netbox-sync icon indicating copy to clipboard operation
netbox-sync copied to clipboard
verified publisher icon bb-Ricardo

limit scope of finding VMs by MAC address to cluster level and not NetBox wide

Open jhammond-git opened this issue 3 years ago • 8 comments

I am sync'ing multiple clusters that are very similar, just in different locations. Every now and then, I see a VM get renamed and moved around to different clusters such as this:

2022-04-06 14:46:17,662 - INFO: Virtual machine 'TEST_VM_LOC1' attribute 'name' changed from 'TEST_VM_LOC1' to 'TEST_VM_LOC2'

There are subsequent logs for updating the interfaces, IPs, etc... This happens on every run.

jhammond-git avatar Apr 06 '22 20:04 jhammond-git

Can you use -l DEBUG2 and see why the script tries to rename the VM. It must be finding a NetBox object due to some parameters. Do the VMs have the same MAC address?

bb-Ricardo avatar Apr 07 '22 05:04 bb-Ricardo

Oh man, that's a lot of spam.

Yes, the logs now show that it's matching on the MAC address. However, it's matching to a VM in a completely different cluster in a different location with a different name.

jhammond-git avatar Apr 07 '22 21:04 jhammond-git

Can the search for an existing VM be isolated the current cluster it's working on?

jhammond-git avatar Apr 07 '22 21:04 jhammond-git

mmhhhh, good point.

Will have a look into it to narrow it down to the same cluster.

bb-Ricardo avatar Apr 07 '22 21:04 bb-Ricardo

I'm not sure if that's the best way. The MAC address is supposed to be unique within the entire vCenter system (based on the vCenter instance ID). Also, when using VRF/NSX to create independent virtualized networks, MAC addresses can be identical within the same cluster without any issues.

Maybe it might be more useful to isolate MAC address matching using Netbox VRF instances or so?

patschi avatar Jun 04 '23 15:06 patschi

Just curious how the scoping should work. Usually you would try to adapt the VMs which are already configured in your NetBox.

This would also result in a quite complex search strategy. Which implies that the existing NetBox configuration is already quite adequate.

  • get the interface VRF from IP or VLAN
  • get all interfaces which belong to this VRF
  • find a VM with same matching multiple interface configuration and matching MAC addresses

Could also be that this is a way to complex approach.

I would assume 48 bit are enough to form a unique address within a vCenter instance.

bb-Ricardo avatar Jun 04 '23 18:06 bb-Ricardo

@patschi,

Would be interested in your input on this.

bb-Ricardo avatar Jun 19 '23 22:06 bb-Ricardo

I think it's quite difficult to make it working right for everybody, as it might also depend on the use-case.

So within a vCenter instance, the MAC address should be unique (00:50:56:xx:yy) across the vCenter system - the 4th block will depend on the vCenter ID set. It should be unique even across clusters on different physical sites, connected to the same vCenter instance (which is not uncommon). [Just a small additional read: https://kb.vmware.com/s/article/1024025]

If you add standalone ESXi installations (without any vCenter), the VMs will have the MAC address 00:00c:29:xx. In this instance I'd say conflicting MAC addresses are fine, as long as they aren't on the same broadcast domain obviously.

But the ESXi hosts might be all added to netbox and cause MAC address conflicts. I'm new to netbox, so not sure how we this can be managed in the best possible way, to fit everybody.

patschi avatar Jun 21 '23 09:06 patschi