Re: Empty Service tapes?
Kris, O/P of pipe: CP REW 181 Rewind complete Ready; T=0.01/0.01 08:46:34 PIPE TAPE|take 10|chop|cons Ready; T=0.01/0.01 08:46:39 O/P of VMFPLC2 SCAN vmfplc2 scan Scanning ... End-of-file or end-of-tape DMSP2C002E File * * not found Ready(00028); T=0.01/0.01 15:54:20 Thanks. Suleiman Shahin Date: Wed, 8 Apr 2009 19:44:48 +0200 From: kris.buel...@gmail.com Subject: Re: Empty Service tapes? To: IBMVM@LISTSERV.UARK.EDU What did VMFPLC2 SCAN * * (EOT responded? Bu absence of DITTO, you can also try CP REW 181 PIPE TAPE!take 10!chop!cons 2009/4/7 Suleiman Shahin s_s_sha...@hotmail.com: David, What I rememeber is PSP Document. (I am not at work this minute.) Suleiman Shahin Date: Tue, 7 Apr 2009 16:01:07 -0500 From: d...@vsoft-software.com Subject: Re: Empty Service tapes? To: IBMVM@LISTSERV.UARK.EDU Suleiman, what do the three tape labels say they are? Suleiman Shahin wrote: I ordered and received the 5.4 RSU 0901. I also received with it 3 service tapes. I had no problem with one but cannot find anything on the other two. I did VMFPLC2 SCAN * * (EOT and tape scan.. What am I doing wrong? Thanks Suleiman Shahin Rediscover Hotmail®: Now available on your iPhone or BlackBerry Check it out. http://windowslive.com/RediscoverHotmail?ocid=TXT_TAGLM_WL_HM_Rediscover_Mobile1_042009 -- Dave Jones V/Soft www.vsoft-software.com Houston, TX 281.578.7544 Windows Live™: Keep your life in sync. Check it out. -- Kris Buelens, IBM Belgium, VM customer support _ Rediscover Hotmail®: Get e-mail storage that grows with you. http://windowslive.com/RediscoverHotmail?ocid=TXT_TAGLM_WL_HM_Rediscover_Storage1_042009
Re: Empty Service tapes?
So really empty indeed. 2009/4/9 Suleiman Shahin s_s_sha...@hotmail.com Kris, O/P of pipe: CP REW 181 Rewind complete Ready; T=0.01/0.01 08:46:34 PIPE TAPE|take 10|chop|cons Ready; T=0.01/0.01 08:46:39 O/P of VMFPLC2 SCAN vmfplc2 scan Scanning ... End-of-file or end-of-tape DMSP2C002E File * * not found Ready(00028); T=0.01/0.01 15:54:20 Thanks. Suleiman Shahin Date: Wed, 8 Apr 2009 19:44:48 +0200 From: kris.buel...@gmail.com Subject: Re: Empty Service tapes? To: IBMVM@LISTSERV.UARK.EDU What did VMFPLC2 SCAN * * (EOT responded? Bu absence of DITTO, you can also try CP REW 181 PIPE TAPE!take 10!chop!cons 2009/4/7 Suleiman Shahin s_s_sha...@hotmail.com: David, What I rememeber is PSP Document. (I am not at work this minute.) Suleiman Shahin Date: Tue, 7 Apr 2009 16:01:07 -0500 From: d...@vsoft-software.com Subject: Re: Empty Service tapes? To: IBMVM@LISTSERV.UARK.EDU Suleiman, what do the three tape labels say they are? Suleiman Shahin wrote: I ordered and received the 5.4 RSU 0901. I also received with it 3 service tapes. I had no problem with one but cannot find anything on the other two. I did VMFPLC2 SCAN * * (EOT and tape scan.. What am I doing wrong? Thanks Suleiman Shahin Rediscover Hotmail®: Now available on your iPhone or BlackBerry Check it out. http://windowslive.com/RediscoverHotmail?ocid=TXT_TAGLM_WL_HM_Rediscover_Mobile1_042009 -- Dave Jones V/Soft www.vsoft-software.com Houston, TX 281.578.7544 Windows Live™: Keep your life in sync. Check it out. -- Kris Buelens, IBM Belgium, VM customer support -- Rediscover Hotmail®: Get e-mail storage that grows with you. Check it out.http://windowslive.com/RediscoverHotmail?ocid=TXT_TAGLM_WL_HM_Rediscover_Storage1_042009 -- Kris Buelens, IBM Belgium, VM customer support
Re: Empty Service tapes?
IBM must have a cheap source for the 3590 carts! Thanks. Suleiman Shahin Date: Thu, 9 Apr 2009 15:17:29 +0200 From: kris.buel...@gmail.com Subject: Re: Empty Service tapes? To: IBMVM@LISTSERV.UARK.EDU So really empty indeed. 2009/4/9 Suleiman Shahin s_s_sha...@hotmail.com Kris, O/P of pipe: CP REW 181 Rewind complete Ready; T=0.01/0.01 08:46:34 PIPE TAPE|take 10|chop|cons Ready; T=0.01/0.01 08:46:39 O/P of VMFPLC2 SCAN vmfplc2 scan Scanning ... End-of-file or end-of-tape DMSP2C002E File * * not found Ready(00028); T=0.01/0.01 15:54:20 Thanks. Suleiman Shahin Date: Wed, 8 Apr 2009 19:44:48 +0200 From: kris.buel...@gmail.com Subject: Re: Empty Service tapes? To: IBMVM@LISTSERV.UARK.EDU What did VMFPLC2 SCAN * * (EOT responded? Bu absence of DITTO, you can also try CP REW 181 PIPE TAPE!take 10!chop!cons 2009/4/7 Suleiman Shahin s_s_sha...@hotmail.com: David, What I rememeber is PSP Document. (I am not at work this minute.) Suleiman Shahin Date: Tue, 7 Apr 2009 16:01:07 -0500 From: d...@vsoft-software.com Subject: Re: Empty Service tapes? To: IBMVM@LISTSERV.UARK.EDU Suleiman, what do the three tape labels say they are? Suleiman Shahin wrote: I ordered and received the 5.4 RSU 0901. I also received with it 3 service tapes. I had no problem with one but cannot find anything on the other two. I did VMFPLC2 SCAN * * (EOT and tape scan.. What am I doing wrong? Thanks Suleiman Shahin Rediscover Hotmail®: Now available on your iPhone or BlackBerry Check it out. http://windowslive.com/RediscoverHotmail?ocid=TXT_TAGLM_WL_HM_Rediscover_Mobile1_042009 -- Dave Jones V/Soft www.vsoft-software.com Houston, TX 281.578.7544 Windows Live™: Keep your life in sync. Check it out. -- Kris Buelens, IBM Belgium, VM customer support Rediscover Hotmail®: Get e-mail storage that grows with you. Check it out. -- Kris Buelens, IBM Belgium, VM customer support _ Rediscover Hotmail®: Now available on your iPhone or BlackBerry http://windowslive.com/RediscoverHotmail?ocid=TXT_TAGLM_WL_HM_Rediscover_Mobile1_042009
Re: Empty Service tapes?
This here is the 7th scan. Was it all tape marks? tape scan * * (eot Scanning ... End-of-file or end-of-tape End-of-file or end-of-tape DMSP2C002E File * * not found Suleiman Shahin Date: Thu, 9 Apr 2009 15:43:40 +0200 From: rvdh...@gmail.com Subject: Re: Empty Service tapes? That only shows the first dataset on tape is empty. That does not mean Rob _ Rediscover Hotmail®: Get quick friend updates right in your inbox. http://windowslive.com/RediscoverHotmail?ocid=TXT_TAGLM_WL_HM_Rediscover_Updates1_042009
Re: Empty Service tapes?
On Thu, Apr 9, 2009 at 4:03 PM, Suleiman Shahin s_s_sha...@hotmail.com wrote: This here is the 7th scan. Was it all tape marks? tape scan * * (eot Scanning ... End-of-file or end-of-tape End-of-file or end-of-tape DMSP2C002E File * * not found When you had the scan do nothing 7 times, that's probably 14 consecutive tape marks. It is pretty suspicious.
Re: Empty Service tapes?
He has gotten a hold of one of my tapes from a previous company/job/position. ;-) when ever I would re-use a tape/cartridge - specifically IBM Service tapes to be used as spxtape dump tapes. I would write 99 tape marks on the front of the tape. then I would write to it. I thought every one did that Bill Munson Sr. z/VM Systems Programmer Brown Brothers Harriman CO. 525 Washington Blvd. Jersey City, NJ 07310 201-418-7588 President MVMUA http://www2.marist.edu/~mvmua/ Rob van der Heij rvdh...@gmail.com Sent by: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU 04/09/2009 10:13 AM Please respond to The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU To IBMVM@LISTSERV.UARK.EDU cc Subject Re: Empty Service tapes? On Thu, Apr 9, 2009 at 4:03 PM, Suleiman Shahin s_s_sha...@hotmail.com wrote: This here is the 7th scan. Was it all tape marks? tape scan * * (eot Scanning ... End-of-file or end-of-tape End-of-file or end-of-tape DMSP2C002E File * * not found When you had the scan do nothing 7 times, that's probably 14 consecutive tape marks. It is pretty suspicious. *** IMPORTANT NOTE* The opinions expressed in this message and/or any attachments are those of the author and not necessarily those of Brown Brothers Harriman Co., its subsidiaries and affiliates (BBH). There is no guarantee that this message is either private or confidential, and it may have been altered by unauthorized sources without your or our knowledge. Nothing in the message is capable or intended to create any legally binding obligations on either party and it is not intended to provide legal advice. BBH accepts no responsibility for loss or damage from its use, including damage from virus.
Applying MQ Maintenance to zLinux guests
We currently have our Non-Production environment migrated from Windows Servers to zLinux/zVM guests. We have a tech guest, maint quest, along with our queue manager guests. The dilemma we're in is regarding applying MQ Maintenance. We want to apply the maintenance to our Maint image and then clone it to our queue manager guests. However, we are faced with re-creating our queue managers because the cloning process wipes out the queue manager file system under opt and var. Has someone come across this situation? If so how did you get around redefining your queue managers after applying maintenance? Thanks. Richard W. Santilli IT Systems Engineer Consultant rsant...@progressive.com (440)395-0698
Gavin Appleton is out of the office.
I will be out of the office starting 09/04/2009 and will not return until 14/04/2009. I will respond to your message when I return.
CAVMEN Meeting on Thursday, April 23, 2009
The second quarter meeting of the Chicago Area VM (and Linux) Enthusiasts will be held on Thursday, April 23, 2009. -- Meeting Location: This quarter's meeting will be held at the Hewitt Associates 'East Campus' located at 100 Half Day Road, in Lincolnshire, IL. We will meet in the Lower Level Conference Room in Building 98. If you have not attended a meeting at this location before, or you are not familiar with the area, http://cavmen.home.comcast.net/hewittb99.htmlClick here for additional information on directions, maps, lodging and dining. -- Attendance: We would like to request a count of expected attendees by the Monday before the meeting, so that we may plan appropriately for arranging the facilities, and for refreshments and lunch, should one of the vendors wish to provide them. If you are planning to attend, PLEASE send an E-Mail by that date to mailto:cav...@comcast.netcav...@comcast.net with a subject line of Meeting Attendance. This is meant to be a facilities planning aid and should not be interpreted as a registration requirement. If you suddenly become available at the last minute, please feel free to attend even if you have not responded. Thank you in advance for your cooperation in this matter. -- Meeting Agenda: 9:00 AM Automating Operations on z/VM and Linux on System z using IBM Operations Manager for z/VM In this session, we'll dive into the details of automation using Operations Manager for z/VM, including console viewing, console message trapping, scheduling, spool monitoring, system event monitoring, etc. Live demos will show: * How to automatically take action based on messages on z/VM service machines, on Linux guest consoles, and in Linux syslog data * How to view and interact with live consoles and the system log, for both monitoring and debugging purposes * How to monitor and manage spool file usage * How to respond to system events * How to schedule one-time or recurring events The speaker will be Tracy Dean of the IBM Corporation. 10:30 AMCoffee Break 11:00 AMBacking Up and Restoring z/VM and Linux guest data using IBM Backup and Restore Manager for z/VM In this session, we'll discuss and demo the various levels of backup and restore capabilities available in Backup and Restore Manager for z/VM. The speaker will cover product installation requirements, configuration tips, and overall product structure. In addition, live demos will show various options for backing up a z/VM system and its Linux guests, including automation of the process using Operations Manager for z/VM. The speaker will be Tracy Dean of the IBM Corporation. 12:30 PMLunch Break 1:30 PM Administration and Vendor Announcements 1:45 PM Mainframe Virtualization and Linux - CA's Strategy This presentation covers CA's Strategy for Linux on System z and its development priorities. The presentation will also discuss common customer challenges and how they are being addressed by CA, as well as other virtualization and Linux topics. The speaker will be Milt Whitham of CA, Inc. 3:15 PM Coffee Break and Prize Drawing 3:30 PM VM:Operator r3 Update This presentation will introduce new features provided with CA VM:Operator r3 (Beta Program under way). This release delivers many significant enhancements to VM:Operator, including infrastructure changes that permit use of TCP/IP. Two significant features that were added to VM:Operator and leverage this new capability are LINUX SYSLOGD and Remote VM:Operator Support. This session will also discuss several other enhancements which were made in response to customer requests. The speaker will be Brian Jagos of CA, Inc. 4:45 PM Free-for-All Members will attempt to answer any reasonable VM or hardware related questions. If you are having a problem and want to find out if others are experiencing it, or you are installing new hardware or software and want to find out what types of problems others have experienced, here is the place to find out. Members are encouraged to bring ideas for future presentations and speakers to this meeting. -- Please check the WEB site for Map and Directions: http://cavmen.home.comcast.net In addition, you will also find extensive information available on dining and lodging in the Hewitt Associates area. Additional information about the CAVMEN group, and other VM related items of interest are available on our web site. There is no charge for admission to meetings. Meeting attendance is open to anyone, and advance registration is not required. I look forward to seeing all of you at the meeting. ___ Mark M. Suchecki - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - CAVMEN Coordinator Voice: (847) 518-0058 FAX:(847) 518-0083 E-Mail: cav...@comcast.net Web:
Re: Applying MQ Maintenance to zLinux guests
Richard, You can use MQ support pack MS03 to save the active MQ configuration: MS03: WebSphere MQ - Save Queue Manager object definitions using PCFs (saveqmgr)http://www-01.ibm.com/support/docview.wss?rs=171q1=mA1Juid=swg24000673loc=en_UScs=utf-8lang=en Ronald van der Laan
Re: Empty Service tapes?
On Thursday, 04/09/2009 at 08:48 EDT, Suleiman Shahin s_s_sha...@hotmail.com wrote: CP REW 181 Rewind complete Ready; T=0.01/0.01 08:46:34 PIPE TAPE|take 10|chop|cons Ready; T=0.01/0.01 08:46:39 O/P of VMFPLC2 SCAN vmfplc2 scan Scanning ... End-of-file or end-of-tape DMSP2C002E File * * not found Ready(00028); T=0.01/0.01 15:54:20 FWIW, the PSP tape shares a common format with MVS and starts with a tape mark, then the file in MOVEFILE format, then (I think) another TM. That's why the EOT option is important on VMFPLC2 SCAN. The documentation with the PSP tape instructs you to TAPE FSF before you MOVEFILE the file to disk. Alan Altmark z/VM Development IBM Endicott
USER MDISK and DIRMAINT Question
Hello all, I am one of the new bears trying to figure out how to use DIRMAINT to start defining some new users. As I have been searching the list archives for answers, I will start by saying I can identify with a comment made on this list back in February: ...go to a new z/VM shop that has z/VM just to support virtualized Linux and watch as they attempt to get DIRMAINT and RACF installed and configured, and then begin to use it. It isn't pretty. Haven't started on the RACF yet --- I can hardly wait! (you may all want to come and see the show!) Some pressing questions I have: I finally found the DIRMAP utility to map the minidisks. What I am seeing on my 5.4 system is that the use of the word END for end-of-volume and the resulting LENGTH seemed to get translated in my conversion from USER DIRECT to be 3390-01 numbers, not 3390-09 as I am using, at least on the report it puts out. (This is true for th $PAGE$ entry for the PAGE volume , the $SPOOL$ entry, and MAINT 0122 entry for the SPOOL volume, and the MAINT and SYSDUMP1 0123 address entries for the RES volume). Is this just a glitch with the report or do I need to get rid of END entries and/or code something else somewhere that I am missing? I would like to create some Real USERIDs in the style required by Security. I am looking for a best practice here. It would seem to me best to place non-system user-defined stuff (to use a technical term) OFF of the RES volume so it easily carries from one release to the next. I have noticed that the redbooks, etc. that go through creating Linux guest s seem to put their 191 mini-disk on the volume defined for Linux use. It would seem to me that possibily these and definitely any admin CMS disks should go on what we would call on the z/OS side a User volume (maybe equal to a Work volume in z/VM terms?) What is best practice/most used for CMS disks? Also, can someone point me to (or give) a quick sample of what is needed if I use LOGONBY both in the logon TO and the BY definitions? Thanks to all of you. Also, I have no idea about carrying forward the DIRMAINT files at this point (let alone where they really are). How are these usually handled when changing releases?
Re: Empty Service tapes?
