All Apps and Add-ons

Problem setting up service account on ESX vmware host

matthew_tiffany
Explorer

I experienced a problem when setting up my service accounts using:

logincreator.pl --target 10.*.*.* --ad aroot --adpwd apassword --newuser splunkuser --newpwd anotherpassword

I get

ERROR: : A specified parameter was not correct.
privIds

when I type

logincreator.pl --target 10.*.*.* --ad root --adpwd apassword --verbose

I get

Checking 10.*.*.*'s for usernames with correct permissions
Checking 10.*.*.*...
   these are the right roleIDs:
...NO ADEQUATE ROLES

and after setting up the enginefile(knowing that the service account i made most likely doesn't work)

in the splunk app install_health page i get

'stats' command: limit for values of field 'name' reached. Some values may have been truncated or ignored.

at the top and am not filling the SA_Performance Addon lookups

I'm using the splunk app for VMware 2.0 but my host and vcenter are 4.1

0 Karma
1 Solution

matthew_tiffany
Explorer

The problem was that my ESX hosts were 4.0 and didn't have the Host.Config.Power permission, we fixed this by upgrading them.

View solution in original post

0 Karma

matthew_tiffany
Explorer

The problem was that my ESX hosts were 4.0 and didn't have the Host.Config.Power permission, we fixed this by upgrading them.

0 Karma

tfletcher_splun
Splunk Employee
Splunk Employee

Couple of things.

First the

'stats' command: limit for values of field 'name' reached. Some values may have been truncated or ignored.

That is in reference to the stats list commands used in some of the tables towards the bottom of the page. It is expected, means you have lots of unique entities (vm's most likely) in your env.

The next thing to check is where you made the service account. From the command you posted you were making a single user. You need to create a user on each host. The common way to do this is to target the vcenter and pass it the arg for allhosts. The command against vc should look like:

./logincreator.pl --target vcenter33.splunk.com --allhosts --ad vcenteradmin --adpwd  vcenteradminpwd123 --alt esxhostadmin --altpwd esxhostadminpwd123 --newuser splunkuseresxhost --newpwd splunkuseresxhostpwd123

Where:

  • target is the vcenter's address,
  • allhosts is just a flag,
  • ad is the vc admin username,
  • adpwd is the vc admin user's password,
  • alt is the administrative (typically root) username to the hosts which is common to all hosts,
  • altpwd is that common host administrative user's password
  • newuser is your service user to create
  • newpwd is the desired password for that service user

This is most likely the reason your perf lookups are not populated because by default performance collection for hosts and virtual machines goes against the hosts and without a valid login you'll get nothing and thus nothing to put in the lookups.

0 Karma

matthew_tiffany
Explorer

I'm not sure it's fixed or not(whether it will be able to collect data or not) but i was able to make it add the privIds and tell me some roles had rights by removing Host.Config.Power from the list of privileges in logincreator.pl ,(after some checking the host didn't have that permission) it may be that I should have added it to the host instead?

posting as a comment sense I'm not sure it's a complete answer.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...