Documenting how to use miq-infoblox custom domain from Red Hat

I can’t find any guides or docs on how to use the Red Hat miq-infoblox custom domain found on GitHub to integrate MIQ with InfoBlox. So I’m starting this thread to solicit input and provide an answer to others searching for the same thing.

Note, this article from @jhardy from 2013 is the closest thing I can find to a guide, but it apparently predates the current miq-infoblox domain. But thanks to John for providing this starting point.

Backup your Automate Datastore code in case the following changes mess it up:
You should always do this before editing your code.

Install Prerequisites:
The miq-infoblox domain requires you first install miq-utilities, found here. The readme provides simple install instructions.

Install miq-infoblox:
Found here. Again the readme tells you what to do.

Unlock the RedHatConsulting_Infoblox Domain
You have to unlock the RedHatConsulting_Infoblox domain before you can edit it. Use the following from a rails console MiqAeDomain.where(:name => 'RedHatConsulting_Infoblox').update_attributes(:source => 'user')
FYI to lock the ManageIQ domain use the following from a rails console
MiqAeDomain.where(:name => 'RedHatConsulting_Infoblox').update_attributes(:source => 'system')

Configure the Infoblox > Configuration class:
Go to RedHatConsulting_Infoblox > Integration > Infoblox > Configuration class in the Automate Datastore. Add your username, password and server to the schema attributes.

Adjust the VM Provisioning State Machine:
Copy the OOTB Class ‘VMProvision_VM’ found at ManageIQ (Domain) > Cloud > VM > Provisioning > StateMachines > VMProvision_VM to a custom domain if it doesn’t already exist in one of your custom domains.

Add acquire_ip_address to the AcquireIPAddress state value
add /RedHatConsulting_Infoblox/Integration/Infoblox/Operations/Methods/acquire_ip_address here:

Save changes. I will edit/add to this post based on further research, testing, and feedback from others who feel inclined to provide it. Thanks!

1 Like

Hello Michael,

I have worked on CloudForms with Infoblox integration using Ansible Playbooks. As Ansible is super compatible with newer versions of CloudForms so I found it really simple and effective approach for Integration.

You can refer the playbooks here: https://github.com/cNeha/infoblox

This has been tested on CloudForms 4.7 and it works as expected.

Let me know if you need more information regarding the same, would be happy to help you.

Regards,
Neha Chugh

1 Like

Thank you @cNeha! What would the pros and cons be of using miq-infoblox vs using Ansible? I guess I’m assuming that direct integration from MIQ would be easier, but I’m open to another approach. Ansible was my first approach before learning of this domain from Red Hat.

Hello Michael,

Any approach would be fine as far as you are comfortable with. I chose Ansible as it is more compatible now with newer versions and due to syncrou-role which can be used to get/set attribute from one state to another state.

Ansible was introduced in Cloudforms 4.5 version, before that, miq-infoblox was the only solution to integrate with Infoblox using ruby scripts.

With the help of available ansible modules for Infoblox and syncrou roles, it is quite easy to work with Ansible playbooks and integrate cloudforms with Infoblox.

Both the approaches are equally good in terms of performance. So, you can choose any approach which suits your need.

If you want to opt for Ansible, would happy to assist you in achieving the same.

Regards,
Neha Chugh

Thank you @cNeha that is very generous of you. I will let you know if I explore the Ansible path and get stuck!

@cNeha do you use the embedded Ansible or Ansible Tower?

I think Neha used Embedded Ansible for this.

Thanks,
pemcg

Thank you @pemcg

I’m no longer able to edit my original post. I set out to share my learnings as I sorted out how to use the miq-infoblox domain. However, in the end I abandoned that solution in favor of Ansible Tower / AWX. I suggest anyone trying to sort out how to integrate MIQ with Infoblox do likewise, or also consider embedded ansible if that works for you.

Hi @michaelbutak, as a matter of interest did you use Neha’s playbooks that she referred to earlier, or did you find or create different ones? If different ones, are you able to share the repo here?

Thanks
pemcg

Hi @pemcg. Thank you for asking. A linux admin in our org who is very experienced with Ansible shared his infoblox playbook with me which requires very little tweaking to do just what I needed. I can’t share the repo as it’s on internal source control, but I can post the code here when I’m through with it. (I’m still working out how to properly integrate with MIQ. So far I’m successfully calling and running the job from my automate script, and I can pass variables to the playbook and print them. I am still figuring out how to catch any sort of response from Ansible (for starters, the next available IP Address) and then incorporate that into the provisioning process. It’s easy to insert my template-calling instance into the provisioning state machine under the Acquire IP Address state. But it seems like I should have to “turn off” something else, whatever was previously acquiring an IP address. And I don’t yet know what that something else is.)

So no, I didn’t use Neha’s playbooks. When she shared it I didn’t grasp the difference between embedded ansible and integrated Tower/AWX (bc I didn’t realize that AWX/Tower was optional add-on to Ansible). Since the contractors who set up our MIQ instance had used Tower integrations, I didn’t dig into her code too much, being under the impression that I should follow their pattern using tower. Now that I’m grasping how playbooks, roles, etc. are structured, I started peeking at her code. I’m drinking out of a fire hose as I’m simultaneously learning how to deploy big data services to Azure from python sdk scripts in GitLab Runner, and containerization in Azure. Oh and linux administration… and networking! Your resources have been SOOOOO helpful to me.

@cNeha, after all these months I have come full circle to embedded ansible. Peter M. just reminded me of your playbooks on the gitter.im channel. Thank you for sharing your playbooks. May I ask you some questions?

@cNeha,

I’m trying to run a modified verion of your next_ip playboook as a playbook method. Thanks to Nick La Muro and Peter McGowan, I learned that when embedded ansible runs, it creates a temporary dir (under /tmp) where it stores the playbook, host file, vault file, env files and even a stdout file for debugging.

For reference, here’s my modified version of your next_ip playbook:

---
- name: Get Next Available IP
  hosts: localhost
  connection: local
  vars_files: /vars/host.yaml
  tasks:
    - name: Invoking Get Next Available IP Playbook
      debug:
        msg: Get Next Avaialble IP Playbook invoked with 
    - name: Include infoblox_vault
      include_vars: 
        file: 'infoblox_vault_20201023_2.yml'
    - name: Get Next Available IP
      set_fact:
       ipaddr: "{{ lookup('nios_next_ip', '172.27.164.0/22', provider={'host': 'ddi-qa.net', 'username': vault_infoblox_username, 'password': vault_infoblox_password }) }}"
       #  ipaddr: "{{ lookup('nios_next_ip', '194.166.10.0/24', provider=nios_provider) }}"
      register: result
    - name: print result
      debug: 
        msg: Here is the ip address from ddi "{{ result.ansible_facts.ipaddr }}" 
    - name: Update task with new IP information
      manageiq_vmdb:
        href: "{{ manageiq.request_task }}"
        action: edit
        data:
          options:
            ip_addr: "{{ result.ansible_facts.ipaddr }}"
    - name: Log done with playbook
      debug:
        msg: All done running Get Next Available IP Playbook.

For some reason when I run this playbook, this temp dir doesn’t contain all the usual artifact files, in particular the stdout file so I can’t debug. Nick suggested that the Ansible runner is failing somewhere early in the process and suggested I try “executing the ansible-runner call, or if you can reproduce the ansible-runner start` command to determine if it failed early in some form.”

I interpreted this advice to mean to manually run ansible from in this temp dir. I’m trying to make that work. Perhaps you might spot my mistake?

I’ve tried quite a few different commands, here’s one:

ansible next_ip.yaml -h localhost -e "/tmp/ansible-runner20201104-5006-34zlme/env/@extravars" --become-method --vault-password-file "/tmp/ansible-runner20201104-5006-34zlme/@vault_password"

where

  • -e means EXTRA VARS (which contains variables passed from ruby to the playbook).
  • --become-method privilege escalation method to use (default=sudo)
  • --vault-password-file is a file containing the plain-text password which the playbook uses to decrypt a vault file referenced in the playbook.

When I run the command I get:

/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.py:44: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in a future release.
  from cryptography.exceptions import InvalidSignature

after that it spits out the help info (usage, option flags, etc)

I’ve googled the from cryptography.exceptions import InvalidSignature part which didn’t yield any insights. Perhaps you can spot my error?