From ce69869e8a6518c26214be82e27aaf9c76728d8a Mon Sep 17 00:00:00 2001 From: yangm Date: Mon, 19 Dec 2016 00:29:52 -0800 Subject: [PATCH 1/2] add 1 property to VM, 1 function --- .../VMware.VMEncryption.psm1 | 88 +++++++++++++++---- 1 file changed, 70 insertions(+), 18 deletions(-) diff --git a/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 b/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 index 8594bf9..5f23ca0 100644 --- a/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 +++ b/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 @@ -59,6 +59,11 @@ New-VIProperty -Name Locked -ObjectType VirtualMachine -Value { ($vm.extensiondata.Runtime.ConnectionState -eq "invalid") -and ($vm.extensiondata.Config.KeyId) } -BasedOnExtensionProperty 'Runtime.ConnectionState','Config.KeyId' -Force | Out-Null +New-VIProperty -Name vMotionEncryption -ObjectType VirtualMachine -Value { + Param ($VM) + $VM.ExtensionData.Config.MigrateEncryption +} -BasedOnExtensionProperty 'Config.MigrateEncryption' -Force | Out-Null + New-VIProperty -Name KMSserver -ObjectType VirtualMachine -Value { Param ($VM) if ($VM.Encrypted) { @@ -108,7 +113,6 @@ Function Enable-VMHostCryptoSafe { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -177,7 +181,6 @@ Function Set-VMHostCryptoKey { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -231,6 +234,71 @@ Function Set-VMHostCryptoKey { } } +Function Set-vMotionEncryptionConfig { + <# + .SYNOPSIS + This cmdlet sets the vMotionEncryption property of a VM. + + .DESCRIPTION + Use this function to set the vMotionEncryption settings for a VM. + The 'Encryption' parameter is set up with Tab-Complete for the available + options. + + .PARAMETER VM + Specifies the VM you want to set the vMotionEncryption property. + + .PARAMETER Encryption + Specifies the value you want to set to the vMotionEncryption property. + The Encryption options are: Disabled, Opportunistic, and Required. + + .EXAMPLE + PS C:\> Get-VM | Set-vMotionEncryptionConfig -Encryption opportunistic + + Sets the vMotionEncryption of all the VMs + + .NOTES + Author : Carrie Yang + Author email : yangm@vmware.com + Version : 1.0 + + ==========Tested Against Environment========== + VMware vSphere Hypervisor(ESXi) Version : 6.5 + VMware vCenter Server Version : 6.5 + PowerCLI Version : PowerCLI 6.5 + PowerShell Version : 3.0 + #> + + [CmdLetBinding()] + + param ( + [Parameter(Mandatory=$True,ValueFromPipeline=$True,ValueFromPipelinebyPropertyName=$True)] + [VMware.VimAutomation.ViCore.Types.V1.Inventory.VirtualMachine]$VM, + + [ValidateSet("disabled", "opportunistic", "required")] + [String]$Encryption + ) + + process{ + # Confirm the connected VIServer is vCenter Server + ConfirmIsVCenter + + if ($VM.Encrypted -and $VM.vMotionEncryption -ne $Encryption) { + Write-Error "Cannot change encrypted vMotion state for an encrypted VM." + return + } + + $VMView = $VM | get-view + $config = new-object VMware.Vim.VirtualMachineConfigSpec + $config.MigrateEncryption = New-object VMware.Vim.VirtualMachineConfigSpecEncryptedVMotionModes + $config.MigrateEncryption = "$encryption" + + $VMView.ReconfigVM($config) + + $VM.ExtensionData.UpdateViewData() + $VM.vMotionEncryption + } +} + Function Enable-VMEncryption { <# .SYNOPSIS @@ -277,7 +345,6 @@ Function Enable-VMEncryption { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -438,7 +505,6 @@ Function Enable-VMDiskEncryption { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -591,7 +657,6 @@ Function Disable-VMEncryption { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -688,7 +753,6 @@ Function Disable-VMDiskEncryption { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -824,7 +888,6 @@ Function Set-VMEncryptionKey { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -981,7 +1044,6 @@ Function Set-VMDiskEncryptionKey { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -1105,7 +1167,6 @@ Function Get-VMEncryptionInfo { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -1205,7 +1266,6 @@ Function Get-EntityByCryptoKey { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -1331,7 +1391,6 @@ Function New-KMServer { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -1491,7 +1550,6 @@ Function Remove-KMServer { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -1569,7 +1627,6 @@ Function Get-KMSCluster { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> # Confirm the connected VIServer is vCenter Server @@ -1661,7 +1718,6 @@ Function Get-KMServerInfo { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -1723,7 +1779,6 @@ Function Get-KMServerStatus { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -1795,7 +1850,6 @@ Function Get-DefaultKMSCluster { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> # Confirm the connected VIServer is vCenter Server @@ -1833,7 +1887,6 @@ Function Set-DefaultKMSCluster { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -1889,7 +1942,6 @@ Function ConfirmHardDiskIsValid { .PARAMETER HardDisk Specifies the hard disks which you want to use to validate. - #> [CmdLetBinding()] From 7d49541a258f79ba0e54162e734ccc33c14101e5 Mon Sep 17 00:00:00 2001 From: yangm Date: Tue, 20 Dec 2016 19:41:59 -0800 Subject: [PATCH 2/2] add 1 property and 1 function for vMotionEncryption --- .../VMware.VMEncryption.psm1 | 45 ++++++++++--------- 1 file changed, 24 insertions(+), 21 deletions(-) diff --git a/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 b/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 index 5f23ca0..5252f96 100644 --- a/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 +++ b/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 @@ -69,7 +69,7 @@ New-VIProperty -Name KMSserver -ObjectType VirtualMachine -Value { if ($VM.Encrypted) { $VM.EncryptionKeyId.ProviderId.Id } - } -BasedOnExtensionProperty 'Config.KeyId' -Force | Out-Null +} -BasedOnExtensionProperty 'Config.KeyId' -Force | Out-Null New-VIProperty -Name Encrypted -ObjectType HardDisk -Value { Param ($hardDisk) @@ -238,7 +238,7 @@ Function Set-vMotionEncryptionConfig { <# .SYNOPSIS This cmdlet sets the vMotionEncryption property of a VM. - + .DESCRIPTION Use this function to set the vMotionEncryption settings for a VM. The 'Encryption' parameter is set up with Tab-Complete for the available @@ -248,17 +248,17 @@ Function Set-vMotionEncryptionConfig { Specifies the VM you want to set the vMotionEncryption property. .PARAMETER Encryption - Specifies the value you want to set to the vMotionEncryption property. - The Encryption options are: Disabled, Opportunistic, and Required. + Specifies the value you want to set to the vMotionEncryption property. + The Encryption options are: disabled, opportunistic, and required. .EXAMPLE PS C:\> Get-VM | Set-vMotionEncryptionConfig -Encryption opportunistic - + Sets the vMotionEncryption of all the VMs - + .NOTES - Author : Carrie Yang - Author email : yangm@vmware.com + Author : Brian Graf, Carrie Yang. + Author email : grafb@vmware.com, yangm@vmware.com Version : 1.0 ==========Tested Against Environment========== @@ -274,28 +274,31 @@ Function Set-vMotionEncryptionConfig { [Parameter(Mandatory=$True,ValueFromPipeline=$True,ValueFromPipelinebyPropertyName=$True)] [VMware.VimAutomation.ViCore.Types.V1.Inventory.VirtualMachine]$VM, + [Parameter(Mandatory=$True] [ValidateSet("disabled", "opportunistic", "required")] - [String]$Encryption + [String]$Encryption ) process{ - # Confirm the connected VIServer is vCenter Server - ConfirmIsVCenter + if ($VM.vMotionEncryption -eq $Encryption) { + Write-Warning "The encrypted vMotion state is already $Encrypted, no need to change it." + return + } - if ($VM.Encrypted -and $VM.vMotionEncryption -ne $Encryption) { + if ($VM.Encrypted) { Write-Error "Cannot change encrypted vMotion state for an encrypted VM." return } $VMView = $VM | get-view - $config = new-object VMware.Vim.VirtualMachineConfigSpec - $config.MigrateEncryption = New-object VMware.Vim.VirtualMachineConfigSpecEncryptedVMotionModes - $config.MigrateEncryption = "$encryption" - + $Config = New-Object VMware.Vim.VirtualMachineConfigSpec + $Config.MigrateEncryption = New-Object VMware.Vim.VirtualMachineConfigSpecEncryptedVMotionModes + $Config.MigrateEncryption = $Encryption + $VMView.ReconfigVM($config) - $VM.ExtensionData.UpdateViewData() - $VM.vMotionEncryption + $VM.ExtensionData.UpdateViewData() + $VM.vMotionEncryption } } @@ -1156,7 +1159,7 @@ Function Get-VMEncryptionInfo { .NOTES If $HardDisk is specified, then only the encryption information of the disks specified in $HardDisk is obtained. Otherwise, all disks' encryption information of the specified VM is returned. - + .NOTES Author : Carrie Yang. Author email : yangm@vmware.com @@ -1255,7 +1258,7 @@ Function Get-EntityByCryptoKey { .NOTES At least one of the KeyId and KMSClusterId parameters is required. If the SearchVMHosts, SearchVMs and SearchDisks all not specified, the cmdlet return $null. - + .NOTES Author : Baoyin Qiao. Author email : bqiao@vmware.com @@ -1876,7 +1879,7 @@ Function Set-DefaultKMSCluster { C:\PS>Set-DefaultKMSCluster -KMSClusterId 'ClusterIdString' Sets the KMS cluster whose cluster ID is 'ClusterIdString' as the default KMS cluster. - + .NOTES Author : Baoyin Qiao. Author email : bqiao@vmware.com