IBM Explorer for z/OS

I've spent a couple of days on this, and I change the product files to get it to work.

I had to edit  /usr/lpp/IBM/rseapi/tomcat.base/bin/rseapi.final.env to add

catalina_AddOn="$catalina_AddOn -Djava.protocol.handler.pkgs=com.ibm.crypto.provider" 

without it, rseapi cannot process the keyring statement safkeyring://START1/MQRING    

Hi Colin,

Which version of Java and RSEAPI do you have?

Regards,

David

I've spent a couple of days on this, and I change the product files to get it to work.

I had to edit  /usr/lpp/IBM/rseapi/tomcat.base/bin/rseapi.final.env to add

catalina_AddOn="$catalina_AddOn -Djava.protocol.handler.pkgs=com.ibm.crypto.provider" 

without it, rseapi cannot process the keyring statement safkeyring://START1/MQRING    

Hi Dave,

Thanks for your reply, I have

IBMUSER:/u/ibmuser: >java -version                                                                                             
java version "1.8.0_261"                                                                                                       
Java(TM) SE Runtime Environment (build 8.0.6.16 - pmz6480sr6fp16-20200902_01(SR6 FP16))                                        
IBM J9 VM (build 2.9, JRE 1.8.0 z/OS s390x-64-Bit Compressed References 20200901_454898 (JIT enabled, AOT enabled)             
OpenJ9   - 2799ddf                                                                                                             
OMR      - b348d97                                                                                                             
IBM      - 5371022)                                                                                                            
JCL - 20200831_01 based on Oracle jdk8u261-b13        

it was hard to find the version of RSEAPI.  The proc has 5655-EXP Copyright IBM Corp. 2020, 2020.

The ZFS   is HUH100.ZFS  

/usr/lpp/IBM/rseapi/tomcat.base/bin/current_version.txt    has  v1.0.5 created 15 Jun 2021                                                                        

Hi Colin,

Which version of Java and RSEAPI do you have?

Regards,

David

I've spent a couple of days on this, and I change the product files to get it to work.

I had to edit  /usr/lpp/IBM/rseapi/tomcat.base/bin/rseapi.final.env to add

catalina_AddOn="$catalina_AddOn -Djava.protocol.handler.pkgs=com.ibm.crypto.provider" 

without it, rseapi cannot process the keyring statement safkeyring://START1/MQRING    

Hi Dave,

Thanks for your reply, I have

IBMUSER:/u/ibmuser: >java -version                                                                                             
java version "1.8.0_261"                                                                                                       
Java(TM) SE Runtime Environment (build 8.0.6.16 - pmz6480sr6fp16-20200902_01(SR6 FP16))                                        
IBM J9 VM (build 2.9, JRE 1.8.0 z/OS s390x-64-Bit Compressed References 20200901_454898 (JIT enabled, AOT enabled)             
OpenJ9   - 2799ddf                                                                                                             
OMR      - b348d97                                                                                                             
IBM      - 5371022)                                                                                                            
JCL - 20200831_01 based on Oracle jdk8u261-b13        

it was hard to find the version of RSEAPI.  The proc has 5655-EXP Copyright IBM Corp. 2020, 2020.

The ZFS   is HUH100.ZFS  

/usr/lpp/IBM/rseapi/tomcat.base/bin/current_version.txt    has  v1.0.5 created 15 Jun 2021                                                                        

Hi Colin,

Which version of Java and RSEAPI do you have?

Regards,

David

I've spent a couple of days on this, and I change the product files to get it to work.

I had to edit  /usr/lpp/IBM/rseapi/tomcat.base/bin/rseapi.final.env to add

catalina_AddOn="$catalina_AddOn -Djava.protocol.handler.pkgs=com.ibm.crypto.provider" 

without it, rseapi cannot process the keyring statement safkeyring://START1/MQRING    

Hi Colin,

Yes, tomcat.base/bin/current_version.txt  will give you the correct version of RSEAPI (you can also find it via the info/serverdetails API).   You're using v1.0.5 which is pretty old and that version did not officially support RACF keyring.  Newer versions (v1.0.13 and v1.1.2) provide keyring support out of the box (which does involve bringing in -Djava.protocol.handler.pkgs=com.ibm.crypto.provider) along with other improvements and features.  You can get it updated via ShopZ or from here: https://ibm.github.io/mainframe-downloads/host-components.html.

I hope this helps!

Hi Dave,

Thanks for your reply, I have

IBMUSER:/u/ibmuser: >java -version                                                                                             
java version "1.8.0_261"                                                                                                       
Java(TM) SE Runtime Environment (build 8.0.6.16 - pmz6480sr6fp16-20200902_01(SR6 FP16))                                        
IBM J9 VM (build 2.9, JRE 1.8.0 z/OS s390x-64-Bit Compressed References 20200901_454898 (JIT enabled, AOT enabled)             
OpenJ9   - 2799ddf                                                                                                             
OMR      - b348d97                                                                                                             
IBM      - 5371022)                                                                                                            
JCL - 20200831_01 based on Oracle jdk8u261-b13        

it was hard to find the version of RSEAPI.  The proc has 5655-EXP Copyright IBM Corp. 2020, 2020.

The ZFS   is HUH100.ZFS  

/usr/lpp/IBM/rseapi/tomcat.base/bin/current_version.txt    has  v1.0.5 created 15 Jun 2021                                                                        

Hi Colin,

Which version of Java and RSEAPI do you have?

Regards,

David

I've spent a couple of days on this, and I change the product files to get it to work.

I had to edit  /usr/lpp/IBM/rseapi/tomcat.base/bin/rseapi.final.env to add

catalina_AddOn="$catalina_AddOn -Djava.protocol.handler.pkgs=com.ibm.crypto.provider" 

without it, rseapi cannot process the keyring statement safkeyring://START1/MQRING    

Hi Colin,

Yes, tomcat.base/bin/current_version.txt  will give you the correct version of RSEAPI (you can also find it via the info/serverdetails API).   You're using v1.0.5 which is pretty old and that version did not officially support RACF keyring.  Newer versions (v1.0.13 and v1.1.2) provide keyring support out of the box (which does involve bringing in -Djava.protocol.handler.pkgs=com.ibm.crypto.provider) along with other improvements and features.  You can get it updated via ShopZ or from here: https://ibm.github.io/mainframe-downloads/host-components.html.

I hope this helps!

Hi Dave,

Thanks for your reply, I have

IBMUSER:/u/ibmuser: >java -version                                                                                             
java version "1.8.0_261"                                                                                                       
Java(TM) SE Runtime Environment (build 8.0.6.16 - pmz6480sr6fp16-20200902_01(SR6 FP16))                                        
IBM J9 VM (build 2.9, JRE 1.8.0 z/OS s390x-64-Bit Compressed References 20200901_454898 (JIT enabled, AOT enabled)             
OpenJ9   - 2799ddf                                                                                                             
OMR      - b348d97                                                                                                             
IBM      - 5371022)                                                                                                            
JCL - 20200831_01 based on Oracle jdk8u261-b13        

it was hard to find the version of RSEAPI.  The proc has 5655-EXP Copyright IBM Corp. 2020, 2020.

The ZFS   is HUH100.ZFS  

/usr/lpp/IBM/rseapi/tomcat.base/bin/current_version.txt    has  v1.0.5 created 15 Jun 2021                                                                        

Hi Colin,

Which version of Java and RSEAPI do you have?

Regards,

David

I've spent a couple of days on this, and I change the product files to get it to work.

I had to edit  /usr/lpp/IBM/rseapi/tomcat.base/bin/rseapi.final.env to add

catalina_AddOn="$catalina_AddOn -Djava.protocol.handler.pkgs=com.ibm.crypto.provider" 

without it, rseapi cannot process the keyring statement safkeyring://START1/MQRING    

Hi Dave,

I downloaded the file you pointed to and installed it. 

There was a minor hitch in the apply (which may well be a user error - it took me several goes to get the install done cleanly)

GIM54701E ** ALLOCATION FAILED FOR SHUHZFS - IKJ56228I PATH /usr/lpp/IBM/rseapi1/IBM/ NOT IN CATALOG OR CATALOG CAN NOT 
             BE ACCESSED.                                                                                               

I did makedir  for /usr/lpp/IBM/rseapi1/IBM/ and the apply worked.

I changed my rseapi proc to point to the new libraries and tried to start it.

When I tried to use it it failed with (after I added some debug code) in

    /usr/lpp/IBM/rseapi1/tomcat.base/bin/setenv.sh
 ===>                                                                       
 echo  "COLIN" 
 echo RSE_HOME=$($CATALINA_BASE/bin/envvars.sh -SRSE_HOME \ 
   -O${RSE_CFG:-/etc/zexpl}/rse.env | sed -n 's:.*"\(.*\)":\1:p') 

RSE_HOME=$($CATALINA_BASE/bin/envvars.sh -SRSE_HOME \ 
  -O${RSE_CFG:-/etc/zexpl}/rse.env | sed -n 's:.*"\(.*\)":\1:p') 

with 

Using server configuration at /Z24C/usr/lpp/IBM/rseapi1/tomcat.base/conf/sserver.xml                  
COLIN                                                                                                 
RSE_HOME=\(.*\):\1:p                                                                                  
ERROR -- RSE \(.*\):\1:p/bin/envvars.sh cannot be executed                                            
ls -l \(.*\):\1:p/bin/                                                                                

This may be a user error. 

I do not need it fixed, as I'll use the older version for what I wanted to do.  I just wanted to play with RSEAPI, it was not thing serious.
 

Colin

Hi Colin,

Yes, tomcat.base/bin/current_version.txt  will give you the correct version of RSEAPI (you can also find it via the info/serverdetails API).   You're using v1.0.5 which is pretty old and that version did not officially support RACF keyring.  Newer versions (v1.0.13 and v1.1.2) provide keyring support out of the box (which does involve bringing in -Djava.protocol.handler.pkgs=com.ibm.crypto.provider) along with other improvements and features.  You can get it updated via ShopZ or from here: https://ibm.github.io/mainframe-downloads/host-components.html.

I hope this helps!

Hi Dave,

Thanks for your reply, I have

IBMUSER:/u/ibmuser: >java -version                                                                                             
java version "1.8.0_261"                                                                                                       
Java(TM) SE Runtime Environment (build 8.0.6.16 - pmz6480sr6fp16-20200902_01(SR6 FP16))                                        
IBM J9 VM (build 2.9, JRE 1.8.0 z/OS s390x-64-Bit Compressed References 20200901_454898 (JIT enabled, AOT enabled)             
OpenJ9   - 2799ddf                                                                                                             
OMR      - b348d97                                                                                                             
IBM      - 5371022)                                                                                                            
JCL - 20200831_01 based on Oracle jdk8u261-b13        

it was hard to find the version of RSEAPI.  The proc has 5655-EXP Copyright IBM Corp. 2020, 2020.

The ZFS   is HUH100.ZFS  

/usr/lpp/IBM/rseapi/tomcat.base/bin/current_version.txt    has  v1.0.5 created 15 Jun 2021                                                                        

Hi Colin,

Which version of Java and RSEAPI do you have?

Regards,

David

I've spent a couple of days on this, and I change the product files to get it to work.

I had to edit  /usr/lpp/IBM/rseapi/tomcat.base/bin/rseapi.final.env to add

catalina_AddOn="$catalina_AddOn -Djava.protocol.handler.pkgs=com.ibm.crypto.provider" 

without it, rseapi cannot process the keyring statement safkeyring://START1/MQRING    

Hi Dave,

I downloaded the file you pointed to and installed it. 

There was a minor hitch in the apply (which may well be a user error - it took me several goes to get the install done cleanly)

GIM54701E ** ALLOCATION FAILED FOR SHUHZFS - IKJ56228I PATH /usr/lpp/IBM/rseapi1/IBM/ NOT IN CATALOG OR CATALOG CAN NOT 
             BE ACCESSED.                                                                                               

I did makedir  for /usr/lpp/IBM/rseapi1/IBM/ and the apply worked.

I changed my rseapi proc to point to the new libraries and tried to start it.

When I tried to use it it failed with (after I added some debug code) in

    /usr/lpp/IBM/rseapi1/tomcat.base/bin/setenv.sh
 ===>                                                                       
 echo  "COLIN" 
 echo RSE_HOME=$($CATALINA_BASE/bin/envvars.sh -SRSE_HOME \ 
   -O${RSE_CFG:-/etc/zexpl}/rse.env | sed -n 's:.*"\(.*\)":\1:p') 

RSE_HOME=$($CATALINA_BASE/bin/envvars.sh -SRSE_HOME \ 
  -O${RSE_CFG:-/etc/zexpl}/rse.env | sed -n 's:.*"\(.*\)":\1:p') 

with 

Using server configuration at /Z24C/usr/lpp/IBM/rseapi1/tomcat.base/conf/sserver.xml                  
COLIN                                                                                                 
RSE_HOME=\(.*\):\1:p                                                                                  
ERROR -- RSE \(.*\):\1:p/bin/envvars.sh cannot be executed                                            
ls -l \(.*\):\1:p/bin/                                                                                

This may be a user error. 

I do not need it fixed, as I'll use the older version for what I wanted to do.  I just wanted to play with RSEAPI, it was not thing serious.
 

Colin

Hi Colin,

Yes, tomcat.base/bin/current_version.txt  will give you the correct version of RSEAPI (you can also find it via the info/serverdetails API).   You're using v1.0.5 which is pretty old and that version did not officially support RACF keyring.  Newer versions (v1.0.13 and v1.1.2) provide keyring support out of the box (which does involve bringing in -Djava.protocol.handler.pkgs=com.ibm.crypto.provider) along with other improvements and features.  You can get it updated via ShopZ or from here: https://ibm.github.io/mainframe-downloads/host-components.html.

I hope this helps!

Hi Dave,

Thanks for your reply, I have

IBMUSER:/u/ibmuser: >java -version                                                                                             
java version "1.8.0_261"                                                                                                       
Java(TM) SE Runtime Environment (build 8.0.6.16 - pmz6480sr6fp16-20200902_01(SR6 FP16))                                        
IBM J9 VM (build 2.9, JRE 1.8.0 z/OS s390x-64-Bit Compressed References 20200901_454898 (JIT enabled, AOT enabled)             
OpenJ9   - 2799ddf                                                                                                             
OMR      - b348d97                                                                                                             
IBM      - 5371022)                                                                                                            
JCL - 20200831_01 based on Oracle jdk8u261-b13        

it was hard to find the version of RSEAPI.  The proc has 5655-EXP Copyright IBM Corp. 2020, 2020.

The ZFS   is HUH100.ZFS  

/usr/lpp/IBM/rseapi/tomcat.base/bin/current_version.txt    has  v1.0.5 created 15 Jun 2021                                                                        

Hi Colin,

Which version of Java and RSEAPI do you have?

Regards,

David

I've spent a couple of days on this, and I change the product files to get it to work.

I had to edit  /usr/lpp/IBM/rseapi/tomcat.base/bin/rseapi.final.env to add

catalina_AddOn="$catalina_AddOn -Djava.protocol.handler.pkgs=com.ibm.crypto.provider" 

without it, rseapi cannot process the keyring statement safkeyring://START1/MQRING    

Hi Colin,

Thanks for your patience here.

Regarding GIM54701E, it appears that there is some customization for RSEAPI in the ADCD image that doesn't lend itself to a PTF update.   I suppose you could try a fresh install to avoid that issue, and perhaps the issue you're seeing in setenv.sh.  

For setenv.sh, it seems that some environment variables may not be correctly set.  Could you try echoing RSE_HOME, CATALINA_BASE, RSE_CFG to see if it offers any clues.  Also, if you're using JCL to start the service, can you share that?

Hi Dave,

I downloaded the file you pointed to and installed it. 

There was a minor hitch in the apply (which may well be a user error - it took me several goes to get the install done cleanly)

GIM54701E ** ALLOCATION FAILED FOR SHUHZFS - IKJ56228I PATH /usr/lpp/IBM/rseapi1/IBM/ NOT IN CATALOG OR CATALOG CAN NOT 
             BE ACCESSED.                                                                                               

I did makedir  for /usr/lpp/IBM/rseapi1/IBM/ and the apply worked.

I changed my rseapi proc to point to the new libraries and tried to start it.

When I tried to use it it failed with (after I added some debug code) in

    /usr/lpp/IBM/rseapi1/tomcat.base/bin/setenv.sh
 ===>                                                                       
 echo  "COLIN" 
 echo RSE_HOME=$($CATALINA_BASE/bin/envvars.sh -SRSE_HOME \ 
   -O${RSE_CFG:-/etc/zexpl}/rse.env | sed -n 's:.*"\(.*\)":\1:p') 

RSE_HOME=$($CATALINA_BASE/bin/envvars.sh -SRSE_HOME \ 
  -O${RSE_CFG:-/etc/zexpl}/rse.env | sed -n 's:.*"\(.*\)":\1:p') 

with 

Using server configuration at /Z24C/usr/lpp/IBM/rseapi1/tomcat.base/conf/sserver.xml                  
COLIN                                                                                                 
RSE_HOME=\(.*\):\1:p                                                                                  
ERROR -- RSE \(.*\):\1:p/bin/envvars.sh cannot be executed                                            
ls -l \(.*\):\1:p/bin/                                                                                

This may be a user error. 

I do not need it fixed, as I'll use the older version for what I wanted to do.  I just wanted to play with RSEAPI, it was not thing serious.
 

Colin

Hi Colin,

Yes, tomcat.base/bin/current_version.txt  will give you the correct version of RSEAPI (you can also find it via the info/serverdetails API).   You're using v1.0.5 which is pretty old and that version did not officially support RACF keyring.  Newer versions (v1.0.13 and v1.1.2) provide keyring support out of the box (which does involve bringing in -Djava.protocol.handler.pkgs=com.ibm.crypto.provider) along with other improvements and features.  You can get it updated via ShopZ or from here: https://ibm.github.io/mainframe-downloads/host-components.html.

I hope this helps!

Hi Dave,

Thanks for your reply, I have

IBMUSER:/u/ibmuser: >java -version                                                                                             
java version "1.8.0_261"                                                                                                       
Java(TM) SE Runtime Environment (build 8.0.6.16 - pmz6480sr6fp16-20200902_01(SR6 FP16))                                        
IBM J9 VM (build 2.9, JRE 1.8.0 z/OS s390x-64-Bit Compressed References 20200901_454898 (JIT enabled, AOT enabled)             
OpenJ9   - 2799ddf                                                                                                             
OMR      - b348d97                                                                                                             
IBM      - 5371022)                                                                                                            
JCL - 20200831_01 based on Oracle jdk8u261-b13        

it was hard to find the version of RSEAPI.  The proc has 5655-EXP Copyright IBM Corp. 2020, 2020.

The ZFS   is HUH100.ZFS  

/usr/lpp/IBM/rseapi/tomcat.base/bin/current_version.txt    has  v1.0.5 created 15 Jun 2021                                                                        

Hi Colin,

Which version of Java and RSEAPI do you have?

Regards,

David

I've spent a couple of days on this, and I change the product files to get it to work.

I had to edit  /usr/lpp/IBM/rseapi/tomcat.base/bin/rseapi.final.env to add

catalina_AddOn="$catalina_AddOn -Djava.protocol.handler.pkgs=com.ibm.crypto.provider" 

without it, rseapi cannot process the keyring statement safkeyring://START1/MQRING    

Hi Dave,

My problem was caused by  the wrong line in /etc/zexpl/rse.env

RSE_HOME=/usr/lpp/IBM/zexpl 
#RSE_HOME=/usr/lpp/IBM/rseapi 

works ... rseapi does not work.

Hi Colin,

Thanks for your patience here.

Regarding GIM54701E, it appears that there is some customization for RSEAPI in the ADCD image that doesn't lend itself to a PTF update.   I suppose you could try a fresh install to avoid that issue, and perhaps the issue you're seeing in setenv.sh.  

For setenv.sh, it seems that some environment variables may not be correctly set.  Could you try echoing RSE_HOME, CATALINA_BASE, RSE_CFG to see if it offers any clues.  Also, if you're using JCL to start the service, can you share that?

Hi Dave,

I downloaded the file you pointed to and installed it. 

There was a minor hitch in the apply (which may well be a user error - it took me several goes to get the install done cleanly)

GIM54701E ** ALLOCATION FAILED FOR SHUHZFS - IKJ56228I PATH /usr/lpp/IBM/rseapi1/IBM/ NOT IN CATALOG OR CATALOG CAN NOT 
             BE ACCESSED.                                                                                               

I did makedir  for /usr/lpp/IBM/rseapi1/IBM/ and the apply worked.

I changed my rseapi proc to point to the new libraries and tried to start it.

When I tried to use it it failed with (after I added some debug code) in

    /usr/lpp/IBM/rseapi1/tomcat.base/bin/setenv.sh
 ===>                                                                       
 echo  "COLIN" 
 echo RSE_HOME=$($CATALINA_BASE/bin/envvars.sh -SRSE_HOME \ 
   -O${RSE_CFG:-/etc/zexpl}/rse.env | sed -n 's:.*"\(.*\)":\1:p') 

RSE_HOME=$($CATALINA_BASE/bin/envvars.sh -SRSE_HOME \ 
  -O${RSE_CFG:-/etc/zexpl}/rse.env | sed -n 's:.*"\(.*\)":\1:p') 

with 

Using server configuration at /Z24C/usr/lpp/IBM/rseapi1/tomcat.base/conf/sserver.xml                  
COLIN                                                                                                 
RSE_HOME=\(.*\):\1:p                                                                                  
ERROR -- RSE \(.*\):\1:p/bin/envvars.sh cannot be executed                                            
ls -l \(.*\):\1:p/bin/                                                                                

This may be a user error. 

I do not need it fixed, as I'll use the older version for what I wanted to do.  I just wanted to play with RSEAPI, it was not thing serious.
 

Colin

Hi Colin,

Yes, tomcat.base/bin/current_version.txt  will give you the correct version of RSEAPI (you can also find it via the info/serverdetails API).   You're using v1.0.5 which is pretty old and that version did not officially support RACF keyring.  Newer versions (v1.0.13 and v1.1.2) provide keyring support out of the box (which does involve bringing in -Djava.protocol.handler.pkgs=com.ibm.crypto.provider) along with other improvements and features.  You can get it updated via ShopZ or from here: https://ibm.github.io/mainframe-downloads/host-components.html.

I hope this helps!

Hi Dave,

Thanks for your reply, I have

IBMUSER:/u/ibmuser: >java -version                                                                                             
java version "1.8.0_261"                                                                                                       
Java(TM) SE Runtime Environment (build 8.0.6.16 - pmz6480sr6fp16-20200902_01(SR6 FP16))                                        
IBM J9 VM (build 2.9, JRE 1.8.0 z/OS s390x-64-Bit Compressed References 20200901_454898 (JIT enabled, AOT enabled)             
OpenJ9   - 2799ddf                                                                                                             
OMR      - b348d97                                                                                                             
IBM      - 5371022)                                                                                                            
JCL - 20200831_01 based on Oracle jdk8u261-b13        

it was hard to find the version of RSEAPI.  The proc has 5655-EXP Copyright IBM Corp. 2020, 2020.

The ZFS   is HUH100.ZFS  

/usr/lpp/IBM/rseapi/tomcat.base/bin/current_version.txt    has  v1.0.5 created 15 Jun 2021                                                                        

Hi Colin,

Which version of Java and RSEAPI do you have?

Regards,

David

I've spent a couple of days on this, and I change the product files to get it to work.

I had to edit  /usr/lpp/IBM/rseapi/tomcat.base/bin/rseapi.final.env to add

catalina_AddOn="$catalina_AddOn -Djava.protocol.handler.pkgs=com.ibm.crypto.provider" 

without it, rseapi cannot process the keyring statement safkeyring://START1/MQRING    

Hi Colin,

Right, RSE_HOME needs to point to the base RSED (zexpl) installation directory, not the rseapi installation directory.   The rse.env file is for RSED.   The rseapi.env is for RSEAPI but it inherits the environment produced by rse.env (for picking up common settings and libraries).  Was the ADCD /ect/zexpl/rse.env configured to use /usr/lpp/IBM/rseapi or was that  customization you made?

