Merge branch 'main' into enabler/1618/create_gdg_playbooks_into_respo…

…sitory

ibm_concert/cert_renewal/roles/print_hc_buffer/templates/HZSPRINT.J2 → ibm_concert/cert_renewal/HZSPRINT.J2

@@ -1,7 +1,7 @@
 {{ JOB_CARD }}
 //HZSPRINT EXEC PGM=HZSPRNT,TIME=1440,REGION=0M,PARMDD=SYSIN
 //SYSIN DD *,DLM='@@'
-CHECK({{ hc_check }})
+CHECK(IBMRACF,RACF_CERTIFICATE_EXPIRATION)
 ,EXCEPTIONS
 @@
 //SYSOUT   DD SYSOUT=A,DCB=(LRECL=256)

ibm_concert/cert_renewal/inventories/host_vars/zos_host.yml

@@ -23,3 +23,8 @@ ZOAU: "path_to_zoau"
 # variable`ansible_python_interpreter`
 ################################################################################
 ansible_python_interpreter: "{{ PYZ }}/bin/python3"
+
+# varibles for templates
+JOB_CARD: |-
+  //HZSPRINT JOB ,
+  //         MSGCLASS=H,MSGLEVEL=(1,1),CLASS=A

ibm_concert/cert_renewal/renew_cert.yml

@@ -71,16 +71,17 @@
       register: playbook_tmp_dir
 
     - block:
-        - ansible.builtin.include_role:
-            name: issue_operator_cmd
-          vars:
-            task_description: 'Run Health Checker'
-            command: "F HZSPROC,RUN,CHECK=(IBMRACF,RACF_CERTIFICATE_EXPIRATION)"
-
-        - ansible.builtin.include_role:
-            name: print_hc_buffer
-          vars:
-            hc_check: 'IBMRACF,RACF_CERTIFICATE_EXPIRATION'
+        - name: Run Health Checker
+          ibm.ibm_zos_core.zos_operator:
+            cmd: "F HZSPROC,RUN,CHECK=(IBMRACF,RACF_CERTIFICATE_EXPIRATION)"
+          register: zos_operator_output
+
+        - name: Get expiring certs report for IBMRACF,RACF_CERTIFICATE_EXPIRATION
+          ibm.ibm_zos_core.zos_job_submit:
+            src: '{{ playbook_dir }}/HZSPRINT.J2'
+            location: local
+            use_template: true
+          register: hc_job_output
 
         - name: Search for {{cert_label}} in report
           ansible.builtin.set_fact:
@@ -159,45 +160,39 @@
         - ansible.builtin.debug:
             var: cert_args
 
-        - ansible.builtin.include_role:
-            name: issue_tso_cmd
-          vars:
-            task_description: 'Back up current certificate'
-            command:
+        - name: Back up current certificate
+          ibm.ibm_zos_core.zos_tso_command:
+            commands:
               - RACDCERT EXPORT(LABEL('{{cert_label}}'))  DSN('{{ ansible_user }}.CERT.{{cert_type}}.BACKUP.{{today}}') {{cert_type}}
               - RACDCERT CHECKCERT('{{ ansible_user }}.CERT.{{cert_type}}.BACKUP.{{today}}')
           when: not cert_type == 'USER'
-
-        - ansible.builtin.include_role:
-
-            name: issue_tso_cmd
-          vars:
-            task_description: 'Back up current certificate'
-            command:
+          register: tso_cmd_output
+
+        - name: Back up current certificate
+          ibm.ibm_zos_core.zos_tso_command:
+            commands:
               - RACDCERT EXPORT(LABEL('{{cert_label}}')) ID({{owner_id}})  DSN('{{ ansible_user }}.CERT.{{cert_type}}.BACKUP.{{today}}')
               - RACDCERT CHECKCERT('{{ ansible_user }}.CERT.{{cert_type}}.BACKUP.{{today}}')  ID({{owner_id}})
           when: cert_type == 'USER'
+          register: tso_cmd_output
 
         - ansible.builtin.set_fact:
             random_str: "{{lookup('community.general.random_string', length=3, special=false)}}"
 
