voltron/PowerCLI-Example-Scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #188 from simonfangyingzhang/master

Browse Source 
update VMware.VMEncryption for vSphere 6.7
This commit is contained in:
Kyle Ruddy
2018-04-28 11:26:52 -04:00
committed by GitHub
parent bad590dbc2 95138e128f
commit 5852e5bf7f
3 changed files with 91 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
Modules/VMware.VMEncryption/README.md
View File

@@ -2,6 +2,31 @@ Prerequisites/Steps to use this module:
1. This module only works for vSphere products that support VM Encryption. E.g. vSphere 6.5 and later.
2. All the functions in this module only work for KMIP Servers.
3. Install the latest version of Powershell and PowerCLI(6.5).
3. Install the latest version of Powershell and PowerCLI.
4. Import this module by running: Import-Module -Name "location of this module"
5. Get-Command -Module "This module Name" to list all available functions.
5. Get-Command -Module "This module Name" to list all available functions.
Note:
Deprecating the below functions related to KMServer and KMSCluster from VMware.VMEncryption and using instead the ones from VMware.VimAutomation.Storage,
1, VMware.VMEncryption\Get-DefaultKMSCluster, use instead
VMware.VimAutomation.Storage\Get-KmsCluster|where {$_.UseAsDefaultKeyProvider}|foreach {$_.id}
2, VMware.VMEncryption\Get-KMSCluster, use instead
VMware.VimAutomation.Storage\Get-KmsCluster|select id
3, VMware.VMEncryption\Get-KMSClusterInfo, use instead
VMware.VimAutomation.Storage\Get-KmsCluster|foreach {$_.extensiondata}
4, VMware.VMEncryption\Get-KMServerInfo, use instead
VMware.VimAutomation.Storage\Get-KeyManagementServer|foreach {$_.extensiondata}
5, VMware.VMEncryption\New-KMServer, use instead
VMware.VimAutomation.Storage\Add-KeyManagementServer
6, VMware.VMEncryption\Remove-KMServer, use instead
VMware.VimAutomation.Storage\Remove-KeyManagementServer
7, VMware.VMEncryption\Set-DefaultKMSCluster, use instead
VMware.VimAutomation.Storage\Set-KmsCluster -UseAsDefaultKeyProvider

BIN
Modules/VMware.VMEncryption/VMware.VMEncryption.psd1
View File

Binary file not shown.

