Deploy NSX-T Edge Clusters using SDDC Manager API
A quicker way to deploy multiple clusters
What? Utilize SDDC Manager’s API to deploy NSX-T Edge Clusters
I decided to write up this article to demonstrate how to deploy NSX-T Edge Clusters using SDDC Manager. This method can be quicker and easier than filling out the form each time, especially if you have multiple nodes and clusters to deploy!
How?
In this example I will be using postman to make the API calls, there are other alternatives such as powerVCF, the Developer Center, API calls directly on SDDC Manager as root, and pretty much any other way you would use to make API calls.
Step 1: Bearer Token
The first step is to get a bearer token, the little bit of code below should provide you with this. Make sure you change the details to suit your environment.
curl --location --request POST 'https://sddc-manager.region1.shank.com/v1/tokens' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data-raw '{
"username" : "[email protected]",
"password" : "password"
}'
The output you receive should be similar to the below.
Step 2: Validating Edge Cluster Creation Spec JSON
Prior to deploying any clusters in SDDC Manager you must validate the JSON spec, doing so ensures the configuration in the JSON is valid and will deploy correctly.
The Edge Cluster creation JSON below is an example of one that I used deployed in my lab. Ensure the fields are changed to suit your environment.
{
"edgeClusterName" : "wld-edge-cl1",
"edgeClusterType" : "NSX-T",
"edgeRootPassword" : "VMware123!VMware123!",
"edgeAdminPassword" : "VMware123!VMware123!",
"edgeAuditPassword" : "VMware123!VMware123!",
"edgeFormFactor" : "SMALL",
"tier0ServicesHighAvailability" : "ACTIVE_ACTIVE",
"mtu" : 1600,
"asn" : 65051,
"edgeNodeSpecs" : [ {
"edgeNodeName" : "reg2-wld-edge1.region2.shank.com",
"managementIP" : "172.24.0.40/24",
"managementGateway" : "172.24.0.1",
"edgeTepGateway" : "172.30.0.1",
"edgeTep1IP" : "172.30.0.6/24",
"edgeTep2IP" : "172.30.0.7/24",
"edgeTepVlan" : 3019,
"clusterId" : "faa6d3e8-982a-4b00-8c35-949ac5e601c7",
"interRackCluster" : false,
"uplinkNetwork" : [ {
"uplinkVlan" : 3017,
"uplinkInterfaceIP" : "172.28.0.4/24",
"peerIP" : "172.28.0.1/24",
"asnPeer" : 65044,
"bgpPeerPassword" : "VMware123!VMware123!"
},
{
"uplinkVlan" : 3018,
"uplinkInterfaceIP" : "172.29.0.4/24",
"peerIP" : "172.29.0.1/24",
"asnPeer" : 65044,
"bgpPeerPassword" : "VMware123!VMware123!"
} ]
},
{
"edgeNodeName" : "reg2-wld-edge2.region2.shank.com",
"managementIP" : "172.24.0.41/24",
"managementGateway" : "172.24.0.1",
"edgeTepGateway" : "172.30.0.1",
"edgeTep1IP" : "172.30.0.8/24",
"edgeTep2IP" : "172.30.0.9/24",
"edgeTepVlan" : 3019,
"clusterId" : "faa6d3e8-982a-4b00-8c35-949ac5e601c7",
"interRackCluster" : false,
"uplinkNetwork" : [ {
"uplinkVlan" : 3017,
"uplinkInterfaceIP" : "172.28.0.5/24",
"peerIP" : "172.28.0.1/24",
"asnPeer" : 65044,
"bgpPeerPassword" : "VMware123!VMware123!"
},
{
"uplinkVlan" : 3018,
"uplinkInterfaceIP" : "172.29.0.5/24",
"peerIP" : "172.29.0.1/24",
"asnPeer" : 65044,
"bgpPeerPassword" : "VMware123!VMware123!"
} ]
} ],
"tier0RoutingType" : "EBGP",
"tier0Name" : "wld-t0",
"tier1Name" : "wld-t1",
"edgeClusterProfileType" : "DEFAULT"
}
The fields in the JSON are relatively straightforward, however, the options below may trip you up so I have provided some clarification around them.
- “edgeFormFactor”: This is the size of the Edge nodes, the options are SMALL, MEDIUM, LARGE and XLARGE
- “tier0ServicesHighAvailability”: This is the availability mode that the Tier-0 will be deployed with, the choices are ACTIVE_ACTIVE OR ACTIVE_STANDBY
- “asn”: The ASN configured on the Tier-0 gateway, asnPeer is the ToR or upstream gateways configured ASN.
- “clusterId”: This is the ID of the vSphere cluster where you want to deploy the Edge nodes. You can either use API to obtain this information or browse to the cluster in SDDC Manager and copy the UUID from the URL.
- “edgeClusterProfileType”: The choices for this one are DEFAULT or CUSTOM. If you select CUSTOM, then you have the ability to fill out the below additional options.
"edgeClusterProfileSpec": {
"bfdAllowedHop": 0,
"bfdDeclareDeadMultiple": 0,
"bfdProbeInterval": 0,
"edgeClusterProfileName": "",
"standbyRelocationThreshold": 0
Once your JSON is populated you must validate it, this is done by POST’ing the data to https://sddcManagerFQDN/v1/edge-clusters/validations. Ensure your authorization type is bearer token, and you have pasted the token obtained in step 1.
curl --location --request POST 'https://sddc-manager.region2.shank.com/v1/edge-clusters/validations/' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiIzMjk0NmE3My04MDgxLTRjMWYtOWQwMy0zNDI4MjAzM2Y1MjAiLCJpYXQiOjE2MzIyMDMzMDUsInN1YiI6ImFkbWluaXN0cmF0b3JAdnNwaGVyZS5sb2NhbCIsImlzcyI6InZjZi1hdXRoIiwiYXVkIjoic2RkYy1zZXJ2aWNlcyIsIm5iZiI6MTYzMjIwMzMwNSwiZXhwIjoxNjMyMjA2OTA1LCJ1c2VyIjoiYWRtaW5pc3RyYXRvckB2c3BoZXJlLmxvY2FsIiwibmFtZSI6ImFkbWluaXN0cmF0b3JAdnNwaGVyZS5sb2NhbCIsInNjb3BlIjpbIlNERENfRkVERVJBVElPTl9XUklURSIsIkFWTl9XUklURSIsIkNFUlRfV1JJVEUiLCJDT01QT1NBQklMSVRZX1dSSVRFIiwiTElDRU5TRV9LRVlfUkVBRCIsIkNPTVBPU0FCSUxJVFlfUkVBRCIsIkVER0VfQ0xVU1RFUl9XUklURSIsIlVTRVJfUkVBRCIsIkNSRURFTlRJQUxfV1JJVEUiLCJCQUNLVVBfQ09ORklHX1JFQUQiLCJDTFVTVEVSX1dSSVRFIiwiQVZOX1JFQUQiLCJWQVNBX1BST1ZJREVSX1JFQUQiLCJET01BSU5fV1JJVEUiLCJDRUlQX1JFQUQiLCJOVFBfV1JJVEUiLCJERVBPVF9DT05GSUdfV1JJVEUiLCJERVBPVF9DT05GSUdfUkVBRCIsIkhPU1RfV1JJVEUiLCJCQUNLVVBfUkVTVE9SRV9SRUFEIiwiQ0VSVF9SRUFEIiwiVVNFUl9XUklURSIsIlVQR1JBREVfUkVBRCIsIk9USEVSX1JFQUQiLCJDUkVERU5USUFMX1JFQUQiLCJIT1NUX1JFQUQiLCJDRUlQX1dSSVRFIiwiT1RIRVJfV1JJVEUiLCJMSUNFTlNFX0tFWV9XUklURSIsIkNBX1JFQUQiLCJORVRXT1JLX1BPT0xfV1JJVEUiLCJXQ1BfUkVBRCIsIkJBQ0tVUF9SRVNUT1JFX1dSSVRFIiwiTlRQX1JFQUQiLCJFREdFX0NMVVNURVJfUkVBRCIsIkJBQ0tVUF9DT05GSUdfV1JJVEUiLCJXQ1BfV1JJVEUiLCJTRVJWSUNFX0FDQ09VTlRfV1JJVEUiLCJORVRXT1JLX1BPT0xfUkVBRCIsIkNBX1dSSVRFIiwiQ0xVU1RFUl9SRUFEIiwiVkFTQV9QUk9WSURFUl9XUklURSIsIkROU19XUklURSIsIlZSU0xDTV9XUklURSIsIkROU19SRUFEIiwiU0VSVklDRV9BQ0NPVU5UX1JFQUQiLCJTRERDX0ZFREVSQVRJT05fUkVBRCIsIkRPTUFJTl9SRUFEIiwiVlJTTENNX1JFQUQiLCJVUEdSQURFX1dSSVRFIl0sInJvbGUiOlsiQURNSU4iXX0.USzrLuoclWP02fDBU2XBBAI7vHiY0hSdjhLtcCCRE6g' \
--data-raw '{
"edgeClusterName" : "wld-edge-cl1",
"edgeClusterType" : "NSX-T",
"edgeRootPassword" : "VMware123!VMware123!",
"edgeAdminPassword" : "VMware123!VMware123!",
"edgeAuditPassword" : "VMware123!VMware123!",
"edgeFormFactor" : "SMALL",
"tier0ServicesHighAvailability" : "ACTIVE_ACTIVE",
"mtu" : 1600,
"asn" : 65051,
"edgeNodeSpecs" : [ {
"edgeNodeName" : "reg2-wld-edge1.region2.shank.com",
"managementIP" : "172.24.0.40/24",
"managementGateway" : "172.24.0.1",
"edgeTepGateway" : "172.30.0.1",
"edgeTep1IP" : "172.30.0.6/24",
"edgeTep2IP" : "172.30.0.7/24",
"edgeTepVlan" : 3019,
"clusterId" : "faa6d3e8-982a-4b00-8c35-949ac5e601c7",
"interRackCluster" : false,
"uplinkNetwork" : [ {
"uplinkVlan" : 3017,
"uplinkInterfaceIP" : "172.28.0.4/24",
"peerIP" : "172.28.0.1/24",
"asnPeer" : 65044,
"bgpPeerPassword" : "VMware123!VMware123!"
},
{
"uplinkVlan" : 3018,
"uplinkInterfaceIP" : "172.29.0.4/24",
"peerIP" : "172.29.0.1/24",
"asnPeer" : 65044,
"bgpPeerPassword" : "VMware123!VMware123!"
} ]
},
{
"edgeNodeName" : "reg2-wld-edge2.region2.shank.com",
"managementIP" : "172.24.0.41/24",
"managementGateway" : "172.24.0.1",
"edgeTepGateway" : "172.30.0.1",
"edgeTep1IP" : "172.30.0.8/24",
"edgeTep2IP" : "172.30.0.9/24",
"edgeTepVlan" : 3019,
"clusterId" : "faa6d3e8-982a-4b00-8c35-949ac5e601c7",
"interRackCluster" : false,
"uplinkNetwork" : [ {
"uplinkVlan" : 3017,
"uplinkInterfaceIP" : "172.28.0.5/24",
"peerIP" : "172.28.0.1/24",
"asnPeer" : 65044,
"bgpPeerPassword" : "VMware123!VMware123!"
},
{
"uplinkVlan" : 3018,
"uplinkInterfaceIP" : "172.29.0.5/24",
"peerIP" : "172.29.0.1/24",
"asnPeer" : 65044,
"bgpPeerPassword" : "VMware123!VMware123!"
} ]
} ],
"tier0RoutingType" : "EBGP",
"tier0Name" : "wld-t0",
"tier1Name" : "wld-t1",
"edgeClusterProfileType" : "DEFAULT"
}'
Step 3: Checking the progress of the validation
After POST’ing the JSON in step 2 you would have gotten an ID string. This ID can be seen in the image below and can be used to check the status and progress of the validation task.
To check the progress send a GET request to https://sddcManagerFQDN/v1/edge-clusters/validations/<id>.
Once the validation completes, the Edge cluster can be deployed. If there are any issues with the validation, they must be resolved before proceeding to step 4.
Step 4: Deploying the NSX-T Edge Cluster
This part is quite simple, copy or re-use the session and URI shown in step 3, and remove the validations/<id> on the end. Now you must send a POST request to https://sddcManagerFQDN/v1/edge-clusters/ using the same JSON that was created in step 2. This will initiate the deploy task in SDDC Manager and once complete it should be fully functional.
Conclusion
This post has walked you through the process of deploying an NSX-T Edge cluster using the SDDC Manager UI. This is useful if you need to deploy several clusters and require the Edge clusters to be registered in the SDDC Manager inventory. Remember it is also possible to deploy Edge clusters directly in NSX-T within a VCF environment, but you must remember that they will not be known to SDDC Manager.
The process is also documented here.
To view all my other VCF related articles please click here.