PowerShell DSC (i) Simple push mode

Recently, because of the company's business needs have been learning the content of open source platform, such as OpenStack and Docker and so on, looking at the puppet and chef has a bit of interest, along with it naturally found that the Windows platform also has its own native automation operations solutions, It is the PowerShell DSC (desired state configuration), which is literally understood as "desired configuration status," And I don't have much in-depth research on puppet and chef, but compared the two with PowerShell The implementation mechanism of DSC is found to be very much the same, in this also do not discuss who first who after the problem, not even think who replace who or who better use the problem, but for the win platform, even if the puppet itself is supported, but since there is the original PS DSC it must be preferred.

So in short, what does PowerShell DSC really do, what is the advantage, in fact, it is the same as Puppet's intention, is to face a large-scale deployment environment, we need to meet a certain degree of compliance, or at some point need to batch change configuration, in many cases, Group Policy or script is not very applicable, PS DSC does not need to enforce the domain environment, second it as an extension of the PS language, to need to declare in the configuration file you expect the target host is what kind of state, without concern about how to implement this state, such as you want to deploy IIS, then only need to declare you require this machine has IIS, As for what kind of command to install IIS you do not need to care, all this will be done by the operating system itself.

########################################################################################

PowerShell DSC has two modes, push and pull, because the benefit originates from the built-in PowerShell of the system, so there is no need to install the agent, push mode is easy to use, but the pull mode is more suitable for the planning of large-scale batch configuration changes, but also easy to modify, is the two modes of comparison , you can see that pull mode requires one of the drop server roles, which actually contains a defined web Serveice (Odata) that the client obtains through a URI and the corresponding GUID.

The implementation of the entire DSC is divided into three stages:

1. Create phase-Write DSC configuration and output the MOF format file (Management Object format) via Ise or simply using a tool such as Notepad.
   

2. Push or pull phase-transfers the corresponding MOF format file to the target client using the draw or push mode.

3. Execution phase-the client is built into the operating system via the local LCM (native configuration Manageer), and no additional configuration is required if the push mode is used, for Windows Server 2012R2 and 8.1来 say it's out of the box.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6C/58/wKiom1VG4l_CgbgyAANhBOOeWVo136.jpg "title=" 1374. Image_22ab5572.png "alt=" Wkiom1vg4l_cgbgyaanhbooewvo136.jpg "/>

Is my test environment, I prepared a DC in Azure, called pull server,ip:10.0.1.10

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6C/58/wKiom1VG4ePwkm1EAAI_J-Z_kXw050.jpg "style=" float: none; "title=" 2015-04-30_16-06-18.png "alt=" Wkiom1vg4epwkm1eaai_j-z_kxw050.jpg "/>

Another analog client, called Server01, is:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6C/54/wKioL1VG41KRseLyAAImLlZQWvM473.jpg "style=" float: none; "title=" 2015-04-30_16-06-43.png "alt=" Wkiol1vg41krselyaaimllzqwvm473.jpg "/>

After the operating system is deployed, the default is to provide 12 out-of-the-box resources, you can use Get-dscresource to obtain the appropriate information, DSC management and maintenance of each kind of configuration is called "Resources", through the system comes with these resources can achieve most common maintenance work, For example, add delete server roles, copy files, create users and groups, maintain system services, and so on, such as:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6C/58/wKiom1VG4eSCRLgXAAe4fOhy6wM311.jpg "style=" float: none; "title=" 2015-04-30_16-07-05.png "alt=" Wkiom1vg4escrlgxaae4fohy6wm311.jpg "/>

The following is the simplest and most commonly used windowsfeature for example, you can first see what his attributes are defined, such as the name of the resource, DependsOn can define the need to add feature is based on that dependent role, through which you can implement different resources Change Order , in or ensure is the definition of whether this function is on or off, i.e. "absent or present"

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6C/54/wKioL1VG41Pjcob0AAWzjD-KkDI304.jpg "style=" float: none; "title=" 2015-04-30_16-12-41.png "alt=" Wkiol1vg41pjcob0aawzjd-kkdi304.jpg "/>

Here is a simple example, I specify a DSC configuration file named Winserver, which declares that the node is Server01, Then expect this server to have two windowsfeater, respectively, Windowsbackup and Telnetclient, and then execute the script directly after editing, such as:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6C/58/wKiom1VG4eWzjrD8AAXWPZxyngc090.jpg "style=" float: none; "title=" 2015-04-30_16-32-03.png "alt=" Wkiom1vg4ewzjrd8aaxwpzxyngc090.jpg "/>

The above script does not return any messages after execution, this is I create a new folder called script and under this folder to execute the configuration name I defined above (DSC configuration file name, in the first line), that is "Winserver", If there is no error after execution, a MOF file that is consistent with node name is generated in the current directory, such as:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6C/54/wKioL1VG41ThQk09AAYqx258uq8112.jpg "style=" float: none; "title=" 2015-04-30_16-35-00.png "alt=" Wkiol1vg41thqk09aayqx258uq8112.jpg "/>

The final thing is to get this MOF file to the target node to perform the configuration I expected, and you can view the contents of the file as follows:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6C/58/wKiom1VG4eawOMBuAAfx306oFwQ562.jpg "style=" float: none; "title=" 2015-04-30_16-36-09.png "alt=" Wkiom1vg4eawombuaafx306ofwq562.jpg "/>

I then use the simple push mode to get this MOF to SERVER01, push mode only need to execute "start-dscconfiguration" and specify the MOF file path, after success will generate a job in the background of the system, of course, you can also specify the job name, such as:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6C/54/wKioL1VG41TRiY4QAAaKn9I0ZTo186.jpg "style=" float: none; "title=" 2015-04-30_16-37-39.png "alt=" Wkiol1vg41triy4qaaakn9i0zto186.jpg "/>

After a while, the job has been found to be completed, such as:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6C/58/wKiom1VG4ebj2J_8AAWsK9PeCK4025.jpg "style=" float: none; "title=" 2015-04-30_16-40-57.png "alt=" Wkiom1vg4ebj2j_8aawsk9peck4025.jpg "/>

Log on to Server01 and see, OH ~windowsbackup and telnetclient are already installed, such as:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6C/54/wKioL1VG41XBvTjsAAXnx6GHSMA558.jpg "style=" float: none; "title=" 2015-04-30_16-43-27.png "alt=" Wkiol1vg41xbvtjsaaxnx6ghsma558.jpg "/>

The above is a very simple example of how DSC has an absolute advantage when making configuration changes to a large-scale environment, first the script is lighter, and the key is to check whether the change meets the requirements by Test-dscconfiguration. There are many other programs that can achieve the effect of execution, but whether it is successful or whether 100% is done according to the administrator's wishes is unclear.

#####################################################################################

In addition, in the DSC configuration file can also be customized properties, for example, I used a variable to nodename, at execution, I can define the "-vmname" to specify which node

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6C/58/wKiom1VG4efxvr8pAAc_FMhxbCk043.jpg "style=" float: none; "title=" 2015-04-30_18-26-12.png "alt=" Wkiom1vg4efxvr8paac_fmhxbck043.jpg "/>

When you make a push configuration, you can use-wait and verbose to view the background logs in real time, such as:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6C/54/wKioL1VG41WBCwAuAAnPV4OsiQg762.jpg "style=" float: none; "title=" 2015-04-30_18-26-38.png "alt=" Wkiol1vg41wbcwauaanpv4osiqg762.jpg "/>

######################################################################################

The above is a simple introduction to the PowerShell push mode, if the system is not satisfied with the 12 resources built in or feel enough, you can get a richer resource package from the official, such as:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6C/54/wKioL1VG41bDgZ8EAAcEIJeaIsA260.jpg "style=" float: none; "title=" 2015-05-01_15-50-52.png "alt=" Wkiol1vg41bdgz8eaaceijeaisa260.jpg "/>

The latest is Wave 10, which already contains a very rich resource, I think enough to use.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6C/58/wKiom1VG4ejQPnplAAVPEcWcvSE277.jpg "style=" float: none; "title=" 2015-05-01_15-51-12.png "alt=" Wkiom1vg4ejqpnplaavpecwcvse277.jpg "/>

There are many resource module X at the beginning of the package, the reason is that the x is the unofficial, of course, if the use of problems can be spoken on the TechNet forum, there are many replies.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6C/58/wKiom1VG4emBS54PAAZdbMK9jOY742.jpg "style=" float: none; "title=" 2015-05-01_15-52-01.png "alt=" Wkiom1vg4embs54paazdbmk9joy742.jpg "/>

To use these resources locally, you need to be aware of the decompression path, which must be in the place shown.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6C/54/wKioL1VG41fRmx4xAAU6p5YIw1M536.jpg "style=" float: none; "title=" 2015-05-01_15-53-04.png "alt=" Wkiol1vg41frmx4xaau6p5yiw1m536.jpg "/>

After the success can see 179 resources, enough to enrich it.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6C/58/wKiom1VG4engVX6wAA3Os_DU0w0493.jpg "style=" float: none; "title=" 2015-05-01_15-55-32.png "alt=" Wkiom1vg4engvx6waa3os_du0w0493.jpg "/>

Find a way to see exactly how strong the DSC, even SCVMM deployment can also, its properties actually feel and unattended deployment almost, using-syntax can be very convenient to view the syntax, such as:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6C/54/wKioL1VG41jAAbIzAAXWkhHfLms545.jpg "style=" float: none; "title=" 2015-05-01_16-03-50.png "alt=" Wkiol1vg41jaabizaaxwkhhflms545.jpg "/>

Depending on the syntax defined in the resource, it is interesting that the package of interest can be tried constantly in its own environment.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6C/58/wKiom1VG4eqz6ZMMAATfeRF5CZI782.jpg "style=" float: none; "title=" 2015-05-01_16-04-29.png "alt=" Wkiom1vg4eqz6zmmaatferf5czi782.jpg "/>

#######################################################################################

PowerShell DSC is also a cross-platform, it is also able to manage Linux, but for those who have used puppet or chef, there is no need to go to the DSC, continue to maintain the status quo is OK, on the contrary, in particular, the people who contact, especially Winos ITPro, I believe PowerShell DSC is definitely the primary consideration.

This article is from the "Technology Not Home" blog, please be sure to keep this source http://maomaostyle.blog.51cto.com/2220531/1641682

PowerShell DSC (i) Simple push mode