top of page
  • Rajeshkumar M
    • Jul 20, 2023
    • 2 min read

SRM - Automatic NSX-T Global Manager Active/Passive during recovery


In NSX-T federation, if the primary site running active global manager failed then the global manager in secondary site needs to be promoted as active manually or through api.

To automate this along with SRM recovery, I have created a simple shell script to call from SRM appliance when the recovery plan named globa-manager-recovery (you can use any name and update in script) runs. The principle identity authentication is not working, so I used encoded credentials to authenticate with NSX api.


I placed the script in both primary and recovery SRM appliance to call and make global manager active during fail over and fail back accordingly. I used shell scrip because it doesn't require any library/api dependency.


Placed this script under /home/admin/global-manager-recovery.sh in recovery site-A SRM appliance.


to encode the credential i used echo -n "username:password" | base64

nsxgfqdn="site-B-NSX-fqdn/IP"
gmdisplayName="Site-B-GM"
cred="YWRtaW46Vk13YXJlQDEhVk13YXJlQDEh"
recovery_plan="global-manager-recovery"
if [ $VMware_RecoveryMode == 'recovery' ] && [ $VMware_RecoveryName == $recovery_plan ]
then
gmID=`curl -k -s -X GET -H "Authorization:Basic $cred" https://$nsxgfqdn/global-manager/api/v1/search/query?query=display_name:$gmdisplayName AND resource_type:GlobalManager | grep "id" | awk '{print $3}' | cut -d '"' -f 2 | tail -n 1`
curl -k -s -X PATCH https://$nsxgfqdn/global-manager/api/v1/global-infra/global-managers/$gmID \
    -H "Content-Type: application/json" \
    -H "Authorization:Basic $cred" \
    -d "{\"display_name\":\"$gmdisplayName\",\"mode\":\"ACTIVE\"}"
fi

Placed same script with other nsx server fqdn/credentials under /home/admin/global-manager-recovery.sh in primary site SRM appliance this will be called during fail back if we want reverse the NSX global manager active state during fail back. 


nsxgfqdn="site-A-NSX-fqdn/IP"
gmdisplayName="Site-A-GM"
cred="YWRtaW46Vk13YXJlQDEhVk13YXJlQDEh"
recovery_plan="global-manager-recovery"
if [ $VMware_RecoveryMode == 'recovery' ] && [ $VMware_RecoveryName == $recovery_plan ]
then
gmID=`curl -k -s -X GET -H "Authorization:Basic $cred" https://$nsxgfqdn/global-manager/api/v1/search/query?query=display_name:$gmdisplayName AND resource_type:GlobalManager | grep "id" | awk '{print $3}' | cut -d '"' -f 2 | tail -n 1`
curl -k -s -X PATCH https://$nsxgfqdn/global-manager/api/v1/global-infra/global-managers/$gmID \
    -H "Content-Type: application/json" \
    -H "Authorization:Basic $cred" \
    -d "{\"display_name\":\"$gmdisplayName\",\"mode\":\"ACTIVE\"}"
fi





Fig 1




Include in recovery plan step 6 to call this script from SRM.





Fig 2


Fig 2, Global manager recover script as Command on SRM server








NSX-T version and global manager status before and after recovery Fig 3/Fig4





Fig 3




Fig 4

43 views0 comments

Recent Posts

See All

vSphere Tags to NSX-T Tags

I created a simple powercli script to copy the vSphere Tags to NSX-T, it helped me to copy the NSX-T tags on the recovery VM's in non-federated/local NSX-T managers. Since SRM retain the vSphere TAG's

vIDM Locl user password reset without email link

When resetting config admin or any local user password in VMware identity manager will trigger an email link, if in case the smtp is not working/configured we can use API call to reset the password. Y

Copy NSX-T group's shell script

Automated copy of NSX-T local group to another NSX-T #!/bin/bash #source and destination credentials susername="username" spassword="password" dusername="username" dpassword="password" sfqdn="nsx-l-01

bottom of page