diff --git a/.ansible-sign/sha256sum.txt b/.ansible-sign/sha256sum.txt
index 45d5603..addede7 100644
--- a/.ansible-sign/sha256sum.txt
+++ b/.ansible-sign/sha256sum.txt
@@ -16,6 +16,7 @@ ed5926a983644e5184614b7cab469e89d75ddba199301dd5281a3be79265eddd SNOWSetup/imag
73712806d623762a0804a125940ce01efc042d2e0468ea75f7cee0892e06fc02 SNOWSetup/images/apache_index.png
1e7f5937158bece452cf17a842057a4092fb00da2eba514e8a2f7d173305c776 SNOWSetup/images/api_script.png
c3f7f4c1d7150b68493dfe4f81ccb2bd2db87b70a40d9330bde19d92c9b0cfc8 SNOWSetup/images/app_reg.png
+68a598c158b6f550661742dc62b8afe40f4dc6544e173930744e4964909b2b03 SNOWSetup/images/application_manager.png
ad453c7c684f7cca5e29005a81f7698e730abf2586bbde53f21d07f2c2ba5b82 SNOWSetup/images/application_secrets.png
f3ae0170fb2e59bf30271f6cd7f3eddea3b6a8de7a2733d0760cbb4437b1120e SNOWSetup/images/aws_credentials.jpg
3642091a86765fcb6e9552c3da8247aaba7fd8292cea82d6503a4e2a3575f37d SNOWSetup/images/aws_inventory_source.png
@@ -31,6 +32,11 @@ f3ae0170fb2e59bf30271f6cd7f3eddea3b6a8de7a2733d0760cbb4437b1120e SNOWSetup/imag
55ab2d571f449ab4fbb8b1f8c3560af45d1724769add96dbad063e99aec5a842 SNOWSetup/images/cred.png
0eb76eb3f813893ebabf69da900022d3c6c1e05cde02bc349e7d0e80e3f72a04 SNOWSetup/images/credentials.png
435b41f3b90cf6fe2c0db925c2351fd4d467052fe8589f1395cc650cf1b326c2 SNOWSetup/images/credtype.png
+ff68a066efc25b5345663c538f7c7d8e405f35fa442a61dbb11274cc29a27606 SNOWSetup/images/eda_configuration.png
+44fca7d269a142d3ec785da0ec9fa73c258bedfa2d4ab3198d6609a76374a9a3 SNOWSetup/images/eda_controller.png
+6b7890f4330f48b9f7208cb32731768dc735acfb6e8c12a21a1fee6b491e58fd SNOWSetup/images/eda_json.png
+0efa151d6a49d8fa14f5c60cf591da151221e5f2662be9897988c5b62195adfc SNOWSetup/images/eda_notification_service.png
+28677a5ce98096aa2fa9357be754051723221375d7b087b6f76faae53358b599 SNOWSetup/images/eda_user_role.png
86f8e6a5861665e3bae9c548f926bf7243a70f1825d32a3588561e0a355d6144 SNOWSetup/images/flow_designer.png
b28b78dbe95308cb5187c91b6342d132d09fecce3cb84ac894b39f997147c6bc SNOWSetup/images/fullchain_cert.png
000731da563e1fc19f788349ebeafa28f1fae76796bde422c1ab9a256bbc877d SNOWSetup/images/gcp_credentials.png
@@ -89,7 +95,7 @@ b64a9ce7ade9b8fae7bda827f7a8d179809a8df065c8bafc1af07ae827ffb2aa SNOWSetup/imag
3b6b1d02322d2b0435b86bec366c94c6fe928ab84f0d2b881cf102021c44dddc SNOWSetup/images/workflow_start.jpg
cb3a760e0f134314711929e87e54b3a46d3d4898f0baa2d641000ee1e3b63708 SNOWSetup/images/write_scope.png
b8bc0e6865c91d1d8cedf5bc9faa24782629806c15f99d0b24e3397ec294dcbb SNOWSetup/images/write_scope_deets.png
-64e1d129d6748ce068523394aee4af7a84e467b7efcdcb86c6fb0ff18951932e SNOWSetup/readme.md
+97b3186fa45c6143520d6c892202bbe359d819838a256e6634ff88183ef8b3b6 SNOWSetup/readme.md
8d64a90e1cf927f9adf8074d405a62ec50f4df417865706d1f4bc5ff5bdfeaa5 ServiceNowCR_and_approve.yml
db0cf6bab374ea48077c3898aea1602a570541a49ed82797b7459c9ce9a9824c ServiceNowCR_canceled.yml
675d62c62ed528e495f8144290d181875521766c5cebb9661fc15552f1db1083 ServiceNowCR_closed.yml
diff --git a/.ansible-sign/sha256sum.txt.sig b/.ansible-sign/sha256sum.txt.sig
index 39fba47..2d55a47 100644
--- a/.ansible-sign/sha256sum.txt.sig
+++ b/.ansible-sign/sha256sum.txt.sig
@@ -1,14 +1,14 @@
-----BEGIN PGP SIGNATURE-----
