Hello everybody and welcome to a new and cool article about PowerShell. This time we’ll learn how to implement DSC by using PowerShell.
DSC is basically Configuration as Code, where we configure certain aspects of a system by using some type of manifest, or better yet a configuration file.
DSC is the PowerShell alternative to other technologies out there that give you the DSC option.
What DSC does for us is it helps us prevent configuration drifts by making sure settings stay unchanged and can also help us to define environments like Production and Testing for example without the need to really separate the two from an Infrastructure point of view.
Now I’m sure you’re asking yourself what a Configuration Drift is. Well let’s say you create a template of a server with a certain configuration, like roles and shares and so forth.
Then you give access to that server to another team like the QA team, and that team starts removing roles and deleting shares, or making changes that are not meant to be made due to a policy. Well DSC will help you keep all of your configuration in place.
Each time someone will make a change to a configuration you have configured in DSC, DSC will bring back that configuration to its original state that you defined in the configuration file.
Now let’s look at an example of a DSC configuration block and how we apply it.
To define a DSC block we use the Configuration parameter.
Configuration RoleConfiguration {
Node “MYSERVER” {
WindowsFeature FeatureIwantToKeep {
Ensure = ‘Present’
Name = ‘FS-FileServer’
}
}
}
RoleConfiguration
Now this is a configuration block that basically makes sure the FileServer role is always installed on the system we choose. In my case the name of the server is MYSERVER.
Now let’s go through the above script block and see what is what.
Configuration declares that we are running a DSC configuration.
Node is the server or servers we want to apply this DSC Configuration to.
WindowsFeature we are telling the Configuration block that the configuration we are seeking is that of a Windows Server role.
Ensure along with the Present value is pretty self-explanatory. We want to ensure that the role is present, installed.
Name is the name of the role or windows feature that we want to make sure is there.
The last line runs the configuration named RoleConfiguration.
Now the next step would be to compile the configuration. To do that we just run the script that would be named RoleConfiguration.ps1
This will create an mof file and place it in the configuration store of this machine.
Now the Local Configuration Manager which is in charge of the DSC Configuration will read that mof file and appy the configuration on an interval of 15 minutes.
That’s it!
Now there are a lot more customizable options, like arguments, arrays and so forth to make it more dynamic. We can also create several mof files with several configurations and use them centrally in a PULL manner instead of a PUSH which is used when the DSC LCM is local.
But all that’s for another more complex article.
Thanks for reading this article and I hope it helped you get a basic understanding of DSC and why it is actually a pretty cool feature.