DMF Controller in Microsoft Azure

The DANZ Monitoring Fabric (DMF) Controller in Azure feature supports the operation of the Arista Networks DMF Controller on the Microsoft Azure platform and uses the Azure CLI or the Azure portal to launch the Virtual Machine (VM) running the DMF Controller.

The DMF Controller in Azure feature enables the registration of VM deployments in Azure and supports auto-firstboot using Azure userData or customData.

Configuration

Configure Azure VMs auto-firstboot using customData or userData. There is no data merging from these sources, so provide the data via customData or userData, but not both.

Arista Networks recommends using customData as it provides a better security posture because it is available only during VM provisioning and requires sudo access to mount the virtual CDROM.

userData is less secure because it is available via Instance MetaData Service (IMDS) after provisioning and can be queried from the VM without any authorization restrictions.

If sshKey is configured for the admin account during Azure VM provisioning along with auto-firstboot parameters, then it is also configured for the admin user of DMF controllers.

The following table lists details of the firstboot parameters for the auto-firstboot configuration.

Firstboot Parameters - Required Parameters

Key Description Valid Values
admin_password This is the password to set for the admin user. When joining an existing cluster node this will be the admin-password for the existing cluster node. string
recovery_password This is the password to set for the recovery user. string

Additional Parameters

Key Description Required Valid Values Default Value
hostname This is the hostname to set for the appliance. no string Configured from Azure Instance Metadata Service
cluster_name This is the name to set for the cluster. no string Azure-DMF-Cluster
cluster_to_join This is the IP which firstboot will use to join an existing cluster. Omitting this parameter implies that the firstboot will create a new cluster.
Note: If this parameter is present ntp-servers, cluster-name, and cluster-description will be ignored. The existing cluster node will provide these values after joining.
 no IP Address String  
cluster_description This is the description to set for the cluster. no string  

Networking Parameters

Key Description Required Valid Values Default Value
ip_stack What IP protocols to set up for the appliance management NIC. no enum: ipv4, ipv6, dual-stack ipv4
ipv4_method Setup IPv4 for the appliance management NIC. no enum: auto, manual auto
ipv4_address The static IPv4 address used for the appliance management NIC. only if ipv4-method is set to manual IPv4 Address String  
ipv4_prefix_length The prefix length for the IPv4 address subnet to use for the appliance management NIC. only if ipv4-method is set to manual 0..32  
ipv4_gateway The static IPv4 gateway to use for the appliance management NIC. no IPv4 Address String  
ipv6_method Set up IPv6 for the appliance management NIC. no enum: auto, manual auto
ipv6_address The static IPv6 address to use for the appliance management NIC. only if ipv6-method is set to manual IPv6 Address String  
ipv6_prefix_length The prefix length for the IPv6 address subnet to use for the appliance management NIC. only if ipv6-method is set to manual 0..128  
ipv6_gateway The static IPv6 gateway to use for the appliance management NIC. no IPv6 Address String  
dns_servers The DNS servers for the cluster to use no List of IP address strings  
dns_search_domains The DNS search domains for the cluster to use. no List of the host names or FQDN strings  
ntp_servers The NTP servers for the cluster to use. no List of the host names of FQDN strings

0.bigswitch.pool.ntp.org

1.bigswitch.pool.ntp.org

2.bigswitch.pool.ntp.org

3.bigswitch.pool.ntp.org

Examples

{
"admin_password": "admin_user_password",
"recovery_password": "recovery_user_password"
}

Full List of Parameters

{
"admin-password": "admin_user_password",
"recovery_password": "recovery_user_password",
"hostname": "hostname",
"cluster_name": "cluster name",
"cluster_description": "cluster description",
"ip_stack": "dual-stack",
"ipv4_method": "manual",
"ipv4_address": "10.0.0.3",
"ipv4_prefix-length": "24",
"ipv4_gateway": "10.0.0.1",
"ipv6_method": "manual",
"ipv6_address": "be:ee::1",
"ipv6_prefix-length": "64",
"ipv6_gateway": "be:ee::100",
"dns_servers": [
"10.0.0.101",
"10.0.0.102"
],
"dns_search_domains": [
"dns-search1.com",
"dns-search2.com"
],
"ntp_servers": [
"1.ntp.server.com",
"2.ntp.server.com"
]
}

Syslog Messages

  • There are three possible failure modes:
    • VM fails Azure registration.
    • auto-firstboot fails due to a transient error or bug.
    • auto-firstboot parameter validation fails.
  • These failures can be debugged by accessing the firstboot logs after manually booting the VM or logging via the recovery user on Azure serial console:
    • Azure DMF Controller VMs can be accessed via ssh login after successful firstboot: 
      dmf-controller-0-vm> enable; configure;
dmf-controller-0-vm> show logging syslog | grep 'floodlight-autofirstboot'
    • For debugging parameter validation errors, access the parameter validation results: 
      dmf-controller-0-vm> show firstboot parameter-validation
  • Accessing logs via the recovery user on Azure serial console. The following output is an example log for missing a required firstboot parameter – admin_password: 
    Log in as 'admin' to configure

controller login: recovery
recovery@controller:~$ cat /var/log/floodlight/firstboot/firstboot.log 
...
2024-06-17 17:09:09,982 autofirstboot: CRITICAL [main] Uncaught exception
Traceback (most recent call last):
File "/usr/bin/floodlight-autofirstboot", line 11, in <module>
load_entry_point('firstboot==0.1.0', 'console_scripts', 'floodlight-autofirstboot')()
File "/usr/share/floodlight/firstboot/firstboot/autofirstboot.py", line 93, in main
params, plugin = get_params(plugins)
File "/usr/share/floodlight/firstboot/firstboot/autofirstboot.py", line 44, in get_params
params = plugin.get_firstboot_params()
File "/usr/share/floodlight/firstboot/firstboot/cloud_plugins/azure.py", line 75, in get_firstboot_params
return FirstbootParams(**firstboot_param_dict)
TypeError: __init__() missing 1 required positional argument: 'admin_password'

Troubleshooting

  • If a DMF Controller VM cannot be accessed via ssh login, the auto-firstboot has probably failed.
  • The DMF Controller VMs must be recreated on Azure for any transient failure for VM registration with Azure or for auto-firstboot to occur.
  • The DMF Controller VMs can also be configured manually for firstboot via the Azure serial console.

Limitations

The following limitations apply to the DANZ Monitoring Fabric (DMF) Controller in Microsoft Azure.

  • There is no support for any features specific to Azure-optimized Ubuntu Linux, including Accelerated Networking.
  • The DMF Controllers in Azure are only supported on Gen-1 VMs.
  • The DMF Controllers in Azure do not support adding the virtual IP address for the cluster.
  • There is no support for capture interfaces in Azure.
  • DMF ignores the Azure username and password fields.
  • There is no support for static IP address assignment that differs from what is configured on the Azure NIC.
  • The DMF Controllers are rebooted if the static IP on the NIC is updated.
  • Switches are supported in L3 ZTN mode only.

Resources

Please refer to the following resources for more information.

Diagrams

Figure 1. Customer Azure Infrastructure