-
Notifications
You must be signed in to change notification settings - Fork 765
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make login optional #158
Comments
We may get official SSO support at some point. Unofficial SSO is one of the first features we want in the pyvmomi-tools project that is yet to be released on pypi. There is a fuzzy line between whether certain features should go in the core official library or in the less official tools library. I will look into nearer term using LoginExtensionByCertificate and see how quickly we can turn something like that around. As always, any help is appreciated. Please coordinate with other developers before extending a large effort just to avoid duplication of work. Edit:By the way, naturally... if you authenticate with username and password from an administrator console script to call vim.ExtensionManager.setCertificate and set a certificate you can then later turn around and place that certificate in a location that your script can use LoginExtensionByCertificate. I think this is complex enough we might want a sample and a tool to do this with. I've assigned myself so I won't forget to get someone to do this. |
This is not SSO-related, and also we don't have a username/password at any point. We log in without calling setCertificate. If you're interested, we use the method described here: http://pubs.vmware.com/vsphere-50/topic/com.vmware.ICbase/PDF/vsphere-ext-solutions-50.pdf page 82, "Provide a Script in the Extension Virtual Machine to Register as a vCenter Extension". About coordinating efforts - we're working to wrap pyvmomi with an interface similar to pyvisdk (https://github.com/infinidat/pyvisdk), which is more object-oriented (provides a class that lets you retrieve vms, hosts, folders, etc. and other convenience wrappers). Most of the work is already done, but we haven't released our code yet. |
HI wiggin15 |
Hi @wz200210. We're using infi.pyvmomi_wrapper (https://github.com/Infinidat/infi.pyvmomi_wrapper). We implemented a replacement for
or like this:
See the documentation in the link above for what you can do with I hope that in the future, the implementation of Connect will not require username and password in this repository, so we won't have to have separate implementations. |
@wiggin15 , thanks very much!!! how to use login_extension_by_certificate()in class client?how to get extension key? |
@wz200210, there's a link to a pdf file in my comment above with the page discussing how to log in with a certificate. It's not simple - you need to have an appliance (ova) installed on the vcenter and parse a file inside it, and then send an HTTP post request with an extension key, a token and a generated certificate. The details are in the document. |
@wiggin15 OK~i will try it out。 Can a VM with unbuntu system convert to an OVA? or it must be an VMWARE official extension service OVA? thanks again! |
AFAIK you can't convert a VM to an ova - you have to create the ova through VMWare Studio. |
We're trying to develop an extension using pyvmomi, and extensions don't log in using username and password, but use the LoginExtensionByCertificate API. However, when we call Connect or SmartConnect, we must provide a username and password for log in...
It would be great if the
__Login
function was called from Connect only ifuser
andpwd
were provided, so that it would be optional instead of mandatory.This way we can create a Connection class and then call the API on our own:
service_instance.content.sessionManager.LoginExtensionByCertificate
The text was updated successfully, but these errors were encountered: