The integration between ServiceNow and Ansible represents a convergence of two industry titans: the gold standard for IT Service Management (ITSM) and the premier engine for infrastructure automation. At the heart of this synergy is the Ansible Spoke, a specialized application within the ServiceNow IntegrationHub designed to bridge the gap between a ticket-based request and the actual execution of a technical remediation. By utilizing the Ansible Spoke, organizations can transition from manual intervention—where a technician reads a ticket and manually executes a script—to a closed-loop automation system where the creation of an Incident or a Service Request triggers a precise, pre-defined Ansible Job Template. This capability effectively eliminates human latency and reduces the risk of configuration drift, ensuring that the state of the infrastructure matches the intent documented within the ServiceNow platform.
Architectural Foundations of the Ansible Spoke
The Ansible Spoke is not a standalone product but a modular extension of the ServiceNow IntegrationHub. IntegrationHub serves as the orchestration layer that allows ServiceNow to communicate with external systems via REST APIs. The Ansible Spoke specifically leverages these API capabilities to interact with Ansible Tower or the Ansible Automation Platform (AAP).
From a technical perspective, the Spoke acts as a translator. It takes the data objects found within ServiceNow—such as an Incident record, a Configuration Item (CI), or a Change Request—and maps them into parameters that the Ansible REST API can ingest. This allows ServiceNow to perform complex actions such as launching job templates, retrieving inventory details, and managing users within the Ansible environment without requiring the developer to write custom HTTP requests from scratch.
The relationship between these systems is typically bidirectional. While the Spoke allows ServiceNow to "push" instructions to Ansible, the Ansible Automation Platform can also "pull" or interact with ServiceNow. For instance, the servicenow.itsm collection in Ansible allows for the reading, creation, updating, or deletion of any REST-supported object in ServiceNow. This means an Ansible workflow can be constructed to identify an Incident, perform discovery against the referenced Configuration Item, and then record the findings back into the Incident record, creating a fully automated loop of discovery and remediation.
Technical Prerequisites for Implementation
Before initiating the deployment of the Ansible Spoke, several infrastructure and administrative requirements must be met to ensure a stable connection and successful execution of automation tasks.
- ServiceNow Instance: Access to a ServiceNow instance is required, specifically with administrator privileges to install applications and configure connection aliases.
- Ansible Environment: A functional instance of Ansible Tower or the Ansible Automation Platform must be deployed and accessible via the network. This includes ensuring that the firewall rules allow inbound traffic from the ServiceNow instance (or a MID Server) to the Ansible API endpoints.
- IntegrationHub Subscription: Because the Ansible Spoke is part of the IntegrationHub, a valid subscription is necessary to unlock the functionality of the spoke within the system.
Step-by-Step Installation and Configuration Workflow
The deployment of the Ansible Spoke follows a rigorous sequence of administrative steps, moving from application installation to the definition of the operational logic.
1. Application Installation
The first phase involves deploying the Spoke from the ServiceNow application repository.
- Navigate to:
System Applications > All Available Applications > All. - Search for:
Ansible Spokeand execute the installation.
This process installs the necessary action definitions and data schemas required to interact with the Ansible API.
2. Establishing Connection and Credential Aliases
ServiceNow utilizes a decoupled architecture for security, separating the "how to connect" (Alias) from the "what credentials to use" (Credential).
- Navigate to:
Connection & Credential Aliases > Connection & Credential Aliases. - Create a new record by clicking
New. - Name the alias (e.g.,
Ansible Tower Connection). - Define the credential type, such as
Basic AuthorAPI Key, and input the specific username and password or API token associated with the Ansible Tower account.
This layer of abstraction ensures that if a password changes, the administrator only needs to update the credential record rather than updating every individual flow that uses the connection.
3. Connection Configuration
Once the alias is established, a specific connection record must be created to point to the physical endpoint of the Ansible server.
- Navigate to:
Connections > Connections. - Click
New. - Assign a name (e.g.,
Ansible Tower Connection). - Select the previously created
Connection Alias. - Input the
Connection URL(the base URL of the Ansible Tower/AAP instance). - Perform a verification check to ensure that the ServiceNow instance can successfully reach the Ansible endpoint.
Designing Automation Logic with Flow Designer
The true power of the Ansible Spoke is realized within the Flow Designer, which provides a low-code environment to map business events to technical actions.
Creating the Flow
The process begins by defining the trigger and the desired outcome.
- Navigate to:
Flow Designer. - Create a new flow (e.g.,
Incident to Ansible). - Define the Trigger: This is typically set to
When an incident is createdorWhen an incident is updated.
Defining the Flow Logic
Once the trigger is set, the administrator adds the specific Ansible actions to the sequence.
- Click the
+icon to add a new action. - Select the
Ansible spokefrom the available options. - Choose the specific action to perform. Common actions include
Launch Job TemplateorRun Ad-Hoc Command.
Configuring Action Parameters and Mapping
This is the most critical phase of the integration, as it involves mapping ServiceNow data fields to Ansible Job Template parameters.
- Job Template: The user selects the specific Ansible job template (e.g., "Reset Password" or "Restart Server") that should be executed.
- Parameters: The user maps the fields from the triggering Incident record to the job template's required inputs.
For example, the Short Description or Severity of the ServiceNow Incident can be passed as an extra variable (extra-vars) to the Ansible playbook. This allows the playbook to make dynamic decisions based on the data provided by the ITSM tool.
Testing and Validation Procedures
To ensure the integration is functioning correctly, a structured testing cycle is required.
- Incident Creation: Manually create a test incident in ServiceNow that meets the trigger criteria.
- Flow Monitoring: Access the Flow Designer execution logs to confirm that the flow was triggered and that the call to the Ansible Spoke was successfully dispatched.
- Ansible Verification: Log into the Ansible Tower/AAP console to verify that the job template was launched and that the task completed successfully.
Comparison of Integration Methods
Depending on the requirements, organizations may choose different paths for integrating ServiceNow with Ansible.
| Method | Trigger Mechanism | Primary Use Case | Flexibility |
|---|---|---|---|
| Ansible Spoke | Flow Designer / IntegrationHub | Standardized job launching and API management | High (Low-code) |
| Event-Driven Ansible (EDA) | Webhooks / MID Server | Real-time reaction to events | Very High (Event-based) |
| Custom REST API | Business Rules / Scripts | Highly specialized, non-standard integrations | Extreme (Code-heavy) |
servicenow.itsm Collection |
Ansible Playbook | Data synchronization and record updates | High (DevOps-centric) |
Compatibility and Versioning Considerations
A recurring point of inquiry within the technical community is the compatibility of the Ansible Spoke with different versions of the Ansible ecosystem, specifically the distinction between the commercial Ansible Tower/AAP and the open-source AWX.
The Ansible Spoke is officially designed for Ansible Tower and the Ansible Automation Platform. However, because AWX and Ansible Tower share a nearly identical API structure, community reports suggest that the Spoke can interact with AWX endpoints. Users should be aware that while the API endpoints are similar, official support is focused on the commercial products. This may lead to feature gaps or unsupported actions when used with AWX, particularly in newer versions where API schemas might diverge.
Furthermore, there is an evolving landscape regarding the "Ansible Automation Engine." Current reports indicate that the standard Ansible Spoke is designed for the older Tower architecture. For those requiring integration with the newer Automation Engine or specific Request Management triggers, alternatives like the Red Hat Event-Driven Ansible Notification Service are recommended. If a dedicated Spoke for the Automation Engine is not available in the ServiceNow Store, organizations may need to rely on custom integrations or the Red Hat-provided solutions.
Advanced Implementation: Event-Driven Ansible (EDA)
With the introduction of Event-Driven Ansible in AAP 2.4, the integration has evolved from a simple request-response model to a reactive model. This allows ServiceNow to send events to the Ansible Automation Platform via webhooks.
The technical implementation of EDA involves:
- Direct Webhooks: ServiceNow sends a payload directly to the EDA controller.
- MID Server Relay: For instances behind a firewall, the ServiceNow Management, Instrumentation, and Discovery (MID) server acts as a proxy to route the webhook to the internal Ansible environment.
This method can be triggered through:
- Business Rules: Scripted logic that fires upon record change.
- Flow Designer: Using the REST step to send a payload to a webhook.
- Ansible Spoke: Leveraging existing spoke actions to initiate the event.
Conclusion: Strategic Analysis of the Integration
The integration of the ServiceNow Ansible Spoke transforms the ITSM platform from a system of record into a system of action. By bridging the gap between the incident management process and the execution of automation playbooks, organizations achieve a level of operational maturity where "Mean Time to Resolution" (MTTR) is drastically reduced.
The technical strength of this integration lies in its ability to map complex ITSM data—such as severity, priority, and configuration item details—directly into the execution context of an Ansible playbook. This ensures that the automation is context-aware and doesn't simply execute a generic script, but rather a tailored response to a specific business event.
However, the choice of integration path—whether via the official Spoke, a custom REST implementation, or the newer Event-Driven Ansible framework—must be based on the specific architectural needs of the organization. While the Spoke provides the fastest time-to-value for standard Tower integrations, the EDA framework offers superior scalability for real-time, event-based automation. Organizations should prioritize the use of the official Spoke for standard operational tasks while exploring EDA for complex, high-velocity environment responses.
Sources
- ServiceNow Community: How to send incident to ansible for integration via ansible
- ServiceNow Community: Will there be a new ansible spoke supporting ansible automation
- Red Hat Blog: Ansible Automation Platform and ServiceNow ITSM Integration
- Ansible Forum: Is servicenow ansible spoke officially compatible with awx