This is continuing from my
previous blog about Joining Windows VM to domain. In this blog, I will explain
about How to Join Linux VM to windows AD using ansible playbook When vRealize Automation 8.x Deploys a VM .
I am using RHEL 7.6 and Windows Server 2016 for domain controller .
First
we need to prepare Linux VM template . let’s start to prepare Linux VM template.
Prerequisite
for Linux VM template :-
1) NTP Configuration
2) resolve.conf file entries
3) AD server network reachability with VM
Once base
Linux VM template creation completed thereafter we need to create playbook and Ansible template.
Ansible
Playbook and Template creation:-
Ansible playbook to
perform AD join for the VM and same
playbook will use in ansible template .
I
have used linuxjoindomain.yml playbook in my lab. My playbook to join Linux VM is
- name: Install Required Packages
yum:
name: "{{ package
}}"
state: present
environment: "{{ proxy_env
}}"
- name: Install PEXPECT With Easy_Install For CentOS 7
easy_install:
name: pexpect
environment: "{{ proxy_env
}}"
when: (ansible_distribution ==
"CentOS" or ansible_distribution == "RedHat") and
(ansible_distribution_major_version == "7")
- name: Install PEXPECT with PIP3.6 For CentOS 8
pip:
name: pexpect
executable: pip3.6
environment: "{{ proxy_env
}}"
when: (ansible_distribution ==
"CentOS" or ansible_distribution == "RedHat") and
(ansible_distribution_major_version == "8")
- name: Checking Domain Join status
command: id "{{ Join_User
}}"
register: ad_status
changed_when: false
ignore_errors: true
- name: Domain configs and Join {{ DomainName }}
block:
- name: Join {{
ansible_distribution }} {{ ansible_distribution_major_version }} into Domain {{
DomainName }}
expect:
command: /bin/bash -c
"/usr/sbin/realm join --user={{ Join_User }} {{ DomainName }}"
responses:
Password for *: "{{
Join_User_Pass }}"
- name: Allow user Login
without FQDN
lineinfile:
backup: yes
state: present
dest: /etc/sssd/sssd.conf
regexp: '^{{ item.search
}}'
line: '{{ item.replace }}'
with_items:
- { search:
'use_fully_qualified_names', replace: 'use_fully_qualified_names = False' }
- { search:
'fallback_homedir', replace: 'fallback_homedir = /home/%u'}
- { search:
'access_provider', replace: 'access_provider = simple'}
notify: restart sssd
when: ad_status.rc !=0
My Ansible template
looks like this.
vRA Blueprint :-
Now time to create blueprint and my blueprint
looks like below. I have used same blueprint for Linux 7.x and Linux 8.x deployment.
name:
Randhir_Linux
version:
1
formatVersion:
1
inputs:
MachineName:
type: string
title: Name for the VM
description: Enter the VM name
os-image:
type: string
oneOf:
- title: MTO-PROD-LIN7
const: MTO-PROD-LIN7
- title: MTO-PROD-LIN8
const: MTO-PROD-LIN8
- title: MTO-PROD-LIN7
const: MTO-PROD-LIN7
SelectZone:
type: string
enum:
- Production
- Management
SelectFlavor:
type: string
enum:
- MTO-PROD-LARGE
- MTO-PROD-MEDIUM
- MTO-PROD-SMALL
resources:
Cloud_vSphere_Machine_1:
type: Cloud.vSphere.Machine
properties:
constraints:
- tag: '${input.SelectZone}'
image: '${input.os-image}'
flavor: '${input.SelectFlavor}'
hostName: '${input.MachineName}'
networks:
- network: '${resource.Cloud_vSphere_Network_1.id}'
assignment: static
Cloud_vSphere_Network_1:
type: Cloud.vSphere.Network
properties:
networkType: existing
name: vranew
networkCidr: 172.20.20.0/24
Cloud_Ansible_Tower_1:
type: Cloud.Ansible.Tower
properties:
host:
'${resource.Cloud_vSphere_Machine_1.*}'
account: MTO-Ansible
jobTemplates:
provision:
- LinuxDomain (This Ansible template name)
I
have used above YAML code to create blueprint and deployed VM through it.
Let
see, If we have successful job in ansible to join Linux VM to AD.
Yes,
Job has been completed successfully and VM joint the domain .
Once
this has completed successfully, a computer object will be created in Active
Directory in the default computers container.
Now time to verify deployed VM if we are able to login
through our AD ID. We are going to preform
couple of testing .
1-
Id
administrator ( AD user) command
to verify the administrator (AD User) account.
2- realm
list command
to show AD configuration.
Now
any AD user can access the RHEL machine (as standard user) . I have used
SVC-vraprod AD user to login into Linux VM.
If
you want to see my Ansible playbook ,
please left comment in comment box.
Stay
with me to read the next upcoming blog.
I hope you enjoy reading this blog as much as I enjoyed
writing it. Feel free to share this on social media if it is worth sharing.