Infoblox, VMware, vRA

vRealize Automation integration with Infoblox (WAPI)

July 2, 2018

This is a guide to configuring vRealize Automation with Infoblox without using the Cloud License and connecting using WAPI. This guide is subject to change.

Things Needed:
1. An instance of vRealize Automation
2. The ability to connect to vRA’s vRO (Orchestrator)
3. Download/Install of Test Infoblox Appliance

I will first start with the installation and configuration of the Infoblox Appliance. There are two things you need to do first that I will not walk through.

1. Download the Infoblox Trial Appliance (http://info.infoblox.com/resources-evaluations-ddi-eval)
2. Deploy the appliance to vCenter

Once those tasks are complete we can start the configuration of the Infoblox Appliance.

1. Login to the appliance via the console (default: admin/infoblox) [You might have set a password on initial install]
2. Run set temp_license 8 (Adds vNIOS license – will reboot)
3. Once back up login in again and run: set temp_license 2 (DNS Zone with Grid)
4. Login via the Web GUI and accept the license
5. Walk-through the wizard (Configure Grid Master)

Under GRID -> GRID Manager
1. Start DNS Service
2. Start NTP Service
3. Create Self Signed SSL Certificate that matches FQDN of appliance

Under DATA MANAGEMENT -> IPAM
1. Create a network range (i.e. 10.1.20.0/24) (Auto Create Reverse)

Under DATA MANAGEMENT -> DNS
1. Create however many authoritative zones you need

In vREALIZE ORCHESTRATOR CONTROL CENTER
(Note: You may need to run “/etc/init.d/vco-configurator start” to enable this)
1. Import the certificate you created from Infoblox
2. Install the Infoblox Plugin (.dar file)
3. Restart Services (service vco-server restart and service vco-configurator restart)

INSTALL THE INFOBLOX IPAM PLUGIN FROM ORCHESTRATOR
1. Add IAAS Host If Needed ( Library > vRealize Automation > Infrastructure Administration > Configuration > Add an IaaS Host)
2. Run Infoblox Setup Wizard ( Library -> Infoblox -> vRA -> Installation -> Setup Wizard)

IN vREALIZE AUTOMATION – CREATE IPAM ENDPOINT
1. You will now have an IPAM > INFOBLOX option under Infrastructure > EndPoints

ADD THE EXTENSIBLE ATTRIBUTES NEEDED TO INFOBLOX
• VMware NIC index (integer)
• VMware resource ID (string)
• VMware On-Demand Network (string)
• VMware Network Profile ID (string)
• VMware External Network Profile ID (string)
• VMware External Range ID (string)
• VMware Request ID (string)
• VMware Blueprint Request ID (string)

To create the required EA’s:
1. Navigate to Administration -> Extensible Attributes in your Infoblox Grid Manager GUI.

Reloading Extensible Attributes
The extensible attributes from NIOS are cached in the Infoblox IPAM Plug-in. Therefore, if an extensible attribute is
added, changed, or deleted in NIOS, you need to reload your extensible attributes in the Infoblox IPAM Plug-in for the
changes to apply.
To reload extensible attributes:
1. In the vCO client, click the Inventory tab.
2. Click to expand Infoblox IPAM –> IP address of the NIOS appliance –> Extensible Attributes.
3. Right-click Extensible Attributes and select Reload or press the F5 hot key.

SETTING UP LEAST PRIVILEGE PERMISSIONS IN INFOBLOX FOR WAPI

I created a new group called vRA-Group and added an account called “vrealize” Under the vRA-group Settings under “Roles” make sure allowed interfaces is set to API only.

Listed below is the permissions I have allowed now for this user account to be able to update two different IP ranges (10.1.108.0/24, 10.1.20.0/24), and two authoritative DNS zones (ad.beyondunix.local, vrealize.beyondunix.local).

vRA-group
DHCP Permissions/IPAM Permissions
10.1.108.0/24
IPv4 Network
RW

vRA-group
DHCP Permissions/IPAM Permissions
10.1.20.0/24
IPv4 Network
RW

vRA-group
DNS Permissions
10.1.108.0/24
Zone
RW

vRA-group
DNS Permissions
10.1.20.0/24
Zone
RW

vRA-group
DNS Permissions
ad.beyondunix.local
Zone
RW

vRA-group
DNS Permissions
vrealize.beyondunix.local
Zone
RW

vRA-group
Grid Permissions
infoblox.ad.beyondunix.local
Member
RO

vRA-group
DHCP Permissions/IPAM Permissions
All Network Views
Network view
RO

You Might Also Like

No Comments

Leave a Reply