Dynamic compliance & remediation in Golden Configurations

Add-on product: Configuration Manager extends Itential Platform with configuration compliance and validation capabilities. It requires Itential Platform as a prerequisite. View platform overview

Golden Configurations are frequently managed through the UI for many operations; however, it was important that Itential extend this functionality to Studio (formerly Automation Studio) via exposed tasks as well. Previously, it was difficult to dynamically design Golden Configurations through tasks and APIs, but with two new APIs it has now become straightforward. With that being said, the following tasks have been implemented.

updateNodeConfig

The updateNodeConfig task allows you to easily update the configuration of a node in a Golden Configuration tree.

Property	Description
`treeId`	ID of the Golden Config tree
`treeVersion`	Version of the Golden Config tree
`nodePath`	Path of the node to modify in the configuration
`data`	A JSON object that must contain a template (string) and a variables (json) key
`updateVariables`	Determines whether or not to use the input variables from the data parameter to update the Golden Config tree variables (if false, these variables will be ignored after runtime)

Example

1 {
2   "treeId": "60ad5b4948555dc621052bd0",
3   "treeVersion": "initial",
4   "nodePath": "base/US-West",
5   "data": {
6       "template": "ntp server {{ntp_ip}}",
7       "variables": {
8           "ntp_ip": "192.15.32.146"
9       }
10   },
11   "updateVariables": false
12 }

convertChangesToConfig

The convertChangesToConfig task displays the remediation payload as a native configuration to preview the config that would be sent to the device for application.

Property	Description
`deviceType`	Used for determining how to display the native config based on the OS type
`changes`	The changes object that is the result of the manual remediation task’s output (this is sent to AG or NSO for remediation)

Example

1 {
2   "deviceType": "cisco-ios",
3   "changes": [
4       {
5           "parents": [],
6           "old": null,
7           "new": "hostname IOS-Device1"
8       }
9   ]
10 }

Workflow design

In order to do dynamic compliance and remediation, you can start by:

Creating a Golden Config tree
Updating the base node with a new configuration
Adding devices to that node
Running compliance on that node
Fetching and looping over each compliance report and remediating it
Deleting the GC Tree once all compliance/remediation is done

You can reference the following automation to review the tasks that might be required to complete the dynamic compliance/remediation process. One primary difference would be that the updateNodeConfig would have dynamic information being passed in for the configuration parameter.