Building an Azure lab – Step-by-step Azure Automation DSC


This post will take you through the steps necessary to configure Azure Automation DSC using the ARM (Azure Resource Manager) Portal UI.

As always in the Building an Azure lab series:
Disclaimer for those who want to build based on these “Building an Azure lab” guides:
I’m not claiming these are best practices, or that these are “the way to go”. I’m simply providing step-by-step guides set up by me, and my colleagues on occasion, to document how we did things to achieve the goals that were set. These guides get the job done, for me.

That said, let’s get started.

Create a very basic DSC script:

Configuration DSCTest
{
    Import-DscResource -ModuleName 'PSDesiredStateConfiguration'
    Node "tempfile"
    {
        File CreateFile {
            DestinationPath = 'C:\Temp\Test.txt'
            Ensure = "Present"
            Contents = 'MSFreaks Azure Lab test!'
        }
    }
}

Save this script as “DSCTest.ps1” somewhere you can find it, you’ll need it later.
The purpose of the script is to create a bogus file “Test.txt” in a C:\Temp folder.

Log on to the ARM portal.

This guide describes methods for adding the Azure Automation DSC to existing VMs.
Create a new VM or make sure you have one available for this test.

Create an Automation account if you have not done so yet.
I prefer to put this in a new resource group, but that’s up to you to decide.

AzureRMDSC01
Click New, click Management, click Automation, fill in the fields to your liking and create the automation account.

Browse to your automation account.
AzureRMDSC02
Click DSC Configurations.

AzureRMDSC03
Click the Add a configuration button.

AzureRMDSC04
Browse to the DSCTest.ps1 file and click OK.

AzureRMDSC05
When it’s uploaded it gets the Published status. Click the DSCTest published file.

AzureRMDSC06
Notice that even though it’s published, it’s not compiled yet. Click the Compile button.

A job will be queued to compile the published DSCTest.ps1. This might take a few minutes to complete.
When the compile job is done browse to your automation account and notice that a DSC Node Configuration item was created.

AzureRMDSC21
If you click that item you’ll notice that a Node Configuration item named DSCTest.tempfile was created. DSCTest is of course the name of the Configuration as defined in the script, and tempfile is the name of the node configuration as defined in the script. For those not really familiar with this concept in DSC, this means you can add multiple node configurations to a single script allowing for grouping of node functionality and such.

Back in the automation account:
AzureRMDSC07
Click the DSC Nodes button.

Notice that you can both add Azure VMs and on-premises machines from here:
AzureRMDSC08

Adding an Azure VM
AzureRMDSC09
Click the Add Azure VM button.

Click Select Virtual Machines to onboard:
AzureRMDSC10
Select the Virtual Machine(s) you wish to onboard and click OK.

Click Configure Registration Data:
AzureRMDSC11
Enter DSCTest.tempfile in the Node Configuration Name box. I’m hoping this will eventually be a dropdown listing all the Node Configurations available, but for now you need to type it in.
The 30 minutes and 15 minutes values shown are the lowest possible values you can use. The first one determines how often DSC checks if the node configuration needs to be updated, the second one determines how often DSC reapplies the configuration if so configured and how often it reports the state if so configured.
The dropdown box I highlighted in the screenshot determines the configuration mode for this DSC script.
ApplyAndMonitor means that the state is applied and status is reported back to Azure Automation DSC.
ApplyOnly means that the state is applied, and that’s it.
ApplyAndAutoCorrect means that the state is applied and is reapplied whenever the state is no longer compliant with the original applied state, for whatever reason. State is reported back to Azure Automation DSC as well.
I selected ApplyAndAutoCorrect for this test.
Click Create when you have selected a VM and have configured the registration data.

Grab a cup of coffee, enjoy the sun, or whatever. Adding a Node can take up to 10 minutes to complete..
I have noticed that sometimes the ARM will report this step as failure, but the node was added nonetheless, with the correct configuration, no errors in DSC logs, etc. I don’t know if this is a bug in ARM or if I’m doing anything that (sometimes) generates an error.

When the node is added (and configured!) you’ll see the node with its status in the DSC Nodes blade:
AzureRMDSC12
It shows as Compliant so we expect that the script was run and that indeed the intended file creation has happened.

Adding an on-premises VM
AzureRMDSC13
Click the Add on-prem VM button.
Doing this will take you to a page explaining how to add an Azure VM or a non-Azure VM or physical machine, meaning you can’t do this from the portal (yet).

Pre-requisites for adding a machine from outside of Azure:
– WMF 5.0 installed
– Internet access from the machine

On the machine you want to add:
Create a temp folder for the files needed to register this machine into Azure Automation DSC. I simply used C:\temp for this.
Copy the DSC Configuration script found in step 2 for DSC Configuration on https://azure.microsoft.com/en-us/documentation/articles/automation-dsc-onboarding/#generating-dsc-metaconfigurations. Use this to create a .ps1 file in the temp folder. I simply used ‘aadsc.ps1’ for this.
Edit the script, specifically the block starting at line 91:
AzureRMDSC14
RegistrationURL and RegistrationKey can be found by browsing to your automation account, clicking All settings, and clicking Keys:
AzureRMDSC15
ComputerName is defined as an array and must be edited with the name(s) of the machine(s) you want to onboard. Since I’m adding a single machine here, I edited it to “ComputerName = @(‘ITWMFA’);”.
NodeConfigurationName should hold the Node Configuration name you want to apply so in my case I changed this to “NodeConfigurationName = ‘DSCTest.tempfile’;”
I also changed the value for ConfigurationMode to ApplyAndAutoCorrect.
Review the other settings and change where needed.

