PowerShell V4 Desired State Configuration – My Precio… ops… Desired !!!!!


So far what i am reading about PowerShell V4 what most interested me was DSC or Desired State Configuration.

In simple words, DSC it is a HUGE (probably it will be) INI file that you can setup rather than use coding in  PowerShell (actually you have a resource that you can use codes) , you will use blocks and its properties.  These blocks are called Resources. Each resource has its properties that you can setup. It is a FANTASTIC auditing tool !!!

This “INI” File , or a better name – configuration file, will have all your desired setup  for your servers. I mean, if you want to ensure that your servers (or server) have a particular feature (or role), you just need to assign it  in its corresponding resource, in this case Windows PowerShell Desired State Configuration Role Resource  * the roles must have the same name returned by Get-WindowsFeature

Ensure that all my core servers have the .Net 4.5 installed:

WindowsFeature {
Ensure = "Present"
Name = ".Net-Framework-45-Core"
}

 

You can also ensure that a particular resource is uninstalled , by changing the Ensure property to “Absent”

You can see that there is no PowerShell code , only in the Script resource  or if you want to build your own resource. WHAT ?  yesssss. PowerShell 4.0 ships with some DSC built-in resources – Built-In Windows PowerShell Desired State Configuration Resources, but you can create custom DSC resources that fits what your policy company needs – Build Custom Windows PowerShell Desired State Configuration Resources (of course that my brain is starting to figure out what I can do with SQL Server).

It is a interesting that you can apply the setup by demand (when you want or need to audit) or scheduling the time, using a DSC Local Configuration Manager

The DSC Local Configuration Manager  is a DSC file where you setup how and when your configurations files will be applied in your servers (time to check, what action to perform.etc) – Windows PowerShell Desired State Configuration Local Configuration Manager – Unfortunately this document have some wrong information’s and I had to figure out how to use it. In fact , since we still don’t have a good documentation about DSC (and I am not a MVP to have access some privileged information 0 or a Posh Guru), I don’t know if what I did is the right way to use the DCS Local Configuration Manager, but it worked and I could see the power of the DSC.

Lets see my test :

I built 3 Hyper-V Vms using my  post : Full automation of the installation of Hyper-V VM – (W2012 / SQL2012).Core using PowerShell 3.0/Workflows , but in this case I just change the answer file to Windows Server 2012 R2 (GUI), created the ISO  and removed the installation of SQL Server in the workflow. Yes..Yes.. no more next, next, finish. My servers were called Server2012R2-1, Server2012R2-2 and Server2012-3

Also I setup a Windows  8.1 VM, that will be my “DSC Local Manager” .

My test was a simple test. I created a folder in each server called ZIP and put a zip file in there. Then I wanted to check how the DSC ConfigurationManager  file works and mainly, if it works.

First Step, create the DSC Configuration Manager File in my Local Configuration Machine, the windows 8.1, called Luke.

cd\
MD DSCSettings\LocalConfigurationManager #folder to the DSC Local Manager Setup files of my servers
MD DSCSettings\Servers #folder to the configuration files to apply in my servers

 

As I pointed above, the technet documentation is wrong in the name of the block and in the properties name  to set the interval to check the servers.

The technet point to :

“To see the type of a property: in the Windows PowerShell ISE, place the cursor on the DesiredStateConfigurationSettings keyword within your configuration script, hold down the Ctrl key, and press the Spacebar.”

In fact the block is called LocalConfigurationManager

and in the properties, it points to :

ConfigurationRefreshFrequencyInSeconds

Represents the frequency at which the Local Configuration Manager attempts to enact the current configuration. This ensures that any changes that occur in the configuration return to the desired configuration state.

