Run Ansible playbooks from IBM AIX NIM

Introduction

IBM AIX Network Installation Management (NIM) allows you to manage the installation of the base operating system (BOS) and optional software on one or more systems. The NIM environment includes client and server systems. A server provides resources (for example, files and programs required for installation) to another system. A system that is dependent on a server to provide resources is known as a client.

A large number of operations can be performed to manage NIM clients that includes software installation and maintenance of clients from a server.

Ansible, on the other hand is an open source, command-line IT automation software application that is quite simple to use. It involves minimal effort for configuration and setup updates to perform any task. It uses Open Secure Shell (OpenSSH) for transport, and uses a human-readable language that is designed for getting started quickly without a lot of training.

However, Ansible requires setting up a passwordless Secure Shell (SSH) access between the controller node and all the managed nodes. With a large environment of AIX systems, this can be a tedious task. Instead of setting up this passwordless SSH, we can use NIMSH for communication between the clients and run playbooks on NIM clients. NIMSH is the communication channel that is used by a NIM server to communicate with NIM clients.

Let us get into the details of how to use (or run) Ansible playbooks on NIM clients in a NIM environment.

Setting up the NIM server for Ansible playbook

Let us go through the complete process of setting up your NIM server for running Ansible playbooks.

Install Ansible on NIM clients

We need to install Ansible on all NIM clients so that Ansible runs playbooks on the NIM clients locally. You can find the ansible package from AIX Toolbox. The steps to set up the dnf package manager and installation can be found at DNF is now available on AIX Toolbox. You can also automate the RPM Package Manager (RPM) installation on NIM clients using the cust operation. Refer How to install RPM's using NIM Master for more details.

The RPMs can be downloaded from toolbox using dnf for your lpp_source resource as follows.

# mkdir -p /tmp/ans_download
# /opt/freeware/bin/dnf install --downloadonly --downloaddir=/tmp/ans_download ansible*
AIX generic repository 3.3 MB/s | 20 MB 00:05
AIX noarch repository 4.2 MB/s | 3.4 MB 00:00
AIX 7.3 specific repository 1.3 MB/s | 409 kB 00:00
Last metadata expiration check: 0:00:01 ago on Wed Sep 4 02:00:30 2024.
Dependencies resolved.
{...}
Install 15 Packages

Total download size: 55 M
Installed size: 321 M
DNF will only download packages for the transaction.
Is this ok [y/N]: y
Downloading Packages:
(1/15): libffi-3.4.4-2.aix7.1.ppc.rpm 419 kB/s | 73 kB 00:00
{...}
(15/15): ansible-7.2.0-1.aix7.1.noarch.rpm 8.2 MB/s | 47 MB 00:05
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 8.8 MB/s | 55 MB 00:06
Complete!
# ls /tmp/ans_download
ansible-7.2.0-1.aix7.1.noarch.rpm libyaml-0.2.5-1.aix7.1.ppc.rpm python3.9-packaging-23.1-1.aix7.1.noarch.rpm
ansible-core-2.14.13-1.aix7.1.noarch.rpm python3.9-cffi-1.13.2-2.aix7.1.ppc.rpm python3.9-pycparser-2.19-2.aix7.1.noarch.rpm
libffi-3.4.4-2.aix7.1.ppc.rpm python3.9-cryptography-3.4.7-5.aix7.1.ppc.rpm python3.9-pyyaml-5.4.1.1-2.aix7.1.ppc.rpm
libgcc-10-2.aix7.3.ppc.rpm python3.9-jinja2-3.1.4-1.aix7.1.noarch.rpm python3.9-resolvelib-0.5.4-1.aix7.1.noarch.rpm
libgcc10-10.3.0-6.aix7.3.ppc.rpm python3.9-markupsafe-2.1.2-1.aix7.1.ppc.rpm python3.9-six-1.13.0-2.aix7.1.noarch.rpm
#
# rpm -qa | grep ansible
ansible-7.2.0-1.noarch
ansible-core-2.14.13-1.noarch
#

Note: The default path for opensource software installations on AIX is /opt/freeware/bin. Make sure you add it to your PATH variable.

Install the ibm.power-aix collection from Ansible Galaxy

The AIX collection for IBM Power offers modules designed to manage the configuration and deployment of AIX on Power systems. It enables the integration of workloads on Power platforms into an organization's enterprise automation strategy using the Ansible ecosystem.

If you are planning to use the ibm.power-aix collection, you need to download it on all NIM clients using the following command:

# /opt/freeware/bin/ansible-galaxy collection install ibm.power_aix 
Starting galaxy collection install process
Process install dependency map
Starting collection install process
Downloading https://galaxy.ansible.com/api/v3/plugin/ansible/content/published/collections/artifacts/ibm-power_aix-1.9.2.tar.gz to /.ansible/tmp/ansible-local-78647128a8spqy_/tmpff4x6xf6/ibm-power_aix-1.9.2-xglonvx0
Installing 'ibm.power_aix:1.9.2' to '/.ansible/collections/ansible_collections/ibm/power_aix'
ibm.power_aix:1.9.2 was installed successfully
#

This step can also be automated to run on all NIM clients from the NIM server using the cust operation with a NIM script.

Prepare playbooks and export

Now you can start preparing your Ansible playbooks on the NIM server.

As an example, I prepared a playbook which uses the ibm.power_aix collection to run the alt_disk_copy command on the client.

# pwd
/ansible_workspace
# ls -lrt
total 8
-rw-r--r--    1 root     system          281 Sep 03 03:28PM alt_disk_copy.yaml
# cat alt_disk_copy.yaml
---

- name: "ALT_DISK on AIX"
  hosts: all
  gather_facts: no
  vars:
    host_name: all
    targets: hdisk1
  collections:
    ibm.power_aix

  tasks:
    - name: Perform an alternate disk copy of the rootvg to hdisk1
      alt_disk:
        action: copy
        targets: hdisk1
#

You need to export this directory to Network File System (NFS) clients so that NIM clients can mount and use the playbook.

# mknfsexp -d /ansible_workspace
# lsnfsexp
/ansible_workspace -sec=sys:none,rw
#

Prepare NIM script

Now prepare the NIM script that you can run on a NIM client to trigger Anisble playbooks.

# cat /nim/ansible/script1/play_script
#!/bin/ksh

echo "Mounting playbook directory from NIM server."

/usr/bin/mkdir -p /playbook_mnt
/usr/sbin/mount installp8-lp1:/ansible_workspace /playbook_mnt
if [ $? != 0 ]; then
        echo "NFS mount failed.!"
        exit 1
fi

echo "Running ansible playbook on Client."
/opt/freeware/bin/ansible-playbook --connection=local --inventory=127.0.0.1, /playbook_mnt/alt_disk_copy.yaml
if [ $? != 0 ]; then
        echo "Ansible ERROR!"
        exit 1
fi

echo "Cleanup..."
/usr/sbin/umount -f /playbook_mnt > /dev/null 2>&1
/usr/bin/rm -rf /playbook_mnt > /dev/null 2>&1
# nim -o define -t script -a location=/nim/ansible/script1/play_script -a server=master play_script
# lsnim -l play_script
play_script:
   class       = resources
   type        = script
   Rstate      = ready for use
   prev_state  = unavailable for use
   location    = /nim/ansible/script1/play_script
   alloc_count = 0
   server      = master
#

Perform the NIM cust operation to run the playbook

You can now use the play_script command to perform a NIM cust operation on the client, which will run the Ansible playbook we created.

# nim -o cust -a script=play_script installp8-lp2
Mounting playbook directory from NIM server.
Running ansible playbook on Client.

PLAY [ALT_DISK on AIX] *********************************************************

TASK [Perform an alternate disk copy of the rootvg to hdisk1] ******************
[WARNING]: Platform aix on host 127.0.0.1 is using the discovered Python
interpreter at /usr/bin/python3.9, but future installation of another Python
interpreter could change the meaning of that path. See
https://docs.ansible.com/ansible-
core/2.14/reference_appendices/interpreter_discovery.html for more information.
changed: [127.0.0.1]

PLAY RECAP *********************************************************************
127.0.0.1 : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

Cleanup...
#

The play_script command will be run on NIM client by the NIM server. As the play_script command takes care of mounting the playbook directory on the NIM client, Ansible can be run directly to trigger the playbook locally.

Using this method, you can create your own Ansible playbooks and use NIM to run them on your NIM clients.

Summary

In this tutorial, we understood how the existing NIM environments can use a simple automation to run the Ansible playbooks on the NIM clients. This approach provides a very useful method to combine the NIM environments with easily writeable Ansible playbooks, providing the best of both (NIM environment and Ansible playbooks).