('FILE ' + fs.convertToAbsolutePath(filename).replace(/[$]/g, '$$$$')); state = null; } else if (state == 'PARMLIB(') { + let memberIndex = part.indexOf('('); + if (memberIndex != -1) { + let endIndex = part.indexOf(')', memberIndex); + let member = part.substring(memberIndex+1, endIndex); + if (member.toUpperCase() != 'ZWEYAML') { + common.printErrorAndExit(`ZWEL0318E Configuration stored in PARMLIB must use member name ZWEYAML when using generate action.`, undefined, 318); + } + } configLines.push('PARMLIB ' + part.substring(0, part.indexOf('(')).replace(/[$]/g, '$$$$')); state = null; } diff --git a/bin/commands/init/mvs/.errors b/bin/commands/init/mvs/.errors index 9f5fd7efa7..003a7826ae 100644 --- a/bin/commands/init/mvs/.errors +++ b/bin/commands/init/mvs/.errors @@ -5,4 +5,3 @@ ZWEL0158E|158|%s already exists. ZWEL0161E|161|Failed to run JCL %s. ZWEL0162E|162|Failed to find job %s result. ZWEL0163E|163|Job %s ends with code %s. -ZWEL0316E|316|Command requires zowe.useConfigmgr=true to use. diff --git a/bin/commands/init/security/.errors b/bin/commands/init/security/.errors index 189ac1da34..a82e4fdd18 100644 --- a/bin/commands/init/security/.errors +++ b/bin/commands/init/security/.errors @@ -6,5 +6,4 @@ ZWEL0161W||Failed to run JCL %s. ZWEL0162E|162|Failed to find job %s result. ZWEL0162W||Failed to find job %s result. ZWEL0163E|163|Job %s ends with code %s. -ZWEL0163W||Job %s ends with code %s. -ZWEL0316E|316|Command requires zowe.useConfigmgr=true to use. \ No newline at end of file +ZWEL0163W||Job %s ends with code %s. \ No newline at end of file diff --git a/bin/commands/init/stc/.errors b/bin/commands/init/stc/.errors index a587973371..a6a80cbddd 100644 --- a/bin/commands/init/stc/.errors +++ b/bin/commands/init/stc/.errors @@ -8,4 +8,3 @@ ZWEL0160E|160|Failed to write to %s. Please check if target data set is opened b ZWEL0161E|161|Failed to run JCL %s. ZWEL0162E|162|Failed to find job %s result. ZWEL0163E|163|Job %s ends with code %s. -ZWEL0316E|316|Command requires zowe.useConfigmgr=true to use. diff --git a/bin/commands/init/vsam/.errors b/bin/commands/init/vsam/.errors index 4b2cd0935b..aae5d7fcbe 100644 --- a/bin/commands/init/vsam/.errors +++ b/bin/commands/init/vsam/.errors @@ -7,5 +7,4 @@ ZWEL0160E|160|Failed to write to %s. Please check if target data set is opened b ZWEL0161E|161|Failed to run JCL %s. ZWEL0162E|162|Failed to find job %s result. ZWEL0163E|163|Job %s ends with code %s. -ZWEL0301W|0|Zowe Caching Service is not configured to use VSAM. Command skipped. -ZWEL0316E|316|Command requires zowe.useConfigmgr=true to use. \ No newline at end of file +ZWEL0301W|0|Zowe Caching Service is not configured to use VSAM. Command skipped. \ No newline at end of file From 2b8cbac42bb874acf93447de2619c1e3ccee0792 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 28 May 2024 08:03:17 -0400 Subject: [PATCH 204/258] Allow zwe init mvs to modify ZWEIMVS if zis parmlib member name is not ZWESIP00 Signed-off-by: 1000TurquoisePogs --- bin/commands/init/mvs/index.ts | 43 +++++++++++++++++++++++++++++++++- 1 file changed, 42 insertions(+), 1 deletion(-) diff --git a/bin/commands/init/mvs/index.ts b/bin/commands/init/mvs/index.ts index 46fc58cb1c..a679d27fc8 100644 --- a/bin/commands/init/mvs/index.ts +++ b/bin/commands/init/mvs/index.ts @@ -9,6 +9,10 @@ Copyright Contributors to the Zowe Project. */ +import * as std from 'cm_std'; +import * as xplatform from 'xplatform'; +import * as fs from '../../../libs/fs'; +import * as shell from '../../../libs/shell'; import * as zoslib from '../../../libs/zos'; import * as zosJes from '../../../libs/zos-jes'; import * as zosdataset from '../../../libs/zos-dataset'; @@ -86,8 +90,45 @@ export function execute(allowOverwrite?: boolean) { if (allowOverwrite && needAuthCleanup) { zosJes.printAndHandleJcl(`//'${jcllib}(ZWERMVS2)'`, `ZWERMVS2`, jcllib, prefix, false, true); } + + const zisParmlib = ZOWE_CONFIG.zowe.setup?.dataset?.parmlibMembers?.zis; + + if (zisParmlib && (zisParmlib != 'ZWESIP00')) { + + const COMMAND_LIST = std.getenv('ZWE_CLI_COMMANDS_LIST'); + const tmpfile = fs.createTmpFile(`zwe ${COMMAND_LIST}`.replace(new RegExp('\ ', 'g'), '-')); + common.printDebug(`- Copy ${jcllib}(ZWEIMVS) to ${tmpfile}`); + const jclContent = shell.execOutSync('sh', '-c', `cat "//'${stringlib.escapeDollar(jcllib)}(ZWEIMVS)'" 2>&1`); + if (jclContent.out && jclContent.rc == 0) { + common.printDebug(` * Succeeded`); + common.printTrace(` * Output:`); + common.printTrace(stringlib.paddingLeft(jclContent.out, " ")); + + const tmpFileContent = jclContent.out.replace("ZWESIP00,", zisParmlib.toUpperCase()+','); + xplatform.storeFileUTF8(tmpfile, xplatform.AUTO_DETECT, tmpFileContent); + common.printTrace(` * Stored:`); + common.printTrace(stringlib.paddingLeft(tmpFileContent, " ")); + + shell.execSync('chmod', '700', tmpfile); + } else { + common.printDebug(` * Failed`); + common.printError(` * Exit code: ${jclContent.rc}`); + common.printError(` * Output:`); + if (jclContent.out) { + common.printError(stringlib.paddingLeft(jclContent.out, " ")); + } + std.exit(1); + } + if (!fs.fileExists(tmpfile)) { + common.printErrorAndExit(`Error ZWEL0159E: Failed to prepare ZWEIMVS`, undefined, 159); + } - zosJes.printAndHandleJcl(`//'${jcllib}(ZWEIMVS)'`, `ZWEIMVS`, jcllib, prefix); + zosJes.printAndHandleJcl(tmpfile, `ZWEIMVS`, jcllib, prefix, true); + + + } else { + zosJes.printAndHandleJcl(`//'${jcllib}(ZWEIMVS)'`, `ZWEIMVS`, jcllib, prefix); + } if (runALoadlibCreate === true) { zosJes.printAndHandleJcl(`//'${jcllib}(ZWEIMVS2)'`, `ZWEIMVS2`, jcllib, prefix); } From e983af0482e68b5ddcbe8e316508a68f04efeb50 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 28 May 2024 08:04:26 -0400 Subject: [PATCH 205/258] Allow zowe.setup.vsam.name to be empty by defaulting to the caching service vsam name if present. This should be better for upgrades and users who do not expect the newer parameter, as this hides it better. Signed-off-by: 1000TurquoisePogs --- example-zowe.yaml | 5 +---- files/defaults.yaml | 4 ++++ playbooks/roles/configure/tasks/main.yml | 1 - schemas/zowe-yaml-schema.json | 10 ++++++++-- 4 files changed, 13 insertions(+), 7 deletions(-) diff --git a/example-zowe.yaml b/example-zowe.yaml index 301da9399b..e019ff7c62 100644 --- a/example-zowe.yaml +++ b/example-zowe.yaml @@ -52,9 +52,6 @@ zowe: # Zowe PARMLIB parmlib: IBMUSER.ZWEV2.CUST.PARMLIB # Holds Zowe PARMLIB members for plugins - parmlibMembers: - # For ZIS plugins - zis: ZWESIP00 # **COMMONLY_CUSTOMIZED** # JCL library where Zowe will store temporary JCLs during initialization jcllib: IBMUSER.ZWEV2.CUST.JCLLIB @@ -284,7 +281,7 @@ zowe: # Storage class name if you are using VSAM in RLS mode storageClass: "" # Data set name. Must match components.caching-service.storage.vsam.name - name: "" + # name: "" # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # **COMMONLY_CUSTOMIZED** diff --git a/files/defaults.yaml b/files/defaults.yaml index b795de4f41..81aac2f782 100644 --- a/files/defaults.yaml +++ b/files/defaults.yaml @@ -101,6 +101,10 @@ zowe: # Validity days for Zowe generated certificates validity: "${{ (zowe.setup.certificate.pkcs12?.import || zowe.setup.certificate.keyring?.label) ? null : 3650 }}" + vsam: + # Default to caching service entry as it predates this one + name: "${{ ()=> { if (components['caching-service']?.storage?.vsam?.name) { return components['caching-service'].storage.vsam.name } else { return '' } }() }}" + # Where to store runtime logs logDirectory: /global/zowe/logs diff --git a/playbooks/roles/configure/tasks/main.yml b/playbooks/roles/configure/tasks/main.yml index 4589c8ab03..173fbf4d4d 100644 --- a/playbooks/roles/configure/tasks/main.yml +++ b/playbooks/roles/configure/tasks/main.yml @@ -241,7 +241,6 @@ "zowe.setup.vsam.volume": "{{ zowe_caching_vsam_volume }}" "zowe.setup.vsam.storageClass": "{{ zowe_caching_vsam_storage_class }}" "components.caching-service.storage.mode": "{{ zowe_caching_service_persistent }}" - "zowe.setup.vsam.name": "{{ zowe_dataset_prefix }}.{{ zowe_caching_service_vsam_dsprefix }}{{ zowe_instance_id }}" "components.caching-service.storage.vsam.name": "{{ zowe_dataset_prefix }}.{{ zowe_caching_service_vsam_dsprefix }}{{ zowe_instance_id }}" - name: Update zowe.yaml zowe.setup.vsam.mode to NONRLS diff --git a/schemas/zowe-yaml-schema.json b/schemas/zowe-yaml-schema.json index 6c497e7526..9f5c5f5580 100644 --- a/schemas/zowe-yaml-schema.json +++ b/schemas/zowe-yaml-schema.json @@ -384,8 +384,14 @@ "description": "Storage class name if you are using VSAM in RLS mode" }, "name": { - "$ref": "/schemas/v2/server-common#zoweDatasetVsam", - "description": "Data set name. Must match components.caching-service.storage.vsam.name" + "anyOf": [ + { "type": "null" }, + { "type": "string", maxLength: 0 }, + { + "$ref": "/schemas/v2/server-common#zoweDatasetVsam", + "description": "Data set name. Must match components.caching-service.storage.vsam.name" + } + ] } } } From 8de84b326c708c934a3b2b8325efdd523e9a08cf Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 28 May 2024 14:07:39 +0200 Subject: [PATCH 206/258] Fix JSON syntax Signed-off-by: 1000TurquoisePogs --- schemas/zowe-yaml-schema.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/schemas/zowe-yaml-schema.json b/schemas/zowe-yaml-schema.json index 9f5c5f5580..3ec84e270f 100644 --- a/schemas/zowe-yaml-schema.json +++ b/schemas/zowe-yaml-schema.json @@ -386,7 +386,7 @@ "name": { "anyOf": [ { "type": "null" }, - { "type": "string", maxLength: 0 }, + { "type": "string", "maxLength": 0 }, { "$ref": "/schemas/v2/server-common#zoweDatasetVsam", "description": "Data set name. Must match components.caching-service.storage.vsam.name" From 6dc6766583c0b87fff121aa93c0b3b12a80e0ddd Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 28 May 2024 09:48:28 -0400 Subject: [PATCH 207/258] Add defaults.yaml to ZWEGENER Signed-off-by: 1000TurquoisePogs --- files/SZWESAMP/ZWEGENER | 3 +++ 1 file changed, 3 insertions(+) diff --git a/files/SZWESAMP/ZWEGENER b/files/SZWESAMP/ZWEGENER index e773895b6d..f2b880ed1f 100644 --- a/files/SZWESAMP/ZWEGENER +++ b/files/SZWESAMP/ZWEGENER @@ -69,10 +69,13 @@ $$ //* Overridden by the higher entries. //* PARMLIB member must be named "ZWEYAML" //* +//* Do not remove the defaults.yaml entry. +//* //* Ex. PARMLIB MY.ZOWE.CUSTOM.PARMLIB //* FILE /the/zowe/defaults.yaml //MYCONFIG DD *,DLM=$$ FILE +FILE {zowe.runtimeDirectory}/files/defaults.yaml $$ //CMGROUT DD SYSOUT=* //SYSPRINT DD SYSOUT=* From 07117559724a383b8155bf279a55a61fecddf0d0 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 30 May 2024 05:34:36 -0400 Subject: [PATCH 208/258] Updated init help, dry run flag name, error message ids, and removed zowe.setup.datasets properties from defaults.yaml according to review feedback. removed zwe install ts code for now. Signed-off-by: 1000TurquoisePogs --- bin/commands/init/.help | 5 ++ bin/commands/init/.parameters | 2 +- bin/commands/init/apfauth/.errors | 3 +- bin/commands/init/apfauth/index.ts | 2 +- bin/commands/init/index.ts | 2 +- bin/commands/init/mvs/.errors | 2 + bin/commands/init/mvs/index.ts | 4 +- bin/commands/init/security/.errors | 3 +- bin/commands/init/security/index.ts | 2 +- bin/commands/init/stc/.errors | 1 + bin/commands/init/stc/index.ts | 4 +- bin/commands/init/vsam/.errors | 3 +- bin/commands/init/vsam/index.ts | 4 +- bin/commands/install/cli.ts | 18 ------ bin/commands/install/index.ts | 85 ----------------------------- files/defaults.yaml | 19 ------- 16 files changed, 24 insertions(+), 135 deletions(-) delete mode 100644 bin/commands/install/cli.ts delete mode 100644 bin/commands/install/index.ts diff --git a/bin/commands/init/.help b/bin/commands/init/.help index 6d98c6e591..af9bac3401 100644 --- a/bin/commands/init/.help +++ b/bin/commands/init/.help @@ -4,6 +4,7 @@ You can find an example zowe.yaml in Zowe runtime directory folder. This command will run these sub-commands in sequence: +- `zwe init generate` - `zwe init mvs` - `zwe init vsam` - `zwe init apfauth` @@ -11,6 +12,10 @@ This command will run these sub-commands in sequence: - `zwe init certificate` - `zwe init stc` +If you pass `--dry-run` with this command, each subcommand will print out the +JCL that it would submit, without doing the submission. This can be used to +review what Zowe would do before doing it. + If you pass `--skip-security-setup` with this command, `zwe init apfauth` and `zwe init security` steps will be skipped. diff --git a/bin/commands/init/.parameters b/bin/commands/init/.parameters index 4d40f0b1c9..a903a71c35 100644 --- a/bin/commands/init/.parameters +++ b/bin/commands/init/.parameters @@ -1,5 +1,5 @@ allow-overwrite,allow-overwritten||boolean|||||Allow overwritten existing MVS data set. skip-security-setup||boolean|||||Whether should skip security related setup. -security-dry-run||boolean|||||Whether to dry run security related setup. +security-dry-run,dry-run||boolean|||||Whether to dry run security related setup. ignore-security-failures||boolean|||||Whether to ignore security setup job failures. update-config||boolean|||||Whether to update YAML configuration file with initialization result. diff --git a/bin/commands/init/apfauth/.errors b/bin/commands/init/apfauth/.errors index d7df198604..7fe897ca15 100644 --- a/bin/commands/init/apfauth/.errors +++ b/bin/commands/init/apfauth/.errors @@ -1 +1,2 @@ -ZWEL0157E|157|%s (%s) is not defined in Zowe YAML configuration file. \ No newline at end of file +ZWEL0157E|157|%s (%s) is not defined in Zowe YAML configuration file. +ZWEL0319E|319|zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command. \ No newline at end of file diff --git a/bin/commands/init/apfauth/index.ts b/bin/commands/init/apfauth/index.ts index bcee97f722..0dd9b8a76d 100644 --- a/bin/commands/init/apfauth/index.ts +++ b/bin/commands/init/apfauth/index.ts @@ -37,7 +37,7 @@ export function execute() { // read JCL library and validate const jcllib = zoslib.verifyGeneratedJcl(ZOWE_CONFIG); if (!jcllib) { - return common.printErrorAndExit(`Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command.`, undefined, 999); + return common.printErrorAndExit(`Error ZWEL0319E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command.`, undefined, 319); } diff --git a/bin/commands/init/index.ts b/bin/commands/init/index.ts index 7ceb0aacaa..6694184828 100644 --- a/bin/commands/init/index.ts +++ b/bin/commands/init/index.ts @@ -113,7 +113,7 @@ export function execute(allowOverwrite?: boolean, dryRun?: boolean, ignoreSecuri initApfAuth.execute(); initSecurity.execute(dryRun, ignoreSecurityFailures); } - //initCertificate.execute(); + // TODO: init certificate remains shell code for now due to complexity. let result = shell.execSync('sh', '-c', `ZWE_PRIVATE_CLI_LIBRARY_LOADED= ${std.getenv('ZWE_zowe_runtimeDirectory')}/bin/zwe init certificate ${dryRun?'--dry-run':''} ${updateConfig?'--update-config':''} ${allowOverwrite?'--allow-overwrite':''} ${ignoreSecurityFailures?'--ignore-security-failures':''} -c "${std.getenv('ZWE_CLI_PARAMETER_CONFIG')}"`); initStc.execute(allowOverwrite); diff --git a/bin/commands/init/mvs/.errors b/bin/commands/init/mvs/.errors index 003a7826ae..6fcafcce22 100644 --- a/bin/commands/init/mvs/.errors +++ b/bin/commands/init/mvs/.errors @@ -2,6 +2,8 @@ ZWEL0157E|157|%s (%s) is not defined in Zowe YAML configuration file. ZWEL0300W||%s already exists. This data set member will be overwritten during configuration. ZWEL0301W||%s already exists and will not be overwritten. For upgrades, you must use --allow-overwrite. ZWEL0158E|158|%s already exists. +ZWEL0159E|159|Failed to modify %s. ZWEL0161E|161|Failed to run JCL %s. ZWEL0162E|162|Failed to find job %s result. ZWEL0163E|163|Job %s ends with code %s. +ZWEL0319E|319|zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command. \ No newline at end of file diff --git a/bin/commands/init/mvs/index.ts b/bin/commands/init/mvs/index.ts index a679d27fc8..f000649db0 100644 --- a/bin/commands/init/mvs/index.ts +++ b/bin/commands/init/mvs/index.ts @@ -34,7 +34,7 @@ export function execute(allowOverwrite?: boolean) { const jcllib = zoslib.verifyGeneratedJcl(ZOWE_CONFIG); if (!jcllib) { - common.printErrorAndExit(`Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command.`, undefined, 999); + common.printErrorAndExit(`Error ZWEL0319E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command.`, undefined, 319); } let runALoadlibCreate: boolean; @@ -120,7 +120,7 @@ export function execute(allowOverwrite?: boolean) { std.exit(1); } if (!fs.fileExists(tmpfile)) { - common.printErrorAndExit(`Error ZWEL0159E: Failed to prepare ZWEIMVS`, undefined, 159); + common.printErrorAndExit(`Error ZWEL0159E: Failed to modify ZWEIMVS`, undefined, 159); } zosJes.printAndHandleJcl(tmpfile, `ZWEIMVS`, jcllib, prefix, true); diff --git a/bin/commands/init/security/.errors b/bin/commands/init/security/.errors index a82e4fdd18..07717c0de7 100644 --- a/bin/commands/init/security/.errors +++ b/bin/commands/init/security/.errors @@ -6,4 +6,5 @@ ZWEL0161W||Failed to run JCL %s. ZWEL0162E|162|Failed to find job %s result. ZWEL0162W||Failed to find job %s result. ZWEL0163E|163|Job %s ends with code %s. -ZWEL0163W||Job %s ends with code %s. \ No newline at end of file +ZWEL0163W||Job %s ends with code %s. +ZWEL0319E|319|zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command. \ No newline at end of file diff --git a/bin/commands/init/security/index.ts b/bin/commands/init/security/index.ts index 859fdefed5..d3653fbfbb 100644 --- a/bin/commands/init/security/index.ts +++ b/bin/commands/init/security/index.ts @@ -30,7 +30,7 @@ export function execute(dryRun?: boolean, ignoreSecurityFailures?: boolean) { // read JCL library and validate const jcllib = zoslib.verifyGeneratedJcl(ZOWE_CONFIG); if (!jcllib) { - return common.printErrorAndExit(`Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command.`, undefined, 999); + return common.printErrorAndExit(`Error ZWEL0319E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command.`, undefined, 319); } let securityProduct = zos.getEsm(); diff --git a/bin/commands/init/stc/.errors b/bin/commands/init/stc/.errors index a6a80cbddd..ea655496c8 100644 --- a/bin/commands/init/stc/.errors +++ b/bin/commands/init/stc/.errors @@ -8,3 +8,4 @@ ZWEL0160E|160|Failed to write to %s. Please check if target data set is opened b ZWEL0161E|161|Failed to run JCL %s. ZWEL0162E|162|Failed to find job %s result. ZWEL0163E|163|Job %s ends with code %s. +ZWEL0319E|319|zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command. diff --git a/bin/commands/init/stc/index.ts b/bin/commands/init/stc/index.ts index 3053eacec6..9619e362f3 100644 --- a/bin/commands/init/stc/index.ts +++ b/bin/commands/init/stc/index.ts @@ -50,7 +50,7 @@ export function execute(allowOverwrite: boolean = false) { // read JCL library and validate const jcllib = zoslib.verifyGeneratedJcl(ZOWE_CONFIG); if (!jcllib) { - return common.printErrorAndExit(`Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command.`, undefined, 999); + return common.printErrorAndExit(`Error ZWEL0319E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command.`, undefined, 319); } let security_stcs_zowe=ZOWE_CONFIG.zowe.setup?.security?.stcs?.zowe; @@ -116,7 +116,7 @@ export function execute(allowOverwrite: boolean = false) { std.exit(1); } if (!fs.fileExists(tmpfile)) { - common.printErrorAndExit(`Error ZWEL0159E: Failed to prepare ZWEISTC`, undefined, 159); + common.printErrorAndExit(`Error ZWEL0159E: Failed to modify ZWEISTC`, undefined, 159); } zosJes.printAndHandleJcl(tmpfile, `ZWEISTC`, jcllib, prefix, true); diff --git a/bin/commands/init/vsam/.errors b/bin/commands/init/vsam/.errors index aae5d7fcbe..c61c89f285 100644 --- a/bin/commands/init/vsam/.errors +++ b/bin/commands/init/vsam/.errors @@ -7,4 +7,5 @@ ZWEL0160E|160|Failed to write to %s. Please check if target data set is opened b ZWEL0161E|161|Failed to run JCL %s. ZWEL0162E|162|Failed to find job %s result. ZWEL0163E|163|Job %s ends with code %s. -ZWEL0301W|0|Zowe Caching Service is not configured to use VSAM. Command skipped. \ No newline at end of file +ZWEL0301W|0|Zowe Caching Service is not configured to use VSAM. Command skipped. +ZWEL0319E|319|zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command. \ No newline at end of file diff --git a/bin/commands/init/vsam/index.ts b/bin/commands/init/vsam/index.ts index e0d8f5cbb1..72ea633a19 100644 --- a/bin/commands/init/vsam/index.ts +++ b/bin/commands/init/vsam/index.ts @@ -35,12 +35,12 @@ export function execute(allowOverwrite?: boolean, dryRun?: boolean, updateConfig const jcllib = zoslib.verifyGeneratedJcl(ZOWE_CONFIG); if (!jcllib) { - return common.printErrorAndExit(`Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command.`, undefined, 999); + return common.printErrorAndExit(`Error ZWEL0319E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command.`, undefined, 319); } const mode = ZOWE_CONFIG.zowe.setup?.vsam?.mode; if (!mode) { - return common.printErrorAndExit(`Error ZWEL0999E: VSAM parameter (zowe.setup.vsam.mode) is not defined in Zowe YAML configuration file.`, undefined, 157); + return common.printErrorAndExit(`Error ZWEL0157E: VSAM parameter (zowe.setup.vsam.mode) is not defined in Zowe YAML configuration file.`, undefined, 157); } let keys = mode == 'NONRLS' ? ['volume', 'name'] : ['storageClass', 'name']; diff --git a/bin/commands/install/cli.ts b/bin/commands/install/cli.ts deleted file mode 100644 index bb5cb1c23b..0000000000 --- a/bin/commands/install/cli.ts +++ /dev/null @@ -1,18 +0,0 @@ -/* - This program and the accompanying materials are made available - under the terms of the Eclipse Public License v2.0 which - accompanies this distribution, and is available at - https://www.eclipse.org/legal/epl-v20.html - - SPDX-License-Identifier: EPL-2.0 - - Copyright Contributors to the Zowe Project. -*/ - -import * as std from 'cm_std'; -import * as index from './index'; -import * as configmgr from '../../libs/configmgr'; - -index.execute(std.getenv("ZWE_CLI_PARAMETER_ALLOW_OVERWRITE") == 'true', std.getenv("ZWE_CLI_PARAMETER_DATASET_PREFIX")); - -configmgr.cleanupTempDir(); diff --git a/bin/commands/install/index.ts b/bin/commands/install/index.ts deleted file mode 100644 index e029f93221..0000000000 --- a/bin/commands/install/index.ts +++ /dev/null @@ -1,85 +0,0 @@ -/* - This program and the accompanying materials are made available - under the terms of the Eclipse Public License v2.0 which - accompanies this distribution, and is available at - https://www.eclipse.org/legal/epl-v20.html - - SPDX-License-Identifier: EPL-2.0 - - Copyright Contributors to the Zowe Project. -*/ - -import * as std from 'cm_std'; -import * as xplatform from 'xplatform'; -import * as common from '../../libs/common'; -import * as config from '../../libs/config'; -import * as zosJes from '../../libs/zos-jes'; -import * as zosDataset from '../../libs/zos-dataset'; - -export function execute(allowOverwrite?: boolean, datasetPrefix?: string) { - common.printLevel0Message("Install Zowe MVS data sets"); - - - // constants - // keep in sync with workflows/templates/smpe-install/ZWE3ALOC.vtl - const custDsList = [ std.getenv('ZWE_PRIVATE_DS_SZWESAMP'), - std.getenv('ZWE_PRIVATE_DS_SZWEAUTH'), - std.getenv('ZWE_PRIVATE_DS_SZWELOAD'), - std.getenv('ZWE_PRIVATE_DS_SZWEEXEC') ]; - - let prefix: string; - - // validation - if (datasetPrefix) { - prefix = datasetPrefix; - } else { - common.requireZoweYaml(); - const zoweConfig = config.getZoweConfig(); - - // read prefix and validate - prefix = zoweConfig.zowe.setup.dataset.prefix; - if (!prefix) { - common.printErrorAndExit(`Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file.`, undefined, 157); - } - } - - - // create data sets if they do not exist - common.printMessage(`Create MVS data sets if they do not exist`); - let dsExistence: boolean = false; - custDsList.forEach((ds)=> { - // check existence - dsExistence = zosDataset.isDatasetExists(prefix+'.'+ds); - if (dsExistence) { - if (allowOverwrite) { - // warning - common.printMessage(`Warning ZWEL0300W: ${prefix}.${ds} already exists. Members in this data set will be overwritten.`); - } else { - // warning - common.printMessage(`Warning ZWEL0301W: ${prefix}.${ds} already exists and will not be overwritten. For upgrades, you must use --allow-overwrite.`); - } - } - }); - common.printMessage(``); - - if (dsExistence && !allowOverwrite) { - common.printLevel1Message(`Zowe MVS data sets installation skipped.`); - } else { - let jclContents = xplatform.loadFileUTF8(std.getenv('ZWE_zowe_runtimeDirectory')+'/files/SZWESAMP/ZWEINSTL', xplatform.AUTO_DETECT); - jclContents = jclContents.replace(/\{zowe\.runtimeDirectory\}/gi, std.getenv('ZWE_zowe_runtimeDirectory')) - .replace(/\{zowe\.setup\.dataset\.prefix\}/gi, prefix) - - zosJes.printAndHandleJcl(jclContents, `ZWEINSTL`, prefix, prefix, false, false, true); - - // exit message - common.printLevel1Message(`Zowe MVS data sets are installed successfully.`); - } - - - common.printMessage(`Zowe installation completed. In order to use Zowe, you need to run \"zwe init\" command to initialize Zowe instance.`); - common.printMessage(`- Type \"zwe init --help\" to get more information.`); - common.printMessage(``); - common.printMessage(`You can also run individual init sub-commands: mvs, certificate, security, vsam, apfauth, and stc.`); - common.printMessage(`- Type \"zwe init --help\" (for example, \"zwe init stc --help\") to get more information.`); - common.printMessage(``); -} diff --git a/files/defaults.yaml b/files/defaults.yaml index 81aac2f782..76a2ff831e 100644 --- a/files/defaults.yaml +++ b/files/defaults.yaml @@ -30,28 +30,9 @@ zowe: setup: # MVS data set related configurations dataset: - # where Zowe MVS data sets will be installed - # This prefix is used for the Zowe runtime datasets - prefix: IBMUSER.ZWEV2 - - # PROCLIB where Zowe STCs will be copied over - proclib: USER.PROCLIB - - # Zowe PARMLIB - parmlib: IBMUSER.ZWEV2.CUST.PARMLIB parmlibMembers: # For ZIS plugins zis: ZWESIP00 - - # JCL library where Zowe will store temporary JCLs during initialization - jcllib: IBMUSER.ZWEV2.CUST.JCLLIB - # Utilities for use by Zowe and extensions - loadlib: IBMUSER.ZWEV2.SZWELOAD - # APF authorized LOADLIB for Zowe - authLoadlib: IBMUSER.ZWEV2.SZWEAUTH - - # APF authorized LOADLIB for Zowe ZIS Plugins - authPluginLib: IBMUSER.ZWEV2.CUST.ZWESAPL # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> security: From bfea339156a5dda379bf76f5a7f86afde73468b3 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Mon, 3 Jun 2024 16:00:59 +0200 Subject: [PATCH 209/258] Stop infinite loop Signed-off-by: Martin Zeithaml --- bin/libs/configmgr.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/libs/configmgr.ts b/bin/libs/configmgr.ts index 9ad83d16b3..b7be7005bb 100644 --- a/bin/libs/configmgr.ts +++ b/bin/libs/configmgr.ts @@ -400,6 +400,7 @@ function getMemberNameFromConfigPath(configPath: string): string|undefined { const memberEnd = configPath.indexOf('))', memberStart+1); if (memberEnd == -1) { console.log(`Error: malformed PARMLIB syntax for ${configPath}. Must use syntax PARMLIB(dataset.name(member))`); + return undefined; } const thisMember = configPath.substring(memberStart+1, memberEnd); if (!member) { From b80aed5f0fa5bc614b49ca135cb9c58b9e0df206 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Tue, 4 Jun 2024 12:49:47 +0200 Subject: [PATCH 210/258] Check length of substitution Signed-off-by: Martin Zeithaml --- files/SZWEEXEC/ZWEGEN00 | 36 +++++++++++++++++++----------------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/files/SZWEEXEC/ZWEGEN00 b/files/SZWEEXEC/ZWEGEN00 index f277a556b7..fcba1cb29a 100644 --- a/files/SZWEEXEC/ZWEGEN00 +++ b/files/SZWEEXEC/ZWEGEN00 @@ -23,7 +23,7 @@ ================================================================================ */ -parse arg operation verbosity +parse arg operation verbosity !verbose = COMPARE(verbosity, 'noverbose') @@ -157,7 +157,7 @@ CVTRAC_VAL = STORAGE(CVTRAC_ADDR, 4) ringType = 0 -/* attempt to handle getting only 1 keyring jcl +/* attempt to handle getting only 1 keyring jcl if WORDINDEX(CFG.zowe.setup.certificate.type, 'JCE') > 0 then do if LENGTH(CFG.zowe.setup.certificate.keyring.connect) > 0 then do say 'connect exists, it is 'CFG.zowe.setup.certificate.keyring.connect'.' @@ -172,9 +172,9 @@ if WORDINDEX(CFG.zowe.setup.certificate.type, 'JCE') > 0 then do ringType = 1 end else do - say 'pkcs12 to be used' + say 'pkcs12 to be used' end -*/ +*/ if COMPARE('RCVT', CVTRAC_VAL) = 0 then do x = DeleteDataSet(jclCopy'(ZWEIKRA1)') @@ -210,7 +210,7 @@ if COMPARE('ACF2', CVTRAC_VAL) = 0 then do x = DeleteDataSet(jclCopy'(ZWEIKRT3)') x = DeleteDataSet(jclCopy'(ZWEIKRR1)') x = DeleteDataSet(jclCopy'(ZWEIKRR2)') - x = DeleteDataSet(jclCopy'(ZWEIKRR3)') + x = DeleteDataSet(jclCopy'(ZWEIKRR3)') x = DeleteDataSet(jclCopy'(ZWEIRAC)') x = DeleteDataSet(jclCopy'(ZWEIRACZ)') x = DeleteDataSet(jclCopy'(ZWEITSS)') @@ -275,19 +275,21 @@ do i = 1 to members.0 len = lastChar - firstChar + 1 if len > 0 then do sub = SUBSTR(!contentToRead.j, firstChar, len) - call Print 'Substitution found for' sub'.' - isFound = 0 - do n = 1 to members.i.substitutions.0 - if COMPARE(members.i.substitutions.n, sub) = 0 then do - call Print 'Substitution 'sub' already noted. Skipping.' - isFound = 1 - leave + if len = length(strip(sub)) then do + call Print 'Substitution found for' sub'.' + isFound = 0 + do n = 1 to members.i.substitutions.0 + if COMPARE(members.i.substitutions.n, sub) = 0 then do + call Print 'Substitution 'sub' already noted. Skipping.' + isFound = 1 + leave + end + end + if isFound <> 1 then do + k = members.i.substitutions.0 + 1 + members.i.substitutions.k = sub + members.i.substitutions.0 = k end - end - if isFound <> 1 then do - k = members.i.substitutions.0 + 1 - members.i.substitutions.k = sub - members.i.substitutions.0 = k end end if lastChar < 0 then do From 0e2670eeaf4c105746f7ecae91bc20abb823c42e Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Tue, 4 Jun 2024 13:00:02 +0200 Subject: [PATCH 211/258] Check for undefined Signed-off-by: Martin Zeithaml --- bin/commands/init/apfauth/index.ts | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/bin/commands/init/apfauth/index.ts b/bin/commands/init/apfauth/index.ts index 0dd9b8a76d..3b750245c9 100644 --- a/bin/commands/init/apfauth/index.ts +++ b/bin/commands/init/apfauth/index.ts @@ -59,13 +59,17 @@ export function execute() { common.printTrace(` * Output:`); common.printTrace(stringlib.paddingLeft(jclContent.out, " ")); - if (!result1.smsManaged) { + if (result1.rc === 0 && !result1.smsManaged) { let result3 = zosDs.getDatasetVolume(ZOWE_CONFIG.zowe.setup.dataset.authLoadlib); - jclContent.out = jclContent.out.replace("export LOADLOC=SMS", `export LOADLOC="VOLUME=${result3.volume}"`); + if (result3.volume) { + jclContent.out = jclContent.out.replace("export LOADLOC=SMS", `export LOADLOC="VOLUME=${result3.volume}"`); + } } - if (!result2.smsManaged) { + if (result2.rc === 0 && !result2.smsManaged) { let result4 = zosDs.getDatasetVolume(ZOWE_CONFIG.zowe.setup.dataset.authPluginLib); - jclContent.out = jclContent.out.replace("export PLUGLOC=SMS", `export PLUGLOC="VOLUME=${result4.volume}"`); + if (result4.volume) { + jclContent.out = jclContent.out.replace("export PLUGLOC=SMS", `export PLUGLOC="VOLUME=${result4.volume}"`); + } } xplatform.storeFileUTF8(tmpfile, xplatform.AUTO_DETECT, jclContent.out); From bc5de9194795eeaceeb943e3637a76261c913635 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Tue, 4 Jun 2024 17:09:23 +0200 Subject: [PATCH 212/258] Remove traling spaces Signed-off-by: Martin Zeithaml --- files/SZWESAMP/ZWECSRVS | 56 ++++++++++++++++----------------- files/SZWESAMP/ZWEIAPF | 26 +++++++-------- files/SZWESAMP/ZWEIKRA1 | 2 +- files/SZWESAMP/ZWEIKRA2 | 2 +- files/SZWESAMP/ZWEIKRA3 | 2 +- files/SZWESAMP/ZWEIKRR1 | 4 +-- files/SZWESAMP/ZWEIKRR2 | 4 +-- files/SZWESAMP/ZWEIKRR3 | 4 +-- files/SZWESAMP/ZWEIKRT1 | 2 +- files/SZWESAMP/ZWEIKRT2 | 2 +- files/SZWESAMP/ZWEIKRT3 | 2 +- files/SZWESAMP/ZWEIMVS | 62 ++++++++++++++++++------------------ files/SZWESAMP/ZWEINSTL | 70 ++++++++++++++++++++--------------------- files/SZWESAMP/ZWEISTC | 44 +++++++++++++------------- files/SZWESAMP/ZWERMVS | 34 ++++++++++---------- files/SZWESAMP/ZWERMVS2 | 34 ++++++++++---------- files/SZWESAMP/ZWESECKG | 2 +- 17 files changed, 176 insertions(+), 176 deletions(-) diff --git a/files/SZWESAMP/ZWECSRVS b/files/SZWESAMP/ZWECSRVS index 024786bf13..9c5d83c92f 100644 --- a/files/SZWESAMP/ZWECSRVS +++ b/files/SZWESAMP/ZWECSRVS @@ -1,30 +1,30 @@ -//ZWECSRVS JOB -//* -//* This program and the accompanying materials are made available -//* under the terms of the Eclipse Public License v2.0 which -//* accompanies this distribution, and is available at -//* https://www.eclipse.org/legal/epl-v20.html -//* -//* SPDX-License-Identifier: EPL-2.0 -//* -//* Copyright Contributors to the Zowe Project. 2020, 2020 -//* -//********************************************************************* -//* -//* This JCL removes the VSAM data set for the Caching Service. -//* -//* -//* CAUTION: This is neither a JCL procedure nor a complete job. -//* Before using this JCL, you will have to make the following -//* modifications: -//* -//* 1) Add job name and job parameters to the JOB statement, to -//* meet your system requirements. -//* -//******************************************************************** -//RMVSAM EXEC PGM=IKJEFT01 -//SYSTSPRT DD SYSOUT=A -//SYSTSIN DD * +//ZWECSRVS JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* This JCL removes the VSAM data set for the Caching Service. +//* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//******************************************************************** +//RMVSAM EXEC PGM=IKJEFT01 +//SYSTSPRT DD SYSOUT=A +//SYSTSIN DD * DELETE '{zowe.setup.vsam.name}' + CLUSTER -//* +//* diff --git a/files/SZWESAMP/ZWEIAPF b/files/SZWESAMP/ZWEIAPF index 5944c91a27..604817d09f 100644 --- a/files/SZWESAMP/ZWEIAPF +++ b/files/SZWESAMP/ZWEIAPF @@ -1,14 +1,14 @@ //ZWEIAPF JOB -//* -//* This program and the accompanying materials are made available -//* under the terms of the Eclipse Public License v2.0 which -//* accompanies this distribution, and is available at -//* https://www.eclipse.org/legal/epl-v20.html -//* -//* SPDX-License-Identifier: EPL-2.0 -//* -//* Copyright Contributors to the Zowe Project. 