voltron/PowerCLI-Example-Scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #8 from vmware/master

Browse Source 
resync
This commit is contained in:
Wouter Kursten
2018-11-15 10:05:40 +01:00
committed by GitHub
parent 5ee5c5d09a a7b81266bd
commit bcff03c896
23 changed files with 6268 additions and 251 deletions
Download Patch File Download Diff File Expand all files Collapse all files

190
Modules/ContentLibrary/ContentLibrary.psm1
View File

@@ -2,10 +2,10 @@
<#
.NOTES
===========================================================================
Created by: William Lam
Organization: VMware
Blog: www.virtuallyghetto.com
Twitter: @lamw
Created by: William Lam
Organization: VMware
Blog: www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.DESCRIPTION
This function lists all available vSphere Content Libaries
@@ -87,10 +87,10 @@ Function Get-ContentLibraryItems {
<#
.NOTES
===========================================================================
Created by: William Lam
Organization: VMware
Blog: www.virtuallyghetto.com
Twitter: @lamw
Created by: William Lam
Organization: VMware
Blog: www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.DESCRIPTION
This function lists all items within a given vSphere Content Library
@@ -158,10 +158,10 @@ Function Get-ContentLibraryItemFiles {
<#
.NOTES
===========================================================================
Created by: William Lam
Organization: VMware
Blog: www.virtuallyghetto.com
Twitter: @lamw
Created by: William Lam
Organization: VMware
Blog: www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.DESCRIPTION
This function lists all item files within a given vSphere Content Library
@@ -225,10 +225,10 @@ Function Set-ContentLibrary {
<#
.NOTES
===========================================================================
Created by: William Lam
Organization: VMware
Blog: www.virtuallyghetto.com
Twitter: @lamw
Created by: William Lam
Organization: VMware
Blog: www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.DESCRIPTION
This function updates the JSON Persistence property for a given Content Library
@@ -281,10 +281,10 @@ Function New-ExtReplicatedContentLibrary {
<#
.NOTES
===========================================================================
Created by: William Lam
Organization: VMware
Blog: www.virtuallyghetto.com
Twitter: @lamw
Created by: William Lam
Organization: VMware
Blog: www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.DESCRIPTION
This function creates a new Subscriber Content Library from a JSON Persisted
@@ -345,10 +345,10 @@ Function Remove-SubscribedContentLibrary {
<#
.NOTES
===========================================================================
Created by: William Lam
Organization: VMware
Blog: www.virtuallyghetto.com
Twitter: @lamw
Created by: William Lam
Organization: VMware
Blog: www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.DESCRIPTION
This function deletes a Subscriber Content Library
@@ -387,10 +387,10 @@ Function New-LocalContentLibrary {
<#
.NOTES
===========================================================================
Created by: William Lam
Organization: VMware
Blog: www.virtuallyghetto.com
Twitter: @lamw
Created by: William Lam
Organization: VMware
Blog: www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.DESCRIPTION
This function creates a new Subscriber Content Library from a JSON Persisted
@@ -444,10 +444,10 @@ Function Remove-LocalContentLibrary {
<#
.NOTES
===========================================================================
Created by: William Lam
Organization: VMware
Blog: www.virtuallyghetto.com
Twitter: @lamw
Created by: William Lam
Organization: VMware
Blog: www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.DESCRIPTION
This function deletes a Local Content Library
@@ -486,10 +486,10 @@ Function Copy-ContentLibrary {
<#
.NOTES
===========================================================================
Created by: William Lam
Organization: VMware
Blog: www.virtuallyghetto.com
Twitter: @lamw
Created by: William Lam
Organization: VMware
Blog: www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.DESCRIPTION
This function copies all library items from one Content Library to another
@@ -578,4 +578,122 @@ Function Copy-ContentLibrary {
}
}
}
}
Function New-VMTX {
<#
.NOTES
===========================================================================
Created by: William Lam
Organization: VMware
Blog: www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.DESCRIPTION
This function clones a VM to VM Template in Content Library (currently only supported on VMC)
.PARAMETER SourceVMName
The name of the source VM to clone
.PARAMETER VMTXName
The name of the VM Template in Content Library
.PARAMETER Description
Description of the VM template
.PARAMETER LibaryName
The name of the Content Library to clone to
.PARAMETER FolderName
The name of vSphere Folder (Defaults to Workloads for VMC)
.PARAMETER ResourcePoolName
The name of the vSphere Resource Pool (Defaults to Compute-ResourcePools for VMC)
.EXAMPLE
New-VMTX -SourceVMName "Windows10-BaseInstall" -VMTXName "Windows10-VMTX-Template" -LibraryName "VMC-CL-01"
#>
param(
[Parameter(Mandatory=$true)][String]$SourceVMName,
[Parameter(Mandatory=$true)][String]$VMTXName,
[Parameter(Mandatory=$false)][String]$Description,
[Parameter(Mandatory=$true)][String]$LibraryName,
[Parameter(Mandatory=$false)][String]$FolderName="Workloads",
[Parameter(Mandatory=$false)][String]$ResourcePoolName="Compute-ResourcePool"
)
$vmtxService = Get-CisService -Name "com.vmware.vcenter.vm_template.library_items"
$sourceVMId = ((Get-VM -Name $SourceVMName).ExtensionData.MoRef).Value
$libraryId = ((Get-ContentLibrary -LibraryName $LibraryName).Id).Value
$folderId = ((Get-Folder -Name $FolderName).ExtensionData.MoRef).Value
$rpId = ((Get-ResourcePool -Name $ResourcePoolName).ExtensionData.MoRef).Value
$vmtxCreateSpec = $vmtxService.Help.create.spec.Create()
$vmtxCreateSpec.source_vm = $sourceVMId
$vmtxCreateSpec.name = $VMTXName
$vmtxCreateSpec.description = $Description
$vmtxCreateSpec.library = $libraryId
$vmtxCreateSpec.placement.folder = $folderId
$vmtxCreateSpec.placement.resource_pool = $rpId
Write-Host "`nCreating new VMTX Template from $SourceVMName in Content Library $LibraryName ..."
$result = $vmtxService.create($vmtxCreateSpec)
}
Function New-VMFromVMTX {
<#
.NOTES
===========================================================================
Created by: William Lam
Organization: VMware
Blog: www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.DESCRIPTION
This function deploys a new VM from Template in Content Library (currently only supported in VMC)
.PARAMETER VMTXName
The name of the VM Template in Content Library to deploy from
.PARAMETER NewVMName
The name of the new VM to deploy
.PARAMETER FolderName
The name of vSphere Folder (Defaults to Workloads for VMC)
.PARAMETER ResourcePoolName
The name of the vSphere Resource Pool (Defaults to Compute-ResourcePools for VMC)
.PARAMETER NumCpu
The number of vCPU to configure for the new VM
.PARAMETER MemoryMb
The amount of memory (MB) to configure for the new VM
.PARAMETER PowerOn
To power on the VM after deploy
.EXAMPLE
New-VMFromVMTX -NewVMName "FooFoo" -VMTXName "FooBar" -PowerOn $true -NumCpu 4 -MemoryMB 2048
#>
param(
[Parameter(Mandatory=$true)][String]$VMTXName,
[Parameter(Mandatory=$true)][String]$NewVMName,
[Parameter(Mandatory=$false)][String]$FolderName="Workloads",
[Parameter(Mandatory=$false)][String]$ResourcePoolName="Compute-ResourcePool",
[Parameter(Mandatory=$false)][String]$DatastoreName="WorkloadDatastore",
[Parameter(Mandatory=$false)][Int]$NumCpu,
[Parameter(Mandatory=$false)][Int]$MemoryMB,
[Parameter(Mandatory=$false)][Boolean]$PowerOn=$false
)
$vmtxService = Get-CisService -Name "com.vmware.vcenter.vm_template.library_items"
$vmtxId = (Get-ContentLibraryItem -Name $VMTXName).Id
$folderId = ((Get-Folder -Name $FolderName).ExtensionData.MoRef).Value
$rpId = ((Get-ResourcePool -Name $ResourcePoolName).ExtensionData.MoRef).Value
$datastoreId = ((Get-Datastore -Name $DatastoreName).ExtensionData.MoRef).Value
$vmtxDeploySpec = $vmtxService.Help.deploy.spec.Create()
$vmtxDeploySpec.name = $NewVMName
$vmtxDeploySpec.powered_on = $PowerOn
$vmtxDeploySpec.placement.folder = $folderId
$vmtxDeploySpec.placement.resource_pool = $rpId
$vmtxDeploySpec.vm_home_storage.datastore = $datastoreId
$vmtxDeploySpec.disk_storage.datastore = $datastoreId
if($NumCpu) {
$vmtxDeploySpec.hardware_customization.cpu_update.num_cpus = $NumCpu
}
if($MemoryMB) {
$vmtxDeploySpec.hardware_customization.memory_update.memory = $MemoryMB
}
Write-Host "`nDeploying new VM $NewVMName from VMTX Template $VMTXName ..."
$results = $vmtxService.deploy($vmtxId,$vmtxDeploySpec)
}

30
Modules/NSXT/NSXT.psd1
View File

@@ -7,7 +7,35 @@
Copyright = '(c) 2017. All rights reserved.'
Description = 'Powershell Module for NSX-T REST API Functions'
PowerShellVersion = '5.0'
FunctionsToExport = 'Get-NSXTComputeManager','Get-NSXTFabricNode','Get-NSXTFirewallRule','Get-NSXTIPPool','Get-NSXTLogicalSwitch','Get-NSXTManager','Get-NSXTTransportZone','Get-NSXTController'
FunctionsToExport = 'Get-NSXTBGPNeighbors',
'Get-NSXTComputeManager',
'Get-NSXTController',
'Get-NSXTEdgeCluster',
'Get-NSXTFabricNode',
'Get-NSXTFabricVM',
'Get-NSXTFirewallRule',
'Get-NSXTForwardingTable',
'Get-NSXTIPPool',
'Get-NSXTLogicalRouter',
'Get-NSXTLogicalRouterPorts',
'Get-NSXTLogicalSwitch',
'Get-NSXTManager',
'Get-NSXTNetworkRoutes',
'Get-NSXTRoutingTable',
'Get-NSXTTraceFlow',
'Get-NSXTTraceFlowObservations',
'Get-NSXTTransportNode',
'Get-NSXTTransportZone',
'Get-NSXTClusterNode',
'Set-NSXTIPPool',
'Set-NSXTLogicalRouter',
'Set-NSXTLogicalSwitch',
'Set-NSXTTraceFlow',
'Get-NSXTIPAMIPBlock',
'Set-NSXTIPAMIPBlock',
'Remove-NSXTIPAMIPBlock'
PrivateData = @{
PSData = @{
Tags = @('NSX-T','REST')

2024
Modules/NSXT/NSXT.psm1
View File

File diff suppressed because it is too large Load Diff

4
Modules/VMFSIncrease/VMFSIncrease.psm1
View File

@@ -112,7 +112,7 @@ function Get-VmfsDatastoreIncrease
Datastore = $Datastore.Name
CanonicalName = $disk.CanonicalName
Model = "$($disk.Vendor.TrimEnd(' ')).$($disk.Model.TrimEnd(' ')).$($disk.Revision.TrimEnd(' '))"
DiskSizeGB = $partInfo[0].Layout.Total.BlockSize * $hdPartInfo[0].Layout.Total.Block / 1GB
DiskSizeGB = $partInfo[0].Layout.Total.BlockSize * $partInfo[0].Layout.Total.Block / 1GB
DiskBlocks = $partInfo[0].Layout.Total.Block
DiskBlockMB = $partInfo[0].Layout.Total.BlockSize/1MB
AvailableGB = [math]::Round($partMax - $partUsed, 2)
@@ -181,7 +181,7 @@ function New-VmfsDatastoreIncrease
{
$lun = $hScsiDisk | where{ $_.CanonicalName -eq $dsOpt.Spec.Extent.DiskName }
$partInfo = $hsSys.RetrieveDiskPartitionInfo($lun.DeviceName)
$partMax = ($vmfsExpOpt[0].Info.Layout.Partition | where{ $_.Type -eq 'VMFS' } | %{ ($_.End.Block - $_.Start.Block + 1) * $_.Start.BlockSize } |
$partMax = ($expOpt[0].Info.Layout.Partition | where{ $_.Type -eq 'VMFS' } | %{ ($_.End.Block - $_.Start.Block + 1) * $_.Start.BlockSize } |
Measure-Object -Sum | select -ExpandProperty Sum)/1GB
$partUsed = ($partInfo[0].Layout.Partition | where{ $_.Type -eq 'VMFS' } | %{ ($_.End.Block - $_.Start.Block + 1) * $_.Start.BlockSize } |
Measure-Object -Sum | select -ExpandProperty Sum)/1GB

54
Modules/VMware.CSP/VMware.CSP.psm1 Normal file
View File

@@ -0,0 +1,54 @@
Function Get-CSPAccessToken {
<#
.NOTES
===========================================================================
Created by: William Lam
Date: 07/23/2018
Organization: VMware
Blog: https://www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.DESCRIPTION
Converts a Refresh Token from the VMware Console Services Portal
to CSP Access Token to access CSP API
.PARAMETER RefreshToken
The Refresh Token from the VMware Console Services Portal
.EXAMPLE
Get-CSPAccessToken -RefreshToken $RefreshToken
#>
Param (
[Parameter(Mandatory=$true)][String]$RefreshToken
)
$results = Invoke-WebRequest -Uri "https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize?refresh_token=$RefreshToken" -Method POST -ContentType "application/json" -UseBasicParsing -Headers @{"csp-auth-token"="$RefreshToken"}
if($results.StatusCode -ne 200) {
Write-Host -ForegroundColor Red "Failed to retrieve Access Token, please ensure your VMC Refresh Token is valid and try again"
break
}
$accessToken = ($results | ConvertFrom-Json).access_token
Write-Host "CSP Auth Token has been successfully retrieved and saved to `$env:cspAuthToken"
$env:cspAuthToken = $accessToken
}
Function Get-CSPServices {
<#
.NOTES
===========================================================================
Created by: William Lam
Date: 07/23/2018
Organization: VMware
Blog: https://www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.DESCRIPTION
Returns the list of CSP Services avialable for given user
.EXAMPLE
Get-CSPServices
#>
If (-Not $env:cspAuthToken) { Write-error "CSP Auth Token not found, please run Get-CSPAccessToken" } Else {
$results = Invoke-WebRequest -Uri "https://console.cloud.vmware.com/csp/gateway/slc/api/definitions?expand=1" -Method GET -ContentType "application/json" -UseBasicParsing -Headers @{"csp-auth-token"="$env:cspAuthToken"}
((($results.Content) | ConvertFrom-Json).results | where {$_.visible -eq $true}).displayName
}
}

88
Modules/VMware.HCX/VMware.HCX.psd1 Normal file
View File

@@ -0,0 +1,88 @@
#
# Module manifest for module 'VMware.HCX'
#
# Generated by: wlam@vmware.com
#
# Generated on: 09/11/18
#
@{
# Script module or binary module file associated with this manifest.
RootModule = 'VMware.HCX.psm1'
# Version number of this module.
ModuleVersion = '1.0.2'
# Supported PSEditions
# CompatiblePSEditions = @()
# ID used to uniquely identify this module
GUID = '88898ed6-26e8-4dfa-a9de-10d3a12571de'
# Author of this module
Author = 'William Lam'
# Company or vendor of this module
CompanyName = 'VMware'
# Copyright statement for this module
Copyright = '(c) 2018 VMware. All rights reserved.'
# Description of the functionality provided by this module
Description = 'PowerShell Module for Managing Hybrid Cloud Extension (HCX) on VMware Cloud on AWS'
# Minimum version of the Windows PowerShell engine required by this module
PowerShellVersion = '6.0'
# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
FunctionsToExport = 'Connect-HcxServer', 'Get-HcxCloudConfig', 'Get-HcxEndpoint', 'New-HcxMigration', 'Get-HcxMigration', 'Connect-HcxVAMI', 'Get-HcxVCConfig', 'Set-HcxLicense', 'Set-HcxVCConfig', 'Get-HcxNSXConfig', 'Set-HcxNSXConfig', 'Get-HcxCity', 'Get-HcxLocation', 'Set-HcxLocation', 'Get-HcxRoleMapping', 'Set-HcxRoleMapping', 'Get-HcxProxy', 'Set-HcxProxy', 'Remove-HcxProxy'
# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
CmdletsToExport = @()
# Variables to export from this module
VariablesToExport = '*'
# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
AliasesToExport = @()
# DSC resources to export from this module
# DscResourcesToExport = @()
# List of all modules packaged with this module
# ModuleList = @()
# List of all files packaged with this module
# FileList = @()
# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
PrivateData = @{
PSData = @{
# Tags applied to this module. These help with module discovery in online galleries.
# Tags = @()
# A URL to the license for this module.
# LicenseUri = ''
# A URL to the main website for this project.
# ProjectUri = ''
# A URL to an icon representing this module.
# IconUri = ''
# ReleaseNotes of this module
# ReleaseNotes = ''
} # End of PSData hashtable
} # End of PrivateData hashtable
# HelpInfo URI of this module
# HelpInfoURI = ''
# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
# DefaultCommandPrefix = ''
}

1309
Modules/VMware.HCX/VMware.HCX.psm1 Normal file
View File

File diff suppressed because it is too large Load Diff

98
Modules/VMware.Hv.Helper/VMware.HV.Helper.psm1
View File

@@ -10000,63 +10000,75 @@ function Reset-HVMachine {
$services.machine.Machine_ResetMachines($machine.id)
}
}
function Remove-HVMachine(){
function Remove-HVMachine {
<#
.Synopsis
Remove a Horizon View desktop or desktops.
Remove a Horizon View desktop or desktops.
.DESCRIPTION
Deletes a VM or an array of VM's from Horizon. Utilizes an Or query filter to match machine names.
Deletes a VM or an array of VM's from Horizon. Utilizes an Or query filter to match machine names.
.PARAMETER HVServer
The Horizon server where the machine to be deleted resides.Parameter is not mandatory,
but if you do not specify the server, than make sure you are connected to a Horizon server
The Horizon server where the machine to be deleted resides. Parameter is not mandatory,
but if you do not specify the server, than make sure you are connected to a Horizon server
first with connect-hvserver.
.PARAMETER MachineNames
The name or names of the machine(s) to be deleted. Accepts a single VM or an array of VM names.This is a mandatory parameter.
The name or names of the machine(s) to be deleted. Accepts a single VM or an array of VM names.This is a mandatory parameter.
.PARAMETER DeleteFromDisk
Determines whether the Machine VM should be deleted from vCenter Server. This is only applicable for managed machines.
This must always be true for machines in linked and instant clone desktops.
This defaults to true for linked and instant clone machines and false for all other types.
.EXAMPLE
remove-HVMachine -HVServer 'horizonserver123' -MachineNames 'LAX-WIN10-002'
Deletes VM 'LAX-WIN10-002' from HV Server 'horizonserver123'
Remove-HVMachine -HVServer 'horizonserver123' -MachineNames 'LAX-WIN10-002'
Deletes VM 'LAX-WIN10-002' from HV Server 'horizonserver123'
.EXAMPLE
remove-HVMachine -HVServer 'horizonserver123' -MachineNames $machines
Deletes VM's contained within an array of machine names from HV Server 'horizonserver123'
Remove-HVMachine -HVServer 'horizonserver123' -MachineNames $machines
Deletes VM's contained within an array of machine names from HV Server 'horizonserver123'
.EXAMPLE
Remove-HVMachine -HVServer 'horizonserver123' -MachineNames 'ManualVM01' -DeleteFromDisk:$false
Deletes VM 'ManualVM01' from Horizon inventory, but not from vSphere. Note this only works for Full Clone VMs.
.NOTES
Author : Jose Rodriguez
Author email : jrodsguitar@gmail.com
Version : 1.0
===Tested Against Environment====
Horizon View Server Version : 7.1.1
PowerCLI Version : PowerCLI 6.5, PowerCLI 6.5.1
PowerShell Version : 5.0
#>
[CmdletBinding(
[CmdletBinding(
SupportsShouldProcess = $true,
ConfirmImpact = 'High'
)]
param(
param(
[Parameter(Mandatory = $true)]
[array]
$MachineNames,
$MachineNames,
[Parameter(Mandatory = $false)]
[switch]$DeleteFromDisk = $true,
[Parameter(Mandatory = $false)]
$HVServer = $null
)
)
#Connect to HV Server
$services = Get-ViewAPIService -HVServer $HVServer
if ($null -eq $services) {
Write-Error "Could not retrieve ViewApi services from connection object"
if ($null -eq $services) {
Write-Error "Could not retrieve ViewApi services from connection object"
break
}
}
#Connect to Query Service
$queryService = New-Object 'Vmware.Hv.QueryServiceService'
@@ -10108,9 +10120,9 @@ $trys = 0
foreach($session in $deleteMachine.base.session){
$sessions = $null
[VMware.Hv.SessionId[]]$sessions += $session
}
[VMware.Hv.SessionId[]]$sessions += $session
}
try{
@@ -10122,8 +10134,8 @@ $trys = 0
#Wait more for Sessions to end
Start-Sleep -Seconds 5
Start-Sleep -Seconds 5
}
catch{
@@ -10133,39 +10145,39 @@ $trys = 0
write-host ($deleteMachine.base.Name -join "`n")
start-sleep -seconds 5
}
if(($trys -le 10)){
if(($trys -le 10)){
write-host "`n"
write-host "Retrying Logoffs: $trys times"
#Recheck existing sessions
$deleteMachine = $machineService.Machine_GetInfos($services,$deleteThisMachine.Id)
}
$trys++
$trys++
}
until((!$deleteMachine.base.session.id) -or ($trys -gt 10))
}
#Create delete spec for the DeleteMachines method
$deleteSpec = [VMware.Hv.MachineDeleteSpec]::new()
$deleteSpec.DeleteFromDisk = $true
$deleteSpec.DeleteFromDisk = $DeleteFromDisk
$deleteSpec.ArchivePersistentDisk = $false
#Delete the machines
write-host "Attempting to Delete:"
write-host "Attempting to Delete:"
Write-Output ($deleteMachine.base.Name -join "`n")
$bye = $machineService.Machine_DeleteMachines($services,$deleteMachine.id,$deleteSpec)
[System.gc]::collect()
}
}
function get-hvhealth {
<#

88
Modules/VMware.VMC.NSXT/VMware.VMC.NSXT.psd1 Normal file
View File

@@ -0,0 +1,88 @@
#
# Module manifest for module 'VMware.VMC.NSXT'
#
# Generated by: wlam@vmware.com
#
# Generated on: 09/11/18
#
@{
# Script module or binary module file associated with this manifest.
RootModule = 'VMware.VMC.NSXT.psm1'
# Version number of this module.
ModuleVersion = '1.0.0'
# Supported PSEditions
# CompatiblePSEditions = @()
# ID used to uniquely identify this module
GUID = 'c094608a-7480-4751-a14c-c9dd68870607'
# Author of this module
Author = 'William Lam'
# Company or vendor of this module
CompanyName = 'VMware'
# Copyright statement for this module
Copyright = '(c) 2018 VMware. All rights reserved.'
# Description of the functionality provided by this module
Description = 'PowerShell Module for Managing NSX-T on VMware Cloud on AWS'
# Minimum version of the Windows PowerShell engine required by this module
PowerShellVersion = '6.0'
# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
FunctionsToExport = 'Connect-NSXTProxy', 'Get-NSXTSegment', 'New-NSXTSegment', 'Remove-NSXTSegment', 'Get-NSXTGroup', 'New-NSXTGroup', 'Remove-NSXTGroup', 'Get-NSXTService', 'New-NSXTService', 'Get-NSXTFirewall', 'New-NSXTFirewall', 'Remove-NSXTFirewall'
# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
CmdletsToExport = @()
# Variables to export from this module
VariablesToExport = '*'
# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
AliasesToExport = @()
# DSC resources to export from this module
# DscResourcesToExport = @()
# List of all modules packaged with this module
# ModuleList = @()
# List of all files packaged with this module
# FileList = @()
# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
PrivateData = @{
PSData = @{
# Tags applied to this module. These help with module discovery in online galleries.
# Tags = @()
# A URL to the license for this module.
# LicenseUri = ''
# A URL to the main website for this project.
# ProjectUri = ''
# A URL to an icon representing this module.
# IconUri = ''
# ReleaseNotes of this module
# ReleaseNotes = ''
} # End of PSData hashtable
} # End of PrivateData hashtable
# HelpInfo URI of this module
# HelpInfoURI = ''
# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
# DefaultCommandPrefix = ''
}

