VMware Cloud Community
sivakumarss
Enthusiast
Enthusiast

Can VRA be considered as IPAM?

Hello.

I am trying to deploy an Edge using IP addresses from a given network profile. Instead of manually entering the IP address, I want to find out (programmatically - VRO) the next available IP address for a given Network Profile of VRA. Is there any query/API to do this? The network profile isn't created with an external IPAM server. So, can I query VRA like I do any IPAM server?

Short of iterating through the range and checking its existence in VM/DNS, are there any other method? This is VRA 7.3, BTW. Thanks

Tags (3)
19 Replies
jasnyder
Hot Shot
Hot Shot

OK, so this requires a bit of a hack from the vRO side.  In order to get this information, you need to use the iaas-proxy-provider service from the vRA API.  There is no client available in the vRA plugin to access this API.  Even if you instantiate a vRA REST client using the vCACCAFEvCACHost.createRestClient() method, you have to provide an endpoint, which has to be one of a few possible choices.  One of those choices does not correspond to the iaas-proxy-provider endpoint.  So, then how can we hack it to make it work? 

It turns out, you can instantiate a REST client using the catalog provider endpoint.  This points the REST client to /catalog-service/api/ as the URL base.  In order to escape that and go where we need to go which is /iaas-proxy-provider/api/ we get a little creative and use relative paths.  So from the base path of the catalog-service we can get to the iaas-proxy-provider service by adding ../../iaas-proxy-provider/api.  This gives us the full path as /catalog-service/api/../../iaas-proxy-provider/api.  We have now hacked the REST client to start with the catalog service and instead route requests to the iaas-proxy-provider. 

The info we need from that service is in /iaas-proxy-provider/api/network/profiles to get a list of profiles.  Once you have an ID you can get a list of the IPs in the profile using /iaas-proxy-provider/api/network/profiles/addresses/{profileId}.   Once you get all the IPs, you can run through the list and check the state.  The first one you come across that's UNALLOCATED would be the first available IP.

I have created a workflow and attached it for your reference.  For this example, I created a workflow that takes a single input called vCACCAFEHost which is type vCACCAFE:vCACHost.  It pulls all the network profiles and for each one prints its name and ID as well as all IPs contained within, including the IP's state.  It takes the first UNALLOCATED IP and stores it in the nextAvailable variable.

It has a scriptable task that takes that single input and the script content is as follows:

restClient = vCACCAFEHost.createRestClient("com.vmware.csp.core.cafe.catalog.api")

netProfilesResponse = restClient.get("../../iaas-proxy-provider/api/network/profiles?limit=99999").getBodyAsJson();

System.log(JSON.stringify(netProfilesResponse));

for(var p in netProfilesResponse.content)

{

    var nextAvailable = "";

    var profile = netProfilesResponse.content[p];

    System.log(profile.name + " - " + profile.id);

   

    ipListResponse = restClient.get("../../iaas-proxy-provider/api/network/profiles/addresses/" + profile.id + "?limit=99999").getBodyAsJson();

    System.log("IP JSON: " + JSON.stringify(ipListResponse));

    System.log("   IP List-----------");

   

    for(var i in ipListResponse.content)

    {

        var ip = ipListResponse.content[i];

        System.log("        " + ip.IPv4Address + " - " + ip.state);

        nextAvailable = (ip.state == "UNALLOCATED" && nextAvailable == "") ? ip.IPv4Address : nextAvailable;

    }

   

    System.log("    ---Next Available IP= " + nextAvailable);

   

}

Sample output:

[2017-11-17 19:06:11.869] [I] {"links":[],"content":[{"@type":"ExternalNetworkProfile","id":"0187070e-4798-483c-90f2-787589377fdb","name":"VMPublic","description":null,"createdDate":"2017-02-02T02:32:50.000Z","lastModifiedDate":"2017-02-02T02:32:50.000Z","isHidden":"false","definedRanges":[{"id":"03b62281-d572-4dc8-9050-5f89939b34fd","name":"160-199","description":"","beginIPv4Address":"192.168.12.160","endIPv4Address":"192.168.12.199","state":"UNALLOCATED","createdDate":"2017-02-02T02:32:50.000Z","lastModifiedDate":"2017-02-02T02:32:50.000Z","definedAddresses":null,"externalId":null}],"definedAddresses":null,"reclaimedAddresses":null,"profileType":"EXTERNAL","IPAMEndpointId":null,"IPAMEndpointName":null,"addressSpaceExternalId":null,"subnetMask":"255.255.255.0","gatewayAddress":"192.168.12.254","primaryDnsAddress":"192.168.12.1","secondaryDnsAddress":null,"dnsSuffix":"lab.itpowerforge.com","dnsSearchSuffix":"lab.itpowerforge.com","primaryWinsAddress":null,"secondaryWinsAddress":null}],"metadata":{"size":"99999","totalElements":"1","totalPages":"1","number":"1","offset":"0"}}

[2017-11-17 19:06:11.871] [I] VMPublic - 0187070e-4798-483c-90f2-787589377fdb

[2017-11-17 19:06:12.160] [I] IP JSON: [...removed for brevity...]

[2017-11-17 19:06:12.162] [I]    IP List-----------

[2017-11-17 19:06:12.163] [I]         192.168.12.177 - ALLOCATED

[2017-11-17 19:06:12.165] [I]         192.168.12.187 - UNALLOCATED

[2017-11-17 19:06:12.166] [I]         192.168.12.175 - ALLOCATED

[2017-11-17 19:06:12.167] [I]         192.168.12.182 - ALLOCATED

[2017-11-17 19:06:12.168] [I]         192.168.12.179 - ALLOCATED

[2017-11-17 19:06:12.169] [I]         192.168.12.180 - ALLOCATED

[2017-11-17 19:06:12.170] [I]         192.168.12.161 - ALLOCATED

[2017-11-17 19:06:12.171] [I]         192.168.12.199 - UNALLOCATED

[2017-11-17 19:06:12.172] [I]         192.168.12.162 - ALLOCATED

[2017-11-17 19:06:12.173] [I]         192.168.12.169 - ALLOCATED

[2017-11-17 19:06:12.175] [I]         192.168.12.183 - ALLOCATED

[2017-11-17 19:06:12.176] [I]         192.168.12.174 - ALLOCATED

[2017-11-17 19:06:12.177] [I]         192.168.12.163 - ALLOCATED

[2017-11-17 19:06:12.178] [I]         192.168.12.189 - UNALLOCATED

[2017-11-17 19:06:12.179] [I]         192.168.12.178 - ALLOCATED

[2017-11-17 19:06:12.181] [I]         192.168.12.170 - ALLOCATED

[2017-11-17 19:06:12.182] [I]         192.168.12.181 - ALLOCATED

[2017-11-17 19:06:12.183] [I]         192.168.12.185 - UNALLOCATED

[2017-11-17 19:06:12.184] [I]         192.168.12.164 - ALLOCATED

[2017-11-17 19:06:12.185] [I]         192.168.12.194 - UNALLOCATED

[2017-11-17 19:06:12.187] [I]         192.168.12.168 - ALLOCATED

[2017-11-17 19:06:12.188] [I]         192.168.12.184 - ALLOCATED

[2017-11-17 19:06:12.189] [I]         192.168.12.166 - ALLOCATED

[2017-11-17 19:06:12.190] [I]         192.168.12.191 - UNALLOCATED

[2017-11-17 19:06:12.191] [I]         192.168.12.198 - UNALLOCATED

[2017-11-17 19:06:12.192] [I]         192.168.12.188 - UNALLOCATED

[2017-11-17 19:06:12.193] [I]         192.168.12.167 - ALLOCATED

[2017-11-17 19:06:12.195] [I]         192.168.12.193 - UNALLOCATED

[2017-11-17 19:06:12.196] [I]         192.168.12.197 - UNALLOCATED

[2017-11-17 19:06:12.197] [I]         192.168.12.165 - ALLOCATED

[2017-11-17 19:06:12.198] [I]         192.168.12.172 - ALLOCATED

[2017-11-17 19:06:12.199] [I]         192.168.12.192 - UNALLOCATED

[2017-11-17 19:06:12.200] [I]         192.168.12.195 - UNALLOCATED

[2017-11-17 19:06:12.201] [I]         192.168.12.160 - ALLOCATED

[2017-11-17 19:06:12.202] [I]         192.168.12.190 - UNALLOCATED

[2017-11-17 19:06:12.203] [I]         192.168.12.173 - ALLOCATED

[2017-11-17 19:06:12.204] [I]         192.168.12.176 - ALLOCATED

[2017-11-17 19:06:12.205] [I]         192.168.12.196 - UNALLOCATED

[2017-11-17 19:06:12.207] [I]         192.168.12.171 - ALLOCATED

[2017-11-17 19:06:12.208] [I]         192.168.12.186 - UNALLOCATED

[2017-11-17 19:06:12.209] [I]     ---Next Available IP= 192.168.12.187

sivakumarss
Enthusiast
Enthusiast

Awesome. Let me try this workflow.

Please do let me know how to make sure the IP address(es) used this way is marked ALLOCATED after. This way the VRA will not allocate the same IP addr to other VMs.

Thanks

Reply
0 Kudos
jasnyder
Hot Shot
Hot Shot

Well, maybe we should take a step back and try to understand what you're doing and why.  I don't know of any way to actually cause allocation of those IPs without provisioning a VM in vRA (the workflow simply queries them; doesn't allocate anything).  The vRA system going to want to tie the IP address it allocates to the entity consuming it and automatically return the IP to the pool once the entity no longer exists. 

I am inferring from your statement that you want to allocate an IP from a network profile to a VM.  So I'm guessing the VM you want to give it to is being provisioned outside of vRA, is that correct?

If yes - what are you provisioning it with and why does the IP allocation need to be programmatic?  Generally speaking, the IP addresses in the network profiles should represent IP ranges that are dedicated to vRA.

If no - why not just let vRA handle the IP assignment for you?  Are you trying to perform some sort of pre-processing using the IP address before the machine is built?  You should be able to do that using the event broker callout to a workflow.  The IP address is allocated before the machine is built and you can fire a workflow after you know the IP but before the machine provisions, and that would be the ideal way to handle something like this.

sivakumarss
Enthusiast
Enthusiast

Not a VM. I am trying to provision a load balancer within NSX through LBAAS master workflow (part of the new NSX v1.2 plugin) after provisioning an edge (Compose an Edge). Instead of actual IP address, the input from user will be the network profile name.

So, the Edge will be provisioned with the IP address for its interfaces in the given network profile and in addition to the load balancer(s) VIPs also.

Hence my request to use the VRA infra as an IPAM.

Or is there some other way to achieve this. Thanks

Reply
0 Kudos
unhappyvra
Enthusiast
Enthusiast

Hi!

I have a similar question - i would like to "consume" ip address from vRAs IPAM (no Infoblox or other 3-rd party systems - just plain simple internal vRA IPAM) - does anybody know how to request IP address and associate it with current machine? It is not a problem to assign ip address to a new vmnic, but what if I want to get just another IP address (to use it on VM's sub-interface)?

Anyone familiar with this stuff - vRealize Automation IPAM Service API - VMware API Explorer - VMware {code}

Reply
0 Kudos
SonalJain
VMware Employee
VMware Employee

Have you tried Floating IP action. This action helps to get the additional IP for the VM.
Reply
0 Kudos
tchristin
Enthusiast
Enthusiast

+1

I'm also interested about any progress regarding IP allocation from vRO using vRA IPAM.

If you have any feedback since your post, please let me know.

 

Cheers,

Tim.

Reply
0 Kudos
CarlLink
Contributor
Contributor

I would just like to get an IP for MSCS and/or MSSQL Clusters. MSSQL Clusters will also require "Listener" IP's on top of the cluster IP. Any idea on how to get these IPs from vRA?

Carl L.

Reply
0 Kudos
Sany_1973
Enthusiast
Enthusiast

Hi

Thank you for the code. Do we have a code to set the available IP as Allocate/Deallocate ?

Thanks

Reply
0 Kudos
Sany_1973
Enthusiast
Enthusiast

When we use this code, we are getting next available free IP, but it is not shown as allocated in vra IP list.

I also looking for a code which will deallocate the IP if we destroy the Item.

Thanks

Reply
0 Kudos
DanieleUlrich
Enthusiast
Enthusiast

Checkout this API:https://code.vmware.com/apis/424/vra-ipam#!/requests/createRequest

vRealize Automation IPAM Service API - VMware API Explorer - VMware {code}

It should be usable from vRO vCAFE library, at least I found this one var myvCACCAFEIpamRoutedNetworkProfile = new vCACCAFEIpamRoutedNetworkProfile() ;

I did not find the appropriate client (vCAFEHost.getClientxxxx), but I'm confident, that this is possible.

Best

Daniel

Reply
0 Kudos
lukez1985
Contributor
Contributor

I assume you are only trying to use vRA IPAM due to cost?

If so take a look at phpIPAM (https://phpipam.net/) which is open source and has an easy API. You can then use EBS in vRA to call vRO workflow which will do the API call(s) to phpIPAM

Reply
0 Kudos
Dell_Technologi
Enthusiast
Enthusiast

In the vRA API Explorer there is an POST method: "https://vRA.org.com/ipam-service/api/requests"

This POST method described as "New request for ip allocation/deallocation".

