Jan Egil Ring - Get started with windows power shell desired state configuration


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Lead Architect, Crayon focusingon Microsoft InfrastructureWindows PowerShell MVP, workedwith PowerShell since it wasreleased in 2006DSC – newtechnologyintroduced in Windows Server 2012 R2/Windows 8.1 (as well as PowerShell/WMF 4.0)In essence, thissession is aboutconfiguration management – primarily for servers
  • Background for DSC – from a PowerShell perspectiveGoals – whatdoesthistechnologytry to solve?ArhictectureConfigurationmodelsDemosBeforegoingintothe demos we`llgothroughsomeconcepts
  • The original Monad Manifesto, written in 2002, which articulated the long term vision and started the development effort which became PowerShell. http://www.jsnover.com/blog/2011/10/01/monad-manifesto/Management Models -> Configuration Management
  • DeploymentMostlargeorganizations have somekindofdeployment system for servers, like System Center Configuration Manager.How many have a configuration management system to managethe systems afterthe initial deployment? For example: Creatingwebsites, configuringvirtualswitches in Hyper-V, configure NIC Teaming, and so on.Automated provisioning from a purpose built imageInstall and configure from checklistInstall and configure on demandConfiguration DriftAs part oftroubleshooting, an administrator mightchange a setting and forget to reset it when done. This probablyhappens all the time.Essentially, this leads to servers not consistentlyconfigured – so called «snowflake servers».
  • The goal is to keep servers at a pre-defined (desired) configurationstate – an analogy is to thinkofthis like carscomingoutoftheassembly line.In IT terms, insteadofcarscomingoutoftheassembly line in different models, it could be servers with different roles (web servers, domaincontrollers, etc).If allconfigurationsnecessary for a specificrole is pre-defined, the OS can be re-deployed in order to ruleoutlocal non-defaultconfigurationswhichmightcause problems. Whenworkingwith a highlyavailable, redundant setof servers, the re-deploymentof a single server should be invisible to the end users.It also makes it easier to migrate to a newer OS version.
  • Scale – building more serversRapid change – upgrades and softwareupdates to bring newfunctionality in order for the business to respond and capturemarket
  • DSC itself is not PowerShell, it`s a platformtechnology. However, PowerShell has a setoflanguageextensions to make it easy for administrators to author and apply DSC configurations.
  • Analogy - Picard and first officer Riker in Star Trek
  • Wewilllook at two PowerShell examples in order to understand thedifference
  • Wearedeclaringhow to performwhatweneed to accomplish.This is an imperative style, and somethingweare used to in PowerShell.f you look at the above example, we are telling PowerShell how to perform what we need to perform. The emphasis here is on how we perform a task and in the process we achieve what we need to. This is called the imperative programming/scripting style and is what we write everyday in PowerShell. We need to explicitly code how to verify the task dependencies and how the exceptions need to be handled. Going back to our example, I am explicitly checking if the Application Server role are installed or not and then install them if they are not present.
  • DSC is builton a declarative programming style, where we specify what we want to accomplish, not how to do it.In theaboveexamplewearebasicallystatingthe same as in the imperative syntaxexample, butwedon`tspecifyhow to implementthechange. For thatwearerelyingonthe underlying componentsof DSC. Specifically, theactualchangesareperformed by DSC resources.declarativesyntaxstateswhatwewantimperative syntaxdefineshow to accomplishIn conclusion, imperative syntaxdefineshow to accomplisha taskwhiledeclarativesyntaxstateswhatwewantto accomplish.
  • Beforegoing to the first demowe`ll have a look at one more concept.Idempotence is the property of certain operations in mathematics and computer science, that can be applied multiple times without changing the result beyond the initial application.A DSC configurationwill be tested over and over again at defined intervalls, butnochangeswill be madeiftheconditionshaven`tchanged (i.e. a service has beenstopped or a Windows role has beenuninstalled). This is theconceptofidempotence.
