How to update the NSX cloud account with new VIP/LB address
search cancel

How to update the NSX cloud account with new VIP/LB address

book

Article ID: 417316

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

  • Update NSX Manager endpoint in Aria Automation Cloud Accounts to use new AVI load-balancing VIP/hostname without removing existing accounts.
  • Direct update of NSX cloud account endpoint is not supported via GUI; removal and re-addition disrupts operations.

Environment

  • VMware Aria Automation 8.x

Resolution

  • Before you proceed take snapshot and backup of the Automation cluster.
  • This is only when changing the VIP/Hostname of the NSX manager, and not changing the NSX manager itself, i.e. there is no change in the management plane objects of the NSX.
  • To update the NSX cloud account endpoint, you can make the following request:

PATCH /iaas/api/cloud-accounts/<id>?apiVersion=2021-07-15

{
"cloudAccountType": "nsxt",
"name": "<account-name>",
"privateKeyId": "<username>",
"privateKey": "<password>",
"associatedCloudAccountIds": ["<vcenter-account-id>"],
"cloudAccountProperties": {
"acceptSelfSignedCertificate": "false",
"certificate": "-----BEGIN CERTIFICATE-----\n<certificate>\n-----END CERTIFICATE-----",
"privateKeyId": "<username>",
"privateKey": "<password>",
"hostName": "<new-vip>",
"use.policy.api": "true"
}
}

  • Note: it is important to pass the certificate as it likely was changed or at least its CN or SAN fields were changed due to the new VIP/hostname.
    This will persist the certificate in the provisioning service truststore and will allow data-collection and interaction with the NSX through the new VIP.

  • The above call will return an in-progress request:

    {
    "progress": 0,
    "status": "INPROGRESS",
    "name": "Cloud account creation/update",
    "id": "xxxxxxxxxxxxxxxxxxxxxxxxxx",
    "selfLink": "/iaas/api/request-tracker/xxxxxxxxxxxxxxxxx"
    }

  • You can get the status of the request by calling:

GET /iaas/api/request-tracker/<id>?apiVersion=2021-07-15

With an example response on success:

{
  "progress": 100,
  "status": "FINISHED",
  "resources": [
    "/iaas/api/cloud-accounts/xxxxxxxxxxxxxxxxxxxxxxx"
  ],
  "name": "Cloud account creation/update",
  "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "selfLink": "/iaas/api/request-tracker/xxxxxxxxxxxxxxxxxxxxxxxxx"
}

Or an example response on error:

{
  "progress": 0,
  "message": "com.vmware.xenon.common.LocalizableValidationException: Operation failed: Changing the NSX-T API mode of an existing endpoint is not supported",
  "status": "FAILED",
  "name": "Cloud account creation/update",
  "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "selfLink": "/iaas/api/request-tracker/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}

Powered by Wolken Software