Minimal Permissions for Packer remote VMware-iso builder
Question
I'm trying to use Packer to build images from iso on a remote VMware cluster, and there are security concerns with allowing direct access to the host. What are the minimal permissions required for an account on the esxi host to successfully complete the build?
1 answers
solution1
1 2017-11-16 05:42:29
The user needs to be able to run the following commands:
-
vmkfstools -
vim-cmd -
test -
sh -
ls -
rm -
esxcli -
stat -
mkdir -
shaXsum -
md5sum
For vim-cmd it must be allowed to run:
-
vmsvc/power.getstate -
vmsvc/reload -
vmsvc/power.on -
vmsvc/power.off -
solo/registervm -
vmsvc/unregister -
vmsvc/destroy -
vmsvc/tools.install
And for esxcli :
-
network ip connection list -
network vm list -
network vm port list -
system version get -
system settings advanced list -o /Net/GuestIPHack
If security is I high concern I would recommend to look into running a dedicated ESXi host for Packer builds or use nested virtualisation to run a ESXi on top of vSphere just as a build host.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.