rseapi.env, the RSE API configuration file

The RSE API server processes use the definitions in rseapi.env.

rseapi.env is located in /etc/zexpl/, unless you specified a different location when you customized and submitted the HUH.SHUHSAMP(HUHSETUP) job. For more details, see Customization setup. You can edit the file with the TSO OEDIT command.

See the following sample rseapi.env file, which can be customized to match your system environment. Default values are provided for all variables that are not explicitly specified. The syntax of the file follows standard z/OS® UNIX shell syntax rules. For example, comments start with a number sign (#) when using a US code page, and spaces around the equal sign (=) are not supported.

Note:
  • For your changes to take effect, the RSEAPI started task must be restarted.
  • The rse.env configuration file of requisite product IBM® Explorer for z/OS is processed before rseapi.env is processed. Therefore, in rseapi.env, you can use variables that are defined in rse.env.
  • Variable RSEAPI_CFG is set by the caller and can be used inside rseapi.env.
Figure 1. rseapi.env: RSE API configuration file
#
# rseapi.env - RSE API environment variables
#

#=============================================================
# optional definitions, defaults provided if not specified
#=============================================================

# Directory where RSE API is installed
#-------------------------------------------------------------
#RSEAPI_HOME=/usr/lpp/IBM/rseapi

# Directory where Java is installed (default set in rse.env)
#-------------------------------------------------------------
#JAVA_HOME=${JAVA_HOME:-/usr/lpp/java/J11.0_64}

# RSE API server and JES Job Monitor ports
#-------------------------------------------------------------
#RSEAPI_PORT_HTTP_1=6800
#RSEAPI_PORT_SHUTDOWN_1=60800
#RSEAPI_JMON_PORT_1=$_RSE_JMON_PORT

# Security class where HUH.* profiles are defined
#-------------------------------------------------------------
#RSEAPI_HUH_SAF_CLASS=${_RSE_FEK_SAF_CLASS:-FACILITY}

# Encrypted communication details
#-------------------------------------------------------------
# Use this for a SAF keyring owned by the started task user ID
#RSEAPI_KEYRING="SAF.ring"
# Use this for another SAF keyring or a keystore file
#RSEAPI_KEYSTORE_FILE="safkeyringjce://$(id -un)/$RSEAPI_KEYRING"
#RSEAPI_KEYSTORE_PASS="password"
#RSEAPI_KEYSTORE_TYPE="JCERACFKS"

# When using AT-TLS, the server must run with SECURE=false
#RSEAPI_USING_ATTLS=false

#RSEAPI_SSL_ENABLED_PROTOCOLS=TLSv1.2
#RSEAPI_SSL_CIPHERS=

# Directory where RSE API logs are stored
#-------------------------------------------------------------
#RSEAPI_LOGS=$RSE_LOGS

# Work directory for RSE API
#-------------------------------------------------------------
#RSEAPI_DATA=/var/zexpl/rseapi

# Work directory for Apache Tomcat server
#-------------------------------------------------------------
#RSEAPI_WORKDIR=$RSEAPI_DATA/rseapi_WORK

# Location of rse.env if not in $RSEAPI_CFG
#-------------------------------------------------------------
#RSE_CFG=

# Location for temporary catalina data
#-------------------------------------------------------------
#CATALINA_TMPDIR=$TMPDIR

# RSE API connector protocol
#-------------------------------------------------------------
#RSEAPI_HTTP_PROTOCOL=HTTP/1.1

# JWT support during port sharing
# Not applicable for Basic or RACF JWT Bearer authentication
#-------------------------------------------------------------
#RSEAPI_SHARED_JWT_HMAC=false

# Maximum file size for GET request (in KB)
#-------------------------------------------------------------
#RSEAPI_MAX_FILE_SIZE_KB=3072

# Default host encoding
#-------------------------------------------------------------
#RSEAPI_HOST_ENCODING=IBM-1047

# Include tracing for exceptions in stderr
#-------------------------------------------------------------
#RSEAPI_TRACE_EXCEPTIONS=true

# Logging detail level for Apache Tomcat logger handles
# Value: {SEVERE|WARNING|INFO|CONFIG|FINE|FINER|FINEST|ALL}
#-------------------------------------------------------------
#RSEAPI_LOG_LEVEL=SEVERE

# Debug level of server common logging
# Value: {ERROR|WARN|INFO|DEBUG|EXCEPTION}
#-------------------------------------------------------------
#RSEAPI_SERVER_LOG_LEVEL=WARN

# Buffer size for rawContent uploads and downloads (in bytes)
#-------------------------------------------------------------
#RSEAPI_FILE_BUFFER_SIZE=51200

# Maximum number of members to show in members and memberAttrs query
#-------------------------------------------------------------
#RSEAPI_MAX_NUM_TO_SHOW=20000

# User idle shutdown timeout (in ms)
#-------------------------------------------------------------
#DSTORE_IDLE_SHUTDOWN_TIMEOUT=3600000

# Override the option to use threaded miners. By default,
# RSE API creates a separate thread for each miner, per user.
# When set to false, the number of overall threads used is reduced.
#-------------------------------------------------------------
#DSTORE_USE_THREADED_MINERS=false

# Override RSE API authentication to use Zowe ML (for Zowe SSO scenarios)
# If Zowe ML is being used as a gateway, this option causes
# RSE API delegate authentication.  The ZOWE_ML variable needs
# to point to a valid Zowe ML URL of the form:
#     https://<host>:<port>/
#-------------------------------------------------------------
#ZOWE_ML=<Zowe ML Base URL>

# Override this option to specify a custom MVS mappings file
# location. The default location is:
#     $RSEAPI_CFG/mvsMappings.json
#-------------------------------------------------------------
#RSEAPI_MVS_MAPPING_FILE=<Path to mvsMappings JSON file>

# Use this option to specify cors.allowed.origins
# The value of an entry should be of the form:
#     http(s)://<host>:<port>
# For multiple origins, use comma separated values
#-------------------------------------------------------------
#CORS_ALLOWED_ORIGINS=http://localhost:8080

# Options to define the Tomcat server valve configuration
# Supported: Semaphore Valve concurrency. 
# 1. For all requests. Default to 150.
#----------------------------------
#RSEAPI_SEM_VALVE_CONCURRENCY=150

# 2. For auth requests except logout. Default to 100.
#----------------------------------
#RSEAPI_SEM_VALVE_AUTH_CONCURRENCY=100

# Options to enable SAF JWT support
# Default to true.
#-------------------------------------------------------------
#RSEAPI_SAF_JWT=true

# Option to configure internal JWT lifetime
# This setting applies only to internal JWTs, not SAF JWTs
# Default is 8 hours (28800000 ms)
# RSEAPI_JWT_LIFETIME=28800000

# Interval in minute to enforce user to login using user ID and password.
# The default is 8hr.
#-------------------------------------------------------------
#RSEAPI_USER_PASS_INTERVAL_MINS=480

# Options to enable the redirect feature.
# 1. To enable the redirect filter. Default to false.
#    To enable the auto-scaling overflow feature. Default to false.
#-------------------------------------------------------------
#RSEAPI_REDIRECT_ENABLE=true
#RSEAPI_OVERFLOW_ENABLE=true

# 2. To define the overflow-servers chains.
#    Startup and shutdown port numbers of each server with the
#    specified server number must be defined correspondingly.
#
#    RSEAPI_OVERFLOW_FOR_n=m   # 'm' is direct overflow server
#                              # for server 'n'
#-------------------------------------------------------------
# For primary server number 1
#RSEAPI_OVERFLOW_FOR_1=2
#RSEAPI_OVERFLOW_FOR_2=3
#RSEAPI_OVERFLOW_FOR_3=4

# 3. To define the resource thresholds to monitor or to overflow
#    a request
#-------------------------------------------------------------
#RSEAPI_MAX_MEM_USED_PC=80
#RSEAPI_MAX_MEM_USED_PERIOD_SEC=60

#RSEAPI_MAX_USERS=50
#RSEAPI_MAX_THREADS=1200

# 4. To configure the checking interval and properties for the
#    direct overflow server.
#-------------------------------------------------------------
#RSEAPI_OVERFLOW_SPAWN_WAIT_MSEC=3000
#RSEAPI_OVERFLOW_CHECK_MINUTE=2
#RSEAPI_OVERFLOW_PORT_IN_USE_RECHECK=true


# Enable the following option to support trusted tcp/ip clients
# that are already logged into the same z/OS system.  In order for
# this to work, /usr/lib/libEZBTrustedPartner.so (or /usr/lib/libEZBTrustedPartner64.so)
# must be configured to be program controlled.  If you're not able to
# modify those files under /usr/lib, they could be copied and modified in
# a separate library that comes earlier in your LIBPATH
#-------------------------------------------------------------
#RSEAPI_SUPPORT_TRUSTED_TCP=true

# The SPIRIT settings are used to control memory cleanup within active
# user sessions.
# SPIRIT_INTERVAL_TIME indicates how long (in seconds) to wait before
# checking a queue of elements flagged for removal.
# SPIRIT_EXPIRY_TIME indicates how long (in seconds) to wait before a
# queued element is removed.
#-------------------------------------------------------------
#DSTORE_SPIRIT_ON=true
#SPIRIT_INTERVAL_TIME=60
#SPIRIT_EXPIRY_TIME=60


# Enable (TRUE) ISPF Interactive Gateway, default is set in rse.env.
#-------------------------------------------------------------
#CGI_CEATSO=TRUE

# Override the default ISPF Interactive Gateway setting for
# a specific server instance. i.e. CGI_CEATSO_<server number>=<TRUE|FALSE>
#-------------------------------------------------------------
#CGI_CEATSO_1=FALSE
#CGI_CEATSO_2=TRUE

# Disable (FALSE) ISPF Interactive Gateway keepalive, default is
# set in rse.env.
#-------------------------------------------------------------
#CGI_CEATSO_KEEPALIVE=FALSE

# Set fixed values for ISPF Interactive Gateway, default is in SAF
# TSO segment for user
#-------------------------------------------------------------
#RSEAPI_CGI_CEATSO_PROCNAME=
#RSEAPI_CGI_CEATSO_ACCOUNT_NUMBER=
#RSEAPI_CGI_CEATSO_GROUP_ID=
#RSEAPI_CGI_CEATSO_REGION_SIZE=

# Override fixed values for ISPF Interactive Gateway for a specific
# server instance. i.e. RSEAPI_CGI_CEATSO_<property>_<server number>
#-------------------------------------------------------------
#RSEAPI_CGI_CEATSO_PROCNAME_2=
#RSEAPI_CGI_CEATSO_ACCOUNT_NUMBER_2=
#RSEAPI_CGI_CEATSO_GROUP_ID_2=
#RSEAPI_CGI_CEATSO_REGION_SIZE_2=

# To enable the Common Properties service, this variable needs to
# set to a shared UNIX directory on the system.
#-------------------------------------------------------------
#RSE_COMMON_PROPERTIES=

# Override the Common Properties shared folder for a specific
# server instance.  i.e. RSE_COMMON_PROPERTIES_<server number>=
#-------------------------------------------------------------
#RSE_COMMON_PROPERTIES_1=
#RSE_COMMON_PROPERTIES_2=

# To enable the private Common Properties service, this variable
# needs to set to a UNIX directory relative to a given user
# home directory.  Private Common Properties for a user will be
# stored under /<user home>/RSE_COMMON_PROPERTIES_PRIVATE_RELATIVE
#-------------------------------------------------------------
#RSE_COMMON_PROPERTIES_PRIVATE_RELATIVE=private_common_properties

# Override the Common Properties namespace cache capacity value.
# The default value is 10 if not set.
#----------------------------------
#RSE_COMMON_PROPERTIES_CACHE_CAPACITY=10

# To control cache validity period when using the Common Properties
# service, the following variable can be overridden.  This value
# is the time in milliseconds a cached version of a namespace will
# be considered valid.
#-------------------------------------------------------------
#RSE_COMMON_PROPERTIES_TIMEOUT=5000

# Override the default JSON output processing for pretty (processed)
# output. This boolean value represents false for unprocessed JSON
# output all on a single line without indentation and breaks. True
# represents processed and formatted JSON output.
#----------------------------------
#RSEAPI_JSON_PRETTY_OUTPUT=false

# Disable data set migration, recall and deletion of migrated data set.
# The default value is false.
#-------------------------------------------------------------
#DISABLE_MIGRATE_HRECALL_HDELETE=false

# Override the default time zone to customize the display of time zone
# for dates/times. Examples include UTC, EST, America/Los_Angeles,
# PST, GMT,Japan, UTC, America/Toronto, CDT, or MDT.
# The default value will be current system time zone
#----------------------------------
#DATE_DISPLAY_TIMEZONE=

# Override the default enablement for the basic authentication. 
# Uncomment and specify false if basic authentication should
# be disabled.
# The default value is true.
#----------------------------------
#RSEAPI_ENABLE_HEADER_BASIC_AUTH=

# Override whether RSE creates temporary backup files during upload. 
# The default value is true.
#----------------------------------
#DSTORE_UNIX_BACKUP_FILES=true

# When the backup files option is on, this option can be used to store 
# the temporary backup files within the host user logs folder rather than
# in the same folder as the file being uploaded.
# The default value is true.
#----------------------------------
#DSTORE_UNIX_BACKUP_IN_USER_LOGS=true

# When the backup files option is on, this option indicates whether
# to keep a backup file after an upload completes.
# The default value is false.
#----------------------------------
#DSTORE_UNIX_KEEP_BACKUP_FILES=false

# Use this variable to set the LUNAME 
# when one is required by TN3270.
# The default has no LUNAME.
#-------------------------------------------------------------
#RCE_LUNAME=

# Whether or not to enable the
# remote connection emulator.
# The default is true.
#-------------------------------------------------------------
#RCE_ENABLE=true

# The host port to use when creating a remote
# emulator connection.
# The default is 23
#-------------------------------------------------------------
#RCE_PORT=23

# Whether or not to use a secure connection when
# connecting from the server application
# to the remote emulator.
# The default is false.
#-------------------------------------------------------------
#RCE_SECURITY=false
The following definitions are optional. If omitted, default values are used.
RSEAPI_HOME
RSE API home directory. The default is the directory specified in the HOME variable of the RSEAPI started task (default /usr/lpp/IBM/rseapi). Uncomment and change to match your RSE API installation.
Note: RSE API startup will fail if RSEAPI_HOME is not equal to the HOME variable of the RSEAPI started task.
JAVA_HOME
Java home directory. The default is inherited from the definition in rse.env. Uncomment and change to match your Java installation.
Note: rse.env is shared with the RSED started task of prerequisite z/OS Explorer (FMID HALGxxx). RSED still supports Java 8.0, while RSE API requires at least Java 11.0.
RSEAPI_PORT_HTTP_1
RSE API port for server 1. The default is 6800. Uncomment and change to match your setup.
Note:
  • Before selecting a port, verify that the port is available on your system by using the TSO commands NETSTAT and NETSTAT PORTL.
  • This port is used for client-host communication.
  • The number in this variable name (RSEAPI_PORT_HTTP_<num>) corresponds to the value of the SRVNUM variable in the started task. For example, RSEAPI_PORT_HTTP_3 is used when launching a server with SRVNUM=3. If you are starting RSE API via the z/OS UNIX command line, it corresponds to the value of the -P or -S startup argument.
RSEAPI_PORT_SHUTDOWN_1
RSE API shutdown port for server 1. The default is 60800. Uncomment and change to match your setup.
Note:
  • Before selecting a port, verify that the port is available on your system by using the TSO commands NETSTAT and NETSTAT PORTL.
  • This port is used to shut down the RSE API server via the z/OS Unix command line.
  • The number in this variable name (RSEAPI_PORT_SHUTDOWN_<num>) corresponds to the value of the SRVNUM variable in the started task. For example, RSEAPI_PORT_SHUTDOWN_3 is used when launching a server with SRVNUM=3. If you are starting RSE API via the z/OS UNIX command line, it corresponds to the value of the -P or -S startup argument.
RSEAPI_JMON_PORT_1

RSE API JES Job Monitor port for server 1. The default is the JES Job Monitor port from the base RSE configuration, for example defined with variable _RSE_JMON_PORT in rse.env. Uncomment and change to match the port number of a different specific JMON server.

Note: The number in this variable name (RSEAPI_JMON_PORT_<num>) corresponds to the value of the SRVNUM variable in the started task. For example, RSEAPI_JMON_PORT_3 is used for server with SRVNUM=3. If you are starting RSE API via the z/OS UNIX command line, it corresponds to the value of the -P or -S startup argument. If not set, the port from the base configuration will be used.
RSEAPI_HUH_SAF_CLASS

Specifies the security class where HUH.* profiles are defined. The default value depends on definitions in requisite product Z Explorer (FMID HALGxxx). If variable _RSE_FEK_SAF_CLASS is defined in rse.env, then the default matches the value of that variable, otherwise the default is FACILITY. Uncomment and change to use the specified value.

RSEAPI_KEYRING

Specifies the name of the SAF key ring that holds the server certificate and private key for HTTPS encrypted communication. The default value is SAF.ring. Uncomment and change to use the specified value.

Note: This variable is not used when the RSEAPI started task specifies SECURE='false' as startup argument.
RSEAPI_KEYSTORE_FILE

Specifies the name of the fully qualified SAF key ring or KeyStore file (deprecated) that holds the server certificate and private key for HTTPS encrypted communication. The default value is set to JCERACFKS keystore type safkeyringjce://$(id -un)/$RSEAPI_KEYRING, which results in using the SAF key ring specified in variable RSEAPI_KEYRING, owned by the RSEAPI started task user ID. Uncomment and change to use the specified value. For JCECAARACFKS keystore, use the prefix safkeyringjcecaa for this parameter, and configure the Java security file and RSEAPI_KEYSTORE_TYPE parameter as mentioned below.

Note: This variable is not used when the RSEAPI started task specifies SECURE='false' as startup argument.
RSEAPI_KEYSTORE_PASS

Specifies the password that is needed to access the KeyStore file (deprecated) referenced by variable RSE_API_KEYSTORE_FILE. When RSE_API_KEYSTORE_FILE references a SAF key ring, the value for RSEAPI_KEYSTORE_PASS must be password. Note that access to the SAF key ring is secured using security permits, not this password. The default value is password. Uncomment and change to use the specified value.

Note: This variable is not used when the RSEAPI started task specifies SECURE='false' as startup argument.
RSEAPI_KEYSTORE_TYPE
Specifies what type of SAF key ring or KeyStore file (deprecated) is referenced by variable RSE_API_KEYSTORE_FILE. The default value is JCERACFKS (with the provider IBMZSecurity), which indicates a SAF key ring where the private key is stored in the security database. Uncomment and change to use the specified value. To use JCECAARACFKS keystore, set this parameter to JCECAARACFKS, configure the java.security to use IBMJCECAA provider properly as mention in (Optional) ssl.properties, the RSE encrypted communication, and use the corresponding prefix for the RSAPI_KEYSTORE_FILE parameter as mentioned above.
Note: This variable is not used when the RSEAPI started task specifies SECURE='false' as startup argument.
RSEAPI_USING_ATTLS
When true, this variable specifies that Application Transparent Transport Layer Security (AT-TLS) is responsible for managing HTTPS encrypted communication, in which case the RSEAPI started task must specify SECURE='false' as startup argument. When false, the RSEAPI started task is responsible for managing HTTPS encrypted communication. Valid values are true and false. The default value is false. Uncomment and change to use the specified value.
Note: RSE API currently cannot detect if AT-TLS is actually encrypting the communication. It is up to the system administrator to ensure this is the case when RSEAPI_USING_ATTLS is set to true.
RSEAPI_SSL_ENABLED_PROTOCOLS
A comma (,) separated list of encryption protocol names that are supported for HTTPS encrypted communication. Valid values are defined by the IBMJSSE2 security provider and are documented in the Security Guide of IBM SDK, Java Technology. Note that the usage of keywords that represent multiple protocols is not supported. The default value is TLSv1.2, which results in accepting only the TLS v1.2 protocol. Uncomment and change to use the specified value.
Note: This variable is not used when the RSEAPI started task specifies SECURE='false' as startup argument.
RSEAPI_SSL_CIPHERS
A comma (,) separated list of encryption cipher suite names that are allowed for HTTPS encrypted communication. Valid values are defined by the IBMJSSE2 security provider and are documented in the Security Guide of IBM SDK, Java Technology. The default depends on the encryption protocol selected with variable RSEAPI_SSL_ENABLED_PROTOCOLS. Uncomment and change to use the specified value.
Note: This variable is not used when the RSEAPI started task specifies SECURE='false' as startup argument.
RSEAPI_LOGS
The root for the RSE API log directory. The default is $RSE_LOGS that is the root for the log directory used by the requisite product IBM Explorer for z/OS. The log of each instance of RSE API resides in $RSEAPI_LOGS/${RSEAPI_PORT_HTTP_<num>}.<num>. For example, if server 1 is on port 6800, then the logs will be in $RSEAPI_LOGS/6800.1.

Uncomment and change to use the specified path.

RSEAPI_DATA
RSE API data location. The default is /var/zexpl/rseapi. Uncomment and change to use the specified path.
Note: If you did not use the SHUHSAMP(HUHSETUP) sample job to build the customizable environment, verify that the last directory in the path specified in RSEAPI_DATA has read, write, and execute permission for owner, group, and other (permission bitmask 777).
RSEAPI_WORKDIR
RSE API work directory. The default is $RSEAPI_DATA/rseapi_WORK. Uncomment and change to use the specified path.
Note: If you did not use the SHUHSAMP(HUHSETUP) sample job to build the customizable environment, verify that the last directory in the path specified in RSEAPI_DATA has read, write, and execute permission for owner, group, and other (permission bitmask 777).
RSE_CFG
Directory holding rse.env, the configuration file of requisite product IBM Explorer for z/OS. The default is a null string, which results in using the value of variable RSEAPI_CFG. RSEAPI_CFG is set in the RSEAPI started task. Uncomment and change to match your z/OS Explorer setup.
Note: RSE API startup will fail if RSE_CFG is not equal to the RSECFG variable of the RSEAPI started task.
CATALINA_TMPDIR
Specifies the path used to store temporary files. The default is $TMPDIR. Uncomment and change to use the specified path.
RSEAPI_HTTP_PROTOCOL
RSE API protocol. The default is HTTP/1.1. Uncomment and change to match your setup.
RSEAPI_SHARED_JWT_HMAC

For Java JWT, use RSEAPI_SHARED_JWT_HMAC to enable or disable a shared JWT among multiple RSEAPI started tasks that are port sharing. The default is false. Uncomment and specify true to enable this setting.

Note: When user ID and password are used for basic authentication or server running in SAF JWT mode, RSEAPI_SHARED_JWT_HMAC is not used.
RSEAPI_MAX_FILE_SIZE_KB
The maximum file size for the GET request in kilobytes. The default is 3072. Uncomment and change to use the specified value.
RSEAPI_HOST_ENCODING
The host encoding of remote z/OS resources. The default is IBM-1047. Uncomment and change to use the specified value.
RSEAPI_TRACE_EXCEPTIONS
When RSE API end points hit expected or unexpected exceptions, it can trace those exceptions to stderr. Use RSEAPI_TRACE_EXCEPTIONS to enable tracing to stderr. The default is false. Uncomment and specify true to enable this setting.
RSEAPI_LOG_LEVEL
Detail level for the Apache Tomcat logger. The default is SEVERE, which logs error messages only. Uncomment and change to use the specified value. Valid values are SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST, and ALL.

For more information about logging levels, see The Level class.

RSEAPI_SERVER_LOG_LEVEL
The detail level for RSE API common logs. The default is WARN, which logs warning and error messages only. Uncomment and change to use a specific value. Valid values are ERROR, WARN, INFO, DEBUG, and EXCEPTION.
Note:
  • Higher log levels, such as INFO or DEBUG, might cause excessive server logging activity and performance degradation. Use these levels with caution.
  • To dynamically modify the debug level during the server runtime, use the API PUT command admin/serverLogLevel and the query parameter logLevel with a valid value. This command requires admin privilege. For example, /rseapi/api/v1/admin/serverLogLevel?logLevel=DEBUG.
RSEAPI_FILE_BUFFER_SIZE
The buffer size in bytes to use when uploading and downloading raw content. The default is 51200. Uncomment and change to use the specified value.
RSEAPI_MAX_NUM_TO_SHOW
The maximum number of members to show in the dataset members and memberAttrs queries. Uncomment and change to use the specified value. Default to 20,000. Specify 0 to set as no limit, used with caution with respect to the expected result size and server load.
DSTORE_IDLE_SHUTDOWN_TIMEOUT
The option to disconnect users who are idle for the listed number of milliseconds. Default is 3600000 ms which equals to 1 hour. Uncomment and change to use the specified value.
DSTORE_USE_THREADED_MINERS
The option to use threaded miners. By default, it is set to true. RSE API creates a separate thread for each miner per user. To reduce the number of overall threads used, uncomment and overwrite to false.
ZOWE_ML
The option to use Zowe Mediation Layer for Zowe SSO scenarios as RSE API authentication. By default, the ZOWE_ML option is not set. If it is set, RSE API delegates authentication to the Zowe Mediation Layer. Any authentication calls are forwarded to Zowe Mediation Layer, and RSE API works with the Zowe Mediation Layer bearer tokens. The expected use case is for SSO scenarios where a user wants to use a single JWT for all host services, for example, with Zowe on-boarding.
The ZOWE_ML option needs to point to a valid Zowe ML URL of the form: https://<host>:<port>/. Uncomment and use the specified URL.
RSEAPI_MVS_MAPPING_FILE
The option to define the location of the MVS mappings file. The MVS mappings file describes how data sets and members map to host encodings, file extensions, and transfer types. When this option is not explicitly set, the default location is $RSEAPI_CFG/mvsMappings.json. When RSE APIs are used to download or upload MVS content, these mappings determine the defaults for the transfer mode and host encoding. A client can perform the following tasks:
  • Use the GET /datasets/mappings API to retrieve the all the mappings.
  • Use the GET /datasets/{dsn}/members API with the optional HTTP request header Mapping=true to include the corresponding mappings when retrieving a list of members.
If the MVS mappings file does not exist, RSE API generates a default file. The default file looks like this:
{
  "mappings": [
    {
      "extension": "cpy",
      "transfer": "text",
      "resource": "**CPY"
    },
    {
      "extension": "pli",
      "transfer": "text",
      "resource": "**PLI"
    },
    {
      "extension": "asm",
      "transfer": "text",
      "resource": "**ASSEMBLE"
    },
    {
      "extension": "obj",
      "transfer": "binary",
      "resource": "**OBJ"
    },
    {
      "extension": "exe",
      "transfer": "binary",
      "resource": "**LOAD"
    },
    {
      "extension": "cmd",
      "transfer": "text",
      "resource": "**CLIST"
    },
    {
      "extension": "jcl",
      "transfer": "text",
      "resource": "**JCL"
    },
    {
      "extension": "cmd",
      "transfer": "text",
      "resource": "**SIGYCLST"
    },
    {
      "extension": "jcl",
      "transfer": "text",
      "resource": "**CNTL"
    },
    {
      "transfer": "text",
      "resource": "**LISTING",
      "encoding": "IBM-1047"
    },
    {
      "extension": "out",
      "transfer": "text",
      "resource": "**OUTLIST"
    },
    {
      "extension": "inc",
      "transfer": "text",
      "resource": "**INCLUDE"
    },
    {
      "extension": "mac",
      "transfer": "text",
      "resource": "**MACRO"
    },
    {
      "extension": "rex",
      "transfer": "text",
      "resource": "**REXX"
    },
    {
      "extension": "rex",
      "transfer": "text",
      "resource": "**EXEC"
    },
    {
      "extension": "err",
      "transfer": "binary",
      "resource": "**ERRWDZ",
      "encoding": "UTF-16BE"
    },
    {
      "extension": "cpy",
      "transfer": "text",
      "resource": "**COPYLIB"
    },
    {
      "extension": "xml",
      "transfer": "text",
      "resource": "**XML",
      "encoding": "IBM-1047"
    },
    {
      "extension": "bms",
      "transfer": "text",
      "resource": "**BMS"
    },
    {
      "extension": "c",
      "transfer": "text",
      "resource": "**.C",
      "encoding": "IBM-1047"
    },
    {
      "extension": "cpp",
      "transfer": "text",
      "resource": "**.CPP",
      "encoding": "IBM-1047"
    },
    {
      "extension": "asm",
      "transfer": "text",
      "resource": "**ASM"
    },
    {
      "extension": "h",
      "transfer": "text",
      "resource": "**.H",
      "encoding": "IBM-1047"
    },
    {
      "extension": "hpp",
      "transfer": "text",
      "resource": "**.HPP",
      "encoding": "IBM-1047"
    },
    {
      "extension": "err",
      "transfer": "binary",
      "resource": "**ERRRDZ**",
      "encoding": "UTF-16BE"
    },
    {
      "extension": "scl",
      "transfer": "text",
      "resource": "**SCLLIB"
    },
    {
      "extension": "jcl",
      "transfer": "text",
      "resource": "**JCLLIB"
    },
    {
      "extension": "jcl",
      "transfer": "text",
      "resource": "**PROCLIB"
    },
    {
      "extension": "azucfg",
      "transfer": "binary",
      "resource": "**AZUCFG",
      "encoding": "UTF-8"
    },
    {
      "extension": "azures",
      "transfer": "binary",
      "resource": "**AZURES",
      "encoding": "UTF-8"
    },
    {
      "extension": "azugen",
      "transfer": "binary",
      "resource": "**AZUGEN",
      "encoding": "UTF-8"
    },
    {
      "extension": "azusch",
      "transfer": "binary",
      "resource": "**AZUSCH",
      "encoding": "UTF-8"
    },
    {
      "extension": "azutdt",
      "transfer": "binary",
      "resource": "**AZUTDT",
      "encoding": "UTF-8"
    },
    {
      "extension": "bzucfg",
      "transfer": "binary",
      "resource": "**BZUCFG",
      "encoding": "UTF-8"
    },
    {
      "extension": "bzures",
      "transfer": "binary",
      "resource": "**BZURES",
      "encoding": "UTF-8"
    },
    {
      "extension": "tdat",
      "transfer": "binary",
      "resource": "**DATA"
    },
    {
      "extension": "tmpl",
      "transfer": "binary",
      "resource": "**TEMPLATE"
    },
    {
      "extension": "mfs",
      "transfer": "text",
      "resource": "**TEMPLATE"
    }
  ],
  "default.encoding": "IBM-1047"
}
For example, if a data set is named HLQ.ABC.CPY, it maps to the resource pattern **CPY. When using a file transfer API, RSE API will default to the text mode with the default encoding. A data set named HLQ.XYZ.AZUGEN will map to the **AZUGEN resource pattern and will use the binary mode for file transfer.
You can customize this file to use mappings appropriate for a shop. On RSEAPI startup, the file is validated against the JSON schema. The schema is located in the tomcat.base/conf/MVSMapping-Schema.json file, which looks like as follows:
{
    "$schema": "http://json-schema.org/draft-06/schema#",
    "$ref": "#/definitions/FileSystemMapping",
    "definitions": {
        "FileSystemMapping": {
            "type": "object",
            "additionalProperties": false,
            "properties": {
                "mappings": {
                    "type": "array",
                    "items": {
                        "$ref": "#/definitions/Mapping"
                    }
                },
                "default.encoding": {
                    "type": "string"
                }
            },
            "required": [
                "default.encoding",
                "mappings"
            ],
            "title": "FileSystemMapping"
        },
        "Mapping": {
            "type": "object",
            "additionalProperties": false,
            "properties": {
                "extension": {
                    "type": "string"
                },
                "transfer": {
                    "$ref": "#/definitions/Transfer"
                },
                "resource": {
                    "type": "string"
                },
                "memberMappings": {
                    "type": "array",
                    "items": {
                        "$ref": "#/definitions/Mapping"
                    }
                },
                "encoding": {
                    "type": "string"
                }
            },
            "required": [
                "resource",
                "transfer"
            ],
            "title": "Mapping"
        },
        "Transfer": {
            "type": "string",
            "enum": [
                "text",
                "binary"
            ],
            "title": "Transfer"
        }
    }
}
RSE_DSN_SEARCH_REGEX
Note: Specify this property only in rse.env and its settings will be inherited by rseapi.env automatically. Do not specify this property in both rse.env and rseapi.env.
This option allows a system programmer to add constraints on the data set name of a client search. To enable the option, uncomment the RSE_DSN_SEARCH_REGEX variable in the rse.env file and specify a regular expression to the desired data set name constraint. Then, restart the server so that the changes in rse.env can take effect. After that, when users work with the z/OS Remote Search dialog, they are prevented from invoking searches that do not match the data set name criteria specified in rse.env.
The following are some basic examples:
# no constraints (accept anything)
RSE_DSN_SEARCH_REGEX=.*

# allowed to search under ABC
RSE_DSN_SEARCH_REGEX=ABC\..*

# allowed to search when the 2nd qualifier is COBOL
RSE_DSN_SEARCH_REGEX=.*\.COBOL\..*

# allowed search under ABC.XYZ
RSE_DSN_SEARCH_REGEX=ABC\.XYZ\..*
In addition to regular expression syntax, a system programmer might also use a special {UserID} variable in the pattern, and then the variable is replaced by client's user ID before the expression is evaluated. For example, the system programmer might use this to let users only search under their own HLQs:
# allows users to only search under their own HLQ
RSE_DSN_SEARCH_REGEX={UserID}\..*
This means that when Bob is doing a search, he can only search under HLQ, BOB. When Mary is doing a search, she can only search under HLQ, MARY.
CORS_ALLOWED_ORIGINS
The option to specify Cross-Origin Resource Sharing (CORS). CORS allows websites from one domain to access resources from another domain. You can use this option to configure a comma-separated list of domains that are sanctioned to access the server.

The value of an entry should be of the form: http(s)://<host>:<port>, for example, http://localhost:8080. For multiple origins, use comma (,) to separate values.

RSEAPI_SEM_VALVE_CONCURRENCY
To define the Tomcat server Semaphore valve configuration for all requests. The control concurrency default level is 150.
RSEAPI_SEM_VALVE_AUTH_CONCURRENCY
To define the Tomcat server Semaphore valve configuration for auth request, except logout. The control concurrency default level is 100.
RSEAPI_SAF_JWT
Enables the support (provision and validation) of SAF JSON Web Tokens (JWTs). The default value is true. Set it to false to disable the feature.
Note:
  • z/OS Explorer SAF JWT support must be set up for this feature to work. See Define SAF JSON Web Token (JWT) support for RSE for configuration instructions.
  • Support for SAF JWT requires z/OS 2.4 or higher.
  • When the value is false, RSE API uses internal JWTs, not SAF JWTs.
RSEAPI_JWT_LIFETIME
Use this option to configure internal JWT lifetime. This setting applies only to internal JWTs, not SAF JWTs. The default is 8 hours (28800000 ms). This is not recommended to use.
RSEAPI_USER_PASS_INTERVAL_MINS
The enforcement interval (in minute) that users are required to log in (or re-log in) using user ID and password in order to use JWT for bearer authentication in their requests. The default interval is 480 min or 8 hr.
RSEAPI_REDIRECT_ENABLE
Enables the validation of resource usage against the threshold of a server accepting requests. The default is false. Set it to true to enable the feature.
RSEAPI_OVERFLOW_ENABLE
Enables the autoscaling feature for a server to forward requests when it reaches the resource usage threshold and cannot handle the requests. The default is false. Set it to true to enable the feature. You must set RSEAPI_REDIRECT_ENABLE to be true before enabling RSEAPI_OVERFLOW_ENABLE.
RSEAPI_OVERFLOW_FOR_n
The server number of the direct overflow server for the server number n.
Note: The ports of the servers with specified numbers must be defined. For example, RSEAPI_OVERFLOW_FOR_n=m denotes server m is the direct overflow of server n. The servers must be defined as in:
Server m:
RSEAPI_HTTP_PORT_n=<port_number> and RSEAPI_PORT_SHUTDOWN_n=<port_number>, corresponding to SERVER_NUM=n or SRVNUM used in the server started task
Server n:
RSEAPI_HTTP_PORT_m=<port_number> and RSEAPI_PORT_SHUTDOWN_m=<port_number>, corresponding to SERVER_NUM=m or SRVNUM used in the server started task
RSEAPI_MAX_MEM_USED_PC
The hard limit of memory usage percentage for a server. When the limit is reached and the server does not have an overflow server, it will stop accepting new incoming requests. The default value is 80%.
RSEAPI_MAX_MEM_USED_PERIOD_SEC
The time interval in sec that a server will check and validate on the hard limit of the used memory percentage. The default value is 60 sec.
RSEAPI_MAX_USERS
The maximum number of users sessions that a server can handle. The default is 50. The maximum is 100. When the number of user sessions exceeds this setting, the server redistributes the current incoming request to an overflow server if one is configured; otherwise, the server might deny the request.
RSEAPI_MAX_THREADS
The maximum number of active threads that a server can have at a time. The default is 1200. When the number of current active threads exceeds this setting, the server redistributes the current incoming request to an overflow server if one is configured; otherwise, it might deny the request.
RSEAPI_OVERFLOW_SPAWN_WAIT_MSEC
After a direct overflow server is restarted, the wait time before a server sends status checking requests to the direct overflow server to check if the overflow server can accept requests. The default value is 3000 milliseconds.
RSEAPI_OVERFLOW_CHECK_MINUTE
The expiration period of the cache for the active status of a direct overflow server. The default is 2 minutes.
RSEAPI_OVERFLOW_PORT_IN_USE_RECHECK
To enable a recheck on the status of the overflow port for a server to retry the spawning of its overflow if the port is currently in use by other applications.
RSEAPI_SUPPORT_TRUSTED_TCP
Option to authenticate using Trusted TCP. When the option is enabled and the communication partner is active on the local z/OS system, TCPIP can provide RSE API with the user ID of the communication partner, avoiding the need for the partner to authenticate. By default, the option is disabled, but you can enable it by using the following option:
RSEAPI_SUPPORT_TRUSTED_TCP=<true|false>
Note: /usr/lib/libEZBTrustedPartner.so and /usr/lib/libEZBTrustedPartner64.so must be marked program controlled for this service to work. Sample command: extattr +p /usr/lib/libEZBTrustedPartner.so /usr/lib/libEZBTrustedPartner64.so.
DSTORE_SPIRIT_ON
Spiriting is the name of a mechanism used by z/OS Explorer to safely clean up the memory used by active user sessions. For 1.0.8 and later versions, the option is enabled by default. System programmers can customize the interval and expiry time (in seconds) although changing these settings is not recommended.
DSTORE_SPIRIT_ON=<true|false>
SPIRIT_INTERVAL_TIME=<num> (60 by default)
SPIRIT_EXPIRY_TIME=<num> (60 by default)
SPIRIT_INTERVAL_TIME
Indicates how long (in seconds) to wait before checking a queue of elements flagged for removal.
SPIRIT_EXPIRY_TIME
Indicates how long (in seconds) to wait before a queued element is removed.
CGI_CEATSO_KEEPALIVE
Prevent an idle Interactive ISPF Gateway session from timing out after 15 minutes. The default is inherited from the definition in rse.env. Uncomment and specify FALSE to allow the session to time out when not used.
CGI_CEATSO
Use the Interactive ISPF Gateway for TSO sessions. The default is inherited from the definition in rse.env. Uncomment and specify TRUE to use the Interactive ISPF Gateway instead of the Legacy ISPF Gateway. For more information, see (Optional) Interactive ISPF Gateway.
Note:
  • As of z/OS 2.2, Legacy ISPF Gateway, previously named TSO/ISPF Client Gateway, is deprecated and is no longer being enhanced. The functionality is now provided by the Interactive ISPF Gateway.
  • Interactive ISPF Gateway requires z/OS 2.2 and the Common Event Adapter (CEA) TSO/E address space manager service.
RSEAPI_CGI_CEATSO_n
You can enable and disable the CEA interactive TSO for specific servers. For example, three servers are using this rseapi.env, including server 1, server 2, and server 3.
The following block shows that server 3 does not have an override, and thus uses the default, which is legacy TSO due to the CGI_CEATSO=FALSE definition:
CGI_CEATSO =FALSE
CGI_CEATSO_1 =TRUE
CGI_CEATSO_2 = TRUE
The following block shows the interactive TSO options for server 1:
# CEA options for server 1
RSEAPI_CGI_CEATSO_PROCNAME_1=IZUFPROC
RSEAPI_CGI_CEATSO_ACCOUNT_NUMBER_1=ACCT#
RSEAPI_CGI_CEATSO_GROUP_ID_1=USRGRP
RSEAPI_CGI_CEATSO_REGION_SIZE_1=0
The following block shows the different interactive TSO options for server 2:
# CEA options for server 2
RSEAPI_CGI_CEATSO_PROCNAME_2=TSOTSO
RSEAPI_CGI_CEATSO_ACCOUNT_NUMBER_2=ACCT#
RSEAPI_CGI_CEATSO_GROUP_ID_2=USRGRP
RSEAPI_CGI_CEATSO_REGION_SIZE_2=0
RSEAPI_CGI_CEATSO_PROCNAME
Specify a fixed value for the TSO logon procedure used by the Interactive ISPF Gateway. The default is inherited from the user’s SAF TSO segment. Uncomment and change to use the specified value.
RSEAPI_CGI_CEATSO_ACCOUNT_NUMBER
Specify a fixed value for the TSO account number used by the Interactive ISPF Gateway. The default is inherited from the user’s SAF TSO segment. Uncomment and change to use the specified value.
RSEAPI_CGI_CEATSO_GROUP_ID
Specify a fixed value for the TSO group ID used by the Interactive ISPF Gateway. The default is inherited from the user’s SAF TSO segment. Uncomment and change to use the specified value.
RSEAPI_CGI_CEATSO_REGION_SIZE
Specify a fixed value for the TSO region size used by the Interactive ISPF Gateway. The default is inherited from the user’s SAF TSO segment. Uncomment and change to use the specified value.
RSEAPI_CGI_CEATSO_PROCNAME_n
For a specific server, specify a fixed value for the TSO logon procedure used by the Interactive ISPF Gateway. The default is specified in RSEAPI_CGI_CEATSO_PROCNAME. Uncomment and change to use the specified value.
RSEAPI_CGI_CEATSO_ACCOUNT_NUMBER_n
For a specific server, specify a fixed value for the TSO account number used by the Interactive ISPF Gateway. The default is specified in RSEAPI_CGI_CEATSO_ACCOUNT_NUMBER. Uncomment and change to use the specified value.
RSEAPI_CGI_CEATSO_GROUP_ID_n
For a specific server, specify a fixed value for the TSO group ID used by the Interactive ISPF Gateway. The default is specified in RSEAPI_CGI_CEATSO_GROUP_ID. Uncomment and change to use the specified value.
RSEAPI_CGI_CEATSO_REGION_SIZE_n
For a specific server, specify a fixed value for the TSO region size used by the Interactive ISPF Gateway. The default is specified in RSEAPI_CGI_CEATSO_REGION_SIZE. Uncomment and change to use the specified value.
RSE_COMMON_PROPERTIES_n
Use this variable to override the Common Properties shared folder for specific servers. For example, 
#RSE_COMMON_PROPERTIES_1=
#RSE_COMMON_PROPERTIES_2=
RSE_COMMON_PROPERTIES_PRIVATE_RELATIVE
To enable the private Common Properties service, set this variable to a UNIX directory relative to a given user home directory. The private Common Properties for a user is stored in /<user home>/RSE_COMMON_PROPERTIES_PRIVATE_RELATIVE.
RSE_COMMON_PROPERTIES_CACHE_CAPACITY
To define the Common Properties namespace cache capacity value. The default value is 10 if not set.
RSE_COMMON_PROPERTIES_TIMEOUT
To control cache validity period when using the Common Properties service, the following variable can be overridden. This value is the time in milliseconds a cached version of a namespace is considered valid.
RSEAPI_JSON_PRETTY_OUTPUT
Override the default JSON output processing for pretty (processed) output. This boolean value represents false for unprocessed JSON output all on a single line without indentation and breaks. True represents processed and formatted JSON output.
DISABLE_MIGRATE_HRECALL_HDELETE
Disables data set migration and disables the recall and deletion of migrated data set. Set this variable to true to stop clients from sending the requests to a system. In certain condition, for example when a system does not support such operation, such requests fail and might block the server from performing other requests.
DATE_DISPLAY_TIMEZONE
This option allows the administrator to set the timezone different from their current system timezone. The default will stay the timezone of the current system. Uncomment and specify the correct timezone to set.
Examples of timezone: UTC, EST, America/Los_Angeles, PST, GMT,Japan, UTC, America/Toronto, CDT, or MDT.
RSEAPI_ENABLE_HEADER_BASIC_AUTH
For RSEAPI.env there is a new option that lets an administrator disable basic auth. The default value is true. Uncomment and specify false to disable basic auth as the mode of authentication.
DSTORE_UNIX_BACKUP_FILES
Use this option to override whether RSE creates temporary backup files during upload. The default is true.
DSTORE_UNIX_BACKUP_IN_USER_LOGS
Use this option to store the temporary backup files within the host user logs folder rather than in the same folder as the file being uploaded. The default value is true.
DSTORE_UNIX_KEEP_BACKUP_FILES
Use this option to indicate whether to keep a backup file after an upload completes. The default value is false.
RCE_LUNAME
Use this variable to set the LUNAME when one is required by TN3270. The default has no LUNAME.
RCE_ENABLE
Whether or not to enable the remote connection emulator. The default is true.
RCE_PORT
The host port to use when creating a remote emulator connection. The default port is 23.
RCE_SECURITY
Whether or not to use a secure connection when connecting from the server application to the remote emulator. The default value is false.