4 Replies Latest reply on Jun 16, 2020 9:03 PM by DaleCoghlan

    nsx-t intent-based policy api

    Chris Mentjox Hot Shot

      Hi,

       

      Have a question about the intent-based policy api.

      When sending this "PATCH" request , nsx-t api check on syntax and some more stuff. If all is ok, you get a 200 OK

      But that does not say anything yet about the realized-state.

      Does anyone have some experience with checking the intent state vs realized state ?

      I know you can do some api calls to realized state with intent path supplied, but that is only for 1 part.

       

      i.e i sent an intent state to create, t1, segement, lb-pool, lb-vip and some security policies. How can i check if everything is created ? (without running true all individual

      realized state calls.

       

      In other words, how can i check if the intent is created. AWS uses task for it, you can check. But nsx-t api only returns "200 OK"

       

      thx!

        • 1. Re: nsx-t intent-based policy api
          RaymundoEC Hot Shot
          VMware EmployeesvExpert

          Don't get your questions that is the only answer you get from the payload on the API there is not something like terraform plan.

          • 2. Re: nsx-t intent-based policy api
            Chris Mentjox Hot Shot

            Hi,

             

            I'll give an example of what i want to create as an intent

             

            {

                    "resource_type": "Infra",

                    "children": [

                            {

                                    "Tier1": {

                                            "tier0_path": "/infra/tier-0s/poc-tier0",

                                            "failover_mode": "NON_PREEMPTIVE",

                                            "route_advertisement_types": [

                                                    "TIER1_CONNECTED",

                                                    "TIER1_LB_VIP",

                                                    "TIER1_NAT"

                                            ],

                                            "resource_type": "Tier1",

                                            "id": "T1-test",

                                            "children": [

                                                    {

                                                            "LocaleServices": {

                                                                    "edge_cluster_path":

                                                                    "/infra/sites/default/enforcement-points/default/edge-clusters/915a670f-e2e9-4dca-b0f7-6e861700a677",

                                                                    "resource_type": "LocaleServices",

                                                                    "id": "T1-LR3-SR",

                                                                    "children": []

                                                            },

                                                            "resource_type": "ChildLocaleServices"

                                                    },

                                                    {

             

             

             

             

                                                            "Segment":{

                                                                    "subnets": [

                                                                            {

                                                                                    "gateway_address": "192.168.244.1/24",

                                                                                    "network": "192.168.244.0/24"

                                                                            }

                                                                    ],

                                                                    "transport_zone_path":

                                                                    "/infra/sites/default/enforcement-points/default/transport-zones/d29c1e43-4448-4186-be49-75a4a2d44b60",

                                                                    "resource_type": "Segment",

                                                                    "id": "LS3",

                                                                    "tags": [

                                                                            {

                                                                                    "scope": "application",

                                                                                    "tag": "webservers"

                                                                            }

                                                                    ]

                                                            },

                                                            "resource_type": "ChildSegment"

                                                    }

                                            ]

             

             

                                    },

                                    "resource_type": "ChildTier1"

                            },

                            {

                        "LBService": {

                            "connectivity_path": "/infra/tier-1s/T1-test",

                            "size": "SMALL",

                            "resource_type": "LBService",

                            "id": "LB1",

                            "children": [],

                            "tags": [

                                {

                                    "scope": "application",

                                    "tag": "app1"

                                }

                            ]

                        },

                        "resource_type": "ChildLBService"

                    },

                    {

                        "LBVirtualServer": {

                            "enabled": true,

                            "ip_address": "192.168.245.10",

                            "ports": [

                                "80"

                            ],

                            "lb_service_path": "/infra/lb-services/LB1",

                            "pool_path": "/infra/lb-pools/Pool1",

                            "application_profile_path": "/infra/lb-app-profiles/default-http-lb-app-profile",

                            "resource_type": "LBVirtualServer",

                            "id": "VIP1",

                            "children": [],

                            "tags": [

                                {

                                    "scope": "application",

                                    "tag": "app1"

                                }

                            ]

                        },

                        "resource_type": "ChildLBVirtualServer"

                    },

                    {

                        "LBPool": {

                            "algorithm": "ROUND_ROBIN",

                            "members": [

                                {

                                    "display_name": "S2",

                                    "ip_address": "192.168.244.10",

                                    "port": "80",

                                    "admin_state": "ENABLED",

                                    "backup_member": false,

                                    "weight": 1

                                },

                                {

                                    "display_name": "S1",

                                    "ip_address": "192.168.244.20",

                                    "port": "80",

                                    "admin_state": "ENABLED",

                                    "backup_member": false,

                                    "weight": 1

                                }

                            ],

                            "active_monitor_paths": [

                                "/infra/lb-monitor-profiles/default-tcp-lb-monitor"

                            ],

                            "snat_translation": {

                                "type": "LBSnatDisabled"

                            },

                            "resource_type": "LBPool",

                            "id": "Pool1",

                            "children": [],

                            "tags": [

                                {

                                    "scope": "application",

                                    "tag": "app1"

                                }

                            ]

                        },

                        "resource_type": "ChildLBPool"

                    }

               ]

            }

             

             

            This gives a 200 OK. Perfect. syntax is accepted.

            Nsx translates the intent to 'normal' api calls and creates all i ask for.

            How do i verify that it is created ?

            • 3. Re: nsx-t intent-based policy api
              RaymundoEC Hot Shot
              vExpertVMware Employees

              I see, so for example when you do this API call thru Postman it gives you back what aws created besides the 200 Ok that is what you are looking for? toherwise you will need a GET to pull what was set previously. other thing could be is simulated the response so could be a mock response insteadlike Prism Mock.