APIs

Building an SDDC with the VMware Cloud APIs using Postman

Overview

In previous posts, I showed how to setup the authentication for the VMware Cloud REST API using Postman and validate the authentication request.  We can now build a production SDDC from the API.  This will be a multi-step process, including finding the account-linking url, running the AWS CloudFormation Template, finding the the compatible VPC and subnets, and deploying the Software Defined Data Center (SDDC).  I have documented the required API calls to find the required information in several pages, and will refer to them as needed. 

Desired End State

Deploy a VMC on AWS SDDC with the following parameters:

  • AWS us-west-2 region
  • Deployed in usw-az3
  • The “Connected VPC” AWS Account is <REDACTED>
    • Connected VPC is 172.17.0.0/16 and the VPC and subnets are already built
  • Management CIDR Network should be set to 10.98.0.0/16
Desired end state

This post will assume that a Postman Environment and Collection is configured, and that the Login request is already configured. An access token is only valid for 30 minutes, so you may need to reauthenticate several times throughout the following process. 

1. Login to Generate a new access token

a.  Open the previously configured VMware Cloud Services Login request and click Send

2. Get the Organizations I am Assigned to

Query what organizations an access token has access to in order to find the organization ID.  Also referred to here
a.  Click on collections
b.  Select the Collection
c.  Right click and select Add Request
Create a request
a.  Name the Request
b.  Add the url as a GET request:  https://vmc.vmware.com/vmc/api/orgs
c.  Click Send
d.  Note the “id” in the JSON response and copy it.
Get organizations
a.  Select Environments on the left side
b.  Select the environment set
c.  Name a new variable as org_id
d.  paste the “id” from above into the current value field
e.  Click Save

3. Get and run the Account Linking URL

Add an Environmental Variable

Prerequisite:  login to the AWS console of the AWS Account you wish to link to VMware Cloud on AWS.   More info on the account-link API request can be found here.

a.  Add a new request to the collection
b.  Name the request
c.  Add the url as a GET request:  https://vmc.vmware.com/vmc/api/orgs/:org/account-link 
d.  Set the path variable “org” to {{org_id}} (this will pull the global org_id variable)
e.  Click Save
f.  Click Send
Copy the “template_execution_url
Get Account Linking URL
a.  Paste the URL into a browser
b.  Acknowledge the IAM warning
c.  Click Create Stack.
Create Stack

Wait for the stack to complete before continuing.  this will take ~2-5 minutes. 

Stack Create Complete

4. Get the Connected Account ID

The AWS Account ID is referenced in the VMC API but the variable we need to continue is different than the AWS Account ID. More information on the Get Connected Accounts API request can be found here

a.  Add a new request to the collection
b.  Name the request
c,  Add a url as a GET request:  https://vmc.vmware.com/vmc/api/orgs/:org/account-link/connected-accounts
d.  Set the path variable “org” to {{org_id}}
e.  Click Save
f.  Click Send
g.  In the JSON response, search for your AWS account number
h.  In the JSON section for the AWS account number, note and copy the “id” key. 
Get connected accounts
a.  Add and set environmental variables for
      i.  aws_region:  See Regions and Zones (AWS)
      ii.  vmw_aws_AccountID (from “id” above)

5. Get the Compatible Subnets

Now that we have the AWS Account ID, we can query the AWS subnets required to configure the ENI. More information on the Get Compatible Subnets API request can be found here.  

a.  The environmental variables have been added above
b.  Add a new request to the collection
c.  Name the Request
d.  Add a url as a GET request:  https://vmc.vmware.com/vmc/api/orgs/:org/account-link/compatible-subnets?linkedAccountId={{linkedAccountId}}&region={{region}}
e.  Set the path variable “org” to {{org_id}}
f.  Set the query param linkedAccountID to {{vmw_aws_AccountID}} and region to {{aws_region}}
g.  Click Save
h.  Click Send
i.  Search the JSON response for the VPC CIDR and find the corresponding subnet with the “availability_zone_id” as usw2-az3
j.  Copy the “subnet_id
Get compatible subnets
a.  Add and set environmental variables for
      i.  aws_subnet_ID:  (from “subnet_id” above)

We now have all of the required information in order to provision an SDDC

6. Create an SDDC

Provisioning the SDDC takes about ~2 hours.  A one-node SDDC does not require the VPC account linking process, but a production SDDC does require this to be configured. 

a.  Add the following environmental variables
      i.  vmw_mgmt_cidr:  From above, 10.98.0.0/16
b.  Add a new request to the collection
c.  Name the Request
d.  Add a url as a PUT request:  https://vmc.vmware.com/vmc/api/orgs/:org/sddcs
e.  Set the path variable “org” to {{org_id}}
g.  Click Save
Create SDDC
a.  add the JSON Body
Create SDDC request body
"name": "NAME THE SDDC",
"account_link_sddc_config":
[
{
"customer_subnet_ids":
[
"{{aws_subnet_id}}"
],
"connected_account_id": "{{vmw_aws_AccountID}}"
}
],
"provider": "AWS",
"num_hosts": 3,
"region": "{{aws_region}}",
"deployment_type": "SingleAZ",
"host_instance_type": "i3.metal",
"vpc_cidr": "{{vmw_mgmt_cidr}}"
}
a.  Click Save
b.  Click Send
create sddc response
SDDC building in the UI

Conclusion

If successful, the JSON response will return the sddcConfig, which is useful to see all of the other components that may be configurable based on the VMware API reference to create an SDDC.  The SDDC provisioning process takes about 90 minutes, after which we will be able to configure the networking components, change the SDDC parameters, and much much more.  Additionally, I now have a documented, reproducible request we can use for future SDDC builds.