THE VALUE OF TOOLS, NEW AND OLD - PART 1 (c) Copyright 2019 by Sam Golob. All rights reserved. INTRODUCTION - GETTING THE JOB DONE Our job involves keeping a z/OS installation running well. Usually we do this for a large business or institution or government agency which depends on this computer system to run the company's operation. Downtime means a disaster to some degree, small or large. Downtime almost always involves a considerable loss of money for the installation. The computer system is the pulse of the business, and its "money maker". Therefore, we have a big responsibility. If there is a problem, we have to get it fixed. If there is a system upgrade, we have to do it flawlessly. Glitches happen, but we are required to be the "geniuses" that "head them off at the pass". In other words, if there are problems, we have to get to the bottom of the situation as fast as possible, and FIX THEM. IBM gives us a lot of tools, but they are limited. At bottom, IBM (as big as they are) is a software house. Their programmers have to be paid, and therefore scheduled, and the work planned out. They can't code anything they want, or take as much time as they want. As a result, IBM tools will often "cover the ground", but frequntly not quite as well as we'd like. Therefore, systems programmers have written their own tools for as long as we can remember. Let's explore a few of these tools, that may be new to you, and maybe not. TYPES OR CLASSES OF TOOLS, AND WHERE DO WE GET THEM? Many of the tools that we need in our work, have to do with finding out what is happening in the operating system, as it is in the midst of working. A good example of such a tool is the SHOWzOS TSO command, (in CBT File 492. See later in this article about the CBT collection of tools.) Another class of tools, has to do with finding out what kind of data we are looking at, whether it be (1) system data, or (2) application data, or (3) data in computer storage. We then get to the difference between "looking at data", and "changing data". Some of our tools will first look at the data, and then, when we see the data, we may decide to change some of it. When a tool can change data, it might need more authority. We'll discuss this later in the article, where we explain what the concept of "APF-authorized" means. Certain tools have been designed only to look at the data, but once we find out what's there, we can start doing something appropriate, because we now have a better idea what is really going on. We may not need to change the data. In that case we only need to find out what data is there. I'll digress a bit about where to get tools. When there is a need, we try to either find a tool, or write a tool. It is easier (usually) to find a ready-made tool, which already does the job we want to do, than to write the appropriate tool yourself. But we try and do both, and we let the other people (in the case of a free tool) use the tool for themselves as well. This makes everybody's job easier. Some shops, which are more "wealthy", will buy vendor-supplied tools besides those written or supplied by IBM. Other shops, which don't have as much money to invest, have to scrounge for tools, and they have to try to find them or write them for themselves. Whatever the shop, if they have access to "free tools" that don't require licensing, then they can ALWAYS run the free tools, as well as the vendor-supplied tools or IBM's tools. But "rich shop" or "poor shop", the free tools will work there. So if you know how to use free tools, you will have a considerable skill advantage wherever you work. So where do we find free tools? A great repository of free tools can be found in the CBT Tools collection at www.cbttape.org. There are thousands of tools there, all written by people with specific needs, which have solved the problems for them. With proper application, they can solve the problems for you too. And you can download anything there for free. (There is a "Disclaimer Section" on the web site.) My teacher Jeff Broido taught me many years ago, to try and take a half hour each working day, to learn something new. The knowledge thus acquired over time, will help your both shop, and you yourself, to handle future problem situations that will come up later. I've done it, and it is good advice. Often, I use that "learning time" to search around the CBT tool collection to try and find tools which I can use to make my life easier later. "LOOKING" TOOLS OR "CHANGING" TOOLS I'll give you a few examples of tools that either look at data, or they can change data. Some tools can do both. Others can only "look", but not "change". The borderlines between these two classes are fuzzy. I'll show you how and why. First (for simplicity), consider a program that can read magnetic tapes. Magnetic tapes are "linear" in nature, or one-dimensional. To put it differently, all their data lies in a straight line. There is a beginning of a tape, an end of a tape, and everything in between. You read the data either "forward" (normally) or "backward", but there is no such thing as sideways. All of the tape data can be pictured as lying on one line. We will now shou you what it means to "read a tape". To illustrate the point better, let's assume that we are giving the program the power to read tape labels as well as tape data, so we will invoke the program with DD tape JCL as LABEL=(,BLP) (which means "Bypass Label Processing"). This makes the program able to consider the tape labels as purely data, and then we can get a truer picture of what is really on the tape. Now to start. The program will OPEN the tape file, and start to read the blocks of data, usually into a buffer in storage, one block at at time. So when that block of data is in storage, you have access to it, and you can do anything you want to do, with it. You have a choice as to what you will want to do next. To merely COPY the tape, all you have to do is to write the contents of that buffer to another tape, and then re-do the process of reading a block of data and copying it, one block at a time, until you get to the end of the volume. When you encounter a "tape mark", which constitutes a boundary betwen tape files, you write a tape mark to the copied tape at that point. You continue this cycle until you encounter the end of the input tape, or possibly you can also stop this process at some time in the middle, perhaps after reading a certain number of tape files. Or you can skip some files after reading them, and copy some of the following files from the middle of the tape, leaving out the ones at the beginning. To MAP the contents of the tape, you can report on the data that is in the buffer. If it is a label, you can report on the contents of the label. If it is a data block, then you can measure the data, or print it out, or even change it in place. With tapes, if you want to change any data, it is probably best to make a duplicate copy of the tape with the changed data, rather than to alter the original tape itself, which usually isn't too safe. So you see the flexibility. With tape programs, you can either MAP the tape, to see what is on it, or COPY the tape to make a duplicate, or alter the contents of the tape in some other way, doing the alteration in the process of making a copy, so that only the copied tape is altered. You can also collect statistics about the tape files, or do something else. You are only limited by your imagination. You can either make one program to do it all, or you can make several programs, each one of which performs part of the process. There are at least eight different tape copying or tape mapping programs on the CBT Tape. Examples are: TAPEMAP from File 299, COPYMODS from File 229, or the COPYFILE family of programs from File 316, including COPYSLNL and COPYNLNL. So much for tapes. Now let's consider looking at disk data. Disk data is specialized. It can be of many formats. For example, if you have a load library, that, of course, is on disk. But the layout of the data, being executable programs, has a specialized structure. What I am considering now, is to just look at RAW disk data. And to do so, we have an excellent tool, the source code of which is on File 134 of the CBT Tape, and which is called "Fullscreen ZAP". Incidentally, Fullscreen ZAP is also an excellent tool for looking at load modules, but right now I want to emphasize its ability to look at raw disk data as well. Fullscreen ZAP is a TSO command which shows a full screen (208 bytes) of data at a time, anywhere on a disk. Under many circumstances, Fullscreen ZAP does not even need to be run APF-authorized, but to see ANY data, ANYWHERE on a disk pack, it needs to be authorized. Fullscreen ZAP can also CHANGE any data on a disk, (doing it in place, up to 8 characters at a time). The advantage of Fullscreen ZAP over an IBM program like MVS DITTO (great to have if you are licensed for it), is that with Fullscreen ZAP, you can look at a large bunch of surrounding data, next to the data you want to see, or change. And you can do it in real time. It's nice to have Fullscreen ZAP in your pocket, and to know how to use it. Fullscreen ZAP has a complete tutorial, accessible through PF1, which tells you how to use all of its subcommands. It pays to take the time to learn it well. You can even disassemble small parts of load modules with it, in the vicinity where you are looking. What about data in virtual storage? We have a marvelous command, named LOOK (CBT File 264), to look at virtual storage in any address space (LOOK goes cross-memory by scheduling an SRB). LOOK was recently enhanced to be able to see 64-bit storage as well. LOOK can "look at storage" but cannot change it. I use LOOK when I am programming, to actually "see" the data that is in the system. I can also use LOOK when I am debugging a program with TEST, to go cross memory into the address space running TEST, and to survey storage that is in that address space. (TEST and TESTAUTH stop the action in that address space, at a breakpoint, and then I can leisurely use LOOK to peek and search around over there). LOOK is an amazing tool. Besides being able to see raw storage with it, you can easily format the data you are looking at, if it is within a known control block. And when you assemble LOOK, you can even customize which control blocks you want LOOK to be able to format. Since this article is only an overview, and I don't have time here to talk about LOOK in depth, I would recommend that you go to CBT File 264 or CBT File 035 (to get a load module for LOOK, to try out) and experiment with it yourself. You'll be super-glad that you did. AUTHORIZING YOUR TOOLS, IF AUTHORIZATION IS NEEDED Here's a situation where you should check with your management. Once you authorize a tool with APF-authorization, it can potentially "do anything" on the system, although there may be some other safeguards there. Nevertheless, APF-authorization is not generally something that application programmers should have, and if you are a systems programmer, you need to be "responsible" and you need to know what you are doing. Don't risk any "production data" unless you are absolutely sure, and if you're a "junior person", you should have a "senior person" watching you. The company's money (read "big bucks") is at stake, and you don't want them to lose any of it. They pay your salary to keep the system up and running "healthy". Now that this disclaimer is over with (and you'd better take it seriously), we can get down to the nitty-gritty. I'm assuming you're doing this on a "test system". In order for a program (or TSO command) to run with APF-authorization, it needs several prerequisites. First, it needs to be linkedited with the option: SETCODE AC(1). This is actually a setting in the pds directory entry for the load module, at X'27' (field PDSAPFAC), and the value has to be X'01'. If the program was not linkedited this way, you can always throw the bit on, using the PDS command (CBT File 182), using subcommand: ATTRIB modname AUTH. Next, the program (or TSO command), has to be executed (fetched) from an APF-authorized library, or an APF-authorized concatenation of libraries. If one library in a concatenation (say a STEPLIB concatenation or a TSOLIB) is not authorized, then the entire concatenation is not authorized, even if ALL the OTHER libraries there ARE authorized. For a load library or a PDSE containing program objects to be APF-authorized, it must either be in the LINKLIST, when LNKAUTH=LNKLST is set in the IEASYSxx member of PARMLIB. Or it must be in the system authorization table of libraries (called the APF list), which is created from the APF ADD portion of the PROGxx PARMLIB member. Each entry of APF ADD, which adds a library into the APF list, and makes its programs eligible to be run APF-authorized, must specify two things: the library name, and the volser of the disk pack that the library is on. It does not matter that the library is cataloged to its pack. For the APF list to be in effect for the library, its volser must be explicitly stated. If you want to add a library to the APF list dynamically, you can enter a console command: SETPROG APF,ADD,DSN=dataset.name,VOLSER=volser There is one more prerequisite for APF-authorization if you are either executing the program or TSO command under TSO (including TSO-in-batch) and not in a batch job. In the case of running authorized programs (e.g. via CALL) under TSO, or running a TSO command processor, which is intended to be APF authorized, you must include the program name (exactly) in the proper special name table. To be straightforward, there are three separate tables which are defined in a the PARMLIB member called IKJTSOxx. Three possible name lists can be used to authorize load modules in the IKJTSOxx PARMLIB member. The first category is the AUTHCMD entry, which specifies all of the TSO command names which are allowed to run APF-authorized in your session. The second category is the AUTHPGM entry, which contains the names of all programs called from TSO, which are to be run APF-authorized. Finally there is the AUTHTSF list, which contains the names of a few programs that need the TSO/E service facility (TSF) to gain authorization, because they may need (for example) too many parameters for a normal CALL to handle. IBM says that you should not put program names in the AUTHTSF list unless they absolutely need to be there. The IKJTSOxx PARMLIB member can be updated in your LPAR, by the console commeand: SET IKJTSO=xx The APF list can be dynamically updated by entering the console command: SET PROG=(xx,yy,zz,...) With that done, we can now refer you to CBT File 185 for more fine points about getting APF-authorization under TSO for your lists of programs and TSO commands. And with that, we bid you adieu, goodbye, and auf wiedersehen, etc. till next time. Best of everything to all of you...........