Date: Thu, 9 Apr 2009 13:15:17 -0400 From: alan_altm...@us.ibm.com Subject: Re: Empty Service tapes? To: IBMVM@LISTSERV.UARK.EDU FWIW, the PSP tape shares a common format with MVS and starts with a tape mark, then the file in MOVEFILE format, then (I think) another TM. That's why the EOT option is important on VMFPLC2 SCAN. Believe me, Sir, I tried all of the above! The error started with FSF and Movefile and continued with VMFPLC2 (with and without (EOT) ... Suleiman Shahin _ Rediscover Hotmail®: Now available on your iPhone or BlackBerry http://windowslive.com/RediscoverHotmail?ocid=TXT_TAGLM_WL_HM_Rediscover_Mobile1_042009
Problems with IPLing a SECOND LEVEL z/VM 5.3
Hi I am taking my first crack at building a 2nd level z/VM under my 1st level z/VM. I tried IPLing the 2nd level and I am receiving the following: 13:20:27 Start ((Warm|Force|COLD|CLEAN) (DRain) (DIsable) (NODIRect) 13:20:27 (NOAUTOlog)) or (SHUTDOWN) H HCPSED6013A A CP read is pending. At this point I cannot enter anything in the console. A little background on how I built this. The 2nd level is a copy of my 1st level with any needed changes to the SYSTEM CONFIG and Directory files. The RES and Spool are copies from my first level. Below is a copy of my SECLVL user directory entry: USER SECLVL SECLVL 500M 500M BCDEFG MACHINE ESA 2 OPTION TODENABLE IPL CMS CONSOLE 0009 3215 T OPERATOR SPOOL 000C READER A SPOOL 000D PUNCH A SPOOL 000E PRINTER A LINK MAINT 0190 0190 RR LINK MAINT 019D 019D RR LINK MAINT 019E 019E RR MDISK 191 3390 1 200 53DW01 MR MDISK 1000 3390 0 END 53DRES MR MDISK 12F1 3390 0 END 53DPAG MR MDISK 12F2 3390 0 END 53DSPL MR Now the examples in the book 'z/VM Running Guest Operating Systems' are using one disk broken down into multiple mdisks for RES, PAGE, and SPOOL. I just decided to use my copy of the first level and make these full pack mdisks as you see in the user directory. Will this approach work? Or am I missing something. Thank You, Terry Martin Lockheed Martin - Information Technology z/OS z/VM Systems - Performance and Tuning Cell - 443 632-4191 Work - 410 786-0386 terry.ma...@cms.hhs.gov
Re: Problems with IPLing a SECOND LEVEL z/VM 5.3
Remember to do TERM CONMODE 3270 before the IPL? Also, you may need to put the cons=0009 on the load screen (assuming the address of your console is 0009) Bob Bates Enterprise Hosting Services w. (469)892-6660 c. (214) 907-5071 This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Martin, Terry R. (LOCKHEED MARTIN Performance Engineering/CTR) (CTR) Sent: Thursday, April 09, 2009 12:38 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Problems with IPLing a SECOND LEVEL z/VM 5.3 Hi I am taking my first crack at building a 2nd level z/VM under my 1st level z/VM. I tried IPLing the 2nd level and I am receiving the following: 13:20:27 Start ((Warm|Force|COLD|CLEAN) (DRain) (DIsable) (NODIRect) 13:20:27 (NOAUTOlog)) or (SHUTDOWN) H HCPSED6013A A CP read is pending. At this point I cannot enter anything in the console. A little background on how I built this. The 2nd level is a copy of my 1st level with any needed changes to the SYSTEM CONFIG and Directory files. The RES and Spool are copies from my first level. Below is a copy of my SECLVL user directory entry: USER SECLVL SECLVL 500M 500M BCDEFG MACHINE ESA 2 OPTION TODENABLE IPL CMS CONSOLE 0009 3215 T OPERATOR SPOOL 000C READER A SPOOL 000D PUNCH A SPOOL 000E PRINTER A LINK MAINT 0190 0190 RR LINK MAINT 019D 019D RR LINK MAINT 019E 019E RR MDISK 191 3390 1 200 53DW01 MR MDISK 1000 3390 0 END 53DRES MR MDISK 12F1 3390 0 END 53DPAG MR MDISK 12F2 3390 0 END 53DSPL MR Now the examples in the book 'z/VM Running Guest Operating Systems' are using one disk broken down into multiple mdisks for RES, PAGE, and SPOOL. I just decided to use my copy of the first level and make these full pack mdisks as you see in the user directory. Will this approach work? Or am I missing something. Thank You, Terry Martin Lockheed Martin - Information Technology z/OS z/VM Systems - Performance and Tuning Cell - 443 632-4191 Work - 410 786-0386 terry.ma...@cms.hhs.govmailto:terry.ma...@cms.hhs.gov
Re: Problems with IPLing a SECOND LEVEL z/VM 5.3
Did u get the SA Loader Screen? If so, you need to type CONS=009 in the IPL Parameter field. Thank you, Scott From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Martin, Terry R. (LOCKHEED MARTIN Performance Engineering/CTR) (CTR) Sent: Thursday, April 09, 2009 12:38 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Problems with IPLing a SECOND LEVEL z/VM 5.3 Hi I am taking my first crack at building a 2nd level z/VM under my 1st level z/VM. I tried IPLing the 2nd level and I am receiving the following: 13:20:27 Start ((Warm|Force|COLD|CLEAN) (DRain) (DIsable) (NODIRect) 13:20:27 (NOAUTOlog)) or (SHUTDOWN) H HCPSED6013A A CP read is pending. At this point I cannot enter anything in the console. A little background on how I built this. The 2nd level is a copy of my 1st level with any needed changes to the SYSTEM CONFIG and Directory files. The RES and Spool are copies from my first level. Below is a copy of my SECLVL user directory entry: USER SECLVL SECLVL 500M 500M BCDEFG MACHINE ESA 2 OPTION TODENABLE IPL CMS CONSOLE 0009 3215 T OPERATOR SPOOL 000C READER A SPOOL 000D PUNCH A SPOOL 000E PRINTER A LINK MAINT 0190 0190 RR LINK MAINT 019D 019D RR LINK MAINT 019E 019E RR MDISK 191 3390 1 200 53DW01 MR MDISK 1000 3390 0 END 53DRES MR MDISK 12F1 3390 0 END 53DPAG MR MDISK 12F2 3390 0 END 53DSPL MR Now the examples in the book 'z/VM Running Guest Operating Systems' are using one disk broken down into multiple mdisks for RES, PAGE, and SPOOL. I just decided to use my copy of the first level and make these full pack mdisks as you see in the user directory. Will this approach work? Or am I missing something. Thank You, Terry Martin Lockheed Martin - Information Technology z/OS z/VM Systems - Performance and Tuning Cell - 443 632-4191 Work - 410 786-0386 terry.ma...@cms.hhs.gov Confidentiality Note: This e-mail, including any attachment to it, may contain material that is confidential, proprietary, privileged and/or Protected Health Information, within the meaning of the regulations under the Health Insurance Portability Accountability Act as amended. If it is not clear that you are the intended recipient, you are hereby notified that you have received this transmittal in error, and any review, dissemination, distribution or copying of this e-mail, including any attachment to it, is strictly prohibited. If you have received this e-mail in error, please immediately return it to the sender and delete it from your system. Thank you.
Re: Problems with IPLing a SECOND LEVEL z/VM 5.3
Also remove the T OPERATOR from your console statement Thank you, Scott From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Martin, Terry R. (LOCKHEED MARTIN Performance Engineering/CTR) (CTR) Sent: Thursday, April 09, 2009 12:38 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Problems with IPLing a SECOND LEVEL z/VM 5.3 Hi I am taking my first crack at building a 2nd level z/VM under my 1st level z/VM. I tried IPLing the 2nd level and I am receiving the following: 13:20:27 Start ((Warm|Force|COLD|CLEAN) (DRain) (DIsable) (NODIRect) 13:20:27 (NOAUTOlog)) or (SHUTDOWN) H HCPSED6013A A CP read is pending. At this point I cannot enter anything in the console. A little background on how I built this. The 2nd level is a copy of my 1st level with any needed changes to the SYSTEM CONFIG and Directory files. The RES and Spool are copies from my first level. Below is a copy of my SECLVL user directory entry: USER SECLVL SECLVL 500M 500M BCDEFG MACHINE ESA 2 OPTION TODENABLE IPL CMS CONSOLE 0009 3215 T OPERATOR SPOOL 000C READER A SPOOL 000D PUNCH A SPOOL 000E PRINTER A LINK MAINT 0190 0190 RR LINK MAINT 019D 019D RR LINK MAINT 019E 019E RR MDISK 191 3390 1 200 53DW01 MR MDISK 1000 3390 0 END 53DRES MR MDISK 12F1 3390 0 END 53DPAG MR MDISK 12F2 3390 0 END 53DSPL MR Now the examples in the book 'z/VM Running Guest Operating Systems' are using one disk broken down into multiple mdisks for RES, PAGE, and SPOOL. I just decided to use my copy of the first level and make these full pack mdisks as you see in the user directory. Will this approach work? Or am I missing something. Thank You, Terry Martin Lockheed Martin - Information Technology z/OS z/VM Systems - Performance and Tuning Cell - 443 632-4191 Work - 410 786-0386 terry.ma...@cms.hhs.gov Confidentiality Note: This e-mail, including any attachment to it, may contain material that is confidential, proprietary, privileged and/or Protected Health Information, within the meaning of the regulations under the Health Insurance Portability Accountability Act as amended. If it is not clear that you are the intended recipient, you are hereby notified that you have received this transmittal in error, and any review, dissemination, distribution or copying of this e-mail, including any attachment to it, is strictly prohibited. If you have received this e-mail in error, please immediately return it to the sender and delete it from your system. Thank you.
