How To
Summary
Detail the steps needed to download and install a DWC on z/OS which uses a DB2 installation database
and does not require the use of an OMVS SUPERUSER to run the installation scripts.
Objective
Have DWC running on z/OS under a userid that does not have UID=0, and RACF users can logon to the DWC and be assigned a role.
Steps
Last modified March 26, 2024 to add ZWSTECHNOTE and DWCZOS to the subject and mention 10.1 FP1 and HIGHER
Also modified May 26, 2023. Modifications are indicated by a triple vertical bar '|||' in the lefthand margin (sections 15 and 17)
Also modified April 21, 2023. Modifications are indicated by a double vertical bar '||' in the lefthand margin.
Also modified April 7, 2023. Modifications are indicated by a single vertical bar '|' in the lefthand margin.
The key to this install is that the userid ( DWC_ADMIN_USER will be the parameter set
to this RACF userid xxxxxxx) has READWRITE access to all the USS directories that are needed:
to this RACF userid xxxxxxx) has READWRITE access to all the USS directories that are needed:
DWC_INST_DIR=/u/stephen/DWCA1FP1
WORK_DIR=/u/stephen/fp1
DATA_DIR=/u/stephen/DWCA1FP1/DWC_DATA
WORK_DIR=/u/stephen/fp1
DATA_DIR=/u/stephen/DWCA1FP1/DWC_DATA
In addition the DWC_ADMIN_USER must be able to create directories (mkdir)
for the DWC_INST_DIR. The zFS allocation JCL shown later ensure this.
for the DWC_INST_DIR. The zFS allocation JCL shown later ensure this.
|| Note: The DWC_INST_DIR and WORK_DIR cannot be the same directories.
NOTE:
| Because DWC defines multiple tables in a single tablespace it will not work if CURRENT FUNCTION LEVEL
| for DB2 is V12R1M504 or higher. The APPLCOMPAT parameter can override the CODE LEVEL for DB2
| Example:
SET CURRENT APPLICATION COMPATIBILTY = 'V12R1M500';
|| To further clarify the issue with DB2 V12R1M504 or higher:
|| There is an open APAR IJ45143 that will address this issue, and open PTFs on the zWS side for APAR PH53936,
|| so this is a temporary procedure until these APARs have been resolved.
|| so this is a temporary procedure until these APARs have been resolved.
|| If the DB2 database was previously defined and the configureDb.sh script failed, you should delete the database
|| (DROP DATABASE then DROP STOGROUP) then run the EQQINDWC job again.
|| (DROP DATABASE then DROP STOGROUP) then run the EQQINDWC job again.
|| If you have not previously created the database you can just run EQQINDWC as indicated below.
|| If the PTFs for PH53936 have not been applied, edit your EQQINDWC JCL and
|| add this statement BEFORE the first create statement:
|| add this statement BEFORE the first create statement:
SET CURRENT APPLICATION COMPATIBILITY = 'V10R1';
|| then submit the job. By having the compatibility DB2 will accept that we create multiple tables
|| within a single tablespace.
|| within a single tablespace.
|| Before running the configureDb.sh script you need to edit the configureDbDb2z.properties file and change it to have
EXEC_GENERATED_SQL=FALSE
|| Then run configureDb.sh and the script will run and create a file containing the necessary SQL in
|| your WORK_DIR/dblighttool/customSQL.sql but it will not execute the SQL.
|| your WORK_DIR/dblighttool/customSQL.sql but it will not execute the SQL.
|| Next add the same compatibility statement listed above for the EQQINDWC job to the customSQL.sql file, and run this
|| SQL using something like SPUFI for DB2. After this you should be able to continue on to running the dwcinst.sh
|| script.
|| SQL using something like SPUFI for DB2. After this you should be able to continue on to running the dwcinst.sh
|| script.
In preparation for the install, you will need about 4400 cylinders of DASD space
|| for the 2 zFS files (3 zFS files if DWC_INST_DIR and WORK_DIR are not on the same zFS file),
|| for the 2 zFS files (3 zFS files if DWC_INST_DIR and WORK_DIR are not on the same zFS file),
and you will need to have 4 ports which are not already in use or reserved for a task other than your
DWC server started task.
These ports will be used in the configDropins/overrides ports_variables.xml file:
These ports will be used in the configDropins/overrides ports_variables.xml file:
example:
<variable name="host.http.port" value="4444"/>
<variable name="host.https.port" value="4443"/>
<variable name="host.bootstrap.port" value="12800"/>
<variable name="host.bootstrap.port.sec" value="19400"/>
<variable name="host.http.port" value="4444"/>
<variable name="host.https.port" value="4443"/>
<variable name="host.bootstrap.port" value="12800"/>
<variable name="host.bootstrap.port.sec" value="19400"/>
To ensure that these ports are available, run these commands
for each of the 4 ports:
for each of the 4 ports:
TSO NETSTAT CONN (port xxxxx
TSO NETSTAT PORTLIST (port xxxxx
TSO NETSTAT PORTLIST (port xxxxx
There are various RACF rules that will be needed; these can be
done before starting the DWC server task after the installation
has been completed.
done before starting the DWC server task after the installation
has been completed.
Steps:
(1) Copy file from FIX CENTRAL to your workstation or your z/OS LPAR:
FiX CENTRAL:
https://www-945.ibm.com/support/fixcentral/
https://www-945.ibm.com/support/fixcentral/
File:
10.1.0.1-2022.11-IWS-CONSOLE-Z_USS.pax
10.1.0.1-2022.11-IWS-CONSOLE-Z_USS.pax
(2) Create a new zFS to hold the pax file and the "un-paxed" files.
Example:
//STEP1 EXEC PGM=IDCAMS
//SYSPRINT DD SYSOUT=*
//SYSIN DD *
DEFINE CLUSTER (NAME(ZWS.DWCA10.FP1PAX.ZFS) -
VOLUMES(I#US06) -
LINEAR CYL(2000 100) SHAREOPTIONS(2))
//STEP2 EXEC PGM=IOEAGFMT,REGION=0M,
// PARM=('-aggregate ZWS.DWCA10.FP1PAX.ZFS -perms o775 -group APC x
// -owner STEPHEN')
//SYSPRINT DD SYSOUT=*
//STDOUT DD SYSOUT=*
//STDERR DD SYSOUT=*
//SYSUDUMP DD SYSOUT=*
//CEEDUMP DD SYSOUT=*
//SYSPRINT DD SYSOUT=*
//SYSIN DD *
DEFINE CLUSTER (NAME(ZWS.DWCA10.FP1PAX.ZFS) -
VOLUMES(I#US06) -
LINEAR CYL(2000 100) SHAREOPTIONS(2))
//STEP2 EXEC PGM=IOEAGFMT,REGION=0M,
// PARM=('-aggregate ZWS.DWCA10.FP1PAX.ZFS -perms o775 -group APC x
// -owner STEPHEN')
//SYSPRINT DD SYSOUT=*
//STDOUT DD SYSOUT=*
//STDERR DD SYSOUT=*
//SYSUDUMP DD SYSOUT=*
//CEEDUMP DD SYSOUT=*
(3)Mount this file
MOUNT FILESYSTEM('ZWS.DWA10.FP1PAX.ZFS') TYPE(ZFS) MODE(RDWR)
PARM('AGGRGROW') MOUNTPOINT('/var/STEPHEN/PAXFP1') UNMOUNT
PARM('AGGRGROW') MOUNTPOINT('/var/STEPHEN/PAXFP1') UNMOUNT
(4) If not already on z/OS, FTP the pax file to the mount point:
example:
C:\Users\stephen.viola\Downloads
ftp 10.134.71.222
bin
put 10.1.0.1-2022.11-IWS-CONSOLE-Z_USS.pax /var/STEPHEN/PAXFP1/USS.pax
ftp 10.134.71.222
bin
put 10.1.0.1-2022.11-IWS-CONSOLE-Z_USS.pax /var/STEPHEN/PAXFP1/USS.pax
ftp: 817947648 bytes sent
(5) Un-pax the file:
cd /var/STEPHEN/PAXFP1
pax -rf USS.pax
pax -rf USS.pax
(|| 6) Create and mount a zFS to hold the USERDIR (DWC_INST_DIR)at the desired mount point.
| Note: the 'x' on the PARM= line must be in column 72 to indicate a continuation to the next line
//STEP1 EXEC PGM=IDCAMS
//SYSPRINT DD SYSOUT=*
//SYSIN DD *
DEFINE CLUSTER (NAME(ZWS.DWCA10.NEW.FP1.ZFS) -
VOLUMES(I#US06) -
DATACLAS(DCEXT) -
LINEAR CYL(2400 1000) SHAREOPTIONS(2))
//STEP2 EXEC PGM=IOEAGFMT,REGION=0M,
// PARM=('-aggregate ZWS.DWCA10.NEW.FP1.ZFS -perms o775 -group APC x
// -owner STEPHEN')
//SYSPRINT DD SYSOUT=*
//STDOUT DD SYSOUT=*
//STDERR DD SYSOUT=*
//SYSUDUMP DD SYSOUT=*
//CEEDUMP DD SYSOUT=*
//SYSPRINT DD SYSOUT=*
//SYSIN DD *
DEFINE CLUSTER (NAME(ZWS.DWCA10.NEW.FP1.ZFS) -
VOLUMES(I#US06) -
DATACLAS(DCEXT) -
LINEAR CYL(2400 1000) SHAREOPTIONS(2))
//STEP2 EXEC PGM=IOEAGFMT,REGION=0M,
// PARM=('-aggregate ZWS.DWCA10.NEW.FP1.ZFS -perms o775 -group APC x
// -owner STEPHEN')
//SYSPRINT DD SYSOUT=*
//STDOUT DD SYSOUT=*
//STDERR DD SYSOUT=*
//SYSUDUMP DD SYSOUT=*
//CEEDUMP DD SYSOUT=*
|| If needed define another zFS file for the WORK_DIR directory
NOTE: At this point to create a new DB2 database proceed to step (7).
