VMware NSX Host Preparation with PowerShell
VMware NSX Host Preparation – Once you have configured your NSX appliance to talk to the vcenter server and created the controller cluster, the next step we need to do is to prepare the VMHosts for vxlan networking, DLR and Distributed firewall.
To implement this first you need to head over the installation tab in the Networking and Security Plugin and click on the Host preparation tab, select the required cluster and click on install.
You need to click on the actions tab and click on install.
This would install the VIB ( vSphere Infrastructure bundles ) within the clusters, internally what happens is that we install VXLAN, DLR and Distributed Firewall kernel components on the hosts.
Now, if you need to do this via the GUI, you would need to select the “Actions” tab shown above and click on install which would go ahead and install the VIB bundles onto the cluster.
Lets advance one step ahead and execute the same via the API.
Now if you explore the API guide for NSX you would see the POST request which could be invoked to automate this.
Now we see that the request body for the API call needs the MOREF cluster ID, this can be extracted very easily using powercli, you just need to use the Get-View cmdlet to extract this information.
Get-Cluster | Get-View | select @{l='Moref';e={$_.moref -replace "ClusterComputeResource-",""}}
Once you have the MoReF id, lets build the body for the API call and Invoke It.
# Install network virtualization components $Username = "admin" $Password = "vmware1!" ### Ignore TLS/SSL errors add-type @" using System.Net; using System.Security.Cryptography.X509Certificates; public class TrustAllCertsPolicy : ICertificatePolicy { public bool CheckValidationResult( ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem) { return true; } } "@ [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy ### Create authorization string and store in $head $auth = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($Username + ":" + $Password)) $head = @{"Authorization"="Basic $auth"} $Request = "https://192.168.18.131/api/2.0/nwfabric/configure" $body = "<nwFabricFeatureConfig> <resourceConfig> <resourceId>domain-c24</resourceId> </resourceConfig> </nwFabricFeatureConfig>" try { $result = Invoke-WebRequest -Uri $Request -Headers $head -ContentType "application/xml" -Method POST -ErrorAction:Stop -Body $body } catch { $result = $_.Exception.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($result) $responseBody = $reader.ReadToEnd(); } $responseBody
Woahh!, thats cool!, now if you refresh your WebClient, you will see that the Installation has started, and in a few moments it would finish
.. continued ..
Once we have the Cluster configured, lets move on and configure the VXLAN networking, using the GUI, you just need to click on the “Not Configured” link as shown in the above image, feed in the details, create a VxLAN tunnel endpoint pool (VTEP) and there you go!.
Now, lets look at the PowerShell way of automating this task, again lets head over to the API guide and take a look at the POST Request.
Next lets structure our API Code and invoke it via PowerShell.
You will see that the above API call needs the MOID of the DVSwitch , the IP address Pool id and the Cluster MOID.
This can be extracted again with the Get-View cmdlet, to extract the ipaddress pool id, please refer to one of my previous post.
Get-VirtualSwitch -Name DSwitch | Get-View | select @{l='DvsMORef';e={$_.moref -replace "VmwareDistributedVirtualSwitch-",""}}
Once we have all the values, lets create the POST body and invoke the vxlan configure API
# Configure vXLAN $Username = "admin" $Password = "vmware1!" ### Ignore TLS/SSL errors add-type @" using System.Net; using System.Security.Cryptography.X509Certificates; public class TrustAllCertsPolicy : ICertificatePolicy { public bool CheckValidationResult( ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem) { return true; } } "@ [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy ### Create authorization string and store in $head $auth = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($Username + ":" + $Password)) $head = @{"Authorization"="Basic $auth"} $Request = "https://192.168.18.131/api/2.0/nwfabric/configure" $body = " <nwFabricFeatureConfig> <featureId>com.vmware.vshield.vsm.vxlan</featureId> <resourceConfig> <resourceId>domain-c24</resourceId> <configSpec class='clusterMappingSpec'> <switch><objectId>dvs-20</objectId></switch> <vlanId>0</vlanId> <vmknicCount>1</vmknicCount> <ipPoolId>ipaddresspool-1</ipPoolId> </configSpec> </resourceConfig> <resourceConfig> <resourceId>dvs-20</resourceId> <configSpec class='vdsContext'> <switch><objectId>dvs-20</objectId></switch> <mtu>1600</mtu> <teaming>ETHER_CHANNEL</teaming> </configSpec> </resourceConfig> </nwFabricFeatureConfig> " try { $result = Invoke-WebRequest -Uri $Request -Headers $head -ContentType "application/xml" -Method POST -ErrorAction:Stop -Body $body } catch { $result = $_.Exception.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($result) $responseBody = $reader.ReadToEnd(); } $responseBody
Once you execute the API call via powershell and refresh the webclient, you will see the VXLAN configured.
Once we have the VxLAN configured, next lets configure the “Transport Zone”, the transport zone includes the host clusters, you can create the transport zones via the GUI using the below option.
Now, lets explore how to do this via the API, in the API guide we find that we need to pass the below POST request, as illustrated in the above examples use the similar technique and create the transport zones
Next once we have the Transport Zones created, we need to create the segment id’s which is basically a pool of numbers which would be used for VXLan Numerical Indentifier (VNI), VNI basically depicts kind of vlan configuration, its basically used to identify the various logical switches.
You can use the similar approach to invoke API’s to create the VNI’s
Now, this was huge, basically the steps we performed will allow us to build out the platform to build NSX networking .
i hope you enjoyed this blog post on “VMware NSX Host Preparation and configuration” using PowerShell and found this information useful.
Do check out some of my other Posts on NSX
Pingback: VMware NSX Logical Switch and DLR config GUI-API