Chef andwindows reactor

Configuration Management for
Windows Server with Chef and DSC

Jeffrey Snover
Microsoft Technical Fellow
Lead Architect for Enterprise Cloud Group
@jsnover

Steven Murawski
Principal Engineer @ Chef
Microsoft MVP – Cloud and Datacenter Management
@stevenmurawski

Agenda
• The Evolution of Windows Server and Automation
• State of Configuration Management On Windows Server
• Configuring Windows Server With Desired State Configuration (DSC)
• Configuring Windows Server With Chef
• Why Use DSC With Chef?
• Bringing Legacy Infrastructure Under Control
• Windows Server – Present and Future

LAB Machine Setup
• RDP In
USERNAME: ChefPowerShell
PASSWORD: P2ssw0rd!
• Open PowerShell from the ChefDK shortcut
• Run chef-apply c:/setup.rb
On with the class!

Evolution of Windows Server
Server for the Masses
Enterprise Servers
Datacenter Servers
Cloud Servers

The Evolution of Automation on Windows Server
• 2006 - Windows PowerShell V1
Interactive Shell, Scripting Language, .Net cmdlets
• 2009 – Windows PowerShell V2
Remoting, script cmdlets, modules
WMIv2 cmdlets, jobs
Desired State configuration
• 2015/2016 – Windows PowerShell V5 RTM
DSC+++, Classes, Pester & Operational Validation Framework, Package mgmt., JEA,
Remoting improvements, Security+++

• What they are really asking is:
Why not:
Salt?
Chef?
Ansible?
Puppet?
CFEngine?
GuardRail?
BrewMaster?
• Lots of great tools for Unix, why not just use them?
Why DSC?

“Why PowerShell DSC?”
is the wrong question

• Why PowerShell?
• Why not just use *sh and the Unix utils?
Right Question

• If you can edit files and restart processes, you can manage Unix
• awk, grep, sed are management tools
Unix is a document-oriented OS

• awk didn’t work against WMI
• grep didn’t work against Active Directory
• sed didn’t work against Registry
Windows is an API-oriented OS

• Unix CM tools “hit a brick wall” managing Windows
• Need tools which work against an API-oriented OS
Why DSC?

State of Configuration Management On Windows
Server
• Until Desired State Configuration there
were MMCs and WMI as the default admin interface on Windows Server
was no central standard for administrative automation and configuration (modulo GP for
clients)
Chef and Puppet worked on Windows, mostly as very thin wrappers over a bunch of
PowerShell
• Enter Desired State Configuration (DSC) platform which
identified a standard for how to define configuration management tasks
supports a growing ecosystem of configuration management resources
enables a resource-sharing hub – the PowerShell Gallery
DSC enables a rich ecosystem of CM tools that will compete on features vs coverage

Configuring Windows Server
With Desired State Configuration
• New Keywords
Configuration
Node
Import-DscResource
https://github.com/smu
rawski/chef-and-
windows-lab
• New Automatic Variables
ConfigurationData
AllNodes
Node
• Resources
Binary
Script
WMI
Class-based

wusa C:Win8.1AndW2K12R2-KB3134758-x64.msu

LAB Exercise 1 – Build and Apply a
Basic Configuration
https://github.com/smurawski/chef-and-windows-
lab/tree/master/exercise-1

Configuring Windows Server With Chef
• Chef is a mature platform with evolving capabilities around
Audit and Compliance
Reporting and Analytics
Continuous Delivery for Applications and Infrastructure
• Chef has embraced DSC and the Windows Server management model
One of the first partners integrating DSC
Started shipping support for DSC in September 2014

Why Use DSC with Chef?
• DSC is great and Chef is great
• DSC is a platform feature, not an end to end solution
• DSC has some rough edges
• How Chef helps
• What DSC offers to Chef

Both systems have strong capabilities on their own.
Chef is a mature, flexible automation platform.
DSC is built into the Windows operating system and has a growing ecosystem of resources.
• How Chef helps

