This playbook demonstrates how to copy data to and from a z/OS system using modules included in the Red Hat Ansible Certified Content for IBM Z core collection.
This project contains playbooks and roles that demonstrates certificate renewal using RACF. The playbooks in this project are designed to address an end to end scenario managing z/OS certificates beginning with monitoring certificates using Health Checker, creating an authority and certificates, deleting certificates and even renewing them.
ALthough this is an end to end scenario, you can choose to run the individual playbooks if you are interested in one particular operation. Review the individual playbook for more details.
In addition to providing the various operations, this project goes further and
demonstrates how some of the same operations can be run various ways. For example,
you will notice that the two modules zos_mvs_raw and zos_tso_command are
heavily used to perform the same operation. You can choose to create a certificate
authority using the playbook based on zos_mvs_raw which is
create_CERTAUTH_cert_raw.yml or you could
choose the playbook leveraging TSO commands to do the same thing
create_CERTAUTH_cert_tsocmd.yml. Either
playbook will yield the same results and this offers you the opportunity to
explore multiple ways to do the same operation.
These playbook use:
collection:
ibm.ibm_zos_core
modules:
zos_mvs_raw
zos_tso_command
zos_operator
zos_job_submit
It is a good practice to review the playbook contents before executing them. It will help you understand the requirements in terms of space, location, names, authority, and the artifacts that will be created and cleaned up.
This playbook requires:
- Configure the included inventory.yml with the
information from the managed z/OS host.
- Review inventory documentation
- Configure the included host_vars zos_host.yml
with the information from your z/OS system.
- Review host_vars documentation and any additional noted variables in the configuration.
This project has several playbooks that you can run, choose a playbook-name
and substitute it in the command below to execute it.
ansible-playbook -i inventories <playbook-name>- health_checker_security - Set up security profile for accessing Health Checker functions.
- create_CERTAUTH_cert_raw.yml - Create a CERTAUTH certificate using zos_mvs_raw module.
- create_SITE_cert_raw.yml - Create a SITE certificate using zos_mvs_raw module.
- create_USER_cert_raw.yml - Create a USER certificate using zos_mvs_raw module.
- delete_cert_raw.yml - Delete a certificate using zos_mvs_raw module.
- delete_keyring_raw.yml - Delete a keyring using zos_mvs_raw module.
- list_cert_raw.yml - Display a certificate's details using zos_mvs_raw module.
- search_and_renew_raw.yml - Search and a renew a matching certificate found in the RACF_CERTIFCATE_EXPIRATION health check report using zos_mvs_raw module.
- create_CERTAUTH_cert_tsocmd.yml - Create a CERTAUTH certificate using zos_tso_command module.
- create_SITE_cert_tsocmd.yml - Create a SITE certificate using zos_tso_command module.
- create_USER_cert_tsocmd.yml - Create a USER certificate using zos_tso_command module.
- delete_cert_tsocmd.yml - Delete a certificate using zos_tso_command module.
- delete_keyring_tsocmd.yml - Delete a keyring using zos_tso_command module.
- list_cert_tsocmd.yml - Display a certificate details using zos_tso_command module.
- search_and_renew_tsocmd.yml - Search and a renew a matching certificate found in the RACF_CERTIFCATE_EXPIRATION health check report using zos_tso_command module.
- issue_operator_cmd - Issue an operator command
- issue_racf_cmd - Isuue RACF command(s)
- issue_tso_cmd - Issue TSO command(s)
- print_hc_buffer - Pull data from Health Checker
- send-template - send template to a zOS host
All changes are maintained chronologically by date found in the changelog.
© Copyright IBM Corporation 2020, 2021
Licensed under Apache License, Version 2.0.
Please refer to the support section for more details.