Hi Folks,
I am writing a Powershell DSC Configuration Using Script Resource using GetScript,TestScript and SetScript functions.
Idea is to create a configuration for vSwitch Security Policy. I want my all ESX to have security policy as reject. However, Configuration block looks good here but it is trying to set these settings on windows box where i am executing this script. This is not setting up these config on ESX vSwitch. Below is the code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
<span style="color:#000000;">$Vmhost=Get-VMhost -name 'TestESX01'</span> <span style="color:#000000;">$vSwitch=$vmhost|Get-VirtualSwitch -Name vSwitch0</span> <span style="color:#000000;">Configuration vSwitchSecPolicy </span> <span style="color:#000000;">{ Script SecurityPolicy </span> <span style="color:#000000;"> { </span><span style="color:#000000;"> GetScript = { </span> <span style="color:#000000;"> $vSwitchSecPolicy=$vSwitch |Get-SecurityPolicy </span> <span style="color:#000000;"> Return $vSwitchSecPolicy</span> <span style="color:#000000;"> } </span> <span style="color:#000000;"> </span><span style="color:#000000;">TestScript = { </span> <span style="color:#000000;"> if($vSwitchSecpolicy.AllowPromiscuous -eq $true -or $vSwitchSecpolicy.ForgedTransmits -or $true -Or $vSwitchSecpolicy.MacChanges -or $true)</span> <span style="color:#000000;"> {</span> <span style="color:#000000;"> Write-verbose "Compliant: $false"</span> <span style="color:#000000;"> return $false</span> <span style="color:#000000;"> }</span> <span style="color:#000000;"> else</span> <span style="color:#000000;"> {</span> <span style="color:#000000;"> write-verbose "Compliant: $true"</span> <span style="color:#000000;"> return $true</span> <span style="color:#000000;"> }</span> <span style="color:#000000;"> } </span> <span style="color:#000000;"> SetScript = {</span> <span style="color:#000000;"> Write-Verbose "Started Seeting up Sec Policies"</span> <span style="color:#000000;"> Get-SecurityPolicy -VirtualSwitch $vSwitch |Set-SecurityPolicy -AllowPromiscuous $false -ForgedTransmits $false -MacChanges $false </span> <span style="color:#000000;"> } </span> <span style="color:#000000;"> } </span> <span style="color:#000000;">} </span> <span style="color:#000000;">vSwitchSecPolicy</span> <span style="color:#000000;">Start-DscConfiguration -wait -Verbose -Path C:\users\JatinP\Desktop\Scripts\DSC_Test\target\vSwitchSecPolicy -Force</span> |
Here are the quick questions.
1.How can we set our node as ESX host?
2. Is there any other way to setup DSC Configuration for ESX hosts?
Hello there!
I hope referring below links can help you to figure out that
https://msdn.microsoft.com/en-us/powershell/dsc/scriptresource
https://msdn.microsoft.com/en-us/powershell/dsc/configurations