Custom DNS Profile on Avi Vantage

Overview

Avi Vantage supports custom DNS profiles to communicate the DNS provider. With the new feature, you can use your own DNS provider and Avi Vantage uses the allowed usable domain as per the requirement.

Configuring Custom DNS using UI

Uploading Python Script

A python script is uploaded to Avi Vantage to use a custom DNS profile option.

  • Navigate to Templates > Profiles > Custom IPAM/DNS, and click on Create to upload the script.

    create

  • Provide DNS name and upload the script as the code to handle DNS records, for example, update and delete the DNS records.

    details

The script has the following methods used:

  • create and update record
  • delete record

In this example, the following parameters are used while uploading the script to Avi Vantage:

  • username – Example: admin
  • password – Example: password (It is marked as sensitive)
  • wapi version: Example: v2.0
  • Server: IP address of the DNS provider

These parameters (provider-specific information) are used to communicate with DNS providers.

The above parameters are provided for an example purpose only. Based on the method used in the script, the parameters are passed to the script.

Creating Custom DNS Profile

Navigate to Templates > IPAM/DNS Profiles and click on the Create button to begin. Name the profile. Select Custom DNS from the drop-down menu provided for Type.

custom-profile

Choose the custom DNS created in the previous step, and provide the additional provider-specific parameters, as shown below:

  • network_view: In this case, it is the default network view.
  • dns_view: In this case, it is the defaultDNS view.

The additional parameters provided above and usable domains are optional fields. But, they help in provisioning virtual service automatically with the required attributes.

Using the same script, multiple usable domains can be created.

multiple-domains

While provisioning the virtual service, the option to choose among multiple domains are available under Applicable Domain Name as shown below.

multiple-options

Using Custom DNS Profile for Cloud Deployment

To associate the custom DNS option for the cloud, navigate to Infrastructure > Cloud, and use the DNS profile created in the previous steps.

cloud

cloud-dns-profile

Creating Virtual Service

Navigate to Applications > Virtual Service and click on Create to create a new virtual service which will use the custom DNS profile for registering domain automatically. Provide the following mandatory attributes for the virtual service:

  • Name: Name of the virtual service
  • VIP address: IP address of the virtual service
  • Application Domain Name: Use the usable domain provided while creating the custom DNS profile.
  • Servers: IP address of the back-end server

    create-vs

Once the virtual service creation is successful, the FQDN will be registered with the virtual service as shown below.

verify

The same domain will be registered at the DNS provider site as well.

Configuring DNS Profile using CLI

Uploading Python Script

A python script is uploaded to Avi Vantage to use a custom DNS profile. Use the following script to upload the desired custom DNS script to Avi controller.


 "
 Custom DNS script
 
 """
 
 import socket
 import os
 import getpass
 import requests
 import inspect
 import urllib
 import json
 import time
 
 def CreateOrUpdateRecord(record_info, params):
     username = params.get('username')
     passkey = params.get('password') 
     ip = record_info.get('f_ip_address', '') or record_info.get('ip_address', '')
     cname = record_info.get('cname', '')
     fqdn = record_info.get('fqdn') 
     ttl = record_info.get('ttl', 900)
     record_type = record_info.get('type', 'DNS_RECORD_A')
     dns_record_id = 0
     metadata_j = record_info.get('metadata', None)
     if metadata_j:
         metadata = json.loads(metadata_j)
         # Check if default of 0 as DNS record id is useful
         dns_record_id = metadata.get('dns_record_id', 0)
 
     if not fqdn:
         print "Not valid FQDN found %s, returning"%record_info
         return
 
     # REST API
     api = WebApiClient(username, passkey, domain)
     api.disable_ssl_chain_verification()
     param_dict = {
 	    # DNS Record Information
 	    "dns_record_id"         : dns_record_id,
 	    "fqdn"		    : fqdn,
 	    "type"		    : "CNAME" if record_type == 'DNS_RECORD_CNAME' else "A",
 	    "ttl"                   : str(ttl),
 	    "content"		    : cname if record_type == 'DNS_RECORD_CNAME' else ip,
 	    "site"		    : "ALL"             
     }
 
     # Send request to register the FQDN, failures can be raised and the VS creation will fail
     rsp = api.send_request("Update", param_dict)
     if not rsp:
         err_str = "ERROR:"
         err_str += "   STATUS: " + api.get_response_status()
         err_str += "   TYPE: " + str(api.get_error_type())
         err_str += "   MESSAGE: " + api.get_error_message()
         print err_str
         raise Exception("DNS record update failed with %s"%err_str)
 
 
 def DeleteRecord(record_info, params):
     username = params.get('username')
     passkey = params.get('password') 
     ip = record_info.get('f_ip_address', '') or record_info.get('ip_address', '')
     cname = record_info.get('cname', '')
     fqdn = record_info.get('fqdn') 
     ttl = record_info.get('ttl', 900)
     record_type = record_info.get('type', 'DNS_RECORD_A')
     dns_record_id = 0
     metadata_j = record_info.get('metadata', None)
     if metadata_j:
         metadata = json.loads(metadata_j)
         # Check if default of 0 as DNS record id is useful
         dns_record_id = metadata.get('dns_record_id', 0)
 
     api = WebApiClient(username, passkey, domain)
     api.disable_ssl_chain_verification()
     param_dict = {
 	    # DNS Record Information
 	    "dns_record_id"         : int(dns_record_id),
 	    "delete_reason"         : "Reason for deleting record",
 	    "push_immediately"      : True,
 	    "update_serial"         : True,                
     }
 
     rsp = api.send_request("Delete", param_dict)
     if not rsp:
         print "ERROR:"
         print "   STATUS: " + api.get_response_status()
         print "   TYPE: " + str(api.get_error_type())
         print "   MESSAGE: " + api.get_error_message()
     return ""
 

The following parameters can be used in the script

  • username – Example: admin
  • password – Example: avi123
  • API version: Example: 1.2

The above parameters are provided for an example purpose only. Based on the method used in the script, the parameters should be passed to the script.

Creating Custom DNS Profile using CLI

l
[admin-cntrl1]: > configure customipamdnsprofile custom-dns-profile

[admin-cntrl1]: customipamdnsprofile>
cancel          Exit the current submode without saving
do              Execute a show command
name            Name of the Custom IPAM DNS Profile.
new             (Editor Mode) Create new object in editor mode
no              Remove field
save            Save and exit the current submode
script_params   (submode)
script_uri      Script URI of form controller://ipamdnsscripts/<file-name>
show_schema     show object schema
tenant_ref      Help string not found for argument
watch           Watch a given show command
where           Display the in-progress object
[admin-cntrl1]: customipamdnsprofile>

In the above configuration snippet, the custom_dns_script.py script is uploaded with the following attributes.

  • Name: custom-dns-profile
  • Username: dnsuser
  • Password: Password with the is_sensitive flag set to True
  • URI for the script: controller://ipamdnsscripts/custom_dns_script.py

Use the following syntax for uploading your script. controller://ipamdnsscripts/<script name>

Below is the output of the show customipamdnsprofile custom-dns-profile command.


[admin:10-10-25-160]: > show customipamdnsprofile custom-dns-profile
+------------------+-----------------------------------------------------------+
| Field            | Value                                                     |
+------------------+-----------------------------------------------------------+
| uuid             | customipamdnsprofile-c12faa8a-f0eb-4128-a976-98d30391b9f2 |
| name             | custom-dns-profile                                        |
| script_uri       | controller://ipamdnsscripts/custom_dns_script.py     |
| script_params[1] |                                                           |
|   name           | username                                                  |
|   value          | dnsuser                                                   |
|   is_sensitive   | False                                                     |
|   is_dynamic     | False                                                     |
| script_params[2] |                                                           |
|   name           | password                                                  |
|   value          | <sensitive>                                              |
|   is_sensitive   | True                                                      |
|   is_dynamic     | False                                                     |
| tenant_ref       | admin                                                     |
+------------------+-----------------------------------------------------------+

Configuring IPAM DNS Provider profile

Use the command configure ipamdnsproviderprofile <profile name> to create the IPAM DNS provider profile.

Note: Parameters used for the profile configuration depend on the environment.


[admin-cntrl1]: configure ipamdnsproviderprofile dns-profile
[admin-cntrl1]: ipamdnsproviderprofile>
allocate_ip_in_vrf    If this flag is set, only allocate IP from networks in the Virtual Service VRF. Applicable for Avi Vantage IPAM only
aws_profile           (submode)
azure_profile         (submode)
cancel                Exit the current submode without saving
custom_profile        (submode)
do                    Execute a show command
gcp_profile           (submode)
infoblox_profile      (submode)
internal_profile      (submode)
name                  Name for the IPAM/DNS Provider profile
new                   (Editor Mode) Create new object in editor mode
no                    Remove field
openstack_profile     (submode)
proxy_configuration   (submode)
save                  Save and exit the current submode
show_schema           show object schema
tenant_ref            Help string not found for argument
type                  Provider Type for the IPAM/DNS Provider profile
watch                 Watch a given show command
where                 Display the in-progress object
[admin-cntrl1]: ipamdnsproviderprofile>
  • Provide the desired name – Example: dns-profile
  • Select Type as IPAMDNS_TYPE_CUSTOM
  • Provide the custom_ipam_dns_profile_ref value as custome-dns-profile (name of the custom DNS profile created in the previous step)

The following additional parameter is passed to the script:

  • Name – api_version
  • value – 2.2

 [admin-cntrl1]: > show ipamdnsproviderprofile dns-profile
+-------------------------------+-------------------------------------------------------------+
| Field                         | Value                                                       |
+-------------------------------+-------------------------------------------------------------+
| uuid                          | ipamdnsproviderprofile-82ec8888-122e-4ca9-a1b3-0320c37e2d68 |
| name                          | dns-profile                                                 |
| type                          | IPAMDNS_TYPE_CUSTOM                                         |
| custom_profile                |                                                             |
|   custom_ipam_dns_profile_ref | custom-dns-profile                                          |
|   dynamic_params[1]           |                                                             |
|     name                      | api_version                                                 |
|     value                     | 2.2                                                         |
|     is_sensitive              | False                                                       |
|     is_dynamic                | False                                                       |
| allocate_ip_in_vrf            | False                                                       |
| tenant_ref                    | admin                                                       |
+-------------------------------+-------------------------------------------------------------+