Configure and Deploy the JCLCheck REST API
How to Configure and Deploy the
JCLCheckREST API Service
After all prerequisite software is installed and running on the
JCLCheckServer and Security Administrators configure the security application that is running on the
JCLCheckserver, Systems Administrators can configure and deploy the
JCLCheckREST API. Optionally, you can configure the API to integrate with the Zowe™ API Mediation Layer.
Follow these steps:
- Address the prerequisite software that is described inPrerequisite Software for Configuring and Deploying the.JCLCheckREST API
- Ensure that a Security Administrator configured the security application that is running on theJCLCheckserver where you want to deploy theJCLCheckREST API service. For more information, searchConfigure Security for the.JCLCheckServer
- From the location where you applied the maintenance PTF, copy the following members from the CAZ2JCL SMP/E target library to a library where you can customize them for your implementation:
- AJ6ZJCKD:The procedure (PROC) contains the JCL that lets you deploy theJCLCheckREST API service to a desired location.
- AJ6ZJCKR:The PROC contains the JCL that lets you run the service.
- Create and run a job forAJ6ZJCKD.After you run the job, it performs the following actions:When constructing a job to run this PROC, specifyJOBRC=LASTRCin the job card. This specification indicates to use the return code of the last executed step as the completion code for the job.
- Allocates and formats the zFS (CAI.JCLCHECK.ZFSor the value of ZFSDSN) when the zFS does not already exist.
- Creates a directory named/cai/CASoftware/JCKR1.The name of the directory is determined by the value of theUSSDIRvariable in theAJ6ZJCKDPROC.
- Mounts the zFS to that directory, if it is not already mounted.
- Creates the directories namedconfigandlibin the/cai/CASoftware/JCKR1directory that the PROC created.
- Unpacks theJCLCheckJAR file and binaries into the/cai/CASoftware/JCKR1/libdirectory.
- Unpacks the file namedjclcheck.ymlinto the/cai/CASoftware/JCKR1/config/jclcheck-samp.ymlfile.
- Runs the commandextattr +pon the SOs and on the binarycaz1zsvrto grant Program Control to the objects.
- Runs the commandextattr +aon the binarycaz1zsvrto grant APF Authorization.
- Unpacks the members namedAJ6ZCEEandAJ6ZENVinto the data set namedCAI.SAMP.CAZ2OPTN(or the value of theOPTDSNparm).
- Copy the file named/cai/CASoftware/JCKR1/config/jclcheck-samp.ymland rename it tojclcheck.yml.
- Edit thehostandportnumber in thejclcheck.ymlfile as required for your environment. The host must be the IP address of the z/OS system on which theJCLCheckservice will run. The port must be available on the system.The file is an ASCII format that is stored in USS and must be edited in ASCII mode.
- Enable a secure TLS/HTTPS connection. You musteithermanually configure HTTPS or choose to integrate the service with Zowe™ API Mediation Layer.The service will fail to start if you do not configure HTTPS using one of these methods.
- To manually configure HTTPS, perform the following steps:This process generates a KeyStore with self-signed certificates. You might have your own process for generating certificates at your site.
- From a USS command line, issue the following command to navigate to theJCLCheckREST API configuration directory:cd /cai/CASoftware/JCKR1/config
- Issue the following command and follow the prompts to generate the KeyStore inpkcs12format:$JAVA_HOME/bin/keytool -genkey -alias jclcheck -keyalg RSA -keystore keystore.p12 -storetype pkcs12
- Update the following properties in the/cai/CASoftware/JCKR1/config/jclcheck.ymlconfiguration file:server: ssl: enabled: true keyAlias: jclcheck keyPassword: password keyStore: config/keystore.p12 keyStorePassword: password keyStoreType: PKCS12 jclcheck: maxPoolSize: 4 queueCapacity: 100
- keyAliasThe same value that you entered for the -alias option on the keytool command when you created the KeyStore in the previous step.
- keyPasswordThe password that you entered when you created the KeyStore in the previous step.
- keyStorePasswordThe password that you entered when you created the KeyStore in the previous step.
- maxPoolSize(Optional) Lets you define how many jobs the service can run concurrently, which helps limit load on the system. The value can be any integer starting at 1. If you omit this option, the default value of 4 is used.
- queueCapacity(Optional) Lets you configure how many jobs the API can store in the queue (pending execution) before jobs are dropped. The value of this option can be any integer, starting at the value that you define formaxPoolSize. If you omit this option, the default value of 100 is used. Jobs submissions that exceed the limit will be dropped.
- To optionally integrate the service with Zowe API Mediation Layer, refer toIntegrate REST API with the API Mediation Layer.
- Copy the data set namedHLQ.SAMP.CAZ2OPTNand rename it toHLQ.CAZ2OPTN.
- Edit the variables that are defined in theAJ6ZENVmember of theHLQ.CAZ2OPTNdata set as required and necessary for your environment.
- Create and run a job forAJ6ZJCKR.
JCLCheckREST API service on the host and port that you specified in the file namedjclcheck.yml. The service might take a few minutes to start. The job must continue to run to maintain the REST service. If the job is terminated, the service stops running.
- Edit the variables that are defined in the PROC (AJ6ZJCKR) as required and necessary for your environment.
- Start theAJ6ZJCKRPROC.
- (Optional)Verify that the REST service is running. You can access the endpoint in a web browser at the URL<host>:<port>/api/v1/status. The host and port to use is the same z/OS system host and port that you configured in Step 6. If the service does not start, analyze the output logs and correct any errors that display.