NSX-T の Policy API には、Hierarchical API とよばれる使用方法があります。

今回は、Hierarchical API で情報取得してみます。

 

前回の投稿(下記)で作成した環境の情報を GET してみます。

NSX-T の Policy API をためす。Part.3(オブジェクト作成編)

 

以前に、Path 指定での API で情報取得してみました。

この環境も、Part.3 で作成した環境とほとんど同じです。

NSX-T の Policy API をためす。Part.1(GET 編)

 

Hierarchical API の特徴。

前回までの投稿では、Policy API の URL でオブジェクトの Path を指定して API コールしていました。

Policy API を Hierarchical で利用する場合は、Infra と Domain という特別なオブジェクトを基準として API をコールします。

URL は、次のようになっていました。

GET /policy/api/v1/infra/segments

 

一方、Hierarchical API では、エンドポイントの URL が一律で次のものになります。

(今回あつかうオブジェクトでは共通で ~/infra まで)

GET /policy/api/v1/infra

 

そして、GET メソッドでは、オブジェクト(リソース)の種類によって、フィルタを指定することができます。

セグメントの場合は、つぎのようにフィルタを指定します。

GET /policy/api/v1/infra?filter=Type-Segment

 

それでは、ひととおり情報取得してみます。

なお、前回までの投稿で紹介したように、API のコールには curl コマンドを利用します。

変数 CREDには「ユーザ名:パスワード」、MGR には NSX Manager のアドレスを格納してあります。

$ MGR=lab-nsxt-mgr-01.go-lab.jp

$ CRED='admin:VMware1!VMware1!'

 

セグメントの情報取得。

VLAN/オーバーレイ 両方のセグメントの情報が取得されます。

仮想マシンが接続されたセグメント ポートなども表示されます。

 

GET /policy/api/v1/infra?filter=Type-Segment

$ curl -ks -u $CRED -X GET https://$MGR/policy/api/v1/infra?filter=Type-Segment

{

  "resource_type" : "Infra",

  "id" : "infra",

  "display_name" : "infra",

  "path" : "/infra",

  "relative_path" : "infra",

  "children" : [ {

    "SegmentSecurityProfile" : {

      "bpdu_filter_enable" : true,

      "bpdu_filter_allow" : [ ],

      "dhcp_server_block_enabled" : true,

      "dhcp_client_block_enabled" : false,

      "non_ip_traffic_block_enabled" : false,

      "dhcp_server_block_v6_enabled" : true,

      "dhcp_client_block_v6_enabled" : false,

      "ra_guard_enabled" : false,

      "rate_limits_enabled" : false,

      "rate_limits" : {

        "rx_broadcast" : 0,

        "tx_broadcast" : 0,

        "rx_multicast" : 0,

        "tx_multicast" : 0

      },

      "resource_type" : "SegmentSecurityProfile",

      "id" : "default-segment-security-profile",

      "display_name" : "default-segment-security-profile",

      "path" : "/infra/segment-security-profiles/default-segment-security-profile",

      "relative_path" : "default-segment-security-profile",

      "parent_path" : "/infra/segment-security-profiles/default-segment-security-profile",

      "children" : [ ],

      "marked_for_delete" : false,

      "_create_user" : "system",

      "_create_time" : 1568904746259,

      "_last_modified_user" : "system",

      "_last_modified_time" : 1568904746259,

      "_system_owned" : true,

      "_protection" : "NOT_PROTECTED",

      "_revision" : 0

    },

    "resource_type" : "ChildSegmentSecurityProfile",

    "marked_for_delete" : false,

    "_protection" : "NOT_PROTECTED"

  }, {

    "Segment" : {

      "type" : "DISCONNECTED",

      "vlan_ids" : [ "200" ],

      "transport_zone_path" : "/infra/sites/default/enforcement-points/default/transport-zones/4954eeca-decb-487a-8582-b011d60ba19f",

      "resource_type" : "Segment",

      "id" : "seg-vlan-0200",

      "display_name" : "seg-vlan-0200",

      "path" : "/infra/segments/seg-vlan-0200",

      "relative_path" : "seg-vlan-0200",

      "parent_path" : "/infra/segments/seg-vlan-0200",

      "children" : [ ],

      "marked_for_delete" : false,

      "_create_user" : "admin",

      "_create_time" : 1572972974519,

      "_last_modified_user" : "admin",

      "_last_modified_time" : 1572972974519,

      "_system_owned" : false,

      "_protection" : "NOT_PROTECTED",

      "_revision" : 0

    },

    "resource_type" : "ChildSegment",

    "marked_for_delete" : false,

    "_protection" : "NOT_PROTECTED"

  }, {

    "Segment" : {

      "type" : "ROUTED",

      "subnets" : [ {

        "gateway_address" : "172.16.2.1/24",

        "dhcp_ranges" : [ "172.16.2.10-172.16.2.250" ],

        "network" : "172.16.2.0/24"

