Skip to main content

Infrastructure as Code for IBM z/OS

With Red Hat Ansible Certified Content for IBM Z, it's possible to depict a z/OS landscape for automation as a code

Blue, grey and teal structure

Enterprises in their modernization and transformation journeys will have to deal with the challenges associated with hybrid infrastructure. As their infrastructure starts to spread over public cloud, private cloud and traditional infrastructure, there is a need for more coordination and orchestration than before for smoother IT operations and management, which can be complex. Enterprises know the importance of automation and have been doing it, but most of automation may be platform specific and may be using a home-grown tool or platform specific products. This kind of silo-ed automation and skills add complexity to the challenge. The real solution for enterprises is to have an integrated hybrid approach to IT automation with IBM z/OS® included in the overall strategy and skill normalized across the IT landscape.
 
Ansible® is an agentless, open-source framework for enterprise automation. With Red Hat Ansible Certified Content for IBM Z®, it is possible for Ansible automation scripts to access z/OS resources to perform automation. Thereby, z/OS can be integrated into enterprise automation roadmap and enterprises can create a consistent hybrid automation across platforms with normalized skills.

What Is Infrastructure as Code for z/OS?

Ansible playbooks are easy to read, as they are written in YAML, and playbooks can be version controlled. Using Ansible, it is possible to depict each component of your enterprise IT landscape and achieve the desired automation end state. This unique capability of codifying an entire IT landscape for automation is typically referred to as infrastructure as code. With Red Hat Ansible Certified Content for IBM Z, it is possible to depict a z/OS landscape for automation as a code. For instance, you can provision a z/OS subsystem, create the required definitions in the subsystem to support your application and activate the definitions or configurations which can underpin your application deployments.

How to Do Infrastructure as Code for z/OS

There are two pieces in Ansible automation: control node and managed nodes. The control node is the core. It runs Ansible engine and executes playbooks to perform automation on managed nodes. To work with managed nodes, Ansible engine should be given inventory of managed nodes, which it can pick up from different sources including local files, configuration management database (CMDB) and cloud inventory sources. The managed node can be anything that can talk SSH including z/OS systems, Linux®/Unix®/Windows® (LUW) systems and network devices.
 
Using Ansible, I tried the below simple infrastructure as code for z/OS scenario:  
  1. Provision a CICS region with z/OSMF Cloud Provisioning and Management (CP&M) template
  2. Define the CICS resources required for my application
  3. Copy my application binaries to CICS library specific for applications
  4. Finally, activate the defined CICS resource using console command 
There may be different ways to achieve this Infrastructure as a code for z/OS scenario, but this is what I did:
  1. In a x86 Linux, which will be my control node, I installed the required version of Ansible engine and its pre-requisites. Subsequently, I installed Ansible collections for z/OS core (collection version: v1.2.1) and z/OSMF (collection version:  v2.1.0) using Ansible Galaxy.
  2. I created inventory files for the Ansible engine to work with, where I added my z/OS system
  3. On my z/OS system, I installed the pre-requisites for Ansible to work with z/OS including IBM Open Enterprise Python for z/OS and IBM Z Open Automation Utilities (ZOAU). I also configured cloud provisioning and management function of z/OSMF. 
  4. I modified cics_getting_started template provided with z/OS Provisioning Toolkit (z/OS PT)  to create my template cics_simple, which will provision one stand-alone CICS® region. I defined my template in z/OSMF Cloud Provisioning Software Services Catalog, which will dynamically provision stand-alone CICS region leveraging z/OSMF automation capability.
  5. In my playbook, I used Ansible z/OSMF collection to call cics_simple template to provision the CICS region, ZCICS001
  6. In my playbook, I used Ansible z/OS core collection to do the following:
    • Define CICS resources for my application by calling DFHCSDUP utility
    • Copy my application binaries to CICS region libraries by invoking IEBCOPY
    • Activate the CICS resource definitions using console commands
Here is an excerpt of my Ansible playbook for my Infrastructure as a code for z/OS scenario:
 
