VMware Cloud Community
UofS
Enthusiast
Enthusiast
Jump to solution

NSX-T Power CIi Adding IPset to NSgroups

I am trying to update a nsgroup to be a list of IP sets using the NSX-T api/powershell.  Here is what I have:

    $nsgroupsvc = Get-NsxtService -Name com.vmware.nsx.ns_groups

    $nsgroups = $nsgroupsvc.list()

    $nsgroup = $nsgroups.results | Where-Object {$_.display_name -eq $groupname}

    $nsgroupspec = $nsgroupsvc.Help.create.ns_group.Create()

    $ipSetId = "000acca4-2c15-447c-9218-dc39d5d7249c"

    $nsgroupmemberspec = $nsgroupsvc.Help.create.ns_group.members.Element.Create()

    $nsgroupmemberspec.target_property = "id"

    $nsgroupmemberspec.op = "EQUALS"

    $nsgroupmemberspec.value = $ipSetId

    $nsgroupmemberspec.target_type = "IPSET"

    $nsgroupspec.members.Add($nsgroupmemberspec)

    $nsgroupsvc.update($nsgroup.id, $nsgroupspec)

but the error I get when updating it is:

"System.Management.Automation.CmdletInvocationException: The scope number '2' exceeds the number of active scopes.

Parameter name: scopeID

Actual value was 2. ---> System.Management.Automation.PSArgumentOutOfRangeException: The scope number '2' exceeds the number of active scopes.

Parameter name: scopeID

Actual value was 2.

   at System.Management.Automation.SessionStateInternal.GetScopeByID(Int32 scopeID)

   at System.Management.Automation.SessionStateInternal.GetScopeByID(String scopeID)

   at System.Management.Automation.SessionStateInternal.GetVariableTableAtScope(String scopeID)

   at Microsoft.PowerShell.Commands.VariableCommandBase.GetMatchingVariables(String name, String lookupScope, Boolean& wasFiltered, Boolean quiet)

   at Microsoft.PowerShell.Commands.GetVariableCommand.ProcessRecord()

   at System.Management.Automation.Cmdlet.DoProcessRecord()

   at System.Management.Automation.CommandProcessor.ProcessRecord()

   --- End of inner exception stack trace ---

   at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)

   at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke)

   at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)

   at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)

   at System.Management.Automation.PowerShell.CoreInvoke[TOutput](IEnumerable input, PSDataCollection`1 output, PSInvocationSettings settings)

   at System.Management.Automation.PowerShell.Invoke[T](IEnumerable input, IList`1 output, PSInvocationSettings settings)

   at System.Management.Automation.PowerShell.InvokeWithDebugger(IEnumerable`1 input, IList`1 output, PSInvocationSettings settings, Boolean invokeMustRun)

   at System.Management.Automation.ScriptDebugger.ProcessCommand(PSCommand command, PSDataCollection`1 output)

   at Microsoft.PowerShell.EditorServices.Session.PowerShell4Operations.ExecuteCommandInDebugger[TResult](PowerShellContext powerShellContext, Runspace currentRunspace, PSCommand psCommand, Boolean sendOutputToHost, Nullable`1& debuggerResumeAction)

   at Microsoft.PowerShell.EditorServices.PowerShellContext.ExecuteCommandInDebugger[TResult](PSCommand psCommand, Boolean sendOutputToHost)

   at Microsoft.PowerShell.EditorServices.PowerShellContext.<ExecuteCommand>d__48`1.MoveNext()"

which means nothing to me.

I am working off an example from RvdNieuwendijk

Ideas anyone?

Reply
0 Kudos
1 Solution

Accepted Solutions
UofS
Enthusiast
Enthusiast
Jump to solution

solved my problem.

Seems the revision variable is required when updating nsx-t objects.  Once this was copied from the original I was able to update the item.

-----------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.

View solution in original post

Reply
0 Kudos
6 Replies
LucD
Leadership
Leadership
Jump to solution

Which example?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
UofS
Enthusiast
Enthusiast
Jump to solution

Was kind of working off all of them.  He doesn't have any "update" examples except for the last one so I used that as a basis to attempt an update of a nsgroup record.

Dion

Reply
0 Kudos
UofS
Enthusiast
Enthusiast
Jump to solution

Reply
0 Kudos
Zsoldier
Expert
Expert
Jump to solution

What version of NSX-T and versions of PowerCLI/Shell are you using?

Chris Nakagaki (中垣浩一)
Blog: https://tech.zsoldier.com
Twitter: @zsoldier
Reply
0 Kudos
UofS
Enthusiast
Enthusiast
Jump to solution

PowerCLI 11.4

NSX Version 2.4.2.0.0.14269501

My user case is basically to Add an specific list of IPsets to a nsgroup.

Can someone clarify how this would be done in a simple case?  Adding IPsets by name or GUID?

The article examples at https://www.vmbaggum.nl/2019/03/automate-nsx-t-with-powercli/  only cover creation and deletion for the most part and I havent been able to get any success translating this to IPsets as members.  The example given only covers it using tags.

So in this case:

4

5

6

7

8

9

10

11

12

13

#Variables

$nsgroupname = "NS-Test"

$nstagname = "ST-Test"

#Create NSGroup

$nsgroupsvc = Get-NsxtService -Name com.vmware.nsx.ns_groups

$nsgroupspec = $nsgroupsvc.Help.create.ns_group.Create()

$nsgroupmemberspec = $nsgroupsvc.Help.create.ns_group.membership_criteria.Element.NS_group_tag_expression.create()

$nsgroupspec.display_name = $nsgroupname

$nsgroupmemberspec.tag_op = "EQUALS"

$nsgroupmemberspec.tag = $nstagname

$nsgroupmemberspec.target_type = "VirtualMachine"

$nsgroupspec.membership_criteria.Add($nsgroupmemberspec)

$nsgroupsvc.create($nsgroupspec)

How would I add IPset members specifically instead of by tag?

Or Are tags the preffered method to adding IPsets to nsgroups?

Dion

Reply
0 Kudos
UofS
Enthusiast
Enthusiast
Jump to solution

solved my problem.

Seems the revision variable is required when updating nsx-t objects.  Once this was copied from the original I was able to update the item.

-----------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.

Reply
0 Kudos