Introduction
Today was a very good day. Together with a companion we discussed the date. Remember remember the fifth of november. In addition we implemented DSC en founded a good relationship with this Configuration Mamagement System. When searching and tweeting about our findings we found out it isn't a good idea to search on Twitter concerning DSC because the information provided was not relevant. In this post I will tell you all the good things and thus we can experience a wonderful adventure with Desired State Configuration. Also a guide to install your own test-lab for DSC.Used configuration
Steps
- All scripts can be found at the bottom of this post.
First you will need to import the desired state module for powershell (xPSDesiredStateConfiguration). This module you can download over here. You will need to unzip the zip file in %programfiles%\WindowsPowerShell\modules.
Now we are ready to configure our server as "Pull" server. From this server the clients will pull their configuration files. This will be done be using DSC and manually push it to the server you want to be pull server. You can change the port numbers you want but in this tutorial we use "8080" and "9080".
 |
| Run this script. Here it will turn "server1.connexus.hq" into a pull server. |
 |
| Here we can see the configuration is indeed applied to the server. |
 |
| We can access the webserver. |
Now our configuration file is made we need to copy it to the configuration folder of the pull server. Also we will not use the name "server2.connexus.hq.mof", we will rename the file to a "guid". This is because a client server asks the pull server the configuration file based on the configurationID you enter on the client. This means you can use a single configuration file for multiple servers. Someone created a script for this so it's very easy to do this.
Now we have our configuration file and pull server configured. Now it's time to create our pull client. This is also by manually pushing a configuration to the pull client.
Now "server2.connexus.hq" will grab the configuration from the pull server and apply it.
Troubleshooting
1) The first error I received was "Set-TargetResource functionality with error message: ERR OR: C:\Windows\System32\WindowsPowerShell\v1.0\modules\PSDesiredStateConfiguration\PullServer"
 |
| Because my server is configured in Dutch I had to rename the "en" folder to "nl" |
2) The next error was I could not use "Import-DSCResource" because I was using clean servers no updates were installed on the server. I found the solution over here. The solution is to install KB2883200. Just install the update and everything will work.
3) My client didn't wanted to pull the configuration. The solution was to manually trigger the client to get it. After that the client automatically checked the pull server every 15 min.
4) Where can I see the log? The event viewer has one!
Scripts
NewPullServer.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| configuration NewPullServer | |
| { | |
| param | |
| ( | |
| [string[]]$ComputerName = ‘localhost’ | |
| ) | |
| Import-DSCResource -ModuleName xPSDesiredStateConfiguration | |
| Node $ComputerName | |
| { | |
| WindowsFeature DSCServiceFeature | |
| { | |
| Ensure = “Present” | |
| Name = “DSC-Service” | |
| } | |
| xDscWebService PSDSCPullServer | |
| { | |
| Ensure = “Present” | |
| EndpointName = “PSDSCPullServer” | |
| Port = 8080 | |
| PhysicalPath = “$env:SystemDrive\inetpub\wwwroot\PSDSCPullServer” | |
| CertificateThumbPrint = “AllowUnencryptedTraffic” | |
| ModulePath = “$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules” | |
| ConfigurationPath = “$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration” | |
| State = “Started” | |
| DependsOn = “[WindowsFeature]DSCServiceFeature” | |
| } | |
| xDscWebService PSDSCComplianceServer | |
| { | |
| Ensure = “Present” | |
| EndpointName = “PSDSCComplianceServer” | |
| Port = 9080 | |
| PhysicalPath = “$env:SystemDrive\inetpub\wwwroot\PSDSCComplianceServer” | |
| CertificateThumbPrint = “AllowUnencryptedTraffic” | |
| State = “Started” | |
| IsComplianceServer = $true | |
| DependsOn = (“[WindowsFeature]DSCServiceFeature”,”[xDSCWebService]PSDSCPullServer”) | |
| } | |
| } | |
| } | |
| #This line actually calls the function above to create the MOF file. | |
| NewPullServer –ComputerName server1.connexus.hq | |
| Start-DscConfiguration .\NewPullServer –Wait |
ContosoWebsite.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Configuration ContosoWebsite | |
| { | |
| param ($MachineName) | |
| Node $MachineName | |
| { | |
| #Install the IIS Role | |
| WindowsFeature IIS | |
| { | |
| Ensure = “Present” | |
| Name = “Web-Server” | |
| } | |
| #Install ASP.NET 4.5 | |
| WindowsFeature ASP | |
| { | |
| Ensure = “Present” | |
| Name = “Web-Asp-Net45” | |
| } | |
| } | |
| } | |
| ContosoWebsite –MachineName “server2.connexus.hq” |
CopyMOF.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $Guid= [guid]::NewGuid() | |
| $source = “ContosoWebsite\server2.contoso.com.mof” | |
| $target= “\\server1\c$\program files\windowspowershell\dscservice\configuration\$Guid.mof” | |
| copy $source $target | |
| New-DSCChecksum $target |
SetToPullMode.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Configuration SetPullMode | |
| { | |
| param([string]$guid) | |
| Node server2.connexus.hq | |
| { | |
| LocalConfigurationManager | |
| { | |
| ConfigurationMode = ‘ApplyOnly’ | |
| ConfigurationID = $guid | |
| RefreshMode = ‘Pull’ | |
| DownloadManagerName = ‘WebDownloadManager’ | |
| DownloadManagerCustomData = @{ | |
| ServerUrl = ‘http://server1:8080/PSDSCPullServer.svc'; | |
| AllowUnsecureConnection = ‘true’ } | |
| } | |
| } | |
| } | |
| SetPullMode –guid $Guid | |
| Set-DSCLocalConfigurationManager –Computer server2.connexus.hq -Path ./SetPullMode –Verbose |
Invoke-PullonNode.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param | |
| ( | |
| [Parameter(Mandatory) ] | |
| [String[]] $ComputerName, | |
| [ValidateRange( 1,3 )] | |
| [uint32] $flag = 1 | |
| ) | |
| Invoke-CimMethod -ComputerName $ComputerName -Namespace root/microsoft/windows/desiredstateconfiguration ` | |
| -Class MSFT_DscLocalConfigurationManager -MethodName PerformRequiredConfigurationChecks ` | |
| -Arguments @{Flags = $flag} -Verbose |
Nice post. Keep updating <Devops Online Training
ReplyDelete