DscResources/HyperV/HyperV.schema.psm1
|
# see https://github.com/dsccommunity/xHyper-V configuration HyperV { param ( [Parameter()] [ValidateSet('Server', 'Client')] $HostOS = 'Server', [Parameter()] [Boolean] $EnableEnhancedSessionMode = $false, [Parameter()] [String] $VirtualHardDiskPath, [Parameter()] [String] $VirtualMachinePath, [Parameter()] [Hashtable[]] $VMSwitches, [Parameter()] [Hashtable[]] $VMMachines ) Import-DscResource -ModuleName PSDesiredStateConfiguration Import-DscResource -ModuleName 'xHyper-V' [string]$dependsOnHostOS = $null if( $HostOS -eq 'Server' ) { WindowsFeature 'Hyper-V-WinSrv' { Name = 'Hyper-V' Ensure = 'Present' } WindowsFeature 'Hyper-V-Powershell-WinSrv' { Name = 'Hyper-V-Powershell' Ensure = 'Present' DependsOn = '[WindowsFeature]Hyper-V-WinSrv' } $dependsOnHostOS = '[WindowsFeature]Hyper-V-Powershell-WinSrv' } elseif( $HostOS -eq 'Client' ) { WindowsOptionalFeature 'Hyper-V-Win10' { Name = 'Microsoft-Hyper-V-All' NoWindowsUpdateCheck = $true RemoveFilesOnDisable = $true Ensure = 'Enable' } $dependsOnHostOS = '[WindowsOptionalFeature]Hyper-V-Win10' } ####################################################################### #region Host Settings $configHyperV = @{ IsSingleInstance = 'Yes' EnableEnhancedSessionMode = $EnableEnhancedSessionMode } if( -not [string]::IsNullOrWhiteSpace($VirtualHardDiskPath) ) { $configHyperV.VirtualHardDiskPath = $VirtualHardDiskPath } if( -not [string]::IsNullOrWhiteSpace($VirtualMachinePath) ) { $configHyperV.VirtualMachinePath = $VirtualMachinePath } (Get-DscSplattedResource -ResourceName xVMHost -ExecutionName 'config_HyperVHost' -Properties $configHyperV -NoInvoke).Invoke( $configHyperV ) #endregion ####################################################################### #region Virtual switches if( $null -ne $VMSwitches ) { $natSwitch = '' foreach( $vmswitch in $VMSwitches ) { # Remove case sensitivity of ordered Dictionary or Hashtables $vmswitch = @{} + $vmswitch $netName = $vmswitch.Name $netAddressSpace = $vmswitch.AddressSpace $netIpAddress = $vmswitch.IpAddress $netGateway = $vmswitch.Gateway $netCategory = $vmswitch.NetworkCategory $netInterfaceMetric = $vmswitch.InterfaceMetric $vmSwitch.Remove('AddressSpace') $vmSwitch.Remove('IpAddress') $vmSwitch.Remove('Gateway') $vmSwitch.Remove('NetworkCategory') $vmSwitch.Remove('InterfaceMetric') if( $vmswitch.Type -eq 'NAT' ) { if( -not [string]::IsNullOrWhiteSpace($natSwitch) ) { throw "ERROR: Only one NAT switch is supported." } if( [string]::IsNullOrWhiteSpace($netAddressSpace) -or [string]::IsNullOrWhiteSpace($netIpAddress) ) { throw "ERROR: A NAT switch requires the 'AddressSpace' and 'IpAddress' attribute." } $natSwitch = $vmswitch.Name $vmswitch.Type = 'Internal' } elseif( $vmswitch.Type -eq 'Private' -and (-not [string]::IsNullOrWhiteSpace($netAddressSpace) -or -not [string]::IsNullOrWhiteSpace($netIpAddress) -or -not [string]::IsNullOrWhiteSpace($netGateway) -or -not [string]::IsNullOrWhiteSpace($netCategory) -or -not [string]::IsNullOrWhiteSpace($netInterfaceMetric) )) { throw "ERROR: A private switch doesn't support 'AddressSpace', 'IpAddress', 'Gateway', 'NetworkCategory' or 'InterfaceMetric' attribute." } $vmswitch.DependsOn = $dependsOnHostOS $executionName = $vmswitch.Name -replace '[().:\s]', '_' (Get-DscSplattedResource -ResourceName xVMSwitch -ExecutionName "vmswitch_$executionName" -Properties $vmswitch -NoInvoke).Invoke( $vmswitch ) # enable Net Adressspace, IpAddress and NAT switch if( -not [string]::IsNullOrWhiteSpace($netIpAddress) -or -not [string]::IsNullOrWhiteSpace($netCategory) ) { # Default is adapter auto configuration with 255.255.0.0 -> 16 [int]$netPrefixLength = 16; if( -not [string]::IsNullOrWhiteSpace($netAddressSpace) ) { $prefixSelect = $netAddressSpace | Select-String '\d+\.\d+\.\d+\.\d+/(\d+)' if( $null -eq $prefixSelect ) { throw "ERROR: Invalid format of attribute 'AddressSpace'." } $netPrefixLength = $prefixSelect.Matches.Groups[1].Value } if( -not [string]::IsNullOrWhiteSpace($netIpAddress) -and -not ($netIpAddress -match '\d+\.\d+\.\d+\.\d+') ) { throw "ERROR: Invalid format of attribute 'IpAddress'." } if( -not [string]::IsNullOrWhiteSpace($netGateway) -and -not ($netGateway -match '\d+\.\d+\.\d+\.\d+') ) { throw "ERROR: Invalid format of attribute 'Gateway'." } if( -not [string]::IsNullOrWhiteSpace($netCategory) -and -not ($netCategory -match '^(Public|Private|DomainAuthenticated)$') ) { throw "ERROR: Invalid value of attribute 'NetworkCategory'." } Script "vmnet_$executionName" { TestScript = { [boolean]$result = $true $netAdapter = Get-NetAdapter -ErrorAction SilentlyContinue | Where-Object { $_.Name -match $using:netName } if( $null -eq $netAdapter ) { $result = $false Write-Verbose "NetAdapter containing switch name '$using:netName' not found." } elseif( -not [string]::IsNullOrWhiteSpace( $using:netGateway ) ) { $netIpConfig = Get-NetIPConfiguration -InterfaceIndex $netAdapter.InterfaceIndex if( $null -eq $netIpConfig -or $netIpConfig.IPv4DefaultGateway -ne $using:netGateway ) { Write-Verbose "NetAdapter '$using:netName' has not the expected default gateway ($using:netGateway)." } } if( -not [string]::IsNullOrWhiteSpace( $using:netIpAddress ) ) { $netIpAddr = Get-NetIPAddress -IPAddress $using:netIpAddress -ErrorAction SilentlyContinue if( $null -eq $netIpAddr -or $netIpAddr.InterfaceIndex -ne $netAdapter.InterfaceIndex -or $netIpAddr.PrefixLength -ne $using:netPrefixLength ) { $result = $false Write-Verbose "NetAdapter '$using:netName' has not the expected IP configuration ($using:netIpAddress/$using:netPrefixLength)." } } # check network category if( -not [string]::IsNullOrWhiteSpace( $using:netCategory ) ) { $netProfile = Get-NetConnectionProfile -InterfaceIndex $netAdapter.InterfaceIndex if ($null -eq $netProfile -or $netProfile.NetworkCategory -ne $using:netCategory ) { $result = $false Write-Verbose "NetAdapter '$using:netName' has not the expected network category ($using:netCategory)." } } # check NAT switch if( $using:netName -eq $using:natSwitch ) { $netNat = Get-NetNat -Name $using:netName -ErrorAction SilentlyContinue if( ($null -eq $netNat -or $netNat.InternalIPInterfaceAddressPrefix -ne $using:netAddressSpace) ) { $result = $false Write-Verbose "NetNAT '$using:netName' not found or has not the expected configuration." } } $result return $result } SetScript = { $netAdapter = Get-NetAdapter | Where-Object { $_.Name -match $using:netName } if( $null -eq $netAdapter ) { Write-Error "ERROR: NetAdapter containing switch name '$using:netName' not found." return } if( -not [string]::IsNullOrWhiteSpace($using:netIpAddress) ) { # remove existing configuration Remove-NetIPAddress -IPAddress $using:netIpAddress -Confirm:$false -ErrorAction SilentlyContinue # Remove all routes including the default gateway Remove-NetRoute -InterfaceIndex $netAdapter.InterfaceIndex Write-Verbose "Create IP Address '$using:netIpAddress'..." $ipAddrParams = @{ IPAddress = $using:netIpAddress PrefixLength = $using:netPrefixLength InterfaceIndex = $netAdapter.InterfaceIndex } if( -not [string]::IsNullOrWhiteSpace( $using:netGateway ) ) { $ipAddrParams.DefaultGateway = $using:netGateway } New-NetIPAddress @ipAddrParams } # set network category if( -not [string]::IsNullOrWhiteSpace( $using:netCategory ) ) { if( $using:netCategory -eq 'DomainAuthenticated') { Write-Verbose "Set NetworkCategory of NetAdapter '$using:netName' to '$using:netCategory ' is not supported. The computer automatically sets this value when the network is authenticated to a domain controller." # Workaround if the computer is domain joined -> Restart NLA service to restart the network location check # see https://newsignature.com/articles/network-location-awareness-service-can-ruin-day-fix/ Write-Verbose "Restarting NLA service to reinitialize the network location check..." Restart-Service nlasvc -Force Start-Sleep 5 $netProfile = Get-NetConnectionProfile -InterfaceIndex $netAdapter.InterfaceIndex Write-Verbose "Current NetworkCategory is now: $($netProfile.NetworkCategory)" if( $netProfile.NetworkCategory -ne $using:netCategory ) { Write-Error "NetAdapter '$using:netName' is not '$using:netCategory'." } } else { Write-Verbose "Set NetworkCategory of NetAdapter '$using:netName' to '$using:netCategory '." Set-NetConnectionProfile -InterfaceIndex $netAdapter.InterfaceIndex -NetworkCategory $using:netCategory } } if( $using:netName -eq $using:natSwitch ) { Remove-NetNat $using:netName -Confirm:$false -ErrorAction SilentlyContinue Write-Verbose "Create NetNat '$using:netName'..." New-NetNat -Name $using:netName -InternalIPInterfaceAddressPrefix $using:netAddressSpace } } GetScript = { return @{result = 'N/A' } } DependsOn = "[xVMSwitch]vmswitch_$executionName" } } if( $null -ne $netInterfaceMetric -and $netInterfaceMetric -gt 0 ) { Script "vmnetInterfaceMetric_$executionName" { TestScript = { $netIf = Get-NetIpInterface | Where-Object { $_.InterfaceAlias -match $using:netName } if( $null -eq $netIf ) { Write-Verbose "NetAdapter containing switch name '$using:netName' not found." return $false } [boolean]$result = $true $netIf | ForEach-Object { Write-Verbose "InterfaceMetric $($_.AddressFamily): $($_.InterfaceMetric)"; if( $_.InterfaceMetric -ne $using:netInterfaceMetric ) { $result = $false }; } Write-Verbose "Expected Interface Metric: $using:netInterfaceMetric" return $result } SetScript = { $netIf = Get-NetIpInterface | Where-Object { $_.InterfaceAlias -match $using:netName } if( $null -eq $netIf ) { Write-Error "NetAdapter containing switch name '$using:netName' not found." } else { $netIf | ForEach-Object { Write-Verbose "Set $($_.AddressFamily) InterfaceMetric to $($using:netInterfaceMetric)"; $_ | Set-NetIpInterface -InterfaceMetric $using:netInterfaceMetric } } } GetScript = { return @{result = 'N/A' } } } } } } #endregion ####################################################################### #region Virtual machines if( $null -ne $VMMachines ) { foreach( $vmmachine in $VMMachines ) { $vmName = $vmmachine.Name # VM state will be handled as last step $vmState = $vmmachine.State $vmmachine.Remove( 'State' ) $strVMDepend = "[xVMHyperV]$vmName" $strVHDPath = "$($vmmachine.Path)\$vmName\Disks" $iMemorySize = ($vmmachine.StartupMemory / 1MB) * 1MB # save the additional disk and drives definitions $arrDisks = @() $arrDrives = @() if( $vmmachine.Disks -is [System.Array] ) { for( $i = 1; $i -lt $vmmachine.Disks.Count; ++$i ) { $arrDisks += $vmmachine.Disks[$i] } } foreach( $drive in $vmmachine.Drives ) { $arrDrives += $drive } # create the OS disk $disk = $vmmachine.Disks[0] if( $disk.Path.Length -lt 1 ) { $disk.Path = $strVHDPath } $strVHDName = "$($vmName)_$($disk.Name).vhdx" $strVHDFile = "$($disk.Path)\$strVHDName" $folderVHD = "$($vmName)_DiskPath_$($disk.Name)" $strVHD = "$($vmName)_Disk_$($disk.Name)" File $folderVHD { Ensure = 'Present' Type = 'Directory' DestinationPath = $disk.Path DependsOn = $dependsOnHostOS } if( $disk.Contains( 'CopyFrom' ) ) { $strVHDDepend = "[FILE]$strVHD" File $strVHD { Ensure = 'Present' Type = 'File' SourcePath = $disk.CopyFrom DestinationPath = $strVHDFile DependsOn = "[File]$folderVHD" } } else { $iDiskSize = ($disk.Size / 1GB) * 1GB $strVHDDepend = "[xVHD]$strVHD" xVHD $strVHD { Name = $strVHDName Path = $strVHDPath MaximumSizeBytes = $iDiskSize Generation = 'Vhdx' Type = 'Dynamic' DependsOn = "[File]$folderVHD" } } # copy files before VM starts at first time if( $null -ne $disk.CopyOnce ) { [int]$i = 0 foreach( $copyStep in $disk.CopyOnce ) { $i++ $scriptCopyOnce = "$($vmName)_Disk_$($disk.Name)_CopyOnce_$i" $sources = @() + $copyStep.Sources $targetDir = $copyStep.Destination $excludes = @() + $copyStep.Excludes $prepareScripts = @() + $copyStep.PrepareScripts if( $sources.Count -eq 0 -or [string]::IsNullOrWhiteSpace($sources[0]) ) { throw "ERROR: Missing CopyOnce sources at disk '$($disk.Name)' of VM '$vmName'." } if( [string]::IsNullOrWhiteSpace($copyStep.Destination) ) { throw "ERROR: Missing CopyOnce destination at disk '$($disk.Name)' of VM '$vmName'." } Script $scriptCopyOnce { TestScript = { # run only before creation of VM if( $null -eq (Get-VM -Name $using:vmName -ErrorAction SilentlyContinue) ) { Write-Verbose "VM '$using:vmName' not found. Performing CopyOnce action is possible." return $false } Write-Verbose "The destination VM '$using:vmName' was found and no action is required." return $true } SetScript = { # reset readonly flags of VHDX file Write-Verbose "Reset readonly file attribute of VHDX '$using:strVHDFile'..." Set-ItemProperty -Path $using:strVHDFile -Name IsReadOnly -Value $false -ErrorAction