Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

Part 1: Build your first Microsoft PowerShell DSC pull server

Here in this demo I am writing on how to build and configure basic Powershell DSC http pull server, this is just a simple http server no ssl certificate involved, In my earlier article DSC (DESIRED STATE CONFIGURATION) : DEPLOYING ACTIVE DIRECTORY, where I had explained what is desired state configuration and how to use push method to build script and apply configuration remotely. Make sure you enable winrm psremoting on DSC server and clients using POWERSHELL PS REMOTING BETWEEN STANDALONE WORKGROUP COMPUTERS, It is one of the prerequisite, This can be achieved using group policy for required servers.

There two types of pull server html IIS and SMB file share based. Windows Powershell Desired State Configuration Service supports configuration management of multiple nodes from a single repository.

Part 1: Build your first Microsoft PowerShell DSC pull server
Part 2: Generate target server node config for PowerShell DSC pull server
Part 3: Configure PowerShell DSC Local configuration manager LCM in pull mode and update configuration
How to force a PowerShell DSC client to refresh configuration from pull server

In the pull server you keep all the DSC scripts, .mof files and DSC Resource modules centrally on desired state configuration server. These files and modules can stages using powershell or any other authoring tools easily. Once pull server is ready, Next step is configuring client nodes inbuilt Local configuration manager (LCM) agent, so client can pull information from server. This architecture is as same as any server and client, for example - Group Policy, but it is not a complete solution to replace GPO.

Powershell DSC (Desired State configuration) Push model LCM local configuration manager

I am preparing my first DSC pull server on Windows Server 2016. Below script is very basic and installs DSC-Service feature and dependent IIS roles (Internet information services), next it configures DSC HTML pull server. Another requirement is at least powershell version 4 should be running to get this work. I am configuring pull server using DSC push script method.

Microsoft Powershell dsc desired state configuration pull server IIS and DSC-Service installation, psdesiredstateconfiguration module dscresource, start-dscconfiguration dscserver

The 2nd line of the script Install-Module -Name xPSDesiredStateConfiguration connects to internet and downloads required desired state configuration resource modules. When executing this make sure you are running powershell as an administrator. I am running this command on poweshell V5, it runs PowerShellGet cmdlet in the background, then asks for confirmation for below 2 questions.

NuGet Provider is required to continue:  PowershellGet requires NuGet provider version '2.8.5.201' or newer to interact with NuGet-based repositories. The NuGet provider must be available in 'c:\Program Files\PackageManagement\ProviderAssemblies' or 'c:\Users\vkunal\AppData\Local\PackageManagement\ProviderAssemblies'. you can also install the NuGet provider by running 'Install-PackageProvider' -name Nuget -MinimumVersion 2.8.5.201 -Force'. Do you want PowerShellGet to install and import the NuGet provider now? - Click Yes to continue.

Untrusted repository: You are installing the modules from an untrusted repository. If you trust this repository, change its InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to install the modules from 'PSGallery'? - press Yes to All and continue.

Once modules are downloaded you can view it under C:\Program Files\WindowsPowerShell\Modules folder.

Microsoft powershell nuget provider, install-module, xpsdesiredstateconfiguration, desired state configuration, untrusted repository, set-psrepository, psgallery, installation policy, oneget.org, dsc resource

In the next lines 5 to 31 of Configuration block. Here it has the code how I want to install DSC pull server and configure it. DSC-Service is the required feature and IIS is the dependency. Once feature is installed, IIS endpoint and app will be configured.  

Line 34 - 35:  Creates a .mof file under c:\temp folder.

powershell dsc server, dsc pull server, desired state configuration, install IIS, PSDSCPullServer.svc,DSC-Service, generate mof file, Start-DSCConfiguration

Line 38: Starts applying settings, You can read what is going on in the background on the console. 

Start-DscConfiguration C:\Temp\DscServer -Force -Wait -Verbose

Microsoft windows Powershell, build and configure dsc server, desired state configuration, xdscwebservice, Windowsfeature dsc-service, get-windowsfeature, add app pool iis, powershell devops

Its time to verify DSC pull server website. Url is http://dscserver:8080/PSDSCPullServer.svc. It is loaded successfully and good to use.

dsc server desired state configuration microsoft powershell configurations modules, nodes, dsc pull server psdscpullserver.svc, push configuration ps1 psresource

Download this script here also this script is available on Github.com.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
#1: Download and Install required modules powershell DSC Modules
Install-Module -Name xPSDesiredStateConfiguration

#2: Install roles and configure the Pull Server
Configuration DscServer {
    param (
        [String[]]$ComputerName = 'Localhost'
    )
    Import-DscResource -ModuleName xPSDesiredStateConfiguration
    Import-DscResource -ModuleName PSDesiredStateConfiguration
    
    Node $Computername {
        WindowsFeature DSCServiceFeature {
            Ensure = 'Present'
            Name = 'DSC-Service'
        }

        xDSCWebService DscServer {
            Ensure                      = 'Present'
            EndpointName                = 'DscServer'
            Port                        = 8080
            PhysicalPath                = "$env:SystemDrive\inetpub\wwwroot\DscServer"
            CertificateThumbPrint       = 'AllowUnencryptedTraffic'
            ModulePath                  = "$env:PROGRAMFILES\WindowsPowershell\DscServer\Module"
            ConfigurationPath           = "$env:PROGRAMFILES\WindowsPowershell\DscServer\Configuration"
            State                       = "Started"
            UseSecurityBestPractices    = $false
            DependsOn                   = "[WindowsFeature]DSCServiceFeature"
        }
    }
}

#3: Creates the Pull server .mof file
cd C:\Temp
DscServer 

#4: Apply the Pull Server configuration to the Pull Server
Start-DscConfiguration C:\Temp\DscServer -Force -Wait -Verbose

Useful Articles
POWERSHELL PS REMOTING BETWEEN STANDALONE WORKGROUP COMPUTERS 
POWERSHELL DSC XACTIVEDIRECTORY ERROR - A NETBIOS DOMAIN NAME MUST BE SPECIFIED
DSC (DESIRED STATE CONFIGURATION) : DEPLOYING ACTIVE DIRECTORY
THE POWERSHELL XACTIVEDIRECTORY PROVIDER DOES NOT EXIST AT THE POWERSHELL MODULE PATH NOR IS IT REGISTERED AS A WMI PROVIDER

Go Back

Comment

Blog Search

Page Views

12085068

Follow me on Blogarama