Automate NSX with Powershell without using the PowerNSX module

Currently, I’m working on a migration project where we are migrating VMs from a non-NSX legacy environment to a brand new NSX-enabled infrastructure. During the migration, I needed to apply NSX Security Tags in the destination environment. The tags needed to be applied based on the environment type e.g. Production and Development. And  I thought; Yeah! PowerNSX is going to make my life more easier now.

Unfortunately, I wasn’t able to connect to the NSX manager via PowerNSX. Even installed all of the latest updates and patches, but that didn’t solve the problem. It kept throwing error messages when I was trying to connect. As you can see in the print screen below.
2018-05-30 16_10_17-powernsx error
This might be a compatibility issue since I was connecting to an NSX Manager 6.2.5 version, and I’m not sure PowerNSX is compatible with this NSX version. If somebody has successfully used PowerNSX with this NSX version please let me know!

Since I desperately needed to automate some things because of the amount of VMs in this environment I needed to think of something else. Create a script which talks to the API, yes, of course, that will do! So I created a script which was invoking the NSX Manager API via the native Powershell command: ”Invoke-Restmethod”. With this script, I was able to successfully logon to the NSX manager, doing API calls and pushing stuff to the NSX manager.

In order to use this script you need to know the identifier of your security tag. You can find this by doing an API call to your NSX manager: /api/2.0/services/securitytags/tag. For example with Postman. Refer to Mark Brookfield’s his blogpost for a detailed explanation how to use Postman with the VMware NSX API.

Please feel free to use the script, and adjust it to your own needs. If you have any questions don’t hesitate to reach out to me!

###########################################################################
#### PowerNSX Script to invoke the NSX Manager API and applying security tags to VMs (without using PowerNSX) 
#### Version: v1.0 
#### Contact: wgeelhoed (at) itq.nl 
#### Company: ITQ 
###########################################################################

##Infra-Info##
$vcenterserver = ‘vcenter@fqnd.local’
$vcenteradmin = ‘administrator@vsphere.local’
$vcenterpw = ‘password’
$vmlist = import-csv -path C:\pathto.csv
$securitytagproduction = “securitytag-12” #NSX Security Tag Identifier#
$securitytagdevelopment = “securitytag-13” #NSX Security Tag Identifier#

Get-Module -ListAvailable VMware* | Import-Module

##Connection and details##
Connect-VIServer $vcenterserver -user $vcenteradmin -Password $vcenterpw

##NSX Manager Login Credentials##
$user = “admin”
$userpw = “password”
$pair = “${user}:${userpw}

##Encode the string to the RFC2045-MIME variant of Base64, except not limited to 76 char/line.##
$bytes = [System.Text.Encoding]::ASCII.GetBytes($pair)
$base64 = [System.Convert]::ToBase64String($bytes)

##Create the Auth value as the method, a space, and then the encoded pair Method Base64String##
$basicAuthValue = “Basic $base64

##Create the header Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==##
$credentials = @{ Authorization = $basicAuthValue }

foreach ($vm in $vmlist)
{
$vm = $vm.vmname
$tag = Invoke-RestMethod -uri https://nsx-manager.fqdn.local/api/2.0/services/securitytags/tag -Headers $credentials -method get
$vmmoida = Get-VM -Name $vm
$vmmoid = $vmmoida.Id
$vmmoid_regex = $vmmoid -replace “VirtualMachine-”

if (($vm) -match “SRV”) {Write-host Setting Production $securitytagproduction to VM $vm -ForegroundColor Green
$applytag = Invoke-RestMethod -method put -uri https://nsx-manager.fqdn.local/api/2.0/services/securitytags/tag/$securitytagproduction/vm/$vmmoid_regex -Headers $credentials}

else {Write-host Setting Development $securitytagdevelopment to VM $vm -ForegroundColor Green
$applytag = Invoke-RestMethod -method put -uri https://nsx-manager.fqdn.local/api/2.0/services/securitytags/tag/$securitytagdevelopment/vm/$vmmoid_regex -Headers $credentials }

}

*tested with NSX 6.2.5 and NSX 6.4.0

Sources:
– vmware.com
– microsoft.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s