Page tree


The Grid connectivity and credentials configuration must be added to the neutron.conf file in Infoblox and infoblox-dc stanzas. The netron.conf file is available at /var/lib/config-data/puppet-generated/neutron/etc/neutron/neutron.confThe Infoblox stanza contains keystone authentication and a list of Grids, and in each, there is an infoblox-dc stanza containing the appropriate configuration for each Grid. Support for multiple Grids is not yet available.


If you use the Driver with Cloud Platform (CP), you should run on the Grid Master. For more information see, Creating Extensible Attribute Definitions and Network View Associations.

For keystone authentication, add an entry for the following configuration:
keystone_auth_uri = <auth_uri>
keystone_admin_username = <username>
keystone_admin_password = <password>

To configure keystone auth version, add an entry for the following configuration:
keystone_auth_version = v3

For keystone version 3, add an entry for the following configuration:
keystone_admin_user_domain_id = <user_domain_id>


For keystone version 3, you can set any one of the following scopes to project level or domain level.

# if authorization is project-level scope add:
keystone_admin_project_name = <project_name>
keystone_admin_project_domain_id = <project_domain_id>

# if authorization is domain-level scope add:
keystone_admin_domain_id = <domain_id>

For TLS support, add the following keystone configuration:
cafile = <cafile>
insecure = <True/False> # default value: False
cert = <cert>
key = <key>

The following table lists general configuration options for the Infoblox IPAM Driver for OpenStack Neutron:

keystone_auth_uriThe OpenStack keystone authentication URI
keystone_admin_usernameThe OpenStack keystone admin user name
keystone_admin_passwordThe password of keystone admin user
keystone_auth_versionThe OpenStack keystone version


The tenant name of keystone admin user


The User Domain ID of keystone admin user


The project name of keystone admin user


The project Domain ID of keystone admin user


The Domain ID of keystone admin user
cafileCA certificate bundle file for keystone authentication
insecureDisable server certificate verification
certClient certificate bundle file for keystone authentication
keyClient certificate key file for keystone authentication

An integer ID used for the data center. This is used to form the stanza name for the rest of the options. If you have multiple instances of OpenStack sharing the same Infoblox Grid, this ID needs to be unique across the instances. The ID should begin with 1 and increment by 1 as you add another OpenStack instance. This ID is used to generate a unique ID for a network view that is cached in the neutron database. Starting it with a very high number may exceed the max length of a network view ID.


The IP address, hostname, or FQDN of the Grid Master (GM). Proxying is supported so this does not have to be the exact IP or hostname of the GM if you have a situation where you cannot reach the GM directly in your network. It can be any connection information that proxies to the GM.


The name of the Grid Master (GM). This has to be the exact GM name registered in the Infoblox Grid.

admin_user_nameThe user name to use for the WAPI
admin_passwordThe password to use for the WAPI

The WAPI version to use. Supported versions: WAPI version 2.5 and later; NIOS 8.1.0 and later.


The WAPI version cannot be greater than 2.9 for RHOSP 13


The maximum number of objects to be returned by WAPI. If this is set to a negative number, WAPI returns an error when the number of returned objects exceeds the setting. If this is set to a positive number, the results will be truncated when necessary. The default is -1000. If you experience the “Result set too large” error, increase this value.


Set to false if you use a self-signed SSL certificate, and true if you use a certificate signed by a known certificate authority. You can also set this to a path to a certificate file so that verification will be done even for a self-signed certificate. Using a value of False in a production environment is not secure.


Optional parameters to control the HTTP session pool

Additionally, the ipam_driver option must be set in neutron.conf to “infoblox”.


These settings must be done on each controller that runs the Neutron service.

ipam_driver = infoblox
notification_driver = messagingv2
notification_topics = notifications

cloud_data_center_id = 1
keystone_admin_project_domain_id = default
keystone_admin_user_domain_id = default
keystone_admin_domain_id = default
keystone_admin_username = admin
keystone_admin_password = infoblox
keystone_auth_uri =
keystone_auth_version = v3
cafile = /opt/stack/data/ca-bundle.pem
insecure = False
key = <key>
cert = <cert>

grid_master_host =
grid_master_name =
admin_user_name = admin
admin_password = infoblox
wapi_version = 2.7
wapi_max_results = -50000

If a Cloud Platform (CP) member is part of the NIOS Grid, then create a user with cloud-api-only user group and configure the user as described in the section Configuring a User. Update neutron.conf as follows:
grid_master_host =
grid_master_name =
admin_user_name = cloud-api-only_user_name
admin_password = cloud-api-only_user_password
wapi_version = 2.7
wapi_max_results = -50000

If you want to use CP members only, use the CP Members Host IP address in the grid_master_host field.
grid_master_host = x.x.x.x(CP Host IP)
grid_master_name = (grid_master_hostname)
admin_user_name = cloud-api-only_user_name
admin_password = cloud-api-only_user_password
wapi_version = 2.7
wapi_max_results = -50000

  • No labels

This page has no comments.