I was playing in my lab today and ran across something I thought was strange. I exported the privileges from a test role in one lab, which happened to be vSphere 5.5, then tried to create a new role in vCenter 6.0 with the privileges I just pulled. It worked fine for almost everything, except these two:
Could not find Privilege with name 'Enable Fault Tolerance'.
Could not find Privilege with name 'Disable Fault Tolerance'.
I thought that was kind of strange, so I ran a quick
|
Get-VIPrivilege | ? {$_.name -like "*fault*"} | select Name,Id |
and looked for something similar. Below is the comparison of 5.5 & 6.0:
vSphere 5.5
Name - Id
------
Turn On Fault Tolerance - VirtualMachine.Interact.CreateSecondary
Turn Off Fault Tolerance - VirtualMachine.Interact.TurnOffFaultTolerance
Disable Fault Tolerance - VirtualMachine.Interact.DisableSecondary
Enable Fault Tolerance - VirtualMachine.Interact.EnableSecondary
Query Fault Tolerance compatibility - VirtualMachine.Config.QueryFTCompatibility
vSphere 6.0
Name - Id
------
Turn On Fault Tolerance - VirtualMachine.Interact.CreateSecondary
Turn Off Fault Tolerance - VirtualMachine.Interact.TurnOffFaultTolerance
Suspend Fault Tolerance - VirtualMachine.Interact.DisableSecondary
Resume Fault Tolerance - VirtualMachine.Interact.EnableSecondary
Query Fault Tolerance compatibility - VirtualMachine.Config.QueryFTCompatibility
The difference is not drastic, but one simply word, or even one character, out of place will cause your script to fail. It’s easy to see that “Turn On” and “Enable” sound the same, so the need to rename “Enable” to “Resume” makes sense to me. Same with Disable & Suspend. These are just the two I know about, I really should write another article listing which ones have changed, but that’s for another day :)
Just something to watch out for I wanted to share.
Happy scripting!