Hi, french & junior (vmWare) but still alive
Existing :
1DC/1Cluster/3ESXI/Vsphere6.7u2
VMware PowerCLI 11.5.0 build 14912921
PowerShell 5/1/14409/1018
vswitch0(management), vswitch1(vm)
2 Usergroups (G,U)
20 users/group (G201,...G220 ; U101,...U120)
Each user got his own private space (ex for user G201)
VMs&templates/G/G201 : VM1,VM2,,,
storage/G : here, no private folder, all the G group VMs are stored here.
networking/Pedago/G/G201 : G-lan-2010, G-lan-2011,..
vSwitch2 created, nic attached, no vlan created in yet.
Expecting :
Create 10 new vlan for each user of group 'G' (using a .csv import) in vswitch2.
- With role/permission (each user can see & operate only its own vm, & same for it own vlan)
- Each user vlan should reach the network folder of the user (to not have to drag it by mouse)
Bonus :
How can I get the full path to a user folder ? Are the vPG at root or in specific folders ?
For example : Network folder of user G201 is in folder 'G', wich is (i think) in 'Students', wich is (i m still not sure) in 'Pedago', wich is in.... network folder. 'Get-Folder' gave me some informations but I m not sure of the real good fullpath. I have to manage something I didn't instal.
Thanks a lot for your help, I had already some hours of search over the net about it and tried some scripts, sadly without the expected result.
Strange result for me...
It seems only the last PG of the last user in the .csv file was managed by the script. A kind of loop ? 18 X "Waiting for PG UFA2149 creation Done", instead of 3 (because 3 ESXi).
I tested with 2 users, 3 vlans, overs 3 esxi = 2*3*3=18. I'm sure you count very well It's just to give you max of informations and what I asked to the script.
At the far end, only the VLan UFA2149 was created, witth VLanID : 9 (and not 2149 as expected).
Errors in the attached file.
I may modify my .csv if it's an easiest way to go. For example, usergroupType=UFA, username=213, and in the script $user="$usergroupType"+"$username". VLanID could be $VLanID="$username"+"$vlanlist" (not sure for this last one, but just to telle you I may modify somethings if necessary.
For the VLANId that probably needs to be -VLanId ([int]("$userId$_"))
It seems your CSV file contains 2 columns, while I assumed that there would be only 1 column (UserName).
So instead of having
UserName
UFA213
you seem to have
UserGroupType,UserName
UFA,213
Is that correct?
Because then the script needs some changes.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I understand and verified the .csv and it was based on our last case, managed in december (Re: Individual permissions on Esx resources (networks/portgroup, datastore/directory,...) from a lis... ). I apologize, I used to say some message above that username was UFA213. I mixed up.
User |
SIO/UFA213 |
.csv used for the thest attached.
Ok, in that case the CSV is like I used in the last script.
Did you try the other change (for the VLANId) I suggested?
Does it work now?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
-VLanId ([int]("$userId$_")) correction : works just fine !
Everything in the script was perfectly done.
PS C:\script> C:\Users\adminl\Desktop\10032020\NewPGPermission5.ps1
Waiting for PG UFA2137 creation ............ Done
Waiting for PG UFA2138 creation ............ Done
Waiting for PG UFA2139 creation .......... Done
Waiting for PG UFA2137 creation ............. Done
Waiting for PG UFA2138 creation ...... Done
Waiting for PG UFA2139 creation ......... Done
Waiting for PG UFA2137 creation .......... Done
Waiting for PG UFA2138 creation .......... Done
Waiting for PG UFA2139 creation .................................. Done
Wait for PG removal in UFA214 Done
Waiting for PG UFA2147 creation ........ Done
Waiting for PG UFA2148 creation .......... Done
Waiting for PG UFA2149 creation ......... Done
Waiting for PG UFA2147 creation ....... Done
Waiting for PG UFA2148 creation ...... Done
Waiting for PG UFA2149 creation ...... Done
Waiting for PG UFA2147 creation .......... Done
Waiting for PG UFA2148 creation ............ Done
Waiting for PG UFA2149 creation .......... Done
PS C:\script>
My 2 "test VMs" created for UFA213 user with the new vlan UFA2137 can ping each other. Only when they are hosted in the same esxi, when I separate them, I get this : "Destination Host Unreachable". I used to meet this problem before this script. To get around it, I have been using VM/Host Rules (Cluster Configuration), but I doubt it's the best practice, consuming vMotion & network use. Another way ?
About a script to export actual VMs using actual PG in folders I need to recreate with new PG(+same VLanID than actual PG) t?
Shall I close this discussion and open new one for each of these 2 last questions ?
Are the pNICs used in the vSwitches connected to switch ports that have the same VLAN tagging?
This is probably not a VMware issue (since it works when on the same ESXi node) but might be a physical network issue.
Yes, for the VM migration question I would prefer a new thread.
Otherwise, this thread becomes too long and complex.
Make sure to document exactly what the current situation is and where you want to go.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Are the pNICs used in the vSwitches connected to switch ports that have the same VLAN tagging?
If I understand your question and to try to answer it : pNIC is used for the vSwitch2 on which we worked over your script. VLAN tagging is the same for each vSwitch in each ESXi.
In fact, during a few months after the delivery of the cluster, VMs in same VLan were able to communicate even when in different ESXi. It seems it's when we created more VMs and more PG than problems went growing.
At this moment we have 313 VMs and 157 networks. I don't think we esceeded the configuration maximums with vsphere 6.7.
I will open a new thread.
Thanks a lot for your efficacy and your patience.
Did this perhaps happen after you implemented 6.7U3?
There are some mentions of network issues after 6.7U3.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference