Hello, if you don't want Foreman to delete the host, simply make it unmanaged before the deletion. Go to host edit form and click "Unmanage" button in top right corner. You can also disassociate the VM from Foreman host in compute resource detail page. If Foreman does not try to write to VMware, you don't have to grant writing permission I think.
If you don't use Foreman to provision hosts and you are only interested in puppet ENC and dashboard functionality, you can turn off unattended configuration, Foreman will hide a unneeded options. At the same time I highly recommend the first approach since "unattended false" mode is not that well tested and therefore can be less stable. Hope this helps -- Marek On Tuesday 27 of September 2016 08:06:25 Yevgeny Trachtinov wrote: > Hello, > Currently, I used a *root* user to connect to vSphere/vCenter with versions > 5.0/5.5/6.0. > I use Foreman VMware plugin for more to query this mixed infrastructure > when observing the Puppet status of the machine (understanding where the > machine runs, for example). > This fact was the reason for a big problem when removing a host object from > Foreman also erased the VM from vCenter. > I was sure that the host delete action will only delete the object from > Foreman DB... > > Following the mentioned problem above I decided to limit Foreman for only > "query" permissions, yet I cannot find the right way to do it. > > According to the doc: > > Required Permissions > > > > The minimum permissions to properly provision new virtual machines are: > > - All Privileges -> Datastore -> Allocate Space > > - All Privileges -> Network -> Assign Network > > - All Privileges -> Resource -> Assign virtual machine to resource pool > > - All Privileges -> Virtual Machine -> Configuration (All) > > - All Privileges -> Virtual Machine -> Interaction > > - All Privileges -> Virtual Machine -> Inventory > > - All Privileges -> Virtual Machine -> Provisioning > > > > This is a "write" permission I don't want to implement now. How can I (and > > if even possible) use Foreman for "read only" mode? > > Thanks, > Yevgeny -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
