System REXX & Health Checker I

A practical approach

Guide/Share Europe March 2015

jan de decker jan@jedsp.net

GSE March 2015GSE March 2015

Agenda

• System Rexx Basics• Discussion

GSE March 2015GSE March 2015

System Rexx BasicsWhat's in a name?

• Executes outside of conventional TSO/E and Batch environments

• Execs reside in REXXLIB concatenation• EXECs can be compiled or interpreted• PARMLIB member AXRxx from IEASYSxx• PARMLIB member CTIAXR00 for controlling

Component Trace

GSE March 2015GSE March 2015

System Rexx BasicsWhat's in a name?

• Additional functions to interact with the system• TSO=YES/NO environment• Problem state, APF authorized• Assembler API• Intended use is system, not application related

GSE March 2015GSE March 2015

Documentation

• Authorized Assembler Services Reference, Volume 1 (ALE-DYN) [SA22-7609-xx]

• Authorized Assembler Services Guide[SA22-7609-xx]

• System Commands [SA22-7627-xx]

GSE March 2015GSE March 2015

System Rexx BasicsAllocation of a REXXLIB dataset

GSE March 2015GSE March 2015

System Rexx BasicsManaging the Address Spaces

• Active if AXR address space is present• Starts automatically during Master Scheduler

Initialization• Should run in the SYSSTC service class• D A,AXR

• PARMLIB concatenation member AXRxx• Assembler API• Intended use is system, not application related

GSE March 2015GSE March 2015

System Rexx BasicsManaging the Address Spaces

• System REXX address space (AXR)• 8 TSO Server address spaces (AXR01-AXR08) in

which TSO=YES requests are processed• Must have user IDs defined• RACF group must have READ authority to the

PARMLIB and REXXLIB concatenation

GSE March 2015GSE March 2015

System Rexx BasicsManaging the Address Spaces

• AXR and AXR01 – AXR08 must be defined in • RACF class STARTED• ICHRIN03

GSE March 2015GSE March 2015

System Rexx BasicsManaging the Address Spaces

• Status?• F AXR,SYSREXX,STATUS • F AXR,SYSREXX,REXXLIB

• No STOP command, non-cancelable• FORCE AXR,ARM • AXR0103I SYSTEM REXX HAS ENDED

• Restart• S AXRPSTRT,AXR=xx

GSE March 2015GSE March 2015

Parmlib member AXRxx

• Command Prefix Facility CPF(‘@’,SYSPLEX)• REXXLIB concatenation (max 255 extents)• AXRUSER

• AXREXX macro is coded with SECURITY=BYAXRUSER

• address spaces that do not have bonafide security environments• MASTER• E.g. MPF exit

GSE March 2015GSE March 2015

AXRUSER

• ADDUSER siteuserid DFLTGRP(sitegroupid)• RDEFINE SURROGAT SYSREXX.* UACC(NONE)• PERMIT SYSREXX.* CL(SURROGAT)

ID(siteuserid) ACCESS(READ)• SETROPTS RACLIST(SURROGAT) REFRESH

GSE March 2015GSE March 2015

TSO=NO

• Executed in an MVS host command environment

• Sharing the AXR address space where it is executing with up to 63 other concurrently running TSO=NO execs

• Data set allocation other than provided by the AXREXX macro is not supported, only • REXXINDSN• REXXOUTDSN

GSE March 2015GSE March 2015

TSO=NO

• LINK • ATTACH • CPICOMM • LU62 • LINKMVS • ATTCHMVS • ATTCHPGM • APPCMVS

GSE March 2015GSE March 2015

TSO=YES

• Exec will run isolated in a dedicated address space

• Up to 8 TSO server address spaces• All environments of TSO=NO • Supports SYSCALL

GSE March 2015GSE March 2015

TSO=YES Commands

• ALLOCATE (except SYSOUT)

• ATTLIB • ATTRIB • CALL • DELETE • EXEC • FREE • HELP

• OUTTRAP • PROFILE • RECEIVE • RMM • SEND • SMCOPY • TIME • TRANSMIT

GSE March 2015GSE March 2015

TSO=YES profile attributes

• NOCHAR • NOLINE • NOPROMT • NOINTERCOM • NOPAUSE • MSGID

• NOMODE • WTPMSG • NORECOVER • PLANGUAGE(ENU) • SLANGUAGE(ENU) • VARSTORAGE(HIGH)

GSE March 2015GSE March 2015

Limits

• Up to 64 REXX worker tasks running TSO=NO execs

• Up to 8 TSO server address spaces running TSO=YES execs

• If all in use, the request is queued and the requestor is suspended if SYNC=YES is specified in the AXREXX macro

• At most 5000 active and waiting requests are allowed to exist

• Subsequent requests are rejected until the number of active and waiting requests drops to 4000

GSE March 2015GSE March 2015

Limits

• Up to 64 REXX worker tasks running TSO=NO execs

• Up to 8 TSO server address spaces running TSO=YES execs

• If all in use, the request is queued and the requestor is suspended if SYNC=YES is specified

• At most 5000 active and waiting requests are allowed to exist

• Subsequent requests are rejected until the number of active and waiting requests drops to 4000

GSE March 2015GSE March 2015

System Rexx functions• AXRWTO

– message text (1-CL126) to be issued via a WTO macro• AXRMLWTO

– multi-line WTO • AXRCMD

• issue a system command from within the exec• obtain one or more command responses

• AXRWAIT• wait for a specified amount of time in seconds

• AXRINFO• information about the environment under which the

| exec is running

GSE March 2015GSE March 2015

AXRCMD Extended

Get_Command_Response: parse upper arg command command = strip(command) response. = ''r_i = 0 rc = AXRCMD(command,'o_lines.',10)IF rc = 0 then do do while rc = 0 IF o_lines.0 >= 1 then do do o_i = 1 to o_lines.0 r_i = r_i + 1 response.r_i = o_lines.o_i end end rc=AXRCMD(,'o_lines.',10) end endelse do say 'AXRCMD' command 'returned non-zero return code:' rc return rc end response.0 = r_i return(0)

GSE March 2015GSE March 2015

AXREXX Macro Authorization

• Supervisor state• PKM 0-7• PSW key 0-7• APF-authorized

GSE March 2015GSE March 2015

AXREXX Macro Usage

• Replace assembler exits with – Stub to call the exec– Rexx coding

• Example in SYS1.SAMPLIB• RACEXITS Contains assembler stub coding

for RACF password-phrase-exit ICHPWX11• IRRPHREX System REXX

GSE March 2015GSE March 2015

AXREXX Macro

GSE March 2015GSE March 2015

From scratch: SETROPTX

• First customer build System REXX• A System REXX that reports on the RACF

options regarding passwords• Output goes to the system log

GSE March 2015GSE March 2015

SETROPTX IRRXUTIL API Usage

• REXX Interface to R_Admin• Security Server Macros and Interfaces

[SA22-7682-xx]

• Security Server Callable Services[SA22-7691-xx]

• READ access to IRR.RADMIN.STROPTS.LIST in class FACILITY

GSE March 2015GSE March 2015

SETROPTX RACF

• Define a group for the AXR AS userids • Define userids AXR & AXR01-AXR08• Define entries in STARTED or ICHRIN03• Define the siteuser

GSE March 2015GSE March 2015

SETROPTX System

I. Allocate your REXXLIB datasetII. Create a PARMLIB concatenation member

AXRxx• Siteuserid• Your System Rexx dataset

III. Optionally adapt IEASYSxxIV. Stop System REXX (Force arm)V. Restart System REXX

GSE March 2015GSE March 2015

SETROPTXExtract the SETROPTS settings

myrc=IRRXUTIL("EXTRACT","_SETROPTS","_SETROPTS","RES")if (word(myrc,1)<>0) then do say « IRRXUTIL Return code = "myrc say « Processing stops." exit 1 end

GSE March 2015GSE March 2015

SETROPTXProcess the results (snippet)

say "The following password policy rules are in effect:"if RES.BASE.MIXDCASE.1 = "TRUE" then say " Mixed case passwords are allowed."else say " Mixed case passwords are not allowed." etc…

GSE March 2015GSE March 2015

SETROPTX Execution

GSE March 2015GSE March 2015

System REXX Basics

Questions & Answers

jan de decker jan@jedsp.net

GSE March 2015