PowerShell DSC + VMware: Issue with Script Resource

Hi Folks,

I am writing a Powershell DSC Configuration Using Script Resource using GetScript,TestScript and SetScript functions.

Idea is to create a configuration for vSwitch Security Policy. I want my all ESX to have security policy as reject. However, Configuration block looks good here but it is trying to set these settings on windows box where i am executing this script. This is not setting up these config on ESX vSwitch. Below is the code

 

VMwareDSCIssue

$Vmhost=Get-VMhost -name 'TestESX01'
$vSwitch=$vmhost|Get-VirtualSwitch -Name vSwitch0
Configuration vSwitchSecPolicy    
{
     Script SecurityPolicy          
     {           
            GetScript = { 
            $vSwitchSecPolicy=$vSwitch |Get-SecurityPolicy       
            Return $vSwitchSecPolicy
           } 
           TestScript = { 
           if($vSwitchSecpolicy.AllowPromiscuous -eq $true -or $vSwitchSecpolicy.ForgedTransmits -or $true -Or $vSwitchSecpolicy.MacChanges -or $true)
            {
                Write-verbose "Compliant: $false"
                return $false
            }
           else
            {
               write-verbose "Compliant: $true"
               return $true
            }
           }   
          SetScript = {
            Write-Verbose "Started Seeting up Sec Policies"
            Get-SecurityPolicy -VirtualSwitch $vSwitch |Set-SecurityPolicy -AllowPromiscuous $false -ForgedTransmits $false -MacChanges $false     
        }          
         }   

vSwitchSecPolicy
Start-DscConfiguration -wait -Verbose -Path C:\users\JatinP\Desktop\Scripts\DSC_Test\target\vSwitchSecPolicy -Force

 

Here are the quick questions.

1.How can we set our node as ESX host?

2. Is there any other way to setup DSC Configuration for ESX hosts?

3 thoughts on “PowerShell DSC + VMware: Issue with Script Resource

Leave a Reply