DMF Controller in Microsoft Azure

The DANZ Monitoring Fabric (DMF) Controller in Azure feature supports the operation of the Arista Networks DMF Controller on the Microsoft Azure platform and uses the Azure CLI or the Azure portal to launch the Virtual Machine (VM) running the DMF Controller.

The DMF Controller in Azure feature enables the registration of VM deployments in Azure and supports auto-firstboot using Azure userData or customData.

Configuration

Configure Azure VMs auto-firstboot using customData or userData. There is no data merging from these sources, so provide the data via customData or userData, but not both.

Arista Networks recommends using customData as it provides a better security posture because it is available only during VM provisioning and requires sudo access to mount the virtual CDROM.

userData is less secure because it is available via Instance MetaData Service (IMDS) after provisioning and can be queried from the VM without any authorization restrictions.

If sshKey is configured for the admin account during Azure VM provisioning along with auto-firstboot parameters, then it is also configured for the admin user of the DMF Controllers.

The following table lists details of the first boot parameters for the auto-firstboot configuration.

Firstboot Parameters - Required Parameters

Key	Description	Valid Values
admin_password	This is the password to set for the admin user. When joining an existing cluster node this will be the admin-password for the existing cluster node.	string
recovery_password	This is the password to set for the recovery user.	string

Additional Parameters

Key	Description	Required	Valid Values	Default Value
hostname	This is the hostname to set for the appliance.	no	string	configured from Azure Instance Metadata Service
cluster_name	This is the name to set for the cluster.	no	string	Azure-DMF-Cluster
cluster_to_join	This is the IP which firstboot will use to join an existing cluster. Omitting this parameter implies that the firstboot will create a new cluster. Note: If this parameter is present ntp-servers, cluster-name, and cluster-description will be ignored. The existing cluster node will provide these values after joining.	no	IP Address String
cluster_description	This is the description to set for the cluster.	no	string

Networking Parameters

Key	Description	Required	Valid Values	Default Value
ip_stack	What IP protocols should be set up for the appliance management NIC.	no	enum: ipv4, ipv6, dual-stack	ipv4
ipv4_method	How to setup IPv4 for the appliance management NIC.	no	enum: auto, manual	auto
ipv4_address	The static IPv4 address used for the appliance management NIC.	only if ipv4-method is set to manual	IPv4 Address String
ipv4_prefix_length	The prefix length for the IPv4 address subnet to use for the appliance management NIC.	only if ipv4-method is set to manual	0..32
ipv4_gateway	The static IPv4 gateway to use for the appliance management NIC.	no	IPv4 Address String
ipv6_method	How to set up IPv6 for the appliance management NIC.	no	enum: auto, manual	auto
ipv6_address	The static IPv6 address to use for the appliance management NIC.	only if ipv6-method is set to manual	IPv6 Address String
ipv6_prefix_length	The prefix length for the IPv6 address subnet to use for the appliance management NIC.	only if ipv6-method is set to manual	0..128
ipv6_gateway	The static IPv6 gateway to use for the appliance management NIC.	no	IPv6 Address String
dns_servers	The DNS servers for the cluster to use	no	List of IP address strings
dns_search_domains	The DNS search domains for the cluster to use.	no	List of the host names or FQDN strings
ntp_servers	The NTP servers for the cluster to use.	no	List of the host names of FQDN strings `0.bigswitch.pool.ntp.org` `1.bigswitch.pool.ntp.org` `2.bigswitch.pool.ntp.org` `3.bigswitch.pool.ntp.org`

Examples

{
"admin_password": "admin_user_password",
"recovery_password": "recovery_user_password"
}

Full List of Parameters

{
"admin-password": "admin_user_password",
"recovery_password": "recovery_user_password",
"hostname": "hostname",
"cluster_name": "cluster name",
"cluster_description": "cluster description",
"ip_stack": "dual-stack",
"ipv4_method": "manual",
"ipv4_address": "10.0.0.3",
"ipv4_prefix-length": "24",
"ipv4_gateway": "10.0.0.1",
"ipv6_method": "manual",
"ipv6_address": "be:ee::1",
"ipv6_prefix-length": "64",
"ipv6_gateway": "be:ee::100",
"dns_servers": [
"10.0.0.101",
"10.0.0.102"
],
"dns_search_domains": [
"dns-search1.com",
"dns-search2.com"
],
"ntp_servers": [
"1.ntp.server.com",
"2.ntp.server.com"
]
}

Limitations

The following limitations apply to the DANZ Monitoring Fabric (DMF) Controller in Microsoft Azure.

There is no support for any features specific to Azure-optimized Ubuntu Linux, including Accelerated Networking.
The DMF Controllers in Azure are only supported on Gen-1 VMs.
The DMF Controllers in Azure do not support adding the virtual IP address for the cluster.
There is no support for capture interfaces in Azure.
DMF ignores the Azure username and password fields.
There is no support for static IP address assignment that differs from what is configured on the Azure NIC.
The DMF Controllers are rebooted if the static IP on the NIC is updated.

Resources

Please refer to the following resources for more information.

Azure user data details: https://learn.microsoft.com/en-us/azure/virtual-machines/user-data
Azure custom data details: https://learn.microsoft.com/en-us/azure/virtual-machines/custom-data
Azure Gen1 vs Gen2 VMs: https://learn.microsoft.com/en-us/azure/virtual-machines/generation-2
Azure optimized Ubuntu Linux features: https://ubuntu.com/blog/microsoft-and-canonical-increase-velocity-with-azure-tailored-kernel
Azure NIC assignment behavior: https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/reset-network-interface-azure-linux-vm

Syslog Messages

Azure DMF Controller VMs can be accessed via an ssh login.

systemctl should be in a running state without any failed units for the Controllers to be in a healthy state as shown in the following example:

dmf-controller-0-vm> debug bash
admin@dmf-controller-0-vm:~$ sudo systemctl status
dmf-controller-0-vm
State: running
Jobs: 0 queued
Failed: 0 units

Troubleshooting

There are three possible failure modes:
- VM fails Azure registration.
- auto-firstboot fails due to a transient error or bug.
- auto-firstboot parameter validation fails.
These failures can be debugged by accessing the firstboot logs, after manually booting the VM.

Azure DMF Controller VMs can be accessed via ssh. Firstboot logs can be accessed using debug bash as shown below:

dmf-controller-0-vm> debug bash
admin@dmf-controller-0-vm:~$ less /var/log/floodlight/firstboot/firstboot.log

For debugging parameter validation errors, access the parameter validation results using debug bash as shown below:

dmf-controller-0-vm> debug bash
admin@dmf-controller-0-vm:~$ less /var/lib/floodlight/firstboot/validation-results.json

DANZ Monitoring Fabric Deployment Guide