Configuring Virtual Machines using Azure Automation DSC

A few days ago, I published an article on how to apply a DSC configuration on an Azure Virtual machine. Although there's nothing wrong with publishing a configuration on an Azure Storage Account and having the machines apply it, there's a better way.

Azure offers a service called Automation Accounts, that among  other things, let's you publish configurations, register nodes in order to apply them and report on the node status. Let's see how to get it working!

We are going to need and Azure Automation Account to host the configurations, so let's create one:

PS C:\> New-AzureRmAutomationAccount -ResourceGroupName "Blog-DSC" `
                                     -Name "BlogDSCAutomationAccount" `
                                     -Plan Free `
                                     -Location WestEurope

SubscriptionId        : e******a-8**c-4**3-9**7-b**********9
ResourceGroupName     : Blog-DSC
AutomationAccountName : BlogDSCAutomationAccount
Location              : WestEurope
State                 : Ok
Plan                  : Basic
Tags                  : {}

PS C:\>

Now that we have the account, we can upload the configuration file. I've run into issues when trying to upload using the relative path of the file, so please keep it in mind.

PS C:\> Import-AzureRmAutomationDscConfiguration -SourcePath C:\Users\admin\Desktop\TestConfig.ps1 `
                                                 -Description "Test Configuration" `
                                                 -ResourceGroupName Blog-DSC `
                                                 -AutomationAccountName "BlogDSCAutomationAccount" `
                                                 -Published:$true `
                                                 -Force

ResourceGroupName     : Blog-DSC
AutomationAccountName : BlogDSCAutomationAccount
Location              : WestEurope
State                 : Published
Name                  : TestConfig
Tags                  : {}
Description           : Test Configuration
Parameters            : {}
LogVerbose            : False

PS C:\>

The next step after publishing the configuration is to compile it. A compilation task is started with the Start-AzureRmAutomationDscCompilationJob cmdlet:

PS C:\> Start-AzureRmAutomationDscCompilationJob -ResourceGroupName "Blog-DSC" `
                                                 -AutomationAccountName "BlogDSCAutomationAccount" `
                                                 -ConfigurationName "TestConfig"

ResourceGroupName      : Blog-DSC
AutomationAccountName  : BlogDSCAutomationAccount
Id                     : 3******7-0**9-4**a-a**6-4***********1
Status                 : New
StatusDetails          : None
StartTime              :
EndTime                :
Exception              :
JobParameters          : {}
ConfigurationName      : TestConfig

PS C:\>

Give it some time and check the status of the task using the Get-AzureRmAutomationDscCompilationJob cmdlet:

PS C:\> Get-AzureRmAutomationDscCompilationJob -ResourceGroupName "Blog-DSC" `
                                               -AutomationAccountName "BlogDSCAutomationAccount" `
                                               -ConfigurationName "TestConfig"

ResourceGroupName      : Blog-DSC
AutomationAccountName  : BlogDSCAutomationAccount
Id                     : 3******7-0**9-4**a-a************1
Status                 : Completed
StatusDetails          :
Exception              :
JobParameters          : {}
ConfigurationName      : TestConfig

PS C:\>

The compilation task has completed, we're ready to register some nodes!

Existing machines can be registered using the Register-AzureRmAutomationDscNode cmdlet:

PS C:\> Register-AzureRmAutomationDscNode -AzureVMName "DSC-Test-002" `
                                          -NodeConfigurationName "TestConfig" `
                                          -ConfigurationMode ApplyAndAutocorrect `
                                          -AzureVMResourceGroup "TestDSC2" `
                                          -AutomationAccountName "BlogDSCAutomationAccount" `
                                          -ResourceGroupName "Blog-DSC"

PS C:\>

To automatically register machines upon their creation, you can update their ARM template to include the DSC extension. You may find more information on the extension template here. You're going to need some information for the registration, you can get it using the below command:

PS C:\> Get-AzureRmAutomationAccount -Name "BlogDSCAutomationAccount" -ResourceGroupName "Blog-DSC" | Get-AzureRmAutomationRegistrationInfo

ResourceGroupName : Blog-DSC
AutomationAccountName : BlogDSCAutomationAccount
PrimaryKey : erA5niqoR3rfHWIArGK7rwNOmtpexdg******************==
SecondaryKey : 5T4ScJtDKko95LMac/vlLVJ6IBWPY6w****************==
Endpoint : https://we-agentservice-prod-1.azure-automation.net/accounts/**********

PS C:\>

Have fun!

Popular posts from this blog

Managing Active Directory User Certificates using PowerShell

Domain Controller Machine Password Reset

IIS Client Certificate Revocation Check Disable