Automation

 View Only
  • 1.  Secure login to vcenter with powercli

    Posted May 10, 2021 09:33 AM

    Hello,

    I have some powercli scripts to modify VMs and for that, in the beginning of the script I have to login to vcenter with the following commands

     

    $vcenter_server ="10.1.1.2"
    $vcenter_user ="administrator@vsphere.local"
    $vcenter_pwd ="PLAIN_PASSWORD"
    Write-Host("Connecting to vcenter...")
    Connect-VIServer -Server $vcenter_server -User $vcenter_user -Password $vcenter_pwd

    As you can see I have provided the password as a plain text. I am looking for a more secure way so that I can give the scripts to the front-end developers to create their own interface. With this configuration they see the admin password. Any recommendation for that?

     



  • 2.  RE: Secure login to vcenter with powercli
    Best Answer

    Posted May 10, 2021 09:48 AM

    Will you script be running in PS v5.1?

    If yes, you can look at the cmdlets that handle VICrentialStoreItem 

    If you are running PSv7.*, those VICredentailStoreItem cmdlets don't work there.
    You will have to look at other 3th party solutions.
    There are many available.
    An interesting one is the SecretManagement module. It allows extension vaults, which will permit you for example to use the HashiCorp Vault solution.

     



  • 3.  RE: Secure login to vcenter with powercli

    Posted May 10, 2021 11:51 AM

    It is 5.1. Here is what I did:

    1- Create a credential file

    New-VICredentialStoreItem -Host 10.1.1.2 -User "administrator@vsphere.local" -Password 'PLAIN_PASSWORD' -File c:\cred.xml

    The content of the file is

    <?xml version="1.0" encoding="UTF-8"?>

    -<viCredentials>

    <version>2.0</version>


    -<passwordEntry>

    <host>10.1.1.2</host>

    <username>administrator@vsphere.local</username>

    <password>AQAAANCMn.....giL9/phMbbkT/R13kD8Bz9YgKOCOWcDLY=</password>

    </passwordEntry>

    </viCredentials>

    2- Write the following script to modify the notes

    $Name = "deh"
    $NewDate = "Jun 09"

    $vcenter_server ="10.1.1.2"
    $Credentials = Get-VICredentialStoreItem -Host $vcenter_server -File C:\pwd.xml
    Connect-VIServer $vcenter_server -User $Credentials.User -Password $Credentials.Password

    $VMList = Get-VM
    Foreach ($vm in $VMList) {
    if ($vm.Name -match $Name) {
    Set-VM -VM $vm -Note "$NewDate" -Confirm:$false
    Write-Host("Updated " + $vm)
    }
    }

     

     

    However, I get this output

    PS C:\Users\user> C:\Users\user\Desktop\extend.ps1

    Name Port User
    ---- ---- ----
    10.1.1.2 443 VSPHERE.LOCAL\Administrator
    Set-VM : 5/10/2021 4:34:16 PM Set-VM vSphere single sign-on failed for connection
    '/VIServer=vsphere.local\administrator@10.1.1.2:443/' during a previous operation. The current operation requires such
    single sign-on and therefore failed. Future operations which require single sign-on on this connection will fail. The
    underlying cause was available in the error message which initially reported the single sign-on failure.
    At C:\Users\user\Desktop\extend.ps1:11 char:9
    + Set-VM -VM $vm -Note "$NewDate" -Confirm:$false
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [Set-VM], SsoNotAuthenticatedException
    + FullyQualifiedErrorId : VICore_SsoExceptionCausedByEarlierSsoFailure,VMware.VimAutomation.ViCore.Cmdlets.Commands.Set
    VM

     

    In the end, I see the notes has been updated. I wonder what is the error...

     



  • 4.  RE: Secure login to vcenter with powercli

    Posted May 10, 2021 03:34 PM

    Did you check if there might be multiple connections open?
    Check what is n $global:defaultVIServers.

    If there are multiple connections, you can target a specific server by using the Server parameter, which is available on most cmdlets.



  • 5.  RE: Secure login to vcenter with powercli

    Posted May 10, 2021 03:40 PM

    Sorry I didn't understand that. What command should I run to get the number of open connections?



  • 6.  RE: Secure login to vcenter with powercli

    Posted May 10, 2021 03:53 PM

    That variable I mentioned should tell you



  • 7.  RE: Secure login to vcenter with powercli

    Posted May 10, 2021 04:14 PM

    I wrote this

    $Name = "deh"
    $NewDate = "Jun 09"
    $vcenter_server ="10.1.1.2"

    $Credentials = Get-VICredentialStoreItem -Host $vcenter_server -File C:\pwd.xml
    Connect-VIServer $vcenter_server -User $Credentials.User -Password $Credentials.Password
    Write-Host($global:defaultVIServers)
    Write-Host(Get-Date)

    $VMList = Get-VM
    Foreach ($vm in $VMList) {
    if ($vm.Name -match $Name) {
    Set-VM -VM $vm -Note "$NewDate" -Confirm:$false
    Write-Host("Updated " + $vm)
    }
    }

     

    And the output is

    PS C:\Users\user> C:\Users\user\Desktop\extend.ps1

    Name Port User
    ---- ---- ----
    10.1.1.2 443 VSPHERE.LOCAL\Administrator
    10.1.1.2
    5/10/2021 8:41:30 PM
    Set-VM : 5/10/2021 8:41:33 PM Set-VM vSphere single sign-on failed for connection
    '/VIServer=vsphere.local\administrator@10.1.1.2:443/' during a previous operation. The current operation requires such
    single sign-on and therefore failed. Future operations which require single sign-on on this connection will fail. The
    underlying cause was available in the error message which initially reported the single sign-on failure.
    At C:\Users\user\Desktop\extend.ps1:20 char:9
    + Set-VM -VM $vm -Note "$NewDate" -Confirm:$false

     

    The number of connections looks normal. I wonder what is the problem exactly.

     



  • 8.  RE: Secure login to vcenter with powercli

    Posted May 10, 2021 04:19 PM

    Did you stop/start your PS session already?



  • 9.  RE: Secure login to vcenter with powercli

    Posted May 10, 2021 04:36 PM

    Interesting... I closed powershell ISE and open it again and now it is fine.

    Thanks.