5 Replies Latest reply on Jul 6, 2015 6:35 AM by kamruddin

    Monitoring VSAN using RVC from a dedicated vcenter appliance

    Silvester Novice

      Dear all,

       

      I'm new to VSAN and I have a question regarding to RVC and VSAN Observer.

       

      I have a windows-based VCenter to manage the VSAN cluster.  According to https://blogs.vmware.com/vsphere/2014/07/managing-vsan-ruby-vsphere-console.html, "We recommend deploying a vCenter Server Appliance (minimum version 5.5u1b) to act as a dedicated server for the Ruby vSphere Console and Virtual SAN Observer." So I also just deployed a vCenter Server Appliance. Then I login into the appliance via ssh and run RVC command like this:

      rvc root@localhost

       

      Then I realize my VSAN cluster is not managed by the vCenter Server Appliance thus I cannot see any cluster there.

      And if I run the rvc command in the appliance to the ip of my windows VCenter server like below (the credential I use is able to log into VCenter web client):

      rvc administrator@193.168.111.1


      It then give me following error:

      /opt/vmware/rvc/gems/rbvmomi-1.7.0/lib/rbvmomi/connection.rb:61:in `parse_response': NoPermission: Permission to perform this operation was denied. (RbVmomi::Fault)

              from /opt/vmware/rvc/gems/rbvmomi-1.7.0/lib/rbvmomi/connection.rb:90:in `call'

              from /opt/vmware/rvc/gems/rbvmomi-1.7.0/lib/rbvmomi/basic_types.rb:205:in `_call'

              from /opt/vmware/rvc/gems/rbvmomi-1.7.0/lib/rbvmomi/basic_types.rb:74:in `block (2 levels) in init'

              from /opt/vmware/rvc/lib/rvc/modules/vim.rb:119:in `block in connect'

              from /opt/vmware/rvc/lib/rvc/modules/vim.rb:116:in `loop'

              from /opt/vmware/rvc/lib/rvc/modules/vim.rb:116:in `connect'

              from /opt/vmware/rvc/lib/rvc/modules/vim.rb:24:in `block in load_code'

              from /opt/vmware/rvc/bin/rvc:84:in `call'

              from /opt/vmware/rvc/bin/rvc:84:in `block in <main>'

              from /opt/vmware/rvc/bin/rvc:71:in `each'

              from /opt/vmware/rvc/bin/rvc:71:in `<main>'

       

      May I know what steps I'm missing?

       

      Thanks!

      Silvester

        • 1. Re: Monitoring VSAN using RVC from a dedicated vcenter appliance
          jbrowne Expert
          VMware Employees

          So you are logging in with the administrator username. This administrator may be administrator@localos user. This will depend on what the default Identity Source is in the SSO Configuration.

          You can check this in the vSphere Web Client. Home -> Administration -> Configuration -> Identity Sources  ( look for (default) next to the Identity Source Name )

           

          If the Local OS is the default IDS , then will will have to grant the Local Windows Administrator permissions to the vCenter Server.

          • 2. Re: Monitoring VSAN using RVC from a dedicated vcenter appliance
            Silvester Novice

            Here is the screenshot of the Identity souces.

             

            It seems the Local OS is already here?

            VC55_SSO.png

             

            BTW, I'm using Administrator@vsphere.local to log into the web client. Then what account shall I use in the RVC command?

             

            Thanks

            Silvester

            • 3. Re: Monitoring VSAN using RVC from a dedicated vcenter appliance
              CHogan Master
              VMware Employees

              Since Local OS is your default, as John states, you need to provide the "local" administrator password to RVC, not the vspex.local AD administrator password and not the administrator@vsphere.local password.

              • 4. Re: Monitoring VSAN using RVC from a dedicated vcenter appliance
                Silvester Novice

                I'm using the correct password for the locacl administrator account.

                It turns out that, I need to add pemission of local Administrator account to VCenter -> Manage -> Permissions, with the Administrator Role.

                 

                After that, I can RVC from the Appliance to the VCenter account.

                 

                 

                 

                Thanks to all.

                 

                Silvester

                • 5. Re: Monitoring VSAN using RVC from a dedicated vcenter appliance
                  kamruddin Novice

                  Two conditions must comply to login a user in RVC:

                  1. The domain/Local OS must be your default identity source in which the user exist. To set your default identity source, Go to - Home > Administration > Single Sign-On> Configuration > Identity Sources. Select the identity source from the list. Click ->Set as Default Domain.
                  2. The user must have Administrator Role on vcenter server. To give that user administrator role:

                  a) Right Click to the vcenter server > All vCeneter Actions> Add Permisson.

                  b) On the left pane (Users and Groups) Click Add. On the "Domain" drop down list select the domain which you have set your default domain in step 1. Select the user from the list , then click add. Then click OK.

                  c) On the right pane (Assigned Role) click the drop down list and select Administrator. Click OK.