'firmware' field is not applied when creating VM from template or VM copy

[vitality411]

Hello,
I am unable to set firmware = "efi". It is automatically changed to firmware = "bios" (see below). Only when I also set efi_secure_boot = true firmware will also be set to "efi".

VMware Cloud Director version

10.5.1.23400185

Terraform Version

Terraform v1.9.4
on linux_amd6

Affected Resource(s)

• vcd_vapp_vm

Terraform Configuration Files

resource "vcd_vapp_vm" "vm" {
  name             = var.VM_NAME
  org              = var.VCD_ORG
  vdc              = var.VCD_ZONE
  vapp_name        = vcd_vapp.vapp.name
  vapp_template_id = data.vcd_catalog_vapp_template.template.id

  memory                 = 2048
  cpus                   = 2
  cpu_cores              = 1
  cpu_hot_add_enabled    = true
  memory_hot_add_enabled = true
  hardware_version       = "vmx-17"
  firmware               = "efi"
  boot_options {
    efi_secure_boot = false
  }

  network {
    type               = "org"
    name               = vcd_vapp_org_network.network.org_network_name
    ip_allocation_mode = "POOL"
    is_primary         = true
  }
}

Debug Output

2024-08-13T10:35:56.611+0200 [WARN]  Provider "provider[\"registry.terraform.io/vmware/vcd\"]" produced an unexpected new value for vcd_vapp_vm.vm, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .firmware: was cty.StringVal("efi"), but now cty.StringVal("bios")
      - .boot_options[0].enter_bios_setup_on_next_boot: was null, but now cty.False

Panic Output

If Terraform produced a panic, please provide a link to a GitHub Gist containing the output of the crash.log.

Expected Behavior

firmware = "efi"

Actual Behavior

firmware = "bios"

Steps to Reproduce

1. terraform apply
2. See that firmware is set to BIOS and not EFI.

User Access rights

Information about user used. Role and/or more exact rights if it is customized.
Organization Operator

Important Factoids

Is there anything atypical about your accounts that we should know?
I am using ubuntu ova cloud image uploaded to VMware Cloud Director

References

Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example:

[vitality411]

I just tested with os_type = "ubuntu64Guest" and firmware was changed from bios to efi:

  # vcd_vapp_vm.vm will be updated in-place
  ~ resource "vcd_vapp_vm" "vm" {
      ~ firmware                       = "bios" -> "efi"
        id                             = "urn:vcloud:vm:96d57be8-9e06-47cf-88e0-3abea2a2b1f5"
        name                           = "interim"
        # (35 unchanged attributes hidden)

        # (5 unchanged blocks hidden)
    }

[Didainius]

Hello @vitality411 ,
First query - are you able to achieve such configuration when creating a VM using UI?

[vitality411]

No, in the user interface it is not possible to select the firmware (BIOS or EFI) or the operating system type when you create a VM or vAPP from a template.

[Didainius]

Then it raises a thought if this is allowed by VCD, the value being restored to bios means that VCD API responds with bios although it does send efi.

Could you try to create a template with efi?

[vitality411]

Creating a template from a vApp with efi and then creating a new vApp from this template works - it is configured with efi.
Still I think it is allowed by VCD API to create a VM with firmware = efi as I showed with os_type = "ubuntu64Guest" or efi_secure_boot = true. I think this functionality is just not exposed by VCD UI.

[Didainius]

Creating a template from a vApp with efi and then creating a new vApp from this template works - it is configured with efi. Still I think it is allowed by VCD API to create a VM with firmware = efi as I showed with os_type = "ubuntu64Guest" or efi_secure_boot = true. I think this functionality is just not exposed by VCD UI.

Could you try to enable logging ? https://registry.terraform.io/providers/vmware/vcd/latest/docs#logging
Possibly you could share the log (maybe in a github gist or other place) with hiding your hostnames. Passwords/tokens should be automatically hidden.