- name: Infra as code
  hosts: zos1
  gather_facts: no
  collections:
    - ibm.ibm_zos_core                # z/OS core collection
    - ibm.ibm_zos_zosmf             # z/OSMF collection
  vars:
    - name: instance_info_json_path
  environment: "{{ environment_vars }}"
 
  tasks:
    - include_role:
        name: zmf_cpm_provision_software_service
      vars:
        cpm_template_name: "cics_simple”           # z/OSMF CP&M Template name
        domain_name: "default"
        tenant_name: "default"
        systems_nicknames: "S0W1"
 
    - name: Define App resources with DFHCSDUP
      zos_tso_command:
         commands:
           - alloc dd(SYSPRINT) da('ibmuser.demoapp.sysprint') shr
           - alloc dd(DFHCSD) da('ibmuser.zcics001.dfhcsd') shr         # CICS CSD
           - alloc dd(SYSIN) da('ibmuser.demoapp.cics') shr                # App related definitions live here
           - call 'DFH550.CICS.SDFHLOAD(DFHCSDUP)'
      register: myresult
      delegate_to: myzos
      failed_when: myresult.output[3].rc != 0
    - name: Show return code
      debug:
         msg: "TSO RC: {{ item.rc }} "
      loop: "{{myresult.output }}"
 
    - name: Copy binaries with IEBCOPY
      zos_mvs_raw:
         program_name: iebcopy
         auth: no
         dds:
            - dd_data_set:
                dd_name: sysut1
                data_set_name: ibmuser.demoapp.binaries      # App binaries live here
                disposition: shr
            - dd_data_set:
                dd_name: sysut2
                data_set_name: ibmuser.zcics001.binaries       # CICS library for App binaries
                disposition: shr
            - dd_dummy:
                dd_name: sysprint
      register: myresult1
      failed_when: myresult1.failed != False
      delegate_to: myzos
    - name: Show return code
      debug:
         msg: " Result: {{ myresult1 }} "
 
    - name: Activate CICS definitions with console command
      zos_operator:
         cmd: 'F ZCICS001,CEDA INSTALL G(GCICS002)'         # Console command
      register: cmd_output
      failed_when: cmd_output.failed != False
      delegate_to: myzos
    - name: Display output
      debug:
         msg:
           -  "{{ cmd_output }}"
 
Ansible z/OSMF collection and Ansible z/OS core collection expect inventory in a slightly different form, as Ansible z/OSMF collection relies on REST APIs and Ansible z/OS core collection relies on SSH. So, I created two inventory files and defined my z/OS system in both inventory files, but with a different nickname/label. Ansible z/OS core collection modules will look for my system with the nickname myzos and Ansible z/OSMF core collection will look for my systems with the nickname zos1.
 
Here is an excerpt of the inventory file picked up by Ansible z/OS core collection:
 
zsystems:
  hosts:
    myzos:
      ansible_host: 172.26.1.2
      ansible_user: xxxx
      ansible_python_interpreter: /usr/lpp/IBM/cyp/v3r8/pyz/bin/python3
 
Where xxxx is the user ID to be used to connect to the z/OS system.
 
Here is an excerpt of inventory file picked up by Ansible z/OSMF collection:
 
zsystems:
  hosts:
    zos1:
      zmf_host: 172.26.1.2
      zmf_port: 10443
      zmf_user: xxxx
 
Where xxxx is the user ID to be used to connect to z/OSMF running in the z/OS system.

Direct Access to z/OS Resources

Red Hat Ansible Certified Content for IBM Z brings direct access to z/OS resources from Ansible playbooks, thereby making infrastructure as code for z/OS a reality. This also brings in flexibility and enables z/OS systems to be an integral part of the enterprise hybrid automation roadmap, where enterprises can achieve consistent and coherent automation across platforms without skill challenges.
 
Learn more about Red Hat Ansible Certified Content for IBM Z here.
IBM Systems Webinar Icon

View upcoming and on-demand (IBM Z, IBM i, AIX, Power Systems) webinars.
Register now →