Add a vSphere Cloud Account

To create a vSphere cloud account, you make a POST request. The request body includes the parameters specific to vSphere that are required to create the cloud account.

The following procedure shows how to create a vSphere cloud account that supports a trusted certificate. To obtain a trusted certificate, you submit a request to validate asynchronously with the vSphere cloud account specification. When the validation request completes successfully, you use the certificate ID from the response to obtain the trusted certificate that you submit when you create the vSphere cloud account.

Prerequisites

Verify that all general prerequisites and prerequisites for the Automation Assembler Infrastructure as a Service (IaaS) service have been satisfied. See Prerequisites for API Use Case Examples.
Verify that you have the following parameters for the new cloud account:
- vSphere host name
- vSphere user name
- vSphere password

Verify that you have an existing vSphere, NSX-T, NSX-V, or VMC cloud account that you want to associate with the new cloud account and obtain the cloud account ID.

List all cloud accounts.

curl -X GET $url/iaas/api/cloud-accounts?apiVersion=$api_version -H 'Content-Type: application/json' -H "Authorization: Bearer $access_token"  | jq "."

Examine the response to obtain the cloud account ID such as the id value in this example.

...
      "name": "vsphere-account-example",
      "id": "b9fa1b42c767de7558ceff3b78004",
      "updatedAt": "2022-04-02",
      "orgId": "f670fdfc-66d6-4689-9793-d524e7066d1e",
...

Procedure

List all cloud proxies.

curl -X GET -H 'Content-Type: application/json' -H "Authorization: Bearer $access_token" "$url/iaas/api/data-collectors?apiVersion=$api_version" | jq "."

To obtain the data collector ID, examine the response.

Assign the data collector ID variable.

data_collector_id='<your_datacollector_id>'

Assign the vSphere account variables.

vsphere_host_name='<your_vsphere_host_name>'
vsphere_user='<your_vsphere_user_name>'
vsphere_password='<your_vsphere_password>'

List external region IDs from a vSphere cloud account.

curl -X POST \
  "$url/iaas/api/cloud-accounts-vsphere/region-enumeration?apiVersion=$api_version" \
  -H 'Content-Type: application/json' \
  -H "Authorization: Bearer $access_token" \
  -d '{
  "cloudAccountType": "vsphere",
  "username": "'$vsphere_user'",
  "password": "'$vsphere_password'",
  "hostName": "'$vsphere_host_name'",
  "dcid": "'$data_collector_id'",
  "acceptSelfSignedCertificate": "false"
}' | jq "."

To obtain the external region ID, examine the response and assign the region ID variable.
```
vsphere_region_id='<your_vsphere_region_id>'
```

Submit a request to validate asynchronously with the vSphere cloud account specification.

curl -X POST -H 'Content-Type: application/json' -H "Authorization: Bearer $access_token" "$url/iaas/api/cloud-accounts-vsphere?apiVersion=$api_version&validateOnly" | jq "."

The response includes a selfLink.

{
  "progress": 0,
  "status": "INPROGRESS",
  "name": "Cloud account specification validation",
  "id": "example-selfLink-alphanumeric-string",
  "selfLink": "/iaas/api/request-tracker/example-selfLink-alphanumeric-string"
}

Assign the selfLink variable.

selfLink_id='example-selfLink-alphanumeric-string'

Use the selfLink variable to track the request.

curl -X GET -H 'Content-Type: application/json' -H "Authorization: Bearer $access_token" "$url/iaas/api/request-tracker/$selfLink_id?apiVersion=$api_version" | jq "."

When the validation request completes successfully, the response includes a resource with the certificate ID.

{
  "progress": 0,
  "message": "valid certificate found",
  "status": "SUCCEEDED",
  "resources": [
      "/iaas/api/certificates/example-certificate-id-string"
  ],
  "name": "Cloud account specification validation",
  "id": "example-selfLink-alphanumeric-string",
  "selfLink": "/iaas/api/request-tracker/example-selfLink-alphanumeric-string"
}

Assign the certificate ID variable.

certificate_id='example-certificate-id-string'

Submit a request to get the certificate information.

PEM_for_X509Certificate='curl -X GET -H 'Content-Type: application/json' -H "Authorization: Bearer $access_token" "$url/iaas/api/certificates/$certificate_id?apiVersion=$api_version" | jq "."'

Assign the ID of the existing cloud account to associate with the new cloud account.
```
existing_cloud_account_ID='<your_existing_cloud_account_ID>'
```

Include the certificate in the request to create a vSphere cloud account with default cloud zones.

To create a vSphere cloud account without default cloud zones, use "createDefaultZones":false.

curl -X POST \
  "$url/iaas/api/cloud-accounts-vpshere?apiVersion=$api_version" \
  -H 'Content-Type: application/json' \
  -H "Authorization: Bearer $access_token" \
  -d '{
    "name": "demo-vsphere-account",
    "description": "This is a demo vSphere account with default cloud zones",
    "username": "'$vsphere_user'",
    "password": "'$vsphere_password'",
    "hostName": "'$vsphere_host_name'",
    "acceptSelfSignedCertificate":false,
    "associatedCloudAccountIds": "'$existing_cloud_account_ID'",
    "createDefaultZones":true,
    "dcId": "'$data_collector_id'",
    "regions":[
      {
         "name": "'$vsphere_region_id'", 
         "ExternalRegionId":"'$vsphere_region_id'"
      }
    ],
    "tags": [
      {
        "key": "env",
        "value": "dev"
      }
    ],
    "certificateInfo":{
       "certificate": "'$PEM_for_X509Certificate'"
       }
}' | jq "."

Note: The following example shows how to create a vSphere cloud account with multiple cloud account IDs. However, the payload can only include a single NSX-P-Cloud endpoint and a single VMC endpoint.

"associatedCloudAccountIds": "[\"'$existing_NSXT_cloud_account_ID'\", \"'$existing_VMC_cloud_account_ID'\", \"'$existing_vSphere_cloud_account_ID'\"]",

List all cloud accounts.

curl -X GET $url/iaas/api/cloud-accounts?apiVersion=$api_version -H 'Content-Type: application/json' -H "Authorization: Bearer $access_token" | jq "."

Examine the response and verify that the name and ID of the vSphere cloud account you created is listed.

Example: Create a vSphere Cloud Account

This example creates a cloud account with default cloud zones.

Assign the required variables.

$ url='https://appliance.domain.com'
$ api_version='2021-07-15'

List all cloud proxies.

$ curl -X GET -H 'Content-Type: application/json' -H "Authorization: Bearer $access_token" "$url/iaas/api/data-collectors?apiVersion=$api_version" | jq "."

A snippet of the response from your request shows the data collector IDs.

...          
      {
      "dcId": "60740040-f3cd-4694-96da-15e547242bf7",
      "ipAddress": "10.108.78.154",
      "name": "example-prod-corp-rdc",
      "hostName": "corp-v783-dhcp-79-85.eng.mycompany.com",
      "status": "ACTIVE"
    },
...

Assign the data collector ID variable.

$ data_collector_id='60740040-f3cd-4694-96da-15e547242bf7'

Assign the vSphere account variables.

$ vsphere_host_name='corp-v783-dhcp-79-85.eng.mycompany.com'
$ vsphere_user='[email protected]'
$ vsphere_password='my_vsphere_password'

List external region IDs from your vSphere cloud account.

$ curl -X POST \
  "$url/iaas/api/cloud-accounts-vsphere/region-enumeration?apiVersion=$api_version" \
  -H 'Content-Type: application/json' \
  -H "Authorization: Bearer $access_token" \
  -d '{
  "cloudAccountType": "vsphere",
  "username": "'$vsphere_user'",
  "password": "'$vsphere_password'",
  "hostName": "'$vsphere_host_name'",
  "dcid": "'$data_collector_id'",
  "acceptSelfSignedCertificate": "false"
}' | jq "."

A snippet of the response shows the region ID to use.

...
{
  "externalRegionIds": [
    "Datacenter:datacenter-2"
  ]
}
...

Assign the region ID variable.

$ vsphere_region_id='Datacenter:datacenter-2'

Submit request to validate asynchronously with the vSphere cloud account specification.

$ curl -X POST -H 'Content-Type: application/json' -H "Authorization: Bearer $access_token" "$url/iaas/api/cloud-accounts-vsphere?apiVersion=$api_version&validateOnly" | jq "."

A snippet of the response shows the selfLink.

{
  "progress": 0,
  "status": "INPROGRESS",
  "name": "Cloud account specification validation",
  "id": "bcdee18-a77d-46f8-b068-4013e80e2b55",
  "selfLink": "/.../request-tracker/bbcdee18-a77d-46f8-b068-4013e80e2b55"
}

Assign the selfLink variable.

$ selfLink_id='bbcdee18-a77d-46f8-b068-4013e80e2b55'

Submit a request to track the request with the selfLink.

$ curl -X GET -H 'Content-Type: application/json' -H "Authorization: Bearer $access_token" "$url/iaas/api/request-tracker/$selfLink_id?apiVersion=$api_version | jq "."

When the request succeeds, the response shows the resource with the certificate ID.

{
  "progress": 0,
  "message": "valid certification path to requested target found",
  "status": "SUCCEEDED",
  "resources": [
      "/iaas/api/certificates/7fe4c108-64ff-4347-92de-b0790bda1a3c?apiversion=2021-07-15"
  ],
  "name": "Cloud account specification validation",
  "id": "bbcdee18-a77d-46f8-b068-4013e80e2b55",
  "selfLink": "/iaas/api/request-tracker/bbcdee18-a77d-46f8-b068-4013e80e2b55"
}

Assign the certificate ID variable.

$ certificate_id='7fe4c108-64ff-4347-92de-b0790bda1a3c'

To get certficate information, submit a request with the certificate ID.

$ PEM_for_X509Certificate='curl -X GET -H 'Content-Type: application/json' -H "Authorization: Bearer $access_token" "$url/iaas/api/certificates/$certificate_id?apiVersion=$api_version" | jq "."'

Assign the ID of the existing cloud account to associate with the new cloud account.

$ existing_cloud_account_id ='b9fa1b42c767de7558ceff3b78004'

Create a cloud account named demo-vsphere-account with default cloud zones.

$ curl -X POST \
  "$url/iaas/api/cloud-accounts-vpshere?apiVersion=$api_version" \
  -H 'Content-Type: application/json' \
  -H "Authorization: Bearer $access_token" \
  -d '{
    "name": "demo-vsphere-account",
    "description": "This is a demo vSphere account with default cloud zones",
    "username": "'$vsphere_user'",
    "password": "'$vsphere_password'",
    "hostName": "'$vsphere_host_name'",
    "acceptSelfSignedCertificate":false,
    "associatedCloudAccountIds": "'$existing_cloud_account_id'",
    "createDefaultZones":true,
    "dcId": "'$data_collector_id'",
    "regions":[
      {
         "name": "'$vsphere_region_id'", 
         "ExternalRegionId":"'$vsphere_region_id'"
      }
    ],
    "tags": [
      {
        "key": "env",
        "value": "dev"
      }
    ],
    "certificateInfo":{
       "certificate": "'$PEM_for_X509Certificate'"
       }
}' | jq "."

A snippet of the response from your request shows the account ID.

...            
      "tags": [],
      "name": "demo-vsphere-account",
      "id": "515684ccebafde75-7f703c5265a63d87-e78aab87e9c8d5cd4cd1da1a285403f0f4e77a5240720d093e147b830b172542-23b5c527d7083675572f5099a8da0",
      "updatedAt": "2022-04-02",
      "organizationId": "8327d53f-91ea-420a-8613-ba8f3149db95",
      "orgId": "8327d53f-91ea-420a-8613-ba8f3149db95",
...