Packer远程VMware-iso构建器的最低权限
[英]Minimal Permissions for Packer remote VMware-iso builder
问题描述
I'm trying to use Packer to build images from iso on a remote VMware cluster, and there are security concerns with allowing direct access to the host. 
我正在尝试使用Packer从远程VMware群集上的iso构建映像,并且存在允许直接访问主机的安全问题。 What are the minimal permissions required for an account on the esxi host to successfully complete the build? esxi主机上的帐户成功完成构建所需的最低权限是什么?
1 个解决方案
解决方案1
1 2017-11-16 05:42:29
The user needs to be able to run the following commands: 用户需要能够运行以下命令:
-
vmkfstools -
vim-cmd -
test -
sh -
ls -
rm -
esxcli -
stat -
mkdir -
shaXsum -
md5sum
For vim-cmd it must be allowed to run: 对于vim-cmd ,必须允许它运行:
-
vmsvc/power.getstate -
vmsvc/reload -
vmsvc/power.on -
vmsvc/power.off -
solo/registervm -
vmsvc/unregister -
vmsvc/destroy -
vmsvc/tools.install
And for esxcli : 对于esxcli :
-
network ip connection list -
network vm list -
network vm port list -
system version get -
system settings advanced list -o /Net/GuestIPHack
If security is I high concern I would recommend to look into running a dedicated ESXi host for Packer builds or use nested virtualisation to run a ESXi on top of vSphere just as a build host. 如果高度关注安全性,我建议您考虑为Packer构建运行专用的ESXi主机,或者使用嵌套虚拟化以将vSphere作为构建主机在vSphere之上运行ESXi。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.