Variables for configuring administrative agents using the zpmt command
The zpmt command uses the values that you specify for the variables defined in a response file to create customization data and instructions for configuring an administrative agent.
Server type
- Type of server to be created within this management profile
Profile information
- The profile name is default.
- Profile path
- Template path
Target dataset information
- Target operating system
- High-level qualifier for the target z/OS datasets that will contain
the generated jobs and instructionsWhen a customization definition is uploaded to the target z/OS system, the customization jobs and files are written to a pair of partitioned datasets. While is it possible to reuse these datasets, it is safest to create separate datasets for each WebSphere Application Server for z/OS configuration. The best practice is to use the customization dataset name prefix (sometimes referred to as config_hlq) to indicate the version and release of WebSphere Application Server for z/OS, the task that you are performing, and the cell (as well as the node name in some cases) that you are configuring. For example, you might use the following dataset name prefix for configuring a standalone WebSphere Application Server cell named TESTCELL for Version 9.0:
In this example, the following two datasets will be created when the customization definition is uploaded to the target z/OS system:SYSPROG1.WAS90.TESTCELL.APPSERV
The CNTL dataset will be a partitioned dataset (PDS) with fixed block 80-byte records that will contain the customization jobs. The DATA dataset will be a PDS with variable length data to contain the other customization data.SYSPROG1.WAS90.TESTCELL.APPSERV.CNTL SYSPROG1.WAS90.TESTCELL.APPSERV.DATA
Rule: The high-level qualifier can consist of multiple qualifiers (up to 39 characters).The generated batch jobs and instructions will be uploaded to two z/OS partitioned datasets:- Partitioned dataset with fixed block 80-byte records to contain customization jobs
- Partitioned dataset with variable-length data to contain other data contained in the customization definition
Tip: A multilevel high-level qualifier can be specified as the dataset high-level qualifier.
Common group configuration
- Specify * to allow operating-system security to assign the group ID.
- Specify an ID to use a specific ID.Rule: GID values must be unique numeric values between 1 and 2,147,483,647.
- Specify * to allow operating-system security to assign the group ID.
- Specify an ID to use a specific ID.Rule: GID values must be unique numeric values between 1 and 2,147,483,647.
- Specify * to allow operating-system security to assign the group ID.
- Specify an ID to use a specific ID.Rule: GID values must be unique numeric values between 1 and 2,147,483,647.
System locations
- System name for the target z/OS® system on which you will configure WebSphere® Application Server for z/OS
- Sysplex name for the target z/OS system
on which you will configure WebSphere Application Server
for z/OS
Tip: If you are not sure what the system name (&SYSNAME) and sysplex name (&SYSPLEX) are, use the console command D SYMBOLS on the target z/OS system to display them.
- An existing procedure library where the WebSphere Application Server for z/OS cataloged procedures are added
Configuration file system customization
- Read/write file system directory mount point where application
data and environment files are written
The customization process creates this mount point if it does not already exist.
- File system dataset that you will create and mount at the above
mount pointRule: You can specify up to 44 characters for the dataset names.
- Name of the directory where WebSphere Application
Server for z/OS files reside after installation
See Product file system for more information.
- Specify either the DASD volume serial number to contain the above dataset or * to let SMS select a volume. Using * requires that SMS automatic class selection (ACS) routines be in place to select the volume. If you do not have SMS set up to handle dataset allocation automatically, list the volume explicitly.
- Initial size allocation in cylinders for the above datasetRecommendation: The minimum suggested size is 420 cylinders.
- Size of each secondary extent in cylindersRecommendation: The minimum suggested size is 100 cylinders.
- This is the type of file system that will be used when creating the WebSphere for z/OS configuration file system. The default is HFS.
System information
- Name of the directory where WebSphere Application
Server for z/OS files reside after installation
Read Product file system for more information.
- Specify true to set up an intermediate
symbolic link, and specify the path name of that link if you select
it.
If you specify an intermediate symbolic link, symbolic links are created from the configuration file system to the intermediate symbolic link; otherwise, they are created directly to the product file system.
The default value for zEnableIntermediateSymlink is true.
- The default value for zIntermediateSymlink is the zConfigMountPoint value appended by /wasInstall.
Server customization
- Name that identifies the cell to z/OS facilities
such as SAFRules:
- Primary external identification of this WebSphere Application
Server for z/OS cell
This name identifies the cell as displayed through the administrative console.
Rules: - Name that identifies the node to z/OS facilities
such as SAFRules:
- Primary external identification of this WebSphere Application
Server for z/OS node
This name identifies the node as displayed through the administrative console.
Rules: - This value identifies the server to z/OS facilities
such as SAF. Note: The server short name is also used as the server JOBNAME.Rule: Name must usually contain seven or fewer all-uppercase characters.
- Name of the server and the primary external identification of
this WebSphere Application Server for z/OS server
This name identifies the server as displayed through the administrative console.
Rules: - WLM APPLENV (WLM application environment) name for this serverRule: Name must be eight or fewer characters and all uppercase.
- New or existing file system directory in which home directories for WebSphere Application Server for z/OS user IDs will be created by the customization process
Server address space information customization
In the following, names must be eight or fewer characters unless specified otherwise.
- Name of member in your procedure library to start the controllerRule: Name must usually contain seven or fewer all-uppercase characters.
- User ID associated with the controllerNote: If you are using a non-IBM security system, the user ID might have to match the procedure name. Please refer to your security system's documentation.
- User identifier associated with this user IDRule: UIDs must be unique numbers between 1 and 2,147,483,647 within the system.
- Name of member in your procedure library to start the servantRule: Name must usually contain seven or fewer all-uppercase characters.
- User ID associated with the servantNote: If you are using a non-IBM security system, the user ID might have to match the procedure name. Please refer to your security system's documentation.
- User identifier associated with this user IDRule: UIDs must be unique numbers between 1 and 2,147,483,647 within the system.
TCP/IP information
- IP name or address of the system on which the server is configured
This value is used by other WebSphere Application Server for z/OS functions to connect to this server.
Note: The node host name must always resolve to an IP stack on the system where the application server runs. The node host name cannot be a DVIPA or a DNS name that, in any other way, causes the direction of requests to more than one system. - Port number for the JMX HTTP connection to this server based on
the SOAP protocol
JMX is used for remote administrative functions, such as invoking scripts through wsadmin.sh.
Rule: Value cannot be 0. - IP address on which the server's ORB listens for incoming IIOP
requests
The default is *, which instructs the ORB to listen on all available IP addresses.
- Port for IIOP requests that acts as the bootstrap port for this
server and also as the port through which the ORB accepts IIOP requestsRule: Value cannot be 0.
- Port for secure IIOP requests
The default is 0, which allows the system to choose this port.
- IP address on which the server's web container should listen for
incoming HTTP requests
The default is *, which instructs the web container to listen on all available IP addresses.
Note: The transport host name becomes the hostname in the virtualhosts.xml file, which makes setting a specific IP address here less than ideal because, if you do so, you are restricting yourself to that IP address until you go into the administrative console and add another virtual host. - Port for HTTP requests to the administrative console
- Port for secure HTTP requests to the administrative console
- Port for the JMX connector that listens on the loopback adapter
The connector uses local comm communications protocol, which means that the port is used only for communications that are local to the z/OS system image (or sysplex).
Location service daemon customization
The location service daemon is the initial point of client contact in WebSphere Application Server for z/OS. The server contains the CORBA-based location service agent, which places sessions in a cell. All RMI/IIOP IORs (for example, for enterprise beans) establish connections to the location service daemon first, then forward them to the target application server.- Directory in which the location service daemon resides
This is set to the configuration file system mount point/Daemon and cannot be changed.
- Job name of the location service daemon, specified in the JOBNAME
parameter of the MVS™ start command used to start the location
service daemon
Caution: When configuring a new cell, be sure to choose a new daemon job name value.
Note: A server automatically starts the location service daemon if it is not already running. - Name of the member in your procedure library to start the location
service daemonRule: Name must usually contain seven or fewer all-uppercase characters.
- User ID associated with the location service daemon
- User identifier associated with this user IDRule: UIDs must be unique numbers between 1 and 2,147,483,647 within the system.
- Fully qualified IP name, registered with the Domain Name Server
(DNS), that the location service daemon uses
The default is your node host name.
Note: - The default value is *.Rule: The default is * or a numeric IP address.
- Port number on which the location service daemon listensNote: Select the port number for the location service daemon carefully. You can choose any value you want, but, once chosen, it is difficult to change, even in the middle of customization.
- Port number on which the location service daemon listens for SSL connections
- If you use the WLM DNS (connection optimization), you must select true to
register your location service daemon with it. Otherwise, select false.Note: Only one location service daemon per LPAR can register its domain name with WLM DNS. If you have multiple cells in the same LPAR and register one location service daemon and then a second, the second will fail to start.
SSL customization
- Name of the key label that identifies the certificate authority (CA) to be used in generating server certificates
- Select true to generate a new CA certificate. Select false to have an existing CA certificate generate server certificates.
- Expiration date used for any X509 Certificate Authority certificates
as well as the expiration date for the personal certificates generated
for WebSphere Application Server for z/OS servers.
You must specify this even if you selected false for Generate Certificate Authority (CA) certificate.
- Default name given to the RACF® key ring used by WebSphere Application Server for z/OS
The key ring names created for repertoires are all the same within a cell.
- Select true if you want to enable z/OS SSL clients using SAF Virtual Key Ring to connect to this WebSphere Application Server node without requiring each user to have the WebSphere Application Server keyring or the WebSphere Application Server CA certificate connected to it.
- Select true if you want to support secure communications using Inter-ORB Request Protocol (IIOP) to the location service daemon using SSL. If you specify true, a RACF key ring will be generated for the location service daemon to use.
Security customization
You can choose one of the following three options for administrative security.
- Use the z/OS system's SAF-compliant security database to define WebSphere Application Server users. The EJBROLE profile will be used to control role-based access to applications. An administrator user ID and an unauthenticated user ID will be created and defined in the security database. Select this option if the WebSphere Application Server environment will run entirely on z/OS with a shared SAF-compliant (Local OS) user registry, or if you plan to implement a non-Local OS user registry (such as LDAP) with mapping to SAF user IDs.
- Use a simple file-based registry to define WebSphere Application Server users. An administrator user ID will be created and defined in the file-based registry.
- Do not enable administrative security. This option is not recommended.
Your WebSphere Application Server environment will not be secured until you configure and enable security manually.
Depending on the security option you choose, there may be additional values you need to set.
Security customization—z/OS-managed security
For this security option, you must decide whether to set a SAF profile prefix and choose an administrator user ID as well as an unauthenticated (guest) user ID.
- Set this to true if you wish to include a SAF profile prefix in certain SAF security checks (APPL, CBIND, EJBROLE). Enter a 1-8 SAF profile prefix.
- For Administrator user ID, enter a valid SAF user ID which will
become the initial cell administrator. If this user ID already exists,
it must have the WebSphere Application Server configuration
group for this cell as its default UNIX System
Services group.
- Valid UID for this user ID
- Enter a valid SAF user ID which will be associated with unauthenticated
client requests.
- Valid UID for this user ID
- Select true if you want to enable writable SAF key ring support
Security customization—product-managed security
For this security option, you must choose an administrator user ID and password.
- Enter an alphanumeric user ID that you will use to log on to the administrative console and perform administrative tasks. This user ID and its password will initially be the only entry in the file-based user registry.
- This password must not be blank.
Security customization—no security
For this security option, there are no other choices to make. Your WebSphere Application Server environment will not be secured until you configure and enable security manually.
Security certificate customization
- Identifier of the personal certificate
- Identifier of the root signing certificate
- The default personal certificate is valid for one year. The maximum expiration is ten years.
- The default signing (root) certificate is a self-signed certificate. It has a default validation period of twenty years. The maximum validation period is twenty-five years.
- The default value for the keystore password should be changed to protect the security of the keystore files and SSL configuration.
Job Information
- All the customization jobs that will be tailored for you will need a job statement. Enter a
valid job statement for your installation. The customization process will update the job name for
you in all the generated jobs, so you need not be concerned with that portion of the job statement.
If continuation lines are needed, replace the comment lines with continuation lines.
- Job statement 1 (zJobStatement1)
- Job statement 2 (zJobStatement2)
- Job statement 3 (zJobStatement3)
- Job statement 4 (zJobStatement4)