Infoblox Exchange Cybersecurity Roadshow 2020 – Join us!
North America | Europe | Middle East/Africa | Asia-Pacific

API & Integration

Reply
Highlighted

Import dhcp.conf from API

[ Edited ]
Authority
Posts: 18
5131     0

Hi!

I successfully imported my ISC dhcp.conf configuration file using the import tool.

Now I am trying to script the import and I found the function 

Infoblox::Session->import_data()

The scripts runs successfully even though nothing seems to happen, no objects are created at all. Logs are reporting an access through the API and modification to two objects (DataUploadInit and SetMemberData). 

I could find any mean to debug this issue, any suggestion is welcome.

 

Here is an excerpt from my script:

my $status = $session->import_data(
  type => "dhcp_expert_mode_config",
  member => $member,
  path => $conf );


if ( !$status ) {
  print "Error: "
    . $session->status_code() . ": "
    . $session->status_detail() . "\n";
}

 

Best,

Marco

Re: Import dhcp.conf from API

Adviser
Posts: 86
5132     0

Hi Marco,

 

Congratulations on finding a "secret" API Smiley Happy DHCP expert mode should be used very carefully, typically under Infoblox support supervision. May I ask - what are you trying to do via your dhcpd.conf file? The reason why I ask is because, AFAIK, you cannot add subnets/networks via this method (amongst other things). This mode is mostly used to specify complex classes, conditional check/reply options, etc...  I can't recall the complete list of supported/unsupported imports.

 

Furthermore, in order for the API upload to work, you need to mark up your dhcpd.conf file with markers specifying the start and end of the code fragments you wish NIOS to process. 

 

For example:

 

##expert_mode_config start global
##expert_mode_config stop

 

Lastly, I believe you also need to turn on expert mode in the first place before the upload works, otherwise the API will dump the file. To validate whether it has worked, simply re-generate the dhcpd.conf file again and view your changes.

 

I suggest you contact Infoblox support to get some official help. Good luck!

 

regards,

Jasper

Re: Import dhcp.conf from API

Authority
Posts: 18
5132     0

Hello Jasper,

thanks for your reply.

 

I will briefly give you a bit of context. We are in the process of migrating to Infoblox. We have already setup a testing environment and we are configuring it. The configuration process is complex and time consuming and the migration is critical as the unavailability of DNS and/or DHCP could lead to major service downtimes. The final goal then is to reduce risks and perform a smooth transition (no big bang). Among other countermeasures we are implementing, like tests, we decided to avoid manual configurations and tasks like importing DHCP configuration using the DIW importer as they are slow and error prone.

 

For example I leveraged the APIs to import the DNS zone using AXFR, in this way I will be able to quickly erase and load DNS zones and data to Infoblox. This is key to align the new Infoblox infrastructure with the old systems that are still being used and modified and bring them online at the same time to run canary tests in production. As writing scripts to setup everything is time consuming and we do not have enough time we have decided to script only data import and leave general configurations to console and use a backup/import from the test environment. The best would be to specify configuration in declarative statements and plain files (YAML, JSON, XML, ...) so we can do staging and versioning. In the end we would like to use a configuration management tool (puppet, chef, ansible, ...), maybe I write a letter to Santa Smiley Wink

 

Best,

Marco

Re: Import dhcp.conf from API

GHorne Community Manager
Community Manager
Posts: 248
5132     0

If you are looking for a seamless migration, you really should consult with the Infoblox Professional services. They have the necessary experience in this area to avoid these issues. Doing it yourself will eventually work, but results in a lot of re-inventing of the wheel.

 

using AXFR to import a zone is the wrong way to do this. This results in dangling CNAMES, TTLS hardcoded on rrsets and the creation of A/PTR records whre you should have created HOSTS and vice-versa.

 

Yes, the DIW can be hard to navigate, but it is designed to assist with this nuances, and really will get you a better cleaner dataset at then end of the day (garbage in = garbage out). CSV import is also a way to tune changes.

 

You shouldn't have to erase the load the zones if you do things correctly, there are other ways to minimise the outage time. E.g if you don't restart services on a  member you can erase the zone and it will continue the serve the non-erased data even after you've pushed the new version of the zone. Again this is the kind of thing a PS consultant will tell you.

 

Staging, provisioninig and all the puppet level stuff can also be done, you just have to step back a bit and examine the overall process and how it can be controlled.

 

Re: Import dhcp.conf from API

[ Edited ]
Authority
Posts: 18
5132     0

Thanks,

I honestly appreciate your feedback.

 

The scripts I have coded take care of CNAMEs, TTLs and make some cleanups creating hosts. Anyway we will get in touch with professional services once we get our the appliances.

 

As you mentioned garbage in = garbage out, that's why I need automation, I need to make some housekeeping and we are doing it using automated imports and tests, I can't just delete data. That allowed us to spot inconsistent data and develop a better knowledge of our systems. I could not find any better way to do this to be sure the systems behave in the very same way.

 

Also, I don't mind deleting a zone, it is not production and I can update data even without deleting the zone but starting from scratch and doing the process over and over again helps us in spotting errors. We are more confident in the process.

 

Regarding staging and versioning honestly I do not know out to start off with that. It easy feasible but coding the puppet modules, types and providers without any prepared artifact or support is too time consuming.

Re: Import dhcp.conf from API

Adviser
Posts: 86
5132     0

I second what Geoff has mentioned - I think from what you have described it sounds like you need some help from PS. They will be able to stage your migrations with minimal risk.

 

There are many ways to do this, it's just a matter of finding out the best way of doing it based on your objectives. This discussion would be too detailed and lengthy for this forum IMHO.

 

Re: Import dhcp.conf from API

Authority
Posts: 27
5132     0

We migrated from QIP to Infoblox in 2008 and I did the import myself with a lot of help and advice from Professional Services and support. I used the Data Import Wizard extensively and followed it up with a quite a bit of manipulation using the Perl API, running through this many times until I got a good match on the test grid.

 

I think it cost me a great deal more time than it would have taken if I'd been willing to actually pay for help but it did give me an opportunity to really understand how the Infoblox worked and to learn well how to use the API.  I think if you can afford the time and really focus on learning to use the Infoblox well, you'll be amply rewarded in the long term, but the Professional Services team really does have a tremendous amount of expertise that is well worth the cost and they are very good at helping to bring you up to speed on what the Infoblox can do for you.

Showing results for 
Search instead for 
Do you mean 

Recommended for You