Has anybody been able to change an existing vApp to "fenced" from within VCO? if so, What api property are you modifying? I have not been able to find it.
You need to change the property of the network config. Like this:
var networkConfigSection = vApp.getNetworkConfigSection();
var networkConfigs = networkConfigSection.networkConfig.enumerate();
for each (var networkConfig in networkConfigs) {
System.log("vApp Fenced mod is network " + networkConfig.NetworkName);
var NetworkConfig = networkConfig.Configuration;
System.log(NetworkConfig.fenceMode)
if (NetworkConfig.fenceMode == "bridged") NetworkConfig.fenceMode = "natRouted";
}
System.log(networkConfigSection.toXml());
vApp.updateSection(networkConfigSection);
Not sure if it accept the change as I cannot change my target environment but it updates the networkConfigSection:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns6:NetworkConfigSection xmlns="http://www.vmware.com/vcloud/versions" xmlns:ns2="http://schemas.dmtf.org/ovf/envelope/1" xmlns:ns3="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_ResourceAllocationSettingData" xmlns:ns4="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_VirtualSystemSettingData" xmlns:ns5="http://schemas.dmtf.org/wbem/wscim/1/common" xmlns:ns6="http://www.vmware.com/vcloud/v1.5" xmlns:ns7="http://schemas.dmtf.org/ovf/environment/1" xmlns:ns8="http://www.vmware.com/vcloud/extension/v1.5" type="application/vnd.vmware.vcloud.networkConfigSection+xml" href="https://cloud.xxx.com/api/vApp/vapp-8ccccd29-0612-48f6-9c3b-da9ca432744d/networkConfigSection/" ns2:required="false">
<ns2:Info>The configuration parameters for logical networks</ns2:Info>
<ns6:Link rel="edit" type="application/vnd.vmware.vcloud.networkConfigSection+xml" href="https://cloud.xxx.com/api/vApp/vapp-8ccccd29-0612-48f6-9c3b-da9ca432744d/networkConfigSection/"/>
<ns6:NetworkConfig networkName="Internal-Network-F5-Workloads">
<ns6:Link rel="repair" href="https://cloud.xxx.com/api/admin/network/df555055-2e71-49d0-b85d-44305dcb3c20/action/reset"/>
<ns6:Description></ns6:Description>
<ns6:Configuration>
<ns6:IpScope>
<ns6:IsInherited>true</ns6:IsInherited>
<ns6:Gateway>192.168.150.10</ns6:Gateway>
<ns6:Netmask>255.255.255.0</ns6:Netmask>
<ns6:Dns1>8.8.8.8</ns6:Dns1>
<ns6:IpRanges>
<ns6:IpRange>
<ns6:StartAddress>192.168.150.100</ns6:StartAddress>
<ns6:EndAddress>192.168.150.199</ns6:EndAddress>
</ns6:IpRange>
</ns6:IpRanges>
</ns6:IpScope>
<ns6:ParentNetwork type="application/vnd.vmware.vcloud.network+xml" name="Internal-Network-F5-Workloads" href="https://cloud.tsugliani.fr/api/network/de577468-9f04-4127-92b8-2f8db7d35b8c"/>
<ns6:FenceMode>natRouted</ns6:FenceMode>
<ns6:RetainNetInfoAcrossDeployments>false</ns6:RetainNetInfoAcrossDeployments>
<ns6:Features>
<ns6:DhcpService>
<ns6:IsEnabled>false</ns6:IsEnabled>
<ns6:DefaultLeaseTime>3600</ns6:DefaultLeaseTime>
<ns6:MaxLeaseTime>7200</ns6:MaxLeaseTime>
<ns6:IpRange>
<ns6:StartAddress>192.168.150.11</ns6:StartAddress>
<ns6:EndAddress>192.168.150.99</ns6:EndAddress>
</ns6:IpRange>
</ns6:DhcpService>
<ns6:FirewallService>
<ns6:IsEnabled>true</ns6:IsEnabled>
<ns6:DefaultAction>drop</ns6:DefaultAction>
<ns6:LogDefaultAction>false</ns6:LogDefaultAction>
<ns6:FirewallRule>
<ns6:IsEnabled>true</ns6:IsEnabled>
<ns6:Description>Allow all outgoing traffic</ns6:Description>
<ns6:Policy>allow</ns6:Policy>
<ns6:Protocols>
<ns6:Any>true</ns6:Any>
</ns6:Protocols>
<ns6:Port>-1</ns6:Port>
<ns6:DestinationIp>Any</ns6:DestinationIp>
<ns6:SourcePort>-1</ns6:SourcePort>
<ns6:SourceIp>Any</ns6:SourceIp>
<ns6:Direction>out</ns6:Direction>
<ns6:EnableLogging>false</ns6:EnableLogging>
</ns6:FirewallRule>
</ns6:FirewallService>
<ns6:NatService>
<ns6:IsEnabled>true</ns6:IsEnabled>
<ns6:NatType>ipTranslation</ns6:NatType>
<ns6:Policy>allowTraffic</ns6:Policy>
<ns6:NatRule>
<ns6:OneToOneVmRule>
<ns6:MappingMode>automatic</ns6:MappingMode>
<ns6:VAppScopedVmId>e55ff49a-0126-4dbc-aaa4-da1b5feb9a64</ns6:VAppScopedVmId>
<ns6:VmNicId>0</ns6:VmNicId>
</ns6:OneToOneVmRule>
</ns6:NatRule>
</ns6:NatService>
<ns6:StaticRoutingService>
<ns6:IsEnabled>false</ns6:IsEnabled>
</ns6:StaticRoutingService>
</ns6:Features>
<ns6:SyslogServerSettings/>
</ns6:Configuration>
<ns6:IsDeployed>false</ns6:IsDeployed>
</ns6:NetworkConfig>
</ns6:NetworkConfigSection>
Looking at the createVAppNetworkConfiguration action code may help you to find out.
Christophe.
That appears to have settings that create a fenced vapp during instantiation. Will it modify an existing vApp to be fenced in a similar way to clicking the "fence vApp" checkbox in the vApp networking properties of vCloud Director?
If so, Can you point me to documentation on what settings I would neet to provide?
I want to mimick the functionality within the GUI, where the IP settings of a vm are retained, but the vm is fenced.
Looking at this action and the one it calls it seems the fence mode is determined by networkConfiguration.fenceMode.
I would start by getting a vApp networkConfiguration, set a new fence mode and update the vApp networkConfiguration.
You can lookup in the API search and in the vCloud API guide.
Christophe.
I cant seem to make this do what I want to an already existing vApp. Perhaps this is a question best for the API team?
Since I did not have time to try it here is my methodology.
Do a vApp.toXml();
Do the wanted change in vCD UI
Do a vApp.toXml();
Make a diff between the 2 vApp.toXml(); and note the sections that have been changed.
Update the same sections from the workflow using the dedicated methods.
What happens ? no change or an error message when you try to update ?
Christophe.
There are no differences in the toXml() of a fenced and non-fenced vApp
Really ? We need agent Scully & Mulder then
I wish I had time to look at this but unfortunately I am running out of time and I still have a lot to wrap up before EOD.
Christophe.
After running updateInternalState(); 5 times, I am seeing some changes They are below
The Fenced mode property in <NetworkConfigSection> changed from "bridged" to "natRouted", and the dv Portgroup moref changed on the network reference.
A new section called RouterInfo was placed beneath the Syslog settings
Hard coding the moRef's and Router External IPs via a workflow is not an option, as they will be unique per vApp.
Do you know if these are generated when the NetworkConfigSection is changed to "natRouted" ?
If so, What would I do to change that section?
OoOps sorry forgot to mention UpdateInternalState() to refresh.
To change this section try to expand on this code I extracted:
var networkConfigSection = vApp.getNetworkConfigSection();
var networkConfigs = networkConfigSection.networkConfig.enumerate();
for each (var networkConfig in networkConfigs) {
System.log("vApp has network " + networkConfig.networkName);
if (networkConfig.networkName == networkName) {
//Do the change of properties here.}
}
//System.log(networkConfigSection.toXml());
return vApp.updateSection(networkConfigSection);
Christophe.
so I found the property "fencedMode" but am unable to update it. isFenced is a boolean input value.
You need to change the property of the network config. Like this:
var networkConfigSection = vApp.getNetworkConfigSection();
var networkConfigs = networkConfigSection.networkConfig.enumerate();
for each (var networkConfig in networkConfigs) {
System.log("vApp Fenced mod is network " + networkConfig.NetworkName);
var NetworkConfig = networkConfig.Configuration;
System.log(NetworkConfig.fenceMode)
if (NetworkConfig.fenceMode == "bridged") NetworkConfig.fenceMode = "natRouted";
}
System.log(networkConfigSection.toXml());
vApp.updateSection(networkConfigSection);
Not sure if it accept the change as I cannot change my target environment but it updates the networkConfigSection:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns6:NetworkConfigSection xmlns="http://www.vmware.com/vcloud/versions" xmlns:ns2="http://schemas.dmtf.org/ovf/envelope/1" xmlns:ns3="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_ResourceAllocationSettingData" xmlns:ns4="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_VirtualSystemSettingData" xmlns:ns5="http://schemas.dmtf.org/wbem/wscim/1/common" xmlns:ns6="http://www.vmware.com/vcloud/v1.5" xmlns:ns7="http://schemas.dmtf.org/ovf/environment/1" xmlns:ns8="http://www.vmware.com/vcloud/extension/v1.5" type="application/vnd.vmware.vcloud.networkConfigSection+xml" href="https://cloud.xxx.com/api/vApp/vapp-8ccccd29-0612-48f6-9c3b-da9ca432744d/networkConfigSection/" ns2:required="false">
