Defining HTTP connection options
This section describes the HTTPOPTS initialization statement.
- The hostname and port of the agent
- The hostname and port of the connecting counterpart
- SSL security options
HTTPOPTS
>>-HTTPOPTS--+----------------------------------------------+---> | .-15--------------------. | '-CONNTIMEOUT--(--+-HTTP timeout interval-+--)-' >--+---------------------------+--------------------------------> | .-NO--. | '-ENABLEFIPS--(--+-YES-+--)-' >--+---------------------------+--------------------------------> | .-NONE---. | '-GATEWAY--(--+-REMOTE-+--)-' >--+------------------------------------+-----------------------> | .-IP address-----. | '-HOSTNAME--(--+-hostname-------+--)-' '-local hostname-' >--+--------------------------------------------+---------------> | .-1-----------------. | '-JLOGTHREADNUM--(--+-number of threads-+--)-' >--+-----------------------------------+------------------------> | .-31114-------. | '-PORTNUMBER--(--+-port number-+--)-' >--+-------------------------------------------+----------------> | .-10----------------. | '-SRVTHREADNUM--(--+-number of threads-+--)-' >--+--------------------+--+-------------------------------+----> | .-NO--. | | .-CAONLY-. | '-SSL--(--+-YES-+--)-' '-SSLAUTHMODE--(--+-STRING-+--)-' >--+-------------------------------------+----------------------> | .-tws--------. | '-SSLAUTHSTRING--(--+-SSL string-+--)-' >--+--------------------------------------------------+---------> '-SSLKEYRING--(--SSL key ring database filename--)-' >--+-----------------------------------------------------+------> '-SSLKEYRINGPSW--(--SSL key ring password filename--)-' >--+-------------------------------+----------------------------> | .-SAF-. | '-SSLKEYRINGTYPE--(--+-USS-+--)-' >--+--------------------------------------------+---------------> | .-TCPIP--------------. | '-TCPIPJOBNAME--(--+-TCPIP started task-+--)-' >--+------------------------------------------------+-----------> | .-300--------------------. | '-TCPIPTIMEOUT--(--+-TCPIP timeout interval-+--)-' .-'000.000.000.000'-------------------. >--TDWBHOSTNAME--(--+-dynamic workload broker host name---+--)--> '- dynamic workload broker IP address-' >--+---------------------------------------------------------------+--> | .-31115 (no SSL) | 31116 (SSL)--------. | '-TDWBPORTNUMBER--(--+-dynamic workload broker port number-+--)-' >--+------------------------+---------------------------------->< | .-YES-. | '-TDWBSSL--(--+-NO--+--)-'
Parameters
- CONNTIMEOUT = (timeout interval|15)
- The number of seconds that an HTTP connection waits before a timeout occurs. Valid values are from 1 to 10000. The default is 15 seconds.
- ENABLEFIPS(NO|YES)
- Indicates whether the SSL
communication must comply with FIPS standards. Specify YES to have a FIPS compliant SSL
communication. This keyword is ignored if the SSL communication is not enabled. The default is NO.
For more information about the FIPS compliance, see the section about activating support for FIPS standard over SSL secured connections in IBM Workload Scheduler for z/OS: Planning and Installation.
- GATEWAY(NONE|REMOTE)
Specifies whether to configure a gateway to communicate with the dynamic workload broker or not. Specify REMOTE if the agent for z/OS communicates through a gateway. If you use REMOTE, the TDWBHOSTNAME and the TDWBPORT contain the address and the port of the gateway to which you are connecting. The default value is none, no gateway is configured.
- HOSTNAME = (hostname | IP address)
- The local host name or IP address of the agent for z/OS used to communicate with dynamic workload broker or gateway. It can be up to 52 alphanumeric characters. The host name or IP address can be in IPV4 or IPV6 format. Enclose this value in single quotation marks. The default is the IP address returned by TCP/IP.
- JLOGTHREADNUM = (number of threads|1)
- The number of threads used by the HTTP server task to manage the requests concerning the job log. Valid values are from 1 to 100. The default is 1.
- PORTNUMBER = (port|31114)
- The port number on the agent for z/OS used to communicate with dynamic workload broker or gateway. Valid values range from 0 to 65535. The default is 31114.
- SSL = (Yes|No)
- Specifies if SSL is configured on PORTNUMBER to protect inbound requests. Set to Yes if you are using SSL to protect the agent for z/OS port. Set to No otherwise. The default is No. If SSL is on, the SSLKEYRING parameter is mandatory.
- SSLAUTHMODE = (STRING|CAONLY)
- The SSL authentication type. Valid values are:
- CAONLY
- The scheduler checks the validity of the certificate by verifying that a recognized Certification Authority has issued the peer certificate. The information contained in the certificate is not checked.
- STRING
- The scheduler checks the validity of the certificate as described in the CAONLY option. It also verifies that the Common Name (CN) of the Certificate Subject matches the string specified in the SSLAUTHSTRING parameter.
- SSLAUTHSTRING = (SSL string|tws)
- The SSL string used to verify the validity of the certificate when you set SSLAUTHMODE to STRING. The string can be up to 64 characters. The default is tws.
- SSLKEYRING = (SSL key ring database filename)
If SSLKEYRINGTYPE is SAF (System Authorization Facility), this parameter specifies the SAF key ring used to connect the security certificates.
If SSLKEYRINGTYPE is USS (Unix System Services), this parameter specifies the database containing keys and certificates. It consists of an SSL working directory name and file name, in the format:SSLworkdir/TWS.kbd
The parameter is case-sensitive.
- SSLKEYRINGPSW = (SSL key ring password filename)
- This parameter is required when you run SSL security and SSLKEYRINGTYPE is USS.
It specifies the file containing the key password. It consists of
an SSL working directory name and file name, in the format:
SSLworkdir/TWS.sth
Failure to provide an existing and correct filename results in an error message and prevents the agent from starting. The parameter is case-sensitive.
- SSLKEYRINGTYPE = (USS | SAF)
- Specifies if the key ring file is a key database USS file
or a SAF key ring. If the type is SAF, you can use
the RACF® command to manage
SSL connections.Important: If the type is USS, you must provide an SSL key ring password filename for SSLKEYRINGPSW. Failure to do this will prevent the agent from starting.
- SRVTHREADNUM = (number of threads|10)
- The number of threads that can be used by the HTTP server task to process more requests sent by dynamic workload broker at the same time. Valid values range from 2 to 100. The default is 10.
- TCPIPJOBNAME = (TCPIP started task|TCPIP)
- The name of the TCPIP started task running on the z/OS® system. The default name is TCPIP.
- TCPIPTIMEOUT = (TCPIP timeout interval|300)
- The number of seconds that an HTTP request waits for response before a timeout occurs. Valid values are from 1 to 10000. the default is 300.
- TDWBHOSTNAME = (dynamic workload broker or Dynamic Agent Gateway host name|dynamic workload broker or Dynamic Agent Gateway IP address|'000.000.000.000')
- The local host name or IP address of the dynamic workload broker or gateway to which the agent for z/OS is to establish an HTTP connection. It can be up to 52 alphanumeric characters. The host name or IP address can be in IPV4 or IPV6 format. Enclose this value in single quotation marks. The parameter is mandatory.
- TDWBPORTNUMBER = (port|31115|31116)
- The port number of the dynamic workload broker/Dynamic Agent Gateway to which the agent for z/OS is to establish the HTTP connection. Defaults are 31115 for non-SSL connections and 31116 for SSL connections.
- TDWBSSL = (Yes|No)
- Specifies if the dynamic workload broker or gateway port defined by TDWBPORTNUMBER is protected by SSL. The default is Yes.