I've been trying to rollout a vCloud 5.5 environment using PowerCLI, and so far I've got the following working code:
#Code written by MrBoogiee for SLTN Cloud Services (www.sltncloud.nl)
$snapins = @("VMware.VimAutomation.Core", "VMware.VimAutomation.Cloud")
foreach ($snapin in $snapins){
try {
Write-Host "Trying to load snapin $snapin"
Add-PSSnapin $snapin -ErrorAction Stop
Write-Host "$Snapin loaded"
}
catch {
Write-Host "$snapin was already loaded or cannot be loaded"
}
}
#Variables
$orgName = "PowerCLI"
$orgFullName = "PowerCLI Test Rollout"
$cpu = 2
$vdcDescription = $orgName
$memory = 2
$storage = 2
$providerVdc = "Production01"
$networkPool = "Production01-VXLAN-NP"
$firstExternalIP = "1.1.1.1"
$lastExternalIP = "1.1.1.2"
$internalGateway = "192.168.1.1"
$internalNetmask= "255.255.255.0"
$firstInternalIP = "192.168.1.2"
$lastInternalIP = "192.168.1.5"
#Connect to vCloud URL
Connect-CIServer vcloud.provider.org
$externalNetwork = Get-ExternalNetwork -ProviderVdc $providerVdc -Name "Internet"
# Create Organization
New-Org -Name $orgName -FullName $orgFullName -Description ""
$org = get-org -name $orgName
$VAppLeaseSettings = $org.ExtensionData.Settings.GetvAppLeaseSettings()
$VAppLeaseSettings.DeploymentLeaseSeconds = "0"
$VAppLeaseSettings.StorageLeaseSeconds = "0"
$VAppLeaseSettings.UpdateServerData()
$vAppTemplateLeaseSettings = $org.ExtensionData.Settings.GetVAppTemplateLeaseSettings()
$vAppTemplateLeaseSettings.StorageLeaseSeconds = "0"
$vAppTemplateLeaseSettings.UpdateServerData()
$OrgOperationLimitsSettings = $org.ExtensionData.Settings.GetOperationLimitsSettings()
$OrgOperationLimitsSettings.ConsolesPerVmLimit = "4"
$OrgOperationLimitsSettings.OperationsPerUser = "5"
$OrgOperationLimitsSettings.OperationsPerOrg = "10"
$OrgOperationLimitsSettings.UpdateServerData()
# TODO stop if organization alread exists
# Create Organization Virtual Datacenter
New-OrgVdc -Org $orgName -AllocationModelAllocationPool -CpuAllocationGHz $cpu -MemoryAllocationGB $memory -Description $vdcDescription -Name $orgName -ProviderVdc $providerVdc -StorageAllocationGB $storage -NetworkPool $networkPool
$orgVdc = Get-OrgVdc -Org $orgName -Name $orgName
Set-OrgVdc -OrgVdc $orgVdc -CpuGuaranteedPercent 10 -MemoryGuaranteedPercent 100 -NetworkMaxCount 1 -ThinProvisioned $false -UseFastProvisioning $true
# Create Edge Firewall
$firewall = New-Object VMware.VimAutomation.Cloud.Views.Gateway
$firewall.Name = $orgName
$firewall.Configuration = New-Object VMware.VimAutomation.Cloud.Views.GatewayConfiguration
$firewall.Configuration.BackwardCompatibilityMode = $false
$firewall.Configuration.GatewayBackingConfig = "compact"
$firewall.Configuration.UseDefaultRouteForDnsRelay = $true
$firewall.Configuration.HaEnabled = $false
$firewall.Configuration.EdgeGatewayServiceConfiguration = New-Object VMware.VimAutomation.Cloud.Views.GatewayFeatures
$firewall.Configuration.GatewayInterfaces = New-Object VMware.VimAutomation.Cloud.Views.GatewayInterfaces
$firewall.Configuration.GatewayInterfaces.GatewayInterface = New-Object VMware.VimAutomation.Cloud.Views.GatewayInterface
$firewall.Configuration.GatewayInterfaces.GatewayInterface[0].DisplayName = "uplink1"
$firewall.Configuration.GatewayInterfaces.GatewayInterface[0].Network = $externalNetwork.Href
$firewall.Configuration.GatewayInterfaces.GatewayInterface[0].InterfaceType = "uplink"
$firewall.Configuration.GatewayInterfaces.GatewayInterface[0].UseForDefaultRoute = $true
$firewall.Configuration.GatewayInterfaces.GatewayInterface[0].ApplyRateLimit = $false
$externalSubnet = New-Object VMware.VimAutomation.Cloud.Views.SubnetParticipation
$externalSubnet.Gateway = $externalNetwork.Gateway
$externalSubnet.Netmask = $externalNetwork.Netmask
$externalSubnet.IpAddress = $firstExternalIP
$externalSubnet.IpRanges = New-Object VMware.VimAutomation.Cloud.Views.IpRanges
$externalSubnet.IpRanges.IpRange = New-Object VMware.VimAutomation.Cloud.Views.IpRange
$externalSubnet.IpRanges.IpRange[0].StartAddress = $firstExternalIP
$externalSubnet.IpRanges.IpRange[0].EndAddress = $lastExternalIP
$firewall.Configuration.GatewayInterfaces.GatewayInterface[0].SubnetParticipation = $externalSubnet
$orgVdc.ExtensionData.CreateEdgeGateway($firewall)
# TODO wait for creation of Edge to complete
While ((Search-Cloud -QueryType EdgeGateway | get-ciview | where {$_.name -eq $orgName}).tasks.task.Status -eq "running") {
write-host "Please wait, we're currently rolling out the Edge Firewall..."
}
# Create an Internal network on the Edge gateway
$edgeGateway = Search-Cloud -QueryType EdgeGateway -Name $orgName | Get-CIView | where {$_.name -like "$orgname*"}
$network = New-Object VMware.VimAutomation.Cloud.Views.OrgVdcNetwork
$network.EdgeGateway = $edgeGateway.Id
$network.isShared = $false
$network.Configuration = New-Object VMware.VimAutomation.Cloud.Views.NetworkConfiguration
$network.Name = $orgName + " Internal"
$network.Configuration.IpScopes = New-Object VMware.VimAutomation.Cloud.Views.IpScopes
$network.Configuration.FenceMode = "natRouted"
$IpScope = New-Object VMware.VimAutomation.Cloud.Views.IpScope
$IpScope.Gateway = $internalGateway
$IpScope.Netmask = $internalNetmask
$IpScope.Dns1 = $internalGateway
$IpScope.IpRanges = New-Object VMware.VimAutomation.Cloud.Views.IpRanges
$IpScope.IpRanges.IpRange = New-Object VMware.VimAutomation.Cloud.Views.IpRange
$IpScope.IpRanges.IpRange[0].StartAddress = $firstInternalIP
$IpScope.IpRanges.IpRange[0].EndAddress = $lastInternalIP
$network.Configuration.IpScopes.IpScope += $IpScope
$orgVdc.ExtensionData.CreateNetwork($network)
While ((Search-Cloud -QueryType EdgeGateway | get-ciview | where {$_.name -eq $orgName}).tasks.task.Status -eq "running") {
write-host "Please wait, we're currently rolling out the internal network..."
}
#Setup the firewall services for the network
$firewallService = New-Object VMware.VimAutomation.Cloud.Views.FirewallService
$firewallService.DefaultAction = "drop"
$firewallService.FirewallRule = New-Object VMware.VimAutomation.Cloud.Views.FirewallRule
$firewallRule = New-Object VMware.VimAutomation.Cloud.Views.FirewallRule
$firewallRule.IsEnabled = $true
$firewallRule.Description = "Default Outgoing Allowed"
$firewallRule.Protocols = New-Object VMware.VimAutomation.Cloud.Views.FirewallRuleTypeProtocols
$firewallRule.Protocols.any = $true
$firewallRule.Policy = "allow"
$firewallRule.SourceIp = "internal"
$firewallRule.DestinationIp = "external"
$firewallRule.Port = "-1"
$firewallRule.SourcePort = "-1"
$firewallRule.EnableLogging = $false
$firewallService.FirewallRule = $firewallRule
$firewallService.LogDefaultAction = $false
$firewallService.IsEnabled = $true
$edge = Search-Cloud -QueryType EdgeGateway | Get-CIView | where {$_.name -eq $orgName}
$edge.ConfigureServices($firewallService)
While ((Search-Cloud -QueryType EdgeGateway | get-ciview | where {$_.name -eq $orgName}).tasks.task.Status -eq "running") {
write-host "Please wait, we're currently rolling out the default firewall rule..."
}
Again, this part works. When I try to add a NAT rule however, I run into problems. The code for this is as follows:
When I now try to resolve this by adding the following line before the "$natService.NatRule = $natRule" line:
When I do a $natRule | get-Member, the GatewayNatRule property does not exist. Does anybody have a clue how to work around this? There are plenty posts on the internet explaining how to create NAT rules for vApps, but I can't seem to find any on create NAT rules for OrgVDC Edges (and they really don't work the same way...). I want to be able to automatically roll out an SNAT rule where the internal network is being NATed to $firstExternalIP on the internet interface.