We have managed to do this using an orchestrator workflow. The workflow executes a script that looks for dvPortgroups with "PROMISC" in the name, when found it enables promiscuous mode on that portgroup. You can schedule this script or as we did use an AMQP broker to intercept vCloud deploy events and execute the script then.
The script we use is:
// Get dvPortgroups and loop through all of them
var networks = VcPlugin.getAllDistributedVirtualPortgroups();
for (i in networks) {
// If "PROMISC" is in the name of the dvPortgroup we will enable promiscuous mode, if not skip this dvPortgroup
if(networks[i].name.search("PROMISC") > 0) {
// If promiscuouse mode is already enabled we don't need to enable it again
if(networks[i].config.defaultPortConfig.securityPolicy.allowPromiscuous.value) {
System.log("DVPortgroup " + networks[i].name + " already on promiscuous mode");
} else {
System.log("DVPortgroup " + networks[i].name + " promiscuous mode allow");
// Some general information
var spec = new VcDVPortgroupConfigSpec();
spec.configVersion = networks[i].config.configVersion;
var defaultPortConfig = new VcVMwareDVSPortSetting();
var securityPolicy = new VcDVSSecurityPolicy();
// Set security settings
securityPolicy.inherited = false;
securityPolicy.allowPromiscuous = new VcBoolPolicy();
securityPolicy.allowPromiscuous.inherited = false;
securityPolicy.allowPromiscuous.value = true;
securityPolicy.macChanges = new VcBoolPolicy();
securityPolicy.macChanges.inherited = false;
securityPolicy.macChanges.value = true;
securityPolicy.forgedTransmits = new VcBoolPolicy();
securityPolicy.forgedTransmits.inherited = false;
securityPolicy.forgedTransmits.value = true;
// Submit task to reconfigure
defaultPortConfig.securityPolicy = securityPolicy;
spec.defaultPortConfig = defaultPortConfig;
networks[i].reconfigureDVPortgroup_Task(spec);
}
}
}
A similar script should also be posible with powerCli.