views

Search This Blog

Wednesday, January 27, 2021

How to Join Linux VM to windows AD using ansible playbook When vRealize Automation 8.x Deploys a VM - Part-II

 This is continuing from my previous blog about Joining Windows VM to domain. In this blog, I will explain about How to Join Linux VM to windows AD using ansible playbook When vRealize Automation 8.x Deploys a VM . 

I am using RHEL 7.6 and Windows Server 2016  for domain controller .

First we need to prepare Linux VM template . let’s start  to prepare Linux VM template.

 

Prerequisite  for Linux VM template :-

1) NTP Configuration
2) resolve.conf file entries
3) AD server network reachability with VM 

 

Once  base Linux VM template creation completed thereafter we need to create  playbook and Ansible template.

 

Ansible Playbook and Template creation:-

 

Ansible playbook to perform AD join for the VM and same playbook will use in ansible template . 

 

I have used  linuxjoindomain.yml playbook  in my lab. My playbook to join Linux VM is

 

- name: Install Required Packages

  yum:

    name: "{{ package }}"

    state: present

  environment: "{{ proxy_env }}"

 

- name: Install PEXPECT With Easy_Install For CentOS 7

  easy_install:

    name: pexpect

  environment: "{{ proxy_env }}"

  when: (ansible_distribution == "CentOS" or ansible_distribution == "RedHat") and

          (ansible_distribution_major_version == "7")

 

- name: Install PEXPECT with PIP3.6 For CentOS 8

  pip:

    name: pexpect

    executable: pip3.6

  environment: "{{ proxy_env }}"

  when: (ansible_distribution == "CentOS" or ansible_distribution == "RedHat") and

          (ansible_distribution_major_version == "8")

 

- name: Checking Domain Join status

  command: id "{{ Join_User }}"

  register: ad_status

  changed_when: false

  ignore_errors: true

 

- name: Domain configs and Join {{ DomainName }}

  block:

    - name: Join {{ ansible_distribution }} {{ ansible_distribution_major_version }} into Domain {{ DomainName }}

      expect:

        command: /bin/bash -c "/usr/sbin/realm join --user={{ Join_User }} {{ DomainName }}"

        responses:

          Password for *: "{{ Join_User_Pass }}"

 

    - name: Allow user Login without FQDN

      lineinfile:

        backup: yes

        state: present

        dest: /etc/sssd/sssd.conf

        regexp: '^{{ item.search }}'

        line: '{{ item.replace }}'

      with_items:

        - { search: 'use_fully_qualified_names', replace: 'use_fully_qualified_names = False' }

        - { search: 'fallback_homedir', replace: 'fallback_homedir = /home/%u'}

        - { search: 'access_provider', replace: 'access_provider = simple'}

      notify: restart sssd

  when: ad_status.rc !=0

 

 

My Ansible template looks like this.

 


 





 

 

 

 

 

 

 

vRA Blueprint :-

 

Now time to create blueprint and my blueprint looks like below. I have used same blueprint for Linux 7.x and Linux  8.x deployment. 

 

name: Randhir_Linux

version: 1

formatVersion: 1

inputs:

  MachineName:

    type: string

    title: Name for the VM

    description: Enter the VM name

  os-image:

    type: string

    oneOf:

      - title: MTO-PROD-LIN7

        const: MTO-PROD-LIN7

      - title: MTO-PROD-LIN8

        const: MTO-PROD-LIN8

      - title: MTO-PROD-LIN7

        const: MTO-PROD-LIN7

  SelectZone:

    type: string

    enum:

      - Production

      - Management

  SelectFlavor:

    type: string

    enum:

      - MTO-PROD-LARGE

      - MTO-PROD-MEDIUM

      - MTO-PROD-SMALL

resources:

  Cloud_vSphere_Machine_1:

    type: Cloud.vSphere.Machine

    properties:

      constraints:

        - tag: '${input.SelectZone}'

      image: '${input.os-image}'

      flavor: '${input.SelectFlavor}'

      hostName: '${input.MachineName}'

      networks:

        - network: '${resource.Cloud_vSphere_Network_1.id}'

          assignment: static

  Cloud_vSphere_Network_1:

    type: Cloud.vSphere.Network

    properties:

      networkType: existing

      name: vranew

      networkCidr: 172.20.20.0/24

  Cloud_Ansible_Tower_1:

    type: Cloud.Ansible.Tower

    properties:

      host: '${resource.Cloud_vSphere_Machine_1.*}'

      account: MTO-Ansible

      jobTemplates:

        provision:

          - LinuxDomain (This Ansible template name)

 

 

I have used above YAML code to create blueprint and deployed VM  through it.

 

 

 

 

 

Let see, If we have successful job in ansible to join Linux VM to AD.


 


 



 

 

 

Yes, Job has been completed successfully and VM joint the domain . 

 

Once this has completed successfully, a computer object will be created in Active Directory in the default computers container.

 


 

 

Now time  to verify deployed VM if we are able to login through our AD ID.  We are going to preform couple of testing . 

 

1-    Id administrator ( AD  user) command to verify the administrator (AD User) account.



 

 

2- realm list command to show AD configuration.

 


 


 

 

 

 

Now any AD user can access the RHEL machine (as standard user) . I have used SVC-vraprod AD user to login into Linux VM.

 


 

 

 

 

 

 

 

If you want to see  my Ansible playbook , please left comment in comment box.

Stay with me to read the next upcoming blog.
 I hope you enjoy reading this blog as much as I enjoyed writing it. Feel free to share this on social media if it is worth sharing. 


at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Deploy Windows VMs for vRealize Automation Installation using vRealize Suite Lifecycle Manager 2.0

Deploy Windows VMs for vRealize Automation Installation using vRealize Suite Lifecycle Manager 2.0 In this post I am going to describe ...