Out Of Box Actions

  • Release version: Xanadu
  • Updated August 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Out Of Box Actions

    The Out of the Box (OOB) Actions provide pre-built deployment, tagging, retrieval, and post-provisioning operations within ServiceNow's Flow Designer using Integration Hub Sub-flows. These actions streamline common post-provisioning tasks across various catalog items, enabling automation and consistency for your cloud and infrastructure deployments.

    Show full answer Show less

    Key Features

    • Deploy ACC Agent on Linux VMs: Automatically deploy the Agent Client Collector (ACC) during post-provisioning of Linux basic VM catalog items. Requires ACC Listener configured on a MID Server with proper WebSocket endpoint and API key parameters set. Ensures SSH connectivity for deployment and handles failure scenarios by creating follow-up tasks that must be resolved to reactivate the stack.
    • CCG Policy Scan: Runs a default Cloud Compliance Governance (CCG) scan on Windows and Linux deployment stacks post-provisioning. If violations occur, the stack status changes to require follow-up, mandating remediation and closure of violation tasks before reactivation.
    • Tagging Action: Updates key-value tags such as StackName, Application, CostCenter, and BusinessService in the CMDB after provisioning. Only non-empty values are saved, helping maintain accurate asset metadata without modifying cloud resources.
    • Retrieve Windows Password: Retrieves and emails the administrator the Windows VM password post-deployment. This uses the SSH private key stored on the Terraform Linux server (via the 'TFO Server Credential Alias') to decrypt the password from AWS output. Requires correct setup of the key path and requester email. Applicable to Terraform Open Source Linux-based catalogs.
    • Email URL for Azure Scalable Web Server: After deploying the 'CSC Microsoft Azure Linux with Scalable Web Server' catalog item, this action emails the requester the application endpoint URL retrieved from Azure.
    • Retrieve Azure Function App Host Name: For the 'CSC Microsoft Azure Function App' catalog item, this action fetches and sends the deployed function app's hostname to the requester post-provisioning.

    Practical Considerations

    • Ensure MID Server configuration and network connectivity (e.g., public IP usage, SSH access) are properly set for ACC deployment.
    • Follow-up tasks triggered by deployment or scanning failures must be addressed to restore stack usability.
    • Verify correct credential aliases, key paths, and email addresses are configured for password retrieval and notification actions.
    • These actions enhance automation, reduce manual effort, and improve governance by integrating key post-provisioning steps directly into your ServiceNow deployment workflows.

    The Out of the Box Actions comprise OOB deployment, tagging, retrieving and post-provisioning operations. All these actions are based on Flow Designer and implemented as Integration Hub Sub-flows.

    Actions Flow Designer Sub-flow Name Description
    Deploy ACC-* in post provisioning CSC Content- Post Provisioning- Deploy ACC in Stack VMs

    ACC (agent client collector) is deployed through a Flow Designer action. This is called as post-provision step for the Linux basic VM deployment catalog item. Pre-requisites:

    1. ACC Listener must be configured in any MID Server. This will generate a mid web server endpoint and a MID Server API Key.
    2. In the post provisioning operation parameters of the Basic Linux VM catalog, these two parameters – web server end point (typically in format wss://<IP_Address>:3389/ws/events) and MID Server API Keys, need to be set. Out of the box, these parameters have empty values.
      Note:
      If the generated WS endpoint URL returns the private IP of the MID Server, then that private IP needs to be replaced with public IP of the MID Server VM for the internet-based connectivity.
    3. There should be connectivity over SSH port from the MID Server to the provisioned VM.

    In case of any failure in installing agent on the provisioned VM, a task is created, and stack is set to a 'follow-up required' state and automatically turns active, once all the follow-on tasks are closed.
    CCG Scan in post provisioning CSC Content- Create CCG Policy Scan on Stack Items

    CCG Scan with the default OOB Policy Set in CCG is called with the simple windows and Linux deployment. When a CCG scan fails owing to violation, the stack is set to a follow-up needed state. The operator must ensure that the violation is remediated and close the violation task. Once all the follow-on tasks are closed, the stack automatically turns to active state and can be used by requester.
    Tagging Action CSC Content- Post Provisioning- Update Key Values in CMDB

    All catalog items have a tagging action run as post-provision step. This action only updates the key-value entries in CMDB, not in cloud. The standard tags updated are StackName, Application, CostCenter and BusinessService. Fields with empty values will not be saved as key-value records.
    Retrieve Windows Password CSC Content- Post Provisioning- Retrieve Windows Password

    All windows catalogs have a retrieve password action, which emails the Administrator, the password of the provisioned windows VM to the requester. The password is obtained from AWS after the deployment is complete using a ssh key ('pem') file to decrypt the password. Follow these pre-requisite steps to set up this pem file on the Terraform Linux server:

    1. Ensure that the SSH Private Key credential to the VM with Terraform CLI installed, is associated with the credential alias named 'TFO Server Credential Alias'. This alias is already created with installation of CSC Content pack. This alias is used to SSH into the terraform server to get the windows password from output variable.
    2. Ensure that in the Catalog’s Provision variable set, the variable called 'keypath' has the default value set to the path of the management key (the key which can decrypt the password) on the terraform VM.
    3. Ensure that the requester has set up the email
    Note:
    For custom catalogs, this operation is available for use only, with Terraform Opensource- Linux based catalog items.
    Email URL For Microsoft Azure Scalable Web Server Application CSC Content- Email URL For Microsoft Azure Scalable Web Server Application

    This action is added as a post provision operation in 'CSC Microsoft Azure Linux with Scalable Web Server' catalog item, which emails the deployed application's end point URL to the requester.

    The URL is obtained from Microsoft Azure after the deployment is complete. Ensure the requester has set up the email.
    Retrieve Microsoft Azure Function App Host name CSC Content- Post Provisioning- Retrieve Microsoft Azure Function App Host name

    This action is added as a post provision operation in 'CSC Microsoft Azure Function App catalog item which retrieves the deployed function app's host name to the requester.