Configuring z/OS Provisioning Toolkit
To connect z/OS PT to z/OSMF, you must configure z/OS PT with basic connectivity information for the z/OSMF server.
Procedure
-
Edit the z/OS PT
zosmf.properties UTF-8 file in the /zospt/config
directory.
The zosmf.properties file contains properties that are used to connect to z/OSMF:
- hostname
- The host name, or IP address, of the system where z/OSMF is installed. The default is
localhost
. - port
- The HTTPS port that z/OSMF listens on. Ask your z/OSMF administrator for this information.
- truststore = YES|NO
- Using a truststore enables z/OS PT to check
that it trusts the certificate of the z/OSMF server to which it attempts to connect.
- The default of
truststore=NO
means that when z/OS PT attempts to connect to z/OSMF, z/OS PT always trusts the certificate that is presented by the z/OSMF server during the SSL handshake. - Specifying
truststore=YES
means that z/OS PT checks that the certificate (or a certificate authority that signed the z/OSMF server's certificate) is present in its truststore. If the certificate is invalid, or is not trusted, no connection is made.Note: z/OS PT does not verify that the host name of the z/OSMF server matches the host name that is identified in the z/OSMF server's certificate.
A preconfigured truststore can be provided to z/OS PT. The truststore must be of type JKS (Java™ keystore) and must be provided at the following location: zospt/config/zosmf.jks. If no pre-configured truststore is available, z/OS PT will ask the user whether to trust the z/OSMF server's certificate and will create a truststore for future use. The user must review the certificate's details and determine whether it is acceptable for z/OS PT to trust the z/OSMF server. If the user agrees, the certificate that identifies the root certificate authority that signed the z/OSMF server's certificate (or the z/OSMF server's certificate if it is self-signed) is added to the truststore.
- The default of
- truststore_password
- Specifies the password that is used to access the truststore.
- systemNickname
- Specifies the nickname of the system. The nickname is used only when you provision a container by using z/OSMF workflows, as described in Getting started with CICS by using z/OSMF workflows, and is ignored by IBM® Cloud Provisioning and Management for z/OS. Ask your system programmer for this information, or, if your user ID is in the security group for the z/OSMF users (IZUUSER, by default), you can see a list of system nicknames by running z/OS PT command zospt ps -a.
-
Check that z/OS PT connects to z/OSMF.
Issue zospt ps --all. z/OS PT prompts for a password and then reports back basic information about the z/OSMF server.
- Optional:
Set z/OS PT environment variables to further
refine the connection to z/OSMF.
You can set the following environment variables in the .profile in z/OS UNIX System Services, or as part of a shell script that runs z/OS PT:
- zospt_domain
- Specifies the z/OSMF domain with which to connect to run a template. If not specified, the default domain is assumed.
- zospt_tenant
- Specifies the z/OSMF tenant with which to connect to run a template. If not specified, the default domain is assumed.
You can set the zospt_pw environment variable to the password of the user ID that runs z/OS PT but this is not generally recommended unless the profile is protected from read access for all users. If this environment variable is not set, the password is prompted for when z/OS PT is run and needs to connect to z/OSMF.
- Optional:
Edit the z/OS PT
logging.properties UTF-8 file in the /zospt/config
directory.
The logging.properties file controls the size and number of log files that are created by z/OS PT. It is only necessary to change these parameters if the default logging configuration is unsuitable. The logging.properties file contains properties that control the z/OS PT log size and count, and access permissions for the log files:
- java.util.logging.FileHandler.limit
- Specifies an approximate maximum amount to write (in bytes) to any one file. The valid range is 0 - 2147483647 bytes. If it is set to zero, the number of bytes that can be written has no limit. The default is 1000000 bytes.
- java.util.logging.FileHandler.count
- Specifies the number of log files to cycle through per user. The valid range is 0 - 2147483647 bytes. The default is 20. The logs are in the /logs directory. The most recent log file is named log_<user ID running zospt>.0.
- zospt.log.permissions
- Specifies the access permissions for log files. By default, this is readable and writeable only
by you as their owner, that is,
-rw-------
or600
. You can change it to also readable by a group and others, that is,-rw-r--r--
or644
.
What to do next
Load a template into z/OSMF ready for use by the zospt commands, by following the instructions in Adding an IBM Cloud Provisioning and Management for z/OS template for use with z/OS Provisioning Toolkit.