Creating Credentials in the VMware vSphere Console

This section describes how to create a VMware vSphere username and password. You must provide these vSphere credentials to Rancher, which allows Rancher to provision resources in vSphere.

The following table lists the permissions required for the vSphere user account:

Privilege Group Operations

Cns Privileges

Searchable

Content library

Read Storage
(Required only if deploying Template from Content Library)

Cryptographic operations

Direct Access

Datastore

AllocateSpace
Browse
FileManagement (Low level file operations)
UpdateVirtualMachineFiles
UpdateVirtualMachineMetadata

Global

Set custom attribute

Network

Assign

Resource

AssignVMToPool

Virtual Machine

Config (All)
GuestOperations (All)
Interact (All)
Inventory (All)
Provisioning (All)

vSphere Tagging

Assign or Unassign vSphere Tag
Assign or Unassign vSphere Tag on Object

The following steps create a role with the required privileges and then assign it to a new user in the vSphere console:

  1. From the vSphere console, go to the Administration page.

  2. Go to the Roles tab.

  3. Create a new role. Give it a name and select the privileges listed in the permissions table above.

    rancherroles1

  4. Go to the Users and Groups tab.

  5. Create a new user. Fill out the form and then click OK. Make sure to note the username and password, because you will need it when configuring node templates in Rancher.

    rancheruser

  6. Go to the Global Permissions tab.

  7. Create a new Global Permission. Add the user you created earlier and assign it the role you created earlier. Click OK.

    globalpermissionuser

    globalpermissionrole

Result: You now have credentials that Rancher can use to manipulate vSphere resources.