この記事では、NSXEdgeでAPIを使用する方法を説明します。VMwareのこのソリューションは、仮想データセンターのルーティング、ファイアウォール、NAT、DHCP、VPNなどの機能を実行します。API機能により、コマンドラインを使用するよりも簡単かつ直感的にEdgeにリクエストを送信できます。
ここで説明する方法は、vCloudDirectorを介してEdgeにアクセスする際の問題のいくつかも解決します。APIを介して作業する場合、NSXまたはvCloud Directorを介してEdgeを直接操作し、APIを使用してvCloudDirectorデータベースにアクセスする機会があります。両方のオプションを紹介します。
APIを使用すると便利な場合の最も興味深いシナリオは次のとおりです。
Edgeを別のNSXマネージャーに移行します。
Edgeまたはその設定の一部を復元しています。たとえば、あるデータセンターから別のデータセンターに移行した後、ファイアウォール、VPN、ロードバランサーなどの設定も転送します。
バックアップ設定。たとえば、Edge構成をXML形式で保存し、必要に応じて元に戻す場合です。
説明では、NSX-V6.4.6とvCloudDirector 10.2を使用していますが、この記事は他のソフトウェアバージョンにも関連しています。すべての実験で、ここからAPIドキュメントを使用しました。
APIを操作するためのツールの準備
API . Postman: API . VMware API, .
:
GET – , .
POST – .
PUT – , .
DELETE – .
, Postman NSX-, Edge.
Postman . Basic Auth, .
. Content-Type: application/xml
Edge GET https://nsx-fqdn/api/4.0/edges ( nsx-fqdn – IP- FQDN NSX-).
200 , , : , .
Edge . , .
Edge
, API.
NSX- nsx-fqdn-1, NSX-manager nsx-fqdn-2. , - edge-8 , .
Edge NSX. , FQDN NSX-.
GET https://nsx-fqdn-2/api/4.0/edges/edge-8
. , .
.
<?xml version="1.0" encoding="UTF-8"?> <edge> <id>edge-8</id> <version>8</version> <description></description> <status>deployed</status> <tenant>88ed64d3-516d-4932-a262-9987e9779f1e</tenant> <name>vse-test-delete-edge (877a6842-8a67-4dad-87cf-81e155c45763)</name> <fqdn>vse-f8b2ccec-ef9b-464f-8bab-eb67e27f15c3</fqdn> <enableAesni>true</enableAesni> <enableFips>false</enableFips> <vseLogLevel>info</vseLogLevel> <vnics> <vnic> <label>vNic_0</label> <name>vnic0</name> <addressGroups> <addressGroup> <primaryAddress>esxternal-ip</primaryAddress> <secondaryAddresses> <ipAddress>esxternal-ip</ipAddress> </secondaryAddresses> <subnetMask>255.255.255.192</subnetMask> <subnetPrefixLength>26</subnetPrefixLength> </addressGroup> </addressGroups> <mtu>1500</mtu> <type>uplink</type> <isConnected>true</isConnected> <index>0</index> <portgroupId>dvportgroup-731</portgroupId> <portgroupName>internet</portgroupName> <enableProxyArp>false</enableProxyArp> <enableSendRedirects>true</enableSendRedirects> </vnic> <vnic> <label>vNic_1</label> <name>vnic1</name> <addressGroups> <addressGroup> <primaryAddress>10.0.0.1</primaryAddress> <subnetMask>255.255.255.0</subnetMask> <subnetPrefixLength>24</subnetPrefixLength> </addressGroup> </addressGroups> <mtu>1500</mtu> <type>internal</type> <isConnected>true</isConnected> <index>1</index> <portgroupId>virtualwire-380</portgroupId> <portgroupName>dvs.VCDVStest-1-5ca1ab95-ded5-4af5-bf90-96eaa70e5512</portgroupName> <enableProxyArp>false</enableProxyArp> <enableSendRedirects>true</enableSendRedirects> </vnic> <vnic> <label>vNic_2</label> <name>vnic2</name> <addressGroups/> <mtu>1500</mtu> <type>internal</type> <isConnected>false</isConnected> <index>2</index> <enableProxyArp>false</enableProxyArp> <enableSendRedirects>true</enableSendRedirects> </vnic> <vnic> <label>vNic_3</label> <name>vnic3</name> <addressGroups/> <mtu>1500</mtu> <type>internal</type> <isConnected>false</isConnected> <index>3</index> <enableProxyArp>false</enableProxyArp> <enableSendRedirects>true</enableSendRedirects> </vnic> <vnic> <label>vNic_4</label> <name>vnic4</name> <addressGroups/> <mtu>1500</mtu> <type>internal</type> <isConnected>false</isConnected> <index>4</index> <enableProxyArp>false</enableProxyArp> <enableSendRedirects>true</enableSendRedirects> </vnic> <vnic> <label>vNic_5</label> <name