Add Disabled field to VM bootstrap

Add Disabled field to the VirtualMachineBootstrapSpec to allow skipping
bootstrap customization. When true, the VM will not be bootstrapped even
if a provider (CloudInit, LinuxPrep, Sysprep, VAppConfig) is specified.

This is useful for either disabling the implicit LinuxPrep customization
we do on Linux images for historical reasons, or deferring bootstrap when
the guest is already configured.

Author: bryanv

api/test/v1alpha1/virtualmachine_conversion_test.go

@@ -730,6 +730,36 @@ func TestVirtualMachineConversion(t *testing.T) {
 		hubSpokeHub(g, &hub, &vmopv1a1.VirtualMachine{})
 	})
 
+	t.Run("VirtualMachine hub-spoke-hub with bootstrap disabled", func(t *testing.T) {
+		g := NewWithT(t)
+		hub := vmopv1.VirtualMachine{
+			Spec: vmopv1.VirtualMachineSpec{
+				Bootstrap: &vmopv1.VirtualMachineBootstrapSpec{
+					Disabled: true,
+				},
+			},
+		}
+		hubSpokeHub(g, &hub, &vmopv1a1.VirtualMachine{})
+	})
+
+	t.Run("VirtualMachine hub-spoke-hub with CloudInit and bootstrap disabled ", func(t *testing.T) {
+		g := NewWithT(t)
+		hub := vmopv1.VirtualMachine{
+			Spec: vmopv1.VirtualMachineSpec{
+				Bootstrap: &vmopv1.VirtualMachineBootstrapSpec{
+					CloudInit: &vmopv1.VirtualMachineBootstrapCloudInitSpec{
+						RawCloudConfig: &vmopv1common.SecretKeySelector{
+							Name: "my-secret",
+							Key:  "user-data",
+						},
+					},
+					Disabled: true,
+				},
+			},
+		}
+		hubSpokeHub(g, &hub, &vmopv1a1.VirtualMachine{})
+	})
+
 	t.Run("VirtualMachine hub-spoke Status", func(t *testing.T) {
 		g := NewWithT(t)
 

api/test/v1alpha2/virtualmachine_conversion_test.go

@@ -679,6 +679,36 @@ func TestVirtualMachineConversion(t *testing.T) {
 		hubSpokeHub(g, &hub2, &vmopv1.VirtualMachine{}, &vmopv1a2.VirtualMachine{})
 	})
 
+	t.Run("VirtualMachine hub-spoke-hub with bootstrap disabled", func(t *testing.T) {
+		g := NewWithT(t)
+		hub := vmopv1.VirtualMachine{
+			Spec: vmopv1.VirtualMachineSpec{
+				Bootstrap: &vmopv1.VirtualMachineBootstrapSpec{
+					Disabled: true,
+				},
+			},
+		}
+		hubSpokeHub(g, &hub, &vmopv1.VirtualMachine{}, &vmopv1a2.VirtualMachine{})
+	})
+
+	t.Run("VirtualMachine hub-spoke-hub with CloudInit and bootstrap disabled ", func(t *testing.T) {
+		g := NewWithT(t)
+		hub := vmopv1.VirtualMachine{
+			Spec: vmopv1.VirtualMachineSpec{
+				Bootstrap: &vmopv1.VirtualMachineBootstrapSpec{
+					CloudInit: &vmopv1.VirtualMachineBootstrapCloudInitSpec{
+						RawCloudConfig: &vmopv1common.SecretKeySelector{
+							Name: "my-secret",
+							Key:  "user-data",
+						},
+					},
+					Disabled: true,
+				},
+			},
+		}
+		hubSpokeHub(g, &hub, &vmopv1.VirtualMachine{}, &vmopv1a2.VirtualMachine{})
+	})
+
 	t.Run("VirtualMachine and spec.network.domainName", func(t *testing.T) {
 
 		const (

api/test/v1alpha3/virtualmachine_conversion_test.go

@@ -120,6 +120,7 @@ func TestVirtualMachineConversion(t *testing.T) {
 								},
 								RawProperties: "my-secret",
 							},
+							Disabled: true,
 						},
 						Network: &vmopv1.VirtualMachineNetworkSpec{
 							DomainName:    "my-domain.com",
@@ -382,22 +383,24 @@ func TestVirtualMachineConversion(t *testing.T) {
 				},
 			},
 			{
-				name: "spec.bootstrap.cloudInit.waitOnNetwork4",
+				name: "spec.bootstrap.disabled",
 				hub: &vmopv1.VirtualMachine{
 					Spec: vmopv1.VirtualMachineSpec{
 						Bootstrap: &vmopv1.VirtualMachineBootstrapSpec{
-							CloudInit: &vmopv1.VirtualMachineBootstrapCloudInitSpec{
-								WaitOnNetwork4: ptrOf(true),
-							},
+							Disabled: true,
 						},
 					},
 				},
 			},
 			{
-				name: "spec.groupName",
+				name: "spec.bootstrap.cloudInit.waitOnNetwork4",
 				hub: &vmopv1.VirtualMachine{
 					Spec: vmopv1.VirtualMachineSpec{
-						GroupName: "my-group",
+						Bootstrap: &vmopv1.VirtualMachineBootstrapSpec{
+							CloudInit: &vmopv1.VirtualMachineBootstrapCloudInitSpec{
+								WaitOnNetwork4: ptrOf(true),
+							},
+						},
 					},
 				},
 			},
@@ -410,28 +413,21 @@ func TestVirtualMachineConversion(t *testing.T) {
 								WaitOnNetwork6: ptrOf(true),
 							},
 						},
-						PromoteDisksMode: vmopv1.VirtualMachinePromoteDisksModeOffline,
-						BootOptions: &vmopv1.VirtualMachineBootOptions{
-							Firmware:  vmopv1.VirtualMachineBootOptionsFirmwareTypeEFI,
-							BootDelay: &metav1.Duration{Duration: time.Second * 10},
-							BootOrder: []vmopv1.VirtualMachineBootOptionsBootableDevice{
-								{
-									Type: vmopv1.VirtualMachineBootOptionsBootableDiskDevice,
-									Name: "disk-0",
-								},
-								{
-									Type: vmopv1.VirtualMachineBootOptionsBootableNetworkDevice,
-									Name: "eth0",
-								},
-								{
-									Type: vmopv1.VirtualMachineBootOptionsBootableCDRomDevice,
-								},
-							},
-							BootRetry:           vmopv1.VirtualMachineBootOptionsBootRetryDisabled,
-							BootRetryDelay:      &metav1.Duration{Duration: time.Second * 10},
-							EFISecureBoot:       vmopv1.VirtualMachineBootOptionsEFISecureBootDisabled,
-							NetworkBootProtocol: vmopv1.VirtualMachineBootOptionsNetworkBootProtocolIP4,
-						},
+					},
+				},
+			},
+			{
+				name: "spec.groupName",
+				hub: &vmopv1.VirtualMachine{
+					Spec: vmopv1.VirtualMachineSpec{
+						GroupName: "my-group",
+					},
+				},
+			},
+			{
+				name: "spec.affinity",
+				hub: &vmopv1.VirtualMachine{
+					Spec: vmopv1.VirtualMachineSpec{
 						Affinity: &vmopv1.AffinitySpec{
 							VMAffinity: &vmopv1.VMAffinitySpec{
 								RequiredDuringSchedulingPreferredDuringExecution: []vmopv1.VMAffinityTerm{

api/test/v1alpha4/virtualmachine_conversion_test.go

@@ -120,6 +120,7 @@ func TestVirtualMachineConversion(t *testing.T) {
 								},
 								RawProperties: "my-secret",
 							},
+							Disabled: true,
 						},
 						Network: &vmopv1.VirtualMachineNetworkSpec{
 							DomainName:    "my-domain.com",
@@ -327,6 +328,16 @@ func TestVirtualMachineConversion(t *testing.T) {
 					},
 				},
 			},
+			{
+				name: "spec.bootstrap.disabled",
+				hub: &vmopv1.VirtualMachine{
+					Spec: vmopv1.VirtualMachineSpec{
+						Bootstrap: &vmopv1.VirtualMachineBootstrapSpec{
+							Disabled: true,
+						},
+					},
+				},
+			},
 			{
 				name: "spec.affinity",
 				hub: &vmopv1.VirtualMachine{

api/v1alpha1/virtualmachine_conversion.go

@@ -842,12 +842,13 @@ func restore_v1alpha5_VirtualMachineBootstrapSpec(
 
 	dstBootstrap := dst.Spec.Bootstrap
 	if dstBootstrap == nil {
-		// v1a1 doesn't have a way to represent standalone LinuxPrep. If we didn't do a
-		// conversion in convert_v1alpha1_VmMetadata_To_v1alpha5_BootstrapSpec() but we
-		// saved a LinuxPrep in the conversion annotation, restore that here.
-		if srcBootstrap.LinuxPrep != nil {
+		// v1a1 doesn't have a way to represent standalone LinuxPrep or Disabled.
+		// If we didn't do a conversion in convert_v1alpha1_VmMetadata_To_v1alpha5_BootstrapSpec()
+		// but we saved a LinuxPrep or Disabled in the conversion annotation, restore that here.
+		if srcBootstrap.LinuxPrep != nil || srcBootstrap.Disabled {
 			dst.Spec.Bootstrap = &vmopv1.VirtualMachineBootstrapSpec{
 				LinuxPrep: srcBootstrap.LinuxPrep,
+				Disabled:  srcBootstrap.Disabled,
 			}
 		}
 		return
@@ -907,6 +908,8 @@ func restore_v1alpha5_VirtualMachineBootstrapSpec(
 			dstVAppConfig.RawProperties = srcVAppConfig.RawProperties
 		}
 	}
+
+	dstBootstrap.Disabled = srcBootstrap.Disabled
 }
 
 func restore_v1alpha5_VirtualMachineNetworkSpec(

api/v1alpha2/virtualmachine_conversion.go

@@ -347,6 +347,17 @@ func restore_v1alpha5_VirtualMachineBootstrapSysprep(dst, src *vmopv1.VirtualMac
 	}
 }
 
+func restore_v1alpha5_VirtualMachineBootstrapDisabled(dst, src *vmopv1.VirtualMachine) {
+	if bs := src.Spec.Bootstrap; bs != nil {
+		if bs.Disabled {
+			if dst.Spec.Bootstrap == nil {
+				dst.Spec.Bootstrap = &vmopv1.VirtualMachineBootstrapSpec{}
+			}
+			dst.Spec.Bootstrap.Disabled = true
+		}
+	}
+}
+
 func restore_v1alpha5_VirtualMachineGuestID(dst, src *vmopv1.VirtualMachine) {
 	dst.Spec.GuestID = src.Spec.GuestID
 }
@@ -427,6 +438,7 @@ func (src *VirtualMachine) ConvertTo(dstRaw ctrlconversion.Hub) error {
 	restore_v1alpha5_VirtualMachineBootstrapCloudInitWaitOnNetwork(dst, restored)
 	restore_v1alpha5_VirtualMachineBootstrapLinuxPrep(dst, restored)
 	restore_v1alpha5_VirtualMachineBootstrapSysprep(dst, restored)
+	restore_v1alpha5_VirtualMachineBootstrapDisabled(dst, restored)
 	restore_v1alpha5_VirtualMachineSpecNetworkDomainName(dst, restored)
 	restore_v1alpha5_VirtualMachineGuestID(dst, restored)
 	restore_v1alpha5_VirtualMachinePromoteDisksMode(dst, restored)

api/v1alpha3/virtualmachine_conversion.go

@@ -325,6 +325,17 @@ func restore_v1alpha5_VirtualMachineBootstrapSysprep(dst, src *vmopv1.VirtualMac
 	}
 }
 
