CentOS Question posted in
The official documentation can be found here.

Azure – Trying to join VM to domain using JsonADDomainExtension in Terraform – CentOS

Trying to join Azure CentOS VM to existing AD Domain. But, it fails. Error message is cryptic and not helpful.

Tried to join Azure CentOS VM to existing AD Domain using JsonADDomainExtension in Terraform. I have tried the following so far,

  • Manually, I could join VM to domain using ‘realm join’
  • Tried TF code without OUPath -> doesn’t help

Code is very similar to that of https://github.com/Azure/azure-quickstart-templates/blob/master/201-vm-domain-join-existing/azuredeploy.json

resource "azurerm_virtual_machine_extension" "adjoin" {
  name                 = "${azurerm_virtual_machine.testextn01.name}-adjoin"
  location             = "${azurerm_resource_group.testextn.location}"
  resource_group_name  = "${azurerm_resource_group.testextn.name}"
  virtual_machine_name = "${azurerm_virtual_machine.testextn01.name}"
  publisher            = "Microsoft.Compute"
  type                 = "JsonADDomainExtension"
  type_handler_version = "1.3"

  settings = <<SETTINGS
    {
        "Name": "NEXT.CLOUD.COM",
        "User": "DOMAIN\ad-join",
        "OUPath": ""OU=Centos,OU=Servers,OU=Operations,DC=NEXT,DC=CLOUD,DC=COM"",
        "Restart": "true",
        "Options": "3"
    }
SETTINGS
  protected_settings = <<PROTECTED_SETTINGS
    {
      "Password": "topsecret"
    }
  PROTECTED_SETTINGS

}

Terraform apply was not returning back the prompt,

azurerm_virtual_machine_extension.adjoin: Still creating… (1h26m21s elapsed)
azurerm_virtual_machine_extension.adjoin: Still creating… (1h26m31s elapsed)
azurerm_virtual_machine_extension.adjoin: Still creating… (1h26m41s elapsed)
^CInterrupt received.
Please wait for Terraform to exit or data loss may occur.
Gracefully shutting down…
stopping operation…

Error message reads as below in /var/log/waagent.log file,

2019/07/18 05:06:41.630295 ERROR ExtHandler Event: name=Microsoft.Compute.JsonADDomainExtension, op=Install, message=eJytkcFKxDAURff9ivcBTtK0ndZ2N9gRR3B0PxTJJOkQaPJKkmrHrzdUFBcKMrh8i3s4993Ddg7Keo126xy6DvZoV2/KIahZBxAoVQMsq65AWx/4MBBhZHLwQeIUuiRLWU3TirJrSNdNWjZ5Tco0q6oSdvvbR4j0O27loBxspFQSnnYtsHVRQEAQJ4fTCNSfPe09/TipGCf6ygdtp5mflA1EfRp6+qCFQ499IDdoxikocu/RbtoWDdf2q8ozIznJfpHL86K+WM4og+78T37J8kflXJfQF+7ooI+RvED/SlotJPptmwaimgLWwFHbHzNROG4q0JhYHiwG6HGyMnkHeGWxYg==, duration=0

Error message is clueless and not of much help.

Tags:

2

Answers


  1. 0

    You may take attention to the user and OUPath format in your settings, it should not have the ", you could change it to "OUPath":"OU=Centos,OU=Servers,OU=Operations,DC=NEXT,DC=CLOUD,DC=COM",

    Also, you could add depends_on in the extension block as the extension creation replies on the VM generation. You could get more references about using Terraform to join a new Azure Virtual Machine to a Domain from this1 and this2.

    Update

    In fact, your linking template is used to join an existing Windows virtual machine into an existing Windows Active Directory Domain.
    enter image description here

    Login or Signup to reply.
  2. 0

    Per the highlight in the image in the other answer the JsonADDomainExtension is only for Windows.

    In order to join a Linux (CentOS/RHEL/Ubuntu/etc) VM you would need to use a custom #cloud-init runcmd (supports a list of shell commands to run, but don’t embed secrets if you can help it) or #include with a URL to a domain joining shell script into a customData parameter to your VM creation, or use the CustomScriptExtension to execute a shell script that joins your VM to the domain after it is created.

    See an example of the CustomScriptExtension in this other answer: https://stackoverflow.com/a/64981397

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search