Hi everyone,
I'm wondering whether anyone else has noticed this limitation/bug within the PowerCLI.
How can I query whether a security (or other) policy on a portgroup is "unset"? When I browse through the SDK () i can correctly see the value as "unset". When it is queried from within PowerCLI it is returned as "false" which is wrong.
Try this on a portgroup which has it's promiscuous security policy unticked (ie. inhertied from the vSwitch):
(get-vmhost -name "esx1.domain.com").id
$hostview = get-view -id (get-vmhost -name "esx1.domain.com").id
$hostview.Config.Network.portgroup[1].spec.policy.security.AllowPromiscuous
And you will get a return value of "false" which is wrong. I'm assuming it should be $null... Is there any other way to tell that this is unset?
Basically what I am trying to do is copy an existing port group with all of its settings by copying the spec across, this doesn't work as all the "unset" values come across incorrectly.
Cheers,
Mike
Actually, I do get $NULL when I try this. I've just made a test portgroup named 'test'
-
$vmhost = Get-vmhost
$Hostview = $vmhost[1] | get-view
$pg = $Hostview.config.network.portgroup | Where {$_.key -like "*-test"}
$pg.spec.policy
Security :
NicTeaming :
OffloadPolicy :
ShapingPolicy :
DynamicType :
DynamicProperty :
-
All enherited from the vSwitch, so all empty as expected....
But when I do set the policy to reject promiscuous mode i see the following:
-
$vmhost = Get-vmhost
$Hostview = $vmhost[1] | get-view
$pg = $Hostview.config.network.portgroup | Where {$_.key -like "*-test"}
$pg.spec.policy
Security : VMware.Vim.HostNetworkSecurityPolicy
NicTeaming :
OffloadPolicy :
ShapingPolicy :
DynamicType :
DynamicProperty :
$pg.spec.policy.security.allowpromiscuous
False
-
What version of PowerCLI and vCenter/ESX are you using?
We're using the latest:
4.0.1 build 208462
I don't see any properties ending in "bq" though - where are you getting these from?
Sorry, 'bq' didn't belong there, the awesome rich text editor messed up my post..
I see what you're saying... You're saynig that the $null values are one level higher telling you whether any of the values are set within?
C:\> $hstview.Config.Network.portgroup[1].spec.policy
Security : VMware.Vim.HostNetworkSecurityPolicy
NicTeaming :
OffloadPolicy :
ShapingPolicy : VMware.Vim.HostNetworkTrafficShapingPolicy
DynamicType :
DynamicProperty :
So, in the above case you can see that I've set the security policy and the shaping policy. But, how do you tell which of the values out of the 3 (say) security values is set?
Actually this doesn't work in reality - when I double-checked this portgroup, none of these values were set... perhaps a non-null value means that they have historically been set to something? But doesn't tell you whether they are currently set...
I can confirm this is a bug. I've reached out to see if there is any workaround and will update.
=====
Carter Shanklin
Read the PowerCLI Blog
[Follow me on Twitter|http://twitter.com/cshanklin]
It indeed seems to be a bug, after unchecking the policy in the VI client, it still appears active when querying in PowerCLI. Tried getting there through the Networksystem, but that also gives the incorrect information
-
$NetworkSystem = Get-view $Hostview.configmanager.networksystem
$NetworkSystem.networkconfig.portgroup[5].spec
Name : test
VlanId : 0
VswitchName : vSwitch1
Policy : VMware.Vim.HostNetworkPolicy
DynamicType :
DynamicProperty :
$NetworkSystem.networkconfig.portgroup[5].spec.policy
Security : VMware.Vim.HostNetworkSecurityPolicy
NicTeaming :
OffloadPolicy :
ShapingPolicy :
DynamicType :
DynamicProperty :
$NetworkSystem.networkconfig.portgroup[5].spec.policy.Security
AllowPromiscuous : False
MacChanges : False
ForgedTransmits : False
DynamicType :
DynamicProperty :
-
The only difference is now is that I actually get the policy information of the above vSwitch
Since you only want to copy all the vSwitch and Portgroup information, what you propably could do as a work-around is compare the portgroup policy with it's vSwitch policy and leave it alone if it's the same...
Carter, any update on this?