0

I am pretty new to Pyvmomi and vsphere automation. I have been trying to automate the user and group creation in vsphere but could not locate the method in Pyvmomi which could help me automate the process of user creation.

I already have a user created in vcenter (abc@xyz.local) This user has administrative privileges Now, I want to create a session with user abc@xyz.local and add new users in Vcenter 'users and groups'. Once the new users are created, I have to add these users to different groups. All these has to be done via automation using python. Is there a way to automate this?

Praseemol
  • 1
  • 2

3 Answers3

0

Unfortunately, the SSO API is all private and unavailable through pyvmomi and the rest of the SDKs.

Kyle Ruddy
  • 1,886
  • 1
  • 7
  • 5
0

As @Kyle Ruddy says, it looks like pyvmomi does not support SSO APIs. However, the golang alternative (govmomi) does. Govmomi also has an a CLI called GOVC which provides a nice wrapper to perform the following (and other things!):

You could look at GOVCs source code and try and figure out the SOAP calls, but I think that would be more trouble than its worth.

If you are open to the idea of launching a bash commands from python then you could do the following:

import subprocess
import os

# Handy function for GOVC and assume GOVC is on your $PATH
def govc_runner(command):
  my_env = os.environ.copy()

  # Admin user will need to perform the commmands
  my_env["GOVC_USERNAME"] = "abc@xyz.local"
  my_env["GOVC_PASSWORD"] = "<ABC_PASSWORD>"
  my_env["GOVC_URL"] = "https://<VCENTER>"
  my_env["GOVC_INSECURE"] = "true"

  process = subprocess.Popen(command, env=my_env, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
  output, error = process.communicate()
  return output, error


# New group and user info
newUserUsername = "praseemol"
newUserPassword = "<PARASEEMOL_PASSWORD>"
newGroup = "prasGroup"

# Creating new group and user
govc_runner("govc sso.group.create " + newGroup)
govc_runner("govc sso.user.create -p '" + newUserPassword + "' '" + newUserUsername + "'")
govc_runner("govc sso.group.update -a " + newUserUsername + " " + newGroup)

# Check if it has worked
output, error = govc_runner("govc sso.user.id " + newUserUsername)
if newGroup in output:
  print("Yay, it worked:\n" + output)
else:
  print("Something went wrong :(")

Hope that helps!

Matthew Frost
  • 578
  • 5
  • 13
0

You can automate shell(vcenter) execution by doing ssh through putty for creation of user in system domain of vcenter and mimic same using paramiko library of python.

Official docs to refer for system domain user creation:

https://docs.vmware.com/en/VMware-vSphere/6.0/com.vmware.vsphere.security.doc/GUID-4FBEA58E-9492-409B-B584-C18477F041D8.html

Commands to be executed on vcenter shell:

/usr/lib/vmware-vmafd/bin/dir-cli user create --account william --first-name william --last-name lam --user-password 'VMware1!'

Refer:https://williamlam.com/2015/05/vcenter-server-6-0-tidbits-part-9-creating-managing-sso-users-using-dir-cli.html

To connect to vcenter using paramiko:

How do you execute multiple commands in a single session in Paramiko? (Python)

Pick the answer by "This".

You can fetch the created user using powercli commands:

Get-VIAccount

While using this be sure to find your created user in system domain.

Get_VIAccount -Domain 'domain_name'

The default domain name is usually like: "vsphere.local" You can also find your domain by using putty to vcenter, enter shell and write,

"sso-config.sh -get_identity_sources"

You will be able to read Sys_Domain: '......'

You can assign role to user using powercli:

Get-VIPermission

If You can automate local user creation, let me know:

https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.vcsa.doc/GUID-533AE852-A1F9-404E-8AC6-5D9FD65464E5.html

Alg_D
  • 2,242
  • 6
  • 31
  • 63
Devarshi Singh
  • 1
  • 4