Chef andwindows reactor

Configuration Management for Windows Server with Chef and

DSC

Jeffrey SnoverMicrosoft Technical Fellow

Lead Architect for Enterprise Cloud Group@jsnover

Steven MurawskiPrincipal Engineer @ Chef

Microsoft MVP – Cloud and Datacenter Management@stevenmurawski

Agenda• The Evolution of Windows Server and Automation• State of Configuration Management On Windows Server• Configuring Windows Server With Desired State Configuration (DSC)• Configuring Windows Server With Chef• Why Use DSC With Chef?• Bringing Legacy Infrastructure Under Control• Windows Server – Present and Future

LAB Machine Setup• RDP In

USERNAME: ChefPowerShell PASSWORD: P2ssw0rd!

• Open PowerShell from the ChefDK shortcut• Run chef-apply c:/setup.rb

On with the class!

Evolution of Windows Server

Server for the Masses

Enterprise Servers

Datacenter Servers

Cloud Servers

20016: An Automation Odyssey

The Evolution of Automation on Windows Server• 2006 - Windows PowerShell V1

Interactive Shell, Scripting Language, .Net cmdlets• 2009 – Windows PowerShell V2

Remoting, script cmdlets, modules• 2012 – Windows PowerShell V3

WMIv2 cmdlets, jobs• 2013 – Windows PowerShell V4

Desired State configuration• 2015/2016 – Windows PowerShell V5 RTM

DSC+++, Classes, Pester & Operational Validation Framework, Package mgmt., JEA, Remoting improvements, Security+++

• What they are really asking is: Why not:

Salt? Chef? Ansible? Puppet? CFEngine? GuardRail? BrewMaster?

• Lots of great tools for Unix, why not just use them?

Why DSC?

“Why PowerShell DSC?” is the wrong question

• Why PowerShell?• Why not just use *sh and the Unix utils?

Right Question

• If you can edit files and restart processes, you can manage Unix• awk, grep, sed are management tools

Unix is a document-oriented OS

• awk didn’t work against WMI• grep didn’t work against Active Directory• sed didn’t work against Registry

Windows is an API-oriented OS

• Unix CM tools “hit a brick wall” managing Windows• Need tools which work against an API-oriented OS

Why DSC?

State of Configuration Management On Windows Server• Until Desired State Configuration there

were MMCs and WMI as the default admin interface on Windows Server was no central standard for administrative automation and configuration (modulo

GP for clients) Chef and Puppet worked on Windows, mostly as very thin wrappers over a bunch

of PowerShell• Enter Desired State Configuration (DSC) platform which

identified a standard for how to define configuration management tasks supports a growing ecosystem of configuration management resources enables a resource-sharing hub – the PowerShell Gallery

DSC enables a rich ecosystem of CM tools that will compete on features vs coverage

Configuring Windows Server With Desired State Configuration

• New Keywords Configuration Node Import-DscResource

Find the lab at https://github.com/smurawski/chef-and-windows-lab

• New Automatic Variables ConfigurationData AllNodes Node

• Resources Binary Script WMI Class-based

https://github.com/smurawski/chef-and-windows-lab



wusa C:\Win8.1AndW2K12R2-KB3134758-x64.msu

LAB Exercise 1 – Build and Apply a Basic Configuration

https://github.com/smurawski/chef-and-windows-lab/tree/master/exercise-1



Configuring Windows Server With Chef• Chef is a mature platform with evolving capabilities around

Audit and Compliance Reporting and Analytics Continuous Delivery for Applications and Infrastructure

• Chef has embraced DSC and the Windows Server management model One of the first partners integrating DSC Started shipping support for DSC in September 2014

Why Use DSC with Chef?• DSC is great and Chef is great• DSC is a platform feature, not an end to end solution• DSC has some rough edges• How Chef helps• What DSC offers to Chef

Why Use DSC with Chef?• DSC is great and Chef is great

Both systems have strong capabilities on their own. Chef is a mature, flexible automation platform. DSC is built into the Windows operating system and has a growing ecosystem of

resources.• DSC is a platform feature, not an end to end solution• DSC has some rough edges• How Chef helps• What DSC offers to Chef

Why Use DSC with Chef?• DSC is great and Chef is great• DSC is a platform feature, not an end to end solution

DSC primarily is a platform feature (the Local Configuration Manager and the patterns for resources).

DSC has limited constructs for separating out environment specific data. There are workflow and management limits. You will need to build some tooling.

• DSC has some rough edges• How Chef helps• What DSC offers to Chef

Why Use DSC with Chef?• DSC is great and Chef is great• DSC is a platform feature, not an end to end solution• DSC has some rough edges

Resources in a configuration cannot execute conditionally. Resources cannot be reused inside other resources (outside of composite

resources). Parameters to resources have to be provided ahead of time.

• How Chef helps• What DSC offers to Chef

Why Use DSC with Chef?• DSC is great and Chef is great• DSC is a platform feature, not an end to end solution• DSC has some rough edges• How Chef helps

Use run-time information to determine how policy is applied. Constructs for modeling your environmental data – roles, environments, data bags,

and policyfiles. Workflow tooling in the Chef Development Kit (ChefDK), to help scaffold and

extend projects. Strong community of test tools including lint, syntax, unit, and

integration/acceptance. Compliance as a first-class citizen (testing tools, Audit mode, and Chef

Compliance). Chef server makes configuration and environment data available for reporting and

during configuration management tasks.• What DSC offers to Chef

Why Use DSC with Chef?• DSC is great and Chef is great• DSC is a platform feature, not an end to end solution• DSC has some rough edges• How Chef helps• What DSC offers to Chef

Resources, resources, and more resources.

More Resources == More Options

LAB Exercise 2 – Build and Apply a Basic Chef Recipe




Where Should I Use DSC Resources vs. Chef Resources?• 5 Questions For IT Operations

Is there a cookbook with resources or recipes on Supermarket that meets the use case?

Is there a DSC resource in PowerShell Gallery that meets the use case? How easily can I test that the (recipe/resource) meets my need? Is my team stronger in Ruby or PowerShell? What kind of community support is out there for the recipe/resource?



Is there a DSC resource in PowerShell Gallery that meets the use case? Very often the presence of a community resource or recipe can get us 80 to 90%

of the way to solving our problem. Even when there is overlap, there can be differences in their behavior.

How easily can I test that the (recipe/resource) meets my need? Is my team stronger in Ruby or PowerShell? What kind of community support is out there for the recipe/resource?



Is there a DSC resource in PowerShell Gallery that meets the use case? How easily can I test that the (recipe/resource) meets my need?

Probably the most important aspect, if you cannot verify what the resource or recipe does, you cannot trust the resource in production.

Is my team stronger in Ruby or PowerShell? What kind of community support is out there for the recipe/resource?



Is there a DSC resource in PowerShell Gallery that meets the use case? How easily can I test that the (recipe/resource) meets my need? Is my team stronger in Ruby or PowerShell?

If you have to build a custom resource or modify an existing one, where does your team’s skillset lie?

You will need to troubleshoot the application of resources at some point. What kind of community support is out there for the recipe/resource?



Is there a DSC resource in PowerShell Gallery that meets the use case? How easily can I test that the (recipe/resource) meets my need? Is my team stronger in Ruby or PowerShell? What kind of community support is out there for the recipe/resource?

One of the greatest parts of the Chef and PowerShell communities is the depth of the community support.

DSC is still fairly new in the PowerShell community.

Where Should I Use DSC Resources vs. Chef Resources?• For ISV (Independent Software Vendors),

if you build software to run on Windows Server

THERE ISNO

QUESTION

BUILD DSC RESOURCES

Windows Server 2016• Great server for

the Masses, the Enterprise, the Datacenter and now the Cloud• Cloud Competitive OS

Small and Fast Devops friendly Minimize attack service Minimize patches/reboots

• Ergo: NanoServer Desired State Configuration +++ WSA, Pkg Mgmt, Pester, OVT, JIT, JEA, Containers & Docker Remote Management Tool & Emergency Mgmt Console PowerShell Core

Bringing Legacy Infrastructure Under Control• When you have to make a change in a legacy code base, here is an algorithm you can use.

Identify change points. Find test points. Break dependencies. Write tests. Make changes and refactor.

Source: Feathers, Michael C. Working Effectively with Legacy Code. Upper Saddle River, NJ: Prentice Hall PTR, 2004.

Bringing Legacy Infrastructure Under Control• There is no “easy” button

It’s Just Not Going To Happen.

Get Over It.

LAB Exercise 3 – Using Pester To Define Acceptance Tests For

Legacy Infrastructurehttps://github.com/smurawski/chef-and-windows-lab/tree/master/exercise-3



Questions?Non-bullet slide subtitle

More Resources• https://learn.chef.io• https://msdn.microsoft.com/powershell• http://stevenmurawski.com/devops-reading-list • http://aka.ms/thereleasepipelinemodel (or http://aka.ms/trpm )• https://supermarket.chef.io• https://powershellgallery.com• https://github.com/powershell• https://github.com/chef-cookbooks

https://learn.chef.io/

http://msdn.microsoft.com/powershell

http://stevenmurawski.com/devops-reading-list

http://aka.ms/thereleasepipelinemodel

http://aka.ms/trpm

https://github.com/powershell



https://github.com/chef-cookbooks

Chef andwindows reactor

Technology

Transcript of Chef andwindows reactor