Cisco UCS Director was designed with a lot of out-of-the-box functionality, such as the self-service portal. While that portal can do a lot, there are ways it can be extended to provide more support that will facilitate a larger user base and set of use cases. This article will demonstrate how to use tags within UCS Director to execute workflow and take different actions based on the tags assigned to a user.

Tags vs. Profiles

When the following was developed, UCS Director did not leverage profiles quite like it does in the 5.4 release. The idea behind using profiles allowed us to “future-proof” the example a bit to enable admins to use ActiveDirector/LDAP integration to drive this functionality. While some customers might find that easier to use than tags, the tags work just as well. Tags are used in this example.

Building the Functionality

The following steps and accompanying figures show how to add the code that will help boost self-service portal capacity.

1.Start by creating a new PowerUserComparison Check List of Values. This choice will be used to drive whether the custom workflow task will be Use Profiles or Tags. Navigate to the following: Policies > Orchestration > Custom Workflow Inputs Tab. Click the +Add button. Name your Custom Workflow Input: PowerUserComparisonCheck. Check the Input LOV box, click the + button next to LOV Entries and fill in the Label/Values as shown in Figure 1.

Figure 1
Figure 1

 

2. Navigate to the following: Policies > Orchestration > Custom Workflow Tasks Tab. Click the +Add button. Name your custom workflow task and label as follows: CDWIsPowerUser. Click Next.

3. Create the following Input Field Names: PowerUserGroup, ContinueOnError and PowerUserComparisonCheck. Note the Map to Input types in Figure 2. Click Next.

Figure 2
Figure 2

 

Create the Output Field Name: IsPowerUser. Note the Output Field Type column in Figure 3. Click Next.

Figure 3
Figure 3

 

Click Next to skip the Controller area. Copy the following code into the Script tab (Figure 4).

script

Screen Shot 2016-01-15 at 5.33.50 PM Screen Shot 2016-01-15 at 5.34.01 PM Screen Shot 2016-01-15 at 5.34.08 PM
orange pic

7. Navigate to the following: Policies > Tag Library. Click the Create button. Call the tag name: PowerUser. Set the description to “Is this person a power user.” Set the type to INTEGER. Set possible tag values to 0,1. Click Next.

8. Click the + button next to Entities view. Select Administration in the Category drop down. Click the box next to the User taggable entity (Figure 5). Click Submit. Click Submit.

Figure 5
Figure 5

 

9. Navigate to the following: Administration > Users & Groups > Users Tab. Click on the user to whom you wish to give privileges. Click the Manage Tag button. Click the + button next to Tag view. Select PowerUser from the Tag Name drop down (Figure 6). Select 1 from the Tag Value drop down. Click Submit. Click Submit.

Figure 6
Figure 6

 

10. Go into a test workflow, add the new CDWIsPowerUser custom workflow task to your flow. Note that the following values are required:

  • Power User Group: This is the TAG name it is looking for. As of this code, it does not check the value; it just checks the existence of the tag is (what this script will key off of to provide indication of elevated rights).
  • ContinueOnError: 0 = you want the script to stop/fail; 1 = you plan to use the IsPowerUser custom workflow task output in future steps to take or not take action.
  • PowerUserComparisonCheck: 0 = use tags, 1 = use profiles.

See the Code in Action

1. A user has the PowerUser tag set on their profile (Figure 7):

Figure 7
Figure 7

 

Log (Figure 8):

Figure 8
Figure 8

 

2. A user does not have the PowerUser tag set on their profile and ContinueOnError is set to 1 (Figure 9):

Figure 9
Figure 9

 

3. A user does not have the PowerUser tag set on their profile and ContinueOnError is set to 0 (Figure 10):

Figure 10
Figure 10

 

 

Taking It a Step Further

Create a workflow using the output from your function to do one of the following:

  1. Is Power User == True: Log the output of the CDWIsPowerUser
  2. Is Power User == False: Send email alerting of bad behavior.
  3. On some other failure, stop.

Figure 11 shows the IfElse Logic:

Figure 11
Figure 11

 

Figure 12 shows what the workflow would look like:

Figure 12
Figure 12

 

Figure 13 shows when it is executed:

Figure 13
Figure 13

 

The End Result?

As you can see, UCS Director can easily be extended to support additional functionality. This one change allows admins to leverage the Self-Service portal to publish workflows to only those users you want to be able to execute specific tasks. While others might see the workflows, they will not be able to run them. Additionally, this custom workflow task could be leveraged to carve out sections of tasks that either skip or take alternative paths based on tags.

Check out StateTech Magazine to see how San Joaquin County used Cisco UCS Director to create a cloud service that allowed users to spin up their own virtual servers.

Any questions? Feel free to leave a comment below.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>