Trying to run a script that standardizes as much as possible about a new vcenter. And by new, I mean 6.7u3.
Can't see anything anywhere for how to set up the Login message for vcenter. ie configured in Administration/SSO/Configuration/Login Message. Not motd for ESXi/ssh/VCSA/etc.
The VMware.vSphere.SsoAdmin module doesn't seem to have this feature. So, maybe I'm just dreaming?
There's the ssh version from William Lam from 2016, but that seems like too many hoops over doing it manually: https://williamlam.com/2016/03/automating-the-configuration-of-new-logon-banner-for-the-vsphere-web-...
The VCSA has the VMware Tools installed.
When you use my Invoke-VmScriptPlus function, and when your PSC is integrated in your VCSA, you can do the following.
Note1: I use the VICredentialStoreItem to get my VCSA credentials, but you could use whatever method you want.
Note2: I tested this on vSphere 7 (I don't have a 6.7 available)
$user = 'root'
$code = @'
cat > /root/banner_text << EOF
Hi, welcome to my lab
EOF
/opt/vmware/bin/sso-config.sh -set_logon_banner /root/banner_text -title 'Click me' -enable_checkbox N
'@
# Find the VCSA VM
$vcsa = Get-VM | where{$_.Guest.HostName -eq $global:defaultVIServer.Name}
# Construct the VCSA credentials
$viCred = Get-VIcredentialstoreItem -Host $global:defaultVIServer.Name -User $user
$cred = New-Object -TypeName PSCredential -ArgumentList $user,(ConvertTo-SecureString -String $viCred.Password -AsPlainText -Force)
# Create and set banner
Invoke-VmScriptPlus -VM $vm -GuestCredential $cred -ScriptText $code -ScriptType bash -GuestOSType Linux
The reason you have to use my Invoke-VMScriptPlus function is because the Invoke-VMScript cmdlet with the ScriptType bash has some limitations.
The result
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
The VCSA has the VMware Tools installed.
When you use my Invoke-VmScriptPlus function, and when your PSC is integrated in your VCSA, you can do the following.
Note1: I use the VICredentialStoreItem to get my VCSA credentials, but you could use whatever method you want.
Note2: I tested this on vSphere 7 (I don't have a 6.7 available)
$user = 'root'
$code = @'
cat > /root/banner_text << EOF
Hi, welcome to my lab
EOF
/opt/vmware/bin/sso-config.sh -set_logon_banner /root/banner_text -title 'Click me' -enable_checkbox N
'@
# Find the VCSA VM
$vcsa = Get-VM | where{$_.Guest.HostName -eq $global:defaultVIServer.Name}
# Construct the VCSA credentials
$viCred = Get-VIcredentialstoreItem -Host $global:defaultVIServer.Name -User $user
$cred = New-Object -TypeName PSCredential -ArgumentList $user,(ConvertTo-SecureString -String $viCred.Password -AsPlainText -Force)
# Create and set banner
Invoke-VmScriptPlus -VM $vm -GuestCredential $cred -ScriptText $code -ScriptType bash -GuestOSType Linux
The reason you have to use my Invoke-VMScriptPlus function is because the Invoke-VMScript cmdlet with the ScriptType bash has some limitations.
The result
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
That's a perfect solution, if incredibly painful for what seems to be a simple thing.
Thank you very much for your help.
So, I ended up doing this slightly differently. My vcenters are on a different, mgmt vcenter.
$vc = "<new vcenter fqdn>"
$VCM = "<mgmt vcenter fqdn>"
connect-viserver $VCM -cred $cred
$vcName = $vc.Split(".")[0]
$code = @'
touch /root/banner_text
echo 'This system is for the use of authorized users only. Blah blah blah.' > /root/banner_text
/opt/vmware/bin/sso-config.sh -set_logon_banner /root/banner_text -title 'Terms and Conditions' -enable_checkbox Y
'@
Invoke-VMScript -vm $vcName -ScriptText $code -GuestUser 'root' -GuestPassword 'Password1!'
Hi!
I'm trying to get this to work with vCenter 21477706 and the below code using the Invoke-VmScriptPlusv3 PowerShell script;
$code = @'
cat > /root/banner_text << EOF
Bla bla bla bla bla text.
EOF
/opt/vmware/bin/sso-config.sh -set_logon_banner /root/banner_text -title 'Detta system tillhör xxxxxxxxx' -enable_checkbox Y
'@
# Create and set banner
$cred = New-Object -TypeName PSCredential -ArgumentList $huser,(ConvertTo-SecureString -String $password -AsPlainText -Force)
Invoke-VmScriptPlus -VM VCSA -GuestCredential $cred -ScriptText $code -ScriptType bash -GuestOSType Linux -SkipCertificateCheck
But the result I get is:
ScriptSize : 437
ScriptText : #!/usr/bin/env bash
cat > /root/banner_text << EOF
Bla bla bla bla bla bla.
EOF
/opt/vmware/bin/sso-config.sh -set_logon_banner /root/banner_text -title 'Detta system tillhör xxxxxx' -enable_checkbox Y
Start : 2023-10-17 11:13:22
PidOwner : root
VM : VCSA
Finish : 2023-10-17 11:13:30
GuestOS : Linux
ScriptOutput : SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in [jar:file:/usr/lib/vmware-sso/vmware-sts/webapps/ROOT/WEB-INF/lib/log4j-slf4j-impl-2.17.1.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/opt/vmware/lib64/log4j-slf4j-impl-2.17.1.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J: Actual binding is of type [org.apache.logging.slf4j.Log4jLoggerFactory]
ERROR: null
java.util.NoSuchElementException
at java.util.Scanner.throwFor(Scanner.java:862)
at java.util.Scanner.next(Scanner.java:1371)
at com.vmware.identity.ssoconfig.SsoConfig.set_logon_banner(SsoConfig.java:1637)
at com.vmware.identity.ssoconfig.SsoConfig.main(SsoConfig.java:580)
Pid : 11739
OutFiles :
ScriptType : bash
ExitCode : 1
I think I had it working in the past with older vCenter versions though.
Edit, it even worked with plink before like this:
#V-256320,The vCenter Server must display the Standard Mandatory DOD Notice and Consent Banner before login.
echo Y | .\plink.exe -ssh 192.168.99.100 -l root -pw $password " shell" " echo 'För att få tillgång till detta system krävs tillstånd
från xxxxx.' > /root/banner_text" | out-file $Logfile -append
echo Y | .\plink.exe -ssh 192.168.99.100 -l root -pw $password " shell" " /opt/vmware/bin/sso-config.sh -set_logon_banner /root/banner_text -title 'Detta system tillhör xxxxx' -enable_checkbox Y" | out-file $Logfile -append
Any ideas?
/Per
I can't verify right now, but this old StackOverflow thread seems to explain how to find, and exclude the unwanted dependencies.
Start by using mvn dependency:tree to find the dependencies.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Ok thanks I'll try that. I guess this broke after the last LOG4J patches...