Ansible for z/OS: A Beginner’s Guide to Mainframe Automation
In this step-by-step tutorial, BMC Software’s Sujit Neb explains how to run a Ansible Playbook for z/OS
This article is a comprehensive guide to demystify the process of automating mainframe tasks using Ansible. We will begin with the fundamentals of Ansible and its application in modern IT environments, then dive into the specifics of integrating Ansible with z/OS. Whether you are a mainframe novice or an experienced z/OS professional looking to streamline operations, this guide will equip you with the knowledge and step-by-step setup needed to leverage Ansible for efficient, scalable and repeatable tasks.
What Is Ansible?
Ansible is an agentless architecture that offers open-source automation that is simple, flexible and powerful. Red Hat Ansible Certified Content for IBM Z helps you connect IBM zSystems to your wider enterprise automation strategy through the Ansible Automation Platform ecosystem.
How Ansible Works
In simple words, you must have at least two systems, where one system is used as a control node that runs your Ansible playbook (contains a task) on managed node to configure the system. See illustration given in the Figure 1 as below.
What to Know Before Getting Started
Ansible automates the management of remote systems and controls their desired state. Most Ansible environments have three main components:
- Control node: A system on which Ansible is installed. You run Ansible commands such as Ansible or Ansible inventory on a control node.
- Inventory: A list of managed nodes that are logically organized. You create an inventory on the control node to describe host deployments to Ansible.
- Managed node: A remote system, or host, that Ansible controls.
Let’s dive in to understand each component showcased in Figure 2.
- Modules: Also referred to as “task plug-ins” or “library plug-ins,” modules are discrete units of code that can be used from the command line or in a playbook task. Ansible executes each module, usually on the remote managed node, and collects return values. In Ansible 2.10 and later, most modules are hosted in collections.
- Inventory: Ansible automates tasks on managed nodes or “hosts” in your infrastructure, using a list or group of lists known as inventory.
- Plug-ins: Plug-ins offer options and extensions for the core features of Ansible: transforming data, logging output, connecting to inventory and more.
- Playbooks: Playbooks can finely orchestrate multiple slices of your infrastructure topology, with very detailed control over how many machines to tackle at a time.
How to Run an Ansible Playbook for z/OS
Step 1: Set Up z/OS as a Managed Node
Setting up z/OS to be an Ansible-managed node is simple. Ansible is an agentless architecture, which means that there’s no server-side component that needs to be installed on any managed node.
All you’ll need is:
- SSH (secure shell protocol) enabled
- z/OS Unix System Services enabled
- Python or IBM Open Enterprise SDK for Python installed
- IBM Z Open Automation Utilities
- z/OS V2R3 or later
Step 2: Linux as a Control Node
Download and install Ansible on Linux. Here I am using an example from Red Hat Linux however you can choose your own version.
Install Python 3.5 or later. See, the installed version as in Figure 3.
$ sudo dnf install python3
Install Ansible on your local machine as in Figure 4.
$ sudo pip3 install ansible
Install the z/OS core collection as in Figure 5. (click to expand)
$ ansible-galaxy collection install ibm.<collection>
Verify that Ansible is installed on your machine as in Figure 6.
$ ansible –version
Notethat the version for each module needs to match. Read more on this GitHub page under the Playbook requirements section.
Step 3: Inventory and Files Setup
Follow these steps to complete the inventory file setup.
Inventory file
Create the Inventory file with the system Information that Ansible will manage.
We are using inventory as in Figure 7: yourhost.yml
Here, ansible_user and ansible_password contains the TSO_ID and TSO_PASSWORD respectively.
Check/Create your ansible.cfg file
A simple ansible.cfg configuration file will include a few stuff that is required to ensure your playbooks runs without asking password each time. We are using ansible.cfg as in Figure 8.
View this configuration reference.
Create your ping.yml file
A simple ping.yml configuration file will include details about the host, vars and PATH.
We are using ping.yml as in Figure 9:
Now, you have all your files set up and it’s time to verify.
Check Ansible Connections to z/OS
Run following command on the terminal to check the connection as in Figure 10:
The result indicates (as in Figure 11) that the Ansible was successfully able to connect to the z/OS system.
We are now ready with the setup to run the first Ansible playbook for z/OS!
Run Your First Ansible Playbook for z/OS
You will need to have:
- inventory.yml (yourhost.yml is the file name in our example)
- submit-job.yml
- ansible.cfg
You can use any playbook of your choice to run the task on your managed node, here in this example we will see a simple Submit JCL Job with fetching results on JCL Job completion. See as in Figure 12, submit-job.yml.
Follow these three steps to run a playbook:
- Edit the ansible.cfg file to include pipelining = true.
- Modify the inventory (yourhost.yml) to add the z/OS host, TSO user details and Python location.
- Run the Ansible playbook using the following command, as in Figure 13:
Verify JCL Job output with the JCL Job submitted earlier has returned result, see Figure 14.
Result contains:
Host – xxx. bmc.com
JOB ID – JOB44381
MAXCC – 0008
Congratulations! You’ve just run your first Ansible playbook for z/OS.
Why Automate Using Ansible
Ansible is simple to use and configure. To ease your day-to-day maintenance activities and to focus on some innovative work. Your mainframe automation journey should start with this basic setup. Here are some specific z/OS automation tasks that can be achieved using Ansible for z/OS.
1. Job Submission and Management
- Submit JCL jobs to the z/OS JES (job entry subsystem)
- Monitor job status and retrieve job output
- Handle job dependencies and sequencing
2. Data Set Management
- Allocate new data sets with specific attributes
- Delete existing data sets
- Copy or move data sets between different locations
3. USS (Unix System Services) Operations
- Create and delete directories and files
- Modify file permissions
- Execute shell commands within the z/OS UNIX environment
4. z/OS System Configuration
- Modify system parameters
- Update configuration files
- Restart subsystems or apply configuration changes dynamically
5. Security and User Management
- Create, modify or delete RACF users and groups
- Assign and revoke permissions
6. Software Management
- Automate software package installation
- Manage software updates and patches
- Deploy applications and middleware
By the end of this journey, you will have a solid foundation in using Ansible to automate tasks on z/OS, transforming how you manage mainframe environments. The seamless integration of Ansible with z/OS opens a new realm of possibilities for enhancing operational efficiency, reducing human error and enabling agile DevOps practices in mainframe operations. Welcome to a new era of mainframe automation, made easy with Ansible.
Some of these playbooks for z/OS are available for free here.