building and managing your virtual datacenter using powershell dsc - florin loghiade
TRANSCRIPT
@ITCAMPRO #ITCAMP16Community Conference for IT Professionals
Building and Managing your Virtual
Datacenter using PowerShell DSC
Florin Loghiade
Cloud & DevOps Engineer
Avaelgo
Blog: florinloghiade.ro
Twitter: @florinloghiade
@ITCAMPRO #ITCAMP16Community Conference for IT Professionals
Many thanks to our sponsors & partners!
GOLD
SILVER
PARTNERS
PLATINUM
POWERED BY
@ITCAMPRO #ITCAMP16Community Conference for IT Professionals
• What is PowerShell DSC (Desired State
Configuration)?
–Deployment Models
–Configurations
–Resources
• PowerShell DSC Scenarios
Agenda
@ITCAMPRO #ITCAMP16Community Conference for IT Professionals
WHAT IS POWERSHELL DSC?
@ITCAMPRO #ITCAMP16Community Conference for IT Professionals
• Configuration management platform
• Cross-Platform
• Standards based (Distributed Management Task
Force)
• Allows “continuous deployment” and prevents
“configuration drift”
• Uses language extensions and providers to enable
declarative and idempotent deployments
What is PowerShell DSC?
@ITCAMPRO #ITCAMP16Community Conference for IT Professionals
DSC vs. GPO
Feature Group Policy DSC
Configuration stored in GPO file Configuration script / MOF file
Target nodes by means of AD links to OUs, sites, etc. Configuration specifies node names
Configuration implemented by Client-side OS components Client-side shell scripts (resources)
Extensible by means of Complex native programming Windows PowerShell scripts
Primary configuration target Windows registryAnything Windows PowerShell can “touch”
Persistence Settings reapply each time Settings are persistent
Number of configurations per node As many GPOs as you want to link One or More (Partial Configurations)
Source: Channel 9
@ITCAMPRO #ITCAMP16Community Conference for IT Professionals
Traditional Scripts vs DSC
DSC ConfigurationsIntent
DSC ResourcesTechnology Specific
DSC Engine
Dependency ResolutionLogging & Error Handling
Reboot ResiliencyRepeatable Automation
Traditional Scripts
@ITCAMPRO #ITCAMP16Community Conference for IT Professionals
Easy to write and easy to deploy
Intent EnvironmentConfiguration(Dev -> Test -> Production)
$WebConfigEnv = @{ComputerName = $VMServerNamesName = “FourthCoffee”
} …
StructuralConfiguration
WindowsFeature IIS {Name = "Web-Server"Ensure = "Present"
}…
Make It So IdempotentAutomation
foreach -parallel ($featureName in $Name){
$feature = Get-WindowsFeature -Name $featureNameif(($Ensure -eq "Present") -and (!$feature.Installed)){
Install-WindowsFeature -Name $featureName}….
}…
Source: Channel 9
@ITCAMPRO #ITCAMP16Community Conference for IT Professionals
Push• Manual Process. DSC Resources have to be copied to the nodes
• Use Start-DscConfiguration to copy the MOF to the nodes and tell them to
make it so.
Pull• Use Push to enroll nodes, configuring them to query a Pull Server. The nodes
then check the pull server every 30 minutes for configuration changes.
• DSC Resources must be zipped and placed on the Pull Server
• Every generated MOF file has to be accompanied by a checksum file and both
need to be placed on the Pull server.
Two Deployment Modes
@ITCAMPRO #ITCAMP16Community Conference for IT Professionals
Push Model
Configuration Staging Area
(Contains DSC data)
Authoring Phase(May include imperative as well as declarative code)
Staging Phase- Fully declarative configuration
representation using DMTF standard MOF instances
- Configuration is calculated for all nodes
“Make it So” Phase(Declarative configuration is reified through imperative providers.)
Parser and Dispatcher
Imperative Providers
Providers implement changes:• Monotonic• Imperative• Idempotent
Local Configuration
Store
3rd party languages and
tools
PowerShell V(n)
Visual Studio Code
Source: Channel 9
@ITCAMPRO #ITCAMP16Community Conference for IT Professionals
Pull Model
Pull Server(Contains DSC data and
Modules)
Authoring Phase(May include imperative as well as declarative code)
Staging Phase- Fully declarative configuration
representation using DMTF standard MOF instances
- Configuration is calculated for all nodes
“Make it So” Phase(Declarative configuration is reified through imperative providers.)
Parser and Dispatcher
Imperative Providers
Providers implement changes:• Monotonic• Imperative• Idempotent
Local Configuration
Store
3rd party languages and
tools
PowerShell V(n)
Visual Studio Code
Source: Channel 9
@ITCAMPRO #ITCAMP16Community Conference for IT Professionals
Core DSC Resources
Resource DescriptionArchive Resource Unpacks archive (.zip) files at specific paths on target nodes.
Environment Resource Manages system environment variables on target nodes.
File Resource Manages files and directories on target nodes.
Group Resource Manages local groups on target nodes.
Log Resource Logs configuration messages
Package ResourceInstalls and manages packages, such as Windows Installer (.msi) and setup.exe packages on target nodes.
WindowsProcess Resource Configures Windows processes on target nodes.
Registry Resource Manages registry keys and values on target nodes.
WindowsFeature Resource Adds or removes Windows features and roles on target nodes.
Script Resource Runs Windows PowerShell script blocks on target nodes.
Service Resource Manages services on target nodes.
User Resource Manages local user accounts on target nodes.
@ITCAMPRO #ITCAMP16Community Conference for IT Professionals
xDSC Resources
Resource DescriptionxSmbShare Allows configuration of a SMB Share
xADDomain Allows configuration or deployment of Active Directory components
xWindowsUpdates Handles the installation of a Windows Update from a given path
xNetworking Allows configuration of network adapters, firewall rules and more
xSQLServer Allows configuration or deployment of SQL Server
xFailoverCluster Allows configuration or deployment of Failover Clusters
xHyper-V Allows configuration or deployment of Hyper-V
xWebAdministration Allows configuration of IIS websites, application pools etc.
• Marked as eXperimental, these resources are in continuous development and should be considered as beta resources.
• There are over 500 resources online and open sourced on GitHub: https://github.com/PowerShell/DscResources/tree/master/xDscResources
@ITCAMPRO #ITCAMP16Community Conference for IT Professionals
DSC Resources for Linux
Provider Description
nxArchive Unpacks .tar or .zip archives at a specific path
nxFile Allows management of files and directories
nxFileLine Provides a mechanism to manages lines within a configuration file
nxPackage Allows management of packages (.rpm, .deb, yum, zipper, apt)
nxUser Allows management of users
nxGroup Allows management of groups
nxScript Provides a mechanism to run .sh / .bash scripts
nxService Allows management of services (init, upstart, systemd)
nxEnvironment Allows management of environment variables
nxSSHAuthorizedKeys Allows management of SSH keys
• Yes you read right. DSC can be used on Linux machines.• Can be installed using native packages (rpm/deb)• At this time there are about 10 built-in DSC Resources• Supports Push/Pull deployment models
@ITCAMPRO #ITCAMP16Community Conference for IT Professionals
Configuration StopService
{
Import-DscResource -ModuleName PSDesiredStateConfiguration
Service BITS
{
Name = 'BITS'
State = 'Stopped'
StartupType = 'Disabled'
Ensure = 'Absent' #This deletes the service
}
}
What do configurations look like (Windows)
@ITCAMPRO #ITCAMP16Community Conference for IT Professionals
Configuration InstallApache
{
Import-DSCResource -Module nx
node <insert linux server ip/hostname here>
{
nxPackage Apache
{
PackageManager = 'Yum'
Ensure = 'Present'
Name = 'httpd'
}
}
}
What do configurations look like (Linux)
@ITCAMPRO #ITCAMP16Community Conference for IT Professionals
DEMO
@ITCAMPRO #ITCAMP16Community Conference for IT Professionals
POWERSHELL DSC SCENARIOS
@ITCAMPRO #ITCAMP16Community Conference for IT Professionals
• You can deploy “bare” VMs and have DSC configure them based on
a role (Web Server, SQL Server, AD Domain Controller, Cluster etc.)
– No more gold images
• You can keep production servers in check
– You can be sure that everything that you configured via DSC will stay that
way even if somebody tampers with the configuration
• Create multiple identical environments with ease.
– Dev, QA, Staging, Production
• You can use DSC with your release management tools.
– VSTS, TFS, TeamCity etc.
PowerShell DSC Scenarios #1
@ITCAMPRO #ITCAMP16Community Conference for IT Professionals
• Azure offers a service named Azure Automation that
besides running native PowerShell Code it also is a
DSC Pull Server.
• You can use Azure Automation DSC to manage all
your cloud environments, including your on-premise
servers.
• Can be used as is or as a compliance server / module
repository
PowerShell DSC in Azure
@ITCAMPRO #ITCAMP16Community Conference for IT Professionals
• Management platform in Windows PowerShell
• Allows you to:
–Enable / Disable server roles and features
–Manage registry settings
–Manage files and directories
–Deploy new software
–Prevent configuration drift
–And many more
DSC Overview
@ITCAMPRO #ITCAMP16Community Conference for IT Professionals
Q & A