本节介绍了配置自定义 IPAM 配置文件的步骤。
NSX Advanced Load Balancer 支持与第三方 IPAM 提供程序(例如 NS1、TCPWave 等)集成在一起,以自动为虚拟服务分配 IP 地址。
配置自定义 IPAM
以下是配置自定义 IPAM 的步骤:
上载 Python 脚本
创建自定义 IPAM 配置文件
将自定义 IPAM 配置文件附加到云
创建虚拟服务
步骤 1:上载 Python 脚本
将具有一些预期函数的 Python 脚本(如下面的 Python 脚本一节中所述)上载到控制器中。NSX Advanced Load Balancer 将调用该脚本中定义的函数,以从第三方提供程序中管理 IP 地址。
除了该脚本以外,您还可以添加以下键值参数,该脚本中的函数使用这些参数与 IPAM 提供程序进行通信:
username - <username>
password - <password>,并将
is_sensitive标记设置为Trueserver - 1.2.3.4
这些参数(提供程序特定的信息)用于与 IPAM 提供程序进行通信。
注:
以上参数仅供参考。根据脚本中使用的方法,这些参数将传递到脚本。
文件名必须具有 .py 扩展名,并符合 PEP8 命名约定。
使用 UI 进行配置
导航到,然后单击创建。
指定名称,然后在脚本中上载 .py 文件。
单击添加脚本参数,并输入以下详细信息:
- username:
-
<username>
- password:
-
<password>,并选中
Sensitive复选框。 - server:
-
1.2.3.4
- wapi_version:
- network_view:
-
default
- dns_view:
-
default
单击保存
使用 CLI 进行配置
将脚本复制到控制器上的 /var/lib/avi/ipamdnsscripts/ 位置。
请使用 configure customipamdnsprofile。例如,上载具有以下属性的 custom_ipam_script.py 脚本,如下所示:
步骤 2:创建自定义 IPAM 配置文件
使用 CLI 进行配置
使用 configure ipamdnsproviderprofile <profile name> 命令创建 IPAM 提供程序配置文件。
注:用于配置文件配置的参数取决于环境。
提供所需的名称,例如
custom-ipam-profile。选择
IPAMDNS_TYPE_CUSTOM以作为类型。提供
custom-ipam-script以作为custom_ipam_dns_profile_ref值(在步骤 1 中创建的脚本对象的名称)。
如果需要,添加可用的子网。如果已设置,在置备虚拟服务时,将在“VIP 地址分配的网络”下面提供在多个可用子网之间进行选择的选项,如步骤 4:创建虚拟服务一节中所示。如果未设置,则会列出提供程序中的所有可用网络/子网。
步骤 3:将自定义 IPAM 配置文件附加到云
使用 UI 进行配置
要为云关联自定义 IPAM 选项,请导航到,并使用在步骤 2 中创建的自定义 IPAM 配置文件。
使用 CLI 进行配置
使用
configure cloud <cloud name>将 IPAM 配置文件附加到云。提供
custom-ipam-profile以作为ipam_provider_ref值。
步骤 4:创建虚拟服务
在创建新的虚拟服务时,将使用自定义 IPAM 配置文件和脚本通过提供程序自动创建 IPAM 记录。
为虚拟服务提供以下必需属性:
- 名称:
-
虚拟服务的名称。
- VIP 地址分配的网络:
-
选择用于 IP 分配的网络/子网(仅在通过 UI 配置时是必需的)。
- 服务器:
-
后端服务器的 IP 地址。
使用 UI 进行配置
导航到,然后单击创建按钮。
在成功创建虚拟服务后,将为虚拟服务分配 IP,如下所示。还会通过提供程序为其创建 IPAM 记录。
使用 CLI 进行配置
使用
configure vsvsip <vsvip name>和configure virtualservice <vs name>命令分别创建vsvip和vs。
Python 脚本
脚本必须定义所需的所有函数和异常类,否则,系统在创建 IPAM 配置文件期间显示以下错误消息:“Custom IPAM profile script is missing required functions/exception classes {function_or_exception_names}”。
以下是所需的函数:
TestLoginGetAvailableNetworksAndSubnetsGetIpamRecordCreateIpamRecordDeleteIpamRecordUpdateIpamRecord
以下是所需的异常类:
CustomIpamAuthenticationErrorExceptionCustomIpamRecordNotFoundExceptionCustomIpamNoFreeIpExceptionCustomIpamNotImplementedExceptionCustomIpamGeneralException
在脚本中未实施函数/功能时,可能会引发
CustomIpamNotImplementedException。建议使用
logger_name(属于auth_params)记录脚本日志。将会创建tenant-specific调试日志文件(名为custom_ipam_script_<tenant_name>.log)以保存脚本中的日志语句。对于管理员租户,可以在以下位置中找到日志语句:/var/lib/avi/log/custom_ipam_script.log还会提供一个单独的 Python 脚本以验证提供程序脚本。
注:
正在开发用于不同 IPAM 提供程序的示例脚本,在完成后,将提供这些脚本。
以下是示例脚本模板:
"""
This script allows the user to communicate with custom IPAM provider.
