I have been playing around with the MQ REST API. It works very well. Also certificate-based authentication work out of the box.
Of course, you are doing something that MQ-fanatics might find horrific: reliable messaging over an unreliable protocol. They are somewhat right. By no means can MQ provide assured message delivery over an unreliable HTTP protocol. When using this in application, make sure you handle all error situations. For example, when you do not get an http response, you don’t know whether the message was successfully delivered or not. You application has to cater for such situations. Some call this idempotence.
Here is my small Python program that illustrates how you can use the MQ REST API.
import requests
import json
import sys
class MQWebManager:
baseapiurl = "/ibmmq/rest/v1/messaging"
def __init__(self, ep, ak, cert_file_path, key_file_path):
self.endpoint = ep
self.apikey = ak
self.cert = (cert_file_path, key_file_path)
def apideleterequest(self, qmgr, queue, msgid):
# operation = POST or DELETE
resourceurl = self.endpoint + "/ibmmq/rest/v1/messaging/qmgr/" + qmgr + "/queue/" + queue + "/message"
request_headers = {
'messageId': "'" + msgid + "'",
'Content-Type' : 'text/plain;charset=utf-8' ,
'ibm-mq-rest-csrf-token' : 'somevalue',
'correlationId' : ''
}
data = {}
response = requests.delete(resourceurl, data=data, cert=self.cert, verify=False, headers=request_headers)
return response
def apipostrequest(self, qmgr, queue):
# operation = POST or DELETE
resourceurl = self.endpoint + "/ibmmq/rest/v1/messaging/qmgr/" + qmgr + "/queue/" + queue + "/message"
request_headers = {
'Content-Type' : 'text/plain;charset=utf-8' ,
'ibm-mq-rest-csrf-token' : 'somevalue'
}
data = 'hello from apipostrequest'
print('resource url: ', resourceurl)
response = requests.post(resourceurl, data=data, cert=self.cert, verify=False, headers=request_headers)
return response
print('---------')
#cert_file_path = "/yourpath/yourcert.crt"
#key_file_path = "/yourpath/yourcert.privkey"
cert_file_path = sys.argv[1]
key_file_path = sys.argv[2]
m1 = MQWebManager("https://mqweb.yourzos.com:12345","", cert_file_path, key_file_path)
#put a message on the queue
response = m1.apipostrequest("QMGR","YOUR.Q.NAME")
print(">>>", response.status_code, response.json)
print(response.headers)
print(response)
#retrieve msgid from the message we just put there
msgid = response.headers['ibm-mq-md-messageId']
print(response.headers['ibm-mq-md-messageId'])
#delete that message we just put there
response = m1.apideleterequest("QMGR","YOUR.Q.NAME", msgid)
print(">>>", response.status_code, response.json)
print('---------')
In the previous DBAOTM article on DevOps I have introduced the traditional development process, which is often still used in a mainframe environment. In this post I will present a modern approach to development on the mainframe.
Modern development processes for the mainframe
Requirements for the development process have changed. Applications must be built faster and it must be possible to change applications more often and quicker without impacting the quality of the application. In other words, agile development is needed. The only way to address today business needs into modern agile development processes is to automate all build and deploy processes.
A set of principles can then be derived for modern mainframe develops processes.
All application artefacts are managed in the (or a) Source Code Management tool.
The build processes for all artefact are automated, and can be coherently executed.
A build can be deployed in any environment. A build has no environment or organization-specific dependencies.
The deployment process for a build is fully automated. Including the fallback procedure. The deployment process is a coherent process for all application artefacts.
These principles need to be supported by tools and processes that are (re)designed for these purposes. Of course this is not something specific to z/OS applications, but is true for any modern IT solution. But with the background I have sketched in the previous section, there is a legacy of development processes and tools to take into account and in many organizations this implies significant technical and organizational changes.
The modern SCM for z/OS
The modern SCM tool for z/OS needs to support all kinds of application artefacts. For the mainframe this means for one thing that not only traditional MVS-type artefacts must be supported, like COBOL programs, COPYBOOKS and JCL, but also Unix type artefacts like Unix scripts and configuration files in z/OS Unix directories. The tools and processes should allow for EBCDIC type artefacts to be created or the z/OS runtime environment, as well as ASCI, Unicode and binary artefacts.
