Over a million developers have joined DZone.

End-to-End IaaS Workload Provisioning in the Cloud (Part 2)

· Cloud Zone

Download the Essential Cloud Buyer’s Guide to learn important factors to consider before selecting a provider as well as buying criteria to help you make the best decision for your infrastructure needs, brought to you in partnership with Internap.

This article is Part 2 of a two-part series on automating the end-to-end provisioning process for IaaS workloads running on the Microsoft Azure cloud platform.  This process includes orchestration of all tasks, provisioning cloud fabric resources, and configuring operating system and application workloads running inside Azure VMs. The end goal of this effort is to provide accelerated "push-button" delivery of highly available, load-balanced cloud applications.

End-to-End IaaS Provisioning in the Cloud

In Part 1 of this series, I provided an example of leveraging Azure Automation runbooks and PowerShell Workflows in a concerted approach to fully automate all aspects of deploying new load-balanced VM's on the Microsoft Azure cloud platform. If you haven't yet completed Part 1 of this series, be sure to go do that now, and then come back here when finished to continue on to the Part 2 steps below.

In this article, I'll provide an example of a working PowerShell DSC Configuration that can be used with Azure Automation runbooks to customize the configuration of operating system and web application components running inside each VM as part of the provisioning process. When we're all done, we'll be able to invoke one runbook to deploy everything needed to bring our web application online: VMs, load-balancing, OS configuration, and Web application content.

What is PowerShell DSC?

In prior articles, we've discussed PowerShell Desired State Configuration (DSC) as a declarative approach to specify the end-state of a server and application instance.  This is in contrast to the imperative approach that is commonly used in traditional scripting.  By using a declarative approach, we're able to focus on the end-state to which a set of server and application instances should conform, rather than lots of if-then-else, try-catch conditional logic. In this manner, configuration management is streamlined and we're able to accelerate solution delivery and updates.

PowerShell DSC was introduced with PowerShell 4.0 for Windows Server 2012 R2, and has since been extended to support Linux as well. In PowerShell 5.0, DSC continues to be enhanced with support for object classes, centralized error reporting, easier resource authoring, cross-computer dependencies and MORE!

Let's Get Started!

To complete the scenario presented in this article, you'll want to be sure to download the following components:

  • Download and Install: PowerShell DSC Resource Kit
     
    The PowerShell DSC Resource Kit provides an additional set of over 40 DSC resource modules. In this article, we'll be using the xWebAdministration module for provisioning IIS web application resources.
  • Download and Install: Microsoft Azure PowerShell Module
     
    The Azure PowerShell Module provides PowerShell scripting support for Azure subscriptions and cloud resources. In this article, we'll be using the Azure PowerShell Module to publish our DSC Configuration to an Azure Storage Account, where it will be accessible to the Azure VMs that are being provisioned from within the Azure Automation runbook that was defined in Part 1 of this article series.

Configure OS and Application payloads inside Azure VMs with PowerShell DSC

In the DSC Configuration below, we'll define all of the components required for deploying our web application on the base platform image for Windows Server 2012 R2.  This configuration includes the Windows Server features, IIS Web Site configurations, web application content, and SSL certificate that our web application will use. In addition to standard DSC resources, the example below also shows how a DSC Script resource can be leveraged, in this case for deploying the needed SSL certificate.

Configuration WebSiteConfig
{

    # Import DSC WebAdmin Module from DSC Resource Kit
    Import-DscResource -ModuleName xWebAdministration

    Node ("localhost")
    {

        # Install the Web Server role
        WindowsFeature IIS
        {
            Ensure = "Present"
            Name = "Web-Server"
        }

       # Install the ASP.NET 4.5 role
        WindowsFeature AspNet
        {
            Ensure = "Present"
            Name = "Web-Asp-Net45"
        }
 
       # Stop the default website 
        xWebsite DefaultSite  
        { 
            Ensure          = "Present" 
            Name            = "Default Web Site" 
            State           = "Stopped" 
            PhysicalPath    = "C:\inetpub\wwwroot" 
            DependsOn       = "[WindowsFeature]IIS" 
        } 
       
        # Copy web application content
        File MyWebAppContent
        {
            Ensure = "Present"  # You can also set Ensure to "Absent"
            Type = "Directory" # Default is "File".
            Recurse = $true # Ensure presence of subdirectories, too
            SourcePath = "\\XXXdemoad01\source\MyWebApp"
            DestinationPath = "C:\inetpub\MyWebApp"
            DependsOn = "[WindowsFeature]AspNet"   
        }

        # Install SSL Certificate
        Script MyWebAppCert
        {
            SetScript =  "Import-PfxCertificate
              -FilePath \\XXXdemoad01\source\certs\MyWebAppCert.pfx
              -CertStoreLocation Cert:\LocalMachine\WebHosting"
            TestScript = "try { (Get-Item
              Cert:\LocalMachine\WebHosting\
              C534DFBFE8DB597F22320682F7BBFBA2611DC45A
              -ErrorAction Stop).HasPrivateKey} catch { `$False }"
            GetScript = "@{Ensure = if ((Get-Item
              Cert:\LocalMachine\WebHosting\
              C534DFBFE8DB597F22320682F7BBFBA2611DC45A
              -ErrorAction SilentlyContinue).HasPrivateKey)
              {'Present'}
              else {'Absent'}}"
            DependsOn = "[WindowsFeature]IIS"
        }

        # Create the web site for MyWebApp 
        xWebsite MyWebAppSite  
        { 
            Ensure       = "Present" 
            Name         = "MyWebApp" 
            State        = "Started" 
            PhysicalPath = "C:\inetpub\MyWebApp"
            BindingInfo  = MSFT_xWebBindingInformation
                           {
                           Protocol              = "HTTPS"
                           Port                  = 443
                           CertificateThumbprint =
                          "C534DFBFE8DB597F22320682F7BBFBA2611DC45A"
                           CertificateStoreName  = "WebHosting"
                           }
            DependsOn    = @("[WindowsFeature]IIS",
                             "[File]MyWebAppContent",
                             "[Script]MyWebAppCert") 
        } 

    }

}

After entering the DSC Configuration above, save it to a local PowerShell script file, such as AADSCWebConfig.ps1

Publish PowerShell DSC Configuration to Azure Storage Account

After saving the DSC Configuration as a local PowerShell script file, we'll need to publish this configuration to an Azure Storage Account container so that the Azure VMs we are provisioning will be able to access it. To perform this publishing process, we'll use the Azure PowerShell Module and the script snippet below from within a new Windows PowerShell ISE session window.

    # Authenticate to Azure
    Add-AzureAccount

    # Select Azure Subscription and Storage Account
    $subscriptionName = (Get-AzureSubscription).SubscriptionName |
        Out-GridView `
            -Title "Select Your Azure Subcription" `
            -PassThru
     
    Select-AzureSubscription `
        -SubscriptionName $subscriptionName
     
    $storageName = (Get-AzureStorageAccount).StorageAccountName |
        Out-GridView `
            -Title "Select Your Azure Storage Account" `
            -PassThru
     
    Set-AzureSubscription `
        -SubscriptionName $subscriptionName `
        -CurrentStorageAccountName $storageName

    # Publish DSC Configuration to Azure Storage Account
    Publish-AzureVMDscConfiguration `
        -ConfigurationPath .\AADSCWebConfig.ps1 `
        -Force

Tip! When selecting the Azure Subscription and Storage Account in the code snippet above, be sure to select the same Subscription and Storage Account used in Part 1 of this article series within your Azure Automation Runbook.

During the publishing process above, the DSC Configuration will be packaged in a .ZIP file along with any modules imported using Import-Module in the Configuration block.  By default, this resulting .ZIP file package will be uploaded to a storage container named windows-powershell-dsc in the selected Azure Storage Account.

Use Azure VM Agent extensions to apply PowerShell DSC Configuration

We've got our PowerShell DSC Configuration defined and published to our Azure Storage Account.  Now, we'll need to add a bit of extra code to the original Azure Automation Runbook that we built in Part 1 of this series. This additional code will apply our published DSC Configuration inside each VM using the Azure VM Agent DSC extension.

Open the Azure Automation Runbook that you defined in Part 1 of this series and edit it in Draft mode. Insert the highlighted code between the Set-AzureSubnet and New-AzureVM code blocks as shown below.

    ...

    # Specify HA Availability Set for VM
    $vm = Set-AzureAvailabilitySet `
        -VM $vm `
        -AvailabilitySetName $Using:availabilitySetName
     
    # Specify DSC Configuration to Apply within VM
    $vm = Set-AzureVMDSCExtension `
        -VM $vm `
        -ConfigurationArchive $Using:dscArchive `
        -ConfigurationName $Using:dscConfigName
     
    # Provision new VM with specified configuration
    New-AzureVM `
       -VMs $vm `
       -ServiceName $Using:vmServiceName `
       -VnetName $Using:vNetName `
       -AffinityGroup $Using:affinityGroupName `
       -WaitForBoot

    ...

That's it! Save and test your revised Runbook.  Upon Runbook completion, you should have your finished cloud application fully deployed - cloud fabric resources, OS configuration, web application content and application settings - all from a single "push-button".

What's next?

In future articles, I'll be expanding on additional scenarios around automation with Microsoft Azure. In the meantime, be sure to check out these additional resources to continue your learning:

The Cloud Zone is brought to you in partnership with Internap. Read Bare-Metal Cloud 101 to learn about bare-metal cloud and how it has emerged as a way to complement virtualized services.

Topics:

Published at DZone with permission of Keith Mayer, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}