Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Permission required by user for Vmware monitoring

https://support.nagios.com/forum/viewtopic.php?t=54553

Page 1 of 1

Permission required by user for Vmware monitoring

Posted: Mon Jul 01, 2019 4:15 pm
by sarfarosh
Dear team,

One of our client has a Vmware environment with approx 30 esxi cluster & 1 Vcenter server. all the user are AD authenticated, we have created a global user with read-only permission for Vmware and it inherit to Vcenter & all the ESXi.

Issue is we are able to monitor vcenter successfully also pull all the guests & monitor is successfully.

But when we try to add ESXI individually it gives the error
"check_vmware_api.pl CRITICAL - Error: Permission to perform this operation was denied."


We can confirm that credentials are correct as they are working with vCenter, also to reconfirm when we tried using user with administrator right we where successful getting details from esxi.

so can you confirm on the permission required by user for esxi other than read-only

Re: Permission required by user for Vmware monitoring

Posted: Tue Jul 02, 2019 12:48 pm
by cdienger
It looks like a permissions issue on the esxi host, but can you run the check_vmware_api plugin with the "-v" option so we can get some verbose output? It may have some clues.

Re: Permission required by user for Vmware monitoring

Posted: Wed Jul 03, 2019 3:19 am
by sarfarosh
Hi,

Below is the verbose output,
[root@s1-mgmt-nxi-001 ~]# /usr/local/nagios/libexec/check_vmware_api.pl -H "10.96.253.2" -f "/usr/local/nagiosxi/etc/components/vmware/S1_MGMT_ESX_001_csc_gov_corp_auth.txt_1" -l "CPU" -v
CHECK_VMWARE_API.PL UNKNOWN - Error: Permission to perform this operation was denied.
I can confirm that the credentials are perfect since this is an AD user and with same credentials i am able to query Vcenter and user is imported globally.

Below is output from the Vcenter
[root@s1-mgmt-nxi-001 ~]# /usr/local/nagios/libexec/check_vmware_api.pl -H "10.96.253.254" -f "/usr/local/nagiosxi/etc/components/vmware/S1_MGMT_VCENTER_001_csc_gov_corp_auth.txt" -l "CPU" -v
CHECK_VMWARE_API.PL OK - cpu usage=801.00 MHz (0.96%) | cpu_usagemhz=801.00;; cpu_usage=0.96%;;
if i compare the credentials file there don't see difference
[root@s1-mgmt-nxi-001 ~]# diff "/usr/local/nagiosxi/etc/components/vmware/S1_MGMT_VCENTER_001_csc_gov_corp_auth.txt" "/usr/local/nagiosxi/etc/components/vmware/S1_MGMT_ESX_001_csc_gov_corp_auth.txt_1"
[root@s1-mgmt-nxi-001 ~]#

Is there any specific permission that need to assigned on ESXI ?

Re: Permission required by user for Vmware monitoring

Posted: Wed Jul 03, 2019 12:00 pm
by cdienger
Read should be all that's needed as far as I am aware. You may want to check with the vmware system and check the logs on there to see why the permissions are not working.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited