Solved: Re: Set vApp fenced mode?

Subnet88 · ‎06-19-2012

Has anybody been able to change an existing vApp to "fenced" from within VCO? if so, What api property are you modifying? I have not been able to find it.

cdecanini_ · ‎06-22-2012

You need to change the property of the network config. Like this:

var networkConfigSection = vApp.getNetworkConfigSection();
var networkConfigs = networkConfigSection.networkConfig.enumerate();
for each (var networkConfig in networkConfigs) {
    System.log("vApp Fenced mod is network " + networkConfig.NetworkName);
    var NetworkConfig = networkConfig.Configuration;
    System.log(NetworkConfig.fenceMode)
    if (NetworkConfig.fenceMode == "bridged") NetworkConfig.fenceMode = "natRouted";
    }       
System.log(networkConfigSection.toXml());
vApp.updateSection(networkConfigSection);

Not sure if it accept the change as I cannot change my target environment but it updates the networkConfigSection:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns6:NetworkConfigSection xmlns="http://www.vmware.com/vcloud/versions" xmlns:ns2="http://schemas.dmtf.org/ovf/envelope/1" xmlns:ns3="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_ResourceAllocationSettingData" xmlns:ns4="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_VirtualSystemSettingData" xmlns:ns5="http://schemas.dmtf.org/wbem/wscim/1/common" xmlns:ns6="http://www.vmware.com/vcloud/v1.5" xmlns:ns7="http://schemas.dmtf.org/ovf/environment/1" xmlns:ns8="http://www.vmware.com/vcloud/extension/v1.5" type="application/vnd.vmware.vcloud.networkConfigSection+xml" href="https://cloud.xxx.com/api/vApp/vapp-8ccccd29-0612-48f6-9c3b-da9ca432744d/networkConfigSection/" ns2:required="false">
    <ns2:Info>The configuration parameters for logical networks</ns2:Info>
    <ns6:Link rel="edit" type="application/vnd.vmware.vcloud.networkConfigSection+xml" href="https://cloud.xxx.com/api/vApp/vapp-8ccccd29-0612-48f6-9c3b-da9ca432744d/networkConfigSection/"/>
    <ns6:NetworkConfig networkName="Internal-Network-F5-Workloads">
        <ns6:Link rel="repair" href="https://cloud.xxx.com/api/admin/network/df555055-2e71-49d0-b85d-44305dcb3c20/action/reset"/>
        <ns6:Description></ns6:Description>
        <ns6:Configuration>
            <ns6:IpScope>
                <ns6:IsInherited>true</ns6:IsInherited>
                <ns6:Gateway>192.168.150.10</ns6:Gateway>
                <ns6:Netmask>255.255.255.0</ns6:Netmask>
                <ns6:Dns1>8.8.8.8</ns6:Dns1>
                <ns6:IpRanges>
                    <ns6:IpRange>
                        <ns6:StartAddress>192.168.150.100</ns6:StartAddress>
                        <ns6:EndAddress>192.168.150.199</ns6:EndAddress>
                    </ns6:IpRange>
                </ns6:IpRanges>
            </ns6:IpScope>
            <ns6:ParentNetwork type="application/vnd.vmware.vcloud.network+xml" name="Internal-Network-F5-Workloads" href="https://cloud.tsugliani.fr/api/network/de577468-9f04-4127-92b8-2f8db7d35b8c"/>
            <ns6:FenceMode>natRouted</ns6:FenceMode>
            <ns6:RetainNetInfoAcrossDeployments>false</ns6:RetainNetInfoAcrossDeployments>
            <ns6:Features>
                <ns6:DhcpService>
                    <ns6:IsEnabled>false</ns6:IsEnabled>
                    <ns6:DefaultLeaseTime>3600</ns6:DefaultLeaseTime>
                    <ns6:MaxLeaseTime>7200</ns6:MaxLeaseTime>
                    <ns6:IpRange>
                        <ns6:StartAddress>192.168.150.11</ns6:StartAddress>
                        <ns6:EndAddress>192.168.150.99</ns6:EndAddress>
                    </ns6:IpRange>
                </ns6:DhcpService>
                <ns6:FirewallService>
                    <ns6:IsEnabled>true</ns6:IsEnabled>
                    <ns6:DefaultAction>drop</ns6:DefaultAction>
                    <ns6:LogDefaultAction>false</ns6:LogDefaultAction>
                    <ns6:FirewallRule>
                        <ns6:IsEnabled>true</ns6:IsEnabled>
                        <ns6:Description>Allow all outgoing traffic</ns6:Description>
                        <ns6:Policy>allow</ns6:Policy>
                        <ns6:Protocols>
                            <ns6:Any>true</ns6:Any>
                        </ns6:Protocols>
                        <ns6:Port>-1</ns6:Port>
                        <ns6:DestinationIp>Any</ns6:DestinationIp>
                        <ns6:SourcePort>-1</ns6:SourcePort>
                        <ns6:SourceIp>Any</ns6:SourceIp>
                        <ns6:Direction>out</ns6:Direction>
                        <ns6:EnableLogging>false</ns6:EnableLogging>
                    </ns6:FirewallRule>
                </ns6:FirewallService>
                <ns6:NatService>
                    <ns6:IsEnabled>true</ns6:IsEnabled>
                    <ns6:NatType>ipTranslation</ns6:NatType>
                    <ns6:Policy>allowTraffic</ns6:Policy>
                    <ns6:NatRule>
                        <ns6:OneToOneVmRule>
                            <ns6:MappingMode>automatic</ns6:MappingMode>
                            <ns6:VAppScopedVmId>e55ff49a-0126-4dbc-aaa4-da1b5feb9a64</ns6:VAppScopedVmId>
                            <ns6:VmNicId>0</ns6:VmNicId>
                        </ns6:OneToOneVmRule>
                    </ns6:NatRule>
                </ns6:NatService>
                <ns6:StaticRoutingService>
                    <ns6:IsEnabled>false</ns6:IsEnabled>
                </ns6:StaticRoutingService>
            </ns6:Features>
            <ns6:SyslogServerSettings/>
        </ns6:Configuration>
        <ns6:IsDeployed>false</ns6:IsDeployed>
    </ns6:NetworkConfig>
</ns6:NetworkConfigSection>

