puppetconf 2016: building nano server images with puppet and dsc – michael smith, puppet
TRANSCRIPT
Nano Server Puppet + DSC Michael Smith, Developer @ Puppet
Nano Server: Puppet + DSC 2
What is Nano Server?
Why would we use it?
Limitations
How to start
How does Puppet fit in
Nano Server: Puppet + DSC 3
What is Nano Server?
Nano Server: Puppet + DSC 4
Nano Server: Puppet + DSC 5
A lightweight Windows Server
Source: http://windowsitpro.com/windows-server-2016/install-options-windows-server-2016
Nano Server: Puppet + DSC 6
A much faster virtual server
Source: http://www.techradar.com/news/software/operating-systems/why-nano-server-is-the-most-vital-change-to-windows-server-since-windows-nt-3-5-1295803
Nano Server: Puppet + DSC 7
Why Do I Care?
8
Nano Server: Puppet + DSC 9
Limitations
Nano Server: Puppet + DSC
No GUI, just PowerShell/cmd
64-bit only
No MSI, new Windows Server Apps (WSA)
Minimal configuration (no ADSI, no Group Policy)
.Net CoreCLR
Deprecated functions removed - https://goo.gl/48IZV6
Limited PowerShell support
10
Nano Server: Puppet + DSC 11
Getting Nano Server
Nano Server: Puppet + DSC 12
Hyper-V: Command-Line https://goo.gl/RDOUwA
$password = ConvertTo-SecureString -AsPlaintext -Force 'vagrant'New-NanoServerImage \
-MediaPath 'E:\' \ -Edition 'Datacenter' \
-DeploymentType Guest \ -AdministratorPassword 'vagrant' \
-TargetPath 'C:\NanoVM.vhd' \ -MaxSize 8589934592 \
-SetupUI ('NanoServer.Containers', 'NanoServer.DSC') \ -SetupCompleteCommand ('tzutil.exe /s "Pacific Standard Time"') \
-LogPath 'C:\Temp\NanoServerImageBuilder\Logs\2016-10-16 12-29'
Nano Server: Puppet + DSC 14
Server Feature Packages
Nano Server: Puppet + DSC 15
Configuration SimpleVM { param ( [string[]]$NodeName = 'localhost', [string]$VhdPath ) Import-DscResource -ModuleName xHyper-V Node $NodeName { xVMSwitch internal { Ensure = 'Present' Name = 'internal' Type = 'Internal' }
xVMHyperV SimpleVM { Ensure = 'Present' Name = 'SimpleVM' VhdPath = $VhdPath SwitchName = 'internal' State = 'Running' Generation = 1 StartupMemory = 512MB ProcessorCount = 1 DependsOn = '[xVMSwitch]internal' } }}SimpleVM -VhdPath 'C:/VM/NanoServerDataCenter.vhd'
Desired State Configuration (DSC)
Nano Server: Puppet + DSC 16
puppetlabs-dscdsc_xVMHyperV { 'SimpleVM': dsc_ensure => present, dsc_name => 'SimpleVM', dsc_vhdpath => 'C:/VM/NanoServerDataCenter.vhd', dsc_switchname => 'internal', dsc_state => 'running', dsc_generation => 1, dsc_startupmemory => 536870912, dsc_processorcount => 1, require => Dsc_XVMSwitch['internal'],}
dsc_xVMSwitch { 'internal': dsc_ensure => 'present', dsc_name => 'internal', dsc_type => 'Internal',}
Nano Server: Puppet + DSC 17
Demos GitHub:MikaelSmith/puppetconf2016
Nano Server: Puppet + DSC 18
Hyper-V Demo https://github.com/MikaelSmith/puppetconf2016#hyper-v-demo
Nano Server: Puppet + DSC 19
Hacks upon Hacks
https://github.com/PowerShell/xStorage/pull/60
https://tickets.puppetlabs.com/browse/MODULES-3690
https://tickets.puppetlabs.com/browse/MODULES-3831
Everything’s broken
… but getting fixed.
Nano Server: Puppet + DSC 20
Vagrant/Virtualbox
Enable-PSRemoting -ForceSet-Item wsman:\localhost\client\trustedhosts -Value localhost -Force$pw = ConvertTo-SecureString -asPlainText -Force "vagrant"$c = New-Object System.Management.Automation.PSCredential("vagrant", $pw)Enter-PSSession -ComputerName localhost -Port 55985 -Credential $c
Vagrant Boxes: https://goo.gl/RSGdHN
PowerShell Remoting
rwinrm [email protected]:55985
https://github.com/WinRb/WinRM
Demo: https://github.com/MikaelSmith/puppetconf2016#build-vagrant-box
Nano Server: Puppet + DSC 21
Vagrant Demo
Nano Server: Puppet + DSC 22
Docker https://goo.gl/Vp5CQB
Source: http://windowsitpro.com/windows-server-2016/differences-between-windows-containers-and-hyper-v-containers-windows-server-201
Nano Server: Puppet + DSC
FROM microsoft/nanoserver
SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop';"]
ENV NPM_CONFIG_LOGLEVEL info
ENV NODE_VERSION 4.6.1ENV NODE_SHA256 f576f2dacc4262202ae21f7d64ab9a01b7e551795848dfa39ef39a2cd63fa42c
RUN Invoke-WebRequest $('https://nodejs.org/dist/v{0}/node-v{0}-win-x64.zip' -f $env:NODE_VERSION) -OutFile 'node.zip' -UseBasicParsing ; \ [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\node.zip', 'C:\') ; \ Rename-Item -Path $('C:\node-v{0}-win-x64' -f $env:NODE_VERSION) -NewName 'C:\nodejs' ; \ New-Item $($env:APPDATA + '\npm') ; \
$env:PATH = 'C:\nodejs;{0}\npm;{1}' -f $env:APPDATA, $env:PATH ; \ Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\' -Name Path -Value $env:PATH ; \ Remove-Item -Path node.zip
CMD [ "node.exe" ]
23
Dockerfiles https://goo.gl/kcTctx
Source: https://github.com/StefanScherer/dockerfiles-windows/blob/e7a938a9e32fe89e6d5aa232054971ad91e98ac7/node/4.6/nano/Dockerfile
Base Node Container
Nano Server: Puppet + DSC 24
FROM node:4.6.1-nano RUN mkdir \app WORKDIR /app ONBUILD COPY package.json package.json ONBUILD RUN npm install ONBUILD COPY . .CMD [ "npm.cmd", "start" ]
Dockerfiles, Cont.
Source: https://github.com/StefanScherer/dockerfiles-windows/blob/e7a938a9e32fe89e6d5aa232054971ad91e98ac7/node/4.6/nano/onbuild/Dockerfile
FROM nano:4.6.1-nano-onbuild
Node Onbuild Template
Application Builder
Nano Server: Puppet + DSC 25
Docker Demo https://github.com/MikaelSmith/puppetconf2016#docker-demo
Nano Server: Puppet + DSC
https://github.com/MikaelSmith/puppet-agent/tree/nano-hacks
https://github.com/MikaelSmith/puppetconf2016#docker-demo
Track 5: Modern InfrastructureRunning Puppet Software in Docker Containers - Gareth Rushgrove
Kubernetes: Add Windows Containers Support
https://github.com/kubernetes/kubernetes/issues/22623
26
Containers
Nano Server: Puppet + DSC 27
Adding Puppet
Nano Server: Puppet + DSC 28
Things that work
Core Resources file, host, exec
Modules - puppetlabs-reboot- Puppetlabs-acl
Maybe - puppetlabs-powershell (after MODULES-3690, 3990)- puppetlabs-dsc (after MODULES-3831)
Nano Server: Puppet + DSC 29
Registry + DSCdsc_registry { 'enable long paths': dsc_ensure => present, dsc_key => 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Policies', dsc_valuename => 'LongPathsEnabled', dsc_valuedata => '1', Dsc_valuetype => 'DWORD',}
Source: http://winaero.com/blog/how-to-enable-ntfs-long-paths-in-windows-10/
Nano Server: Puppet + DSC
Core Resources - user (requires ADSI)- group (requires ADSI)- package (no appx support yet)- scheduled_task (requires mstask.dll)
Modules - puppet-iis (based on PowerShell WebAdministration)- many others
30
Things that don’t (yet)
Nano Server: Puppet + DSC 31
$username = 'vagrant'$password = 'vagrant'$groupname = 'puppet'
Users & Groups
exec { 'puppet group': command => "New-LocalGroup -Name ${groupname}", unless => "Get-LocalGroup -Name ${groupname}", provider => powershell,}
Nano Server: Puppet + DSC 32
exec { 'vagrant user in puppet group': command => "Add-LocalGroupMember -Group ${groupname} -Member ${username}", unless => "Get-LocalGroupMember -Group ${groupname} -Member ${username}", provider => powershell, require => [Exec['puppet group'], Exec['vagrant user']],}
Users & Groups, Cont.exec { 'vagrant user': command => "New-LocalUser -Name ${username} -Password \(ConvertTo-SecureString -AsPlainText \"${password}\" -Force)", unless => "Get-LocalUser -Name ${username}", provider => powershell,}
Nano Server: Puppet + DSC 33
Puppet Demo https://github.com/MikaelSmith/puppetconf2016#puppet-demo
Nano Server: Puppet + DSC 34
Packaging https://github.com/mikaelsmith/puppetconf2016#packaging-demo
Nano Server: Puppet + DSC 35
Debugging Problems https://github.com/mikaelsmith/puppetconf2016#debugging-problems-demo
Nano Server: Puppet + DSC
Ways to get started Hyper-V directly, Docker, Virtualbox/Vagrant
Tools to improve
PowerShell, DSC modules, Puppet modules, Puppet core resources, applications, Vagrant, Packer, etc.
36
Nano Server: Puppet + DSC 37
http://www.hurryupandwait.io/ https://cloudbase.it/
Nano Server: Puppet + DSC 38
Thanks! Questions?