6. The Good and the Bad
Scale means…
Business is However…
growing!!
More servers
=> More
Failures
Scale * Complexity
Exceeds Skill
Rapid change
Can respond
and capture
market
means…
However…
More Change
=> More
Failures
Change is
Primary cause of outage
Life in the Cloud… (management)
Rapid change, at scale, with constant failures
7. PowerShell Desired State Configuration
Enables you to ensure that the components of your data center
have the correct configuration
Allows “continuous deployment” and prevents “configuration drift”
Uses language extensions and providers to enable declarative,
autonomous and idempotent (repeatable) Deployment,
Configuration and Conformance of standards-based managed
elements
8.
9. Imperative versus declarative syntax
• Unfamiliar for ITPro`s with no developer
background
• Essential to understand in order to see the benefits
of DSC and how it is implemented
12. Idempotence
“ .. operations .. that can be applied multiple times without
changing the result beyond the initial application”
In practice: If the conditions haven`t changed, the result
doesn`t change
14. DSC Resources
Bult-in resources for:
•
Enabling or disabling server roles and features
•
Managing registry settings
•
Managing files and folders
•
Starting, stopping and managing processes and services
•
Managing local user and group accounts
•
Deploying new software packages
•
Managing environment variables
•
Running Windows PowerShell scripts
Archive
Group
Process
Script
Environment
Log
Registry
Service
File
Package
Role
User
16. Push Model
Authoring Phase
(May include
imperative as well as
declarative code)
PS V1, V2,
V3
PS V4***
Staging Phase
- Fully declarative
configuration
representation using
DMTF standard MOF
instances
- Configuration is
calculated for all nodes
Configuration
Staging Area
(Contains DSC
data)
3rd party
languages
and tools
*** When authoring in PowerShell, on top
of PSV3 imperative features, PSV4 adds:
• Declarative syntax extensions
• Schema-driven Intellisense
• Schema validation (early-binding)
“Make it So” Phase
(Declarative configuration is
reified through imperative
providers.)
Local
Configuration
Store
Parser and
Dispatcher
Imperative
Providers
Providers implement
changes:
• Monotonic
• Imperative
• Idempotent
17. Pull Model
Authoring Phase
(May include
imperative as well as
declarative code)
PS V1, V2,
V3
PS V4***
3rd party
languages
and tools
Staging Phase
- Fully declarative
configuration
representation using
DMTF standard MOF
instances
- Configuration is
calculated for all nodes
Pull Server
(Contains DSC
data and
Modules)
*** When authoring in PowerShell, on top
of PSV3 imperative features, PSV4 adds:
• Declarative syntax extensions
• Schema-driven Intellisense
• Schema validation (early-binding)
“Make it So” Phase
(Declarative configuration is
reified through imperative
providers.)
Local
Configuration
Store
Parser and
Dispatcher
Imperative
Providers
Providers implement
changes:
• Monotonic
• Imperative
• Idempotent
18. Components
•
PowerShell Language Extensions
•
•
MOF Instance doc
•
•
Component on the managed node that coordinates the reception and application of configuration data for
that node.
Configuration Agent (CA)
•
•
File system storage of pending, current and previous configuration
Local Configuration Manager (LCM)
•
•
A rich, high-performance, standards-based management stack that is suitable for a wide range of
management applications.
Local Configuration Store
•
•
Configuration document that is delivered to managed nodes
WMI Service
•
•
Used by DevOps / Operations to define and generate configuration doc, then deploy to and manage
configuration for managed nodes
Component that interprets configuration data and enacts any changes needed to bring the physical system
state into alignment with the expressed configuration.
Resource Provider
•
Process configuration for a single resource. i.e.: Network Card, Disk, etc.
20. File Download Manager
•
•
•
•
•
•
SMB File Share
Best practice to use a DFS path
Computer accounts needs read permission
Node name must be a GUID
Checksum for configuration files necessary
Local Configuration Manager configuration must be configured to use Pull mode and the
DSCFileDownloadManager
23. Web Download Manager
•
•
•
•
•
Server role in Windows Server 2012 R2
Needs to be configured after installation
No inbox tooling to configure
xDscWebService resource that makes a node a DSC Pull Server available in a collection of DSC
Resources produced by the PowerShell Team
Local Configuration Manager configuration must be configured to use Pull mode and the
WebDownloadManager
25. DSC Resources
•
Built-In Windows PowerShell Desired State Configuration Resources
•
•
Build Custom Windows PowerShell Desired State Configuration Resources
•
•
http://technet.microsoft.com/en-us/library/dn249921.aspx
http://technet.microsoft.com/en-us/library/dn249927.aspx
DSCPack_ResourceDesigner
•
http://blogs.msdn.com/b/powershell/archive/2013/11/19/resource-designer-tool-a-walkthrough-writing-a-dscresource.aspx
26. DSC Resources
• Desired State Configuration (DSC) Resource Kit
• http://blogs.msdn.com/b/powershell/archive/2013/12/26/holidaygift-desired-state-configuration-dsc-resource-kit-wave-1.aspx
• PowerShell Community DSC Modules
• https://github.com/PowerShellOrg/DSC
Resource
xComputer
xVHD
xVMHyperV
xVMSwitch
xDNSServerAddress
xIPAddress
xDSCWebService
xWebsite
Description
Name a computer and add it to a domain/workgroup
Create and managed VHDs
Create and manage a Hyper-V Virtual Machine
Create and manage a Hyper-V Virtual Switch
Bind a DNS Server address to one or more NIC
Configure IPAddress (v4 and v6)
Configure DSC Service (aka Pull Server)
Deploy and configure a website on IIS
27. Configuration and Continuous
Deployment
Intent
Environment
Configuration
$SystemDrive = "C:"
$DemoFolder = "$SystemDriveDemo"
$global:WebServerCount = 3
…
Structural
Configuration
WindowsFeature IIS {
Name = "Web-Server"
Ensure = "Present"
}
…
(Dev -> Test -> Production)
Make It So Idempotent
Automation
foreach -parallel ($featureName in $Name)
{
$feature = Get-WindowsFeature -Name $featureName
if(($Ensure -eq "Present") -and (!$feature.Installed))
{
Install-WindowsFeature -Name $featureName
}
….
}
…
28. Separating "What" from "Where"
http://blogs.msdn.com/b/powershell/archive/2014/01/09/continuousdeployment-using-dsc-with-minimal-change.aspx
29. PowerShell DSC (V1)
• Declarative Configuration Syntax in PowerShell
Language
• Local Configuration Manager
• Receives MOF documents declaring desired state of Node
• Downloads and invokes idempotent resources to reify (make it
so)
• Simple “Pull Server”
• Leverages and Creates an Ecosystem
30. Observations
• Need a language to express desired state easily
• Need components with associated properties
(Types)
• Need an agent to “Make It So”
• Note: Nothing said about “How”
• Declarative vs Imperative
• Need Idempotence (repeatable)
• Need both Push Model and Pull Model
• Want to compare Actual and Expected States
31. DSC available as part of WMF 4.0
• DSC authoring
•
Declarative Configuration Syntax
in PowerShell
• DSC client
•
Local Configuration Manager
http://social.technet.microsoft.com/wiki/c
ontents/articles/21016.how-to-installwindows-powershell-4-0.aspx
34. Chef integration with DSC
http://www.getchef.com/blog/2013/08/19/opscode-chef-delivers-robust-opensource-automation-platform-for-windows-environments/
37. Summary
DSC
• Platform feature to build upon
• Simplify configuration
• Enable continuous deployment
• Prevent configuration drift
• Create an ecosystem
• V1 – expect rapid changes in upcoming versions
38. Key Takeaways
• Take time to think of how
you do configuration
management
• Start evaluating DSC
39. Book Recommendation
• The Phoenix Project
