Here in this demo I am writing on how to build and configure basic Powershell DSC http pull server, this is just a simple http server no ssl certificate involved, In my earlier article DSC (DESIRED STATE CONFIGURATION) : DEPLOYING ACTIVE DIRECTORY, where I had explained what is desired state configuration and how to use push method to build script and apply configuration remotely. Make sure you enable winrm psremoting on DSC server and clients using POWERSHELL PS REMOTING BETWEEN STANDALONE WORKGROUP COMPUTERS, It is one of the prerequisite, This can be achieved using group policy for required servers.
There two types of pull server html IIS and SMB file share based. Windows Powershell Desired State Configuration Service supports configuration management of multiple nodes from a single repository.
Part 1: Build your first Microsoft PowerShell DSC pull server
Part 2: Generate target server node config for PowerShell DSC pull server
Part 3: Configure PowerShell DSC Local configuration manager LCM in pull mode and update configuration
How to force a PowerShell DSC client to refresh configuration from pull server
In the pull server you keep all the DSC scripts, .mof files and DSC Resource modules centrally on desired state configuration server. These files and modules can stages using powershell or any other authoring tools easily. Once pull server is ready, Next step is configuring client nodes inbuilt Local configuration manager (LCM) agent, so client can pull information from server. This architecture is as same as any server and client, for example - Group Policy, but it is not a complete solution to replace GPO.
I am preparing my first DSC pull server on Windows Server 2016. Below script is very basic and installs DSC-Service feature and dependent IIS roles (Internet information services), next it configures DSC HTML pull server. Another requirement is at least powershell version 4 should be running to get this work. I am configuring pull server using DSC push script method.
The 2nd line of the script Install-Module -Name xPSDesiredStateConfiguration connects to internet and downloads required desired state configuration resource modules. When executing this make sure you are running powershell as an administrator. I am running this command on poweshell V5, it runs PowerShellGet cmdlet in the background, then asks for confirmation for below 2 questions.
NuGet Provider is required to continue: PowershellGet requires NuGet provider version '2.8.5.201' or newer to interact with NuGet-based repositories. The NuGet provider must be available in 'c:\Program Files\PackageManagement\ProviderAssemblies' or 'c:\Users\vkunal\AppData\Local\PackageManagement\ProviderAssemblies'. you can also install the NuGet provider by running 'Install-PackageProvider' -name Nuget -MinimumVersion 2.8.5.201 -Force'. Do you want PowerShellGet to install and import the NuGet provider now? - Click Yes to continue.
Untrusted repository: You are installing the modules from an untrusted repository. If you trust this repository, change its InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to install the modules from 'PSGallery'? - press Yes to All and continue.
Once modules are downloaded you can view it under C:\Program Files\WindowsPowerShell\Modules folder.
In the next lines 5 to 31 of Configuration block. Here it has the code how I want to install DSC pull server and configure it. DSC-Service is the required feature and IIS is the dependency. Once feature is installed, IIS endpoint and app will be configured.
Line 34 - 35: Creates a .mof file under c:\temp folder.
Line 38: Starts applying settings, You can read what is going on in the background on the console.
Start-DscConfiguration C:\Temp\DscServer -Force -Wait -Verbose
Its time to verify DSC pull server website. Url is http://dscserver:8080/PSDSCPullServer.svc. It is loaded successfully and good to use.
Download this script here also this script is available on Github.com.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
#1: Download and Install required modules powershell DSC Modules Install-Module -Name xPSDesiredStateConfiguration #2: Install roles and configure the Pull Server Configuration DscServer { param ( [String[]]$ComputerName = 'Localhost' ) Import-DscResource -ModuleName xPSDesiredStateConfiguration Import-DscResource -ModuleName PSDesiredStateConfiguration Node $Computername { WindowsFeature DSCServiceFeature { Ensure = 'Present' Name = 'DSC-Service' } xDSCWebService DscServer { Ensure = 'Present' EndpointName = 'DscServer' Port = 8080 PhysicalPath = "$env:SystemDrive\inetpub\wwwroot\DscServer" CertificateThumbPrint = 'AllowUnencryptedTraffic' ModulePath = "$env:PROGRAMFILES\WindowsPowershell\DscServer\Module" ConfigurationPath = "$env:PROGRAMFILES\WindowsPowershell\DscServer\Configuration" State = "Started" UseSecurityBestPractices = $false DependsOn = "[WindowsFeature]DSCServiceFeature" } } } #3: Creates the Pull server .mof file cd C:\Temp DscServer #4: Apply the Pull Server configuration to the Pull Server Start-DscConfiguration C:\Temp\DscServer -Force -Wait -Verbose |
Useful Articles
POWERSHELL PS REMOTING BETWEEN STANDALONE WORKGROUP COMPUTERS
POWERSHELL DSC XACTIVEDIRECTORY ERROR - A NETBIOS DOMAIN NAME MUST BE SPECIFIED
DSC (DESIRED STATE CONFIGURATION) : DEPLOYING ACTIVE DIRECTORY
THE POWERSHELL XACTIVEDIRECTORY PROVIDER DOES NOT EXIST AT THE POWERSHELL MODULE PATH NOR IS IT REGISTERED AS A WMI PROVIDER