Hi Dave,

My problem was caused by  the wrong line in /etc/zexpl/rse.env

RSE_HOME=/usr/lpp/IBM/zexpl 
#RSE_HOME=/usr/lpp/IBM/rseapi 

works ... rseapi does not work.

Hi Colin,

Thanks for your patience here.

Regarding GIM54701E, it appears that there is some customization for RSEAPI in the ADCD image that doesn't lend itself to a PTF update.   I suppose you could try a fresh install to avoid that issue, and perhaps the issue you're seeing in setenv.sh.  

For setenv.sh, it seems that some environment variables may not be correctly set.  Could you try echoing RSE_HOME, CATALINA_BASE, RSE_CFG to see if it offers any clues.  Also, if you're using JCL to start the service, can you share that?

Hi Dave,

I downloaded the file you pointed to and installed it. 

There was a minor hitch in the apply (which may well be a user error - it took me several goes to get the install done cleanly)

GIM54701E ** ALLOCATION FAILED FOR SHUHZFS - IKJ56228I PATH /usr/lpp/IBM/rseapi1/IBM/ NOT IN CATALOG OR CATALOG CAN NOT 
             BE ACCESSED.                                                                                               

I did makedir  for /usr/lpp/IBM/rseapi1/IBM/ and the apply worked.

I changed my rseapi proc to point to the new libraries and tried to start it.

When I tried to use it it failed with (after I added some debug code) in

    /usr/lpp/IBM/rseapi1/tomcat.base/bin/setenv.sh
 ===>                                                                       
 echo  "COLIN" 
 echo RSE_HOME=$($CATALINA_BASE/bin/envvars.sh -SRSE_HOME \ 
   -O${RSE_CFG:-/etc/zexpl}/rse.env | sed -n 's:.*"\(.*\)":\1:p') 

RSE_HOME=$($CATALINA_BASE/bin/envvars.sh -SRSE_HOME \ 
  -O${RSE_CFG:-/etc/zexpl}/rse.env | sed -n 's:.*"\(.*\)":\1:p') 

with 

Using server configuration at /Z24C/usr/lpp/IBM/rseapi1/tomcat.base/conf/sserver.xml                  
COLIN                                                                                                 
RSE_HOME=\(.*\):\1:p                                                                                  
ERROR -- RSE \(.*\):\1:p/bin/envvars.sh cannot be executed                                            
ls -l \(.*\):\1:p/bin/                                                                                

This may be a user error. 

I do not need it fixed, as I'll use the older version for what I wanted to do.  I just wanted to play with RSEAPI, it was not thing serious.
 

Colin

Hi Colin,

Yes, tomcat.base/bin/current_version.txt  will give you the correct version of RSEAPI (you can also find it via the info/serverdetails API).   You're using v1.0.5 which is pretty old and that version did not officially support RACF keyring.  Newer versions (v1.0.13 and v1.1.2) provide keyring support out of the box (which does involve bringing in -Djava.protocol.handler.pkgs=com.ibm.crypto.provider) along with other improvements and features.  You can get it updated via ShopZ or from here: https://ibm.github.io/mainframe-downloads/host-components.html.

I hope this helps!

Hi Dave,

Thanks for your reply, I have

IBMUSER:/u/ibmuser: >java -version                                                                                             
java version "1.8.0_261"                                                                                                       
Java(TM) SE Runtime Environment (build 8.0.6.16 - pmz6480sr6fp16-20200902_01(SR6 FP16))                                        
IBM J9 VM (build 2.9, JRE 1.8.0 z/OS s390x-64-Bit Compressed References 20200901_454898 (JIT enabled, AOT enabled)             
OpenJ9   - 2799ddf                                                                                                             
OMR      - b348d97                                                                                                             
IBM      - 5371022)                                                                                                            
JCL - 20200831_01 based on Oracle jdk8u261-b13        

it was hard to find the version of RSEAPI.  The proc has 5655-EXP Copyright IBM Corp. 2020, 2020.

The ZFS   is HUH100.ZFS  

/usr/lpp/IBM/rseapi/tomcat.base/bin/current_version.txt    has  v1.0.5 created 15 Jun 2021                                                                        

Hi Colin,

Which version of Java and RSEAPI do you have?

Regards,

David

I've spent a couple of days on this, and I change the product files to get it to work.

I had to edit  /usr/lpp/IBM/rseapi/tomcat.base/bin/rseapi.final.env to add

catalina_AddOn="$catalina_AddOn -Djava.protocol.handler.pkgs=com.ibm.crypto.provider" 

without it, rseapi cannot process the keyring statement safkeyring://START1/MQRING    

Hi Dave,

"Was the ADCD /ect/zexpl/rse.env configured to use /usr/lpp/IBM/rseapi or was that  customization you made?"

I cannot remember... I tried so many things.  (grin)

Please can you tell me the difference between RSED and RSEAPI - do they both do the same thing... except  RSEAPI now uses Java as a web server?

If I use RSED with a REST request I get authorisation error;  It takes an html header as  a userid, so I wondered if RSED was not for REST requests

Are you involved in supporting these products,  or do you just have a lot of experience with them?

Colin

Hi Colin,

Right, RSE_HOME needs to point to the base RSED (zexpl) installation directory, not the rseapi installation directory.   The rse.env file is for RSED.   The rseapi.env is for RSEAPI but it inherits the environment produced by rse.env (for picking up common settings and libraries).  Was the ADCD /ect/zexpl/rse.env configured to use /usr/lpp/IBM/rseapi or was that  customization you made?

Hi Dave,

My problem was caused by  the wrong line in /etc/zexpl/rse.env

RSE_HOME=/usr/lpp/IBM/zexpl 
#RSE_HOME=/usr/lpp/IBM/rseapi 

works ... rseapi does not work.

Hi Colin,

Thanks for your patience here.

Regarding GIM54701E, it appears that there is some customization for RSEAPI in the ADCD image that doesn't lend itself to a PTF update.   I suppose you could try a fresh install to avoid that issue, and perhaps the issue you're seeing in setenv.sh.  

For setenv.sh, it seems that some environment variables may not be correctly set.  Could you try echoing RSE_HOME, CATALINA_BASE, RSE_CFG to see if it offers any clues.  Also, if you're using JCL to start the service, can you share that?

Hi Dave,

I downloaded the file you pointed to and installed it. 

There was a minor hitch in the apply (which may well be a user error - it took me several goes to get the install done cleanly)

GIM54701E ** ALLOCATION FAILED FOR SHUHZFS - IKJ56228I PATH /usr/lpp/IBM/rseapi1/IBM/ NOT IN CATALOG OR CATALOG CAN NOT 
             BE ACCESSED.                                                                                               

I did makedir  for /usr/lpp/IBM/rseapi1/IBM/ and the apply worked.

I changed my rseapi proc to point to the new libraries and tried to start it.

When I tried to use it it failed with (after I added some debug code) in

    /usr/lpp/IBM/rseapi1/tomcat.base/bin/setenv.sh
 ===>                                                                       
 echo  "COLIN" 
 echo RSE_HOME=$($CATALINA_BASE/bin/envvars.sh -SRSE_HOME \ 
   -O${RSE_CFG:-/etc/zexpl}/rse.env | sed -n 's:.*"\(.*\)":\1:p') 

RSE_HOME=$($CATALINA_BASE/bin/envvars.sh -SRSE_HOME \ 
  -O${RSE_CFG:-/etc/zexpl}/rse.env | sed -n 's:.*"\(.*\)":\1:p') 

with 

Using server configuration at /Z24C/usr/lpp/IBM/rseapi1/tomcat.base/conf/sserver.xml                  
COLIN                                                                                                 
RSE_HOME=\(.*\):\1:p                                                                                  
ERROR -- RSE \(.*\):\1:p/bin/envvars.sh cannot be executed                                            
ls -l \(.*\):\1:p/bin/                                                                                

This may be a user error. 

I do not need it fixed, as I'll use the older version for what I wanted to do.  I just wanted to play with RSEAPI, it was not thing serious.
 

Colin

Hi Colin,

Yes, tomcat.base/bin/current_version.txt  will give you the correct version of RSEAPI (you can also find it via the info/serverdetails API).   You're using v1.0.5 which is pretty old and that version did not officially support RACF keyring.  Newer versions (v1.0.13 and v1.1.2) provide keyring support out of the box (which does involve bringing in -Djava.protocol.handler.pkgs=com.ibm.crypto.provider) along with other improvements and features.  You can get it updated via ShopZ or from here: https://ibm.github.io/mainframe-downloads/host-components.html.

I hope this helps!

Hi Dave,

Thanks for your reply, I have

IBMUSER:/u/ibmuser: >java -version                                                                                             
java version "1.8.0_261"                                                                                                       
Java(TM) SE Runtime Environment (build 8.0.6.16 - pmz6480sr6fp16-20200902_01(SR6 FP16))                                        
IBM J9 VM (build 2.9, JRE 1.8.0 z/OS s390x-64-Bit Compressed References 20200901_454898 (JIT enabled, AOT enabled)             
OpenJ9   - 2799ddf                                                                                                             
OMR      - b348d97                                                                                                             
IBM      - 5371022)                                                                                                            
JCL - 20200831_01 based on Oracle jdk8u261-b13        

it was hard to find the version of RSEAPI.  The proc has 5655-EXP Copyright IBM Corp. 2020, 2020.

The ZFS   is HUH100.ZFS  

/usr/lpp/IBM/rseapi/tomcat.base/bin/current_version.txt    has  v1.0.5 created 15 Jun 2021                                                                        

Hi Colin,

Which version of Java and RSEAPI do you have?

Regards,

David

I've spent a couple of days on this, and I change the product files to get it to work.

I had to edit  /usr/lpp/IBM/rseapi/tomcat.base/bin/rseapi.final.env to add

catalina_AddOn="$catalina_AddOn -Djava.protocol.handler.pkgs=com.ibm.crypto.provider" 

without it, rseapi cannot process the keyring statement safkeyring://START1/MQRING    

Hi Colin,

RSED, which runs on Java, has served IDz and its predecessors for around 20 years.  While it serves these products well, as you may have noticed, it uses a proprietary communications protocol that is not well suited for direct consumption in areas outside of the Aqua product stack.   RSEAPI provides the same underlying services (for MVS, UNIX, TSO, JES, etc.) via standard RESTful APIs.  It is designed so that both RSED and RSEAPI can be maintained and evolved in parallel.  RSEAPI expands the reach of RSE server technologies to new frontiers including the IBM RSE API Plug-in for Zowe CLI, the Java SDK for RSEAPI and general front-end web applications.

I am architect and lead developer for RSE products and have been involved with them since their inception.

Best Regards,

Hi Dave,

"Was the ADCD /ect/zexpl/rse.env configured to use /usr/lpp/IBM/rseapi or was that  customization you made?"

I cannot remember... I tried so many things.  (grin)

Please can you tell me the difference between RSED and RSEAPI - do they both do the same thing... except  RSEAPI now uses Java as a web server?

If I use RSED with a REST request I get authorisation error;  It takes an html header as  a userid, so I wondered if RSED was not for REST requests

Are you involved in supporting these products,  or do you just have a lot of experience with them?

Colin

Hi Colin,

Right, RSE_HOME needs to point to the base RSED (zexpl) installation directory, not the rseapi installation directory.   The rse.env file is for RSED.   The rseapi.env is for RSEAPI but it inherits the environment produced by rse.env (for picking up common settings and libraries).  Was the ADCD /ect/zexpl/rse.env configured to use /usr/lpp/IBM/rseapi or was that  customization you made?

Hi Dave,

My problem was caused by  the wrong line in /etc/zexpl/rse.env

RSE_HOME=/usr/lpp/IBM/zexpl 
#RSE_HOME=/usr/lpp/IBM/rseapi 

works ... rseapi does not work.

Hi Colin,

Thanks for your patience here.

Regarding GIM54701E, it appears that there is some customization for RSEAPI in the ADCD image that doesn't lend itself to a PTF update.   I suppose you could try a fresh install to avoid that issue, and perhaps the issue you're seeing in setenv.sh.  

For setenv.sh, it seems that some environment variables may not be correctly set.  Could you try echoing RSE_HOME, CATALINA_BASE, RSE_CFG to see if it offers any clues.  Also, if you're using JCL to start the service, can you share that?

Hi Dave,

I downloaded the file you pointed to and installed it. 

There was a minor hitch in the apply (which may well be a user error - it took me several goes to get the install done cleanly)

GIM54701E ** ALLOCATION FAILED FOR SHUHZFS - IKJ56228I PATH /usr/lpp/IBM/rseapi1/IBM/ NOT IN CATALOG OR CATALOG CAN NOT 
             BE ACCESSED.                                                                                               

I did makedir  for /usr/lpp/IBM/rseapi1/IBM/ and the apply worked.

I changed my rseapi proc to point to the new libraries and tried to start it.

When I tried to use it it failed with (after I added some debug code) in

    /usr/lpp/IBM/rseapi1/tomcat.base/bin/setenv.sh
 ===>                                                                       
 echo  "COLIN" 
 echo RSE_HOME=$($CATALINA_BASE/bin/envvars.sh -SRSE_HOME \ 
   -O${RSE_CFG:-/etc/zexpl}/rse.env | sed -n 's:.*"\(.*\)":\1:p') 

RSE_HOME=$($CATALINA_BASE/bin/envvars.sh -SRSE_HOME \ 
  -O${RSE_CFG:-/etc/zexpl}/rse.env | sed -n 's:.*"\(.*\)":\1:p') 

with 

Using server configuration at /Z24C/usr/lpp/IBM/rseapi1/tomcat.base/conf/sserver.xml                  
COLIN                                                                                                 
RSE_HOME=\(.*\):\1:p                                                                                  
ERROR -- RSE \(.*\):\1:p/bin/envvars.sh cannot be executed                                            
ls -l \(.*\):\1:p/bin/                                                                                

This may be a user error. 

I do not need it fixed, as I'll use the older version for what I wanted to do.  I just wanted to play with RSEAPI, it was not thing serious.
 

Colin

Hi Colin,

Yes, tomcat.base/bin/current_version.txt  will give you the correct version of RSEAPI (you can also find it via the info/serverdetails API).   You're using v1.0.5 which is pretty old and that version did not officially support RACF keyring.  Newer versions (v1.0.13 and v1.1.2) provide keyring support out of the box (which does involve bringing in -Djava.protocol.handler.pkgs=com.ibm.crypto.provider) along with other improvements and features.  You can get it updated via ShopZ or from here: https://ibm.github.io/mainframe-downloads/host-components.html.

I hope this helps!

Hi Dave,

Thanks for your reply, I have

IBMUSER:/u/ibmuser: >java -version                                                                                             
java version "1.8.0_261"                                                                                                       
Java(TM) SE Runtime Environment (build 8.0.6.16 - pmz6480sr6fp16-20200902_01(SR6 FP16))                                        
IBM J9 VM (build 2.9, JRE 1.8.0 z/OS s390x-64-Bit Compressed References 20200901_454898 (JIT enabled, AOT enabled)             
OpenJ9   - 2799ddf                                                                                                             
OMR      - b348d97                                                                                                             
IBM      - 5371022)                                                                                                            
JCL - 20200831_01 based on Oracle jdk8u261-b13        

it was hard to find the version of RSEAPI.  The proc has 5655-EXP Copyright IBM Corp. 2020, 2020.

The ZFS   is HUH100.ZFS  

/usr/lpp/IBM/rseapi/tomcat.base/bin/current_version.txt    has  v1.0.5 created 15 Jun 2021                                                                        

Hi Colin,

Which version of Java and RSEAPI do you have?

Regards,

David

I've spent a couple of days on this, and I change the product files to get it to work.

