Milestone 4 ‐ VCenter AD Integration, PowerCLI and Linked Clones ‐ JM - Jacob-Mayotte/SYS480 GitHub Wiki
💡In this milestone we are going to begin using an Active Directory login to vcenter. We will also install powershell and powercli on xubuntu-wan and hand extract the base VMs from dc1, xubuntu and vyos
Milestone 4.1:
- Initially signed onto xubuntu mgmt through remote chrome desktop to SSH from there into DC1
- Set up AD Certificate Authority via Powershell:
Install-WindowsFeature ADCS-Cert-Authority -IncludeManagementTools
//Install-WindowsFeature
= install windows server feature. //ADCS-Cert-Authority
= ADCS is installed //-IncludeManagementTools
includes the management tools associated with the specified role or feature.Install-AdcsCertificationAuthority -Credential (Get-Credential) -CAType EnterpriseRootCa -CryptoProviderName "RSA#Microsoft Software Key Storage Provider" -KeyLength 2048 -HashAlgorithmName SHA512 -CACommonName "jacob-local-CA"
// Please note thatErrorId = 0
means that it was successfully installed // Install-AdcsCertificationAuthority: This cmdlet is used to install the Certification Authority role on a Windows Server. //
- Ensure that you have a named-adm domain user:
- In Active Directory Users and Computers create a new OU named,
Accounts
. Then in this folder create a new ou named service accounts. Now move your domain named admin user into the newaccounts
.
- Please make the following two users: // Create vcenterldap service account // Create vcenter-admin AD group (add your -adm useer)
- `` 1.2 Requires DC1 reboot: // Join vcenter to Domain
- Reboot vcenter appliance (this is not just power on/off VM!)
- Conducted through
vcenter.jacob.local
Go to SSO:
-
Right click the machine and press
Restart Node
-
Add new SSO Provider via vCenter (AD over LDAP)
NOTE! To retrieve the cert:
openssl s_client -connect dc1-jacob.jacob.local:636 -showcerts
! THIS FAILED AT FIRST. I navigated to dc1 and logged out of deployer and into my named admin user! This fixe3d it somehow providing:
- Ran the same command after doing the login to the named admin user. Retrieve the cert:
- Now go to xubuntu mgmt and right click on the desktop to create a new text file, change the extension to:
.cert
so the file was:
- Now follow the following steps: The autofill that occurred on vCenter since we constructed the relationship.
Edit the administrators group in SSO with Administrators & vcenter-admins:
Now we can login with the domain user:
Sources:
- https://mikefrobbins.com/2014/11/20/use-powershell-to-install-active-directory-certificate-services/ // ErrorID explained when initial install occurs
Milestone 4.2:
SOURCE
First I installed the required dependencies for Ansible on mgmt:sudo apt install sshpass python3-paramiko git
sudo apt-add-repository ppa:ansible/ansible
sudo apt update
sudo apt install ansible
ansible --version
Followed by:
cat >> ~/.ansible.cfg << EOF
[defaults]
host_key_checking = false
EOF
Installed the PowerCLI dependencies on mgmt still!:
sudo snap install powershell --classic
pwsh
// Once you enter PS session run:
Write-Host $PSVersionTable
For example:
Now I had to install the PowerCLI Libraries:
Install-Module VMware.PowerCLI -Scope CurrentUser
Get-Module VMware.PowerCLI -ListAvailable
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore
Set-PowerCLIConfiguration -Scope User -ParticipateInCEIP $false
Above screenshots for future reference, just reply yes to this Y
Leave the PS session and return to ubuntu CLI: sudo apt install remmina onboard
& sudo snap install code --classic
OKAY Test time:
So now I had to create some linked clones to create base VMs for our current VMs... I followed Devins video for DC1: Video
Then I used my own script which was heavily inspired by the video/ Devins Script. Please see the script: https://github.com/Jacob-Mayotte/SYS480/blob/main/cloner.ps1
I ran the script for both 480-fw & xubuntumgmt
Milestone 4.3:
Completed this milestone by following: Devins Guide
Retrieved the LTS version of Ubuntu-server download here: https://mu.releases.ubuntu.com/22.04.1/
For reference:
Config of machine:
User:
NOTE! ISO!!!!!! I just created a new VM via the GUI as seen above, then I pressed start and went thru the install wizard. The network adapter was moved to 480-WAN and immediately received a DCHPv4 addr.
Final:
- Hostname:
xubuntu-server
- Username:
rangeuser
- Network Config: