Updating NSX-T Load Balancer Server Pool Membership

Page last updated:

This topic describes how to update load balancer server pool membership for Pivotal Cloud Foundry (PCF) foundation using NSX-T on vSphere.

This procedure applies to customers who have manually populated their NSX-T static load balancer pools with the IP addresses of the HA Proxy or Router VMs. When upgrading Pivotal Application Service (PAS) from 2.2 to 2.3, applying a stemcell update, or updating a tile, the foundation may become unreachable. This is because the NSX-T static load balancer server pools have been emptied. To read more about this issue, see Safely Upgrading PAS 2.2 → 2.3 with NSX-T Load Balancers.

To implement this procedure, you must use the Ops Manager API. See the Ops Manager API documentation for more information about the API.

Note: Ops Manager v2.3 supports NSX-T v2.2 and later.

Authenticate

To use the Ops Manager API, you must authenticate and retrieve a token from the Ops Manager User Account and Authentication (UAA) server. For instructions, see the Using Ops Manager API topic.

Update Load Balancer Server Pool Membership

1. Create a VM extension for each of the jobs that will become members of the load balancer pools. Jobs can belong to multiple pools; for example, the router job may belong to pools for both the HTTP and HTTPS load balancers. Below is an example of the VM extension configuration for the Router job:

   {
   "cloud_properties": {
   "nsxt": {
     "lb": {
       "server_pools": [
         {
           "name": "PAS-GoRouter443ServerPool",
           "port": 443
         },
         {
           "name": "PAS-GoRouter80ServerPool",
           "port": 80
         }
       ]
     }
   }
   },
   "name": "http_https_lb"
   }
   

2. For each VM extension, use a curl command to stage it with the Ops Manager API, (where VM_EXTENSION_FILE_PATH is the path to the VM extension file, e.g. /tmp/router_ext.json):

   curl "https://OPS-MAN-FQDN/api/v0/staged/vm_extensions" \
   -X POST \
   -H "Authorization: Bearer UAA-ACCESS-TOKEN" \
   -H "Content-Type: application/json" \
   -d "@VM_EXTENSION_FILE_PATH"
   

3. Retrieve a list of staged products:

   curl 'https://OPS-MAN-FQDN/api/v0/staged/products' \
   -H "Authorization: Bearer UAA-ACCESS-TOKEN"
   

   Record the GUID of the cf product. In the following example output, the GUID is cf-01222ab1111111aaa1a.

   [
      {
         "product_version" : "1.10.6.0",
         "guid" : "p-bosh-dee11e111e1111ee1e1a",
         "installation_name" : "p-bosh",
         "type" : "p-bosh"
      },
      {
         "type" : "cf",
         "product_version" : "1.10.8-build.7",
         "installation_name" : "cf-01222ab1111111aaa1a",
         "guid" : "cf-01222ab1111111aaa1a"
      }
      ]
   

4. Retrieve a list of jobs for your product:

   curl 'https://OPS-MAN-FQDN/api/v0/staged/products/PRODUCT-GUID/jobs' \
   -H 'Authorization: Bearer UAA-ACCESS-TOKEN'
   

   Record the GUIDs of the jobs whose security groups you want to update. See the following example output:

   {
   "jobs" : [
     {
        "guid" : "router-9c37cf48ae7412f2afd1",
        "name" : "router"
     },
     {
        "name" : "tcp_router",
        "guid" : "tcp_router-6af18efdd18d198edee9"
     },
     {
        "name" : "diego_brain",
        "guid" : "diego_brain-b49b0b2aed247302c0e1"
     },
   

5. To update the load balancer server pool membership for your job, use the following command:

   curl "https://OPS-MAN-FQDN/api/v0/staged/products/PRODUCT-GUID/jobs/JOB-GUID/resource_config" \
     -X PUT
     -H "Content-Type: application/json" \
     -H "Authorization: Bearer UAA-ACCESS-TOKEN" \
     -d '{"instance_type": {"id": "INSTANCE-TYPE"},
         "instances": INSTANCE-COUNT,
         "additional_vm_extensions": ["VM-EXTENSION-NAME"]
     }'
   

   Replace the placeholder values as follows:

   • INSTANCE-TYPE: The instance type for the job. For the default instance type, use "automatic".
   • INSTANCE-COUNT: The number of instances for the job. The default number for each job is visible in the Resource Config section of the Ops Manager UI.
   • VM-EXTENSION-NAME: The name field of the VM Extension JSON config file written in step 1. In our example above, the name would be http_https_lb.

   WARNING: Do not use the resource config fields for nsx_lbs and nsx_security_groups; these fields only work on NSX-V. To configure load balancers on NSX-T, you must use the VM Extensions API.

6. Navigate to OPS-MAN-FQDN in a browser and log in to the Ops Manager Installation Dashboard.

7. Click Review Pending Changes, then Apply Changes to redeploy.