Quick tip for cURL users

Issue

I often use Rest API calls with the cURL command to interact with NSX manager, and every time I have to enter the login credentials.
It would be useful to have a place somewhere to store them so that you don't have to enter them every time (especially when you are on a call with customer, and you cannot write in clear text the password with the -u option ..... and you are therefore forced to type and/or copy password several times).

Solution

Looking around in "Using curl" site I discovered .netrc .
In short, it is possible to store username, password and IP/FQDN of the machine to connect to, in file ~/.netrc so that you do not need to type username and password in every API call you invoke.
The ~/.netrc file format is simple: you specify lines with a machine name and follow that with the login and password that are associated with that machine, and looks like the below:

% cat .netrc 
machine <IP/FQDN_1> login <username_here> password <password_1_here>
machine <IP/FQDN_2> login <username_here> password <password_2_here>
% 

Below an example

lorenzo@moglielL0KPF ~ % cat .netrc 
machine 172.25.251.31 login admt1lm@dominio.local password VMware1!VMware1!
machine nsxtmgr01.customer2.local login admin password VMware!123VMware!123
lorenzo@moglielL0KPF ~ % 

It is now possible to invoke the Rest API call with the -n switch to cURL to use netrc file.
We can check NSX Manager FQDNs using NSX-T Data Center API with -n option as below:

curl -k -n -X GET https://172.25.251.31/api/v1/configs/management

Further information about the parameters you can use in file .netrc or how to use it in Windows can be found on this site.

That's it.

NSX-T host preparation - Upgrade VIB(s) "loadesx" is required

Issue

I was trying to perform NSX-T host preparation on a cluster (based on HPe Simplivity) composed of two Esxi hosts, when I received the following error message:

Failed to install software on host. Failed to install software on host. Simplivity.host.local : java.rmi.RemoteException: [InstallationError] Upgrade VIB(s) "loadesx" is required for the transaction. Please use a depot with a complete set of ESXi VIBs. Please refer to the log file for more details.

Solution

After investigating, I don't actually find the installed VIB...

# esxcli software vib list | grep load

I check the profile on the ESXi host ...

# esxcli software profile get

The current update was done with custom bundles,

The customer confirms that during the update phase, he skipped the installation because otherwise he would not have been able to update the drivers.

I then asked the customer to retrieve the Offline Bundle package used for the update.

I copied the same Offline Bundle used for the upgrade into a shared folder by the cluster hosts.

I checked the Offline Bundle profile ...

# esxcli software sources profile list -d /vmfs/volumes/SVT-VDI/Temp/HPe/Q8A57-11137_hpe-esxi7.0u3c-19193900-703.0.0.10.8.1-3-offline-bundle.zip

... and then the contents of the VIBs, to verify that was present "loadesx" ...

# esxcli software sources profile get -d /vmfs/volumes/SVT-VDI/Temp/HPe/Q8A57-11137_hpe-esxi7.0u3c-19193900-703.0.0.10.8.1-3-offline-bundle.zip -p HPE-ESXi-7.0-Update3c-19193900-customized

Verified the presence, I proceed with the update of the profile in this way:

# esxcli software profile update -d /vmfs/volumes/SVT-VDI/Temp/HPe/Q8A57-11137_hpe-esxi7.0u3c-19193900-703.0.0.10.8.1-3-offline-bundle.zip -p HPE-ESXi-7.0-Update3c-19193900-customized

As we can see above, there are a number of packages that have been installed/updated including “loadesx”.

Since a reboot is required, let's proceed with rebooting the ESXi host.

Post Reboot we verify that the module has been properly loaded ...

# esxcli software vib list | grep load

Back to NSX-T UI

Click on Install Failed of the host we just updated, then VIEW ERRORS

Select the error message and click RESOLVE

Click RESOLVE again.

I check the progress of the installation process ...

I also check via command line ...

# esxcli software vib list | grep -i nsx

Verified that the NSX-T packages have been correctly installed on the ESXi host (NSX Configuration: Success), and the status of the host in NSX-T is UP... I proceed to perform the same tasks with the next host.

Now, all hosts are UP and running.

That's it.

vRA 8.5.1 REST Api calls - API Authentication

Issue

I need a quick guide (step-by-step) on how to authenticate to vRA 8.5.1 via REST API calls.

Solution

To do that, I found a VMware well documented guide "vRealize Automation 8.5 API Programming Guide"

First of all, we need to know that the process to obtain the access token is different depending upon the vRealize Automation version.
In our case, we need to get the token used to authenticate our session, we use the Identity Service API to get an API token. Then we use the API token as input to the IaaS API to get an access token.

Let's see below the steps on how to do it, using Postman and Curl:

1. Open Postman.
   
   
2. Execute the following REST API call:
   
   

   URL: https://<vRA-FQDN>/csp/gateway/am/api/login?access_token
   Method: POST
   Headers: 'Content-Type: application/json'
   Body: {
   	"username": "username",
   	"password": "password"
   }

   NOTE: If you don't need to authenticate locally (as in our case) replace the above username with your own username in the form username@domain.
   
3. Take note of the refresh_token.
   
4. Execute the following REST API call:
   
   

   URL: https://<vRA-FQDN>/iaas/api/login
   Method: POST
   Headers: 'Content-Type: application/json'
   Body: {
   	"refreshToken": "api_token"
   }

   ... and as output you will receive the token to be used for subsequent vRA queries.
   

Let's see the same procedure, this time using Curl:

1. Open a session Terminal with both command, curl and jq already installed.
   
   
2. Assign values to the variables for the hostname of our vRealize Automation appliance, our user name, and password.

   url='https://<vRA-FQDN>'
   username='username'
   password='password'

3. Execute the following curl command to retrive the API token:
   

   api_token=`curl -k -X POST \
     "$url/csp/gateway/am/api/login?access_token" \
     -H 'Content-Type: application/json' \
     -H 'Accept: application/json' \
     -d '{
     "username": "'$username'",
     "password": "'$password'"
   }' | jq -r .refresh_token`

   
4. With the API token assigned, execute the following curl command to retrieve the Access token:
   

   access_token=`curl -k -X POST \
     "$url/iaas/api/login" \
     -H 'Content-Type: application/json' \
     -H 'Accept: application/json' \
     -d '{
     "refreshToken": "'$api_token'"
   }' | jq -r .token`

   
   Note: After 25 minutes of inactivity, the access token times out and we must request it again.
   
   
5. We can now try to obtain more information such as the Organization ID, using the Access Token, by executing the command ...
   

   curl -k -X GET "$url/csp/gateway/am/api/loggedin/user/orgs" -H "csp-auth-token: $access_token"

   

That's it.