Manage VMs with Azure Automation State Configuration

PowerShell Desired State Configuration is a programmatic way to declare in advance how a user wants to configure a resource, such as a virtual machine. Used correctly, DSC reduces configuration drift, which is the emergence of unnoticed or untracked configuration changes over time.

With DSC, the administrator declares the “what” and the DSC tool takes care of the “how”. Azure Automation State Configuration (AASC), a configuration management tool, is essentially Microsoft’s take on DSC. Other popular DSC systems include Terraform, Chef, and Puppet.

AASC allows IT administrators to frequently reassess servers managed by AASC, perform initial configuration, and reconfigure resources to deal with configuration drift. AASC can run on most versions of Windows, on physical and virtual servers, on-premises and in the cloud. It also supports other cloud environments, such as AWS.

Built on PowerShell DSC, AASC allows IT teams to write, manage, and compile DSC configurations for nodes. It also imports DSC resources and assigns configurations to target nodes.

AASC can work with Linux-based machines, but it requires additional management and configuration compared to Windows environments, where the DSC plug-in automatically installs when a DSC configuration is attached.

Implementing AASC involves several steps, depending on what the administrator is trying to accomplish:

  1. Create a discrete resource group. It is recommended to keep resources with the same lifecycle together.
  2. Create an automation user account in Azure.
  3. Generate and upload the Azure DSC configuration file.
  4. Compile the file into a machine-deployable configuration.
  5. Attach the configuration to a server and deploy it to the desired machines.

This tutorial uses PowerShell rather than the Azure portal and assumes the reader is already connected to Azure in the PowerShell console.

Step 1. Create a new resource group

Create the resource group using New-AzResourceGroup ordered.

Step 2. Create Automation User

Automatic state configuration requires an automation user to manage AASC. Create an automation user with the following PowerShell command, overriding values ​​as needed.

New-AzAutomationAccount -Location "EastUS" -ResourceGroupName "TT_Automation" -Name "automationUser"
The screenshot shows that the automation user has been created.

Step 3. Create the automation file

The automation file contains the desired state of a group of virtual machines.

For a production environment, it takes some forethought to design and develop the Azure DSC source file. This file contains the desired state for a group of virtual machines. For example, an administrator may want all Internet Information Services (IIS) servers to have an always-accurate baseline configuration. This example uses AASC to install an IIS server on a Windows machine.

Although creating source code files is beyond the scope of this article, an example from Microsoft is shown below. Its purpose is to ensure that IIS is installed.

configuration IISInstall
{
    node "localhost"
    {
        WindowsFeature IIS
        {
            Ensure = "Present"
            Name = "Web-Server"
        }
    }
}

Copy the text into the editor and save it with an appropriate name, ending with the .ps1 file extension. The file name and the configuration name must be the same.

Step 4. Upload configuration file to Azure

The next step is to upload the file to Azure. This process, also called publishing, makes the configuration available in Azure.

To upload the file, use the following PowerShell command.

Import-AzAutomationDscConfiguration -SourcePath "./iisInstall.ps1" -ResourceGroupName "TT_Automation" -AutomationAccountName "automationUser" -Published
The screenshot shows that the file has been uploaded to Azure.

This step simply publishes the configuration to Azure – it is not assigned to anything yet and will have no immediate effect. It is possible to publish several configurations.

The next step is to compile the code. Azure verifies that everything is as expected, then builds the package and all necessary dependencies to achieve the desired state.

Start-AzAutomationDscCompilationJob -ResourceGroupName "TT_Automation" -ConfigurationName "iisInstall" -AutomationAccountName "automationUser"
The screenshot shows that the code has been compiled.

Depending on several variables, compiling the automation configuration can take several minutes. Use the command Get-AzAutomationDscCompilationJob to get status. For all available configurations, use the command Get-AzAutomationDscNodeConfiguration.

Step 5. Save the configuration to a virtual machine

Next, deploy the prepared configuration to a virtual machine using the following code.

Register-AzAutomationDscNode -AzureVMName "test5" -ResourceGroupName "TT_Automation" -AutomationAccountName "automationUser" -NodeConfigurationName install.localhost -ConfigurationMode ApplyAndAutocorrect

This action can be repeated – and those feeling more adventurous can create a script for automatic node registration, if needed. Applying configurations outside of the resource group requires modified Azure Resource Manager templates. Deploying outside the resource group will fail and result in an automation account error message.

The results of the registration process can be viewed on the portal.

The screenshot shows the results of the registration process and the status of the configuration.

Alternatively, as IIS has been installed, connect to the IP in a browser to bring up the default IIS page.

The screenshot shows the default Windows Server Internet Services page.

About Dwayne Wakefield

Check Also

How to Remove Microsoft Account from Windows 11

With the Windows 8 makeover in 2012, the software giant made it quite difficult to …