WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud Foundation
  • VKS
  • Homelab
    • Resources
    • Nested Virtualization
  • VMware Nostalgia
  • Apple
You are here: Home / Automation / NSX-T Edge OVF property to automatically join NSX-T Management Plane

NSX-T Edge OVF property to automatically join NSX-T Management Plane

04.20.2020 by William Lam // 2 Comments

After publishing my vSphere 7 with Kubernetes automation lab deployment script, I was looking at my NSX-T Edge code which leverages the vSphere VM Keystroke API to automate the joining of the the NSX-T Edge to the NSX-T Management Plane. This technique is used to avoid the need for SSH access to both NSX-T Edge and Manager which is the official VMware method as outlined in the documentation for configuring the Edge.

This is certainly unfortunate as most customers normally disable SSH by default and only enable it for troubleshooting/debugging purposes. As far as I know, there are no remote NSX-T APIs for configuring an NSX-T Edge that has been deployed outside of NSX-T Manager, which has its own implications.

I recently had a chance to revisit some research I had made a note of when I had first started working with NSX-T. While inspecting the NSX-T Edge OVA, I found several OVF properties that begin with mp which per the description was referring to the NSX-T Manager. At the time, I was not able to figure out which the required combination of keys and values. Taking a closer look and poking around the appliance and logs, I was able to finally figure out the correct combination which turned out to be easy, once you knew what it was expecting.

To help demonstrate this functionality, I have created a basic PowerCLI script edge-auto-join-nsxt-management-plane.ps1 which uses information from your already deployed NSX-T Manager to automatically deploy the desired number of NSX-T Edge(s) which will automatically join the NSX-T Management Plane upon initial setup.


The way this works is that the following four OVF properties must be filled as part of the NSX-T Edge deployment:

  • mpIp - IP Address of your NSX-T Manager (FQDN will not work)
  • mpUser - User to join the NSX-T Edge, which is the admin account of the NSX-T Manager
  • mpPassword - Password to admin user of the NSX-T Manager
  • mpThumbprint - SHA256 Thumbprint of the NSX-T Manager

These values are then passed down to the NSX-T Edge which will attempt to join the NSX-T Management Plane. This took a few attempt and a useful log in the NSX-T Edge to look at is /var/log/join_mp.log which gave more details on some of the failures. I should also mention that these OVF properties are NOT new in latest NSX-T 3.0 release and I have seen them for several releases now, so it should be possible to use this technique with earlier releases of NSX-T.

If everything was configured correctly, once the NSX-T Edge has fully initialized, you should see it automatically appear under the Edge Transport Nodes section of the NSX-T Manager.


I still need to do a bit more testing before I can incorporate this new technique back into my vSphere 7 with Kubernetes deployment script, but this will certainly make the automation more robust and not have to rely on sending keystrokes into the VM which has worked for a number of years now. Lastly, folks with a keen eye may have also notice other mp variables, I believe this exact same technique can be used to automatically stand up multiple NSX-T Managers to form a highly available NSX-T Control Plane as the NSX-T Controllers have been consolidated into the NSX-T Manager component. This maybe another topic to explore in the future, but I have some ideas of how this should work.

More from my site

  • Configure NSX-T Edge to run on AMD Ryzen CPU
  • Quick Tip - How to deploy vCenter Server Appliance (VCSA) to legacy CPU without VMX Unrestricted Guest feature?
  • Quick Tip - Easily move or copy VMs between two Free ESXi hosts?
  • Quick Tip - Encoding special characters for OVFTool on the command-line
  • NSX Alarms in vCenter Server using vSphere Events in vSphere 8

Categories // Automation, NSX, OVFTool, PowerCLI Tags // NSX Edge, NSX-T, ovftool

Comments

  1. *protectedgem1music says

    04/21/2020 at 3:21 pm

    Long live the world, long live freedom

    Reply
  2. *protectedVenu says

    04/24/2020 at 11:31 am

    Hey Liam, I was looking for some help, on a peculiar issue with vCenter/ Esx Serial Number discovery issue.

    Reply

Thanks for the comment!Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Thank Author

Author

William is Distinguished Platform Engineering Architect in the VMware Cloud Foundation (VCF) Division at Broadcom. His primary focus is helping customers and partners build, run and operate a modern Private Cloud using the VMware Cloud Foundation (VCF) platform.

Connect

  • Bluesky
  • Email
  • GitHub
  • LinkedIn
  • Mastodon
  • Reddit
  • RSS
  • Twitter
  • Vimeo

Recent

  • VMware Flings is now available in Free Downloads of Broadcom Support Portal (BSP) 05/19/2025
  • VMUG Connect 2025 - Minimal VMware Cloud Foundation (VCF) 5.x in a Box  05/15/2025
  • Programmatically accessing the Broadcom Compatibility Guide (BCG) 05/06/2025
  • Quick Tip - Validating Broadcom Download Token  05/01/2025
  • Supported chipsets for the USB Network Native Driver for ESXi Fling 04/23/2025

Advertisment

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright WilliamLam.com © 2025

 

Loading Comments...