PowervRNI 1.7: What's New?
Version 1.7 of PowervRNI was released yesterday, and this post covers what's new in this version. If you're not familiar with PowervRNI, it is a PowerShell module that you can use to manage vRealize Network Insight. From adding data sources & applications, to retrieve data from it, such a network flows, PowervRNI covers most of the public API endpoints of Network Insight.
What's New?
A bunch! First off, it has been updated to support the new data sources and API calls that have been added in Network Insight 5.0. Second, I've added a few backlog items. I'll go through the changes below.
Data Sources
New: Update-vRNIDataSource
Let's start with a good one. PowervRNI had to ability to add and remove data sources, but not edit them. Update-vRNIDataSource adds the possibility to update one or multiple data sources by updating their Nickname, Notes, or, most importantly, their Username and Password details. Imaging updating the login credentials of 52 switches, all at once. This example does just that:
PS > Get-vRNIDataSource -DataSourceType ciscoswitch | Update-vRNIDataSource -Username readonly -Password secret
New Data Sources
Version 1. 7 adds support for the new data sources: Azure, VeloCloud, FortiManager, and Generic Router/Switch devices (UANI). Here are a few examples:
Adding a VeloCloud Orchestrator
PS > New-vRNIDataSource -DataSourceType velocloud -Username vrni@vrni.cmbu.local -Password password -CollectorVMId $collectorId -Nickname VeloCloud -FDQN vcoxx.velocloud.net
entity_id : 10771:962:1907704854791059140
entity_type : VeloCloudDataSource
fqdn : vcoxx.velocloud.net
proxy_id : 10771:901:8169725906866024439
nickname : VeloCloud
enabled : True
credentials : @{username=vrni@vrni.cmbu.local; password=}
Adding an Azure subscription
PS > New-vRNIDataSource -DataSourceType azure -CollectorVMId $collectorId -Nickname Azure-TenantID xxx-xxx-xxx-xxx -ApplicationID xxx-xxx-xxx-xxx -SecretKey secret -SubscriptionID xxx-xxx-xxx-xxx
entity_id : 10771:966:6062894549792355656
entity_type : AzureDataSource
proxy_id : 10771:901:8169725906866024439
nickname : Azure-Dev
enabled : True
credentials : @{azure_client=xxx-xxx-xxx-xxx; azure_tenant=xxx-xxx-xxx-xxx; azure_subscription=xxx-xxx-xxx-xxx}
flows_enabled : True
Adding a Generic Switch/Router device
PS > New-vRNIDataSource -DataSourceType generic-device -CollectorVMId $collectorId -IP 10.0.0.1 -Nickname gw1
entity_id : 10771:963:7000486714130462696
entity_type : GenericSwitchDataSource
ip : 10.0.0.1
proxy_id : 10771:901:8169725906866024439
Uploading the Generic Switch/Router ZIP file with CSVs
PS > Get-vRNIDataSource -DataSourceType generic-device | where {$_.nickname -eq "gw1"} | Update-vRNIDataSourceData -Zipfile ~/new-gw1-csv.zip
entity_id : 10771:963:1592443492322905846
entity_type : GenericSwitchDataSource
ip : 10.0.0.1
proxy_id : 10771:901:8169725906866024439
nickname : gw1
enabled : True
Adding Kubernetes and OpenShift clusters has also been fixed, by using the contents of your KubeConfig:
PS > $nsxtId = (Get-vRNIDataSource -DatasourceType nsxt | Where {$_.nickname -eq "my-nsxt-manager"} | Select -ExpandProperty id)
PS > $collectorId = (Get-vRNINodes | Where {$_.ip_address -eq "10.0.0.11"} | Select -ExpandProperty id)
PS > $kubeconfig = (Get-Content ~/.kube/config | Out-String)
PS > New-vRNIDataSource -DataSourceType kubernetes -Nickname k8s-cluster-1 -CollectorVMId $collectorId -NSXTManagerID $nsxtId -KubeConfig $kubeconfig
F5 Load Balancer support has been fixed. The API in 4.2 didn't work, as the data source had a different entity type.
PS > New-vRNIDataSource -DataSourceType f5-bigip -Username admin -Password password -CollectorVMId $collectorId -Nickname F5 -FDQN f5.lab.local
entity_id : 10771:952:7880684499039039792
entity_type : F5BIGIPDataSource
fqdn : f5.lab.local
proxy_id : 10771:901:8169725906866024439
nickname : F5
enabled : True
credentials : @{username=admin}
Setting NSX-v Controller Passwords
Network Insight collects routing information from the NSX-v controllers. To do so, it needs the password to log in to those controllers. I've added a new cmdlet called Update-vRNINSXvControllerPassword to do this:
PS > Get-vRNIDataSource -DatasourceType nsxv | Update-vRNINSXvControllerClusterPassword -Password secret
Support for NSX-v and NSX-T Virtual Infra Latency
From NSX-v 6.4.5+ and NSX-T 2.5+ - NSX can stream telemetry on latency between VTEPs, physical and virtual NICs. NSX is configured by Network Insight and the new -NSXEnableLatency $True parameter on New-vRNIDataSource, will do that when adding the NSX Manager as a data source. Example:
PS > New-vRNIDataSource -DataSourceType nsxv -NSXEnableLatency $True -FDQN mgr.nsx.local -Username admin -Password secret -Nickname mgr.nsx.local -CollectorVMId $collectorId -Enabled $True -NSXEnableCentralCLI $True -NSXEnableIPFIX $True -NSXvCenterID $vcId
A better experience with Connect-vRNIServer
Before 1.7, when connecting with LDAP/Active Directory credentials, the Connect-vRNIServer cmdlet looked as following:
Connect-vRNIServer -Server platform -Username martijn@ld.local -Domain ld.local -Password secret
Maybe you've noticed the domain name is mentioned twice, both in the Username and Domain values. This was mostly due to the input that the vRNI API requires. It's a small change, but now, PowervRNI now detects the usage of a non-local domain and allow you to omit the Domain parameter.
Connect-vRNIServer -Server platform -Username martijn@ld.local -Password secret
If you have local vRNI accounts with domains other than local, you can make sure it authenticates locally by still adding the parameters: -Domain LOCAL, *or* -UseLocalAuth.
Get-vRNIKubernetesServices
Network Insight can pull Kubernetes information (services, namespaces, clusters, nodes, etc.) and the networking details behind these containers. But, there's only 1 public API added to retrieve information, and it's to retrieve a list of the Kubernetes services:
PS > Get-vRNIKubernetesServices -Limit 1
entity_id : 10771:1504:7006772991589105315
name : metrics-server
entity_type : KubernetesService
vendor_id : c88a10d1-e04c-11e9-a348-0050569525d5
annotations : {kubectl.kubernetes.io/last-applied-configuration}
labels : {kubernetes.io/name}
creation_timestamp : 09/26/2019 10:59:59
namespace : @{entity_id=10771:1503:2077432250506315584}
cluster_ip : @{ip_address=10.100.200.71;netmask=255.255.255.255; network_address=10.100.200.71/32}
loadbalancer_ip : @{ip_address=; netmask=; network_address=}
type : ClusterIP
external_ips : {}
selectors : {k8s-app}
Set-vRNIUserPassword
Network Insight 5.0 also added a new API endpoint to manage passwords of local users. The new cmdlet Set-vRNIUserPassword allows you to change your own password, or as an administrator; change passwords of all users.
PS > Set-vRNIUserPassword -Username admin@local -NewPassword newpassword
or
PS > Set-vRNIUserPassword -Username test@local.corp
PowerShell credential request
Input the new password
Password for user test@local.corp: ********
Other things
- Fixed adding Huawei switches as data sources by using the new DataSourceType in vRNI 5.0.
- Fixed returning multiple entities with the same name (e.g. same VM names with Get-vRNIVM)