Working with NSX API: Adding an IP to an ESG (Edge Services Gateway)

Whilst setting up an NSX load balancer (post to follow) I found the need to add a secondary IP to an ESG. Because of this (KB2151309) handy bug feature I had to either delete the ESG and re-create it, or set a secondary IP via the API, so here goes…

This post assume basic knowledge of NSX components and uses the following:

  • NSX 6.3.2 with a fully deployed ESG
  • Postman

The Before

A quick look at the ‘before’ setup of the ESG interface configuration (IPs and names have been changed to protect the innocent):

And here’s a closer look at the vNIC 0 that we’ll be adding a secondary IP to, to prove there’s not already one set:

API Call 1 – Get the config of the vNIC we want to change

So we know we need to edit vNIC 0, but to get all of its current config we need to call on the API. This will help to see the structure of the config required and confirm all of the settings.

The NSX API Guide tells us how the API request should look…

So fire up Postman (or other API consumer) and structure the request:

  • Method: GET
  • URL: https://NSX-MANAGER.FQDN/api/4.0/edges/edge-1/vnics/0
    • This is from the NSX API Guide as above, with the index of 0 at the end to represent the vNIC 0 we’re working with
    • Remember that in NSX world that the NSX Manager presents the Northbound API, so you’re always interacting with the Manager
  •  Authorization:
    • Type: Basic Auth
    • Username: (API-enabled user, could be the NSX default ‘admin’)
    • Password; ^^^
  • Headers:
    • Content-Type: application/xml
    • Authorization: Basic (base64-added from the Authorization tab)

Hit Send and you should see some data similar to what was represented in the NSX web GUI:

<?xml version="1.0" encoding="UTF-8"?>
<vnic>
    <label>vNic_0</label>
    <name>EXTERNAL</name>
    <addressGroups>
        <addressGroup>
            <primaryAddress>10.1.1.1</primaryAddress>
            <subnetMask>255.255.255.248</subnetMask>
            <subnetPrefixLength>29</subnetPrefixLength>
        </addressGroup>
    </addressGroups>
 <mtu>1500</mtu>
 <type>uplink</type>
 <isConnected>true</isConnected>
 <index>0</index>
 <portgroupId>dvportgroup-6645</portgroupId>
 <portgroupName>EXTERNAL</portgroupName>
 <enableProxyArp>false</enableProxyArp>
 <enableSendRedirects>false</enableSendRedirects>
</vnic>

 

API Call 2 – Setting the Secondary IP Address

Note that in the output above from the vNIC it has no secondary addresses configured and there’s no stanza for one. So how do you know how to add one? And do you just guess and change the method from GET to POST? All is explained again in the NSX API Guide…

So we now know the syntax and method (PUT) to add a secondary address!

Back in Postman, update the request to change the method, then add a Body with the existing vNIC0 configuration (which was obtained earlier) along with the new secondary IP config (I’ve used 10.1.1.2) and hit Send:

Ok, it loaded for a bit then looks to have sent, but how do you know? Well in the bottom right corner of Postman we see Status: 204 No Content. Any HTTP 2XX message is a success and the fact that no content was sent back is fine, we didn’t expect anything.

The After

Time to check that the new config has worked. We can do this two ways, in the NSX web GUI or via the API…

Since we’re still in Postman, re-issue the GET from earlier to retrieve the new vNIC0 config:

And to be sure, confirm in the NSX web GUI:

 

Advertisements

Extension Mobility Remote Login/Logout without PIN in Python

Whilst trying to automate some mundane networking tasks in Python, I’ve started looking our UC environment. This lead me to a great post (thanks!) here:

https://ucnote.wordpress.com/2015/11/29/extension-mobility-remotely-login-user-to-phone/

I’m by no means a coder, but I’ve converted the PowerShell script from there into a Python version (feel free to suggest a more PEP8 improvement), that uses the Requests library.

Some uses for this is to make a web app to see who is logged in where and give the ability to log them out remotely. Alternatively, provide a Windows login/log off script that automatically logs a user into their handset (users with no roles can log themselves in/out, whilst users with the EM Authentication Proxy Rights role can login/logout any user).

Ingredients Used:

If you want to try this out it should work on most UCM versions and I think in Py3, but to rule out any incompatibilities, my environment was:

  • Python 2.7
  • Requests 2.9.1
  • CUCM 10.5(1)
  • Softphone

The Code:

Change the hard coded variables for your own and comment in/out the logout/in respectively:

#! /usr/bin/env python
import getpass
import requests

# YOUR DETAILS FROM HERE
cucm_server = "CUCM"
mac = "000000000002"
device = "SEP" + mac
emuser = "emuser"
appEmProxyUser = "appemadmin"
appPw = getpass.getpass(prompt="Enter the EMProxyUser password: ")
# TO HERE

uri = "http://" + cucm_server + ":8080/emservice/EMServiceServlet"
headers = {"Content-Type":
 "application/x-www-form-urlencoded"}

parameters = "<request>"
parameters += "<appInfo><appID>" + appEmProxyUser +\
 "</appID><appCertificate>" + appPw + "</appCertificate></appInfo>"

# parameters += "<logout><deviceName>" + device + "</deviceName></logout>"
parameters += "<login><deviceName>" + device + "</deviceName><userID>" +\
 emuser + "</userID></login>"

parameters += "</request>"

r = requests.post(uri,
 data={"xml":
 parameters},
 headers=headers)
print(r.text)