WilliamLam.com

Which NSX-T Policy APIs are used in the NSX-T UI in VMC?

by // Leave a Comment

As the adoption of VMware Cloud on AWS (VMC) continues to accelerate, one of the very first UI interface that customers must interact with is the NSX-T UI, for enabling basic connectivity. By default the Edge Gateway has a Deny All Firewall Rule, so you will need to come to this screen to setup connectivity from your on-premises environment including a Direct Connect (DX) or Route/Policy-Based VPN. For some customers who have familiarize themselves with the NSX-T UI and its capabilities, usually the next order of business is how do I go about automating these various aspects from Day 0 setup all the way to Day N where I am migrating in or creating additional workloads.

A very common set of questions that I have been getting lately is which API do I need to look at to do X in the NSX-T UI in VMC?


Having spent some time with the NSX-T Policy API, I figure it would be useful to share the categories of NSX-T Policy API that maps back to what you see in the NSX-T UI in VMC. The list below is not exhaustive, but should it should point you in the right direction when needing to automate a particular operation.

[Read more...]

Building your own Virtual Appliances using OVF properties Part 2

by // 9 Comments

In the previous article, we reviewed the concepts and basic approach to building your own VMware Virtual Appliance (OVF/OVA). In Part 2, we are now going to take a look at a reference implementation for building a Linux VA using VMware PhotonOS. Although I am using PhotonOS as the guest, you can apply these same techniques to any other Linux distribution of your choice.

Step 1 - Create a new VM in vCenter Server and then install PhotonOS using the ISO format. Once you have completed the OS installation, you may want to apply any patches or packages that you want included as part of your VA. Once that is done, go ahead and shut down the VM.

Step 2 - Select the VM in the vSphere Inventory and then click on Configure->vApp and then check the Enable vApp Options. Once enabled, select OVF environment for the IP allocation scheme. In the OVF Details tab, select VMware Tools for the OVF environment transport. (Optionally) You can specify some additional metadata including appliance name and URLs to help others who maybe consuming your VA once it has been exported to an OVF/OVA.

Step 3 - Next, add the following 6 OVF properties which will be used as input to configure networking within PhotonOS. Click Add and provide a LabelKey and optional Category.

Label Key Category
Hostname guestinfo.hostname Networking
IP Address guestinfo.ipaddress Networking
Netmask guestinfo.netmask Networking
Gateway guestinfo.gateway Networking
DNS Server guestinfo.dns Networking
DNS Domain guestinfo.domain Networking


Step 4 - Power back on the VM and once it is available on the network (assuming DHCP), download and copy the sample first boot script rc.local to /etc/rc.d/rc.local. This script is where all the magic happens and will process the OVF property input and then configure the network settings. Right now it assumes these fields are optional, meaning if they left blank, it will default the system to DHCP. If you provide all input properties, then it will go ahead and configure a static network address.

[Read more...]

Creating vCenter Alarms based on Task Events such as Folder creation

by // 13 Comments

The vCenter Server Events sub-system is an incredibly rich and powerful interface that enables customers to monitor, alert and even trigger additional actions based on a particular event. One such example that I have written about before is to key off of a VM provisioned event and automatically apply security hardening settings when the VM is created or cloned. This can be useful if customers are not taking advantage of VM Templates or if a VI Admins manually creates a VM from scratch, you can still ensure you have a compliant VM deployment through the use of Automation. You can either poll for the VM created event and then execute a script as shown in this example or you can automatically trigger a remote action by generating an SNMP trap when the event actually occurs.

The possibilities are truly endless on what you can do with vCenter Events and for the complete list of all Event types, you can refer to the vSphere API documentation here. One thing to be aware of is that not every operation within vCenter Server generates an Event, one example of this is when a Folder object is created or deleted. You can use vCenter Server Tasks sub-system to query for this info but there is not a respective vCenter Event that you can key off of to generate an Alarm for example. This was something I had noticed myself and assumed it was a limitation of the platform or feature teams that publish VC Events.

Recently, this question came up again from a customer who was looking for a way to trigger an alarm every time a VM Folder was created. I took another look at this and came to learn about a more generic type of Event that can be used to create an Alarm for such use cases where a native VC Event may not exists called a Task Event.

[Read more...]