我正在尝试使用PowerCli 5.1在vCloud Director 5.1中将防火墙规则添加到vApp网络。此脚本似乎更新,没有任何错误,但刷新防火墙设置显示没有任何更改。
Connect-CIServer -Server server.domain.local -Org org01 -User administrator -Password xxxxxx -WarningAction SilentlyContinue
$vAppNet = Get-CIVAPP 111 | get-civappnetwork vApp_Network
$vApp = Get-CIVAPP 111
$networkConfigSection = (Get-CIVapp 111).extensiondata.GetNetworkConfigSection()
$fwService = New-Object vmware.vimautomation.cloud.views.firewallservice
$fwService.DefaultAction = "drop"
$fwService.LogDefaultAction = $false
$fwService.IsEnabled = $true
$fwService.FirewallRule = New-Object vmware.vimautomation.cloud.views.firewallrule
$fwService.FirewallRule += New-Object vmware.vimautomation.cloud.views.firewallrule
$fwService.FirewallRule[0].isenabled = $true
$fwService.FirewallRule[0].description = "TS from TSG"
$fwService.FirewallRule[0].protocols = New-Object vmware.vimautomation.cloud.views.firewallRuleTypeProtocols
$fwService.FirewallRule[0].protocols.tcp = $true
$fwService.FirewallRule[0].policy = "allow"
$fwService.FirewallRule[0].port = "3389"
$fwService.FirewallRule[0].destinationIp = "Any"
$fwService.FirewallRule[0].sourceport = "3389"
$fwService.FirewallRule[0].sourceip = "192.168.1.81-192.168.1.89"
$fwService.FirewallRule[0].direction = "in"
$vAppNet.extensiondata.configuration.features += $fwService
$networkConfigSection.UpdateServerData()
当我运行$ vAppNet.extensiondata.configuration.features检查它是否已添加时,我在NAT输入后的第3部分看到它...
PowerCLI C:\ Program Files(x86)\ VMware \ Infrastructure \ vSphere PowerCLI for Tenants> $ vAppNet.extensiondata.configuration.features
DefaultAction : drop
LogDefaultAction : False
FirewallRule :
IsEnabled : True
AnyAttr :
VCloudExtension :
NatType : ipTranslation
Policy : allowTrafficIn
NatRule :
ExternalIp :
IsEnabled : True
AnyAttr :
VCloudExtension :
DefaultAction : drop
LogDefaultAction : False
FirewallRule : {, }
IsEnabled : True
AnyAttr :
VCloudExtension :
Connect-CIServer -Server server.domain.local -Org org01 -User administrator -Password xxxxxx -WarningAction SilentlyContinue
$vAppNet = get-civappnetwork vApp_Network
$vApp = Get-CIVAPP 111
$networkConfigSection = (Get-CIVapp 111).extensiondata.GetNetworkConfigSection()
$vAppNetwork = $networkConfigSection.NetworkConfig | where {$_.networkName -eq "vApp_Network"}
$fwService = New-Object vmware.vimautomation.cloud.views.firewallservice
$fwService.DefaultAction = "drop"
$fwService.LogDefaultAction = $false
$fwService.IsEnabled = $false
$fwService.FirewallRule = New-Object vmware.vimautomation.cloud.views.firewallrule
$fwService.FirewallRule += New-Object vmware.vimautomation.cloud.views.firewallrule
$fwService.FirewallRule[0].isenabled = $false
$fwService.FirewallRule[0].description = "TS from TSG"
$fwService.FirewallRule[0].protocols = New-Object vmware.vimautomation.cloud.views.firewallRuleTypeProtocols
$fwService.FirewallRule[0].protocols.tcp = $true
$fwService.FirewallRule[0].policy = "allow"
$fwService.FirewallRule[0].port = "3389"
$fwService.FirewallRule[0].destinationIp = "Any"
$fwService.FirewallRule[0].sourceport = "3389"
$fwService.FirewallRule[0].sourceip = "192.168.1.81-192.168.1.89"
$fwService.FirewallRule[0].direction = "in"
$vAppNetwork.Configuration.Features = $vAppNetwork.Configuration.Features | where {!($_ -is [vmware.vimautomation.cloud.views.firewallservice])}
$vAppNetwork.configuration.features += $fwService
$networkConfigSection.UpdateServerData()
使用“0”参数调用“UpdateServerData”的异常:“错误的请求 - 意外的JAXB异常 - cvc-complex-type.2.4.b:元素'FirewallRule'的内容不完整。其中一个'{ “XXXX:// XXX。 vmware.com/vcloud/v1.5":VCloudExtension,“xxxx://xxx.vmware.com/vcloud/v1.5”:Id,“xxxx://xxx.vmware.com/vcloud/v1.5” :IsEnabled,“xxx://xxxx.vmware.com/vcloud/v1.5”:MatchOnTranslate,“xxxx://www.vmware.com /vcloud/v1.5":Description,"xxxx://xxx.vmware.com/vcloud/v1.5“:Policy,”xxxx://xxx.vmware.com/vcloud/v1.5“:协议, “xxxx://xxx.vmware.com/vcloud/v1.5”:IcmpSubType,“http://xxx.vmware.com/vcloud/v1.5”:P ort,“xxxx://xxx.vmware.com/vcloud/v1.5”:DestinationPortRange,“xxxx://xxx.vmware.com/vcloud/v1.5”:DestinationIp,“xxxx://xxx.vmware预计.com / vcloud / v1.5“:DestinationVm}”。 在线:1字符:39 + $ networkConfigSection.UpdateServerData<<<< () + CategoryInfo:NotSpecified:(:) [],MethodInvocationException + FullyQualifiedErrorId:DotNetMethodException
我无法弄清楚如何成功更新。拜托,非常感谢任何帮助。
答案 0 :(得分:0)
我找到了答案,这是适合任何需要它的人。
$vAppNet = Get-CIVAPP 111 | Get-CIVAppNetwork vApp_Network
$vApp = Get-CIVAPP 111
$networkConfigSection = (Get-CIVapp 111).extensiondata.GetNetworkConfigSection()
$vAppNetwork = $networkConfigSection.NetworkConfig | where {$_.networkName -eq "vApp_Network"}
$fwService = New-Object vmware.vimautomation.cloud.views.firewallservice
$fwService.DefaultAction = "drop"
$fwService.LogDefaultAction = $false
$fwService.IsEnabled = $true
$fwService.FirewallRule = New-Object vmware.vimautomation.cloud.views.firewallrule
$fwService.FirewallRule += New-Object vmware.vimautomation.cloud.views.firewallrule
#First Rule
$fwService.FirewallRule[0].isenabled = $true
$fwService.FirewallRule[0].description = "Allow all outgoing traffic"
$fwService.FirewallRule[0].protocols = New-Object vmware.vimautomation.cloud.views.firewallRuleTypeProtocols
$fwService.FirewallRule[0].protocols.ANY = $true
$fwService.FirewallRule[0].policy = "allow"
$fwService.FirewallRule[0].destinationIp = "external"
$fwService.FirewallRule[0].sourceip = "internal"
#Second Rule
$fwService.FirewallRule[1].isenabled = $true
$fwService.FirewallRule[1].description = "TS from TSG"
$fwService.FirewallRule[1].protocols = New-Object vmware.vimautomation.cloud.views.firewallRuleTypeProtocols
$fwService.FirewallRule[1].protocols.tcp = $true
$fwService.FirewallRule[1].policy = "allow"
$fwService.FirewallRule[1].port = "3389"
$fwService.FirewallRule[1].destinationIp = "Any"
$fwService.FirewallRule[1].sourceport = "3389"
$fwService.FirewallRule[1].sourceip = "192.168.1.81-192.168.1.89"
$vAppNetwork.Configuration.Features = $vAppNetwork.Configuration.Features | where {!($_ -is [vmware.vimautomation.cloud.views.firewallservice])}
$vAppNetwork.configuration.features += $fwService
$networkConfigSection.UpdateServerData()