PowerCLI - VMware Cloud on AWS Module Usage
VMware Cloud on AWS is a new on-demand service that enables you to run applications across vSphere-based environments plus access to a broad range of AWS services. PowerCLI already helps to automate your VMware Cloud on AWS tasks! This includes tasks such as creating SDDCs, adding or removing ESXi hosts, managing firewall rules, and so forth. The VMware Cloud on AWS (VMC) module was released as a low-level, API access only, module and will feature the following cmdlets:
- Connect-VMC
- Disconnect-VMC
- Get-VmcService
Let’s take a look at how we can get started using this new module.
Getting Started
When getting started with the VMC module, we’ll notice immediately that it has a little different authentication process than the other PowerCLI connection cmdlets. This module requires you first acquire the OAuth Refresh Token from the VMware Cloud Console:
Copy the refresh token, open a new PowerShell session, and connect to the VMC service with the following command:
Connect-Vmc -RefreshToken xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx
Now that we are connected, let’s start by doing some discovery. The more you work with this module, and the VMC API as a whole, the more you’ll notice the need to be able to easily recall the organization (Org) ID. Therefore, let’s start by looking into how we can discover information about our org.
First, we want to figure out what the service is itself with the Get-VmcService
cmdlet. Notice that we can use the standard PowerShell filtering and wildcard usage to help make the discovery process a bit simpler. Example code:
Get-VmcService *orgs
Next, we’ll make use of the Get-Member
cmdlet which will show us the available properties and methods for each issued command. We can pipeline the return from the ‘com.vmware.vmc.orgs’ service to the Get-Member
cmdlet and discover there’s a ‘Get’ and a ‘List’ method available. Since we don’t have any current information about the Orgs within this environment, we’ll opt for the ‘List’ method. Example code:
$orgSvc = Get-VmcService com.vmware.vmc.orgs
$orgSvc | Get-Member
$orgSvc.list()
Now that we have our org information, the next thing we will want to discover is information about the org’s SDDC. That information can be found with the following commands:
$sddcSvc = Get-VmcService com.vmware.vmc.orgs.sddcs
$sddcSvc.list($org.Id)
Notice, there’s quite a bit of information to parse through. Let’s look at a simple way to pull out some information about the SDDC’s ESXi hosts. Example code:
$sddc = $sddcSvc.list($org.id)
$sddc.resource_config.esx_hosts | select Name,Hostname,Provider,esx_state
VMware Cloud on AWS uses NSX under the covers to provision all of the networking. Therefore, we will also want to have an understanding of the Edge nodes that are available in the environment. This information is actually in a separate service. Remembering what we’ve done previously, here’s some example code to discover some basic information about the SDDC’s Edge nodes:
$edgeSvc = Get-VmcService *edges
$edges = $edgeSvc.get($org.id, $sddc.id).edge_page.data
$edges | select Name,id,edge_type,state,edge_status | ft -AutoSize
Another good area to be aware of in your SDDC are the firewall rules. These are also easily retrievable through the ‘Get-VmcService’ cmdlet as well. Example of the firewall rules associated with the edge-2 node:
$fwConfigSvc = Get-VmcService *firewall.config
$fwConfigE2 = $fwConfigSvc.get($tmmOrg.id,$tmmsddc.id,'edge-2')
$fwConfigE2.firewall_rules.firewall_rules | select Name,rule_id,enabled,action,description
Last example, let’s do something exciting! How about we automate the creation of an SDDC?
This is going to require quite a bit of what we’ve learned so far, plus some new tricks. We can find the ‘Create’ method against the com.vmware.vmc.orgs.sddc service. We see that input requires the Org ID and an ‘sddc_config’ input. This is where it gets tricky.
If we remember back in the PowerCLI 6.5.3 release, there was the addition of the ‘Create’ method to a couple cmdlets. This method is also available with the Get-VmcService
cmdlet. The whole point of this method is to allow us to create a specification in an easy manner. For this example, we’re reference the ‘sddcSvc’ variable, the ‘Help’ property, then the create property. This shows us a property of ‘sddc_config’. This is the specification we’ll need to use. The ‘sddc_config’ property has this ‘Create’ method available so we can automatically build out the specification. Pretty simple, right? We’re not quite done quite yet though. Each SDDC can have multiple VPC subnets. Therefore, we also need to populate the spec’s ‘customer_subnet_ids’ list object with the ‘Add’ method. Example code:
$sddcCreateSpec = $sddcSvc.Help.create.sddc_config.Create()
$sddcCreateSpec.Name = "PowerCLI_SDDC"
$sddcCreateSpec.Provider = "AWS"
$sddcCreateSpec.region = "US_WEST_2"
$sddcCreateSpec.num_hosts = "4"
$accountLinkSpec = $sddcSvc.Help.create.sddc_config.account_link_sddc_config.Element.Create()
$accountLinkSpec.connected_account_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$custSubId0 = $sddcSvc.Help.create.sddc_config.account_link_sddc_config.Element.customer_subnet_ids.Element.Create()
$custSubId0 = "subnet-xxxxxxxx"
$accountLinkSpec.customer_subnet_ids.Add($custSubId0)
$sddcCreateSpec.account_link_sddc_config.Add($accountLinkSpec)
$newSddc = $sddcSvc.create($org.Id, $sddcCreateSpec)
The output above from our last create method is a task object. There’s a service for those too!
Since the call we made is asynchronous, you can also have a bit of fun and build a progress checker as well! Here’s some example code I tossed together while waiting on the SDDC to deploy:
$taskSvc = Get-VmcService *task*
$progPercent = 0
while ($progPercent -ne 100) {
$tempOut = $taskSvc.list($org.id) | Where-Object {$_.task_type -eq 'SDDC-PROVISION' -and $_.resource_id -eq $newSddc.resource_id} | sort updated | select -last 1
$screenOut = "" | select PercentComplete, MinutesRemaining
$screenOut.PercentComplete = $tempOut.progress_percent
$screenOut.MinutesRemaining = $tempOut.estimated_remaining_minutes
$screenOut
$progPercent = $tempOut.progress_percent
Start-Sleep -Seconds 60
}
Summary
VMware Cloud on AWS is a fantastic new service that enables you to run applications across vSphere environments as well as accessing a broad range of AWS services. Within this service, PowerCLI is one of the best ways to automate your VMware Cloud on AWS tasks! In this blog post we covered how to discover the available services, explore was methods are available as actions against each of those services, and how to start interacting with those services. We obtained detailed information about our organization, that org’s SDDC and its accompanied configuration including firewall rules, and then had some fun while deploying a brand new SDDC! Check PowerCLI’s functionality in your own VMware Cloud on AWS environment today!