[Azure]使用Powershell输出某台ASM虚拟机的NSG和ACL
2017-02-26 20:17
666 查看
这个脚本用于输出ASM模式下虚拟机的NSG和ACL,对于多网卡虚拟机也同样适用。可以输出所有网络接口的NSG以及虚拟机所在子网的NSG。
脚本如下:
param(
#The name of the subscription to take all the operations within.
[Parameter(Mandatory = $true)]
[string]$SubscriptionName,
# Cloud Service Name.
[Parameter(Mandatory = $true)]
[string]$ServiceName,
# Virtual Machine Name.
[Parameter(Mandatory = $true)]
[string]$VMName
)
$cred = Get-Credential;
Add-AzureAccount -Environment AzureChinaCloud -Credential $cred;
Select-AzureSubscription -SubscriptionName $SubscriptionName;
Function PrintVirtualMachineNetworkSecurityRules($vm)
{
$customRules = New-Object System.Collections.ArrayList;
#$defaultRules = New-Object System.Collections.ArrayList;
$duplicateNsgs = New-Object System.Collections.ArrayList;
# collect ACLs
$endpoints = $vm | Get-AzureEndpoint;
foreach($endpoint in $endpoints)
{
foreach($aclRule in $endpoint.Acl.Rules)
{
$name = $aclRule.Description;
if($name -eq "") #Description is required currently, so skip
{
$name = "<ACL>"
}
$vip = $endpoint.Vip;
if($vip -eq $NULL)
{
$vip = "<CloudSerivce Vip>";
}
$customRules.Add(@{RuleName=$name; Protocol=$endpoint.Protocol; Source=$aclRule.RemoteSubnet; SourcePort="*"; Dest=$vip; DestPort=$endpoint.Port; Access=$aclRule.Action; Priority=$aclRule.Order; Direction="Inbound"; Catagory="Endpoint ACL";});
}
}
# collect NSG associated with VM
$nsgToVM = $vm | Get-AzureNetworkSecurityGroupAssociation;
if(!$duplicateNsgs.Contains($nsgToVM.Name))
{
$duplicateNsgs.Add($nsgToVM.Name);
$rules = $nsgToVM.Rules;
foreach($rule in $rules)
{
$customRules.Add(@{RuleName=$rule.Name; Protocol=$rule.Protocol; Source=$rule.SourceAddressPrefix; SourcePort=$rule.SourcePortRange; Dest=$rule.DestinationAddressPrefix; DestPort=$rule.DestinationPortRange; Access=$rule.Action; Priority=$rule.Priority; Direction=$rule.Type; Catagory="VirtualMachine NSG";});
}
}
# collect NSG associated with subnet of the VM
$virtualNetworkName = $vm.VirtualNetworkName;
if($virtualNetworkName -ne "")
{
foreach($networkConfiguration in $vm.VM.ConfigurationSets)
{
$subnetName = $networkConfiguration.SubnetNames[0];
if($subnetName -ne "")
{
$nsg = Get-AzureNetworkSecurityGroupAssociation -VirtualNetworkName $virtualNetworkName -SubnetName $subnetName -Detailed;
if(!$duplicateNsgs.Contains($nsg.Name))
{
$duplicateNsgs.Add($nsg.Name);
$rules = $nsg.Rules;
foreach($rule in $rules)
{
$customRules.Add(@{RuleName=$rule.Name; Protocol=$rule.Protocol; Source=$rule.SourceAddressPrefix; SourcePort=$rule.SourcePortRange; Dest=$rule.DestinationAddressPrefix; DestPort=$rule.DestinationPortRange; Access=$rule.Action; Priority=$rule.Priority; Direction=$rule.Type; Catagory="Subnet NSG";});
}
}
}
}
}
$customRules | select @{Name="Name"; Expression={$_["RuleName"]}}, @{Name="Protocol";Expression={$_["Protocol"]}}, @{Name="Source"; Expression={$_["Source"]}}, @{Name="SourcePort"; Expression={$_["SourcePort"]}}, @{Name="Dest"; Expression={$_["Dest"]}}, @{Name="DestPort"; Expression={$_["DestPort"]}}, @{Name="Access"; Expression={$_["Access"]}}, @{Name="Priority"; Expression={$_["Priority"]}}, @{Name="Direction"; Expression={$_["Direction"]}}, @{Name="Catagory"; Expression={$_["Catagory"]}} | Out-GridView;
}
$vm = Get-AzureVM -ServiceName $ServiceName -Name $VMName;
PrintVirtualMachineNetworkSecurityRules $vm;
调用方法:
[ASM]show_virtual_machine_network_rules.ps1 -SubscriptionName <Subscription Name> -ServiceName <CloudService Name> -VMName <VM Name>
输出结果:
这个脚本用于输出ASM模式下虚拟机的NSG和ACL,对于多网卡虚拟机也同样适用。可以输出所有网络接口的NSG以及虚拟机所在子网的NSG。
脚本如下:
param(
#The name of the subscription to take all the operations within.
[Parameter(Mandatory = $true)]
[string]$SubscriptionName,
# Cloud Service Name.
[Parameter(Mandatory = $true)]
[string]$ServiceName,
# Virtual Machine Name.
[Parameter(Mandatory = $true)]
[string]$VMName
)
$cred = Get-Credential;
Add-AzureAccount -Environment AzureChinaCloud -Credential $cred;
Select-AzureSubscription -SubscriptionName $SubscriptionName;
Function PrintVirtualMachineNetworkSecurityRules($vm)
{
$customRules = New-Object System.Collections.ArrayList;
#$defaultRules = New-Object System.Collections.ArrayList;
$duplicateNsgs = New-Object System.Collections.ArrayList;
# collect ACLs
$endpoints = $vm | Get-AzureEndpoint;
foreach($endpoint in $endpoints)
{
foreach($aclRule in $endpoint.Acl.Rules)
{
$name = $aclRule.Description;
if($name -eq "") #Description is required currently, so skip
{
$name = "<ACL>"
}
$vip = $endpoint.Vip;
if($vip -eq $NULL)
{
$vip = "<CloudSerivce Vip>";
}
$customRules.Add(@{RuleName=$name; Protocol=$endpoint.Protocol; Source=$aclRule.RemoteSubnet; SourcePort="*"; Dest=$vip; DestPort=$endpoint.Port; Access=$aclRule.Action; Priority=$aclRule.Order; Direction="Inbound"; Catagory="Endpoint ACL";});
}
}
# collect NSG associated with VM
$nsgToVM = $vm | Get-AzureNetworkSecurityGroupAssociation;
if(!$duplicateNsgs.Contains($nsgToVM.Name))
{
$duplicateNsgs.Add($nsgToVM.Name);
$rules = $nsgToVM.Rules;
foreach($rule in $rules)
{
$customRules.Add(@{RuleName=$rule.Name; Protocol=$rule.Protocol; Source=$rule.SourceAddressPrefix; SourcePort=$rule.SourcePortRange; Dest=$rule.DestinationAddressPrefix; DestPort=$rule.DestinationPortRange; Access=$rule.Action; Priority=$rule.Priority; Direction=$rule.Type; Catagory="VirtualMachine NSG";});
}
}
# collect NSG associated with subnet of the VM
$virtualNetworkName = $vm.VirtualNetworkName;
if($virtualNetworkName -ne "")
{
foreach($networkConfiguration in $vm.VM.ConfigurationSets)
{
$subnetName = $networkConfiguration.SubnetNames[0];
if($subnetName -ne "")
{
$nsg = Get-AzureNetworkSecurityGroupAssociation -VirtualNetworkName $virtualNetworkName -SubnetName $subnetName -Detailed;
if(!$duplicateNsgs.Contains($nsg.Name))
{
$duplicateNsgs.Add($nsg.Name);
$rules = $nsg.Rules;
foreach($rule in $rules)
{
$customRules.Add(@{RuleName=$rule.Name; Protocol=$rule.Protocol; Source=$rule.SourceAddressPrefix; SourcePort=$rule.SourcePortRange; Dest=$rule.DestinationAddressPrefix; DestPort=$rule.DestinationPortRange; Access=$rule.Action; Priority=$rule.Priority; Direction=$rule.Type; Catagory="Subnet NSG";});
}
}
}
}
}
$customRules | select @{Name="Name"; Expression={$_["RuleName"]}}, @{Name="Protocol";Expression={$_["Protocol"]}}, @{Name="Source"; Expression={$_["Source"]}}, @{Name="SourcePort"; Expression={$_["SourcePort"]}}, @{Name="Dest"; Expression={$_["Dest"]}}, @{Name="DestPort"; Expression={$_["DestPort"]}}, @{Name="Access"; Expression={$_["Access"]}}, @{Name="Priority"; Expression={$_["Priority"]}}, @{Name="Direction"; Expression={$_["Direction"]}}, @{Name="Catagory"; Expression={$_["Catagory"]}} | Out-GridView;
}
$vm = Get-AzureVM -ServiceName $ServiceName -Name $VMName;
PrintVirtualMachineNetworkSecurityRules $vm;
调用方法:
[ASM]show_virtual_machine_network_rules.ps1 -SubscriptionName <Subscription Name> -ServiceName <CloudService Name> -VMName <VM Name>
输出结果:
相关文章推荐
- [Azure]使用Powershell输出某台ARM虚拟机的NSG
- [Azure]使用Powershell输出Azure订阅下所有虚拟机的ACL信息
- [Azure]使用Powershell批量添加虚拟机ACL
- [Azure]使用Azure Powershell重新部署ASM虚拟机
- [Azure]使用Powershell为ASM虚拟机创建快照
- [Azure]使用Azure Powershell输出ASM模式下某个账号中所有订阅下的虚拟网络拓扑
- [Azure]使用Azure Powershell查看ASM模式下Azure存储中的vhd文件对应的虚拟机
- [Azure]使用Powershell批量开启ASM虚拟机(带状态检测和重试)
- [Azure]使用Powershell重新生成ARM虚拟机网卡
- [Azure]使用Powershell克隆ARM虚拟机(非托管磁盘)
- 使用 Azure PowerShell 管理 Azure 虚拟网络和 Windows 虚拟机
- 通过Azure Powershell获取asm及arm虚拟机的配置信息
- [Azure]使用Powershell输出经典模式下全部云服务的VIP
- [Azure]使用Powershell调整ARM虚拟机的系统磁盘和数据磁盘大小
- Azure China (8) 使用Azure PowerShell创建虚拟机,并设置固定Virtual IP Address和Private IP
- [Azure]使用Powershell将ARM虚拟机(托管磁盘)加入可用性集
- 使用 Azure PowerShell 管理 Azure 虚拟网络和 Windows 虚拟机
- [Azure]使用Azure Powershell输出ARM模式下某个账号中所有订阅下的虚拟网络拓扑
- [Azure]使用Azure Powershell清理ASM模式下未使用的Disk和vhd