Azure DSC Automation

This topic contains 3 replies, has 3 voices, and was last updated by  Will Anderson 1 week ago.

  • Author
    Posts
  • #80003

    Hello,

    I'm currently analyzing at using full DSC to bootstrapping IaaS/VMSS in Azure; our current process has lived long enough and it's just a patch on a on-prem process based on SCCM. Part of our builds are adding security settings, agents, etc to a based Windows Server OS and the variation is pretty much on the domain those computers would join and some specific parameters in the agent installers (based on the domain). As we are designing this process, we are facing the question of either have a based configuration per domain (for example: Development.mof, UAT.mof, Production.mof) and just link machines to it OR have one psd1 per machine with a single ps1 to create a mof per machine (for example: Machine1.mof, Machine2.mof). I'm assuming I'm not the first one trying to do this, does anybody approached this before? any recommendation? also, how are you managing exceptions?

    Thanks!

  • #80105

    Don Jones
    Keymaster

    That's kind of a big question, and people do it both ways. In "The DSC Book" we get into it a bit, but I think it really comes down to whatever way works best for your management style. Happy to try and answer questions tho!

  • #80165

    I think the biggest issue comes on how to manage the exceptions; that's what I'm trying to get my head around. Since per machine MOF gives you more flexibility for this scenario but you need to back it up with more automation when generating new configs. However, having configs per environment it gets more tricky when managing exception and most likely we will run into Development_1_0.mof, Development_1_1.mof, Development_1_2.mof and so on. How to do the catch up?

    Also, curious since I see on twitter post around people being able to recover a scale out file server cluster within 10 mins on how this scenarios are being managed since it seems mof per cluster is required or per node.

  • #81607

    Will Anderson
    Keymaster

    I think the most flexible way of using Azure DSC is keeping the configurations generic with composite configurations that are added to your Modules directory in the Azure Automation Account. Then defining your environment with a master configuration (eg – WebServerRole gets IIS config, base server, etc./App server gets base server, application config, etc./ and so forth). Then I can deploy those configurations to any machine regardless of their server name.

    If you're using Azure templates for the build of the environment, it's even easier that way. I let my template handle the naming of the systems based on parameterized inputs from my user, and then use complex variables to make the decisions on how the systems should be named. All I care about at that point is what role my server is, and then assign a configuration to it. Like so:

        {
          "type": "Microsoft.Compute/virtualMachines/extensions",
          "apiVersion": "2016-04-30-preview",
          "copy": {
            "count": "[variables('VMConfigReference').webServer.instanceCount]",
            "name": "webServerConfig"
          },
          "name": "[concat(variables('VMConfigReference').webServer.Name,0,copyIndex(1),'/webServerConfig')]",
          "dependsOn": [
            "[resourceId('Microsoft.Compute/virtualMachines',concat(variables('VMConfigReference').webServer.Name,0,copyIndex(1)))]",
            "[resourceId('Microsoft.Compute/virtualMachines/extensions',concat(variables('VMConfigReference').webServer.Name,0,copyIndex(1)),'OMSExtension')]"
          ],
          "location": "[resourceGroup().Location]",
          "properties": {
            "type": "DSC",
            "publisher": "Microsoft.Powershell",
            "typeHandlerVersion": "[variables('dscLocalConfigurationManager').dscExtensionVersion]",
            "settings": {
              "modulesUrl": "[variables('dscLocalConfigurationManager').modulesURI]",
              "configurationFunction": "[variables('dscLocalConfigurationManager').configurationFunction]",
              "Properties": [
                {
                  "Name": "RegistrationKey",
                  "Value": {
                    "UserName": "PLACEHOLDER_DONOTUSE",
                    "Password": "PrivateSettingsRef:registrationKeyPrivate"
                  },
                  "TypeName": "System.Management.Automation.PSCredential"
                },
                {
                  "Name": "RegistrationUrl",
                  "Value": "[parameters('automationRegistrationUrl')]",
                  "TypeName": "System.String"
                },
                {
                  "Name": "NodeConfigurationName",
                  "Value": "CompositeConfig.webserver",
                  "TypeName": "System.String"
                },
                {
                  "Name": "ConfigurationMode",
                  "Value": "[variables('dscLocalConfigurationManager').configurationMode]",
                  "TypeName": "System.String"
                },
                {
                  "Name": "RebootNodeIfNeeded",
                  "Value": "[variables('dscLocalConfigurationManager').rebootNodeIfNeeded]",
                  "TypeName": "System.Boolean"
                },
                {
                  "Name": "ActionAfterReboot",
                  "Value": "[variables('dscLocalConfigurationManager').actionAfterReboot]",
                  "TypeName": "System.String"
                },
                {
                  "Name": "AllowModuleOverwrite",
                  "Value": "[variables('dscLocalConfigurationManager').allowModuleOverwrite]",
                  "TypeName": "System.Boolean"
                }
              ],
              "wmfVersion": "5.1"
            },
            "autoUpgradeMinorVersion": true,
            "protectedSettings": {
              "Items": {
                "registrationKeyPrivate": "[parameters('automationRegistrationKey')]"
              }
            }
          }
        },

    I can't tell you what the machine name will be at runtime, but I know it's a webserver and will be getting my webserver configuration from Azure Automation DSC once it comes up.

You must be logged in to reply to this topic.