I had to edit  /usr/lpp/IBM/rseapi/tomcat.base/bin/rseapi.final.env to add

catalina_AddOn="$catalina_AddOn -Djava.protocol.handler.pkgs=com.ibm.crypto.provider" 

without it, rseapi cannot process the keyring statement safkeyring://START1/MQRING    

Hi Dave,

You are architect and Lead Developer - great...

I retired from IBM about 6 years ago, and have a blog (COLINPAICE) where I cover a wide range of topics from AT-TLS, MQ, TLS etc mainly on z/OS.   I was asked how to access z/OS dataset from a work station using REST or (or Python).  This is where I came across RSED, and RSEAPI.

I am working on writing a blog post of my experiences of getting a CURL request to work through TLS.  This covers some of the basic problems that beginners make (and explain the differences between RSEAPI and RSED etc).  (For example it takes over 200 second from starting RSEAPI to being able to use it! at first I thought it was broken, then I realised it was running Java)

I would be happy to share it with you (before publication),and raise documentation comments.

As lead developer you may be interested in Why do they ship java products on z/OS with the handbrake on? And how to take the brake off. which can make the Java startup much faster.

BTW I like the way RSEAPI starts using a proc, then uses //STDENV   DD *,SYMBOLS=(JCLONLY) and allows you to pass parameters from the start command into the STDENV file.  Many IBM products are still in the 20th century and do not use these "new" feature.

Regards

Colin

(I'm happy to continue any conversation through email if that would be easier for you)

Hi Colin,

RSED, which runs on Java, has served IDz and its predecessors for around 20 years.  While it serves these products well, as you may have noticed, it uses a proprietary communications protocol that is not well suited for direct consumption in areas outside of the Aqua product stack.   RSEAPI provides the same underlying services (for MVS, UNIX, TSO, JES, etc.) via standard RESTful APIs.  It is designed so that both RSED and RSEAPI can be maintained and evolved in parallel.  RSEAPI expands the reach of RSE server technologies to new frontiers including the IBM RSE API Plug-in for Zowe CLI, the Java SDK for RSEAPI and general front-end web applications.

I am architect and lead developer for RSE products and have been involved with them since their inception.

Best Regards,

Hi Dave,

"Was the ADCD /ect/zexpl/rse.env configured to use /usr/lpp/IBM/rseapi or was that  customization you made?"

I cannot remember... I tried so many things.  (grin)

Please can you tell me the difference between RSED and RSEAPI - do they both do the same thing... except  RSEAPI now uses Java as a web server?

If I use RSED with a REST request I get authorisation error;  It takes an html header as  a userid, so I wondered if RSED was not for REST requests

Are you involved in supporting these products,  or do you just have a lot of experience with them?

Colin

Hi Colin,

Right, RSE_HOME needs to point to the base RSED (zexpl) installation directory, not the rseapi installation directory.   The rse.env file is for RSED.   The rseapi.env is for RSEAPI but it inherits the environment produced by rse.env (for picking up common settings and libraries).  Was the ADCD /ect/zexpl/rse.env configured to use /usr/lpp/IBM/rseapi or was that  customization you made?

Hi Dave,

My problem was caused by  the wrong line in /etc/zexpl/rse.env

RSE_HOME=/usr/lpp/IBM/zexpl 
#RSE_HOME=/usr/lpp/IBM/rseapi 

works ... rseapi does not work.

Hi Colin,

Thanks for your patience here.

Regarding GIM54701E, it appears that there is some customization for RSEAPI in the ADCD image that doesn't lend itself to a PTF update.   I suppose you could try a fresh install to avoid that issue, and perhaps the issue you're seeing in setenv.sh.  

For setenv.sh, it seems that some environment variables may not be correctly set.  Could you try echoing RSE_HOME, CATALINA_BASE, RSE_CFG to see if it offers any clues.  Also, if you're using JCL to start the service, can you share that?

Hi Dave,

I downloaded the file you pointed to and installed it. 

There was a minor hitch in the apply (which may well be a user error - it took me several goes to get the install done cleanly)

GIM54701E ** ALLOCATION FAILED FOR SHUHZFS - IKJ56228I PATH /usr/lpp/IBM/rseapi1/IBM/ NOT IN CATALOG OR CATALOG CAN NOT 
             BE ACCESSED.                                                                                               

I did makedir  for /usr/lpp/IBM/rseapi1/IBM/ and the apply worked.

I changed my rseapi proc to point to the new libraries and tried to start it.

When I tried to use it it failed with (after I added some debug code) in

    /usr/lpp/IBM/rseapi1/tomcat.base/bin/setenv.sh
 ===>                                                                       
 echo  "COLIN" 
 echo RSE_HOME=$($CATALINA_BASE/bin/envvars.sh -SRSE_HOME \ 
   -O${RSE_CFG:-/etc/zexpl}/rse.env | sed -n 's:.*"\(.*\)":\1:p') 

RSE_HOME=$($CATALINA_BASE/bin/envvars.sh -SRSE_HOME \ 
  -O${RSE_CFG:-/etc/zexpl}/rse.env | sed -n 's:.*"\(.*\)":\1:p') 

with 

Using server configuration at /Z24C/usr/lpp/IBM/rseapi1/tomcat.base/conf/sserver.xml                  
COLIN                                                                                                 
RSE_HOME=\(.*\):\1:p                                                                                  
ERROR -- RSE \(.*\):\1:p/bin/envvars.sh cannot be executed                                            
ls -l \(.*\):\1:p/bin/                                                                                

This may be a user error. 

I do not need it fixed, as I'll use the older version for what I wanted to do.  I just wanted to play with RSEAPI, it was not thing serious.
 

Colin

Hi Colin,

Yes, tomcat.base/bin/current_version.txt  will give you the correct version of RSEAPI (you can also find it via the info/serverdetails API).   You're using v1.0.5 which is pretty old and that version did not officially support RACF keyring.  Newer versions (v1.0.13 and v1.1.2) provide keyring support out of the box (which does involve bringing in -Djava.protocol.handler.pkgs=com.ibm.crypto.provider) along with other improvements and features.  You can get it updated via ShopZ or from here: https://ibm.github.io/mainframe-downloads/host-components.html.

I hope this helps!

Hi Dave,

Thanks for your reply, I have

IBMUSER:/u/ibmuser: >java -version                                                                                             
java version "1.8.0_261"                                                                                                       
Java(TM) SE Runtime Environment (build 8.0.6.16 - pmz6480sr6fp16-20200902_01(SR6 FP16))                                        
IBM J9 VM (build 2.9, JRE 1.8.0 z/OS s390x-64-Bit Compressed References 20200901_454898 (JIT enabled, AOT enabled)             
OpenJ9   - 2799ddf                                                                                                             
OMR      - b348d97                                                                                                             
IBM      - 5371022)                                                                                                            
JCL - 20200831_01 based on Oracle jdk8u261-b13        

it was hard to find the version of RSEAPI.  The proc has 5655-EXP Copyright IBM Corp. 2020, 2020.

The ZFS   is HUH100.ZFS  

/usr/lpp/IBM/rseapi/tomcat.base/bin/current_version.txt    has  v1.0.5 created 15 Jun 2021                                                                        

Hi Colin,

Which version of Java and RSEAPI do you have?

Regards,

David

I've spent a couple of days on this, and I change the product files to get it to work.

I had to edit  /usr/lpp/IBM/rseapi/tomcat.base/bin/rseapi.final.env to add

catalina_AddOn="$catalina_AddOn -Djava.protocol.handler.pkgs=com.ibm.crypto.provider" 

without it, rseapi cannot process the keyring statement safkeyring://START1/MQRING    

Hi Colin,

Congrats on your career with IBM.  I'm curious about your previous role but I can converse through email.  I'll definitely subscribe and stay tuned to your blog and please do share with me before publication.

Regarding the long startup time you observed with RSEAPI, that won't be the case on a mainframe.  However, you're using an ADCD image, which is emulated z/OS, and as you know, with that, Java startup performance time can take a hit.  I'm not sure which ADCD version you have, but I know in recent ones there are some performance optimizations along the same lines as the ones you write about.

Best Regards

Hi Dave,

You are architect and Lead Developer - great...

