I would like to write a health check for z/OS but am unclear on where to begin. Any advice, examples, or direction available?
Also, is it possible to write a Health Check in Unix System Services?
Write a simple REXX exec as follows:
/* REXX Health checker */
say 'Health check passed. System working.'
and then execute the EXEC. If you can't execute it or the if the message doesn't get printed, then the system is not working.
But seriously - exactly which part of z/OS are you health-checking? You want to know if the whole system is down or just parts of it? Which parts - CICS, MQ, DB2, IMS etc. Are batch jobs queuing? Are CICS transactions running too slowly? Are your MQ queue depths too large/small?
This is not a yes/no question. There are literally (and I mean literally in its literal sense) 1,000s of metrics and performance figures you can validate on a z/OS system - it's not a toy which is either up or down.
If you read this: IBM Health checker for z/Os Users' Guide you'll get some idea of what's involved.
Lots of people have been down this route before. Look up information on CA-Sysview, BMC Mainview, IBM's Omegamon - these are all very mature system monitors.
I suspect that you are looking at the mainframe as a remote system, and you want to know if it is 'up' i.e. if it will respond to whatever request you are making of it. Can you explain what you want it to do for you and then we might be able to devise a health check for your purpose.
So, first, start with IBM Health Check for z/OS User's Guide. It will point you to some samples in SYS1.SAMPLIB you can use as a base. Specifically, start here.
As to your question about writing a Health Check under Unix System Services, it depends on what you want to do. Purely under USS, no. In order to have a Health Check, you need to register with the Health Check address space, and report status to it in a specific way. So the Health Check needs to be written in Metal C, assembler, or System REXX. (I'd recommend System REXX unless you're fluent in Metal C or assembler.) And you'll need a z/OS system programmer to install the check to a system library.
However, as documented in the System REXX reference, you can invoke USS services from with System REXX, and I believe Metal C and assembler as well, so depending on what you're trying to do, you may be able to write the Health Check you're trying to write.
Jade, I saw your question and I found this publication online that outlines using REXX to run a Health Check. It's not USS but I hope it may be useful to you.
http://ibmsystemsmag.com/mainframe/administrator/systemsmanagement/health_check_rexx/
Related
I'm currently building a CodingGame like platform for a school project and I wondered how I could handle user script validation.
The goal is to have multiple exercises to solve with an expected response.
For example, there's an error to correct in the exercise and when corrected it should output "hello".
I don't want users to actually do "console.log('hello')" in the IDE on the website if possible :)
The most difficult part is that i don't know how to do execute the actual script given (sent as text to the API).
I just want to start with NodeJS available for the user, no Php or C...
Save the script as localfile wouldn't be a good option I think, that's how we do it for now but I don't know how Coding test platforms actually do it.
The API is hosted on AWS EC2 Amazon Linux instances.
Thank you for your help :)
This is rather an elaborate business requirement and not simply a doubt, but some points that could help you to progress in your project further -
A program is only a program when it is understood by some other program as instruction. Otherwise there's no difference in program.js and program.txt
Validating and running a program are two different things
Running a program on your own system vs allowing anyone to run the same program in your system are entirely different situations in terms of everything. (This is where the web & it's virtues come to play)
There will always be some risk when letting others provide instructions to your systems, as no validation is 100% effective, even if you check for all destructive commands, there will always be more of them. But then again, you'll have to consider this while setting up a virtual machine for the sole purpose of public use. (Like, keeping in mind that this machine can be lost at any moment, so the architecture should be able to handle such losses, either by spinning up a new machine or having a set of replaceable machines for this.)
Isolation & sandboxing of execution is the key in these kind of requirements. So you can have a look at tools like Docker, which could be a bit complex to understand initially, but if it suites your needs then simplicity is just one complexity away.
I'm looking for a way to output traces to a log file in my code, which runs on linux.
I don't want to include the printing information in the binary, in every place I deploy it.
It windows, I simply used WPP to trace without putting the actual traces strings in my binary.
How can this by achieved in Linux?
I'm not very familiar with Linux tools in this area, so maybe there is a better system. However, since nobody else has made any good suggestions, I'll make a suggestion. (Probably not a very good suggestion, but the best I can think of right now.)
In theory, you could continue to use wpp. Wpp is simply a template system. It scans the configuration and input files to create data structures. Then it runs a template, fills in the data values it got from the scan, producing the tmh files. You could create a new set of templates that would use Linux apis instead of Windows apis, and would record the message strings in a way that works with some other log decoder system.
