Front cover IBM System z Personal Development Tool Volume 3 Additional Topics System z Development Tool Full z/OS usage Linux base Bill Ogden ibm.
.
International Technical Support Organization IBM System z Personal Development Tool: Volume 3 Additional Topics June 2013 SG24-7723-05
Note: Before using this information and the product it supports, read the information in “Notices” on page vii. Sixth Edition (June 2013) This edition applies to the IBM 1090 (also known as zPDT) release that is available at the time of publication. © Copyright International Business Machines Corporation 2009, 2013. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Contents Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix The author . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.8 Moving 3390 volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.8.1 Create a source dump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.8.2 Send dump to Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.8.3 Receive dump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.8.4 Standalone restore . .
8.5 Linux monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Chapter 9. Linux for System z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Chapter 10. LAN notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.1 OSA CHPIDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.
14.4.4 Resetting everything . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 14.4.5 SafeNet module restarts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 14.5 Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 Chapter 15. Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15.1 VMWare .
Notices This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used.
Trademarks IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. These and other IBM trademarked terms are marked on their first occurrence in this information with the appropriate symbol (® or ™), indicating US registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries.
Preface This IBM® Redbooks® publication introduces the IBM System z® Personal Development Tool (zPDT), which runs on an underlying Linux system based on an Intel processor. zPDT provides a System z system on a PC capable of running current System z operating systems, including emulation of selected System z I/O devices and control units. It is intended as a development, demonstration, and learning platform; it is not designed as a production system.
Find out more about the residency program, browse the residency index, and apply online at: ibm.com/redbooks/residencies.html Comments welcome Your comments are important to us! We want our books to be as helpful as possible. Send us your comments about this book or other IBM Redbooks publications in one of the following ways: Use the online Contact us review Redbooks form found at: ibm.com/redbooks Send your comments in an e-mail to: redbooks@us.ibm.
1 Chapter 1. General usage This chapter contains a variety of topics, in no particular order. This information is not required for basic 1090 operation but it is helpful for better understanding the 1090 and for more advanced uses. © Copyright IBM Corp. 2009, 2013. All rights reserved.
1.1 Token dates and times The 1090 and 1091 tokens remember the latest date and time that it sees from the underlying Linux system. It uses the Linux “software clock” for this purpose, without any time zone adjustment. The token must never see the date or time move backwards. If this happens, a time cheat message is produced and zPDT does not start.
1.3 Sparse files Earlier releases of zPDT (and the alcckd utility, in particular) created Linux sparse files. A sparse file typically has a larger logical size than physical size. In a sparse file, only the disk sectors that are changed are actually stored on disk. Other sectors logically contain zeros but do not occupy space on the disk. Starting with release E41.33 (known as “GA 2.2”) alcckd no longer creates sparse files.
SecureUpdateUtility command as root. The parameters for zpdtSecureUpdate are the same as for SecureUpdateUtility. 4. Select a userid (not root) who will be allowed to use the clientconfig command and issue the following command as root: # clientconfig_authority -a A userid may be removed from the authorized list by using a -d flag instead of -a. 5. Thereafter the indicated userid can use the clientconfig command. As a practical matter, the same userid may be selected for both functions.
and change 7002 to 0) # ./loadserv restart 1.4.5 License server controls A number of controls are available to manage access to a remote zPDT license server. These are explained in “Security” on page 153. 1.5 z1090instcheck The z1090instcheck command should be run after the zPDT software is installed and Linux configuration changes are completed. It should be run again after any Linux updates. Here is an example of the output from z1090instcheck: 1. SUSE os level at 11.
value shown is typical of a 64-bit Linux distribution. However, some distributions have this number set much smaller and you may receive a warning message for this line. Line 4 (msgmni) is appropriate for a reasonable number of zPDT I/O devices. See 1.13, “Devices, memory, msgmni, ulimit” on page 12 for more information. Lines 5 and 6 are needed for OSA operation. The exact values are not important but should be larger than the default sizes in most distributions.
underlying system, and this process has multiple threads.3 One thread is used for the primary operation of the CP. Other threads may help prepare System z instructions for the primary thread. If multiple processors (cores) are available on the underlying system, then multiple threads of a CP process may run in parallel. Stated another way, multiple PC cores might contribute to the operation of a single CP, resulting in CP performance better than what could be produced by a single PC processor core.
1090: CP 1090: CP CP PC core PC core One 1090 instance. One CP defined. 1090: CP 1090: CP 1090: CP PC core PC core Invalid. More CPs in one Two instances. Valid instance than cores. but underpowered. PC core One instance. SMP. PC core PC core 1090: CP zIIP PC core 1090: CP PC core Two instances, including one SMP (A zIIP counts as a CP). 1090: CP CP zAAP PC core Three instances. Valid but severely underpowered. Not supported in Version 1 Release 3 or later.
enabled. Only one restore version is possible for changed volumes. That is, multiple concurrent generations of versions are not possible.
AWSINF013I AWSINF012I Action: AWSINF013I Informational message only. No corrective action needed but AWSINF013I if errors are present the DEVMAP cannot be used to start system. All message numbers are in the form of AWScccnnns, where: ccc is the component code issuing the message. nnn is the message number within the component. s is the message severity (Debug, Information, Warning, Error, Severe, Terminal) The message code specified on the msgInfo command can omit the AWS prefix and the severity code.
Freespace Before: 0.0 MB New Size : 95393.0 MB Free Space After: <--change to 30000 This changed the Windows partition to 30 GB, which would still provide over 18 GB of free space within the partition. The operation took several minutes and we received error messages during the operation: Error #1627 Upcase table incorrect, File 10 (128) Continue Error #1627 Upcase table incorrect, File 10 (128) Continue The errors did not appear to create a problem.
initrd ... ... title Windows ... title Failsafe -- SUSE Linux ... Change the default number to 1 if you want to boot Windows by default. Change the timeout value (which is in seconds) to a larger number if you want more time to make the selection after booting the PC. Later Linux distributions have slightly changed the /boot partition and the menu.lst file (or equivalent) may have moved. 1.
There is also an interaction between the number of emulated I/O devices and the kernel.msgmni value. Our installation instructions set this value to 512, which is suitable for smaller systems. If you have more than, say, 64 emulated I/O devices defined in a devmap, then use the following formula: kernel.msgmni = (350 + 3 * number-of-I/O-devices) This is not an exact formula, but it should produce safe values.
14 IBM System z Personal Development Tool: Volume 3 Additional Topics
2 Chapter 2. Tapes (SCSI and awstape) Tape drive usage (for real SCSI tape drives and for emulated tape drives using awstape formats) is important to many developers. The 1090 offers a number of options in this area. © Copyright IBM Corp. 2009, 2013. All rights reserved.
2.1 SCSI tape drives In general, zPDT supports the use of SCSI tape drives. However, not all SCSI tape drives may be usable. The usability depends on the exact tape drive model, the firmware level, the firmware options selected, and the exact SCSI adapter (and firmware level) that is used. IBM has tested a number of tape drives, but cannot guarantee that your tape drive will work. We strongly suggest that you work with your zPDT supplier to understand your SCSI tape drive circumstances.
tape utility functions, such as scsi2tape, tape2scsi, and also by Linux utilities such as tar and mt. The /dev/stN and /dev/nstN interfaces are not used with the awsscsi device manager. The /dev/sgN devices are general SCSI devices and the awsscsi device manager uses the /dev/sgN interfaces.3 Unfortunately, the N value for a given device is typically not the same in the stN and the sgN forms.
The method of modifying Linux boot functions differs with different Linux distributions. For example, we might change /etc/rc.local, or /etc/rc.d/rc.local, or /etc/init.d/boot.local, or some other file, depending on the exact Linux distribution. We can easily make a general change for stN and nstN devices, but we cannot easily make a general change for sgN devices.
2.2.1 Specific hardware tested IBM testing involved the following SCSI drives: IBM 3592-E05 TS1120 fibre channel attached SCSI tape drive. The drive was at firmware level 1C91, as determined by the itdtinst1.2LinuxX86 and itdtinst4.1.0.026LinuxX86_64 tools from IBM. Fujitsu M2488E parallel SCSI tape drives, whose media cartridge is compatible with IBM 3480 and 3490 drives. These drives were at firmware level 7.C.01 or 7.xG.01 as determined through the drives control panel.
The following Linux commands were used to set def_reserved_size to 65536: $ su (change to root) # rmmod sg (removes the sg module) # /sbin/modprobe sg def_reserved_size=65536 (loads the sg module with the default reserved size up to 64k) # cat /proc/scsi/sg/def_reserved_size (displays the current setting for def_reserved_size) # exit (leave root) This change allowed both cards to use 64k reserved buffer size for data transfers. Note that these commands do not make a permanent change.
$ card2tape -a /tmp/myLinux.xyz /z/tape01 force translate ASCII to EBCDIC The tape2tape command copies an emulated tape volume (awstape file in Linux) to another emulated tape volume (another awstape file in Linux): $ tape2tape /tmp/old.tape /z/new.tape $ tape2tape -i -s /tmp/old.tape scan and summarize tape content $ tape2tape -c /tmp/old.tape /mine/new.tape copy and compress The -s flag (scan flag) prevents creation of an output file. The -i flag displays a summary of the contents of the input tape.
22 IBM System z Personal Development Tool: Volume 3 Additional Topics
3 Chapter 3. z/OS notes This chapter is not intended as a general z/OS guide, or as a guide to the AD-CD systems. However, a few common questions or problems are discussed here. © Copyright IBM Corp. 2009, 2013. All rights reserved.
3.1 IEBCOPY problems A new version of IEBCOPY was provided with z/OS 1.13. Unfortunately, this version was not compatible with older 3990 control units as emulated by zPDT. The result was that an IEBCOPY compress operation would sometimes corrupt a partitioned data set, making it unusable. z/OS PTF UA67459 corrects the IEBCOPY problem. z/OS 1.13 also contains a copy of the older IEBCOPY version, which works correctly with zPDT. The problem may be bypassed by using the older IEBCOPY program.
will be picked up automatically at IPL time. The 60 second value shown here is arbitrary, but should be safe. We suggest this not be done unless you experience spinloop problems. 3.4 Larger panel The x3270 terminal emulator can be started with an optional parameter, as follows: $ x3270 -port 3270 -oversize 133x60 localhost & This produces a 3270 window with 133 columns and 60 lines. (Other sizes may be specified; this is simply an example.) Basic TSO does not use the “extra” window space.
About Java versions The exact version of Java that your application uses greatly affects how you can go about tweaking it. If you have Java installed, you can check the version on your system by running the java executable from an OMVS prompt: $ (cd to the directory with the Java bin files4) $ (if Java is in your search path there is no need to cd to it) $ java -version Java(TM) SE Runtime Environment (build pxz6460sr6-20090729_05(SR6)) IBM J9 VM (build 2.6, JRE 1.6.0 IBM J9 2.
Using the shell, you can run the following command before launching your application: $ export IBM_JAVA_OPTIONS="-Xquickstart" Or you can add this option to the default shell profile on a system-wide basis by adding the following line to /etc/profile: export IBM_JAVA_OPTIONS="-Xquickstart" While this is a good setting to set system-wide, we suggest that you use this mechanism in addition to customizing the startup script or JVM command line for your application.
The jython script You can make these changes permanent by creating the following script, in ASCII, in /u/ibmuser/jvmprop.py5: ############################################################################### # Script to set JVM generic arguments to # -Xjit:optLevel=cold,disableInterpreterProfiling # to improve startup performance of WebSphere on zPDT images.
This command may take several seconds to execute. It updates each server’s genericJVMArgument value. References The following two URLs may be used to obtain more JVM information related to startup performance and diagnostic techniques: IBM Java 5 Diagnostic Guide http://publib.boulder.ibm.com/infocenter/javasdk/v5r0/index.jsp CICS® and JVM Startup Time http://publib.boulder.ibm.com/infocenter/cicsts/v2r2/index.jsp%3Ftopic%3D/com.i bm.cics.ts22.doc/dfhpj/dfhpj93.htm 3.
OUTPUT=DAC0 /* //PUTIPL EXEC PGM=ICKDSF //IPLDEV DD DISP=OLD,UNIT=3390, // VOL=(PRIVATE,RETAIN,SER=LOCAL1) //TRK0TEXT DD DSN=&TRK0TEXT,DISP=(OLD,DELETE) //SYSIN DD DSN=&DSFSYSIN,DISP=(OLD,DELETE) //SYSPRINT DD SYSOUT=* Check the JES2 output when the job ends to ensure that it completed correctly. This is a somewhat unusual job.
Moving an emulated 3390 volume to (or from) a non-zPDT system is a little more complex, because it must be handled in a System z format instead of a Linux format. The traditional method is to dump the volume to tape (using the ADRDSSU program) and then restore the tape on the target system. This method can also be used with emulated tapes (in awstape format), provided that both the sending and receiving systems can use this format.
device AA2 3390 3990 /z/TEMP03 We then started zPDT and IPLed z/OS. During z/OS startup the new devices are recognized as uninitialized volumes and are varied offline.
handled by ftp. The x.y positional operand is needed in xmit, but is meaningless in this example. Note that the terse program could be used instead of xmit. It is important to understand the reason for the xmit step. In the general case, ftp does not understand the block and record structure of a z/OS file (such as the ADRDSSU output file). This information is lost during ftp and the resulting file is not usable. The xmit program changes the ADRDSSU dump file into a fixed block/fixed record format.
The dump file can be sent from Linux to z/OS using ftp. (If the file was compressed (in Linux) it must be uncompressed before sending it to z/OS.) Our example uses IP address 10.1.1.2 for z/OS because, for demonstration purposes, we used the same zPDT z/OS system that we used to create the dump volume. In practice, this is likely to be a different z/OS system that might not be in a zPDT environment. $ ftp 10.1.1.2 Name (10.1.1.
normal 1090 use, we describe it in considerable detail because portions may be useful in unusual circumstances. There are several phases involved: Prepare standalone versions of ICKDSF and the ADRDSSU restore program on an existing z/OS system that can write emulated tape volumes in awstape format. Dump the selected z/OS volume to an awstape file, using the ADRDSSU program. Note that the first two phases can be run on much older OS/390® or z/OS versions, on a variety of machines.
//OUT DD UNIT=560,VOL=SER=DUMP01,DISP=(,KEEP),LABEL=(1,NL) //SYSIN DD * DUMP INDD(IN) OUTDD(OUT) ALLDATA(*) ALLEXCP ADMINISTRATOR COMPRESS OPTIMIZE(4) /* These jobs created three awstape files (emulated tape volumes) on the initial z/OS system. We then compressed the large file containing the dump, using the command: $ gzip -c /tapes/DUMP01 > DUMP01.gz Finally, we used a standard program to burn the three files (containing the two small standalone programs and the compressed DUMP01 file) to a CD.
device 0700 3279 3274 L700 device 0701 3279 3274 L701 [manager] name awstape 4 device 0580 3480 2803 /z/SAINIT device 0581 3480 2803 /z/SARESTOR device 0582 3480 2803 /z/TAPE01 [manager] name awsckd 8 device 0a8F 3390 3990 /z/SARES1 $ awsckmap devmap.txt (verify there are no errors) Run standalone programs We started the 1090 operation: $ cd /home/ibmsys1 $ awsstart aprofi.
(ignore progress messages such as NEXT TRACK TO WRITE) (wait for FUNCTION COMPLETED, HIGHEST CONDITION CODE WAS 0) IPL z/OS We started another 3270 session (for TSO): $ x3270 -port 3270 localhost & And then we IPLed the one-volume z/OS system that we just restored: $ ipl 0a8f parm 0a8fsa (use the indicated IPL parameter) 3.9 IODF Changes with zPDT For a larger System z, IODF and IOCDS creation are almost always done at the same time, working with HCD.
Specify or revise the following values. Device number. . . . Number of devices . Device type. . . . . Serial number. . . . Description. . . . . Volume serial number Connected to CUs . . . . . 410 + (0000 - FFFF) . . . 15 . . . OSA + . . . . . . . . . ______ (for DASD) ____ ____ ____ ____ ____ ____ ____ ____ Press Enter and again select (with a / character) the OS390 configuration. Select option 1 (to connect or change the new I/O devices).
SYSPARM IEASYM NUCLST PARMLIB PARMLIB PARMLIB NUCLEUS SYSPLEX 00 00 00 USER.PARMLIB ADCD.Z112.PARMLIB SYS1.PARMLIB 1 ADCDPL Z9SYS1 Z9RES1 Z9RES1 Change the 99 in the first line to 77 (or whatever number you used for your IODF). The format of this statement is odd, but it results in the name SYS1.IODF77. Be certain to place your changed characters in the same columns as the original characters. Do not change anything else in the LOADxx member unless you are certain about your actions.
Real 1403 printers are historical items, but there are many uses for pseudo-1403 devices. z/OS and JES2 still support 1403 printers and the 1090 can emulate 1403 printers. This is all that is needed for printed output from utilities, compilers, and many existing applications. Using a PC printer Our goal was to use a common PC laser printer and have utility output produced in the format just described: landscape mode, 66 lines per page, 132 characters per line.
Shell script We created a shell script named prt00E (the name is arbitrary) and placed it in our home directory (/home/ibmsys1, in our case).
printer and because it is already defined in the AD-CD IODF.) Edit AD-CD PARMLIB member JES2PARM to contain the following line: PRT(1) WS=(W,R,Q,PMD,LIM/F,T,C,P),UNIT=00E,CLASS=C If you scroll through the existing JES2PARM (in the AD-CD system) you will find commented lines similar to this. You can insert a new line, as shown, or convert the commented lines into active lines.12 The print class (CLASS=C) is arbitrary; we selected class C because nothing defaults to this class.
3.11 Enabling TSO users for OMVS Current releases of the z/OS AD system provide “built-in” userids such as ADCDA, ADCDB, ADCDC, and so forth. For some releases these userids are not enabled for Unix System Services (also known as OMVS). You can enable these userids with the steps described here. Logon to TSO as ibmuser or adcdmst. These two userids have RACF® SPECIAL authority.
example) must be the IP address of your z/OS TCP/IP. (It is not the IP address of the base Linux in your zPDT system.) Port 1023 in the AD system is used for connection to Unix System Services. This method of accessing Unix System Services is not adapted to 3270 terminals. It uses a basic UNIX-style terminal and vi, for example, can be used in this mode. 3.12 SYS1.LOGREC full Maintaining SYS1.LOGREC is a normal z/OS system programmer’s task. There is nothing unique to the 1090 or the AD distribution.
connection to it. You can force the console session to completely disconnect by this command in a Linux window: $ awsmount 700 -d (assuming your MVS console is address 700) You might then be able to connect the TN3270e session to address 700. You need to have the TN3270e session connected before proceeding with additional recovery. When MVS lost the console it may have started issuing messages in the Linux window used to start zPDT. These are “HMC hardware console” messages.
3.15 Health Checker The z/OS Health Checker has been included in recent AD-CD releases, but may not be configured for operation. A quick configuration (z/OS 1.12) involves the following steps; later z/OS releases may use similar steps if the Health Checker is not already configured: Edit SYS1.SAMPLIB(HZSALLCP) and change the DSN operand (in the DD statement) to something like DSN=SYS1.ADCD.HZSPDATA. A VOL=SER= parameter may be added although the data set involved is not very large.
received) displays the name of the conflicting job(s). The conflict may be from zFS. The following MVS console command: f omvs,stoppfs=zfs stops zFS and permits compression of the PARMLIB. This should be done when there are no Unix System Services users, of course. 3.18 Burning 3390 volumes on CD If we wanted to preserve a 3390 volume on CD (or DVD), we could use the following command to make a compressed copy: $ gzip -c /z/Z5RES1 > /z/Z5RES1.
007 009 00A 00B 00D 00E 00F 013 014 017 019 01B 01C 020 022 023 025 02E 030 031 032 033 035 037 038 039 03A 03B 03C 03D 03E 03F 040 044 045 046 04A 050 051 052 053 054 055 056 059 05A 05C 05D 05E 060 061 062 063 064 065 06F 070 071 072 073 - During initialization console not available (3) System build error. (z/OS problem; should be rare) Cannot find SYS1.LINKLIB or SYS1.CSSLIB in catalog (4) Master scheduler abended (4) Master scheduler abended (4) Problem on SYSRES volume (SYS1.
074 - IPL program contains a logic error (6) 075 - IPL program could not load a module (4,14,6) 076 - IPL found non-fullword relocatable address constant (6) 077 - SVC entry point cannot be resolved (6) 078 - Master catalog could not be opened (2,4,6) 07B - Required processor facility not available (19) 07C - Initialization error, configuration problem. (18,1,see Codes manual) 07D - IEASYSxx PARMLIB member is bad; in error (4) 07E - Unable to obtain LSQA storage for SVC (11,6) 081 - SYS1.
A1F - Processor controller not available; TOD sync cannot occur (16) A20 - System found page in FLPA that is not fixed (6) A21 - Segment table entry for MLPA, PLPA, FLPA, or xFLPA is incorrect (6) A22 - Error (probably hot I/O) invoked disabled console communication facility (see manual) A23 - Program check during machine check handling on only online processor (16) A24 - Loop while running machine check handler on only online processor (6,16) A26 - Machine check on only online processor; interruption code
9. You attempted a reconfiguration option that is not available for zPDT. 10.Possible devmap or PC disk error or emulated 3390 corruption error. Stop zPDT and verify 3390 emulated volume formats with alcckd xxxx -rs commands. 11.Have you defined enough memory for your System z? Try increasing the memory size in your devmap and restart zPDT. (Consult zPDT documentation to understand the maximum System z memory definition recommended for your configuration.
4 Chapter 4. z/VM notes z/VM 6.2 is available in an AD-CD format for authorized, licensed users of zPDT. For zPDT users with 1090 tokens a separate license agreement may be required. For users with 1091 tokens a separate priced feature may be required. Consult your zPDT supplier for additional information. The details in this chapter are based on an early version of the AD-CD z/VM 6.2 system and there may be minor differences in the final version of the system.
4.1 Installing the AD-CD z/VM 6.2 system Eight 3390-3 volumes are used for the AD-CD z/VM 6.2 system. Depending on your zPDT supplier these might be downloaded or available on DVDs. The volumes are: M01RES 620RL1 620RL2 M01P01 M01S01 M01W01 VMCOM1 VMCOM2 As with other AD-CD System z volumes, these volumes are packaged as gzipped files and are expanded into usable form with a gunzip command. For example, $ gunzip -c m01res.
4.2 IPL and logon We used the following zPDT command to IPL this system: $ ipl 200 parm 0700 The 0700 is the address of a 3270 terminal. The initial IPL may produce the stand-alone loader panel shown in Figure 4-1 or it may go directly to the OPERATOR session, depending on z/VM customization. If the stand-alone loader panel is displayed, the IPL parameters (shown in Figure 4-1) may need to be changed.
10:13:24 z/VM V6 R2.0 SERVICE LEVEL 1201 (64-BIT) 10:13:24 SYSTEM NUCLEUS CREATED ON 2012-09-29 AT 23:55:42, LOADED FROM M01RES 10:13:24 10:13:24 **************************************************************** 10:13:24 * LICENSED MATERIALS - PROPERTY OF IBM* * 10:13:24 * * 10:13:24 * 5741-A07 (C) COPYRIGHT IBM CORP. 1983, 2011. ALL RIGHTS * 10:13:24 * RESERVED.
z/VM ONLINE / VV VVV MM MM VV VVV MMM MMM ZZZZZZ / VV VVV MMMM MMMM ZZ / VV VVV MM MM MM MM ZZ / VV VVV MM MMM MM ZZ / VVVVV MM M MM ZZ / VVV MM MM ZZZZZZ / V MM MM / zPDT Parallel Sysplex Base built on IBM Virtualization Technology Fill in your USERID and PASSWORD and press ENTER (Your password will not appear when you type it) USERID ===> PASSWORD ===> COMMAND ===> RUNNING SSI1 Figure 4-3 z/VM logon display The z/VM logon panel is commonly used in two ways.
4.3 CMS CMS is the Conversational Monitor System. It is a small, single-user operating system. Every user running CMS is running a separate CMS in a separate virtual machine.4 CMS is a special-case operating system that runs only under z/VM. z/VM administration is done through CMS. The READY prompts you see on the windows are indicators that CMS is running in a virtual machine. It is possible to use CMS for application development and as a base for user applications. This usage is not described here.
LOGON MAINT z/VM Version 6 Release 2.0, Service Level 1201 (64-bit), built on IBM Virtualization Technology There is no logmsg data FILES: 0013 RDR, NO PRT, NO PUN LOGON AT 10:15:22 EST TUESDAY 03/05/13 z/VM V6.2.0 2012-09-29 23:41 DMSACP723I B (5E5) R/O DMSACP723I D (51D) R/O DMSACP723I E (551) R/O ****************************************************************** THE MAINT620 USER ID **MUST** BE USED INSTEAD OF MAINT WHEN INSTALLING SERVICE.
A minidisk is a contiguous range of 3390 cylinders7 that is seen by a z/VM user as a complete disk volume (typically with a small number of cylinders). There are three common formats for a minidisk: CMS, which includes all the z/VM control files and user files z/OS, which includes a label, VTOC, and the usual z/OS types of data sets Linux for System z A minidisk is created by defining it in the z/VM directory. You are responsible for formatting your own minidisks.
4.4.1 Inspecting your disks Assuming you are logged onto z/VM as MAINT or as another userid, you can use q da all and q disk commands as shown in Figure 4-5.
Ready; T=0.01/0.
The output from filelist is in a full-panel format that can be scrolled with PF8 and PF7. PF3 is used to exit from the command. This format is very useful because CMS commands can be entered in the first column of a line and the file named in that line becomes the operand of the CMS command. Two common commands are browse and x (or xedit). When a new CMS disk exists (perhaps with a new z/VM userid), it must be formatted for CMS use. Assuming the new disk is my 191 disk (the default “A” disk for a CMS user).
-nn - Scroll backward nn lines top - Scroll to beginning of the file bottom - Scroll to the end of the file nulls on or nulls off - Select 3270 nulls/blanks usage The default PF key definitions include the following: PF1 - Help PF2 - Insert a blank line after the line with the cursor PF3 - Quit (if no changes were made); exit from Help function PF4 - Tab to columns 5, 10, 15, and so forth PF7 - Scroll backward PF8 - Scroll forward PF9 - Split or Join, depending on the cursor location PF
The first real user definition is for MAINT. The first line of this section begins with the keyword IDENTITY. This is a new keyword that is significant for multiple linked z/VM systems (new with release 6.2). In a simple environment, the IDENTITY statement is equivalent to a USER statement. Ignore the SUBCONFIG statements, but observe that many statements are “commented out” by an asterisk in the first column. LINK statements refer to a minidisk owned by another user.
The output of the program is the file user diskmap a. This may be browsed, as follows: browse user diskmap a Inspecting this output, we found that volume VMCOM2 had no minidisks defined after cylinder 1666. We added the MDISK statement for user BILL and ran the mapdisk program again, as seen in Figure 4-9 on page 67. Note the last line of the output, which verifies that we placed BILL’s 191 minidisk where we wanted it.
USER ===> VOLUME VMCOM2 DISKMAP A1 F 100 9BLK 13/02/26 213/360 BROWSE USERID $ALLOC$ VMSERVP 6VMLEN20 6VMLEN20 6VMLEN20 4OSASF40 4OSASF40 6VMDIR20 6VMDIR20 6VMDIR20 6VMDIR20 6VMDIR20 6VMDIR20 6VMDIR20 6VMDIR20 6VMDIR20 6VMDIR20 6VMDIR20 6VMDIR20 DIRMAINT DIRMAINT DIRMAINT DIRMAINT DIRMAINT DIRMAINT DIRMAINT DIRMAINT DIRMAINT DIRMAINT 5684042J 5684042J 5684042J 5684042J 5684042J 5684042J 5684042J 5684042J BILL CUU A01 311 4D2 49E 49B 2D2 300 191 2B2 2C2 2C4 2D2 29D 29E 2B1 491 492 41F 11F 1AA 1FA 1DE 2A
One way to view the contents of the virtual card reader and printer queue is with the commands: q rdr q prt q pun (although there are seldom any virtual punch files) with output similar to that shown in Figure 4-10. Ready; T=0.03/0.
MAINT RDRLIST A0 V 164 Cmd Filename Filetype Class * (none) (none) CON T (none) (none) CON T discardnone) (none) CON T = (none) (none) CON T = (none) (none) CON T = (none) (none) CON T (none) (none) CON T (none) (none) CON T (none) (none) CON T (none) (none) CON T (none) (none) CON T (none) (none) CON T (none) (none) CON T 1= Help 2= Refresh 7= Backward 8= Forward Trunc=164 Size=13 User at Node DTCVSW1 SSI1 DTCVSW2 SSI1 MAINT SSI1 DTCVSW1 SSI1 DTCVSW2 SSI1 MAINT SSI1 DTCVSW2 SSI1 DTCVSW1 SSI1 DTCVSW2 SSI1
q q q q q q q q q q q q da all - list the “real” online disks. alloc all - list page, spool, temporary disks, and directory usage. alloc map - lists percentage use for page and spool disks. system - another way to list system disks. accessed - list minidisks I have accessed. links 120 - list userids who have links to my 120 disk. pf - list Program Function Key assignments.
4.9 Paging If you run z/OS (or another System z operating system) under z/VM on a zPDT base machine, remember that you have three levels of paging: The base Linux system pages whenever virtual memory usage exceeds the available real memory. Our advice to have at least 1 GB more real memory than your defined for System z memory size. This is intended to minimize Linux paging. A Linux page fault in the primary 1090 CP process causes the CP to pause until the page fault is resolved.
72 IBM System z Personal Development Tool: Volume 3 Additional Topics
5 Chapter 5. z/VSE notes z/VSE is available (for properly licensed users) as an AD-CD download for zPDT. We suggest using this download instead of installing z/VSE from the standard DVD distribution media. Consult your z/PDT provider for information about licensing and downloading. At the time of writing, z/VSE was not available for RDz (1091) users. © Copyright IBM Corp. 2009, 2013. All rights reserved.
74 IBM System z Personal Development Tool: Volume 3 Additional Topics
6 Chapter 6. Multiple zPDT instances zPDT supports both guest operations (under z/VM) and multiple instances of zPDT. Both are ways to run multiple z/OS or other operating systems. See additional notes elsewhere about multiple instances using LANs (in Chapter 10, “LAN notes” on page 103) and using cryptographic adapter functions (in Chapter 13, “Cryptographic adapter” on page 131). In this chapter we present basic information about the use of multiple zPDT instances.
6.1 Multiple instances or guests We strongly suggest that you use a single zPDT instance, as described in this series of documents, to become familiar with basic zPDT operation. Also, you cannot exceed the number of zPDT licenses in your token(s). The same number of token licenses applies whether the zPDT CPs are in a single instance or spread over multiple instances. Multiple instances means running more than one copy of zPDT. Each instance must run under a different Linux userid.
VSWITCH for guest use. Using the IP address patterns from our other examples, we might have the following addresses in Figure 6-1: 192.168.0.60 Linux IP address for the Ethernet adapter 192.168.0.60 port 3270 address for external TN3270e connections to aws3274 10.1.1.1 Linux IP address for the tunnel interface 192.168.0.61 z/VM IP address for Ethernet 10.1.1.2 z/VM IP address for the tunnel interface 192.168.0.62 z/OS #1 address for Ethernet 10.1.1.3 z/OS #1 address for the tunnel interface 192.168.0.
Simplified devmaps, matching Figure 6-2, might be as follows: (file /home/ibmsys1/aprof1) [system] memory 800m 3270port 3270 processors 2 cp zaap # emulated zSeries to have 800 MB memory # tn3270e connections specify this port # one CP and one zAAP [manager] name awsckd 0001 # define a single 3390 disk device 0a80 3390 3990 /z/SARES1 [manager] name aws3274 0003 device 0700 3279 3274 mstcon device 0701 3279 3274 tso # define two local 3270s [manager] name awsosa 00C0 --path=F0 --pathtype=OSE device E20 o
# su ibmsys1 $ cd /home/ibmsys1 $ awsstart aprof1 (startup messages) $ x3270 -port 3270 mstcon:localhost & $ x3270 -port 3270 tso:localhost & $ ipl a80 parm 0a8200 (open another terminal window) # su ibmsys2 $ cd /home/ibmsys2 $ awsstart profSB (startup messages) $ x3270 -port 3271 localhost & $ x3270 -port 3271 localhost & $ ipl 200 working ibmsys1 working working working as ibmsys1 instance as ibmsys1 as ibmsys1 as ibmsys1, IPL z/OS working ibmsys2 working working working as ibmsys2 instance as ibmsys
Ethernet adapter Linux awsosa awsosa Linux TCP/IP aws3274 Group Controller Shared DASD Tunnel Local x3270 sessions Shared aws3274 ibmgroup CP aws3274 CP z/OS z/OS TCP/IP TCP/IP ibmsys1 ibmsys2 zPDT Instance zPDT Instance Local x3270 sessions aws3274 Local x3270 sessions Private aws3274 Private DASD Figure 6-3 Shared emulated I/O The Linux userid associated with the group controller must have the proper path information set in the .
device device device device device device 402 403 404 405 406 407 osa osa osa osa osa osa osa osa osa osa osa osa --unitadd=2 --unitadd=3 --unitadd=4 --unitadd=5 --unitadd=6 --unitadd=7 /home/ibmsys1/aprof1 [system] memory 800m 3270port 3270 processors 1 group ibmgroup #userid of the group controller [manager] name aws3274 4455 device 0700 3279 3274 mstcon device 0701 3279 3274 /home/ibmsys2/aprofSB [system] memory 1000m 3270port 3271 processors 2 group ibmgroup #userid of the group controller [man
No DASD is defined for the instances in this example; the instances will share the DASD defined for the group controller. Note that all sharing instances use the same addresses (device numbers) for the shared devices. There is no provision to have different addresses (for different instances) for the same shared device. If a zPDT instance operates under the group controller, then any OSA devices might be shared devices, managed by the group controller, or each instance may have a private OSA.
6.5 Additional shared functions The previous section outlines the key shared device usage rules, as they apply to DASD and OSA devices. The group controller can also include a shared aws3270 function and passive definitions that are inherited by all instances.
3270 devices (from the controller list that is inherited by all instances, and from the unique list in each instance) can be accessed from the selection menu. Yet another option exists for accessing shared aws3274 functions. This involves an inetd service that automatically detects which 1090 instances are running and constructs a selection menu based on this information. The inetd setup varies with different Linux distributions.
7 Chapter 7. Using awscmd The awscmd device manager provides a “device” that appears to System z software as a tape drive. Its function is to send commands (and data) to the underlying Linux and then receive the output from the Linux command. Any Linux command may be sent, including those that could destroy the Linux system. Obviously, this device manager should be used with care and may not be appropriate for a zPDT environment that can be accessed by untrusted users.
– The stdout data from the Linux command – The stderr data from the Linux command – The return code (converted to characters) from the Linux command 8. The output (on the pseudo-tape) has been converted to EBCDIC. 9. Two tape marks are at the end of the pseudo-tape. Restrictions The command you send to Linux cannot include any redirection (< or > characters), asynchronous indicator (& character), or pipe (“|” or vertical bar character).
TAPE 0280 ATTACHED TO ZVMTEST 028F Ready; oscmd ls -al STDOUT output------total 21699469 drwxrwxr-x 2 zvmtest zvmtest 4096 Aug 7 drwdr-xr-x 8 zvmtest zvmtest 4096 Aug 7 -rw-rw-r-- 1 zvmtest zvmtest 2846431232 Jul 8 -rw-rw-r-- 1 zvmtest zvmtest 2846431232 Jul 8 (etc to list all the entries in the current STDERR output---COMMAND return code ---0 Ready; 20:51 20:37 09:58 10:08 Linux . .. 530OPT.ckd 530PAG.ckd directory) 7.
An example of using the sample program might be: //OGDEN22 JOB 1,OGDEN,MSGCLASS=X,MSGLEVEL=(0,0) // EXEC PGM=AWSCMDX,PARM='ls -al ' //STEPLIB DD DSN=OGDEN.LIB.LOAD,DISP=SHR //TAPE DD UNIT=(560,,DEFER),VOL=SER=123456,LABEL=(1,BLP),DSN=X //SYSPRINT DD SYSOUT=* The output (viewed from JES2 spool using SDSF) contains the usual JES2 messages and a SYSOUT data set like the following: COMMAND: ls -al 1>/tmp/AWSCMD-xxx-out.txt 2>/tmp/etc.xxetc
pseudo-tape device remains busy with the preceeding WTM operation until the Linux command completes.) The TSO test environment options (in the compile and link steps) are not required. //OGDEN90 JOB 1,OGDEN,MSGCLASS=X // EXEC ASMACLG,PARM.C='NOXREF,TEST',PARM.L='NOLIST,NOMAP,TEST' //* PARM.G='ls -al ' //C.
LA 1,SCCREW ADDRESS of CCW(S) ST 1,SIOB+16 PLACE IN IOB EXCP SIOB REWIND TAPE WAIT ECB=SECB WAIT FOR IT TM SECB,X'20' COMPLETED OK? BZ ERR1 IF NOT, BRANCH * PREPARE TO WRITE THE COMMAND RECORD C CLI PARMFLG,X'00' USING PARM DATA? BE C2 IF SO, BRANCH C1 GET SYSIN,BUFFER READ RECORD FROM SYSIN * BACKSCAN TO REMOVE TRAILING BLANKS C2 LA 3,BUFFER+99 MAX 100 BYTES C3 CLI 0(3),C' ' A BLANK? BNE C4 IF NOT, BRANCH S 3,=F'1' BACK UP 1 IN BUFFER B C3 LOOP UNTIL NON-BLANK FOUND C4 LA 4,BUFFER A(BEGINNING OF BUFFER) LA
* READ FIRST FILE F MVC BUFFER2(80),BLANKS MVC BUFFER2+0080(80),BLANKS MVC BUFFER2+0160(80),BLANKS MVI SECB,X'00' ZERO THE ECB LA 1,SCCREAD ADDRESS of CCW(S) ST 1,SIOB+16 PLACE IN IOB EXCP SIOB READ WAIT ECB=SECB WAIT FOR IT TM SECB,X'20' COMPLETED OK? BO F1 IF YES, BRANCH TM SIOB+12,X'01' TAPE MARK? BO G IF YES, BRANCH B ERR5 F1 MVC BUFFER(132),BLANKS MVC BUFFER(09),=C'COMMAND: ' MVC BUFFER+09(132),BUFFER2 PUT PRINT,BUFFER B F LOOP UNTIL ALL RECORDS READ * READ SECOND FILE G MVC BUFFER2(80),BLANKS MVC BUFF
PUT PRINT,BUFFER B H LOOP UNTIL ALL RECORDS READ * READ FOURTH FILE J MVC BUFFER2(80),BLANKS MVC BUFFER2+0080(80),BLANKS MVC BUFFER2+0160(80),BLANKS MVI SECB,X'00' ZERO THE ECB LA 1,SCCREAD ADDRESS of CCW(S) ST 1,SIOB+16 PLACE IN IOB EXCP SIOB READ WAIT ECB=SECB WAIT FOR IT TM SECB,X'20' COMPLETED OK? BO J1 IF YES, BRANCH TM SIOB+12,X'01' TAPE MARK? BO K IF YES, BRANCH B ERR5 J1 MVC BUFFER(132),BLANKS MVC BUFFER(09),=C'RTNCDE: ' MVC BUFFER+09(132),BUFFER2 PUT PRINT,BUFFER B J LOOP UNTIL ALL RECORDS READ * K
B CLOSE NOINPUT WTO 'NO PARAMETER OR SYSIN FOUND' B RETURN * * CONSTANTS, WORK AREAS * SAVEAREA DC 18F'0' SEC2 DC F'200' TWO SECONDS STAPEO DCB DSORG=PS,MACRF=(E),DDNAME=TAPE PRINT DCB DSORG=PS,DDNAME=SYSPRINT,MACRF=(PM),LRECL=132, BLKSIZE=13200,RECFM=FB SYSIN DCB DSORG=PS,DDNAME=SYSIN,MACRF=(GM),LRECL=80, RECFM=FB,EODAD=D DS D'0' SCCWRITE DC X'01',AL3(BUFFER),X'20',AL3(100) SCCWTM DC X'1F',AL3(0),X'20',AL3(1) SCCREW DC X'07',AL3(BLANKS),X'20',AL3(1) SCCREAD DC X'02',AL3(BUFFER2),X'20',AL3(3200) SECB DC F'0
94 IBM System z Personal Development Tool: Volume 3 Additional Topics
8 Chapter 8. Problem handling There are several aspects to zPDT problem handling, including the following: Problems starting a zPDT operation Problems during a zPDT operation Problems with emulated device files Problems with the underlying Linux system Problems with the System z operating system and applications This chapter uses the term zPDT service provider. This may be an IBM Business Partner or some other zPDT provider that offers service.
8.1 Problems starting a zPDT operation These problems are most commonly related to devmap errors, and are often due to errors in Linux file names in the devmap. The solution is to check the devmap carefully, remembering that file names are case sensitive in Linux. Problems obtaining a license (from the zPDT token) are typically due to an expired or unactivated token. Messages about Time Cheat errors indicate a more serious problem.
provider, or simply kept on your Linux system for potential use later. The senderrdata command can manage the FTP operation to IBM. These files (on the receiving system at IBM) are automatically deleted after a few days unless a formal problem (PMR or equivalent) event is opened; this can be done by your zPDT service provider. Figure 8-1 provides an overview of problem data handling.
If a problem incident is opened through your IBM Business Partner, you may be requested to send additional files. In general, once a problem incident is opened, you should not delete anything from the logs directory. If device managers fail they automatically create a trace file and are automatically restarted. This restart will not occur more than three times per minute.
and head numbers. These numbers are in decimal. The following example lists the records on cylinder 0, head 0 of volume Z9SYS1: $ ckdPrint /z/Z9SYS1 DeviceType 3390, Cylinders-3339, Trks/Cyl-15, TrkSize-56832 Input extent in decimal - CC-low HH-low CC-high HH-high 00 00 00 00 .... .... The tapeCheck command may be used to verify the format of an awstape file. That is, this command reads the awstape file and verifies that the awstape control blocks are logically correct.
r = number of Linux processes waiting for run time b = number of Linux processes sleeping swpd = amount of swap space used (KB) free = amount of idle memory (KB) buff = amount of memory used as buffers (KB) cache = amount of memory used as cache (KB) si, so = Linux paging activity in KB/second bi, bo = I/O activity in blocks/second in = interrupts per second cs = context switches per second us = percent of CPU time in user mode sy = percent of CPU time in kernel mode id = percent of CPU time idle wa = perce
9 Chapter 9. Linux for System z Linux for System z is not an IBM product and is not distributed by IBM. Several Linux products and distributions can be considered under the generic name of “Linux for System z.” There is no equivalent of an AD-CD available for Linux for System z. Both Red Hat Enterprise Linux (RHEL 6.4) for System z and SUSE Linux Enterprise Server (SLES 11 with SP 2) for System z have been tested and used with the current release of zPDT.
102 IBM System z Personal Development Tool: Volume 3 Additional Topics
10 Chapter 10. LAN notes A basic LAN setup, for TCP/IP using QDIO interfaces, is covered in the second volume in this document series. This chapter discusses additional options and usage notes. 10.1 OSA CHPIDs Important: Starting with zPDT Version 1 Release 3, the find_io command detects all LAN interfaces known to Linux, regardless of whether the interface is up, down, or running. Previous zPDT releases detected only interfaces that were not down.
A default path may not be shown for all the listed interfaces. The rules are: Every OSA definition in the device map must have a unique path specified. The path names displayed by find_io are the default values and are used if an interface is not specified in the OSA definition. The default paths A0-A8 are used only for tap (tunnel) interfaces. Path A0 corresponds to tap0, A1 corresponds to tap1, and so forth. The default paths F0-FF are assigned for other interfaces.
A1 tap1 10.1.2.1 A2 tap2 10.1.3.1 A3 tap3 10.1.4.1 and so forth through AF and tap15.1 255.255.255.0 255.255.255.0 255.255.255.0 In general, the multiple tunnel interfaces are intended for use with multiple zPDT instances. The same tunnel interface cannot be shared by multiple zPDT instances. The third factor in the default IP address for the tap devices is the second digit of the path name plus one. The default IP address for the tap devices (such as 10.1.1.
statements. The --unitadd parameter is used in the devmap because the default OSA unit addresses3 would be 20 and 21 (using the two low-order digits of the device number) and we want unit addresses 0 and 1.4 10.3 More complete QDIO example We used the find_io command to determine that our Ethernet adapter was eth0, and that it was assigned as CHPID F0. The tunnel interface is always CHPID A0. We elected to use the QDIO mode for both OSA interfaces.
name awscmd 1000 device 580 3490 3490 The following lines are in VTAMLST member OSATRL1: OSATRE1 VBUILD TYPE=TRL OSATRL1E TRLE LNCTL=MPC,READ=(0400),WRITE=(0401),DATAPATH=(0402), PORTNAME=PORTA,MPCLEVEL=QDIO OSATRL2E TRLE LNCTL=MPC,READ=(0404),WRITE=(0405),DATAPATH=(0406), PORTNAME=PORTB,MPCLEVEL=QDIO X X We used the following TCP/IP profile in z/OS: ARPAGE 5 DATASETPREFIX TCPIP AUTOLOG 5 FTPD JOBNAME FTPD1 PORTMAP ENDAUTOLOG ; FTP Server ; Portmap Server PORT 7 UDP MISCSERV ; Miscellaneous Server (ther
10.4 Large or jumbo usage The current zPDT OSA emulation does not support large or jumbo packets. The largest MTU size that should be specified in a TCP/IP profile definition is 1500 bytes. Also, the large send option provided with some TCP/IP implementations (such as z/OS) may not be used with this release of zPDT OSA. Note that large or jumbo packets are not the same as the large send function. 10.
Fixed IP addresses DHCP address 1090 machine Router with NAT function Multiple LAN adapters, if needed Other PCs for x3270 or PCOM sessions LAN connection "in the office wall" Figure 10-1 Small hub or router usage The Network Address Translation function in the router allows your machine to work with fixed IP addresses (provided by the NAT router).5 These are typically in the 192.168.xxx.xxx range. The router, in turn, works with variable DHCP addresses provided by your external network.
ftp TSO VTAM System z ftp Telnet server Device managers TCP/IP IOS PC system aws3274 awsosa x3270 Different IP addresses Linux TCP/IP Linux One Ethernet port for everything ftp user Telnet TN3270e Browser Telnet TN3270e ftp Figure 10-2 Shared Ethernet adapter The awsosa device manager is independent from Linux TCP/IP, although it can use the same Ethernet adapter. Up to 16 TCP/IP stacks (in z/OS or z/VM) can connect to the awsosa device manager.
Figure 10-3 extends this concept to include a tunnel connection between z/OS and the base Linux. ftp TSO VTAM System z Telnet server IOS TCP/IP PC system x3270 aws3274 ftp Note that only a single Ethernet port is used here.
10.10 Ethernet SNA IBM does not support Ethernet SNA operation. This means that problems or defects will not be addressed by IBM if you attempt to use SNA operation over Ethernet. However, we note that some 1090 users have worked with Ethernet SNA successfully. If you attempt this, note the following: The default OAT for the awsOSA device manager in LCS mode has TCP/IP at unit addresses 0 and 1. It has SNA only at unit address 2.
11 Chapter 11. DASD volume migration The zPDT package includes a client-server utility for moving 3380/3390 volumes from a remote z/OS or z/VM system to zPDT. The server portion of this utility runs under z/OS or z/VM on the remote System z. This is typically a large System z, but it could be another zPDT system. The client portion runs on the base Linux on your zPDT machine.1 The client and server are connected via TCP/IP. This utility is especially useful when transferring many volumes to a zPDT system.
Typical z/OS system (could be z/VM instead) etc zPDT probably not active Linux system (with zPDT installed) etc VTAM TCP/IP Client program etc Batch initiator TCP/IP connection Server program TSO File for emulated volume Linux z/OS 3390 volumes Source system Target system Figure 11-1 Volume migration overview (z/OS version) 11.1 Warnings There are limitations on simply copying and using volumes from a z/OS system (and also from a z/VM system, with slightly different details).
Complete volumes (3380 or 3390) are transferred. This includes IPL text, volume labels, VTOC, and unallocated space. The logical contents of the volume are not examined. Data sets on the volume are not recognized. The utility simply copies and transfers all the tracks on the volume. It does not check whether the tracks are allocated (VTOC or VM equivalents) or in use (ENQ) or linked to a specific catalog (for VSAM, for example). A read track CCW is used to read the data on each track of a CKD volume.
11.3.1 Server installation File /usr/z1090/bin/ZOSSERV.XMIT must first be uploaded to a z/OS data set with DCB characteristics RECFM=FB, LRECL=80, BLKSIZE=3120. This XMIT file contains an unloaded PDS load library with one member. You can begin restoring this material by preallocating two data sets with the following job: //OGDEN77 JOB 1,BILL,MSGCLASS=X // EXEC PGM=IEFBR14 //A DD DISP=(NEW,CATLG),UNIT=3390,VOL=SER=ZBSYS1,SPACE=(TRK,5), // DCB=(RECFM=FB,LRECL=80,BLKSIZE=3120,DSORG=PS), // DSN=IBMUSER.SEQ.
11.3.2 RACF requirements Important: Consult with the RACF administrator for your source z/OS system before making any RACF changes. This is especially important if the DASDVOL class is active in the installation. The server program requires RACF class DASDVOL to be active and the server program must have at least READ access to all volsers to be transferred. You must determine whether the DASDVOL class is active and used on the system where you install the migration utility server.
DASDVOL already in use If you find that the DASDVOL class is active on your source system, we strongly suggest that you discuss the situation with the system programmers managing the source system. Your requirements are simple: you (meaning the userid who will run the migration server program) need DASDVOL READ access to whatever volsers you intend to migrate. TCP/IP port By default, the migration programs use TCP/IP port 3990, but this can be changed.
2. Issue the command PUNCH ZVMSERV XMIT A (NOH 3. Issue the command RDRLIST. 4. Beside the file in your RDRLIST, issue the command RECEIVE. This should result in the reconstructed executable file on your CMS A disk. This completes the server installation. 11.6 Operation of server under z/VM Your z/VM must have TCP/IP active and connected to the appropriate network. The CMS user running the migration utility must have access to the volumes to be migrated.
-u or --unit indicates the address (device number) of the volume that is to be copied (migrated). -e or --eof indicates the number of consecutive tape marks that will indicate the end of the input tape. This is used only with z/VM tapes. The default is two tapemarks. Either the -u or -v parameter must be supplied for DASD, but not both; the -u parameter would normally be used for tapes. Once the server is started on the z/OS or z/VM system, the client may be started on the Linux system.
Linux volumes We discovered an interesting situation when migrating Linux for System z volumes. Our particular experience was with SLES-10 SP1 (for System z), but it may apply to other distributions. When installing this distribution there are a number of fstab options that can be selected for controlling disk volume mounts. These include mounting by device name, volume label, UUID, device ID, or device path. The default is to mount by device ID.
Migrating a list of volumes Using gedit or another editor, you could create a Linux file named, for example, mig: (contents of the mig file) hckd2ckd hckd2ckd hckd2ckd hckd2ckd hckd2ckd 192.168.0.81 192.168.9.01 192.168.9.01 192.168.9.01 192.168.9.01 /z/ZOS111/ZBRES1 -v ZBRES1 /z/ZOS111/ZBRES2 -v ZBRES2 /z/ZOS111/ZBSYS1 -v ZBSYS1 /z/ZOS111/ZBUSS1 -v ZBUSS1 /z/ZOS111/backup/MYVOL1xx -v MYVOL1 You could start the server program on the z/OS host and then execute the commands in your mig file: $ .
12 Chapter 12. Channel-to-channel The awsctc device manager provides channel-to-channel (CTC) functions using TCP/IP communication paths. As shown in Figure 12-1, the connection can be within the same zPDT instance, between zPDT instances on the same machine, or between zPDT instances on different machines. Among other functions, CTC can be used by z/OS for GRS “rings”, NJE connections, TCP/IP connections, and so forth.
[manager] name awsctc 75 device E40 3088 3088 ctc://otherhost:3088/E42 device E41 3088 3088 ctc://192.168.0.70:3088/E43 The last parameter of the device statement contains three elements: A TCP/IP address (in dotted decimal form or as a name that can be resolved by Linux) Following a colon, a TCP/IP port number that is to be used on both the local and other system. The same port number is used on both ends of the connection.
