What is PowerShell Desired State Configuration?
Enclosed within the Node braces are the things I want to configure on that server I just specified. Each resource specifies a name — ScriptCopy and ShutdownEventTracker — in my example above. And within each resource, I specify fields that are pre-defined in that resource provider .
- When a DSC configuration is no longer in the desired state, it is said to have drifted.
- The node does not respond or send anything to the machine sending the configuration.
- Windows PowerShell Desired State Configuration is a technology introduced in Windows PowerShell v4.0.
- The DSC configuration utilizes a set of shell scripts to determine whether or not the specified Docker components are configured on the target node.
- This gives us a dynamic and more versatile approach to DSC, so that it can be reused and easily modified.
Configuration drift is one of the major problems that many organizations are struggling with and trying to ensure the systems stay compliant with the security policies all the time. After all, the more the count of users, the higher the likelihood of the configuration changes. Using the Get-DscConfiguration command, you can get the value of the current DSC configuration settings. Before using the Push method, you need to configure the execution policy “Set-ExecutionPolicy RemoteSigned” and enable remote PowerShell using the “Enable-PSRemoting” command. In one configuration file, you can describe the state of one or more hosts.
Introducing Desired State Configuration ^
This article is going to talk about DSC and how to take the first steps, and it includes examples of how you can get started by applying it in small scale into production. Desired State Configuration automates many of the management functions of a server. The configuration is Xcellence-IT Junior ASP NET MVC Developer SmartRecruiters written in code and can become part of the source-controlled code of a server project. These components allow configuration, deployment and management of servers. Desired State Configuration is a Windows platform that automates many of the management functions of a server.
- The downside to this technique is the need for a different server to house the setup.
- Jamf is supporting zero trust with new features across its suite of Mac management software.
- This mode requires admins to set up a server to act as a central repository.
- In this case, the component we are setting up is ChocoPackage using the DSC Resource called cChoco.
- There are two methods you can use to execute MOF files on the remote nodes.
Additionally resources can be created and imported, thus making available community or bespoke DSC resources. Azure Automation Desired State Configuration functions as a centralized configuration management service within Microsoft Azure. One of the many benefits of Azure DSC is the ability to apply, monitor, and update configuration using a consistent process across your resources at scale. The Get-DscLocalConfigurationManager gets the local configuration, meta-data, and state of the node.
Running this script creates the MOF file we need in order to apply this configuration to our other server. Windows PowerShell Desired State Configuration is a technology introduced in Windows PowerShell v4.0. DSC sets out to save the IT professional time by essentially building scripts ahead of time.
These scripts build configurations on machines and enable us to simply “make it so”—rather than worrying about banging out tons of code on our own. DSC is a technology that enables us to not only save time, by leveraging pre-built functionality, but it also includes the capability to keep configurations the way we want them. DSC provides a set of PowerShell language extensions, cmdlets and a process called declarative scripting.
In order to create a DSC configuration, the keyword ‘Configuration’ is used within PowerShell to start a script. PowerShell is a command line shell and scripting https://forexaggregator.com/ language used to manage Windows Server 2016 machines. Because it is written as code that is run, finding out the particular settings of a server is simple.
Register Non-Azure VM as a Node in Automation Account
As you discussed that, we need to define the steps in the declarative formation; we’ll refer to the code snippet below as an example for now. Also, refer How to change the underline color in CSS to the diagram below to get a visual representation of the DSC application workflow. Module, a Windows host must have PowerShell v5.0 or newer installed.
- The following configuration function installs the apache2 package and starts the apache2 service.
- In one configuration file, you can describe the state of one or more hosts.
- CodeLens support was added in version 1.3.0 of the PowerShell extension, read thePowerShell extension changelog for more information.
- To do this, create another configuration on your pull server.
- When run from the pull server, this script connects to our server node, essentially telling the node where to look for its configuration and that it’s ok to use HTTP for the communication.
It is important to note that DSC can only detect changes that it has been told to care about. Using our example, if someone had installed the Web-Ftp-Server Windows Feature, our DSC PowerShell script would not report anything. However, if someone had removed Web-Default-Doc, DSC would report that the feature was no longer in the desired state. When a DSC configuration is no longer in the desired state, it is said to have drifted.
How to get started using PowerShell DSC?
Pester is a framework for running unit tests to execute and Windows PowerShell 5.1 comes withPester 3.40 pre-installed. To update Pester or to install the latest version on other platforms follow the Pester installation instructions. The PowerShell extension includes PSScriptAnalyzer by default, and automatically performs analysis on PowerShell script files you edit in VS Code. The PowerShell extension uses the built-in debugging interface of VS Code to allow for debugging of PowerShell scripts and modules. For more information about debugging PowerShell, seeUsing VS Code.
To push the MOF file to execute on the remote nodes, we need to use the command StartDSCConfiguration provided by the path of the MOF files. When this command runs, remote nodes immediately start applying the configuration. The disadvantage of this method is if the server is offline, it can’t push the configuration later.
The node does not respond or send anything to the machine sending the configuration. Configurations are the PowerShell scripts that define and configure resources. This means that the system doesn’t just issue the instruction, rather it ensures that it happens. When managing many servers, configuring those servers can take a lot of time.
So we can see that the configuration has been sent to the remote node and it is completed. To run the configuration for this node, we need to run the Start-DscConfiguration command and need to provide the path where this configuration is stored as shown below. It won’t return anything but will store the code in memory. Here the destination server is Win2k16, You can pass the multiple nodes in an array or loop as well. These are the built-in resources, you can check the DSC community page for more information about other resources and repositories.
For example, Post servers configuration we need the Server to be joined in a specific domain, create one local user, and install the IIS features on the server. Using DSC we just need to declare all the items using DSC resources while using the script we need to write the code how it can be done. The next screen you will be presented with will allow you to select the PowerShell Desired State Configuration files to deploy to your on-premises server. The configuration file you upload here has to be a zip file.
Since we are using Azure Automation Account as the pull server, you’d need to deploy an automation account to onboard the nodes and process the configuration files. Use the following steps to create a new automation account using Azure Portal or PowerShell. The simpler of the two methods is the push method, which is sometimes referred to as push mode. In this mode, a configuration file is created and then pushed to target nodes on the network. The LCM itself, which is the “Make-it-so Engine” on the target nodes, can be configured using, what else, a Configuration document. There is a special Resource I didn’t mention above, called DesiredSatateConfigurationSettings that allows you to push changes to the default LCM behavior on target nodes.
PowerShell DSC High-Level View
So, if you want to use it, you need a version 4.0 or above of PowerShell. This blog post tutorial gives you some basic information on how to get started using PowerShell DSC as well as how to detect and optionally automatically correct drift. For an example of the mentioned hybrid approach, refer to this post in the series, where we configure PowerShell DSC to deploy like an application.