I noticed this question only now and would like to add my two cents to the story just for a case. Personally, I truly appreciate Windows WPP Tracing and consider it probably the best engineering solution for practical development troubleshooting among similar tools.
It happened I extended WPP use to Unix-like platforms twice. We wanted to use strong sides of WPP concept in general and yet use it in a multi-platform pieces of code. This was not a porting but rather a wrapper to specific WPP use we configured on Windows. One time we had a web service to perform actual WPP pre-processing on Windows; it may sound a bit insane but it worked fine and effective within the local network. A wrapper script that was executed before each compilation sent a web request, got a processed file and post-processed the generated include file to make it suitable for Unix-like platforms. The second time we implemented a simplified WPP pre-processor of our own (we found yet additional use for it - we could generate the tracing statements differently for production and unit testing, for example). This was a harsh solution: you anyway need to use some physical tracing framework behind the wrapper on non-Windows platform (well, the first time we apparently implemented our own lower level).
I do not think the Linux world has a framework comparable to WPP. Once I even thought it could be a great idea to make an open source porting project for WPP. I am not sure it would be much requested though. I said it is a great engineering solution. But who wants to do dirty engineering work? Open source community prefer abstract object-oriented and generic solutions, streaming and less necessity in corresponding tools (WPP requires special management tools and OS support).Ease of code writing is the today's choice.
There could be Microsoft fault (or unwillingness) in the lack of WPP popularity too. They kept it as an internal framework that came out just by a case with Windows DDK because they have to offer some logging/tracing solution for driver developers. Nobody even noticed much that WPP is well suitable for the user-space code too. And WPP pre-processor for C#, for example, has never been exposed to public at all.
Nevertheless, I still think that WPP porting to Unix/Linux work can be a challenging, interesting and maybe even useful attempt. If someone decides to lead it. :)
I'm currently offering an assembly compile service for some people. They can enter their assembly code in an online editor and compile it. When then compile it, the code is sent to my server with an ajax request, gets compiled and the output of the program is returned.
However, I'm wondering what I can do to prevent any serious damage to the server. I'm quite new to assembly myself so what is possible when they run their script on my server? Can they delete or move files? Is there any way to prevent these security issues?
Thank you in advance!
Have a look at http://sourceforge.net/projects/libsandbox/. It is designed for doing exactly what you want on a linux server:
This project provides API's in C/C++/Python for testing and profiling simple (single process) programs in a restricted environment, or sandbox. Runtime behaviours of binary executable programs can be captured and blocked according to configurable / programmable policies.
The sandbox libraries were originally designed and utilized as the core security module of a full-fledged online judge system for ACM/ICPC training. They have since then evolved into a general-purpose tool for binary program testing, profiling, and security restriction. The sandbox libraries are currently maintained by the OpenJudge Alliance (http://openjudge.net/) as a standalone, open-source project to facilitate various assignment grading solutions for IT/CS education.
If this is a tutorial service, so the clients just need to test miscellaneous assembly code and do not need to perform operations outside of their program (such as reading or modifying the file system), then another option is to permit only a selected subset of instructions. In particular, do not allow any instructions that can make system calls, and allow only limited control-transfer instructions (e.g., no returns, branches only to labels defined within the user’s code, and so on). You might also provide some limited ways to return output, such as a library call that prints whatever value is in a particular register. Do not allow data declarations in the text (code) section, since arbitrary machine code could be entered as numerical data definitions.
Although I wrote “another option,” this should be in addition to the others that other respondents have suggested, such as sandboxing.
This method is error prone and, if used, should be carefully and thoroughly designed. For example, some assemblers permit multiple instructions on one line. So merely ensuring that the text in the first instruction field of a line was acceptable would miss the remaining instructions on the line.
Compiling and running someone else's arbitrary code on your server is exactly that, arbitrary code execution. Arbitrary code execution is the holy grail of every malicious hacker's quest. Someone could probably use this question to find your service and exploit it this second. Stop running the service immediately. If you wish to continue running this service, you should compile and run the program within a sandbox. However, until this is implemented, you should suspend the service.
You should run the code in a virtual machine sandbox because if the code is malicious, the sandbox will prevent the code from damaging your actual OS. Some Virtual Machines include VirtualBox and Xen. You could also perform some sort of signature detection on the code to search for known malicious functionality, though any form of signature detection can be beaten.
