[Solved] - Power On a vSphere VM (permissions)


#1

Hello,

I’ve deployed the latest RC on a vmware environment.
I’ve added my vsphere infrastructure and I’m trying to deploy some VM.

the VM get provisioned but is not powered on. I’ve tried to manually power it on and try to power off another and i can’t see any logs on vcenter side.

Looking at automate logs, it seems that some methods are missing.

[----] I, [2015-11-12T18:27:07.217977 #2830:8df98c] INFO – : Updated namespace [miqaedb:/System/Event/MiqEvent/POLICY/evm_worker_start#create ManageIQ/System/Event/MiqEvent]
[----] I, [2015-11-12T18:27:07.229570 #2830:8df98c] INFO – : Instance [/ManageIQ/System/Event/MiqEvent/POLICY/evm_worker_start] not found in MiqAeDatastore - trying [.missing]
[----] I, [2015-11-12T18:27:07.279946 #2838:b01990] INFO – : Following Relationship [miqaedb:/System/Event/MiqEvent/POLICY/request_vm_start#create]
[----] I, [2015-11-12T18:27:07.321981 #2838:b01990] INFO – : Updated namespace [miqaedb:/System/Event/MiqEvent/POLICY/request_vm_start#create ManageIQ/System/Event/MiqEvent]
[----] I, [2015-11-12T18:27:07.332366 #2838:b01990] INFO – : Instance [/ManageIQ/System/Event/MiqEvent/POLICY/request_vm_start] not found in MiqAeDatastore - trying [.missing]
[----] I, [2015-11-12T18:27:07.374605 #2838:b01990] INFO – : Following Relationship [miqaedb:/System/event_handlers/event_enforce_policy#create]
[----] I, [2015-11-12T18:27:07.387750 #2838:b01990] INFO – : Updated namespace [miqaedb:/System/event_handlers/event_enforce_policy#create ManageIQ/System]
[----] I, [2015-11-12T18:27:07.423896 #2838:b01990] INFO – : Updated namespace [System/event_handlers/event_enforce_policy ManageIQ/System]
[----] I, [2015-11-12T18:27:07.443574 #2838:b01990] INFO – : Invoking [builtin] method [/ManageIQ/System/event_handlers/event_enforce_policy] with inputs [{}]
[----] I, [2015-11-12T18:27:07.501965 #2830:8df98c] INFO – : Following Relationship [miqaedb:/System/event_handlers/event_enforce_policy#create]
[----] I, [2015-11-12T18:27:07.525157 #2830:8df98c] INFO – : Updated namespace [miqaedb:/System/event_handlers/event_enforce_policy#create ManageIQ/System]
[----] I, [2015-11-12T18:27:07.644785 #2830:8df98c] INFO – : Updated namespace [System/event_handlers/event_enforce_policy ManageIQ/System]
[----] I, [2015-11-12T18:27:07.709756 #2830:8df98c] INFO – : Invoking [builtin] method [/ManageIQ/System/event_handlers/event_enforce_policy] with inputs [{}]
[----] I, [2015-11-12T18:27:07.772938 #2838:b01990] INFO – : Followed Relationship [miqaedb:/System/event_handlers/event_enforce_policy#create]
[----] I, [2015-11-12T18:27:07.773311 #2838:b01990] INFO – : Followed Relationship [miqaedb:/System/Event/MiqEvent/POLICY/request_vm_start#create]
[----] I, [2015-11-12T18:27:07.856636 #2830:8df98c] INFO – : Followed Relationship [miqaedb:/System/event_handlers/event_enforce_policy#create]
[----] I, [2015-11-12T18:27:07.856980 #2830:8df98c] INFO – : Followed Relationship [miqaedb:/System/Event/MiqEvent/POLICY/evm_worker_start#create]

any ideas where it comes from?

Regards,
Joseph de Clerck.


#2

@mkanoor @tinaafitz Can you help out here?


#3

In the Casablanca Release, all the events are handled inside Automate Model. The automate model allows us to add new events to customize it for their environment. Out of the box we don’t respond to evm_worker_start, request_vm_start which is why you are seeing those messages. The powering on of the VM might be unrelated to these messages do you any messages in the evm.log?

In the Schedule Tab for provisioning there is a Lifespan option that allows the VM to be powered on, can you check if you have that option enabled.


#4

Hi,

thanks for the insight on where to check.
I definitely asked to power on the VM in the Schedule Tab. I tried to power it on manually too.

It seems I got a permission error:

[----] I, [2015-11-15T19:51:45.992773 #2838:b01990] INFO – : MIQ(MiqAlert.evaluate_alerts) [request_vm_start] Target: ManageIQ::Providers::Vmware::InfraManager::Vm Name: [SV5184], Id: [98]
[----] I, [2015-11-15T19:51:46.012641 #2838:b01990] INFO – : Followed Relationship [miqaedb:/System/event_handlers/event_enforce_policy#create]
[----] I, [2015-11-15T19:51:46.012992 #2838:b01990] INFO – : Followed Relationship [miqaedb:/System/Event/MiqEvent/POLICY/request_vm_start#create]
[----] I, [2015-11-15T19:51:46.013546 #2838:b01990] INFO – : MIQ(MiqQueue#delivered) Message id: [85808], State: [ok], Delivered in [0.235091548] seconds
[----] I, [2015-11-15T19:51:46.055932 #2838:b01990] INFO – : MIQ(MiqQueue#m_callback) Message id: [85808], Invoking Callback with args: [:raw_start, “ok”, “Message delivered successfully”, “#<MiqAeEngine::MiqAeWorkspaceRuntime:0x00000001a11d18 @readonly=false, @nodes=[#<MiqAeEngine::MiqAeObject:0x00000002de6af0 @workspace=#<MiqAeEngine::MiqAeWorkspaceRuntime:0x00000001a11d18 …>, @namespace=“ManageIQ/System”, @klass=“Process”, @instance=“Event”, @attributes={“event_stream_id”=>“3708”, “event_type”=>“request_vm_start”, “ext_management_system”=>“1”, “host_id”=>“1”, “miq_event_id”=>“3708”, “object_name”=>“Event”, “vm_id”=>“98”, “vmdb_object_type”=>“vm”, “event_stream”=>#<MiqAeService…”]
[----] I, [2015-11-15T19:51:46.059933 #2838:b01990] INFO – : MIQ(ManageIQ::Providers::Vmware::InfraManager::Vm#run_command_via_parent) Invoking [vm_start] through EMS: [vcenter]
[----] I, [2015-11-15T19:51:46.060121 #2838:b01990] INFO – : MIQ(ManageIQ::Providers::Vmware::InfraManager#with_provider_connection) Connecting through ManageIQ::Providers::Vmware::InfraManager: [vcenter]
[----] I, [2015-11-15T19:51:46.074281 #2838:b01990] INFO – : MIQ(MiqFaultTolerantVim._connect) EMS: [vcenter] [Broker] Connecting with address: [vcenter.goingup.loc], userid: [svc.manageiq@goingup.loc]…
[----] I, [2015-11-15T19:51:46.192487 #2838:b01990] INFO – : MIQ(MiqFaultTolerantVim._connect) EMS: [vcenter] [Broker] vcenter.goingup.loc is VC, API version: 5.5
[----] I, [2015-11-15T19:51:46.192574 #2838:b01990] INFO – : MIQ(MiqFaultTolerantVim._connect) EMS: [vcenter] [Broker] Connected
[----] E, [2015-11-15T19:51:46.200707 #2838:b01990] ERROR – : MIQ(MiqQueue#m_callback) Message id: [85808]: Handsoap::Fault { :code => ‘ServerFaultCode’, :reason => ‘Permission to perform this operation was denied.’ }

However when I try to connect to vCenter with the manageIQ account, it can perform power on or power off actions.

Trying with a full administrator account seems to work. I’ll investigate the permissions required. Is there any permissions requirements ? I based my permissions on the CloudForms 3.X documentation.

Regards,
Joseph


#5

Hi there,

Problem solved.

I forgot to grant one tiny permission…

Global -> Log Event should be granted to ManageIQ user.

Anyway, thanks for the support and keep up the good work.

Regards,
Joseph.


#6

You could go deeper into the resolution?
Thank you


#7

Hello Gemma,

In the end there was no error on the manageiq side. There error was from the permissions to be granted to the manageiq user on the vCenter server.
There is one permission that should be granted and is often forgottent :

  • Global -> Log Event

Regards,
Joseph.