VMware Cloud Community
d_cannon89
Contributor
Contributor
‎07-26-2019 05:33 AM
Jump to solution

Script to Create vCenter Accounts

Hi,

I've been searching for a while but I haven't yet come across a way to automate creation of vCenter accounts.

We manage 10-15 vCenters and the user creation process is incredibly time consuming (i.e. if a new admin starts and needs access to all VC's).

Has anyone been able to automate this?

Thanks,

David

0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
‎07-26-2019 10:43 AM
Jump to solution

It's a bit more complicated than the simple example I gave.

With a 'regular' SSH session there is no TTY connected to your session, hence the problem of entering the 'shell' command.

You can force a TTY by opening a shell stream.

$vcsa = 'vcsa.domain'

$user = 'root'

$pswd = 'VMware1!'


$secPswd = ConvertTo-SecureString $pswd -AsPlainText -Force

$cred = New-Object System.Management.Automation.PSCredential ($user, $secPswd)


$newUser = 'lucd'

$newPswd = 'VMware1!'

$newFirst = 'Luc'

$newLast = 'D'


$createUser = @'

/usr/lib/vmware-vmafd/bin/dir-cli user create --account $newUser --first-name $newFirst --last-name $newLast --user-password '$newPswd' --password '$pswd'

'@


$createUser = $ExecutionContext.InvokeCommand.ExpandString($createUser)


$session = New-SSHSession -ComputerName $vcsa -Credential $cred –AcceptKey

$stream = New-SSHShellStream -SSHSession $session -TerminalName tty

$stream.WriteLine('shell')

while ($stream.Length -ne 0)

{

   $stream.Read()

}


$stream.WriteLine($createUser)

while ($stream.Read() -notmatch 'created successfully')

{

  sleep 2

}

while ($stream.Length -ne 0)

{

   $stream.Read()

}

$stream.Close()

Remove-SSHSession -SSHSession $session | Out-Null

---------------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
6 Replies
LucD
Leadership
Leadership
‎07-26-2019 06:09 AM
Jump to solution

I assume you mean accounts in the SSO domain?
If yes, afaik there are no public API to do this. And no PowerCLI cmdlets.

The closest I have come is to use the dir-cli command.

See https://communities.vmware.com/message/2696400#2696400, which includes a link to Wiliam's post on dir-cli.

And use a SSH session to the PSC (or VCSA if the PSC is embedded) to run the dir-cli command.

On the SSH subject, see Use Posh-SSH instead of PuTTY


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
d_cannon89
Contributor
Contributor
‎07-26-2019 06:25 AM
Jump to solution

Hi,

Yeah I mean SSO users.

I'll have a look at those links, thanks.

0 Kudos
d_cannon89
Contributor
Contributor
‎07-26-2019 08:19 AM
Jump to solution

So those articles have got me down the right path, but I'm stuck...

When I use Posh-SSH to connect to the VCSA, I can't find a way to enter the "shell" command followed by the dir-cli user create command.

0 Kudos
LucD
Leadership
Leadership
‎07-26-2019 10:43 AM
Jump to solution

It's a bit more complicated than the simple example I gave.

With a 'regular' SSH session there is no TTY connected to your session, hence the problem of entering the 'shell' command.

You can force a TTY by opening a shell stream.

$vcsa = 'vcsa.domain'

$user = 'root'

$pswd = 'VMware1!'


$secPswd = ConvertTo-SecureString $pswd -AsPlainText -Force

$cred = New-Object System.Management.Automation.PSCredential ($user, $secPswd)


$newUser = 'lucd'

$newPswd = 'VMware1!'

$newFirst = 'Luc'

$newLast = 'D'


$createUser = @'

/usr/lib/vmware-vmafd/bin/dir-cli user create --account $newUser --first-name $newFirst --last-name $newLast --user-password '$newPswd' --password '$pswd'

'@


$createUser = $ExecutionContext.InvokeCommand.ExpandString($createUser)


$session = New-SSHSession -ComputerName $vcsa -Credential $cred –AcceptKey

$stream = New-SSHShellStream -SSHSession $session -TerminalName tty

$stream.WriteLine('shell')

while ($stream.Length -ne 0)

{

   $stream.Read()

}


$stream.WriteLine($createUser)

while ($stream.Read() -notmatch 'created successfully')

{

  sleep 2

}

while ($stream.Length -ne 0)

{

   $stream.Read()

}

$stream.Close()

Remove-SSHSession -SSHSession $session | Out-Null

---------------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
LucD
Leadership
Leadership
‎07-26-2019 10:44 AM
Jump to solution

I'll add a new post on this in my Dives section on my blog.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
d_cannon89
Contributor
Contributor
‎07-30-2019 05:01 AM
Jump to solution

Hi Lucd,

Big thanks for that - with some tweaking I've come up with something that saves us a lot of time.

I thought it would be possible through PowerCLI but this is definitely workable.

Thanks,

David

0 Kudos