2020, 2020 -//* +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* //********************************************************************* //* //* This JCL is used to set APF for the two datasets of Zowe @@ -29,7 +29,7 @@ // SET PLUGLIB='{zowe.setup.dataset.authPluginLib}' // SET PLUGLOC='SMS' //* -//APFLOAD COMMAND 'SETPROG APF,ADD,DSN=&LOADLIB.,&LOADLOC.' -//* +//APFLOAD COMMAND 'SETPROG APF,ADD,DSN=&LOADLIB.,&LOADLOC.' +//* //APFLIB COMMAND 'SETPROG APF,ADD,DSN=&PLUGLIB.,&PLUGLOC.' -//* +//* diff --git a/files/SZWESAMP/ZWEIKRA1 b/files/SZWESAMP/ZWEIKRA1 index ad5c778865..696a2c87b1 100644 --- a/files/SZWESAMP/ZWEIKRA1 +++ b/files/SZWESAMP/ZWEIKRA1 @@ -42,7 +42,7 @@ //* signed by a recognized certificate authority (CA). //* //* 6) If you set zowe.verifyCertificates to -//* STRICT or NONSTRICT, then set IFROZFCA to 1 +//* STRICT or NONSTRICT, then set IFROZFCA to 1 //* to connect z/OSMF certificate authority to Zowe keyring. //* //* 7) Customize the commands in the DD statement that matches your diff --git a/files/SZWESAMP/ZWEIKRA2 b/files/SZWESAMP/ZWEIKRA2 index 101e9f9cae..f43a32322c 100644 --- a/files/SZWESAMP/ZWEIKRA2 +++ b/files/SZWESAMP/ZWEIKRA2 @@ -41,7 +41,7 @@ //* signed by a recognized certificate authority (CA). //* //* 6) If you set zowe.verifyCertificates to -//* STRICT or NONSTRICT, then set IFROZFCA to 1 +//* STRICT or NONSTRICT, then set IFROZFCA to 1 //* to connect z/OSMF certificate authority to Zowe keyring. //* //* 7) Customize the commands in the DD statement that matches your diff --git a/files/SZWESAMP/ZWEIKRA3 b/files/SZWESAMP/ZWEIKRA3 index 1200deb171..bd27148a5a 100644 --- a/files/SZWESAMP/ZWEIKRA3 +++ b/files/SZWESAMP/ZWEIKRA3 @@ -41,7 +41,7 @@ //* signed by a recognized certificate authority (CA). //* //* 6) If you set zowe.verifyCertificates to -//* STRICT or NONSTRICT, then set IFROZFCA to 1 +//* STRICT or NONSTRICT, then set IFROZFCA to 1 //* to connect z/OSMF certificate authority to Zowe keyring. //* //* 7) Customize the commands in the DD statement that matches your diff --git a/files/SZWESAMP/ZWEIKRR1 b/files/SZWESAMP/ZWEIKRR1 index 9e2dbdc595..952ea2107b 100644 --- a/files/SZWESAMP/ZWEIKRR1 +++ b/files/SZWESAMP/ZWEIKRR1 @@ -42,7 +42,7 @@ //* signed by a recognized certificate authority (CA). //* //* 6) If you set zowe.verifyCertificates to -//* STRICT or NONSTRICT, then set IFROZFCA to 1 +//* STRICT or NONSTRICT, then set IFROZFCA to 1 //* to connect z/OSMF certificate authority to Zowe keyring. //* //* 7) Customize the commands in the DD statement that matches your @@ -218,7 +218,7 @@ $$ PERMIT + &USERNAME..{zowe.setup.certificate.keyring.name}.LST + CLASS(RDATALIB) ID({zowe.setup.security.users.zowe}) + - ACCESS(CONTROL) + ACCESS(CONTROL) /* Uncomment this command to allow other user to access key ring ... */ /* PERMIT &USERNAME..{zowe.setup.certificate.keyring.name}.LST + */ diff --git a/files/SZWESAMP/ZWEIKRR2 b/files/SZWESAMP/ZWEIKRR2 index 180608dee5..4a301b49ff 100644 --- a/files/SZWESAMP/ZWEIKRR2 +++ b/files/SZWESAMP/ZWEIKRR2 @@ -41,7 +41,7 @@ //* signed by a recognized certificate authority (CA). //* //* 6) If you set zowe.verifyCertificates to -//* STRICT or NONSTRICT, then set IFROZFCA to 1 +//* STRICT or NONSTRICT, then set IFROZFCA to 1 //* to connect z/OSMF certificate authority to Zowe keyring. //* //* 7) Customize the commands in the DD statement that matches your @@ -185,7 +185,7 @@ $$ PERMIT + &USERNAME..{zowe.setup.certificate.keyring.name}.LST + CLASS(RDATALIB) ID({zowe.setup.security.users.zowe}) + - ACCESS(CONTROL) + ACCESS(CONTROL) /* Uncomment this command to allow other user to access key ring ... */ /* PERMIT &USERNAME..{zowe.setup.certificate.keyring.name}.LST + */ diff --git a/files/SZWESAMP/ZWEIKRR3 b/files/SZWESAMP/ZWEIKRR3 index d4f3320658..8d64126a26 100644 --- a/files/SZWESAMP/ZWEIKRR3 +++ b/files/SZWESAMP/ZWEIKRR3 @@ -42,7 +42,7 @@ //* signed by a recognized certificate authority (CA). //* //* 6) If you set zowe.verifyCertificates to -//* STRICT or NONSTRICT, then set IFROZFCA to 1 +//* STRICT or NONSTRICT, then set IFROZFCA to 1 //* to connect z/OSMF certificate authority to Zowe keyring. //* //* 7) Customize the commands in the DD statement that matches your @@ -192,7 +192,7 @@ $$ PERMIT + &USERNAME..{zowe.setup.certificate.keyring.name}.LST + CLASS(RDATALIB) ID({zowe.setup.security.users.zowe}) + - ACCESS(CONTROL) + ACCESS(CONTROL) /* Uncomment this command to allow other user to access key ring ... */ /* PERMIT &USERNAME..{zowe.setup.certificate.keyring.name}.LST + */ diff --git a/files/SZWESAMP/ZWEIKRT1 b/files/SZWESAMP/ZWEIKRT1 index d8f8e30d12..499ea9d1fa 100644 --- a/files/SZWESAMP/ZWEIKRT1 +++ b/files/SZWESAMP/ZWEIKRT1 @@ -42,7 +42,7 @@ //* signed by a recognized certificate authority (CA). //* //* 6) If you set zowe.verifyCertificates to -//* STRICT or NONSTRICT, then set IFROZFCA to 1 +//* STRICT or NONSTRICT, then set IFROZFCA to 1 //* to connect z/OSMF certificate authority to Zowe keyring. //* //* 7) Customize the commands in the DD statement that matches your diff --git a/files/SZWESAMP/ZWEIKRT2 b/files/SZWESAMP/ZWEIKRT2 index 2775e0148a..255d692984 100644 --- a/files/SZWESAMP/ZWEIKRT2 +++ b/files/SZWESAMP/ZWEIKRT2 @@ -41,7 +41,7 @@ //* signed by a recognized certificate authority (CA). //* //* 6) If you set zowe.verifyCertificates to -//* STRICT or NONSTRICT, then set IFROZFCA to 1 +//* STRICT or NONSTRICT, then set IFROZFCA to 1 //* to connect z/OSMF certificate authority to Zowe keyring. //* //* 7) Customize the commands in the DD statement that matches your diff --git a/files/SZWESAMP/ZWEIKRT3 b/files/SZWESAMP/ZWEIKRT3 index f945239103..f4ed3e6ecb 100644 --- a/files/SZWESAMP/ZWEIKRT3 +++ b/files/SZWESAMP/ZWEIKRT3 @@ -41,7 +41,7 @@ //* signed by a recognized certificate authority (CA). //* //* 6) If you set zowe.verifyCertificates to -//* STRICT or NONSTRICT, then set IFROZFCA to 1 +//* STRICT or NONSTRICT, then set IFROZFCA to 1 //* to connect z/OSMF certificate authority to Zowe keyring. //* //* 7) Customize the commands in the DD statement that matches your diff --git a/files/SZWESAMP/ZWEIMVS b/files/SZWESAMP/ZWEIMVS index e8e94c7ab4..e8e4b6caef 100644 --- a/files/SZWESAMP/ZWEIMVS +++ b/files/SZWESAMP/ZWEIMVS @@ -1,15 +1,15 @@ -//ZWEIMVS JOB -//* -//* This program and the accompanying materials are made available -//* under the terms of the Eclipse Public License v2.0 which -//* accompanies this distribution, and is available at -//* https://www.eclipse.org/legal/epl-v20.html -//* -//* SPDX-License-Identifier: EPL-2.0 -//* -//* Copyright Contributors to the Zowe Project. 2020, 2020 -//* -//********************************************************************* +//ZWEIMVS JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* //* //* This job is used to create datasets used by a Zowe "instance" //* Instances represent a configuration of Zowe, different from the @@ -19,23 +19,23 @@ //* Equal to 'zowe.setup.prefix' + 'SZWELOAD', //* Then you must also run "ZWEIMVS2". //* -//********************************************************************* -//MKPDSE EXEC PGM=IKJEFT01 -//SYSTSPRT DD SYSOUT=A -//SYSTSIN DD * -ALLOC NEW DA('{zowe.setup.dataset.parmlib}') + -dsntype(library) dsorg(po) recfm(f b) lrecl(80) + -unit(sysallda) space(15,15) tracks - -ALLOC NEW DA('{zowe.setup.dataset.authPluginLib}') + -dsntype(library) dsorg(po) recfm(u) lrecl(0) + -blksize(32760) unit(sysallda) space(30,15) tracks -//* -//MEMBCPY EXEC PGM=IEBCOPY -//SYSPRINT DD SYSOUT=A -//SYSUT1 DD DSN={zowe.setup.dataset.prefix}.SZWESAMP,DISP=SHR +//********************************************************************* +//MKPDSE EXEC PGM=IKJEFT01 +//SYSTSPRT DD SYSOUT=A +//SYSTSIN DD * +ALLOC NEW DA('{zowe.setup.dataset.parmlib}') + +dsntype(library) dsorg(po) recfm(f b) lrecl(80) + +unit(sysallda) space(15,15) tracks + +ALLOC NEW DA('{zowe.setup.dataset.authPluginLib}') + +dsntype(library) dsorg(po) recfm(u) lrecl(0) + +blksize(32760) unit(sysallda) space(30,15) tracks +//* +//MEMBCPY EXEC PGM=IEBCOPY +//SYSPRINT DD SYSOUT=A +//SYSUT1 DD DSN={zowe.setup.dataset.prefix}.SZWESAMP,DISP=SHR //SYSUT2 DD DSN={zowe.setup.dataset.parmlib},DISP=OLD -//SYSIN DD * - COPY OUTDD=SYSUT2,INDD=SYSUT1 - SELECT MEMBER=((ZWESIP00,,R)) -//* +//SYSIN DD * + COPY OUTDD=SYSUT2,INDD=SYSUT1 + SELECT MEMBER=((ZWESIP00,,R)) +//* diff --git a/files/SZWESAMP/ZWEINSTL b/files/SZWESAMP/ZWEINSTL index 3ee0b2ecd9..9d9249c81a 100644 --- a/files/SZWESAMP/ZWEINSTL +++ b/files/SZWESAMP/ZWEINSTL @@ -1,43 +1,43 @@ -//ZWEINSTL JOB -//* -//* This program and the accompanying materials are made available -//* under the terms of the Eclipse Public License v2.0 which -//* accompanies this distribution, and is available at -//* https://www.eclipse.org/legal/epl-v20.html -//* -//* SPDX-License-Identifier: EPL-2.0 -//* -//* Copyright Contributors to the Zowe Project. 2020, 2020 -//* -//********************************************************************* -//* -//MKPDSE EXEC PGM=IKJEFT01 -//SYSTSPRT DD SYSOUT=A -//SYSTSIN DD * -ALLOC NEW DA('{zowe.setup.dataset.prefix}.SZWESAMP') + -dsntype(library) dsorg(po) recfm(f b) lrecl(80) + -unit(sysallda) space(15,15) tracks +//ZWEINSTL JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//MKPDSE EXEC PGM=IKJEFT01 +//SYSTSPRT DD SYSOUT=A +//SYSTSIN DD * +ALLOC NEW DA('{zowe.setup.dataset.prefix}.SZWESAMP') + +dsntype(library) dsorg(po) recfm(f b) lrecl(80) + +unit(sysallda) space(15,15) tracks -ALLOC NEW DA('{zowe.setup.dataset.prefix}.SZWEEXEC') + -dsntype(library) dsorg(po) recfm(f b) lrecl(80) + -unit(sysallda) space(15,15) tracks +ALLOC NEW DA('{zowe.setup.dataset.prefix}.SZWEEXEC') + +dsntype(library) dsorg(po) recfm(f b) lrecl(80) + +unit(sysallda) space(15,15) tracks -ALLOC NEW DA('{zowe.setup.dataset.prefix}.SZWEAUTH') + -dsntype(library) dsorg(po) recfm(u) lrecl(0) + -blksize(32760) unit(sysallda) space(30,15) tracks +ALLOC NEW DA('{zowe.setup.dataset.prefix}.SZWEAUTH') + +dsntype(library) dsorg(po) recfm(u) lrecl(0) + +blksize(32760) unit(sysallda) space(30,15) tracks -ALLOC NEW DA('{zowe.setup.dataset.prefix}.SZWELOAD') + -dsntype(library) dsorg(po) recfm(u) lrecl(0) + -blksize(32760) unit(sysallda) space(30,15) tracks +ALLOC NEW DA('{zowe.setup.dataset.prefix}.SZWELOAD') + +dsntype(library) dsorg(po) recfm(u) lrecl(0) + +blksize(32760) unit(sysallda) space(30,15) tracks //* //* -//AUTHCPY EXEC PGM=BPXBATCH -//BPXPRINT DD SYSOUT=* -//STDOUT DD SYSOUT=* -//STDERR DD SYSOUT=* -//STDPARM DD * -SH cd {zowe.runtimeDirectory} && -cd files/SZWESAMP && +//AUTHCPY EXEC PGM=BPXBATCH +//BPXPRINT DD SYSOUT=* +//STDOUT DD SYSOUT=* +//STDERR DD SYSOUT=* +//STDPARM DD * +SH cd {zowe.runtimeDirectory} && +cd files/SZWESAMP && cp * "//'{zowe.setup.dataset.prefix}.SZWESAMP'" && cd ../SZWEEXEC && cp * "//'{zowe.setup.dataset.prefix}.SZWEEXEC'" && diff --git a/files/SZWESAMP/ZWEISTC b/files/SZWESAMP/ZWEISTC index e708229a33..401e4510f4 100644 --- a/files/SZWESAMP/ZWEISTC +++ b/files/SZWESAMP/ZWEISTC @@ -1,34 +1,34 @@ -//ZWEISTC JOB -//* -//* This program and the accompanying materials are made available -//* under the terms of the Eclipse Public License v2.0 which -//* accompanies this distribution, and is available at -//* https://www.eclipse.org/legal/epl-v20.html -//* -//* SPDX-License-Identifier: EPL-2.0 -//* -//* Copyright Contributors to the Zowe Project. 2020, 2020 -//* -//********************************************************************* +//ZWEISTC JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* //* //* This job is used to add proclib members //* Used to start a Zowe "instance" //* Instances represent a configuration of Zowe, different from the //* "runtime" datasets that are created upon install of Zowe / SMPE. //* -//********************************************************************* -//* -//MCOPY EXEC PGM=IEBCOPY -//SYSPRINT DD SYSOUT=A -//SYSUT1 DD DSN={zowe.setup.dataset.jcllib},DISP=SHR +//********************************************************************* +//* +//MCOPY EXEC PGM=IEBCOPY +//SYSPRINT DD SYSOUT=A +//SYSUT1 DD DSN={zowe.setup.dataset.jcllib},DISP=SHR //SYSUT2 DD DSN={zowe.setup.dataset.proclib},DISP=OLD -//SYSIN DD * - COPY OUTDD=SYSUT2,INDD=SYSUT1 +//SYSIN DD * + COPY OUTDD=SYSUT2,INDD=SYSUT1 SELECT MEMBER=((ZWESLSTC,{zowe.setup.security.stcs.zowe},R)) - COPY OUTDD=SYSUT2,INDD=SYSUT1 + COPY OUTDD=SYSUT2,INDD=SYSUT1 SELECT MEMBER=((ZWESISTC,{zowe.setup.security.stcs.zis},R)) - COPY OUTDD=SYSUT2,INDD=SYSUT1 + COPY OUTDD=SYSUT2,INDD=SYSUT1 SELECT MEMBER=((ZWESASTC,{zowe.setup.security.stcs.aux},R)) -//* +//* diff --git a/files/SZWESAMP/ZWERMVS b/files/SZWESAMP/ZWERMVS index fa4938cebc..844e027dcf 100644 --- a/files/SZWESAMP/ZWERMVS +++ b/files/SZWESAMP/ZWERMVS @@ -1,15 +1,15 @@ -//ZWERMVS JOB -//* -//* This program and the accompanying materials are made available -//* under the terms of the Eclipse Public License v2.0 which -//* accompanies this distribution, and is available at -//* https://www.eclipse.org/legal/epl-v20.html -//* -//* SPDX-License-Identifier: EPL-2.0 -//* -//* Copyright Contributors to the Zowe Project. 2020, 2020 -//* -//********************************************************************* +//ZWERMVS JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* //* //* This job is used to remove datasets used by a Zowe "instance" //* Instances represent a configuration of Zowe, different from the @@ -19,11 +19,11 @@ //* Equal to 'zowe.setup.prefix' + 'SZWELOAD', //* Then you must also run "ZWERMVS2". //* -//********************************************************************* -//RMPDSE EXEC PGM=IKJEFT01 -//SYSTSPRT DD SYSOUT=A -//SYSTSIN DD * +//********************************************************************* +//RMPDSE EXEC PGM=IKJEFT01 +//SYSTSPRT DD SYSOUT=A +//SYSTSIN DD * DELETE ('{zowe.setup.dataset.parmlib}', + '{zowe.setup.dataset.authPluginLib}') + SCRATCH NONVSAM -//* +//* diff --git a/files/SZWESAMP/ZWERMVS2 b/files/SZWESAMP/ZWERMVS2 index e42a8c178d..7f3cd150fb 100644 --- a/files/SZWESAMP/ZWERMVS2 +++ b/files/SZWESAMP/ZWERMVS2 @@ -1,15 +1,15 @@ -//ZWERMVS2 JOB -//* -//* This program and the accompanying materials are made available -//* under the terms of the Eclipse Public License v2.0 which -//* accompanies this distribution, and is available at -//* https://www.eclipse.org/legal/epl-v20.html -//* -//* SPDX-License-Identifier: EPL-2.0 -//* -//* Copyright Contributors to the Zowe Project. 2020, 2020 -//* -//********************************************************************* +//ZWERMVS2 JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* //* //* This job is used to remove the APF load library for an instance //* Of Zowe. It is not needed if your choosen value of @@ -18,10 +18,10 @@ //* //* When running this job, you should also run ZWERMVS //* -//********************************************************************* -//RMPDSE EXEC PGM=IKJEFT01 -//SYSTSPRT DD SYSOUT=A -//SYSTSIN DD * +//********************************************************************* +//RMPDSE EXEC PGM=IKJEFT01 +//SYSTSPRT DD SYSOUT=A +//SYSTSIN DD * DELETE '{zowe.setup.dataset.authLoadLib}' + SCRATCH NONVSAM -//* +//* diff --git a/files/SZWESAMP/ZWESECKG b/files/SZWESAMP/ZWESECKG index 454085367c..6b8861aaa5 100644 --- a/files/SZWESAMP/ZWESECKG +++ b/files/SZWESAMP/ZWESECKG @@ -133,6 +133,6 @@ void printHex(unsigned char *text, unsigned int len) } /* end printHex */ /* //BIND.SYSIN DD * - INCLUDE '/usr/lib/CSFDLL31.x' + INCLUDE '/usr/lib/CSFDLL31.x' /* // From 3112e3561c708a0a2270fef8c20099821a09420a Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Wed, 5 Jun 2024 12:42:14 +0200 Subject: [PATCH 213/258] Fix IEBCOPY SELECT MEMBER statement Signed-off-by: Martin Zeithaml --- bin/commands/init/mvs/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/commands/init/mvs/index.ts b/bin/commands/init/mvs/index.ts index f000649db0..8f3a6fe8d1 100644 --- a/bin/commands/init/mvs/index.ts +++ b/bin/commands/init/mvs/index.ts @@ -104,7 +104,7 @@ export function execute(allowOverwrite?: boolean) { common.printTrace(` * Output:`); common.printTrace(stringlib.paddingLeft(jclContent.out, " ")); - const tmpFileContent = jclContent.out.replace("ZWESIP00,", zisParmlib.toUpperCase()+','); + const tmpFileContent = jclContent.out.replace("ZWESIP00,", "ZWESIP00," + zisParmlib.toUpperCase()); xplatform.storeFileUTF8(tmpfile, xplatform.AUTO_DETECT, tmpFileContent); common.printTrace(` * Stored:`); common.printTrace(stringlib.paddingLeft(tmpFileContent, " ")); From 27ae846f6bf4103f6bc3af7a7cbde930b891420e Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 5 Jun 2024 16:51:51 +0200 Subject: [PATCH 214/258] Update manifest.json.template Signed-off-by: 1000TurquoisePogs --- manifest.json.template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.json.template b/manifest.json.template index aaeb51bb3c..c1a306c561 100644 --- a/manifest.json.template +++ b/manifest.json.template @@ -40,7 +40,7 @@ "artifact": "*.pax" }, "org.zowe.zss": { - "version": "^2.15.0-PR-683", + "version": "^2.16.0-PR-683", "artifact": "*.pax" }, "org.zowe.explorer.jobs.jobs-api-package": { @@ -124,7 +124,7 @@ "artifact": "*.pax" }, "org.zowe.launcher": { - "version": "^2.15.0-PR-107" + "version": "^2.0.0-SNAPSHOT" }, "org.zowe.keyring-utilities": { "version": "1.0.4", From 29d19b8c8d60c6d96dfcb7df10a597b29cc13e09 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Thu, 6 Jun 2024 13:23:55 +0200 Subject: [PATCH 215/258] Respect --dry-run for init generate Signed-off-by: Martin Zeithaml --- bin/commands/init/generate/cli.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/commands/init/generate/cli.ts b/bin/commands/init/generate/cli.ts index 129be979d6..5dd9ae79e1 100644 --- a/bin/commands/init/generate/cli.ts +++ b/bin/commands/init/generate/cli.ts @@ -14,7 +14,7 @@ import * as index from './index'; import * as configmgr from '../../../libs/configmgr'; import * as common from '../../../libs/common'; -index.execute(!!std.getenv('ZWE_CLI_PARAMETER_DRY_RUN')); +index.execute(!!std.getenv('ZWE_CLI_PARAMETER_DRY_RUN') || !!std.getenv('ZWE_CLI_PARAMETER_SECURITY_DRY_RUN')); configmgr.cleanupTempDir(); common.finishLogFile(); From 60c0d518e69eb2a31a08a79443cf9f353eaf8e44 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Fri, 7 Jun 2024 15:27:05 +0200 Subject: [PATCH 216/258] ISREDIT change limitation Signed-off-by: Martin Zeithaml --- files/SZWEEXEC/ZWECHG | 6 +++--- files/SZWEEXEC/ZWEGEN00 | 29 +++++++++++++++++++++++++++-- 2 files changed, 30 insertions(+), 5 deletions(-) diff --git a/files/SZWEEXEC/ZWECHG b/files/SZWEEXEC/ZWECHG index 9960898b45..599a497317 100644 --- a/files/SZWEEXEC/ZWECHG +++ b/files/SZWEEXEC/ZWECHG @@ -1,5 +1,5 @@ /* REXX */ -parse pull changeFrom changeTo +parse pull changeCommand address isredit 'macro' -address isredit 'change all 'changeFrom "X'"||c2x(changeTo)"'" -address isredit 'end' +address isredit changeCommand +address isredit 'end' \ No newline at end of file diff --git a/files/SZWEEXEC/ZWEGEN00 b/files/SZWEEXEC/ZWEGEN00 index fcba1cb29a..78823796ab 100644 --- a/files/SZWEEXEC/ZWEGEN00 +++ b/files/SZWEEXEC/ZWEGEN00 @@ -305,11 +305,17 @@ say 'All of the substitutions were found.' /* ================================================================================ Invoke the edit macro on the substitutions for each member. + ZWECHG: change all word1 word2 + word1 is expected to be {zowe.something} + word2 is anything, including spaces or special chars + In such case use: change all word1 X'c2x(word2)' ================================================================================ */ say 'Invoking the edit macro on each member.' +SPECIAL_CHARS = ' ''"' + do i = 1 to members.0 if members.i.substitutions.0 > 0 then do do j = 1 to members.i.substitutions.0 @@ -317,8 +323,27 @@ do i = 1 to members.0 call Print 'Edit 'd'.' old = '{'members.i.substitutions.j'}' new = value('CFG.'members.i.substitutions.j) - queue old new - call Print 'Change' old 'to' new'.' + specials = 0 + changeMode = 'Normal' + do s = 1 to length(SPECIAL_CHARS) + specials = specials + pos(substr(SPECIAL_CHARS, s, 1), new) + end + changeCommand = 'change all 'old + if specials > 0 then do + changeCommand = changeCommand "X'"c2x(new)"'" + changeMode = 'Hex' + end + else do + changeCommand = changeCommand new + end + if length(changeCommand) > 255 then do + say 'Stopping at 'd'.' + say ' Command too long:' + say ' 'changeCommand + ExitWithRC(8) + end + queue changeCommand + call Print '('changeMode') Change' old 'to' new'.' cmd = 'edit dataset('"'"d"'"') macro(zwechg)' call Print cmd address ispexec cmd From c6b4173dea66666294a6fb25085745a620568e10 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Mon, 10 Jun 2024 14:14:38 +0200 Subject: [PATCH 217/258] Variable name typo Signed-off-by: Martin Zeithaml --- files/SZWESAMP/ZWERMVS2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/SZWESAMP/ZWERMVS2 b/files/SZWESAMP/ZWERMVS2 index 7f3cd150fb..266f60099a 100644 --- a/files/SZWESAMP/ZWERMVS2 +++ b/files/SZWESAMP/ZWERMVS2 @@ -22,6 +22,6 @@ //RMPDSE EXEC PGM=IKJEFT01 //SYSTSPRT DD SYSOUT=A //SYSTSIN DD * -DELETE '{zowe.setup.dataset.authLoadLib}' + +DELETE '{zowe.setup.dataset.authLoadlib}' + SCRATCH NONVSAM //* From d665b33315b0f855969b3934bf8743be75312d65 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Wed, 12 Jun 2024 12:54:16 +0200 Subject: [PATCH 218/258] change with propres apostrophes Signed-off-by: Martin Zeithaml --- files/SZWEEXEC/ZWEGEN00 | 78 +++++++++++++++++++---------------------- 1 file changed, 37 insertions(+), 41 deletions(-) diff --git a/files/SZWEEXEC/ZWEGEN00 b/files/SZWEEXEC/ZWEGEN00 index 78823796ab..9a1773cea6 100644 --- a/files/SZWEEXEC/ZWEGEN00 +++ b/files/SZWEEXEC/ZWEGEN00 @@ -307,54 +307,50 @@ say 'All of the substitutions were found.' Invoke the edit macro on the substitutions for each member. ZWECHG: change all word1 word2 word1 is expected to be {zowe.something} - word2 is anything, including spaces or special chars - In such case use: change all word1 X'c2x(word2)' + word2 is anything, including spaces, single or double apostrophes ================================================================================ */ say 'Invoking the edit macro on each member.' -SPECIAL_CHARS = ' ''"' - do i = 1 to members.0 - if members.i.substitutions.0 > 0 then do - do j = 1 to members.i.substitutions.0 - d = jclCopy'('members.i.name')' - call Print 'Edit 'd'.' - old = '{'members.i.substitutions.j'}' - new = value('CFG.'members.i.substitutions.j) - specials = 0 - changeMode = 'Normal' - do s = 1 to length(SPECIAL_CHARS) - specials = specials + pos(substr(SPECIAL_CHARS, s, 1), new) - end - changeCommand = 'change all 'old - if specials > 0 then do - changeCommand = changeCommand "X'"c2x(new)"'" - changeMode = 'Hex' - end - else do - changeCommand = changeCommand new - end - if length(changeCommand) > 255 then do - say 'Stopping at 'd'.' - say ' Command too long:' - say ' 'changeCommand - ExitWithRC(8) - end - queue changeCommand - call Print '('changeMode') Change' old 'to' new'.' - cmd = 'edit dataset('"'"d"'"') macro(zwechg)' - call Print cmd - address ispexec cmd - if RC <= 4 then do - call Print 'Edit successful.' - end - else do - say 'Stopping at 'd'.' - ExitWithRC(8) - end + if members.i.substitutions.0 > 0 then do + do j = 1 to members.i.substitutions.0 + d = jclCopy'('members.i.name')' + call Print 'Edit 'd'.' + old = '{'members.i.substitutions.j'}' + new = value('CFG.'members.i.substitutions.j) + apostrophes1 = "'" + apostrophes2 = "'" + if pos("'", new) > 0 & pos('"', new) = 0 then do + apostrophes1 = '"' + apostrophes2 = '"' end + if pos("'", new) > 0 & pos('"', new) > 0 then do + apostrophes1 = "X'" + apostrophes2 = "'" + new = c2x(new) + end + changeCommand = 'change all 'old apostrophes1||new||apostrophes2 + if length(changeCommand) > 255 then do + say 'Stopping at 'd'.' + say ' Command too long:' + say ' 'changeCommand + ExitWithRC(8) + end + queue changeCommand + call Print changeCommand + cmd = 'edit dataset('"'"d"'"') macro(zwechg)' + call Print cmd + address ispexec cmd + if RC <= 4 then do + call Print 'Edit successful.' + end + else do + say 'Stopping at 'd'.' + ExitWithRC(8) + end + end end end From 3ea37c1fe3da764f4f38da3fb76146b0b8e180aa Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Fri, 14 Jun 2024 14:12:31 +0200 Subject: [PATCH 219/258] Small update of errors Signed-off-by: Martin Zeithaml --- bin/commands/init/certificate/.errors | 2 ++ bin/commands/init/certificate/index.sh | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/bin/commands/init/certificate/.errors b/bin/commands/init/certificate/.errors index 070225e19e..0dbf93823a 100644 --- a/bin/commands/init/certificate/.errors +++ b/bin/commands/init/certificate/.errors @@ -1,2 +1,4 @@ ZWEL0157E|157|%s (%s) is not defined in Zowe YAML configuration file. ZWEL0164E|164|Value of %s (%s) defined in Zowe YAML configuration file is invalid. Valid values are %s. +ZWEL0174E|174|Failed to generate certificate in Zowe keyring "%s/%s". +ZWEL0319E|319|zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command. diff --git a/bin/commands/init/certificate/index.sh b/bin/commands/init/certificate/index.sh index 46a507f48c..dc19ed5d0d 100644 --- a/bin/commands/init/certificate/index.sh +++ b/bin/commands/init/certificate/index.sh @@ -35,7 +35,7 @@ fi jcllib=$(verify_generated_jcl) if [ "$?" -eq 1 ]; then - print_error_and_exit "Error ZWEL0999E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 999 + print_error_and_exit "Error ZWEL0319E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 319 fi # read cert type and validate From e2562379915137ad010eb0831c0acd45762f9538 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Fri, 14 Jun 2024 17:00:11 +0200 Subject: [PATCH 220/258] Message with proper name Signed-off-by: Martin Zeithaml --- bin/libs/certificate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/libs/certificate.sh b/bin/libs/certificate.sh index c7478626ce..37dfa1a33d 100644 --- a/bin/libs/certificate.sh +++ b/bin/libs/certificate.sh @@ -976,7 +976,7 @@ EOF print_message " - Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." print_message "" - print_message "WARNING: Due to the limitation of the ZWEKRING job, exit with 0 does not mean" + print_message "WARNING: Due to the limitation of the ${member_name} job, exit with 0 does not mean" print_message " the job is fully successful. Please check the job log to determine" print_message " if there are any inline errors." print_message "" From 875d672c6c14c4123a52903b341662a05608228e Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Thu, 20 Jun 2024 17:16:33 +0200 Subject: [PATCH 221/258] Minor help update Signed-off-by: Martin Zeithaml --- bin/commands/init/.help | 2 +- bin/commands/init/security/.help | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/bin/commands/init/.help b/bin/commands/init/.help index af9bac3401..b3ed7ce8e0 100644 --- a/bin/commands/init/.help +++ b/bin/commands/init/.help @@ -1,6 +1,6 @@ Init Zowe instance based on zowe.yaml configuration. -You can find an example zowe.yaml in Zowe runtime directory folder. +You can find an `example-zowe.yaml` in Zowe runtime directory folder. This command will run these sub-commands in sequence: diff --git a/bin/commands/init/security/.help b/bin/commands/init/security/.help index 205be360aa..6039a6b12a 100644 --- a/bin/commands/init/security/.help +++ b/bin/commands/init/security/.help @@ -1,4 +1,7 @@ -This command will run ZWESECUR jcl. +This command will run jcl based on the security product: +- `ZWEIACF` for ACF2 +- `ZWEIRAC` for RACF +- `ZWEITSS` for Top Secret NOTE: You require proper permission to run security configuration. From 5335edb13ee0e95cebe0b493020db477a5378ee2 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Thu, 20 Jun 2024 17:23:21 +0200 Subject: [PATCH 222/258] Missing generate parameters Signed-off-by: Martin Zeithaml --- bin/commands/init/generate/.examples | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 bin/commands/init/generate/.examples diff --git a/bin/commands/init/generate/.examples b/bin/commands/init/generate/.examples new file mode 100644 index 0000000000..e97c0adc10 --- /dev/null +++ b/bin/commands/init/generate/.examples @@ -0,0 +1,3 @@ +zwe init generate --config /path/to/zowe.yaml + +zwe init generate -c 'PARMLIB(ZOWE.PARMLIB(ZWEYAML))' --dry-run From cc7686276a11452c3284afb0fa0691a4cef269b5 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Thu, 20 Jun 2024 17:33:58 +0200 Subject: [PATCH 223/258] MD yaml syntax Signed-off-by: Martin Zeithaml --- bin/commands/init/apfauth/.errors | 2 +- bin/commands/init/apfauth/.help | 2 +- bin/commands/init/certificate/.help | 2 +- bin/commands/init/mvs/.help | 2 +- bin/commands/init/security/.help | 2 +- bin/commands/init/stc/.help | 2 +- bin/commands/init/vsam/.help | 2 +- bin/commands/install/.help | 2 +- bin/commands/start/.help | 9 +++++++-- bin/commands/stop/.help | 2 +- 10 files changed, 16 insertions(+), 11 deletions(-) diff --git a/bin/commands/init/apfauth/.errors b/bin/commands/init/apfauth/.errors index 7fe897ca15..cf0c1d2030 100644 --- a/bin/commands/init/apfauth/.errors +++ b/bin/commands/init/apfauth/.errors @@ -1,2 +1,2 @@ ZWEL0157E|157|%s (%s) is not defined in Zowe YAML configuration file. -ZWEL0319E|319|zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command. \ No newline at end of file +ZWEL0319E|319|zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command. diff --git a/bin/commands/init/apfauth/.help b/bin/commands/init/apfauth/.help index 129ab6f46d..9d1ed0706a 100644 --- a/bin/commands/init/apfauth/.help +++ b/bin/commands/init/apfauth/.help @@ -4,7 +4,7 @@ NOTE: You require proper permission to run APF authorize command. These Zowe YAML configurations showing with sample values are used: -``` +```yaml zowe: setup: dataset: diff --git a/bin/commands/init/certificate/.help b/bin/commands/init/certificate/.help index 3a0861b8ed..7eda0534f4 100644 --- a/bin/commands/init/certificate/.help +++ b/bin/commands/init/certificate/.help @@ -7,7 +7,7 @@ be written back to your Zowe YAML configuration file: These Zowe YAML configurations showing with sample values are used: -``` +```yaml zowe: setup: dataset: diff --git a/bin/commands/init/mvs/.help b/bin/commands/init/mvs/.help index 12db46d6b9..793175cd87 100644 --- a/bin/commands/init/mvs/.help +++ b/bin/commands/init/mvs/.help @@ -2,7 +2,7 @@ This command will prepare Zowe custom data sets. These Zowe YAML configurations showing with sample values are used: -``` +```yaml zowe: setup: dataset: diff --git a/bin/commands/init/security/.help b/bin/commands/init/security/.help index 6039a6b12a..ace1497f78 100644 --- a/bin/commands/init/security/.help +++ b/bin/commands/init/security/.help @@ -7,7 +7,7 @@ NOTE: You require proper permission to run security configuration. These Zowe YAML configurations showing with sample values are used: -``` +```yaml zowe: setup: dataset: diff --git a/bin/commands/init/stc/.help b/bin/commands/init/stc/.help index 8788282715..a1bb9e3356 100644 --- a/bin/commands/init/stc/.help +++ b/bin/commands/init/stc/.help @@ -5,7 +5,7 @@ NOTE: You require proper permission to write to target procedure library. These Zowe YAML configurations showing with sample values are used: -``` +```yaml zowe: setup: dataset: diff --git a/bin/commands/init/vsam/.help b/bin/commands/init/vsam/.help index 334284ba00..aa6265ac63 100644 --- a/bin/commands/init/vsam/.help +++ b/bin/commands/init/vsam/.help @@ -3,7 +3,7 @@ Caching Service. These Zowe YAML configurations showing with sample values are used: -``` +```yaml zowe: setup: dataset: diff --git a/bin/commands/install/.help b/bin/commands/install/.help index 5934904669..0ed39774f9 100644 --- a/bin/commands/install/.help +++ b/bin/commands/install/.help @@ -6,7 +6,7 @@ already prepared during SMPE install. These Zowe YAML configurations showing with sample values are used: -``` +```yaml zowe: setup: dataset: diff --git a/bin/commands/start/.help b/bin/commands/start/.help index f3c2b870a9..15c6e29496 100644 --- a/bin/commands/start/.help +++ b/bin/commands/start/.help @@ -2,13 +2,14 @@ Start Zowe with main started task. These Zowe YAML configurations showing with sample values are used: -``` +```yaml zowe: setup: security: stcs: zowe: ZWESLSTC - jobname: ZWE1SV + job: + name: ZWE1SV haInstances: [ha-instance]: sysname: ZLP1 @@ -21,3 +22,7 @@ haInstances: - `haInstances.[ha-instance].sysname` is the SYSNAME of the target HA instance. If you pass `--ha-instance` parameter, this is the SYSNAME the start command will be routed to. + +Note: `zwe start` is only identifying an already configured instance of Zowe. +Any additional changes to the `zowe.yaml` config could possibly require +either manual changes or running related `zwe` commands before issuing `zwe start`. diff --git a/bin/commands/stop/.help b/bin/commands/stop/.help index f0bc0d4d8d..c2ad2c66e3 100644 --- a/bin/commands/stop/.help +++ b/bin/commands/stop/.help @@ -2,7 +2,7 @@ Stop Zowe main job. These Zowe YAML configurations showing with sample values are used: -``` +```yaml zowe: setup: security: From 5dd2c916c172632a0176d62d9505b2d7ddfccc2a Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Fri, 21 Jun 2024 14:18:49 +0200 Subject: [PATCH 224/258] RLM -> RLS Signed-off-by: Martin Zeithaml --- INSTALLATION.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/INSTALLATION.md b/INSTALLATION.md index 4701e80d3d..b50be28fcf 100644 --- a/INSTALLATION.md +++ b/INSTALLATION.md @@ -164,7 +164,7 @@ Among the choices is for it to use a VSAM dataset of your choice. |Task|Description|Sample JCL| |---|---|---| -|Create VSAM Dataset for Caching Service|**Action**: Create a RLM or NONRLM dataset for the caching service, and set the name into the YAML value `components.caching-service.storage.vsam.name`|[ZWECSVSM](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWECSVSM)| +|Create VSAM Dataset for Caching Service|**Action**: Create a RLS or NONRLS dataset for the caching service, and set the name into the YAML value `components.caching-service.storage.vsam.name`|[ZWECSVSM](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWECSVSM)| JCL samples for removing Zowe configuration also exist. |Action|Sample JCL| @@ -245,7 +245,7 @@ Among the choices is for it to use a VSAM dataset of your choice. |Task|Description|Sample JCL|Doc| |---|---|---|---| -|Create VSAM Dataset for Caching Service|Creates a RLM or NONRLM dataset for the caching service using the YAML values in `zowe.setup.vsam`|`zwe init vsam`|[Doc](https://docs.zowe.org/stable/appendix/zwe_server_command_reference/zwe/init/zwe-init-vsam)| +|Create VSAM Dataset for Caching Service|Creates a RLS or NONRLS dataset for the caching service using the YAML values in `zowe.setup.vsam`|`zwe init vsam`|[Doc](https://docs.zowe.org/stable/appendix/zwe_server_command_reference/zwe/init/zwe-init-vsam)|

From e0dcada65f0406f930cedee1322830e17c53cbcb Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Fri, 21 Jun 2024 14:28:50 +0200 Subject: [PATCH 225/258] Space added Signed-off-by: Martin Zeithaml --- INSTALLATION.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/INSTALLATION.md b/INSTALLATION.md index b50be28fcf..31603c3e39 100644 --- a/INSTALLATION.md +++ b/INSTALLATION.md @@ -117,7 +117,7 @@ When the JCL is prepared, the following jobs can be submitted to perform the fol |Task|Description|Sample JCL| |---|---|---| |Create Instance Datasets|**Purpose:** Create datasets for Zowe's PARMLIB content and non-ZFS extension content for a given Zowe Instance

**Action:**
1) Allocate PDSE FB80 dataset with at least 15 tracks named from Zowe parameter `zowe.setup.dataset.parmlib`
2) Allocate PDSE FB80 dataset with at least 30 tracks named from Zowe parameter `zowe.setup.dataset.authPluginLib`
3) Copy ZWESIP00 member from `zowe.setup.dataset.prefix`.SZWESAMP into `zowe.setup.dataset.parmlib`|[ZWEIMVS](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIMVS)| -|APF Authorize privileged content|**Purpose:** Zowe contains one privileged component, ZIS, which enables the security model by which the majority of Zowe is unprivileged and in key 8. The load library for the ZIS component and its extension library must be set APF authorized and run in key 4 to use ZIS and components that depend upon it.

