Configuring Virtual Machines using Azure Automation DSC
A few days ago, I published an article on how to apply a DSC configuration on an Azure Virtual machine. Although there's nothing wrong with publishing a configuration on an Azure Storage Account and having the machines apply it, there's a better way.
Azure offers a service called Automation Accounts, that among other things, let's you publish configurations, register nodes in order to apply them and report on the node status. Let's see how to get it working!
We are going to need and Azure Automation Account to host the configurations, so let's create one:
Now that we have the account, we can upload the configuration file. I've run into issues when trying to upload using the relative path of the file, so please keep it in mind.
The next step after publishing the configuration is to compile it. A compilation task is started with the Start-AzureRmAutomationDscCompilationJob cmdlet:
Give it some time and check the status of the task using the Get-AzureRmAutomationDscCompilationJob cmdlet:
The compilation task has completed, we're ready to register some nodes!
Existing machines can be registered using the Register-AzureRmAutomationDscNode cmdlet:
To automatically register machines upon their creation, you can update their ARM template to include the DSC extension. You may find more information on the extension template here. You're going to need some information for the registration, you can get it using the below command:
Have fun!
Azure offers a service called Automation Accounts, that among other things, let's you publish configurations, register nodes in order to apply them and report on the node status. Let's see how to get it working!
We are going to need and Azure Automation Account to host the configurations, so let's create one:
PS C:\> New-AzureRmAutomationAccount -ResourceGroupName "Blog-DSC" `
-Name "BlogDSCAutomationAccount" `
-Plan Free `
-Location WestEurope
SubscriptionId : e******a-8**c-4**3-9**7-b**********9
ResourceGroupName : Blog-DSC
AutomationAccountName : BlogDSCAutomationAccount
Location : WestEurope
State : Ok
Plan : Basic
Tags : {}
PS C:\>
-Name "BlogDSCAutomationAccount" `
-Plan Free `
-Location WestEurope
SubscriptionId : e******a-8**c-4**3-9**7-b**********9
ResourceGroupName : Blog-DSC
AutomationAccountName : BlogDSCAutomationAccount
Location : WestEurope
State : Ok
Plan : Basic
Tags : {}
PS C:\>
Now that we have the account, we can upload the configuration file. I've run into issues when trying to upload using the relative path of the file, so please keep it in mind.
PS C:\> Import-AzureRmAutomationDscConfiguration -SourcePath C:\Users\admin\Desktop\TestConfig.ps1 `
-Description "Test Configuration" `
-ResourceGroupName Blog-DSC `
-AutomationAccountName "BlogDSCAutomationAccount" `
-Published:$true `
-Force
ResourceGroupName : Blog-DSC
AutomationAccountName : BlogDSCAutomationAccount
Location : WestEurope
State : Published
Name : TestConfig
Tags : {}
Description : Test Configuration
Parameters : {}
LogVerbose : False
PS C:\>
-Description "Test Configuration" `
-ResourceGroupName Blog-DSC `
-AutomationAccountName "BlogDSCAutomationAccount" `
-Published:$true `
-Force
ResourceGroupName : Blog-DSC
AutomationAccountName : BlogDSCAutomationAccount
Location : WestEurope
State : Published
Name : TestConfig
Tags : {}
Description : Test Configuration
Parameters : {}
LogVerbose : False
PS C:\>
The next step after publishing the configuration is to compile it. A compilation task is started with the Start-AzureRmAutomationDscCompilationJob cmdlet:
PS C:\> Start-AzureRmAutomationDscCompilationJob -ResourceGroupName "Blog-DSC" `
-AutomationAccountName "BlogDSCAutomationAccount" `
-ConfigurationName "TestConfig"
ResourceGroupName : Blog-DSC
AutomationAccountName : BlogDSCAutomationAccount
Id : 3******7-0**9-4**a-a**6-4***********1
Status : New
StatusDetails : None
StartTime :
EndTime :
Exception :
JobParameters : {}
ConfigurationName : TestConfig
PS C:\>
-AutomationAccountName "BlogDSCAutomationAccount" `
-ConfigurationName "TestConfig"
ResourceGroupName : Blog-DSC
AutomationAccountName : BlogDSCAutomationAccount
Id : 3******7-0**9-4**a-a**6-4***********1
Status : New
StatusDetails : None
StartTime :
EndTime :
Exception :
JobParameters : {}
ConfigurationName : TestConfig
PS C:\>
Give it some time and check the status of the task using the Get-AzureRmAutomationDscCompilationJob cmdlet:
PS C:\> Get-AzureRmAutomationDscCompilationJob -ResourceGroupName "Blog-DSC" `
-AutomationAccountName "BlogDSCAutomationAccount" `
-ConfigurationName "TestConfig"
ResourceGroupName : Blog-DSC
AutomationAccountName : BlogDSCAutomationAccount
Id : 3******7-0**9-4**a-a************1
Status : Completed
StatusDetails :
Exception :
JobParameters : {}
ConfigurationName : TestConfig
PS C:\>
-AutomationAccountName "BlogDSCAutomationAccount" `
-ConfigurationName "TestConfig"
ResourceGroupName : Blog-DSC
AutomationAccountName : BlogDSCAutomationAccount
Id : 3******7-0**9-4**a-a************1
Status : Completed
StatusDetails :
Exception :
JobParameters : {}
ConfigurationName : TestConfig
PS C:\>
The compilation task has completed, we're ready to register some nodes!
Existing machines can be registered using the Register-AzureRmAutomationDscNode cmdlet:
PS C:\> Register-AzureRmAutomationDscNode -AzureVMName "DSC-Test-002" `
-NodeConfigurationName "TestConfig" `
-ConfigurationMode ApplyAndAutocorrect `
-AzureVMResourceGroup "TestDSC2" `
-AutomationAccountName "BlogDSCAutomationAccount" `
-ResourceGroupName "Blog-DSC"
PS C:\>
-NodeConfigurationName "TestConfig" `
-ConfigurationMode ApplyAndAutocorrect `
-AzureVMResourceGroup "TestDSC2" `
-AutomationAccountName "BlogDSCAutomationAccount" `
-ResourceGroupName "Blog-DSC"
PS C:\>
To automatically register machines upon their creation, you can update their ARM template to include the DSC extension. You may find more information on the extension template here. You're going to need some information for the registration, you can get it using the below command:
PS C:\> Get-AzureRmAutomationAccount -Name "BlogDSCAutomationAccount" -ResourceGroupName "Blog-DSC" | Get-AzureRmAutomationRegistrationInfo
ResourceGroupName : Blog-DSC
AutomationAccountName : BlogDSCAutomationAccount
PrimaryKey : erA5niqoR3rfHWIArGK7rwNOmtpexdg******************==
SecondaryKey : 5T4ScJtDKko95LMac/vlLVJ6IBWPY6w****************==
Endpoint : https://we-agentservice-prod-1.azure-automation.net/accounts/**********
PS C:\>
ResourceGroupName : Blog-DSC
AutomationAccountName : BlogDSCAutomationAccount
PrimaryKey : erA5niqoR3rfHWIArGK7rwNOmtpexdg******************==
SecondaryKey : 5T4ScJtDKko95LMac/vlLVJ6IBWPY6w****************==
Endpoint : https://we-agentservice-prod-1.azure-automation.net/accounts/**********
PS C:\>
Have fun!