We can double check that the request definitely sends correct payload to API. I would expect so, but we can double check. If it does - it maybe that VCD API simply returns the configuration back to you as it is - then we can't do much

[vitality411]

I tested again with the following config:

resource "vcd_vapp_vm" "vm" {
  name      = var.VM_NAME
  org       = var.VCD_ORG
  vdc       = var.VCD_ZONE
  vapp_name = vcd_vapp.vapp.name
  #vapp_template_id = vcd_catalog_vapp_template.template.id
  vapp_template_id       = data.vcd_catalog_vapp_template.template.id
  memory                 = 2048
  cpus                   = 2
  cpu_cores              = 1
  cpu_hot_add_enabled    = true
  memory_hot_add_enabled = true
  hardware_version       = "vmx-17"
  firmware               = "efi"
  #os_type                = "ubuntu64Guest"
  # boot_options {
  #   efi_secure_boot = false
  # }

  network {
    type               = "org"
    name               = vcd_vapp_org_network.network.org_network_name
    ip_allocation_mode = "POOL"
    is_primary         = true
  }
}

So not setting os_type = "ubuntu64Guest" or efi_secure_boot = true.
VM was created with firmware = bios:

2024-08-13T13:38:39.386+0200 [WARN]  Provider "provider[\"registry.terraform.io/vmware/vcd\"]" produced an unexpected new value for vcd_vapp_vm.vm, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .firmware: was cty.StringVal("efi"), but now cty.StringVal("bios")

On the second apply without any changes to the config, terraform changed the firmware from bios to efi:

# vcd_vapp_vm.vm will be updated in-place
  ~ resource "vcd_vapp_vm" "vm" {
      ~ firmware                       = "bios" -> "efi"
        id                             = "urn:vcloud:vm:f5e806db-d8ef-46ae-ab15-a9c91bc01da3"

The complete logs are here.

[vitality411]

Apperently it is really not possible to create a new EFI VM from template:
│ Error: error: EFI secure boot can only be used with EFI firmware (found bios)
when using the following config:

resource "vcd_vapp_vm" "vm" {
  name      = var.VM_NAME
  org       = var.VCD_ORG
  vdc       = var.VCD_ZONE
  vapp_name = vcd_vapp.vapp.name
  #vapp_template_id = vcd_catalog_vapp_template.template.id
  vapp_template_id       = data.vcd_catalog_vapp_template.template.id
  memory                 = 2048
  cpus                   = 2
  cpu_cores              = 1
  cpu_hot_add_enabled    = true
  memory_hot_add_enabled = true
  hardware_version       = "vmx-17"
  firmware               = "efi"
  os_type                = "ubuntu64Guest"
  boot_options {
    efi_secure_boot = true
  }
...
}

Only changing the VM to efi after the first deployment with bios seams to work :(

Is this something go-vcloud-director schould provide?

[Didainius]

2024-08-13T13:38:39.386+0200 [WARN]  Provider "provider[\"registry.terraform.io/vmware/vcd\"]" produced an unexpected new value for vcd_vapp_vm.vm, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .firmware: was cty.StringVal("efi"), but now cty.StringVal("bios")

This log is from terraform. If you enable logging https://registry.terraform.io/providers/vmware/vcd/latest/docs#logging, you should get a go-vcloud-director.log in your working directory. That one will contain all API calls

[vitality411]

@Didainius I uploaded tf.log and go-vcloud-director.log of both applies to the gist. You have to scroll all the way to the bottom.

[Didainius]

Only changing the VM to efi after the first deployment with bios seams to work :(

Can you give more details about that - what workflow worked with your expectations? Was it creating a VM from template with bios mode and then switching to efi ?

[vitality411]

Only changing the VM to efi after the first deployment with bios seams to work :(

Can you give more details about that - what workflow worked with your expectations? Was it creating a VM from template with bios mode and then switching to efi ?

Creating a VM from template with the following config

resource "vcd_vapp_vm" "vm" {
  name      = var.VM_NAME
  org       = var.VCD_ORG
  vdc       = var.VCD_ZONE
  vapp_name = vcd_vapp.vapp.name
  #vapp_template_id = vcd_catalog_vapp_template.template.id
  vapp_template_id       = data.vcd_catalog_vapp_template.template.id
  memory                 = 2048
  cpus                   = 2
  cpu_cores              = 1
  cpu_hot_add_enabled    = true
  memory_hot_add_enabled = true
  hardware_version       = "vmx-17"
  firmware               = "efi"
  os_type                = "ubuntu64Guest"
  boot_options {
    efi_secure_boot = true
  }
...
}

will create a VM but with firmware = "bios".

A second terraform apply execution will change the VM to firmware = "efi".

[Didainius]

@vitality411 ,
I have potentially made a fix in #1308. A simple test similar to yours works. I am now running a wide set of VM tests to see if there are no regressions. You could also give it a try of you can build provider from my PR branch #1308.

[vitality411]

I verified with provider build from PR branch #1308 that firmware is now correctly set to efi. On a second apply there is no change.

[Didainius]

This will be part of 3.14.