SL1 PowerFlow Platform version 2.5.0 includes updates to the PowerFlow Control Tower page, a new API Keys page, enhancements to the PowerFlow user interface, and updates to the powerflowcontrol (pfctl) utility.
Unless mentioned elsewhere in the documentation, PowerFlow SyncPacks do not require a specific version of the PowerFlow Platform.
Features
This section covers the features that were included in "PowerFlow Platform" version 2.5.0.
Updates to the PowerFlow Control Tower Page
-
The "PowerFlow Control Tower HealthCheck" application can trigger the new "PowerFlow PFCTL HealthCheck" application, which uses the powerflowcontrol (pfctl) utility to gather healthcheck data. Both "HealthCheck" applications are available in the latest "System Utils" SyncPack.
- To run the "PowerFlow PFCTL HealthCheck" application as a cluster-action, specify the three manager nodes of the cluster in the pf_manager_nodes configuration variable, separated by a comma.
- To run the application as a node-action, specify only the single node in the pf_manager_nodes configuration variable.
- For more information about configuring the "PowerFlow PFCTL HealthCheck" application, see the SL1PowerFlow Platform manual.
-
Updated the "PowerFlow Control Tower HealthCheck" application to gather additional Couchbase data for the System Health widget.
-
Added additional health data gathered by the powerflowcontrol (pfctl) utility to the System Health widget on the Control Tower page.
-
When the Step Runner service displays a failure in the System Health widget, you can now click the Step Runner to display the following error message: "Step runners are not responding to ping, no health data could be collected."
-
Added a new all parameter to the Health Status endpoint: /api/v1/status?all=true. If you set the all parameter to true, the endpoint will query for all health metrics for PowerFlow services and merge all the health status cache documents to return only one JSON response.
-
The Configure button () was added to all of the widgets the Control Tower page. Using the Configure option from the menu, you can customize the widgets, including the title and the size of the widget.
-
Improved the text prompts that display when you click an item on the PowerFlow Control Tower page.
-
The PowerFlow Control Tower requires the following SyncPack versions:
- "Base Steps" SyncPack version 1.5.0 or later.
- System Utils" SyncPack version 1.1.4 or later. The System Health and other widgets will not be populated until the "System Utils" SyncPack is installed.
- "Flow Control" SyncPack version 1.0.1 or later.
New API Keys Page in the PowerFlow User Interface
- This release includes a new API Keys page in the PowerFlow user interface. On this page you can create API keys based on PowerFlow roles and delete them as needed. )
- The API key authentication strategy provides access to the PowerFlow API in a controllable manner, with options to restrict which hosts may or may not use certain tokens.
- For security reasons, the API key is only displayed once on the API Keys page: immediately after you create the API key.
- Added the following API endpoints for managing API keys:
- GET /api/v1/apikeys. Retrieve all available API keys saved in the PowerFlow system.
- POST /api/v1/apikeys/. Add a new API key or overwrite an existing API keys.
- GET /api/v1/apikeys/{apikey}. Get details of an API key.
- DELETE /api/v1/apikeys/{apikey}. Delete an API key.
Updates to the Configuration Pane and Application Variables
- In the PowerFlow builder interface, you can use the "Promote to Application Variable" button on the Configuration pane for a step variable to make that value available in a configuration object. Previously you could add a step variable to a configuration, but you would need to type the encoded variable name, such as ${appvar.snow_hostname}, to "promote" that step variable to an application variable.
- When editing or creating a PowerFlow application, you can click the gear icon for a field on the Configuration pane to link to a different configuration variable value without needing to remember or type the variable name.
- Smart input fields are now available inside a Conditional step. If you define any JSON variables in the conditional editor, the PowerFlow user interface will substitute the variable name with the value.
- On the Configuration pane for a PowerFlow application, you can click the button to view and edit the selected configuration object without needing to navigate to the Configurations page.
- On the Configurations page, you can click the button to download an existing configuration object to a local drive. New and buttons were also added.
- On the Configurations page, you can click the button to import an existing JSON configuration object into PowerFlow.
Updates to the PowerFlow Builder
- In the PowerFlow builder interface, you can create a step and then click the button to test that step and view its output, where relevant.
- In the PowerFlow builder interface, you can delete a step from the Step Registry pane that you no longer need, but only if that step does not belong to a SyncPack.
Additional Updates to the PowerFlow User Interface
- Clicking the eye icon next to a triggered application generates a smaller window, also called a "picture-within-a-picture" (PIP), that displays the step or steps for the triggered application.
- Updated or added alternate text for all icons and buttons in the PowerFlow user interface, and also updated other accessibility features, including colors in the user interface.
