It’s been a few years since I last put together an article, but I’ve still remained involved with Power systems and IBM storage, specifically around VIOS and Spectrum Virtualize (Storwize).
It is fair to say that the landscape is changing rapidly in IT with software driven technologies, cloud and devops. An age-old IT tenet is “Keep It Simple Stupid” (KISS) but this is becoming increasingly difficult as we have to deal with more and more technology and are expected to know at least a little about many aspects of IT.
In the last 10 years I can say that I’ve had to familiarise myself with Linux, AIX, Windows, IBM i, VMWare, Hyper-V, PowerVM, containers, networking, storage, etc. the list goes on. For the most part I’m only really interested in installation, initial configuration and troubleshooting. I have many documents saved to act as reminders and to assist me with various aspects of configuration management so a tool that could assist would be very useful. This is where Ansible comes in.
Ansible is an agentless open source automation engine that helps to rapidly automate configuration management, deploying applications, virtual server and LPAR deployment and many other IT requirements. IBM have been very active in the Ansible arena this year with Ansible collections available for IBM i, AIX, zOS, IBM cloud and IBM storage.
Using the IBM power_ibmi collection for system and configuration management we can use Ansible to run man IBM i functions without having to use a 5250 session or IBM i Navigator. This means that having to remember commands is much led of an issue. Yes, you need an understanding of OS concepts but if you have that you can very easily use Ansible to automate system configuration, running scripts (programs), applying PTFs and other functions.
One word of warning here. Various IBM teams are working on creating and maintaining the IBM i, AIX and storage Ansible modules. These are currently work in progress, but IBM has stated that these will become supported modules in the future.
How does Ansible work?
Ansible is written in python, a language which has been available on IBM i for a few years already.
The Ansible automation engine is installed on a Management Node, this will be a Linux system (x86, arm or Power). You just need to install Ansible on to your Management Node.
Ansible uses SSH, installed by default on the major Linux distributions, to communicate with the hosts to ensure that a secure, encrypted connection is established. This also allows secure, password-less connectivity between the Management Node and the hosts.
This article doesn’t cover Ansible specifics such as playbooks and roles so I’d highly recommend you take a look at Stuart Cunliffe’s IBM Power VUG session which is great for new Ansible users and is aimed at IBM Power users.
Ansible comes installed with a large set of core modules which can be used out of the box. When non-core modules are required, e.g. IBM i, AIX, then we can download a collection which is a group of modules that you can use to supplement the core modules.
IBM i Specifics
The hosts you wish to manage with Ansible require python to be installed. This can be a little tricky on IBM i if your LPAR(s) have no access to the internet as you need to install the IBM i open source features, which require V7R2+. This is NOT the 5770-OPS product as this is no longer supported.
Your IBM i LPARs will also need PASE, HTTP Server (5770-DG1) and the OpenSSH (5733-SC1) licensed programs installed and the *SSHD server started (STRTCPSVR *SSHD) to allow the Management Node to communicate via SSH.
Ansible has a public repository called Ansible Galaxy where anybody can add Ansible modules. IBM make their Ansible modules and collections available for download on Galaxy. The IBM i collection can be found here.
So we have 5733-SC1, 5770-DG1 installed and the SSHD server running, now what. We need to install python, which in turn requires yum. Yum is the open source package tool used by Red Hat and Centos. IBM have made yum available for IBM i (PASE) and AIX. Yum allows you to install, update, upgrade and remove packages from your systems but, by default, requires access to the internet or an internal package server. I find very few customers allow IBM i access to the internet either directly or via a proxy server. If you do have this access the Installation section of the instructions here will help you get started. I am going to assume you don’t have internet access from your IBM i LPAR(s) as this is the most common scenario.
The instructions for installing the opensource packages describes a procedure for manually installing yum by downloading two files to your PC, transferring the two files to the IFS of your LPAR and then executing a command to run the installation. I have used this successfully and it’s fairly straightforward. In the power_ibmi Ansible collection IBM have provided an Ansible playbook which does this for us, so I will continue using this method.
The following shows the commands I used to:
- Install Ansible on my Linux Management Node
- Set up IBM i in readiness to work correctly as an Ansible node
- Generate an RSA ssh keypair and copy the public key to IBM i
- Download the ibm.power_ibmi Ansible collection
- Configure Ansible settings to communicate with the IBM i LPAR
- Upload and install the required yum and python files into IBM i
- Create and run a power_IBMi module to vary on and off a device
Prepare Ubuntu and IBM i
Set up your Ansible environment files
You have now downloaded the Ansible modules provided by IBM for use with IBM i, however we still do not have python installed on the LPAR so we cannot use the IBM specific modules in the power_ibmi collection.
Fortunately, we can use some of the Ansible core modules to execute commands on IBM i using the standard SSH connection allowing us to upload the files yum and python files and run the script to set these up.