DSC primarily is a platform feature (the Local Configuration Manager and the patterns for
resources).
DSC has limited constructs for separating out environment specific data.
There are workflow and management limits.
You will need to build some tooling.
• How Chef helps

Resources in a configuration cannot execute conditionally.
Resources cannot be reused inside other resources (outside of composite resources).
Parameters to resources have to be provided ahead of time.
• How Chef helps

• How Chef helps
Use run-time information to determine how policy is applied.
Constructs for modeling your environmental data – roles, environments, data bags, and
policyfiles.
Workflow tooling in the Chef Development Kit (ChefDK), to help scaffold and extend projects.
Strong community of test tools including lint, syntax, unit, and integration/acceptance.
Compliance as a first-class citizen (testing tools, Audit mode, and Chef Compliance).
Chef server makes configuration and environment data available for reporting and during
configuration management tasks.

• How Chef helps
Resources, resources, and more resources.

LAB Exercise 2 – Build and Apply a
Basic Chef Recipe
https://github.com/smurawski/chef-and-windows-

Where Should I Use DSC Resources vs. Chef
Resources?
• 5 Questions For IT Operations
Is there a cookbook with resources or recipes on Supermarket that meets the use case?
Is there a DSC resource in PowerShell Gallery that meets the use case?
How easily can I test that the (recipe/resource) meets my need?
Is my team stronger in Ruby or PowerShell?
What kind of community support is out there for the recipe/resource?

Resources?
Very often the presence of a community resource or recipe can get us 80 to 90% of the way to
solving our problem.
Even when there is overlap, there can be differences in their behavior.

Resources?
Probably the most important aspect, if you cannot verify what the resource or recipe does, you cannot
trust the resource in production.

Resources?
If you have to build a custom resource or modify an existing one, where does your team’s skillset lie?
You will need to troubleshoot the application of resources at some point.

Resources?
One of the greatest parts of the Chef and PowerShell communities is the depth of the community support.
DSC is still fairly new in the PowerShell community.

Resources?
• For ISV (Independent Software Vendors),
if you build software to run on Windows Server
THERE
IS
NO
QUESTION
BUILD DSC RESOURCES

Windows Server 2016
• Great server for
the Masses, the Enterprise, the Datacenter and now the Cloud
• Cloud Competitive OS
Small and Fast
Devops friendly
Minimize attack service
Minimize patches/reboots
• Ergo:
NanoServer
Desired State Configuration +++
WSA, Pkg Mgmt, Pester, OVT, JIT, JEA, Containers & Docker
Remote Management Tool & Emergency Mgmt Console
PowerShell Core

Bringing Legacy Infrastructure Under Control
• When you have to make a change in a legacy code base,
here is an algorithm you can use.
Identify change points.
Find test points.
Break dependencies.
Write tests.
Make changes and refactor.
Source: Feathers, Michael C. Working Effectively with Legacy Code. Upper Saddle River, NJ: Prentice Hall PTR,
2004.

Bringing Legacy Infrastructure Under Control
• There is no “easy” button

LAB Exercise 3 – Using Pester To
Define Acceptance Tests For Legacy
Infrastructurehttps://github.com/smurawski/chef-and-windows-

Questions?
Non-bullet slide subtitle

More Resources
• https://learn.chef.io
• https://msdn.microsoft.com/powershell
• http://stevenmurawski.com/devops-reading-list
• http://aka.ms/thereleasepipelinemodel (or http://aka.ms/trpm )
• https://supermarket.chef.io
• https://powershellgallery.com
• https://github.com/powershell
• https://github.com/chef-cookbooks

Chef andwindows reactor

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (19)

Similar to Chef andwindows reactor

Similar to Chef andwindows reactor (20)

More from Chef

More from Chef (20)

Recently uploaded

Recently uploaded (20)

Chef andwindows reactor

Editor's Notes