Terraform with VMWare Vcloud director - cannot create vapp

1,411 views
Skip to first unread message

rbo...@callibrity.com

unread,
Aug 26, 2016, 9:10:18 AM8/26/16
to Terraform
I am attempting to create a vapp from an existing template using Terraform with VMWare Vcloud director.  I am able to successfully log in to Vcloud using Terraform.  However, when I attempt to create the vapp, I get the following error message.

vcd_vapp.test12345: Error finding OrgVCD Network: &errors.errorString{s:"error retreiving orgvdcnetwork: API Error: 403: [ 8493aaba-af54-4054-9809-c121c143a448 ] DISALLOWED_OPERATIONS [ com.vmware.vcloud.entity.network:00e90a0e-a03d-47f1-98ff-d3366d9fff92 ]"}


The error message is a bit misleading because I know I'm using the correct value for vdc.  Whenever I change vdc to any other value, I get this error message.


"Something went wrong: error retrieving the organization VDC"


The "DISALLOWED_OPERATIONS" makes me think that this operation is not permitted, but when I use the UI in Vcloud, I am able to successfully create the vapp.


Here is the structure of the .tf file that I am using.  When I include only the first section, I get a successful login with no errors.  When I include the second section to create the vapp, I get the error message shown above.  I appreciate any help or ideas for work-arounds.


# Configure the VMware vCloud Director Provider

provider "vcd" {

    user                 = "user"

    password         = "password"

    org                  = "org"

    url                  = "https://example.com/api"

    vdc                  = "vdc"

}


resource "vcd_vapp" "test12345" {

    name          = "test12345"

    catalog_name  = "catalog"

    template_name = "template"

    network_name  = "network"

}

Poluvex Tripplex

unread,
Sep 5, 2016, 6:01:07 PM9/5/16
to Terraform, rbo...@callibrity.com
Right, I take you have obfuscated your org and vdc values, however make sure they being assigned correct values.

For vDC org, you need org's "name" which is also a UID (in a format 99-99-9-abc123) but it isn't the same as org's "full name" which is in human readable form.
To get this navigate in your vDC GUI to Administration -> Settings -> General, org's name should be at the top.

If this isn't it, than there is also an issue when NIC in your template has a network allocated to it and judguig by the error message this might be the right track here.

When you deploy such a template using terraform, vDC will expect that network already exists and fail if it doesn't.
Manual deployment via GUI gives you option to connect your VM to a network while you clicking it through the screens, however things work differently via API.

If you deploy both your VMs and your networks via terraform what you need to do is to to remove any network association on all NICs in your template. When you browse VM properties within your template - NIC settings should show network as "none" and Connected box should not be ticked. Terraform will associate your VMs to networks according to vdc_app properties.

If you only deploy VMs using terraform and do network manually and hence require network association to be hardcoded, make sure those networks exist in your VCD before executing terraform.

Hope this helps
poluvex
Reply all
Reply to author
Forward
0 new messages