Using VMware Cloud on AWS SDDC-Group APIs (Part 2)

-

Gilles Chekroun


Lead VMware Cloud on AWS Solutions Architect
---
Following the Part1 I am adding more description and use of SDDC Grouping APIs.
In this article, I will focus on:
  • Getting Group info
  • Adding or Removing an SDDC to/from a Group
  • Deleting an SDDC Group
For that, the first action will be to have a list of SDDCs in the ORG and be able to choose. We have an API for that !!! I described it in Part1.

Create SDDC Group (updated)

An update to the "Create SDDC Group" function will now present a list of SDDCs:

% python vtc.py create-sddc-group SDDC-Group_API


=====Creating SDDC Group=========

1: M15-SDDC

2: M15_Hack_Pod2

3: M15_Hack_Pod1

4: TPM_SDDC-M12v5

   Select one SDDC to attach: 1

PENDING

....................................................................................................

FINISHED in 04min 22sec

% 

Get Group Info

The vtc.py get-group-info function will loop over all SDDC Groups in the ORG and allow the user to select one. It will then show the Group ID and Members

% python vtc.py get-group-info                  

===== SDDC Group info =========

1: API-test: 53dd006c-932a-47da-87aa-7aeb45ab07bb

2: SDDC-Group_API: a73bd772-4b11-44f4-a28b-8d2656dfae14

3: Test-Terraform: cac26ea6-91c3-4cd9-acdb-3467e1495fec

4: Prod_VTGW: e0396f55-d4df-43dc-9fb1-66dea8a8a4d0

   Select SDDC Group: 2

Group Name: SDDC-Group_API

Group ID  : a73bd772-4b11-44f4-a28b-8d2656dfae14

Member    : 56357a86-64af-4e0e-9cd3-6683c6862b4f

% 

What APIs do we use here?

To get a list of SDDCs, we have the inventory section and deployment group. Yes a deployment group is an SDDC also .
Fill the ORG_ID parameter and EXECUTE will give us:
The API response includes a lot of info. Expanding on our "SDDC-Group_API" will show the members:

Add or Remove an SDDC to/from a Group

The vtc.py will use the option attach-sddc.
That function will present a list of SDDC Groups to choose from and then a list of SDDCs to choose from.

% python vtc.py attach-sddc

=====Connecting SDDC=========

1: API-test: 53dd006c-932a-47da-87aa-7aeb45ab07bb

2: SDDC-Group_API: a73bd772-4b11-44f4-a28b-8d2656dfae14

3: Test-Terraform: cac26ea6-91c3-4cd9-acdb-3467e1495fec

4: Prod_VTGW: e0396f55-d4df-43dc-9fb1-66dea8a8a4d0

   Select SDDC Group: 2

1: M15-SDDC

2: M15_Hack_Pod2

3: M15_Hack_Pod1

4: TPM_SDDC-M12v5

   Select one SDDC to attach: 3

PENDING

...................................................

FINISHED in 02min 10sec

% 


To do that, we need to use the following API under the network section:
The body of the API is including ADD or REMOVE members as you can see below.
def attach_sddc(deployment_id, resource_id, org_id, session_token):
    myHeader = {'csp-auth-token': session_token}
    myURL = "{}/network/{}/aws/operations".format(BaseURL, org_id)
    body = {
        "type": "UPDATE_MEMBERS",
        "resource_id": resource_id,
        "resource_type": "network-connectivity-config",
        "config" : {
            "type": "AwsUpdateDeploymentGroupMembersConfig",
            "add_members": [
                {
                 "id": deployment_id
                }
            ],
            "remove_members": []
        }
    }
    response = requests.post(myURL, json=body, headers=myHeader)
    json_response = response.json()
    task_id = json_response ['config']['operation_id']
    return task_id
Note the "type" of "UPDATE_MEMBERS" and "config" "type" of "AwsUpdateDeploymentGroupMembersConfig"
Again, this is an asynchronous operation and we need to wait until its status is COMPLETED.
The outcome of this call will show a new SDDC attached to the Group
Let's remove M15_Hack_Pod1 SDDC.
The vtc.py will use the option detach-sddc

% python vtc.py detach-sddc

=====Removing SDDC=========

1: API-test: 53dd006c-932a-47da-87aa-7aeb45ab07bb

2: SDDC-Group_API: a73bd772-4b11-44f4-a28b-8d2656dfae14

3: Test-Terraform: cac26ea6-91c3-4cd9-acdb-3467e1495fec

4: Prod_VTGW: e0396f55-d4df-43dc-9fb1-66dea8a8a4d0

   Select SDDC Group: 2

1: M15-SDDC

2: M15_Hack_Pod2

3: M15_Hack_Pod1

4: TPM_SDDC-M12v5

   Select one SDDC to detach: 3

PENDING

......................................................

FINISHED in 02min 20sec

%

Delete an SDDC Group

First of all we need to make sure that the Group has no members before we can remove it.
For that I am adding to  vtc.py  the option get-group-info

% python vtc.py get-group-info

===== SDDC Group info =========

1: API-test: 53dd006c-932a-47da-87aa-7aeb45ab07bb

2: SDDC-Group_API: a73bd772-4b11-44f4-a28b-8d2656dfae14

3: Test-Terraform: cac26ea6-91c3-4cd9-acdb-3467e1495fec

4: Prod_VTGW: e0396f55-d4df-43dc-9fb1-66dea8a8a4d0

   Select SDDC Group: 2

Group Name: SDDC-Group_API

Group ID  : a73bd772-4b11-44f4-a28b-8d2656dfae14

Member    : 56357a86-64af-4e0e-9cd3-6683c6862b4f

% 


If we try to use the  vtc.py  option delete-sddc-group we will get an error because I am checking if the Group is empty:

% python vtc.py delete-sddc-group

=====Deleting SDDC Group=========

1: API-test: 53dd006c-932a-47da-87aa-7aeb45ab07bb

2: SDDC-Group_API: a73bd772-4b11-44f4-a28b-8d2656dfae14

3: Test-Terraform: cac26ea6-91c3-4cd9-acdb-3467e1495fec

4: Prod_VTGW: e0396f55-d4df-43dc-9fb1-66dea8a8a4d0

   Select SDDC Group: 2

1

SDDC Group not empty: detach all members

%


We still have one member here. Let's remove it.

% python vtc.py detach-sddc   

===== Removing SDDC =========

1: API-test: 53dd006c-932a-47da-87aa-7aeb45ab07bb

2: SDDC-Group_API: a73bd772-4b11-44f4-a28b-8d2656dfae14

3: Test-Terraform: cac26ea6-91c3-4cd9-acdb-3467e1495fec

4: Prod_VTGW: e0396f55-d4df-43dc-9fb1-66dea8a8a4d0

   Select SDDC Group: 2

1: M15-SDDC

2: M15_Hack_Pod2

3: M15_Hack_Pod1

4: TPM_SDDC-M12v5

   Select one SDDC to detach: 1

PENDING

.................................................................................................

FINISHED in 04min 08sec

%


Now our Group has no members

% python vtc.py get-group-info

===== SDDC Group info =========

1: API-test: 53dd006c-932a-47da-87aa-7aeb45ab07bb

2: SDDC-Group_API: a73bd772-4b11-44f4-a28b-8d2656dfae14

3: Test-Terraform: cac26ea6-91c3-4cd9-acdb-3467e1495fec

4: Prod_VTGW: e0396f55-d4df-43dc-9fb1-66dea8a8a4d0

   Select SDDC Group: 2

Group Name: SDDC-Group_API

Group ID  : a73bd772-4b11-44f4-a28b-8d2656dfae14

%


To remove an SDDC Group we need the same "aws/operations" API:
def delete_sddc_group(resource_id, org_id, session_token):
    myHeader = {'csp-auth-token': session_token}
    myURL = "{}/network/{}/aws/operations".format(BaseURL, org_id)
    body = {
        "type": "DELETE_DEPLOYMENT_GROUP",
        "resource_id": resource_id,
        "resource_type": "network-connectivity-config",
        "config" : {
            "type": "AwsDeleteDeploymentGroupConfig"
        }
    }
    response = requests.post(myURL, json=body, headers=myHeader)
    json_response = response.json()
    task_id = json_response ['id']
    return task_id
Note the "type" of "DELETE_DEPLOYMENT_GROUP" and "config" "type" of "AwsDeleteDeploymentGroupConfig"

One more time, this is an asynchronous operation and we need to wait until its status is COMPLETED.
The outcome of this call will remove the SDDC Group.

Next Steps

I will add more functionality to the vtc.py program that you can download here.

Thanks for reading.

Comments

Post a Comment

Populars

Egress VPC and AWS Transit Gateway (Part1)

-
Image
Gilles Chekroun
 Lead VMware Cloud on AWS Solutions Architect --- Usually my blog posts are customer driven and recently I have been working on a design that would include an Egress VPC and AWS Transit Gateway. This customer is going to use both VMware Managed Transit Gateway and also AWS Transit Gateway. I will split this post in 3 parts: The Egress VPC - this article Adding a VMC SDDC to the Egress VPC here Adding VMware Managed Transit Gateway here Why do we need an Egress VPC? Numerous posts on AWS site  will describe how to build an Egress VPC and the subtleties of the various route tables of the TGW and the Egress VPC itself. The main goal is to have ONE Internet gateway only  that will allow workloads to go out to internet on the Egress VPC. One of the most important point is redundancy and multi-availability zones. Applications usually reside in private subnets, while NAT Gateways reside in a public subnet. NAT Gateways To focus the Internet access to a single point, we can cre
Read more

AWS Transitive routing with Transit Gateways in the same region

-
Image
Gilles Chekroun Lead VMware Cloud on AWS Specialist --- At the AWS Re:invent 2019 conference, the long waited TGW peering functionality was announced and available in a few AWS regions. This is an INTER-REGION peering only meaning that the Transit Gateways need to be in different regions. Hoping that AWS will soon release an INTRA-REGION capability I discussed with a few AWS Solutions Architects in Las Vegas, among them Tom Adamski , about using a VPC as a bridge between two TGWs in the same region. Tom assured me that it is possible opening for the first time the transitive routing capability in AWS networking. Well . . . I needed to test that and see by myself. Test bed For a simple test, I will use 2 TGWs in the same regions with 2 VPCs attached each and another VPC as "bridge" connected to both TGWs. Yes you can connect a VPC up to 5 TGWs . The whole idea is to use this "bridging VPC" and point the default route of the TGWs to it. To do that I c
Read more

Considerations on vTGW to TGW Peering Link

-
Image
   Gilles Chekroun
 Lead VMware Cloud on AWS Solutions Architect --- Recently I was talking with a Customer on designing their VMware Cloud on AWS environment and linking it to their existing AWS infrastructure. The idea was to have 2 SDDCs, Test and Prod, and link them with a VMware Managed TGW and peer it to their existing TGW. The customer requirements were: VMs in each SDDC should have internet access from the SDDC out VMs from Test should be able to talk to VMs in Prod VMs in any SDDC should be able to access their own vCenter but also the other one Some VMs any SDDC should have a Public IP and NAT rule to be accessible from outside VMware traffic should stay within VMware SDDCs Other traffic, like on-prem, should go via the Customer TGW Test Setup Step1 - Create SDDC Group Create an SDDC Group and attach the 2 SDDCs Prod and Test Make sure the proper FireWall rules are open in each SDDC Compute GW. Step 2 - Attach the Customer TGW In the SDDC Groups, under External TGW TAB, add t
Read more