HPE Community
HPE SimpliVity
1751945 Members
4901 Online
108783 Solutions
New Discussion

Re: OVC 3.7.3 cannot execute any simplivity commands

 
SOLVED
Go to solution
mishaelpl
Occasional Visitor

‎11-19-2018 12:27 PM - edited ‎11-19-2018 12:28 PM

‎11-19-2018 12:27 PM - edited ‎11-19-2018 12:28 PM

OVC 3.7.3 cannot execute any simplivity commands

hello!

after upgrading ovc's and federation to 3.7.3 i am not able to execute any svt- or dsv- commands.

I am getting following error msg everytime i try to execute those commands:

Credentials have expired. Please re-establish or logout.

ERROR [47]: Missing session credentials.

 

Obviously, there is no way credentials could expire as i am executing those commands without any time delay.

Here is what i am doing:

 

1) ssh to ovc using active directory account (our vcenter is joined to MS Active Directory domain, my account has administrator rights on vcenter and esxi hosts).

2) executing for example svt-federation show 

above error is displayed

3) elevating rights to root: sudo su

4) source /var/tmp/build/bin/appsetup

5) dsv-balance-show --shownodeip

above error is displayed.

 

I've no visibility into my federation at all now. After logging case with HPE, assigned engineer put a blame on vmware's authentication mechanism and that i should follow up with them. Case is stuck with vmware now. 

 

Perhaps some of you encountered this issue? I believe i am using quite popular configuration.

 

thanks in advance.

 

1 person had this problem.
0 Kudos
Reply
5 REPLIES 5
DowS
HPE Pro

‎11-19-2018 11:09 PM

‎11-19-2018 11:09 PM

Solution

Re: OVC 3.7.3 cannot execute any simplivity commands

Hi Mishaelpi,

Since version 3.7.3 Simplivity have changed the required permissions for vCenter.

Due to modifications within the Simplivity software that allow for greater control by the end user it is now a requirement that the user account is now part of the vCenter administrator group with GlobalPermissions priviliges assigned.

1. User account must be specifically added to the Administrators group in vCenter.

vCenter permissions.png

2. User then must be assigned to the Global Permissions group.

Global Permissions.png

3. User must be present in the Global Permissions group as below:

Assigned Globaly.png

 

I hope this helps with your issue.


I am an HPE Employee

Accept or Kudo

Reply
mishaelpl
Occasional Visitor

‎11-21-2018 07:04 AM - edited ‎11-21-2018 07:18 AM

‎11-21-2018 07:04 AM - edited ‎11-21-2018 07:18 AM

Re: OVC 3.7.3 cannot execute any simplivity commands

thank you DowS.

I've followed your instructions and added a domain user with global admin permissions.

I can indeed execute svt-* commands now, however when trying to run:

sudo su

my password is not accepted (the same password i am using to login to ovc). 

How i can get access to dsv-* commands ?

 

Also, your solution seems to work only for users and not groups. With dozens of admins who require access to OVC's adding individual users is not scalable. Any workarounds to use AD groups here?

 

thanks again.

0 Kudos
Reply
DowS
HPE Pro

‎11-21-2018 11:23 PM

‎11-21-2018 11:23 PM

Re: OVC 3.7.3 cannot execute any simplivity commands

Hi Michael,

Can you confirm the version of Simplivity you are running?

Is the upgrade status - committed?

  • svt-software-status-show

sudo su should not prompt for a password if over 3.7.3

After logging in to the OVC with your administrator acount run the following commands which will elevate permissions and should allow you to run dsv commands.

  • sudo su
  • source /var/tmp/build/bin/appsetup

There is no workaround to add users at a group level.

This feature has been implemented as a security precaution due to the introduction of the access to the dsv commands.

If the above steps do not resolve your issue I would advise opening a support case and allowing an engineer to join a remote session to investigate.

 


I am an HPE Employee

Accept or Kudo

0 Kudos
Reply
mishaelpl
Occasional Visitor

‎11-22-2018 03:33 AM

‎11-22-2018 03:33 AM

Re: OVC 3.7.3 cannot execute any simplivity commands

yes, the upgrade status shows as committed and all OVC's are at 3.7.3.95.

 

0 Kudos
Reply
FabrizioF
Senior Member

‎01-22-2019 05:21 AM

‎01-22-2019 05:21 AM

Re: OVC 3.7.3 cannot execute any simplivity commands

Hello,

 so any news about his topic ? Is RBAC implemented again in the new 3.7.7 release or are there any plans to have the same permission structure as we had prior 3.6 ? This is definitely a crucial feature for our company, as one of the main objective choosing this hyperconverged solution was the possibility to delegate the priviliges. As for now, all our admins at the subsidiaries worldwide are not able to check their own capacity or view/manage backups in a stable way, although they have the full admin role on the datacenter. But as we know, this is not enough, the plugin only works fine with admin rights on highest vCenter level. I can´t believe anyone is going to assign such a high privilige to non vCenter admins, just for the HPE plugin that had been working fine in the past with older versions.

I would really appreciate any feedback from your (HPE) side, since it´s quite difficult to get answers about this topic event from account managers. Maybe it´s a too technical detail or something concerning only few product managers.

Thank you very much

Best regards

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.