Complex deployment with multiple z/OSMF with the HA setup with at least two LPARs.
search cancel

Complex deployment with multiple z/OSMF with the HA setup with at least two LPARs.

book

Article ID: 378548

calendar_today

Updated On:

Products

Brightside

Issue/Introduction

How to deploy multiple Zowe and z/OSMF with the HA setup on several LPARs.

Environment

Brightside
Zowe
z/OSMF

Resolution

Complex deployment with multiple z/OSMF with the HA setup with at least two LPARs.


1 - Authentication provider


1.1 - SAF as Authentication Provider

In this setup scenario, the JWT token issued by the API Mediation Layer in response the call to login endpoint is generated and signed by the certificate and key that is setup for the API Mediation Layer. The limitation is that API Mediation Layer needs to read the key to sign the tokens. Given the limitation with respect to the Hardware stored ICSF Keyrings, either these aren't used or the key needs to be exported.

components:
    gateway:
        security:
            auth:
                provider: saf

1.2 - z/OSMF as Authentication Provider

In this setup scenario, the JWT token issued by the API Mediation Layer in response the call to login endpoint is generated by the z/OSMF instance. The limitation is that the availability of the API Mediation Layer is linked to the availability of the z/OSMF used for authentication.

components:
    gateway:
        security:
            auth:
                provider: zosmf
                zosmfServiceId: ibmzosmf

In this case the HA setup should have the same level of HA on z/OSMF setup as for the API Mediation Layer.

2 - Setup of multiple z/OSMF

The assumption in this is that there are multiple IBM z/OSMF onboarded to the API Mediation Layer.

  • z/OSMF used for DevOps pipelines
  • z/OSMF used for integration with ServiceNow
  • z/OSMF used for authentication (Optional)

a) Example of call to a specific one LPAR with purple instance for authentication and blue HA instance for Service Now integration





b) Example of a calls to the HA setup with two Zowe and two instances of z/OSMF for service now on one LPAR and two z/OSMF for authentication in HA setup across the two LPARs




2.1 - The IBM z/OSMF for authentication purposes (Optional)

This is generated by default and put into workspace directory.

services:
    - serviceId: ibmzosmf
      title: IBM z/OSMF
      description: 'IBM z/OS Management Facility REST API service. Once configured you can access z/OSMF via the API gateway: https://${ZOWE_EXPLORER_HOST}:${GATEWAY_PORT}/ibmzosmf/api/v1/info'
      catalogUiTileId: zosmf
      instanceBaseUrls:
        - ${ZWE_zOSMF_scheme:-https}://${ZOSMF_HOST}:${ZOSMF_PORT}/
      homePageRelativeUrl# Home page is at the same URL
      routedServices:
        - gatewayUrl: api/v1
          serviceRelativeUrl:
      authentication:
          scheme: zosmf
      apiInfo:
        - apiId: ibm.zosmf
          gatewayUrl: api/v1
          documentationUrl: https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.4.0/com.ibm.zos.v2r4.izua700/IZUHPINFO_RESTServices.htm
          swaggerUrl: ${ZWE_zOSMF_scheme:-https}://${ZOSMF_HOST}:${ZOSMF_PORT}/zosmf/api/docs
      customMetadata:
          apiml:
              enableUrlEncodedCharacters: true
              headersToIgnore: Origin
catalogUiTiles:
    zosmf:
        title: z/OSMF services
        description: IBM z/OS Management Facility REST services

2.2 - The IBM z/OSMF for other purposes than authentication

It's possible to use static onboarding to onboard multiple different instances of z/OSMF. The example below adds another service accessible through https://gatewayUrl:7554/ibmservicenowzosmf/api/v1/

services:
    - serviceId: ibmservicenowzosmf
      title: IBM z/OSMF
      description: 'IBM z/OS Management Facility REST API service. Once configured you can access z/OSMF via the API gateway: https://${ZOWE_EXPLORER_HOST}:${GATEWAY_PORT}/ibmzosmf/api/v1/info'
      catalogUiTileId: zosmf
      instanceBaseUrls:
        - ${ZWE_zOSMF_scheme:-https}://${ZOSMF_HOST}:${ZOSMF_PORT}/
      homePageRelativeUrl# Home page is at the same URL
      routedServices:
        - gatewayUrl: api/v1
          serviceRelativeUrl:
      authentication:
          scheme: httpBasicPassTicket
          applId: IZUDFLT
      apiInfo:
        - apiId: ibm.zosmf
          gatewayUrl: api/v1
          documentationUrl: https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.4.0/com.ibm.zos.v2r4.izua700/IZUHPINFO_RESTServices.htm
          swaggerUrl: ${ZWE_zOSMF_scheme:-https}://${ZOSMF_HOST}:${ZOSMF_PORT}/zosmf/api/docs
      customMetadata:
          apiml:
              enableUrlEncodedCharacters: true
              headersToIgnore: Origin
catalogUiTiles:
  zosmf:
    title: z/OSMF services
    description: IBM z/OS Management Facility REST services

Additional Information

For further details about this subject, see chapter  "Add a definition in the API Mediation Layer in the Zowe runtime"  

Powered by Wolken Software