尝试在vSphere中创建虚拟机,最好使用Terraform,但不断获得Error: error creating virtual machine: ServerFaultCode: Permission to perform this operation was denied.
- SOAP响应中提到的错误,如Terraform调试日志中捕获的:
<soapenv:Envelope xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Body>
<soapenv:Fault>
<faultcode>ServerFaultCode</faultcode>
<faultstring>Permission to perform this operation was denied.</faultstring>
<detail>
<NoPermissionFault xmlns="urn:vim25" xsi:type="NoPermission">
<object type="Folder">group-v3</object>
<privilegeId>VirtualMachine.Config.SwapPlacement</privilegeId>
</NoPermissionFault>
</detail>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
使用govc远程创建虚拟机是可行的,这表明我对vSphere的用户权限是好的;所以我认为这不是因为用户权限问题。担心我可能有Terraform语法问题。
已确认使用Govmomigovc命令在指向vSphere服务器的远程机器上运行时成功创建虚拟机:
govc vm.create -disk=20GB -ds=ESX_Engineering_Datastore_01 -g=ubuntu64guest -iso=iso_images/ubuntu-20.04.1-live-server-amd64.iso -on=true -link=false -net="VM Network" -host="vmware14.mycompany.com" devops-example-govc
尝试使用Terraform vSphere Provider执行等效操作失败。
提供商.tf
provider "vsphere" {
version = "1.24.0"
user = var.vsphere_user
password = var.vsphere_password
vsphere_server = var.vsphere_server
allow_unverified_ssl = true
}
main.tf
data "vsphere_datacenter" "dc" {
name = var.datacenter_name
}
data "vsphere_host" "host" {
name = var.vsphere_host
datacenter_id = data.vsphere_datacenter.dc.id
}
data "vsphere_datastore" "datastore" {
name = var.datastore_name
datacenter_id = data.vsphere_datacenter.dc.id
}
data "vsphere_resource_pool" "pool" {
name = var.pool_name
datacenter_id = data.vsphere_datacenter.dc.id
}
data "vsphere_network" "network" {
name = var.network_name
datacenter_id = data.vsphere_datacenter.dc.id
}
resource "vsphere_virtual_machine" "vm" {
name = var.vm_name
resource_pool_id = data.vsphere_resource_pool.pool.id
datastore_id = data.vsphere_datastore.datastore.id
host_system_id = data.vsphere_host.host.id
num_cpus = var.vm_cpu_number
memory = var.vm_memory
guest_id = var.vm_guest_id
network_interface {
network_id = data.vsphere_network.network.id
}
disk {
label = var.vm_disk_label
size = var.vm_disk_size
datastore_id = data.vsphere_datastore.datastore.id
}
cdrom {
datastore_id = data.vsphere_datastore.datastore.id
path = var.vm_cd
}
network_interface {
network_id = data.vsphere_network.network.id
}
}
计划
# vsphere_virtual_machine.vm will be created
+ resource "vsphere_virtual_machine" "vm" {
+ boot_retry_delay = 10000
+ change_version = (known after apply)
+ cpu_limit = -1
+ cpu_share_count = (known after apply)
+ cpu_share_level = "normal"
+ datastore_id = "datastore-35377"
+ default_ip_address = (known after apply)
+ ept_rvi_mode = "automatic"
+ firmware = "bios"
+ force_power_off = true
+ guest_id = "ubuntu64guest"
+ guest_ip_addresses = (known after apply)
+ hardware_version = (known after apply)
+ host_system_id = "host-9365"
+ hv_mode = "hvAuto"
+ id = (known after apply)
+ ide_controller_count = 2
+ imported = (known after apply)
+ latency_sensitivity = "normal"
+ memory = 1024
+ memory_limit = -1
+ memory_share_count = (known after apply)
+ memory_share_level = "normal"
+ migrate_wait_timeout = 30
+ moid = (known after apply)
+ name = "devops-example-tf"
+ num_cores_per_socket = 1
+ num_cpus = 1
+ poweron_timeout = 300
+ reboot_required = (known after apply)
+ resource_pool_id = "resgroup-8807"
+ run_tools_scripts_after_power_on = true
+ run_tools_scripts_after_resume = true
+ run_tools_scripts_before_guest_shutdown = true
+ run_tools_scripts_before_guest_standby = true
+ sata_controller_count = 0
+ scsi_bus_sharing = "noSharing"
+ scsi_controller_count = 1
+ scsi_type = "pvscsi"
+ shutdown_wait_timeout = 3
+ storage_policy_id = (known after apply)
+ swap_placement_policy = "inherit"
+ uuid = (known after apply)
+ vapp_transport = (known after apply)
+ vmware_tools_status = (known after apply)
+ vmx_path = (known after apply)
+ wait_for_guest_ip_timeout = 0
+ wait_for_guest_net_routable = true
+ wait_for_guest_net_timeout = 5
+ cdrom {
+ datastore_id = "datastore-35377"
+ device_address = (known after apply)
+ key = (known after apply)
+ path = "iso_images/ubuntu-20.04.1-live-server-amd64.iso"
}
+ disk {
+ attach = false
+ controller_type = "scsi"
+ datastore_id = "datastore-35377"
+ device_address = (known after apply)
+ disk_mode = "persistent"
+ disk_sharing = "sharingNone"
+ eagerly_scrub = false
+ io_limit = -1
+ io_reservation = 0
+ io_share_count = 0
+ io_share_level = "normal"
+ keep_on_remove = false
+ key = 0
+ label = "disk0"
+ path = (known after apply)
+ size = 20
+ storage_policy_id = (known after apply)
+ thin_provisioned = true
+ unit_number = 0
+ uuid = (known after apply)
+ write_through = false
}
+ network_interface {
+ adapter_type = "vmxnet3"
+ bandwidth_limit = -1
+ bandwidth_reservation = 0
+ bandwidth_share_count = (known after apply)
+ bandwidth_share_level = "normal"
+ device_address = (known after apply)
+ key = (known after apply)
+ mac_address = (known after apply)
+ network_id = "network-19"
}
+ network_interface {
+ adapter_type = "vmxnet3"
+ bandwidth_limit = -1
+ bandwidth_reservation = 0
+ bandwidth_share_count = (known after apply)
+ bandwidth_share_level = "normal"
+ device_address = (known after apply)
+ key = (known after apply)
+ mac_address = (known after apply)
+ network_id = "network-19"
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
地形信息
$ terraform version
Terraform v0.13.1
+ provider registry.terraform.io/hashicorp/vsphere v1.24.0
注意:我最初在DevOps上发布了这个问题,但由于没有回复,我在那里删除了它,并在这里重新发布了它
尝试:
govclogs-f
同时运行terraform以帮助查找问题。