1 2 Previous Next 19 Replies Latest reply on Sep 13, 2017 3:58 AM by DaleCoghlan

    IPSets - Rest API

    rajeevsrikant Expert
    Community WarriorsvExpert

      I have one existing IPSet with the name Test

      One IP Address has been added in the Test IP set group <1.1.1.1>

      I need to add additional IP address 2.2.2.2 into this IP set via REST API

       

      When i do via REST API it is getting replaced rather than adding to the existing IP Address.

      Any idea what should i include in the REST API to include the new IP address , rather than replacing it.

        • 1. Re: IPSets - Rest API
          Sreec Master
          Community WarriorsvExpert

          Rajeev,

                       You need to use Put operation for updating the current/exiting ip-sets and it will get updated. I have tested this and it works flawlessly.  If this is Cross VC- ensure you are trying on Primary NSX.

           

           

          PUT  > https://NSXIP/api/2.0/services/ipset/ipset-NUMBER

          • 2. Re: IPSets - Rest API
            rajeevsrikant Expert
            Community WarriorsvExpert

            Thanks Sreec

             

            I was trying the below script in the HOL

             

            $NSXUsername = "admin"

            $NSXPassword = "VMware1!"

            [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

            $auth = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($NSXUsername+":"+$NSXPassword))

            $head = @{"Authorization"="Basic $auth"}

            $uri = "https://192.168.110.15"

            $csv = Import-Csv c:\script\test.csv

            foreach ($TestIPSet in $csv)

            {

            $rulename = $TestIPSet.name

            $ruledesc = $TestIPSet.desc

            $rulevalue = $TestIPSet.value

            $body = "<ipset><description> $ruledesc </description<name> $rulename </name><value> $rulevalue </value></ipset>"

            Write-Host -BackgroundColor:Black -ForgroundColor:Yellow "Status: Creating IPSets.This may take a few minutes."

            Invoke-RestMethod -uri "$uri/api/2.0/services/ipset/globalroot-0" -Body $body -Method:Post -Headers $head -ContentType "application/xml"

            Write-Host -BackgroundColor:Black -ForegroundColor:Green "Status:IPSets Successfully Created."

            }

             

             

             

            I am getting the error related to the POST command.

            Let me know what is wrong in the Invoke-RestMethod command.

            • 3. Re: IPSets - Rest API
              Sreec Master
              Community WarriorsvExpert

              I haven't tried that script. If possible change the uri path in the script Invoke-RestMethod -uri "$uri/api/2.0/services/ipset/globalroot-0"  to https://nsxip/api/2.0/services/ipset/ipsetnumber(Get the ipset number by using get operation and update it there) and give a try

              • 4. Re: IPSets - Rest API
                rajeevsrikant Expert
                Community WarriorsvExpert

                I tried the attached power shell script & it worked for adding IP address to the existing scripts.

                I have one query regarding the below line.

                 

                <revision>0</revision>

                 

                What does this line indicate.

                 

                 

                – In progress

                $NSXUsername = "admin"
                $NSXPassword = "VMware1!"
                $auth =  [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($NSXUsername+":"+$NSXPassword))
                $head = @{"Authorization"="Basic $auth"}
                $uri = "https://192.168.110.15"
                $csv = Get-Content c:\Script\test.csv
                $body = "<ipset>
                <objectId>ipset-3</objectId>
                <type>
                <typeName>IPSet</typeName>
                </type>
                <description>
                Rajeev
                </description>
                <name>Rajeev</name>
                <revision>0</revision>
                <objectTypeName />
                <value>$csv</value>
                </ipset>
                "
                Write-Host -BackgroundColor:Black -ForgroundColor:Yellow "Status: Creating IPSets.This may take a few minutes."
                [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
                Invoke-RestMethod -uri "$uri/api/2.0/services/ipset/ipset-3" -Body $body -Method:Put -Headers $head -ContentType "application/xml"
                Write-Host -BackgroundColor:Black -ForegroundColor:Green "Status:IPSets Successfully Created."
                }

                • 5. Re: IPSets - Rest API
                  rajeevsrikant Expert
                  Community WarriorsvExpert

                  Any inputs

                  • 6. Re: IPSets - Rest API
                    DaleCoghlan Enthusiast
                    VMware Employees

                    You can use PowerNSX to update an IPSet with ease.

                     

                    To add the address 2.2.2.2 to an existing IPset called blah, you can do the following:

                     

                    Get-NsxIpSet blah | Add-NsxIpSetMember -IpAddress 2.2.2.2

                     

                    You can also add multiple entries in a single command:

                     

                    Get-NsxIpSet blah | Add-NsxIpSetMember -IpAddress 3.3.3.3,4.4.4.4,5.5.5.1-5.5.5.254,10.0.0.0/8

                     

                    PowerNSX will take care of the revision numbers for you in the back end. The reason the revision number exists is so that when you do the PUT with the config, it is the latest version of the config that you have been working with and not an old version.

                     

                    Regards

                    Dale

                    https://github.com/vmware/powernsx

                    • 7. Re: IPSets - Rest API
                      rajeevsrikant Expert
                      vExpertCommunity Warriors

                      Thanks.

                      I will try it out.

                       

                      One question.

                      Get-NsxIpSet blah | Add-NsxIpSetMember -IpAddress 3.3.3.3,4.4.4.4,5.5.5.1-5.5.5.254,10.0.0.0/8

                       

                      Instead of specifying, the IP address like above, I would like to take the Ip address from the .txt or .csv file.

                      The .txt or .csv file will have the list of IP address in the above format & I want to import it from these files.

                      • 8. Re: IPSets - Rest API
                        rajeevsrikant Expert
                        Community WarriorsvExpert

                        $NSXUsername = "admin"

                        $NSXPassword = "VMware1!"

                        $auth =  [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($NSXUsername+":"+$NSXPassword))

                        $head = @{"Authorization"="Basic $auth"}

                        $uri = "https://192.168.110.15"

                        [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

                        Get-NsxIpSet Test| Add-NsxIpSetMember -IpAddress 3.3.3.3,4.4.4.4,5.5.5.1-5.5.5.254,10.0.0.0/8

                         

                        I was using the above syntax.

                        The error i got is " The term get-NSXIPSet is not recognized as the name of a cmdlet

                        • 9. Re: IPSets - Rest API
                          amsjadhav Lurker

                          Hi Rajeev,

                           

                          1. Kindly make sure you connected to NSX Manager/VI Server.

                          2, Do check that PowerNSX cmdlist are listed by running below command

                             get-command -module PowerNSX

                          3. I ran same command you mentioned in your previous comment. It worked for me.

                           

                          C:\> Get-NsxIpSet Test| Add-NsxIpSetMember -IpAddress 3.3.3.3,4.4.4.4,5.5.5.1-5.5.5.254,10.0.0.0/8

                          objectId           : ipset-2

                          objectTypeName     : IPSet

                          vsmUuid            : 564D9510-63AA-8EC4-3BAB-6A575B24AD96

                          nodeId             : 35e38097-ff4d-4b8c-8cd2-147bac2eda67

                          revision           : 2

                          type               : type

                          name               : test

                          description        :

                          scope              : scope

                          clientHandle       :

                          extendedAttributes :

                          isUniversal        : false

                          universalRevision  : 0

                          inheritanceAllowed : false

                          value              : 8.8.8.8,10.0.0.0/8,5.5.5.1-5.5.5.254,3.3.3.3,4.4.4.4

                          • 10. Re: IPSets - Rest API
                            rajeevsrikant Expert
                            Community WarriorsvExpert

                            Thanks.

                            I was trying in the VMware HOL

                            Let me know if I will be use Power NSX in the HOL

                            Could you please share me how to connect to NSX Manager/VI Server in HOL

                            • 11. Re: IPSets - Rest API
                              rajeevsrikant Expert
                              Community WarriorsvExpert

                              Any help on how to use Power NSX in HOL

                              • 12. Re: IPSets - Rest API
                                rajeevsrikant Expert
                                Community WarriorsvExpert

                                Also any inputs what the below command means.

                                <revision>0</revision>

                                • 13. Re: IPSets - Rest API
                                  rajeevsrikant Expert
                                  vExpertCommunity Warriors

                                  Can any one help me with the below what the revision means.

                                   

                                  <revision>0</revision>

                                   

                                  I am planning to automate to add IP address to the existing IPSets using PowerShell with REST API commands.

                                  So every time I do the  IPSets update, which will be scheduled how should i manage with the revision version.

                                  Is there any way i can do it without checking the revision number.

                                  • 14. Re: IPSets - Rest API
                                    DaleCoghlan Enthusiast
                                    VMware Employees

                                    The revision number is managed by the NSX Manager, so technically you don't need to do anything with it, however you need to adhere to the following (this goes for updating most objects via the API too)

                                     

                                    When you want to update an existing object, it will have an existing revision number.

                                     

                                    As an example consider the following IP Set

                                    Name - MyWebSite

                                    Value - 1.2.3.4

                                    revision - 1

                                     

                                    Now to update this object, first you need to do a GET to retrieve the config and the revision number will be 1.

                                     

                                    You make the changes offline so it would look like the following

                                    Name - MyWebSite

                                    Value - 1.2.3.4, 5.5.5.5

                                    revision - 1

                                     

                                    and send it back by the appropriate POST/PUT API.

                                     

                                    The revision number is used here as a mechanism to make sure that the original config you based your changes off was in fact the latest version of the object. Now when you submit the changes, NSX Manager will increase the revision number to 2 in the backend, and it would look like the following

                                    Name - MyWebSite

                                    Value - 1.2.3.4, 5.5.5.5

                                    revision - 2

                                     

                                    But lets say you tried to use the original data from the first GET command as the config you want to update, even though the revision has been incremented to 2 and you wanted to submit the following

                                    Name - MyWebSite

                                    Value - 1.2.3.4, 3.3.3.3

                                    revision - 1

                                     

                                    The API will error out because it believes you have an old config that your basing your changes on. If it were to accept the change, you would wipe out 5.5.5.5 from the IP Set unintentionally.

                                     

                                    Does this make sense?

                                     

                                    Dale

                                    1 2 Previous Next