VMware Cloud Community
jquickuk
Contributor
Contributor
‎02-19-2023 10:18 AM

PowerCLI NSX-T - Create Security Groups

I am looking for help to create security groups using PowerCLI for NSX-T on a Global Manager. I am new to PowerCLI, but I have manged to create segments ad DFW with no problem, however, I am struggling with the groups.

I am happy with the following...

 

$group = Initialize-Group -DisplayName $GroupName -Expression @($criteria)
$CreateGroup = Invoke-PatchGroupForDomain -DomainId default -Group $group -GroupId $GroupName

 

It is the Expression values I am having issues with. I only need the group to contain one segment and I want to reference the Segment ID rather than using tags.
 
I have tried the following but to no avail where I receive a long error message.
$GroupName = "JQ-Test-Group"
$cond = Initialize-Condition -ResourceType Condition -Id $GroupName -MemberType "Segment" -Value "JQ-Test-Segment" -Key "Tag" -Operator "EQUALS"
$group = Initialize-Group -DisplayName $GroupName -Expression @($cond)
$createdGroup = Invoke-PatchGroupForDomain -DomainId default -Group $group -GroupId $GroupName

 

 

 

I have spent a lot of time searching online but I am struggling to find anything I can use, although that may be due to me lack of understanding.

Any help would be greatly appreciated, even if it is just to point me in the right direction!

Labels (4)
0 Kudos
2 Replies
ggovek
Enthusiast
Enthusiast
‎04-17-2023 12:22 AM

How do I create Security Groups in Global Manager with PowerCLI 13.0. 

With the Code bellow I received back this error:

Code:

 

$MemberType="VirtualMachine"
$Key="name"
$Operator="EQUALS"
$GroupName = "TEST2"
$cond = Initialize-Condition -ResourceType Condition -Id $GroupName -MemberType $MemberType -Value $GroupName -Key $Key -Operator $Operator
$group = Initialize-Group -DisplayName $GroupName -Expression @($cond)
$createdGroup = Invoke-PatchGroupForDomain -Server $n -DomainId default -Group $group -GroupId $GroupName

 

 
Error:
 

 

Invoke-PatchGroupForDomain : Error calling PatchGroupForDomain: {
"httpStatus" : "BAD_REQUEST",
"error_code" : 500517,
"module_name" : "Policy",
"error_message" : "Local resource cannot accessed on the global manager."
}
At line:1 char:17
+ ... atedGroup = Invoke-PatchGroupForDomain -Server $n -DomainId default - ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Invoke-PatchGroupForDomain], ApiException
+ FullyQualifiedErrorId : VMware.Binding.OpenApi.Client.ApiException,VMware.Sdk.Nsx.Policy.Api.PolicyApi.InvokePatchGroupForDomain

 

 

0 Kudos
ggovek
Enthusiast
Enthusiast
‎04-17-2023 04:46 AM

I found a solution and changed only this command:

 

$createdGroup = Invoke-PatchGroupForDomain -Server $n -DomainId default -Group $group -GroupId $GroupName

 

to

 

$createdGroup = Invoke-GlobalInfraPatchGroupForDomain -Server $n -DomainId default -Group $group -GroupId $GroupName

 

 

With Get-Command -Module VMware.Sdk.Nsx.Policy we get all the necessary commands for NSX Module.

0 Kudos