SolarWinds High Availability update Infoblox DNS Record

Dearest Thwack Community,

Was working with Support and they noticed that a script I made could be of use to other folks so I figured I'd throw it out to the community. In a nutshell this script checks the registered address of a DNS A record in Infoblox and if it doesn't match the primary IP address of the polling engine, update accordingly. Specifically our HA implementation is DR, and the subnets are different at each site, and we use Infoblox for DNS. I built some basic logging into it as well.

Enjoy emoticons_happy.png

Thanks!

sum_giais

<##################################################################################################################################

 

Author: sum_giais (Just some random Thwack user)

Date created: 7.31.2018 

Purpose: This script was created to update the DNS hostname record in InfoBlox during a SolarWinds High Availability Pool failover.

Prerequisites:

    Posh-IBWAPI (Infoblox API Module) https://github.com/rmbolger/Posh-IBWAPI

 

README FIRST:

    https://support.solarwinds.com/Success_Center/Orion_Platform/Orion_Documentation/Orion_Platform_Administrator_Guide/High_Availability_in_SolarWinds_Products/Configure_alerts_for_other_DNS_types 

 

Command to run inside SolarWinds Alert:

    powershell.exe -Command "&((Get-ItemProperty -Path Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SolarWinds\Orion\Core).InstallPath + '/HighAvailability/Scripts/solarwinds-dns-update-infoblox.ps1')" -zoneName ${N=SwisEntity;M=Pool.DnsZone} -hostName ${N=SwisEntity;M=Pool.VirtualHostName} -primaryIpAddress ${N=SwisEntity;M=PrimaryIpAddress} -gridMaster ${N=SwisEntity;M=Pool.DnsIpAddress} 

Update Password:

    To update the password use the 4 commands in powershell below and replace the 

    contents of $SecureStringAsPlainText in this script at line 97 with that of $StandardString

$SecureString = Read-Host -AsSecureString 

$Key = (189,41,23,201,6,35,254,22,1,2,2,29,44,55,37,220,1,34,2,7,6,5,35,42) 

$StandardString = ConvertFrom-SecureString $SecureString -Key $Key 

Write-Host($StandardString)

##################################################################################################################################> 

### This script accepts 3 parameters, $zoneName, $hostName, $primaryIpAddress, and $gridMaster

param ([string]$zoneName, [string]$hostName, [string]$primaryIpAddress, [string]$gridMaster)

### Set the Log Path

$logPath = "C:\ProgramData\SolarWinds\Logs\HighAvailability\swIB-dns-$hostName.log"

### Set the Infoblox API version to be used

$apiVersion = '2.6.1'

### Function to rotate the logs if larger than 1MB, and delete if more than 6 logs

function Rotate-Logs {

  param 

  ( 

    [Parameter(Mandatory=$True)] 

    [string]$logFile 

  ) 

  ### If the current log file is greater than 1MB, continue with rotation

  if ((Get-Item $logfile).length -gt 1MB) {

 

        ### Populate array with possible log file names 

        $rotateFiles = @() 

        For ($i=0; $i -lt 7; $i++) {    

            $rotateFiles += ($logFile + ".$i")

        }

        ### Set iterator

        $i = 6

        ### Sort the log file names

        ForEach($value in ($rotateFiles | sort-object -Descending)) {

            ### If a 7th log file exists, delete it

            if ((Test-Path $value) -and ($value -eq ($logFile + ".6"))) {

                Remove-Item $value 

            }

            ### Iterate through the previously rotated log files and rename them

            if (Test-Path $value) { 

                Move-Item $value ($logFile + ".$i") 

                $i--

                

            } 

        }

        ### Rotate the original log file last

        if (Test-Path $logFile) { 

            Move-Item $logFile ($logFile + ".0")

        } 

   } 

### Get rid of those pesky logs

Rotate-Logs $logPath

### Start logging output

Start-Transcript -Path $logPath -IncludeInvocationHeader -Append

### Import the Infoblox PowerShell module

Import-Module Posh-IBWAPI

    ### Setup our username and password to login to the Infoblox API

    $key = (189,41,23,201,6,35,254,22,1,2,2,29,44,55,37,220,1,34,2,7,6,5,35,42)

    $SecureStringAsPlainText = 'SECURE_KEY_PLAIN_TEXT_HERE'

    $password = ConvertTo-SecureString $SecureStringAsPlainText -key $key

    $username = 'INFOBLOX_USERNAME'

### Create our PowerShell Credentials Object

$credentials = New-Object System.Management.Automation.PSCredential ($username, $password) 

### Set the Infoblox API connection settings

set-ibwapiconfig -host $gridMaster -version $apiVersion -cred $credentials -ignorecert 

### Create the Fully Qualified Name to be updated in Infoblox

$fqdn = $hostName + '.' + $zoneName 

 

    <### If additional troubleshooting is required for this script uncomment this section 

 

    write-host("hostName=$hostname`n 

                zoneName=$zoneName`n 

                fqdn=$fqdn`n 

                gridMaster=$gridMaster`n 

                primaryIpAddress=$primaryIpAddress`n 

                apiVersion=$apiVersion`n 

                logPath=$logPath`n 

                ") 

           

    ###>

### Query the Infoblox API for $fqdn and create an Infoblox Resource Record

$newResourceRecord = get-ibobject -type record:a -filters "name=$fqdn" -fields ipv4addr,name 

### Check if the Resource Records ipv4addr matches that of the Primary Polling Engines, if not update it, else, we're done here

if (-Not ($newResourceRecord.ipv4addr -eq $primaryIpAddress)) {

   

    ### Update the Resource Record and set the object in Infoblox

    $newResourceRecord.ipv4addr = $primaryIpAddress

    $newResourceRecord | set-ibobject

    ### Note that the Resource Record was updated

    write-host("The DNS record `'$fqdn`' has been registered with the new IP `'$primaryIpAddress`'.")

} else {

    ### Note that the Resource Record was not updated

    write-host("The DNS record `'$fqdn`' is already registered with the IP `'$primaryIpAddress`'.") 

### Stop logging output

Stop-Transcript 

  • Great share sum_giais! Typically most customers I've see use HA with InfoBlox use the native built-in TSIG Key method that's under 'BIND DNS'. This works with a wide variety of other 3rd party DNS solutions on the market, not just BIND itself.

  • Wanted to follow up on this, as that was something I initially wanted to do when I set this DR / HA environment up. Unfortunately for political reasons that are no longer a problem I had to utilize other means (at the time) to update the record. Today, I did finally update to using TSIG emoticons_happy.png and it makes my world so much easier.

    Cheers! emoticons_happy.png

  • I was about to implement this script until I read in the Infoblox link you posted that the key needed to be a valid domain name.  That was a huge piece of information and finally allowed me to get TSIG to pass the "test" function in the HA setup wizard.  Solarwinds also uses MD5 encryption when generating the key. The SHA256 key gives an error: Unable to parse TSIG secret; content must be Base64-encoded.  This is not documented anywhere that I could find and Support was unable to answer or provide any meaningful guidance.

    Thank you so much for creating the script and for your update on Jun 12th confirming you had gotten TSIG to work!  I wouldn't have tried again if not for that.