VMware Cloud Community
StuDuncanHPE
Enthusiast
Enthusiast
‎03-21-2022 12:57 PM
Jump to solution

Powercli to set the vcenter login message

Trying to run a script that standardizes as much as possible about a new vcenter.  And by new, I mean 6.7u3.

 

Can't see anything anywhere for how to set up the Login message for vcenter.  ie configured in Administration/SSO/Configuration/Login Message. Not motd for ESXi/ssh/VCSA/etc.

 

The VMware.vSphere.SsoAdmin module doesn't seem to have this feature. So, maybe I'm just dreaming?

 

There's the ssh version from William Lam from 2016, but that seems like too many hoops over doing it manually: https://williamlam.com/2016/03/automating-the-configuration-of-new-logon-banner-for-the-vsphere-web-...

0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
‎03-21-2022 02:26 PM
Jump to solution

The VCSA has the VMware Tools installed.
When you use my Invoke-VmScriptPlus function, and when your PSC is integrated in your VCSA, you can do the following.

Note1: I use the VICredentialStoreItem to get my VCSA credentials, but you could use whatever method you want.

Note2: I tested this on vSphere 7 (I don't have a 6.7 available)

$user = 'root'
$code = @'
cat > /root/banner_text << EOF
Hi, welcome to my lab
EOF
/opt/vmware/bin/sso-config.sh -set_logon_banner /root/banner_text -title 'Click me' -enable_checkbox N
'@

# Find the VCSA VM
$vcsa = Get-VM | where{$_.Guest.HostName -eq $global:defaultVIServer.Name}

# Construct the VCSA credentials
$viCred = Get-VIcredentialstoreItem -Host $global:defaultVIServer.Name -User $user
$cred = New-Object -TypeName PSCredential -ArgumentList $user,(ConvertTo-SecureString -String $viCred.Password -AsPlainText -Force)

# Create and set banner
Invoke-VmScriptPlus -VM $vm -GuestCredential $cred -ScriptText $code -ScriptType bash -GuestOSType Linux

The reason you have to use my Invoke-VMScriptPlus function is because the Invoke-VMScript cmdlet with the ScriptType bash has some limitations.

The result
VCSA-banner.png

 


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
6 Replies
LucD
Leadership
Leadership
‎03-21-2022 02:26 PM
Jump to solution

The VCSA has the VMware Tools installed.
When you use my Invoke-VmScriptPlus function, and when your PSC is integrated in your VCSA, you can do the following.

Note1: I use the VICredentialStoreItem to get my VCSA credentials, but you could use whatever method you want.

Note2: I tested this on vSphere 7 (I don't have a 6.7 available)

$user = 'root'
$code = @'
cat > /root/banner_text << EOF
Hi, welcome to my lab
EOF
/opt/vmware/bin/sso-config.sh -set_logon_banner /root/banner_text -title 'Click me' -enable_checkbox N
'@

# Find the VCSA VM
$vcsa = Get-VM | where{$_.Guest.HostName -eq $global:defaultVIServer.Name}

# Construct the VCSA credentials
$viCred = Get-VIcredentialstoreItem -Host $global:defaultVIServer.Name -User $user
$cred = New-Object -TypeName PSCredential -ArgumentList $user,(ConvertTo-SecureString -String $viCred.Password -AsPlainText -Force)

# Create and set banner
Invoke-VmScriptPlus -VM $vm -GuestCredential $cred -ScriptText $code -ScriptType bash -GuestOSType Linux

The reason you have to use my Invoke-VMScriptPlus function is because the Invoke-VMScript cmdlet with the ScriptType bash has some limitations.

The result
VCSA-banner.png

 


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
StuDuncanHPE
Enthusiast
Enthusiast
‎03-21-2022 02:30 PM
Jump to solution

That's a perfect solution, if incredibly painful for what seems to be a simple thing. 

 

Thank you very much for your help.

0 Kudos
StuDuncanHPE
Enthusiast
Enthusiast
‎03-25-2022 09:21 AM
Jump to solution

So, I ended up doing this slightly differently. My vcenters are on a different, mgmt vcenter. 

$vc = "<new vcenter fqdn>" 
$VCM = "<mgmt vcenter fqdn>"
connect-viserver $VCM -cred $cred 
$vcName = $vc.Split(".")[0]
$code = @'
touch /root/banner_text
echo 'This system is for the use of authorized users only. Blah blah blah.' > /root/banner_text
/opt/vmware/bin/sso-config.sh -set_logon_banner /root/banner_text -title 'Terms and Conditions' -enable_checkbox Y
'@

Invoke-VMScript -vm $vcName -ScriptText $code -GuestUser 'root' -GuestPassword 'Password1!'

0 Kudos
Pernas01
Contributor
Contributor
‎10-17-2023 04:23 AM
Jump to solution

Hi!

I'm trying to get this to work with vCenter 21477706 and the below code using the Invoke-VmScriptPlusv3 PowerShell script;

 

$code = @'
cat > /root/banner_text << EOF
Bla bla bla bla bla text.
EOF
/opt/vmware/bin/sso-config.sh -set_logon_banner /root/banner_text -title 'Detta system tillhör xxxxxxxxx' -enable_checkbox Y
'@

# Create and set banner

$cred = New-Object -TypeName PSCredential -ArgumentList $huser,(ConvertTo-SecureString -String $password -AsPlainText -Force)

Invoke-VmScriptPlus -VM VCSA -GuestCredential $cred -ScriptText $code -ScriptType bash -GuestOSType Linux -SkipCertificateCheck

 

But the result I get is:

 

ScriptSize   : 437
ScriptText   : #!/usr/bin/env bash
               cat > /root/banner_text << EOF
               Bla bla bla bla bla bla.
               EOF
               /opt/vmware/bin/sso-config.sh -set_logon_banner /root/banner_text -title 'Detta system tillhör xxxxxx' -enable_checkbox Y
Start        : 2023-10-17 11:13:22
PidOwner     : root
VM           : VCSA
Finish       : 2023-10-17 11:13:30
GuestOS      : Linux
ScriptOutput : SLF4J: Class path contains multiple SLF4J bindings.
               SLF4J: Found binding in [jar:file:/usr/lib/vmware-sso/vmware-sts/webapps/ROOT/WEB-INF/lib/log4j-slf4j-impl-2.17.1.jar!/org/slf4j/impl/StaticLoggerBinder.class]
               SLF4J: Found binding in [jar:file:/opt/vmware/lib64/log4j-slf4j-impl-2.17.1.jar!/org/slf4j/impl/StaticLoggerBinder.class]
               SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
               SLF4J: Actual binding is of type [org.apache.logging.slf4j.Log4jLoggerFactory]
               ERROR: null
               java.util.NoSuchElementException
               	at java.util.Scanner.throwFor(Scanner.java:862)
               	at java.util.Scanner.next(Scanner.java:1371)
               	at com.vmware.identity.ssoconfig.SsoConfig.set_logon_banner(SsoConfig.java:1637)
               	at com.vmware.identity.ssoconfig.SsoConfig.main(SsoConfig.java:580)
               
Pid          : 11739
OutFiles     : 
ScriptType   : bash
ExitCode     : 1

 

I think I had it working in the past with older vCenter versions though.

Edit, it even worked with plink before like this:

#V-256320,The vCenter Server must display the Standard Mandatory DOD Notice and Consent Banner before login. 
echo Y | .\plink.exe -ssh 192.168.99.100 -l root -pw $password " shell" " echo 'För att få tillgång till detta system krävs tillstånd
från xxxxx.' > /root/banner_text" | out-file $Logfile -append

echo Y | .\plink.exe -ssh 192.168.99.100 -l root -pw $password " shell" " /opt/vmware/bin/sso-config.sh -set_logon_banner /root/banner_text -title 'Detta system tillhör xxxxx' -enable_checkbox Y" | out-file $Logfile -append

Any ideas?

/Per

0 Kudos
LucD
Leadership
Leadership
‎10-17-2023 04:53 AM
Jump to solution

I can't verify right now, but this old StackOverflow thread seems to explain how to find, and exclude the unwanted dependencies.

Start by using mvn dependency:tree to find the dependencies.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Pernas01
Contributor
Contributor
‎10-18-2023 04:06 AM
Jump to solution

Ok thanks I'll try that. I guess this broke after the last LOG4J patches...

0 Kudos