In NSX-T federation, if the primary site running active global manager failed then the global manager in secondary site needs to be promoted as active manually or through api.
To automate this along with SRM recovery, I have created a simple shell script to call from SRM appliance when the recovery plan named globa-manager-recovery (you can use any name and update in script) runs. The principle identity authentication is not working, so I used encoded credentials to authenticate with NSX api.
I placed the script in both primary and recovery SRM appliance to call and make global manager active during fail over and fail back accordingly. I used shell scrip because it doesn't require any library/api dependency.
Placed this script under /home/admin/global-manager-recovery.sh in recovery site-A SRM appliance.
to encode the credential i used echo -n "username:password" | base64
nsxgfqdn="site-B-NSX-fqdn/IP"
gmdisplayName="Site-B-GM"
cred="YWRtaW46Vk13YXJlQDEhVk13YXJlQDEh"
recovery_plan="global-manager-recovery"
if [ $VMware_RecoveryMode == 'recovery' ] && [ $VMware_RecoveryName == $recovery_plan ]
then
gmID=`curl -k -s -X GET -H "Authorization:Basic $cred" https://$nsxgfqdn/global-manager/api/v1/search/query?query=display_name:$gmdisplayName AND resource_type:GlobalManager | grep "id" | awk '{print $3}' | cut -d '"' -f 2 | tail -n 1`
curl -k -s -X PATCH https://$nsxgfqdn/global-manager/api/v1/global-infra/global-managers/$gmID \
-H "Content-Type: application/json" \
-H "Authorization:Basic $cred" \
-d "{\"display_name\":\"$gmdisplayName\",\"mode\":\"ACTIVE\"}"
fi
Placed same script with other nsx server fqdn/credentials under /home/admin/global-manager-recovery.sh in primary site SRM appliance this will be called during fail back if we want reverse the NSX global manager active state during fail back.
nsxgfqdn="site-A-NSX-fqdn/IP"
gmdisplayName="Site-A-GM"
cred="YWRtaW46Vk13YXJlQDEhVk13YXJlQDEh"
recovery_plan="global-manager-recovery"
if [ $VMware_RecoveryMode == 'recovery' ] && [ $VMware_RecoveryName == $recovery_plan ]
then
gmID=`curl -k -s -X GET -H "Authorization:Basic $cred" https://$nsxgfqdn/global-manager/api/v1/search/query?query=display_name:$gmdisplayName AND resource_type:GlobalManager | grep "id" | awk '{print $3}' | cut -d '"' -f 2 | tail -n 1`
curl -k -s -X PATCH https://$nsxgfqdn/global-manager/api/v1/global-infra/global-managers/$gmID \
-H "Content-Type: application/json" \
-H "Authorization:Basic $cred" \
-d "{\"display_name\":\"$gmdisplayName\",\"mode\":\"ACTIVE\"}"
fi
Fig 1
Include in recovery plan step 6 to call this script from SRM.
Fig 2
Fig 2, Global manager recover script as Command on SRM server
NSX-T version and global manager status before and after recovery Fig 3/Fig4
Fig 3
Fig 4
Comments