Skip to content

Gateway Automation workflows

Bill Morton edited this page Sep 20, 2019 · 1 revision

Certified Available Workflows

The Certified folder contains Certified Workflows developed and tested by BlueCat. These Certified Workflows demonstrate the kinds of workflows that can be built for BlueCat Gateway, as well as BlueCat's best practices for Python development, UI components, and API usage.

These Certified workflows will only work on Gateway versions 19.5.1 or greater

Each release of BlueCat Gateway has a corresponding tag that can be used to download the version that is guaranteed to be compatible with that release. New customers less familiar with GitHub can also import the Example workflows directly from the BlueCat Gateway user interface (Internet connection required).

The Certified workflows can be found here

Workflow Name Description
cisco_aci_example This Certified Cisco ACI workflow allows you to populate Address Manager with data from your Cisco ACI environment. Using this workflow, you can import ACI Tenants and their infrastructure as well as ACI Fabric Devices into Address Manager for visibility alongside your DNS, DHCP, and IPAM infrastructure in BAM

Community Available Workflows

The Community folder contains Workflows developed by Customers and BlueCat. These Community Workflows demonstrate how other people have solved their business needs. This also provides ready examples of how to do things for people who need more than just the docs.

The Community workflows can be found here

Workflow Name Description
GitLab Management gitlab_configuration > This workflow applies to BlueCat customers who use GitLab internally for their repository management and want to promote code from a development environment to GitLab, to Production
GitLab Management gitlab_import > This workflow applies to BlueCat customers who use GitLab internally for their repository management and want to promote code from a development environment to GitLab, to Production
CiscoDNA The BlueCat Cisco DNA IPAM Driver consists of community BlueCat Gateway Workflow which integrates with Cisco DNA Center. The BlueCat Integration provides the ability to see network IP address scopes and provision the scopes that the enterprise owns directly within the DNA Center or the BlueCat Address Manager interface. Early Cisco DNA Centre releases provided a BlueCat integration capability using a fixed code path developed by Cisco directly. However, the current integration model is very tightly coupled with DNAC release cycle and Cisco have developed a newer standardised newer IPAM model which all this integration provides support for going forwards. In SD-Access deployments, BlueCat DNA Center integration provides: Access to existing IP address scopes, referred to as IP address pools in Cisco DNA Center. In BlueCat Address Manager DNAC global-pools are represented as network blocks and sub-pools as Networks (subnets) When configuring new IP address pools in Cisco DNA Center, the pools populate to the BlueCat Address Manager, reducing manual IP address management tasks.
NewLocation
Service Requests > configure_service_requests This will let you configure your ServiceNow values instead of manually updating a config file
Service Requests > manage_service_requests The workflows provides the ability to approve Change Requests within Service Now. The requests have to have been created using the service_request_host Gateway workflow available in this same folder
Service Requests > service_request_host The workflows provides the ability to request a host record within Service Now. This is accomplished by reserving the requested IP and then creating a Change Request ticket within ServiceNow. The host record will only be created once the ticket has been approved using the manage_service_requests workflow
SubnetStatus This workflow allows you to search for a subnet at either the network or block level. It will give you a report of various pieces of information for the requested subnet, chief among that information being the utilization. The user can also enter an email address and the report will be directly emailed to them
acl_inventory Select an ACL and download every IP address in the ACL in csv format
add_mac_address Add a MAC Address to Address Manager and optionally add the MAC address to a MAC Pool
bulk_register_group Add user groups to Address Manager in bulk with a structured CSV file
bulk_register_ip_address This workflow will assign static IP Addresses in bulk from a CSV file
bulk_register_mac_address This workflow will add MAC Addresses in bulk from a CSV file
bulk_register_user This workflow will add users in bulk from a CSV file
create_a_record Create an A record via REST API and instantly deploy it
create_address_manager_user This will create an Address Manager user and allows you to also enter the PortalGroup UDF for Gateway workflow permissions
customizations Customizations folder for community workflows. Place all shared Python modules needed to run Community workflows here
flip_normal_dr This workflow will flip the IP addresses of a certain application (servers) from a main site to a disaster recover site while retaining the same FQDN
iot_device_registration IoT device registration workflow integrated into BlueCat Gateway and Aruba Clearpass API allowing self-service registrations to authorised users and RunDeck scheduled de-registration of expired devices, written in Python. Compliant to organisation Network Access Control using Aruba Clearpass
itsm_api This workflow provides slimmed down API interfaces for host record creation
lease_history_ip This workflow will list the lease history of a specific IP Address.
lease_history_mac This workflow will list the lease history of a specific MAC Address
manage_dhcp manage_dhcp contains a suite of REST APIs to manage DHCP. Please see the Postman Collection for examples of all the calls you can make. /manage_dhcp/create_reservation Submit JSON data(mac, ip, duid) to create a DHCP reservation. This supports IPv4 and IPv6. A MAC(IPv4) address or duid(IPv6) must be submitted along with the request, depending on the type of IP you're reserving /manage_dhcp/delete_reservation Submit JSON data(ip) to delete a reservation. This supports both IPv4 and IPv6. When deleting it will remove everything associated with the record, including host and alias records /manage_dhcp/create_scope Submit JSON data(network, size, start, end) to create a DHCP scope within a network. This support both IPv4 and IPv6. Submit network and size for IPv6 and network, start, end for IPv4. /manage_dhcp/delete_scope Submit JSON data(id) to remove a DHCP scope from a network. The id to submit is returned when the scope is created /manage_dhcp/add_option Submit JSON data(network, option_value) to add the "tftp-server" deployment option to a network. This option is NOT supported on an IPv6 network /manage_dhcp/reserve_next_available Submit JSON data(network, host_name, zone, mac_address) to reserve the next available IP address within the submitted network. The resulting IP state is DHCP Reserved. In the folder is a file called "manage_dhcp.postman.json". This file can be imported in Postman as a Collection. It contains example REST calls. It must be used in a Postman Environment with the "server" variable defined which points to a Gateway server.
