ServiceNow SaltStack Integration OpenVPN REST Part 2

Part 2 of 2 (http://edwardjamesmathison.com/2018/06/08/servicenow-saltstack-integration-openvpn-rest/)

Following up on my previous post I will be covering the SaltStack side of the Integration.

The first thing to do was figure out a way to capture the username from the end user in Snow and send that to SaltStack.

I used a REST API to do this.

I installed Salt-API and put in the following settings into the master config file.

rest_cherrypy:
port: pick a port number
host: hostname
ssl_crt: /etc/ssl/private/cert.pem #path to ssl key
ssl_key: /etc/ssl/private/key.pem
webhook_disable_auth: True #set this to false if you want auth enabled
webhook_url: /hook . # allows a webhook

Then the next step is to create a reactor file. This tells salt what to do when something is sent to webhook via a REST api.
Place the following config at this path /etc/salt/master.d/reactor.conf

It will look something like this:

reactor:

– salt/netapi/hook/open_vpn_reset:
– /srv/reactor/open_vpn_phone_reset.sls

When something is sent to link of ipofsaltserver:portnumber/webhooklink it will render the sls of open_vpn_reset.sls

Now you need to create the open vpn rest sls file. The one I created is below.

{% set postdata = data.get(‘post’,{}) %} # This allows you to receive the data sent to salt api and use it
open_vpn_phone_reset:
local.cmd.run:
– tgt: ‘connect’
– args:
– cmd: ./sacli –user {{postdata.username}} –lock 0 GoogleAuthLock
– cwd: /usr/local/openvpn_as/scripts

The trick to this sls is that when the data is sent to the webhook you pass a var called user with username. Salt will take this var and place it in postdata.username and the it will render.

This will allow end users to run this script without contacting operations to run the script for them.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.