Hello,
I need to automate in PowerCLI one more Step during Org VDC setup, the "Edge Gateway Creation".
At the moment it looks like the only way to do that is directly via API (via PowerShell in my Case):
vCloud Air Documentation Center
Has anyone done that before in PowerCLI / PowerShell or maybe a better way that via API?
Kind Regards,
Markus
This is cut from a script I was using to create fully nested labs for customer and internal use. It allowed for custom private IP space in any configuration and had a standard set of NAT, Firewall, LB and DHCP settings. It's ugly but it works, let me know if you have any questions.
$firewall = New-Object VMware.VimAutomation.Cloud.Views.Gateway
$firewall.Name = $orgName
$firewall.Configuration = New-Object VMware.VimAutomation.Cloud.Views.GatewayConfiguration
$firewall.Configuration.BackwardCompatibilityMode = $false
$firewall.Configuration.GatewayBackingConfig = "compact"
$firewall.Configuration.UseDefaultRouteForDnsRelay = $true
$firewall.Configuration.HaEnabled = $true
$firewall.Configuration.EdgeGatewayServiceConfiguration = New-Object VMware.VimAutomation.Cloud.Views.GatewayFeatures
$firewall.Configuration.GatewayInterfaces = New-Object VMware.VimAutomation.Cloud.Views.GatewayInterfaces
$firewall.Configuration.GatewayInterfaces.GatewayInterface = New-Object VMware.VimAutomation.Cloud.Views.GatewayInterface
$firewall.Configuration.GatewayInterfaces.GatewayInterface += New-Object VMware.VimAutomation.Cloud.Views.GatewayInterface
$firewall.Configuration.GatewayInterfaces.GatewayInterface += New-Object VMware.VimAutomation.Cloud.Views.GatewayInterface
$firewall.Configuration.GatewayInterfaces.GatewayInterface[0].DisplayName = "ExNet"
$firewall.Configuration.GatewayInterfaces.GatewayInterface[0].Network = $ExNetExternalNetwork.Href
$firewall.Configuration.GatewayInterfaces.GatewayInterface[0].InterfaceType = "uplink"
$firewall.Configuration.GatewayInterfaces.GatewayInterface[0].UseForDefaultRoute = $false
$firewall.Configuration.GatewayInterfaces.GatewayInterface[0].ApplyRateLimit = $false
$firewall.Configuration.GatewayInterfaces.GatewayInterface[1].DisplayName = "VMNet"
$firewall.Configuration.GatewayInterfaces.GatewayInterface[1].Network = $VMNetExternalNetwork.Href
$firewall.Configuration.GatewayInterfaces.GatewayInterface[1].InterfaceType = "uplink"
$firewall.Configuration.GatewayInterfaces.GatewayInterface[1].UseForDefaultRoute = $false
$firewall.Configuration.GatewayInterfaces.GatewayInterface[1].ApplyRateLimit = $false
$firewall.Configuration.GatewayInterfaces.GatewayInterface[2].DisplayName = "PublicNet"
$firewall.Configuration.GatewayInterfaces.GatewayInterface[2].Network = $PublicNetwork[0].Href
$firewall.Configuration.GatewayInterfaces.GatewayInterface[2].InterfaceType = "uplink"
$firewall.Configuration.GatewayInterfaces.GatewayInterface[2].UseForDefaultRoute = $true
$firewall.Configuration.GatewayInterfaces.GatewayInterface[2].ApplyRateLimit = $false
$ExNetexternalSubnet = New-Object VMware.VimAutomation.Cloud.Views.SubnetParticipation
$ExNetexternalSubnet.Gateway = $ExNetExternalNetwork.Gateway
$ExNetexternalSubnet.Netmask = $ExNetExternalNetwork.Netmask
$ExNetexternalSubnet.IpAddress = $ExNetExternalBlock[0]
$ExNetexternalSubnet.IpRanges = New-Object VMware.VimAutomation.Cloud.Views.IpRanges
$ExNetexternalSubnet.IpRanges.IpRange = New-Object VMware.VimAutomation.Cloud.Views.IpRange
$ExNetexternalSubnet.IpRanges.IpRange[0].StartAddress = $ExNetexternalSubnet.IpAddress # ### $firstExternalIP
$ExNetexternalSubnet.IpRanges.IpRange[0].EndAddress = $ExNetexternalSubnet.IpAddress # ### $lastExternalIP
$VMNetexternalSubnet = New-Object VMware.VimAutomation.Cloud.Views.SubnetParticipation
$VMNetexternalSubnet.Gateway = $VMNetExternalNetwork.Gateway
$VMNetexternalSubnet.Netmask = $VMNetExternalNetwork.Netmask
$VMNetexternalSubnet.IpAddress = $VMNetExTernalBlock[0]
$VMNetexternalSubnet.IpRanges = New-Object VMware.VimAutomation.Cloud.Views.IpRanges
$VMNetexternalSubnet.IpRanges.IpRange = New-Object VMware.VimAutomation.Cloud.Views.IpRange
$VMNetexternalSubnet.IpRanges.IpRange += New-Object VMware.VimAutomation.Cloud.Views.IpRange
$VMNetexternalSubnet.IpRanges.IpRange += New-Object VMware.VimAutomation.Cloud.Views.IpRange
$VMNetexternalSubnet.IpRanges.IpRange[0].StartAddress = $VMNetexternalSubnet.IpAddress # ### $firstExternalIP
$VMNetexternalSubnet.IpRanges.IpRange[0].EndAddress = $VMNetexternalSubnet.IpAddress # ### $firstExternalIP
$VMNetexternalSubnet.IpRanges.IpRange[1].StartAddress = $VMNetExTernalBlock[1] # ### $SecondExternalIP
$VMNetexternalSubnet.IpRanges.IpRange[1].EndAddress = $VMNetExTernalBlock[1] # ### $SecondExternalIP
$VMNetexternalSubnet.IpRanges.IpRange[2].StartAddress = $VMNetExTernalBlock[2] # ### $ThirdExternalIP
$VMNetexternalSubnet.IpRanges.IpRange[2].EndAddress = $VMNetExTernalBlock[2] # ### $ThirdExternalIP
$PublicexternalSubnet = New-Object VMware.VimAutomation.Cloud.Views.SubnetParticipation
$PublicexternalSubnet.Gateway = $PublicNetwork[0].Gateway.IPAddressToString
$PublicexternalSubnet.Netmask = $PublicNetwork[0].Netmask
if ($PublicExternalBlock.count -eq 1) {
$PublicexternalSubnet.IpAddress = $PublicExternalBlock
} else {
$PublicexternalSubnet.IpAddress = $PublicExternalBlock[0]
}
$PublicexternalSubnet.IpRanges = New-Object VMware.VimAutomation.Cloud.Views.IpRanges
$PublicexternalSubnet.IpRanges.IpRange = New-Object VMware.VimAutomation.Cloud.Views.IpRange
$PublicexternalSubnet.IpRanges.IpRange[0].StartAddress = $PublicexternalSubnet.IpAddress # ### $firstExternalIP
$PublicexternalSubnet.IpRanges.IpRange[0].EndAddress = $PublicexternalSubnet.IpAddress # ### $lastExternalIP
$firewall.Configuration.GatewayInterfaces.GatewayInterface[0].SubnetParticipation = $ExNetexternalSubnet
$firewall.Configuration.GatewayInterfaces.GatewayInterface[1].SubnetParticipation = $VMNetexternalSubnet
$firewall.Configuration.GatewayInterfaces.GatewayInterface[2].SubnetParticipation = $PublicexternalSubnet
$orgVdc.ExtensionData.CreateEdgeGateway($firewall)
write-host "Please wait, we're currently rolling out the Edge Firewall..."
sleep 20
While ((Search-Cloud -QueryType EdgeGateway | get-ciview | where {$_.name -eq $orgName}).tasks.task.Status -eq "running") {
if ((Search-Cloud -QueryType EdgeGateway | get-ciview | where {$_.name -eq $orgName}).tasks.task.Status -eq "running") {
sleep 120
write-host "Please wait, we're currently rolling out the Edge Firewall..."
}}
sleep 20
#Create an Internal network on the Edge gateway
$edgeGateway = Search-Cloud -QueryType EdgeGateway -Name $orgName | Get-CIView | where {$_.name -like "$orgName*"}
$ExNetnetwork = New-Object VMware.VimAutomation.Cloud.Views.OrgVdcNetwork
$ExNetnetwork.EdgeGateway = $edgeGateway.Id
$ExNetnetwork.isShared = $false
$ExNetnetwork.Configuration = New-Object VMware.VimAutomation.Cloud.Views.NetworkConfiguration
$ExNetnetwork.Name = "ExNet-Inside"
$ExNetnetwork.Configuration.IpScopes = New-Object VMware.VimAutomation.Cloud.Views.IpScopes
$ExNetnetwork.Configuration.FenceMode = "natRouted"
$IpScope = New-Object VMware.VimAutomation.Cloud.Views.IpScope
$IpScope.Gateway = $ExNetinternalGateway
$IpScope.Netmask = $ExNetinternalNetmask
$IpScope.Dns1 = $ExNetinternalGateway
$IpScope.DnsSuffix = 'mv.rackspace.com'
$IpScope.IpRanges = New-Object VMware.VimAutomation.Cloud.Views.IpRanges
$IpScope.IpRanges.IpRange = New-Object VMware.VimAutomation.Cloud.Views.IpRange
$IpScope.IpRanges.IpRange[0].StartAddress = $ExNetfirstInternalIP
$IpScope.IpRanges.IpRange[0].EndAddress = $ExNetlastInternalIP
$ExNetnetwork.Configuration.IpScopes.IpScope += $IpScope
$orgVdc.ExtensionData.CreateNetwork($ExNetnetwork)
write-host "Please wait, we're currently rolling out the ExNet-Inside network..."
sleep 20
While ((Search-Cloud -QueryType EdgeGateway | get-ciview | where {$_.name -eq $orgName}).tasks.task.Status -eq "running") {
if ((Search-Cloud -QueryType EdgeGateway | get-ciview | where {$_.name -eq $orgName}).tasks.task.Status -eq "running") {
sleep 120
write-host "Please wait, we're currently rolling out the ExNet-Inside network..."
}}
sleep 20
$VMNetnetwork = New-Object VMware.VimAutomation.Cloud.Views.OrgVdcNetwork
$VMNetnetwork.EdgeGateway = $edgeGateway.Id
$VMNetnetwork.isShared = $false
$VMNetnetwork.Configuration = New-Object VMware.VimAutomation.Cloud.Views.NetworkConfiguration
$VMNetnetwork.Name = "VMNet-Inside"
$VMNetnetwork.Configuration.IpScopes = New-Object VMware.VimAutomation.Cloud.Views.IpScopes
$VMNetnetwork.Configuration.FenceMode = "natRouted"
$IpScope = New-Object VMware.VimAutomation.Cloud.Views.IpScope
$IpScope.Gateway = $VMNetinternalGateway
$IpScope.Netmask = $VMNetinternalNetmask
$IpScope.Dns1 = $VMNetinternalGateway
$IpScope.DnsSuffix = 'mv.rackspace.com'
$IpScope.IpRanges = New-Object VMware.VimAutomation.Cloud.Views.IpRanges
$IpScope.IpRanges.IpRange = New-Object VMware.VimAutomation.Cloud.Views.IpRange
$IpScope.IpRanges.IpRange[0].StartAddress = $VMNetfirstInternalIP
$IpScope.IpRanges.IpRange[0].EndAddress = $VMNetlastInternalIP
$VMNetnetwork.Configuration.IpScopes.IpScope += $IpScope
$orgVdc.ExtensionData.CreateNetwork($VMNetnetwork)
write-host "Please wait, we're currently rolling out the VMNet-Inside network..."
sleep 20
While ((Search-Cloud -QueryType EdgeGateway | get-ciview | where {$_.name -eq $orgName}).tasks.task.Status -eq "running") {
if ((Search-Cloud -QueryType EdgeGateway | get-ciview | where {$_.name -eq $orgName}).tasks.task.Status -eq "running") {
sleep 120
write-host "Please wait, we're currently rolling out the VMNet-Inside network..."
}}
sleep 20
#Setup the firewall services for the network
$firewallService = New-Object VMware.VimAutomation.Cloud.Views.FirewallService
$firewallService.DefaultAction = "drop"
$firewallService.FirewallRule = New-Object VMware.VimAutomation.Cloud.Views.FirewallRule
$firewallService.FirewallRule += New-Object VMware.VimAutomation.Cloud.Views.FirewallRule
$firewallService.FirewallRule += New-Object VMware.VimAutomation.Cloud.Views.FirewallRule
$firewallService.FirewallRule += New-Object VMware.VimAutomation.Cloud.Views.FirewallRule
$firewallService.FirewallRule += New-Object VMware.VimAutomation.Cloud.Views.FirewallRule
$firewallService.firewallRule[0].Description = "Default Outgoing Allowed"
$firewallService.firewallRule[0].IsEnabled = $true
$firewallService.firewallRule[0].Protocols = New-Object VMware.VimAutomation.Cloud.Views.FirewallRuleTypeProtocols
$firewallService.firewallRule[0].Protocols.any = $true
$firewallService.firewallRule[0].Policy = "allow"
$firewallService.firewallRule[0].SourceIp = "internal"
$firewallService.firewallRule[0].DestinationIp = "any"
$firewallService.firewallRule[0].Port = "-1"
$firewallService.firewallRule[0].SourcePort = "-1"
$firewallService.firewallRule[0].EnableLogging = $false
$firewallService.firewallRule[1].Description = "IAD Bastion Access"
$firewallService.firewallRule[1].IsEnabled = $true
$firewallService.firewallRule[1].Protocols = New-Object VMware.VimAutomation.Cloud.Views.FirewallRuleTypeProtocols
$firewallService.firewallRule[1].Protocols.any = $true
$firewallService.firewallRule[1].Policy = "allow"
$firewallService.firewallRule[1].SourceIp = "69.20.0.1"
$firewallService.firewallRule[1].DestinationIp = "internal"
$firewallService.firewallRule[1].Port = "-1"
$firewallService.firewallRule[1].SourcePort = "-1"
$firewallService.firewallRule[1].EnableLogging = $false
$firewallService.firewallRule[2].Description = "NTP Access"
$firewallService.firewallRule[2].IsEnabled = $true
$firewallService.firewallRule[2].Protocols = New-Object VMware.VimAutomation.Cloud.Views.FirewallRuleTypeProtocols
$firewallService.firewallRule[2].Protocols.udp = $true
$firewallService.firewallRule[2].Policy = "allow"
$firewallService.firewallRule[2].SourceIp = "72.3.128.240"
$firewallService.firewallRule[2].DestinationIp = "internal"
$firewallService.firewallRule[2].Port = "123"
$firewallService.firewallRule[2].SourcePort = "123"
$firewallService.firewallRule[2].EnableLogging = $false
$firewallService.firewallRule[3].Description = "DFW Bastion Access"
$firewallService.firewallRule[3].IsEnabled = $true
$firewallService.firewallRule[3].Protocols = New-Object VMware.VimAutomation.Cloud.Views.FirewallRuleTypeProtocols
$firewallService.firewallRule[3].Protocols.any = $true
$firewallService.firewallRule[3].Policy = "allow"
$firewallService.firewallRule[3].SourceIp = "72.3.128.84"
$firewallService.firewallRule[3].DestinationIp = "internal"
$firewallService.firewallRule[3].Port = "-1"
$firewallService.firewallRule[3].SourcePort = "-1"
$firewallService.firewallRule[3].EnableLogging = $false
$firewallService.firewallRule[4].Description = "Lon3 Bastion Access"
$firewallService.firewallRule[4].IsEnabled = $true
$firewallService.firewallRule[4].Protocols = New-Object VMware.VimAutomation.Cloud.Views.FirewallRuleTypeProtocols
$firewallService.firewallRule[4].Protocols.any = $true
$firewallService.firewallRule[4].Policy = "allow"
$firewallService.firewallRule[4].SourceIp = "212.100.225.42"
$firewallService.firewallRule[4].DestinationIp = "internal"
$firewallService.firewallRule[4].Port = "-1"
$firewallService.firewallRule[4].SourcePort = "-1"
$firewallService.firewallRule[4].EnableLogging = $false
$edgeGateway.ConfigureServices($firewallService)
write-host "Please wait, we're currently rolling out the default firewall rules..."
sleep 30
#creating NAT rules on the edge for PAT connectivity and RDP Inbound to the Windows Jump Server
Write-Host "Creating SNAT and DNAT Rules"
New-SNATRule -EdgeGateway $orgName -ExternalNetwork $PublicNetwork[0] -OriginalIP $ExNetSubnet -TranslatedIP $PublicexternalSubnet.IpAddress
sleep 30
New-DNATRule -EdgeGateway $orgName -ExternalNetwork $PublicNetwork[0] -OriginalIP $PublicexternalSubnet.IpAddress -OriginalPort "3389" -TranslatedIP $SQLExNet -TranslatedPort "3389" -Protocol "tcp"
sleep 30
This is cut from a script I was using to create fully nested labs for customer and internal use. It allowed for custom private IP space in any configuration and had a standard set of NAT, Firewall, LB and DHCP settings. It's ugly but it works, let me know if you have any questions.
$firewall = New-Object VMware.VimAutomation.Cloud.Views.Gateway
$firewall.Name = $orgName
$firewall.Configuration = New-Object VMware.VimAutomation.Cloud.Views.GatewayConfiguration
$firewall.Configuration.BackwardCompatibilityMode = $false
$firewall.Configuration.GatewayBackingConfig = "compact"
$firewall.Configuration.UseDefaultRouteForDnsRelay = $true
$firewall.Configuration.HaEnabled = $true
$firewall.Configuration.EdgeGatewayServiceConfiguration = New-Object VMware.VimAutomation.Cloud.Views.GatewayFeatures
$firewall.Configuration.GatewayInterfaces = New-Object VMware.VimAutomation.Cloud.Views.GatewayInterfaces
$firewall.Configuration.GatewayInterfaces.GatewayInterface = New-Object VMware.VimAutomation.Cloud.Views.GatewayInterface
$firewall.Configuration.GatewayInterfaces.GatewayInterface += New-Object VMware.VimAutomation.Cloud.Views.GatewayInterface
$firewall.Configuration.GatewayInterfaces.GatewayInterface += New-Object VMware.VimAutomation.Cloud.Views.GatewayInterface
$firewall.Configuration.GatewayInterfaces.GatewayInterface[0].DisplayName = "ExNet"
$firewall.Configuration.GatewayInterfaces.GatewayInterface[0].Network = $ExNetExternalNetwork.Href
$firewall.Configuration.GatewayInterfaces.GatewayInterface[0].InterfaceType = "uplink"
$firewall.Configuration.GatewayInterfaces.GatewayInterface[0].UseForDefaultRoute = $false
$firewall.Configuration.GatewayInterfaces.GatewayInterface[0].ApplyRateLimit = $false
$firewall.Configuration.GatewayInterfaces.GatewayInterface[1].DisplayName = "VMNet"
$firewall.Configuration.GatewayInterfaces.GatewayInterface[1].Network = $VMNetExternalNetwork.Href
$firewall.Configuration.GatewayInterfaces.GatewayInterface[1].InterfaceType = "uplink"
$firewall.Configuration.GatewayInterfaces.GatewayInterface[1].UseForDefaultRoute = $false
$firewall.Configuration.GatewayInterfaces.GatewayInterface[1].ApplyRateLimit = $false
$firewall.Configuration.GatewayInterfaces.GatewayInterface[2].DisplayName = "PublicNet"
$firewall.Configuration.GatewayInterfaces.GatewayInterface[2].Network = $PublicNetwork[0].Href
$firewall.Configuration.GatewayInterfaces.GatewayInterface[2].InterfaceType = "uplink"
$firewall.Configuration.GatewayInterfaces.GatewayInterface[2].UseForDefaultRoute = $true
$firewall.Configuration.GatewayInterfaces.GatewayInterface[2].ApplyRateLimit = $false
$ExNetexternalSubnet = New-Object VMware.VimAutomation.Cloud.Views.SubnetParticipation
$ExNetexternalSubnet.Gateway = $ExNetExternalNetwork.Gateway
$ExNetexternalSubnet.Netmask = $ExNetExternalNetwork.Netmask
$ExNetexternalSubnet.IpAddress = $ExNetExternalBlock[0]
$ExNetexternalSubnet.IpRanges = New-Object VMware.VimAutomation.Cloud.Views.IpRanges
$ExNetexternalSubnet.IpRanges.IpRange = New-Object VMware.VimAutomation.Cloud.Views.IpRange
$ExNetexternalSubnet.IpRanges.IpRange[0].StartAddress = $ExNetexternalSubnet.IpAddress # ### $firstExternalIP
$ExNetexternalSubnet.IpRanges.IpRange[0].EndAddress = $ExNetexternalSubnet.IpAddress # ### $lastExternalIP
$VMNetexternalSubnet = New-Object VMware.VimAutomation.Cloud.Views.SubnetParticipation
$VMNetexternalSubnet.Gateway = $VMNetExternalNetwork.Gateway
$VMNetexternalSubnet.Netmask = $VMNetExternalNetwork.Netmask
$VMNetexternalSubnet.IpAddress = $VMNetExTernalBlock[0]
$VMNetexternalSubnet.IpRanges = New-Object VMware.VimAutomation.Cloud.Views.IpRanges
$VMNetexternalSubnet.IpRanges.IpRange = New-Object VMware.VimAutomation.Cloud.Views.IpRange
$VMNetexternalSubnet.IpRanges.IpRange += New-Object VMware.VimAutomation.Cloud.Views.IpRange
$VMNetexternalSubnet.IpRanges.IpRange += New-Object VMware.VimAutomation.Cloud.Views.IpRange
$VMNetexternalSubnet.IpRanges.IpRange[0].StartAddress = $VMNetexternalSubnet.IpAddress # ### $firstExternalIP
$VMNetexternalSubnet.IpRanges.IpRange[0].EndAddress = $VMNetexternalSubnet.IpAddress # ### $firstExternalIP
$VMNetexternalSubnet.IpRanges.IpRange[1].StartAddress = $VMNetExTernalBlock[1] # ### $SecondExternalIP
$VMNetexternalSubnet.IpRanges.IpRange[1].EndAddress = $VMNetExTernalBlock[1] # ### $SecondExternalIP
$VMNetexternalSubnet.IpRanges.IpRange[2].StartAddress = $VMNetExTernalBlock[2] # ### $ThirdExternalIP
$VMNetexternalSubnet.IpRanges.IpRange[2].EndAddress = $VMNetExTernalBlock[2] # ### $ThirdExternalIP
$PublicexternalSubnet = New-Object VMware.VimAutomation.Cloud.Views.SubnetParticipation
$PublicexternalSubnet.Gateway = $PublicNetwork[0].Gateway.IPAddressToString
$PublicexternalSubnet.Netmask = $PublicNetwork[0].Netmask
if ($PublicExternalBlock.count -eq 1) {
$PublicexternalSubnet.IpAddress = $PublicExternalBlock
} else {
$PublicexternalSubnet.IpAddress = $PublicExternalBlock[0]
}
$PublicexternalSubnet.IpRanges = New-Object VMware.VimAutomation.Cloud.Views.IpRanges
$PublicexternalSubnet.IpRanges.IpRange = New-Object VMware.VimAutomation.Cloud.Views.IpRange
$PublicexternalSubnet.IpRanges.IpRange[0].StartAddress = $PublicexternalSubnet.IpAddress # ### $firstExternalIP
$PublicexternalSubnet.IpRanges.IpRange[0].EndAddress = $PublicexternalSubnet.IpAddress # ### $lastExternalIP
$firewall.Configuration.GatewayInterfaces.GatewayInterface[0].SubnetParticipation = $ExNetexternalSubnet
$firewall.Configuration.GatewayInterfaces.GatewayInterface[1].SubnetParticipation = $VMNetexternalSubnet
$firewall.Configuration.GatewayInterfaces.GatewayInterface[2].SubnetParticipation = $PublicexternalSubnet
$orgVdc.ExtensionData.CreateEdgeGateway($firewall)
write-host "Please wait, we're currently rolling out the Edge Firewall..."
sleep 20
While ((Search-Cloud -QueryType EdgeGateway | get-ciview | where {$_.name -eq $orgName}).tasks.task.Status -eq "running") {
if ((Search-Cloud -QueryType EdgeGateway | get-ciview | where {$_.name -eq $orgName}).tasks.task.Status -eq "running") {
sleep 120
write-host "Please wait, we're currently rolling out the Edge Firewall..."
}}
sleep 20
#Create an Internal network on the Edge gateway
$edgeGateway = Search-Cloud -QueryType EdgeGateway -Name $orgName | Get-CIView | where {$_.name -like "$orgName*"}
$ExNetnetwork = New-Object VMware.VimAutomation.Cloud.Views.OrgVdcNetwork
$ExNetnetwork.EdgeGateway = $edgeGateway.Id
$ExNetnetwork.isShared = $false
$ExNetnetwork.Configuration = New-Object VMware.VimAutomation.Cloud.Views.NetworkConfiguration
$ExNetnetwork.Name = "ExNet-Inside"
$ExNetnetwork.Configuration.IpScopes = New-Object VMware.VimAutomation.Cloud.Views.IpScopes
$ExNetnetwork.Configuration.FenceMode = "natRouted"
$IpScope = New-Object VMware.VimAutomation.Cloud.Views.IpScope
$IpScope.Gateway = $ExNetinternalGateway
$IpScope.Netmask = $ExNetinternalNetmask
$IpScope.Dns1 = $ExNetinternalGateway
$IpScope.DnsSuffix = 'mv.rackspace.com'
$IpScope.IpRanges = New-Object VMware.VimAutomation.Cloud.Views.IpRanges
$IpScope.IpRanges.IpRange = New-Object VMware.VimAutomation.Cloud.Views.IpRange
$IpScope.IpRanges.IpRange[0].StartAddress = $ExNetfirstInternalIP
$IpScope.IpRanges.IpRange[0].EndAddress = $ExNetlastInternalIP
$ExNetnetwork.Configuration.IpScopes.IpScope += $IpScope
$orgVdc.ExtensionData.CreateNetwork($ExNetnetwork)
write-host "Please wait, we're currently rolling out the ExNet-Inside network..."
sleep 20
While ((Search-Cloud -QueryType EdgeGateway | get-ciview | where {$_.name -eq $orgName}).tasks.task.Status -eq "running") {
if ((Search-Cloud -QueryType EdgeGateway | get-ciview | where {$_.name -eq $orgName}).tasks.task.Status -eq "running") {
sleep 120
write-host "Please wait, we're currently rolling out the ExNet-Inside network..."
}}
sleep 20
$VMNetnetwork = New-Object VMware.VimAutomation.Cloud.Views.OrgVdcNetwork
$VMNetnetwork.EdgeGateway = $edgeGateway.Id
$VMNetnetwork.isShared = $false
$VMNetnetwork.Configuration = New-Object VMware.VimAutomation.Cloud.Views.NetworkConfiguration
$VMNetnetwork.Name = "VMNet-Inside"
$VMNetnetwork.Configuration.IpScopes = New-Object VMware.VimAutomation.Cloud.Views.IpScopes
$VMNetnetwork.Configuration.FenceMode = "natRouted"
$IpScope = New-Object VMware.VimAutomation.Cloud.Views.IpScope
$IpScope.Gateway = $VMNetinternalGateway
$IpScope.Netmask = $VMNetinternalNetmask
$IpScope.Dns1 = $VMNetinternalGateway
$IpScope.DnsSuffix = 'mv.rackspace.com'
$IpScope.IpRanges = New-Object VMware.VimAutomation.Cloud.Views.IpRanges
$IpScope.IpRanges.IpRange = New-Object VMware.VimAutomation.Cloud.Views.IpRange
$IpScope.IpRanges.IpRange[0].StartAddress = $VMNetfirstInternalIP
$IpScope.IpRanges.IpRange[0].EndAddress = $VMNetlastInternalIP
$VMNetnetwork.Configuration.IpScopes.IpScope += $IpScope
$orgVdc.ExtensionData.CreateNetwork($VMNetnetwork)
write-host "Please wait, we're currently rolling out the VMNet-Inside network..."
sleep 20
While ((Search-Cloud -QueryType EdgeGateway | get-ciview | where {$_.name -eq $orgName}).tasks.task.Status -eq "running") {
if ((Search-Cloud -QueryType EdgeGateway | get-ciview | where {$_.name -eq $orgName}).tasks.task.Status -eq "running") {
sleep 120
write-host "Please wait, we're currently rolling out the VMNet-Inside network..."
