How-To Use the new PowerCLI NSX-T Module
PowerCLI 6.5.3 was released 2 weeks ago (10 October 2017), and the major change is the introduction of the NSX-T module. Yep, you read correctly, NSX-T support in PowerCLI is here! :)
Compared to PowerNSX, this module is being released as a low-level module (API access only): I’ll describe how-to use it below.
NSX-T Cmdlets
Three cmdlets are available:
Connect-NsxtServer
: quite obvious, establishes a connection to an NSX-T server.Disconnect-NsxtServer
: you guessed it, closes the connection to your NSX-T servers.Get-NsxtService
: all the magic is done using this single cmdlet. This cmdlet retrieves PSObject objects that represent a proxy to a NSX-T API service: it is used to invoke the operations on the NSX-T API service (create, read, update, delete). Check below to understand its usage.
Additional resources:
- PowerCLI online documentation.
- Don’t forget the Get-Help
to get help for any cmdlet or function.
How-to Interact with NSX-T using PowerCLI
First of all, you need to connect to your NSX Manager. :)
C:\Users\batman.SDDC> Connect-NsxtServer -Server nsxtmgr-01a.vmworld.local -User admin -Password brucewayneisbatman
Server User
------ ----
nsxtmgr-01a.vmworld.local admin
This is where it gets interesting. To interact with NSX-T, a single cmdlet is at your disposal: Get-NsxtService .
C:\Users\batman.SDDC> Get-Help Get-NsxtService
NAME
Get-NsxtService
SYNOPSIS
This cmdlet retrieves PSObject objects that represent a proxy to an NSX-T API service.
SYNTAX
Get-NsxtService [[-Name] <String[]>] [-Server <CisServer[]>] [<CommonParameters>]
The cmdlet returns one PSObject object for every service available. To know which service proxies are available:
C:\Users\batman.SDDC> Get-NsxtService -Name *
Name
----
com.vmware.nsx.service_profiles
com.vmware.nsx.network_encryption.key_policies.rules
com.vmware.nsx.node.services.ssh.status
com.vmware.nsx.cluster_profiles
com.vmware.nsx.pools.vni_pools
[...]
NB: for the sake of readability, I did not included all services in the list here (the list contains 284 services). :) Check at the end of this post for the complete list.
Every service proxy has a top-level Help property that contains documentation about the service’s methods, parameters, constants, and so on. The Help object is hierarchical and mirrors the services (methods, parameters, constants, etc.).
Now, I will describe the path I’m taking to explain how to use the NSX-T module. In the API service list, I see that I have a com.vmware.nsx.firewall.sections.rules proxy. First, I query this service proxy and assign it to a variable.
$FirewallRules = Get-NsxtService -Name com.vmware.nsx.firewall.sections.rules
Then, if I want to know what I do have in that object, I can just leverage the Help method.
I see that I can do a list() operations which will return all firewall rule information for a given firewall section. The query should take the form of:
$FirewallRules.list("<section_id>")
To get the missing ‘section_id’:
Now, I want to list the firewall rules from my ‘Gotham City’ firewall section:
$FirewallRules.list("fa9a37dc-cb0f-43f9-b624-a7a62fa3e3b4").results
Have you noticed the .results suffix? You can also try without it, but the output will be the complete object (including the help and other additional information).
Finally, let’s change the format so that it’s easier to read.
C:\Users\batman.SDDC> $FirewallRules.list("fa9a37dc-cb0f-43f9-b624-a7a62fa3e3b4").results | Select-Object display_name,id,logged,action
display_name id logged action
------------ -- ------ ------
Allow Alfred 1026 False ALLOW
Allow Bruce 1027 False ALLOW
Does that match what I have in my user interface? Of course!
Create a NSX-T Logical Switch using PowerCLI
Reading information was easy, now let’s actually try to create something. :)
The Help object can also be used for creation of parameters that the service methods accept through a “Create” method.
In the example below, I’m creating a ‘DEMO-LS01’ logical switch, attached to the ‘OVERLAY-TZ01’ transport zone.
# I need first to retrieve information about the Transport Zone
$OverlayTransportZone = (Get-NsxtService -Name com.vmware.nsx.transport_zones).list().results | where { $_.display_name -eq "OVERLAY-TZ01" }
# Retrieve the Logical Switch service
$ShinyLogicalSwitchService = Get-NsxtService -Name com.vmware.nsx.logical_switches
# Create input argument for the creation of my Logical Switch
$ShinyLogicalSwitchCreateSpec = $ShinyLogicalSwitchService.help.create.logical_switch.Create()
# Fill in the create spec mandatory properties: display_name, admin_state, replication mode and transport_zone_id
$ShinyLogicalSwitchCreateSpec.display_name = "DEMO-LS01"
$ShinyLogicalSwitchCreateSpec.admin_state = "UP"
$ShinyLogicalSwitchCreateSpec.replication_mode = "MTEP"
$ShinyLogicalSwitchCreateSpec.transport_zone_id = $OverlayTransportZone.id
# Create Logical Switch Entity
$ShinyLogicalSwitch = $ShinyLogicalSwitchService.create($ShinyLogicalSwitchCreateSpec)
A quick check on my NSX-T Manager to confirm the creation was successful. \o/
And a quick check on my vSphere hosts. An opaque network was created on all prepared transport nodes that belongs to my ‘OVERLAY-TZ01’ transport zone.
I RTFM’ed the logical switch creation method in the API documentation to understand how to construct the method (mandatory parameters, etc.).
Finally, don’t forget to disconnect from your your NSX Manager. ;)
C:\Users\batman.SDDC> Disconnect-NsxtServer nsxtmgr-01a.vmworld.local -Confirm:$false
Complete list of NSX-T Services available in PowerCLI
C:\Users\rdecker.SDDC> Get-NsxtService -Name *
Name
----
com.vmware.nsx.service_profiles
com.vmware.nsx.network_encryption.key_policies.rules
com.vmware.nsx.node.services.ssh.status
com.vmware.nsx.cluster_profiles
com.vmware.nsx.pools.vni_pools
com.vmware.nsx.batch
com.vmware.nsx.upgrade.upgrade_unit_groups.upgrade_unit
com.vmware.nsx.node.network.interfaces
com.vmware.nsx.error_resolver
com.vmware.nsx.licenses.licenses_usage
com.vmware.nsx.dhcp.servers.static_bindings
com.vmware.nsx.infra.realized_state.enforcement_points.groups.securitygroups
com.vmware.nsx.cluster.nodes.network.interfaces
com.vmware.nsx.infra.domains
com.vmware.nsx.ns_groups.unassociated_virtual_machines
com.vmware.nsx.transportzone_profiles
com.vmware.nsx.ns_service_groups
com.vmware.nsx.ns_groups.service_associations
com.vmware.nsx.node.services.cm_inventory
com.vmware.nsx.aaa.registration_token
com.vmware.nsx.node.services.node_mgmt.status
com.vmware.nsx.node.rabbitmq_management_port
com.vmware.nsx.network_encryption.sections
com.vmware.nsx.cluster.restore.backuptimestamps
com.vmware.nsx.transport_nodes.statistics.nat_rules
com.vmware.nsx.upgrade.status_summary
com.vmware.nsx.infra.realized_state.enforcement_points
com.vmware.nsx.fabric.discovered_nodes
com.vmware.nsx.traceflows.observations
com.vmware.nsx.node.tasks.response
com.vmware.nsx.csm.aws_vpcs
com.vmware.nsx.node.services.liagent
com.vmware.nsx.upgrade.upgrade_units_stats
com.vmware.nsx.node.services.syslog
com.vmware.nsx.transport_zones
com.vmware.nsx.ipfix.configs
com.vmware.nsx.logical_ports.statistics
com.vmware.nsx.csm.aws.gateways.status
com.vmware.nsx.network_encryption.sections.rules.state
com.vmware.nsx.node.services.manager
com.vmware.nsx.mac_sets
com.vmware.nsx.compute_collection_transport_node_templates
com.vmware.nsx.upgrade.eula.content
com.vmware.nsx.logical_routers.routing.bgp
com.vmware.nsx.tasks
com.vmware.nsx.node.services.ntp
com.vmware.nsx.trust_management.csrs
com.vmware.nsx.infra.services.service_entries
com.vmware.nsx.bridge_clusters.status
com.vmware.nsx.logical_routers.routing.redistribution.rules
com.vmware.nsx.ns_groups.member_types
com.vmware.nsx.upgrade.eula.accept
com.vmware.nsx.network_encryption.key_managers
com.vmware.nsx.pools.mac_pools
com.vmware.nsx.upgrade
com.vmware.nsx.fabric.compute_managers.status
com.vmware.nsx.csm.aws_regions
com.vmware.nsx.logical_routers
com.vmware.nsx.infra.realized_state.enforcement_points.services.nsservices
com.vmware.nsx.node.services
com.vmware.nsx.realization_state_barrier.current
com.vmware.nsx.csm.aws.gateways
com.vmware.nsx.csm.aws_accounts.status
com.vmware.nsx.logical_routers.routing.static_routes.bfd_peers
com.vmware.nsx.ns_groups.effective_virtual_machine_members
com.vmware.nsx.node.network
com.vmware.nsx.infra.domains.communication_map
com.vmware.nsx.bridge_endpoints.statistics
com.vmware.nsx.node.services.snmp
com.vmware.nsx.cluster.restore.status
com.vmware.nsx.cluster.restore.config
com.vmware.nsx.network_encryption.status
com.vmware.nsx.node.file_store
com.vmware.nsx.md_proxies
com.vmware.nsx.logical_switches.vtep_table
com.vmware.nsx.logical_routers.routing.ip_prefix_lists
com.vmware.nsx.node.services.nsx_upgrade_agent.status
com.vmware.nsx.infra.deployment_zones.enforcement_points
com.vmware.nsx.node.services.search
com.vmware.nsx.cluster.backups.history
com.vmware.nsx.firewall.sections.state
com.vmware.nsx.realization_state_barrier.config
com.vmware.nsx.logical_routers.routing.bfd_config
com.vmware.nsx.node.services.http
com.vmware.nsx.ns_groups
com.vmware.nsx.logical_switches.mac_table
com.vmware.nsx.node.users.ssh_keys
com.vmware.nsx.transport_nodes
com.vmware.nsx.node.services.nsx_message_bus.status
com.vmware.nsx.md_proxies.status
com.vmware.nsx.node
com.vmware.nsx.dhcp.servers.leases
com.vmware.nsx.aaa.vidm.groups
com.vmware.nsx.logical_routers.routing.route_table
com.vmware.nsx.app_discovery.sessions.ns_groups
com.vmware.nsx.infra.communication_profiles.communication_profile_entries
com.vmware.nsx.templates
com.vmware.nsx.host_switch_profiles
com.vmware.nsx.transport_nodes.status
com.vmware.nsx.cluster
com.vmware.nsx.node.services.syslog.exporters
com.vmware.nsx.upgrade.plan
com.vmware.nsx.network_encryption.sections.rules.stats
com.vmware.nsx.firewall.excludelist
com.vmware.nsx.logical_routers.routing.advertisement.rules
com.vmware.nsx.transport_nodes.tunnels
com.vmware.nsx.aaa.user_info
com.vmware.nsx.eula.accept
com.vmware.nsx.logical_routers.routing
com.vmware.nsx.bridge_endpoints
com.vmware.nsx.trust_management.certificates
com.vmware.nsx.upgrade.plan.settings
com.vmware.nsx.eula.acceptance
com.vmware.nsx.ipfix.collectorconfigs
com.vmware.nsx.node.logs
com.vmware.nsx.normalizations
com.vmware.nsx.infra
com.vmware.nsx.node.aaa.providers.vidm
com.vmware.nsx.fabric.nodes
com.vmware.nsx.csm.csmstatus
com.vmware.nsx.infra.services
com.vmware.nsx.node.services.nsx_upgrade_agent
com.vmware.nsx.app_discovery.sessions.installed_apps
com.vmware.nsx.logical_routers.nat.rules.statistics
com.vmware.nsx.node.services.ssh
