Prerequisites for accessing Grafana dashboards on z/OSMF

Before you can start working with Grafana dashboards through z/OSMF, there are some prerequisites that you need to complete.

The following sections describe each prerequisite in detail:

Configure z/OSMF

When installing z/OS, z/OSMF is automatically installed as a fundamental component of the operating system. However, to use its features, you must configure the z/OSMF nucleus on your system and add core and optional services. This enables you to take advantage of the many benefits that z/OSMF offers. For more information, refer to the z/OS Management Facility Configuration Guide.

Install Grafana

You must install Grafana v9.5.1 or later.

For more information, refer to the Grafana documentation for detailed instructions on installing Grafana and its dependencies and starting the Grafana server on your system.

User administration

You must review the default user management settings provided by the Grafana server to determine if you need any additional permissions to be added for the users.

For more information, refer to the User Management section of the Grafana documentation.

Configure JSON Web Token (JWT) support on z/OSMF

You must configure the z/OSMF server to build and use JSON Web Token (JWT) tokens. Because, by default, the JWT function is turned off on the z/OSMF server. You can turn on the JWT authentication by modifying the server's configuration files directly. Once enabled, the JWT function allows you to use JWT tokens to authenticate and authorize user access to the Grafana through the z/OSMF server.

When configuring z/OSMF JWK files, it is essential to use the jwksUri parameter. This parameter specifies a URL for the JSON Web Key service, which is necessary for building the JWK files.

The format of the jwksUri parameter is as follows:

https://${hostname}:${port}/jwt/ibm/api/zOSMFBuilder/jwk

For example, if your z/OSMF server is running on https://abc.com:12345, then the value of jwksUri is:

https://abc.com:12345/jwt/ibm/api/zOSMFBuilder/jwk

Where,

abc is the hostname where the z/OSMF server runs.
12345 is the port number.

You must save the content of jwksUri as the jwks.json file and place it in the following directory:

/PATH/TO/jwks.json

For information about enabling the JWT function, refer to the z/OS Management Facility Configuration Guide.

Configure JWT authentication on Grafana

You must configure Grafana to accept a JWT token in the HTTP header. You can also verify the token's validity using a JSON Web Key Set (JWKS) stored in a local file.

As a system administrator, when you install Grafana, you can pass values for some of the individual parameters in the .ini configuration file to configure JWT authentication on Grafana. See Grafana configuration parameters.

The default location of the configuration file is as follows:

Operating systems	Default path to the configuration file
Windows®	WORKING_DIR/conf/defaults.ini
Linux®	/etc/grafana/grafana.ini
macOS®	/usr/local/etc/grafana/grafana.ini