CODEWITHSUNDEEP
powershellazureazure-powershelldsc
Mike Norgate
Mike Norgate

Reputation: 2431

Azure PowerShell DSC install extra modules

As part of an Azure resource group template I have a PowerShell DSC extension setup for my VM which provisions various Windows features.

As part of this automated setup I want to be able to open some ports in the firewall, after a bit of research I found there is a xFirewall DSC module available. My problem is how can I automatically install this module onto the Azure VM before the DSC executes?

My configuration looks like this:

Configuration Main
{

Param ( [string] $nodeName )

Import-DscResource -ModuleName PSDesiredStateConfiguration
Import-DscResource -ModuleName xFirewall

Node $nodeName

The import of xFirewall fails because the module is not installed.

I have thought about creating another DSC script that could run before this one, but that proves difficult as you can only have one DSC extensions attached to a VM at a time.

Upvotes: 5

Views: 2186

Answers (2)

Rick Rainey
Rick Rainey

Reputation: 11246

The module you need to import is the xNetworking module and the resource is xFirewall. So, a simple example of the DSC script would look like this.

Configuration Main
{

Param ( [string] $nodeName )

Import-DscResource -ModuleName PSDesiredStateConfiguration
Import-DscResource -ModuleName xNetworking

Node $nodeName
  {
      xFirewall Firewall 
      { 
          Name    = "AllowNotepad"             
          Program = "c:\windows\system32\notepad.exe" 
          Action  = "Allow" 
      } 
  }
}

To get this into your Resource Group deployment template, you need to copy the xNetworking module into your project under the DSC folder that was created when you added the PowerShell DSC Extensions. Then add the xNetworking folder to your project as shown here.

enter image description here

Next, go through your normal Deploy process. What will be different now that you have a DSC extension is that you will need to specify an artifacts storage account prior to deploying.

enter image description here

The Deploy-AzureResourceGroup.ps1 script in your project will upload the DSC.zip which now includes your xNetworking module into the storage account so that Azure Resource Manager (ARM) can then push the extension into the virtual machine after it has been provisioned. From there, the DSC engine in the virtual machine takes over and applies the configuration.

Upvotes: 4

Kai Zhao
Kai Zhao

Reputation: 1015

Refer to How to use and discover DSC resources in this article

Assuming you dropped xFirewall module as part of the DscResource, First you need import the module, I think that's xNetworking, by using Import-Module {FullPath} then follow by Import-DSCResource -ModuleName xNetworking -name xFirewall

Or try Import-DSCResource -Name xFirewall, seems this will make it scan the entire resource folder and find the xFirewall for you.

Upvotes: 0

Related Questions