889
Modules/VMware.VMC.NSXT/VMware.VMC.NSXT.psm1 Normal file
View File

@@ -0,0 +1,889 @@
Function Connect-NSXTProxy {
<#
.NOTES
===========================================================================
Created by: William Lam
Date: 09/11/2018
Organization: VMware
Blog: http://www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.SYNOPSIS
Retrieves NSX-T Proxy URL + acquire CSP Access Token to then be used with NSXT-T Policy API
.DESCRIPTION
This cmdlet creates $global:nsxtProxyConnection object containing the NSX-T Proxy URL along with CSP Token
.EXAMPLE
Connect-NSXTProxy -RefreshToken $RefreshToken -OrgName $OrgName -SDDCName $SDDCName
.NOTES
You must be logged into VMC using Connect-VmcServer cmdlet
#>
Param (
[Parameter(Mandatory=$true)][String]$RefreshToken,
[Parameter(Mandatory=$true)][String]$OrgName,
[Parameter(Mandatory=$true)][String]$SDDCName
)
If (-Not $global:DefaultVMCServers.IsConnected) { Write-error "No valid VMC Connection found, please use the Connect-VMC to connect"; break } Else {
$sddcService = Get-VmcService "com.vmware.vmc.orgs.sddcs"
$orgId = (Get-VMCOrg -Name $OrgName).Id
$sddcId = (Get-VMCSDDC -Name $SDDCName -Org $OrgName).Id
$sddc = $sddcService.get($orgId,$sddcId)
if($sddc.resource_config.nsxt) {
$nsxtProxyURL = $sddc.resource_config.nsx_api_public_endpoint_url
} else {
Write-Host -ForegroundColor Red "This is not an NSX-T based SDDC"
break
}
}
$results = Invoke-WebRequest -Uri "https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize?refresh_token=$RefreshToken" -Method POST -ContentType "application/json" -UseBasicParsing -Headers @{"csp-auth-token"="$RefreshToken"}
if($results.StatusCode -ne 200) {
Write-Host -ForegroundColor Red "Failed to retrieve Access Token, please ensure your VMC Refresh Token is valid and try again"
break
}
$accessToken = ($results | ConvertFrom-Json).access_token
$headers = @{
"csp-auth-token"="$accessToken"
"Content-Type"="application/json"
"Accept"="application/json"
}
$global:nsxtProxyConnection = new-object PSObject -Property @{
'Server' = $nsxtProxyURL
'headers' = $headers
}
$global:nsxtProxyConnection
}
Function Get-NSXTSegment {
<#
.NOTES
===========================================================================
Created by: William Lam
Date: 09/11/2018
Organization: VMware
Blog: http://www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.SYNOPSIS
Returns all NSX-T Segments (Logical Networks)
.DESCRIPTION
This cmdlet retrieves all NSX-T Segments (Logical Networks)
.EXAMPLE
Get-NSXTSegment
.EXAMPLE
Get-NSXTSegment -Name "sddc-cgw-network-1"
#>
Param (
[Parameter(Mandatory=$False)]$Name,
[Switch]$Troubleshoot
)
If (-Not $global:nsxtProxyConnection) { Write-error "No NSX-T Proxy Connection found, please use Connect-NSXTProxy" } Else {
$method = "GET"
$segmentsURL = $global:nsxtProxyConnection.Server + "/policy/api/v1/infra/networks/cgw/segments"
if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $METHOD`n$segmentsURL`n"
}
try {
if($PSVersionTable.PSEdition -eq "Core") {
$requests = Invoke-WebRequest -Uri $segmentsURL -Method $method -Headers $global:nsxtProxyConnection.headers -SkipCertificateCheck
} else {
$requests = Invoke-WebRequest -Uri $segmentsURL -Method $method -Headers $global:nsxtProxyConnection.headers
}
} catch {
Write-Host -ForegroundColor Red "`nThe NSX-T Proxy session is no longer valid, please re-run the Connect-NSXTProxy cmdlet to retrieve a new token`n"
break
}
if($requests.StatusCode -eq 200) {
$segments = ($requests.Content | ConvertFrom-Json).results
if ($PSBoundParameters.ContainsKey("Name")){
$segments = $segments | where {$_.display_name -eq $Name}
}
$results = @()
foreach ($segment in $segments) {
$subnets = $segment.subnets
$network = $subnets.network
$gateway = $subnets.gateway_addresses
$dhcpRange = $subnets.dhcp_ranges
$tmp = [pscustomobject] @{
Name = $segment.display_name;
ID = $segment.Id;
Network = $network;
Gateway = $gateway;
DHCPRange = $dhcpRange;
}
$results+=$tmp
}
$results
} else {
Write-Error "Failed to retrieve NSX-T Segments"
}
}
}
Function New-NSXTSegment {
<#
.NOTES
===========================================================================
Created by: William Lam
Date: 09/11/2018
Organization: VMware
Blog: http://www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.SYNOPSIS
Creates a new NSX-T Segment (Logical Networks)
.DESCRIPTION
This cmdlet creates a new NSX-T Segment (Logical Networks)
.EXAMPLE
New-NSXTSegment -Name "sddc-cgw-network-4" -Gateway "192.168.4.1" -Prefix "24" -DHCP -DHCPRange "192.168.4.2-192.168.4.254"
#>
Param (
[Parameter(Mandatory=$True)]$Name,
[Parameter(Mandatory=$True)]$Gateway,
[Parameter(Mandatory=$True)]$Prefix,
[Parameter(Mandatory=$False)]$DHCPRange,
[Switch]$DHCP,
[Switch]$Troubleshoot
)
If (-Not $global:nsxtProxyConnection) { Write-error "No NSX-T Proxy Connection found, please use Connect-NSXTProxy" } Else {
if($DHCP) {
$dhcpConf = @($DHCPRange)
} else {
$dhcpConf = @($null)
}
$subnets = @{
gateway_addresses = @($gateway);
prefix_len = $Prefix;
dhcp_ranges = $dhcpConf
}
$payload = @{
display_name = $Name;
subnets = @($subnets)
}
$body = $payload | ConvertTo-Json -depth 4
$method = "PUT"
$newSegmentsURL = $global:nsxtProxyConnection.Server + "/policy/api/v1/infra/networks/cgw/segments/$Name"
if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$newSegmentsURL`n"
Write-Host -ForegroundColor cyan "[DEBUG]`n$body`n"
}
try {
if($PSVersionTable.PSEdition -eq "Core") {
$requests = Invoke-WebRequest -Uri $newSegmentsURL -Body $body -Method $method -Headers $global:nsxtProxyConnection.headers -SkipCertificateCheck
} else {
$requests = Invoke-WebRequest -Uri $newSegmentsURL -Body $body -Method $method -Headers $global:nsxtProxyConnection.headers
}
} catch {
Write-Host -ForegroundColor Red "`nThe NSX-T Proxy session is no longer valid, please re-run the Connect-NSXTProxy cmdlet to retrieve a new token`n"
break
}
if($requests.StatusCode -eq 200) {
Write-Host "Succesfully created new NSX-T Segment $Name"
($requests.Content | ConvertFrom-Json) | select display_name, id
} else {
Write-Error "Failed to create new NSX-T Segment"
}
}
}
Function Remove-NSXTSegment {
<#
.NOTES
===========================================================================
Created by: William Lam
Date: 09/11/2018
Organization: VMware
Blog: http://www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.SYNOPSIS
Removes an NSX-T Segment (Logical Networks)
.DESCRIPTION
This cmdlet removes an NSX-T Segment (Logical Networks)
.EXAMPLE
Remove-NSXTSegment -Id "sddc-cgw-network-4"
#>
Param (
[Parameter(Mandatory=$True)]$Id,
[Switch]$Troubleshoot
)
If (-Not $global:nsxtProxyConnection) { Write-error "No NSX-T Proxy Connection found, please use Connect-NSXTProxy" } Else {
$method = "DELETE"
$deleteSegmentsURL = $global:nsxtProxyConnection.Server + "/policy/api/v1/infra/networks/cgw/segments/$Id"
if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$deleteSegmentsURL`n"
}
try {
if($PSVersionTable.PSEdition -eq "Core") {
$requests = Invoke-WebRequest -Uri $deleteSegmentsURL -Method $method -Headers $global:nsxtProxyConnection.headers -SkipCertificateCheck
} else {
$requests = Invoke-WebRequest -Uri $deleteSegmentsURL -Method $method -Headers $global:nsxtProxyConnection.headers
}
} catch {
Write-Host -ForegroundColor Red "`nThe NSX-T Proxy session is no longer valid, please re-run the Connect-NSXTProxy cmdlet to retrieve a new token`n"
break
}
if($requests.StatusCode -eq 200) {
Write-Host "Succesfully removed NSX-T Segment $Name"
} else {
Write-Error "Failed to remove NSX-T Segments"
}
}
}
Function Get-NSXTFirewall {
<#
.NOTES
===========================================================================
Created by: William Lam
Date: 09/11/2018
Organization: VMware
Blog: http://www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.SYNOPSIS
Returns all NSX-T Firewall Rules on MGW or CGW
.DESCRIPTION
This cmdlet retrieves all NSX-T Firewall Rules on MGW or CGW
.EXAMPLE
Get-NSXTFirewall -GatewayType MGW
.EXAMPLE
Get-NSXTFirewall -GatewayType MGW -Name "Test"
#>
param(
[Parameter(Mandatory=$false)][String]$Name,
[Parameter(Mandatory=$true)][ValidateSet("MGW","CGW")][String]$GatewayType,
[Switch]$Troubleshoot
)
If (-Not $global:nsxtProxyConnection) { Write-error "No NSX-T Proxy Connection found, please use Connect-NSXTProxy" } Else {
$method = "GET"
$edgeFirewallURL = $global:nsxtProxyConnection.Server + "/policy/api/v1/infra/domains/$($GatewayType.toLower())/edge-communication-maps/default"
if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$edgeFirewallURL`n"
}
try {
if($PSVersionTable.PSEdition -eq "Core") {
$requests = Invoke-WebRequest -Uri $edgeFirewallURL -Method $method -Headers $global:nsxtProxyConnection.headers -SkipCertificateCheck
} else {
$requests = Invoke-WebRequest -Uri $edgeFirewallURL -Method $method -Headers $global:nsxtProxyConnection.headers
}
} catch {
Write-Host -ForegroundColor Red "`nThe NSX-T Proxy session is no longer valid, please re-run the Connect-NSXTProxy cmdlet to retrieve a new token`n"
break
}
if($requests.StatusCode -eq 200) {
$rules = ($requests.Content | ConvertFrom-Json).communication_entries
if ($PSBoundParameters.ContainsKey("Name")){
$rules = $rules | where {$_.display_name -eq $Name}
}
$results = @()
foreach ($rule in $rules | Sort-Object -Property sequence_number) {
$sourceGroups = $rule.source_groups
$source = @()
foreach ($sourceGroup in $sourceGroups) {
if($sourceGroup -eq "ANY") {
$source += $sourceGroup
break
} else {
$sourceGroupURL = $global:nsxtProxyConnection.Server + "/policy/api/v1" + $sourceGroup
if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$sourceGroupURL`n"
}
try {
$requests = Invoke-WebRequest -Uri $sourceGroupURL -Method $method -Headers $global:nsxtProxyConnection.headers -SkipCertificateCheck
} catch {
Write-Host -ForegroundColor Red "`nThe NSX-T Proxy session is no longer valid, please re-run the Connect-NSXTProxy cmdlet to retrieve a new token`n"
break
}
$group = ($requests.Content | ConvertFrom-Json)
$source += $group.display_name
}
}
$destinationGroups = $rule.destination_groups
$destination = @()
foreach ($destinationGroup in $destinationGroups) {
if($destinationGroup -eq "ANY") {
$destination += $destinationGroup
break
} else {
$destionationGroupURL = $global:nsxtProxyConnection.Server + "/policy/api/v1" + $destinationGroup
if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$destionationGroupURL`n"
}
try {
$requests = Invoke-WebRequest -Uri $destionationGroupURL -Method $method -Headers $global:nsxtProxyConnection.headers -SkipCertificateCheck
} catch {
Write-Host -ForegroundColor Red "`nThe NSX-T Proxy session is no longer valid, please re-run the Connect-NSXTProxy cmdlet to retrieve a new token`n"
break
}
$group = ($requests.Content | ConvertFrom-Json)
$destination += $group.display_name
}
}
$serviceGroups = $rule.services
$service = @()
foreach ($serviceGroup in $serviceGroups) {
if($serviceGroup -eq "ANY") {
$service += $serviceGroup
break
} else {
$serviceGroupURL = $global:nsxtProxyConnection.Server + "/policy/api/v1" + $serviceGroup
if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$serviceGroupURL`n"
}
try {
$requests = Invoke-WebRequest -Uri $serviceGroupURL -Method $method -Headers $global:nsxtProxyConnection.headers -SkipCertificateCheck
} catch {
Write-Host -ForegroundColor Red "`nThe NSX-T Proxy session is no longer valid, please re-run the Connect-NSXTProxy cmdlet to retrieve a new token`n"
break
}
$group = ($requests.Content | ConvertFrom-Json)
$service += $group.display_name
}
}
$tmp = [pscustomobject] @{
SequenceNumber = $rule.sequence_number;
Name = $rule.display_name;
ID = $rule.id;
Source = $source;
Destination = $destination;
Services = $service;
Action = $rule.action;
}
$results+=$tmp
}
$results
} else {
Write-Error "Failed to retrieve NSX-T Firewall Rules"
}
}
}
Function New-NSXTFirewall {
<#
.NOTES
===========================================================================
Created by: William Lam
Date: 09/11/2018
Organization: VMware
Blog: http://www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.SYNOPSIS
Creates a new NSX-T Firewall Rule on MGW or CGW
.DESCRIPTION
This cmdlet creates a new NSX-T Firewall Rule on MGW or CGW
.EXAMPLE
New-NSXTFirewall -GatewayType MGW -Name TEST -Id TEST -SourceGroupId ESXI -DestinationGroupId ANY -Service ANY -Logged $true -SequenceNumber 7 -Action ALLOW
#>
Param (
[Parameter(Mandatory=$True)]$Name,
[Parameter(Mandatory=$true)][ValidateSet("MGW","CGW")][String]$GatewayType,
[Parameter(Mandatory=$True)]$Id,
[Parameter(Mandatory=$True)]$SequenceNumber,
[Parameter(Mandatory=$True)]$SourceGroupId,
[Parameter(Mandatory=$True)]$DestinationGroupId,
[Parameter(Mandatory=$True)]$Service,
[Parameter(Mandatory=$True)][ValidateSet("ALLOW","DENY")]$Action,
[Parameter(Mandatory=$false)][Boolean]$Logged=$false,
[Switch]$Troubleshoot
)
If (-Not $global:nsxtProxyConnection) { Write-error "No NSX-T Proxy Connection found, please use Connect-NSXTProxy" } Else {
if($DestinationGroupId -eq "ANY") {
$destinationGroups = $DestinationGroupId
} else {
$destinationGroups = "/infra/domains/$($GatewayType.toLower())/groups/$DestinationGroupId"
}
$sourceGroups = @()
foreach ($group in $SourceGroupId) {
$tmp = "/infra/domains/$($GatewayType.toLower())/groups/$group"
$sourceGroups+= $tmp
}
$services = @()
foreach ($serviceName in $Service) {
if($serviceName -eq "ANY") {
$tmp = "ANY"
} else {
$tmp = "/infra/services/$serviceName"
}
$services+=$tmp
}
$payload = @{
display_name = $Name;
resource_type = "CommunicationEntry";
id = $Id;
sequence_number = $SequenceNumber;
destination_groups = @($destinationGroups);
source_groups = $sourceGroups;
logged = $Logged;
scope = @("/infra/labels/$($GatewayType.toLower())");
services = $services;
action = $Action;
}
$body = $payload | ConvertTo-Json -depth 5
$method = "PUT"
$newFirewallURL = $global:nsxtProxyConnection.Server + "/policy/api/v1/infra/domains/$($GatewayType.toLower())/edge-communication-maps/default/communication-entries/$Id"
if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$newFirewallURL`n"
Write-Host -ForegroundColor cyan "[DEBUG]`n$body`n"
}
try {
if($PSVersionTable.PSEdition -eq "Core") {
$requests = Invoke-WebRequest -Uri $newFirewallURL -Body $body -Method $method -Headers $global:nsxtProxyConnection.headers -SkipCertificateCheck
} else {
$requests = Invoke-WebRequest -Uri $newFirewallURL -Body $body -Method $method -Headers $global:nsxtProxyConnection.headers
}
} catch {
Write-Host -ForegroundColor Red "`nThe NSX-T Proxy session is no longer valid, please re-run the Connect-NSXTProxy cmdlet to retrieve a new token`n"
break
}
if($requests.StatusCode -eq 200) {
Write-Host "Succesfully created new NSX-T Firewall Rule $Name"
($requests.Content | ConvertFrom-Json) | select display_name, id
} else {
Write-Error "Failed to create new NSX-T Firewall Rule"
}
}
}
Function Remove-NSXTFirewall {
<#
.NOTES
===========================================================================
Created by: William Lam
Date: 09/11/2018
Organization: VMware
Blog: http://www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.SYNOPSIS
Removes an NSX-T Firewall Rule on MGW or CGW
.DESCRIPTION
This cmdlet removes an NSX-T Firewall Rule on MGW or CGW
.EXAMPLE
Remove-NSXTFirewall -Id TEST -GatewayType MGW -Troubleshoot
#>
Param (
[Parameter(Mandatory=$True)]$Id,
[Parameter(Mandatory=$true)][ValidateSet("MGW","CGW")][String]$GatewayType,
[Switch]$Troubleshoot
)
If (-Not $global:nsxtProxyConnection) { Write-error "No NSX-T Proxy Connection found, please use Connect-NSXTProxy" } Else {
$method = "DELETE"
$deleteGgroupURL = $global:nsxtProxyConnection.Server + "/policy/api/v1/infra/domains/$($GatewayType.toLower())/edge-communication-maps/default/communication-entries/$Id"
if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$deleteGgroupURL`n"
}
try {
if($PSVersionTable.PSEdition -eq "Core") {
$requests = Invoke-WebRequest -Uri $deleteGgroupURL -Method $method -Headers $global:nsxtProxyConnection.headers -SkipCertificateCheck
} else {
$requests = Invoke-WebRequest -Uri $deleteGgroupURL -Method $method -Headers $global:nsxtProxyConnection.headers
}
} catch {
Write-Host -ForegroundColor Red "`nThe NSX-T Proxy session is no longer valid, please re-run the Connect-NSXTProxy cmdlet to retrieve a new token`n"
break
}
if($requests.StatusCode -eq 200) {
Write-Host "Succesfully removed NSX-T Firewall Rule $Name"
} else {
Write-Error "Failed to create new NSX-T Firewall Rule"
}
}
}
Function Get-NSXTGroup {
<#
.NOTES
===========================================================================
Created by: William Lam
Date: 09/11/2018
Organization: VMware
Blog: http://www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.SYNOPSIS
Returns all NSX-T Groups for MGW or CGW
.DESCRIPTION
This cmdlet retrieves all NSX-T Groups for MGW or CGW
.EXAMPLE
Get-NSXTGroup -GatewayType MGW
.EXAMPLE
Get-NSXTGroup -GatewayType MGW -Name "Test"
#>
param(
[Parameter(Mandatory=$false)][String]$Name,
[Parameter(Mandatory=$true)][ValidateSet("MGW","CGW")][String]$GatewayType,
[Switch]$Troubleshoot
)
If (-Not $global:nsxtProxyConnection) { Write-error "No NSX-T Proxy Connection found, please use Connect-NSXTProxy" } Else {
$method = "GET"
$edgeFirewallGroupsURL = $global:nsxtProxyConnection.Server + "/policy/api/v1/infra/domains/$($GatewayType.toLower())/groups"
if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$edgeFirewallGroupsURL`n"
}
try {
if($PSVersionTable.PSEdition -eq "Core") {
$requests = Invoke-WebRequest -Uri $edgeFirewallGroupsURL -Method $method -Headers $global:nsxtProxyConnection.headers -SkipCertificateCheck
} else {
$requests = Invoke-WebRequest -Uri $edgeFirewallGroupsURL -Method $method -Headers $global:nsxtProxyConnection.headers
}
} catch {
Write-Host -ForegroundColor Red "`nThe NSX-T Proxy session is no longer valid, please re-run the Connect-NSXTProxy cmdlet to retrieve a new token`n"
break
}
if($requests.StatusCode -eq 200) {
$groups = ($requests.Content | ConvertFrom-Json).results
if ($PSBoundParameters.ContainsKey("Name")){
$groups = $groups | where {$_.display_name -eq $Name}
}
$results = @()
foreach ($group in $groups) {
if($group.tags.tag -eq $null) {
$groupType = "USER_DEFINED"
} else { $groupType = $group.tags.tag }
$members = @()
foreach ($member in $group.expression) {
if($member.ip_addresses) {
$members += $member.ip_addresses
} else {
if($member.resource_type -eq "Condition") {
$members += $member.value
}
}
}
$tmp = [pscustomobject] @{
Name = $group.display_name;
ID = $group.id;
Type = $groupType;
Members = $members;
}
$results+=$tmp
}
$results
} else {
Write-Error "Failed to retrieve NSX-T Groups"
}
}
}
Function New-NSXTGroup {
<#
.NOTES
===========================================================================
Created by: William Lam
Date: 09/11/2018
Organization: VMware
Blog: http://www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.SYNOPSIS
Creates a new NSX-T Group on MGW or CGW
.DESCRIPTION
This cmdlet creates a new NSX-T Firewall Rule on MGW or CGW
.EXAMPLE
New-NSXTGroup -GatewayType MGW -Name Foo -IPAddress @("172.31.0.0/24")
#>
Param (
[Parameter(Mandatory=$True)]$Name,
[Parameter(Mandatory=$true)][ValidateSet("MGW","CGW")][String]$GatewayType,
[Parameter(Mandatory=$True)][String[]]$IPAddress,
[Switch]$Troubleshoot
)
If (-Not $global:nsxtProxyConnection) { Write-error "No NSX-T Proxy Connection found, please use Connect-NSXTProxy" } Else {
$expression = @{
resource_type = "IPAddressExpression";
ip_addresses = $IPAddress;
}
$payload = @{
display_name = $Name;
expression = @($expression);
}
$body = $payload | ConvertTo-Json -depth 5
$method = "PUT"
$newGroupURL = $global:nsxtProxyConnection.Server + "/policy/api/v1/infra/domains/$($GatewayType.toLower())/groups/$Name"
if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$newGroupURL`n"
Write-Host -ForegroundColor cyan "[DEBUG]`n$body`n"
}
try {
if($PSVersionTable.PSEdition -eq "Core") {
$requests = Invoke-WebRequest -Uri $newGroupURL -Body $body -Method $method -Headers $global:nsxtProxyConnection.headers -SkipCertificateCheck
} else {
$requests = Invoke-WebRequest -Uri $newGroupURL -Body $body -Method $method -Headers $global:nsxtProxyConnection.headers
}
} catch {
Write-Host -ForegroundColor Red "`nThe NSX-T Proxy session is no longer valid, please re-run the Connect-NSXTProxy cmdlet to retrieve a new token`n"
break
}
if($requests.StatusCode -eq 200) {
Write-Host "Succesfully created new NSX-T Group $Name"
($requests.Content | ConvertFrom-Json) | select display_name, id
} else {
Write-Error "Failed to create new NSX-T Group"
}
}
}
Function Remove-NSXTGroup {
<#
.NOTES
===========================================================================
Created by: William Lam
Date: 09/11/2018
Organization: VMware
Blog: http://www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.SYNOPSIS
Removes an NSX-T Group
.DESCRIPTION
This cmdlet removes an NSX-T Group
.EXAMPLE
Remove-NSXTGroup -Id Foo -GatewayType MGW -Troubleshoot
#>
Param (
[Parameter(Mandatory=$True)]$Id,
[Parameter(Mandatory=$true)][ValidateSet("MGW","CGW")][String]$GatewayType,
[Switch]$Troubleshoot
)
If (-Not $global:nsxtProxyConnection) { Write-error "No NSX-T Proxy Connection found, please use Connect-NSXTProxy" } Else {
$method = "DELETE"
$deleteGgroupURL = $global:nsxtProxyConnection.Server + "/policy/api/v1/infra/domains/$($GatewayType.toLower())/groups/$Id"
if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$deleteGgroupURL`n"
}
try {
if($PSVersionTable.PSEdition -eq "Core") {
$requests = Invoke-WebRequest -Uri $deleteGgroupURL -Method $method -Headers $global:nsxtProxyConnection.headers -SkipCertificateCheck
} else {
$requests = Invoke-WebRequest -Uri $deleteGgroupURL -Method $method -Headers $global:nsxtProxyConnection.headers
}
} catch {
Write-Host -ForegroundColor Red "`nThe NSX-T Proxy session is no longer valid, please re-run the Connect-NSXTProxy cmdlet to retrieve a new token`n"
break
}
if($requests.StatusCode -eq 200) {
Write-Host "Succesfully removed NSX-T Group $Name"
} else {
Write-Error "Failed to create new NSX-T Group"
}
}
}
Function Get-NSXTService {
<#
.NOTES
===========================================================================
Created by: William Lam
Date: 09/11/2018
Organization: VMware
Blog: http://www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.SYNOPSIS
Returns all NSX-T Services
.DESCRIPTION
This cmdlet retrieves all NSX-T Services
.EXAMPLE
Get-NSXTService
.EXAMPLE
Get-NSXTService -Name "WINS"
#>
param(
[Parameter(Mandatory=$false)][String]$Name,
[Switch]$Troubleshoot
)
If (-Not $global:nsxtProxyConnection) { Write-error "No NSX-T Proxy Connection found, please use Connect-NSXTProxy" } Else {
$method = "GET"
$serviceGroupsURL = $global:nsxtProxyConnection.Server + "/policy/api/v1/infra/services"
if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$serviceGroupsURL`n"
}
try {
if($PSVersionTable.PSEdition -eq "Core") {
$requests = Invoke-WebRequest -Uri $serviceGroupsURL -Method $method -Headers $global:nsxtProxyConnection.headers -SkipCertificateCheck
} else {
$requests = Invoke-WebRequest -Uri $serviceGroupsURL -Method $method -Headers $global:nsxtProxyConnection.headers
}
} catch {
Write-Host -ForegroundColor Red "`nThe NSX-T Proxy session is no longer valid, please re-run the Connect-NSXTProxy cmdlet to retrieve a new token`n"
break
}
if($requests.StatusCode -eq 200) {
$services = ($requests.Content | ConvertFrom-Json).results
if ($PSBoundParameters.ContainsKey("Name")){
$services = $services | where {$_.display_name -eq $Name}
}
$results = @()
foreach ($service in $services | Sort-Object -Propert display_name) {
$serviceEntry = $service.service_entries
$serviceProtocol = $serviceEntry.l4_protocol
$serviceSourcePorts = $serviceEntry.source_ports
$serviceDestinationPorts = $serviceEntry.destination_ports
$tmp = [pscustomobject] @{
Name = $service.display_name;
Id = $service.id;
Protocol = $serviceProtocol;
Source = $serviceSourcePorts;
Destination = $serviceDestinationPorts;
}
$results += $tmp
}
$results
} else {
Write-Error "Failed to retrieve NSX-T Services"
}
}
}
Function New-NSXTService {
<#
.NOTES
===========================================================================
Created by: William Lam
Date: 09/11/2018
Organization: VMware
Blog: http://www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.SYNOPSIS
Creates a new NSX-T Service
.DESCRIPTION
This cmdlet creates a new NSX-T Service
.EXAMPLE
New-NSXTService -Name "MyHTTP2" -Protocol TCP -DestinationPorts @("8080","8081")
#>
Param (
[Parameter(Mandatory=$True)]$Name,
[Parameter(Mandatory=$True)][String[]]$DestinationPorts,
[Parameter(Mandatory=$True)][ValidateSet("TCP","UDP")][String]$Protocol,
[Switch]$Troubleshoot
)
If (-Not $global:nsxtProxyConnection) { Write-error "No NSX-T Proxy Connection found, please use Connect-NSXTProxy" } Else {
$serviceEntry = @()
$entry = @{
display_name = $name + "-$destinationPort"
resource_type = "L4PortSetServiceEntry";
destination_ports = @($DestinationPorts);
l4_protocol = $Protocol;
}
$serviceEntry+=$entry
$payload = @{
display_name = $Name;
service_entries = $serviceEntry;
}
$body = $payload | ConvertTo-Json -depth 5
$method = "PUT"
$newServiceURL = $global:nsxtProxyConnection.Server + "/policy/api/v1/infra/services/$Name"
if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$newServiceURL`n"
Write-Host -ForegroundColor cyan "[DEBUG]`n$body`n"
}
try {
if($PSVersionTable.PSEdition -eq "Core") {
$requests = Invoke-WebRequest -Uri $newServiceURL -Body $body -Method $method -Headers $global:nsxtProxyConnection.headers -SkipCertificateCheck
} else {
$requests = Invoke-WebRequest -Uri $newServiceURL -Body $body -Method $method -Headers $global:nsxtProxyConnection.headers
}
} catch {
Write-Host -ForegroundColor Red "`nThe NSX-T Proxy session is no longer valid, please re-run the Connect-NSXTProxy cmdlet to retrieve a new token`n"
break
}
if($requests.StatusCode -eq 200) {
Write-Host "Succesfully created new NSX-T Service $Name"
($requests.Content | ConvertFrom-Json) | select display_name, id
} else {
Write-Error "Failed to create new NSX-T Service"
}
}
}

BIN
Modules/VMware.VMC/VMware.VMC.psd1
View File

Binary file not shown.

602
Modules/VMware.VMC/VMware.VMC.psm1
View File

@@ -320,7 +320,6 @@ Function Get-VMCSDDCVersion {
}
}
}
Function Get-VMCFirewallRule {
<#
.NOTES
@@ -394,9 +393,8 @@ Function Get-VMCFirewallRule {
}
$results
}
Function Export-VMCFirewallRule {
<#
Function Export-VMCFirewallRule {
<#
.NOTES
===========================================================================
Created by: William Lam
@@ -413,45 +411,45 @@ Function Get-VMCFirewallRule {
.EXAMPLE
Export-VMCFirewallRule -OrgName <Org Name> -SDDCName <SDDC Name> -GatewayType <MGW or CGW> -Path "C:\Users\lamw\Desktop\VMCFirewallRules.json"
#>
param(
param(
[Parameter(Mandatory=$false)][String]$SDDCName,
[Parameter(Mandatory=$false)][String]$OrgName,
[Parameter(Mandatory=$true)][ValidateSet("MGW","CGW")][String]$GatewayType,
[Parameter(Mandatory=$false)][String]$Path
)
if (-not $global:DefaultVMCServers) { Write-error "No VMC Connection found, please use the Connect-VMC to connect"; break }
if (-not $global:DefaultVMCServers) { Write-error "No VMC Connection found, please use the Connect-VMC to connect"; break }
if($GatewayType -eq "MGW") {
if($GatewayType -eq "MGW") {
$EdgeId = "edge-1"
} else {
$EdgeId = "edge-2"
}
$orgId = (Get-VMCOrg -Name $OrgName).Id
$sddcId = (Get-VMCSDDC -Name $SDDCName -Org $OrgName).Id
$orgId = (Get-VMCOrg -Name $OrgName).Id
$sddcId = (Get-VMCSDDC -Name $SDDCName -Org $OrgName).Id
if(-not $orgId) {
if(-not $orgId) {
Write-Host -ForegroundColor red "Unable to find Org $OrgName, please verify input"
break
}
if(-not $sddcId) {
if(-not $sddcId) {
Write-Host -ForegroundColor red "Unable to find SDDC $SDDCName, please verify input"
break
}
$firewallConfigService = Get-VmcService com.vmware.vmc.orgs.sddcs.networks.edges.firewall.config
$firewallConfigService = Get-VmcService com.vmware.vmc.orgs.sddcs.networks.edges.firewall.config
$firewallRules = ($firewallConfigService.get($orgId, $sddcId, $EdgeId)).firewall_rules.firewall_rules
if(-not $ShowAll) {
$firewallRules = ($firewallConfigService.get($orgId, $sddcId, $EdgeId)).firewall_rules.firewall_rules
if(-not $ShowAll) {
$firewallRules = $firewallRules | where { $_.rule_type -ne "default_policy" -and $_.rule_type -ne "internal_high" -and $_.name -ne "vSphere Cluster HA" -and $_.name -ne "Outbound Access" } | Sort-Object -Property rule_tag
} else {
$firewallRules = $firewallRules | Sort-Object -Property rule_tag
}
$results = @()
$count = 0
foreach ($firewallRule in $firewallRules) {
$results = @()
$count = 0
foreach ($firewallRule in $firewallRules) {
if($firewallRule.source.ip_address.Count -ne 0) {
$source = $firewallRule.source.ip_address
} else {
@@ -473,16 +471,15 @@ Function Get-VMCFirewallRule {
$count+=1
$results+=$tmp
}
if($Path) {
if($Path) {
Write-Host -ForegroundColor Green "Exporting $count VMC Firewall Rules to $Path ..."
$results | ConvertTo-Json | Out-File $Path
} else {
$results | ConvertTo-Json
}
}
Function Import-VMCFirewallRule {
<#
}
Function Import-VMCFirewallRule {
<#
.NOTES
===========================================================================
Created by: William Lam
@@ -499,43 +496,43 @@ Function Get-VMCFirewallRule {
.EXAMPLE
Import-VMCFirewallRule -OrgName <Org Name> -SDDCName <SDDC Name> -GatewayType <MGW or CGW> -Path "C:\Users\lamw\Desktop\VMCFirewallRules.json"
#>
param(
param(
[Parameter(Mandatory=$false)][String]$SDDCName,
[Parameter(Mandatory=$false)][String]$OrgName,
[Parameter(Mandatory=$true)][ValidateSet("MGW","CGW")][String]$GatewayType,
[Parameter(Mandatory=$false)][String]$Path
)
if (-not $global:DefaultVMCServers) { Write-error "No VMC Connection found, please use the Connect-VMC to connect"; break }
if (-not $global:DefaultVMCServers) { Write-error "No VMC Connection found, please use the Connect-VMC to connect"; break }
if($GatewayType -eq "MGW") {
if($GatewayType -eq "MGW") {
$EdgeId = "edge-1"
} else {
$EdgeId = "edge-2"
}
$orgId = (Get-VMCOrg -Name $OrgName).Id
$sddcId = (Get-VMCSDDC -Name $SDDCName -Org $OrgName).Id
$orgId = (Get-VMCOrg -Name $OrgName).Id
$sddcId = (Get-VMCSDDC -Name $SDDCName -Org $OrgName).Id
if(-not $orgId) {
if(-not $orgId) {
Write-Host -ForegroundColor red "Unable to find Org $OrgName, please verify input"
break
}
if(-not $sddcId) {
if(-not $sddcId) {
Write-Host -ForegroundColor red "Unable to find SDDC $SDDCName, please verify input"
break
}
$firewallService = Get-VmcService com.vmware.vmc.orgs.sddcs.networks.edges.firewall.config.rules
$firewallService = Get-VmcService com.vmware.vmc.orgs.sddcs.networks.edges.firewall.config.rules
$vmcFirewallRulesJSON = Get-Content -Raw $Path | ConvertFrom-Json
$vmcFirewallRulesJSON = Get-Content -Raw $Path | ConvertFrom-Json
# Create top level Firewall Rules Object
$firewallRules = $firewallService.Help.add.firewall_rules.Create()
# Create top top level Firewall Rule Spec which will be an array of individual Firewall rules as we process them in next section
$ruleSpec = $firewallService.Help.add.firewall_rules.firewall_rules.Create()
# Create top level Firewall Rules Object
$firewallRules = $firewallService.Help.add.firewall_rules.Create()
# Create top top level Firewall Rule Spec which will be an array of individual Firewall rules as we process them in next section
$ruleSpec = $firewallService.Help.add.firewall_rules.firewall_rules.Create()
foreach ($vmcFirewallRule in $vmcFirewallRulesJSON) {
foreach ($vmcFirewallRule in $vmcFirewallRulesJSON) {
# Create Individual Firewall Rule Element Spec
$ruleElementSpec = $firewallService.Help.add.firewall_rules.firewall_rules.Element.Create()
@@ -632,14 +629,13 @@ Function Get-VMCFirewallRule {
Write-host "Creating VMC Firewall Rule Spec:" $vmcFirewallRule.Name "..."
$ruleSpecAdd = $ruleSpec.Add($ruleElementSpec)
}
$firewallRules.firewall_rules = $ruleSpec
$firewallRules.firewall_rules = $ruleSpec
Write-host "Adding VMC Firewall Rules ..."
$firewallRuleAdd = $firewallService.add($orgId,$sddcId,$EdgeId,$firewallRules)
}
Function Remove-VMCFirewallRule {
<#
Write-host "Adding VMC Firewall Rules ..."
$firewallRuleAdd = $firewallService.add($orgId,$sddcId,$EdgeId,$firewallRules)
}
Function Remove-VMCFirewallRule {
<#
.NOTES
===========================================================================
Created by: William Lam
@@ -656,38 +652,37 @@ Function Get-VMCFirewallRule {
.EXAMPLE
Remove-VMCFirewallRule -OrgName <Org Name> -SDDCName <SDDC Name> -GatewayType <MGW or CGW> -RuleId <Rule Id>
#>
param(
param(
[Parameter(Mandatory=$false)][String]$SDDCName,
[Parameter(Mandatory=$false)][String]$OrgName,
[Parameter(Mandatory=$true)][ValidateSet("MGW","CGW")][String]$GatewayType,
[Parameter(Mandatory=$false)][String]$RuleId
)
if (-not $global:DefaultVMCServers) { Write-error "No VMC Connection found, please use the Connect-VMC to connect"; break }
if (-not $global:DefaultVMCServers) { Write-error "No VMC Connection found, please use the Connect-VMC to connect"; break }
if($GatewayType -eq "MGW") {
if($GatewayType -eq "MGW") {
$EdgeId = "edge-1"
} else {
$EdgeId = "edge-2"
}
$orgId = (Get-VMCOrg -Name $OrgName).Id
$sddcId = (Get-VMCSDDC -Name $SDDCName -Org $OrgName).Id
$orgId = (Get-VMCOrg -Name $OrgName).Id
$sddcId = (Get-VMCSDDC -Name $SDDCName -Org $OrgName).Id
if(-not $orgId) {
if(-not $orgId) {
Write-Host -ForegroundColor red "Unable to find Org $OrgName, please verify input"
break
}
if(-not $sddcId) {
if(-not $sddcId) {
Write-Host -ForegroundColor red "Unable to find SDDC $SDDCName, please verify input"
break
}
$firewallService = Get-VmcService com.vmware.vmc.orgs.sddcs.networks.edges.firewall.config.rules
Write-Host "Removing VMC Firewall Rule Id $RuleId ..."
$firewallService.delete($orgId,$sddcId,$EdgeId,$RuleId)
}
$firewallService = Get-VmcService com.vmware.vmc.orgs.sddcs.networks.edges.firewall.config.rules
Write-Host "Removing VMC Firewall Rule Id $RuleId ..."
$firewallService.delete($orgId,$sddcId,$EdgeId,$RuleId)
}
Function Get-VMCLogicalNetwork {
<#
.NOTES
@@ -727,9 +722,17 @@ Function Get-VMCLogicalNetwork {
break
}
$logicalNetworkService = Get-VmcService com.vmware.vmc.orgs.sddcs.networks.logical
# @LucD22 - 21/10/18 - Fix for issue #176 VMware.VMC module only lists firts 20 Logical networks
# Loop until entries (total_count) are returned
$logicalNetworks = ($logicalNetworkService.get_0($orgId, $sddcId)).data | Sort-Object -Property id
$index = [long]0
$logicalNetworks = do{
$netData = $logicalNetworkService.get_0($orgId,$sddcId,$pagesize,$index)
$netData.data | Sort-Object -Property id
$index = $index + $netdata.paging_info.page_size
}
until($index -ge $netData.paging_info.total_count)
if($LogicalNetworkName) {
$logicalNetworks = $logicalNetworks | Where-Object {$_.Name -eq $LogicalNetworkName}
@@ -751,7 +754,6 @@ Function Get-VMCLogicalNetwork {
}
$results
}
Function Remove-VMCLogicalNetwork {
<#
.NOTES
@@ -799,25 +801,24 @@ Function Remove-VMCLogicalNetwork {
$logicalNetworkService = Get-VmcService com.vmware.vmc.orgs.sddcs.networks.logical
$logicalNetworkService.delete($orgId,$sddcId,$lsId)
}
Function New-VMCLogicalNetwork {
<#
.NOTES
===========================================================================
Created by: Kyle Ruddy
Date: 03/06/2018
Organization: VMware
Blog: https://thatcouldbeaproblem.com
Twitter: @kmruddy
===========================================================================
<#
.NOTES
===========================================================================
Created by: Kyle Ruddy
Date: 03/06/2018
Organization: VMware
Blog: https://thatcouldbeaproblem.com
Twitter: @kmruddy
===========================================================================
.SYNOPSIS
Creates a new Logical Network
.DESCRIPTION
Creates a new Logical Network
.EXAMPLE
New-VMCLogicalNetwork -OrgName <Org Name> -SDDCName <SDDC Name> -LogicalNetworkName <LogicalNetwork Name> -SubnetMask <Subnet Mask Prefix> -Gateway <Gateway IP Address>
#>
.SYNOPSIS
Creates a new Logical Network
.DESCRIPTION
Creates a new Logical Network
.EXAMPLE
New-VMCLogicalNetwork -OrgName <Org Name> -SDDCName <SDDC Name> -LogicalNetworkName <LogicalNetwork Name> -SubnetMask <Subnet Mask Prefix> -Gateway <Gateway IP Address>
#>
[cmdletbinding(SupportsShouldProcess = $true,ConfirmImpact='High')]
param(
[Parameter(Mandatory=$true)][String]$SDDCName,
@@ -854,5 +855,454 @@ Function New-VMCLogicalNetwork {
$logicalNetworkService.create($orgId, $sddcId, $logicalNetworkSpec)
Get-VMCLogicalNetwork -OrgName $OrgName -SDDCName $SDDCName -LogicalNetworkName $LogicalNetworkName
}
Function Get-VMCSDDCSummary {
<#
.NOTES
===========================================================================
Created by: VMware
Date: 09/04/18
Organization: VMware
Blog: https://www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
Export-ModuleMember -Function 'Get-VMCCommand', 'Connect-VMCVIServer', 'Get-VMCOrg', 'Get-VMCSDDC', 'Get-VMCTask', 'Get-VMCSDDCDefaultCredential', 'Get-VMCSDDCPublicIP', 'Get-VMCVMHost', 'Get-VMCSDDCVersion', 'Get-VMCFirewallRule', 'Export-VMCFirewallRule', 'Import-VMCFirewallRule', 'Remove-VMCFirewallRule', 'Get-VMCLogicalNetwork', 'Remove-VMCLogicalNetwork', 'New-VMCLogicalNetwork'
.SYNOPSIS
Returns a number of useful informational data about a given SDDC within VMC Org
.DESCRIPTION
Returns Version, Create/Expiration Date, Deployment Type, Region, AZ, Instance Type, VPC CIDR & NSX-T
.EXAMPLE
Get-VMCSDDCSummary -Name <SDDC Name> -Org <Org Name>
#>
Param (
[Parameter(Mandatory=$True)]$OrgName,
[Parameter(Mandatory=$True)]$SDDCName
)
If (-Not $global:DefaultVMCServers) { Write-error "No VMC Connection found, please use the Connect-VMC to connect" } Else {
$orgId = (Get-VMCOrg -Name $Org).Id
$sddcId = (Get-VMCSDDC -Name $Name -Org $Org).Id
$sddcService = Get-VmcService "com.vmware.vmc.orgs.sddcs"
$sddc = $sddcService.get($orgId,$sddcId)
$results = [pscustomobject] @{
Version = $sddc.resource_config.sddc_manifest.vmc_version;
CreateDate = $sddc.created;
ExpirationDate = $sddc.expiration_date;
DeploymentType = $sddc.resource_config.deployment_type;
Region = $sddc.resource_config.region;
AvailabilityZone = $sddc.resource_config.availability_zones;
InstanceType = $sddc.resource_config.sddc_manifest.esx_ami.instance_type;
