Before you begin, ensure that the following prerequisites are met.
|Address Manager||You must be running one of the following versions of Address
|Ansible||You must be running the following versions of Ansible
|BlueCat Gateway||You must be running one of the following versions of BlueCat
You must install the requests Python module before running the BlueCat Ansible Module. To install the requests module, execute the following command in Ansible manager:
pip install requests
If you wish to utilize the dig functionality as part of a playbook (For example, the query_dns.yml playbook) you must also install the dnspython module. To install the dnspython module, execute the following command in Ansible manager:
pip install dnspython
Accessing BlueCat Gateway
When configuring the BlueCat Ansible Module, you must provide a username, password, and URL for accessing the BlueCat Gateway server.
BlueCat Gateway REST API workflow
The BlueCat Ansible Module must communicate with a BlueCat Gateway server running the REST API workflow. You must import the latest version of the REST API workflow into your Gateway server and set the permissions for the workflow to include a group that contains the API username specified by the “username” variable in playbooks or the files.
The REST API workflow is delivered as a container image published in a public BlueCat cloud registry on http://quay.io/bluecat/rest. Use Docker commands in the Linux CLI to pull the image and manage the container.
Before you Start
As is the case with all BlueCat Gateway containers, BlueCat recommends defining a workspace and logs directory. For more information on how to configure your environment, please refer to the Gateway Installation Guide.
To obtain the image from the public repository:
- Review the ports used on the host machine that is installing the Gateway
instance using the following command:
sudo docker ps -aIn the following example output, ports 80 and 443 are used:
STATUS PORTS NAMES Up 34 minutes 0.0.0.0:80->8000/tcp, 0.0.0.0:443->44300/tcp gateway_20_3_1
- Run the custom Gateway image using the following
sudo docker run -d \--name rest_api \ -e BAM_IP=<IP Address> \ -p <http_port>:8000 \ -p <https_port>:44300 \ -v <path_to_mapped_log_directory):/logs/ \quay.io/bluecat/rest:20.7.2
Where <http_port> and <https_port> represent different ports than those used by the Gateway instance. For example, you can set port 81 as the <http_port> and port 444 as the <https_port> values.
- Run the following command to pull the image and start the container:
docker run -d -p 80:8000 -p 443:44300 -v <path_to_workspace>:/ bluecat_gateway/ -v <path_to_mapped_log_directory>:/logs/ -e BAM_IP=<your bam ip> --name rest_api quay.io/bluecat/rest:20.7.2
docker run -d -p 80:8000 -p 443:44300 -v <path_to_workspace>:/ bluecat_gateway/ -v <path_to_mapped_log_directory>:/logs/ --name rest_api quay.io/bluecat/rest:20.7.2
You can verify if the REST API is available here: http://BlueCatGatewayFQDN/api/v1/. If you can view the swagger documentation for the REST API, it is imported correctly.
The external_vars.yml file
You must update the external_vars.yml file provided with the appropriate information. Once this file has been modified, BlueCat recommends only updating this file when there is a necessary change.
Creating or modifying the external_vars.yml file
Before creating or modifying the external_vars.yml file, you must document the following information:
|Username||Used when accessing the BlueCat Gateway server or executing actions on the BlueCat Address Manager server.|
|Password||Used when accessing the BlueCat Gateway server or executing actions on the BlueCat Address Manager server|
|Protocol||Determines whether http or https is used when connecting to BlueCat Gateway server.|
|Domain||URL or IP address of the BlueCat Gateway server running the
REST API workflow.
Note: The BlueCat Gateway server must have the latest version of the REST API workflow implemented.
|Version||The API version to use for constructing URLs. The default value is 1.|
The cli_path file
The cli_path file contains necessary data to execute commands against a DNS/DHCP Server. It should not be modified in any way.
If you use the BDDS playbooks, you must include the target BlueCat DNS/DHCP Servers in your inventory.