How to export NSX-T loadbalancer information with PowerCLI? This question popped in my mind after a customer request to generate a list with their loadbalancers and associated virtual servers. This was not as easy as I thought! First of all, the NSX-T userinterface is not very export-friendly and i could not find a way to export data. That doesn’t matter though, because I am an automation kinda guy anyways. So I thought let’s take a look at PowerCLI for NSX-T. So I did work with PowerNSX before and I just assumed something similar would exist for NSX-T, right? Well, no. There is a module called VMware.VimAutomation.Nsxt and it has only four commands. So I dug into the world of NSX-T with PowerCLI and share my experiences with you.

How to make it work

This might sound like captain obvious, but you never know. Connect to NSX-T.

Connect-NsxtServer -Name <em>yournsxserver</em> -Credential $creds

Once connected things get interesting. This modules talks directly to the API and you will need to find out which parts contain the information you need. Personally I try to keep things simple and have some trust in the naming conventions of VMware. It is important to know which information you want to retrieve and it helps if you have any idea what the ‘top-layer’ is in the chain. Let me break this down with the original question in mind.

I want an overview of the available loadbalancers and connected virtual servers. So it makes sense that in this case my starting point would be the loadbalancer, right? Let’s give it a try. I am going to do a simple wildcard search on loadbalancer. This will produce a nice list.

PS D:\scripts> Get-NsxtService *loadbalancer* 
 Name
 com.vmware.nsx.loadbalancer.application_profiles
 com.vmware.nsx.loadbalancer.client_ssl_profiles
 com.vmware.nsx.loadbalancer.monitors
 com.vmware.nsx.loadbalancer.node_usage_summary
 com.vmware.nsx.loadbalancer.persistence_profiles
 com.vmware.nsx.loadbalancer.pools
 com.vmware.nsx.loadbalancer.rules
 com.vmware.nsx.loadbalancer.server_ssl_profiles
 com.vmware.nsx.loadbalancer.services
 com.vmware.nsx.loadbalancer.services.debug_info
 com.vmware.nsx.loadbalancer.services.pools.statistics
 com.vmware.nsx.loadbalancer.services.pools.status
 com.vmware.nsx.loadbalancer.services.statistics
 com.vmware.nsx.loadbalancer.services.status
 com.vmware.nsx.loadbalancer.services.usage
 com.vmware.nsx.loadbalancer.services.virtual_servers.statistics
 com.vmware.nsx.loadbalancer.services.virtual_servers.status
 com.vmware.nsx.loadbalancer.ssl.ciphers_and_protocols
 com.vmware.nsx.loadbalancer.usage_per_node
 com.vmware.nsx.loadbalancer.virtual_servers
 com.vmware.nsx.repository.bundles.upload_allowed
 com.vmware.nsx.repository.bundles.upload_status
 com.vmware.nsx.upgrade.bundles.upload_status

Dive a little deeper

Nice! That looks like something I could use. Still, where to start? On this I am going to make an educated guess. I am looking for the loadbalancer service, so let’s go for loadbalancer.services. I want to know what is in there, so let’s do a list. To do this I will first turn the initial command into a variable and then do a list action. To dive into the information we need you will have to add results. So let’s do this. In the example I did alter the ID’s, so they are not real ID’s.

PS D:\scripts> $lb_info = Get-NsxtService com.vmware.nsx.loadbalancer.services
PS D:\scripts> $lb_info.list().results
Help                   : @{Documentation=; links=; schema=; ..
 enabled                : True
 relax_scale_validation : False
 size                   : MEDIUM
 error_log_level        : INFO
 virtual_server_ids     : {abba11ab-11a1-2222-b3b3-1234567ab890, acca22ab-12a3-2244-c3b8-1244267ff890, etc}
 attachment             : @{Help=; target_id=0a0e1234-a2a6-87cc-2a30-1234567b22f; target_display_name=T1-CCDV-LB01; target_type=LogicalRouter; is_valid=True}
 resource_type          : LbService
 id                     : 1234b5c2-2345-6789-1fa2-1122da3cdabc
 display_name           : CC-LB01
 tags                   : {@{Help=; scope=policyPath; tag=/infra/lb-services/CC-LB01}}
 create_user            : nsx_policy
 create_time            : 1608738181111
 last_modified_user     : nsx_policy
 last_modified_time     : 1621521661111
 system_owned           : False
 protection             : REQUIRE_OVERRIDE
 revision               : 72

In my case there was more than one loadbalancer. So the loadbalancer display_name is something I definitely can retrieve from here with a simple foreach loop. However, this won’t give you the connected virtual servers. The only thing we can retriever here are the virtual_server_ids. So let’s do some further testing. I think I want a list of virtual server id’s per loadbalancer. How to do this? For this you will need to use the get() command and use the id of the desired loadbalancer between the brickets. How do I know it has to be the id? I use a simple trick, just by making the command fail and read the output. Like this.

