Provisioning vDS VXLAN virtual wires using vCenter Orchestrator

Recently while I was working on vSphere infrastructure automation processes I came up with a need to provision vNetwork Distributed Switch VXLAN virtual wires using vCenter Orchestrator 5.1 (vCO). I learned that there is no VMware vCloud Networking and Security (vCNS) plug-in for vCO 5.1 so I had to come up with a way to tap into vCNS from vCO.

vCenter Orchestrator has REST plug-in which allows easy integration with any RESTful service so I ended up looking at REST API on vCNS. As a first thing I glanced through vShield API Programming Guide and it become clear that it is very easy to command vCNS through a REST API so my disappointment for not having a vCNS plug-in for vCO was quickly forgotten.

For a quick example on how to create a new VXLAN virtual wire using vCNS, just send POST request to https://vcns/api/2.0/vdn/scopes/scopeID/virtualwires with request body of

vCenter Orchestrator workflow

I deployed VXLAN using vShield Manager web console and I started to work on my virtual wire provisioning workflow.

Connecting to a vCNS REST API

Before I was able to connect vCO to vCNS I had to install untrusted SSL certificate of vCNS into vCO. This is done by running “Manage SSL certificates” workflow in vCO. I guess this step is not necessary if your vCNS is using trusted SSL certificate.

image

For some odd reason I had to use vCNS host IP address instead of FQDN in host URL to make vCO to download the certificate. Any time I tried with FQDN I just got an error message about URL being invalid.

Now that SSL certificate was installed I was ready to connect vCO to vCNS REST API, this is done by running a “Add a REST host” workflow in vCO. You have to enter following data for this workflow:

  • Name: vCloud Network and Security (or anything you want)
  • URL: https://vcns-ip-or-fqdn/api/2.0
  • Host’s authentication type: Basic
  • Session mode: Shared session or Per User Session

Adding a REST operation

Next step was to run a “Add a REST operation” workflow

image

Parent host should be REST host added in previous step. Template URL is URL for this REST operation. Note that I have {scopeId} in this URL, this means that {scopeID} is a parameter which we need to set for this operation.

Creating a workflow

Once REST operation is added we need to create a workflow of it so we can execute this operation. This is done by running a “Generate a new workflow from a REST operation” workflow, for this you need to browse for recently added REST operation for Operation input.

image

I now had a bare workflow for executing a REST operation on vCNS, this workflow does however require XML request body as string so I had to do some scripting to build  necessary XML request. I created a “Create VXLAN Virtual Wire” workflow and gave it following input parameters:

  • vxlanName: string
  • vxlanDesc: string

and created following attributes

  • scopeId: string: value vdnscope-1
  • tenantId: string: value production
  • content: string

then I dropped in Scriptable task element and “Invoke ‘Create VXLAN Virtual Wire..’” workflow I had previously created in my workflow schema

image

In Scriptable task element I mapped in vxlanName, vxlanDesc and tenantId input parameters and wrote following code

and I mapped content source attribute to content attribute as output value.

In “Invoke ‘Create VXLAN Virtual Wire..’” element I mapped in scopeID and content attributes and all output parameters to NULL. My workflow was done. I executed this workflow, entered input parameters and watched as VXLAN virtual wire was deployed in vDS.

VDN Scope and Tenant ID

You may have noticed that I had two preset attributes in my workflow, scopeId and tenantId. To find out what your scopeId is you can use any REST client to query this information from vCNS, I used Postman REST Client extension for Chrome web browser, just send GET request to a https://vcns/api/2.0/vdn/scopes.

image

To find out tenantId I created virtual wire using vShield Manager and sent GET request to https://vcns/api/2.0/vdn/virtualwires, tenantId is returned as part of virtual wires output.

3 comments to Provisioning vDS VXLAN virtual wires using vCenter Orchestrator

  • LuckyT

    Hi,

    Can you help me to deploy vShield Edge from vCenter Orchestrator? If you have sample workflow to deploy vShield Edge, can you share?

    Thanks in advance.

  • Deploying vShield Edge appliance should be very easy using vShield Manager REST API. See page 51 on http://www.vmware.com/pdf/vshield_51_api.pdf document for API details.

    To specify configuration XML for Edge appliance deployment use examples in this blog post.

  • LuckyT

    Hi,

    I tried as per your instructions but it is failing with below error:

    “Content as string:
    Invalid token character '<' in token " org1edgeAPI<"100
    HTTPError: status code: 500 (Workflow:Invoke a REST operation / Check status code (item3)#1)”

    ===================
    Reason:
    Content variable getting build as (it has spaces):

    ” org1edgeAPI datacenter-2 compact resgroup-121 datastore-44 0 internal0 INTERNAL dvportgroup-83 192.168.3.1 192.168.3.2 255.255.255.0 admin test true true high “

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">