search

CenturyLinkCloud / chef-provisioning-vsphere

A chef-provisioning provisioner for VMware vSphere
MIT License
66 stars 57 forks source link

Permissions on vSphere - find_datacenter? #34

Open kpettijohn opened 8 years ago

kpettijohn commented 8 years ago

This might be more of a question than an issue but I seem to be fighting with some permission issues. I am attempting to use the vsphere driver with test-kitchen and but I am getting the following error.

creating machine kitchen-6a09bec0 on vsphere://vcenter.my-vcenter.com/sdk?use_ssl=true&insecure=true
  use_linked_clone: true
  datacenter: "Portland"
  datastore: "esx-p01:VM1 & ISO (POR)"
  host: "esx-p01.my-vcenter.com"
  template_name: "tk-ubuntu-1404"
  num_cpus: 2
  network_name: ["VM Traffic"]
  memory_mb: 4096
  resource_pool: "/Portland/host/esx-p01.my-vcenter.com/Resources/VMSetup (POR)"
  ssh: {:user=>"opsadmin", :paranoid=>false, :password=>"my_pass", :port=>22}
establishing connection to vcenter.my-vcenter.com
>>>>>> ------Exception-------
>>>>>> Class: Kitchen::ActionFailed
>>>>>> Message: Failed to complete #create action: [NoPermission: Permission to perform this operation was denied.]
>>>>>> ----------------------
>>>>>> Please see .kitchen/logs/kitchen.log for more details
>>>>>> Also try running `kitchen diagnose --all` for configuration

D      ------Exception-------
D      Class: Kitchen::ActionFailed
D      Message: Failed to complete #create action: [NoPermission: Permission to perform this operation was denied.]
D      ---Nested Exception---
D      Class: RbVmomi::Fault
D      Message: NoPermission: Permission to perform this operation was denied.
D      ------Backtrace-------
D      /Users/kpettijohn/.gems/ruby/2.0.0/gems/rbvmomi-1.8.2/lib/rbvmomi/connection.rb:61:in `parse_response'
D      /Users/kpettijohn/.gems/ruby/2.0.0/gems/rbvmomi-1.8.2/lib/rbvmomi/connection.rb:90:in `call'
D      /Users/kpettijohn/.gems/ruby/2.0.0/gems/rbvmomi-1.8.2/lib/rbvmomi/basic_types.rb:205:in `_call'
D      /Users/kpettijohn/.gems/ruby/2.0.0/gems/rbvmomi-1.8.2/lib/rbvmomi/basic_types.rb:74:in `block (2 levels) in init'
D      /Users/kpettijohn/.gems/ruby/2.0.0/gems/rbvmomi-1.8.2/lib/rbvmomi/vim/Folder.rb:7:in `find'
D      /Users/kpettijohn/.gems/ruby/2.0.0/gems/rbvmomi-1.8.2/lib/rbvmomi/vim/Folder.rb:93:in `traverse'
D      /Users/kpettijohn/.gems/ruby/2.0.0/gems/rbvmomi-1.8.2/lib/rbvmomi/vim/ServiceInstance.rb:8:in `find_datacenter'
D      /Users/kpettijohn/.gems/ruby/2.0.0/gems/chef-provisioning-vsphere-0.8.1/lib/chef/provisioning/vsphere_driver/vsphere_helpers.rb:84:in `datacenter'
D      /Users/kpettijohn/.gems/ruby/2.0.0/gems/chef-provisioning-vsphere-0.8.1/lib/chef/provisioning/vsphere_driver/vsphere_helpers.rb:73:in `find_folder'
D      /Users/kpettijohn/.gems/ruby/2.0.0/gems/chef-provisioning-vsphere-0.8.1/lib/chef/provisioning/vsphere_driver/vsphere_helpers.rb:38:in `find_vm'
D      /Users/kpettijohn/.gems/ruby/2.0.0/gems/chef-provisioning-vsphere-0.8.1/lib/chef/provisioning/vsphere_driver/driver.rb:166:in `find_or_create_vm'
D      /Users/kpettijohn/.gems/ruby/2.0.0/gems/chef-provisioning-vsphere-0.8.1/lib/chef/provisioning/vsphere_driver/driver.rb:135:in `allocate_machine'
D      /Users/kpettijohn/.gems/ruby/2.0.0/gems/chef-provisioning-vsphere-0.8.1/lib/kitchen/driver/vsphere.rb:37:in `block in create'
D      /Users/kpettijohn/.gems/ruby/2.0.0/gems/chef-provisioning-vsphere-0.8.1/lib/kitchen/driver/vsphere.rb:69:in `call'
D      /Users/kpettijohn/.gems/ruby/2.0.0/gems/chef-provisioning-vsphere-0.8.1/lib/kitchen/driver/vsphere.rb:69:in `with_provisioning_driver'
D      /Users/kpettijohn/.gems/ruby/2.0.0/gems/chef-provisioning-vsphere-0.8.1/lib/kitchen/driver/vsphere.rb:36:in `create'
D      /Users/kpettijohn/.gems/ruby/2.0.0/gems/test-kitchen-1.4.2/lib/kitchen/instance.rb:424:in `public_send'
D      /Users/kpettijohn/.gems/ruby/2.0.0/gems/test-kitchen-1.4.2/lib/kitchen/instance.rb:424:in `block in perform_action'
D      /Users/kpettijohn/.gems/ruby/2.0.0/gems/test-kitchen-1.4.2/lib/kitchen/instance.rb:488:in `call'
D      /Users/kpettijohn/.gems/ruby/2.0.0/gems/test-kitchen-1.4.2/lib/kitchen/instance.rb:488:in `synchronize_or_call'
D      /Users/kpettijohn/.gems/ruby/2.0.0/gems/test-kitchen-1.4.2/lib/kitchen/instance.rb:453:in `block in action'
D      /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/benchmark.rb:281:in `measure'
D      /Users/kpettijohn/.gems/ruby/2.0.0/gems/test-kitchen-1.4.2/lib/kitchen/instance.rb:452:in `action'
D      /Users/kpettijohn/.gems/ruby/2.0.0/gems/test-kitchen-1.4.2/lib/kitchen/instance.rb:424:in `perform_action'
D      /Users/kpettijohn/.gems/ruby/2.0.0/gems/test-kitchen-1.4.2/lib/kitchen/instance.rb:352:in `create_action'
D      /Users/kpettijohn/.gems/ruby/2.0.0/gems/test-kitchen-1.4.2/lib/kitchen/instance.rb:341:in `block in transition_to'
D      /Users/kpettijohn/.gems/ruby/2.0.0/gems/test-kitchen-1.4.2/lib/kitchen/instance.rb:340:in `each'
D      /Users/kpettijohn/.gems/ruby/2.0.0/gems/test-kitchen-1.4.2/lib/kitchen/instance.rb:340:in `transition_to'
D      /Users/kpettijohn/.gems/ruby/2.0.0/gems/test-kitchen-1.4.2/lib/kitchen/instance.rb:138:in `converge'
D      /Users/kpettijohn/.gems/ruby/2.0.0/gems/test-kitchen-1.4.2/lib/kitchen/command.rb:176:in `public_send'
D      /Users/kpettijohn/.gems/ruby/2.0.0/gems/test-kitchen-1.4.2/lib/kitchen/command.rb:176:in `block (2 levels) in run_action'
D      ----------------------

Here is my configuration:

driver:
  driver_options:
    name: vsphere
    user: 'kpettijohn'
    host: 'vcenter.my-vcenter.com'
    password: 'my_pass'
    insecure: true
  machine_options:
    start_timeout: 600
    create_timeout: 600
    ready_timeout: 90
    bootstrap_options:
      use_linked_clone: true
      datacenter: 'Portland'
      datastore: 'esx-p01:VM1 & ISO (POR)'
      host: 'esx-p01.my-host.com'
      template_name: 'tk-ubuntu-1404'
      num_cpus: 2
      network_name:
        - 'VM Traffic'
      memory_mb: 4096
      resource_pool: '/Portland/host/esx-p01.my-host.com/Resources/VMSetup (POR)'
      ssh:
        user: opsadmin
        paranoid: false
        password: my_pass
        port: 22

I came across an issue from rbvmomi (rlane/rbvmomi/issues/19), which might be related to what I am experiencing. Any suggestions/ideas would be greatly appreciated!

robcoward commented 8 years ago

Looks like I raised #33 at the same time you were typing this out ;)

kpettijohn commented 8 years ago

Haha! I am in the same situation as we use the minimal permissions necessary for our admins/CI.

kpettijohn commented 8 years ago

@robcoward I was able to get things working by following a tip from the rlane/rbvmomi#19 issue.

Granted this is a bit of a hack... but it works haha.

Replace line 84 with the following:

rootFolder = vim.serviceInstance.content.rootFolder
@datacenter ||= rootFolder.childEntity.grep(RbVmomi::VIM::Datacenter).find { |x| x.name == datacenter_name } ||
johnsmyth commented 8 years ago

@kpettijohn this fixed an error i was getting as well. any reason not to submit a PR for this?

kpettijohn commented 8 years ago

@johnsmyth No real reason. I figured my changed was a bit of a hack as I didn't fully understand the permissions.

I created a PR (#55) with the changes I have been using since this issue was originally created.