This use case makes it possible to automate servers with Ansible directly from the i-doit objects. As a first simple example, we show a server reboot that can be triggered from i-doit. The entire execution is modeled as a Camunda workflow in BPMN and is thus both documented and automated. Further use cases build on this and extend it.
Ansible installation
Because Ansible uses ssh to connect to remote hosts, start creating a ssh key-pair (because we are in a lab, we will use root for everything).
root@ansibletest:~# ssh-keygen
Because Ansible will also connect to localhost using ssh, we will add the ssh public key to local authorized_keys file (again as root, to make it simple for lab).
root@ansibletest:~# cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
You should add the ssh public key for the user which runs Ansible to every hosts authorized_keys file you want to automate using Ansible.
Now test the ssh localhost connection using the hostname and to be sure also the fqdn (it’s important to test both because now you are able to use hostname OR fqdn and you don’t have to take care about it).
The test connection is important for every host you want to connect to because at first connection ssh will ask to check ssh key fingerprint and this needs to be accepted to run Ansible.
root@ansibletest:~# ssh root@ansibletest
And again with FQDN:
root@ansibletest:~# ssh root@ansibletest.eibler.at
Now add all hosts to Ansible hosts file – start with the local host – in this example ‘ansibletest’ (again with hostname and FQDN to make things easier)
root@ansibletest:~# echo ‚ansibletest‘ >> /etc/ansible/hosts
root@ansibletest:~# echo ‚ansibletest.eibler.at‘ >> /etc/ansible/hosts
Now Ansible can access the local machine and we can test it using Ansible adhoc commandos (see https://docs.ansible.com/ansible/latest/user_guide/intro_adhoc.html) – in our example we will gather all facts which should return SUCCESS and a lot of information about the host.
root@ansibletest:~# ansible ansibletest -m ansible.builtin.setup
processNow Camunda Sysworker installation
Install java runtime e.g. default-jre:
root@ansibletest:~# apt-get install default-jre
Copy and install the processNow Camunda Sysworker (see documentation for more information)
root@ansibletest:~# mkdir /usr/local/camunda-sysworker ; cd /usr/local/camunda-sysworker
root@ansibletest:/usr/local/camunda-sysworker#
Copy over/download the camunda-sysworker-x.xx-xxxx.jar file and the the application.yml to the directory.
Setup application.yml with correct Camunda webservice URL and username/password.
And very important: change the topic identifiers for execute-topic, read-file-topic and write-file-topic.
Best practice is, to use the servers hostname as prefix of the topic – so in our case this is ansibletest-execute, ansibletest-write-file and ansibletest-readfile.
This topic is later used in BPMN Service Task definition as Topic.
Add /usr/bin/ansible and /usr/bin/ansible-playbook to execute-white-list.
If you want to write and read files e.g. config files for ansible, add /etc/ansible to read-file-white-list and write-file-white-list.
Now you can start Camunda Sysworker on command line using java -jar. It’s important that sysworker runs as an user which is allowed to run Ansible (in our lab this is again root).
root@ansibletest:/usr/local/camunda-sysworker# java -jar camunda-sysworker-1.0-SNAPSHOT.jar
If worker starts up without troubles and connects to Camunda we can use the start-sysworker.sh script to start it in background.
root@ansibletest:/usr/local/camunda-sysworker# cat start-sysworker.sh
#!/bin/bash
# see https://stackoverflow.com/questions/59895/how-can-i-get-the-source-directory-of-a-bash-script-from-within-the-script-itsel
SOURCE=${BASH_SOURCE[0]}
while [ -h „$SOURCE“ ]; do # resolve $SOURCE until the file is no longer a symlink
DIR=$( cd -P „$( dirname „$SOURCE“ )“ >/dev/null 2>&1 && pwd )
SOURCE=$(readlink „$SOURCE“)
[[ $SOURCE != /* ]] && SOURCE=$DIR/$SOURCE # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
done
DIR=$( cd -P „$( dirname „$SOURCE“ )“ >/dev/null 2>&1 && pwd )
cd „$DIR“
#echo „start camunda sysworker …“
nohup java –jar camunda-sysworker-1.0-SNAPSHOT.jar > camunda-sysworker.log 2>&1 &
Start it e.g. from rc.local after system boots (rc.local has to be enabled in ubuntu 20.04 and newer – e.g. have a look at https://marsown.com/wordpress/how-to-enable-etc-rc-local-with-systemd-on-ubuntu-20-04/).
root@ansibletest:/usr/local/camunda-sysworker# nano /etc/systemd/system/rc-local.service
root@ansibletest:/usr/local/camunda-sysworker# cat /etc/systemd/system/rc-local.service
[Unit]
Description=/etc/rc.local Compatibility
ConditionPathExists=/etc/rc.local
[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
SysVStartPriority=99
[Install]
WantedBy=multi-user.target
root@ansibletest:/usr/local/camunda-sysworker# nano /etc/rc.local
root@ansibletest:/usr/local/camunda-sysworker# cat /etc/rc.local
#!/bin/bash
/usr/local/camunda-sysworker/start-sysworker.sh
exit 0
root@ansibletest:/usr/local/camunda-sysworker# chmod +x /etc/rc.local
root@ansibletest:/usr/local/camunda-sysworker# systemctl enable rc-local
Created symlink /etc/systemd/system/multi-user.target.wants/rc-local.service -> /etc/systemd/system/rc-local.service.
root@ansibletest:/usr/local/camunda-sysworker#
After reboot a java process (the camunda-sysworker) should appear in process list:
root@ansibletest:/usr_local/camunda-sysworker# reboot
root@ansibletest:~# ps -ef | grep java
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
processNow First Test reboot-server.bpmn
Now we will create a simple example camunda process/workflow to reboot a server using Ansible adhoc commands.
Download the Camunda Modeler from https://camunda.com/ Website.
Create a new BPMN diagram (Camunda Platform 7)
Call it “reboot-server.bpmn”
Click on an empy space and open “general” properties tab and type in “reboot-server” as ID.
Create a start event, an service task activity, a timer event and an end event.
The service task implementation type is “External” and the Topic is the topic you defined in application.yml file of camunda-sysworker running on the Ansible server.
In our case this is ansibletest-execute.
Now add 2 Input variables:
Variable name command of type “String or expression” with content: /usr/bin/ansible
Variable name arguments of type “String or expression” with content: ${servername} -a „/sbin/reboot“
Important: the command (/usr/bin/ansible) must be in execute-white-list in sysworkers application.yml file including full path and camunda-sysworker needs to be allowed to run this command (because we are in a lab, we use root and so we don’t have any issues).
On the start event we have to create a “Generated Task Forms” Form field:
servername (lowercase – case sensitive!) of type “String” with Default Value: %HOSTNAME_FQDN%
Later the processNow i-doit addon will automatically replace this with the fqdn of the selected server in i-doit.
Last but not least add a timer event of type “Duration” with e.g. PT1H means 1 hour.
This will allow to view the running process instance after “call ansible reboot” was finished for 1 hour. After this 1 hour it will be ended and moved to Camunda history database and will not be available in list of running process instances in Camunda.
Now deploy the BPMN to your Camunda server.
The Deployment name will be the ID of the Camunda Process/Workflow and should not be changed in this dialog.
Maybe you have to change the REST endpoint pointing to your Camunda Server installation.
Start processNow Flow in i-doit
Add processNow Flow Definition
To start the processNow Flow (Camunda Workflow) from i-doit you have to install the processNow addon.
Now a new Object Type “processNow Flow” appears in group “Other”.
Create a new processNow Flow, give name “Reboot Server” and fill processNow Flow Definition Fields:
Field Workflow-Key/Process-ID with value reboot-server (exact same like the Process ID in your BPMN diagram, case sensitive!).
Field valid for object types with values Blade server, Server, Virtual Server. This processNow Flow (reboot-server) will appear in every of the selected Object types.
Add processNow Flow Definition
Now add the ansibletest server to i-doit.
Create a Host address record with hostname (FQDN) ansibletest and correct domain (or whatever you called it in your environment).
Start processNow Flow „reboot-server“
Now click on “General” and a new button “processNow” should appear in top menu.
Select the Reboot Server Flow.
The Servername (we used %HOSTNAME_FQDN% in BPMN diagram start form) should automatically be replaced with the FQDN of the server record in i-doit.
And after a short time the ansibletest Server should restart – you can see the command executed in camunda-sysworker logfile:
root@ansibletest:~# tail -n 5 -f /usr/local/camunda-sysworker/camunda-sysworker.log
© 2022 processNow