      } ],

      "connectivity_path" : "/infra/tier-1s/t1-gw-01",

      "transport_zone_path" : "/infra/sites/default/enforcement-points/default/transport-zones/4d5e3804-e62c-40ab-af7c-99bab2d5e5e8",

      "resource_type" : "Segment",

      "id" : "seg-overlay-02",

      "display_name" : "seg-overlay-02",

      "path" : "/infra/segments/seg-overlay-02",

      "relative_path" : "seg-overlay-02",

      "parent_path" : "/infra/segments/seg-overlay-02",

      "children" : [ {

        "SegmentPort" : {

          "resource_type" : "SegmentPort",

          "id" : "default:96e7763f-b5fa-4e8d-830e-dcacdc7bf43a",

          "display_name" : "vm03/vm03.vmx@c1f5e1bd-d787-4ec5-96a4-c20910bd217a",

          "tags" : [ ],

          "path" : "/infra/segments/seg-overlay-02/ports/default:96e7763f-b5fa-4e8d-830e-dcacdc7bf43a",

          "relative_path" : "default:96e7763f-b5fa-4e8d-830e-dcacdc7bf43a",

          "parent_path" : "/infra/segments/seg-overlay-02",

          "children" : [ ],

          "marked_for_delete" : false,

          "_create_user" : "system",

          "_create_time" : 1572993602499,

          "_last_modified_user" : "system",

          "_last_modified_time" : 1572993602499,

          "_system_owned" : false,

          "_protection" : "NOT_PROTECTED",

          "_revision" : 0

        },

        "resource_type" : "ChildSegmentPort",

        "marked_for_delete" : false,

        "_protection" : "NOT_PROTECTED"

      }, {

        "SegmentPort" : {

          "resource_type" : "SegmentPort",

          "id" : "default:336fee15-4d0e-4d35-8dc7-cf091038b00e",

          "display_name" : "vm04/vm04.vmx@3c436657-571b-4bb3-b617-2dcfdcf2ba59",

          "tags" : [ ],

          "path" : "/infra/segments/seg-overlay-02/ports/default:336fee15-4d0e-4d35-8dc7-cf091038b00e",

          "relative_path" : "default:336fee15-4d0e-4d35-8dc7-cf091038b00e",

          "parent_path" : "/infra/segments/seg-overlay-02",

          "children" : [ ],

          "marked_for_delete" : false,

          "_create_user" : "system",

          "_create_time" : 1572993602424,

          "_last_modified_user" : "system",

          "_last_modified_time" : 1572993602424,

          "_system_owned" : false,

          "_protection" : "NOT_PROTECTED",

          "_revision" : 0

        },

        "resource_type" : "ChildSegmentPort",

        "marked_for_delete" : false,

        "_protection" : "NOT_PROTECTED"

      } ],

      "marked_for_delete" : false,

      "_create_user" : "admin",

      "_create_time" : 1572973676117,

      "_last_modified_user" : "admin",

      "_last_modified_time" : 1572973676117,

      "_system_owned" : false,

      "_protection" : "NOT_PROTECTED",

      "_revision" : 0

    },

    "resource_type" : "ChildSegment",

    "marked_for_delete" : false,

    "_protection" : "NOT_PROTECTED"

  }, {

    "Segment" : {

      "type" : "ROUTED",

      "subnets" : [ {

        "gateway_address" : "172.16.1.1/24",

        "dhcp_ranges" : [ "172.16.1.10-172.16.1.250" ],

        "network" : "172.16.1.0/24"

      } ],

      "connectivity_path" : "/infra/tier-1s/t1-gw-01",

      "transport_zone_path" : "/infra/sites/default/enforcement-points/default/transport-zones/4d5e3804-e62c-40ab-af7c-99bab2d5e5e8",

      "resource_type" : "Segment",

      "id" : "seg-overlay-01",

      "display_name" : "seg-overlay-01",

      "path" : "/infra/segments/seg-overlay-01",

      "relative_path" : "seg-overlay-01",

      "parent_path" : "/infra/segments/seg-overlay-01",

      "children" : [ {

        "SegmentPort" : {

          "resource_type" : "SegmentPort",

          "id" : "default:94e29eaa-034c-4df6-a4b1-54fc95a18cba",

          "display_name" : "vm01/vm01.vmx@3c436657-571b-4bb3-b617-2dcfdcf2ba59",

          "tags" : [ ],

          "path" : "/infra/segments/seg-overlay-01/ports/default:94e29eaa-034c-4df6-a4b1-54fc95a18cba",

          "relative_path" : "default:94e29eaa-034c-4df6-a4b1-54fc95a18cba",

          "parent_path" : "/infra/segments/seg-overlay-01",

          "children" : [ ],

          "marked_for_delete" : false,

          "_create_user" : "system",

          "_create_time" : 1572993602117,

          "_last_modified_user" : "system",

          "_last_modified_time" : 1572993602117,

          "_system_owned" : false,

          "_protection" : "NOT_PROTECTED",

          "_revision" : 0

        },

        "resource_type" : "ChildSegmentPort",

        "marked_for_delete" : false,

        "_protection" : "NOT_PROTECTED"

      }, {

        "SegmentPort" : {

          "resource_type" : "SegmentPort",

          "id" : "default:e1385e98-f4cf-4dee-bbc6-535584d9b721",

          "display_name" : "vm02/vm02.vmx@92e5beee-20a2-4ba7-8372-ce49aace34fc",

          "tags" : [ ],

          "path" : "/infra/segments/seg-overlay-01/ports/default:e1385e98-f4cf-4dee-bbc6-535584d9b721",

          "relative_path" : "default:e1385e98-f4cf-4dee-bbc6-535584d9b721",

          "parent_path" : "/infra/segments/seg-overlay-01",

          "children" : [ ],

          "marked_for_delete" : false,

          "_create_user" : "system",

          "_create_time" : 1572993602249,

          "_last_modified_user" : "system",

          "_last_modified_time" : 1572993602249,

          "_system_owned" : false,

          "_protection" : "NOT_PROTECTED",

          "_revision" : 0

        },

        "resource_type" : "ChildSegmentPort",

        "marked_for_delete" : false,

        "_protection" : "NOT_PROTECTED"

      } ],

      "marked_for_delete" : false,

      "_create_user" : "admin",

      "_create_time" : 1572973665350,

      "_last_modified_user" : "admin",

      "_last_modified_time" : 1572973665350,

      "_system_owned" : false,

      "_protection" : "NOT_PROTECTED",

      "_revision" : 0

    },

    "resource_type" : "ChildSegment",

    "marked_for_delete" : false,

    "_protection" : "NOT_PROTECTED"

  } ],

  "marked_for_delete" : false,

  "connectivity_strategy" : "BLACKLIST",

  "_create_user" : "system",

  "_create_time" : 1568904745337,

  "_last_modified_user" : "system",

  "_last_modified_time" : 1568904745337,

  "_system_owned" : false,

  "_protection" : "NOT_PROTECTED",

  "_revision" : 0

}

 

Tier-0 ゲートウェイの情報取得。

Tier-0 ゲートウェイ配下のオブジェクトは、Tier-0 と一緒にフィルタに含める必要があります。

 

Tier-0 ゲートウェイだけを指定した情報取得。

まず、Tier-0 ゲートウェイだけの場合です。

GET /policy/api/v1/infra?filter=Type-Tier0

$ curl -ks -u $CRED -X GET https://$MGR/policy/api/v1/infra?filter=Type-Tier0

{

  "resource_type" : "Infra",

  "id" : "infra",

  "display_name" : "infra",

  "path" : "/infra",

  "relative_path" : "infra",

  "children" : [ {

    "Tier0" : {

      "transit_subnets" : [ "100.64.0.0/16" ],

      "internal_transit_subnets" : [ "169.254.0.0/28" ],

      "ha_mode" : "ACTIVE_STANDBY",

      "failover_mode" : "NON_PREEMPTIVE",

      "ipv6_profile_paths" : [ "/infra/ipv6-ndra-profiles/default", "/infra/ipv6-dad-profiles/default" ],

      "force_whitelisting" : false,

      "default_rule_logging" : false,

      "disable_firewall" : false,

      "resource_type" : "Tier0",

      "id" : "t0-gw-01",

      "display_name" : "t0-gw-01",

      "path" : "/infra/tier-0s/t0-gw-01",

      "relative_path" : "t0-gw-01",

      "parent_path" : "/infra/tier-0s/t0-gw-01",

      "children" : [ ],

      "marked_for_delete" : false,

      "_create_user" : "admin",

      "_create_time" : 1572973048893,

      "_last_modified_user" : "admin",

      "_last_modified_time" : 1572973084322,

      "_system_owned" : false,

      "_protection" : "NOT_PROTECTED",

      "_revision" : 1

    },

    "resource_type" : "ChildTier0",

    "marked_for_delete" : false,

    "_protection" : "NOT_PROTECTED"

  } ],

  "marked_for_delete" : false,

  "connectivity_strategy" : "BLACKLIST",

  "_create_user" : "system",

  "_create_time" : 1568904745337,

  "_last_modified_user" : "system",

  "_last_modified_time" : 1568904745337,

  "_system_owned" : false,

  "_protection" : "NOT_PROTECTED",

  "_revision" : 0

}

 

LocaleServices を含めた情報取得。

複数種類のリソースを含める場合は、「|」(パイプ)で連結します。

ただし、URL ではパイプ文字が指定できないので、URL エンコーディング(% エンコーディング)にします。

「|」は、「%7C」という文字列に置き換えます。

 

結果の JSON から、Tier0 → LocaleServices → Tier0Interface が階層構造になっていることがわかります。

ここでは LocaleServices のインターフェースも取得できています。

 

GET /policy/api/v1/infra?filter=Type-Tier0|LocaleServices

GET /policy/api/v1/infra?filter=Type-Tier0%7CLocaleServices

$ curl -ks -u $CRED -X GET https://$MGR/policy/api/v1/infra?filter=Type-Tier0%7CLocaleServices

{

  "resource_type" : "Infra",

  "id" : "infra",

  "display_name" : "infra",

  "path" : "/infra",

  "relative_path" : "infra",

  "children" : [ {

    "Tier0" : {

      "transit_subnets" : [ "100.64.0.0/16" ],

      "internal_transit_subnets" : [ "169.254.0.0/28" ],

      "ha_mode" : "ACTIVE_STANDBY",

      "failover_mode" : "NON_PREEMPTIVE",

      "ipv6_profile_paths" : [ "/infra/ipv6-ndra-profiles/default", "/infra/ipv6-dad-profiles/default" ],

      "force_whitelisting" : false,

      "default_rule_logging" : false,

      "disable_firewall" : false,

      "resource_type" : "Tier0",

      "id" : "t0-gw-01",

      "display_name" : "t0-gw-01",

      "path" : "/infra/tier-0s/t0-gw-01",

      "relative_path" : "t0-gw-01",

      "parent_path" : "/infra/tier-0s/t0-gw-01",

      "children" : [ {

        "LocaleServices" : {

          "edge_cluster_path" : "/infra/sites/default/enforcement-points/default/edge-clusters/a2958967-0579-4cbf-a018-96cfa6553fae",

          "resource_type" : "LocaleServices",

          "id" : "24b79e4c-2ef1-4360-ac2c-9454514eada5",

          "display_name" : "24b79e4c-2ef1-4360-ac2c-9454514eada5",

          "path" : "/infra/tier-0s/t0-gw-01/locale-services/24b79e4c-2ef1-4360-ac2c-9454514eada5",

          "relative_path" : "24b79e4c-2ef1-4360-ac2c-9454514eada5",

          "parent_path" : "/infra/tier-0s/t0-gw-01",

          "children" : [ {

            "Tier0Interface" : {

              "edge_path" : "/infra/sites/default/enforcement-points/default/edge-clusters/a2958967-0579-4cbf-a018-96cfa6553fae/edge-nodes/8e1b5bda-e116-49da-8b4b-bbb2961a7900",

              "segment_path" : "/infra/segments/seg-vlan-0200",

              "type" : "EXTERNAL",

              "resource_type" : "Tier0Interface",

              "id" : "t0-uplink-01",

              "display_name" : "t0-uplink-01",

              "path" : "/infra/tier-0s/t0-gw-01/locale-services/24b79e4c-2ef1-4360-ac2c-9454514eada5/interfaces/t0-uplink-01",

              "relative_path" : "t0-uplink-01",

              "parent_path" : "/infra/tier-0s/t0-gw-01/locale-services/24b79e4c-2ef1-4360-ac2c-9454514eada5",

              "children" : [ ],

              "marked_for_delete" : false,

              "subnets" : [ {

                "ip_addresses" : [ "192.168.200.2" ],

                "prefix_len" : 24

              } ],

              "_create_user" : "admin",

              "_create_time" : 1572973121476,

              "_last_modified_user" : "admin",

              "_last_modified_time" : 1572973121476,

              "_system_owned" : false,

              "_protection" : "NOT_PROTECTED",

              "_revision" : 0

            },

            "resource_type" : "ChildTier0Interface",

            "marked_for_delete" : false,

            "_protection" : "NOT_PROTECTED"

          } ],

          "marked_for_delete" : false,

          "_create_user" : "admin",

          "_create_time" : 1572973084293,

          "_last_modified_user" : "admin",

          "_last_modified_time" : 1572973084293,

          "_system_owned" : false,

          "_protection" : "NOT_PROTECTED",

          "_revision" : 0

        },

        "resource_type" : "ChildLocaleServices",

        "marked_for_delete" : false,

        "_protection" : "NOT_PROTECTED"

      } ],

      "marked_for_delete" : false,

      "_create_user" : "admin",

      "_create_time" : 1572973048893,

      "_last_modified_user" : "admin",

      "_last_modified_time" : 1572973084322,

      "_system_owned" : false,

      "_protection" : "NOT_PROTECTED",

      "_revision" : 1

    },

    "resource_type" : "ChildTier0",

    "marked_for_delete" : false,

    "_protection" : "NOT_PROTECTED"

