Windows server management with Ansible
Using Ansible to manage System Center Service Manager tickets.
In the automation project you just implement for a large scale company you have to include their ticket management system.
The workflow could be somenting like this:
- Capture some information from the ticket
- Assign the ticket to implementor
- Run your operation succesfully
- Close the ticket
Capture the ticket
Our client is using System Center Service Manager for change management. To control this with ansible we need a windows system running powershell 3+, with "smlets" installed. We also need to follow the instructions to connect and control windows machines from our ansible-linux control server.
After that we can run powershell scripts that do our jobs, for now, to display ticket information:
ticketcapture.ps1
#!powershell # Witten by thundercost # WANT_JSON # POWERSHELL_COMMON # Manual Activity ID $MA = $args[0] # Create authentication token $username = $args[1] $password = $args[2] $secstr = New-Object -TypeName System.Security.SecureString $password.ToCharArray() | ForEach-Object {$secstr.AppendChar($_)} $cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $secstr # Import powershell modules Import-Module 'C:\Program Files (x86)\Microsoft System Center 2012 R2\Service Manager\Powershell\System.Center.Service.Manager.psd1' Import-Module -Name smlets # Make the connection New-SCManagementGroupConnection -ComputerName "SCSM" -Credential $cred # Get the ticket instance Get-SCSMClassInstance -Name "$MA" # Romove powershell modules Remove-Module smlets -Force
Assign to me
Now that we know what we must do about that ticket, we can assign the ticket to implementor.
Here is the powershell script:
assign2me.ps1
#!powershell # Witten by thundercost # WANT_JSON # POWERSHELL_COMMON # Manual Activity ID $MA = $args[0] # Create authentication token $username = $args[1] $password = $args[2] $secstr = New-Object -TypeName System.Security.SecureString $password.ToCharArray() | ForEach-Object {$secstr.AppendChar($_)} $cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $secstr # Import powershell modules Import-Module 'C:\Program Files (x86)\Microsoft System Center 2012 R2\Service Manager\Powershell\System.Center.Service.Manager.psd1' Import-Module -Name smlets # Make the connection New-SCManagementGroupConnection -ComputerName "SCSM" -Credential $cred # Username of Implementer $parts = $username.split("@") $Implementer = $parts[0] # Get Manual Activity Class $MAclass = Get-SCSMClass -Name System.WorkItem.Activity.ManualActivity # Get Manual Activity by ID $MAObject = Get-SCSMObject -Class $MAclass -Credential $cred -Filter "ID -eq $MA" # Get AD User Class $UserClass = Get-SCSMClass -Name Microsoft.AD.User # Get User by displayname $User = Get-SCSMObject -Class $UserClass -Credential $cred -Filter "UserName -eq $Implementer" # Get Relationship Manual Activity - Implementer $ImplementerRelationship = Get-SCSMRelationshipClass -Credential $cred -Name System.WorkItemAssignedToUser$ # Create a new Relationship Object Manual Activity - User (Implementer) New-SCSMRelationshipObject -RelationShip $ImplementerRelationship -Credential $cred -Source $MAObject -Target $User -Bulk # Romove powershell modules Remove-Module smlets -Force
Close the ticket
After ticket successfully assigned to a person, its time to do the real job using ansible. or/and any manual activity.
We only need to close the ticket at the end with this example powershell:
ticketclose.ps1
#!powershell # Written by thundercost # WANT_JSON # POWERSHELL_COMMON # Manual Activity ID $MA = $args[0] # Create authentication token $username = $args[1] $password = $args[2] $secstr = New-Object -TypeName System.Security.SecureString $password.ToCharArray() | ForEach-Object {$secstr.AppendChar($_)} $cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $secstr Import-Module 'C:\Program Files (x86)\Microsoft System Center 2012 R2\Service Manager\Powershell\System.Center.Service.Manager.psd1' Import-Module -Name smlets New-SCManagementGroupConnection -ComputerName "SCSM-SRV" -Credential $cred #Username of Implementer #$parts = $username.split("@") #$Implementer = $parts[0] (get-scsmclass -name "System.WorkItem.activity.ManualActivity" | get-scsmclassinstance) | where {$_.ID -eq $MA} | %{ $_.Status = "ActivityStatusEnum.Completed" ; $_ } | update-scsmclassinstance Remove-Module smlets -Force
The example playbook
The playbook below asks for:
- Ticket number
- Implementor's user name
- Implementor's password
...and depending on the value of the variable "state", runs the corresponding task:
ticket_manage.yml
- hosts: my_windows_pc vars: # - state: assigned # - state: closed - state: captured vars_prompt: - name: "ticket_no" prompt: "Enter ticket number" private: no - name: "scsm_user" prompt: "Enter SCSM username" private: no - name: "scsm_password" prompt: "Enter SCSM password" private: yes tasks: - script: /opt/ansible/assign2me.ps1 @DOMAIN.COM when: state == "assigned" - script: /opt/ansible/ticketclose.ps1 @DOMAIN.COM when: state == "closed" - script: /opt/ansible/ticketcapture.ps1 DOMAIN.COM when: state == "captured" register: ticket_body - local_action: copy content= dest=/opt/ansible/ticket_info.txt when: state == "captured"
- Posted by Kostas Koutsogiannopoulos · June 21, 2016
