windows powershell desired state configuration revealed978-1-4842-0016-2/1.pdf · without a second...

Windows PowerShell Desired State

Configuration Revealed

Ravikanth Chaganti

Windows PowerShell Desired State Configuration Revealed

Copyright © 2014 by Ravikanth Chaganti

This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. Exempted from this legal reservation are brief excerpts in connection with reviews or scholarly analysis or material supplied specifically for the purpose of being entered and executed on a computer system, for exclusive use by the purchaser of the work. Duplication of this publication or parts thereof is permitted only under the provisions of the Copyright Law of the Publisher’s location, in its current version, and permission for use must always be obtained from Springer. Permissions for use may be obtained through RightsLink at the Copyright Clearance Center. Violations are liable to prosecution under the respective Copyright Law.

ISBN-13 (pbk): 978-1-4842-0017-9

ISBN-13 (electronic): 978-1-4842-0016-2

Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image, we use the names, logos, and images only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark.

The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights.

While the advice and information in this book are believed to be true and accurate at the date of publication, neither the author nor the editors nor the publisher can accept any legal responsibility for any errors or omissions that may be made. The publisher makes no warranty, express or implied, with respect to the material contained herein.

Publisher: Heinz WeinheimerLead Editor: Gwenan SpearingDevelopment Editor: Chris NelsonTechnical Reviewer: Shay LevyEditorial Board: Steve Anglin, Mark Beckner, Ewan Buckingham, Gary Cornell, Louise Corrigan, Jim DeWolf,

Jonathan Gennick, Robert Hutchinson, Michelle Lowman, James Markham, Matthew Moodie, Jeff Olson, Jeffrey Pepper, Douglas Pundick, Ben Renow-Clarke, Dominic Shakeshaft, Gwenan Spearing, Matt Wade, Steve Weiss

Coordinating Editor: Christine Ricketts Copy Editor: Michael G. LaraqueCompositor: SPi GlobalIndexer: SPi Global Artist: SPi GlobalCover Designer: Anna Ishchenko

Distributed to the book trade worldwide by Springer Science+Business Media New York, 233 Spring Street, 6th Floor, New York, NY 10013. Phone 1-800-SPRINGER, fax (201) 348-4505, e-mail [email protected], or visit www.springeronline.com. Apress Media, LLC is a California LLC and the sole member (owner) is Springer Science + Business Media Finance Inc (SSBM Finance Inc). SSBM Finance Inc is a Delaware corporation.

For information on translations, please e-mail [email protected], or visit www.apress.com.

Apress and friends of ED books may be purchased in bulk for academic, corporate, or promotional use. eBook versions and licenses are also available for most titles. For more information, reference our Special Bulk Sales–eBook Licensing web page at www.apress.com/bulk-sales.

Any source code or other supplementary material referenced by the author in this text is available to readers at www.apress.com. For detailed information about how to locate your book’s source code, go to www.apress.com/source-code/.

http://[email protected]

www.springeronline.com

http://[email protected]

www.apress.com

www.apress.com/bulk-sales

www.apress.com

www.apress.com/source-code/

Without a second thought, this book is dedicated to my loving wife, Silpa, and my son, Kaustubh. Words can’t express how much I love you both!

v

Contents at a Glance

About the Author �� xv

About the Technical Reviewer �� xvii

Acknowledgments �� xix

Introduction �� xxi

Part I: Introduction to Windows PowerShell ■ �� 1

Chapter 1: Beginning Windows PowerShell� ■ ��3

Chapter 2: Introducing Windows Remote Management and CIM ■ ��43

Part II: Desired State Configuration Essentials ■ �� 75

Chapter 3: Introducing Desired State Configuration ■ ��77

Chapter 4: Getting Started with DSC� ■ ��91

Chapter 5: Using Built-in DSC Resources ■ ��113

Chapter 6: Building Advanced DSC Configurations ■ ��151

Part III: Advanced DSC Concepts and Tips ■ �� 177

Chapter 7: DSC Configuration Delivery Modes ■ ��179

Chapter 8: Monitoring, Correcting, and Reporting Configuration ■ ��207

Chapter 9: Building Custom DSC Resources ■ ��223

■ Contents at a GlanCe

vi

Chapter 10: Troubleshooting Common DSC Issues ■ ��247

Chapter 11: DSC—From the Field ■ ��257

Appendix A: DSC Community Resources ■ ��269

Appendix B: WMF 5�0 and DSC for Linux ■ ��277

Index ��285

vii

Contents

About the Author �� xv

About the Technical Reviewer �� xvii

Acknowledgments �� xix

Introduction �� xxi

Part I: Introduction to Windows PowerShell ■ �� 1

Chapter 1: Beginning Windows PowerShell ■ ��3

What Is Windows PowerShell? ��3

Object-Based Shell �� 4

Distributed Automation Engine �� 5

Scripting Language�� 5

Installing Windows PowerShell ��5

Downloading and Installing WMF 4�0 �� 6

Verifying PowerShell 4�0 Install �� 6

Exploring PowerShell Console and PowerShell ISE ��7

PowerShell Console �� 7

PowerShell Integrated Scripting Environment (ISE) �� 9

Exploring PowerShell ��10

Exploring PowerShell Commands �� 11

Getting Help �� 12

Exploring Objects �� 13

Cmdlet Parameters �� 14

■ Contents

viii

Language Semantics ��16

Variables �� 16

Operators �� 21

Arrays and Hash Tables �� 26

Custom Objects in PowerShell�� 28

Flow Control in PowerShell �� 28

Aliases �� 33

Understanding the PowerShell Pipeline ��33

PowerShell Scripts ��34

Execution Policies �� 34

Writing and Executing Scripts �� 35

PowerShell Functions ��37

PowerShell Modules ��38

Discovering Modules �� 38

Importing Modules �� 39

Writing Modules �� 39

Customizing the PowerShell Environment ��40

Summary ��41

Chapter 2: Introducing Windows Remote Management and CIM ■ ��43

Windows Remote Management (WinRM) ��43

WS-Management Cmdlets �� 44

Common Information Model (CIM) ��51

Introduction to CIM Cmdlets �� 52

Understanding MOF �� 69

Summary ��74

Part II: Desired State Configuration Essentials ■ �� 75

Chapter 3: Introducing Desired State Configuration ■ ��77

The Configuration Management Challenge ��77

The Continuous Delivery Challenge ��80

Understanding Desired State Configuration ��81

■ Contents

ix

Imperative vs� Declarative Syntax �� 81

Enabling Desired State Configuration �� 83

Configuring Your Environment for Desired State Configuration �� 84

Summary ��90

Chapter 4: Getting Started with DSC ■ ��91

DSC Configuration Management Architecture ��91

Configuration Authoring and Staging ��92

Authoring �� 93

Staging and Delivery �� 103

Configuration Enactment ��105

Local Configuration Manager�� 105

Configuration Enactment in Push Mode �� 109

Configuration Enactment in Pull Mode �� 110

Summary ��111

Chapter 5: Using Built-in DSC Resources ■ ��113

Exploring Built-in Resources ��113

Archive Resource �� 115

Environment Resource �� 120

File Resource �� 122

Group Resource �� 126

Log Resource �� 128

Package Resource �� 130

WindowsProcess Resource �� 133

Registry Resource �� 136

Script Resource �� 137

Service Resource �� 142

User Resource �� 144

WindowsFeature Resource �� 146

Using the DependsOn Property ��148

Summary ��150

■ Contents

x

Chapter 6: Building Advanced DSC Configurations ■ ��151

Reusable Configurations ��151

Understanding Configuration Data ��154

Introduction �� 155

Separating Configuration Data �� 157

Extended Configuration Data �� 159

Using Credentials in Configuration ��163

Using Plain-Text Credentials �� 163

Encrypting Credentials �� 166

Creating Nested Configurations ��170

Summary ��175

Part III: Advanced DSC Concepts and Tips ■ �� 177

Chapter 7: DSC Configuration Delivery Modes ■ ��179

Push Mode ��179

Using Start-DscConfiguration Parameters �� 180

Limitations of the Push Mode �� 186

Pull Mode ��186

OData-Based (HTTP/HTTPS) Pull Service �� 187

SMB-Based Pull Server �� 194

Configuring Pull Clients �� 194

Enacting Configuration in Pull Mode�� 203

Summary ��205

Chapter 8: Monitoring, Correcting, and Reporting Configuration ■ ��207

Configuration Enactment ��207

Target System Configuration �� 207

Target System Meta-Configuration �� 210

■ Contents

xi

Configuration Monitoring and Correction ��210

DSC Consistency Checks �� 210

DSC Event Logs �� 212

Configuration Reporting ��214

Using DSC PowerShell Cmdlets �� 215

Conformance Endpoint for Pull Clients �� 217

Summary ��222

Chapter 9: Building Custom DSC Resources ■ ��223

Introduction to DSC Resource Development ��223

DSC Resource Schema �� 224

DSC Resource PowerShell Module �� 226

DSC Resource Execution Flow �� 226

Resource Module Manifest �� 227

Packaging DSC Resource Modules �� 228

Writing Our First DSC Resource��229

Test-TargetResource �� 230

Set-TargetResource �� 232

Get-TargetResource �� 233

Custom DSC Resource Patterns ��237

Inducing Reboot After a Configuration Change �� 237

Localizing Verbose and Debug Messages�� 238

Adding Help Content �� 241

Granularity in DSC Resources �� 242

Composite Resources ��242

Creating Composite Resources�� 242

InstanceName Parameter of the Configuration Command �� 245

Summary ��246

■ Contents

xii

Chapter 10: Troubleshooting Common DSC Issues ■ ��247

All Systems Must Be at Least at WMF 4�0 ��247

Custom DSC Resources Not Available ��249

WinRM Issues ��249

Errors with Pending Configuration ��251

DSC Engine Cache ��252

Summary ��255

Chapter 11: DSC—From the Field ■ ��257

DSC for Cross-Domain Configuration Management ��257

Using Credentials �� 258

Using Domain Trusts �� 258

Configuration Management As API ��259

Configuration MOF to Byte Array �� 259

GetConfiguration �� 260

SendConfiguration �� 261

ApplyConfiguration �� 262

SendApplyConfiguration �� 262

TestConfiguration �� 263

RollBack �� 263

PerformRequiredConfigurationChecks �� 264

Expert Tips ��264

PowerShell Profile and Customization �� 265

Avoid Multiple Configuration Scripts �� 266

Version Control and Backups �� 266

Automatic and Environment Variables in Configuration Script �� 267

Summary ��268

■ Contents

xiii

Appendix A: DSC Community Resources ■ ��269

The DSC Community ��269

Windows PowerShell DSC Resource Kit ��270

DSC Resource Designer �� 270

DSC Diagnostics �� 272

DSC Service Resource �� 274

Summary ��276

Appendix B: WMF 5�0 and DSC for Linux ■ ��277

Windows Management Framework 5�0 ��277

Credential Property of Archive Resource �� 277

Multiple Attributes in the File Resource �� 278

Installing Packages from an HTTPS Location �� 279

Changes to Test-DscConfiguration �� 279

DebugMode in Meta-configuration �� 279

DSC for Linux ��280

Installing and Configuring DSC for Linux �� 280

DSC Resources for Linux �� 281

Enacting Configuration �� 282

Linux Configuration Store and Logs �� 282

Summary ��283

Index ��285

xv

About the Author

Ravikanth Chaganti is a well-known blogger and a member of the Windows PowerShell community. He has been a Windows PowerShell MVP since 2010 and works at Dell Inc. as an architect for Microsoft solutions. He is passionate about automation and works in his free time writing scripts and tools to help automate management tasks for Windows OS and applications on Windows OS. Ravikanth has more than 13 years of industry experience and a broad set of skills in the IT infrastructure domain, ranging from servers to storage to networking. He started scripting in early 2000 and continued to hone his skills from that point. In 2006, he fell in love with an early release of Windows PowerShell and has been evangelizing PowerShell ever since.

xvii

About the Technical Reviewer

Shay Levy works as a senior systems engineer for a government institute in Israel. He has more than 20 years of experience, focusing on Microsoft server platforms, especially on Exchange and Active Directory. He is an internationally recognized knowledgeable figure in the PowerShell scripting arena.

He is the cofounder and editor of the PowerShell Magazine web site (www.powershellmagazine.com). He often covers PowerShell-related topics on his blog at http://PowerShay.com, and you can also follow him on Twitter at http://twitter.com/ShayLevy.

Shay is a Microsoft Certified Trainer (MCT) at the John Bryce Training center, and for his contribution to the community, he has been named a Microsoft Most Valuable Professional (MVP) for seven consecutive years.

www.powershellmagazine.com

http://PowerShay.com

http://twitter.com/ShayLevy

xix

Acknowledgments

It is never an easy task to write a book, especially when it is on a technology that is still in its infancy. While I am the sole author of this book’s content, this work would not have been possible without the help of numerous people. First and foremost, I am grateful to the Almighty and my parents for what I am today.

This book wouldn’t have been possible without a lot of support from Hemant Mahawar, Narayanan Lakshmanan (Nana), Abhik Chatterjee, Travis Plunk, Narine Mossikyan, and everyone else on the Windows PowerShell team. You guys are just amazing and super-helpful. I owe a lot of my learning to my friend and fellow MVP Steven Murawski. He was one of the early adopters of DSC and the first person I reached out to almost every time I had a question about DSC.

Huge thanks to my technical reviewer, Shay Levy, a good friend and my partner at PowerShell Magazine. Shay’s feedback really shaped this book. Last but not the least, my thanks to the folks at Apress. This book wouldn’t have been possible without their constant support. Thank you everyone!

xxi

Introduction

About the beginning of this year, Gwenan Spearing (at Apress) approached me to see if I was interested in writing a book on Desired State Configuration (DSC). I couldn’t say no, because after Windows PowerShell remoting and WMI/CIM, DSC has been my favorite subject. I have been writing and speaking about DSC since the first preview came out in 2013, and there is no better way to capture that experience than in a book such as this.

Over last few years, IT service processes at various organizations, small and large, have been gearing up to support the Agile development and release cycles. It is no longer about how many features a product gains with every release cycle, but it is about how fast those features are delivered. As system administrators, developers, and DevOps engineers, you must have been experiencing this already. There are several tools and/or frameworks developed to support continuous delivery and configuration management in a data center. This is not a new subject, but it is certainly an area that is still evolving. There is no standard way of achieving your goals through these frameworks.

Microsoft, with its Cloud OS vision, has been focusing on building tools that enable developers and IT professionals alike to build and manage cloud infrastructure. One such initiative is Desired State Configuration. DSC is a configuration standards-based management platform rather than a tool. DSC supports both Windows and Linux platforms. By management platform, we mean that the Application Programming Interfaces (API) provided by DSC can be used within any programming language, to manage configuration of devices and applications in a data center. This book provides an example of how these interfaces are used within PowerShell. While this book focuses on DSC with PowerShell, the concepts that you learn here can easily be leveraged in any programming or scripting language that has support for accessing DSC API. I have included several examples in each chapter, to build a greater understanding of the concepts. These examples do not require any special infrastructure. All that’s required is just a couple of virtual machines.

An Overview of This BookWindows PowerShell Desired State Configuration Revealed is divided into three distinct parts. Each part contains related chapters that help you to understand thoroughly the concepts that are covered.

Part I: Introduction to Windows PowerShellPart I provides an overview of Windows PowerShell as an automation engine and scripting language. It also includes a survey of Windows Remote Management (WinRM) and the Common Information Model (CIM).

Chapter 1: Beginning Windows PowerShellThis chapter introduces Windows PowerShell to beginners. The examples featured in this book require that you understand PowerShell, and it is necessary that you know the key PowerShell concepts, to make good use of the content of this book. For beginners, this chapter provides an overview that explains what PowerShell is, the need for PowerShell, the semantics of the PowerShell scripting language, and writing scripts, functions, and modules. Readers experienced with the key concepts of Windows PowerShell may choose to skip this chapter.

■ IntroduCtIon

xxii

Chapter 2: Introducing Windows Remote Management and CIMDesired State Configuration (DSC) is built on Windows Remote Management (WinRM) and Common Information Model (CIM). The most common DSC issues—discussed in Chapter 10—that you will face relate mostly to WinRM configuration or understanding CIM. This chapter builds a foundation for understanding these technologies. This knowledge is necessary to build the environment-use DSC for configuration management.

Part II: Desired State Configuration EssentialsThis part of the book focuses on explaining DSC basics and general concepts. Using the knowledge you gain from Part I, you will learn in Part II how it can be applied to DSC.

Chapter 3: Introducing Desired State ConfigurationBefore delving into the DSC concepts, it is important that you understand the need for continuous delivery and configuration management and the challenges in employing these methodologies. Continuous delivery and configuration management are critical parts of almost every IT manager’s plan to ensure that data center service-level agreements are met. Microsoft invested in adding the infrastructure required to enable continuous configuration management and automation of the related tasks. This chapter describes how DSC fits the bill here and provides an introduction to configuring your environment for DSC. You will learn the difference between imperative and declarative syntax and how the declarative nature of DSC helps in simplifying configuration management tasks.

Chapter 4: Getting Started with DSCOnce you understand the need for configuration management and DSC itself, it is time to look at the basics of DSC. This chapter takes you through the architecture and components of DSC. While discussing the architecture, this chapter provides an overview of different phases in the DSC configuration management process and describes how each DSC component plays a role in one or more of these configuration management phases. Understanding these different phases in DSC configuration management, and how the components are used at each phase, is essential both for making DSC work for you and extending it as needed. By the end of this chapter, you will be able to create a DSC configuration script and apply the configuration, using DSC PowerShell cmdlets.

Chapter 5: Using Built-in DSC ResourcesIn any configuration management framework, an entity that is getting configured is called a configuration item. The management of these configuration items does not occur automatically. There has to be some code that understands how to configure the entity and perform it for you. This is implemented as resources in DSC. These resources are nothing but PowerShell modules or MI providers. DSC has a few built-in resource modules that help you configure such entities as Files and Folders, Registry, Windows features, Windows services, Windows processes, and so on. This chapter provides an overview of these built-in resources and demonstrates their use.

Chapter 6: Building Advanced DSC ConfigurationsIn Chapters 4 and 5, you learn the basics of DSC configuration authoring and how to use built-in resources for writing configuration scripts. DSC offers patterns for making these configuration scripts reusable. This chapter explores parameterizing DSC configuration scripts, using configuration data, and creating nested configuration scripts. It also helps in understanding how credentials are used with DSC and what is needed to pass credentials as a part of configuration authoring.

■ IntroduCtIon

xxiii

Part III: Advanced DSC Concepts and TipsWhile Part I and Part II of the book focus on the fundamentals of Windows PowerShell and Desired State Configuration, Part III builds on what you’ve learned to that point and describes the advanced concepts of DSC.

Chapter 7: DSC Configuration Delivery ModesDSC supports two modes of configuration delivery: Push and Pull. Each of these modes has both advantages and disadvantages. This chapter provides in-depth information on how the configuration enactment process works in each of these delivery modes. You will learn how to use the Push mode of configuration delivery, its limitations, and the need for the Pull mode. You will learn how to configure DSC pull servers and clients and to deliver configuration and resource modules to the target systems.

Chapter 8: Monitoring, Correcting, and Reporting ConfigurationChapter 3 provides an overview of different phases in the configuration life cycle, describing that monitoring and correcting configuration drift is an essential step in configuration management. This chapter describes how DSC helps administrators in controlling configuration drift. To make complete use of these DSC features, it is essential that you understand what goes on behind the scenes when enacting configuration, using DSC. This chapter helps you gain this knowledge and provides examples on how to use DSC PowerShell cmdlets and Conformance server endpoint to monitor configuration. You will also see how the DSC Local Configuration Manager can be configured to detect and auto-correct configuration drift.

Chapter 9: Building Custom DSC ResourcesChapter 5 provides an overview of built-in DSC resources. These resources are either binary or script PowerShell modules or MI providers. This chapter provides in-depth information about authoring PowerShell script modules as custom DSC resources. This chapter provides an overview of the semantics and walks you through building a complete custom DSC resource for managing hosts file entries. In this chapter, you will also learn how to add help content for custom resources and how to localize messages from the custom DSC resources.

Chapter 10: Troubleshooting Common DSC IssuesIn this chapter, you will discover some of the most common problems you may come across when using DSC and the solutions to them. This list of common issues was compiled based on my own experiences and from what I’ve learned helping others resolve issues in their own DSC deployment. The concepts and knowledge gained from earlier chapters is used here to understand and resolve a problem. There is no structured learning from this chapter, but it is a useful reference, should you encounter a problem using DSC.

Chapter 11: DSC—From the FieldThis chapter provides an assorted collection of real-world scenarios, such as cross-domain configuration management with DSC, tips that make better use of DSC API, and best practices to follow when writing custom DSC resources and configuration scripts. The sections in this chapter are unrelated, and as in the case of Chapter 10, you can use this chapter as a reference for different topics that are covered in the book.

■ IntroduCtIon

xxiv

Appendix A: DSC Community ResourcesChapter 9 provides an in-depth look into how custom DSC resources are created. While you can write PowerShell script modules as custom DSC resources for configuring almost anything you want, remember that there are also other people who are trying to solve the very same problem. To this extent, Microsoft has released several waves of a DSC resource kit that contains close to 50 custom DSC resources and helper utilities. This appendix provides an overview of some of the custom DSC resources that are a part of the resource kit and demonstrates how to use DSC resource designer, the DSC diagnostics module, and so on.

Appendix B: WMF 5�0 and DSC for Linux This appendix explores some of the changes and enhancements to DSC on Windows through the WMF 5.0 preview release and looks at how to deploy and use DSC for Linux. These two components are still in the early stages of development, and the content in this chapter may or may not be applicable upon the final release. This is provided as an early guide, and I recommend that you consult any updated documentation from the preview releases, for more information.

windows powershell desired state configuration revealed978-1-4842-0016-2/1.pdf · without a second...

Documents