Enabling sysplex support
With the sysplex support enabled, Debug Manager can establish communication between the client and the debugger if the LPAR that the client is connected to via RSE and the LPAR with a started debug session are different.
To enable sysplex support, complete the following steps:
- Ensure that Debug Manager is configured in all LPARs that the debugger runs on or that the user connects to via RSE.
- Start
Debug Manager instances on all LPARs with
HUBIP
andHUBPORT
parameters equal to the IP address and port number of one of the LPARS. That LPAR will become a primary node and the others will connect to it and act as secondary nodes. Any instance that fails to bind or connect will continue to work stand-alone on its LPAR, periodically trying to connect to the hub. If you want to change the primary node assignment when Debug Manager is running, you can use the Debug Manager console command H. For more information on how to start Debug Manager with a configuration file, see Running Debug Manager as a started task with a configuration file.
Below is how it works after sysplex support is enabled:
- Secondary nodes connect to the primary node.
- The primary instance is notified when a debug session is started in an LPAR but no RSE connection can be found.
- The primary node finds the LPAR with an active RSE connection and connect it to the LPAR where the debug session is waiting.
Trusted TCP authentication for sysplex connections
Starting from 16.0.4, Debug Manager supports
authentication of other Debug Manager instances
connecting to its hub port by using Trusted TCP. To enable it in Debug Manager, set the TRUSTEDTCP
parameter to
ON
and enter the following RACF commands or their equivalents in other
security
products:RDEFINE SERVAUTH EZB.IOCTL.sysname.tcpprocname.PARTNERINFO UACC(NONE)
PERMIT EZB.IOCTL.sysname.tcpprocname.PARTNERINFO CLASS(SERVAUTH) ID(dbgmgrSTCUser) ACCESS(READ)
SETROPTS RACLIST(SERVAUTH) REFRESH
RDEFINE SERVAUTH EZBDOMAIN APPLDATA('EQAZPCMDOMAIN')
SETROPTS RACLIST(SERVAUTH) REFRESH
You can use wildcards in the values for
sysname and tcpprocname.For more information about these commands, see Steps for retrieving partner security credentials.
Note: Debug
Manager instances on all LPARS must be started under the same user ID.