If the DWC was previously installed with a DB2 database, refer to the documentation in the topic:
"Updating the Dynamic Workload Console" in the IBM Workload Scheduler: Planning and Installation manual.
(https://www.ibm.com/docs/en/SSGSPN_10.1.0/awspimst.pdf) then proceed to step (10).
(7) Create a VCAT for DB2
If the DWC was previously installed with a DB2 database, refer to the documentation in the topic:
"Updating the Dynamic Workload Console" in the IBM Workload Scheduler: Planning and Installation manual.
(https://www.ibm.com/docs/en/SSGSPN_10.1.0/awspimst.pdf) then proceed to step (10).
(7) Create a VCAT for DB2
Example:
//DEFALIAS EXEC PGM=IDCAMS
//SYSPRINT DD SYSOUT=*
//SYSIN DD *
DEF ALIAS(NAME(DWCAFP1) REL(CATALOG.USER.SYSPLEXI)) -
CAT(CATALOG.MASTER.SYSPLEXI)
/*
//*
//IKJEFT01 EXEC PGM=IKJEFT01
//SYSPRINT DD SYSOUT=*
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *
PROFILE NOPREF
AG DWCAFP1 DATA('IBM Workload prod VCAT') OWNER(SYSADMIN) +
SUPGROUP(SYSADMIN)
AD DWCAFP1.** +
OWNER(SYSADMIN) UACC(READ) +
DATA('IBM Workload prod VCAT')
PE 'DWCAFP1.**' ACCESS(ALTER) ID(STCDB2)
PE 'DWCAFP1.**' ACCESS(ALTER) ID(SYSADMIN)
PE 'DWCAFP1.**' ACCESS(ALTER) ID(APC)
SETR REFR GENERIC(DATASET)
/*
//SYSPRINT DD SYSOUT=*
//SYSIN DD *
DEF ALIAS(NAME(DWCAFP1) REL(CATALOG.USER.SYSPLEXI)) -
CAT(CATALOG.MASTER.SYSPLEXI)
/*
//*
//IKJEFT01 EXEC PGM=IKJEFT01
//SYSPRINT DD SYSOUT=*
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *
PROFILE NOPREF
AG DWCAFP1 DATA('IBM Workload prod VCAT') OWNER(SYSADMIN) +
SUPGROUP(SYSADMIN)
AD DWCAFP1.** +
OWNER(SYSADMIN) UACC(READ) +
DATA('IBM Workload prod VCAT')
PE 'DWCAFP1.**' ACCESS(ALTER) ID(STCDB2)
PE 'DWCAFP1.**' ACCESS(ALTER) ID(SYSADMIN)
PE 'DWCAFP1.**' ACCESS(ALTER) ID(APC)
SETR REFR GENERIC(DATASET)
/*
(8) Run EQQINDWC using the VCAT just created:
Example:
//EQQINDWC EXEC PGM=IKJEFT01,DYNAMNBR=20
//SYSPRINT DD SYSOUT=*
//STEPLIB DD DISP=SHR,DSN=DB2VC10.DCI4.SDSNEXIT
// DD DISP=SHR,DSN=DB2.VC10.SDSNLOAD
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *
DSN SYSTEM(DCI4)
RUN PROGRAM(DSNTIAD) PLAN(DSNTIA12) LIB('DB2VC10.DCI4.RUNLIB.LOAD')
//SYSPRINT DD SYSOUT=*
//SYSUDUMP DD SYSOUT=*
//SYSIN DD *
//SYSPRINT DD SYSOUT=*
//STEPLIB DD DISP=SHR,DSN=DB2VC10.DCI4.SDSNEXIT
// DD DISP=SHR,DSN=DB2.VC10.SDSNLOAD
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *
DSN SYSTEM(DCI4)
RUN PROGRAM(DSNTIAD) PLAN(DSNTIA12) LIB('DB2VC10.DCI4.RUNLIB.LOAD')
//SYSPRINT DD SYSOUT=*
//SYSUDUMP DD SYSOUT=*
//SYSIN DD *
SET CURRENT APPLICATION COMPATIBILTY = 'V12R1M500';
CREATE STOGROUP VADWC1 VOLUMES(I#US06) VCAT DWCAFP1;
CREATE DATABASE VAFP1
BUFFERPOOL BP0
INDEXBP BP16K0
STOGROUP VADWC1
CCSID UNICODE;
COMMIT;
(9) Create a new userid to be the DB2 user (DB_USER) if needed.