}}
sleep 20
#Setup the firewall services for the network
$firewallService = New-Object VMware.VimAutomation.Cloud.Views.FirewallService
$firewallService.DefaultAction = "drop"
$firewallService.FirewallRule = New-Object VMware.VimAutomation.Cloud.Views.FirewallRule
$firewallService.FirewallRule += New-Object VMware.VimAutomation.Cloud.Views.FirewallRule
$firewallService.FirewallRule += New-Object VMware.VimAutomation.Cloud.Views.FirewallRule
$firewallService.FirewallRule += New-Object VMware.VimAutomation.Cloud.Views.FirewallRule
$firewallService.FirewallRule += New-Object VMware.VimAutomation.Cloud.Views.FirewallRule
$firewallService.firewallRule[0].Description = "Default Outgoing Allowed"
$firewallService.firewallRule[0].IsEnabled = $true
$firewallService.firewallRule[0].Protocols = New-Object VMware.VimAutomation.Cloud.Views.FirewallRuleTypeProtocols
$firewallService.firewallRule[0].Protocols.any = $true
$firewallService.firewallRule[0].Policy = "allow"
$firewallService.firewallRule[0].SourceIp = "internal"
$firewallService.firewallRule[0].DestinationIp = "any"
$firewallService.firewallRule[0].Port = "-1"
$firewallService.firewallRule[0].SourcePort = "-1"
$firewallService.firewallRule[0].EnableLogging = $false
$firewallService.firewallRule[1].Description = "IAD Bastion Access"
$firewallService.firewallRule[1].IsEnabled = $true
$firewallService.firewallRule[1].Protocols = New-Object VMware.VimAutomation.Cloud.Views.FirewallRuleTypeProtocols
$firewallService.firewallRule[1].Protocols.any = $true
$firewallService.firewallRule[1].Policy = "allow"
$firewallService.firewallRule[1].SourceIp = "69.20.0.1"
$firewallService.firewallRule[1].DestinationIp = "internal"
$firewallService.firewallRule[1].Port = "-1"
$firewallService.firewallRule[1].SourcePort = "-1"
$firewallService.firewallRule[1].EnableLogging = $false
$firewallService.firewallRule[2].Description = "NTP Access"
$firewallService.firewallRule[2].IsEnabled = $true
$firewallService.firewallRule[2].Protocols = New-Object VMware.VimAutomation.Cloud.Views.FirewallRuleTypeProtocols
$firewallService.firewallRule[2].Protocols.udp = $true
$firewallService.firewallRule[2].Policy = "allow"
$firewallService.firewallRule[2].SourceIp = "72.3.128.240"
$firewallService.firewallRule[2].DestinationIp = "internal"
$firewallService.firewallRule[2].Port = "123"
$firewallService.firewallRule[2].SourcePort = "123"
$firewallService.firewallRule[2].EnableLogging = $false
$firewallService.firewallRule[3].Description = "DFW Bastion Access"
$firewallService.firewallRule[3].IsEnabled = $true
$firewallService.firewallRule[3].Protocols = New-Object VMware.VimAutomation.Cloud.Views.FirewallRuleTypeProtocols
$firewallService.firewallRule[3].Protocols.any = $true
$firewallService.firewallRule[3].Policy = "allow"
$firewallService.firewallRule[3].SourceIp = "72.3.128.84"
$firewallService.firewallRule[3].DestinationIp = "internal"
$firewallService.firewallRule[3].Port = "-1"
$firewallService.firewallRule[3].SourcePort = "-1"
$firewallService.firewallRule[3].EnableLogging = $false
$firewallService.firewallRule[4].Description = "Lon3 Bastion Access"
$firewallService.firewallRule[4].IsEnabled = $true
$firewallService.firewallRule[4].Protocols = New-Object VMware.VimAutomation.Cloud.Views.FirewallRuleTypeProtocols
$firewallService.firewallRule[4].Protocols.any = $true
$firewallService.firewallRule[4].Policy = "allow"
$firewallService.firewallRule[4].SourceIp = "212.100.225.42"
$firewallService.firewallRule[4].DestinationIp = "internal"
$firewallService.firewallRule[4].Port = "-1"
$firewallService.firewallRule[4].SourcePort = "-1"
$firewallService.firewallRule[4].EnableLogging = $false
$edgeGateway.ConfigureServices($firewallService)
write-host "Please wait, we're currently rolling out the default firewall rules..."
sleep 30
#creating NAT rules on the edge for PAT connectivity and RDP Inbound to the Windows Jump Server
Write-Host "Creating SNAT and DNAT Rules"
New-SNATRule -EdgeGateway $orgName -ExternalNetwork $PublicNetwork[0] -OriginalIP $ExNetSubnet -TranslatedIP $PublicexternalSubnet.IpAddress
sleep 30
New-DNATRule -EdgeGateway $orgName -ExternalNetwork $PublicNetwork[0] -OriginalIP $PublicexternalSubnet.IpAddress -OriginalPort "3389" -TranslatedIP $SQLExNet -TranslatedPort "3389" -Protocol "tcp"
sleep 30
Thank you. Your code sample helped a lot!