PullActionRefreshFrequencyInSeconds

Represents the frequency at which the Local Configuration Manager attempts to update the desired configuration from the server. If a new configuration exists, it is copied to the pending store and enacted

No, the properties are

ConfigurationModeFrequencyMins and RefreshSequencyMins

My Configuration setup is :

Configuration LocalConfigurationManager {

Param($ComputerName)

Node $ComputerName {

LocalConfigurationManager{

ConfigurationMode="ApplyandAutoCorrect"
ConfigurationModeFrequencyMins =30
RebootNodeIfNeeded = $True
RefreshFrequencyMins = 15
RefreshMode = "Pull"

}

}

}

and I saved into C:\DSCSettings\LocalConfigurationManager.ps1

As I wanted to apply to my 3 servers, I am passing as parameter the name of the Server and in the Node block it has the properties that I want to setup.

The ConfigurationMode (also wrong in the techNet)  property is used to setup what action you want to do it. it can be :

Ha. In here I got a problem. I could not find what values it could be. (perhaps I didn’t do a good research) , but I didn’t lost my time so much and opening the file Get-DSCLocalConfigurationManager.cdxml  in the C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration folder  I realized that IT has A CLASS  in the  root/Microsoft/Windows/DesiredStateConfiguration namespace - ClassName=”root/Microsoft/Windows/DesiredStateConfiguration/MSFT_DSCLocalConfigurationManager”

Amazing..!!!

class

Now it is just play around Get-WmiObject

My first Step was to get the list of the classes and I got one called MSFT_DSCMetaConfiguration

Get-WmiObject -Namespace "Root\Microsoft\Windows\DesiredStateConfiguration" -List

Then was just go on inside it to get what values I can have in each property. coooooolllll !!!! (I could not do it directly calling the class, I had to use where-object’s. I don’t know why. Perhaps some Posh Guru can help me in this)

Get-WmiObject -Namespace "Root\Microsoft\Windows\DesiredStateConfiguration" -List |
Where {$_.name -eq "MSFT_DSCMetaConfiguration"} |
SELECT -ExpandProperty Properties |
select @{Expression={$_.name};Label="Property Name"} -ExpandProperty Qualifiers

 

class2

 

And I got what values the ConfigurationMode property can have : {ApplyOnly, ApplyAndMonitor, ApplyAndAutoCorrect}

Backing to our Local Management Configuration file, the next properties are easy to understand and you can see at the link that I provide above.

One this that I could see is that I cannot change the ConfigurationModeFrequencyMins  less than 30 and RefreshFrequencyMins less than 15 minutes. Or I am doing something wrong or it is the minimum value acceptable .

Then I  created the MOF Files to my 3 servers and applied to them, in my Windows  8.1 Machine, where I am doing the entire process :

LocalConfigurationManager -outputpath "C:\DSCSettings\LocalConfigurationManager" -computername Server2012R2-1,Server2012R2-2,Server2012R2-3

Set-DscLocalConfigurationManager -path "C:\DscSettings\LocalConfigurationManager" -computername Server2012R2-1,Server2012R2-2,Server2012R2-3

My final script is :

Configuration LocalConfigurationManager {

Param($ComputerName)

Node $ComputerName {

LocalConfigurationManager{

ConfigurationMode="ApplyandAutoCorrect"
ConfigurationModeFrequencyMins =30
RebootNodeIfNeeded = $True
RefreshFrequencyMins = 15
RefreshMode = "Pull"


}


}


}


LocalConfigurationManager -outputpath "C:\DSCSettings\LocalConfigurationManager" -computername Server2012R2-1,Server2012R2-2,Server2012R2-3

Set-DscLocalConfigurationManager -path "C:\DscSettings\LocalConfigurationManager" -computername Server2012R2-1,Server2012R2-2,Server2012R2-3

 

It will create MOF file to each server : It will differ from the other MOF files because it has the META in the name, probably indicating that is a Local Configuration Manager file

class3

Now I need to create the configuration file to extract the zip files in each server. My script was :

Configuration WindowsServerParametrized {

param($ComputerName)

Node $ComputerName {

Archive UnZipfiles {

Ensure = "Present"
Path = "c:\zip\zip.zip"
Destination = "C:\zip"
Force = $True
}


}
}


WindowsServerParametrized -outputpath "C:\DSCSettings\servers" -computername Server2012R2-1,Server2012R2-2,Server2012R2-3

and was created the MOF files to each server in the servers folder :

class4

So , as I said before, I created a folder c:\zip in each server and put a zip file in this folder.

