Installing the DNS Integrity Gateway - Platform - BlueCat Gateway - 18.6.1

Gateway Installation Guide

prodname
BlueCat Gateway
version_custom
18.6.1

Obtain the DNS Integrity Gateway installer package from BlueCat Customer Care, copy to your Linux client, then install the DNS Integrity Gateway.

The BlueCat DNS Integrity Gateway requires installation on a 64-bit Linux client as well as the installation of Docker on a provisioned Linux server. The DNS Integrity Gateway user interface runs locally on the Linux client while Docker provides the container of the DNS Integrity Gateway workflows. This allows for independent upgrade of the DNS Integrity Gateway container with updated BlueCat APIs and business logics.
Attention: Before you start
  • You must install Docker and the Python Docker SDK before installing DNS Integrity Gateway. Docker installation is only necessary to run the Gateway application.
  • As part of the installation, you must set the absolute path for your BlueCat DNS Integrity Gateway directory. This path is stored in the /etc/bluecat/gateway.conf  file. If the folder does not exist it will be created as part of the installation. Ensure that you have sufficient privileges to create or edit this file.
  • Make sure that the Gateway user performing the installation belongs to the docker user group. If you receive any "permission denied" errors during installation, it indicates that you have insufficient permissions.
Downloading the DNS Integrity Gateway installer package:
  1. Download dns_integrity_gateway_18.6.1-557.GA.bcn_amd64.tar.gz from BlueCat Customer Care (log in required).
  2. Extract the TAR file to a local directory. For example:
    tar -zxvf dns_integrity_gateway_18.6.1-557.GA.bcn_amd64.tar.gz -C <target_path>

Installing the DNS Integrity Gateway:

  1. Log in to the Linux client as an administratorroot/sudo.
  2. Change to the local directory where you extracted the TAR file.
    Note: Optional: list files (ls -l) to view package contents:
    • bluecat_portaldata.tar.gz—default workflows and configurations.
    • portal_image-<version>.tar—Docker DNS Integrity Gateway image.
    • version.dat—stores the Docker DNS Integrity Gateway image version.
    • dns_integrity_gateway.py—loads the DNS Integrity Gateway image, sets up the environment, and runs the Gateway container and server.
    • readme.txt—basic DNS Integrity Gateway installation steps.
  3. Setup the DNS Integrity Gateway:
    python dns_integrity_gateway.py setup --uid <number>
    Parameters:
    • uid—any valid numerical value (uid cannot be zero); BlueCat recommends a uid of 500 or greater in order to avoid conflicts with internal container users. The uid (user ID) maps the Python Flask user inside the DNS Integrity Gateway container to the Linux client.
  4. At the prompt, enter the absolute path to the BlueCat DNS Integrity Gateway directory. For example, /home/user/dns_integrity_gateway.
    -----------------------------------
    BlueCat DNS Integrity Gateway Setup
    -----------------------------------
    Configuration file is empty /etc/bluecat/gateway.conf
    Input the BlueCat DNS Integrity Gateway deployment directory path:
    
    /<home>/<user>/<dns_integrity_gateway>
    
    Note: The path to the BlueCat DNS Integrity Gateway directory is absolute and must begin with a slash "/".

    The BlueCat DNS Integrity Gateway directory will contain your DNS Integrity Gateway workflows (both default and custom). The BlueCat DNS Integrity Gateway directory exists outside of the DNS Integrity Gateway container, and as such, must have write permissions in order to import the default workflows in step 7.

  5. At the prompt, type <Y/y> to import the default DNS Integrity Gateway workflows (recommended).
    Import basic administrative workflows into your workflow directory? [Y/N]y
    
    Note: If you do not import the default administrative workflows they will not be available in the DNS Integrity Gateway user interface. The DNS Integrity Gateway will not have any workflows; administrative workflows will need to be created from scratch.
  6. At the prompt, type <Y/y> to import basic DNS Integrity Gateway configuration files from the installer package (recommended for initial setup).
    Import basic configuration files to your BlueCat DNS Integrity Gateway directory? [Y/N]y
  7. At the prompt, enter the IPv4 address of the Address Manager server.
    Note: The DNS Integrity Gateway does not need to be on the same subnet as the Address Manager server but you must set necessary network routing to ensure the DNS Integrity Gateway container and Address Manager can communicate. If using an external DNS server a FQDN can be used within the DNS Integrity Gateway container.

    Caution: if you are using the UNIX /etc/hosts file is to define BAM IP address mapping, the /etc/hosts file will not be propagated inside of the DNS Integrity Gateway container and the application will be unable to resolve the domain name into an address.

    Input the new BAM address: 192.0.2.10
    Tip: Support for multiple Address Manager servers

    Modify the config.py file in the <dns_integrity_gateway> directory to set IP addresses for multiple BAM servers. You can use an HTTP or HTTPS address and identify each BAM with an alias.

    If running BAM in replication, enter the IP address and alias of both the Primary and Secondary in the config.py file in the <dns_integrity_gateway> directory. In the event of failover, select the alias of the Secondary (now Primary) from the drop-down menu of the DNS Integrity Gateway login page. For more information, refer to the 'Set the Address Manager IP address' in the Configuring the DNS Integrity Gateway topic in the DNS Integrity Gateway Help and Documentation.

  8. At the prompt, type <Y/y> to remove the existing container (if available). Removing the container will not affect your workflows. If you type <N/n> the installation will halt.
    The BlueCat DNS Integrity Gateway container already exists, do you want to remove it? [Y/N]y
    
  9. At the prompt, type <Y/y> to load the latest version of the DNS Integrity Gateway image. You will only receive this prompt if you are not running the latest DNS Integrity Gateway image.
    BlueCat DNS Integrity Gateway image already exists, do you want to overwrite it? [Y/N]y
    
  10. OPTIONAL: At the prompt, type <Y/y> to install third-party Python libraries. You will only receive this prompt if you have created a requirements.txt file in the <dns_integrity_gateway>/packages directory that contains a list of Python modules to install.
    Note: If you have not created a requirements.txtfile, view the README file in <dns_integrity_gateway>/packages for instructions on how to install third-party Python libraries.
  11. At the prompt, type <Y/y> to start the DNS Integrity Gateway.
    Would you like to start the BlueCat DNS Integrity Gateway? [Y/N]y
    
    STARTING BlueCat DNS Integrity Gateway
    --------------------------------------
    BLUECAT_DNS_INTEGRITY_GATEWAY: /home/user/dns_integrity_gateway
    BAM: 192.0.2.10
    BLUECAT_DNS_INTEGRITY_GATEWAY_IMAGE: portal_img:18.6.1-XXX
    VERSION:18.6.1-XXX
    -----------------------------------
    Checking if BlueCat DNS Integrity Gateway container already exists.
    Setting flask container permissions to dns_integrity_gateway dirs
    You can attach to the portal using the following command: 'docker attach portal'
    BlueCat DNS Integrity Gateway container is now running!
    
    Note: Optional—if necessary, run the docker attach portal command to attach the DNS Integrity Gateway container to the DNS Integrity Gateway if you need to run commands within the DNS Integrity Gateway container.
This completes installation of the DNS Integrity Gateway. Next, go to Address Manager to create the PortalGroup UDF and DNS Integrity Gateway administrators and users.