If you want to speed up your code a little bit you can wait for your Edge to become Ready instead of a simple Sleep:
while((Search-Cloud -QueryType EdgeGateway -Name $Name).IsBusy -eq $True){
$i++
Start-Sleep 1
if($i -gt $Timeout) { Write-Error "Creating Edge Gateway."; break}
Write-Progress -Activity "Creating Edge Gateway" -Status "Wait for Edge to become Ready..."
}
Write-Progress -Activity "Creating Edge Gateway" -Completed
Kind regards,
Markus
My final version of the Function to create a Edge Gateway in vCloud Director https://mycloudrevolution.com/2017/06/27/powercli-create-vcloud-director-edge-gateway/ :
#Requires -Version 4
#Requires -Modules VMware.VimAutomation.Cloud, @{ModuleName="VMware.VimAutomation.Cloud";ModuleVersion="6.3.0.0"}
Function New-MyEdgeGateway {
<#
.SYNOPSIS
Creates a new Edge Gateway with Default Parameters
.DESCRIPTION
Creates a new Edge Gateway with Default Parameters
Default Parameters are:
* Size
* HA State
* DNS Relay
.NOTES
File Name : New-MyEdgeGateway.ps1
Author : Markus Kraus
Version : 1.0
State : Ready
.LINK
https://mycloudrevolution.com/
.EXAMPLE
New-MyEdgeGateway -Name "TestEdge" -OrgVDCName "TestVDC" -OrgName "TestOrg" -ExternalNetwork "ExternalNetwork" -IPAddress "192.168.100.1" -SubnetMask "255.255.255.0" -Gateway "192.168.100.254" -IPRangeStart ""192.168.100.2" -IPRangeEnd ""192.168.100.3" -Verbose
.PARAMETER Name
Name of the New Edge Gateway as String
.PARAMETER OrgVDCName
OrgVDC where the new Edge Gateway should be created as string
.PARAMETER OrgName
Org where the new Edge Gateway should be created as string
.PARAMETER ExternalNetwork
External Network of the new Edge Gateway as String
.PARAMETER IPAddress
IP Address of the New Edge Gateway as IP Address
.PARAMETER SubnetMask
Subnet Mask of the New Edge Gateway as IP Address
.PARAMETER Gateway
Gateway of the New Edge Gateway as IP Address
.PARAMETER IPRangeStart
Sub Allocation IP Range Start of the New Edge Gateway as IP Address
.PARAMETER IPRangeEnd
Sub Allocation IP Range End of the New Edge Gateway as IP Address
.PARAMETER Timeout
Timeout for the Edge Gateway to get Ready
Default: 120s
#>
Param (
[Parameter(Mandatory=$True, ValueFromPipeline=$False, HelpMessage="Name of the New Edge Gateway as String")]
[ValidateNotNullorEmpty()]
[String] $Name,
[Parameter(Mandatory=$True, ValueFromPipeline=$False, HelpMessage="OrgVDC where the new Edge Gateway should be created as string")]
[ValidateNotNullorEmpty()]
[String] $OrgVdcName,
[Parameter(Mandatory=$True, ValueFromPipeline=$False, HelpMessage="Org where the new Edge Gateway should be created as string")]
[ValidateNotNullorEmpty()]
[String] $OrgName,
[Parameter(Mandatory=$True, ValueFromPipeline=$False, HelpMessage="External Network of the New Edge Gateway as String")]
[ValidateNotNullorEmpty()]
[String] $ExternalNetwork,
[Parameter(Mandatory=$True, ValueFromPipeline=$False, HelpMessage="IP Address of the New Edge Gateway as IP Address")]
[ValidateNotNullorEmpty()]
[IPAddress] $IPAddress,
[Parameter(Mandatory=$True, ValueFromPipeline=$False, HelpMessage="Subnet Mask of the New Edge Gateway as IP Address")]
[ValidateNotNullorEmpty()]
[IPAddress] $SubnetMask,
[Parameter(Mandatory=$True, ValueFromPipeline=$False, HelpMessage="Gateway of the New Edge Gateway as IP Address")]
[ValidateNotNullorEmpty()]
[IPAddress] $Gateway,
[Parameter(Mandatory=$True, ValueFromPipeline=$False, HelpMessage="Sub Allocation IP Range Start the New Edge Gateway as IP Address")]
[ValidateNotNullorEmpty()]
[IPAddress] $IPRangeStart,
[Parameter(Mandatory=$True, ValueFromPipeline=$False, HelpMessage="Sub Allocation IP Range End the New Edge Gateway as IP Address")]
[ValidateNotNullorEmpty()]
[IPAddress] $IPRangeEnd,
[Parameter(Mandatory=$False, ValueFromPipeline=$False,HelpMessage="Timeout for the Edge Gateway to get Ready")]
[ValidateNotNullorEmpty()]
[int] $Timeout = 120
)
Process {
## Get Org vDC
Write-Verbose "Get Org vDC"
[Array] $orgVdc = Get-Org -Name $OrgName | Get-OrgVdc -Name $OrgVdcName
if ( $orgVdc.Count -gt 1) {
throw "Multiple OrgVdcs found!"
}
elseif ( $orgVdc.Count -lt 1) {
throw "No OrgVdc found!"
}
## Get External Network
Write-Verbose "Get External Network"
$extNetwork = Get-ExternalNetwork | Get-CIView -Verbose:$False | where {$_.name -eq $ExternalNetwork}
## Build EdgeGatway Configuration
Write-Verbose "Build EdgeGatway Configuration"
$EdgeGateway = New-Object VMware.VimAutomation.Cloud.Views.Gateway
$EdgeGateway.Name = $Name
$EdgeGateway.Configuration = New-Object VMware.VimAutomation.Cloud.Views.GatewayConfiguration
#$EdgeGateway.Configuration.BackwardCompatibilityMode = $false
$EdgeGateway.Configuration.GatewayBackingConfig = "compact"
$EdgeGateway.Configuration.UseDefaultRouteForDnsRelay = $false
$EdgeGateway.Configuration.HaEnabled = $false
$EdgeGateway.Configuration.EdgeGatewayServiceConfiguration = New-Object VMware.VimAutomation.Cloud.Views.GatewayFeatures
$EdgeGateway.Configuration.GatewayInterfaces = New-Object VMware.VimAutomation.Cloud.Views.GatewayInterfaces
$EdgeGateway.Configuration.GatewayInterfaces.GatewayInterface = New-Object VMware.VimAutomation.Cloud.Views.GatewayInterface
$EdgeGateway.Configuration.GatewayInterfaces.GatewayInterface[0].name = $extNetwork.Name
$EdgeGateway.Configuration.GatewayInterfaces.GatewayInterface[0].DisplayName = $extNetwork.Name
$EdgeGateway.Configuration.GatewayInterfaces.GatewayInterface[0].Network = $extNetwork.Href
$EdgeGateway.Configuration.GatewayInterfaces.GatewayInterface[0].InterfaceType = "uplink"
$EdgeGateway.Configuration.GatewayInterfaces.GatewayInterface[0].UseForDefaultRoute = $true
$EdgeGateway.Configuration.GatewayInterfaces.GatewayInterface[0].ApplyRateLimit = $false
## Inputs müssen verändert werden
$ExNetexternalSubnet = New-Object VMware.VimAutomation.Cloud.Views.SubnetParticipation
$ExNetexternalSubnet.Gateway = $Gateway.IPAddressToString
$ExNetexternalSubnet.Netmask = $SubnetMask.IPAddressToString
$ExNetexternalSubnet.IpAddress = $IPAddress.IPAddressToString
$ExNetexternalSubnet.IpRanges = New-Object VMware.VimAutomation.Cloud.Views.IpRanges
$ExNetexternalSubnet.IpRanges.IpRange = New-Object VMware.VimAutomation.Cloud.Views.IpRange
$ExNetexternalSubnet.IpRanges.IpRange[0].StartAddress = $IPRangeStart.IPAddressToString
$ExNetexternalSubnet.IpRanges.IpRange[0].EndAddress = $IPRangeEnd.IPAddressToString
$EdgeGateway.Configuration.GatewayInterfaces.GatewayInterface[0].SubnetParticipation = $ExNetexternalSubnet
## Create EdgeGatway
Write-Verbose "Create EdgeGatway"
$CreateEdgeGateway = $orgVdc.ExtensionData.CreateEdgeGateway($EdgeGateway)
## Wait for EdgeGatway to become Ready
Write-Verbose "Wait for EdgeGatway to become Ready"
while((Search-Cloud -QueryType EdgeGateway -Name $Name -Verbose:$False).IsBusy -eq $True){
$i++
Start-Sleep 5
if($i -gt $Timeout) { Write-Error "Creating Edge Gateway."; break}
Write-Progress -Activity "Creating Edge Gateway" -Status "Wait for Edge to become Ready..."
}
Write-Progress -Activity "Creating Edge Gateway" -Completed
Start-Sleep 1
Search-Cloud -QueryType EdgeGateway -Name $Name | Select Name, IsBusy, GatewayStatus, HaStatus | ft -AutoSize
}
}
Hi guys.
imho, this piece of code don't work or out of date (checked in vCD 8.20.0.2):
#Create an Internal network on the Edge gateway
$edgeGateway = Search-Cloud -QueryType EdgeGateway -Name $orgName | Get-CIView | where {$_.name -like "$orgName*"}
$ExNetnetwork = New-Object VMware.VimAutomation.Cloud.Views.OrgVdcNetwork
$ExNetnetwork.EdgeGateway = $edgeGateway.Id
$ExNetnetwork.isShared = $false
$ExNetnetwork.Configuration = New-Object VMware.VimAutomation.Cloud.Views.NetworkConfiguration
$ExNetnetwork.Name = "ExNet-Inside"
$ExNetnetwork.Configuration.IpScopes = New-Object VMware.VimAutomation.Cloud.Views.IpScopes
$ExNetnetwork.Configuration.FenceMode = "natRouted"
$IpScope = New-Object VMware.VimAutomation.Cloud.Views.IpScope
$IpScope.Gateway = $ExNetinternalGateway
$IpScope.Netmask = $ExNetinternalNetmask
$IpScope.Dns1 = $ExNetinternalGateway
$IpScope.DnsSuffix = 'mv.rackspace.com'
$IpScope.IpRanges = New-Object VMware.VimAutomation.Cloud.Views.IpRanges
$IpScope.IpRanges.IpRange = New-Object VMware.VimAutomation.Cloud.Views.IpRange
$IpScope.IpRanges.IpRange[0].StartAddress = $ExNetfirstInternalIP
$IpScope.IpRanges.IpRange[0].EndAddress = $ExNetlastInternalIP
$ExNetnetwork.Configuration.IpScopes.IpScope += $IpScope
$orgVdc.ExtensionData.CreateNetwork($ExNetnetwork)
Sorry, I do not understand the question. Can you post the error produced by your snippet?
Hello, Markus.
Exception calling "CreateNetwork" with "1" argument(s): "The server returned 'Server Error' with the status code 500 - InternalServerError."
At line:1 char:1
+ $orgVdc.ExtensionData.CreateNetwork($ExNetnetwork)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CloudException
Look at this topic, please, for more information: