0

I am getting the following error when trying to use pyvmomi to get a list of VMs from the vcenter server appliance.

pyVmomi.VmomiSupport.vim.fault.NoPermission: (vim.fault.NoPermission) {
   dynamicType = <unset>,
   dynamicProperty = (vmodl.DynamicProperty) [],
   msg = 'Permission to perform this operation was denied.',
   faultCause = <unset>,
   faultMessage = (vmodl.LocalizableMessage) [],
   object = 'vim.Folder:group-d1',
   privilegeId = 'System.View',
   missingPrivileges = (vim.fault.NoPermission.EntityPrivileges) [
      (vim.fault.NoPermission.EntityPrivileges) {
         dynamicType = <unset>,
         dynamicProperty = (vmodl.DynamicProperty) [],
         entity = 'vim.Folder:group-d1',
         privilegeIds = (str) [
            'System.View'
         ]
      }
   ]
}

This is my python code :

import atexit
import ssl
from pyVim import connect
from pyVmomi import vim
import pdb


def vconnect(hostIP,port=None):
    if (True):
        context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
        context.check_hostname = False
        context.verify_mode = ssl.CERT_NONE  # disable our certificate checking for lab
    else:
        context = ssl.create_default_context()
        context.options |= ssl.OP_NO_TLSv1_3
    #cipher = 'DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-GCM-SHA256'
    #context.set_ciphers(cipher)
   
    pdb.set_trace()
    if (port):
        service_instance = connect.SmartConnect(host=str(hostIP),  # build python connection to vSphere
                                                user="root",
                                                pwd="MySillyPwd",
                                                port=port,
                                                sslContext=context)
    else:
        service_instance = connect.SmartConnect(host=str(hostIP),  # build python connection to vSphere
                                                user="root",
                                                pwd="MySillyPwd",
                                                sslContext=context)

    atexit.register(connect.Disconnect, service_instance)  # build disconnect logic

    content = service_instance.RetrieveContent()

    container = content.rootFolder  # starting point to look into
    viewType = [vim.VirtualMachine]  # object types to look for
    recursive = True  # whether we should look into it recursively
    containerView = content.viewManager.CreateContainerView(container, viewType, recursive)  # create container view
    children = containerView.view

    for child in children:  # for each statement to iterate all names of VMs in the environment
        summary = child.summary
        print(summary.config.name)

# connecting to ESX host
vconnect("192.168.160.160")

# connecting to vcsa VM
vconnect("192.168.160.170", 443)

So I am using a nested ESX that runs on my workstation 16. I have deployed the vcsa on this ESX host via the windows CLI installer. Querying the ESX host works fine whereas querying the vcenter server appliance (vcsa) gives me the above error.

I looked at this discussion which talks about setting 'global permissions'; however on my vcenter server management VM, my 'administration' tab does not look anything like this: enter image description here

What it instead looks like is this: enter image description here

So apparently I have a 'vcenter server management' appliance and not what is referred to as the 'vsphere client'.

So with this context set, I have some questions:

  1. Is the error above due to my trial license?
  2. How is the 'vcenter server management (vcsa)' appliance different from the 'vsphere client'?
  3. Is it possible to change 'global permissions' on the vcsa or do I need to get the 'vsphere client' to do that?

I tried adding the default port (443) as mentioned here to no avail. Keen to hear from you soon

AjB
  • 890
  • 13
  • 34
  • Apparently, screenshot#1 is from the '***vSphere WebClient interface***' accessed via `"https://{vcsa-address}/ui"` while screenshot#2 is, what VMWare refers to as the ***VAMI (Virtual Appliance Management Interface)*** accessed via `"https://{vcsa-address}:5480"`. Now, I hope it is just a matter of giving the 'right' permissions to the user 'root' to get the code above working – AjB Feb 21 '23 at 02:39

1 Answers1

0

The screen you are looking at is VCSA - vCenter server appliance, which is being accessed over port 5480. You cannot make global permission changes from VCSA. The vSphere client over port 443 should give you access to make the necessary changes. Make sure you log in as administrator@vpshere.local or the administrator credentials with the highest level of permissions.

On the browser when you enter the URL - https://vCenterFQDN:443/ to access the vSphere client what do you see? Also, try https://vCenterIPAddress:443/. What is the URL when you access VCSA?

monisha anand
  • 1
  • 2