-        - ansible.builtin.include_role:
-            name: issue_tso_cmd
-          vars:
-            task_description: 'Rekey and Generate new cert request for {{cert_type}}'
-            command:
+        - name: Rekey and Generate new cert request for {{cert_type}}
+          ibm.ibm_zos_core.zos_tso_command:
+            commands:
               - RACDCERT {{cert_type}} REKEY(LABEL('{{cert_label}}')) WITHLABEL('{{cert_label[:-3]}}{{random_str}}') NOTAFTER(DATE({{expiry_date}}))
               - RACDCERT {{cert_type}} ROLLOVER(LABEL('{{cert_label}}')) NEWLABEL('{{cert_label[:-3]}}{{random_str}}')
               - RACDCERT {{cert_type}} LIST(LABEL('{{cert_label[:-3]}}{{random_str}}'))
               - RACDCERT {{cert_type}} DELETE(LABEL('{{ cert_label }}'))
               - RACDCERT {{cert_type}} ALTER(LABEL('{{ cert_label[:-3]}}{{random_str}}')) NEWLABEL('{{ cert_label }}')
           when: cert_type == 'CERTAUTH'
+          register: tso_cmd_output
 
-        - ansible.builtin.include_role:
-            name: issue_tso_cmd
-          vars:
-            task_description: 'Rekey and Generate new cert request for {{cert_type}}'
-            command:
+        - name: Rekey and Generate new cert request for {{cert_type}}
+          ibm.ibm_zos_core.zos_tso_command:
+            commands:
               - RACDCERT {{cert_type}} REKEY(LABEL('{{cert_label}}')) WITHLABEL('{{cert_label[:-3]}}{{random_str}}') NOTAFTER(DATE({{expiry_date}}))
               - RACDCERT {{cert_type}} GENREQ (LABEL('{{cert_label[:-3]}}{{random_str}}'))  DSN('{{ ansible_user }}.CSR.{{cert_type}}.{{today}}')
               - RACDCERT {{cert_type}} GENCERT('{{ ansible_user }}.CSR.{{cert_type}}.{{today}}')  SIGNWITH({{sign_with}} LABEL('{{cert_args.cert_signer}}')) NOTAFTER(DATE({{expiry_date}}))
@@ -206,12 +201,11 @@
               - RACDCERT {{cert_type}} DELETE(LABEL('{{ cert_label }}'))
               - RACDCERT {{cert_type}} ALTER(LABEL('{{ cert_label[:-3]}}{{random_str}}')) NEWLABEL('{{ cert_label }}')
           when: cert_type == 'SITE'
+          register: tso_cmd_output
 
-        - ansible.builtin.include_role:
-            name: issue_tso_cmd
-          vars:
-            task_description: 'Rekey and Generate new cert request for {{cert_type}}'
-            command:
+        - name: Rekey and Generate new cert request for {{cert_type}}
+          ibm.ibm_zos_core.zos_tso_command:
+            commands:
               - RACDCERT ID({{owner_id}}) REKEY(LABEL('{{cert_label}}')) WITHLABEL('{{cert_label[:-3]}}{{random_str}}')  NOTAFTER(DATE({{expiry_date}}))
               - RACDCERT ID({{owner_id}}) GENREQ (LABEL('{{cert_label[:-3]}}{{random_str}}'))  DSN('{{ ansible_user }}.CSR.{{cert_type}}.{{today}}')
               - RACDCERT ID({{owner_id}}) GENCERT('{{ ansible_user }}.CSR.{{cert_type}}.{{today}}')  SIGNWITH({{sign_with}} LABEL('{{cert_args.cert_signer}}')) NOTAFTER(DATE({{expiry_date}}))
@@ -220,6 +214,7 @@
               - RACDCERT ID({{owner_id}}) DELETE(LABEL('{{cert_label}}'))
               - RACDCERT ID({{owner_id}}) ALTER(LABEL('{{ cert_label[:-3]}}{{random_str}}')) NEWLABEL('{{ cert_label }}')
           when: cert_type == 'USER'
+          register: tso_cmd_output
 
         - name: Save new expiration date
           ansible.builtin.set_fact: