After you pre-provision Grid members as described in Pre-Provisioning NIOS and vNIOS Appliances, you can join the pre-provisioned members to the Grid either manually by using CLI commands or automatically by using cloud-init in case of vNIOS members.

To join pre-provisioned members to a Grid, review the Guidelines for Joining Pre-Provisioned Members to the Grid and complete the following steps:

1. Obtain and install the licenses that you specified when pre-provisioning the member. For more information about licenses, see Managing Licenses in NIOS 9.0.0 and Managing Licenses in NIOS 9.0.1 and Later.

2. Generate a token required for the Grid member to authenticate itself and join the Grid as defined in the Generating Tokens for Grid Members section.

3. Join the pre-provisioned member to a Grid as follows:

   1. For NIOS and vNIOS members, join the member by using the CLI commands defined in the Using CLI Commands to Join Grid Members section.

   2. For vNIOS members, use cloud-init to automatically join the member to the Grid as defined in the Using Cloud-Init to Join Pre-Provisioned vNIOS Members section.

4. Verify that the Grid member has successfully joined the Grid as described in Viewing Status.

NIOS also includes a full set of APIs for pre-provisioning, deploying, and de-provisioning vNIOS appliances, making it simple to add or remove DNS or DHCP capacity on-demand to meet changing infrastructure requirements, which is critical for realizing the benefits of dynamic cloud environments.

Generating Tokens for Grid Members

Before you can allocate licenses to a pre-provisioned member, you must request a one-time token from the Grid Master. This token allows the member to register and authenticate itself to the Grid Master before a specified date and time (the default is 60 minutes from the time you generate the token). When the token is not used after the expiration date and time, it becomes invalid and you must generate another token for the member. You can configure the token usage timeout so the appliance can send syslog messages to alert you about the unused token. For information about how to set the token usage timeout value, see Configuring Token Usage Timeout.
Using a one-time token eliminates the need for the Grid Master credentials to be exposed to other Grid members and the CMP (Cloud Management Platform) in the case of cloud implementation. Note that only superusers can generate and view the token for a pre-provisioned Grid member.

To generate a token through Grid Manager, complete the following steps:

1. From the Grid tab, select the Grid Manager tab -> Members tab.

2. Click the Action icon  next to the pre-provisioned vNIOS member and select Generate Token from the list.

3. In the Your Permission Token dialog box, the appliance displays the token and the Expiration Date of the token. Use this token to join the pre-provisioned member to the Grid.
   Note that you must generate a new token for the member if the token is not used before the expiration date.

Configuring Token Usage Timeout

You can configure the appliance to send syslog messages to alert you about an unused token that has been generated for a pre-provisioned member. Depending on the timeout interval you configure, the appliance sends a syslog message for each timeout interval until the token expires.
To configure the token usage timeout value:

1. From the Grid tab -> Grid Manager tab, click Grid Properties -> Edit from the toolbar.

   1. In the Grid Properties editor, select the General tab -> Basic tab and complete the following:

   2. Token usage timeout: Enter the time interval (in minutes) for which the appliance sends a syslog message to alert you about the unused permission token for a pre-provisioned member. For example, if you enter 5 here, the appliance sends a syslog message every five minutes. The default is 10.

2. Save the configuration.

Using CLI Commands to Join Grid Members

Before joining the pre-provisioned member to a Grid, ensure that you have installed the licenses specified for the pre-provisioned member and generated a token for the member, as described in Generating Tokens for Grid Members.

If for any reason, the automated process of using cloud-init to join pre-provisioned members to a Grid does not function properly, you can use the CLI commands defined in this section to join the members to the Grid.

To join a pre-provisioned NIOS or vNIOS member to a Grid, complete the following steps:

1. Access the Infoblox CLI.

2. Sign in using the default user name and password, admin and infoblox. User names and passwords are case-sensitive.

3. To change the network settings from the default, enter the set network command. Then enter information as prompted, to change the IP address, netmask, and gateway for the LAN1 port.
   Infoblox > set network
NOTICE: All HA configuration is performed from the GUI. This interface is used only to configure a standalone node or to join a grid.
Enter IPv4 address [Default: n.n.n.41]: <Enter the LAN1 port IP address>
Enter netmask: [Default: 255.255.255.0]: <Enter the LAN1 port netmask>
Enter gateway address [Default: n.n.n.1]: <Enter the gateway IP address>
NOTICE: Additional IPv6 interface can be configured only via GUI.
Become grid member? (y or n): n

   Note that you must enter n to use a token to join the Grid.
   If you enter y, the member becomes a Grid member and you will not be able to set token and join the pre-provisioned member to the Grid.
   
   

4. Use the set token on command to set the member token, the Grid Master IP address and certificate to the token file. Following is an example:
   Infoblox > set token on
Enter GM-IP [Current: not defined]: <Enter the Grid Master IP address>
Enter Token [Current: not defined]: <Copy token from the Your Permission Token dialog in Grid Manager>
New Token Settings:
GM-IP: 1.1.1.1
Token: b25lLnZpcnR1YWxfbm9kZSQx
Is this correct? (y or n): y
Do you want to download the certificate from GM and validate (y or n): y
Is this correct and valid (y or n): y
Are you sure to apply and save settings to file?: y
The token and certificate are saved.
   
   

5. To verify the token:
   Infoblox > show token
   The CLI displays the current token setting and certification information. Verify this information.

   Note that if any information is incorrect, use set token off to remove the token file.

6. Use the set token join command to register the Grid member before joining the member to the Grid. Once the member joins the Grid, the token becomes invalid as you can use the token only once.
   Infoblox > set token join
Are you sure to start Member registration Client? (y or no): y
Starting Member registration Client...
Connecting...
   For information about the licenses supported in NIOS, see see Managing Licenses in NIOS 9.0.0 and Managing Licenses in NIOS 9.0.1 and Later.

Using Cloud-Init to Join Pre-Provisioned vNIOS Members

NIOS provides the capability to automatically deploy the pre-provisioned vNIOS appliances by using cloud-init for IPAM (IP Address Management), DNS, and/or DHCP. When you use this capability, licenses are automatically installed on the newly spun-up instances during the process of joining the member to the Grid as long as you have the correct temp licenses installed for the vNIOS model that you plan to deploy. For example, you can install a IB-V1526 license on a IB-V1516. If there are no licenses specified in cloud-init, the Grid Master notifies you with an error message (for Cloud Platform Appliances, the API calls fail).

Infoblox supports automatic pre-provisioning of members for Software ADP profiles on the supported platforms and provides the following licenses: Threat Protection (Software add-on) and Threat Protection Update. For more information about Software ADP profiles, see Configuring Threat Protection Profiles. Threat protection members use management port for IPv4 and IPv6 communication with the Grid. Infoblox supports cloud API calls for such members to join the Grid using MGMT port and VPN on the MGMT port. To know more about using the MGMT port, see Using the MGMT Port.

Grid Manager displays licenses on the Grid tab -> Licenses tab. You can view license information for all licenses on the Member tab.

Using a cloud-init Template to join a Grid member

You can use the following cloud-init template to join an IB-V815 member instance to a Grid:

#infoblox-config remote_console_enabled: y default_admin_password: infoblox
temp_license: nios IB-V815 dns dhcp enterprise sw_tp tp_sub

lan1:
v4_addr: 10.2.0.140
v4_netmask: 255.255.255.0
v4_gw: 10.2.0.1

mgmt:

gridmaster:

CERTIFICATE-----MIIDdzCCAl8CEBgaTP/XX2lAxDokwClJub4wDQYJKoZIhvcNAQEFBQAwejELMAkGA1UEBh
MCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMISW5mb2Jsb3gx FDASBgNVBAsTC0VuZ2luZWVyaW5nMRkwFwYDVQQDExB3d3cuaW5mb2Jsb3guY29tMB4XDTE3MDMwNTE0NTE1M1 oXDTE4MDMwNTE0NTE1M1owejELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1
bm55dmFsZTERMA8GA1UEChMISW5mb2Jsb3gxFDASBgNVBAsTC0VuZ2luZWVyaW5nMRkwFwYDVQQDExB3d3cuaW 5mb2Jsb3guY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRf7VSVyYgRZCsdEgqU5m531Pk0H qOlZ5CqWrcyGiKDYrbByPGATWSOKcQ9opUMj7VF3vttXOoY/f2pI8OAKrOr8ADWh70fqXFDWFAYsxGmP0dkFTd NajI0reIrlYE0tF3FTBOZiXixfTUsI0hX96xNMU/0tHptloQxXz9+Uolf7ovFi6D0QBwjtBHmcVYhIJh0CfRUm MsIZgCupKVfwXNo3BMQfyNKsePjfVvoxCWTXF+KfAv3JSOOARbwuAZiYcMl2rdKb+8vBq4+IaMwr83QaJV8cph Ahyt5s7PebgS+GJLWzcIdUXSecDl3HEpJxLMnV0ko8ZByN5T4mywz6GQIDAQABMA0GCSqGSIb3DQEBBQUAA4IB
AQCWYwlB8Z5usHU0HL2WgyMkAZW8PYsjQNlv/aI/0kEkiJsvZc5H72frgbTA+whnz/CqsRu8Rd06VEi+3UqR7n
+0wRwSL6gWmlVBLNP3BZfsTKn0Bhd89hzUrSGtK07xF/kY2qUEb6LnJ91B1O46h7LUJutmzSPK2w10yY295kLe NhQgG35oMWgztc7II6V7ViTnkqzEPWxILV0W1odIAodG46eycOCu5NPRWpN/FRn9gzSvL03YilJ4d/bii31s0S BZumFP+Q5e0i7bcElTmmhy5gsweITpfybUrFZAhXNs09832Ej11Q3lVKL42IDsiXTKIFwbG+cNM7b7zfC0Oj81
----END CERTIFICATE

You can use the following OpenStack cloud-init template to join an IB-V1415 member instance to a Grid:

#infoblox-config remote_console_enabled: y default_admin_password: infoblox
temp_license: nios IB-V1415 dns dhcp enterprise sw_tp tp_sub
#temp_license: nios IB-FLEX

lan1:

ha:

mgmt:

gridmaster:

CERTIFICATE-----MIIDdzCCAl8CEChqLtGPEl/kEVjEE488HtkwDQYJKoZIhvcNAQEFBQAwejELMAkGA1UEBh
MCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMISW5mb2Jsb3gx FDASBgNVBAsTC0VuZ2luZWVyaW5nMRkwFwYDVQQDExB3d3cuaW5mb2Jsb3guY29tMB4XDTE3MDIyMjA5MDEyOV oXDTE4MDIyMjA5MDEyOVowejELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1 bm55dmFsZTERMA8GA1UEChMISW5mb2Jsb3gxFDASBgNVBAsTC0VuZ2luZWVyaW5nMRkwFwYDVQQDExB3d3cuaW 5mb2Jsb3guY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA02LEbIeAjjRZhBQSsPRIMoeR6GZC
SftQV+DPHPQAmvzPeJqaH8obCcRi6pfrPToxTKRCde7W87Tdy/uurZVXbJNWdtW7xhfelFVmdFuUGR+PId7oJd nd9qmBLmUUPRniQDkk5pM8+g+olWjXPv2yn+zad+LaZpXUslP7TSfVvIeo6t2lwsUUxyozUnGLN9Pm91u/k/pz Cog2e+3y/F2WPYQzmAC5KU5vY8Rl8iX8z/03eHhnVFITSrk15xgE5IQtlJG5C/RksFt/b5gcAFqh/7yUhCPvW2 pd8/xw/caXsY2nFUC1b3jgUg+EfXpXE7EMD/thxqkhMNNK9GOhPrbVdQIDAQABMA0GCSqGSIb3DQEBBQUAA4IB AQBiTz2cbVfUHIoQiLefSaf5Yv1fM6AyZ/sjPlVjYa0DBOdn4n1iiIL0tibPML3v3SVd2suAFPLmZdf1XTqkaT rN8SLE0RR7fS/7Nz7eibPlXWGgeY6se8Br9cLWm+1AP7ugAPvjSZxBn87Spz6BfZKQ7L1NKHeqfu0UDuUvv2rO tdlbRSHhb0INmm20LlMmLwmLxTCg/o7W2YaJa9lggyzz20oaZHGD1dLEP+mh2TsRyX/fxXYpwiAvmZ/VkccLgC xcj/fU44hxLfFa+Ibz5sjYp1gExYfGFwUBDuf/7ftrBNh90qcXzXncrQAebGBHhRYtsDpRnpWH+qGAzTdJXTm8
---END CERTIFICATE---

To configure an IB-FLEX Grid Master using the Flex Grid Activation license, you can use the following cloud-init template:

#infoblox-config

remote_console_enabled: y
hardware_type: IB-FLEX
temp_license: flex_grid
lan1:

mgmt:

lan2:

mac: