Before you can browse and extend networks with vCloud Director Extender, you must assign advanced networking permissions to the Organization Administrator user role.
Prerequisites
Make sure to run the cURL commands from a cURL-enabled machine that can connect to vCloud Director.
The API version used in the Accept header depends on the vCloud Director version. For example:
for vCloud Director 8, use version=1.5
for vCloud Director 9, use version=27.0
Procedure
- Create a valid vCloud Director API session.
curl -i -k -H "Accept:application/*+xml;version=api-version" -u 'user-name@System:password' -X POST https://vcd-ip/api/sessions
- Copy the value of the x-vcloud-authorization header.
- Retrieve the ID of the Organization.
curl -i -k -H "Accept:application/*+xml;version=api-version" -H 'x-vcloud-authorization: authorization-id' -X GET https://vcd-ip/api/admin/orgs/query
- Copy the organization ID from the following URL:
href=https://vcd-ip/api/org/org-id
- Copy the organization ID from the following URL:
- Retrieve the list with currently assigned rights and output the result to an xml file.
curl -i -k -H "Accept:application/*+xml;version=api-version" -H 'x-vcloud-authorization: authorization-id' -X GET https://vcd-ip/api/admin/org/org-id/rights > path-to-xml
- Use a text editor to open the xml file.
- Modify the xml file to use it as a payload for a POST request:
<?xml version="1.0" encoding="UTF-8"?> <OrgRights xmlns="http://www.vmware.com/vcloud/api-version"> ... <RightReference href="http://vcd-ip/api/admin/right/105191de-9e29-3495-a917-05fcb5ec1ad0" name="Organization vDC Gateway: View L2 VPN" type="application/vnd.vmware.admin.right+xml"/> <RightReference href="http://vcd-ip/api/admin/right/eeb2b2a0-33a1-36d4-a121-6547ad992d59" name="Organization vDC Gateway: Configure L2 VPN" type="application/vnd.vmware.admin.right+xml"/> <RightReference href="http://vcd-ip/api/admin/right/66b32e08-1eeb-37ac-9266-ffbd19b39dd8" name="Right: View" type="application/vnd.vmware.admin.right+xml"/> <RightReference href="http://vcd-ip/api/admin/right/4886663f-ae31-37fc-9a70-3dbe2f24a8c5" name="Catalog: Add vApp from My Cloud" type="application/vnd.vmware.admin.right+xml"/> <RightReference href="http://vcd-ip/api/admin/right/438e45e9-9389-3e29-9073-638b36921a2a" name="Disk: Create" type="application/vnd.vmware.admin.right+xml"/> <RightReference href="http://vcd-ip/api/admin/right/1e5ad20d-1023-34d1-b073-1ea30bce3854" name="Disk: Delete" type="application/vnd.vmware.admin.right+xml"/> <RightReference href="http://vcd-ip/api/admin/right/7bbee458-b3c5-3252-ba5a-b1781b1c7b92" name="Disk: Edit Properties" type="application/vnd.vmware.admin.right+xml"/> <RightReference href="http://vcd-ip/api/admin/right/fd036ae5-b78b-3c9f-8f28-a7f6b33d0d92" name="Disk: View Properties" type="application/vnd.vmware.admin.right+xml"/> <RightReference href="http://vcd-ip/api/admin/right/2cd03d47-38e1-337a-907c-8d5b6a5258f2" name="Organization vDC Distributed Firewall: Configure Rules" type="application/vnd.vmware.admin.right+xml"/> <RightReference href="http://vcd-ip/api/admin/right/4e61b5b8-0964-36b6-b021-da39aea724fc" name="Organization vDC Distributed Firewall: View Rules" type="application/vnd.vmware.admin.right+xml"/> <RightReference href="http://vcd-ip/api/admin/right/9dc33fcb-346d-30e1-8ffa-cf25e05ba801" name="Organization vDC Gateway: Convert to Advanced Networking" type="application/vnd.vmware.admin.right+xml"/> <RightReference href="http://vcd-ip/api/admin/right/2cd2d9d7-262c-34f8-8bee-fd92f422cc2c" name="General: Administrator Control" type="application/vnd.vmware.admin.right+xml"/> <RightReference href="http://vcd-ip/api/admin/right/0b8c8cd2-5af9-32ad-a0bd-dc356503a552" name="General: Administrator View" type="application/vnd.vmware.admin.right+xml"/> <RightReference href="http://vcd-ip/api/admin/right/b0cfe989-521b-3d7f-9bc2-f23c74a99633" name="Organization vDC Network: Edit Properties" type="application/vnd.vmware.admin.right+xml"/> <RightReference href="http://vcd-ip/api/admin/right/2c8d98ef-4acc-3be4-9214-fcb9682b7a19" name="Organization vDC Network: View Properties" type="application/vnd.vmware.admin.right+xml"/> <RightReference href="http://vcd-ip/api/admin/right/6cb3596a-15eb-3c2f-a657-5f14f2039719" name="Organization Network: Edit Properties" type="application/vnd.vmware.admin.right+xml"/> <RightReference href="http://vcd-ip/api/admin/right/194c71a1-3d68-3156-b789-6a6384028b78" name="Organization Network: View" type="application/vnd.vmware.admin.right+xml"/> <RightReference href="http://vcd-ip/api/admin/right/60be4106-1f9f-325c-8ff4-8bf2c6d9bc0a" name="Organization Network: Create or Delete" type="application/vnd.vmware.admin.right+xml"/> <RightReference href="http://vcd-ip/api/admin/right/2dc8abec-2e0d-3789-a5f9-ce0453160b53" name="vApp: Create / Reconfigure" type="application/vnd.vmware.admin.right+xml"/> <RightReference href="http://vcd-ip/api/admin/right/df05c07f-c537-3777-8d9b-a9cfe8d49014" name="vApp: Delete" type="application/vnd.vmware.admin.right+xml"/> <RightReference href="http://vcd-ip/api/admin/right/c2a29357-1b2a-3f9d-9cd6-de3d525d49f3" name="vApp: Edit Properties" type="application/vnd.vmware.admin.right+xml"/> <RightReference href="http://vcd-ip/api/admin/right/580860cd-55bc-322d-ac39-4f9d8e3e1cd2" name="vApp: Power Operations" type="application/vnd.vmware.admin.right+xml"/> <RightReference href="http://vcd-ip/api/admin/right/4965b0e7-9ed8-371d-8b08-fc716d20bf4b" name="vApp: Copy" type="application/vnd.vmware.admin.right+xml"/> <RightReference href="http://vcd-ip/api/admin/right/8832800f-575f-3501-ad84-8e15f3898f11" name="vApp: Change Owner" type="application/vnd.vmware.admin.right+xml"/> <RightReference href="http://vcd-ip/api/admin/right/5250ab79-8f50-33f9-8af5-015cb39c380b" name="vApp: Edit VM Properties" type="application/vnd.vmware.admin.right+xml"/> </OrgRights>
- Update the vCloud Director rights by using the xml file.
curl -i -k -H "Accept: application/*;version=api-version" -H 'Content-type: application/vnd.vmware.admin.org.rights+xml' -H 'x-vcloud-authorization: authorization-id' -X POST -d @path-to-xml https://vcd-ip/api/admin/org/org-id/rights
- Enable the advanced networking rights for the Organization Administrator user role.
- In the vCloud Director Web Console, click Administration > Roles.
- Click the Organization Administrator role.
The Role Properties dialog opens.
- Verify that following rights are selected:
Category
Permission Name
Gateway (Advanced) Services
View L2 VPN
Gateway (Advanced) Services
Configure L2 VPN
Right
View Right
Catalog
Add a vApp from My Cloud
Disk
Create a Disk
Disk
Delete a Disk
Disk
Edit Disk Properties
Disk
View Disk Properties
Distributed Firewall
Configure Distributed Firewall Rules
Distributed Firewall
View Distributed Firewall Rules
Gateway
Convert to Advanced Gateway
Gateway
View Gateway
General
Administrator Control
General
Administrator View
Organization vDC Network
Edit Properties
Organization vDC Network
View Properties
Organization
Edit Organization Network Properties
Organization
View Organization Networks
Organization
Create / Delete Organization Network
vApp
Create / Reconfigure a vApp
vApp
Delete a vApp
vApp
Edit vApp Properties
vApp
Power Operations (Start/Stop/Suspend/Reset a vApp)
vApp
Copy a vApp
vApp
Change Owner
vApp
Edit VM Properties