▬▬▬▬▬▬ Announcements📢 ▬▬▬▬▬▬▬ 🔥 If you're interested in a step-by-step course to learn the basics of HashiCorp Vault, check this course out: HashiCorp Vault 101 - Certified Vault Associate ► bit.ly/hc-vault101 In this course you will get to: ⭐ Learn everything you need to know about Vault to ace the Vault Associate Exam ⭐ 8+ hours of video content ⭐ Instructor has his camera on making you feel that you're right in the classroom ⭐ Hand-drawn animated diagrams to help you grasp the topics better ⭐ Lots of hands-on labs to learn by doing ⭐ English closed captions that are searchable so you won't miss a word ⭐ Quizzes to help you grasp the material well ⭐ Join our Community
Yes, it is possible to use a windows customization that you already have in vsphere inside terraform. You can use the customize block in the vsphere_virtual_machine resource to specify the windows options for your virtual machine. You can also use the extra_config attribute to pass custom attributes to the guest operating system. registry.terraform.io/providers/hashicorp/vsphere/latest/docs/resources/virtual_machine
Thanks for the code. Now I know how the build a template with Packer and deploying a vm with terraform to vsphere with a domain join included. I only didnt find out how to deploy multiple vm's with it that will also join the domain. Do you know a way? Many thanks in advance!
Great work, you can do that using for_each developer.hashicorp.com/terraform/language/meta-arguments/for_each I talk about it in some of my videos. You can also check out my Terraform 101 course where I talk a lot more about these concepts.
@@TeKanAid thanks for the tip! I have now managed to deploy multiple VMs with a domain join. There is only one comment. It only worked if I took turns adding a VM and then deploying it. In addition, it caused problems with the 3rd vm. I had to delete the 3rd VM a few times and deploy it again. Ultimately, it was also successfully joined to the domain. Is there perhaps a known issue between terraform and vcenter that the VM customization sometimes hangs and therefore the VM is not successfully completed with a domain join? Do you recognize this situation? I was adding like this in my terraform.tfvars file: # Provider Provider settings.. # Infrastructure Infrastructure settings.. # VM Domain Configuration VM Domain Configuration settings.. # VM Network Configuration VM Network Configuration settings.. # VMs vm_names = { "vm1" = "RDS-01" "vm2" = "RDS-02" "vm3" = "RDS-03" } So, if I want to deploy all 3 at the same time, they will not all join the domain and will remain stuck at the VM customization. If i check the console in vsphere then you will see the option to change the administrator password. I will definitely check out your course. many thanks in advance!
@TeKanAid I still managed to deploy several of them, including a domain join, but with a timeout in between. Apparently a timeout is needed with vcenter? Thank you!
@@elvisarayavargas9239 Great work! Terraform runs jobs in parrallel so you should be able to spin up multiple VMs at the same time. Not sure why vCenter required timeouts
Thanks for making the video but it would have really helped if you explained variables and showed the vars files given that main.tf really only calls variables. Your source code related to this video doesn't seem to be the same code you used in the video either
@TeKanAid : Require you help as Iam facing below issue in terraform. I am building windows VM in vmware using Terraform . Issue 1: Sometimes my VM is taking time to boot and during that it is skipping the domain joining customization process. Is there any way to hold the customization process untill the VM boots up completely. Issue 2 : I want to move my VM to specific OU in AD after build
here's a decent answer from ChatGPT, although don't prefer using provisioners in terraform and rather use a configuration manager tool like ansible For lssue 1: If your VM is taking time to boot and it's skipping the domain joining process because of that, you might want to add a delay or check within your Terraform configuration. One way to handle this is by using a provisioner that can pause until the VM is fully booted. Here's a basic example using a remote-exec provisioner that simply waits before proceeding: resource "vsphere_virtual_machine" "vm" { # your existing config provisioner "remote-exec"{ inline ['"while ! timeout 30 ping -c 1 -n YOUR_VM_IP; do sleep 10; done" This snippet tries to ping the VM until it's responsive, ensuring it's up before moving forward. You might need to tweak the timeout and sleep values based on your environment's specifics.
