Why Ansible Is Emerging as a Top Automation Tool for Mainframes
Mainframe sites used to be like small factories in terms of the number of people that were needed to keep the machine running. There were lots of operators who spent their time feeding in card decks and changing tapes on the tape drives. There were systems programmers and application programmers, and a whole host of other people with vital jobs.
But just like most factories, there are fewer people needed these days to keep the mainframe working. There are more people using the mainframe, and the mainframe is doing more work with less downtime than ever before. It’s highly secure. It’s just that it needs fewer people to run it. And that’s a good thing with the number of mainframers who have decided to retire in the past couple of years, and the many others who are getting inexorably towards retirement age.
Mainframe automation has been going on since the first mainframes saw the light of day back in the 1960s. Some projects have been successful while others were not. But now, people are looking to Ansible to automate their mainframes. In fact, according to the Red Hat website, Ansible can be used to provision the underlying infrastructure of your environment and “Can be used to provision the latest cloud platforms, virtualized hosts and hypervisors, network devices, and bare metal servers.” So, Ansible does more than the usual automation software.
Let’s find out a bit more about it.
Ansible’s Origin Story
Ansible was originally written by Michael DeHaan and was acquired by Red Hat in 2015. IBM took over Red Hat in 2019. Ansible is open-source software that can be used for provisioning, configuration management and application deployment. Its tagline is, “Turn tough tasks into repeatable playbooks.” Using Ansible on a mainframe provides a way to integrate z/OS into an enterprise automation strategy in a consistent way. With Ansible, it’s easy to onboard new systems programmers, DBAs and developers. Additionally, with Ansible, infrastructure and provisioning changes are all managed as code.
With Ansible, users gain simple access to applications and data with secure API creation and integration in minutes. Ansible provides Agile enterprise DevOps, for example, with cloud-native development and industry-standard open tools. And, of course, Ansible provides standardized IT automation. In fact, Ansible can reduce the need for specialized skills, and it can empower developers.
The Ansible Automation Platform is very popular. In fact, Ansible is now the top cloud configuration tool and is heavily used on-premises too. The Ansible inventory identifies the nodes that are managed and categorizes them into different groups. Both nodes and groups can be assigned variables for use later during automation. The inventory can be static (using files) or can be provided dynamically.
Ansible Plugins
Ansible tasks are work that you configure to be run on the managed nodes. Some are built into Ansible, but many are provided by Ansible plugins. Tasks are configured using Ansible, with a configuration that is relevant to that task.
The Ansible Engine
The Ansible Engine runs Ansible Playbooks, which are the automation language that can perfectly describe an IT application infrastructure. Playbooks are YAML files that store lists of tasks for repeated executions on managed nodes. Each Playbook maps (i.e., associates) a group of hosts to a set of roles. Each role is represented by calls to Ansible tasks. Ansible playbooks bind hosts from the inventory to tasks. The hosts can be individual nodes, groups or everything. When a playbook is executed, it runs tasks against the hosts it is bound to.
The Ansible Tower
Ansible Tower allows users to scale IT automation, manage complex deployments and speed productivity. Ansible Tower is a REST API, web service and web-based interface (application) designed to make Ansible more accessible to people with a wide range of IT skillsets. It is a hub for automation tasks. Tower is a commercial product supported by Red Hat, but derived from the AWX upstream project, which is open source and sponsored by Red Hat.
By using Ansible Tower across the enterprise, users can take a higher-level view without needing to know the specifics of exactly how individual playbooks are put together. Users can use Ansible Tower to run playbooks without having to install Ansible themselves, they just run them with functional credentials. Users can also schedule automation to run at specific times, such as a monthly audit or a dashboard that refreshes every minute.
How Ansible Works
The basic concepts behind Ansible involve a control node or the machine from which you run the Ansible code, which could be a laptop, shared desktop or server. This can then control databases, the back end and the front end, using Python modules over a secure connection. There’s no need to install Ansible on the target nodes.
The Ansible inventory identifies the nodes that are managed and categorizes them into different groups. Both nodes and groups can be assigned variables for use later during automation. As mentioned earlier, the inventory can be static (using files) or can be provided dynamically.
The Ansible for IBM Z Collection
The Ansible for IBM Z collection contains a powerful set of playbooks and modules that allow users to automate common z/OS tasks. There are also dedicated collections and samples for different IBM products such as IMS and CICS. These are available on Ansible Galaxy. The collections cover basic z/OS tasks and those needed for Db2, CICS and IMS.
Using Ansible on z/OS allows users to centralize their automation skill set around a specific open-source technology that gives them flexibility and power. By sharing the same automation strategy as the rest of the enterprise, users can unlock opportunities for collaboration and integration. Ansible’s flexibility permits the reuse of their existing automation—triggering system automation, z/OSMF workflows, JCL, etc.—or adaptations to specific Ansible tasks.
Mainframe sites use Ansible to build and provision middleware, roll out fix packs to thousands of servers and for self-service provisioning of portals. Ansible can be used to configure middleware, networks and security. For security, it can be used for the SSL certification renewal process, password resets and to create new users. Ansible can integrate infrastructure provisioning and Z application deployment into a CI/CD pipeline. It can orchestrate and replace existing siloed in-house automation. And it can integrate existing automation into the overall workflow. Lastly, it can collect audit and security configuration details, system status and health checks.
As well as the collections and samples on Ansible Galaxy, there is also plenty of documentation available, especially for each of the modules available.
Ansible IBM Z Trial
Currently, there is an Ansible IBM Z Trial. This is a free guided virtual demonstration environment that provides users with the ability to run and review Ansible playbooks that automate tasks on z/OS.
The Ansible Automation Platform free trial includes a single self-supported 60-day subscription for Red Hat Ansible Automation Platform for Red Hat Enterprise Linux; access to Red Hat’s customer portal with documentation, videos, discussions, and more; and it can support up to 100 Ansible managed nodes.
Installing Ansible for IBM Z has some prerequisites such as USS and Secure Shell (SSH) enabled on z/OS. It also needs Python and Z Open Automation Utilities (ZOAU).
The installation steps are as follows:
- Enable OpenSSH
- Install Python
- Install ZOAU
- Install or update to Ansible 2.9 or above
- Install the desired Ansible for z/OS collection from Ansible Galaxy (or Ansible Automation Hub with a subscription)
Also of interest is the IBM Z and Cloud Modernization Stack, which is a new offering. It’s a way to automate and control a mainframe and a cloud environment. It provides application analysis, the ability to create and deploy APIs, cloud-native development, and standardized IT automation for z/OS.
Additionally, because Ansible runs on Linux and Windows, finding people who are familiar with it shouldn’t be a problem for mainframe sites, especially where there is a shortage of mainframe-specific expertise.
Ansible has already made a big impact in the world of distributed computing and cloud computing. It is now making a similar impact in the world of mainframes. Its ability to not only automate the usual tasks, but also provision infrastructure as code, is what attracts IMS, CICS, and Db2 specialists, as well as ordinary z/OS systems programmers.