Updating NSX Security Group and Load Balancer Information

Page last updated:

This topic describes how to update security group and load balancer information for Pivotal Cloud Foundry (PCF) deployments using NSX on vSphere. To update this information, you must use the Ops Manager API.

See the Ops Manager API documentation at https://YOUR-OPS-MANAGER-FQDN/docs for more information about the API.

Note: Ops Manager v1.11 supports NSX-V 6.2+.

Authenticate

To use the Ops Manager API, you must authenticate and retrieve a token from the Ops Manager User Account and Authentication (UAA) server. For instructions, see the Using Ops Manager API topic.

Update Security Group or Load Balancer Information

To update either NSX security group or load balancer information, you use curl to make a PUT request against the api/v0/staged/products/product_guid/jobs/job_guid/resource_config endpoint.

You must first retrieve the GUID of your PCF deployment, and the GUID of the job whose information you want to update.

Perform the following steps:

  1. Retrieve a list of staged products:

    $ curl 'https://OPS-MAN-FQDN/api/v0/staged/products' \
    -H "Authorization: Bearer UAA-ACCESS-TOKEN"
    [
       {
          "product_version" : "1.10.6.0",
          "guid" : "p-bosh-dee11e111e1111ee1e1a",
          "installation_name" : "p-bosh",
          "type" : "p-bosh"
       },
       {
          "type" : "cf",
          "product_version" : "1.10.8-build.7",
          "installation_name" : "cf-01222ab1111111aaa1a",
          "guid" : "cf-01222ab1111111aaa1a"
       }
    ]
    

    Record the GUID of the cf product. In the above example, the GUID is cf-01222ab1111111aaa1a.

  2. Retrieve a list of jobs for your product:

    $ curl 'https://OPS-MAN-FQDN/api/v0/staged/products/PRODUCT-GUID/jobs' \
    -H "Authorization: Bearer UAA-ACCESS-TOKEN'
    {
    "jobs" : [
      {
         "guid" : "consul_server-9c37cf48ae7412f2afd1",
         "name" : "consul_server"
      },
      {
         "name" : "nats",
         "guid" : "nats-6af18efdd18d198edee9"
      },
      {
         "guid" : "etcd_tls_server-90b3b107449aae7376dc",
         "name" : "etcd_tls_server"
      },
      {
         "name" : "nfs_server",
         "guid" : "nfs_server-b49b0b2aed247302c0e1"
      },
      ...
    

    Record the GUID of the job whose security groups you want to update.

  3. You can update either your security group information, load balancer information, or both.

    • Security groups: To update the security groups for your job, use the following command:
      $ curl "https://OPS-MAN-FQDN/api/v0/staged/products/PRODUCT-GUID/jobs/JOB-GUID/resource_config" \ 
          -X PUT \ 
          -H "Authorization: Bearer UAA-ACCESS-TOKEN" \
          -d '{"nsx_security_groups": ["SECURITY-GROUP1", "SECURITY-GROUP2"]}' 
      
      The value for nsx_security_groups is a list of the security groups you want to set for the job. To clear all security groups for a job, pass an empty list with the value [].

    • Load balancers: To update the load balancers for your job, use the following command:

      $ curl "https://OPS-MAN-FQDN/api/v0/staged/products/PRODUCT-GUID/jobs/JOB-GUID/resource_config" \ 
          -X PUT \ 
          -H "Authorization: Bearer UAA-ACCESS-TOKEN" \
          -d '{"nsx_lbs": \
                  { \
                    "edge_name": "EDGE-NAME", \
                    "pool_name": "POOL-NAME", \
                    "security_group": "SECURITY-GROUP", \
                    "port": "PORT-NUMBER" \
                  }
      
      Replace the placeholder values under nsx_lbs as follows:

      • EDGE-NAME: The name of the NSX Edge
      • POOL-NAME: The name of the NSX Edge’s server pool
      • SECURITY-GROUP: The name of the NSX server pool’s target security group
      • PORT: The name of the port that the VM service is listening on, such as 5000
  4. Navigate to OPS-MAN-FQDN in a browser and log in to the Ops Manager Installation Dashboard.

  5. Click Apply Changes to redeploy.

Create a pull request or raise an issue on the source for this page in GitHub