VMware Cloud Community
AnotherPassword
Enthusiast
Enthusiast
‎12-18-2018 12:21 PM
Jump to solution

vCACCAFEEntitiesFinder errors out on method getReservations and getAllReservations 403 error

Have been trying to figure this out for a while and can not. The end goal is to get the networks for a reservation to tie into our IPAM. I have found several solutions and they rely on either getReservations or gerAllReservations. Each of these errors out for me. I THINK it may be a permissions issue? I get a 403 on the 3rd example but not alot of information.

I used vRealize Suite Lifecycle Manager (vRSLCM) to deploy this FWIW.


This works:var vcaccafeHost = vCACCAFEHostManager.getDefaultHostForTenant("vsphere.local", true);

var businessGroups = vCACCAFEEntitiesFinder.getBusinessGroups(vcaccafeHost);

for each(var bus in businessGroups){

     System.log(bus.getName());

}

LOG:

[2018-12-18 14:15:02.513] [I] ISSS

[2018-12-18 14:15:02.516] [I] Configuration Administrators

This does not work:

var vcaccafeHost = vCACCAFEHostManager.getDefaultHostForTenant("vsphere.local", true);

var reservations = vCACCAFEEntitiesFinder.getReservations(vcaccafeHost);

for each(var res in reservations){

     System.log(res.getName());

}

LOG:

[2018-12-18 14:16:14.500] [E] Error in (Workflow:Get Networks for Reservation / Scriptable task (item1)#17) java.lang.reflect.InvocationTargetException

[2018-12-18 14:16:14.515] [E] Workflow execution stack:

***

item: 'Get Networks for Reservation/item1', state: 'failed', business state: 'null', exception: 'java.lang.reflect.InvocationTargetException (Workflow:Get Networks for Reservation / Scriptable task (item1)#17)'

workflow: 'Get Networks for Reservation' (2719ea9c-f8db-46a9-827f-d70e67b6a79c)

|  'no inputs'

|  'no outputs'

|  'no attributes'

*** End of execution stack.

This does not work:

var vcaccafeHost = vCACCAFEHostManager.getDefaultHostForTenant("vsphere.local", true);

var reservationClient = vcaccafeHost.createReservationClient();

var reservationService = reservationClient.getReservationReservationService();

System.log(reservationService);

var tenantReservationPagedResources = reservationService.getAllReservations();

LOG:

[2018-12-18 14:18:37.035] [I] DynamicWrapper (Instance) : [vCACCAFEReservationReservationService]-[class com.vmware.o11n.plugin.vcac.model.cafe.service.ReservationReservationService] -- VALUE : com.vmware.o11n.plugin.vcac.model.cafe.service.ReservationReservationService@708603fa

[2018-12-18 14:18:37.056] [E] Error in (Workflow:Get Networks for Reservation / Scriptable task (item1)#6) 403

[2018-12-18 14:18:37.077] [E] Workflow execution stack:

***

item: 'Get Networks for Reservation/item1', state: 'failed', business state: 'null', exception: '403  (Workflow:Get Networks for Reservation / Scriptable task (item1)#6)'

workflow: 'Get Networks for Reservation' (2719ea9c-f8db-46a9-827f-d70e67b6a79c)

|  'no inputs'

|  'no outputs'

|  'no attributes'

*** End of execution stack.

0 Kudos
1 Solution

Accepted Solutions
AnotherPassword
Enthusiast
Enthusiast
‎12-19-2018 07:29 AM
Jump to solution

I fixed it.

Audit log on vra (/storage/log/vmware/vcac/) appliance shows

<134>1 2018-12-19T13:10:35.822Z ntxmdvra75.domain.orgt vRA - - [mdc@6876 event_timestamp="2018-12-19T13:10:35Z" source_id="a687de79-3bcc-41c6-9cb1-fc661ba8d94c" source_type="com.vmware.vco.o11n" target_id="f08ff1dc-24a3-4621-83e2-ca84103e55ff" target_type="WorkflowToken" tenant="vsphere.local" type="INFO" user="administrator@vsphere.local"] Workflow 'Get Networks for Reservation' has started

<134>1 2018-12-19T13:10:35.829Z ntxmdvra75.domain.org vRA - - [mdc@6876 event_timestamp="2018-12-19T13:10:35Z" source_id="a687de79-3bcc-41c6-9cb1-fc661ba8d94c" source_type="com.vmware.vco.o11n" target_id="f08ff1dc-24a3-4621-83e2-ca84103e55ff" target_type="WorkflowToken" tenant="vsphere.local" type="ERROR" user="administrator@vsphere.local"] 403  (Workflow:Get Networks for Reservation / Scriptable task (item1)#6)

Not sure if the vRealize Suite Lifecycle Manager (vRSLCM) added the vRA host, or if by selecting 'user internal vro' that the vRA host gets added, but either way the host setup was apparently using an account that did not have all the permissions required. It could get business groups, but not reservations. This was also apparent by browsing the vra host using vro java client and I could see the business groups but reservations were blank.

At first I tried adding administrator@vsphere.local as a local account in vRA and giving it full permissions, but this did not work.

I re-ran the add vra host and used an AD account with the same permissions, and it works.

View solution in original post

0 Kudos
2 Replies
AnotherPassword
Enthusiast
Enthusiast
‎12-19-2018 07:29 AM
Jump to solution

I fixed it.

Audit log on vra (/storage/log/vmware/vcac/) appliance shows

<134>1 2018-12-19T13:10:35.822Z ntxmdvra75.domain.orgt vRA - - [mdc@6876 event_timestamp="2018-12-19T13:10:35Z" source_id="a687de79-3bcc-41c6-9cb1-fc661ba8d94c" source_type="com.vmware.vco.o11n" target_id="f08ff1dc-24a3-4621-83e2-ca84103e55ff" target_type="WorkflowToken" tenant="vsphere.local" type="INFO" user="administrator@vsphere.local"] Workflow 'Get Networks for Reservation' has started

<134>1 2018-12-19T13:10:35.829Z ntxmdvra75.domain.org vRA - - [mdc@6876 event_timestamp="2018-12-19T13:10:35Z" source_id="a687de79-3bcc-41c6-9cb1-fc661ba8d94c" source_type="com.vmware.vco.o11n" target_id="f08ff1dc-24a3-4621-83e2-ca84103e55ff" target_type="WorkflowToken" tenant="vsphere.local" type="ERROR" user="administrator@vsphere.local"] 403  (Workflow:Get Networks for Reservation / Scriptable task (item1)#6)

Not sure if the vRealize Suite Lifecycle Manager (vRSLCM) added the vRA host, or if by selecting 'user internal vro' that the vRA host gets added, but either way the host setup was apparently using an account that did not have all the permissions required. It could get business groups, but not reservations. This was also apparent by browsing the vra host using vro java client and I could see the business groups but reservations were blank.

At first I tried adding administrator@vsphere.local as a local account in vRA and giving it full permissions, but this did not work.

I re-ran the add vra host and used an AD account with the same permissions, and it works.

0 Kudos
Czernobog
Expert
Expert
‎08-28-2019 09:00 AM
Jump to solution

Hi,

can you remember which permissions you set on the AD account, so you could finally browse the reservations?

I have ticked all available permissions, re-added the vRA Host and still canot browse the reservations on vRA using the vRO plugin:(

0 Kudos