Question

我正在尝试使用PowerCli 5.1在vCloud Director 5.1中将防火墙规则添加到vApp网络。此脚本似乎更新，没有任何错误，但刷新防火墙设置显示没有任何更改。

Connect-CIServer -Server server.domain.local -Org org01 -User administrator -Password xxxxxx -WarningAction SilentlyContinue
$vAppNet = Get-CIVAPP 111 | get-civappnetwork vApp_Network
$vApp = Get-CIVAPP 111
$networkConfigSection = (Get-CIVapp 111).extensiondata.GetNetworkConfigSection()
$fwService = New-Object vmware.vimautomation.cloud.views.firewallservice
$fwService.DefaultAction = "drop"
$fwService.LogDefaultAction = $false
$fwService.IsEnabled = $true
$fwService.FirewallRule = New-Object vmware.vimautomation.cloud.views.firewallrule
$fwService.FirewallRule += New-Object vmware.vimautomation.cloud.views.firewallrule
$fwService.FirewallRule[0].isenabled = $true
$fwService.FirewallRule[0].description = "TS from TSG"
$fwService.FirewallRule[0].protocols = New-Object vmware.vimautomation.cloud.views.firewallRuleTypeProtocols
$fwService.FirewallRule[0].protocols.tcp = $true
$fwService.FirewallRule[0].policy = "allow"
$fwService.FirewallRule[0].port = "3389"
$fwService.FirewallRule[0].destinationIp = "Any"
$fwService.FirewallRule[0].sourceport = "3389"
$fwService.FirewallRule[0].sourceip = "192.168.1.81-192.168.1.89"
$fwService.FirewallRule[0].direction = "in"
$vAppNet.extensiondata.configuration.features += $fwService
$networkConfigSection.UpdateServerData()

当我运行$ vAppNet.extensiondata.configuration.features检查它是否已添加时，我在NAT输入后的第3部分看到它...

PowerCLI C：\ Program Files（x86）\ VMware \ Infrastructure \ vSphere PowerCLI for Tenants＆gt; $ vAppNet.extensiondata.configuration.features

DefaultAction    : drop
LogDefaultAction : False
FirewallRule     :
IsEnabled        : True
AnyAttr          :
VCloudExtension  :

NatType         : ipTranslation
Policy          : allowTrafficIn
NatRule         :
ExternalIp      :
IsEnabled       : True
AnyAttr         :
VCloudExtension :

DefaultAction    : drop
LogDefaultAction : False
FirewallRule     : {, }
IsEnabled        : True
AnyAttr          :
VCloudExtension  :

----------------------------------------------- --------------------------------------------稍微更改脚本会产生更新期间出错.................

Connect-CIServer -Server server.domain.local -Org org01 -User administrator -Password  xxxxxx -WarningAction SilentlyContinue
$vAppNet = get-civappnetwork vApp_Network
$vApp = Get-CIVAPP 111
$networkConfigSection = (Get-CIVapp 111).extensiondata.GetNetworkConfigSection()
$vAppNetwork = $networkConfigSection.NetworkConfig | where {$_.networkName -eq "vApp_Network"}
$fwService = New-Object vmware.vimautomation.cloud.views.firewallservice
$fwService.DefaultAction = "drop"
$fwService.LogDefaultAction = $false
$fwService.IsEnabled = $false 
$fwService.FirewallRule = New-Object vmware.vimautomation.cloud.views.firewallrule
$fwService.FirewallRule += New-Object vmware.vimautomation.cloud.views.firewallrule  
$fwService.FirewallRule[0].isenabled = $false
$fwService.FirewallRule[0].description = "TS from TSG"
$fwService.FirewallRule[0].protocols = New-Object vmware.vimautomation.cloud.views.firewallRuleTypeProtocols
$fwService.FirewallRule[0].protocols.tcp = $true
$fwService.FirewallRule[0].policy = "allow"
$fwService.FirewallRule[0].port = "3389"
$fwService.FirewallRule[0].destinationIp = "Any"
$fwService.FirewallRule[0].sourceport = "3389"
$fwService.FirewallRule[0].sourceip = "192.168.1.81-192.168.1.89"
$fwService.FirewallRule[0].direction = "in"
$vAppNetwork.Configuration.Features = $vAppNetwork.Configuration.Features | where {!($_ -is [vmware.vimautomation.cloud.views.firewallservice])}
$vAppNetwork.configuration.features += $fwService
$networkConfigSection.UpdateServerData()

错误

使用“0”参数调用“UpdateServerData”的异常：“错误的请求 - 意外的JAXB异常 - cvc-complex-type.2.4.b：元素'FirewallRule'的内容不完整。其中一个'{ “XXXX：// XXX。 vmware.com/vcloud/v1.5":VCloudExtension，“xxxx：//xxx.vmware.com/vcloud/v1.5”：Id，“xxxx：//xxx.vmware.com/vcloud/v1.5” ：IsEnabled，“xxx：//xxxx.vmware.com/vcloud/v1.5”：MatchOnTranslate，“xxxx：//www.vmware.com /vcloud/v1.5":Description,"xxxx：//xxx.vmware.com/vcloud/v1.5“：Policy，”xxxx：//xxx.vmware.com/vcloud/v1.5“：协议， “xxxx：//xxx.vmware.com/vcloud/v1.5”：IcmpSubType，“http://xxx.vmware.com/vcloud/v1.5”：P ort，“xxxx：//xxx.vmware.com/vcloud/v1.5”：DestinationPortRange，“xxxx：//xxx.vmware.com/vcloud/v1.5”：DestinationIp，“xxxx：//xxx.vmware预计.com / vcloud / v1.5“：DestinationVm}”。在线：1字符：39 + $ networkConfigSection.UpdateServerData＆lt;＆lt;＆lt;＆lt; （） + CategoryInfo：NotSpecified：（:) []，MethodInvocationException + FullyQualifiedErrorId：DotNetMethodException

我无法弄清楚如何成功更新。拜托，非常感谢任何帮助。

Answer 1

我找到了答案，这是适合任何需要它的人。

$vAppNet = Get-CIVAPP 111 | Get-CIVAppNetwork vApp_Network
$vApp = Get-CIVAPP 111
$networkConfigSection = (Get-CIVapp 111).extensiondata.GetNetworkConfigSection()
$vAppNetwork = $networkConfigSection.NetworkConfig | where {$_.networkName -eq "vApp_Network"}

$fwService = New-Object vmware.vimautomation.cloud.views.firewallservice
$fwService.DefaultAction = "drop"
$fwService.LogDefaultAction = $false
$fwService.IsEnabled = $true
$fwService.FirewallRule = New-Object vmware.vimautomation.cloud.views.firewallrule
$fwService.FirewallRule += New-Object vmware.vimautomation.cloud.views.firewallrule 

#First Rule 
$fwService.FirewallRule[0].isenabled = $true
$fwService.FirewallRule[0].description = "Allow all outgoing traffic"
$fwService.FirewallRule[0].protocols = New-Object vmware.vimautomation.cloud.views.firewallRuleTypeProtocols
$fwService.FirewallRule[0].protocols.ANY = $true
$fwService.FirewallRule[0].policy = "allow"
$fwService.FirewallRule[0].destinationIp = "external"
$fwService.FirewallRule[0].sourceip = "internal"

#Second Rule 
$fwService.FirewallRule[1].isenabled = $true
$fwService.FirewallRule[1].description = "TS from TSG"
$fwService.FirewallRule[1].protocols = New-Object vmware.vimautomation.cloud.views.firewallRuleTypeProtocols
$fwService.FirewallRule[1].protocols.tcp = $true
$fwService.FirewallRule[1].policy = "allow"
$fwService.FirewallRule[1].port = "3389"
$fwService.FirewallRule[1].destinationIp = "Any"
$fwService.FirewallRule[1].sourceport = "3389"
$fwService.FirewallRule[1].sourceip = "192.168.1.81-192.168.1.89"

$vAppNetwork.Configuration.Features = $vAppNetwork.Configuration.Features | where {!($_ -is [vmware.vimautomation.cloud.views.firewallservice])}
$vAppNetwork.configuration.features += $fwService
$networkConfigSection.UpdateServerData()

使用PowerCli 5.1将防火墙规则添加到vApp网络

----------------------------------------------- --------------------------------------------稍微更改脚本会产生更新期间出错.................

错误

1 个答案: