Michael McNamara
technology, networking and IP telephony
Infoblox Perl CGI Application
6November 11, 2011
by Michael McNamara in Infoblox
I received quite a few emails from people asking me if I could share my Infoblox Perl CGI application. I’m most certainly happy to do so, this should provide a good basic starting point for anyone looking to build their own Perl CGI interface to the Infoblox appliances. I’ve posted a screenshot of the CGI application to the left of this article. It’s nothing fancy but it should demonstrate how to you can incorporate the functionality into your own management system or corporate Intranet. The purpose of this interface it to allow users to add MAC addresses into the MAC address filter employed by Infoblox without having to actually login to the Infoblox appliance.
I’m currently restricting access to this CGI application via Apache authentication in my organization, leveraging Apache against our Windows Active Directory.
Later versions of the application will hopefully include it’s own application level authentication against an LDAP source such as Microsoft’s Windows Active Directory along with some ability to log any submitted changes and issue email notification regarding changes.
You’ll find the Perl script along with the cascading style sheets and Javascript files in the archive infoblox-cgi.zip.
You’ll need the CGI and Infoblox Perl modules installed on your server. You should update the default values with your Infoblox IP address, username, and password, MAC filter name, etc. along with the URL of the server your going to use to host the CSS and Javascript files. I won’t post the entire script but here’s the first few lines…
#!/usr/bin/perl
#
# infoblox.pl
#
# Copyright (C) 2011 Michael McNamara
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# Filename: /var/www/cgi-bin/infoblox.pl
#
# Purpose: add/change/remove MAC addresses from MAC filtering on Infoblox
#
# Author: Michael McNamara
#
# Date: October 24, 2011
#
# Changes:
#
# October 24, 2011 (M.McNamara)
# o the beast is born had issues getting the Infoblox Perl libraries
# to install on CentOS 5.7 due to a bug in perl-libwww-perl so
# I built a CentOS 6.0 box that had a newer version of
# perl-libwww-perl so I didn't get bogged down. Once that was
# complete installing the Infoblox Perl libraries was pretty
# easy. I took some of the sample code from there API refrence
# manually and started carving it up with a Perl CGI interface.
# October 25, 2011 (M.McNamara)
# o we have a working product the basics work now we need to start cleaning
# up the interface, adding error checking, adding logging, etc
#
# October 27, 2011 (M.McNamara)
# o added basic form validation for the MAC address using a JavaScript call
# o added logic to search for the MAC address first before trying to add it.
# o added some CSS to help cleanup the look of the interface
#
#
# Program Flow:
#
# Load Modules
use strict;
use warnings;
use CGI;
use CGI::Carp qw(fatalsToBrowser);
use Infoblox;
# Global Varibles
our $session; # Infoblox Object
our $web; # CGI Object
our $mac; # Infoblox Object
our $fullurl; # URL of script
our $macaddress; # CGI Variable
our $description; # CGI Variable
our $username; # CGI Variable
our $DEBUG = 0; # DEBUG FLAG for troubleshooting
our $action; # What will we be doing
our ($sdate, $date, $time, $currentTime, $iTime); # Time and Date
#
# THE VALUES BELOW SHOULD BE UPDATED FROM THE DEFAULTS
#
our $SERVER = "10.1.1.1"; # Infoblox Grid Master
our $USERID = "TestUser"; # Infoblox Username
our $PASSWD = "Test12345\$"; # Infoblox Password
our $MAC_ADDRESS = "99:88:77:66:55:44"; # USED FOR TESTING ONLY
our $MAC_FILTER = "IBFILTER"; # Filter used in Infoblox
our $TENYEARS = 31556926*10; # Expiration time in seconds
our $OK_CHARS = 'a-zA-Z0-9 ,-:'; # Filter to sanitze input
our $COMPANY = "Acme Hospital"; # Company Name
our $CONTACT_NAME = 'Michael McNamara'; # Contact Name
our $CONTACT_EMAIL = 'user@somewhere.com'; # Contact Email
our $SCRIPT_URL = "http://web.acme.org"; # URL for CSS and Javascript
#########################################################################
#########################################################################
## M A I N P R O G R A M
#########################################################################
#########################################################################
# Let's intiailize our program
&startup;
# Let's output the HTML headers
&html_header;
if ( $action eq "add") {
# If the script is being called with parameters let's process them
&runjob;
} elsif ($action eq "list" ) {
# Let's retrieve and output the entire list of MAC addresses
&listjob;
} else {
# If the script isn't being called with parameters let's display the form
&html_form();
}
# Let's output the HTML footers
&html_footer;
exit 0;Cheers!
Infoblox API Perl Modules
0November 9, 2011
by Michael McNamara in Linux
We recently migrated from Alcatel-Lucent’s VitalQIP to Infoblox for our IPAM (IP Address Management) solution. I hope to make a more detailed post reviewing Infoblox in the future, for now I’ll stick with the issue of integrating with the API interface. One of our goals for the past few years has been to enable MAC address registration essentially turning off the dynamic nature of DHCP. This would prevent someone from connecting any device to our internal network and getting a DHCP issued IP address. It certainly not a complete solution to the security dilemmas but it would be a good first step.
