Dynamic GC Compliance & Remediation
Golden Configurations are frequently managed through the UI for many operations; however, it is important that we extend this functionality to Automation Studio via exposed tasks as well. Previously it was difficult to dynamically design Golden Configurations through tasks and APIs, but with two new APIs it has now become straightforward. With that being said, the following tasks have been implemented.
updateNodeConfig
The updateNodeConfig task allows you to easily update the configuration of a node in a GC tree.
| Property | Description |
|---|---|
| treedId | Id of the Golden Config tree. |
| treeVersion | Version of the Golden Config tree. |
| nodePath | Path of the node to modify in the configuration. |
| data | A JSON object that must contain a template (string) and a variables (json) key. |
| updateVariables | Determines whether or not to use the input variables from the data parameter to update the Golden Config tree variables. If false then these variables will be ignored after run-time. |
Example
{
"treeId": "60ad5b4948555dc621052bd0",
"treeVersion": "initial",
"nodePath": "base/US-West",
"data": {
"template": "ntp server {{ntp_ip}}",
"variables": {
"ntp_ip": "192.15.32.146"
}
},
"updateVariables": false
}convertChangesToConfig
The convertChangesToConfig task displays the remediation payload as a native configuration to preview the config that would be sent to the device for application.
| Property | Description |
|---|---|
| deviceType | Used for determining how to display the native-config based on the os-type. |
| changes | The changes object that is the result of the manual-remediation task's output. This is sent to AG or NSO for remediation. |
Example
{
"deviceType": "cisco-ios",
"changes": [
{
"parents": [],
"old": null,
"new": "hostname IOS-Device1"
}
]
}Process
In order to do dynamic compliance and remediation you can start by:
- Creating a Golden Config tree.
- Updating the
basenode with a new configuration. - Adding devices to that node.
- Running compliance on that node.
- Fetching and looping over each compliance report and remediating it.
- Deleting the GC Tree once all compliance/remediation is done.
You can reference the following automation to review the tasks that might be required to complete the dynamic compliance/remediation process. One primary difference would be that the updateNodeConfig would have dynamic information being passed in for the configuration parameter.
