Milestone 4 ‐ VCenter AD Integration, PowerCLI and Linked Clones ‐ JM - Jacob-Mayotte/SYS480 GitHub Wiki

💡In this milestone we are going to begin using an Active Directory login to vcenter. We will also install powershell and powercli on xubuntu-wan and hand extract the base VMs from dc1, xubuntu and vyos

Milestone 4.1:

  • Initially signed onto xubuntu mgmt through remote chrome desktop to SSH from there into DC1
  1. Set up AD Certificate Authority via Powershell:
  • Install-WindowsFeature ADCS-Cert-Authority -IncludeManagementTools // Install-WindowsFeature = install windows server feature. // ADCS-Cert-Authority = ADCS is installed // -IncludeManagementTools includes the management tools associated with the specified role or feature.
  • Install-AdcsCertificationAuthority -Credential (Get-Credential) -CAType EnterpriseRootCa -CryptoProviderName "RSA#Microsoft Software Key Storage Provider" -KeyLength 2048 -HashAlgorithmName SHA512 -CACommonName "jacob-local-CA" // Please note that ErrorId = 0 means that it was successfully installed // Install-AdcsCertificationAuthority: This cmdlet is used to install the Certification Authority role on a Windows Server. //

image

  • Ensure that you have a named-adm domain user:

image

  • In Active Directory Users and Computers create a new OU named, Accounts. Then in this folder create a new ou named service accounts. Now move your domain named admin user into the new accounts.

image

  • Please make the following two users: // Create vcenterldap service account // Create vcenter-admin AD group (add your -adm useer)

image

  • `` 1.2 Requires DC1 reboot: // Join vcenter to Domain
  • Reboot vcenter appliance (this is not just power on/off VM!)
  • Conducted through vcenter.jacob.local Go to SSO:

image

  • Right click the machine and press Restart Node

  • Add new SSO Provider via vCenter (AD over LDAP)

NOTE! To retrieve the cert:

  • openssl s_client -connect dc1-jacob.jacob.local:636 -showcerts

image

! THIS FAILED AT FIRST. I navigated to dc1 and logged out of deployer and into my named admin user! This fixe3d it somehow providing:

  • Ran the same command after doing the login to the named admin user. Retrieve the cert:

image

  • Now go to xubuntu mgmt and right click on the desktop to create a new text file, change the extension to: .cert so the file was:

image

  • Now follow the following steps: The autofill that occurred on vCenter since we constructed the relationship.

image

image

Edit the administrators group in SSO with Administrators & vcenter-admins:

image

Now we can login with the domain user:

image

Sources:

Milestone 4.2:

First I installed the required dependencies for Ansible on mgmt: SOURCE

sudo apt install sshpass python3-paramiko git
sudo apt-add-repository ppa:ansible/ansible
sudo apt update
sudo apt install ansible
ansible --version

Followed by:

cat >> ~/.ansible.cfg << EOF                                                               
[defaults]
host_key_checking = false
EOF

Installed the PowerCLI dependencies on mgmt still!:

sudo snap install powershell --classic
pwsh
// Once you enter PS session run: 
Write-Host $PSVersionTable

For example:

image

Now I had to install the PowerCLI Libraries:

Install-Module VMware.PowerCLI -Scope CurrentUser
Get-Module VMware.PowerCLI -ListAvailable
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore
Set-PowerCLIConfiguration -Scope User -ParticipateInCEIP $false

image

image

Above screenshots for future reference, just reply yes to this Y

Leave the PS session and return to ubuntu CLI: sudo apt install remmina onboard & sudo snap install code --classic

image

OKAY Test time:

image

So now I had to create some linked clones to create base VMs for our current VMs... I followed Devins video for DC1: Video

Then I used my own script which was heavily inspired by the video/ Devins Script. Please see the script: https://github.com/Jacob-Mayotte/SYS480/blob/main/cloner.ps1

I ran the script for both 480-fw & xubuntumgmt

Milestone 4.3:

Completed this milestone by following: Devins Guide

Retrieved the LTS version of Ubuntu-server download here: https://mu.releases.ubuntu.com/22.04.1/

For reference: image

Config of machine:

image

image

User:

image

NOTE! ISO!!!!!! I just created a new VM via the GUI as seen above, then I pressed start and went thru the install wizard. The network adapter was moved to 480-WAN and immediately received a DCHPv4 addr.

Final:

  • Hostname: xubuntu-server
  • Username: rangeuser
  • Network Config:

image