A customer asked me this week if there was any examples of customers configuring the NSX load balancer via vRealize Automation. I was surprised when google didn’t turn up any examples. The NSX API guide (which is one of the best guides around) provides the details for how to call each element. You can download it here. Once you have the PDF you can navigate to page 200 which is the start of the load balancer section.
Too many Edge devices
NSX load balancers are Edge service gateways. A normal NSX environment may have a few while others may have hundreds but not all are load balancers. A quick API lookup of all Edges provides this information: (my NSX manager is 192.168.10.28 hence the usage in all examples)
https://192.168.10.28/api/4.0/edges
<edgeSummary>
<objectId>edge-57</objectId>
<objectTypeName>Edge</objectTypeName>
<vsmUuid>420CD713-469F-7053-8281-A7BD66A1CD46</vsmUuid>
<nodeId>92484cee-ab3c-4ed2-955e-e5bd135f5be5</nodeId>
<revision>2</revision>
<type>
<typeName>Edge</typeName>
</type>
<name>LB-1</name>
<clientHandle></clientHandle>
<extendedAttributes/>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<id>edge-57</id>
<state>deployed</state>
<edgeType>gatewayServices</edgeType>
<datacenterMoid>datacenter-21</datacenterMoid>
<datacenterName>Home</datacenterName>
<tenantId>default</tenantId>
<apiVersion>4.0</apiVersion>
<recentJobInfo>
<jobId>jobdata-34935</jobId>
<status>SUCCESS</status>
</recentJobInfo>
<edgeStatus>GREEN</edgeStatus>
<numberOfConnectedVnics>1</numberOfConnectedVnics>
<appliancesSummary>
<vmVersion>6.2.0</vmVersion>
<vmBuildInfo>6.2.0-2982179</vmBuildInfo>
<applianceSize>compact</applianceSize>
<fqdn>NSX-edge-57</fqdn>
<numberOfDeployedVms>1</numberOfDeployedVms>
<activeVseHaIndex>0</activeVseHaIndex>
<vmMoidOfActiveVse>vm-283</vmMoidOfActiveVse>
<vmNameOfActiveVse>LB-1-0</vmNameOfActiveVse>
<hostMoidOfActiveVse>host-29</hostMoidOfActiveVse>
<hostNameOfActiveVse>vmh1.griffiths.local</hostNameOfActiveVse>
<resourcePoolMoidOfActiveVse>resgroup-27</resourcePoolMoidOfActiveVse>
<resourcePoolNameOfActiveVse>Resources</resourcePoolNameOfActiveVse>
<dataStoreMoidOfActiveVse>datastore-31</dataStoreMoidOfActiveVse>
<dataStoreNameOfActiveVse>SYN8-NFS-GEN-VOL1</dataStoreNameOfActiveVse>
<statusFromVseUpdatedOn>1478911807005</statusFromVseUpdatedOn>
<communicationChannel>msgbus</communicationChannel>
</appliancesSummary>
<hypervisorAssist>false</hypervisorAssist>
<allowedActions>
<string>Change Log Level</string>
<string>Add Edge Appliance</string>
<string>Delete Edge Appliance</string>
<string>Edit Edge Appliance</string>
<string>Edit CLI Credentials</string>
<string>Change edge appliance size</string>
<string>Force Sync</string>
<string>Redeploy Edge</string>
<string>Change Edge Appliance Core Dump Configuration</string>
<string>Enable hypervisorAssist</string>
<string>Edit Highavailability</string>
<string>Edit Dns</string>
<string>Edit Syslog</string>
<string>Edit Automatic Rule Generation Settings</string>
<string>Disable SSH</string>
<string>Download Edge TechSupport Logs</string>
</allowedActions>
</edgeSummary>
This is for a single Edge gateway in my case I have 57 Edges deployed over the life of my NSX environment and 15 active right now. But only Edge-57 is a load balancer. This report does not provide anything that can be used to identify it as a load balancer from a Edge as a firewall. In order to identify if it’s a load balancer I have to query it’s load balancer configuration using:
https://192.168.10.28/api/4.0/edges/edge-57/loadbalancer/config
Notice the addition of the edge-57 name to the query. It returns:
<loadBalancer>
<version>2</version>
<enabled>true</enabled>
<enableServiceInsertion>false</enableServiceInsertion>
<accelerationEnabled>false</accelerationEnabled>
<monitor>
<monitorId>monitor-1</monitorId>
<type>tcp</type>
<interval>5</interval>
<timeout>15</timeout>
<maxRetries>3</maxRetries>
<name>default_tcp_monitor</name>
</monitor>
<monitor>
<monitorId>monitor-2</monitorId>
<type>http</type>
<interval>5</interval>
<timeout>15</timeout>
<maxRetries>3</maxRetries>
<method>GET</method>
<url>/</url>
<name>default_http_monitor</name>
</monitor>
<monitor>
<monitorId>monitor-3</monitorId>
<type>https</type>
<interval>5</interval>
<timeout>15</timeout>
<maxRetries>3</maxRetries>
<method>GET</method>
<url>/</url>
<name>default_https_monitor</name>
</monitor>
<logging>
<enable>false</enable>
<logLevel>info</logLevel>
</logging>
</loadBalancer>
Notice that this edge has load balancer enabled as true with some default monitors. To compare here is a edge without the feature enabled:
https://192.168.10.28/api/4.0/edges/edge-56/loadbalancer/config
<loadBalancer>
<version>1</version>
<enabled>false</enabled>
<enableServiceInsertion>false</enableServiceInsertion>
<accelerationEnabled>false</accelerationEnabled>
<monitor>
<monitorId>monitor-1</monitorId>
<type>tcp</type>
<interval>5</interval>
<timeout>15</timeout>
<maxRetries>3</maxRetries>
<name>default_tcp_monitor</name>
</monitor>
<monitor>
<monitorId>monitor-2</monitorId>
<type>http</type>
<interval>5</interval>
<timeout>15</timeout>
<maxRetries>3</maxRetries>
<method>GET</method>
<url>/</url>
<name>default_http_monitor</name>
</monitor>
<monitor>
<monitorId>monitor-3</monitorId>
<type>https</type>
<interval>5</interval>
<timeout>15</timeout>
<maxRetries>3</maxRetries>
<method>GET</method>
<url>/</url>
<name>default_https_monitor</name>
</monitor>
<logging>
<enable>false</enable>
<logLevel>info</logLevel>
</logging>
</loadBalancer>
Enabled is false with the same default monitors. So now we know how to identify which edges are load balancers:
- Get list of all Edges via API and pull out id element
- Query each id element for load balancer config and match on true
Adding virtual servers
You can add virtual servers assuming the application profile and pools are already in place with a POST command with a XML body payload like this (the virtual server IP must already be assigned to the Edge as an interface):
https://192.168.10.28/api/4.0/edges/edge-57/loadbalancer/config/virtualservers
<virtualServer>
<name>http_vip_2</name>
<description>http virtualServer 2</description>
<enabled>true</enabled>
<ipAddress>192.168.10.18</ipAddress>
<protocol>http</protocol>
<port>443,6000-7000</port>
<connectionLimit>123</connectionLimit>
<connectionRateLimit>123</connectionRateLimit>
<applicationProfileId>applicationProfile-1</applicationProfileId>
<defaultPoolId>pool-1</defaultPoolId>
<enableServiceInsertion>false</enableServiceInsertion>
<accelerationEnabled>true</accelerationEnabled>
</virtualServer>
You can see it’s been created. A quick query:
https://192.168.10.28/api/4.0/edges/edge-57/loadbalancer/config/virtualservers
<loadBalancer>
<virtualServer>
<virtualServerId>virtualServer-5</virtualServerId>
<name>http_vip_2</name>
<description>http virtualServer 2</description>
<enabled>true</enabled>
<ipAddress>192.168.10.18</ipAddress>
<protocol>http</protocol>
<port>443,6000-7000</port>
<connectionLimit>123</connectionLimit>
<connectionRateLimit>123</connectionRateLimit>
<defaultPoolId>pool-1</defaultPoolId>
<applicationProfileId>applicationProfile-1</applicationProfileId>
<enableServiceInsertion>false</enableServiceInsertion>
<accelerationEnabled>true</accelerationEnabled>
</virtualServer>
</loadBalancer>
Shows it’s been created. To delete just use the virtualServerId and pass to DELETE
https://192.168.10.28/api/4.0/edges/edge-57/loadbalancer/config/virtualservers/virtualserverID
Pool Members
For pools you have to update the full information to add a backend member or for that matter remove a member. So you first query it:
https://192.168.10.28/api/4.0/edges/edge-57/loadbalancer/config/pools
<?xml version="1.0" encoding="UTF-8"?>
<loadBalancer>
<pool>
<poolId>pool-1</poolId>
<name>pool-1</name>
<algorithm>round-robin</algorithm>
<transparent>false</transparent>
</pool>
</loadBalancer>
Then you form your PUT with the data elements you need (taken from API guide).
https://192.168.10.28/api/4.0/edges/edge-57/loadbalancer/config/pools/pool-1
<pool>
<name>pool-1</name>
<description>pool-tcp-snat</description>
<transparent>false</transparent>
<algorithm>round-robin</algorithm>
<monitorId>monitor-3</monitorId>
<member>
<ipAddress>192.168.10.14</ipAddress>
<weight>1</weight>
<port>80</port>
<minConn>10</minConn>
<maxConn>100</maxConn>
<name>m5</name>
<monitorPort>80</monitorPort>
</member>
</pool>
In the client we see a member added:
Tie it all together
Each of these actions have a update delete and query function that can be done. The real challenge is taking the API inputs and creating user friendly data into vRealize Input to make it user friendly. NSX continues to amaze me as a great product that has a very powerful and documented API. I have run into very little issues trying to figure out how to do anything in NSX with the API. In a future post I may provide some vRealize Orchestrator actions to speed up configuration of load balancers.