CREATE STOGROUP VADWC1 VOLUMES(I#US06) VCAT DWCAFP1;
CREATE DATABASE VAFP1
BUFFERPOOL BP0
INDEXBP BP16K0
STOGROUP VADWC1
CCSID UNICODE;
COMMIT;
(9) Create a new userid to be the DB2 user (DB_USER) if needed.
Note: DB_USER does not require special privileges for DB2 however
| the DB_ADMIN_USER should have DB2 SYSADM authority
| the DB_ADMIN_USER should have DB2 SYSADM authority
(10) Modify the configureDbDb2z.properties file in the directory from step (3):
Note: some parameter values come from the DB2 MSTR task. Look for this message in JESMSGLG:
DSNL004I -DCI4 DDF START COMPLETE 729
LOCATION QXPWSI4DCI4 <==ZLOCATION_NAME
LU AUIBMQXP.WSI1DCI4
GENERICLU -NONE
DOMAIN hclwsi4.prod.hclpnp.com <==DB_HOST_NAME
TCPPORT 5009 <==DB_PORT
SECPORT 0
RESPORT 5010
IPNAME -NONE
OPTIONS:
PKGREL = COMMIT
See attached file configureDbDb2z.properties for an example.
These parameters are important:
LOCATION QXPWSI4DCI4 <==ZLOCATION_NAME
LU AUIBMQXP.WSI1DCI4
GENERICLU -NONE
DOMAIN hclwsi4.prod.hclpnp.com <==DB_HOST_NAME
TCPPORT 5009 <==DB_PORT
SECPORT 0
RESPORT 5010
IPNAME -NONE
OPTIONS:
PKGREL = COMMIT
See attached file configureDbDb2z.properties for an example.
These parameters are important:
WORK_DIR=/u/stephen/fp1
CONFDB_LOG_DIR=/u/stephen/fp1
RDBMS_TYPE=DB2Z
COMPONENT_TYPE=DWC
ZLOCATION_NAME=QXPWSI4DCI4
DB_NAME=VAFP1 <== from EQQINDWC job
DB_HOST_NAME=hclwsi4.prod.hclpnp.com
DB_PORT=5009
DB_ADMIN_USER=STEPHEN
DB_ADMIN_USER_PWD=********************
DB_USER=VAFP1
DB_PASSWORD=*****************
CONFDB_LOG_DIR=/u/stephen/fp1
RDBMS_TYPE=DB2Z
COMPONENT_TYPE=DWC
ZLOCATION_NAME=QXPWSI4DCI4
DB_NAME=VAFP1 <== from EQQINDWC job
DB_HOST_NAME=hclwsi4.prod.hclpnp.com
DB_PORT=5009
DB_ADMIN_USER=STEPHEN
DB_ADMIN_USER_PWD=********************
DB_USER=VAFP1
DB_PASSWORD=*****************
(11) Run configureDb.sh:
| Do this under OMVS when logged on as DB_ADMIN_USER
example:
$ cd /var/STEPHEN/PAXFP1
$ PATH=/bin:/apc/java800/64bit/usr/lpp/java/J8.0_64/bin
$ export PATH
$ JAVA_HOME=/apc/java800/64bit/usr/lpp/java/J8.0_64
$ export JAVA_HOME
$ ./configureDb.sh -f /var/STEPHEN/PAXFP1/configureDbDb2z.properties
Messages for a successful install (example):
WAINST093I Checking connection to the database VAFP1 on host hclwsi4.prod.hclpnp
.com on port 5009 with user STEPHEN.
WAINST091I Check version.
WAINST092I Update database.
WAINST077I The database has been successfully created or updated.
WAINST052I The command configureDb has completed successfully.
WAINST035I For more details see the installation log file: /u/stephen/fp1/instal
lation/logs/configureDb_10.1.0.01.log.
.com on port 5009 with user STEPHEN.
WAINST091I Check version.
WAINST092I Update database.
WAINST077I The database has been successfully created or updated.
WAINST052I The command configureDb has completed successfully.
WAINST035I For more details see the installation log file: /u/stephen/fp1/instal
lation/logs/configureDb_10.1.0.01.log.
(12) Edit dwcinst.properties in the direction from step (3) to have the appropriate values
See attached file dwcinst.properties for an example.
