我正在尝试使用 PowerCli 5.1 将防火墙规则添加到 vCloud Director 5.1 中的 vApp 网络。此脚本似乎更新,没有错误,但防火墙设置的刷新显示没有变化。
Connect-CIServer -Server server.domain.local -Org org01 -User administrator -Password xxxxxx -WarningAction SilentlyContinue
$vAppNet = Get-CIVAPP 111 | get-civappnetwork vApp_Network
$vApp = Get-CIVAPP 111
$networkConfigSection = (Get-CIVapp 111).extensiondata.GetNetworkConfigSection()
$fwService = New-Object vmware.vimautomation.cloud.views.firewallservice
$fwService.DefaultAction = "drop"
$fwService.LogDefaultAction = $false
$fwService.IsEnabled = $true
$fwService.FirewallRule = New-Object vmware.vimautomation.cloud.views.firewallrule
$fwService.FirewallRule += New-Object vmware.vimautomation.cloud.views.firewallrule
$fwService.FirewallRule[0].isenabled = $true
$fwService.FirewallRule[0].description = "TS from TSG"
$fwService.FirewallRule[0].protocols = New-Object vmware.vimautomation.cloud.views.firewallRuleTypeProtocols
$fwService.FirewallRule[0].protocols.tcp = $true
$fwService.FirewallRule[0].policy = "allow"
$fwService.FirewallRule[0].port = "3389"
$fwService.FirewallRule[0].destinationIp = "Any"
$fwService.FirewallRule[0].sourceport = "3389"
$fwService.FirewallRule[0].sourceip = "192.168.1.81-192.168.1.89"
$fwService.FirewallRule[0].direction = "in"
$vAppNet.extensiondata.configuration.features += $fwService
$networkConfigSection.UpdateServerData()
当我运行 $vAppNet.extensiondata.configuration.features 以检查它是否已添加时,我在 NAT 条目之后的第 3 部分看到它...
PowerCLI C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI for Tenants> $vAppNet.extensiondata.configuration.features
DefaultAction : drop
LogDefaultAction : False
FirewallRule :
IsEnabled : True
AnyAttr :
VCloudExtension :
NatType : ipTranslation
Policy : allowTrafficIn
NatRule :
ExternalIp :
IsEnabled : True
AnyAttr :
VCloudExtension :
DefaultAction : drop
LogDefaultAction : False
FirewallRule : {, }
IsEnabled : True
AnyAttr :
VCloudExtension :
-------------------------------------------------- -----------------------------------------稍微更改脚本会在执行过程中产生错误更新.................
Connect-CIServer -Server server.domain.local -Org org01 -User administrator -Password xxxxxx -WarningAction SilentlyContinue
$vAppNet = get-civappnetwork vApp_Network
$vApp = Get-CIVAPP 111
$networkConfigSection = (Get-CIVapp 111).extensiondata.GetNetworkConfigSection()
$vAppNetwork = $networkConfigSection.NetworkConfig | where {$_.networkName -eq "vApp_Network"}
$fwService = New-Object vmware.vimautomation.cloud.views.firewallservice
$fwService.DefaultAction = "drop"
$fwService.LogDefaultAction = $false
$fwService.IsEnabled = $false
$fwService.FirewallRule = New-Object vmware.vimautomation.cloud.views.firewallrule
$fwService.FirewallRule += New-Object vmware.vimautomation.cloud.views.firewallrule
$fwService.FirewallRule[0].isenabled = $false
$fwService.FirewallRule[0].description = "TS from TSG"
$fwService.FirewallRule[0].protocols = New-Object vmware.vimautomation.cloud.views.firewallRuleTypeProtocols
$fwService.FirewallRule[0].protocols.tcp = $true
$fwService.FirewallRule[0].policy = "allow"
$fwService.FirewallRule[0].port = "3389"
$fwService.FirewallRule[0].destinationIp = "Any"
$fwService.FirewallRule[0].sourceport = "3389"
$fwService.FirewallRule[0].sourceip = "192.168.1.81-192.168.1.89"
$fwService.FirewallRule[0].direction = "in"
$vAppNetwork.Configuration.Features = $vAppNetwork.Configuration.Features | where {!($_ -is [vmware.vimautomation.cloud.views.firewallservice])}
$vAppNetwork.configuration.features += $fwService
$networkConfigSection.UpdateServerData()
错误
使用“0”参数调用“UpdateServerData”的异常:“错误请求 - 意外的 JAXB 异常 - cvc-complex-type.2.4.b:元素“FirewallRule”的内容不完整。“{”xxxx 之一: //xxx。vmware.com/vcloud/v1.5":VCloudExtension, "xxxx://xxx.vmware.com/vcloud/v1.5":Id, "xxxx://xxx.vmware.com/vcloud/v1.5" :IsEnabled, "xxx://xxxx.vmware.com/vcloud/v1.5":MatchOnTranslate, "xxxx://www.vmware.com /vcloud/v1.5":Description, "xxxx://xxx. vmware.com/vcloud/v1.5”:策略,“xxxx://xxx.vmware.com/vcloud/v1.5”:协议,“xxxx://xxx.vmware.com/vcloud/v1.5” :IcmpSubType, " http://xxx.vmware.com/vcloud/v1.5":端口, "xxxx://xxx.vmware.com/vcloud/v1.5":DestinationPortRange, "xxxx://xxx.vmware.com/vcloud/v1.5":DestinationIp, "xxxx:// xxx.vmware.com/vcloud/v1.5":DestinationVm}' 是预期的。" 在 line:1 char:39 + $networkConfigSection.UpdateServerData <<<< () + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : DotNetMethodException
我一直无法弄清楚如何成功更新。请,任何帮助将不胜感激。