At this time, I would like to test the frequency to check if it will run each 30  minutes and if it will works to unzip the files. Then I ran the START-DscConfiguration cmdlet forcing it, because I setup the RefreshMode property in the Local Configuration Management File as PULL to automatic check  . According documentation :

  • Push: In this mode, when you want to apply a new configuration to the machine, you must do so by running the Start-DscConfiguration cmdlet.
  • Pull: In this mode, the machine regularly checks for configuration updates on the server that is specified by using the PSComputerName property.

  • Start-DscConfiguration -wait -path "C:\DSCSettings\servers" -force

    A detail that I got it is the Configuration files for each machine (not the Local Configuration Management file) just is showed with the cmdlet Get-DscConfiguration when I ran for the first time. Well ..humm..pretty  obvious

    AND IT WORKED !!!!  uhuuuu !!! In my 3 servers the zip file was unzipped, following the Configuration File properties (destination path..etc)

    Ok. Now I wan to check the frequency.I mean, if it will really run in each 30  minutes. But how can I check that ?

    I created a WMI Event in each server to check when a new file is created in the zip folder (when the zip file us unzipped) and out-file to a txt with the current time of the process and then delete the unzipped file . This way I am tracking the frequency.


    [scriptblock]$block = {

    $query = "Select * from __InstanceCreationEvent WITHIN 5 WHERE TargetInstance ISA 'CIM_DataFile' AND TargetInstance.Drive='C:' AND TargetInstance.Path='\\ZIP\\'"
    Register-WmiEvent -Query $query -action {
    "File Created $(get-date)" | Out-file c:\filewatch\FileWatch.txt -Append
    sleep 10
    del c:\zip\*.txt
    }
    }


    $servers = @('server2012R2-1','server2012R2-2','server2012R2-3')
    $Session = New-PSSession -computername $servers
    Invoke-Command -ScriptBlock $block -Session $Session




    and I left running and after some time I checked the FileWatch.txt in each server :  AND :

    class5

    UHUUUUUUUUUUUUUUUUUUUUUU !!!!!!!

    if I check the frequency :

    class6

    30 minutes between each one.

    Well, I think that is one of the most exciting feature so far in PowerShell. Unfortunately there is not so much documentation to read and study, but I am pretty sure that soon my gurus will do it.

    Some links to check:

    PowerShell 4.0 – A first look  – Jeffery Hicks

    PowerShell 4: Desired State Configuration a Must-Have Feature – Don Jones

    Windows PowerShell Desired State Configuration Overview – TechNet

    About Laerte Junior

    Laerte Junior Laerte Junior is a SQL Server specialist and an active member of WW SQL Server and the Windows PowerShell community. He also is a huge Star Wars fan (yes, he has the Darth Vader´s Helmet with the voice changer). He has a passion for DC comics and living the simple life. "May The Force be with all of us"
    This entry was posted in Algo que Esqueci de Categorizar. Bookmark the permalink.

    5 Responses to PowerShell V4 Desired State Configuration – My Precio… ops… Desired !!!!!

    1. I really, really enjoyed to read this Article! Well done and easy to follow and understand.
      Even I thank you for your explanations of the documentation bugs and how to look inside the cdxml stuff.
      You need no PowerShell guru! You are one!

      greets
      Peter Kriegel

      http://www.admin-source.de

    2. This is really an awesome post!

    3. I was looking for an extensive resource on the “Pull” method and this is the perfect post for it…..so detailed explanation.
      Great Work Sir…Thanks for sharing it.
      Regards

    4. Pingback: PowerShell Desire State Configuration – My first experiences | Anything about IT

    Leave a Reply

    Fill in your details below or click an icon to log in:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out / Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out / Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out / Change )

    Google+ photo

    You are commenting using your Google+ account. Log Out / Change )

    Connecting to %s