This is a link to VirtualBox's homepage: https://www.virtualbox.org/
This is a link to Xen: http://xen.org/
I am looking to create a simple mobile agent system which will deal with 4 tasks, i.e 4 different mobile agents jobs: Database update, meeting scheduling, network services discovery and kernel update.
I have done my research and have seen different frameworks such as Aglet, Jade, agent builder etc. My question is which one should i use? Also i need to setup the base code for it to work, can someone point me to a site or help me to setup the basic functions of the mobile agent?
I've read about tahiti server for the Aglet model. I'm quite confused about how to set up the mobile agent system. Any help would be much appreciated.
I have also tried to it using RMI. I had created a method of type agent, but i couldn't pass it through remote method implementation. I was reading about tcp and udp socket programming. I was thinking may be it would be more fair to do it using socket programming. In this case, would this be called an agent? I was thinking about the server sending datagram packets to multiple clients.
You need to ask yourself why you want to use mobile agents at all. The notion of a mobile agent was popular in the agent research community in the early 90's, but fell out of favour because (i) it wasn't clear what problem it was solving, (ii) the capability to allow arbitrary code to migrate to a particular computer and execute with enough privileges to access local data and services is very open to abuse, and (iii) all of the claimed benefits of mobile agents can actually be achieved though web services (REST or otherwise) and open data formats such as RDF. Consequently, few, if any, mobile agent platforms have been properly maintained since the early experiments.
It also sounds as though you need to be clear which end-user problem you want to solve. Scheduling a meeting and updating my kernel are very different tasks - I'd be very uncomfortable with a program that claims do both. If your interest is in the automation of system maintenance tasks, such as DB tuning and kernel patching, on large networks you might want to look at the SmartFrog project, or read up on autonomic computing.
I use JADE and I agree with the first guy, agent systems usually take alot of overhead to going so if you can avoid it, please do. If however you choose to proceed choose a platform with alot of support and a big user group.
Jade has some neat features like a directory facilitator DF, which works like a yellow pages so other agents don't have to know what agents are running and what services are supplied they can simply inquire by the DF.
Also JADE ContractNetBehaviours help simplify communication.
What I am looking specifically for is software thats runs on Linux (CentOS) that can do the following:
Show human readable CPU, Memory, Disk, Apache, MySQL utilization/performance.
Provide historic reports on the above metrics (today, week, month, year etc...)
Provide this data in an easy to view web based report or at least exportable to excel/csv.
I have looked at Cacti and I don't think its really an enterprise solution. I don't care if this is free or paid for software, though open source would be nice I am really just looking for the best solution.
Does anything like this exist for Linux? The problem this company is faced with is we have no way of measuring how the changes we make in our code and server configurations impact overall performance. So when I saw lets do this - then do it, I can't shows the benefits or revert back cause it was a negative in terms of performance. I am not a linux guru, just a developer with some linux skills, but am open to all suggestions. Thanks for reading.
Even though there are lot of open source projects but the main drawback they suffer is that they are away harder to configure. I have some across a free to called SeaLion which is way easier to install and configure. And it has awesome timeline base to representing outputs. Also there are different paid tools line new relic, server density, solar wind which you can also give a look.
Check out the eginnovations monitoring tool
http://www.eginnovations.com
Monitors Linux, Apache, mySQL and other applications and is web-based, so you dont have to be a linux expert.
M.
Cacti is a simple one. OpenNMS is more complete.
You are not limited to linux, using SNMP you can fetch this data from a remote host and use any NMS you like.
IMHO one of the best "freemium" tools is Zenoss (http://community.zenoss.org/).
The community edition is free. It will do everything you need, and comes with a simple RPM based installation process. It's a lot easier than Cacti or Nagios to setup and use. I would give it a try.
I use munin. I'ts much much simpler to set up than cacti. It's better to compile it yourself than pull it with apt-get (or other) because that way it has more built-in data-gathering scripts.
Basically there is no single dashboard where you can get all reports metrics. There are a range of opensource softwares which and can serve your need.
For server performance many people recommends munin, you will have to learn how to read teh report data. You can also write custom scripts to get certain report parameters of Mysql. Additionally if your server host provides an API, you can then do lot more related to reports in your admin panel.
you have a look at following url which can provide you more idea about choosing best fit to your need.
https://serverfault.com/questions/44/what-tool-do-you-use-to-monitor-your-servers
http://sixrevisions.com/tools/10-free-server-network-monitoring-tools-that-kick-ass/