I'm new to VSAN and I have a question regarding to RVC and VSAN Observer.
I have a windows-based VCenter to manage the VSAN cluster. According to https://blogs.vmware.com/vsphere/2014/07/managing-vsan-ruby-vsphere-console.html, "We recommend deploying a vCenter Server Appliance (minimum version 5.5u1b) to act as a dedicated server for the Ruby vSphere Console and Virtual SAN Observer." So I also just deployed a vCenter Server Appliance. Then I login into the appliance via ssh and run RVC command like this:
Then I realize my VSAN cluster is not managed by the vCenter Server Appliance thus I cannot see any cluster there.
And if I run the rvc command in the appliance to the ip of my windows VCenter server like below (the credential I use is able to log into VCenter web client):
It then give me following error:
/opt/vmware/rvc/gems/rbvmomi-1.7.0/lib/rbvmomi/connection.rb:61:in `parse_response': NoPermission: Permission to perform this operation was denied. (RbVmomi::Fault)
from /opt/vmware/rvc/gems/rbvmomi-1.7.0/lib/rbvmomi/connection.rb:90:in `call'
from /opt/vmware/rvc/gems/rbvmomi-1.7.0/lib/rbvmomi/basic_types.rb:205:in `_call'
from /opt/vmware/rvc/gems/rbvmomi-1.7.0/lib/rbvmomi/basic_types.rb:74:in `block (2 levels) in init'
from /opt/vmware/rvc/lib/rvc/modules/vim.rb:119:in `block in connect'
from /opt/vmware/rvc/lib/rvc/modules/vim.rb:116:in `loop'
from /opt/vmware/rvc/lib/rvc/modules/vim.rb:116:in `connect'
from /opt/vmware/rvc/lib/rvc/modules/vim.rb:24:in `block in load_code'
from /opt/vmware/rvc/bin/rvc:84:in `call'
from /opt/vmware/rvc/bin/rvc:84:in `block in <main>'
from /opt/vmware/rvc/bin/rvc:71:in `each'
from /opt/vmware/rvc/bin/rvc:71:in `<main>'
May I know what steps I'm missing?
So you are logging in with the administrator username. This administrator may be administrator@localos user. This will depend on what the default Identity Source is in the SSO Configuration.
You can check this in the vSphere Web Client. Home -> Administration -> Configuration -> Identity Sources ( look for (default) next to the Identity Source Name )
If the Local OS is the default IDS , then will will have to grant the Local Windows Administrator permissions to the vCenter Server.
Here is the screenshot of the Identity souces.
It seems the Local OS is already here?
BTW, I'm using Administrator@vsphere.local to log into the web client. Then what account shall I use in the RVC command?
Since Local OS is your default, as John states, you need to provide the "local" administrator password to RVC, not the vspex.local AD administrator password and not the email@example.com password.
I'm using the correct password for the locacl administrator account.
It turns out that, I need to add pemission of local Administrator account to VCenter -> Manage -> Permissions, with the Administrator Role.
After that, I can RVC from the Appliance to the VCenter account.
Thanks to all.
Two conditions must comply to login a user in RVC:
a) Right Click to the vcenter server > All vCeneter Actions> Add Permisson.
b) On the left pane (Users and Groups) Click Add. On the "Domain" drop down list select the domain which you have set your default domain in step 1. Select the user from the list , then click add. Then click OK.
c) On the right pane (Assigned Role) click the drop down list and select Administrator. Click OK.