🗂 Home Lab¶

🏠 Overview

- Home Lab Overview – Purpose, design, and lab scope.

🖥 Virtualization & Infrastructure

- Manage VMs, Docker containers, and automated provisioning using Proxmox and Cloud-Init.

🔐 Identity & Authentication

- Centralized authentication and SSO using LDAP, Microsoft Entra ID, and OAuth2.

💾 Storage & Backup

- Manage distributed, networked, and file storage plus VM backups using Ceph, iSCSI, NFS, and Proxmox Backup Server.

⚙️ Automation & Orchestration

- Automate provisioning, deployment, and CI/CD workflows using Ansible, Semaphore, Terraform, Jenkins, and GitHub Actions.

🌐 Networking & Services

- Manage Reverse-Proxy, Pi-hole(DNS), and Certificates

📘 Project Management

- Organize issues, track projects, and host documentation using Redmine Configuration.

💻 Infrastructure-as-Code

- Automate provisioning, configuration, and deployment using Ansible, Terraform, and GitHub workflows.

🎯 Learning & Experimentation

- Sandbox for testing infrastructure, DevOps, and security workflows.

Future Expansions

- Track metrics, monitoring, and experimental tools such as Prometheus, Grafana, and other proof-of-concepts.

Wiki

Create a Service Principal in Microsoft Entra ID¶

📘 Step‑by‑Step in the Entra ID UI¶

1. Register a New Application¶

Sign in to Azure Portal.
Navigate to Microsoft Entra ID → App registrations.
Click + New registration.
Fill in:
- Name → Friendly name (e.g., ansible).
- Supported account types → Usually “Accounts in this organizational directory only.”
- Redirect URI → Optional unless you plan to use OAuth flows.
Click Register.
👉 This creates the Application (client) ID and the associated service principal in your tenant.

2. Create a Client Secret¶

In your new app registration, go to Certificates & secrets.
Under Client secrets, click + New client secret.
Add a description and choose an expiration period.
Click Add.
Copy the Value immediately — this is your Client Secret.
⚠️ Important: You won’t be able to see it again later.

3. Get Tenant ID¶

In Microsoft Entra ID → Overview, copy the Tenant ID (Directory ID).

4. Assign RBAC Permissions¶

Go to Subscriptions in the portal.
Select your subscription.
Click Access control (IAM) → + Add role assignment.
In the wizard:
- Role → Pick Contributor (or whatever role you want, e.g. Privileged administrator roles > Contributor).
- Assign access to → Change this from User, group, or service principal to specifically include service principal.
- Members → Click + Select members.
In the search box, type the name of your app registration (the friendly name you gave it when you registered).
- It will appear under Enterprise applications.
- Select it, then click Review + assign.

5. Collect the Four Values¶

You now have:

Client ID → Application (client) ID from the app registration.
Client Secret → Value from Certificates & secrets.
Tenant ID → Directory ID from Entra ID overview.
Subscription ID → From Subscriptions overview.

These four values are what Ansible uses to authenticate and obtain tokens.

✅ Summary¶

In the Entra ID UI, you register an app → this creates the service principal.
You then create a client secret and assign RBAC permissions.
Collect Client ID, Client Secret, Tenant ID, Subscription ID.
Store them securely (e.g., Ansible Vault) and use them in your automation.

Files (0)

Project

General

Profile

Home Lab