I do most of my work with CentOS and RedHat Linux because those are the distributions that my organization supports internally (even if I’m one of two people that support Linux across the entire organization). In this case I was working with a CentOS 5.7 server but I was having an issue compiling and installing the Infoblox Perl modules.
LWP::UserAgent version 5.813 required–this is only version 2.033
When I attempted to compile the Infoblox Perl modules I received the following errors;
LWP::UserAgent version 5.813 required--this is only version 2.033 at /usr/lib/perl5/site_perl/5.8.8/Infoblox/Agent.pm line 3. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/Infoblox/Agent.pm line 3. Compilation failed in require at /usr/lib/perl5/site_perl/5.8.8/Infoblox/Session.pm line 19. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/Infoblox/Session.pm line 19. Compilation failed in require at /usr/lib/perl5/site_perl/5.8.8/Infoblox.pm line 8. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/Infoblox.pm line 8. Compilation failed in require at ./ibcli.pl line 78. BEGIN failed--compilation aborted at ./ibcli.pl line 78.
This was with Perl 5.8.8 on CentOS 5.7 x64, unfortunately it seems this is a known issue with the version of LWP::UserAgent that is currently being distributed via the CentOS repository.
I was able to spin up a new CentOS 6.0 x86 server which was running Perl 5.10.1 and didn’t experience this problem.
The installation was pretty straight forward (except for the issue above) but the API reference manual does a very thorough job of detailing all the possible installation methods on both Windows and Unix/Linux. I just opened a browser to one of the Infoblox appliances and downloaded the Perl modules.
https://10.1.1.1/api/dist/CPAN/authors/id/INFOBLOX/
Just replace the IP address of 10.1.1. with the IP address of your Infoblox appliance. I’m not sure why Infoblox hides their manuals behind their support portal, I just don’t understand why companies do that. You can find the manual right here, Infoblox_API_Documentation_6.1.0.pdf.
Cheers!
Linode VPS Hosting
0October 31, 2011
by Michael McNamara in Blog
I’m home sick today with a nasty sinus infection, so I thought I would make a quick post about Linode. Last week (maybe two weeks ago now) I decided to give Linode a test drive by signing up for a Linode VPS 512. The increase in traffic to this site and the discussion forums has been significant enough over the past 6 months that I’ve been trying to stay ahead of the curve rather than falling behind (I personally hate a slow site). I’ve been coming up against my 40GB/monthly transfer limits with RIMU hosting even after setting up a CDN so I went looking for alternatives and found Linode.
I ran some quick and dirty benchmarks using Unixbench (1 parallel test) and here’s what I found;
| No | Guest Operating System | Architecture | CPU | Description | Results |
| 1 | CentOS 5.7 | x86 | 1 x Intel(R) Xeon(R) CPU E5540 @ 2.53GHz | VMware ESX 4.1 HP BL490c G6 | 1010 |
| 2 | CentOS 5.7 | x64 | 2 x Intel(R) Xeon(R) CPU 5160 @ 3.00GHz | HP DL360 G5 | 935 |
| 3 | CentOS 5.7 | x64 | 4 x Intel(R) Xeon(R) CPU E5540 @ 2.53GHz | HP BL460c G6 | 1005 |
| 4 | CentOS 5.7 | x86 | 2 x Intel(R) Xeon(TM) CPU @ 2.80GHz | IBM x345 Series | 387 |
| 5 | CentOS 5.7 | x86 | 1 x Intel(R) Xeon(R) CPU E5506 @ 2.13GHz | RIMU Hosting – XEN 1vCPU | 290 |
| 6 | CentOS 6.0 | x86 | 4 x Intel(R) Xeon(R) CPU L5520 @ 2.27GHz | Linode Hosting – XEN 4vCPU | 495 |
Note: I currently use the IBM x345 Series server as my test and development server so I don’t have to worry about destroying my live production server.
A number of the servers above are virtualized with either VMware or XEN and some are physical. I’ve provided some comparison data in servers 1-4, the two of interest are 5 and 6.
You can see from the numbers that the Linode server beat out the RIMU server by quite a margin. I also chose to have the Linode server placed in their Newark, NJ data center which is geographically closer to me in Pennsylvania than the Dallas, TX data center that my current VPS resides in. With that location change I noticed a big delta in the RTTs to/from the two locations. From my Verizon FiOS home broadband I get around 50ms to the Dallas, TX data center while I’m getting around 20ms to the Newark, NJ data center.
There are other pros and cons between RIMU and Linode which I won’t completely go into here but in my specific example it was the storage and transfer bandwidth that caused me to look elsewhere. I have nothing bad to say about RIMU, they’ve given me more than 18 months of great service.
Last week I moved the blog (that’s this site) to the Linode VPS and it seems to be running great. If everything continues to run smoothly I’ll migrate the discussion forums and remaining sites over to Linode and cancel my RIMU account over the next two weeks.
Have you noticed the speed increase or any other issues with this site?
Cheers!