For lssue 2: To move your VM to a specific Organizational Unit (OU) in Active Directory, you'll need to script this out as part of your deployment process, either through initial provisioning with Terraform using a remote-exec provisioner or through a configuration management tool like Ansible, which you might be using. Here's a pseudo way to do it using PowerShell that you can call via remote-exec provisioner "remote-exec" { inline ["powershell.exe -Command \"Add-Computer -DomainName 'yourdomain.com' -OUPath 'OU=YourOU,DC=yourdomain,DC=com\" } This PowerShell command adds the computer to the domain and specifies the OU during the join process. Make sure the account used has permissions to join computers to the domain and move them in AD.
Hi, Can you share the piece code where you actually adding windows domain joining process or just domin_admin_username and password variable is sufficient to add it on domain controller?
Great Explanation!!! I tried with this code and successfully able to deploy a VM and added to th domain. But when i try to deploy multiple VM's by giving the vm-count as 5, getting the below error. Error: Invalid index │ │ on main.tf line 100, in resource "vsphere_virtual_machine" "vm": │ 100: ipv4_netmask = var.ipv4_netmasks[count.index] │ ├──────────────── │ │ count.index is 1 │ │ var.ipv4_netmasks is list of number with 1 element │ │ The given key does not identify an element in this collection value: the given index is greater than or equal to the length of the collection. can you please suggest on this
I haven't tried this myself, but give it a try. Use run_once_command_list: You can use the run_once_command_list parameter to run a PowerShell script or command after the machine is provisioned. This script can include commands to join the domain in a specific OU. Here's an example of how you might adjust your Terraform configuration: resource "vsphere_virtual_machine" "vm" { # ... other configuration ... customize { windows_options { computer_name = "${var.vm-name}-${count.index + 1}" join_domain = var.domain domain_admin_user = var.domain_admin_user domain_admin_password = var.domain_admin_password admin_password = var.local_adminpass # ... other options ... } network_interface { # ... network configuration ... } ipv4_gateway = var.vmgateway timeout = 30 run_once_command_list = [ "powershell.exe -Command \"Add-Computer -DomainName ${var.domain} -OUPath 'OU=YourOU,DC=YourDomain,DC=com' -Credential (New-Object System.Management.Automation.PSCredential ('${var.domain}\\${var.domain_admin_user}', (ConvertTo-SecureString '${var.domain_admin_password}' -AsPlainText -Force))) -Force -Restart\"" ] } } In this example, replace 'OU=YourOU,DC=YourDomain,DC=com' with the actual Distinguished Name of your OU. Also, ensure that the domain_admin_user and domain_admin_password have the necessary permissions to join computers to the specified OU. Note: Directly embedding credentials in Terraform scripts is not recommended for production environments due to security concerns. It's better to use a more secure method to handle credentials, such as using Vault or environment variables.
Question regarding packer, is it possible to target multiple VCenter clusters/hosts? Lets say we have multiple hosts that should get the same template and I want to provide an array of strings instead of 1 hostname type of string? the documention says it is just a string? any tips?
@@TeKanAid Hosts locations are spreaded around the world - though about deploying the same template on every location to save time copying it later and avoid pulling it over internet on other locations.
@@helloworld9730 ok I'm starting to understand what you're saying. From the docs it does show type is string and not a list. I'm thinking either to target a vcenter that manages multiple ESXi hosts. But if we're targeting multiple vcenter servers then we may have to use a for loop on the builder. www.packer.io/docs/templates/hcl_templates/expressions#for-expressions I haven't tried this myself, so see if it works
@@TeKanAid It's working now, thx for fixing it and thx for the article. I am busy setting up on prem Linux & Windows server using Terraform and Azure Devops so this is giving me a good base to work on.
▬▬▬▬▬▬ Announcements📢 ▬▬▬▬▬▬▬
🔥 If you're interested in a step-by-step course to learn the basics of HashiCorp Vault, check this course out:
HashiCorp Vault 101 - Certified Vault Associate ► bit.ly/hc-vault101
In this course you will get to:
⭐ Learn everything you need to know about Vault to ace the Vault Associate Exam
⭐ 8+ hours of video content
⭐ Instructor has his camera on making you feel that you're right in the classroom
⭐ Hand-drawn animated diagrams to help you grasp the topics better
⭐ Lots of hands-on labs to learn by doing
⭐ English closed captions that are searchable so you won't miss a word
⭐ Quizzes to help you grasp the material well
⭐ Join our Community
Thanks for the vid man.
You’re welcome!
As always awesome and very informative content.
Thank you!
Thanks! Is it possible to use a customization specification we already have in the vsphere in the terraform code?
Yes, it is possible to use a windows customization that you already have in vsphere inside terraform. You can use the customize block in the vsphere_virtual_machine resource to specify the windows options for your virtual machine. You can also use the extra_config attribute to pass custom attributes to the guest operating system.
registry.terraform.io/providers/hashicorp/vsphere/latest/docs/resources/virtual_machine
Thanks for the code. Now I know how the build a template with Packer and deploying a vm with terraform to vsphere with a domain join included. I only didnt find out how to deploy multiple vm's with it that will also join the domain. Do you know a way? Many thanks in advance!
Great work, you can do that using for_each developer.hashicorp.com/terraform/language/meta-arguments/for_each
I talk about it in some of my videos. You can also check out my Terraform 101 course where I talk a lot more about these concepts.
@@TeKanAid
thanks for the tip! I have now managed to deploy multiple VMs with a domain join. There is only one comment. It only worked if I took turns adding a VM and then deploying it. In addition, it caused problems with the 3rd vm. I had to delete the 3rd VM a few times and deploy it again. Ultimately, it was also successfully joined to the domain. Is there perhaps a known issue between terraform and vcenter that the VM customization sometimes hangs and therefore the VM is not successfully completed with a domain join? Do you recognize this situation?
I was adding like this in my terraform.tfvars file:
# Provider
Provider settings..
# Infrastructure
Infrastructure settings..
# VM Domain Configuration
VM Domain Configuration settings..
# VM Network Configuration
VM Network Configuration settings..
# VMs
vm_names = {
"vm1" = "RDS-01"
"vm2" = "RDS-02"
"vm3" = "RDS-03"
}
So, if I want to deploy all 3 at the same time, they will not all join the domain and will remain stuck at the VM customization. If i check the console in vsphere then you will see the option to change the administrator password.
I will definitely check out your course.
many thanks in advance!
@TeKanAid I still managed to deploy several of them, including a domain join, but with a timeout in between. Apparently a timeout is needed with vcenter? Thank you!
@@elvisarayavargas9239 Great work! Terraform runs jobs in parrallel so you should be able to spin up multiple VMs at the same time. Not sure why vCenter required timeouts
Thanks for making the video but it would have really helped if you explained variables and showed the vars files given that main.tf really only calls variables.
Your source code related to this video doesn't seem to be the same code you used in the video either
Thanks for the feedback will keep it in mind for future videos.
@TeKanAid :
Require you help as Iam facing below issue in terraform.
I am building windows VM in vmware using Terraform .
Issue 1: Sometimes my VM is taking time to boot and during that it is skipping the domain joining customization process. Is there any way to hold the customization process untill the VM boots up completely.
Issue 2 : I want to move my VM to specific OU in AD after build
here's a decent answer from ChatGPT, although don't prefer using provisioners in terraform and rather use a configuration manager tool like ansible For lssue 1: If your VM is taking time to boot and it's skipping the domain joining process because of that, you might want to add a delay or check within your Terraform configuration. One way to handle this is by using a provisioner that can pause until the VM is fully booted. Here's a basic example using a remote-exec provisioner that simply waits before proceeding:
resource "vsphere_virtual_machine" "vm" { # your existing config provisioner "remote-exec"{ inline ['"while ! timeout 30 ping -c 1 -n YOUR_VM_IP; do sleep 10; done"
This snippet tries to ping the VM until it's responsive, ensuring it's up before moving forward. You might need to tweak the timeout and sleep values based on your environment's specifics.
For lssue 2: To move your VM to a specific Organizational Unit (OU) in Active Directory, you'll need to script this out as part of your deployment process, either through initial provisioning with Terraform using a remote-exec provisioner or through a configuration management tool like Ansible, which you might be using. Here's a pseudo way to do it using PowerShell that you can call via remote-exec
provisioner "remote-exec" { inline
["powershell.exe -Command \"Add-Computer -DomainName 'yourdomain.com' -OUPath 'OU=YourOU,DC=yourdomain,DC=com\" } This PowerShell command adds the computer to the domain and specifies the OU during the join process. Make sure the account used has permissions to join computers to the domain and move them in AD.
Hi, Can you share the piece code where you actually adding windows domain joining process or just domin_admin_username and password variable is sufficient to add it on domain controller?
Hi Charly, you can access the code here tekanaid.com/posts/terraform-vsphere-windows-example-to-join-ad-domain#code
@@TeKanAid Thanks, So can you share the packer template to achieve the same
@@cahrlymca here it is tekanaid.com/posts/hashiCorp-packer-vmware-windows-templates-and-terraform-for-vms#code
Great Explanation!!!
I tried with this code and successfully able to deploy a VM and added to th domain.
But when i try to deploy multiple VM's by giving the vm-count as 5, getting the below error.
Error: Invalid index
│
│ on main.tf line 100, in resource "vsphere_virtual_machine" "vm":
│ 100: ipv4_netmask = var.ipv4_netmasks[count.index]
│ ├────────────────
│ │ count.index is 1
│ │ var.ipv4_netmasks is list of number with 1 element
│
│ The given key does not identify an element in this collection value: the given index is greater than or equal to the length of the collection.
can you please suggest on this
How to join VM in domain from specific OU path?
I haven't tried this myself, but give it a try.
Use run_once_command_list: You can use the run_once_command_list parameter to run a PowerShell script or command after the machine is provisioned. This script can include commands to join the domain in a specific OU.
Here's an example of how you might adjust your Terraform configuration:
resource "vsphere_virtual_machine" "vm" {
# ... other configuration ...
customize {
windows_options {
computer_name = "${var.vm-name}-${count.index + 1}"
join_domain = var.domain
domain_admin_user = var.domain_admin_user
domain_admin_password = var.domain_admin_password
admin_password = var.local_adminpass
# ... other options ...
}
network_interface {
# ... network configuration ...
}
ipv4_gateway = var.vmgateway
timeout = 30
run_once_command_list = [
"powershell.exe -Command \"Add-Computer -DomainName ${var.domain} -OUPath 'OU=YourOU,DC=YourDomain,DC=com' -Credential (New-Object System.Management.Automation.PSCredential ('${var.domain}\\${var.domain_admin_user}', (ConvertTo-SecureString '${var.domain_admin_password}' -AsPlainText -Force))) -Force -Restart\""
]
}
}
In this example, replace 'OU=YourOU,DC=YourDomain,DC=com' with the actual Distinguished Name of your OU. Also, ensure that the domain_admin_user and domain_admin_password have the necessary permissions to join computers to the specified OU.
Note: Directly embedding credentials in Terraform scripts is not recommended for production environments due to security concerns. It's better to use a more secure method to handle credentials, such as using Vault or environment variables.
Question regarding packer, is it possible to target multiple VCenter clusters/hosts? Lets say we have multiple hosts that should get the same template and I want to provide an array of strings instead of 1 hostname type of string? the documention says it is just a string? any tips?
What do you mean by multiple hosts should get the same template? Are these hosts not managed by the same vcenter server?
@@TeKanAid Hosts locations are spreaded around the world - though about deploying the same template on every location to save time copying it later and avoid pulling it over internet on other locations.
@@helloworld9730 ok I'm starting to understand what you're saying. From the docs it does show type is string and not a list. I'm thinking either to target a vcenter that manages multiple ESXi hosts. But if we're targeting multiple vcenter servers then we may have to use a for loop on the builder. www.packer.io/docs/templates/hcl_templates/expressions#for-expressions I haven't tried this myself, so see if it works
Can we create templates in vsphere using Terraform
You would use another HashiCorp product called Packer for that. Take a look at my video on that here ua-cam.com/video/SQnjEcpXX_I/v-deo.html
The article linked from the video is nice but the access to the code doesn't work. I never receive the email.
Sorry about that, there was an issue with the website, could you please try again?
@@TeKanAid It's working now, thx for fixing it and thx for the article. I am busy setting up on prem Linux & Windows server using Terraform and Azure Devops so this is giving me a good base to work on.
@@joeedbkk thanks for confirming! Glad that this video is helping! All the best!
Is it possible to move the VM into an OU after the system is joined to the Domain?
Hi Russell, I couldn't find a way to do it with Terraform. Perhaps using Ansible