-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Move daemon and plugin code into subdirectories Add documentation
- Loading branch information
Showing
20 changed files
with
303 additions
and
44 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,54 @@ | ||
| Building the Infoblox IPAM Driver | ||
| ================================= | ||
|
|
||
| Prerequisite | ||
| ------------ | ||
| 1. golang development environment is installed (https://golang.org/doc/install) | ||
|
|
||
|
|
||
| Install Dependency | ||
| ------------------ | ||
| The driver primarily depends on ```github.com/containernetworking/cni``` and | ||
| ```github.com/infobloxopen/infoblox-go-client```. They can be installed using the following commands: | ||
|
|
||
| ``` | ||
| go get github.com/containernetworking/cni | ||
| go get github.com/infobloxopen/infoblox-go-client | ||
| ``` | ||
|
|
||
| ```infoblox-go-client``` is used by the IPAM Daemon to interact with Infoblox. | ||
|
|
||
| Build Executable | ||
| ---------------- | ||
| A Makefile is provided for automating the build process. The default target ```all``` builds the following binaries: | ||
|
|
||
| - infoblox-plugin: | ||
| This is the plugin executable. This is typlically deployed in ```/usr/lib/rkt/plugins/net```, and has to be renamed | ||
| to match the plugin type, typically ``infoblox``, specified in network configuration. | ||
| - infoblox-cni-daemon: | ||
| This is the IPAM daemon executable. | ||
|
|
||
| The Makefile also includes the following targets: | ||
|
|
||
| - docker-image: | ||
| Builds docker image ```infoblox-cni-daemon``` | ||
| - aci-image: | ||
| Builds ACI image ```infoblox-cni-daemon.aci``` | ||
| - images: | ||
| Builds both docker-image and aci-image | ||
|
|
||
|
|
||
| Push Container Image to Docker Hub | ||
| ---------------------------------- | ||
| The Makefile includes a build target to push the ```infoblox-cni-daemon``` container image to your Docker Hub. | ||
| To do that, you need to first setup the following environment variable: | ||
|
|
||
| ``` | ||
| export DOCKERHUB_ID="your-docker-hub-id" | ||
| ``` | ||
| You can then use the following command to push the "ipam-driver" image to your Docker Hub: | ||
|
|
||
| ``` | ||
| make push | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| Configuration Guide | ||
| =================== | ||
| This document describes how to configure vNIOS and the IPAM driver. | ||
|
|
||
| Introduction | ||
| ------------ | ||
| vNIOS is the Infoblox virtual appliance that you can download from the Infoblox Download Center: | ||
|
|
||
| - Point your browser to https://www.infoblox.com/infoblox-download-center | ||
| - Scroll down to the section "Network Service(DNS, DHCP, IPAM)" | ||
| - The product to download is "Infoblox DDI (DNS, DHCP, IPAM)". Click "Try it Now" | ||
| - This will take you through a brief registration screen. | ||
| - After registration is complete you will receive an email which includes a link that takes you to the "Product Evaluation Portal". | ||
|
|
||
| Setting up vNIOS | ||
| ---------------- | ||
| Once you're in the "Product Evaluation Portal", you can find download links as well as instructional videos. It is | ||
| strongly recommended that you download the VMware version of the product as VMware is the platform on which the videos | ||
| are based. | ||
|
|
||
| - Under section "Required Downloads", download "Infoblox DDI" for VMware. | ||
| - After download is complete, scroll down to section "Setup and Installation Videos" | ||
| - Follow the video instruction: "Video 1: Infoblox Cloud Network Automation Installation and Setup" | ||
| - Follow the video to completion, as the instruction to activate vNIOS "Cloud Network Automation" feature is in the later part of the video. (You can however skip over section on configuring DHCP and DNS, as well as section on "vRealization Orchestrator". | ||
|
|
||
| The following additional steps are required: | ||
| - You need to give cloud-api admin user permission to create and modify DNS Views. Instructions on how to add permission to "cloud-api-only" group is included in the video. Follow the same instructions to add "All DNS Views" permission under the "DNS Permissions" Permssion Type. | ||
|
|
||
| Manual Configuration of Cloud Extensible Attributes | ||
| --------------------------------------------------- | ||
| If the "Cloud Network Automation" licensed feature is not activiated, the following Cloud Extensible Attributes must | ||
| be manually defined in Infoblox: | ||
|
|
||
| - ```Cloud API Owned``` - Type: List; Values: True, False | ||
