Adding CIs manually to Tag-based Application Services

Johannes · ‎02-22-2024

A lot of our Application Services are Tag-based.

Some of them should also include CIs where external tags are not present, and the CIs are not possible to engulf using Traversal Rules (like Solaris servers).

The "Tag Governance" app is to my knowledge not an app that can effectively be used for this, and giving users write access to the cmdb_key_value is not a good option, as this allows users to pick any (wrong) CI.

My initial thought is to create a simple app that allows users to first pick CIs (and in my example, only from the Solaris server class, maybe also only the CIs where the user is part of any of the groups on the CI), list some attributes like IP, serial number etc. (to make them more aware of what CIs they actually have chosen), and then give them the possibility to fill inn the key/values they want.

For clean-up, I guess I should have some automation removing the key/value-records when e.g. the "Operational Status = Retired", "Most Recent Discovery > X days" or similar.

But before I do this, maybe somebody else has done this already, and would like to share their experience?

(Is this maybe something you have coming for "Tag Governance" @Ram Devanathan1?)

damianfell · ‎07-23-2024

We have done something similar for AIX devices, and physical servers, but haven't yet written an "app" to do it, thus far we've given our cmdb admin team (anyone with discovery_admin role) CRUD access to the cmdb_key_value table.

As far as POC goes the only important thing here is to ensure you absolutely only add tags to CI classes that aren't updated by discovery, since all the discovery patterns immediately delete any tags that don't exist in Azure/Vcenter/OCI.

Further more you cant use tag-governance to correct any discovered tags unless you enable the capability to write back to the source other wise again discovery flips the values.

Our next plan for the 'undiscoverable' tags, rather than develop an app as such; is to put in place a simple request item for the portal, allowing Unix admins and service owners to select only AIX CI's and pre-existing tag values to quickly add in these to tag based services.

Alex111 · ‎07-25-2024

@Johannes, we too are working on the same issue and are looking at something as simple as a catalog item to help facilitate the ability to allow certain CI's to be added to service maps using tag-based mapping.

We currently are using an import from a spreadsheet to get the tags (key/value) into the system for certain CI's, but data control is limited using a spreadsheet so we are looking to use data from within the CMDB to help add those CI's to current service maps.

When we get this completed, I would be happy to share our approach.

If you have already worked out a solution, would love to hear what you all came up with for your solution.

Thanks!

Alex

Kyle Cribbs3 · ‎01-06-2025

Any updates? Would like to see this

Johannes · ‎01-06-2025

We ended up creating a catalog item where the user picks the relevant Tag-based Application Service. It then lists the CIs currently added by "external" tags (from vCenter/Azure/AWS) that can not be removed by the item, but allows for picking CIs (from some predefined classes) that needs to be tagged manually by the catalog item. Also, the catalog item allows the user to remove the manually added CIs.

The tags are written directly to the server CIs (instead of the Virtual Machine Instance CIs), which also makes it easier to distinguish them from the "external" tags.

This works pretty good, except for when a CI needs to be tagged to multiple Application Services of different environments. Then our tagging strategy, which consist of two key/value pairs (a BA number and an environment), is messing things up. Fortunately, this is not a big issue as of now, but I need to figure out how to handle this if it becomes more common here.

Ragini BG · ‎07-30-2025

Hi @Johannes ,

Did you figure out a way to clean-up the CIs? In our environment we are tagging resources at the Resource Group level in Azure. So, based on traversal rules it'll display all the resources related to a particular resource group on the map. However, we have a situation, where the resource group is active but there with no active resources, all of them are marked retired. But our map is still displaying the retired CIs.

I'd appreciate if you could share your insights on this if you implemented a solution to this problem.

Thanks,

Ragini