Dieser Artikel zeigt Ihnen, wie Sie die API mit NSX Edge bearbeiten. Diese Lösung von VMware führt Routing-, Firewall-, NAT-, DHCP-, VPN- und andere Funktionen für ein virtuelles Rechenzentrum aus. API-Funktionen machen das Senden von Anforderungen an Edge einfacher und intuitiver als die Verwendung der Befehlszeile.
Die hier beschriebene Methode löst auch einige der Probleme beim Zugriff auf Edge über vCloud Director. Bei der Arbeit über die API haben wir die Möglichkeit, direkt über NSX oder vCloud Director mit Edge zu arbeiten und über die API auch auf die vCloud Director-Datenbank zuzugreifen. Ich zeige Ihnen beide Möglichkeiten.
Hier sind die interessantesten Szenarien, wenn die Verwendung der API nützlich ist:
Edge auf einen anderen NSX-Manager migrieren.
Wiederherstellen von Edge oder eines Teils seiner Einstellungen. Wenn wir beispielsweise nach der Migration von einem Rechenzentrum in ein anderes auch die Einstellungen der Firewall, des VPN, des Load Balancers usw. übertragen.
Backup-Einstellungen. Zum Beispiel, wenn wir die Edge-Konfiguration im XML-Format speichern und bei Bedarf darauf zurückgreifen möchten.
In der Beschreibung verwende ich NSX-V 6.4.6 und vCloud Director 10.2, aber der Artikel ist auch für andere Softwareversionen relevant. Für alle Experimente habe ich die API-Dokumentation von hier verwendet .
Vorbereiten eines Tools für die Arbeit mit API
API . Postman: API . VMware API, .
:
GET – , .
POST – .
PUT – , .
DELETE – .
, Postman NSX-, Edge.
Postman . Basic Auth, .
. Content-Type: application/xml
Edge GET https://nsx-fqdn/api/4.0/edges ( nsx-fqdn – IP- FQDN NSX-).
200 , , : , .
Edge . , .
Edge
, API.
NSX- nsx-fqdn-1, NSX-manager nsx-fqdn-2. , - edge-8 , .
Edge NSX. , FQDN NSX-.
GET https://nsx-fqdn-2/api/4.0/edges/edge-8
. , .
.
<?xml version="1.0" encoding="UTF-8"?> <edge> <id>edge-8</id> <version>8</version> <description></description> <status>deployed</status> <tenant>88ed64d3-516d-4932-a262-9987e9779f1e</tenant> <name>vse-test-delete-edge (877a6842-8a67-4dad-87cf-81e155c45763)</name> <fqdn>vse-f8b2ccec-ef9b-464f-8bab-eb67e27f15c3</fqdn> <enableAesni>true</enableAesni> <enableFips>false</enableFips> <vseLogLevel>info</vseLogLevel> <vnics> <vnic> <label>vNic_0</label> <name>vnic0</name> <addressGroups> <addressGroup> <primaryAddress>esxternal-ip</primaryAddress> <secondaryAddresses> <ipAddress>esxternal-ip</ipAddress> </secondaryAddresses> <subnetMask>255.255.255.192</subnetMask> <subnetPrefixLength>26</subnetPrefixLength> </addressGroup> </addressGroups> <mtu>1500</mtu> <type>uplink</type> <isConnected>true</isConnected> <index>0</index> <portgroupId>dvportgroup-731</portgroupId> <portgroupName>internet</portgroupName> <enableProxyArp>false</enableProxyArp> <enableSendRedirects>true</enableSendRedirects> </vnic> <vnic> <label>vNic_1</label> <name>vnic1</name> <addressGroups> <addressGroup> <primaryAddress>10.0.0.1</primaryAddress> <subnetMask>255.255.255.0</subnetMask> <subnetPrefixLength>24</subnetPrefixLength> </addressGroup> </addressGroups> <mtu>1500</mtu> <type>internal</type> <isConnected>true</isConnected> <index>1</index> <portgroupId>virtualwire-380</portgroupId> <portgroupName>dvs.VCDVStest-1-5ca1ab95-ded5-4af5-bf90-96eaa70e5512</portgroupName> <enableProxyArp>false</enableProxyArp> <enableSendRedirects>true</enableSendRedirects> </vnic> <vnic> <label>vNic_2</label> <name>vnic2</name> <addressGroups/> <mtu>1500</mtu> <type>internal</type> <isConnected>false</isConnected> <index>2</index> <enableProxyArp>false</enableProxyArp> <enableSendRedirects>true</enableSendRedirects> </vnic> <vnic> <label>vNic_3</label> <name>vnic3</name> <addressGroups/> <mtu>1500</mtu> <type>internal</type> <isConnected>false</isConnected> <index>3</index> <enableProxyArp>false</enableProxyArp> <enableSendRedirects>true</enableSendRedirects> </vnic> <vnic> <label>vNic_4</label> <name>vnic4</name> <addressGroups/> <mtu>1500</mtu> <type>internal</type> <isConnected>false</isConnected> <index>4</index> <enableProxyArp>false</enableProxyArp> <enableSendRedirects>true</enableSendRedirects> </vnic> <vnic> <label>vNic_5</label> <name>vnic5</name> <addressGroups/> <mtu>1500</mtu> <type>internal</type> <isConnected>false</isConnected> <index>5</index> <enableProxyArp>false</enableProxyArp> <enableSendRedirects>true</enableSendRedirects> </vnic> <vnic> <label>vNic_6</label> <name>vnic6</name> <addressGroups/> <mtu>1500</mtu> <type>internal</type> <isConnected>false</isConnected> <index>6</index> <enableProxyArp>false</enableProxyArp> <enableSendRedirects>true</enableSendRedirects> </vnic> <vnic> <label>vNic_7</label> <name>vnic7</name> <addressGroups/> <mtu>1500</mtu> <type>internal</type> <isConnected>false</isConnected> <index>7</index> <enableProxyArp>false</enableProxyArp> <enableSendRedirects>true</enableSendRedirects> </vnic> <vnic> <label>vNic_8</label> <name>vnic8</name> <addressGroups/> <mtu>1500</mtu> <type>internal</type> <isConnected>false</isConnected> <index>8</index> <enableProxyArp>false</enableProxyArp> <enableSendRedirects>true</enableSendRedirects> </vnic> <vnic> <label>vNic_9</label> <name>vnic9</name> <addressGroups/> <mtu>1500</mtu> <type>internal</type> <isConnected>false</isConnected> <index>9</index> <enableProxyArp>false</enableProxyArp> <enableSendRedirects>true</enableSendRedirects> </vnic> </vnics> <appliances> <applianceSize>compact</applianceSize> <appliance> <highAvailabilityIndex>0</highAvailabilityIndex> <vcUuid>500615b5-3f65-146a-1d5c-0dce84fc60ea</vcUuid> <vmId>vm-4274</vmId> <resourcePoolId>resgroup-53</resourcePoolId> <resourcePoolName>System vDC (c8a308dd-2509-48ad-ab8e-54e93938394d)</resourcePoolName> <datastoreId>datastore-1</datastoreId> <datastoreName>DATASTORE</datastoreName> <hostId>host-18</hostId> <hostName>ESXi-host</hostName> <vmFolderId>group-v453</vmFolderId> <vmFolderName>Service VMs</vmFolderName> <vmHostname>vse-f8b2ccec-ef9b-464f-8bab-eb67e27f15c3-0</vmHostname> <vmName>vse-test-delete-edge (877a6842-8a67-4dad-87cf-81e155c45763)-0</vmName> <deployed>true</deployed> <cpuReservation> <limit>-1</limit> <reservation>64</reservation> </cpuReservation> <memoryReservation> <limit>-1</limit> <reservation>256</reservation> </memoryReservation> <edgeId>edge-8</edgeId> <configuredResourcePool> <id>resgroup-53</id> <name>System vDC (c8a308dd-2509-48ad-ab8e-54e93938394d)</name> <isValid>true</isValid> </configuredResourcePool> <configuredDataStore> <id>datastore-1</id> <name>DATASTORE</name> <isValid>true</isValid> </configuredDataStore> <configuredHost> <id>host-18</id> <name>ESXi-host</name> <isValid>true</isValid> </configuredHost> <configuredVmFolder> <id>group-v453</id> <name>Service VMs</name> <isValid>true</isValid> </configuredVmFolder> </appliance> <deployAppliances>true</deployAppliances> </appliances> <cliSettings> <remoteAccess>false</remoteAccess> <userName>admin</userName> <sshLoginBannerText> *************************************************************************** NOTICE TO USERS This computer system is the private property of its owner, whether individual, corporate or government. It is for authorized use only. Users (authorized or unauthorized) have no explicit or implicit expectation of privacy. Any or all uses of this system and all files on this system may be intercepted, monitored, recorded, copied, audited, inspected, and disclosed to your employer, to authorized site, government, and law enforcement personnel, as well as authorized officials of government agencies, both domestic and foreign. By using this system, the user consents to such interception, monitoring, recording, copying, auditing, inspection, and disclosure at the discretion of such personnel or officials. Unauthorized or improper use of this system may result in civil and criminal penalties and administrative or disciplinary action, as appropriate. By continuing to use this system you indicate your awareness of and consent to these terms and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the conditions stated in this warning. ****************************************************************************</sshLoginBannerText> <passwordExpiry>99999</passwordExpiry> </cliSettings> <features> <nat> <version>3</version> <enabled>true</enabled> <natRules> <natRule> <ruleId>196609</ruleId> <ruleTag>196609</ruleTag> <loggingEnabled>false</loggingEnabled> <enabled>true</enabled> <translatedAddress>esxternal-ip</translatedAddress> <ruleType>user</ruleType> <action>snat</action> <vnic>0</vnic> <originalAddress>10.0.0.0/24</originalAddress> <snatMatchDestinationAddress>any</snatMatchDestinationAddress> <protocol>any</protocol> <originalPort>any</originalPort> <translatedPort>any</translatedPort> <snatMatchDestinationPort>any</snatMatchDestinationPort> </natRule> <natRule> <ruleId>196610</ruleId> <ruleTag>196610</ruleTag> <loggingEnabled>false</loggingEnabled> <enabled>true</enabled> <translatedAddress>10.0.0.3</translatedAddress> <ruleType>user</ruleType> <action>dnat</action> <vnic>0</vnic> <originalAddress>esxternal-ip</originalAddress> <dnatMatchSourceAddress>any</dnatMatchSourceAddress> <protocol>tcp</protocol> <originalPort>443</originalPort> <translatedPort>8443</translatedPort> <dnatMatchSourcePort>any</dnatMatchSourcePort> </natRule> </natRules> <nat64Rules/> </nat> <l2Vpn> <version>2</version> <enabled>false</enabled> <logging> <enable>true</enable> <logLevel>notice</logLevel> </logging> </l2Vpn> <featureConfig/> <featureConfig/> <dns> <version>2</version> <enabled>false</enabled> <cacheSize>16</cacheSize> <listeners> <vnic>any</vnic> </listeners> <dnsViews> <dnsView> <viewId>view-0</viewId> <name>vsm-default-view</name> <enabled>true</enabled> <viewMatch> <ipAddress>any</ipAddress> <vnic>any</vnic> </viewMatch> <recursion>false</recursion> </dnsView> </dnsViews> <logging> <enable>false</enable> <logLevel>info</logLevel> </logging> </dns> <syslog> <version>2</version> <enabled>false</enabled> <protocol>udp</protocol> </syslog> <sslvpnConfig> <version>2</version> <enabled>false</enabled> <logging> <enable>true</enable> <logLevel>notice</logLevel> </logging> <advancedConfig> <enableCompression>false</enableCompression> <forceVirtualKeyboard>false</forceVirtualKeyboard> <randomizeVirtualkeys>false</randomizeVirtualkeys> <preventMultipleLogon>false</preventMultipleLogon> <clientNotification></clientNotification> <enablePublicUrlAccess>false</enablePublicUrlAccess> <timeout> <forcedTimeout>0</forcedTimeout> <sessionIdleTimeout>10</sessionIdleTimeout> </timeout> </advancedConfig> <clientConfiguration> <autoReconnect>true</autoReconnect> <upgradeNotification>false</upgradeNotification> </clientConfiguration> <layoutConfiguration> <portalTitle>VMware</portalTitle> <companyName>VMware</companyName> <logoExtention>jpg</logoExtention> <logoUri>/api/4.0/edges/edge-8/sslvpn/config/layout/images/portallogo</logoUri> <logoBackgroundColor>56A2D4</logoBackgroundColor> <titleColor>996600</titleColor> <topFrameColor>000000</topFrameColor> <menuBarColor>999999</menuBarColor> <rowAlternativeColor>FFFFFF</rowAlternativeColor> <bodyColor>FFFFFF</bodyColor> <rowColor>F5F5F5</rowColor> </layoutConfiguration> <authenticationConfiguration> <passwordAuthentication> <authenticationTimeout>1</authenticationTimeout> <primaryAuthServers/> <secondaryAuthServer/> </passwordAuthentication> </authenticationConfiguration> </sslvpnConfig> <featureConfig/> <highAvailability> <version>3</version> <enabled>false</enabled> <declareDeadTime>15</declareDeadTime> <logging> <enable>false</enable> <logLevel>info</logLevel> </logging> <security> <enabled>false</enabled> </security> </highAvailability> <routing> <version>3</version> <enabled>true</enabled> <routingGlobalConfig> <ecmp>false</ecmp> <logging> <enable>false</enable> <logLevel>info</logLevel> </logging> </routingGlobalConfig> <staticRouting> <defaultRoute> <vnic>0</vnic> <mtu>1500</mtu> <gatewayAddress>external-ip</gatewayAddress> <adminDistance>1</adminDistance> </defaultRoute> <staticRoutes/> </staticRouting> <ospf> <enabled>false</enabled> <ospfAreas> <ospfArea> <areaId>51</areaId> <type>nssa</type> <authentication> <type>none</type> </authentication> </ospfArea> <ospfArea> <areaId>0</areaId> <type>normal</type> <authentication> <type>none</type> </authentication> </ospfArea> </ospfAreas> <ospfInterfaces/> <redistribution> <enabled>false</enabled> <rules/> </redistribution> <gracefulRestart>true</gracefulRestart> <defaultOriginate>false</defaultOriginate> </ospf> </routing> <featureConfig/> <gslb> <version>2</version> <enabled>false</enabled> <serviceTimeout>6</serviceTimeout> <persistentCache> <maxSize>20</maxSize> <ttl>300</ttl> </persistentCache> <queryPort>5666</queryPort> <logging> <enable>false</enable> <logLevel>info</logLevel> </logging> </gslb> <firewall> <version>6</version> <enabled>true</enabled> <globalConfig> <tcpPickOngoingConnections>false</tcpPickOngoingConnections> <enableFtpLooseMode>false</enableFtpLooseMode> <tcpAllowOutOfWindowPackets>false</tcpAllowOutOfWindowPackets> <tcpSendResetForClosedVsePorts>true</tcpSendResetForClosedVsePorts> <dropInvalidTraffic>true</dropInvalidTraffic> <logInvalidTraffic>false</logInvalidTraffic> <tcpTimeoutOpen>30</tcpTimeoutOpen> <tcpTimeoutEstablished>21600</tcpTimeoutEstablished> <tcpTimeoutClose>30</tcpTimeoutClose> <udpTimeout>60</udpTimeout> <icmpTimeout>10</icmpTimeout> <icmp6Timeout>10</icmp6Timeout> <ipGenericTimeout>120</ipGenericTimeout> <enableSynFloodProtection>false</enableSynFloodProtection> <logIcmpErrors>false</logIcmpErrors> <dropIcmpReplays>false</dropIcmpReplays> <enableSnmpAlg>true</enableSnmpAlg> <enableFtpAlg>true</enableFtpAlg> <enableTftpAlg>true</enableTftpAlg> </globalConfig> <defaultPolicy> <action>deny</action> <loggingEnabled>false</loggingEnabled> </defaultPolicy> <firewallRules> <firewallRule> <id>131076</id> <ruleTag>131076</ruleTag> <name>firewall</name> <ruleType>internal_high</ruleType> <enabled>true</enabled> <loggingEnabled>false</loggingEnabled> <description>firewall</description> <action>accept</action> <source> <exclude>false</exclude> <vnicGroupId>vse</vnicGroupId> </source> </firewallRule> <firewallRule> <id>131077</id> <ruleTag>131077</ruleTag> <name>test</name> <ruleType>user</ruleType> <enabled>true</enabled> <loggingEnabled>false</loggingEnabled> <action>accept</action> <source> <exclude>false</exclude> <vnicGroupId>vnic-index-1</vnicGroupId> </source> <application> <service> <protocol>icmp</protocol> <icmpType>any</icmpType> </service> </application> </firewallRule> <firewallRule> <id>131075</id> <ruleTag>131075</ruleTag> <name>default rule for ingress traffic</name> <ruleType>default_policy</ruleType> <enabled>true</enabled> <loggingEnabled>false</loggingEnabled> <description>default rule for ingress traffic</description> <action>deny</action> </firewallRule> </firewallRules> </firewall> <loadBalancer> <version>2</version> <enabled>false</enabled> <enableServiceInsertion>false</enableServiceInsertion> <accelerationEnabled>false</accelerationEnabled> <monitor> <monitorId>monitor-1</monitorId> <type>tcp</type> <interval>5</interval> <timeout>15</timeout> <maxRetries>3</maxRetries> <name>default_tcp_monitor</name> </monitor> <monitor> <monitorId>monitor-2</monitorId> <type>http</type> <interval>5</interval> <timeout>15</timeout> <maxRetries>3</maxRetries> <method>GET</method> <url>/</url> <name>default_http_monitor</name> </monitor> <monitor> <monitorId>monitor-3</monitorId> <type>https</type> <interval>5</interval> <timeout>15</timeout> <maxRetries>3</maxRetries> <method>GET</method> <url>/</url> <name>default_https_monitor</name> </monitor> <logging> <enable>false</enable> <logLevel>info</logLevel> </logging> </loadBalancer> <ipsec> <version>2</version> <enabled>false</enabled> <logging> <enable>true</enable> <logLevel>warning</logLevel> </logging> <sites/> <global> <psk>******</psk> <caCertificates/> <crlCertificates/> </global> </ipsec> <bridges> <version>2</version> <enabled>false</enabled> </bridges> <dhcp> <version>2</version> <enabled>false</enabled> <staticBindings/> <ipPools/> <logging> <enable>false</enable> <logLevel>info</logLevel> </logging> </dhcp> </features> <autoConfiguration> <enabled>true</enabled> <rulePriority>high</rulePriority> </autoConfiguration> <type>gatewayServices</type> <isUniversal>false</isUniversal> <hypervisorAssist>false</hypervisorAssist> <tunnels/> </edge>
XML Edge. :
<id>edge-8</id> <version>8</version> <status>deployed</status>
<name> </name>, Edge .
,
<resourcePoolId> <resourcePoolName> <vmFolderId> <vmFolderName>
.
<password> </password> Edge <userName> <sshLoginBannerText>, :
<userName>admin</userName> <password>Test123!test123!</password> <sshLoginBannerText>
NAT ruleId, ruleTag, ruleType, :
<ruleId>196609</ruleId> <ruleTag>196609</ruleTag> <ruleType>user</ruleType>
XML Edge. Body XML, raw XML .
POST https://nsx-fqdn-1/api/4.0/edges/
Edge edge-9.
.
, NAT. , Edge . <nat>. , NAT- :
GET https://nsx-fqdn-1/api/4.0/edges/edge-9/nat/config
NAT POST-. ruleId, ruleTag, ruleType, :
<ruleId>196609</ruleId> <ruleTag>196609</ruleTag> <ruleType>user</ruleType>
POST https://nsx-fqdn-1/api/4.0/edges/edge-9/nat/config/rules
NAT-:
<natRules> <natRule> <action>dnat</action> <vnic>0</vnic> <originalAddress>esxternal_ip</originalAddress> <translatedAddress>192.168.1.9</translatedAddress> <loggingEnabled>false</loggingEnabled> <enabled>true</enabled> <description></description> <protocol>udp</protocol> <originalPort>80</originalPort> <translatedPort>80</translatedPort> </natRule> </natRules>
, NAT POST- , .
, :
(firewall, vpn, load balancer ). XML .
API vCloud Director. Edge API. Edge vCloud Director’, NSX-, edge-8 vCenter, . Edge id, vCloud Director . vCloud Director . , vCloud Director id c edge-8 edge-9.
gateway, id:
select * from gateway where name like 'test-delete-edge%'
:
-- id=' 877a6842-8a67-4dad-87cf-81e155c45763 ' --name=' test-delete-edge' --backing-ref='edge-8'
, Edge:
select * from global_search('edge-8')
, Edge:
select * from gateway where id = '877a6842-8a67-4dad-87cf-81e155c45763'
id Edge , .
update gateway set backing_ref = 'edge-9' where id = '877a6842-8a67-4dad-87cf-81e155c45763'
Edge vCloud Director.
.
Edge
Edge vCloud Director, Postman . API vCloud Director :
Postman.
:
Autorization: Basic Auth - administrator@system
GET https://vCD-fqdn/api/versions
, api.
:
Accept application/*+xml;version=35.0
. POST https://vCD-fqdn/api/sessions
: X-VMWARE-VCLOUD-ACCESS-TOKEN.
Bearer Token X-VMWARE-VCLOUD-ACCESS-TOKEN.
GET https://vCD-fqdn/api/admin, , .
Powershell connect-ciserver vCD-fqdn
: Get-OrgVdc OrgVDCName| Get-EdgeGateway EdgeName
Href.
Href: https://vCD-fqdn/api/admin/edgeGateway/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Postman :
GET https://vCD-fqdn/api/admin/edgeGateway/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
. “”:
<?xml version="1.0" encoding="UTF-8"?> <EdgeGatewayServiceConfiguration xmlns="http://www.vmware.com/vcloud/v1.5"> … , <EdgeGatewayServiceConfiguration> </EdgeGatewayServiceConfiguration>
:
<?xml version="1.0" encoding="UTF-8"?> <EdgeGatewayServiceConfiguration xmlns="http://www.vmware.com/vcloud/v1.5"> <GatewayDhcpService> <IsEnabled>false</IsEnabled> </GatewayDhcpService> <FirewallService> <IsEnabled>true</IsEnabled> <DefaultAction>allow</DefaultAction> <LogDefaultAction>false</LogDefaultAction> </FirewallService> <NatService> <IsEnabled>true</IsEnabled> <NatRule> <RuleType>SNAT</RuleType> <IsEnabled>true</IsEnabled> <Id>196609</Id> <GatewayNatRule> <Interface href="https://fqdn-vcd/api/admin/network/xxxxxx" name="network" type="application/vnd.vmware.admin.network+xml"/> <OriginalIp>10.0.0.0/24</OriginalIp> <TranslatedIp>external-ip</TranslatedIp> </GatewayNatRule> </NatRule> </NatService> <GatewayIpsecVpnService> <IsEnabled>false</IsEnabled> </GatewayIpsecVpnService> <StaticRoutingService> <IsEnabled>true</IsEnabled> </StaticRoutingService> <LoadBalancerService> <IsEnabled>false</IsEnabled> </LoadBalancerService> </EdgeGatewayServiceConfiguration>
Edge , <Interface/> Edge Edge, :
<Interface href="https://fqdn-vcd/api/admin/network/xxxxxx" name="network" type="application/vnd.vmware.admin.network+xml"/>
POST-. XML Body raw Edge. content-type application/vnd.vmware.admin.edgeGatewayServiceConfiguration+xml
Edge, url /action/configureServices, :
POST https://vCD-fqdn/api/admin/edgeGateway/XXXX/action/configureServices
.
. XML Edge , api. – vCloud Director, . , , .