HCL Workload Automation, Version 9.4

Defining HTTP connection options

This section describes the HTTPOPTS initialization statement.

This statement defines the connection details between the agent and dynamic workload broker. Use it to specify:
  • The hostname and port of the agent
  • The hostname and port of the connecting counterpart
  • SSL security options

HTTPOPTS

Read syntax diagramSkip visual syntax diagram
>>-HTTPOPTS--+----------------------------------------------+--->
             |                 .-15--------------------.    |   
             '-CONNTIMEOUT--(--+-HTTP timeout interval-+--)-'   

>--+---------------------------+-------------------------------->
   |                .-NO--.    |   
   '-ENABLEFIPS--(--+-YES-+--)-'   

>--+---------------------------+-------------------------------->
   |             .-NONE---.    |   
   '-GATEWAY--(--+-REMOTE-+--)-'   

>--+------------------------------------+----------------------->
   |              .-IP address-----.    |   
   '-HOSTNAME--(--+-hostname-------+--)-'   
                  '-local hostname-'        

>--+--------------------------------------------+--------------->
   |                   .-1-----------------.    |   
   '-JLOGTHREADNUM--(--+-number of threads-+--)-'   

>--+-----------------------------------+------------------------>
   |                .-31114-------.    |   
   '-PORTNUMBER--(--+-port number-+--)-'   

>--+-------------------------------------------+---------------->
   |                  .-10----------------.    |   
   '-SRVTHREADNUM--(--+-number of threads-+--)-'   

>--+--------------------+--+-------------------------------+---->
   |         .-NO--.    |  |                 .-CAONLY-.    |   
   '-SSL--(--+-YES-+--)-'  '-SSLAUTHMODE--(--+-STRING-+--)-'   

>--+-------------------------------------+---------------------->
   |                   .-tws--------.    |   
   '-SSLAUTHSTRING--(--+-SSL string-+--)-'   

>--+--------------------------------------------------+--------->
   '-SSLKEYRING--(--SSL key ring database filename--)-'   

>--+-----------------------------------------------------+------>
   '-SSLKEYRINGPSW--(--SSL key ring password filename--)-'   

>--+-------------------------------+---------------------------->
   |                    .-SAF-.    |   
   '-SSLKEYRINGTYPE--(--+-USS-+--)-'   

>--+--------------------------------------------+--------------->
   |                  .-TCPIP--------------.    |   
   '-TCPIPJOBNAME--(--+-TCPIP started task-+--)-'   

>--+------------------------------------------------+----------->
   |                  .-300--------------------.    |   
   '-TCPIPTIMEOUT--(--+-TCPIP timeout interval-+--)-'   

                    .-'000.000.000.000'-------------------.      
>--TDWBHOSTNAME--(--+-dynamic workload broker host name---+--)-->
                    '- dynamic workload broker IP address-'      

>--+---------------------------------------------------------------+-->
   |                    .-31115 (no SSL) | 31116 (SSL)--------.    |   
   '-TDWBPORTNUMBER--(--+-dynamic workload broker port number-+--)-'   

>--+------------------------+----------------------------------><
   |             .-YES-.    |   
   '-TDWBSSL--(--+-NO--+--)-'   

Parameters

CONNTIMEOUT = (timeout interval|15)
The number of seconds that an HTTP connection waits before a timeout occurs. Valid values are from 1 to 10000. The default is 15 seconds.
ENABLEFIPS(NO|YES)
Indicates whether the SSL communication must comply with FIPS standards. Specify YES to have a FIPS compliant SSL communication. This keyword is ignored if the SSL communication is not enabled. The default is NO.

For more information about the FIPS compliance, see the section about activating support for FIPS standard over SSL secured connections in IBM Workload Scheduler for z/OS: Planning and Installation.

GATEWAY(NONE|REMOTE)

Specifies whether to configure a gateway to communicate with the dynamic workload broker or not. Specify REMOTE if the agent for z/OS communicates through a gateway. If you use REMOTE, the TDWBHOSTNAME and the TDWBPORT contain the address and the port of the gateway to which you are connecting. The default value is none, no gateway is configured.

HOSTNAME = (hostname | IP address)
The local host name or IP address of the agent for z/OS used to communicate with dynamic workload broker or gateway. It can be up to 52 alphanumeric characters. The host name or IP address can be in IPV4 or IPV6 format. Enclose this value in single quotation marks. The default is the IP address returned by TCP/IP.
JLOGTHREADNUM = (number of threads|1)
The number of threads used by the HTTP server task to manage the requests concerning the job log. Valid values are from 1 to 100. The default is 1.
PORTNUMBER = (port|31114)
The port number on the agent for z/OS used to communicate with dynamic workload broker or gateway. Valid values range from 0 to 65535. The default is 31114.
SSL = (Yes|No)
Specifies if SSL is configured on PORTNUMBER to protect inbound requests. Set to Yes if you are using SSL to protect the agent for z/OS port. Set to No otherwise. The default is No. If SSL is on, the SSLKEYRING parameter is mandatory.
SSLAUTHMODE = (STRING|CAONLY)
The SSL authentication type. Valid values are:
CAONLY
The scheduler checks the validity of the certificate by verifying that a recognized Certification Authority has issued the peer certificate. The information contained in the certificate is not checked.
STRING
The scheduler checks the validity of the certificate as described in the CAONLY option. It also verifies that the Common Name (CN) of the Certificate Subject matches the string specified in the SSLAUTHSTRING parameter.
The default is CAONLY.
SSLAUTHSTRING = (SSL string|tws)
The SSL string used to verify the validity of the certificate when you set SSLAUTHMODE to STRING. The string can be up to 64 characters. The default is tws.
SSLKEYRING = (SSL key ring database filename)

If SSLKEYRINGTYPE is SAF (System Authorization Facility), this parameter specifies the SAF key ring used to connect the security certificates.

If SSLKEYRINGTYPE is USS (Unix System Services), this parameter specifies the database containing keys and certificates. It consists of an SSL working directory name and file name, in the format:
SSLworkdir/TWS.kbd

The parameter is case-sensitive.

SSLKEYRINGPSW = (SSL key ring password filename)
This parameter is required when you run SSL security and SSLKEYRINGTYPE is USS. It specifies the file containing the key password. It consists of an SSL working directory name and file name, in the format:
SSLworkdir/TWS.sth

Failure to provide an existing and correct filename results in an error message and prevents the agent from starting. The parameter is case-sensitive.

SSLKEYRINGTYPE = (USS | SAF)
Specifies if the key ring file is a key database USS file or a SAF key ring. If the type is SAF, you can use the RACF® command to manage SSL connections.
Important: If the type is USS, you must provide an SSL key ring password filename for SSLKEYRINGPSW. Failure to do this will prevent the agent from starting.
SRVTHREADNUM = (number of threads|10)
The number of threads that can be used by the HTTP server task to process more requests sent by dynamic workload broker at the same time. Valid values range from 2 to 100. The default is 10.
TCPIPJOBNAME = (TCPIP started task|TCPIP)
The name of the TCPIP started task running on the z/OS® system. The default name is TCPIP.
TCPIPTIMEOUT = (TCPIP timeout interval|300)
The number of seconds that an HTTP request waits for response before a timeout occurs. Valid values are from 1 to 10000. the default is 300.
TDWBHOSTNAME = (dynamic workload broker or Dynamic Agent Gateway host name|dynamic workload broker or Dynamic Agent Gateway IP address|'000.000.000.000')
The local host name or IP address of the dynamic workload broker or gateway to which the agent for z/OS is to establish an HTTP connection. It can be up to 52 alphanumeric characters. The host name or IP address can be in IPV4 or IPV6 format. Enclose this value in single quotation marks. The parameter is mandatory.
TDWBPORTNUMBER = (port|31115|31116)
The port number of the dynamic workload broker/Dynamic Agent Gateway to which the agent for z/OS is to establish the HTTP connection. Defaults are 31115 for non-SSL connections and 31116 for SSL connections.
TDWBSSL = (Yes|No)
Specifies if the dynamic workload broker or gateway port defined by TDWBPORTNUMBER is protected by SSL. The default is Yes.