vSphere: error cloning virtual machine

sakroyd · December 12, 2019, 4:27pm

I’m using terraform to clone a vsphere template in our VMWare Cloud on AWS environment, following a guide from vmware: https://cloud.vmware.com/community/2019/11/19/infrastructure-code-terraform-vmware-vmware-cloud-aws/

The files have passed the validate and plan without errors, however when running an apply I am getting the following error:

vsphere_virtual_machine.vm: Creating…

Error: error cloning virtual machine: ServerFaultCode: Permission to perform this operation was denied.

on main.tf line 24, in resource “vsphere_virtual_machine” “vm”:
24: resource “vsphere_virtual_machine” “vm” {

I’ve manually performed a clone within vsphere on the same template, and it works without issue, so its not a permission problem that I can see.

I put debugging on and had the following output

>     2019-12-12T16:17:53.127Z [DEBUG] plugin.terraform-provider-vsphere_v1.13.0_x4.exe: 2019/12/12 16:17:53 [DEBUG] Cloning virtual machine "/SDDC-Datacenter/vm/Workloads/terraform-test"
> 2019/12/12 16:17:53 [DEBUG] vsphere_virtual_machine.vm: apply errored, but we're indicating that via the Error pointer rather than returning it: error cloning virtual machine: ServerFaultCode: Permission to perform this operation was denied.
> 2019/12/12 16:17:53 [TRACE] <root>: eval: *terraform.EvalMaybeTainted
> 2019/12/12 16:17:53 [TRACE] EvalMaybeTainted: vsphere_virtual_machine.vm encountered an error during creation, so it is now marked as tainted
> 2019/12/12 16:17:53 [TRACE] <root>: eval: *terraform.EvalWriteState
> 2019/12/12 16:17:53 [TRACE] EvalWriteState: removing state object for vsphere_virtual_machine.vm
> 2019/12/12 16:17:53 [TRACE] <root>: eval: *terraform.EvalApplyProvisioners
> 2019/12/12 16:17:53 [TRACE] EvalApplyProvisioners: vsphere_virtual_machine.vm has no state, so skipping provisioners
> 2019/12/12 16:17:53 [TRACE] <root>: eval: *terraform.EvalMaybeTainted
> 2019/12/12 16:17:53 [TRACE] EvalMaybeTainted: vsphere_virtual_machine.vm encountered an error during creation, so it is now marked as tainted
> 2019/12/12 16:17:53 [TRACE] <root>: eval: *terraform.EvalWriteState
> 2019/12/12 16:17:53 [TRACE] EvalWriteState: removing state object for vsphere_virtual_machine.vm
> 2019/12/12 16:17:53 [TRACE] <root>: eval: *terraform.EvalIf
> 2019/12/12 16:17:53 [TRACE] <root>: eval: *terraform.EvalIf
> 2019/12/12 16:17:53 [TRACE] <root>: eval: *terraform.EvalWriteDiff
> 2019/12/12 16:17:53 [TRACE] <root>: eval: *terraform.EvalApplyPost
> 2019/12/12 16:17:53 [ERROR] <root>: eval: *terraform.EvalApplyPost, err: error cloning virtual machine: ServerFaultCode: Permission to perform this operation was denied.
> 2019/12/12 16:17:53 [ERROR] <root>: eval: *terraform.EvalSequence, err: error cloning virtual machine: ServerFaultCode: Permission to perform this operation was denied.
> 2019/12/12 16:17:53 [TRACE] [walkApply] Exiting eval tree: vsphere_virtual_machine.vm
> 2019/12/12 16:17:53 [TRACE] vertex "vsphere_virtual_machine.vm": visit complete
> 2019/12/12 16:17:53 [TRACE] dag/walk: upstream of "meta.count-boundary (EachMode fixup)" errored, so skipping
> 2019/12/12 16:17:53 [TRACE] dag/walk: upstream of "provider.vsphere (close)" errored, so skipping
> 2019/12/12 16:17:53 [TRACE] dag/walk: upstream of "root" errored, so skipping
> 2019/12/12 16:17:53 [TRACE] statemgr.Filesystem: not making a backup, because the new snapshot is identical to the old
> 2019/12/12 16:17:53 [TRACE] statemgr.Filesystem: no state changes since last snapshot
> 2019/12/12 16:17:53 [TRACE] statemgr.Filesystem: writing snapshot at terraform.tfstate
> 2019/12/12 16:17:53 [TRACE] statemgr.Filesystem: removing lock metadata file .terraform.tfstate.lock.info
> 2019/12/12 16:17:53 [TRACE] statemgr.Filesystem: unlocked by closing terraform.tfstate
> 2019-12-12T16:17:53.188Z [DEBUG] plugin: plugin process exited: path=C:\Terraform\.terraform\plugins\windows_amd64\terraform-provider-vsphere_v1.13.0_x4.exe pid=20576
> 2019-12-12T16:17:53.188Z [DEBUG] plugin: plugin exited

