Solved: Required permisions for NFS mount on ESXi host

Newbie407 · ‎04-07-2016

Hi Team,

In our application Uses java)use VMWARE API to mount the NFS datastore on the ESXi host. But to do this, we require root permissions of the ESXI. Since having root credentials is violating the security of the system, we would like to create a user with the required permissions which will be sufficient to add the NFS mount on ESXi host.

But not sure how to know the required permissions for mounting the NFS on ESXi host. Any pointers would be helpful.

Thanks In advance,

Anjana

LucianoPatrão · ‎04-19-2016

Hi

Storage permissions is in the Datastore group roles.

You should have a default Storage Role Profile in your vCenter.

Check image:

Hope this helps

Luciano Patrão

VCP-DCV, VCAP-DCV Design 2023, VCP-Cloud 2023
vExpert vSAN, NSX, Cloud Provider, Veeam Vanguard
Solutions Architect - Tech Lead for VMware / Virtual Backups

________________________________
If helpful Please award points
Thank You
Blog: https://www.provirtualzone.com | Twitter: @Luciano_PT

View solution in original post

LucianoPatrão · ‎04-07-2016

Hi,

You can create a user(local, or domain) and give them a Storage Profile permissions(done by vCenter profiles/permissions), I think this will fix your issue. For that you need to connect to vCenter first before the API start the tasks.

You can do it also by creating local ESXi users

Check here: https://kb.vmware.com/kb/2082641

Luciano Patrão

VCP-DCV, VCAP-DCV Design 2023, VCP-Cloud 2023
vExpert vSAN, NSX, Cloud Provider, Veeam Vanguard
Solutions Architect - Tech Lead for VMware / Virtual Backups

________________________________
If helpful Please award points
Thank You
Blog: https://www.provirtualzone.com | Twitter: @Luciano_PT

Newbie407 · ‎04-13-2016

Thanks for the reply. I will check on it and see if that works for me.

Newbie407 · ‎04-13-2016

Hi,

Thanks for the info provided. I followed the steps provided in the below link

https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=20826...

and created the new user in the ESXi host and tried to assign the specific permissions mentioned in the below thread "Storage Profile" permissions. Which i could not find. I tried to assign all the existing permissions to the new user (just to try whther the new user works fine). But the NFS mount was failing reporting the

"com.vmware.vim25.PlatformConfigFault" error.

Can you please let us know what could go wrong here? Below are the list of permissions which it is listing for me in the ESXi.

Regards,

Anjana

LucianoPatrão · ‎04-19-2016

Hi

Storage permissions is in the Datastore group roles.

You should have a default Storage Role Profile in your vCenter.

Check image:

Hope this helps

Luciano Patrão

VCP-DCV, VCAP-DCV Design 2023, VCP-Cloud 2023
vExpert vSAN, NSX, Cloud Provider, Veeam Vanguard
Solutions Architect - Tech Lead for VMware / Virtual Backups

________________________________
If helpful Please award points
Thank You
Blog: https://www.provirtualzone.com | Twitter: @Luciano_PT

Newbie407 · ‎04-20-2016

Thanks a lot for the help provided. It was working . And now I got what were the specific permissions required for NFS mount. And i can create the local user with those permissions to avoid root.

But looks like this user can be created for only ESxi hots. But not for Vcenter. Am I correct? As Vcenter will have series of ESXi hosts in it. How can the user creation works out there?

Regards,

Anjana

LucianoPatrão · ‎04-20-2016

Hi

Local users can be created in the local vCenter. Then use local users with that permissions/profile. Will set for all hosts.

Luciano Patrão

VCP-DCV, VCAP-DCV Design 2023, VCP-Cloud 2023
vExpert vSAN, NSX, Cloud Provider, Veeam Vanguard
Solutions Architect - Tech Lead for VMware / Virtual Backups

________________________________
If helpful Please award points
Thank You
Blog: https://www.provirtualzone.com | Twitter: @Luciano_PT

Newbie407 · ‎04-27-2016

Hi ,

I tried to create the user for vCenter. And i assigned the specific permissions to that user for the respective ESXi host which was added to the vCenter. But when I try to add the ESXi host (which is present in vCenter) in my application (the local user created for vCenter for which added the specific permissions). The vmWare API is throwing an error below which is "Invalid Login".

com.vmware.vim25.InvalidLogin

It looks like the user created for vCenter is not working for ESXi hosts added to the vCenter.

I also tried to login to the ESXi (which is under vCente)with the user which was created for vCenter and the login is failed. What could be the reason here?

Regards,

Anjana

LucianoPatrão · ‎04-28-2016

Hi

I think you are a bit confusion about the local users and permissions.

Use a vCenter user to have permissions in a host, you need to connect to vCenter first, then you have rights to the host. You cannot connect directly to a host with that user.

If you want user ESXi users, then you should create users for ESXi

Check here: https://kb.vmware.com/kb/2082641

Hope this helps

Luciano Patrão

VCP-DCV, VCAP-DCV Design 2023, VCP-Cloud 2023
vExpert vSAN, NSX, Cloud Provider, Veeam Vanguard
Solutions Architect - Tech Lead for VMware / Virtual Backups

________________________________
If helpful Please award points
Thank You
Blog: https://www.provirtualzone.com | Twitter: @Luciano_PT

Newbie407 · ‎04-29-2016

Sure. I will look at. Thanks for the help provided.

All

Required permisions for NFS mount on ESXi host