manage_records manage_records contains a suite of REST APIs to manage various types of resource records. There is also an option to manage them via bulk operations. The type of records supported are: A, AAAA, CNAME, TXT, MX, and TLSA /manage_records/create_record Submit JSON data to create a record. By default records are NOT deployed. Either the deploy_records API can be called, or you can pass in "deploy" as part of the request JSON data, and it will deploy the record immediately. "ping_check" can be added as a part of the request in the JSON request data to have the workflow conduct a ping check prior to assigning the record. Please see the Postman Collection for examples of all the calls you can make /manage_records/delete_record Submit JSON data to delete a record. By default the deletion will be deployed. Pass in "deploy" as part of the JSON data to prevent the delete of the record /manage_records/update_record Submit JSON data to update a particular record. This updates the content(for example, the linked IP address to a host name) and not the name or zone of the record. To modify that you must delete and recreate. By default the changes will NOT be deployed. Either the deploy_records API can be called, or you can pass in "deploy" as part of the request JSON data, and it will deploy the record immediately. "ping_check" can be added as a part of the request in the JSON request data to have the workflow conduct a ping check prior to updating the record. /manage_records/bulk_process Submit a csv formatted file to do any of the above processes. Here is the format to submit for the type of record: Actions - C,U,D A - record_type,action,deploy,name,zone,ip AAAA - record_type,action,deploy,name,zone,ip CNAME - record_type,action,deploy,name,zone,linked_record TXT - record_type,action,deploy,name,zone,text MX - record_type,action,deploy,name,zone,linked_record TLSA - record_type,action,deploy,name,zone,data /manage_records/deploy_records Submit a list of IDs via JSON to deploy the records and anything associated with them. This is done using the selective deploy function /manage_records/get_record Submit data to retrieve the information of a record
network_exporter This workflow will list and export existing blocks / networks / IP addresses
network_manager This workflow provides a simple example of tying a user to an IP block, and an example of using a naming convention validator with regex
query_logger This workflow will send DNS query logs from the BlueCat DNS Edge CI (Customer Instance) to a designated Syslog server in a syslog format
query_unused_mac_address This workflow will obtain a list of MAC addresses which the last lease expiry time is before a specified date
register_mac_address This workflow will register a specified MAC address tied to a certain location. It assumes a MAC address filtering scenario where the DHCP server will only lease an IP address to a pre-registered MAC address tied to a certain location
rest_api This workflow will provide access to a REST-based API for BlueCat Gateway. Once imported and permissioned, documentation for the various available endpoints can be viewed by navigating to /api/v1/
sdwan_firewall_rule_updater This workflow will update the firewall rule on a SDWAN (Meraki) cloud controller based on BlueCat DNS Edge domain lists. The updated rule based on the domain lists will be allowed traffic through the firewall. This workflow assumes there is a "Deny All Traffic" rule at the end in order for only the firewall rules based on DNS Edge domain lists are allowed through
service_point_watcher This workflow will list the DNS Edge Service Points which belongs to a specified CI and show certain information. It will only list service points which are associated with an IP address
update_user_permissions This workflow will update Address Manager users PortalGroup UDF based on the Address Manager group selected. This will skip over any account that already has an Access Type of GUI_AND_API. It will also skip the user admin. The Gateway groups are hand entered in the form. You should add your values you added to your Gateway implementation. This workflow is great when first installing Gateway so you can populate the users PortalGroup UDFs which gives them access to Gateway workflows
user_inventory REST workflow that generates a list of BAM users and their permissions. Output report is in CSV format and is emailed to Mail Admins. Workflow is meant to be used in conjunction with RunDeck as a report scheduling example
view_db_statistics This workflow will list relevant statistics of the BAM (BlueCat Address Manager) Database
zone_exporter This workflow will list and export existing views / zones / resource records.
Alias Record The Alias (CNAME) Record requires a name, linked record zone, and a linked Host Record. Using the Alias Record workflow, you can add, delete, or update Alias (CNAME) Records in a zone. This workflow is ideal for self-service customers using the BlueCat Gateway user interface and for IPAM or DNS administrators to help reduce the repetition usually associated with daily record management
Selective Deployment Select a DNS record for deployment
Host Record The Host (A) Record designates an IP address for a device. A new Host Record requires a name and an IP address. Using the Host Record workflow, you can add, delete, and update Host Records in a zone. This workflow is ideal for self-service customers using the BlueCat Gateway user interface and for IPAM or DNS administrators to help reduce the repetition usually associated with daily record management
IPv4 Address Using the IPv4 address workflow, you can add dynamic or static IPv4 addresses to a zone, and delete and update current IPv4 addresses in a zone. This workflow is ideal for self-service customers using the BlueCat Gateway user interface and for IPAM or DNS administrators to help reduce the repetition usually associated with daily record management
Text Record The Text Record includes name and text information, and associates arbitrary text with a host name. In addition, the Text Record is used to support record types such as those used in Sender Policy Framework (SPF) e-mail validation. Using the Text Record workflow, you can add, delete, or update Text Records in a zone. This workflow is ideal for self-service customers using the BlueCat Gateway user interface and for IPAM or DNS administrators to help reduce the repetition usually associated with daily record management
UI Components The UI Table Components workflow provides an example of generating a table of search results in a UI workflow. It returns an array of entities by searching for keywords associated with objects of a specified object type. You can search for an object type using a keyword. This workflow is intended for customers to familiarize themselves with how to build a table component in their UI workflows
rest_example The Rest example workflow creates non-UI based workflows. You can use this workflow if you want to access Gateway through scripts instead of the UI. This workflow is intended for customers that primary need automated workflows that will integrate with third-party systems and as such will call Gateway endpoints to execute rest workflows.

Other Integrations Available

Integration Name Description
anycast-config-utility The DNS Edge Anycast Configuration Utility is designed to help you configure service points to be added to an Anycast pool
absorbaroo Absorbaroo downloads Office 365 Whitelists and syncs them to DNS Edge and Meraki SDWAN. Customers using SDWAN for traffic optimization can leverage this workflow to allow safe traffic to Office 365 sites
rundeck-bluecat-gateway-plugin This is a Plugin for Rundeck 3.0.8 that provides the ability to call BlueCat Gateway endpoints from the Rundeck UI. This Plugin is built to utilize the rest_api workflow on Gateway versions 18.10.2 or greater
who-da-for-splunk The Who-Da add-on for Splunk is a customized search function that can be used in co-ordination with your search indexes to provide complete visibility of information behind an IP address
bluecat-gateway-ansible-module Ansible Playbooks
identity-bridge Identity Bridge is a simple integration between BlueCat Address Manager (BAM), Cisco Identity Services Engine (ISE) and Palo Alto firewalls, to identity users by IP address or MAC address
bluecat-openstack-drivers The BlueCat OpenStack integration consists of three Python-based components: The BlueCat OpenStack Neutron IPAM Driver, which documents OpenStack subnets,ports and compute instances as they are provisioned in Openstack within the BlueCat Address Manager™ (BAM) The BlueCat OpenStack Nova monitor, which sends OpenStack instance FQDNs (A,AAAA and PTRs) to a Bluecat DNS server (BDDS) dynamically, which then forwards updates to Bluecat Address Manager™ (BAM) The Bluecat Neutron monitor, which sends floating IP assignment updates (A,AAAA and PTRs) to Bluecat DNS server dynamically, which then updates the DNS records within Bluecat Address Manager™ (BAM)
You can’t perform that action at this time.