Droits vCenter pour XenDesktop

On a été confronté à un problème de droits sur vCenter avec XenDesktop. En suivant pourtant les précos Citrix sur la création de l’utilisateur de service pour XenDesktop (disponible ici : http://support.citrix.com/proddocs/topic/xendesktop-rho/cds-vmware-rho.html), on a eu certaines erreurs lors de certaines opérations XenDesktop.

Pour rappel, voici la liste des droits vCenter que l’utilisateur de service XenDesktop devraient avoir :

• Datastore > Allocate space
• Datastore > Browse datastore
• Datastore > Low level file operations
• Network > Assign network
• Resource > Assign virtual machine to resource pool
• Tasks > Create task
• Virtual machine > Configuration > Add existing disk
• Virtual machine > Configuration > Add new disk
• Virtual machine > Configuration > Remove disk
• Virtual machine > Configuration > Change resource
• Virtual machine > Interaction > Power Off
• Virtual machine > Interaction > Power On
• Virtual machine > Interaction > Reset
• Virtual machine > Interaction > Suspend
• Virtual machine > Inventory > Create new
• Virtual machine > Inventory > Create from existing
• Virtual machine > Inventory > Remove
• Virtual machine > Inventory > Register
• Virtual machine > Provisioning > Clone virtual machine
• Virtual machine > Provisioning > Allow disk access
• Virtual machine > Provisioning > Allow virtual machine download
• Virtual machine > Provisioning > Allow virtual machine files upload
• Virtual machine > State > Create snapshot
• Virtual machine > State > Remove snapshot
• Virtual machine > State > Revert to snapshot
• Global > Manage custom attributes
• Global > Set custom attribute

L’erreur que nous avions rendait impossible tout déploiement de VM :

2012-01-02 15:15:25,808 [14] DEBUG EnterpriseManager.EMLogging - XdSetupFinish: ProcessAllVms
2012-01-02 15:15:25,808 [14] DEBUG EnterpriseManager.EMLogging - XdSetupFinish: createCatalog
2012-01-02 15:15:25,808 [14] DEBUG EnterpriseManager.EMLogging - XdSetupWizard: Importing existing device bbs-iptxdk-p002
2012-01-02 15:15:25,824 [14] DEBUG ADSupport.PublicFunctions - GetDirectoryEntryForMachine-enter
2012-01-02 15:15:25,839 [14] INFO  ADSupport.PublicFunctions - Found distinguished name CN=srvxd,OU=XenDektop,DC=vmdude,DC=fr
2012-01-02 15:15:25,839 [14] DEBUG ADSupport.PublicFunctions - GetDirectoryEntryForMachine-leave
2012-01-02 15:15:25,839 [14] DEBUG ADSupport.PublicFunctions - GetDirectoryEntryForMachine-enter
2012-01-02 15:15:25,855 [14] INFO  ADSupport.PublicFunctions - Found distinguished name CN=srvxd,OU=XenDektop,DC=vmdude,DC=fr
2012-01-02 15:15:25,855 [14] DEBUG ADSupport.PublicFunctions - GetDirectoryEntryForMachine-leave
2012-01-02 15:15:25,855 [14] DEBUG EnterpriseManager.EMLogging - XdSetupFinish: reset the host connection.
2012-01-02 15:15:27,056 [14] DEBUG EnterpriseManager.EMLogging - XdSetupFinish: host connection reset.
2012-01-02 15:15:31,081 [14] DEBUG EnterpriseManager.EMLogging - XdSetupFinish: host.connection.DoesDeviceExist did not find existing device
2012-01-02 15:15:31,299 [14] DEBUG XenDesktopAccess.XenDesktopAccess - Get-BrokerMachine -MachineName vmdude\srvxd -AdminAddress srvddc
2012-01-02 15:15:31,315 [14] DEBUG EnterpriseManager.EMLogging - XdSetupFinish: ddcDeviceExist did not find existing device srvxd
2012-01-02 15:15:31,315 [14] DEBUG EnterpriseManager.EMLogging - XdSetupFinish: UpdateCreateLabel
2012-01-02 15:15:31,315 [14] DEBUG EnterpriseManager.EMLogging - XdSetupFinish: Start BeginCloneVM for device srvxd
2012-01-02 15:15:42,048 [14] DEBUG EnterpriseManager.EMLogging - XdSetupWizard: <strong>Cannot clone device srvxd on the Hypervisor</strong>
2012-01-02 15:15:43,390 [3] ERROR EMCObjects.EAExceptionHelper - about to process exception
2012-01-02 15:15:43,390 [3] ERROR EMCObjects.EAExceptionHelper - exception name:  EAException
2012-01-02 15:15:43,873 [3] WARN  EnterpriseAccess.helpers.GetHelper`1 - MAPI returned no data for SiteView command
2012-01-02 15:15:43,873 [3] WARN  EnterpriseAccess.helpers.GetHelper`1 - MAPI returned no data for VirtualHostingPool command
2012-01-02 15:15:43,889 [3] WARN  EnterpriseAccess.helpers.GetHelper`1 - MAPI returned no data for DiskUpdateDevice command
2012-01-02 15:15:43,889 [3] WARN  EnterpriseAccess.helpers.GetHelper`1 - MAPI returned no data for UpdateTask command
2012-01-02 15:15:43,920 [3] WARN  EnterpriseAccess.helpers.GetHelper`1 - MAPI returned no data for SiteView command
2012-01-02 15:15:43,920 [3] WARN  EnterpriseAccess.helpers.GetHelper`1 - MAPI returned no data for FarmView command
2012-01-02 15:15:43,967 [3] WARN  EnterpriseAccess.helpers.GetHelper`1 - MAPI returned no data for DiskInfo command
2012-01-02 15:15:43,967 [3] WARN  EnterpriseAccess.helpers.GetHelper`1 - MAPI returned no data for DiskInfo command

Après quelque vérification, on a du rajouter les droits suivants :

• Virtual machine > Configuration > Change CPU count
• Virtual machine > Configuration > Memory

New-VIRole -Name XenDesktopDeploy -Server VCENTER.VMDUDE.FR -Privilege (Get-VIPrivilege -Id @("System.Anonymous", "System.View", "System.Read", "Global.ManageCustomFields", "Global.SetCustomField", "Datastore.Browse", "Datastore.FileManagement", "Datastore.AllocateSpace", "Network.Assign", "VirtualMachine.Inventory.Create", "VirtualMachine.Inventory.CreateFromExisting", "VirtualMachine.Inventory.Register", "VirtualMachine.Inventory.Delete", "VirtualMachine.Interact.PowerOn", "VirtualMachine.Interact.PowerOff", "VirtualMachine.Interact.Suspend", "VirtualMachine.Interact.Reset", "VirtualMachine.Config.AddExistingDisk", "VirtualMachine.Config.AddNewDisk", "VirtualMachine.Config.RemoveDisk", "VirtualMachine.Config.CPUCount", "VirtualMachine.Config.Memory", "VirtualMachine.Config.Resource", "VirtualMachine.State.CreateSnapshot", "VirtualMachine.State.RevertToSnapshot", "VirtualMachine.State.RemoveSnapshot", "VirtualMachine.Provisioning.Clone", "VirtualMachine.Provisioning.DeployTemplate", "VirtualMachine.Provisioning.CloneTemplate", "VirtualMachine.Provisioning.DiskRandomAccess", "VirtualMachine.Provisioning.GetVmFiles", "VirtualMachine.Provisioning.PutVmFiles", "Resource.AssignVMToPool", "Task.Create"))