dsc deployments

8/12/2019 DSC Deployments

1/15

DSC deploymentsSachin, Praneeth, Pavan & Saranath


2/15

What is DSC?

Declarative artifactMake it so, define what you want the final state to be

PS based extensible provider model to support custom providers and platformproviders

It provides Language extensions,

Cmdlets to manage configuration,

Built-in resources

Ships the agent with server OS. Declarative syntax

Can parameterize the configuration

Uses powershell remoting

For each node in configuration you get a MOF file generated.


3/15

Overall DSC Workflow

MOFs(Extensible to

otherformats like JSON/XML

etc)

(Contains only DSC data)

3rdparty languages

and tools

Authoring Phase

(May include imperative as well

as declarative code)

Staging Phase

(Fully declarative configuration

representation using DMTF standard

MOF instances)

PS V1, V2, V3

PS V4***

Application Phase

(Declarative configuration

imperative providers.)

Agent of

Consistency

Impe

Prov

Impe

Prov***On top of PSV3 imperative

features, PSV4 adds:

Declarative syntax extensions

Schema-driven Intellisense

Schema validation (early-

bound)

Providers implement chan

Monotonic

Imperative

Idempotent


4/15

Push and Pull Models

Binaries

+ MOF

DSC

N1

N3

PUSHAdhoc operations

Source Code

+ PS DSC

Binaries

+ MOF

DSC

N1

N3

PULLGets to cloud Scale

Pull Server

Source Code

+ PS DSC

WSMan pushes config to Managed Node,

Binary packages are always pulled.

Supports both SMB & Http.


5/15

Generation

Developer Model

PS DSC

Script

Source

DSC

Resource

Module

PowerShell V4MOF

Generated Configuration

Documents (MOF)

PowerShell Language extensions

compile PowerShell DSC

source + resource modules to produce

per node configuration documents.

Developer authors a

PowerShell scriptusing DSC language

extensions in ISE or

VS.

DSC

ResourceModule

DSC

ResourceModules

Managed

NodesManage

NodesManag

NodeMana

Nod

M

coth

ta


6/15

Same Config multiple environments

PS DSC source

Dev Environment

Dev EnvironmentTest Environment

Dev EnvironmentDev EnvironmentDev Environment

Production

Environment


7/15

DSC AUTHORING - DEMO


8/15

DSC In-box Providers

1. Archive - to unpack archive (.zip) files at a specific path.

2. Environment - to manage system environment variables.3. File - to manage files and folders on the target node.

4. Group - to manage local groups on the target node.

5. Package - to install or uninstall packages, such as Windows Installer and setu

6. Process - a mechanism to configure processes on a target node.

7. Registry - to manage registry keys and values on a target node.

8. Role - provides a mechanism to ensure that roles and features are added orremoved

9. Script - a mechanism to run Windows PowerShell script blocks on target nod

10. Service - provides a mechanism to manage services on the target node.

11. Logsends logs to windows event log.

12. User - to manage local user accounts on the target node.


9/15


10/15

Implementing customDSC Providers

Resource definition fileschema.mof

Resource implementation file

.psm1

Get-TargetResource: Get-TargetResource is used to get the status of the enby the resource.

Test-TargetResource: Test-TargetResource is used to determine whether thmodeled by resource is in a desired state or not.

Set-TargetResource: Set-TargetResource is used to verify that the entity moresource is in a desired state. If the entity modeled by the resource is not instate, then the functionality of Set-TargetResource is responsible for puttingin the desired state.

Deployment of DSC resource: x-copy deployed


11/15

Configuration Delivery

Default delivery mechanism (Can be changed in LCM to Pull)

PS C:\> $Session = New-CimSessionComputerName "Server01"Credentia

FAREAST\pryenugu PS C:\> Start-DscConfiguration -Path "C:\DSC\Configurations\" -CimSession $

Test-DscConfiguration

Get-DscConfiguration


12/15

Agent Components Local Configuration Manager (LCM)

Primary push interface

Manages local config store

Local Config store

Holds the configuration documents

Pending, Current, Previous1, Previous2,

Currently stored as files under $ENV:SystemRoot\System32\Configurati

Consistency engine Processes the configuration document and calls the providers

Loads modules from pull server if needed

Provider Modules

Downloaded provider modules are placed in:

$ENV:CommonProgramFiles \WindowsPowerShell\Modu


13/15

Local Configuration Manager

Customizes how the DSC Engine operates in the target deployment node.

Configuration LocalConfigurationManager {

param($ComputerName)

Node $ComputerName

{

LocalConfigurationManager

{

ConfigurationMode="ApplyandAutoCorrect"

ConfigurationModeFrequencyMins =30

RebootNodeIfNeeded = $True

RefreshFrequencyMins = 15

RefreshMode = "Pull"

}

}

}


14/15

Supported Platforms

DSC Ships in the box with Windows 8.1, Windows Server 2012r2

DSC will be a part of Windows Management Framework (WMF) WMF ships as an optional update

WMF goes downlevel to WS 2012, WS2008R2, Win7 and Win8


15/15

Asks for DSC (aka gaps)

Synchronization/Orchestration across multi-machine deployments

Collection of detailed logs on deployment

Multiple mofs per node

Combined CSM and DSC model

Rich provider support

Requirement Feature

I can deploy PS scripts to an y tier easily using CSM+DSC OS DSC Provider & related CSM resource extension

I can Understand status including completion across multi-tier environment in pull mode. Agent nodes to report status

I can deploy to transient environments without explicit agent registration to server Bootstrap environments to listen to a pull server on the fly

I can publish new configurations/modules to pull server over HTTP from TFS A simple upload mechanism to pull server

I can reliably deploy using Pull deployment model Stability issues/Tenets/Perf/Stress etc should be handled

I can install multiple applications in th e same environments Multiple MOFs per node [Merging/etc]

I can deploy easily to the data tier using CSM+DSC SQL DSC Provider & related CSM resource extension

I can deploy easily to the web tier using CSM+DSC IIS DSC Provider & related CSM resource extension

I can control access to the push server Fine grained access control around push

I can move files over WAN more rapidly More efficient DSC fileprovider to handle file syncs across WAN like rsync

I can secure secrets used in my deployment configurations Crypto store for secrets

I can easily diagnose failures in pull model. Fetch agent logs in Pull server & Consistent Interface for logging in provid

I can deploy applications "instantaneously" in pull model. Poke to Pull.

I can install, find & update PS modules in various artifact galleries. Install/Find/Update Module

I can control node level access to the pull server Basic access control around which nodes can pull

I can compose multiple modules to build my master deployment script Class based composition

I can consume modules from feeds and install them for my use Module as Feed [like Nuget package]

,