I have one existing IPSet with the name Test
One IP Address has been added in the Test IP set group <1.1.1.1>
I need to add additional IP address 2.2.2.2 into this IP set via REST API
When i do via REST API it is getting replaced rather than adding to the existing IP Address.
Any idea what should i include in the REST API to include the new IP address , rather than replacing it.
Rajeev,
You need to use Put operation for updating the current/exiting ip-sets and it will get updated. I have tested this and it works flawlessly. If this is Cross VC- ensure you are trying on Primary NSX.
PUT > https://NSXIP/api/2.0/services/ipset/ipset-NUMBER
Thanks Sreec
I was trying the below script in the HOL
$NSXUsername = "admin"
$NSXPassword = "VMware1!"
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
$auth = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($NSXUsername+":"+$NSXPassword))
$head = @{"Authorization"="Basic $auth"}
$uri = "https://192.168.110.15"
$csv = Import-Csv c:\script\test.csv
foreach ($TestIPSet in $csv)
{
$rulename = $TestIPSet.name
$ruledesc = $TestIPSet.desc
$rulevalue = $TestIPSet.value
$body = "<ipset><description> $ruledesc </description<name> $rulename </name><value> $rulevalue </value></ipset>"
Write-Host -BackgroundColor:Black -ForgroundColor:Yellow "Status: Creating IPSets.This may take a few minutes."
Invoke-RestMethod -uri "$uri/api/2.0/services/ipset/globalroot-0" -Body $body -Method:Post -Headers $head -ContentType "application/xml"
Write-Host -BackgroundColor:Black -ForegroundColor:Green "Status:IPSets Successfully Created."
}
I am getting the error related to the POST command.
Let me know what is wrong in the Invoke-RestMethod command.
I haven't tried that script. If possible change the uri path in the script Invoke-RestMethod -uri "$uri/api/2.0/services/ipset/globalroot-0" to https://nsxip/api/2.0/services/ipset/ipsetnumber(Get the ipset number by using get operation and update it there) and give a try
I tried the attached power shell script & it worked for adding IP address to the existing scripts.
I have one query regarding the below line.
<revision>0</revision>
What does this line indicate.
– In progress
$NSXUsername = "admin"
$NSXPassword = "VMware1!"
$auth = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($NSXUsername+":"+$NSXPassword))
$head = @{"Authorization"="Basic $auth"}
$uri = "https://192.168.110.15"
$csv = Get-Content c:\Script\test.csv
$body = "<ipset>
<objectId>ipset-3</objectId>
<type>
<typeName>IPSet</typeName>
</type>
<description>
Rajeev
</description>
<name>Rajeev</name>
<revision>0</revision>
<objectTypeName />
<value>$csv</value>
</ipset>
"
Write-Host -BackgroundColor:Black -ForgroundColor:Yellow "Status: Creating IPSets.This may take a few minutes."
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
Invoke-RestMethod -uri "$uri/api/2.0/services/ipset/ipset-3" -Body $body -Method:Put -Headers $head -ContentType "application/xml"
Write-Host -BackgroundColor:Black -ForegroundColor:Green "Status:IPSets Successfully Created."
}
Any inputs
You can use PowerNSX to update an IPSet with ease.
To add the address 2.2.2.2 to an existing IPset called blah, you can do the following:
Get-NsxIpSet blah | Add-NsxIpSetMember -IpAddress 2.2.2.2
You can also add multiple entries in a single command:
Get-NsxIpSet blah | Add-NsxIpSetMember -IpAddress 3.3.3.3,4.4.4.4,5.5.5.1-5.5.5.254,10.0.0.0/8
PowerNSX will take care of the revision numbers for you in the back end. The reason the revision number exists is so that when you do the PUT with the config, it is the latest version of the config that you have been working with and not an old version.
Regards
Dale
Thanks.
I will try it out.
One question.
Get-NsxIpSet blah | Add-NsxIpSetMember -IpAddress 3.3.3.3,4.4.4.4,5.5.5.1-5.5.5.254,10.0.0.0/8
Instead of specifying, the IP address like above, I would like to take the Ip address from the .txt or .csv file.
The .txt or .csv file will have the list of IP address in the above format & I want to import it from these files.
$NSXUsername = "admin"
$NSXPassword = "VMware1!"
$auth = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($NSXUsername+":"+$NSXPassword))
$head = @{"Authorization"="Basic $auth"}
$uri = "https://192.168.110.15"
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
Get-NsxIpSet Test| Add-NsxIpSetMember -IpAddress 3.3.3.3,4.4.4.4,5.5.5.1-5.5.5.254,10.0.0.0/8
I was using the above syntax.