-iQGzBAABCAAdFiEE/bJvyFHKKJdaZDOLTiIiIXrUDNEFAmXdHHsACgkQTiIiIXrU
-DNEvoQwAmfDZRFxUtdREpRfLP8Qy8xH2eg+8qn+Rb0ZfOXLYcQH0c7XhvN3rX3FX
-o4agF3Egh03TsjT0E+CnPpwAGP1povvZflHiEKnWYuz91uGtxsr6YCTCecTb1Ov6
-g5HCm2LbeDDa3k2eitgtkYIXv/iC5s5NazoMdb7m0rlUuKmWyokJjxBQ0ZL1X2Ao
-h1kactpbg0tmXLjeUJzStwEZMePU1QGR9IXom0jrI5PNbb5xjQiEAJDUN4t7azM6
-pGPm+1d8S78XQlOqFFHhJdlMilGzUj5OF7XnRjRmn8ZBK7ok+witvsQKLOqZKDQT
-y9uRybGcPMZq0A9GIm6C1Vcqoo6TliirdHWoDDDUeOMMp0762DhLwt+xPlmi3QFz
-LNHZMmLcGb6tS63hzoLmG3C2QVkVXjH50nA6Q2BHsP3wQuCzNFJ2Hikb0WCl5Pj1
-WcD7q1EuZrZPdK0RNa0nGTPMtWISVeQvLN+a2LwLVdC1EgwFs8/1NriXajd5ZWJU
-Sh9agfg5
-=EMAr
+iQGzBAABCAAdFiEE/bJvyFHKKJdaZDOLTiIiIXrUDNEFAmXnNMUACgkQTiIiIXrU
+DNHfKwv8C9BbAPqIWyylGdccUCwrp1K13Ksjrqe5ox6lqmGDKGtb90AeOloU0cEv
+cNK1rdqztGiCf0w7GjVG3G1TpOBfmzNNL3Cqg9XRRAgcxpREhwGvZfEQ96LuLSky
+sKnV71K2MAccozkKKFhzfqnp82e1Im70G/SUDiecx6Kt3o3AQhGv+bknPDz+BEtw
+ETgbtRvCn+NLx+joha+AuQbxU877jch/tYW0LlYwEpfluO5bAMEEA5LBm0J92G9v
+j0r0tN0Bl+oUJOS0eP8taO8sJAccGfhbYuyD2LmsO2X+RBQ3TtorCD2ozEjKolJn
+56qslSSLl4vNZ0J2Ot9OZcfl/dJmP7MUnK9Nf/hZtBrYPxFGuQSHgSIaZ8B6Wx3n
+68EZigKWgjyLx5rASANScpZ7ul3GswrZ3UX7DqBllyYPvg+rboxWDVjPSltXDWP5
+15p2zNGBUsi304iXDNMDiZ9PQTGx7lE+Gf9JYeMyR/9NUoffA4X7WozpyUn6NGls
+OR0aXDdd
+=m915
-----END PGP SIGNATURE-----
diff --git a/SNOWSetup/images/application_manager.png b/SNOWSetup/images/application_manager.png
new file mode 100644
index 0000000..2cb6658
Binary files /dev/null and b/SNOWSetup/images/application_manager.png differ
diff --git a/SNOWSetup/images/eda_configuration.png b/SNOWSetup/images/eda_configuration.png
new file mode 100644
index 0000000..46ed65a
Binary files /dev/null and b/SNOWSetup/images/eda_configuration.png differ
diff --git a/SNOWSetup/images/eda_controller.png b/SNOWSetup/images/eda_controller.png
new file mode 100644
index 0000000..f1fc887
Binary files /dev/null and b/SNOWSetup/images/eda_controller.png differ
diff --git a/SNOWSetup/images/eda_json.png b/SNOWSetup/images/eda_json.png
new file mode 100644
index 0000000..e3e56f1
Binary files /dev/null and b/SNOWSetup/images/eda_json.png differ
diff --git a/SNOWSetup/images/eda_notification_service.png b/SNOWSetup/images/eda_notification_service.png
new file mode 100644
index 0000000..b56139f
Binary files /dev/null and b/SNOWSetup/images/eda_notification_service.png differ
diff --git a/SNOWSetup/images/eda_user_role.png b/SNOWSetup/images/eda_user_role.png
new file mode 100644
index 0000000..4760583
Binary files /dev/null and b/SNOWSetup/images/eda_user_role.png differ
diff --git a/SNOWSetup/readme.md b/SNOWSetup/readme.md
index 647103e..579f768 100644
--- a/SNOWSetup/readme.md
+++ b/SNOWSetup/readme.md
@@ -5,6 +5,8 @@
[ServiceNow/AAP Integration Instructions using Ansible Spoke](https://github.com/shadowman-lab/Ansible-SNOW/tree/main/SNOWSetup#servicenowaap-integration-instructions-using-ansible-spoke)
+[ServiceNow/AAP Integration Instructions using Event-Driven Ansible Notification Service](https://github.com/shadowman-lab/Ansible-SNOW/tree/main/SNOWSetup#servicenowaap-integration-instructions-using-event-driven-ansible-notification-service)
+
[Have AAP reach out to ServiceNow](https://github.com/shadowman-lab/Ansible-SNOW/tree/main/SNOWSetup#have-aap-reach-out-to-servicenow)
[Have AAP use ServiceNow as an inventory source](https://github.com/shadowman-lab/Ansible-SNOW/tree/main/SNOWSetup#have-aap-use-servicenow-as-an-inventory-source)
@@ -14,12 +16,12 @@
## Notes
- These instructions assume that there is no MID-Server for ServiceNow, and that the ServiceNow instance and AAP can talk to each other directly over the public internet.
- This has been tested with:
- - Ansible Tower 3.6, 3.7, 3.8, AAP 2.0, 2.1, 2.2
- - ServiceNow Orlando, Paris, Quebec
+ - Ansible Tower 3.6, 3.7, 3.8, AAP 2.0, 2.1, 2.2, 2.3, 2.4
+ - ServiceNow Orlando, Paris, Quebec, Vancouver
- While the mid-server is an outbound connection from on-prem to the customer’s ServiceNow Instance, it subscribes to the “ECC Queue” allowing for bidirectional communication between an on-prem AAP and ServiceNow. Because it is polling, there can be a delay between the initiation of an action and the mid-server processing the request.
-- If you create outbound REST messages in ServiceNow you can choose to have that executed directly from the ServiceNow instance or via a mid-server.
+- If you create outbound REST messages in ServiceNow you can choose to have that executed directly from the ServiceNow instance or via a mid-server.
- If you have a subscription to ServiceNow’s Standard IntegrationHub pack, there is a spoke for integrating with AAP so you don't have to write you own API requests.
@@ -53,7 +55,7 @@ Next, navigate to **Settings** on the left side of the screen and then **Miscell
#### 4)
-The Orlando release of the ServiceNow developer instance does not allow for the self-signed certificate provided by AAP. We need to equip our AAP instance with a certificate from a trusted Certificate Authority. The easiest way to accomplish this is to SSH into AAP and run the Certbot ACME client in order to generate a certificate from LetsEncrypt (instructions can be found [here](https://letsencrypt.org/getting-started/)). It is important to place the contents of the root certificate + the intermediate certificate + the certificate you generate (found at `/etc/letsencrypt/live//cert.pem`) at the location AAP places its self-signed certificate, `/etc/tower/tower.cert`. The LetsEncrypt intermediate certificate can be found [here](https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt). You must also replace the contents of `/etc/tower/tower.key` with the contents of `/etc/letsencrypt/live//privkey.pem`.
+The Orlando release of the ServiceNow developer instance does not allow for the self-signed certificate provided by AAP. We need to equip our AAP instance with a certificate from a trusted Certificate Authority. The easiest way to accomplish this is to SSH into AAP and run the Certbot ACME client in order to generate a certificate from LetsEncrypt (instructions can be found [here](https://letsencrypt.org/getting-started/)). It is important to place the contents of the root certificate + the intermediate certificate + the certificate you generate (found at `/etc/letsencrypt/live//cert.pem`) at the location AAP places its self-signed certificate, `/etc/tower/tower.cert`. The LetsEncrypt intermediate certificate can be found [here](https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt). You must also replace the contents of `/etc/tower/tower.key` with the contents of `/etc/letsencrypt/live//privkey.pem`.
