|
| 1 | +# Author: William Lam |
| 2 | +# Blog: www.williamlam.com |
| 3 | +# Description: Automating License Key Addition using Lookup Service MOB via PowerShell |
| 4 | +# Reference: https://williamlam.com/2023/02/how-to-automate-adding-a-license-into-vcenter-server-with-custom-label.html |
| 5 | + |
| 6 | +$vc_server = "vcsa.primp-industries.local" |
| 7 | +$vc_username = "[email protected]" |
| 8 | +$vc_password = "VMware1!" |
| 9 | +$license_name = "My Custom License Label" |
| 10 | +$license_key = "FILL-ME-IN" |
| 11 | + |
| 12 | +## DO NOT EDIT BEYOND HERE ## |
| 13 | + |
| 14 | +$mob_url = "https://$vc_server/ls/mob?moid=cis.license.management.SystemManagementService&method=AddLicenses" |
| 15 | + |
| 16 | +$secpasswd = ConvertTo-SecureString $vc_password -AsPlainText -Force |
| 17 | +$credential = New-Object System.Management.Automation.PSCredential($vc_username, $secpasswd) |
| 18 | + |
| 19 | +$Code = @' |
| 20 | +using System; |
| 21 | +using System.Collections.Generic; |
| 22 | +using System.Net.Http; |
| 23 | +using System.Net.Security; |
| 24 | +using System.Security.Cryptography.X509Certificates; |
| 25 | +
|
| 26 | +namespace CertificateCapture |
| 27 | +{ |
| 28 | + public class Utility |
| 29 | + { |
| 30 | + public static Func<HttpRequestMessage,X509Certificate2,X509Chain,SslPolicyErrors,Boolean> ValidationCallback = |
| 31 | + (message, cert, chain, errors) => { |
| 32 | + var newCert = new X509Certificate2(cert); |
| 33 | + var newChain = new X509Chain(); |
| 34 | + newChain.Build(newCert); |
| 35 | + CapturedCertificates.Add(new CapturedCertificate(){ |
| 36 | + Certificate = newCert, |
| 37 | + CertificateChain = newChain, |
| 38 | + PolicyErrors = errors, |
| 39 | + URI = message.RequestUri |
| 40 | + }); |
| 41 | + return true; |
| 42 | + }; |
| 43 | + public static List<CapturedCertificate> CapturedCertificates = new List<CapturedCertificate>(); |
| 44 | + } |
| 45 | +
|
| 46 | + public class CapturedCertificate |
| 47 | + { |
| 48 | + public X509Certificate2 Certificate { get; set; } |
| 49 | + public X509Chain CertificateChain { get; set; } |
| 50 | + public SslPolicyErrors PolicyErrors { get; set; } |
| 51 | + public Uri URI { get; set; } |
| 52 | + } |
| 53 | +} |
| 54 | +'@ |
| 55 | +if ($PSEdition -ne 'Core'){ |
| 56 | + Add-Type -AssemblyName System.Net.Http |
| 57 | + if (-not ("CertificateCapture" -as [type])) { |
| 58 | + Add-Type $Code -ReferencedAssemblies System.Net.Http |
| 59 | + } |
| 60 | +} else { |
| 61 | + if (-not ("CertificateCapture" -as [type])) { |
| 62 | + Add-Type $Code |
| 63 | + } |
| 64 | +} |
| 65 | + |
| 66 | +# Initial login to Lookup Service MOB using GET and store session using $vmware variable |
| 67 | +Write-Host -ForegroundColor Green "Logging into the Lookup Service MOB ..." |
| 68 | +$results = Invoke-WebRequest -Uri $mob_url -SessionVariable vmware -Credential $credential -Method GET -UseBasicParsing |
| 69 | + |
| 70 | +# Extract hidden vmware-session-nonce which must be included in future requests to prevent CSRF error |
| 71 | +# Credit to https://blog.netnerds.net/2013/07/use-powershell-to-keep-a-cookiejar-and-post-to-a-web-form/ for parsing vmware-session-nonce via Powershell |
| 72 | +if($results.StatusCode -eq 200) { |
| 73 | + $null = $results.Content -match 'name="vmware-session-nonce" type="hidden" value="?([^\s^"]+)"' |
| 74 | + $sessionnonce = $matches[1] |
| 75 | +} else { |
| 76 | + $results |
| 77 | + Write-host "Failed to login to Lookup Service MOB" |
| 78 | + exit 1 |
| 79 | +} |
| 80 | + |
| 81 | +$encoded_license_name = [System.Web.HttpUtility]::UrlEncode($license_name) |
| 82 | + |
| 83 | +# The POST data payload must include the vmware-session-nonce varaible + URL-encoded |
| 84 | +$body = @" |
| 85 | +vmware-session-nonce=${sessionnonce}&licenseAddSpecs=%3ClicenseAddSpecs+xmlns%3Axsi%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema-instance%22+xsi%3Atype%3D%22CisLicenseManagementSerialKeyLicenseAddSpec%22%3E%0D%0A++++%3Cname%3E${encoded_license_name}%3C%2Fname%3E%0D%0A++++%3CserialKeys%3E${license_key}%3C%2FserialKeys%3E%0D%0A%3C%2FlicenseAddSpecs%3E |
| 86 | +"@ |
| 87 | + |
| 88 | +# Second request using a POST and specifying our session from initial login + body request |
| 89 | +$results = Invoke-WebRequest -Uri $mob_url -WebSession $vmware -Method POST -Body $body |
| 90 | + |
| 91 | +if($results.StatusCode -eq 200) { |
| 92 | + Write-Host -ForegroundColor green "Successfully added new License key named `"${license_name}`" ..." |
| 93 | +} else { |
| 94 | + Write-Error "Failed to add new vCenter License key named `"${license_name}`" ..." |
| 95 | +} |
| 96 | + |
| 97 | +# Logout out of Lookup Service MOB |
| 98 | +$mob_logout_url = "https://$vc_server/ls/mob/logout" |
| 99 | +Write-Host -ForegroundColor Green "Logging out of the Lookup Service MOB ..." |
| 100 | +$results = Invoke-WebRequest -Uri $mob_logout_url -WebSession $vmware -Method GET -SkipHttpErrorCheck |
0 commit comments