VMware Cloud Community
jmedd
Enthusiast
Enthusiast
Jump to solution

Add vNIC to PortGroup Scope Security Group with REST API

I have created a Security Group with the scope of a PortGroup via the REST API. I am now trying to add a vNIC to it, also via the REST API.

To help illustrate I have a VM JMTest1 with 1 vNIC connected to the PortGroup that is the scope of the Security Group. When I edit this Security Group the first item in the list that could be added into the group is the first (and only) vNIC of JMTest1.

AddvNICToSecurityGroup.PNG

To add it via the REST API I need to supply the following:

https://192.168.x.x/api/2.0/services/securitygroup/securitygroup-xx/members/<member-moref>

i.e. I need to figure out what is the <member-moref> for the vNIC of JMTest1 and this is what I am having trouble with.

If I add the vNIC via the GUI and then query the Security Group it gives me the below response:

<securitygroup>

  <objectIdobjectId>securitygroup-xx</objectId>

  <type>

  <typeName>SecurityGroup</typeName>

  </type>

  <name>JMTest7</name>

  <description />

  <revision>9</revision>

  <objectTypeName>SecurityGroup</objectTypeName>

  <scope>

  <id>dvportgroup-xxxxx</id>

  <objectTypeName>DistributedVirtualPortgroup</objectTypeName>

  <name>dv-xxxxx</name>

  </scope>

  <extendedAttributes />

  <inheritanceAllowed>false</inheritanceAllowed>

  <member>

  <objectId>500758f6-b97b-7a79-0c04-996f53edf3f0.000</objectId>

  <type>

  <typeName>Vnic</typeName>

  </type>

  <name>JMTest1 - Network adapter 1</name>

  <revision>6</revision>

  <objectTypeName>Vnic</objectTypeName>

  <scope>

  <id>vm-xxxxx</id>

  <objectTypeName>VirtualMachine</objectTypeName>

  <name>JMTest1</name>

  </scope>

  <extendedAttributes />

  </member>

</securitygroup>

So it looks like the <member-moref> for the vNIC of JMTest1 is <objectId>500758f6-b97b-7a79-0c04-996f53edf3f0.000</objectId>

If I now run:

https://192.168.x.x/api/2.0/services/securitygroup/securitygroup-xx/members/500758f6-b97b-7a79-0c04-...

then the vNIC is successfully added to the Security Group. (yay!) So I am now left with the task of how to get

<objectId>500758f6-b97b-7a79-0c04-996f53edf3f0.000</objectId>

from a vNIC?

I've examined the object in the vCenter Mob and via PowerCLI, but can't see how to derive it.

Anyone know the answer to this?

Blog: http://jonathanmedd.net | Twitter: @jonathanmedd
Tags (3)
1 Solution

Accepted Solutions
vSx
VMware Employee
VMware Employee
Jump to solution

The vnic uuid is created by concatenating the vm instanceUuid + "." + the last three digits of the vnic device key.  (The vnic is found in the config.hardware.device field of the vm and the key will be of the form 4xxx, where xxx is the 3 digits that you need.)

View solution in original post

Reply
0 Kudos
8 Replies
vSx
VMware Employee
VMware Employee
Jump to solution

The vnic uuid is created by concatenating the vm instanceUuid + "." + the last three digits of the vnic device key.  (The vnic is found in the config.hardware.device field of the vm and the key will be of the form 4xxx, where xxx is the 3 digits that you need.)

Reply
0 Kudos
mahaines
Enthusiast
Enthusiast
Jump to solution

There is an API to get all nics for a given VM moid

https://<ip>/api/2.0/services/inventory/vm/<moid>/vnics

There is an API available in SecurityGroup to get all applicable member for a given type

https://<ip>/api/2.0/services/securitygroup/scope/globalroot-0/members/Vnic

Hope this helps.

-- Nice day Michael A. Haines | Sr. vCloud Architect (Security) | VMware, Inc. | P: +44(0)1276-414-302 | M: +44(0)7872-503-484 | Email: mah@vmware.com
jmedd
Enthusiast
Enthusiast
Jump to solution

@vSx - thank you, that's just what I needed!

@mahaines - thank you also for the additional info. Had a couple of issues with those URLs though (vShield version 5.5.0a):

https://<ip>/api/2.0/services/inventory/vm/<moid>/vnics


returns a 404 Not Found, e.g.


https://192.168.x.x/api/2.0/services/inventory/vm/vm-15669/vnics


same with https://192.168.x.x/api/2.0/services/inventory/vm/


and also the same with the second URL

https://192.168.x.x//api/2.0/services/securitygroup/scope/globalroot-0/members/Vnic

I did have some success though with:

https://192.168.x.x/api/2.0/services/securitygroup/scope/datacenter-xx/members/

https://192.168.x.x/api/2.0/services/securitygroup/scope/portgroup-xxxxx/members/

i.e. a datacenter or portgroup scope and no Vnic on the end returns multiple results. From there I was able identify the vnic I was looking for and the objectId.


However, was not able to progress that URL down further to just vnics as I'm guessing that's where the addition of the /Vnic was heading?

Blog: http://jonathanmedd.net | Twitter: @jonathanmedd
mahaines
Enthusiast
Enthusiast
Jump to solution

Ah! My bad - I just assumed (incorrectly) this was NSX for vSphere! Just for completeness here is why is returned :

$ https://<nsxmgr-ip>/api/2.0/services/securitygroup/scope/globalroot-0/members/Vnic | python -m json.tool

Returns  (Example):

{

        "clientHandle": "",

        "extendedAttributes": [],

        "name": "esxvm-99-setup3-<IP> - Network adapter 1",

        "objectId": "503497ec-1d9c-501e-8b06-3bdb54d57bcd.000",

        "objectTypeName": "Vnic",

        "revision": 2,

        "scope": {

            "id": "vm-7258",

            "name": "esxvm-99-setup3-<IP>",

            "objectTypeName": "VirtualMachine"

        },

        "type": {

            "name": "Vnic"

        },

        "vsmUuid": "423440C0-11EB-8C30-05A3-4092EEBC968A"

    },

    {

        "clientHandle": "",

        "extendedAttributes": [],

        "name": "esxvm-39-setup2-<IP> - Network adapter 1",

        "objectId": "503460dc-619f-c87c-d2b3-e734652f265f.000",

        "objectTypeName": "Vnic",

        "revision": 2,

        "scope": {

            "id": "vm-7459",

            "name": "esxvm-39-setup2-<IP>",

            "objectTypeName": "VirtualMachine"

        },

        "type": {

            "name": "Vnic"

        },

        "vsmUuid": "423440C0-11EB-8C30-05A3-4092EEBC968A"

    },

    {

        "clientHandle": "",

        "extendedAttributes": [],

        "name": "esxvm-103-setup3-<IP> - Network adapter 2",

        "objectId": "50347b63-17ec-8298-29b4-6198fc802133.001",

        "objectTypeName": "Vnic",

        "revision": 3,

        "scope": {

            "id": "vm-7262",

            "name": "esxvm-103-setup3-<IP>",

            "objectTypeName": "VirtualMachine"

        },

        "type": {

            "name": "Vnic"

        },

        "vsmUuid": "423440C0-11EB-8C30-05A3-4092EEBC968A"

    },

    {

        "clientHandle": "",

        "extendedAttributes": [],

        "name": "esxvm-184-setup3-<IP> - Network adapter 3",

        "objectId": "5034bbaa-207f-6a9d-6dbc-19bc65f3a334.002",

        "objectTypeName": "Vnic",

        "revision": 3,

        "scope": {

            "id": "vm-7343",

            "name": "esxvm-184-setup3-<IP>",

            "objectTypeName": "VirtualMachine"

        },

        "type": {

            "name": "Vnic"

        },

        "vsmUuid": "423440C0-11EB-8C30-05A3-4092EEBC968A"

    }

-- Nice day Michael A. Haines | Sr. vCloud Architect (Security) | VMware, Inc. | P: +44(0)1276-414-302 | M: +44(0)7872-503-484 | Email: mah@vmware.com
mahaines
Enthusiast
Enthusiast
Jump to solution

And https://<ip>/api/2.0/services/inventory/vm/<moid>/vnics returns :

https://<nsxmgr-ip>/api/2.0/services/inventory/vm/vm-7262/vnics | python -m json.tool

{

    "basicDomainObjects": [

        {

            "clientHandle": "",

            "extendedAttributes": [],

            "name": "esxvm-103-setup3-<IP> - Network adapter 1",

            "objectId": "50347b63-17ec-8298-29b4-6198fc802133.000",

            "objectTypeName": "Vnic",

            "revision": 2,

            "scope": {

                "id": "vm-7262",

                "name": "esxvm-103-setup3-<IP>",

                "objectTypeName": "VirtualMachine"

