Preparing zFS for platforms
Before you can create and deploy a platform, you must configure your platform home directory in zFS. Create a dedicated file system, set up the file system security, and set up FTP security for access from CICS Explorer®.
- Create a z/OS® UNIX file system data set to use
as the zFS platform home directory. The purpose of this is to create a dedicated file system for use by all CICS® regions in the platform.Note: The default platform home directory is /var/cicsts/CICSplex/platform1, where CICSplex is the name of the CICSplex where the platform will be installed, and platform1 is the name of your platform. Keep this default as a best practice. If you need to use a different directory as the platform home directory, you must change the platform bundle to specify the alternative directory name using the platform editor after you create the CICS Platform project.
- If you are using non-shared zFS, mount the data set onto /var as /var/cicsts, as a read-write file system.
- If you are using a shared file system in a multi-system (LPAR) environment, mount the data set onto the root file system (/) as /cicsts, and then for each system that requires access, create a symbolic link from /var/cicsts to the shared /cicsts directory.
- If you have a multi-system or cross-sysplex environment where file systems cannot be shared between all the systems, duplicate the structure that you set up for the platform home directory in each of the zFS file systems. You will need to ensure that the contents of the platform home directory are duplicated to each of the zFS file systems whenever you export a platform, application, or CICS bundle. You can repeat the export process in CICS Explorer and select the appropriate z/OS connection for each individual file system.
- If the directories do not already exist, create the /var/cicsts/CICSplex and /var/cicsts/CICSplex/platform1 subdirectories.
If you are using CICS Explorer, these directories are created for you. If you are not using CICS Explorer, you must create the /CICSplex and /platform1 directories.
- Set up file system security. This file system security ensures that all CICS regions in the platform, including the CICSPlex® SM CMAS regions, can read the bundle files in the platform home directory.
- Change the owner of the directories in /var/cicsts to the user ID that is used to create the bundle files.
- Change the group ownership of the directories in /var/cicsts to a group that all the CICS regions in the platform belong to.
- Give the owner of the directories read, write, and execute
permissions, and give the group read and execute permissions.
- Optional: If write access is required by multiple administrator user IDs, or read access is required by different groups, you can use UNIX System Services (USS) access control list (ACL) entries to add additional group or owner permissions. You can achieve this by activating the FSSEC resource class and by using the setfacl command.
- Set up FTP security. This level of security ensures that bundles exported from CICS Explorer can be written to the platform home directory on zFS, and read by all the CICS regions in the platform.
- Set the file mode creation mask for the z/OS FTP daemon to ensure that the owner has
write permissions and the group has read permissions. To configure this, use the UMASK statement in the FTP.DATA configuration file.
- Optional: If you are also using ACL entries to control security, ensure that the default ACLs are inherited from the zFS platform home directory, for example /var/cicsts/CICSplex/platform1, where CICSplex is the name of your CICSplex and platform1 is the name of your platform.
- Set the file mode creation mask for the z/OS FTP daemon to ensure that the owner has write permissions and the group has read permissions.
Your zFS environment is now configured with the correct directories and permissions.
You can now create a platform bundle using a CICS Platform project in CICS Explorer.