VMware Networking Community
rajeevsrikant
Expert
Expert

IPSets - Rest API

I have one existing IPSet with the name Test

One IP Address has been added in the Test IP set group <1.1.1.1>

I need to add additional IP address 2.2.2.2 into this IP set via REST API

When i do via REST API it is getting replaced rather than adding to the existing IP Address.

Any idea what should i include in the REST API to include the new IP address , rather than replacing it.

Reply
0 Kudos
19 Replies
Sreec
VMware Employee
VMware Employee

Rajeev,

             You need to use Put operation for updating the current/exiting ip-sets and it will get updated. I have tested this and it works flawlessly.  If this is Cross VC- ensure you are trying on Primary NSX.

PUT  > https://NSXIP/api/2.0/services/ipset/ipset-NUMBER

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 6x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
Reply
0 Kudos
rajeevsrikant
Expert
Expert

Thanks Sreec

I was trying the below script in the HOL

$NSXUsername = "admin"

$NSXPassword = "VMware1!"

[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

$auth = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($NSXUsername+":"+$NSXPassword))

$head = @{"Authorization"="Basic $auth"}

$uri = "https://192.168.110.15"

$csv = Import-Csv c:\script\test.csv

foreach ($TestIPSet in $csv)

{

$rulename = $TestIPSet.name

$ruledesc = $TestIPSet.desc

$rulevalue = $TestIPSet.value

$body = "<ipset><description> $ruledesc </description<name> $rulename </name><value> $rulevalue </value></ipset>"

Write-Host -BackgroundColor:Black -ForgroundColor:Yellow "Status: Creating IPSets.This may take a few minutes."

Invoke-RestMethod -uri "$uri/api/2.0/services/ipset/globalroot-0" -Body $body -Method:Post -Headers $head -ContentType "application/xml"

Write-Host -BackgroundColor:Black -ForegroundColor:Green "Status:IPSets Successfully Created."

}

I am getting the error related to the POST command.

Let me know what is wrong in the Invoke-RestMethod command.

Reply
0 Kudos
Sreec
VMware Employee
VMware Employee

I haven't tried that script. If possible change the uri path in the script Invoke-RestMethod -uri "$uri/api/2.0/services/ipset/globalroot-0"  to https://nsxip/api/2.0/services/ipset/ipsetnumber(Get the ipset number by using get operation and update it there) and give a try

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 6x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
Reply
0 Kudos
rajeevsrikant
Expert
Expert

I tried the attached power shell script & it worked for adding IP address to the existing scripts.

I have one query regarding the below line.

<revision>0</revision>

What does this line indicate.

– In progress

$NSXUsername = "admin"
$NSXPassword = "VMware1!"
$auth =  [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($NSXUsername+":"+$NSXPassword))
$head = @{"Authorization"="Basic $auth"}
$uri = "https://192.168.110.15"
$csv = Get-Content c:\Script\test.csv
$body = "<ipset>
<objectId>ipset-3</objectId>
<type>
<typeName>IPSet</typeName>
</type>
<description>
Rajeev
</description>
<name>Rajeev</name>
<revision>0</revision>
<objectTypeName />
<value>$csv</value>
</ipset>
"
Write-Host -BackgroundColor:Black -ForgroundColor:Yellow "Status: Creating IPSets.This may take a few minutes."
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
Invoke-RestMethod -uri "$uri/api/2.0/services/ipset/ipset-3" -Body $body -Method:Put -Headers $head -ContentType "application/xml"
Write-Host -BackgroundColor:Black -ForegroundColor:Green "Status:IPSets Successfully Created."
}

Reply
0 Kudos
rajeevsrikant
Expert
Expert

Any inputs

Reply
0 Kudos
DaleCoghlan
VMware Employee
VMware Employee

You can use PowerNSX to update an IPSet with ease.

To add the address 2.2.2.2 to an existing IPset called blah, you can do the following:

Get-NsxIpSet blah | Add-NsxIpSetMember -IpAddress 2.2.2.2

You can also add multiple entries in a single command:

Get-NsxIpSet blah | Add-NsxIpSetMember -IpAddress 3.3.3.3,4.4.4.4,5.5.5.1-5.5.5.254,10.0.0.0/8

PowerNSX will take care of the revision numbers for you in the back end. The reason the revision number exists is so that when you do the PUT with the config, it is the latest version of the config that you have been working with and not an old version.

Regards

Dale

https://github.com/vmware/powernsx

Reply
0 Kudos
rajeevsrikant
Expert
Expert

Thanks.

I will try it out.

One question.

Get-NsxIpSet blah | Add-NsxIpSetMember -IpAddress 3.3.3.3,4.4.4.4,5.5.5.1-5.5.5.254,10.0.0.0/8

Instead of specifying, the IP address like above, I would like to take the Ip address from the .txt or .csv file.

The .txt or .csv file will have the list of IP address in the above format & I want to import it from these files.

Reply
0 Kudos
rajeevsrikant
Expert
Expert

$NSXUsername = "admin"

$NSXPassword = "VMware1!"

$auth =  [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($NSXUsername+":"+$NSXPassword))

$head = @{"Authorization"="Basic $auth"}

$uri = "https://192.168.110.15"

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

Get-NsxIpSet Test| Add-NsxIpSetMember -IpAddress 3.3.3.3,4.4.4.4,5.5.5.1-5.5.5.254,10.0.0.0/8

I was using the above syntax.