These parameters are important:
DWC_INST_DIR=/u/stephen/DWCA1FP1
WORK_DIR=/u/stephen/fp1 (*)
DATA_DIR=/u/stephen/DWCA1FP1/DWC_DATA
DWC_ADMIN_USER=STEPHEN (*)
DWC_ADMIN_PW=**************** (*)
START_WLP=false
ZLOCATION_NAME=QXPWSI4DCI4 (*)
DB_NAME=VAFP1 (*)
DB_HOST_NAME=hclwsi4.prod.hclpnp.com (*)
DB_PORT=5009 (*)
DB_USER=VAFP1 (*)
DB_PASSWORD=******************* (*)
WLP_INSTALL_DIR=/usr/lpp/liberty_zos/current
HTTP_PORT=4444
HTTPS_PORT=4443
BOOTSTRAP_PORT=12800
BOOTSTRAP_SEC_PORT=19400
WORK_DIR=/u/stephen/fp1 (*)
DATA_DIR=/u/stephen/DWCA1FP1/DWC_DATA
DWC_ADMIN_USER=STEPHEN (*)
DWC_ADMIN_PW=**************** (*)
START_WLP=false
ZLOCATION_NAME=QXPWSI4DCI4 (*)
DB_NAME=VAFP1 (*)
DB_HOST_NAME=hclwsi4.prod.hclpnp.com (*)
DB_PORT=5009 (*)
DB_USER=VAFP1 (*)
DB_PASSWORD=******************* (*)
WLP_INSTALL_DIR=/usr/lpp/liberty_zos/current
HTTP_PORT=4444
HTTPS_PORT=4443
BOOTSTRAP_PORT=12800
BOOTSTRAP_SEC_PORT=19400
(*) means the value must be the same as in the configureDbDb2z.properties file
(13) Run dwcinst.sh under OMVS when logged on as DWC_ADMIN_USER
example:
$ cd /var/STEPHEN/PAXFP1
$ PATH=/bin:/apc/java800/64bit/usr/lpp/java/J8.0_64/bin
$ export PATH
$ JAVA_HOME=/apc/java800/64bit/usr/lpp/java/J8.0_64
$ export JAVA_HOME
$ ./dwcinst.sh -f /var/STEPHEN/PAXFP1/dwcinst.properties
$ PATH=/bin:/apc/java800/64bit/usr/lpp/java/J8.0_64/bin
$ export PATH
$ JAVA_HOME=/apc/java800/64bit/usr/lpp/java/J8.0_64
$ export JAVA_HOME
$ ./dwcinst.sh -f /var/STEPHEN/PAXFP1/dwcinst.properties
Sample messages from a successful execution:
WAINST208I Checking WLP.
WAINST200I Configuring WLP.
WAINST201I Configuring data source.
WAINST055I Updating registry.
WAINST035I For more details see the installation log file: /u/stephen/DWCA1FP1/D
WC_DATA/installation/logs/dwcinst_10.1.0.01.log.
WAINST023I The installation has completed successfully.
WAINST006I Browse to this URL with a browser: https://HCLWSI4.prod.hclpnp.com:4443/console/login.jsp
(14) DWC is now installed with a DB2 database. Since option START_WLP=false was used,
modifications can be made to the configDropins/overrides files and other files before starting
the DWC server as a started task. Samples for all these files are attached.
WAINST208I Checking WLP.
WAINST200I Configuring WLP.
WAINST201I Configuring data source.
WAINST055I Updating registry.
WAINST035I For more details see the installation log file: /u/stephen/DWCA1FP1/D
WC_DATA/installation/logs/dwcinst_10.1.0.01.log.
WAINST023I The installation has completed successfully.
WAINST006I Browse to this URL with a browser: https://HCLWSI4.prod.hclpnp.com:4443/console/login.jsp
(14) DWC is now installed with a DB2 database. Since option START_WLP=false was used,
modifications can be made to the configDropins/overrides files and other files before starting
the DWC server as a started task. Samples for all these files are attached.
(A)DWC_INST_DIR/usr/servers/dwcServer/bootstrap.properties
add: com.ibm.ws.tcpchannel.useZosAio=false
(B) DWC_INST_DIR/usr/servers/dwcServer/server.xml
add: server.xml file and in the <featureManager> field add <feature>zosSecurity-1.0</feature>
(C) DATA_DIR/usr/servers/dwcServer/configDrops/overrides/authentication_config.xml
add:
<!-- SAF user registry -->
<safRegistry id="saf" realm="SAFRealm" >
<safRegistry reportPasswordExpired="true" reportUserRevoked="true"/>
<safAuthorization />
<safCredentials profilePrefix="BBGZDFLT"
unauthenticatedUser="WSGUEST"
mapDistributedIdentities="true" />
<safRoleMapper profilePattern="%profilePrefix%.%resource%.%role%"
toUpperCase="false" />
</safRegistry>
<safRegistry id="saf" realm="SAFRealm" >
<safRegistry reportPasswordExpired="true" reportUserRevoked="true"/>
<safAuthorization />
<safCredentials profilePrefix="BBGZDFLT"
unauthenticatedUser="WSGUEST"
mapDistributedIdentities="true" />
<safRoleMapper profilePattern="%profilePrefix%.%resource%.%role%"
toUpperCase="false" />
</safRegistry>
(D) DATA_DIR/usr/servers/dwcServer/configDrops/overrides/connectionFactory.xml
For zos engine connections, create this or copy unchanged from an earlier
DWC installation. See technote: https://www.ibm.com/support/pages/node/1170190
DWC installation. See technote: https://www.ibm.com/support/pages/node/1170190
(15) RACF changes:
(A) To have your DWC server task run under DWC_ADMIN_USER for example:
RDEFINE STARTED BBGZSRV4.* -
STDATA(USER(STEPHEN) GROUP(APC) TRUSTED(NO))
SETR REFR RACL(STARTED)
RDEFINE STARTED BBGZSRV4.* -
STDATA(USER(STEPHEN) GROUP(APC) TRUSTED(NO))
SETR REFR RACL(STARTED)
(B) To avoid ICH408I messages in the DWC server task:
Example where APC is the default group for the DWC_ADMIN_USER:
PERMIT BBG.ANGEL CL(SERVER) ID(APC) ACC(READ)
PERMIT BBG.AUTHMOD.BBGZSAFM CL(SERVER) ID(APC) ACC(READ)
PERMIT BBG.AUTHMOD.BBGZSAFM.ZOSWLM CL(SERVER ) ID(APC) ACC(READ)
PERMIT BBG.AUTHMOD.BBGZSAFM.TXRRS CL(SERVER ) ID(APC) ACC(READ)
PERMIT BBG.AUTHMOD.BBGZSAFM.SAFCRED CL(SERVER ) ID(APC) ACC(READ)
PERMIT BBG.AUTHMOD.BBGZSAFM.ZOSAIO CL(SERVER ) ID(APC) ACC(READ)
PERMIT BBG.AUTHMOD.BBGZSAFM.ZOSDUMP CL(SERVER ) ID(APC) ACC(READ)
PERMIT BBG.AUTHMOD.BBGZSAFM.LOCALCOM CL(SERVER ) ID(APC) ACC(READ)
PERMIT BBG.AUTHMOD.BBGZSAFM.WOLA CL(SERVER ) ID(APC) ACC(READ)
PERMIT BBG.AUTHMOD.BBGZSAFM.PRODMGR CL(SERVER ) ID(APC) ACC(READ)
PERMIT BBG.AUTHMOD.BBGZSCFM CL(SERVER ) ID(APC) ACC(READ)
PERMIT BBG.AUTHMOD.BBGZSCFM.WOLA CL(SERVER ) ID(APC) ACC(READ)
SETR REFR GENERIC(SERVER)
PERMIT BBG.ANGEL CL(SERVER) ID(APC) ACC(READ)
PERMIT BBG.AUTHMOD.BBGZSAFM CL(SERVER) ID(APC) ACC(READ)
PERMIT BBG.AUTHMOD.BBGZSAFM.ZOSWLM CL(SERVER ) ID(APC) ACC(READ)
PERMIT BBG.AUTHMOD.BBGZSAFM.TXRRS CL(SERVER ) ID(APC) ACC(READ)
PERMIT BBG.AUTHMOD.BBGZSAFM.SAFCRED CL(SERVER ) ID(APC) ACC(READ)
PERMIT BBG.AUTHMOD.BBGZSAFM.ZOSAIO CL(SERVER ) ID(APC) ACC(READ)
PERMIT BBG.AUTHMOD.BBGZSAFM.ZOSDUMP CL(SERVER ) ID(APC) ACC(READ)
PERMIT BBG.AUTHMOD.BBGZSAFM.LOCALCOM CL(SERVER ) ID(APC) ACC(READ)
PERMIT BBG.AUTHMOD.BBGZSAFM.WOLA CL(SERVER ) ID(APC) ACC(READ)
PERMIT BBG.AUTHMOD.BBGZSAFM.PRODMGR CL(SERVER ) ID(APC) ACC(READ)
PERMIT BBG.AUTHMOD.BBGZSCFM CL(SERVER ) ID(APC) ACC(READ)
PERMIT BBG.AUTHMOD.BBGZSCFM.WOLA CL(SERVER ) ID(APC) ACC(READ)
SETR REFR GENERIC(SERVER)
(C) To allow logon to DWC with RACF userid and password in lower case:
PERMIT BBG.SECPFX.BBGZDFLT CLASS(SERVER) ACCESS(READ) ID(APC)
SETR REFR GENERIC(SERVER)
SETR REFR GENERIC(SERVER)
(D) To allow different DWC roles to be assigned for RACF users, have
RACF groups defined for each role that you want to use. These
groups must have an OMVS segment (GID):
RACF groups defined for each role that you want to use. These
groups must have an OMVS segment (GID):
||| added OMVS(AUTOGID) to the AG (add group) commands below
Example:
AG APIUSER DATA('DWC API USER') OMVS(AUTOGID)
AG ANALYST DATA('DWC ANALYST') OMVS(AUTOGID)
AG BROKER DATA('DWC BROKER') OMVS(AUTOGID)
AG DEVELOP DATA('DWC DEVELOPER') OMVS(AUTOGID)
AG MOBILE DATA('DWC MOBILE USER') OMVS(AUTOGID)
AG OPERATOR DATA('DWC OPERATOR') OMVS(AUTOGID)
AG ANALYST DATA('DWC ANALYST') OMVS(AUTOGID)
AG BROKER DATA('DWC BROKER') OMVS(AUTOGID)
AG DEVELOP DATA('DWC DEVELOPER') OMVS(AUTOGID)
AG MOBILE DATA('DWC MOBILE USER') OMVS(AUTOGID)
AG OPERATOR DATA('DWC OPERATOR') OMVS(AUTOGID)
The default group of DWC_ADMIN_USER (APC in this example) can be used for the administrator role.
Example of creating a separate group for the DEVELOPER role:
AG DEVELOP DATA('DWC DEVELOPER') OWNER(USERS) +
SUPGROUP(USERS) OMVS(GID(226))
SUPGROUP(USERS) OMVS(GID(226))
Define one or more userids with DEVELOP as their default group
USERS group for this example:
INFORMATION FOR GROUP USERS
SUPERIOR GROUP=SYS1 OWNER=IBMUSER
(16) After making the changes in steps (14) and (15) the
ANGEL process (default name BBGZANGL) can be started if it is
not already running, then the DWC server started task can be started.
SUPERIOR GROUP=SYS1 OWNER=IBMUSER
(16) After making the changes in steps (14) and (15) the
ANGEL process (default name BBGZANGL) can be started if it is
not already running, then the DWC server started task can be started.
(17) Logon to the DWC from a browser using the DWC_ADMIN_USER id. The URL to use is given in message WAINST006I when dwcinst.sh is run
Example:
WAINST006I Browse to this URL with a browser: https://HCLWSI4.prod.hclpnp.com:4443/console/login.jsp
Once logged on, go to Administration--> Manage Roles, and add a GROUP name to each role that you want to use.
The GROUP must be RACF group that has an OMVS segment (GID).
Once you have done the Managed Roles, any RACF userid should be able to logon to the DWC, using their
||| normal RACF userid and password, as long as some group that is connected to their userid in RACF has been associated with a DWC role.
(18) Summary of the important files related to the DWC:
/var/STEPHEN/PAXFP1
dwcinst.properties
configureDbDb2z.properties
dwcinst.properties
configureDbDb2z.properties
/u/stephen/DWCA1FP1/DWC_DATA/usr/servers/dwcServer/configDropins/overrides
authentication_config.xml
connectionFactory.xml
datasource.xml
host_variables.xml
ports_variables.xml
wauser_variables.xml
authentication_config.xml
connectionFactory.xml
datasource.xml
host_variables.xml
ports_variables.xml
wauser_variables.xml
/u/stephen/DWCA1FP1/usr/servers/dwcServer
bootstrap.properties
server.xml
bootstrap.properties
server.xml
Samples for these files are attached
(19) Example of making a backup copy of the files in step (19)
C:\>cd DWCV10FP1
C:\DWCV10FP1>ftp 10.134.71.222
C:\DWCV10FP1>ftp 10.134.71.222
ftp> get /var/STEPHEN/PAXFP1/dwcinst.properties dwcinst.properties
ftp> get /var/STEPHEN/PAXFP1/configureDbDb2z.properties configureDbDb2z.properties
bin
ftp> get /u/stephen/DWCA1FP1/DWC_DATA/usr/servers/dwcServer/configDropins/overrides/authentication_config.xml authentication_config.xml
ftp> get /u/stephen/DWCA1FP1/DWC_DATA/usr/servers/dwcServer/configDropins/overrides/connectionFactory.xml connectionFactory.xml
ftp> get /u/stephen/DWCA1FP1/DWC_DATA/usr/servers/dwcServer/configDropins/overrides/datasource.xml datasource.xml
ftp> get /u/stephen/DWCA1FP1/DWC_DATA/usr/servers/dwcServer/configDropins/overrides/host_variables.xml host_variables.xml
ftp> get /u/stephen/DWCA1FP1/DWC_DATA/usr/servers/dwcServer/configDropins/overrides/ports_variables.xml ports_variables.xml
ftp> get /u/stephen/DWCA1FP1/DWC_DATA/usr/servers/dwcServer/configDropins/overrides/wauser_variables.xml wauser_variables.xml
ftp> ascii
ftp> get /u/stephen/DWCA1FP1/usr/servers/dwcServer/bootstrap.properties bootstrap.properties
ftp> bin
ftp> get /u/stephen/DWCA1FP1/usr/servers/dwcServer/server.xml server.xml
ftp> get /var/STEPHEN/PAXFP1/configureDbDb2z.properties configureDbDb2z.properties
bin
ftp> get /u/stephen/DWCA1FP1/DWC_DATA/usr/servers/dwcServer/configDropins/overrides/authentication_config.xml authentication_config.xml
