Updating NSX-T Load Balancer Server Pool Membership
Page last updated:
This topic describes how to update load balancer server pool membership for Pivotal Cloud Foundry (PCF) foundation using NSX-T on vSphere.
This procedure applies to customers who have manually populated their NSX-T static load balancer pools with the IP addresses of the HA Proxy or Router VMs. When upgrading Pivotal Application Service (PAS) from 2.2 to 2.3, applying a stemcell update, or updating a tile, the foundation may become unreachable. This is because the NSX-T static load balancer server pools have been emptied. To read more about this issue, see Safely Upgrading PAS 2.2 → 2.3 with NSX-T Load Balancers.
To implement this procedure, you must use the Ops Manager API. See the Ops Manager API documentation for more information about the API.
Note: Ops Manager v2.3 supports NSX-T v2.2 and later.
Authenticate
To use the Ops Manager API, you must authenticate and retrieve a token from the Ops Manager User Account and Authentication (UAA) server. For instructions, see the Using Ops Manager API topic.
Update Load Balancer Server Pool Membership
Create a VM extension for each of the jobs that will become members of the load balancer pools. Jobs can belong to multiple pools; for example, the router job may belong to pools for both the HTTP and HTTPS load balancers. Below is an example of the VM extension configuration for the Router job:
{ "cloud_properties": { "nsxt": { "lb": { "server_pools": [ { "name": "PAS-GoRouter443ServerPool", "port": 443 }, { "name": "PAS-GoRouter80ServerPool", "port": 80 } ] } } }, "name": "http_https_lb" }
For each VM extension, use a
curl
command to stage it with the Ops Manager API, (where VM_EXTENSION_FILE_PATH is the path to the VM extension file, e.g./tmp/router_ext.json
):curl "https://OPS-MAN-FQDN/api/v0/staged/vm_extensions' \ -X POST \ -H "Authorization: Bearer UAA-ACCESS-TOKEN" \ -H "Content-Type: application/json" \ -d "@VM_EXTENSION_FILE_PATH"
Retrieve a list of staged products:
$ curl 'https://OPS-MAN-FQDN/api/v0/staged/products' \ -H "Authorization: Bearer UAA-ACCESS-TOKEN" [ { "product_version" : "1.10.6.0", "guid" : "p-bosh-dee11e111e1111ee1e1a", "installation_name" : "p-bosh", "type" : "p-bosh" }, { "type" : "cf", "product_version" : "1.10.8-build.7", "installation_name" : "cf-01222ab1111111aaa1a", "guid" : "cf-01222ab1111111aaa1a" } ]
Record the GUID of thecf
product. In the above example, the GUID iscf-01222ab1111111aaa1a
.Retrieve a list of jobs for your product:
$ curl 'https://OPS-MAN-FQDN/api/v0/staged/products/PRODUCT-GUID/jobs' \ -H 'Authorization: Bearer UAA-ACCESS-TOKEN' { "jobs" : [ { "guid" : "router-9c37cf48ae7412f2afd1", "name" : "router" }, { "name" : "tcp_router", "guid" : "tcp_router-6af18efdd18d198edee9" }, { "name" : "diego_brain", "guid" : "diego_brain-b49b0b2aed247302c0e1" }, ...
Record the GUIDs of the jobs whose security groups you want to update.To update the load balancer server pool membership for your job, use the following command:
$ curl "https://OPS-MAN-FQDN/api/v0/staged/products/PRODUCT-GUID/jobs/JOB-GUID/resource_config" \ -X PUT \ -H "Content-Type: application/json" \ -H "Authorization: Bearer UAA-ACCESS-TOKEN" \ -d '{"instance_type": {"id": "INSTANCE-TYPE"}, "instances": INSTANCE-COUNT, "additional_vm_extensions": ["VM-EXTENSION-NAME"] }'
Replace the placeholder values as follows:INSTANCE-TYPE
: The instance type for the job. For the default instance type, use"automatic"
.INSTANCE-COUNT
: The number of instances for the job. The default number for each job is visible in the Resource Config section of the Ops Manager UI.VM-EXTENSION-NAME
: Thename
field of the VM Extension JSON config file written in step 1. In our example above, the name would behttp_https_lb
.
WARNING: Do not use the resource config fields for
nsx_lbs
andnsx_security_groups
; these fields only work on NSX-V. To configure load balancers on NSX-T, you must use the VM Extensions API.Navigate to
OPS-MAN-FQDN
in a browser and log in to the Ops Manager Installation Dashboard.Click Review Pending Changes, then Apply Changes to redeploy.