I'm trying to use Packer to build images from iso on a remote VMware cluster, and there are security concerns with allowing direct access to the host. What are the minimal permissions required for an account on the esxi host to successfully complete the build?
The user needs to be able to run the following commands:
vmkfstools
vim-cmd
test
sh
ls
rm
esxcli
stat
mkdir
shaXsum
md5sum
For vim-cmd
it must be allowed to run:
vmsvc/power.getstate
vmsvc/reload
vmsvc/power.on
vmsvc/power.off
solo/registervm
vmsvc/unregister
vmsvc/destroy
vmsvc/tools.install
And for esxcli
:
network ip connection list
network vm list
network vm port list
system version get
system settings advanced list -o /Net/GuestIPHack
If security is I high concern I would recommend to look into running a dedicated ESXi host for Packer builds or use nested virtualisation to run a ESXi on top of vSphere just as a build host.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.