ftp> get /u/stephen/DWCA1FP1/DWC_DATA/usr/servers/dwcServer/configDropins/overrides/connectionFactory.xml connectionFactory.xml
ftp> get /u/stephen/DWCA1FP1/DWC_DATA/usr/servers/dwcServer/configDropins/overrides/datasource.xml datasource.xml
ftp> get /u/stephen/DWCA1FP1/DWC_DATA/usr/servers/dwcServer/configDropins/overrides/host_variables.xml host_variables.xml
ftp> get /u/stephen/DWCA1FP1/DWC_DATA/usr/servers/dwcServer/configDropins/overrides/ports_variables.xml ports_variables.xml
ftp> get /u/stephen/DWCA1FP1/DWC_DATA/usr/servers/dwcServer/configDropins/overrides/wauser_variables.xml wauser_variables.xml
ftp> ascii
ftp> get /u/stephen/DWCA1FP1/usr/servers/dwcServer/bootstrap.properties bootstrap.properties
ftp> bin
ftp> get /u/stephen/DWCA1FP1/usr/servers/dwcServer/server.xml server.xml
(20) Sample ANGEL process started task:
//BBGZANGL PROC PARMS='',COLD=N,NAME='',SAFLOG=Y
//* changed SAFLOG=N to SAFLOG=Y 12/29/2021 10:04 AM
//*------------------------------------------------------------------
// SET ROOT='/usr/lpp/liberty_zos/current'
//*------------------------------------------------------------------
//* Start the Liberty angel process
//*------------------------------------------------------------------
//* This proc may be overwritten by fixpacks or iFixes.
//* You must copy to another location before customizing.
//*------------------------------------------------------------------
//STEP1 EXEC PGM=BPXBATA2,REGION=0M,TIME=NOLIMIT,
// PARM='PGM &ROOT./lib/native/zos/s390x/bbgzangl COLD=&COLD NAME=X
// &NAME &PARMS SAFLOG=&SAFLOG'
//STDOUT DD SYSOUT=*
//STDERR DD SYSOUT=*
//* changed SAFLOG=N to SAFLOG=Y 12/29/2021 10:04 AM
//*------------------------------------------------------------------
// SET ROOT='/usr/lpp/liberty_zos/current'
//*------------------------------------------------------------------
//* Start the Liberty angel process
//*------------------------------------------------------------------
//* This proc may be overwritten by fixpacks or iFixes.
//* You must copy to another location before customizing.
//*------------------------------------------------------------------
//STEP1 EXEC PGM=BPXBATA2,REGION=0M,TIME=NOLIMIT,
// PARM='PGM &ROOT./lib/native/zos/s390x/bbgzangl COLD=&COLD NAME=X
// &NAME &PARMS SAFLOG=&SAFLOG'
//STDOUT DD SYSOUT=*
//STDERR DD SYSOUT=*
(21) Sample DWC server started task:
//BBGZSRV4 PROC PARMS='dwcServer'
// SET INSTDIR='/usr/lpp/liberty_zos/current
// SET USERDIR='/u/stephen/DWCA1FP1/usr' /* this is for 10.1 FP1 */
//STEP1 EXEC PGM=BPXBATSL,REGION=0M,TIME=NOLIMIT,
// PARM='PGM &INSTDIR./lib/native/zos/s390x/bbgzsrv &PARMS'
//WLPUDIR DD PATH='&USERDIR.'
//STDOUT DD SYSOUT=*
//STDERR DD SYSOUT=*
//MSGLOG DD SYSOUT=*
// SET INSTDIR='/usr/lpp/liberty_zos/current
// SET USERDIR='/u/stephen/DWCA1FP1/usr' /* this is for 10.1 FP1 */
//STEP1 EXEC PGM=BPXBATSL,REGION=0M,TIME=NOLIMIT,
// PARM='PGM &INSTDIR./lib/native/zos/s390x/bbgzsrv &PARMS'
//WLPUDIR DD PATH='&USERDIR.'
//STDOUT DD SYSOUT=*
//STDERR DD SYSOUT=*
//MSGLOG DD SYSOUT=*
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB35","label":"Mainframe SW"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSWL3F","label":"IBM Z Workload Scheduler"},"ARM Category":[{"code":"a8m0z0000001gqHAAQ","label":"ZOS-\u003EDWC-\u003Ezliberty technote needed"}],"ARM Case Number":"TS011723603","Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
26 March 2024
UID
ibm16857859