top of page
  • Rajeshkumar M

SRM Environment variable to control NSX-T reconfiguration script runs only on actual recovery

Updated: Jan 27, 2023

I had a use case to have an isolated T1 in recovery site and I need that T1 will be attached to my recovery site T0 via script only on the actual recovery. I use Site recovery manager isolated network to run my test recovery so my script must not run on the test recovery. I found there are several environment variables are in VMware Site recovery manager, I used the below two environment variables to control my script execution.

  • VMware_RecoveryName - this will have the recovery plan name being executing

  • VMware_RecoveryMode – this will have the value as recovery if it's an actual recovery and the value will be test if it’s test recovery

In my shell script I have if condition with the SRM environmental variable to validate whether it’s actual recovery or test recovery and attaches the T1 to T0 on my recovery site. Fqdn, credentials and T1, T0 path variables also defined in the script to change respectively. The T0/T1 path can be get from below API call.


GET https://<policy-mgr>/policy/api/v1/infra/tier-1s
GET https://<policy-mgr>/policy/api/v1/infra/tier-0s

if it's global T1/T0. In my case my T0 is global configuration

GET https://<policy-mgr>/policy/api/v1/global-infra/tier-1s
GET https://<policy-mgr>/policy/api/v1/global-infra/tier-0s

This script uses NSX-T principle identity, please refer my other article for principle identity user.


attach-recovery-network.sh

#!/bin/bash

nsxtFqdn="site-b-nsx.domain.local"
certFile="/home/admin/scriptuser.pem"
t1path="infra/tier-1s/T1-GW-Recover-NW"
t0path="global-infra/tier-0s/Stretched-T0"
logfile="/home/admin/script.log"
recovery_plan="recovery-with-custom-script"

currentDate=`date +"%Y-%m-%d %T"`

echo "$currentDate custome script" >> $logfile

if [ $VMware_RecoveryMode == 'recovery' ] && [ $VMware_RecoveryName == $recovery_plan ]
then
    currentDate=`date +"%Y-%m-%d %T"`
    echo "$currentDate Recovery Plan $VMware_RecoveryName running" >> $logfile
    sleep 2
    revisionNum=$(curl -k -s --cert $certFile \
               -X GET https://$nsxtFqdn/policy/api/v1/$t1path \
               | grep "_revision" | awk '{print $3}' | cut -d '"' -f 2)
    currentDate=`date +"%Y-%m-%d %T"`
    echo "Revision Numbar $revisionNum " >> $logfile

    currentDate=`date +"%Y-%m-%d %T"`
    echo "$currentDate Attach $t0path to $t1path" >> $logfile
    curl -k -s --cert $certFile -X PATCH https://$nsxtFqdn/policy/api/v1/$t1path \
    -H "Content-Type: application/json" \
    -d "{\"tier0_path\":"\"/$t0path"\",\"_revision\":$revisionNum}"

else
    currentDate=`date +"%Y-%m-%d %T"`
    echo "$currentDate Test $VMware_RecoveryName recovery" >> $logfile
fi

Fig 1

Fig 1, SRM recovery plan with the command field named Attache-Recovery-Network to run the script. Site A is my primary and Site B is my recovery site.


Fig 2

Fig 2, Script configured with the path on my recovery(Site B) site SRM appliance.


Fig 3

Fig 3, The T1 used on my recovery site


I have modified same script to detach T1 form T0 on failback. This script can be placed on the other side(Site A) SRM appliance.


attach-recovery-network.sh on Failback


#!/bin/bash

nsxtFqdn="site-b-nsx.domain.local"
certFile="/home/admin/scriptuser.pem"

t1path="infra/tier-1s/T1-GW-Recover-NW"
t0path="global-infra/tier-0s/Stretched-T0"

logfile="/home/admin/script.log"
recovery_plan="recovery-with-custom-script"

currentDate=`date +"%Y-%m-%d %T"`

echo "$currentDate custome script" >> $logfile

if [ $VMware_RecoveryMode == 'recovery' ] && [ $VMware_RecoveryName == $recovery_plan ]
then
    currentDate=`date +"%Y-%m-%d %T"`
    echo "$currentDate Recovery Plan $VMware_RecoveryName running" >> $logfile
    sleep 2
    revisionNum=$(curl -k -s --cert $certFile \
               -X GET https://$nsxtFqdn/policy/api/v1/$t1path \
               | grep "_revision" | awk '{print $3}' | cut -d '"' -f 2)
    currentDate=`date +"%Y-%m-%d %T"`
    echo "Revision Numbar $revisionNum" >> $logfile

    currentDate=`date +"%Y-%m-%d %T"`
    echo "$currentDate Dettach $t0path to $t1path" >> $logfile
    curl -k -s --cert $certFile -X PATCH https://$nsxtFqdn/policy/api/v1/$t1path \
    -H "Content-Type: application/json" \
    -d "{\"tier0_path\":\"\",\"_revision\":$revisionNum}"

else
    currentDate=`date +"%Y-%m-%d %T"`
    echo "$currentDate Test $VMware_RecoveryName recovery" >> $logfile
fi


59 views0 comments

Recent Posts

See All

vSphere Tags to NSX-T Tags

I created a simple powercli script to copy the vSphere Tags to NSX-T, it helped me to copy the NSX-T tags on the recovery VM's in non-federated/local NSX-T managers. Since SRM retain the vSphere TAG's

vIDM Locl user password reset without email link

When resetting config admin or any local user password in VMware identity manager will trigger an email link, if in case the smtp is not working/configured we can use API call to reset the password. Y

Comments


bottom of page