z/OS Configuration - Load Library
Overview
All Universal Agent programs are installed into the SUNVLOAD PDSE library. The SUNVLOAD library installation requirements are
- Must be APF authorized.
- Must be defined to RACF Program Control.
- Specific programs or SUNVLOAD must be added to the LNKLST only if Universal Automation Center Agent (UAG) is utilized.
The following sections describe the z/OS configuration steps to satisfy these requirements.
APF Authorization
The SUNVLOAD library can be APF authorized using one of the following methods:
- The SETPROG APF console command. The library remains APF authorized only until the next IPL. The SETPROG APF console command is documented in the IBM MVS System Commands manual.
- A PROGxx member of PARMLIB referenced by a SET PROG=xx console command or a PROG=xx statement in IEASYSxx PARMLIB member. The PROGxx PARMLIB member is documented in the IBM MVS Initialization and Tuning Reference manual, and the SET console command is documented in the IBM MVS System Commands manual.
- Updating the IEAAPFxx PARMLIB member and perform an IPL. The IEAAPFxx PARMLIB member is documented in the IBM MVS Initialization and Tuning Reference manual.
SETPROG APF Command
The SETPROG command temporarily adds a library to the APF list. Use one of the other methods to add the load library permanently to the APF list.
The SETPROG APF console command to add data set #HLQ.SUNVLOAD on volume #SMPVOL to the APF list is illustrated below. Change #HLQ to the appropriate high-level qualifier for your installation and #SMPVOL to the volume on which the library is allocated. SUNVLOAD APF authorization should be permanently established based on local site requirements.
SETPROG APF,ADD,DSNAME=#HLQ.SUNVLOAD,VOLUME=#SMPVOL
PROGxx PARMLIB Member
The data set can be added permanently to the APF list using the appropriate PROGxx PARMLIB member. The appropriate PROGxx member is referenced in the IEASYSxx PARMLIB member. The PROGxx member can be activated dynamically with the SET PROG=xx console command.
The APF statement of the PROGxx PARMLIB member is illustrated below. The APF statement adds data set #HLQ.SUNVLOAD on volume #SMPVOL to the APF list. Change #HLQ to the appropriate high-level qualifier for your installation and #SMPVOL to the volume on which the library is allocated.
APF ADD DSNAME(#HLQ.SUNVLOAD) VOLUME(#SMPVOL)
Program Control
Specific services of the z/OS UNIX environment require all programs loaded in the address space to be defined in the security product as controlled. RACF provides program and library control features. By defining a program as controlled, you are implying a certain level of trust, as opposed to a program being run that is not defined as controlled.
The following table identifies the programs in the SUNVLOAD library that must be defined as program controlled.
Program | Description |
---|---|
UCMSRV | Universal Command Server |
UDMSRV | Universal Data Mover Server |
UCTSRV | Universal Control Server |
UECTLR | Universal Enterprise Controller |
UAGSRV | Universal Automation Center Agent |
The requirement for program control for each of the above programs is the same:
- Use of the _passwd C function to authenticate user ID's
- Use of the setuid C function to switch to the authenticated user ID's
Defining a program or library to RACF program control is accomplished by defining the library to the PROGRAM class.
The following RACF TSO command illustrates defining the library to the PROGRAM class. Change #HLQ to the appropriate high-level qualifier for your installation.
RDEF PROGRAM ** ADDMEM('#HLQ.SUNVLOAD'//NOPADCHK) UACC(READ)
After defining the library as RACF program controlled, the PROGRAM class must be refreshed. The following RACF TSO command illustrates:
SETROPTS WHEN(PROGRAM) REFRESH
When all programs executing in an address space are program controlled, the address space is considered a clean environment. All programs loaded dynamically into a clean environment must also be program controlled else the address space is terminated.
Some Universal Agent components may load some IBM modules at runtime to perform requested services. All IBM modules loaded dynamically are loaded from SYS1.LINKLIB. Each member or all members of SYS1.LINKLIB must be set up as program controlled.
The following modules are loaded from SYS1.LINKLIB:
- IGGCSI00 (Catalog Search Interface)
- IEBCOPY (PDS/E copy utility)
SYS1.LINKLIB normally is set up so that all members are program controlled. Verify how your installation has defined SYS1.LINKLIB in regards to the program control facility. If necessary, define the individual members listed above, or all members of SYS1.LINKLIB, as program controlled.
LNKLST
The following Universal Automation Center Agent programs and their aliases must be added to the LNKLST for them to be available to all batch jobs and TSO users:
- UAGRERUN provides batch job rerun capability. The program must be available to all jobs managed by Automation Center.
- UAGCMDZ (and its alias OPSCMDZ) provides a TSO command interface to Universal Controller. The TSO command interface is optional.
The programs are located in the SUNVLOAD library.
If the Universal Automation Center Agent is not used in your installation, this z/OS configuration step can be skipped.
The UAGRERUN and UAGCMDZ programs and their aliases should be added to the LNKLST using one of the following methods:
- Copy the programs and their aliases to a PDSE library that is already in the LNKLST.
- A PROGxx member of PARMLIB referenced by a SET PROG=xx console command or a PROG=xx statement in IEASYSxx PARMLIB member. The PROGxx PARMLIB member is documented in the IBM MVS Initialization and Tuning Reference manual, and the SET console command is documented in the IBM MVS System Commands manual.
- Updating the LNKLSTxx PARMLIB member and perform an IPL. The LNKLSTxx PARMLIB member is documented in the IBM MVS Initialization and Tuning Reference manual.
Copying Programs and Aliases
The UAGRERUN and UAGCMDZ and their aliases may be copied to a PDSE data set that is already in the LNKLST.
The SUNVLOAD library is a PDSE and the programs are program objects using program management features that are not supported in a PDS. For this reason, the programs must be copied to a PDSE in the LNKLST and not to a PDS.
The JCL below executes IEBCOPY to copy the programs and their aliases to a LNKLST library. Change #HLQ to the appropriate high-level qualifier for your installation and change the data set allocated to ddname OUT to the target PDSE in the LNKLST. The job must end with return code 0.
//jobname JOB CLASS=A,MSGCLASS=H,NOTIFY=&SYSUID,COND=(0,NE) //STEP1 EXEC PGM=IEBCOPY,PARM='RC4NOREP' //IN DD DISP=SHR,DSN=#HLQ.SUNVLOAD //OUT DD DISP=SHR,DSN=lnklst.pdse //SYSUT3 DD UNIT=SYSDA,SPACE=(CYL,(1,1)) //SYSUT4 DD UNIT=SYSDA,SPACE=(CYL,(1,1)) //SYSPRINT DD SYSOUT=* //SYSIN DD * COPYGRP I=((IN,R)),O=OUT S M=UAGRERUN S M=UAGCMDZ /*
SETPROG LNKLST Command
The SETPROG LNKLST command dynamically modifies the LNKLST. The LNKLST changes remain in effect until the next IPL. Use one of the other methods to add the load library permanently to the LNKLST.
LNKLST's are managed as sets. A LNKLST set has a name and consists of an order number of data sets or libraries. To dynamically change the current LNKLST, a LNKLST set must be created, updated, and activated. A newly activated LNKLST set will be active for new address spaces, but existing address spaces are not updated.
The SETPROG LNKLST console command is used to create, update, and activate a LNKLST set. The SETPROG commands to add a data set to the LNKLST are illustrated below. The commands define a LNKLST set name lnklstname based on the currently active LNKLST set. It then adds the SUNVLOAD library at the top of the data set list. Lastly, it activates the new LNKLST set. Change #HLQ to the appropriate high-level qualifier for your installation and the LNKLST set name to meet your local installation requirements. Ensure each command completes successfully before executing the next.
SETPROG LNKLST,DEFINE,NAME=lnklstname,COPYFROM=CURRENT
SETPROG LNKLST,ADD,NAME=lnklstname,DSNAME=#HLQ.SUNVLOAD,ATTOP
SETPROG LNKLST,ACTIVATE,NAME=lnklstname
PROGxx PARMLIB Member
The SUNVLOAD library can be added permanently to the LNKLST using the appropriate PROGxx PARMLIB member. The appropriate PROGxx member is referenced in the IEASYSxx PARMLIB member.
The LNKLST statement of the PROGxx PARMLIB member is illustrated below. The LNKLST statement adds data set #HLQ.SUNVLOAD to the LNKLST set lnklstname. Change #HLQ to the appropriate high-level qualifier for your installation and lnklstname to the appropriate LNKLST set name for your installation.
LNKLST ADD NAME(lnklstname) DSNAME(#HLQ.SUNVLOAD)