If you use the supplied processing to build a docker image, you can choose from two
methods to provide access to the running integration server. Which method you choose, depends on the
level of access that you want to give to users who run IBM® App Connect Enterprise
commands by using the supplied JCL.
About this task
Users need to access the zCX instance to interact with the integration server Docker container.
Users who want to start, stop and delete integration servers, or maintain images, need to access the
zCX instance by using the ZCX_SSH_KEY. You might prefer not to give this access
to users who need only to access running integration servers and run IBM App Connect Enterprise commands. Instead, you can give those users ssh access directly
into the integration server docker container without using the ZCX_SSH_KEY.
Procedure
Configure SSH access for IBM
z/OS® Container Extensions (zCX) by completing one of the
following steps:
- Optional:
You can provide full access to the zCX instance by using the ZCX_SSH_KEY.
Users who have this level of access can complete the following tasks:
- Access a running integration server
- Create, start, stop, and delete an integration server.
- Maintain images.
- Run IBM App Connect Enterprise commands.
- Submit the JCL jobs BIPXPUT and BIPXGET
To provide full access to the zCX instance by using the
ZCX_SSH_KEY, complete
the following steps:
- Create an environment file ENVFILE.
- Set the following environment variables in the environment file ENVFILE that you created:
-
- ZCX_SSH_KEY
- ZCX_SSH_PORT
- ZCX_SSH_USER
- Optional:
You can provide access directly into the integration server docker container without using the
ZCX_SSH_KEY. Users who have this level of access can complete the following
tasks:
- Access a running integration server
- Run IBM App Connect Enterprise commands.
- Submit the JCL jobs BIPXPUT and BIPXGET
To provide access directly into the integration server docker container without using the
ZCX_SSH_KEY, complete the following steps:
- Before you create the integration server Docker image by running the JCL
job BIPXBLD as described in Creating an IBM App Connect Enterprise Integration Server Docker image on IBM z/OS Container Extensions (zCX) by using the supplied JCL, you must create an
SSH key pair as described in Provisioning an IBM z/OS Container Extensions (zCX) instance but with different name. For example, run
the following
command:
ssh-keygen -t rsa -b 4096 -C "your_email@domain.com" -f aceserver1_rsa
In this example, the private key is named aceserver1_rsa, and the public key is
named aceserver1_rsa.pub.You can create separate keys for each integration
server or share keys over multiple or all integration servers, depending on your access security
needs. Each key pair needs its own integration server Docker image that contains the appropriate
public key.
- Before you create the integration server Docker image by running the JCL job
BIPXBLD as described in Creating an IBM App Connect Enterprise Integration Server Docker image on IBM z/OS Container Extensions (zCX) by using the supplied JCL, you must set the
SERVER_ACCESS_SSH_PUBLIC_KEY environment variable. Set
SERVER_ACCESS_SSH_PUBLIC_KEY to the name of the file that contains the public
key. For example, /u/aceadmin/.ssh/aceserver1_rsa.pub.
- Before you use the image that you built in the previous step to start an integration server, as
described in Starting an integration server on IBM z/OS Container Extensions (zCX) by using JCL, and Starting an integration server on IBM z/OS Container Extensions (zCX) by using IBM z/OS console commands, you must set the
environment variable SERVER_ACCESS_SSH_PORT. Set
SERVER_ACCESS_SSH_PORT to specify a port number to use for ssh access to the
integration server Docker container. The port number must be unique over everything that runs in
that zCX instance. When the integration server Docker container starts, it also starts an ssh server
that listens on the port that you specified.
- When you run IBM App Connect Enterprise commands by submitting the JCL job
BIPXISCM, BIPXPUT, or BIPXGET, as
described in Running IBM App Connect Enterprise commands on IBM z/OS Container Extensions (zCX) by using JCL, do not specify ZCX_USER or
ZCX_SSH_KEY in the environment variables file that is referenced by the JCL jobs.
Set the SERVER_ACCESS_SSH_PORT environment variable to the port that you set
when you started the integration server Docker container.
Set the
SERVER_ACCESS_SSH_KEY environment variable to the file that contains the private
key that is associated with the public key that is built into the image. For example,
/u/aceadmin/.ssh/aceserver1_rsa.
If you set
SERVER_ACCESS_SSH_PORT, only server SSH access is attempted, even if the zCX
credentials are also specified. If neither are specified, the IBM App Connect Enterprise
command fails.
What to do next
You can then use the supplied JCL to manage your integration servers and to run IBM App Connect Enterprise commands. For more information, see Administering IBM App Connect Enterprise on IBM z/OS Container Extensions (zCX) by using JCL.