Use PowerShell desired State Configuration to manage your environment.

1. Build your Environment
with PowerShell and
PowerShell DSC
Gian Maria Ricci

2. What is an Environment
• Set of resources needed for the software to run
– Hardware resources
– OS resources
– Software resources
• It has a specific purpose
– Production
– Testing / QA
– DEV
– …
• Needs to be managed

3. ENVIRONMENT AND
VIRTUALIZATION
Virtualization is silver bullet?

4. Environment as set of VMs
• A set of Virtual Machines, specifically prepared,
are an environment
• Thanks to cloning / virtual disk cloning we can
duplicate / recreate environment
• Advanced Virtualization Systems allows for “VM
Template” often called “Golden Images”
• You can create a new VM from Golden Image

5. Handle Pre-made environments with VM
• Virtualize and create Golden Images of
environments
• Thanks to SysPrep we can preinstall some
software (ex Sql Server)
– Generalization
– Anonymization
• “freeze” with certain OS patches
– Avoid error due to updates
– Recreate exact state of the system

6. Cross product problem
• You should provide a Golden image for each
combination
– SqlServer, IIS, IIS + Sql Server, Mongo, Mongo + IIS, ……
– It becomes impossible to create a VM for each
combination
– You can limit the explosion keeping only configuration
really used by your applications, but it does not help
• If you take into account OS Patches the combination
explodes
– Virtually each patch should create a new image
– You will literally needs Hundreds or thousands VM
Images
• Maintenance nightmare

7. Approach A
• A VM for each configuration
– Cons
• Maintenance Nightmare
• Lots of space used
– Pro
• Image immediately available
• Simple management for Devs
• Quick validation

8. Approach B
• A Base VM plus some further configuration
– Cons
• Need to manage configuration drift
• More time needed to reach a valid point
– Pro
• Less space used
• Simpler maintenance

9. Limit Golden Images to …
• Major Version of OS (WS2012, WS2012R2, RHEL7,
…)
• Some critical OS Patches (SP, etc)
• Some Difficult To Install and configure software
• Everything that cannot be automated

10. Workflow – Create Golden Image
OPS
• Create Image
• Make it accessible to DEV
DEV
• Setup Prerequisites
• Install application
• Verify Application
• Propose modification
OPS
• Update machine if needed

11. Workflow – Update Golden Image
OPS
• Modify Image
• Make it accessible to DEV
DEV
• Setup Prerequisites
• Install application
• Verify Application
• Propose modification
OPS
• Update machine if needed
• Previously validated Golden image needs to be modified
• OS Patches
• Software / Configuration patches
• …

12. Each department -> Right work
• Ops duty
– Manage virtualization environment
– Manage basic configuration of a VM
– Handle updates (Ex. critical system patches)
• Developers duty
– Quickly validate a new version of an image
– Being able to communicate configuration Drift

13. Workflow
• To validate a Golden Image DEV needs to perform
repetitive operation
– Install prerequisite
– Install software
– Run integration tests
• To setup a software OPS needs to perform the
same set of operations
• These operations needs to be well documented
• This is an area where “automation is the solution”

14. Rebuild from Metal (or Golden images)
• When an outage occur you need to minimize
– Time needed to detect that something is not
working
– Time needed to start working at the problem
– Time needed to fix the problem
• Time needed to fix cannot be estimated
• You can estimate how much time is needed to
rebuild the environment from scratch
• Often it is better to rebuild than trying to fix what
is broken.

15. DESIRED STATE
Specify environment state you need for your application to run

16. Concept of “Desired State”
• Conceptually we need to automate
1. Install prerequisite of our application
2. Install our application
• Both these operation starts from a Golden Image
or bare metal
• We need to bring the environment from actual
State to a State where the application can be
installed
• This is what we call “Desired State”

17. Ex: Install IIS
• We can do a script with this pseudocode
– Test if IIS is installed
– If not installed install it
– Verify if it is started
– If not started start it
– …
• We need to check actual state and take
appropriate action
• Script can become complicated

18. DSC: POWERSHELL DESIRED STATE
CONFIGURATION
Microsoft proposition to manage state of an environment

19. Solution: specify Desired State
• We can use PowerShell DSC to specify a Desired
State
• All you need to do is specify the state you need
• It is similar to puppet/chef
• Everything related to real configuration is done by
a “resource”
• Microsoft gives you many resources to manage OS
and Software.
• You can write (or find in open source) additional
resources.

20. Three phases
• Authoring
– Authoring a configuration with various tools
– Produces a Mof file storing information of the
configuration
• Staging
– Make Mof available
• Make It So
– Apply configuration

21. Make It So

22. Make It So

23. Pull or Push model

24. Run imperative PowerShell code
• You can mix DSC and imperative instructions
• You can pack scripts inside a custom resource
• Remember that DSC is a part of PowerShell, you
can use any PowerShell instruction you need

25. Avoid confusion
• DSC is often used / presented as a “way to deploy
software”
• Remember that DSC is a library to bring a system
in a desired state
• A Typical problem: you need to install a Windows
Service
– First install is ok
– Update version, you can only specify if service
should be running or not

26. Deploy with multiple states
• A first State is required to start the deploy
– Service are stopped
– Sites are stopped
• A second DSC State (or imperative PowerShell) is
required to physically update
– Copy new version of the site on a folder
– Overwrite Windows Service with new version
• A final State is used to restart Everything
– Service are started
– Sites are running

27. MORE COMPLEX DSC
Let’s see something more complex to deploy a site + database