Defining HTTP connection options
This section describes the HTTPOPTS initialization statement.
- The hostname and port of the agent
- The hostname and port of the connecting counterpart
- SSL security options
HTTPOPTS
Parameters
- CONNTIMEOUT = (timeout interval|15)
- The number of seconds that an HTTP connection waits before a timeout occurs. Valid values are from 1 to 10000. The default is 15 seconds.
- ENABLEFIPS(NO|YES)
- Indicates whether the SSL
communication must comply with FIPS standards. Specify YES to have a FIPS compliant SSL
communication. This keyword is ignored if the SSL communication is not enabled. The default is NO.
For more information about the FIPS compliance, see the section about activating support for FIPS standard over SSL secured connections in HCL Workload Scheduler for Z: Planning and Installation.
- GATEWAY(NONE|REMOTE)
-
Specifies whether to configure a gateway to communicate with the dynamic workload broker or not. Specify REMOTE if the agent for z/OS communicates through a gateway. If you use REMOTE, the TDWBHOSTNAME and the TDWBPORT contain the address and the port of the gateway to which you are connecting. The default value is none, no gateway is configured.
- HOSTNAME = (hostname | IP address)
- The local host name or IP address of the agent for z/OS used to communicate with dynamic workload broker or gateway. It can be up to 52 alphanumeric characters. The host name or IP address can be in IPV4 or IPV6 format. Enclose this value in single quotation marks. The default is the IP address returned by TCP/IP.
- JLOGTHREADNUM = (number of threads|1)
- The number of threads used by the HTTP server task to manage the requests concerning the job log. Valid values are from 1 to 100. The default is 1.
- PORTNUMBER = (port|31114)
- The port number on the agent for z/OS used to communicate with dynamic workload broker or gateway. Valid values range from 0 to 65535. The default is 31114.
- SSL = (Yes|No)
- Specifies if SSL is configured on PORTNUMBER to protect inbound
requests. Set to
Yes
if you are using SSL to protect the agent for z/OS port. Set toNo
otherwise. The default isNo
. If SSL is on, theSSLKEYRING
parameter is mandatory. - SSLAUTHMODE = (STRING|CAONLY)
- The SSL authentication type. Valid values are:
- CAONLY
- The scheduler checks the validity of the certificate by verifying that a recognized Certification Authority has issued the peer certificate. The information contained in the certificate is not checked.
- STRING
- The scheduler checks the validity of the certificate as described
in the CAONLY option. It also verifies that the Common Name (CN) of
the Certificate Subject matches the string specified in the
SSLAUTHSTRING
parameter.
CAONLY
. - SSLAUTHSTRING = (SSL string|tws)
- The SSL string used to verify the validity of the certificate
when you set
SSLAUTHMODE
toSTRING
. The string can be up to 64 characters. The default istws
. - SSLKEYRING = (SSL key ring database filename)
If
SSLKEYRINGTYPE
isSAF
(System Authorization Facility), this parameter specifies theSAF
key ring used to connect the security certificates.IfSSLKEYRINGTYPE
isUSS
(Unix System Services), this parameter specifies the database containing keys and certificates. It consists of an SSL working directory name and file name, in the format:SSLworkdir/TWS.kbd
The parameter is case-sensitive.
- SSLKEYRINGPSW = (SSL key ring password filename)
- This parameter is required when you run SSL security and
SSLKEYRINGTYPE
isUSS
. It specifies the file containing the key password. It consists of an SSL working directory name and file name, in the format:SSLworkdir/TWS.sth
Failure to provide an existing and correct filename results in an error message and prevents the agent from starting. The parameter is case-sensitive.
- SSLKEYRINGTYPE = (USS | SAF)
- Specifies if the key ring file is a key database
USS
file or aSAF
key ring. If the type is SAF, you can use the RACF® command to manage SSL connections.Important: If the type is USS, you must provide an SSL key ring password filename for SSLKEYRINGPSW. Failure to do this will prevent the agent from starting. - SRVTHREADNUM = (number of threads|10)
- The number of threads that can be used by the HTTP server task to process more requests sent by dynamic workload broker at the same time. Valid values range from 2 to 100. The default is 10.
- TCPIPJOBNAME = (TCPIP started task|TCPIP)
- The name of the TCPIP started task running on the z/OS® system. The default name is
TCPIP
. - TCPIPTIMEOUT = (TCPIP timeout interval|300)
- The number of seconds that an HTTP request waits for response before a timeout occurs. Valid values are from 1 to 10000. the default is 300.
- TDWBHOSTNAME = (dynamic workload broker or Dynamic Agent Gateway host name|dynamic workload broker or Dynamic Agent Gateway IP address|'000.000.000.000')
- The local host name or IP address of the dynamic workload broker or gateway to which the agent for z/OS is to establish an HTTP connection. It can be up to 52 alphanumeric characters. The host name or IP address can be in IPV4 or IPV6 format. Enclose this value in single quotation marks. The parameter is mandatory.
- TDWBPORTNUMBER = (port|31115|31116)
- The port number of the dynamic workload broker/Dynamic Agent Gateway to which the agent for z/OS is to establish the HTTP connection. Defaults are 31115 for non-SSL connections and 31116 for SSL connections.
- TDWBSSL = (Yes|No)
- Specifies if the dynamic workload broker or gateway
port defined by TDWBPORTNUMBER is protected by SSL. The default is
Yes
.