The body of this method should look like this (taken from the API explorer model):

{

  "lastUpdated": "2019-03-18T11:32:44.661Z",

  "createdDate": "2019-03-18T11:32:44.661Z",

  "requestType": "ALLOCATE",

  "providerCorrelationRequestId": "string",

  "tenantId": "string",

  "originalCallbackServiceId": "string",

  "id": "string",

  "version": 0,

  "requestInput": {

    "name": "string",

    "description": "string",

    "id": "string",

    "extensionData": {

      "entries": [

        {

          "value": {},

          "key": "string"

        }

      ]

    }

  }

}

all the body parameters listed as "optional" except the "requestType" parameter which define the type of the request (i think its the only mandatory paramter).

I tried to use this body scheme but I got an error in the response from the POST method :

"Data Serialization Error"

"Could not read message [acceptableTypes: [application/*+json, application/json]]"

Which means that something in my body of the POST method is wrong.

Could someone share his knowledge how to use this POST method correctly?

Reply
0 Kudos
Sany_1973
Enthusiast
Enthusiast

In this ....where you are specify the network profile name to allocate IP

Reply
0 Kudos
Dell_Technologi
Enthusiast
Enthusiast

I tried to populate some of the parameters with values, but still no luck.

Do you know which params I should fill ?

Reply
0 Kudos
Dell_Technologi
Enthusiast
Enthusiast

Anyone ?

Reply
0 Kudos
tchristin
Enthusiast
Enthusiast

Hi,

I was not able to use this API.

My workaround is to use ODATA in the IaaS DB to lock or unlock IP addresses.

Reply
0 Kudos
Dell_Technologi
Enthusiast
Enthusiast

Could you please explain more about your solution ?

Reply
0 Kudos
tchristin
Enthusiast
Enthusiast

Of course, my piece of code:

// Get VM entity (mandatory to allocate IP)

var query = "VirtualMachineID eq guid'" + virtualMachineId + "'";

var virtualMachineEntity = vCACEntityManager.readModelEntitiesBySystemQuery(iaasHost.id, "ManagementModelEntities.svc", "VirtualMachines", query, null, null, null, null, null)[0];

if (virtualMachineEntity == null)

{

     var errorCode = "No VM found!";

     System.error(errorCode);

     throw errorCode;

}

// Get an available IP address

var filter = "StaticIPv4AddressState eq 1"

// Retrieve all IP addresses

var freeIps = vCACEntityManager.readModelEntitiesBySystemQuery(iaasHost.id, modelName, "StaticIPv4Addresses", filter, null, null, null, null, null);

if (freeIps != null)

{

     for each (ip in freeIps)

     {

          var networkProfile = ip.getLink(iaasHost, "StaticIPv4NetworkProfile");

          if (networkProfile[0].getProperty("ID") == networkProfileId)

          {

               var ipAddress = ip

               System.log("First available IP address is: " + ipAddress.getProperty("IPv4Address"));

               break;

          }

     }

}

if (ip != null)

{

     // Allocate IP address

     var updateProperties = new Properties();

     var updateLinks = new Properties();

     // Set IP address allocated (0)

     updateProperties.put("StaticIPv4AddressState", 0);

     // Set virtual machine ID

     updateLinks.put("VirtualMachine", [virtualMachineEntity]);

     System.getModule("com.vmware.library.vcac").updateVCACEntity(iaasHost.id, modelName, ipAddress.entitySetName, ipAddress.keyString,      updateProperties, updateLinks, null);

     System.log("IP address : " + ipAddress.getProperty("IPv4Address") + " is now allocated.");

     // Add properties to be updated

     newProperties.put("VirtualMachine.Network0.Address", ipAddress.getProperty("IPv4Address"), false, false);

     newProperties.put("VirtualMachine.Network0.DnsSearchSuffixes", dnsSearch, false, false);

     newProperties.put("VirtualMachine.Network0.DnsSuffix", dnsSuffix, false, false);

     newProperties.put("VirtualMachine.Network0.Gateway", gateway, false, false);

     newProperties.put("VirtualMachine.Network0.PrimaryDns", primaryDns, false, false);

     newProperties.put("VirtualMachine.Network0.SubnetMask", subnet, false, false);

     if (secondaryDns != null)

     {

          newProperties.put("VirtualMachine.Network0.SecondaryDns", secondaryDns, false, false);

     }

     else

     {

          newProperties.put("VirtualMachine.Network0.SecondaryDns", "", false, false);

     }

}

else

{

     errorCode = "IP range is exhausted !";

     System.error(errorCode);

     throw errorCode;

}

If you need more explanation just let me know.

Of course you need to lock this worklow when you're working with IP allocation.

Cheers,

Tim.

Reply
0 Kudos