From 8ab991837679fbae8fbad6dc785f318137555fd3 Mon Sep 17 00:00:00 2001 From: mm667937 Date: Thu, 5 Sep 2024 14:27:33 +0200 Subject: [PATCH 1/9] minor workflow changes to unite the output yaml and example-zowe.yaml Signed-off-by: mm667937 --- example-zowe.yaml | 12 ++++---- workflows/files/ZWECONF.properties | 2 +- workflows/files/ZWECONF.xml | 44 ++++++++++++++---------------- 3 files changed, 27 insertions(+), 31 deletions(-) diff --git a/example-zowe.yaml b/example-zowe.yaml index 812f46b7b5..ada5c94adc 100644 --- a/example-zowe.yaml +++ b/example-zowe.yaml @@ -320,7 +320,7 @@ zowe: # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # This is an ID you use to separate multiple Zowe installs when determining # resource names used in RBAC authorization checks such as dataservices with RBAC - # expects this ID in SAF resources + # expects this ID in SAF resources rbacProfileIdentifier: "1" # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> @@ -336,7 +336,7 @@ zowe: externalDomains: # this should be the domain name to access Zowe APIML Gateway - sample-domain.com - + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # This is the port you use to access Zowe Gateway from your web browser. # @@ -378,8 +378,8 @@ zowe: # ZWED_TN3270_PORT: 23 # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> - # You can define any Zowe message portions to be checked for and the message added to the - # system log upon its logging, truncated to 126 characters. + # You can define any Zowe message portions to be checked for and the message added to the + # system log upon its logging, truncated to 126 characters. sysMessages: # # Zowe starting - "ZWEL0021I" @@ -449,7 +449,7 @@ zowe: # This mode does not validate certificate Common Name and Subject # Alternative Name (SAN). # - DISABLED: disable certificate validation. This is NOT recommended for - # security. + # security. verifyCertificates: STRICT @@ -636,7 +636,7 @@ components: # # This sysname will be used to route your JES command to target system. # sysname: LPR1 # # for this HA instance, we did not customize "components", so it will use default value. - + # # HA instance ID, we will start 2 instances on LPAR2 # # **NOTE**, we can only start one gateway in same LPAR. # lpar2a: diff --git a/workflows/files/ZWECONF.properties b/workflows/files/ZWECONF.properties index 4eadca84d7..010bfa8140 100644 --- a/workflows/files/ZWECONF.properties +++ b/workflows/files/ZWECONF.properties @@ -423,7 +423,7 @@ components_zaas_apiml_security_auth_zosmf_jwtAutoconfiguration=auto # Category: components # Description: # Service ID for ZAAS (Authentication) -components_zaas_apiml_security_auth_zosmf_serviceId=zosmf +components_zaas_apiml_security_auth_zosmf_serviceId=ibmzosmf # components_api_catalog_enabled # Label: Enable API catalog diff --git a/workflows/files/ZWECONF.xml b/workflows/files/ZWECONF.xml index f0961c356b..70880d5aa6 100644 --- a/workflows/files/ZWECONF.xml +++ b/workflows/files/ZWECONF.xml @@ -543,7 +543,7 @@ How we want to verify SSL certificates of services. Valid values are: - zosmf + ibmzosmf @@ -1636,7 +1636,7 @@ echo '' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # # >>>> Certificate setup scenario 2' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # # PKCS12 (keystore) with importing certificate generated by other CA.' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # certificate:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # # Type of certificate storage. Valid values are: PKCS12, JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' # # Type of certificate storage. Valid values are: PKCS12, JCERACFKS. APIML additionally supports: JCEKS, JCECCAKS, JCECCARACFKS, or JCEHYBRIDRACFKS' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # type: PKCS12' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # pkcs12:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # # **COMMONLY_CUSTOMIZED**' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" @@ -1669,9 +1669,8 @@ echo '' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # # >>>> Certificate setup scenario 3' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # # Zowe generated z/OS Keyring with Zowe generated certificates.' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # certificate:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # # Type of certificate storage. Valid values are: PKCS12, JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' # # Type of certificate storage. Valid values are: PKCS12, JCERACFKS. APIML additionally supports: JCEKS, JCECCAKS, JCECCARACFKS, or JCEHYBRIDRACFKS' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # type: JCERACFKS' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # createZosmfTrust: true' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # keyring:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # # **COMMONLY_CUSTOMIZED**' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # # keyring name' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" @@ -1705,7 +1704,7 @@ echo '' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # # >>>> Certificate setup scenario 4' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # # Zowe generated z/OS Keyring and connect to existing certificate' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # certificate:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # # Type of certificate storage. Valid values are: PKCS12, JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' # # Type of certificate storage. Valid values are: PKCS12, JCERACFKS. APIML additionally supports: JCEKS, JCECCAKS, JCECCARACFKS, or JCEHYBRIDRACFKS' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # type: JCERACFKS' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # keyring:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # # **COMMONLY_CUSTOMIZED**' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" @@ -1729,7 +1728,7 @@ echo '' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # # >>>> Certificate setup scenario 5' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # # Zowe generated z/OS Keyring with importing certificate stored in data set' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # certificate:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # # Type of certificate storage. Valid values are: PKCS12, JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' # # Type of certificate storage. Valid values are: PKCS12, JCERACFKS. APIML additionally supports: JCEKS, JCECCAKS, JCECCARACFKS, or JCEHYBRIDRACFKS' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # type: JCERACFKS' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # keyring:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # # **COMMONLY_CUSTOMIZED**' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" @@ -1834,7 +1833,7 @@ echo ' # address bar.' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' externalDomains:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # this should be the domain name to access Zowe APIML Gateway' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" #foreach($externalDomain in ${instance-zowe_externalDomains.split("\n")}) -echo ' - ${externalDomain}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' - ${externalDomain}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" #end echo '' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" @@ -2017,14 +2016,13 @@ echo ' zaas:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' enabled: ${instance-components_zaas_enabled}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' port: ${instance-components_zaas_port}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' debug: ${instance-components_zaas_debug}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo '' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' apiml:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' security:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' auth:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' provider: "$!{instance-components_zaas_apiml_security_auth_provider}"' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' provider: $!{instance-components_zaas_apiml_security_auth_provider}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' zosmf:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' jwtAutoconfiguration: "$!{instance-components_zaas_apiml_security_auth_zosmf_jwtAutoconfiguration}"' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' serviceId: "$!{instance-components_zaas_apiml_security_auth_zosmf_serviceId}"' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' jwtAutoconfiguration: $!{instance-components_zaas_apiml_security_auth_zosmf_jwtAutoconfiguration}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' serviceId: $!{instance-components_zaas_apiml_security_auth_zosmf_serviceId}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' authorization:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' endpoint:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' enabled: ${instance-components_zaas_apiml_security_authorization_endpoint_enabled}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" @@ -2037,14 +2035,13 @@ echo ' zaas:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' enabled: ${instance-components_zaas_enabled}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' port: 7563' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' debug: false' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo '' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' apiml:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' security:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' auth:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' provider: "zosmf"' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' provider: zosmf' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' zosmf:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' jwtAutoconfiguration: "auto"' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' serviceId: "zosmf"' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' jwtAutoconfiguration: auto' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' serviceId: ibmzosmf' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' authorization:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' endpoint:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' enabled: false' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" @@ -2052,7 +2049,6 @@ echo ' provider: ""' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' x509:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' enabled: false' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" #end -echo '' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" #if (${instance-components_api_catalog_enabled} == "true" ) echo ' api-catalog:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" @@ -2091,9 +2087,9 @@ echo ' port: ${instance-components_caching_service_port}' >> "${instance-zowe echo ' debug: ${instance-components_caching_service_debug}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo '' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' storage:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' evictionStrategy: "$!{instance-components_caching_service_storage_evictionStrategy}"' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' evictionStrategy: $!{instance-components_caching_service_storage_evictionStrategy}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # can be inMemory, VSAM, redis or infinispan' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' mode: "$!{instance-components_caching_service_storage_mode}"' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' mode: $!{instance-components_caching_service_storage_mode}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' size: ${instance-components_caching_service_storage_size}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' vsam:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # your VSAM data set created by "zwe init vsam" command or ZWECSVSM JCL' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" @@ -2115,9 +2111,9 @@ echo ' port: 7555' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' debug: false' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo '' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' storage:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' evictionStrategy: "reject"' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' evictionStrategy: reject' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # can be inMemory, VSAM, redis or infinispan' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' mode: "VSAM"' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' mode: VSAM' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' size: 10000' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' vsam:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # your VSAM data set created by "zwe init vsam" command or ZWECSVSM JCL' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" @@ -2156,8 +2152,7 @@ echo ' zss:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" #if (${instance-components_zss_enabled} == "true" ) echo ' enabled: ${instance-components_zss_enabled}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' port: ${instance-components_zss_port}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' crossMemoryServerName: "$!{instance-components_zss_crossMemoryServerName}"' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' tls: ${instance-components_zss_tls}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' crossMemoryServerName: $!{instance-components_zss_crossMemoryServerName}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' agent:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' jwt:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' fallback: ${instance-components_zss_agent_jwt_fallback}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" @@ -2165,8 +2160,7 @@ echo ' fallback: ${instance-components_zss_agent_jwt_fallback}' >> "${ins #if (${instance-components_zss_enabled} == "false" ) echo ' enabled: ${instance-components_zss_enabled}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' port: 7557' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' crossMemoryServerName: "ZWESIS_STD"' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' tls: true' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' crossMemoryServerName: ZWESIS_STD' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' agent:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' jwt:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' fallback: true' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" @@ -2268,6 +2262,8 @@ echo '# sysname: LPR2' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo '' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo '# # These configurations will overwrite highest level default "components" configuration' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo '# components:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo '# zaas:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo '# enabled: false' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo '# gateway:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo '# enabled: false' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo '# discovery:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" From c42d28afcc7c93a4c1944e93b0a3081d9a57b9fd Mon Sep 17 00:00:00 2001 From: mm667937 Date: Thu, 5 Sep 2024 16:38:45 +0200 Subject: [PATCH 2/9] deleted files and jobs api from the config workflow Signed-off-by: mm667937 --- workflows/files/ZWECONF.properties | 5 +- workflows/files/ZWECONF.xml | 145 ++--------------------------- 2 files changed, 14 insertions(+), 136 deletions(-) diff --git a/workflows/files/ZWECONF.properties b/workflows/files/ZWECONF.properties index 010bfa8140..be3f21ddb4 100644 --- a/workflows/files/ZWECONF.properties +++ b/workflows/files/ZWECONF.properties @@ -1,3 +1,6 @@ +#TODO: regenerate + + # zowe_setup_dataset_prefix # Label: Zowe setup MVS prefix # Abstract: Where Zowe MVS data sets will be installed @@ -383,7 +386,7 @@ components_metrics_service_debug=false # Category: components # Description: # Use this option to enable the Zowe Authentication and Authorization Service -components_zaas_enabled=false +components_zaas_enabled=true # components_zaas_port # Label: ZAAS port diff --git a/workflows/files/ZWECONF.xml b/workflows/files/ZWECONF.xml index 70880d5aa6..8333fbe7f5 100644 --- a/workflows/files/ZWECONF.xml +++ b/workflows/files/ZWECONF.xml @@ -565,6 +565,7 @@ How we want to verify SSL certificates of services. Valid values are: + native @@ -825,72 +826,17 @@ How we want to verify SSL certificates of services. Valid values are: true - - - Check this option to enable the jobs API - Check this option to enable the jobs API. + + + Check this to enable 64bit mode + If 64bit mode is disabled 31bit mode will be used. components - false - - - - - Check to get extra debug information from the service - Check to get extra debug information from the service. - components - - - - false - - - - - Port for the Jobs API - Port for the Jobs API - components - - - - 7558 - - - - - Check this option to enable the files API - Check this option to enable the files API. - components - - - - false - - - - - Check to get extra debug information from the service - Check to get extra debug information from the service. - components - - - - false + true - - - Port which will be used by the Files API - Port which will be used by the Files API - components - - - - 7559 - - Check this option to enable the JES explorer @@ -1407,6 +1353,7 @@ How we want to verify SSL certificates of services. Valid values are: + Run this step to specify the values for the ZSS variables 1 z/OS System Programmer @@ -1414,54 +1361,6 @@ How we want to verify SSL certificates of services. Valid values are: false - - Jobs API Variables - Define variables for the Jobs API - - - 1==1 - Always true - - - Skips if the Jobs API wasn't selected - !${instance-components_jobs_api_enabled} - skipped - - - - - - Run this step to define the variables for the Jobs API - 1 - z/OS System Programmer - false - false - - - - Files API Variables - Specify the variables for Files API - - - 1==1 - Always true - - - Skips this step if the Files API wasn't selected - !${instance-components_files_api_enabled} - skipped - - - - - - Run this step to specify the variables for the Files API - 1 - z/OS System Programmer - false - false - - Create configuration @@ -2045,7 +1944,7 @@ echo ' serviceId: ibmzosmf' >> "${instance-zowe_runtimeDirectory}/zow echo ' authorization:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' endpoint:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' enabled: false' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' provider: ""' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' provider: "native"' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' x509:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' enabled: false' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" #end @@ -2156,6 +2055,7 @@ echo ' crossMemoryServerName: $!{instance-components_zss_crossMemoryServerNam echo ' agent:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' jwt:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' fallback: ${instance-components_zss_agent_jwt_fallback}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' 64bit: ${instance-components_zss_agent_64bit}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" #end #if (${instance-components_zss_enabled} == "false" ) echo ' enabled: ${instance-components_zss_enabled}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" @@ -2164,35 +2064,10 @@ echo ' crossMemoryServerName: ZWESIS_STD' >> "${instance-zowe_runtimeDirector echo ' agent:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' jwt:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' fallback: true' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' 64bit: true' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" #end echo '' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -#if (${instance-components_jobs_api_enabled} == "true" ) -echo ' jobs-api:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' enabled: ${instance-components_jobs_api_enabled}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' debug: ${instance-components_jobs_api_debug}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' port: ${instance-components_jobs_api_port}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -#end -#if (${instance-components_jobs_api_enabled} == "false" ) -echo ' jobs-api:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' enabled: ${instance-components_jobs_api_enabled}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' debug: false' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' port: 7558' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -#end -echo '' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -#if (${instance-components_files_api_enabled} == "true" ) -echo ' files-api:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' enabled: ${instance-components_files_api_enabled}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' debug: ${instance-components_files_api_debug}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' port: ${instance-components_files_api_port}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -#end -#if (${instance-components_files_api_enabled} == "false" ) -echo ' files-api:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' enabled: ${instance-components_files_api_enabled}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' debug: false' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' port: 7559' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -#end echo '' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' explorer-jes:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" From 399d742a7bef26db4bade4498218eed71cdb73ce Mon Sep 17 00:00:00 2001 From: MarkAckert Date: Thu, 5 Sep 2024 14:09:51 -0400 Subject: [PATCH 3/9] update zweconf jwtAutoconfigure options Signed-off-by: MarkAckert --- workflows/files/ZWECONF.properties | 2 +- workflows/files/ZWECONF.xml | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/workflows/files/ZWECONF.properties b/workflows/files/ZWECONF.properties index 5859e80dbc..bc2bc2c160 100644 --- a/workflows/files/ZWECONF.properties +++ b/workflows/files/ZWECONF.properties @@ -415,7 +415,7 @@ components_zaas_apiml_security_auth_provider=zosmf # Category: components # Description: # JWT auto configuration for ZAAS (Authentication) -components_zaas_apiml_security_auth_zosmf_jwtAutoconfiguration=auto +components_zaas_apiml_security_auth_zosmf_jwtAutoconfiguration=jwt # components_zaas_apiml_security_auth_zosmf_serviceId # Label: ZAAS APIML - z/OSMF serviceId diff --git a/workflows/files/ZWECONF.xml b/workflows/files/ZWECONF.xml index d6a4a93a84..301e7ad052 100644 --- a/workflows/files/ZWECONF.xml +++ b/workflows/files/ZWECONF.xml @@ -532,7 +532,9 @@ How we want to verify SSL certificates of services. Valid values are: - auto + jwt + ltpa + jwt From 7f0b3f510dab446603b93da7b725bf9c8b0cc251 Mon Sep 17 00:00:00 2001 From: mm667937 Date: Fri, 6 Sep 2024 15:27:17 +0200 Subject: [PATCH 4/9] started with the testing Signed-off-by: mm667937 --- workflows/files/ZWECONF.xml | 58 ++++++++++++++++++++++++++++--------- 1 file changed, 45 insertions(+), 13 deletions(-) diff --git a/workflows/files/ZWECONF.xml b/workflows/files/ZWECONF.xml index 8333fbe7f5..a238470697 100644 --- a/workflows/files/ZWECONF.xml +++ b/workflows/files/ZWECONF.xml @@ -249,21 +249,53 @@ some use cases, like containerization, this port could be different.warn - - - Certificate keystore type (PKCS12, JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS) - Certificate keystore type (PKCS12, JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS) - certificates - + + + Enable on AT-TLS on inbound calls + Enable aware mode of inbound AT-TLS rules of all Zowe components. + network + - PKCS12 - JCEKS - JCECCAKS - JCERACFKS - JCECCARACFKS - JCEHYBRIDRACFKS - PKCS12 + false + + + + + Enable on AT-TLS on outbound calls + Enable aware mode of outbound AT-TLS rules of all Zowe components. + network + + + + false + + + + + TLS mimimum version + + network + + + TLSv1.1 + TLSv1.2 + TLSv1.3 + TLSv1.3 + + + + + TLS maximum version + TLS settings only apply when attls=false. + Else you must use AT-TLS configuration for TLS customization. + certificates + + + TLSv1.1 + TLSv1.2 + TLSv1.3 + TLSv1.3 From 0d08910c0225bad3e26e61a4a1f764ff3f989c0e Mon Sep 17 00:00:00 2001 From: mm667937 Date: Fri, 6 Sep 2024 16:23:55 +0200 Subject: [PATCH 5/9] added network variables Signed-off-by: mm667937 --- workflows/files/ZWECONF.properties | 302 +++++++++++++---------------- workflows/files/ZWECONF.xml | 49 ++++- 2 files changed, 178 insertions(+), 173 deletions(-) diff --git a/workflows/files/ZWECONF.properties b/workflows/files/ZWECONF.properties index 4b03a61aa6..bce9ae7669 100644 --- a/workflows/files/ZWECONF.properties +++ b/workflows/files/ZWECONF.properties @@ -1,6 +1,3 @@ -#TODO: regenerate - - # zowe_setup_dataset_prefix # Label: Zowe setup MVS prefix # Abstract: Where Zowe MVS data sets will be installed @@ -67,10 +64,10 @@ zowe_setup_dataset_authPluginLib=IBMUSER.ZWEV2.CUST.ZWESAPL # zowe_setup_vsam_mode # Label: Zowe setup VSAM mode -# Abstract: VSAM data set with Record-Level-Sharing enabled or not +# Abstract: VSAM data set with Record-Level-Sharing enabled or disabled # Category: components # Description: -# VSAM data set with Record-Level-Sharing enabled or not +# VSAM data set with Record-Level-Sharing enabled or disabled # Choices: NONRLS,RLS zowe_setup_vsam_mode=NONRLS @@ -143,15 +140,15 @@ zowe_job_prefix=ZWE1 # zowe_externalDomains # Label: Zowe external domains -# Abstract: This should be the domain name of your Dynamic VIP Address (DVIPA) +# Abstract: The domain name of your Dynamic VIP Address (DVIPA) # Category: zowe # Description: -# This should be the domain name of your Dynamic VIP Address (DVIPA) +# The domain name of your Dynamic VIP Address (DVIPA) zowe_externalDomains=sample-domain.com # zowe_externalPort # Label: Zowe external port -# Abstract: This is the port you use to access Zowe Gateway from your web browser +# Abstract: The port you use to access Zowe Gateway from your web browser # Category: zowe # Description: # This is the port you use to access Zowe Gateway from your web browser. @@ -177,18 +174,49 @@ zowe_launchScript_logLevel=info # Choices: warn,exit zowe_launchScript_CompConf=warn -# zowe_certificate_keystore_type -# Label: Zowe certificate keystore type -# Abstract: Certificate keystore type (PKCS12, JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS) +# zowe_network_server_attls +# Label: Application Transparent Transport Layer Security for inbound +# Abstract: Enable on AT-TLS on inbound calls +# Category: network +# Description: +# Enable aware mode of inbound AT-TLS rules of all Zowe components. +zowe_network_server_attls=false + +# zowe_network_client_attls +# Label: Application Transparent Transport Layer Security for outbound +# Abstract: Enable on AT-TLS on outbound calls +# Category: network +# Description: +# Enable aware mode of outbound AT-TLS rules of all Zowe components. +zowe_network_client_attls=false + +# zowe_network_server_tls_min +# Label: Transport Layer Security - min version +# Abstract: TLS minimum version +# Category: network +# Description: +# The default configuration of the minimal version of a security transport protocol for inbound calls. +# TLS settings only apply when attls=false. +# Else you must use AT-TLS configuration for TLS customization. +# +# Choices: TLSv1.1,TLSv1.2,TLSv1.3 +zowe_network_server_tls_min=TLSv1.2 + +# zowe_network_server_tls_max +# Label: Transport Layer Security - max version +# Abstract: TLS maximum version # Category: certificates # Description: -# Certificate keystore type (PKCS12, JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS) -# Choices: PKCS12,JCEKS,JCECCAKS,JCERACFKS,JCECCARACFKS,JCEHYBRIDRACFKS -zowe_certificate_keystore_type=PKCS12 +# The default configuration of the maximum version of a security transport protocol for inbound calls. +# TLS settings only apply when attls=false. +# Else you must use AT-TLS configuration for TLS customization. +# +# Choices: TLSv1.1,TLSv1.2,TLSv1.3 +zowe_network_server_tls_max=TLSv1.3 # zowe_certificate_keystore_file # Label: Zowe certificate keystore file -# Abstract: Zowe certificate keystore file. In case of keyring the format is "safkeyring://OWNER/KEYRING". +# Abstract: Zowe certificate keystore file. For keyring, the format is "safkeyring://OWNER/KEYRING". # Category: certificates # Description: # Zowe certificate keystore file @@ -221,7 +249,7 @@ zowe_certificate_truststore_type=PKCS12 # zowe_certificate_truststore_file # Label: Zowe certificate truststore file -# Abstract: File location for the certificate truststore. Keyring is in the format "safkeyring://OWNER/KEYRING". +# Abstract: File location for cert truststore. For keyring, the format is "safkeyring://OWNER/KEYRING" # Category: certificates # Description: # File location for the certificate truststore @@ -309,19 +337,19 @@ zOSMF_port=443 zOSMF_applId=IZUDFLT # components_gateway_enabled -# Label: Enable gateway -# Abstract: Should the APIML gateway be enabled? +# Label: Enable the gateway +# Abstract: Check this option to enable the gateway # Category: components # Description: -# Should the APIML gateway be enabled? +# Check this option to enable the gateway components_gateway_enabled=true # components_gateway_port # Label: Gateway port -# Abstract: Port for the APIML gateway +# Abstract: Port for the API ML gateway # Category: components # Description: -# Port for the APIML gateway +# Port for the API ML gateway components_gateway_port=7554 # components_gateway_debug @@ -332,156 +360,132 @@ components_gateway_port=7554 # Switch on the debug mode for the gateway components_gateway_debug=false -# components_gateway_apiml_security_authorization_endpoint_enabled -# Label: Enable gateway APIML security authorization endpoint -# Abstract: Use this to enable the security authorization endpoint -# Category: components -# Description: -# Use this to enable the security authorization endpoint -components_gateway_apiml_security_authorization_endpoint_enabled=false - -# components_gateway_apiml_security_authorization_provider -# Label: Gateway APIML security authorization provider -# Abstract: Security authorization provider for the gateway -# Category: components -# Description: -# Security authorization provider for the gateway -components_gateway_apiml_security_authorization_provider= - -# components_gateway_apiml_security_x509_enabled -# Label: Enable gateway APIML security x509 -# Abstract: Check to enable the gateway security x509 -# Category: components -# Description: -# Check to enable the gateway security x509 -components_gateway_apiml_security_x509_enabled=false - -# components_metrics_service_enabled -# Label: Enable metrics service -# Abstract: Use this option to enable the metrics seervice -# Category: components -# Description: -# Use this option to enable the metrics seervice -components_metrics_service_enabled=false - -# components_metrics_service_port -# Label: Metrics service port -# Abstract: Port for the metrics service -# Category: components -# Description: -# Port for the metrics service -components_metrics_service_port=7551 - -# components_metrics_service_debug -# Label: Metrics service debug -# Abstract: Check this value to get additional debugging -# Category: components -# Description: -# Check this value to get additional debugging -components_metrics_service_debug=false - # components_zaas_enabled # Label: Enable ZAAS -# Abstract: Use this option to enable the Zowe Authentication and Authorization Service +# Abstract: Should the APIML ZAAS be enabled? # Category: components # Description: -# Use this option to enable the Zowe Authentication and Authorization Service +# Should the APIML ZAAS be enabled? components_zaas_enabled=true # components_zaas_port # Label: ZAAS port -# Abstract: Port for ZAAS +# Abstract: Port for the APIML ZAAS # Category: components # Description: -# Port for ZAAS +# Port for the APIML ZAAS components_zaas_port=7563 # components_zaas_debug # Label: ZAAS debug -# Abstract: Check this value to get additional debugging +# Abstract: Switch on the debug mode for the ZAAS # Category: components # Description: -# Check this value to get additional debugging +# Switch on the debug mode for the ZAAS components_zaas_debug=false # components_zaas_apiml_security_auth_provider # Label: ZAAS APIML security auth provider -# Abstract: Authentication provider for ZAAS +# Abstract: Authorization provider for the ZAAS # Category: components # Description: -# Authentication provider for the gateway +# Authorization provider for the ZAAS components_zaas_apiml_security_auth_provider=zosmf # components_zaas_apiml_security_auth_zosmf_jwtAutoconfiguration # Label: ZAAS APIML security auth z/OSMF jwtAutoconfiguration -# Abstract: JWT auto configuration for ZAAS (Authentication) +# Abstract: JWT auto configuration for gateway security auth # Category: components # Description: -# JWT auto configuration for ZAAS (Authentication) +# JWT auto configuration for gateway security auth components_zaas_apiml_security_auth_zosmf_jwtAutoconfiguration=auto # components_zaas_apiml_security_auth_zosmf_serviceId -# Label: ZAAS APIML - z/OSMF serviceId -# Abstract: Service ID for ZAAS (Authentication) +# Label: ZAAS APIML security auth z/OSMF serviceId +# Abstract: Service ID for ZAAS security auth # Category: components # Description: -# Service ID for ZAAS (Authentication) +# Service ID for ZAAS security auth components_zaas_apiml_security_auth_zosmf_serviceId=ibmzosmf +# components_zaas_apiml_security_authorization_endpoint_enabled +# Label: Enable ZAAS APIML security authorization endpoint +# Abstract: Use this to enable the security authorization endpoint +# Category: components +# Description: +# Use this to enable the security authorization endpoint +components_zaas_apiml_security_authorization_endpoint_enabled=false + +# components_zaas_apiml_security_authorization_provider +# Label: ZAAS APIML security authorization provider +# Abstract: Security authorization provider for the ZAAS +# Category: components +# Description: +# Security authorization provider for the ZAAS +components_zaas_apiml_security_authorization_provider=native + +# components_zaas_apiml_security_x509_enabled +# Label: Enable ZAAS APIML security x509 +# Abstract: Check to enable the ZAAS security x509 +# Category: components +# Description: +# Check to enable the ZAAS security x509 +components_zaas_apiml_security_x509_enabled=false + # components_api_catalog_enabled -# Label: Enable API catalog -# Abstract: Use this option to enable the API catalog +# Label: Enable API Catalog +# Abstract: Check this option to enable the API Catalog # Category: components # Description: -# Use this option to enable the API catalog +# Check this option to enable the API Catalog components_api_catalog_enabled=true # components_api_catalog_port # Label: API catalog port -# Abstract: Port on which the API catalog should be running. +# Abstract: Port on which the API Catalog should be running. # Category: components # Description: -# Port on which the API catalog should be running. +# Port on which the API Catalog should be running. components_api_catalog_port=7552 # components_api_catalog_debug # Label: API catalog debug -# Abstract: Extra debugging information from API catalog. +# Abstract: Extra debugging information from API Catalog. # Category: components # Description: -# Extra debugging information from API catalog. +# Extra debugging information from API Catalog. components_api_catalog_debug=false # components_discovery_enabled -# Label: Enable discovery -# Abstract: Should the automatic discovery be enabled? +# Label: Enable the Discovery service +# Abstract: Check this option to enable the Discovery service # Category: components # Description: -# Should the automatic discovery be enabled? +# Check this option to enable the Discovery service components_discovery_enabled=true # components_discovery_port # Label: Discovery port -# Abstract: Port on which the discovery service should be running +# Abstract: Port on which the Discovery service should be running # Category: components # Description: -# Port on which the discovery service should be running +# Port on which the Discovery service should be running components_discovery_port=7553 # components_discovery_debug # Label: Discovery debug -# Abstract: Should there be extra debugging information? +# Abstract: Check this option to include extra debugging information # Category: components # Description: -# Should there be extra debugging information? +# Check this option to include extra debugging information components_discovery_debug=false # components_caching_service_enabled -# Label: Enable caching service -# Abstract: Check to enable the caching service +# Label: Enable the Caching service +# Abstract: Check this option to enable the Caching service # Category: components # Description: -# Check to enable the caching service +# Check this option to enable the Caching service components_caching_service_enabled=true # components_caching_service_port @@ -502,7 +506,7 @@ components_caching_service_debug=false # components_caching_service_storage_evictionStrategy # Label: Caching service storage eviction strategy -# Abstract: Specifies the eviction strategy when storage size is achieved. +# Abstract: Specifies the eviction strategy when storage size is achieved # Category: components # Description: # Specifies the eviction strategy when storage size is achieved. @@ -514,16 +518,16 @@ components_caching_service_storage_evictionStrategy=reject # Abstract: Specifies the components caching service storage mode # Category: components # Description: -# Specifies the components caching service storage mode +# Specifies the components caching service storage mode. # Choices: inMemory,redis,infinispan,VSAM -components_caching_service_storage_mode=VSAM +components_caching_service_storage_mode=infinispan # components_caching_service_storage_size # Label: Caching service storage size # Abstract: Number of records before the eviction strategies kick in # Category: components # Description: -# Number of records before the eviction strategies kick in +# Number of records before the eviction strategies kick in. components_caching_service_storage_size=10000 # components_caching_service_storage_vsam_name @@ -547,23 +551,23 @@ components_caching_service_storage_infinispan_jgroups_port=7600 # Abstract: Host for jgroups # Category: components # Description: -# Host for jgroups +# Host for jgroups. Default value is the same as Zowe host and it is used if storage mode is infinispan. components_caching_service_storage_infinispan_jgroups_host= # components_caching_service_storage_infinispan_jgroups_keyExchange_port -# Label: Caching service storage jgroups key exchange port -# Abstract: Port for jgroups key exchang +# Label: Caching service storage jgroups keyExchange port +# Abstract: Port for jgroups key exchange # Category: components # Description: # Port for jgroups key exchange. This is required if storage mode is infinispan. components_caching_service_storage_infinispan_jgroups_keyExchange_port=7601 # components_app_server_enabled -# Label: Enable app server +# Label: Enable the app server # Abstract: Check this option to enable the app server # Category: components # Description: -# Check this option to enable the app server +# Check this option to enable the app server. components_app_server_enabled=true # components_app_server_debug @@ -571,7 +575,7 @@ components_app_server_enabled=true # Abstract: Check to get extra debug information from the service # Category: components # Description: -# Check to get extra debug information from the service +# Check to get extra debug information from the service. components_app_server_debug=false # components_app_server_port @@ -584,10 +588,10 @@ components_app_server_port=7556 # components_zss_enabled # Label: Enable ZSS -# Abstract: Check this option to enable the ZSS component +# Abstract: Check this option to enable ZSS # Category: components # Description: -# Check this option to enable the ZSS component +# Check this option to enable ZSS components_zss_enabled=true # components_zss_port @@ -622,84 +626,44 @@ components_zss_tls=true # If fallback is enabled, the agent issues and accepts cookies from itself in the event a JWT cannot be provided. components_zss_agent_jwt_fallback=true -# components_jobs_api_enabled -# Label: Enable jobs API -# Abstract: Check this option to enable the jobs API -# Category: components -# Description: -# Check this option to enable the jobs API -components_jobs_api_enabled=false - -# components_jobs_api_debug -# Label: Jobs API debug -# Abstract: Check to get extra debug information from the service -# Category: components -# Description: -# Check to get extra debug information from the service -components_jobs_api_debug=false - -# components_jobs_api_port -# Label: Jobs API port -# Abstract: Port for the Jobs API -# Category: components -# Description: -# Port for the Jobs API -components_jobs_api_port=7558 - -# components_files_api_enabled -# Label: Enable files API -# Abstract: Check this option to enable the files API -# Category: components -# Description: -# Check this option to enable the files API -components_files_api_enabled=false - -# components_files_api_debug -# Label: Files API debug -# Abstract: Check to get extra debug information from the service +# components_zss_agent_64bit +# Label: ZSS 64bit +# Abstract: Check this to enable 64bit mode # Category: components # Description: -# Check to get extra debug information from the service -components_files_api_debug=false - -# components_files_api_port -# Label: Files API port -# Abstract: Port which will be used by the Files API -# Category: components -# Description: -# Port which will be used by the Files API -components_files_api_port=7559 +# If 64bit mode is disabled 31bit mode will be used. +components_zss_agent_64bit=true # components_explorer_jes_enabled # Label: Enable explorer JES -# Abstract: Check this to enable the JES explorer +# Abstract: Check this option to enable the JES explorer # Category: components # Description: -# Check this to enable the JES explorer +# Check this option to enable the JES explorer. components_explorer_jes_enabled=true # components_explorer_mvs_enabled # Label: Enable explorer MVS -# Abstract: Check this option to enable MVS explorer +# Abstract: Check this option to enable the MVS explorer # Category: components # Description: -# Check this option to enable MVS explorer +# Check this option to enable the MVS explorer. components_explorer_mvs_enabled=true # components_explorer_uss_enabled # Label: Enable explorer USS -# Abstract: Check this option to enable USS explorer +# Abstract: Check this option to enable the USS explorer # Category: components # Description: -# Check this option to enable USS explorer +# Check this option to enable the USS explorer. components_explorer_uss_enabled=true # useconfig_manager_enabled # Label: Enable Zowe configuration manager -# Abstract: Should Zowe configuration manager be enabled? +# Abstract: Check this option to enable Zowe configuration manager # Category: configManager # Description: -# Should Zowe configuration manager be enabled? +# Check this option to enable Zowe configuration manager. useconfig_manager_enabled=true # config_manager_validation @@ -799,3 +763,13 @@ zowe_setup_security_stcs_zis=ZWESISTC # Description: # STC name of Auxiliary Service zowe_setup_security_stcs_aux=ZWESASTC + +# zowe_setup_installStep_enabled +# Label: Install the MVS data sets +# Abstract: Check to enable this run step with the zwe install command. For convenience build only. +# Category: installMVSDatasets +# Description: +# Check this option to enable the optional workflow step with zwe install command. After Zowe convenience build is extracted, +# you can enable this flag to run the zwe install command to install MVS data sets within this workflow run. +# This option is for convenience build only. SMP/E installs the MVS data sets during installation. +zowe_setup_installStep_enabled=false \ No newline at end of file diff --git a/workflows/files/ZWECONF.xml b/workflows/files/ZWECONF.xml index 108dfe3224..7a99e40ae0 100644 --- a/workflows/files/ZWECONF.xml +++ b/workflows/files/ZWECONF.xml @@ -271,24 +271,29 @@ some use cases, like containerization, this port could be different.false - - - TLS mimimum version - + + + TLS minimum version + The default configuration of the minimal version of a security transport protocol for inbound calls. + TLS settings only apply when attls=false. + Else you must use AT-TLS configuration for TLS customization. + network TLSv1.1 TLSv1.2 TLSv1.3 - TLSv1.3 + TLSv1.2 - - + + TLS maximum version - TLS settings only apply when attls=false. - Else you must use AT-TLS configuration for TLS customization. + The default configuration of the maximum version of a security transport protocol for inbound calls. + TLS settings only apply when attls=false. + Else you must use AT-TLS configuration for TLS customization. + certificates @@ -1118,6 +1123,10 @@ How we want to verify SSL certificates of services. Valid values are: + + + + @@ -1795,6 +1804,28 @@ echo ' # some use cases, like containerization, this port could be different.' echo ' externalPort: ${instance-zowe_externalPort}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo '' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' #' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' # In this section, behavior such as which TLS levels, ciphers should be used, and if native TLS versus AT-TLS should be used.' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' # See the schema for options.' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' #' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' # This section applies to all components that support it.' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' # So far: "zss" and "app-server"' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' #' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' # This section can be overridden per-component by placing it' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' # Under a "zowe" subsection of a component, as in "components.zss.zowe.network"' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' network:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' server:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' tls:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' attls: ${instance-zowe_network_server_attls}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' # TLS settings only apply when attls=false' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' # Else you must use AT-TLS configuration for TLS customization.' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' minTls: "${instance-zowe_server_tls_min}"' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' maxTls: "${instance-zowe_server_tls_max}"' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' client:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' tls:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' attls: ${instance-zowe_network_client_attls}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo '' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # You can un-comment and define any extra environment variables as key/value' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # pairs here.' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # environments:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" From 5839bfad249d266c6e77eac023530204de228740 Mon Sep 17 00:00:00 2001 From: mm667937 Date: Fri, 6 Sep 2024 18:07:10 +0200 Subject: [PATCH 6/9] deleted a variable by mistake Signed-off-by: mm667937 --- workflows/files/ZWECONF.properties | 9 +++++++++ workflows/files/ZWECONF.xml | 17 +++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/workflows/files/ZWECONF.properties b/workflows/files/ZWECONF.properties index bce9ae7669..3bc1d1fdd9 100644 --- a/workflows/files/ZWECONF.properties +++ b/workflows/files/ZWECONF.properties @@ -214,6 +214,15 @@ zowe_network_server_tls_min=TLSv1.2 # Choices: TLSv1.1,TLSv1.2,TLSv1.3 zowe_network_server_tls_max=TLSv1.3 +# zowe_certificate_keystore_type +# Label: Zowe certificate keystore type +# Abstract: Certificate keystore type (PKCS12, JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS) +# Category: certificates +# Description: +# Certificate keystore type (PKCS12, JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS) +# Choices: PKCS12,JCEKS,JCECCAKS,JCERACFKS,JCECCARACFKS,JCEHYBRIDRACFKS +zowe_certificate_keystore_type=PKCS12 + # zowe_certificate_keystore_file # Label: Zowe certificate keystore file # Abstract: Zowe certificate keystore file. For keyring, the format is "safkeyring://OWNER/KEYRING". diff --git a/workflows/files/ZWECONF.xml b/workflows/files/ZWECONF.xml index 7a99e40ae0..0d96e9f27b 100644 --- a/workflows/files/ZWECONF.xml +++ b/workflows/files/ZWECONF.xml @@ -303,6 +303,23 @@ some use cases, like containerization, this port could be different.TLSv1.3 + + + Certificate keystore type (PKCS12, JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS) + Certificate keystore type (PKCS12, JCEKS, JCECCAKS, JCERACFKS, JCECCARACFKS, or JCEHYBRIDRACFKS) + certificates + + + + PKCS12 + JCEKS + JCECCAKS + JCERACFKS + JCECCARACFKS + JCEHYBRIDRACFKS + PKCS12 + + Zowe certificate keystore file. For keyring, the format is "safkeyring://OWNER/KEYRING". From 5c546b7a7fc85055a2bb3936479e28d3de9e73b7 Mon Sep 17 00:00:00 2001 From: mm667937 Date: Mon, 9 Sep 2024 09:29:24 +0200 Subject: [PATCH 7/9] wrong variable Signed-off-by: mm667937 --- workflows/files/ZWECONF.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/workflows/files/ZWECONF.xml b/workflows/files/ZWECONF.xml index 0d96e9f27b..4146ca1d69 100644 --- a/workflows/files/ZWECONF.xml +++ b/workflows/files/ZWECONF.xml @@ -1836,8 +1836,8 @@ echo ' tls:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' attls: ${instance-zowe_network_server_attls}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # TLS settings only apply when attls=false' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # Else you must use AT-TLS configuration for TLS customization.' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' minTls: "${instance-zowe_server_tls_min}"' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' maxTls: "${instance-zowe_server_tls_max}"' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' minTls: "${instance-zowe_network_server_tls_min}"' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' maxTls: "${instance-zowe_network_server_tls_max}"' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' client:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' tls:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' attls: ${instance-zowe_network_client_attls}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" From 313f2e89cb16db609de7c6bf79a2ebaf799a677a Mon Sep 17 00:00:00 2001 From: mm667937 Date: Mon, 9 Sep 2024 11:29:15 +0200 Subject: [PATCH 8/9] deleted unused variable and more yaml improvements Signed-off-by: mm667937 --- workflows/files/ZWECONF.properties | 10 +--------- workflows/files/ZWECONF.xml | 30 +++++++++++------------------- 2 files changed, 12 insertions(+), 28 deletions(-) diff --git a/workflows/files/ZWECONF.properties b/workflows/files/ZWECONF.properties index 3bc1d1fdd9..921d099fda 100644 --- a/workflows/files/ZWECONF.properties +++ b/workflows/files/ZWECONF.properties @@ -531,14 +531,6 @@ components_caching_service_storage_evictionStrategy=reject # Choices: inMemory,redis,infinispan,VSAM components_caching_service_storage_mode=infinispan -# components_caching_service_storage_size -# Label: Caching service storage size -# Abstract: Number of records before the eviction strategies kick in -# Category: components -# Description: -# Number of records before the eviction strategies kick in. -components_caching_service_storage_size=10000 - # components_caching_service_storage_vsam_name # Label: Caching service storage VSAM name # Abstract: VSAM name of the storage @@ -781,4 +773,4 @@ zowe_setup_security_stcs_aux=ZWESASTC # Check this option to enable the optional workflow step with zwe install command. After Zowe convenience build is extracted, # you can enable this flag to run the zwe install command to install MVS data sets within this workflow run. # This option is for convenience build only. SMP/E installs the MVS data sets during installation. -zowe_setup_installStep_enabled=false \ No newline at end of file +zowe_setup_installStep_enabled=false diff --git a/workflows/files/ZWECONF.xml b/workflows/files/ZWECONF.xml index 4146ca1d69..7570175e2d 100644 --- a/workflows/files/ZWECONF.xml +++ b/workflows/files/ZWECONF.xml @@ -760,17 +760,6 @@ How we want to verify SSL certificates of services. Valid values are: infinispan - - - Number of records before the eviction strategies kick in - Number of records before the eviction strategies kick in. - components - - - - 10000 - - VSAM name of the storage @@ -1317,7 +1306,6 @@ How we want to verify SSL certificates of services. Valid values are: - Run this step to specify the variables for the Caching Service 1 z/OS System Programmer @@ -2087,25 +2075,28 @@ echo ' debug: ${instance-components_caching_service_debug}' >> "${instance-zo echo '' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' storage:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' evictionStrategy: $!{instance-components_caching_service_storage_evictionStrategy}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # can be inMemory, VSAM, redis or infinispan' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' # can be infinispan, inMemory, redis or VSAM(deprecated)' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' mode: $!{instance-components_caching_service_storage_mode}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' size: ${instance-components_caching_service_storage_size}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +#if (${instance-components_caching_service_storage_mode} == "VSAM" ) echo ' vsam:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # your VSAM data set created by "zwe init vsam" command or ZWECSVSM JCL' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # this is required if storage mode is VSAM' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' name: "$!{instance-components_caching_service_storage_vsam_name}"' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +#end echo ' infinispan:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # this is required if storage mode is infinispan' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' jgroups:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" #if (${instance-components_caching_service_storage_mode} == "infinispan" ) echo ' port: ${instance-components_caching_service_storage_infinispan_jgroups_port}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +#if ($!{instance-components_caching_service_storage_infinispan_jgroups_host} and ${instance-components_caching_service_storage_infinispan_jgroups_host} != "" ) echo ' host: ${instance-components_caching_service_storage_infinispan_jgroups_host}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' keyExchange: ' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +#end +echo ' keyExchange:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' port: ${instance-components_caching_service_storage_infinispan_jgroups_keyExchange_port}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" #else echo ' port: 7600' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' host: ' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' keyExchange: ' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' host:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' keyExchange:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' port: 7601' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" #end #end @@ -2128,6 +2119,9 @@ echo ' infinispan:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # this is required if storage mode is infinispan' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' jgroups:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' port: 7600' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' host:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' keyExchange:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' port: 7601' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" #end echo '' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" @@ -2174,8 +2168,6 @@ echo ' 64bit: true' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" #end echo '' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo '' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' explorer-jes:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' enabled: ${instance-components_explorer_jes_enabled}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo '' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" From 5e038c35f658871d52f5530a10814e7af922e1a1 Mon Sep 17 00:00:00 2001 From: mm667937 Date: Fri, 13 Sep 2024 10:55:19 +0200 Subject: [PATCH 9/9] enabled workflow tests Signed-off-by: mm667937 --- pswi/05_test.sh | 14 +++++++------- pswi/scripts/wf_run_test.sh | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/pswi/05_test.sh b/pswi/05_test.sh index 5d50e2f245..7f703b4b15 100644 --- a/pswi/05_test.sh +++ b/pswi/05_test.sh @@ -77,10 +77,10 @@ echo "Mounting ${TEST_HLQ}.ZFS" sh scripts/tmp_mounts.sh "${TEST_HLQ}.ZFS" "${TEST_MOUNT}" if [ $? -gt 0 ]; then exit -1; fi -# echo "Registering/testing the configuration workflow ${TEST_HLQ}.WORKFLOW(ZWECONF)" -# sh scripts/wf_run_test.sh "${TEST_HLQ}.WORKFLOW(ZWECONF)" -# if [ $? -gt 0 ];then exit -1;fi -# -# echo "Registering/testing the configuration workflow ${TEST_MOUNT}/content/files/workflows/ZWECONF.xml" -# sh scripts/wf_run_test.sh "${TEST_MOUNT}/files/workflows/ZWECONF.xml" -# if [ $? -gt 0 ];then exit -1;fi +echo "Registering/testing the configuration workflow ${TEST_HLQ}.WORKFLOW(ZWECONF)" +sh scripts/wf_run_test.sh "${TEST_HLQ}.WORKFLOW(ZWECONF)" +if [ $? -gt 0 ];then exit -1;fi + +echo "Registering/testing the configuration workflow ${TEST_MOUNT}/content/files/workflows/ZWECONF.xml" +sh scripts/wf_run_test.sh "${TEST_MOUNT}/files/workflows/ZWECONF.xml" +if [ $? -gt 0 ];then exit -1;fi diff --git a/pswi/scripts/wf_run_test.sh b/pswi/scripts/wf_run_test.sh index 5987aeef41..6cc05b8246 100755 --- a/pswi/scripts/wf_run_test.sh +++ b/pswi/scripts/wf_run_test.sh @@ -13,7 +13,7 @@ echo "Port :" $ZOSMF_PORT echo "z/OSMF system :" $ZOSMF_SYSTEM echo "Workflow definition file :" $WF_DEF_FILE -WF_NAME="Testing workflows" +WF_NAME="Testing_workflows" # URLs CREATE_WF_URL="${BASE_URL}/zosmf/workflow/rest/1.0/workflows" WF_LIST_URL="${BASE_URL}/zosmf/workflow/rest/1.0/workflows?owner=${ZOSMF_USER}&workflowName=${WF_NAME}"