Save to My DOJO
In my previous post, we set up a DSC pull server with Azure Automation and configured a node in Azure. The node will pull down the config file from Azure and then push out the vSphere configurations to our VMware environment. In this article, we will build on that foundation and add a few more operations. Let’s get started.
In the image above, you can see that we don’t have a node configuration attached to our node yet. Let’s fix that! We will first upload the VMware.VSphereDSC modules to our Azure Automation Account and then create a configuration file. Then we will compile the configuration file to create our .MOF file and assign it to our node.
Uploading the VMware.VSPhereDSC Modules
VMware’s DSC Project on Github contains the DSC resources for managing vCenter and ESXi. As of this article, there is not a DSC module for this project pushed on the PowerShell Gallery yet. So to get the latest DSC resources, we will need to download the latest module files and zip them into a folder. I have 3 quick one-liners for downloading the 1.0.0.9 module files:
Invoke-WebRequest -Uri "https://raw.githubusercontent.com/vmware/dscr-for-vmware/master/Source/VMware.vSphereDSC/VMware.vSphereDSC.psm1"-OutFile c:\temp\VMware.vSphereDSC.psm1 Invoke-WebRequest -Uri "https://raw.githubusercontent.com/vmware/dscr-for-vmware/master/Source/VMware.vSphereDSC/VMware.vSphereDSC.psd1"-OutFile c:\temp\VMware.vSphereDSC.psd1 Invoke-WebRequest -Uri "https://raw.githubusercontent.com/vmware/dscr-for-vmware/master/Source/VMware.vSphereDSC/VMware.vSphereDSC.Helper.psm1"-OutFile c:\temp\VMware.vSphereDSC.Helper.psm1
Zip all of these files together. I named it “VMware.vSphereDSC.zip”. Then we will upload these into our Azure Automation Account by selecting Modules on our Azure Automation Account blade:
These are the modules that we will be using when we compile the configuration file. Any modules used in the config file, will also be downloaded automatically to the node when it pulls the configuration. Click on Add a Module and select the .Zip file we created, then click OK to begin uploading the module:
It will take a few for the module to finish installing. It will be listed in the Modules with a status “available” once the upload has completed. After a few more minutes the module will be queried and the available DSC resources will be displayed when clicking on the module:
Now that we have our DSC resource uploaded, we can create our configuration file.
Configuration File – Set DNS on Single Host
The configuration file format is a little different from the standard way you see DSC Configurations set up. This is because we are having Azure do the compiling of the configuration to make the .MOF file instead of generating it locally. There are some good sample configuration files from VMware’s DSC documentation that you can use, you will only need the configuration file section since Azure Automation is doing the rest. Here is our configuration file for configuring DNS on a host. We include parameters inside the configuration so that when compiling the configuration we can specify certain options:
Configuration DNSConfig {
param(
[Parameter(Mandatory = $true)]
[string]$Name,
[Parameter(Mandatory = $true)]
[string]$Server,
[Parameter(Mandatory = $true)]
[string]$Hostname
)
Import-DscResource -ModuleName VMware.vSphereDSC
Node localhost {
$Cred = Get-AutomationPSCredential 'ESXi Password'
VMHostDnsSettings vmHostDnsSettings {
Name = $Name
Server = $Server
Credential = $Cred
HostName = $Hostname
DomainName = "lukelab.lcl"
Dhcp = $false
Address = @("192.168.0.12")
SearchDomain = @("lukelab.lcl")
}
}
}
One thing to notice is that we are pulling the password for our ESXi host as a credential object from Azure Automation. This is one of the many benefits you get from using Azure DSC, you can now store credentials securely and call them from your configurations. You can add credentials by selecting Credentials on your Automation Account page. We have one stored here called “ESXi Password” and we use the Get-AutomationPSCredential cmdlet to call this password:
Save the configuration code to a .ps1 and now we can upload it as a configuration in Azure. To do this, select State Configuration (DSC) from your Automation Account blade. Click on the Configurations tab and select Add:
On the Import blade select the configuration we made and select OK:
We have our configuration file uploaded. Now we need to compile the configuration and create our .MOF:
Select the configuration and then select Compile. If the configuration file has parameters, we will get a blade that appears with each parameter as an input box. Parameters are very useful when compiling configurations where you need dynamic variables set. In this case i just want to connect to ESXi3.lukelab.lcl with no vCenter so i put that host in all 3 input boxes:
It will take a few minutes to complete. You can then check the status of the compile process as well as review any errors that occur. The exceptions window is going to be key to troubleshooting any errors that occur when compiling configs:
Next, we will assign our compiled configuration to our node. Select the node and choose Assign Node Configuration:
Now we can see our node is in a “pending” status because it hasn’t pulled the latest configuration:
If we go to our VSPHEREDSC node, we can force a pull by typing in the following command:
Update-DscConfiguration -wait -Verbose
Now when we check on our node status we can see it’s compliant:
Also, our DNS has been updated on our host:
Configuration File – Declaring Configurations on Multiple Hosts
Let’s make a configuration file that will enforce settings on multiple hosts. To do this we can use the following configuration file and we will use VMware’s DSC resources for controlling services, DNS, and NTP on our hosts:
Configuration ESXihostConfig {
Import-DscResource -ModuleName VMware.vSphereDSC
Node localhost {
#Credentials from Azure
$Cred = Get-AutomationPSCredential 'ESXi Password'
#Apply Config to each host
foreach ($vmHost in @("esxi1.lukelab.lcl","esxi2.lukelab.lcl","esxi3.lukelab.lcl","esxi4.lukelab.lcl")) {
VMHostDnsSettings "vmHostDnsSettings_$($vmhost)" {
Name = $vmHost
Server = $vmHost
Credential = $Cred
HostName = $vmHost
DomainName = "lukelab.lcl"
Dhcp = $false
Address = @("192.168.0.12")
SearchDomain = @("lukelab.lcl")
}
VMHostNtpSettings "vmHostNtpSetting_$($vmhost)" {
Name = $vmHost
Server = $vmHost
Credential = $Cred
NtpServer = @("0.bg.pool.ntp.org")
NtpServicePolicy = "automatic"
}
VMHostService "vmHostService_$($vmhost)" {
Name = $vmHost
Server = $vmHost
Credential = $Cred
Key = 'TSM-SSH'
Policy = 'On'
Running = $true
}
}
}
}
We follow the same process of uploading the config file to Azure, compiling the config into a .MOF, and then assigning it to our node. Once a pull has been completed, we can see all our hosts are in compliance:
We’ll double check one host to make sure the settings have been enforced. Indeed they have:
Wrap Up
If your testing vSPhereDSC in a lab environment, you may run into errors when connecting to a host that doesn’t have a trusted certificate installed:
Also, be sure to check the Desired Configuration event log for any errors when troubleshooting failed pulls:
DSC for VMware and Azure Automation can be an incredibly powerful solution for enforcing or delegating the settings of each ESXi host. It also serves for documentation on the environment in the event of an audit. This is another step towards the devops mindset for VMware Administrators. It allows them to adopt the developer practices of writing code for deploying their infrastructure and storing it into the source code. VMware is continuously improving its DSC resources. For information on other DSC resources that you can use in your VMwareDSC configurations, be sure to check out their wiki.
Thanks for reading!
Not a DOJO Member yet?
Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!
More in this category
About the Author
Luke Orellana