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vCenter Orchestrator tips and tutorials - @vCOTeam on Twitter

View solution in original post

cdecanini_ · ‎06-19-2012

Looking at the createVAppNetworkConfiguration action code may help you to find out.

Christophe.

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vCenter Orchestrator tips and tutorials - @vCOTeam on Twitter

Subnet88 · ‎06-19-2012

That appears to have settings that create a fenced vapp during instantiation. Will it modify an existing vApp to be fenced in a similar way to clicking the "fence vApp" checkbox in the vApp networking properties of vCloud Director?

If so, Can you point me to documentation on what settings I would neet to provide?

I want to mimick the functionality within the GUI, where the IP settings of a vm are retained, but the vm is fenced.

cdecanini_ · ‎06-19-2012

Looking at this action and the one it calls it seems the fence mode is determined by networkConfiguration.fenceMode.

I would start by getting a vApp networkConfiguration, set a new fence mode and update the vApp networkConfiguration.

You can lookup in the API search and in the vCloud API guide.

Christophe.

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vCenter Orchestrator tips and tutorials - @vCOTeam on Twitter

Subnet88 · ‎06-22-2012

I cant seem to make this do what I want to an already existing vApp. Perhaps this is a question best for the API team?

cdecanini_ · ‎06-22-2012

Since I did not have time to try it here is my methodology.

Do a vApp.toXml();

Do the wanted change in vCD UI

Do a vApp.toXml();

Make a diff between the 2 vApp.toXml(); and note the sections that have been changed.

Update the same sections from the workflow using the dedicated methods.

What happens ? no change or an error message when you try to update ?

Christophe.

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vCenter Orchestrator tips and tutorials - @vCOTeam on Twitter

Subnet88 · ‎06-22-2012

There are no differences in the toXml() of a fenced and non-fenced vApp

cdecanini_ · ‎06-22-2012

Really ? We need agent Scully & Mulder then

I wish I had time to look at this but unfortunately I am running out of time and I still have a lot to wrap up before EOD.

Christophe.

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vCenter Orchestrator tips and tutorials - @vCOTeam on Twitter

Subnet88 · ‎06-22-2012

After running updateInternalState(); 5 times, I am seeing some changes They are below

The Fenced mode property in <NetworkConfigSection> changed from "bridged" to "natRouted", and the dv Portgroup moref changed on the network reference.

A new section called RouterInfo was placed beneath the Syslog settings

<ns6:RouterInfo>

<ns6:ExternalIp>10.10.2.11</ns6:ExternalIp>

</ns6:RouterInfo>

Hard coding the moRef's and Router External IPs via a workflow is not an option, as they will be unique per vApp.

Do you know if these are generated when the NetworkConfigSection is changed to "natRouted" ?

If so, What would I do to change that section?

cdecanini_ · ‎06-22-2012

OoOps sorry forgot to mention UpdateInternalState() to refresh.

To change this section try to expand on this code I extracted:

var networkConfigSection = vApp.getNetworkConfigSection();
var networkConfigs = networkConfigSection.networkConfig.enumerate();

for each (var networkConfig in networkConfigs) {
    System.log("vApp has network " + networkConfig.networkName);
    if (networkConfig.networkName == networkName) {
        //Do the change of properties here.
    }        
}

//System.log(networkConfigSection.toXml());
return vApp.updateSection(networkConfigSection);

Christophe.

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vCenter Orchestrator tips and tutorials - @vCOTeam on Twitter

Subnet88 · ‎06-22-2012

so I found the property "fencedMode" but am unable to update it. isFenced is a boolean input value.

var networkConfigSection = vApp.getNetworkConfigSection();

var networkConfigs = networkConfigSection.networkConfig.enumerate();

for each (var networkConfig in networkConfigs) {

System.log("vApp Fenced mod is network " + networkConfig.NetworkName);

var NetworkConfig = networkConfig.Configuration;

System.log(NetworkConfig.fenceMode)

if(networkConfig.NetworkName !== "none") {

if (isFenced == true) {

fenceMode = "natRouted";

}

else {

System.log("Setting fenced mode to Bridged")

fenceMode = "Bridged";

}

//System.log(networkConfigSection.toXml());

vApp.updateSection(networkConfigSection);

cdecanini_ · ‎06-22-2012

You need to change the property of the network config. Like this:

var networkConfigSection = vApp.getNetworkConfigSection();
var networkConfigs = networkConfigSection.networkConfig.enumerate();
for each (var networkConfig in networkConfigs) {
    System.log("vApp Fenced mod is network " + networkConfig.NetworkName);
    var NetworkConfig = networkConfig.Configuration;
    System.log(NetworkConfig.fenceMode)
    if (NetworkConfig.fenceMode == "bridged") NetworkConfig.fenceMode = "natRouted";
    }       
System.log(networkConfigSection.toXml());
vApp.updateSection(networkConfigSection);

Not sure if it accept the change as I cannot change my target environment but it updates the networkConfigSection:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns6:NetworkConfigSection xmlns="http://www.vmware.com/vcloud/versions" xmlns:ns2="http://schemas.dmtf.org/ovf/envelope/1" xmlns:ns3="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_ResourceAllocationSettingData" xmlns:ns4="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_VirtualSystemSettingData" xmlns:ns5="http://schemas.dmtf.org/wbem/wscim/1/common" xmlns:ns6="http://www.vmware.com/vcloud/v1.5" xmlns:ns7="http://schemas.dmtf.org/ovf/environment/1" xmlns:ns8="http://www.vmware.com/vcloud/extension/v1.5" type="application/vnd.vmware.vcloud.networkConfigSection+xml" href="https://cloud.xxx.com/api/vApp/vapp-8ccccd29-0612-48f6-9c3b-da9ca432744d/networkConfigSection/" ns2:required="false">
    <ns2:Info>The configuration parameters for logical networks</ns2:Info>
    <ns6:Link rel="edit" type="application/vnd.vmware.vcloud.networkConfigSection+xml" href="https://cloud.xxx.com/api/vApp/vapp-8ccccd29-0612-48f6-9c3b-da9ca432744d/networkConfigSection/"/>
    <ns6:NetworkConfig networkName="Internal-Network-F5-Workloads">
        <ns6:Link rel="repair" href="https://cloud.xxx.com/api/admin/network/df555055-2e71-49d0-b85d-44305dcb3c20/action/reset"/>
        <ns6:Description></ns6:Description>
        <ns6:Configuration>
            <ns6:IpScope>
                <ns6:IsInherited>true</ns6:IsInherited>
                <ns6:Gateway>192.168.150.10</ns6:Gateway>
                <ns6:Netmask>255.255.255.0</ns6:Netmask>
                <ns6:Dns1>8.8.8.8</ns6:Dns1>
                <ns6:IpRanges>
                    <ns6:IpRange>
                        <ns6:StartAddress>192.168.150.100</ns6:StartAddress>
                        <ns6:EndAddress>192.168.150.199</ns6:EndAddress>
                    </ns6:IpRange>
                </ns6:IpRanges>
            </ns6:IpScope>
            <ns6:ParentNetwork type="application/vnd.vmware.vcloud.network+xml" name="Internal-Network-F5-Workloads" href="https://cloud.tsugliani.fr/api/network/de577468-9f04-4127-92b8-2f8db7d35b8c"/>
            <ns6:FenceMode>natRouted</ns6:FenceMode>
            <ns6:RetainNetInfoAcrossDeployments>false</ns6:RetainNetInfoAcrossDeployments>
            <ns6:Features>
                <ns6:DhcpService>
                    <ns6:IsEnabled>false</ns6:IsEnabled>
                    <ns6:DefaultLeaseTime>3600</ns6:DefaultLeaseTime>
                    <ns6:MaxLeaseTime>7200</ns6:MaxLeaseTime>
                    <ns6:IpRange>
                        <ns6:StartAddress>192.168.150.11</ns6:StartAddress>
                        <ns6:EndAddress>192.168.150.99</ns6:EndAddress>
                    </ns6:IpRange>
                </ns6:DhcpService>
                <ns6:FirewallService>
                    <ns6:IsEnabled>true</ns6:IsEnabled>
                    <ns6:DefaultAction>drop</ns6:DefaultAction>
                    <ns6:LogDefaultAction>false</ns6:LogDefaultAction>
                    <ns6:FirewallRule>
                        <ns6:IsEnabled>true</ns6:IsEnabled>
                        <ns6:Description>Allow all outgoing traffic</ns6:Description>
                        <ns6:Policy>allow</ns6:Policy>
                        <ns6:Protocols>
                            <ns6:Any>true</ns6:Any>
                        </ns6:Protocols>
                        <ns6:Port>-1</ns6:Port>
                        <ns6:DestinationIp>Any</ns6:DestinationIp>
                        <ns6:SourcePort>-1</ns6:SourcePort>
                        <ns6:SourceIp>Any</ns6:SourceIp>
                        <ns6:Direction>out</ns6:Direction>
                        <ns6:EnableLogging>false</ns6:EnableLogging>
                    </ns6:FirewallRule>
                </ns6:FirewallService>
                <ns6:NatService>
                    <ns6:IsEnabled>true</ns6:IsEnabled>
                    <ns6:NatType>ipTranslation</ns6:NatType>
                    <ns6:Policy>allowTraffic</ns6:Policy>
                    <ns6:NatRule>
                        <ns6:OneToOneVmRule>
                            <ns6:MappingMode>automatic</ns6:MappingMode>
                            <ns6:VAppScopedVmId>e55ff49a-0126-4dbc-aaa4-da1b5feb9a64</ns6:VAppScopedVmId>
                            <ns6:VmNicId>0</ns6:VmNicId>
                        </ns6:OneToOneVmRule>
                    </ns6:NatRule>
                </ns6:NatService>
                <ns6:StaticRoutingService>
                    <ns6:IsEnabled>false</ns6:IsEnabled>
                </ns6:StaticRoutingService>
            </ns6:Features>
            <ns6:SyslogServerSettings/>
        </ns6:Configuration>
        <ns6:IsDeployed>false</ns6:IsDeployed>
    </ns6:NetworkConfig>
</ns6:NetworkConfigSection>

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vCenter Orchestrator tips and tutorials - @vCOTeam on Twitter

Subnet88 · ‎06-22-2012

Thank you for correcting my stupid mistake.

Here is the working code:


var networkConfigSection = vApp.getNetworkConfigSection();
var networkConfigs = networkConfigSection.networkConfig.enumerate();
 
 
 
for each (var networkConfig in networkConfigs) {
 
    System.log("Network name is " + networkConfig.NetworkName);
    var NetworkConfig = networkConfig.Configuration;
System.log("The Current fenced mode is: "+NetworkConfig.fenceMode)
if(networkConfig.NetworkName !== "none") {
if (isFenced == true) {
NetworkConfig.fenceMode = "natRouted";
}
else {
System.log("Setting fenced mode to Bridged")
NetworkConfig.fenceMode = "bridged";
}
}
    }       
 
 
    //System.log(networkConfigSection.toXml());
     vApp.updateSection(networkConfigSection);

cdecanini_ · ‎06-22-2012

My pleasure. Mistakes are what help to learn and make wiser choices next time .

Thanks for sharing the working code.

Christophe.

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vCenter Orchestrator tips and tutorials - @vCOTeam on Twitter