Hi Team,
In our application Uses java)use VMWARE API to mount the NFS datastore on the ESXi host. But to do this, we require root permissions of the ESXI. Since having root credentials is violating the security of the system, we would like to create a user with the required permissions which will be sufficient to add the NFS mount on ESXi host.
But not sure how to know the required permissions for mounting the NFS on ESXi host. Any pointers would be helpful.
Thanks In advance,
Anjana
Hi
Storage permissions is in the Datastore group roles.
You should have a default Storage Role Profile in your vCenter.
Check image:
Hope this helps
Hi,
You can create a user(local, or domain) and give them a Storage Profile permissions(done by vCenter profiles/permissions), I think this will fix your issue. For that you need to connect to vCenter first before the API start the tasks.
You can do it also by creating local ESXi users
Check here: https://kb.vmware.com/kb/2082641
Thanks for the reply. I will check on it and see if that works for me.
Hi,
Thanks for the info provided. I followed the steps provided in the below link
and created the new user in the ESXi host and tried to assign the specific permissions mentioned in the below thread "Storage Profile" permissions. Which i could not find. I tried to assign all the existing permissions to the new user (just to try whther the new user works fine). But the NFS mount was failing reporting the
"com.vmware.vim25.PlatformConfigFault" error.
Can you please let us know what could go wrong here? Below are the list of permissions which it is listing for me in the ESXi.
Regards,
Anjana
Hi
Storage permissions is in the Datastore group roles.
You should have a default Storage Role Profile in your vCenter.
Check image:
Hope this helps
Thanks a lot for the help provided. It was working . And now I got what were the specific permissions required for NFS mount. And i can create the local user with those permissions to avoid root.
But looks like this user can be created for only ESxi hots. But not for Vcenter. Am I correct? As Vcenter will have series of ESXi hosts in it. How can the user creation works out there?
Regards,
Anjana
Hi
Local users can be created in the local vCenter. Then use local users with that permissions/profile. Will set for all hosts.
Hi ,
I tried to create the user for vCenter. And i assigned the specific permissions to that user for the respective ESXi host which was added to the vCenter. But when I try to add the ESXi host (which is present in vCenter) in my application (the local user created for vCenter for which added the specific permissions). The vmWare API is throwing an error below which is "Invalid Login".
com.vmware.vim25.InvalidLogin
It looks like the user created for vCenter is not working for ESXi hosts added to the vCenter.
I also tried to login to the ESXi (which is under vCente)with the user which was created for vCenter and the login is failed. What could be the reason here?
Regards,
Anjana
Hi
I think you are a bit confusion about the local users and permissions.
Use a vCenter user to have permissions in a host, you need to connect to vCenter first, then you have rights to the host. You cannot connect directly to a host with that user.
If you want user ESXi users, then you should create users for ESXi
Check here: https://kb.vmware.com/kb/2082641
Hope this helps
Sure. I will look at. Thanks for the help provided.