First steps with Infoblox

Infoblox produces some appliances that do DNS/DHCP management, full network IPAM management and so on. Since I needed to so some usage of their APIs I've had to set up an infoblox appliance and here I'm jotting down some of the steps I took for easier reference.

The overall steps are:

  • Download the appliance from www.infoblox.com
  • Deploy on your favourite virtualization system, ej KVM.
  • Start the VM, and ensure the cpu and memory prerequisites are set.

If you use Vmware/vCloud and the OVA you'll probably have most network and password details prompted upon when deploying the appliance so in that regard is a bit more straight forward to deploy.

Once your VM is started, you can log in with :

user: admin
pass: infoblox

The first step is configure the network, which can be done with:

Infoblox > set network
Enter IPv4 address [Default: 172.16.16.102]: 
Enter netmask [Default: 255.255.255.0]: 
Enter gateway address [Default: 172.16.16.1]: 
NOTICE: Additional IPv6 interface can be configured only via GUI.
Become grid member? (y or n): n

 New Network Settings:
  IPv4 address:         172.16.16.102
  IPv4 Netmask:         255.255.255.0
  IPv4 Gateway address: 172.16.16.1

        Is this correct? (y or n): y

And now the most confusing thing for new starters is getting your licenses right. If you're using an evaluation license, you don't need to register in the infoblox website, but rather have the appliance generate some 60-day evaluation licenses.

You'll need more than one. They can be checked as below :

Infoblox > show license all
Public IP       License Type                Kind      Exp Date   Replaced Hardware ID             License String

To generate the evaluation licenses:

Infoblox > set temp_license

  1. DNSone (DNS, DHCP)
  2. DNSone with Grid (DNS, DHCP, Grid)
  3. Network Services for Voice (DHCP, Grid)
  4. Add DNS Server license
  5. Add DHCP Server license
  6. Add Grid license
  7. Add Microsoft management license
  8. Add vNIOS license
  9. Add Multi-Grid Management license
 10. Add Query Redirection license
 11. Add Response Policy Zones license
 12. Add FireEye license
 13. Add DNS Traffic Control license
 14. Add Cloud Network Automation license
 15. Add Security Ecosystem license
 16. Add Flex Grid Activation license

Select license (1-16) or q to quit: 1

This action will generate a temporary 60-day DNSone license.
Are you sure you want to do this? (y or n): y
DNS temporary license installed.
DHCP temporary license installed.

Temporary license is installed.


The UI needs to be restarted in order to reflect license changes.
Restart UI now, this will log out all UI users? (y or n):y

You will need to repeat this process a bunch of times until all required licenses are in place. As a guideline, this are the licneses I needed to build a working appliance :

Infoblox > show license
Version         : 8.1.2-356916
Hardware ID     : 42140354685089f1cdccff04ff9cec5d

License Type    : DNS
Expiration Date : 11/27/2017
License String  : EwAAAEdPGOmqWmv1aFgZbs+JuxsU6WM=

License Type    : DHCP
Expiration Date : 11/27/2017
License String  : FAAAAEdJCOXkWyS7bRNXbM6P8ARA7mYv

License Type    : vNIOS (model IB-VM-820)
Expiration Date : 11/27/2017
License String  : GgAAAFVPAvrrFSX0IxYcIsyO9k8K7nUvmR1TaVew

vNIOS: CPU cores detected: 2 - [License allows: 2]
vNIOS: System memory detected: 4096MB - [License allows: 7168MB]

License Type    : Grid
Expiration Date : 11/27/2017
License String  : GgAAAEZPH/DqGWWuLEFXbM3C9U8K7WEsnEUFal64

Only once your subscriptions are properly attached your web interface will become available under https://your.appliance.ip .

For the Cisco-oriented people, the appliance CLI is somewhat similar to some Cisco devices. Is specially useful the show tech-support command that will show all low-level configuration and status.

Happy hacking!

Configuring an iscsi volume for RHV usage

This is a cheatsheet to quickly configure storage and export it as an iSCSI volume using RHEL7 targetcli and have it configured under RHV. This is by no means a production configuration as your RHEL7 system might become a single point of failure, but it convers nicely building a home lab or test environment.

Just for clarity, a quick reminder of iSCSI concepts:

  • An iSCSI target provides some storage (here called server),
  • An iSCSI initiator uses this available storage (here called client).

Prerequisites

Configure server's storage

You can configure several types of backends, and for me the most versatile is using LVM's Logical Volumes. You'll need to create your volumes in advance, for example:

lvcreate yourVG -n yourLV1 -L 50G

Install software

Install the targetcli RPM:

yum install -y targetcli

Enable the target daemon (NOT targetd)

systemctl enable --now target.service

Gather RHV configuration

You'll need to gather the following information from RHV:

  • IQN (iSCSI identifier)

Configure and enable iSCSI

targetcli provides a very simple way to create iscsi targets once you understand how it works. Namely what needs to be done is:

  • Add your backend devices. This is where you add into targetcli's control the LVM devices created in previous steps
  • Create an IQN target. This is a collection of luns shared to the same system(s) under the same group. It is used later to apply ACLs so only certain hosts can use certain LUNs.
  • Add LUNs into your IQN target. After creating your IQN target, you need to add the backstore devices so they're shared via iSCSI.
  • Add ACLs into your IQN target. Unless configured otherwise, LUNs are not visible to systems unless they're added into the right ACL.

Here is a dump on how all this can be accomplished with targetcli:

Add storage into RHV

foo