  • The script resourceallowsus to run PowerShell scripts – enablingus to do whatever PowerShell is capableofIt is alsopossible to createcustomresources – whichwill have a look at later on
  • Configuration Staging Area – Typically a management server or theITPro`sworkstation
  • Pull Server-FileBased-Web BasedOpens up for customimplementationssuch as configuring a DSC clientagainst a pull server during OS deployment (for example in SCCM). Thenthe GUID and computer namecould be written to a database where for example a defaultconfiguration is applied in addition to notifying a server team that a new server is added to the database. Thentheycouldapply metadata such as whatrolesthe computer should have, which in turn sends a different configuration to the DSC client. Or the administrator couldcreate a customizedconfiguration and store it onthe pull server.
  • For reference
  • Configuringthe DSC Client
  • Or C:\Program Files\WindowsPowerShellmodules or anothercustom location
  • It is alsopossible to separate theenvironmentconfiguration from thestructuralconfiguration, making it easy to re-usetheconfigurationbetween different environments (dev/test/production or different customers).
  • It might save yousome time to stop for a moment and considerifinvesting time in configuration management could save youboth time as well as getting a more stabilizedinfrastructure
  • Relates to DSC in terms ofmanaging different environments (Dev, Test, Prod) as well as manyotheraspectsof IT
  • How doesthisrelate to existing management products like SCCM and SC VMM?On a highlevel, DSC is a platformtechnologyfocusedonthecloud. Meaning not just Windows servers and clients, but standard-baseddeviceswhichcan be non-Windows such as a SAN-switch, a networkswitch or a Linux client.While PowerShell is the automation language and platform for Windows and standards-based devices, which DSC can be managed through.
  • Jan Egil Ring - Get started with windows power shell desired state configuration

    1. 1. Jan Egil Ring Get Started with Windows PowerShell Desired State Configuration
    2. 2. Agenda • Background • Goals • Desired State Configuration Arhictecture • Configuration models • Demos
    3. 3. Background 1. 2. 3. 4. 5. Monad Monad Monad Monad Monad Monad Manifesto Automation Model (v1) Shell (v1) Remote Scripting (v2) Management Console (v3) Management Models (v4) www.jsnover.com/blog/2011/10/01/ monad-manifesto
    4. 4. Goal
    5. 5. Goal
    6. 6. The Good and the Bad Scale means… Business is However… growing!! More servers => More Failures Scale * Complexity Exceeds Skill Rapid change Can respond and capture market means… However… More Change => More Failures Change is Primary cause of outage Life in the Cloud… (management) Rapid change, at scale, with constant failures
    7. 7. PowerShell Desired State Configuration Enables you to ensure that the components of your data center have the correct configuration Allows “continuous deployment” and prevents “configuration drift” Uses language extensions and providers to enable declarative, autonomous and idempotent (repeatable) Deployment, Configuration and Conformance of standards-based managed elements
    8. 8. Imperative versus declarative syntax • Unfamiliar for ITPro`s with no developer background • Essential to understand in order to see the benefits of DSC and how it is implemented
    9. 9. Imperative syntax
    10. 10. Declarative syntax
    11. 11. Idempotence “ .. operations .. that can be applied multiple times without changing the result beyond the initial application” In practice: If the conditions haven`t changed, the result doesn`t change
    12. 12. Demo Defining and applying a DSC configuration
    13. 13. DSC Resources Bult-in resources for: • Enabling or disabling server roles and features • Managing registry settings • Managing files and folders • Starting, stopping and managing processes and services • Managing local user and group accounts • Deploying new software packages • Managing environment variables • Running Windows PowerShell scripts Archive Group Process Script Environment Log Registry Service File Package Role User
    14. 14. Architecture Two configuration models: • Push Model • Pull Model
