In today’s 70-533 objectives, we will be taking a look at objective 2.2 - Perform Configuration Management. For the complete series, head to the dedicated 7-533 exam page here.
This post mainly covers two objectives:
- Automate configuration management by using DSC and VM Agent (custom script extensions)
- Enable remote debugging
So, let us deep dive into now.
Automate configuration management by using DSC and VM Agent (custom script extensions)
The Azure VM Agent and associated Extensions are part of the Microsoft Azure Infrastructure Services. VM Extensions are software components that extend the VM functionality and simplify various VM management operations.
We will cover this objective into two parts. First, we will look at what is a VM Agent and then move on to DSC and custom script extensions.
VM Agent
The Microsoft Azure Virtual Machine Agent (AM Agent) is a secured, lightweight process that manages VM interaction with the Azure Fabric Controller. The VM Agent has a primary role in enabling and executing Azure virtual machine extensions.
Without the Azure VM agent, virtual machine extensions cannot be run.
There is no need to install the Azure VM Agent on any VM that was deployed from Azure gallery. If it a VM created by an image of your choice, you can perform a manual installation by downloading the agent.
To verify if the agent is installed or not on a Windows machine, you can run the below command.
Get-AzureRmVM -ResourceGroupName VMResourceGroup -Name WindowsVM | Select -ExpandProperty OSProfile | Select -ExpandProperty Windowsconfiguration | Select ProvisionVMAgent
Let us now deep dive into Desired State Configuration.
Desired State Configuration
With Azure Desired State Configuration (DSC), you can consistently deploy, reliably monitor, and automatically update the desired state of all your resources. DSC is a VM agent extension and works on both Windows and Linux. DSC supports ARM templates, Azure PowerShell and XPLAT-CLI.
Prerequisites
- Local Machine: This is to interact with the Azure VM extension, this can be either Azure portal or Azure PowerShell SDK.
- Guest Agent: The Azure VM that is configured by the DSC configuration needs to be an OS that supports either Windows Management Framework (WMF) 4.0 or 5.0.
And before we proceed further, here is a little bit of DCS lingo that you need to know.
- Configuration - A DSC configuration document.
- Node - A target for a DSC configuration. In this document, "node" always refers to an Azure VM.
- Configuration Data - A .psd1 file containing environmental data for a configuration.
In this example, we will be installing the IIS role on our Azure VM using the Azure DSC Extension.
As seen below, the VM does not have the Web-Server installed at first.
We will first create the DSC file and save it as DeployWebServer.ps1 and the contents of it can be seen below.
configuration IISInstall
{
node "localhost"
{
WindowsFeature IIS
{
Ensure = "Present"
Name = "Web-Server"
}
}
}
Once this is saved, connect to your instance using the Login-AzureRmAccount command.
You will need to type the below commands on a PowerShell session which will go ahead and add the Web-Server to the associated VM.
$resourceGroup = "VMResourceGroup" $location = "southindia" $vmName = "WindowsVM" $storageName = "vmresourcegroupdisks521" #Publish the configuration script into user storage Publish-AzureRmVMDscConfiguration -ConfigurationPath C:\Scripts\DeployWebServer.ps1 -ResourceGroupName $resourceGroup -StorageAccountName $storageName -force #Set the VM to run the DSC configuration Set-AzureRmVmDscExtension -Version 2.21 -ResourceGroupName $resourceGroup -VMName $vmName -ArchiveStorageAccountName $storageName -ArchiveBlobName DeployWebServer.ps1.zip -AutoUpdate:$true -ConfigurationName "IISInstall"
We are first setting the proper variables that we can use at a later time like the resource group, location, VM Name and the storage account name.
Publish-AzureRmVMDscConfiguration cmdlet will push the .ps1 after creating a zip file to the storage account within a newly created container called windows-powershell-dsc.
You can verify this by using a free tool called Microsoft Azure Storage Explorer.
The Set-AzureRmVmDscExtension cmdlet will actually perform the change and install the Web Server role on the VM.
Once the cmdlet is successfully executed, you will see that the Web Server role is now installed on the VM.
This was a simple example in terms of how you could use Azure DSC, the same theory can be applied to various different scenarios.
We will now move on to the next topic, custom script extensions.
Custom Script Extensions
The custom script extension downloads and executes scripts on Azure Virtual Machines. The scripts can be downloaded demo Azure Storage or Github or Azure portal at extension runtime.
The supported Windows Operating systems for Custom Script Extensions are Windows 10 Client, Windows Server 2008 R2, 2012, 2012 R2 and 2016.
So, let us look at a couple of ways to deploy custom script extensions, one from the Azure Portal and the through Azure PowerShell.
Azure Portal
To add a Custom Script Extension to an Azure Virtual Machine from the portal, select the VM > Extensions > Custom Script Extension > Create.
I have added the InstallWebServer.ps1 file, which had the below command.
Install-WindowsFeature Web-Server
This is the same example that we performed earlier using the DSC extension.
This will create a temporary storage account, upload the file there and then execute this ps1 file against the VM. Once the deployment is complete, you should see that the Web Server role is installed on the VM.
Azure PowerShell
We will be using the same ps1 for the PowerShell example as well. Behind the scenes, I have uninstalled the role, so there is no role installed on the VM at this time.
First thing is that you will have to create the blob container to upload the file to the storage account. In my example, I have created scripts as the blob container. Next step is set public access to the container.
Now run the below command to install the Web Server using PowerShell for custom script extensions.
Set-AzureRmVMCustomScriptExtension -ResourceGroupName VMResourceGroup ` -VMName WindowsVM ` -Location southindia ` -FileUri 'https://vmresourcegroupdisks521.blob.core.windows.net/scripts/InstallWebServer.ps1' ` -Run 'InstallWebServer.ps1' ` -Name DemoScriptExtension
Enable Remote Debugging
You can enable remote debugging on Azure Virtual Machines using Server Explorer in Visual Studio. When remote debugging is enabled, Azure installs the remote debugging extension on the virtual machine.
Below are the steps that you would have to follow to debug an Azure VM:
In Server Explorer, expand the Virtual Machines node and select the node of the virtual machine that you wish to debug.
Select Enable Debugging. When prompted if you're sure if you want to enable debugging on the virtual machine, select Yes.
Azure installs the remote debugging extension on the virtual machine to enable debugging.
After the remote debugging extension finishes installing, open the virtual machine's context menu and select Attach Debugger...
Azure gets a list of the processes on the virtual machine and shows them in the Attach to Process dialog box.
In the Attach to Process dialog box, select Select to limit the results list to show only the types of code you want to debug. You can debug 32- or 64-bit managed code, native code, or both.
Select the processes you want to debug on the virtual machine and then select Attach.