<ns2:Info>The configuration parameters for logical networks</ns2:Info>
<ns6:Link rel="edit" type="application/vnd.vmware.vcloud.networkConfigSection+xml" href="https://cloud.xxx.com/api/vApp/vapp-8ccccd29-0612-48f6-9c3b-da9ca432744d/networkConfigSection/"/>
<ns6:NetworkConfig networkName="Internal-Network-F5-Workloads">
<ns6:Link rel="repair" href="https://cloud.xxx.com/api/admin/network/df555055-2e71-49d0-b85d-44305dcb3c20/action/reset"/>
<ns6:Description></ns6:Description>
<ns6:Configuration>
<ns6:IpScope>
<ns6:IsInherited>true</ns6:IsInherited>
<ns6:Gateway>192.168.150.10</ns6:Gateway>
<ns6:Netmask>255.255.255.0</ns6:Netmask>
<ns6:Dns1>8.8.8.8</ns6:Dns1>
<ns6:IpRanges>
<ns6:IpRange>
<ns6:StartAddress>192.168.150.100</ns6:StartAddress>
<ns6:EndAddress>192.168.150.199</ns6:EndAddress>
</ns6:IpRange>
</ns6:IpRanges>
</ns6:IpScope>
<ns6:ParentNetwork type="application/vnd.vmware.vcloud.network+xml" name="Internal-Network-F5-Workloads" href="https://cloud.tsugliani.fr/api/network/de577468-9f04-4127-92b8-2f8db7d35b8c"/>
<ns6:FenceMode>natRouted</ns6:FenceMode>
<ns6:RetainNetInfoAcrossDeployments>false</ns6:RetainNetInfoAcrossDeployments>
<ns6:Features>
<ns6:DhcpService>
<ns6:IsEnabled>false</ns6:IsEnabled>
<ns6:DefaultLeaseTime>3600</ns6:DefaultLeaseTime>
<ns6:MaxLeaseTime>7200</ns6:MaxLeaseTime>
<ns6:IpRange>
<ns6:StartAddress>192.168.150.11</ns6:StartAddress>
<ns6:EndAddress>192.168.150.99</ns6:EndAddress>
</ns6:IpRange>
</ns6:DhcpService>
<ns6:FirewallService>
<ns6:IsEnabled>true</ns6:IsEnabled>
<ns6:DefaultAction>drop</ns6:DefaultAction>
<ns6:LogDefaultAction>false</ns6:LogDefaultAction>
<ns6:FirewallRule>
<ns6:IsEnabled>true</ns6:IsEnabled>
<ns6:Description>Allow all outgoing traffic</ns6:Description>
<ns6:Policy>allow</ns6:Policy>
<ns6:Protocols>
<ns6:Any>true</ns6:Any>
</ns6:Protocols>
<ns6:Port>-1</ns6:Port>
<ns6:DestinationIp>Any</ns6:DestinationIp>
<ns6:SourcePort>-1</ns6:SourcePort>
<ns6:SourceIp>Any</ns6:SourceIp>
<ns6:Direction>out</ns6:Direction>
<ns6:EnableLogging>false</ns6:EnableLogging>
</ns6:FirewallRule>
</ns6:FirewallService>
<ns6:NatService>
<ns6:IsEnabled>true</ns6:IsEnabled>
<ns6:NatType>ipTranslation</ns6:NatType>
<ns6:Policy>allowTraffic</ns6:Policy>
<ns6:NatRule>
<ns6:OneToOneVmRule>
<ns6:MappingMode>automatic</ns6:MappingMode>
<ns6:VAppScopedVmId>e55ff49a-0126-4dbc-aaa4-da1b5feb9a64</ns6:VAppScopedVmId>
<ns6:VmNicId>0</ns6:VmNicId>
</ns6:OneToOneVmRule>
</ns6:NatRule>
</ns6:NatService>
<ns6:StaticRoutingService>
<ns6:IsEnabled>false</ns6:IsEnabled>
</ns6:StaticRoutingService>
</ns6:Features>
<ns6:SyslogServerSettings/>
</ns6:Configuration>
<ns6:IsDeployed>false</ns6:IsDeployed>
</ns6:NetworkConfig>
</ns6:NetworkConfigSection>
Thank you for correcting my stupid mistake.
Here is the working code:
var networkConfigSection = vApp.getNetworkConfigSection();var networkConfigs = networkConfigSection.networkConfig.enumerate();for each (var networkConfig in networkConfigs) {System.log("Network name is " + networkConfig.NetworkName);var NetworkConfig = networkConfig.Configuration;System.log("The Current fenced mode is: "+NetworkConfig.fenceMode)if(networkConfig.NetworkName !== "none") {if (isFenced == true) {NetworkConfig.fenceMode = "natRouted";}else {System.log("Setting fenced mode to Bridged")NetworkConfig.fenceMode = "bridged";}}}//System.log(networkConfigSection.toXml());vApp.updateSection(networkConfigSection);
My pleasure. Mistakes are what help to learn and make wiser choices next time .
Thanks for sharing the working code.
Christophe.