DMF Controller in Microsoft Azure

The DANZ Monitoring Fabric (DMF) Controller in Azure feature supports the operation of the Arista Networks DMF Controller on the Microsoft Azure platform and uses the Azure CLI or the Azure portal to launch the Virtual Machine (VM) running the DMF Controller.

Figure 1. Customer Azure Infrastructure

The DMF Controller in Azure feature enables the registration of VM deployments in Azure and supports auto-firstboot using Azure userData or customData.

Configuration

Configure Azure VMs auto-firstboot using customData or userData. There is no data merging from these sources, so provide the data via customData or userData, but not both.

Arista Networks recommends using customData as it provides a better security posture because it is available only during VM provisioning and requires sudo access to mount the virtual CDROM.

userData is less secure because it is available via Instance MetaData Service (IMDS) after provisioning and can be queried from the VM without any authorization restrictions.

If sshKey is configured for the admin account during Azure VM provisioning along with auto-firstboot parameters, then it is also configured for the admin user of the DMF Controllers.

The following table lists details of the first boot parameters for the auto-firstboot configuration.

Firstboot Parameters - Required Parameters

Key Description Valid Values
admin_password This is the password to set for the admin user. When joining an existing cluster node this will be the admin-password for the existing cluster node. string
recovery_password This is the password to set for the recovery user. string

Additional Parameters

Key Description Required Valid Values Default Value
hostname This is the hostname to set for the appliance. no string configured from Azure Instance Metadata Service
cluster_name This is the name to set for the cluster. no string Azure-DMF-Cluster
cluster_to_join This is the IP which firstboot will use to join an existing cluster. Omitting this parameter implies that the firstboot will create a new cluster.
Note: If this parameter is present ntp-servers, cluster-name, and cluster-description will be ignored. The existing cluster node will provide these values after joining.
no IP Address String  
cluster_description This is the description to set for the cluster. no string  

Networking Parameters

Key Description Required Valid Values Default Value
ip_stack What IP protocols should be set up for the appliance management NIC. no enum: ipv4, ipv6, dual-stack ipv4
ipv4_method How to setup IPv4 for the appliance management NIC. no enum: auto, manual auto
ipv4_address The static IPv4 address used for the appliance management NIC. only if ipv4-method is set to manual IPv4 Address String  
ipv4_prefix_length The prefix length for the IPv4 address subnet to use for the appliance management NIC. only if ipv4-method is set to manual 0..32  
ipv4_gateway The static IPv4 gateway to use for the appliance management NIC. no IPv4 Address String  
ipv6_method How to set up IPv6 for the appliance management NIC. no enum: auto, manual auto
ipv6_address The static IPv6 address to use for the appliance management NIC. only if ipv6-method is set to manual IPv6 Address String  
ipv6_prefix_length The prefix length for the IPv6 address subnet to use for the appliance management NIC. only if ipv6-method is set to manual 0..128  
ipv6_gateway The static IPv6 gateway to use for the appliance management NIC. no IPv6 Address String  
dns_servers The DNS servers for the cluster to use no List of IP address strings  
dns_search_domains The DNS search domains for the cluster to use. no List of the host names or FQDN strings  
ntp_servers The NTP servers for the cluster to use. no List of the host names of FQDN strings

0.bigswitch.pool.ntp.org

1.bigswitch.pool.ntp.org

2.bigswitch.pool.ntp.org

3.bigswitch.pool.ntp.org

Examples

{
"admin_password": "admin_user_password",
"recovery_password": "recovery_user_password"
}

Full List of Parameters

{
"admin-password": "admin_user_password",
"recovery_password": "recovery_user_password",
"hostname": "hostname",
"cluster_name": "cluster name",
"cluster_description": "cluster description",
"ip_stack": "dual-stack",
"ipv4_method": "manual",
"ipv4_address": "10.0.0.3",
"ipv4_prefix-length": "24",
"ipv4_gateway": "10.0.0.1",
"ipv6_method": "manual",
"ipv6_address": "be:ee::1",
"ipv6_prefix-length": "64",
"ipv6_gateway": "be:ee::100",
"dns_servers": [
"10.0.0.101",
"10.0.0.102"
],
"dns_search_domains": [
"dns-search1.com",
"dns-search2.com"
],
"ntp_servers": [
"1.ntp.server.com",
"2.ntp.server.com"
]
}

Limitations

The following limitations apply to the DANZ Monitoring Fabric (DMF) Controller in Microsoft Azure.

  • There is no support for any features specific to Azure-optimized Ubuntu Linux, including Accelerated Networking.

  • The DMF Controllers in Azure are only supported on Gen-1 VMs.

  • The DMF Controllers in Azure do not support adding the virtual IP address for the cluster.

  • There is no support for capture interfaces in Azure.

  • DMF ignores the Azure username and password fields.

  • There is no support for static IP address assignment that differs from what is configured on the Azure NIC.

  • The DMF Controllers are rebooted if the static IP on the NIC is updated.

Resources

Syslog Messages

  • Azure DMF Controller VMs can be accessed via an ssh login.

  • systemctl should be in a running state without any failed units for the Controllers to be in a healthy state as shown in the following example:

    dmf-controller-0-vm> debug bash
    admin@dmf-controller-0-vm:~$ sudo systemctl status
    dmf-controller-0-vm
    State: running
    Jobs: 0 queued
    Failed: 0 units

Troubleshooting

  • There are three possible failure modes:

    • VM fails Azure registration.

    • auto-firstboot fails due to a transient error or bug.

    • auto-firstboot parameter validation fails.

  • These failures can be debugged by accessing the firstboot logs, after manually booting the VM.
  • Azure DMF Controller VMs can be accessed via ssh. Firstboot logs can be accessed using debug bash as shown below:
    dmf-controller-0-vm> debug bash
    admin@dmf-controller-0-vm:~$ less /var/log/floodlight/firstboot/firstboot.log
  • For debugging parameter validation errors, access the parameter validation results using debug bash as shown below:
    dmf-controller-0-vm> debug bash
    admin@dmf-controller-0-vm:~$ less /var/lib/floodlight/firstboot/validation-results.json