I retired from IBM about 6 years ago, and have a blog (COLINPAICE) where I cover a wide range of topics from AT-TLS, MQ, TLS etc mainly on z/OS.   I was asked how to access z/OS dataset from a work station using REST or (or Python).  This is where I came across RSED, and RSEAPI.

I am working on writing a blog post of my experiences of getting a CURL request to work through TLS.  This covers some of the basic problems that beginners make (and explain the differences between RSEAPI and RSED etc).  (For example it takes over 200 second from starting RSEAPI to being able to use it! at first I thought it was broken, then I realised it was running Java)

I would be happy to share it with you (before publication),and raise documentation comments.

As lead developer you may be interested in Why do they ship java products on z/OS with the handbrake on? And how to take the brake off. which can make the Java startup much faster.

BTW I like the way RSEAPI starts using a proc, then uses //STDENV   DD *,SYMBOLS=(JCLONLY) and allows you to pass parameters from the start command into the STDENV file.  Many IBM products are still in the 20th century and do not use these "new" feature.

Regards

Colin

(I'm happy to continue any conversation through email if that would be easier for you)

Hi Colin,

RSED, which runs on Java, has served IDz and its predecessors for around 20 years.  While it serves these products well, as you may have noticed, it uses a proprietary communications protocol that is not well suited for direct consumption in areas outside of the Aqua product stack.   RSEAPI provides the same underlying services (for MVS, UNIX, TSO, JES, etc.) via standard RESTful APIs.  It is designed so that both RSED and RSEAPI can be maintained and evolved in parallel.  RSEAPI expands the reach of RSE server technologies to new frontiers including the IBM RSE API Plug-in for Zowe CLI, the Java SDK for RSEAPI and general front-end web applications.

I am architect and lead developer for RSE products and have been involved with them since their inception.

Best Regards,

Hi Dave,

"Was the ADCD /ect/zexpl/rse.env configured to use /usr/lpp/IBM/rseapi or was that  customization you made?"

I cannot remember... I tried so many things.  (grin)

Please can you tell me the difference between RSED and RSEAPI - do they both do the same thing... except  RSEAPI now uses Java as a web server?

If I use RSED with a REST request I get authorisation error;  It takes an html header as  a userid, so I wondered if RSED was not for REST requests

Are you involved in supporting these products,  or do you just have a lot of experience with them?

Colin

Hi Colin,

Right, RSE_HOME needs to point to the base RSED (zexpl) installation directory, not the rseapi installation directory.   The rse.env file is for RSED.   The rseapi.env is for RSEAPI but it inherits the environment produced by rse.env (for picking up common settings and libraries).  Was the ADCD /ect/zexpl/rse.env configured to use /usr/lpp/IBM/rseapi or was that  customization you made?

Hi Dave,

My problem was caused by  the wrong line in /etc/zexpl/rse.env

RSE_HOME=/usr/lpp/IBM/zexpl 
#RSE_HOME=/usr/lpp/IBM/rseapi 

works ... rseapi does not work.

Hi Colin,

Thanks for your patience here.

Regarding GIM54701E, it appears that there is some customization for RSEAPI in the ADCD image that doesn't lend itself to a PTF update.   I suppose you could try a fresh install to avoid that issue, and perhaps the issue you're seeing in setenv.sh.  

For setenv.sh, it seems that some environment variables may not be correctly set.  Could you try echoing RSE_HOME, CATALINA_BASE, RSE_CFG to see if it offers any clues.  Also, if you're using JCL to start the service, can you share that?

Hi Dave,

I downloaded the file you pointed to and installed it. 

There was a minor hitch in the apply (which may well be a user error - it took me several goes to get the install done cleanly)

GIM54701E ** ALLOCATION FAILED FOR SHUHZFS - IKJ56228I PATH /usr/lpp/IBM/rseapi1/IBM/ NOT IN CATALOG OR CATALOG CAN NOT 
             BE ACCESSED.                                                                                               

I did makedir  for /usr/lpp/IBM/rseapi1/IBM/ and the apply worked.

I changed my rseapi proc to point to the new libraries and tried to start it.

When I tried to use it it failed with (after I added some debug code) in

    /usr/lpp/IBM/rseapi1/tomcat.base/bin/setenv.sh
 ===>                                                                       
 echo  "COLIN" 
 echo RSE_HOME=$($CATALINA_BASE/bin/envvars.sh -SRSE_HOME \ 
   -O${RSE_CFG:-/etc/zexpl}/rse.env | sed -n 's:.*"\(.*\)":\1:p') 

RSE_HOME=$($CATALINA_BASE/bin/envvars.sh -SRSE_HOME \ 
  -O${RSE_CFG:-/etc/zexpl}/rse.env | sed -n 's:.*"\(.*\)":\1:p') 

with 

Using server configuration at /Z24C/usr/lpp/IBM/rseapi1/tomcat.base/conf/sserver.xml                  
COLIN                                                                                                 
RSE_HOME=\(.*\):\1:p                                                                                  
ERROR -- RSE \(.*\):\1:p/bin/envvars.sh cannot be executed                                            
ls -l \(.*\):\1:p/bin/                                                                                

This may be a user error. 

I do not need it fixed, as I'll use the older version for what I wanted to do.  I just wanted to play with RSEAPI, it was not thing serious.
 

Colin

Hi Colin,

Yes, tomcat.base/bin/current_version.txt  will give you the correct version of RSEAPI (you can also find it via the info/serverdetails API).   You're using v1.0.5 which is pretty old and that version did not officially support RACF keyring.  Newer versions (v1.0.13 and v1.1.2) provide keyring support out of the box (which does involve bringing in -Djava.protocol.handler.pkgs=com.ibm.crypto.provider) along with other improvements and features.  You can get it updated via ShopZ or from here: https://ibm.github.io/mainframe-downloads/host-components.html.

I hope this helps!

Hi Dave,

Thanks for your reply, I have

IBMUSER:/u/ibmuser: >java -version                                                                                             
java version "1.8.0_261"                                                                                                       
Java(TM) SE Runtime Environment (build 8.0.6.16 - pmz6480sr6fp16-20200902_01(SR6 FP16))                                        
IBM J9 VM (build 2.9, JRE 1.8.0 z/OS s390x-64-Bit Compressed References 20200901_454898 (JIT enabled, AOT enabled)             
OpenJ9   - 2799ddf                                                                                                             
OMR      - b348d97                                                                                                             
IBM      - 5371022)                                                                                                            
JCL - 20200831_01 based on Oracle jdk8u261-b13        

it was hard to find the version of RSEAPI.  The proc has 5655-EXP Copyright IBM Corp. 2020, 2020.

The ZFS   is HUH100.ZFS  

/usr/lpp/IBM/rseapi/tomcat.base/bin/current_version.txt    has  v1.0.5 created 15 Jun 2021                                                                        

Hi Colin,

Which version of Java and RSEAPI do you have?

Regards,

David

I've spent a couple of days on this, and I change the product files to get it to work.

I had to edit  /usr/lpp/IBM/rseapi/tomcat.base/bin/rseapi.final.env to add

catalina_AddOn="$catalina_AddOn -Djava.protocol.handler.pkgs=com.ibm.crypto.provider" 

without it, rseapi cannot process the keyring statement safkeyring://START1/MQRING    

Hi Dave,

My Email address is COLINPAICE3@gmail.com

Having played with RSE and got it working,  I have some comments and suggestions for future improvements

Does RSEAPI support certificates from clients?  I could not get certificate only login to work - it always needed a userid and password see Liberty on z/OS: Mapping an incoming certificate to a z/OS userid for client certificate authentication – and don't forget the cookies!

When I used a REST request I got CommonUtil WARN : request host doesn't match server - possible host header injection!  in SYSOUT. Do you know what causes this - and how to turn it off?  It looks like the HOST: header does not match the URL.  I do not get it when using via SWAGGER.