  } ],

  "marked_for_delete" : false,

  "connectivity_strategy" : "BLACKLIST",

  "_create_user" : "system",

  "_create_time" : 1568904745337,

  "_last_modified_user" : "system",

  "_last_modified_time" : 1568904745337,

  "_system_owned" : false,

  "_protection" : "NOT_PROTECTED",

  "_revision" : 0

}

 

LocaleServices とインターフェースを含めた情報取得。

Tier-0 ゲートウェイのインターフェースを含めた URL 指定は、次のようになります。

※レスポンスについては省略。

 

GET /policy/api/v1/infra?filter=Type-Tier0|LocaleServices|Tier0Interface

$ curl -ks -u $CRED -X GET https://$MGR/policy/api/v1/infra?filter=Type-Tier0%7CLocaleServices%7CTier0Interface

 

スタティック ルートの情報取得。

Tier-0 ゲートウェイのスタティック ルートの情報を取得します。

 

GET /policy/api/v1/infra?filter=Type-Tier0|StaticRoutes

$ curl -ks -u $CRED -X GET https://$MGR/policy/api/v1/infra?filter=Type-Tier0%7CStaticRoutes

{

  "resource_type" : "Infra",

  "id" : "infra",

  "display_name" : "infra",

  "path" : "/infra",

  "relative_path" : "infra",

  "children" : [ {

    "Tier0" : {

      "transit_subnets" : [ "100.64.0.0/16" ],

      "internal_transit_subnets" : [ "169.254.0.0/28" ],

      "ha_mode" : "ACTIVE_STANDBY",

      "failover_mode" : "NON_PREEMPTIVE",

      "ipv6_profile_paths" : [ "/infra/ipv6-ndra-profiles/default", "/infra/ipv6-dad-profiles/default" ],

      "force_whitelisting" : false,

      "default_rule_logging" : false,

      "disable_firewall" : false,

      "resource_type" : "Tier0",

      "id" : "t0-gw-01",

      "display_name" : "t0-gw-01",

      "path" : "/infra/tier-0s/t0-gw-01",

      "relative_path" : "t0-gw-01",

      "parent_path" : "/infra/tier-0s/t0-gw-01",

      "children" : [ {

        "StaticRoutes" : {

          "network" : "0.0.0.0/0",

          "next_hops" : [ {

            "ip_address" : "192.168.200.1",

            "admin_distance" : 1

          } ],

          "resource_type" : "StaticRoutes",

          "id" : "t0-route-01",

          "display_name" : "t0-route-01",

          "path" : "/infra/tier-0s/t0-gw-01/static-routes/t0-route-01",

          "relative_path" : "t0-route-01",

          "parent_path" : "/infra/tier-0s/t0-gw-01",

          "children" : [ ],

          "marked_for_delete" : false,

          "_create_user" : "admin",

          "_create_time" : 1572973183264,

          "_last_modified_user" : "admin",

          "_last_modified_time" : 1572973183264,

          "_system_owned" : false,

          "_protection" : "NOT_PROTECTED",

          "_revision" : 0

        },

        "resource_type" : "ChildStaticRoutes",

        "marked_for_delete" : false,

        "_protection" : "NOT_PROTECTED"

      } ],

      "marked_for_delete" : false,

      "_create_user" : "admin",

      "_create_time" : 1572973048893,

      "_last_modified_user" : "admin",

      "_last_modified_time" : 1572973084322,

      "_system_owned" : false,

      "_protection" : "NOT_PROTECTED",

      "_revision" : 1

    },

    "resource_type" : "ChildTier0",

    "marked_for_delete" : false,

    "_protection" : "NOT_PROTECTED"

  } ],

  "marked_for_delete" : false,

  "connectivity_strategy" : "BLACKLIST",

  "_create_user" : "system",

  "_create_time" : 1568904745337,

  "_last_modified_user" : "system",

  "_last_modified_time" : 1568904745337,

  "_system_owned" : false,

  "_protection" : "NOT_PROTECTED",

  "_revision" : 0

}

 

NAT ルールの情報取得。

Tier-0 ゲートウェイの NAT ルールを取得します。

ユーザが手動で作成した「USER」のもの以外に、

自動作成される DEFAULT / INTERNAL の NAT が存在することがわかります。

 

GET /policy/api/v1/infra?filter=Type-Tier0|PolicyNat

$ curl -ks -u $CRED -X GET https://$MGR/policy/api/v1/infra?filter=Type-Tier0%7CPolicyNat

{

  "resource_type" : "Infra",

  "id" : "infra",

  "display_name" : "infra",

  "path" : "/infra",

  "relative_path" : "infra",

  "children" : [ {

    "Tier0" : {

      "transit_subnets" : [ "100.64.0.0/16" ],

      "internal_transit_subnets" : [ "169.254.0.0/28" ],

      "ha_mode" : "ACTIVE_STANDBY",

      "failover_mode" : "NON_PREEMPTIVE",

      "ipv6_profile_paths" : [ "/infra/ipv6-ndra-profiles/default", "/infra/ipv6-dad-profiles/default" ],

      "force_whitelisting" : false,

      "default_rule_logging" : false,

      "disable_firewall" : false,

      "resource_type" : "Tier0",

      "id" : "t0-gw-01",

      "display_name" : "t0-gw-01",

      "path" : "/infra/tier-0s/t0-gw-01",

      "relative_path" : "t0-gw-01",

      "parent_path" : "/infra/tier-0s/t0-gw-01",

      "children" : [ {

        "PolicyNat" : {

          "nat_type" : "DEFAULT",

          "resource_type" : "PolicyNat",

          "id" : "DEFAULT",

          "display_name" : "DEFAULT",

          "path" : "/infra/tier-0s/t0-gw-01/nat/DEFAULT",

          "relative_path" : "DEFAULT",

          "parent_path" : "/infra/tier-0s/t0-gw-01",

          "children" : [ ],

          "marked_for_delete" : false,

          "_create_user" : "admin",

          "_create_time" : 1569254493062,

          "_last_modified_user" : "admin",

          "_last_modified_time" : 1569254493062,

          "_system_owned" : false,

          "_protection" : "NOT_PROTECTED",

          "_revision" : 0

        },

        "resource_type" : "ChildPolicyNat",

        "marked_for_delete" : false,

        "_protection" : "NOT_PROTECTED"

      }, {

        "PolicyNat" : {

          "nat_type" : "INTERNAL",

          "resource_type" : "PolicyNat",

          "id" : "INTERNAL",

          "display_name" : "INTERNAL",

          "path" : "/infra/tier-0s/t0-gw-01/nat/INTERNAL",

          "relative_path" : "INTERNAL",

          "parent_path" : "/infra/tier-0s/t0-gw-01",

          "children" : [ ],

          "marked_for_delete" : false,

          "_create_user" : "admin",

          "_create_time" : 1569254493059,

          "_last_modified_user" : "admin",

          "_last_modified_time" : 1569254493059,

          "_system_owned" : false,

          "_protection" : "NOT_PROTECTED",

          "_revision" : 0

        },

        "resource_type" : "ChildPolicyNat",

        "marked_for_delete" : false,

        "_protection" : "NOT_PROTECTED"

      }, {

        "PolicyNat" : {

          "nat_type" : "USER",

          "resource_type" : "PolicyNat",

          "id" : "USER",

          "display_name" : "USER",

          "path" : "/infra/tier-0s/t0-gw-01/nat/USER",

          "relative_path" : "USER",

          "parent_path" : "/infra/tier-0s/t0-gw-01",

          "children" : [ {

            "PolicyNatRule" : {

              "sequence_number" : 100,

              "action" : "SNAT",

              "source_network" : "172.16.0.0/16",

              "service" : "",

              "translated_network" : "192.168.200.2",

              "scope" : [ ],

              "enabled" : true,

              "logging" : false,

              "resource_type" : "PolicyNatRule",

              "id" : "2455c9f8-17b8-4531-8b83-0ce5831eca45",

              "display_name" : "t0-snat-01",

              "path" : "/infra/tier-0s/t0-gw-01/nat/USER/nat-rules/2455c9f8-17b8-4531-8b83-0ce5831eca45",

              "relative_path" : "2455c9f8-17b8-4531-8b83-0ce5831eca45",

              "parent_path" : "/infra/tier-0s/t0-gw-01/nat/USER",

              "children" : [ ],

              "marked_for_delete" : false,

              "_create_user" : "admin",

              "_create_time" : 1572973145927,

              "_last_modified_user" : "admin",

              "_last_modified_time" : 1572973145927,

              "_system_owned" : false,

              "_protection" : "NOT_PROTECTED",

              "_revision" : 0

            },

            "resource_type" : "ChildPolicyNatRule",

            "marked_for_delete" : false,

            "_protection" : "NOT_PROTECTED"

          } ],

          "marked_for_delete" : false,

          "_create_user" : "admin",

          "_create_time" : 1569254493061,

          "_last_modified_user" : "admin",

          "_last_modified_time" : 1569254493061,

          "_system_owned" : false,

          "_protection" : "NOT_PROTECTED",

          "_revision" : 0

        },

        "resource_type" : "ChildPolicyNat",

        "marked_for_delete" : false,

        "_protection" : "NOT_PROTECTED"

      } ],

      "marked_for_delete" : false,

      "_create_user" : "admin",

      "_create_time" : 1572973048893,

      "_last_modified_user" : "admin",

      "_last_modified_time" : 1572973084322,

      "_system_owned" : false,

      "_protection" : "NOT_PROTECTED",

      "_revision" : 1

    },

    "resource_type" : "ChildTier0",

    "marked_for_delete" : false,

    "_protection" : "NOT_PROTECTED"

  } ],

  "marked_for_delete" : false,

  "connectivity_strategy" : "BLACKLIST",

  "_create_user" : "system",

  "_create_time" : 1568904745337,

  "_last_modified_user" : "system",

  "_last_modified_time" : 1568904745337,

  "_system_owned" : false,

  "_protection" : "NOT_PROTECTED",

  "_revision" : 0

}

 

Tier-1 ゲートウェイの情報取得。

Tier-1 ゲートウェイ/LocaleServices を取得してみます。

※「filter=Type-Tier1」だけの結果は省略します。

 

GET /policy/api/v1/infra?filter=Type-Tier1

GET /policy/api/v1/infra?filter=Type-Tier1|LocaleServices

$ curl -ks -u $CRED -X GET https://$MGR/policy/api/v1/infra?filter=Type-Tier1%7CLocaleServices

{

  "resource_type" : "Infra",

  "id" : "infra",

  "display_name" : "infra",

  "path" : "/infra",

  "relative_path" : "infra",

  "children" : [ {

    "Tier1" : {

      "tier0_path" : "/infra/tier-0s/t0-gw-01",

      "failover_mode" : "NON_PREEMPTIVE",

      "enable_standby_relocation" : false,

      "dhcp_config_paths" : [ "/infra/dhcp-server-configs/dhcp-sv-01" ],

      "route_advertisement_types" : [ "TIER1_DNS_FORWARDER_IP", "TIER1_CONNECTED" ],

      "force_whitelisting" : false,

      "default_rule_logging" : false,

      "disable_firewall" : false,

      "ipv6_profile_paths" : [ "/infra/ipv6-ndra-profiles/default", "/infra/ipv6-dad-profiles/default" ],

      "resource_type" : "Tier1",

      "id" : "t1-gw-01",

      "display_name" : "t1-gw-01",

      "path" : "/infra/tier-1s/t1-gw-01",

      "relative_path" : "t1-gw-01",

      "parent_path" : "/infra/tier-1s/t1-gw-01",

      "children" : [ {

        "LocaleServices" : {

          "edge_cluster_path" : "/infra/sites/default/enforcement-points/default/edge-clusters/a2958967-0579-4cbf-a018-96cfa6553fae",

          "preferred_edge_paths" : [ "/infra/sites/default/enforcement-points/default/edge-clusters/a2958967-0579-4cbf-a018-96cfa6553fae/edge-nodes/8e1b5bda-e116-49da-8b4b-bbb2961a7900" ],

          "resource_type" : "LocaleServices",

          "id" : "7fa98167-2565-4869-b223-ffa9913684af",

          "display_name" : "7fa98167-2565-4869-b223-ffa9913684af",

          "path" : "/infra/tier-1s/t1-gw-01/locale-services/7fa98167-2565-4869-b223-ffa9913684af",

          "relative_path" : "7fa98167-2565-4869-b223-ffa9913684af",

          "parent_path" : "/infra/tier-1s/t1-gw-01",

          "children" : [ ],

          "marked_for_delete" : false,

          "_create_user" : "admin",

          "_create_time" : 1572973260316,

          "_last_modified_user" : "admin",

          "_last_modified_time" : 1572973260316,

          "_system_owned" : false,

          "_protection" : "NOT_PROTECTED",

          "_revision" : 0

        },

        "resource_type" : "ChildLocaleServices",

        "marked_for_delete" : false,

        "_protection" : "NOT_PROTECTED"

      } ],

      "marked_for_delete" : false,

      "_create_user" : "admin",

      "_create_time" : 1572973229372,

      "_last_modified_user" : "admin",

      "_last_modified_time" : 1572973418665,

      "_system_owned" : false,

      "_protection" : "NOT_PROTECTED",

      "_revision" : 2

    },

    "resource_type" : "ChildTier1",

    "marked_for_delete" : false,

    "_protection" : "NOT_PROTECTED"

  } ],

  "marked_for_delete" : false,

  "connectivity_strategy" : "BLACKLIST",

  "_create_user" : "system",

  "_create_time" : 1568904745337,

  "_last_modified_user" : "system",

  "_last_modified_time" : 1568904745337,

  "_system_owned" : false,

  "_protection" : "NOT_PROTECTED",

  "_revision" : 0

}

 

DHCP サーバの情報取得。

DHCP サーバを取得してみます。

 

