Search code examples
azuredscterraform-provider-azure

Issue with install DSC extension on Azure VM during deployment using Terraform

I am trying to use the information in this article:

https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-template#default-configuration-script

to onboard a VM to Azure Automation at deployment time and apply a configuration.

I am using Terraform to do the deployment, below is the code I am using for the extensions:

resource "azurerm_virtual_machine_extension" "cse-dscconfig" {
  name                    = "${var.vm_name}-dscconfig-cse"
  location                = "${azurerm_resource_group.my_rg.location}"
  resource_group_name     = "${azurerm_resource_group.my_rg.name}"
  virtual_machine_name    = "${azurerm_virtual_machine.my_vm.name}"
  publisher               = "Microsoft.Powershell"
  type                    = "DSC"
  type_handler_version    = "2.76"
  depends_on              = ["azurerm_virtual_machine.my_vm"]

  settings = <<SETTINGS
        {
          "configurationArguments": {
              "RegistrationUrl": "${var.endpoint}",
              "NodeConfigurationName": "VMConfig"
          }
        }
        SETTINGS

  protected_settings = <<PROTECTED_SETTINGS
        {
                "configurationArguments": {
                  "registrationKey": {
                    "userName": "NOT_USED",
                    "Password": "${var.key}"
                  }
                }
        }
        PROTECTED_SETTINGS
}

I am getting the RegistrationURL value at execution time by running the command below and passing the value into Terraform:

$endpoint = (Get-AzureRmAutomationRegistrationInfo -ResourceGroupName $tf_state_rg -AutomationAccountName $autoAcctName).Endpoint

I am getting the Password value at execution time by running the command below and passing the value into Terraform:

$key = (Get-AzureRmAutomationRegistrationInfo -ResourceGroupName $tf_state_rg -AutomationAccountName $autoAcctName).PrimaryKey

I can tell from the logs on the VM that the extension is getting installed but never registers with the Automation Account.

Solution

  • Figured out what the problem was. The documentation is thin on details in some areas so it really was by trial and error that I discovered what was causing the problem. I had the wrong value in the NodeConfigurationName properties. What the documentation says about this property: Specifies the node configuration in the Automation account to assign to the node. Not having much experience with DSC, I interrupted this to mean the name of the configuration as seen in the Configurations section of the State configuration (DSC) blade of the Automation Account in the Azure portal.

    What the NodeConfigurationName property is really referring to is the Node definition inside the configuration and it should be in the format of ConfigurationName.NodeName. As an example, the name of my configuration is VMConfig and in the config source I have a Node block defined called localhost. So, with this...the value of the NodeConfigurationName property should be VMConfig.localhost.