IBM z/OSMF - Group home

z/OSMF Ansible Collection 1.1 - New Security Automation and Cloud Provisioning Enhancements

Authors Xiao Zhen (Joey) Zhu, Hiren Shah, Travis Biro, Rolando Perez

Attention! Calling all System Programmers and enterprise automation champions. Automating system management tasks on z/OS is paramount to the ongoing efforts in error reduction, time saving, and closing the skills-gap in the industry. The z/OSMF Ansible automation collection is built specifically to address these issues and reinforce IBM's DevOps on Z strategy. With this new version (v1.1) we introduce Security Configuration Assistant modules that validate security across all three major mainframe security products and bring peace of mind to the once-arduous task of manually configuring security parameters. The collection has also enhanced the existing Cloud Provisioning and Management roles with new modules to simplify and automate the software registry process.

New Security Configuration Assistant Functionality
The new z/OSMF Security Configuration Assistant (zmf_sca) module will help z/OS users automate security configuration, leading with security validation and continually enhanced with our users in mind. zmf_sca allows users to define z/OS security requirements in an easy to create JSON format file. With this JSON file the SCA Ansible module (zmf_sca) is able to automatically validate SAF based security configuration through an Infrastructure as Code (IaC) approach, reducing errors and time spent on security validation, troubleshooting and auditing. The zmf_sca module is built on the z/OSMF Security Configuration Assistant (SCA) REST API. More information about z/OSMF Security Configuration Assistant can be found in the z/OSMF Guild session for SCA.

New Cloud Provisioning and Management Roles
z/OSMF Cloud Provisioning and Management function includes registry function to register all provisioned instances. When you provision new instances of software from the Cloud Provisioning and Management catalog, the new instances are automatically captured in software services instance registry. We delivered an additional role in the z/OSMF Ansible collection, zmf_cpm_create_software_instance, that enables authorized users to register instances of software that are provisioned through different automation processes or provisioned using manual processes. A new role zmf_cpm_get_software_instance is also provided to retrieve details about software instance that are provided when the software instance was registered using zmf_cpm_create_software_instance role.

z/OSMF Cloud Provisioning and Management provides the capability to build a catalog of software services that users can use to provision softwares on one or more z/OS systems. Recently, we delivered a new role zmf_cpm_list_software_templates that can be used by authorized users to retrieve list of published templates from z/OSMF Software Services catalog. Authorized users can then use this information in their playbook to drive the provisioning of a software using zmf_cpm_provision_software_service role. 

Let's Create! 
We continue to plan enhancements and new functionality for the z/OSMF Ansible automation collection, and welcome user feedback.  User input and collaboration will help us prioritize the z/OSMF capabilities that we enable in the Ansible Collection as we move forward.   Please reach out to Travis Biro ( and Rolando Perez ( if you have further questions or feedback, need help getting started, or want to discuss how we can help with your enterprise automation needs.

Resources and Links