The following article describes an approach to integrate with an IPAM tool which is not an official and supported one. It helps organizations to cover this need in a custom way.
Modules needed:
- ServiceNow CPG
- ServiceNow Terraform application
- Flow designer starter pack
The Orlando release of ServiceNw CPG supports Infoblox as an IPAM tool natively. To cover other providers in this space, some customization needs to be implemented. I will describe here an approach that enables to integrate with another IPAM actor without too much effort.
In this example we used PhpIpam solution to handle IP assignments. The approach can be adapted to any other solutions that exposes REST API
Here are the different steps that we'll describe in detail:
- Creation of a PhpIpam flow designer action to connect via REST API
- Create a custom table that will store the output of the previous action
- Creation of another flow designer action that manages the output of the PhpIpam action and writes it into the previous created table
- Creation of the flow designer subflow gathering the above actions
- Call the subflow from a Cloud Catalog item in a preprovisioning step
- Create a script include that will be called from a catalog item variable to retrieve the IP address value stored in the custom table
- Call the above script from an "IP address" variable contained in the cloud catalog item
- Make the above IP address variable not visible for end users
- Launch the cloud catalog item
let's see in detail how to implement these steps:
1. Flow designer is used to integrate with PhpIpam
The first step is to create a flow designer action using the REST step.
This REST step uses the solution API to request a new IP address
Note: At the time of this article, I have not built an integration with PhPipam. I'm just describing the approach here
The PhpIpam action would look like this:
- One step using REST API to get phpIpam token
- a second step using a script to parse the output of the previous step and get the token
- A third step using REST API to get an available ip address from phpIpam
- A last script step that parses the output of the previous step to get the IP address
2. Create a custom table that extends the "application file" table
Define the following columns:
- Correlation ID: string type, max length 256
- Stack: reference type (select the stack table available which is "sn_cmp_stack"), max length 32
- IP address: string type, max length 40
3. Create another Flow Designer action that writes the PhpIpam output in the previous custom table with the corresponding values for the columns:
Define the following input in the action:
- error
- log
- ipaddress
- correlationid
- stack
Add a script step that writes the above inputs in the custom table created earlier.
Create the exact same inputs than before and drag an drop the value from the action inputs to the step inputs:
Add the script "IPAMReturnAction" attached into the "script" field and change the name of the table with your specific table name (which is "x_snc_cpg_and_ipam_cpg_and_ipam_support" in the file)
Define a result output for the step:
Define the same result output for the action. Exit the edit mode and drag and drop the result variable from the step to the action result output:
Save and publish it
4. Create the flow designer subflow:
Here what the subflow looks like:
Note: The "PhpIpamRestCall" action hasn't been tested and neither created. You will have to build it with an output that passes the retrieved IP address.
Define the following inputs:
- flowcorrelationid
- stackid
The IPAMReturnAction" is the one created earlier that writes the output of the "PhpIpamRestCall" action into the custom table
Drag and drop the necessary values in the action inputs:
- ipaddress: drag and drop the value from the previous action (in the example below we've put an hardcoded value as we didn't have a ready integration with PhpIpam)
- correlationid: drag and drop the value from the subflow input
- stack: drag an drop the value from the subflow input
The "CMPTfeReturnAction" is an action provided with CPG and Terraform integration.It enables the usage of the flow designer flows in preprovisioning and postprovisioning steps. This action enables synchronisation between CPG and Flow Designer. It actually writes an output and the flowcorrelationid into a CPG table.
Just drag and drop the value of the flowcorrelationid from the subflow input to the corresponding input of the action:
Save and publish
5. Define the previous flow designer subflow as a preprovisioning step:
Go into the cloud admin portal and select the resource block section.
Choose one resource block that represents a cloud catalog item that has already been created. In our case it will be "testvmware":
Click on the "Operations" tab, click on "steps" and then choose the "PreProvision" operation.
Put the resource block on draft mode and add a flow step. Choose the subflow we previously created:
Once the preprovisioning step has been created, the inputs should automatically be created. Put the following values for the inputs:
- flowcorrelationid:$(Script:CMPFlowStepHandler.generateCorrelationId). this syntax means that the correlationid is generated by a script include "CMPFlowStepHandler"
- stackid: $(context.order.stack). This expression is a standard one that retrieves the sys_id of the stack being provisioned.
save the changes and put back the resource block in the published state.
6. Create a system script include that gets the value of the IP address stored in the custom table and pass it to the corresponding variable in the cloud catalog item.
The script will be called in a provision step(after the preprovisioning finishes) from a variable (referencing an IP address) of a cloud catalog item
Go to "system definition" and "script include":
Create a new script include
Note: In the example above, I've used a specific application "CPG and IPAM Integration" but the "Cloud Provisioning and Governance" scope can be used.
Select "all application scope" for the "Accessible from" field:
Copy and paste the "IpamSupportScript" attached into the script field and change the table name according to your specific custom table name (in the file it is "x_snc_cpg_and_ipam_cpg_and_ipam_support")
Save it
7. Call this script from a variable in a cloud catalog item:
Each cloud catalog item that needs to integrate with PhpIpam to retrieve an available IP Address should have a corresponding variable
Go into the cloud admin portal and select an available cloud catalog item.
Click on "Manage attributes" related link:
In the "provision" operation, identify the "IP address" variable and set the following value:
$(Script:x_snc_cpg_and_pam.IpamSupportScript.getIPAddress[arg=${paramter.StackName}])
What does this syntax mean?
- $(Script:...) -> this means that the syntax is calling a script
- x_snc_cpg_and_ipam -> this identifies from which application scope we are calling the script (note: you need to adapt the syntax according to your own application scope, for example it would be "sn_cmp" if you used the "Cloud Provisioning and Governance" application scope)
- IpamSupportScript -> this is the script created earlier that gets the IP address value from the custom table
- getIPAddress -> this is the function that is called inside the script
- [arg=...] -> this is the argument passed to the script
- ${parameter.StackName} -> is a standard syntax that get the name of the stack being provisioned
Save the changes
8. Hide the "IP address" variable to end users:
Go to the previous cloud catalog item
In the related tab, select the "Provision" variable set:
Click on the "IP address" variable (note: the name should be different in your case) and uncheck the "visible" option in the "availability" tab:
9. You can now launch your cloud catalog item
