8 Replies Latest reply on Oct 27, 2016 8:33 PM by munishpalmakhija

    Add vNIC to PortGroup Scope Security Group with REST API

    jmedd Enthusiast
    vExpert

      I have created a Security Group with the scope of a PortGroup via the REST API. I am now trying to add a vNIC to it, also via the REST API.

       

      To help illustrate I have a VM JMTest1 with 1 vNIC connected to the PortGroup that is the scope of the Security Group. When I edit this Security Group the first item in the list that could be added into the group is the first (and only) vNIC of JMTest1.

       

      AddvNICToSecurityGroup.PNG

       

      To add it via the REST API I need to supply the following:

       

      https://192.168.x.x/api/2.0/services/securitygroup/securitygroup-xx/members/<member-moref>

       

      i.e. I need to figure out what is the <member-moref> for the vNIC of JMTest1 and this is what I am having trouble with.

       

      If I add the vNIC via the GUI and then query the Security Group it gives me the below response:

       

      <securitygroup>

        <objectIdobjectId>securitygroup-xx</objectId>

        <type>

        <typeName>SecurityGroup</typeName>

        </type>

        <name>JMTest7</name>

        <description />

        <revision>9</revision>

        <objectTypeName>SecurityGroup</objectTypeName>

        <scope>

        <id>dvportgroup-xxxxx</id>

        <objectTypeName>DistributedVirtualPortgroup</objectTypeName>

        <name>dv-xxxxx</name>

        </scope>

        <extendedAttributes />

        <inheritanceAllowed>false</inheritanceAllowed>

        <member>

        <objectId>500758f6-b97b-7a79-0c04-996f53edf3f0.000</objectId>

        <type>

        <typeName>Vnic</typeName>

        </type>

        <name>JMTest1 - Network adapter 1</name>

        <revision>6</revision>

        <objectTypeName>Vnic</objectTypeName>

        <scope>

        <id>vm-xxxxx</id>

        <objectTypeName>VirtualMachine</objectTypeName>

        <name>JMTest1</name>

        </scope>

        <extendedAttributes />

        </member>

      </securitygroup>

       

       

      So it looks like the <member-moref> for the vNIC of JMTest1 is <objectId>500758f6-b97b-7a79-0c04-996f53edf3f0.000</objectId>

       

      If I now run:

       

      https://192.168.x.x/api/2.0/services/securitygroup/securitygroup-xx/members/500758f6-b97b-7a79-0c04-996f53edf3f0.000

       

      then the vNIC is successfully added to the Security Group. (yay!) So I am now left with the task of how to get

       

      <objectId>500758f6-b97b-7a79-0c04-996f53edf3f0.000</objectId>

       

      from a vNIC?

       

      I've examined the object in the vCenter Mob and via PowerCLI, but can't see how to derive it.

       

      Anyone know the answer to this?

        • 1. Re: Add vNIC to PortGroup Scope Security Group with REST API
          vSx Novice
          VMware Employees

          The vnic uuid is created by concatenating the vm instanceUuid + "." + the last three digits of the vnic device key.  (The vnic is found in the config.hardware.device field of the vm and the key will be of the form 4xxx, where xxx is the 3 digits that you need.)

          • 2. Re: Add vNIC to PortGroup Scope Security Group with REST API
            mahaines Hot Shot

            There is an API to get all nics for a given VM moid

            https://<ip>/api/2.0/services/inventory/vm/<moid>/vnics

             

             

            There is an API available in SecurityGroup to get all applicable member for a given type

            https://<ip>/api/2.0/services/securitygroup/scope/globalroot-0/members/Vnic

             

            Hope this helps.

            1 person found this helpful
            • 3. Re: Add vNIC to PortGroup Scope Security Group with REST API
              jmedd Enthusiast
              vExpert

              @vSx - thank you, that's just what I needed!

               

              @mahaines - thank you also for the additional info. Had a couple of issues with those URLs though (vShield version 5.5.0a):

               

              https://<ip>/api/2.0/services/inventory/vm/<moid>/vnics


              returns a 404 Not Found, e.g.


              https://192.168.x.x/api/2.0/services/inventory/vm/vm-15669/vnics


              same with https://192.168.x.x/api/2.0/services/inventory/vm/


              and also the same with the second URL

               

              https://192.168.x.x//api/2.0/services/securitygroup/scope/globalroot-0/members/Vnic

               

              I did have some success though with:

               

              https://192.168.x.x/api/2.0/services/securitygroup/scope/datacenter-xx/members/

               

              https://192.168.x.x/api/2.0/services/securitygroup/scope/portgroup-xxxxx/members/

               

              i.e. a datacenter or portgroup scope and no Vnic on the end returns multiple results. From there I was able identify the vnic I was looking for and the objectId.


              However, was not able to progress that URL down further to just vnics as I'm guessing that's where the addition of the /Vnic was heading?

              • 4. Re: Add vNIC to PortGroup Scope Security Group with REST API
                mahaines Hot Shot

                Ah! My bad - I just assumed (incorrectly) this was NSX for vSphere! Just for completeness here is why is returned :

                 

                $ https://<nsxmgr-ip>/api/2.0/services/securitygroup/scope/globalroot-0/members/Vnic | python -m json.tool

                 

                Returns  (Example):

                 

                {

                        "clientHandle": "",

                        "extendedAttributes": [],

                        "name": "esxvm-99-setup3-<IP> - Network adapter 1",

                        "objectId": "503497ec-1d9c-501e-8b06-3bdb54d57bcd.000",

                        "objectTypeName": "Vnic",

                        "revision": 2,

                        "scope": {

                            "id": "vm-7258",

                            "name": "esxvm-99-setup3-<IP>",

                            "objectTypeName": "VirtualMachine"

                        },

                        "type": {

                            "name": "Vnic"

                        },

                        "vsmUuid": "423440C0-11EB-8C30-05A3-4092EEBC968A"

                    },

                    {

                        "clientHandle": "",

                        "extendedAttributes": [],

                        "name": "esxvm-39-setup2-<IP> - Network adapter 1",

                        "objectId": "503460dc-619f-c87c-d2b3-e734652f265f.000",

                        "objectTypeName": "Vnic",

                        "revision": 2,

                        "scope": {

                            "id": "vm-7459",

                            "name": "esxvm-39-setup2-<IP>",

                            "objectTypeName": "VirtualMachine"

                        },

                        "type": {

                            "name": "Vnic"

                        },

                        "vsmUuid": "423440C0-11EB-8C30-05A3-4092EEBC968A"

                    },

                    {

                        "clientHandle": "",

                        "extendedAttributes": [],

                        "name": "esxvm-103-setup3-<IP> - Network adapter 2",

                        "objectId": "50347b63-17ec-8298-29b4-6198fc802133.001",

                        "objectTypeName": "Vnic",

                        "revision": 3,

                        "scope": {

                            "id": "vm-7262",

                            "name": "esxvm-103-setup3-<IP>",

                            "objectTypeName": "VirtualMachine"

                        },

                        "type": {

                            "name": "Vnic"

                        },

                        "vsmUuid": "423440C0-11EB-8C30-05A3-4092EEBC968A"

                    },

                    {

                        "clientHandle": "",

                        "extendedAttributes": [],

                        "name": "esxvm-184-setup3-<IP> - Network adapter 3",

                        "objectId": "5034bbaa-207f-6a9d-6dbc-19bc65f3a334.002",

                        "objectTypeName": "Vnic",

                        "revision": 3,

                        "scope": {

                            "id": "vm-7343",

                            "name": "esxvm-184-setup3-<IP>",

                            "objectTypeName": "VirtualMachine"

                        },

                        "type": {

                            "name": "Vnic"

                        },

                        "vsmUuid": "423440C0-11EB-8C30-05A3-4092EEBC968A"

                    }

                • 5. Re: Add vNIC to PortGroup Scope Security Group with REST API
                  mahaines Hot Shot

                  And https://<ip>/api/2.0/services/inventory/vm/<moid>/vnics returns :

                   

                  https://<nsxmgr-ip>/api/2.0/services/inventory/vm/vm-7262/vnics | python -m json.tool

                  {

                      "basicDomainObjects": [

                          {

                              "clientHandle": "",

                              "extendedAttributes": [],

                              "name": "esxvm-103-setup3-<IP> - Network adapter 1",

                              "objectId": "50347b63-17ec-8298-29b4-6198fc802133.000",

                              "objectTypeName": "Vnic",

                              "revision": 2,

                              "scope": {

                                  "id": "vm-7262",

                                  "name": "esxvm-103-setup3-<IP>",

                                  "objectTypeName": "VirtualMachine"

                              },

                              "type": {

                                  "name": "Vnic"

                              },

                              "vsmUuid": "423440C0-11EB-8C30-05A3-4092EEBC968A"

                          },

                          {

                              "clientHandle": "",

                              "extendedAttributes": [],

                              "name": "esxvm-103-setup3-<IP> - Network adapter 2",

                              "objectId": "50347b63-17ec-8298-29b4-6198fc802133.001",

                              "objectTypeName": "Vnic",

                              "revision": 3,

                              "scope": {

                                  "id": "vm-7262",

                                  "name": "esxvm-103-setup3-<IP>",

                                  "objectTypeName": "VirtualMachine"

                              },

                              "type": {

                                  "name": "Vnic"

                              },

                              "vsmUuid": "423440C0-11EB-8C30-05A3-4092EEBC968A"

                          },

                          {

                              "clientHandle": "",

                              "extendedAttributes": [],

                              "name": "esxvm-103-setup3-<IP> - Network adapter 3",

                              "objectId": "50347b63-17ec-8298-29b4-6198fc802133.002",

                              "objectTypeName": "Vnic",

                              "revision": 3,

                              "scope": {

                                  "id": "vm-7262",

                                  "name": "esxvm-103-setup3-<IP>",

                                  "objectTypeName": "VirtualMachine"

                              },

                              "type": {

                                  "name": "Vnic"

                              },

                              "vsmUuid": "423440C0-11EB-8C30-05A3-4092EEBC968A"

                          },

                          {

                              "clientHandle": "",

                              "extendedAttributes": [],

                              "name": "esxvm-103-setup3-<IP> - Network adapter 4",

                              "objectId": "50347b63-17ec-8298-29b4-6198fc802133.003",

                              "objectTypeName": "Vnic",

                              "revision": 3,

                              "scope": {

                                  "id": "vm-7262",

                                  "name": "esxvm-103-setup3-<IP>",

                                  "objectTypeName": "VirtualMachine"

                              },

                              "type": {

                                  "name": "Vnic"

                              },

                              "vsmUuid": "423440C0-11EB-8C30-05A3-4092EEBC968A"

                          },

                          {

                              "clientHandle": "",

                              "extendedAttributes": [],

                              "name": "esxvm-103-setup3-<IP> - Network adapter 5",

                              "objectId": "50347b63-17ec-8298-29b4-6198fc802133.004",

                              "objectTypeName": "Vnic",

                              "revision": 3,

                              "scope": {

                                  "id": "vm-7262",

                                  "name": "esxvm-103-setup3-<IP>",

                                  "objectTypeName": "VirtualMachine"

                              },

                              "type": {

                                  "name": "Vnic"

                              },

                              "vsmUuid": "423440C0-11EB-8C30-05A3-4092EEBC968A"

                          }

                      ]

                  }

                  • 6. Re: Add vNIC to PortGroup Scope Security Group with REST API
                    mahaines Hot Shot

                    The APIs which I mentioned previously are not available on the vCloud Networking and Security v5.5.0 build (sorry).

                     

                    There is another API that returns all applicable member(s) for a securitygroup :

                     

                    https://<ip>/api/2.0/services/securitygroup/scope/globalroot-0/members

                     

                    Also, you asked about the <objectId>500758f6-b97b-7a79-0c04-996f53edf3f0.000</objectId> and how it is derived.


                    If a vm has an instance UUId: 50104df1-6db3-c80c-d1c5-c7e2d98d1362 (https://<vc>/mob/?moid=vm-9436&doPath=summary.config) and if there are 3 nics associated with it then the nic ids will be 50104df1-6db3-c80c-d1c5-c7e2d98d1362.000 - 50104df1-6db3-c80c-d1c5-c7e2d98d1362.001 and 50104df1-6db3-c80c-d1c5-c7e2d98d1362.002


                    Hope this helps.


                    -Michael

                    1 person found this helpful
                    • 7. Re: Add vNIC to PortGroup Scope Security Group with REST API
                      jmedd Enthusiast
                      vExpert

                      Thanks for the extra info :-)

                      • 8. Re: Add vNIC to PortGroup Scope Security Group with REST API
                        munishpalmakhija Enthusiast
                        vExpert

                        I know this is really old post however it helped me a lot to find out the vnic uuid. I was completely lost until I found this thread. Thanks very much