Milestone 4 ‐ VCenter AD Integration, PowerCLI and Linked Clones - seabar24/SYS-480 GitHub Wiki

Milestone 4.1 Active Directory LDAPs SSO Provider

Link to Installing Certification Authority: https://learn.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/install-the-certification-authority

Installing Windows Certificate Authority

First, ssh from xubuntu-wan to your Windows Domain Controller. We are going to add Active Directory Certificate Services.

To Install ADCS Certificate Authority via Powershell, run the following command:

Install-WindowsFeature ADCS-Cert-Authority -IncludeManagementTools
Install-AdcsCertificationAuthority -CACommonName "sean-DC1-CA" -CAType EnterpriseRootCa -CryptoProviderName "RSA#Microsoft Software Key Storage Provider" -KeyLength 2048 -credential (get-credential) -HashAlgorithmName SHA512

image

After that, reboot your computer once successfully installed. And you will see your Certificate Authority in your Server Manager.

image

Adding vCenter to the Domain

Now that your CA is added, go into your xubuntu and enter your vsphere environment. From here we are going to add vcenter into our domain.

image

Go to the top left and enter Administration

image

From here, go to Single Sign On > Configuration

image

Select Active Directory Domain and click Join AD

image

Enter your AD Credentials and click Join

image

And now your vcenter has joined the Domain

image

From here, go into Deployment > System Configuration > Select vcenter.yourname.local and Reboot Node

image

Enter your reason for reboot as SSO and continue with Rebooting

image

Configuring LDAP

Once rebooting, it will take about 10 minutes for the reboot to take full effect. Vcenter will be down, so continue in an SSH Powershell to run the following commands to add a new OU and Users:

New-ADOrganizationalUnit -Name "480" -Path "DC=sean,DC=local"
New-ADOrganizationalUnit -Name "Accounts" -Path "OU=480,DC=sean,DC=local"
New-ADOrganizationalUnit -Name "ServiceAccounts" -Path "OU=Accounts,OU=480,DC=sean,DC=local"
$password = Read-Host "Please enter a password for the vcenterldap user" -AsSecureString
New-ADUser -Name vcenterldap -GivenName vcenterldap -AccountPassword $password -description "ldap binding for vcenter active directory sso" -DisplayName vcenterldap -Passwordneverexpires $true -Enabled $true -path "OU=ServiceAccounts,OU=Accounts,OU=480,DC=sean,DC=local"

Output:

image

Do a reboot of DC1 and run the following command to get the SSL certificate:

openssl s_client -connect dc1.sean.local:636 -showcerts

Output:

image

Copy the Beginning and End of Certificate and paste it into a file called ldapcert.cert. You can achieve this by opening a file in vi, and entering Shift+Insert.

image

Now, we will enter another SSH session into DC1 and move our Domain Admin to the Accounts OU and create a new vcenter Admin AD-Group. Run the following commands:

Get-ADUser -Identity sean.adm | Move-ADObject -TargetPath "OU=Accounts,OU=480,DC=sean,DC=local"
New-ADGroup -Name "vcenter-admins" -SamAccountName vcenter-admins -GroupCategory Security -GroupScope Global -DisplayName "vcenter-admins" -Path "OU=Accounts,OU=480,DC=sean,DC=local" -Description "Members of this group are vcenter admins"
Add-ADGroupMember -Identity "vcenter-admins" -Members sean.adm

Output:

image

From here, login to vcenter and go back to the Configuration menu in Single Sign On. Select Identity Source and click Add.

image

From here, make sure the following fields are filled out. If not manually add them and then click Add

image

image

Setup for Domain User Login

Head over to Single Sign On Users and Groups > Groups.

image

Edit the Administrators group

image

Change Add Member to yourname.local and in the search enter vcenter-admins. This will add vcenter-admins to the group of Administrators in vcenter. Then click Save.

image

Do a reboot similar to before (Deployment>System Configuration > Reboot Node) and try signing into your Domain User

image

Finally, go over to Single Sign On again and set the Identity Sources user you added as the Default

image

Milestone 4.2 Powershell, PowerCLI and Our First Clone

Login to the xubuntu wan and go to this site to download the dependencies for both Ansible and PowerCLI: Ansible and PowerCLI Dependencies

Ansible Dependencies Commands

sudo apt install sshpass python3-paramiko git
sudo apt-add-repository ppa:ansible/ansible
sudo apt update
sudo apt install ansible
ansible --version

cat >> ~/.ansible.cfg << EOF                                                              
[defaults]
host_key_checking = false
EOF

PowerCLI Dependencies Commands

sudo snap install powershell --classic
pwsh

Write-Host $PSVersionTable

Install-Module VMware.PowerCLI -Scope CurrentUser
Get-Module VMware.PowerCLI -ListAvailable
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore
Set-PowerCLIConfiguration -Scope User -ParticipateInCEIP $false

In xubuntu wan, within the terminal the command pwsh is used to use access PowerShell within Ubuntu.

image

Next, within pwsh, enter a variable for your vcenter called $vcenter and set it equal to your vcenter.yourname.local.

Then connect to your server with the command: Connect-VIServer -Server $vcenter

Then enter your vCenter credentials (From Milestone 3 onward, we can login as our Domain Admin for vCenter)

image

PowerCLI VMWare Commands

Use the command Get-VM to see a list of your VMs:

image

Set another variable called $vm and make it equal to the command:

Get-VM -Name DC1

image

Set another variable for snapshots called $snapshot (Snapshot named may be “Base” depending on your Milestone 2):

$snapshot = Get-Snapshot -VM $vm -Name “sysprepped”

Use the command Get-VMHost to see the Host VM within vCenter

image

Set another variable called $vmhost to get your Host VM:

$vmhost = Get-VMHost -Name “super1.sean.local”

image

Use the command Get-DataStore to see a list of the Datastores within your vCenter

image

Set another variable called $ds that is set to get your largest Datastore:

$ds = Get-Datastore -Name “datastore2-super1”

image

Linked Clones

Set the $linkedClone for the Linked Clone Name:

$linkedClone = “{0}.linked” -f $vm.name

Then create a new Linked Clone VM with the following command, using the previous variables in place of the attributes:

$linkedvm = New-VM -LinkedClone -Name $linkedClone -VM $vm -ReferenceSnapshot $snapshot -VMHost $vmhost -Datastore $ds

image

Create a new variable for a new vm called $newvm, we’ll be using the Linked Clone as the VM:

$newvm = New-VM -Name “server.2019.gui.base” -VM $linkedvm -VMHost $vmhost -Datastore $ds

Wait for the Virtual Machine to be done and check for it by typing $newvm.

image

Then create a new snapshot of the new vm called Base:

image

Then remove the Linked Clone using the command:

$linkedvm | Remove-VM

image

PowerCLI Script

cloner.ps1

Milestone 4.3 Ubuntu Server Base VM and Linked CLones

Log back into your vcenter and rick-click on your Host > New Folder>New VM and Template Folder

image

Name the Folder PROD, then repeat and name the second Folder BASEVM.

image

image

image

Drag and drop the VMs we are using in PROD and the Linked Clone “Base” VMs into BASEVM:

image

Ubuntu.22.04-lts Server Base

From here, download the latest version of Ubuntu 22.04 Live Server and add it to your Datastore2-superX

Download link: https://ubuntu.com/download/server

From here, create a new Base VM similar to the settings below:

  • Name: ubuntu.22.04.lts.base
  • Datastore: datastore2-super1
  • ESXi 8.0 or Later
  • Guest OS: Linux
  • Guest OS Version: Ubuntu Linux (64-bit)

image

  • Thin Provisioned
  • CD/DVD: Datastore ISO File - ubuntu-22.04.3-desktop-amd64.iso

Drag ubuntu.22.04.lts.base into the BASEVM Folder

image

Baselining Ubuntu Server

Power-On the VM and go through the following setup:

Select Install Ubuntu

image

Select Continue

image

Select Minimal Installation and then select Continue. (Ignore Screenshot)

image

Select Erase disk and install Ubuntu then click Install Now

image

Select Continue

image

Select Burlington (Vermont, United States) then Select Continue

image

Enter your credentials for a deployer user similar to below:

image

Click Continue and wait until installation is complete. This will take a few minutes.

Then select Restart Now

image

Sign back in as Deployer and make sure to install SSH as well as make sure to Update when prompted.

Then Power Off the VM and create a snapshot called Base.

Linked Clone for Ubuntu Server Base

Within xubuntu-wan terminal, run a pwsh and create a Linked Clone of the Ubuntu 22.04 lts. (You can follow the cloner.ps1 commands up until creating a new vm.)

Once the linked clone is made, we are going to change the Network Adapter via PowerCLI using the command:

$linkedvm | Get-NetworkAdapter | Set-NetworkAdapter -NetworkName 480-WAN

image

Recording

SYS480 Milestone 4 Recording