voltron/PowerCLI-Example-Scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

License PowerCLI-Examples-Scripts repository under BSD-2 Clause (#462)

Browse Source 
As part of the VMware open source program, we have to update this repository with the correct license and copyright information.
We add the BSD-2 Clause License for this repository.
We mark all source code provided by VMware with the Copyright notice under BSD-2 Clause license.

* Update repository license to BSD 2-Clause License

* Update Copyright
This commit is contained in:
dmilov
2021-06-07 09:58:47 +03:00
committed by GitHub
parent db68f439a3
commit fb641c8a1c
110 changed files with 1066 additions and 790 deletions
Download Patch File Download Diff File Expand all files Collapse all files

131
Modules/VMware.VsanEncryption/VMware.VsanEncryption.psm1
View File

@@ -1,3 +1,8 @@
<#
Copyright 2021 VMware, Inc.
SPDX-License-Identifier: BSD-2-Clause
#>
# Script Module : VMware.VsanEncryption
# Version : 1.0
# Author : Jase McCarty, VMware Storage & Availability Business Unit
@@ -26,19 +31,19 @@
Function Invoke-VsanEncryptionRekey {
<#
.SYNOPSIS
This function will initiate a ReKey of a vSAN Cluster. Shallow ReKeying (KEK Only) or Deep ReKeying (DEK Also) are supported, as well as Reduced Redundancy if necessary.
This function will initiate a ReKey of a vSAN Cluster. Shallow ReKeying (KEK Only) or Deep ReKeying (DEK Also) are supported, as well as Reduced Redundancy if necessary.
.DESCRIPTION
This function will initiate a ReKey of a vSAN Cluster. Shallow ReKeying (KEK Only) or Deep ReKeying (DEK Also) are supported, as well as Reduced Redundancy if necessary.
This function will initiate a ReKey of a vSAN Cluster. Shallow ReKeying (KEK Only) or Deep ReKeying (DEK Also) are supported, as well as Reduced Redundancy if necessary.
.PARAMETER Cluster
Specifies the Cluster to perform the rekey process on
.PARAMETER DeepRekey
Use to invoke a Deep Rekey ($true) or a Shallow ($false or omit)
.PARAMETER ReducedRedundancy
For clusters that have 4 or more hosts, this will allow for reduced redundancy.
For clusters that have 4 or more hosts, this will allow for reduced redundancy.
For clusters that have 2 or 3 hosts, this does not need to be set (can be).
.EXAMPLE
@@ -53,7 +58,7 @@ Function Invoke-VsanEncryptionRekey {
[Parameter(Mandatory = $False)][Boolean]$ReducedRedundancy
)
# Get the Cluster
# Get the Cluster
$VsanCluster = Get-Cluster -Name $Cluster
# Get the vSAN Cluster Configuration View
@@ -95,71 +100,71 @@ Function Invoke-VsanEncryptionRekey {
Function Set-VsanEncryptionKms {
<#
.SYNOPSIS
This function will set the KMS to be used with vSAN Encryption
This function will set the KMS to be used with vSAN Encryption
.DESCRIPTION
This function will set the KMS to be used with vSAN Encryption
This function will set the KMS to be used with vSAN Encryption
.PARAMETER Cluster
Specifies the Cluster to set the KMS server for
.PARAMETER KmsCluster
Use to set the KMS Cluster to be used with vSAN Encryption
.EXAMPLE
C:\PS>Set-VsanEncryptionKms -Cluster "ClusterName" -KmsCluster "vCenter KMS Cluster Entry"
#>
# Set our Parameters
[CmdletBinding()]Param(
[Parameter(Mandatory = $True)][String]$Cluster,
[Parameter(Mandatory = $False)][String]$KmsCluster
)
# Get the Cluster
# Get the Cluster
$VsanCluster = Get-Cluster -Name $Cluster
# Get the list of KMS Servers that are included
# Get the list of KMS Servers that are included
$KmsClusterList = Get-KmsCluster
# Was a KMS Cluster Specified?
# Was a KMS Cluster Specified?
# Specified: Is it in the list?
# Is it not in the list?
# Not Specified: Present a list
# Not Specified: Present a list
If ($KmsCluster) {
If ($KmsClusterList.Name.Contains($KmsCluster)) {
Write-Host "$KmsCluster In the list, proceeding" -ForegroundColor Green
$KmsClusterProfile = $KmsClusterList | Where-Object {$_.Name -eq $KmsCluster}
} else {
$Count = 0
Foreach ($KmsClusterItem in $KmsClusterList) {
Write-Host "$Count) $KmsClusterItem "
$Count = $Count + 1
}
$KmsClusterEntry = Read-Host -Prompt "$KmsCluster is not valid, please select one of the existing KMS Clusters to use"
$KmsClusterEntry = Read-Host -Prompt "$KmsCluster is not valid, please select one of the existing KMS Clusters to use"
Write-Host $KmsClusterList[$KmsClusterEntry]
$KmsClusterProfile = $KmsClusterList[$KmsClusterEntry]
}
} else {
$Count = 0
Foreach ($KmsClusterItem in $KmsClusterList) {
Write-Host "$Count) $KmsClusterItem "
$Count = $Count + 1
}
$KmsClusterEntry = Read-Host -Prompt "No KMS provided, please select one of the existing KMS Clusters to use"
$KmsClusterEntry = Read-Host -Prompt "No KMS provided, please select one of the existing KMS Clusters to use"
Write-Host $KmsClusterList[$KmsClusterEntry]
$KmsClusterProfile = $KmsClusterList[$KmsClusterEntry]
}
# Get the vSAN Cluster Configuration View
$VsanVcClusterConfig = Get-VsanView -Id "VsanVcClusterConfigSystem-vsan-cluster-config-system"
# Get Encryption State
$EncryptedVsan = $VsanVcClusterConfig.VsanClusterGetConfig($VsanCluster.ExtensionData.MoRef).DataEncryptionConfig
# If vSAN is enabled and it is Encrypted
If($VsanCluster.vSanEnabled -And $EncryptedVsan.EncryptionEnabled){
@@ -181,7 +186,7 @@ Function Set-VsanEncryptionKms {
# Set the Reconfigure Specification to use the Data Encryption Configuration Spec
$vsanReconfigSpec = New-Object VMware.Vsan.Views.VimVsanReconfigSpec
$vsanReconfigSpec.DataEncryptionConfig = $DataEncryptionConfigSpec
# Execute the task of changing the KMS Cluster Profile Being Used
$ChangeKmsTask = $VsanVcClusterConfig.VsanClusterReconfig($VsanCluster.ExtensionData.MoRef,$vsanReconfigSpec)
}
@@ -192,74 +197,74 @@ Function Set-VsanEncryptionKms {
Function Get-VsanEncryptionKms {
<#
.SYNOPSIS
This function will set the KMS to be used with vSAN Encryption
This function will set the KMS to be used with vSAN Encryption
.DESCRIPTION
This function will set the KMS to be used with vSAN Encryption
This function will set the KMS to be used with vSAN Encryption
.PARAMETER Cluster
Specifies the Cluster to set the KMS server for
.EXAMPLE
C:\PS>Get-VsanEncryptionKms -Cluster "ClusterName"
#>
# Set our Parameters
[CmdletBinding()]Param([Parameter(Mandatory = $True)][String]$Cluster)
# Get the Cluster
# Get the Cluster
$VsanCluster = Get-Cluster -Name $Cluster
# Get the vSAN Cluster Configuration View
$VsanVcClusterConfig = Get-VsanView -Id "VsanVcClusterConfigSystem-vsan-cluster-config-system"
# Get Encryption State
$EncryptedVsan = $VsanVcClusterConfig.VsanClusterGetConfig($VsanCluster.ExtensionData.MoRef).DataEncryptionConfig
# If vSAN is enabled and it is Encrypted
If($VsanCluster.vSanEnabled -And $EncryptedVsan.EncryptionEnabled){
$EncryptedVsan.KmsProviderId.Id
$EncryptedVsan.KmsProviderId.Id
}
}
Function Set-VsanEncryptionDiskWiping {
<#
.SYNOPSIS
This function will update the Disk Wiping option in vSAN Encryption
This function will update the Disk Wiping option in vSAN Encryption
.DESCRIPTION
This function will update the Disk Wiping option in vSAN Encryption
This function will update the Disk Wiping option in vSAN Encryption
.PARAMETER Cluster
Specifies the Cluster set the Disk Wiping Setting on
.PARAMETER DiskWiping
Use to set the Disk Wiping setting for vSAN Encryption
.EXAMPLE
C:\PS>Set-VsanEncryptionDiskWiping -Cluster "ClusterName" -DiskWiping $true
.EXAMPLE
.EXAMPLE
C:\PS>Set-VsanEncryptionDiskWiping -Cluster "ClusterName" -DiskWiping $false
#>
# Set our Parameters
[CmdletBinding()]Param(
[Parameter(Mandatory = $True)][String]$Cluster,
[Parameter(Mandatory = $True)][Boolean]$DiskWiping
)
# Get the Cluster
# Get the Cluster
$VsanCluster = Get-Cluster -Name $Cluster
# Get the vSAN Cluster Configuration View
$VsanVcClusterConfig = Get-VsanView -Id "VsanVcClusterConfigSystem-vsan-cluster-config-system"
# Get Encryption State
$EncryptedVsan = $VsanVcClusterConfig.VsanClusterGetConfig($VsanCluster.ExtensionData.MoRef).DataEncryptionConfig
# If vSAN is enabled and it is Encrypted
If($VsanCluster.vSanEnabled -And $EncryptedVsan.EncryptionEnabled){
@@ -287,7 +292,7 @@ Function Set-VsanEncryptionDiskWiping {
# Set the Reconfigure Specification to use the Data Encryption Configuration Spec
$vsanReconfigSpec = New-Object VMware.Vsan.Views.VimVsanReconfigSpec
$vsanReconfigSpec.DataEncryptionConfig = $DataEncryptionConfigSpec
# Execute the task of changing the KMS Cluster Profile Being Used
$VsanVcClusterConfig.VsanClusterReconfig($VsanCluster.ExtensionData.MoRef,$vsanReconfigSpec)
@@ -298,31 +303,31 @@ Function Set-VsanEncryptionDiskWiping {
Function Get-VsanEncryptionDiskWiping {
<#
.SYNOPSIS
This function will retrieve the Disk Wiping option setting in vSAN Encryption
This function will retrieve the Disk Wiping option setting in vSAN Encryption
.DESCRIPTION
This function will retrieve the Disk Wiping option setting in vSAN Encryption
This function will retrieve the Disk Wiping option setting in vSAN Encryption
.PARAMETER Cluster
Specifies the Cluster set the Disk Wiping Setting on
.EXAMPLE
C:\PS>Get-VsanEncryptionDiskWiping -Cluster "ClusterName"
#>
# Set our Parameters
[CmdletBinding()]Param([Parameter(Mandatory = $True)][String]$Cluster)
# Get the Cluster
# Get the Cluster
$VsanCluster = Get-Cluster -Name $Cluster
# Get the vSAN Cluster Configuration View
$VsanVcClusterConfig = Get-VsanView -Id "VsanVcClusterConfigSystem-vsan-cluster-config-system"
# Get Encryption State
$EncryptedVsan = $VsanVcClusterConfig.VsanClusterGetConfig($VsanCluster.ExtensionData.MoRef).DataEncryptionConfig
# If vSAN is enabled and it is Encrypted
If($VsanCluster.vSanEnabled -And $EncryptedVsan.EncryptionEnabled){