Failure to fetch VMs associated with security groups due to NSX-T API issue
Article ID: 336808
Updated On:
Products
Issue/Introduction
to provide a workaround for the policy pagination issue in 3.2.1.x
Symptoms:
Failure to fetch VMs associated with security group details
Before replacing .jar
*Relevant log’s location*:
https://<nsx-manager-ip>/policy/api/v1/infra/realized-state/enforcement-points/default/vifs?page_size=1
{
"results": [
{
"external_id": "501d1bde-xxxx-xxxx-xxxx-be5de67bc478-xxxx",
"owner_vm_id": "501d1bde-xxxx-xxxx-xxxx-be5de67bc478",
"owner_vm_type": "REGULAR",
"host_id": "9319711c-xxxx-xxxx-xxxx-93ac33abb543",
"vm_local_id_on_host": "7",
"device_key": "4000",
"device_name": "Network adapter 1",
"mac_address": "xx:xx:xx:xx:xx",
"lport_attachment_id": "c74f3556-xxxx-xxxx-xxxx-2dec24b46adb",
"ip_address_info": [],
"resource_type": "VirtualNetworkInterface",
"display_name": "Network adapter 1",
"_last_sync_time": 1664357994599
}
],
"result_count": 1,
"sort_by": "display_name",
"sort_ascending": true
}
- We don't see cursor details
Environment
VMware NSX-T Data Center
Cause
This implementation will be removed when the deprecated batch API is removed
Resolution
Upgrade to 3.2.2
Workaround:
The below steps need to be executed on all NSX Manager nodes
Step 1: Stop the proton service
/etc/init.d/proton stop
Step 2: Take a backup of the existing libinventory-mgmt.jar file :
a. Create "backup" directory under /root
mkdir /root/backup
b. Move jar file to backup directory :
mv /opt/vmware/proton-tomcat/webapps/nsxapi/WEB-INF/lib/libinventory-mgmt.jar /root/backup/
Step 3: Upload attached "libinventory-mgmt-your-version.jar" file under "/opt/vmware/proton-tomcat/webapps/nsxapi/WEB-INF/lib"
Copy jar file from your local mac machine or from any of your network linux machine, after executing below command provide root password of NSX appliance:
scp user@<IP_address>:/path/libinventory-mgmt.jar /opt/vmware/proton-tomcat/webapps/nsxapi/WEB-INF/lib
Step 4: Rename file to libinventory-mgmt.jar
mv libinventory-mgmt-your-version.jar libinventory-mgmt.jar
Step 5: Start proton using the below command
/etc/init.d/proton start
Step 6: After restarting wait for a few minutes and test using the below API :
https://nsx-manager-ip}/policy/api/v1/infra/realized-state/enforcement-points/default/vifs?page_size=2
Add cursor to API and check, if there are a different set of vifs getting returned or not.
After replacing the .jar file:
{
"results": [
{
"external_id": "501d1bde-xxxx-xxxx-xxxx-be5de67bc478-xxxx",
"owner_vm_id": "501d1bde-xxxx-xxxx-xxxx-be5de67bc478",
"owner_vm_type": "REGULAR",
"host_id": "f4c22ee7-xxxx-xxxx-xxxx-f0956d23d8ca",
"vm_local_id_on_host": "7",
"device_key": "4000",
"device_name": "Network adapter 1",
"mac_address": "xx:xx:xx:xx:xx:xx",
"lport_attachment_id": "c74f3556-xxxx-xxxx-xxxx-2dec24b46adb",
"ip_address_info": [],
"resource_type": "VirtualNetworkInterface",
"display_name": "Network adapter 1",
"_last_sync_time": 1665048593727
}
],
"result_count": 7,
"sort_by": "display_name",
"sort_ascending": true,
"cursor": "0041-7335362574648784651.-7555496064960509443TmV0d29yayBhZGFwdGVyIDE="
}
You can now see that the cursor line has been added as expected
Note: In the API call "page_size=1" shows one VIF rather than listing out all the VIFs
Additional Information
In 3.2.1.1 and 3.2.1.2 VM custom Search with NSGROUP or Security Group option fails to fetch the VMs even if the Groups in NSX-T are created and VMs associated
Attachments
Feedback