Has anyone had this problem before or can help at all?

rajbir1982 · February 27, 2020, 11:35pm

i have same issue, did you get any solution for this. some says to give full permission to the userid in vsphere. i can’t go for it.

2020/02/27 18:33:12 [ERROR] : eval: *terraform.EvalApplyPost, err: error reconfiguring virtual machine: error reconfiguring virtual machine: ServerFaultCode: Permission to perform this operation was denied.

2020/02/27 18:33:12 [ERROR] : eval: *terraform.EvalSequence, err: error reconfiguring virtual machine: error reconfiguring virtual machine: ServerFaultCode: Permission to perform this operation was denied.

sakroyd · March 2, 2020, 10:27am

Hi @rajbir1982 - I eventually got it working, assuming you’re connecting to VMWare Cloud on AWS ? I’ve documented it here: https://www.samakroyd.com/2020/03/02/vmware-cloud-on-aws-windows-provisioning-using-terraform/#more-49

rajbir1982 · March 3, 2020, 12:53pm

Thanks for the links. My issue got resolved. User was not having correct permission at vcenter.

rdeglise · March 12, 2020, 1:36pm

I have same issue, which permission is missing on vcenter? we have full admin access normally

rajbir1982 · March 12, 2020, 7:38pm

rdeglise
    March 12
I have same issue, which permission is missing on vcenter? we have full admin access normally

Visit Topic or reply to this email to respond.

In Reply To

rajbir1982
    March 3
Thanks for the links. My issue got resolved. User was not having correct permission at vcenter.

Visit Topic or reply to this email to respond.

To unsubscribe from these emails, click here.

rahul-padhee · May 17, 2021, 1:35pm

I am having issues cloning a VM from a VM using terraform in vsphere.
I was able to use the same template earlier and clone the VM. Not sure what happened all of a sudden and terraform stopped working.

Terraform plan works well, terraform apply starts cloning the VM and fails exactly after 94% of the cloning process.

2021/05/17 18:51:20 [TRACE] dag/walk: vertex “root” is waiting for “meta.count-boundary (EachMode fixup)”
2021/05/17 18:51:20 [TRACE] dag/walk: vertex “meta.count-boundary (EachMode fixup)” is waiting for “vsphere_virtual_machine.vmFromRemoteOvf”
2021/05/17 18:51:20 [TRACE] dag/walk: vertex “provider["registry.terraform.io/hashicorp/vsphere"] (close)” is waiting for “vsphere_virtual_machine.vmFromRemoteOvf”
2021/05/17 18:51:23 [DEBUG] vsphere_virtual_machine.vmFromRemoteOvf: apply errored, but we’re indicating that via the Error pointer rather than returning it: error cloning virtual machine: Invalid configuration for device ‘12’.
2021/05/17 18:51:23 [TRACE] EvalMaybeTainted: vsphere_virtual_machine.vmFromRemoteOvf encountered an error during creation, so it is now marked as tainted
2021/05/17 18:51:23 [TRACE] EvalWriteState: removing state object for vsphere_virtual_machine.vmFromRemoteOvf
2021/05/17 18:51:23 [TRACE] EvalApplyProvisioners: vsphere_virtual_machine.vmFromRemoteOvf has no state, so skipping provisioners
2021/05/17 18:51:23 [TRACE] EvalMaybeTainted: vsphere_virtual_machine.vmFromRemoteOvf encountered an error during creation, so it is now marked as tainted
2021/05/17 18:51:23 [TRACE] EvalWriteState: removing state object for vsphere_virtual_machine.vmFromRemoteOvf

Terraform version is –

terraform version

Terraform v0.14.9

provider Terraform Registry v1.26.0

vsphere/vcenter version is Version
6.7.0

I also do have admin access (as I was able to clone earlier) so no permission issue

Also wanted to inform that I am able to perform the same clone operation in the vsphere console, but the same fails when trying using Terraform

Below is the terraform File I am using:

Terraform provider and authetication details

provider “vsphere” {
user = “rpadhee@vsphere.local”
password = “*********”
vsphere_server = “172.26.112.28”

If you have a self-signed cert

allow_unverified_ssl = true
}

Variable passed for esxi host name - Host already exists in vsphere

variable “esxihost” {
description = “input your esxi host name”
default = “172.26.112.31”
}

Variable passed for the name of the VM resource to be created

variable “vmName” {
description = “Please enter the name of the VM to be created”

}

Variable passed for the name of the VM to be cloned to a new VM

variable “vmTemplatefromOVF” {
description = “Please enter the name of the vm template”

}

Variable passed for the network to be assigned to the VM resource

variable “networkName” {
description = “input your esxi network name”
default = “172.26.112.0”
}

Specifying the DataCenter - already exists in vsphere

data “vsphere_datacenter” “dc” {
name = “SIEM”
}

Specifying the Data Store name - already exists in vsphere

data “vsphere_datastore” “datastore” {
name = “TrueNAS-HLO shared iscsi”
datacenter_id = data.vsphere_datacenter.dc.id
}

Specifying the Resource Pool name - already exists in vsphere

data “vsphere_resource_pool” “pool” {
name = “TerraformTest-HLO”
datacenter_id = data.vsphere_datacenter.dc.id
}

specifying the Network name - which already exists in vsphere - passed through variable content

data “vsphere_network” “network” {
name = “${var.networkName}”
datacenter_id = data.vsphere_datacenter.dc.id
}

Specifying the host name - already exists in vsphere - passed through variable content

data “vsphere_host” “host” {
name = “${var.esxihost}”
datacenter_id = data.vsphere_datacenter.dc.id
}

Specifying the VM Name to be cloned from - - passed through variable content

data “vsphere_virtual_machine” “template_from_ovf” {
name = “${var.vmTemplatefromOVF}”
datacenter_id = data.vsphere_datacenter.dc.id
}

VM resource to be created

resource “vsphere_virtual_machine” “vmFromRemoteOvf” {
name = “${var.vmName}”
resource_pool_id = data.vsphere_resource_pool.pool.id
datastore_id = data.vsphere_datastore.datastore.id
host_system_id = data.vsphere_host.host.id
guest_id = data.vsphere_virtual_machine.template_from_ovf.guest_id

datacenter_id = data.vsphere_datacenter.dc.id

folder = “/Engineering/EM/HLO-EM/vm-terraform-rpadhee”

wait_for_guest_net_timeout = 0
wait_for_guest_ip_timeout = 0
network_interface {
network_id = data.vsphere_network.network.id
adapter_type = “vmxnet3”
}

clone {
template_uuid = data.vsphere_virtual_machine.template_from_ovf.id
timeout = 180
}

disk {
size = 500
label = “test2.vmdk”
eagerly_scrub = false
thin_provisioned = true
}
}

** Can somebody please help me on this… this is a production blocker and it would be really kind of you all

rajbir1982 · May 17, 2021, 8:37pm

@rahul-padhee , the error in logs indicate there is some bad configuration on terraform code. Something changed on vCenter side which need to be fixed or you need to review your terraform code based on that change.
i found something related to your error code.