Required Functions
------------------
1. TestLogin: Function to verify provider credentials, used in the UI during IPAM profile configuration.
2. GetAvailableNetworksAndSubnets: Function to return available networks/subnets from the provider.
3. GetIpamRecord: Function to return the info of the given IPAM record.
4. CreateIpamRecord: Function to create an IPAM record with the provider.
5. DeleteIpamRecord: Funtion to delete a given IPAM record from the provider.
6. UpdateIpamRecord: Function to update a given IPAM record.
Required Exception Classes
--------------------------
1. CustomIpamAuthenticationErrorException: Raised when authentication fails.
2. CustomIpamRecordNotFoundException: Raised when given record not found.
3. CustomIpamNoFreeIpException: Raised when no free IP available in the given subnets/networks.
4. CustomIpamNotImplementedException: Raised when the functionality is not implemented.
5. CustomIpamGeneralException: Raised for other types of exceptions.
"""
class CustomIpamAuthenticationErrorException(Exception):
"""
Raised when authentication fails.
"""
pass
class CustomIpamRecordNotFoundException(Exception):
"""
Raised when given record not found.
"""
pass
class CustomIpamNoFreeIpException(Exception):
"""
Raised when no free IP available in the given subnets/networks.
"""
pass
class CustomIpamNotImplementedException(Exception):
"""
Raised when the functionality is not implemented.
"""
pass
class CustomIpamGeneralException(Exception):
"""
Raised for other types of exceptions.
"""
pass
def TestLogin(auth_params):
"""
Function to validate user credentials. This function is called from IPAM profile
configuration UI page.
Args
----
auth_params: (dict of str: str)
Parameters required for authentication. These are script parameters provided while
creating a Custom IPAM profile.
Eg: auth_params can have following keys
server: Server ip address of the custom IPAM provider
username: self explanatory
password: self explanatory
logger_name: logger name
Returns
-------
Return True on success
Raises
------
CustomIpamNotImplementedException: if this function is not implemented.
CustomIpamAuthenticationErrorException: if authentication fails.
"""
1. Check all credentials params are given else raise an exception.
2. Raise an exception if test login fails.
def GetAvailableNetworksAndSubnets(auth_params, ip_type):
"""
Function to retrieve networks/subnets from the provider.
Called from the IPAM profile configuration to populate usable subnets on the UI.
Note: Subnets are represented in CIDR format.
Args
----
auth_params: (dict of str: str)
Parameters required for authentication.
ip_type: (str)
IP type supported by the networks/subnets. Allowed values: V4_ONLY, V6_ONLY and V4_V6.
Returns
-------
subnet_list: (list of dict of str : str)
network (str): network id/name
v4_subnet (str): V4 subnet
v6_subnet (str): V6 subnet
v4_available_ip_count (str): V4 free ips count of the network/v4_subnet
v6_available_ip_count (str): V6 free ips count of the network/v6_subnet
each dict has 5 keys: network, v4_subnet, v6_subnet, v4_available_ip_count, v6_available_ip_count
v4_available_ip_count and v6_available_ip_count are optional, currenty this function returns the first 3 keys. returning counts is TBD.
Raises
------
None
"""
1. return all the available networks and subnets.
def GetIpamRecord(auth_params, record_info):
"""
Function to return the info of the given IPAM record.
Args
----
auth_params: (dict of str: str)
Parameters required for authentication.
record_info: (dict of str: str)
id (str): uuid of vsvip.
fqdns (list of str): list of fqdn from dns_info in vsvip.
Returns
-------
alloc_info(dict of str: str):
Dictionary of following keys
v4_ip (str): IPv4 of the record
v4_subnet (str): IPv4 subnet
v6_ip (str): IPv6 of the record
v6_subnet (str): IPv6 subnet
network (str): network id/name
Raises
------
CustomIpamNotImplementedException: if this function is not implemented.
CustomIpamGeneralException: if the api request fails.
"""
1. Get the reference of the given IPAM record.
2. Raise a valid error message if the given record not found.
3. Return ipam record info like ipv4, ipv6, and its subnet/network name
def CreateIpamRecord(auth_params, record_info):
"""
Implements a Custom Rest API to create an IPAM record.
Args
----
auth_params: (dict of str: str)
Parameters required for authentication.
record_info: (dict of str: str)
New record information with following keys.
id (str): uuid of vsvip.
fqdns (list of str): list of fqdn from dns_info in vsvip.
preferred_ip (str): the vsvip IPv4 if it's already configured by the user.
preferred_ip6 (str): the vsvip IPv6 if it's already configured by the user.
allocation_type (str): IP allocation type. Allowed values: V4_ONLY, V6_ONLY and V4_V6.
nw_and_subnet_list (list of tuples : str): List of networks and subnets to use for new IPAM
record IP allocation. Each tuple has 3 values (network, v4_subnet, v6_subnet).
Returns
-------
alloc_info(dict of str: str):
Dictionary of following keys
v4_ip (str): allocated IPv4
v4_subnet (str): subnet used for IPv4 allocation.
v6_ip (str): allocated IPv6
v6_subnet (str): subnet used for IPv6 allocation.
network (str): network used for IPv4/IPv6 allocation.
Raises
------
CustomIpamNoFreeIpException: if no free ip available.
CustomIpamGeneralException: if create record fails for any other reason.
"""
1. Either id or fqdns can be used as the name/identifier to create a new IPAM record, choose according to the requirements.
2. If the preferred_ip/preferred_ip6 is set, call specific rest URL to create an IPAM record (according to the allocation_type).
3. If the nw_and_subnet_list is empty call GetAvailableNetworksAndSubnets() to use any available
subnets or networks for IP allocaton.
4. Based on the allocation_type, build payload data and call specific rest URL to create an IPAM record.
5. If create IPAM record fails, raise an exception.
def DeleteIpamRecord(auth_params, record_info):
"""
Implements a Custom Rest API to delete an IPAM record.
Args
----
auth_params: (dict of str: str)
Parameters required for authentication.
record_info: (dict of str: str)
Record to be deleted. Has following keys.
id (str): uuid of vsvip.
fqdns (list of str): list of fqdn from dns_info in vsvip.
Returns
-------
True on successfully deleting the record.
Raises
------
CustomIpamRecordNotFoundException: if the given record not found
CustomIpamGeneralException: if delete record request fails.
"""
1. Get the reference of the given IPAM record.
2. Raise a valid error message if the given record not found.
3. Delete the record, if it fails, raise an exception.
def UpdateIpamRecord(auth_params, new_record_info, old_record_info):
"""
Function to handle update IPAM record requests. Eg: Change of allocation_type from
V4_ONLY to V6_ONLY.
Args
----
auth_params: (dict of str: str)
Parameters required for authentication.
new_record_info: (dict of str: str)
New record information with following keys.
id (str): uuid of vsvip.
fqdns (list of str): list of fqdn from dns_info in vsvip.
preferred_ip (str): the vsvip IPv4 if it's already configured by the user.
preferred_ip6 (str): the vsvip IPv6 if it's already configured by the user.
allocation_type (str): IP allocation type. Allowed values: V4_ONLY, V6_ONLY and V4_V6.
nw_and_subnet_list (list of tuples : str): List of networks and subnets to use for an
IPAM record IP allocation. Each tuple has 3 values (network, v4_subnet, v6_subnet)
old_record_info: (dict of str: str)
Old record information with following keys.
id (str): uuid of vsvip.
fqdns (list of str): list of fqdn from dns_info in vsvip of an old record.
preferred_ip (str): old record's preferred IPv4.
preferred_ip6 (str): old record's preferred IPv6.
allocation_type (str): old record's IP allocation type. Allowed values: V4_ONLY, V6_ONLY and V4_V6.
nw_and_subnet_list (list of tuples : str): List of networks and subnets used for an old IPAM
record IP allocation. Each tuple has 3 values (network, v4_subnet, v6_subnet)
Returns
-------
alloc_info(dict of str: str):
Dictionary of following keys
v4_ip (str): allocated IPv4
v4_subnet (str): subnet used for IPv4 allocation.
v6_ip (str): allocated IPv6
v6_subnet (str): subnet used for IPv6 allocation.
network (str): network used for IPv4/IPv6 allocation.
Raises
------
CustomIpamNotImplementedException: if this function or specific update requests not implemented.
CustomIpamRecordNotFoundException: if the given record not found
CustomIpamGeneralException: if the api request fails for any other reason.
"""
1. Raise CustomIpamNotImplementedException exception if the UpdateIpamRecord function or specific update request is not implemented.
2. Get the reference of the given IPAM record.
3. Raise a valid error message if the given record not found.
4. Call specific rest URL based on the update type, if the update request fails, raise an exception.
