Hi,
I've been searching for a while but I haven't yet come across a way to automate creation of vCenter accounts.
We manage 10-15 vCenters and the user creation process is incredibly time consuming (i.e. if a new admin starts and needs access to all VC's).
Has anyone been able to automate this?
Thanks,
David
It's a bit more complicated than the simple example I gave.
With a 'regular' SSH session there is no TTY connected to your session, hence the problem of entering the 'shell' command.
You can force a TTY by opening a shell stream.
$user = 'root'
$pswd = 'VMware1!'
$secPswd = ConvertTo-SecureString $pswd -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ($user, $secPswd)
$newUser = 'lucd'
$newPswd = 'VMware1!'
$newFirst = 'Luc'
$newLast = 'D'
$createUser = @'
/usr/lib/vmware-vmafd/bin/dir-cli user create --account $newUser --first-name $newFirst --last-name $newLast --user-password '$newPswd' --password '$pswd'
'@
$createUser = $ExecutionContext.InvokeCommand.ExpandString($createUser)
$session = New-SSHSession -ComputerName $vcsa -Credential $cred –AcceptKey
$stream = New-SSHShellStream -SSHSession $session -TerminalName tty
$stream.WriteLine('shell')
while ($stream.Length -ne 0)
{
$stream.Read()
}
$stream.WriteLine($createUser)
while ($stream.Read() -notmatch 'created successfully')
{
sleep 2
}
while ($stream.Length -ne 0)
{
$stream.Read()
}
$stream.Close()
Remove-SSHSession -SSHSession $session | Out-Null
---------------------------------------------------------------------------------------------------------
Was it helpful? Let us know by completing this short survey here.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I assume you mean accounts in the SSO domain?
If yes, afaik there are no public API to do this. And no PowerCLI cmdlets.
The closest I have come is to use the dir-cli command.
See https://communities.vmware.com/message/2696400#2696400, which includes a link to Wiliam's post on dir-cli.
And use a SSH session to the PSC (or VCSA if the PSC is embedded) to run the dir-cli command.
On the SSH subject, see Use Posh-SSH instead of PuTTY
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hi,
Yeah I mean SSO users.
I'll have a look at those links, thanks.
So those articles have got me down the right path, but I'm stuck...
When I use Posh-SSH to connect to the VCSA, I can't find a way to enter the "shell" command followed by the dir-cli user create command.
It's a bit more complicated than the simple example I gave.
With a 'regular' SSH session there is no TTY connected to your session, hence the problem of entering the 'shell' command.
You can force a TTY by opening a shell stream.
$user = 'root'
$pswd = 'VMware1!'
$secPswd = ConvertTo-SecureString $pswd -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ($user, $secPswd)
$newUser = 'lucd'
$newPswd = 'VMware1!'
$newFirst = 'Luc'
$newLast = 'D'
$createUser = @'
/usr/lib/vmware-vmafd/bin/dir-cli user create --account $newUser --first-name $newFirst --last-name $newLast --user-password '$newPswd' --password '$pswd'
'@
$createUser = $ExecutionContext.InvokeCommand.ExpandString($createUser)
$session = New-SSHSession -ComputerName $vcsa -Credential $cred –AcceptKey
$stream = New-SSHShellStream -SSHSession $session -TerminalName tty
$stream.WriteLine('shell')
while ($stream.Length -ne 0)
{
$stream.Read()
}
$stream.WriteLine($createUser)
while ($stream.Read() -notmatch 'created successfully')
{
sleep 2
}
while ($stream.Length -ne 0)
{
$stream.Read()
}
$stream.Close()
Remove-SSHSession -SSHSession $session | Out-Null
---------------------------------------------------------------------------------------------------------
Was it helpful? Let us know by completing this short survey here.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I'll add a new post on this in my Dives section on my blog.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hi Lucd,
Big thanks for that - with some tweaking I've come up with something that saves us a lot of time.
I thought it would be possible through PowerCLI but this is definitely workable.
Thanks,
David