Be sure to restart the nginx service on your AAP server after updating the certificate and key.
@@ -378,7 +380,7 @@ Under Related Links select "Create New Connection & Credential" and enter in the
-Select **Create and Get OAuth Token** to complete the Ansible spoke set up. This will generate a window asking to authorize ServiceNow against your AAP instance/cluster. Click **Authorize**.
+Select **Create and Get OAuth Token** to complete the Ansible spoke set up. This will generate a window asking to authorize ServiceNow against your AAP instance/cluster. Click **Authorize**.
Note: The ServiceNow user MUST be able to access the ServiceNow API (check if the user you are logged into ServiceNow with has API access)
@@ -482,7 +484,7 @@ Click on the blue **Submit** Button
#### 13)
-In the New Tab that appears, click Add a trigger, select Service Catalog, Select Advanced Options and select "Run flow in background (default)"
+In the New Tab that appears, click Add a trigger, select Service Catalog, Select Advanced Options and select "Run flow in background (default)"
Click on the blue **Done** Button
@@ -536,6 +538,102 @@ Lastly, to run this catalog item, navigate to **Self-Service-->Service Catalog**
Congratulations! After completing these steps, you can now use a ServiceNow Catalog Item to launch a Template in AAP using Ansible Spoke. This is ideal for allowing end users to use a front end they are familiar with in order to perform this, and other automated tasks of varying complexities. This goes a long way toward reducing the time to value for the enterprise as a whole, rather than just the teams responsible for writing the playbooks being used.
+## ServiceNow/AAP Integration Instructions using Event-Driven Ansible Notification Service
+
+This walkthrough assumes you are able to install applications within your ServiceNow instance. It also assumes you have the ability to reach your Event-Driven Ansible Controller from ServiceNow (a mid-server can be utilized).
+
+### Preparing ServiceNow
+
+#### 1)
+In ServiceNow, navigate to the **All** menu and select **System Applications -> All Available Applications -> All** which will navigate to the Application Manager. Search for **Event-Driven Ansible** and then click on the Store Application for Event-Driven Ansible Notification Service.
+
+
+
+On the Event-Driven Ansible Notification Service click install, select your version, Install Now, and then Click Install and let the process complete.
+
+
+
+#### 2)
+After the install is complete, you need to add the EDA role to the ServiceNow user who will be performing the configuration. Navigate to the **All** menu and select **System Security -> Users and Groups -> Users**. Select a user from the list or click New to create a new user. If needed, fill in the required and possibly other fields. If necessary, set a password. To assign roles, switch to the Roles tab and click **Edit**. In the Edit Member page search the collection for the **x_rhtpp_eda.admin** role and move it to the right to appear in the roles list. In addition, assign the **itil** and **itil_admin** roles to grant the user write access to the problem, problem task, configuration item, change request, and incident tables. Click **Save** to apply the assigned roles.
+
+
+
+### Preparing AAP
+
+## Notes
+This assumes you have already set up the token for automation controller within Event-Driven Ansible controller.
+
+#### 3)
+Now we will create a basic rulebook in order to display the information sent by ServiceNow. Push this rulebook to a Git repository (ensure it is in a folder called rulebooks from the root of the project). The rulebook is where you will decide what events to monitor for and what actions to take (such as calling an existing Job Template or Workflow Job Template in automation controller). This example rulebook will listen on port 5003 and debug any notifications that appear to help us see what information is sent from ServiceNow.
+```
+- name: Listen for events on a webhook from ServiceNow
+ hosts: all
+ sources:
+ - ansible.eda.webhook:
+ host: 0.0.0.0
+ port: 5003
+
+ rules:
+ - name: Output ServiceNow Information
+ condition: event.meta is defined
+ action:
+ debug:
+```
+A more detailed rulebook example including a job template
+```
+---
+- name: Listen for events on a webhook from ServiceNow
+ hosts: all
+ sources:
+ - ansible.eda.webhook:
+ host: 0.0.0.0
+ port: 5003
+
+ rules:
+ - name: Respond to Node Exporter Down Incident
+ condition: event.payload.short_description == "Prometheus Node Exporter is down" event.payload.token == "{{ servicenow_token }}"
+ action:
+ run_job_template:
+ name: "Start Prometheus Node Exporter"
+ organization: "Infrastructure"
+ job_args:
+ extra_vars:
+ vm_name: "{{ event.payload.u_vm_name }}"
+```
+
+#### 4)
+After your rulebook has been pushed to Git, we will login to Event-Driven Ansible controller and go to Projects. Either sync an existing Project if you already have one or go to **+ Create Project** and provide a name and your SCM URL and click **Create Project**. Ensure the Project has succesfully synced.
+
+Create a Rulebook Activation by going to **Rulebook Activations** and clicking **+ Create rulebook activation**. Give it a name, select your existing Project, the rulebook you previously created, and your Decision environment (the default Decision Environment will work). Click **Create rulebook activation**.
+
+On the new page, click **History** and ensure the rulebook is successfully running. The rulebook must be running in order for the test in the next section to work (and also for EDA to receive events from ServiceNow)
+
+
+
+### Back to ServiceNow
+
+#### 5)
+Now we will configure the Event-Driven Ansible Notification as the ServiceNow user the permissions were just assigned. Navigate to the **All** menu and select **Event-Driven Ansible Notifications -> Properties**. In the Webhook Configurations section fill in a Webhook URL and a
+Webhook authorization token if desired. The webhook URL should your EDA Controller server plus the port your rulebook webhook will be listening on, for example **http://eda.shadowman.dev:5003/endpoint**
+
+No MID Server is needed if the webhook url is accessible directly from the running servicenow instance. Otherwise fill in a proper MID Server name. The machine listening to the webhook requests must be reachable by the MID Server. To validate the MID Server use the **All** menu and select **MID Servers -> Servers**. The selected MID Server must appear on the server list and its Status field must be Up and its Validated field must be Yes.
+
+Click the **Test Connectivity** button to test the connection from the running servicenow instance to the configured webhook. If successful, it will display “Webhook Connection OK”.
+
+Select what tables to monitor and when to send events to the webhook in the Tables to monitor section.
+
+Please note that all fields in a selected table will be included in the payload of the event sent to Event-Driven Ansible via the webhook. There is no filtering of what fields are excluded.
+Finally click the **OK** button to persist all the settings. These settings can be modified anytime by visiting the same properties page.
+
+
+
+#### 6)
+To test the configuration and see the output provided by ServiceNow, I will use Incidents. For this test, navigate to the **All** menu and select **Event-Driven Ansible Notifications -> Properties**. Check **When Created** for the Incident table if you haven't already. Click **OK** to confirm the changes. Create a new Incident, navigate to the **All** menu and select **Incident -> Create New**. Fill in the incident information (at a minimum you need Caller and Short description) and click Submit.
+
+Navigate to Event-Driven Ansible Controller and select **Rule Audit**. You should see a new Rule that has been triggered. Select the name. Go to Events and click on ansible.eda.webhook to see the full json payload that was received by EDA. This is what you can use to create the conditions for your rulebook in the future. You can now utilize the Event-Driven Ansible Notification Service.
+
+
+
## Have AAP reach out to ServiceNow
## Dependencies:
@@ -630,9 +728,9 @@ Congratulations! You can now have AAP reach out to SNOW to query and update reco
hosts: "{{ vm_name }}"
gather_facts: yes
connection: local
-
- tasks:
-
+
+ tasks:
+
- name: Create an incident in ServiceNow
servicenow.itsm.incident:
state: new
@@ -644,11 +742,11 @@ Congratulations! You can now have AAP reach out to SNOW to query and update reco
other:
u_operating_system: "{{ os | default(omit) }}"
u_ip_address: "{{ ip_addr | default(omit) }}"
- u_vm_name: "{{ inventory_hostname | default(omit) }}"
+ u_vm_name: "{{ inventory_hostname | default(omit) }}"
register: new_incident
delegate_to: localhost
- - debug:
+ - debug:
var: new_incident.record.number
```
@@ -657,9 +755,9 @@ Congratulations! You can now have AAP reach out to SNOW to query and update reco
- name: Update a catalog item in ServiceNow
hosts: localhost
gather_facts: no
-
- tasks:
-
+
+ tasks:
+
- name: Retrieve catalog request sysid
servicenow.itsm.api_info:
resource: sc_request
@@ -675,7 +773,7 @@ Congratulations! You can now have AAP reach out to SNOW to query and update reco
data:
request_state: "{{ request_state | default(omit) }}"
work_notes: "{{ work_notes }}"
- when: ticket_number != ''
+ when: ticket_number != ''
```
## Have AAP use ServiceNow as an inventory source