-
Notifications
You must be signed in to change notification settings - Fork 53
Expand file tree
/
Copy pathexample-zowe.yaml
More file actions
577 lines (525 loc) · 21.4 KB
/
Copy pathexample-zowe.yaml
File metadata and controls
577 lines (525 loc) · 21.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
################################################################################
# This program and the accompanying materials are made available under the terms of the
# Eclipse Public License v2.0 which accompanies this distribution, and is available at
# https://www.eclipse.org/legal/epl-v20.html
#
# SPDX-License-Identifier: EPL-2.0
#
# Copyright Contributors to the Zowe Project.
################################################################################
#===============================================================================
# This is a YAML configuration file for a Zowe instance.
#
# YAML is a human-friendly data serialization language for all programming languages.
# To learn more about YAML specifications, please check https://yaml.org/.
#
# To learn more details about the content of this file, please check https://docs.zowe.org/.
#===============================================================================
#-------------------------------------------------------------------------------
# Zowe global configurations
#
# This section includes Zowe setup information used by
# Zowe installation, configuration, and runtime.
# It includes settings shared to all components and extensions.
#
# Configuration and runtime parameters unique to a component or extension
# Will be located in the "components" section instead.
#-------------------------------------------------------------------------------
zowe:
#-------------------------------------------------------------------------------
# The setup section is used during setup only.
# It can be used by a variety of install & configure options,
# As seen in the documentation:
# https://docs.zowe.org/stable/user-guide/zos-components-installation-checklist
#-------------------------------------------------------------------------------
setup:
jcl:
# When enabled, "zwe install & init" will use job submission for system changes
# instead of shell commands. A `--dry-run` option is also enabled
# which allows you to see jobs instead of submitting.
enable: true
# Edit to set a header for job cards. Some systems need this, but not all.
# See `zwe init generate --help` for examples.
header: ""
# MVS data set related configurations
dataset:
# where Zowe MVS data sets will be installed
prefix: IBMUSER.ZWEV3
# PROCLIB where Zowe STCs will be copied over
proclib: USER.PROCLIB
# Zowe PARMLIB
parmlib: IBMUSER.ZWEV3.CUST.PARMLIB
# Holds Zowe PARMLIB members for plugins
parmlibMembers:
# For ZIS plugins
zis: ZWESIP00
# JCL library where Zowe will store temporary JCLs during initialization
jcllib: IBMUSER.ZWEV3.CUST.JCLLIB
# Utilities for use by Zowe and extensions
loadlib: IBMUSER.ZWEV3.SZWELOAD
# APF authorized LOADLIB for Zowe
authLoadlib: IBMUSER.ZWEV3.SZWEAUTH
# APF authorized LOADLIB for Zowe ZIS Plugins
authPluginLib: IBMUSER.ZWEV3.CUST.ZWESAPL
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# # Security related configurations. This setup is optional.
# security:
# # security product name. Can be RACF, ACF2 or TSS
# product: RACF
# # security group name
# groups:
# admin: ZWEADMIN
# stc: ZWEADMIN
# sysProg: ZWEADMIN
# # security user name
# users:
# # Zowe runtime user name of main service
# zowe: ZWESVUSR
# # Zowe runtime user name of ZIS
# zis: ZWESIUSR
# # STC names
# stcs:
# # STC name of Zowe main service
# zowe: ZWESLSTC
# # STC name of Zowe ZIS
# zis: ZWESISTC
# # STC name of Zowe ZIS Auxiliary Server
# aux: ZWESASTC
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# VSAM configurations if you are using VSAM as Caching Service storage
vsam:
# VSAM data set with Record-Level-Sharing enabled or not
# Valid values could be: NONRLS or RLS.
mode: NONRLS
# Volume name if you are using VSAM in NONRLS mode
volume: ""
# Storage class name if you are using VSAM in RLS mode
storageClass: ""
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# Certificate creation
#
# Zowe requires TLS certificates for HTTPS.
#
# (Recommended)
# If you already have a Keyring (z/OS) or PKCS12 files (z/OS, Containers)
# Then you can provide them in the section after the end of "zowe.setup"
# As long as they meet Zowe's requirements
# Requirements: https://docs.zowe.org/stable/user-guide/configure-certificates/#zowe-certificate-requirements
#
# (Not Recommended)
# If you want Zowe to create valid certificates and keyrings for you,
# Then you can can use the example YAML content within
# the "zowe/files/examples/setup/certificate" directory.
# There, you will find 5 scenarios covering common
# certificate and keyring configurations.
# To create certificates, edit the scenario that suits you
# and follow the instructions in the scenario.
#-------------------------------------------------------------------------------
# End of "zowe.setup" section
#-------------------------------------------------------------------------------
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# Zowe certificate (zowe.certificate) section
#
# This section defines the certificate & certificate authorities used by Zowe
# Do not confuse this with "zowe.setup.certificate"
# That is for creation of certificates, this is for stating which Zowe should use.
certificate:
keystore:
# Type of certificate storage. Valid values are: PKCS12, JCERACFKS. APIML additionally supports: JCEKS, JCECCAKS, JCECCARACFKS, or JCEHYBRIDRACFKS
type: JCERACFKS
# if keyrings, the format is safkeyring://stcusername/KeyName
# for PKCS12, it is instead the path to the PKCS12 file.
file: safkeyring://<stc_username>/<keyring_name>
# "password" should either be the value you set when PKCS12, or literally "password" for keyrings.
password: password
# alias is the name of your key/cert. When using keyrings, get the Case Sensitive, Space Sensitive value in a TSO list ring.
alias: localhost
truststore:
# Truststore usually has same values as keystore (minus alias), but can be different if desired.
# In this example, we link the truststore values to match the keystore values.
type: "${{ zowe.certificate.keystore.type }}"
file: "${{ zowe.certificate.keystore.file }}"
password: "${{ zowe.certificate.keystore.password }}"
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# Zowe runtime (root) directory
#
# **NOTE**:
# 1. if it is not specified and you passed "--update-config" argument
# when you ran "zwe init" command, this value will be updated with the Zowe
# runtime where the "zwe" command is located.
#
# 2. the runtime directory is designed to be "read only". This is different from the
# log, workspace, and extension directories. Setting those three to the same parent folder
# as the runtime directory is unsupported & may cause issues
#
# This value is required by ZWESLSTC to know where is Zowe runtime.
runtimeDirectory: ""
# Where to store runtime logs
logDirectory: /global/zowe/logs
# Zowe runtime workspace directory
workspaceDirectory: /global/zowe/workspace
# Where extensions are installed
extensionDirectory: /global/zowe/extensions
configmgr:
# STRICT=quit on any error, including missing schema
# COMPONENT-COMPAT=if component missing schema, skip it with warning instead of quit
validation: "STRICT"
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# runtime z/OS job name
job:
# Zowe JES job name
name: ZWE1SV
# Prefix of component address space
prefix: ZWE1
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# This is an ID you use to separate multiple Zowe installs when determining
# resource names used in RBAC authorization checks such as dataservices with RBAC
# expects this ID in SAF resources
rbacProfileIdentifier: "1"
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# This is an ID that can be used by servers that distinguish their cookies from unrelated Zowe installs,
# for purposes such as to allow multiple copies of Zowe to be used within the same client
cookieIdentifier: "1"
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# You can list your external domains on how you want to access Zowe.
# This should be the domain list you would like to put into your web browser
# address bar.
externalDomains:
# this should be the domain name to access Zowe APIML Gateway
- example.com
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# This is the port you use to access Zowe Gateway from your web browser.
#
# In many use cases, this should be same as `components.gateway.port`. But in
# some use cases, like containerization, this port could be different.
externalPort: 7554
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
#
# In this section, behavior such as which TLS levels, ciphers should be used, and if native TLS versus AT-TLS should be used.
# See the schema for options.
#
# This section applies to all components that support it.
#
# This section can be overridden per-component by placing it
# Under a "zowe" subsection of a component, as in "components.zss.zowe.network"
network:
# Allowed domains is a list of domains (supporting wildcards) that can be used in services that register to the API ML Discovery Service.
# Defaults to the external domains + lpar hostnames if defined in haInstances
allowedDomains:
- www.example.com
server:
tls:
attls: false
# TLS settings only apply when attls=false
# Else you must use AT-TLS configuration for TLS customization.
minTls: "TLSv1.2"
maxTls: "TLSv1.3"
client:
tls:
attls: false
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# You can un-comment and define any extra environment variables as key/value
# pairs here.
# environments:
# # Example of a global environment variable for all components
# MY_ENV_VAR: my_env_val
# # Another example to customize SSH port for VT Terminal Desktop app
# ZWED_SSH_PORT: 22
# ZWED_TN3270_PORT: 23
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# You can define any Zowe message portions to be checked for and the message added to the
# system log upon its logging, truncated to 126 characters (wildcards are not supported).
# Setting "sysMessageTrim" to true will omit any text found before the match on the line.
sysMessageTrim: false
sysMessages:
# # Zowe starting
- "ZWEL0021I"
# # Zowe started
- "ZWEL0018I"
- "ZWEL0006I"
# # Zowe ready to use
- "ZWES1601I"
# # Zowe stopping
- "ZWEL0008I"
# # Zowe stopped
- "ZWEL0022I"
# # Zowe components starting
- "ZWEL0001I"
# # Zowe components stopped
- "ZWEL0002I"
# # API ML components started
- "ZWEAM000I"
# # API ML components ready
- "ZWEAM001I"
# # App server ready
- "ZWED0031I"
# # ZSS ready
- "ZWES1013I"
# # Not limited to Zowe message IDs, you can specify your own string for example:
# - "ERROR"
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# Enable debug mode for Zowe launch scripts
launchScript:
# Set to "debug" or "trace" to display extra debug information
logLevel: "info"
# Set to "exit" if you would like startup to exit if any component has an error in the configure stage, otherwise zwe will warn but continue.
onComponentConfigureFail: "warn"
# Startup checks which run as part of the Zowe STC, prior to Zowe component startup.
# This section is optional. If not specified, the default values will be used.
startupChecks:
# # Default check behavior may be one of "exit", "warn", or "disabled"
# default: "exit"
# # Individual startup checks will override the default behavior
# # Port check - defaults to zowe.launchScript.startupChecks.default, or "exit" if this is unset
# ports: exit
# # z/OSMF startup check - defaults to zowe.launchScript.startupChecks.default, or "exit" if this is unset
# zosmf: exit
# # Component manifest check - validates that each component defined in zowe.yaml has a manifest file.
# components: "warn"
# # Superuser startup check - defaults to zowe.launchScript.startupChecks.default, or "exit" if this is unset
# user: exit
# # Certificate check - defaults to zowe.launchScript.startupChecks.default, or "exit" if this is unset
# certificate: exit
# # Java runtime version checks - max version is set to warn by default to allow for future Java versions to be supported.
# javaMin: exit
javaMax: warn
# # Node runtime version checks - max version is set to warn by default to allow for future Node versions to be supported.
# nodeMin: exit
nodeMax: warn
# # ATTLS (Application Transparent Transport Layer Security) port check - defaults to "warn"
# attls: "warn"
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# How we want to verify SSL certificates of services. Valid values are:
# - STRICT: will validate if the certificate is trusted in our trust store and
# if the certificate Command Name and Subject Alternative Name (SAN)
# is validate. This is recommended for the best security.
# - NONSTRICT: will validate if the certificate is trusted in our trust store.
# This mode does not validate certificate Common Name and Subject
# Alternative Name (SAN).
# - DISABLED: disable certificate validation. This is NOT recommended for
# security.
verifyCertificates: STRICT
#-------------------------------------------------------------------------------
# Java configuration
#
# Some Zowe components requires Java. Define the path where you have your Java
# is installed.
#
# **NOTE**: this field can be updated automatically if you pass `--update-config`
# to `zwe init` command.
#-------------------------------------------------------------------------------
java:
# If Java is installed to /usr/lpp/java/bin/java
# Then put "/usr/lpp/java" here, excluding "/bin/java".
home: ""
#-------------------------------------------------------------------------------
# Node.js configuration
#
# The app-server component requires Node.JS.
# If you are not using the app-server or an extension requiring Node.JS
# Then you do not need to edit this section.
#
# **NOTE**: this field can be updated automatically if you pass `--update-config`
# to `zwe init` command.
#-------------------------------------------------------------------------------
node:
# If Node.JS is installed to /usr/lpp/IBM/cnj/bin/node
# Then put "/usr/lpp/IBM/cnj" here, excluding "/bin/node".
home: ""
#-------------------------------------------------------------------------------
# z/OSMF configuration
#
# If your Zowe instance is configured to use z/OSMF for authentication or other
# features. You need to define how to access your z/OSMF instance.
#-------------------------------------------------------------------------------
zOSMF:
# Host name of your z/OSMF instance
host: dvipa.example.com
port: 443
applId: IZUDFLT
#-------------------------------------------------------------------------------
# Zowe components default configurations
#
# This section includes default configurations for all Zowe components installed
# on the Zowe instance.
#
# Every component should define their own section under `components` with their
# component ID.
#
# For each component, they can always have "enabled" property and "certificate"
# property. More configurations for each component can be found in component
# manifest file.
#-------------------------------------------------------------------------------
components:
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# Set apiml.enabled to "true", to enable single-service API ML deployment.
