Updating NSX-V Security Group and Load Balancer Information

Page last updated:

This topic describes how to update security group and load balancer information for Pivotal Cloud Foundry (PCF) deployments using NSX-V on vSphere. To update this information, you must use the Ops Manager API.

See the Ops Manager API documentation for more information about the API.

See Using Edge Services Gateway on VMware NSX for guidance on how to configure the NSX firewall, load balancing, and NAT/SNAT services for PCF on vSphere installations.

Note: Ops Manager v1.11 supports NSX-V v6.2 and later.

Authenticate

To use the Ops Manager API, you must authenticate and retrieve a token from the Ops Manager User Account and Authentication (UAA) server. For instructions, see the Using Ops Manager API topic.

Update Security Group or Load Balancer Information

To update either NSX security group or load balancer information, you use curl to make a PUT request against the api/v0/staged/products/product_guid/jobs/job_guid/resource_config endpoint.

You must first retrieve the GUID of your PCF deployment, and the GUID of the job whose information you want to update.

Do the following:

  1. Retrieve a list of staged products:

    $ curl 'https://OPS-MAN-FQDN/api/v0/staged/products' \
    -H "Authorization: Bearer UAA-ACCESS-TOKEN"
    [
       {
          "product_version" : "1.10.6.0",
          "guid" : "p-bosh-dee11e111e1111ee1e1a",
          "installation_name" : "p-bosh",
          "type" : "p-bosh"
       },
       {
          "type" : "cf",
          "product_version" : "1.10.8-build.7",
          "installation_name" : "cf-01222ab1111111aaa1a",
          "guid" : "cf-01222ab1111111aaa1a"
       }
    ]
    
    Record the GUID of the cf product. In the above example, the GUID is cf-01222ab1111111aaa1a.

  2. Retrieve a list of jobs for your product:

    $ curl 'https://OPS-MAN-FQDN/api/v0/staged/products/PRODUCT-GUID/jobs' \
    -H "Authorization: Bearer UAA-ACCESS-TOKEN'
    {
    "jobs" : [
      {
         "guid" : "consul_server-9c37cf48ae7412f2afd1",
         "name" : "consul_server"
      },
      {
         "name" : "nats",
         "guid" : "nats-6af18efdd18d198edee9"
      },
      {
         "name" : "nfs_server",
         "guid" : "nfs_server-b49b0b2aed247302c0e1"
      },
      ...
    
    Record the GUID of the job whose security groups you want to update.

  3. You can update either your security group information, load balancer information, or both.

    • Security groups: To update the security groups for your job, use the following command:
      $ curl "https://OPS-MAN-FQDN/api/v0/staged/products/PRODUCT-GUID/jobs/JOB-GUID/resource_config" \
          -X PUT \
          -H "Content-Type: application/json" \
          -H "Authorization: Bearer UAA-ACCESS-TOKEN" \
          -d '{"instance_type": {"id": "INSTANCE-TYPE"},
               "persistent_disk": {"size_mb": "DISK-SIZE"},
               "nsx_security_groups": ["SECURITY-GROUP1", "SECURITY-GROUP2"]}'
      
      Replace the placeholder values as follows:
      • INSTANCE-TYPE: The instance type for the job. For the default instance type, use "automatic".
      • DISK-SIZE: The disk size for the job. For the default persistent disk size, use "automatic".

        Note: The persistent_disk parameter is required to make this API request. For jobs that do not have persistent disks, you must set the value of the parameter to "automatic".

      • SECURITY-GROUP1, SECURITY-GROUP2: The value of the nsx_security_groups parameter is a list of the security groups that you want to set for the job. To clear all security groups for a job, pass an empty list with the [] value.

    • Load balancers: To update the load balancers for your job, use the following command:
      $ curl "https://OPS-MAN-FQDN/api/v0/staged/products/PRODUCT-GUID/jobs/JOB-GUID/resource_config" \
          -X PUT \
          -H "Content-Type: application/json" \
          -H "Authorization: Bearer UAA-ACCESS-TOKEN" \
          -d '{"instance_type": {"id": "INSTANCE-TYPE"},
               "persistent_disk": {"size_mb": "DISK-SIZE"},
               "nsx_lbs": [{
                    "edge_name": "EDGE-NAME",
                    "pool_name": "POOL-NAME",
                    "security_group": "SECURITY-GROUP",
                    "port": "PORT-NUMBER"
                  }]
              }'
      
      Replace the placeholder values as follows:
      • INSTANCE-TYPE: The instance type for the job. For the default instance type, use "automatic".
      • DISK-SIZE: The disk size for the job. For the default persistent disk size, use "automatic".

        Note: The persistent_disk parameter is required to make this API request. For jobs that do not have persistent disks, you must set the value of the parameter to "automatic".

      • EDGE-NAME: The name of the NSX Edge.
      • POOL-NAME: The name of the NSX Edge’s server pool.
      • SECURITY-GROUP: The name of the NSX server pool’s target security group.
      • PORT: The name of the port that the VM service is listening on, such as 5000. You can configure more than one load balancer for a job by using additional hashes in the nsx_lbs array.
  4. Navigate to OPS-MAN-FQDN in a browser and log in to the Ops Manager Installation Dashboard.

  5. Click Review Pending Changes, then Apply Changes to redeploy.

Create a pull request or raise an issue on the source for this page in GitHub