Authenticate windows servers with Ansible domain user – kerberos configuration

If you try to connect with Ansible on a Windows machine with your active directory account you will get the error -> the specified credentials were rejected by the server

In order to connect through a domain account you should add some inventory variables and also install some additional components.

If you do not have the appropriate libraries installed, you should get the error shown on the below screenshot.

By trying to install kerberos and requests-kerberos through pip3 I got the error that is listed below.

sudo pip3 install requests-kerberos
Command "/usr/bin/python3.6 -u -c "import setuptools, tokenize;file='/tmp/pip-build-2v_1srr8/pykerberos/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" install --record /tmp/pip-nkj0fa0v-record/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /tmp/pip-build-2v_1srr8/pykerberos/

In order to resolve, first upgrade your pip3 setup tools

pip3 install --upgrade setuptools

Install python3-devel package and other required packages

yum -y install gcc python-devel krb5-devel krb5-libs krb5-workstation

Run setup with pip3 once again. The result should be successful.

Your inventory file should contain the below variables:

ansible_user = admin@DOMAIN.COM (capital letters)
ansible_connection = winrm
ansible_winrm_server_cert_validation = ignore
ansible_password = 
ansible_become_user= admin@DOMAIN.COM
ansible_become_method= runas
ansible_winrm_transport = kerberos

You should also edit Kerberos config file:

vi /etc/krb5.conf

Adjust

[logging]
                 // nothing to edit here
 [libdefaults]
     default_realm = DOMAIN.COM (capital letters)
 [realms]
  DOMAIN.COM (capital letters) = {
      kdc = dc1.domain.com
      kdc = dc2.domain.com
      admin_server = dc1.domain.com
  }
 [domain_realm]
  .domain.com = DOMAIN.COM

Grap a session for your user:

kinit -C admin@EXAMPLE.COM

And you finally can communicate with your Windows machines through an Active Directory account.

https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html

Cannot delete file [Datastore] vmkdump.dumpfile

If you face an issue during the deletion of a dump file that reside on a Datastore, you should deactivate the dump on the host and then try to delete it.

You can get a list of used dumpfiles on your ESXi host by connecting with ssh and performing the below command:

esxcli system coredump file list

This will output the dumpfiles that are currently in use, which will have true on the active column.

In order to de allocate the dump file you should unset the dump file and then retry to delete either by command or with the GUI.

esxcli system coredump file set -u

The command that will force the deletion is the below:

esxcli system coredump file remove -f /vmfs/volumes/volume/vmkdump/11111111-2222-3333-4444-555555555555.dumpfile

Automate your deployments with .gitlab-ci.yml and Openshift – Gitlab Devops

This article describes how to create a Gitlab CI/CD pipeline using gitlab-runner and docker as the build strategy in order to deploy microservices on Openshift.

On my previous articles I have explained how to create your own hosted gitlab instance and deploy a single CI/CD pipeline using gitlab-runner. The whole setup was based on containers, as a result the infrastructure needed can be deployed on Openshift as well.

The pipeline consists of three steps, housekeeping, staging and cleaning. It is based on the default example that gitlab provides and uses oc commands to communicate with Openshift. It is configured to be triggered only for develop branch and every time a new commit is added the build starts.

  • The housekeeping step will remove every resource that has been created from a previous build.
  • The staging step will build the microservices based on your Dockerfile instructions as the build strategy is set to docker.
  • The cleaning task will remove the building pods that have been created from Openshift.

The housekeeping step is allowed to fail so that if no resources are found, the building step will continue its work.

You can see below a simple run of the pipeline.

You can find the code of the pipeline in the below repository:

https://github.com/geralexgr/gitlab-cicd-openshift-deploy/blob/main/gitlab-ci.yml