Wilson Mar bio photo

Wilson Mar

Hello!

Calendar YouTube Github

LinkedIn

Let PowerShell make it right and keep it right

US (English)   Norsk (Norwegian)   Español (Spanish)   Français (French)   Deutsch (German)   Italiano   Português   Estonian   اَلْعَرَبِيَّةُ (Egypt Arabic)   Napali   中文 (简体) Chinese (Simplified)   日本語 Japanese   한국어 Korean

Overview

This article describes the use of Windows PowerShell Desired State Configuration (DSC).

VIDEO

DSC (Desired State Configuration) is a PowerShell management platform that uses Configuration as code (CaC) declarations, in GitHub.

On every target node, the process running in the background to parse and “enact” configurations sent to the node is the LCM (Local Configuration Manager).

  • https://docs.microsoft.com/en-us/powershell/dsc/metaconfig
  • https://docs.microsoft.com/en-us/powershell/dsc/metaconfig4
  • https://msdn.microsoft.com/en-us/powershell/dsc
  • http://blogs.msdn.com/b/powershell

    and https://github.com/PowerShell/DscResources are no longer the Central repository for PowerShell DSC resources maintained within Microsoft.

From the PowerShell and DSC Team YouTube channel:

This 51-minute series of demos was published Aug 18, 2016, the same day

This article notes Desired State Configuration for Linux and the promise of SSH support arrived in 2014 (several months before Microsoft open sourced .NET and brought .NET Core to Linux). But “you had to author your scripts on the Windows platform, you had to configure things on the Windows platform and then deliver the desired configuration to a Linux box and have it be configured; now you can do all of that on Linux.”

PowerShell Commands

PROTIP: A PowerShell DSC configuration file is a PowerShell script, and thus has a .ps1 file suffix and runs within the PowerShell command-line shell. DSC was introduced with PowerShell 4.0.

  1. On MacOS, if you don’t have PowerShell already, perform my steps to install PowerShell on MacOS

  2. List PowerShell functions for DSC:

    Get-command -Noun dsc*

    The response:

    CommandType     Name                                               Version    Source
    -----------     ----                                               -------    ------
    Function        Find-DSCResource                                   2.2.5      PowerShellGet
    Function        Get-DscResource                                    2.0.5      PSDesiredStateConfiguration
    Function        Invoke-DscResource                                 2.0.5      PSDesiredStateConfiguration
    Function        New-DscChecksum                                    2.0.5      PSDesiredStateConfiguration
    
  3. Get resources for DSC:

    Get-DscResource

    The response:

    MethodInvocationException: /usr/local/microsoft/powershell/7/Modules/PSDesiredStateConfiguration/PSDesiredStateConfiguration.psm1:3927                                                      
    Line |                                                                                                                                                                                      
    3927 |          [Microsoft.PowerShell.DesiredStateConfiguration.Internal.DscC …                                                                                                             
      |          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                                                                                                               
      | Exception calling "LoadDefaultCimKeywords" with "2" argument(s): "Unable to load shared library 'libmi' or one of its dependencies. In order to help diagnose loading                
      | problems, consider setting the DYLD_PRINT_LIBRARIES environment variable: dlopen(liblibmi, 1): image not found"  
    

Sample DSC scripts

DSC resources can be obtained from several places:

From GitHub

  1. The community has

    https://github.com/PowerShellOrg

    NOTE: https://github.com/PowerShell/SharePointDsc PowerShell module provides DSC resources that can be used to deploy and manage a SharePoint farm.

  2. Use an internew browser (Chrome) to my sample PowerShell DSC scripts at:

    https://github.com/wilsonmar/powershell-dsc

  3. Create a GitHub account for yourself if you haven’t already.
  4. Click the Fork button to make it yours, since you will be making changes.

  5. Install a Git client.
  6. Open a Terminal command terminal.
  7. Navigate or create a subject container folder where repos are created, such as:

    mkdir ~/git/DevSecOps/

  8. Get my sample PowerShell scripts onto your laptop (substituting “wilsonmar” with your own account name):

    git clone https://github.com/wilsonmar/powershell-dsc && powershell-dsc

    The above is one line, but may be word-wrapped on your screen.

  9. Use a text editor to view file HelloConfig1.

    But a PowerShell DSC configuration has a block that uses the PowerShell keyword Configuration followed by the name of the configuration.

Configuration HelloConfig1 {

    param(
        [string[]]$ComputerName="localhost"
    )
    Node $ComputerName {
        Group GroupExample {
            Ensure = "Present"
            GroupName = "TestGroup"
        }
        User UserExample {
            Ensure = "Present"
            UserName = "TestUser"
            FullName = "TestUser"
            DependsOn = "[Group]GroupExample"
        }
    }
}
   

Each target computer defined by a DSC script is called a node. The name of the node (a computer instance) is passed into the script using the $ComputerName parameter supplied when compiling the configuraton. The name defaults to “localhost” if not supplied.

When the name of the script (without the .ps1 suffix) is specified within PowerShell, that script is compiled into a MOF document for each node

within a folder created in the current directory with the same name as the configuration. For example:

### Compile to MOF

  1. Compile the script into an MOF document for each node within a folder created in the current directory with the same name as the configuration:

    ./HelloConfig1 TEST-PC1

The response for the default user (replace your user name here):

    Directory: C:\users\default\Documents\DSC Configurations\MyDscConfiguration
Mode                LastWriteTime         Length Name 
----                -------------         ------ ---- 
-a----       10/23/2017   1:32 PM           2842 TEST-PC1.mof
   

“MOF” is an acornym for “Management Object Format” used in Windows operating systems. It has syntax based on Microsoft Visual C++.
MOF files often have a partner DLL (dynamic link library) file that stores data needed for retrieval in the MOF file.

CAUTION: The MOF file contains all of the configuration information for the target node. Because of this, it’s important to keep it secure.

### Enact

The MOF file for each node defined in the Configuration is what are “enacted”.

Noramlly, DSC applies the resources in the order that they appear within the configuration. That’s unless DependesOn is specified.

### Push vs. Pull

DSC can deliver configurations in either push and pull.

The push method is delivered from a server to a computer thus the “pushing” instructions. This method is generally only used for testing or one-off applications uncommon in a production environment. See https://github.com/PowerShellOrg/shove

The pull method is initiated from a client rather than the server.

See https://docs.microsoft.com/en-us/powershell/dsc/pullclientconfigid on Setting up a pull client using configuration ID

Open source on Linux and MacOS

From the PowerShell and DSC Team YouTube channel:

This 51-minute series of demos was published Aug 18, 2016.

This article notes Desired State Configuration for Linux and the promise of SSH support arrived in 2014 (several months before Microsoft open sourced .NET and brought .NET Core to Linux). But “you had to author your scripts on the Windows platform, you had to configure things on the Windows platform and then deliver the desired configuration to a Linux box and have it be configured; now you can do all of that on Linux.”

On August 18 2016, PowerShell became open-source at
https://github.com/PowerShell/PowerShell.

Join the conversation on Gitter

Noteworthy pages in the FAQ:

  • https://blogs.msdn.microsoft.com/kebab/2013/06/09/an-introduction-to-error-handling-in-powershell/
  • http://ss64.com/ps/syntax.html
  • https://github.com/PoshCode/PowerShellPracticeAndStyle

Other IAC incorporating DSC

https://github.com/chef-boneyard/dsc was implemented into core Chef

https://github.com/puppetlabs/puppetlabs-dsc

Operation Validation Framework

https://github.com/PowerShell/Operation-Validation-Framework
runs

Get-Command -Module OperationValidation

It has two functions:

Get-OperationValidation to Retrieve operational tests from modules

Invoke-OperationValidation to run operational tests from modules

Additionally

http://kunaludapi.blogspot.in/2015/09/multiple-ways-to-install-software.html

Learning Resources

https://docs.microsoft.com/en-us/powershell/dsc/overview

https://docs.microsoft.com/en-us/powershell/dsc/quickstart

Ravikanth Chaganti (MVP) (of PowerShell Magazine and book PowerShell Desired State Configuration Revealed) notes that “Infrastructure as Code” requires:

  • Reusable automation
  • Source Control
  • Unit Testing
  • Continuous Deployment
  • Integration tests, which validate the desired state
  • Operations Validation, which validates the functionality at desired state!

Practical Desired State Configuration (DSC) [3:01] 10 Aug 2016 by Josh Duffney

How to search a string in multiple files and return the names of files in Powershell

http://www.tomsitpro.com/articles/how-to-integrate-ansible-dsc,1-3474.html 13 Jan 2017 when Ansible didn’t support DSC and required https://github.com/trondhindenes/Ansible-win_dsc by Trond Hindenes. That’s since been merged into Ansible Core.

More on DevOps

This is one of a series on DevOps:

  1. DevOps_2.0
  2. ci-cd (Continuous Integration and Continuous Delivery)
  3. User Stories for DevOps
  4. Enterprise Software)

  5. Git and GitHub vs File Archival
  6. Git Commands and Statuses
  7. Git Commit, Tag, Push
  8. Git Utilities
  9. Data Security GitHub
  10. GitHub API
  11. TFS vs. GitHub

  12. Choices for DevOps Technologies
  13. Pulumi Infrastructure as Code (IaC)
  14. Java DevOps Workflow
  15. Okta for SSO & MFA

  16. AWS DevOps (CodeCommit, CodePipeline, CodeDeploy)
  17. AWS server deployment options
  18. AWS Load Balancers

  19. Cloud services comparisons (across vendors)
  20. Cloud regions (across vendors)
  21. AWS Virtual Private Cloud

  22. Azure Cloud Onramp (Subscriptions, Portal GUI, CLI)
  23. Azure Certifications
  24. Azure Cloud

  25. Azure Cloud Powershell
  26. Bash Windows using Microsoft’s WSL (Windows Subsystem for Linux)
  27. Azure KSQL (Kusto Query Language) for Azure Monitor, etc.

  28. Azure Networking
  29. Azure Storage
  30. Azure Compute
  31. Azure Monitoring

  32. Digital Ocean
  33. Cloud Foundry

  34. Packer automation to build Vagrant images
  35. Terraform multi-cloud provisioning automation
  36. Hashicorp Vault and Consul to generate and hold secrets

  37. Powershell Ecosystem
  38. Powershell on MacOS
  39. Powershell Desired System Configuration

  40. Jenkins Server Setup
  41. Jenkins Plug-ins
  42. Jenkins Freestyle jobs
  43. Jenkins2 Pipeline jobs using Groovy code in Jenkinsfile

  44. Docker (Glossary, Ecosystem, Certification)
  45. Make Makefile for Docker
  46. Docker Setup and run Bash shell script
  47. Bash coding
  48. Docker Setup
  49. Dockerize apps
  50. Docker Registry

  51. Maven on MacOSX

  52. Ansible
  53. Kubernetes Operators
  54. OPA (Open Policy Agent) in Rego language

  55. MySQL Setup

  56. Threat Modeling
  57. SonarQube & SonarSource static code scan

  58. API Management Microsoft
  59. API Management Amazon

  60. Scenarios for load
  61. Chaos Engineering