I downloaded version110 from the github site, and went through the SMP/E install ( the first time I had used SMP for over 40 years!)   The SMP/E install seems overkill (it took me half a day to get it working).
Could you also provide a DFDSS DUMP of the  PDS and the ZFS?, so I just copy it to my system, use DFDSS restore ( with rename), and  mount it in USS? If the original data sets were named something like COLIN.RSEAP110.ZFS and COLIN.RSEAP110.JCL, it should it in with most people's naming conventions. This would be so much easier than the SMP/E install.

regards

Colin

Hi Colin,

Congrats on your career with IBM.  I'm curious about your previous role but I can converse through email.  I'll definitely subscribe and stay tuned to your blog and please do share with me before publication.

Regarding the long startup time you observed with RSEAPI, that won't be the case on a mainframe.  However, you're using an ADCD image, which is emulated z/OS, and as you know, with that, Java startup performance time can take a hit.  I'm not sure which ADCD version you have, but I know in recent ones there are some performance optimizations along the same lines as the ones you write about.

Best Regards

Hi Dave,

You are architect and Lead Developer - great...

I retired from IBM about 6 years ago, and have a blog (COLINPAICE) where I cover a wide range of topics from AT-TLS, MQ, TLS etc mainly on z/OS.   I was asked how to access z/OS dataset from a work station using REST or (or Python).  This is where I came across RSED, and RSEAPI.

I am working on writing a blog post of my experiences of getting a CURL request to work through TLS.  This covers some of the basic problems that beginners make (and explain the differences between RSEAPI and RSED etc).  (For example it takes over 200 second from starting RSEAPI to being able to use it! at first I thought it was broken, then I realised it was running Java)

I would be happy to share it with you (before publication),and raise documentation comments.

As lead developer you may be interested in Why do they ship java products on z/OS with the handbrake on? And how to take the brake off. which can make the Java startup much faster.

BTW I like the way RSEAPI starts using a proc, then uses //STDENV   DD *,SYMBOLS=(JCLONLY) and allows you to pass parameters from the start command into the STDENV file.  Many IBM products are still in the 20th century and do not use these "new" feature.

Regards

Colin

(I'm happy to continue any conversation through email if that would be easier for you)

Hi Colin,

RSED, which runs on Java, has served IDz and its predecessors for around 20 years.  While it serves these products well, as you may have noticed, it uses a proprietary communications protocol that is not well suited for direct consumption in areas outside of the Aqua product stack.   RSEAPI provides the same underlying services (for MVS, UNIX, TSO, JES, etc.) via standard RESTful APIs.  It is designed so that both RSED and RSEAPI can be maintained and evolved in parallel.  RSEAPI expands the reach of RSE server technologies to new frontiers including the IBM RSE API Plug-in for Zowe CLI, the Java SDK for RSEAPI and general front-end web applications.

I am architect and lead developer for RSE products and have been involved with them since their inception.

Best Regards,

Hi Dave,

"Was the ADCD /ect/zexpl/rse.env configured to use /usr/lpp/IBM/rseapi or was that  customization you made?"

I cannot remember... I tried so many things.  (grin)

Please can you tell me the difference between RSED and RSEAPI - do they both do the same thing... except  RSEAPI now uses Java as a web server?

If I use RSED with a REST request I get authorisation error;  It takes an html header as  a userid, so I wondered if RSED was not for REST requests

Are you involved in supporting these products,  or do you just have a lot of experience with them?

Colin

Hi Colin,

Right, RSE_HOME needs to point to the base RSED (zexpl) installation directory, not the rseapi installation directory.   The rse.env file is for RSED.   The rseapi.env is for RSEAPI but it inherits the environment produced by rse.env (for picking up common settings and libraries).  Was the ADCD /ect/zexpl/rse.env configured to use /usr/lpp/IBM/rseapi or was that  customization you made?

Hi Dave,

My problem was caused by  the wrong line in /etc/zexpl/rse.env

RSE_HOME=/usr/lpp/IBM/zexpl 
#RSE_HOME=/usr/lpp/IBM/rseapi 

works ... rseapi does not work.

Hi Colin,

Thanks for your patience here.

Regarding GIM54701E, it appears that there is some customization for RSEAPI in the ADCD image that doesn't lend itself to a PTF update.   I suppose you could try a fresh install to avoid that issue, and perhaps the issue you're seeing in setenv.sh.  

For setenv.sh, it seems that some environment variables may not be correctly set.  Could you try echoing RSE_HOME, CATALINA_BASE, RSE_CFG to see if it offers any clues.  Also, if you're using JCL to start the service, can you share that?

Hi Dave,

I downloaded the file you pointed to and installed it. 

There was a minor hitch in the apply (which may well be a user error - it took me several goes to get the install done cleanly)

GIM54701E ** ALLOCATION FAILED FOR SHUHZFS - IKJ56228I PATH /usr/lpp/IBM/rseapi1/IBM/ NOT IN CATALOG OR CATALOG CAN NOT 
             BE ACCESSED.                                                                                               

I did makedir  for /usr/lpp/IBM/rseapi1/IBM/ and the apply worked.

I changed my rseapi proc to point to the new libraries and tried to start it.

When I tried to use it it failed with (after I added some debug code) in

    /usr/lpp/IBM/rseapi1/tomcat.base/bin/setenv.sh
 ===>                                                                       
 echo  "COLIN" 
 echo RSE_HOME=$($CATALINA_BASE/bin/envvars.sh -SRSE_HOME \ 
   -O${RSE_CFG:-/etc/zexpl}/rse.env | sed -n 's:.*"\(.*\)":\1:p') 

RSE_HOME=$($CATALINA_BASE/bin/envvars.sh -SRSE_HOME \ 
  -O${RSE_CFG:-/etc/zexpl}/rse.env | sed -n 's:.*"\(.*\)":\1:p') 

with 

Using server configuration at /Z24C/usr/lpp/IBM/rseapi1/tomcat.base/conf/sserver.xml                  
COLIN                                                                                                 
RSE_HOME=\(.*\):\1:p                                                                                  
ERROR -- RSE \(.*\):\1:p/bin/envvars.sh cannot be executed                                            
ls -l \(.*\):\1:p/bin/                                                                                

This may be a user error. 

I do not need it fixed, as I'll use the older version for what I wanted to do.  I just wanted to play with RSEAPI, it was not thing serious.
 

Colin

Hi Colin,

Yes, tomcat.base/bin/current_version.txt  will give you the correct version of RSEAPI (you can also find it via the info/serverdetails API).   You're using v1.0.5 which is pretty old and that version did not officially support RACF keyring.  Newer versions (v1.0.13 and v1.1.2) provide keyring support out of the box (which does involve bringing in -Djava.protocol.handler.pkgs=com.ibm.crypto.provider) along with other improvements and features.  You can get it updated via ShopZ or from here: https://ibm.github.io/mainframe-downloads/host-components.html.

I hope this helps!

Hi Dave,

Thanks for your reply, I have

IBMUSER:/u/ibmuser: >java -version                                                                                             
java version "1.8.0_261"                                                                                                       
Java(TM) SE Runtime Environment (build 8.0.6.16 - pmz6480sr6fp16-20200902_01(SR6 FP16))                                        
IBM J9 VM (build 2.9, JRE 1.8.0 z/OS s390x-64-Bit Compressed References 20200901_454898 (JIT enabled, AOT enabled)             
OpenJ9   - 2799ddf                                                                                                             
OMR      - b348d97                                                                                                             
IBM      - 5371022)                                                                                                            
JCL - 20200831_01 based on Oracle jdk8u261-b13        

it was hard to find the version of RSEAPI.  The proc has 5655-EXP Copyright IBM Corp. 2020, 2020.

The ZFS   is HUH100.ZFS  

/usr/lpp/IBM/rseapi/tomcat.base/bin/current_version.txt    has  v1.0.5 created 15 Jun 2021                                                                        

Hi Colin,

Which version of Java and RSEAPI do you have?

Regards,

David

I've spent a couple of days on this, and I change the product files to get it to work.

I had to edit  /usr/lpp/IBM/rseapi/tomcat.base/bin/rseapi.final.env to add

catalina_AddOn="$catalina_AddOn -Djava.protocol.handler.pkgs=com.ibm.crypto.provider" 

without it, rseapi cannot process the keyring statement safkeyring://START1/MQRING