Modern SCM tools that can manage z/OS artefacts, are ISPW from Compuware, RTC form IBM, and a new option nowadays is Git, or GitHub.
Build automation
The modern DevOps process automates the creation of a build. The build process takes the required versions of the application artefacts from the source code management repository and creates a coherent package of these artefacts. This package, also called the build, is deployed in a (test) environment.
The build could be deployed in any runtime environment, even outside your organizations. This principle not only enforces standardization of processes and infrastructure in your IT organization, it also allows any future deployments in yet unknown environments – for example in the Cloud.
The automated build process itself should be callable through some generic API, so it can be integrated into other automated processes when needed.
Build automation on z/OS can be accomplished with a number of tools. Some of these tools are able to handle the z/OS specific needs. IBM has two solutions: Rational build engine and Jazz build engine. Compuware has capabilities in ISPW. As it stands, all these tools still have some gaps to fill in the coverage of the different artefacts that can make up a z/OS application.
Deployment automation
The modern DevOps process for z/OS automates also the deployment of the application build. The deployment process takes all the artefacts in the build, customizes them for the specific runtime environment, for example through the application of naming conventions and runtime aspects, and deploys the artefacts on the different runtime components in an environment.
The automated deployment process itself should be callable through some generic API, so it can be integrated into other automated processes when needed.
The most important deployment tools available on the market for z/OS are IBM’s UrbanCode Deploy and XebiaLabs’ XLDeploy.
Integration in other pipelines
I have indicated above that the DevOps processes described there must be callable, to use the most generic term I can think of. Since we do not just want to automate the individual pieces of a development process, but the entire chain, this requirement is important.
Only a fully automated Development process – a CI/CD pipeline – can provide optimal speed of development. To achieve this, the integration of build and deployment with other processes like infrastructure provisioning, test data provisioning, and testing is key.
Most of the tools mentioned above have API’s or command line interfaces that allow integration with CI/CD orchestration tools like Jenkins, Ansible, and others.
Implications
The agile development process sketched here impacts the way we do other things on the mainframe as well. I will mention a few here.
Full deployments versus delta deployments
The traditional DTAP development process is based on the development of delta’s: you only deploy these things that are changed.
To facilitate agile development in z/OS environments, we need to move to a process that supports full application deployments. What the consequence of this change are is fully clear, but I am convinced the old way of working with delta’s will not give of the speed and flexibility we need today.
Other impact:
Phasing in of an application that consists of many more load modules than we have today, while remaining active, needs to be supported in the middleware tools on z/OS.
Application may need to become smaller. Traditionally applications are defined relative coarse grained on z/OS. We may need to split up applications into smaller distinguishable, more loosely coupled parts. We might need to reuse some of the microservices architecture goodies.
To facilitate agile development drastic changes in our thinking about mainframe applications is necessary, and in principle no single goodie from the past should be exempt from reconsideration.
Infrastructure provisioning
We have talked about application processes so far, but the agile DevOps process must be supported by the runtime infrastructure. In the DTAP model, runtime environments are static, defined once and gradually changed, when this was functionally needed.
In order to support rapid changes in applications, we must also allow rapid changes in infrastructure. Similar to the build and deploy processes, all infrastructure provisioning must be automated to allow flexible and instant creation and modification of infrastructure for test environments. This also means that environments must rigorously standardized. Definitions of the infrastructure making up the environment must be treated like code, and be managed in a source code management system, where it can be properly versioned.
Currently the tool support for infrastructure provisioning is very limited. As part of z/OS the tool z/OSMF is provided that allows the creation of provisioning workflows for z/OS technology-specific creation of infrastructure.
Furthermore, there is work ongoing in IBM and other vendors to extend this lower level capability and integrate this is infrastructure provisioning tools like Kubernetes and OpenShift. And also Ansible for z/OS is quickly emerging. Yet, there is still a long way to go but the first steps have been made.
In a future article I will talk a little bit more on infrastructure provisioning.
Please let me know your thoughts. Always happy to hear from you.
There are probably more ways do write a message in the system log – “Write to Operator” from a Rexx script.
This is a very straightforward one I found some time ago somewhere on the Interweb.
/* rexx */
trace r
call syscalls 'ON'
address syscall
path='/dev/console'
'open' path O_wronly 666
if retval=-1 then
do
say 'file not opened, error codes' errno errnojr
return
end
fd=retval
rec= 'This is my message text to appear in the system log.' || esc_n
'write' fd 'rec' length(rec)
if retval=-1 then
say 'record not written, error codes' errno errnojr
'close' fd
Have more solutions? Or remarks? Please let me know below.
A simple trick that is often used in more complex JCL scripts, is to submit a job from a job. z/OS has a facility for this called the Internal Reader. The name Internal Reader stems from the old days when physical devices where used to read input in punch cards. These physical devices where called (external) readers. The Internal Reader is a logical device operating functionally, but virtually, like the physical device from the old days.
In this post I will discuss a traditional view of the DevOps processes and tools for z/OS, and in the follow-on post I will discuss a somewhat futuristic view. The ideal situation for development for z/OS is work for all of us. However, significant progress has been made of the past few years to change the traditional waterfall-oriented processes and tools for development of applications on z/OS into a modern-day agile way of working.
Traditional DevOps process for development
Before we look at modern development tools for z/OS, let’s first have a look at how application development was traditionally done.
The traditional waterfall is a staged approach that is reflected in the processes and tools
The development process of applications on z/OS traditionally goes through a number of stages, typically called Development – Test – Acceptance and Production.
An application is developed in the development stage. It is unit-tested in the Development environment. When that is done the application moves to the Test stage, from which it is integration-tested in the Test environment. When all is well, the application moved to the Acceptance stage, from which it is Acceptance-tested in the Acceptance environment. Finally, for Go-Live in Production the application is moved to the Production stage, reflecting the situation in the Production environment.
What you read from the above simplified process description is that every stage in the process, also has an environment associated with it. The infrastructure setup for the development process, is very much aligned with this waterfall-oriented development process. An application version that has its source code in the Test stage, is using the Test environment to validate correct functioning.
Not only does this create obvious source code management problems with parallel development, it also creates a rigid relation between the development process and the physical infrastructure.
Deployments are incremental – the concept of a build does not exist
What is also different is the traditional development process compared to modern ideas, is that the concept of a build did not exist. A build today, is a collection of all the application artefacts that are needed to run an application in a runtime environment. To run an application you need an executable, and typically also configuration files, scripts and definitions.
On the mainframe we get an executable program through a compilation process. For a z/OS application to work, there are typically also some runtime definitions required. These are things like JCL scripts, properties files, database definitions, interface definitions, etcetera. All these artefacts together we nowadays call a build.
Most of the processes to create all the z/OS application artefacts that are needed for an application, were disparate, unique processes. Some technologies allowed for standardization of build processes for certain components, mostly for the compilation processes. But most processes were either manual, or automated with in-house created tools, using whatever technology the organization thought best at the time when the need was identified.
In summary, creating an application build as we know it today was impossible, and automation of the development process was very much limited.
Problems with the waterfall model
While the long development processes in the waterfall model existed, this DTAP approach was satisfying most of the needs of for the application development process. Quality problems with this way were definitely identified already, like dependencies on manual processes and lack of standardization. These were tackled in a haphazard manner, through custom-build processes where possible and especially through extremely rigid change processes. And while speed was a concern yet, this was more or less acceptable for the clients of the IT departments.
There are on number of tools available on z/OS that support this traditional development model. Almost all of them support the source code management process for DTAP-based development. Endevor from CA/Broadcom, ISPW from Compuware and Changeman from Microfocus are amongst the mostly used tools for mainframe SCM. IBM had a free tool SCLM but stopped supporting that some years ago. Whilst giving good support for source code management, most of the tools had limited functionality for build and deploy processes.
Just a few things on the possibilities on the MQ REST API.
With the MQ API facility you can PUT and GET messages on an MQ queue through a REST API. This capability only supports interacting with text messages. You will get the payload as a string, not as a “neat” JSON structure.
Many mainframe applications were built in an era where little integration with other applications was needed. Where integrations were needed, this was mostly done through the exchange of files. For example, for the exchange of information between organizations.
In the 1990s the dominance of the mainframe applications ended and client-server applications emerged. These new applications required more extensive and real-time integrations with existing mainframe applications. In this period many special integration tools and facilities were built to make it possible to integrate z/OS applications and new client-server applications.
In this chapter I will highlight categories of these integration tools that are available on z/OS, from screen-scraping tools to modern integrations supporting the latest REST API interfaces.
File interfaces
The mainframe was designed for batch processing. Therefore integration via files is traditionally well catered for and straightforward.
You can use multiple options to exchange files between applications on z/OS and other platforms.
Network File System
Network File System (NFS) is a common protocol that you can use to create a shared space where you can share files between applications. Although it was originally mostly used with Unix operating systems, it is now built into most other operating systems, including z/OS. NFS solutions however are usually not a preferred option due to security and availability challenges.
FTP
The File Transfer Protocol (FTP) is a common protocol to send files over a TCP/IP network to a receiving party, and it is also supported on z/OS. With FTP a script or program can be written to automatically transfer a file as part of an automated process. FTP can be made very secure with cryptographic facilities.
FTP is built into most operating systems, including z/OS.
Managed File Transfer
Managed file transfer is also a facility to send files over a network, but the “Managed” in the category means a number of additional features are added.
Managed file transfer solutions make file transfers more reliable and manageable. A number of additional operational tasks and security functions related to file exchange are automated. Managed file transfer tools provide enhanced encryption facilities, some form of strong authentications, integration with existing security repositories, handling of failed transfers with resend functionality, reporting of file transfer operations, and more extensive API’s.
On z/OS a number of managed file transfer tools are available as separate products: IBM has Connect:Direct and MQ-FTE, CA/Broadcom has Netmaster file transfer and XCOM, BMC provides Control-M and there are other less commonly known tools.
Message queueing
Message queuing is a generic manner for applications to communicate with each other in a point-to-point manner. With message queuing applications remain de-coupled, so they are less dependent on each other’s availability and response times. Applications can be running at different times and communicate over networks and systems that may be temporarily down. As we will see in the next section, when using alternative point-to-point protocols like web services, both applications and intermediate infrastructures must be available for successful application communications.
The basic notion of message queuing is that an application sends a message to a queue and another application asynchronously reads messages from that queue and (optionally) responds with another message over a queue. Besides the specific asynchronous nature of message queuing, a big advantage is that it can assure message delivery: messages will not get lost, and when the infrastructure is not available, messages remain stored until they can be delivered.
IBM’s MQSeries, or WebSphere MQ as it is called now, is a separate is one of the most well-known and robust solutions for message queuing available on z/OS.
The open API for messaging called Java Message Service (JMS) is implemented by WebSphere MQ and WebSphere Application Server on z/OS.
Applications using Message Queuing
Web services (SOAP, REST)
Web services is the modern technology that enables applications to communicate over the web protocol HTTP, the protocol we also use for browsing the web.
SOAP and REST are two different types of web services. SOAP is a bit older and exchanges XML messages. XML is more resource intensive because handling XML is a complex operation. REST is more modern and lightweight, and today’s API economy is mostly based on REST APIs.
The benefit of integration with web services is that no special infrastructure is needed for applications to integrate, apart from a capable web application server. Integrations are lightweight and can be very loosely coupled.
The downside of web service is that the HTTP protocol does not guarantee message delivery (as opposed to message queueing as we have seen above). Applications using web services have to implement their own recovery and retry mechanisms to cope with situations where connections are lost.
On z/OS today, most modern versions of application middleware on z/OS, like CICS, IMS, WebSphere Application Server, IDMS, and others support REST and SOAP interfaces.
Applications using Web Services
Enterprise Service Bus
Another form of integration can be achieved through Enterprise Service Bus tools. These tools probably give the widest variety of integration options. They can receive and send service requests over a number of different protocols. They can convert messages from and to many formats. And they can orchestrate complex message interactions between multiple applications. Enterprise Service Bus products in the market are Tibco Substation ES and IBM Integration Bus.
ESB solutions can be implemented on z/OS itself, which than often has the advantage of easier integration with the z/OS application side, but also a non-z/OS platform and integrate with z/OS agent software.
Enterprise Service Bus
Adapters
In many situations it may not be possible to refactor your old mainframe applications. The applications may not be designed properly in a layered manner, middleware technology may have limited options, skills may not be available, or the risk of a changing existing applications is too high. Or there may be other reason you do not want to touch the code.
For these situations, application adapters can help in opening up applications. In general, an adapter converts a proprietary middleware protocol like a CICS, IDMS or IMS API into a more common API or generic protocol, like a Java program, a web service or message queueing interface. Some adapters provide the option of converting a proprietary 3270 screen interface into a neat API through screen scraping.
I will highlight a number of the type of tools here.
Generic functioning of an adapter
CICS Transaction Gateway
CICS Transaction Gateway provides an API for Java and C programs to call a CICS transaction on z/OS.
CICS Transaction Gateway provides only a way to call functionality in CICS, but there is no possibility in this tool to reversely invoke an external program from CICS. CTG is only meant for external programs to call CICS.
CICS Transaction Gateway adapter
IMS Connect
IMS Connect provides a Java API through which you can invoke IMS functions form Java programs. Through IMS Connect you can access IMS transactions as well as data in IMS DB (see section Middleware for z/OS). As such it functions quite similar to CTG, although the native interfaces are of course different.
z/OS Connect
A recent product from IBM is z/OS Connect. This tool converts a REST API into one or more proprietary backend protocols, like a CICS or IMS transaction or call to Db2. Also, z/OS Connect makes it possible to call REST APIs from mainframe applications.
Thus, z/OS Connect provides a bi-directional adapter for REST API through which you expose and call RESTful APIs from existing z/OS programs in CICS, IMS, Db2, WebSphere Application Server and MQ.
z/OS Connect adapter
Screen scraping tools
You may have old legacy applications that are built as a silo, have only 3270 user interfaces and no decent program interfaces.
For this problem, screen scraping tools can be a last resort.
The integration problem of an application silo – refactoring is the ideal solution
A screen scraping tool provides the ability to simulate the interaction of a business user behind a screen, with the old application’s user interface. The screen scraper tool automates the workflow of the end-user by filling in the old application screen programmatically. With these automations such a tool can then aggregate and expose these interactions into higher level services. These higher level services can then be invoked through a modern API, such as a web service by other applications in your organization.
Integration with a screen scraping solution
The big problem with screen-scraping integrations is that you end up with more development artefacts that you need to maintain. Not only do you have the old application to maintain, but now also need to manage the screen scraping middleware and logic.
Screen-scraping should be considered a (very) temporary solution for a serious issue in your application landscape. Such a solution should be replaced by a strategic integration or new application as soon as possible.
Products like HostBridge, Rocket LegaSuite and IBM Host on Demand provide screen scraping facilities.
Legacy integration suites
There are many integration tools on the market that provide one or more of the forms of adapters that I have discussed in the above. For example, GT Software and Oracle Legacy Adapter provide functionality to bridge native z/OS interfaces including screen interfaces to and from modern applications.
Database access via JDBC, ODBC
So far, we have discussed application integration through application interactions – applications calling one another.
Applications on non-z/OS platforms alternatively can directly access data in databases on z/OS through the standard data access protocols ODBC and JDBC. All suppliers of database software for z/OS that I know provide drivers for ODBC and/or JDBC.
Integrating with JDBC and ODBC
From an architectural perspective it is not a preferred solution for integrating applications. Applications should manage their own data and access other applications’ data only through service interfaces, and follow the principle of loosely coupling for application architectures.
In this post I will discuss the programming languages you find on z/OS, and what they are generally used for.
COBOL
The COBOL programming language was invented 60 years ago to make programs portable across different computers. The language is best usable for business programs (as opposed to scientific programs).
COBOL is a language that must be compiled into executables, load modules.
Assembler is still around. In the past business applications were developed using Assembler. Nowadays you should not do that anymore. But there are still a lot of legacy assembler programs around on the mainframe.
In the old days, assembler was often used to implement tricks to achieve things that were not possible with the standard operating system, or other programming languages. This practice has created a problematic legacy of very technical programs in many mainframe application portfolios.
The modern stance is that Assembler program should be regarded as severe legacy, because it is no longer maintainable and Assembler program are a risk for operating system and middleware updates.
Furthermore, we find Assembler programs in modifications to the z/OS operating system and middleware.
z/OS offers a number of points where you can customize the behavior of the operating system. These so-called exit-points oftentimes only have interfaces in Assembler. Like application programs in Assembler, z/OS exits in Assembler are a continuity risk. Not only because nobody knows how to program Assembler anymore, but even more so because these exit points make use of interfaces that IBM may (and wishes to) change at any point in the future.
IBM is actively removing Assembler-based exit points and replacing these where needed with configuration parameters.
The bottom line is that you should remove all home-grown Assembler programs from your z/OS installation.
TEST0001 CSECT
STM 14,12,12(13)
BALR 12,0
USING *,12
ST 13,SAVE+4
LA 13,SAVE
WTO 'HELLO WORLD!'
L 13,SAVE+4
LM 14,12,12(13)
BR 14
SAVE DS 18F
END
The language invented by a team from Sun in the 1990s with the goal to develop a language that could run on any device. Support for Java on the mainframe was introduced somewhere in the beginning of the 21st century.
Java programs do not need to be compiled. They are interpreted by a special layer that must be installed in the runtime environment, called the Java Virtual Machine.
The execution is (therefore) far more inefficient than COBOL and PL/I. So inefficient that running it on the mainframe would be very expensive (see section Understanding the cost of software on z/OS, MLC and OTC). To address this IBM invented the concept of zIIP specialty engines (see section Specialty engines), which makes running Java on the mainframe actually extremely cheap.
public class HelloWorld {
public static void main(String[] args) {
// Prints "Hello, World" in the terminal window.
System.out.println("Hello, World");
}
}
JCL is the original “scripting” tool for the mainframe. It is hardly a programming language, although it has been enhanced with several features over time.
JCL looks very quirky because it was design for interpretation by punch card reader, which you can still see very clearly. The main purpose of JCL is to start a program or a sequence of programs.
Many of the quirky features of JCL have very little use in today’s z/OS programming but are maintained for compatibility reasons.
I mentioned before that there can be tens of thousands of batch jobs running on the mainframe. You should realize that mean you will easily have thousands of JCL “programs” as well to run these jobs.
Nevertheless, we could do with a more accessible, more modern alternative.
//JOBNME5 JOB AB123,PRGRMR,NOTIFY=MYUSER1,MSGLEVEL=(1,1),
// CLASS=1
//RUN EXEC PGM=COBPROG <- PROGRAM TO RUN
//* PROGRAM WAS PUT IN HERE --v
//STEPLIB DD DISP=SHR,DSN=MYUSER1.LOADLIB
//SYSPRINT DD SYSOUT=*
The story goes that the Rexx programming language was created by an IBM developer, Mike Cowlishaw, who was totally fed up with the only available language for scripting at that time, the CLIST language. In one night he is said to have developed Rexx. When he showed it to his colleges next day, they were immediately very enthusiastic.
On z/OS Rexx fulfils the same role a Unix scripts in Unix environments. It is mostly used by system administrators to automated all kinds of administration tasks.
You can run Rexx interactively under TSO/ISPF, but you can also use it in batch jobs.
Rexx is somewhat similar to PHP, I find. It has the same sort of flexibility (and drawbacks).
z/OS has a Unix part, which is complying to POSIX standards, and hence also support a command shell like any Unix flavor. With the shell scripting language you can automate all kinds of Unix processes.
Many z/OS users exploit the SAS language from the company with the same name. SAS is used for ad hoc programs and reporting, besides its analytical capabilities.
On the mainframe SAS is often used to process the measurement data that z/OS generates, and create all kinds of usage and performance reports.
The programming language Easytrieve from CA/Broadcom you also find regularly in z/OS environments. This language is used by application support staff to create ad-hoc programs, and by advanced end-users to to create business reports from application data.
There are many other languages available on z/OS. But the ones discussed here are the mainstream languages. Languages like Python and R are emerging for analytical applications, JavaScript for use in in Node.js, PHP for web applications. Rocket Software, the company that supports a ported version of Python for z/OS, also have a supported version of PHP and Perl.