Ansible uses two files to set up the environment we are working with:
- ansible.cfg Specifies settings we wish to use for our sessions
- inventory file This can be named anything you like. The file contains the LPAR names and IP addresses you wish to access with any host specific variables
Install yum and python on to IBM i
Now let’s start the install of yum and python on to your LPAR. File README.md in the ~/.ansible/collections/ansible_collections/ibm/power_ibmi/playbooks/enable_offline_ibmi folder has 4 links to IBM web sites where you can down load the necessary files. Download all the files into the same directory.
When completed your download directory should contain the following files:
- python3-3.6.10-3.ibmi7.2.ppc64.rpm ******* IMPORTANT: DO NOT INTSTALL A LATER VERSION OF THIS FILE e.g. python3-3.6.10-6.ibmi7.2.ppc.rpm *******
Links to the download location for the files:
- bootstrap.sh https://public.dhe.ibm.com/software/ibmi/products/pase/rpms/bootstrap.sh
- bootstrap.tar.Z https://public.dhe.ibm.com/software/ibmi/products/pase/rpms/bootstrap.tar.Z
- python, python-itoolkit, python-ibm_db https://public.dhe.ibm.com/software/ibmi/products/pase/rpms/repo/ppc64/
- python3-six https://public.dhe.ibm.com/software/ibmi/products/pase/rpms/repo/noarch/
These files need to be accessible by the Linux system you have installed Ansible on to as Ansible will copy these files up to your IBM i LPAR.
The first two files install yum and dependency files. The remaining files are the python files required on IBM i which allow the Ansible Management Node to communicate with the LPAR.
The Ansible playbook called main.yml, in directory enable_offline_ibmi, should now run. This will take a few minutes as the files you downloaded need to be copied to folder /tmp/ansible-rpm on your LPAR. Once they have been copied up to your LPAR the playbook will use QSH to execute bootstrap.sh to install yum and its dependencies.
This error occurs on v1.0.0 of the power_ibmi Ansible collection as it still tries to install python using an internet connection from the LPAR. I have logged this with the developers and they have acknowledged that they will fix it.
If you have downloaded the power_ibmi collection > 1.0.0 the issue should have been fixed and you should not see this error.
The workaround is simple:
Now run the ansible playbook again:
This will run the playbook again but will skip the steps to install yum as it is already installed. This is an important feature of Ansible called idempotency. This means that Ansible will not change something again if it is already in the desired state.
When yum and python have been successfully installed you will see a message similar to:
Using Ansible for IBM i modules
We now have everything set up so we can start using Ansible with our IBM i modules. Let’s do a test first and try an Ansible ping to our LPAR.
We can now run an ad-hoc ansible command or we can run an Ansible playbook.
- An ad-hoc ansible command is intended for one-off actions on one or more hosts.
- An Ansible playbook is similar to a program as it describes one or more tasks we want to take against one or more hosts.
Let us try using the IBM i module ibmi_device_vary as an ad-hoc command and in an Ansible playbook.
Using an Ansible ad-hoc command
You should see output similar to the following:
Using an Ansible playbook
You should see output similar to the following:
If you were monitoring your LPAR you will see that the device you specified is now varied on as if you’d run the VRYCFG command from a 5250 session. A couple of things to try:
• Add -vvv to the ansible-playbook command to see a whole lot more detail
• To have Ansible retrieve the job log, use the -vvv parameter AND change the playbook to say joblog: true
• Change the playbook status: ‘ON’ to ‘OFF’ vary off a device
• To specify multiple devices to vary on or off create a list under the device_list parameter:
There are over 30 IBM i Ansible modules available which are documented here. These are not always easy to understand, even with the examples, but the downloaded IBM i collection has a number of test playbooks in directory ~/.ansible/collections/ansible_collections/ibm/power_ibmi/tests/integration/targets. Look for a file called main.yml under the tasks directory for each test for the playbooks.
I haven’t used all of the modules to date, but I’ll investigate more of these, especially the PTF and the SQL modules. IBM are also developing modules for use with AIX, VIOS and HMC too which I have started to test. Currently there are far fewer of these modules compared to IBM i but I’m sure these will increase. The point is that if you get familiar with Ansible on any platform it stands you in good stead to use Ansible for many other platforms giving you one tool to manage your IT estate.
|Generate and copy an ssh keypair
|Ansible for i module documentation
|IBM i opensource repository
|IBM Power VUG Webinar Series
|Ansible Automation on Power IBM Power VUG by Stuart Cunliffe, IBM Lab Services
|Github issue for enable_offline_ibm when trying to install python
Stuart Cunliffe, IBM Lab Services for allowing me to reference his Ansible for Power webinar
Adam Robinson, Maple Computing for assisting me with testing the above and introducing him to Ansible