A CTC connection within the same zPDT instance might be defined as follows: [manager] name awsctc 300 device E40 3088 3088 ctc://localhost:3088/E42 device E42 3088 3088 ctc://localhost:3088/E40 Note that the two device statements refer to each other’s device number. Status display The AWSSTAT command may be used to display the status of the CTC device. When the device's peer is not yet available, the status flip flops between Connecting and Accepting.
CONNECT NODEA=AAA,NODEB=BBB These examples assume that device number E40 is defined in z/OS as a CTC device. (This is true for current z/OS AD-CD systems.) Be careful to place the IP address of the remote Linux system (and not the remote z/OS system) in the devmaps. The devmap for system AAA might contain the following stanza: [manager] name awsctc 300 device E40 3088 3088 ctc://192.168.0.
A JES2 cold start may be necessary to enable NJE changes to JES2PARM. You need to stop the line, $P LINE(1), when stopping JES2. If the $P is not effective, try $E LINE(1) followed by $P LINE(1). 12.2 Multiple instances and z/VM The following material outlines several uses of CTC connections with two instances of z/VM.3 This material is intended as a general overview and does not provide complete step-by-step instructions for implementation and usage.
device 1003 3390 3990 /z1/540w01 device 1004 3390 3990 /z1/540w02 [manager] name awsctc 0075 device 700 3088 3088 device 700 3088 3088 device 710 3088 3088 device 720 3088 3088 device 740 3088 3088 ctc://localhost:3700/700 ctc://localhost:3701/701 ctc://localhost:3710/710 ctc://localhost:3720/720 ctc://localhost:3740/740 #for #for #for #for #for TCPIP TCPIP TSAF ISLINK RSCS ibmsys2 instance [system] memory 1024m processors 1 group ibmgroup [adjunct-processors] domain 3 2 domain 4 2 [manager] name awsckd
TSAF TSAF is an older function and probably would not be used if IFSC is available. To try it, use commands such as the following (issued by MAINT on both systems): CP XAUTOLOG TSAFVM CP ATT 0710 TSAFVM Then log onto TSAFVM and enter ADD LINK 0710 on both sides. The status of the links can be displayed with Q LINKS ALL. RSCS RSCS can be more complicated. The RSCS product is not enabled by default. You can check this with the command Q PRODUCT STATE ENABLED.
FORCE TCPIP XAUTOLOG TCPIP 130 IBM System z Personal Development Tool: Volume 3 Additional Topics
13 Chapter 13. Cryptographic adapter A 1090 system can emulate several cryptographic adapters as CEX3C devices.1 Each of the CEX3C emulated adapters runs as separate Linux processes and, if sufficient base processors are available to permit these threads to be dispatched in parallel by Linux, can run asynchronously with the 1090 CPs. CEX3C includes the following: DES (56, 112, 168 bits), with encryption, decryption, MAC, and key management. PIN processing (for credit cards).
13.1 Background information A cryptographic coprocessor is represented by an adjunct-processor (AP) process in zPDT. A System z CP sends and receives work entries through coprocessor queues that are known as domains. The accelerator mode of a cryptographic coprocessor is not provided for zPDT. Each cryptographic coprocessor has 16 domains; each z/OS instance uses a different domain (this is specified in the ICSF parameters).
13.3 Initial ICSF startup For practical purposes, the ICSF software functions are needed to initialize cryptographic adapters. Following is a brief outline of the steps we took to customize and use the ICSF panels on a z/OS AD-CD 1.12 system. The use of the AD-CD system PARMLIB and PROCLIB is not required, of course, and you should adjust these names for your needs. Note that the CEX3C cyptographic adapters require ICSF at level HCR7770 or later. This corresponds to the z/OS AD-CD release 1.12 or later.
.... CSFDAUTH CSFDPKDS /*THIS WAS ALREADY IN OUR AD-CD SYSTEM */ + /*WE ADDED THIS ONE */ + Be certain to copy the plus signs at the end of each line! 5. On the MVS console enter the command S CSF. You should see CSF start. It will have a number of error messages but should eventually say ICSF INITIALIZATION COMPLETE. Later, when you stop z/OS, you may need to add a P CSF command to your shutdown script (or enter it manually). 6. Go to ISPF option 6 and enter the command @ICSF.
Use F3 to return to the first ICSF panel and select option 6. This option allows you to enter a pass phrase that is then automatically used to initialize the basic coprocessor master keys. (An alternative method for initializing master keys is to use multiple other functions on the ICSF panels. Unless you are familiar with cryptographic coprocessor management, we suggest that you use the simple pass phrase initialization process we describe here.
---------------------- ICSF - Coprocessor Hardware Status --------------------COMMAND ===> SCROLL ===> CRYPTO DOMAIN: 0 REGISTER STATUS COPROCESSOR E00 Crypto Serial Number Status DES Master Key New Master Key register Verification pattern Hash pattern Old Master Key Verification Hash pattern Current Master Verification Hash pattern : : : : register : pattern : : : Key register : pattern : : : AES Master Key New Master Key register Verification pattern Old Master Key register Verification pattern Curren
You can easily verify CSF operation by going to omvs and issuing the following command: od -An -N4 -td /dev/random If CSF (or the emulated cryptographic coprocessor) is not working, the result is an internal error message. If these functions are working, a random number is displayed. The zPDT cryptographic coprocessor emulation functions are intended for use by developers who require these functions.
#------------- 1090 instance 1 --------------------------[system] processors 1 ... [adjunct-processors] domain 0 1 domain 1 1 domain 2 1 #------------- 1090 instance 2 --------------------------[system] processors 1 ... [adjunct-processors] domain 0 2 #All the domain statements domain 1 2 #could be in the controller domain 2 2 #devmap instead. Your choice. #------------- 1090 instance 3 --------------------------[system] processors 1 ...
$ ap_create -a n This command creates a new (emulated) cryptographic coprocessor. $ ap_destroy -a n This command removes the indicated coprocessor process if it is not connected to a CP process. $ $ $ $ ap_von -a n ap_von -a n -d y ap_voff -a n ap_voff -a n -d y These commands vary online or vary offline connections between coprocessors and their processing queues. The optional y operand specifies a domain number. $ ap_vpd -a n This command lists vital product data for the indicated coprocessor.
//A EXEC ASMACLG,PARM.C=’NOXREF’,PARM.L=’NOLIST,NOMAP’ //C.
EXD FORM RANNUM * DC DC DC CL4’ ‘ CL8’RANDOM 2F’0’ ‘ EXIT DATA (ICSF) RULE FORM RANDON NUMBER DROP 12 DC 18F’0’ DC D’0’ WORK AREAS FOR UTILITY ROUTINES DC D’0’ WORK AREA DC D’0’ SPILL FROM SW2 UNPK INSTRUCTION DC CL80’ ‘ OUTPUT AREA DC CL80’ ‘ SOURCE OF BLANKS DC 2F’0’ SOURCE OF ZEROS DC 8F’0’ LOCAL REGISTER SAVE AREA SPACE *---------------------------------------------------------------* FORMAT 32 BYTES OF STORAGE INTO HEX. * INPUT: R1 CONTAINS ADDRESS OF DATA.
CPU 0 BASE CPU 1 IPL 190 PARM AUTOCR etc 142 IBM System z Personal Development Tool: Volume 3 Additional Topics
14 Chapter 14. License and serial number servers Important: If you have a simple zPDT system, with a single token connected to a USB port on your base Linux system, you can ignore this chapter. For more complex environments (including the use of multiple tokens) you should read this chapter carefully. Functions described in this chapter apply to zPDT release 41.46 and later. A zPDT system must have a license supplied by a 1090 or 1091 token.
this way. The client machine does not have a token and does not need a USB port. A client machine must have access to the license server as long as zPDT is operational on the client. Likewise, the client machine has access to a UIM server that supplies consistent serial numbers for the System z CPs. All zPDT systems have the client functionality but, by default, it is not configured for remote operation. If a token is installed zPDT will operate normally (with a local token).
When a central license server is used (or if multiple tokens are used) there needs to be a method of assigning unique serial numbers that do not change when once assigned. The general concept is shown in Figure 14-2 on page 145.
Once a zPDT instance is started (on a client) the license access must be maintained for the life of the zPDT instance. If the access is dropped, the zPDT instance will stop. (If the access is recovered, zPDT will start again.) The server(s) must be identified by resolvable domain names or by IP addresses. This is easy if they have direct, fixed IP address or domain names. It is not easy if DHCP-assigned addresses or NAT functions or VLAN4 networks are involved.
– If the local client UIM database contains a valid serial number that does not conflict with another client’s serial number (as stored in the UIM server database) that serial number is used. • If the client serial number (in the client UIM database) conflicts with a serial number in the UIM server database, the client operation fails. In this case, the client system may use the uimreset -l command to remove the serial number in the local UIM database.
Parameters are changed by simply overtyping them. Remember that configurations for two separate functions (license server and UIM server) are specified here. The general rules are these: The License ContactServer must be localhost (to specify that no remote license server is being used) or the address (IP address or domain address) of a zPDT token license server. One of these options must be specified. The default License PortNumber number for a license server is 9450.
$ uimserverstop (stop the UIM server) The uimserverstart command, in addition to starting the server, places entries in the Linux cron files such that the UIM server is restarted automatically (after 10 minutes) if it fails. It is also started automatically during a Linux reboot. The uimserverstop command stops the server and removes these cron entries. No other configuration is needed for the UIM server.
The uimcheck command should be used if there is any question about the state of the serial number on a zPDT machine. Any user may issue this command. Do not run SecureUpdateUtility from a client zPDT machine when using a remote license server. This utility cannot affect the tokens in the remote license server, but will attempt to access a token in the local PC. You may run SecureUpdateUtility in the license server, to update the tokens in the server.
The token is taken from system A for some reason, and the system A owner now wants to use remote license and UIM servers. With zPDT not running and working as root, he uses the clientconfig command to change the License ContactServer value in the client configuration file and restarts zPDT. The remote UIM server sees that system A has serial number 12345 recorded in its local UIM database. The server checks whether this serial number is assigned to any other system.
In this case, zPDT looks in the local UIM database for a serial number. If one is present, it is used. If the local UIM database does not exist (or if the uimreset command was used), the serial number of the local token is placed in the local UIM database and then used by zPDT. Using zPDT on the license/UIM server Suppose we want to run zPDT on the same machine that is running the license and UIM servers.
14.4.3 Security There are security aspects involving license server usage that should be understood. The SafeNet license server may have three lists of IP addresses (or domain names or ranges of IP addresses): The Authorized User List determines which systems can use a web interface to manage the SafeNet license server. The default list contains only one address: 127.0.0.1, which is the local host and is always allowed whether specified or not.
14.4.4 Resetting everything You can usually remove the local UIM serial numbers with the uimreset -l command. You can remove both the local UIM serial numbers and corresponding entries in the UIM server database with the uimreset -r command. If the local UIM database is corrupted, the uimreset command may fail. In this rare case you can delete the files in directory /usr/z1090/uim.
License - A logical function that enables one System z CP for a zPDT system. Multiple CPs require multiple licenses. The token functions provide licenses. License Monitor - A web browser interface that displays information about Sentinel Keys and clients using them. It is accessed at port 7002 on a Linux system running a license server. License Server - A network-accessible service that manages and dispenses zPDT licenses from a token.
Random serial number - This is a serial number that is unique, but is not tied to a token serial number. The UIM server generates and assigns these numbers. A random serial number can be used (by zPDT) with a license from any token. Serial numbers assigned from a token - In some cases (such as a “simple local system”) the System z serial number used by zPDT is taken from the token. UUID - This is a universally unique identifier. It is obtained from the Intel-compatible machine BIOS.
15 Chapter 15. Virtualization zPDT may be used in a virtual environment. Two environments have been tested for zPDT usage: VMWare products, all at the version 5.1.
Many options are available in a virtual environment. In some cases it is reasonable to substantially overcommit a virtual server; that is, to run virtual guests that (in total) could consume more memory or more processor cycles or more I/O activity than are actually available. This is typically done when the system administrator knows that the actual workloads are such that the overcommitment has no undesirable effects. zPDT (running z/OS) is typically a “heavy” workload.
It is possible to configure logical disk drives to be shared among multiple virtual guest machines. Do not do this unless you are absolutely certain you know what you are doing! Linux (which we assume is the basic operating system on all the virtual machines) does not routinely support shared disks.2 (To better understand the considerations, think about the disk cache that is so important for Linux performance.) 15.
An application named vSphere VCenter or vSphere VCenter Client (both run on Microsoft Windows5) must be downloaded (from VMWare) and used to define and manage virtual machines on the server.6 This is a requirement; it is not possible to manage the virtual machines by using the console on the server. The vCenter application (either the full or Client version) is used to define virtual machines (Linux1 and Linux2 in our example) and to operate them.
vCenter provides a graphical interface for defining virtual machines. It is quite simple to use: – Assign each virtual machine a name (we used Linux1 and Linux 2). – Place the virtual machine on a datastore. A later option allows you to specify the amount of datastore disk space to be assigned to the virtual machine. – Select a NIC. Ours was named NIC1 on the VMnetwork, and used an E1000 (virtual) interface.
Linux administration can be done using the vClient virtual console or through vnc. The vClient virtual console is convenient. Mouse usage is slightly unusual. When the mouse pointer is in the virtual console area, it works as expected. However, you must use the Ctrl-Alt keys to “release” the mouse pointer to work outside the virtual console window. Our first Linux guest and a remote Linux system were openSUSE 11.2 systems.
9.xxx.xxx.xxx External network OpenVPN 192.168.50.1 Server 192.168.50.2 WWPNs SAN VLAN 50 192.168.50.0/24 WWPNs Linux (guest) Linux (guest) Linux (guest) Linux (guest) VS1 VS2 VS3 VS4 192.168.50.10 192.168.51.10 192.168.52.10 192.168.50.20 192.168.51.20 192.168.52.20 192.168.50.30 192.168.51.30 192.168.52.30 192.168.50.40 192.168.51.40 192.168.52.40 RHEL SLES RHEL SLES LUNs 4 x 200 GB 4 x 800 GB zPDT Token and UIM Servers 8 GB 16 GB VLAN 51 192.168.51.
Also, control point functions are needed to temporarily attach real DVD drives or USB sockets to a virtual machine. Access to vClient is controlled by a password. Very little training is required to use vClient for basic operations; once introduced, the graphic controls are easy to use. The exposure is that a user can control multiple virtual machines. Access to an HMC is more complex and substantial training may be needed to use it.
Each virtual machine (for zPDT) had a base Linux. As usual, the Linux disk cache is a critical performance factor. Using the vCenter monitoring facilities we noted that the complete virtual machine memory was heavily used. We suggest that giving more memory to each virtual machine than you might provide in a non-virtual environment (without overcommitting memory) may improve performance. In effect, this allows more buffering of I/O to the real disks on the server. 15.4.
166 IBM System z Personal Development Tool: Volume 3 Additional Topics
Related publications The publications listed in this section are considered particularly suitable for a more detailed discussion of the topics covered in this book. IBM Redbooks For information about ordering these publications, see “How to get Redbooks” on page 167. Note that some of the documents referenced here may be available in softcopy only.
168 IBM System z Personal Development Tool: Volume 3 Additional Topics
Index Symbols /etc/z1090.d/uimd.db 145 /usr/z1090/bin/sntlconfig.
crontab entries 2 Customized Offerings Driver (COD) 48 HZSALLCP job 47 I D DASDVOL, RACF class 117 def_reserved_size, SCSI 20 det command 70 devmap, z/VM 54 devmapvm devmap 54 DHCP 108 DHCP and local router 108 DHCP client 108 DHCP-assigned addresses 146 directxa command 70 disabled waits, z/OS 48 discard command 70 disk changes 150 diskmap command 70 doOSAcmd command 99 dreg command 99 dshrmem command 99 dual boot, example 10 dumps, z/OS, disk space 25 I/O devices, number 13 IBM 3592-E05 TS1120 19 IBM
N NAT functions 146 network time server 2 non-QDIO 105 O OAT, multiple instances 76 OMVS, enabling usage 44 oprmsg usage 46 OSA notes 10 oversize parameter, x3270 25 P paging, with z/VM 71 Partition Magic 10 partitioning 11 path parameter 103 PC printer 41 peek command 70 port 3088 10 port 3270 10 port 3990 10, 118 port 9450, for token 10 port 9451 10 port number (IP) 145 PowerQuest Partition Magic 10 printing 40 printlog command 99 printtrace command 99 purge system prt all command 70 purge system rdr al
token command 150 token port number 10 token, dates 2 tokens, multiple 6 top command 100 tunnel environment, for OSA 111 zIIP 6 ZOSSERV.
IBM System z Personal Development Tool: Volume 3 Additional Topics IBM System z Personal Development Tool: Volume 3 Additional Topics IBM System z Personal Development Tool: Volume 3 Additional Topics IBM System z Personal Development Tool: Volume 3 Additional Topics (0.2”spine) 0.17”<->0.
IBM System z Personal Development Tool: Volume 3 Additional Topics IBM System z Personal Development Tool: Volume 3 Additional Topics
Back cover ® IBM System z Personal Development Tool Volume 3 Additional Topics System z Development Tool Full z/OS usage Linux base This IBM Redbooks publication introduces the IBM System z Personal Development Tool (zPDT), which runs on an underlying Linux system based on an Intel processor. zPDT provides a System z system on a PC capable of running current System z operating systems, including emulation of selected System z I/O devices and control units.
