Re: HCPMCV1459E trying to IPL a z/VM guest with CPU Type = IFL
We found the problem. On this system the level of SALIPL was at ESA 2.4. After correcting that situation of course the problem went away. JR (Steven) Imler CA Sr Sustaining Engineer Tel: +1-703-708-3479 steven.im...@ca.com mailto:steven.im...@ca.com http://www.ca.com/ Original Note We have several z/VM test systems that run either z/VM 5.3, 5.4, or 6.1. All the systems run as guests in the same LPAR under the same z/VM 5.4 host. Of the several, we have only ONE that cannot be reconfigured to run in VCONFIG set to LINUX and CPU type set to IFL. This particular system would be running z/VM 5.4 if it would IPL. Here's the attempt to IPL: snip SET VCONFIG MODE LINUX MODE = LINUX Storage cleared - system reset. DEFINE CPU 0 TYPE IFL CPU 00 redefined as TYPE IFL Storage cleared - system reset. Q CPUS CPU 00 ID FF04E00020978000 (BASE) STOPPED IFL CPUAFF ON IPL Do you want to IPL the guest? (Yes|No) yes Just one moment... . CTCA 0551 COUPLED TO VRSCS 0551 CTCA 0553 COUPLED TO SS2 1501 HCPMCV1459E The virtual machine is placed in system check-stop state snip As I said, every other one of our test systems IPLs fine with this reconfiguration. The only thing that is obviously different in this guest's directory entry from the others that work is: - STDEVOPT LIBRARY CTL JR (Steven) Imler CA Sr Sustaining Engineer Tel: +1-703-708-3479 steven.im...@ca.com mailto:steven.im...@ca.com http://www.ca.com/
Re: Automated Logon (autofill userid and password) using TN3270 of TCP/IP for VM or Logical Device
One teeny weenie comment about the issue of security. In my limited experience .. surely the SVM's would maintain a list of authorised users from which they would accept commands. At IBM - when I worked there we would programmatically query the ID ie) department, access level and other stuff through HACS in-house (ESM) to determine the exact privilege of a specific user; to determine if that command was allowed. James. From: Scott Rohling Sent: Sunday, September 19, 2010 3:52 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Automated Logon (autofill userid and password) using TN3270 of TCP/IP for VM or Logical Device I have found it is important to know why you are doing something before deciding how to do it (or whether to do it at all). Bonne chance... Scott Rohling On Sat, Sep 18, 2010 at 8:00 AM, Michel Beaulieu beaulieumic...@live.ca wrote: Hello, It is so interesting that people need to expand so much on why before discussing the how. In Unix/Linux, we have the su command that let someone take another identification for a while and when done, just exit and return to the normal userid. Can we do something like that in z/VM? In one situation I have, operations staff are logging to service machines using LOGONBY close the service, take a backup and then restart the service machine to finally disconnect. I am not trying to change the logic and the why things are done that way. I have to take it as it is. I am just trying to see if I can add some automation first. Later, behind the scene, I will be able to eliminate the need to log on to the service machines completely. I hope this helps. Michel Beaulieu Montreal, Canada |*| -- Date: Fri, 17 Sep 2010 19:00:04 -0600 From: scott.rohl...@gmail.com Subject: Re: Automated Logon (autofill userid and password) using TN3270 of TCP/IP for VM or Logical Device To: IBMVM@LISTSERV.UARK.EDU Yep - SVM's are VM 'daemons' .. DIRMAINT, RACFVM, and at least a VMUTIL or some such guest that reacts to communication, be it reader, msg, smsg, ad nauseum.It's the basis behind all VM system management tools and VM based applications: a disconnected guest, running some version of CMS, which is waiting for work which can come in many different forms. This also provides a 'queuing' ability to support requests from multiple users, which are handled sequentially - first come, first served. Actually logging into another guest as Michel suggests implies only one user can run whatever application it is you're building. Maybe that's fine in this case. But the typical way to support multi-user applications on z/VM, using CMS guests, is to have a front end that runs in the end user guest -and that communicates with one or more SVM's to either submit work and/or request information. Very much like 'daemons' in the Unix world - at least, that's how I think of them. Anyway - if the real objective could be explained - I'm sure several of us could suggest ways to not have to login to a USERB for your application to work. Scott Rohling On Fri, Sep 17, 2010 at 6:19 PM, Rich Greenberg ric...@panix.com wrote: On: Fri, Sep 17, 2010 at 04:34:15PM -0400,Rich Greenberg Wrote: } The way this is often done is to have a program such as WAKEUP running } in the service machine (SVM) which waits for an event (typically an SMSG } from userA which requests something), does the requested work, returns } the result (spool file or SMSG), and waits for the next request. P.S. to above: If you ask 25 experienced, long time VM sysprogs, if they have such a program, you will probably get 30 or so different ones. Even IBM has one which ISTR is called VMUTIL EXEC and frequently runs in a userid of the same name. -- Rich Greenberg Sarasota, FL, USA richgr atsign panix.com + 1 941 378 2097 Eastern time. N6LRT I speak for myself my dogs only.VM'er since CP-67 Canines: Val, Red, Shasta, Zero Casey (At the bridge) Owner:Chinook-L Canines: Red Cinnar (Siberians) Retired at the beach Asst Owner:Sibernet-L
Re: Automated Logon (autofill userid and password) using TN3270 of TCP/IP for VM or Logical Device
