VMware Cloud Community
Silvester
Contributor
Contributor

Monitoring VSAN using RVC from a dedicated vcenter appliance

Dear all,

I'm new to VSAN and I have a question regarding to RVC and VSAN Observer.

I have a windows-based VCenter to manage the VSAN cluster.  According to https://blogs.vmware.com/vsphere/2014/07/managing-vsan-ruby-vsphere-console.html, "We recommend deploying a vCenter Server Appliance (minimum version 5.5u1b) to act as a dedicated server for the Ruby vSphere Console and Virtual SAN Observer." So I also just deployed a vCenter Server Appliance. Then I login into the appliance via ssh and run RVC command like this:

rvc root@localhost

Then I realize my VSAN cluster is not managed by the vCenter Server Appliance thus I cannot see any cluster there.

And if I run the rvc command in the appliance to the ip of my windows VCenter server like below (the credential I use is able to log into VCenter web client):

rvc administrator@193.168.111.1


It then give me following error:

/opt/vmware/rvc/gems/rbvmomi-1.7.0/lib/rbvmomi/connection.rb:61:in `parse_response': NoPermission: Permission to perform this operation was denied. (RbVmomi::Fault)

        from /opt/vmware/rvc/gems/rbvmomi-1.7.0/lib/rbvmomi/connection.rb:90:in `call'

        from /opt/vmware/rvc/gems/rbvmomi-1.7.0/lib/rbvmomi/basic_types.rb:205:in `_call'

        from /opt/vmware/rvc/gems/rbvmomi-1.7.0/lib/rbvmomi/basic_types.rb:74:in `block (2 levels) in init'

        from /opt/vmware/rvc/lib/rvc/modules/vim.rb:119:in `block in connect'

        from /opt/vmware/rvc/lib/rvc/modules/vim.rb:116:in `loop'

        from /opt/vmware/rvc/lib/rvc/modules/vim.rb:116:in `connect'

        from /opt/vmware/rvc/lib/rvc/modules/vim.rb:24:in `block in load_code'

        from /opt/vmware/rvc/bin/rvc:84:in `call'

        from /opt/vmware/rvc/bin/rvc:84:in `block in <main>'

        from /opt/vmware/rvc/bin/rvc:71:in `each'

        from /opt/vmware/rvc/bin/rvc:71:in `<main>'

May I know what steps I'm missing?

Thanks!

Silvester

Tags (2)
5 Replies
jbrowne
VMware Employee
VMware Employee

So you are logging in with the administrator username. This administrator may be administrator@localos user. This will depend on what the default Identity Source is in the SSO Configuration.

You can check this in the vSphere Web Client. Home -> Administration -> Configuration -> Identity Sources  ( look for (default) next to the Identity Source Name )

If the Local OS is the default IDS , then will will have to grant the Local Windows Administrator permissions to the vCenter Server.

Silvester
Contributor
Contributor

Here is the screenshot of the Identity souces.

It seems the Local OS is already here?

VC55_SSO.png

BTW, I'm using Administrator@vsphere.local to log into the web client. Then what account shall I use in the RVC command?

Thanks

Silvester

Reply
0 Kudos
CHogan
VMware Employee
VMware Employee

Since Local OS is your default, as John states, you need to provide the "local" administrator password to RVC, not the vspex.local AD administrator password and not the administrator@vsphere.local password.

http://cormachogan.com
Reply
0 Kudos
Silvester
Contributor
Contributor

I'm using the correct password for the locacl administrator account.

It turns out that, I need to add pemission of local Administrator account to VCenter -> Manage -> Permissions, with the Administrator Role.

After that, I can RVC from the Appliance to the VCenter account.

Thanks to all.

Silvester

Reply
0 Kudos
kamruddin
Contributor
Contributor

Two conditions must comply to login a user in RVC:

  1. The domain/Local OS must be your default identity source in which the user exist. To set your default identity source, Go to - Home > Administration > Single Sign-On> Configuration > Identity Sources. Select the identity source from the list. Click ->Set as Default Domain.
  2. The user must have Administrator Role on vcenter server. To give that user administrator role:

a) Right Click to the vcenter server > All vCeneter Actions> Add Permisson.

b) On the left pane (Users and Groups) Click Add. On the "Domain" drop down list select the domain which you have set your default domain in step 1. Select the user from the list , then click add. Then click OK.

c) On the right pane (Assigned Role) click the drop down list and select Administrator. Click OK.

Reply
0 Kudos