Automated install of vShield Services

Following on from my previous post in this series where I showed how we could deploy vShield manager into our virtual infrastructure I thought I would take it one step further and show how we can use the vShield API’s within PowerShell to make some nice PowerShell advanced functions which will install the vShield services on our hosts.

Forgetting about the functions for a moment this really does show the power of PowerShell and how we can simplify everything down into a couple of lines of code which can be used over and over.  The last line of this code is all that is now needed to install vShield services on not just 1 host but 100’s of hosts !

Watch it in action

The Code

Function Connect-vShieldServer {
	<#
		.SYNOPSIS
			Connects to a vShield Manager Server.

		.DESCRIPTION
			Connects to a vShield Manager Server. The cmdlet starts a new session with a vShield Manager Server using the specified parameters.

		.PARAMETER  Server
			Specify the IP address or the DNS name of the vSphere server to which you want to connect.

		.PARAMETER  Username
			Specify the user name you want to use for authenticating with the server.

		.PARAMETER  Password
			Specifies the password you want to use for authenticating with the server.

		.EXAMPLE
			PS C:\> Connect-vShieldServer -server "192.168.0.88" -username "admin" -password "default"
	#>
	[CmdletBinding()]
	Param (
		[Parameter(ValueFromPipeline=$true)]
		$Server,
		$Username,
		$Password
	)
	process {

		$httpClient = [System.Net.WebRequest]::Create("https://$server/api/2.0/app/firewall/protocols")

		# Add Authorization headers
		$authbytes = [System.Text.Encoding]::ASCII.GetBytes($username + ":" + $password)
		$base64 = [System.Convert]::ToBase64String($authbytes)
		$authorization = "Authorization: Basic " + $base64
		$httpClient.Headers.Add($authorization)

		# Set Method
		$httpClient.Method = "GET"
		$response = $httpClient.GetResponse()
		If ($response.StatusCode -eq "OK") {
			$Global:DefaultvShieldServer = New-Object -TypeName PSObject -Property @{
				Name = $Server
				ServerUri = "https://$server/"
				Authorization = $authorization
			}
		Write-Host -ForegroundColor Yellow "Connected Succesfully to $Server"
		} Else {
			Write-Host -ForegroundColor Red "Unable to connect to $Server, debug info:"
			$response
		}
	}
}
Function Get-NetworkID ($Datacenter) {
	$datacenterView = ($Datacenter | Get-View)
	$datacenterView.Network | Foreach {
		$Network = New-Object -TypeName PSObject -Property @{
			Name = (Get-View –Id $_).name
			ID = $_.Value
		}
		$Network
	}
}
Function Post-vShieldAPI ($URL, $Body) {
	$wc = New-Object System.Net.WebClient

	# Add Authorization headers
	$URL = ($Global:DefaultvShieldServer.ServerUri) + $URL
	$wc.Headers.Add(($Global:DefaultvShieldServer.Authorization))
	$wc.UploadString($URL, "POST", $Body)
}
Function Install-vShieldApp ($VMHost, $Datastore, $ManagementPortGroup, $ManagementIP, $ManagementNetMask, $ManagementDGW) {
	$VMHostMR = ($VMHost.Id).trim("HostSystem-")
	$DatastoreMR = ($Datastore.Id).trim("Datastore-")
	$NetworkMR = (Get-NetworkID -Datacenter (Get-Datacenter) | Where { $_.Name -eq $ManagementPortGroup}).ID

$Body = @"
<VshieldConfiguration>
	<VszInstallParams>
		<DatastoreId>$DatastoreMR</DatastoreId>
		<ManagementPortSwitchId>$NetworkMR</ManagementPortSwitchId>
		<MgmtInterface>
			<IpAddress>$ManagementIP</IpAddress>
			<NetworkMask>$ManagementNetMask</NetworkMask>
			<DefaultGw>$ManagementDGW</DefaultGw>
		</MgmtInterface>
	</VszInstallParams>
	<EpsecInstallParams>true</EpsecInstallParams>
	<InstallAction>install</InstallAction>
</VshieldConfiguration>
"@
	Post-vShieldAPI -URL "api/1.0/vshield/$VMHostMR" -Body $Body
}

Connect-vShieldServer -Server 192.168.0.88 -username admin -password default
Connect-VIServer -Server 192.168.0.11

$InstallHost = Get-VMHost "Virtuesx1*"
$Datastore = Get-Datastore "IX2NFS-VMW1"
$PortGroup = Get-VirtualPortgroup -VMHost $InstallHost -Name "VM Network"

Install-vShieldApp -VMHost $InstallHost <code>
	-Datastore $Datastore </code>
	-ManagementPortGroup $PortGroup <code>
	-ManagementIP &quot;192.168.0.89&quot; </code>
	-ManagementDGW &quot;192.168.0.1&quot; `
	-ManagementNetMask &quot;255.255.255.0&quot;

2 thoughts on “Automated install of vShield Services”

Leave a Reply