Managing NSX Manager Network Settings via Rest API

In this post we will learn how can we configure some of the network settings like DNS/Syslog and NTP configurations in NSX manager via Rest API.

We can do all this from NSX manager GUI also but if you are thinking about automating NSX manager deployment, then these Rest API knowledge can be pretty handy for configuring the appliance post its deployment.

Lets get started.

Query Network Settings

Below API query will give you an overview of NSX Manager IP settings, Hostname, DNS settings and domain name

# curl -k -u “admin:adminpwd” -X GET https://nsxmgr.alex.local/api/1.0/appliance-management/system/network/ | xmllint –format –

<?xml version="1.0" encoding="UTF-8"?> <network> <hostName>nsxmgr</hostName> <domainName>alex.local</domainName> <networkIPv4AddressDto> <ipv4Address>192.168.109.6</ipv4Address> <ipv4NetMask>255.255.255.0</ipv4NetMask> <ipv4Gateway>192.168.109.1</ipv4Gateway> </networkIPv4AddressDto> <dns> <ipv4Address>192.168.109.2</ipv4Address> <domainList>alex.local</domainList> </dns> </network> read more

NSX Certificate Management Using Rest API

In this post We will learn how to view generate self-signed certificate for NSX and replace the certificates after getting them signed from CA. We will be doing this via Rest API.

I wrote a post in past on how to replace SSL certs for NSX from GUI. In this post I am trying to achieve the same via Rest API

Following are the API queries which you need to execute in order to generate and replace certs.

Generate CSR Certificate

# curl -k -u “admin:Telstra@123” -d @csr.xml -X PUT https://nsxmgr.alex.local/api/1.0/appliance-management/certificatemanager/csr/nsx

<?xml version="1.0" encoding="UTF-8"?> <csr> <algorithm>RSA</algorithm> <keySize>4096</keySize> <subjectDto> <commonName>nsxmgr.alex.local</commonName> <organizationUnit>Cloud</organizationUnit> <organizationName>Alex.Co</organizationName> <localityName>Bangalore</localityName> <stateName>Karnataka</stateName> <countryCode>IN</countryCode> </subjectDto> </csr> read more

Enable Disable HA on Edge GW via NSX Rest API

In this post I will be demonstrating how to enable and disable high availability on NSX edge gateway using Rest API.

If you are new to NSX and do not know what edge gateway high availability means then I would recommend to read this Blog by Gabe Rosas.

We can enable disable high availability on edge gateway from vSphere Web Client by navigating to Home  > Networking & Security > NSX Edges > Selecting Edge > Manage > HA Configuration

Enabling HA on edge gateway will create a new vse vm in vCenter and both VM start exchanging heartbeat and exchanging other configuration etc.

Now we will see how to achieve this via NSX Rest API.

Step 1: Query HA Status

# curl -k -u “admin:AdminPWD” -X GET https://nsxmgr.alex.local/api/4.0/edges/edge-2/highavailability/config | xmllint –format –

<?xml version="1.0" encoding="UTF-8"?>
<highAvailability>
 <version>3</version>
 <enabled>false</enabled>
 <declareDeadTime>15</declareDeadTime>
 <logging>
 <enable>false</enable>
 <logLevel>info</logLevel>
 </logging>
 <security>
 <enabled>false</enabled>
 </security>
</highAvailability>

From the above output we can see HA ha snot been enabled on edge gateway yet.

Step 2: Enable HA

To enable HA on edge gateway, we need to supply few parameter in the request body of the API call. If you are using curl you can create an xml file as shown below and can supply it with API query with -d option. 

<?xml version="1.0" encoding="UTF-8"?> <highAvailability> <version>4</version> <enabled>True</enabled> <declareDeadTime>15</declareDeadTime> <logging> <enable>false</enable> <logLevel>info</logLevel> </logging> <security> <enabled>false</enabled> </security> </highAvailability> read more

Redeploy NSX Edge Gateway Using Rest API

In this post I will demonstrate how to redeploy edge gateway in vCloud Director using Rest API

Disclaimer: This is not any fancy post and I am going to perform very simple task here. Most of you may be already aware of this. This post is for those who are new to API and also a reference post for me for future.

Lets get started.

We have to follow below steps for redeploying an edge gateway using API calls

Step 1: Generate Auth Token

# curl -sik -H “Accept:application/*+xml;version=5.6” -u “admin@system” -X POST https://vcd-b.alex.local/api/sessions | grep auth
Enter host password for user ‘admin@system’:

x-vcloud-authorization: 3fc8a5425f804c9d94eeff04e0272ed7

Step 2: Get Org UUID

# curl -sik -H “Accept:application/*+xml;version=5.6” -H “x-vcloud-authorization:3fc8a5425f804c9d94eeff04e0272ed7” -X GET https://vcd-a.alex.local/api/org/

<Org href="https://vcd-a.alex.local/api/org/58d92de4-4aa5-4a14-9b39-28e1de5e9809" name="Production" type="application/vnd.vmware.vcloud.org+xml"/>

Step 3: Get vDC UUID

# curl -sik -H “Accept:application/*+xml;version=5.6” -H “x-vcloud-authorization:3fc8a5425f804c9d94eeff04e0272ed7” -X GET https://vcd-a.alex.local/api/org/58d92de4-4aa5-4a14-9b39-28e1de5e9809 | grep vdc

<Link rel="down" href="https://vcd-a.alex.local/api/vdc/1c32832c-e4db-48b0-9cfc-116fbb302625" name="Prod-DC" type="application/vnd.vmware.vcloud.vdc+xml"/>

Step 4: Get Edge Gateway UUID

# curl -sik -H “Accept:application/*+xml;version=5.6” -H “x-vcloud-authorization:3fc8a5425f804c9d94eeff04e0272ed7” -X GET https://vcd-a.alex.local/api/vdc/1c32832c-e4db-48b0-9cfc-116fbb302625 | grep edgeGateways

<Link rel="edgeGateways" href="https://vcd-a.alex.local/api/admin/vdc/1c32832c-e4db-48b0-9cfc-116fbb302625/edgeGateways" type="application/vnd.vmware.vcloud.query.records+xml"/>

Step 5: Get Edge Gateway UUID

# curl -sik -H “Accept:application/*+xml;version=5.6” -H “x-vcloud-authorization:3fc8a5425f804c9d94eeff04e0272ed7” -X GET https://vcd-a.alex.local/api/admin/vdc/1c32832c-e4db-48b0-9cfc-116fbb302625/edgeGateways | grep GW_Name

<EdgeGatewayRecord gatewayStatus="READY" haStatus="DISABLED" isBusy="false" name="Prod-GW" numberOfExtNetworks="1" numberOfOrgNetworks="1" vdc="https://vcd-a.alex.local/api/vdc/1c32832c-e4db-48b0-9cfc-116fbb302625" href="https://vcd-a.alex.local/api/admin/edgeGateway/b37b059b-be98-4806-8535-9bbdcd4b6575" isSyslogServerSettingInSync="true"/> read more

Detaching and Deleting Independent Disks in vCloud Director via REST API

Yesterday while working on one of the production issue where we had to deprovision a tenant environment in vCloud Air, I noticed that independent disks were preventing automated deprovision of the environment and the error messages were loud and clear in the log files.

It was a new issue for me so I started reading about independent disks in vCloud Director and want to share few things about this.

First of all independent Disk feature in vCD is completely different from an Independent Disk in vSphere. Independent disks can be shared across multiple vApps/VM’s in vCloud Director. This feature was first introduced in vCD v5.1.

Following quote from vCloud Architecture Toolkit document rightly explains about independent disks

The use of independent disks with vCloud Director allows updates of virtual machines without impacting the underlying data.

The feature is designed to enable users to create virtual disks which can be attached to and detached from virtual machines. There is no functionality to control this feature from the vCD UI and this can be controlled via API’s only. 

When you create an independent disk, it is associated with an organization vDC but not with a virtual machine. After the disk has been created, the disk owner or an administrator can attach it to any virtual machine deployed in that vDC, detach it from a virtual machine, and remove it from the vDC.

Presence of Independent disks in vCD can be seen on navigating to Org > Administration > Org vDC > Independent Disks tab. If you right click on any of the disk you will not see any action window opening. 

0.PNG

In this post I am going to demonstrate how we can detach/delete independent disks from VM via API calls. Lets get started.

For sake of this demonstration, I have used some hypothetical names for Org and Org vDC.

Step 1: Obtain vCD Auth token code

# curl -sik -H “Accept:application/*+xml;version=5.6” -u “admin@system” -X POST https://vCD-FQDN/api/sessions | grep auth

Enter host password for user ‘admin@system’:

x-vcloud-authorization: Auth

Step 2: Locate your Org 

# curl -sik -H “Accept:application/*+xml;version=5.6” -H “x-vcloud-authorization:Auth-X GET https://vCD-FQDN/api/org/

On using the above API call, you will see a href to all your Org that are present in vCD. For your next query chose the href of the org where independent disks are lying.  

<Org href="https://vCD-FQDN:443/api/org/08356307-2939-42d3-a2a2-aeccef6478e4" name="ABC" type="application/vnd.vmware.vcloud.org+xml"/>

<Org href="https://vCD-FQDN:443/api/org/2b729e6f-588e-49c4-964f-89b2e744c075" name="DEF" type="application/vnd.vmware.vcloud.org+xml"/>

<Org href="https://vCD-FQDN:443/api/org/fc432145-f1f3-42f6-a26f-eeb3d306a405" name="GHI" type="application/vnd.vmware.vcloud.org+xml"/>

Step 3: Locate your Org vDC

# curl -sik -H “Accept:application/*+xml;version=5.6” -H “x-vcloud-authorization: Auth” -X GET https://vCD-FQDN:443/api/org/fc432145-f1f3-42f6-a26f-eeb3d306a405 | grep vdc

<Link rel="down" href="https://vCD-FQDN:443/api/vdc/adf0929b-a107-4671-9f85-b629b744c2b7" name="VDC1" type="application/vnd.vmware.vcloud.vdc+xml"/> read more

Replacing vCD SSL Certificates in a Multi Cell Environment

After a long wait I finally got chance to work on vCloud Director ssl certificates. This was the only component in my lab which was still using self-signed certs and that encouraged me to do something new in lab.

A note on vCD SSL certificates

vCloud Director like any other VMware product needs a certificate to be installed on the device that it uses for communication with the other products. By default vCD uses a self-signed certificate. If you have a certificate authority in your environment then you can get the certs created in advance before installing vCloud director and save your self from pain of messing with certificates at later stages. read more

Troubleshooting Failed Org Network Creation in vCloud Director

Today while working in my lab, I observed that while creating a new VDC in vCD was failing because org network failed to create.

On navigating to Org VDC list and clicking on error, it read the error load and clear that org vdc network can’t be created.

vcd-1

On navigating to Org VDC Networks section and clicking on error, I was able to identify what has caused the network creation failure.

vcd-2

The error stack was reading as below:

[ 114db22d-fc14-4c87-9030-36d2316aff8b ] Cannot deploy organization VDC network (f1514426-647e-4a03-a5a9-fafa4d73bb58)
com.vmware.vcloud.api.presentation.service.InternalServerErrorException: Cannot create network “dvs.VCDVSRouted-NW-9ab02973-9ded-4c4b-8826-4a52bdf2d6cf” from VXLAN network pool “urn:uuid:5c9de104-0f40-4cec-898f-985ee1fce1d6”. Make sure vShield Manager infrastructure is properly configured and there are segment IDs available. read more

Troubleshooting Mysterious Catalog Item in vCloud Director

Few days back while working on one of the customer ticket, I came across an incident where customer was reporting that he is not able to see one of his template in his catalog. He sent the VM via ODT to vCloud Air to be imported in his catalog.

I verified that VM was missing from catalog but was present in vCenter. I tried to import the VM again in Catalog by selecting the option “Import from vSphere” but to my surprise the VM was showing up in the list for selection.

corpsql01 not listing

I have never seen such behaviour in VCD. Even if import of template is failed midway, the item is listed in catalog with a question mark against it and status of item reads as “failed to create read more

RabbitMQ Clustering

In last post of this series we learnt how to install/configure RMQ for vCloud Director. This post is extension of my last post where I will be adding one more node to my RMQ setup to form a cluster for high availability.

What data is replicated in a RMQ Cluster?

All data/state required for the operation of a RabbitMQ broker is replicated across all nodes. An exception to this are message queues, which by default reside on one node, though they are visible and reachable from all nodes. To replicate queues across nodes in a cluster, see the documentation on high availability read more

Installing RabbitMQ for vCloud Director

In this post we will learn how to install RMQ for vCloud Director. Before jumping into any lab activity, lets learn first what is RabbitMQ nd why we need it.

What is RabbitMQ?

RabbitMQ is an open source message-queuing software which helps in facilitating message exchange between 2 or more applications. The exchange of messages is done via queue which is defined by administrator. An application can publish a message to the queue which can be retrieve or consumed by a different application. read more

vCloud Air Disaster Recovery- Performing Reverse Replication (Failback)

In last post of this series,we learnt about Recovery options available with vCloud Air Disaster Recovery and we discussed about Test recovery and actual recovery and saw the use case for both type.

In this post we will discuss about failback of a VM (which is recovered in vCloud Air) to on-premise. If you have landed straight to this post accidentally then I will urge you to check out previous blog posts which I have wrote on vCloud Air Disaster Recovery.

vCloud Air Disaster Recovery Solution (DRaaS) read more

vCloud Air Disaster Recovery Failover

Disaster Recovery to vCloud Air is now a tested and reliable solution and helps customer to replicate their critical workloads to vCloud Air so that in event of Disaster in on-premise, customer can recover their workloads and continue their operation without much impact to business.

In this post we will learn how to recover VM’s in vCloud Air in event of disaster or in case when scheduled maintenace is planned in on-premise. For those who are not much familiar with what is vCloud Air Disaster Recovery solution, I urge you to read about that from below links: read more

VM replication state going to ‘Not Active’ as soon as vm is configured for replication

After a long back I dived into my lab yesterday and was working again on setting up DR to vCloud Air.I have wrote few blog posts in past on vSphere Replication and DR to vCloud Air using VR. If you are interested in reading those posts, you can read them from below links

1: Replicating and Recovering VM’s using vSphere Replication

2: Disaster Recovery with vcloud Air

3: Replicate VM to vCloud Air using vSphere Replication

This time in my lab I noticed that all my VM’s replication state were going to ‘Not Active’ as soon as its configured for replication. This was a brand new setup and I was sure that I followed all required steps in deploying and configuring the replication appliance. This was strange as I never faced this issue before. read more

Learning Apache Cassandra-Part-5-Getting Familiar With Nodetool

In last post of this series we learnt about how to add nodes in a cassandra cluster. If you have missed earlier posts of this series

then you can read them from below links:

1: Introduction to Cassandra

2: Understanding Cassandra Read/Write Mechanism

3: Installing Cassandra on RHEL6

4: Adding Node To Cassandra Cluster

In this post we will explore nodetool and will see how we can manage a cassandra cluster using nodetool utility.

What is nodetool?

The nodetool utility is a command line interface for managing a cluster. It provides a simple command line interface to expose operations and attributes available with cassandra. read more

Learning Apache Cassandra-Part-4-Adding Node To Cassandra Cluster

In last post of this series we learnt how to install cassandra on Rhel 6. In this post we will look into additional configuration parameter that is needed to configure in order to facilitate other nodes to join the cassandra cluster.

If you have missed earlier posts of this series then you can read them from below links:

1: Introduction to Cassandra

2: Understanding Cassandra Read/Write Mechanism

3: Installing Cassandra on RHEL6

At the moment we have one node cassandra cluster. Before going ahead and installing cassandra on other nodes, we will first perform following configuration changes in cassandra.yaml file. read more