Hello,
Can someone please help me on this:
We have almost 400 ESX hosts sitting in multiple vCenters. As a part of syslog configuration we have to add a new rule in each ESX hosts since we are using a different port for its communication as per syslog team. Some of the esx hosts already have that Firewall rule created. But many of them are missing.
Here I have the ESX hosts name (FQDN) in one notepad, that require the new firewall rule needed. Lets say notepad name is; 'ESXhostName' and its location is: D:\ESX
To create new Firewall rule in esx host, I have copied the firewall xml file (Lets say it name is: 'CompanyFirewall') in my local drive: D:\File\CompanyFirewall.xml
This is the xml file:
<service id="0032">
<id>concast backport</id>
<rule id='0000'>
<direction>outbound</direction>
<protocol>udp</protocol>
<porttype>dst</porttype>
<port>2004</port>
</rule>
<enabled>true</enabled>
<required>false</required>
</service>
Task:
Adding this xml file in each esx hosts is time consuming. Hence can someone please help me creating a script that I can
> Get the esx hosts from that notepad and
> login with root credentials and
> copy the xml file from my local drive and paste it in the esx hosts firewall location: /etc/vmware/firewall and (Not sure how can it possible)
> Refresh the firewall for each esx host (We may need to modify this command as per the script)
Got the below commands for refreshing the firewall from this link: vSphere PowerCLI - Configure syslog on VMware ESXi hosts and Enable security profile firewall | vGee...
$esxcli = Get-EsxCli -VMHost esxi002.vcloud-lab.com -V2
$esxcli.network.firewall.refresh.Invoke()
> Disconnect the host from the session
> Get the next host from the notepad and do the same task again
Also to work the command: esxcli network firewall refresh, I have to remove that '-ErrorAction Stop' from the script;
This worked too
$session = New-SSHSession -ComputerName $esxFQDN -Credential $cred –AcceptKey
Invoke-SSHCommand -SSHSession $session -Command ' esxcli network firewall refresh'
Then use the 1st script.
This has been going on long enough
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
When the file copy fails in the Try-Catch, the SSH session will not be executed for that ESXi node.
I'm wondering, have you ever used PowerSHell/PowerCLI before?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Sure, thank you very much.
Your second script also worked perfectly except that SSH display for the incorrect password.
I really appreciate your time with this matter. Thank you very much again. I am going to create one more script for copying that file in all the esx hosts in the vCenter using your scripts.
Once again, Thank you very much...
No, I have not. This is my beginning. I am in the very initial stage. Very recently started using power shell
No problem.
You didn't pick an easy task to start :smileygrin:
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Yes, I know. My situations demanded. This is my second one going through.
But I really appreciate your time for this script and the explanations. Thank you.