apiml:
enabled: true
debug: false
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
gateway:
enabled: true
port: 7554
debug: false
apiml:
security:
auth:
# Provider can be "saf" or "zosmf".
# See documentation at https://docs.zowe.org/stable/user-guide/authentication-providers-for-apiml/
#
# When provider is "saf", z/OSMF is not needed for Zowe login,
# but then z/OSMF APIs authenticate using PassTickets, which requires setup in z/OSMF.
provider: saf
# If provider is "zosmf", uncomment the following.
# jwtAutoconfiguration can be "jwt" or "ltpa", but jwt is recommended. jwt requires zosmf configuration.
#
# zosmf:
# jwtAutoconfiguration: jwt
# serviceId: ibmzosmf
authorization:
endpoint:
enabled: false
provider: "native"
x509:
enabled: false
# If we customize this to use different external certificate, than should also
# define "server.internal.ssl.certificate" and enable "server.internal.ssl.enabled".
# certificate:
# keystore:
# alias: ""
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
zaas:
enabled: true
port: 7558
debug: false
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
api-catalog:
enabled: true
port: 7552
debug: false
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
discovery:
enabled: true
port: 7553
debug: false
# Define this value to match your number of Discovery StatefulSet if you are running containerized Zowe
# replicas: 1
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
caching-service:
enabled: true
port: 7555
debug: false
storage:
evictionStrategy: reject
# can be infinispan, inMemory, redis or VSAM(deprecated)
mode: infinispan
infinispan:
# this is required if storage mode is infinispan
jgroups:
port: 7600
keyExchange:
port: 7601
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
app-server:
enabled: true
port: 7556
debug: false
# we can customize any component with custom certificate
# the missing definitions will be picked from "zowe.certificate"
# certificate:
# keystore:
# alias: app-server
# pem:
# key: /global/zowe/keystore/localhost/localhost.keystore.app-server.key
# certificate: /global/zowe/keystore/localhost/localhost.keystore.app-server.cer-ebcdic
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
zss:
enabled: true
port: 7557
crossMemoryServerName: ZWESIS_STD
agent:
64bit: true
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# Requires z/OSMF APIs. Ensure z/OSMF is available,
# And ensure gateway auth provider is either "saf" with z/OSMF passtickets enabled,
# Or that the provider is set to "zosmf"
explorer-jes:
enabled: true
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# Requires z/OSMF APIs. Ensure z/OSMF is available,
# And ensure gateway auth provider is either "saf" with z/OSMF passtickets enabled,
# Or that the provider is set to "zosmf"
explorer-mvs:
enabled: true
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# Requires z/OSMF APIs. Ensure z/OSMF is available,
# And ensure gateway auth provider is either "saf" with z/OSMF passtickets enabled,
# Or that the provider is set to "zosmf"
explorer-uss:
enabled: true
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# Each extension can have dedicated definition similar to core components.
# my-extension:
# enabled: true
#-------------------------------------------------------------------------------
# Zowe high availability instances customizations
#
# This section includes customizations for each Zowe high availability instance.
#
# You can start each HA instance with `zwe start --ha-instance <ha-instance>`.
#-------------------------------------------------------------------------------
# haInstances:
#
# # HA instance ID
# lpar1:
# # hostname where this instance will be started
# hostname: lpar1.example.com
# # Your &SYSNAME for this LPAR
# # This sysname will be used to route your JES command to target system.
# sysname: LPR1
# # for this HA instance, we did not customize "components", so it will use default value.
# # HA instance ID, we will start 2 instances on LPAR2
# # **NOTE**, we can only start one Gateway in same LPAR.
# lpar2a:
# # hostname where this instance will be started
# hostname: lpar2.example.com
# # Your &SYSNAME for this LPAR
# # This sysname will be used to route your JES command to target system.
# sysname: LPR2
# # These configurations will overwrite highest level default "components" configuration
# components:
# discovery:
# # use customized port on this instance
# port: 17553
# api-catalog:
# port: 17552
# app-server:
# # no app-server in this instance
# enabled: false
# zss:
# # no app-server in this instance
# enabled: false
# caching-service:
# port: 17555
#
# lpar2b:
# hostname: lpar2.example.com
# # your &SYSNAME for this LPAR
# sysname: LPR2
# # These configurations will overwrite highest level default "components" configuration
# components:
# zaas:
# enabled: false
# gateway:
# enabled: false
# discovery:
# enabled: false
# api-catalog:
# enabled: false
# app-server:
# enabled: false
# port: 28544
# zss:
# port: 28542
# caching-service:
# enabled: false