This is continuing from my previous blog about Joining Windows VM to domain. In this blog, I will explain about How to Join Linux VM to windows AD using ansible playbook When vRealize Automation 8.x Deploys a VM .
I am using RHEL 7.6 and Windows Server 2016 for domain controller .
First we need to prepare Linux VM template . let’s start to prepare Linux VM template.
Prerequisite for Linux VM template :-
1) NTP Configuration
2) resolve.conf file entries
3) AD server network reachability with VM
Once base Linux VM template creation completed thereafter we need to create playbook and Ansible template.
Ansible Playbook and Template creation:-
Ansible playbook to perform AD join for the VM and same playbook will use in ansible template .
I have used linuxjoindomain.yml playbook in my lab. My playbook to join Linux VM is
- name: Install Required Packages
yum:
name: "{{ package }}"
state: present
environment: "{{ proxy_env }}"
- name: Install PEXPECT With Easy_Install For CentOS 7
easy_install:
name: pexpect
environment: "{{ proxy_env }}"
when: (ansible_distribution == "CentOS" or ansible_distribution == "RedHat") and
(ansible_distribution_major_version == "7")
- name: Install PEXPECT with PIP3.6 For CentOS 8
pip:
name: pexpect
executable: pip3.6
environment: "{{ proxy_env }}"
when: (ansible_distribution == "CentOS" or ansible_distribution == "RedHat") and
(ansible_distribution_major_version == "8")
- name: Checking Domain Join status
command: id "{{ Join_User }}"
register: ad_status
changed_when: false
ignore_errors: true
- name: Domain configs and Join {{ DomainName }}
block:
- name: Join {{ ansible_distribution }} {{ ansible_distribution_major_version }} into Domain {{ DomainName }}
expect:
command: /bin/bash -c "/usr/sbin/realm join --user={{ Join_User }} {{ DomainName }}"
responses:
Password for *: "{{ Join_User_Pass }}"
- name: Allow user Login without FQDN
lineinfile:
backup: yes
state: present
dest: /etc/sssd/sssd.conf
regexp: '^{{ item.search }}'
line: '{{ item.replace }}'
with_items:
- { search: 'use_fully_qualified_names', replace: 'use_fully_qualified_names = False' }
- { search: 'fallback_homedir', replace: 'fallback_homedir = /home/%u'}
- { search: 'access_provider', replace: 'access_provider = simple'}
notify: restart sssd
when: ad_status.rc !=0
My Ansible template looks like this.
vRA Blueprint :-
Now time to create blueprint and my blueprint looks like below. I have used same blueprint for Linux 7.x and Linux 8.x deployment.
name: Randhir_Linux
version: 1
formatVersion: 1
inputs:
MachineName:
type: string
title: Name for the VM
description: Enter the VM name
os-image:
type: string
oneOf:
- title: MTO-PROD-LIN7
const: MTO-PROD-LIN7
- title: MTO-PROD-LIN8
const: MTO-PROD-LIN8
- title: MTO-PROD-LIN7
const: MTO-PROD-LIN7
SelectZone:
type: string
enum:
- Production
- Management
SelectFlavor:
type: string
enum:
- MTO-PROD-LARGE
- MTO-PROD-MEDIUM
- MTO-PROD-SMALL
resources:
Cloud_vSphere_Machine_1:
type: Cloud.vSphere.Machine
properties:
constraints:
- tag: '${input.SelectZone}'
image: '${input.os-image}'
flavor: '${input.SelectFlavor}'
hostName: '${input.MachineName}'
networks:
- network: '${resource.Cloud_vSphere_Network_1.id}'
assignment: static
Cloud_vSphere_Network_1:
type: Cloud.vSphere.Network
properties:
networkType: existing
name: vranew
networkCidr: 172.20.20.0/24
Cloud_Ansible_Tower_1:
type: Cloud.Ansible.Tower
properties:
host: '${resource.Cloud_vSphere_Machine_1.*}'
account: MTO-Ansible
jobTemplates:
provision:
- LinuxDomain (This Ansible template name)
I have used above YAML code to create blueprint and deployed VM through it.
Let see, If we have successful job in ansible to join Linux VM to AD.
Yes, Job has been completed successfully and VM joint the domain .
Once this has completed successfully, a computer object will be created in Active Directory in the default computers container.
Now time to verify deployed VM if we are able to login through our AD ID. We are going to preform couple of testing .
1- Id administrator ( AD user) command to verify the administrator (AD User) account.
2- realm list command to show AD configuration.
Now any AD user can access the RHEL machine (as standard user) . I have used SVC-vraprod AD user to login into Linux VM.
If you want to see my Ansible playbook , please left comment in comment box.