Registering an Avi Load Balancer cluster with an NSX Manager instance
search cancel

Registering an Avi Load Balancer cluster with an NSX Manager instance

book

Article ID: 373497

calendar_today

Updated On:

Products

VMware Avi Load Balancer VMware NSX

Issue/Introduction

Avi Load Balancer requires to be registered with the NSX Manager in order to use Avi Load Balancer for Load Balancing services in a vSphere IaaS control plane environment (vSphere with Kubernetes, formerly know as TKGs).

The described issue is present when the following conditions are true:

● The Avi Controller Cluster was not deployed from the NSX Manager (non-VCF environments)

● The Avi Load Balancer was deployed on a VI-WLD using the VCF SDDC Manager (VCF 5.2 or higher). This procedure is not necessary for Avi Load Balancer deployed on the Management Domain

Environment

 

  • VMware Avi Load Balancer (Controller cluster)
  • VMware NSX Manager
  • VMware Cloud Foundation 5.2 or higher (for VCF deployments)

 

Resolution

Prerequisites

Before you begin, collect the following information. Items (e) and (f) are optional.

#ParameterPlaceholderNotes
aNSX Manager IP address (WLD NSX Manager IP for VCF)<nsx_mgr_ip>Required
bAvi Load Balancer cluster IP address<cluster_ip>Required
cAvi Load Balancer admin username<infra_admin_username>Required
dAvi Load Balancer admin password<infra_admin_password>Required
eDNS servers<dns_servers>Optional

f

 

NTP servers<ntp_servers>Optional

You also need the NSX Manager admin password to authenticate the API calls.

 

 

 

 

Step 1 — Prepare the Request Body

Replace the placeholders with the information you collected in the Prerequisites section.

{
  "owned_by": "LCM",
  "cluster_ip": "<cluster_ip>",
  "infra_admin_username": "<infra_admin_username>",
  "infra_admin_password": "<infra_admin_password>",
  "dns_servers": ["<dns_server_ip>"],
  "ntp_servers": ["<ntp_server_ip>"]
}

 

Step 2 — Submit the Onboarding Request

Use your preferred tool to make the API call. The following example uses curl:

If the certificate attached under the Avi Controller System Settings is signed by an external CA, the payload must include "default_cert": false, as shown below.
For self-signed certificates, this field is not required in the payload.

curl -k --location -u 'admin:<nsx_manager_password>' \
--request PUT 'https://<nsx_mgr_ip>/policy/api/v1/infra/alb-onboarding-workflow' \
--header 'X-Allow-Overwrite: True' \
--header 'Content-Type: application/json' \
--data-raw '{
  "owned_by": "LCM",
  "cluster_ip": "<cluster_ip>",
  "infra_admin_username": "<infra_admin_username>",
  "infra_admin_password": "<infra_admin_password>",
  "dns_servers": ["<dns_server_ip>"],
  "ntp_servers": ["<ntp_server_ip>"]
  "default_cert": false
 }'






Example Response:

Example Response:
{
 "connection_info": {
 "username": "nsxt-alb",
 "tenant": "admin",
 "expires_at": "2021-08-30T23:47:58.275Z",
 "enforcement_point_address": "<ip address>",
 "resource_type": "AviConnectionInfo",
 "certificate": "-----BEGIN CERTIFICATE-----\n CERTIFICATE VALUE \n-----
END CERTIFICATE-----\n"
 },
 "auto_enforce": true,
 "resource_type": "EnforcementPoint",
 "id": "alb-endpoint",
 "display_name": "alb-endpoint",
 "path": "/infra/sites/default/enforcement-points/alb-endpoint",
 "relative_path": "alb-endpoint",
 "parent_path": "/infra/sites/default",
 "unique_id": "#####-####-########-#####",
 "realization_id": "#####-####-########-#####",
 "marked_for_delete": false,
 "overridden": false,
 "_system_owned": false,
 "_create_user": "admin",
 "_create_time": 1630345678736,
 "_last_modified_user": "admin",
 "_last_modified_time": 1630345678736,
 "_protection": "NOT_PROTECTED",
 "_revision": 0
}

 

Step 3 — Verify the Registration

Confirm that the enforcement point was created by running a GET against the ALB endpoint:

curl -k -u 'admin:<nsx_manager_password>' \
--location --request GET \
'https://<nsx_mgr_ip>/policy/api/v1/infra/sites/default/enforcement-points/alb-endpoint'

 

In the response, confirm that status is set to DEACTIVATE_PROVIDER. This indicates that registration completed successfully and the Avi provider is registered with NSX Manager. 

 

Example:
root@nsx-manager:~# curl -k -u 'admin:NSX-Manager-password' --location --request GET
https://<nsx-mgr-ip>/policy/api/v1/infra/sites/default/enforcement-points/alb-endpoint
{
 "connection_info" : {
 "username" : "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
 "tenant" : "admin",
 "expires_at" : "2024-07-25T21:00:05.679Z",
 "managed_by" : "LCM",
 "status" : "DEACTIVATE_PROVIDER",
 "certificate" : "-----BEGIN CERTIFICATE-----\nMIIC3TC===Omitted===iU=\n-----END
CERTIFICATE-----\n",
 "is_default_cert" : true,
 "enforcement_point_address" : "<ip address>",
 "resource_type" : "AviConnectionInfo"
 },
 "auto_enforce" : true,
 "resource_type" : "EnforcementPoint",
 "id" : "alb-endpoint",
 "display_name" : "alb-endpoint",
 "path" : "/infra/sites/default/enforcement-points/alb-endpoint",
 "relative_path" : "alb-endpoint",
 "parent_path" : "/infra/sites/default",
 "remote_path" : "",
 "unique_id" : "#####-####-########-#####",
 "realization_id" : "#####-####-########-#####",
 "owner_id" : "#####-####-########-#####",
 "marked_for_delete" : false,
 "overridden" : false,
 "_system_owned" : false,
 "_create_time" : 1715813282536,
 "_create_user" : "admin",
 "_last_modified_time" : 1721919605807,
 "_last_modified_user" : "system",
 "_protection" : "NOT_PROTECTED",
 "_revision" : 353

 

 

Removing the Integration (Optional)

If you need to delete the Avi–NSX integration, run the following API call:

 
curl -k --location -u 'admin:<nsx_manager_password>' \
--request DELETE \
'https://<nsx_mgr_ip>/policy/api/v1/infra/alb-onboarding-workflow/LCM'

 

References:

Avi Onboarding

 


 

Powered by Wolken Software