I spoke about it several years ago at the GSE Germany IBM Power working group. Then, I spoke about it at IBM TechXchange in the USA. Then I spoke about it at POW3R in Germany and at the Common Europe Congress in Czech. I often explained how to manage every possible version of the Virtual I/O Server with Ansible - 2.2, 3.1, and 4.1. But I never wrote a newsletter about it. I think it is time to bootstrap VIOS for use with Ansible!

But… why do we need to bootstrap it?

Everyone heard that Virtual I/O Server 4.1 supports Ansible natively. What can be easier? Install Virtual I/O Server 4.1 and use it with Ansible!

Easy?

Oops! It doesn’t look like it is working out of the box. We must do some steps to use Virtual I/O Server 4.1 with Ansible.

Bootstrapping Virtual I/O Server 4.1 for Ansible

Virtual I/O Server 4.1 is AIX 7.3-based appliance. It has SSH and Python out of the box. The only problem is that the user padmin (default administrative user on the VIOS) is running a restricted shell. It doesn’t allow running Python or creating temporary files outside the home directory.

It means we need a special user. I’ve heard once that it is not allowed on VIOS. This is wrong. Quite the opposite. From a security point of view, you are not allowed to use the padmin user. Similarly, you are not allowed to use the root user on AIX. You must create your personal account on VIOS as you do on AIX. I hope you do. Then you can use the personal account for Ansible.

Because I write about a general case, I create the user ansible. It is a bad name for such a user, but it is just an example!

Switch into oem_setup_env mode and create the user with some roles. Which roles you use is up to you. I found the following list useful:

$ oem_setup_env
# mkuser roles=PAdmin,CacheAdm,FSAdmin,pkgadm,SysBoot,isso default_roles=PAdmin,CacheAdm,FSAdmin,pkgadm,SysBoot,isso ansible

Note that I write the same list in the roles and the default_roles attributes. It means the user will get the roles effectively when logging in. There is no need to execute the swrole command after logging in. Anyway, Ansible can’t execute it. Unless you developed an swrole plugin for it.

After you create the user, set a password for it, deploy your SSH keys, or do whatever you usually do with users.

At this point, Ansible should start working. It complains about the Python interpreter, but it is OK. As you can see, I use VIOS 4.1.1.00 with the standard Python 3.11 in this example.

Bootstrapping Virtual I/O Server 3.1 for Ansible

Virtual I/O Server 3.1 is AIX 7.2-based appliance. AIX 7.2 doesn’t have Python by default. To automate Virtual I/O Server 3.1 with Ansible, you must first install Python. The easiest way to do it is to install DNF. If you don’t like DNF (why?), you are not obliged to configure or use it. Of course, if you are a purist, you can download and install only the RPM packages you need.

Otherwise, download the latest DNF bundle from the AIX toolbox site, unpack it on your VIOS, and execute the script from the bundle. You don’t need an Internet connection, and it takes 5 minutes to install Python on VIOS.

After you install Python, you must create the user. Same way as we did for Virtual I/O Server 4.1.

The only problem is that your Python interpreter is in /opt/freeware/bin and can’t be found by Ansible by default. That’s why I’d suggest to create a link to it into /usr/bin:

# ln -s /opt/freeware/bin/python3.9 /usr/bin/python3.9 

Bootstrapping Virtual I/O Server 2.2 for Ansible

If you still have Virtual I/O Server 2.2, you should do the same steps I described for Virtual I/O Server 3.1. Unfortunately, you can’t use the DNF bundle. You must find and install Python for AIX 6.1.

I did such a bundle for me some time ago because I had to upgrade several Virtual I/O Server 2.2 to 3.1, and I didn’t like the idea of doing it manually. You can download the bundle, unpack it on your VIOS, and install all RPM packages.

# wget https://dl.power-devops.com/vios61_bundle.tar.gz
# mkdir rpms ; cd rpms
# gunzip -dc ../vios61_bundle.tar.gz | tar xf -
# rpm -ivh *rpm

No warranties if it doesn’t work for you. VIOS 2.2 has been out of support for many years.

Heterogeneous VIOS infrastructure

Even if I wish to have the same VIOS version everywhere, it is not always possible. I can encourage you to do it, but let’s be honest. If you have 20 VIOSes and are in the middle of upgrading them from 3.1 to 4.1, you probably have some VIOS 4.1 and some VIOS 3.1. Worse if you have an old POWER6 box somewhere in the secret datacenter, where you can use only VIOS 2.2.

It means you have different Python versions and paths to the Python interpreter on your VIOSes.

If we talk only about VIOS 3.1 and 4.1, my proposed solution is easy to implement. Install DNF on VIOS 3.1 and 4.1 and use /opt/freeware/bin/python3 as the Ansible Python interpreter.

There is one more advantage of using Python from the AIX Toolbox for open-source applications. For some Ansible modules, you may need additional Python libraries. From my experience, installing them using the Toolbox Python is sometimes easier. But it is up to you. Depending on your playbooks, you may never need additional libraries.

Another way to solve the problem is to use inventory variables and set ansible_python_interpreter in the inventory.

Of course, you can solve the problem dynamically by using Ansible like:

    - name: Get VIOS version
      ansible.builtin.raw: cat /usr/ios/cli/ios.level
      register: ioslevel

    - name: Set VIOS4 Python
      ansible.builtin.set_fact:
        ansible_python_interpreter: /usr/opt/python3/bin/python3.9
      when: ioslevel.stdout_lines.0 is version('4.1', '>=')

    - name: Set VIOS3 Python
      ansible.builtin.set_fact:
        ansible_python_interpreter: /opt/freeware/bin/python3.9
      when: ioslevel.stdout_lines.0 is version('4.1', '<')

If you wish, you can add the check to see if the Python interpreter really exists on the system.

Support the Power DevOps Newsletter!

Upgrade to our paid tier to unlock every article in the archive. Become a Founding Member for a little extra and book a 1-to-1 coffee chat with Andrey Klyachkin.

Can I use Ansible to bootstrap VIOS with Ansible?

Yes, you can! It wouldn’t be the best Ansible playbook because if you don’t have a Python interpreter, you can only use the ansible.builtin.raw module, which is not idempotent.

Another problem is not technical. It would be too long to describe the whole playbook in this newsletter. That’s why I will do it in the next newsletter. Meanwhile, you can also study IBM’s code for the same purpose.

Have fun bootstrapping VIOS for Ansible!

Andrey

Hi, I am Andrey Klyachkin, IBM Champion and IBM AIX Community Advocate. This means I don’t work for IBM. Over the last twenty years, I have worked with many different IBM Power customers all over the world, both on-premise and in the cloud. I specialize in automating IBM Power infrastructures, making them even more robust and agile. I co-authored several IBM Redbooks and IBM Power certifications. I am an active Red Hat Certified Engineer and Instructor.

Follow me on LinkedIn, Twitter and YouTube.

You can meet me at events like IBM TechXchange, the Common Europe Congress, and GSE Germany’s IBM Power Working Group sessions.