blog oob mgmt infoblox

Quite often when you deploy virtualized Infoblox appliances in an enterprise VMware environment, you hand over the OVF/OVA file(s) to a VM Engineering group to complete the install.  Additionally, you find yourself giving them installation instructions because you are not granted VMware console access to your own devices. In this case, it is risky to the DDI engineering and operations team if you don't have out-of-band (OOB) serial terminal console access to all your deployed VMs. This article presents an easy to deploy solution to this problem, and the VMware Engineering and Operations teams don't have to grant any direct special access to your team by exposing the console to you. Instead these teams can configure serial console access to you by installing a virtualized serial port concentrator or vSPC. While there are commercial options from companies such as Avocet, I detail out how to perform this using a wonderful Python Open Source option, called vSPC.py. vSPC.py can be obtained here.

Why do you need OOB access to virtualized Infoblox appliances?

If you lose network connectivity to a virtualized Infoblox appliance, whether it be over SSH or via HTTPS (UI), you have no way to issue console commands to possibly reset the database and rejoin the appliance to a Grid. Or, perhaps you are installing a new Infoblox VM appliance, and need to configure it from the command line prior to the device having an IP Address. In either of these cases, it would be beneficial to be able to access the device over the network through TELNET. 

Requirements for implementing vSPC.py

  • A Linux VM w/ Python 2 or 3
  • vSPC.py script should be installed on the Linux VM

To set this up, I built a Linux instance of Fedora 23 using the minimal install. Once installed, I installed Python, then copied the vSPC.py to the server, and that was it. There are minimal resources required to install/configure the virtual serial port concentrator host VM. 

Configuring vSPC.py on the vSPC concentrator VM

  • Start vSPC.py on the virtual serial port concentrator VM using the --server option
  • Configure the vSPC.py to start automatically at boot
  • Edit the local firewall rules on the virtual serial port concentrator to permit 13370/tcp, 13371/tcp, and a range of ports for your Infoblox appliances starting at 50000/tcp

Once these tasks are done, the vSPC is ready to receive connections from the ESXi hosts on behalf of configured virtual Infoblox appliances. 

Configure virtualized Infoblox appliances to use vSPC.py serial port concentrator

  1. power off any virtualized Infoblox appliances you wish to configure 
  2. add a serial port to the VM with the following settings:
    • Type: Network
    • Direction: Server
    • Port URI: vSPC.py
    • Use Virtual Serial Port Concentrator: <checked>
    • vSPC URI: telnet://vspc.local.lan:13370
    • Yield CPU on Poll: <checked>
  3. start the virtualized Infoblox appliance

At this point you can now consult the vSPC if it's received any connections to the concentrator. This can be done either locally on the vSPC host OR you can issue the command remotely using the same vSPC.py script. When run, it will provide a list of all VMs that have a serial port connection and provides the port you can use to connect to the VM. To query the serial port concentrator locally, simply issue the script directly on the vSPC VM as follows:

./vSPC.py localhost

Or, to perform this remotely from your local desktop, make sure you install the same vSPC.py package and dependent libs and modules. Then just issue the command as follows, passing the FQDN of the vSPC host like so:

./vSPC.py vspc.local.lan

You should receive output that looks like the following:

$ ./vSPC.py vspc.local.lan
vgm:500ff5748e4317c7-bf266d5387f77153:50002
vgmc:500f9d92fceb578b-d9da5f942f8f1baa:50000
vdns1:500faf50bc771d83-86a9268d2fd2940d:50001
vdns-dhcp-01:500f5aebdc37ba86-b64bee50f9fd292b:50003

Connect to virtualized Infoblox appliances using vSPC.py

Upon querying the vSPC host for the list of serial port connections, simply telnet to the vSPC host address using the TCP port which corresponds with the VM you're looking to connect to. 

telnet vspc.example.com 50001

The above command would open a serial connection to the vdns1 appliance.

Benefits of using a virtual serial port concentrator

While there are two (2) ways of implementing vSerial ports to Infoblox appliances: virtual serial port concentrator and statically mapped vSerial ports, using the virtual serial port concentrator has a number of benefits that make it the best solution for implementing vSerial ports to your Infoblox appliances which include the following:

  • virtual serial port concentrators support vMotion, allowing you to move appliances safely from one ESXi host to another
  • virtual serial port concentrator handles dynamic port assignment which is easily queried
  • statically mapping telnet ports to VMs are hard to remember and there's no easy way to query this configuration
  • implementing a virtual serial port concentrator give you unparalleled access and management of your Infoblox VMs, especially in lab environments - reset a database or reset a VM to factory default and never lose access to it
  • obviates the need for VMware console access and authorization
  • ESXi firewall rules MUST be opened when implementing statically mapped vSerial Ports, since you TELNET to the IP Address of the ESXi server and port. Since the vSPC runs on a VM, you only have to ensure the firewall ports are opened on the local VM, not the ESXi host(s). 

Add comment


Security code
Refresh