Using VMware Cloud on AWS SDDC-Group APIs (Part 1)

-

Gilles Chekroun


Lead VMware Cloud on AWS Solutions Architect
---
Following the article on SDDC Grouping here, VMware has now a bunch of APIs to drive the VMware Transit Connect. 
All APIs documentation are in the VMware Cloud on AWS Developer Center 

API Explorer

The API Explorer tab has 3 main topics:
  • Cloud Services Platform
  • VMware Cloud
  • VMware Cloud on AWS
The Cloud Service Platform (CSP) is needed for User Authentication. The user needs to have a valid API Token to be able to generate a session token that can be used for API calls.
The API used for that is:
Note the "Base URL" 
https://console.cloud.vmware.com/csp/gateway
that needs to front end the API URL. This will exchange an ORG based API Token to a user access token that is needed for EVERY API call.

The VMware Cloud section is the one that we need for anything related to SDDC Grouping.
There are 2 sections:
  • Inventory
  • Network
The Inventory will allow you, for example, to get a list of SDDCs in that ORG using:
Note the "Base URL" 
https://vmc.vmware.com/api
that here also, needs to front end any API URL.
You can execute the API call directly from the console.
WARNING - BE CAREFUL, all APIs executed from the API Explorer are done against your live environment, please execute with caution. 
Scrolling down will show you an EXECUTE Button and the API response in the console like:
Here we can see that we have 4 SDDCs in our ORG.
Every main section in the API response is expandable. For example if I click on Deployment (M15-SDDC), I will get more details about that SDDC.
The Network section is where we are going to focus for the SDDC Grouping.

Create an SDDC Group

To create an SDDC group and attach one or more SDDC, we need to use the following API:
Fill the requested body with a description, a name for the SDDC group and the SDDC ID or list of IDs to attach and click EXECUTE
This operation will create the SDDC Group and attach "M15-SDDC"

Asynchronous Operations

One VERY Important point is that the SDDC Group creation also create the VMware managed TGW and that takes time.
It is mandatory to check the Operation Completion and make sure it has a status of COMPLETED.
After every API call in that group, an "Operation ID" is returned.
To monitor the completion of the task, the following API should be used:
This API can NOT be used in the console since we don't have the "operation_id"
The "operation_id" is a parameter that is in the JSON response of the SDDC Group creation API and in fact with any VMC API call.
When using Python to call the APIs, it's simple to return the operation_id in the function. For example:
def create_sddc_group(name, deployment_id, org_id, session_token):
    myHeader = {'csp-auth-token': session_token}
    myURL = "{}/network/{}/core/network-connectivity-configs/
    create-group-network-connectivity".format(BaseURL, org_id)
    body = {
        "name": name,
        "description": name,
        "members": [
            {
                "id": deployment_id
            }
        ]
    }
    response = requests.post(myURL, json=body, headers=myHeader)
    json_response = response.json()
    task_id = json_response ['operation_id']
    return task_id
The function returns the task_id which is the operation_id in the API JSON response
Then I am using another function that will loop on the status of the Task and wait for it to be "COMPLETED" or "FAILED"
def get_task_status(task_id, org_id, session_token):
    myHeader = {'csp-auth-token': session_token}
    myURL = "{}/operation/{}/core/operations/{}".format(BaseURL, org_id, task_id)
    response = requests.get(myURL, headers=myHeader)
    json_response = response.json()
    status = json_response ['state']['name']
    print(status)
    start = time.time()
    while(status != "COMPLETED"):
        sys.stdout.write(".")
        sys.stdout.flush()
        time.sleep(2)
        response = requests.get(myURL, headers=myHeader)
        json_response = response.json()
        status = json_response ['state']['name']
        if status == "FAILED":
            print("\nTask FAILED ")
            print(json_response['error_message'])
            break
    elapse = time.time() - start
    minutes = elapse // 60
    seconds = elapse - (minutes * 60)
    print("\nFINISHED in", '{:02}min {:02}sec'.format(int(minutes), int(seconds)))
    return

This will print dots "." every 2 seconds and stamp the total time it takes to complete.
 

% python vtc.py 


Please give an argument like:

    create-sddc-group [name]


% python vtc.py create-sddc-group SDDC-Group_API


=====Creating SDDC Group=========

PENDING

...................................................................................