    15. 15. Push Model Authoring Phase (May include imperative as well as declarative code) PS V1, V2, V3 PS V4*** Staging Phase - Fully declarative configuration representation using DMTF standard MOF instances - Configuration is calculated for all nodes Configuration Staging Area (Contains DSC data) 3rd party languages and tools *** When authoring in PowerShell, on top of PSV3 imperative features, PSV4 adds: • Declarative syntax extensions • Schema-driven Intellisense • Schema validation (early-binding) “Make it So” Phase (Declarative configuration is reified through imperative providers.) Local Configuration Store Parser and Dispatcher Imperative Providers Providers implement changes: • Monotonic • Imperative • Idempotent
    16. 16. Pull Model Authoring Phase (May include imperative as well as declarative code) PS V1, V2, V3 PS V4*** 3rd party languages and tools Staging Phase - Fully declarative configuration representation using DMTF standard MOF instances - Configuration is calculated for all nodes Pull Server (Contains DSC data and Modules) *** When authoring in PowerShell, on top of PSV3 imperative features, PSV4 adds: • Declarative syntax extensions • Schema-driven Intellisense • Schema validation (early-binding) “Make it So” Phase (Declarative configuration is reified through imperative providers.) Local Configuration Store Parser and Dispatcher Imperative Providers Providers implement changes: • Monotonic • Imperative • Idempotent
    17. 17. Components • PowerShell Language Extensions • • MOF Instance doc • • Component on the managed node that coordinates the reception and application of configuration data for that node. Configuration Agent (CA) • • File system storage of pending, current and previous configuration Local Configuration Manager (LCM) • • A rich, high-performance, standards-based management stack that is suitable for a wide range of management applications. Local Configuration Store • • Configuration document that is delivered to managed nodes WMI Service • • Used by DevOps / Operations to define and generate configuration doc, then deploy to and manage configuration for managed nodes Component that interprets configuration data and enacts any changes needed to bring the physical system state into alignment with the expressed configuration. Resource Provider • Process configuration for a single resource. i.e.: Network Card, Disk, etc.
    18. 18. Demo Configuring the Local Configuration Manager
    19. 19. File Download Manager • • • • • • SMB File Share Best practice to use a DFS path Computer accounts needs read permission Node name must be a GUID Checksum for configuration files necessary Local Configuration Manager configuration must be configured to use Pull mode and the DSCFileDownloadManager
    20. 20. Demo environment Windows Azure Azuredc01 Domain Controller DSC SMB Pull Server Azuremgmt01 Management Server Azureweb01 Web Server DSC Web Pull Server
    21. 21. Demo Configuring Pull Server using File Download Manager
    22. 22. Web Download Manager • • • • • Server role in Windows Server 2012 R2 Needs to be configured after installation No inbox tooling to configure xDscWebService resource that makes a node a DSC Pull Server available in a collection of DSC Resources produced by the PowerShell Team Local Configuration Manager configuration must be configured to use Pull mode and the WebDownloadManager
    23. 23. Demo Configuring Pull Server using Web Download Manager
    24. 24. DSC Resources • Built-In Windows PowerShell Desired State Configuration Resources • • Build Custom Windows PowerShell Desired State Configuration Resources • • http://technet.microsoft.com/en-us/library/dn249921.aspx http://technet.microsoft.com/en-us/library/dn249927.aspx DSCPack_ResourceDesigner • http://blogs.msdn.com/b/powershell/archive/2013/11/19/resource-designer-tool-a-walkthrough-writing-a-dscresource.aspx
    25. 25. DSC Resources • Desired State Configuration (DSC) Resource Kit • http://blogs.msdn.com/b/powershell/archive/2013/12/26/holidaygift-desired-state-configuration-dsc-resource-kit-wave-1.aspx • PowerShell Community DSC Modules • https://github.com/PowerShellOrg/DSC Resource xComputer xVHD xVMHyperV xVMSwitch xDNSServerAddress xIPAddress xDSCWebService xWebsite Description Name a computer and add it to a domain/workgroup Create and managed VHDs Create and manage a Hyper-V Virtual Machine Create and manage a Hyper-V Virtual Switch Bind a DNS Server address to one or more NIC Configure IPAddress (v4 and v6) Configure DSC Service (aka Pull Server) Deploy and configure a website on IIS
    26. 26. Configuration and Continuous Deployment Intent Environment Configuration $SystemDrive = "C:" $DemoFolder = "$SystemDriveDemo" $global:WebServerCount = 3 … Structural Configuration WindowsFeature IIS { Name = "Web-Server" Ensure = "Present" } … (Dev -> Test -> Production) Make It So Idempotent Automation foreach -parallel ($featureName in $Name) { $feature = Get-WindowsFeature -Name $featureName if(($Ensure -eq "Present") -and (!$feature.Installed)) { Install-WindowsFeature -Name $featureName } …. } …
    27. 27. Separating "What" from "Where" http://blogs.msdn.com/b/powershell/archive/2014/01/09/continuousdeployment-using-dsc-with-minimal-change.aspx
    28. 28. PowerShell DSC (V1) • Declarative Configuration Syntax in PowerShell Language • Local Configuration Manager • Receives MOF documents declaring desired state of Node • Downloads and invokes idempotent resources to reify (make it so) • Simple “Pull Server” • Leverages and Creates an Ecosystem
    29. 29. Observations • Need a language to express desired state easily • Need components with associated properties (Types) • Need an agent to “Make It So” • Note: Nothing said about “How” • Declarative vs Imperative • Need Idempotence (repeatable) • Need both Push Model and Pull Model • Want to compare Actual and Expected States
    30. 30. DSC available as part of WMF 4.0 • DSC authoring • Declarative Configuration Syntax in PowerShell • DSC client • Local Configuration Manager http://social.technet.microsoft.com/wiki/c ontents/articles/21016.how-to-installwindows-powershell-4-0.aspx
    31. 31. Related 3rd party products • Chef • Puppet • CFEngine
    32. 32. Chef www.getchef.com/chef
    33. 33. Chef integration with DSC http://www.getchef.com/blog/2013/08/19/opscode-chef-delivers-robust-opensource-automation-platform-for-windows-environments/
    34. 34. Puppet http://puppetlabs.com
    35. 35. CFEngine http://cfengine.com
    36. 36. Summary DSC • Platform feature to build upon • Simplify configuration • Enable continuous deployment • Prevent configuration drift • Create an ecosystem • V1 – expect rapid changes in upcoming versions
    37. 37. Key Takeaways • Take time to think of how you do configuration management • Start evaluating DSC
    38. 38. Book Recommendation • The Phoenix Project • http://blog.powershell.no/2014/01/08/book-recommendation-the-phoenix-project/
    39. 39. Links & Resources • Demos and slides available here: • http://sdrv.ms/19khLBR • I`ll tweet the URL - @JanEgilRing / #nicconf • http://technet.microsoft.com/en-us/library/dn249912.aspx • http://blogs.msdn.com/b/powershell/archive/tags/DSC • https://connect.microsoft.com/PowerShell/SearchResults.as px?SearchQuery=dsc • http://powershell.org/wp/?s=dsc
    40. 40. Microsoft Technology User Group • Server Manager Administration with Windows PowerShell • Presenter: Aleksandar Nikolic • Location: University of Oslo • When: January 20th, 18.00 • Registration: bit.ly/19QvD1o
    41. 41. Windows PowerShell Desired State Configuration Overview Script Resource Example Windows PowerShell Desired State Configuration (DSC) is a new management system in Windows PowerShell that enables the deployment and management of configuration data for software services and the environment on which these services run. To use DSC, first create a configuration script as shown below. Note that Configuration is a new keyword, which is part of the Windows PowerShell extensions for DSC. Each Configuration can have one or more Node blocks. Each Node block can have one or more resource blocks. You can use the same resource more than once in the same Node block, if you wish. The Script resource gives you a mechanism to run Windows PowerShell script blocks on target nodes. The TestScript block runs first. If it returns False, the SetScript block will run. The GetScript block will run when you invoke the Get-DscConfiguration cmdlet (more on that cmdlet on the flipside of this sheet). GetScript must return a hash table. Configuration MyWebConfig { # Parameters are optional param ($MachineName, $WebsiteFilePath) # A Configuration block can have one or more Node blocks Node $MachineName { # Next, specify one or more resource blocks # WindowsFeature is one of the resources you can use in a Node block # This example ensures the Web Server (IIS) role is installed WindowsFeature IIS { Ensure = "Present" # To uninstall the role, set Ensure to "Absent" Name = "Web-Server" # Name property from Get-WindowsFeature } # You can use the File resource to manage files and folders # "WebDirectory" is the name you want to use to refer to this instance File WebDirectory { Ensure = "Present" # You can also set Ensure to "Absent“ Type = "Directory“ # Default is “File” Recurse = $true SourcePath = $WebsiteFilePath DestinationPath = "C:inetpubwwwroot" DependsOn = "[WindowsFeature]IIS" # Use for dependencies } } } To create a configuration, invoke the Configuration block the same way you would invoke a Windows PowerShell function, passing in any expected parameters you may have defined (two in the example above). For example, in this case: MyWebConfig -MachineName "TestMachine" –WebsiteFilePath "filesrvWebFiles" ` -OutputPath "C:Windowssystem32temp" # OutputPath is optional This creates a MOF file known as the configuration instance document at the path you specify. You can run it using the Start-DscConfiguration cmdlet (more on that cmdlet on the flipside of this sheet). Script ScriptExample { SetScript = { $sw = New-Object System.IO.StreamWriter("C:TempFolderTestFile.txt") $sw.WriteLine("Some sample string") $sw.Close() } TestScript = { Test-Path "C:TempFolderTestFile.txt" } GetScript = { <# This must return a hash table #> } } Registry Resource Example The Registry resource gives you a mechanism to manage registry keys and values. Registry RegistryExample { Ensure = "Present" # You can also set Ensure to "Absent" Key = "HKEY_LOCAL_MACHINESOFTWAREExampleKey" ValueName ="TestValue" ValueData ="TestData" } Package Resource Example The Package resource gives you a mechanism to install and manage packages, such as MSI and setup.exe packages, on a target node. Package PackageExample { Ensure = "Present" # You can also set Ensure to "Absent" Path = "$Env:SystemDriveTestFolderTestProject.msi" Name = "TestPackage" ProductId = "663A8209-89E0-4C48-898B-53D73CA2C14B" } Environment Resource Example The Environment resource gives you a mechanism to manage system environment variables. Archive Resource Example The Archive resource gives you a mechanism to unpack archive (.zip) files at a specific path. Archive ArchiveExample { Ensure = "Present" # You can also set Ensure to "Absent" Path = "C:UsersPublicDocumentsTest.zip" Destination = "C:UsersPublicDocumentsExtractionPath" Environment EnvironmentExample { Ensure = "Present" # You can also set Ensure to "Absent" Name = "TestEnvironmentVariable" Value = "TestValue" }
    42. 42. Group Resource Example Advanced Resource Properties The Group resource gives you a mechanism to manage local groups on the target node. To see all the properties for a given resource, as well as the types of these properties, set the cursor on the resource keyword and press Ctrl + Spacebar. (The resource keywords are Registry, Script, Archive, File, WindowsFeature, Package, Environment, Group, User, Log, Service, and WindowsProcess.) All resources have a property called DependsOn that you can use to indicate when a given resource should be configured before another. See the User resource example for how to use it. Group GroupExample { # This will remove TestGroup, if present # To create a new group, set Ensure to "Present“ Ensure = "Absent" GroupName = "TestGroup" } User Resource Example The User resource gives you a mechanism to manage local user accounts on the target node. User UserExample { Ensure = "Present" # To delete a user account, set Ensure to "Absent" UserName = "SomeName" Password = $passwordCred # This needs to be a credential object DependsOn = “[Group]GroupExample" # Configures GroupExample first } Service Resource Example The Service resource gives you a mechanism to manage services on the target node. Service ServiceExample { Name = "TermService" StartupType = "Manual" } Desired State Configuration Cmdlets After you create a configuration as described in the Overview section on the flipside of this sheet, you need to enact (apply) it using the Start-DscConfiguration cmdlet. Use the following command to parse the configuration at the specified path, send each node its corresponding configuration, and enact those configurations. This cmdlet will return a Windows PowerShell Job object which can be useful for configurations that are long-running. Start-DscConfiguration -Path "C:MyFolder" # Generated MOF file location To send a configuration to a specific node and enact that configuration: Configuration Data This is an example of separating the node data from configuration logic. You can add more node hash tables to the AllNodes array. $ExampleConfigData = @{ AllNodes = @( # NodeName "*" applies globally to all nodes in this array @{ NodeName = "*"; RecurseValue = $true }, @{ NodeName = "Server101"; Role = "Web"; RolesToBePresent = "Web-Server"; SourceRoot = "Server106sourcepresentation"; Version = "1.0"; WebDirectory = "c:inetpubwwwroot"; RecurseValue = $false; } ); } Configuration CloudService { # The $AllNodes and $Node (current node) variables are automatic variables Node $AllNodes.Where("Role -eq Web").NodeName { WindowsFeature IIS { Ensure = "Present"; Name = $Node.RolesToBePresent } } } CloudService –ConfigurationData $ExampleConfigData Local Configuration Manager Local Configuration Manager is the DSC engine. It runs on all nodes and is responsible for calling the resources in the configuration script. You can modify the Local Configuration Manager settings of a target node by including a "LocalConfigurationManager" block inside the Node block. LocalConfigurationManager { RebootNodeIfNeeded = $true # Automatically reboots if required by config ConfigurationMode = “ApplyAndAutoCorrect" # Corrects configuration drift } Start-DscConfiguration -ComputerName "TestMachine" -Path "C:MyFolder" To get the current configuration: Set the cursor on the LocalConfigurationManager keyword and press Ctrl + Spacebar to see all the properties you can set and their types. Only one Local Configuration Manager settings block can exist per Node block. When you invoke a configuration that includes a Local Configuration Manager settings block, this will create a separate MOF file for the Local Configuration Manager settings. You can then enact these settings using the following cmdlet: Get-DscConfiguration -CimSession $session Set-DscLocalConfigurationManager -Path "C:MyFolder" # Generated MOF file location To restore the previous configuration: To set Local Configuration Manager settings using the MOF file for a specific node: Restore-DscConfiguration -CimSession $session Set-DscLocalConfigurationManager -ComputerName "MyNode" –Path "C:MyFolder" Suppose you want to compare the current and actual configurations. This cmdlet returns True if the current and actual configurations match exactly and False otherwise: To get the Local Configuration Manager settings: To make Start-DscConfiguration interactive, use the Wait parameter: Start-DscConfiguration –Verbose -Wait -Path "C:MyFolder" Test-DscConfiguration -CimSession $session Get-DscLocalConfigurationManager -CimSession $session
    43. 43. Contact info [pscustomobject] @{ Name = "Jan Egil Ring" "E-mail" = "jan.egil.ring@crayon.com" Twitter = "@JanEgilRing" Website = "blog.powershell.no" }
    44. 44. Please evaluate the session before you leave 
    45. 45. Demo Desired State Configuration (DSC) Resource Kit
    46. 46. How does this relate? • System Center Configuration Manager A management solution with extensible features focused on configuring the Enterprise on-premise compute. By contrast PowerShell DSC is a platform technology focused on the Cloud (servers and standard-based devices) helping to bridge development and operations. • System Center Virtual Machine Manager SCVMM is a fabric controller that manages hypervisors, network and storage; creating, managing and configuring VMs and Services. SCVMM Service Model can call DSC during provisioning. SCVMM Service Model and the new Cloud OS Virtual Machine Role can leverage DSC for configuration. • Windows PowerShell The automation language and platform for Windows and standards-based devices. Extensively leveraged across Windows, Microsoft and the industry. • We are substantially increasing the Cloud OS capabilities of Windows Server by adding Desired State Configuration to the base platform via PowerShell. • Overtime, just as with PowerShell original, we expect strong leverage of the platform, making a fully integrated, better together story.