Desired State Configuration - Paiet/Tech-Journal-for-Everything GitHub Wiki

Desired State Configuration

  • DSC is designed for cattle management

  • The main actor in the world of DSC is the Local Configuration Manager, or LCM. LCM is the PowerShell DSC engine and runs on all nodes that has PowerShell 4.0 or above installed. The LCM's job is to read your configuration documents, see if the local computer is in compliance with its configuration document, and potentially fix the computer so that it is compliant. The LCM is really the main "moving part" in DSC.

  • authoring computer- this is simply the machine where you sit, and whose keyboard you press with your fingers.

  • A third and optional player is a DSC PullServer.

    • The Pull Server can also host a component called the Reporting Server.
    • This is a separate webservice, also running under IIS, where target nodes' LCMs can check in with a status report.

  • Managed Object Format (MOF) file this is a plain-text file that contains your configuration specifications.

    • industry-standard format developed by the Distributed Management Task Force (DMTF), an industry group that includes Microsoft and other vendors

  • There are three ways of getting a MOF to an LCM:

    • Manual file copy
      • Place MOF in the correct location
      • The LCM will see the new MOF, and will process it on the next run.
    • Pushmode
      • Usually from your authoring computer, you'll run Start-DscConfiguration to push one or more MOF files to target nodes, with a maximum of one MOF per node.
      • This is a onetime operation that relies on Remoting to provide the connection to the nodes.
    • Pull mode
      • LCM can check for and process a new MOF every 30 minutes.
      • Similar to AWS Elastic beanstalk
      • Tooling with Chef or Puppet like solutions.
      • PowerShell v5 introduces the "Settings" block instead of "LocalConfigurationManager". But the latter may be used in PowerShell v5.

References: https://docs.microsoft.com/en-us/powershell/dsc/quickstarts/website-quickstart https://www.powershellgallery.com/packages/SecurityPoliPlease Note Microsoft updated recommendation: Azure Automation State Configuration is the new best practice for pull server deployment. For more information please check out az-103, DSC and Custom Script Extensions and DSC and Custom Script Extensions Pt 2. https://docs.microsoft.com/en-us/azure/automation/automation-dsc-getting-started