These sample playbooks when used with IBM Concert, ServiceNow, and Ansible Automation Platform can simplify the monitoring and resolution of RACF certificate issues.
It is a good practice to review the playbook contents before executing them. It will help you understand the requirements in terms of space, location, names, authority, and the artifacts that will be created and cleaned up.
- z/OS v2.5 or later
- z/OS Health Checker
- RACF
- Python v3.11
- ZOAU 1.3.0
These playbooks use:
collections:
- name: ibm.ibm_zos_core
version: 1.10.0
- name: ansible.posix
version: 1.5.4
- name: ansible.utils
version: 4.1.0
- name: community.general
version: 9.4.0
- name: servicenow.itsm
version: 2.7.0
send_cert_data.yml this playbook will run the z/OS Health Checker RACF Certificate Expiration report and pull the data into a CSV file and send it to an IBM Concert instance for visualization and management.
renew_cert.yml this playbook will renew a z/OS certificate using the certificate data sent in from a ServiceNow REST message using a job template on Ansible Automation Platform.
- get_cert_detail - Retrieve certificate details from RACF and build a CSV record
- issue_operator_cmd - Issue z/OS system command(s)
- issue_tso_cmd - Issue TSO command(s)
- print_hc_buffer - Pull data from Health Checker
- send-template - send template to a zOS host
These playbooks are designed to be used with Ansible Automation Platform (AAP) job templates. The information in the host_vars can be used to set up Inventory and Hosts on AAP.
Review the required inputs to each playbooks to set up Surveys on AAP so that external callers can call the AAP REST API correctly.
- Build an Execution Environment using the sample files provided
- Set up an AAP job template to renew a certificate on z/OS when requested by a REST caller
- Set up template survey for the following playbook variables:
concert_hostname: '' # i.e., https://hostname concert_port: '' concert_instance_id: '' concert_api_key: '' concert_api_key_type: '' - Set up an AAP schedule to send cert data to IBM Concert on a regular basis
- Create an Outbound REST message and a POST method to interact with AAP
- Create a business rule to send the POST REST message when an Incident ticket State changes
- Customize a script to send the correct inputs to the AAP job template to renew the certificate on z/OS
- Create a ServiceNow incident ticket to renew a certificate
All changes are maintained chronologically by date found in the changelog.
© Copyright IBM Corporation 2024
Licensed under Apache License, Version 2.0.
Please refer to the support section for more details.