Setting up for IBM Z Open Debug

Before you can connect to a z/OS® system and start debugging, configure for IBM Z® Open Debug.

Start of change

Defining a Z Open Debug connection using Zowe

To connect to a z/OS system, specify a zOpenDebug connection profile with connections details as below in the Zowe team configuration file.
     "zOpenDebug": {
        "type": "zOpenDebug",
        "properties": {
            "dpsPort": 8143,
            "dpsContextRoot": "api/v1",
            "dpsSecured": true,                        
            "host": "yourZmachine.yourCompany.com",
            "rdsPort": 8002,
            "rdsSecured": true,
            "rejectUnauthorized": false,
            "uuid": "eb56ad6a-38b8-4e2f-bad3-10fc1530ea9f"
            },
        "secure": [
            "user",
            "password"
        ] 
    },
The following attributes are supported in the zOpenDebug connection profile:
dpsPort
Specify the port of the Debug Profile Service on the remote z/OS system. For a secured connection, ensure that a secure port is specified.
dpsContextRoot
Specify the context root of the Debug Profile Service on the remote z/OS system.
dpsSecured
Enable a secure connection.
host
Specify the hostname of the remote z/OS system.
rdsPort
Specify the port of the Remote Debug Service on the remote z/OS system. For a secured connection, ensure that a secure port is specified.
rdsSecured
Enable a secure connection.
rejectUnauthorized
Specify whether to reject an unauthorized connection.
uuid
A special internal attribute that is generated dynamically when you create the connection profile.
secure
Specify that secure connections should be used.
user
Specify the user ID to be used for connection.
password
Specify the password to be used for authentication when you connect to remote z/OS system. By default, a password prompt is displayed the first time you connect to the remote system.
You can also use the connection details from a base profile, create multiple connection profiles, nest the profile inside another profile, and share the profile with others. For more information, see the Zowe Docs.
Note: Z Open Debug currently does not support token-based authentication.
End of change

Configuring the preferences

You can specify other preferences in Settings > Extensions > IBM Z Open Debug or in the setting.json file.
Table 1. Settings for IBM Z Open Debug
Field name in Settings Property in settings.json Description
Debug Profile Service: Api Log zopendebug.debugProfileService.apiLog Enable diagnostic logging of the Debug Profile Service. Start of changeThe logs can be found in the Output panel. Select IBM Z Open Debug from the list to filter out relevant log.End of change
Profile View: Show Welcome Start of changezopendebug.profileView.showWelcomeEnd of change Show the welcome page to the Debug Profile Editor.
Start of changeLogger: Log LevelEnd of change Start of changezopendebug.logger.logLevelEnd of change Start of changeSelect the level of logging in the application.End of change
Start of changeProfile View: Show Generic Profile WarningEnd of change Start of changezopendebug.profileView.showGenericProfileWarningEnd of change Start of changeShow warnings in the Debug Profile Editor when you try to activate a generic debug profile.End of change

Configuring launch.json

To configure launch.json for IBM Z Open Debug, see the supported attributes in Starting an interactive debug session with IBM Z Open Debug and Listing parked z/OS Debugger debug sessions on a z/OS host.

Start of changeStarting from Z Open Debug 4.0, the connection details are specified in a zOpenDebug connection profile in the Zowe team configuration file instead of the launch.json. In the launch.json, specify the connection attribute as below to use the zOpenDebug connection profile:
"connection": { 
            "type": "zowe", "name": "zOpenDebug"
    },
End of change

Importing a self-signed certificate for Debug Profile Service

Z Open Debug uses the Debug Profile Service API to manage debug profiles. This REST API is secured with a certificate. If the certificate is self-signed, you need to install the certificate to the operating system to establish a secured communication.
Notes:
  • A self-signed certificate is always used for Wazi for Dev Spaces in the OpenShift® cloud environment.
  • Start of changeYou can specify rejectUnauthorized: false in your Zowe connection profile. However, this configuration ignores all SSL errors and is less secure.End of change
Before you establish a secured connection, ensure that your system programmer created a certificate for Debug Profile Service as described in Enabling secure communication and you are connected to the remote z/OS system with a secured port specified and the secured connection enabled.
  1. Start of changeObtain the certificate directly from the systems programmer, or follow the steps below to obtain the certificate with a browser:
    1. Enter {host_name}:{dps_port}/api/v1/profile/dtcn in the address bar of a browser. A warning icon that indicates insecure connection is displayed in the address bar.
    2. Click the warning icon to download or export the certificate.
      Note: After you import the certificate into the certificate store of the operating system, the original name instead of the name you specified when you exported the certificate is displayed.
    Start of changeOptionally, you can specify rejectUnauthorized: false in the Zowe connection profile. However, this ignore all SSL errors and is less secure.End of changeEnd of change
  2. Import the self-signed certificate to your operating system.

    You can import the certificate into Trusted Root Certification Authorities on Windows or Keychain Access on macOS directly, or use Google Chrome for any operating systems or Internet Explorer for Windows.

    Google Chrome for Windows:
    1. Select Settings > Privacy and security > Manage certificates.
    2. In the Certificates window, open the Trusted Root Certification Authorities tab and select Import. The Certificate Import Wizard opens.
    3. In the Certificate Import Wizard, browse to select the certificate. You might need to choose All Files (*.*) to display all file types.
    4. Click Finish to complete importing the certificate.
    5. In the Certificates window, select Advanced to open the Advanced Options window and ensure that Client Authentication is selected.
    Google Chrome for macOS:
    1. Select Settings > Privacy and security > Manage certificates.
    2. In Keychain Access, import the certificate.
    3. Double-click the imported certificate to set the fields to Always Trust.
    Internet Explorer for Windows:
    1. Select Tools > Internet Options.
    2. On the Content tab of the Internet Options window, select Certificates to open the Certificates window.
    3. In the Certificates window, open the Trusted Root Certification Authorities tab and select Import. The Certificate Import Wizard opens.
    4. In the Certificate Import Wizard, browse to select the certificate. You might need to choose All Files (*.*) to display all file types.
    5. Click Finish to complete importing the certificate.
    6. In the Certificates window, select Advanced to open the Advanced Options window and ensure that Client Authentication is selected.