====== vDiscovery ======
For NIOS vDiscovery to work with ESXi and to add DNS names to discovered objects, we need the Cloud Network Automation licence and the NIOS Grid must have the DNS zones added (even if the zones are not assigned to any appliance and even if Infoblox is not actually used for DNS). Otherwise, we just detect if the IP addresses are in use or not. We also need to create the networks in advanced. If we don't, the data doesn't get added.

The current vDiscovery feature supports tenants, networks, and compute VMs only. It does not support data that is retrieved from load balancer networks, load balancer VMs, Kubernetes platform VMs, application gateways, service VMs, SQL VMs, or any other VMs that are created using cloud services such as Kubernetes service or analytics service, where the IPAM is handled by the respective orchestration engines of the cloud provider. Note that if the vDiscovery job retrieves unsupported data from AWS, Azure, or GCP, then it impacts the performance of the vDiscovery process.

[[https://docs.infoblox.com/space/vniosazure/37486690/Performing+vDiscovery+on+VNets|Discovery in Azure]]

===== Performance =====
TE-2215 with NIOS 8.6.3 (where new AWS sync engine was released) can syn thousands of zones across hundreds of different VPCs.

===== Best Practice =====
Infoblox also recommends that you select “The tenant’s network view” as the network views for both public and private IP addresses. [[https://docs.infoblox.com/space/vniosazure/37781576/Adding+vDiscovery+Application+as+a+New+User|source]]

Azure [[https://learn.microsoft.com/en-us/azure/virtual-network/concepts-and-best-practices|best practice says]] to not have a subnet match its VNet CIDR.
  * Your subnets shouldn't cover the entire address space of the virtual network. Plan ahead and reserve some address space for the future.

===== VMware =====
  * You can run vDiscovery against VMware VCentre
  * If you run vDiscovery against VMware where a VM is powered off, the powered off VM will be ignored.
  * If you run vDiscovery against VMware where a VM does NOT have VMware Tools installed, VMware won't be aware of the VM's IP address and vDiscovery will ignore the VM with error message ''VM: <serial number> (name: <name>) has been ignored''

===== DNS Variables =====
There is a [[https://docs.infoblox.com/space/nios90/280273510/Configuring+vDiscovery+Jobs|documented list]] of available variables for use with DNS naming
  * vm_id
  * vm_name
  * discovered_name
  * tenant_id
  * tenant_name
  * subnet_id
  * subnet_name
  * network_id
  * network_name
  * vport_name
  * ip_address
  * ip_address_octet1 or 1
  * ip_address_octet2 or 2
  * ip_address_octet3 or 3
  * ip_address_octet4 or 4
===== Troubleshooting =====
==== SSL Issues ====
<code>SSL error ([SSL failure]: SSL Certificate verification failed)</code>
Either the root CA and intermediate CA certificates have not been imported into NIOS (e.g in internal, VMware environments using internal PKI) or the root CA and intermediate CA certificates do not follow RFC 5280 which demands keyUsage extension MUST be present.
==== NTP Issues ====
The following error messages were seen when the NIOS system was 15+ minutes out of date.
  * Facility: ''user''
  * Level: ''Error''
  * Server: ''aws_r53_task_executor_ctl[]''
<code>AWSR53: SignatureDoesNotMatch, Signature not yet current: 20230712T103536Z is still later than 20230712T094129Z (20230712T093629Z + 5 min.)</code>

  * Facility: ''user''
  * Level: ''Warning''
  * Server: ''aws_r53_task_executor_ctl[]''
<code>AWSR53:Error Non successful AWS API request, code: 403, response: {u'error_response': {u'request_id': u'27779245-74fd-4343-a681-dadaf853a0b1', u'error': {u'message': u'Signature not yet current: 20230712T103536Z is still later than 20230712T094129Z (20230712T093629Z + 5 min.)', u'code': u'SignatureDoesNotMatch', u'type': u'Sender'}}}</code>
<code>Line parsing error: Invalid month value. Original line: DriverOtherError: [Error while trying to collect cloud data]: AWSIAMDataCollector: Action GetUser failed: http_status_code=403 aws_err_code=SignatureDoesNotMatch aws_err_message=Signature not yet current: 20230712T103405Z is still later than 20230712T094958Z (20230712T093458Z + 15 min.)</code>


==== Error SSL Cert ====
  * Facility: ''user''
  * Level: ''Info''
  * Server: ''cdiscovery_executor[]''
  * Message: <code>Complete discovering for task name: ESXi, result: [SSL failure]: SSL Certificate verification failed</code>

==== Start vDiscovery ====
  * Facility: ''user''
  * Level: ''Info''
  * Server: ''cdiscovery_executor[]''
  * Message: <code>Start discovering for task name: ESXi; driver type: VMWARE; FQDN or IP: esxi.staffordnet.uk; port: 443; protocol: HTTPS; member: ns1.example.uk</code>
  
  
==== vDiscovery Job Finished with Warning ====
  * Facility: ''user''
  * Level: ''Warning''
  * Server: ''cdiscovery_executor[]''
  * Message: <code>Processing discovered data completed with warnings for task name: AWS-London; driver type: AWS; FQDN or IP: ec2.eu-west-2.amazonaws.com; port: 443; protocol: HTTPS; member: ns1.example.uk</code>
  
==== User Started vDiscovery Job ====
  * Facility: ''daemon''
  * Level: ''Notice''
  * Server: ''httpd[]''
  * Message: <code>2023-07-12 09:49:23.686Z [bstafford]: Called - VDiscoveryControl: Args action="START",task=VDiscoveryTask:ESXi</code>



==== Overview of AWS Discovery Log Flow ====
  * Facility: ''User''
  * Level: ''Info''
  * Server: ''cdiscovery_executor[]''
  * Message: <code>Start discovering for task name: AWS-London; driver type: AWS; FQDN or IP: ec2.eu-west-2.amazonaws.com; port: 443; protocol: HTTPS; member: ns1.example.uk</code>
  * Message: <code>Complete discovering for task name: AWS-London, result: DISCOVERY_COMPLETE</code>

  * Facility: ''User''
  * Level: ''Info''
  * Server: ''cdiscovery_aggregator[]''
  * Message: <code>Start processing discovered data for task name: AWS-London; driver type: AWS; FQDN or IP: ec2.eu-west-2.amazonaws.com; port: 443; protocol: HTTPS; member: ns1.example.uk</code>
  * Message: <code>Network: 10.10.10.0/24 (network view: default) has been updated</code>
  * Message: <code>Number of NETWORK has been processed : Created: 0; Updated: 10; Deleted: 0; Ignored: 2; Tags skipped due to missed EAs: [u'Name']</code>
  * Message: <code>Number of IP has been processed : Created: 0; Updated: 0; Deleted: 0; Ignored: 0</code>
  * Message: <code>Number of VM has been processed : Created: 0; Updated: 0; Deleted: 0; Ignored: 0</code>
  * Message: <code>No tags. return.</code>
  * Message: <code>Number of TENANT has been processed : Created: 0; Updated: 1; Deleted: 0; Ignored: 0</code>
  * Message: <code>Finish synchronize DNS for events: Created: 0; Updated if needed: 0; Deleted: 0; Ignored: 0</code>

  * Facility: User
  * Level: Info
  * Server: cdiscovery_aggregator[]
  * Level: Warning
  * Message: <code>Ignoring object Network: 10.11.11.0/25 (network view: default) : The network 10.11.11.0/24 must not have any active IP address outside the network you are creating.</code>
  * Message: <code>Processing discovered data completed with warnings for task name: AWS-London; driver type: AWS; FQDN or IP: ec2.eu-west-2.amazonaws.com; port: 443; protocol: HTTPS; member: ns1.example.uk</code>
===== Troubleshooting =====


[[https://support.infoblox.com/s/article/8916|KB article with error explanations]]
When you see an error message, the GUI may not say what has gone wrong. Get the support bundle 


Extract infoblox.log

<code>tar xvzf <supportbundlename> active_node_supportBundle.tar.gz</code>
<code>tar xvzf active_node_supportBundle.tar.gz infoblox.log</code>
  
  
  
Discovery jobs data processed on the GM (may be zero if not GM bundle)
<code>egrep -ai "cdiscovery_aggregator.*Start processing discovered data" infoblox.log | awk '{print $(NF-13)}' | sort | uniq | wc -l</code>

VPCs Overlapping within discovered dataset
<code>egrep -aic "cdiscovery_aggregator.*Overlapped VPCs encountered.* entire discovered dataset discarded.*within discovered dataset" infoblox.log</code>

VNETs Overlapping with existing NIOS objects
<code>egrep -aic "cdiscovery_aggregator.*Overlapped VNETs encountered.*entire discovered dataset discarded.*with existing NIOS objects" infoblox.log</code>

VPCs Overlapping with existing NIOS objects
<code>egrep -aic "cdiscovery_aggregator.*Overlapped VPCs encountered.*entire discovered dataset discarded.*with existing NIOS objects" infoblox.log</code>

Subnets with CIDR equal to the Virtual Network CIDR are not supported errors
<code>egrep -aic "cdiscovery_aggregator.*Subnets with CIDR equal to the Virtual Network CIDR are not supported" infoblox.log</code>

Network view cannot be created log messages as there is no associated project/tenant)
<code>egrep -aic "cdiscovery_aggregator.*some network views can't been created as they dont have a project/tenant id associated with it" infoblox.log</code>

Network view unavailable log messages
<code>egrep -aic "cdiscovery_data_event.*Skip process network Network.*network view unavailable" infoblox.log</code>

Network view id missing log messages
<code>egrep -aic "cdiscovery_data_aggregation.*A required network_view_id is missing" infoblox.log</code>

Error while processing IP address log messages
<code>egrep -aic "cdiscovery_data_event.*Error while processing" infoblox.log</code>

Parent Network missing log messages
<code>egrep -aic "cdiscovery_aggregator.*Cannot find the parent network for the fixed address" infoblox.log</code>

Bad Syntax errors (likely due to network_component_port_id string being too long)
<code>egrep -aic "cdiscovery_aggregator.*Bad Syntax" infoblox.log</code>

Duplicate Object errors
<code>egrep -aic "cdiscovery_aggregator.*ERROR: Duplicate object" infoblox.log</code>