Fulfilling Desires with PowerShell DSC: Introduction
- Fulfilling Desires with PowerShell DSC: Introduction
- Fulfilling Desires with PowerShell DSC: Starting with Configurations and resources
This is the intro part to a loose series of articles regarding PowerShell Desired state Configuration (DSC). The next parts will get released in the next weeks and then loosely after that
This whole thing got inspired by a very cool workshop at one of my favorite customers. We were looking into replacing Orchestrator runbooks setting default configurations for guest machines in a hosting environment. Every hosting customer needs some standard machines, like file servers, domain controllers, WSUS and so on.
In the first part of this series I want to give you a short overview of what DSC is. During the next parts I will focus on single areas, like pull server configuration, DSC concepts like configurations and resources. Most examples I found were targeting version 4 so I decided to focus on PowerShell 5.0 and newer during this series. Most examples should work in PowerShell 4 as well, but I cannot guarantee.
What is PowerShell Desired State Configuration
… and what it is not.
PowerShell Desired State Configuration is a very powerful mechanism to control the compliance of systems. By defining so called configurations, DSC controls the baseline. DSC can set and monitor the desired configuration according to these baselines, as well as even remediate any deviation from the desired state.
DSC on the first look seems to be just another configuration tool. But DSC is so much more. The Chef team came up with the quote “Treat servers like cattle not pets”, which in my eyes best describes the purpose of DSC.
With DSC we are looking at highly repetitive configurations, ideally applying them to hundreds or even thousands of servers. And all of this can be done with a minimum infrastructure.
As opposed to GPO or SCCM we do neither need databases or an Active Directory with trusts. Even with a pull server we only need a trusted certificate and access to the pull server through SSL. DSC can help us with achieving basic tasks like domain joining systems or copying files to all machines, as well as install complex distributed applications like multi tier web applications.
Oh, and did I mention, that DSC also works with Linux? Well it does as I’ll show in a later article!
Where is the cloud in this?
Azure and Azure Stack heavily rely on PowerShell DSC to configure IaaS machines. For example imagine a scale set with web server VMs that all should get the same configuration. To achieve this you create a general DSC configuration. This config than gets automatically pulled from Azure Automation upon scaling out the scale set and thus set the desired configuration on the new VM.
Details of this process will appear in one of the next articles.
The Lab Environment
Who would have guessed, but my lab is running on Azure. As mentioned above PowerShell DSC doesn’t require a highly sophisticated infrastructure like SCCM and no AD either. So the environment is rather simplistic:
In general the lab consists of 2 virtual machines in the same virtual network.
Some examples might require more VMs or some infrastructure, but I’ll try to keep it as simple as possible.
This was a very text heavy article, I promise the next ones will have a lot more code and some pics!