201
Modules/VMware.VMEncryption/VMware.VMEncryption.psm1
View File

@@ -1,5 +1,5 @@
# Script Module : VMware.VMEncryption
# Version : 1.0
# Version : 1.1
# Copyright © 2016 VMware, Inc. All Rights Reserved.
@@ -56,8 +56,13 @@ New-VIProperty -Name EncryptionKeyId -ObjectType VirtualMachine -Value {
New-VIProperty -Name Locked -ObjectType VirtualMachine -Value {
Param ($VM)
($vm.extensiondata.Runtime.ConnectionState -eq "invalid") -and ($vm.extensiondata.Config.KeyId)
} -BasedOnExtensionProperty 'Runtime.ConnectionState','Config.KeyId' -Force | Out-Null
if ($vm.ExtensionData.Runtime.CryptoState) {
$vm.ExtensionData.Runtime.CryptoState -eq "locked"
}
else {
($vm.extensiondata.Runtime.ConnectionState -eq "invalid") -and ($vm.extensiondata.Config.KeyId)
}
} -BasedOnExtensionProperty 'Runtime.CryptoState', 'Runtime.ConnectionState','Config.KeyId' -Force | Out-Null
New-VIProperty -Name vMotionEncryption -ObjectType VirtualMachine -Value {
Param ($VM)
@@ -113,13 +118,6 @@ Function Enable-VMHostCryptoSafe {
.NOTES
Author : Baoyin Qiao.
Author email : bqiao@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#>
[CmdLetBinding()]
@@ -181,13 +179,6 @@ Function Set-VMHostCryptoKey {
.NOTES
Author : Baoyin Qiao.
Author email : bqiao@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#>
[CmdLetBinding()]
@@ -266,13 +257,6 @@ Function Set-vMotionEncryptionConfig {
.NOTES
Author : Brian Graf, Carrie Yang.
Author email : grafb@vmware.com, yangm@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#>
[CmdLetBinding()]
@@ -348,13 +332,6 @@ Function Enable-VMEncryption {
.NOTES
Author : Baoyin Qiao.
Author email : bqiao@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#>
[CmdLetBinding()]
@@ -508,13 +485,6 @@ Function Enable-VMDiskEncryption {
.NOTES
Author : Baoyin Qiao.
Author email : bqiao@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#>
[CmdLetBinding()]
@@ -660,13 +630,6 @@ Function Disable-VMEncryption {
.NOTES
Author : Carrie Yang.
Author email : yangm@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#>
[CmdLetBinding()]
@@ -756,13 +719,6 @@ Function Disable-VMDiskEncryption {
.NOTES
Author : Carrie Yang.
Author email : yangm@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#>
[CmdLetBinding()]
@@ -891,13 +847,6 @@ Function Set-VMEncryptionKey {
.NOTES
Author : Carrie Yang.
Author email : yangm@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#>
[CmdLetBinding()]
@@ -1047,13 +996,6 @@ Function Set-VMDiskEncryptionKey {
.NOTES
Author : Carrie Yang.
Author email : yangm@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#>
[CmdLetBinding()]
@@ -1170,13 +1112,6 @@ Function Get-VMEncryptionInfo {
.NOTES
Author : Carrie Yang.
Author email : yangm@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#>
[CmdLetBinding()]
@@ -1269,13 +1204,6 @@ Function Get-EntityByCryptoKey {
.NOTES
Author : Baoyin Qiao.
Author email : bqiao@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#>
[CmdLetBinding()]
@@ -1394,13 +1322,6 @@ Function New-KMServer {
.NOTES
Author : Baoyin Qiao.
Author email : bqiao@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#>
[CmdLetBinding()]
@@ -1435,6 +1356,7 @@ Function New-KMServer {
)
Begin {
write-warning "This cmdlet is deprecated and will be removed in future release. Use VMware.VimAutomation.Storage\Add-KeyManagementServer instead"
# Confirm the connected VIServer is vCenter Server
ConfirmIsVCenter
@@ -1553,13 +1475,6 @@ Function Remove-KMServer {
.NOTES
Author : Baoyin Qiao.
Author email : bqiao@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#>
[CmdLetBinding()]
@@ -1573,6 +1488,7 @@ Function Remove-KMServer {
)
Begin {
write-warning "This cmdlet is deprecated and will be removed in future release. Use VMware.VimAutomation.Storage\Remove-KeyManagementServer instead"
# Confirm the connected VIServer is vCenter Server
ConfirmIsVCenter
@@ -1630,15 +1546,9 @@ Function Get-KMSCluster {
.NOTES
Author : Baoyin Qiao.
Author email : bqiao@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#>
write-warning "This cmdlet is deprecated and will be removed in future release. Use VMware.VimAutomation.Storage\Get-KmsCluster instead"
# Confirm the connected VIServer is vCenter Server
ConfirmIsVCenter
@@ -1668,14 +1578,6 @@ Function Get-KMSClusterInfo {
.NOTES
Author : Baoyin Qiao.
Author email : bqiao@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#>
[CmdLetBinding()]
@@ -1686,6 +1588,7 @@ Function Get-KMSClusterInfo {
)
Begin {
write-warning "This cmdlet is deprecated and will be removed in future release. Use VMware.VimAutomation.Storage\Get-KmsCluster instead"
# Confirm the connected VIServer is vCenter Server
ConfirmIsVCenter
@@ -1721,13 +1624,6 @@ Function Get-KMServerInfo {
.NOTES
Author : Baoyin Qiao.
Author email : bqiao@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#>
[CmdLetBinding()]
@@ -1738,6 +1634,7 @@ Function Get-KMServerInfo {
)
Begin {
write-warning "This cmdlet is deprecated and will be removed in future release. Use VMware.VimAutomation.Storage\Get-KeyManagementServer instead"
# Confirm the connected VIServer is vCenter Server
ConfirmIsVCenter
@@ -1782,13 +1679,6 @@ Function Get-KMServerStatus {
.NOTES
Author : Baoyin Qiao.
Author email : bqiao@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#>
[CmdLetBinding()]
@@ -1853,15 +1743,9 @@ Function Get-DefaultKMSCluster {
.NOTES
Author : Baoyin Qiao.
Author email : bqiao@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#>
write-warning "This cmdlet is deprecated and will be removed in future release. Use VMware.VimAutomation.Storage\Get-KmsCluster instead"
# Confirm the connected VIServer is vCenter Server
ConfirmIsVCenter
@@ -1890,13 +1774,6 @@ Function Set-DefaultKMSCluster {
.NOTES
Author : Baoyin Qiao.
Author email : bqiao@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#>
[CmdLetBinding()]
@@ -1906,6 +1783,7 @@ Function Set-DefaultKMSCluster {
[String] $KMSClusterId
)
write-warning "This cmdlet is deprecated and will be removed in future release. Use VMware.VimAutomation.Storage\Set-KmsCluster instead"
# Confirm the connected VIServer is vCenter Server
ConfirmIsVCenter
@@ -1917,6 +1795,55 @@ Function Set-DefaultKMSCluster {
$CM.MarkDefault($ProviderId)
}
Function Set-VMCryptoUnlock {
<#
.SYNOPSIS
This cmdlet unlocks a locked vm
.DESCRIPTION
This cmdlet unlocks a locked vm
.PARAMETER VM
Specifies the VM you want to unlock
.EXAMPLE
PS C:\> Get-VM |where {$_.locked}| Set-VMCryptoUnlock
Unlock all locked vms
.NOTES
Author : Fangying Zhang
Author email : fzhang@vmware.com
#>
[CmdLetBinding()]
param (
[Parameter(Mandatory=$True,ValueFromPipeline=$True,ValueFromPipelinebyPropertyName=$True)]
[VMware.VimAutomation.ViCore.Types.V1.Inventory.VirtualMachine[]]$VM
)
Begin {
# Confirm the connected VIServer is vCenter Server
ConfirmIsVCenter
}
Process {
foreach ($thisvm in $vm) {
if (!$thisvm.encrypted) {
write-warning "$thisvm is not encrypted, will skip $thisvm"
continue
}
if (!$thisvm.Locked) {
write-warning "$thisvm may not be locked!"
# $thisvm.locked could be false on old 6.5.0 build (bug 1931370), so do not skip $thisvm
}
write-verbose "try to CryptoUnlock $thisvm"
$thisvm.ExtensionData.CryptoUnlock()
}
}
}
Function ConfirmIsVCenter{
<#
.SYNOPSIS