Updating NSX-T Load Balancer Server Pool Membership

Page last updated:

This topic describes how to update load balancer server pool membership for Pivotal Cloud Foundry (PCF) foundation using NSX-T on vSphere.

This procedure applies to customers who have manually populated their NSX-T static load balancer pools with the IP addresses of the HA Proxy or Router VMs. When upgrading Pivotal Application Service (PAS) from 2.2 to 2.3, applying a stemcell update, or updating a tile, the foundation may become unreachable. This is because the NSX-T static load balancer server pools have been emptied. To read more about this issue, see Safely Upgrading PAS 2.2 → 2.3 with NSX-T Load Balancers.

To implement this procedure, you must use the Ops Manager API. See the Ops Manager API documentation for more information about the API.

Note: Ops Manager v2.3 supports NSX-T v2.2 and later.


To use the Ops Manager API, you must authenticate and retrieve a token from the Ops Manager User Account and Authentication (UAA) server. For instructions, see the Using Ops Manager API topic.

Update Load Balancer Server Pool Membership

  1. Create a VM extension for each of the jobs that will become members of the load balancer pools. Jobs can belong to multiple pools; for example, the router job may belong to pools for both the HTTP and HTTPS load balancers. Below is an example of the VM extension configuration for the Router job:

    "cloud_properties": {
    "nsxt": {
      "lb": {
        "server_pools": [
            "name": "PAS-GoRouter443ServerPool",
            "port": 443
            "name": "PAS-GoRouter80ServerPool",
            "port": 80
    "name": "http_https_lb"

  2. For each VM extension, use a curl command to stage it with the Ops Manager API, (where VM_EXTENSION_FILE_PATH is the path to the VM extension file, e.g. /tmp/router_ext.json):

    curl "https://OPS-MAN-FQDN/api/v0/staged/vm_extensions" \
    -X POST \
    -H "Authorization: Bearer UAA-ACCESS-TOKEN" \
    -H "Content-Type: application/json" \
  3. Retrieve a list of staged products:

    curl 'https://OPS-MAN-FQDN/api/v0/staged/products' \
    -H "Authorization: Bearer UAA-ACCESS-TOKEN"

    Record the GUID of the cf product. In the following example output, the GUID is cf-01222ab1111111aaa1a.

          "product_version" : "",
          "guid" : "p-bosh-dee11e111e1111ee1e1a",
          "installation_name" : "p-bosh",
          "type" : "p-bosh"
          "type" : "cf",
          "product_version" : "1.10.8-build.7",
          "installation_name" : "cf-01222ab1111111aaa1a",
          "guid" : "cf-01222ab1111111aaa1a"
  4. Retrieve a list of jobs for your product:

    curl 'https://OPS-MAN-FQDN/api/v0/staged/products/PRODUCT-GUID/jobs' \
    -H 'Authorization: Bearer UAA-ACCESS-TOKEN'

    Record the GUIDs of the jobs whose security groups you want to update. See the following example output:

    "jobs" : [
         "guid" : "router-9c37cf48ae7412f2afd1",
         "name" : "router"
         "name" : "tcp_router",
         "guid" : "tcp_router-6af18efdd18d198edee9"
         "name" : "diego_brain",
         "guid" : "diego_brain-b49b0b2aed247302c0e1"
  5. To update the load balancer server pool membership for your job, use the following command:

    curl "https://OPS-MAN-FQDN/api/v0/staged/products/PRODUCT-GUID/jobs/JOB-GUID/resource_config" \
      -X PUT
      -H "Content-Type: application/json" \
      -H "Authorization: Bearer UAA-ACCESS-TOKEN" \
      -d '{"instance_type": {"id": "INSTANCE-TYPE"},
          "instances": INSTANCE-COUNT,
          "additional_vm_extensions": ["VM-EXTENSION-NAME"]

    Replace the placeholder values as follows:

    • INSTANCE-TYPE: The instance type for the job. For the default instance type, use "automatic".
    • INSTANCE-COUNT: The number of instances for the job. The default number for each job is visible in the Resource Config section of the Ops Manager UI.
    • VM-EXTENSION-NAME: The name field of the VM Extension JSON config file written in step 1. In our example above, the name would be http_https_lb.

    WARNING: Do not use the resource config fields for nsx_lbs and nsx_security_groups; these fields only work on NSX-V. To configure load balancers on NSX-T, you must use the VM Extensions API.

  6. Navigate to OPS-MAN-FQDN in a browser and log in to the Ops Manager Installation Dashboard.

  7. Click Review Pending Changes, then Apply Changes to redeploy.