•
http://blog.powershell.no/2014/01/08/book-recommendation-the-phoenix-project/
40. Links & Resources
• Demos and slides available here:
• http://sdrv.ms/19khLBR
• I`ll tweet the URL - @JanEgilRing / #nicconf
• http://technet.microsoft.com/en-us/library/dn249912.aspx
• http://blogs.msdn.com/b/powershell/archive/tags/DSC
• https://connect.microsoft.com/PowerShell/SearchResults.as
px?SearchQuery=dsc
• http://powershell.org/wp/?s=dsc
41. Microsoft Technology User Group
• Server Manager Administration with Windows
PowerShell
• Presenter: Aleksandar Nikolic
• Location: University of Oslo
• When: January 20th, 18.00
• Registration: bit.ly/19QvD1o
42. Windows PowerShell Desired State Configuration Overview
Script Resource Example
Windows PowerShell Desired State Configuration (DSC) is a new management system in Windows
PowerShell that enables the deployment and management of configuration data for software services
and the environment on which these services run. To use DSC, first create a configuration script as
shown below. Note that Configuration is a new keyword, which is part of the Windows PowerShell
extensions for DSC. Each Configuration can have one or more Node blocks. Each Node block can have
one or more resource blocks. You can use the same resource more than once in the same Node block,
if you wish.
The Script resource gives you a mechanism to run Windows PowerShell script blocks on target
nodes. The TestScript block runs first. If it returns False, the SetScript block will run. The GetScript
block will run when you invoke the Get-DscConfiguration cmdlet (more on that cmdlet on the
flipside of this sheet). GetScript must return a hash table.
Configuration MyWebConfig
{
# Parameters are optional
param ($MachineName, $WebsiteFilePath)
# A Configuration block can have one or more Node blocks
Node $MachineName
{
# Next, specify one or more resource blocks
# WindowsFeature is one of the resources you can use in a Node block
# This example ensures the Web Server (IIS) role is installed
WindowsFeature IIS
{
Ensure
= "Present" # To uninstall the role, set Ensure to "Absent"
Name
= "Web-Server" # Name property from Get-WindowsFeature
}
# You can use the File resource to manage files and folders
# "WebDirectory" is the name you want to use to refer to this instance
File WebDirectory
{
Ensure
= "Present" # You can also set Ensure to "Absent“
Type
= "Directory“ # Default is “File”
Recurse
= $true
SourcePath
= $WebsiteFilePath
DestinationPath = "C:inetpubwwwroot"
DependsOn
= "[WindowsFeature]IIS" # Use for dependencies
}
}
}
To create a configuration, invoke the Configuration block the same way you would invoke a Windows
PowerShell function, passing in any expected parameters you may have defined (two in the example
above). For example, in this case:
MyWebConfig -MachineName "TestMachine" –WebsiteFilePath "filesrvWebFiles" `
-OutputPath "C:Windowssystem32temp" # OutputPath is optional
This creates a MOF file known as the configuration instance document at the path you specify. You
can run it using the Start-DscConfiguration cmdlet (more on that cmdlet on the flipside of this sheet).
Script ScriptExample
{
SetScript = {
$sw = New-Object System.IO.StreamWriter("C:TempFolderTestFile.txt")
$sw.WriteLine("Some sample string")
$sw.Close()
}
TestScript = { Test-Path "C:TempFolderTestFile.txt" }
GetScript = { <# This must return a hash table #> }
}
Registry Resource Example
The Registry resource gives you a mechanism to manage registry keys and values.
Registry RegistryExample
{
Ensure
= "Present" # You can also set Ensure to "Absent"
Key
= "HKEY_LOCAL_MACHINESOFTWAREExampleKey"
ValueName
="TestValue"
ValueData
="TestData"
}
Package Resource Example
The Package resource gives you a mechanism to install and manage packages, such as MSI and
setup.exe packages, on a target node.
Package PackageExample
{
Ensure
= "Present" # You can also set Ensure to "Absent"
Path
= "$Env:SystemDriveTestFolderTestProject.msi"
Name
= "TestPackage"
ProductId = "663A8209-89E0-4C48-898B-53D73CA2C14B"
}
Environment Resource Example
The Environment resource gives you a mechanism to manage system environment variables.
Archive Resource Example
The Archive resource gives you a mechanism to unpack archive (.zip) files at a specific path.
Archive ArchiveExample {
Ensure
= "Present" # You can also set Ensure to "Absent"
Path
= "C:UsersPublicDocumentsTest.zip"
Destination = "C:UsersPublicDocumentsExtractionPath"
Environment EnvironmentExample
{
Ensure
= "Present" # You can also set Ensure to "Absent"
Name
= "TestEnvironmentVariable"
Value
= "TestValue"
}
43. Group Resource Example
Advanced Resource Properties
The Group resource gives you a mechanism to manage local groups on the target node.
To see all the properties for a given resource, as well as the types of these properties, set the cursor on the
resource keyword and press Ctrl + Spacebar. (The resource keywords are Registry, Script, Archive, File,
WindowsFeature, Package, Environment, Group, User, Log, Service, and WindowsProcess.) All resources
have a property called DependsOn that you can use to indicate when a given resource should be configured
before another. See the User resource example for how to use it.
Group GroupExample
{
# This will remove TestGroup, if present
# To create a new group, set Ensure to "Present“
Ensure
= "Absent"
GroupName
= "TestGroup"
}
User Resource Example
The User resource gives you a mechanism to manage local user accounts on the target node.
User UserExample
{
Ensure
= "Present" # To delete a user account, set Ensure to "Absent"
UserName = "SomeName"
Password = $passwordCred # This needs to be a credential object
DependsOn = “[Group]GroupExample" # Configures GroupExample first
}
Service Resource Example
The Service resource gives you a mechanism to manage services on the target node.
Service ServiceExample
{
Name
= "TermService"
StartupType = "Manual"
}
Desired State Configuration Cmdlets
After you create a configuration as described in the Overview section on the flipside of this sheet,
you need to enact (apply) it using the Start-DscConfiguration cmdlet. Use the following command
to parse the configuration at the specified path, send each node its corresponding configuration,
and enact those configurations. This cmdlet will return a Windows PowerShell Job object which
can be useful for configurations that are long-running.
Start-DscConfiguration -Path "C:MyFolder" # Generated MOF file location
To send a configuration to a specific node and enact that configuration:
Configuration Data
This is an example of separating the node data from configuration logic. You can add more node hash tables
to the AllNodes array.
$ExampleConfigData = @{
AllNodes = @(
# NodeName "*" applies globally to all nodes in this array
@{ NodeName = "*"; RecurseValue = $true },
@{ NodeName = "Server101"; Role = "Web"; RolesToBePresent = "Web-Server";
SourceRoot = "Server106sourcepresentation"; Version = "1.0";
WebDirectory = "c:inetpubwwwroot"; RecurseValue = $false; }
);
}
Configuration CloudService
{
# The $AllNodes and $Node (current node) variables are automatic variables
Node $AllNodes.Where("Role -eq Web").NodeName {
WindowsFeature IIS
{ Ensure = "Present"; Name = $Node.RolesToBePresent }
}
}
CloudService –ConfigurationData $ExampleConfigData
Local Configuration Manager
Local Configuration Manager is the DSC engine. It runs on all nodes and is responsible for calling the
resources in the configuration script. You can modify the Local Configuration Manager settings of a target
node by including a "LocalConfigurationManager" block inside the Node block.
LocalConfigurationManager
{
RebootNodeIfNeeded = $true # Automatically reboots if required by config
ConfigurationMode
= “ApplyAndAutoCorrect" # Corrects configuration drift
}
Start-DscConfiguration -ComputerName "TestMachine" -Path "C:MyFolder"
To get the current configuration:
Set the cursor on the LocalConfigurationManager keyword and press Ctrl + Spacebar to see all the
properties you can set and their types. Only one Local Configuration Manager settings block can exist per
Node block. When you invoke a configuration that includes a Local Configuration Manager settings block,
this will create a separate MOF file for the Local Configuration Manager settings. You can then enact these
settings using the following cmdlet:
Get-DscConfiguration -CimSession $session
Set-DscLocalConfigurationManager -Path "C:MyFolder" # Generated MOF file location
To restore the previous configuration:
To set Local Configuration Manager settings using the MOF file for a specific node:
Restore-DscConfiguration -CimSession $session
Set-DscLocalConfigurationManager -ComputerName "MyNode" –Path "C:MyFolder"
Suppose you want to compare the current and actual configurations. This cmdlet returns True if
the current and actual configurations match exactly and False otherwise:
To get the Local Configuration Manager settings:
To make Start-DscConfiguration interactive, use the Wait parameter:
Start-DscConfiguration –Verbose -Wait -Path "C:MyFolder"
Test-DscConfiguration -CimSession $session
Get-DscLocalConfigurationManager -CimSession $session
44. Contact info
[pscustomobject] @{
Name = "Jan Egil Ring"
"E-mail" = "jan.egil.ring@crayon.com"
Twitter = "@JanEgilRing"
Website = "blog.powershell.no"
}
47. How does this relate?
•
System Center Configuration Manager
A management solution with extensible features focused on configuring the Enterprise
on-premise compute. By contrast PowerShell DSC is a platform technology focused on
the Cloud (servers and standard-based devices) helping to bridge development and
operations.
•
System Center Virtual Machine Manager
SCVMM is a fabric controller that manages hypervisors, network and storage; creating,
managing and configuring VMs and Services. SCVMM Service Model can call DSC during
provisioning. SCVMM Service Model and the new Cloud OS Virtual Machine Role can
leverage DSC for configuration.
•
Windows PowerShell
The automation language and platform for Windows and standards-based devices.
Extensively leveraged across Windows, Microsoft and the industry.
• We are substantially increasing the Cloud OS capabilities of Windows Server by
adding Desired State Configuration to the base platform via PowerShell.
• Overtime, just as with PowerShell original, we expect strong leverage of the
platform, making a fully integrated, better together story.
Notes de l'éditeur
Lead Architect, Crayon focusingon Microsoft InfrastructureWindows PowerShell MVP, workedwith PowerShell since it wasreleased in 2006DSC – newtechnologyintroduced in Windows Server 2012 R2/Windows 8.1 (as well as PowerShell/WMF 4.0)In essence, thissession is aboutconfiguration management – primarily for servers
Background for DSC – from a PowerShell perspectiveGoals – whatdoesthistechnologytry to solve?ArhictectureConfigurationmodelsDemosBeforegoingintothe demos we`llgothroughsomeconcepts
The original Monad Manifesto, written in 2002, which articulated the long term vision and started the development effort which became PowerShell. http://www.jsnover.com/blog/2011/10/01/monad-manifesto/Management Models -> Configuration Management
DeploymentMostlargeorganizations have somekindofdeployment system for servers, like System Center Configuration Manager.How many have a configuration management system to managethe systems afterthe initial deployment? For example: Creatingwebsites, configuringvirtualswitches in Hyper-V, configure NIC Teaming, and so on.Automated provisioning from a purpose built imageInstall and configure from checklistInstall and configure on demandConfiguration DriftAs part oftroubleshooting, an administrator mightchange a setting and forget to reset it when done. This probablyhappens all the time.Essentially, this leads to servers not consistentlyconfigured – so called «snowflake servers».
The goal is to keep servers at a pre-defined (desired) configurationstate – an analogy is to thinkofthis like carscomingoutoftheassembly line.In IT terms, insteadofcarscomingoutoftheassembly line in different models, it could be servers with different roles (web servers, domaincontrollers, etc).If allconfigurationsnecessary for a specificrole is pre-defined, the OS can be re-deployed in order to ruleoutlocal non-defaultconfigurationswhichmightcause problems. Whenworkingwith a highlyavailable, redundant setof servers, the re-deploymentof a single server should be invisible to the end users.It also makes it easier to migrate to a newer OS version.
Scale – building more serversRapid change – upgrades and softwareupdates to bring newfunctionality in order for the business to respond and capturemarket
DSC itself is not PowerShell, it`s a platformtechnology. However, PowerShell has a setoflanguageextensions to make it easy for administrators to author and apply DSC configurations.
Analogy - Picard and first officer Riker in Star Trek
Wewilllook at two PowerShell examples in order to understand thedifference
Wearedeclaringhow to performwhatweneed to accomplish.This is an imperative style, and somethingweare used to in PowerShell.f you look at the above example, we are telling PowerShell how to perform what we need to perform. The emphasis here is on how we perform a task and in the process we achieve what we need to. This is called the imperative programming/scripting style and is what we write everyday in PowerShell. We need to explicitly code how to verify the task dependencies and how the exceptions need to be handled. Going back to our example, I am explicitly checking if the Application Server role are installed or not and then install them if they are not present.
DSC is builton a declarative programming style, where we specify what we want to accomplish, not how to do it.In theaboveexamplewearebasicallystatingthe same as in the imperative syntaxexample, butwedon`tspecifyhow to implementthechange. For thatwearerelyingonthe underlying componentsof DSC. Specifically, theactualchangesareperformed by DSC resources.declarativesyntaxstateswhatwewantimperative syntaxdefineshow to accomplishIn conclusion, imperative syntaxdefineshow to accomplisha taskwhiledeclarativesyntaxstateswhatwewantto accomplish.
Beforegoing to the first demowe`ll have a look at one more concept.Idempotence is the property of certain operations in mathematics and computer science, that can be applied multiple times without changing the result beyond the initial application.A DSC configurationwill be tested over and over again at defined intervalls, butnochangeswill be madeiftheconditionshaven`tchanged (i.e. a service has beenstopped or a Windows role has beenuninstalled). This is theconceptofidempotence.
The script resourceallowsus to run PowerShell scripts – enablingus to do whatever PowerShell is capableofIt is alsopossible to createcustomresources – whichwill have a look at later on
Configuration Staging Area – Typically a management server or theITPro`sworkstation
Pull Server-FileBased-Web BasedOpens up for customimplementationssuch as configuring a DSC clientagainst a pull server during OS deployment (for example in SCCM). Thenthe GUID and computer namecould be written to a database where for example a defaultconfiguration is applied in addition to notifying a server team that a new server is added to the database. Thentheycouldapply metadata such as whatrolesthe computer should have, which in turn sends a different configuration to the DSC client. Or the administrator couldcreate a customizedconfiguration and store it onthe pull server.
For reference
Configuringthe DSC Client
Or C:\Program Files\WindowsPowerShellmodules or anothercustom location
It is alsopossible to separate theenvironmentconfiguration from thestructuralconfiguration, making it easy to re-usetheconfigurationbetween different environments (dev/test/production or different customers).
It might save yousome time to stop for a moment and considerifinvesting time in configuration management could save youboth time as well as getting a more stabilizedinfrastructure
Relates to DSC in terms ofmanaging different environments (Dev, Test, Prod) as well as manyotheraspectsof IT
How doesthisrelate to existing management products like SCCM and SC VMM?On a highlevel, DSC is a platformtechnologyfocusedonthecloud. Meaning not just Windows servers and clients, but standard-baseddeviceswhichcan be non-Windows such as a SAN-switch, a networkswitch or a Linux client.While PowerShell is the automation language and platform for Windows and standards-based devices, which DSC can be managed through.