**Action:**
1)APF authorize the datasets defined at `zowe.setup.dataset.authLoadlib` and `zowe.setup.dataset.authPluginLib`.
2) Define PPT entries for the members ZWESIS01 and ZWESAUX as Key 4, NOSWAP in the SCHEDxx member of the system PARMLIB.|[ZWEIAPF](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIAPF)| +|APF Authorize privileged content|**Purpose:** Zowe contains one privileged component, ZIS, which enables the security model by which the majority of Zowe is unprivileged and in key 8. The load library for the ZIS component and its extension library must be set APF authorized and run in key 4 to use ZIS and components that depend upon it.

**Action:**
1) APF authorize the datasets defined at `zowe.setup.dataset.authLoadlib` and `zowe.setup.dataset.authPluginLib`.
2) Define PPT entries for the members ZWESIS01 and ZWESAUX as Key 4, NOSWAP in the SCHEDxx member of the system PARMLIB.|[ZWEIAPF](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIAPF)| |Grant SAF permissions|The STC accounts for Zowe need permissions for operating servers, and users need permissions for interacting with the servers.

**Action:** [Set SAF permissions for accounts](https://docs.zowe.org/stable/user-guide/assign-security-permissions-to-users#security-permissions-reference-table)|RACF: [ZWEIRAC](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIRAC)

TSS: [ZWEITSS](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEITSS)

ACF2: [ZWEIACF](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/SZWIACF)| |(z/OS v2.4 ONLY) Create Zowe SAF Resource Class|This is not needed on z/OS v2.5+. On z/OS v2.4, the SAF resource class for Zowe is not included, and must be created|RACF: [ZWEIRACZ](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIRACZ)

TSS: [ZWEITSSZ](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEITSSZ)

ACF2: [ZWEIACFZ](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIACFZ)| |Copy STC JCL to PROCLIB|**Purpose**: ZWESLSTC is the job for running Zowe's webservers, and ZWESISTC is for running the APF authorized cross-memory server. The ZWESASTC job is started by ZWESISTC on an as-needed basis.

