7 Replies Latest reply on Sep 9, 2020 12:57 AM by Chris Mentjox

    domain in nsx-t 3.0

    rajkumar49 Novice

      hi,

      whether the Domains concept is deprecated in NSX-T 3.0?

       

      for example, look at the below REST API :

      GET https://10.204.x.x/policy/api/v1/infra/domains/default/groups

       

      whether the default domain is the only domain in the nsx-t 3.0 ?

        • 1. Re: domain in nsx-t 3.0
          Chris Mentjox Hot Shot

          You can have domains. But you do not see them in the gui.

           

          i.e i have a k8s domain:

           

           

          {

           

                      "resource_type": "Domain",

                      "id": "k8scluster",

                      "display_name": "k8scluster",

                      "tags": [

                          {

                              "scope": "ncp/cluster_domain",

                              "tag": "true"

                          },

                          {

                              "scope": "ncp/cluster",

                              "tag": "k8scluster"

                          }

                      ],

                      "path": "/infra/domains/k8scluster",

                      "relative_path": "k8scluster",

                      "parent_path": "/infra",

                      "unique_id": "dbe72602-1081-4ca3-a882-1517ecc58299",

                      "marked_for_delete": false,

                      "overridden": false,

                      "_create_user": "admin",

                      "_create_time": 1596721212148,

                      "_last_modified_user": "admin",

                      "_last_modified_time": 1598516965091,

                      "_system_owned": false,

                      "_protection": "NOT_PROTECTED",

                      "_revision": 8

                  }

           

          And inside that o have groups

          /infra/domains/k8scluster/groups/10.4.192.0_24

           

          {

           

              "expression": [

                  {

                      "ip_addresses": [

                          "10.4.192.0/24"

                      ],

                      "resource_type": "IPAddressExpression",

                      "id": "cf9ee9ad-e9a1-435a-8e7f-ad36ff881ed0",

                      "path": "/infra/domains/k8scluster/groups/10.4.192.0_24/ip-address-expressions/cf9ee9ad-e9a1-435a-8e7f-ad36ff881ed0",

                      "relative_path": "cf9ee9ad-e9a1-435a-8e7f-ad36ff881ed0",

                      "parent_path": "/infra/domains/k8scluster/groups/10.4.192.0_24",

                      "marked_for_delete": false,

                      "overridden": false,

                      "_protection": "NOT_PROTECTED"

                  }

              ],

              "extended_expression": [],

              "reference": false,

              "resource_type": "Group",

              "id": "10.4.192.0_24",

              "display_name": "10.4.192.0_24",

              "path": "/infra/domains/k8scluster/groups/10.4.192.0_24",

              "relative_path": "10.4.192.0_24",

              "parent_path": "/infra/domains/k8scluster",

              "unique_id": "1ccd5747-2a97-42f8-bf88-574d674a1984",

              "marked_for_delete": false,

              "overridden": false,

              "_create_user": "admin",

              "_create_time": 1598294616147,

              "_last_modified_user": "admin",

              "_last_modified_time": 1598294616148,

              "_system_owned": false,

              "_protection": "NOT_PROTECTED",

              "_revision": 0

          }

           

          I have a case open at support regarding not able to see the domains in the gui. I do not have an answer on that (yet)

           

          See the api for more info (chapter 3.5.3.4

          NSX-T Data Center REST API - VMware API Explorer - VMware {code}

          • 2. Re: domain in nsx-t 3.0
            Lalegre Expert

            Hey,

             

            As he mention some of the domains will not be visible from the GUI and are created for interacting between platforms. For example if you have a NSX-T Federation topology with more that one region you will see 3 domains (Global, Region A and Region B)

            • 3. Re: domain in nsx-t 3.0
              rajkumar49 Novice

              hi

              Do you know any API to get security groups from all the domains ?

               

              for example, the below API will get security groups from only the default domain :

               

              GET https://10.204.x.x/policy/api/v1/infra/domains/default/groups

              • 4. Re: domain in nsx-t 3.0
                Lalegre Expert

                Hey,

                 

                Unfortunately there is no API call for searching multiple groups cross domain. For doing that you will need to do separate calls to each domain.

                 

                I just tested myself even in 3.0.1.1 and is the same.

                • 5. Re: domain in nsx-t 3.0
                  rajkumar49 Novice

                  hi ,

                  in NSX-T 3.0 GUI , there is no option to create domain .

                  also no option to create security groups for other domains. whether Vmware will deprecate the domains feature?

                   

                  whether the below API gives all the security groups from all domains ?

                  GET /api/v1/ns-groups

                   

                  • 6. Re: domain in nsx-t 3.0
                    Lalegre Expert

                    Hey,

                     

                    So basically you are getting confused between NSX-T modes. NS-Groups and Groups are basically the same but the difference in which mode they have been created.

                     

                    The default visibility that you have when you install NSX-T is the Policy Mode and you can toggle it to Manager Mode if you change that parameters in the User Interface Settings on the System tab.

                     

                    So when you run the call GET /api/v1/ns-groups you are reading from the groups created in Manager Mode but when you run GET /policy/api/v1/infra/domains/domain-id/groups you are reading from the groups created in Policy Mode that is why on the call it starts with "policy".

                     

                    Remember this not only for these calls but always you see the policy.

                    • 7. Re: domain in nsx-t 3.0
                      Chris Mentjox Hot Shot

                      Hi.

                       

                      The reply i got from vmware:

                       

                      On an earlier version of NSX-T the concept and function of Domains was introduced and was present on the UI.

                      However a product decision was made to explicitly remove this from the UI from 2.4.1 onwards . The plan being to perform an internal assessment of the role of Domains and to ensure they would be future proofed from a product roadmap perspective, Federation etc. A decision was made to leave the Domain API as fully functional.

                       

                      So not available in gui. But it is available in API