Azure Automation with DSC

In this lab we will create a Desired State Configuration (DSC) file. We will import the DSC file into an Azure Automation Account, compile it, and then apply the configuration to Azure Virtual Machines (VMs).

DevOps Course Source:

This lab is used in the following courses.

Pre-requisites:

Lab Tasks:

  • Create a DSC configuration file, import it into an Azure Automation Account, and compile it.
  • Apply the DSC configuration to Azure VMs.

Estimated Lab Time:

  • Approx. 40 minutes.

Task 1: Create a DSC configuration file, import it into an Azure Automation Account, and compile it.

  1. In your local environment, copy the following code, paste it into a new Windows PowerShell DSC Configuration file, and save the file locally as LabConfig.ps1.

     configuration LabConfig
 {
     Node WebServer
     {
         WindowsFeature IIS
         {
             Ensure = 'Present'
             Name = 'Web-Server'
             IncludeAllSubFeature = $true
         }
     }
 }

Note: If you prefer, you can also use a pre-existing version of the file LabConfig.ps1. You can download the file in RAW format from Microsoft’s Parts Unlimited GitHub repository.

  1. In Azure Portal, navigate to the Azure Automation Account you created in the previous lab. Go to Configuration Management > State configuration DSC. Select the Configurations tab from the State Configuration DSC pane.

    Screenshot of the State Configuration DSC pane for the DevOpslabs1 Automation Account inside Azure Portal. Four previously described display elements are highlighted to illustrate the user actions that are required to navigate to the Import Configuration pane.

  2. Choose + Add. From inside the Import configuration pane, select the script file LabConfig.ps1 that you created in the previous task. Then choose the OK button.

    Screenshot of the Import Configuration pane for the DevOpslabs1 Automation Account inside Azure Portal. Four previously described display elements are highlighted to illustrate the user actions that are required to import the script local DSC configuration file LabConfig.ps1.

  3. Select the Refresh button to verify that the configuration file loaded. Then click on the file name LabConfig.

    Screenshot of the State Configuration DSC pane for the DevOpslabs1 Automation Account inside Azure Portal. The Refresh button is highlighted to illustrate the user action that is required to update the information shown inside the State Configuration DSC pane. The imported DSC configuration file LabConfig is also highlighted to indicate how to locate the list of imported configuration files from within the State Configuration DSC pane.

  4. When the LabConfig Configuration pane opens, select the Compile button. Choose Yes, if you are prompted to confirm that you want to compile the configuration. Wait for the compile operation to complete, then confirm that the Compilation jobs status is Completed.

    The configuration file may take up to 15 minutes to compile.

    Screenshot of the LabConfig Configuration pane for the DevOpslabs1 Automation Account inside Azure Portal. The Compile button is highlighted to indicate the location of the button within the LabConfig Configuration pane. The Compilation Jobs display element is also highlighted, and its status is shown as Completed, which illustrates how to verify that an imported DSC configuration file has been compiled successfully.

Task 2: Apply DSC configuration to Azure Virtual Machines

We will now apply the DSC configuration file to the VMs that you provisioned in the previous lab (Azure Automation Runbook Deployments lab).

Note: To continue with this lab task, ensure that you have completed the previous lab successfully and that the required VMs are present. If the VMs are not present, complete the previous lab before you proceed.

  1. In Azure Portal, navigate to the Azure Automation Account you created in the previous lab. Go to Configuration Management > State configuration DSC. Choose the Nodes tab from the State Configuration DSC pane. Select the + Add button.

    Screenshot of the State configuration DSC Nodes tab, inside Azure Portal, for the DevOpslabs1 Automation Account. The five screen elements described in step 1 are highlighted to illustrate how to access the Nodes tab from within Azure Portal, for adding a DSC configuration file to the Automation Account.

  2. Choose the first VM vm1. Select the + Connect button to add the Azure VMs to your Automation Account, from the vm1 Connection Status pane.

    Screenshot of the Add Virtual Machines section inside the State Configuration DSC pane, within Azure Portal. The image illustrates how to connect an existing VM to the Automation Account. The first listed VM i.e. vm1 is highlighted to indicate the display element that is used for selecting a VM from the list. An inset overlay screenshot of the vm1 Connection Status pane is also shown. The + Connect button inside the vm1 Connection Status pane is highlighted to indicate the location of the button.

  3. Specify the following settings for the VM, inside the Registration pane. When you have entered the settings, select the OK button.

    • Registration key: Primary key
    • Node Configuration Name: LabConfig.WebServer
    • Refresh Frequency: 30
    • Configuration Mode Frequency: 15
    • Configuration Mode: ApplyAndAutoCorrect
    • Allow Module Override: check the checkbox
    • Reboot Node if Needed: check the checkbox
    • Action after Reboot: ContinueConfiguration

    Screenshot of the Registration pane for applying a State Configuration DSC to a VM within Azure Portal. The display elements for inputting each of the previously described settings are highlighted to illustrate the process of registering a VM.

  4. It may take 15 minutes to connect to vm1 and apply the DSC configuration. While you wait for operations on vm1 to be completed, repeat steps 2 and 3 for the second VM i.e. vm2.

    You can select the Notifications icon to open the Notifications pane, to monitor the progress of the VM connection and DSC configuration operations.

    Screenshot of the Notifications pane in Azure Portal. Two notifications are depicted which state that the State Configuration DSC resource is connecting to vm1 and to vm2. The display icon that represents the Notifications pane is highlighted in the top menu, to illustrate how to access the Notifications pane from the top menu. The starting time for each VM connection operation is also highlighted within each of the two notification messages, to illustrate how the Notifications pane can be used to monitor the progress of DSC configuration operations.

    When the operations are completed the Successfully connected VM message will be shown in the Notifications pane.

    Screenshot of the Notifications pane in Azure Portal. Two notifications are highlighted which state that the State Configuration DSC resource has successfully connected to vm1 and to vm2. The two connection success notification messages are highlighted to illustrate how the Notifications pane can be used to indicate when DSC configuration operations have completed successfully.

  5. Once the operations are completed, navigate back the State Configuration DSC pane. In the Nodes tab, the VMs status should now be listed as compliant. You may need to select the Refresh button.

    Screenshot of the Nodes tab inside the State Configuration DSC pane in Azure Portal. The Status of two VMs is shown as Compliant. The Status display element is highlighted to illustrate how to verify that the Node Status for each VM is set to Compliant.

  6. Obtain the public IP Address of the Load Balancer that was generated as part of the previous lab (Azure Automation Runbook Deployments lab).

    Form the menu on the left, choose All Resources. Select the Load Balancer, i.e. rg1lb, from the list of resources inside the All Resources pane.

    Screenshot of a list of provisioned Azure resources within the All Resources pane, inside Azure Portal. The All resources button in the Azure menu is highlighted to indicate how to access the All Resources pane from the Azure menu. In the list of resources, the Load Balancer rg1lb is highlighted to illustrate how to select the resource from inside the All Resources pane. User interaction with both highlighted screen elements is required for obtaining the public IP address of the Load Balancer.

    Copy the public IP Address of the Load Balancer shown in the Public IP address field, from inside the Resource Details Overview pane for the Load Balancer.

    Screenshot of the Resource Details Overview pane for the Load Balancer rg1lb, inside Azure Portal. The display element showing the public IP address of the Load Balancer is highlighted, to illustrate how to obtain the public IP address of the Load Balancer from inside the Resource Details Overview pane.

    Verify that changes took effect by pasting public IP Address of the Load Balancer into the address bar of a web browser, and browsing to address. You should see the default Internet Information Services (IIS) web page, if your changes were applied successfully.

    Screenshot of the Internet Information Services web page for Windows Server, displayed inside a web browser. The address bar is highlighted to indicate where to paste the public IP Address of the Load Balancer. The web page illustrates the landing page for the Load Balancer's IP address, and indicates that the changes made by the DSC configuration has been applied successfully.

Summary

You have successfully applied a DSC defined configuration to two azure virtual machines.

If you have time you could perform some of the following additional tasks for to help you learn more about DSC configurations and Azure.

  • Take one of the VMs offline and verify that you can still access the IIS default page
  • Connect to one of the VMs using the Remote Desktop Protocol (RDP)
    • Uninstall IIS
    • Verify that the DSC configuration is applied to the VM within 15 minutes, as we configured earlier, without any further intervention from you
    • Verify the DSC state is re-applied and becomes compliant in Azure, and that you can connect to IIS successfully