Re: Problems with IPLing a SECOND LEVEL z/VM 5.3
Yup, that's definitely it. Do: CP TERM CONMODE 3270 IPL 1000 CLEAR LOADPARM 009 that will bring up the standalone loader using the virtual machine's console at 009, in 3270 mode. On the standalone loader type: cons=009 in the parms section BEFORE pressing PF10. -Mike -Original Message- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Bob Bates Sent: Thursday, April 09, 2009 1:45 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Problems with IPLing a SECOND LEVEL z/VM 5.3 Remember to do TERM CONMODE 3270 before the IPL? Also, you may need to put the cons=0009 on the load screen (assuming the address of your console is 0009) Bob Bates Enterprise Hosting Services w. (469)892-6660 c. (214) 907-5071 This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. _ From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Martin, Terry R. (LOCKHEED MARTIN Performance Engineering/CTR) (CTR) Sent: Thursday, April 09, 2009 12:38 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Problems with IPLing a SECOND LEVEL z/VM 5.3 Hi I am taking my first crack at building a 2nd level z/VM under my 1st level z/VM. I tried IPLing the 2nd level and I am receiving the following: 13:20:27 Start ((Warm|Force|COLD|CLEAN) (DRain) (DIsable) (NODIRect) 13:20:27 (NOAUTOlog)) or (SHUTDOWN) H HCPSED6013A A CP read is pending. At this point I cannot enter anything in the console. A little background on how I built this. The 2nd level is a copy of my 1st level with any needed changes to the SYSTEM CONFIG and Directory files. The RES and Spool are copies from my first level. Below is a copy of my SECLVL user directory entry: USER SECLVL SECLVL 500M 500M BCDEFG MACHINE ESA 2 OPTION TODENABLE IPL CMS CONSOLE 0009 3215 T OPERATOR SPOOL 000C READER A SPOOL 000D PUNCH A SPOOL 000E PRINTER A LINK MAINT 0190 0190 RR LINK MAINT 019D 019D RR LINK MAINT 019E 019E RR MDISK 191 3390 1 200 53DW01 MR MDISK 1000 3390 0 END 53DRES MR MDISK 12F1 3390 0 END 53DPAG MR MDISK 12F2 3390 0 END 53DSPL MR Now the examples in the book 'z/VM Running Guest Operating Systems' are using one disk broken down into multiple mdisks for RES, PAGE, and SPOOL. I just decided to use my copy of the first level and make these full pack mdisks as you see in the user directory. Will this approach work? Or am I missing something. Thank You, Terry Martin Lockheed Martin - Information Technology z/OS z/VM Systems - Performance and Tuning Cell - 443 632-4191 Work - 410 786-0386 terry.ma...@cms.hhs.gov
Re: MAC and DAC in vm/RACF
This wst not listed some reason, I am trying again... On Thu, Apr 9, 2009 at 11:20 AM, Aisik Chang a829...@gmail.com wrote: GM, listers, How do I find whether we are using MAC or DAC (Mandatory or Discretionary Access Control) in VM/RACF ? Thanks, Ann
Re: Problems with IPLing a SECOND LEVEL z/VM 5.3
Title: Message still pretty sweet that after all these years (decades!) CP will still initialize to a 3215! Albeit a virtual one.David Original Message Subject: Re: [IBMVM] Problems with IPLing a SECOND LEVEL z/VM 5.3 From: Michael Coffin michaelcof...@mccci.com Date: Thu, April 09, 2009 1:51 pm To: IBMVM@LISTSERV.UARK.EDU Yup, that's definitely it. Do: CP TERM CONMODE 3270 IPL 1000 CLEAR LOADPARM 009 that will bring up the standalone loader using the virtual machine's console at 009, in 3270 mode. On the standalone loader type: cons=009 in the parms section BEFORE pressing PF10. -Mike -Original Message-From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Bob BatesSent: Thursday, April 09, 2009 1:45 PMTo: IBMVM@LISTSERV.UARK.EDUSubject: Re: Problems with IPLing a SECOND LEVEL z/VM 5.3 Remember to do TERM CONMODE 3270 before the IPL? Also, you may need to put the cons=0009 on the load screen (assuming the address of your console is 0009) Bob Bates Enterprise Hosting Servicesw. (469)892-6660 c. (214) 907-5071 “This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation."From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Martin, Terry R. (LOCKHEED MARTIN Performance Engineering/CTR) (CTR)Sent: Thursday, April 09, 2009 12:38 PMTo: IBMVM@LISTSERV.UARK.EDUSubject: Problems with IPLing a SECOND LEVEL z/VM 5.3 Hi I am taking my first crack at building a 2nd level z/VM under my 1st level z/VM. I tried IPLing the 2nd level and I am receiving the following: 13:20:27 Start ((Warm|Force|COLD|CLEAN) (DRain) (DIsable) (NODIRect) 13:20:27 (NOAUTOlog)) or (SHUTDOWN) H HCPSED6013A A CP read is pending. At this point I cannot enter anything in the console. A little background on how I built this. The 2nd level is a copy of my 1st level with any needed changes to the SYSTEM CONFIG and Directory files. The RES and Spool are copies from my first level. Below is a copy of my SECLVL user directory entry: USER SECLVL SECLVL 500M 500M BCDEFG MACHINE ESA 2 OPTION TODENABLE IPL CMS CONSOLE 0009 3215 T OPERATOR SPOOL 000C READER A SPOOL 000D PUNCH A SPOOL 000E PRINTER A LINK MAINT 0190 0190 RR LINK MAINT 019D 019D RR LINK MAINT 019E 019E RR MDISK 191 3390 1 200 53DW01 MR MDISK 1000 3390 0 END 53DRES MR MDISK 12F1 3390 0 END 53DPAG MR MDISK 12F2 3390 0 END 53DSPL MR Now the examples in the book ’z/VM Running Guest Operating Systems’ are using one disk broken down into multiple mdisks for RES, PAGE, and SPOOL. I just decided to use my copy of the first level and make these full pack mdisks as you see in the user directory. Will this approach work? Or am I missing something. Thank You, Terry Martin Lockheed Martin - Information Technology z/OS z/VM Systems - Performance and Tuning Cell - 443 632-4191 Work - 410 786-0386 terry.ma...@cms.hhs.gov
Re: USER MDISK and DIRMAINT Question
Valerie, I can take a couple of these questions, hopefully others will jump in on the ones I can't answer. On the 'END' statement, I found that documented for the diskmap utility as well, so I changed all mine to the actually cylinder address. In the long run I found it easier to be able to see the size of the device in user direct. (IE, oh, this linux has three mod 27's and a mod 9). Our dasd numbering system didn't have that info, ymmv. IE, you may know that the 1000 string, for example, is all mod 9's. Mine was interspersed, so having the end cylinder was a quick way to find that out. On the 191 thing, I've done both ways, the 1 cylinder 191 on the linux 200 volume and on another volume. Either way really works fine. Only thing I found was if you have multiple lpars, and, despite people saying 'we won't be moving linuxes back and forth to different lpars', of course six months later they're moving crap all around. So it was helpful to have the 191 and the 200 on the same volume. If you have a volume full of 191's, and you want to move the linux to a different lpar, you have to either copy the 191 to another 191 volume or create a new one on the new lpar. In my last shop, we had a mod 3 for non-IBM-supplied userids (ie, mine) and a mod 3 for linux 191's. We kept that separate from the res pack for ease of migration. But I'd be interested to hear what others are doing in hopes of getting a consensus. Mary Anne On Thu, Apr 9, 2009 at 1:33 PM, Le Grande Valerie valerie.legra...@sentry.com wrote: Hello all, I am one of the new bears trying to figure out how to use DIRMAINT to start defining some new users. As I have been searching the list archives for answers, I will start by saying I can identify with a comment made on this list back in February: ...go to a new z/VM shop that has z/VM just to support virtualized Linux and watch as they attempt to get DIRMAINT and RACF installed and configured, and then begin to use it. It isn't pretty. Haven't started on the RACF yet --- I can hardly wait! (you may all want to come and see the show!) Some pressing questions I have: I finally found the DIRMAP utility to map the minidisks. What I am seeing on my 5.4 system is that the use of the word END for end-of-volume and the resulting LENGTH seemed to get translated in my conversion from USER DIRECT to be 3390-01 numbers, not 3390-09 as I am using, at least on the report it puts out. (This is true for th $PAGE$ entry for the PAGE volume, the $SPOOL$ entry, and MAINT 0122 entry for the SPOOL volume, and the MAINT and SYSDUMP1 0123 address entries for the RES volume). Is this just a glitch with the report or do I need to get rid of END entries and/or code something else somewhere that I am missing? I would like to create some Real USERIDs in the style required by Security. I am looking for a best practice here. It would seem to me best to place non-system user-defined stuff (to use a technical term) OFF of the RES volume so it easily carries from one release to the next. I have noticed that the redbooks, etc. that go through creating Linux guests seem to put their 191 mini-disk on the volume defined for Linux use. It would seem to me that possibily these and definitely any admin CMS disks should go on what we would call on the z/OS side a User volume (maybe equal to a Work volume in z/VM terms?) What is best practice/most used for CMS disks? Also, can someone point me to (or give) a quick sample of what is needed if I use LOGONBY both in the logon TO and the BY definitions? Thanks to all of you. Also, I have no idea about carrying forward the DIRMAINT files at this point (let alone where they really are). How are these usually handled when changing releases?
Re: Empty Service tapes?
I used to have a utility from some user group called TAPEMAP that would scan a tape and tell how many tapemarks were on a tape and where they were in feet from the beginning reflector strip. It also told you haw many blocks of data were recorded between each tapemark and the size of the largest block. There were some other things on the report but I don't remember what they were. The utility would not work on tape cartages just reel tapes. On rare occasions I wish I had it to find what is on a tape. If anyone updated it to work with newer tapes it would be what you need to get started on finding the data. Now, I just mount the tape on VSE and use interactive DITTO to look at unknown tapes. FWIW, the PSP tape shares a common format with MVS and starts with a tape mark, then the file in MOVEFILE format, then (I think) another TM. That's why the EOT option is important on VMFPLC2 SCAN. Believe me, Sir, I tried all of the above! The error started with FSF and Movefile and continued with VMFPLC2 (with and without (EOT) ... -- Stephen Frazier Information Technology Unit Oklahoma Department of Corrections 3400 Martin Luther King Oklahoma City, Ok, 73111-4298 Tel.: (405) 425-2549 Fax: (405) 425-2554 Pager: (405) 690-1828 email: stevef%doc.state.ok.us
Re: Empty Service tapes?
TAPEMAP still works for showing you the structure/content of a tape, even 3590s. It does not provide correct numbers for the number of FEET in a dataset etc and has not since the advent of 3480 cartridges. If people want a VMARC of the TAPEMAP module and helpcms, please contact me offline. /Tom Kern /301-903-2211 On Thu, 9 Apr 2009 13:45:38 -0500, Stephen Frazier ste...@doc.state.ok.u s wrote: I used to have a utility from some user group called TAPEMAP that would scan a tape and tell how many tapemarks were on a tape and where they were in feet from the beginning reflector strip. It also told you haw many blocks of data were recorded between each tapemark and the size of the largest block. There were some other things on the report but I don't remember what they were. The utility would not work on tape cartages just reel tapes. On rare occasions I wish I had it to find what is on a tape. If anyone updated it to work with newer tapes it would be what you need to get started on finding the data. Now, I just mount the tape on VSE and use interactive DITTO to look at unknown tapes. FWIW, the PSP tape shares a common format with MVS and starts with a t ape mark, then the file in MOVEFILE format, then (I think) another TM. That's why the EOT option is important on VMFPLC2 SCAN. Believe me, Sir, I tried all of the above! The error started with FSF and Movefile and continued with VMFPLC2 (with and without (EOT) ... -- Stephen Frazier Information Technology Unit Oklahoma Department of Corrections 3400 Martin Luther King Oklahoma City, Ok, 73111-4298 Tel.: (405) 425-2549 Fax: (405) 425-2554 Pager: (405) 690-1828 email: stevef%doc.state.ok.us
Re: Empty Service tapes?
The CBT tape has a few copies of this program. www.cbttape.org -Original Message- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Stephen Frazier Sent: Thursday, April 09, 2009 1:46 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Empty Service tapes? I used to have a utility from some user group called TAPEMAP that would scan a tape and tell how many tapemarks were on a tape and where they were in feet from the beginning reflector strip. It also told you haw many blocks of data were recorded between each tapemark and the size of the largest block. There were some other things on the report but I don't remember what they were. The utility would not work on tape cartages just reel tapes. On rare occasions I wish I had it to find what is on a tape. If anyone updated it to work with newer tapes it would be what you need to get started on finding the data. Now, I just mount the tape on VSE and use interactive DITTO to look at unknown tapes. FWIW, the PSP tape shares a common format with MVS and starts with a tape mark, then the file in MOVEFILE format, then (I think) another TM. That's why the EOT option is important on VMFPLC2 SCAN. Believe me, Sir, I tried all of the above! The error started with FSF and Movefile and continued with VMFPLC2 (with and without (EOT) ... -- Stephen Frazier Information Technology Unit Oklahoma Department of Corrections 3400 Martin Luther King Oklahoma City, Ok, 73111-4298 Tel.: (405) 425-2549 Fax: (405) 425-2554 Pager: (405) 690-1828 email: stevef%doc.state.ok.us Disclaimer Confidentiality Notice: This e-mail, and any attachments and/or documents linked to this email, are intended for the addressee and may contain information that is privileged, confidential, proprietary, or otherwise protected by law. Any dissemination, distribution, or copying is prohibited. This notice serves as a confidentiality marking for the purpose of any confidentiality or nondisclosure agreement. If you have received this communication in error, please contact the original sender.
Re: MAC and DAC in vm/RACF
Hmmm... If you think about it, all access controls (for a Class G virtual machine) are mandatory by nature. The virtual machine cannot discretionarily circumvent those limits which are mandatorily placed on it by the hypervisor. This would be true for RACF or for any other ESM ... even none. (No comments from the man from Endicott.) The concern I hear about DAC -vs- MAC is that discretionary breaks down (eg: in a poorly written DAC application). So we throw MAC at the problem. It's more complicated, but it relieves programmers of the consequences of being careless, lazy, or stupid. We now shift the burden of security from programmers to ... [drum roll] ... auditors, who will establish and monitor the policy behind your MAC. After all, they know best ... *stop* ... I am straying from the topic. Sorry. Try again. The concern I hear about DAC -vs- MAC is that discretionary breaks down (eg: in a poorly written DAC application). For example, a buggy 'mount' command, which must run as root, leaves open a back door for the hackers to jimmy. The privileges of 'mount' are elevated by the SETUID bit. It then acts with discretion, only doing what it is supposed to do (only mounting things on user request which are allowed). With virtual machines (assuming a strong hypervisor), all resource access is controlled by the hypervisor. (Hey! There's an idea! Call the hypervisor a control program!) There is no concept of discretionary. There is no back door. The privileges of a virtual machine are not elevated on-the-fly. (At least, not for the sake of running user-space applications.) -- R; On Thu, Apr 9, 2009 at 11:20 AM, Aisik Chang a829...@gmail.com wrote: GM, listers, How do I find whether we are using MAC or DAC (Mandatory or Discretionary Access Control) in VM/RACF ? Thanks, Ann
Re: MAC and DAC in vm/RACF
On Thursday, 04/09/2009 at 11:23 EDT, Aisik Chang a829...@gmail.com wrote: GM, listers, How do I find whether we are using MAC or DAC (Mandatory or Discretionary Access Control) in VM/RACF ? Believe me, you would know. :-) Among other things, the SECLABEL class will be active. Alan Altmark z/VM Development IBM Endicott
Re: MAC and DAC in vm/RACF
On Thursday, 04/09/2009 at 03:02 EDT, Richard Troth vmcow...@gmail.com wrote: Hmmm... If you think about it, all access controls (for a Class G virtual machine) are mandatory by nature. The virtual machine cannot discretionarily circumvent those limits which are mandatorily placed on it by the hypervisor. This would be true for RACF or for any other ESM ... even none. (No comments from the man from Endicott.) Sorry...bzzzt... :-) Those terms are from the system's point of view, not a person's. o Mandatory means that there is No Free Will; the system obeys a *policy* that will govern ALL relevant behavior. All other considerations are secondary. The crew is expendable. o Discretionary means that, where permitted by policy, a Choice may be made and that Individuals may make the Choice. I think the Oracle (no, not the database) was right: you can't see past the Choices you don't understand, so mandatory controls are required to maintain the Balance. And the reason companies often separate security from system programming is to ensure that the Balance between No Problem, Boss! and The computer is plugged in - we are at risk is maintained. Sysprogs are also usually not tasked with the job of saving the company from its own stupidity or ignorance. Alan Altmark z/VM Development IBM Endicott
Re: Empty Service tapes?
On Thursday, 04/09/2009 at 01:37 EDT, Suleiman Shahin s_s_sha...@hotmail.com wrote: Believe me, Sir, I tried all of the above! The error started with FSF and Movefile and continued with VMFPLC2 (with and without (EOT) ... I was convinced rather rapidly that the tape was logically (but not physically) empty. It's kind of hard to mess up the PSP instructions! Alan Altmark z/VM Development IBM Endicott
Re: Empty Service tapes?
On: Thu, Apr 09, 2009 at 01:45:38PM -0500,Stephen Frazier Wrote: I used to have a utility from some user group called TAPEMAP that would scan a tape and tell how many tapemarks were on a tape and where they were in feet from the beginning reflector strip. It also told you haw many blocks of data were recorded between each tapemark and the size of the largest block. There were some other things on the report but I don't remember what they were. The utility would not work on tape cartages just reel tapes. On rare occasions I wish I had it to find what is on a tape. If anyone updated it to work with newer tapes it would be what you need to get started on finding the data. My CKTAPE (to be found on a workshop web site near you) will give you most of that info, but without the lengths of parts of the tape. If you can't find it I can send it to you. Check the mod history at the beginning, The copy I have was last modded 3/94. -- Rich Greenberg N Ft Myers, FL, USA richgr atsign panix.com + 1 239 543 1353 Eastern time. N6LRT I speak for myself my dogs only.VM'er since CP-67 Canines:Val, Red, Shasta Casey (RIP), Red Zero, Siberians Owner:Chinook-L Retired at the beach Asst Owner:Sibernet-L
Re: USER MDISK and DIRMAINT Question
I'll send my document with some practical directory wisdom to Valerie. - I too would not use disks defined 0 END, but set them at the real size. - keeping your minidisk off the standard install disks make migrations a bit easier indeed. - using LOGON BY: I wouldn't like to live without. Thanks to LOGON BY I only need to remember my own password. - LOGON BY with or without RACF are entirely different - without RACF, - you define who can use LOGON BY in the CP directory - the password LBYONLY (or alike) makes LOGON BY the only logon method - With RACF: directory definitions for LOGON BY are ignored - when you issue RDEFINE SURROGAT LOGONBY.userid the user becomes LOGON BY only - with PERMIT SURROGAT.userid CLASS(VMMDISK) ID() you give the permissions - with PERMIT SURROGAT.userid CLASS(VMMDISK) ID(userid) the user is no longer LOGON BY only Changing releases: the hardest part is merging the directories of the new and the old VM system. I've got some method and a few REXX execs to help with this, but not enough documentation. I used/created them on a system with RACF and DIRMAINT. Can'tt tell more in a short append like this. 2009/4/9 Mary Anne Matyaz maryanne4...@gmail.com Valerie, I can take a couple of these questions, hopefully others will jump in on the ones I can't answer. On the 'END' statement, I found that documented for the diskmap utility as well, so I changed all mine to the actually cylinder address. In the long run I found it easier to be able to see the size of the device in user direct. (IE, oh, this linux has three mod 27's and a mod 9). Our dasd numbering system didn't have that info, ymmv. IE, you may know that the 1000 string, for example, is all mod 9's. Mine was interspersed, so having the end cylinder was a quick way to find that out. On the 191 thing, I've done both ways, the 1 cylinder 191 on the linux 200 volume and on another volume. Either way really works fine. Only thing I found was if you have multiple lpars, and, despite people saying 'we won't be moving linuxes back and forth to different lpars', of course six months later they're moving crap all around. So it was helpful to have the 191 and the 200 on the same volume. If you have a volume full of 191's, and you want to move the linux to a different lpar, you have to either copy the 191 to another 191 volume or create a new one on the new lpar. In my last shop, we had a mod 3 for non-IBM-supplied userids (ie, mine) and a mod 3 for linux 191's. We kept that separate from the res pack for ease of migration. But I'd be interested to hear what others are doing in hopes of getting a consensus. Mary Anne On Thu, Apr 9, 2009 at 1:33 PM, Le Grande Valerie valerie.legra...@sentry.com wrote: Hello all, I am one of the new bears trying to figure out how to use DIRMAINT to start defining some new users. As I have been searching the list archives for answers, I will start by saying I can identify with a comment made on this list back in February: ...go to a new z/VM shop that has z/VM just to support virtualized Linux and watch as they attempt to get DIRMAINT and RACF installed and configured, and then begin to use it. It isn't pretty. Haven't started on the RACF yet --- I can hardly wait! (you may all want to come and see the show!) Some pressing questions I have: I finally found the DIRMAP utility to map the minidisks. What I am seeing on my 5.4 system is that the use of the word END for end-of-volume and the resulting LENGTH seemed to get translated in my conversion from USER DIRECT to be 3390-01 numbers, not 3390-09 as I am using, at least on the report it puts out. (This is true for th $PAGE$ entry for the PAGE volume, the $SPOOL$ entry, and MAINT 0122 entry for the SPOOL volume, and the MAINT and SYSDUMP1 0123 address entries for the RES volume). Is this just a glitch with the report or do I need to get rid of END entries and/or code something else somewhere that I am missing? I would like to create some Real USERIDs in the style required by Security. I am looking for a best practice here. It would seem to me best to place non-system user-defined stuff (to use a technical term) OFF of the RES volume so it easily carries from one release to the next. I have noticed that the redbooks, etc. that go through creating Linux guests seem to put their 191 mini-disk on the volume defined for Linux use. It would seem to me that possibily these and definitely any admin CMS disks should go on what we would call on the z/OS side a User volume (maybe equal to a Work volume in z/VM terms?) What is best practice/most used for CMS disks? Also, can someone point me to (or give) a quick sample of what is needed if I use LOGONBY both in the logon TO and the BY definitions? Thanks to all of you. Also, I have no idea about carrying forward the DIRMAINT files at this point (let alone where they really are). How are
Re: USER MDISK and DIRMAINT Question
There used to be a real nice 'how to' appendix in DIRMAINT book but I just can't find it now. I'll just comment on a thing or two. First to setup a 'real' user on something other than a 540xxx disk. What you need to do is to update the EXTENT CONTROL file to add a new USER group/pool on a volume other than 540xxx. The best way to do this is to use DIRM SEND .. edit the file DIRM FILE and DIRM RLDEXTN. Then when you create MDISKs for the new user id's you can put them in the new user group. As for LOGONBY, you mentioned RACF, so don't worry about LOGONBY in DIRMAINT, let that control be with RACF. -Original Message- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu]on Behalf Of Mary Anne Matyaz Sent: Thursday, April 09, 2009 1:32 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: USER MDISK and DIRMAINT Question Valerie, I can take a couple of these questions, hopefully others will jump in on the ones I can't answer. On the 'END' statement, I found that documented for the diskmap utility as well, so I changed all mine to the actually cylinder address. In the long run I found it easier to be able to see the size of the device in user direct. (IE, oh, this linux has three mod 27's and a mod 9). Our dasd numbering system didn't have that info, ymmv. IE, you may know that the 1000 string, for example, is all mod 9's. Mine was interspersed, so having the end cylinder was a quick way to find that out. On the 191 thing, I've done both ways, the 1 cylinder 191 on the linux 200 volume and on another volume. Either way really works fine. Only thing I found was if you have multiple lpars, and, despite people saying 'we won't be moving linuxes back and forth to different lpars', of course six months later they're moving crap all around. So it was helpful to have the 191 and the 200 on the same volume. If you have a volume full of 191's, and you want to move the linux to a different lpar, you have to either copy the 191 to another 191 volume or create a new one on the new lpar. In my last shop, we had a mod 3 for non-IBM-supplied userids (ie, mine) and a mod 3 for linux 191's. We kept that separate from the res pack for ease of migration. But I'd be interested to hear what others are doing in hopes of getting a consensus. Mary Anne On Thu, Apr 9, 2009 at 1:33 PM, Le Grande Valerie valerie.legra...@sentry.com wrote: Hello all, I am one of the new bears trying to figure out how to use DIRMAINT to start defining some new users. As I have been searching the list archives for answers, I will start by saying I can identify with a comment made on this list back in February: ...go to a new z/VM shop that has z/VM just to support virtualized Linux and watch as they attempt to get DIRMAINT and RACF installed and configured, and then begin to use it. It isn't pretty. Haven't started on the RACF yet --- I can hardly wait! (you may all want to come and see the show!) Some pressing questions I have: I finally found the DIRMAP utility to map the minidisks. What I am seeing on my 5.4 system is that the use of the word END for end-of-volume and the resulting LENGTH seemed to get translated in my conversion from USER DIRECT to be 3390-01 numbers, not 3390-09 as I am using, at least on the report it puts out. (This is true for th $PAGE$ entry for the PAGE volume, the $SPOOL$ entry, and MAINT 0122 entry for the SPOOL volume, and the MAINT and SYSDUMP1 0123 address entries for the RES volume). Is this just a glitch with the report or do I need to get rid of END entries and/or code something else somewhere that I am missing? I would like to create some Real USERIDs in the style required by Security. I am looking for a best practice here. It would seem to me best to place non-system user-defined stuff (to use a technical term) OFF of the RES volume so it easily carries from one release to the next. I have noticed that the redbooks, etc. that go through creating Linux guests seem to put their 191 mini-disk on the volume defined for Linux use. It would seem to me that possibily these and definitely any admin CMS disks should go on what we would call on the z/OS side a User volume (maybe equal to a Work volume in z/VM terms?) What is best practice/most used for CMS disks? Also, can someone point me to (or give) a quick sample of what is needed if I use LOGONBY both in the logon TO and the BY definitions? Thanks to all of you. Also, I have no idea about carrying forward the DIRMAINT files at this point (let alone where they really are). How are these usually handled when changing releases?
