Configuring z/OS Provisioning Toolkit

To connect z/OS PT to z/OSMF, you must configure z/OS PT with basic connectivity information for the z/OSMF server.

1. Edit the z/OS PT zosmf.properties UTF-8 file in the /zospt/config directory.
   The zosmf.properties file contains properties that are used to connect to z/OSMF:

   hostname

   The host name, or IP address, of the system where z/OSMF is installed. The default is localhost.

   port

   The HTTPS port that z/OSMF listens on. Ask your z/OSMF administrator for this information.

   truststore = YES|NO

   Using a truststore enables z/OS PT to check that it trusts the certificate of the z/OSMF server to which it attempts to connect.

   • The default of truststore=NO means that when z/OS PT attempts to connect to z/OSMF, z/OS PT always trusts the certificate that is presented by the z/OSMF server during the SSL handshake.
   • Specifying truststore=YES means that z/OS PT checks that the certificate (or a certificate authority that signed the z/OSMF server's certificate) is present in its truststore. If the certificate is invalid, or is not trusted, no connection is made.
     Note: z/OS PT does not verify that the host name of the z/OSMF server matches the host name that is identified in the z/OSMF server's certificate.

   A preconfigured truststore can be provided to z/OS PT. The truststore must be of type JKS (Java™ keystore) and must be provided at the following location: zospt/config/zosmf.jks. If no pre-configured truststore is available, z/OS PT will ask the user whether to trust the z/OSMF server's certificate and will create a truststore for future use. The user must review the certificate's details and determine whether it is acceptable for z/OS PT to trust the z/OSMF server. If the user agrees, the certificate that identifies the root certificate authority that signed the z/OSMF server's certificate (or the z/OSMF server's certificate if it is self-signed) is added to the truststore.

   truststore_password

   Specifies the password that is used to access the truststore.

   systemNickname

   Specifies the nickname of the system. The nickname is used only when you provision a container by using z/OSMF workflows, as described in Getting started with CICS by using z/OSMF workflows, and is ignored by IBM® Cloud Provisioning and Management for z/OS. Ask your system programmer for this information, or, if your user ID is in the security group for the z/OSMF users (IZUUSER, by default), you can see a list of system nicknames by running z/OS PT command zospt ps -a.

2. Check that z/OS PT connects to z/OSMF.
   Issue zospt ps --all. z/OS PT prompts for a password and then reports back basic information about the z/OSMF server.
3. Optional: Set z/OS PT environment variables to further refine the connection to z/OSMF.
   You can set the following environment variables in the .profile in z/OS UNIX System Services, or as part of a shell script that runs z/OS PT:

   zospt_domain

   Specifies the z/OSMF domain with which to connect to run a template. If not specified, the default domain is assumed.

   zospt_tenant

   Specifies the z/OSMF tenant with which to connect to run a template. If not specified, the default domain is assumed.

   You can set the zospt_pw environment variable to the password of the user ID that runs z/OS PT but this is not generally recommended unless the profile is protected from read access for all users. If this environment variable is not set, the password is prompted for when z/OS PT is run and needs to connect to z/OSMF.

4. Optional: Edit the z/OS PT logging.properties UTF-8 file in the /zospt/config directory.
   The logging.properties file controls the size and number of log files that are created by z/OS PT. It is only necessary to change these parameters if the default logging configuration is unsuitable. The logging.properties file contains properties that control the z/OS PT log size and count, and access permissions for the log files:

   java.util.logging.FileHandler.limit

   Specifies an approximate maximum amount to write (in bytes) to any one file. The valid range is 0 - 2147483647 bytes. If it is set to zero, the number of bytes that can be written has no limit. The default is 1000000 bytes.

   java.util.logging.FileHandler.count

   Specifies the number of log files to cycle through per user. The valid range is 0 - 2147483647 bytes. The default is 20. The logs are in the /logs directory. The most recent log file is named log_<user ID running zospt>.0.

   zospt.log.permissions

   Specifies the access permissions for log files. By default, this is readable and writeable only by you as their owner, that is, -rw------- or 600. You can change it to also readable by a group and others, that is, -rw-r--r-- or 644.