Introduction to Azure Automation
Azure Automation: Runbooks
Azure Automation: Desired State Configuration (DSC)
In order to manage your Windows and Linux nodes with Azure Automation DSC, you'll need to generate and apply a DSC "meta configuration." This process is known as "onboarding." The meta-configuration is what configures the Local Configuration Manager (LCM) - the agent that downloads and processes DSC nod configurations - to point to your Azure Automation Account, to look for configuration updates, and report its status. After onboarding a node, you associate a node configuration to it. The next time that the node checks into Azure Automation, it will download the latest DSC node configuration, and apply it locally!
Hello. In this demonstration, we are going to show how to on-board a DSC node to the Azure Automation DSC service. Under the Automation account that we created previously, the DSC nodes is currently showing zero, which means that we don't currently have any virtual machines onboarded into the service. If we're onboarding an Azure VM, we can simply click the Add Azure VM button, and then we can choose from the virtual machines that are available inside of our Azure subscription.
In this case, we'll be on-boarding a virtual machine that's not running inside of Microsoft Azure. To onboard a virtual machine that's not running inside of Microsoft Azure, we have to generate some DSC meta configurations. So when you click the Plus button to onboard a non-Azure virtual machine, you'll be taken out to the Azure documentation. If you choose the Generating DSC Meta Configurations option, it'll take you down to that heading, and we can simply copy and paste the DSC meta configuration that's provided here and fill it out with our specific details.
The details for onboarding a virtual machine using the DSC meta configuration is available under the keys for the Automation account. As you'll see here, there's a primary and secondary access key that grant access to the Automation account, and there's also an onboarding URL. We'll use these parameters to generate our DSC meta configurations.
Let's hop over to the PowerShell Integrated Scripting Editor, where I've already copy-and-pasted the meta configuration that's provided in the Azure Automation documentation. All we need to do to use this DSC meta configuration is to fill in the details that are shown here. First, we're going to fill in the registration URL. So we'll copy that from the Automation account and paste it there. Next, we need to specify the registration key, so we can grab either the primary or secondary access keys. We'll go ahead and paste that in for the registration key. Now finally, we need to specify an array of computers that we want to onboard. I'll hit Ctrl D and go over to my interactive console, and if I simply type "hostname" or "env:computername" you'll see the computer name of the local system. So I'm going to go ahead and grab this computer name since this local VM is the one that we're going to onboard, and I'll paste it in. So even though we're specifying an array of computer names, this array only specifies a single computer name.
Now, we can also specify the node configuration. But because we haven't uploaded any DSC configurations yet, we're simply going to leave that empty. Under the Configuration Mode, we'll change this to Apply and Autocorrect to ensure that the DSC configuration, when it's associated to this virtual machine, automatically makes changes to the system to bring it into compliance. Okay. So now we've finished the meta configuration. So let's hit F5, and it's going to spit out the meta configuration right here, under the DSC Meta Configs folder.
So I'll change into the DSC Meta Configs folder, and you'll see the file located there. In order to actually use this file, we need to call the Set DSC Local Configuration Manager, which is basically the command that configures the LCM agent that's running on the virtual machine to tell it to communicate with the upstream pull server. So I'm simply going to tell it to configure itself using the local path. Because the local computer name matches the name of the file in the DSC Meta Configuration folder, it will automatically configure using that file. If we call Get DSC Local Configuration Manager to view the configuration of the LCM, you can see that the system has been successfully onboarded.
There's one other method of onboarding virtual machines that are not inside of Microsoft Azure. In fact, you can even use this technique even if the virtual machine is in Azure. In this case, if you have the Azure Resource Manager PowerShell module installed on the local system, there is a special command that simplifies the process of generating DSC meta configurations. That command name is Get-AzureRMAutomationDSConboarding MetaConfig. There's a few parameters that we'll have to pass into this command, including the resource group name that contains the Automation account, the name of the Automation account itself, the output folder where the meta configurations will be placed, or the MOF files, the computer names that we want to generate meta configurations for. Then finally, the force parameter simply suppresses any warning messages.
Finally, after we generate the DSC meta config, we'll call the set-DSCLocalConfigurationManager command to configure the LCM. So let's hit F5 to run this script. I'll type my Azure credential to log in, and now the command has successfully rerun and reconfigured the Local Configuration Manager. So this process is a little bit more straightforward than the first one of manually generating the meta configs. However, this one simplifies the process of getting the access keys and the onboarding URL by providing a friendly PowerShell command. The downside to this method is that you have to have the Azure Resource Manager PowerShell module installed.
Now that we've onboarded our DSC Local Configuration Manager, let's go back to the Azure Portal and open up the Automation account. Now the DSC nodes shows a number of one instead of zero. As you can see, we've now successfully onboarded the virtual machine named TBS01-WIN10. Unfortunately, it doesn't currently have an associated node configuration. So we'll need to upload a DSC configuration document and then compile it into node configurations or MOF files, and then associate one of those node configurations with this particular node.
Trevor Sullivan is a Microsoft MVP for Windows PowerShell, and enjoys working with cloud and automation technologies. As a strong, vocal veteran of the Microsoft-centric IT field since 2004, Trevor has developed open source projects, provided significant amounts of product feedback, authored a large variety of training resources, and presented at IT functions including worldwide user groups and conferences.