Menu
As part of an Azure resource group template I have a PowerShell DSC extension setup for my VM which provisions various Windows features.
As part of this automated setup I want to be able to open some ports in the firewall, after a bit of research I found there is a xFirewall DSC module available. My problem is how can I automatically install this module onto the Azure VM before the DSC executes?
My configuration looks like this:
Configuration Main
{
Param ( [string] $nodeName )
Import-DscResource -ModuleName PSDesiredStateConfiguration
Import-DscResource -ModuleName xFirewall
Node $nodeName
The import of xFirewall fails because the module is not installed.
I have thought about creating another DSC script that could run before this one, but that proves difficult as you can only have one DSC extensions attached to a VM at a time.
435
To install a DSC resource, use the Install-Module cmdlet, specifying the name of the module shown under Module name in your search results. The "TimeZone" resource exists in the "ComputerManagementDSC" module, so that is the module this example installs.
How can I load all Windows PowerShell modules I have on my system? Use the Get-Module cmdlet with the ListAvailable switch, and pipe the results to the Import-Module cmdlet.
The module you need to import is the xNetworking module and the resource is xFirewall. So, a simple example of the DSC script would look like this.
Configuration Main
{
Param ( [string] $nodeName )
Import-DscResource -ModuleName PSDesiredStateConfiguration
Import-DscResource -ModuleName xNetworking
Node $nodeName
{
xFirewall Firewall
{
Name = "AllowNotepad"
Program = "c:\windows\system32\notepad.exe"
Action = "Allow"
}
}
}
To get this into your Resource Group deployment template, you need to copy the xNetworking module into your project under the DSC folder that was created when you added the PowerShell DSC Extensions. Then add the xNetworking folder to your project as shown here.
Next, go through your normal Deploy process. What will be different now that you have a DSC extension is that you will need to specify an artifacts storage account prior to deploying.
The Deploy-AzureResourceGroup.ps1 script in your project will upload the DSC.zip which now includes your xNetworking module into the storage account so that Azure Resource Manager (ARM) can then push the extension into the virtual machine after it has been provisioned. From there, the DSC engine in the virtual machine takes over and applies the configuration.
127
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
