Configuring named angels

Configuring multiple angel processes in an LPAR.

About this task

Liberty V16.0.0.4 added support for concurrent angel processes on the same LPAR. At startup, each angel is identified by a unique name and an angel process with no name is used as the default process.

All Liberty servers, including a IBM® z/OS® Connect server, can be configured to select which angel process is used to provide z/OS authorized services by specifying the name in the property com.ibm.ws.zos.core.angelName. If no angel process name is specified by a Liberty server, then the default process, one with no name is selected. Another property, com.ibm.ws.zos.core.angelRequired can be set to require a successful connection to an angel process for the server startup to continue. If this property is set, and an angel process is not available, the Liberty server stops.

Note:
  1. All files must be EBCDIC encoded.
  2. If you are using both named and unnamed angels, you must define an angel server profile for each.
  3. Ensure that the version of the JCL you use to start the Angel process supports the NAME parameter. Two copies of the sample JCL are provided, hlq.SBAQSAMP(BAQZANGL) and <installation_path>/wlp/templates/zos/procs/bbgzangl.jcl but they provide the same function.
  4. The Liberty documentation describes another method that uses a bootstrap.properties file in the server's configuration directory, but this method is supported only in IBM z/OS Connect V3.0.5 and later. Earlier releases support only the JVM_OPTIONS method.

Procedure

  1. Define SERVER SAF profiles and grant permissions to the SAF user ID that the IBM z/OS Connect server is running under, by issuing the following commands:
    For example, if the angel process is started with a name of PRODUCTION, then a SAF SERVER profile for this name, BBG.ANGEL.PRODUCTION must be defined and the IBM z/OS Connect server that is running under identity USER1 must be given READ access as in the following definition. 
    
RDEFINE SERVER BBG.ANGEL.PRODUCTION UACC(NONE) OWNER(SYS1) 
PERMIT BBG.ANGEL.PRODUCTION CLASS(SERVER) ACCESS(READ) ID(USER1) 
SETROPTS RACLIST(SERVER) REFRESH
    Tip: You can use generic profiles such as BBG.ANGEL.* to grant a user ID access to multiple named angels.

    The SETROPTS command is issued to refresh the profiles.

  2. Restart IBM z/OS Connect to use the new profile.
  3. Define a named angel by coding the NAME parameter of the operator START command.
    The angel name can be 1 - 54 characters in length, and must use only the following characters: 0-9 A-Z ! # $ + - / : < > = ? @ [ ] ^ _ ` { } | ~ The angel name must be unique on the LPAR. Two angels with the same name cannot be running concurrently on the LPAR. You can have a maximum of 4092 named angels on an LPAR.

The following steps are required only if you run IBM z/OS Connect as a stand-alone server.

If you run IBM z/OS Connect embedded in CICS®, you must add these directives to the JVMServer profile that is configured for the IBM z/OS Connect server.

Choose one of the following methods to configure the server for named angels. Choose either JVM_OPTIONS or bootstrap properties.

  1. Optional: Use JVM_OPTIONS to configure the server for named angels.
    1. Create a file called <name>.options in the IBM z/OS Connect Liberty server configuration directory.
      This file defines the Java™ system properties com.ibm.ws.zos.core.angelName and com.ibm.ws.zos.core.angelRequired. In this example, the angel name is PRODUCTION. The angel name is case-sensitive and must be all uppercase. For example,
      
-Dcom.ibm.ws.zos.core.angelName=PRODUCTION
-Dcom.ibm.ws.zos.core.angelRequired=true
    2. Edit the JVM_OPTIONS parameter of the STDENV JCL procedure to add a reference to this options file. 
      
 //STDENV   DD   *                                                      
 _BPX_SHAREAS=YES                                                       
 JAVA_HOME=/usr/lpp/java/J8.0_64/                                       
 WLP_USER_DIR=/var/zosconnect                                           
 JVM_OPTIONS=-Xoptionsfile=/var/zosconnect/servers/<serverName>/<name>.options  
 //*
  2. Optional: Use bootstrap properties file to configure the server for named angels.
    1. Edit the bootstrap.properties file in the server configuration.
      If you do not already have a file called bootstrap.properties in the IBM z/OS Connect server configuration directory, create one now. The file can be in ASCII or EBCDIC. This file defines the properties com.ibm.ws.zos.core.angelName and com.ibm.ws.zos.core.angelRequired. The angel name is case-sensitive and must be all uppercase.
      For example, if the angel name is PRODUCTION, then the bootstrap.properties file would contain the following statements,
      
com.ibm.ws.zos.core.angelName=PRODUCTION
com.ibm.ws.zos.core.angelRequired=true
  3. Optional: Restrict the z/OS authorized services required by the IBM z/OS Connect server.
    Modify the property com.ibm.ws.zos.core.angelRequiredServices in the bootstrap.properties file as described in Configuring the Liberty Angel process and z/OS authorized services.

Results

When IBM z/OS Connect starts with the com.ibm.ws.zos.core.angelRequired property set, an angel process is requested. If the Liberty server cannot reach an angel process, it stops. Because com.ibm.ws.zos.core.angelName is also defined, the Liberty server attempts to connect to that specific angel process, in this case, PRODUCTION. If Liberty fails to connect to the PRODUCTION angel process, it stops. If you have com.ibm.ws.zos.core.angelRequired but you don't specify a value for com.ibm.ws.zos.core.angelName, the Liberty server connects to any angel it can. If it cannot reach any angel process, it stops.