Eyeglass Solution InfoBlox DNS Automation

Eyeglass Solution InfoBlox DNS Automation 


Eyeglass Solution InfoBlox DNS Automation


Eyeglass will be introducing post script execution environment for running various automations post failover jobs being executed.  

One key use case is Smartconnect zone CNAME updates after Access Zone Failover with Eyeglass.  The smartconnect zone delegations use CNAME’s in DNS and the CNAME switches from production cluster A record to the DR cluster A record.   This can be accomplished with customers that have a DNS platform that supports scriptable API for automating DNS updates.


The Infoblox solution supports a REST API that allows updates to DNS that can be scripted using CURL and WAPI from Infoblox.  A good document on REST API syntax can be found here.

The diagram below  shows how Eyeglass pre-determines the Smartconnect zone failover mappings between subnets and ip pools.  This is used for the basis of DNS automation failover on post script execution.

Eyeglass1 .png

Infoblox API can use curl to update the CNAME of each smartconnect zone that is failed over in an Access Zone failover (or runbookrobot failover automation).

This diagram below shows the use case and high level steps that would be executed and example access zone failover switch of a CNAME to the DR cluster A record for the Smartconnect Service IP.

Eyeglass-2.png


Here is an example CURL command with syntax

note: for updates to existing objects in InfoBlox the _ref handle must be retrieved first to reference the object to apply an update.

This was done using the CURL command of the existing CNAME that was used to delegate the smartconnect zone to the Isilon cluster.


Get CNAME entry _ref object handle


In order to update existing objects in Infoblox, a handle or reference is required. The command below retrieves existing object _ref strings for use in DNS automation scripts

some details on the flags

  1. -H sets content in the CURL command to match API requirement of json

  2. -u userid:password (created as cloud-api-only group member) administrator user with permissions to issue DNS updates.  See setup details below

    1. Screen Shot 2015-10-19 at 7.22.37 PM.png

    2. Screen Shot 2015-10-19 at 7.23.00 PM.png

    3. Screen Shot 2015-10-19 at 7.23.26 PM.png

Group/Role

Permission Type

Resource

Resource Type

Permission

cloud-api-only

[DNS]

All A Records

A record

RW

cloud-api-only

[DNS]

All AAAA Records

AAAA record

RW

cloud-api-only

[DNS]

All Bulk Hosts

Bulk host

RW

cloud-api-only

[DNS]

All CNAME Records

CNAME record

RW

cloud-api-only

[DNS]

All DNAME Records

DNAME record

RW

cloud-api-only

[DNS]

Grid DNS Properties

Grid DNS Properties

RW

cloud-api-only

[DNS, DHCP, IPAM]

All Hosts

Host

RW

cloud-api-only

[DHCP, DNS, IPAM]

All IPv4 Host Addresses

IPv4 Host address

RW

cloud-api-only

[DHCP, DNS, IPAM]

All IPv6 Host Addresses

IPv6 Host address

RW

cloud-api-only

[DNS]

All Naptr Records

NAPTR record

RW

cloud-api-only

[DHCP, IPAM]

All IPv4 Networks

IPv4 Network

RW

cloud-api-only

[DHCP, IPAM]

All Network Views

Network view

RW

cloud-api-only

[CLOUD]

All Tenants

Tenant

RW

cloud-api-only

[DNS]

All TXT Records

TXT record

RW

cloud-api-only

[DNS]

All DNS Views

DNS View

RW

cloud-api-only

[DNS]

All Zones

Zone

RW

curl -H "Content-Type: application/json" -k1 -u 'api:password!' -X GET https://172.31.1.16/wapi/v2.0/record:cname?name=ssip.test.local


This command returns the following:

  { "_ref": "record:cname/ZG5zLmJpbmRfY25hbWUkLl9kZWZhdWx0LmxvY2FsLnRlc3Quc3NpcA:ssip.test.local/default",   (object handle to use for future updates to the CNAME to A record points used to update on failover)

       "canonical": "host.test.local",      (current A record points to production Isilon cluster)

       "name": "ssip.test.local",    (CNAME used to set delegation NS records to the Isilon smartconnect zone not shown)

       "view": "default"}   (DNS view in Infoblox to reference, installation default name)


Update CNAME on Failover post execution script with Eyeglass CURL example


See the record:cname… matches the value from the previous step to create this one line CURL update that will update the CNAME to a new value on failover.

This is example only and failback logic is not shown here for this example


curl -H "Content-Type: application/json" -k1 -u 'api:password' -X PUT https://172.31.1.16/wapi/v2.0/record:cname/ZG5zLmJpbmRfY25hbWUkLl9kZWZhdWx0LmxvY2FsLnRlc3Quc3NpcA:ssip.test.local/default -d '{ "canonical" :"host12.test.local"}'

Putting it all together

The above one line script would be called post Access Zone failover in Eyeglass and would be the last step executed after Smartconnect zone aliases are created on the target cluster.

Once the above script executes NEW DNS mounts will resolve to the target cluster AND the target cluster will answer the DNS query since the Smartconnect alias has been created.

NOTE: Future solution brief to cover host side unmount and remount automation example.

This solution applies to SMB and NFS failover with Eyeglass Access Zone Failover which handles key steps for SMB (SPN updates, Smartconnect zone updates, configuration sync, and SyncIQ policy management during failover)


DNS Records are updated by selecting an existing DR A record for the Smartconnect zone


Screen Shot 2015-10-19 at 7.33.47 PM.png




Comments