FINISHED in 03min 33sec

% 


Next Steps

I will add more functionality to the vtc.py program that you can download here.

Thanks for reading.

Comments

  1. AnonymousOctober 28, 2022 at 5:47 PM

    I don't see core-operation in the API Explorer Inventory section. Has that been removed?

    ReplyDelete
    Replies
    1. Gilles ChekrounOctober 31, 2022 at 9:45 AM

      why are you "anonymous" ?? tell me who you are and I will answer

      Delete
    2. AnonymousNovember 1, 2022 at 7:24 PM

      Hi Gilles, my name is Ryan and I work for a VMware partner focusing on VMC. A project I'm currently working on requires PowerShell code to preform some of the tasks that are included in vtc.py. I haven't stepped up to Python yet and do all my VMC automation with PowerShell and PowerCLI. Your blog and vtc.py have given me a much better understanding of working with APIs in VMC. As for my original question, I don't see the core-operation section in the API explorer but ended up finding out that the URL to poll SDDC group creation status works fine. I'll try to connect on LinkedIn and you can message me if you're curious about any other details on my current project. Thanks for the very informative blog!

      Delete
    3. GillesNovember 2, 2022 at 9:56 AM

      Yes indeed it disappeared - i have reported that internally at VMware. The API url is still OK and you saw it in the blog or in VTC.PY. By the way I have updated VTC.PY recently to include External TGW functions.

      Delete
  2. Gilles ChekrounOctober 31, 2022 at 9:44 AM

    This comment has been removed by the author.

    ReplyDelete

Post a Comment

Populars

Egress VPC and AWS Transit Gateway (Part1)

-
Image
Gilles Chekroun
 Lead VMware Cloud on AWS Solutions Architect --- Usually my blog posts are customer driven and recently I have been working on a design that would include an Egress VPC and AWS Transit Gateway. This customer is going to use both VMware Managed Transit Gateway and also AWS Transit Gateway. I will split this post in 3 parts: The Egress VPC - this article Adding a VMC SDDC to the Egress VPC here Adding VMware Managed Transit Gateway here Why do we need an Egress VPC? Numerous posts on AWS site  will describe how to build an Egress VPC and the subtleties of the various route tables of the TGW and the Egress VPC itself. The main goal is to have ONE Internet gateway only  that will allow workloads to go out to internet on the Egress VPC. One of the most important point is redundancy and multi-availability zones. Applications usually reside in private subnets, while NAT Gateways reside in a public subnet. NAT Gateways To focus the Internet access to a single point, we can cre
Read more

Build a VMware Cloud on AWS Content Library using AWS S3

-
Image
Gilles Chekroun Lead NSX Systems Engineer - VMware Europe --- What is a Content Library? DISCLAIMER: External content libraries are not supported by VMware GSS ! vSphere Content Library is a repository where you can store VM templates, vApp templates and other kind of files like ISO.  Administrators can use the templates to deploy VMs and vApps. Each item library can contain multiple files. The basis is  .ovf   together with the description files like .mf and .vmdk If you have .ova files, you can simply un-compress them using the linux command:  tar -xvf SomeFile.ova There are two kind of Libraries: Local and Subscribed. Local Library Local Library stores items in a single vCenter. VM and vApp templates are stored as OVF file format. Subscribed Library You can create a Subscribed Library in the same vCenter and to ensure the content is up-to-date, the library can automatically sync with the source on a regular basis. You can also use the option to download co
Read more

AWS Transitive routing with Transit Gateways in the same region

-
Image
Gilles Chekroun Lead VMware Cloud on AWS Specialist --- At the AWS Re:invent 2019 conference, the long waited TGW peering functionality was announced and available in a few AWS regions. This is an INTER-REGION peering only meaning that the Transit Gateways need to be in different regions. Hoping that AWS will soon release an INTRA-REGION capability I discussed with a few AWS Solutions Architects in Las Vegas, among them Tom Adamski , about using a VPC as a bridge between two TGWs in the same region. Tom assured me that it is possible opening for the first time the transitive routing capability in AWS networking. Well . . . I needed to test that and see by myself. Test bed For a simple test, I will use 2 TGWs in the same regions with 2 VPCs attached each and another VPC as "bridge" connected to both TGWs. Yes you can connect a VPC up to 5 TGWs . The whole idea is to use this "bridging VPC" and point the default route of the TGWs to it. To do that I c
Read more