I recently made a post about Azure Machine Configuration and PowerShell DSC, and how to deploy VM configurations as infrastructure as Code, just like the rest of your infrastructure.
But in this post, I focused mainly on Windows configuration and wrote almost nothing about Linux.
However, Azure Machine Configuration is also available for Linux VMs, where you can use DSC or Chef InSpec.
To run DSC configurations, VMs need to have the AzurePolicyForLinux extension and a managed identity.
But unlike Windows, most Linux VMs don’t come with PowerShell installed. To solve this problem, the AzurePolicyForLinux extension installs PowerShell in a Folder but doesn’t modify the Path of the VM. PowerShell can only be used by the policy.
The next step is to write a DSC configuration. There are many DSC resources for managing Windows, but to manage a Linux server, you will need a compatible DSC resource. The most advanced is the NxTools module. It is the recommended version to use with the Azure Machine configuration.
The NxTools module is a POSIX wrapper for several Linux commands and includes several DSC resources.
- nxFiles, to manage files and folders
- nxGroup, to manage groups and group membership
- nxUser, to manage users
- nxPackages, to manage packages (support only apt)
- nxService, to manage service (only system)
- nxScript, to execute scripts in DSC configurations
To demonstrate DSC on Linux with Azure Machine Configuration, let's ensure the user devTo is created and added to the group publisher, and a file with specified content is created using a script resource.
configuration demoDSCLinux
{
Import-DscResource -ModuleName 'nxtools'
nxUser ensureDevToUser {
Ensure = 'Present'
UserName = 'DevTo'
FullName = 'Dev To Demo user'
HomeDirectory = '/home/DevTo'
Description = 'Ensure that DevTo user is present on the system'
}
nxGroup ensurePublishersGroup {
# the group must be present and have root as only member
Ensure = 'Present'
GroupName = 'publishers'
Members = @('DevTo')
}
nxScript ensurePublisherfilePresent {
GetScript = {
$Reason = [Reason]::new()
$Reason.Code = "Script:Script:FileMissing"
$Reason.Phrase = "File does not exist"
if (Test-Path -Path "/home/DevTo/publisher.txt")
{
$Reason.Code = "Script:Script:Success"
$Reason.Phrase = "File exists"
}
return @{
Reasons = @($Reason)
}
}
TestScript = {
if (Test-Path -Path "/home/DevTo/publisher.txt")
{
return $true
}
else
{
return $false
}
}
SetScript = {
$null = New-Item -Path "/home/DevTo/publisher.txt" -ItemType "File" -Force
}
}
}
The first two resources create the DevTo user and create the Publishers group, and add the DevTo user.
The last one ensures that the file "/home/DevTo/publisher.txt" is present on the system using a nxScript resource. The GetScript block of the resource needs to return a Hashtable with a Reason object to work. The reason.phrase will be shown in the Azure Portal in case of noncompliance.
If you try to compile this configuration on your Windows or macOS machine, you will get an error; you need a Linux VM with PowerShell.
You can set up a dev VM for that, but you can also use a CI/CD pipeline to compile and package the configuration for Linux. You can also compile and package the DSC configuration in GitHub Actions.
First, you will need a script for compiling the configuration and creating the Azure Machine Configuration package.
# Check if the host is a Linux system
if ($IsLinux -eq $false) {
Write-Error "This script must be run on a Linux system."
exit 1
}
# install modules
Install-Module -Name nxtools -Force
install-module -name PSDesiredStateConfiguration -RequiredVersion 3.0.0-beta1 -Force -AllowPrerelease
install-module -name GuestConfiguration -Force -RequiredVersion 4.1.0
# compile the demo configuration
. ./DSC-Linux/demolinux.dsc.ps1
demoDSCLinux
# rename the MOF file
Rename-Item -Path .\demoDSCLinux\localhost.mof -NewName demoDSCLinux.mof -Force
# create the package for Azure Machine Configuration
New-GuestConfigurationPackage -name "demoDSCLinux" -Type AuditAndSet -Configuration .\demoDSCLinux\demoDSCLinux.mof -Force $true
The first line of the script tests if the host is a Linux machine. The configuration can only be created on Linux.
Then the script imports all the necessary modules, nxtools for the DSC resources, PSDesiredStateConfiguration for DSC, and GuestConfiguration to package the configuration.
It then compiles the configuration and packages it. The package can then be deployed to a Linux VM with Azure Machine configuration.
Top comments (0)