            },

            "type": {

                "name": "Vnic"

            },

            "vsmUuid": "423440C0-11EB-8C30-05A3-4092EEBC968A"

        },

        {

            "clientHandle": "",

            "extendedAttributes": [],

            "name": "esxvm-103-setup3-<IP> - Network adapter 2",

            "objectId": "50347b63-17ec-8298-29b4-6198fc802133.001",

            "objectTypeName": "Vnic",

            "revision": 3,

            "scope": {

                "id": "vm-7262",

                "name": "esxvm-103-setup3-<IP>",

                "objectTypeName": "VirtualMachine"

            },

            "type": {

                "name": "Vnic"

            },

            "vsmUuid": "423440C0-11EB-8C30-05A3-4092EEBC968A"

        },

        {

            "clientHandle": "",

            "extendedAttributes": [],

            "name": "esxvm-103-setup3-<IP> - Network adapter 3",

            "objectId": "50347b63-17ec-8298-29b4-6198fc802133.002",

            "objectTypeName": "Vnic",

            "revision": 3,

            "scope": {

                "id": "vm-7262",

                "name": "esxvm-103-setup3-<IP>",

                "objectTypeName": "VirtualMachine"

            },

            "type": {

                "name": "Vnic"

            },

            "vsmUuid": "423440C0-11EB-8C30-05A3-4092EEBC968A"

        },

        {

            "clientHandle": "",

            "extendedAttributes": [],

            "name": "esxvm-103-setup3-<IP> - Network adapter 4",

            "objectId": "50347b63-17ec-8298-29b4-6198fc802133.003",

            "objectTypeName": "Vnic",

            "revision": 3,

            "scope": {

                "id": "vm-7262",

                "name": "esxvm-103-setup3-<IP>",

                "objectTypeName": "VirtualMachine"

            },

            "type": {

                "name": "Vnic"

            },

            "vsmUuid": "423440C0-11EB-8C30-05A3-4092EEBC968A"

        },

        {

            "clientHandle": "",

            "extendedAttributes": [],

            "name": "esxvm-103-setup3-<IP> - Network adapter 5",

            "objectId": "50347b63-17ec-8298-29b4-6198fc802133.004",

            "objectTypeName": "Vnic",

            "revision": 3,

            "scope": {

                "id": "vm-7262",

                "name": "esxvm-103-setup3-<IP>",

                "objectTypeName": "VirtualMachine"

            },

            "type": {

                "name": "Vnic"

            },

            "vsmUuid": "423440C0-11EB-8C30-05A3-4092EEBC968A"

        }

    ]

}

-- Nice day Michael A. Haines | Sr. vCloud Architect (Security) | VMware, Inc. | P: +44(0)1276-414-302 | M: +44(0)7872-503-484 | Email: mah@vmware.com
mahaines
Enthusiast
Enthusiast
Jump to solution

The APIs which I mentioned previously are not available on the vCloud Networking and Security v5.5.0 build (sorry).

There is another API that returns all applicable member(s) for a securitygroup :

https://<ip>/api/2.0/services/securitygroup/scope/globalroot-0/members

Also, you asked about the <objectId>500758f6-b97b-7a79-0c04-996f53edf3f0.000</objectId> and how it is derived.


If a vm has an instance UUId: 50104df1-6db3-c80c-d1c5-c7e2d98d1362 (https://<vc>/mob/?moid=vm-9436&doPath=summary.config) and if there are 3 nics associated with it then the nic ids will be 50104df1-6db3-c80c-d1c5-c7e2d98d1362.000 - 50104df1-6db3-c80c-d1c5-c7e2d98d1362.001 and 50104df1-6db3-c80c-d1c5-c7e2d98d1362.002


Hope this helps.


-Michael

-- Nice day Michael A. Haines | Sr. vCloud Architect (Security) | VMware, Inc. | P: +44(0)1276-414-302 | M: +44(0)7872-503-484 | Email: mah@vmware.com
jmedd
Enthusiast
Enthusiast
Jump to solution

Thanks for the extra info 🙂

Blog: http://jonathanmedd.net | Twitter: @jonathanmedd
Reply
0 Kudos
munishpalmakhij
Contributor
Contributor
Jump to solution

I know this is really old post however it helped me a lot to find out the vnic uuid. I was completely lost until I found this thread. Thanks very much Smiley Happy

Reply
0 Kudos