Document toolboxDocument toolbox

Managing a Master Grid

Owned by Panna .
Oct 03, 2024
6 min read

After you configure a Multi-Grid Master and add members, you might need to perform the following tasks:

Changing the Master Grid Properties

You can change some properties, such as the Master Grid name, its shared secret, and the port number of the VPN tunnels that the Master Grid uses for communications. Note that changing the VPN port number, time zone, date or time requires a product restart.

To modify the properties of a Master Grid:

  1. From the Master Grid tab, expand the Toolbar and select Master Grid Properties -> Edit.
  2. In the Master Grid Properties editor, select the General tab, and then modify any of the following:
    • Master Grid Name: Type the name of the Master Grid. The default name is Infoblox.
    • Shared Secret: Type a shared secret that all Master Grid members use to authenticate themselves when joining the Master Grid. The default shared secret is test.
    • Shared Secret Retype: Type the shared secret again to confirm its accuracy.
    • Time Zone: Choose the applicable time zone from the drop-down list.
    • Date: Click the calendar icon to select a date or enter the date in YYYY/MM/DD format.
    • Time: Click the clock icon to select a time or enter the time in HH:MM:SS format. For afternoon and evening hours, use the integers 13-24.
    • Master Grid Communications Port: Type the port number that the members use when communicating with the Multi-Grid Master through encrypted VPN tunnels. The default port number is 1194.
    • Enable Recycle Bin: This option is enabled by default and cannot be disabled.
    • Audit Logging: Select one of the following:

      • Brief: This provides information on administrative changes such as the changed object name and action in the log message. The logged message does not show timestamp or admin name.

      • Detailed: This is the default type and is automatically selected. It provides detailed information on all administrative changes such as the date and time stamp of the change, administrator name, changed object name, and the new values of all properties. It provides detailed information on all administrative changes such as the date and time stamp of the change, administrator name, changed object name, and the new values of all properties.
      • WAPI Detailed: This option facilitates to view detailed RESTful API session information logs for successful WAPI calls such as PUT, POST, and DELETE. You can view the following session log information for each successful WAPI call:
        • URI: URI contains certain part of the incoming WAPI request. Example: version of WAPI and the associated object.
        • InData: InData contains input data fields of the incoming WAPI request. Example: Data field of the incoming WAPI request.
        • Response Time: Response time is calculated as the time difference between a WAPI request received and the response sent.
      • Token Usage Timeout: Enter the time interval (in minutes) for which the appliance sends a syslog message to alert you about the unused permission token for a pre-provisioned member. For example, if you enter 5 here, the appliance sends a syslog message every five minutes. The default is 10.
      • Master Grid Communication Mode: Select one of the following: 
        • sub Grid Initiated: Select this to start the joining process from sub Grid to Multi-Grid Master. 
        • MGM Initiated: Select this to initiate the joining process from the Multi-Grid Master to sub Grid.
          For information on Master Grid communication mode, see /wiki/spaces/mgmadminguide/pages/911183060. 
    • In the Grid Properties editor, select the General tab -> click the Advanced tab and select the Enable GUI Redirect from Member checkbox to allow the appliance to redirect the Infoblox GUI from a Grid member to the Grid Master.
  3. Save the configuration.

If you changed the VPN port number, time zone, date or time, Multi-Grid Manager displays a warning indicating that a product restart is required. Click Yes to continue, and then log back in to Multi-Grid Manager after the application restarts.

You can set additional operational properties for the Master Grid. For more information, see /wiki/spaces/mgmadminguide/pages/911183345 /wiki/spaces/mgmadminguide/pages/911183345.

Configuring Security Level Banner

Only superusers are able to configure and enable this banner. You can publish a security banner that indicates the security level of the Infoblox Grid. It appears on the header and footer of all pages of Multi-Grid Manager. The security level can be Top Secret, Secret, Confidential, Restricted, and Unclassified. Each message type is associated with a predefined security level color. You can modify this color at any point of time. Multi-Grid Manager automatically uses an appropriate contrasting text font color that goes with the banner color.

To configure the advanced security level banner for the Multi-Grid Manager:

  1. From the Master Grid tab, select the Master Grid.
  2. Expand the Toolbar and select Master Grid Properties -> Edit.
  3. In the Master Grid Properties Editor panel, select the Security tab -> Advanced tab.
  4. Complete the following:
    • Enable Security Banner: Select this to enable the display of the security banner.
    • Security Level: From the drop-down list, select the security level for the banner.
    • Security Level Color: The default color is displayed in the drop-down list. If necessary using the drop-down list, select the required color for the security level banner.
    • Classification Message: Enter the message you want to display in the security banner. You can enter up to 250 characters.
  5. Save the configuration.

Security banner appears on the header and footer of all pages of Multi-Grid Manager including the Login screen.

Configuring Informational Banner

Only superusers are able to configure and enable this banner. You can publish the informational banner for multiple uses, such as to indicate whether the Infoblox Grid is in production or a lab system. The banner can also be used for issuing messages of the day. The informational level banner appears on the header of the Multi-Grid Manager screen. You can publish the banner information you want and set the banner color. Multi-Grid Manager automatically uses an appropriate contrasting text font color that goes with the banner color.

To configure the advanced informational banner for a Multi-Grid Manager, complete the following:

  1. From the Master Grid tab, select the Master Grid.
  2. Expand the Toolbar and select Master Grid Properties -> Edit.
  3. In the Master Grid Properties Editor panel, select the General tab -> Advanced tab.
  4. Complete the following:
    • Enable informational GUI Banner: Select the checkbox to enable the display of the informational banner message.
    • Banner Color: The default color is displayed in the drop-down list. If necessary using the drop-down list, select the required color for the informational banner.
    • Message: Enter the message you want to display in the informational banner. You can enter up to 250 characters.
  5. Save the configuration.

Informational banner appears on the header of the Multi-Grid Manager.

Removing a Master Grid Member

You might want or need to remove a member from the Master Grid, perhaps to disable it or to add it to a Grid.

To remove a member, from the Master Grid tab, select the Members tab -> master_grid_member checkbox, and click the Delete icon.

Promoting a Master Candidate

To promote a master candidate, you can make a direct serial connection to the console port on the active node of an HA candidate or to the console port on a single candidate. You can also make a remote serial connection (using SSH v2) to the candidate. Enter the following Infoblox CLI command to promote a master candidate: set promote_master.

Note that if the current Multi-Grid Master synchronizes with a Grid during the master candidate promotion, the newly promoted Multi-Grid Master will not have the data that was synchronized during the master promotion. To avoid this, you can disable the Grids before promoting the master candidate and then enable them again after the promotion.

Ensure that you perform the following steps before promoting a master candidate:

  • Validate the user mapping.
  • Disable all sub-Grids connected to the Multi-Grid Master.
  • After the master candidate promotion, enable the sub-Grids.

To promote a master candidate, perform the following:

  1. Establish a serial connection (through a serial console or remote access using SSH) to the master candidate.
  2. At the prompt, enter the command:
    set promote_master
    The appliance restarts. The GUI is unavailable until the master promotion is complete.
  3. Log in to the Multi-Grid Manager GUI on the new Multi-Grid Master.
  4. From the Master Grid tab, select the Members tab.
  5. Look at the IP address of the master in the IP Address column to ensure it is the master candidate that you promoted.
  6. To verify the new master is operating properly, check the icons in the Status column. Also, select the Multi-Grid Master, and then click the Detailed Status icon in the table toolbar.
    You can also check the status icons of the master candidates to verify that they are all connected to the new master.

Note

  • There can be a mismatch in the Grid status when you promote a master candidate during the attach operation.
  • Use CLI command and set mgm attached to force the Grid to attach and synchronize the Grid status.