Following IBM’s acquisition of Red Hat in October 2018, which officially closed in July 2019, there’s been lots of hype around Ansible for DevOps and IBM i automation. But what is Ansible? Can Ansible automate the tasks associated with running a modern IBM i environment? We explore these and other Ansible questions here.
What Is Ansible?
Ansible is a powerful open-source automation platform designed to automate many of the complex and repetitive tasks that IT departments undertake. Being an open-source solution, Ansible is free. However, there is a commercial-supported version available known as Ansible Automation Platform.
Is Ansible a DevOps Tool?
Ansible sits neatly on the operations side of DevOps. Ansible is very easy both to set up and use. Ansible requires some coding skills for writing scripts and can execute many common tasks on IBM i, AIX, Linux (both x86 and Power), Windows, and Mainframe.
What Does Ansible Automate?
Ansible’s sweet spot are tasks such as provisioning, configuration management, application deployment, orchestration, fix installation, system maintenance, and aspects associated with security configuration and compliance. In fact, anything that can lead to increased productivity for system administrators can be deployed with Ansible.
What Can’t Ansible Automate?
Ansible is not designed to automate monitoring or scheduling. It has no mechanism to be able to reply to inquiry messages generated on IBM i message queues. It also has limited capabilities in the areas of performance and other general resource monitoring. Additional performance monitoring or message management software is recommended for real-time IBM i monitoring.
Although basic dependencies can kind of be coded in Ansible Playbooks, there is no built-in dependency concept between Playbooks since the success of the executed tasks are not tracked. Compare this to the comprehensive dependency support in Robot Schedule job scheduling software for both self-contained dependencies within logical partitions or extending out to other IBM i partitions or platforms.
As Ansible can issue native IBM i commands, simple alerting can be built into Playbooks in the form of emails, but there is no support for alert escalation, and it lacks the ability to respond to an email or SMS. While emails can provide a useful method of alerting, you cannot centralize alerting into a single pane of glass with Ansible.
What Does Ansible Mean for IBM i?
Whether you manage your IBM i systems on-premises or in the cloud, they can be managed just like any other platform: as an Ansible endpoint. Functions associated with the IFS, Db2, native objects, and security can be administered automatically.
Tasks can be written and added to Ansible Playbooks to perform any number of IBM i tasks. The open-source community have contributed many example modules that have been made public on GitHub and can be seen here.
These include modules for comparing and downloading PTFs, saving and restoring objects, executing CL commands, and even IPLing a system.
How Do I Install Ansible on IBM i?
Ansible installation instructions can be found here. Ansible is agentless and relies on SSH connections being formed between the main Ansible Control Node and Managed Nodes, which negates the need to authenticate every time a task is performed on an endpoint.
The Ansible Control Node typically runs on Linux and requires that Python3 be installed. The Control Node is home to the configuration code files (called Playbooks), which describe a series of tasks that will be taken against one or more Managed Nodes. The Control Node also houses the inventory of Managed Nodes.
Managed Nodes are the endpoints or hosts managed by Ansible—IBM i is one of these. Managed Nodes also have Python3 (plus python3-itoolkit and python3-ibm_db) as a prerequisite along with two IBM i licensed programs:
- HTTP Server (5770DG1)
- OpenSSH (5733SC1) Base and Option 1
In addition, the Portable Application Solutions Environment (PASE) (5770SS1 Option 33) is also required.
As with any new tool, when adopting Ansible there will be a learning curve, although anybody that is able to write IBM i CL programs should soon be comfortable enough to write Playbooks.
It is worth noting that, with the free version of Ansible, you will need to rely on support forums for product support.
Where Can I Lean More?
Here are a few resources from around the web to get you started:
What's my next step?
Ansible is good for the IBM i platform as it provides additional automation around burdensome IT tasks. If you’re looking at this technology, give us a call. We can discuss how any combination of Ansible and IBM i automation tools from Fortra can take your organization to the next level.