+func restore_v1alpha5_VirtualMachineBootstrapDisabled(dst, src *vmopv1.VirtualMachine) {
+	if bs := src.Spec.Bootstrap; bs != nil {
+		if bs.Disabled {
+			if dst.Spec.Bootstrap == nil {
+				dst.Spec.Bootstrap = &vmopv1.VirtualMachineBootstrapSpec{}
+			}
+			dst.Spec.Bootstrap.Disabled = true
+		}
+	}
+}
+
 func restore_v1alpha5_VirtualMachinePolicies(dst, src *vmopv1.VirtualMachine) {
 	dst.Spec.Policies = slices.Clone(src.Spec.Policies)
 }
@@ -361,6 +372,7 @@ func (src *VirtualMachine) ConvertTo(dstRaw ctrlconversion.Hub) error {
 	restore_v1alpha5_VirtualMachineBootstrapCloudInitWaitOnNetwork(dst, restored)
 	restore_v1alpha5_VirtualMachineBootstrapLinuxPrep(dst, restored)
 	restore_v1alpha5_VirtualMachineBootstrapSysprep(dst, restored)
+	restore_v1alpha5_VirtualMachineBootstrapDisabled(dst, restored)
 	restore_v1alpha5_VirtualMachinePromoteDisksMode(dst, restored)
 	restore_v1alpha5_VirtualMachineBootOptions(dst, restored)
 	restore_v1alpha5_VirtualMachineVolumes(dst, restored)

api/v1alpha4/virtualmachine_conversion.go

@@ -269,6 +269,17 @@ func restore_v1alpha5_VirtualMachineBootstrapSysprep(dst, src *vmopv1.VirtualMac
 	}
 }
 
+func restore_v1alpha5_VirtualMachineBootstrapDisabled(dst, src *vmopv1.VirtualMachine) {
+	if bs := src.Spec.Bootstrap; bs != nil {
+		if bs.Disabled {
+			if dst.Spec.Bootstrap == nil {
+				dst.Spec.Bootstrap = &vmopv1.VirtualMachineBootstrapSpec{}
+			}
+			dst.Spec.Bootstrap.Disabled = true
+		}
+	}
+}
+
 func restore_v1alpha5_VirtualMachineAffinity(dst, src *vmopv1.VirtualMachine) {
 	if src.Spec.Affinity == nil {
 		dst.Spec.Affinity = nil
@@ -319,6 +330,7 @@ func (src *VirtualMachine) ConvertTo(dstRaw ctrlconversion.Hub) error {
 	restore_v1alpha5_VirtualMachineBootstrapCloudInitWaitOnNetwork(dst, restored)
 	restore_v1alpha5_VirtualMachineBootstrapLinuxPrep(dst, restored)
 	restore_v1alpha5_VirtualMachineBootstrapSysprep(dst, restored)
+	restore_v1alpha5_VirtualMachineBootstrapDisabled(dst, restored)
 	restore_v1alpha5_VirtualMachineAffinity(dst, restored)
 	restore_v1alpha5_VirtualMachineVolumes(dst, restored)
 

api/v1alpha5/virtualmachine_bootstrap_types.go

@@ -81,6 +81,16 @@ type VirtualMachineBootstrapSpec struct {
 	// This bootstrap provider may not be used in conjunction with the CloudInit
 	// bootstrap provider.
 	VAppConfig *VirtualMachineBootstrapVAppConfigSpec `json:"vAppConfig,omitempty"`
+
+	// +optional
+
+	// Disabled is a flag that indicates whether or not to disable bootstrap
+	// for this VM.
+	//
+	// When set to true, the bootstrap customization is not applied to the VM,
+	// even if a bootstrap provider such as CloudInit, LinuxPrep, Sysprep, or
+	// VAppConfig is specified.
+	Disabled bool `json:"disabled,omitempty"`
 }
 
 // VirtualMachineBootstrapCloudInitSpec describes the CloudInit configuration

pkg/providers/vsphere/vmlifecycle/bootstrap.go

@@ -73,7 +73,7 @@ var (
 	ErrBootstrapCustomize   = pkgerr.NoRequeueNoErr("bootstrap customized vm")
 )
 
-func DoBootstrap(
+func DoBootstrap( //nolint:gocyclo
 	vmCtx pkgctx.VirtualMachineContext,
 	vcVM *object.VirtualMachine,
 	config *vimtypes.VirtualMachineConfigInfo,
@@ -105,6 +105,11 @@ func DoBootstrap(
 		}
 	}
 
+	if bootstrap.Disabled {
+		vmCtx.Logger.Info("Skipping bootstrap since disabled")
+		return nil
+	}
+
 	var (
 		cloudInit  = bootstrap.CloudInit
 		linuxPrep  = bootstrap.LinuxPrep