Can remotely create a VM using govc, but not with Terraform

0
votes

Trying to create a VM in vSphere, preferably using Terraform to do it, but keep getting Error: error creating virtual machine: ServerFaultCode: Permission to perform this operation was denied.

  • error mentioned in the SOAP response, as captured in Terraform debug logs:
<soapenv:Envelope xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Body>
<soapenv:Fault>
<faultcode>ServerFaultCode</faultcode>
<faultstring>Permission to perform this operation was denied.</faultstring>
<detail>
<NoPermissionFault xmlns="urn:vim25" xsi:type="NoPermission">
<object type="Folder">group-v3</object>
<privilegeId>VirtualMachine.Config.SwapPlacement</privilegeId>
</NoPermissionFault>
</detail>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>

Using govc to remotely create a VM works, which suggests that my user permissions to vSphere are good; so I am thinking it is not due to a user privilege issue. Concerned that I might have a Terraform syntax issue.

Have confirmed that using Govmomi govc command successfully creates a VM when run from a remote machine pointing at the vSphere server:

govc vm.create -disk=20GB -ds=ESX_Engineering_Datastore_01 -g=ubuntu64guest -iso=iso_images/ubuntu-20.04.1-live-server-amd64.iso -on=true -link=false -net="VM Network" -host="vmware14.mycompany.com" devops-example-govc

Trying to do the equivalent action using Terraform vSphere Provider fails.

providers.tf

provider "vsphere" {
  version              = "1.24.0"
  user                 = var.vsphere_user
  password             = var.vsphere_password
  vsphere_server       = var.vsphere_server
  allow_unverified_ssl = true
}

main.tf

data "vsphere_datacenter" "dc" {
  name = var.datacenter_name
}

data "vsphere_host" "host" {
  name          = var.vsphere_host
  datacenter_id = data.vsphere_datacenter.dc.id
}

data "vsphere_datastore" "datastore" {
  name          = var.datastore_name
  datacenter_id = data.vsphere_datacenter.dc.id
}

data "vsphere_resource_pool" "pool" {
  name          = var.pool_name
  datacenter_id = data.vsphere_datacenter.dc.id
}

data "vsphere_network" "network" {
  name          = var.network_name
  datacenter_id = data.vsphere_datacenter.dc.id
}

resource "vsphere_virtual_machine" "vm" {
  name             = var.vm_name
  resource_pool_id = data.vsphere_resource_pool.pool.id
  datastore_id     = data.vsphere_datastore.datastore.id
  host_system_id   = data.vsphere_host.host.id

  num_cpus = var.vm_cpu_number
  memory   = var.vm_memory
  guest_id = var.vm_guest_id

  network_interface {
    network_id = data.vsphere_network.network.id
  }

  disk {
    label        = var.vm_disk_label
    size         = var.vm_disk_size
    datastore_id = data.vsphere_datastore.datastore.id
  }

  cdrom {
    datastore_id = data.vsphere_datastore.datastore.id
    path         = var.vm_cd
  }

  network_interface {
    network_id = data.vsphere_network.network.id
  }

}

Plan

  # vsphere_virtual_machine.vm will be created
  + resource "vsphere_virtual_machine" "vm" {
      + boot_retry_delay                        = 10000
      + change_version                          = (known after apply)
      + cpu_limit                               = -1
      + cpu_share_count                         = (known after apply)
      + cpu_share_level                         = "normal"
      + datastore_id                            = "datastore-35377"
      + default_ip_address                      = (known after apply)
      + ept_rvi_mode                            = "automatic"
      + firmware                                = "bios"
      + force_power_off                         = true
      + guest_id                                = "ubuntu64guest"
      + guest_ip_addresses                      = (known after apply)
      + hardware_version                        = (known after apply)
      + host_system_id                          = "host-9365"
      + hv_mode                                 = "hvAuto"
      + id                                      = (known after apply)
      + ide_controller_count                    = 2
      + imported                                = (known after apply)
      + latency_sensitivity                     = "normal"
      + memory                                  = 1024
      + memory_limit                            = -1
      + memory_share_count                      = (known after apply)
      + memory_share_level                      = "normal"
      + migrate_wait_timeout                    = 30
      + moid                                    = (known after apply)
      + name                                    = "devops-example-tf"
      + num_cores_per_socket                    = 1
      + num_cpus                                = 1
      + poweron_timeout                         = 300
      + reboot_required                         = (known after apply)
      + resource_pool_id                        = "resgroup-8807"
      + run_tools_scripts_after_power_on        = true
      + run_tools_scripts_after_resume          = true
      + run_tools_scripts_before_guest_shutdown = true
      + run_tools_scripts_before_guest_standby  = true
      + sata_controller_count                   = 0
      + scsi_bus_sharing                        = "noSharing"
      + scsi_controller_count                   = 1
      + scsi_type                               = "pvscsi"
      + shutdown_wait_timeout                   = 3
      + storage_policy_id                       = (known after apply)
      + swap_placement_policy                   = "inherit"
      + uuid                                    = (known after apply)
      + vapp_transport                          = (known after apply)
      + vmware_tools_status                     = (known after apply)
      + vmx_path                                = (known after apply)
      + wait_for_guest_ip_timeout               = 0
      + wait_for_guest_net_routable             = true
      + wait_for_guest_net_timeout              = 5

      + cdrom {
          + datastore_id   = "datastore-35377"
          + device_address = (known after apply)
          + key            = (known after apply)
          + path           = "iso_images/ubuntu-20.04.1-live-server-amd64.iso"
        }

      + disk {
          + attach            = false
          + controller_type   = "scsi"
          + datastore_id      = "datastore-35377"
          + device_address    = (known after apply)
          + disk_mode         = "persistent"
          + disk_sharing      = "sharingNone"
          + eagerly_scrub     = false
          + io_limit          = -1
          + io_reservation    = 0
          + io_share_count    = 0
          + io_share_level    = "normal"
          + keep_on_remove    = false
          + key               = 0
          + label             = "disk0"
          + path              = (known after apply)
          + size              = 20
          + storage_policy_id = (known after apply)
          + thin_provisioned  = true
          + unit_number       = 0
          + uuid              = (known after apply)
          + write_through     = false
        }

      + network_interface {
          + adapter_type          = "vmxnet3"
          + bandwidth_limit       = -1
          + bandwidth_reservation = 0
          + bandwidth_share_count = (known after apply)
          + bandwidth_share_level = "normal"
          + device_address        = (known after apply)
          + key                   = (known after apply)
          + mac_address           = (known after apply)
          + network_id            = "network-19"
        }
      + network_interface {
          + adapter_type          = "vmxnet3"
          + bandwidth_limit       = -1
          + bandwidth_reservation = 0
          + bandwidth_share_count = (known after apply)
          + bandwidth_share_level = "normal"
          + device_address        = (known after apply)
          + key                   = (known after apply)
          + mac_address           = (known after apply)
          + network_id            = "network-19"
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Terraform information

$ terraform version
Terraform v0.13.1
+ provider registry.terraform.io/hashicorp/vsphere v1.24.0

Note: I originally posted this question at DevOps, but since there were no responses, I deleted it there and have re-posted it here.

1
terraformvmwarevsphereinfrastructure-as-codegovmomi
The only thing I see different between the two is that you're indicating a resource pool in the terraform config but not in the govmomi command. I assume govmomi is placing the VM in the default "Resources" pool, so you may want to try that in your terraform config variable for pool_name (if you aren't already)Kyle Ruddy
thanks for the suggestion @KyleRuddy I have confirmed that the resource pool in the plan matches the one of the govc-generated vm: $ govc object.collect -json /MYCOMPANY/vm/devops-example-govc | jq '.[]|select(.Name=="resourcePool")' { "Name": "resourcePool", "Op": "assign", "Val": { "Type": "ResourcePool", "Value": "resgroup-8807" } mikequentel
Submitted this as a bug for the vSphere Provider: github.com/hashicorp/terraform-provider-vsphere/issues/1212mikequentel
Do you see any errors, warnings, or failed tasks in the vSphere UI?Kyle Ruddy
@KyleRuddy no errors or warnings appear in the host Recent Tasks, nor in Tasks and Events in vSphere Client web interface. However, running govc, again, to create a VM, does show in the Recent Tasks, and I am specifying the same host for both the Terraform as well as govc. Normally, would a failed terraform apply be likely to show an event in vSphere Client? many thanks.mikequentel

1 Answers

0
votes

Try :

  govc logs -f

while running terraform to help find the issue.