Updating NSX-T Load Balancer Server Pool Membership

Page last updated:

This topic describes how to update load balancer server pool membership for Pivotal Cloud Foundry (PCF) foundation using NSX-T on vSphere.

This procedure applies to customers who have manually populated their NSX-T static load balancer pools with the IP addresses of the HA Proxy or Router VMs. When upgrading Pivotal Application Service (PAS) from 2.2 to 2.3, applying a stemcell update, or updating a tile, the foundation may become unreachable. This is because the NSX-T static load balancer server pools have been emptied. To read more about this issue, see Safely Upgrading PAS 2.2 → 2.3 with NSX-T Load Balancers.

To implement this procedure, you must use the Ops Manager API. See the Ops Manager API documentation for more information about the API.

Note: Ops Manager v2.3 supports NSX-T v2.2 and later.

Authenticate

To use the Ops Manager API, you must authenticate and retrieve a token from the Ops Manager User Account and Authentication (UAA) server. For instructions, see the Using Ops Manager API topic.

Update Load Balancer Server Pool Membership

  1. Create a VM extension for each of the jobs that will become members of the load balancer pools. Jobs can belong to multiple pools; for example, the router job may belong to pools for both the HTTP and HTTPS load balancers. Below is an example of the VM extension configuration for the Router job:

    {
    "cloud_properties": {
    "nsxt": {
      "lb": {
        "server_pools": [
          {
            "name": "PAS-GoRouter443ServerPool",
            "port": 443
          },
          {
            "name": "PAS-GoRouter80ServerPool",
            "port": 80
          }
        ]
      }
    }
    },
    "name": "http_https_lb"
    }
    

  2. For each VM extension, use a curl command to stage it with the Ops Manager API, (where VM_EXTENSION_FILE_PATH is the path to the VM extension file, e.g. /tmp/router_ext.json):

    curl "https://OPS-MAN-FQDN/api/v0/staged/vm_extensions" \
    -X POST \
    -H "Authorization: Bearer UAA-ACCESS-TOKEN" \
    -H "Content-Type: application/json" \
    -d "@VM_EXTENSION_FILE_PATH"
    
  3. Retrieve a list of staged products:

    curl 'https://OPS-MAN-FQDN/api/v0/staged/products' \
    -H "Authorization: Bearer UAA-ACCESS-TOKEN"
    

    Record the GUID of the cf product. In the following example output, the GUID is cf-01222ab1111111aaa1a.

    [
       {
          "product_version" : "1.10.6.0",
          "guid" : "p-bosh-dee11e111e1111ee1e1a",
          "installation_name" : "p-bosh",
          "type" : "p-bosh"
       },
       {
          "type" : "cf",
          "product_version" : "1.10.8-build.7",
          "installation_name" : "cf-01222ab1111111aaa1a",
          "guid" : "cf-01222ab1111111aaa1a"
       }
       ]
    
  4. Retrieve a list of jobs for your product:

    curl 'https://OPS-MAN-FQDN/api/v0/staged/products/PRODUCT-GUID/jobs' \
    -H 'Authorization: Bearer UAA-ACCESS-TOKEN'
    

    Record the GUIDs of the jobs whose security groups you want to update. See the following example output:

    {
    "jobs" : [
      {
         "guid" : "router-9c37cf48ae7412f2afd1",
         "name" : "router"
      },
      {
         "name" : "tcp_router",
         "guid" : "tcp_router-6af18efdd18d198edee9"
      },
      {
         "name" : "diego_brain",
         "guid" : "diego_brain-b49b0b2aed247302c0e1"
      },
    
  5. To update the load balancer server pool membership for your job, use the following command:

    curl "https://OPS-MAN-FQDN/api/v0/staged/products/PRODUCT-GUID/jobs/JOB-GUID/resource_config" \
      -X PUT
      -H "Content-Type: application/json" \
      -H "Authorization: Bearer UAA-ACCESS-TOKEN" \
      -d '{"instance_type": {"id": "INSTANCE-TYPE"},
          "instances": INSTANCE-COUNT,
          "additional_vm_extensions": ["VM-EXTENSION-NAME"]
      }'
    

    Replace the placeholder values as follows:

    • INSTANCE-TYPE: The instance type for the job. For the default instance type, use "automatic".
    • INSTANCE-COUNT: The number of instances for the job. The default number for each job is visible in the Resource Config section of the Ops Manager UI.
    • VM-EXTENSION-NAME: The name field of the VM Extension JSON config file written in step 1. In our example above, the name would be http_https_lb.

    WARNING: Do not use the resource config fields for nsx_lbs and nsx_security_groups; these fields only work on NSX-V. To configure load balancers on NSX-T, you must use the VM Extensions API.

  6. Navigate to OPS-MAN-FQDN in a browser and log in to the Ops Manager Installation Dashboard.

  7. Click Review Pending Changes, then Apply Changes to redeploy.