Category: NSX Scripts

How to validate if IP is within infrastructure with PowerCLI

Just a little script I saw from Anthony Burke that displays a list of VM name, IP Address, Power State, VMTools Status and VMTools Version.
A blank IP address field indicates power of VM off or VMTools not installed.


Get-VM | Select Name, @{N="IP Address";E={@($_.Guest.IPAddress[0])}}, @{N="PowerState";E={@($_.PowerState)}}, @{N="VMTools Status";E={@($_.ExtensionData.Guest.ToolsStatus)}}, @{N="VMTools Version";E={@($_.Guest.ToolsVersion)}} | ft -auto

 

 

Here is another version, which allows you search by an IP.


$ipsearch = "10.35.254.9”
Get-VM | Select Name, @{N="IP Address";E={@($_.Guest.IPAddress[0])}}, @{N="PowerState";E={@($_.PowerState)}}, @{N="VMTools Status";E={@($_.ExtensionData.Guest.ToolsStatus)}}, @{N="VMTools Version";E={@($_.Guest.ToolsVersion)}} | ? {$_."IP Address" -eq ("$ipsearch")} | ft -auto

 

 

Script to create NSX tag, group and firewall rules

This is a little script to assist in creating NSX items used for micro-segmenting an application.  It assumes that you have PowerCLI and PowerNSX already installed.  These rules are based on the suggestions provided in the VMware NSX Micro-Segmentation Day 2 book.

The script performs;

  • Creates an NSX tag and assigns it to the listed VM’s.
  • Creates a security group and includes the tag
  • Creates a new firewall section
  • Creates  firewall rules.  The rules are disabled so it won’t accidentally cause any issues.


# Jim Streit - jstreit@vmware.com
# Version 3.0

# connect to the NSX Manager
Connect-NsxServer -vCenterServer 192.168.1.111

# Application Name
$appname = "Books"

# Location / Data Center Name
$dc = "Chicago"

# VMs to assign security tag
$stvm = "tinyCore-162","tinyCore-163","tinyCore-164"

# ---- Do Not Edit Below ----

# security tag name
$st = "ST_" + $dc + "_" + $appname

# log tag name
$lt = $dc + "_" + $appname

# security group name
$sg = "SG_" + $dc + "_" + $appname

# firewall section name
$fs = "FP_" + $dc + "_" + $appname

# Create security tag and assign to VM's
New-NsxSecurityTag -Name $st
$stn = Get-NsxSecurityTag -Name $st
foreach ($vm in $stvm) {
get-vm -Name $vm | New-NsxSecurityTagAssignment -ApplyTag $stn
}

#Create security group and add the security tag as a member
New-NsxSecurityGroup -Name $sg
$app = Get-NsxSecurityTag -Name $st
Get-NsxSecurityGroup -Name $sg | Add-NsxSecurityGroupMember -Member $app

#Create firewall section
New-NsxFirewallSection -Name $fs
$sec = Get-NsxFirewallSection -Name $fs

#Create default firewall rules but leave them disabled
$sgn = Get-NsxSecurityGroup $sg
$dfwgrp = "FW_" + $appname + "_SG_SG_Allow"
$dfwany = "FW_" + $appname + "_Any_Any_Catch"
$catch = $appname + "_Catch"
Get-NsxFirewallSection -Name $fs | New-NsxFirewallRule -Name $dfwgrp -Source $sgn -Destination $sgn -Action allow -AppliedTo $sgn -EnableLogging -tag $appname -Position Bottom -Disabled
Get-NsxFirewallSection -Name $fs | New-NsxFirewallRule -Name $dfwany -Destination $sgn -Action allow -AppliedTo $sgn -EnableLogging -tag $catch -Position Bottom -Disabled

Change VM Port Group – changevmportgroup.ps1


#Change VM Port Group - changevmportgroup.ps1
#Erik Hinderer
#ehinderer@vmware.com
#Version 0.3

# Script to migrate all VM vNICs from one portgroup to another
#
# Script takes input (VLAN ID) on the command line and imports a CSV file with candidate VLAN/portgroup information
#
# CSV file: "VLAN","portgroup","wire"
# where "wire" is the ip notation of the network, which is assumed to be the ending string of the virtualwire name
#
# Script is intended to faclitate migrating to/from VXLAN virtual wires
#
# Last modified 8/18/17

$vcenter = "myvcenterFQDN"

$vlan = $args[0]
cls
If (!$vlan) {
  "Please enter a VLAN ID"
} Else { 

  $importportgroups = import-csv c:\scripts\ImportPortGroups.csv
  $portgroup = ($importportgroups | where {$_.VLAN -eq $vlan}).portgroup
  $wire = ($importportgroups | where {$_.VLAN -eq $vlan}).wire

  if (!$defaultviserver) {connect-viserver $vcenter}

  $wirename = get-virtualportgroup |where {$_.name -like "*$($wire)"}

  $pg =   get-virtualportgroup -name $portgroup  

  "`nYou have selected VLAN $($vlan) which maps port group $($pg.name) to virtual wire $($wirename.name)`n" 

  $conf = Read-Host "Is this correct? (Y/N)"
  if ($conf -eq "y") {
    cls  
    "Counting vNICs`n"  
    $vms = get-vm
    $wirevms = $vms| get-networkadapter |where {$_.networkname -eq $wirename.name}
    $pgvms = $vms| get-networkadapter |where {$_.networkname -eq $pg.name}
    "`nThere are $($pgvms.count) VM vNICs on the portgroup and $($wirevms.count) VM vNICs on the virtual wire.`n"
    "Press 1 to move all VMs on the portgroup to the virtual wire.  Press 2 to move all VMs on the virtual wire to the portgroup.`n"
    
    do {  
      $key = Read-Host "Or press C to cancel. [1/2/C]"
    }until ("12C" -match $key)

    if ($key -eq "1") {
      $out = $pgvms | set-networkadapter -networkname $wirename.name -Confirm:$false
    } elseif ($key -eq "2") {
      $out = $wirevms | set-networkadapter -networkname $pg.name -Confirm:$false
    } else {exit }
    "`nMigration completed, recounting vNICs.`n"
    $wirevms = $vms| get-networkadapter |where {$_.networkname -eq $wirename.name}
    $pgvms = $vms| get-networkadapter |where {$_.networkname -eq $pg.name}
    "`nThere are now $($pgvms.count) VM vNICs on the portgroup and $($wirevms.count) VM vNICs on the virtual wire.`n"
}
}