Knife-vsphere permission denied

Chef Infra (archive)
1

Hello Chefs! I hope one of you might have a little experience with the knife
vsphere plugin. It would be sooooooo cool to make this work in our environment
and make my bosses happy so they will pay me more money :smiley:

So, the problem is: even though I have full admin privileges on the Datacenter
I’m trying to deploy to, when I run ‘knife vsphere vm list’, I get the
following output:

ERROR: RbVmomi::Fault: NoPermission: Permission to perform this operation was
denied.

full stack trace:

DEBUG: Using configuration from /home/miles/.chef/knife.rb
/home/miles/.rvm/gems/ruby-1.9.2-p318/gems/rbvmomi-1.2.3/lib/rbvmomi/connection.rb:47:in
parse_response': NoPermission: Permission to perform this operation was denied. (RbVmomi::Fault) from /home/miles/.rvm/gems/ruby-1.9.2-p318/gems/rbvmomi-1.2.3/lib/rbvmomi/connection.rb:71:incall’
from
/home/miles/.rvm/gems/ruby-1.9.2-p318/gems/rbvmomi-1.2.3/lib/rbvmomi/basic_types.rb:182:in
_call' from /home/miles/.rvm/gems/ruby-1.9.2-p318/gems/rbvmomi-1.2.3/lib/rbvmomi/basic_types.rb:70:inblock (2 levels) in init’
from
/home/miles/.rvm/gems/ruby-1.9.2-p318/gems/rbvmomi-1.2.3/lib/rbvmomi/vim/Folder.rb:7:in
find' from /home/miles/.rvm/gems/ruby-1.9.2-p318/gems/rbvmomi-1.2.3/lib/rbvmomi/vim/Folder.rb:83:intraverse’
from
/home/miles/.rvm/gems/ruby-1.9.2-p318/gems/rbvmomi-1.2.3/lib/rbvmomi/vim/ServiceInstance.rb:8:in
find_datacenter' from /home/miles/.rvm/gems/ruby-1.9.2-p318/gems/knife-vsphere-0.1.6/lib/chef/knife/BaseVsphereCommand.rb:101:infind_folder’
from
/home/miles/.rvm/gems/ruby-1.9.2-p318/gems/knife-vsphere-0.1.6/lib/chef/knife/vsphere_vm_list.rb:50:in
run' from /home/miles/.rvm/gems/ruby-1.9.2-p318/gems/chef-0.10.8/lib/chef/knife.rb:391:inrun_with_pretty_exceptions’
from
/home/miles/.rvm/gems/ruby-1.9.2-p318/gems/chef-0.10.8/lib/chef/knife.rb:166:in
run' from /home/miles/.rvm/gems/ruby-1.9.2-p318/gems/chef-0.10.8/lib/chef/application/knife.rb:128:inrun’
from
/home/miles/.rvm/gems/ruby-1.9.2-p318/gems/chef-0.10.8/bin/knife:25:in <top (required)>' from /home/miles/.rvm/gems/ruby-1.9.2-p318/bin/knife:19:inload’
from /home/miles/.rvm/gems/ruby-1.9.2-p318/bin/knife:19:in `’

My knife.rb vsphere values:

knife[:vsphere_host] = "10.10.0.4"
knife[:vsphere_user] = "miles"
knife[:vsphere_pass] = "foo"
knife[:vsphere_dc] = “Labs”

If I comment out the vsphere_dc option in my knife.rb and run knife vsphere vm
list again, it works, but selects the first datacenter it finds on the
vsphere host, which of course is not the datacenter I want. If I enable
vsphere_dc again and use a random value, it comes back with the same permission
denied error, which leads me to believe that vsphere_dc should be in some
format that’s not obvious.

I have installed rvc and am able to connect to my vcenter server and list
datacenters, which appear named exactly as I have specified in knife.rb. Don’t
know if this applicable or not.

That’s where I’m stuck. Any help is appreciated. BTW I’m chef v0.10.8. Let me
know if you guys need any additional info.

Thanks yall!

-Miles Monteleone

2

I haven't ever seen the permission denied error before, that is
getting sent back to you from the rbvmomi plugin directly so it may be
beyond my ability to fix.
I currently have two datacenters, ATL.SETG and ATL2.SETG. As you can
see from the below command output, it is case sensitive. You are
correctly specifying the options in your config file.

with:
knife[:vsphere_dc] = "ATL.SETG"
$ knife vsphere vm list
Folder Name: Devel
Folder Name: Production
Folder Name: Templates
VM Name: New Virtual Machine
VM Name: VUM_Stage

with:
knife[:vsphere_dc] = "atl.setg"
$ knife vsphere vm list
datacenter not found

On Mon, Apr 16, 2012 at 18:04, scratchyseal@gmail.com wrote:

Hello Chefs! I hope one of you might have a little experience with the knife
vsphere plugin. It would be sooooooo cool to make this work in our environment
and make my bosses happy so they will pay me more money :smiley:

So, the problem is: even though I have full admin privileges on the Datacenter
I'm trying to deploy to, when I run 'knife vsphere vm list', I get the
following output:

ERROR: RbVmomi::Fault: NoPermission: Permission to perform this operation was
denied.

full stack trace:

DEBUG: Using configuration from /home/miles/.chef/knife.rb
/home/miles/.rvm/gems/ruby-1.9.2-p318/gems/rbvmomi-1.2.3/lib/rbvmomi/connection.rb:47:in
parse_response': NoPermission: Permission to perform this operation was denied. (RbVmomi::Fault) from /home/miles/.rvm/gems/ruby-1.9.2-p318/gems/rbvmomi-1.2.3/lib/rbvmomi/connection.rb:71:in call'
from
/home/miles/.rvm/gems/ruby-1.9.2-p318/gems/rbvmomi-1.2.3/lib/rbvmomi/basic_types.rb:182:in
_call' from /home/miles/.rvm/gems/ruby-1.9.2-p318/gems/rbvmomi-1.2.3/lib/rbvmomi/basic_types.rb:70:in block (2 levels) in init'
from
/home/miles/.rvm/gems/ruby-1.9.2-p318/gems/rbvmomi-1.2.3/lib/rbvmomi/vim/Folder.rb:7:in
find' from /home/miles/.rvm/gems/ruby-1.9.2-p318/gems/rbvmomi-1.2.3/lib/rbvmomi/vim/Folder.rb:83:in traverse'
from
/home/miles/.rvm/gems/ruby-1.9.2-p318/gems/rbvmomi-1.2.3/lib/rbvmomi/vim/ServiceInstance.rb:8:in
find_datacenter' from /home/miles/.rvm/gems/ruby-1.9.2-p318/gems/knife-vsphere-0.1.6/lib/chef/knife/BaseVsphereCommand.rb:101:in find_folder'
from
/home/miles/.rvm/gems/ruby-1.9.2-p318/gems/knife-vsphere-0.1.6/lib/chef/knife/vsphere_vm_list.rb:50:in
run' from /home/miles/.rvm/gems/ruby-1.9.2-p318/gems/chef-0.10.8/lib/chef/knife.rb:391:in run_with_pretty_exceptions'
from
/home/miles/.rvm/gems/ruby-1.9.2-p318/gems/chef-0.10.8/lib/chef/knife.rb:166:in
run' from /home/miles/.rvm/gems/ruby-1.9.2-p318/gems/chef-0.10.8/lib/chef/application/knife.rb:128:in run'
from
/home/miles/.rvm/gems/ruby-1.9.2-p318/gems/chef-0.10.8/bin/knife:25:in <top (required)>' from /home/miles/.rvm/gems/ruby-1.9.2-p318/bin/knife:19:in load'
from /home/miles/.rvm/gems/ruby-1.9.2-p318/bin/knife:19:in `'

My knife.rb vsphere values:

knife[:vsphere_host] = "10.10.0.4"
knife[:vsphere_user] = "miles"
knife[:vsphere_pass] = "foo"
knife[:vsphere_dc] = "Labs"

If I comment out the vsphere_dc option in my knife.rb and run knife vsphere vm
list again, it works, but selects the first datacenter it finds on the
vsphere host, which of course is not the datacenter I want. If I enable
vsphere_dc again and use a random value, it comes back with the same permission
denied error, which leads me to believe that vsphere_dc should be in some
format that's not obvious.

I have installed rvc and am able to connect to my vcenter server and list
datacenters, which appear named exactly as I have specified in knife.rb. Don't
know if this applicable or not.

That's where I'm stuck. Any help is appreciated. BTW I'm chef v0.10.8. Let me
know if you guys need any additional info.

Thanks yall!

-Miles Monteleone

3

Yeah, looks like rbvmomi is the cause here. I ran this script:

require 'rbvmomi'
vim = RbVmomi::VIM.connect host: 'vmhost', user: 'miles', password:
'password', insecure: 'true'
dc = vim.serviceInstance.find_datacenter("Labs") or fail "datacenter not
found"
vm = dc.find_vm("foo") or fail "VM not found"

And it comes back with the same permission error. I'll post this over in
the rbvmomi github issues.

Thanks for helping!

-Miles

On Mon, Apr 16, 2012 at 3:48 PM, Jesse Campbell hikeit@gmail.com wrote:

I haven't ever seen the permission denied error before, that is
getting sent back to you from the rbvmomi plugin directly so it may be
beyond my ability to fix.
I currently have two datacenters, ATL.SETG and ATL2.SETG. As you can
see from the below command output, it is case sensitive. You are
correctly specifying the options in your config file.

with:
knife[:vsphere_dc] = "ATL.SETG"
$ knife vsphere vm list
Folder Name: Devel
Folder Name: Production
Folder Name: Templates
VM Name: New Virtual Machine
VM Name: VUM_Stage

with:
knife[:vsphere_dc] = "atl.setg"
$ knife vsphere vm list
datacenter not found

On Mon, Apr 16, 2012 at 18:04, scratchyseal@gmail.com wrote:

Hello Chefs! I hope one of you might have a little experience with the
knife
vsphere plugin. It would be sooooooo cool to make this work in our
environment
and make my bosses happy so they will pay me more money :smiley:

So, the problem is: even though I have full admin privileges on the
Datacenter
I'm trying to deploy to, when I run 'knife vsphere vm list', I get the
following output:

ERROR: RbVmomi::Fault: NoPermission: Permission to perform this
operation was
denied.

full stack trace:

DEBUG: Using configuration from /home/miles/.chef/knife.rb

/home/miles/.rvm/gems/ruby-1.9.2-p318/gems/rbvmomi-1.2.3/lib/rbvmomi/connection.rb:47:in

`parse_response': NoPermission: Permission to perform this operation was
denied. (RbVmomi::Fault)
from

/home/miles/.rvm/gems/ruby-1.9.2-p318/gems/rbvmomi-1.2.3/lib/rbvmomi/connection.rb:71:in

`call'
from

/home/miles/.rvm/gems/ruby-1.9.2-p318/gems/rbvmomi-1.2.3/lib/rbvmomi/basic_types.rb:182:in

`_call'
from

/home/miles/.rvm/gems/ruby-1.9.2-p318/gems/rbvmomi-1.2.3/lib/rbvmomi/basic_types.rb:70:in

`block (2 levels) in init'
from

/home/miles/.rvm/gems/ruby-1.9.2-p318/gems/rbvmomi-1.2.3/lib/rbvmomi/vim/Folder.rb:7:in

`find'
from

/home/miles/.rvm/gems/ruby-1.9.2-p318/gems/rbvmomi-1.2.3/lib/rbvmomi/vim/Folder.rb:83:in

`traverse'
from

/home/miles/.rvm/gems/ruby-1.9.2-p318/gems/rbvmomi-1.2.3/lib/rbvmomi/vim/ServiceInstance.rb:8:in

`find_datacenter'
from

/home/miles/.rvm/gems/ruby-1.9.2-p318/gems/knife-vsphere-0.1.6/lib/chef/knife/BaseVsphereCommand.rb:101:in

`find_folder'
from

/home/miles/.rvm/gems/ruby-1.9.2-p318/gems/knife-vsphere-0.1.6/lib/chef/knife/vsphere_vm_list.rb:50:in

`run'
from

/home/miles/.rvm/gems/ruby-1.9.2-p318/gems/chef-0.10.8/lib/chef/knife.rb:391:in

`run_with_pretty_exceptions'
from

/home/miles/.rvm/gems/ruby-1.9.2-p318/gems/chef-0.10.8/lib/chef/knife.rb:166:in

`run'
from

/home/miles/.rvm/gems/ruby-1.9.2-p318/gems/chef-0.10.8/lib/chef/application/knife.rb:128:in

run' from /home/miles/.rvm/gems/ruby-1.9.2-p318/gems/chef-0.10.8/bin/knife:25:in <top
(required)>'
from /home/miles/.rvm/gems/ruby-1.9.2-p318/bin/knife:19:in load' from /home/miles/.rvm/gems/ruby-1.9.2-p318/bin/knife:19:in '

My knife.rb vsphere values:

knife[:vsphere_host] = "10.10.0.4"
knife[:vsphere_user] = "miles"
knife[:vsphere_pass] = "foo"
knife[:vsphere_dc] = "Labs"

If I comment out the vsphere_dc option in my knife.rb and run knife
vsphere vm
list again, it works, but selects the first datacenter it finds on the
vsphere host, which of course is not the datacenter I want. If I enable
vsphere_dc again and use a random value, it comes back with the same
permission
denied error, which leads me to believe that vsphere_dc should be in some
format that's not obvious.

I have installed rvc and am able to connect to my vcenter server and list
datacenters, which appear named exactly as I have specified in knife.rb.
Don't
know if this applicable or not.

That's where I'm stuck. Any help is appreciated. BTW I'm chef v0.10.8.
Let me
know if you guys need any additional info.

Thanks yall!

-Miles Monteleone