Getting started with vSphere PowerShell PowerCLI and PowerNSX – PowerShell extensions for NSX
Last week figured out how to script vSphere related stuff with Python. This week it is time for something new... how can we "script" vSphere stuff using PowerShell and how can we script NSX related stuff in particular.
So this is a list of steps (if you are really getting started) that you need to take to get started!
- Install Windows
- Install vSphere PowerShell
- Install the DEVELOPMENT VERSION of NSX PowerShell add-on (manually)
- Connect to vCenter Server (trough PowerShell)
- Connect to NSX Manager (trough PowerShell)
- View available NSX PowerShell commands
- Verify if connection is working correctly with some “Get Commands”
Install Windows
In order to work with PowerShell this one is pretty obvious I guess ... but as this is like a "beginners" guide I have to mention it. Once you installed Windows (I tested it on Windows 2012 R2) the you will have access to the PowerShell command Line.
Install vSphere PowerShell
Before I stared I tried to retrieve some information that was already available on the internet an I found this useful blog post.
Now before you can "use" vSphere PowerShell you need to install it first.
The latest version can be downloaded here. The installation is fairly simple its just click Next, Next and Next and accept the license agreement that nobody ever reads and you have installed vSphere PowerShell. From now on you can do "things" with your current vSphere environment. For now we are not going to go deeper into this because our goal is to do "things" with our NSX environment.
Install the DEVELOPMENT VERSION of NSX PowerShell add–on 〈manually〉
You probably noticed the title said "Install the DEVELOPMENT VERSION of NSX PowerShell add-on". This is because there is also a RELEASED version available here.
The reason why I specifically want the DEVELOPMENT version is because this DEVELOPMENT version supports more commands so you can do more then the RELEASED version. The DEVELOPMENT version can be downloaded here.
Some useful links in the process of installing NSX PowerShell where this and this link.
Because I was too fast and dod not READ properly I initially installed the “automatic" NSX PowerShell version which installs the RELEASE version. And I needed to have the DEVELOPMENT version that has more capabilities.
So I download the powernsx.psm1 file (development one) here. I actually just opened the RAW version and copy/pasted the tekst into Notepad++ and saved it as “powernsx.psm1” and saved it in the C:\ root. Because I still have not figured out how this GitHub stuff works... And I needed to uninstall the RELEASED version and install the DEVELOPMENT version.
PowerCLI C:\> remove-module powernsx PowerCLI C:\> import-module powernsx.psm1
When you IMPORT the module make sure you are "sitting" in the same directory as where you are installing it from. My powernsx.psm1 file / module was just in C:\ (the root).
Connect to vCenter Server 〈trough PowerShell〉
First we need to connect to the vCenter Server and when we do this the script asks to put in a username / password with enough rights to perform the needed actions. We use the vCenter Server admin credentials for this.
PowerCLI C:\> Connect-VIServer cmdlet Connect-VIServer at command pipeline position 1 Supply values for the following parameters: Server[0]: dc1-pod11-vcsa-01 Server[1]: WARNING: There were one or more problems with the server certificate for the server dc1-pod11-vcsa-01:443: * The X509 chain could not be built up to the root certificate. * The certificate's CN name does not match the passed value. Certificate: [Subject] C=US, CN=dc1-pod11-vcsa-01.pod11.local [Issuer] OU=VMware, O=dc1-pod11-vcsa-01.pod11.local, S=California, C=US, DC=local, DC=pod11, CN=CA [Serial Number] 00C2E3BF920EF358D1 [Not Before] 6/16/2016 9:06:16 AM [Not After] 6/11/2026 9:06:15 AM [Thumbprint] B6674ACB4EA7DE528B410977193EF5153F9B2A72 The server certificate is not valid. WARNING: THE DEFAULT BEHAVIOR UPON INVALID SERVER CERTIFICATE WILL CHANGE IN A FUTURE RELEASE. To ensure scripts are not affected by the change, use Set-PowerCLIConfiguration to set a value for the InvalidCertificateAction option. Name Port User ---- ---- ---- root ##b##dc1-pod11-vcsa-01 443 POD11.LOCAL\Administrator PowerCLI C:\>
Connect to NSX Manager 〈trough PowerShell〉
Then we need to connect to the NSX Manager and when we do this the script asks to put in a username / password with enough rights to perform the needed actions. We use the NSX Manager admin credentials for this.
PowerCLI C:\> Connect-NsxServer cmdlet Connect-NsxServer at command pipeline position 1 Supply values for the following parameters: Server: 192.11.220.110 Credential The property 'VersionInfo' cannot be found on this object. Verify that the property exists. At C:\PowerNSX.psm1:2874 char:81 + ... ion" -value "$($response.VersionInfo.majorVersion).$($response.VersionInfo.minor ... + 22:06, 31 July 2016 (CEST)22:06, 31 July 2016 (CEST)22:06, 31 July 2016 (CEST)22:06, 31 July 2016 (CEST)22:06, 31 July 2016 (CEST)22:06, 31 July 2016 (CEST)[[User:Iwan Hoogendoorn|Iwan Hoogendoorn]] ([[User talk:Iwan Hoogendoorn|talk]]) 22:06, 31 July 2016 (CEST) + CategoryInfo : NotSpecified: (:) [], PropertyNotFoundException + FullyQualifiedErrorId : PropertyNotFoundStrict The property 'VersionInfo' cannot be found on this object. Verify that the property exists. At C:\PowerNSX.psm1:2874 char:119 + ... ajorVersion).$($response.VersionInfo.minorVersion).$($response.VersionInf o.patch ... + 22:06, 31 July 2016 (CEST)22:06, 31 July 2016 (CEST)22:06, 31 July 2016 (CEST)22:06, 31 July 2016 (CEST)22:06, 31 July 2016 (CEST)22:06, 31 July 2016 (CEST)[[User:Iwan Hoogendoorn|Iwan Hoogendoorn]] ([[User talk:Iwan Hoogendoorn|talk]]) 22:06, 31 July 2016 (CEST) + CategoryInfo : NotSpecified: (:) [], PropertyNotFoundException + FullyQualifiedErrorId : PropertyNotFoundStrict The property 'VersionInfo' cannot be found on this object. Verify that the property exists. At C:\PowerNSX.psm1:2874 char:157 + ... inorVersion).$($response.VersionInfo.patchVersion)" -force + 22:06, 31 July 2016 (CEST)22:06, 31 July 2016 (CEST)22:06, 31 July 2016 (CEST)22:06, 31 July 2016 (CEST)22:06, 31 July 2016 (CEST)22:06, 31 July 2016 (CEST)[[User:Iwan Hoogendoorn|Iwan Hoogendoorn]] ([[User talk:Iwan Hoogendoorn|talk]]) 22:06, 31 July 2016 (CEST) + CategoryInfo : NotSpecified: (:) [], PropertyNotFoundException + FullyQualifiedErrorId : PropertyNotFoundStrict The property 'VersionInfo' cannot be found on this object. Verify that the property exists. At C:\PowerNSX.psm1:2875 char:85 + ... ber" -value "$($response.VersionInfo.BuildNumber)" + 22:06, 31 July 2016 (CEST)22:06, 31 July 2016 (CEST)22:06, 31 July 2016 (CEST)22:06, 31 July 2016 (CEST)22:06, 31 July 2016 (CEST)22:06, 31 July 2016 (CEST)[[User:Iwan Hoogendoorn|Iwan Hoogendoorn]] ([[User talk:Iwan Hoogendoorn|talk]]) + CategoryInfo : NotSpecified: (:) [], PropertyNotFoundException + FullyQualifiedErrorId : PropertyNotFoundStrict Using existing PowerCLI connection to 192.11.220.100 Version : .. BuildNumber : Credential : System.Management.Automation.PSCredential Server : 192.11.220.110 Port : 443 Protocol : https ValidateCertificate : False VIConnection : dc1-pod11-vcsa-01.pod11.local DebugLogging : False DebugLogFile : C:\Users\ADMINI~1\AppData\Local\Temp\PowerNSXLog-admin@19 2.11.220.110-2016_07_28_04_01_02.log
I am getting some errors in the above output and this is because I was connecting to an NSX Manager version 6.2.3 and apparently this is not a fully supported version... but hey it eventually worked in the end (even with these errors).