The error i got is " The term get-NSXIPSet is not recognized as the name of a cmdlet

Reply
0 Kudos
amsjadhav
Contributor
Contributor

Hi Rajeev,

1. Kindly make sure you connected to NSX Manager/VI Server.

2, Do check that PowerNSX cmdlist are listed by running below command

   get-command -module PowerNSX

3. I ran same command you mentioned in your previous comment. It worked for me.

C:\> Get-NsxIpSet Test| Add-NsxIpSetMember -IpAddress 3.3.3.3,4.4.4.4,5.5.5.1-5.5.5.254,10.0.0.0/8

objectId           : ipset-2

objectTypeName     : IPSet

vsmUuid            : 564D9510-63AA-8EC4-3BAB-6A575B24AD96

nodeId             : 35e38097-ff4d-4b8c-8cd2-147bac2eda67

revision           : 2

type               : type

name               : test

description        :

scope              : scope

clientHandle       :

extendedAttributes :

isUniversal        : false

universalRevision  : 0

inheritanceAllowed : false

value              : 8.8.8.8,10.0.0.0/8,5.5.5.1-5.5.5.254,3.3.3.3,4.4.4.4

Reply
0 Kudos
rajeevsrikant
Expert
Expert

Thanks.

I was trying in the VMware HOL

Let me know if I will be use Power NSX in the HOL

Could you please share me how to connect to NSX Manager/VI Server in HOL

Reply
0 Kudos
rajeevsrikant
Expert
Expert

Any help on how to use Power NSX in HOL

Reply
0 Kudos
rajeevsrikant
Expert
Expert

Also any inputs what the below command means.

<revision>0</revision>

Reply
0 Kudos
rajeevsrikant
Expert
Expert

Can any one help me with the below what the revision means.

<revision>0</revision>

I am planning to automate to add IP address to the existing IPSets using PowerShell with REST API commands.

So every time I do the  IPSets update, which will be scheduled how should i manage with the revision version.

Is there any way i can do it without checking the revision number.

Reply
0 Kudos
DaleCoghlan
VMware Employee
VMware Employee

The revision number is managed by the NSX Manager, so technically you don't need to do anything with it, however you need to adhere to the following (this goes for updating most objects via the API too)

When you want to update an existing object, it will have an existing revision number.

As an example consider the following IP Set

Name - MyWebSite

Value - 1.2.3.4

revision - 1

Now to update this object, first you need to do a GET to retrieve the config and the revision number will be 1.

You make the changes offline so it would look like the following

Name - MyWebSite

Value - 1.2.3.4, 5.5.5.5

revision - 1

and send it back by the appropriate POST/PUT API.

The revision number is used here as a mechanism to make sure that the original config you based your changes off was in fact the latest version of the object. Now when you submit the changes, NSX Manager will increase the revision number to 2 in the backend, and it would look like the following

Name - MyWebSite

Value - 1.2.3.4, 5.5.5.5

revision - 2

But lets say you tried to use the original data from the first GET command as the config you want to update, even though the revision has been incremented to 2 and you wanted to submit the following

Name - MyWebSite

Value - 1.2.3.4, 3.3.3.3

revision - 1

The API will error out because it believes you have an old config that your basing your changes on. If it were to accept the change, you would wipe out 5.5.5.5 from the IP Set unintentionally.

Does this make sense?

Dale

Reply
0 Kudos
rajeevsrikant
Expert
Expert

Thanks.

Let me take your own example as below.

Below is the existing IP set which I have with revision number 1.

Day 1:

Name - MyWebSite

Value - 1.2.3.4, 5.5.5.5

revision - 1

Day 2:

I wanted to add 1.2.3.4, 5.5.5.5 , 2.2.2.2, 3.3.3.3

I don't want to worry about what was the previous value, I need to add the values which i need to pass.

The old entries can be removed or vanished. The entry which i will pass will have the old entries along with the new entries.

Let me know in this scenario what should be my revision number.

Reply
0 Kudos
rajeevsrikant
Expert
Expert

Is there any way to ignore the revision number & add the IPsets value which i pass.

What ever i add pass as the IP address into the IPSets needs to be added. Is there any way i can ignore the revision number.

Reply
0 Kudos
rajeevsrikant
Expert
Expert

6.  Re: IPSets - Rest API

   DaleCoghlan Enthusiast

VMware Employees

 

 

Any inputs to my query.

Reply
0 Kudos
rajeevsrikant
Expert
Expert

Get-NsxIpSet blah | Add-NsxIpSetMember -IpAddress 3.3.3.3,4.4.4.4,5.5.5.1-5.5.5.254,10.0.0.0/8

The above command i understand will add the ip address to the existing IPSet group.

What i am looking is that every time i need to delete the existing IP Addresses & add the IP Addresses which i pass.

Let me know how to achieve it.

Reply
0 Kudos
DaleCoghlan
VMware Employee
VMware Employee

This will completely overwrite the currently configured values in the IP Set and replace it with what you specify (9.9.9.9,1.2.3.4)

$ipset = Get-NsxIpSet test1003

$ipset.value = "9.9.9.9,1.2.3.4"

Invoke-NsxRestMethod -method "put" -URI "/api/2.0/services/ipset/$($ipset.objectid)" -body $ipset.outerxml

Reply
0 Kudos