The error i got is " The term get-NSXIPSet is not recognized as the name of a cmdlet
Hi Rajeev,
1. Kindly make sure you connected to NSX Manager/VI Server.
2, Do check that PowerNSX cmdlist are listed by running below command
get-command -module PowerNSX
3. I ran same command you mentioned in your previous comment. It worked for me.
C:\> Get-NsxIpSet Test| Add-NsxIpSetMember -IpAddress 3.3.3.3,4.4.4.4,5.5.5.1-5.5.5.254,10.0.0.0/8
objectId : ipset-2
objectTypeName : IPSet
vsmUuid : 564D9510-63AA-8EC4-3BAB-6A575B24AD96
nodeId : 35e38097-ff4d-4b8c-8cd2-147bac2eda67
revision : 2
type : type
name : test
description :
scope : scope
clientHandle :
extendedAttributes :
isUniversal : false
universalRevision : 0
inheritanceAllowed : false
value : 8.8.8.8,10.0.0.0/8,5.5.5.1-5.5.5.254,3.3.3.3,4.4.4.4
Thanks.
I was trying in the VMware HOL
Let me know if I will be use Power NSX in the HOL
Could you please share me how to connect to NSX Manager/VI Server in HOL
Any help on how to use Power NSX in HOL
Also any inputs what the below command means.
<revision>0</revision>
Can any one help me with the below what the revision means.
<revision>0</revision>
I am planning to automate to add IP address to the existing IPSets using PowerShell with REST API commands.
So every time I do the IPSets update, which will be scheduled how should i manage with the revision version.
Is there any way i can do it without checking the revision number.
The revision number is managed by the NSX Manager, so technically you don't need to do anything with it, however you need to adhere to the following (this goes for updating most objects via the API too)
When you want to update an existing object, it will have an existing revision number.
As an example consider the following IP Set
Name - MyWebSite
Value - 1.2.3.4
revision - 1
Now to update this object, first you need to do a GET to retrieve the config and the revision number will be 1.
You make the changes offline so it would look like the following
Name - MyWebSite
Value - 1.2.3.4, 5.5.5.5
revision - 1
and send it back by the appropriate POST/PUT API.
The revision number is used here as a mechanism to make sure that the original config you based your changes off was in fact the latest version of the object. Now when you submit the changes, NSX Manager will increase the revision number to 2 in the backend, and it would look like the following
Name - MyWebSite
Value - 1.2.3.4, 5.5.5.5
revision - 2
But lets say you tried to use the original data from the first GET command as the config you want to update, even though the revision has been incremented to 2 and you wanted to submit the following
Name - MyWebSite
Value - 1.2.3.4, 3.3.3.3
revision - 1
The API will error out because it believes you have an old config that your basing your changes on. If it were to accept the change, you would wipe out 5.5.5.5 from the IP Set unintentionally.
Does this make sense?
Dale
Thanks.
Let me take your own example as below.
Below is the existing IP set which I have with revision number 1.
Day 1:
Name - MyWebSite
Value - 1.2.3.4, 5.5.5.5
revision - 1
Day 2:
I wanted to add 1.2.3.4, 5.5.5.5 , 2.2.2.2, 3.3.3.3
I don't want to worry about what was the previous value, I need to add the values which i need to pass.
The old entries can be removed or vanished. The entry which i will pass will have the old entries along with the new entries.
Let me know in this scenario what should be my revision number.
Is there any way to ignore the revision number & add the IPsets value which i pass.
What ever i add pass as the IP address into the IPSets needs to be added. Is there any way i can ignore the revision number.
Get-NsxIpSet blah | Add-NsxIpSetMember -IpAddress 3.3.3.3,4.4.4.4,5.5.5.1-5.5.5.254,10.0.0.0/8
The above command i understand will add the ip address to the existing IPSet group.
What i am looking is that every time i need to delete the existing IP Addresses & add the IP Addresses which i pass.
Let me know how to achieve it.
This will completely overwrite the currently configured values in the IP Set and replace it with what you specify (9.9.9.9,1.2.3.4)
$ipset = Get-NsxIpSet test1003
$ipset.value = "9.9.9.9,1.2.3.4"
Invoke-NsxRestMethod -method "put" -URI "/api/2.0/services/ipset/$($ipset.objectid)" -body $ipset.outerxml