Cybersecurity
DevOps Cloud (ADM)
IT Operations Cloud
zowe 2 introduces a major change to the way profiles are now created.
Gone are the individual profiles for each subsystem. Also gone now is the need to saved userids and password in clear text in those profiles which was clearly a security issue. Now, credentials are saved in the operating systems secure credential storage. As a result, the old zowe supplied secure credentials storage' plugin is no longer required.
To get a better understanding of zowe 2 profiles, please refer to this Medium blog post - Zowe CLI — Getting Started, Made Easy!
zowe 2 profiles are stored in a zowe.config.json file that resides in the <homedir>/.zowe/ folder..Also stored along with the profile is a zowe.schema.json file. (This file should never be changed).
zowe 2 profiles no longer contain any user identifiable information. This allows an admin to create a zowe.config.json profile file and distribute that file to users who then do not need to know any particular settings. Instead, the user simply enters the zowe command to be prompted to enter the secure credentials.
Once a profile is created, for use in the ZMF plugin for zowe cli, the same profile can then be automatically used by the ZMF Explorer. However there are further options available for the ZMF Explorer user which will be detailed in a separate blog post.
To give the user a start in creating a profile, Here are some simple examples with specific emphasis on the ZMF aspects of the zowe.config,json contents.
A simple example showing 3 ZMF systems where each utilizes the same userid and password..
This example has been condensed to only contain the ZMF specific information. Notice that information that is common to the 3 ZMF systems is specified in the default section. It could however have been specified in each individual ZMF entry if preferred. Also note the presence of the secure property to define the userid and password.
{ "$schema": "./zowe.schema.json", "profiles": { "zmf1": { "type": "zmf", "properties": { "basePath": "/zmfrest", "port": 9992 } }, "zmf2": { "type": "zmf", "properties": { "basePath": "/u820dp", "port": 9992 } }, "zmf3": { "type": "zmf", "properties": { "basePath": "/u830all", "port": 9992 } }, "default": { "type": "base", "properties": { "host": "d001.microfocus.com", "rejectUnauthorized": false, "protocol": "https", "jobcard01": "//ZOWEJOB JOB (0),'ZMFCLI',CLASS=A,MSGCLASS=X", "jobcard02": "// MSGLEVEL=(1,1),NOTIFY=&SYSUID,REGION=0M", "jobcard03": "//*", "jobcard04": "//*" }, "secure": [ "user", "password" ] } }, "defaults": { "zmf": "zmf1", "base": "default" }, "autoStore": true }
Here is an example showing 3 ZMF systems on one LPAR that share common attributes and another ZMF system on a separate LPAR with its own set of attributes. Notice that a new "profiles" level has been added for the LPAR with the 3 ZMF systems below. The common attributes are specified at the LPAR level. Then separately is a single LPAR with its own credentials.
{ "$schema": "./zowe.schema.json", "profiles": { "d001": { "profiles": { "zmf1": { "type": "zmf", "properties": { "basePath": "/zmfrest", "port": 9992 } }, "zmf2": { "type": "zmf", "properties": { "basePath": "/u820dp", "port": 9992 } }, "zmf3": { "type": "zmf", "properties": { "basePath": "/u830all", "port": 9992 } } }, "secure": [ "user", "password" ], "properties": { "jobcard01": "//ZOWEJOB JOB (0),'ZMFCLI',CLASS=A,MSGCLASS=X", "jobcard02": "// MSGLEVEL=(1,1),NOTIFY=&SYSUID,REGION=0M", "jobcard03": "//*", "jobcard04": "//*" } }, "d002": { "profiles": { "git": { "type": "zmf", "properties": { "host": "csimvs.microfocus.com", "basePath": "/zmfrest", "port": 8181, "protocol": "http" }, "secure": [ "user", "password" ] } } }, "default": { "type": "base", "properties": { "host": "d001.microfocus.com", "rejectUnauthorized": false, "protocol": "https" } } }, "defaults": { "zmf": "d001.zmf1", "base": "default" }, "autoStore": true }
These examples are not meant to be exhaustive but rather give some indication off how they might be used.
Due to the potential complex nature of how profiles may be created, the recommendation is to keep them as simple as possible.
Finally if you wish, you can delete the zowe entry from your operating systems Credential Manager and start over. You may want to to do this if you made significant changes to the profile as entries are stored in the Credential Manager in the hierarchy of the JSON structure itself.