In my first post on HLM configuration using API, I explained how to configure HLM using API through Cloud VC. If you haven’t still read that post, I would highly recommend you do. In this post I am going to touch upon how to configure HLM using API but from vCenter cloud gateway appliance (VCGA).
Setting up HLM from vCenter cloud gateway is three step process
1. Deploying vCenter cloud gateway appliance using official documentation
2. Making sure prerequisite for linking with Cloud Gateway Appliance are met
3. Configuring HLM from UI or using API. In our case, we would do from API
As I mentioned in my last post, API itself does not change, it is just that API end-point will be vCenter cloud gateway appliance and input parameters we pass will be changed. Lets take a look.
POST: https://<VCG IP>/rest/hvc/links
VCG IP is the IP address of the deployed vCenter cloud gateway appliance
Below is the JSON payload this API takes in . Note thumprint is optional param
{
“spec”: {
“port”: “443”,
“domain_name”: “vmc.local”,
“username”: “cloudadmin@vmc.local”,
“ssl_thumbprint”: “E9:BD:29:9F:D6:15:4F:B7:C8:90:2C:19:03:61:HB:7A:AD:FB:B1:1E”,
“admin_groups”: [
” yourcloudadmingroup@yourdomain.local “
],
“password”: “VMware123!”,
“psc_hostname”: “Cloud PSC IP or FQDN”
}
}
Let us go over each parameter passed
port: 443 is default port for communication between VCG and Cloud VC (can be custom port also)
domain_name: Cloud VC PSC default SSO domain (its vmc.local)
username, password, psc_hostname: Cloud VC PSC credentials (PSC is always embedded in case of VMware cloud on AWS deployment)
ssl_thumbprint : Note that this parameter is optional, it will work fine even if you do not pass this param or if you pass value as blank. If you want to pass, this is Cloud PSC SSL thumbprint, you can get it using one of the ways posted here . I am going to write a post on how to get vCenter/PSC thumbprint using API itself, please stay tuned.
admin_groups: here you specify cloud administrator group(s). Before configuring HLM linking , identity source must be configured on Onprem and cloud admin group(s) must be given global permissions. Note that identity source need not be configured on Cloud VC, refer this KB
Note: Above API can be called from H5C API-explorer or Postman/any REST client or python script as specified below
I used the same python script used for HLM linking with Cloud VC but using VCG IP as end-point & passing inputs as described above. I see it was successful as expected & I was able to see both VCs together when logged in as user from cloudadmin group configured at HLM linking.
Vikas Shitole is a Staff engineer 2 at VMware (by Broadcom) India R&D. He currently contributes to core VMware products such as vSphere, VMware Private AI foundation and partly VCF . He is an AI and Kubernetes enthusiast. He is passionate about helping VMware customers & enjoys exploring automation opportunities around core VMware technologies. He has been a vExpert since last 11 years (2014-24) in row for his significant contributions to the VMware communities. He is author of 2 VMware flings & holds multiple technology certifications. He is one of the lead contributors to VMware API Sample Exchange with more than 35000+ downloads for his API scripts. He has been speaker at International conferences such as VMworld Europe, USA, Singapore & was designated VMworld 2018 blogger as well. He was the lead technical reviewer of the two books “vSphere design” and “VMware virtual SAN essentials” by packt publishing.
In addition, he is passionate cricketer, enjoys bicycle riding, learning about fitness/nutrition and one day aspire to be an Ironman 70.3