>vnic5</name> <addressGroups/> <mtu>1500</mtu> <type>internal</type> <isConnected>false</isConnected> <index>5</index> <enableProxyArp>false</enableProxyArp> <enableSendRedirects>true</enableSendRedirects> </vnic> <vnic> <label>vNic_6</label> <name>vnic6</name> <addressGroups/> <mtu>1500</mtu> <type>internal</type> <isConnected>false</isConnected> <index>6</index> <enableProxyArp>false</enableProxyArp> <enableSendRedirects>true</enableSendRedirects> </vnic> <vnic> <label>vNic_7</label> <name>vnic7</name> <addressGroups/> <mtu>1500</mtu> <type>internal</type> <isConnected>false</isConnected> <index>7</index> <enableProxyArp>false</enableProxyArp> <enableSendRedirects>true</enableSendRedirects> </vnic> <vnic> <label>vNic_8</label> <name>vnic8</name> <addressGroups/> <mtu>1500</mtu> <type>internal</type> <isConnected>false</isConnected> <index>8</index> <enableProxyArp>false</enableProxyArp> <enableSendRedirects>true</enableSendRedirects> </vnic> <vnic> <label>vNic_9</label> <name>vnic9</name> <addressGroups/> <mtu>1500</mtu> <type>internal</type> <isConnected>false</isConnected> <index>9</index> <enableProxyArp>false</enableProxyArp> <enableSendRedirects>true</enableSendRedirects> </vnic> </vnics> <appliances> <applianceSize>compact</applianceSize> <appliance> <highAvailabilityIndex>0</highAvailabilityIndex> <vcUuid>500615b5-3f65-146a-1d5c-0dce84fc60ea</vcUuid> <vmId>vm-4274</vmId> <resourcePoolId>resgroup-53</resourcePoolId> <resourcePoolName>System vDC (c8a308dd-2509-48ad-ab8e-54e93938394d)</resourcePoolName> <datastoreId>datastore-1</datastoreId> <datastoreName>DATASTORE</datastoreName> <hostId>host-18</hostId> <hostName>ESXi-host</hostName> <vmFolderId>group-v453</vmFolderId> <vmFolderName>Service VMs</vmFolderName> <vmHostname>vse-f8b2ccec-ef9b-464f-8bab-eb67e27f15c3-0</vmHostname> <vmName>vse-test-delete-edge (877a6842-8a67-4dad-87cf-81e155c45763)-0</vmName> <deployed>true</deployed> <cpuReservation> <limit>-1</limit> <reservation>64</reservation> </cpuReservation> <memoryReservation> <limit>-1</limit> <reservation>256</reservation> </memoryReservation> <edgeId>edge-8</edgeId> <configuredResourcePool> <id>resgroup-53</id> <name>System vDC (c8a308dd-2509-48ad-ab8e-54e93938394d)</name> <isValid>true</isValid> </configuredResourcePool> <configuredDataStore> <id>datastore-1</id> <name>DATASTORE</name> <isValid>true</isValid> </configuredDataStore> <configuredHost> <id>host-18</id> <name>ESXi-host</name> <isValid>true</isValid> </configuredHost> <configuredVmFolder> <id>group-v453</id> <name>Service VMs</name> <isValid>true</isValid> </configuredVmFolder> </appliance> <deployAppliances>true</deployAppliances> </appliances> <cliSettings> <remoteAccess>false</remoteAccess> <userName>admin</userName> <sshLoginBannerText> *************************************************************************** NOTICE TO USERS This computer system is the private property of its owner, whether individual, corporate or government. It is for authorized use only. Users (authorized or unauthorized) have no explicit or implicit expectation of privacy. Any or all uses of this system and all files on this system may be intercepted, monitored, recorded, copied, audited, inspected, and disclosed to your employer, to authorized site, government, and law enforcement personnel, as well as authorized officials of government agencies, both domestic and foreign. By using this system, the user consents to such interception, monitoring, recording, copying, auditing, inspection, and disclosure at the discretion of such personnel or officials. Unauthorized or improper use of this system may result in civil and criminal penalties and administrative or disciplinary action, as appropriate. By continuing to use this system you indicate your awareness of and consent to these terms and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the conditions stated in this warning. ****************************************************************************</sshLoginBannerText> <passwordExpiry>99999</passwordExpiry> </cliSettings> <features> <nat> <version>3</version> <enabled>true</enabled> <natRules> <natRule> <ruleId>196609</ruleId> <ruleTag>196609</ruleTag> <loggingEnabled>false</loggingEnabled> <enabled>true</enabled> <translatedAddress>esxternal-ip</translatedAddress> <ruleType>user</ruleType> <action>snat</action> <vnic>0</vnic> <originalAddress>10.0.0.0/24</originalAddress> <snatMatchDestinationAddress>any</snatMatchDestinationAddress> <protocol>any</protocol> <originalPort>any</originalPort> <translatedPort>any</translatedPort> <snatMatchDestinationPort>any</snatMatchDestinationPort> </natRule> <natRule> <ruleId>196610</ruleId> <ruleTag>196610</ruleTag> <loggingEnabled>false</loggingEnabled> <enabled>true</enabled> <translatedAddress>10.0.0.3</translatedAddress> <ruleType>user</ruleType> <action>dnat</action> <vnic>0</vnic> <originalAddress>esxternal-ip</originalAddress> <dnatMatchSourceAddress>any</dnatMatchSourceAddress> <protocol>tcp</protocol> <originalPort>443</originalPort> <translatedPort>8443</translatedPort> <dnatMatchSourcePort>any</dnatMatchSourcePort> </natRule> </natRules> <nat64Rules/> </nat> <l2Vpn> <version>2</version> <enabled>false</enabled> <logging> <enable>true</enable> <logLevel>notice</logLevel> </logging> </l2Vpn> <featureConfig/> <featureConfig/> <dns> <version>2</version> <enabled>false</enabled> <cacheSize>16</cacheSize> <listeners> <vnic>any</vnic> </listeners> <dnsViews> <dnsView> <viewId>view-0</viewId> <name>vsm-default-view</name> <enabled>true</enabled> <viewMatch> <ipAddress>any</ipAddress> <vnic>any</vnic> </viewMatch> <recursion>false</recursion> </dnsView> </dnsViews> <logging> <enable>false</enable> <logLevel>info</logLevel> </logging> </dns> <syslog> <version>2</version> <enabled>false</enabled> <protocol>udp</protocol> </syslog> <sslvpnConfig> <version>2</version> <enabled>false</enabled> <logging> <enable>true</enable> <logLevel>notice</logLevel> </logging> <advancedConfig> <enableCompression>false</enableCompression> <forceVirtualKeyboard>false</forceVirtualKeyboard> <randomizeVirtualkeys>false</randomizeVirtualkeys> <preventMultipleLogon>false</preventMultipleLogon> <clientNotification></clientNotification> <enablePublicUrlAccess>false</enablePublicUrlAccess> <timeout> <forcedTimeout>0</forcedTimeout> <sessionIdleTimeout>10</sessionIdleTimeout> </timeout> </advancedConfig> <clientConfiguration> <autoReconnect>true</autoReconnect> <upgradeNotification>false</upgradeNotification> </clientConfiguration> <layoutConfiguration> <portalTitle>VMware</portalTitle> <companyName>VMware</companyName> <logoExtention>jpg</logoExtention> <logoUri>/api/4.0/edges/edge-8/sslvpn/config/layout/images/portallogo</logoUri> <logoBackgroundColor>56A2D4</logoBackgroundColor> <titleColor>996600</titleColor> <topFrameColor>000000</topFrameColor> <menuBarColor>999999</menuBarColor> <rowAlternativeColor>FFFFFF</rowAlternativeColor> <bodyColor>FFFFFF</bodyColor> <rowColor>F5F5F5</rowColor> </layoutConfiguration> <authenticationConfiguration> <passwordAuthentication> <authenticationTimeout>1</authenticationTimeout> <primaryAuthServers/> <secondaryAuthServer/> </passwordAuthentication> </authenticationConfiguration> </sslvpnConfig> <featureConfig/> <highAvailability> <version>3</version> <enabled>false</enabled> <declareDeadTime>15</declareDeadTime> <logging> <enable>false</enable> <logLevel>info</logLevel> </logging> <security> <enabled>false</enabled> </security> </highAvailability> <routing> <version>3</version> <enabled>true</enabled> <routingGlobalConfig> <ecmp>false</ecmp> <logging> <enable>false</enable> <logLevel>info</logLevel> </logging> </routingGlobalConfig> <staticRouting> <defaultRoute> <vnic>0</vnic> <mtu>1500</mtu> <gatewayAddress>external-ip</gatewayAddress> <adminDistance>1</adminDistance> </defaultRoute> <staticRoutes/> </staticRouting> <ospf> <enabled>false</enabled> <ospfAreas> <ospfArea> <areaId>51</areaId> <type>nssa</type> <authentication> <type>none</type> </authentication> </ospfArea> <ospfArea> <areaId>0</areaId> <type>normal</type> <authentication> <type>none</type> </authentication> </ospfArea> </ospfAreas> <ospfInterfaces/> <redistribution> <enabled>false</enabled> <rules/> </redistribution> <gracefulRestart>true</gracefulRestart> <defaultOriginate>false</defaultOriginate> </ospf> </routing> <featureConfig/> <gslb> <version>2</version> <enabled>false</enabled> <serviceTimeout>6</serviceTimeout> <persistentCache> <maxSize>20</maxSize> <ttl>300</ttl> </persistentCache> <queryPort>5666</queryPort> <logging> <enable>false</enable> <logLevel>info</logLevel> </logging> </gslb> <firewall> <version>6</version> <enabled>true</enabled> <globalConfig> <tcpPickOngoingConnections>false</tcpPickOngoingConnections> <enableFtpLooseMode>false</enableFtpLooseMode> <tcpAllowOutOfWindowPackets>false</tcpAllowOutOfWindowPackets> <tcpSendResetForClosedVsePorts>true</tcpSendResetForClosedVsePorts> <dropInvalidTraffic>true</dropInvalidTraffic> <logInvalidTraffic>false</logInvalidTraffic> <tcpTimeoutOpen>30</tcpTimeoutOpen> <tcpTimeoutEstablished>21600</tcpTimeoutEstablished> <tcpTimeoutClose>30</tcpTimeoutClose> <udpTimeout>60</udpTimeout> <icmpTimeout>10</icmpTimeout> <icmp6Timeout>10</icmp6Timeout> <ipGenericTimeout>120</ipGenericTimeout> <enableSynFloodProtection>false</enableSynFloodProtection> <logIcmpErrors>false</logIcmpErrors> <dropIcmpReplays>false</dropIcmpReplays> <enableSnmpAlg>true</enableSnmpAlg> <enableFtpAlg>true</enableFtpAlg> <enableTftpAlg>true</enableTftpAlg> </globalConfig> <defaultPolicy> <action>deny</action> <loggingEnabled>false</loggingEnabled> </defaultPolicy> <firewallRules> <firewallRule> <id>131076</id> <ruleTag>131076</ruleTag> <name>firewall</name> <ruleType>internal_high</ruleType> <enabled>true</enabled> <loggingEnabled>false</loggingEnabled> <description>firewall</description> <action>accept</action> <source> <exclude>false</exclude> <vnicGroupId>vse</vnicGroupId> </source> </firewallRule> <firewallRule> <id>131077</id> <ruleTag>131077</ruleTag> <name>test</name> <ruleType>user</ruleType> <enabled>true</enabled> <loggingEnabled>false</loggingEnabled> <action>accept</action> <source> <exclude>false</exclude> <vnicGroupId>vnic-index-1</vnicGroupId> </source> <application> <service> <protocol>icmp</protocol> <icmpType>any</icmpType> </service> </application> </firewallRule> <firewallRule> <id>131075</id> <ruleTag>131075</ruleTag> <name>default rule for ingress traffic</name> <ruleType>default_policy</ruleType> <enabled>true</enabled> <loggingEnabled>false</loggingEnabled> <description>default rule for ingress traffic</description> <action>deny</action> </firewallRule> </firewallRules> </firewall> <loadBalancer> <version>2</version> <enabled>false</enabled> <enableServiceInsertion>false</enableServiceInsertion> <accelerationEnabled>false</accelerationEnabled> <monitor> <monitorId>monitor-1</monitorId> <type>tcp</type> <interval>5</interval> <timeout>15</timeout> <maxRetries>3</maxRetries> <name>default_tcp_monitor</name> </monitor> <monitor> <monitorId>monitor-2</monitorId> <type>http</type> <interval>5</interval> <timeout>15</timeout> <maxRetries>3</maxRetries> <method>GET</method> <url>/</url> <name>default_http_monitor</name> </monitor> <monitor> <monitorId>monitor-3</monitorId> <type>https</type> <interval>5</interval> <timeout>15</timeout> <maxRetries>3</maxRetries> <method>GET</method> <url>/</url> <name>default_https_monitor</name> </monitor> <logging> <enable>false</enable> <logLevel>info</logLevel> </logging> </loadBalancer> <ipsec> <version>2</version> <enabled>false</enabled> <logging> <enable>true</enable> <logLevel>warning</logLevel> </logging> <sites/> <global> <psk>******</psk> <caCertificates/> <crlCertificates/> </global> </ipsec> <bridges> <version>2</version> <enabled>false</enabled> </bridges> <dhcp> <version>2</version> <enabled>false</enabled> <staticBindings/> <ipPools/> <logging> <enable>false</enable> <logLevel>info</logLevel> </logging> </dhcp> </features> <autoConfiguration> <enabled>true</enabled> <rulePriority>high</rulePriority> </autoConfiguration> <type>gatewayServices</type> <isUniversal>false</isUniversal> <hypervisorAssist>false</hypervisorAssist> <tunnels/> </edge>
XML Edge. :
<id>edge-8</id> <version>8</version> <status>deployed</status>
<name> </name>, Edge .
,
<resourcePoolId> <resourcePoolName> <vmFolderId> <vmFolderName>
.
<password> </password> Edge <userName> <sshLoginBannerText>, :
<userName>admin</userName> <password>Test123!test123!</password> <sshLoginBannerText>
NAT ruleId, ruleTag, ruleType, :
<ruleId>196609</ruleId> <ruleTag>196609</ruleTag> <ruleType>user</ruleType>
XML Edge. Body XML, raw XML .
POST https://nsx-fqdn-1/api/4.0/edges/
Edge edge-9.
.
, NAT. , Edge . <nat>. , NAT- :
GET https://nsx-fqdn-1/api/4.0/edges/edge-9/nat/config
NAT POST-. ruleId, ruleTag, ruleType, :
<ruleId>196609</ruleId> <ruleTag>196609</ruleTag> <ruleType>user</ruleType>
POST https://nsx-fqdn-1/api/4.0/edges/edge-9/nat/config/rules
NAT-:
<natRules> <natRule> <action>dnat</action> <vnic>0</vnic> <originalAddress>esxternal_ip</originalAddress> <translatedAddress>192.168.1.9</translatedAddress> <loggingEnabled>false</loggingEnabled> <enabled>true</enabled> <description></description> <protocol>udp</protocol> <originalPort>80</originalPort> <translatedPort>80</translatedPort> </natRule> </natRules>
, NAT POST- , .
, :
(firewall, vpn, load balancer ). XML .
API vCloud Director. Edge API. Edge vCloud Director’, NSX-, edge-8 vCenter, . Edge id, vCloud Director . vCloud Director . , vCloud Director id c edge-8 edge-9.
gateway, id:
select * from gateway where name like 'test-delete-edge%'
:
-- id=' 877a6842-8a67-4dad-87cf-81e155c45763 ' --name=' test-delete-edge' --backing-ref='edge-8'
, Edge:
select * from global_search('edge-8')
, Edge:
select * from gateway where id = '877a6842-8a67-4dad-87cf-81e155c45763'
id Edge , .
update gateway set backing_ref = 'edge-9' where id = '877a6842-8a67-4dad-87cf-81e155c45763'
Edge vCloud Director.
.
Edge
Edge vCloud Director, Postman . API vCloud Director :
Postman.
:
Autorization: Basic Auth - administrator@system
GET https://vCD-fqdn/api/versions
, api.
:
Accept application/*+xml;version=35.0
. POST https://vCD-fqdn/api/sessions
: X-VMWARE-VCLOUD-ACCESS-TOKEN.
Bearer Token X-VMWARE-VCLOUD-ACCESS-TOKEN.
GET https://vCD-fqdn/api/admin, , .
Powershell connect-ciserver vCD-fqdn
: Get-OrgVdc OrgVDCName| Get-EdgeGateway EdgeName
Href.
Href: https://vCD-fqdn/api/admin/edgeGateway/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Postman :
GET https://vCD-fqdn/api/admin/edgeGateway/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
. “”:
<?xml version="1.0" encoding="UTF-8"?> <EdgeGatewayServiceConfiguration xmlns="http://www.vmware.com/vcloud/v1.5"> … , <EdgeGatewayServiceConfiguration> </EdgeGatewayServiceConfiguration>
:
<?xml version="1.0" encoding="UTF-8"?> <EdgeGatewayServiceConfiguration xmlns="http://www.vmware.com/vcloud/v1.5"> <GatewayDhcpService> <IsEnabled>false</IsEnabled> </GatewayDhcpService> <FirewallService> <IsEnabled>true</IsEnabled> <DefaultAction>allow</DefaultAction> <LogDefaultAction>false</LogDefaultAction> </FirewallService> <NatService> <IsEnabled>true</IsEnabled> <NatRule> <RuleType>SNAT</RuleType> <IsEnabled>true</IsEnabled> <Id>196609</Id> <GatewayNatRule> <Interface href="https://fqdn-vcd/api/admin/network/xxxxxx" name="network" type="application/vnd.vmware.admin.network+xml"/> <OriginalIp>10.0.0.0/24</OriginalIp> <TranslatedIp>external-ip</TranslatedIp> </GatewayNatRule> </NatRule> </NatService> <GatewayIpsecVpnService> <IsEnabled>false</IsEnabled> </GatewayIpsecVpnService> <StaticRoutingService> <IsEnabled>true</IsEnabled> </StaticRoutingService> <LoadBalancerService> <IsEnabled>false</IsEnabled> </LoadBalancerService> </EdgeGatewayServiceConfiguration>
Edge , <Interface/> Edge Edge, :
<Interface href="https://fqdn-vcd/api/admin/network/xxxxxx" name="network" type="application/vnd.vmware.admin.network+xml"/>
POST-. XML Body raw Edge. content-type application/vnd.vmware.admin.edgeGatewayServiceConfiguration+xml
Edge, url /action/configureServices, :
POST https://vCD-fqdn/api/admin/edgeGateway/XXXX/action/configureServices
.
. XML Edge , api. – vCloud Director, . , , .