Creating Global Roles With PowerCLI in vCenter 6
While middle in the migration from a vCenter 5.1 environment to a vCenter 6.x environment I wanted to use the Global Roles so I don’t have to set them per vCenter anymore.
So how do I create those global roles?
Well the important thing is to connect to your vCenter (Connect-VIServer) using the administrator@vsphere.local user (or your SSO user if you configured a different one)
Because you login with the SSO user you can create the global roles by just using the New-VIRole command.
Example:
So in with the function below I tried to create a simple function with parameters -From and -To to simply recreate the roles from vCenter1 to vCenter2.
I make use of the logwrite function I posted earlier to spam some messages on screen and to a text file
Before:
– I expect you to be connected to both vCenters using the Connect-VIServer cmdlet.
01 |
function Migrate-VIrole{ |
04 |
Migrates the VCenter roles from one vCenter to another |
06 |
A detailed description of the function. |
08 |
This is the vCenter to read from |
10 |
This is the vCenter to build the datacenter on |
12 |
PSC:\> Migrate-VIRole-FromvCenter1 -TovCenter2 |
19 |
[OutputType([System.String])] |
21 |
[Parameter(Position=1, Mandatory=$true)] |
25 |
[Parameter(Position=2, Mandatory=$true)] |
32 |
$ArrRolesFrom= Get-VIRole-Server$From|?{$_.IsSystem -eq$False} |
33 |
$ArrRolesTo= Get-VIRole-Server$To|?{$_.IsSystem -eq$False} |
36 |
foreach($Rolein $ArrRolesFrom){ |
37 |
if($ArrRolesTo|where{$_.Name -like$role}) |
39 |
Logwrite -Error"$Role already exists on $To" |
40 |
logwrite -Info"Checking permissions for $role" |
41 |
[string[]]$PrivsRoleFrom= Get-VIPrivilege-Role(Get-VIRole-Name$Role-Server$From) |%{$_.id} |
42 |
[string[]]$PrivsRoleTo= Get-VIPrivilege-Role(Get-VIRole-Name$Role-Server$To) |%{$_.id} |
43 |
foreach($Privilegein $PrivsRoleFrom){ |
44 |
if ($PrivsRoleTo| where{$_ -Like$Privilege}) |
46 |
Logwrite -Error"$Privilege already exists on $role" |
51 |
Set-VIRole-Role(Get-VIRole-Name$Role-Server$To) -AddPrivilege(Get-VIPrivilege-Id$PrivsRoleFrom-Server$To)|Out-Null |
52 |
Logwrite -Success"Setting $privilege on $role" |
59 |
New-VIrole-Name$Role-Server$To|Out-Null |
60 |
Logwrite -Success"Creating $Role on $To" |
61 |
Logwrite -Info"Checking permissions for $role" |
62 |
[string[]]$PrivsRoleFrom= Get-VIPrivilege-Role(Get-VIRole-Name$Role-Server$From) |%{$_.id} |
63 |
[string[]]$PrivsRoleTo= Get-VIPrivilege-Role(Get-VIRole-Name$Role-Server$To) |%{$_.id} |
64 |
foreach($Privilegein $PrivsRoleFrom) |
66 |
if ($PrivsRoleTo|where{$_ -Like$Privilege}) |
68 |
Logwrite -Error"$Privilege already exists on $role" |
73 |
Set-VIRole-role(get-virole-Name$Role-Server$To) -AddPrivilege(get-viprivilege-id$PrivsRoleFrom-server$To)|Out-Null |
74 |
logwrite -success"Setting $privilege on $role" |