reverse engineering VMware Cloud Director API

As a continuation to my Cloud Director automation story, I started to dig a bit more into API calls used for configuring Cloud Director. Process is fairly simple, just turn on network monitoring in chrome developer tools and you can see which API calls the HTML5 portal does when actions are initiated.

I got couple basics done, adding vCenter and NSX-T manager, after which I already made quite significant learnings. One is that I now know why the API calls are not documented, they're completely inconsistent and there's pretty much no consistency across. Would be quite difficult to document :)

In practice those two actions mean four API calls, three of them different.

  • Add certificate as trusted (done twice, for both vCenter and NSX-T certificate)
    • https://{vcd_url}/cloudapi/1.0.0/ssl/trustedCertificates
  • Register vCenter
    • https://{vcd_url}/api/admin/extension/action/registervimserver
  • Register NSX-T
    • https://{vcd_url}/api/admin/extension/nsxtManagers
First when I started I thought that this is nice looking, clear JSON POST and nice looking structure. But that was just one of the APIs. All three are actually different, vCenter registration takes in XML, other two take in JSON but still require different headers for content type.

I created ansible playbooks which take parameters, mostly from variable file:

  • vCD username/password (environment variables, username should have @system suffix if local)
  • vCD url
  • vCD API version
  • vCenter url (ip)
  • vCenter username
  • vCenter password
  • NSX-T manager url (ip)
  • NSX-T username
  • NST-T password
The playbook first downloads the SSL certificate from the vCenter or NSX-T manager and then pushes it into the trusted certificate store in vCD and after that adds the resource into vCD.
There's currently no logic to check if the certificate has already been added and currently the script fails if it's run towards a resource which is already in the certificate store. This can be worked around by changing the certificate steps return value to 400, this way it considers the failure a success and proceeds.

Here are the playbooks for reference.

Add vCenter


---
- name: Config 
  hosts: localhost
  vars_files:
    - vars.yml
  tasks:
  - name: AUTH
    uri:
      url: https://{{vcd_url}}/api/sessions
      method: POST
      force: yes
      user: "{{ lookup('env', 'VCDUSER') }}"
      password: "{{ lookup('env', 'VCDPWD') }}"
      force_basic_auth: yes
      return_content: no
      status_code: 200
      validate_certs: no
      headers:
        Accept: application/*+xml;version={{api_ver}}
    register: login
  - name: Get certificate
    shell: "echo | openssl s_client -showcerts -connect {{vcenter_url}}:443 2>/dev/null | openssl x509 -inform pem"
    register: certificate
  - name: upload certificate
    uri:
      url: https://{{vcd_url}}/cloudapi/1.0.0/ssl/trustedCertificates
      method: POST
      force: yes
      return_content: no
      status_code: 201
      validate_certs: no
      body:
        id: null
        alias: "{{vcenter_url}}"
        certificate: "{{ certificate.stdout }}"
      body_format: json
      headers:
        Accept: application/json;version={{api_ver}}
        x-vcloud-authorization: "{{ login.x_vcloud_authorization }}"
        Content-Type: application/json
  - name: Register vCenter
    uri:
      url: https://{{vcd_url}}/api/admin/extension/action/registervimserver
      method: POST
      force: yes
      return_content: no
      status_code: 200
      validate_certs: no
      body: <root:RegisterVimServerParams xmlns:root="http://www.vmware.com/vcloud/extension/v1.5" xmlns:ns0="http://www.vmware.com/vcloud/v1.5"><root:VimServer name="vc7"><ns0:Description/><root:Username>{{vcenter_user}}</root:Username><root:Password>{{vcenter_pwd}}</root:Password><root:Url>https://{{vcenter_url}}</root:Url><root:IsEnabled>true</root:IsEnabled><root:UseVsphereService>false</root:UseVsphereService><root:VsphereWebClientServerUrl>https://{{vcenter_url}}/</root:VsphereWebClientServerUrl><root:tenantScoped>false</root:tenantScoped><root:proxyEnabled>false</root:proxyEnabled></root:VimServer></root:RegisterVimServerParams>
      body_format: raw
      headers:
        Accept: application/*+xml;version={{api_ver}}
        x-vcloud-authorization: "{{ login.x_vcloud_authorization }}"
        Content-Type: application/vnd.vmware.admin.registerVimServerParams+xml;charset=UTF-8

Add NSX-T

---
- name: Config 
  hosts: localhost
  vars_files:
    - vars.yml
  tasks:
  - name: AUTH
    uri:
      url: https://{{vcd_url}}/api/sessions
      method: POST
      force: yes
      user: "{{ lookup('env', 'VCDUSER') }}"
      password: "{{ lookup('env', 'VCDPWD') }}"
      force_basic_auth: yes
      return_content: no
      status_code: 200
      validate_certs: no
      headers:
        Accept: application/*+xml;version={{api_ver}}
    register: login
  - name: Get certificate
    shell: "echo | openssl s_client -showcerts -connect {{nsx_url}}:443 2>/dev/null | openssl x509 -inform pem"
    register: certificate
  - name: upload certificate
    uri:
      url: https://{{vcd_url}}/cloudapi/1.0.0/ssl/trustedCertificates
      method: POST
      force: yes
      return_content: no
      status_code: 201
      validate_certs: no
      body:
        id: null
        alias: "{{vcenter_url}}"
        certificate: "{{ certificate.stdout }}"
      body_format: json
      headers:
        Accept: application/json;version={{api_ver}}
        x-vcloud-authorization: "{{ login.x_vcloud_authorization }}"
        Content-Type: application/json
  - name: Register NSX
    uri:
      url: https://{{vcd_url}}/api/admin/extension/nsxtManagers
      method: POST
      force: yes
      return_content: no
      status_code: 200
      validate_certs: no
      body:
        name: "{{nsx_url}}"
        description: null
        url: "https://{{nsx_url}}"
        networkProviderScope: null
        username: "{{nsx_user}}"
        password: "{{nsx_pwd}}"
      body_format: json
      headers:
        Accept: application/*+json;version={{api_ver}}
        x-vcloud-authorization: "{{ login.x_vcloud_authorization }}"
        Content-Type: application/*+json

Variables

---
vcd_url: 
api_ver: 34.0
vcenter_url: 
vcenter_user: 
vcenter_pwd: 
nsx_url: 
nsx_user: 
nsx_pwd: 

Comments

  1. Casino | Up to $4000 No Deposit Bonus! - Casinoworld
    Casino dafabet Bonus FAQ ミスティーノ · Free Spins: No Deposit bonus codes · 인카지노 Maximum Rewards: 100% up to $1000 · New Player Bonus: 50x · No Deposit Match Bonus: 100% up to $500

    ReplyDelete
  2. Vint Ceramic Art | TITNIA & TECHNOLOGY
    Explore an all new “Vint kadangpintar Ceramic Art” project on TITNIA & TECHNOLOGY. Our team of wooricasinos.info sculptors and deccasino artists have created 출장마사지 new microtouch solo titanium and

    ReplyDelete

Post a Comment

Popular posts from this blog

Join VMware Photon to Active Directory

Why is three nines better than four in cloud availability?