GET /policy/api/v1/infra?filter=Type-Dhcp

$ curl -ks -u $CRED -X GET https://$MGR/policy/api/v1/infra?filter=Type-Dhcp

{

  "resource_type" : "Infra",

  "id" : "infra",

  "display_name" : "infra",

  "path" : "/infra",

  "relative_path" : "infra",

  "children" : [ {

    "DhcpServerConfig" : {

      "server_address" : "172.16.254.254/24",

      "lease_time" : 86400,

      "resource_type" : "DhcpServerConfig",

      "id" : "dhcp-sv-01",

      "display_name" : "dhcp-sv-01",

      "path" : "/infra/dhcp-server-configs/dhcp-sv-01",

      "relative_path" : "dhcp-sv-01",

      "parent_path" : "/infra/dhcp-server-configs/dhcp-sv-01",

      "children" : [ ],

      "marked_for_delete" : false,

      "_create_user" : "admin",

      "_create_time" : 1572973288751,

      "_last_modified_user" : "admin",

      "_last_modified_time" : 1572973288751,

      "_system_owned" : false,

      "_protection" : "NOT_PROTECTED",

      "_revision" : 0

    },

    "resource_type" : "ChildDhcpServerConfig",

    "marked_for_delete" : false,

    "_protection" : "NOT_PROTECTED"

  } ],

  "marked_for_delete" : false,

  "connectivity_strategy" : "BLACKLIST",

  "_create_user" : "system",

  "_create_time" : 1568904745337,

  "_last_modified_user" : "system",

  "_last_modified_time" : 1568904745337,

  "_system_owned" : false,

  "_protection" : "NOT_PROTECTED",

  "_revision" : 0

}

 

DNS フォワーダの情報取得。

DNS フォワーダ ゾーンの情報を取得してみます。

 

GET /policy/api/v1/infra?filter=Type-Dns

$ curl -ks -u $CRED -X GET https://$MGR/policy/api/v1/infra?filter=Type-Dns

{

  "resource_type" : "Infra",

  "id" : "infra",

  "display_name" : "infra",

  "path" : "/infra",

  "relative_path" : "infra",

  "children" : [ {

    "PolicyDnsForwarderZone" : {

      "dns_domain_names" : [ ],

      "upstream_servers" : [ "192.168.1.101", "192.168.1.102" ],

      "resource_type" : "PolicyDnsForwarderZone",

      "id" : "dns-zone-01",

      "display_name" : "dns-zone-01",

      "path" : "/infra/dns-forwarder-zones/dns-zone-01",

      "relative_path" : "dns-zone-01",

      "parent_path" : "/infra/dns-forwarder-zones/dns-zone-01",

      "children" : [ ],

      "marked_for_delete" : false,

      "_create_user" : "admin",

      "_create_time" : 1572973350057,

      "_last_modified_user" : "admin",

      "_last_modified_time" : 1572973350057,

      "_system_owned" : false,

      "_protection" : "NOT_PROTECTED",

      "_revision" : 0

    },

    "resource_type" : "ChildPolicyDnsForwarderZone",

    "marked_for_delete" : false,

    "_protection" : "NOT_PROTECTED"

  } ],

  "marked_for_delete" : false,

  "connectivity_strategy" : "BLACKLIST",

  "_create_user" : "system",

  "_create_time" : 1568904745337,

  "_last_modified_user" : "system",

  "_last_modified_time" : 1568904745337,

  "_system_owned" : false,

  "_protection" : "NOT_PROTECTED",

  "_revision" : 0

}

 

まとめて情報取得。

他にも、関連するコンポーネントをある程度まとめて取得することもできます。

 

GET /policy/api/v1/infra?filter=Type-Tier0|LocaleServices|Segment|StaticRoutes|PolicyNat

$ curl -ks -u $CRED -X GET https://$MGR/policy/api/v1/infra?filter=Type-Tier0%7CLocaleServices%7CSegment%7CStaticRoutes%7CPolicyNat

 

GET /policy/api/v1/infra?filter=Type-Tier1|LocaleServices|Segment|Dhcp|Dns

$ curl -ks -u $CRED -X GET https://$MGR/policy/api/v1/infra?filter=Type-Tier1%7CLocaleServices%7CSegment%7CDhcp%7CDns

 

ちなみに Policy API での設定全体については、つぎのように取得できます。

ただし内容は膨大で、テキスト ベースの JSON ですがデフォルトに近い環境でも 2MB 弱の容量になります。

 

GET /policy/api/v1/infra?filter=Type-

$ curl -ks -u $CRED -X GET https://$MGR/policy/api/v1/infra?filter=Type-

 

なお、全体/複数種類をまとめて取得した JSON データは、環境の論理バックアップに近い目的でも利用できます。

しかし、そのままだと PATCH / PUT で変更できないシステム オブジェクトも含まれるので、

設定のリストアに利用する場合は、取得した JSON から不要なデータを削除する必要があります。

 

次は、今回取得した JSON 情報を参考に、Hierarchical API で環境作成/削除をしてみます。

 

つづく。

NSX-T の Policy API をためす。Part.5(Hierarchical API でのオブジェクト作成/削除 編)