Now open an elevated PowerShell prompt, browse to your temp folder holding the modified .ps1 and execute the .ps1 file:
AzureRMDSC16
This will create a .mof file needed for the DSC configuration in a folder called DscMetaConfigs in your temp folder.

To actually configure DSC, execute the following command:

Set-DscLocalConfigurationManager -Path <path to DscMetaConfigs folder>' -ComputerName <servername>

So in my case I executed the follwowing:

Set-DscLocalConfigurationManager -Path 'c:\temp\DscMetaConfigs' -ComputerName ITWMFA

AzureRMDSC17
Which should execute without any errors. And without any feedback by the way.

Now browse to the DSC Nodes blade:
AzureRMDSC18
Not only was the on-premises VM successfully added as a DSC Node, it has also applied the Node Configuration successfully.

Let’s have a look at the Azure VM in the portal.
If you browse to it in the portal and then click Extensions in the settings blade, you’ll notice the VM now has an extension configured, specifically the extension to handle DSC configurations:
AzureRMDSC19

On the VM itself:
AzureRMDSC20
The file (and the folder!) have been created as expected. If you also selected ApplyAndAutoCorrect for the configuration mode you’d be able to delete the file or the folder and it would be re-created within 15 minutes!

What if we need to troubleshoot Azure DSC on an Azure VM? Logging or error reporting in the portal is mostly limited to telling you something went wrong.
Logfiles for the DSC configuration can be found in C:\WindowsAzure\Logs\Plugins\Microsoft.Powershell.DSC\2.14.0.0 on the VM itself.
You’ll find 2 types of log files here. “CommandExecution” is the log file for the DSC module, while “DscExtensionHandler” is de log file for the DSC node configuration scripts.
Beside those logfiles you can also check the EventVwr logs in Applications and Services logs – Microsoft – Windows Azure – Status – Plugins.
For non-Azure machines you’d check Powershell DSC troubleshooting.

And so another step in the Azure Lab series is completed.
We can now use Powershell DSC managed by Azure Automation and use that to apply Desired State to Azure VMs and even non-Azure machines. We also know how and where to look for logs in case we need to troubleshoot Azure Automation DSC.

 

Arjan

20+ years experience in Microsoft powered environments. Enjoy automating stuff using scripts, powershell, and even batch files. In my free time (hah! as if there is any) I hunt achievements and gamerscore on anything Xbox Live enabled (Windows Mobile, Windows 8, Windows 10, Xbox 360 and Xbox One). When I'm not doing that I enjoy traveling or riding my Yamaha R1 on the edge ;)

Tagged with: , , , , ,
Posted in Azure, DSC, Step-by-Step guide
9 comments on “Building an Azure lab – Step-by-step Azure Automation DSC
  1. Dale says:

    The DSC script fails to compile goes into suspended mode

    • Arjan Mensch says:

      Hi Dale,
      It looks like WordPress changed something in the way they parse code on their webpages.
      Ik think that if you replace " with the actual double-quote thingy, that it will work again.

  2. Dale says:

    OK its erroring on the & quot signs, in PowerShell and in DSC complier with this error is that where the ” should go.
    Sorry just trying to learn and understand so I can actually build what I want.

    Error:
    Exception calling “NewScriptBlock” with “1” argument(s): “At line:4 char:9 + Node "tempfile" + ~ Unexpected token ‘&’ in expression or statement.

  3. Dale says:

    Exception calling “NewScriptBlock” with “1” argument(s): “At line:4 char:9 + Node “"tempfile&quot”; + ~ Unexpected token ‘&’ in expression or statement.

    %%$$#@@$#@ web page put the quotes back in

  4. Dale says:

    should look like this???

    Configuration DSCTest {
    Import-DscResource -ModuleName ‘PSDesiredStateConfiguration’
    Node ‘tempfile’
    {
    File CreateFile {
    DestinationPath = ‘C:\Temp\Test.txt’
    Ensure = ‘Present’
    Contents = ‘Azure Lab test file!’
    }
    }
    }

    • Dale says:

      success

      I am doing the happy dance, you just can’t see me….. And you will never get that image out of you head….

      • Arjan Mensch says:

        Hi Dale,
        Glad you figured it out. Looks like WordPress changed the way they display code.. I’ll look into the changes sometime soon and fix all the other display errors across all my posts as well.

  5. Dale says:

    Why is the Word after Node tempfile in Quotes, I look at different sites all over the web including the Azure site itself, Some words after NODE have no quotes other do???? Any idea why or which is the proper way?

    Node “tempfile” or Node tempfile

    I am looking to make them all standardized if I can and just want to be clear, why I need quotes around tempfile.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog Authors
Donate Button

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 322 other followers

Blog Stats
  • 1,913,769 hits
%d bloggers like this: