In this Blogpost I will explain how to add or remove a Tag in NSX-T.
If the VM is not tagged before it is very easy to set a new Tag, but if the VM has already been tagged and you don’t want to loose the existing Tags, it becomes more complicated, because the NSX API will overwrite all Tags if a new one will be set.
This Script will add a “quarantine” Tag to a VM, with interactive User Input to define which VM should be tagged. The VM name is Case Sensitive and can be found in NSX Inventory -> Virtual Machines.
You can remove/replace everything in one line but I make smaller portions to understand what happen with the string. So I will remove now “@{display_name=DEV-DB; tags=[struct ” and the Bracket “]” at the end. Brackets will be interpreted by PowerShell and must be isolated with (\]).
Unfortunately the Tags are not placed in a list so each scope/tag combination must be added as a single entry. We will create a loop (foreach) to attach all Tags.
foreach ($item in $vmdataentrytags) {
We will split now each “$vmdataentrytags” in scope and tag. The identifier is “,”.
$item = @($item.split(","))
…and create a List
$vmdatatags1=$item|ConvertFrom-StringData
We will add now for each entry the Tag/Scope to “$vmdatacontent” and close the loop.
VMware PowerCLI is a command-line and scripting tool built on Windows PowerShell, and provides more than 700 cmdlets for managing and automating vSphere, vCloud, vRealize Operations Manager, vSAN, NSX-T, VMware Cloud on AWS, VMware HCX, VMware Site Recovery Manager, and VMware Horizon environments.
If you would like to learn more about VMware PowerCLI visit VMware {code}.
About NSX-T Policy API
Policy API is a new API introduced in NSX-T 2.4 and belongs to the simplified UI for an easier way to manage the Objects.
It is different from the old API (aka NSX -T Management Plane API) that belongs to the Advanced Networking & Security UI.
Most of the external Systems (like vRA, Kubernetes, etc.) can use both APIs and it is a question of Time when the Old API will be deprecated.
About SDK Toolkit and PowerCLI
VMware NSX-T generate the CMDLETS with the SDK Toolkit and if a new Version of NSX-T will be available also a new PowerCLI Version will be available with all new functions from NSX-T.
Disclaimer
If you would like to start with PowerCLI you will find a lot of Blogs how you can install PowerCLI on Windows, MAC and Linux. So this will not be Part of this Blog.
If you would like to use PowerCLI for NSX-T in you Production Enviroment, please contact you VMware Representative to clarify the Support Options!
After the connection was successful you should see following output:
Now we can can list all Modules. This could take some Time to get all Modules (In the Moment while I am writing, we have 286 Modules). I stored this Modules in a Text File to have them available for later configuration Tasks.
Get-NsxtPolicyService
Create a T1 Router
This Script will create a T1 Router and connect it to a T0 Router:
The next command will retrieve the Information about the existing T1 Routers , will learn the structure for the input variables and set the Variable to create in the last step the T1 Router.
After we executed this command we can check what kind of Inputs are available to create the T1 Router.
$t1routerspecification
You can see all Input Parameter and also the expected Structure.
“String” means single input, “List<string>” means single or multiple inputs and “boolean” means yes or no.
Input Parameter with “com.vmware.” are child or nested objects and need to be set in a different way. We will do this if we add the TAG to the T1 Router.
Now let’s come to the Child/Nested objects. The command looks similar to the command where we created a Variable to store the Router Specifications, but we drill one step deeper in the structure and define the input with Element.
If the command runs without any error message, your input was correct and you created a new T1 Router. But let us check if this is true;-)…. Login to your NSX Manager and type in the search bar “powercli”.
The next command will retrieve the Information about the existing Segments, will learn the structure for the input variables and set the Variable to createthe Segment in the last step.
This Script will create a Group and using Group Member Attributes:
#Variables for NSX Manager Connection
$nsxmanagerip = "IP_OR_DNS_NAME"
$nsxuser = "USERNAME"
$nsxpasswd = "PASSWORD"
#General Variables
$description = "Created with VMware PowerCLI"
$tag = "powercli"
#Variables for Groups
$groupdomain = "default"
$groupid = "GROUP_NAME"
$groupmember = "SCOPE_NAME|TAG_NAME"
$groupmember_type = "VirtualMachine"
#Connect to NSX Manager
Connect-NsxtServer -Server $nsxmanagerip -User $nsxuser -Password $nsxpasswd
#Retrieve Group Information
$groupdata = Get-NsxtPolicyService -Name com.vmware.nsx_policy.infra.domains.groups
#Set Group Variables
$groupspecification = $groupdata.Help.patch.group.Create()
$groupspecification.display_name = $groupid
$groupspecification.description = $description
#Add Group Member Variables
$groupexpspecification = $groupdata.Help.patch.group.expression.Element.condition.Create() $groupexpspecification.member_type = $groupmember_type
$groupexpspecification.value = $groupmember
$groupexpspecification.key="Tag"
$groupexpspecification.operator = "EQUALS"
$groupspecification.expression.Add($groupexpspecification) | Out-Null
#Add TAG to Group
$grouptag = $groupdata.Help.patch.group.tags.Element.Create()
$grouptag.tag = $tag
$groupspecification.tags.Add($grouptag) | Out-Null
#Create Group
$groupdata.patch($groupdomain, $groupid, $groupspecification)
To create the group we need the following Variables. The Domain should be “default” and will be inserted the URL String . Please be aware that domain and Membertype are Case Sensitive.
The next command will retrieve the Information about the existing Groups, will learn the structure for the input variables and create the Variable to create the Segment in the last step