Hello,
I have some powercli scripts to modify VMs and for that, in the beginning of the script I have to login to vcenter with the following commands
$vcenter_server ="10.1.1.2"
$vcenter_user ="administrator@vsphere.local"
$vcenter_pwd ="PLAIN_PASSWORD"
Write-Host("Connecting to vcenter...")
Connect-VIServer -Server $vcenter_server -User $vcenter_user -Password $vcenter_pwd
As you can see I have provided the password as a plain text. I am looking for a more secure way so that I can give the scripts to the front-end developers to create their own interface. With this configuration they see the admin password. Any recommendation for that?
Will you script be running in PS v5.1?
If yes, you can look at the cmdlets that handle VICrentialStoreItem
If you are running PSv7.*, those VICredentailStoreItem cmdlets don't work there.
You will have to look at other 3th party solutions.
There are many available.
An interesting one is the SecretManagement module. It allows extension vaults, which will permit you for example to use the HashiCorp Vault solution.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Will you script be running in PS v5.1?
If yes, you can look at the cmdlets that handle VICrentialStoreItem
If you are running PSv7.*, those VICredentailStoreItem cmdlets don't work there.
You will have to look at other 3th party solutions.
There are many available.
An interesting one is the SecretManagement module. It allows extension vaults, which will permit you for example to use the HashiCorp Vault solution.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
It is 5.1. Here is what I did:
1- Create a credential file
New-VICredentialStoreItem -Host 10.1.1.2 -User "administrator@vsphere.local" -Password 'PLAIN_PASSWORD' -File c:\cred.xml
The content of the file is
<?xml version="1.0" encoding="UTF-8"?>
-<viCredentials>
<version>2.0</version>
-<passwordEntry>
<host>10.1.1.2</host>
<username>administrator@vsphere.local</username>
<password>AQAAANCMn.....giL9/phMbbkT/R13kD8Bz9YgKOCOWcDLY=</password>
</passwordEntry>
</viCredentials>
2- Write the following script to modify the notes
$Name = "deh"
$NewDate = "Jun 09"
$vcenter_server ="10.1.1.2"
$Credentials = Get-VICredentialStoreItem -Host $vcenter_server -File C:\pwd.xml
Connect-VIServer $vcenter_server -User $Credentials.User -Password $Credentials.Password
$VMList = Get-VM
Foreach ($vm in $VMList) {
if ($vm.Name -match $Name) {
Set-VM -VM $vm -Note "$NewDate" -Confirm:$false
Write-Host("Updated " + $vm)
}
}
However, I get this output
PS C:\Users\user> C:\Users\user\Desktop\extend.ps1
Name Port User
---- ---- ----
10.1.1.2 443 VSPHERE.LOCAL\Administrator
Set-VM : 5/10/2021 4:34:16 PM Set-VM vSphere single sign-on failed for connection
'/VIServer=vsphere.local\administrator@10.1.1.2:443/' during a previous operation. The current operation requires such
single sign-on and therefore failed. Future operations which require single sign-on on this connection will fail. The
underlying cause was available in the error message which initially reported the single sign-on failure.
At C:\Users\user\Desktop\extend.ps1:11 char:9
+ Set-VM -VM $vm -Note "$NewDate" -Confirm:$false
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Set-VM], SsoNotAuthenticatedException
+ FullyQualifiedErrorId : VICore_SsoExceptionCausedByEarlierSsoFailure,VMware.VimAutomation.ViCore.Cmdlets.Commands.Set
VM
In the end, I see the notes has been updated. I wonder what is the error...
Did you check if there might be multiple connections open?
Check what is n $global:defaultVIServers.
If there are multiple connections, you can target a specific server by using the Server parameter, which is available on most cmdlets.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Sorry I didn't understand that. What command should I run to get the number of open connections?
That variable I mentioned should tell you
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I wrote this
$Name = "deh"
$NewDate = "Jun 09"
$vcenter_server ="10.1.1.2"
$Credentials = Get-VICredentialStoreItem -Host $vcenter_server -File C:\pwd.xml
Connect-VIServer $vcenter_server -User $Credentials.User -Password $Credentials.Password
Write-Host($global:defaultVIServers)
Write-Host(Get-Date)
$VMList = Get-VM
Foreach ($vm in $VMList) {
if ($vm.Name -match $Name) {
Set-VM -VM $vm -Note "$NewDate" -Confirm:$false
Write-Host("Updated " + $vm)
}
}
And the output is
PS C:\Users\user> C:\Users\user\Desktop\extend.ps1
Name Port User
---- ---- ----
10.1.1.2 443 VSPHERE.LOCAL\Administrator
10.1.1.2
5/10/2021 8:41:30 PM
Set-VM : 5/10/2021 8:41:33 PM Set-VM vSphere single sign-on failed for connection
'/VIServer=vsphere.local\administrator@10.1.1.2:443/' during a previous operation. The current operation requires such
single sign-on and therefore failed. Future operations which require single sign-on on this connection will fail. The
underlying cause was available in the error message which initially reported the single sign-on failure.
At C:\Users\user\Desktop\extend.ps1:20 char:9
+ Set-VM -VM $vm -Note "$NewDate" -Confirm:$false
The number of connections looks normal. I wonder what is the problem exactly.
Did you stop/start your PS session already?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Interesting... I closed powershell ISE and open it again and now it is fine.
Thanks.