Re: Problems with IPLing a SECOND LEVEL z/VM 5.3
Not really, CP no longer supports a 3125 as console. Removed several years ago. What was seen was the first level VM that simulates the linemode message interface of the HMC. The second level VM systems must have had SYSTEM_CONSOLE in its console list to make this work (OK in the sample SYSTEM CONFIG file). One can respond to the second level VM system questions by using #CP VINPUT VMSG x 2009/4/9 David Kreuter dkreu...@vm-resources.com: still pretty sweet that after all these years (decades!) CP will still initialize to a 3215! Albeit a virtual one. David Original Message Subject: Re: [IBMVM] Problems with IPLing a SECOND LEVEL z/VM 5.3 From: Michael Coffin michaelcof...@mccci.com Date: Thu, April 09, 2009 1:51 pm To: IBMVM@LISTSERV.UARK.EDU Yup, that's definitely it. Do: CP TERM CONMODE 3270 IPL 1000 CLEAR LOADPARM 009 that will bring up the standalone loader using the virtual machine's console at 009, in 3270 mode. On the standalone loader type: cons=009 in the parms section BEFORE pressing PF10. -Mike -Original Message- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Bob Bates Sent: Thursday, April 09, 2009 1:45 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Problems with IPLing a SECOND LEVEL z/VM 5.3 Remember to do TERM CONMODE 3270 before the IPL? Also, you may need to put the cons=0009 on the load screen (assuming the address of your console is 0009) Bob Bates Enterprise Hosting Services w. (469)892-6660 c. (214) 907-5071 “This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Martin, Terry R. (LOCKHEED MARTIN Performance Engineering/CTR) (CTR) Sent: Thursday, April 09, 2009 12:38 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Problems with IPLing a SECOND LEVEL z/VM 5.3 Hi I am taking my first crack at building a 2nd level z/VM under my 1st level z/VM. I tried IPLing the 2nd level and I am receiving the following: 13:20:27 Start ((Warm|Force|COLD|CLEAN) (DRain) (DIsable) (NODIRect) 13:20:27 (NOAUTOlog)) or (SHUTDOWN) H HCPSED6013A A CP read is pending. At this point I cannot enter anything in the console. A little background on how I built this. The 2nd level is a copy of my 1st level with any needed changes to the SYSTEM CONFIG and Directory files. The RES and Spool are copies from my first level. Below is a copy of my SECLVL user directory entry: USER SECLVL SECLVL 500M 500M BCDEFG MACHINE ESA 2 OPTION TODENABLE IPL CMS CONSOLE 0009 3215 T OPERATOR SPOOL 000C READER A SPOOL 000D PUNCH A SPOOL 000E PRINTER A LINK MAINT 0190 0190 RR LINK MAINT 019D 019D RR LINK MAINT 019E 019E RR MDISK 191 3390 1 200 53DW01 MR MDISK 1000 3390 0 END 53DRES MR MDISK 12F1 3390 0 END 53DPAG MR MDISK 12F2 3390 0 END 53DSPL MR Now the examples in the book ’z/VM Running Guest Operating Systems’ are using one disk broken down into multiple mdisks for RES, PAGE, and SPOOL. I just decided to use my copy of the first level and make these full pack mdisks as you see in the user directory. Will this approach work? Or am I missing something. Thank You, Terry Martin Lockheed Martin - Information Technology z/OS z/VM Systems - Performance and Tuning Cell - 443 632-4191 Work - 410 786-0386 terry.ma...@cms.hhs.gov -- Kris Buelens, IBM Belgium, VM customer support
Re: Problems with IPLing a SECOND LEVEL z/VM 5.3
Did it ever? :-) Regards, Richard Schuh Not really, CP no longer supports a 3125 as console.
Re: Problems with IPLing a SECOND LEVEL z/VM 5.3
Yes, surely in VM/SP (and IIRC even in VM/XA), CP supported a virtual 3215 as console. I don't remember when the support (and the corresponding code) was removed. 2009/4/9 Schuh, Richard rsc...@visa.com: Did it ever? :-) Regards, Richard Schuh Not really, CP no longer supports a 3125 as console. -- Kris Buelens, IBM Belgium, VM customer support
Re: Problems with IPLing a SECOND LEVEL z/VM 5.3
But a 3125? I doubt that it was ever supported as a console. Wasn't it some kind of I/O card? I remember the 3215. The first VM system I ever had did not have any terminals on it except for 3215s. Editing a sysgen was a royal pain. Regards, Richard Schuh -Original Message- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Kris Buelens Sent: Thursday, April 09, 2009 1:41 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Problems with IPLing a SECOND LEVEL z/VM 5.3 Yes, surely in VM/SP (and IIRC even in VM/XA), CP supported a virtual 3215 as console. I don't remember when the support (and the corresponding code) was removed. 2009/4/9 Schuh, Richard rsc...@visa.com: Did it ever? :-) Regards, Richard Schuh Not really, CP no longer supports a 3125 as console. -- Kris Buelens, IBM Belgium, VM customer support
Re: USER MDISK and DIRMAINT Question
Kris, your PERMITs should be: PE LOGONBY.userid CLASS(SURROGAT) ACCESS(READ) ID(whoever) to permit whoever to use logonby for userid, PE LOGONBY.userid CLASS(SURROGAT) ID(whoever) DELETE to remove permission Also, I don't believe having a profile in the SURROGAT class prevents logging onto the userid directly if the password's known. To have the same affect as LBYONLY in the directroy (sans RACF), you'd also need to do an ALTUSER userid NOPASSWORD. Mike Harding, Consultant/Specialist Enterprise Platform Services, Mainframe Engineering KP-IT Enterprise Engineering 925-926-3179 (8-473-3179) | E-Mail: mike.b.hard...@kp.org AIM: VMBearDad | Yahoo IM: mbhcpcvt Kaiser Service Credo: Our cause is health. Our passion is service. We're here to make lives better. NOTICE TO RECIPIENT: If you are not the intended recipient of this e-mail, you are prohibited from sharing, copying, or otherwise using or disclosing its contents. If you have received this e-mail in error, please notify the sender immediately by reply e-mail and permanently delete this e-mail and any attachments without reading, forwarding or saving them. Thank you.
Re: Problems with IPLing a SECOND LEVEL z/VM 5.3
3125 is a typo, sorry. Even with my gray hairs I'm too young to have seen a real 3215. I started at IBM in 1978 on 3790s. It was nearly the end of the 370 machines. I had the honor of installing the first 4331 in Belgium alongside a more experienced SE. 2009/4/9 Schuh, Richard rsc...@visa.com: But a 3125? I doubt that it was ever supported as a console. Wasn't it some kind of I/O card? I remember the 3215. The first VM system I ever had did not have any terminals on it except for 3215s. Editing a sysgen was a royal pain. Regards, Richard Schuh -Original Message- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Kris Buelens Sent: Thursday, April 09, 2009 1:41 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Problems with IPLing a SECOND LEVEL z/VM 5.3 Yes, surely in VM/SP (and IIRC even in VM/XA), CP supported a virtual 3215 as console. I don't remember when the support (and the corresponding code) was removed. 2009/4/9 Schuh, Richard rsc...@visa.com: Did it ever? :-) Regards, Richard Schuh Not really, CP no longer supports a 3125 as console. -- Kris Buelens, IBM Belgium, VM customer support -- Kris Buelens, IBM Belgium, VM customer support
Re: USER MDISK and DIRMAINT Question
Thanks for all the great support so far from Tom, Mary Ann and Kris. You are bolstering my confidence that I am on the right track here. I will take your advice about not worrying about LOGON BY just yet if we are going to use RACF. I was thinking that it would give some consistency for Admin users right now, but we will leave that alone as it might just be more confusing. I will go right now and code the cylinders for my DASD and get rid of those default sizes that are causing the overlay messages in the director y report. As for the user mdisks, the point about the possibility that the Linux admins might want to be moving Linux guests around is a good one. I can see that might happen at our shop,too. Might be better keep Linux stuff all together for that reason. Thanks for the pointers on handling the user mdisks for the admins. I had picked up on some reference to creating a group for user disks that Tom mentioned which sounded like a good idea, and I have already dealt with the EXTENT CONTROL file, so I can handle that. Grouping seems like a grea t function. The less I have to keep track of in detail, the better! (My old brain seems to have more memory dumps as the years go by.) Tom, I also have been looking for that how to piece in the documentation. Some products have a reference manual for commands and a user guide for how to use those commands. Not so with DIRMAINT. The Tailoring and Admin Guide is not really a user guide for the commands. Seems there is a piece missing here unless it is elsewhere in the documentation that I have missed.
Re: Problems with IPLing a SECOND LEVEL z/VM 5.3
The year 1978 was the year after I left TWA to work for Amdahl. The airline still had the 3215s in 1978. If you had gone to work for TWA, you would have seen a 3215. Be glad that you didn't. 3125 is a typo, sorry. That's the reason for the smiley. It was a typo that actually translated to a different IBM product. We knew what you meant, though. Regards, Richard Schuh
Re: Problems with IPLing a SECOND LEVEL z/VM 5.3
Is not Amdahl spelled in all lower case? -Original Message- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Schuh, Richard Sent: Thursday, April 09, 2009 2:49 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Problems with IPLing a SECOND LEVEL z/VM 5.3 The year 1978 was the year after I left TWA to work for Amdahl. The airline still had the 3215s in 1978. If you had gone to work for TWA, you would have seen a 3215. Be glad that you didn't. 3125 is a typo, sorry. That's the reason for the smiley. It was a typo that actually translated to a different IBM product. We knew what you meant, though. Regards, Richard Schuh
Re: Problems with IPLing a SECOND LEVEL z/VM 5.3
Not that I remember. Besides, it is the founder's last name. Maybe I worked for him instead of the company :-) Regards, Richard Schuh -Original Message- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of James Stracka (DHL US) Sent: Thursday, April 09, 2009 2:52 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Problems with IPLing a SECOND LEVEL z/VM 5.3 Is not Amdahl spelled in all lower case? -Original Message- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Schuh, Richard Sent: Thursday, April 09, 2009 2:49 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Problems with IPLing a SECOND LEVEL z/VM 5.3 The year 1978 was the year after I left TWA to work for Amdahl. The airline still had the 3215s in 1978. If you had gone to work for TWA, you would have seen a 3215. Be glad that you didn't. 3125 is a typo, sorry. That's the reason for the smiley. It was a typo that actually translated to a different IBM product. We knew what you meant, though. Regards, Richard Schuh
Re: USER MDISK and DIRMAINT Question
You're obviously right about yet another set of typos in the PERMIT commands I'm 100% sure about this: with a profile in class SURROGAT, the user becomes LOGON BY only, it has been that way since RACF 1.9 or (arrived later in VM/SP R6 or VM/ESA 1.0). Maybe your installation has a generic profile, or things have changed since the NOPASSWORD attribute was added (z/VM 5.3 or 5.4). 2009/4/9 Mike Harding mike.b.hard...@kp.org: Kris, your PERMITs should be: PE LOGONBY.userid CLASS(SURROGAT) ACCESS(READ) ID(whoever) to permit whoever to use logonby for userid, PE LOGONBY.userid CLASS(SURROGAT) ID(whoever) DELETE to remove permission Also, I don't believe having a profile in the SURROGAT class prevents logging onto the userid directly if the password's known. To have the same affect as LBYONLY in the directroy (sans RACF), you'd also need to do an ALTUSER userid NOPASSWORD. Mike Harding, Consultant/Specialist Enterprise Platform Services, Mainframe Engineering KP-IT Enterprise Engineering 925-926-3179 (8-473-3179) | E-Mail: mike.b.hard...@kp.org AIM: VMBearDad | Yahoo IM: mbhcpcvt Kaiser Service Credo: Our cause is health. Our passion is service. We're here to make lives better. NOTICE TO RECIPIENT: If you are not the intended recipient of this e-mail, you are prohibited from sharing, copying, or otherwise using or disclosing its contents. If you have received this e-mail in error, please notify the sender immediately by reply e-mail and permanently delete this e-mail and any attachments without reading, forwarding or saving them. Thank you. -- Kris Buelens, IBM Belgium, VM customer support
Re: USER MDISK and DIRMAINT Question
On Thursday, 04/09/2009 at 06:24 EDT, Kris Buelens kris.buel...@gmail.com wrote: I'm 100% sure about this: with a profile in class SURROGAT, the user becomes LOGON BY only, it has been that way since RACF 1.9 or (arrived later in VM/SP R6 or VM/ESA 1.0). Maybe your installation has a generic profile, or things have changed since the NOPASSWORD attribute was added (z/VM 5.3 or 5.4). Once a SURROGAT definition is made for a user, it is lbyonly by default. To allow the ID to logon *without* LOGON BY, you must also PERMIT LOGONBY.userid CLASS(SURROGAT) ACCESS(READ) ID(userid) This idiom should be used only when you want to give someone else access to a *personal* id. That is, it isn't a peer relationship - rather, one person acting on behalf of another. As of z/VM 5.3 it is recommended that lbyonly-style shared IDs have their passwords removed with ALTUSER NOPASSWORD NOPHRASE to prevent automatic revocation due to too many invalid passwords. (If there's no password, then there is nothing you can enter to let you login, so who cares how many times you try!) Alan Altmark z/VM Development IBM Endicott
Re: Empty Service tapes?
On Thursday, 04/09/2009 at 08:48 EDT, Suleiman Shahin s_s_sha...@hotmail.com wrote: vmfplc2 scan Scanning ... End-of-file or end-of-tape DMSP2C002E File * * not found Ready(00028); T=0.01/0.01 15:54:20 I see three possibilities: 1. IBM shipped you an empty tape. 2. The files on the tape were stolen by space aliens. Can you prove that you were not beamed to the Mother Ship?? I didn't think so. 3. The tape was exposed to kryptonite. My money is on the kryptonite. No way IBM would ship an empty tape and the whole space alien thing is just silly. Alan Altmark z/VM Development IBM Endicott
Re: Empty Service tapes?
Date: Thu, 9 Apr 2009 19:25:02 -0400 From: alan_altm...@us.ibm.com Subject: Re: Empty Service tapes? To: IBMVM@LISTSERV.UARK.EDU Whatever it was. I could not read the tape and the case is being studied up there! I mean there at 442. Suleiman Shahin _ Quick access to your favorite MSN content and Windows Live with Internet Explorer 8. http://ie8.msn.com/microsoft/internet-explorer-8/en-us/ie8.aspx?ocid=B037MSN55C0701A
Re: Problems with IPLing a SECOND LEVEL z/VM 5.3
On: Thu, Apr 09, 2009 at 01:53:57PM -0700,Schuh, Richard Wrote: } I remember the 3215. The first VM system I ever had did not have any } terminals on it except for 3215s. Editing a sysgen was a royal pain. When I started at huge insurance in NYC, we had mostly 2741 and some TTYs on a 360/67 running CP-67. Then the 67 was replaced by a 370/175 running VM-370 rel 1, still all typewriter terminals. I didn't see a 3270 until I moved jobs. -- Rich Greenberg N Ft Myers, FL, USA richgr atsign panix.com + 1 239 543 1353 Eastern time. N6LRT I speak for myself my dogs only.VM'er since CP-67 Canines:Val, Red, Shasta Casey (RIP), Red Zero, Siberians Owner:Chinook-L Retired at the beach Asst Owner:Sibernet-L
Re: USER MDISK and DIRMAINT Question
I have trouble remembering the rather arcane syntax involved in most
RACF incantations. I've used the following two execs for at least 15
years to define a user in CLASS(SURROGAT) and to PERMIT a user to
access that LOGONBY profile.
type raclgdef
exec
/* Define a surrogat profile
*/
/* rac rlist surrogat logonby.wsa1 all
*/
parse upper arg
shared_id
if shared_id = '' then
do
say 'You must enter the id of the machine you are setting up as
a'
say 'shared
userid.'
exit
end
'EXEC RAC RDEFINE SURROGAT LOGONBY.'shared_id
'UACC(NONE)'
say 'The exec to permit surrogate access is RACLGPRM shared_id
surrogate'
exit
Ready; T=0.01/0.01
21:23:35
type raclgprm
exec
/* Permit an id to share an id
*/
/* rac rlist surrogat logonby.wsa1 all
*/
parse upper arg shared_id
logon_by_id
if logond_by_id = '' then
do
say 'You must enter both the shared_id and the
logon_by_id'
exit
end
'EXEC RAC PERMIT LOGONBY.'shared_id 'CLASS(SURROGAT) ID('logon_by_id')
ACCESS(RE
AD)'
'EXEC RAC SETROPTS RACLIST(SURROGAT)
REFRESH'
exit
Ready; T=0.01/0.01 21:24:19
Jim Bohnsack
Alan Altmark wrote:
On Thursday, 04/09/2009 at 06:24 EDT, Kris Buelens
kris.buel...@gmail.com wrote:
I'm 100% sure about this: with a profile in class SURROGAT, the user
becomes LOGON BY only, it has been that way since RACF 1.9 or (arrived
later in VM/SP R6 or VM/ESA 1.0).
Maybe your installation has a generic profile, or things have changed
since the NOPASSWORD attribute was added (z/VM 5.3 or 5.4).
Once a SURROGAT definition is made for a user, it is "lbyonly" by default.
To allow the ID to logon *without* LOGON BY, you must also
PERMIT LOGONBY.userid CLASS(SURROGAT) ACCESS(READ) ID(userid)
This idiom should be used only when you want to give someone else access
to a *personal* id. That is, it isn't a peer relationship - rather, one
person acting on behalf of another.
--
Jim Bohnsack
Cornell University
(972) 596-6377 home/office
(972) 342-5823 cell
jab...@cornell.edu
