I have a big list of ESXi server that require a lot of change to modify firewall policy for allowed ip's
my idea is to creat a script that can change these services and get a report for what was changed from old value to old value
for sure the script need to be created in a way that ESXi should be added in a seperate file
Below are the list and their required value
Row 1:Service Name,Enabled,Setting,Status
Row 2:ntpClient,true,allIp,true
Row 3:vSphereClient,true,allIp,true
Row 4:dns,true,allIp,true
Row 5:HPProvider,true,allIp,true
Row 6:activeDirectoryAll,true,allIp,true
Row 7:WOL,true,allIp,true
Row 8:nfsClient,true,allIp,false
Row 9:vsanvp,true,allIp,true
Row 10:esxupdate,true,allIp,true
Row 11:dynamicruleset,true,allIp,true
Row 12:CIMHttpsServer,true,allIp,true
Row 13:cmmds,true,allIp,true
Row 14:autodeploy,true,allIp,true
Row 15:rabbitmqproxy,true,allIp,true
Row 16:faultTolerance,true,allIp,true
Row 17:snmp,true,allIp,true
Row 18:CIMHttpServer,true,allIp,true
Row 19:dhcp,true,allIp,true
Row 20:syslog,true,allIp,true
Row 21:CIMSLP,true,allIp,true
Row 22:rdt,true,allIp,true
Row 23:fdm,true,allIp,true
Row 24:vMotion,true,allIp,true
Row 25:DHCPv6,true,allIp,true
Row 26:NFC,true,allIp,true
Row 27:HBR,true,allIp,true
Row 28:sshClient,true,allIp,true
Row 29:sshServer,true,allIp,true
Row 30:webAccess,true,allIp,true
Row 31:vpxHeartbeats,true,allIp,true
I'm using the below script which help me to set value for only one service
$esx = Get-VMHost -Name ESXTEST
$esxcli = Get-Esxcli -VMHost $esx -V2
$arguments = @{
rulesetid = 'sshServer'
enabled = $true
allowedall = $false
}
$esxcli.network.firewall.ruleset.set.Invoke($arguments)
any idea?
any suggestions?
You could use 2 nested foreach loops, one over all the ESXi nodes and the other one through the complete CSV.
Something like this for example.
I assume that the 'allip' in your CSV means 'allowedall = $true'
Also, is there a need to test the current value first?
In this form, the script just calls the method for each service, independent of the current setting.
#
# Service Name,Enabled,Setting,Status
# ntpClient,true,allIp,true
# vSphereClient,true,allIp,true
$rules = Import-Csv -Path .\services.csv -UseCulture
Get-VMHost -PipelineVariable esx |
ForEach-Object -Process {
$esxcli = Get-Esxcli -VMHost $esx -V2
$rules | ForEach-Object -Process {
$arguments = @{
rulesetid = $_.'Service Name'
enabled = $_.Enabled
allowedall = $true
}
$esxcli.network.firewall.ruleset.set.Invoke($arguments)
}
}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
the reason fo why I need info regarding the old parametre is just for reporting
and regarding the script that you have shared it's possible to have a seperate file that contain ESX info?
Sure, try like this
#
# Service Name,Enabled,Setting,Status
# ntpClient,true,allIp,true
# vSphereClient,true,allIp,true
$rules = Import-Csv -Path .\services.csv -UseCulture
# CSV layout
#
# Name
# esx1
# esx2
$vmhost = Import-Csv -Path .\esxnames.csv -UseCulture
Get-VMHost -Name $vmHost.Name -PipelineVariable esx |
ForEach-Object -Process {
$esxcli = Get-Esxcli -VMHost $esx -V2
$rules | ForEach-Object -Process {
$arguments = @{
rulesetid = $_.'Service Name'
enabled = $_.Enabled
allowedall = $true
}
$esxcli.network.firewall.ruleset.set.Invoke($arguments)
}
}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference