Skip to content

IBM/zos-core-collection-ftp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

94 Commits

collections

collections

 
 

meta

meta

 
 

plugins

plugins

 
 

tests

tests

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

README_ja.md

README_ja.md

 
 

__init__.py

__init__.py

 
 

galaxy.yml

galaxy.yml

 
 

Repository files navigation

Ansible Collection - ibm.ibm_zos_core_ftp

This is a collection that provides some of the functionality of the IBM z/OS core collection via FTP, and was developed to make Ansible available to customers who do not meet the prerequisites for the IBM z/OS core collection.

It is designed to make it easy to migrate from this collection to the original one when you are ready to use it. You can use the same module names and parameter names, and expect the same return values.

Features

You can use the following modules. For guides and reference, please review the documentation.

  • zos_job_submit
  • zos_operator
  • zos_tso_command
  • zos_job_output

You can also use FTPS (FTP over SSL/TLS) to settle the FTP security issue.

Requirement

  • z/OS

    • FTPD is running on the z/OS
    • A userid with access to JESSPOOL resources for SDSF

  • Ansible 2.9 or above

    • Python 3

Installation

Install the IBM z/OS core FTP collection in your environment.

git clone https://github.com/IBM/zos-core-collection-ftp.git
cd zos-core-collection-ftp
ansible-galaxy collection build
ansible-galaxy collection install daiki_shimizu-ibm_zos_core_ftp-1.0.0.tar.gz

Next, set your FTP login information and job class parameters to the environment variables.

export FTP_USERID=ftp_userid
export FTP_PASSWORD=ftp_password
export FTP_HOST=ftp_hostname
export FTP_PORT=ftp_port
export FTP_JOB_CLASS=job_class
export FTP_JOB_MSGCLASS=job_msgclass

Finally, give access to the JESSPOOL resources to the userid.

  • If SAF is disabled, define the userid as a member of ISFSPROG group in ISFPRMxx.
  • If SAF is enabled, define one of the following resource profiles of the SDSF class and grant access to the profile to the userid.

To grant access to GROUP.ISFSPROG.SDSF resource profile.

RDEFINE SDSF GROUP.ISFSPROG.SDSF UACC(NONE)
PERMIT GROUP.ISFSPROG.SDSF CLASS(SDSF) ID(userid) ACCESS(READ)
SETROPTS RACLIST(SDSF) REFRESH

To grant access to ISF*.** resource profile.

RDEFINE SDSF ISF*.** UACC(NONE)
PERMIT ISF*.** CLASS(SDSF) ID(userid) ACCESS(ALTER)
SETROPTS RACLIST(SDSF) REFRESH

Usage

Create a playbook file as below.

site.yml

---
- hosts: localhost
  collections: 
    - daiki_shimizu.ibm_zos_core_ftp

  tasks:
    - name: Submit a JCL on z/OS Dataset
      zos_job_submit:
        src: DAIKI.ANSIBLE.PDS(BR14CRE)
        location: DATA_SET

    - name: Submit a local JCL
      zos_job_submit:
        src: /tmp/BR14CR1
        location: LOCAL

    - name: Execute an operator command
      zos_operator:
        cmd: "D U,DASD,ONLINE"

    - name: Execute a TSO command
      zos_tso_command:
        commands:
          - "LU DAIKI"
    - name: Display a job output
      zos_job_output:
        job_id: "JOB08047"

Then, execute the playbook.

ansible-playbook site.yml

How to connect z/OS via a SSH tunnel SOCKS5 proxy

This collection support SSH tunnel SOCKS5 proxy(hereafter referred to as jumphost). If you would like to connect z/OS via a jumphost like jumphosts, you should do the following additional steps.

First, install PySocks in your controller node.

pip3 install PySocks

Second, set the port number for SSH tunnel to FTP_SOCKS_PORT environment variable.

export FTP_SOCKS_PORT=10022

Finally, add a task to establish an SSH tunnel in the beginning of the tasks in the playbook. According to your environemt, set the username and IP address of the jumphost to jumphost_ssh_user and jumphost_ip_address. And set the ssh private key required to connect the jumphost to JUMPHOST_SSH_PRIVATE_KEY. The port number (10022) specified here must match that of FTP_SOCKS_PORT above.

  tasks:
    - shell: |
        bash -c '/usr/bin/ssh -CfNq -D 127.0.0.1:10022 {{ jumphost_ssh_user }}@{{ jumphost_ip_address }} -i $JUMPHOST_SSH_PRIVATE_KEY -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ;sleep 30'

How to establish FTPS secure connection

Currently, you can use TLS 1.2. To establish FTPS secure connection, you have to set 1.2 to FTP_TLS_VERSION environment variable and the path of the FTPS certificate to FTP_TLS_CERT_FILE environment variable.

export FTP_USERID=ftp_userid
export FTP_PASSWORD=ftp_password
export FTP_HOST=ftp_hostname
export FTP_PORT=ftps_port
export FTP_JOB_CLASS=job_class
export FTP_JOB_MSGCLASS=job_msgclass
export FTP_TLS_VERSION=1.2
export FTP_TLS_CERT_FILE=certificate.pem

When you don't use FTPS, delete the definition of the FTP_TLS_VERSION environment variable.

unst FTP_TLS_VERSION

Author

Copyright

IBM Corporation 2021.

License

Apache License Version 2.0.

About

IBM z/OS core collection via FTP

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

10 stars

Watchers

6 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages