Setting up a GitHub action to push configurations to Batfish Enterprise
With up-to-date backup of production configurations in GitHub you can now take advantage of GitHub actions and trigger automated analysis of your configurations by Batfish Enterprise.
Before you set up your first GitHub action, there is some pre-work to be done:
- Setup a server and start the Batfish Enterprise service on it. Write down the DNS name and IP address of this server, you will need it later.
- Create a GitHub secret in your repository named BFE_SSL_CERTIFICATE and set it to be the base64 encoded string output of the CA PEM file used on the Batfish Enterprise server.
NOTE: Run base64 -i yourCA.pem and copy the output into the BFE_SSL_CERTIFICATE secret. Replace yourCA.pem with the certificate authority (CA) PEM file installed on the Batfish Enterprise server.
Now you are ready to set up a GitHub action in your repository where your configurations are stored. Detailed instructions on how to setup a workflow can be found here. The instructions below will get you started:
- In the local clone of your configuration archive GitHub repository, create the directories: .github and .github/workflows
- Create a file named batfish_upload.yml in .github/workflows with the contents shown below. Set server_name and server_ip to the hostname and IP address of the Batfish Enterprise server.
on: push: branches: [ master ] jobs: build: runs-on: ubuntu-18.04 steps: - name: Checkout this repo uses: actions/checkout@v2 with: path: main #to reference files from this repo, the filepath to use will be $GITHUB_WORKSPACE/main # Modify this step so that your snapshot directory is organized in the way described at # https://batfish.readthedocs.io/en/latest/notebooks/interacting.html#Packaging-snapshot-data - name: Create snapshot directory required for Batfish run: | mkdir -p $GITHUB_WORKSPACE/tmp/configs mkdir -p $GITHUB_WORKSPACE/tmp/batfish cp $GITHUB_WORKSPACE/main/*.cfg $GITHUB_WORKSPACE/tmp/configs/ cp $GITHUB_WORKSPACE/main/batfish/* $GITHUB_WORKSPACE/tmp/batfish/ echo "::set-output name=snapshot_dir::$GITHUB_WORKSPACE/tmp/" id: prepare_snapshot - name: Create snapshot artifact uses: actions/upload-artifact@v2 with: name: batfish_snapshot path: ${{ steps.prepare_snapshot.outputs.snapshot_dir }} - name: Upload new snapshot to Batfish Enterprise server uses: saparikh/bfe-upload@v1.0 with: server_name: your.batfishenterprise.server.name #DNS name for your Batfish Enterprise server server_ip: your.batfishenterprise.server.ip #IP address of your Batfish Enterprise server snapshot_folder: ${{ steps.prepare_snapshot.outputs.snapshot_dir }} network_name: YOUR-NETWORK #Name of your network snapshot_name: ${{ github.sha }} #This should be a unique value per commit. You can use a combination \ of the branch name and timestamp if you don’t want to use the commit id ssl_certificate: ${{ secrets.BFE_SSL_CERTIFICATE }} #Github secret containing base64 encoded CA file id: upload_snapshot - name: Retrieve outputs from BFE upload action run: | echo ${{ steps.upload_snapshot.outputs.status }} echo ${{ steps.upload_snapshot.outputs.url }} |
- Commit this file and push to the repository
git add .github git commit -am “intial commit of github action that will upload configs to Batfish Enterprise” git push |
That’s it. You now have a GitHub action that will upload configurations to Batfish Enterprise every time the repository is updated. Navigate to the Batfish Enterprise dashboard to see the topology and interact with the snapshot.