top of page
  • Rajeshkumar M
    • Oct 9, 2022
    • 2 min read

SRM Environment variable to control NSX-T reconfiguration script runs only on actual recovery

Updated: Jan 27

I had a use case to have an isolated T1 in recovery site and I need that T1 will be attached to my recovery site T0 via script only on the actual recovery. I use Site recovery manager isolated network to run my test recovery so my script must not run on the test recovery. I found there are several environment variables are in VMware Site recovery manager, I used the below two environment variables to control my script execution.

  • VMware_RecoveryName - this will have the recovery plan name being executing

  • VMware_RecoveryMode – this will have the value as recovery if it's an actual recovery and the value will be test if it’s test recovery

In my shell script I have if condition with the SRM environmental variable to validate whether it’s actual recovery or test recovery and attaches the T1 to T0 on my recovery site. Fqdn, credentials and T1, T0 path variables also defined in the script to change respectively. The T0/T1 path can be get from below API call. 


GET https://<policy-mgr>/policy/api/v1/infra/tier-1s
GET https://<policy-mgr>/policy/api/v1/infra/tier-0s

if it's global T1/T0. In my case my T0 is global configuration

GET https://<policy-mgr>/policy/api/v1/global-infra/tier-1s
GET https://<policy-mgr>/policy/api/v1/global-infra/tier-0s

This script uses NSX-T principle identity, please refer my other article for principle identity user.


attach-recovery-network.sh

#!/bin/bash

nsxtFqdn="site-b-nsx.domain.local"
certFile="/home/admin/scriptuser.pem"
t1path="infra/tier-1s/T1-GW-Recover-NW"
t0path="global-infra/tier-0s/Stretched-T0"
logfile="/home/admin/script.log"
recovery_plan="recovery-with-custom-script"

currentDate=`date +"%Y-%m-%d %T"`

echo "$currentDate custome script" >> $logfile

if [ $VMware_RecoveryMode == 'recovery' ] && [ $VMware_RecoveryName == $recovery_plan ]
then
    currentDate=`date +"%Y-%m-%d %T"`
    echo "$currentDate Recovery Plan $VMware_RecoveryName running" >> $logfile
    sleep 2
    revisionNum=$(curl -k -s --cert $certFile \
               -X GET https://$nsxtFqdn/policy/api/v1/$t1path \
               | grep "_revision" | awk '{print $3}' | cut -d '"' -f 2)
    currentDate=`date +"%Y-%m-%d %T"`
    echo "Revision Numbar $revisionNum " >> $logfile

    currentDate=`date +"%Y-%m-%d %T"`
    echo "$currentDate Attach $t0path to $t1path" >> $logfile
    curl -k -s --cert $certFile -X PATCH https://$nsxtFqdn/policy/api/v1/$t1path \
    -H "Content-Type: application/json" \
    -d "{\"tier0_path\":"\"/$t0path"\",\"_revision\":$revisionNum}"

else
    currentDate=`date +"%Y-%m-%d %T"`
    echo "$currentDate Test $VMware_RecoveryName recovery" >> $logfile
fi

Fig 1

Fig 1, SRM recovery plan with the command field named Attache-Recovery-Network to run the script. Site A is my primary and Site B is my recovery site.


Fig 2

Fig 2, Script configured with the path on my recovery(Site B) site SRM appliance.


Fig 3

Fig 3, The T1 used on my recovery site


I have modified same script to detach T1 form T0 on failback. This script can be placed on the other side(Site A) SRM appliance.


attach-recovery-network.sh on Failback


#!/bin/bash

nsxtFqdn="site-b-nsx.domain.local"
certFile="/home/admin/scriptuser.pem"

t1path="infra/tier-1s/T1-GW-Recover-NW"
t0path="global-infra/tier-0s/Stretched-T0"

logfile="/home/admin/script.log"
recovery_plan="recovery-with-custom-script"

currentDate=`date +"%Y-%m-%d %T"`

echo "$currentDate custome script" >> $logfile

if [ $VMware_RecoveryMode == 'recovery' ] && [ $VMware_RecoveryName == $recovery_plan ]
then
    currentDate=`date +"%Y-%m-%d %T"`
    echo "$currentDate Recovery Plan $VMware_RecoveryName running" >> $logfile
    sleep 2
    revisionNum=$(curl -k -s --cert $certFile \
               -X GET https://$nsxtFqdn/policy/api/v1/$t1path \
               | grep "_revision" | awk '{print $3}' | cut -d '"' -f 2)
    currentDate=`date +"%Y-%m-%d %T"`
    echo "Revision Numbar $revisionNum" >> $logfile

    currentDate=`date +"%Y-%m-%d %T"`
    echo "$currentDate Dettach $t0path to $t1path" >> $logfile
    curl -k -s --cert $certFile -X PATCH https://$nsxtFqdn/policy/api/v1/$t1path \
    -H "Content-Type: application/json" \
    -d "{\"tier0_path\":\"\",\"_revision\":$revisionNum}"

else
    currentDate=`date +"%Y-%m-%d %T"`
    echo "$currentDate Test $VMware_RecoveryName recovery" >> $logfile
fi


57 views0 comments

Recent Posts

See All

I would like to share how I tested the SaltStack VMware module for NSX-T desired state configuration and issues. First installed python on my Linux machine then installed salt stack with bootstrap scr

In my previous article, I used a script to automate load balancer configuration during recovery via script. The script uses principle identity to authenticate with NSX-T. I have created a principle id

NSX-T TAG’s are location specific, if we create any group based on the TAG to apply global distributed firewall rule, the rule will not get applied at recovery site since the recovery site doesn’t hav

bottom of page