在 NSX-T Data Center 上完成相应的配置过程,以便可以将 CVX 添加为 NSX-T Data Center 中的实施点,并且 NSX-T Data Center 能够与 CVX 进行交互。
前提条件
获取 Arista CVX 集群的虚拟 IP 地址。
过程
- 以 root 用户身份登录到 NSX Manager,然后运行以下命令以检索 CVX 的指纹:
openssl s_client -connect <virtual IP address of CVX cluster> | openssl x509 -noout -fingerprint -sha256
示例输出:depth=0 CN = self.signed verify error:num=18:self signed certificate verify return:1 depth=0 CN = self.signed verify return:1 SHA256 Fingerprint=35:C1:42:BC:7A:2A:57:46:E8:72:F4:C8:B8:31:E3:13:5F:41:95:EF:D8:1E:E9:3D:F0:CC:3B:09:A2:FE:22:DE
- 编辑检索到的指纹,以仅使用小写字符并排除指纹中的任何冒号。
编辑后的 CVX 指纹的示例:
35c142bc7a2a5746e872f4c8b831e3135f4195efd81ee93df0cc3b09a2fe22de
- 调用
PATCH /policy/api/v1/infra/sites/default/enforcement-pointsAPI 并使用 CVX 指纹为 CVX 创建一个实施端点。例如:PATCH https://<nsx-manager>/policy/api/v1/infra/sites/default/enforcement-points/cvx-default-ep { "auto_enforce": "false", "connection_info": { "enforcement_point_address": "<IP address of CVX>", "resource_type": "CvxConnectionInfo", "username": "cvpadmin", "password": "1q2w3e4rT", "thumbprint": "65a9785e88b784f54269e908175ada662be55f156a2dc5f3a1b0c339cea5e343" } } - 调用
GET /policy/api/v1/infra/sites/default/enforcement-pointsAPI 以检索该端点信息。例如:https://<nsx-manager>/policy/api/v1/infra/sites/default/enforcement-points/cvx-default-ep { "auto_enforce": "false", "connection_info": { "enforcement_point_address": "<IP address of CVX>", "resource_type": "CvxConnectionInfo", "username": "admin", "password": "1q2w3e4rT", "thumbprint": "35c142bc7a2a5746e872f4c8b831e3135f4195efd81ee93df0cc3b09a2fe22de" } }示例输出:{ "connection_info": { "thumbprint": "35c142bc7a2a5746e872f4c8b831e3135f4195efd81ee93df0cc3b09a2fe22de", "enforcement_point_address": "192.168.2.198", "resource_type": "CvxConnectionInfo" }, "auto_enforce": false, "resource_type": "EnforcementPoint", "id": "cvx-default-ep", "display_name": "cvx-default-ep", "path": "/infra/sites/default/enforcement-points/cvx-default-ep", "relative_path": "cvx-default-ep", "parent_path": "/infra/sites/default", "marked_for_delete": false, "_system_owned": false, "_create_user": "admin", "_create_time": 1564036461953, "_last_modified_user": "admin", "_last_modified_time": 1564036461953, "_protection": "NOT_PROTECTED", "_revision": 0 } - 调用
POST /api/v1/notification-watchers/API 并使用 CVX 指纹创建一个通知 ID。例如:POST https://<nsx-manager>/api/v1/notification-watchers/ { "server": "<virtual IP address of CVX cluster>", "method": "POST", "uri": "/pcs/v1/nsgroup/notification", "use_https": true, "certificate_sha256_thumbprint": "35c142bc7a2a5746e872f4c8b831e3135f4195efd81ee93df0cc3b09a2fe22de", "authentication_scheme": { "scheme_name":"BASIC_AUTH", "username":"cvpadmin", "password":"1q2w3e4rT" } } - 调用
GET /api/v1/notification-watchers/以检索该通知 ID。示例输出:{ "id": "a0286cb6-de4d-41de-99a0-294465345b80", "server": "192.168.2.198", "port": 443, "use_https": true, "certificate_sha256_thumbprint": "35c142bc7a2a5746e872f4c8b831e3135f4195efd81ee93df0cc3b09a2fe22de", "method": "POST", "uri": "/pcs/v1/nsgroup/notification", "authentication_scheme": { "scheme_name": "BASIC_AUTH", "username": "cvpadmin" }, "send_timeout": 30, "max_send_uri_count": 5000, "resource_type": "NotificationWatcher", "display_name": "a0286cb6-de4d-41de-99a0-294465345b80", "_create_user": "admin", "_create_time": 1564038044780, "_last_modified_user": "admin", "_last_modified_time": 1564038044780, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } - 调用
PATCH /policy/api/v1/infra/domains/default/domain-deployment-maps/cvx-default-dmapAPI 以创建一个 CVX 域部署映射。例如:PATCH https://<nsx-manager>/policy/api/v1/infra/domains/default/domain-deployment-maps/cvx-default-dmap { "display_name": "cvx-deployment-map", "id": "cvx-default-dmap", "enforcement_point_path": "/infra/sites/default/enforcement-points/cvx-default-ep" } - 调用
GET /policy/api/v1/infra/domains/default/domain-deployment-mapsAPI 以检索该部署映射信息。
