This post will guide you starting a minimal Zowe instance and extending it.
You need to have configured the z/OS system ( started tasks, security, APF, SCHEDxx ) and configured the Zowe instance file, zowe.yaml.
In the zowe.yaml file find “components:” in column 1, and change the enabled value of the components to “false”.
- gateway
- discovery
- caching-services
- app-server
- explorer-jes
- explorer-mvs
but keep zss enabled.
Start the common services started task
Start the common services task. The default is ZWESISTC, but you may have changed the name of it.
s ZWESISTC
This displays output like
IEF403I ZWESISTC - STARTED - TIME=08.19.08
ZWES0001I ZSS Cross-Memory Server starting, version is 3.1.0+20250108
IEF761I ZWESISTC ZWESISTC PARMLIB ZWESIS DD IS ALREADY ALLOCATED AND WILL BE USED BY THIS TASK.
IEE252I MEMBER ZWESIP00 FOUND IN COLIN.ZOWE.CUST.PARMLIB
ZWES0105I Core server initialization started
ZWES0109I Core server ready
ZWES0200I Modify commands:
...
Resolve any problems.
Start the main task.
Once the cross memory server has started successfully, start the main task
The default started task name is ZWESLSTC, but you may have changed it.
s ZWESLSTC
It generates messages like
$HASP373 ZWESLSTC STARTED
IEF403I ZWESLSTC - STARTED - TIME=10.02.38
+ZWEL0021I Zowe Launcher starting
+ZWEL0018I Zowe instance prepared successfully
+ZWEL0006I starting components
+ZWEL0001I component gateway started
+ZWEL0001I component zss started
+ZWES1013I ZSS Server has started. Version '3.1.0+20250108' 64-bit
You stop it using using
P ZWESLSTC
+ZWEL0008I stopping components
+ZWEL0002I component gateway stopped
It it fails to start, check the job output.
There is a log of activities SYSPRINT, and problems may be reported in SYS0001, for example
ZWEL0318E – Couldn’t scan file ‘/u/colin/zowec/zowe31.yaml’: mapping values are not allowed in this context at line 146, column 17.
Connecting to the gateway
Once you Zowe, with zss and the gateway, starts successfully, you can try to connect to it.
Before you can do this your web server, curl or other tool needs access to the Certificate Authority certificate.
I exported it using
//COLINEXP JOB 1,MSGCLASS=H
//S1 EXEC PGM=IKJEFT01,REGION=0M
//STEPLIB DD DISP=SHR,DSN=SYS1.MIGLIB
//SYSPRINT DD SYSOUT=*
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *
RACDCERT CERTAUTH EXPORT(LABEL('DOCZOSCA')) -
DSN('COLIN.CERT.DOC.CA.PEM') -
FORMAT(CERTB64) -
PASSWORD('PASSWORD')
//
It creates a data set like
-----BEGIN CERTIFICATE-----
MIIDYDCCAkigAwIBAgIBADANBgkqhkiG9w0BAQsFADAwMQ4wDAYDVQQKEwVDT0xJ
...
wL6XUA==
-----END CERTIFICATE-----
I created a file on Linux/Uss called cacert.pem, and pasted the contents into it.
I used curl (from z/OS) to access the gateway
trace="--trace trace.txt1"
ca="--cacert /u/colin/zowec/cacert.pem"
curl -v $trace $ca https://127.0.0.1:7557/plugins
This gave data like
{"pluginDefinitions":[{"identifier":"org.zowe.explorer-jes","apiVersion":"2.0.0"....
if you get this then you successfully connected to the gateway.
The trace.txt1 file has the TLS handshake and the data content. For example it contained
== Info: SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / x25519 / id-ecPublicKey
== Info: ALPN: server did not agree on a protocol. Uses default.
== Info: Server certificate:
== Info: subject: O=MYORG; OU=COLIN; CN=127.0.0.1
== Info: start date: May 2 05:00:00 2025 GMT
== Info: expire date: Jul 3 04:59:59 2029 GMT
== Info: subjectAltName: host "127.0.0.1" matched cert's IP address!
== Info: issuer: O=COLIN; OU=CA; CN=DOCZOSCA
== Info: SSL certificate verify ok.
== Info: Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using sha256WithRSAEncryption
== Info: Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
== Info: Connected to 127.0.0.1 (127.0.0.1) port 7557
When you start Zowe it spawns threads into BPXAS address spaces, which show up as jobs with the same name (ZWESLSTC) but you cannot look at their output in the spool.
Problem determination
- Check for messages on the system log.
- Check within ZWESLSTC started task output for error messages.
- You can enable debug trace in the zowe.yaml file with the launchScript: logLevel set to debug. Reset it to info once the problem is resolved.
- You can set debug: true for the component with problems.
If the zss fails to start, check in the logs directory of the instance directory for the zss… log file, such as
*/u/tmp/zowec/logs/zssServer-2025-02-03-08-15.log*
If the system starts, but you cannot connect from a web browser,
change the yaml file and uncomment the https: trace statement
zss:
enabled: true
port: 7557
crossMemoryServerName: ZWESIS_STD
agent:
jwt:
fallback: true
64bit: true
https:
trace: true
When you start Zowe it will produce a trace file like
logs/zssServer-2025-02-03-17-36.log.tlstrace
which you can format with
gsktrace logs/zssServer-2025-02-03-17-36.log.tlstrace >gsk.txt
I got
No supported CertificateVerify signature algorithm for EC key
Which means then the specified server key is not acceptable. For example Elliptic Curves with length 521 are not supported in all client environments, and key size 256 should be used.
Start the API Server
The API server needs to authenticate the user.
You can use
- 1. SAF interface
- 2. Another interface
To use the SAF interface you need to start the zss server
ColinPaice 