View available NSX PowerShell commands
Now we have connected to both the vCenter Server and the NSX Manager we can start looking at the list of "available" commands that we can use with PowerNSX.
PowerCLI C:\> Get-Command -Module PowerNSX
CommandType Name ModuleName
---- ---- ----------
Function Add-NsxEdgeInterfaceAddress PowerNSX
Function Add-NsxLoadBalancerPoolMember PowerNSX
Function Add-NsxLoadBalancerVip PowerNSX
Function Add-NsxSecurityGroupMember PowerNSX
Function Add-XmlElement PowerNSX
Function Check-PowerCliAsemblies PowerNSX
Function Clear-NsxEdgeInterface PowerNSX
Function Connect-NsxServer PowerNSX
Function Disconnect-NsxServer PowerNSX
Function Format-XML PowerNSX
Function Get-FeatureStatus PowerNSX
Function Get-NsxBackingDVSwitch PowerNSX
Function Get-NsxBackingPortGroup PowerNSX
Function Get-NsxCliDfwAddrSet PowerNSX
Function Get-NsxCliDfwFilter PowerNSX
Function Get-NsxCliDfwRule PowerNSX
Function Get-NsxClusterStatus PowerNSX
Function Get-NsxController PowerNSX
Function Get-NsxEdge PowerNSX
Function Get-NsxEdgeBgp PowerNSX
Function Get-NsxEdgeBgpNeighbour PowerNSX
Function Get-NsxEdgeCertificate PowerNSX
Function Get-NsxEdgeCsr PowerNSX
Function Get-NsxEdgeInterface PowerNSX
Function Get-NsxEdgeInterfaceAddress PowerNSX
Function Get-NsxEdgeNat PowerNSX
Function Get-NsxEdgeNatRule PowerNSX
Function Get-NsxEdgeOspf PowerNSX
Function Get-NsxEdgeOspfArea PowerNSX
Function Get-NsxEdgeOspfInterface PowerNSX
Function Get-NsxEdgePrefix PowerNSX
Function Get-NsxEdgeRedistributionRule PowerNSX
Function Get-NsxEdgeRouting PowerNSX
Function Get-NsxEdgeStaticRoute PowerNSX
Function Get-NsxEdgeSubInterface PowerNSX
Function Get-NsxFirewallRule PowerNSX
Function Get-NsxFirewallSection PowerNSX
Function Get-NsxHostUvsmLogging PowerNSX
Function Get-NsxIpPool PowerNSX
Function Get-NsxIpSet PowerNSX
Function Get-NsxLoadBalancer PowerNSX
Function Get-NsxLoadBalancerApplicationProfile PowerNSX
Function Get-NsxLoadBalancerMonitor PowerNSX
Function Get-NsxLoadBalancerPool PowerNSX
Function Get-NsxLoadBalancerPoolMember PowerNSX
Function Get-NsxLoadBalancerVip PowerNSX
Function Get-NsxLogicalRouter PowerNSX
Function Get-NsxLogicalRouterBgp PowerNSX
Function Get-NsxLogicalRouterBgpNeighbour PowerNSX
Function Get-NsxLogicalRouterInterface PowerNSX
Function Get-NsxLogicalRouterOspf PowerNSX
Function Get-NsxLogicalRouterOspfArea PowerNSX
Function Get-NsxLogicalRouterOspfInterface PowerNSX
Function Get-NsxLogicalRouterPrefix PowerNSX
Function Get-NsxLogicalRouterRedistributionRule PowerNSX
Function Get-NsxLogicalRouterRouting PowerNSX
Function Get-NsxLogicalRouterStaticRoute PowerNSX
Function Get-NsxLogicalSwitch PowerNSX
Function Get-NsxMacSet PowerNSX
Function Get-NsxSecurityGroup PowerNSX
Function Get-NsxSecurityGroupEffectiveMembers PowerNSX
Function Get-NsxSecurityPolicy PowerNSX
Function Get-NsxSecurityTag PowerNSX
Function Get-NsxSecurityTagAssignment PowerNSX
Function Get-NsxSegmentIdRange PowerNSX
Function Get-NsxService PowerNSX
Function Get-NsxSpoofguardNic PowerNSX
Function Get-NsxSpoofguardPolicy PowerNSX
Function Get-NsxSslVpn PowerNSX
Function Get-NsxSslVpnAuthServer PowerNSX
Function Get-NsxSslVpnClientInstallationPackage PowerNSX
Function Get-NsxSslVpnIpPool PowerNSX
Function Get-NsxSslVpnPrivateNetwork PowerNSX
Function Get-NsxSslVpnUser PowerNSX
Function Get-NsxTransportZone PowerNSX
Function Get-NsxVdsContext PowerNSX
Function Get-PowerNsxVersion PowerNSX
Function Grant-NsxSpoofguardNicApproval PowerNSX
Function Install-NsxCluster PowerNSX
Function Invoke-NsxCli PowerNSX
Function Invoke-NsxRestMethod PowerNSX
Function Invoke-NsxWebRequest PowerNSX
Function New-NsxAddressSpec PowerNSX
Function New-NsxAppliedToListNode PowerNSX
Function New-NsxClusterVxlanConfig PowerNSX
Function New-NsxController PowerNSX
Function New-NsxEdge PowerNSX
Function New-NsxEdgeBgpNeighbour PowerNSX
Function New-NsxEdgeCsr PowerNSX
Function New-NsxEdgeInterfaceSpec PowerNSX
Function New-NsxEdgeNatRule PowerNSX
Function New-NsxEdgeOspfArea PowerNSX
Function New-NsxEdgeOspfInterface PowerNSX
Function New-NsxEdgePrefix PowerNSX
Function New-NsxEdgeRedistributionRule PowerNSX
Function New-NsxEdgeSelfSignedCertificate PowerNSX
Function New-NsxEdgeStaticRoute PowerNSX
Function New-NsxEdgeSubInterface PowerNSX
Function New-NsxEdgeSubInterfaceSpec PowerNSX
Function New-NsxFirewallRule PowerNSX
Function New-NsxFirewallSection PowerNSX
Function New-NsxIpPool PowerNSX
Function New-NsxIpSet PowerNSX
Function New-NsxLoadBalancerApplicationProfile PowerNSX
Function New-NsxLoadBalancerMemberSpec PowerNSX
Function New-NsxLoadBalancerMonitor PowerNSX
Function New-NsxLoadBalancerPool PowerNSX
Function New-NsxLogicalRouter PowerNSX
Function New-NsxLogicalRouterBgpNeighbour PowerNSX
Function New-NsxLogicalRouterInterface PowerNSX
Function New-NsxLogicalRouterInterfaceSpec PowerNSX
Function New-NsxLogicalRouterOspfArea PowerNSX
Function New-NsxLogicalRouterOspfInterface PowerNSX
Function New-NsxLogicalRouterPrefix PowerNSX
Function New-NsxLogicalRouterRedistributionRule PowerNSX
Function New-NsxLogicalRouterStaticRoute PowerNSX
Function New-NsxLogicalSwitch PowerNSX
Function New-NsxMacSet PowerNSX
Function New-NsxManager PowerNSX
Function New-NsxSecurityGroup PowerNSX
Function New-NsxSecurityTag PowerNSX
Function New-NsxSecurityTagAssignment PowerNSX
Function New-NsxSegmentIdRange PowerNSX
Function New-NsxService PowerNSX
Function New-NsxSourceDestNode PowerNSX
Function New-NsxSpoofguardPolicy PowerNSX
Function New-NsxSslVpnAuthServer PowerNSX
Function New-NsxSslVpnClientInstallationPackage PowerNSX
Function New-NsxSslVpnIpPool PowerNSX
Function New-NsxSslVpnPrivateNetwork PowerNSX
Function New-NsxSslVpnUser PowerNSX
Function New-NsxTransportZone PowerNSX
Function New-NsxVdsContext PowerNSX
Function Parse-CentralCliResponse PowerNSX
Function PrivateAdd-NsxEdgeVnicAddressGroup PowerNSX
Function Publish-NsxSpoofguardPolicy PowerNSX
Function Redeploy-NsxEdge PowerNSX
Function Remove-NsxCluster PowerNSX
Function Remove-NsxClusterVxlanConfig PowerNSX
Function Remove-NsxEdge PowerNSX
Function Remove-NsxEdgeBgpNeighbour PowerNSX
Function Remove-NsxEdgeCertificate PowerNSX
Function Remove-NsxEdgeCsr PowerNSX
Function Remove-NsxEdgeInterfaceAddress PowerNSX
Function Remove-NsxEdgeNatRule PowerNSX
Function Remove-NsxEdgeOspfArea PowerNSX
Function Remove-NsxEdgeOspfInterface PowerNSX
Function Remove-NsxEdgePrefix PowerNSX
Function Remove-NsxEdgeRedistributionRule PowerNSX
Function Remove-NsxEdgeStaticRoute PowerNSX
Function Remove-NsxEdgeSubInterface PowerNSX
Function Remove-NsxFirewallRule PowerNSX
Function Remove-NsxFirewallSection PowerNSX
Function Remove-NsxIpSet PowerNSX
Function Remove-NsxLoadBalancerApplicationProfile PowerNSX
Function Remove-NsxLoadBalancerMonitor PowerNSX
Function Remove-NsxLoadBalancerPool PowerNSX
Function Remove-NsxLoadBalancerPoolMember PowerNSX
Function Remove-NsxLoadBalancerVip PowerNSX
Function Remove-NsxLogicalRouter PowerNSX
Function Remove-NsxLogicalRouterBgpNeighbour PowerNSX
Function Remove-NsxLogicalRouterInterface PowerNSX
Function Remove-NsxLogicalRouterOspfArea PowerNSX
Function Remove-NsxLogicalRouterOspfInterface PowerNSX
Function Remove-NsxLogicalRouterPrefix PowerNSX
Function Remove-NsxLogicalRouterRedistributionRule PowerNSX
Function Remove-NsxLogicalRouterStaticRoute PowerNSX
Function Remove-NsxLogicalSwitch PowerNSX
Function Remove-NsxMacSet PowerNSX
Function Remove-NsxSecurityGroup PowerNSX
Function Remove-NsxSecurityGroupMember PowerNSX
Function Remove-NsxSecurityPolicy PowerNSX
Function Remove-NsxSecurityTag PowerNSX
Function Remove-NsxSecurityTagAssignment PowerNSX
Function Remove-NsxSegmentIdRange PowerNSX
Function Remove-NsxService PowerNSX
Function Remove-NsxSpoofguardPolicy PowerNSX
Function Remove-NsxSslVpnClientInstallationPackage PowerNSX
Function Remove-NsxSslVpnIpPool PowerNSX
Function Remove-NsxSslVpnPrivateNetwork PowerNSX
Function Remove-NsxSslVpnUser PowerNSX
Function Remove-NsxTransportZone PowerNSX
Function Remove-NsxVdsContext PowerNSX
Function Revoke-NsxSpoofguardNicApproval PowerNSX
Function Set-NsxEdge PowerNSX
Function Set-NsxEdgeBgp PowerNSX
Function Set-NsxEdgeInterface PowerNSX
Function Set-NsxEdgeNat PowerNSX
Function Set-NsxEdgeOspf PowerNSX
Function Set-NsxEdgeRouting PowerNSX
Function Set-NsxHostUvsmLogging PowerNSX
Function Set-NsxLoadBalancer PowerNSX
Function Set-NsxLogicalRouterBgp PowerNSX
Function Set-NsxLogicalRouterInterface PowerNSX
Function Set-NsxLogicalRouterOspf PowerNSX
Function Set-NsxLogicalRouterRouting PowerNSX
Function Set-NsxManager PowerNSX
Function Set-NsxSslVpn PowerNSX
Function Test-WebServerSSL PowerNSX
Function Update-PowerNsx PowerNSX
Function Validate-AddressGroupSpec PowerNSX
Function Validate-DistributedSwitch PowerNSX
Function Validate-Edge PowerNSX
Function Validate-EdgeBgpNeighbour PowerNSX
Function Validate-EdgeCertificate PowerNSX
Function Validate-EdgeCsr PowerNSX
Function Validate-EdgeInterface PowerNSX
Function Validate-EdgeInterfaceAddress PowerNSX
Function Validate-EdgeInterfaceSpec PowerNSX
Function Validate-EdgeNat PowerNSX
Function Validate-EdgeNatRule PowerNSX
Function Validate-EdgeOspfArea PowerNSX
Function Validate-EdgeOspfInterface PowerNSX
Function Validate-EdgePrefix PowerNSX
Function Validate-EdgeRedistributionRule PowerNSX
Function Validate-EdgeRouting PowerNSX
Function Validate-EdgeSslVpn PowerNSX
Function Validate-EdgeSslVpnClientPackage PowerNSX
Function Validate-EdgeSslVpnIpPool PowerNSX
Function Validate-EdgeSslVpnPrivateNetwork PowerNSX
Function Validate-EdgeSslVpnUser PowerNSX
Function Validate-EdgeStaticRoute PowerNSX
Function Validate-EdgeSubInterface PowerNSX
Function Validate-FirewallAppliedTo PowerNSX
Function Validate-FirewallRuleSourceDest PowerNSX
Function Validate-IpPool PowerNSX
Function Validate-LoadBalancer PowerNSX
Function Validate-LoadBalancerApplicationProfile PowerNSX
Function Validate-LoadBalancerMemberSpec PowerNSX
Function Validate-LoadBalancerMonitor PowerNSX
Function Validate-LoadBalancerPool PowerNSX
Function Validate-LoadBalancerPoolMember PowerNSX
Function Validate-LoadBalancerVip PowerNSX
Function Validate-LogicalRouter PowerNSX
Function Validate-LogicalRouterBgpNeighbour PowerNSX
Function Validate-LogicalRouterInterface PowerNSX
Function Validate-LogicalRouterInterfaceSpec PowerNSX
Function Validate-LogicalRouterOspfArea PowerNSX
Function Validate-LogicalRouterOspfInterface PowerNSX
Function Validate-LogicalRouterPrefix PowerNSX
Function Validate-LogicalRouterRedistributionRule PowerNSX
Function Validate-LogicalRouterRouting PowerNSX
Function Validate-LogicalRouterStaticRoute PowerNSX
Function Validate-LogicalSwitch PowerNSX
Function Validate-LogicalSwitchOrDistributedPortGroup PowerNSX
Function Validate-LogicalSwitchOrDistributedPortGroupOrS... PowerNSX
Function Validate-SecurityGroupMember PowerNSX
Function Validate-SecurityTag PowerNSX
Function Validate-SegmentIdRange PowerNSX
Function Validate-Service PowerNSX
Function Validate-SpoofguardNic PowerNSX
Function Validate-SpoofguardPolicy PowerNSX
Function Validate-TagAssignment PowerNSX
Function Validate-TransportZone PowerNSX
Function Validate-VdsContext PowerNSX
Function Validate-VirtualMachine PowerNSX
Function Where-NsxVMUsed PowerNSX
PowerCLI C:\>
Wow! There is a lot that you can verify configure and even delete right?
Verify if connection is working correctly with some Get-Commands
I have issued two "test" commands that you can use to see if it is really working...
First we verify the PowerNsxVersion / Module that I have installed (manually).
PowerCLI C:\> Get-PowerNsxVersion Version Path Author CompanyName ---- ---- ------ ----------- root ##b##0.0 C:\PowerNSX.psm1
Then we verify ALL my NSX Edge Services Gateways that I have deployed so far.
PowerCLI C:\> Get-NsxEdge root ##b##id : edge-1 version : 5 status : deployed datacenterMoid : datacenter-2 datacenterName : DC1 - POD11 tenant : default name : dc1-pod11-esg-01 fqdn : dc1-pod11-esg-01 enableAesni : true enableFips : false vseLogLevel : emergency vnics : vnics appliances : appliances cliSettings : cliSettings features : features autoConfiguration : autoConfiguration type : gatewayServices isUniversal : false hypervisorAssist : false queryDaemon : queryDaemon edgeSummary : edgeSummary