diff --git a/INSTALLATION.md b/INSTALLATION.md new file mode 100644 index 0000000000..d3a3b6df38 --- /dev/null +++ b/INSTALLATION.md @@ -0,0 +1,329 @@ +# Installing Zowe Server Components on z/OS + +Within the Zowe project, there exists several components for both client and server, z/OS and PC. +Among them are the Zowe servers; Software that is run usually on z/OS, though some of these servers may also be capable of running in linux environment such as in containers. + +This document covers installation and configuration of Zowe's core server components on z/OS. + +**Note: This document is meant as a quick-start guide. Advanced topics of configuration, including networking, are not covered here, but instead can be found on [docs.zowe.org](https://docs.zowe.org)** + +Table of contents: + +1. [Concepts](#concepts) + 1. [Installation Concepts](#installation-concepts) + 2. [Configuration Concepts](#configuration-concepts) +2. [Distribution](#distribution) +3. [Installation of Runtime](#installation-of-runtime) +4. [Configuration of Instance](#configuration-of-instance) + 1. [Configuration by JCL](#configuration-by-jcl) + 1. [Core Tasks](#core-tasks) + 2. [Keyring Tasks](#keyring-tasks) + 2. [Configuration by zwe](#configuration-by-zwe) +5. [Networking](#networking) + 1. [Ports](#ports) + 2. [IP Addresses](#ip-addresses) + 3. [TLS Configuration](#tls-configuration) +6. [References](#references) + + +## Concepts + +Familiarize yourself with these core concepts of the Zowe servers, which are referenced during installation and configuration. + +### Installation Concepts +Runtime: The read-only content that comprises a version of Zowe. + +**Instance**: A collection of configuration and persistent data for Zowe that uses a particular Runtime. + +**HA Instance**: An optional subset of an Instance which varies its configuration for redundant copies of Zowe components across one or more LPARs for high availability and fault tolerance. + +**Component**: A unit of software that is managed by Zowe's launcher and has a folder structure that allows Zowe's tools to manage it. Components may contain a webserver or an extension to another component. + +**Extension**: A component which is not part of the Zowe core server Components. This could be an extension from the Zowe project, or from a 3rd party. Extensions do not exist in the Runtime directory. They are instead linked to Zowe via the Extension directory. + +**Keystore**: Zowe has several HTTPS servers which require certificates to function. You can store these certificates in a Keyring, or in a ZFS Keystore directory in the form of PKCS12 files. + +### Configuration Concepts +**Zowe YAML File**: Each Instance is configured by a YAML document composed of one or more unix file or PDSE member. It can be as simple as a "zowe.yaml" unix file, or ZWEYAML parmlib member, or advanced configuration can be accomplished by splitting configuration across multiple such files. This allows for defaults and customizations, splitting the configuration by administrative duty, or even splitting the configuration by core configuration versus extension configuration. + +**Schema**: The YAML file is backed by a Schema, found within `runtimeDirectory/schemas` ([link](https://github.com/zowe/zowe-install-packaging/tree/v2.x/staging/schemas)). Whenever Zowe starts up, or when most `zwe` commands are used, Zowe will check that the YAML file is valid before executing the requested operation, to reduce chance of misconfiguration. The schema also details advanced configuration parameters that may not be needed in basic installs. + +**Configuration Templates**: Each YAML file can contain values that have templates within in the form of `${{ item }}` where the item within can be a reference to another property in the YAML, an environment variable, system symbol, or even simple conditional logic of them. This allows you to have configuration that works across multiple systems, such as by tying a hostname to `${{ zos.resolveSymbol('&SYSNAME') }}` to have the value be whatever the SYSNAME symbol is on a given LPAR.
([examples](https://github.com/zowe/docs-site/blob/c09f2a0763fa7c2925dc01489e89a71ba7b62fec/docs/images/configure/templating.png)) + +**Workspace**: Each Instance has an area where Components can store data to persist across Zowe restarts or IPLs. Runtime state should instead be stored in the Caching Service component if high availability and fault tolerance is a concern, whereas the workspace instead covers items like user preferences. + +## Distribution + +The Zowe server components are distributed in multiple forms, such as SMPE, PSWI, and even PAX archive. You can find Zowe's official distributions at [zowe.org](https://www.zowe.org/download) + +## Installation of Runtime + +The following covers installation when not using the Zowe Server Install Wizard. When using that instead, please refer to the prompts within it instead of this guide. + +### SMPE or PSWI +1. When you install Zowe via SMPE or PSWI, the Runtime directory and datasets will be populated. +2. Navigate to the Runtime Directory and copy the [`example-zowe.yaml`](https://github.com/zowe/zowe-install-packaging/blob/v3.x/master/example-zowe.yaml) file to a location outside this folder, generally wherever you want to put the Zowe Instance. +3. Edit the YAML copy to set the values of `zowe.runtimeDirectory`, `java.home`, `node.home`, and `zowe.setup.dataset`, as follows + 1. `zowe.runtimeDirectory`: The location you extracted the PAX to. + 2. `java.home`: The location of the Java that will be used when installing & running Zowe. For example, if your java is located at /usr/lpp/java/J8.0_64/bin/java, then the java.home is /usr/lpp/java/J8.0_64 + 3. `node.home`: The location of the NodeJS that will be used when installing & running ZOwe. For example, if your node is located at /usr/lpp/node/v18/bin/node, then the java.home is /usr/lpp/node/v18 + 4. `zowe.setup.dataset`: This section defines where both Runtime and Instance datasets of Zowe will be created. + + +### PAX +1. Extract the PAX on some ZFS partition on z/OS (For example, `pax -ppx -rf zowe.pax`). At least 1200MB of free space is required. The location you extract to is the "Runtime Directory" +2. Navigate to the Runtime Directory and copy the [`example-zowe.yaml`](https://github.com/zowe/zowe-install-packaging/blob/v3.x/master/example-zowe.yaml) file to a location outside this folder, generally wherever you want to put the Zowe Instance. +3. Edit the YAML copy to set the values of `zowe.runtimeDirectory`, `java.home`, `node.home`, and `zowe.setup.dataset`, as follows + 1. `zowe.runtimeDirectory`: The location you extracted the PAX to. + 2. `java.home`: The location of the Java that will be used when installing & running Zowe. For example, if your java is located at /usr/lpp/java/J8.0_64/bin/java, then the java.home is /usr/lpp/java/J8.0_64 + 3. `node.home`: The location of the NodeJS that will be used when installing & running ZOwe. For example, if your node is located at /usr/lpp/node/v18/bin/node, then the java.home is /usr/lpp/node/v18 + 4. `zowe.setup.dataset`: This section defines where both Runtime and Instance datasets of Zowe will be created. +5. Navigate to the `/bin` folder of the extracted location +6. Run `./zwe install -c /path/to/zowe.yaml`. This creates the Runtime datasets for the Zowe release. + + + +## Configuration of Instance + +The following covers configuration when not using the Zowe Server Install Wizard. When using that instead, please refer to the prompts within it instead of this guide. +Aside from the Zowe Server Install Wizard, there are three other ways to configure a Zowe Instance. +1. **JCL samples**: The Zowe Runtime dataset SZWESAMP contains templates of JCL that must be substituted with Zowe YAML parameters before executed. That can be done manually, or automatically via editing and submitting the job ZWEGENER, which will place resolved JCL into the PDSE defined at `zowe.setup.dataset.jcllib` +2. **zwe operations**: `zwe` is a Unix CLI program that has commands which will automate the execution of the JCL samples. +3. **z/OSMF workflow**: The z/OSMF workflows will prompt you for Zowe YAML parameters before submitting jobs equivalent to the actions seen in the JCL samples. + +
+
+
+
+
+ +### Configuration by JCL +--- +The Zowe Runtime Dataset `SZWESAMP` contains JCL samples that have templates referencing Zowe YAML parameters. +They cannot be submitted without modification as a result. + +It is recommended to edit and submit the job SZWESAMP([ZWEGENER](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEGENER)) which will validate the contents of your Zowe YAML before resolving the JCL templates and placing the resulting JCL into a separate PDSE created during installation, located at the value of `zowe.setup.dataset.jcllib`. + +When the JCL is prepared, the following jobs can be submitted to perform the following Instance configuration actions: + +#### Core Tasks +--- + +|Task|Description|Sample JCL| +|---|---|---| +|Create Instance Datasets|**Purpose:** Create datasets for Zowe's PARMLIB content and non-ZFS extension content for a given Zowe Instance

**Action:**
1) Allocate PDSE FB80 dataset with at least 15 tracks named from Zowe parameter `zowe.setup.dataset.parmlib`
2) Allocate PDSE FB80 dataset with at least 30 tracks named from Zowe parameter `zowe.setup.dataset.authPluginLib`
3) Copy ZWESIP00 member from `zowe.setup.dataset.prefix`.SZWESAMP into `zowe.setup.dataset.parmlib`|[ZWEIMVS](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIMVS)| +|APF Authorize privileged content|**Purpose:** Zowe contains one privileged component, ZIS, which enables the security model by which the majority of Zowe is unprivileged and in key 8. The load library for the ZIS component and its extension library must be set APF authorized and run in key 4 to use ZIS and components that depend upon it.

**Action:**
1) APF authorize the datasets defined at `zowe.setup.dataset.authLoadlib` and `zowe.setup.dataset.authPluginLib`.
2) Define PPT entries for the members ZWESIS01 and ZWESAUX as Key 4, NOSWAP in the SCHEDxx member of the system PARMLIB.|[ZWEIAPF](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIAPF)| +|Grant SAF permissions|The STC accounts for Zowe need permissions for operating servers, and users need permissions for interacting with the servers.

**Action:** [Set SAF permissions for accounts](https://docs.zowe.org/stable/user-guide/assign-security-permissions-to-users#security-permissions-reference-table)|RACF: [ZWEIRAC](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIRAC)

TSS: [ZWEITSS](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEITSS)

ACF2: [ZWEIACF](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/SZWIACF)| +|Copy STC JCL to PROCLIB|**Purpose**: ZWESLSTC is the job for running Zowe's webservers, and ZWESISTC is for running the APF authorized cross-memory server. The ZWESASTC job is started by ZWESISTC on an as-needed basis.

**Action**: Copy the members ZWESLSTC, ZWESISTC, and ZWESASTC into your desired PROCLIB. If the job names are customized, also modify the YAML values of them in `zowe.setup.security.stcs`|[ZWEISTC](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEISTC)| + + +#### Keyring Tasks +--- + +**Certificate requirements**: Zowe's keyring must have the following +* **Private key & certificate pair**: The Zowe Servers will use this certificate, and it must either not have the "Extended Key Usage" attribute, or have it with both "Server Authorization" and "Client Authorization" values. +* **Certificate Authorities**: Every intermediate and root Certificate Authority (CA) Zowe interacts with must be within the Keyring, unless the YAML value `zowe.verifyCertificates` is set to `DISABLED`. CAs that must be within the keyring include z/OSMF's CAs if using z/OSMF, and Zowe's own certificate's CAs as Zowe servers must be able to verify each other. + +There are 4 options for setting up keyrings: Three scenarios covered by JCL samples where a keyring is created for you, or a fourth where you can bring your own keyring. + +If you already have a keyring that meets the requirements, you can configure Zowe to use it by configuring Zowe YAML values within `zowe.certificate` as follows: + +```yaml +zowe: + certificate: + keystore: + type: JCERACFKS + file: "safkeyring:///" + alias: "" + password: "password" #literally "password". keyrings do not use passwords, so this is a placeholder. + truststore: + type: JCERACFKS + file: "safkeyring:///" + password: "password" #literally "password". keyrings do not use passwords, so this is a placeholder. +``` + +
+
+If you would like Zowe to create a keyring instead, click here for options + +|Keyring Setup Type|Description|Sample JCL| +|---|---|---| +|1|Zowe will create a keyring and populate it with a newly generated certificate and certificate authority. The certificate would be seen as "self-signed" by clients unless import of the CA to clients is performed|RACF: [ZWEIKRR1](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRR1)

TSS: [ZWEIKRT1](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRT1)

ACF2: [ZWEIKRA1](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRA1)| +|2|Zowe will create a keyring and populate it by connecting pre-existing certificates and CAs that you specify.|RACF: [ZWEIKRR2](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRR2)

TSS: [ZWEIKRT2](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRT2)

ACF2: [ZWEIKRA2](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRA2)| +|3|Zowe will create a keyring and populate it by importing PKCS12 content from a dataset that you specify.|RACF: [ZWEIKRR3](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRR3)

TSS: [ZWEIKRT3](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRT3)

ACF2: [ZWEIKRA3](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWEIKRA3)| +
+
+ +JCL samples for removing Zowe configuration also exist. +|Action|Sample JCL| +|---|---| +|Remove Instance Datasets|[ZWERMVS](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWERMVS)| +|Remove SAF Permissions|[ZWENOSEC](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWENOSEC)| +|Remove Keyring|[ZWENOKR](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWENOKR)| +|Remove Caching Service VSAM Dataset|[ZWECSRVS](https://github.com/zowe/zowe-install-packaging/tree/feature/v3/jcl/files/SZWESAMP/ZWECSRVS)| + +
+
+
+
+
+ +### Configuration by zwe +--- + +`zwe` is a unix tool located in the `/bin` directory of Zowe. +If you type `zwe init --help`, you will see each configuration command that is available. +Each command reads configuration properties from the Zowe YAML files, and combines that with the JCL samples from the SZWESAMP dataset. +The commands resolve the JCL sample templates into usable JCL within the dataset defined by YAML value `zowe.setup.dataset.jcllib`. +Before each command runs, it will print the JCL that it is submitting. + +Using `zwe init` is an alternative to using the JCL samples from the previous section. + +
+Click here to read about configuring via zwe instead of JCL samples + +Every `zwe init` command also has a `--dry-run` option which validates the configuration, prints the JCL, but does not submit it. +This allows you to review the actions before performing them with the appropriate administrator. + +The following commands can be run to set up a Zowe Instance via `zwe` + +|Task|Description|Command|Doc| +|---|---|---|---| +|Create Instance Datasets|Creates datasets for holding PARMLIB content and non-ZFS Extension content that is particular to one Zowe instance|`zwe init mvs`|[Doc](https://docs.zowe.org/stable/appendix/zwe_server_command_reference/zwe/init/zwe-init-mvs)| +|APF Authorize privileged content|Zowe contains one privileged component, ZIS, which enables the security model by which the majority of Zowe is unprivileged and in key 8. The load library for the ZIS component (SZWEAUTH, or customized via YAML value `zowe.setup.dataset.authLoadlib`) and its extension library (The value value `zowe.setup.dataset.authPluginLib`) must be set APF authorized and run in key 4 to use ZIS and components that depend upon it|`zwe init apfauth`|[Doc](https://docs.zowe.org/stable/appendix/zwe_server_command_reference/zwe/init/zwe-init-apfauth)| +|Grant SAF permissions|The STC accounts for Zowe need permissions for operating servers, and users need permissions for interacting with the servers.|`zwe init security`|[Doc](https://docs.zowe.org/stable/appendix/zwe_server_command_reference/zwe/init/zwe-init-security)| +|Copy STC JCL to PROCLIB|The jobs for starting the Zowe webservers, ZWESLSTC, and the Zowe APF authorized cross-memory server, ZWESISTC, and its auxiliary address space, ZWESASTC, must be copied to the desired proclib for running. The YAML value `zowe.setup.dataset.proclib` defines where these members will be placed. The names of the members can be customized with YAML value `zowe.setup.security.stcs`|`zwe init stc`|[Doc](https://docs.zowe.org/stable/appendix/zwe_server_command_reference/zwe/init/zwe-init-stc)| + + +#### Keystore or Keyring Configuration +--- + +**Certificate requirements**: Zowe's keystore or keyring must have the following +* **Private key & certificate pair**: The Zowe Servers will use this certificate, and it must either not have the "Extended Key Usage" attribute, or have it with both "Server Authorization" and "Client Authorization" values. +* **Certificate Authorities**: Every intermediate and root Certificate Authority (CA) Zowe interacts with must be within the Keyring, unless the YAML value `zowe.verifyCertificates` is set to `DISABLED`. CAs that must be within the keyring include z/OSMF's CAs if using z/OSMF, and Zowe's own certificate's CAs as Zowe servers must be able to verify each other. + +There are 6 scenarios for setting up certificates for Zowe to use. There are five scenarios in the YAML to have Zowe create a ZFS PKCS12 keystore, or z/OS keyring, and an additional sixth option to bring your own keyring. + +Zowe can use a keyring provided by you as long as the contents meet Zowe's requirements and configure YAML values within `zowe.certificate` as follows: + +```yaml +zowe: + certificate: + keystore: + type: JCERACFKS + file: "safkeyring:///" + alias: "" + password: "password" #literally "password". keyrings do not use passwords, so this is a placeholder. + truststore: + type: JCERACFKS + file: "safkeyring:///" + password: "password" #literally "password". keyrings do not use passwords, so this is a placeholder. +``` + +
+
+To instead have Zowe create a keystore or keyring for you, click here for running `zwe init certificate`. + +|Certificate scenario|Description| +|---|---| +|1|Zowe will create a ZFS keystore and populate it with newly generated PKCS12 certificate and certificate authority files. The certificate would be seen as "self-signed" by clients unless import of the CA to clients is performed| +|2|Zowe will create a ZFS keystore and populate it with PKCS12 certificate and certificate authority content that you provide.| +|3|Zowe will create a keyring and populate it with a newly generated certificate and certificate authority. The certificate would be seen as "self-signed" by clients unless import of the CA to clients is performed| +|4|Zowe will create a keyring and populate it by connecting pre-existing certificates and CAs that you specify.| +|5|Zowe will create a keyring and populate it by importing PKCS12 content from a dataset that you specify.| +
+
+ +
+
+
+
+
+ +## Networking + +Most of Zowe's servers are HTTPS servers that communicate with each other and to a client off the mainframe. This section covers the default behaviors and how to customize them. + +### Ports +The following lists the default ports of each server of Zowe that is enabled by default. + +These are customized within the YAML at `components..port`, such as `components.zss.port` to customize the ZSS port. + +|Component|Component Category|TCP Port|Job Name|Log Suffix|Note| +|---|---|---|---|---|---| +|api-catalog|API Mediation Layer|7552|ZWE1AC|AAC|Provides API documentation| +|discovery|API Mediation Layer|7553|ZWE1AD|ADS|Used by the gateway to discover presence and health each server in a Zowe instance for routing| +|gateway|API Mediation Layer|7554|ZWE1AG|AGW|When enabled, the port chosen should also be the value of `zowe.externalPort`. Zowe can be configured to have this port as the only externally-accessible port as the gateway can proxy the other Zowe servers.| +|caching-service|API Mediation Layer|7555|ZWE1CS|ACS|Provides a cache for high-availability/fault-tolerant operation| +|app-server|App Framework|7556|ZWE1DS|D|Provides the Desktop, requires NodeJS| +|zss|App Framework|7557|ZWE1SZ|SZ|Provides APIs| +|zaas|API Mediation Layer|7558|ZWE1AZ|AZ|Provides security APIs| + +Note that the Job name prefix ZWE1 can be modified via the YAML property `zowe.job.prefix`. + +Zowe also has a property, `zowe.externalPort` that describes where clients should connect to access Zowe. This must match the gateway port when the gateway is enabled. When it isn't, this port should match the primary server of Zowe that you are using. + +### IP Addresses +These servers by default use the TCP IP address `0.0.0.0` which assigns the servers to be available on all network interfaces available to the jobs. + +If this default is not desired, it is recommended to use [TCPIP port assignment statements](https://www.ibm.com/docs/en/zos/2.4.0?topic=assignments-profiletcpip-port) to restrict the IP & ports of each server by their jobnames. +The jobnames of each Zowe component is derived from the property `zowe.job.prefix` + ``, where the suffix is seen in the port table above. + +When `zowe.job.prefix` is "ZWE1", An example of port reservations with a fixed IP of "10.11.12.13" could be: + +``` + 7552 TCP ZWE1AC BIND 10.11.12.13 ; Zowe API Catalog + 7553 TCP ZWE1AD BIND 10.11.12.13 ; Zowe Discovery + 7554 TCP ZWE1AG BIND 10.11.12.13 ; Zowe Gateway + 7555 TCP ZWE1CS BIND 10.11.12.13 ; Zowe Caching Service + 7556 TCP ZWE1DS BIND 10.11.12.13 ; Zowe App Server + 7557 TCP ZWE1SZ BIND 10.11.12.13 ; Zowe ZSS + 7558 TCP ZWE1AZ BIND 10.11.12.13 ; Zowe ZAAS +``` + +### TLS configuration + +**Not all components support this yet.** + +Some components can have their TLS settings customized with the attribute `zowe.networkSettings`. + +This configuration can also be put under a component that supports it via `components..zowe.networkSettings` such as `components.zss.zowe.networkSettings` for ZSS. + +The configuration splits between server configuration (configuration of TLS for content the server sends content) and client configuration (configuration of TLS for when the server requests content from another server) + +```yaml +zowe: + network: + server: + listenAddresses: + - 0.0.0.0 # Can be an ipv4, ipv6, or hostname value. + tls: + ciphers: # is a list of IANA-named ciphers that overrides defaults. + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_CHACHA20_POLY1305_SHA256 + maxTls: "TLSv1.3" # Can be 1.2 or 1.3 + minTls: "TLSv1.2" # Can be 1.2 or 1.3 + client: + tls: "${{ zowe.network.server.tls }}" # this is a configmgr template which assigns the client config to the server config for convenience. +``` + +
+
+
+
+
+ + +## References + +To learn about the requirements and prerequisites of Zowe, review https://docs.zowe.org/stable/user-guide/systemrequirements-zos + +To learn more about YAML and how Zowe uses it, review https://docs.zowe.org/stable/appendix/zowe-yaml-configuration + +To learn more about advanced YAML configuration, review https://docs.zowe.org/stable/user-guide/configmgr-using/ + +To learn more about certificates, review https://docs.zowe.org/stable/user-guide/configure-certificates + +To learn more about which SAF resources Zowe and its users need, review https://docs.zowe.org/stable/user-guide/assign-security-permissions-to-users + +To learn more about using z/OSMF workflows for setup, review https://docs.zowe.org/stable/user-guide/zosmf-install diff --git a/README.md b/README.md index d6e491fd59..ef3549e658 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,8 @@ This repository includes Zowe installation script and pipelines to build Zowe. +If you are looking for a Zowe server installation guide, check out [docs.zowe.org](https://docs.zowe.org) or [INSTALLATION.md](https://github.com/zowe/zowe-install-packaging/blob/feature/v3/jcl/INSTALLATION.md) + - [Branches](#branches) - [Manifest File](#manifest-file) - [General information](#general-information) diff --git a/bin/commands/certificate/.examples b/bin/commands/certificate/.examples index 8bbffda262..47961df6d7 100644 --- a/bin/commands/certificate/.examples +++ b/bin/commands/certificate/.examples @@ -1,3 +1 @@ -zwe certificate keyring-jcl clean --dataset-prefix my-dataset-prefix --jcllib my-jcllib --security-dry-run --keyring-owner my-keyring-owner --keyring-name my-keyring-name -a certificate-alias -ca ca-alias - zwe certificate verify-service --host service-hostname --port service-port diff --git a/bin/commands/certificate/keyring-jcl/.examples b/bin/commands/certificate/keyring-jcl/.examples deleted file mode 100644 index ffda4b8d9b..0000000000 --- a/bin/commands/certificate/keyring-jcl/.examples +++ /dev/null @@ -1,3 +0,0 @@ -zwe certificate keyring-jcl clean --dataset-prefix my-dataset-prefix --jcllib my-jcllib --security-dry-run --keyring-owner my-keyring-owner --keyring-name my-keyring-name -a certificate-alias -ca ca-alias - -zwe certificate keyring-jcl connect --dataset-prefix my-dataset-prefix --jcllib my-jcllib --security-dry-run --keyring-owner my-keyring-owner --keyring-name my-keyring-name --connect-user cert-owner --connect-label cert-label diff --git a/bin/commands/certificate/keyring-jcl/.help b/bin/commands/certificate/keyring-jcl/.help deleted file mode 100644 index bd0aa74d74..0000000000 --- a/bin/commands/certificate/keyring-jcl/.help +++ /dev/null @@ -1 +0,0 @@ -Manage z/OS Keyring with JCL. diff --git a/bin/commands/certificate/keyring-jcl/clean/.errors b/bin/commands/certificate/keyring-jcl/clean/.errors deleted file mode 100644 index 3fb2da7665..0000000000 --- a/bin/commands/certificate/keyring-jcl/clean/.errors +++ /dev/null @@ -1 +0,0 @@ -ZWEL0176E|176|Failed to clean up Zowe keyring "%s". diff --git a/bin/commands/certificate/keyring-jcl/clean/.examples b/bin/commands/certificate/keyring-jcl/clean/.examples deleted file mode 100644 index 12b82ea995..0000000000 --- a/bin/commands/certificate/keyring-jcl/clean/.examples +++ /dev/null @@ -1 +0,0 @@ -zwe certificate keyring-jcl clean --dataset-prefix my-dataset-prefix --jcllib my-jcllib --security-dry-run --keyring-owner my-keyring-owner --keyring-name my-keyring-name -a certificate-alias -ca ca-alias diff --git a/bin/commands/certificate/keyring-jcl/clean/.help b/bin/commands/certificate/keyring-jcl/clean/.help deleted file mode 100644 index 1277a96b7f..0000000000 --- a/bin/commands/certificate/keyring-jcl/clean/.help +++ /dev/null @@ -1 +0,0 @@ -Remove Zowe keyring. diff --git a/bin/commands/certificate/keyring-jcl/clean/.parameters b/bin/commands/certificate/keyring-jcl/clean/.parameters deleted file mode 100644 index cd0d2f0bf0..0000000000 --- a/bin/commands/certificate/keyring-jcl/clean/.parameters +++ /dev/null @@ -1,9 +0,0 @@ -dataset-prefix,ds-prefix||string|required||||Dataset prefix where Zowe is installed. -jcllib||string|required||||JCLLIB data set name where the JCL will be placed. -security-dry-run||boolean|||||Whether to dry run security related setup. -security-product||string||RACF|||Security product. Can be a value of RACF, ACF2 or TSS. -keyring-owner||string|required||||Owner of the keyring. -keyring-name||string|required||||Name of the keyring. -alias|a|string|required|localhost|||Certificate alias name. -ca-alias|ca|string|required|localca|||Certificate authority alias name. -ignore-security-failures||boolean|||||Whether to ignore security setup job failures. diff --git a/bin/commands/certificate/keyring-jcl/clean/index.sh b/bin/commands/certificate/keyring-jcl/clean/index.sh deleted file mode 100644 index 33c7715e9b..0000000000 --- a/bin/commands/certificate/keyring-jcl/clean/index.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/sh - -####################################################################### -# This program and the accompanying materials are made available -# under the terms of the Eclipse Public License v2.0 which -# accompanies this distribution, and is available at -# https://www.eclipse.org/legal/epl-v20.html -# -# SPDX-License-Identifier: EPL-2.0 -# -# Copyright Contributors to the Zowe Project. -####################################################################### - -print_level1_message "Remove Zowe keyring" - -############################### -# constants & variables -job_has_failures= - -############################### -# validation - -############################### -# run ZWENOKYR JCL -keyring_run_zwenokyr_jcl \ - "${ZWE_CLI_PARAMETER_DATASET_PREFIX}" \ - "${ZWE_CLI_PARAMETER_JCLLIB}" \ - "${ZWE_CLI_PARAMETER_KEYRING_OWNER}" \ - "${ZWE_CLI_PARAMETER_KEYRING_NAME}" \ - "${ZWE_CLI_PARAMETER_ALIAS}" \ - "${ZWE_CLI_PARAMETER_CA_ALIAS}" \ - "${ZWE_CLI_PARAMETER_SECURITY_PRODUCT}" -if [ $? -ne 0 ]; then - job_has_failures=true - if [ "${ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES}" = "true" ]; then - print_error "Error ZWEL0176E: Failed to clean up Zowe keyring \"${ZWE_CLI_PARAMETER_KEYRING_OWNER}/${ZWE_CLI_PARAMETER_KEYRING_NAME}\"." - else - print_error_and_exit "Error ZWEL0176E: Failed to clean up Zowe keyring \"${ZWE_CLI_PARAMETER_KEYRING_OWNER}/${ZWE_CLI_PARAMETER_KEYRING_NAME}\"." "" 176 - fi -fi - -############################### -# exit message -if [ "${job_has_failures}" = "true" ]; then - print_level2_message "Failed to remove Zowe keyring. Please check job log for details." -else - print_level2_message "Zowe keyring is removed successfully." -fi diff --git a/bin/commands/certificate/keyring-jcl/connect/.errors b/bin/commands/certificate/keyring-jcl/connect/.errors deleted file mode 100644 index 149f5cdcd7..0000000000 --- a/bin/commands/certificate/keyring-jcl/connect/.errors +++ /dev/null @@ -1 +0,0 @@ -ZWEL0175E|175|Failed to connect existing certificate to Zowe keyring "%s". diff --git a/bin/commands/certificate/keyring-jcl/connect/.examples b/bin/commands/certificate/keyring-jcl/connect/.examples deleted file mode 100644 index 75ec5078f8..0000000000 --- a/bin/commands/certificate/keyring-jcl/connect/.examples +++ /dev/null @@ -1 +0,0 @@ -zwe certificate keyring-jcl connect --dataset-prefix my-dataset-prefix --jcllib my-jcllib --security-dry-run --keyring-owner my-keyring-owner --keyring-name my-keyring-name --connect-user cert-owner --connect-label cert-label diff --git a/bin/commands/certificate/keyring-jcl/connect/.help b/bin/commands/certificate/keyring-jcl/connect/.help deleted file mode 100644 index 7b3f1cb35c..0000000000 --- a/bin/commands/certificate/keyring-jcl/connect/.help +++ /dev/null @@ -1 +0,0 @@ -Connect existing certificate to Zowe keyring. diff --git a/bin/commands/certificate/keyring-jcl/connect/.parameters b/bin/commands/certificate/keyring-jcl/connect/.parameters deleted file mode 100644 index 1160a03958..0000000000 --- a/bin/commands/certificate/keyring-jcl/connect/.parameters +++ /dev/null @@ -1,13 +0,0 @@ -dataset-prefix,ds-prefix||string|required||||Dataset prefix where Zowe is installed. -jcllib||string|required||||JCLLIB data set name where the JCL will be placed. -security-dry-run||boolean|||||Whether to dry run security related setup. -security-product||string||RACF|||Security product. Can be a value of RACF, ACF2 or TSS. -keyring-owner||string|required||||Owner of the keyring. -keyring-name||string|required||||Name of the keyring. -trust-cas||string|||||Labels of extra certificate authorities should be trusted, separated by comma (Maximum 2). -connect-user||string|required||||Certificate owner. Can be `SITE` or a user ID. -connect-label||string|required||||Certificate label to connect. -trust-zosmf||boolean|||||Whether to trust z/OSMF CA. -zosmf-ca||string||_auto_|||Labels of z/OSMF root certificate authorities. Specify `_auto_` to let Zowe to detect automatically. This works for RACF and TSS. -zosmf-user||string||IZUSVR|||z/OSMF user name. This is used to automatically detect z/OSMF root certificate authorities. -ignore-security-failures||boolean|||||Whether to ignore security setup job failures. diff --git a/bin/commands/certificate/keyring-jcl/connect/index.sh b/bin/commands/certificate/keyring-jcl/connect/index.sh deleted file mode 100644 index 86fbaa028b..0000000000 --- a/bin/commands/certificate/keyring-jcl/connect/index.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/sh - -####################################################################### -# This program and the accompanying materials are made available -# under the terms of the Eclipse Public License v2.0 which -# accompanies this distribution, and is available at -# https://www.eclipse.org/legal/epl-v20.html -# -# SPDX-License-Identifier: EPL-2.0 -# -# Copyright Contributors to the Zowe Project. -####################################################################### - -print_level1_message "Connect existing certificate to Zowe keyring" - -############################### -# constants & variables -job_has_failures= - -############################### -# validation - -############################### -# run ZWEKRING JCL -ZWE_PRIVATE_ZOSMF_USER="${ZWE_CLI_PARAMETER_ZOSMF_USER}" \ - keyring_run_zwekring_jcl \ - "${ZWE_CLI_PARAMETER_DATASET_PREFIX}" \ - "${ZWE_CLI_PARAMETER_JCLLIB}" \ - 2 \ - "${ZWE_CLI_PARAMETER_KEYRING_OWNER}" \ - "${ZWE_CLI_PARAMETER_KEYRING_NAME}" \ - "" \ - "" \ - "" \ - "${ZWE_CLI_PARAMETER_TRUST_CAS}" \ - "${ZWE_CLI_PARAMETER_TRUST_ZOSMF}" \ - "${ZWE_CLI_PARAMETER_ZOSMF_CA}" \ - "${ZWE_CLI_PARAMETER_CONNECT_USER}" \ - "${ZWE_CLI_PARAMETER_CONNECT_LABEL}" \ - "" \ - "" \ - "" \ - "${ZWE_CLI_PARAMETER_SECURITY_PRODUCT}" -if [ $? -ne 0 ]; then - job_has_failures=true - if [ "${ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES}" = "true" ]; then - print_error "Error ZWEL0175E: Failed to connect existing certificate to Zowe keyring \"${ZWE_CLI_PARAMETER_KEYRING_OWNER}/${ZWE_CLI_PARAMETER_KEYRING_NAME}\"." - else - print_error_and_exit "Error ZWEL0175E: Failed to connect existing certificate to Zowe keyring \"${ZWE_CLI_PARAMETER_KEYRING_OWNER}/${ZWE_CLI_PARAMETER_KEYRING_NAME}\"." "" 175 - fi -fi - -############################### -# exit message -if [ "${job_has_failures}" = "true" ]; then - print_level2_message "Failed to connect existing certificate to Zowe keyring. Please check job log for details." -else - print_level2_message "Certificate is connected to Zowe keyring successfully." -fi diff --git a/bin/commands/certificate/keyring-jcl/generate/.errors b/bin/commands/certificate/keyring-jcl/generate/.errors deleted file mode 100644 index 6c902d7f5b..0000000000 --- a/bin/commands/certificate/keyring-jcl/generate/.errors +++ /dev/null @@ -1 +0,0 @@ -ZWEL0174E|174|Failed to generate certificate in Zowe keyring "%s". diff --git a/bin/commands/certificate/keyring-jcl/generate/.examples b/bin/commands/certificate/keyring-jcl/generate/.examples deleted file mode 100644 index b7dcd586c7..0000000000 --- a/bin/commands/certificate/keyring-jcl/generate/.examples +++ /dev/null @@ -1 +0,0 @@ -zwe certificate keyring-jcl generate --dataset-prefix my-dataset-prefix --jcllib my-jcllib --security-dry-run --keyring-owner my-keyring-owner --keyring-name my-keyring-name -d my-domain -a certificate-alias -ca ca-alias diff --git a/bin/commands/certificate/keyring-jcl/generate/.help b/bin/commands/certificate/keyring-jcl/generate/.help deleted file mode 100644 index 09a593039e..0000000000 --- a/bin/commands/certificate/keyring-jcl/generate/.help +++ /dev/null @@ -1 +0,0 @@ -Generate new set of certificate in Zowe keyring. diff --git a/bin/commands/certificate/keyring-jcl/generate/.parameters b/bin/commands/certificate/keyring-jcl/generate/.parameters deleted file mode 100644 index 5a16628783..0000000000 --- a/bin/commands/certificate/keyring-jcl/generate/.parameters +++ /dev/null @@ -1,21 +0,0 @@ -dataset-prefix,ds-prefix||string|required||||Dataset prefix where Zowe is installed. -jcllib||string|required||||JCLLIB data set name where the JCL will be placed. -security-dry-run||boolean|||||Whether to dry run security related setup. -security-product||string||RACF|||Security product. Can be a value of RACF, ACF2 or TSS. -keyring-owner||string|required||||Owner of the keyring. -keyring-name||string|required||||Name of the keyring. -domains|d|string|required||||Domain and IP for the certificate separated by comma. (Please note RACDCERT is limited to only have one domain and one IP.) -alias|a|string|required|localhost|||Certificate alias name. -ca-alias|ca|string|required|localca|||Certificate authority alias name. -common-name|cn|string|||||Common name of certificate and certificate authority. -org-unit||string|||||Organization unit of certificate and certificate authority. -org||string|||||Organization of certificate and certificate authority. -locality||string|||||Locality of certificate and certificate authority. -state||string|||||State of certificate and certificate authority. -country||string|||||Country of certificate and certificate authority. -validity||string|||||Validity days of certificate. -trust-cas||string|||||Labels of extra certificate authorities should be trusted, separated by comma (Maximum 2). -trust-zosmf||boolean|||||Whether to trust z/OSMF CA. -zosmf-ca||string||_auto_|||Labels of z/OSMF root certificate authorities. Specify `_auto_` to let Zowe to detect automatically. This works for RACF and TSS. -zosmf-user||string||IZUSVR|||z/OSMF user name. This is used to automatically detect z/OSMF root certificate authorities. -ignore-security-failures||boolean|||||Whether to ignore security setup job failures. diff --git a/bin/commands/certificate/keyring-jcl/generate/index.sh b/bin/commands/certificate/keyring-jcl/generate/index.sh deleted file mode 100644 index f1290e0c86..0000000000 --- a/bin/commands/certificate/keyring-jcl/generate/index.sh +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/sh - -####################################################################### -# This program and the accompanying materials are made available -# under the terms of the Eclipse Public License v2.0 which -# accompanies this distribution, and is available at -# https://www.eclipse.org/legal/epl-v20.html -# -# SPDX-License-Identifier: EPL-2.0 -# -# Copyright Contributors to the Zowe Project. -####################################################################### - -print_level1_message "Generate Zowe certificate in keyring" - -############################### -# constants & variables -job_has_failures= - -############################### -# validation - -############################### -# run ZWEKRING JCL -ZWE_PRIVATE_CERTIFICATE_CA_ORG_UNIT="${ZWE_CLI_PARAMETER_ORG_UNIT}" \ - ZWE_PRIVATE_CERTIFICATE_CA_ORG="${ZWE_CLI_PARAMETER_ORG}" \ - ZWE_PRIVATE_CERTIFICATE_CA_LOCALITY="${ZWE_CLI_PARAMETER_LOCALITY}" \ - ZWE_PRIVATE_CERTIFICATE_CA_STATE="${ZWE_CLI_PARAMETER_STATE}" \ - ZWE_PRIVATE_CERTIFICATE_CA_COUNTRY="${ZWE_CLI_PARAMETER_COUNTRY}" \ - ZWE_PRIVATE_CERTIFICATE_CA_VALIDITY="${ZWE_CLI_PARAMETER_VALIDITY}" \ - ZWE_PRIVATE_ZOSMF_USER="${ZWE_CLI_PARAMETER_ZOSMF_USER}" \ - keyring_run_zwekring_jcl \ - "${ZWE_CLI_PARAMETER_DATASET_PREFIX}" \ - "${ZWE_CLI_PARAMETER_JCLLIB}" \ - 1 \ - "${ZWE_CLI_PARAMETER_KEYRING_OWNER}" \ - "${ZWE_CLI_PARAMETER_KEYRING_NAME}" \ - "${ZWE_CLI_PARAMETER_DOMAINS}" \ - "${ZWE_CLI_PARAMETER_ALIAS}" \ - "${ZWE_CLI_PARAMETER_CA_ALIAS}" \ - "${ZWE_CLI_PARAMETER_TRUST_CAS}" \ - "${ZWE_CLI_PARAMETER_TRUST_ZOSMF}" \ - "${ZWE_CLI_PARAMETER_ZOSMF_CA}" \ - "" \ - "" \ - "" \ - "" \ - "${ZWE_CLI_PARAMETER_VALIDITY}" \ - "${ZWE_CLI_PARAMETER_SECURITY_PRODUCT}" -if [ $? -ne 0 ]; then - job_has_failures=true - if [ "${ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES}" = "true" ]; then - print_error "Error ZWEL0174E: Failed to generate certificate in Zowe keyring \"${ZWE_CLI_PARAMETER_KEYRING_OWNER}/${ZWE_CLI_PARAMETER_KEYRING_NAME}\"." - else - print_error_and_exit "Error ZWEL0174E: Failed to generate certificate in Zowe keyring \"${ZWE_CLI_PARAMETER_KEYRING_OWNER}/${ZWE_CLI_PARAMETER_KEYRING_NAME}\"." "" 174 - fi -fi - -############################### -# exit message -if [ "${job_has_failures}" = "true" ]; then - print_level2_message "Failed to generate certificate to Zowe keyring. Please check job log for details." -else - print_level2_message "Certificate is generated in keyring successfully." -fi diff --git a/bin/commands/certificate/keyring-jcl/import-ds/.errors b/bin/commands/certificate/keyring-jcl/import-ds/.errors deleted file mode 100644 index baec706241..0000000000 --- a/bin/commands/certificate/keyring-jcl/import-ds/.errors +++ /dev/null @@ -1 +0,0 @@ -ZWEL0173E|173|Failed to import certificate to Zowe keyring "%s". diff --git a/bin/commands/certificate/keyring-jcl/import-ds/.examples b/bin/commands/certificate/keyring-jcl/import-ds/.examples deleted file mode 100644 index 82be8a3546..0000000000 --- a/bin/commands/certificate/keyring-jcl/import-ds/.examples +++ /dev/null @@ -1 +0,0 @@ -zwe certificate keyring-jcl import-ds --dataset-prefix my-dataset-prefix --jcllib my-jcllib --security-dry-run --keyring-owner my-keyring-owner --keyring-name my-keyring-name -a certificate-alias --import-ds-name my-ds-name --import-ds-password my-ds-password diff --git a/bin/commands/certificate/keyring-jcl/import-ds/.help b/bin/commands/certificate/keyring-jcl/import-ds/.help deleted file mode 100644 index 663e244500..0000000000 --- a/bin/commands/certificate/keyring-jcl/import-ds/.help +++ /dev/null @@ -1 +0,0 @@ -Import certificate stored in MVS data set into Zowe keyring. diff --git a/bin/commands/certificate/keyring-jcl/import-ds/.parameters b/bin/commands/certificate/keyring-jcl/import-ds/.parameters deleted file mode 100644 index 801991dcce..0000000000 --- a/bin/commands/certificate/keyring-jcl/import-ds/.parameters +++ /dev/null @@ -1,14 +0,0 @@ -dataset-prefix,ds-prefix||string|required||||Dataset prefix where Zowe is installed. -jcllib||string|required||||JCLLIB data set name where the JCL will be placed. -security-dry-run||boolean|||||Whether to dry run security related setup. -security-product||string||RACF|||Security product. Can be a value of RACF, ACF2 or TSS. -keyring-owner||string|required||||Owner of the keyring. -keyring-name||string|required||||Name of the keyring. -alias|a|string|required|localhost|||Certificate alias name. -trust-cas||string|||||Labels of extra certificate authorities should be trusted, separated by comma (Maximum 2). -trust-zosmf||boolean|||||Whether to trust z/OSMF CA. -zosmf-ca||string||_auto_|||Labels of z/OSMF root certificate authorities. Specify `_auto_` to let Zowe to detect automatically. This works for RACF and TSS. -zosmf-user||string||IZUSVR|||z/OSMF user name. This is used to automatically detect z/OSMF root certificate authorities. -import-ds-name||string|required||||Name of the data set holds certificate to import into keyring. -import-ds-password||string|required||||Password of the data set holds certificate to import. -ignore-security-failures||boolean|||||Whether to ignore security setup job failures. diff --git a/bin/commands/certificate/keyring-jcl/import-ds/index.sh b/bin/commands/certificate/keyring-jcl/import-ds/index.sh deleted file mode 100644 index e4d5f62dd6..0000000000 --- a/bin/commands/certificate/keyring-jcl/import-ds/index.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/sh - -####################################################################### -# This program and the accompanying materials are made available -# under the terms of the Eclipse Public License v2.0 which -# accompanies this distribution, and is available at -# https://www.eclipse.org/legal/epl-v20.html -# -# SPDX-License-Identifier: EPL-2.0 -# -# Copyright Contributors to the Zowe Project. -####################################################################### - -print_level1_message "Import certificate to Zowe keyring" - -############################### -# constants & variables -job_has_failures= - -############################### -# validation - -############################### -# run ZWEKRING JCL -ZWE_PRIVATE_ZOSMF_USER="${ZWE_CLI_PARAMETER_ZOSMF_USER}" \ - keyring_run_zwekring_jcl \ - "${ZWE_CLI_PARAMETER_DATASET_PREFIX}" \ - "${ZWE_CLI_PARAMETER_JCLLIB}" \ - 3 \ - "${ZWE_CLI_PARAMETER_KEYRING_OWNER}" \ - "${ZWE_CLI_PARAMETER_KEYRING_NAME}" \ - "" \ - "${ZWE_CLI_PARAMETER_ALIAS}" \ - "" \ - "${ZWE_CLI_PARAMETER_TRUST_CAS}" \ - "${ZWE_CLI_PARAMETER_TRUST_ZOSMF}" \ - "${ZWE_CLI_PARAMETER_ZOSMF_CA}" \ - "" \ - "" \ - "${ZWE_CLI_PARAMETER_IMPORT_DS_NAME}" \ - "${ZWE_CLI_PARAMETER_IMPORT_DS_PASSWORD}" \ - "" \ - "${ZWE_CLI_PARAMETER_SECURITY_PRODUCT}" -if [ $? -ne 0 ]; then - job_has_failures=true - if [ "${ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES}" = "true" ]; then - print_error "Error ZWEL0173E: Failed to import certificate to Zowe keyring \"${ZWE_CLI_PARAMETER_KEYRING_OWNER}/${ZWE_CLI_PARAMETER_KEYRING_NAME}\"." - else - print_error_and_exit "Error ZWEL0173E: Failed to import certificate to Zowe keyring \"${ZWE_CLI_PARAMETER_KEYRING_OWNER}/${ZWE_CLI_PARAMETER_KEYRING_NAME}\"." "" 173 - fi -fi - -############################### -# exit message -if [ "${job_has_failures}" = "true" ]; then - print_level2_message "Failed to import certificate to Zowe keyring. Please check job log for details." -else - print_level2_message "Certificate is imported to Zowe keyring successfully." -fi diff --git a/bin/commands/init/.help b/bin/commands/init/.help index 94f2d87621..6124314d0f 100644 --- a/bin/commands/init/.help +++ b/bin/commands/init/.help @@ -1,9 +1,10 @@ Init Zowe instance based on zowe.yaml configuration. -You can find an example zowe.yaml in Zowe runtime directory folder. +You can find an `example-zowe.yaml` in Zowe runtime directory folder. This command will run these sub-commands in sequence: +- `zwe init generate` - `zwe init mvs` - `zwe init vsam` - `zwe init apfauth` @@ -11,6 +12,43 @@ This command will run these sub-commands in sequence: - `zwe init certificate` - `zwe init stc` +If you pass `--dry-run` with this command, each subcommand will print out the +JCL that it would submit, without doing the submission. This can be used to +review what Zowe would do before doing it. + +The following are the JCL submitted by each command as needed + +- `zwe init mvs` + - ZWEIMVS + - (If `--allow-overwrite` specified and old datasets exist) ZWERMVS + - (If `zowe.setup.dataset.authLoadLib` is not named prefix + ZWELOAD) ZWEIMVS2 + - (If above is true, and the dataset exists, and `--allow-overwrite` is set) ZWERMVS2 +- `zwe init vsam` + - ZWECSVSM + - (If `--allow-overwrite` specified and old datasets exist) ZWECSRVS +- `zwe init apfauth` + - ZWEIAPF2 +- `zwe init security` + - (If RACF) ZWEIRAC + - (If RACF and z/OS 2.4) ZWIRACZ + - (If TSS) ZWEITSS + - (If TSS and z/OS 2.4) ZWITSSZ + - (If ACF2) ZWEIACF + - (If ACF2 and z/OS 2.4) ZWIACFZ +- `zwe init certificate` + - (If creating keyring and certificate for RACF) ZWEIKRR1 + - (If creating keyring and connecting certificate for RACF) ZWEIKRR2 + - (If creating keyring and importing certificate for RACF) ZWEIKRR3 + - (If creating keyring and certificate for TSS) ZWEIKRR1 + - (If creating keyring and connecting certificate for TSS) ZWEIKRT2 + - (If creating keyring and importing certificate for TSS) ZWEIKRT3 + - (If creating keyring and certificate for ACF2) ZWEIKRA1 + - (If creating keyring and connecting certificate for ACF2) ZWEIKRA2 + - (If creating keyring and importing certificate for ACF2) ZWEIKRA3 +- `zwe init stc` + - ZWEISTC + - (If `--allow-overwrite` specified and old members exist) ZWERSTC + If you pass `--skip-security-setup` with this command, `zwe init apfauth` and `zwe init security` steps will be skipped. @@ -213,13 +251,13 @@ components: Zowe the label of existing certificate. - If `zowe.verifyCertificates` is not `DISABLED`, and z/OSMF host (`zOSMF.host`) is provided, Zowe will try to trust z/OSMF certificate. - * If you are using `RACF` security manager, Zowe will try to automatically - detect the z/OSMF CA based on certificate owner specified by + * If you are using `RACF` or `TSS` security manager, Zowe will try to + automatically detect the z/OSMF CA based on certificate owner specified by `zowe.setup.certificate.keyring.zOSMF.user`. Default value of this field is `IZUSVR`. If the automatic detection failed, you will need to define `zowe.setup.certificate.keyring.zOSMF.ca` indicates what is the label of z/OSMF root certificate authority. - * If you are using `ACF2` or `TSS` (Top Secret) security manager, + * If you are using `ACF2` security manager, `zowe.setup.certificate.keyring.zOSMF.ca` is required to indicates what is the label of z/OSMF root certificate authority. diff --git a/bin/commands/init/.parameters b/bin/commands/init/.parameters index 4d40f0b1c9..a903a71c35 100644 --- a/bin/commands/init/.parameters +++ b/bin/commands/init/.parameters @@ -1,5 +1,5 @@ allow-overwrite,allow-overwritten||boolean|||||Allow overwritten existing MVS data set. skip-security-setup||boolean|||||Whether should skip security related setup. -security-dry-run||boolean|||||Whether to dry run security related setup. +security-dry-run,dry-run||boolean|||||Whether to dry run security related setup. ignore-security-failures||boolean|||||Whether to ignore security setup job failures. update-config||boolean|||||Whether to update YAML configuration file with initialization result. diff --git a/bin/commands/init/apfauth/.errors b/bin/commands/init/apfauth/.errors index 8011cb8960..cf0c1d2030 100644 --- a/bin/commands/init/apfauth/.errors +++ b/bin/commands/init/apfauth/.errors @@ -1 +1,2 @@ ZWEL0157E|157|%s (%s) is not defined in Zowe YAML configuration file. +ZWEL0319E|319|zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command. diff --git a/bin/commands/init/apfauth/.examples b/bin/commands/init/apfauth/.examples index ac9dc2c851..d404be28d6 100644 --- a/bin/commands/init/apfauth/.examples +++ b/bin/commands/init/apfauth/.examples @@ -1 +1,2 @@ zwe init apfauth --security-dry-run -c /path/to/zowe.yaml +zwe init apfauth --security-dry-run -c /path/to/zowe.yaml --generate diff --git a/bin/commands/init/apfauth/.parameters b/bin/commands/init/apfauth/.parameters index 62b1a05778..a464df9bca 100644 --- a/bin/commands/init/apfauth/.parameters +++ b/bin/commands/init/apfauth/.parameters @@ -1,2 +1,2 @@ -security-dry-run||boolean|||||Whether to dry run security related setup. -ignore-security-failures||boolean|||||Whether to ignore security setup job failures. +security-dry-run,dry-run||boolean|||||Whether to dry run security related setup. +generate||boolean|||||Whether to force rebuild of JCL prior to submission. Use this when you've changed zowe.yaml and are re-submitting this command. diff --git a/bin/commands/init/apfauth/cli.ts b/bin/commands/init/apfauth/cli.ts new file mode 100644 index 0000000000..62cbc0c09b --- /dev/null +++ b/bin/commands/init/apfauth/cli.ts @@ -0,0 +1,19 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as index from './index'; +import * as configmgr from '../../../libs/configmgr'; +import * as common from '../../../libs/common'; + +index.execute(); + +configmgr.cleanupTempDir(); +common.finishLogFile(); diff --git a/bin/commands/init/apfauth/index.sh b/bin/commands/init/apfauth/index.sh index d248cbb904..581636ffd5 100644 --- a/bin/commands/init/apfauth/index.sh +++ b/bin/commands/init/apfauth/index.sh @@ -11,55 +11,9 @@ # Copyright Contributors to the Zowe Project. ####################################################################### -print_level1_message "APF authorize load libraries" - -############################### -# constants -auth_libs="authLoadlib authPluginLib" - -############################### -# validation -require_zowe_yaml - -# read prefix and validate -prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") -if [ -z "${prefix}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 +if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then + # user-facing command, use tmpdir to not mess up workspace permissions + export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi +_CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/apfauth/cli.js" -############################### -# APF authorize loadlib -job_has_failures= -for key in ${auth_libs}; do - # read def and validate - ds=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.${key}") - if [ -z "${ds}" ]; then - # authLoadlib can be empty - if [ "${key}" = "authLoadlib" ]; then - ds="${prefix}.${ZWE_PRIVATE_DS_SZWEAUTH}" - else - print_error_and_exit "Error ZWEL0157E: ${name} (zowe.setup.dataset.${key}) is not defined in Zowe YAML configuration file." "" 157 - fi - fi - - print_message "APF authorize ${ds}" - apf_authorize_data_set "${ds}" - code=$? - if [ $code -ne 0 ]; then - if [ "${ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES}" = "true" ]; then - job_has_failures=true - else - exit $code - fi - else - print_debug "- APF authorized successfully." - fi -done - -############################### -# exit message -if [ "${job_has_failures}" = "true" ]; then - print_level2_message "Failed to APF authorize Zowe load libraries. Please check log for details." -else - print_level2_message "Zowe load libraries are APF authorized successfully." -fi diff --git a/bin/commands/init/apfauth/index.ts b/bin/commands/init/apfauth/index.ts new file mode 100644 index 0000000000..b59fec789f --- /dev/null +++ b/bin/commands/init/apfauth/index.ts @@ -0,0 +1,105 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as std from 'cm_std'; +import * as zosJes from '../../../libs/zos-jes'; +import * as zosDs from '../../../libs/zos-dataset'; +import * as zoslib from '../../../libs/zos'; +import * as common from '../../../libs/common'; +import * as config from '../../../libs/config'; +import * as fs from '../../../libs/fs'; +import * as shell from '../../../libs/shell'; +import * as stringlib from '../../../libs/string'; +import * as xplatform from 'xplatform'; +import * as initGenerate from '../generate/index'; + +export function execute() { + + common.printLevel1Message(`APF authorize load libraries`); + + // Validation + common.requireZoweYaml(); + const ZOWE_CONFIG = config.getZoweConfig(); + + // read prefix and validate + const prefix=ZOWE_CONFIG.zowe?.setup?.dataset?.prefix; + if (!prefix) { + common.printErrorAndExit(`Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + + // check if user passed --generate + const forceGen = !!std.getenv('ZWE_CLI_PARAMETER_GENERATE') + if (forceGen) { + initGenerate.execute(); + } + + // read JCL library and validate + const jcllib = zoslib.verifyGeneratedJcl(ZOWE_CONFIG); + if (!jcllib) { + return common.printErrorAndExit(`Error ZWEL0319E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command.`, undefined, 319); + } + + + ['authLoadlib', 'authPluginLib'].forEach((key)=> { + if (!ZOWE_CONFIG.zowe?.setup?.dataset || !ZOWE_CONFIG.zowe?.setup?.dataset[key]) { + common.printErrorAndExit(`Error ZWEL0157E: zowe.setup.dataset.${key} is not defined in Zowe YAML configuration file.`, undefined, 157); + } + }); + + let result1 = zosDs.isDatasetSmsManaged(ZOWE_CONFIG.zowe.setup.dataset.authLoadlib); + let result2 = zosDs.isDatasetSmsManaged(ZOWE_CONFIG.zowe.setup.dataset.authPluginLib); + if (!result1.smsManaged || !result2.smsManaged) { + const COMMAND_LIST = std.getenv('ZWE_CLI_COMMANDS_LIST'); + const tmpfile = fs.createTmpFile(`zwe ${COMMAND_LIST}`.replace(new RegExp('\ ', 'g'), '-')); + common.printDebug(`- Copy ${jcllib}(ZWEIAPF2) to ${tmpfile}`); + let jclContent = shell.execOutSync('sh', '-c', `cat "//'${stringlib.escapeDollar(jcllib)}(ZWEIAPF2)'" 2>&1`); + if (jclContent.out && jclContent.rc == 0) { + common.printDebug(` * Succeeded`); + common.printTrace(` * Output:`); + common.printTrace(stringlib.paddingLeft(jclContent.out, " ")); + + if (result1.rc === 0 && !result1.smsManaged) { + let result3 = zosDs.getDatasetVolume(ZOWE_CONFIG.zowe.setup.dataset.authLoadlib); + if (result3.volume) { + jclContent.out = jclContent.out.replace("export LOADLOC=SMS", `export LOADLOC="VOLUME=${result3.volume}"`); + } + } + if (result2.rc === 0 && !result2.smsManaged) { + let result4 = zosDs.getDatasetVolume(ZOWE_CONFIG.zowe.setup.dataset.authPluginLib); + if (result4.volume) { + jclContent.out = jclContent.out.replace("export PLUGLOC=SMS", `export PLUGLOC="VOLUME=${result4.volume}"`); + } + } + + xplatform.storeFileUTF8(tmpfile, xplatform.AUTO_DETECT, jclContent.out); + common.printTrace(` * Stored:`); + common.printTrace(stringlib.paddingLeft(jclContent.out, " ")); + + shell.execSync('chmod', '700', tmpfile); + if (!fs.fileExists(tmpfile)) { + common.printErrorAndExit(`Error ZWEL0159E: Failed to prepare ZWEIAPF2`, undefined, 159); + } + + zosJes.printAndHandleJcl(tmpfile, `ZWEIAPF2`, jcllib, prefix, true); + } else { + common.printDebug(` * Failed`); + common.printError(` * Exit code: ${jclContent.rc}`); + common.printError(` * Output:`); + if (jclContent.out) { + common.printError(stringlib.paddingLeft(jclContent.out, " ")); + } + std.exit(1); + } + } else { + zosJes.printAndHandleJcl(`//'${jcllib}(ZWEIAPF2)'`, `ZWEIAPF2`, jcllib, prefix); + } + common.printLevel2Message(`Zowe load libraries are APF authorized successfully.`); +} diff --git a/bin/commands/init/certificate/.errors b/bin/commands/init/certificate/.errors index 070225e19e..173126d09e 100644 --- a/bin/commands/init/certificate/.errors +++ b/bin/commands/init/certificate/.errors @@ -1,2 +1,5 @@ ZWEL0157E|157|%s (%s) is not defined in Zowe YAML configuration file. ZWEL0164E|164|Value of %s (%s) defined in Zowe YAML configuration file is invalid. Valid values are %s. +ZWEL0174E|174|Failed to generate certificate in Zowe keyring "%s/%s". +ZWEL0319E|319|zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command. +ZWEL0201E|201|File %s does not exist. diff --git a/bin/commands/init/certificate/.parameters b/bin/commands/init/certificate/.parameters index 3c989a374d..1b5ff1fa67 100644 --- a/bin/commands/init/certificate/.parameters +++ b/bin/commands/init/certificate/.parameters @@ -1,3 +1,4 @@ allow-overwrite,allow-overwritten||boolean|||||Allow overwritten existing MVS data set. update-config||boolean|||||Whether to update YAML configuration file with initialization result. ignore-security-failures||boolean|||||Whether to ignore security setup job failures. +security-dry-run,dry-run||boolean|||||Generates and prints JCL but does not execute. diff --git a/bin/commands/init/certificate/index.sh b/bin/commands/init/certificate/index.sh index 478b3c745a..20784615e0 100644 --- a/bin/commands/init/certificate/index.sh +++ b/bin/commands/init/certificate/index.sh @@ -11,9 +11,32 @@ # Copyright Contributors to the Zowe Project. ####################################################################### +print_level1_message "Generate certificate" + ############################### # validation require_zowe_yaml +if [ -n "${ZWE_PRIVATE_CONFIG_ORIG}" ]; then + CONFIG_TO_WRITE=${ZWE_PRIVATE_CONFIG_ORIG} +else + CONFIG_TO_WRITE=${ZWE_CLI_PARAMETER_CONFIG} +fi + +# Keytool is needed +require_java + +# Node is needed for read_yaml +require_node + +export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=$(create_tmp_file) +mkdir -p ${ZWE_PRIVATE_TMP_MERGED_YAML_DIR} +_CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/internal/config/output/cli.js" +if [ $? -eq 0 -a -f "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}/.zowe-merged.yaml" ]; then +# use the yaml configmgr returns because it will contain defaults for the version we are using. + ZWE_CLI_PARAMETER_CONFIG=${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}/.zowe-merged.yaml +else + print_error_and_exit "Error ZWEL0201E: File '${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}/.zowe-merged.yaml' does not exist." "" 201 +fi ############################### # read prefix and validate @@ -21,34 +44,26 @@ prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") if [ -z "${prefix}" ]; then print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 fi -# read JCL library and validate -jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") -if [ -z "${jcllib}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe custom JCL library (zowe.setup.dataset.jcllib) is not defined in Zowe YAML configuration file." "" 157 + +jcllib=$(verify_generated_jcl) +if [ "$?" -eq 1 ]; then + print_error_and_exit "Error ZWEL0319E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command." "" 319 fi -security_product=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.product") -security_users_zowe=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.users.zowe") -security_groups_admin=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.groups.admin") + # read cert type and validate cert_type=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.type") if [ -z "${cert_type}" ]; then print_error_and_exit "Error ZWEL0157E: Certificate type (zowe.setup.certificate.type) is not defined in Zowe YAML configuration file." "" 157 fi + [[ "$cert_type" == "PKCS12" || "$cert_type" == JCE*KS ]] if [ $? -ne 0 ]; then print_error_and_exit "Error ZWEL0164E: Value of certificate type (zowe.setup.certificate.type) defined in Zowe YAML configuration file is invalid. Valid values are PKCS12, JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS." "" 164 fi -# read cert dname -for item in caCommonName commonName orgUnit org locality state country; do - var_name="dname_${item}" - var_val=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.dname.${item}") - eval "${var_name}=\"${var_val}\"" -done -# read cert validity -cert_validity=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.validity") + if [ "${cert_type}" = "PKCS12" ]; then # read keystore info - for item in directory lock name password caAlias caPassword; do + for item in directory lock name password; do var_name="pkcs12_${item}" var_val=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.pkcs12.${item}") eval "${var_name}=\"${var_val}\"" @@ -57,44 +72,68 @@ if [ "${cert_type}" = "PKCS12" ]; then print_error_and_exit "Error ZWEL0157E: Keystore directory (zowe.setup.certificate.pkcs12.directory) is not defined in Zowe YAML configuration file." "" 157 fi # read keystore import info - for item in keystore password alias; do - var_name="pkcs12_import_${item}" - var_val=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.pkcs12.import.${item}") - eval "${var_name}=\"${var_val}\"" - done - if [ -n "${pkcs12_import_keystore}" ]; then - if [ -z "${pkcs12_import_password}" ]; then - print_error_and_exit "Error ZWEL0157E: Password for import keystore (zowe.setup.certificate.pkcs12.import.password) is not defined in Zowe YAML configuration file." "" 157 - fi - if [ -z "${pkcs12_import_alias}" ]; then - print_error_and_exit "Error ZWEL0157E: Certificate alias of import keystore (zowe.setup.certificate.pkcs12.import.alias) is not defined in Zowe YAML configuration file." "" 157 - fi - fi -elif [[ "${cert_type}" == JCE*KS ]]; then + pkcs12_import_keystore=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.pkcs12.import.keystore") + +else # JCE* content + security_product=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.product") + keyring_option=1 # read keyring info - for item in owner name label caLabel; do + # TODO removed "owner" here because it wasnt being read in the JCL. + for item in name label caLabel; do var_name="keyring_${item}" var_val=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.keyring.${item}") eval "${var_name}=\"${var_val}\"" done + # FIXME: currently ZWEKRING jcl will import the cert and chain, CA will also be added to CERTAUTH, but the CA will not be connected to keyring. + # the CA imported could have label like LABEL00000001. + yaml_keyring_label="${keyring_label}" if [ -z "${keyring_name}" ]; then print_error_and_exit "Error ZWEL0157E: Zowe keyring name (zowe.setup.certificate.keyring.name) is not defined in Zowe YAML configuration file." "" 157 fi + keyring_import_dsName=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.keyring.import.dsName") - keyring_import_password=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.keyring.import.password") if [ -n "${keyring_import_dsName}" ]; then keyring_option=3 + keyring_import_password=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.keyring.import.password") if [ -z "${keyring_import_password}" ]; then print_error_and_exit "Error ZWEL0157E: The password for data set storing importing certificate (zowe.setup.certificate.keyring.import.password) is not defined in Zowe YAML configuration file." "" 157 fi + else + keyring_connect_label=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.keyring.connect.label") + if [ -n "${keyring_connect_label}" ]; then + keyring_option=2 + keyring_connect_user=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.keyring.connect.user") + if [ -z "${keyring_connect_user}" ]; then + print_error_and_exit "Error ZWEL0157E: (zowe.setup.certificate.keyring.connect.user) is not defined in Zowe YAML configuration file." "" 157 + fi + yaml_keyring_label="${keyring_connect_label}" + fi fi - keyring_connect_user=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.keyring.connect.user") - keyring_connect_label=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.keyring.connect.label") - if [ -n "${keyring_connect_label}" ]; then - keyring_option=2 + + if [ "${keyring_option}" -eq 1 ]; then + # validate parameters only needed for creation of certificate + for item in caCommonName commonName orgUnit org locality state country; do + var_val=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.dname.${item}") + if [ -z "${var_val}" ]; then + print_error_and_exit "Error ZWEL0157E: Certificate creation parameter (zowe.setup.certificate.dname.${item}) is not defined in Zowe YAML configuration file." "" 157 + fi + done + # read cert validity + cert_validity=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.validity") + if [ -z "${cert_validity}" ]; then + print_error_and_exit "Error ZWEL0157E: Certificate creation parameter (zowe.setup.certificate.validity) is not defined in Zowe YAML configuration file." "" 157 + fi fi + + # read keyring-specific z/OSMF info + for item in user ca; do + var_name="zosmf_${item}" + var_val=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.keyring.zOSMF.${item}") + eval "${var_name}=\"${var_val}\"" + done fi + # read keystore domains cert_import_CAs=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.importCertificateAuthorities" | tr '\n' ',') # read keystore domains @@ -103,21 +142,15 @@ if [ -z "${cert_domains}" ]; then cert_domains=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.externalDomains" | tr '\n' ',') fi -# read z/OSMF info -for item in user ca; do - var_name="zosmf_${item}" - var_val=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.keyring.zOSMF.${item}") - eval "${var_name}=\"${var_val}\"" -done for item in host port; do var_name="zosmf_${item}" var_val=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zOSMF.${item}") eval "${var_name}=\"${var_val}\"" done -keyring_trust_zosmf= +keyring_trust_zosmf=0 verify_certificates=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.verifyCertificates" | upper_case) if [ "${verify_certificates}" = "STRICT" -o "${verify_certificates}" = "NONSTRICT" ]; then - keyring_trust_zosmf="--trust-zosmf" + keyring_trust_zosmf=1 else # no need to trust z/OSMF service zosmf_host= @@ -126,56 +159,79 @@ fi ############################### -# set default values -if [ -z "${security_product}" ]; then - security_product=RACF -fi -if [ -z "${security_users_zowe}" ]; then - security_users_zowe=${ZWE_PRIVATE_DEFAULT_ZOWE_USER} -fi -if [ -z "${security_groups_admin}" ]; then - security_groups_admin=${ZWE_PRIVATE_DEFAULT_ADMIN_GROUP} -fi +# set default values or quit on missing ones + if [ "${cert_type}" = "PKCS12" ]; then - if [ -z "${pkcs12_caAlias}" ]; then - pkcs12_caAlias=local_ca - fi - if [ -z "${pkcs12_caPassword}" ]; then - pkcs12_caPassword=local_ca_password - fi if [ -z "${pkcs12_name}" ]; then - pkcs12_name=localhost + print_error_and_exit "Error ZWEL0157E: (zowe.setup.certificate.pkcs12.name) is not defined in Zowe YAML configuration file." "" 157 fi if [ -z "${pkcs12_password}" ]; then - pkcs12_password=password + print_error_and_exit "Error ZWEL0157E: (zowe.setup.certificate.pkcs12.password) is not defined in Zowe YAML configuration file." "" 157 fi -elif [[ "${cert_type}" == JCE*KS ]]; then + + + if [ "$(lower_case "${pkcs12_lock}")" = "true" ]; then + security_users_zowe=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.users.zowe") + security_groups_admin=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.groups.admin") + if [ -z "${security_users_zowe}" ]; then + security_users_zowe=${ZWE_PRIVATE_DEFAULT_ZOWE_USER} + fi + if [ -z "${security_groups_admin}" ]; then + security_groups_admin=${ZWE_PRIVATE_DEFAULT_ADMIN_GROUP} + fi + fi +else # JCE* content + if [ -z "${security_product}" ]; then + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.product) is not defined in Zowe YAML configuration file." "" 157 + fi + security_users_zowe=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.users.zowe") + if [ -z "${security_users_zowe}" ]; then + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.users.zowe) is not defined in Zowe YAML configuration file." "" 157 + fi + # TODO this seems to not actually be used... was this an unusual user request? is it even possible to be a different owner? if [ -z "${keyring_owner}" ]; then keyring_owner=${security_users_zowe} fi - if [ -z "${keyring_label}" ]; then - keyring_label=localhost - fi + if [ "${keyring_option}" = "1" ]; then if [ -z "${keyring_caLabel}" ]; then - keyring_caLabel=localca + print_error_and_exit "Error ZWEL0157E: (zowe.setup.certificate.keyring.caLabel) is not defined in Zowe YAML configuration file." "" 157 fi - else - # for import case, this variable is not used - keyring_caLabel= fi - if [ -z "${zosmf_ca}" -a "${security_product}" = "RACF" -a -n "${zosmf_host}" ]; then - zosmf_ca="_auto_" + if [ "${keyring_option}" != "2" ]; then + if [ -z "${keyring_label}" ]; then + print_error_and_exit "Error ZWEL0157E: (zowe.setup.certificate.keyring.label) is not defined in Zowe YAML configuration file." "" 157 + fi + fi + if [ "${security_product}" = "ACF2" ]; then + security_groups_stc=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.groups.stc") + if [ -z "${security_groups_stc}" ]; then + print_error_and_exit "Error ZWEL0157E: (zowe.setup.security.groups.stc) is not defined in Zowe YAML configuration file." "" 157 + fi + fi + + if [ "${security_product}" = "RACF" -o "${security_product}" = "TSS" ]; then + if [ -z "${zosmf_ca}" -a -n "${zosmf_host}" ]; then + zosmf_ca="_auto_" + fi fi fi -pkcs12_name_lc=$(echo "${pkcs12_name}" | lower_case) -pkcs12_caAlias_lc=$(echo "${pkcs12_caAlias}" | lower_case) -# what PEM format CAs we should tell Zowe to use -yaml_pem_cas= ############################### if [ "${cert_type}" = "PKCS12" ]; then + # what PEM format CAs we should tell Zowe to use + yaml_pem_cas= + if [ -n "${pkcs12_import_keystore}" ]; then + pkcs12_import_password=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.pkcs12.import.password") + if [ -z "${pkcs12_import_password}" ]; then + print_error_and_exit "Error ZWEL0157E: Password for import keystore (zowe.setup.certificate.pkcs12.import.password) is not defined in Zowe YAML configuration file." "" 157 + fi + pkcs12_import_alias=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.pkcs12.import.alias") + if [ -z "${pkcs12_import_alias}" ]; then + print_error_and_exit "Error ZWEL0157E: Certificate alias of import keystore (zowe.setup.certificate.pkcs12.import.alias) is not defined in Zowe YAML configuration file." "" 157 + fi + # import from another keystore zwecli_inline_execute_command \ certificate pkcs12 import \ @@ -186,6 +242,19 @@ if [ "${cert_type}" = "PKCS12" ]; then --source-password "${pkcs12_import_password}" \ --source-alias "${pkcs12_import_alias}" else + # cert to be created, read creation parameters. + for item in caCommonName commonName orgUnit org locality state country; do + var_name="dname_${item}" + var_val=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.dname.${item}") + eval "${var_name}=\"${var_val}\"" + done + # read cert validity + cert_validity=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.validity") + + pkcs12_caPassword=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.pkcs12.caPassword") + pkcs12_caAlias=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.certificate.pkcs12.caAlias") + pkcs12_caAlias_lc=$(echo "${pkcs12_caAlias}" | lower_case) + # create CA zwecli_inline_execute_command \ certificate pkcs12 create ca \ @@ -215,7 +284,7 @@ if [ "${cert_type}" = "PKCS12" ]; then --keystore "${pkcs12_name}" \ --alias "${pkcs12_name}" \ --password "${pkcs12_password}" \ - --common-name "${dname_caCommonName}" \ + --common-name "${dname_commonName}" \ --org-unit "${dname_orgUnit}" \ --org "${dname_org}" \ --locality "${dname_locality}" \ @@ -298,6 +367,9 @@ if [ "${cert_type}" = "PKCS12" ]; then --group-permission none fi + pkcs12_name_lc=$(echo "${pkcs12_name}" | lower_case) + + ZWE_CLI_PARAMETER_CONFIG=${CONFIG_TO_WRITE} # update zowe.yaml if [ "${ZWE_CLI_PARAMETER_UPDATE_CONFIG}" = "true" ]; then print_level1_message "Update certificate configuration to ${ZWE_CLI_PARAMETER_CONFIG}" @@ -335,129 +407,57 @@ if [ "${cert_type}" = "PKCS12" ]; then print_level2_message "Zowe configuration requires manual updates." fi ############################### -elif [[ "${cert_type}" == JCE*KS ]]; then +else # JCE* content # FIXME: how do we check if keyring exists without permission on RDATALIB? # should we clean up before creating new if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then # warning - print_message "Warning ZWEL0300W: Keyring \"safkeyring:///${keyring_owner}/${keyring_name}\" will be overwritten during configuration." + print_message "Warning ZWEL0300W: Keyring \"safkeyring:////${keyring_owner}/${keyring_name}\" will be overwritten during configuration." - zwecli_inline_execute_command \ - certificate keyring-jcl clean \ - --dataset-prefix "${prefix}" \ - --jcllib "${jcllib}" \ - --keyring-owner "${keyring_owner}" \ - --keyring-name "${keyring_name}" \ - --alias "${keyring_label}" \ - --ca-alias "${keyring_caLabel}" \ - --security-product "${security_product}" + keyring_run_zwenokyr_jcl "${prefix}" "${jcllib}" "${security_product}" else # error - # print_error_and_exit "Error ZWEL0158E: Keyring \"safkeyring:///${keyring_owner}/${keyring_name}\" already exists." "" 158 + # print_error_and_exit "Error ZWEL0158E: Keyring \"safkeyring:////${keyring_owner}/${keyring_name}\" already exists." "" 158 fi - yaml_keyring_label= - case ${keyring_option} in - 1) - # generate new cert in keyring - zwecli_inline_execute_command \ - certificate keyring-jcl generate \ - --dataset-prefix "${prefix}" \ - --jcllib "${jcllib}" \ - --keyring-owner "${keyring_owner}" \ - --keyring-name "${keyring_name}" \ - --alias "${keyring_label}" \ - --ca-alias "${keyring_caLabel}" \ - --trust-cas "${cert_import_CAs}" \ - --common-name "${dname_commonName}" \ - --org-unit "${dname_orgUnit}" \ - --org "${dname_org}" \ - --locality "${dname_locality}" \ - --state "${dname_state}" \ - --country "${dname_country}" \ - --validity "${cert_validity}" \ - --security-product "${security_product}" \ - --domains "${cert_domains}" \ - "${keyring_trust_zosmf}" \ - --zosmf-ca "${zosmf_ca}" \ - --zosmf-user "${zosmf_user}" - - yaml_keyring_label="${keyring_label}" - # keyring string for self-signed CA - yaml_pem_cas="safkeyring:////${keyring_owner}/${keyring_name}&${keyring_caLabel}" - ;; - 2) - # connect existing certs to zowe keyring - zwecli_inline_execute_command \ - certificate keyring-jcl connect \ - --dataset-prefix "${prefix}" \ - --jcllib "${jcllib}" \ - --keyring-owner "${keyring_owner}" \ - --keyring-name "${keyring_name}" \ - --trust-cas "${cert_import_CAs}" \ - --connect-user "${keyring_connect_user}" \ - --connect-label "${keyring_connect_label}" \ - --security-product "${security_product}" \ - "${keyring_trust_zosmf}" \ - --zosmf-ca "${zosmf_ca}" \ - --zosmf-user "${zosmf_user}" - - yaml_keyring_label="${keyring_connect_label}" - ;; - 3) - # import certs from data set into zowe keyring - zwecli_inline_execute_command \ - certificate keyring-jcl import-ds \ - --dataset-prefix "${prefix}" \ - --jcllib "${jcllib}" \ - --keyring-owner "${keyring_owner}" \ - --keyring-name "${keyring_name}" \ - --alias "${keyring_label}" \ - --trust-cas "${cert_import_CAs}" \ - --import-ds-name "${keyring_import_dsName}" \ - --import-ds-password "${keyring_import_password}" \ - --security-product "${security_product}" \ - "${keyring_trust_zosmf}" \ - --zosmf-ca "${zosmf_ca}" \ - --zosmf-user "${zosmf_user}" - # FIXME: currently ZWEKRING jcl will import the cert and chain, CA will also be added to CERTAUTH, but the CA will not be connected to keyring. - # the CA imported could have label like LABEL00000001. - - yaml_keyring_label="${keyring_label}" - ;; - esac + keyring_run_zwekring_jcl "${prefix}" \ + "${jcllib}" \ + "${keyring_option}" \ + "${cert_domains}" \ + "${cert_import_CAs}" \ + "${keyring_trust_zosmf}" \ + "${zosmf_ca}" \ + "${cert_validity}" \ + "${security_product}" + + if [ $? -ne 0 ]; then + job_has_failures=true + if [ "${ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES}" = "true" ]; then + print_error "Error ZWEL0174E: Failed to generate certificate in Zowe keyring \"${ZWE_CLI_PARAMETER_KEYRING_OWNER}/${ZWE_CLI_PARAMETER_KEYRING_NAME}\"." + else + print_error_and_exit "Error ZWEL0174E: Failed to generate certificate in Zowe keyring \"${ZWE_CLI_PARAMETER_KEYRING_OWNER}/${ZWE_CLI_PARAMETER_KEYRING_NAME}\"." "" 174 + fi + fi - if [ -n "${cert_import_CAs}" ]; then - # append imported CAs to list - while read -r item; do - item=$(echo "${item}" | trim) - if [ -n "${item}" ]; then - if [ -n "${yaml_pem_cas}" ]; then - yaml_pem_cas="${yaml_pem_cas},safkeyring:////${keyring_owner}/${keyring_name}&${item}" - else - yaml_pem_cas="safkeyring:////${keyring_owner}/${keyring_name}&${item}" - fi - fi - done < '$$' (we want '$$$$') + // $$ inserts a '$', replace(/[$]/g, '$$$$') => double each '$' occurence + jclContents = jclContents.replace(/\{zowe\.setup\.dataset\.prefix\}/gi, prefix.replace(/[$]/g, '$$$$')); + jclContents = jclContents.replace(/\{zowe\.runtimeDirectory\}/gi, runtimeDirectory.replace(/[$]/g, '$$$$')); + if (std.getenv('ZWE_PRIVATE_LOG_LEVEL_ZWELS') !== 'INFO') { + jclContents = jclContents.replace('noverbose -', 'verbose -'); + } + let originalConfig = std.getenv('ZWE_PRIVATE_CONFIG_ORIG'); + let startingConfig = originalConfig; + if ((originalConfig.indexOf('FILE(') == -1) && (originalConfig.indexOf('PARMLIB(') == -1)) { + startingConfig = 'FILE('+originalConfig+')'; + } + + let parts = startingConfig.split(/(FILE\(|PARMLIB\()/g).filter(item => item.length > 0); + let configLines = []; + let state = ''; + + for (let i = 0; i < parts.length; i++) { + let part = parts[i]; + if (part == 'FILE(') { + state = part; + } else if (part == 'PARMLIB(') { + state = part; + } else if (state == 'FILE(') { + let filename = part.substring(0, part.indexOf(')')); + configLines.push('FILE ' + fs.convertToAbsolutePath(filename).replace(/[$]/g, '$$$$')); + state = null; + } else if (state == 'PARMLIB(') { + let memberIndex = part.indexOf('('); + if (memberIndex != -1) { + let endIndex = part.indexOf(')', memberIndex); + let member = part.substring(memberIndex+1, endIndex); + if (member.toUpperCase() != 'ZWEYAML') { + common.printErrorAndExit(`ZWEL0319E Configuration stored in PARMLIB must use member name ZWEYAML when using generate action.`, undefined, 319); + } + } + configLines.push('PARMLIB ' + part.substring(0, part.indexOf('(')).replace(/[$]/g, '$$$$')); + state = null; + } + } + + jclContents = jclContents.replace('FILE ', configLines.join('\n')); + + xplatform.storeFileUTF8(tempFile, xplatform.AUTO_DETECT, jclContents); + + common.printMessage(`Template JCL: ${ZOWE_CONFIG.zowe.setup.dataset.prefix + '.SZWESAMP(ZWEGENER)'}`); + common.printMessage('--- JCL content ---'); + common.printMessage(jclContents); + common.printMessage('--- End of JCL ---'); + + if (dryRun) { + common.printMessage('JCL not submitted, command run with "--dry-run" flag.'); + common.printMessage('To perform command, re-run command without "--dry-run" flag, or submit the JCL directly.'); + os.remove(tempFile); + + } else { //TODO can we generate just for one step, or no reason? + common.printMessage('Submitting Job ZWEGENER'); + const jobid = zosJes.submitJob(tempFile); + const result = zosJes.waitForJob(jobid); + os.remove(tempFile); + + common.printMessage(`Job completed with RC=${result.rc}`); + if (result.rc == 0) { + common.printMessage("Zowe JCL generated successfully"); + } else { + common.printMessage(`Zowe JCL generated with errors, check job log. Job completion code=${result.jobcccode}, Job completion text=${result.jobcctext}`); + } + // print if succesful + } +} diff --git a/bin/commands/init/index.sh b/bin/commands/init/index.sh index a2815f2b49..7b544b1f61 100755 --- a/bin/commands/init/index.sh +++ b/bin/commands/init/index.sh @@ -11,89 +11,8 @@ # Copyright Contributors to the Zowe Project. ####################################################################### -print_level0_message "Configure Zowe" - -############################### -print_level1_message "Check if need to update runtime directory, Java and/or node.js settings in Zowe YAML configuration" -# node.home -update_node_home= -yaml_node_home="$(shell_read_yaml_node_home "${ZWE_CLI_PARAMETER_CONFIG}")" -# only try to update if it's not defined -if [ -z "${yaml_node_home}" ]; then - require_node - if [ -n "${NODE_HOME}" ]; then - update_node_home="${NODE_HOME}" - fi -fi -# java.home -update_java_home= -yaml_java_home="$(shell_read_yaml_java_home "${ZWE_CLI_PARAMETER_CONFIG}")" -# only try to update if it's not defined -if [ -z "${yaml_java_home}" ]; then - require_java - if [ -n "${JAVA_HOME}" ]; then - update_java_home="${JAVA_HOME}" - fi -fi -# zowe.runtimeDirectory -require_zowe_yaml -update_zowe_runtime_dir= -# do we have zowe.runtimeDirectory defined in zowe.yaml? -yaml_runtime_dir=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.runtimeDirectory") -if [ -n "${yaml_runtime_dir}" ]; then - result=$(are_directories_same "${yaml_runtime_dir}" "${ZWE_zowe_runtimeDirectory}") - code=$? - if [ ${code} -ne 0 ]; then - print_error_and_exit "Error ZWEL0105E: The Zowe YAML config file is associated to Zowe runtime \"${yaml_runtime_dir}\", which is not same as where zwe command is located." "" 105 - fi - # no need to update -else - update_zowe_runtime_dir="${ZWE_zowe_runtimeDirectory}" -fi - -if [ -n "${update_node_home}" -o -n "${update_java_home}" -o -n "${update_zowe_runtime_dir}" ]; then - if [ "${ZWE_CLI_PARAMETER_UPDATE_CONFIG}" = "true" ]; then - if [ -n "${update_node_home}" ]; then - update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "node.home" "${update_node_home}" - fi - if [ -n "${update_java_home}" ]; then - update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "java.home" "${update_java_home}" - fi - if [ -n "${update_zowe_runtime_dir}" ]; then - update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "zowe.runtimeDirectory" "${update_zowe_runtime_dir}" - fi - - print_level2_message "Runtime directory, Java and/or node.js settings are updated successfully." - else - print_message "These configurations need to be added to your YAML configuration file:" - print_message "" - if [ -n "${update_zowe_runtime_dir}" ]; then - print_message "zowe:" - print_message " runtimeDirectory: \"${update_zowe_runtime_dir}\"" - fi - if [ -n "${update_node_home}" ]; then - print_message "node:" - print_message " home: \"${update_node_home}\"" - fi - if [ -n "${update_java_home}" ]; then - print_message "java:" - print_message " home: \"${update_java_home}\"" - fi - - print_level2_message "Please manually update \"${ZWE_CLI_PARAMETER_CONFIG}\" before you start Zowe." - fi -else - print_level2_message "No need to update runtime directory, Java and node.js settings." +if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then + # user-facing command, use tmpdir to not mess up workspace permissions + export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi - -############################### -zwecli_inline_execute_command init mvs -zwecli_inline_execute_command init vsam -if [ "${ZWE_CLI_PARAMETER_SKIP_SECURITY_SETUP}" != "true" ]; then - zwecli_inline_execute_command init apfauth - zwecli_inline_execute_command init security -fi -zwecli_inline_execute_command init certificate -zwecli_inline_execute_command init stc - -print_level1_message "Zowe is configured successfully." +_CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/cli.js" diff --git a/bin/commands/init/index.ts b/bin/commands/init/index.ts new file mode 100644 index 0000000000..0756935fa5 --- /dev/null +++ b/bin/commands/init/index.ts @@ -0,0 +1,123 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as std from 'cm_std'; +import * as os from 'cm_os'; +import * as shell from '../../libs/shell'; +import * as zoslib from '../../libs/zos'; +import * as json from '../../libs/json'; +import * as zosJes from '../../libs/zos-jes'; +import * as zosDataset from '../../libs/zos-dataset'; +import * as common from '../../libs/common'; +import * as config from '../../libs/config'; +import * as node from '../../libs/node'; +import * as java from '../../libs/java'; + +import * as initGenerate from './generate/index'; +import * as initMvs from './mvs/index'; +import * as initVsam from './vsam/index'; +import * as initApfAuth from './apfauth/index'; +import * as initSecurity from './security/index'; +//import * as initCertificate from './certificate/index'; +import * as initStc from './stc/index'; + +export function execute(allowOverwrite?: boolean, dryRun?: boolean, ignoreSecurityFailures?: boolean, updateConfig?: boolean) { + common.printLevel0Message(`Configure Zowe`); + + // Validation + common.requireZoweYaml(); + + // Read job name and validate + const zoweConfig = config.getZoweConfig(); + + + common.printLevel1Message(`Check if need to update runtime directory, Java and/or node.js settings in Zowe YAML configuration`); + // node.home + let newNodeHome; + const configNodeHome=zoweConfig.node?.home; + // only try to update if it's not defined + if (!configNodeHome || configNodeHome == 'DETECT') { + node.requireNode(); + newNodeHome=std.getenv('NODE_HOME'); + } + + // java.home + let newJavaHome; + const configJavaHome=zoweConfig.java?.home; + // only try to update if it's not defined + if (!configJavaHome || configJavaHome == 'DETECT') { + java.requireJava(); + newJavaHome=std.getenv('JAVA_HOME'); + } + + // zowe.runtimeDirectory + let newZoweRuntimeDir; + // do we have zowe.runtimeDirectory defined in zowe.yaml? + const configRuntimeDir = zoweConfig.zowe?.runtimeDirectory; + if (configRuntimeDir) { + let realPathResult = os.realpath(configRuntimeDir); + if (realPathResult[1] != 0 || realPathResult[0] != std.getenv('ZWE_zowe_runtimeDirectory')) { + common.printErrorAndExit(`Error ZWEL0105E: The Zowe YAML config file is associated to Zowe runtime "${configRuntimeDir}", which is not same as where zwe command is located.`, undefined, 105); + } + } else { + newZoweRuntimeDir = std.getenv('ZWE_zowe_runtimeDirectory'); + } + + if (newNodeHome || newJavaHome || newZoweRuntimeDir) { + if (std.getenv("ZWE_CLI_PARAMETER_UPDATE_CONFIG") == "true") { + let updateObj:any = {}; + if (newNodeHome) { + updateObj.node = {home: newNodeHome}; + } + if (newJavaHome) { + updateObj.java = {home: newJavaHome}; + } + if (newZoweRuntimeDir) { + updateObj.zowe = {runtimeDirectory: newZoweRuntimeDir}; + } + json.updateZoweYamlFromObj(std.getenv('ZWE_CLI_PARAMETER_CONFIG'), updateObj); + + common.printLevel2Message(`Runtime directory, Java and/or node.js settings are updated successfully.`); + } else { + common.printMessage(`These configurations need to be added to your YAML configuration file:`); + common.printMessage(``); + if (newZoweRuntimeDir) { + common.printMessage(`zowe:`); + common.printMessage(` runtimeDirectory: "${newZoweRuntimeDir}"`); + } + if (newNodeHome) { + common.printMessage(`node:`); + common.printMessage(` home: "${newNodeHome}"`); + } + if (newJavaHome) { + common.printMessage(`java:`); + common.printMessage(` home: "${newJavaHome}"`); + } + + common.printLevel2Message(`Please manually update "${std.getenv('ZWE_PRIVATE_CONFIG_ORIG')}" before you start Zowe.`); + } + } else { + common.printLevel2Message(`No need to update runtime directory, Java and node.js settings.`); + } + + initGenerate.execute(dryRun); + initMvs.execute(allowOverwrite); + initVsam.execute(allowOverwrite, dryRun, updateConfig); + if (std.getenv("ZWE_CLI_PARAMETER_SKIP_SECURITY_SETUP") != 'true') { + initApfAuth.execute(); + initSecurity.execute(dryRun, ignoreSecurityFailures); + } + // TODO: init certificate remains shell code for now due to complexity. + let result = shell.execSync('sh', '-c', `ZWE_PRIVATE_CLI_LIBRARY_LOADED= ${std.getenv('ZWE_zowe_runtimeDirectory')}/bin/zwe init certificate ${dryRun?'--dry-run':''} ${updateConfig?'--update-config':''} ${allowOverwrite?'--allow-overwrite':''} ${ignoreSecurityFailures?'--ignore-security-failures':''} -c "${std.getenv('ZWE_CLI_PARAMETER_CONFIG')}"`); + initStc.execute(allowOverwrite); + + common.printLevel1Message(`Zowe is configured successfully.`); +} diff --git a/bin/commands/init/mvs/.errors b/bin/commands/init/mvs/.errors index e0d97a80c7..8c6fc381f4 100644 --- a/bin/commands/init/mvs/.errors +++ b/bin/commands/init/mvs/.errors @@ -2,3 +2,8 @@ ZWEL0157E|157|%s (%s) is not defined in Zowe YAML configuration file. ZWEL0300W||%s already exists. This data set member will be overwritten during configuration. ZWEL0301W||%s already exists and will not be overwritten. For upgrades, you must use --allow-overwrite. ZWEL0158E|158|%s already exists. +ZWEL0159E|159|Failed to modify %s. +ZWEL0161E|161|Failed to run JCL %s. +ZWEL0162E|162|Failed to find job %s result. +ZWEL0163E|163|Job %s ends with code %s. +ZWEL0319E|319|zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command. diff --git a/bin/commands/init/mvs/.examples b/bin/commands/init/mvs/.examples index 880022a51f..991f767747 100644 --- a/bin/commands/init/mvs/.examples +++ b/bin/commands/init/mvs/.examples @@ -1 +1,2 @@ zwe init mvs -v -c /path/to/zowe.yaml +zwe init mvs -v -c /path/to/zowe.yaml --generate diff --git a/bin/commands/init/mvs/.parameters b/bin/commands/init/mvs/.parameters index 7d4e1ac58c..70854b90ba 100644 --- a/bin/commands/init/mvs/.parameters +++ b/bin/commands/init/mvs/.parameters @@ -1 +1,3 @@ allow-overwrite,allow-overwritten||boolean|||||Allow overwritten existing MVS data set. +dry-run||boolean|||||Generates and prints JCL but does not execute. +generate||boolean|||||Whether to force rebuild of JCL prior to submission. Use this when you've changed zowe.yaml and are re-submitting this command. diff --git a/bin/commands/init/mvs/cli.ts b/bin/commands/init/mvs/cli.ts new file mode 100644 index 0000000000..e2cc25d82e --- /dev/null +++ b/bin/commands/init/mvs/cli.ts @@ -0,0 +1,20 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as std from 'cm_std'; +import * as index from './index'; +import * as configmgr from '../../../libs/configmgr'; +import * as common from '../../../libs/common'; + +index.execute(std.getenv("ZWE_CLI_PARAMETER_ALLOW_OVERWRITE") == 'true'); + +configmgr.cleanupTempDir(); +common.finishLogFile(); diff --git a/bin/commands/init/mvs/index.sh b/bin/commands/init/mvs/index.sh index 7f1102c95d..fdc7dbe0e4 100644 --- a/bin/commands/init/mvs/index.sh +++ b/bin/commands/init/mvs/index.sh @@ -1,5 +1,4 @@ #!/bin/sh - ####################################################################### # This program and the accompanying materials are made available # under the terms of the Eclipse Public License v2.0 which @@ -11,104 +10,11 @@ # Copyright Contributors to the Zowe Project. ####################################################################### -print_level1_message "Initialize Zowe custom data sets" - -############################### -# constants -cust_ds_list="parmlib|Zowe parameter library|dsntype(library) dsorg(po) recfm(f b) lrecl(80) unit(sysallda) space(15,15) tracks -jcllib|Zowe JCL library|dsntype(library) dsorg(po) recfm(f b) lrecl(80) unit(sysallda) space(15,15) tracks -authLoadlib|Zowe authorized load library|dsntype(library) dsorg(po) recfm(u) lrecl(0) blksize(32760) unit(sysallda) space(30,15) tracks -authPluginLib|Zowe authorized plugin library|dsntype(library) dsorg(po) recfm(u) lrecl(0) blksize(32760) unit(sysallda) space(30,15) tracks" - -############################### -# validation -require_zowe_yaml - -# read prefix and validate -prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") -if [ -z "${prefix}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 -fi - -############################### -# create data sets if they do not exist -print_message "Create data sets if they do not exist" -while read -r line; do - key=$(echo "${line}" | awk -F"|" '{print $1}') - name=$(echo "${line}" | awk -F"|" '{print $2}') - spec=$(echo "${line}" | awk -F"|" '{print $3}') - - # read def and validate - ds=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.${key}") - if [ -z "${ds}" ]; then - # authLoadlib can be empty - if [ "${key}" = "authLoadlib" ]; then - continue - else - print_error_and_exit "Error ZWEL0157E: ${name} (zowe.setup.dataset.${key}) is not defined in Zowe YAML configuration file." "" 157 - fi - fi - # check existence - ds_existence=$(is_data_set_exists "${ds}") - if [ "${ds_existence}" = "true" ]; then - if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then - # warning - print_message "Warning ZWEL0300W: ${ds} already exists. Members in this data set will be overwritten." - else - # print_error_and_exit "Error ZWEL0158E: ${ds} already exists." "" 158 - # warning - print_message "Warning ZWEL0301W: ${ds} already exists and will not be overwritten. For upgrades, you must use --allow-overwrite." - fi - else - print_message "Creating ${ds}" - create_data_set "${ds}" "${spec}" - if [ $? -ne 0 ]; then - print_error_and_exit "Error ZWEL0111E: Command aborts with error." "" 111 - fi - fi -done <&1`); + if (jclContent.out && jclContent.rc == 0) { + common.printDebug(` * Succeeded`); + common.printTrace(` * Output:`); + common.printTrace(stringlib.paddingLeft(jclContent.out, " ")); + + const tmpFileContent = jclContent.out.replace("ZWESIP00,", "ZWESIP00," + zisParmlib.toUpperCase()); + xplatform.storeFileUTF8(tmpfile, xplatform.AUTO_DETECT, tmpFileContent); + common.printTrace(` * Stored:`); + common.printTrace(stringlib.paddingLeft(tmpFileContent, " ")); + + shell.execSync('chmod', '700', tmpfile); + } else { + common.printDebug(` * Failed`); + common.printError(` * Exit code: ${jclContent.rc}`); + common.printError(` * Output:`); + if (jclContent.out) { + common.printError(stringlib.paddingLeft(jclContent.out, " ")); + } + std.exit(1); + } + if (!fs.fileExists(tmpfile)) { + common.printErrorAndExit(`Error ZWEL0159E: Failed to modify ZWEIMVS`, undefined, 159); + } + + zosJes.printAndHandleJcl(tmpfile, `ZWEIMVS`, jcllib, prefix, true); + + + } else { + zosJes.printAndHandleJcl(`//'${jcllib}(ZWEIMVS)'`, `ZWEIMVS`, jcllib, prefix); + } + if (runALoadlibCreate === true) { + zosJes.printAndHandleJcl(`//'${jcllib}(ZWEIMVS2)'`, `ZWEIMVS2`, jcllib, prefix); + } + } + + common.printLevel2Message(`Zowe custom data sets are initialized successfully.`); +} diff --git a/bin/commands/init/security/.errors b/bin/commands/init/security/.errors index 0d944958a3..3b992fddef 100644 --- a/bin/commands/init/security/.errors +++ b/bin/commands/init/security/.errors @@ -7,3 +7,4 @@ ZWEL0162E|162|Failed to find job %s result. ZWEL0162W||Failed to find job %s result. ZWEL0163E|163|Job %s ends with code %s. ZWEL0163W||Job %s ends with code %s. +ZWEL0319E|319|zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command. diff --git a/bin/commands/init/security/.examples b/bin/commands/init/security/.examples index d3800923c2..2e6dff24c5 100644 --- a/bin/commands/init/security/.examples +++ b/bin/commands/init/security/.examples @@ -1 +1,2 @@ zwe init security -v -c /path/to/zowe.yaml +zwe init security -v -c /path/to/zowe.yaml --generate diff --git a/bin/commands/init/security/.help b/bin/commands/init/security/.help index 287c3517d7..ace1497f78 100644 --- a/bin/commands/init/security/.help +++ b/bin/commands/init/security/.help @@ -1,4 +1,7 @@ -This command will run ZWESECUR jcl. +This command will run jcl based on the security product: +- `ZWEIACF` for ACF2 +- `ZWEIRAC` for RACF +- `ZWEITSS` for Top Secret NOTE: You require proper permission to run security configuration. diff --git a/bin/commands/init/security/.parameters b/bin/commands/init/security/.parameters index 62b1a05778..866971689f 100644 --- a/bin/commands/init/security/.parameters +++ b/bin/commands/init/security/.parameters @@ -1,2 +1,3 @@ -security-dry-run||boolean|||||Whether to dry run security related setup. +security-dry-run,dry-run||boolean|||||Generates and prints JCL but does not execute. ignore-security-failures||boolean|||||Whether to ignore security setup job failures. +generate||boolean|||||Whether to force rebuild of JCL prior to submission. Use this when you've changed zowe.yaml and are re-submitting this command. diff --git a/bin/commands/init/security/cli.ts b/bin/commands/init/security/cli.ts new file mode 100644 index 0000000000..08a8093e7e --- /dev/null +++ b/bin/commands/init/security/cli.ts @@ -0,0 +1,20 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as std from 'cm_std'; +import * as index from './index'; +import * as configmgr from '../../../libs/configmgr'; +import * as common from '../../../libs/common'; + +index.execute(std.getenv('ZWE_CLI_PARAMETER_SECURITY_DRY_RUN') == 'true', std.getenv('ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES') == 'true'); + +configmgr.cleanupTempDir(); +common.finishLogFile(); diff --git a/bin/commands/init/security/index.sh b/bin/commands/init/security/index.sh index b0d2c48551..dd44426811 100644 --- a/bin/commands/init/security/index.sh +++ b/bin/commands/init/security/index.sh @@ -11,173 +11,8 @@ # Copyright Contributors to the Zowe Project. ####################################################################### -print_level1_message "Run Zowe security configurations" - -############################### -# constants - -############################### -# validation -require_zowe_yaml - -# read prefix and validate -prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") -if [ -z "${prefix}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 -fi -# read JCL library and validate -jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") -if [ -z "${jcllib}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe custom JCL library (zowe.setup.dataset.jcllib) is not defined in Zowe YAML configuration file." "" 157 -fi -security_product=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.product") -if [ -z "${security_product}" ]; then - security_product=RACF -fi -security_groups_admin=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.groups.admin") -if [ -z "${security_groups_admin}" ]; then - security_groups_admin=${ZWE_PRIVATE_DEFAULT_ADMIN_GROUP} -fi -security_groups_stc=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.groups.stc") -if [ -z "${security_groups_stc}" ]; then - security_groups_stc=${ZWE_PRIVATE_DEFAULT_ADMIN_GROUP} -fi -security_groups_sysProg=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.groups.sysProg") -if [ -z "${security_groups_sysProg}" ]; then - security_groups_sysProg=${ZWE_PRIVATE_DEFAULT_ADMIN_GROUP} -fi -security_users_zowe=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.users.zowe") -if [ -z "${security_users_zowe}" ]; then - security_users_zowe=${ZWE_PRIVATE_DEFAULT_ZOWE_USER} -fi -security_users_zis=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.users.zis") -if [ -z "${security_users_zis}" ]; then - security_users_zis=${ZWE_PRIVATE_DEFAULT_ZIS_USER} -fi -security_stcs_zowe=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.stcs.zowe") -if [ -z "${security_stcs_zowe}" ]; then - security_stcs_zowe=${ZWE_PRIVATE_DEFAULT_ZOWE_STC} -fi -security_stcs_zis=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.stcs.zis") -if [ -z "${security_stcs_zis}" ]; then - security_stcs_zis=${ZWE_PRIVATE_DEFAULT_ZIS_STC} -fi -security_stcs_aux=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.stcs.aux") -if [ -z "${security_stcs_aux}" ]; then - security_stcs_aux=${ZWE_PRIVATE_DEFAULT_AUX_STC} -fi - -############################### -# prepare ZWESECUR JCL -print_message "Modify ZWESECUR" -tmpfile=$(create_tmp_file $(echo "zwe ${ZWE_CLI_COMMANDS_LIST}" | sed "s# #-#g")) -tmpdsm=$(create_data_set_tmp_member "${jcllib}" "ZW$(date +%H%M)") -print_debug "- Copy ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESECUR) to ${tmpfile}" -# cat "//'IBMUSER.ZWEV2.SZWESAMP(ZWESECUR)'" | sed "s/^\\/\\/ \\+SET \\+PRODUCT=.*\\$/\\/\\ SET PRODUCT=ACF2 * RACF, ACF2, or TSS/" -result=$(cat "//'${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESECUR)'" | \ - sed "s/^\/\/ \+SET \+PRODUCT=.*\$/\/\/ SET PRODUCT=${security_product}/" | \ - sed "s/^\/\/ \+SET \+ADMINGRP=.*\$/\/\/ SET ADMINGRP=${security_groups_admin}/" | \ - sed "s/^\/\/ \+SET \+STCGRP=.*\$/\/\/ SET STCGRP=${security_groups_stc}/" | \ - sed "s/^\/\/ \+SET \+ZOWEUSER=.*\$/\/\/ SET ZOWEUSER=${security_users_zowe}/" | \ - sed "s/^\/\/ \+SET \+ZISUSER=.*\$/\/\/ SET ZISUSER=${security_users_zis}/" | \ - sed "s/^\/\/ \+SET \+ZOWESTC=.*\$/\/\/ SET ZOWESTC=${security_stcs_zowe}/" | \ - sed "s/^\/\/ \+SET \+ZISSTC=.*\$/\/\/ SET ZISSTC=${security_stcs_zis}/" | \ - sed "s/^\/\/ \+SET \+AUXSTC=.*\$/\/\/ SET AUXSTC=${security_stcs_aux}/" | \ - sed "s/^\/\/ \+SET \+HLQ=.*\$/\/\/ SET HLQ=${prefix}/" | \ - sed "s/^\/\/ \+SET \+SYSPROG=.*\$/\/\/ SET SYSPROG=${security_groups_sysProg}/" \ - > "${tmpfile}") -code=$? -chmod 700 "${tmpfile}" -if [ ${code} -eq 0 ]; then - print_debug " * Succeeded" - print_trace " * Exit code: ${code}" - print_trace " * Output:" - if [ -n "${result}" ]; then - print_trace "$(padding_left "${result}" " ")" - fi -else - print_debug " * Failed" - print_error " * Exit code: ${code}" - print_error " * Output:" - if [ -n "${result}" ]; then - print_error "$(padding_left "${result}" " ")" - fi -fi -if [ ! -f "${tmpfile}" ]; then - print_error_and_exit "Error ZWEL0159E: Failed to modify ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESECUR)" "" 159 -fi -print_trace "- ensure ${tmpfile} encoding before copying into data set" -ensure_file_encoding "${tmpfile}" "SPDX-License-Identifier" -print_trace "- ${tmpfile} created, copy to ${jcllib}(${tmpdsm})" -copy_to_data_set "${tmpfile}" "${jcllib}(${tmpdsm})" "" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" -code=$? -print_trace "- Delete ${tmpfile}" -rm -f "${tmpfile}" -if [ ${code} -ne 0 ]; then - print_error_and_exit "Error ZWEL0160E: Failed to write to ${jcllib}(${tmpdsm}). Please check if target data set is opened by others." "" 160 -fi -print_message "- ${jcllib}(${tmpdsm}) is prepared" -print_message - -############################### -# submit job -job_has_failures= -if [ "${ZWE_CLI_PARAMETER_SECURITY_DRY_RUN}" = "true" ]; then - print_message "Dry-run mode, security setup is NOT performed on the system." - print_message "Please submit ${jcllib}(${tmpdsm}) manually." -else - print_message "Submit ${jcllib}(${tmpdsm})" - jobid=$(submit_job "//'${jcllib}(${tmpdsm})'") - code=$? - if [ ${code} -ne 0 ]; then - job_has_failures=true - if [ "${ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES}" = "true" ]; then - print_error "Warning ZWEL0161W: Failed to run JCL ${jcllib}(${tmpdsm})." - # skip wait for job status step - jobid= - else - print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib}(${tmpdsm})." "" 161 - fi - fi - - if [ -n "${jobid}" ]; then - print_debug "- job id ${jobid}" - jobstate=$(wait_for_job "${jobid}") - code=$? - if [ ${code} -eq 1 ]; then - job_has_failures=true - if [ "${ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES}" = "true" ]; then - print_error "Warning ZWEL0162W: Failed to find job ${jobid} result." - else - print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 - fi - fi - jobname=$(echo "${jobstate}" | awk -F, '{print $2}') - jobcctext=$(echo "${jobstate}" | awk -F, '{print $3}') - jobcccode=$(echo "${jobstate}" | awk -F, '{print $4}') - if [ ${code} -eq 0 ]; then - print_message "- Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." - - print_message "" - print_message "WARNING: Due to the limitation of the ZWESECUR job, exit with 0 does not mean" - print_message " the job is fully successful. Please check the job log to determine" - print_message " if there are any inline errors." - print_message "" - else - job_has_failures=true - if [ "${ZWE_CLI_PARAMETER_IGNORE_SECURITY_FAILURES}" = "true" ]; then - print_error "Warning ZWEL0163W: Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." - else - print_error_and_exit "Error ZWEL0163E: Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." "" 163 - fi - fi - fi -fi - -############################### -# exit message -if [ "${job_has_failures}" = "true" ]; then - print_level2_message "Failed to apply Zowe security configurations. Please check job log for details." -else - print_level2_message "Zowe security configurations are applied successfully." +if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then + # user-facing command, use tmpdir to not mess up workspace permissions + export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi +_CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/security/cli.js" diff --git a/bin/commands/init/security/index.ts b/bin/commands/init/security/index.ts new file mode 100644 index 0000000000..7ef09dc567 --- /dev/null +++ b/bin/commands/init/security/index.ts @@ -0,0 +1,81 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as std from 'cm_std'; +import * as zos from 'zos'; +import * as common from '../../../libs/common'; +import * as config from '../../../libs/config'; +import * as zoslib from '../../../libs/zos'; +import * as zosJes from '../../../libs/zos-jes'; +import * as initGenerate from '../generate/index'; + +export function execute(dryRun?: boolean, ignoreSecurityFailures?: boolean) { + common.printLevel1Message(`Run Zowe security configurations`); + + // Validation + common.requireZoweYaml(); + const ZOWE_CONFIG = config.getZoweConfig(); + + // read prefix and validate + const prefix=ZOWE_CONFIG.zowe.setup?.dataset?.prefix; + if (!prefix) { + common.printErrorAndExit(`Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + + // check if user passed --generate + const forceGen = !!std.getenv('ZWE_CLI_PARAMETER_GENERATE') + if (forceGen) { + initGenerate.execute(); + } + + // read JCL library and validate + const jcllib = zoslib.verifyGeneratedJcl(ZOWE_CONFIG); + if (!jcllib) { + return common.printErrorAndExit(`Error ZWEL0319E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command.`, undefined, 319); + } + + let securityProduct = zos.getEsm(); + if (!securityProduct || securityProduct == 'NONE') { + securityProduct = ZOWE_CONFIG.zowe.setup?.security?.product; + if (!securityProduct) { + common.printErrorAndExit(`Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + } + + ['admin', 'stc', 'sysProg'].forEach((key)=> { + if (!ZOWE_CONFIG.zowe.setup?.security?.groups || !ZOWE_CONFIG.zowe.setup?.security?.groups[key]) { + common.printErrorAndExit(`Error ZWEL0157E: (zowe.setup.dataset.groups.${key}) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + }); + ['zowe', 'zis'].forEach((key)=> { + if (!ZOWE_CONFIG.zowe.setup?.security?.users || !ZOWE_CONFIG.zowe.setup?.security?.users[key]) { + common.printErrorAndExit(`Error ZWEL0157E: (zowe.setup.dataset.users.${key}) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + }); + ['zowe', 'zis', 'aux'].forEach((key)=> { + if (!ZOWE_CONFIG.zowe.setup?.security?.stcs || !ZOWE_CONFIG.zowe.setup?.security?.stcs[key]) { + common.printErrorAndExit(`Error ZWEL0157E: (zowe.setup.dataset.stcs.${key}) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + }); + + const securityPrefix = securityProduct.substring(0,3); + + if (zos.getZosVersion() < 0x1020500) { + zosJes.printAndHandleJcl(`//'${jcllib}(ZWEI${securityPrefix}Z)'`, `ZWEI${securityPrefix}Z`, jcllib, prefix, false, ignoreSecurityFailures); + } + + zosJes.printAndHandleJcl(`//'${jcllib}(ZWEI${securityPrefix})'`, `ZWEI${securityPrefix}`, jcllib, prefix, false, ignoreSecurityFailures); + common.printMessage(``); + common.printMessage(`WARNING: Due to the limitation of the ZWEI${securityPrefix} job, exit with 0 does not mean`); + common.printMessage(` the job is fully successful. Please check the job log to determine`); + common.printMessage(` if there are any messages indicating a problem.`); + common.printMessage(``); +} diff --git a/bin/commands/init/stc/.errors b/bin/commands/init/stc/.errors index 4109f9bdf2..ea655496c8 100644 --- a/bin/commands/init/stc/.errors +++ b/bin/commands/init/stc/.errors @@ -5,3 +5,7 @@ ZWEL0143E|143|Cannot find data set member %s. You may need to re-run `zwe instal ZWEL0158E|158|%s already exists. ZWEL0159E|159|Failed to modify %s. ZWEL0160E|160|Failed to write to %s. Please check if target data set is opened by others. +ZWEL0161E|161|Failed to run JCL %s. +ZWEL0162E|162|Failed to find job %s result. +ZWEL0163E|163|Job %s ends with code %s. +ZWEL0319E|319|zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command. diff --git a/bin/commands/init/stc/.examples b/bin/commands/init/stc/.examples index 154a3b890c..8ca7d6bd45 100644 --- a/bin/commands/init/stc/.examples +++ b/bin/commands/init/stc/.examples @@ -1 +1,2 @@ zwe init stc -v -c /path/to/zowe.yaml +zwe init stc -v -c /path/to/zowe.yaml --generate diff --git a/bin/commands/init/stc/.parameters b/bin/commands/init/stc/.parameters index 7d4e1ac58c..70854b90ba 100644 --- a/bin/commands/init/stc/.parameters +++ b/bin/commands/init/stc/.parameters @@ -1 +1,3 @@ allow-overwrite,allow-overwritten||boolean|||||Allow overwritten existing MVS data set. +dry-run||boolean|||||Generates and prints JCL but does not execute. +generate||boolean|||||Whether to force rebuild of JCL prior to submission. Use this when you've changed zowe.yaml and are re-submitting this command. diff --git a/bin/commands/init/stc/cli.ts b/bin/commands/init/stc/cli.ts new file mode 100644 index 0000000000..1a483d0727 --- /dev/null +++ b/bin/commands/init/stc/cli.ts @@ -0,0 +1,20 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as std from 'cm_std'; +import * as index from './index'; +import * as configmgr from '../../../libs/configmgr'; +import * as common from '../../../libs/common'; + +index.execute(std.getenv('ZWE_CLI_PARAMETER_ALLOW_OVERWRITE') == 'true'); + +configmgr.cleanupTempDir(); +common.finishLogFile(); diff --git a/bin/commands/init/stc/index.sh b/bin/commands/init/stc/index.sh index c26cf6e7e8..adc2d6fee1 100644 --- a/bin/commands/init/stc/index.sh +++ b/bin/commands/init/stc/index.sh @@ -11,247 +11,8 @@ # Copyright Contributors to the Zowe Project. ####################################################################### -print_level1_message "Install Zowe main started task" - -############################### -# constants -proclibs="ZWESLSTC ZWESISTC ZWESASTC" - -############################### -# validation -require_zowe_yaml - -# read prefix and validate -prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") -if [ -z "${prefix}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 -fi -# read PROCLIB and validate -proclib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.proclib") -if [ -z "${proclib}" ]; then - print_error_and_exit "Error ZWEL0157E: PROCLIB (zowe.setup.dataset.proclib) is not defined in Zowe YAML configuration file." "" 157 -fi -# read JCL library and validate -jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") -if [ -z "${jcllib}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe custom JCL library (zowe.setup.dataset.jcllib) is not defined in Zowe YAML configuration file." "" 157 -fi -# read PARMLIB and validate -parmlib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.parmlib") -if [ -z "${parmlib}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe custom parameter library (zowe.setup.dataset.parmlib) is not defined in Zowe YAML configuration file." "" 157 -fi -# read LOADLIB and validate -authLoadlib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.authLoadlib") -if [ -z "${authLoadlib}" ]; then - # authLoadlib can be empty - authLoadlib="${prefix}.${ZWE_PRIVATE_DS_SZWEAUTH}" -fi -authPluginLib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.authPluginLib") -if [ -z "${authPluginLib}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe custom load library (zowe.setup.dataset.authPluginLib) is not defined in Zowe YAML configuration file." "" 157 -fi -security_stcs_zowe=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.stcs.zowe") -if [ -z "${security_stcs_zowe}" ]; then - security_stcs_zowe=${ZWE_PRIVATE_DEFAULT_ZOWE_STC} -fi -security_stcs_zis=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.stcs.zis") -if [ -z "${security_stcs_zis}" ]; then - security_stcs_zis=${ZWE_PRIVATE_DEFAULT_ZIS_STC} -fi -security_stcs_aux=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.stcs.aux") -if [ -z "${security_stcs_aux}" ]; then - security_stcs_aux=${ZWE_PRIVATE_DEFAULT_AUX_STC} +if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then + # user-facing command, use tmpdir to not mess up workspace permissions + export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi -target_proclibs="${security_stcs_zowe} ${security_stcs_zis} ${security_stcs_aux}" - -# check existence -for mb in ${proclibs}; do - # source in SZWESAMP - samp_existence=$(is_data_set_exists "${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(${mb})") - if [ "${samp_existence}" != "true" ]; then - print_error_and_exit "Error ZWEL0143E: ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(${mb}) already exists. This data set member will be overwritten during configuration." "" 143 - fi -done -for mb in ${target_proclibs}; do - # JCL for preview purpose - jcl_existence=$(is_data_set_exists "${jcllib}(${mb})") - if [ "${jcl_existence}" = "true" ]; then - if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then - # warning - print_message "Warning ZWEL0300W: ${jcllib}(${mb}) already exists. This data set member will be overwritten during configuration." - else - # print_error_and_exit "Error ZWEL0158E: ${jcllib}(${mb}) already exists." "" 158 - # warning - print_message "Warning ZWEL0301W: ${jcllib}(${mb}) already exists and will not be overwritten. For upgrades, you must use --allow-overwrite." - fi - fi - - # STCs in target proclib - stc_existence=$(is_data_set_exists "${proclib}(${mb})") - if [ "${stc_existence}" = "true" ]; then - if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then - # warning - print_message "Warning ZWEL0300W: ${proclib}(${mb}) already exists. This data set member will be overwritten during configuration." - else - # print_error_and_exit "Error ZWEL0158E: ${proclib}(${mb}) already exists." "" 158 - # warning - print_message "Warning ZWEL0301W: ${proclib}(${mb}) already exists and will not be overwritten. For upgrades, you must use --allow-overwrite." - fi - fi -done - -if [ "${jcl_existence}" = "true" ] && [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" != "true" ]; then - print_message "Skipped writing to ${jcllib}(${mb}). To write, you must use --allow-overwrite." -else - ############################### - # prepare STCs - # ZWESLSTC - print_message "Modify ZWESLSTC and save as ${jcllib}(${security_stcs_zowe})" - tmpfile=$(create_tmp_file $(echo "zwe ${ZWE_CLI_COMMANDS_LIST}" | sed "s# #-#g")) - print_debug "- Copy ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESLSTC) to ${tmpfile}" - if [[ "$ZWE_CLI_PARAMETER_CONFIG" != /* ]];then - print_message "CONFIG path defined in ZWESLSTC is converted into absolute path and may contain SYSNAME." - print_message "Please manually verify if this path works for your environment, especially when you are working in Sysplex environment." - fi - result=$(cat "//'${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESLSTC)'" | \ - sed "s/^\/\/STEPLIB .*\$/\/\/STEPLIB DD DSNAME=${authLoadlib},/" | \ - sed "s#^CONFIG=.*\$#CONFIG=$(convert_to_absolute_path ${ZWE_CLI_PARAMETER_CONFIG})#" \ - > "${tmpfile}") - code=$? - chmod 700 "${tmpfile}" - if [ ${code} -eq 0 ]; then - print_debug " * Succeeded" - print_trace " * Exit code: ${code}" - print_trace " * Output:" - if [ -n "${result}" ]; then - print_trace "$(padding_left "${result}" " ")" - fi - else - print_debug " * Failed" - print_error " * Exit code: ${code}" - print_error " * Output:" - if [ -n "${result}" ]; then - print_error "$(padding_left "${result}" " ")" - fi - fi - if [ ! -f "${tmpfile}" ]; then - print_error_and_exit "Error ZWEL0159E: Failed to modify ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESLSTC)" "" 159 - fi - print_trace "- ensure ${tmpfile} encoding before copying into data set" - ensure_file_encoding "${tmpfile}" "SPDX-License-Identifier" - print_trace "- ${tmpfile} created, copy to ${jcllib}(${security_stcs_zowe})" - copy_to_data_set "${tmpfile}" "${jcllib}(${security_stcs_zowe})" "" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" - code=$? - print_trace "- Delete ${tmpfile}" - rm -f "${tmpfile}" - if [ ${code} -ne 0 ]; then - print_error_and_exit "Error ZWEL0160E: Failed to write to ${jcllib}(${security_stcs_zowe}). Please check if target data set is opened by others." "" 160 - fi - print_debug "- ${jcllib}(${security_stcs_zowe}) is prepared" - - # ZWESISTC - print_message "Modify ZWESISTC and save as ${jcllib}(${security_stcs_zis})" - tmpfile=$(create_tmp_file $(echo "zwe ${ZWE_CLI_COMMANDS_LIST}" | sed "s# #-#g")) - print_debug "- Copy ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESISTC) to ${tmpfile}" - result=$(cat "//'${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESISTC)'" | \ - sed '/^..STEPLIB/c\ -\//STEPLIB DD DSNAME='${authLoadlib}',DISP=SHR\ -\// DD DSNAME='${authPluginLib}',DISP=SHR' | \ - sed "s/^\/\/PARMLIB .*\$/\/\/PARMLIB DD DSNAME=${parmlib},DISP=SHR/" \ - > "${tmpfile}") - code=$? - chmod 700 "${tmpfile}" - if [ ${code} -eq 0 ]; then - print_debug " * Succeeded" - print_trace " * Exit code: ${code}" - print_trace " * Output:" - if [ -n "${result}" ]; then - print_trace "$(padding_left "${result}" " ")" - fi - else - print_debug " * Failed" - print_error " * Exit code: ${code}" - print_error " * Output:" - if [ -n "${result}" ]; then - print_error "$(padding_left "${result}" " ")" - fi - exit 1 - fi - if [ ! -f "${tmpfile}" ]; then - print_error_and_exit "Error ZWEL0159E: Failed to modify ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESISTC)" "" 159 - fi - print_trace "- ensure ${tmpfile} encoding before copying into data set" - ensure_file_encoding "${tmpfile}" "SPDX-License-Identifier" - print_trace "- ${tmpfile} created, copy to ${jcllib}(${security_stcs_zis})" - copy_to_data_set "${tmpfile}" "${jcllib}(${security_stcs_zis})" "" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" - code=$? - print_trace "- Delete ${tmpfile}" - rm -f "${tmpfile}" - if [ ${code} -ne 0 ]; then - print_error_and_exit "Error ZWEL0160E: Failed to write to ${jcllib}(${security_stcs_zis}). Please check if target data set is opened by others." "" 160 - fi - print_debug "- ${jcllib}(${security_stcs_zis}) is prepared" - - # ZWESASTC - print_message "Modify ZWESASTC and save as ${jcllib}(${security_stcs_aux})" - tmpfile=$(create_tmp_file $(echo "zwe ${ZWE_CLI_COMMANDS_LIST}" | sed "s# #-#g")) - print_debug "- Copy ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESASTC) to ${tmpfile}" - result=$(cat "//'${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESASTC)'" | \ - sed '/^..STEPLIB/c\ -\//STEPLIB DD DSNAME='${authLoadlib}',DISP=SHR\ -\// DD DSNAME='${authPluginLib}',DISP=SHR' \ - > "${tmpfile}") - code=$? - chmod 700 "${tmpfile}" - if [ ${code} -eq 0 ]; then - print_debug " * Succeeded" - print_trace " * Exit code: ${code}" - print_trace " * Output:" - if [ -n "${result}" ]; then - print_trace "$(padding_left "${result}" " ")" - fi - else - print_debug " * Failed" - print_error " * Exit code: ${code}" - print_error " * Output:" - if [ -n "${result}" ]; then - print_error "$(padding_left "${result}" " ")" - fi - exit 1 - fi - if [ ! -f "${tmpfile}" ]; then - print_error_and_exit "Error ZWEL0159E: Failed to modify ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWESASTC)" "" 159 - fi - print_trace "- ensure ${tmpfile} encoding before copying into data set" - ensure_file_encoding "${tmpfile}" "SPDX-License-Identifier" - print_trace "- ${tmpfile} created, copy to ${jcllib}(${security_stcs_aux})" - copy_to_data_set "${tmpfile}" "${jcllib}(${security_stcs_aux})" "" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" - code=$? - print_trace "- Delete ${tmpfile}" - rm -f "${tmpfile}" - if [ ${code} -ne 0 ]; then - print_error_and_exit "Error ZWEL0160E: Failed to write to ${jcllib}(${security_stcs_aux}). Please check if target data set is opened by others." "" 160 - fi - print_debug "- ${jcllib}(${security_stcs_aux}) is prepared" - - print_message -fi - -if [ "${stc_existence}" = "true" ] && [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" != "true" ]; then - print_message "Skipped writing to ${proclib}(${mb}). To write, you must use --allow-overwrite." -else - ############################### - # copy to proclib - for mb in ${target_proclibs}; do - print_message "Copy ${jcllib}(${mb}) to ${proclib}(${mb})" - data_set_copy_to_data_set "${prefix}" "${jcllib}(${mb})" "${proclib}(${mb})" "-X" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" - if [ $? -ne 0 ]; then - print_error_and_exit "Error ZWEL0111E: Command aborts with error." "" 111 - fi - done -fi - -############################### -# exit message -print_level2_message "Zowe main started tasks are installed successfully." +_CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/stc/cli.js" diff --git a/bin/commands/init/stc/index.ts b/bin/commands/init/stc/index.ts new file mode 100644 index 0000000000..7392398d1f --- /dev/null +++ b/bin/commands/init/stc/index.ts @@ -0,0 +1,131 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + + +import * as std from 'cm_std'; +import * as zos from 'zos'; +import * as xplatform from 'xplatform'; + +import * as fs from '../../../libs/fs'; +import * as common from '../../../libs/common'; +import * as stringlib from '../../../libs/string'; +import * as shell from '../../../libs/shell'; +import * as config from '../../../libs/config'; +import * as zoslib from '../../../libs/zos'; +import * as zosJes from '../../../libs/zos-jes'; +import * as zosdataset from '../../../libs/zos-dataset'; +import * as initGenerate from '../generate/index'; + +export function execute(allowOverwrite: boolean = false) { + + common.printLevel1Message(`Install Zowe main started task`); + + // constants + const COMMAND_LIST = std.getenv('ZWE_CLI_COMMANDS_LIST'); + + let stcExistence: boolean; + + // validation + common.requireZoweYaml(); + const ZOWE_CONFIG=config.getZoweConfig(); + + // read prefix and validate + const prefix=ZOWE_CONFIG.zowe?.setup?.dataset?.prefix; + if (!prefix) { + common.printErrorAndExit(`Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + // read PROCLIB and validate + const proclib=ZOWE_CONFIG.zowe.setup?.dataset?.proclib; + if (!proclib) { + common.printErrorAndExit(`Error ZWEL0157E: PROCLIB (zowe.setup.dataset.proclib) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + + // check if user passed --generate + const forceGen = !!std.getenv('ZWE_CLI_PARAMETER_GENERATE') + if (forceGen) { + initGenerate.execute(); + } + + // read JCL library and validate + const jcllib = zoslib.verifyGeneratedJcl(ZOWE_CONFIG); + if (!jcllib) { + return common.printErrorAndExit(`Error ZWEL0319E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command.`, undefined, 319); + } + + let security_stcs_zowe=ZOWE_CONFIG.zowe.setup?.security?.stcs?.zowe; + if (!security_stcs_zowe) { + common.printErrorAndExit(`Error ZWEL0157E: (zowe.setup.security.stcs.zowe) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + let security_stcs_zis=ZOWE_CONFIG.zowe.setup?.security?.stcs?.zis; + if (!security_stcs_zis) { + common.printErrorAndExit(`Error ZWEL0157E: (zowe.setup.security.stcs.zis) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + let security_stcsAux=ZOWE_CONFIG.zowe.setup?.security?.stcs?.aux; + if (!security_stcsAux) { + common.printErrorAndExit(`Error ZWEL0157E: (zowe.setup.security.stcs.aux) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + + [security_stcs_zowe, security_stcs_zis, security_stcsAux].forEach((mb: string) => { + // STCs in target proclib + if (zosdataset.isDatasetExists(`${proclib}(${mb})`)) { + stcExistence = true; + if (allowOverwrite) { + // warning + common.printMessage(`Warning ZWEL0300W: ${proclib}(${mb}) already exists. This data set member will be overwritten during configuration.`); + } else { + // warning + common.printMessage(`Warning ZWEL0301W: ${proclib}(${mb}) already exists and will not be overwritten. For upgrades, you must use --allow-overwrite.`); + } + } + }); + + if (stcExistence == true && !allowOverwrite) { + common.printMessage(`Skipped writing to ${proclib}. To write, you must use --allow-overwrite.`); + } else { + // Fix JCL if needed - cannot copy member with same name via (foo,foo,R) + // must instead be (foo,,R), so do string replace if see dual name. + if (stcExistence == true) { + zosJes.printAndHandleJcl(`//'${jcllib}(ZWERSTC)'`, `ZWERSTC`, jcllib, prefix, false, true); + } + + const tmpfile = fs.createTmpFile(`zwe ${COMMAND_LIST}`.replace(new RegExp('\ ', 'g'), '-')); + common.printDebug(`- Copy ${jcllib}(ZWEISTC) to ${tmpfile}`); + const jclContent = shell.execOutSync('sh', '-c', `cat "//'${stringlib.escapeDollar(jcllib)}(ZWEISTC)'" 2>&1`); + if (jclContent.out && jclContent.rc == 0) { + common.printDebug(` * Succeeded`); + common.printTrace(` * Output:`); + common.printTrace(stringlib.paddingLeft(jclContent.out, " ")); + + const tmpFileContent = jclContent.out.replace("ZWESLSTC,ZWESLSTC", "ZWESLSTC,") + .replace("ZWESISTC,ZWESISTC", "ZWESISTC,") + .replace("ZWESASTC,ZWESASTC", "ZWESASTC,"); + xplatform.storeFileUTF8(tmpfile, xplatform.AUTO_DETECT, tmpFileContent); + common.printTrace(` * Stored:`); + common.printTrace(stringlib.paddingLeft(tmpFileContent, " ")); + + shell.execSync('chmod', '700', tmpfile); + } else { + common.printDebug(` * Failed`); + common.printError(` * Exit code: ${jclContent.rc}`); + common.printError(` * Output:`); + if (jclContent.out) { + common.printError(stringlib.paddingLeft(jclContent.out, " ")); + } + std.exit(1); + } + if (!fs.fileExists(tmpfile)) { + common.printErrorAndExit(`Error ZWEL0159E: Failed to modify ZWEISTC`, undefined, 159); + } + + zosJes.printAndHandleJcl(tmpfile, `ZWEISTC`, jcllib, prefix, true); + common.printLevel2Message(`Zowe main started tasks are installed successfully.`); + } +} diff --git a/bin/commands/init/vsam/.errors b/bin/commands/init/vsam/.errors index fdbb5ac7a1..6d2cd16611 100644 --- a/bin/commands/init/vsam/.errors +++ b/bin/commands/init/vsam/.errors @@ -8,3 +8,4 @@ ZWEL0161E|161|Failed to run JCL %s. ZWEL0162E|162|Failed to find job %s result. ZWEL0163E|163|Job %s ends with code %s. ZWEL0301W|0|Zowe Caching Service is not configured to use VSAM. Command skipped. +ZWEL0319E|319|zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command. diff --git a/bin/commands/init/vsam/.examples b/bin/commands/init/vsam/.examples index 2aec2da3f9..235b283682 100644 --- a/bin/commands/init/vsam/.examples +++ b/bin/commands/init/vsam/.examples @@ -1 +1,2 @@ zwe init vsam -v -c /path/to/zowe.yaml +zwe init vsam -v -c /path/to/zowe.yaml --generate diff --git a/bin/commands/init/vsam/.help b/bin/commands/init/vsam/.help index ef1ff68532..aa6265ac63 100644 --- a/bin/commands/init/vsam/.help +++ b/bin/commands/init/vsam/.help @@ -13,24 +13,28 @@ zowe: mode: NONRLS volume: VOL123 storageClass: + name: IBMUSER.ZWE.CUST.CACHE2 components: caching-service: storage: mode: VSAM vsam: - name: IBMUSER.ZWE.CUST.CACHE2 + name: ``` - `zowe.setup.dataset.prefix` shows where the `SZWESAMP` data set is installed. - `zowe.setup.dataset.jcllib` is the custom JCL library. Zowe server command may - generate sample JCLs and put into this data set. + generate sample JCLs and put into this data set. - `zowe.setup.vsam.mode` indicates whether the VSAM will utilize Record Level Sharing (RLS) services or not. Valid value is `RLS` or `NONRLS`. - `zowe.setup.vsam.volume` indicates the name of volume. This field is required if VSAM mode is `NONRLS`. - `zowe.setup.vsam.storageClass` indicates the name of RLS storage class. This field is required if VSAM mode is `RLS`. +- `zowe.setup.vsam.name` defines the VSAM data set name. - `components.caching-service.storage.mode` indicates what storage Zowe Caching Service will use. Only if this value is `VSAM`, this command will try to create VSAM data set. - `components.caching-service.storage.vsam.name` defines the VSAM data set name. + This field can be omitted and automatically updated with parameter + `--update-config`. diff --git a/bin/commands/init/vsam/.parameters b/bin/commands/init/vsam/.parameters index 7d4e1ac58c..c96f09dc89 100644 --- a/bin/commands/init/vsam/.parameters +++ b/bin/commands/init/vsam/.parameters @@ -1 +1,4 @@ allow-overwrite,allow-overwritten||boolean|||||Allow overwritten existing MVS data set. +dry-run||boolean|||||Generates and prints JCL but does not execute +update-config||boolean|||||Whether to update YAML configuration for caching-service to match vsam name. +generate||boolean|||||Whether to force rebuild of JCL prior to submission. Use this when you've changed zowe.yaml and are re-submitting this command. diff --git a/bin/commands/init/vsam/cli.ts b/bin/commands/init/vsam/cli.ts new file mode 100644 index 0000000000..295e208d4a --- /dev/null +++ b/bin/commands/init/vsam/cli.ts @@ -0,0 +1,20 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as std from 'cm_std'; +import * as index from './index'; +import * as configmgr from '../../../libs/configmgr'; +import * as common from '../../../libs/common'; + +index.execute(std.getenv("ZWE_CLI_PARAMETER_ALLOW_OVERWRITE") == 'true', std.getenv("ZWE_CLI_PARAMETER_DRY_RUN") == 'true', std.getenv("ZWE_CLI_PARAMETER_UPDATE_CONFIG") == 'true'); + +configmgr.cleanupTempDir(); +common.finishLogFile(); diff --git a/bin/commands/init/vsam/index.sh b/bin/commands/init/vsam/index.sh index f40e606b6a..8ce07f4e45 100644 --- a/bin/commands/init/vsam/index.sh +++ b/bin/commands/init/vsam/index.sh @@ -11,153 +11,8 @@ # Copyright Contributors to the Zowe Project. ####################################################################### -print_level1_message "Create VSAM storage for Zowe Caching Service" - -############################### -# constants - -############################### -# validation -require_zowe_yaml - -caching_storage=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".components.caching-service.storage.mode" | upper_case) -if [ "${caching_storage}" != "VSAM" ]; then - print_error "Warning ZWEL0301W: Zowe Caching Service is not configured to use VSAM. Command skipped." - return 0 -fi - -# read prefix and validate -prefix=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.prefix") -if [ -z "${prefix}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file." "" 157 -fi -# read JCL library and validate -jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") -if [ -z "${jcllib}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe custom JCL library (zowe.setup.dataset.jcllib) is not defined in Zowe YAML configuration file." "" 157 -fi -vsam_mode=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.vsam.mode") -if [ -z "${vsam_mode}" ]; then - vsam_mode=NONRLS -fi -vsam_volume= -if [ "${vsam_mode}" = "NONRLS" ]; then - vsam_volume=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.vsam.volume") - if [ -z "${vsam_volume}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe Caching Service VSAM data set volume (zowe.setup.vsam.volume) is not defined in Zowe YAML configuration file." "" 157 - fi -fi -vsam_storageClass= -if [ "${vsam_mode}" = "RLS" ]; then - vsam_storageClass=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.vsam.storageClass") - if [ -z "${vsam_storageClass}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe Caching Service VSAM data set RLS storage class (zowe.setup.vsam.storageClass) is not defined in Zowe YAML configuration file." "" 157 - fi -fi -vsam_name=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".components.caching-service.storage.vsam.name") -if [ -z "${vsam_name}" ]; then - print_error_and_exit "Error ZWEL0157E: Zowe Caching Service VSAM data set name (components.caching-service.storage.vsam.name) is not defined in Zowe YAML configuration file." "" 157 -fi - -jcl_existence=$(is_data_set_exists "${jcllib}(ZWECSVSM)") -if [ "${jcl_existence}" = "true" ]; then - if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then - # warning - print_message "Warning ZWEL0300W: ${jcllib}(ZWECSVSM) already exists. This data set member will be overwritten during configuration." - else - # print_error_and_exit "Error ZWEL0158E: ${jcllib}(ZWECSVSM) already exists." "" 158 - # warning - print_message "Warning ZWEL0301W: ${jcllib}(ZWECSVSM) already exists and will not be overwritten. For upgrades, you must use --allow-overwrite." - fi +if [ -z "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}" ]; then + # user-facing command, use tmpdir to not mess up workspace permissions + export ZWE_PRIVATE_TMP_MERGED_YAML_DIR=1 fi - -# VSAM cache cannot be overwritten, must delete manually -# FIXME: cat cannot be used to test VSAM data set -vsam_existence=$(is_data_set_exists "${vsam_name}") -if [ "${vsam_existence}" = "true" ]; then - # error - print_error_and_exit "Error ZWEL0158E: ${vsam_name} already exists." "" 158 -fi -if [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" = "true" ]; then - # delete blindly and ignore errors - result=$(tso_command delete "'${vsam_name}'") -fi - - -if [ "${jcl_existence}" = "true" ] && [ "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" != "true" ]; then - print_message "Skipped writing to ${jcllib}(ZWECSVSM). To write, you must use --allow-overwrite." -else - ############################### - # prepare STCs - # ZWESLSTC - print_message "Modify ZWECSVSM" - tmpfile=$(create_tmp_file $(echo "zwe ${ZWE_CLI_COMMANDS_LIST}" | sed "s# #-#g")) - print_debug "- Copy ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWECSVSM) to ${tmpfile}" - result=$(cat "//'${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWECSVSM)'" | \ - sed "s/^\/\/ \+SET \+MODE=.*\$/\/\/ SET MODE=${vsam_mode}/" | \ - sed "/^\/\/ALLOC/,9999s/#dsname/${vsam_name}/g" | \ - sed "/^\/\/ALLOC/,9999s/#volume/${vsam_volume}/g" | \ - sed "/^\/\/ALLOC/,9999s/#storclas/${vsam_storageClass}/g" \ - > "${tmpfile}") - code=$? - chmod 700 "${tmpfile}" - if [ ${code} -eq 0 ]; then - print_debug " * Succeeded" - print_trace " * Exit code: ${code}" - print_trace " * Output:" - if [ -n "${result}" ]; then - print_trace "$(padding_left "${result}" " ")" - fi - else - print_debug " * Failed" - print_error " * Exit code: ${code}" - print_error " * Output:" - if [ -n "${result}" ]; then - print_error "$(padding_left "${result}" " ")" - fi - fi - if [ ! -f "${tmpfile}" ]; then - print_error_and_exit "Error ZWEL0159E: Failed to modify ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWECSVSM)" "" 159 - fi - print_trace "- ${tmpfile} created with content" - print_trace "$(cat "${tmpfile}")" - print_trace "- ensure ${tmpfile} encoding before copying into data set" - ensure_file_encoding "${tmpfile}" "SPDX-License-Identifier" - print_trace "- copy to ${jcllib}(ZWECSVSM)" - copy_to_data_set "${tmpfile}" "${jcllib}(ZWECSVSM)" "" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" - code=$? - print_trace "- Delete ${tmpfile}" - rm -f "${tmpfile}" - if [ ${code} -ne 0 ]; then - print_error_and_exit "Error ZWEL0160E: Failed to write to ${jcllib}(ZWECSVSM). Please check if target data set is opened by others." "" 160 - fi - print_message "- ${jcllib}(ZWECSVSM) is prepared" - print_message -fi - -############################### -# submit job -print_message "Submit ${jcllib}(ZWECSVSM)" -jobid=$(submit_job "//'${jcllib}(ZWECSVSM)'") -code=$? -if [ ${code} -ne 0 ]; then - print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib}(ZWECSVSM)." "" 161 -fi -print_debug "- job id ${jobid}" -jobstate=$(wait_for_job "${jobid}") -code=$? -if [ ${code} -eq 1 ]; then - print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 -fi -jobname=$(echo "${jobstate}" | awk -F, '{print $2}') -jobcctext=$(echo "${jobstate}" | awk -F, '{print $3}') -jobcccode=$(echo "${jobstate}" | awk -F, '{print $4}') -if [ ${code} -eq 0 ]; then - print_message "- Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." -else - print_error_and_exit "Error ZWEL0163E: Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." "" 163 -fi - -############################### -# exit message -print_level2_message "Zowe Caching Service VSAM storage is created successfully." +_CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/bin/commands/init/vsam/cli.js" diff --git a/bin/commands/init/vsam/index.ts b/bin/commands/init/vsam/index.ts new file mode 100644 index 0000000000..d5f2182b26 --- /dev/null +++ b/bin/commands/init/vsam/index.ts @@ -0,0 +1,76 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as std from 'cm_std'; +import * as zoslib from '../../../libs/zos'; +import * as json from '../../../libs/json'; +import * as zosJes from '../../../libs/zos-jes'; +import * as zosDataset from '../../../libs/zos-dataset'; +import * as common from '../../../libs/common'; +import * as config from '../../../libs/config'; +import * as initGenerate from '../generate/index'; + +export function execute(allowOverwrite?: boolean, dryRun?: boolean, updateConfig?: boolean) { + common.printLevel1Message(`Initialize Zowe custom data sets`); + common.requireZoweYaml(); + const ZOWE_CONFIG = config.getZoweConfig(); + + const cachingStorage = ZOWE_CONFIG.components !== undefined ? ZOWE_CONFIG.components['caching-service']?.storage?.mode : undefined; + if (!cachingStorage || (cachingStorage.toUpperCase() != 'VSAM')) { + common.printError(`Warning ZWEL0301W: Zowe Caching Service is not configured to use VSAM. Command skipped.`); + return; + } + + const prefix=ZOWE_CONFIG.zowe.setup?.dataset?.prefix; + if (!prefix) { + return common.printErrorAndExit(`Error ZWEL0157E: Zowe dataset prefix (zowe.setup.dataset.prefix) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + + // check if user passed --generate + const forceGen = !!std.getenv('ZWE_CLI_PARAMETER_GENERATE') + if (forceGen) { + initGenerate.execute(); + } + + const jcllib = zoslib.verifyGeneratedJcl(ZOWE_CONFIG); + if (!jcllib) { + return common.printErrorAndExit(`Error ZWEL0319E: zowe.setup.dataset.jcllib does not exist, cannot run. Run 'zwe init', 'zwe init generate', or submit JCL ${prefix}.SZWESAMP(ZWEGENER) before running this command.`, undefined, 319); + } + + const mode = ZOWE_CONFIG.zowe.setup?.vsam?.mode; + if (!mode) { + return common.printErrorAndExit(`Error ZWEL0157E: VSAM parameter (zowe.setup.vsam.mode) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + let keys = mode == 'NONRLS' ? ['volume', 'name'] : ['storageClass', 'name']; + + keys.forEach((key)=> { + if (!ZOWE_CONFIG.zowe.setup.vsam || !ZOWE_CONFIG.zowe.setup.vsam[key]) { + return common.printErrorAndExit(`Error ZWEL0157E: VSAM parameter (zowe.setup.vsam.${key}) is not defined in Zowe YAML configuration file.`, undefined, 157); + } + }); + + const name = ZOWE_CONFIG.zowe.setup.vsam.name; + + const vsamExistence = zosDataset.isVsamDatasetExists(name); + if (vsamExistence && allowOverwrite) { + zosJes.printAndHandleJcl(`//'${jcllib}(ZWECSRVS)'`, `ZWECSRVS`, jcllib, prefix, false, true); + } else if (vsamExistence) { + return common.printErrorAndExit(`Error ZWEL0158E: ${name} already exists.`, undefined, 158); + } + + zosJes.printAndHandleJcl(`//'${jcllib}(ZWECSVSM)'`, `ZWECSVSM`, jcllib, prefix); + if (!dryRun && updateConfig) { + json.updateZoweYaml(std.getenv('ZWE_CLI_PARAMETER_CONFIG_ORIG'), '.components.caching-service.storage.vsam.name', name); + common.printLevel2Message(`Zowe configuration is updated successfully.`); + } + + common.printLevel2Message(`Zowe Caching Service VSAM storage is created successfully.`); +} diff --git a/bin/commands/install/.help b/bin/commands/install/.help index 69a1f32ab5..d413a85f2c 100644 --- a/bin/commands/install/.help +++ b/bin/commands/install/.help @@ -19,4 +19,4 @@ Expected outputs: * `SZWEAUTH` contains few Zowe load modules (++PROGRAM). * `SZWESAMP` contains several sample configurations. * `SZWEEXEC` contains few utilities used by Zowe. - * `SZWELOAD` contains config manager for REXX. \ No newline at end of file + * `SZWELOAD` contains config manager for REXX. diff --git a/bin/commands/install/index.sh b/bin/commands/install/index.sh index 0fc9e7fad6..df76a4c66e 100644 --- a/bin/commands/install/index.sh +++ b/bin/commands/install/index.sh @@ -115,15 +115,10 @@ else # FIXME: move these parts to zss commands.install? # FIXME: ZWESIPRG is in zowe-install-packaging cd "${ZWE_zowe_runtimeDirectory}/components/zss" - zss_samplib="ZWESAUX=ZWESASTC ZWESIP00 ZWESIS01=ZWESISTC ZWESISCH" + zss_samplib="ZWESASTC ZWESIP00 ZWESISTC ZWESISCH" for mb in ${zss_samplib}; do - mb_from=$(echo "${mb}" | awk -F= '{print $1}') - mb_to=$(echo "${mb}" | awk -F= '{print $2}') - if [ -z "${mb_to}" ]; then - mb_to="${mb_from}" - fi - print_message "Copy components/zss/SAMPLIB/${mb_from} to ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(${mb_to})" - copy_to_data_set "SAMPLIB/${mb_from}" "${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(${mb_to})" "" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" + print_message "Copy components/zss/SAMPLIB/${mb} to ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(${mb})" + copy_to_data_set "SAMPLIB/${mb}" "${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(${mb})" "" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" if [ $? -ne 0 ]; then print_error_and_exit "Error ZWEL0111E: Command aborts with error." "" 111 fi diff --git a/bin/commands/internal/config/output/.help b/bin/commands/internal/config/output/.help index 9ab013c019..b78a8ad2be 100644 --- a/bin/commands/internal/config/output/.help +++ b/bin/commands/internal/config/output/.help @@ -1 +1 @@ -Outputs the merged YAML used at Zowe runtime into zowe.workspaceDirectory/.env/.zowe-merged.yaml +Outputs the merged YAML used at Zowe runtime into `zowe.workspaceDirectory/.env/.zowe-merged.yaml`. diff --git a/bin/libs/certificate.sh b/bin/libs/certificate.sh index 13dec5e1d4..37dfa1a33d 100644 --- a/bin/libs/certificate.sh +++ b/bin/libs/certificate.sh @@ -816,27 +816,23 @@ keyring_run_zwekring_jcl() { jcllib="${2}" # should be 1, 2 or 3 jcloption="${3}" - keyring_owner="${4}" - keyring_name="${5}" - domains="${6}" - alias="${7}" - ca_alias="${8}" + domains="${4}" # external CA labels separated by comma (label can have spaces) - ext_cas="${9}" - # set to 1 or true to import z/OSMF CA - trust_zosmf=0 - if [ "${10}" = "true" -o "${10}" = "1" ]; then - trust_zosmf=1 + ext_cas="${5}" + # set to 1 to import z/OSMF CA + trust_zosmf="${6}" + zosmf_root_ca="${7}" + validity="${8}" + security_product="${9}" + + member_prefix="ZWEIKR" + if [ "${security_product}" = "TSS" ]; then + member_name="${member_prefix}T${jcloption}" + elif [ "${security_product}" = "ACF2" ]; then + member_name="${member_prefix}A${jcloption}" + else + member_name="${member_prefix}R${jcloption}" fi - zosmf_root_ca="${11}" - # option 2 - connect existing - connect_user="${12}" - connect_label="${13}" - # option 3 - import from data set - import_ds_name="${14}" - import_ds_password="${15}" - validity="${16:-${ZWE_PRIVATE_DEFAULT_CERTIFICATE_VALIDITY}}" - security_product=${17:-RACF} # generate from domains list domain_name= @@ -895,67 +891,20 @@ EOF validity_ymd=$("${date_add_util}" ${validity} YYYY-MM-DD) validity_mdy=$("${date_add_util}" ${validity} MM/DD/YY) - # option 2 needs further changes on JCL - racf_connect1="s/dummy/dummy/" - racf_connect2="s/dummy/dummy/" - acf2_connect="s/dummy/dummy/" - tss_connect="s/dummy/dummy/" - if [ "${jcloption}" = "2" ]; then - if [ "${connect_user}" = "SITE" ]; then - racf_connect1="s/^ \+RACDCERT CONNECT[(]SITE | ID[(]userid[)].*\$/ RACDCERT CONNECT(SITE +/" - acf2_connect="s/^ \+CONNECT CERTDATA[(]SITECERT\.digicert | userid\.digicert[)].*\$/ CONNECT CERTDATA(SITECERT.${connect_label}) -/" - tss_connect="s/^ \+RINGDATA[(]CERTSITE|userid,digicert[)].*\$/ RINGDATA(CERTSITE,${connect_label}) +/" - elif [ -n "${connect_user}" ]; then - racf_connect1="s/^ \+RACDCERT CONNECT[(]SITE | ID[(]userid[)].*\$/ RACDCERT CONNECT(ID(${connect_user}) +/" - acf2_connect="s/^ \+CONNECT CERTDATA[(]SITECERT\.digicert | userid\.digicert[)].*\$/ CONNECT CERTDATA(${connect_user}.${connect_label}) -/" - tss_connect="s/^ \+RINGDATA[(]CERTSITE|userid,digicert[)].*\$/ RINGDATA(${connect_user},${connect_label}) +/" - fi - racf_connect2="s/^ \+LABEL[(]'certlabel'[)].*\$/ LABEL('${connect_label}') +/" - fi - - # used by ACF2 - stc_group=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.groups.stc") - if [ -z "${stc_group}" ]; then - stc_group=${ZWE_PRIVATE_DEFAULT_ADMIN_GROUP} - fi - ############################### # prepare ZWEKRING JCL - print_message ">>>> Modify ZWEKRING" + print_debug ">>>> Prepare ${member_name}" print_debug "- Create temp file" tmpfile=$(create_tmp_file $(echo "zwe ${ZWE_CLI_COMMANDS_LIST}" | sed "s# #-#g")) - print_debug " > temp file: ${tmpfile}" - print_debug "- Create temp data set member" - tmpdsm=$(create_data_set_tmp_member "${jcllib}" "ZW$(date +%H%M)") print_debug " > data set member: ${jcllib}(tmpdsm)" - print_debug "- Copy ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWEKRING) to ${tmpfile}" - result=$(cat "//'${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWEKRING)'" | \ - sed "s/^\/\/ \+SET \+PRODUCT=.*\$/\/\/ SET PRODUCT=${security_product}/" | \ - sed "s/^\/\/ \+SET \+ZOWEUSER=.*\$/\/\/ SET ZOWEUSER=${keyring_owner:-${ZWE_PRIVATE_DEFAULT_ZOWE_USER}}/" | \ - sed "s/^\/\/ \+SET \+ZOWERING=.*\$/\/\/ SET ZOWERING='${keyring_name}'/" | \ - sed "s/^\/\/ \+SET \+OPTION=.*\$/\/\/ SET OPTION=${jcloption}/" | \ - sed "s/^\/\/ \+SET \+LABEL=.*\$/\/\/ SET LABEL='${alias}'/" | \ - sed "s/^\/\/ \+SET \+LOCALCA=.*\$/\/\/ SET LOCALCA='${ca_alias}'/" | \ - sed "s/^\/\/ \+SET \+CN=.*\$/\/\/ SET CN='${ZWE_PRIVATE_CERTIFICATE_COMMON_NAME:-${ZWE_PRIVATE_DEFAULT_CERTIFICATE_COMMON_NAME}}'/" | \ - sed "s/^\/\/ \+SET \+OU=.*\$/\/\/ SET OU='${ZWE_PRIVATE_CERTIFICATE_ORG_UNIT:-${ZWE_PRIVATE_DEFAULT_CERTIFICATE_ORG_UNIT}}'/" | \ - sed "s/^\/\/ \+SET \+O=.*\$/\/\/ SET O='${ZWE_PRIVATE_CERTIFICATE_ORG:-${ZWE_PRIVATE_DEFAULT_CERTIFICATE_ORG}}'/" | \ - sed "s/^\/\/ \+SET \+L=.*\$/\/\/ SET L='${ZWE_PRIVATE_CERTIFICATE_LOCALITY:-${ZWE_PRIVATE_DEFAULT_CERTIFICATE_LOCALITY}}'/" | \ - sed "s/^\/\/ \+SET \+SP=.*\$/\/\/ SET SP='${ZWE_PRIVATE_CERTIFICATE_STATE:-${ZWE_PRIVATE_DEFAULT_CERTIFICATE_STATE}}'/" | \ - sed "s/^\/\/ \+SET \+C=.*\$/\/\/ SET C='${ZWE_PRIVATE_CERTIFICATE_COUNTRY:-${ZWE_PRIVATE_DEFAULT_CERTIFICATE_COUNTRY}}'/" | \ - sed "s/^\/\/ \+SET \+HOSTNAME=.*\$/\/\/ SET HOSTNAME='${domain_name}'/" | \ + print_debug "- Copy ${jcllib}(${member_name}) to ${tmpfile}" + result=$(cat "//'${jcllib}(${member_name})'" | \ sed "s/^\/\/ \+SET \+IPADDRES=.*\$/\/\/ SET IPADDRES='${ip_address}'/" | \ - sed "s/^\/\/ \+SET \+DSNAME=.*\$/\/\/ SET DSNAME=${import_ds_name}/" | \ - sed "s/^\/\/ \+SET \+PKCSPASS=.*\$/\/\/ SET PKCSPASS='${import_ds_password}'/" | \ sed "s/^\/\/ \+SET \+IFZOWECA=.*\$/\/\/ SET IFZOWECA=${import_ext_ca}/" | \ sed "s/^\/\/ \+SET \+ITRMZWCA=.*\$/\/\/ SET ITRMZWCA='${import_ext_intermediate_ca_label}'/" | \ sed "s/^\/\/ \+SET \+ROOTZWCA=.*\$/\/\/ SET ROOTZWCA='${import_ext_root_ca_label}'/" | \ sed "s/^\/\/ \+SET \+IFROZFCA=.*\$/\/\/ SET IFROZFCA=${trust_zosmf}/" | \ sed "s/^\/\/ \+SET \+ROOTZFCA=.*\$/\/\/ SET ROOTZFCA='${zosmf_root_ca}'/" | \ - sed "s/^\/\/ \+SET \+STCGRP=.*\$/\/\/ SET STCGRP=${stc_group}/" | \ - sed "${racf_connect1}" | \ - sed "${racf_connect2}" | \ - sed "${acf2_connect}" | \ - sed "${tss_connect}" | \ sed "s/2030-05-01/${validity_ymd}/g" | \ sed "s#05/01/30#${validity_mdy}#g" \ > "${tmpfile}") @@ -977,34 +926,38 @@ EOF fi fi if [ ! -f "${tmpfile}" ]; then - print_error "Error ZWEL0159E: Failed to modify ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWEKRING)" + print_error "Error ZWEL0159E: Failed to modify ${jcllib}(${member_name})" return 159 fi - print_trace "- Ensure ${tmpfile} encoding before copying into data set" - ensure_file_encoding "${tmpfile}" "SPDX-License-Identifier" - print_trace "- ${tmpfile} created, copy to ${jcllib}(${tmpdsm})" - copy_to_data_set "${tmpfile}" "${jcllib}(${tmpdsm})" "" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" - code=$? - print_trace "- Delete ${tmpfile}" - rm -f "${tmpfile}" - if [ ${code} -ne 0 ]; then - print_error "Error ZWEL0160E: Failed to write to ${jcllib}(${tmpdsm}). Please check if target data set is opened by others." - return 160 - fi - print_message " - ${jcllib}(${tmpdsm}) is prepared" - print_message - ############################### - # submit job + jcl_contents=$(cat "${tmpfile}") + + print_message "Template JCL: ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(${member_name}) , Executable JCL: ${jcllib}(${member_name})" + print_message "--- JCL Content ---" + print_message "$jcl_contents" + print_message "--- End of JCL ---" + if [ "${ZWE_CLI_PARAMETER_SECURITY_DRY_RUN}" = "true" ]; then - print_message "Dry-run mode, JCL will NOT be submitted on the system." - print_message "Please submit ${jcllib}(${tmpdsm}) manually." + print_message "JCL not submitted, command run with dry run flag." + print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" + print_trace "- Delete ${tmpfile}" + rm "${tmpfile}" else - print_message ">>>> Submit ${jcllib}(${tmpdsm})" - jobid=$(submit_job "//'${jcllib}(${tmpdsm})'") + if [ ${code} -ne 0 ]; then + print_error "Error ZWEL0160E: Failed to write to ${jcllib}(${tmpdsm}). Please check if target data set is opened by others." + return 160 + fi + print_debug " - ${jcllib}(${member_name}) is prepared" + + ############################### + # submit job + print_message "Submitting Job ${member_name}" + jobid=$(submit_job "${tmpfile}") code=$? if [ ${code} -ne 0 ]; then - print_error "Error ZWEL0161E: Failed to run JCL ${jcllib}(${tmpdsm})." + print_error "Error ZWEL0161E: Failed to run JCL ${jcllib}(${member_name})." + print_trace "- Delete ${tmpfile}" + rm -f "${tmpfile}" return 161 fi print_debug "- job id ${jobid}" @@ -1012,6 +965,8 @@ EOF code=$? if [ ${code} -eq 1 ]; then print_error "Error ZWEL0162E: Failed to find job ${jobid} result." + print_trace "- Delete ${tmpfile}" + rm -f "${tmpfile}" return 162 fi jobname=$(echo "${jobstate}" | awk -F, '{print $2}') @@ -1021,96 +976,54 @@ EOF print_message " - Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." print_message "" - print_message "WARNING: Due to the limitation of the ZWEKRING job, exit with 0 does not mean" + print_message "WARNING: Due to the limitation of the ${member_name} job, exit with 0 does not mean" print_message " the job is fully successful. Please check the job log to determine" print_message " if there are any inline errors." print_message "" else print_error "Error ZWEL0163E: Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." + print_trace "- Delete ${tmpfile}" + rm -f "${tmpfile}" return 163 fi + print_trace "- Delete ${tmpfile}" + rm -f "${tmpfile}" fi } keyring_run_zwenokyr_jcl() { prefix="${1}" jcllib="${2}" - keyring_owner="${3}" - keyring_name="${4}" - alias="${5}" - ca_alias="${6}" - security_product=${7:-RACF} - - # used by ACF2 - stc_group=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.security.groups.stc") - if [ -z "${stc_group}" ]; then - stc_group=${ZWE_PRIVATE_DEFAULT_ADMIN_GROUP} - fi + security_product="${3}" - ############################### - # prepare ZWENOKYR JCL - print_message ">>>> Modify ZWENOKYR" - print_debug "- Create temp file" - tmpfile=$(create_tmp_file $(echo "zwe ${ZWE_CLI_COMMANDS_LIST}" | sed "s# #-#g")) - print_debug " > temp file: ${tmpfile}" - print_debug "- Create temp data set member" - tmpdsm=$(create_data_set_tmp_member "${jcllib}" "ZW$(date +%H%M)") - print_debug " > data set member: ${jcllib}(tmpdsm)" - print_debug "- Copy ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWENOKYR) to ${tmpfile}" - result=$(cat "//'${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWENOKYR)'" | \ - sed "s/^\/\/ \+SET \+PRODUCT=.*\$/\/\/ SET PRODUCT=${security_product}/" | \ - sed "s/^\/\/ \+SET \+ZOWEUSER=.*\$/\/\/ SET ZOWEUSER=${keyring_owner:-${ZWE_PRIVATE_DEFAULT_ZOWE_USER}}/" | \ - sed "s/^\/\/ \+SET \+ZOWERING=.*\$/\/\/ SET ZOWERING='${keyring_name}'/" | \ - sed "s/^\/\/ \+SET \+LABEL=.*\$/\/\/ SET LABEL='${alias}'/" | \ - sed "s/^\/\/ \+SET \+LOCALCA=.*\$/\/\/ SET LOCALCA='${ca_alias}'/" | \ - sed "s/^\/\/ \+SET \+STCGRP=.*\$/\/\/ SET STCGRP=${stc_group}/" \ - > "${tmpfile}") - code=$? - chmod 700 "${tmpfile}" - if [ ${code} -eq 0 ]; then - print_debug " * Succeeded" - print_trace " * Exit code: ${code}" - print_trace " * Output:" - if [ -n "${result}" ]; then - print_trace "$(padding_left "${result}" " ")" - fi + member_prefix="ZWENOKR" + if [ "${security_product}" = "TSS" ]; then + member_name="${member_prefix}T" + elif [ "${security_product}" = "ACF2" ]; then + member_name="${member_prefix}A" else - print_debug " * Failed" - print_error " * Exit code: ${code}" - print_error " * Output:" - if [ -n "${result}" ]; then - print_error "$(padding_left "${result}" " ")" - fi - fi - if [ ! -f "${tmpfile}" ]; then - print_error "Error ZWEL0159E: Failed to modify ${prefix}.${ZWE_PRIVATE_DS_SZWESAMP}(ZWENOKYR)" - return 159 + member_name="${member_prefix}R" fi - print_trace "- Ensure ${tmpfile} encoding before copying into data set" - ensure_file_encoding "${tmpfile}" "SPDX-License-Identifier" - print_trace "- ${tmpfile} created, copy to ${jcllib}(${tmpdsm})" - copy_to_data_set "${tmpfile}" "${jcllib}(${tmpdsm})" "" "${ZWE_CLI_PARAMETER_ALLOW_OVERWRITE}" - code=$? - print_trace "- Delete ${tmpfile}" - rm -f "${tmpfile}" - if [ ${code} -ne 0 ]; then - print_error "Error ZWEL0160E: Failed to write to ${jcllib}(${tmpdsm}). Please check if target data set is opened by others." - return 160 - fi - print_message " - ${jcllib}(${tmpdsm}) is prepared" - print_message + + jcl_contents=$(cat "//'${jcllib}(${member_name})'") + + print_message "Template JCL: ${prefix}.SZWESAMP(${member_name}) , Executable JCL: ${jcllib}(${member_name})" + print_message "--- JCL Content ---" + print_message "$jcl_contents" + print_message "--- End of JCL ---" + ############################### # submit job if [ "${ZWE_CLI_PARAMETER_SECURITY_DRY_RUN}" = "true" ]; then - print_message "Dry-run mode, JCL will NOT be submitted on the system." - print_message "Please submit ${jcllib}(${tmpdsm}) manually." + print_message "JCL not submitted, command run with dry run flag." + print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" else - print_message ">>>> Submit ${jcllib}(${tmpdsm})" - jobid=$(submit_job "//'${jcllib}(${tmpdsm})'") + print_message "Submitting Job ${member_name}" + jobid=$(submit_job "//'${jcllib}(${member_name})'") code=$? if [ ${code} -ne 0 ]; then - print_error "Error ZWEL0161E: Failed to run JCL ${jcllib}(${tmpdsm})." + print_error "Error ZWEL0161E: Failed to run JCL ${jcllib}(${member_name})." return 161 fi print_debug "- job id ${jobid}" diff --git a/bin/libs/common.sh b/bin/libs/common.sh index 5db74cc256..582dda285a 100644 --- a/bin/libs/common.sh +++ b/bin/libs/common.sh @@ -123,6 +123,9 @@ print_error_and_exit() { exit_code=${3:-1} print_error "${message}" "${write_to}" + if [ -f "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}/.zowe-merged.yaml" ]; then + rm "${ZWE_PRIVATE_TMP_MERGED_YAML_DIR}/.zowe-merged.yaml" + fi exit ${exit_code} } diff --git a/bin/libs/common.ts b/bin/libs/common.ts index 7eabf33f5f..6085bd3293 100644 --- a/bin/libs/common.ts +++ b/bin/libs/common.ts @@ -12,6 +12,7 @@ import * as std from 'cm_std'; import * as os from 'cm_os'; import * as xplatform from 'xplatform'; +import * as zos from 'zos'; import * as fs from './fs'; //import * as stringlib from './string'; @@ -130,9 +131,16 @@ export function date(...args: string[]): string|undefined { let logExists = false; let logFile:std.File|null = null; +export function finishLogFile() { + if (logFile) { + logFile.close(); + zos.changeTag(std.getenv('ZWE_PRIVATE_LOG_FILE'), 819); + } +} + function writeLog(message: string): boolean { + const filename = std.getenv('ZWE_PRIVATE_LOG_FILE'); if (!logExists) { - const filename = std.getenv('ZWE_PRIVATE_LOG_FILE'); if (filename) { logExists = fs.fileExists(filename); if (!logExists) { @@ -155,7 +163,7 @@ function writeLog(message: string): boolean { return false; } else { //TODO this does utf8. should we flip it to 1047 on zos? - logFile.puts(message); + logFile.puts(message+'\n'); return true; } } @@ -173,7 +181,7 @@ export function printRawMessage(message: string, isError: boolean, writeTo:strin } } if (writeTo.includes('log')) { - writeLog(message+'\n'); + writeLog(message); } return true; } diff --git a/bin/libs/json.sh b/bin/libs/json.sh index 5b5342a4a3..481f8e11af 100644 --- a/bin/libs/json.sh +++ b/bin/libs/json.sh @@ -11,6 +11,72 @@ # Copyright Contributors to the Zowe Project. ####################################################################### +# If node.home, java.home, or zowe.runtimeDirectory are missing, +# And if the user desires, we can attempt to update the zowe.yaml +# With the paths we discover. +init_missing_yaml_properties() { + # Check if we can update node/java home, or runtime dir. + # Only possible right now if the config is a basic file. + # no FILE() or PARMLIB() syntax can be handled here yet. + if [ -e "${ZWE_CLI_PARAMETER_CONFIG}" ]; then + update_node_home= + found_node_home="$(shell_read_yaml_node_home "${ZWE_CLI_PARAMETER_CONFIG}")" + # only try to update if it's not defined + if [ -z "${found_node_home}" ]; then + update_node_home=$(detect_node_home) + fi + + update_java_home= + found_java_home="$(shell_read_yaml_java_home "${ZWE_CLI_PARAMETER_CONFIG}")" + # only try to update if it's not defined + if [ -z "${found_java_home}" ]; then + update_java_home=$(detect_java_home) + fi + + update_zowe_runtime_dir= + # do we have zowe.runtimeDirectory defined in zowe.yaml? + yaml_runtime_dir=$(shell_read_yaml_config "${ZWE_CLI_PARAMETER_CONFIG}" "zowe" "runtimeDirectory") + if [ -z "${yaml_runtime_dir}" ]; then + update_zowe_runtime_dir="${ZWE_zowe_runtimeDirectory}" + fi + + if [ -n "${update_node_home}" -o -n "${update_java_home}" -o -n "${update_zowe_runtime_dir}" ]; then + if [ "${ZWE_CLI_PARAMETER_UPDATE_CONFIG}" = "true" ]; then + if [ -n "${update_node_home}" ]; then + update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "node.home" "${update_node_home}" + fi + if [ -n "${update_java_home}" ]; then + update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "java.home" "${update_java_home}" + fi + if [ -n "${update_zowe_runtime_dir}" ]; then + update_zowe_yaml "${ZWE_CLI_PARAMETER_CONFIG}" "zowe.runtimeDirectory" "${update_zowe_runtime_dir}" + fi + + print_level2_message "Runtime directory, Java and/or node.js settings are updated successfully." + else + print_message "These configurations need to be added to your YAML configuration file:" + print_message "" + if [ -n "${update_zowe_runtime_dir}" ]; then + print_message "zowe:" + print_message " runtimeDirectory: \"${update_zowe_runtime_dir}\"" + fi + if [ -n "${update_node_home}" ]; then + print_message "node:" + print_message " home: \"${update_node_home}\"" + fi + if [ -n "${update_java_home}" ]; then + print_message "java:" + print_message " home: \"${update_java_home}\"" + fi + + print_level2_message "Please manually update \"${ZWE_CLI_PARAMETER_CONFIG}\" before you start Zowe." + fi + fi + fi +} + + + ############################### # Read JSON configuration from shell script # diff --git a/bin/libs/json.ts b/bin/libs/json.ts index 8e269e8374..c5e0821a5f 100644 --- a/bin/libs/json.ts +++ b/bin/libs/json.ts @@ -81,3 +81,8 @@ export function updateZoweYaml(file: string, key: string, val: any) { common.printError(` * Error`); } } + +export function updateZoweYamlFromObj(file: string, updateObj: any) { + common.printMessage(`- update zowe config ${file} with obj=${JSON.stringify(updateObj, null, 2)}`); + config.updateZoweConfig(updateObj, true, 1); //TODO externalize array merge strategy = 1 +} diff --git a/bin/libs/zos-dataset.sh b/bin/libs/zos-dataset.sh index 16154681f5..539cd9db3d 100644 --- a/bin/libs/zos-dataset.sh +++ b/bin/libs/zos-dataset.sh @@ -105,7 +105,7 @@ data_set_copy_to_data_set() { allow_overwrite="${4}" if [ "${allow_overwrite}" != "true" ]; then - if [ "$(is_data_set_exists "//'${ds_to}'")" = "true" ]; then + if [ "$(is_data_set_exists '${ds_to}')" = "true" ]; then print_error_and_exit "Error ZWEL0133E: Data set ${ds_to} already exists" "" 133 fi fi diff --git a/bin/libs/zos-dataset.ts b/bin/libs/zos-dataset.ts index 74d10aed9e..6348b67b1e 100644 --- a/bin/libs/zos-dataset.ts +++ b/bin/libs/zos-dataset.ts @@ -17,7 +17,17 @@ import * as stringlib from './string'; import * as shell from './shell'; import * as zoslib from './zos'; +//TODO a bit of a hack. "cat" cant output a vsam, so it will always give errors. +// however, the errors it gives are different depending on if the vsam exists or not. +export function isVsamDatasetExists(datasetName: string): boolean { + common.printTrace(` * isVsamDatasetExists: '${stringlib.escapeDollar(datasetName)}'`); + const result = shell.execErrSync('sh', '-c', `cat "//'${stringlib.escapeDollar(datasetName)}'" 1>/dev/null`); + return !(result.err && result.err.includes('EDC5049I')); + // EDC5049I = file not found +} + export function isDatasetExists(datasetName: string): boolean { + common.printTrace(` * isDatasetExists: '${stringlib.escapeDollar(datasetName)}'`); const result = shell.execSync('sh', '-c', `cat "//'${stringlib.escapeDollar(datasetName)}'" 1>/dev/null 2>&1`); return result.rc === 0; } @@ -27,6 +37,7 @@ export function isDatasetExists(datasetName: string): boolean { // 1: data set is not in catalog // 2: data set member doesn't exist export function tsoIsDatasetExists(datasetName: string): number { + common.printTrace(` * tsoIsDatasetExists: '${stringlib.escapeDollar(datasetName)}'`); const result = zoslib.tsoCommand(`listds '${stringlib.escapeDollar(datasetName)}' label`); if (result.rc != 0) { if (result.out.includes('NOT IN CATALOG')) { @@ -44,6 +55,7 @@ export function tsoIsDatasetExists(datasetName: string): number { } export function createDataSet(dsName: string, dsOptions: string): number { + common.printTrace(` * createDataSet: '${stringlib.escapeDollar(dsName)}' ${dsOptions}`); const result=zoslib.tsoCommand(`ALLOCATE NEW DA('${stringlib.escapeDollar(dsName)}') ${dsOptions}`); return result.rc; } @@ -72,78 +84,28 @@ export function copyToDataset(filePath: string, dsName: string, cpOptions: strin return result.rc; } -export function datasetCopyToDataset(prefix: string, datasetFrom: string, datasetTo: string, allowOverwrite: boolean): number { - if (allowOverwrite != true) { - if (isDatasetExists(datasetTo)) { - common.printErrorAndExit(`Error ZWEL0133E: Data set ${datasetTo} already exists`, undefined, 133); +export function getDatasetVolume(dataset: string): { rc: number, volume?: string } { + common.printTrace(`- Find volume of data set ${stringlib.escapeDollar(dataset)}`); + const result = zoslib.tsoCommand(`listds '${stringlib.escapeDollar(dataset)}'`); + if (result.rc == 0) { + let volumesIndex = result.out.indexOf('--VOLUMES--'); + let volume: string; + if (volumesIndex != -1) { + let startIndex = volumesIndex + '--VOLUMES--'.length; + volume = result.out.substring(startIndex).trim(); } - } - - const cmd = `exec '${stringlib.escapeDollar(prefix)}.${std.getenv('ZWE_PRIVATE_DS_SZWEEXEC')}(ZWEMCOPY)' '${stringlib.escapeDollar(datasetFrom)} ${stringlib.escapeDollar(datasetTo)}'`; - const result = zoslib.tsoCommand(cmd); - return result.rc; -} - -// List users of a data set -// -// @param dsn data set name to check -// @return 0: no users -// 1: there are some users -// @output output of operator command "d grs" -export function listDatasetUser(datasetName: string): number { - const cmd = `D GRS,RES=(*,'${stringlib.escapeDollar(datasetName)}')`; - const result=zoslib.operatorCommand(cmd); - return result.out.includes('NO REQUESTORS FOR RESOURCE') ? 