vSphere VM from Template
530 views
Skip to first unread message
James Osbourn
Sep 16, 2020, 5:24:02 AM9/16/20
to terrafo...@googlegroups.com
I am working to see if I can deploy an ESXi VM from a template that I have generated using Packer.
The template exist and I can manually deploy a VM successfully. However, when I try and deploy using Terraform I am getting the following error
Error: error reconfiguring virtual machine: error processing disk changes post-clone: disk.0: ServerFaultCode: NoPermission: RESOURCE (vm-19428:2000), ACTION (queryAssociatedProfile): RESOURCE (vm-19428), ACTION (PolicyIDByVirtualDisk)
on vsphere.tf line 34, in resource "vsphere_virtual_machine" "vm":
34: resource "vsphere_virtual_machine" "vm" {
on vsphere.tf line 34, in resource "vsphere_virtual_machine" "vm":
34: resource "vsphere_virtual_machine" "vm" {
I am pulling in the values from the template for the VMs disk, although it is not clear what disk value it is trying to change. I am a user of the cluster and do not have full access as appears to be the case.
The template is being picked up as follows
data "vsphere_virtual_machine" "template" {
name = "devops_ubuntu1804_packer_1"
datacenter_id = data.vsphere_datacenter.dc.id
}
name = "devops_ubuntu1804_packer_1"
datacenter_id = data.vsphere_datacenter.dc.id
}
and the disk definition for the VM is set as follows
disk {
label = data.vsphere_virtual_machine.template.disks.0.label
size = data.vsphere_virtual_machine.template.disks.0.size
eagerly_scrub = data.vsphere_virtual_machine.template.disks.0.eagerly_scrub
thin_provisioned = data.vsphere_virtual_machine.template.disks.0.thin_provisioned
disk_mode = data.vsphere_virtual_machine.template.disks.0.disk_mode
write_through = data.vsphere_virtual_machine.template.disks.0.write_through
}
label = data.vsphere_virtual_machine.template.disks.0.label
size = data.vsphere_virtual_machine.template.disks.0.size
eagerly_scrub = data.vsphere_virtual_machine.template.disks.0.eagerly_scrub
thin_provisioned = data.vsphere_virtual_machine.template.disks.0.thin_provisioned
disk_mode = data.vsphere_virtual_machine.template.disks.0.disk_mode
write_through = data.vsphere_virtual_machine.template.disks.0.write_through
}
Any thoughts or suggestion welcome if anyone has seen anything like this before.
Thanks
James
Steve Gold
Sep 16, 2020, 11:04:09 AM9/16/20
to terrafo...@googlegroups.com
Have you tried to deploy the template manually?
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/CAH5CuEamo1R-rKiJatk8%3DbcciSGC4ExWCEEDsOHKqWEQLGCx-A%40mail.gmail.com.
James Osbourn
Sep 16, 2020, 11:10:26 AM9/16/20
to terrafo...@googlegroups.com
Hi Steve,
Thanks for the suggestion. I had done this and all worked as expected. On further investigation I found a support reference to issues with the vSphere provider. I have tried dropped down to <1.16.0 and the apply has now worked. Given that the latest version is 1.24.0 I need to incrementally update the version to see where things break and update/report a new bug.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/CAEOVwiP_Fwe3uKkK3kfonnAaKAhj2JM7MhQf9hOiNKr7Fv1iTw%40mail.gmail.com.
Dominic James
Sep 16, 2020, 12:36:24 PM9/16/20
to terrafo...@googlegroups.com
Steve,
Another way is to Try setting a debug in your providers.tf and you will get the exact api calls terraform is trying to make to vmware/vsphere.
The debug will produce a .govmomi in your home dir, and underneath there - you will see the logs of the SOAP/API calls terraform is making.
you will see where the permissions are as well.
Side Note in Vsphere - get with your IT team who ever manages the access to your Vmware environment to create a service user account with no membership in any group. Then assign that user "Administrator" role on the Resource pool ONLY you are working on.
for example.
provider "vsphere" {
version = "~> 1.16"
vsphere_server = var.vsphere_vcenter
user = var.vsphere_user
password = var.vsphere_password
allow_unverified_ssl = var.vsphere_unverified_ssl
client_debug = true
}To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/CAH5CuEYN-U-3E_EQznxFDrxnuQxKqrG7jv5uTDKdvAGB2CexTA%40mail.gmail.com.
Dominic James
Sep 16, 2020, 12:38:05 PM9/16/20
to terrafo...@googlegroups.com
Sorry this is for James not Steve :-)
Steve Gold
Sep 16, 2020, 12:59:28 PM9/16/20
to terrafo...@googlegroups.com
No problem. My suggestion was more to see if the template itself was bad.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/CAEnfFWJ_Z3CPVw4VCiGdkAq9zx2ctn9rNepuU2V5WKBdum1Q4A%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages