Re: Why can't a LinuxONE run z/OS
The z/OS image is spun up on an OCP container running on Linux. > On 9 Jun 2023, at 21:58, zMan wrote: > > Showing my ignorance: how does this relate to OCP? > >> On Fri, Jun 9, 2023 at 1:48 AM Timothy Sipples wrote: >> >> Lennie Dymoke-Bradshaw asks: >>> Can someone please explain what IBM have done on the >>> LinuxOne machines to stop them running z/OS? >> >> Your predicate is incorrect. IBM LinuxONE servers CAN run z/OS. Please >> read on >> >> David Crayford wrote: >>> From what I gather, LinuxOne machines have the capability to >>> run z/OS within OCP containers, and there are cloud provisioning >>> tools available to choose systems software from the ADCD. I had >>> the opportunity to witness a demonstration of this at a zForum >>> conference, where IBMer Ed McCarthy showcased its impressive >>> functionality. I was quite impressed with what I saw. The provisioning >>> options ranged from x86 emulation to on-premises Linux on Z, >>> with various tiers in between. Tim Sipples will know the details. >> >> To my knowledge there are currently two generally available, fully IBM >> supported and authorized ways to run z/OS on LinuxONE servers: >> >> 1. Via the IBM Virtual Dev and Test for z/OS product. ZVDT supports >> running real z/OS for development, unit test, demonstration, and training >> purposes on IBM LinuxONE servers (and on IFLs in IBM zSystems servers). >> Please note that ZVDT does not currently support z/OS Parallel Sysplex >> configurations or the z/OS Container Extensions. But it does run real, >> bit-for-bit identical z/OS. And the performance is broadly excellent. >> ECKD/FICON-attached storage is supported but not required. >> >> https://www.ibm.com/products/virtual-dev-and-test-zos >> >> It's common to deploy ZVDT (and the z/OS instances it hosts) in its own, >> dedicated LPAR. But it doesn't necessarily have to be. My colleague Ed >> McCarthy might've demonstrated some other deployment options. >> >> 2. Via the IBM GDPS Virtual Appliance. You can optionally configure an IBM >> LinuxONE server with a single general purpose processor (CP) at a specific >> capacity setting. This single CP can only be used to run the IBM GDPS >> Virtual Appliance software. The GDPS VA software is shipped and serviced as >> a single, integral image, but it happens to be z/OS-based. (You're not >> licensed to use that "interior" z/OS for general purposes.) The IBM GDPS >> Virtual Appliance is broadly functionally equivalent to the IBM GDPS Metro >> Mirror (with HyperSwap) offering. ECKD/FICON-attached storage is required >> for the IBM GDPS Virtual Appliance itself. ECKD/FICON-attached storage is >> supported but not required for other workloads. >> >> Peter Bishop wrote: >>> And LinuxONEs only have IFLs. >> >> You have the option to configure LinuxONE servers with a single >> subcapacity CP. (See above.) You can also configure them with additional >> SAPs if you wish. >> >>> The rest of the box is the same, apart from the doors >> >> The two server families are related, but there are more differences >> besides the engine choices and doors. As a notable example the LinuxONE >> servers can be configured with NVMe Carrier features and even boot/IPL from >> them. NVMe Carrier features are not available on IBM zSystems servers. >> zHyperLink Express adapters are available in IBM zSystems servers but not >> in IBM LinuxONE servers. In past model generations (including z15/LinuxONE >> III which is still generally available) the storage-related adapters are >> often different, but there's some re-convergence in that area with the >> z16/LinuxONE 4 servers. IBM zSystems servers support model conversion >> upgrades (for example from z15 to z16) and carry forward of I/O features. >> LinuxONE servers do not support either model conversion upgrades or carry >> forward of any I/O features. >> >> You can look through the Feature Codes available for the IBM z16 >> (3931-A01) and IBM LinuxONE Emperor 4 (3931-LA1) and see many identical >> feature codes but also many differences. >> >> — >> Timothy Sipples >> Senior Architect >> Digital Assets, Industry Solutions, and Cybersecurity >> IBM zSystems/LinuxONE, Asia-Pacific >> sipp...@sg.ibm.com >> >> >> -- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN >> > > > -- > zMan -- "I've got a mainframe and I'm not afraid to use it" > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: RACF and Subject Alternate Name
Thanks all! The gskkyman utility seems to do what I want. On Fri, Jun 9, 2023 at 9:27 AM Matt Hogstrom wrote: > At Broadcom we’ve have customers that have experienced similar issues and > we’ve suggested the same workaround that Charles describes with no issues. > The CSR generation functionality is platform dependent (ie RACF’s > restriction) but the process is the same for all certs regardless of where > they are initiated. > > Matt Hogstrom > > “It may be cognitive, but, it ain’t intuitive." > — Hogstrom > > > > > On Jun 8, 2023, at 11:29 AM, Charles Mills wrote: > > > > Yes, you can generate a CSR, typically including multiple SANs, with > OpenSSL (any platform), gskkyman, or even on a CA Web site (or in the case > of an in-house CA, using their certificate management tools). > > > > Yes, you should be able to import that certificate when signed and its > private key into RACF. Check out RACDCERT IMPORT. > > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- Michael Babcock OneMain Financial z/OS Systems Programmer, Lead -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Updated UNIX certification WAS: z/OS 3.1: Now UNIX® Certified
On Fri, 9 Jun 2023 14:29:38 +, Seymour J Metz wrote:
>Well, it started with IBM making a bad guess as to what ASA/USASA/ANSI would
>pass as the 8-bit ASCII (which died on the vine). Then there was a plethora of
>8-bit code pages loosely based on ASCII ("a maze of twisty passages, all
>alike"). This is not just a mainframe issue.
>
I found my Wayback bookmark:
>Long term we'll all wind up on URF-8, and the old issues will be replaced by
>ne ones. Meanewhile, file tagging is part of the interim solution.
>
An early new issue is the (mis-)behavior of width specifications in formats
in the printf() family with variable-length encodings. Does LE handle
this well?
--
gil
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Updated UNIX certification WAS: z/OS 3.1: Now UNIXR Certified
Seymour wrote, in part: >Long term we'll all wind up on URF-8, and the old issues will be replaced by >ne ones. Ah, good ol' URF-8, "Universally Rejected Format". (Yes, I know it was a typo for UTF-8!) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Updated UNIX certification WAS: z/OS 3.1: Now UNIX® Certified
Well, it started with IBM making a bad guess as to what ASA/USASA/ANSI would
pass as the 8-bit ASCII (which died on the vine). Then there was a plethora of
8-bit code pages loosely based on ASCII ("a maze of twisty passages, all
alike"). This is not just a mainframe issue.
Long term we'll all wind up on URF-8, and the old issues will be replaced by ne
ones. Meanewhile, file tagging is part of the interim solution.
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of
Rick Troth [tro...@gmail.com]
Sent: Thursday, June 8, 2023 9:49 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Updated UNIX certification WAS: z/OS 3.1: Now UNIX® Certified
This "file tagging" is completely new for me. Please pardon my ignorance.
The behavior you describe (some utils honor the tag, others don't)
sounds perfectly typical, totally expected.
There *must* be a default, and that would predate the availability of a
"tag", so for apps to not "honor" a tag, even if painful, makes sense.
We're talking default: default behavior, default charset, etc.
When I first encountered USS, and experienced, "sure, it's Unix, but
it's not ASCII", there was a really really helpful indicator: newline.
There are two newline characters, and thankfully they're both in
unprintable space (no graphemes). So when a textual utility reads a text
line and hits 0x15, it can safely assume EBCDIC. The default codepage
for USS was said to be 1047. Others are fine, as long as we know they're
EBCDIC. If that same textual utility reads a text line and hits 0x0A, it
can safely assume ASCII (or superset like UTF-8). It would likely need
to take action, translate the line A to E, or ... something. (The
options are numerous.)
This, of course, has to be done within the application or utility. The
logic has been within our reach for thirty years, maybe more. I've
written applications which use it.
This doesn't help "text" without embedded newlines.
Of the mixed utilities you mention, some are exhibiting a default behavior.
If we want universal new behavior (to honor this newfangled "tagging"
feecher) then what's needed is an OS-level implementation.
Otherwise we have to re-code, in the source, thousands of utilities, not
to mention FLOSS, third party products, and end-user programs.
In other words, if file tagging is to have a consistent effect on ALL
applications, the operating system has to do the "honoring".
How did we get here?
-- R; <><
On 6/8/23 05:58, David Frenzel wrote:
> Since the current email thread has evolved away from this announcement I felt
> it would make sense to open a separate one.
>
> I can see that z/OS 2.1 received the same certification back in 2013
> (https://www.opengroup.org/openbrand/register/brand3601.htm).
> Timothy, are you stating that z/OS 3.1 now has the same certification that
> 2.1 has or is this certification for 3.1 implying any changes as to how USS
> works and whether anything has been improved from 2.x?
>
> I just spent hours on an issue where it turned out that some utilities honor
> the file tag for code pages while others simply ignore it and use some
> hard-coded value. I stopped counting the endless hours of time wasted because
> some weird code page issue appeared in USS. Hopefully, nobody is going to
> scream "POSIX compliance" at me now..
