Photo by Markus Spiske on Unsplash
Used to test Ansible Engine/Tower and playbook refactoring - locally and in the cloud
Expand
Expand
This Repo's Purpose
The idea of this Repo is for ME to build assorted playbooks for use in Ansible Tower and to test external intergrations with Tower like ServiceNow, Mattermost, Slack, Cyberark, HashiCorp, Microsoft AD etc...
Initial Integration is with ServiceNow
This repo uses the following from MY environment
- Ansible Engine / Ansible Tower VM (Local)
- DigitalOcean Droplets - Ubuntu 20.04/20.10 and Centos 8.3 (Cloud)
- External Integrations (Defined with Tower) i.e. ServiceNow
The playbooks aims are to deploy simple webserver or update ServiceNow or BOTH (on existing VMs in Virtualbox) or in the cloud to DigitalOcean (droplets already existing).
There are 4 main playbooks in the repo
- webservers.yaml - deploys webserver on Ubuntu or Centos/Redhat
- webservers_snow_incident.yaml - deploys webserver on Ubuntu or Centos/Redhat (servicenow.servicenow collection)
- use BLOCK/RESCUE/ALWAYS to determine if a ServiceNow Incident should be raised
- snow_incident.yaml - raises a ServiceNow incident (servicenow.servicenow collection)
- used for simple testing of incident raising
- snow_incident_find.yaml - searches ServiceNow for specific incident number (servicenow.service collection)
- used for simple testing of searching for incidents in ServiceNow
Supporting files
- now.yaml - query servicenow for CI
- teardown.yml - teardown webservers software/config on machines
- password.yaml - vault encrypted file containing ServiceNow Instance password
- generally use environment variables for user, instance and password rather than this file
- install_pysnow.yml - used to install pysnow module
The focus will be on the all playbooks
How To Use
Deploy VM/Droplets and have connectivity via ssh-keys
Clone this repo - see installing section
Install Servicenow.servicenow Collection - see installing section
Install Servicenow pysnow python module - see installing section
Create/Update the inventory file with target details
Run webservers.yaml playbook which deploys apache on the target machines
$ more inventory
ansible-3 ansible_host=10.10.10.10
$ ansible-playbook -i inventory webservers.yaml -e "host_name=all"
Run webservers_snow_incident playbook which deploys apache on target machines - if install fails it will trigger a ServiceNow incident using servicenow collection
$ more inventory
ansible-3 ansible_host=10.10.10.10
$ ansible-playbook -i inventory webservers_snow_incident.yaml -e "host_name=all"
Run snow_incident playbook will trigger a ServiceNow incident (make sure snow instance is awake) - using password.yaml vault encrypted file for the servicenow password
$ ansible-playbook snow_incident.yaml --ask-vault-pass
Run snow_incident_find playbook will search ServiceNow for the specified incident (make sure snow instance is awake) - using environment variables for servicenow username, instance and password
$ ansible-playbook snow_incident_find.yaml -e "sn_number=INC0010007"
run ansible-inventory to see what CIs are in Servicenow
$ ansible-inventory -i now.yaml --graph
$ ansible-inventory -i now.yaml --list
$ ansible-inventory -i now.yaml --host "OWA-SD-01"
Additional Comments
- Servicenow.Servicenow collection is used - collections are the future
- ansible.cfg in the project will define collection path - please install collections (see below) before running playbooks
- presently doesn't use become in the playbooks - connects as root. Refactoring will create/use a user with sudo
- On WSL had an issue with complaining about netaddr when running now.yaml
so i had to install it
pip install netaddr
Ansible Tower
These playbooks will work in Tower if it has been configured correctly
- project - this repo pulled into Ansible Tower (Tower will automatically pull in Servicenow Collection via requirements file)
- credential - New Type for servicenow - set as env (injector configuration)
- credential - Machine credential to connect to the new machines - ssh key
- Inventory - inventory configured with groups/hosts - use source from project
Expand
- Ansible Engine - Configuration Management and more
- ServiceNow Ansible Collection - Servicenow Collection used for Ansible to interact with Servicenow Platform
Expand
for Ansible - use your package manager of choice OR pip
$ pip install ansible
Clone this Repo
$ git clone git@github.com:unixdaddy/Ansible-Tower.git
$ cd Ansible-Tower
for Servicenow Collection - use requirements file ./collections/requirements.yml and ansible-galaxy command. Note: Tower will do this automatically
$ ansible-galaxy collection install -r ./collections/requirements.yml -p ./collections
for Servicenow Collection you need pysnow python module
$ ansible-playbook install_pysnow.yml
Create encrypted password file OR setup ENV variables OR setup Tower Credential
cat > password.yaml <<EOF
sn_password: XXXXX
EOF
ansible-vault encrypt password.yaml
if using ENV
export SN_PASSWORD=XXX
export SN_INSTANCE=devXXXXX
export SN_USERNAME=admin
if using TOWER then either
- create credential to unlock vault - password.yaml OR
- Setup New credential type - ServiceNow
- Use that new credential type to create ServiceNow credential
Input configuration panel
fields:
- id: instance
type: string
label: Instance
- id: username
type: string
label: Username
- id: password
type: string
label: Password
secret: true
required:
- instance
- username
- password
Injector configuration panel
env:
SN_INSTANCE: '{{instance}}'
SN_PASSWORD: '{{password}}'
SN_USERNAME: '{{username}}'
You will then need to create a credential of type servicenow and use it in your template
You will also need to have setup the following:-
- user on target system (or use root)
- privilege escalation will be required if not using root
- ssh key authentication - as part of deploying VM/droplets. On DigitalOcean I have public keys that are inserted
- for existing VMs you will need to update inventory to point to the IPs/DNS Names of those machines.
This Section is useful because it provides insight into the general tools and environment I use for development purposes
My local environment consists of
- Ansible Engine 2.9 /Tower 2.8.1 Centos Stream 8.3 (VirtualBox - 2vCPU, 5GB Memory and 30GB Disk Space)
- K8s 1.20 Master RHEL 8.3 (VirtualBox - 2vCPU, 2GB Memory and 30GB Disk Space)
- K8s 1.20 Worker RHEL 8.3 (VirtualBox - 2vCPU, 2GB Memory and 30GB Disk Space)
- Ansible Automation Hub 1.2.1 RHEL 8.3 (VirtualBox - 2vCPU, 5GB Memory and 30GB Disk Space)
- Ansible Automation Hub 1.2.1 Centos Stream 8.3 (VirtualBox - 2vCPU, 5GB Memory and 30GB Disk Space)
- OpenSuSe Leap 15.2 (WSL)
- Ubuntu 20.04 LTS (WSL)
My Cloud environment consists of
- DigitalOcean Droplets - varied number, varied sizes of Ubuntu 20.04/20.10 and Centos 8.3
To interact with these environments I am using
- vscode studio code
- mobaxterm
- notepad++
- Github
End of Environment Details (Not all are used for this Repo)
Expand
| Name | Role | |
|---|---|---|
| daddy, unix | withheld | learning |
Expand
Gratitude for assistance:
- All, Who-Came-Before-Me - everything
This project is licensed under the Apache License 2.0.
For more information please read LICENSE.
Company, Inc. or its affiliates. All Rights Reserved.