-
1. Re: IPSets - Rest API
Sreec Aug 29, 2017 4:06 AM (in response to rajeevsrikant)Rajeev,
You need to use Put operation for updating the current/exiting ip-sets and it will get updated. I have tested this and it works flawlessly. If this is Cross VC- ensure you are trying on Primary NSX.
-
2. Re: IPSets - Rest API
rajeevsrikant Aug 29, 2017 5:08 PM (in response to Sreec)Thanks Sreec
I was trying the below script in the HOL
$NSXUsername = "admin"
$NSXPassword = "VMware1!"
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
$auth = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($NSXUsername+":"+$NSXPassword))
$head = @{"Authorization"="Basic $auth"}
$uri = "https://192.168.110.15"
$csv = Import-Csv c:\script\test.csv
foreach ($TestIPSet in $csv)
{
$rulename = $TestIPSet.name
$ruledesc = $TestIPSet.desc
$rulevalue = $TestIPSet.value
$body = "<ipset><description> $ruledesc </description<name> $rulename </name><value> $rulevalue </value></ipset>"
Write-Host -BackgroundColor:Black -ForgroundColor:Yellow "Status: Creating IPSets.This may take a few minutes."
Invoke-RestMethod -uri "$uri/api/2.0/services/ipset/globalroot-0" -Body $body -Method:Post -Headers $head -ContentType "application/xml"
Write-Host -BackgroundColor:Black -ForegroundColor:Green "Status:IPSets Successfully Created."
}
I am getting the error related to the POST command.
Let me know what is wrong in the Invoke-RestMethod command.
-
3. Re: IPSets - Rest API
Sreec Aug 30, 2017 12:05 AM (in response to rajeevsrikant)I haven't tried that script. If possible change the uri path in the script Invoke-RestMethod -uri "$uri/api/2.0/services/ipset/globalroot-0" to https://nsxip/api/2.0/services/ipset/ipsetnumber(Get the ipset number by using get operation and update it there) and give a try
-
4. Re: IPSets - Rest API
rajeevsrikant Aug 30, 2017 10:52 PM (in response to Sreec)I tried the attached power shell script & it worked for adding IP address to the existing scripts.
I have one query regarding the below line.
<revision>0</revision>
What does this line indicate.
– In progress
$NSXUsername = "admin"
$NSXPassword = "VMware1!"
$auth = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($NSXUsername+":"+$NSXPassword))
$head = @{"Authorization"="Basic $auth"}
$uri = "https://192.168.110.15"
$csv = Get-Content c:\Script\test.csv
$body = "<ipset>
<objectId>ipset-3</objectId>
<type>
<typeName>IPSet</typeName>
</type>
<description>
Rajeev
</description>
<name>Rajeev</name>
<revision>0</revision>
<objectTypeName />
<value>$csv</value>
</ipset>
"
Write-Host -BackgroundColor:Black -ForgroundColor:Yellow "Status: Creating IPSets.This may take a few minutes."
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
Invoke-RestMethod -uri "$uri/api/2.0/services/ipset/ipset-3" -Body $body -Method:Put -Headers $head -ContentType "application/xml"
Write-Host -BackgroundColor:Black -ForegroundColor:Green "Status:IPSets Successfully Created."
}-
IP_Sets.txt.zip 689 bytes
-
-
5. Re: IPSets - Rest API
rajeevsrikant Aug 31, 2017 9:53 PM (in response to rajeevsrikant)Any inputs
-
6. Re: IPSets - Rest API
DaleCoghlan Sep 2, 2017 4:05 AM (in response to rajeevsrikant)You can use PowerNSX to update an IPSet with ease.
To add the address 2.2.2.2 to an existing IPset called blah, you can do the following:
Get-NsxIpSet blah | Add-NsxIpSetMember -IpAddress 2.2.2.2
You can also add multiple entries in a single command:
Get-NsxIpSet blah | Add-NsxIpSetMember -IpAddress 3.3.3.3,4.4.4.4,5.5.5.1-5.5.5.254,10.0.0.0/8
PowerNSX will take care of the revision numbers for you in the back end. The reason the revision number exists is so that when you do the PUT with the config, it is the latest version of the config that you have been working with and not an old version.
Regards
Dale
-
7. Re: IPSets - Rest API
rajeevsrikant Sep 2, 2017 4:23 AM (in response to DaleCoghlan)Thanks.
I will try it out.
One question.
Get-NsxIpSet blah | Add-NsxIpSetMember -IpAddress 3.3.3.3,4.4.4.4,5.5.5.1-5.5.5.254,10.0.0.0/8
Instead of specifying, the IP address like above, I would like to take the Ip address from the .txt or .csv file.
The .txt or .csv file will have the list of IP address in the above format & I want to import it from these files.
-
8. Re: IPSets - Rest API
rajeevsrikant Sep 2, 2017 8:06 PM (in response to rajeevsrikant)$NSXUsername = "admin"
$NSXPassword = "VMware1!"
$auth = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($NSXUsername+":"+$NSXPassword))
$head = @{"Authorization"="Basic $auth"}
$uri = "https://192.168.110.15"
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
Get-NsxIpSet Test| Add-NsxIpSetMember -IpAddress 3.3.3.3,4.4.4.4,5.5.5.1-5.5.5.254,10.0.0.0/8
I was using the above syntax.
The error i got is " The term get-NSXIPSet is not recognized as the name of a cmdlet
-
9. Re: IPSets - Rest API
amsjadhav Sep 2, 2017 9:12 PM (in response to rajeevsrikant)Hi Rajeev,
1. Kindly make sure you connected to NSX Manager/VI Server.
2, Do check that PowerNSX cmdlist are listed by running below command
get-command -module PowerNSX
3. I ran same command you mentioned in your previous comment. It worked for me.
C:\> Get-NsxIpSet Test| Add-NsxIpSetMember -IpAddress 3.3.3.3,4.4.4.4,5.5.5.1-5.5.5.254,10.0.0.0/8
objectId : ipset-2
objectTypeName : IPSet
vsmUuid : 564D9510-63AA-8EC4-3BAB-6A575B24AD96
nodeId : 35e38097-ff4d-4b8c-8cd2-147bac2eda67
revision : 2
type : type
name : test
description :
scope : scope
clientHandle :
extendedAttributes :
isUniversal : false
universalRevision : 0
inheritanceAllowed : false
value : 8.8.8.8,10.0.0.0/8,5.5.5.1-5.5.5.254,3.3.3.3,4.4.4.4
-
10. Re: IPSets - Rest API
rajeevsrikant Sep 3, 2017 1:46 AM (in response to amsjadhav)Thanks.
I was trying in the VMware HOL
Let me know if I will be use Power NSX in the HOL
Could you please share me how to connect to NSX Manager/VI Server in HOL
-
11. Re: IPSets - Rest API
rajeevsrikant Sep 3, 2017 7:02 PM (in response to rajeevsrikant)Any help on how to use Power NSX in HOL
-
12. Re: IPSets - Rest API
rajeevsrikant Sep 4, 2017 1:33 AM (in response to rajeevsrikant)Also any inputs what the below command means.
<revision>0</revision>
-
13. Re: IPSets - Rest API
rajeevsrikant Sep 5, 2017 8:24 PM (in response to rajeevsrikant)Can any one help me with the below what the revision means.
<revision>0</revision>
I am planning to automate to add IP address to the existing IPSets using PowerShell with REST API commands.
So every time I do the IPSets update, which will be scheduled how should i manage with the revision version.
Is there any way i can do it without checking the revision number.
-
14. Re: IPSets - Rest API
DaleCoghlan Sep 10, 2017 12:51 PM (in response to rajeevsrikant)The revision number is managed by the NSX Manager, so technically you don't need to do anything with it, however you need to adhere to the following (this goes for updating most objects via the API too)
When you want to update an existing object, it will have an existing revision number.
As an example consider the following IP Set
Name - MyWebSite
Value - 1.2.3.4
revision - 1
Now to update this object, first you need to do a GET to retrieve the config and the revision number will be 1.
You make the changes offline so it would look like the following
Name - MyWebSite
Value - 1.2.3.4, 5.5.5.5
revision - 1
and send it back by the appropriate POST/PUT API.
The revision number is used here as a mechanism to make sure that the original config you based your changes off was in fact the latest version of the object. Now when you submit the changes, NSX Manager will increase the revision number to 2 in the backend, and it would look like the following
Name - MyWebSite
Value - 1.2.3.4, 5.5.5.5
revision - 2
But lets say you tried to use the original data from the first GET command as the config you want to update, even though the revision has been incremented to 2 and you wanted to submit the following
Name - MyWebSite
Value - 1.2.3.4, 3.3.3.3
revision - 1
The API will error out because it believes you have an old config that your basing your changes on. If it were to accept the change, you would wipe out 5.5.5.5 from the IP Set unintentionally.
Does this make sense?
Dale