CloudForms create AD DNS with Ansible

I have come up many times where people request to be able to create AD DNS A Records or CNames for Linux Servers that are not going to be joined to the domain, I will go through how we can use Ansible Tower to do this for us. This is very similar to the AD Computer object however we also need to get the IP address as an extra variable for an A Record.

When it comes to Windows and Active Directory I am a big fan of using Ansible with Powershell DSC. There is a wealth of documentation on the DSC here.

PowerShell Github

What I do is point my playbook to a windows host in this example I will use my domain controller, now this gives us a unique issue when using CloudForms, because by default CloudForms sends the limit value of the VM you use, but we wouldn’t want to override this, whats more we want to send extra variables which we need to get out of Cloudforms dynamically and send on.

Lets take a look at the Ansible Playbook first

  • name: create DNS Record
    hosts: dc01
    gather_facts: no
  • name: Add a powershell module
    name: xDnsServer
    state: present

  • name: Invoke DSC with check mode
    resource_name: xDnsRecord
    Name: “{{ vm_name }}”
    Target: “{{ ip_addr }}”
    Type: “{{ type }}”
    Ensure: “{{ ensure }}”
    DnsServer: localhost
    Zone: “{{ zone }}”


The first play we need to make sure the powershell module is installed for DNS we need xDnsServer the documentation for this module is here xDnsServer Github

Once this is installed we can go ahead and use it for an A Record we pass the following extra variables

vm_name – Name of the VM Instance we are adding to DNS

TargetĀ  – The IP address of the VM

Type – A Record of CName ( if we left this out ARecord is default )

Ensure – wither present of absent set this as a variable so we can use it for both options

DnsServer – as I am doing this on a Domain Controller that is also a DNS server I set this at the default of localhost but you may need to change it to point to you DNS Server

Zone – dns Zone.

I am not going to go over the vm_name automation code as its defined in the computer object blog post here

To get the IP we have to get it from hardware under the vm

# Get the VM IP so we can pass this to Ansible as an Extra Variable
# We’ve been called from a button on the VM object, so we know that
# $evm.root[‘vm’] will be loaded
vm = $evm.root[‘vm’] # set ipaddr to be the instance ipaddr
ipaddr = “#{vm.hardware.ipaddresses[0]}”
# Lines 14 to 19 will show in the output in the automation log to debug is line 21 is set to true
def dump_root()
$evm.log(:info, “Begin $evm.root.attributes”)
$evm.root.attributes.sort.each { |k, v| $evm.log(:info, “\t Attribute: #{k} = #{v}”)}
$evm.log(:info, “End $evm.root.attributes”)
$evm.log(:info, “”)

debug = false # enable/disable debug logging in evm.log

# Dump the attributes of $evm.root
dump_root if debug

# Set the form field to be read-only so the user cannot change it
$evm.object[‘read_only’] = true
# Set the Dialog to the ipaddr
$evm.object[“value”] = ipaddr
$evm.log(:info, “$evm.object[‘value’]: #{$evm.object[‘value’].inspect}”)

Note: the important part is where we get the IP from

ipaddr = “#{vm.hardware.ipaddresses[0]}”

I added the [0] on the end as I have 2 IP’s on my vm ipv4 and ipv6 and it will bring down both which wont help us for this module so [0] if the first one and just like the vmname we then publish this into the dialog as read only.

The IP is set to a dynamic


type is hard coded to ARecord


Zone is a dropdown list so you can select the DNS zone if needed and I set a default value


and Ensure is set to Present


Finally we create a button for this identical to the Computer Object other than we set the job_template_name to this one


We can now create AD ARecords

Leave a Reply

Your email address will not be published. Required fields are marked *