Stop Write-Verbose "Mounting VHDX '$using:strVHDFile' on host computer '$env:COMPUTERNAME'..." $mountedDisk = Mount-VHD -Path $using:strVHDFile -Passthru -ErrorAction Stop try { # execute prepare scripts foreach( $script in $using:prepareScripts ) { Write-Verbose "Executing scriptblock: $script" $exec = [ScriptBlock]::Create($script) Invoke-Command -ScriptBlock $exec -ErrorAction Stop } [String]$driveLetter = ($mountedDisk | Get-Disk | Get-Partition | Where-Object {$_.Type -eq "Basic"} | Select-Object -ExpandProperty DriveLetter) + ":" $driveLetter = $driveLetter -replace '\s','' Write-Verbose "VHDX '$using:strVHDFile' mounted as drive '$driveLetter'" [String]$targetPath = "$driveLetter\$using:targetDir" Start-Sleep -Seconds 2 #Optional Get-PSDrive | Out-Null #refresh PsDrive, Optional Write-Verbose "Copy files from host source directories $($using:sources -join ', ') to mounted VHDX '$targetPath'..." New-Item -Path $targetPath -ItemType Directory -Force Copy-Item -Path $using:sources -Destination $targetPath -Exclude $using:excludes -Recurse -Force -Verbose -ErrorAction Stop } finally { Start-Sleep -Seconds 2 #Optional Dismount-VHD $mountedDisk.Path } } GetScript = { return @{result = 'N/A' } } DependsOn = $strVHDDepend } $strVHDDepend = "[Script]$scriptCopyOnce" } } # set computername in unattended.xml $scriptSetComputerName = "$($vmName)_Disk_$($disk.Name)_SetComputerName" Script $scriptSetComputerName { TestScript = { # run only before creation of VM if( $null -eq (Get-VM -Name $using:vmName -ErrorAction SilentlyContinue) ) { Write-Verbose "The destination object was found and no action is required." return $false } Write-Verbose "VM '$using:vmName' not found. Performing SetComputerName action is possible." return $true } SetScript = { # reset readonly flags of VHDX file Write-Verbose "Reset readonly file attribute of VHDX '$using:strVHDFile'..." Set-ItemProperty -Path $using:strVHDFile -Name IsReadOnly -Value $false -ErrorAction Stop Write-Verbose "Mounting VHDX '$using:strVHDFile' on host computer '$env:COMPUTERNAME'..." $mountedDisk = Mount-VHD -Path $using:strVHDFile -Passthru -ErrorAction Stop try { [String]$driveLetter = ($mountedDisk | Get-Disk | Get-Partition | Where-Object {$_.Type -eq "Basic"} | Select-Object -ExpandProperty DriveLetter) + ":" $driveLetter = $driveLetter -replace '\s','' Write-Verbose "VHDX '$using:strVHDFile' mounted as drive '$driveLetter'" Start-Sleep -Seconds 2 #Optional Get-PSDrive | Out-Null #refresh PsDrive, Optional # path unattend.xml on several search paths $unattendXmlPathList = @( "$driveLetter\unattend.xml", "$driveLetter\Windows\Panther\unattend.xml" ) foreach( $unattendXmlPath in $unattendXmlPathList ) { if( Test-Path -Path $unattendXmlPath ) { Write-Verbose "Set computername in '$unattendXmlPath' to '$using:vmName' on mounted VHDX '$using:strVHDFile'." [xml]$unattendXml = Get-Content -Path $unattendXmlPath $ns = New-Object System.Xml.XmlNamespaceManager($unattendXml.NameTable) $ns.AddNamespace("ns","urn:schemas-microsoft-com:unattend") # set computername $computerNameXml = $unattendXml.SelectSingleNode('//ns:component[@name="Microsoft-Windows-Shell-Setup"]/ns:ComputerName', $ns) $computerNameXml.InnerText = $using:vmName # reset readonly flags of target file Set-ItemProperty -Path $unattendXmlPath -Name IsReadOnly -Value $false $unattendXml.Save( $unattendXmlPath ) } else { Write-Verbose "File '$unattendXmlPath' not found on mounted VHDX '$using:strVHDFile'. Skipping set of computername." } } } finally { Start-Sleep -Seconds 2 #Optional Dismount-VHD $mountedDisk.Path } } GetScript = { return @{result = 'N/A' } } DependsOn = $strVHDDepend } $strVHDDepend = "[Script]$scriptSetComputerName" # save specific network adapter definition $networkAdapters = $vmmachine.NetworkAdapters # save additional settings $checkpointType = $vmmachine.CheckpointType $automaticCheckpointsEnabled = $vmmachine.AutomaticCheckpointsEnabled $automaticStartAction = $vmmachine.AutomaticStartAction $automaticStartDelay = $vmmachine.AutomaticStartDelay $automaticStopAction = $vmmachine.AutomaticStopAction # save security settings $tpmEnabled = $vmmachine.TpmEnabled $encryptTraffic = $vmmachine.EncryptStateAndVmMigrationTraffic # save integration services $enableTimeSyncService = $vmmachine.EnableTimeSyncService # remove all additional settings $vmmachine.Remove( 'Disks' ) $vmmachine.Remove( 'Drives' ) $vmmachine.Remove( 'NetworkAdapters' ) $vmmachine.Remove( 'CheckpointType' ) $vmmachine.Remove( 'AutomaticCheckpointsEnabled' ) $vmmachine.Remove( 'AutomaticStartAction' ) $vmmachine.Remove( 'AutomaticStartDelay' ) $vmmachine.Remove( 'AutomaticStopAction' ) $vmmachine.Remove( 'TpmEnabled' ) $vmmachine.Remove( 'EncryptStateAndVmMigrationTraffic' ) $vmmachine.Remove( 'EnableTimeSyncService' ) # create the virtual machine $vmmachine.DependsOn = $strVHDDepend $vmmachine.VhdPath = $strVHDFile $vmmachine.Generation = 2 $vmmachine.StartupMemory = $iMemorySize # remove all separators from MAC Address if( $vmmachine.MacAddress -ne $null ) { $macAddrList = [System.Collections.ArrayList]@() if( $vmmachine.MacAddress -is [array] ) { foreach( $macAddr in $vmmachine.MacAddress ) { $macAddrList.Add( ($macAddr -replace '[-:\s]','') ) } } else { $macAddrList.Add( ($vmmachine.MacAddress -replace '[-:\s]','') ) } $vmmachine.MacAddress = $macAddrList } (Get-DscSplattedResource -ResourceName xVMHyperV -ExecutionName $vmName -Properties $vmmachine -NoInvoke).Invoke( $vmmachine ) $strVMdepends = "[xVMHyperV]$vmName" # additional VM settings if( $null -ne $checkpointType -or $null -ne $automaticCheckpointsEnabled -or $null -ne $automaticStartAction -or $null -ne $automaticStartDelay -or $null -ne $automaticStopAction ) { $execName = "additionalProp_$vmName" Script $execName { TestScript = { [boolean]$status = $true $vmProp = Get-VM -VMName $using:vmName | Select-Object CheckpointType, AutomaticStartAction, AutomaticStartDelay, AutomaticStopAction, AutomaticCheckpointsEnabled if( $null -ne $vmProp ) { Write-Verbose "VM settings of '$using:vmName':`n$vmProp" if( ($null -ne $using:checkpointType -and $vmProp.CheckpointType -ne $using:checkpointType) -or ($null -ne $using:automaticStartAction -and $vmProp.AutomaticStartAction -ne $using:automaticStartAction) -or ($null -ne $using:automaticStartDelay -and $vmProp.AutomaticStartDelay -ne $using:automaticStartDelay) -or ($null -ne $using:automaticStopAction -and $vmProp.AutomaticStopAction -ne $using:automaticStopAction) -or ($null -ne $using:automaticCheckpointsEnabled -and $vmProp.AutomaticCheckpointsEnabled -ne $using:automaticCheckpointsEnabled) ) { $status = $false } } else { Write-Verbose "VM settings not available." $status = $false } return $status } SetScript = { $vmProps = @{ VMName = $using:vmName } if( $null -ne $using:checkpointType ) { $vmProps.CheckpointType = $using:checkpointType } if( $null -ne $using:automaticStartAction ) { $vmProps.AutomaticStartAction = $using:automaticStartAction } if( $null -ne $using:automaticStartDelay ) { $vmProps.AutomaticStartDelay = $using:automaticStartDelay } if( $null -ne $using:automaticStopAction ) { $vmProps.AutomaticStopAction = $using:automaticStopAction } if( $null -ne $using:automaticCheckpointsEnabled ) { $vmProps.AutomaticCheckpointsEnabled = $using:automaticCheckpointsEnabled } Set-VM @vmProps } GetScript = { return @{result = 'N/A' } } DependsOn = $strVMdepends } $strVMdepends = "[Script]$execName" } # security VM settings if( $null -ne $tpmEnabled -or $null -ne $encryptTraffic ) { $execName = "securityProp_$vmName" Script $execName { TestScript = { [boolean]$status = $true $vmSec = Get-VMSecurity -VMName $using:vmName | Select-Object TpmEnabled, BindToHostTpm, EncryptStateAndVmMigrationTraffic, VirtualizationBasedSecurityOptOut, Shielded if( $null -ne $vmSec ) { Write-Verbose "Security Settings of '$using:vmName':`n$vmSec" if( ($null -ne $using:tpmEnabled -and $vmSec.TpmEnabled -ne $using:tpmEnabled) ) { $status = $false } if( ($null -ne $using:encryptTraffic -and $vmSec.EncryptStateAndVmMigrationTraffic -ne $using:encryptTraffic) ) { $status = $false } } else { Write-Verbose "VM security settings not available." $status = $false } return $status } SetScript = { if( $null -ne $using:encryptTraffic ) { Set-VMSecurity -VMName $using:vmName -EncryptStateAndVmMigrationTraffic $encryptTraffic } if( $null -ne $using:tpmEnabled ) { if( $using:tpmEnabled -eq $true ) { # create a new KeyProtectore if necessary $key = Get-VMKeyProtector -VMName $using:vmName if( $null -eq $key -or $key.Count -lt 10 ) { Set-VMKeyProtector -VMName $using:vmName -NewLocalKeyProtector } Enable-VMTPM -VMName $using:vmName } elseif( $using:tpmEnabled -eq $false ) { Disable-VMTPM -VMName $using:vmName } } } GetScript = { return @{result = 'N/A' } } DependsOn = $strVMdepends } $strVMdepends = "[Script]$execName" } # setup integration services # # Services have localized names, so we must use the last part of the id to identify the service # # Name Id # ---- -- # Gastdienstschnittstelle Microsoft:F9C25F23-DB30-403D-A1CD-31FE241DFD54\6C09BB55-D683-4DA0-8931-C9BF705F6480 # Takt Microsoft:F9C25F23-DB30-403D-A1CD-31FE241DFD54\84EAAE65-2F2E-45F5-9BB5-0E857DC8EB47 # Austausch von Schlüsselwertepaaren Microsoft:F9C25F23-DB30-403D-A1CD-31FE241DFD54\2A34B1C2-FD73-4043-8A5B-DD2159BC743F # Herunterfahren Microsoft:F9C25F23-DB30-403D-A1CD-31FE241DFD54\9F8233AC-BE49-4C79-8EE3-E7E1985B2077 # Zeitsynchronisierung Microsoft:F9C25F23-DB30-403D-A1CD-31FE241DFD54\2497F4DE-E9FA-4204-80E4-4B75C46419C0 # VSS Microsoft:F9C25F23-DB30-403D-A1CD-31FE241DFD54\5CED1297-4598-4915-A5FC-AD21BB4D02A4 # # Name Id # ---- -- # Guest Service Interface Microsoft:700D77D9-74C3-4B2B-AE4D-D7B7089F9B2F\6C09BB55-D683-4DA0-8931-C9BF705F6480 # Heartbeat Microsoft:700D77D9-74C3-4B2B-AE4D-D7B7089F9B2F\84EAAE65-2F2E-45F5-9BB5-0E857DC8EB47 # Key-Value Pair Exchange Microsoft:700D77D9-74C3-4B2B-AE4D-D7B7089F9B2F\2A34B1C2-FD73-4043-8A5B-DD2159BC743F # Shutdown Microsoft:700D77D9-74C3-4B2B-AE4D-D7B7089F9B2F\9F8233AC-BE49-4C79-8EE3-E7E1985B2077 # Time Synchronization Microsoft:700D77D9-74C3-4B2B-AE4D-D7B7089F9B2F\2497F4DE-E9FA-4204-80E4-4B75C46419C0 # VSS Microsoft:700D77D9-74C3-4B2B-AE4D-D7B7089F9B2F\5CED1297-4598-4915-A5FC-AD21BB4D02A4 if( $null -ne $enableTimeSyncService ) { [boolean]$enableTimeSync = [System.Convert]::ToBoolean($enableTimeSyncService) $execName = "timeSyncService_$vmName" Script $execName { TestScript = { $timeSyncSvc = Get-VMIntegrationService -VMName $using:vmName | Where-Object { $_.Id -match '2497F4DE-E9FA-4204-80E4-4B75C46419C0$' } | Select-Object Name, Id, Enabled Write-Verbose "VM: $using:vmName - time sync service: expected: $using:enableTimeSync - current: $timeSyncSvc" if( $timeSyncSvc.Enabled -eq $using:enableTimeSync ) { return $true } return $false } SetScript = { $timeSyncSvc = Get-VMIntegrationService -VMName $using:vmName | Where-Object { $_.Id -match '2497F4DE-E9FA-4204-80E4-4B75C46419C0$' } if( $using:enableTimeSync -eq $true ) { $timeSyncSvc | Enable-VMIntegrationService } else { $timeSyncSvc | Disable-VMIntegrationService } } GetScript = { return @{result = 'N/A' } } DependsOn = $strVMdepends } $strVMdepends = "[Script]$execName" } # Network adapter fix # DSC Hyper-V Resource creates at least one network interface # If no switch and no MAC address is specified we delete this addional network adapter if( [string]::IsNullOrEmpty($vmmachine.MacAddress) -and [string]::IsNullOrEmpty($vmmachine.SwitchName) ) { $execName = "removeUnusedNetAdapter_$vmName" Script $execName { TestScript = { $netAdapt = Get-VMNetworkAdapter -VMName $using:vmName | Where-Object { $_.Connected -eq $false -and $_.MacAddress -eq '000000000000' -and $_.DeviceNaming -eq 'Off' } if( $null -ne $netAdapt ) { Write-Verbose "VM: $using:vmName - unused network adapter found: $netAdapt" return $false } else { Write-Verbose "VM: $using:vmName - no unused network adapter found." return $true } } SetScript = { $netAdapt = Get-VMNetworkAdapter -VMName $using:vmName | Where-Object { $_.Connected -eq $false -and $_.MacAddress -eq '000000000000' -and $_.DeviceNaming -eq 'Off' } $netAdapt | Remove-VMNetworkAdapter } GetScript = { return @{result = 'N/A' } } DependsOn = $strVMdepends } $strVMdepends = "[Script]$execName" } # create specific network adapter foreach( $netAdapter in $networkAdapters ) { # Remove Case Sensitivity of ordered Dictionary or Hashtables $netAdapter = @{}+$netAdapter $netAdapterName = $netAdapter.Name $netAdapter.Id = "$($vmName)_$($netAdapterName)" $netAdapter.VMName = $vmName $netAdapter.Ensure = 'Present' $netAdapter.DependsOn = $strVMdepends if( $netAdapter.MacAddress -ne $null ) { # remove all separators from MAC Address $netAdapter.MacAddress = $netAdapter.MacAddress -replace '[-:\s]','' } if( $netAdapter.NetworkSetting -ne $null ) { $netSetting = xNetworkSettings { IpAddress = $netAdapter.NetworkSetting.IpAddress Subnet = $netAdapter.NetworkSetting.Subnet DefaultGateway = $netAdapter.NetworkSetting.DefaultGateway DnsServer = $netAdapter.NetworkSetting.DnsServer } $netAdapter.NetworkSetting = $netSetting } # Disabled until Pull Request #189 is merged into xHyper-V DSC resource # see https://github.com/dsccommunity/xHyper-V/pull/189 # elseif( $null -eq $netAdapter.IgnoreNetworkSetting ) # { # # if no network settings are specified -> enable IgnoreNetworkSetting as default # $netAdapter.IgnoreNetworkSetting = $true # } # extract additional attributed $dhcpGuard = $netAdapter.DhcpGuard $routerGuard = $netAdapter.RouterGuard $netAdapter.Remove( 'DhcpGuard' ) $netAdapter.Remove( 'RouterGuard' ) $execName = "netadapter_$($netAdapter.Id)" (Get-DscSplattedResource -ResourceName xVMNetworkAdapter -ExecutionName $execName -Properties $netAdapter -NoInvoke).Invoke( $netAdapter ) Script "$($execName)_properties" { TestScript = { $netAdapter = Get-VMNetworkAdapter -VmName $using:vmName -Name $using:netAdapterName if( $null -ne $netAdapter ) { $result = $true Write-Verbose "Networkadapter '$using:netAdapterName': DeviceNaming is '$($netAdapter.DeviceNaming)' (expected: On)" if( $netAdapter.DeviceNaming -ne 'On' ) { $result = $false } Write-Verbose "Networkadapter '$using:netAdapterName': DhcpGuard is '$($netAdapter.DhcpGuard)' (expected: $using:dhcpGuard)" if( -not [string]::IsNullOrWhiteSpace($using:dhcpGuard) -and $netAdapter.DhcpGuard -ne $using:dhcpGuard ) { $result = $false } Write-Verbose "Networkadapter '$using:netAdapterName': RouterGuard is '$($netAdapter.RouterGuard)' (expected: $using:routerGuard)" if( -not [string]::IsNullOrWhiteSpace($using:routerGuard) -and $netAdapter.RouterGuard -ne $using:routerGuard ) { $result = $false } return $result } else { Write-Verbose "Networkadapter '$using:netAdapterName' not found." } return $false } SetScript = { $params = @{ DeviceNaming = 'On' } if( -not [string]::IsNullOrWhiteSpace($using:dhcpGuard) ) { $params.DhcpGuard = $using:dhcpGuard } if( -not [string]::IsNullOrWhiteSpace($using:routerGuard) ) { $params.RouterGuard = $using:routerGuard } Write-Verbose "VM $($using:vmName): Set properties of network adapter $($using:netAdapterName)`n$($params | Out-String)" Get-VMNetworkAdapter -VmName $using:vmName -Name $using:netAdapterName | Set-VMNetworkAdapter @params } GetScript = { return @{result = 'N/A' } } DependsOn = "[xVMNetworkAdapter]$execName" } } # create further disks [string]$strHddDepends = $strVMDepend [int]$iController = 0 [int]$iLocation = 1 foreach( $disk in $arrDisks ) { # copy files before VM starts at first time if( $null -ne $disk.CopyOnce ) { throw "ERROR: CopyOnce is only supported on first disk of VM '$vmName'." } # create the VHD file if( [string]::IsNullOrWhiteSpace( $disk.Path ) ) { $disk.Path = $strVHDPath } $strVHDName = "$($vmName)_$($disk.Name).vhdx" $strVHDFile = "$($disk.Path)\$strVHDName" $folderVHD = "$($vmName)_DiskPath_$($disk.Name)" $strVHD = "$($vmName)_Disk_$($disk.Name)" File $folderVHD { Ensure = 'Present' Type = 'Directory' DestinationPath = $disk.Path DependsOn = $strHddDepends } if( $disk.Contains( 'CopyFrom' ) ) { $strVHDDepend = "[FILE]$strVHD" File $strVHD { Ensure = 'Present' Type = 'File' SourcePath = $disk.CopyFrom DestinationPath = $strVHDFile DependsOn = "[File]$folderVHD" } } else { $iDiskSize = ($disk.Size / 1GB) * 1GB $strVHDDepend = "[xVHD]$strVHD" xVHD $strVHD { Name = $strVHDName Path = $disk.Path MaximumSizeBytes = $iDiskSize Generation = 'Vhdx' Type = 'Dynamic' DependsOn = "[File]$folderVHD" } } # attach the VHD file to the virtual machine $executionName = "$($vmName)_DiskAttach_$($disk.Name)" xVMHardDiskDrive $executionName { Ensure = 'Present' VMName = $vmName Path = $strVHDFile ControllerType = 'SCSI' ControllerNumber = $iController ControllerLocation = $iLocation DependsOn = $strVMDepend, $strVHDDepend } ++$iLocation $strHddDepends = "[xVMHardDiskDrive]$executionName" } # create virtual drives and mount ISO files [string]$strDvdDepends = $strHddDepends $iLocation = 10 foreach( $drive in $arrDrives ) { $executionName = "$($vmName)_Drive_$($drive.Name)" if( $drive.Path.Length ) { xVMDvdDrive $executionName { Ensure = 'Present' VMName = $vmName Path = $drive.Path ControllerNumber = $iController ControllerLocation = $iLocation DependsOn = $strDvdDepends } } else { xVMDvdDrive $executionName { Ensure = 'Present' VMName = $vmName ControllerNumber = $iController ControllerLocation = $iLocation DependsOn = $strDvdDepends } } ++$iLocation $strDvdDepends = "[xVMDvdDrive]$executionName" } # change boot order: first hdd -> system drive, last dvd -> OS install --$iLocation $scriptBootOrderName = "$($vmName)_ChangeBootOrder" Script $scriptBootOrderName { TestScript = { $strPrefix = "[$using:vmName]:" $arrDVDDrives = Get-VMDvdDrive $using:vmName if( ($null -eq $arrDVDDrives) -or ($arrDVDDrives.Count -lt 1) ) { Write-Verbose "$strPrefix No DVD drives found. Boot order left unchanged." return $true } $arrBoot = (Get-VMFirmware $using:vmName).BootOrder if( ($null -eq $arrBoot) -or ($arrBoot.Count -lt 1) ) { Write-Verbose "$strPrefix Can't get informations about the boot devices!" return $false } # first boot device from type File is OK - skip this [int]$bootIndex = 0 if ($arrBoot[0].BootType -eq 'File') { $bootIndex = 1 } if( $arrBoot.Count -eq (1 + $bootIndex) ) { Write-Verbose "$strPrefix Only 1 boot device found. Boot order left unchanged." return $true } $devBootHDD = $arrBoot[$bootIndex].Device if( $null -eq $devBootHDD ) { Write-Verbose "$strPrefix First boot device is null!" return $false } $devBootDVD = $arrBoot[$bootIndex + 1].Device if( $null -eq $devBootDVD ) { Write-Verbose "$strPrefix Second boot device is null!" return $false } $strMsg = "$strPrefix First boot device is set to: $($devBootHDD.ControllerType) $($devBootHDD.ControllerNumber):$($devBootHDD.ControllerLocation)" if( [string]::IsNullOrEmpty($devBootHDD.Path) -eq $false ) { $strMsg += " ($($devBootHDD.Path))" } Write-Verbose $strMsg $strMsg = "$strPrefix Second boot device is set to: $($devBootDVD.ControllerType) $($devBootDVD.ControllerNumber):$($devBootDVD.ControllerLocation)" if( [string]::IsNullOrEmpty($devBootDVD.Path) -eq $false ) { $strMsg += " ($($devBootDVD.Path))" } Write-Verbose $strMsg if( ($devBootHDD.ControllerNumber -eq 0) -and ($devBootHDD.ControllerLocation -eq 0) -and ($devBootDVD.ControllerNumber -eq $using:iController) -and ($devBootDVD.ControllerLocation -eq $using:iLocation) ) { Write-Verbose "$strPrefix The boot order is OK." return $true } else { Write-Verbose "$strPrefix The boot order has to be modified." return $false } } SetScript = { $strPrefix = "[" + $using:vmName + "]:" $arrHDDrives = Get-VMHardDiskDrive $using:vmName $arrDVDDrives = Get-VMDvdDrive $using:vmName if( ($null -eq $arrHDDrives) -or ($arrHDDrives.Count -lt 1) ) { Write-Error "$strPrefix Can't get informations about the hard disks!" return $false } if( ($null -eq $arrDVDDrives) -or ($arrDVDDrives.Count -lt 1) ) { Write-Verbose "$strPrefix No DVD drives found. Boot order left unchanged." return $true } Set-VMFirmware $using:vmName -BootOrder $arrHDDrives[0], $arrDVDDrives[-1] } GetScript = { return @{result = 'N/A' } } DependsOn = $strDvdDepends } # check VM state as last step if( [string]::IsNullOrWhiteSpace($vmState) -eq $false ) { Script "$($vmName)_State" { TestScript = { $vmObj = Get-VM -Name $using:vmName -ErrorAction Stop if( $null -ne $vmObj -and $vmObj.State -eq $using:vmState ) { return $true } return $false } SetScript = { $vmObj = Get-VM -Name $using:vmName -ErrorAction Stop if( $null -ne $vmObj -and $vmObj.State -ne $using:vmState ) { if( $using:vmState -eq 'Running' ) { Write-Verbose "[$using:vmName]: Starting VM '$using:vmState'" Start-VM -Name $using:vmName } elseif( $using:vmState -eq 'Off' ) { Write-Verbose "[$using:vmName]: Stopping VM '$using:vmState'" Stop-VM -Name $using:vmName } elseif( $using:vmState -eq 'Paused' ) { Write-Verbose "[$using:vmName]: Suspend VM '$using:vmState'" Suspend-VM -Name $using:vmName } } } GetScript = { return @{result = 'N/A' } } DependsOn = "[Script]$scriptBootOrderName" } } } } #endregion } |