VMware Cloud Community
unsichtbare
Expert
Expert
‎04-19-2017 12:39 PM

Permissions problem with vSphere 6.5 - "Cluster does not contain any hosts"

In vSphere 6.0 and prior, we have a Role created based on the Veeam Granular Permissions for vSphere. We apply this Role to a specific user/group at the Datacenter level without propagation, and we apply it to the specific user/group Resource Pool created for that OU.

  • In vSphere 6.0 and prior this works beautifully and allows Veeam to function, plus users of the OU can create new VMs and manage existing VMs in their and only their Resource Pool.

In testing vSphere 6.5, applying the Role to the user/group at the Datacenter without propagation, and at the Resource Pool, I get a message "Cluster does not contain any hosts" when trying to create a new VM! Just to eliminate speculation about the Role itself, I get the same error when the Administrator Role is applied to the user/group at the Datacenter without propagation and at the Resource Pool!

This is serious, because it basically prevents us moving forward with plans to migrate to 6.5! All of our OUs are separated by Resource Pools that have users assigned to them (which works perfectly in 6.0) and we will not meet our own SSAE16 or ISO 27001 standards if we can not make this work!

Any Ideas?

+The Invisible Admin+ If you find me useful, follow my blog: http://johnborhek.com/
8 Replies
unsichtbare
Expert
Expert
‎04-20-2017 07:22 AM

So in comparing this to a 6.0 Cluster - this may be a problem with DRS.

The message "Cluster does not contain any hosts" what you get in 6.0 when DRS is set to manual or partially automated.

Just speculating, but some of the new DRS controls available in 6.5 may not properly integrate with the rest of the platform when set to "fully automated"

I plan on opening a case with VMware next week - but I dread the multitudes of flow-chart readers I will have to speak with before I get to someone that actually knows the product.

+The Invisible Admin+ If you find me useful, follow my blog: http://johnborhek.com/
0 Kudos
hennigm
Contributor
Contributor
‎04-25-2017 10:14 PM

Hi

We have the same Setup - Role on Datacenter without propagation and on the Ressorcepool - and get the message "Cluster does not contain Hosts.".

We had to give "Read" permission on at least one Host of the Cluster for this to be fixed. You could also set this on the Cluster itself and propagate but would consequently see all Hosts and Ressourcepools of other users/groups.

Hope this helps.

Kind regards.

Martin

unsichtbare
Expert
Expert
‎04-26-2017 09:48 AM

Thanks,

So part of the problem is that we (by our own SSAE statement) can not expose the hosts (hosts = "Infrastructure Resource") to our OUs.

This seems like an arbitrary problem, but not exposing Infrastructure to consumers is one of the fundamental tenants of Private Cloud Computing. Basically, if I can't make this work without exposing the hosts, I can't qualify vSphere 6.5 for our environment!

From NIST Definition of Cloud Computing:

"The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities"

+The Invisible Admin+ If you find me useful, follow my blog: http://johnborhek.com/
0 Kudos
umrubi1
Contributor
Contributor
‎07-18-2017 05:48 AM

Same here .... latest version of 6.5  Smiley Sad

0 Kudos
tdye
Contributor
Contributor
‎09-07-2017 12:04 PM

Did you ever get to the bottom of the permissions issue with v6.5?  I've encountered the same issue (vCenter v6.5.0, build #4602587), but I ended up granting the group 'read-only' permissions to one of the hosts in the cluster without propagation.  While this did work, I would love to know if VMware support 'fixed' this for you.

rmon1234
Contributor
Contributor
‎12-13-2017 10:48 AM

Anyone have a workaround for this in 6.5? I've got a lab environment used for Computer Science Students. I really don't want to give them read permissions on the host. The permission worked great on 6.0.

0 Kudos
cstorms1234
Contributor
Contributor
‎01-31-2018 06:11 AM

Same issues - this has ruined a big piece of our app development teams progress as we cant add the Read Host permissions like others have said.

0 Kudos
DanielLuebbe
Contributor
Contributor
‎07-02-2018 11:26 PM

Ran into the same issue here..

As the last post is some month old - does anyone found a more suitable solution to this other than exposing server(s) to the user groups assigned to these specific Resource Pools?

Any luck with vmware support on this?

Thanks for your updates,

Daniel

0 Kudos