Category Archives: NSX

vRealize Automation 7.3-Simple Installation: Part 2: NSX Deployment and Configuration

By | 31/12/2017

In last post of this series I discussed about my lab setup. In this post we will learn how to deploy and configure NSX.

Last year I did a complete lab on NSX and posted few blog articles on installation and configuration stuffs. So in this post I will not go into much details on NSX stuffs. If you are new to NSX then make sure you read VMware documentation on NSX deployment.

Also you can view below articles from my blogs on NSX.

1: Installing and Configuring NSX

2: Deploying NSX Controllers

3: Preparing Esxi Hosts and Cluster read more

Troubleshooting Edge Gateway Deployment Failure in vCloud Air

By | 23/08/2017

Today while working on one of the production issue, I came across situation where I deployed a new vDC from vCloud Air portal, but after the vDC was created successfully, I was not able to list the edge gateways/org networks for this vDC.

gwt-1

On checking vCloud Director, I found that edge gateway creation failed and was showing below errors:

[ 7267fcbe-194f-47c6-bee1-029a2e445e48 ] Deployment of edge gateway gateway failed.
com.vmware.vcloud.fabric.nsm.error.VsmException: VSM response error (1256006): Operation is not allowed by the applied NSX license.
- com.vmware.vcloud.fabric.nsm.error.VsmException: VSM response error (1256006): Operation is not allowed by the applied NSX license.
 
- VSM response error (1256006): Operation is not allowed by the applied NSX license.

I logged in Web Client and navigated to Administration > Licenses view and was bot able to see any licenses there. This was a bit strange. I understood right at that moment that there is some issue with licensing service.

In our environment we are using vCenter with external PSC, so I logged onto PSC node and found that /storage/log partition was at 100%. In such situation services will start to behave abnormally and can even go to stopped state as they can’t write anything in log files.

Note: I have changed the name of server for security reasons.

psc-fqdn:~ # df -h Filesystem Size Used Avail Use% Mounted on /dev/sda3 11G 2.6G 7.6G 26% / udev 4.0G 164K 4.0G 1% /dev tmpfs 4.0G 32K 4.0G 1% /dev/shm /dev/sda1 128M 38M 84M 31% /boot /dev/mapper/core_vg-core 5.0G 139M 4.6G 3% /storage/core /dev/mapper/log_vg-log 5.0G 5.0G 0 100% /storage/log read more

Configuring Syslog Settings on Edge Gateway in vCloud Air via Rest API

By | 06/08/2017

Recently I deployed syslog server in my vCloud Lab and was looking for a way to send Edge gateway logs to my syslog server. This post in focused on how to configure edge gateway syslog settings. 

VMware vCloud® Air supports the ability for customers to collect information about traffic coming to and from their edge gateway through the use of a syslog server. By configuring edge gateway to transfer log data to your syslog server, you can then set up alerts or notifications and build reports with your preferred tools.

If you do not have ANS subscription in vCloud Air then the only way to configure syslog settings on the Edge gateway is via vCloud API. There is no option available in GUI when you open edge gateway properties from within vCloud Director interface.

When it comes to using Rest API we have variety of choice to use as Rest Client. Some of the common clients include curl, Postman,Mozilla rest Client etc.

I personally prefers curl and postman and in this post I will demonstrate the curl option.

Requirements to Configure Syslog on Edge Gateway:

1: A REST client.

2: vCloud Air credentials.

3: vCloud Air Endpoint/Org name.

4: Configured syslog server and IP address.

Obtaining vCloud Air Endpoint/Org name

You can obtain the endpoint details by logging into vCloud Air portal and navigating to your Org/vDC.

Obtaining vCloud Air supported API versions

List of supported API versions that can be used with vCloud Air can be obtained by firing below command. 

# curl -sik -H “Accept:application/*+xml;version=5.6” -u “mjha@vmware.com” -X GET https://au-south-1-15.vchs.vmware.com/api/versions

You will get a long list of versions as output. Select any one of the version. Also make a note of the login URL. 

<VersionInfo>
 <Version>9.0</Version>
 <LoginUrl>https://au-south-1-15.vchs.vmware.com/api/compute/api/sessions</LoginUrl>
</VersionInfo>

Obtaining Auth Code for vCloud API Login

You need 4 things for generating Auth code for API login

A: Login URL (copy from previous output)

B: API Version: (copy from previous output)

C: Customer Header: Accept:application/*+xml;version=9.0

D: vCloud Air Credentials in format: username@domain-name@org-name

When you have all the 4 info handy, fire below API query to obtain Auth code

# curl -sik -H “Accept:application/*+xml;version=9.0” -u “mjha@vmware.com@bdd75fd4-a319-47d5-b4f2-77aad691488f” -X GET https://au-south-1-15.vchs.vmware.com/api/compute/api/sessions | grep auth

Enter host password for user ‘mjha@vmware.com@bdd75fd4-a319-47d5-b4f2-77aad691488f’:

x-vcloud-authorization: 1e95dc1064aa4083ae79bb617221853e

Now use following API queries in sequence

Find Org Href

# curl -sik -H “Accept:application/*+xml;version=5.6” -H “x-vcloud-authorization:1e95dc1064aa4083ae79bb617221853e” -X GET https://au-south-1-15.vchs.vmware.com/api/org/ | grep bdd75fd4-a319-47d5-b4f2-77aad691488f    

Note: bdd75fd4-a319-47d5-b4f2-77aad691488f is my org name

<Org href="https://au-south-1-15.vchs.vmware.com/api/compute/api/org/4f5feba5-bb82-456e-8898-95d4970f2624" name="bdd75fd4-a319-47d5-b4f2-77aad691488f" >

Find vDC Href

# curl -sik -H “Accept:application/*+xml;version=5.6” -H “x-vcloud-authorization:1e95dc1064aa4083ae79bb617221853e” -X GET https://au-south-1-15.vchs.vmware.com/api/compute/api/org/4f5feba5-bb82-456e-8898-95d4970f2624 | grep vdc

<href="https://au-south-1-15.vchs.vmware.com/api/compute/api/vdc/e89232de-3507-4b66-98d7-8ec25e99c826" name="Manish-VCAP-LAB" >
 

Find Edge Gateway Href

# curl -sik -H “Accept:application/*+xml;version=5.6” -H “x-vcloud-authorization:1e95dc1064aa4083ae79bb617221853e” -X GET https://au-south-1-15.vchs.vmware.com/api/compute/api/vdc/e89232de-3507-4b66-98d7-8ec25e99c826 | grep edge

<href="https://au-south-1-15.vchs.vmware.com/api/compute/api/admin/vdc/e89232de-3507-4b66-98d7-8ec25e99c826/edgeGateways" > read more

vRealize Network Insight-Part-4: Monitoring Infrastructure

By | 23/07/2017

In last post of this series we had a look on how to add data sources and successfully added vCenter server and NSX manager so that vRNI can fetch and provide us necessary information. In this post we will see how we can monitor our infrastructure and how we can improve it based on recommendations generated by vRNI. Let’s get started.

If you have missed earlier posts of this series, you can read them from below links:

1: Introduction to vRealize Network Insight

2: Deploying vRNI Appliance

3: Configuring vRNI read more

Category: NSX

vRealize Network Insight-Part-3: Configuring vRNI

By | 22/07/2017

In last post of this series we had a look on deployments steps of the Platform and Proxy VM. In this post we will configure the vRNI deployments and will see what kind of data the dashboard presents to user.

If you have missed earlier posts of this series, you can read them from below links:

1: Introduction to vRealize Network Insight

2: Deploying vRNI Appliance

Lets begin with configuring the appliance.

Login to vRNI appliance by typing https://<IP or FQDN of the platform appliance> in your browser. read more

Category: NSX

vRealize Network Insight-Part-2: Installation

By | 22/07/2017

In last post of this series we discussed briefly about what is vRNI and why you should have it your environment. In this post we will look into the deployments steps.

The current version of vRealize Network Insight is 3.4. I am going to deploy the same in my lab. 

The installation process for VMware vRNI is a two-step process that includes:

  • Deploying VMware vRNI platform appliance.
  • Deploying VMware vRNI proxy appliance.

Following are the resource requirements for deploying the Platform and Proxy OVA.

vRealize Network Insight Platform OVA

  • 8 cores – Reservation 4096 Mhz
  • 32 GB RAM – Reservation – 16GB
  • 750 GB – HDD, Thin provisioned

vRealize Network Insight Proxy OVA

  • 4 cores – Reservation 2048 Mhz
  • 10 GB RAM – Reservation – 5GB
  • 150 GB – HDD, Thick provisioned

Lets jump into lab and start the deployment process. To keep the length of the post to a reasonable length, I have omitted the deployment steps of the ova file except the final network information input screens where you have to define IP/Netmask/GW/DNS/NTP etc. read more

Category: NSX

vRealize Network Insight-Part-1: Introduction

By | 21/07/2017

Recently I was having a discussion with one of my friend on NSX related topic and then I came to know about a new must have tool for your NSX based lab. Title of this post itself explains which tool I am talking about here.

What is vRealize Network Insight (vRNI) and where it came from?

vRealize Network Insight is a product for delivering intelligent operations for your SDN environment (specially based on NSX). vRealize Network Insight, allows a single pane of glass view of the VMware NSX environment. vRNI integrates with NSX to deliver intelligent operations for software defined networking. read more

Category: NSX

Cannot Redeploy Edge Gateway “VSM response error (10020): Failed to deploy edge appliance vse-XXXX-0. The name ‘vse-XXXX-0’ already exists”

By | 12/07/2017

This post is very similar to issue described in my last post. The only difference in last issue and this was I was not able to redeploy edge gateway to get rid of stubborn Org Networks whereas in previous case Edge redeploy fixed the issue quite comfortably.

Let me start with a little bit background of how was this issue discovered and what challenges I faced.  I was working investigating a failed deprovision issue when this issue was discovered. Deprovision tasks in our environment are fully automated and we have some portal where these tasks arrives and there is a Resume button which when clicked, kicks the deprovision process.

When the Resume button is clicked that portal initiates API calls to vCD and start deleting stuffs. It starts with deleting vApps, vApp Templates and then proceed to Org Network deletion and then the edge gateway and at last deletes the Org vDC and Org.

Sometimes stuffs at vCD level are in inconsistent state and thus API calls are unable to delete that element and deprovision is halted in portal.

During my investigation I checked the logs and found that API calls were unable to remove one of the Org Network.

Following errors were visible in vCD UI for network deletion failure

[ 695e10af-1677-4c64-bbe1-42250b6c249d ] Cannot delete organization VDC network default-routed (0694f25a-78b9-45b0-be44-e5c8ccda4b91)
Failed to delete interface of edge gateway urn:uuid:5286e85d-afb0-4821-b4f4-db87b390ba11

- Failed to delete interface of edge gateway urn:uuid:5286e85d-afb0-4821-b4f4-db87b390ba11
 
- com.vmware.vcloud.fabric.nsm.error.VsmException: VSM response error (202): The requested object : vm-3768 could not be found. Object identifiers are case sensitive.

From the logs it was very clear that there are issues with edge backing VM’s. I went ahead with performing edge gateway redeploy without checking the edge VM’s status in vCenter. I was thinking that redeploy fixes this issue 9 out of 10 times so just give it a shot.

To my surprise edge gateway redeploy also failed and also I observed that redeploy task took around 20 minutes (usually it takes 5-7 minutes) and eventually timed out. 

Errors related to edge redeploy task failing was

[ e04b76e6-7bb1-4d97-a85c-0df2813a06be ] Cannot redeploy edge gateway M738162563-11503 (urn:uuid:5286e85d-afb0-4821-b4f4-db87b390ba11) com.vmware.vcloud.fabric.nsm.error.VsmException: VSM response error (10020): Failed to deploy edge appliance vse-xxxxx-0. (The name 'vse-xxxxx-0' already exists.) - com.vmware.vcloud.fabric.nsm.error.VsmException: VSM response error (10020): Failed to deploy edge appliance vse-xxxxx-0. (The name 'vse-xxxxx-0' already exists.) - VSM response error (10020): Failed to deploy edge appliance vse-xxxxx-0. (The name 'vse-xxxxx-0' already exists.) read more

Edge Gateway Network deletion failed with error “Failed to communicate with NSX Edge vm. Error code VIX_E_PROGRAM_NOT_STARTED was returned by VIX API”

By | 11/07/2017

Today while working on one production issue, I came across one incident where I was unable to delete one of the Org Network in vCloud Director. Observed following errors in vCD UI for the Org network deletion failure: 

On checking vcloud-container.debug.log I observed similar log entries as seen in vCD UI

This was entirely new error for me so I started googling this around and unfortunately did not found helpful article. The only article which I got for this error was this but of no use for me.  read more

PyNSXv-Powerful tool for NSX Automation

By | 05/07/2017

Like last post of NSX series, this post is also focused on exploring a new tool which helps automatic NSX stuffs in your infrastructure. I first came across this tool when I was watching a VMworld 2016 Session titled NET7514 – PowerNSX and PyNSXv, but never got chance to play around this tool.

Now since I am exploring NSX automation these days, I decided to deploy the tool, in lab and use it. 

This post will be focused on just installation/configuration part and some examples on how to use this tool.

So what is PyNSXv?

PyNSXv is a high python based library that exposes ready to use work-flows and a CLI tool that can be used to control and automate NSXv in your infrastructure. 

It an opensource tool and is not supported by VMware and before using this in production, it is recommended to test it thoroughly in lab deployments. 

Currently PyNSXv functionality covers the following key areas:

  • Logical Switching
  • Logical Routing
  • NSX Edge Gateway
  • NSX Edge Load Balancer

PyNSXv can be used in two different ways, as a library by importing the files in the /library sub-directory into your code, or as a CLI tool by executing pynsxvon the command line after installation. To install PyNSXv you can use PIP on your system.

You should have some basic knowledge of Python and Powershell (and of-course of NSX) to begin with this tool. Below diagram just shows a very high level architectural view of this tool.

PyNSXv can be downloaded from VMware’s GitHub directory. Instructions for installation are available on PyNSXv Wiki page. Lets the fun begin.

Installing PyNSXv on Windows

Step 1: Install python v2.7 on your windows box. Python v2.7 can be downloaded from Here. Attention: Do Not install python v 3.X 

Step 2: Add python installation folder in the Windows path (So that PyNSXv can be run from any folder).

To do so navigate to Control Panel > System and Security > System > Advance System Settings > Advanced > Environment Variables.

Under System Variables edit PATH variable and add python installation\script folder path (typically it is C:\Python27\Scripts)

Step 3: Install PynSXv

Run command : pip install pysxv

Step 4: After you installed PyNSXv, the first thing you have to do is to create your a ini file that contains the host names and credentials of your vCenter and NSX Manager. Save this file in location : C:\Python27\Lib\site-packages\pynsxv

Typically nsx.ini file looks like below:

# variables for PyNSXv
[nsxv]
nsx_manager = 192.168.109.6
nsx_username = admin
nsx_password = NSX-PWD

[vcenter]
vcenter = 192.168.109.20
vcenter_user = administrator@vsphere.local
vcenter_passwd = VC-PWD

[defaults]
transport_zone = Cloud-pVDC-VXLAN-NP
datacenter_name = Cloud-DC
edge_datastore = iSCSI-2
edge_cluster = Resource-Cluster

After placing the nsx.ini file in you path, you can run pynsxv from your shell or cmd prompt.

Now you can use pynsx,exe command to play around with various options. One example is shown below

To see list of all available options that can be used with pynsxv command, please read this document.

Alternatively PyNSXv can be installed on windows using git command as well. Make sure git is installed on your windows machine.

You can clone the PyNSXv repository by using command: git clone https://github.com/vmware/pynsxv.git

This will typically place the installation file under C:\Users\Username\Documents\GitHub. From there navigate to pynsxv directory and run setup.py command. It will configure the necessary modules/library.

The nsx.ini file is placed in directory C:\Users\Username\Documents\GitHub\pynsxv\pynsxv. Modify this file as per example shown earlier.

Linux Installation

Step 1: If you are using Centos/Redhat 6 then default python version that is shipped with the v6 distribution is 2.6. We have to install python 2.7 on CentOS/Redhat. Instructions for doing so are explained here.

This post also demonstrates how to install pip. Once Python2.7 and Pip2.7 is installed, PyNSXv can be installed using command: pip2.7 install pynsxv

This command places the modules/library files under directory /usr/local/lib/python2.7/site-packages/pynsxv. In the same directory you will find the nsx.ini file.

Alternatively on linux boxes PyNSXv can be installed via git using command git clone https://github.com/vmware/pynsxv.git.

This will create a directory pynsx in your present working directory. Again you can find nsx.ini file here and modify it as per your environment details.

Now its time to play around various options available. 

[root@linjump ~]# pynsxv -i /root/pynsxv/pynsxv/nsx.ini lswitch list +-----------------------------------------------------------+---------------+ | LS name | LS ID | |-----------------------------------------------------------+---------------| | dvs.VCDVSProd-Routed-c48ebd51-e791-4d06-8bf4-0f2c04ee3eff | virtualwire-1 | +-----------------------------------------------------------+---------------+ read more

Category: NSX

Exploring PowerNSX in Lab

By | 29/06/2017

These days I am busy exploring NSX Rest API in my lab and during the process I came to know about a cool tool named PowerNSX and decided to dedicate a blog on this to give respect to creator of this tool.

What is PowerNSX

PowerNSX is a PowerShell module that abstracts the NSX API to a set of easily used PowerShell functions. PowerNSX enables NSX administrators to drive their infrastructure programmatically.

PowerNSX add additional functionality to extend the capabilities of NSX along with exposing the existing Update, Remove and Get operations for all key NSX functions beyond the native UI or API. read more

Category: NSX

Retrieving NSX Manager System Info Using Rest API

By | 27/06/2017

In this post we will explore how NSX manager system info can be retrieved via Rest API. NSX manager appliance home page is itself very descriptive and provides all system info. 

In this post we will learn how the same system info can be explored via API calls. Let’s get started.

Query NSX Manager Information

Below API query will provide you info like what is the major and minor version of NSX appliance you ae running along with patch number and build number

# curl -k -u “admin:Password” -X GET https://nsxmgr.alex.local/api/1.0/appliance-management/global/info xmllint –format –

<?xml version="1.0" encoding="UTF-8"?>
<globalInfo>
 <currentLoggedInUser>admin</currentLoggedInUser>
 <versionInfo>
 <majorVersion>6</majorVersion>
 <minorVersion>3</minorVersion>
 <patchVersion>2</patchVersion>
 <buildNumber>5672532</buildNumber>
 </versionInfo>
</globalInfo>

Query NSX Manager Summary Information

This API query will present you with all info which you used to see from the NSX manager homepage. This call can be used to obtain all system related info in one shot. 

# curl -k -u “admin:Password” -X GET https://nsxmgr.alex.local/api/1.0/appliance-management/summary/system | xmllint –format –

<?xml version="1.0" encoding="UTF-8"?> <systemSummary> <ipv4Address>192.168.109.6</ipv4Address> <dnsName>nsxmgr.alex.local</dnsName> <hostName>nsxmgr</hostName> <domainName>alex.local</domainName> <applianceName>vShield Virtual Appliance Management</applianceName> <versionInfo> <majorVersion>6</majorVersion> <minorVersion>3</minorVersion> <patchVersion>2</patchVersion> <buildNumber>5672532</buildNumber> </versionInfo> <uptime>14 days, 23 hours, 56 minutes</uptime> <cpuInfoDto> <totalNoOfCPUs>4</totalNoOfCPUs> <capacity>2599 MHZ</capacity> <usedCapacity>187 MHZ</usedCapacity> <freeCapacity>2412 MHZ</freeCapacity> <usedPercentage>7</usedPercentage> </cpuInfoDto> <memInfoDto> <totalMemory>16025 MB</totalMemory> <usedMemory>5761 MB</usedMemory> <freeMemory>10264 MB</freeMemory> <usedPercentage>36</usedPercentage> </memInfoDto> <storageInfoDto> <totalStorage>81G</totalStorage> <usedStorage>20G</usedStorage> <freeStorage>61G</freeStorage> <usedPercentage>25</usedPercentage> </storageInfoDto> <currentSystemDate>Tuesday, 27 June 2017 04:29:52 PM IST</currentSystemDate> </systemSummary> read more

Category: NSX

Managing NSX Manager Network Settings via Rest API

By | 25/06/2017

In this post we will learn how can we configure some of the network settings like DNS/Syslog and NTP configurations in NSX manager via Rest API.

We can do all this from NSX manager GUI also but if you are thinking about automating NSX manager deployment, then these Rest API knowledge can be pretty handy for configuring the appliance post its deployment.

Lets get started.

Query Network Settings

Below API query will give you an overview of NSX Manager IP settings, Hostname, DNS settings and domain name

# curl -k -u “admin:adminpwd” -X GET https://nsxmgr.alex.local/api/1.0/appliance-management/system/network/ | xmllint –format –

<?xml version="1.0" encoding="UTF-8"?> <network> <hostName>nsxmgr</hostName> <domainName>alex.local</domainName> <networkIPv4AddressDto> <ipv4Address>192.168.109.6</ipv4Address> <ipv4NetMask>255.255.255.0</ipv4NetMask> <ipv4Gateway>192.168.109.1</ipv4Gateway> </networkIPv4AddressDto> <dns> <ipv4Address>192.168.109.2</ipv4Address> <domainList>alex.local</domainList> </dns> </network> read more

Category: NSX

NSX Certificate Management Using Rest API

By | 22/06/2017

In this post We will learn how to view generate self-signed certificate for NSX and replace the certificates after getting them signed from CA. We will be doing this via Rest API.

I wrote a post in past on how to replace SSL certs for NSX from GUI. In this post I am trying to achieve the same via Rest API

Following are the API queries which you need to execute in order to generate and replace certs.

Generate CSR Certificate

# curl -k -u “admin:passwd” -d @csr.xml -X PUT https://nsxmgr.alex.local/api/1.0/appliance-management/certificatemanager/csr/nsx

<?xml version="1.0" encoding="UTF-8"?> <csr> <algorithm>RSA</algorithm> <keySize>4096</keySize> <subjectDto> <commonName>nsxmgr.alex.local</commonName> <organizationUnit>Cloud</organizationUnit> <organizationName>Alex.Co</organizationName> <localityName>Bangalore</localityName> <stateName>Karnataka</stateName> <countryCode>IN</countryCode> </subjectDto> </csr> read more

Category: NSX

Enable Disable HA on Edge GW via NSX Rest API

By | 22/06/2017

In this post I will be demonstrating how to enable and disable high availability on NSX edge gateway using Rest API.

If you are new to NSX and do not know what edge gateway high availability means then I would recommend to read this Blog by Gabe Rosas.

We can enable disable high availability on edge gateway from vSphere Web Client by navigating to Home  > Networking & Security > NSX Edges > Selecting Edge > Manage > HA Configuration

Enabling HA on edge gateway will create a new vse vm in vCenter and both VM start exchanging heartbeat and exchanging other configuration etc.

Now we will see how to achieve this via NSX Rest API.

Step 1: Query HA Status

# curl -k -u “admin:AdminPWD” -X GET https://nsxmgr.alex.local/api/4.0/edges/edge-2/highavailability/config | xmllint –format –

<?xml version="1.0" encoding="UTF-8"?>
<highAvailability>
 <version>3</version>
 <enabled>false</enabled>
 <declareDeadTime>15</declareDeadTime>
 <logging>
 <enable>false</enable>
 <logLevel>info</logLevel>
 </logging>
 <security>
 <enabled>false</enabled>
 </security>
</highAvailability>

From the above output we can see HA ha snot been enabled on edge gateway yet.

Step 2: Enable HA

To enable HA on edge gateway, we need to supply few parameter in the request body of the API call. If you are using curl you can create an xml file as shown below and can supply it with API query with -d option. 

<?xml version="1.0" encoding="UTF-8"?> <highAvailability> <version>4</version> <enabled>True</enabled> <declareDeadTime>15</declareDeadTime> <logging> <enable>false</enable> <logLevel>info</logLevel> </logging> <security> <enabled>false</enabled> </security> </highAvailability> read more

Category: NSX