It’s a short introduction on what it’s possible to do with Ansible on AIX. Ansible is agentless so requirements are pretty low but operating system support by Ansible define what it’s really possible to do. I will give some basic examples through a playbook I use to customize my AIX systems.

requirements

Like said in the introduction, the requirements are pretty easy for Ansible. For me, it’s one of the selling points. No need to setup a complex infrastructure before being able to use it.

OpenSSH

Ansible use ssh so obviously you need it installed. It’s the standard default in most environments.

A simple example of OpenSSH installation by NIM:

nimclient -o cust -a lpp_source="AI71-TL3SP3" -a filesets="openssh.base.server" -a accept_licenses=yes
...
+-----------------------------------------------------------------------------+
                                Summaries:
+-----------------------------------------------------------------------------+

Installation Summary
--------------------
Name                        Level           Part        Event       Result
-------------------------------------------------------------------------------
openssh.base.client         6.0.0.6103      USR         APPLY       SUCCESS
openssh.base.server         6.0.0.6103      USR         APPLY       SUCCESS
openssh.base.client         6.0.0.6103      ROOT        APPLY       SUCCESS
openssh.base.server         6.0.0.6103      ROOT        APPLY       SUCCESS

Python

You will need tk.base and tcl.base bff packages provided with AIX. They are installed by default on a vanilla AIX installation.

To install Python, I used the packages from the official IBM linux toolbox for aix.

You need:

  • db
  • gdbm
  • expat
  • readline
  • python

Installation is performed by rpm but you can use yum on AIX now if you want.

# rpm -Uvh db-4.8.24-3.aix6.1.ppc.rpm  gdbm-1.8.3-5.aix5.2.ppc.rpm expat-2.0.1-2.aix5.3.ppc.rpm readline-6.1-2.aix6.1.ppc.rpm python-2.7.10-1.aix6.1.ppc.rpm
db                          ##################################################
gdbm                        ##################################################
expat                       ##################################################
readline                    ##################################################
python                      ##################################################

Ansible test

Let’s test if Ansible can work.

I have a small hosts file containing this informations:

[aixtestlab]
adxlpar1 ansible_user=root
adxlpar2

I use ansible_user parameter to use root user for ssh connection. It’s the only user available by default on the vanilla AIX system.

Let’s try to run the module setup on my my system adxlpar1:

ansible adxlpar1 -i hosts -m setup --ask-pass

I didn’t exchange ssh keys yet so I use the parameter –ask-pass to be prompted for the password.

The output should start like that(output truncated):

ansible adxlpar1 -i hosts -m setup --ask-pass                                                                                                                                      
adxlpar1 | success >> {
    "ansible_facts": {
        "ansible_all_ipv4_addresses": [
            "10.0.0.171"
        ],
        "ansible_all_ipv6_addresses": [
            "::1%1/0"
        ],
        "ansible_architecture": "chrp",

simple playbook

I will show a part of my standard playbook when I setup a new test AIX partition.

It’s executed with ansible-playbook command.

I made a gist named ansible_aix_quick.yml containing the playbook.

To execute it:

 ansible-playbook -i hosts ansible_aix_quick.yml

user management

First I create my group and user:

- name: add group adejoux
  group: name=adejoux state=present
- name: create user adejoux
  user: name=adejoux comment="Alain Dejoux" uid=1000 group=adejoux

Another nice feature of the user module is the possibility to generate the user’s ssh key:

     
- name: generate ssh key for adejoux
  user: name=adejoux generate_ssh_key=yes ssh_key_type=ecdsa ssh_key_file=.ssh/id_ecdsa ssh_key_bits=256

Running it will give this output:

ansible-playbook -i hosts user.yml --ask-pass
SSH password:

PLAY [aixtestlab] **************************************************************

TASK [add group adejoux] *******************************************************
changed: [adxlpar1]

TASK [create user adejoux] *****************************************************
changed: [adxlpar1]

TASK [generate ssh key for adejoux] ********************************************
changed: [adxlpar1]

PLAY RECAP *********************************************************************
adxlpar1                   : ok=3    changed=3    unreachable=0    failed=0

logical volumes

No module is available to manage AIX LVM so the only nice way is to use the command module and check if the device is created in /dev:

- name: create logical volume lvroot
 command: mklv -t jfs2 -y lvroot rootvg 1G
 args:
   creates: /dev/lvroot
- name: create logical volume lvtools
 command: mklv -t jfs2 -y lvtools rootvg 1G
 args:
   creates: /dev/lvtools

filesystems

Same for filesystems. Here the check is less reliable, the directory itself could exist.

- name: create filesystem /root
  command: crfs -v jfs2 -A yes -m /root -d lvroot
  args:
    creates: /root
- name: create filesystem /tools
  command: crfs -v jfs2 -A yes -m /tools -d lvtools
  args:
    creates: /tools

mount

Here the mount module works pretty well:

- name: mount /root
      mount: name=/root src=/dev/lvroot state=mounted fstype=jfs2
- name: mount /tools
  mount: name=/tools src=/dev/lvtools state=mounted fstype=jfs2

deploying ssh keys

The authorized_key module allows key deployment.

- name: deploy authorized key
  authorized_key: user=root key="{{ lookup('file', '/Users/adejoux/.ssh/id_rsa.pub') }}"

copy file

The copy module allows to push configuration file easily.

- name: deploy root profile
  copy:  src=root_profile dest=/root/profile owner=root group=system

For information, here the small profile file I use:

  
export PS1="$(whoami)@$(hostname)(\$PWD)# "
export PATH=$PATH:/usr/local/bin:/opt/IBM/xlc/13.1.2/bin/:/opt/chef/bin
export EDITOR=/usr/bin/vi
export HISTSIZE=10000
export EXTENDED_HISTORY=ON
set -o vi

OpenSSH AIX version and module hang

You can have some hang problems when running Ansible on AIX for modules like copy/template. It’s related to pseudo terminal allocation not working properly with the openssh implementation on AIX.

Here the thread talking about it: https://groups.google.com/forum/#!topic/ansible-project/IQoTNwDBIiA

Wrapping up

I like Ansible a lot because it’s really easy to setup and realize things quickly. Automation is fun. :) This article is just a small introduction showing than Ansible work pretty well with AIX and it’s pretty easy to perform tasks with it.