>
> Cheers - David
>
> -Original Message-
> From: IBM Mainframe Discussion List On Behalf Of
> Timothy Sipples
> Sent: Freitag, 26. Mai 2023 14:03
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: z/OS 3.1: Now UNIX® Certified
>
> z/OS 3.1 has already earned its UNIX® certification...
>
> https://www.opengroup.org/openbrand/register/brand3693.htm
>
> —
> Timothy Sipples
> Senior Architect
> Digital Assets, Industry Solutions, and Cybersecurity IBM zSystems/LinuxONE,
> Asia-Pacific sipp...@sg.ibm.com
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send email to
> lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: RACF and Subject Alternate Name
At Broadcom we’ve have customers that have experienced similar issues and we’ve suggested the same workaround that Charles describes with no issues. The CSR generation functionality is platform dependent (ie RACF’s restriction) but the process is the same for all certs regardless of where they are initiated. Matt Hogstrom “It may be cognitive, but, it ain’t intuitive." — Hogstrom > On Jun 8, 2023, at 11:29 AM, Charles Mills wrote: > > Yes, you can generate a CSR, typically including multiple SANs, with OpenSSL > (any platform), gskkyman, or even on a CA Web site (or in the case of an > in-house CA, using their certificate management tools). > > Yes, you should be able to import that certificate when signed and its > private key into RACF. Check out RACDCERT IMPORT. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Why can't a LinuxONE run z/OS
Showing my ignorance: how does this relate to OCP? On Fri, Jun 9, 2023 at 1:48 AM Timothy Sipples wrote: > Lennie Dymoke-Bradshaw asks: > >Can someone please explain what IBM have done on the > >LinuxOne machines to stop them running z/OS? > > Your predicate is incorrect. IBM LinuxONE servers CAN run z/OS. Please > read on > > David Crayford wrote: > >From what I gather, LinuxOne machines have the capability to > >run z/OS within OCP containers, and there are cloud provisioning > >tools available to choose systems software from the ADCD. I had > >the opportunity to witness a demonstration of this at a zForum > >conference, where IBMer Ed McCarthy showcased its impressive > >functionality. I was quite impressed with what I saw. The provisioning > >options ranged from x86 emulation to on-premises Linux on Z, > >with various tiers in between. Tim Sipples will know the details. > > To my knowledge there are currently two generally available, fully IBM > supported and authorized ways to run z/OS on LinuxONE servers: > > 1. Via the IBM Virtual Dev and Test for z/OS product. ZVDT supports > running real z/OS for development, unit test, demonstration, and training > purposes on IBM LinuxONE servers (and on IFLs in IBM zSystems servers). > Please note that ZVDT does not currently support z/OS Parallel Sysplex > configurations or the z/OS Container Extensions. But it does run real, > bit-for-bit identical z/OS. And the performance is broadly excellent. > ECKD/FICON-attached storage is supported but not required. > > https://www.ibm.com/products/virtual-dev-and-test-zos > > It's common to deploy ZVDT (and the z/OS instances it hosts) in its own, > dedicated LPAR. But it doesn't necessarily have to be. My colleague Ed > McCarthy might've demonstrated some other deployment options. > > 2. Via the IBM GDPS Virtual Appliance. You can optionally configure an IBM > LinuxONE server with a single general purpose processor (CP) at a specific > capacity setting. This single CP can only be used to run the IBM GDPS > Virtual Appliance software. The GDPS VA software is shipped and serviced as > a single, integral image, but it happens to be z/OS-based. (You're not > licensed to use that "interior" z/OS for general purposes.) The IBM GDPS > Virtual Appliance is broadly functionally equivalent to the IBM GDPS Metro > Mirror (with HyperSwap) offering. ECKD/FICON-attached storage is required > for the IBM GDPS Virtual Appliance itself. ECKD/FICON-attached storage is > supported but not required for other workloads. > > Peter Bishop wrote: > >And LinuxONEs only have IFLs. > > You have the option to configure LinuxONE servers with a single > subcapacity CP. (See above.) You can also configure them with additional > SAPs if you wish. > > >The rest of the box is the same, apart from the doors > > The two server families are related, but there are more differences > besides the engine choices and doors. As a notable example the LinuxONE > servers can be configured with NVMe Carrier features and even boot/IPL from > them. NVMe Carrier features are not available on IBM zSystems servers. > zHyperLink Express adapters are available in IBM zSystems servers but not > in IBM LinuxONE servers. In past model generations (including z15/LinuxONE > III which is still generally available) the storage-related adapters are > often different, but there's some re-convergence in that area with the > z16/LinuxONE 4 servers. IBM zSystems servers support model conversion > upgrades (for example from z15 to z16) and carry forward of I/O features. > LinuxONE servers do not support either model conversion upgrades or carry > forward of any I/O features. > > You can look through the Feature Codes available for the IBM z16 > (3931-A01) and IBM LinuxONE Emperor 4 (3931-LA1) and see many identical > feature codes but also many differences. > > — > Timothy Sipples > Senior Architect > Digital Assets, Industry Solutions, and Cybersecurity > IBM zSystems/LinuxONE, Asia-Pacific > sipp...@sg.ibm.com > > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- zMan -- "I've got a mainframe and I'm not afraid to use it" -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Why can't a LinuxOne run z/OS
+1 Matt Hogstrom “It may be cognitive, but, it ain’t intuitive." — Hogstrom > On Jun 8, 2023, at 7:39 PM, John McKown wrote: > > All of the CPs in a z box are identical in a basic hardware sense. But they > load different firmware which defines whether they are a general CPU or a > SAP or an IFL or ... -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Why can't a LinuxONE run z/OS
Many thanks to everyone who has contributed to this. That's quite a lot of information I have gathered. Thanks especially to Timothy Sipples for putting it all together below. Lennie -Original Message- From: IBM Mainframe Discussion List On Behalf Of Timothy Sipples Sent: 09 June 2023 06:48 To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Why can't a LinuxONE run z/OS Lennie Dymoke-Bradshaw asks: >Can someone please explain what IBM have done on the LinuxOne machines >to stop them running z/OS? Your predicate is incorrect. IBM LinuxONE servers CAN run z/OS. Please read on David Crayford wrote: >From what I gather, LinuxOne machines have the capability to run z/OS >within OCP containers, and there are cloud provisioning tools available >to choose systems software from the ADCD. I had the opportunity to >witness a demonstration of this at a zForum conference, where IBMer Ed >McCarthy showcased its impressive functionality. I was quite impressed >with what I saw. The provisioning options ranged from x86 emulation to >on-premises Linux on Z, with various tiers in between. Tim Sipples will >know the details. To my knowledge there are currently two generally available, fully IBM supported and authorized ways to run z/OS on LinuxONE servers: 1. Via the IBM Virtual Dev and Test for z/OS product. ZVDT supports running real z/OS for development, unit test, demonstration, and training purposes on IBM LinuxONE servers (and on IFLs in IBM zSystems servers). Please note that ZVDT does not currently support z/OS Parallel Sysplex configurations or the z/OS Container Extensions. But it does run real, bit-for-bit identical z/OS. And the performance is broadly excellent. ECKD/FICON-attached storage is supported but not required. https://www.ibm.com/products/virtual-dev-and-test-zos It's common to deploy ZVDT (and the z/OS instances it hosts) in its own, dedicated LPAR. But it doesn't necessarily have to be. My colleague Ed McCarthy might've demonstrated some other deployment options. 2. Via the IBM GDPS Virtual Appliance. You can optionally configure an IBM LinuxONE server with a single general purpose processor (CP) at a specific capacity setting. This single CP can only be used to run the IBM GDPS Virtual Appliance software. The GDPS VA software is shipped and serviced as a single, integral image, but it happens to be z/OS-based. (You're not licensed to use that "interior" z/OS for general purposes.) The IBM GDPS Virtual Appliance is broadly functionally equivalent to the IBM GDPS Metro Mirror (with HyperSwap) offering. ECKD/FICON-attached storage is required for the IBM GDPS Virtual Appliance itself. ECKD/FICON-attached storage is supported but not required for other workloads. Peter Bishop wrote: >And LinuxONEs only have IFLs. You have the option to configure LinuxONE servers with a single subcapacity CP. (See above.) You can also configure them with additional SAPs if you wish. >The rest of the box is the same, apart from the doors The two server families are related, but there are more differences besides the engine choices and doors. As a notable example the LinuxONE servers can be configured with NVMe Carrier features and even boot/IPL from them. NVMe Carrier features are not available on IBM zSystems servers. zHyperLink Express adapters are available in IBM zSystems servers but not in IBM LinuxONE servers. In past model generations (including z15/LinuxONE III which is still generally available) the storage-related adapters are often different, but there's some re-convergence in that area with the z16/LinuxONE 4 servers. IBM zSystems servers support model conversion upgrades (for example from z15 to z16) and carry forward of I/O features. LinuxONE servers do not support either model conversion upgrades or carry forward of any I/O features. You can look through the Feature Codes available for the IBM z16 (3931-A01) and IBM LinuxONE Emperor 4 (3931-LA1) and see many identical feature codes but also many differences. - Timothy Sipples Senior Architect Digital Assets, Industry Solutions, and Cybersecurity IBM zSystems/LinuxONE, Asia-Pacific sipp...@sg.ibm.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
