VMware Cloud Community
alexander_d
Enthusiast
Enthusiast

Get vRO Node IP/FQDN from vRO cluster by API call

We are  running multiple vRO's in clustered mode (2 nodes) that are covered by NSX load balancer.

I need to find a way how to get IPs/FQDNs of each node from IP/FQDN of a clustered IP.

So I need some REST API call (or any other API call) to clustered instance to retreive all vRO cluster members. I cannot add any extra workflows to the configuration. So i need something native.

Control center REST API is not an option since it's not authorizing me properly in powershell REST API calls.

Any other oprions?

Reply
0 Kudos
7 Replies
eoinbyrne
Expert
Expert

If you were hell-bent on having this as done dynamically then don't forget the NSX LB here - it's configuration would have the details you want since it has to know which nodes it's handling traffic for and would be the logical place to ID each cluster pair.

There's an API doc here for NSX - https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.3/nsx_63_api.pdf

What's the problem with Powershell and the Controlcenter REST API? Is it just no credentials or some other issue?

Reply
0 Kudos
alexander_d
Enthusiast
Enthusiast

NSX api calls is not an option.

For simplicity just imagine that I do not have access to NSX manager.

What's the problem with Powershell and the Controlcenter REST API? Is it just no credentials or some other issue?

Here is my previous topic regarding control center:

vco-controlcenter REST API login

In short - i'm able to get a token from vRA but control center does not accept it (vRO front end API works perfrectly)

Reply
0 Kudos
eoinbyrne
Expert
Expert

There are two APIs in vRO

<node>:8281/vco/api

&

<node>:8283/vco-controlcenter/api

I'd have thought that they would be separate for authentication since the former is specifically for the designer client while the latter is for server admins.

If you're using VRA SSO can you log into the controlcenter page as root? I have vRA SSO configured in my lab and can log into the controlcenter page as root. I've not checked but I would assume that means I can hit the vco-controlcenter/api as that user too. There are older versions of the documentation which do state that the root user cannot be used to login when SSO is configured but it's not clear which version you are using here

Reply
0 Kudos
alexander_d
Enthusiast
Enthusiast

And that's where the fun starts!

Of course I'm able to connect and authenticate for both  <node>:8281/vco/api and  <node>:8283/vco-controlcenter/api by aquiring a token from vRA vIDM.

BUT!  when I send a call with this token to <node>:8283/vco-controlcenter/api it sends me back to vIDM  authorzation page. while calls to <node>:8281/vco/api (with the same token) work like a charm.

Is there any way to get nodes information from <node>:8281/vco/api ???

Reply
0 Kudos
eoinbyrne
Expert
Expert

If you want to browse the API docs you can go to these pages on any vRO node and view the Swagger docs

VCO API

pastedImage_0.png

Control Center API

pastedImage_1.png

These pages give a pretty good run down of what each API and it's different controllers/branches can do. You can even try them out in using form buttons in the pages (thought I did notice that on the ControlCenter API page, the server URL does not have the port number so the "try it out" buttons don't work)

The ControlCenter API does have a cluster-controller branch on it so that would the ideal place to get the info you want. Perhaps you could open an SR with VMware for the vIDM thing if you're determined to use that approach?

On the VCO API there's a controller for the server which does return the hostname of the node but my lab instance is not clustered so I don't know what results you get back for a LB clustered pair (i.e., does it return the individual node names in round-robin for each call, do you only ever get back the name of the active node, does the cluster system over-write the node name with the LB URI name in all responses.... perhaps VMware folks can answer or you could try it out and see?)

As a last suggestion for if you're in a hurry to get this sorted out, since the VCO API has a controller for the Configuration element system, a possible solution might be to do

- Create the same Configuration elements on each cluster node with the names of both of the cluster partners in it (CSV String, Array, whatever)

- Use the VCO API to load that configuration item and read the node names

- The effect of the LB will be negated since both nodes have the same data so you always get the same value regardless of which node is active

The ID of the configuration item on each node may be different but if the name is the same it would not be difficult to just load them all and filter the JSON to get the one you want

pastedImage_5.png

Reply
0 Kudos
alexander_d
Enthusiast
Enthusiast

Ok, fun goes on Smiley Happy

Of course I'm aware of swagger and all the stuff. And of course I've opened a ticket at VMware. You know what the answer was? If you're able to login using front end (i.e. browser) - you're all good. Your scripts are just bad.

But as I said in hte last post - API call to <clustername>:8281/vco/api are OK. But call with the SAME token to <clustername>:8283/vco-controlcenter are not. Want some screenshots?

More over. And this is the most fun.

<clustername>:8283/vco-controlcenter calls using powershell are failing

<clustername>:8283/vco-controlcenter calls using postman canary are failing

<clustername>:8283/vco-controlcenter calls using postman v5.5.4 (chrome addon, old as hell but i like it). WORKS!!!!

All API calls are made with the valid token...

Can anyone expalin it? Smiley Happy

Reply
0 Kudos
eoinbyrne
Expert
Expert

What happens if you replace

<clustername> with the name of a node? i.e., bypass the LB for the vco-controlcenter calls?

Reply
0 Kudos