PS D:\scripts> $lb_info.get()
 The path variable {service-id} in the url has not been resolved.
<<em>now use the id</em> from above> 
PS D:\scripts> $lb_info.get('1234b5c2-2345-6789-1fa2-1122da3cdabc').display_name
<em><will display the name of the loadbalancer</em>>
PS D:\scripts> $lb_info.get('1234b5c2-2345-6789-1fa2-1122da3cdabc').virtual_server_ids
<<em>will give a list of virtual servers belonging to the loadbalancer</em>>

The same trick applies to virtual servers. Take a look in the wildcard list above and find com.vmware.nsx.loadbalancer.virtual_servers. Turn this into into a variable, $vs_info for instance. And then try to retrieve a display name from any of the virtual_server_ids you found earlier. It would look like this.

PS D:\scripts> $vs_info = Get-NsxtService com.vmware.nsx.loadbalancer.virtual_servers
PS D:\scripts> $vs_info.get('abba11ab-11a1-2222-b3b3-1234567ab89')
Help                       : @{Documentation=; links=; 
 enabled                    : True
 access_log_enabled         : False
 ip_address                 : 12.12.123.12
 port                       : 80
 ports                      : {80}
 default_pool_member_port   : 8006
 default_pool_member_ports  : {8006}
 ip_protocol                : TCP
 pool_id                    : <a pool id number>
 application_profile_id     : <an application profile number>
 client_ssl_profile_binding : @{Help=; ssl_profile_id= 
 log_significant_event_only : False
 resource_type              : LbVirtualServer
 id                         : 1234b5c2-2345-6789-1fa2-1122da3cdabc
 display_name               : codecrusaders_vip
 tags                       : {@{Help=;}}

How to turn it into a working PowerCLI script

Now, how do you stitch all this together? Well, this is actually quite simple. Once you know how to retrieve information from the id’s, possibilities are endless. I decided that I want an overview of each Virtual Server per loadbalancer. When applicable each server has to list: Virtual Server, Virtual Server IP, Virtual Server port, Virtual Server Default Pool Member Port, Pool Name, Application Profile ID, SSL Profile ID, Certificate, Virtual Server Enabled. Then I want to export this to a CSV.

This seems quite a list, the code to do this however is remarkably short. Let’s see what I did.

# Connect to NSX-T
Connect-NsxtServer -Name <em>yournsxserver</em> -Credential $creds

# get lists of Load Balancers and Virtual Servers
$lb_svc = Get-NsxtService com.vmware.nsx.loadbalancer.services
$lb_vs = Get-NsxtService com.vmware.nsx.loadbalancer.virtual_servers 
$lb_pools = Get-NsxtService com.vmware.nsx.loadbalancer.pools
$ssl_profiles = Get-NsxtService com.vmware.nsx.loadbalancer.client_ssl_profiles
$certificates = Get-NsxtService com.vmware.nsx.trust_management.certificates
$app_profiles = Get-NsxtService com.vmware.nsx.loadbalancer.application_profiles

# retrieve a list of Load Balancer ID's
$lb_ids = $lb_svc.list().results.id

foreach ($lb_id in $lb_ids) {
    $lb_vs_ids = $lb_svc.get("$lb_id").virtual_server_ids   # retrieve list of virtual machine ID's per LB
    foreach ($vs_id in $lb_vs_ids) {
        $lb_vs.get("$vs_id") | Select-Object @{N='Load Balancer';E={$lb_svc.get("$lb_id").display_name}},
        @{N='Virtual Server';E={$_.display_name}}, # Search virtual machine ID's and match them with a name + create table
        @{N='Virtual Serper IP';E={$_.ip_address}},
        @{N='Virtual Server port';E={$_.ports}},
        @{N='Virtual Server Default Pool Member Port';E={$_.default_pool_member_ports}},
        @{N='Pool Name';E={$lb_pools.get($_.pool_id).display_name}},
        @{N='Application Profile ID';E={$app_profiles.get($_.application_profile_id).display_name}},
        @{N='SSL Profile ID';E={$ssl_profiles.get($_.client_ssl_profile_binding.ssl_profile_id).display_name}},
        @{N='Certificate';E={$certificates.get($_.client_ssl_profile_binding.default_certificate_id).display_name}},
        @{N='Virtual Server Enabled';E={$_.enabled}} | Export-Csv .\output\lb_report.csv -NoTypeInformation -UseCulture -Append
    }
}

This wil create a CSV file with all the information I need. For readability to my customer I then can open it in Excel and turn the data into a good looking table with headers and search option. Pretty cool!

Ofcourse there are many options possible and routes to take. This code is focussed on the loadbalancer, but it doesn’t have to be just that. It’s even possible to create, I recommend reading the the examples that come with the module commands.

Conclusion

In my previous blog post I promised to write something technical about kubernetes, don’t worrry, that is still in the pipeline! This however came in between. I couldn’t find a whole lot on this on the internet and since I had good fun playing around with it I decided to make it a post. It’s a fun way to discover NSX-T with PowerCLIand I can recommend trying this out. Thanks for reading!