**Action**: Copy the members ZWESLSTC, ZWESISTC, and ZWESASTC into your desired PROCLIB. If the job names are customized, also modify the YAML values of them in `zowe.setup.security.stcs`|[ZWEISTC](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEISTC)| From 3e5d5f0235ff2c01d52d21da63940d674185903b Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Fri, 21 Jun 2024 16:23:35 +0200 Subject: [PATCH 226/258] Compare realpath and escape dollar Signed-off-by: Martin Zeithaml --- bin/commands/init/certificate/.parameters | 2 +- bin/commands/init/generate/.errors | 2 +- bin/commands/init/index.ts | 4 +++- bin/libs/configmgr.ts | 2 +- 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/bin/commands/init/certificate/.parameters b/bin/commands/init/certificate/.parameters index 6d54bacd99..1b5ff1fa67 100644 --- a/bin/commands/init/certificate/.parameters +++ b/bin/commands/init/certificate/.parameters @@ -1,4 +1,4 @@ allow-overwrite,allow-overwritten||boolean|||||Allow overwritten existing MVS data set. update-config||boolean|||||Whether to update YAML configuration file with initialization result. ignore-security-failures||boolean|||||Whether to ignore security setup job failures. -security-dry-run,dry-run||boolean|||||Generates and prints JCL but does not execute \ No newline at end of file +security-dry-run,dry-run||boolean|||||Generates and prints JCL but does not execute. diff --git a/bin/commands/init/generate/.errors b/bin/commands/init/generate/.errors index cddf4b1847..1e83c1d4d2 100644 --- a/bin/commands/init/generate/.errors +++ b/bin/commands/init/generate/.errors @@ -1,3 +1,3 @@ ZWEL0143E|143|Cannot find data set member %s. You may need to re-run zwe install. ZWEL0157E|157|%s (%s) is not defined in Zowe YAML configuration file. -ZWEL0318E|318|Configuration stored in PARMLIB must use member name ZWEYAML when using generate action. \ No newline at end of file +ZWEL0318E|318|Configuration stored in PARMLIB must use member name ZWEYAML when using generate action. diff --git a/bin/commands/init/index.ts b/bin/commands/init/index.ts index 6694184828..5fea0c63f9 100644 --- a/bin/commands/init/index.ts +++ b/bin/commands/init/index.ts @@ -10,6 +10,7 @@ */ import * as std from 'cm_std'; +import * as os from 'cm_os'; import * as shell from '../../libs/shell'; import * as zoslib from '../../libs/zos'; import * as json from '../../libs/json'; @@ -62,7 +63,8 @@ export function execute(allowOverwrite?: boolean, dryRun?: boolean, ignoreSecuri // do we have zowe.runtimeDirectory defined in zowe.yaml? const configRuntimeDir = zoweConfig.zowe?.runtimeDirectory; if (configRuntimeDir) { - if (configRuntimeDir != std.getenv('ZWE_zowe_runtimeDirectory')) { + let realPathResult = os.realpath(configRuntimeDir); + if (realPathResult[1] != 0 || realPathResult[0] != std.getenv('ZWE_zowe_runtimeDirectory')) { common.printErrorAndExit(`Error ZWEL0105E: The Zowe YAML config file is associated to Zowe runtime "${configRuntimeDir}", which is not same as where zwe command is located.`, undefined, 105); } } else { diff --git a/bin/libs/configmgr.ts b/bin/libs/configmgr.ts index b7be7005bb..e2fd7cc2b6 100644 --- a/bin/libs/configmgr.ts +++ b/bin/libs/configmgr.ts @@ -249,7 +249,7 @@ function writeZoweConfigUpdate(updateObj: any, arrayMergeStrategy: number): numb rc = xplatform.storeFileUTF8(tempFilePath, xplatform.AUTO_DETECT, textOrNull); if (rc) { return rc; } - const cpCommand=`cp -v "${tempFilePath}" "//'${destination}'"`; + const cpCommand=`cp -v "${tempFilePath}" "//'${stringlib.escapeDollar(destination)}'"`; console.log('Writing temp file for PARMLIB update. Command= '+cpCommand); rc = os.exec(['sh', '-c', cpCommand], {block: true, usePath: true}); From e8e776a0228bca4f30735f99a0f632c1ba07e0f8 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Fri, 21 Jun 2024 17:17:37 +0200 Subject: [PATCH 227/258] Minor text updates Signed-off-by: Martin Zeithaml --- bin/commands/init/mvs/.errors | 2 +- bin/commands/init/mvs/.parameters | 2 +- bin/commands/init/security/.errors | 2 +- bin/commands/init/security/.parameters | 2 +- bin/commands/init/stc/.parameters | 2 +- bin/commands/init/vsam/.errors | 2 +- bin/commands/init/vsam/.parameters | 2 +- bin/commands/install/.help | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/bin/commands/init/mvs/.errors b/bin/commands/init/mvs/.errors index 6fcafcce22..8c6fc381f4 100644 --- a/bin/commands/init/mvs/.errors +++ b/bin/commands/init/mvs/.errors @@ -6,4 +6,4 @@ ZWEL0159E|159|Failed to modify %s. ZWEL0161E|161|Failed to run JCL %s. ZWEL0162E|162|Failed to find job %s result. ZWEL0163E|163|Job %s ends with code %s. -ZWEL0319E|319|zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command. \ No newline at end of file +ZWEL0319E|319|zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command. diff --git a/bin/commands/init/mvs/.parameters b/bin/commands/init/mvs/.parameters index 5182058f4b..e22daff5d3 100644 --- a/bin/commands/init/mvs/.parameters +++ b/bin/commands/init/mvs/.parameters @@ -1,2 +1,2 @@ allow-overwrite,allow-overwritten||boolean|||||Allow overwritten existing MVS data set. -dry-run||boolean|||||Generates and prints JCL but does not execute \ No newline at end of file +dry-run||boolean|||||Generates and prints JCL but does not execute. diff --git a/bin/commands/init/security/.errors b/bin/commands/init/security/.errors index 07717c0de7..3b992fddef 100644 --- a/bin/commands/init/security/.errors +++ b/bin/commands/init/security/.errors @@ -7,4 +7,4 @@ ZWEL0162E|162|Failed to find job %s result. ZWEL0162W||Failed to find job %s result. ZWEL0163E|163|Job %s ends with code %s. ZWEL0163W||Job %s ends with code %s. -ZWEL0319E|319|zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command. \ No newline at end of file +ZWEL0319E|319|zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command. diff --git a/bin/commands/init/security/.parameters b/bin/commands/init/security/.parameters index aa7b7c7da6..3c654a9e5d 100644 --- a/bin/commands/init/security/.parameters +++ b/bin/commands/init/security/.parameters @@ -1,2 +1,2 @@ -security-dry-run,dry-run||boolean|||||Generates and prints JCL but does not execute +security-dry-run,dry-run||boolean|||||Generates and prints JCL but does not execute. ignore-security-failures||boolean|||||Whether to ignore security setup job failures. diff --git a/bin/commands/init/stc/.parameters b/bin/commands/init/stc/.parameters index 5182058f4b..e22daff5d3 100644 --- a/bin/commands/init/stc/.parameters +++ b/bin/commands/init/stc/.parameters @@ -1,2 +1,2 @@ allow-overwrite,allow-overwritten||boolean|||||Allow overwritten existing MVS data set. -dry-run||boolean|||||Generates and prints JCL but does not execute \ No newline at end of file +dry-run||boolean|||||Generates and prints JCL but does not execute. diff --git a/bin/commands/init/vsam/.errors b/bin/commands/init/vsam/.errors index c61c89f285..6d2cd16611 100644 --- a/bin/commands/init/vsam/.errors +++ b/bin/commands/init/vsam/.errors @@ -8,4 +8,4 @@ ZWEL0161E|161|Failed to run JCL %s. ZWEL0162E|162|Failed to find job %s result. ZWEL0163E|163|Job %s ends with code %s. ZWEL0301W|0|Zowe Caching Service is not configured to use VSAM. Command skipped. -ZWEL0319E|319|zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command. \ No newline at end of file +ZWEL0319E|319|zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command. diff --git a/bin/commands/init/vsam/.parameters b/bin/commands/init/vsam/.parameters index c04e8f38ea..604a1cc286 100644 --- a/bin/commands/init/vsam/.parameters +++ b/bin/commands/init/vsam/.parameters @@ -1,3 +1,3 @@ allow-overwrite,allow-overwritten||boolean|||||Allow overwritten existing MVS data set. dry-run||boolean|||||Generates and prints JCL but does not execute -update-config||boolean|||||Whether to update YAML configuration for caching-service to match vsam name. \ No newline at end of file +update-config||boolean|||||Whether to update YAML configuration for caching-service to match vsam name. diff --git a/bin/commands/install/.help b/bin/commands/install/.help index 0ed39774f9..d413a85f2c 100644 --- a/bin/commands/install/.help +++ b/bin/commands/install/.help @@ -19,4 +19,4 @@ Expected outputs: * `SZWEAUTH` contains few Zowe load modules (++PROGRAM). * `SZWESAMP` contains several sample configurations. * `SZWEEXEC` contains few utilities used by Zowe. - * `SZWELOAD` contains config manager for rexx. \ No newline at end of file + * `SZWELOAD` contains config manager for REXX. From aaf66be5c621ff5efe5f3c231920b9657cba80e5 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Mon, 24 Jun 2024 14:02:28 +0200 Subject: [PATCH 228/258] Info for user Signed-off-by: Martin Zeithaml --- bin/commands/init/certificate/index.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/commands/init/certificate/index.sh b/bin/commands/init/certificate/index.sh index dc19ed5d0d..4ef595c6fe 100644 --- a/bin/commands/init/certificate/index.sh +++ b/bin/commands/init/certificate/index.sh @@ -11,6 +11,8 @@ # Copyright Contributors to the Zowe Project. ####################################################################### +print_level1_message "Generate certificate" + ############################### # validation require_zowe_yaml From 716caf1a4c31520dcbcf8bc5c70fe2e4f0ee4220 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Tue, 25 Jun 2024 11:07:19 +0200 Subject: [PATCH 229/258] ZWE variable typo Signed-off-by: Martin Zeithaml --- bin/commands/init/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/commands/init/index.ts b/bin/commands/init/index.ts index 5fea0c63f9..96c2396536 100644 --- a/bin/commands/init/index.ts +++ b/bin/commands/init/index.ts @@ -83,7 +83,7 @@ export function execute(allowOverwrite?: boolean, dryRun?: boolean, ignoreSecuri if (newZoweRuntimeDir) { updateObj.zowe = {runtimeDirectory: newZoweRuntimeDir}; } - json.updateZoweYamlFromObj(std.getenv('ZOWE_CLI_PARAMETER_CONFIG'), updateObj); + json.updateZoweYamlFromObj(std.getenv('ZWE_CLI_PARAMETER_CONFIG'), updateObj); common.printLevel2Message(`Runtime directory, Java and/or node.js settings are updated successfully.`); } else { From 9188de02461401d3c580c5a2ce9c0c5113f0a997 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 26 Jun 2024 14:12:28 +0200 Subject: [PATCH 230/258] ZWEGEN00 split CONFIG entry over multiple lines (#3873) * WIP to have ZWEGEN00 split CONFIG entry over multiple lines. Signed-off-by: 1000TurquoisePogs * Update CONFIG= for launcher Signed-off-by: Martin Zeithaml * Simplify macro Signed-off-by: Martin Zeithaml * Update SMPMCS.txt Signed-off-by: 1000TurquoisePogs * Update SMPMCS.txt Signed-off-by: 1000TurquoisePogs --------- Signed-off-by: 1000TurquoisePogs Signed-off-by: Martin Zeithaml Co-authored-by: Martin Zeithaml --- files/SZWEEXEC/ZWEGEN00 | 109 +++++++++++++++++++++++++++++++--------- files/SZWEEXEC/ZWEINS | 7 +++ files/SZWESAMP/ZWEGENER | 2 +- smpe/bld/SMPMCS.txt | 1 + 4 files changed, 95 insertions(+), 24 deletions(-) create mode 100644 files/SZWEEXEC/ZWEINS diff --git a/files/SZWEEXEC/ZWEGEN00 b/files/SZWEEXEC/ZWEGEN00 index 9a1773cea6..b0c0078299 100644 --- a/files/SZWEEXEC/ZWEGEN00 +++ b/files/SZWEEXEC/ZWEGEN00 @@ -35,8 +35,11 @@ parse arg operation verbosity */ schemaChain = GetSchemaChain() + +runtime = GetRuntimeDirectory() +defaultYaml = 'FILE('runtime'/files/defaults.yaml)' configChain = GetConfigChain() -configChainWithMembers = GetConfigChainWithMembers() +configChain = AddToChain(configChain, defaultYaml) /* ================================================================================ @@ -48,6 +51,11 @@ if Validate(schemaChain, configChain) > 0 then do ExitWithRC(8) end +if runtime = '' then do + say 'Runtime directory not found.' + ExitWithRC(8) +end + /* ================================================================================ If we should generate jcl, then use ConfigMgr to get the configuration @@ -74,7 +82,6 @@ end CFG.zwe.header.user = USERID() CFG.zwe.header.date = TRANSLATE(DATE(), '-', ' ') CFG.zwe.header.time = TIME() -CFG.ZWE_CLI_PARAMETER_CONFIG = configChainWithMembers /* ================================================================================ @@ -404,6 +411,74 @@ if card.0 > 0 then do say 'The job card was added to each member.' end + + +say 'Checking the ZWESLSTC CONFIG entry' + +if AllocateDataSet(jclCopy'(ZWESLSTC)', 'zwejcl') > 0 then do + ExitWithRC(8) +end +if ReadFromDataSet('zwejcl') > 0 then do + ExitWithRC(8) +end +if FreeByDD('zwejcl') > 0 then do + ExitWithRC(8) +end +do j = 1 to !contentToRead.0 + cmp1 = COMPARE(!contentToRead.j, 'CONFIG={ZWE_CLI_PARAMETER_CONFIG}') + cmp2 = COMPARE(!contentToRead.j, 'CONFIG=CFG.ZWE_CLI_PARAMETER_CONFIG') + if cmp1 = 0 | cmp2 = 0 then do + say 'Defining CONFIG entry for ZWESLSTC' + currentline = j + if ReadFromDataSet('myconfig') = 0 then do + do j = 1 to !contentToRead.0 + type = WORD(!contentToRead.j, 1) + location = WORD(!contentToRead.j, 2) + element = type'('location')' + if COMPARE(type, 'PARMLIB') = 0 then do + element = 'PARMLIB('location'(ZWEYAML))' + end + if j = 1 then do + cmd = 'LINE 'currentline' = "CONFIG='element + if !contentToRead.0 > 1 then do + cmd = cmd':\"' + end + else do + cmd = cmd'"' + end + call Print ' 'cmd + queue cmd + end + else do + if j > 2 then do + currentline = currentline + 1 + end + cmd = 'LINE_AFTER 'currentline' = "'element + if !contentToRead.0 > j then do + cmd = cmd':\"' + end + else do + cmd = cmd'"' + end + call Print ' 'cmd + queue cmd + end + end + cmd = 'edit dataset('"'"jclCopy'(ZWESLSTC)'"'"') macro(zweins)' + call Print cmd + address ispexec cmd + if RC <= 4 then do + call Print 'Insert successful.' + end + else do + say 'Defining CONFIG entry for ZWESLSTC failed.' + ExitWithRC(8) + end + end + leave + end +end + exit /* @@ -804,9 +879,6 @@ FreeByDSN: type = WORD(!contentToRead.j, 1) location = WORD(!contentToRead.j, 2) element = type'('location')' - if COMPARE(type, 'PARMLIB') = 0 then do - elementWithMember = 'PARMLIB('location'(ZWEYAML))' - end configChain = AddToChain(configChain, element) end end @@ -815,30 +887,21 @@ FreeByDSN: /* ================================================================================ - GetConfigChainWithMembers() + GetRuntimeDirectory() ================================================================================ */ - GetConfigChainWithMembers: - procedure expose !verbose +GetRuntimeDirectory: - configChain = '' + runtime = '' - if ReadFromDataSet('myconfig') = 0 then do - do j = 1 to !contentToRead.0 - type = WORD(!contentToRead.j, 1) - location = WORD(!contentToRead.j, 2) - if COMPARE(type, 'PARMLIB') = 0 then do - element = 'PARMLIB('location'(ZWEYAML))' - end - else do - element = type'('location')' - end - configChain = AddToChain(configChain, element) - end + if ReadFromDataSet('myschema') = 0 then do + type = WORD(!contentToRead.1, 1) + location = WORD(!contentToRead.1, 2) + offset = INDEX(location, '/schemas/zowe-yaml-schema.json') + runtime = SUBSTR(location, offset) end - return configChain - + return runtime /* ================================================================================ diff --git a/files/SZWEEXEC/ZWEINS b/files/SZWEEXEC/ZWEINS new file mode 100644 index 0000000000..b101143796 --- /dev/null +++ b/files/SZWEEXEC/ZWEINS @@ -0,0 +1,7 @@ +/* REXX */ +address isredit 'macro' +do i = 1 to queued() + parse pull insertCmd + address isredit insertCmd +end +address isredit 'end' diff --git a/files/SZWESAMP/ZWEGENER b/files/SZWESAMP/ZWEGENER index f2b880ed1f..2cd5173009 100644 --- a/files/SZWESAMP/ZWEGENER +++ b/files/SZWESAMP/ZWEGENER @@ -72,7 +72,7 @@ $$ //* Do not remove the defaults.yaml entry. //* //* Ex. PARMLIB MY.ZOWE.CUSTOM.PARMLIB -//* FILE /the/zowe/defaults.yaml +//* FILE /some/other/zowe.yaml //MYCONFIG DD *,DLM=$$ FILE FILE {zowe.runtimeDirectory}/files/defaults.yaml diff --git a/smpe/bld/SMPMCS.txt b/smpe/bld/SMPMCS.txt index 76499349d8..4faee84ef7 100755 --- a/smpe/bld/SMPMCS.txt +++ b/smpe/bld/SMPMCS.txt @@ -30,6 +30,7 @@ ++SAMP(ZWE7APLY) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(1) . ++SAMP(ZWE8ACPT) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(1) . ++SAMP(ZWECHG) SYSLIB(SZWEEXEC) DISTLIB(AZWESAMP) RELFILE(2) . +++SAMP(ZWEINS) SYSLIB(SZWEEXEC) DISTLIB(AZWESAMP) RELFILE(2) . ++SAMP(ZWEGEN00) SYSLIB(SZWEEXEC) DISTLIB(AZWESAMP) RELFILE(2) . ++SAMP(ZWEMCOPY) SYSLIB(SZWEEXEC) DISTLIB(AZWESAMP) RELFILE(2) . ++SAMP(ZWEOCOPY) SYSLIB(SZWEEXEC) DISTLIB(AZWESAMP) RELFILE(2) . From e47fa35022ca729dbf252b6f69d62d9762048155 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 26 Jun 2024 15:24:14 +0200 Subject: [PATCH 231/258] Fix defaults.yaml not loading due to incorrect substr Signed-off-by: 1000TurquoisePogs --- files/SZWEEXEC/ZWEGEN00 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/SZWEEXEC/ZWEGEN00 b/files/SZWEEXEC/ZWEGEN00 index b0c0078299..47f9545404 100644 --- a/files/SZWEEXEC/ZWEGEN00 +++ b/files/SZWEEXEC/ZWEGEN00 @@ -898,7 +898,7 @@ GetRuntimeDirectory: type = WORD(!contentToRead.1, 1) location = WORD(!contentToRead.1, 2) offset = INDEX(location, '/schemas/zowe-yaml-schema.json') - runtime = SUBSTR(location, offset) + runtime = SUBSTR(location, 1, offset) end return runtime From e6e969480d22fb8ba8ce511aef38a43d581f0cff Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 26 Jun 2024 15:31:31 +0200 Subject: [PATCH 232/258] Remove defaults.yaml from ZWEGENER It is not needed twice. ZWEGEN00 adds it automatically. Signed-off-by: 1000TurquoisePogs --- files/SZWESAMP/ZWEGENER | 3 --- 1 file changed, 3 deletions(-) diff --git a/files/SZWESAMP/ZWEGENER b/files/SZWESAMP/ZWEGENER index 2cd5173009..75d8b165cd 100644 --- a/files/SZWESAMP/ZWEGENER +++ b/files/SZWESAMP/ZWEGENER @@ -69,13 +69,10 @@ $$ //* Overridden by the higher entries. //* PARMLIB member must be named "ZWEYAML" //* -//* Do not remove the defaults.yaml entry. -//* //* Ex. PARMLIB MY.ZOWE.CUSTOM.PARMLIB //* FILE /some/other/zowe.yaml //MYCONFIG DD *,DLM=$$ FILE -FILE {zowe.runtimeDirectory}/files/defaults.yaml $$ //CMGROUT DD SYSOUT=* //SYSPRINT DD SYSOUT=* From bbb3272dcbbdf5f67e8822a300a1e1ad099e1b08 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 26 Jun 2024 16:15:19 +0200 Subject: [PATCH 233/258] Fix stc existence check only checking last one Signed-off-by: 1000TurquoisePogs --- bin/commands/init/generate/.errors | 2 +- bin/commands/init/generate/index.ts | 2 +- bin/commands/init/stc/index.ts | 7 +++---- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/bin/commands/init/generate/.errors b/bin/commands/init/generate/.errors index 1e83c1d4d2..629ba9b6c1 100644 --- a/bin/commands/init/generate/.errors +++ b/bin/commands/init/generate/.errors @@ -1,3 +1,3 @@ ZWEL0143E|143|Cannot find data set member %s. You may need to re-run zwe install. ZWEL0157E|157|%s (%s) is not defined in Zowe YAML configuration file. -ZWEL0318E|318|Configuration stored in PARMLIB must use member name ZWEYAML when using generate action. +ZWEL0319E|319|Configuration stored in PARMLIB must use member name ZWEYAML when using generate action. diff --git a/bin/commands/init/generate/index.ts b/bin/commands/init/generate/index.ts index 7b15a61ce3..ef39f4245a 100644 --- a/bin/commands/init/generate/index.ts +++ b/bin/commands/init/generate/index.ts @@ -73,7 +73,7 @@ export function execute(dryRun?: boolean) { let endIndex = part.indexOf(')', memberIndex); let member = part.substring(memberIndex+1, endIndex); if (member.toUpperCase() != 'ZWEYAML') { - common.printErrorAndExit(`ZWEL0318E Configuration stored in PARMLIB must use member name ZWEYAML when using generate action.`, undefined, 318); + common.printErrorAndExit(`ZWEL0319E Configuration stored in PARMLIB must use member name ZWEYAML when using generate action.`, undefined, 319); } } configLines.push('PARMLIB ' + part.substring(0, part.indexOf('(')).replace(/[$]/g, '$$$$')); diff --git a/bin/commands/init/stc/index.ts b/bin/commands/init/stc/index.ts index 9619e362f3..f7ee31eb21 100644 --- a/bin/commands/init/stc/index.ts +++ b/bin/commands/init/stc/index.ts @@ -31,7 +31,7 @@ export function execute(allowOverwrite: boolean = false) { // constants const COMMAND_LIST = std.getenv('ZWE_CLI_COMMANDS_LIST'); - let stcExistence: boolean; + let stcExistence: boolean; // validation common.requireZoweYaml(); @@ -68,13 +68,12 @@ export function execute(allowOverwrite: boolean = false) { [security_stcs_zowe, security_stcs_zis, security_stcsAux].forEach((mb: string) => { // STCs in target proclib - stcExistence=zosdataset.isDatasetExists(`${proclib}(${mb})`); - if (stcExistence == true) { + if (zosdataset.isDatasetExists(`${proclib}(${mb})`)) { + stcExistence = true; if (allowOverwrite) { // warning common.printMessage(`Warning ZWEL0300W: ${proclib}(${mb}) already exists. This data set member will be overwritten during configuration.`); } else { - // common.printErrorAndExit(`Error ZWEL0158E: ${proclib}(${mb}) already exists.`, undefined, 158); // warning common.printMessage(`Warning ZWEL0301W: ${proclib}(${mb}) already exists and will not be overwritten. For upgrades, you must use --allow-overwrite.`); } From 4cf6e9d017cd0ede6026c610dc0a1d72f88fad3e Mon Sep 17 00:00:00 2001 From: Martin Zeithaml <66114686+Martin-Zeithaml@users.noreply.github.com> Date: Thu, 27 Jun 2024 10:23:50 +0200 Subject: [PATCH 234/258] ZWEGEN00: verify the operation and verbosity (#3745) Signed-off-by: Martin Zeithaml --- files/SZWEEXEC/ZWEGEN00 | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/files/SZWEEXEC/ZWEGEN00 b/files/SZWEEXEC/ZWEGEN00 index 47f9545404..23012082aa 100644 --- a/files/SZWEEXEC/ZWEGEN00 +++ b/files/SZWEEXEC/ZWEGEN00 @@ -25,6 +25,14 @@ parse arg operation verbosity +VALID_OPERATIONS = '"generate" | "nogenerate"' +VALID_VERBOSITY = '"verbose" | "noverbose"' + +if POS(verbosity, VALID_VERBOSITY) = 0 then do + say 'Error: "'verbosity'" is not a valid verbosity.' + say ' Valid verbosity levels are: '||VALID_VERBOSITY + ExitWithRC(8) +end !verbose = COMPARE(verbosity, 'noverbose') /* @@ -63,6 +71,12 @@ end ================================================================================ */ +if POS(operation, VALID_OPERATIONS) = 0 then do + say 'Error: "'operation'" is not a valid operation.' + say ' Valid operations are: '||VALID_OPERATIONS + ExitWithRC(8) +end + if COMPARE(operation, 'nogenerate') = 0 then do exit 0 end From f77b23877dd372bbf02977a07992162da3d8ef6f Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 27 Jun 2024 11:29:56 +0200 Subject: [PATCH 235/258] Fixes from review Signed-off-by: 1000TurquoisePogs --- bin/commands/init/.help | 33 +++++++++++++ bin/commands/init/certificate/index.sh | 6 +++ bin/commands/init/generate/.help | 65 ++++++++++++++++++++++++++ bin/commands/init/index.sh | 2 - bin/commands/init/index.ts | 2 +- bin/commands/init/mvs/index.sh | 2 - bin/libs/java.ts | 2 +- bin/libs/node.ts | 2 +- workflows/templates/ZWESECUR.vtl | 2 +- 9 files changed, 108 insertions(+), 8 deletions(-) create mode 100644 bin/commands/init/generate/.help diff --git a/bin/commands/init/.help b/bin/commands/init/.help index b3ed7ce8e0..6124314d0f 100644 --- a/bin/commands/init/.help +++ b/bin/commands/init/.help @@ -16,6 +16,39 @@ If you pass `--dry-run` with this command, each subcommand will print out the JCL that it would submit, without doing the submission. This can be used to review what Zowe would do before doing it. +The following are the JCL submitted by each command as needed + +- `zwe init mvs` + - ZWEIMVS + - (If `--allow-overwrite` specified and old datasets exist) ZWERMVS + - (If `zowe.setup.dataset.authLoadLib` is not named prefix + ZWELOAD) ZWEIMVS2 + - (If above is true, and the dataset exists, and `--allow-overwrite` is set) ZWERMVS2 +- `zwe init vsam` + - ZWECSVSM + - (If `--allow-overwrite` specified and old datasets exist) ZWECSRVS +- `zwe init apfauth` + - ZWEIAPF2 +- `zwe init security` + - (If RACF) ZWEIRAC + - (If RACF and z/OS 2.4) ZWIRACZ + - (If TSS) ZWEITSS + - (If TSS and z/OS 2.4) ZWITSSZ + - (If ACF2) ZWEIACF + - (If ACF2 and z/OS 2.4) ZWIACFZ +- `zwe init certificate` + - (If creating keyring and certificate for RACF) ZWEIKRR1 + - (If creating keyring and connecting certificate for RACF) ZWEIKRR2 + - (If creating keyring and importing certificate for RACF) ZWEIKRR3 + - (If creating keyring and certificate for TSS) ZWEIKRR1 + - (If creating keyring and connecting certificate for TSS) ZWEIKRT2 + - (If creating keyring and importing certificate for TSS) ZWEIKRT3 + - (If creating keyring and certificate for ACF2) ZWEIKRA1 + - (If creating keyring and connecting certificate for ACF2) ZWEIKRA2 + - (If creating keyring and importing certificate for ACF2) ZWEIKRA3 +- `zwe init stc` + - ZWEISTC + - (If `--allow-overwrite` specified and old members exist) ZWERSTC + If you pass `--skip-security-setup` with this command, `zwe init apfauth` and `zwe init security` steps will be skipped. diff --git a/bin/commands/init/certificate/index.sh b/bin/commands/init/certificate/index.sh index 4ef595c6fe..63860de145 100644 --- a/bin/commands/init/certificate/index.sh +++ b/bin/commands/init/certificate/index.sh @@ -22,6 +22,12 @@ else CONFIG_TO_WRITE=${ZWE_CLI_PARAMETER_CONFIG} fi +# Keytool is needed +require_java + +# Node is needed for read_yaml +require_node + export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=$(create_tmp_file) mkdir -p ${ZWE_PRIVATE_TMP_MERGED_YAML_DIR} _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/internal/config/output/cli.js" diff --git a/bin/commands/init/generate/.help b/bin/commands/init/generate/.help new file mode 100644 index 0000000000..5184ae171a --- /dev/null +++ b/bin/commands/init/generate/.help @@ -0,0 +1,65 @@ +Generate ready to execute JCL samples from zowe.yaml configuration values. + +This command executes the job ZWEGENER which copies the JCL templates from Zowe's SZWESAMP dataset, minus those not valid for your system ESM, and creates resolved, ready to execute JCL content within the dataset defined by the zowe.yaml property `zowe.setup.dataset.jcllib` (such as `zowe.setup.dataset.prefix` + "CUST.JCLLIB") + +These JCL files can be run by any means desired afterward. +The actions of `zwe init` will run them automatically if desired. +Each `zwe init` action has a `--dry-run` command which will print the value of the particular JCL file used, but not submit it. + +`--security-dry-run` or `--dry-run` do not have an affect on the generate command, as this command is used to create the JCL for all the other init commands and their `--dry-run` options. + +The following JCL will be created into the jcllib, using the content of the same name from within the SZWESAMP dataset: + +Instance dataset creation: +- ZWEIMVS: Creates Zowe instance datasets +- ZWERMVS: Removes these datasets +- ZWEIMVS2: Creates the `zowe.setup.dataset.authLoadLib` dataset if you have customized its name. This is not recommended, it is best to leave it as default. +- ZWERMVS2: Removes the above customized dataset. + +VSAM for caching service creation: +- ZWECSVSM: Creates a VSAM for the caching service +- ZWECSRVS: Removes the VSAM + +ZIS APF Authorization: +- ZWEIAPF: An example of how one would APF authorize the ZIS content of Zowe. +- ZWEIAPF2: An example of how one would APF authorize the ZIS content of Zowe. +You may wish to do this step another way. +You can read https://docs.zowe.org/stable/user-guide/apf-authorize-load-library to learn more. + +SAF permission setup: +- ZWEIRAC: Sets up SAF permissions for RACF +- ZWEIRACZ: Sets up the Zowe class for RACF if on z/OS 2.4 or older +- ZWEITSS: Sets up SAF permissions for TSS +- ZWEITSSZ: Sets up the Zowe class for TSS if on z/OS 2.4 or older +- ZWEIACF: Sets up SAF permissions for ACF2 +- ZWEIACFZ: Sets up the Zowe class for ACF2 if on z/OS 2.4 or older + +SAF permission removal: +- ZWENOSEC: Removes SAF permissions. Has RACF, TSS, ACF2 sections. + + +Keyring creation: +- ZWEIKRR1: Creates a keyring and certificate for RACF +- ZWEIKRR2: Creates a keyring and connects a certificate for RACF +- ZWEIKRR3: Creates a keyring and imports a certificate for RACF +- ZWEIKRT1: Creates a keyring and certificate for TSS +- ZWEIKRT2: Creates a keyring and connects a certificate for TSS +- ZWEIKRT3: Creates a keyring and imports a certificate for TSS +- ZWEIKRA1: Creates a keyring and certificate for ACF2 +- ZWEIKRA2: Creates a keyring and connects a certificate for ACF2 +- ZWEIKRA3: Creates a keyring and imports a certificate for ACF2 + +Keyring removal: +- ZWENOKRR: Removes Zowe's keyring for RACF +- ZWENOKRT: Removes Zowe's keyring for TSS +- ZWENORRA: Removes Zowe's keyring for ACF2 + +STC job setup: +- ZWEISTC: Copies the STC JCL of Zowe into your proclib +- ZWERSTC: Removes the Zowe STC JCL from the proclib + + +If you want to use a premade keyring with Zowe,, do not run these. These are for Zowe assisting in keyring creation. + +The above datasets can be run to set up a Zowe instance. +You can also use `zwe init` or `zwe init` subcommands to have them run automatically. diff --git a/bin/commands/init/index.sh b/bin/commands/init/index.sh index 50eda3f124..7b544b1f61 100755 --- a/bin/commands/init/index.sh +++ b/bin/commands/init/index.sh @@ -11,8 +11,6 @@ # Copyright Contributors to the Zowe Project. ####################################################################### -init_missing_yaml_properties - if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then # user-facing command, use tmpdir to not mess up workspace permissions export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 diff --git a/bin/commands/init/index.ts b/bin/commands/init/index.ts index 96c2396536..efd8cc8cec 100644 --- a/bin/commands/init/index.ts +++ b/bin/commands/init/index.ts @@ -102,7 +102,7 @@ export function execute(allowOverwrite?: boolean, dryRun?: boolean, ignoreSecuri common.printMessage(` home: "${newJavaHome}"`); } - common.printLevel2Message(`Please manually update "${std.getenv('ZWE_CLI_PARAMETER_CONFIG')}" before you start Zowe.`); + common.printLevel2Message(`Please manually update "${std.getenv('ZWE_CLI_PARAMETER_CONFIG_ORIG')}" before you start Zowe.`); } } else { common.printLevel2Message(`No need to update runtime directory, Java and node.js settings.`); diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index fdc7dbe0e4..2ef77fa5d0 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -10,8 +10,6 @@ # Copyright Contributors to the Zowe Project. ####################################################################### -init_missing_yaml_properties - if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then # user-facing command, use tmpdir to not mess up workspace permissions export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 diff --git a/bin/libs/java.ts b/bin/libs/java.ts index 9904863c4b..abf4bd76f7 100644 --- a/bin/libs/java.ts +++ b/bin/libs/java.ts @@ -72,7 +72,7 @@ export function requireJava() { } } if (!std.getenv('JAVA_HOME')) { - common.printErrorAndExit("Error ZWEL0122E: Cannot find java. Set the java.path value in the Zowe YAML, or include java in the PATH environment variable of any accounts that start or manage Zowe", undefined, 122); + common.printErrorAndExit("Error ZWEL0122E: Cannot find java. Set the java.home value in the Zowe YAML, or include java in the PATH environment variable of any accounts that start or manage Zowe", undefined, 122); } ensureJavaIsOnPath(); diff --git a/bin/libs/node.ts b/bin/libs/node.ts index 0732f6032d..3b20ccfd76 100644 --- a/bin/libs/node.ts +++ b/bin/libs/node.ts @@ -78,7 +78,7 @@ export function requireNode() { } } if (!std.getenv('NODE_HOME')) { - common.printErrorAndExit("Error ZWEL0121E: Cannot find node. Set the node.path value in the Zowe YAML, or include node in the PATH environment variable of any accounts that start or manage Zowe", undefined, 121); + common.printErrorAndExit("Error ZWEL0121E: Cannot find node. Set the node.home value in the Zowe YAML, or include node in the PATH environment variable of any accounts that start or manage Zowe", undefined, 121); } ensureNodeIsOnPath(); diff --git a/workflows/templates/ZWESECUR.vtl b/workflows/templates/ZWESECUR.vtl index 6f148e9d31..71ad8efec8 100644 --- a/workflows/templates/ZWESECUR.vtl +++ b/workflows/templates/ZWESECUR.vtl @@ -108,7 +108,7 @@ // SET ZISUSER=#[[{zowe.setup.security.users.zis}]]# // SET ZOWESTC=#[[{zowe.setup.security.stcs.zowe}]]# // SET ZISSTC=#[[{zowe.setup.security.stcs.zis}]]# -// SET AUXSTC=#[[zowe.setup.security.stcs.aux}]]# +// SET AUXSTC=#[[{zowe.setup.security.stcs.aux}]]# // SET HLQ=#[[{zowe.setup.dataset.prefix}]]# // SET SYSPROG=#[[{zowe.setup.security.groups.sysProg}]]# //* From c3272874e425f6a2aa0ab77e13192a109bbe9243 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Thu, 27 Jun 2024 13:24:43 +0200 Subject: [PATCH 236/258] Minor changes Signed-off-by: Martin Zeithaml --- bin/commands/init/generate/.help | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/commands/init/generate/.help b/bin/commands/init/generate/.help index 5184ae171a..38fd60e19f 100644 --- a/bin/commands/init/generate/.help +++ b/bin/commands/init/generate/.help @@ -1,6 +1,6 @@ Generate ready to execute JCL samples from zowe.yaml configuration values. -This command executes the job ZWEGENER which copies the JCL templates from Zowe's SZWESAMP dataset, minus those not valid for your system ESM, and creates resolved, ready to execute JCL content within the dataset defined by the zowe.yaml property `zowe.setup.dataset.jcllib` (such as `zowe.setup.dataset.prefix` + "CUST.JCLLIB") +This command executes the job ZWEGENER which copies the JCL templates from Zowe's SZWESAMP dataset, except those not valid for your system ESM, and creates resolved, ready to execute JCL content within the dataset defined by the zowe.yaml property `zowe.setup.dataset.jcllib` (such as `zowe.setup.dataset.prefix` + "CUST.JCLLIB") These JCL files can be run by any means desired afterward. The actions of `zwe init` will run them automatically if desired. @@ -59,7 +59,7 @@ STC job setup: - ZWERSTC: Removes the Zowe STC JCL from the proclib -If you want to use a premade keyring with Zowe,, do not run these. These are for Zowe assisting in keyring creation. +If you want to use a premade keyring with Zowe, do not run these. These are for Zowe assisting in keyring creation. The above datasets can be run to set up a Zowe instance. You can also use `zwe init` or `zwe init` subcommands to have them run automatically. From ed3b3408ad6202197a7095f79c969dae5c2f6574 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 27 Jun 2024 13:40:00 +0200 Subject: [PATCH 237/258] Clarification on help doc Signed-off-by: 1000TurquoisePogs --- bin/commands/init/generate/.help | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bin/commands/init/generate/.help b/bin/commands/init/generate/.help index 38fd60e19f..6dffedd0de 100644 --- a/bin/commands/init/generate/.help +++ b/bin/commands/init/generate/.help @@ -6,7 +6,8 @@ These JCL files can be run by any means desired afterward. The actions of `zwe init` will run them automatically if desired. Each `zwe init` action has a `--dry-run` command which will print the value of the particular JCL file used, but not submit it. -`--security-dry-run` or `--dry-run` do not have an affect on the generate command, as this command is used to create the JCL for all the other init commands and their `--dry-run` options. +This command supports `--security-dry-run` or `--dry-run` when called directly, but not when called on behalf of another `init` oepration, as this command is used to create the JCL for all the other init commands and their `--dry-run` options. +For example, if you run `zwe init generate --dry-run`, a dry run of the operation occurs. But if you run `zwe init mvs --dry-run`, `init mvs` requires the JCL to exist, so JCL generation will occur but the `init mvs` JCL will not be submitted afterward. The following JCL will be created into the jcllib, using the content of the same name from within the SZWESAMP dataset: From cfa2a2a2155e8a70dd8aa8b8624316d551a1b3ad Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 27 Jun 2024 13:47:16 +0200 Subject: [PATCH 238/258] Add back init_missing_yaml_properties for init mvs Signed-off-by: 1000TurquoisePogs --- bin/commands/init/mvs/index.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index 2ef77fa5d0..fdc7dbe0e4 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -10,6 +10,8 @@ # Copyright Contributors to the Zowe Project. ####################################################################### +init_missing_yaml_properties + if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then # user-facing command, use tmpdir to not mess up workspace permissions export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 From c79d7d86adf7c9b0c0b30a7773a17a4ed807ceed Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 27 Jun 2024 15:14:13 +0200 Subject: [PATCH 239/258] Fix typos on help and env name Signed-off-by: 1000TurquoisePogs --- bin/commands/init/generate/.help | 2 +- bin/commands/init/index.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/commands/init/generate/.help b/bin/commands/init/generate/.help index 6dffedd0de..3435621e50 100644 --- a/bin/commands/init/generate/.help +++ b/bin/commands/init/generate/.help @@ -6,7 +6,7 @@ These JCL files can be run by any means desired afterward. The actions of `zwe init` will run them automatically if desired. Each `zwe init` action has a `--dry-run` command which will print the value of the particular JCL file used, but not submit it. -This command supports `--security-dry-run` or `--dry-run` when called directly, but not when called on behalf of another `init` oepration, as this command is used to create the JCL for all the other init commands and their `--dry-run` options. +This command supports `--security-dry-run` or `--dry-run` when called directly, but not when called on behalf of another `init` operation, as this command is used to create the JCL for all the other init commands and their `--dry-run` options. For example, if you run `zwe init generate --dry-run`, a dry run of the operation occurs. But if you run `zwe init mvs --dry-run`, `init mvs` requires the JCL to exist, so JCL generation will occur but the `init mvs` JCL will not be submitted afterward. The following JCL will be created into the jcllib, using the content of the same name from within the SZWESAMP dataset: diff --git a/bin/commands/init/index.ts b/bin/commands/init/index.ts index efd8cc8cec..0756935fa5 100644 --- a/bin/commands/init/index.ts +++ b/bin/commands/init/index.ts @@ -102,7 +102,7 @@ export function execute(allowOverwrite?: boolean, dryRun?: boolean, ignoreSecuri common.printMessage(` home: "${newJavaHome}"`); } - common.printLevel2Message(`Please manually update "${std.getenv('ZWE_CLI_PARAMETER_CONFIG_ORIG')}" before you start Zowe.`); + common.printLevel2Message(`Please manually update "${std.getenv('ZWE_PRIVATE_CONFIG_ORIG')}" before you start Zowe.`); } } else { common.printLevel2Message(`No need to update runtime directory, Java and node.js settings.`); From 907bc7083836d2caf62bbfc48ee9c19447dda26a Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Mon, 1 Jul 2024 08:18:57 +0200 Subject: [PATCH 240/258] Typo Signed-off-by: Martin Zeithaml --- workflows/files/ZWECONF.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workflows/files/ZWECONF.xml b/workflows/files/ZWECONF.xml index 95966631b0..8f4ee7b153 100644 --- a/workflows/files/ZWECONF.xml +++ b/workflows/files/ZWECONF.xml @@ -1356,7 +1356,7 @@ How we want to verify SSL certificates of services. Valid values are: - Chaching Service variables + Caching Service variables Specify the variables for the Caching Service Main variables for Caching Service From 3650dd0a676495579d7e05099f22e79bcf838ce1 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Mon, 1 Jul 2024 10:36:20 +0200 Subject: [PATCH 241/258] Incorrect variable name for getting original config Signed-off-by: 1000TurquoisePogs --- bin/commands/internal/config/set/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/commands/internal/config/set/index.ts b/bin/commands/internal/config/set/index.ts index e184216d6a..754e84a87b 100644 --- a/bin/commands/internal/config/set/index.ts +++ b/bin/commands/internal/config/set/index.ts @@ -17,7 +17,7 @@ import * as fakejq from '../../../../libs/fakejq'; export function execute(configPath:string, newValue: any, haInstance?: string, valueAsString?: boolean) { common.requireZoweYaml(); - const configFiles=std.getenv('ZWE_CLI_PARAMETER_CONFIG_ORIG'); + const configFiles=std.getenv('ZWE_PRIVATE_CONFIG_ORIG'); const ZOWE_CONFIG=config.getZoweConfig(); if (!valueAsString) { From 004088f8b47655cf53bce9f9c2795778bd2e9904 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Tue, 2 Jul 2024 09:30:10 +0200 Subject: [PATCH 242/258] Update defaults.yaml Signed-off-by: 1000TurquoisePogs --- files/defaults.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/files/defaults.yaml b/files/defaults.yaml index ae9557640f..8b32c91796 100644 --- a/files/defaults.yaml +++ b/files/defaults.yaml @@ -137,7 +137,6 @@ zowe: verifyCertificates: STRICT #------------------------------------------------------------------------------- - # Zowe components default configurations #------------------------------------------------------------------------------- components: From c7bdbd3c22db24d41f64c0e1399236a1ee2c9066 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Tue, 6 Aug 2024 13:39:09 +0200 Subject: [PATCH 243/258] Copy check Signed-off-by: Martin Zeithaml --- bin/libs/zos-dataset.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/libs/zos-dataset.sh b/bin/libs/zos-dataset.sh index 16154681f5..539cd9db3d 100644 --- a/bin/libs/zos-dataset.sh +++ b/bin/libs/zos-dataset.sh @@ -105,7 +105,7 @@ data_set_copy_to_data_set() { allow_overwrite="${4}" if [ "${allow_overwrite}" != "true" ]; then - if [ "$(is_data_set_exists "//'${ds_to}'")" = "true" ]; then + if [ "$(is_data_set_exists '${ds_to}')" = "true" ]; then print_error_and_exit "Error ZWEL0133E: Data set ${ds_to} already exists" "" 133 fi fi From 3346ac5e80e6c17614ffd0a3514b0b48b9c1f37f Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Fri, 9 Aug 2024 11:48:20 +0200 Subject: [PATCH 244/258] Certificate type details Signed-off-by: Martin Zeithaml --- example-zowe.yaml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/example-zowe.yaml b/example-zowe.yaml index d8f31347a2..f178ca3b6c 100644 --- a/example-zowe.yaml +++ b/example-zowe.yaml @@ -99,6 +99,7 @@ zowe: # >>>> Certificate setup scenario 1 # PKCS12 (keystore) with Zowe generate certificates. certificate: + # Type of certificate storage. Valid values are: PKCS12, JCERACFKS. APIML additionally supports: JCEKS, JCECCAKS, JCECCARACFKS, or JCEHYBRIDRACFKS type: PKCS12 pkcs12: # **COMMONLY_CUSTOMIZED** @@ -143,6 +144,7 @@ zowe: # # >>>> Certificate setup scenario 2 # # PKCS12 (keystore) with importing certificate generated by other CA. # certificate: + # # Type of certificate storage. Valid values are: PKCS12, JCERACFKS. APIML additionally supports: JCEKS, JCECCAKS, JCECCARACFKS, or JCEHYBRIDRACFKS # type: PKCS12 # pkcs12: # # **COMMONLY_CUSTOMIZED** @@ -175,7 +177,7 @@ zowe: # # >>>> Certificate setup scenario 3 # # Zowe generated z/OS Keyring with Zowe generated certificates. # certificate: - # # Type of certificate storage. Valid values are: JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS + # # Type of certificate storage. Valid values are: PKCS12, JCERACFKS. APIML additionally supports: JCEKS, JCECCAKS, JCECCARACFKS, or JCEHYBRIDRACFKS # type: JCERACFKS # keyring: # # **COMMONLY_CUSTOMIZED** @@ -216,7 +218,7 @@ zowe: # # >>>> Certificate setup scenario 4 # # Zowe generated z/OS Keyring and connect to existing certificate # certificate: - # # Type of certificate storage. Valid values are: JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS + # # Type of certificate storage. Valid values are: PKCS12, JCERACFKS. APIML additionally supports: JCEKS, JCECCAKS, JCECCARACFKS, or JCEHYBRIDRACFKS # type: JCERACFKS # keyring: # # **COMMONLY_CUSTOMIZED** @@ -246,7 +248,7 @@ zowe: # # >>>> Certificate setup scenario 5 # # Zowe generated z/OS Keyring with importing certificate stored in data set # certificate: - # # Type of certificate storage. Valid values are: JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS + # # Type of certificate storage. Valid values are: PKCS12, JCERACFKS. APIML additionally supports: JCEKS, JCECCAKS, JCECCARACFKS, or JCEHYBRIDRACFKS # type: JCERACFKS # keyring: # # **COMMONLY_CUSTOMIZED** From 2e7b46a039a0f94707d4e6c88cde10bcd42d9945 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Fri, 9 Aug 2024 12:58:44 +0200 Subject: [PATCH 245/258] Schema update Signed-off-by: Martin Zeithaml --- schemas/zowe-yaml-schema.json | 376 +++++++++++++++++++--------------- 1 file changed, 211 insertions(+), 165 deletions(-) diff --git a/schemas/zowe-yaml-schema.json b/schemas/zowe-yaml-schema.json index 6a48801f34..bd17532cd3 100644 --- a/schemas/zowe-yaml-schema.json +++ b/schemas/zowe-yaml-schema.json @@ -161,208 +161,254 @@ } }, "certificate": { - "type": "object", - "additionalProperties": false, - "if": { - "properties": { - "type": { - "const": "PKCS12" - } - } - }, - "then": { - "required": ["pkcs12"] - }, - "else": { - "required": ["keyring"] - }, - "description": "Certificate related configurations", - "properties": { - "type": { - "type": "string", - "description": "Type of certificate storage method.", - "enum": ["PKCS12", "JCEKS", "JCECCAKS", "JCERACFKS", "JCECCARACFKS", "JCEHYBRIDRACFKS"], - "default": "PKCS12" - }, - "pkcs12": { + "oneOf": [ + { "type": "object", - "additionalProperties": false, - "description": "PKCS#12 keystore settings", + "required": [ "pkcs12" ], "properties": { - "directory": { - "type": [ "string", "null" ], - "description": "Keystore directory" - }, - "name": { - "type": [ "string", "null" ], - "description": "Certificate alias name. Note: please use all lower cases as alias.", - "default": "localhost" - }, - "password": { - "type": [ "string", "null" ], - "description": "Keystore password", - "default": "password" - }, - "caAlias": { - "type": [ "string", "null" ], - "description": "Alias name of self-signed certificate authority. Note: please use all lower cases as alias.", - "default": "local_ca" - }, - "caPassword": { - "type": [ "string", "null" ], - "description": "Password of keystore stored self-signed certificate authority.", - "default": "local_ca_password" - }, - "lock": { - "type": [ "boolean", "null" ], - "description": "Whether to restrict the permissions of the keystore after creation" - }, - "import": { + "type": { "const": "PKCS12" }, + "pkcs12": { "type": "object", "additionalProperties": false, - "description": "Configure this section if you want to import certificate from another PKCS#12 keystore.", + "description": "PKCS#12 keystore settings", "properties": { - "keystore": { - "type": "string", - "description": "Existing PKCS#12 keystore which holds the certificate issued by external CA." + "directory": { + "type": [ "string", "null" ], + "description": "Keystore directory" + }, + "name": { + "type": [ "string", "null" ], + "description": "Certificate alias name. Note: please use all lower cases as alias.", + "default": "localhost" }, "password": { - "type": "string", - "description": "Password of the above keystore" + "type": [ "string", "null" ], + "description": "Keystore password", + "default": "password" }, - "alias": { - "type": "string", - "description": "Certificate alias will be imported. Note: please use all lower cases as alias." + "caAlias": { + "type": [ "string", "null" ], + "description": "Alias name of self-signed certificate authority. Note: please use all lower cases as alias.", + "default": "local_ca" + }, + "caPassword": { + "type": [ "string", "null" ], + "description": "Password of keystore stored self-signed certificate authority.", + "default": "local_ca_password" + }, + "lock": { + "type": [ "string", "null" ], + "description": "Whether to restrict the permissions of the keystore after creation" + }, + "import": { + "type": "object", + "additionalProperties": false, + "description": "Configure this section if you want to import certificate from another PKCS#12 keystore.", + "properties": { + "keystore": { + "type": "string", + "description": "Existing PKCS#12 keystore which holds the certificate issued by external CA." + }, + "password": { + "type": "string", + "description": "Password of the above keystore" + }, + "alias": { + "type": "string", + "description": "Certificate alias will be imported. Note: please use all lower cases as alias." + } + } } } - } - } - }, - "keyring": { - "type": "object", - "additionalProperties": false, - "description": "Configure this section if you are using z/OS keyring", - "properties": { - "owner": { - "type": "string", - "description": "keyring owner. If this is empty, Zowe will use the user ID defined as zowe.setup.security.users.zowe." - }, - "name": { - "type": "string", - "description": "keyring name" - }, - "label": { - "type": "string", - "description": "Label of Zowe certificate.", - "default": "localhost" }, - "caLabel": { - "type": "string", - "description": "label of Zowe CA certificate.", - "default": "localca" - }, - "connect": { + "dname": { "type": "object", "additionalProperties": false, - "description": "Configure this section if you want to connect existing certificate in keyring to Zowe.", + "description": "Certificate distinguish name", "properties": { - "user": { - "type": "string", - "description": "Current owner of the existing certificate, can be SITE or an user ID." + "caCommonName": { + "type": [ "string", "null" ], + "description": "Common name of certificate authority generated by Zowe." }, - "label": { - "type": "string", - "description": "Label of the existing certificate will be connected to Zowe keyring." + "commonName": { + "type": [ "string", "null" ], + "description": "Common name of certificate generated by Zowe." + }, + "orgUnit": { + "type": [ "string", "null" ], + "description": "Organization unit of certificate generated by Zowe." + }, + "org": { + "type": [ "string", "null" ], + "description": "Organization of certificate generated by Zowe." + }, + "locality": { + "type": [ "string", "null" ], + "description": "Locality of certificate generated by Zowe. This is usually the city name." + }, + "state": { + "type": [ "string", "null" ], + "description": "State of certificate generated by Zowe. You can also put province name here." + }, + "country": { + "type": [ "string", "null" ], + "description": "2 letters country code of certificate generated by Zowe." } } }, - "import": { + "validity": { + "type": [ "integer", "null" ], + "description": "Validity days for Zowe generated certificates", + "default": 3650 + }, + "san": { + "type": "array", + "description": "Domain names and IPs should be added into certificate SAN. If this field is not defined, `zwe init` command will use `zowe.externalDomains`.", + "items": { + "type": "string" + } + }, + "importCertificateAuthorities": { + "type": "array", + "description": "PEM format certificate authorities will also be imported and trusted. If you have other certificate authorities want to be trusted in Zowe keyring, list the certificate labels here. **NOTE**, due to the limitation of RACDCERT command, this field should contain maximum 2 entries.", + "items": { + "type": "string" + } + } + } + }, + { + "type": "object", + "required": [ "keyring" ], + "properties": { + "type": { "enum": ["JCEKS", "JCECCAKS", "JCERACFKS", "JCECCARACFKS", "JCEHYBRIDRACFKS"] }, + "keyring": { "type": "object", "additionalProperties": false, - "description": "Configure this section if you want to import existing certificate stored in data set to Zowe.", + "description": "Configure this section if you are using z/OS keyring", "properties": { - "dsName": { + "owner": { "type": "string", - "description": "Name of the data set holds the certificate issued by other CA. This data set should be in PKCS12 format and contain private key." + "description": "keyring owner. If this is empty, Zowe will use the user ID defined as zowe.setup.security.users.zowe." }, - "password": { + "name": { "type": "string", - "description": "Password for the PKCS12 data set." + "description": "keyring name" + }, + "label": { + "type": "string", + "description": "Label of Zowe certificate.", + "default": "localhost" + }, + "caLabel": { + "type": "string", + "description": "label of Zowe CA certificate.", + "default": "localca" + }, + "connect": { + "type": "object", + "additionalProperties": false, + "description": "Configure this section if you want to connect existing certificate in keyring to Zowe.", + "properties": { + "user": { + "type": "string", + "description": "Current owner of the existing certificate, can be SITE or an user ID." + }, + "label": { + "type": "string", + "description": "Label of the existing certificate will be connected to Zowe keyring." + } + } + }, + "import": { + "type": "object", + "additionalProperties": false, + "description": "Configure this section if you want to import existing certificate stored in data set to Zowe.", + "properties": { + "dsName": { + "type": "string", + "description": "Name of the data set holds the certificate issued by other CA. This data set should be in PKCS12 format and contain private key." + }, + "password": { + "type": "string", + "description": "Password for the PKCS12 data set." + } + } + }, + "zOSMF": { + "type": "object", + "additionalProperties": false, + "description": "Configure this section if you want to trust z/OSMF certificate authority in Zowe keyring.", + "properties": { + "ca": { + "type": "string", + "description": "z/OSMF certificate authority alias" + }, + "user": { + "type": "string", + "description": "z/OSMF user. Zowe initialization utility can detect alias of z/OSMF CA for RACF security system. The automated detection requires this z/OSMF user as input." + } + } } } }, - "zOSMF": { + "dname": { "type": "object", "additionalProperties": false, - "description": "Configure this section if you want to trust z/OSMF certificate authority in Zowe keyring.", + "description": "Certificate distinguish name", "properties": { - "ca": { - "type": "string", - "description": "z/OSMF certificate authority alias" + "caCommonName": { + "type": [ "string", "null" ], + "description": "Common name of certificate authority generated by Zowe." }, - "user": { - "type": "string", - "description": "z/OSMF user. Zowe initialization utility can detect alias of z/OSMF CA for RACF security system. The automated detection requires this z/OSMF user as input." + "commonName": { + "type": [ "string", "null" ], + "description": "Common name of certificate generated by Zowe." + }, + "orgUnit": { + "type": [ "string", "null" ], + "description": "Organization unit of certificate generated by Zowe." + }, + "org": { + "type": [ "string", "null" ], + "description": "Organization of certificate generated by Zowe." + }, + "locality": { + "type": [ "string", "null" ], + "description": "Locality of certificate generated by Zowe. This is usually the city name." + }, + "state": { + "type": [ "string", "null" ], + "description": "State of certificate generated by Zowe. You can also put province name here." + }, + "country": { + "type": [ "string", "null" ], + "description": "2 letters country code of certificate generated by Zowe." } } - } - } - }, - "dname": { - "type": "object", - "additionalProperties": false, - "description": "Certificate distinguish name", - "properties": { - "caCommonName": { - "type": [ "string", "null" ], - "description": "Common name of certificate authority generated by Zowe." - }, - "commonName": { - "type": [ "string", "null" ], - "description": "Common name of certificate generated by Zowe." - }, - "orgUnit": { - "type": [ "string", "null" ], - "description": "Organization unit of certificate generated by Zowe." - }, - "org": { - "type": [ "string", "null" ], - "description": "Organization of certificate generated by Zowe." }, - "locality": { - "type": [ "string", "null" ], - "description": "Locality of certificate generated by Zowe. This is usually the city name." + "validity": { + "type": [ "integer", "null" ], + "description": "Validity days for Zowe generated certificates", + "default": 3650 }, - "state": { - "type": [ "string", "null" ], - "description": "State of certificate generated by Zowe. You can also put province name here." + "san": { + "type": "array", + "description": "Domain names and IPs should be added into certificate SAN. If this field is not defined, `zwe init` command will use `zowe.externalDomains`.", + "items": { + "type": "string" + } }, - "country": { - "type": [ "string", "null" ], - "description": "2 letters country code of certificate generated by Zowe." + "importCertificateAuthorities": { + "type": "array", + "description": "PEM format certificate authorities will also be imported and trusted. If you have other certificate authorities want to be trusted in Zowe keyring, list the certificate labels here. **NOTE**, due to the limitation of RACDCERT command, this field should contain maximum 2 entries.", + "items": { + "type": "string" + } } } - }, - "validity": { - "type": [ "integer", "null" ], - "description": "Validity days for Zowe generated certificates", - "default": 3650 - }, - "san": { - "type": "array", - "description": "Domain names and IPs should be added into certificate SAN. If this field is not defined, `zwe init` command will use `zowe.externalDomains`.", - "items": { - "type": "string" - } - }, - "importCertificateAuthorities": { - "type": "array", - "description": "PEM format certificate authorities will also be imported and trusted. If you have other certificate authorities want to be trusted in Zowe keyring, list the certificate labels here. **NOTE**, due to the limitation of RACDCERT command, this field should contain maximum 2 entries.", - "items": { - "type": "string" - } } - } + ] }, "vsam": { "type": "object", @@ -800,11 +846,11 @@ "description": "Certificate in PEM format.", "properties": { "key": { - "type": "string", + "type": [ "string", "null" ], "description": "Path to the certificate private key stored in PEM format." }, "certificate": { - "type": "string", + "type": [ "string", "null" ], "description": "Path to the certificate stored in PEM format." }, "certificateAuthorities": { From 9c3c036d067c1de9892e33f4457909610ee60603 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Fri, 9 Aug 2024 13:32:42 +0200 Subject: [PATCH 246/258] Install update Signed-off-by: Martin Zeithaml --- files/SZWESAMP/ZWEINSTL | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/files/SZWESAMP/ZWEINSTL b/files/SZWESAMP/ZWEINSTL index 9d9249c81a..3a02863936 100644 --- a/files/SZWESAMP/ZWEINSTL +++ b/files/SZWESAMP/ZWEINSTL @@ -36,20 +36,25 @@ blksize(32760) unit(sysallda) space(30,15) tracks //STDOUT DD SYSOUT=* //STDERR DD SYSOUT=* //STDPARM DD * -SH cd {zowe.runtimeDirectory} && +SH cd '{zowe.runtimeDirectory}' && +ZWE_TMP_PREFIX='{zowe.setup.dataset.prefix}' && cd files/SZWESAMP && -cp * "//'{zowe.setup.dataset.prefix}.SZWESAMP'" && +cp * "//'$ZWE_TMP_PREFIX.SZWESAMP'" && cd ../SZWEEXEC && -cp * "//'{zowe.setup.dataset.prefix}.SZWEEXEC'" && +cp * "//'$ZWE_TMP_PREFIX.SZWEEXEC'" && cd ../SZWELOAD && -cp * "//'{zowe.setup.dataset.prefix}.SZWELOAD'" && -cd ../../components/launcher/bin -cp zowe_launcher "//'{zowe.setup.dataset.prefix}.SZWEAUTH'" && +cp * "//'$ZWE_TMP_PREFIX.SZWELOAD'" && +cd ../../components/launcher/bin && +cp zowe_launcher + "//'$ZWE_TMP_PREFIX.SZWEAUTH(ZWELNCH)'" && cd ../../zss/SAMPLIB && -cp ZWESASTC ZWESIP00 ZWESISTC ZWESISCH - "//'{zowe.setup.dataset.prefix}.SZWESAMP'" && +cp ZWESIP00 ZWESISCH + "//'$ZWE_TMP_PREFIX.SZWESAMP'" && +cp ZWESAUX + "//'$ZWE_TMP_PREFIX.SZWESAMP(ZWESASTC)'" && +cp ZWESIS01 + "//'$ZWE_TMP_PREFIX.SZWESAMP(ZWESISTC)'" && cd ../LOADLIB && cp ZWESIS01 ZWESAUX ZWESISDL - "//'{zowe.setup.dataset.prefix}.SZWEAUTH'" -/* - + "//'$ZWE_TMP_PREFIX.SZWEAUTH'" +/* \ No newline at end of file From 135297613ca85e65786ebc9fc2a432757ea024a8 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Mon, 12 Aug 2024 12:56:07 +0200 Subject: [PATCH 247/258] Include zss changes Signed-off-by: Martin Zeithaml --- manifest.json.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json.template b/manifest.json.template index 195542ae2f..25179f2c57 100644 --- a/manifest.json.template +++ b/manifest.json.template @@ -40,7 +40,7 @@ "artifact": "*.pax" }, "org.zowe.zss": { - "version": "^2.16.0-PR-683", + "version": "^2.18.0-PR-683", "artifact": "*.pax" }, "org.zowe.explorer.jobs.jobs-api-package": { From 29b9e3794b87bc3d6e7d6ecedfbc3249c455a882 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Fri, 23 Aug 2024 14:15:51 +0200 Subject: [PATCH 248/258] Catch possible yaml error Signed-off-by: Martin Zeithaml --- bin/commands/init/certificate/.errors | 1 + bin/commands/init/certificate/index.sh | 8 ++++++-- bin/libs/common.sh | 2 +- schemas/zowe-yaml-schema.json | 2 +- 4 files changed, 9 insertions(+), 4 deletions(-) diff --git a/bin/commands/init/certificate/.errors b/bin/commands/init/certificate/.errors index 0dbf93823a..173126d09e 100644 --- a/bin/commands/init/certificate/.errors +++ b/bin/commands/init/certificate/.errors @@ -2,3 +2,4 @@ ZWEL0157E|157|%s (%s) is not defined in Zowe YAML configuration file. ZWEL0164E|164|Value of %s (%s) defined in Zowe YAML configuration file is invalid. Valid values are %s. ZWEL0174E|174|Failed to generate certificate in Zowe keyring "%s/%s". ZWEL0319E|319|zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command. +ZWEL0201E|201|File %s does not exist. diff --git a/bin/commands/init/certificate/index.sh b/bin/commands/init/certificate/index.sh index 63860de145..c3e3fabbad 100644 --- a/bin/commands/init/certificate/index.sh +++ b/bin/commands/init/certificate/index.sh @@ -31,8 +31,12 @@ require_node export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=$(create_tmp_file) mkdir -p ${ZWE_PRIVATE_TMP_MERGED_YAML_DIR} _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/internal/config/output/cli.js" +if [ $? -eq 0 -a -f "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}/.zowe-merged.yaml" ]; then # use the yaml configmgr returns because it will contain defaults for the version we are using. -ZWE_CLI_PARAMETER_CONFIG=${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}/.zowe-merged.yaml + ZWE_CLI_PARAMETER_CONFIG=${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}/.zowe-merged.yaml +else + print_error_and_exit "Error ZWEL0201E: File '${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}/.zowe-merged.yaml' does not exist." "" 201 +fi ############################### # read prefix and validate @@ -482,6 +486,6 @@ if [ -n "${zosmf_host}" -a "${verify_certificates}" = "STRICT" ]; then fi # cleanup temp file made at top. -if [ -n "$ZWE_PRIVATE_TMP_MERGED_YAML_DIR" ]; then +if [ -f "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}/.zowe-merged.yaml" ]; then rm "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}/.zowe-merged.yaml" fi diff --git a/bin/libs/common.sh b/bin/libs/common.sh index 404deb4857..582dda285a 100644 --- a/bin/libs/common.sh +++ b/bin/libs/common.sh @@ -123,7 +123,7 @@ print_error_and_exit() { exit_code=${3:-1} print_error "${message}" "${write_to}" - if [ -n "$ZWE_PRIVATE_TMP_MERGED_YAML_DIR" ]; then + if [ -f "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}/.zowe-merged.yaml" ]; then rm "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}/.zowe-merged.yaml" fi exit ${exit_code} diff --git a/schemas/zowe-yaml-schema.json b/schemas/zowe-yaml-schema.json index bd17532cd3..df7b978c92 100644 --- a/schemas/zowe-yaml-schema.json +++ b/schemas/zowe-yaml-schema.json @@ -197,7 +197,7 @@ "default": "local_ca_password" }, "lock": { - "type": [ "string", "null" ], + "type": [ "boolean", "null" ], "description": "Whether to restrict the permissions of the keystore after creation" }, "import": { From 1a55ec6fccd338bf05deb3c511176a8ed1dd5392 Mon Sep 17 00:00:00 2001 From: MarkAckert Date: Thu, 29 Aug 2024 13:04:10 -0400 Subject: [PATCH 249/258] add --generate flag, update ZWECONF config step to always generate Signed-off-by: MarkAckert --- bin/commands/init/apfauth/.examples | 1 + bin/commands/init/apfauth/.parameters | 1 + bin/commands/init/apfauth/index.ts | 7 +++++++ bin/commands/init/mvs/.examples | 1 + bin/commands/init/mvs/.parameters | 1 + bin/commands/init/mvs/index.ts | 7 +++++++ bin/commands/init/security/.examples | 1 + bin/commands/init/security/.parameters | 1 + bin/commands/init/security/index.ts | 9 +++++++++ bin/commands/init/stc/.examples | 1 + bin/commands/init/stc/.parameters | 1 + bin/commands/init/stc/index.ts | 9 ++++++++- bin/commands/init/vsam/.examples | 1 + bin/commands/init/vsam/.parameters | 1 + bin/commands/init/vsam/index.ts | 7 +++++++ workflows/files/ZWECONF.xml | 11 +++++++++-- 16 files changed, 57 insertions(+), 3 deletions(-) diff --git a/bin/commands/init/apfauth/.examples b/bin/commands/init/apfauth/.examples index ac9dc2c851..d404be28d6 100644 --- a/bin/commands/init/apfauth/.examples +++ b/bin/commands/init/apfauth/.examples @@ -1 +1,2 @@ zwe init apfauth --security-dry-run -c /path/to/zowe.yaml +zwe init apfauth --security-dry-run -c /path/to/zowe.yaml --generate diff --git a/bin/commands/init/apfauth/.parameters b/bin/commands/init/apfauth/.parameters index 56143b1254..a464df9bca 100644 --- a/bin/commands/init/apfauth/.parameters +++ b/bin/commands/init/apfauth/.parameters @@ -1 +1,2 @@ security-dry-run,dry-run||boolean|||||Whether to dry run security related setup. +generate||boolean|||||Whether to force rebuild of JCL prior to submission. Use this when you've changed zowe.yaml and are re-submitting this command. diff --git a/bin/commands/init/apfauth/index.ts b/bin/commands/init/apfauth/index.ts index 3b750245c9..b59fec789f 100644 --- a/bin/commands/init/apfauth/index.ts +++ b/bin/commands/init/apfauth/index.ts @@ -19,6 +19,7 @@ import * as fs from '../../../libs/fs'; import * as shell from '../../../libs/shell'; import * as stringlib from '../../../libs/string'; import * as xplatform from 'xplatform'; +import * as initGenerate from '../generate/index'; export function execute() { @@ -34,6 +35,12 @@ export function execute() { common.printErrorAndExit(`Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file.`, undefined, 157); } + // check if user passed --generate + const forceGen = !!std.getenv('ZWE_CLI_PARAMETER_GENERATE') + if (forceGen) { + initGenerate.execute(); + } + // read JCL library and validate const jcllib = zoslib.verifyGeneratedJcl(ZOWE_CONFIG); if (!jcllib) { diff --git a/bin/commands/init/mvs/.examples b/bin/commands/init/mvs/.examples index 880022a51f..991f767747 100644 --- a/bin/commands/init/mvs/.examples +++ b/bin/commands/init/mvs/.examples @@ -1 +1,2 @@ zwe init mvs -v -c /path/to/zowe.yaml +zwe init mvs -v -c /path/to/zowe.yaml --generate diff --git a/bin/commands/init/mvs/.parameters b/bin/commands/init/mvs/.parameters index e22daff5d3..70854b90ba 100644 --- a/bin/commands/init/mvs/.parameters +++ b/bin/commands/init/mvs/.parameters @@ -1,2 +1,3 @@ allow-overwrite,allow-overwritten||boolean|||||Allow overwritten existing MVS data set. dry-run||boolean|||||Generates and prints JCL but does not execute. +generate||boolean|||||Whether to force rebuild of JCL prior to submission. Use this when you've changed zowe.yaml and are re-submitting this command. diff --git a/bin/commands/init/mvs/index.ts b/bin/commands/init/mvs/index.ts index 8f3a6fe8d1..7c3a01ff9c 100644 --- a/bin/commands/init/mvs/index.ts +++ b/bin/commands/init/mvs/index.ts @@ -19,6 +19,7 @@ import * as zosdataset from '../../../libs/zos-dataset'; import * as common from '../../../libs/common'; import * as config from '../../../libs/config'; import * as stringlib from '../../../libs/string'; +import * as initGenerate from '../generate/index'; export function execute(allowOverwrite?: boolean) { common.printLevel1Message(`Initialize Zowe custom data sets`); @@ -32,6 +33,12 @@ export function execute(allowOverwrite?: boolean) { common.printErrorAndExit(`Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file.`, undefined, 157); } + // check if user passed --generate + const forceGen = !!std.getenv('ZWE_CLI_PARAMETER_GENERATE') + if (forceGen) { + initGenerate.execute(); + } + const jcllib = zoslib.verifyGeneratedJcl(ZOWE_CONFIG); if (!jcllib) { common.printErrorAndExit(`Error ZWEL0319E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command.`, undefined, 319); diff --git a/bin/commands/init/security/.examples b/bin/commands/init/security/.examples index d3800923c2..2e6dff24c5 100644 --- a/bin/commands/init/security/.examples +++ b/bin/commands/init/security/.examples @@ -1 +1,2 @@ zwe init security -v -c /path/to/zowe.yaml +zwe init security -v -c /path/to/zowe.yaml --generate diff --git a/bin/commands/init/security/.parameters b/bin/commands/init/security/.parameters index 3c654a9e5d..866971689f 100644 --- a/bin/commands/init/security/.parameters +++ b/bin/commands/init/security/.parameters @@ -1,2 +1,3 @@ security-dry-run,dry-run||boolean|||||Generates and prints JCL but does not execute. ignore-security-failures||boolean|||||Whether to ignore security setup job failures. +generate||boolean|||||Whether to force rebuild of JCL prior to submission. Use this when you've changed zowe.yaml and are re-submitting this command. diff --git a/bin/commands/init/security/index.ts b/bin/commands/init/security/index.ts index d3653fbfbb..7194eb8d2a 100644 --- a/bin/commands/init/security/index.ts +++ b/bin/commands/init/security/index.ts @@ -9,11 +9,13 @@ Copyright Contributors to the Zowe Project. */ +import * as std from 'cm_std'; import * as zos from 'zos'; import * as common from '../../../libs/common'; import * as config from '../../../libs/config'; import * as zoslib from '../../../libs/zos'; import * as zosJes from '../../../libs/zos-jes'; +import * as initGenerate from '../generate/index'; export function execute(dryRun?: boolean, ignoreSecurityFailures?: boolean) { common.printLevel1Message(`Run Zowe security configurations`); @@ -27,6 +29,13 @@ export function execute(dryRun?: boolean, ignoreSecurityFailures?: boolean) { if (!prefix) { common.printErrorAndExit(`Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file.`, undefined, 157); } + + // check if user passed --generate + const forceGen = !!std.getenv('ZWE_CLI_PARAMETER_GENERATE') + if (forceGen) { + initGenerate.execute(); + } + // read JCL library and validate const jcllib = zoslib.verifyGeneratedJcl(ZOWE_CONFIG); if (!jcllib) { diff --git a/bin/commands/init/stc/.examples b/bin/commands/init/stc/.examples index 154a3b890c..8ca7d6bd45 100644 --- a/bin/commands/init/stc/.examples +++ b/bin/commands/init/stc/.examples @@ -1 +1,2 @@ zwe init stc -v -c /path/to/zowe.yaml +zwe init stc -v -c /path/to/zowe.yaml --generate diff --git a/bin/commands/init/stc/.parameters b/bin/commands/init/stc/.parameters index e22daff5d3..70854b90ba 100644 --- a/bin/commands/init/stc/.parameters +++ b/bin/commands/init/stc/.parameters @@ -1,2 +1,3 @@ allow-overwrite,allow-overwritten||boolean|||||Allow overwritten existing MVS data set. dry-run||boolean|||||Generates and prints JCL but does not execute. +generate||boolean|||||Whether to force rebuild of JCL prior to submission. Use this when you've changed zowe.yaml and are re-submitting this command. diff --git a/bin/commands/init/stc/index.ts b/bin/commands/init/stc/index.ts index f7ee31eb21..7392398d1f 100644 --- a/bin/commands/init/stc/index.ts +++ b/bin/commands/init/stc/index.ts @@ -22,7 +22,7 @@ import * as config from '../../../libs/config'; import * as zoslib from '../../../libs/zos'; import * as zosJes from '../../../libs/zos-jes'; import * as zosdataset from '../../../libs/zos-dataset'; - +import * as initGenerate from '../generate/index'; export function execute(allowOverwrite: boolean = false) { @@ -47,6 +47,13 @@ export function execute(allowOverwrite: boolean = false) { if (!proclib) { common.printErrorAndExit(`Error ZWEL0157E: PROCLIB (zowe.setup.dataset.proclib) is not defined in Zowe YAML configuration file.`, undefined, 157); } + + // check if user passed --generate + const forceGen = !!std.getenv('ZWE_CLI_PARAMETER_GENERATE') + if (forceGen) { + initGenerate.execute(); + } + // read JCL library and validate const jcllib = zoslib.verifyGeneratedJcl(ZOWE_CONFIG); if (!jcllib) { diff --git a/bin/commands/init/vsam/.examples b/bin/commands/init/vsam/.examples index 2aec2da3f9..235b283682 100644 --- a/bin/commands/init/vsam/.examples +++ b/bin/commands/init/vsam/.examples @@ -1 +1,2 @@ zwe init vsam -v -c /path/to/zowe.yaml +zwe init vsam -v -c /path/to/zowe.yaml --generate diff --git a/bin/commands/init/vsam/.parameters b/bin/commands/init/vsam/.parameters index 604a1cc286..c96f09dc89 100644 --- a/bin/commands/init/vsam/.parameters +++ b/bin/commands/init/vsam/.parameters @@ -1,3 +1,4 @@ allow-overwrite,allow-overwritten||boolean|||||Allow overwritten existing MVS data set. dry-run||boolean|||||Generates and prints JCL but does not execute update-config||boolean|||||Whether to update YAML configuration for caching-service to match vsam name. +generate||boolean|||||Whether to force rebuild of JCL prior to submission. Use this when you've changed zowe.yaml and are re-submitting this command. diff --git a/bin/commands/init/vsam/index.ts b/bin/commands/init/vsam/index.ts index 72ea633a19..d5f2182b26 100644 --- a/bin/commands/init/vsam/index.ts +++ b/bin/commands/init/vsam/index.ts @@ -16,6 +16,7 @@ import * as zosJes from '../../../libs/zos-jes'; import * as zosDataset from '../../../libs/zos-dataset'; import * as common from '../../../libs/common'; import * as config from '../../../libs/config'; +import * as initGenerate from '../generate/index'; export function execute(allowOverwrite?: boolean, dryRun?: boolean, updateConfig?: boolean) { common.printLevel1Message(`Initialize Zowe custom data sets`); @@ -33,6 +34,12 @@ export function execute(allowOverwrite?: boolean, dryRun?: boolean, updateConfig return common.printErrorAndExit(`Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file.`, undefined, 157); } + // check if user passed --generate + const forceGen = !!std.getenv('ZWE_CLI_PARAMETER_GENERATE') + if (forceGen) { + initGenerate.execute(); + } + const jcllib = zoslib.verifyGeneratedJcl(ZOWE_CONFIG); if (!jcllib) { return common.printErrorAndExit(`Error ZWEL0319E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command.`, undefined, 319); diff --git a/workflows/files/ZWECONF.xml b/workflows/files/ZWECONF.xml index 183af7feb5..7dadd89d81 100644 --- a/workflows/files/ZWECONF.xml +++ b/workflows/files/ZWECONF.xml @@ -1565,9 +1565,10 @@ How we want to verify SSL certificates of services. Valid values are: - + Ensure that the values are correct.
- zowe.yaml file is created in the: ${instance-zowe_runtimeDirectory} directory

+ zowe.yaml file is created in the: ${instance-zowe_runtimeDirectory} directory
+ ${instance-zowe_setup_dataset_jcllib} is created.

NOTE: If you run this workflow outside of PSWI (SMP/E or convenience build), you might encounter a folder write permission issue.
To solve the issue, run the following command in USS:
chmod 775 ${instance-zowe_runtimeDirectory}
@@ -2415,6 +2416,12 @@ echo '# files-api:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo '# enabled: false' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo '# caching-service:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo '# enabled: false' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" + +export JAVA_HOME='${instance-java_home}' +export NODE_HOME='${instance-node_home}' +export PATH=$PATH:'${instance-zowe_runtimeDirectory}/bin' + +zwe init generate --allow-overwrite -c '${instance-zowe_runtimeDirectory}/zowe.yaml' ]]> shell-JCL 1024 From 9df5f67f4831074d43d58168045b2ae81ca9f165 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Wed, 4 Sep 2024 14:01:04 +0200 Subject: [PATCH 250/258] Set _auto_ for TSS (detect CA) Signed-off-by: Martin Zeithaml --- bin/commands/init/certificate/index.sh | 6 ++++-- bin/libs/zwecli.sh | 6 +++--- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/bin/commands/init/certificate/index.sh b/bin/commands/init/certificate/index.sh index c3e3fabbad..4982fa802d 100644 --- a/bin/commands/init/certificate/index.sh +++ b/bin/commands/init/certificate/index.sh @@ -210,8 +210,10 @@ else # JCE* content fi fi - if [ -z "${zosmf_ca}" -a "${security_product}" = "RACF" -a -n "${zosmf_host}" ]; then - zosmf_ca="_auto_" + if [ "${security_product}" = "RACF" -o "${security_product}" = "TSS" ]; then + if [ -z "${zosmf_ca}" -a -n "${zosmf_host}" ]; then + zosmf_ca="_auto_" + fi fi fi diff --git a/bin/libs/zwecli.sh b/bin/libs/zwecli.sh index 0131c5ff5b..2571be2015 100755 --- a/bin/libs/zwecli.sh +++ b/bin/libs/zwecli.sh @@ -273,7 +273,7 @@ EOF if [ -f "${command_path}/.help" ]; then echo "------------------" echo "Description" - padding_left "$(cat "${command_path}/.help")" " " + padding_left "$(sed 's/^```yaml$/```/g' "${command_path}/.help")" " " echo fi @@ -309,7 +309,7 @@ EOF # find sub-commands command_path=$(zwecli_calculate_command_path) subdirs=$(find_sub_directories "${command_path}") - if [ -n "${subdirs}" ]; then + if [ -n "${subdirs}" ]; then echo "------------------" echo "Available sub-command(s)" while read -r line; do @@ -326,7 +326,7 @@ EOF echo "Example(s)" padding_left "$(cat "${command_path}/.examples")" " " echo - fi + fi exit 100 fi } From 161266d3e8fdff6774fcf6c6f184cd1bf7ae53db Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Tue, 10 Sep 2024 14:58:25 +0200 Subject: [PATCH 251/258] safkeyring message update Signed-off-by: Martin Zeithaml --- bin/commands/init/certificate/index.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/commands/init/certificate/index.sh b/bin/commands/init/certificate/index.sh index 4982fa802d..20784615e0 100644 --- a/bin/commands/init/certificate/index.sh +++ b/bin/commands/init/certificate/index.sh @@ -412,12 +412,12 @@ else # JCE* content # should we clean up before creating new if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then # warning - print_message "Warning ZWEL0300W: Keyring \"safkeyring:///${keyring_owner}/${keyring_name}\" will be overwritten during configuration." + print_message "Warning ZWEL0300W: Keyring \"safkeyring:////${keyring_owner}/${keyring_name}\" will be overwritten during configuration." keyring_run_zwenokyr_jcl "${prefix}" "${jcllib}" "${security_product}" else # error - # print_error_and_exit "Error ZWEL0158E: Keyring \"safkeyring:///${keyring_owner}/${keyring_name}\" already exists." "" 158 + # print_error_and_exit "Error ZWEL0158E: Keyring \"safkeyring:////${keyring_owner}/${keyring_name}\" already exists." "" 158 fi keyring_run_zwekring_jcl "${prefix}" \ From 8df3053553580e5d83fb882633d2c417e9c3cad5 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Wed, 11 Sep 2024 10:37:31 +0200 Subject: [PATCH 252/258] Install update Signed-off-by: Martin Zeithaml --- files/SZWESAMP/ZWEINSTL | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/files/SZWESAMP/ZWEINSTL b/files/SZWESAMP/ZWEINSTL index 3a02863936..93bdb684a7 100644 --- a/files/SZWESAMP/ZWEINSTL +++ b/files/SZWESAMP/ZWEINSTL @@ -11,7 +11,7 @@ //* //********************************************************************* //* -//MKPDSE EXEC PGM=IKJEFT01 +//MKPDSE EXEC PGM=IKJEFT01,DYNAMNBR=4 //SYSTSPRT DD SYSOUT=A //SYSTSIN DD * ALLOC NEW DA('{zowe.setup.dataset.prefix}.SZWESAMP') + @@ -47,14 +47,11 @@ cp * "//'$ZWE_TMP_PREFIX.SZWELOAD'" && cd ../../components/launcher/bin && cp zowe_launcher "//'$ZWE_TMP_PREFIX.SZWEAUTH(ZWELNCH)'" && +cd ../samplib/ && +cp * "//'$ZWE_TMP_PREFIX.SZWESAMP'" && cd ../../zss/SAMPLIB && -cp ZWESIP00 ZWESISCH +cp ZWESASTC ZWESIP00 ZWESISCH ZWESISTC "//'$ZWE_TMP_PREFIX.SZWESAMP'" && -cp ZWESAUX - "//'$ZWE_TMP_PREFIX.SZWESAMP(ZWESASTC)'" && -cp ZWESIS01 - "//'$ZWE_TMP_PREFIX.SZWESAMP(ZWESISTC)'" && cd ../LOADLIB && -cp ZWESIS01 ZWESAUX ZWESISDL - "//'$ZWE_TMP_PREFIX.SZWEAUTH'" +cp * "//'$ZWE_TMP_PREFIX.SZWEAUTH'" /* \ No newline at end of file From 03f373b87a10885c0854241ae5cedb4e3b2cb9f6 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Wed, 18 Sep 2024 12:51:56 +0200 Subject: [PATCH 253/258] Small security process enhancement Signed-off-by: Martin Zeithaml --- bin/commands/init/security/index.ts | 2 +- example-zowe.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/bin/commands/init/security/index.ts b/bin/commands/init/security/index.ts index 7194eb8d2a..7ef09dc567 100644 --- a/bin/commands/init/security/index.ts +++ b/bin/commands/init/security/index.ts @@ -76,6 +76,6 @@ export function execute(dryRun?: boolean, ignoreSecurityFailures?: boolean) { common.printMessage(``); common.printMessage(`WARNING: Due to the limitation of the ZWEI${securityPrefix} job, exit with 0 does not mean`); common.printMessage(` the job is fully successful. Please check the job log to determine`); - common.printMessage(` if there are any inline errors.`); + common.printMessage(` if there are any messages indicating a problem.`); common.printMessage(``); } diff --git a/example-zowe.yaml b/example-zowe.yaml index f178ca3b6c..ebe8fd1271 100644 --- a/example-zowe.yaml +++ b/example-zowe.yaml @@ -205,6 +205,7 @@ zowe: # country: "CZ" # # Validity days for Zowe generated certificates # validity: 3650 + # # **COMMONLY_CUSTOMIZED** # # Domain names and IPs should be added into certificate SAN # # If this field is not defined, `zwe init` command will use # # `zowe.externalDomains`. From 2451e9326c84697dec819956c0419817a8e36e36 Mon Sep 17 00:00:00 2001 From: Martin Zeithaml Date: Wed, 18 Sep 2024 13:17:11 +0200 Subject: [PATCH 254/258] Help update Signed-off-by: Martin Zeithaml --- bin/commands/internal/config/output/.help | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/commands/internal/config/output/.help b/bin/commands/internal/config/output/.help index 9ab013c019..b78a8ad2be 100644 --- a/bin/commands/internal/config/output/.help +++ b/bin/commands/internal/config/output/.help @@ -1 +1 @@ -Outputs the merged YAML used at Zowe runtime into zowe.workspaceDirectory/.env/.zowe-merged.yaml +Outputs the merged YAML used at Zowe runtime into `zowe.workspaceDirectory/.env/.zowe-merged.yaml`. From fd77523752b86c74e25012fc03d8a687077c11da Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 25 Sep 2024 15:43:50 +0200 Subject: [PATCH 255/258] Updates for v3 Signed-off-by: 1000TurquoisePogs --- INSTALLATION.md | 39 +++++++++++---------------------------- 1 file changed, 11 insertions(+), 28 deletions(-) diff --git a/INSTALLATION.md b/INSTALLATION.md index 31603c3e39..5416bb3728 100644 --- a/INSTALLATION.md +++ b/INSTALLATION.md @@ -14,8 +14,6 @@ Table of contents: 2. [Configuration Concepts](#configuration-concepts) 2. [Distribution](#distribution) 3. [Installation of Runtime](#installation-of-runtime) - 1. [SMPE or PSWI](#smpe-or-pswi) - 2. [PAX](#pax) 4. [Configuration of Instance](#configuration-of-instance) 1. [Configuration by JCL](#configuration-by-jcl) 1. [Core Tasks](#core-tasks) @@ -119,7 +117,6 @@ When the JCL is prepared, the following jobs can be submitted to perform the fol |Create Instance Datasets|**Purpose:** Create datasets for Zowe's PARMLIB content and non-ZFS extension content for a given Zowe Instance

