Jobs

Jobs are for scheduled execution of Automation Tasks and Workflows. Jobs can be set to execute on a schedule, at one specific point in time, and/or execute manually (on-demand). Jobs are linked to existing Tasks or Workflows, and allow for custom configuration options. Jobs can be associated with Instances, Servers, or have no association, such as a job for an SSH task.

Jobs allow for scheduled execution of nearly anything as Tasks Types include Bash, Powershell, HTTP/API, Ansible, Chef, Puppet, Groovy, Python, jRuby, Javascript, and library scripts and templates, which can be configured for resource, remote, or local execution targets. If you need something to execute on a schedule, Morpheus Jobs can deliver.

Jobs are configured in the JOBS tab, and the JOB EXECUTIONS tab contains Job execution history with result output.

Jobs

Role Permissions

Provisioning: Jobs

• None: Cannot access Provisioning > Jobs > Jobs tab

• Read: Can access Provisioning > Jobs > Jobs tab but cannot create, edit, or delete Jobs

• Full: Full permissions to create, view, edit, and delete Jobs

Provisioning: Job Executions

• None: Cannot access Provisioning > Jobs > Job Executions tab

• Read: Can access and view Provisioning > Jobs > Job Executions tab including job execution history, status, and Job output

Creating Jobs

Note

Jobs require existing Tasks or Workflows. See the appropriate section of Morpheus docs for more on creating Tasks and Workflows.

To create a new job:

1. Navigate to Provisioning > Jobs

2. Select + ADD

3. Enter the following

   NAME: Name of the Job in Morpheus JOB TYPE:

   Task: Job will execute a selected Task Workflow: Job will execute a selected Workflow

   ENABLED: When checked, the Job will run as scheduled

4. Select NEXT

5. Configure the Job

   Task Jobs

   TASK: Select target Task. If relevant to the Task, Option Type fields will be presented

   SCHEDULE:

   Manual: Job is not scheduled but can be executed from Provisioning > Jobs and selecting Actions > Execute

   Date And Time: Job will be executed at one specific point in time and not again (unless rescheduled or executed manually)

   Schedule: Select a configured Execution Schedule. Execution Schedules are created in Provisioning > Automation > EXECUTE SCHEDULING

   Note

   Morpheus provides two default execution schedules, Daily at Midnight and Weekly on Sunday at Midnight. Any additional schedules were created by a User. Additional schedules can be added in Provisioning > Automation > EXECUTE SCHEDULING

   CONTEXT TYPE: Server or Instance

   CONTEXT SERVER/INSTANCE: Select the Server or Instance you wish to target with the Job

   RUN NOW: When checked, the Job will execute on save regardless of SCHEDULE setting.

   Workflow Jobs

   WORKFLOW: Select target Workflow. If relevant to the Workflow, Option Type fields will be presented

   SCHEDULE:

   Manual: Job is not scheduled but can be executed from Provisioning > Jobs and selecting Actions > Execute

   Date And Time: Job will be executed at one specific point in time and not again (unless rescheduled or executed manually)

   Schedule: Select a configured Execution Schedule. Execution Schedules are created in Provisioning > Automation > EXECUTE SCHEDULING

   Note

   Morpheus provides two default execution schedules, Daily at Midnight and Weekly on Sunday at Midnight. Any additional schedules were created by a User. Additional schedules can be added in Provisioning > Automation > EXECUTE SCHEDULING

   CONTEXT TYPE: Server or Instance

   CONTEXT SERVER/INSTANCE: Select the Server or Instance you wish to target with the Job

   RUN NOW: When checked, the Job will execute on save regardless of SCHEDULE setting.

6. Select NEXT

7. Select COMPLETE

Creating and Running Security Scan Jobs

Security Scan Jobs allow users to create and schedule SCAP program (Security Content Automation Program) scans for groups of managed systems. These Jobs can call in existing SCAP packages and checklists, which are used to scan the targeted systems on-demand or on a scheduled basis. Historical data for these scans is saved in the Job Execution list and in the software section of server detail pages. Detailed scan reports can also be viewed for each system as needed once the scan is complete. See the SCAP documentation on the NIST website for information on developing your own scanning procedures.

