View Only

MQ Ansible YAML Commands Collection

By Mayur RAJA posted Sun May 28, 2023 12:57 PM


Ansible is an open-source community project sponsored by Red Hat that provides a simple yet powerful way to automate the management of cross platform resources. Typically, Ansible is installed on a control node to administer resources on a managed node. For an introduction to Ansible, see:

The MQ Ansible YAML Commands Collection is now available. It includes sample Ansible Playbooks that invoke a runMQCmds role to issue YAML form MQ commands to administer MQ queue managers on distributed or z/OS platforms. The runMQCmds role converts YAML to JSON, and invokes the IBM MQ Administrative POST REST API to issue JSON form MQSC commands on target queue managers. The following diagram shows the flow:

Shows the flow of execution of YAML form MQ commands using the runMQCmds role in Ansible Playbooks

See: for further information.





Mon June 05, 2023 04:03 AM

As stated in the file for the collection, the runMQCmds role issues the MQ Admin POST REST API. The implementation passes a userid and password. A default userid and password is used but users can override these if required by passing in arguments on the role. The userid does of course need to be granted permissions to issue the respective command against the respective resource. This is as per usual when configuring MQ command and resource security. 

The code that has been supplied is sample code which is intended to allow users to get started. However, if users want to, they can modify the invocation of the REST API in the runMQCmds role to supply alternate security confiuration (including certificates). There is a link in the Getting Started section of the file that users can follow to perform additional customisation of security settings if required.

As individual customer needs vary, the IBM MQ team decided that it would be best for users to modify the role to issue the format (in terms of security configuration) of the MQ Admin REST API that best meets their need. 

Sat June 03, 2023 03:03 PM

How does it do it's security checking - so only authorised people are allowed to issue commands.

Is this done using certificates and TLS, or does it send userid and password over a TLS session?