| |

Code Snips – Holodeck NSX Password Expiry

Byjarrad

This code snip is used to set the expiry on NSX accounts to “9999” days to ensure we don’t get any annoying account lockouts. For VCF we cannot just disable password expiry, as it will cause SDDC Manager workflow issues if an empty expiry time is returned from NSX.

This is my first attempt at using PowerShell for automation of REST API commands, so it’s probably pretty messy (but it works).

First we set the expiry for root/admin/audit accounts on the management cluster, then we query for each edge node ID and apply the same.

# Script to set NSX Expiry

# Set Holodeck NSX Mgr
$HostName = "nsx-mgmt.vcf.sddc.lab"
$username = "admin"
$upassword = "VMware123!VMware123!"


# Prepare REST headers/auth
$auth = $username + ':' + $upassword
$Encoded = [System.Text.Encoding]::UTF8.GetBytes($auth)
$authorizationInfo = [System.Convert]::ToBase64String($Encoded)
$contentType = "application/json"
$headers = @{"Authorization"="Basic $($authorizationInfo)"}


# Prepare REST body for password expiry extension
$body = "{`"password_change_frequency`" : 9999}"

# Set Root User
Invoke-WebRequest -Uri "https://$($HostName)/api/v1/node/users/0" -Method PUT -Headers $headers -Body $body -ContentType $contentType
# Set Admin User
Invoke-WebRequest -Uri "https://$($HostName)/api/v1/node/users/10000" -Method PUT -Headers $headers -Body $body -ContentType $contentType
# Set Audit User
Invoke-WebRequest -Uri "https://$($HostName)/api/v1/node/users/10002" -Method PUT -Headers $headers -Body $body -ContentType $contentType


# Get List of Transport Node IDs, and filter for hostname edge*
$tnList = Invoke-RestMethod -Uri "https://$($HostName)/api/v1/transport-nodes/" -Method GET -Headers $headers -ContentType $contentType
$edgeNodes = $tnlist.results | Where-Object -Property "display_name" -like "edge*" | Select-Object "node_id"

#Set Password Policy for each user on each edge node
foreach($node_id in $edgeNodes){

# Set Root User
Invoke-WebRequest -Uri "https://$($HostName)/api/v1/transport-nodes/$($node_id.node_id)/node/users/0" -Method PUT -Headers $headers -Body $body -ContentType $contentType
# Set Admin User
Invoke-WebRequest -Uri "https://$($HostName)/api/v1/transport-nodes/$($node_id.node_id)/node/users/10000" -Method PUT -Headers $headers -Body $body -ContentType $contentType
# Set Audit User
Invoke-WebRequest -Uri "https://$($HostName)/api/v1/transport-nodes/$($node_id.node_id)/node/users/10002" -Method PUT -Headers $headers -Body $body -ContentType $contentType

}

Similar Posts

| |

NSX – Extending Segments with L2VPN

Byjarrad

The L2VPN functionality of VMware NSX can be used to extend your software defined network segments into remote datacenters or your cloud provider tenancy. This provides an excellent solution for migrating your workloads without requiring IP address changes. This post will go through a sample configuration to configure an L2VPN and extend an NSX Overlay…

|

What Is Holodeck?

Byjarrad

My posts mention Holodeck a lot, if you’ve been living under a rock and haven’t come across this yet, it provides a mostly automated method to deploy a fully functional VMware Cloud Foundation (VCF) lab with reduced hardware. You can deploy a full nested VCF stack on a single (beefy) host, which make it much…