Create service accounts on ESX(i) hosts
You must create service accounts on all ESX/i hosts for the Splunk for VMware solution to work correctly. In this topic we automatically create local users on ESX/i hosts using logincreator.pl. To get help on this tool, use the following command:
./logincreator.pl --help
. logincreator.pl is located on the FA VM in $SPLUNK_HOME/etc/apps/Splunk_TA_vmware/bin
.
To learn about ESX/i host password requirements, see the VMware Knowledge base and the specification listed below:
Password requirements for creating new users on ESX/i host
When you run logincreator.pl
to automatically create service accounts on the ESX/i hosts, note that VMware imposes restrictions on username and password formats. If the password you enter is not accepted, then you must run logincreator.pl again with a valid password.
- A password string must contain alphabetical characters (lower case), alphabetical characters (upper case), alphanumeric characters, and symbols to be accepted as a valid password.
- The password can only contain a combination of these four character types. The shorter the length of the password, the more character types needed.
- If you use a single character type, or a combination of two character types, then a valid password must be 8 characters in length.
- If you use three character types, then a valid password must be 7 characters in length.
- If you use four character types, then a valid password must be 6 characters in length.
The following restrictions also apply:
- An uppercase character can not be a leading character.
- A numeric value can not be a trailing character.
- Four or more identical characters (whether upper case or lower case) cannot exist in the same sequence or in reverse order in the password string.
Service account permissions
The following table lists the permissions for the role defined in vSphere. These are the permissions that will be applied to the service accounts on the ESX/i host by logincreator.pl for VMware 4.1, 5.0, 5.0 Update 1.
Permission |
---|
Global.Diagnostics |
Global.Licenses |
Global.Settings |
Host.Configuration.Change SNMP settings |
Host.Configuration.Hyperthreading |
Host.Configuration.Memory configuration |
Host.Configuration.Network configuration |
Host.Configuration.Power |
Host.Configuration.Security profile and firewall |
Host.Configuration.Storage partition configuration |
Sessions.View and stop sessions |
Virtual machine.Provisioning.Read customization specifications |
To create accounts on all ESX/i hosts managed by a target vCenter server:
- SSH to your FA VM and log in as splunkadmin.
- Go to
$SPLUNK_HOME/etc/apps/Splunk_TA_vmware/bin
. - Run logincreator.pl to create service accounts on all ESX/i hosts. If you do not specify passwords in your command, Splunk will prompt you to enter them when the command runs. Enter the following:
./logincreator.pl --target vcenter01.yourcompany.com --allhosts --ad vcenteradmin --adpwd vCenterAdminPwd123 --alt esxhostadmin --altpwd EsxhostAdminPwd123 --newuser splunkuser --newpwd SplunkUserEsxhostPwd123
Note: logincreator.pl assumes that the esxhostadmin
credentials (user name/password) are the same for all hosts. For each host, it creates a service account with the same user name and password.
Where:
- target is the vCenter server host domain name or IP address.
- ad is an admin user ID on the target.
- adpwd is the corresponding admin password on the target.
- alt is the ESX/i host admin user ID if the target is the vCenter server.
- altpwd is the ESX/i host admin user's corresponding password.
- newuser is the new user account you want to create on your ESX/i host(s). This username must be 16 characters or less.
- newpwd is the corresponding user password for the ESX/i host(s).
To create an account on a single target ESX/i host:
- SSH to your FA VM and log in as splunkadmin.
- Go to
$SPLUNK_HOME/etc/apps/Splunk_TA_vmware/bin
. - Run logincreator.pl to create an account on a target host:
./logincreator.pl --target esxhost1.splunk.com --ad esxhostadmin --adpwd esxhostadminpwd123 --newuser splunkuseresxhost --newpwd splunkuseresxhostpwd123
Where:
- target is the ESX/i host domain name or IP address.
- ad is an admin user ID on the target.
- adpwd is the corresponding admin password on the target.
- newuser is the new user account you want to create on your ESX/i host(s). This username must be 16 characters or less.
- newpwd is the corresponding user password for the ESX/i host(s).
To repermission an Active Directory user:
- SSH to your FA VM and log in as splunkadmin.
- Go to
$SPLUNK_HOME/etc/apps/Splunk_TA_vmware/bin
. - Run logincreator.pl to create service accounts on all ESX/i hosts:
./logincreator.pl --target vcenter01.yourcompany.com --allhosts --ad vcenteradmin@yourcompany.local --adpwd vCenter@dminPwd123 --alt esxhostadminyourcompany.local --altpwd Esxhost@dminPwd123 --newuser splunkuseryourcompany.local --newpwd SplunkUserEsxhostPwd123
Where yourcompany.local
is your AD domain.
logincreator.pl
re-permissions existing users on ESx/i hosts that are part of the same AD domain.
Configure forwarding | Configure data collection |
This documentation applies to the following versions of Splunk® App for VMware (Legacy): 1.0.2, 1.0.3
Feedback submitted, thanks!