Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1879959

Summary: Missing VMWare datastore permissions prevent automatic PV creation.
Product: OpenShift Container Platform Reporter: Dustin Trapani <dtrapani>
Component: DocumentationAssignee: Kathryn Alexander <kalexand>
Status: CLOSED CURRENTRELEASE QA Contact: jima
Severity: low Docs Contact: Vikram Goyal <vigoyal>
Priority: low    
Version: 4.5CC: aos-bugs, jokerman
Target Milestone: ---   
Target Release: 4.5.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-10-14 15:45:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Screenshot from vCenter showing correct permissions. none

Description Dustin Trapani 2020-09-17 12:47:07 UTC 
Created attachment 1715217 [details]
Screenshot from vCenter showing correct permissions.

Document URL: 

https://docs.openshift.com/container-platform/4.5/installing/installing_vsphere/installing-vsphere-installer-provisioned.html#installation-vsphere-installer-infra-requirements_installing-vsphere-installer-provisioned

Section Number and Name: 

"Required vCenter account privileges"

Describe the issue: 

Required vCenter account privileges is incomplete based on customer testing with a non-administrator account. Specific failures were encountered when attempting to automatically provision a PV to satisfy a PVC. See attached imaged for the corrected permissions that do allow for automatic provisioning of the PVs as a VMWare vmdk file in the preselected datastore.

Suggestions for improvement: 

See attached image for tested permissions that worked for a customer POC.

Additional information: 

If testing is done with a vCenter admin account this issue will not be present. But, for deployments with more granular role based access control the below permissions must be allowed.
Comment 1 Dustin Trapani 2020-09-17 12:48:58 UTC 
Also tracking here. https://github.com/openshift/openshift-docs/issues/25540
Comment 2 Kathryn Alexander 2020-09-24 15:49:40 UTC 
PR's here: https://github.com/openshift/openshift-docs/pull/25782

Jianlin, will you PTAL or suggest a different reviewer?
Comment 4 jima 2020-10-13 09:07:55 UTC 
account with permissions described in doc is created on vsphere7.0, and verified on nightly build 4.5.0-0.nightly-2020-10-10-030038, pv can be provisioned correctly.
so the doc is LGTM
Comment 5 Kathryn Alexander 2020-10-13 14:32:54 UTC 
Thank you! I've merged this change and am waiting for it to go live.
Comment 6 Kathryn Alexander 2020-10-14 15:45:11 UTC 
This change is live: https://docs.openshift.com/container-platform/4.5/installing/installing_vsphere/installing-vsphere-installer-provisioned.html#installation-vsphere-installer-infra-requirements_installing-vsphere-installer-provisioned