com.vmware.nsx.firewall.rules.state
com.vmware.nsx.hpm.global_config
com.vmware.nsx.dhcp.servers.statistics
com.vmware.nsx.pools.ip_pools.allocations
com.vmware.nsx.logical_switches.state
com.vmware.nsx.logical_ports
com.vmware.nsx.ns_groups.effective_logical_switch_members
com.vmware.nsx.node.network.search_domains
com.vmware.nsx.node.processes
com.vmware.nsx.licenses
com.vmware.nsx.edge_clusters
com.vmware.nsx.node.services.mgmt_plane_bus
com.vmware.nsx.node.services.install_upgrade
com.vmware.nsx.logical_ports.forwarding_path
com.vmware.nsx.trust_management.crls
com.vmware.nsx.fabric.nodes.modules
com.vmware.nsx.logical_switches
com.vmware.nsx.upgrade.history
com.vmware.nsx.node.services.node_mgmt
com.vmware.nsx.network_encryption.key_policies.stats
com.vmware.nsx.node.services.snmp.status
com.vmware.nsx.bridge_clusters
com.vmware.nsx.traceflows
com.vmware.nsx.ipfix_obs_points
com.vmware.nsx.logical_ports.mac_table
com.vmware.nsx.network_encryption.sections.rules
com.vmware.nsx.csm.virtual_machines
com.vmware.nsx.upgrade.upgrade_units.aggregate_info
com.vmware.nsx.ip_sets
com.vmware.nsx.cluster.status
com.vmware.nsx.csm.aws.gateway_amis
com.vmware.nsx.network_encryption.config
com.vmware.nsx.trust_management.principal_identities
com.vmware.nsx.mirror_sessions
com.vmware.nsx.csm.aws.key_pairs
com.vmware.nsx.node.services.manager.status
com.vmware.nsx.aaa.vidm.users
com.vmware.nsx.associations
com.vmware.nsx.node.aaa.auth_policy
com.vmware.nsx.cluster.backups.config
com.vmware.nsx.firewall.sections.rules
com.vmware.nsx.logical_routers.routing.forwarding_table
com.vmware.nsx.upgrade.upgrade_unit_groups
com.vmware.nsx.switching_profiles.summary
com.vmware.nsx.logical_switches.status
com.vmware.nsx.node.file_store.thumbprint
com.vmware.nsx.transport_zones.transport_node_status
com.vmware.nsx.logical_ports.state
com.vmware.nsx.node.services.liagent.status
com.vmware.nsx.fabric.nodes.network.interfaces.stats
com.vmware.nsx.infra.deployment_zones
com.vmware.nsx.transport_zones.status
com.vmware.nsx.fabric.compute_managers
com.vmware.nsx.compute_collection_transport_node_templates.state
com.vmware.nsx.upgrade.eula.acceptance
com.vmware.nsx.logical_routers.nat.rules
com.vmware.nsx.fabric.compute_collection_fabric_templates
com.vmware.nsx.dhcp.servers.status
com.vmware.nsx.cluster.nodes.network.interfaces.stats
com.vmware.nsx.infra.domains.communication_map.communication_entries
com.vmware.nsx.logical_routers.routing.bgp.neighbors.status
com.vmware.nsx.fabric.nodes.network.interfaces
com.vmware.nsx.switching_profiles
com.vmware.nsx.node.network.name_servers
com.vmware.nsx.node.network.routes
com.vmware.nsx.logical_switches.statistics
com.vmware.nsx.logical_router_ports.statistics.summary
com.vmware.nsx.network_encryption.sections.state
com.vmware.nsx.transport_nodes.state
com.vmware.nsx.eula.content
com.vmware.nsx.logical_ports.status
com.vmware.nsx.dhcp.relays
com.vmware.nsx.lldp.transport_nodes.interfaces
com.vmware.nsx.infra.realized_state.enforcement_points.groups.nsgroups
com.vmware.nsx.upgrade.summary
com.vmware.nsx.transport_zones.summary
com.vmware.nsx.node.network.interfaces.stats
com.vmware.nsx.upgrade.nodes_summary
com.vmware.nsx.tasks.response
com.vmware.nsx.node.services.cm_inventory.status
com.vmware.nsx.fabric.compute_managers.state
com.vmware.nsx.upgrade.version_whitelist
com.vmware.nsx.logical_router_ports.statistics
com.vmware.nsx.pools.ip_subnets
com.vmware.nsx.ipfix_obs_points.switch_global
com.vmware.nsx.pools.vtep_label_pools
com.vmware.nsx.infra.domains.groups
com.vmware.nsx.md_proxies.statistics
com.vmware.nsx.logical_routers.routing.route_maps
com.vmware.nsx.dhcp.server_profiles
com.vmware.nsx.pools.ip_pools
com.vmware.nsx.app_discovery.sessions
com.vmware.nsx.logical_routers.routing.redistribution
com.vmware.nsx.node.services.install_upgrade.status
com.vmware.nsx.csm.aws_accounts
com.vmware.nsx.upgrade.nodes
com.vmware.nsx.infra.communication_profiles
com.vmware.nsx.logical_routers.routing.routing_table
com.vmware.nsx.trust_management
com.vmware.nsx.upgrade.upgrade_unit_groups_status
com.vmware.nsx.fabric.nodes.status
com.vmware.nsx.transport_nodes.remote_transport_node_status
com.vmware.nsx.fabric.virtual_machines
com.vmware.nsx.fabric.compute_collections
com.vmware.nsx.infra.realized_state.enforcement_points.firewalls.firewall_sections
com.vmware.nsx.infra.domains.domain_deployment_maps
com.vmware.nsx.app_discovery.sessions.summary
com.vmware.nsx.upgrade.upgrade_unit_groups.aggregate_info
com.vmware.nsx.logical_routers.routing.advertisement
com.vmware.nsx.upgrade.upgrade_units
com.vmware.nsx.aaa.role_bindings
com.vmware.nsx.upgrade.upgrade_unit_groups.status
com.vmware.nsx.cluster.nodes
com.vmware.nsx.pools.ip_blocks
com.vmware.nsx.bridge_endpoints.status
com.vmware.nsx.node.services.mgmt_plane_bus.status
com.vmware.nsx.node.tasks
com.vmware.nsx.cluster.restore.instruction_resources
com.vmware.nsx.logical_routers.status
com.vmware.nsx.dhcp.servers
com.vmware.nsx.ns_groups.effective_logical_port_members
com.vmware.nsx.dhcp.servers.ip_pools
com.vmware.nsx.node.services.search.status
com.vmware.nsx.mac_sets.members
com.vmware.nsx.logical_router_ports.arp_table
com.vmware.nsx.csm.nsx_manager_accounts
com.vmware.nsx.cluster.backups.status
com.vmware.nsx.fabric.nodes.capabilities
com.vmware.nsx.logical_switches.summary
com.vmware.nsx.node.services.ntp.status
com.vmware.nsx.logical_routers.routing.static_routes
com.vmware.nsx.cluster.nodes.status
com.vmware.nsx.node.services.http.status
com.vmware.nsx.app_discovery.app_profiles
com.vmware.nsx.services
com.vmware.nsx.node.users
com.vmware.nsx.node.services.nsx_message_bus
com.vmware.nsx.aaa.roles
com.vmware.nsx.csm.aws_subnets
com.vmware.nsx.dhcp.relay_profiles
com.vmware.nsx.firewall.sections.rules.stats
com.vmware.nsx.network_encryption.key_policies.reset
com.vmware.nsx.hpm.features
com.vmware.nsx.node.aaa.providers.vidm.status
com.vmware.nsx.app_discovery.sessions.ns_groups.members
com.vmware.nsx.network_encryption.key_policies
com.vmware.nsx.aaa.vidm.search
com.vmware.nsx.administration.support_bundles
com.vmware.nsx.node.services.syslog.status
com.vmware.nsx.firewall.sections
com.vmware.nsx.node.hardening_policy.mandatory_access_control
com.vmware.nsx.logical_routers.routing.bgp.neighbors
com.vmware.nsx.ns_groups.effective_ip_address_members
com.vmware.nsx.cluster.restore
com.vmware.nsx.fabric.nodes.state
com.vmware.nsx.configs.management
com.vmware.nsx.fabric.vifs
com.vmware.nsx.firewall.status
com.vmware.nsx.ns_services
com.vmware.nsx.logical_router_ports