Universal Command Manager for z/OS
Overview
This page provides information on Universal Command (UCMD) Manager specific to the z/OS operating system.
UCMD Manager executes commands on any computer running the UCMD Server component.
You indicate to the UCMD Manager what command(s) to execute and how the standard input and output and error data should be processed. The UCMD Manager connects to the UCMD Server and processes your request.
The z/OS Batch Manager provides a batch job interface to remote computers running the UCMD Server component. The UCMD Manager executes remote commands as they would be if you entered them directly on the remote command line. Standard input and output and error files are supplied using JCL DD statements.
UCMD Manager registers with a locally running Universal Broker. Consequentially, a Universal Broker must be running in order for a UCMD Manager to execute.
Usage
UCMD Manager for z/OS executes as a batch job. It consists of:
- Batch JCL
- Configuration options
This section describes the JCL, configuration and configuration options, and command line syntax of UCMD Manager for z/OS.
JCL Procedure
The following figure illustrates the UCMD Manager for z/OS JCL procedure (UCMDPRC, located in the SUNVSAMP library) that is provided with the Universal Agent for z/OS installation to simplify the execution JCL and future maintenance.
The procedure provides the parameters STDIN, STDOUT, and STDERR to specify the stdin, stdout, and stderr files, respectively, of the remote command.
The UPARM parameter is used to specify EXEC PARM keyword values for the UCMD program. The PARM values to the left of the slash ( / ) character are IBM Language Environment parameters.
For information regarding the Time Zone (TZ) environment variable, see z/OS Installation - Time Zone Environment Variable.
The UCMDPRE parameter specifies the data set name prefix of Universal Agent installation data sets.
DD Statements Used in JCL Procedure
The following table describes the DD statements used in the UCMD Manager for z/OS JCL procedure, above.
ddname | DCB Attributes * | Mode | Description |
---|---|---|---|
STEPLIB | DSORG=PO, | input | Universal Agent load library containing the program being executed. |
UNVNLS | DSORG=PO, | input | Universal Agent national language support library. Contains message catalogs and code page translation tables. |
UNVTRACE | DSORG=PS, | output | UCMD trace output. |
UNVOUT | DSORG=PS, | output | Remote command's stdout file. When the remote command writes to its stdout file, this is the file to which it writes. |
UNVERR | DSORG=PS, | output | Remote command's stderr file. When the remote command writes to its stderr file, this is the file to which it writes. |
UNVIN | DSORG=PS, | input | Remote command's stdin file. When the remote command reads from its stdin file, this is the file from which it reads. |
SYSPRINT | DSORG=PS, | output | Standard output file for the UCMD program. UCMD does not write any messages to SYSPRINT. |
SYSOUT | DSORG=PS, | output | Standard error file for the UCMD program. UCMD writes its messages to SYSOUT. |
* The C runtime library determines the default DCB attributes. See the IBM manual OS/390 C/C++ Programming Guide for details on default DCB attributes for stream I/O.
DD Statement Categories
UCMD Manager DD statements are organized into the following categories:
Category | DD Statements |
---|---|
Runtime specifications | STEPLIB and UNVNLS. |
Remote command standard files (stdin, stdout, and stderr) | UNVIN, UNVOUT, and UNVERR. |
UCMD message and command files (stdin, stdout, and stderr) | SYSPRINT, SYSOUT, and UNVTRACE. |
Command files | User-defined DD statements to which Universal Command commands refer. |
UNVIN Concatenation Requirements
Sequential data sets can be concatenated on the UNVIN ddname. When the UNVIN ddname is open, it is treated as a single data set with the following attributes:
- The RECFM of the first data set in the concatenation.
- The LRECL of the first data set in the concatenation.
- The BLKSIZE of the largest block size in the concatenation.
IBM does not support concatenating data sets with differing RECFM values or LRECL values larger then the first data set in the concatenation. Unpredictable results, including ABENDs, may occur when these rules are not followed.
IBM documents concatenation rules in the IBM C/C++ Programming Guide.
JCL
The following figure illustrates the UCMD Manager for z/OS JCL using the UCMDPRC JCL procedure, above.
Job step STEP1 executes the procedure UCMDPRC with the STDOUT parameter set to a value that allocates a local file.
The command options are specified on the SYSIN DD.
Configuration
Configuration consists of:
- Setting default options and preferences for all executions of UCMD Manager.
- Setting options and preferences for a single execution of UCMD Manager.
These configuration options are read from the following sources:
- PARM keyword (command line)
- SYSIN ddname (command line)
- Command file ddname
- Configuration file
The order of precedence is the same as the list above; PARM keyword options being the highest and configuration file being the lowest. That is, options specified via a PARM keyword override options specified via a SYSIN ddname, and so on.
For detailed information on these methods of configuration, see Configuration Management.
Configuration File
The configuration file provides the simplest method of specifying default configuration options whose values you do not want changed with each command invocation. These values are used if the options are not read from one or more other sources.
Some options only can be specified in the configuration file; they have no corresponding command line equivalent. Other options cannot be specified in the configuration file; they must be specified via one or more other sources for a single execution of UCMD Manager.
The configuration file is provided to the UCMD Manager by the local Universal Broker with which it registers. The UCMD Manager configuration file is located in the UCMCFG00 member of the PDSE allocated to the UNVCONF ddname in the Universal Broker started task.
Note
For any changes to the UCMD Manager configuration file to become active, a Universal Broker refresh is required, or the Universal Broker started task must be restarted.
Configuration Options
This section describes the configuration options used to execute UCMD Manager for z/OS.
Configuration Options Categories
The following table categorizes the configuration options into logical areas of application. Each Category name is a link to a table of options in that category. Each Option Name in those tables is a link to detailed information about that option.
Category | Description |
X.509 certificate-related options. | |
Command or script to execute on the remote system. If a script is being executed, the script may reside on the local host on which the Manager is running or the remote host on which the Server is running. It also includes options to control the process environment in which the command executes. | |
Options used to define event generation. | |
Options required for local Broker registration. | |
Universal Command message options. | |
Options used to display command help and program versions. | |
Processing options for all the data transferred between the remote and local systems. | |
Alternative methods to specify configuration options. | |
Network address of the remote system and connection options. | |
Options that control whether or not the Manager spools its standard files and how they are processed. | |
Processing options for the standard files transferred between the remote and local systems. The STDFILE options are specified differently then the other options. There are three types of standard files: stdin, stdout, and stderr. Each standard file can have a different set of options applied. In order to distinguish between the standard files, the options must start with a standard file specification option (STDERR_SPEC, STDIN_SPEC, or STDOUT_SPEC). The standard file options (names starting with SIO_) follow the standard file specification option. | |
User account that the command executes with on the remote system. |
Certificate Category Options
Option Name | Description |
ddname of the PEM-formatted trusted CA X.509 certificates. | |
ddname of Manager's PEM-formatted X.509 certificate. | |
Number of days prior to certificate expiration to begin issuing informational messages about the expiration. | |
ddname of the PEM-formatted CRL. | |
ddname of Manager's PEM formatted RSA private key. | |
Password for the Manager's PRIVATE_KEY. | |
SAF certificate key ring name. | |
SAF key ring certificate label. | |
SSL/TLS implementation. | |
Specifies that the Broker's X.509 certificate host name field must be verified. | |
Specifies that the Broker's X.509 certificate serial number field must be verified. |
Command Category Options
Option Name | Description |
Remote command to execute. | |
Unique command ID associated the unit of work. | |
Type of command specified with option COMMAND. | |
Allows exit codes from the user process executed by UCMD Server to be translated (mapped) to a corresponding exit code for UCMD Manager. | |
Specifies whether or not the command runs in a login environment. | |
Specification for whether or not the manager fault tolerant feature is used. | |
Local script file to execute on the remote system. | |
Regular expression that is matched against each line of the script being sent to the remote system. Any line that matches the mask will be ignored and not sent to the remote system as part of the script. | |
Command line options passed to the script file. | |
Type of script file specified by option SCRIPT_FILE. |
Events Category Options
Option Name | Description |
Specification for whether or not product activity monitoring events are generated. | |
Events to be generated as persistent events. |
Local Category Options
Option Name | Description |
Local Universal Broker with which the UCMD Manager must register. |
Messages Category Options
Option Name | Description |
Language of messages written. | |
Level of messages written. | |
List of message IDs representing Universal messages to be suppressed. | |
Maximum number of lines written to a trace file before it wraps around. | |
Memory trace table specification. |
Miscellaneous Category Options
Option Name | Description |
User-defined string. | |
Write command option help. | |
Write program version. |
Network Category Options
Option Name | Description |
Code page used for text translation. | |
SSL/TLS cipher list for the control session. | |
Specification for whether or not data integrity checks are performed on all standard I/O files. | |
Specification for whether or not data is compressed on all standard I/O files. | |
Specification for whether or not data is encrypted on all standard I/O files. | |
SSL/TLS cipher list for the data sessions. | |
Default SSL/TLS cipher used for data sessions. | |
Forces a manager fault tolerant server in a PENDING communication state to COMPLETED state without retrieving the spooled data. | |
Specifies how long a restartable Server waits for a reconnect after the user process completes. | |
Minimum SSL/TLS protocol level that will be negotiated and used for communications channels. | |
Maximum number of seconds considered acceptable to wait for data communications. | |
Specification for whether or not the network fault tolerant protocol is used. | |
Maximum number of network fault tolerant reconnect attempts. | |
Number of seconds between network fault tolerant reconnect attempts. | |
Specification for whether or not the manager is requesting restart. | |
Exit codes that cause Universal Broker to cancel the corresponding UCMD Server of the exited UCMD Manager. |
Options Category Options
Option Name | Description |
Specification for whether or not UCMD Server assigns child processes to a single Windows job object. | |
Encrypted command file. | |
Plain text command file. | |
Overrides the UCMD Server ELEVATE_USER_TOKEN configuration option that determines whether a Windows process executes with highest available privileges. This option allows a process to obtain a user access token that is not subject to User Account Control (UAC) restrictions. | |
Encryption key used to decrypt an encrypted command file specified by option COMMAND_FILE_ENCRYPTED. | |
Universal Command Server options that can be overridden by Managers. | |
Character code page to be used when translating characters found within the encrypted command file. |
Remote Category Options
Option Name | Description |
Number of times that a UCMD Manager will attempt to establish a connection with a remote Universal Broker. | |
Number of seconds between failed attempts to establish a connection with a remote Universal Broker. | |
Amount of time that a UCMD Manager will wait for a connection to a remote Universal Broker to complete. | |
Number of IP addresses returned to UCMD Manager following a DNS query issued to resolve a host name. | |
Host in the REMOTE_HOST list that the UCMD Manager will choose to begin its attempts to connect to a remote Universal Broker. | |
Number of times that UCMD will attempt to resolve the host name of a specified Universal Broker before it ends with a connect error. | |
Situations in which more than one host may be specified in the REMOTE_HOST list when manager fault tolerance (MFT) is enabled. | |
List of message IDs representing Universal messages to be suppressed. | |
Host or IP address to use for all outgoing IP connections. | |
List of one or more hosts upon which a command may run. | |
TCP/IP port number of the remote Broker. |
Standard File Category Options
Option Name | Description |
Specifies if data integrity checks are performed on a standard file. | |
Specifies if and how data is compressed on a standard file. | |
Specifies if data is encrypted on a standard file. | |
Code page used for local text translation on a standard file. | |
Local file used for a standard file instead of the default. | |
Translation mode of a standard file. | |
Code page used for remote text translation on a standard file. | |
Read trailing spaces of z/OS fixed format records. | |
Start of standard error file specification options. | |
Start of standard input file specification options. | |
Start of standard output file specification options. |
User Category Options
Option Name | Description |
User ID or account with which to execute the remote command. | |
Password associated with USER_ID. |
Command Line Syntax
The following figure illustrates the command line syntax — using the command line, long form of the configuration options — of UCMD Manager for z/OS.
ucmd { -cmd command [-cmd_type {cmdref|shell|stc} ] | -script ddname [-options options] [-script_type type] [-script_line_ignore_mask mask] } [-host hostlist [-connect_retry_count number] [-connect_retry_interval seconds] [-connect_timeout seconds] [-dns_expand {yes|no} ] [-host_selection {sequential|random} ] [-mft_safe_mode {yes|no} ] [-file ddname | -encryptedfile ddname [-key key] ] * [-port port] [-system_id ID] [-userid user [-pwd pwd] ] [-hostname_retry_count count] [-outboundip host] [-server options] [-uencrypted_codepage codepage] [-elevate_user_token {yes|no} ] [-assign_process_to_job option] [-managerft {yes|no} ] [-cmdid id] [-login {yes|no} ] [-lang language ] [-level {trace|audit|info|warn|error}[,{time|notime} ] [-msg_suppression_list list ] [-tracefilelines lines] [-trace_table size,{error|always|never} ] [-ssl_implementation {openssl|system} ] [-ca_certs ddname [-verify_host_name {yes|no|hostname} ] [-verify_serial_number number] ] [-cert ddname -private_key ddname [-private_key_pwd password] ] [-days number] [-crl ddname] [-saf_key_ring name [-saf_key_ring_label label] ] [-ctl_ssl_cipher_list cipherlist] [-data_ssl_cipher_list cipherlist] [-default_cipher cipher] [-forcecomplete {yes|no} ] [-job_retention seconds] [-delay seconds] [-min_ssl_protocol option] [-networkft {yes|no} ] [-retry_count number] [-retry_interval seconds] [-restart {yes|no|auto} [-managerft {yes|no} [-cmdid id] ] ] [-server_stop_conditions codes] [-codepage codepage] [-compress {yes|no}[,{zlib|hasp} ] ] [-encrypt {yes|no} ] [-authenticate {yes|no} ] [-stdin | -stdout | -stderr] [-codepage codepage] [-compress {yes|no}[,{zlib|hasp} ] ] [-encrypt {yes|no} ] [-authenticate {yes|no} ] [-localfile ddname] [-mode {text|binary}[,{ucs|direct} ] [-trailingspaces {yes|no} ] ] [-remotecodepage codepage] [-exit_code_map map] [-comment text] ucmd { -help | -version }
* The command file (-file or -encryptedfile) can contain some or all required and/or optional configuration options, including -cmd (or -script) and -host. If a command file is specified on the command line, and it contains the required -cmd (or -script) and -host options, those options do not have to be specified additionally on the command line.
Shutdown Procedure
When the UCMD Manager and UCMD Server are configured to use the network fault tolerant protocol, the z/OS Manager must be shut down properly in order for the UCMD Server and user command to shut down as well. If not properly shut down, the UCMD Server will wait for a period of time for the UCMD Manager to reestablish network connections.
If the UCMD Manager and UCMD Server are not configured to use the network fault tolerant protocol, the z/OS Manager can be shut down with any available method.
Fault Tolerant Shutdown
The z/OS Manager is a z/OS UNIX System Services (USS) application. A shutdown sequence is initiated by sending a USS termination signal to the job. The UCMD Manager detects the signal and promptly sends a terminate message to the UCMD Server. Upon receiving the terminate message, the UCMD Server starts its shutdown sequence.
A termination signal is sent to a z/OS Manager, as shown in the following steps:
Step 1 | For the z/OS Manager job to be shut down, obtain its USS process identifier (PID). The PID of a job is displayed with the DISPLAY OMVS console command:
|
---|---|
Step 2 | Send a termination signal to the process identifier with the MODIFY BPXOINIT command:
|
Non-Fault Tolerant Shutdown
Since the UCMD Server shutdown sequence is started as soon as a network connection is prematurely closed, the z/OS Manager shutdown can be initiated with any available z/OS job termination method.
The most common and safest method is the CANCEL console command:
(jobname
is the name of the z/OS Manager batch job to terminate.)