Skip to main content
main-content

Über dieses Buch

Use Windows PowerShell Desired State Configuration (DSC) to configure your infrastructure on-premises and in the cloud. In an environment where changes and deployments are happening all the time, DSC makes the necessary adjustments to the system so you don’t have to. Pro Desired State Configuration shows you how.

PowerShell Desired State Configuration (DSC) is a powerful configuration management platform that makes it easier than ever to perform configuration management of your infrastructure, whether on-premises or in the cloud. With Pro PowerShell Desired State Configuration, Ravikanth Chaganti revises and significantly expands his previous edition, bringing you a complete in-depth reference for applying this evolving technology in your day-to-day work.

What’s new in this edition?

Get up-to-date, in-depth guidance on DSC in the data centerUnderstand the central role that DSC plays in DevOps today

Understand how DSC can be integrated into build and release management toolsLearn to think and act like a developer when automating your configuration management, creating a testable, robust process that you can use again and again

Find out why and how DSC has an important role to play in public and private cloud deployments

Apply DSC in the cloud with Microsoft Azure or Amazon Web Services or Google Cloud Platform

Who This Book Is For

IT administrators, developers and DevOps engineers working in Windows-based data center environments. With a little prior PowerShell scripting experience, this book can be used as an in-depth reference to creating, customizing, and extending DSC in Windows. IT administrators with limited scripting experience will also find this book a useful overview of what DSC offers and how to use DSC resources to automate configuration management and deployment.

Inhaltsverzeichnis

Frontmatter

Getting Started with Windows PowerShell DSC

Frontmatter

Chapter 1. Introduction to Infrastructure as Code and PowerShell DSC

Abstract
In this era of cloud computing, communication and collaboration along with an agile way of delivering both infrastructure and software are critical. With the rise of the cloud infrastructure, starting with the Amazon Web Services announcement in 2006, there has been a constant effort to make the infrastructure dynamic and responsive to changes in business. The traditional methods of building and managing IT infrastructure do not help with web-scale infrastructures that are dynamic and work at a different scale than their traditional counterparts. Being an automation and efficiency fanatic, I always find an opportunity to evangelize DevOps practices. When we implement some of the DevOps practices in the context of infrastructure management, we call it Infrastructure as Code (IaC). In fact, IaC is an integral part of DevOps practices. Automation is certainly one of the most important enablers in DevOps practices and it makes Infrastructure as Code possible.
Ravikanth Chaganti

Chapter 2. Getting Started with DSC

Abstract
When learning any new technology, it is essential for the learner to understand the different components involved in making that technology functional. PowerShell DSC is no exception. This is how I learned and this book is a reflection of what I followed in an attempt to learn DSC in-depth. So, you’ll start your journey into the DSC world by first seeing a list of all the components that make up DSC and then exploring each one. This chapter won't dive into the components fully. You will get an overview of each component and how they glue together to make configuration management possible with PowerShell DSC. Once you have this foundation, the subsequent chapters dive into all of these components and show how they are used in the real world. If you don't understand everything that is explained in this chapter, it is fine. You will get the big picture once you read the subsequent chapters and you will be able to stitch things together easily. On that note, let's get started with DSC!
Ravikanth Chaganti

Chapter 3. The Local Configuration Manager

Abstract
The Local Configuration Manager (LCM) is the heart of configuration management in PowerShell DSC. The LCM is like an OS agent that receives the configuration document in the form of a MOF, enacts it, monitors that configuration for any drift, and finally, corrects the drift when configured to do so. As you go forward in this book, a good understanding of the LCM is a must to be able to troubleshoot issues that you may observe during a DSC enact or in overall configuration management. Being this important, the LCM certainly deserves a chapter of its own!
Ravikanth Chaganti

Chapter 4. Writing Configurations

Abstract
So far, you’ve examined the need for IaC, the role that PowerShell DSC plays in IaC, an overview of DSC architecture and features, and how the LCM (which is the core part of PowerShell DSC) makes it so. Armed with this knowledge, let’s go forward and start creating a few configurations to explore PowerShell DSC's declarative syntax. You will start with some very basic examples and make your way towards creating more complex and reusable configurations. You will write more advanced configurations that use secure credentials and configurations that can be transformed into composite resource modules in the next chapter.
Ravikanth Chaganti

Chapter 5. Writing Advanced DSC Configurations

Abstract
In the previous chapter, you learned the basics of configuration authoring and how to write reusable configurations by parameterizing the configuration documents. You used the DependsOn property in a configuration document to define dependencies between resource instances in a configuration. That was all very basic and but a good start.
Ravikanth Chaganti

Chapter 6. Writing Composite and Custom DSC Resource Modules

Abstract
I ended the previous chapter with a discussion about nested configurations and how they can be packaged as custom DSC resource modules, which are called composite resource modules. Also, in the last few chapters, you looked at how to use in-box and Microsoft- or community-developed custom DSC resource modules in your configuration documents. This collection of custom DSC resource modules available in the PowerShell gallery may or may not be sufficient for all your configuration management needs in your enterprise or IT organization. If not, you have to invest time and resources in writing your own custom DSC resource modules. There are many ways to write custom DSC resource modules. So, in this chapter, you will first look at the composite resource modules and then learn how to create your own custom DSC resource modules.
Ravikanth Chaganti

Chapter 7. Validating DSC Resources

Abstract
In Chapter 6, you learned how to author DSC resource modules. You also learned how to write MOF-based and class-based DSC resources. To learn these concepts, you created the HostsFile resource, used it in a configuration script, and enacted it. In this entire scenario, you assumed that it worked. It worked, of course, because the code in the examples was tested for basic functionality before putting it in the chapter.
Ravikanth Chaganti

Advanced DSC Concepts

Frontmatter

Chapter 8. Configuration Delivery Methods

Abstract
In Chapter 2, the DSC architecture and feature overview, you briefly looked at different configuration delivery methods in DSC. With WMF 5.0 and above, DSC supports push, pull, mixed, and disabled refresh modes. The RefreshMode property of the DSC LCM configuration takes only Push, Pull, and Disabled as the valid values. The mixed mode does not exist as a possible value and in reality can be used only with partial configurations. In this chapter, I will discuss a few more concepts around the push model and move towards the other configuration refresh modes.
Ravikanth Chaganti

Chapter 9. Reporting, Monitoring, and Correcting a Configuration

Abstract
In the configuration management processes, after the configuration is enacted, the most important step is to monitor the target systems for configuration drift and enact status for pull clients. IT and application administrators prefer quick fixes to the issues that arise in day-to-day operations. Over time in the life cycle of target systems and the applications running on those systems, there is a probability of a configuration drifting away from the original configuration. In an ideal world, all changes on the target system must go through the designated configuration management system. This helps prevent configuration drift. However, this is certainly not the case in many IT organizations. And, when a disaster strikes with a target system that has drifted away from the baseline configuration, it may take more than few hours to restore services offered to the end users.
Ravikanth Chaganti

Chapter 10. Partial Configurations

Abstract
One of the features introduced in WMF 5.0 is partial configurations. Chapter 2 featured a very brief overview of this feature. Partial configurations can help in an IT organization where multiple individuals are responsible for the configuration of the infrastructure. Partial configurations enable delegation of configuration management tasks and separation of the common configuration from node-specific configurations. By saying common configuration, I refer to the baseline configuration that applies to a subset of the nodes in an infrastructure. Each administrator responsible for his/her configuration can author and manage it independent of what other administrators author, thereby eliminating any human errors involved in updating a single configuration document.
Ravikanth Chaganti

Chapter 11. Cross-Node Synchronization

Abstract
In the previous chapter on partial configurations, you looked at the incremental approach to applying configuration fragments. With partial configurations, all fragments are limited to a single target node. But, what if you need to orchestrate dependencies between multiple resources across different nodes? For example, if you are building a failover cluster, you will have to wait for all participating nodes to first get the failover cluster feature installed and then proceed to creating the cluster and joining other nodes into the newly created cluster. With or without partial configurations, you can do this in an orchestrated manner using an orchestration script. The whole purpose of this orchestration script is to ensure that the target nodes come into a desired state with respect to all dependencies and then ensure that the cluster gets created. With partial configuration fragments, you can configure some resource instances that don’t have any internal or external dependencies independently and simultaneously while all other dependent configuration happens at the end in a serial manner. Once again, you can use an orchestration script that stitches all this together.
Ravikanth Chaganti

Chapter 12. Debugging DSC Resources

Abstract
In Chapter 7, you learned how to perform unit and integration tests of your custom DSC resources. Testing is a great way to ensure that the functionality that you intend to build is indeed available and not broken. You saw in Chapter 9 how DSC debug and analytics logs can help you retrieve more information about DSC operations. However, there may be bugs that get introduced because of an environmental configuration where the resource module is being used or could just be a test miss. In this case, you need to use the available debugging techniques to root-cause the bug and fix it. DSC as a platform offers a way to debug resource modules while the enact is in progress. In this chapter, you will learn how to debug DSC resource module issues. This is going to be a quick one but I really suggest that you practice the debugging technique that you will learn with not just the simple example in this chapter but with a module of your own too. Let's get started.
Ravikanth Chaganti

Chapter 13. Security in DSC

Abstract
In Chapter 5, you learned how to secure credentials or other sensitive data such as API keys in a DSC configuration document. This ensures that passwords and other sensitive strings are encrypted in the compiled configuration MOF to anyone reading it. You also saw, as a part of the configuration life cycle in Chapter 3, that once the enact completes successfully, the enacted configuration gets stored as current.mof in the C:\Windows\System32\Configuration folder. In this chapter, you will learn how DSC secures the MOF documents at rest in the local configuration store and how you can ensure that the LCM enacts only trusted configurations and uses only trusted resource modules.
Ravikanth Chaganti

DSC and the Release Pipeline

Frontmatter

Chapter 14. DSC and the Release Pipeline

Abstract
You started your learning in Chapter 1 by looking at Infrastructure as Code and how it enables continuous integration and delivery for any DSC resource modules you author and the node configurations you prepare for compiling and enacting. However, you have not seen a practical implementation of this yet. In Chapter 6, you learned how to author your own DSC resource modules and looked at validating these resource scripts in Chapter 7. You learned how to publish the module to a private PowerShell repository hosted on an SMB share as well. It was all manual. But, with the help of a release pipeline implementation, this entire process can be automated from source control to a private repository. In this chapter, you will explore one such implementation using a few community PowerShell modules that enable a build-to-release pipeline implementation. Let’s get started.
Ravikanth Chaganti

Chapter 15. DSC with AppVeyor CI

Abstract
In Chapter 14, you implemented a release pipeline for DSC resource modules using open source tooling and libraries. However, as you saw towards the end, building a complete automated pipeline involves tinkering with Git hooks. Also, there was no reporting around the build success or failure, or any historical reporting for the builds. This is where more evolved tools such as AppVeyor, among many others, can help. In this chapter, you will implement a release pipeline, similar to what you saw in Chapter 14, with AppVeyor.
Ravikanth Chaganti

DSC Platform, Cloud, and Containers

Frontmatter

Chapter 16. DSC as a Platform

Abstract
Windows PowerShell DSC is a platform rather than just a set of tools to perform configuration management. In Chapter 3, you saw how DSC is implemented as a set of WMI providers. You know that DSC uses the CIM standard data representation for node configurations and uses WS-MAN as a standard transport for sending the configurations to the target nodes. This architecture is what makes DSC a platform. The cmdlets in the PSDesiredStateConfiguration module are a way to use the interfaces provided in the DSC platform. The declarative syntax that is enabled using the Configuration command and keywords such as Node is available to make it easy to author a configuration document and compile the MOF file that the WMI providers understand. In this chapter, you will explore the platform aspect of Windows PowerShell DSC and see how to perform the DSC operations without the need for any cmdlets in the PSDesiredStateConfiguration module.
Ravikanth Chaganti

Chapter 17. Microsoft Azure and DSC

Abstract
Microsoft Azure offers different loud service models such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) among many others. With the release of Microsoft Azure Stack (MAS), many of these services can now be extended into the on-premises infrastructure in a hybrid cloud deployment model as well. As a part of the IaaS offerings, the virtual machines created in the Azure cloud can be configured using PowerShell DSC in a few different ways. For the IaaS VMs on Azure, you can use the Azure VM DSC extension handler to enact configurations in the VM. Another approach that internally uses the DSC extension handler is provided by an Azure service called the Azure Automation DSC (AA DSC) service. In this chapter, you will explore how Azure IaaS virtual machines can be configured using the DSC extension handler and how the AA DSC service can be used to manage both Azure IaaS VMs and the systems on-premises.
Ravikanth Chaganti

Chapter 18. DSC and Google Cloud Platform

Abstract
Google Cloud Platform (GCP) is yet another but very important player in the Infrastructure as a Service (IaaS) public cloud space. As a part of Google Compute Engine (GCE), GCP offers a wide range of IaaS VM instances and operating systems. Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2016 version 1709 are a part these GCE offerings. In this chapter, you will learn how to use DSC to configure the GCE Windows instances.
Ravikanth Chaganti

Chapter 19. Amazon Web Services and DSC

Abstract
In the two pervious chapters, you learned how to use PowerShell Desired State Configuration with Windows instances running on Azure and Google Cloud services. You learned how the Azure Automation DSC service can help with both cloud and on-premises instances of Windows systems. In this chapter, you will learn how to use DSC with AWS Elastic Compute 2 (EC2) instances.
Ravikanth Chaganti

Chapter 20. DSC with Containers

Abstract
Containers have existed for a while in the Linux world; now with Windows 10 and Windows Server 2016 containers have entered the Microsoft Windows world too. Containers accelerate application development, testing, and deployment and are useful in the dynamic data center and cloud environments where DevOps practices are implemented. You can get an application from a development environment to production in a completely automated way by building the container images in the development stage and then shipping the same image through validation and finally to production. The configuration needed for the application to work can be packaged into the image itself. In this chapter, you will explore how to use DSC with Windows containers using Server Core.
Ravikanth Chaganti

Backmatter

Weitere Informationen

Premium Partner

    Bildnachweise