Note

Creating and editing Security Scan Jobs requires the “Security: Scanning” Role permission set to Full. Viewing Security Scan Jobs and seeing the results for scanned servers requires at least a Read-level permission.

Add a new Security Package

1. Navigate to Provisioning > Jobs > Security Packages Tab

2. Click +ADD > SCAP Package

3. Provide a name in addition to a URL to source the package

4. Click SAVE CHANGES

Note

Currently URL is the only source option for security packages

Add a new Security Scan Job

1. Navigate to Provisioning > Jobs > Jobs Tab

2. Click +ADD

3. Set the Job type to “Security Scan Job” and provide a friendly name for the Job

4. Click NEXT

   

5. Select a security package, see the previous section to add a new one

6. Enter your Scan Checklist (XML document) and Security Profile (XCCDF document), more information on these can be found in the SCAP documentation linked above

7. Set a schedule or leave as Manual to only run this scan on-demand (new execution schedules can be created in Provisioning > Automation if needed)

8. Set the context, can be Instance or Server. Select as many Instances or Servers as needed for this scanning run

9. Click NEXT

10. After final review, click COMPLETE

    

Running Security Scan Jobs

Once created, Security Scan Jobs will run based on the configured schedule. They can also be run on-demand when needed:

1. Navigate to Provisioning > Jobs > Jobs Tab

2. Click MORE

3. Click “Execute”

   

Viewing Completed Security Scan Jobs

To view a list of completed Security Scan Jobs (and Jobs of other types):

1. Navigate to Provisioning > Jobs > Job Executions Tab

2. Additional details can be viewed by clicking (i)

   

To view scan results for specific servers:

1. Navigate to the server detail page (Infrastructure > Hosts > Virtual Machines tab > Selected server)

2. Click on the Software tab part way down the page, then click on the Security subtab

3. High level details on previous scans is viewable here

   

4. To view the full report, click (i)

   

Security Drift

In addition to tracking the scan results over time as described in the previous section, Morpheus also provides detail into the change from the most recent scan to the one prior. This information is displayed in the Software tab (and Security subtab) of the detail page for the virtual machine (accessed from the associated Instance detail page or at Infrastructure > Hosts > Virtual Machines). The information surfaced by this view is listed below. If there is no change, you’ll simply see a “No Drift” message.

• Title: The criteria for the test that has newly passed or failed

• Severity: The severity level for the indicated security requirement

• Result: The indicator for whether this test has newly passed or failed

• New Pass: The number of tests that have newly passed compared to the prior scan

• New Fail: The number of tests that have newly failed compared to the prior scan

• Status: An indicator of the change in security posture since the prior scan. A net gain in test failures will yield a negative status indicator while net gains in passed tests (or no change) will yield a positive status indicator

Job Executions

The Job Executions tab contains execution history of completed Jobs, including any process outputs and error messages. Information included in the Job Executions list include:

• JOB: The name of the executed Job

• DESCRIPTION: When the Job Execution is expanded, the name of each executed task in the Job is listed in this column

• TYPE: The Job type, either Task or Workflow. When a Workflow Job is expanded, each individual Task making up the Workflow is identified as a Task in this column

• START DATE: The date and time the Job Execution kicked off. When expanded, the start date and time of each individual Task are also shown

• ETA/TIME: The time taken for the Job to complete. When expanded, the time to complete each individual Task is also shown

• ERROR: Any errors surfaced are shown here. When expanded, any surfaced errors for individual Tasks are also shown

Click the ⓘ icon at the end of the row for a Job Execution or individual Task (when a Job Execution is expanded) to view the Execution Detail modal which provides the following information:

• Name of the Job or individual Task

• Description

• Start Date

• Created By

• Duration

• Status: Completed, Running, or Failed

• PROCESS OUTPUT: Returned values and outputs from the completed Job

• ERRORS: Any errors surfaced from the completed Job