How to use DSC in Azure Automation Account?
- Table of Content.
- What is Azure State DSC?
- Pricing
- PreRequisite.
- Writing DSC Configuration.
- Upload and Complie Configuration.
- Attach Configuration to Node.
- Check VM Compliance Status
Overview:
Azure State DSC (Desired State Configuration) is the desired state feature same as PowerShell DSC but hosted by Azure Automation Account. If you have an experience with the PowerShell DSC (Desired State Configuration) then it will be much easier for you to understand State DSC.
In this article, we are not going to discuss how DSC works but will focus on how to configure DSC in Azure Automation Account. If you need to get started with DSC then go through the link below.
Azure DSC uses the pull configuration to apply the configuration on the nodes. It means at some regular interval it polls and checks for the Nodes configuration and makes the node in desired state or change the compliance state as per selected configuration mode policy and that is explained later in this article.
Pricing:
Azure charges on Automation account-based first few free units provided and that free unit is based on the Job run time + if the log stored into Azure Log Analytics. See the link below for the Azure Automation configuration prices.
https://azure.microsoft.com/en-in/pricing/details/automation/
Pre-Requisite:
As such, there is no pre-requisite for configuring the Azure DSC but just you need an Automation Account and proper Azure Subscription. If you haven’t configured the Automation Account yet, First you need to create an automation account. To create an automation account, see the MS link below.
https://docs.microsoft.com/en-us/azure/automation/quickstarts/create-account-portal
Writing DSC Configuration
Here, we will not write a lengthy configuration but to understand quickly, we will create a simple configuration which will create a new file test.log in C:\Windows\Temp and stop the spooler service. The configuration is shown as below.
Configuration TestAzDSC {
Node LocalHost {
File CreateLogFile {
DestinationPath = "C:\Windows\Temp\AppData.log"
Ensure = 'Present'
Type = 'File'
Contents = 'This is a log file'
}
Service StopSpooler {
Name = 'Spooler'
State = 'Stopped'
StartupType = 'Disabled'
}
}
}This is simple DSC configuration that we going to upload in State Configuration (DSC) in Automation Account. You can test this configuration using DSC command lines if you wish.
Steps to Add / Upload DSC configuration:
- Search for the Automation Account in Azure Portal.
- Open the desired Automation Account.
- Click on the State Configuration (DSC).
- Select Configurations tab.
- Click on +Add button.
Once you click on +Add then you will see the window below for importing the configuration.
Make sure the provide Name should be the same as the Name of the DSC configuration and the Description is optional.
Once you upload configuration, you can see it in the Configuration page. Click on the Refresh button if you don’t see it.
Compile DSC configuration:
The second step is to compile the uploaded configuration. To compile it, click on the Uploaded configuration and click on compile button. To view the uploaded configuration on this page, use “view configuration source“
This compile configuration is same as the generating the MOF file. To see the compiled configuration, click on “Compiled Configuration“. The configuration name you should see is “ConfigurationName + NodeName” i.e. TestAzDSC.LocalHost as highlighted.
Attach Configuration to Node
So once we upload and compile the configuration the next task is to attach (apply) this configuration to the node. To do so, click on the Nodes in the State Configuration (DSC) and +Add button.
It will list the nodes in that subscription. When you click on the VM, the below page will be open. Make sure that the VM is running and the status should be connected as highlighted below. If the VM status is not connected then there are ways to troubleshoot configuration issues. We are not convering troubleshooting part in this article.
Click on the Connect button and the below Registration page will be loaded, select the complied configuration and other parameters. As Azure DSC uses the Pull configuration and act as a Pull server for the nodes, we need to specify the below parameters and they are explained below.
There are different parameters applicable for registring nodes like.
- Refresh Frequency: The VM checks for updates to the node configuration at intervals specified by the Refresh Frequency value.
- Configuration Mode Frequency: The node configuration you specified is applied to the VM at intervals specified by the value provided for Configuration Mode Frequency
- Configuration Mode: 3 configuration nodes shown in the image below.
Once you click on OK, you will see the status: Connecting. This part is same as the applying configuration using commandline: Start-DscConfiguration.
Initially it may take some time for the connection, once VM is connected it will show the Nodes page.
There is also option to filter out configuration page.
Checking VM Compliance Status:
To check the compliance status you can see on the Nodes configuration page itself with the diagram and to check individual VMs compliance status, you need to click on that Node.
Click on any of the Report and you will see the expanded resource view.
As you can see we have added two resources in the configuration and both are compliant and both settings are applied on the VM. Through the Azure portal, we can add only one node at a time but adding a multiple nodes can be done programmatically using PowerShell, AzureCLI, Python, etc.