voltron/PowerCLI-Example-Scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update VMware.VMEncryption.psm1

Browse Source 
1, added new function Set-VMCryptoUnlock
2, deprecating functions related to KMServer and KMSCluster from VMware.VMEncryption
This commit is contained in:
simonfangyingzhang
2018-04-27 04:22:42 +01:00
committed by GitHub
parent d70bee9f99
commit df9d71d4e0
1 changed files with 68 additions and 148 deletions
Download Patch File Download Diff File Expand all files Collapse all files

214
Modules/VMware.VMEncryption/VMware.VMEncryption.psm1
View File

@@ -1,5 +1,5 @@
# Script Module : VMware.VMEncryption # Script Module : VMware.VMEncryption
# Version : 1.0 # Version : 1.1
# Copyright © 2016 VMware, Inc. All Rights Reserved. # Copyright © 2016 VMware, Inc. All Rights Reserved.
@@ -56,8 +56,13 @@ New-VIProperty -Name EncryptionKeyId -ObjectType VirtualMachine -Value {
New-VIProperty -Name Locked -ObjectType VirtualMachine -Value { New-VIProperty -Name Locked -ObjectType VirtualMachine -Value {
Param ($VM) Param ($VM)
($vm.extensiondata.Runtime.ConnectionState -eq "invalid") -and ($vm.extensiondata.Config.KeyId) if ($vm.ExtensionData.Runtime.CryptoState) {
} -BasedOnExtensionProperty 'Runtime.ConnectionState','Config.KeyId' -Force | Out-Null $vm.ExtensionData.Runtime.CryptoState -eq "locked"
}
else {
($vm.extensiondata.Runtime.ConnectionState -eq "invalid") -and ($vm.extensiondata.Config.KeyId)
}
} -BasedOnExtensionProperty 'Runtime.CryptoState', 'Runtime.ConnectionState','Config.KeyId' -Force | Out-Null
New-VIProperty -Name vMotionEncryption -ObjectType VirtualMachine -Value { New-VIProperty -Name vMotionEncryption -ObjectType VirtualMachine -Value {
Param ($VM) Param ($VM)
@@ -83,13 +88,6 @@ New-VIProperty -Name EncryptionKeyId -ObjectType HardDisk -Value {
} }
} -BasedOnExtensionProperty 'Backing.KeyId' -Force | Out-Null } -BasedOnExtensionProperty 'Backing.KeyId' -Force | Out-Null
New-VIProperty -Name KMSserver -ObjectType VMHost -Value {
Param ($VMHost)
if ($VMHost.CryptoSafe) {
$VMHost.ExtensionData.Runtime.CryptoKeyId.ProviderId.Id
}
} -BasedOnExtensionProperty 'Runtime.CryptoKeyId.ProviderId.Id' -Force | Out-Null
Function Enable-VMHostCryptoSafe { Function Enable-VMHostCryptoSafe {
<# <#
.SYNOPSIS .SYNOPSIS
@@ -113,13 +111,6 @@ Function Enable-VMHostCryptoSafe {
.NOTES .NOTES
Author : Baoyin Qiao. Author : Baoyin Qiao.
Author email : bqiao@vmware.com Author email : bqiao@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#> #>
[CmdLetBinding()] [CmdLetBinding()]
@@ -181,13 +172,6 @@ Function Set-VMHostCryptoKey {
.NOTES .NOTES
Author : Baoyin Qiao. Author : Baoyin Qiao.
Author email : bqiao@vmware.com Author email : bqiao@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#> #>
[CmdLetBinding()] [CmdLetBinding()]
@@ -266,13 +250,6 @@ Function Set-vMotionEncryptionConfig {
.NOTES .NOTES
Author : Brian Graf, Carrie Yang. Author : Brian Graf, Carrie Yang.
Author email : grafb@vmware.com, yangm@vmware.com Author email : grafb@vmware.com, yangm@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#> #>
[CmdLetBinding()] [CmdLetBinding()]
@@ -348,13 +325,6 @@ Function Enable-VMEncryption {
.NOTES .NOTES
Author : Baoyin Qiao. Author : Baoyin Qiao.
Author email : bqiao@vmware.com Author email : bqiao@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#> #>
[CmdLetBinding()] [CmdLetBinding()]
@@ -508,13 +478,6 @@ Function Enable-VMDiskEncryption {
.NOTES .NOTES
Author : Baoyin Qiao. Author : Baoyin Qiao.
Author email : bqiao@vmware.com Author email : bqiao@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#> #>
[CmdLetBinding()] [CmdLetBinding()]
@@ -660,13 +623,6 @@ Function Disable-VMEncryption {
.NOTES .NOTES
Author : Carrie Yang. Author : Carrie Yang.
Author email : yangm@vmware.com Author email : yangm@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#> #>
[CmdLetBinding()] [CmdLetBinding()]
@@ -756,13 +712,6 @@ Function Disable-VMDiskEncryption {
.NOTES .NOTES
Author : Carrie Yang. Author : Carrie Yang.
Author email : yangm@vmware.com Author email : yangm@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#> #>
[CmdLetBinding()] [CmdLetBinding()]
@@ -882,7 +831,7 @@ Function Set-VMEncryptionKey {
C:\PS>$VM|Set-VMEncryptionKey -KMSClusterId $KMSCluster.Id -Deep C:\PS>$VM|Set-VMEncryptionKey -KMSClusterId $KMSCluster.Id -Deep
Deep rekeys the VM Home and all its disks using a new key. Deep rekeys the VM Home and all its disks using a new key.
The key is generated from the KMS whose clusterId is $KMSCluster.Id. The key is generted from the KMS whose clusterId is $KMSCluster.Id.
.NOTES .NOTES
This cmdlet assumes there is already a KMS in vCenter Server. If VM is not encrypted, the cmdlet quits. This cmdlet assumes there is already a KMS in vCenter Server. If VM is not encrypted, the cmdlet quits.
@@ -891,13 +840,6 @@ Function Set-VMEncryptionKey {
.NOTES .NOTES
Author : Carrie Yang. Author : Carrie Yang.
Author email : yangm@vmware.com Author email : yangm@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#> #>
[CmdLetBinding()] [CmdLetBinding()]
@@ -1034,10 +976,10 @@ Function Set-VMDiskEncryptionKey {
C:\PS>$KMSCluster = Get-KMSCluster | select -last 1 C:\PS>$KMSCluster = Get-KMSCluster | select -last 1
C:\PS>$VM = Get-VM -Name win2012 C:\PS>$VM = Get-VM -Name win2012
C:\PS>$HardDisk = get-vm $vm|Get-HardDisk C:\PS>$HardDisk = get-vm $vm|Get-HardDisk
C:\PS>$HardDisk| Set-VMDiskEncryptionKey -VM $VM -KMSClusterId $KMSCluster.Id -Deep C:\PS>$HardDisk|$Set-VMEncryptionKey -VM $VM -KMSClusterId $KMSCluster.Id -Deep
Deep rekeys all the disks of the $VM using a new key. Deep rekeys all the disks of the $VM using a new key.
The key is generated from the KMS whose clusterId is $KMSCluster.Id. The key is generted from the KMS whose clusterId is $KMSCluster.Id.
.NOTES .NOTES
This cmdlet assumes there is already a KMS in vCenter Server. This cmdlet assumes there is already a KMS in vCenter Server.
@@ -1047,13 +989,6 @@ Function Set-VMDiskEncryptionKey {
.NOTES .NOTES
Author : Carrie Yang. Author : Carrie Yang.
Author email : yangm@vmware.com Author email : yangm@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#> #>
[CmdLetBinding()] [CmdLetBinding()]
@@ -1170,13 +1105,6 @@ Function Get-VMEncryptionInfo {
.NOTES .NOTES
Author : Carrie Yang. Author : Carrie Yang.
Author email : yangm@vmware.com Author email : yangm@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#> #>
[CmdLetBinding()] [CmdLetBinding()]
@@ -1269,13 +1197,6 @@ Function Get-EntityByCryptoKey {
.NOTES .NOTES
Author : Baoyin Qiao. Author : Baoyin Qiao.
Author email : bqiao@vmware.com Author email : bqiao@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#> #>
[CmdLetBinding()] [CmdLetBinding()]
@@ -1394,13 +1315,6 @@ Function New-KMServer {
.NOTES .NOTES
Author : Baoyin Qiao. Author : Baoyin Qiao.
Author email : bqiao@vmware.com Author email : bqiao@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#> #>
[CmdLetBinding()] [CmdLetBinding()]
@@ -1435,6 +1349,7 @@ Function New-KMServer {
) )
Begin { Begin {
write-warning "This cmdlet is deprecated and will be removed in future release. Use VMware.VimAutomation.Storage\Add-KeyManagementServer instead"
# Confirm the connected VIServer is vCenter Server # Confirm the connected VIServer is vCenter Server
ConfirmIsVCenter ConfirmIsVCenter
@@ -1553,13 +1468,6 @@ Function Remove-KMServer {
.NOTES .NOTES
Author : Baoyin Qiao. Author : Baoyin Qiao.
Author email : bqiao@vmware.com Author email : bqiao@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#> #>
[CmdLetBinding()] [CmdLetBinding()]
@@ -1573,6 +1481,7 @@ Function Remove-KMServer {
) )
Begin { Begin {
write-warning "This cmdlet is deprecated and will be removed in future release. Use VMware.VimAutomation.Storage\Remove-KeyManagementServer instead"
# Confirm the connected VIServer is vCenter Server # Confirm the connected VIServer is vCenter Server
ConfirmIsVCenter ConfirmIsVCenter
@@ -1630,15 +1539,9 @@ Function Get-KMSCluster {
.NOTES .NOTES
Author : Baoyin Qiao. Author : Baoyin Qiao.
Author email : bqiao@vmware.com Author email : bqiao@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#> #>
write-warning "This cmdlet is deprecated and will be removed in future release. Use VMware.VimAutomation.Storage\Get-KmsCluster instead"
# Confirm the connected VIServer is vCenter Server # Confirm the connected VIServer is vCenter Server
ConfirmIsVCenter ConfirmIsVCenter
@@ -1668,14 +1571,6 @@ Function Get-KMSClusterInfo {
.NOTES .NOTES
Author : Baoyin Qiao. Author : Baoyin Qiao.
Author email : bqiao@vmware.com Author email : bqiao@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#> #>
[CmdLetBinding()] [CmdLetBinding()]
@@ -1686,6 +1581,7 @@ Function Get-KMSClusterInfo {
) )
Begin { Begin {
write-warning "This cmdlet is deprecated and will be removed in future release. Use VMware.VimAutomation.Storage\Get-KmsCluster instead"
# Confirm the connected VIServer is vCenter Server # Confirm the connected VIServer is vCenter Server
ConfirmIsVCenter ConfirmIsVCenter
@@ -1721,13 +1617,6 @@ Function Get-KMServerInfo {
.NOTES .NOTES
Author : Baoyin Qiao. Author : Baoyin Qiao.
Author email : bqiao@vmware.com Author email : bqiao@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#> #>
[CmdLetBinding()] [CmdLetBinding()]
@@ -1738,6 +1627,7 @@ Function Get-KMServerInfo {
) )
Begin { Begin {
write-warning "This cmdlet is deprecated and will be removed in future release. Use VMware.VimAutomation.Storage\Get-KeyManagementServer instead"
# Confirm the connected VIServer is vCenter Server # Confirm the connected VIServer is vCenter Server
ConfirmIsVCenter ConfirmIsVCenter
@@ -1782,13 +1672,6 @@ Function Get-KMServerStatus {
.NOTES .NOTES
Author : Baoyin Qiao. Author : Baoyin Qiao.
Author email : bqiao@vmware.com Author email : bqiao@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#> #>
[CmdLetBinding()] [CmdLetBinding()]
@@ -1853,15 +1736,9 @@ Function Get-DefaultKMSCluster {
.NOTES .NOTES
Author : Baoyin Qiao. Author : Baoyin Qiao.
Author email : bqiao@vmware.com Author email : bqiao@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#> #>
write-warning "This cmdlet is deprecated and will be removed in future release. Use VMware.VimAutomation.Storage\Get-KmsCluster instead"
# Confirm the connected VIServer is vCenter Server # Confirm the connected VIServer is vCenter Server
ConfirmIsVCenter ConfirmIsVCenter
@@ -1890,13 +1767,6 @@ Function Set-DefaultKMSCluster {
.NOTES .NOTES
Author : Baoyin Qiao. Author : Baoyin Qiao.
Author email : bqiao@vmware.com Author email : bqiao@vmware.com
Version : 1.0
==========Tested Against Environment==========
VMware vSphere Hypervisor(ESXi) Version : 6.5
VMware vCenter Server Version : 6.5
PowerCLI Version : PowerCLI 6.5
PowerShell Version : 3.0
#> #>
[CmdLetBinding()] [CmdLetBinding()]
@@ -1906,6 +1776,7 @@ Function Set-DefaultKMSCluster {
[String] $KMSClusterId [String] $KMSClusterId
) )
write-warning "This cmdlet is deprecated and will be removed in future release. Use VMware.VimAutomation.Storage\Set-KmsCluster instead"
# Confirm the connected VIServer is vCenter Server # Confirm the connected VIServer is vCenter Server
ConfirmIsVCenter ConfirmIsVCenter
@@ -1917,6 +1788,55 @@ Function Set-DefaultKMSCluster {
$CM.MarkDefault($ProviderId) $CM.MarkDefault($ProviderId)
} }
Function Set-VMCryptoUnlock {
<#
.SYNOPSIS
This cmdlet unlocks a locked vm
.DESCRIPTION
This cmdlet unlocks a locked vm
.PARAMETER VM
Specifies the VM you want to unlock
.EXAMPLE
PS C:\> Get-VM |where {$_.locked}| Set-VMCryptoUnlock
Unlock all locked vms
.NOTES
Author : Fangying Zhang
Author email : fzhang@vmware.com
#>
[CmdLetBinding()]
param (
[Parameter(Mandatory=$True,ValueFromPipeline=$True,ValueFromPipelinebyPropertyName=$True)]
[VMware.VimAutomation.ViCore.Types.V1.Inventory.VirtualMachine[]]$VM
)
Begin {
# Confirm the connected VIServer is vCenter Server
ConfirmIsVCenter
}
Process {
foreach ($thisvm in $vm) {
if (!$thisvm.encrypted) {
write-warning "$thisvm is not encrypted, will skip $thisvm"
continue
}
if (!$thisvm.Locked) {
write-warning "$thisvm may not be locked!"
# $thisvm.locked could be false on old 6.5.0 build (bug 1931370), so do not skip $thisvm
}
write-verbose "try to CryptoUnlock $thisvm"
$thisvm.ExtensionData.CryptoUnlock()
}
}
}
Function ConfirmIsVCenter{ Function ConfirmIsVCenter{
<# <#
.SYNOPSIS .SYNOPSIS