CPG - Calling Ansible Job as Post Provision step for cloud catalog item

valarmathi_kann
ServiceNow Employee
ServiceNow Employee
‎05-10-2022 11:18 PM

This blog article covers the steps to Execute a Job Template at the Ansible Tower as a Post Provision operation after a server is provisioned using a cloud template (e.g cft/arm). The steps on how to send server credentials and extra variables to ansible tower are also provided. The steps to troubleshoot issues if any were also added. You will find this useful for building your server deployment workflows

CPG - Calling Ansible Job as Day2 Operation

What is covered?

1. Working CFT Template [PFA, AWSCFTSimpleVMForCPG.docx]. Create a catalog item out of it.

2. Configure Post Provisioning scripts [Register Node & Execute Job Template]

    a.  Register Node
        i. Registers the newly provisioned node with Ansible on the given Inventory and HostGroup

       ii. Creates Host Credential at Ansible Tower.

    b. Execute Job Template
        i. Executes an Ansible Job template on the provisioned VM. Eg:- Apache, Tomcat etc..,

3. Resolve NodeAddress and NodeCredentials

    Resolves IPAddress, UserName and PrivateKey which is the base for any script execution.

4. Send Extra Vars to Ansible Tower

5. Troubleshoot issues related to wrong Input Parameters passed to Ansible Tower.

 

Configure Catalog item to execute Ansible Job Template as Post Provision

NodeCredentials

$(capiResolver.NodeCredentialResolver#nodeCredentialId=#sys_id of the ssh credentials#)

$(capiResolver.NodeCredentialResolver#nodeCredentialId=520f3ad087c3455053d40f65dabb357e)

Note: Credentials can be in sn_cmp_ssh_credentials / sn_cmp_node_credentials

Create a new credential from Credentials module with username/private_key and replace the sys_id in the above expression. 

THIS IS THE SAME CREDENTIAL THAT WE USED TO PROVISION THE VM.

image

image

NodeAddress

$(Script:CMPVMUtils.getIPAddresses[arg=$(Stack.items[${parameter.vmName}].attributes[sys_id])])

${parameter.vmName} - This has to be resolved in this expression which is not OOB.

a. Create an attribute vmName in Resource Block which is created out of catalog item. The Resource Block name will be the name of the catalog item. 

image

 

b. vmName will be an input from the user. Map the InstanceName [newly provisioned node name] to this vmName

Go to Cloud Catalog Item > Manage Attributes. Get the expression of InstanceName from Provision and replace the expression of vmName.

image

Get this expression

image

Replace the expression here

image

 

ConfigMgmtProviderInfo

$(capiResolver.AnsibleTowerCredentialResolver#serverCredentialId=#sys_id_of_ansible_credentials#,organizationName=#ansible_org_name#,object_id=#object-id of organization#,version=3_dot_4_dot_0,server_type=1)

$(capiResolver.AnsibleTowerCredentialResolver#serverCredentialId=0d2336a11bd5341089d243b8b04bcbcc,organizationName=TestSpace,object_id=788016,version=3_dot_4_dot_0,server_type=1)

find_real_file.png

Enable Additional attributes to select HostGroup, Inventory, Job Template:

AdditionalParameters

{ "management_attributes": [ [{ "label": "ManagementAttribute",
"name": "management_attribute", "value": "Hostgroup" }, { "label": "Value", "name":
"management_attribute_value", "value": "Apache" }], [{ "label": "ManagementAttribute",
"name": "management_attribute", "value": "Inventory" }, { "label": "Value", "name":
"management_attribute_value", "value": "Webserver" }] ] }

ConfigScript

{"name":"${paramter.ConfigScript}"}

find_real_file.png

1. Setup Post Provision - Register Node

find_real_file.png

2.Setup Post Provision - Execute Job Template

find_real_file.png

 Send Extra Vars to Ansible Towe

find_real_file.png

Use ConfigurationOverrides attribute in order to override Extra Variables on Ansible Job Template.

All the inputs needed to send extra variables can be enabled as a post-provision operation attribute from the catalog item. The attributes enabled will be shown in the order form.

[

[{ "name": "attribute", "value": "aws_zone" }, { "name": "value", "value": "${parameter.Location}" }],

[{ "name": "attribute", "value": "contact_email" }, { "name": "value", "value": "sample-email@gmail.com" }],

[{ "name": "attribute", "value": "port" }, { "name": "value", "value": "9090" }]

]

 

Troubleshoot

1. Inputs to Register Node

find_real_file.png

2. Inputs to Execute Job Template

find_real_file.png

3. Connection between Ansible and MID Server

curl -u <username>:<password> -k https://<ansible-ip>/api/v2/organizations/

Note:

Register Node should run only once for a node. Execute Job Template can run multiple times on the same node to deploy a different Job template.

Preview file
392 KB
Preview file
553 KB
Preview file
76 KB
Preview file
523 KB
Preview file
360 KB
Preview file
325 KB
Preview file
388 KB
Preview file
534 KB
Preview file
19 KB
Preview file
250 KB
  • 1,514 Views
1 Comment
Popular Blog Posts