0

我正在尝试使用 PowerCli 5.1 将防火墙规则添加到 vCloud Director 5.1 中的 vApp 网络。此脚本似乎更新,没有错误,但防火墙设置的刷新显示没有变化。

Connect-CIServer -Server server.domain.local -Org org01 -User administrator -Password xxxxxx -WarningAction SilentlyContinue
$vAppNet = Get-CIVAPP 111 | get-civappnetwork vApp_Network
$vApp = Get-CIVAPP 111
$networkConfigSection = (Get-CIVapp 111).extensiondata.GetNetworkConfigSection()
$fwService = New-Object vmware.vimautomation.cloud.views.firewallservice
$fwService.DefaultAction = "drop"
$fwService.LogDefaultAction = $false
$fwService.IsEnabled = $true
$fwService.FirewallRule = New-Object vmware.vimautomation.cloud.views.firewallrule
$fwService.FirewallRule += New-Object vmware.vimautomation.cloud.views.firewallrule
$fwService.FirewallRule[0].isenabled = $true
$fwService.FirewallRule[0].description = "TS from TSG"
$fwService.FirewallRule[0].protocols = New-Object vmware.vimautomation.cloud.views.firewallRuleTypeProtocols
$fwService.FirewallRule[0].protocols.tcp = $true
$fwService.FirewallRule[0].policy = "allow"
$fwService.FirewallRule[0].port = "3389"
$fwService.FirewallRule[0].destinationIp = "Any"
$fwService.FirewallRule[0].sourceport = "3389"
$fwService.FirewallRule[0].sourceip = "192.168.1.81-192.168.1.89"
$fwService.FirewallRule[0].direction = "in"
$vAppNet.extensiondata.configuration.features += $fwService
$networkConfigSection.UpdateServerData()

当我运行 $vAppNet.extensiondata.configuration.features 以检查它是否已添加时,我在 NAT 条目之后的第 3 部分看到它...

PowerCLI C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI for Tenants> $vAppNet.extensiondata.configuration.features

DefaultAction    : drop
LogDefaultAction : False
FirewallRule     :
IsEnabled        : True
AnyAttr          :
VCloudExtension  :

NatType         : ipTranslation
Policy          : allowTrafficIn
NatRule         :
ExternalIp      :
IsEnabled       : True
AnyAttr         :
VCloudExtension :

DefaultAction    : drop
LogDefaultAction : False
FirewallRule     : {, }
IsEnabled        : True
AnyAttr          :
VCloudExtension  :

-------------------------------------------------- -----------------------------------------稍微更改脚本会在执行过程中产生错误更新.................

Connect-CIServer -Server server.domain.local -Org org01 -User administrator -Password  xxxxxx -WarningAction SilentlyContinue
$vAppNet = get-civappnetwork vApp_Network
$vApp = Get-CIVAPP 111
$networkConfigSection = (Get-CIVapp 111).extensiondata.GetNetworkConfigSection()
$vAppNetwork = $networkConfigSection.NetworkConfig | where {$_.networkName -eq "vApp_Network"}
$fwService = New-Object vmware.vimautomation.cloud.views.firewallservice
$fwService.DefaultAction = "drop"
$fwService.LogDefaultAction = $false
$fwService.IsEnabled = $false 
$fwService.FirewallRule = New-Object vmware.vimautomation.cloud.views.firewallrule
$fwService.FirewallRule += New-Object vmware.vimautomation.cloud.views.firewallrule  
$fwService.FirewallRule[0].isenabled = $false
$fwService.FirewallRule[0].description = "TS from TSG"
$fwService.FirewallRule[0].protocols = New-Object vmware.vimautomation.cloud.views.firewallRuleTypeProtocols
$fwService.FirewallRule[0].protocols.tcp = $true
$fwService.FirewallRule[0].policy = "allow"
$fwService.FirewallRule[0].port = "3389"
$fwService.FirewallRule[0].destinationIp = "Any"
$fwService.FirewallRule[0].sourceport = "3389"
$fwService.FirewallRule[0].sourceip = "192.168.1.81-192.168.1.89"
$fwService.FirewallRule[0].direction = "in"
$vAppNetwork.Configuration.Features = $vAppNetwork.Configuration.Features | where {!($_ -is [vmware.vimautomation.cloud.views.firewallservice])}
$vAppNetwork.configuration.features += $fwService
$networkConfigSection.UpdateServerData()

错误

使用“0”参数调用“UpdateServerData”的异常:“错误请求 - 意外的 JAXB 异常 - cvc-complex-type.2.4.b:元素“FirewallRule”的内容不完整。“{”xxxx 之一: //xxx。vmware.com/vcloud/v1.5":VCloudExtension, "xxxx://xxx.vmware.com/vcloud/v1.5":Id, "xxxx://xxx.vmware.com/vcloud/v1.5" :IsEnabled, "xxx://xxxx.vmware.com/vcloud/v1.5":MatchOnTranslate, "xxxx://www.vmware.com /vcloud/v1.5":Description, "xxxx://xxx. vmware.com/vcloud/v1.5”:策略,“xxxx://xxx.vmware.com/vcloud/v1.5”:协议,“xxxx://xxx.vmware.com/vcloud/v1.5” :IcmpSubType, " http://xxx.vmware.com/vcloud/v1.5":端口, "xxxx://xxx.vmware.com/vcloud/v1.5":DestinationPortRange, "xxxx://xxx.vmware.com/vcloud/v1.5":DestinationIp, "xxxx:// xxx.vmware.com/vcloud/v1.5":DestinationVm}' 是预期的。" 在 line:1 char:39 + $networkConfigSection.UpdateServerData <<<< () + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : DotNetMethodException

我一直无法弄清楚如何成功更新。请,任何帮助将不胜感激。

4

1 回答 1

0

我找到了答案,这是给任何需要它的人的。

$vAppNet = Get-CIVAPP 111 | Get-CIVAppNetwork vApp_Network
$vApp = Get-CIVAPP 111
$networkConfigSection = (Get-CIVapp 111).extensiondata.GetNetworkConfigSection()
$vAppNetwork = $networkConfigSection.NetworkConfig | where {$_.networkName -eq "vApp_Network"}

$fwService = New-Object vmware.vimautomation.cloud.views.firewallservice
$fwService.DefaultAction = "drop"
$fwService.LogDefaultAction = $false
$fwService.IsEnabled = $true
$fwService.FirewallRule = New-Object vmware.vimautomation.cloud.views.firewallrule
$fwService.FirewallRule += New-Object vmware.vimautomation.cloud.views.firewallrule 

#First Rule 
$fwService.FirewallRule[0].isenabled = $true
$fwService.FirewallRule[0].description = "Allow all outgoing traffic"
$fwService.FirewallRule[0].protocols = New-Object vmware.vimautomation.cloud.views.firewallRuleTypeProtocols
$fwService.FirewallRule[0].protocols.ANY = $true
$fwService.FirewallRule[0].policy = "allow"
$fwService.FirewallRule[0].destinationIp = "external"
$fwService.FirewallRule[0].sourceip = "internal"

#Second Rule 
$fwService.FirewallRule[1].isenabled = $true
$fwService.FirewallRule[1].description = "TS from TSG"
$fwService.FirewallRule[1].protocols = New-Object vmware.vimautomation.cloud.views.firewallRuleTypeProtocols
$fwService.FirewallRule[1].protocols.tcp = $true
$fwService.FirewallRule[1].policy = "allow"
$fwService.FirewallRule[1].port = "3389"
$fwService.FirewallRule[1].destinationIp = "Any"
$fwService.FirewallRule[1].sourceport = "3389"
$fwService.FirewallRule[1].sourceip = "192.168.1.81-192.168.1.89"

$vAppNetwork.Configuration.Features = $vAppNetwork.Configuration.Features | where {!($_ -is [vmware.vimautomation.cloud.views.firewallservice])}
$vAppNetwork.configuration.features += $fwService
$networkConfigSection.UpdateServerData()
于 2013-08-14T12:52:14.020 回答