When changing the IPAM supplier, it is necessary to quickly integrate the new IPAM with other information systems. Our main clients with IPAM are the private cloud on vRealize Automation and the vRealize Orchestrator process automation system. This article describes the implementation of the vRA 8 plugin for phpIPAM.
There is a ready-made plugin for integrating vRA 8 with phpIPAM, however, its capabilities are not enough for use in a productive environment, additional implementation of several key functions is required. Analysis of the source code showed that it is easier and faster to rewrite the entire plugin from scratch.
- The plugin was created in accordance with the documentation for developing integration packages Creating and Deploying a Provider-specific IPAM Integration Package for VMware vRealize Automation ;
- Based on the VMware vRealize Automation Third-Party IPAM SDK development kit ;
- Additional python modules for working with phpIPAM were not used (all requests through the requests module).
Key features of the current version of the plugin:
- User authentication by login/password;
- API token authentication;
- Disabling SSL certificate verification (to bypass an error when importing a chain of self-signed certificates, it is enabled in the plugin settings);
- Filtering the list of available vRA subnets (enabled in the plugin settings);
- Reservation of the first free IP address from the subnet;
- IP unavailability check (ping) before reservation (enabled in plugin settings);
- Checking the absence of a PTR record on the DNS server (enabled in the plugin settings);
- Marking in the IPAM database of IPs that have not passed the test;
- Reservation of static IP passed from vRA;
- Static IP check via ping and comparison by hostname if IP is already reserved in IPAM;
- Get subnet gateway address from IPAM;
- Implementation of the update_record method (passing the MAC address of the VM from vRA to IPAM).
phpIPAM.zip contains the vRA 8 plugin ready for installation and operation. All Python source codes are also available for adapting the plugin to the specifics of your environment.
Installing and updating the plugin
Installing the phpIPAM plugin:
- Go to Infrastructure -> Connections -> Integrations;
- Click Add Integration and select IPAM;
- Go to Manage IPAM Providers and import the plugin from phpIPAM.zip;
- After installing the package, select it in the Provider field;
- Fill in all fields of the form:
- to connect, you need to create an “API key” in phpIPAM with the App security parameter equal to “SSL with App code token”;
- the “Enable subnet filtering” flag enables filtering the list of subnets transmitted to vRA; when filtering is enabled, specify the field name in phpIPAM and its value; fields added manually (Custom fields) in the database are prefixed with “custom_”: i.e. the “vRA” field will be named “custom_vRA”;
- Click Validate to test the connection to the IPAM server;
- If you see the message “Credentials Validated Successfully”, then click Add to complete the plugin setup;
- there is a problem with importing a self-signed phpIPAM certificate when using a chain of certificates, to ignore the error, change the value of the ignoreSslWarning field to true;
- Once installed, the plugin will get a list of available subnets from phpIPAM (phpIPAM_GetIPRanges, runs automatically every 10 minutes);
- To check the status of loading subnets, re-open the configured integration package, the result of loading subnets is displayed in the Status field (the first field on the form).
The plugin is ready to go. Now in the settings of the new IP Range (Manage IP Ranges) you can specify the External source type and select the installed integration package.
- Go to Infrastructure -> Connections -> Integrations and open the connected integration package;
- Go to Manage IPAM Providers and import the archive with the new version of the plugin, if the name of the plugin is the same as one of the installed ones, then vRA will offer to replace the old version of the plugin;
- Fill in the required form fields, validate the Validate connection, and save your changes:
- this item is optional if the connection parameters and settings are not changed.
Monitoring, debugging, logs
During the configuration and operation, the phpIPAM plugin will perform certain actions: ValidateEndpoint, GetIPRanges, AllocateIP, DeallocateIP … vRA allows you to view the operation log and parameters for calling/executing each action:
- Go to Extensibility -> Activity -> Action Runs;
- Select Integration runs from the dropdown on the right;
- To view launch information, select the desired action.