**Action:**
1) Allocate PDSE FB80 dataset with at least 15 tracks named from Zowe parameter `zowe.setup.dataset.parmlib`
2) Allocate PDSE FB80 dataset with at least 30 tracks named from Zowe parameter `zowe.setup.dataset.authPluginLib`
3) Copy ZWESIP00 member from `zowe.setup.dataset.prefix`.SZWESAMP into `zowe.setup.dataset.parmlib`|[ZWEIMVS](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIMVS)| |APF Authorize privileged content|**Purpose:** Zowe contains one privileged component, ZIS, which enables the security model by which the majority of Zowe is unprivileged and in key 8. The load library for the ZIS component and its extension library must be set APF authorized and run in key 4 to use ZIS and components that depend upon it.

**Action:**
1) APF authorize the datasets defined at `zowe.setup.dataset.authLoadlib` and `zowe.setup.dataset.authPluginLib`.
2) Define PPT entries for the members ZWESIS01 and ZWESAUX as Key 4, NOSWAP in the SCHEDxx member of the system PARMLIB.|[ZWEIAPF](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIAPF)| |Grant SAF permissions|The STC accounts for Zowe need permissions for operating servers, and users need permissions for interacting with the servers.

**Action:** [Set SAF permissions for accounts](https://docs.zowe.org/stable/user-guide/assign-security-permissions-to-users#security-permissions-reference-table)|RACF: [ZWEIRAC](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIRAC)

TSS: [ZWEITSS](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEITSS)

ACF2: [ZWEIACF](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/SZWIACF)| -|(z/OS v2.4 ONLY) Create Zowe SAF Resource Class|This is not needed on z/OS v2.5+. On z/OS v2.4, the SAF resource class for Zowe is not included, and must be created|RACF: [ZWEIRACZ](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIRACZ)

TSS: [ZWEITSSZ](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEITSSZ)

ACF2: [ZWEIACFZ](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIACFZ)| |Copy STC JCL to PROCLIB|**Purpose**: ZWESLSTC is the job for running Zowe's webservers, and ZWESISTC is for running the APF authorized cross-memory server. The ZWESASTC job is started by ZWESISTC on an as-needed basis.

**Action**: Copy the members ZWESLSTC, ZWESISTC, and ZWESASTC into your desired PROCLIB. If the job names are customized, also modify the YAML values of them in `zowe.setup.security.stcs`|[ZWEISTC](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEISTC)| @@ -157,15 +154,6 @@ If you would like Zowe to create a keyring instead, you can do one of these thre |3|Zowe will create a keyring and populate it by importing PKCS12 content from a dataset that you specify.|RACF: [ZWEIKRR3](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRR3)

TSS: [ZWEIKRT3](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRT3)

ACF2: [ZWEIKRA3](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRA3)| -#### (Optional) Caching Service VSAM Task: ---- -If you plan to use the Zowe caching service Component, such as for high availability and fault tolerance reasons, then you must choose a form of database for it to use. -Among the choices is for it to use a VSAM dataset of your choice. - -|Task|Description|Sample JCL| -|---|---|---| -|Create VSAM Dataset for Caching Service|**Action**: Create a RLS or NONRLS dataset for the caching service, and set the name into the YAML value `components.caching-service.storage.vsam.name`|[ZWECSVSM](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWECSVSM)| - JCL samples for removing Zowe configuration also exist. |Action|Sample JCL| |---|---| @@ -238,15 +226,6 @@ To instead have Zowe create a keystore or keyring for you, run `zwe init certifi |5|Zowe will create a keyring and populate it by importing PKCS12 content from a dataset that you specify.| - -#### (Optional) Caching Service VSAM Configuration: -If you plan to use the Zowe caching service Component, such as for high availability and fault tolerance reasons, then you must choose a form of database for it to use. -Among the choices is for it to use a VSAM dataset of your choice. - -|Task|Description|Sample JCL|Doc| -|---|---|---|---| -|Create VSAM Dataset for Caching Service|Creates a RLS or NONRLS dataset for the caching service using the YAML values in `zowe.setup.vsam`|`zwe init vsam`|[Doc](https://docs.zowe.org/stable/appendix/zwe_server_command_reference/zwe/init/zwe-init-vsam)| -


@@ -262,14 +241,17 @@ The following lists the default ports of each server of Zowe that is enabled by These are customized within the YAML at `components..port`, such as `components.zss.port` to customize the ZSS port. -|Component|Component Category|TCP Port|Job Suffix|Log Suffix|Note| +|Component|Component Category|TCP Port|Job Name|Log Suffix|Note| |---|---|---|---|---|---| -|api-catalog|API Mediation Layer|7552|AC|AAC|Provides API documentation| -|discovery|API Mediation Layer|7553|AD|ADS|Used by the gateway to discover presence and health each server in a Zowe instance for routing| -|gateway|API Mediation Layer|7554|AG|AGW|When enabled, the port chosen should also be the value of `zowe.externalPort`. Zowe can be configured to have this port as the only externally-accessible port as the gateway can proxy the other Zowe servers.| -|caching-service|API Mediation Layer|7555|CS|ACS|Provides a cache for high-availability/fault-tolerant operation| -|app-server|App Framework|7556|DS|D|Provides the Desktop, requires NodeJS| -|zss|App Framework|7557|SZ|SZ|Provides APIs| +|api-catalog|API Mediation Layer|7552|ZWE1AC|AAC|Provides API documentation| +|discovery|API Mediation Layer|7553|ZWE1AD|ADS|Used by the gateway to discover presence and health each server in a Zowe instance for routing| +|gateway|API Mediation Layer|7554|ZWE1AG|AGW|When enabled, the port chosen should also be the value of `zowe.externalPort`. Zowe can be configured to have this port as the only externally-accessible port as the gateway can proxy the other Zowe servers.| +|caching-service|API Mediation Layer|7555|ZWE1CS|ACS|Provides a cache for high-availability/fault-tolerant operation| +|app-server|App Framework|7556|ZWE1DS|D|Provides the Desktop, requires NodeJS| +|zss|App Framework|7557|ZWE1SZ|SZ|Provides APIs| +|zaas|API Mediation Layer|7558|ZWE1AZ|AZ|Provides security APIs| + +Note that the Job name prefix ZWE1 can be modified via the YAML property `zowe.job.prefix`. Zowe also has a property, `zowe.externalPort` that describes where clients should connect to access Zowe. This must match the gateway port when the gateway is enabled. When it isn't, this port should match the primary server of Zowe that you are using. @@ -288,6 +270,7 @@ When `zowe.job.prefix` is "ZWE1", An example of port reservations with a fixed I 7555 TCP ZWE1CS BIND 10.11.12.13 ; Zowe Caching Service 7556 TCP ZWE1DS BIND 10.11.12.13 ; Zowe App Server 7557 TCP ZWE1SZ BIND 10.11.12.13 ; Zowe ZSS + 7558 TCP ZWE1AZ BIND 10.11.12.13 ; Zowe ZAAS ``` ### TLS configuration From 84b342e8e14cb4da872d263a915177c6291b7538 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 25 Sep 2024 15:44:12 +0200 Subject: [PATCH 256/258] Update INSTALLATION.md Signed-off-by: 1000TurquoisePogs --- INSTALLATION.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/INSTALLATION.md b/INSTALLATION.md index 5416bb3728..0e36f74dbf 100644 --- a/INSTALLATION.md +++ b/INSTALLATION.md @@ -18,10 +18,8 @@ Table of contents: 1. [Configuration by JCL](#configuration-by-jcl) 1. [Core Tasks](#core-tasks) 2. [Keyring Tasks](#keyring-tasks) - 3. [(Optional) Caching Service VSAM Task](#optional-caching-service-vsam-task) 2. [Configuration by zwe](#configuration-by-zwe) 1. [Keystore or Keyring Configuration](#keystore-or-keyring-configuration) - 2. [(Optional) Caching Service VSAM Configuration](#optional-caching-service-vsam-configuration) 5. [Networking](#networking) 1. [Ports](#ports) 2. [IP Addresses](#ip-addresses) From 7ddeafc163b9488e193d85f34a4bfe82a90d87be Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 27 Sep 2024 22:03:05 +0200 Subject: [PATCH 257/258] Update INSTALLATION.md with details blocks Signed-off-by: 1000TurquoisePogs --- INSTALLATION.md | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/INSTALLATION.md b/INSTALLATION.md index 0e36f74dbf..244dc38740 100644 --- a/INSTALLATION.md +++ b/INSTALLATION.md @@ -19,7 +19,6 @@ Table of contents: 1. [Core Tasks](#core-tasks) 2. [Keyring Tasks](#keyring-tasks) 2. [Configuration by zwe](#configuration-by-zwe) - 1. [Keystore or Keyring Configuration](#keystore-or-keyring-configuration) 5. [Networking](#networking) 1. [Ports](#ports) 2. [IP Addresses](#ip-addresses) @@ -143,14 +142,17 @@ zowe: password: "password" #literally "password". keyrings do not use passwords, so this is a placeholder. ``` -If you would like Zowe to create a keyring instead, you can do one of these three tasks: +
+
+If you would like Zowe to create a keyring instead, click here for options |Keyring Setup Type|Description|Sample JCL| |---|---|---| |1|Zowe will create a keyring and populate it with a newly generated certificate and certificate authority. The certificate would be seen as "self-signed" by clients unless import of the CA to clients is performed|RACF: [ZWEIKRR1](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRR1)

TSS: [ZWEIKRT1](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRT1)

ACF2: [ZWEIKRA1](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRA1)| |2|Zowe will create a keyring and populate it by connecting pre-existing certificates and CAs that you specify.|RACF: [ZWEIKRR2](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRR2)

TSS: [ZWEIKRT2](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRT2)

ACF2: [ZWEIKRA2](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRA2)| |3|Zowe will create a keyring and populate it by importing PKCS12 content from a dataset that you specify.|RACF: [ZWEIKRR3](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRR3)

TSS: [ZWEIKRT3](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRT3)

ACF2: [ZWEIKRA3](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRA3)| - +
+
JCL samples for removing Zowe configuration also exist. |Action|Sample JCL| @@ -175,6 +177,11 @@ Each command reads configuration properties from the Zowe YAML files, and combin The commands resolve the JCL sample templates into usable JCL within the dataset defined by YAML value `zowe.setup.dataset.jcllib`. Before each command runs, it will print the JCL that it is submitting. +Using `zwe init` is an alternative to using the JCL samples from the previous section. + +
+Click here to read about configuring via zwe instead of JCL samples + Every `zwe init` command also has a `--dry-run` option which validates the configuration, prints the JCL, but does not submit it. This allows you to review the actions before performing them with the appropriate administrator. @@ -213,7 +220,9 @@ zowe: password: "password" #literally "password". keyrings do not use passwords, so this is a placeholder. ``` -To instead have Zowe create a keystore or keyring for you, run `zwe init certificate` for one of the options below. +
+
+To instead have Zowe create a keystore or keyring for you, click here for running `zwe init certificate`. |Certificate scenario|Description| |---|---| @@ -222,7 +231,8 @@ To instead have Zowe create a keystore or keyring for you, run `zwe init certifi |3|Zowe will create a keyring and populate it with a newly generated certificate and certificate authority. The certificate would be seen as "self-signed" by clients unless import of the CA to clients is performed| |4|Zowe will create a keyring and populate it by connecting pre-existing certificates and CAs that you specify.| |5|Zowe will create a keyring and populate it by importing PKCS12 content from a dataset that you specify.| - +
+


From 04b4d33ec375c1e26c56ac56e84c81ee7d690dda Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 27 Sep 2024 22:04:39 +0200 Subject: [PATCH 258/258] Bold collapsed sections Signed-off-by: 1000TurquoisePogs --- INSTALLATION.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/INSTALLATION.md b/INSTALLATION.md index 244dc38740..d3a3b6df38 100644 --- a/INSTALLATION.md +++ b/INSTALLATION.md @@ -144,7 +144,7 @@ zowe:
-If you would like Zowe to create a keyring instead, click here for options +If you would like Zowe to create a keyring instead, click here for options |Keyring Setup Type|Description|Sample JCL| |---|---|---| @@ -180,7 +180,7 @@ Before each command runs, it will print the JCL that it is submitting. Using `zwe init` is an alternative to using the JCL samples from the previous section.
-Click here to read about configuring via zwe instead of JCL samples +Click here to read about configuring via zwe instead of JCL samples Every `zwe init` command also has a `--dry-run` option which validates the configuration, prints the JCL, but does not submit it. This allows you to review the actions before performing them with the appropriate administrator. @@ -222,7 +222,7 @@ zowe:
-To instead have Zowe create a keystore or keyring for you, click here for running `zwe init certificate`. +To instead have Zowe create a keystore or keyring for you, click here for running `zwe init certificate`. |Certificate scenario|Description| |---|---|