5. Co:Z Launcher Examples

This chapter contains common examples ("recipes") for using the Co:Z Launcher. These examples assume that you have installed and configured the Co:Z toolkit on your z/OS and target systems. Additionally, these examples rely on Dataset Pipes commands. See the Co:Z Dataset Pipes User's Guide for the command reference.

5.1 Execute commands on a target server

This is a simple example of how to use the Co:Z Launcher to run commands on a remote Linux server.

//COZCB1  JOB (),'COZ'
//STEP1   EXEC PROC=COZPROC,
//        ARGS='myuid@linux1.myco.com'
//STDIN   DD *                        
# This is input to the remote shell
echo "We are running on: " `uname`
//

The userid and hostname (myuid@linux1.myco.com) are given as a parameter to the COZPROC stored procedure, but all other configuration options are taken from the installation defaults.
The Co:Z Launcher will start an SSH connection to the remote server as user "myuid".
Since SSH is unable in a batch job to prompt for a password, it will use a private key associated with the current z/OS user to login to the target server.
The default program to launch on the target server is the user's "default shell", which happens to be "bash".
Input to the remote shell is redirected from the job's //STDIN DD.
Output from the remote shell is redirected to //STDOUT DD and //STDERR DD in the launching jobstep. By default these are defined in COZPROC to go to SYSOUT spool files.
Output from the remote shell is redirected to //STDOUT DD and //STDERR DD in the launching jobstep. By default these are defined in COZPROC to go to SYSOUT spool files.

In this example, the following output will be written to the //STDOUT DD:

We are running on:  Linux

The exit code from the remote program (bash) will be adopted as the return code for the batch job step; in this case: "0". Log messages from the Co:Z Toolkit are written to //SYSOUT DD:

fromdsn(DD:STDIN)[N]: 2 records/160 bytes read; 75 bytes written in 0 milliseconds.       
todsn(DD:STDERR)[N]: 0 bytes read; 0 records/0 bytes written in 0.072 seconds (0.000 Bytes/Sec
todsn(DD:STDOUT)[N]: 39 bytes read; 1 records/38 bytes written in 0.074 seconds (527.027 Bytes
CoZLauncher[N]: myuid@linux1.myco.com target command '<default shell>' ended with RC=0

5.2 Launch remote shell that reads a PDS member

In this example we use the Co:Z Launcher to send commands to a target Linux server which reads a PDS member from the launching z/OS system.

//COZCB2  JOB (),'COZ' 
//STEP1   EXEC PROC=COZPROC, 
//        ARGS='myuid@linux1.myco.com' 
//STDIN   DD * 
fromdsn '//sys1.maclib(acb)' | grep BLKSIZE 
//

Input to the remote shell is redirected from the job step's //STDIN DD, which in this example has a single line.
The fromdsn command, running on the target server, establishes a connection with the launching z/OS job. This connection is used to read a PDS member.
The single quotes are required so that the Linux shell does not interpret the parentheses as meta characters.
The fromdsn command converts the records in the dataset to a stream of bytes that is written to stdout. By default the data will be converted to a text file using the target platform's codepage and line separator.
The data is piped ('|') by the shell into the Unix grep command which writes matching lines to stdout.
Output from the remote shell is redirected to //STDOUT DD and //STDERR DD in the launching jobstep. By default, these are defined in COZPROC to go to SYSOUT spool files.

In this example, the following output will be written to the //STDOUT DD:

&BLKSIZE=0,&LRECL=0,&BUFSP=0,                           -00001600
BLKSIZE=&BLKSIZE,LRECL=&LRECL,                          -01700000
BLKSIZE=&BLKSIZE,LRECL=&LRECL,                          -02406800

5.3 Offload PGP encryption of MVS Datasets

In this example we use the Co:Z Launcher to send commands to a Linux server which reads data from an //INPUT DD in the launching job step and writes PGP encrypted output data to //OUTPUT DD.

  
//COZCB3  JOB (),'COZ' 
//STEP1   EXEC PROC=COZPROC, 
//        ARGS='myuid@linux1.myco.com' 
//STDIN   DD * 
fromdsn -l rdw -k //DD:INPUT   \ 
  | gpg -r key-1 --batch --output=- --encrypt=- \ 
  | todsn -b //DD:OUTPUT 
/* 
//INPUT DD DISP=SHR,DSN=KIRK.CLEARTEXT.DATA 
//OUTPUT DD DSN=KIRK.ENCRYPT,DISP=(NEW,PASS), 
//          SPACE=(CYL,(1,1),RLSE), 
//          DCB=(RECFM=U,BLKSIZE=4096)

Input to the remote shell is redirected from the job step's //STDIN DD, which in this example contain three commands chained together with Unix pipes.
The fromdsn command, running on the target server, establishes a connection with the launching z/OS job. This connection is used to read from the //INPUT DD. The -l rdw option is used so that 4 byte RDWs are used as record separators. This option also disables any default codepage translation. The -k option disables any trimming of trailing pad (space) characters from the end of records. The result is that the fromdsn simply writes RDW-prefixed records, as-is, to stdout.
The output from fromdsn is piped into the Linux gpg command which PGP-encrypts the data stream. The "-encrypt=-" option causes gpg to read input from stdin (the output pipe from fromdsn).
The "output=-" option causes gpg to write its encrypted output to stdout, which is piped ('|') into a todsn command.
The todsn command, running on the Linux server, tunnels back into the launching jobstep and writes the encrypted data stream to DD:OUTPUT, which in the example goes to new cataloged MVS dataset. The "-b" option causes fromdsn to write the records in binary, with no record separators, in effect filling each record to its maximum size, which is set by the DD card in this case to be 4096 bytes.
Output log messages from the Co:Z Launcher, the Co:Z Agent (running on the target server), and the Dataset Pipes utilities fromdsn and todsn are written to //SYSOUT DD.

In this example, the following log message will be written:

fromdsn(DD:STDIN)[N]: 3 records/240 bytes read; 106 bytes written in 0 milliseconds.                       
fromdsn(DD:INPUT)[N]: 78 records/6240 bytes read; 6552 bytes written in 0 milliseconds.                    
todsn(DD:OUTPUT)[N]: 2034 bytes read; 2 records/2034 bytes written in 0.038 seconds (52.272 KByt
todsn(DD:STDOUT)[N]: 0 bytes read; 0 records/0 bytes written in 0.708 seconds (0.000 Bytes/sec).           
todsn(DD:STDERR)[N]: 0 bytes read; 0 records/0 bytes written in 0.706 seconds (0.000 Bytes/sec).           
CoZLauncher[N]: myuid@linux1.myco.com target command '<default shell>' ended with RC=0

Note that the data is encrypted during transfer automatically by the SSH tunnel used by Co:Z to communicate between the target server and the launching batch job. Also note that the file is never stored on disk on the target server.

Decrypting is just as easy:

fromdsn -b  //DD:INPUT   \
 | gpg -r key-1 --batch --output=- --decrypt=- \
 | todsn -l rdw  //DD:OUTPUT

5.4 Use a Linux server as a secure gateway to information on the Internet

In this example the Co:Z Launcher is used to run a script on a server which downloads a tab-delimited file from the Internet and converts selected fields to SQL statements which are written to a temporary MVS dataset. A second step in the job runs the DB2 batch SPUFI utility to load the data to a DB2 table.

//COZCB4  JOB (),'COZ'
//********************************************************************** 
//* STEP1: Launch a remote script to ftp download a tab-delimited 
//* text file.  Use selected columns to generate DB2 INSERT statments 
//* which are written to an MVS temporary dataset. 
//* 
//STEP1   EXEC PROC=COZPROC,ARGS='cozcb4@dmz1.myco.com' 
//STDIN   DD * 
wget -O- ftp://ftp.visi.com/users/juan/ContactingCongress.db.txt | 
awk -F "\t" -v sq="'" '{ 
  if (NR == 1)  #skip header/empty table 
    print "DELETE FROM CONGRESS;" 
  else { 
    print "INSERT INTO CONGRESS VALUES(" 
    print sq $1 sq ", " 
    print sq $2 sq ", " 
    print sq $4 sq ", " 
    print sq $5 sq ", " 
    print sq $3 sq 
    print ");" 
  } 
'} 
//STDOUT DD DSN=&&SPUFIN,DISP=(NEW,PASS),SPACE=(CYL,(2,1)), 
//       DCB=(RECFM=FB,LRECL=80) 
//********************************************************************** 
/* STEP2: Run DB2 "SPUFI" in batch to execute the insert statements 
/* to reload a DB2 table 
/* 
//STEP2    EXEC PGM=IKJEFT01,DYNAMNBR=20,COND=(0,NE) 
//SYSTSPRT DD SYSOUT=* 
//SYSPRINT DD SYSOUT=* 
//SYSTSIN  DD * 
DSN SYSTEM(DBS1) 
RUN PROGRAM(DSNTEP2) PLAN(DSNTEP71) LIB('DB2V810.RUNLIB.LOAD') 
END 
//SYSIN    DD DSN=&&SPUFIN,DISP=(OLD,DELETE) 
//

//STEP1.STDIN DD contains command input to the remote shell. The wget command is used to download a file from the internet using the ftp protocol, piping the output into the awk command.
The awk command script, running on the Linux target server, is used to reformat selected columns from the tab-delimited file into SQL INSERT commands, which are written to stdout.
//STEP1.STDOUT DD is overridden to point to a temporary MVS dataset, which is passed to STEP2.
The second step runs the DB2 batch SPUFI utility to execute the SQL, thereby loading the CONGRESS table.

In environments where the z/OS mainframe is not connected to the Internet, the target server may be deployed in a DMZ which is only accessible in one direction from the z/OS host using SSH. Only the target process started by the Co:Z launcher (and its children) have access to redirected I/O resources in the launching Co:Z job step.

This example also demonstrates how open source Linux tools (wget, awk) may be used to access and transform data for use within the z/OS environment.

Prev		Next
4. Running the Co:Z Launcher	Contents	Appendix A. Client Authentication Mechanisms

Prev		Next
4. Running the Co:Z Launcher	Home	Appendix A. Client Authentication Mechanisms

Components

Downloads

Documentation

License/Support

Co:Z Documentation :: Co:Z Launcher - User's Guide V 8.0.0