Hello,
Currently, I used a root user to connect to vSphere/vCenter with versions
5.0/5.5/6.0.
I use Foreman VMware plugin for more to query this mixed infrastructure
when observing the Puppet status of the machine (understanding where the
machine runs, for example).
This fact was the reason for a big problem when removing a host object from
Foreman also erased the VM from vCenter.
I was sure that the host delete action will only delete the object from
Foreman DB…
Following the mentioned problem above I decided to limit Foreman for only
"query" permissions, yet I cannot find the right way to do it.
According to the doc:
> Required Permissions
>
> The minimum permissions to properly provision new virtual machines are:
>
> - All Privileges -> Datastore -> Allocate Space
> - All Privileges -> Network -> Assign Network
> - All Privileges -> Resource -> Assign virtual machine to resource pool
> - All Privileges -> Virtual Machine -> Configuration (All)
> - All Privileges -> Virtual Machine -> Interaction
> - All Privileges -> Virtual Machine -> Inventory
> - All Privileges -> Virtual Machine -> Provisioning
>
> This is a "write" permission I don't want to implement now. How can I (and
if even possible) use Foreman for "read only" mode?
Thanks,
Yevgeny
Hello,
if you don't want Foreman to delete the host, simply make it unmanaged before
the deletion. Go to host edit form and click "Unmanage" button in top right
corner. You can also disassociate the VM from Foreman host in compute resource
detail page. If Foreman does not try to write to VMware, you don't have to
grant writing permission I think.
If you don't use Foreman to provision hosts and you are only interested in
puppet ENC and dashboard functionality, you can turn off unattended
configuration, Foreman will hide a unneeded options. At the same time I highly
recommend the first approach since "unattended false" mode is not that well
tested and therefore can be less stable.
Hope this helps
···
--
Marek
On Tuesday 27 of September 2016 08:06:25 Yevgeny Trachtinov wrote:
Hello,
Currently, I used a root user to connect to vSphere/vCenter with versions
5.0/5.5/6.0.
I use Foreman VMware plugin for more to query this mixed infrastructure
when observing the Puppet status of the machine (understanding where the
machine runs, for example).
This fact was the reason for a big problem when removing a host object from
Foreman also erased the VM from vCenter.
I was sure that the host delete action will only delete the object from
Foreman DB…
Following the mentioned problem above I decided to limit Foreman for only
"query" permissions, yet I cannot find the right way to do it.
According to the doc:
Required Permissions
The minimum permissions to properly provision new virtual machines are:
- All Privileges -> Datastore -> Allocate Space
- All Privileges -> Network -> Assign Network
- All Privileges -> Resource -> Assign virtual machine to resource pool
- All Privileges -> Virtual Machine -> Configuration (All)
- All Privileges -> Virtual Machine -> Interaction
- All Privileges -> Virtual Machine -> Inventory
- All Privileges -> Virtual Machine -> Provisioning
This is a “write” permission I don’t want to implement now. How can I (and
if even possible) use Foreman for “read only” mode?
Thanks,
Yevgeny
Un-manage host is good enough for me tight now
Thanks!
···
On Tuesday, September 27, 2016 at 6:06:25 PM UTC+3, Yevgeny Trachtinov wrote:
>
> Hello,
> Currently, I used a *root* user to connect to vSphere/vCenter with
> versions 5.0/5.5/6.0.
> I use Foreman VMware plugin for more to query this mixed infrastructure
> when observing the Puppet status of the machine (understanding where the
> machine runs, for example).
> This fact was the reason for a big problem when removing a host object
> from Foreman also erased the VM from vCenter.
> I was sure that the host delete action will only delete the object from
> Foreman DB...
>
> Following the mentioned problem above I decided to limit Foreman for only
> "query" permissions, yet I cannot find the right way to do it.
> According to the doc:
>
>> Required Permissions
>>
>> The minimum permissions to properly provision new virtual machines are:
>>
>> - All Privileges -> Datastore -> Allocate Space
>> - All Privileges -> Network -> Assign Network
>> - All Privileges -> Resource -> Assign virtual machine to resource
>> pool
>> - All Privileges -> Virtual Machine -> Configuration (All)
>> - All Privileges -> Virtual Machine -> Interaction
>> - All Privileges -> Virtual Machine -> Inventory
>> - All Privileges -> Virtual Machine -> Provisioning
>>
>> This is a "write" permission I don't want to implement now. How can I
> (and if even possible) use Foreman for "read only" mode?
>
> Thanks,
> Yevgeny
>
