I received quite a few emails from people asking me if I could share my Infoblox Perl CGI application. I’m most certainly happy to do so, this should provide a good basic starting point for anyone looking to build their own Perl CGI interface to the Infoblox appliances. I’ve posted a screenshot of the CGI application to the left of this article. It’s nothing fancy but it should demonstrate how to you can incorporate the functionality into your own management system or corporate Intranet. The purpose of this interface it to allow users to add MAC addresses into the MAC address filter employed by Infoblox without having to actually login to the Infoblox appliance.
I’m currently restricting access to this CGI application via Apache authentication in my organization, leveraging Apache against our Windows Active Directory.
Later versions of the application will hopefully include it’s own application level authentication against an LDAP source such as Microsoft’s Windows Active Directory along with some ability to log any submitted changes and issue email notification regarding changes.
You’ll find the Perl script along with the cascading style sheets and Javascript files in the archive infoblox-cgi.zip.
You’ll need the CGI and Infoblox Perl modules installed on your server. You should update the default values with your Infoblox IP address, username, and password, MAC filter name, etc. along with the URL of the server your going to use to host the CSS and Javascript files. I won’t post the entire script but here’s the first few lines…
#!/usr/bin/perl
#
# infoblox.pl
#
# Copyright (C) 2011 Michael McNamara
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# Filename: /var/www/cgi-bin/infoblox.pl
#
# Purpose: add/change/remove MAC addresses from MAC filtering on Infoblox
#
# Author: Michael McNamara
#
# Date: October 24, 2011
#
# Changes:
#
# October 24, 2011 (M.McNamara)
# o the beast is born had issues getting the Infoblox Perl libraries
# to install on CentOS 5.7 due to a bug in perl-libwww-perl so
# I built a CentOS 6.0 box that had a newer version of
# perl-libwww-perl so I didn't get bogged down. Once that was
# complete installing the Infoblox Perl libraries was pretty
# easy. I took some of the sample code from there API refrence
# manually and started carving it up with a Perl CGI interface.
# October 25, 2011 (M.McNamara)
# o we have a working product the basics work now we need to start cleaning
# up the interface, adding error checking, adding logging, etc
#
# October 27, 2011 (M.McNamara)
# o added basic form validation for the MAC address using a JavaScript call
# o added logic to search for the MAC address first before trying to add it.
# o added some CSS to help cleanup the look of the interface
#
#
# Program Flow:
#
# Load Modules
use strict;
use warnings;
use CGI;
use CGI::Carp qw(fatalsToBrowser);
use Infoblox;
# Global Varibles
our $session; # Infoblox Object
our $web; # CGI Object
our $mac; # Infoblox Object
our $fullurl; # URL of script
our $macaddress; # CGI Variable
our $description; # CGI Variable
our $username; # CGI Variable
our $DEBUG = 0; # DEBUG FLAG for troubleshooting
our $action; # What will we be doing
our ($sdate, $date, $time, $currentTime, $iTime); # Time and Date
#
# THE VALUES BELOW SHOULD BE UPDATED FROM THE DEFAULTS
#
our $SERVER = "10.1.1.1"; # Infoblox Grid Master
our $USERID = "TestUser"; # Infoblox Username
our $PASSWD = "Test12345\$"; # Infoblox Password
our $MAC_ADDRESS = "99:88:77:66:55:44"; # USED FOR TESTING ONLY
our $MAC_FILTER = "IBFILTER"; # Filter used in Infoblox
our $TENYEARS = 31556926*10; # Expiration time in seconds
our $OK_CHARS = 'a-zA-Z0-9 ,-:'; # Filter to sanitze input
our $COMPANY = "Acme Hospital"; # Company Name
our $CONTACT_NAME = 'Michael McNamara'; # Contact Name
our $CONTACT_EMAIL = 'user@somewhere.com'; # Contact Email
our $SCRIPT_URL = "http://web.acme.org"; # URL for CSS and Javascript
#########################################################################
#########################################################################
## M A I N P R O G R A M
#########################################################################
#########################################################################
# Let's intiailize our program
&startup;
# Let's output the HTML headers
&html_header;
if ( $action eq "add") {
# If the script is being called with parameters let's process them
&runjob;
} elsif ($action eq "list" ) {
# Let's retrieve and output the entire list of MAC addresses
&listjob;
} else {
# If the script isn't being called with parameters let's display the form
&html_form();
}
# Let's output the HTML footers
&html_footer;
exit 0;Cheers!
Very nice.
I was hoping to use PHP but the API released by Infoblox is based on Perl modules.
The great thing is that if you have some type of automated provisioning system you can automate the addition/removal of the MAC address filter and even the provisioning of the actual DNS/DHCP entry within Infoblox.
Cheers!
Hi Michael,
We are looking for some solution for centerlized DHCP/DNS/IPAM for our network with +3000 users and we have heard about Infoblox and ask the partner for POC.
Please i need your evaluation for this solution from Infoblox.
Cheers,
Abdulaziz
Hi Abdulaziz,
I believe I responded to our post on the forums but I’ll respond here as well in case there’s anyone else looking for similar information.
http://forums.networkinfrastructure.info/general-discussion/infoblox-ip-address-management-first-impressions/
There are quite a few solutions out there today… much different than it was back in 1997 when Quadritek’s QIP was the only solution (and only available in beta). I would suggest you look at Infoblox, VitalQIP, Bluecat, and BT DiamondIP. Hopefully there’s a solution in there that will fit your environment.
Good Luck!
Thank you again for your professional response.
You’re very welcome Abdulaziz!
I am trying out your script currently to see how it runs in my test environment. I changed the variables, and I am having trouble establishing a session. I get 1006 errors from Infoblox. Just wondering if you had the same problems during your development?
Hi Alex,
Any other hints than just “1006 errors”? If you run the script from the CLI interface providing the variables on the command line you might get some better debug output.
I didn’t have too many issues at all.
You realize the variable $MAC_FILTER needs to be adjusted to the actual name of the MAC filter list you create in the Infoblox GUI.
If you can post some additional information I might be able to help you.
Cheers!
I did modify the variables appropriately. What seems to be happening is the script seems to not even establish a connection with the Infoblox even though it claims to. I do not even see a session established in the audit logs. Maybe it was something with my web server implementation. I am using apache.
I have run the same script without all of the html and cgi. I ran this in a terminal window and performed the same essential functions.
I wonder if somehow the CGI is affecting the use of the APIs.
Thanks!