- The title bar now displays the name of the current PowerFlow page.
- On the Scheduler window for a PowerFlow application, you can click the button from the Schedule List pane to make a copy of an existing schedule. Also, when an application is on a schedule, the button on the Applications page displays in blue instead of white.
- Increased the use of semantic tags in the code for the PowerFlow user interface to improve usability and accessibility.
- Improved the content of the alert messages that display in the PowerFlow user interface when data is missing.
- Updated the PowerFlow login error message for clarity and also explains how to address the error.
- The PowerFlow login screen is now compatible for tablet and mobile screen sizes.
- The PowerFlow login page was updated for better accessibility and for consistency with the SL1 login page.
Updates to the powerflowcontrol (pfctl) Command-line Utility
The latest version of the powerflowcontrol (pfctl) command-line utility, version 2.7.2, is included in this version of the platform. This release includes a number of improvements for the healthcheck and autoheal actions, including fixes for false positives, better handling for larger log files, and new checks.
The powerflowcontrol utility includes the following updates:
-
Added the collect_pf_logs action to collect additional logs for troubleshooting. The command uses the following formatting:
pfctl --host <pf_host_ip_address> <username>:<password> node-action --action collect_pf_logs
-
The powerflowcontrol (pfctl) healthcheck action detects any linefeeds in the /etc/iservices/is_pass file, and the autoheal action removes those linefeeds. (Case: 00254518).
-
Optimized the methods for getting and verifying certificate and private keys using the healthcheck action.
-
You can now run pfctl --help to view new help text for the powerflowcontrol (pfctl) command-line utility.
-
Added the --more option, which shows more detail when running healthcheck actions. In addition, you can find command usage and syntax examples by running one of the following commands:
pfctl node-action --help
pfctl cluster-action --help
Additional Features
- Improved memory handling in the PowerFlow Platform with the following updates:
- Improved logging for failed syncs and redis writes.
- Updated the version of Celery used by PowerFlow to address an error with redis.
- Added the task_id to the step logs for an application for more accurate error messages in the PowerFlow user interface.
- The PowerFlow compose-override process now uses the stackconfig tool to merge the PowerFlow compose files instead of docker-compose config. This change allows you to add Jjinja2 syntax to the docker-compose-override.yml file to reference data from the docker-compose.yml file. Basic Jinja2 syntax is added automatically when the 2.5.0 rpm file is installed. If you added additional Jinja2 syntax customizations to the docker-compose-override.yml file, you should run the script at /opt/iservices/scripts/compose_override.sh to get those changes added to the docker-compose.yml.
- During PowerFlow platform upgrades, external SyncPack dependencies, such as MarkupSafe, are uploaded even if the SyncPacks are already up-to-date.
- The following services are included in this release of PowerFlow:
- contentapi. image: registry.scilo.tools/sciencelogic/pf-api:rhel2.5.0
- couchbase. image: registry.scilo.tools/sciencelogic/pf-couchbase:6.0.2-8
- dexserver. image: registry.scilo.tools/sciencelogic/pf-dex:2.22.0-5
- flower. image: registry.scilo.tools/sciencelogic/pf-worker:rhel2.5.0
- gui. image: registry.scilo.tools/sciencelogic/pf-gui:2.5.0-rc1-ubi7
- pypiserver. image: registry.scilo.tools/sciencelogic/pf-pypi:6.3.1-8
- rabbitmq. image: registry.scilo.tools/sciencelogic/pf-rabbit:3.8.35-3
- redis. image: registry.scilo.tools/sciencelogic/pf-redis:6.2.7-2
- scheduler. image: registry.scilo.tools/sciencelogic/pf-worker:rhel2.5.0
- steprunner. image: sciencelogic/pf-worker:rhel2.5.0
- syncpacks_steprunner. image: registry.scilo.tools/sciencelogic/pf-worker:rhel2.5.0
Issues Addressed
The following issues were addressed in this release:
- Addressed an issue where the default JSON value is [] for an application variable that lets you enter an comma-separate list of values (such as selected_devices for a device sync), the default value is not retained after you save the contents of the Configuration pane. (Jira ID: INT-4684)
- Corrected a false-positive healthcheck alert with the pfctl utility that indicated steps were not processing when the steps were actually processing.
- The Scheduling feature for PowerFlow applications now uses the user's time zone instead of the machine's time zone. (Case: 00146237. Jira ID: EM-42353)
- Addressed an issue where remote API requests directly to RabbitMQ did not work with standard authentication.
Known Issues
This release contains the following known issues:
- When upgrading to this release, run the powerflowcontrol (pfctl) healthcheck action to make sure that your cluster is healthy. Next, to ensure the smoothest upgrade process, validate that auto_rebalance is not explicitly false in your docker-compose file. The default is true, but previous versions of the autocluster action might have incorrectly set it to false.
- For Military Unique Deployments of PowerFlow only, an encrypted password that is longer than 24 characters will generate an error. This issue is addressed in the PowerFlow Platform version 2.6.0.
- The Workflow Health and Interconnectivity widget on the PowerFlow Control Tower page displays diagrams for PowerFlow applications and SyncPacks that have been deleted. To work around this issue, run the "PowerFlow Control Tower HealthCheck" application or wait for the next scheduled run of the application.
- If your PowerFlow system uses self-signed certificates, you will need to manually accept the certificate before you can upload SyncPacks. Go to https://<IP address of PowerFlow>:3141/isadmin, accept the certificate, and then log into PowerFlow. After you log in, you will be able to upload SyncPacks.
-
The latest tag does not exist after the initial ISO installation. This situation only affects users with custom services that point to the latest tag. To work around this issue, run the tag latest script manually after running the ./pull_start_iservices.sh command:
python /opt/iservices/scripts/system_updates/tag_latest.py /opt/iservices/scripts/docker-compose.yml
System Requirements
PowerFlow Platform version 2.2.1 and later requires version 1.3.1 or later of the Base Steps SyncPack. This version includes an update to the "Query REST" step that prevents issues with scheduled PowerFlow applications. You can download the latest version of this SyncPack from the PowerPacks page of the ScienceLogic Support Site.
The PowerFlow builder is available as part of an SL1 Premium solution. To upgrade, contact ScienceLogic Customer Support. For more information, see https://sciencelogic.com/pricing.
The PowerFlow platform does not have a specific minimum required version for SL1 or AP2. However, certain SyncPacks for PowerFlow have minimum version dependencies, which are listed on the Dependencies for SL1 PowerFlow SyncPacks page.
Ports
The following table lists the PowerFlow ingress requirements:
Source | Port | Purpose |
SL1 host |
443 |
SL1 run book actions and connections to PowerFlow |
User client |
3141 |
Devpi access |
User client |
443 |
PowerFlow API |
User client |
5556 |
Dex Server: enable authentication for PowerFlow |
User client |
8091 |
Couchbase Dashboard |
User client |
15672 |
RabbitMQ Dashboard |
User client |
22 |
SSH access |
The following table lists the PowerFlow egress requirements:
Destination | Port | Purpose |
SL1 host |
7706 |
Connecting PowerFlow to SL1Database Server |
SL1 host |
443 |
Connecting PowerFlow to SL1 API |
Additional Considerations
Review the following list of considerations and settings before installing PowerFlow:
- ScienceLogic highly recommends that you disable all firewall session-limiting policies. Firewalls will drop HTTPS requests, which results in data loss.
- Starting with PowerFlow version 3.0.0, the minimum storage size for the initial partitions is 60 GB. Anything less will cause the automated installation to stop and wait for user input. You can use the tmux application to navigate to the other panes and view the logs. In addition, at 100 GB and above, PowerFlow will no longer allocate all of the storage space, so you will need to allocate the rest of the space based on your specific needs.
- PowerFlow clusters do not support vMotion or snapshots while the cluster is running. Performing a vMotion or snapshot on a running PowerFlow cluster will cause network interrupts between nodes, and will render clusters inoperable.
- The site administrator is responsible for configuring the host, hardware, and virtualization configuration for the PowerFlow server or cluster. If you are running a cluster in a VMware environment, be sure to install open-vm-tools and disable vMotion.
- You can configure one or more SL1 systems to use PowerFlow to sync with a single instance of a third-party application like ServiceNow or Cherwell. You cannot configure one SL1 system to use PowerFlow to sync with multiple instances of a third-party application like ServiceNow or Cherwell. The relationship between SL1 and the third-party application can be either one-to-one or many-to-one, but not one-to-many.
- The default internal network used by PowerFlow services is 172.21.0.1/16. Please ensure that this range does not conflict with any other IP addresses on your network. If needed, you can change this subnet in the docker-compose.yml file.
For more information about system requirements for your PowerFlow environment, see the System Requirements page at the ScienceLogic Support site at https://support.sciencelogic.com/s/system-requirements.
Installing or Upgrading PowerFlow
For detailed steps about installing or upgrading to this version of PowerFlow, see Installing and Configuring PowerFlow.
You should always upgrade to the most recent release of PowerFlow.