This repository has been archived by the owner on Oct 28, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 89
/
Copy pathCloneNat.ps1
271 lines (222 loc) · 32.3 KB
/
CloneNat.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
#Sample PowerNSX NAT clone script.
#Nick Bradford, [email protected]
#
#Requires -Module PowerNSX
function Copy-Nat {
<#
.SYNOPSIS
Removes a Logical Switch
.DESCRIPTION
Duplicates the NAT configuration from $SourceEdge to $DestinationEdge.
Approach could be used for other Edge features as well.
Function is pipeline aware, so could be used to duplicate nat from single
source edge to any destination edges on pipline.
.EXAMPLE
PS C:\> get-nsxedge edge01 | get-nsxedgenat | Get-NsxEdgeNatRule
ruleId : 196609
ruleTag : 196609
ruleType : user
action : dnat
vnic : 0
originalAddress : 1.1.1.1
translatedAddress : 2.2.2.2
loggingEnabled : false
enabled : true
protocol : any
originalPort : any
translatedPort : any
edgeId : edge-183
ruleId : 196610
ruleTag : 196610
ruleType : user
action : dnat
vnic : 0
originalAddress : 3.3.3.3
translatedAddress : 4.4.4.4
loggingEnabled : false
enabled : true
protocol : any
originalPort : any
translatedPort : any
edgeId : edge-183
PS C:\> get-nsxedge test | get-nsxedgenat | Get-NsxEdgeNatRule
ruleId : 196609
ruleTag : 196609
ruleType : user
action : dnat
vnic : 0
originalAddress : 1.1.1.1
translatedAddress : 2.2.2.2
loggingEnabled : false
enabled : true
protocol : any
originalPort : any
translatedPort : any
edgeId : edge-185
PS C:\> get-nsxedge test2 | get-nsxedgenat | Get-NsxEdgeNatRule
ruleId : 196609
ruleTag : 196609
ruleType : user
action : dnat
vnic : 0
originalAddress : 1.1.1.1
translatedAddress : 2.2.2.2
loggingEnabled : false
enabled : true
protocol : any
originalPort : any
translatedPort : any
edgeId : edge-186
PS C:\> get-nsxedge | ? { $_.name -match 'test' } | Copy-Nat -SourceEdge (get-nsxedge edge01)
Any existing NAT rules on destination edge Test (edge-185) are about to be overwritten.
Are you sure?
[Y] Yes [N] No [?] Help (default is "N"): y
id : edge-185
version : 10
status : deployed
tenant : default
name : Test
fqdn : Test
enableAesni : true
enableFips : false
vseLogLevel : info
vnics : vnics
appliances : appliances
cliSettings : cliSettings
features : features
autoConfiguration : autoConfiguration
type : gatewayServices
isUniversal : false
hypervisorAssist : false
queryDaemon : queryDaemon
edgeSummary : edgeSummary
Any existing NAT rules on destination edge Test2 (edge-186) are about to be overwritten.
Are you sure?
[Y] Yes [N] No [?] Help (default is "N"): y
id : edge-186
version : 4
status : deployed
tenant : default
name : Test2
fqdn : Test2
enableAesni : true
enableFips : false
vseLogLevel : info
vnics : vnics
appliances : appliances
cliSettings : cliSettings
features : features
autoConfiguration : autoConfiguration
type : gatewayServices
isUniversal : false
hypervisorAssist : false
queryDaemon : queryDaemon
edgeSummary : edgeSummary
PS C:\> get-nsxedge test | get-nsxedgenat | Get-NsxEdgeNatRule
ruleId : 196609
ruleTag : 196609
ruleType : user
action : dnat
vnic : 0
originalAddress : 1.1.1.1
translatedAddress : 2.2.2.2
loggingEnabled : false
enabled : true
protocol : any
originalPort : any
translatedPort : any
edgeId : edge-185
ruleId : 196610
ruleTag : 196610
ruleType : user
action : dnat
vnic : 0
originalAddress : 3.3.3.3
translatedAddress : 4.4.4.4
loggingEnabled : false
enabled : true
protocol : any
originalPort : any
translatedPort : any
edgeId : edge-185
PS C:\> get-nsxedge test2 | get-nsxedgenat | Get-NsxEdgeNatRule
ruleId : 196609
ruleTag : 196609
ruleType : user
action : dnat
vnic : 0
originalAddress : 1.1.1.1
translatedAddress : 2.2.2.2
loggingEnabled : false
enabled : true
protocol : any
originalPort : any
translatedPort : any
edgeId : edge-186
ruleId : 196610
ruleTag : 196610
ruleType : user
action : dnat
vnic : 0
originalAddress : 3.3.3.3
translatedAddress : 4.4.4.4
loggingEnabled : false
enabled : true
protocol : any
originalPort : any
translatedPort : any
edgeId : edge-186
#>
#Method:
# 1) Get Source Edge
# 2) Copy source nat feature xml and remove edgeid elem (PowerNSX adds this, and NSX API doesnt expect it and will bail if its there)
# 3) Modify Destination edge xml to:
# a) Remove edgeid elem (PowerNSX adds this, and NSX API doesnt expect it and will bail if its there)
# b) Remove nat elem
# c) import and add source edge nat elem
# 4) Use set-nsxedge to post modified XML back.
param(
[Parameter (Mandatory=$true)]
[System.Xml.XmlElement]$SourceEdge,
[Parameter (Mandatory=$true,ValueFromPipeline=$true)]
[System.Xml.XmlElement]$DestinationEdge,
[Parameter (Mandatory=$false,ValueFromPipeline=$true)]
[Switch]$ConfirmOverwrite=$true
)
begin{
#GetSourceEdge Nat config and remove edgeid and version
$nat = $SourceEdge | Get-NsxEdgeNat
$null = $nat.RemoveChild($nat.selectsinglenode("child::edgeId"))
$null = $nat.RemoveChild($nat.selectsinglenode("child::version"))
}
process{
#Doing this once for each edge on the pipline so $_ is current pipelin obj.. Clone so we dont modify original xml.
$_DestinationEdge = $_.cloneNode($true)
Write-Debug "destedge : $($_DestinationEdge.edgeid)"
#Remove NAT feature if it already exists. Probably need a warning here...
if ( $_DestinationEdge.selectsinglenode("child::features/nat") ) {
if ( $ConfirmOverwrite ) {
#Check user wants to drop existing nat rules.
$message = "Any existing NAT rules on destination edge $($_DestinationEdge.Name) ($($_DestinationEdge.id)) are about to be overwritten."
$question = "Are you sure?"
$choices = New-Object Collections.ObjectModel.Collection[Management.Automation.Host.ChoiceDescription]
$choices.Add((New-Object Management.Automation.Host.ChoiceDescription -ArgumentList '&Yes'))
$choices.Add((New-Object Management.Automation.Host.ChoiceDescription -ArgumentList '&No'))
$decision = $Host.UI.PromptForChoice($message, $question, $choices, 1)
}
else {
$decision = 0
}
if ( $decision -eq 1 ) {
throw "Not removing existing NAT rules on destination edge $($_DestinationEdge.Name) ($($_DestinationEdge.id))"
}
$null = $_DestinationEdge.features.RemoveChild($_DestinationEdge.features.selectsinglenode("child::nat"))
}
#Import and attach NAT node.
$newnat = $_DestinationEdge.OwnerDocument.ImportNode($nat, $true)
$null = $_DestinationEdge.features.AppendChild($newnat)
#Update Edge
$_DestinationEdge | Set-NsxEdge -Confirm:$false
}
end{}
}