Agenda - Meetupfiles.meetup.com/3800542/Nik Charlebois - SharePointDSC.pdf · • DSC Module:...
Transcript of Agenda - Meetupfiles.meetup.com/3800542/Nik Charlebois - SharePointDSC.pdf · • DSC Module:...
Agenda
Quick recap of Desired State Configuration (DSC)
Practical DSC – On-Prem
Practical DSC - Azure
Reverse DSC
Desired State Configuration (DSC)
• Requires PowerShell 4 or greater (WMF);
• Responsible for bringing/keeping a machine in its Desired State;
• Available both On-Prem and in Azure Automation & IaaS;
Before we begin…
• Local Configuration Manager (LCM):
Engine responsible for ensuring the current machine is in its Desired State;
• DSC Module:
Represents a package responsible for configuring various aspects of a system. A module is normally associatedwith a software component (e.g. xEchange, xActiveDirectory, SharePointDSC, etc.);
• DSC Resource:
Responsible for configuring a specific aspect of a software. Each DSC Module is made of one or several resources(e.g. User, Mailbox, SPWebApplication, etc.);
DSC Modules and Resources
xActiveDirectory
• MSFT_xADGroup
• MSFT_xADUser
• […]
xSCOM
• MSFT_xSCOMManagementPack
• MSFT_xSCOMReportingServerSetup
• […]
SharePointDSC
• MSFT_SPWebApplication
• MSFT_SPSite
• MSFT_SPSearchServiceApplication
• [..]
xExchange
• MSFT_xExchMailboxDatabase
• MSFT_xExchEventLogLevel
• […]
DSC Configuration Script
• Where you define your Desired State.
• PS1 script defining a special « Configuration » keyword (behaves like a method);
• Upon calling the configuration, generates a .MOF file;
What Does it Look Like?
Start-DSCConfiguration
• PowerShell cmdlet that sends the .MOF info to the Local Configuration Manager;
• Tells the LCM to start bringing the current machine in its Desired State right now;
• Asynchronous by default, use –Wait to make synchronous call;
• Used for « Push » Refresh Mode;
Troubleshooting DSCApplications and Services Logs > Microsoft > Windows > Desired State Configuration > Operational
Secure Credentials
• By default securables are stored as plain text in the MOF file;
• Need to certificate to encrypt the content in MOF file;
• Specify the Certificate (.cer) and its Thumbprint in the configuration data;
Local Configuration Manager
• Responsible for:
• Determining refresh mode (push or pull);
• Determining pull frequency;
• Associating the nodes with the pull servers;
• Handle partial DSC;
Local Configuration Manager […]
• Keeps the MOF in memory as a DSCConfigurationDocument object;
• Get-DSCConfiguration returns the MOF currently in memory;
• Remove-DSCConfigurationDocument –Stage Current removes the current MOF from memory;
LCM Refresh Modes
• Disabled:
• No DSC configuration specified;
• Push:
• Configurations were started by the Start-DSCConfiguration cmdlet;
• Configurations are applied immediately to the node;
• Default value;
• Pull:
• Regurarly ping a central server (a.k.a. Pull Server) to check
compliance with specified Desired State;
LCM Refresh Frequency
• Only applicable to Pull Server mode;
• Specify, in minutes, intervals for pinging the Pull Server;
• Default is 30 minutes;
• Valid range is between 30 and 44640 minutes (31 days);
LCM Configuration Modes
• ApplyOnly:
• Once the configuration is applied, LCM doesn’t do anything else unlessa new Configuration is received;
• ApplyAndMonitor:
• Apply the configuration, checks on a regular basis if the configuration drifted from Desired State and log discrepencies (Default);
• ApplyAndAutoCorrect:
• Apply the configuration, checks on a regular basis for
compliance, log discrepencies and automatically bring the
machine back in to its Desired State.
LCM Configuration Frequency
• Time interval, in minutes, where the LCM checks the current state to see if it steered away from Desired State;
• Default is 15 minutes;
• Valid range is between 15 and 44640 minutes (31 days).
Partial DSC• New in WMF 5.0;
• Allows for the Desired State to be fragmented into several configurations;
• Enables better control over Governance of each partial DSC;
• Ex:
• Team A controls IIS, Team B controls SQL Server;
• Team A is responsible for deploying VM and OS, Team B is responsible for the Application layer;
• LCM is responsible for putting the fragments back together on the machines.
Mixed Refresh Mode• There are really only two Refresh Modes:
• Push
• Pull
• In partial DSC, each fragment can be associated with whatever RefreshMode;
• For a single server, you can have some DSC fragments using Push whileothers use Pull;
• Can be pulled from multiple Pull Servers.
Azure Automation DSC (AADSC)• Need to create an Azure Automation Account;
• Allows us to publish DSC configuration scripts in the cloud;
• DSC Configuration Scripts are compiled and checked for validity;
• Acts just like an On-Premises Pull server would;
• DSC Script can be assigned to VM by creating a custom extension;
AADSC Assets• Types of Assets:
• Schedules
• Modules
• Certificates
• Connections
• Variables
• Credentials
A SharePoint DSC Module• Open Source at:
• http://github.com/PowerShell/SharePointDSC
• Was the first DSC Resource to lose its ‘x’;
• Current version is 1.4.0.0.
• Currently looking at options to convert existing AutoSPInstaller scripts intoDSC Configuration script;
A Look Inside• SPWebApplication
• SPSite
• SPWeb
• SPManagedAccount
• SPFeature
• …
Anatomy of a DSC Resource
• Set-TargetResource -> Here is how I want you to configure me!
• Get-TargetResource -> How am I currently configured?
• Test-TargetResource -> Am I in my Desired State?
LCM
Desired State Info
Get-TargetResource
Test-TargetResource
Current State Info
Is Current = Desired
Yes
Set-TargetResourceNo
So…
• Get-TargetResource is included in every resource…
• Get-TargetResource returns me the current state of any given server for a resource…
• Using PowerShell we can dynamically call into all Get-TargetResourcemethods inside a Module…
Introducing a new concept
Reverse DSC!https://github.com/PowerShell/SharePointDsc/pull/396/files
The “Ahhhh” moment
• I can get an exact picture of how my existing environment is configured!
• I can export the result of calling all Get-TargetResource as a DSC script!
• I can use that script to create an exact replica of an existing environment or on-board an existing environment onto DSC!
• …I can even take an on-premises environment…..take that Reverse DSC and…. push a replica in Azure!
Imagine the possibilities
• Analyze best practices
• Quickly replicate on-prem to Azure;
• Compare configuration drifts between 2 environments;
• Replicate a client’s environment for troubleshooting;
• Enroll existing environment onto DSC for Monitoring and compliance;
• DEV/TEST
• DEVOps
• ….