NSX is the Network and Security software from VMware that enables a virtual cloud network to connect and protect applications across data centers, multi-clouds, bare metal, and container infrastructures. VMware NSX Data Center delivers a complete L2-L7 networking and security virtualization platform — providing agility, automation, and dramatic cost savings that come with a software-only solution.
OpenNebula can manage NSX-V and NSX-T logical switches in the following ways:
- Creating new logical switches into existing Transport Zones.
- Importing logical switches from imported vCenter clusters.
- Deleting logical switches created or imported into OpenNebula.
- Attaching logical switches, created or imported, to VMs.
- Detaching logical switches, created or imported to VMs.
The NSX appliance must be deployed with only one IP Address. OpenNebula installation must be able to connect to NSX Manager with the needed credentials.
At least one controller node must be deployed.
All ESXi of the cluster must be prepared for NSX.
At least one transport zone must be created.
It is not mandatory to have any logical switch before start using opennebula NSX-V integration, but is recommendable to test that logical switches are working properly, creating a logical switch from vCenter into a Transport Zone, and attaching it into two VMs to test that overlay network is working.
NSX Driver Limitations¶
- Cannot create/modify/delete Transport Zones
- All parameters are not available when creating Logical Switches
- Universal Logical Switches are not supported
- Only support one NSX Manager per vCenter Server
- The process of preparing a NSX cluster must be done from NSX Manager
- Imported networks work with vcenter id instead of nsx id
Adding NSX Manager into OpenNebula¶
This is a semi-automatic process. When vCenter is connected to a NSX Manager, OpenNebula in the next monitoring execution will detect it and a new tab called “NSX” will show in the UI allowing the configuration of the credentials (User and Password) needed to connect to NSX Manager. The same process is applied when importing a new vcenter cluster that is prepared to work with NSX-V or NSX-T.
This section details how to configure OpenNebula to start working with NSX, doing the complete process ranging from importing a vCenter Cluster to checking that OpenNebula gets NSX information correctly
Adding vCenter cluster into OpenNebula¶
The first step is to add a ESXi cluster to OpenNebula, this cluster must have all the requirements to work with NSX-V or NSX-T. You can add the cluster in two ways, as usual:
Import from Sunstone¶
Import from CLI:¶
onevcenter hosts --vcenter <vcenter_fqdn> --vuser <vcenter_user> --vpass <vcenter_password>
Once a vCenter cluster is imported into OpenNebula, two hooks are created:
For more information about list, create and delete these vCenter hooks go to vCenter Hooks.
Check NSX Manager autodiscovered attributes¶
After a vCenter cluster is imported and monitor cycle finalises, the NSX Manager registered for that cluster is detected. You can read that information going to:
Infrastructure > Hosts
And clicking on the desired OpenNebula Host, the following information is available under Attributes section
In particular the following attributes are retrieved:
- NSX_MANAGER: Containing the url for that NSX Manager
- NSX_TYPE: Indicating if it’s NSX-V or NSX-T
- NSX_VERSION: Version of that NSX Manager
- NSX_STATUS: Describing the status of the last nsx manager check
You have a more detailed explanation of these parameters in the NSX attributes section.
Setting NSX Manager Credentials¶
Once a vCenter cluster is imported as an OpenNebula Host, the next step is to introduce the NSX credentials. A new tab called “NSX” is showing now into the Host:
Infrastructure > Hosts
After clicking on the relevant host:
Click on NSX tab and introduce NSX credentials:
And click on Submit, after which credentials are validated against NSX Manager.
- If the credentials are valid a message is shown and credentials are saved.
- If the credentials are invalid an error is shown
Now NSX credentials are saved in two new attributes:
- NSX_USER: NSX Manager user
- NSX_PASSWORD: NSX Manager Encrypted password
Remind that Transport Zones cannot be created from OpenNebula and it’s a requirement having them created. However, adding Transport Zones in NSX Manager is supported, OpenNebula will detect them after the following monitor cycle.
Checking NSX Status¶
To check NSX status, proceed to:
Infrastructure > Hosts
And click on desired host and look into “Attributes” section
If everything works properly the next two attributes will show up:
- NSX_STATUS = OK
- NSX_TRANSPORT_ZONES = Containing the Transport zones availables.
NSX non editable attributes¶
These attributes are autodiscovered and they cannot be modified manually.
|NSX_LABEL||STRING||“NSX - Manager” | “NSX-T Manager”||Label for NSX Manager type|
|NSX_MANAGER||STRING||URL of endpoint||Endpoint containing the NSX Manager URL. OpenNebula must reach that url to send commands|
|NSX_STATUS||STRING||Possible values are:||Describe the latest NSX status|
|OK||NSX_USER and NSX_PASSWORD are correct and a validation query has been made successfully|
|Missing NSX_USER||Attribute NSX_USER is not configured|
|Missing NSX_PASSWORD||Attribute NSX_PASSWORD is not configured|
|Missing NSX_TYPE||Attribute NSX_TYPE has not been discovered|
|Missing NSX_MANAGER||Attribute NSX_MANAGER has not been discovered|
|Response code incorrect||Validation query had a bad response, usually is due to an invalid user or password|
|Error connecting to NSX_MANAGER||NSX_MANAGER has an incorrect IP or there is a problem to communicate with NSX Manager|
|NSX_TRANSPORT_ZONES||HASH_ARRAY||[TZ_NAME => TZ_ID, ...]||List with all the Transport Zones detected|
|NSX_TYPE||STRING||Determine if is a NSX-V or NSX-T installation|
|NSX_VERSION||STRING||NSX Installed version|
NSX editable attributes¶
These parameters have to be introduced manually from NSX tab
|NSX_USER||STRING||YES||NSX Manager user|
|NSX_PASSWORD||STRING||YES||NSX Manager password|