System REXX & Health Checker I A practical approach Guide/Share Europe March 2015 jan de decker...
-
Upload
camron-ryan -
Category
Documents
-
view
229 -
download
11
Transcript of System REXX & Health Checker I A practical approach Guide/Share Europe March 2015 jan de decker...
System REXX & Health Checker I
A practical approach
Guide/Share Europe March 2015
jan de decker [email protected]
GSE March 2015GSE March 2015
Agenda
• System Rexx Basics• Discussion
GSE March 2015GSE March 2015
System Rexx BasicsWhat's in a name?
• Executes outside of conventional TSO/E and Batch environments
• Execs reside in REXXLIB concatenation• EXECs can be compiled or interpreted• PARMLIB member AXRxx from IEASYSxx• PARMLIB member CTIAXR00 for controlling
Component Trace
GSE March 2015GSE March 2015
System Rexx BasicsWhat's in a name?
• Additional functions to interact with the system• TSO=YES/NO environment• Problem state, APF authorized• Assembler API• Intended use is system, not application related
GSE March 2015GSE March 2015
Documentation
• Authorized Assembler Services Reference, Volume 1 (ALE-DYN) [SA22-7609-xx]
• Authorized Assembler Services Guide[SA22-7609-xx]
• System Commands [SA22-7627-xx]
GSE March 2015GSE March 2015
System Rexx BasicsAllocation of a REXXLIB dataset
GSE March 2015GSE March 2015
System Rexx BasicsManaging the Address Spaces
• Active if AXR address space is present• Starts automatically during Master Scheduler
Initialization• Should run in the SYSSTC service class• D A,AXR
• PARMLIB concatenation member AXRxx• Assembler API• Intended use is system, not application related
GSE March 2015GSE March 2015
System Rexx BasicsManaging the Address Spaces
• System REXX address space (AXR)• 8 TSO Server address spaces (AXR01-AXR08) in
which TSO=YES requests are processed• Must have user IDs defined• RACF group must have READ authority to the
PARMLIB and REXXLIB concatenation
GSE March 2015GSE March 2015
System Rexx BasicsManaging the Address Spaces
• AXR and AXR01 – AXR08 must be defined in • RACF class STARTED• ICHRIN03
GSE March 2015GSE March 2015
System Rexx BasicsManaging the Address Spaces
• Status?• F AXR,SYSREXX,STATUS • F AXR,SYSREXX,REXXLIB
• No STOP command, non-cancelable• FORCE AXR,ARM • AXR0103I SYSTEM REXX HAS ENDED
• Restart• S AXRPSTRT,AXR=xx
GSE March 2015GSE March 2015
Parmlib member AXRxx
• Command Prefix Facility CPF(‘@’,SYSPLEX)• REXXLIB concatenation (max 255 extents)• AXRUSER
• AXREXX macro is coded with SECURITY=BYAXRUSER
• address spaces that do not have bonafide security environments• MASTER• E.g. MPF exit
GSE March 2015GSE March 2015
AXRUSER
• ADDUSER siteuserid DFLTGRP(sitegroupid)• RDEFINE SURROGAT SYSREXX.* UACC(NONE)• PERMIT SYSREXX.* CL(SURROGAT)
ID(siteuserid) ACCESS(READ)• SETROPTS RACLIST(SURROGAT) REFRESH
GSE March 2015GSE March 2015
TSO=NO
• Executed in an MVS host command environment
• Sharing the AXR address space where it is executing with up to 63 other concurrently running TSO=NO execs
• Data set allocation other than provided by the AXREXX macro is not supported, only • REXXINDSN• REXXOUTDSN
GSE March 2015GSE March 2015
TSO=NO
• LINK • ATTACH • CPICOMM • LU62 • LINKMVS • ATTCHMVS • ATTCHPGM • APPCMVS
GSE March 2015GSE March 2015
TSO=YES
• Exec will run isolated in a dedicated address space
• Up to 8 TSO server address spaces• All environments of TSO=NO • Supports SYSCALL
GSE March 2015GSE March 2015
TSO=YES Commands
• ALLOCATE (except SYSOUT)
• ATTLIB • ATTRIB • CALL • DELETE • EXEC • FREE • HELP
• OUTTRAP • PROFILE • RECEIVE • RMM • SEND • SMCOPY • TIME • TRANSMIT
GSE March 2015GSE March 2015
TSO=YES profile attributes
• NOCHAR • NOLINE • NOPROMT • NOINTERCOM • NOPAUSE • MSGID
• NOMODE • WTPMSG • NORECOVER • PLANGUAGE(ENU) • SLANGUAGE(ENU) • VARSTORAGE(HIGH)
GSE March 2015GSE March 2015
Limits
• Up to 64 REXX worker tasks running TSO=NO execs
• Up to 8 TSO server address spaces running TSO=YES execs
• If all in use, the request is queued and the requestor is suspended if SYNC=YES is specified in the AXREXX macro
• At most 5000 active and waiting requests are allowed to exist
• Subsequent requests are rejected until the number of active and waiting requests drops to 4000
GSE March 2015GSE March 2015
Limits
• Up to 64 REXX worker tasks running TSO=NO execs
• Up to 8 TSO server address spaces running TSO=YES execs
• If all in use, the request is queued and the requestor is suspended if SYNC=YES is specified
• At most 5000 active and waiting requests are allowed to exist
• Subsequent requests are rejected until the number of active and waiting requests drops to 4000
GSE March 2015GSE March 2015
System Rexx functions• AXRWTO
– message text (1-CL126) to be issued via a WTO macro• AXRMLWTO
– multi-line WTO • AXRCMD
• issue a system command from within the exec• obtain one or more command responses
• AXRWAIT• wait for a specified amount of time in seconds
• AXRINFO• information about the environment under which the
| exec is running
GSE March 2015GSE March 2015
AXRCMD Extended
Get_Command_Response: parse upper arg command command = strip(command) response. = ''r_i = 0 rc = AXRCMD(command,'o_lines.',10)IF rc = 0 then do do while rc = 0 IF o_lines.0 >= 1 then do do o_i = 1 to o_lines.0 r_i = r_i + 1 response.r_i = o_lines.o_i end end rc=AXRCMD(,'o_lines.',10) end endelse do say 'AXRCMD' command 'returned non-zero return code:' rc return rc end response.0 = r_i return(0)
GSE March 2015GSE March 2015
AXREXX Macro Authorization
• Supervisor state• PKM 0-7• PSW key 0-7• APF-authorized
GSE March 2015GSE March 2015
AXREXX Macro Usage
• Replace assembler exits with – Stub to call the exec– Rexx coding
• Example in SYS1.SAMPLIB• RACEXITS Contains assembler stub coding
for RACF password-phrase-exit ICHPWX11• IRRPHREX System REXX
GSE March 2015GSE March 2015
AXREXX Macro
GSE March 2015GSE March 2015
From scratch: SETROPTX
• First customer build System REXX• A System REXX that reports on the RACF
options regarding passwords• Output goes to the system log
GSE March 2015GSE March 2015
SETROPTX IRRXUTIL API Usage
• REXX Interface to R_Admin• Security Server Macros and Interfaces
[SA22-7682-xx]
• Security Server Callable Services[SA22-7691-xx]
• READ access to IRR.RADMIN.STROPTS.LIST in class FACILITY
GSE March 2015GSE March 2015
SETROPTX RACF
• Define a group for the AXR AS userids • Define userids AXR & AXR01-AXR08• Define entries in STARTED or ICHRIN03• Define the siteuser
GSE March 2015GSE March 2015
SETROPTX System
I. Allocate your REXXLIB datasetII. Create a PARMLIB concatenation member
AXRxx• Siteuserid• Your System Rexx dataset
III. Optionally adapt IEASYSxxIV. Stop System REXX (Force arm)V. Restart System REXX
GSE March 2015GSE March 2015
SETROPTXExtract the SETROPTS settings
myrc=IRRXUTIL("EXTRACT","_SETROPTS","_SETROPTS","RES")if (word(myrc,1)<>0) then do say « IRRXUTIL Return code = "myrc say « Processing stops." exit 1 end
GSE March 2015GSE March 2015
SETROPTXProcess the results (snippet)
say "The following password policy rules are in effect:"if RES.BASE.MIXDCASE.1 = "TRUE" then say " Mixed case passwords are allowed."else say " Mixed case passwords are not allowed." etc…
GSE March 2015GSE March 2015
SETROPTX Execution
GSE March 2015GSE March 2015