Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
8 replies Latest Post - ‏2009-09-28T13:28:18Z by JonathanPLawrence
SystemAdmin
SystemAdmin
23 Posts
ACCEPTED ANSWER

Pinned topic CA1S Install Questions/Comments

‏2009-09-23T18:25:10Z |
I have been installing CA1S today and have discovered the following issues that I cannot find anyone else referencing.
1) The delivered RDO "DEFINE" definitions provided in CA1S will not add through the batch "DFHCSDUP" utility, as the documentation indicates should work.
The first DFHCSDUP error appears as follows when the job input encounters the 1st URIMAP define request.
DEFINE URIMAP(CA1SHEL) GROUP(CA1SGRP)
STATUS(ENABLED) USAGE(PIPELINE) SCHEME(HTTP) HOST(*)
PATH(/ca1s/hellocics) TCPIPSERVICE(CA1STCP) ANALYZER(NO)
TRANSACTION(CPIH) PIPELINE(CA1SHEL) REDIRECTTYPE(NONE)
<Errors>
DFH5202 S INCORRECT SYNTAX FOR 'DEFINE' COMMAND. COMMAND NOT EXECUTED.
DFH5103 I ERROR(S) OCCURRED WHILE PROCESSING COMMAND.
DFH5104 W SUBSEQUENT COMMANDS (EXCEPT LIST) ARE NOT EXECUTED BECAUSE OF ERROR(S) ABOVE.

I have not been able to determine what the DEFINE command error is in the syntax. The same define data works fine online through CEDA; therefore, I have been forced to define each definition in RDO Group(CA1SGRP) online through CEDA.

2) No discussion exists in the documentation reference CICS and/or RACF security for any IBM transaction.
So my 1st attempt at executing "http://hostname:port/ca1s/hellocics" yields RACF ICH408I access failure messages referencing my CICS default User-ID and CICS transaction "CPIH'.
CPIH is defined in my CICS systems but no security access has been granted; especially to the default CICS user ID.

Now and into the future does this Tran-ID require "UACC=READ"???
If so, this is not perceived as good or well accepted in our shop.

Maybe there is some improvement we need here on getting started.
Opinions and comments welcome?
Regards,
Ray@FCB
Updated on 2009-09-28T13:28:18Z at 2009-09-28T13:28:18Z by JonathanPLawrence
  • SystemAdmin
    SystemAdmin
    23 Posts
    ACCEPTED ANSWER

    Re: CA1S Install Questions/Comments

    ‏2009-09-24T11:01:10Z  in response to SystemAdmin
    I resumed work on this initial install/setup when I walked into my desk at 06:00 AM EDT this morning. Through changes I have generated a ton more errors. So maybe that is progress. I altered the delivered TCPIPService definition to use BASIC authenication and then closed/discarded/reinstalled the TCPIPService/listener into my CICS region. I have "READ" access in RACF to CDICS transaction ID CPIH; therefore, this gets me away from the initial ICH408I by using BASIC authenication in the TCPIPService definition. I am now getting a slew of errors in MSGUSR log stating failures for attempted writes to zFS files. So I am embarking on changing the RWX Owner/User/Other acccess rights to the directory structures in USS. I will continue to report back on my progress and what I discover.
    • Please be aware, I am a new user to this forum so if I am posting to much imformation, not behaving as the forum intends or any other issue that would bring me criticism please let me know.
    Thanks in advance for any feedback provided. I observed there are several individuals that have reviewed my original post.
    Regards,
    Ray
    • SystemAdmin
      SystemAdmin
      23 Posts
      ACCEPTED ANSWER

      Re: CA1S Install Questions/Comments

      ‏2009-09-24T12:40:24Z  in response to SystemAdmin
      OK, now I do have specific questions and results I need assistance with.
      1) I try URL "http://my_hostname:my_port/ca1s/hellocics"
      Yes I did fill in the correct my_hostname:my_port and I get to my CICS.
      I receive error messages from CICS:
      DFHPI0501 09/24/2009 08:06:26 CTORA1 CPIH The CICS Pipeline Manager cannot proceed as the pipeline is unusable. The pipeline was of the wrong type. PIPELINE: CA1SHEL.
      DFHPI0997 09/24/2009 08:06:26 CTORA1 CPIH CA1SHEL The CICS pipeline manager has encountered an error: PIPELINE mode mismatch.

      {Attempted diagnosis on my part]
      1) I find no setup issues at this juncture.
      2) my CCSID in SIT is set to IBM-1047.
      3) My unicode.runtime_encoding = IBM-1047 in my php.ini file.
      I can see nothing wrong?
      I question the line entry in the base XML that reads:
      <provider_pipeline mlns="http://www.ibm.com/software/htp/cics/pipeline">
      My CICS does not have access to any Name Server internal or external.
      Could this be the issue?
      I need some assistance at this point.
      The PIPELINE definition target does not state provider or requestor, so the error message I am receiving does not make a lot of sense to me.
      The PIPELINE definition is installed in CICS and is "enabled" and appears to be OK in my CICS region.
      Thanks in advance for any assistance anyone can provide on this issue.
      I seem to be at a dead end.
      Regards,
      Ray
    • JonathanPLawrence
      JonathanPLawrence
      30 Posts
      ACCEPTED ANSWER

      Re: CA1S Install Questions/Comments

      ‏2009-09-24T13:18:51Z  in response to SystemAdmin
      Hello Ray,

      Thanks for your continued interest in the SupportPac. Your approach to the CICS security issue seems perfectly appropriate as a workaround. The supplied CA1SGRP definitions were only intended as samples and do not take account of security so it would be up to you how to secure the CICS Web Interface in order to access PHP.

      You can also define your own transaction in place of CPIH and secure this as you wish, modifying the other CA1S definitions as appropriate.

      Yes, there will be requirements for the CICS region userid to access the SupportPac directory structure on zFS. This is mentioned in the installation guide under "Unpacking the SupportPac tar file". I would admit that this could be made more obvious.

      The relevant text is:
      "Check permissions for the unpacked files and directories. The CICS region userid must have read and execute access to all files under ca1s/p8, read access to files under ca1s/config and full readwrite access to ca1s/work".
      Please let us know if this does not conform to your experience.

      I think it is helpful to continue using the forum for these posts, at least for the time being, as there may be other people who experience similar issues and the information could be helpful to others.

      Jonathan Lawrence
      Programming Language Runtimes Development
      IBM
  • JonathanPLawrence
    JonathanPLawrence
    30 Posts
    ACCEPTED ANSWER

    Re: CA1S Install Questions/Comments

    ‏2009-09-24T13:05:05Z  in response to SystemAdmin
    Dear Ray,

    To answer your first questions first, I have retried the CSDUP job with the supplied definitions and I did not see an error, please could you attach the input data for your DFHCSDUP job and the JCL you used to enable further diagnosis.

    What version of CICS Transaction Server and z/OS are you running?

    You are right that the sample definitions we supplied with the SupportPac do not take account of security considerations, as they were intended only as samples to allow developers to get started. Your approach to this problem as outlined in your subsequent post seems entirely reasonable.

    Jonathan Lawrence
    Programming Language Runtimes Development
    IBM
    • SystemAdmin
      SystemAdmin
      23 Posts
      ACCEPTED ANSWER

      Re: CA1S Install Questions/Comments

      ‏2009-09-24T13:24:33Z  in response to JonathanPLawrence
      Jonathan,
      Thanks for the reply. I feel pretty dumb at thsi point.
      I did review my DFHCSDUP execution JCL after your post and did find an issue in my JCL. It does work as described.
      I inadvertently selected a set of DFHCSDUP add JCL from a library that I had used in the past. I failed to observe that it contained a STEPLIB that pointed to an older CICS library level(hard coded) that did not use my override version number.
      This was simply a mistake on my part.
      Not a good way to star out on the forum.
      Sorry!
      Ray
      • JonathanPLawrence
        JonathanPLawrence
        30 Posts
        ACCEPTED ANSWER

        Re: CA1S Install Questions/Comments

        ‏2009-09-24T14:03:13Z  in response to SystemAdmin
        Hello Ray,

        Not a problem, I did suspect you might be using a back level CSDUP as I could not see an error in your input data.

        Regarding your pipeline processing problem, this is something which I have seen before, however unfortunately I cannot remember the precise circumstances. It is not connected with the absence of a Name Server, though - the SupportPac does not require a name server.

        Are you by any chance also seeing another message:
        DFHPI0706 Pipeline resolution failed because it could not be determined whether this is a provider or requestor pipeline.
        I believe that the pipeline will not become enabled in this case, however.

        One thing you could also try is to delete and recreate the "shelf" directory used by CICS to store the installed pipeline configuration files, and then reinstall the CA1S pipeline definitions. The location of this directory is specified in the RDO definitions for the pipelines. This directory must be fully accessible (RWX) to CICS and should not contain any old pipeline configuration files.

        I will also investigate further and update the forum with any additional information.

        Jonathan Lawrence
        Programming Language Runtimes
        IBM
        • SystemAdmin
          SystemAdmin
          23 Posts
          ACCEPTED ANSWER

          Re: CA1S Install Questions/Comments

          ‏2009-09-24T17:26:41Z  in response to JonathanPLawrence
          Ok, I have made more progress as follows:
          1) I have added some required libraries to my CICS startup for JVM execution.
          Since I have not been running JVM's in CICS/TS V3.2.0 so far I guess this my first attempt at doing so; so I am not surprised I may be missing something in setup.
          2) I have cleared all known USS permissions issues I have seen.
          Now I have what is hopefully one last hurdle I am having a problem knowing what I am missing.

          I connect to CICS and attempt to start the JVM with program CA1SHNDL.
          The JVM create fails.
          The error message I get states:

          "Error: Port Library failed to initialize"

          This shows in CEEMSG as well as it's shown in the JVM error LOG.

          I cannot find anyting on the Web, in CICS or LE documentation or anywhere yet that give me some insight into what this is trying to tell me or what I may be missing in JAVA/JVM setup/profile/etc.

          Any ideas?
          Thanks,
          Ray
          • JonathanPLawrence
            JonathanPLawrence
            30 Posts
            ACCEPTED ANSWER

            Re: CA1S Install Questions/Comments

            ‏2009-09-28T13:28:18Z  in response to SystemAdmin
            Hello Ray,

            Apologies for the delay in this reply.

            If you have not run Java in CICS TS v3.2 before, I would certainly recommend at least running the Java HelloWorld sample to check your Java setup, before attempting to use the CA1S SupportPac.

            The error you are seeing now does seem to be a configuration or permissions error running the JVM so it would be useful to ensure that basic Java is working correctly before going any further with the SupportPac.

            When you first run a Java program in CICS TS v3.2 you should also see the following message in the CICS log (MSGUSR):
            DFHSJ0540 09/24/2009 16:03:53 IYCQST9A CICS is running Java version 1.5.0.
            It is important that you are running Java 1.5, and this requires CICS PTF PK59577 (check the prereqs in the CA1S documentation, including the Service level of Java).

            The next step would be to attach the JVM profile (CA1SJVMP) which you are using with the SupportPac, and the full text of any log files which are produced (the CICS logs and JVM stdout/stderr files).

            Jonathan Lawrence
            Programming Language Runtimes Development
            IBM