IBM z/OSMF - Group home

Provision on Demand Part 2: IBM and Red Hat Ansible


Check out part one: What is Provisioning? to get caught up.

Welcome back for part two of this provisioning automation blog series. In this installment we will be breaking down the opportunities for automated provisioning across the Z ecosystem. For clients that have not yet begun to automate provisioning in their environments (or want to learn more), we will provide an overview of the suggested direction for our customers, and what's available today to get started.

Provisioning capabilities with Ansible for z/OS today
When it comes to automated provisioning, Ansible is the suggested best practice moving forward for middleware provisioning. So far what we are able to provision with Ansible are:

IBM will expand these provisioning capabilities as we continue to invest resources and investigate different ways that we can automate and provision other pieces of middleware on z/OS with Ansible.

Build-your-own provisioning automation with Ansible
The real opportunity there from an Ansible perspective is that any middleware that has a REST interface can use the Ansible's URI module to automate. If we have already installed that piece of middleware on z/OS, the REST interfaces have been configured and enabled, and our user ID that is used with Ansible has authority to that REST interface then we can very simply connect to that REST interface and automate against the different REST calls that you can perform. 

The other option for automating provisioning of other software or middleware on z/OS is if that subsystem has been shipped with programs that you can run via JCL, or has operator, TSO or unix system services commands. With the capabilities delivered in the z/OS Core collection, we can execute programs, and issue all the commands types listed above, ultimately laying the foundation for potential provisioning activities.  A good example here is although there is no collection available for RACF today, we can still automate the security setup needed for any of our provisioning scenarios by leveraging the TSO commands capabilities. Check out the Ansible for IBM Z playbook repository for access to some of the provisioning playbooks available to the community today. 

The ability to automate provisioning with Ansible doesn't stop here either. With the new z/OSMF Ansible collection, we can now leverage automated provisioning assets in the form of z/OSMF workflows and cloud provisioning and management templates. We can use Ansible to orchestrate that provisioning of middleware, or any type of automation supported via the cloud provisioning and management or workflow engine. This also allows us to tie our z/OSMF automation assets into our wider strategies and pipelines for automation with Ansible. 

IBM Cloud Provisioning and Management for z/OS
If your company strategy requires provisioning automation driven from the z/OS platform, then you have the option to use IBM Cloud Provisioning and Management with z/OSMF. IBM Cloud Provisioning and Management for z/OS can help you rapidly provision z/OS and z/OS software subsystems, simplifying configuration and deployment. This z/OSMF-based task offers cloud-style provisioning and management capabilities such as a catalog of pre-defined, reusable software service templates, self-service resource management, robust multi-tenant security management and a service instance registry so you can position your z/OS assets for digital transformation. Highly flexible and scalable self-service provisioning can be difficult to manage without the right tools, but with IBM Cloud Provisioning and Management for z/OS you can structure and automate provisioning and infrastructure management easily and efficiently.

Software Service Catalog
Using IBM Cloud Provisioning and Management for z/OS, you can create software service templates that can be configured to provision IBM z/OS and IBM middleware, such as IBM Customer Information Control System (CICS®), IBM DB2®, IBM Information Management System (IMS), IBM MQ, IBM WebSphere Application Server (WAS) or any other software that you have in your environment. IBM provides sample service templates for provisioning z/OS or IBM middleware. Once created or imported, templates can be configured and published for use by authorized users, who can then run the template multiple times to consistently provision software or middleware instances. 

Resource Management and Orchestration
Resource management is an important aspect of provisioning to consider, especially when creating multiple instances across your different environments. When using manual processes, keeping track of and allocating resources can get complicated quickly. With IBM Cloud Provisioning and Management for z/OS, you can support a robust, multi-tenant environment with defined resource pools that isolate services and resources for different lines of business or user groups. Leveraging resource pools for provisioning effectively automates enforcement of resource entitlement by policy as users and their services are limited to the predefined set of resources. When a service is run, resource requests are dynamically orchestrated from the set resource pools, leaving behind the days of manually tracking and orchestrating your z/OS resources for each instance you create. Resource pools also support custom naming conventions for provisioned resources. For example, you can configure a SNA APPLID-based prefix for your CICS regions and name all provisioned instances accordingly.

Service Instance Registry
Once a software instance has been created, use IBM Cloud Provisioning and Management for z/OS to automatically track each provisioned instance and its assigned resources with a registry that provides details such as author, state, system, software type, and more. Avoid manually tracking and performing tasks on several instances at a time and perform lifecycle actions directly from the registry to start/stop an instance, deprovision an instance, or recycle a provisioned address space.

While IBM Cloud Provisioning and Management for z/OS can be used as a standalone method for provisioning, you can also use it with Ansible. Once templates are published in a software service catalog by system programmers, developers or system programmers can drive software provisioning using Ansible playbooks. IBM provides certified z/OSMF Ansible collections that include various Ansible roles that can be leveraged in a playbook to provision a new software instance in a completely automated and self-service manner. z/OSMF also provides roles to perform lifecycle management on the provisioned instances.

The future of automated provisioning for z/OS
Specifically within provisioning, the direction we are heading is providing z/OS employees a self service way to provision their own middleware for their own test or development environments. This will help saves lots of time for developers instead of having to wait on multiple different people for approvals to get those environments stood up, additionally resulting in increased productivity for those developers. These self service environments should be platform agnostic, meaning the experience to provision middleware on z/OS should not look any different for our engineers than it does on a different platform. This wider strategy that IBM is working towards in bringing more platform agnostic tools to z/OS has Red Hat OpenShift and Ansible at the heart of it. OpenShift is the strategic platform for our customers as they transition their current mainframe environments into their hybrid cloud strategies. Ansible is the most popular automation platform in the industry today, and there are readily available Ansible skills in the marketplace. When developers or sysprogs build Ansible playbooks, they are working with YAML syntax, which is incredible easy to read in comparison to some of the automation languages we have on z/OS today (JCL, REXX, etc.). With human readable code, new hires on z/OS can much more easily understand the automation they are working with. 

The IBM z/OS Cloud Broker serves as this self service portal for automated provisioning on z/OS by being hosted as a container in OpenShift, leveraging the Ansible and z/OSMF backend capabilities for automated provisioning on z/OS. As mentioned in the statement of direction from IBM,

IBM® intends to provide clients with capabilities that will help accelerate their transformation to greater portability and agility in a hybrid cloud environment by delivering a powerful framework based on Ansible® Automation Platform. These capabilities will drive resource and service automation for existing and new IBM z/OS® applications and workloads from the Red Hat® OpenShift® Container Platform. This direction supports a common approach to hybrid applications and infrastructure management that provides direct interaction with z/OS resources or with existing platform tools.
Please take a moment to contribute to the poll below (time: <1 minute)
Poll: What are you currently using to automate provisioning in your z/OS environment?

When it comes to automated provisioning, customers can either build new automation within the z/OS Cloud Broker framework in the form of operators - which will ultimately be surfacing the provisioning capabilities of an Ansible playbook - or z/OSMF template as an executable from OpenShift. Access controls can then be defined on OpenShift to provide engineers with the proper provisioning capabilities required for their roles. 

Continue to part 3: The Future of Automated Provisioning on z/OS