|
|
||
| - ```CMP Type``` - Type: String | ||
|
|
||
| - ```Tenant ID``` - Type: String | ||
|
|
||
| - ```Network Name``` - Type: String | ||
|
|
||
| The User Interface to add Extensible Attribute definitions can be found under the main tab "Administration" and under the | ||
| sub-tab "Extensible Attributes". | ||
|
|
||
|
|
||
| IPAM Driver Configuration | ||
| ------------------------- | ||
| Based on the vNIOS configuration, update the following driver configuration: | ||
| - Set grid-host to the management IP address of vNIOS | ||
| - Set WAPI username and password to that for the Cloud Admin user on vNIOS. | ||
|
|
||
| These configurations can be applied by editing the example shell scripts such as "run-daemon.sh". | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| FROM ubuntu | ||
|
|
||
| ADD infoblox-daemon /usr/local/bin/infoblox-daemon | ||
| ADD infoblox-cni-daemon /usr/local/bin/infoblox-cni-daemon | ||
|
|
||
|
|
||
| ENTRYPOINT ["/usr/local/bin/infoblox-daemon"] | ||
| ENTRYPOINT ["/usr/local/bin/infoblox-cni-daemon"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,2 +1,142 @@ | ||
| # cni-infoblox | ||
| CNI Infoblox Code | ||
| CNI IPAM Driver | ||
| =============== | ||
|
|
||
| Infoblox IPAM Driver for CNI | ||
| ---------------------------- | ||
|
|
||
| cni-infoblox is an IPAM driver for CNI that interfaces with Infoblox to provide IP Address Management | ||
| service. CNI is the generic plugin-based networking layer for supporting container runtime environments, | ||
| of which rkt is one. | ||
|
|
||
| For a detailed description of the driver, including a step by step deployment example, refer to the | ||
| "CNI Networking and IPAM" community blog on the Infolox website: | ||
| https://community.infoblox.com/t5/Community-Blog/CNI-Networking-and-IPAM/ba-p/7828 | ||
|
|
||
| Prerequisite | ||
| ------------ | ||
| To use the plugin, you need access to the Infoblox DDI product. For evaluation purposes, you can download a | ||
| virtual version of the product from the Infoblox Download Center (https://www.infoblox.com/infoblox-download-center) | ||
| Alternatively, if you are an existing Infoblox customer, you can download it from the support site. | ||
|
|
||
| Refer to CONFIG.md for details on vNIOS configuration. | ||
|
|
||
| Build | ||
| ----- | ||
| For dependencies and build instructions, refer to ```BUILD.md```. | ||
|
|
||
| CNI Configuration | ||
| ----------------- | ||
| This section concerns only with CNI network configuration as it relates to the Infoblox IPAM Driver. | ||
| For details on CNI configuration in general, refer to https://github.com/containernetworking/cni/blob/master/README.md | ||
|
|
||
| To instruct CNI to execute the Infoblox IPAM plugin for a particular network, specify "infoblox" as the IPAM "type" | ||
| in the CNI network configuration file (netconf). CNI configuration files in a rkt environment is typically | ||
| localted in ```/etc/rkt/net.d``` | ||
|
|
||
| For example (/etc/rkt/net.d/10-net-1.conf): | ||
|
|
||
| ``` | ||
| { | ||
| "name": "net-1", | ||
| "ipam": { | ||
| "type": "infoblox", | ||
| "subnet": "172.18.1.0/24", | ||
| "gateway": "172.18.1.1", | ||
| "routes": [ | ||
| {"dst": "172.18.0.0/24"} | ||
| ], | ||
| "network-view": "priv-view" | ||
| } | ||
| } | ||
| ``` | ||
|
|
||
| The following are the IPAM attributes: | ||
| - "type": specifies the plugin type and is also the file name of the plugin executable. | ||
| - "subnet": specifies the CIDR to be used for the network. This is a well-known CNI attribute and is used by the driver. | ||
| - "gateway": specifies the gateway for the network. This is a well-known CNI attribute and is simply passed through to CNI. | ||
| - "routes": specifies the routes for the network. This is a well-known CNI attribute and is simply passed through to CNI. | ||
| - "network-view": specifies the Infoblox network view to use for this network. This is a Infoblox IPAM driver specific attribute. | ||
| Other Infoblox specific attributes that are not shown in the example configuration: | ||
| - "network-container" | ||
| - "prefix-length": Instead of specifying a "subnet", the driver can be instructed to allocate a network of prefix length (integer) from within a network container (CIDR). | ||
| - "socket-dir": specifies an alternate directory where the socket file to send IPAM Daemon request to is located. | ||
| The default is ```/run/cni```. | ||
|
|
||
| Infoblox IPAM Driver Configuration | ||
| ---------------------------------- | ||
| The Infoblox IPAM Driver is comprised of two components: | ||
| - Infoblox IPAM Plugin (infoblox): | ||
| This is the plugin executable specified as the IPAM type in the netconf. This is executed by CNI as a network | ||
| plugin and, by default in a rkt environment, is located in the ```/usr/lib/rkt/plugins/net``` directory. | ||
| - Infoblox IPAM Daemon (infoblox-cni-daemon): | ||
| This is the component that interfaces with Infoblox to perform the IPAM functions. This is typically deployed | ||
| as a container and run as a service. | ||
|
|
||
| Running the IPAM Daemon | ||
| ----------------------- | ||
| The IPAM Daemon accepts the following command line arguments, which specifies Infoblox Grid settings, IPAM Driver | ||
| settings and IPAM Policy settings respectively. Each one of the IPAM Policy settings is the fallback that take | ||
| effect when the same setting have not been specified in the network configuration file. | ||
|
|
||
| ``` | ||
| ## Infoblox Grid Settings ## | ||
| --grid-host string | ||
| IP of Infoblox Grid Host (default "192.168.124.200") | ||
| --wapi-port string | ||
| Infoblox WAPI Port (default "443") | ||
| --wapi-username string | ||
| Infoblox WAPI Username (default "") | ||
| --wapi-password string | ||
| Infoblox WAPI Password (default "") | ||
| --wapi-version string | ||
| Infoblox WAPI Version (default "2.0") | ||
| --ssl-verify string | ||
| Specifies whether (true/false) to verify server certificate. If a file path is specified, it is assumed to be a certificate file and will be used to verify server certificate. (default "false") | ||
| ## IPAM Driver Settings ## | ||
| --socket-dir string | ||
| Directory in which Infobox IPAM daemon socket is created (default "/run/cni") | ||
| --driver-name string | ||
| Name of the IPAM driver. This is the file name used to create Infoblox IPAM daemon socket, and has to match the name specified as IPAM type in the CNI configuration. (default "infoblox") | ||
| ## IPAM Policy Settings ## | ||
| --network-view string | ||
| Infoblox Network View (default "default") | ||
| --network-container string | ||
| Subnets will be allocated from this container if subnet is not specified in network config file (default "172.18.0.0/16") | ||
| --prefix-length integer | ||
| The CIDR prefix length when allocating a subnet from Network Container (default 24) | ||
| ``` | ||
|
|
||
| It is recommended that the Infoblox IPAM Daemon be run as a container. A docker image is availabe in Docker Hub | ||
| (infoblox/infoblox-cni-daemon). A skeleton shell script (run-rkt-daemon.sh) to run the docker image using rkt is | ||
| included. The shell script need to be executed with root permission. | ||
|
|
||
| Various ways to run the daemon include: | ||
| - run-rkt-daemon.sh: | ||
| Runs the infoblox-cni-daemon docker image under rkt | ||
| - run-docker-daemon.sh: | ||
| Runs the infoblox-cni-daemon docker image as a docker container. | ||
| - run-aci-daemon.sh: | ||
| Runs a infoblox-cni-daemon ACI image under rkt. | ||
| - run-daemon.sh: | ||
| Runs the infoblox-cni-daemon as a native exectuable. | ||
|
|
||
| Usage | ||
| ----- | ||
| For a detailed description of an example use of the Infoblox IPAM Daemon in multi host rkt deployment, refer to | ||
| https://community.infoblox.com/t5/Community-Blog/CNI-Networking-and-IPAM/ba-p/7828 | ||
|
|
||
| Before you can start using the driver, the Infobblox IPAM Daemon must be started using one of the methods | ||
| described in the section "Running the IPAM Daemon" above. | ||
|
|
||
| Assuming that you have deployed the example network configuration file (10-net-1.conf) shown in the | ||
| "CNI Configuration", which specifies the configuration for a network called "net-1", the following command starts a | ||
| rkt container attaching to the "net-1" network: | ||
|
|
||
| ``` | ||
| rkt run --interactive --net=net-1 quay.io/fermayo/ubuntu | ||
| ``` | ||
|
|
||
| When the container comes up, verify using the "ifconfig" command that IP has been successfully provisioned | ||
| from Infoblox. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,4 @@ | ||
| package main_test | ||
| package ibcni_test | ||
|
|
||
| import ( | ||
| . "github.com/onsi/ginkgo" | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| package main_test | ||
|
|
||
| import ( | ||
| . "github.com/onsi/ginkgo" | ||
| . "github.com/onsi/gomega" | ||
|
|
||
| "testing" | ||
| ) | ||
|
|
||
| func TestDaemon(t *testing.T) { | ||
| RegisterFailHandler(Fail) | ||
| RunSpecs(t, "Daemon Suite") | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.