Closed akhepcat closed 2 years ago
Here's what works on my 7.0.2 vSphere:
# encode the user/password strings for basic auth
BAUTH=$(echo -n """${USER}:${PASS}""" | base64)
# submit the auth request and retrieve the session key
SESS=$(curl --silent -k -H "Authorization: Basic ${BAUTH}" -X POST https://${HOST}/api/session)
SESS=${SESS//\"/}
# use the session
curl --silent -k -H "vmware-api-session-id: ${SESS}" -X GET https://${HOST}/api/vcenter/vm | jq
# end the session
curl --silent -k -H "vmware-api-session-id: ${SESS}" -X DELETE https://${HOST}/api/session
Thank you for bringing this up, I looked at the framework we are using in the plugin to login into vpshere: https://github.com/vmware/govmomi and I couldn't find any information on it supporting this new auth method or plans to support it. But I definitely could be missing something, @prydin I noticed you've helped with this plugin in the past do you perhaps know more about this?
The changed authentication procedure applies to the vSphere REST API, which is not what this plugin uses. It uses the SOAP API. I just rested against vCenter 7.0.3 and the authentication works fine.
I don't think this is what's causing the failed login.
Very interesting, i'll close this as after Yet Another Reboot of both systems, things started logging in again.
Unknown why it wasn't working in the interim.
Feature Request
Add support for new vSphere API
Proposal:
Current 1.20 doesn't support post-7.0U2 because it uses the old api for authentication.
A per-host flag would need to be set to inform telegraf which API to use when connecting to a host, and support for the new API that follows the flag would need to be added - unless there is an unauthenticated method of determining the API model prior to auth (perhaps with URL test)
Current behavior:
The system spews these message in logging: 2021-12-14T16:21:50-09:00 I! [inputs.vsphere] Starting plugin 2021-12-14T16:21:53-09:00 E! [telegraf] Error running agent: starting input inputs.vsphere: ServerFaultCode: Cannot complete login due to an incorrect user name or password.
The previous API was deprecated as of vSphere 7.0U2 (March 2021). https://core.vmware.com/blog/vsphere-7-update-2-rest-api-modernization
Desired behavior:
Follow authentication process for post-7.0U2 as documented at https://developer.vmware.com/apis/vsphere-automation/latest/cis/api/session/post/
Use case:
vSphere users above 7.0U2 can no longer monitor their vSphere instances.