terraformdsc

Creating azure automation dsc configuration and dsc configuration node using terraform doesn't seems to be working


As a very first step of my release process I run the following terraform code

resource "azurerm_automation_account" "automation_account" {
  for_each            = data.terraform_remote_state.pod_bootstrap.outputs.ops_rg
  name                = "${local.automation_account_prefix}-${each.key}"
  location            = each.key
  resource_group_name = each.value.name

  sku_name = "Basic"

  tags = {
    environment = "development"
  }
}

The automation accounts created as expected and I can see those in Azure portal.

I also have terraform code that creates a couple of windows VMs,each VM creation accompained by the following

resource "azurerm_virtual_machine_extension" "dsc" {
  name                 = "DevOpsDSC"
  virtual_machine_id   = var.vm_id
  publisher            = "Microsoft.Powershell"
  type                 = "DSC"
  type_handler_version = "2.83"

  settings = <<SETTINGS_JSON
        {
          "configurationArguments": {
              "RegistrationUrl": "${var.dsc_server_endpoint}",
              "NodeConfigurationName": "${var.dsc_config}",
              "ConfigurationMode": "${var.dsc_mode}",
              "ConfigurationModeFrequencyMins": 15,
              "RefreshFrequencyMins": 30,
              "RebootNodeIfNeeded": false,
              "ActionAfterReboot": "continueConfiguration",
              "AllowModuleOverwrite": true
          }
        }
    SETTINGS_JSON

  protected_settings = <<PROTECTED_SETTINGS_JSON
    {
      "configurationArguments": {
         "RegistrationKey": {
                  "UserName": "PLACEHOLDER_DONOTUSE",
                  "Password": "${var.dsc_primary_access_key}"
                }
      }
    }
PROTECTED_SETTINGS_JSON
}

The result is the following enter image description here

So VM extension is created for each VM and the status says that provisioning succeeded.

For the next step I run the following terraform code

resource "azurerm_automation_dsc_configuration" "iswebserver" {
  for_each                = data.terraform_remote_state.pod_bootstrap.outputs.ops_rg
  name                    = "iswebserver"
  resource_group_name     = each.value.name
  automation_account_name = data.terraform_remote_state.ops.outputs.automation_account[each.key].name
  location                = each.key
  content_embedded        = "configuration iswebserver {}"
}

resource "azurerm_automation_dsc_nodeconfiguration" "iswebserver" {
  for_each                = data.terraform_remote_state.pod_bootstrap.outputs.ops_rg
  name                    = "iswebserver.localhost"
  resource_group_name     = each.value.name
  automation_account_name = data.terraform_remote_state.ops.outputs.automation_account[each.key].name
  depends_on              = [azurerm_automation_dsc_configuration.iswebserver]
  content_embedded        = file("${path.cwd}/iswebserver.mof")
}

The mof file content is the following

/*
@TargetNode='IsWebServer'
@GeneratedBy=P120bd0
@GenerationDate=02/25/2021 17:33:16
@GenerationHost=D-MJ05UA54
*/

instance of MSFT_RoleResource as $MSFT_RoleResource1ref
{
ResourceID = "[WindowsFeature]IIS";
 IncludeAllSubFeature = True;
 Ensure = "Present";
 SourceInfo = "D:\\DSC\\testconfig.ps1::5::9::WindowsFeature";
 Name = "Web-Server";
 ModuleName = "PsDesiredStateConfiguration";

ModuleVersion = "1.0";

 ConfigurationName = "TestConfig";

};
instance of OMI_ConfigurationDocument


                    {
 Version="2.0.0";
 

                        MinimumCompatibleVersion = "1.0.0";
 

                        CompatibleVersionAdditionalProperties= {"Omi_BaseResource:ConfigurationName"};
 

                        Author="P120bd0";
 

                        GenerationDate="02/25/2021 17:33:16";
 

                        GenerationHost="D-MJ05UA54";
 

                        Name="TestConfig";


                    };

After running the code I have got the following result enter image description here

The configuration is created as expected, clicking on configuration entry in UI grid, leads to the following enter image description here

Meaning that node configuration is created as well. My expectation was that for each VM I will see the Node configured to run configuration provided in mof file but Nodes UI shows empty Nodes enter image description here

So I was trying to configure node manually to connect all peaces together

enter image description here

and that fails with the following

enter image description here

So I am totally confisued. On the one hand there's azurerm_virtual_machine_extension that allows to create extension and bind it to the automation account. In addition there are azurerm_automation_dsc_configuration and azurerm_automation_dsc_nodeconfiguration that allows to create configuration and node configuration. But the bottom line is that you cannot connect all those dots to be able to create node.

Just to confirm that configuration is valid, I create additional vm without using azurerm_virtual_machine_extension and I was able succesfully add this MV to created node configuration enter image description here


Solution

  • The problem was in azurerm_virtual_machine_extension dsc_configuration parameter. The value needs to be the same as name property of the azurerm_automation_dsc_nodeconfiguration resource.