In this blog post, I am going to cover the setup of the Active Directory integration with vRealize Automation using LDAPS.
Cloud Assembly supports integration with Active Directory servers to provide out of the box creation of computer accounts in a specified Organizational Unit (OU) within an Active Directory server prior to provisioning a virtual machine.
Note: to join to AD within the Guest OS, you can use CloudConfig properties or vSphere CustomizationSpec.
The VMware official documentation doesn’t really call out LDAPS configuration, only LDAP. So after helping a customer configure this, I thought I’d quickly write something up.
To get started, login into vRealize Automation and select Cloud Assembly.
Move into the “Deploy-FAH” folder, and edit the terraform.tfvars file as needed;
Below is an example;
// Name of the vSphere server. E.g "vcsa.vmware.local"
vsphere_server = "vcenter.veducate.local"
// User on the vSphere server. E.g "[email protected]"
vsphere_user = "[email protected]"
// Password of the user on the vSphere server. E.g "password"
vsphere_password = "Password1234!"
// Name of the vSphere data center. E.g "datacenter"
vsphere_datacenter = "Datacenter"
// Name of the vSphere cluster. E.g "Cluster"
vsphere_cluster = "Cluster"
// Name or IP of the vSphere host in the cluster to deploy your VM to. E.g "esxi-01" or "192.168.1.20"
vsphere_host = "10.10.2.4"
// Name of the vSphere data store to use for the VMs. E.g "VSAN"
vsphere_datastore = "Datastore"
// Network to connect virtual machine
vm_network = "Freale_NW1"
// Number of instances to deploy
instance_count = 2
// VM Machine Name (an index will be appended i.e FAH-1, FAH-2,)
vm_name = "dean-test"
// Number of CPUs to set on deployed Virtual Machines
num_cpu = 2
// Memory to set on deployed Virtual Machines (in MB)
memory = 4096
// Name of vSphere Resouce Pool to be created. E.g "FAH-VMs"
vsphere_resource_pool = "dean-test"
// Name of VM folder to be created. E.g "FAH-VMs"
vsphere_vm_folder = "dean-test"
// Location of OVA file if using a local location - if using remote location, leave this as null
local_ovf_path = "/home/dean/Deploy-FAH-3/VMware-Appliance-FaH_1.0.4.ova"
// Location of OVA file if using a remote location - if using local location, leave this as null
// Enable SSH in FAH Appliance (True or False)
ssh_enable = "True"
// FAH appliance root password
root_password = "VMware1!"
// FAH Username you wish to be associated with in the statistics tables
fah_user = ""
// FAH Team you wish to be associated with in the statistics tables
fah_team = "52737"
// FAH Passkey to verify your user in the statistical tables (this is optional from FAH project)
fah_passkey = "unique_id"
That’s it, no more changes needed, it’s as simple as running the following to deploy your appliances;
#This will download the terraform providers as needed
#This will show you the planned changes and make sure they are possible
#This will run the configuration to run the deployment
You can use the latest version of Terraform, version 0.13.5 as of the publishing of this post.
This terraform configuration uses some advance configuration in the folder “FAH-Appliance”, under the main.tf file. Here it reads the “remote_ovf_path” variable, and acts based on if it is null or not. If there is a variable set, then it runs the command to deploy from a remote location. If variable is null, then it looks to the “local_ovf_path”, and processes this to deploy an OVF/OVA from the local location.
Thanks to Grant Orchard from HashiCorp helping me with this part of the config.
Interesting in where you can take this further, check out this post from Robert Jenson, using VMware CodeStream for an Infrastructure as Code deployment using GitHub as a source repository, and terraform for the deployment.
My fourth blog posts is with one of my favourite online personalities, Chris Wahl, a person whom I’ve followed the blog of for a long time. I won’t add too much preface to this, and dive straight in.
1. So Chris, you’ve are known in the community for two main subject area’s, networking and scripting, as well as technical author, but can you give me a quick run down of yourself for those whom are not completely familiar of your work?
Over the past 18 years of being employed in the technology sector, I’d boil it down to spending a lot of time problem solving as either a customer or consultant in various environments. I’m most proud of having published Networking for VMware Administratorswith my friend Steve Pantol, achieving the VMware Certified Design Expert (VCDX) certification, and publishing over 70 episodes of the Datanauts Podcast with my co-host Ethan Banks. I use the words “snazzy” and “groovy” frequently while also borrowing quotes and images from my hero, SpongeBob, while focusing on the wonderful world of Startup Life at Rubrik as the Chief Technical Evangelist.
2. What is the biggest challenge you have in your job day-to-day at the moment.
Imagine a formula one racecar zooming down the motorway. It’s really fast, right? Now, imagine that Ellon Musk strapped a pair of SpaceX rockets to the sides. That’s a bit what it’s like to work at a startup – very fast paced. My biggest challenge is keeping up to date with engineering, product, sales, marketing, and support while traveling the world to spend time and attention on customers, their needs, and how they can be met by the team. Every job I’ve ever held has eventually become boring, but I think I’ve finally met my match for finding something that is as interesting as it is challenging.
3. If you’re hiring, what are you looking for in the candidate?
Finding people with the ability to be self-sufficient and take the initiative is my biggest focus. I prefer to set a goal and let someone figure out the best way to achieve it while being available for assistance of guidance when required. My experience has taught me that most everything else will fall into place if someone has the will and energy to get their work done when they know that I’m not watching their every move.
4. How do you expect the IT landscape to change over the next 5 years, and how do you expect this to affect your role?
I think it’s really all about the various applications that we build and maintain, and the evolution in how we build and maintain them. All of the change we’re going through is really focused on those two things. In five years, I would expect a lot more of the world to operate in a Kubernetes type model – build pools, assign units of work, execute in the pools, and store data where a policy engine dictates.
Those that can help organizations with this process will prosper, which is one of my main focuses at Rubrik – both in term of our software, but also how I approach engaging with other IT professionals. Embracing the concepts required to build and maintain the next generation of applications – such as building automation tasks using an API and planting those into an orchestration engine – are the future. How much of this future applies to any one individual is variable, but the overall model makes a lot of sense and is the only real way to construct applications for the needs of 2020 and beyond.
5. What’s the costliest mistake you’ve made in your career?
I once pushed a script into production that accidentally wiped the system32 directory from any Active Directory attached computer object that pulled down a gpupdate. Even though I caught the mistake quickly, it required my team and me to stream new OS images to over 100 PCs over the course of a day. It may not have been the most expensive from a dollars perspective, but it taught me the lesson of testing and not being too avant-garde with automation. It took me a while to bounce back from this mistake and feel confident in my abilities as a systems administrator.
6. What have been the successes and failures of your blog site so far?
I’ve never really thought of my blog in those terms. Based on the comments, I think people are able to read the content and learn a thing or two, which is the fuel that keeps me going. I certainly have looked things up on my blog on more than one occasion. Beyond that, it continues to be a place where I can explore my own thoughts and keep from forgetting the things that I’ve learned. I’m happy that the virtualization community has been kind enough to vote for the site in a handful of ranking systems – such as Eric Siebert’s Top vBlog survey – but am not particularly motivated on a day-by-day basis for such things.
My worst failure is anytime I get something wrong on the site. It makes me feel nauseous thinking that I misinformed anyone. Fortunately, most readers are quite lovely people who offer constructive feedback and I try to fix any mistakes promptly.
7. What tips can you provide to anyone blogging or thinking about starting?
Some ideas off the top off my head:
Don’t worry about creating content about a topic that others have written about.
Offer your opinions – the why of something is almost always more interesting than the what of something.
Be honest about why you are writing something.
If you can’t think of a topic, visit Reddit / VMTN forum / Slack / Twitter and see what sorts of questions are being asked. I used the VMTN forums for years to answer questions in long-form on the blog. People seemed to like that.
8. Any tips for people getting started in IT, or looking for a focus/direction?
Technology is a vast and multi-faceted environment. Try to find something that resonates with you personally. I started as a developer writing COBOL and hated it (although the COBOL probably had more to do with it than anything else). I switched majors and became a network engineer because it was so much fun to me! Now, I’m enjoying a little bit of both worlds. There’s also a bazillion free learning sites, and some really inexpensive non-free learning sites (Pluralsight), which really kill off any excuses to get started in just about any area of technology.
9. Powershell is definitely a skill that future engineers need to know, what were you’re first steps into coding?
Hah. Well, I’d certainly like to think that PowerShell is a definite skill to learn, but I think it’s one of many great frameworks out there to choose from. But, if you do decide to go down the PowerShell route, I’d say that starting backwards helps. My first bits of code in PowerShell were to solve existing problems, such as building Active Directory accounts or starting a Windows service. It’s hard to learn a language without a focus. Start with those little tasks and use them to build your knowledge of the syntax and commands. From there, the rest of the journey is all about structure, formatting, and efficient ways to create code.
I didn’t have many resources to pull from when I first started to learn PowerShell, but now days there are a plethora of books and online courses to view. My advice to my younger self would be to learn more about the structure of writing good code as early as possible – such as building functions and modules with comments, limiting a function to a single set of inputs and outputs, and keeping the logic statements to a minimum for code re-use.
10. The majority of the traditional infrastructure stack can be configured and managed through the likes of PowerShell these days, but what caveats should people be looking for, or aware of?
The major one is the expectation of stability. Try to write your code as if nothing can be taken for granted. Especially not the inputs given to you from others (people or systems). Sanitize everything, test everything, and make sure that what parameters you are requesting are always the ones you expect. If you limit the hazards available from user error, it makes life easier for everyone.
Also, never hard code anything in your scripts or functions. I tend to abstract those into parameters or some sort of external configuration file. This keeps you from having to edit the code for when your infrastructure changes or the environmental configuration changes. This was a lesson I learned over time, and I still wince when I see some of my old functions from the past 8 years.
11. What’s next for Chris Wahl in 2017, what personal and work goals have you set yourself?
My main goals at work are to grow my team by several more people, scale-out the work that is being done to cover the massive global demand, and branch out to new communities across events covering cloud providers, technology stacks, and developer groups.
I plan to attend Microsoft Ignite; DevOps Enterprise Summit; and AWS re:Invent for the first time ever. while still attending as many of the VMware events (VMUG UserCons and VMworld) as I can. However, I also want to send my team to cover a lot of these events to build their brands and relationships in those communities.
My personal goals remain fairly simple – spend as much time with friends and family as possible, cross off more Bourbons and Scotches from my “try it” list, and continue to keep personal fitness as a top priority. The groovy thing about Austin is that it aligns nicely with all three of these goals, and allows me to attend a lot of snazzy tech events – such as OpenStack Summit and Tech Field Days – while also getting to check out SXSW and ACL for some great music.
Chris is a keen blogger, and is how we connected online and in person. Having followed Chris’ blog for a long time as our areas of interest were very similar, networking and virtualisation. A few years ago I attended the UK VMUG, and managed to meet Chris in person, I found him to be just as likeable and helpful in person as he is online via twitter. This is seen further in his interview responses, who else would admit to accidentally wiping the system32 folder of their companies machines.
Chris has found his place working for the vendor Rubrik. Focusing his efforts on the IT community and automation has his subject matter, I think it speaks volumes that Rubrik took Chris on; who are in the world of backups, and Chris a highly experienced engineer in various areas.
He might not have been the obvious choice to go and work for a company in the backup industry. But when you dig below the surface, when you are an agile company ripping up the rule book, Chris is certainly one of the experts you want on your team.