VMware Cloud Community
nicholas1982
Hot Shot
Hot Shot
‎10-11-2017 05:38 AM

$null when using ESXCLI -v2

I'm trying to leave a parameter unchanged when using esxcli v2 when I was using esxcli v1 I would just specify $null and that worked but with V2 It seem I have tp specify true or false and the issue with that I would get an error on the console.

Basically I want to disabled the ESX firewall.

With ESXCLI v1 it was easy $esxcli.network.firewall.set($null,$false)

With V2 I get this

$esxcli2.network.firewall.set.Invoke(@{defaultaction = $null; enabled = 'true'})

Message: A specified parameter was not correct: argument[0];

OR

$esxcli2.network.firewall.set.Invoke(@{defaultaction = $false; enabled = $true})

Message: Default action already DROP;

InnerText: Default action already DROPEsxCLI.CLIFault.summary

Nicholas
Reply
0 Kudos
2 Replies
nicholas1982
Hot Shot
Hot Shot
‎10-11-2017 06:04 AM

Think I figured it out, I need to use CreatArgs() like this

$esxcli2.network.firewall.set.Invoke

$arguments = $esxcli2.network.firewall.set.CreateArgs()

$arguments.enabled = $false

$esxcli2.network.firewall.set.invoke($arguments)

Nicholas
Reply
0 Kudos
LucD
Leadership
Leadership
‎10-11-2017 06:36 AM

I suspect it might be a bit more complicated then that.
And I suspect there might be an "issue" with what CreateArgs returns.

My observations:

  • you can't use enabled and defaultaction in the same Invoke(). That's where I find the output from CreateArgs() at least confusing.
  • you can only use defaultaction to change the current value. It will error out when that value is already set
  • the enabled parameter can be used in any case, even if the requested value is already set

In the following script, I test the current defaultaction value before changing it.

This seems to work in all cases.

$esxcli = Get-EsxCli -VMHost MyEsx -V2

$p = $esxcli.network.firewall.set.CreateArgs()

# FW enabled

$p.Item('enabled') = $true

$esxcli.network.firewall.set.Invoke($p) > $null

$esxcli.network.firewall.get.Invoke()

# Default is DROP

$p = $esxcli.network.firewall.set.CreateArgs()

if(($esxcli.network.firewall.get.Invoke()).DefaultAction -eq 'PASS'){

    $p = $esxcli.network.firewall.set.CreateArgs()

    $p.Item('defaultaction') = $false

   

    $esxcli.network.firewall.set.Invoke($p) > $null

}

$esxcli.network.firewall.get.Invoke()

# Default is PASS

$p = $esxcli.network.firewall.set.CreateArgs()

if(($esxcli.network.firewall.get.Invoke()).DefaultAction -eq 'DROP'){

    $p = $esxcli.network.firewall.set.CreateArgs()

    $p.Item('defaultaction') = $true

   

    $esxcli.network.firewall.set.Invoke($p) > $null

}

$esxcli.network.firewall.get.Invoke()

# FW disabled

$p = $esxcli.network.firewall.set.CreateArgs()

$p.Item('enabled') = $false

$esxcli.network.firewall.set.Invoke($p) > $null

$esxcli.network.firewall.get.Invoke()

# Default is DROP

$p = $esxcli.network.firewall.set.CreateArgs()

if(($esxcli.network.firewall.get.Invoke()).DefaultAction -eq 'PASS'){

    $p = $esxcli.network.firewall.set.CreateArgs()

    $p.Item('defaultaction') = $false

   

    $esxcli.network.firewall.set.Invoke($p) > $null

}

$esxcli.network.firewall.get.Invoke()

# Default is PASS

$p = $esxcli.network.firewall.set.CreateArgs()

if(($esxcli.network.firewall.get.Invoke()).DefaultAction -eq 'DROP'){

    $p = $esxcli.network.firewall.set.CreateArgs()

    $p.Item('defaultaction') = $true

   

    $esxcli.network.firewall.set.Invoke($p) > $null

}

$esxcli.network.firewall.get.Invoke()


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos