FTU Task 3: Prepare the system for configuration

Several system preparation tasks must be completed before the RTE is created and monitoring can be started. In this task, you prepare your system for the RTE you are about to configure.

About this task

Several of these steps involve authorization changes to the security software that manages z/OS® resources. IBM® supplies instructions for the Resource Access Control Facility (RACF). If your sites uses other software, you will have to complete similar steps for that software.

Procedure

  1. Set up required authorizations and files for SDA.
    1. Create a user ID with superuser authority (a TSO ID with an OMVS segment defined to it) if you do not already have one.
      The %KDS_TEMS_STC% TEMS started task name must have superuser authority. For more information, see z/OS UNIX System Services Planning: Superusers in z/OS UNIX.
    2. Create a new file system for products that use the RTE_USS_RTEDIR home directory parameter: for example, omvs.omegamon.tstest.hfs.
      This file system must be created, mounted, and in read/write mode before the z/OS UNIX System Services jobs that define the file system paths are submitted. Select a name for your RTE that establishes or fits a naming convention that can be used as you install additional RTEs. The KCIUSSJB sample job in the gbl_target_hilev.TKANSAM SMP/E target library is run in FTU Task 4.
      In the MOUNT FILESYSTEM command, the MOUNTPOINT() parameter equates to the value you will specify for the RTE_USS_RTEDIR parameter. For example:
      "MOUNT FILESYSTEM('&hlq_rte_home') TYPE(ZFS) MODE(RDWR) MOUNTPOINT('/rtehome') PARM('AGGRGROW')"
      So an example of this using RTE name TSTEST might be:
      "MOUNT FILESYSTEM('OMVS.TSTEST.HFS') TYPE(ZFS) MODE(RDWR) MOUNTPOINT('/tstest') PARM('AGGRGROW')"
  2. Optional: To use the auto-discovery functions of IBM Discovery Library Adapter for z/OS (DLA), verify that the user ID has the following RACF authorities, which are required to run the KCIJPDLA job:
    • READ access is recommended for all the data sets in the system PARMLIB concatenation used during IPL.
    • READ access is required to profiles in the MQCMDS class (if active) to allow the z/OS DLA to issue MQ DISPLAY commands via the MQ command interface.
    • If RACF is used to protect DB/2 resources, then authority is required to issue DB/2 DISPLAY commands and to access (READ) SYSIBM resources using dynamic SQL.
    • READ access is recommended to WebSphere configuration files.
    • An OMVS segment with authority to issue the netstat, host and home commands.
  3. Authorize the monitoring programs.
    1. IEFSSNxx must be updated to define and start the OMEGAMON® subsystem.
      Create a subsystem ID entry in your system PARMLIB member IEFSSN.xx. The default subsystem name generated by PARMGEN is CNDL in the RTE_KCNSTR00_SSID parameter. An example of the default SSN entry to bring up the OMEGAMON subsystem at IPL would therefore be:
      SUBSYS SUBNAME(CNDL) INITRTN(KCNDLINT) INITPARM('SSPROC=IBMCN')
      Be sure that the subsystem proc has been moved to the appropriate system proclib prior to IPL. If you do not want the subsystem started at IPL, the entry would be:
      SUBSYS SUBNAME(CNDL) INITRTN(KCNDLINT)
    2. Authorize the product started tasks:
      1. Update RACF® or equivalent security system for the user ID (with OMVS segment) you will use for these started tasks:
        • Hub and remote monitoring servers (the default started task is named IBMDS)
        • Enhanced 3270 user interface (the default started task is named IBMTOM)
        • Agent address spaces (the default z/OS classic monitor task is named IBMM2RC)
      2. Use the RDEFINE command to associate the ID with the following started tasks:
        • Monitoring server (default started task name: IBMDS):
          RDEFINE STARTED IBMDS.* STDATA(USER(userID) GROUP(SYS1))
        • Enhanced 3270 user interface (default started task name: IBMTOM):
          RDEFINE STARTED IBMTOM.* STDATA(USER(userID) GROUP(SYS1))
        • z/OS agent OMEGAMON component (default started task name: IBMM2RC):
          RDEFINE STARTED IBMM2RC.* STDATA(USER(userID) GROUP(SYS1))
        See the Security Requirements section in the attachment of the technote that is listed in Pre-installation requirements and checklist for a complete list of product started tasks.
      3. After you issue all the RDEFINE commands, issue the refresh command:
        SETROPTS RACLIST(STARTED) REFRESH

        For additional information about these RACF commands, see the z/OS Security Server RACF Security Administrator's Guide.

  4. Update IKJTSOnn with the names of authorized monitoring programs.
    You might request your site's authorized system programmers to perform this step so it can be scheduled with the LPAR's change control processes.
    • Add programs KPDDSCO, KEPSTCTO, KOBROUTR, and KOBSPFAU to the system PARMLIB member IKJTSOnn under the AUTHPGM section.
    • Refresh the IKJTSOnn member by issuing the set command (T IKJTSO=nn).
  5. If you installed OMEGAMON for z/OS, add the following modules to the IPL linklist:
    • KCNDLINT
    • KM5EXIT3/KM5CSFSX (if ICSF is used). To provide sufficient storage to allow the monitoring exit to run, modify the ICSF subsystem JCL to increase the REGION limit to REGION=0M.