8/12/2019 DSC Deployments
1/15
DSC deploymentsSachin, Praneeth, Pavan & Saranath
8/12/2019 DSC Deployments
2/15
What is DSC?
Declarative artifactMake it so, define what you want the final state to be
PS based extensible provider model to support custom providers and platformproviders
It provides Language extensions,
Cmdlets to manage configuration,
Built-in resources
Ships the agent with server OS. Declarative syntax
Can parameterize the configuration
Uses powershell remoting
For each node in configuration you get a MOF file generated.
8/12/2019 DSC Deployments
3/15
Overall DSC Workflow
MOFs(Extensible to
otherformats like JSON/XML
etc)
(Contains only DSC data)
3rdparty languages
and tools
Authoring Phase
(May include imperative as well
as declarative code)
Staging Phase
(Fully declarative configuration
representation using DMTF standard
MOF instances)
PS V1, V2, V3
PS V4***
Application Phase
(Declarative configuration
imperative providers.)
Agent of
Consistency
Impe
Prov
Impe
Prov***On top of PSV3 imperative
features, PSV4 adds:
Declarative syntax extensions
Schema-driven Intellisense
Schema validation (early-
bound)
Providers implement chan
Monotonic
Imperative
Idempotent
8/12/2019 DSC Deployments
4/15
Push and Pull Models
Binaries
+ MOF
DSC
N1
N3
PUSHAdhoc operations
Source Code
+ PS DSC
Binaries
+ MOF
DSC
N1
N3
PULLGets to cloud Scale
Pull Server
Source Code
+ PS DSC
WSMan pushes config to Managed Node,
Binary packages are always pulled.
Supports both SMB & Http.
8/12/2019 DSC Deployments
5/15
Generation
Developer Model
PS DSC
Script
Source
DSC
Resource
Module
PowerShell V4MOF
Generated Configuration
Documents (MOF)
PowerShell Language extensions
compile PowerShell DSC
source + resource modules to produce
per node configuration documents.
Developer authors a
PowerShell scriptusing DSC language
extensions in ISE or
VS.
DSC
ResourceModule
DSC
ResourceModules
Managed
NodesManage
NodesManag
NodeMana
Nod
M
coth
ta
8/12/2019 DSC Deployments
6/15
Same Config multiple environments
PS DSC source
Dev Environment
Dev EnvironmentTest Environment
Dev EnvironmentDev EnvironmentDev Environment
Production
Environment
8/12/2019 DSC Deployments
7/15
DSC AUTHORING - DEMO
8/12/2019 DSC Deployments
8/15
DSC In-box Providers
1. Archive - to unpack archive (.zip) files at a specific path.
2. Environment - to manage system environment variables.3. File - to manage files and folders on the target node.
4. Group - to manage local groups on the target node.
5. Package - to install or uninstall packages, such as Windows Installer and setu
6. Process - a mechanism to configure processes on a target node.
7. Registry - to manage registry keys and values on a target node.
8. Role - provides a mechanism to ensure that roles and features are added orremoved
9. Script - a mechanism to run Windows PowerShell script blocks on target nod
10. Service - provides a mechanism to manage services on the target node.
11. Logsends logs to windows event log.
12. User - to manage local user accounts on the target node.
8/12/2019 DSC Deployments
9/15
8/12/2019 DSC Deployments
10/15
Implementing customDSC Providers
Resource definition fileschema.mof
Resource implementation file
.psm1
Get-TargetResource: Get-TargetResource is used to get the status of the enby the resource.
Test-TargetResource: Test-TargetResource is used to determine whether thmodeled by resource is in a desired state or not.
Set-TargetResource: Set-TargetResource is used to verify that the entity moresource is in a desired state. If the entity modeled by the resource is not instate, then the functionality of Set-TargetResource is responsible for puttingin the desired state.
Deployment of DSC resource: x-copy deployed
8/12/2019 DSC Deployments
11/15
Configuration Delivery
Default delivery mechanism (Can be changed in LCM to Pull)
PS C:\> $Session = New-CimSessionComputerName "Server01"Credentia
FAREAST\pryenugu PS C:\> Start-DscConfiguration -Path "C:\DSC\Configurations\" -CimSession $
Test-DscConfiguration
Get-DscConfiguration
8/12/2019 DSC Deployments
12/15
Agent Components Local Configuration Manager (LCM)
Primary push interface
Manages local config store
Local Config store
Holds the configuration documents
Pending, Current, Previous1, Previous2,
Currently stored as files under $ENV:SystemRoot\System32\Configurati
Consistency engine Processes the configuration document and calls the providers
Loads modules from pull server if needed
Provider Modules
Downloaded provider modules are placed in:
$ENV:CommonProgramFiles \WindowsPowerShell\Modu
8/12/2019 DSC Deployments
13/15
Local Configuration Manager
Customizes how the DSC Engine operates in the target deployment node.
Configuration LocalConfigurationManager {
param($ComputerName)
Node $ComputerName
{
LocalConfigurationManager
{
ConfigurationMode="ApplyandAutoCorrect"
ConfigurationModeFrequencyMins =30
RebootNodeIfNeeded = $True
RefreshFrequencyMins = 15
RefreshMode = "Pull"
}
}
}
8/12/2019 DSC Deployments
14/15
Supported Platforms
DSC Ships in the box with Windows 8.1, Windows Server 2012r2
DSC will be a part of Windows Management Framework (WMF) WMF ships as an optional update
WMF goes downlevel to WS 2012, WS2008R2, Win7 and Win8
8/12/2019 DSC Deployments
15/15
Asks for DSC (aka gaps)
Synchronization/Orchestration across multi-machine deployments
Collection of detailed logs on deployment
Multiple mofs per node
Combined CSM and DSC model
Rich provider support
Requirement Feature
I can deploy PS scripts to an y tier easily using CSM+DSC OS DSC Provider & related CSM resource extension
I can Understand status including completion across multi-tier environment in pull mode. Agent nodes to report status
I can deploy to transient environments without explicit agent registration to server Bootstrap environments to listen to a pull server on the fly
I can publish new configurations/modules to pull server over HTTP from TFS A simple upload mechanism to pull server
I can reliably deploy using Pull deployment model Stability issues/Tenets/Perf/Stress etc should be handled
I can install multiple applications in th e same environments Multiple MOFs per node [Merging/etc]
I can deploy easily to the data tier using CSM+DSC SQL DSC Provider & related CSM resource extension
I can deploy easily to the web tier using CSM+DSC IIS DSC Provider & related CSM resource extension
I can control access to the push server Fine grained access control around push
I can move files over WAN more rapidly More efficient DSC fileprovider to handle file syncs across WAN like rsync
I can secure secrets used in my deployment configurations Crypto store for secrets
I can easily diagnose failures in pull model. Fetch agent logs in Pull server & Consistent Interface for logging in provid
I can deploy applications "instantaneously" in pull model. Poke to Pull.
I can install, find & update PS modules in various artifact galleries. Install/Find/Update Module
I can control node level access to the pull server Basic access control around which nodes can pull
I can compose multiple modules to build my master deployment script Class based composition
I can consume modules from feeds and install them for my use Module as Feed [like Nuget package]
,