The much anticipated release of vSphere 6.5 Update 1 just GA'ed late last week and like many in the community, I also went ahead and upgraded my home lab to this latest release. vSphere 6.5 Update 1 contains a ton of fixes as well as several new capabilities which you can read all about in the release notes here and here.
One neat little trick I take advantage of in my lab environments when deploying the vCenter Server Appliance (VCSA) is actually pre-filling out the credentials for the vSphere Client UI (not recommended for production environments of course) which I had blogged about here a few years back. Sine I have many different environments for different scenarios, I find myself being lazy and having to type in the credentials to each one of these environments. Instead, I can pre-fill either the username and/or password (which I will stress again, not recommended for production) within the vSphere Client Login UI page which is simply just using HTML.
After making the necessary changes to my VCSA 6.5u1 system, I needed to reboot my ESXi host and when everything came back up, I was surprised to find my changes to the vSphere Client Login UI had disappeared. It took me awhile to figure out why the changes were not persisting across reboots. There seems to be a change in behavior compared to prior releases of the VCSA (6.0 & 6.5) on when this capability was actually possible.
After a bit of investigation and some trial/error, I found that these files are now being extracted from a source WAR file and though the modifications to the files take affect immediately as you are editing the runtime files, they will not persist as they are loading the original files after a reboot. For the vSphere Client Login UI files, I had tracked it down to /usr/lib/vmware-sso/vmware-sts/webapps/websso.war This also affects anyone who has customized their vSphere Client Login UI with their own custom background and text which I have written about here and here. For details on how to persist your configuration changes, see the instructions below. I suspect this was probably the original intended behavior as its quite normal to deliver packages contained within a WAR/JAR file for storage optimization and then only extract them upon runtime.
The good news is there is a work around, but I do want to stress that this is NOT an officially supported capability so though it has worked in the past and it seems to continue to work, its behavior can change in the future. If this is something you believe is useful for your organization, I highly recommend you provide that feedback to your VMware Account team so they can relay that back to vSphere Client Product Manager.
Step 1 - Lets first take a backup of the original websso.war file so you can easily revert back in case you run into any issues. To do so, login to VCSA via SSH and run the following command:
cp /usr/lib/vmware-sso/vmware-sts/webapps/websso.war /usr/lib/vmware-sso/vmware-sts/webapps/websso.war.bak
Step 2 - We are now going to create a temporary directory that we will use to store the websso.war file and we will also copy over it over using the following two commands:
mkdir /root/websso
cp /usr/lib/vmware-sso/vmware-sts/webapps/websso.war /root/websso/
Step 3 - We are now going to change into our /root/websso directory and extract the contents of the war file so we can make our modifications. To do so, run the following three commands:
cd /root/websso
unzip websso.war
rm websso.war
Step 3 - If you wish to pre-fill the credentials when logging into the vSphere Client (Flex/H5), go ahead and update WEB-INF/views/unpentry.jsp as outlined in this blog article here. Another neat trick that a fellow reader shared a few months back is if you wish to make the login button active so you do not have to click into the box or hit tab, you can add enableLoginButton(); to L88 in resources/js/websso.js
Step 4 - Once you have completed and saved all of your changes, we now need to re-generate the websso.war file so we can replace it with our modified version. To do so, run the following command:
zip -r /root/websso.war META-INF/ resources/ WEB-INF/
If the command was successful, we should have our new websso.war located in /root.
Step 5 - Now we just need to update the system with our modified websso.war by simply copying it back to the original location by running the following command:
cp /root/websso.war /usr/lib/vmware-sso/vmware-sts/webapps/websso.war
Finally, to verify that that our changes will go into effect, we can simply issue a reboot to our VCSA and we should see that any customization changes made to the vSphere Client Login UI will now persist after a system restart.
Hi Will, thx for reporting ! Nice trick ... I did update our test & qa environment and what I noticed is the following, which I already told our TAM :
1) VAMI : password expiration for root was set to "disabled" at 6.5. After updating to 6.5 Update 1, this setting has been reverted.
2) VC TLS settings : we disabled 1.0 + 1.1 at 6.5. After the update, SSL / TLS for vami-lighttp have been reverted to detault.
Best regards
Martin
Thank you so much!! Do you have that also for vCenter 6.7?
See https://www.williamlam.com/2018/05/changes-to-vsphere-client-login-ui-customizations-in-vsphere-6-7.html