This article presents a sample of what the Customization Dialog's generated instructions might look like. This is a sample only--you must use the instructions generated from your own variables when configuring your system.
----------------------------------------------- The customization dialog has created jobs based on the information you provided. These instructions tell you how to modify the operating system and run the jobs to customize WebSphere for z/OS. RULES: 1. If you created the target data sets (*.CNTL and *.DATA) on another (driving) system, you must copy them to the target system and give them the same data set names. 2. You must perform these instructions on your target system. Doing manual configuration updates ---------------------------------- The customization dialog for WebSphere for z/OS does not attempt to update configuration data for your base operating system or existing subsystems. You must do the following manual steps prior to running the WebSphere for z/OS configuration jobs. Perform these steps to do manual configuration updates: 1. Update BLSCUSER. Refer to member BBOIPCSP in 'USERID.TODAY.CNTL' In order to use the IPCS support provided by the product, append the contents of this member to the BLSCUSER member in your IPCSPARM or system PARMLIB datasets. ------------------------------------------------------------------- 2. Update SCHEDxx. Refer to member BBOSCHED in 'USERID.TODAY.CNTL' In order to set the correct program properties for the WebSphere for z/OS run-time executables, append the contents of this member to the SCHEDxx member in your system PARMLIB concatenation. Note: When you are finished, issue the command SET SCH=(xx,xx) to activate SCHEDxx and load a new program properties table. ------------------------------------------------------------------- 3. Make sure the following data sets are APF-authorized: DBEL.WASX.SBBOLPA DBEL.WASX.SBBOLOAD DBEL.WASX.SBBGLOAD DBEL.WASX.SBBOLD2 Add these datasets to your PROGxx or IEAAPFxx parmlib members, as appropriate, ensuring you specify the correct volsers. ------------------------------------------------------------------- 4. Update your active BPXPRMxx member to have the following WebSphere for z/OS configuration file system: OMVS.WAS.CONFIG.HFS mounted at: /WebSphere/V6R1 in read/write mode. EXAMPLE: MOUNT FILESYSTEM('OMVS.WAS.CONFIG.HFS') MOUNTPOINT('/WebSphere/V6R1') TYPE(HFS) MODE(RDWR) ------------------------------------------------------------------- 5. Update TCP/IP by reserving the following ports for WebSphere for z/OS: SOAP JMX Connector port - 8879 CELL DISCOVERY ADDRESS port - 7277 ORB port - 9809 Administrative console port - 9060 Administrative console secure port - 9043 High Availability Manager Communications port - 9352 Daemon IP port - 5755 Daemon SSL port - 5756 View member BBOTCPID in 'USERID.TODAY.CNTL' Add the contents of this member to the PORT section of the file referenced by the DD statement for the TCP/IP profile in the TCP/IP start procedure. Cut and paste from this member into the data set used by your installation. ATTENTION: If another application has already reserved any of these ports for its own use, you must resolve the resulting conflict before you continue. If you update the WebSphere for z/OS customization dialog with new port specifications, be sure to regenerate the customization jobs, data, and instuctions. ------------------------------------------------------------------- 6. The WebSphere product libraries will be placed in STEPLIB as needed, rather than in the system link pack area and system link list. Make sure that the target MVS system has at least 8MB of free storage in extended CSA for the daemon and for EACH node (deployment manager node or application server node). SBBOLOAD and SBBOLD2: ==================== The following data sets will be placed in the STEPLIB concatenation for the location service daemon, controller and servant regions, and in the setupCmdLine.sh script in the WebSphere Configuration file system. You must not remove these STEPLIB statements. DBEL.WASX.SBBOLOAD DBEL.WASX.SBBOLD2 BBORTS61: ========= The BBORTS61 module is used by WebSphere Application Server for component trace support. A copy of this module (any maintenance level) must be in the system link pack area in order for CTRACE to work correctly. If a copy of BBORTS61 is currently loaded into LPA, you need take no further action. Otherwise, issue the following MVS console command to load BBORTS61 into dynamic LPA: SETPROG LPA,ADD,MODNAME=BBORTS61, DSNAME=DBEL.WASX.SBBOLPA Alternatively, you can place the following statement in a parmlib PROGxx member which is activated with the SET PROG= command after system IPL is complete: LPA ADD MODNAME(BBORTS61) DSNAME(DBEL.WASX.SBBOLPA) Make sure that the BBORTS61 module is loaded into LPA after each system IPL. ------------------------------------------------------------------- 7. WebSphere for z/OS customization assumes that the following system data sets are in the system link list or link pack area: Language Environment® SCEERUN SCEERUN2 System SSL SGSKLOAD (z/OS 1.5 and below) SIEALNKE (z/OS 1.6 and above) Placing these data sets in the link list or link pack area improves performance and insulates your WebSphere for z/OS configuration from changes in data set names (for example, when migrating to z/OS 1.6). If the Language Environment or System SSL load module libraries are not in your system link list or link pack area, you must perform the following steps before starting any WebSphere Application Server for z/OS servers: - Make sure the data sets are APF-authorized - Complete the optional step below to add the data sets to STEPLIB in the server JCL and setupCmdLine.sh script(s). If you regenerate server cataloged procedures at any point, make sure the data sets are added to the new cataloged procedures. ------------------------------------------------------------------- 8. If the error logstream WAS.ERROR.LOG does not already exist on your target system, make a copy of the appropriate job in the SBBOJCL data set, customize it according to the comments in the job, and run it: BBOERRLC Create an error logstream in a coupling facility BBOERRLD Create a DASD-only error logstream ------------------------------------------------------------------- 9. WebSphere for z/OS regions open a large number of files (more than 1024). Make sure your BPXPRMxx parmlib member(s) specify a value of MAXFILEPROC that is greater than or equal to 2000. Use the following MVS console command to see your current MAXFILEPROC setting: D OMVS,OPTIONS Running the customized jobs --------------------------- The customization dialog built a number of batch jobs with the variables you supplied. You must run the jobs in the order listed below using user IDs with the appropriate authority. BEFORE YOU BEGIN: Complete the section above entitled "Doing manual configuration updates". Follow the table below, which lists in order the jobs you must submit and the commands you must enter. Special handling notes are included in the table. All jobs are members of USERID.TODAY.CNTL Attention: After submitting each job, carefully check the output. Errors may exist even when all return codes are zero. +-----------+----------------------------------------------------------+ | | The next three jobs (BBOSBRAJ, BBOSBRAK, BBOSBRAM) | | | do not need to be run if the indicated groups, user IDs | | | and directories already exist with the correct gid, | | | uid and ownership permission values, as given below. | +-----------+----------------------------------------------------------+ | BBOSBRAJ | User ID requirement: Authority to update data set | +-----------+ | | Done: | USERID.TODAY.DATA. | | | | | | This job builds (but does not execute) the RACF® commands| | By: | to create common WebSphere for z/OS groups and user IDs: | | | | | | Configuration group: WSCFG1 (gid 2500) | | | Servant group: WSSR1 (gid 2501) | | | Local user group: WSCLGP (gid 2502) | | | File system owner user ID: WSOWNER (uid 2405) | | | | | | The commands are placed into member BBOSBRAK of data set | | | USERID.TODAY.DATA. | | | | | | Carefully review these definitions with your security | | | administrator. | +-----------+----------------------------------------------------------+ | BBOSBRAK | User ID requirement: RACF special authority. | +-----------+ | | Done: | This job executes the RACF commands created by the | | | previous job. If the group and user IDs named above | | | have already been created during a previous WebSphere | | | for z/OS configuration and are in all target system RACF | | | database(s), you do not need to rerun this job. | | | | | | RESULT: You may receive errors, such as INVALID USER | | | messages, from this job because a user ID, group or | | | profile is already defined. Make sure the existing | | | user ID, group or profile has the same characteristics | | | as the user ID, group or profile being created by | | | BBOSBRAK. If not, then change the values in the | | | customization dialog which are causing the conflict, | | | regenerate the customization jobs, and restart the | | | process. | | | | | | When this step is complete, all groups and user IDs | | | listed above for job BBOSBRAJ should be defined in the | | | RACF database on each target system for the cell. | | | Note: the WAS owner user ID WSOWNER MUST have the WAS | | | configuration group WSCFG1 as its default OMVS group. | | | | | By: | | | | | +-----------+----------------------------------------------------------+ | BBOSBRAM | User ID requirement: UID=0. | +-----------+ | | Done: | This job creates home directories for WebSphere for z/OS | | | user IDS. These home directories will be subdirectories | | | of /var/WebSphere/home | | By: | | | | This job will: | | | | | | Create the following directory with permission bits 755: | | | | | | /var/WebSphere/home | | | | | | Create the following directory with ownership | | | WSOWNER:WSCFG1 and permission bits 770: | | | | | | /var/WebSphere/home/WSCFG1 | | | | | | Create the following directory with ownership | | | WSOWNER:WSSR1 and permission bits 770: | | | | | | /var/WebSphere/home/WSSR1 | | | | | | Create the following directory with ownership | | | WSOWNER:WSCLGP and permission bits 770: | | | | | | /var/WebSphere/home/WSCLGP | | | | | | This job should be run on each z/OS system that will | | | host WebSphere Application Server nodes using these | | | WebSphere for z/OS common groups and owner user ID. | | | After execution, verify that the directories have been | | | created with the correct permissions on each system. | | | | | | If these directories already exist with the specified | | | ownership and permission on a target system, then this | | | job does not need to be run on that system. | | | | | | ATTENTION: If the directory | | | /var/WebSphere/home | | | is used by applications other than WebSphere Application | | | Server, make sure that the permissions set by | | | BBOSBRAM (755) are appropriate, or change them manually. | | | This directory must be world-readable for Websphere | | | Application Server to run correctly. | +-----------+----------------------------------------------------------+ | BBODBRAJ | User ID requirement: Authority to update data set | +-----------+ | | Done: | USERID.TODAY.DATA | | | | | | This job builds (but does not execute) the RACF commands | | | for the WebSphere for z/OS run-time clusters and places | | By: | them into member BBODBRAK of data set | | | | | | USERID.TODAY.DATA | | | | | | Carefully review these definitions with your security | | | administrator. | +-----------+----------------------------------------------------------+ | BBODBRAK | User ID requirement: RACF special authority. | +-----------+ | | Done: | This job executes the RACF commands set up in the | | | previous job. | | | | | | This job creates the WebSphere administrator ID WSADMIN | | | without a password. You must assign this user ID a | | | password(or password phrase) | | | that complies with your institution standards; | | | this is also the password | | | (or password phrase) that will be used | | | when logging | | | on to the WebSphere Application Server administrative | | | console. | | | | | | Enter the following RACF command to assign a password: | | | | | | ALTUSER WSADMIN PASSWORD(password) NOEXPIRED | | | | | | Enter the following RACF command to assign a | | | password phrase: | | | | | | ALTUSER WSADMIN PHRASE('password phrase') NOEXPIRED | | | | | | If you are using a different security system, make sure | | | that the WSADMIN user ID has a password | | | (or password phrase). | | | | | | | | By: | RESULT: You may receive errors, such as INVALID USER | | | messages, from this job because a user ID, group or | | | profile is already defined. Make sure the existing | | | user ID, group or profile has the same characteristics | | | as the user ID, group or profile being created by | | | BBODBRAK. If not, then change the values in the | | | customization dialog which are causing the conflict, | | | regenerate the customization jobs, and restart the | | | process. | | | | +-----------+----------------------------------------------------------+ | -------- | Check user ID authorizations. | +-----------+ | | Done: | Make sure the WSCFG1 group has read access to all | | | WebSphere product data sets, as well as to any other | | | data sets which will be placed in WebSphere for z/OS | | | cataloged procedure STEPLIB concatenations. | | | | | | Make sure the following user IDs have read access to | | By: | the resolver configuration file in use on your system. | | | Depending on your IP setup, this file may be | | | /etc/resolv.conf, SYS1.TCPPARMS(TCPDATA), or another | | | data set. | | | | | | DMCR1 | | | DMSR1 | | | | | | See the z/OS eNetwork Communication Server IP | | | Configuration manual for the resolver search order. | | | | | | Ensure the following user ID has read access to the data | | | sets in your system parmlib concatenation: | | | | | | WSDMNCR1 | | | | | | ATTENTION: | | | | | | If operator commands are protected by the z/OS security | | | server at your installation, you must ensure that | | | sufficient authority is given to WebSphere tasks to | | | control operations. | | | | | | The Deployment Manager controller user ID (DMCR1) | | | needs the ability to perform operations on started | | | tasks belonging to WebSphere Application Server for | | | z/OS. | | | | | | The asynchronous administrator user ID, and any user | | | ID used to run the federation job when the node agent | | | is started automatically, need the authority to issue | | | the MVS START command. | | | | | | If you are currently controlling MVS console command | | | authority with SAF OPERCMDS profiles, grant the | | | following authorities as indicated, substituting your | | | own profile names: | | | | | | PERMIT START_profile_name CLASS(OPERCMDS) | | | ID (DMCR1 ) ACCESS(UPDATE) | | | | | | PERMIT STOP_profile_name CLASS(OPERCMDS) | | | ID (DMCR1 ) ACCESS(UPDATE) | | | | | | PERMIT MODIFY_profile_name CLASS(OPERCMDS) | | | ID (DMCR1 ) ACCESS(UPDATE) | | | | | | PERMIT CANCEL_profile_name CLASS(OPERCMDS) | | | ID (DMCR1 ) ACCESS(UPDATE) | | | | | | PERMIT FORCE_profile_name CLASS(OPERCMDS) | | | ID (DMCR1 ) ACCESS(UPDATE) | | | | | | You must also grant the appropriate console command | | | authority to any user ID that executes the | | | startServer.sh or stopServer.sh script. | | | | +-----------+----------------------------------------------------------+ | BBODCHFS | User ID requirement: UID=0 and authority to allocate | +-----------+ | | Done: | OMVS.WAS.CONFIG.HFS | | | | | | ATTENTION: Skip this step if the mount point is already | | | created, such as for the stand-alone Application Server. | | | | | By: | This job: | | | | | | o Creates a mount point directory | | | | | | /WebSphere/V6R1 | | | | | | o Allocates the configuration file system using | | | the Hierarchical File System (HFS) | | | | | | OMVS.WAS.CONFIG.HFS | | | | | | and mounts it at the above mount point. | | | | | | DO NOT RUN THIS JOB IF: | | | 1. The configuration file system already exists and is | | | mounted at the desired mountpoint, or if | | | | | | 2. The mount point directory is controlled by | | | automount. Either disable the automount rule for | | | the configuration mount point while running this | | | job, or perform the following steps manually: | | | | | | a. Allocate the configuration file system data set. | | | b. Issue the following shell commands, which will | | | also cause automount to mount the file system | | | | | | chmod 775 /WebSphere/V6R1 | | | chown WSOWNER:WSCFG1 /WebSphere/V6R1 | | | | | | | | | BEFORE YOU BEGIN: The BBODCHFS job assumes your root | | | file system is mounted in read/write mode. If the root | | | file system is not mounted in read/write mode, manually | | | create the directory | | | | | | /WebSphere/V6R1 | | | | | | and any needed higher directories. Set file permissions | | | to 775 and set the owning user ID and group to WSOWNER | | | and WSCFG1 before running BBODCHFS. | | | | | | EXAMPLE: If you plan to use /WebSphere/V6R0 as your | | | directory, issue the following commands from within the | | | OMVS shell: | | | | | | mkdir -p -m 775 /WebSphere/V6R0 | | | chown -R WSOWNER:WSCFG1 /WebSphere | | | | +-----------+----------------------------------------------------------+ | BBODHFSA | User ID requirement: UID=0. | +-----------+ | | Done: | This job populates the previously-created file system. | | | | | | Upon completion, examine the job output. Success is | | By: | indicated with a RC=0 in the job output. | | | | +-----------+----------------------------------------------------------+ | BBODCPY1 | User ID requirement: update authority for: | +-----------+ | | Done: | | | | | | | SYS1.PROCLIB | | By: | | | | | | | This job copies the tailored start procedures, | | | parameters, and EXECs to the run-time product libraries. | | | | | | ATTENTION: Be aware that you may overlay existing | | | members in the above data set. | | | | +-----------+----------------------------------------------------------+ | BBOWWPFD | User ID requirement: UID=0. | +-----------+ | | Done: | This job sets up the runtime file system. | | | | | | | | By: | Upon completion, examine the job output. Success is | | | indicated by rc=0. | | | | | | Note: If the BBOWWPFD (profile creation) job fails, | | | delete the WAS_HOME/profiles/default directory and all | | | its contents before rerunning BBOWWPFD. | | | | +-----------+----------------------------------------------------------+ | BBODHFSB | User ID requirement: UID=0. | +-----------+ | | Done: | This job will complete the file system initialization. | | | | | | Upon completion, examine the job output. Success is | | By: | indicated with a RC=0 in the job output. | | | | +-----------+----------------------------------------------------------+ | -------- | All WebSphere Application Server processes require | +-----------+ access to the Language Environment and System SSL load | | Done: | modules. | | | | | | If the SCEERUN, SCEERUN2 and System SSL load module | | | libraries are not in the system link list or link pack | | | area, add them to the STEPLIB DD concatenation in each | | | of the following cataloged procedures in | | | SYS1.PROCLIB: | | | | | | BBO6DCRZ | | | BBO6DSRZ | | | BBO6DMNZ | | | | | | and also add the full data set names, separated by | | | colons (:), to the STEPLIB variable in the shell script | | | | | | /WebSphere/V6R1/ | | | DeploymentManager/ | | | profiles/default/bin/setupCmdLine.sh | | By: | | | | When modifying the setupCmdLine.sh script, do not | | | remove lines or comment them out, as this may cause | | | problems with automated updates to the script. | | | | | | Add only those data sets which are NOT in the link list | | | or link pack area. | | | | +-----------+----------------------------------------------------------+ | -------- | Make sure Resource Recovery Services (RRS) is active. | +-----------+ (See the InfoCenter for setup instructions if necessary.)| | Done: | Look for the following console message to verify that | | | RRS was successfully started: | | | | | By: | | | | ASA2011I RRS INITIALIZATION COMPLETE. COMPONENT | | | ID=SCRRS | | | | +-----------+----------------------------------------------------------+ | -------- | If your system is busy, you may want to include a rule | +-----------+ in your WLM policy that OMVS work for job BBODMGR | | Done: | (such as the postinstaller step) is to run in a service | | | class with a high service objective. | | By: | | +-----------+----------------------------------------------------------+ | -------- | Start the Deployment Manager. | +-----------+ | | Done: | Issue the MVS command | | | | | | START BBO6DCR,JOBNAME=BBODMGR, | | | ENV=MCLXCF01.MCLXCF01.BBODMGR | | | | | By: | This command starts the Deployment Manager and also | | | starts the location service daemon. Wait until the | | | server is finished initializing before proceeding. | | | | | | RESULT: The following message appears on the console and | | | in the job log of BBODMGR | | | | | | BBOO0019I INITIALIZATION COMPLETE FOR WEBSPHERE FOR | | | z/OS CONTROL PROCESS BBODMGR | | | | +----------------------------------------------------------------------+ | The product is now configured for a Deployment Manager. | | | +-----------+----------------------------------------------------------+ Note: At this point of the configuration, if you want to federate a managed node or stand-alone Application Server node, you will need to do the following steps: Choose option 3 Create Network Deployment cells and nodes, from the WebSphere Application Server for z/OS Customization main menu Choose option 3 Federate an existing stand-alone application server node into an existing Network Deployment cell +-----------+----------------------------------------------------------+ | To start the Deployment Manager, issue the following MVS command: | | | | START BBO6DCR,JOBNAME=BBODMGR, | | ENV=MCLXCF01.MCLXCF01.BBODMGR | | | | To stop the WebSphere for z/OS servers, enter the MVS command: | | | | STOP BBODMNC | | | +----------------------------------------------------------------------+ The following is a useful script that helps you define security controls. It is in data set 'USERID.TODAY.DATA' +-----------+----------------------------------------------------------+ | BBODBRAC | This is a sample exec that you may modify to include | +-----------+ installation-specific RACF controls. This exec defines | | Done: | all the user IDs and groups that are necessary and | | | sufficient for installing WebSphere for z/OS. | | | | | By: | Additionally, there are commented sections for other | | | components that might be used (SSL, for example). | +-----------+----------------------------------------------------------+