On Sat, 18 Sep 2010 10:00:33 -0400, Michel Beaulieu beaulieumic...@live.ca wrote: In Unix/Linux, we have the su command that let someone take another identification for a while and when done, just exit and return to the normal userid. Can we do something like that in z/VM? Michel Beaulieu Montreal, Canada Yes you can do something like su in z/VM. I do it nearly every day. It's called Set Alternate User ID - Diagnose D4. We use Top Secret/VM for our VM Security product, (because we access MVS datasets from VM and Top Secret/VM allows us to protect access to them from VM), and it provides a SUROGATE MODULE, (aka su), that allows an appropiately authorized userid to switch to an alternate userid, issue commands as tha t ID, then switch back to your own ID. SUROGATE SET * otherid issue commands SUROGATE RESET * I don't know if any other VM Security products provide anything like this , but Diag D4 is a native VM Diagnose code so it can be invoked without a Security product installed, (as shipped by IBM it requires Privilege Clas s B). You could write your own code to invoke Diag D4 and do your own authorization checks as well. Your gun, your foot! :-) -- Dale R. Smith
Re: Automated Logon (autofill userid and password) using TN3270 of TCP/IP for VM or Logical Device
On Sat, 18 Sep 2010 10:00:33 -0400, Michel Beaulieu beaulieumic...@live. ca wrote: Hello, It is so interesting that people need to expand so much on why before discussing the how. In Unix/Linux, we have the su command that let someone take another id entification for a while and when done, just exit and return to the normal userid. Can we do something like that in z/VM? You have hit upon one of the fundamental differences between Unix and z/V M. Unix is process- oriented. z/VM is virtual machine oriented. In Unix you can spawn another process which (courtesy of su and other mechanisms) has greater privileges than the original proc ess. In z/VM, virtual machines are hermetically sealed from one another, unless the system prog rammer does something to authorize breaking through, or unless you give a virtual mac hine non-class-G privileges. You cannot spawn another virtual machine. (You can AUTOLOG it though, given authorization, but you have in no way taken over its privileges.) This di fference also explains why you can login to the same userid multiple times in Unix (different proces ses) but you cannot do that in z/VM (only one virtual machine). It also explains why there is no SSH server on z/VM, since that would require spawning other virtual machines. IBM built into CMS something called OpenEdition which is a Posix subset, but not a full Unix. In particular, it does not support the full Posix 'fork' command. IBM went a head and upgraded z/OS to a fully Unix-compatible (but EBCDIC) Unix System Service, but did not do that for z/VM. It would have required significant changes to the CP component (the hypervis or) of z/VM. Whether or not that was a correct decision back then, I doubt it will ever happen no w. There are many ways to do what you want to do in z/VM. WAKEUP is simply t he simplest way to do it -- a built-in CMS command around which you can build an SVM. Unix does many things with daemons, so it should not be such a foreign idea to Unix folks. Similar t hings could be done directly in assembler -- from our viewpoint, it's easier to work in REXX. Another way is to use the logical device support facility built into z/VM . The logical device support facility allows a program to create a logical terminal, which can then lo g on, just like a real terminal, enter passwords, issue commands, etc. I would do that using the MPVM component of the PVM program product. But PVM is a non-free program product. There are free downloadable programs in the z/VM library that implement logical device support, and M IGHT allow automaton (I have not tried) or you could again write code in assembler. Of course, to do this, you would need to know the userid and password of the machine you want to logon to. And only one user could do it at a time. As someone else pointed out, there is diagnose D4. The manual says: DIAGNOSE code X'D4' is used by a master virtual machine when scheduling w ork on one of its worker virtual machines on behalf of an end user. The end user's user ID is considered to be the alternate user ID. I don't see how that really provides a way to increase the authority of a virtual machine. If you can do that, then, I'd think that would be a hole in z/VM's underlying securi ty big enough to drive a truck through. (And therefore APARable.) Then there are APPC/VM and CPI Communications. These are rather more comp lex, but you could read up on them. Right, more WHY instead of HOW. But all that stuff I mentioned is documen ted, if you want to try it. Alan Ackerman
Re: BookManager format softcopy
Learning curve is nil. Alan Altmark z/VM Development IBM Endicott = == == Then I must be stupid. I have tried to use Information Center from time t o time and find it very frustrating. I don't know how to find things, and when I do find somethin g, but it is the wrong one, I seem to have to start my search all over again. Where is the BACK butto n so I can go to the next found item? I guess I need a course in Information Center. I still use BookManager because the search across a while bookshelf works really well. I still haven't had such luck with searching PDFs. Maybe I am just missing someth ing, or maybe it's just something my employer does to our PC setup? Is there a tool to convert from BookManger to PDF? We still have some hom e-grown manuals around that I have been asked to retain access to. There are some manuals that are available only in BookManager. Would you please consider bringing them forward as PDFs? EXEC2 comes to mind, but I think there are others you have abandoned, but not deleted the function from z/VM. Alan Ackerman
