You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Sep 12, 2024. It is now read-only.
Copy file name to clipboardExpand all lines: readme.md
+112Lines changed: 112 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -159,5 +159,117 @@ make reg
159
159
./omi-1.0.8/output/bin/omiserver
160
160
```
161
161
162
+
### Use Azure Automation as a DSC Pull Server
163
+
Note: For more information on Azure Automation’s DSC features, reference the [documentation](https://azure.microsoft.com/en-us/documentation/articles/automation-dsc-overview/).
164
+
Linux computers can be onboarded to Azure Automation DSC, as long as they have outbound access to the internet, via a few simple steps:
165
+
166
+
Make sure version 1.1 or later of the DSC Linux agent is installed on the machines you want to onboard to Azure Automation DSC.
167
+
168
+
**To configure Azure Automation as a DSC Pull Server from the Linux computer:**
169
+
170
+
- On each Linux machine to onboard to Azure Automation DSC, use Register.py to onboard using the PowerShell DSC Local Configuration Manager defaults:
- To find the registration key and registration URL for your Automation account, see the Secure Registration section below.
174
+
- Using the Azure portal or cmdlets, check that the machines to onboard now show up as DSC nodes registered in your Azure Automation account.
175
+
176
+
Additional configuration options:
177
+
- --ConfigurationName: the name of the configuration to apply
178
+
- --RefreshFrequencyMins: Specifies how often (in minutes) LCM attempts to obtain the configuration from the pull server. If configuration on the pull server differs from the current one on the target node, it is copied to the pending store and applied.
179
+
- --ConfigurationModeFrequencyMins: Specifies how often (in minutes) LCM ensures that the configuration is in the desired state.
180
+
- --ConfigurationMode: Specifies how LCM should apply the configuration. Valid values are: ApplyOnly, ApplyAndMonitor, ApplyAndAutoCorrect
181
+
182
+
**To configure Azure Automation as a DSC Pull Server with a metaconfiguration MOF:**
183
+
- Open the PowerShell console or PowerShell ISE as an administrator on a Windows machine in your local environment. This machine must have the latest version of WMF 5 installed
184
+
- Connect to Azure Resource Manager using the Azure PowerShell module:
185
+
```
186
+
Add-AzureAccount
187
+
Switch-AzureMode AzureResourceManager
188
+
```
189
+
- Download, from the Automation account you want to onboard nodes to, the PowerShell DSC metaconfigurations for the machines you want to onboard:
- Optionally, view and update the metaconfigurations in the output folder as needed to match the [PowerShell DSC Local Configuration Manager ](https://technet.microsoft.com/library/dn249922.aspx?f=255&MSPPError=-2147217396)fields and values you want, if the defaults do not match your use case.
193
+
194
+
- Remotely apply the PowerShell DSC metaconfiguration to the machines you want to onboard:
195
+
196
+
```
197
+
$SecurePass = ConvertTo -SecureString -string "<root password>" -AsPlainText Force
- If you cannot apply the PowerShell DSC metaconfigurations remotely, for each Linux machine to onboard, copy the metaconfiguration corresponding to that machine from the folder in step 5 onto the Linux machine. Then call SetDscLocalConfigurationManager.py locally on each Linux machine to onboard to Azure Automation DSC:
205
+
206
+
```
207
+
/opt/microsoft/dsc/Scripts/SetDscLocalConfigurationManager.py –configurationmof <path to metaconfiguration file>
208
+
```
209
+
- Using the Azure portal or cmdlets, check that the machines to onboard now show up as DSC nodes registered in your Azure Automation account.
210
+
211
+
### Importing resource modules to Azure Automation
212
+
The supplied resource modules with this release (nxNetworking, nxComputerManagement) can be imported to Azure Automation for distribution with DSC configurations. To import to Azure Automation, rename the .zip files to remove the _X.Y version string from the file name. Such as: nxNetworking.zip and nxComputerManagement.zip.
213
+
214
+
## Additional Information Performing DSC Operations from the Linux Computer
215
+
DSC for Linux includes scripts to work with configuration from the local Linux computer. These scripts are located in `/opt/microsoft/dsc/Scripts` and include the following:
216
+
217
+
**GetDscConfiguration.py**
218
+
Returns the current configuration applied to the computer. Similar to the Windows PowerShell cmdlet Get-DscConfiguration cmdlet.
219
+
`sudo ./GetDscConfiguration.py`
220
+
221
+
**GetDscLocalConfigurationManager.py**
222
+
Returns the current meta-configuration applied to the computer. Similar to the Windows PowerShell cmdlet Get-DSCLocalConfigurationManager
223
+
`sudo ./GetDscLocalConfigurationManager.py`
224
+
225
+
**PerformRequiredConfigurationChecks.py**
226
+
Immediately checks the configuration in accordance with the MetaConfiguration settings and applies the configuration if an update is available. Useful for immediately applying configuration changes on the pull server.
227
+
`sudo ./PerformRequiredConfigurationChecks.py`
228
+
229
+
**RestoreConfiguration.py**
230
+
Applies the previous configuration known to DSC, a rollback.
231
+
`sudo ./RestoreConfiguration.py`
232
+
233
+
**SetDscLocalConfigurationManager.py**
234
+
Applies a Meta Configuration MOF file to the computer. Similar to the Windows PowerShell cmdlet: Set-DSCLocalConfigurationManager. Requires the path to the Meta Configuration MOF to apply.
Applies a configuration MOF file to the computer. Similar to the Windows PowerShell cmdlet: StartDscConfiguration. Requires the path to the configuration MOF to apply.
Tests the current system configuration for compliance desired state. Similar to the Windows PowerShell cmdlet: Test-DscConfiguration.
243
+
`sudo ./TestDscConfiguration.py`
244
+
245
+
**InstallModule.py**
246
+
Installs a custom DSC resource module. Requires the path to a .zip file containing the module shared object library and schema MOF files.
247
+
`sudo ./InstallModule.py /tmp/cnx_Resource.zip`
248
+
249
+
**RemoveModule.py**
250
+
Removes a custom DSC resource module. Requires the name of the module to remove.
251
+
`sudo ./RemoveModule.py cnx_Resource`
252
+
253
+
## Using PowerShell Desired State Configuration for Linux with a Pull Server
254
+
### Using HTTPS with the Pull Server
255
+
Though unencrypted HTTP is supported for communication with the Pull server, HTTPS (SSL/TLS) is recommended. When using HTTPS, the DSC Local Configuration Manager requires that the SSL certificate of the Pull server is verifiable (signed by a trusted authority, has a common name that matches the URL, etc.).
256
+
257
+
You can modify these HTTPS requirements as needed, by modifying the file /etc/opt/omi/dsc/dsc.conf. The supported properties defined in this file are:
258
+
-**NoSSLv3** set this to true to require the TLS protocol and set this to false to support SSLv3 or TLS. The default is false.
259
+
-**DoNotCheckCertificate** set this to true to ignore SSL certificate verification. The default is false.
260
+
-**CURL_CA_BUNDLE** an optional path to a curl-ca-bundle.crt file containing the CA certificates to trust for SSL/TLS. For more information, see: http://curl.haxx.se/docs/sslcerts.html
261
+
-**sslCipherSuite** Optionally set your preferred SSL cipher suite list. Only ciphers matching the rules defined by this list will be supported for HTTPS negotiation. The syntax and available ciphers on your computer depend on whether the cURL package is configured to use OpenSSL or NSS as its SSL library. To determine which SSL library cURL is using, run the following command and look for OpenSSL or NSS in the list of linked libraries:
0 commit comments