Windows Powershel l DSC for Veteran Chef
S T E V E N M U R A W S K I - @ S t e v e n M u r a w s k i
D A M I E N C A R O - @ d c a r o
A p r i l 2 , 2 0 1 5
• What i s DSC ?• D S C C o n f i g u r a t i o n S y n t a x
• U n d e r s t a n d i n g L C M
• D S C R e s o u r c e s
• Chef /DSC In tegra t ion• d s c _ s c r i p t
• d s c _ r e s o u r c e
• S e n s i t i v e d a t a
Agenda
• DSC is a management p la t form i n Windows Powershe l l • S t a n d a r d A P I f o r c o n f i g u r a t i o n m a n a g e m e n t
• D e p l o y i n g a n d m a n a g i n g c o n f i g u r a t i o n d a t a
• M a n a g i n g e n v i r o n m e n t
• I s a fea tu re o f Windows Management F ramework (WMF)• Prov ide bas ic resources • Can be ex tended
• D S C R e s o u r c e K i t ( c u r r e n t l y w a v e 1 0 )
• P o w e r s h e l l . o r g c o m m u n i t y r e s o u r c e s
What i s DSC ?
DSC Arch i tec tu re
DSC Engine
PowerShell
CM ToolsUI
3rd Party Engine
Logging Reporting Module Pull
PS DSCExtension point
DSC Resources
DSC is the built-in configuration platform for
Microsoft
• LCM = Loca l Conf igura t ion Manager• I s the Powershe l l DSC eng ine• Bui ld on indus t ry s tandards
• D M T F s t a n d a r d s W S M a n / C I M
• Runs on ta rge t nodes and ca l l s the con f igura t ion resources inc luded in the DSC con f igura t ion document
Unders tand ing LCM
• Quar te r l y p rev iews• Exper imenta l des ign & S tab le des ign• Exper imenta l fea tu res :
• P S S c r i p t A n a l y s e r ( s t a t i c c o d e a n a l y s i s o f W i n d o w s P o w e r s h e l l a r t i f a c t s )
• S u p p o r t f o r i n h e r i t a n c e w i t h c l a s s e s i n W i n d o w s P o w e r s h e l l
• D S C R e s o u r c e d e b u g g i n g
• S u p p o r t f o r n e w R e f r e s h M o d e
• P a r t i a l c o n f i g u r a t i o n s s u p p o r t m i x e d R e f r e s h M o d e s
WMF 5
• Deploy a Webs i te on Windows• Requ i rements
• W i n d o w s 2 0 1 2 R 2 + W M F 4 +
• C h e f c l i e n t v 1 2 . 2 . 1
• I s o n t h e m a c h i n e s a u t o m a t i c a l l y p r o v i s i o n e d i n A z u r e
Scenar io
Chef and DSCFeature DSC Chef
Configuration as Code Yes Yes
Domain Specific Language (DSL) Yes Yes
DSL embedded within Script Language Yes - PowerShell Yes – Ruby
“Resource” Concept Yes Yes
Configurable resource attributes Yes – “Property” Yes – “Attribute”
Idempotence of operations Yes Yes
Convergence Yes Yes
Client agent / tool Yes – LCM / Start-DSCConfiguration
Yes – chef-client / chef-client
Chef and DSCFeature DSC Chef
Configuration as Code Yes Yes
Domain Specific Language (DSL) Yes Yes
DSL embedded within Script Language Yes - PowerShell Yes – Ruby
“Resource” Concept Yes Yes
Configurable resource attributes Yes – “Property” Yes – “Attribute”
Idempotence of operations Yes Yes
Convergence Yes Yes
Client agent / tool Yes – LCM / Start-DSCConfiguration
Yes – chef-client / chef-client
Chef and DSC
# Chef
env 'editor' do
key_name "EDITOR" value "emacs"
end
# DSC
environment editor{ Name = "EDITOR" Value = "emacs" }
Chef resources
• dsc_scr ip t• dsc_resource• Sens i t i ve da ta
• DSC code i s embedded in the che f code
dsc_scr ip t
dsc_script 'myexample1' do code <<-EOH File TestFile { Ensure = "Present" DestinationPath= "c:\\demo\\test.txt" Contents= "Hello World" } EOHend
• DSC code i s embedded in the che f code
• Can use no t i f i ca t ion
dsc_resource
dsc_resource 'myexample2' do
resource :windowsfeatureproperty :ensure, "Present"property :name, "Web-Server"
end
DSC Resource
file myfile{ Ensure = "Present" DestinationPath = "c:\\demo\\test.txt" Contents = "Hello World"}
Chef dsc_resource
dsc_resource 'myfile' do resource :file property :ensure, "Present" property :destinationpath, "c:\\demo\\test.txt" property :contents, "Hello World"end
dsc_resource
• Set the Ref reshMode proper ty o f LCM to Disabled• Ensure the DSC LCM does no t con f l i c t w i th the cons is tency
equ iva len t opera t ion f rom Chef
LCM cons idera t ions
Configuration LCMSettings { Node localhost { Settings { RefreshMode = "Disabled" } }}
Sens i t i ve da ta
Encrypted databags
Chef client
In memory, on the node
Secure string
Powershell
Key takeaways
• Gi thub repo :• h t t p : / / b i t . l y / c h e f c o n f _ d s c
• dsc_resource and dsc_scr ip t resources • Azure che f ex tens ion , vmagent • Chef Communi t y channe ls
• h t t p s : / / s u p e r m a r k e t . c h e f . i o/
• Powershe l l communi t y :• h t t p : / / w w w. p o w e r s h e l l . o r g
• STEVEN MURAWSKI - @StevenMurawsk i• DAMIEN CARO - @dcaro
• Bookmark fo r more in fo rmat ion on M ic roso f t and DevOps : h t tp : / /aka .ms/devops
• DevOps resources fo r Prac t i t i oners : h t tp : / /aka .ms/devopsmva• Key sess ions to a t tend @ Chef
DevOps Resources
Date Title Speaker(s)
Wed @ 1:30-2:10p Microsoft Presents: Chef in Action on Azure Eugene Chigirinskiy; Kundana Palagiri
Thurs @ 1:15-1:55p PowerShell from the Ground Up Jeffery Snover
Thurs @ 1:15-1:55p Automate what you can, document what you can’t and have the wisdom to know the difference
Jessica DeVita
Thurs @ 2:10-2:5o Windows PowerShell Desired State Config (DSC) for Veteran Chefs
Damien Caro; Steven Murawski
