This step describes the procedures for generating a CP nucleus. If you are installing a new release of CA ACF2 for z/VM, be sure to reassemble your CA ACF2 for z/VM CP exits before generating your nucleus.
Step 4 is starting. Generate the CP nucleus, perform the first IPL with CA ACF2 for z/VM, and update VMO records. Do this under a second‑level CP. Note: The CMS that you will use under this IPL can not have any intercepts from a previous CA ACF2 for z/VM release. For more detailed information, reply "?". You should also refer to Chapter 4 of the "CA ACF2 for z/VM Security for VM Installation Guide" for more information. Reply "?" , "EXIT" or "COMPLETE". Reply "COMPLETE" after you have completed the required tasks.
If you respond to this question with ?, you see the following information:
Step 4 tells you to generate the CP nucleus, do the first IPL of the CP nucleus with CA ACF2 for z/VM installed, and update VMO records. This step tests the correct installation of CA ACF2 for z/VM CP code. If a previous release of CA ACF2 for z/VM is protecting your CMS, you cannot IPL CP at this time (you cannot run CMS). You must remove all of the CA ACF2 for z/VM CMS intercepts from that CMS and generate a a non‑CA‑ACF2 protected CMS, or skip this IPL (reply "COMPLETE") and generate a new CMS protected by this CA ACF2 for z/VM release. Complete the following tasks before continuing with this exec. 1. You can copy CP code needed to generate CP to a minidisk other than the CA ACF2 for z/VM source disk. This task is entirely optional and most sites do not need to do it. If you choose to do this, enter "ACF2COPY CPCODE fm", where fm is the filemode of the target disk. ACF2COPY use the CPCODE ACFCOPY file to determine which files are copied. You can review and customize this file before running the exec. 2. Generate the CP nucleus using the CAXABLD EXEC. If you did not perform task 1, be sure that the CA ACF2 for z/VM source and local options disks are accessed during this generation. 3. Examine the CP nucleus map created by task 2. Look at the bottom of the map for unresolved forward references. There should be no new undefined references. Be sure that all of the CA ACF2 for z/VM modules are included. 4. A. IPL your system with the NOAUTO CA ACF2 for z/VM option. Issue the "ACFSERVE ENABLE NOAUTO UPDATES" command to start the service machine to allow updates. Note that only the user that issues this command can actually use the ACF command to update the CA ACF2 for z/VM databases in NOAUTO mode. B. If this is the first time you are installing CA ACF2 for z/VM or migrating from a release earlier than 3.1, review all of the VMO record options to determine the settings that you should use. C. Perform additional checks for the following field values. The default settings have a potentially negative impact on your system: OPTS ACCTVLD(FULL) OPTS MODE(ABORT) OPTS IUCVVLD OPTS VMCFVLD OPTS DSPVLD CMDLIM MODE(ABORT) DIAGLIM MODE(ABORT) D. Make the necessary changes to the VMO records. Refer to the "CA ACF2 for z/VM Security for VM Installation Guide" for details. E. Ensure that any access rules, command models, and command limiting rules required for testing based on the selected VMO setting are in place before continuing.
F. Refer to the section titled "Final Installation Tasks" in the "CA ACF2 for z/VM Security for VM Installation Guide" G. After you finish the preceeding steps, issue the "ACFSERVE DISABLE NOAUTO UPDATES" command to shutdown the service machine. H. IPL the system and test the CP nucleus. 5. If you see no problem, continue with the installation. Refer to the "CA ACF2 for z/VM Security for VM Installation Guide" for more details. When you finish the above tasks, issue the "ACF2TASK RESTART" command and restart with this step (step 4). Then reply "COMPLETE" to this step's prompt. Press ENTER when you are finished reading:
This is a manual step you must perform outside of the exec. When the following manual procedures instruct you to invoke the CAXABLD EXEC, the intention for most sites is that the CAXABLD command replaces the VMFBLD command in your existing system generation procedures.
You can update the copy book containing the ACFCPMST macros (referenced in HCPAF0), rebuild the ACF2USER MACLIB, reassemble HCPAF0, and generate a CP nucleus to alter CA ACF2 for z/VM messages at any time. As a time saving measure, modify CA ACF2 for z/VM messages now. For details, see the “Installation Options”.
For the test system, enter
VMFSETUP ppfname CPTEST
For the production system, enter
VMFSETUP ppfname CP
Is your PPF file, usually ACFZnnn, where nnn is the version and release of z/VM.
For the test system, if you use:
VMFBLD PPF ppfname CPTEST CPLOAD (ALL
You should now enter:
CAXABLD ACFCP VMFBLD PPF ACFZnnn CPTEST CPLOAD (ALL
where nnn is the version and release of z/VM
For the production system, if you use:
VMFBLD PPF ppfname CP CPLOAD (ALL
You should now enter:
CAXABLD ACFCP VMFBLD PPF ACFZnnn CP CPLOAD (ALL
where nnn is the version and release of z/VM
Note: Your installation may have a CP Nucleus building EXEC that contains the VMFBLD command that actually builds the CP nucleus. In this case, your installation's EXEC should be changed to use the CAXABLD command instead of the VMFBLD command.
If you did not select the upper case language support, you will see two undefined references: HCPAL0 and HCPAL0MT. These are normal. When you comment out or delete the LANG= parameter of VMXAOPTS, you should also delete the UCENG definition in CAXALOAD. This eliminates the undefined reference to HCPAL0.
Review the CAXALOAD Summary Log for CP that contains information reflecting the new references the CAXALOAD control file changed. This log is in the CAXALOAD SUMMARY A1 file. Rename this file so future nucleus generations do not erase the old file to create another with the same name.
Follow whatever normal procedures your installation uses to move the newly generated CP nucleus MODULE file to its normal IPL location.
If you are refreshing CA ACF2 for z/VM with a new genlevel, skip to Step 14.
ACFSERVE ENABLE NOAUTO UPDATES
Note: Only the user that issues this command can actually use the ACF command to update the CA ACF2 for z/VM databases in NOAUTO mode.
OPTS ACCTVLD(FULL) OPTS DSPVLD OPTS IUCVVLD OPTS MODE(ABORT) OPTS VMCFVLD CMDLIM MODE(ABORT) DIAGLIM MODE(ABORT)
ACFSERVE DISABLE NOAUTO UPDATES
CONSOLE 009 3215 T OPERATOR
ACFpgm000R Enter CA‑ACF2 startup options or press enter
The following startup options are also available:
Specifies the group names of the CA ACF2 for z/VM databases used. The ACFFDR @DDSN macro specifies these group names. DDSN(group‑name) starts CA ACF2 for z/VM up using an alternate set of CA ACF2 for z/VM databases during recovery, if necessary.
Starts the VM system in FORCE mode without activating CA ACF2 for z/VM. When running in FORCE mode, only users defined in both FORCEID and NOAUTO operands of the VMXAOPTS macro can log on. CA ACF2 for z/VM does not perform validations. Specifying NOAUTO implies NODBSYNC.
Service machine autologs normally. However, CA ACF2 for z/VM deactivates the automatic database backup facility. You must also set TIME=(0000) in the VMO BACKUP record.
Prevents the automatic start of the Database Synchronization Component (DSC). You can use the ACFSERVE ENABLE SYNC command later to start the DSC. Specifying NOAUTO implies NODBSYNC.
CA ACF2 for z/VM autologs the CA‑ACF2 service machine normally when you press Enter.
Shuts down the VM system.
Specifies the system ID of the VMO records that are loaded and processed at IPL time. The SYSID you enter overrides the @SYSID macro setting specified in the ACFFDR.
The system displays the following message at the VM operator console when the CA‑ACF2 service machine begins its initialization process:
[hh:mm:ss] AUTO LOGON *** ACF2VM USERS = 2 BY SYSTEM
The CA‑ACF2 service machine autologs whenever the first user logs onto the system.
Step 4 is complete.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|