Complete el procedimiento de configuración en NSX-T Data Center para que CVX se pueda agregar como punto de implementación en NSX-T Data Center y NSX-T Data Center pueda interactuar con CVX.

Requisitos previos

Obtenga la dirección IP virtual del clúster de Arista CVX.

Procedimiento

  1. Inicie sesión en NSX Manager como usuario raíz y ejecute el siguiente comando para recuperar la huella digital de CVX:
    openssl s_client -connect <virtual IP address of CVX cluster> | openssl x509 -noout -fingerprint -sha256
    Resultados de muestra:
    depth=0 CN = self.signed
    verify error:num=18:self signed certificate
    verify return:1
    depth=0 CN = self.signed
    verify return:1
    SHA256 Fingerprint=35:C1:42:BC:7A:2A:57:46:E8:72:F4:C8:B8:31:E3:13:5F:41:95:EF:D8:1E:E9:3D:F0:CC:3B:09:A2:FE:22:DE
  2. Edite la huella digital recuperada para utilizar solo caracteres en minúscula y excluir los dos puntos de la huella digital.
    Muestra de la huella digital editada para CVX:
    35c142bc7a2a5746e872f4c8b831e3135f4195efd81ee93df0cc3b09a2fe22de
  3. Llame a la API PATCH /policy/api/v1/infra/sites/default/enforcement-points y use la huella digital de CVX para crear un endpoint de aplicación para CVX. Por ejemplo:
    PATCH https://<nsx-manager>/policy/api/v1/infra/sites/default/enforcement-points/cvx-default-ep
    {
    "auto_enforce": "false",
    "connection_info": {
    "enforcement_point_address": "<IP address of CVX>",
    "resource_type": "CvxConnectionInfo",
    "username": "cvpadmin",
    "password": "1q2w3e4rT",
    "thumbprint": "65a9785e88b784f54269e908175ada662be55f156a2dc5f3a1b0c339cea5e343"
    }
    }
    
  4. Llame a la API GET /policy/api/v1/infra/sites/default/enforcement-points para recuperar la información del endpoint. Por ejemplo:
    https://<nsx-manager>/policy/api/v1/infra/sites/default/enforcement-points/cvx-default-ep
    {
    "auto_enforce": "false",
    "connection_info": {
    "enforcement_point_address": "<IP address of CVX>",
    "resource_type": "CvxConnectionInfo",
    "username": "admin",
    "password": "1q2w3e4rT",
    "thumbprint": "35c142bc7a2a5746e872f4c8b831e3135f4195efd81ee93df0cc3b09a2fe22de"
    }
    }
    Resultados de muestra:
    {
      "connection_info": {
        "thumbprint": "35c142bc7a2a5746e872f4c8b831e3135f4195efd81ee93df0cc3b09a2fe22de",
        "enforcement_point_address": "192.168.2.198",
        "resource_type": "CvxConnectionInfo"
      },
      "auto_enforce": false,
      "resource_type": "EnforcementPoint",
      "id": "cvx-default-ep",
      "display_name": "cvx-default-ep",
      "path": "/infra/sites/default/enforcement-points/cvx-default-ep",
      "relative_path": "cvx-default-ep",
      "parent_path": "/infra/sites/default",
      "marked_for_delete": false,
      "_system_owned": false,
      "_create_user": "admin",
      "_create_time": 1564036461953,
      "_last_modified_user": "admin",
      "_last_modified_time": 1564036461953,
      "_protection": "NOT_PROTECTED",
      "_revision": 0
    } 
  5. Llame a la API POST /api/v1/notification-watchers/ y utilice la huella digital de CVX para crear un identificador de notificación. Por ejemplo:
    POST https://<nsx-manager>/api/v1/notification-watchers/
    {
    "server": "<virtual IP address of CVX cluster>",
    "method": "POST",
    "uri": "/pcs/v1/nsgroup/notification",
    "use_https": true,
    "certificate_sha256_thumbprint": "35c142bc7a2a5746e872f4c8b831e3135f4195efd81ee93df0cc3b09a2fe22de",
    "authentication_scheme": {
    "scheme_name":"BASIC_AUTH",
    "username":"cvpadmin",
    "password":"1q2w3e4rT"
    }
    }
    
  6. Llame a GET /api/v1/notification-watchers/ para recuperar el identificador de notificación.
    Resultados de muestra:
    {
      "id": "a0286cb6-de4d-41de-99a0-294465345b80",
      "server": "192.168.2.198",
      "port": 443,
      "use_https": true,
      "certificate_sha256_thumbprint": "35c142bc7a2a5746e872f4c8b831e3135f4195efd81ee93df0cc3b09a2fe22de",
      "method": "POST",
      "uri": "/pcs/v1/nsgroup/notification",
      "authentication_scheme": {
        "scheme_name": "BASIC_AUTH",
        "username": "cvpadmin"
      },
      "send_timeout": 30,
      "max_send_uri_count": 5000,
      "resource_type": "NotificationWatcher",
      "display_name": "a0286cb6-de4d-41de-99a0-294465345b80",
      "_create_user": "admin",
      "_create_time": 1564038044780,
      "_last_modified_user": "admin",
      "_last_modified_time": 1564038044780,
      "_system_owned": false,
      "_protection": "NOT_PROTECTED",
      "_revision": 0
    }
  7. Llame a la API PATCH /policy/api/v1/infra/domains/default/domain-deployment-maps/cvx-default-dmap para crear un mapa de implementación de dominio de CVX. Por ejemplo:
    PATCH https://<nsx-manager>/policy/api/v1/infra/domains/default/domain-deployment-maps/cvx-default-dmap
    {
    
    "display_name": "cvx-deployment-map",
    
    "id": "cvx-default-dmap",
    
    "enforcement_point_path": "/infra/sites/default/enforcement-points/cvx-default-ep"
    
    }
    
  8. Llame a la API GET /policy/api/v1/infra/domains/default/domain-deployment-maps para recuperar la información del mapa de implementación.