0 : 1; - // example outputs: - // - // server 2021040 22:29:30.60 ISF031I CONSOLE MYCONS ACTIVATED - // server 2021040 22:29:30.60 -D GRS,RES=(*,IBMUSER.PARMLIB) - // server 2021040 22:29:30.60 ISG343I 22.29.30 GRS STATUS 336 - // S=SYSTEM SYSDSN IBMUSER.PARMLIB - // SYSNAME JOBNAME ASID TCBADDR EXC/SHR STATUS - // server ZWESISTC 0045 006FED90 SHARE OWN - // ISF754I Command 'SET CONSOLE MYCONS' generated from associated variable ISFCONS. - // ISF776I Processing started for action 1 of 1. - // ISF769I System command issued, command text: D GRS,RES=(*,IBMUSER.PARMLIB). - // ISF766I Request completed, status: COMMAND ISSUED. - // - // example output: - // - // server 2021040 22:31:07.32 ISF031I CONSOLE MYCONS ACTIVATED - // server 2021040 22:31:07.32 -D GRS,RES=(*,IBMUSER.LOADLIB) - // server 2021040 22:31:07.32 ISG343I 22.31.07 GRS STATUS 363 - // NO REQUESTORS FOR RESOURCE * IBMUSER.LOADLIB - // ISF754I Command 'SET CONSOLE MYCONS' generated from associated variable ISFCONS. - // ISF776I Processing started for action 1 of 1. - // ISF769I System command issued, command text: D GRS,RES=(*,IBMUSER.LOADLIB). - // ISF766I Request completed, status: COMMAND ISSUED. -} - -// Delete data set -// -// @param dsn data set (or with member) name to delete -// @return 0: exist -// 1: data set doesn't exist -// 2: data set member doesn't exist -// 3: data set is in use -// @output tso listds label output -export function deleteDataset(dataset: string): number { - const cmd=`delete '${stringlib.escapeDollar(dataset)}'`; - const result=zoslib.tsoCommand(cmd); - if (result.rc != 0) { - if (result.out.includes('NOT IN CATALOG')) { - return 1; - } else if (result.out.includes('NOT FOUND')) { - return 2; - } else if (result.out.includes('IN USE BY')) { - return 3; + if (!volume) { + common.printError(" * Failed to find volume information of the data set."); + return { rc: 2 } + } else { + return { rc: 0, volume: volume } } - // some other error we don't know yet - return 9; + } else { + return { rc: 1 } } - return 0; } + export function isDatasetSmsManaged(dataset: string): { rc: number, smsManaged?: boolean } { // REF: https://www.ibm.com/docs/en/zos/2.3.0?topic=dscbs-how-found // bit DS1SMSDS at offset 78(X'4E') @@ -168,20 +130,30 @@ export function isDatasetSmsManaged(dataset: string): { rc: number, smsManaged?: // 00000000000000000000 0000000000 // // SMS flag is in `FORMAT 1 DSCB` section second line, after 780037 + // The first flag 'F1' is DS1FMTID at offset 44(X'2C') + // + // Notes: + // The first section is --FORMAT 1 DSCB-- xor --FORMAT 8 DSCB-- + // The section --FORMAT 3 DSCB-- is optional + // common.printTrace(`- Check if ${dataset} is SMS managed`); const labelResult = zoslib.tsoCommand(`listds '${stringlib.escapeDollar(dataset)}' label`); const datasetLabel=labelResult.out; if (labelResult.rc == 0) { - let formatIndex = datasetLabel.indexOf('--FORMAT 1 DSCB--'); + let formatIndex = datasetLabel.indexOf("--FORMAT 1 DSCB--\n"); let dscb_fmt1: string; if (formatIndex == -1) { - formatIndex = datasetLabel.indexOf('--FORMAT 8 DSCB--'); + formatIndex = datasetLabel.indexOf("--FORMAT 8 DSCB--\n"); } if (formatIndex != -1) { - let startIndex = formatIndex + '--FORMAT 8 DSCB--'.length; + let startIndex = formatIndex + "--FORMAT 8 DSCB--\n".length; let endIndex = datasetLabel.indexOf('--',startIndex); - dscb_fmt1 = datasetLabel.substring(startIndex, endIndex); + if (endIndex != -1) { + dscb_fmt1 = datasetLabel.substring(startIndex, endIndex); + } else { + dscb_fmt1 = datasetLabel.substring(startIndex); + } } if (!dscb_fmt1) { common.printError(" * Failed to find format 1 data set control block information."); @@ -209,85 +181,3 @@ export function isDatasetSmsManaged(dataset: string): { rc: number, smsManaged?: return { rc: 1 }; } } - -export function getDatasetVolume(dataset: string): { rc: number, volume?: string } { - common.printTrace(`- Find volume of data set ${dataset}`); - const result = zoslib.tsoCommand(`listds '${stringlib.escapeDollar(dataset)}'`); - if (result.rc == 0) { - let volumesIndex = result.out.indexOf('--VOLUMES--'); - let volume: string; - if (volumesIndex != -1) { - let startIndex = volumesIndex + '--VOLUMES--'.length; - volume = result.out.substring(startIndex).trim(); - } - if (!volume) { - common.printError(" * Failed to find volume information of the data set."); - return { rc: 2 } - } else { - return { rc: 0, volume: volume } - } - } else { - return { rc: 1 } - } -} - -export function apfAuthorizeDataset(dataset: string): number { - const result = isDatasetSmsManaged(dataset); - if (result.rc) { - common.printError(`Error ZWEL0134E: Failed to find SMS status of data set ${dataset}.`); - return 134; - } - - let apfVolumeParam:string; - if (result.smsManaged) { - common.printDebug(`- ${dataset} is SMS managed`); - apfVolumeParam="SMS" - } else { - common.printDebug(`- ${dataset} is not SMS managed`); - const volumeResult = getDatasetVolume(dataset); - const dsVolume=volumeResult.volume; - if (volumeResult.rc == 0) { - common.printDebug(`- Volume of ${dataset} is ${dsVolume}`); - apfVolumeParam=`VOLUME=${dsVolume}`; - } else { - common.printError(`Error ZWEL0135E: Failed to find volume of data set ${dataset}.`); - return 135; - } - } - - const apfCmd=`SETPROG APF,ADD,DSNAME=${dataset},${apfVolumeParam}`; - if (std.getenv('ZWE_CLI_PARAMETER_SECURITY_DRY_RUN') == "true") { - common.printMessage("- Dry-run mode, security setup is NOT performed on the system."); - common.printMessage(" Please apply this operator command manually:"); - common.printMessage(''); - common.printMessage(` ${apfCmd}`); - common.printMessage(''); - } else { - const authResult = zoslib.operatorCommand(apfCmd); - const apfAuthSuccess=authResult.out && authResult.out.includes('ADDED TO APF LIST'); - if (result.rc == 0 && apfAuthSuccess) { - return 0; - } else { - common.printError(`Error ZWEL0136E: Failed to APF authorize data set ${dataset}.`); - return 136; - } - } - return 0; -} - -export function createDatasetTmpMember(dataset: string, prefix: string='ZW'): string | null { - common.printTrace(` > createDatasetTmpMember in ${dataset}`); - for (var i = 0; i < 100; i++) { - let rnd=Math.floor(Math.random()*10000); - - let member=`${prefix}${rnd}`.substring(0,8); - common.printTrace(` - test ${member}`); - let memberExist=isDatasetExists(`${dataset}(${member})`); - common.printTrace(` - exist? ${memberExist}`); - if (!memberExist) { - common.printTrace(" - good"); - return member; - } - } - return null; -} diff --git a/bin/libs/zos-jes.sh b/bin/libs/zos-jes.sh index 7c6f564faf..520e0bf356 100644 --- a/bin/libs/zos-jes.sh +++ b/bin/libs/zos-jes.sh @@ -32,11 +32,15 @@ submit_job() { return ${code} fi - result=$(submit "${jcl}") + # cat seems to work more reliably. sometimes, submit by itself just says it cannot find a real dataset. + result=$(cat "${jcl}" | submit 2>&1) # expected: JOB JOB????? submitted from path '...' code=$? if [ ${code} -eq 0 ]; then jobid=$(echo "${result}" | grep submitted | awk '{print $2}') + if [ -z "${jobid}" ]; then + jobid=$(echo "${result}" | grep "$HASP" | head -n 1 | awk '{print $2}') + fi if [ -z "${jobid}" ]; then print_debug " * Failed to find job ID" print_error " * Exit code: ${code}" @@ -100,14 +104,17 @@ wait_for_job() { # $DJ gives ... # ... $HASP890 JOB(JOB1) CC=(COMPLETED,RC=0) <-- accept this value # ... $HASP890 JOB(GIMUNZIP) CC=() <-- reject this value - jobstatus=$(echo "${result}" | grep '$HASP890' | sed 's#^.*\$HASP890 *JOB(\(.*\)) *CC=(\(.*\)).*$#\1,\2#') - jobname=$(echo "${jobstatus}" | awk -F, '{print $1}') - jobcctext=$(echo "${jobstatus}" | awk -F, '{print $2}') - jobcccode=$(echo "${jobstatus}" | awk -F, '{print $3}' | awk -F= '{print $2}') - print_trace " * Job (${jobname}) status is ${jobcctext},RC=${jobcccode}" - if [ -n "${jobcctext}" -o -n "${jobcccode}" ]; then - # job have CC state - break + haspline=$(echo "${result}" | grep '$HASP890') + if [ -n "${haspline}" ]; then + jobstatus=$(echo "${haspline}" | sed 's#^.*\$HASP890 *JOB(\(.*\)) *CC=(\(.*\)).*$#\1,\2#') + jobname=$(echo "${jobstatus}" | awk -F, '{print $1}') + jobcctext=$(echo "${jobstatus}" | awk -F, '{print $2}') + jobcccode=$(echo "${jobstatus}" | awk -F, '{print $3}' | awk -F= '{print $2}') + print_trace " * Job (${jobname}) status is ${jobcctext},RC=${jobcccode}" + if [ -n "${jobcctext}" -o -n "${jobcccode}" ]; then + # job have CC state + break + fi fi fi done @@ -130,3 +137,83 @@ wait_for_job() { return 1 fi } + +print_and_handle_jcl() { + jcl_location="${1}" + job_name="${2}" + jcllib="${3}" + prefix="${4}" + remove_jcl_on_finish="${5}" + continue_on_failure="${6}" + jcl_contents=$(cat "${jcl_location}") + job_has_failures=false + + print_message "Template JCL: ${prefix}.SZWESAMP(${job_name}) , Executable JCL: ${jcllib}(${job_name})" + print_message "--- JCL Content ---" + print_message "$jcl_contents" + print_message "--- End of JCL ---" + + if [ -z "${ZWE_CLI_PARAMETER_DRY_RUN}" ]; then + print_message "Submitting Job ${job_name}" + jobid=$(submit_job "${jcl_location}") + code=$? + if [ ${code} -ne 0 ]; then + job_has_failures=true + if [ "${continue_on_failure}" = "true" ]; then + print_error "Warning ZWEL0161W: Failed to run JCL ${jcllib}(${job_name})" + jobid= + else + if [ "${remove_jcl_on_finish}" = "true" ]; then + rm "${jcl_location}" + fi + print_error_and_exit "Error ZWEL0161E: Failed to run JCL ${jcllib}(${job_name})." "" 161 + fi + fi + print_debug "- job id ${jobid}" + + jobstate=$(wait_for_job "${jobid}") + code=$? + if [ ${code} -eq 1 ]; then + job_has_failures=true + if [ "${continue_on_failure}" = "true" ]; then + print_error "Warning ZWEL0162W: Failed to find job ${jobid} result." + else + if [ "${remove_jcl_on_finish}" = "true" ]; then + rm "${jcl_location}" + fi + print_error_and_exit "Error ZWEL0162E: Failed to find job ${jobid} result." "" 162 + fi + fi + jobname=$(echo "${jobstate}" | awk -F, '{print $2}') + jobcctext=$(echo "${jobstate}" | awk -F, '{print $3}') + jobcccode=$(echo "${jobstate}" | awk -F, '{print $4}') + + if [ "${code}" -eq 0 ]; then + else + job_has_failures=true + if [ "${continue_on_failure}" = "true" ]; then + print_error "Warning ZWEL0163W: Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." + else + if [ "${remove_jcl_on_finish}" = "true" ]; then + rm "${jcl_location}" + fi + print_error_and_exit "Error ZWEL0163E: Job ${jobname}(${jobid}) ends with code ${jobcccode} (${jobcctext})." "" 163 + fi + fi + if [ "${remove_jcl_on_finish}" = "true" ]; then + rm "${jcl_location}" + fi + if [ "${job_has_failures}" = "true" ]; then + print_level2_message "Job ended with some failures. Please check job log for details." + fi + return 0 + else + print_message "JCL not submitted, command run with dry run flag." + print_message "To perform command, re-run command without dry run flag, or submit the JCL directly" + print_level2_message "Command run successfully." + if [ "${remove_jcl_on_finish}" = "true" ]; then + rm "${jcl_location}" + fi + return 0 + fi +} diff --git a/bin/libs/zos-jes.ts b/bin/libs/zos-jes.ts new file mode 100644 index 0000000000..372a01e8a9 --- /dev/null +++ b/bin/libs/zos-jes.ts @@ -0,0 +1,253 @@ +/* + This program and the accompanying materials are made available + under the terms of the Eclipse Public License v2.0 which + accompanies this distribution, and is available at + https://www.eclipse.org/legal/epl-v20.html + + SPDX-License-Identifier: EPL-2.0 + + Copyright Contributors to the Zowe Project. +*/ + +import * as os from 'cm_os'; +import * as std from 'cm_std'; +import * as zoslib from './zos'; +import * as common from './common'; +import * as stringlib from './string'; +import * as shell from './shell'; + +export function submitJob(jclFileOrContent: string, printJobDebug:boolean=true, jclIsContent?:boolean): string|undefined { + if (printJobDebug) { + common.printDebug(`- submit job ${jclFileOrContent}`); + + common.printTrace(`- content of ${jclFileOrContent}`); + if (!jclIsContent) { + const catResult = shell.execOutSync('sh', '-c', `cat "${stringlib.escapeDollar(jclFileOrContent)}" 2>&1`); + if (catResult.rc != 0) { + common.printTrace(` * Failed`); + common.printTrace(` * Exit code: ${catResult.rc}`); + common.printTrace(` * Output:`); + common.printTrace(stringlib.paddingLeft(catResult.out, " ")); + return undefined; + } + else { + common.printTrace(stringlib.paddingLeft(catResult.out, " ")); + } + } else { + common.printTrace(jclFileOrContent); + } + } + + // cat seems to work more reliably. sometimes, submit by itself just says it cannot find a real dataset. + const result = shell.execOutSync('sh', '-c', jclIsContent ? `echo "${jclFileOrContent}" | submit 2>&1` + : `cat "${stringlib.escapeDollar(jclFileOrContent)}" | submit 2>&1`); + // expected: JOB JOB????? submitted from path '...' + const code=result.rc; + if (code==0) { + let jobidlines = result.out.split('\n').filter(line=>line.indexOf('submitted')!=-1); + let jobid = jobidlines.length > 0 ? jobidlines[0].split(' ')[1] : undefined; + if (!jobid) { + jobidlines = result.out.split('\n').filter(line=>line.indexOf('$HASP')!=-1); + jobid = jobidlines.length > 0 ? jobidlines[0].split(' ')[1] : undefined; + } + if (!jobid) { + common.printDebug(` * Failed to find job ID`); + common.printError(` * Exit code: ${code}`); + common.printError(` * Output:`); + if (result.out) { + common.printError(stringlib.paddingLeft(result.out, " ")); + } + return undefined; + } else { + common.printDebug(` * Succeeded with job ID ${jobid}`); + common.printTrace(` * Exit code: ${code}`); + common.printTrace(` * Output:`); + if (result.out) { + common.printTrace(stringlib.paddingLeft(result.out, " ")); + } + return jobid; + } + } else { + common.printDebug(` * Failed`); + common.printError(` * Exit code: ${code}`); + common.printError(` * Output:`); + if (result.out) { + common.printError(stringlib.paddingLeft(result.out, " ")); + } + + return undefined; + } +} + +export function waitForJob(jobid: string): {jobcctext?: string, jobcccode?: string, jobid?: string, jobname?: string, rc: number} { + let jobstatus; + let jobname; + let jobcctext; + let jobcccode; + let is_jes3; + + common.printDebug(`- Wait for job ${jobid} completed, starting at ${new Date().toString()}.`); + // wait for job to finish + const timesSec = [1, 5, 10, 20, 30, 60, 100, 300, 500]; + for (let i = 0; i < timesSec.length; i++) { + jobcctext = undefined; + jobcccode = undefined; + jobname = undefined; + is_jes3 = false; + const secs = timesSec[i]; + common.printTrace(` * Wait for ${secs} seconds`); + os.sleep(secs*1000); + + let result=zoslib.operatorCommand(`\\$D ${jobid},CC`); + // if it's JES3, we receive this: + // ... ISF031I CONSOLE IBMUSER ACTIVATED + // ... -$D JOB00132,CC + // ... IBMUSER7 IEE305I $D COMMAND INVALID + is_jes3=result.out ? result.out.match(new RegExp('\$D \+COMMAND INVALID')) : false; + if (is_jes3) { + common.printDebug(` * JES3 identified`); + const show_jobid=jobid.substring(3); + result=zoslib.operatorCommand(`*I J=${show_jobid}`); + // $I J= gives ... + // ... -*I J=00132 + // ... JES3 IAT8674 JOB BPXAS (JOB00132) P=15 CL=A OUTSERV(PENDING WTR) + // ... JES3 IAT8699 INQUIRY ON JOB STATUS COMPLETE, 1 JOB DISPLAYED + try { + jobname=result.out.split('\n').filter(line=>line.indexOf('IAT8674') != -1)[0].replace(new RegExp('^.*IAT8674 *JOB *', 'g'), '').split(' ')[0]; + } catch (e) { + + } + break; + } else { + // $DJ gives ... + // ... $HASP890 JOB(JOB1) CC=(COMPLETED,RC=0) <-- accept this value + // ... $HASP890 JOB(GIMUNZIP) CC=() <-- reject this value + try { + const hasplines = result.out.split('\n').filter(line => line.indexOf('$HASP890') != -1); + if (hasplines && hasplines.length > 0) { + const jobline = hasplines[0]; + const nameIndex = jobline.indexOf('JOB('); + const ccIndex = jobline.indexOf('CC=('); + jobname = jobline.substring(nameIndex+4, jobline.indexOf(')', nameIndex)); + const cc = jobline.substring(ccIndex+4, jobline.indexOf(')', ccIndex)).split(','); + jobcctext = cc[0]; + if (cc.length > 1) { + const equalSplit = cc[1].split('='); + if (equalSplit.length > 1) { + jobcccode = equalSplit[1]; + } + } + common.printTrace(` * Job (${jobname}) status is ${jobcctext},RC=${jobcccode}`); + if ((jobcctext && jobcctext.length > 0) || (jobcccode && jobcccode.length > 0)) { + // job have CC state + break; + } + } + } catch (e) { + break; + } + } + } + common.printTrace(` * Job status check done at ${new Date().toString()}.`); + + if (jobcctext || jobcccode) { + common.printDebug(` * Job (${jobname}) exits with code ${jobcccode} (${jobcctext}).`); + if (jobcccode == "0") { + return {jobcctext, jobcccode, jobname, rc: 0}; + } else { + // ${jobcccode} could be greater than 255 + return {jobcctext, jobcccode, jobname, rc: 2}; + } + } else if (is_jes3) { + common.printTrace(` * Cannot determine job complete code. Please check job log manually.`); + return {jobcctext, jobcccode, jobname, rc: 0}; + } else { + common.printError(` * Job (${jobname? jobname : jobid}) doesn't finish within max waiting period.`); + return {jobcctext, jobcccode, jobname, rc: 1}; + } +} + +export function printAndHandleJcl(jclLocationOrContent: string, jobName: string, jcllib: string, prefix: string, removeJclOnFinish?: boolean, continueOnFailure?: boolean, jclIsContent?: boolean){ + const jclContents = jclIsContent ? jclLocationOrContent : shell.execOutSync('sh', '-c', `cat "${stringlib.escapeDollar(jclLocationOrContent)}" 2>&1`).out; + + let jobHasFailures = false; + if (jclIsContent) { + removeJclOnFinish = false; + } + + common.printMessage(`Template JCL: ${prefix}.SZWESAMP(${jobName}) , Executable JCL: ${jcllib}(${jobName})`); + common.printMessage(`--- JCL Content ---`); + common.printMessage(jclContents); + common.printMessage(`--- End of JCL ---`); + + common.printTrace(' * zos-jes.printAndHanleJcl'); + common.printTrace(' * JCL Lines Length'); + const jclContentsSplit = jclContents.split("\n"); + for (let jclLine in jclContentsSplit) { + const tracePad = 6; + common.printTrace(`${jclContentsSplit[jclLine].length.toString().padStart(tracePad, ' ')}: ${jclContentsSplit[jclLine]}`); + if (jclContentsSplit[jclLine].length > 71) { + common.printTrace(`${' '.repeat(tracePad + 2)}${'^'.repeat(jclContentsSplit[jclLine].length)}`); + } + } + common.printTrace(' * JCL Lines Length'); + + let removeRc: number; + + let jobId: string|undefined; + if (!std.getenv('ZWE_CLI_PARAMETER_DRY_RUN') && !std.getenv('ZWE_CLI_PARAMETER_SECURITY_DRY_RUN')) { + common.printMessage(`Submitting Job ${jobName}`); + jobId=submitJob(jclLocationOrContent, false, jclIsContent); + if (!jobId) { + jobHasFailures=true; + if (continueOnFailure) { + common.printError(`Warning ZWEL0161W: Failed to run JCL ${jcllib}(${jobName})`); + jobId=undefined; + } else { + if (removeJclOnFinish) { + removeRc = os.remove(jclLocationOrContent); + } + common.printErrorAndExit(`Error ZWEL0161E: Failed to run JCL ${jcllib}(${jobName}).`, undefined, 161); + } + } + common.printDebug(`- job id ${jobId}`); + + let {jobcctext, jobcccode, jobname, rc} = waitForJob(jobId); + if (rc) { + jobHasFailures=true; + if (continueOnFailure) { + common.printError(`Warning ZWEL0162W: Failed to find job ${jobId} result.`); + } else { + if (removeJclOnFinish) { + removeRc = os.remove(jclLocationOrContent); + } + common.printErrorAndExit(`Error ZWEL0162E: Failed to find job ${jobId} result.`, undefined, 162); + } + + jobHasFailures=true + if (continueOnFailure) { + common.printError(`Warning ZWEL0163W: Job ${jobname}(${jobId}) ends with code ${jobcccode} (${jobcctext}).`); + } else { + if (removeJclOnFinish) { + removeRc = os.remove(jclLocationOrContent); + } + common.printErrorAndExit(`Error ZWEL0163E: Job ${jobname}(${jobId}) ends with code ${jobcccode} (${jobcctext}).`, undefined, 163); + } + } + if (removeJclOnFinish) { + removeRc = os.remove(jclLocationOrContent); + } + if (jobHasFailures) { + common.printLevel2Message(`Job ended with some failures. Please check job log for details.`); + } + return 0 + } else { + common.printMessage(`JCL not submitted, command run with "--dry-run" flag.`); + common.printMessage(`To perform command, re-run command without "--dry-run" flag, or submit the JCL directly`); + common.printLevel2Message(`Command run successfully.`); + if (removeJclOnFinish) { + removeRc = os.remove(jclLocationOrContent); + } + return 0 + } +} diff --git a/bin/libs/zos.sh b/bin/libs/zos.sh index a39c6df6aa..8e3eb5ebc3 100644 --- a/bin/libs/zos.sh +++ b/bin/libs/zos.sh @@ -66,3 +66,31 @@ operator_command() { return ${code} } + +verify_generated_jcl() { + jcllib=$(read_yaml "${ZWE_CLI_PARAMETER_CONFIG}" ".zowe.setup.dataset.jcllib") + # read JCL library and validate + does_jcl_exist=$(is_data_set_exists "${jcllib}") + if [ -z "${does_jcl_exist}" ]; then + result=$(zwecli_inline_execute_command init generate) + fi + + # should be created, but may take time to discover. + if [ -z "${does_jcl_exist}" ]; then + does_jcl_exist= + for secs in 1 5 10 ; do + does_jcl_exist=$(is_data_set_exists "${jcllib}") + if [ -z "${does_jcl_exist}" ]; then + sleep ${secs} + else + break + fi + done + + if [ -z "${does_jcl_exist}" ]; then + return 1 + fi + fi + echo "${jcllib}" + return 0 +} diff --git a/bin/libs/zos.ts b/bin/libs/zos.ts index 8cc5dea000..e658fcc637 100644 --- a/bin/libs/zos.ts +++ b/bin/libs/zos.ts @@ -10,10 +10,12 @@ */ import * as std from 'cm_std'; - +import * as os from 'cm_os'; import * as common from './common'; import * as shell from './shell'; import * as stringlib from './string'; +import * as zosDataset from './zos-dataset'; +import * as initGenerate from '../commands/init/generate/index'; export function tsoCommand(...args:string[]): { rc: number, out: string } { let message = "tsocmd " + '"' + args.join(' ') + '"'; @@ -64,3 +66,35 @@ export function operatorCommand(command: string): { rc: number, out: string } { //we strip the '.' we added above return { rc: result.rc, out: result.out ? result.out.substring(0, result.out.length-1) : '' }; } + +export function verifyGeneratedJcl(config:any): string { + const jcllib = config.zowe.setup.dataset.jcllib; + if (!jcllib) { + return undefined; + } + const expectedMember = jcllib+'(ZWEIMVS)'; + // read JCL library and validate using expected member ZWEIMVS (init mvs command) + let doesJclExist: boolean = zosDataset.isDatasetExists(expectedMember); + if (!doesJclExist) { + initGenerate.execute(); + } + + // should be created, but may take time to discover. + if (!doesJclExist) { + const interval = [1,5,10,30]; + for (let i = 0; i < interval.length; i++) { + let secs = interval[i]; + doesJclExist=zosDataset.isDatasetExists(expectedMember); + if (!doesJclExist) { + os.sleep(secs*1000); + } else { + break; + } + } + + if (!doesJclExist) { + return undefined; + } + } + return jcllib; +} diff --git a/bin/libs/zwecli.sh b/bin/libs/zwecli.sh index 0131c5ff5b..2571be2015 100755 --- a/bin/libs/zwecli.sh +++ b/bin/libs/zwecli.sh @@ -273,7 +273,7 @@ EOF if [ -f "${command_path}/.help" ]; then echo "------------------" echo "Description" - padding_left "$(cat "${command_path}/.help")" " " + padding_left "$(sed 's/^```yaml$/```/g' "${command_path}/.help")" " " echo fi @@ -309,7 +309,7 @@ EOF # find sub-commands command_path=$(zwecli_calculate_command_path) subdirs=$(find_sub_directories "${command_path}") - if [ -n "${subdirs}" ]; then + if [ -n "${subdirs}" ]; then echo "------------------" echo "Available sub-command(s)" while read -r line; do @@ -326,7 +326,7 @@ EOF echo "Example(s)" padding_left "$(cat "${command_path}/.examples")" " " echo - fi + fi exit 100 fi } diff --git a/example-zowe.yaml b/example-zowe.yaml index 1f8a36c801..ebe8fd1271 100644 --- a/example-zowe.yaml +++ b/example-zowe.yaml @@ -40,6 +40,10 @@ zowe: dataset: # **COMMONLY_CUSTOMIZED** # where Zowe MVS data sets will be installed + # This prefix is used for the Zowe runtime datasets + # Including: + # Auth Load Lib: SZWEAUTH + # Load Lib: SZWELOAD prefix: IBMUSER.ZWEV2 # **COMMONLY_CUSTOMIZED** # PROCLIB where Zowe STCs will be copied over @@ -48,9 +52,6 @@ zowe: # Zowe PARMLIB parmlib: IBMUSER.ZWEV2.CUST.PARMLIB # Holds Zowe PARMLIB members for plugins - parmlibMembers: - # For ZIS plugins - zis: ZWESIP00 # **COMMONLY_CUSTOMIZED** # JCL library where Zowe will store temporary JCLs during initialization jcllib: IBMUSER.ZWEV2.CUST.JCLLIB @@ -63,32 +64,32 @@ zowe: authPluginLib: IBMUSER.ZWEV2.CUST.ZWESAPL # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> - # # Security related configurations. This setup is optional. - # security: - # # security product name. Can be RACF, ACF2 or TSS - # product: RACF - # # security group name - # groups: - # # Zowe admin user group - # admin: ZWEADMIN - # # Zowe STC group - # stc: ZWEADMIN - # # Zowe SysProg group - # sysProg: ZWEADMIN - # # security user name - # users: - # # Zowe runtime user name of main service - # zowe: ZWESVUSR - # # Zowe runtime user name of ZIS - # zis: ZWESIUSR - # # STC names - # stcs: - # # STC name of Zowe main service - # zowe: ZWESLSTC - # # STC name of Zowe ZIS - # zis: ZWESISTC - # # STC name of Zowe ZIS Auxiliary Server - # aux: ZWESASTC + # Security related configurations. This setup is optional. + security: + # security product name. Can be RACF, ACF2 or TSS + product: RACF + # security group name + groups: + # Zowe admin user group + admin: ZWEADMIN + # Zowe STC group + stc: ZWEADMIN + # Zowe SysProg group + sysProg: ZWEADMIN + # security user name + users: + # Zowe runtime user name of main service + zowe: ZWESVUSR + # Zowe runtime user name of ZIS + zis: ZWESIUSR + # STC names + stcs: + # STC name of Zowe main service + zowe: ZWESLSTC + # STC name of Zowe ZIS + zis: ZWESISTC + # STC name of Zowe ZIS Auxiliary Server + aux: ZWESASTC # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # Certificate related configurations @@ -104,40 +105,40 @@ zowe: # **COMMONLY_CUSTOMIZED** # Keystore directory directory: /var/zowe/keystore - # # Lock the keystore directory to only accessible by Zowe runtime user and group. - # lock: true + # Lock the keystore directory to only accessible by Zowe runtime user and group. + lock: true # **COMMONLY_CUSTOMIZED** - # # Certificate alias name. Optional, default value is localhost. - # # Note: please use all lower cases as alias. - # name: localhost + # Certificate alias name. Optional, default value is localhost. + # Note: please use all lower cases as alias. + name: localhost # **COMMONLY_CUSTOMIZED** - # # Keystore password. Optional, default value is password. - # password: password + # Keystore password. Optional, default value is password. + password: password # **COMMONLY_CUSTOMIZED** - # # Alias name of self-signed certificate authority. Optional, default value is local_ca. - # # Note: please use all lower cases as alias. - # caAlias: local_ca + # Alias name of self-signed certificate authority. Optional, default value is local_ca. + # Note: please use all lower cases as alias. + caAlias: local_ca # **COMMONLY_CUSTOMIZED** - # # Password of keystore stored self-signed certificate authority. Optional, default value is local_ca_password. - # caPassword: local_ca_password - # # Distinguished name for Zowe generated certificates. All optional. - # dname: - # caCommonName: "" - # commonName: "" - # orgUnit: "" - # org: "" - # locality: "" - # state: "" - # country: "" - # # Validity days for Zowe generated certificates - # validity: 3650 - # # Domain names and IPs should be added into certificate SAN - # # If this field is not defined, `zwe init` command will use - # # `zowe.externalDomains`. + # Password of keystore stored self-signed certificate authority. Optional, default value is local_ca_password. + caPassword: local_ca_password + # Distinguished name for Zowe generated certificates. All optional. + dname: + caCommonName: "Zowe Development Instances CA" + commonName: "Zowe Development Instances Certificate" + orgUnit: "API Mediation Layer" + org: "Zowe Sample" + locality: "Prague" + state: "Prague" + country: "CZ" + # Validity days for Zowe generated certificates + validity: 3650 + # Domain names and IPs should be added into certificate SAN + # If this field is not defined, `zwe init` command will use + # `zowe.externalDomains`. # san: - # # sample domain name - # - dvipa.my-company.com - # # sample IP address + # # sample domain name + # - dvipa.my-company.com + # # sample IP address # - 12.34.56.78 # # >>>> Certificate setup scenario 2 @@ -183,31 +184,38 @@ zowe: # # keyring name # name: ZoweKeyring # # **COMMONLY_CUSTOMIZED** - # # # Label of Zowe certificate. Optional, default value is localhost. - # # label: localhost + # # Label of Zowe certificate. Optional, default value is localhost. + # label: localhost # # **COMMONLY_CUSTOMIZED** - # # # label of Zowe CA certificate. Optional, default value is localca. - # # caLabel: localca - # # # Distinguished name for Zowe generated certificates. All optional. - # # dname: - # # caCommonName: "" - # # commonName: "" - # # orgUnit: "" - # # org: "" - # # locality: "" - # # state: "" - # # country: "" - # # # Validity days for Zowe generated certificates - # # validity: 3650 - # # # Domain names and IPs should be added into certificate SAN - # # # If this field is not defined, `zwe init` command will use - # # # `zowe.externalDomains`. - # # # **NOTE**: due to the limitation of RACDCERT command, this field should - # # # contain exactly 2 entries with the domain name and IP address. + # # label of Zowe CA certificate. Optional, default value is localca. + # caLabel: localca + # # If zowe.verifyCertificates is not DISABLED, zOSMF certificate + # # Will be registered with the truststore. You can customize how this is performed here. + # zOSMF: + # ca: "_auto_" + # user: "IZUSVR" + # # Distinguished name for Zowe generated certificates. All optional. + # dname: + # caCommonName: "Zowe Development Instances CA" + # commonName: "Zowe Development Instances Certificate" + # orgUnit: "API Mediation Layer" + # org: "Zowe Sample" + # locality: "Prague" + # state: "Prague" + # country: "CZ" + # # Validity days for Zowe generated certificates + # validity: 3650 + # # **COMMONLY_CUSTOMIZED** + # # Domain names and IPs should be added into certificate SAN + # # If this field is not defined, `zwe init` command will use + # # `zowe.externalDomains`. + # # **NOTE**: due to the limitation of RACDCERT command, this field should + # # contain exactly 2 entries with the domain name and IP address. # # san: # # - dvipa.my-company.com # # - 12.34.56.78 + # # >>>> Certificate setup scenario 4 # # Zowe generated z/OS Keyring and connect to existing certificate # certificate: @@ -224,6 +232,12 @@ zowe: # # **COMMONLY_CUSTOMIZED** # # Label of the existing certificate will be connected to Zowe keyring. # label: "" + # # If zowe.verifyCertificates is not DISABLED, zOSMF certificate + # # Will be registered with the truststore. You can customize how this is performed here. + # zOSMF: + # ca: "_auto_" + # user: "IZUSVR" + # # **COMMONLY_CUSTOMIZED** # # If you have other certificate authorities want to be trusted in Zowe keyring, # # list the certificate labels here. @@ -252,9 +266,15 @@ zowe: # # **COMMONLY_CUSTOMIZED** # # Password for the PKCS12 data set. # password: "" + # # If zowe.verifyCertificates is not DISABLED, zOSMF certificate + # # Will be registered with the truststore. You can customize how this is performed here. + # zOSMF: + # ca: "_auto_" + # user: "IZUSVR" # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # VSAM configurations if you are using VSAM as Caching Service storage + # This is used in the optional "zwe init vsam" command. vsam: # VSAM data set with Record-Level-Sharing enabled or not # Valid values could be: NONRLS or RLS. @@ -263,6 +283,8 @@ zowe: volume: "" # Storage class name if you are using VSAM in RLS mode storageClass: "" + # Data set name. Must match components.caching-service.storage.vsam.name + # name: "" # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # **COMMONLY_CUSTOMIZED** @@ -292,22 +314,10 @@ zowe: # Where extensions are installed extensionDirectory: /global/zowe/extensions - # **COMMONLY_CUSTOMIZED** - useConfigmgr: true - # Setting to true will enable: - # * schema-backed validation of zowe.yaml - # * should greatly improve startup time. - # * can supply multiple zowe.yaml as defaults & overrides in the format of - # FILE(/my/customizations.yaml):PARMLIB(MYORG.ZOWE(YAML)):FILE(/zowe/defaults.yaml) - # * allows templating in zowe.yaml by putting references within ${{ }} blocks such as - # rewriting the job section below as - # job: - # name: ${{ zowe.job.prefix }}SV - # prefix: ZWE1 configmgr: # STRICT=quit on any error, including missing schema # COMPONENT-COMPAT=if component missing schema, skip it with warning instead of quit - validation: "COMPONENT-COMPAT" + validation: "STRICT" # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # runtime z/OS job name @@ -464,7 +474,7 @@ zowe: #------------------------------------------------------------------------------- java: # **COMMONLY_CUSTOMIZED** - # Path to your Java home directory + # Path to Java home directory. If java is at '/java/home/bin/java', than this would be '/java/home' home: "" @@ -479,7 +489,7 @@ java: #------------------------------------------------------------------------------- node: # **COMMONLY_CUSTOMIZED** - # Path to your node.js home directory + # Path to Node home directory. If node is at '/node/home/bin/node', than this would be '/node/home' home: "" diff --git a/files/SZWESAMP/ZWECSVSM b/files/SZWESAMP/ZWECSVSM index b0f5591805..226b0dbd6f 100644 --- a/files/SZWESAMP/ZWECSVSM +++ b/files/SZWESAMP/ZWECSVSM @@ -1,73 +1,58 @@ -//ZWECSVSM JOB -//* -//* This program and the accompanying materials are made available -//* under the terms of the Eclipse Public License v2.0 which -//* accompanies this distribution, and is available at -//* https://www.eclipse.org/legal/epl-v20.html -//* -//* SPDX-License-Identifier: EPL-2.0 -//* -//* Copyright Contributors to the Zowe Project. 2020, 2020 -//* -//********************************************************************* -//* -//* Zowe Open Source Project -//* This JCL creates the VSAM data set for the Caching Service. -//* -//* -//* CAUTION: This is neither a JCL procedure nor a complete job. -//* Before using this JCL, you will have to make the following -//* modifications: -//* -//* 1) Add job name and job parameters to the JOB statement, to -//* meet your system requirements. -//* -//* 2) Change all #dsname placeholders to the desired data set name -//* of the VSAM cluster. The maximum length is 38 characters. -//* -//* 3) Select whether the VSAM will utilize Record Level Sharing (RLS) -//* services or not by updating the SET MODE= statement to specify -//* either RLS or NONRLS. -//* -//* When using RLS, customize the definitions in the RLS DD: -//* -//* 4) Change the #storclas placeholder to the desired storage class -//* name. -//* -//* 5) Optionally, change LOG option NONE to UNDO or ALL to set the -//* desired recovery options for the RLS VSAM. -//* -//* When NOT using RLS, customize the definitions in the NONRLS DD: -//* -//* 6) Change the #volume placeholder to the desired volume label. -//* -//* Note(s): -//* -//* 1. This job should complete with return code 0. -//* -//******************************************************************** -//* -// SET MODE=NONRLS RLS or NONRLS -//* -//ALLOC EXEC PGM=IDCAMS,REGION=0M -//SYSPRINT DD SYSOUT=* -//SYSIN DD * - DEFINE CLUSTER - - (NAME(#dsname) - -// DD DDNAME=&MODE -// DD * - REC(80 20) - - INDEXED) - - DATA(NAME(#dsname.DATA) - - RECSZ(4096 4096) - - UNIQUE - - KEYS(128 0)) - - INDEX(NAME(#dsname.INDEX) - - UNIQUE) -//RLS DD * - STORCLAS(#storclas) - - LOG(NONE) - -//NONRLS DD * - VOLUME(#volume) - - SHAREOPTIONS(2 3) - -//* +//ZWECSVSM JOB +//* +//* This program and the accompanying materials are made available +//* under the terms of the Eclipse Public License v2.0 which +//* accompanies this distribution, and is available at +//* https://www.eclipse.org/legal/epl-v20.html +//* +//* SPDX-License-Identifier: EPL-2.0 +//* +//* Copyright Contributors to the Zowe Project. 2020, 2020 +//* +//********************************************************************* +//* +//* Zowe Open Source Project +//* This JCL creates the VSAM data set for the Caching Service. +//* +//* +//* CAUTION: This is neither a JCL procedure nor a complete job. +//* Before using this JCL, you will have to make the following +//* modifications: +//* +//* 1) Add job name and job parameters to the JOB statement, to +//* meet your system requirements. +//* +//* When using RLS, customize the definitions in the RLS DD: +//* +//* 2) Optionally, change LOG option NONE to UNDO or ALL to set the +//* desired recovery options for the RLS VSAM. +//* +//* +//* Note(s): +//* +//* 1. This job should complete with return code 0. +//* +//******************************************************************** +//* +//ALLOC EXEC PGM=IDCAMS,REGION=0M +//SYSPRINT DD SYSOUT=* +//SYSIN DD * + DEFINE CLUSTER - + (NAME({zowe.setup.vsam.name}) - +// DD DDNAME={zowe.setup.vsam.mode} +// DD * + REC(80 20) - + INDEXED) - + DATA(NAME({zowe.setup.vsam.name}.DATA) - + RECSZ(4096 4096) - + UNIQUE - + KEYS(128 0)) - + INDEX(NAME({zowe.setup.vsam.name}.INDEX) - + UNIQUE) +//RLS DD * + STORCLAS({zowe.setup.vsam.storageClass}) - + LOG(NONE) - +//NONRLS DD * + VOLUME({zowe.setup.vsam.volume}) - + SHAREOPTIONS(2 3) - +//* diff --git a/files/SZWESAMP/ZWEINSTL b/files/SZWESAMP/ZWEINSTL index 525a794991..93bdb684a7 100644 --- a/files/SZWESAMP/ZWEINSTL +++ b/files/SZWESAMP/ZWEINSTL @@ -11,7 +11,7 @@ //* //********************************************************************* //* -//MKPDSE EXEC PGM=IKJEFT01 +//MKPDSE EXEC PGM=IKJEFT01,DYNAMNBR=4 //SYSTSPRT DD SYSOUT=A //SYSTSIN DD * ALLOC NEW DA('{zowe.setup.dataset.prefix}.SZWESAMP') + @@ -37,23 +37,21 @@ blksize(32760) unit(sysallda) space(30,15) tracks //STDERR DD SYSOUT=* //STDPARM DD * SH cd '{zowe.runtimeDirectory}' && -cd 'files/SZWESAMP' && -cp * "//'{zowe.setup.dataset.prefix}.SZWESAMP'" && -cd '../SZWEEXEC' && -cp * "//'{zowe.setup.dataset.prefix}.SZWEEXEC'" && -cd '../SZWELOAD' && -cp * "//'{zowe.setup.dataset.prefix}.SZWELOAD'" && -cd '../../components/launcher/bin' && +ZWE_TMP_PREFIX='{zowe.setup.dataset.prefix}' && +cd files/SZWESAMP && +cp * "//'$ZWE_TMP_PREFIX.SZWESAMP'" && +cd ../SZWEEXEC && +cp * "//'$ZWE_TMP_PREFIX.SZWEEXEC'" && +cd ../SZWELOAD && +cp * "//'$ZWE_TMP_PREFIX.SZWELOAD'" && +cd ../../components/launcher/bin && cp zowe_launcher - "//'{zowe.setup.dataset.prefix}.SZWEAUTH(ZWELNCH)'" && -cd '../../zss/SAMPLIB' && -cp ZWESIP00 ZWESISCH - "//'{zowe.setup.dataset.prefix}.SZWESAMP'" && -cp ZWESAUX - "//'{zowe.setup.dataset.prefix}.SZWESAMP(ZWESASTC)'" && -cp ZWESIS01 - "//'{zowe.setup.dataset.prefix}.SZWESAMP(ZWESISTC)'" && -cd '../LOADLIB' && -cp ZWESIS01 ZWESAUX ZWESISDL - "//'{zowe.setup.dataset.prefix}.SZWEAUTH'" -/* + "//'$ZWE_TMP_PREFIX.SZWEAUTH(ZWELNCH)'" && +cd ../samplib/ && +cp * "//'$ZWE_TMP_PREFIX.SZWESAMP'" && +cd ../../zss/SAMPLIB && +cp ZWESASTC ZWESIP00 ZWESISCH ZWESISTC + "//'$ZWE_TMP_PREFIX.SZWESAMP'" && +cd ../LOADLIB && +cp * "//'$ZWE_TMP_PREFIX.SZWEAUTH'" +/* \ No newline at end of file diff --git a/files/SZWESAMP/ZWEKRING b/files/SZWESAMP/ZWEKRING deleted file mode 100644 index 43f5dcb2f0..0000000000 --- a/files/SZWESAMP/ZWEKRING +++ /dev/null @@ -1,721 +0,0 @@ -//ZWEKRING JOB -//* -//* This program and the accompanying materials are made available -//* under the terms of the Eclipse Public License v2.0 which -//* accompanies this distribution, and is available at -//* https://www.eclipse.org/legal/epl-v20.html -//* -//* SPDX-License-Identifier: EPL-2.0 -//* -//* Copyright Contributors to the Zowe Project. 2020, 2020 -//* -//********************************************************************* -//* -//* Zowe Open Source Project -//* This JCL can be used to define key ring and certificates for Zowe -//* -//********************************************************************* -//* ATTENTION! -//* Configure certificate for Zowe -//* Select one of three options which is the most suitable for your -//* environment and follow the appropriate action -//* -//* Options: -//* 1. (default option) Generate Zowe's certificate that will be -//* signed by the Zowe's local CA -//* -//* 2. Zowe's certificate is already loaded in RACF database -//* ACTION: -//* a. modify the following snippet -//* CONNECT(SITE | ID(userid) + -//* LABEL('certlabel') + -//* to match the owner of the desired certificate -//* -//* 3. Import external Zowe's certificate from a data set in PKCS12 -//* format -//* -//********************************************************************* -//* -//* CAUTION: This is neither a JCL procedure nor a complete job. -//* Before using this JCL, you will have to make the following -//* modifications: -//* -//* 1) Add job name and job parameters to the JOB statement, to -//* meet your system requirements. -//* -//* 2) Update the SET PRODUCT= statement to match your security -//* product. -//* -//* 3) Update the SET ZOWEUSER= statement to match the existing -//* user ID for the Zowe started task. -//* -//* 4) Update the SET ZOWERING= statement to match the desired -//* name of the keyring owned by the &ZOWEUSER user ID. -//* -//* 5) Specify the option number which is suitable for your -//* environment by the SET OPTION statement. -//* Option 1 considers as default option. -//* -//* 6) Update the SET LABEL= statement with the name of the Zowe -//* certificate that will be defined, or added to the security -//* database or if that is already stored in the security database. -//* -//* 7) Specify the distinguished name of the Zowe's local CA by -//* updating the SET statements CN=, OU=, O=, L=, SP=, C=, and -//* LOCALCA=. -//* -//* 8) Update the SET HOSTNAME= variable to match the hostname where -//* Zowe is to run. -//* -//* 9) Update the SET IPADDRES= variable to match the IP address -//* where Zowe is to run. -//* -//* 10) Update the SET DSNAME= statement if you plan to add the Zowe -//* certificate from a data set in PKCS12 format. -//* -//* 11) Update the SET PKCSPASS= statement to match the password for -//* the PKCS12 data set. -//* -//* 12) If you have external certificate authorities for ITRMZWCA -//* and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. -//* -//* 13) Update the SET ITRMZWCA= variable to match the intermediate -//* CA of the Zowe certificate. It is only applicable if Zowe -//* certificate signed by a recognized certificate authority (CA). -//* -//* 14) Update the SET ROOTZWCA= variable to match the root CA of the -//* Zowe certificate. It is only applicable if Zowe certificate -//* signed by a recognized certificate authority (CA). -//* -//* 15) If you enable VERIFY_CERTIFICATES or -//* NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set -//* IFROZFCA to 1 to connect z/OSMF certificate authority to -//* Zowe keyring. Otherwise set to 0. -//* -//* 16) Update the SET ROOTZFCA= variable to match the root CA of the -//* z/OSMF certificate. It is only applicable if z/OSMF -//* certificate signed by a recognized certificate authority (CA). -//* -//* 17) Customize the commands in the DD statement that matches your -//* security product so that they meet your system requirements. -//* -//* Note(s): -//* -//* 1. The userid that runs this job must have sufficient authority -//* to alter security definitions -//* -//* 2. Assumption: signing CA chain of the Zowe external certificate is -//* added to the security database under the CERTAUTH userid. -//* -//* 3. If the Zowe certificate is imported from a data set then -//* the certificate has to be in PKCS12 format and has to -//* contain Zowe certificate's signing CA chain and private key. -//* -//* 4. This job WILL complete with return code 0. -//* The results of each command must be verified after completion. -//* -//********************************************************************* -// EXPORT SYMLIST=* -//* -// SET PRODUCT=RACF * RACF, ACF2, or TSS -//* 12345678 -// SET ZOWEUSER=ZWESVUSR * userid for Zowe started task -//* 12345678 -//* -//* * Keyring for the Zowe userid -// SET ZOWERING='ZoweKeyring' -//* * Option number to configure Zowe certificate -//* * Valid options: 1,2,3 -//* * Default option is 1 -// SET OPTION=1 -//* * Zowe's certificate label -// SET LABEL='localhost' -//* * Zowe's local CA name -// SET LOCALCA='localca' -//* * Zowe's local CA common name -// SET CN='Zowe Development Instances' -//* * Zowe's local CA organizational unit -// SET OU='API Mediation Layer' -//* * Zowe's local CA organization -// SET O='Zowe Sample' -//* * Zowe's local CA city/locality -// SET L='Prague' -//* * Zowe's local CA state/province -// SET SP='Prague' -//* * Zowe's local CA country -// SET C='CZ' -//* * Hostname of the system where Zowe is to run -// SET HOSTNAME='' -//* * IP address of the system where Zowe is to run -// SET IPADDRES='' -//* * Name of the data set containing Zowe's certificate (PKCS12) -// SET DSNAME= -//* * Password for the PKCS12 data set -// SET PKCSPASS='' -//* * If you have external certificate authorities for ITRMZWCA -//* * and/or ROOTZWCA, set IFZOWECA to 1 to connect to Zowe keyring. -// SET IFZOWECA=0 -//* * Label of the intermediate CA of the Zowe certificate -//* if applicable -// SET ITRMZWCA='' -//* * Label of the root CA of the Zowe certificate if applicable -// SET ROOTZWCA='' -//* * If you enable VERIFY_CERTIFICATES or -//* * NONSTRICT_VERIFY_CERTIFICATES and define ROOTZFCA, set -//* * IFROZFCA to 1 to connect z/OSMF certificate authority to -//* * Zowe keyring. Otherwise set to 0. -// SET IFROZFCA=0 -//* * Label of the root CA of the z/OSMF certificate if -//* applicable -// SET ROOTZFCA='' -//* -//* ACF2 ONLY - - - - - - - - - - - - - - - - - -//* 12345678 -// SET STCGRP= * group for Zowe started tasks -//* 12345678 -//* -//* end ACF2 ONLY - - - - - - - - - - - - - - - - -//* -//********************************************************************* -//* -//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT -//* -//RUNRACF EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//* -//********************************************************************* -//* -//* RACF ONLY, customize to meet your system requirements -//* -//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Create the keyring .............................................. */ - RACDCERT ADDRING(&ZOWERING.) ID(&ZOWEUSER.) - SETROPTS RACLIST(DIGTRING) REFRESH -$$ -//IFOPT1 IF (&OPTION EQ 1) THEN -//RUNOPT1 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Option 1 - Default Option - BEGINNING ........................... */ -/* Create Zowe's local CA authority .................................*/ - RACDCERT GENCERT CERTAUTH + - SUBJECTSDN( + - CN('&CN. CA') + - OU('&OU.') + - O('&O.') + - L('&L.') + - SP('&SP.') + - C('&C.')) + - SIZE(2048) + - NOTAFTER(DATE(2030-05-01)) + - WITHLABEL('&LOCALCA') + - KEYUSAGE(CERTSIGN) - -/* Connect Zowe's local CA authority to the keyring ................ */ - RACDCERT CONNECT(CERTAUTH LABEL('&LOCALCA') + - RING(&ZOWERING.)) + - ID(&ZOWEUSER.) - -/* Create a certificate signed by local zowe's CA .................. */ - RACDCERT GENCERT ID(&ZOWEUSER.) + - SUBJECTSDN( + - CN('&CN. certificate') + - OU('&OU.') + - O('&O.') + - L('&L.') + - SP('&SP.') + - C('&C.')) + - SIZE(2048) + - NOTAFTER(DATE(2030-05-01)) + - WITHLABEL('&LABEL.') + - KEYUSAGE(HANDSHAKE) + - ALTNAME(IP(&IPADDRES) + - DOMAIN('&HOSTNAME')) + - SIGNWITH(CERTAUTH LABEL('&LOCALCA')) - -/* Connect a Zowe's certificate with the keyring ................... */ - RACDCERT CONNECT(ID(&ZOWEUSER.) + - LABEL('&LABEL.') + - RING(&ZOWERING.) + - USAGE(PERSONAL) DEFAULT) + - ID(&ZOWEUSER.) - - SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH - -/* Option 1 - Default Option - END ................................. */ -$$ -//IFOPT1ED ENDIF -//* -//IFOPT2 IF (&OPTION EQ 2) THEN -//RUNOPT2 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Option 2 - BEGINNING ............................................ */ -/* Connect a Zowe's certificate with the keyring ................... */ - RACDCERT CONNECT(SITE | ID(userid) + - LABEL('certlabel') + - RING(&ZOWERING.) + - USAGE(PERSONAL) DEFAULT) + - ID(&ZOWEUSER.) - - SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH - -/* Option 2 - END .................................................. */ -$$ -//IFOPT2ED ENDIF -//* -//IFOPT3 IF (&OPTION EQ 3) THEN -//RUNOPT3 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Option 3 - BEGINNING ............................................ */ -/* Import external certificate from data set ....................... */ - RACDCERT ADD('&DSNAME.') + - ID(&ZOWEUSER.) + - WITHLABEL('&LABEL.') + - PASSWORD('&PKCSPASS.') + - TRUST - -/* Connect a Zowe's certificate with the keyring ................... */ - RACDCERT CONNECT(ID(&ZOWEUSER.) + - LABEL('&LABEL.') + - RING(&ZOWERING.) + - USAGE(PERSONAL) DEFAULT) + - ID(&ZOWEUSER.) - - SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH - -/* Option 3 - END .................................................. */ -$$ -//IFOPT3ED ENDIF -//* -//IFZWCA IF (&IFZOWECA EQ 1) THEN -//RUNZWCA EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Connect all CAs of the Zowe certificate's signing chain with the */ -/* keyring ......................................................... */ - RACDCERT CONNECT(CERTAUTH + - LABEL('&ITRMZWCA.') + - RING(&ZOWERING.) USAGE(CERTAUTH)) + - ID(&ZOWEUSER.) - - RACDCERT CONNECT(CERTAUTH + - LABEL('&ROOTZWCA.') + - RING(&ZOWERING.) USAGE(CERTAUTH)) + - ID(&ZOWEUSER.) - - SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH -$$ -//IFZWCAED ENDIF -//* -//IFZFCA IF (&IFROZFCA EQ 1) THEN -//RUNZFCA EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Connect the z/OSMF root CA signed by a recognized certificate ... */ -/* authority (CA) with the keyring ................................. */ - RACDCERT CONNECT(CERTAUTH + - LABEL('&ROOTZFCA.') + - RING(&ZOWERING.) USAGE(CERTAUTH)) + - ID(&ZOWEUSER.) - - SETROPTS RACLIST(DIGTCERT,DIGTRING) REFRESH -$$ -//IFZFCAED ENDIF -//* -//COMRACF EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* A common part for all options - BEGINNING ....................... */ - -/* Allow ZOWEUSER to access keyring ................................ */ - -/* Activate RDATALIB class holding profiles that control ........... */ -/* certificate access ............................................. */ - SETROPTS CLASSACT(RDATALIB) RACLIST(RDATALIB) - -/* Define profiles that control certificate access ................. */ - RDEFINE RDATALIB &ZOWEUSER..&ZOWERING..LST UACC(NONE) - -/* Permit server user ID to access key ring and related ............ */ -/* private keys. ................................................... */ - PERMIT &ZOWEUSER..&ZOWERING..LST CLASS(RDATALIB) ID(&ZOWEUSER.) + - ACCESS(CONTROL) - -/* Uncomment this command to allow other user to access key ring ... */ -/* PERMIT &ZOWEUSER..&ZOWERING..LST CLASS(RDATALIB) ID() + */ -/* ACCESS(READ) */ - -/* Refresh to dynamically activate the changes. .................... */ - SETROPTS RACLIST(RDATALIB) REFRESH - -/* IRR.DIGTCERT logic pre-dates RDATALIB logic, and is not used when */ -/* the RDATALIB profile is used. The following PERMIT commands are . */ -/* present for customers who do not wish to use RDATALIB and want to */ -/* continue using their existing IRR.DIGTCERT setup. Note that the . */ -/* PERMIT commands will fail if the IRR.DIGTCERT profiles do not ... */ -/* already exist. .................................................. */ - PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) ID(&ZOWEUSER.) + - ACCESS(READ) - PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) ID(&ZOWEUSER.) + - ACCESS(READ) - -/* Uncomment this command if SITE user owns the Zowe certificate ... */ -/* PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) ID(&ZOWEUSER.) + */ -/* ACCESS(CONTROL) */ - - SETROPTS RACLIST(FACILITY) REFRESH - -/* show results .................................................... */ - RLIST RDATALIB &ZOWEUSER..&ZOWERING..LST ALL - RLIST FACILITY IRR.DIGTCERT.LISTRING ALL - RLIST FACILITY IRR.DIGTCERT.LIST ALL - RLIST FACILITY IRR.DIGTCERT.GENCERT ALL - -/* List the keyring ................................................ */ - RACDCERT LISTRING(&ZOWERING.) ID(&ZOWEUSER.) - -/* Common part - END ............................................... */ -/* only the last RC is returned, this command ensures it is a 0 .... */ -PROFILE -$$ -//******************************************************************* -//* -//* ACF2 ONLY, customize to meet your system requirements -//* -//******************************************************************* -//RUNACF2 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//* -//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY -ACF -// -* Create the keyring .............................................. */ - SET PROFILE(USER) DIVISION(KEYRING) - INSERT &ZOWEUSER..ZOWERING RINGNAME(&ZOWERING.) - F ACF2,REBUILD(USR),CLASS(P),DIVISION(KEYRING) -$$ -//IFOPT1 IF (&OPTION EQ 1) THEN -//RUNOPT1 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY -ACF -// -* Option 1 - Default Option - BEGINNING ........................... */ -* Create Zowe's local CA authority ................................ */ - SET PROFILE(USER) DIVISION(CERTDATA) - GENCERT CERTAUTH.ZOWECA LABEL(&LOCALCA) SIZE(2048) - - SUBJSDN(CN='&CN. CA' - - OU='&OU.' - - O='&O.' - - L='&L.' - - SP='&SP.' - - C='&C.') - - EXPIRE(05/01/30) - - KEYUSAGE(CERTSIGN) -* -* Connect Zowe's local CA authority to the keyring ................ */ - SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA(CERTAUTH.ZOWECA) RINGNAME(&ZOWERING.) - - KEYRING(&ZOWEUSER..ZOWERING) USAGE(CERTAUTH) - CHKCERT CERTAUTH.ZOWECA -* -* Create a certificate signed by local zowe's CA .................. */ - SET PROFILE(USER) DIV(CERTDATA) - GENCERT &ZOWEUSER..ZOWECERT - - SUBJSDN(CN='&CN. certificate' - - OU='&OU.' - - O='&O.' - - L='&L.' - - SP='&SP.' - - C='&C.') - - SIZE(2048) - - EXPIRE(05/01/30) - - LABEL(&LABEL.) - - KEYUSAGE(HANDSHAKE) - - ALTNAME(IP=&IPADDRES DOMAIN=&HOSTNAME) - - SIGNWITH(CERTAUTH.ZOWECA) -* -* Connect a Zowe's certificate with the keyring ................... */ - SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA(&ZOWEUSER..ZOWECERT) - - KEYRING(&ZOWEUSER..ZOWERING) USAGE(PERSONAL) DEFAULT - CHKCERT &ZOWEUSER..ZOWECERT -* -* Option 1 - Default Option - END ................................. */ -$$ -//IFOPT1ED ENDIF -//* -//IFOPT2 IF (&OPTION EQ 2) THEN -//RUNOPT2 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY -ACF -// -* Option 2 - BEGINNING ............................................ */ -* Connect a Zowe's certificate with the keyring ................... */ - SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA(SITECERT.digicert | userid.digicert) - - KEYRING(&ZOWEUSER..ZOWERING) USAGE(PERSONAL) DEFAULT - CHKCERT &ZOWEUSER..ZOWECERT -* -* Option 2 - END .................................................. */ -$$ -//IFOPT2ED ENDIF -//* -//IFOPT3 IF (&OPTION EQ 3) THEN -//RUNOPT3 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY -ACF -// -* Option 3 - BEGINNING ............................................ */ -* Import external certificate from data set ....................... */ - SET PROFILE(USER) DIV(CERTDATA) - INSERT &ZOWEUSER..ZOWECERT - - DSNAME('&DSNAME.') - - LABEL(&LABEL.) - - PASSWORD('&PKCSPASS.') - - TRUST -* -* Connect a Zowe's certificate with the keyring ................... */ - SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA(&ZOWEUSER..ZOWECERT) - - KEYRING(&ZOWEUSER..ZOWERING) USAGE(PERSONAL) DEFAULT - CHKCERT &ZOWEUSER..ZOWECERT -* -* Option 3 - END .................................................. */ -$$ -//IFOPT3ED ENDIF -//* -//IFZWCA IF (&IFZOWECA EQ 1) THEN -//RUNZWCA EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY -ACF -// -* Connect all CAs of the Zowe certificate's signing chain with the */ -* keyring ......................................................... */ - SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA(CERTAUTH.&ITRMZWCA.) RINGNAME(&ZOWERING.) - - KEYRING(&ZOWEUSER..ZOWERING) USAGE(CERTAUTH) -* - CONNECT CERTDATA(CERTAUTH.&ROOTZWCA.) RINGNAME(&ZOWERING.) - - KEYRING(&ZOWEUSER..ZOWERING) USAGE(CERTAUTH) -$$ -//IFZWCAED ENDIF -//* -//IFZFCA IF (&IFROZFCA EQ 1) THEN -//RUNZFCA EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY -ACF -// -* Connect the z/OSMF root CA signed by a recognized certificate ... */ -* authority (CA) with the keyring ................................. */ - SET PROFILE(USER) DIVISION(CERTDATA) - CONNECT CERTDATA(CERTAUTH.&ROOTZFCA.) RINGNAME(&ZOWERING.) - - KEYRING(&ZOWEUSER..ZOWERING) USAGE(CERTAUTH) -$$ -//IFZFCAED ENDIF -//* -//COMACF2 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY -ACF -// -* A common part for all options - BEGINNING ....................... */ -* -* Allow ZOWEUSER to access keyring ................................ */ - SET RESOURCE(FAC) - RECKEY IRR ADD(DIGTCERT.LISTRING ROLE(&STCGRP) - - SERVICE(READ) ALLOW) -* -* Uncomment this command if SITE acid owns the Zowe certificate ... */ -* RECKEY IRR ADD(DIGTCERT.GENCERT ROLE(&STCGRP) - -* SERVICE(CONTROL) ALLOW) -* - F ACF2,REBUILD(FAC) -* -* List the keyring ................................................ */ - SET PROFILE(USER) DIVISION(KEYRING) - LIST &ZOWEUSER..ZOWERING -* Common part - END ............................................... */ -$$ -//******************************************************************** -//* -//* Top Secret ONLY, customize to meet your system requirements -//* -//******************************************************************** -//RUNTSS EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//* -//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Create the keyring .............................................. */ - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING(&ZOWERING.) -$$ -//IFOPT1 IF (&OPTION EQ 1) THEN -//RUNOPT1 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Create Zowe's local CA authority ............................... */ - TSS GENCERT(CERTAUTH) + - DIGICERT(ZOWECA) + - SUBJECTN( + - 'CN="&CN. CA" + - OU="&OU." + - O="&O." + - L="&L." + - SP="&SP." + - C="&C." ') + - KEYSIZE(2048) + - NADATE(05/01/30) + - LABLCERT(&LOCALCA) + - KEYUSAGE('CERTSIGN') - -/* Connect Zowe's local CA authority to the keyring ................ */ - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING(&ZOWERING.) + - RINGDATA(CERTAUTH,ZOWECA) - -/* Create a certificate signed by local zowe's CA .................. */ - TSS GENCERT(&ZOWEUSER.) + - DIGICERT(ZOWECERT) + - SUBJECTN( + - 'CN="&CN. certificate" + - OU="&OU." + - O="&O." + - L="&L." + - SP="&SP." + - C="&C." ') + - KEYSIZE(2048) + - NADATE(05/01/30) + - LABLCERT(&LABEL.) + - KEYUSAGE('HANDSHAKE') + - ALTNAME('DOMAIN=&HOSTNAME') + - SIGNWITH(CERTAUTH,ZOWECA) - -/* Connect a Zowe's certificate with the keyring ................... */ - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) + - RINGDATA(&ZOWEUSER.,ZOWECERT) + - USAGE(PERSONAL) DEFAULT - -/* Option 1 - Default Option - END ................................. */ -$$ -//IFOPT1ED ENDIF -//* -//IFOPT2 IF (&OPTION EQ 2) THEN -//RUNOPT2 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Option 2 - BEGINNING ............................................ */ -/* Connect a Zowe's certificate with the keyring ................... */ - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) + - RINGDATA(CERTSITE|userid,digicert) + - USAGE(PERSONAL) DEFAULT - -/* Option 2 - END .................................................. */ -$$ -//IFOPT2ED ENDIF -//* -//IFOPT3 IF (&OPTION EQ 3) THEN -//RUNOPT3 EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Option 3 - BEGINNING ............................................ */ -/* Import external certificate from data set ....................... */ - TSS ADD(&ZOWEUSER.) + - DIGICERT(ZOWECERT) + - DCDSN(&DSNAME.) + - LABLCERT(&LABEL.) + - PKCSPASS('&PKCSPASS.') + - TRUST - -/* Connect a Zowe's certificate with the keyring ................... */ - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) + - RINGDATA(&ZOWEUSER.,ZOWECERT) + - USAGE(PERSONAL) DEFAULT - -/* Option 3 - END .................................................. */ -$$ -//IFOPT3ED ENDIF -//* -//IFZWCA IF (&IFZOWECA EQ 1) THEN -//RUNZWCA EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Connect all CAs of the Zowe certificate's signing chain with the */ -/* keyring ......................................................... */ - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING(&ZOWERING.) + - RINGDATA(CERTAUTH,&ITRMZWCA.) USAGE(CERTAUTH) - - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING(&ZOWERING.) + - RINGDATA(CERTAUTH,&ROOTZWCA.) USAGE(CERTAUTH) -$$ -//IFZWCAED ENDIF -//* -//IFZFCA IF (&IFROZFCA EQ 1) THEN -//RUNZFCA EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Connect the z/OSMF root CA signed by a recognized certificate ... */ -/* authority (CA) with the keyring ................................. */ - TSS ADD(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING(&ZOWERING.) + - RINGDATA(CERTAUTH,&ROOTZFCA.) USAGE(CERTAUTH) -$$ -//IFZFCAED ENDIF -//* -//COMTSS EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* A common part for all options starts here ....................... */ - -/* Allow ZOWEUSER to access keyring ................................ */ - TSS PERMIT(&ZOWEUSER.) IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) - -/* Uncomment this command if SITE acid owns the Zowe certificate ... */ -/* TSS PERMIT(&ZOWEUSER.) IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) - -/* List the keyring ................................................ */ - TSS LIST(&ZOWEUSER.) KEYRING(ZOWERING) LABLRING(&ZOWERING.) - -/* Common part - END ............................................... */ -/* only the last RC is returned, this command ensures it is a 0 */ -PROFILE -$$ -//* diff --git a/files/SZWESAMP/ZWENOKYR b/files/SZWESAMP/ZWENOKYR deleted file mode 100644 index 6f990e9fac..0000000000 --- a/files/SZWESAMP/ZWENOKYR +++ /dev/null @@ -1,179 +0,0 @@ -//ZWENOKYR JOB -//* -//* This program and the accompanying materials are made available -//* under the terms of the Eclipse Public License v2.0 which -//* accompanies this distribution, and is available at -//* https://www.eclipse.org/legal/epl-v20.html -//* -//* SPDX-License-Identifier: EPL-2.0 -//* -//* Copyright Contributors to the Zowe Project. 2020, 2020 -//* -//********************************************************************* -//* -//* Zowe Open Source Project -//* This JCL can be used to remove key ring and certificates for Zowe -//* -//* -//* CAUTION: This is neither a JCL procedure nor a complete job. -//* Before using this JCL, you will have to make the following -//* modifications: -//* -//* 1) Add job name and job parameters to the JOB statement, to -//* meet your system requirements. -//* -//* 2) Update the SET PRODUCT= statement to match your security -//* product. -//* -//* 3) Update the SET ZOWEUSER= statement to match the existing -//* user ID for the Zowe started task. -//* -//* 4) Update the SET ZOWERING= statement to match the desired -//* name of the keyring owned by the &ZOWEUSER user ID. -//* -//* 5) Update the SET LABEL= statement with the name of the Zowe -//* certificate that will be added to the security database or -//* that is already stored in the security database. -//* -//* 6) Specify the Zowe's local CA by updating the SET LOCALCA= -//* -//* 7) Customize the commands in the DD statement that matches your -//* security product so that they meet your system requirements. -//* -//* Note(s): -//* -//* 1. THE USER ID THAT RUNS THIS JOB MUST HAVE SUFFICIENT AUTHORITY -//* TO ALTER SECURITY DEFINITIONS -//* -//* 2. This job WILL complete with return code 0. -//* The results of each command must be verified after completion. -//* -//********************************************************************* -// EXPORT SYMLIST=* -//* -// SET PRODUCT=RACF * RACF, ACF2, or TSS -//* 12345678 -// SET ZOWEUSER=ZWESVUSR * userid for Zowe started task -//* 12345678 -//* -//* * Keyring for the Zowe userid -// SET ZOWERING='ZoweKeyring' -//* * Zowe's certificate label -// SET LABEL='localhost' -//* * Zowe's local CA name -// SET LOCALCA='localca' -//* -//* ACF2 ONLY - - - - - - - - - - - - - - - - - -//* 12345678 -// SET STCGRP= * group for Zowe started tasks -//* 12345678 -//* -//* end ACF2 ONLY - - - - - - - - - - - - - - - - -//* -//********************************************************************* -//* -//* EXECUTE COMMANDS FOR SELECTED SECURITY PRODUCT -//* -//RUN EXEC PGM=IKJEFT01,REGION=0M -//SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT -//* -//********************************************************************* -//* -//* RACF ONLY, customize to meet your system requirements -//* -//RACF DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Remove permit to use SITE owned certificate's private key */ - PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) DELETE ID(&ZOWEUSER.) - -/* Remove permit to read keyring ................................... */ - PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) DELETE ID(&ZOWEUSER.) - - SETROPTS RACLIST(FACILITY) REFRESH - -/* Remove keyring profile defined on RDATALIB class ................ */ - RLIST RDATALIB &ZOWEUSER..&ZOWERING..LST ALL - PERMIT &ZOWEUSER..&ZOWERING..LST CLASS(RDATALIB) DELETE + - ID(&ZOWEUSER.) - RDELETE RDATALIB &ZOWEUSER..&ZOWERING..LST - -/* Refresh to dynamically activate the changes. .................... */ - SETROPTS RACLIST(RDATALIB) REFRESH - -/* Delete LABEL certificate ........................................*/ - RACDCERT DELETE(LABEL('&LABEL.')) ID(&ZOWEUSER.) - -/* Delete LOCALCA certificate ......................................*/ - RACDCERT DELETE(LABEL('&LOCALCA.')) CERTAUTH - -/* Delete keyring ...................................................*/ - RACDCERT DELRING(&ZOWERING.) ID(&ZOWEUSER.) - - SETROPTS RACLIST(DIGTCERT, DIGTRING) REFRESH - -/* ................................................................. */ -/* only the last RC is returned, this command ensures it is a 0 */ -PROFILE -$$ -//* -//********************************************************************* -//* -//* ACF2 ONLY, customize to meet your system requirements -//* -//ACF2 DD DATA,DLM=$$,SYMBOLS=JCLONLY -ACF - -* Remove permit to use SITE owned certificate's private key - SET RESOURCE(FAC) - RECKEY IRR DEL(DIGTCERT.GENCERT ROLE(&STCGRP) + - SERVICE(CONTROL) ALLOW) - -* Remove permit to read keyring ....................................*/ - RECKEY IRR DEL(DIGTCERT.LISTRING ROLE(&STCGRP) + - SERVICE(READ) ALLOW) - - F ACF2,REBUILD(FAC) - -* Delete LABEL certificate ........................................*/ - DELETE &ZOWEUSER..ZOWECERT - -* Delete LOCALCA certificate ......................................*/ - DELETE CERTAUTH.ZOWECA - -* Delete keyring ...................................................*/ - SET PROFILE(USER) DIVISION(KEYRING) - DELETE &ZOWEUSER..ZOWERING - - F ACF2,REBUILD(USR),CLASS(P),DIVISION(KEYRING) - -END -$$ -//* -//********************************************************************* -//* -//* Top Secret ONLY, customize to meet your system requirements -//* -//TSS DD DATA,DLM=$$,SYMBOLS=JCLONLY - -/* Remove permit to use SITE owned certificate's private key */ - TSS REVOKE(&ZOWEUSER.) IBMFAC(IRR.DIGTCERT.GENCERT) ACCESS(CONTROL) - -/* Remove permit to read keyring ................................... */ - TSS REVOKE(&ZOWEUSER.) IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ) - -/* Delete LABEL certificate ........................................*/ - TSS REM(&ZOWEUSER.) DIGICERT(ZOWECERT) - -/* Delete LOCALCA certificate ......................................*/ - TSS REM(CERTAUTH) DIGICERT(ZOWECA) - -/* Delete keyring ...................................................*/ - TSS REM(&ZOWEUSER.) KEYRING(ZOWERING) - -/* ................................................................. */ -/* only the last RC is returned, this command ensures it is a 0 */ -PROFILE -$$ -//* - diff --git a/files/SZWESAMP/ZWENOSEC b/files/SZWESAMP/ZWENOSEC index ed23a934cc..623b1e166e 100644 --- a/files/SZWESAMP/ZWENOSEC +++ b/files/SZWESAMP/ZWENOSEC @@ -22,37 +22,7 @@ //* 1) Add job name and job parameters to the JOB statement, to //* meet your system requirements. //* -//* 2) Update the SET PRODUCT= statement to match your security -//* product. -//* -//* 3) Update the SET ADMINGRP= statement to match the desired -//* group name for Zowe administrators. -//* -//* 4) Update the SET STCGRP= statement to match the desired -//* group name for started tasks. -//* -//* 5) Update the SET ZOWEUSER= statement to match the desired -//* user ID for the ZOWE started task. -//* -//* 6) Update the SET ZISUSER= statement to match the desired -//* user ID for the ZIS started task. -//* -//* 7) Update the SET ZOWESTC= statement to match the desired -//* Zowe started task name. -//* -//* 8) Update the SET ZISSTC= statement to match the desired -//* ZIS started task name. -//* -//* 9) Update the SET AUXSTC= statement to match the desired -//* ZIS Auxiliary Server started task name. -//* -//* 10) Update the SET HLQ= statement to match the desired -//* Zowe data set high level qualifier. -//* -//* 11) Update the SET SYSPROG= statement to match the existing -//* user ID or group used by z/OS system programmers. -//* -//* 12) Customize the commands in the DD statement that matches your +//* 2) Customize the commands in the DD statement that matches your //* security product so that they meet your system requirements. //* //* Note(s): @@ -69,19 +39,6 @@ //********************************************************************* // EXPORT SYMLIST=* //* -// SET PRODUCT=RACF * RACF, ACF2, or TSS -//* 12345678 -// SET ADMINGRP=ZWEADMIN * group for Zowe administrators -// SET STCGRP=&ADMINGRP. * group for Zowe started tasks -// SET ZOWEUSER=ZWESVUSR * userid for Zowe started task -// SET ZISUSER=ZWESIUSR * userid for ZIS started task -// SET ZOWESTC=ZWESVSTC * Zowe started task name -// SET ZISSTC=ZWESISTC * ZIS started task name -// SET AUXSTC=ZWESASTC * ZIS AUX started task name -// SET HLQ=ZWE * data set high level qualifier -// SET SYSPROG=&ADMINGRP. * system programmer user ID/group -//* 12345678 -//* //* Top Secret ONLY - - - - - - - - - - - - - - - - - //* 12345678 // SET ADMINDEP=SYSPDEPT * department owning admin group @@ -96,7 +53,7 @@ //* //RUN EXEC PGM=IKJEFT01,REGION=0M //SYSTSPRT DD SYSOUT=* -//SYSTSIN DD DDNAME=&PRODUCT +//SYSTSIN DD DDNAME={zowe.setup.security.product} //* //********************************************************************* //* @@ -112,13 +69,14 @@ /* EGN is not active on your system. */ /* remove general data set protection */ - LISTDSD PREFIX(&HLQ.) ALL - PERMIT '&HLQ..*.**' CLASS(DATASET) DELETE ID(&SYSPROG.) - DELDSD '&HLQ..*.**' + LISTDSD PREFIX({zowe.setup.datasets.prefix}) ALL + PERMIT '{zowe.setup.datasets.prefix}.*.**' CLASS(DATASET) + + DELETE ID({zowe.setup.security.groups.sysProg}) + DELDSD '{zowe.setup.datasets.prefix}.*.**' /* remove HLQ stub */ - LISTGRP &HLQ. - DELGROUP &HLQ. + LISTGRP {zowe.setup.datasets.prefix}. + DELGROUP {zowe.setup.datasets.prefix}. SETROPTS GENERIC(DATASET) REFRESH @@ -126,33 +84,42 @@ /* remove permit to use ZIS */ RLIST FACILITY ZWES.IS ALL - PERMIT ZWES.IS CLASS(FACILITY) DELETE ID(&ZOWEUSER.) + PERMIT ZWES.IS CLASS(FACILITY) + + DELETE ID({zowe.setup.security.users.zowe}) /* remove permit to create a user's security environment */ RLIST FACILITY BPX.DAEMON ALL - PERMIT BPX.DAEMON CLASS(FACILITY) DELETE ID(&ZOWEUSER.) + PERMIT BPX.DAEMON CLASS(FACILITY) DELETE + + ID({zowe.setup.security.users.zowe}) RLIST FACILITY BPX.SERVER ALL - PERMIT BPX.SERVER CLASS(FACILITY) DELETE ID(&ZOWEUSER.) + PERMIT BPX.SERVER CLASS(FACILITY) DELETE + + ID({zowe.setup.security.users.zowe}) - PERMIT OMVSAPPL CLASS(APPL) DELETE ID(&ZOWEUSER.) + PERMIT OMVSAPPL CLASS(APPL) DELETE + + ID({zowe.setup.security.users.zowe}) /* remove permit to set jobname */ RLIST FACILITY BPX.JOBNAME ALL - PERMIT BPX.JOBNAME CLASS(FACILITY) DELETE ID(&ZOWEUSER.) + PERMIT BPX.JOBNAME CLASS(FACILITY) DELETE + + ID({zowe.setup.security.users.zowe}) /* remove permit to write persistent data */ RLIST UNIXPRIV SUPERUSER.FILESYS ALL - PERMIT SUPERUSER.FILESYS CLASS(UNIXPRIV) DELETE ID(&ZOWEUSER.) + PERMIT SUPERUSER.FILESYS CLASS(UNIXPRIV) DELETE + + ID({zowe.setup.security.users.zowe}) /* remove permit to use client certificate mapping service */ - PERMIT IRR.RUSERMAP CLASS(FACILITY) DELETE ID(&ZOWEUSER.) + PERMIT IRR.RUSERMAP CLASS(FACILITY) DELETE + + ID({zowe.setup.security.users.zowe}) /* remove permit to use distributed identity mapping service */ - PERMIT IRR.IDIDMAP.QUERY CLASS(FACILITY) DELETE ID(&ZOWEUSER.) + PERMIT IRR.IDIDMAP.QUERY CLASS(FACILITY) DELETE + + ID({zowe.setup.security.users.zowe}) /* remove permit Zowe main server to cut SMF records */ - PERMIT IRR.RAUDITX CLASS(FACILITY) DELETE ID(&ZOWEUSER.) + PERMIT IRR.RAUDITX CLASS(FACILITY) DELETE + + ID({zowe.setup.security.users.zowe}) SETROPTS RACLIST(FACILITY) REFRESH SETROPTS RACLIST(UNIXPRIV) REFRESH @@ -161,46 +128,50 @@ /* remove permit to use ZIS */ RLIST FACILITY ZWES.IS ALL - PERMIT ZWES.IS CLASS(FACILITY) DELETE ID(&ZISUSER.) + PERMIT ZWES.IS CLASS(FACILITY) DELETE + + ID({zowe.setup.security.users.zis}) /* REMOVE STARTED TASKS ............................................ */ /* remove userid for ZOWE main server */ - LISTUSER &ZOWEUSER. OMVS - DELUSER &ZOWEUSER. + LISTUSER {zowe.setup.security.users.zowe}. OMVS + DELUSER {zowe.setup.security.users.zowe}. /* remove userid for ZIS */ - LISTUSER &ZISUSER. OMVS - DELUSER &ZISUSER. + LISTUSER {zowe.setup.security.users.zis}. OMVS + DELUSER {zowe.setup.security.users.zis}. -/* comment out if &STCGRP matches &ADMINGRP (default), expect */ +/* comment out if {zowe.setup.security.groups.stc} matches */ +/* {zowe.setup.security.groups.admin} (default), expect */ /* warning messages otherwise */ /* remove group for started tasks */ - LISTGRP &STCGRP. OMVS - DELGROUP &STCGRP. + LISTGRP {zowe.setup.security.groups.stc}. OMVS + DELGROUP {zowe.setup.security.groups.stc}. /* remove started task for ZOWE main server */ - RLIST STARTED &ZOWESTC..* ALL STDATA - RDELETE STARTED &ZOWESTC..* + RLIST STARTED {zowe.setup.security.stcs.zowe}.* ALL STDATA + RDELETE STARTED {zowe.setup.security.stcs.zowe}.* /* remove started task for ZIS */ - RLIST STARTED &ZISSTC..* ALL STDATA - RDELETE STARTED &ZISSTC..* + RLIST STARTED {zowe.setup.security.stcs.zis}.* ALL STDATA + RDELETE STARTED {zowe.setup.security.stcs.zis}.* /* remove started task for ZIS Auxiliary server */ - RLIST STARTED &AUXSTC..* ALL STDATA - RDELETE STARTED &AUXSTC..* + RLIST STARTED {zowe.setup.security.stcs.aux}.* ALL STDATA + RDELETE STARTED {zowe.setup.security.stcs.aux}.* SETROPTS RACLIST(STARTED) REFRESH /* REMOVE ADMINISTRATORS ........................................... */ -/* uncomment to remove user IDs from the &ADMINGRP group */ -/* REMOVE (userid,userid,...) GROUP(&ADMINGRP.) */ +/* uncomment to remove user IDs from */ +/* the {zowe.setup.security.groups.admin} group */ +/* REMOVE (userid,userid,...) */ +/* GROUP({zowe.setup.security.groups.admin}) */ /* remove group for administrators */ - LISTGRP &ADMINGRP. OMVS - DELGROUP &ADMINGRP. + LISTGRP {zowe.setup.security.groups.admin}. OMVS + DELGROUP {zowe.setup.security.groups.admin}. /* REMOVE ZOWE RESOURCE CLASS ...................................... */ /* uncomment commands to below if the ZOWE class has been created */ @@ -230,30 +201,30 @@ ACF * group for administrators * SET PROFILE(GROUP) DIV(OMVS) -DELETE &ADMINGRP. +DELETE {zowe.setup.security.groups.admin}. F ACF2,REBUILD(GRP),CLASS(P) * * SET LID SET PROFILE(USER) DIV(OMVS) -DELETE &ZOWEUSER. +DELETE {zowe.setup.security.users.zowe}. F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) * SET LID SET PROFILE(USER) DIV(OMVS) -DELETE &ZISUSER. +DELETE {zowe.setup.security.users.zis}. F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS) * * remove userid for ZOWE main server (ZISSTC,AUXSTC have same user id) SET LID -LIST &ZOWEUSER -DELETE &ZOWEUSER. +LIST {zowe.setup.security.users.zowe} +DELETE {zowe.setup.security.users.zowe}. * * * remove userid for ZIS */ SET LID -LIST &ZISUSER -DELETE &ZISUSER. +LIST {zowe.setup.security.users.zis} +DELETE {zowe.setup.security.users.zis}. * * ***** @@ -262,35 +233,40 @@ DELETE &ZISUSER. * SET CONTROL(GSO) LIST LIKE(STC.Z-) -DELETE STC.&ZOWESTC. +DELETE STC.{zowe.setup.security.stcs.zowe}. F ACF2,REFRESH(STC) * * started task for ZIS * SET CONTROL(GSO) -DELETE STC.&ZISSTC. +DELETE STC.{zowe.setup.security.stcs.zis}. F ACF2,REFRESH(STC) * * started task for ZIS Auxiliary server * SET CONTROL(GSO) -DELETE STC.&AUXSTC. +DELETE STC.{zowe.setup.security.stcs.aux}. F ACF2,REFRESH(STC) * * Revoke access to ZIS SET RESOURCE(FAC) -RECKEY ZWES DEL(IS ROLE(&STCGRP.) SERVICE(READ) ALLOW) +RECKEY ZWES DEL(IS ROLE({zowe.setup.security.groups.stc}) + + SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * * Remove Zowe main server * SET RESOURCE(FAC) -RECKEY BPX DEL(DAEMON ROLE(&STCGRP.) SERVICE(UPDATE) ALLOW) -RECKEY BPX DEL(SERVER ROLE(&STCGRP.) SERVICE(UPDATE) ALLOW) -RECKEY BPX DEL(JOBNAME ROLE(&STCGRP.) SERVICE(READ) ALLOW) +RECKEY BPX DEL(DAEMON ROLE({zowe.setup.security.groups.stc}) + + SERVICE(UPDATE) ALLOW) +RECKEY BPX DEL(SERVER ROLE({zowe.setup.security.groups.stc}) + + SERVICE(UPDATE) ALLOW) +RECKEY BPX DEL(JOBNAME ROLE({zowe.setup.security.groups.stc}) + + SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) SET RESOURCE(APL) -RECKEY OMVSAPPL DEL(SERVICE(READ) ROLE(&STCGRP.) ALLOW) +RECKEY OMVSAPPL DEL(SERVICE(READ) + + ROLE({zowe.setup.security.groups.stc}) ALLOW) F ACF2,REBUILD(APL) * Remove UNI * @@ -303,24 +279,27 @@ F ACF2,REBUILD(UNI) * Remove STCGRP role permission to use client certificate mapping * service SET RESOURCE(FAC) -RECKEY IRR DEL(RUSERMAP ROLE(&STCGRP.) SERVICE(READ) ALLOW) +RECKEY IRR DEL(RUSERMAP ROLE({zowe.setup.security.groups.stc}) + + SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * Remove STCGRP role permission to use distributed certificate mapping * service SET RESOURCE(FAC) -RECKEY IRR DEL(IDIDMAP.QUERY ROLE(&STCGRP.) SERVICE(READ) ALLOW) +RECKEY IRR DEL(IDIDMAP.QUERY + + ROLE({zowe.setup.security.groups.stc}) SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * Remove STCGRP role permission to cut SMF records SET RESOURCE(FAC) -RECKEY IRR DEL(RAUDITX ROLE(&STCGRP.) SERVICE(READ) ALLOW) +RECKEY IRR DEL(RAUDITX ROLE({zowe.setup.security.groups.stc}) + + SERVICE(READ) ALLOW) F ACF2,REBUILD(FAC) * Remove data set protection SET RULE -LIST &HLQ. -DELETE &HLQ. +LIST {zowe.setup.datasets.prefix}. +DELETE {zowe.setup.datasets.prefix}. * * Remove ZOWE resource class @@ -344,88 +323,94 @@ $$ /* REMOVE ZOWE DATA SET PROTECTION ................................. */ /* removE general data set protection */ -TSS WHOHAS DATASET(&HLQ) -TSS REVOKE(ALL) DATASET(&HLQ..) -TSS REVOKE(&SYSPROG) DATASET(&HLQ..) -TSS REMOVE(&ADMINDEP) DATASET(&HLQ..) +TSS WHOHAS DATASET({zowe.setup.datasets.prefix}) +TSS REVOKE(ALL) DATASET({zowe.setup.datasets.prefix}) +TSS REVOKE({zowe.setup.security.groups.sysProg}) + + DATASET({zowe.setup.datasets.prefix}) +TSS REMOVE(&ADMINDEP) DATASET({zowe.setup.datasets.prefix}) /* REMOVE ZOWE SERVER PERMISIONS ................................... */ /* remove permit to use ZIS */ TSS WHOHAS IBMFAC(ZWES.IS) -TSS REVOKE(&ZOWEUSER) IBMFAC(ZWES.IS) +TSS REVOKE({zowe.setup.security.users.zowe}) IBMFAC(ZWES.IS) /* remove permit to create a user's security environment */ TSS WHOHAS IBMFAC(BPX.DAEMON) -TSS REVOKE(&ZOWEUSER) IBMFAC(BPX.DAEMON) +TSS REVOKE({zowe.setup.security.users.zowe}) IBMFAC(BPX.DAEMON) TSS WHOHAS IBMFAC(BPX.SERVER) -TSS REVOKE(&ZOWEUSER) IBMFAC(BPX.SERVER) +TSS REVOKE({zowe.setup.security.users.zowe}) IBMFAC(BPX.SERVER) TSS WHOHAS APPL(OMVSAPPL) -TSS REVOKE(&ZOWEUSER) APPL(OMVSAPPL) +TSS REVOKE({zowe.setup.security.users.zowe}) APPL(OMVSAPPL) /* remove permit to set jobname */ TSS WHOHAS IBMFAC(BPX.JOBNAME) -TSS REVOKE(&ZOWEUSER) IBMFAC(BPX.JOBNAME) +TSS REVOKE({zowe.setup.security.users.zowe}) IBMFAC(BPX.JOBNAME) /* remove permit to write persistent data */ TSS WHOHAS UNIXPRIV(SUPERUSER.FILESYS) -TSS REVOKE(&ZOWEUSER) UNIXPRIV(SUPERUSER.FILESYS) +TSS REVOKE({zowe.setup.security.users.zowe}) + + UNIXPRIV(SUPERUSER.FILESYS) /* remove permit Zowe main server to use client certificate mapping */ /* service */ TSS WHOHAS IBMFAC(IRR.RUSERMAP) -TSS REVOKE(&ZOWEUSER.) IBMFAC(IRR.RUSERMAP) +TSS REVOKE({zowe.setup.security.users.zowe}) IBMFAC(IRR.RUSERMAP) /* remove permit Zowe main server to use distributed identity */ /* mapping service */ TSS WHOHAS IBMFAC(IRR.IDIDMAP.QUERY) -TSS REVOKE(&ZOWEUSER.) IBMFAC(IRR.IDIDMAP.QUERY) +TSS REVOKE({zowe.setup.security.users.zowe}) + + IBMFAC(IRR.IDIDMAP.QUERY) /* remove permit Zowe main server to cut SMF records */ TSS WHOHAS IBMFAC(IRR.RAUDITX) -TSS REVOKE(&ZOWEUSER.) IBMFAC(IRR.RAUDITX) +TSS REVOKE({zowe.setup.security.users.zowe}) IBMFAC(IRR.RAUDITX) /* REMOVE AUX SERVER PERMISIONS .................................... */ /* remove permit to use ZIS */ TSS WHOHAS IBMFAC(ZWES.IS) -TSS REVOKE(&ZISUSER) IBMFAC(ZWES.IS) +TSS REVOKE({zowe.setup.security.users.zis}) IBMFAC(ZWES.IS) /* REMOVE STARTED TASKS ............................................ */ /* remove userid for ZOWE main server */ -TSS LIST(&ZOWEUSER) -TSS DELETE(&ZOWEUSER) +TSS LIST({zowe.setup.security.users.zowe}) +TSS DELETE({zowe.setup.security.users.zowe}) /* remove userid for ZIS */ -TSS LIST(&ZISUSER) -TSS DELETE(&ZISUSER) +TSS LIST({zowe.setup.security.users.zis}) +TSS DELETE({zowe.setup.security.users.zis}) -/* comment out if &STCGRP matches &ADMINGRP (default), expect */ +/* comment out if {zowe.setup.security.groups.stc} matches */ +/* {zowe.setup.security.groups.admin} (default), expect */ /* warning messages otherwise */ /* remove group for started tasks */ -TSS LIST(&STCGRP) -TSS DELETE(&STCGRP) +TSS LIST({zowe.setup.security.groups.stc}) +TSS DELETE({zowe.setup.security.groups.stc}) /* remove started task for ZOWE main server */ TSS LIST(STC) -TSS REMOVE(STC) PROCNAME(&ZOWESTC) +TSS REMOVE(STC) PROCNAME({zowe.setup.security.stcs.zowe}) /* remove started task for ZIS */ TSS LIST(STC) -TSS REMOVE(STC) PROCNAME(&ZISSTC) +TSS REMOVE(STC) PROCNAME({zowe.setup.security.stcs.zis}) /* remove started task for ZIS Auxiliary server */ TSS LIST(STC) -TSS REMOVE(STC) PROCNAME(&AUXSTC) +TSS REMOVE(STC) PROCNAME({zowe.setup.security.stcs.aux}) /* REMOVE ADMINISTRATORS ........................................... */ -/* uncomment to remove user IDs from the &ADMINGRP group */ -/* TSS REMOVE (userid) GROUP(&ADMINGRP.) */ +/* uncomment to remove user IDs from */ +/* the {zowe.setup.security.groups.admin} group */ +/* TSS REMOVE (userid) + */ +/* GROUP({zowe.setup.security.groups.admin}) */ /* remove group for administrators */ -TSS LIST(&ADMINGRP) -TSS DELETE(&ADMINGRP) +TSS LIST({zowe.setup.security.groups.admin}) +TSS DELETE({zowe.setup.security.groups.admin}) /* REMOVE ZOWE RESOURCE CLASS ...................................... */ /* uncomment commands to below if the ZOWE class has been created */ diff --git a/manifest.json.template b/manifest.json.template index be11c98858..409aaf4c0e 100644 --- a/manifest.json.template +++ b/manifest.json.template @@ -40,7 +40,7 @@ "artifact": "*.pax" }, "org.zowe.zss": { - "version": "^2.0.0-STAGING", + "version": "^2.18.0-PR-683", "artifact": "*.pax" }, "org.zowe.explorer.jobs.jobs-api-package": { diff --git a/playbooks/roles/configfmid/tasks/main.yml b/playbooks/roles/configfmid/tasks/main.yml index 7b2ad2c6c5..2c7dca58e7 100644 --- a/playbooks/roles/configfmid/tasks/main.yml +++ b/playbooks/roles/configfmid/tasks/main.yml @@ -224,6 +224,7 @@ "zowe.setup.vsam.volume": "{{ zowe_caching_vsam_volume }}" "zowe.setup.vsam.storageClass": "{{ zowe_caching_vsam_storage_class }}" "components.caching-service.storage.mode": "{{ zowe_caching_service_persistent }}" + "zowe.setup.vsam.name": "{{ zowe_dataset_prefix }}.{{ zowe_caching_service_vsam_dsprefix }}{{ zowe_instance_id }}" "components.caching-service.storage.vsam.name": "{{ zowe_dataset_prefix }}.{{ zowe_caching_service_vsam_dsprefix }}{{ zowe_instance_id }}" - name: Update zowe.yaml zowe.setup.vsam.mode to NONRLS diff --git a/playbooks/roles/configure/defaults/main.yml b/playbooks/roles/configure/defaults/main.yml index 24ff9b6446..085bfb42c5 100644 --- a/playbooks/roles/configure/defaults/main.yml +++ b/playbooks/roles/configure/defaults/main.yml @@ -102,11 +102,21 @@ zowe_external_certficate_alias: zowe_external_certficate_authorities: zowe_keystore_dir: ~/.zowe/keystore zowe_keystore_password: password +zowe_keystore_ca_password: ca-password +zowe_keystore_alias: localhost +zowe_keystore_ca_label: localca +zowe_keystore_cert_dname_ca_common_name: Zowe Development Instances CA +zowe_keystore_cert_dname_common_name: Zowe Development Instances Certificate +zowe_keystore_cert_dname_org_unit: API Mediation Layer +zowe_keystore_cert_dname_org: Zowe Sample +zowe_keystore_cert_dname_locality: Prague +zowe_keystore_cert_dname_state: Prague +zowe_keystore_cert_dname_country: CZ +zowe_keystore_cert_validity: 3650 zowe_keyring_alias: ZoweKeyring zowe_keyring_certname: ZoweCert zowe_keyring_external_intermediate_ca: zowe_keyring_external_root_ca: brcmso -zowe_keystore_alias: localhost zowe_jcllib: zowe_proclib_dsname: auto zowe_proclib_membername: ZWESLSTC diff --git a/playbooks/roles/configure/tasks/main.yml b/playbooks/roles/configure/tasks/main.yml index 0cc6b1f017..173fbf4d4d 100644 --- a/playbooks/roles/configure/tasks/main.yml +++ b/playbooks/roles/configure/tasks/main.yml @@ -95,7 +95,8 @@ "zowe.setup.dataset.proclib": "{{ zowe_proclib_dsname }}" "zowe.setup.dataset.parmlib": "{{ zowe_xmem_parmlib }}" "zowe.setup.dataset.jcllib": "{{ zowe_jcllib }}" - "zowe.setup.dataset.authLoadlib": "{{ zowe_xmem_loadlib }}" + "zowe.setup.dataset.loadlib": "{{ zowe_dataset_prefix }}.SZWELOAD" + "zowe.setup.dataset.authLoadlib": "{{ zowe_dataset_prefix }}.SZWEAUTH" "zowe.setup.dataset.authPluginLib": "{{ zowe_xmem_pluginlib }}" "zowe.useConfigmgr": "{{ zowe_use_config_manager|lower }}" @@ -168,6 +169,22 @@ "zowe.setup.certificate.keyring.name": "{{ zowe_keyring_alias }}" "zowe.setup.certificate.keyring.label": "{{ zowe_keyring_certname }}" "zowe.setup.certificate.importCertificateAuthorities.0": "{{ zowe_external_certficate_authorities }},{{ zowe_keyring_external_intermediate_ca }},{{ zowe_keyring_external_root_ca }}" + - name: Update keyring setup when generating certificates + when: zowe_external_certficate == '' or zowe_external_certificate is undefined + import_role: + name: zos + tasks_from: update_zowe_yaml + vars: + configs: + "zowe.setup.certificate.keyring.caLabel": "{{ zowe_keystore_ca_label }}" + "zowe.setup.certificate.dname.caCommonName": "{{ zowe_keystore_cert_dname_ca_common_name }}" + "zowe.setup.certificate.dname.commonName": "{{ zowe_keystore_cert_dname_common_name }}" + "zowe.setup.certificate.dname.orgUnit": "{{ zowe_keystore_cert_dname_org_unit }}" + "zowe.setup.certificate.dname.org": "{{ zowe_keystore_cert_dname_org }}" + "zowe.setup.certificate.dname.locality": "{{ zowe_keystore_cert_dname_locality }}" + "zowe.setup.certificate.dname.state": "{{ zowe_keystore_cert_dname_state }}" + "zowe.setup.certificate.dname.country": "{{ zowe_keystore_cert_dname_country }}" + "zowe.setup.certificate.validity": "{{ zowe_keystore_cert_validity }}" - name: Update keyring setup when connecting to external certificate when: zowe_external_certficate is not none and zowe_external_certficate != '' import_role: @@ -175,11 +192,10 @@ tasks_from: update_zowe_yaml vars: configs: - # FIXME: import or connect? "zowe.setup.certificate.keyring.connect.user": "{{ zowe_external_certficate }}" "zowe.setup.certificate.keyring.connect.label": "{{ zowe_external_certficate_alias }}" - "zowe.setup.certificate.keyring.import.dsName": "{{ zowe_external_certficate }}" - "zowe.setup.certificate.keyring.import.password": "{{ zowe_external_certficate_alias }}" + # FIXME: Zowe has ignored "import" when "connect" exists. + # TODO: Write a test for "import" separately. - name: Update keyring setup to help import z/OSMF CA import_role: name: zos @@ -337,7 +353,7 @@ - name: Set zwe_init_params variables set_fact: # --allow-overwrite is needed to overwrite anything left by FMID install - zwe_init_params: "--update-config -l \"{{ zowe_install_logs_dir }}\" --allow-overwrite" + zwe_init_params: "--update-config -l \"{{ zowe_install_logs_dir }}\" --allow-overwrite --config {{ zowe_instance_dir }}/zowe.yaml" - name: Set --security-dry-run or not set_fact: @@ -350,9 +366,44 @@ when: zowe_configure_ignore_security_failures # ============================================================================ -- name: Init Zowe +- name: Init Zowe mvs + import_role: + name: zos + tasks_from: run_zwe + vars: + parameters: "init mvs {{ zwe_init_params }}" + +- name: Init Zowe vsam + import_role: + name: zos + tasks_from: run_zwe + vars: + parameters: "init vsam {{ zwe_init_params }}" + +- name: Init Zowe security + import_role: + name: zos + tasks_from: run_zwe + vars: + parameters: "init security {{ zwe_init_params }}" + +- name: Init Zowe apfauth + import_role: + name: zos + tasks_from: run_zwe + vars: + parameters: "init apfauth {{ zwe_init_params }}" + +- name: Init Zowe certificate + import_role: + name: zos + tasks_from: run_zwe + vars: + parameters: "init certificate {{ zwe_init_params }}" + +- name: Init Zowe stc import_role: name: zos tasks_from: run_zwe vars: - parameters: "init {{ zwe_init_params }}" + parameters: "init stc {{ zwe_init_params }}" diff --git a/playbooks/roles/configure/tasks/show_logs.yml b/playbooks/roles/configure/tasks/show_logs.yml index c6c266738c..dc2cf554b3 100644 --- a/playbooks/roles/configure/tasks/show_logs.yml +++ b/playbooks/roles/configure/tasks/show_logs.yml @@ -37,9 +37,24 @@ vars: show_jobs_name: "{{ job_name_to_show }}" loop: - - ZWESECUR - - ZWEKRING - - ZWENOKYR + - ZWEGENER + - ZWEIMVS + - ZWEIAPF2 + - ZWEIACF + - ZWEIRAC + - ZWEITSS + - ZWEIKRR1 + - ZWEIKRR2 + - ZWEIKRR3 + - ZWEIKRA1 + - ZWEIKRA2 + - ZWEIKRA3 + - ZWEIKRT1 + - ZWEIKRT2 + - ZWEIKRT3 + - ZWENOKRR + - ZWENOKRT + - ZWENOKRA - ZWECSVSM loop_control: loop_var: job_name_to_show diff --git a/playbooks/roles/zowe/tasks/purge_job_outputs.yml b/playbooks/roles/zowe/tasks/purge_job_outputs.yml index f8ebf58894..7bd234a937 100644 --- a/playbooks/roles/zowe/tasks/purge_job_outputs.yml +++ b/playbooks/roles/zowe/tasks/purge_job_outputs.yml @@ -45,8 +45,20 @@ vars: purge_jobs_name: "{{ job_name_to_purge }}" loop: - - ZWESECUR - - ZWEKRING - - ZWENOKYR + - ZWEIACF2 + - ZWEIRACF + - ZWEITSS + - ZWEIKRR1 + - ZWEIKRR2 + - ZWEIKRR3 + - ZWEIKRA1 + - ZWEIKRA2 + - ZWEIKRA3 + - ZWEIKRT1 + - ZWEIKRT2 + - ZWEIKRT3 + - ZWENOKRR + - ZWENOKRT + - ZWENOKRA loop_control: loop_var: job_name_to_purge diff --git a/schemas/server-common.json b/schemas/server-common.json index ac30250d03..d2468e9fbc 100644 --- a/schemas/server-common.json +++ b/schemas/server-common.json @@ -24,6 +24,14 @@ "minLength": 3, "maxLength": 44 }, + "datasetPrefix": { + "$anchor": "zoweDatasetPrefix", + "type": "string", + "description": "A 35-char all caps dotted ZOS name (space for '.SZWEnnnn')", + "pattern": "^([A-Z\\$\\#\\@]){1}([A-Z0-9\\$\\#\\@\\-]){0,7}(\\.([A-Z\\$\\#\\@]){1}([A-Z0-9\\$\\#\\@\\-]){0,7}){0,11}$", + "minLength": 3, + "maxLength": 35 + }, "datasetVsam": { "$anchor": "zoweDatasetVsam", "type": "string", @@ -40,6 +48,12 @@ "minLength": 1, "maxLength": 8 }, + "zisParmlibMember": { + "$anchor": "zisParmlibMember", + "type": "string", + "description": "ZIS parmlib member name in format ZWESIPnn, where nn is suffix", + "pattern": "^ZWESIP[A-Z0-9\\$\\#\\@]{2}$" + }, "jobname": { "$anchor": "zoweJobname", "type": "string", @@ -61,6 +75,12 @@ "minLength": 1, "maxLength": 32 }, + "path": { + "$anchor": "zoweOptionalPath", + "type": "string", + "minLength": 0, + "maxLength": 1024 + }, "path": { "$anchor": "zowePath", "type": "string", diff --git a/schemas/zowe-yaml-schema.json b/schemas/zowe-yaml-schema.json index deadae3492..c9390f9c01 100644 --- a/schemas/zowe-yaml-schema.json +++ b/schemas/zowe-yaml-schema.json @@ -21,15 +21,15 @@ "description": "MVS data set related configurations", "properties": { "prefix": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDatasetPrefix", "description": "Where Zowe MVS data sets will be installed" }, "proclib": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDataset", "description": "PROCLIB where Zowe STCs will be copied over" }, "parmlib": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDataset", "description": "Zowe PARMLIB" }, "parmlibMembers": { @@ -38,27 +38,27 @@ "description": "Holds Zowe PARMLIB members for plugins", "properties": { "zis": { - "$ref": "/schemas/v2/server-common#zoweDatasetMember", + "$ref": "/schemas/v2/server-common#zisParmlibMember", "description": "PARMLIB member used by ZIS" } } }, "jcllib": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDataset", "description": "JCL library where Zowe will store temporary JCLs during initialization" }, "loadlib": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDataset", "description": "States the dataset where Zowe executable utilities are located", "default": ".SZWELOAD" }, "authLoadlib": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDataset", "description": "The dataset that contains any Zowe core code that needs to run APF-authorized, such as ZIS", "default": ".SZWEAUTH" }, "authPluginLib": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDataset", "description": "APF authorized LOADLIB for Zowe ZIS Plugins" } } @@ -142,17 +142,17 @@ "description": "STC names", "properties": { "zowe": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDatasetMember", "description": "STC name of main service", "default": "ZWESLSTC" }, "zis": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDatasetMember", "description": "STC name of ZIS", "default": "ZWESISTC" }, "aux": { - "type": "string", + "$ref": "/schemas/v2/server-common#zoweDatasetMember", "description": "STC name of Auxiliary Service", "default": "ZWESASTC" } @@ -173,7 +173,7 @@ "description": "PKCS#12 keystore settings", "properties": { "directory": { - "$ref": "/schemas/v2/server-common#zowePath", + "type": [ "string", "null" ], "description": "Keystore directory" }, "name": { @@ -197,7 +197,7 @@ "default": "local_ca_password" }, "lock": { - "type": "boolean", + "type": [ "boolean", "null" ], "description": "Whether to restrict the permissions of the keystore after creation" }, "import": { @@ -358,31 +358,31 @@ "description": "Certificate distinguish name", "properties": { "caCommonName": { - "type": "string", + "type": [ "string", "null" ], "description": "Common name of certificate authority generated by Zowe." }, "commonName": { - "type": "string", + "type": [ "string", "null" ], "description": "Common name of certificate generated by Zowe." }, "orgUnit": { - "type": "string", + "type": [ "string", "null" ], "description": "Organization unit of certificate generated by Zowe." }, "org": { - "type": "string", + "type": [ "string", "null" ], "description": "Organization of certificate generated by Zowe." }, "locality": { - "type": "string", + "type": [ "string", "null" ], "description": "Locality of certificate generated by Zowe. This is usually the city name." }, "state": { - "type": "string", + "type": [ "string", "null" ], "description": "State of certificate generated by Zowe. You can also put province name here." }, "country": { - "type": "string", + "type": [ "string", "null" ], "description": "2 letters country code of certificate generated by Zowe." } } @@ -608,8 +608,8 @@ "type": "object", "properties": { "home": { - "$ref": "/schemas/v2/server-common#zowePath", - "description": "Path to Java home directory." + "$ref": "/schemas/v2/server-common#zoweOptionalPath", + "description": "Path to Java home directory. If java is at '/java/home/bin/java', than this would be '/java/home'" } } }, @@ -617,8 +617,8 @@ "type": "object", "properties": { "home": { - "$ref": "/schemas/v2/server-common#zowePath", - "description": "Path to node.js home directory." + "$ref": "/schemas/v2/server-common#zoweOptionalPath", + "description": "Path to node.js home directory. If node is at '/node/home/bin/node', than this would be '/node/home'" } } }, diff --git a/smpe/bld/SMPMCS.txt b/smpe/bld/SMPMCS.txt index fcc7d6ff55..4faee84ef7 100755 --- a/smpe/bld/SMPMCS.txt +++ b/smpe/bld/SMPMCS.txt @@ -36,8 +36,6 @@ ++SAMP(ZWEOCOPY) SYSLIB(SZWEEXEC) DISTLIB(AZWESAMP) RELFILE(2) . ++SAMP(ZWECSRVS) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . ++SAMP(ZWECSVSM) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . -++SAMP(ZWEKRING) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . -++SAMP(ZWENOKYR) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . ++SAMP(ZWEGENER) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . ++SAMP(ZWEIACF) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . ++SAMP(ZWEIACFZ) SYSLIB(SZWESAMP) DISTLIB(AZWESAMP) RELFILE(2) . diff --git a/workflows/files/ZWECONF.xml b/workflows/files/ZWECONF.xml index 5d725d8adf..46028f9421 100644 --- a/workflows/files/ZWECONF.xml +++ b/workflows/files/ZWECONF.xml @@ -1565,9 +1565,10 @@ How we want to verify SSL certificates of services. Valid values are: - + Ensure that the values are correct.
- zowe.yaml file is created in the: ${instance-zowe_runtimeDirectory} directory

+ zowe.yaml file is created in the: ${instance-zowe_runtimeDirectory} directory
+ ${instance-zowe_setup_dataset_jcllib} is created.

NOTE: If you run this workflow outside of PSWI (SMP/E or convenience build), you might encounter a folder write permission issue.
To solve the issue, run the following command in USS:
chmod 775 ${instance-zowe_runtimeDirectory}
@@ -2419,6 +2420,12 @@ echo '# files-api:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo '# enabled: false' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo '# caching-service:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo '# enabled: false' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" + +export JAVA_HOME='${instance-java_home}' +export NODE_HOME='${instance-node_home}' +export PATH=$PATH:'${instance-zowe_runtimeDirectory}/bin' + +zwe init generate --allow-overwrite -c '${instance-zowe_runtimeDirectory}/zowe.yaml' ]]> shell-JCL 1024 diff --git a/workflows/templates/ZWESECUR.vtl b/workflows/templates/ZWESECUR.vtl index 25c2f367c2..7a794ae84c 100644 --- a/workflows/templates/ZWESECUR.vtl +++ b/workflows/templates/ZWESECUR.vtl @@ -35,6 +35,7 @@ //* 1) Add job name and job parameters to the JOB statement, to //* meet your system requirements. //* +#if($ibmTemplate != 'YES') //* 2) Update the SET PRODUCT= statement to match your security //* product. //* @@ -65,6 +66,7 @@ //* 11) Update the SET SYSPROG= statement to match the existing //* user ID or group used by z/OS system programmers. //* +#end //* 12) When not using AUTOUID and AUTOGID to assign z/OS UNIX UID //* and GID values, update the SET *ID= statements to match the //* desired UID and GID values. @@ -99,19 +101,16 @@ #if($ibmTemplate == 'YES') // EXPORT SYMLIST=* //* -// SET PRODUCT=RACF * RACF, ACF2, or TSS -//* 12345678 -// SET ADMINGRP=ZWEADMIN * group for Zowe administrators -// SET STCGRP=&ADMINGRP. * group for Zowe started tasks -// SET ZOWEUSER=ZWESVUSR * userid for Zowe started task -// SET ZISUSER=ZWESIUSR * userid for ZIS started task -// SET ZOWESTC=ZWESVSTC * Zowe started task name -// SET ZLNCHSTC=ZWESLSTC * Zowe started task name for HA -// SET ZISSTC=ZWESISTC * ZIS started task name -// SET AUXSTC=ZWESASTC * ZIS AUX started task name -// SET HLQ=ZWE * data set high level qualifier -// SET SYSPROG=&ADMINGRP. * system programmer user ID/group -//* 12345678 +// SET PRODUCT=#[[{zowe.setup.security.product}]]# +// SET ADMINGRP=#[[{zowe.setup.security.groups.admin}]]# +// SET STCGRP=#[[{zowe.setup.security.groups.stc}]]# +// SET ZOWEUSER=#[[{zowe.setup.security.users.zowe}]]# +// SET ZISUSER=#[[{zowe.setup.security.users.zis}]]# +// SET ZOWESTC=#[[{zowe.setup.security.stcs.zowe}]]# +// SET ZISSTC=#[[{zowe.setup.security.stcs.zis}]]# +// SET AUXSTC=#[[{zowe.setup.security.stcs.aux}]]# +// SET HLQ=#[[{zowe.setup.dataset.prefix}]]# +// SET SYSPROG=#[[{zowe.setup.security.groups.sysProg}]]# //* //* The sample RACF and ACF2 commands assume AUTOUID and AUTOGID are //* enabled. When this is not the case, or you are using Top Secret,