Jobs

Jobs are for scheduled execution of Automation Tasks and Workflows. Jobs can be set to execute on a schedule, at one specific point in time, and/or execute manually (on-demand). Jobs are linked to existing Tasks or Workflows, and allow for custom configuration options. Jobs can be associated with Instances, Servers, or have no association, such as a job for an SSH task.

Jobs allow for scheduled execution of nearly anything as Tasks Types include Bash, Powershell, HTTP/API, Ansible, Chef, Puppet, Groovy, Python, jRuby, Javascript, and library scripts and templates, which can be configured for resource, remote, or local execution targets. If you need something to execute on a schedule, Morpheus Jobs can deliver.

Jobs are configured in the JOBS tab, and the JOB EXECUTIONS tab contains Job execution history with result output.

Jobs

Required Role Permissions Click to Expand/Hide

Provisioning: Jobs

  • None: Cannot access Provisioning > Jobs > Jobs tab

  • Read: Can access Provisioning > Jobs > Jobs tab but cannot create, edit, or delete Jobs

  • Full: Full permissions to create, view, edit, and delete Jobs

Provisioning: Job Executions

  • None: Cannot access Provisioning > Jobs > Job Executions tab

  • Read: Can access and view Provisioning > Jobs > Job Executions tab including job execution history, status, and Job output


Creating Jobs

Note

Jobs require existing Tasks or Workflows. See the appropriate section of Morpheus docs for more on creating Tasks and Workflows.

To create a new job:

  1. Navigate to Provisioning > Jobs

  2. Select + ADD

  3. Enter the following

    NAME: Name of the Job in Morpheus JOB TYPE: A Task Job will execute a selected Task, a Workflow Job will execute a selected Workflow ENABLED: When checked, the Job will run as scheduled

  4. Select NEXT

  5. Configure the Job

    Task Jobs

    TASK: Select target Task. If relevant to the Task, Option Type fields will be presented

    SCHEDULE:

    Manual: Job is not scheduled but can be executed from Provisioning > Jobs and selecting Actions > Execute

    Date And Time: Job will be executed at one specific point in time and not again (unless rescheduled or executed manually)

    Schedule: Select a configured Execution Schedule. Execution Schedules are created in Provisioning > Automation > EXECUTE SCHEDULING

    Note

    Morpheus provides two default execution schedules, Daily at Midnight and Weekly on Sunday at Midnight. Any additional schedules were created by a User. Additional schedules can be added in Provisioning > Automation > EXECUTE SCHEDULING

    CONTEXT TYPE: Server or Instance

    CONTEXT SERVER/INSTANCE: Select the Server or Instance you wish to target with the Job

    RUN NOW: When checked, the Job will execute on save regardless of SCHEDULE setting.

    Workflow Jobs

    WORKFLOW: Select target Workflow. If relevant to the Workflow, Option Type fields will be presented

    SCHEDULE:

    Manual: Job is not scheduled but can be executed from Provisioning > Jobs and selecting Actions > Execute

    Date And Time: Job will be executed at one specific point in time and not again (unless rescheduled or executed manually)

    Schedule: Select a configured Execution Schedule. Execution Schedules are created in Provisioning > Automation > EXECUTE SCHEDULING

    Note

    Morpheus provides two default execution schedules, Daily at Midnight and Weekly on Sunday at Midnight. Any additional schedules were created by a User. Additional schedules can be added in Provisioning > Automation > EXECUTE SCHEDULING

    CONTEXT TYPE: Server or Instance

    CONTEXT SERVER/INSTANCE: Select the Server or Instance you wish to target with the Job

    RUN NOW: When checked, the Job will execute on save regardless of SCHEDULE setting.

  6. Select NEXT

  7. Select COMPLETE

Creating and Running Security Scan Jobs

Security Scan Jobs allow users to create and schedule SCAP program (Security Content Automation Program) scans for groups of managed systems. These Jobs can call in existing SCAP packages and checklists, which are used to scan the targeted systems on-demand or on a scheduled basis. Historical data for these scans is saved in the Job Execution list and in the software section of server detail pages. Detailed scan reports can also be viewed for each system as needed once the scan is complete. See the SCAP documentation on the NIST website for information on developing your own scanning procedures.

Note

Creating and editing Security Scan Jobs requires the “Security: Scanning” Role permission set to Full. Viewing Security Scan Jobs and seeing the results for scanned servers requires at least a Read-level permission.

Add a new Security Package

  1. Navigate to Provisioning > Jobs > Security Packages Tab

  2. Click +ADD > SCAP Package

  3. Provide a name in addition to a URL to source the package

  4. Click SAVE CHANGES

Note

Currently URL is the only source option for security packages

../../_images/1add_package.png

Add a new Security Scan Job

  1. Navigate to Provisioning > Jobs > Jobs Tab

  2. Click +ADD

  3. Set the Job type to “Security Scan Job” and provide a friendly name for the Job

  4. Click NEXT

    ../../_images/2new_job.png

  5. Select a security package, see the previous section to add a new one

  6. Enter your Scan Checklist (XML document) and Security Profile (XCCDF document), more information on these can be found in the SCAP documentation linked above

  7. Set a schedule or leave as Manual to only run this scan on-demand (new execution schedules can be created in Provisioning > Automation if needed)

  8. Set the context, can be Instance or Server. Select as many Instances or Servers as needed for this scanning run

  9. Click NEXT

  10. After final review, click COMPLETE

    ../../_images/3job_details.png

Running Security Scan Jobs

Once created, Security Scan Jobs will run based on the configured schedule. They can also be run on-demand when needed:

  1. Navigate to Provisioning > Jobs > Jobs Tab

  2. Click MORE

  3. Click “Execute”

    ../../_images/4execute_scan.png

Viewing Completed Security Scan Jobs

To view a list of completed Security Scan Jobs (and Jobs of other types):

  1. Navigate to Provisioning > Jobs > Job Executions Tab

  2. Additional details can be viewed by clicking (i)

    ../../_images/5execution_list.png

To view scan results for specific servers:

  1. Navigate to the server detail page (Infrastructure > Hosts > Virtual Machines tab > Selected server)

  2. Click on the Software tab part way down the page, then click on the Security subtab

  3. High level details on previous scans is viewable here

    ../../_images/6server_results.png

  4. To view the full report, click (i)

    ../../_images/7scan_report.png

Security Drift

In addition to tracking the scan results over time as described in the previous section, Morpheus also provides detail into the change from the most recent scan to the one prior. This information is displayed in the Software tab (and Security subtab) of the detail page for the virtual machine (accessed from the associated Instance detail page or at Infrastructure > Hosts > Virtual Machines). The information surfaced by this view is listed below. If there is no change, you’ll simply see a “No Drift” message.

  • Title: The criteria for the test that has newly passed or failed

  • Severity: The severity level for the indicated security requirement

  • Result: The indicator for whether this test has newly passed or failed

  • New Pass: The number of tests that have newly passed compared to the prior scan

  • New Fail: The number of tests that have newly failed compared to the prior scan

  • Status: An indicator of the change in security posture since the prior scan. A net gain in test failures will yield a negative status indicator while net gains in passed tests (or no change) will yield a positive status indicator

../../_images/8securityDrift.png

Job Executions

Required Role Permissions Click to Expand/Hide

Access and capabilities for the Job Executions section is determined by the following role permissions:

Role: Feature Access: Provisioning: Job Executions

  • None: Cannot access Provisioning: Job Executions section

  • Read: Can access Provisioning: Job Executions section


The Job Executions tab contains execution history of completed Jobs, including any process outputs and error messages. Information included in the Job Executions list includes:

  • Execution Status Icon

  • Job Name - Task Name - Result Error Message: The title of each execution includes the Job Name, Task or Workflow name (for Task and Workflow job types), and execution result error messages (when applicable) separated by hyphens (-). The title also links to the Job Execution detail page

  • Start Date: The date and time the Job Execution kicked off. When expanded, the start date and time of each individual Task are also shown

  • Duration: The time taken for the Job to complete. When expanded, the time to complete each individual Task is also shown

  • User: The user who executed or scheduled the Job

Additional details and actions are available per execution:

  • Select an execution name to go to the Job Execution Detail page

  • Select the ⌃ icon at the end of the row to expand the execution and view additional details, including task process output

  • Select the 📋 icon to copy process output to local clipboard

  • Select the ⌄ icon at the end of an expanded to to collapse additional execution details