-
Notifications
You must be signed in to change notification settings - Fork 175
vsphere-iso: Permissions Error #97
Comments
I didn't test that especialy. Basic list of required privileges is the same as for interactive actions in vSphere UI: https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.security.doc/GUID-4D0F8E63-2961-4B71-B365-BBFA24673FDB.html Documenting such a list would be a great contribution |
@bskrtich Currently have 3 roles right now at different levels for the same service account. Probably still needs more work and cleanup (for example, removing some of the redundant perms at multiple levels). The goal was to give only what is necessary. Started at the folder/cluster/datastore/network level, but then had to configure one or more perms above that level when that didn't work. vCenter top-level w/ propagate: vCenter cluster-level w/ propagate: vCenter folder w/ templates, datastore with templates, and dvportgroup level: |
@stacycarter Thank you for the information about your permission set. Since I am not direclty in control of our vsphere, I have escalated our permissions issue. It will take about a week to hear back. |
After a lot of trial and error... it looks like the plugin user requires read only (without propagation) for: Furthermore, it looks like the following permissions are required for any: resource pool, folder, distributed port group, datastore or storage cluster (with propagation): Datastore ->Allocate space With the roles assigned, I was able to successfully run a deployment against the vcenter instance. |
Thank you, @stacycarter and @tsborland! I've updated README and narrowed the list a bit. |
At the moment additional |
For reference, here is detailed list of individual privileges required on virtual machines. Create VM:
Customize hardware:
Boot:
CD-ROM:
Upload Floppy image:
Snapshot:
Template:
|
I have all the permissions (and more), result:
|
I think I might have similar problem, I ditched floppies at the moment though, seems like I don't have floppy support so Packer just destroys the vm (but it is missing permissions?). Also usb hid code injection seems missing, here are my permissions: Datastore Network Resource Virtual machine -> Change Configuration Edit Inventory Interaction Provisioning Snapshot management |
@pentiumoverdrive Solved this by adding |
@pentiumoverdrive were you ever able to get this working? What version of ESXi are you running? |
for a maybe solution for the 403er error, please take a look at hashicorp/packer-plugin-vsphere#57 (comment) :) |
I am trying to use the new vsphere-iso plug-in and I am getting this error
If I use a user that had wide open permissions this issue goes away. Is there a way for me to debug this? Or is there a list of required permissions for the plugin to work?
The text was updated successfully, but these errors were encountered: