1 2 Previous Next 19 Replies Latest reply on Sep 13, 2017 3:58 AM by DaleCoghlan

IPSets - Rest API

rajeevsrikant Aug 28, 2017 1:35 AM

I have one existing IPSet with the name Test

One IP Address has been added in the Test IP set group <1.1.1.1>

I need to add additional IP address 2.2.2.2 into this IP set via REST API

When i do via REST API it is getting replaced rather than adding to the existing IP Address.

Any idea what should i include in the REST API to include the new IP address , rather than replacing it.

1. Re: IPSets - Rest API

Sreec Aug 29, 2017 4:06 AM (in response to rajeevsrikant)

Rajeev,
You need to use Put operation for updating the current/exiting ip-sets and it will get updated. I have tested this and it works flawlessly. If this is Cross VC- ensure you are trying on Primary NSX.

PUT > https://NSXIP/api/2.0/services/ipset/ipset-NUMBER
Like Show 0 Likes(0)

Actions
2. Re: IPSets - Rest API

rajeevsrikant Aug 29, 2017 5:08 PM (in response to Sreec)

Thanks Sreec

I was trying the below script in the HOL

$NSXUsername = "admin"
$NSXPassword = "VMware1!"
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
$auth = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($NSXUsername+":"+$NSXPassword))
$head = @{"Authorization"="Basic $auth"}
$uri = "https://192.168.110.15"
$csv = Import-Csv c:\script\test.csv
foreach ($TestIPSet in $csv)
{
$rulename = $TestIPSet.name
$ruledesc = $TestIPSet.desc
$rulevalue = $TestIPSet.value
$body = "<ipset><description> $ruledesc </description<name> $rulename </name><value> $rulevalue </value></ipset>"
Write-Host -BackgroundColor:Black -ForgroundColor:Yellow "Status: Creating IPSets.This may take a few minutes."
Invoke-RestMethod -uri "$uri/api/2.0/services/ipset/globalroot-0" -Body $body -Method:Post -Headers $head -ContentType "application/xml"
Write-Host -BackgroundColor:Black -ForegroundColor:Green "Status:IPSets Successfully Created."
}

I am getting the error related to the POST command.
Let me know what is wrong in the Invoke-RestMethod command.
Like Show 0 Likes(0)

Actions
3. Re: IPSets - Rest API

Sreec Aug 30, 2017 12:05 AM (in response to rajeevsrikant)

I haven't tried that script. If possible change the uri path in the script Invoke-RestMethod -uri "$uri/api/2.0/services/ipset/globalroot-0" to https://nsxip/api/2.0/services/ipset/ipsetnumber(Get the ipset number by using get operation and update it there) and give a try
Like Show 0 Likes(0)

Actions
4. Re: IPSets - Rest API

rajeevsrikant Aug 30, 2017 10:52 PM (in response to Sreec)
I tried the attached power shell script & it worked for adding IP address to the existing scripts.
I have one query regarding the below line.

<revision>0</revision>

What does this line indicate.

– In progress
$NSXUsername = "admin"
$NSXPassword = "VMware1!"
$auth = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($NSXUsername+":"+$NSXPassword))
$head = @{"Authorization"="Basic $auth"}
$uri = "https://192.168.110.15"
$csv = Get-Content c:\Script\test.csv
$body = "<ipset>
<objectId>ipset-3</objectId>
<type>
<typeName>IPSet</typeName>
</type>
<description>
Rajeev
</description>
<name>Rajeev</name>
<revision>0</revision>
<objectTypeName />
<value>$csv</value>
</ipset>
"
Write-Host -BackgroundColor:Black -ForgroundColor:Yellow "Status: Creating IPSets.This may take a few minutes."
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
Invoke-RestMethod -uri "$uri/api/2.0/services/ipset/ipset-3" -Body $body -Method:Put -Headers $head -ContentType "application/xml"
Write-Host -BackgroundColor:Black -ForegroundColor:Green "Status:IPSets Successfully Created."
}

IP_Sets.txt.zip 689 bytes
Like Show 0 Likes(0)

Actions
5. Re: IPSets - Rest API

rajeevsrikant Aug 31, 2017 9:53 PM (in response to rajeevsrikant)

Any inputs
Like Show 0 Likes(0)

Actions
6. Re: IPSets - Rest API

DaleCoghlan Sep 2, 2017 4:05 AM (in response to rajeevsrikant)

You can use PowerNSX to update an IPSet with ease.

To add the address 2.2.2.2 to an existing IPset called blah, you can do the following:

Get-NsxIpSet blah | Add-NsxIpSetMember -IpAddress 2.2.2.2

You can also add multiple entries in a single command:

Get-NsxIpSet blah | Add-NsxIpSetMember -IpAddress 3.3.3.3,4.4.4.4,5.5.5.1-5.5.5.254,10.0.0.0/8

PowerNSX will take care of the revision numbers for you in the back end. The reason the revision number exists is so that when you do the PUT with the config, it is the latest version of the config that you have been working with and not an old version.

Regards
Dale
https://github.com/vmware/powernsx
Like Show 0 Likes(0)

Actions
7. Re: IPSets - Rest API

rajeevsrikant Sep 2, 2017 4:23 AM (in response to DaleCoghlan)

Thanks.
I will try it out.

One question.
Get-NsxIpSet blah | Add-NsxIpSetMember -IpAddress 3.3.3.3,4.4.4.4,5.5.5.1-5.5.5.254,10.0.0.0/8

Instead of specifying, the IP address like above, I would like to take the Ip address from the .txt or .csv file.
The .txt or .csv file will have the list of IP address in the above format & I want to import it from these files.
Like Show 0 Likes(0)

Actions
8. Re: IPSets - Rest API

rajeevsrikant Sep 2, 2017 8:06 PM (in response to rajeevsrikant)

$NSXUsername = "admin"
$NSXPassword = "VMware1!"
$auth = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($NSXUsername+":"+$NSXPassword))
$head = @{"Authorization"="Basic $auth"}
$uri = "https://192.168.110.15"
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
Get-NsxIpSet Test| Add-NsxIpSetMember -IpAddress 3.3.3.3,4.4.4.4,5.5.5.1-5.5.5.254,10.0.0.0/8

I was using the above syntax.
The error i got is " The term get-NSXIPSet is not recognized as the name of a cmdlet
Like Show 0 Likes(0)

Actions
9. Re: IPSets - Rest API

amsjadhav Sep 2, 2017 9:12 PM (in response to rajeevsrikant)

Hi Rajeev,

1. Kindly make sure you connected to NSX Manager/VI Server.
2, Do check that PowerNSX cmdlist are listed by running below command
   get-command -module PowerNSX
3. I ran same command you mentioned in your previous comment. It worked for me.

C:\> Get-NsxIpSet Test| Add-NsxIpSetMember -IpAddress 3.3.3.3,4.4.4.4,5.5.5.1-5.5.5.254,10.0.0.0/8
objectId           : ipset-2
objectTypeName     : IPSet
vsmUuid            : 564D9510-63AA-8EC4-3BAB-6A575B24AD96
nodeId             : 35e38097-ff4d-4b8c-8cd2-147bac2eda67
revision           : 2
type               : type
name               : test
description        :
scope              : scope
clientHandle       :
extendedAttributes :
isUniversal        : false
universalRevision : 0
inheritanceAllowed : false
value              : 8.8.8.8,10.0.0.0/8,5.5.5.1-5.5.5.254,3.3.3.3,4.4.4.4
Like Show 0 Likes(0)

Actions
10. Re: IPSets - Rest API

rajeevsrikant Sep 3, 2017 1:46 AM (in response to amsjadhav)

Thanks.
I was trying in the VMware HOL
Let me know if I will be use Power NSX in the HOL
Could you please share me how to connect to NSX Manager/VI Server in HOL
Like Show 0 Likes(0)

Actions
11. Re: IPSets - Rest API

rajeevsrikant Sep 3, 2017 7:02 PM (in response to rajeevsrikant)

Any help on how to use Power NSX in HOL
Like Show 0 Likes(0)

Actions
12. Re: IPSets - Rest API

rajeevsrikant Sep 4, 2017 1:33 AM (in response to rajeevsrikant)

Also any inputs what the below command means.
<revision>0</revision>
Like Show 0 Likes(0)

Actions
13. Re: IPSets - Rest API

rajeevsrikant Sep 5, 2017 8:24 PM (in response to rajeevsrikant)

Can any one help me with the below what the revision means.

<revision>0</revision>

I am planning to automate to add IP address to the existing IPSets using PowerShell with REST API commands.
So every time I do the IPSets update, which will be scheduled how should i manage with the revision version.
Is there any way i can do it without checking the revision number.
Like Show 0 Likes(0)

Actions
14. Re: IPSets - Rest API

DaleCoghlan Sep 10, 2017 12:51 PM (in response to rajeevsrikant)

The revision number is managed by the NSX Manager, so technically you don't need to do anything with it, however you need to adhere to the following (this goes for updating most objects via the API too)

When you want to update an existing object, it will have an existing revision number.

As an example consider the following IP Set
Name - MyWebSite
Value - 1.2.3.4
revision - 1

Now to update this object, first you need to do a GET to retrieve the config and the revision number will be 1.

You make the changes offline so it would look like the following
Name - MyWebSite
Value - 1.2.3.4, 5.5.5.5
revision - 1

and send it back by the appropriate POST/PUT API.

The revision number is used here as a mechanism to make sure that the original config you based your changes off was in fact the latest version of the object. Now when you submit the changes, NSX Manager will increase the revision number to 2 in the backend, and it would look like the following
Name - MyWebSite
Value - 1.2.3.4, 5.5.5.5
revision - 2

But lets say you tried to use the original data from the first GET command as the config you want to update, even though the revision has been incremented to 2 and you wanted to submit the following
Name - MyWebSite
Value - 1.2.3.4, 3.3.3.3
revision - 1

The API will error out because it believes you have an old config that your basing your changes on. If it were to accept the change, you would wipe out 5.5.5.5 from the IP Set unintentionally.

Does this make sense?

Dale
Like Show 0 Likes(0)

Actions