Azure PowerShell DSC install extra modules

Question

As part of an Azure resource group template I have a PowerShell DSC extension setup for my VM which provisions various Windows features.

As part of this automated setup I want to be able to open some ports in the firewall, after a bit of research I found there is a xFirewall DSC module available. My problem is how can I automatically install this module onto the Azure VM before the DSC executes?

My configuration looks like this:

Configuration Main
{

Param ( [string] $nodeName )

Import-DscResource -ModuleName PSDesiredStateConfiguration
Import-DscResource -ModuleName xFirewall

Node $nodeName

The import of xFirewall fails because the module is not installed.

I have thought about creating another DSC script that could run before this one, but that proves difficult as you can only have one DSC extensions attached to a VM at a time.

1. xNetworking is the name of the module which contains xFirewall 2. Are you using Publish-AzureVMDscConfiguration to create the extension Zip file? If so, it should include the module in the zip. — TravisEz13, May 18 '16 at 16:10

score 4 · Accepted Answer · answered May 18 '16 at 16:29

The module you need to import is the xNetworking module and the resource is xFirewall. So, a simple example of the DSC script would look like this.

Configuration Main
{

Param ( [string] $nodeName )

Import-DscResource -ModuleName PSDesiredStateConfiguration
Import-DscResource -ModuleName xNetworking

Node $nodeName
  {
      xFirewall Firewall 
      { 
          Name    = "AllowNotepad"             
          Program = "c:\windows\system32\notepad.exe" 
          Action  = "Allow" 
      } 
  }
}

To get this into your Resource Group deployment template, you need to copy the xNetworking module into your project under the DSC folder that was created when you added the PowerShell DSC Extensions. Then add the xNetworking folder to your project as shown here.

Next, go through your normal Deploy process. What will be different now that you have a DSC extension is that you will need to specify an artifacts storage account prior to deploying.

The Deploy-AzureResourceGroup.ps1 script in your project will upload the DSC.zip which now includes your xNetworking module into the storage account so that Azure Resource Manager (ARM) can then push the extension into the virtual machine after it has been provisioned. From there, the DSC engine in the virtual machine takes over and applies the configuration.

Hello @Rick Rainey, please when doing this modules are not copied to output directory nor to Azure Storage. Is there some additional step needed? — marek_lani, Oct 05 '17 at 21:15
There have been changes in the PowerShell script in the past year that now require you to install the modules on your local machine. So, you will have to either change the script to manually package up the modules in your project (the way it used to work - which is preferred in my opinion), or just install the modules on your developer box. Look at the PowerShell script and you will see what I'm talking about. — Rick Rainey, Oct 05 '17 at 22:47

score 0 · Answer 2 · answered May 18 '16 at 16:10

Refer to How to use and discover DSC resources in this article

Assuming you dropped xFirewall module as part of the DscResource, First you need import the module, I think that's xNetworking, by using Import-Module {FullPath} then follow by Import-DSCResource -ModuleName xNetworking -name xFirewall

Or try Import-DSCResource -Name xFirewall, seems this will make it scan the entire resource folder and find the xFirewall for you.

Azure PowerShell DSC install extra modules

2 Answers2