VpcCIDR = $sddc.resource_config.vpc_info.vpc_cidr;
NSXT = $sddc.resource_config.nsxt;
}
$results
}
}
Function Get-VMCPublicIP {
<#
.NOTES
===========================================================================
Created by: William Lam
Date: 09/12/2018
Organization: VMware
Blog: http://www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.SYNOPSIS
Retrieves all public IP Addresses for a given SDDC
.DESCRIPTION
This cmdlet retrieves all public IP Address for a given SDDC
.EXAMPLE
Get-VMCPublicIP -OrgName $OrgName -SDDCName $SDDCName
#>
Param (
[Parameter(Mandatory=$True)]$OrgName,
[Parameter(Mandatory=$True)]$SDDCName
)
If (-Not $global:DefaultVMCServers) { Write-error "No VMC Connection found, please use the Connect-VMC to connect" } Else {
$orgId = (Get-VMCOrg -Name $OrgName).Id
$sddcId = (Get-VMCSDDC -Name $SDDCName -Org $OrgName).Id
$publicIPService = Get-VmcService "com.vmware.vmc.orgs.sddcs.publicips"
$publicIPs = $publicIPService.list($orgId,$sddcId)
$publicIPs | select public_ip, name, allocation_id
}
}
Function New-VMCPublicIP {
<#
.NOTES
===========================================================================
Created by: William Lam
Date: 09/12/2018
Organization: VMware
Blog: http://www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.SYNOPSIS
Request a new public IP Address for a given SDDC
.DESCRIPTION
This cmdlet requests a new public IP Address for a given SDDC
.EXAMPLE
New-VMCPublicIP -OrgName $OrgName -SDDCName $SDDCName -Description "Test for Randy"
#>
Param (
[Parameter(Mandatory=$True)]$OrgName,
[Parameter(Mandatory=$True)]$SDDCName,
[Parameter(Mandatory=$False)]$Description
)
If (-Not $global:DefaultVMCServers) { Write-error "No VMC Connection found, please use the Connect-VMC to connect" } Else {
$orgId = (Get-VMCOrg -Name $OrgName).Id
$sddcId = (Get-VMCSDDC -Name $SDDCName -Org $OrgName).Id
$publicIPService = Get-VmcService "com.vmware.vmc.orgs.sddcs.publicips"
$publicIPSpec = $publicIPService.Help.create.spec.Create()
$publicIPSpec.count = 1
$publicIPSpec.names = @($Description)
Write-Host "Requesting a new public IP Address for your SDDC ..."
$results = $publicIPService.create($orgId,$sddcId,$publicIPSpec)
}
}
Function Remove-VMCPublicIP {
<#
.NOTES
===========================================================================
Created by: William Lam
Date: 09/12/2018
Organization: VMware
Blog: http://www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.SYNOPSIS
Removes a specific public IP Addresses for a given SDDC
.DESCRIPTION
This cmdlet removes a specific public IP Address for a given SDDC
.EXAMPLE
Remove-VMCPublicIP -OrgName $OrgName -SDDCName $SDDCName -AllocationId "eipalloc-0567acf34e436c01f"
#>
Param (
[Parameter(Mandatory=$True)]$OrgName,
[Parameter(Mandatory=$True)]$SDDCName,
[Parameter(Mandatory=$True)]$AllocationId
)
If (-Not $global:DefaultVMCServers) { Write-error "No VMC Connection found, please use the Connect-VMC to connect" } Else {
$orgId = (Get-VMCOrg -Name $OrgName).Id
$sddcId = (Get-VMCSDDC -Name $SDDCName -Org $OrgName).Id
$publicIPService = Get-VmcService "com.vmware.vmc.orgs.sddcs.publicips"
Write-Host "Deleting public IP Address with ID $AllocationId ..."
$results = $publicIPService.delete($orgId,$sddcId,$AllocationId)
}
}
Function Get-VMCEdge {
<#
.NOTES
===========================================================================
Created by: Luc Dekens
Date: 23/10/2018
Organization: Community
Blog: http://lucd.info
Twitter: @LucD22
===========================================================================
.SYNOPSIS
Returns all the VMC Edges
.DESCRIPTION
Returns all the VMC Edges
.EXAMPLE
Get-VMCEdge -OrgName $orgName -SddcName $SDDCName -EdgeType gatewayServices
#>
Param (
[Parameter(Mandatory=$True)]
[string]$OrgName,
[Parameter(Mandatory=$True)]
[string]$SDDCName,
[ValidateSet('gatewayServices','distributedRouter')]
[string]$EdgeType = ''
)
If (-Not $global:DefaultVMCServers) {
Write-error "No VMC Connection found, please use the Connect-VMC to connect"
}
Else {
$orgId = (Get-VMCOrg -Name $OrgName).Id
$sddcId = (Get-VMCSDDC -Name $SDDCName -Org $OrgName).Id
$edgeService = Get-VmcService -Name 'com.vmware.vmc.orgs.sddcs.networks.edges'
$index = [long]0
$edges = do{
$edgeData = $edgeService.get($orgId,$sddcId,$EdgeType,'',$index)
$edgeData.edge_page.data | Sort-Object -Property id
$index = $index + $edgeData.edge_page.paging_info.page_size
}
until($index -ge $edgeData.paging_info.total_count)
$edges | %{
[pscustomobject]@{
Name = $_.Name
Id = $_.id
Type = $_.edge_type
State = $_.state
Status = $_.edge_status
VNics = $_.number_of_connected_vnics
TenantId = $_.tenant_id
}
}
}
}
Function Get-VMCEdgeStatus {
<#
.NOTES
===========================================================================
Created by: Luc Dekens
Date: 23/10/2018
Organization: Community
Blog: http://lucd.info
Twitter: @LucD22
===========================================================================
.SYNOPSIS
Returns the status of the gateway
.DESCRIPTION
Retrieve the status of the specified management or compute gateway (NSX Edge).
.EXAMPLE
Get-VMCEdgeStatus -OrgName $orgName -SddcName $SDDCName -Edge $EdgeName
#>
Param (
[Parameter(Mandatory=$True)]
[string]$OrgName,
[Parameter(Mandatory=$True)]
[string]$SDDCName,
[Parameter(Mandatory=$True)]
[string]$EdgeName
)
If (-Not $global:DefaultVMCServers) {
Write-error "No VMC Connection found, please use the Connect-VMC to connect"
}
Else {
$orgId = (Get-VMCOrg -Name $OrgName).Id
$sddcId = (Get-VMCSDDC -Name $SDDCName -Org $OrgName).Id
$edgeId = Get-VMCEdge -SDDCName $SDDCName -Org $OrgName | where{$_.Name -eq $EdgeName} | select -ExpandProperty Id
$statusService = Get-VmcService -Name 'com.vmware.vmc.orgs.sddcs.networks.edges.status'
$status = $statusService.get($orgId,$sddcId,$edgeId)
$vmStatus = $status.edge_vm_status | %{
[pscustomobject]@{
Name = $_.name
State = $_.edge_VM_status
HAState = $_.ha_state
Index = $_.index
}
}
$featureStatus = $status.feature_statuses | %{
[pscustomobject]@{
Service = $_.service
Status = $_.status
}
}
[pscustomobject]@{
Time = [timezone]::CurrentTimeZone.ToLocalTime(([datetime]'1/1/1970').AddSeconds($status.timestamp/1000))
Status = $status.edge_status
PublishStatus = $status.publish_status
SystemStatus = $_.system_status
NicInUse = $status.ha_vnic_in_use
}
}
}
Function Get-VMCEdgeNic {
<#
.NOTES
===========================================================================
Created by: Luc Dekens
Date: 23/10/2018
Organization: Community
Blog: http://lucd.info
Twitter: @LucD22
===========================================================================
.SYNOPSIS
Returns all interfaces for the gateway
.DESCRIPTION
Retrieve all interfaces for the specified management or compute gateway (NSX Edge).
.EXAMPLE
Get-VMCEdgeNic -OrgName $orgName -SddcName $SDDCName -Edge $EdgeName
#>
Param (
[Parameter(Mandatory=$True)]
[string]$OrgName,
[Parameter(Mandatory=$True)]
[string]$SDDCName,
[Parameter(Mandatory=$True)]
[string]$EdgeName
)
If (-Not $global:DefaultVMCServers) {
Write-error "No VMC Connection found, please use the Connect-VMC to connect"
}
Else {
$orgId = (Get-VMCOrg -Name $OrgName).Id
$sddcId = (Get-VMCSDDC -Name $SDDCName -Org $OrgName).Id
$edgeId = Get-VMCEdge -SDDCName $SDDCName -Org $OrgName | where{$_.Name -eq $EdgeName} | select -ExpandProperty Id
$vnicService = Get-VmcService -Name 'com.vmware.vmc.orgs.sddcs.networks.edges.vnics'
$vnicService.get($orgId,$sddcId,$edgeId) | select -ExpandProperty vnics | %{
[pscustomobject]@{
Label = $_.label
Name = $_.Name
Type = $_.type
Index = $_.index
IsConnected = $_.is_connected
Portgroup = $_.portgroup_name
}
}
}
}
Function Get-VMCEdgeNicStat {
<#
.NOTES
===========================================================================
Created by: Luc Dekens
Date: 23/10/2018
Organization: Community
Blog: http://lucd.info
Twitter: @LucD22
===========================================================================
.SYNOPSIS
Returns statistics for the gateway interfaces
.DESCRIPTION
Retrieve interface statistics for a management or compute gateway (NSX Edge).
.EXAMPLE
Get-VMCEdgeNicStat -OrgName $orgName -SddcName $SDDCName -Edge $EdgeName
#>
[CmdletBinding(DefaultParameterSetName='Default')]
Param (
[Parameter(Mandatory=$True)]
[string]$OrgName,
[Parameter(Mandatory=$True)]
[string]$SDDCName,
[Parameter(Mandatory=$True)]
[string]$EdgeName
# [DateTime]$Start,
# [DateTime]$Finish
)
If (-Not $global:DefaultVMCServers) {
Write-error "No VMC Connection found, please use the Connect-VMC to connect"
}
Else {
$orgId = (Get-VMCOrg -Name $OrgName).Id
$sddcId = (Get-VMCSDDC -Name $SDDCName -Org $OrgName).Id
$edgeId = Get-VMCEdge -SDDCName $SDDCName -Org $OrgName | where{$_.Name -eq $EdgeName} | select -ExpandProperty Id
# $epoch = Get-Date 01/01/1970
#
# if($start){
# $startEpoch = (New-TimeSpan -Start $epoch -End $Start.ToUniversalTime()).TotalMilliseconds
# }
# if($Finish){
# $finishEpoch = (New-TimeSpan -Start $epoch -End $Finish.ToUniversalTime()).TotalMilliseconds
# }
$vnicStatService = Get-VmcService -Name 'com.vmware.vmc.orgs.sddcs.networks.edges.statistics.interfaces'
# $stats = $vnicStatService.get($orgId,$sddcId,$edgeId,[long]$startEpoch,[long]$finishEpoch)
$stats = $vnicStatService.get($orgId,$sddcId,$edgeId)
$stats.data_dto | Get-Member -MemberType NoteProperty | where{$_.Name -ne 'Help'} | %{$_.Name} | %{
$stats.data_dto."$_" | %{
[pscustomobject]@{
vNIC = $_.vnic
Timestamp = [timezone]::CurrentTimeZone.ToLocalTime(([datetime]'1/1/1970').AddSeconds($_.timestamp))
In = $_.in
Out = $_.out
Unit = 'Kbps'
Interval = $stats.meta_dto.interval
}
}
}
}
}
Function Get-VMCEdgeUplinkStat {
<#
.NOTES
===========================================================================
Created by: Luc Dekens
Date: 23/10/2018
Organization: Community
Blog: http://lucd.info
Twitter: @LucD22
===========================================================================
.SYNOPSIS
Returns statistics for the uplink interfaces
.DESCRIPTION
Retrieve uplink interface statistics for a management or compute gateway (NSX Edge).
.EXAMPLE
Get-VMCEdgeUplinkStat -OrgName $orgName -SddcName $SDDCName -Edge $EdgeName
#>
Param (
[Parameter(Mandatory=$True)]
[string]$OrgName,
[Parameter(Mandatory=$True)]
[string]$SDDCName,
[Parameter(Mandatory=$True)]
[string]$EdgeName
# [DateTime]$Start,
# [DateTime]$Finish
)
If (-Not $global:DefaultVMCServers) {
Write-error "No VMC Connection found, please use the Connect-VMC to connect"
}
Else {
$orgId = (Get-VMCOrg -Name $OrgName).Id
$sddcId = (Get-VMCSDDC -Name $SDDCName -Org $OrgName).Id
$edgeId = Get-VMCEdge -SDDCName $SDDCName -Org $OrgName | where{$_.Name -eq $EdgeName} | select -ExpandProperty Id
# $epoch = Get-Date 01/01/1970
#
# if($start){
# $startEpoch = (New-TimeSpan -Start $epoch -End $Start.ToUniversalTime()).TotalMilliseconds
# }
# if($Finish){
# $finishEpoch = (New-TimeSpan -Start $epoch -End $Finish.ToUniversalTime()).TotalMilliseconds
# }
$uplinkStatService = Get-VmcService -Name 'com.vmware.vmc.orgs.sddcs.networks.edges.statistics.interfaces.uplink'
# $stats = $uplinkStatService.get($orgId,$sddcId,$edgeId,[long]$startEpoch,[long]$finishEpoch)
$stats = $uplinkStatService.get($orgId,$sddcId,$edgeId)
$stats.data_dto | Get-Member -MemberType NoteProperty | where{$_.Name -ne 'Help'} | %{$_.Name} | %{
if($stats.data_dto."$_".Count -ne 0){
$stats.data_dto."$_" | %{
[pscustomobject]@{
vNIC = $_.vnic
Timestamp = [timezone]::CurrentTimeZone.ToLocalTime(([datetime]'1/1/1970').AddSeconds($_.timestamp))
In = $_.in
Out = $_.out
Unit = 'Kbps'
Interval = $stats.meta_dto.interval
}
}
}
}
}
}
Export-ModuleMember -Function 'Get-VMCCommand', 'Connect-VMCVIServer', 'Get-VMCOrg', 'Get-VMCSDDC',
'Get-VMCTask', 'Get-VMCSDDCDefaultCredential', 'Get-VMCSDDCPublicIP', 'Get-VMCVMHost',
'Get-VMCSDDCVersion', 'Get-VMCFirewallRule', 'Export-VMCFirewallRule', 'Import-VMCFirewallRule',
'Remove-VMCFirewallRule', 'Get-VMCLogicalNetwork', 'Remove-VMCLogicalNetwork', 'New-VMCLogicalNetwork',
'Get-VMCSDDCSummary', 'Get-VMCPublicIP', 'New-VMCPublicIP', 'Remove-VMCPublicIP',
'Get-VMCEdge', 'Get-VMCEdgeNic', 'Get-VMCEdgeStatus', 'Get-VMCEdgeNicStat', 'Get-VMCEdgeUplinkStat'

4
Modules/VMware.VMEncryption/VMware.VMEncryption.psd1
View File

@@ -12,7 +12,7 @@
# RootModule = ''
# Version number of this module.
ModuleVersion = '1.1'
ModuleVersion = '1.2'
# ID used to uniquely identify this module
GUID = 'f9592e48-6cd3-494e-891b-ee10ee9f7018'
@@ -49,7 +49,7 @@ Copyright = 'Copyright (c) 2016 VMware, Inc. All rights reserved.'
# Modules that must be imported into the global environment prior to importing this module
RequiredModules = @(
@{"ModuleName"="VMware.VimAutomation.Core";"ModuleVersion"="10.1.0.8346946"}
@{"ModuleName"="VMware.VimAutomation.Core";"ModuleVersion"="10.1.0.8344055"}
)
# Assemblies that must be loaded prior to importing this module

345
Modules/VMware.VMEncryption/VMware.VMEncryption.psm1
View File

@@ -1,5 +1,5 @@
# Script Module : VMware.VMEncryption
# Version : 1.1
# Version : 1.2
# Copyright © 2016 VMware, Inc. All Rights Reserved.
@@ -1844,6 +1844,304 @@ Function Set-VMCryptoUnlock {
}
}
Function Add-Vtpm {
<#
.SYNOPSIS
This cmdlet adds a Virtual TPM to the specified VM.
.DESCRIPTION
This cmdlet adds a Virtual TPM to the specified VM.
.PARAMETER VM
Specifies the VM you want to add Virtual TPM to.
.EXAMPLE
C:\PS>$vm1 = Get-VM -Name win2016
C:\PS>Add-Vtpm $vm1
Encrypts $vm1's VM home and adds Virtual TPM
.NOTES
If VM home is already encrypted, the cmdlet will add a Virtual TPM to the VM.
If VM home is not encrypted, VM home will be encrypted and Virtual TPM will be added.
.NOTES
Author : Chong Yeo.
Author email : cyeo@vmware.com
#>
[CmdLetBinding()]
param (
[Parameter(Mandatory=$True,ValueFromPipeline=$True,ValueFromPipelinebyPropertyName=$True)]
[VMware.VimAutomation.ViCore.Types.V1.Inventory.VirtualMachine] $VM
)
Begin {
# Confirm the connected VIServer is vCenter Server
ConfirmIsVCenter
}
Process {
$deviceChange = New-Object VMware.Vim.VirtualDeviceConfigSpec
$deviceChange.operation = "add"
$deviceChange.device = new-object VMware.Vim.VirtualTPM
$VMCfgSpec = New-Object VMware.Vim.VirtualMachineConfigSpec
$VMCfgSpec.DeviceChange = $deviceChange
return $VM.ExtensionData.ReconfigVM_task($VMCfgSpec)
}
}
Function Remove-Vtpm {
<#
.SYNOPSIS
This cmdlet removes a Virtual TPM from the specified VM.
.DESCRIPTION
This cmdlet removes a Virtual TPM from the specified VM.
.PARAMETER VM
Specifies the VM you want to remove Virtual TPM from.
.EXAMPLE
C:\PS>$vm1 = Get-VM -Name win2016
C:\PS>Remove-Vtpm $vm1
.EXAMPLE
C:\PS>Get-VM -Name win2016 |Remove-Vtpm
Remove Virtual TPM from VM named win2016
.NOTES
Removing VirtualTPM will render all encrypted data on this VM unrecoverable.
VM home encryption state will be returned to the original state before Virtual TPM is added
.NOTES
Author : Chong Yeo.
Author email : cyeo@vmware.com
#>
[CmdLetBinding(SupportsShouldProcess=$true, ConfirmImpact = "High")]
param (
[Parameter(Mandatory=$True,ValueFromPipeline=$True,ValueFromPipelinebyPropertyName=$True)]
[VMware.VimAutomation.ViCore.Types.V1.Inventory.VirtualMachine] $VM
)
Begin {
# Confirm the connected VIServer is vCenter Server
ConfirmIsVCenter
}
Process {
$message = "Removing Virtual TPM will render all encrypted data on this VM unrecoverable"
if ($PSCmdlet.ShouldProcess($message, $message + "`n Do you want to proceed", "WARNING")) {
$deviceChange = New-Object VMware.Vim.VirtualDeviceConfigSpec
$deviceChange.operation = "remove"
$deviceChange.device = $vtpm
$VMCfgSpec = New-Object VMware.Vim.VirtualMachineConfigSpec
$VMCfgSpec.DeviceChange = $deviceChange
return $VM.ExtensionData.ReconfigVM_task($VMCfgSpec)
}
}
}
Function Get-VtpmCsr {
<#
.SYNOPSIS
This cmdlet gets certficate signing requests(CSR) from Virtual TPM.
.DESCRIPTION
This cmdlet gets certficate signing requests(CSR) from Virtual TPM.
The CSR is a ComObject X509enrollment.CX509CertificateRequestPkcs10
.PARAMETER VM
Specifies the VM you want to get the CSRs Virtual TPM from.
.PARAMETER KeyType [RSA | ECC]
Specify that only get CSR with public key RSA algorithm.
If none is specified, both CSR will get returned
.EXAMPLE
C:\PS>$vm1 = Get-VM -Name win2016
C:\PS>Get-VtpmCsr $vm1 -KeyType RSA
.NOTES
Both RSA and ECC CSRs objects will be returned. If ECC or RSA is specified,
only the corresponding object will be returned
.NOTES
Author : Chong Yeo.
Author email : cyeo@vmware.com
#>
[CmdLetBinding()]
param (
[Parameter(Mandatory=$True,ValueFromPipeline=$True,ValueFromPipelinebyPropertyName=$True)]
[VMware.VimAutomation.ViCore.Types.V1.Inventory.VirtualMachine] $VM,
[Parameter(Mandatory=$False)]
[String]$KeyType
)
Begin {
# Confirm the connected VIServer is vCenter Server
ConfirmIsVCenter
}
process {
# Get vTPM from VM
$vtpm = $VM.ExtensionData.Config.Hardware.Device |Where {$_ -is [VMware.Vim.VirtualTPM]}
# Check if vTPM is already present
if (!$vtpm) {
Write-Error "$VM does not contains a Virtual TPM"
return
}
$CSRs = @()
foreach ($csrArray in $vtpm.EndorsementKeyCertificateSigningRequest) {
$csrString = [System.Convert]::ToBase64String($csrArray)
$csr = New-Object -ComObject X509enrollment.CX509CertificateRequestPkcs10
#decode a base64 string into a CSR object
$csr.InitializeDecode($csrString,6)
if ($keyType) {
if ($csr.PublicKey.Algorithm.FriendlyName -eq $KeyType){
return $csr
}
} else {
$CSRs += $csr
}
}
return $CSRs
}
}
Function Set-VtpmCert{
<#
.SYNOPSIS
This cmdlet replaces certificates of Virtual TPM in the specified VM.
.DESCRIPTION
This cmdlet replaces certificates to Virtual TPM in the specified VM.
.PARAMETER VM
Specifies the VM with Virtual TPM where you want to replace the certificates to.
.PARAMETER Cert
Specifies the certificate object (System.Security.Cryptography.X509Certificates.X509Certificate)
.EXAMPLE
C:\PS>$vm1 = Get-VM -Name win2016
C:\PS>Set-VtpmCert $vm1 $certObj
.EXAMPLE
C:\PS>Get-VM -Name win2016 | Set-VtpmCert $certObj
Replace the appropriate certificate specified
.NOTES
Only RSA or ECC certs will be overwritten
.NOTES
Author : Chong Yeo.
Author email : cyeo@vmware.com
#>
[CmdLetBinding()]
param (
[Parameter(Mandatory=$True,ValueFromPipeline=$True,ValueFromPipelinebyPropertyName=$True)]
[VMware.VimAutomation.ViCore.Types.V1.Inventory.VirtualMachine]$VM,
[Parameter(Mandatory=$True)]
[System.Security.Cryptography.X509Certificates.X509Certificate] $Cert
)
Begin {
# Confirm the connected VIServer is vCenter Server
ConfirmIsVCenter
}
process {
# Get vTPM from VM
$vtpm = $VM.ExtensionData.Config.Hardware.Device |Where {$_ -is [VMware.Vim.VirtualTPM]}
#check if vTPM is already present
if (!$vtpm) {
Write-Error "$VM does not contains a Virtual TPM"
return
}
$certOid = New-Object System.Security.Cryptography.Oid($Cert.GetKeyAlgorithm())
# Check which certificate to overwrite
$certLocation = GetKeyIndex $vtpm.EndorsementKeyCertificate $certOid.FriendlyName
if ($certLocation -eq -1) {
Write-Error "No Certificate with Matching Algorithm $($certOid.FriendlyName) found"
return
}
$vtpm.EndorsementKeyCertificate[$certLocation] = $cert.GetRawCertData()
$deviceChange = New-Object VMware.Vim.VirtualDeviceConfigSpec
$deviceChange.Operation = "edit"
$deviceChange.Device = $vtpm
$VMCfgSpec = New-Object VMware.Vim.VirtualMachineConfigSpec
$VMCfgSpec.DeviceChange = $deviceChange
return $VM.ExtensionData.ReconfigVM_task($VMCfgSpec)
}
}
Function Get-VtpmCert{
<#
.SYNOPSIS
This cmdlet gets certificates of Virtual TPM in the specified VM.
.DESCRIPTION
This cmdlet gets certificates of Virtual TPM in the specified VM.
.PARAMETER VM
Specifies the VM with Virtual TPM where you want to get the certificate from
.EXAMPLE
C:\PS>$vm1 = Get-VM -Name win2016
C:\PS>$certs = Get-VtpmCert $vm1
.NOTES
An array of certificate object (System.Security.Cryptography.X509Certificates.X509Certificate)
will be returned
.NOTES
Author : Chong Yeo.
Author email : cyeo@vmware.com
#>
[CmdLetBinding()]
param (
[Parameter(Mandatory=$True,ValueFromPipeline=$True,ValueFromPipelinebyPropertyName=$True)]
[VMware.VimAutomation.ViCore.Types.V1.Inventory.VirtualMachine] $VM
)
Begin {
# Confirm the connected VIServer is vCenter Server
ConfirmIsVCenter
}
Process {
# Get vTPM from VM
$vtpm = $VM.ExtensionData.Config.Hardware.Device |Where {$_ -is [VMware.Vim.VirtualTPM]}
# check if vTPM is already present
if (!$vtpm) {
Write-Error "$VM does not contain a Virtual TPM"
return
}
$certs = @()
$vtpm.EndorsementKeyCertificate|foreach {
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate
$cert.Import($_)
$certs += $cert
}
return $certs
}
}
Function ConfirmIsVCenter{
<#
.SYNOPSIS
@@ -2038,4 +2336,49 @@ Function GetCryptoManager {
}
}
Function GetKeyIndex{
<#
.SYNOPSIS
This cmdlet returns the index to the key with a matching algorithm as the KeyType parameter
.DESCRIPTION
This cmdlet returns the index to the key with a matching algorithm as the KeyType parameter
.PARAMETER Certs
Specifies the list of certificats. Expected format is byte[][]
.PARAMETER KeyType
Specifies the keytype to search for
.EXAMPLE
C:\PS>$keyIndex = GetKeyIndex $Certs RSA
C:\PS>$keyIndex = GetKeyIndex $Certs ECC
.NOTES
Author : Chong Yeo.
Author email : cyeo@vmware.com
#>
[CmdLetBinding()]
param (
[Parameter(Mandatory=$True)]
[byte[][]] $Certs,
[Parameter(Mandatory=$True)]
[String] $KeyType
)
process {
for ($i=0;$i -lt $Certs.Length; $i++) {
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate
$cert.Import($Certs.Get($i))
$certType = New-Object System.Security.Cryptography.Oid($cert.GetKeyAlgorithm())
if ( $certType.FriendlyName -eq $keyType) {
return $i
}
}
return -1
}
}
Export-ModuleMember *-*

82
Modules/Validate-ESXiPackages/Validate-ESXiPackages.psm1 Normal file
View File

@@ -0,0 +1,82 @@
function Validate-ESXiPackages {
<#
.DESCRIPTION
Compares all ESXi Host VIBs within a vSphere with a reference Hosts.
.NOTES
File Name : Validate-ESXiPackages.ps1
Author : Markus Kraus
Version : 1.0
State : Ready
Tested Against Environment:
vSphere Version: 6.0 U2, 6.5 U1
PowerCLI Version: PowerCLI 10.0.0 build 7895300
PowerShell Version: 4.0
OS Version: Windows Server 2012 R2
.LINK
https://mycloudrevolution.com/
.EXAMPLE
Validate-ESXiPackages -Cluster (Get-Cluster) -RefernceHost (Get-VMHost | Select-Object -First 1)
.PARAMETER Cluster
vSphere Cluster to verify
.PARAMETER RefernceHost
The VIB Reference ESXi Host
#>
[CmdletBinding()]
param(
[Parameter(Mandatory=$True, ValueFromPipeline=$True, HelpMessage="vSphere Cluster to verify")]
[ValidateNotNullorEmpty()]
[VMware.VimAutomation.ViCore.Impl.V1.Inventory.ComputeResourceImpl] $Cluster,
[Parameter(Mandatory=$True, ValueFromPipeline=$false, HelpMessage="The VIB Reference ESXi Host")]
[ValidateNotNullorEmpty()]
[VMware.VimAutomation.ViCore.Impl.V1.Inventory.InventoryItemImpl] $RefernceHost
)
Process {
#region: Get reference VIBs
$EsxCli2 = Get-ESXCLI -VMHost $RefernceHost -V2
$RefernceVibList = $esxcli2.software.vib.list.invoke()
#endregion
#region: Compare reference VIBs
$MyView = @()
foreach ($VmHost in ($Cluster | Get-VMHost)) {
$EsxCli2 = Get-ESXCLI -VMHost $VmHost -V2
$VibList = $esxcli2.software.vib.list.invoke()
[Array]$VibDiff = Compare-Object -ReferenceObject $RefernceVibList.ID -DifferenceObject $VibList.ID
if($VibDiff.Count -gt 0) {
$VibDiffSideIndicator = @()
foreach ($Item in $VibDiff) {
$VibDiffSideIndicator += $($Item.SideIndicator + " " + $Item.InputObject)
}
}
else {
$VibDiffSideIndicator = $null
}
$Report = [PSCustomObject] @{
Host = $VmHost.Name
Version = $VmHost.Version
Build = $VmHost.Build
VibDiffCount = $VibDiff.Count
VibDiff = $VibDiff.InputObject
VibDiffSideIndicator = $VibDiffSideIndicator
}
$MyView += $Report
}
#region: Compare reference VIBs
$MyView
}
}

104
Scripts/ReadVMSnapshotConfig.ps1 Normal file
View File

@@ -0,0 +1,104 @@
function Get-VMSnapshotConfigContent {
<#
.SYNOPSIS
Reads <vm name>.vmsd file content
.DESCRIPTION
Build the vmsd file http URI following https://code.vmware.com/apis/358/vsphere#/doc/vim.FileManager.html
and reads its content with the session established by Connect-VIServer
.INPUTS
VirtualMachine
.OUTPUTS
String - the content of the vmsd file
.NOTES
Author: Dimitar Milov
Version: 1.0
.EXAMPLE
Get-VM <MyVM> | Get-VMSnapshotConfigContent
#>
[CmdletBinding()]
param(
[Parameter(Mandatory=$true, ValueFromPipeline=$true)]
[ValidateNotNull()]
[VMware.VimAutomation.Types.VirtualMachine]
$VM
)
PROCESS {
# Create web client from current session
$sessionKey = $vm.GetClient().ConnectivityService.CurrentUserSession.SoapSessionKey
$certValidationHandler = $vm.GetClient().ConnectivityService.GetValidationHandlerForCurrentServer()
$webClient = [vmware.vimautomation.common.util10.httpclientUtil]::CreateHttpClientWithSessionReuse($certValidationHandler, $sessionKey, $null)
# Build VMSD file http URI
# https://code.vmware.com/apis/358/vsphere#/doc/vim.FileManager.html
$vmName = $vm.Name
$datastoreName = ($vm | Get-Datastore).Name
$dcName = ($vm | Get-Datacenter).Name
$serverAddress = $vm.GetClient().ConnectivityService.ServerAddress
$vmsdUri = [uri]"https://$serverAddress/folder/$vmName/$vmName.vmsd?dcPath=$dcName&dsName=$datastoreName"
# Get VMSD content as string
$task = $webClient.GetAsync($vmsdUri)
$task.Wait()
$vmsdContent = $task.Result.Content.ReadAsStringAsync().Result
# Dispose web client
$webClient.Dispose()
# Result
$vmsdContent
}
}
function Get-VMSnapshotConfigSetting {
<#
.SYNOPSIS
Gets the value of a specified key from the snapshot config file content
.DESCRIPTION
Reads the VM's snapshot config file and searches for specified key.
If key is found its value is returned as an output
.INPUTS
VirtualMachine and key
.OUTPUTS
String - config value for the specified key
.NOTES
Author: Dimitar Milov
Version: 1.0
.EXAMPLE
Get-VM <MyVM> | Get-VMSnapshotConfigSetting -Key "numSentinels"
#>
[CmdletBinding()]
param(
[Parameter(Mandatory=$true, ValueFromPipeline=$true)]
[ValidateNotNull()]
[VMware.VimAutomation.Types.VirtualMachine]
$VM,
[Parameter(Mandatory=$true)]
[ValidateNotNull()]
[string]
$Key
)
PROCESS {
$content = Get-VMSnapshotConfigContent -vm $vm
$keyMatch = $content | Select-String ('{0} = "(?<value>.*)"' -f $key)
if ($keyMatch.Matches -ne $null) {
$keyMatch.Matches[0].Groups["value"].Value
}
}
}

84
Scripts/Set-CustomAttributesInGuestinfo.ps1 Normal file
View File

@@ -0,0 +1,84 @@
<#
.NOTES
Script name: Set-CustomAttributesInGuestinfo.ps1
Created on: 10/04/2018
Author: Doug Taliaferro, @virtually_doug
Description: Gets Custom Attributes assigned to a VM and makes them available to the guest OS.
Dependencies: None known
===Tested Against Environment====
vSphere Version: 6.5
PowerCLI Version: 10.0.0.7893909
PowerShell Version: 5.1.14409.1005
OS Version: Windows 7, 10
Keyword: VM, Attributes, Guestinfo
.SYNOPSIS
Gets Custom Attributes assigned to a VM and makes them available to the guest OS.
.DESCRIPTION
Gets the custom attributes assigned to one or more VMs and sets their values in the
VM's 'guestinfo' advanced settings. This makes the attributes available within the
guest OS using VM tools (vmtoolsd.exe) and allows the attributes to be used as metadata
for applications or management agents that run inside the guest. If the attribute name
contains spaces they are removed in naming the advanced setting.
For example, if a VM has a custom attribute named 'Created On', the advanced setting
becomes:
'guestinfo.CreatedOn' = '08/08/2018 14:24:17'
This can be retrieved in the guest OS by running:
vmtoolsd.exe --cmd "info-get guestinfo.CreatedOn"
.PARAMETER VMs
One or more VMs returned from the Get-VM cmdlet.
.PARAMETER Attributes
The names of the Custom Attributes to get. If the names contain spaces they must be
enclosed in quotes. The spaces will be removed to name the advanced setting.
.PARAMETER vCenter
The vCenter server to connect to. Optional if you are already connected.
.EXAMPLE
.\Set-CustomAttributesInGuestInfo.ps1 -VM (get-vm testvm01) -Attributes 'Created On', 'Created By'
Gets the custom attributes 'Created On' and 'Created By' for 'testvm01' and sets their
values in 'guestinfo.CreatedOn' and 'guestinfo.CreatedBy'.
.EXAMPLE
.\Set-CustomAttributesInGuestInfo.ps1-VM (get-cluster Dev-01 | get-vm) -Attributes 'Created On'
Gets the custom attribute 'Created On' for all VMs in the Dev-01 cluster and sets 'guestinfo.CreatedOn'
on each VM.
#>
#Requires -modules VMware.VimAutomation.Core
[CmdletBinding()]
param (
[Parameter(Mandatory=$true,Position=0)]
$VMs,
[Parameter(Mandatory=$true,Position=1)]
[string[]]$Attributes,
[string]$vCenter
)
if ($vCenter) {
Connect-VIServer $vCenter
}
ForEach ($vm in $VMs) {
ForEach ($attributeName in $Attributes) {
# Get the custom attribute with a matcing key name
$customField = $vm.CustomFields | Where-Object Key -eq $attributeName
if ($customField) {
# Remove white space from the attribute name because the advanced
# setting name cannot contain spaces
$attributeNameNoSpaces = $customField.Key -replace '\s',''
$guestinfoName = "guestinfo.$attributeNameNoSpaces"
$guestinfoValue = $customField.Value
Write-Host "$($vm): setting '$guestinfoName' = '$guestinfoValue'"
New-AdvancedSetting -Entity $vm -Name $guestinfoName -Value $guestinfoValue -Confirm:$false -Force | Out-Null
} else {
Write-Host "$($vm): custom attribute '$attributeName' not set on this VM"
}
}
}

98
Scripts/Set-TagsInGuestinfo.ps1 Normal file
View File

@@ -0,0 +1,98 @@
<#
.NOTES
Script name: Set-TagsInGuestinfo.ps1
Created on: 10/02/2018
Author: Doug Taliaferro, @virtually_doug
Description: Gets the vSphere Tags assigned to a VM and makes them available to the guest OS.
Dependencies: None known
===Tested Against Environment====
vSphere Version: 6.5
PowerCLI Version: 10.0.0.7893909
PowerShell Version: 5.1.14409.1005
OS Version: Windows 7, 10
Keyword: VM, Tags, Guestinfo
.SYNOPSIS
Gets the vSphere Tags assigned to a VM and makes them available to the guest OS.
.DESCRIPTION
Gets the tags assigned to one or more VMs from one or more categories and sets the tag values
in the VM's 'guestinfo' advanced settings. This makes the tags available within the guest OS
using VM tools (vmtoolsd.exe) and allows the tags to be used as metadata for applications or
management agents that run inside the guest.
For example, if a VM has a tag named 'Accounting' from the
category 'Departments', the advanced setting becomes:
guestinfo.Departments = Accounting
This can be retrieved in the guest OS by running:
vmtoolsd.exe --cmd "info-get guestinfo.Departments"
If multiple tags are assigned from the same category, they are joined using the specified
delimter (a semicolon by default):
guestinfo.Departments = Accounting;Sales
.PARAMETER VMs
One or more VMs returned from the Get-VM cmdlet.
.PARAMETER Categories
The names of tag categories that should be set in the advanced settings.
.PARAMETER Delimiter
The delimiting character used for multiple tags of the same category. Defaults to a
semicolon.
.PARAMETER vCenter
The vCenter server to connect to. Optional if you are already connected.
.EXAMPLE
.\Set-TagsInGuestInfo.ps1 -VM (get-vm testvm01) -Categories Departments, Environment
Gets tags assigned to 'testvm01' in the Departments and Environment categories and
sets their values in 'guestinfo.Departments' and 'guestinfo.Environment'.
.EXAMPLE
.\Set-TagsInGuestInfo.ps1 -VM (get-cluster Dev-01 | get-vm) -Categories Departments
Gets tags assigned to all VMs in the Dev-01 cluster and sets 'guestinfo.Departments'
on each VM.
#>
#Requires -modules VMware.VimAutomation.Core
[CmdletBinding()]
param (
[Parameter(Mandatory=$true,Position=0)]
$VMs,
[Parameter(Mandatory=$true,Position=1)]
[string[]]$Categories,
[string]$Delimiter = ';',
[string]$vCenter
)
if ($vCenter) {
Connect-VIServer $vCenter
}
ForEach ($categoryName in $Categories) {
$category = Get-TagCategory -Name $categoryName
if ($category) {
$guestinfoName = "guestinfo.$category"
# Get Tag assignments for the VMs
$tags = Get-TagAssignment -Entity $VMs -Category $category
# Group the tags by VM (in this case the Entity property of Group-Object)
$groups = $tags | Group-Object -Property Entity
# Get each VM and set the guestinfo
ForEach ($item in $groups) {
$vm = get-vm $item.Name
# Multiple tags of the same category are joined
$guestinfoValue = $item.Group.Tag.Name -join $Delimiter
Write-Host "$($vm): setting '$guestinfoName' = '$guestinfoValue'"
New-AdvancedSetting -Entity $vm -Name $guestinfoName -Value $guestinfoValue -Confirm:$false -Force | Out-Null
}
} else {
Write-Host "Category '$categoryName' was not found."
}
}

0
Scripts/VMC Example Script.ps1 → Scripts/VMware_Cloud_on_AWS/VMC Example Script.ps1
View File

66
Scripts/VMware_Cloud_on_AWS/VMWonAWS_1nodeDeployment.ps1 Normal file
View File

@@ -0,0 +1,66 @@
# Author: Kyle Ruddy
# Product: VMware Cloud on AWS
# Description: VMware Cloud on AWS Single Host Deployment Script using PowerCLI
# Requirements:
# - PowerShell 3.x or newer
# - PowerCLI 6.5.4 or newer
# Set details for SDDC
$oauthToken = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"
$sddcName = "PowerCLI-1Host-SDDC"
$hostCount = "1"
$awsRegion = "US_WEST_2"
$useAwsAccount = $false
# --- Deployment code ---
# Connect to VMware Cloud Service
Connect-Vmc -RefreshToken $oauthToken | Out-Null
# Get ORG ID
$orgSvc = Get-VmcService -Name com.vmware.vmc.orgs
$org = $orgSvc.List()
Write-Output -InputObject "Org: $($org.display_name) ID: $($org.id)"
# Check to use the already existing AWS account connection
if ($useAwsAccount -eq $true) {
# Get Linked Account ID
$connAcctSvc = Get-VmcService -Name com.vmware.vmc.orgs.account_link.connected_accounts
$connAcctId = $connAcctSvc.get($org.id) | Select-Object -ExpandProperty id
Write-Output -InputObject "Account ID: $connAcctId"
# Get Subnet ID
$compSubnetSvc = Get-VmcService -Name com.vmware.vmc.orgs.account_link.compatible_subnets
$vpcMap = $compSubnetSvc.Get($org.id, $connAcctId, $region) | Select-Object -ExpandProperty vpc_map
$compSubnets = $vpcMap | Select-Object -ExpandProperty Values | Select-Object -ExpandProperty subnets
$compSubnet = $compSubnets | where {$_.name -ne $null} | Select-Object -first 1
Write-Output -InputObject "Subnet CIDR $($compSubnet.subnet_cidr_block) ID: $($compSubnet.subnet_id)"
}
elseif ($useAwsAccount -eq $false) {
Write-Output -InputObject "AWS Account Not Configured - you must connect to an AWS account within 14 days of creating this SDDC"
}
# Deploy the SDDC
$sddcSvc = Get-VmcService com.vmware.vmc.orgs.sddcs
$sddcCreateSpec = $sddcSvc.Help.create.sddc_config.Create()
$sddcCreateSpec.region = $awsRegion
$sddcCreateSpec.Name = $sddcName
$sddcCreateSpec.num_hosts = $hostCount
if ($org.properties.values.sddcTypes) {$sddcCreateSpec.sddc_type = "1NODE"}
$sddcCreateSpec.Provider = "AWS"
if ($useAwsAccount -eq $true) {
$accountLinkSpec = $sddcSvc.Help.create.sddc_config.account_link_sddc_config.Element.Create()
$accountLinkSpec.connected_account_id = $connAcctId
$custSubId0 = $sddcSvc.Help.create.sddc_config.account_link_sddc_config.Element.customer_subnet_ids.Element.Create()
$custSubId0 = $compSubnet.subnet_id
$accountLinkSpec.customer_subnet_ids.Add($custSubId0) | Out-Null
$sddcCreateSpec.account_link_sddc_config.Add($accountLinkSpec) | Out-Null
}
elseif ($useAwsAccount -eq $false) {
$accountLinkDelaySpec = $sddcSvc.Help.create.sddc_config.account_link_config.delay_account_link.Create()
$accountLinkDelaySpec = $true
$sddcCreateSpec.account_link_config.delay_account_link = $accountLinkDelaySpec
}
$newSddc = $sddcSvc.create($org.Id, $sddcCreateSpec)
$newSddc | Select-Object resource_id,status,task_type,start_time,task_id

209
Scripts/VMware_Cloud_on_AWS/VMWonAWS_FirewallRuleAccelerator.ps1 Normal file
View File

@@ -0,0 +1,209 @@
# Author: Kyle Ruddy
# Product: VMware Cloud on AWS
# Description: VMware Cloud on AWS Firewall Rule Accelerator for PowerCLI
# Requirements:
# - PowerShell 3.x or newer
# - PowerCLI 6.5.4 or newer
# - Use Default IP Addresses
# - Use NSX-V on VMware Cloud on AWS
#---------- USER VARIABLES ----------------------------------------
$oauthToken = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"
$orgId = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx'
$sddcId = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx'
# ---------- DO NOT MODIFY BELOW THIS ------------------------------
Connect-Vmc -RefreshToken $oauthToken | Out-Null
$orgSvc = Get-VmcService -Name com.vmware.vmc.orgs
if ($orgId) {
$org = $orgSvc.List() | where {$_.id -eq $orgId}
}
else {$org = $orgSvc.List()}
if ($org -eq $null) {Write-Output "No Org Found. Exiting."; break}
$sddcSvc = Get-VmcService -Name com.vmware.vmc.orgs.sddcs
if ($sddcId) {
$sddc = $sddcSvc.Get($org.id, $sddcId)
}
else {$sddc = $sddcSvc.List($org.id)}
if ($sddc -eq $null) {Write-Output "No SDDC Found. Exiting."; break}
elseif ($sddc -is [array]) {Write-Output "Multiple SDDCs Found. Please Specify an SDDC ID. Exiting."; break}
$edgeSvc = Get-VmcService com.vmware.vmc.orgs.sddcs.networks.edges
$mgwEdge = ($edgeSvc.Get($org.id,$sddcId,'gatewayServices') | Select-Object -ExpandProperty edge_page).data | where {$_.id -eq 'edge-1'}
$ipsecSvc = Get-VmcService com.vmware.vmc.orgs.sddcs.networks.edges.ipsec.config
$ipsecVPN = $ipsecSvc.Get($org.id, $sddcId, $mgwEdge.id)
$localSubnet = $ipsecVPN.sites.sites.local_subnets.subnets
$vpnSubnet = $ipsecVPN.sites.sites.peer_subnets.subnets
$vcMgmtIP = $sddc.resource_config.vc_management_ip
$vcPublicIP = $sddc.resource_config.vc_public_ip
$esxSubnet = $sddc.resource_config.esx_host_subnet
$ipsecVPNname = $ipsecVPN.sites.sites.name
function Add-VMCFirewallRule {
<#
.NOTES
===========================================================================
Created by: Kyle Ruddy
Date: 08/22/2018
Organization: VMware
Blog: https://www.kmruddy.com
Twitter: @kmruddy
===========================================================================
.SYNOPSIS
Creates a Firewall Rule for a given SDDC
.DESCRIPTION
Creates a Firewall Rule for a given SDDC
.EXAMPLE
Add-VMCFirewallRule -OrgId <org id> -sddcId <sddc id> -FwRuleName <firewall rule name> -SourceIpAddress <source ip address> -DestIpAddress <destination ip address> -Service <service>
#>
param(
[Parameter(Mandatory=$true)]
[String]$OrgId,
[Parameter(Mandatory=$true)]
[String]$SddcId,
[Parameter(Mandatory=$false)]
[ValidateSet('Management Gateway','Compute Gateway')]
[String]$Edge = 'Management Gateway',
[Parameter(Mandatory=$true)]
[String]$FwRuleName,
[Parameter(Mandatory=$false)]
$SourceIpAddress,
[Parameter(Mandatory=$false)]
$DestIpAddress,
[Parameter(Mandatory=$true)]
[ValidateSet('HTTPS','ICMP','SSO','Provisioning','Any','Remote Console')]
[String]$Service,
[Parameter(Mandatory=$false)]
[ValidateSet('accept')]
$FwAction = 'accept'
)
if ($edge -eq 'Management Gateway') {$EdgeId = 'edge-1'}
elseif ($edge -eq 'Compute Gateway') {$EdgeId = 'edge-2'}
else {Write-Output "No Valid Edge Input Found."}
$fwRuleSvc = Get-VmcService com.vmware.vmc.orgs.sddcs.networks.edges.firewall.config.rules
$ruleElementSpec = $fwRuleSvc.Help.add.firewall_rules.firewall_rules.Element.Create()
$fwRules = $fwRuleSvc.Help.add.firewall_rules.Create()
$ruleSpec = $fwRuleSvc.Help.add.firewall_rules.firewall_rules.Create()
# AppSpec
$appSpec = $fwRuleSvc.Help.add.firewall_rules.firewall_rules.Element.application.Create()
# ServiceSpec
$serviceSpec = $fwRuleSvc.Help.add.firewall_rules.firewall_rules.Element.application.service.Element.Create()
if ($Service -eq 'HTTPS') {
$protocol = 'TCP'
$port = @("443")
}
elseif ($Service -eq 'ICMP') {
$protocol = 'ICMP'
$icmpType = 'any'
}
elseif ($Service -eq 'SSO') {
$protocol = 'TCP'
$port = @("7444")
}
elseif ($Service -eq 'Provisioning') {
$protocol = 'TCP'
$port = @("902")
}
elseif ($Service -eq 'Any') {
$protocol = 'Any'
$port = $null
}
elseif ($Service -eq 'Remote Console') {
$protocol = 'TCP'
$port = @("903")
}
else {Write-Output "No Protocol Found."; break}
$serviceSpec.protocol = $protocol
# Process ICMP Type from JSON
$icmpType = $null
if($protocol -eq 'ICMP') {
$icmpType = 'any'
}
if ($icmpType) {
$serviceSpec.icmp_type = $icmpType}
if ($port) {
$serviceSpec.port = $port
$serviceSpec.source_port = @("any")
}
$addSpec = $ruleElementSpec.application.service.Add($serviceSpec)
# Create Source Spec
if($SourceIpAddress) {
$srcSpec = $fwRuleSvc.Help.add.firewall_rules.firewall_rules.Element.source.Create()
$srcSpec.exclude = $false
$srcSpec.ip_address = @($SourceIpAddress)
$ruleElementSpec.source = $srcSpec
}
# Create Destination Spec
if($DestIpAddress) {
$destSpec = $fwRuleSvc.Help.add.firewall_rules.firewall_rules.Element.destination.Create()
$destSpec.exclude = $false
$destSpec.ip_address = @($DestIpAddress)
$ruleElementSpec.destination = $destSpec
}
$ruleElementSpec.rule_type = "user"
$ruleElementSpec.enabled = $true
$ruleElementSpec.logging_enabled = $false
$ruleElementSpec.action = $FwAction
$ruleElementSpec.name = $FwRuleName
# Add the individual FW rule spec into our overall firewall rules array
Write-Output "Creating VMC Firewall Rule: $FwRuleName"
$ruleSpecAdd = $ruleSpec.Add($ruleElementSpec)
$fwRules.firewall_rules = $ruleSpec
$fwRuleAdd = $fwRuleSvc.add($orgId,$sddcId,$EdgeId,$fwRules)
}
# vCenter (ANY) to VPN
Add-VMCFirewallRule -OrgId $org.Id -sddcId $sddc.id -FwRuleName "vCenter (ANY) to $ipsecVPNname" -SourceIpAddress $vcMgmtIP -DestIpAddress $vpnSubnet -Service 'Any'
# ESXi (ANY) to VPN
Add-VMCFirewallRule -OrgId $org.Id -sddcId $sddc.id -FwRuleName "ESXi (ANY) to $ipsecVPNname" -SourceIpAddress $esxSubnet,'10.2.16.0/20' -DestIpAddress $vpnSubnet -Service 'Any'
# VPN to vCenter (HTTPS)
Add-VMCFirewallRule -OrgId $org.Id -sddcId $sddc.id -FwRuleName "$ipsecVPNname to vCenter (HTTPS)" -SourceIpAddress $vpnSubnet -DestIpAddress $vcMgmtIP -Service 'HTTPS'
# VPN to vCenter (ICMP)
Add-VMCFirewallRule -OrgId $org.Id -sddcId $sddc.id -FwRuleName "$ipsecVPNname to vCenter (ICMP)" -SourceIpAddress $vpnSubnet -DestIpAddress $vcMgmtIP -Service 'ICMP'
# VPN to ESXi (Provisioning)
Add-VMCFirewallRule -OrgId $org.Id -sddcId $sddc.id -FwRuleName "$ipsecVPNname to ESXi (Provisioning)" -SourceIpAddress $vpnSubnet -DestIpAddress $esxSubnet,'10.2.16.0/20' -Service 'Provisioning'
# VPN to ESXi (Remove Console)
Add-VMCFirewallRule -OrgId $org.Id -sddcId $sddc.id -FwRuleName "$ipsecVPNname to ESXi (Remote Console)" -SourceIpAddress $vpnSubnet -DestIpAddress $esxSubnet,'10.2.16.0/20' -Service 'Remote Console'
# VPN to ESXi (ICMP)
Add-VMCFirewallRule -OrgId $org.Id -sddcId $sddc.id -FwRuleName "$ipsecVPNname to ESXi (ICMP)" -SourceIpAddress $vpnSubnet -DestIpAddress $esxSubnet,'10.2.16.0/20' -Service 'ICMP'

114
Scripts/VMware_Cloud_on_AWS/VMWonAWS_InviteUsers.ps1 Normal file
View File

@@ -0,0 +1,114 @@
<#
.SYNOPSIS
Takes email address input in order to create VMware Cloud on AWS invites for the desired Organization
.DESCRIPTION
Script which can be used to automate the process of adding new users to a specified VMware Cloud on AWS Organization
.NOTES
Author: Kyle Ruddy, @kmruddy, kmruddy.com
.PARAMETER newUserEmail
Plain text email address or array of email addresses
.PARAMETER roleName
Desired role name of the new users, default is Organization Member
.EXAMPLE
PS > ./VMWonAWS_InviteUsers.ps1 -newUserEmail 'testuser@vmware.com'
.EXAMPLE
PS > ./VMWonAWS_InviteUsers.ps1 -newUserEmail $arrayOfEmailAddresses
#>
[CmdletBinding(SupportsShouldProcess=$True)]
param (
[Parameter (Mandatory = $True, Position=0)]
$newUserEmail,
[Parameter (Mandatory = $False, Position=1)]
[ValidateSet("Organization Member","Organization Owner","Support User")]
[string]$roleName = "Organization Member"
)
# Set Static Variables for your environment
$oauthToken = 'xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
$orgID = 'xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
### DO NOT MODIFY CODE BELOW THIS LINE ###
$inviteReport = @()
$userEmail = @()
# Email Validation Testing
if ($newUserEmail -is [array]) {
foreach ($email in $newUserEmail) {
try {
$userEmail += [mailAddress]$email | select-object -ExpandProperty Address
}
catch {
Write-Warning "$email is not a valid email address"
}
}
}
else {
try {
$userEmail += [mailAddress]$newUserEmail | select-object -ExpandProperty Address
}
catch {
Write-Warning "$newUserEmail is not a valid email address"
}
}
if ($userEmail.Count -eq 0) {
Write-Warning "No valid email addresses found."
Break
}
# Validation and translation of the role name to the role ID
if ($roleName -eq 'Organization Member') {
$orgRoleNames = @("org_member")
}
elseif ($roleName -eq 'Organization Owner') {
$orgRoleNames = @("org_owner")
}
elseif ($roleName -eq 'Support User') {
$orgRoleNames = @("support_user")
}
# Creating custom objects to start building out the body input
$bodyObj = new-object -TypeName System.Object
$SvcRoleNames = @("vmc-user:full")
$SvcDefinitionLink = '/csp/gateway/slc/api/definitions/external/ybUdoTC05kYFC9ZG560kpsn0I8M_'
$bodyObj | Add-Member -Name 'orgRoleNames' -MemberType Noteproperty -Value $orgRoleNames
$serviceRolesDtos = New-Object -TypeName System.Object
$serviceRolesDtos | Add-Member -Name 'serviceDefinitionLink' -MemberType Noteproperty -Value $SvcDefinitionLink
$serviceRolesDtos | Add-Member -Name 'serviceRoleNames' -MemberType Noteproperty -Value $SvcRoleNames
$bodyObj | Add-Member -Name 'serviceRolesDtos' -MemberType Noteproperty -Value @($serviceRolesDtos)
$bodyObj | Add-Member -Name 'usernames' -MemberType Noteproperty -Value $userEmail
$body = $bodyObj | ConvertTo-Json -Depth 100
# Connecting to the REST API service for authentication and then to perform the POST method
$connection = Invoke-WebRequest -Uri "https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize?refresh_token=$oauthToken" -Method Post
$accesskey = ($connection.content | Convertfrom-json).access_token
$inviteUsers = Invoke-WebRequest -Uri "https://console.cloud.vmware.com/csp/gateway/am/api/orgs/$orgID/invitations" -headers @{"csp-auth-token"="$accesskey"} -Method Post -Body $body -ContentType "application/json"
# Outputting the successful invite which was just created
$orgInviteRefResponse = Invoke-WebRequest -Uri "https://console.cloud.vmware.com/csp/gateway/am/api/orgs/$orgid/invitations" -headers @{"csp-auth-token"="$accessKey"} -Method Get
if ($orgInviteRefResponse) {
$orgInviteRefObject = $orgInviteRefResponse | ConvertFrom-Json
foreach ($inviteRef in $orgInviteRefObject) {
$link = $inviteRef.refLink
$orgInviteResponse = Invoke-WebRequest -Uri "https://console.cloud.vmware.com$link" -headers @{"csp-auth-token"="$accessKey"} -Method Get
$orgInviteObject = $orgInviteResponse.content | ConvertFrom-Json
foreach ($emailInput in $userEmail) {
if ($orgInviteObject.username -eq $emailInput) {
$i = New-Object System.Object
$i | Add-Member -Type NoteProperty -Name InviteID -Value $orgInviteObject.refLink.Substring($orgInviteObject.refLink.Length - 36)
$i | Add-Member -Type NoteProperty -Name Username -Value $orgInviteObject.username
$i | Add-Member -Type NoteProperty -Name Status -Value $orgInviteObject.status
$i | Add-Member -Type NoteProperty -Name OrgRoles -Value ($orgInviteObject.OrgRoleNames -join ", ")
$i | Add-Member -Type NoteProperty -Name Requester -Value $orgInviteObject.generatedBy
$inviteReport += $i
}
}
}
}
return $inviteReport

37
Scripts/VMware_Cloud_on_AWS/XRef-VMC-Services.ps1 Normal file
View File

@@ -0,0 +1,37 @@
$refreshToken = 'your-refresh-token'
$reportPath = '.\VMC-services.xlsx'
Connect-Vmc -RefreshToken $refreshToken > $null
$columns = @{}
$services = Get-VmcService | Sort-Object -Property Name
$services | ForEach-Object -Process {
$_.Help | Get-Member -MemberType NoteProperty | where{'Constants','Documentation' -notcontains $_.Name} |
ForEach-Object -Process {
if(-not $columns.ContainsKey($_.Name)){
$columns.Add($_.Name,'')
}
}
}
$columns = $columns.Keys | Sort-Object
$report = @()
foreach($service in $services){
$obj = [ordered]@{
Name = $service.Name
}
$columns | ForEach-Object -Process {
$obj.Add($_,'')
}
$service.Help | Get-Member -MemberType NoteProperty | where{'Constants','Documentation' -notcontains $_.Name} |
ForEach-Object -Process {
# $obj.Item($_.Name) = "$($service.Help.$($_.Name).Documentation)"
$obj.Item($_.Name) = "X"
}
$report += New-Object PSObject -Property $obj
}
$report | Export-Excel -Path $reportPath -WorksheetName 'Services' -FreezeTopRow -BoldTopRow -AutoSize -Show
Disconnect-Vmc -Confirm:$false