Manage your environment with DSC

Build your Environment with PowerShell and PowerShell DSC

Gian Maria Ricci

What is an Environment

• Set of resources needed for the software to run– Hardware resources– OS resources– Software resources

• It has a specific purpose– Production– Testing / QA– DEV– …

• Needs to be managed

ENVIRONMENT AND VIRTUALIZATION

Virtualization is silver bullet?

Environment as set of VMs

• A set of Virtual Machines, specifically prepared, are an environment

• Thanks to cloning / virtual disk cloning we can duplicate / recreate environment

• Advanced Virtualization Systems allows for “VM Template” often called “Golden Images”

• You can create a new VM from Golden Image

Handle Pre-made environments with VM

• Virtualize and create Golden Images of environments

• Thanks to SysPrep we can preinstall some software (ex Sql Server)– Generalization– Anonymization

• “freeze” with certain OS patches– Avoid error due to updates– Recreate exact state of the system

Cross product problem

• You should provide a Golden image for each combination– SqlServer, IIS, IIS + Sql Server, Mongo, Mongo + IIS, ……– It becomes impossible to create a VM for each

combination– You can limit the explosion keeping only configuration

really used by your applications, but it does not help• If you take into account OS Patches the combination

explodes– Virtually each patch should create a new image– You will literally needs Hundreds or thousands VM Images

• Maintenance nightmare

Approach A

• A VM for each configuration– Cons• Maintenance Nightmare• Lots of space used

– Pro• Image immediately available• Simple management for Devs• Quick validation

Approach B

• A Base VM plus some further configuration– Cons• Need to manage configuration drift• More time needed to reach a valid point

– Pro• Less space used• Simpler maintenance

Limit Golden Images to …

• Major Version of OS (WS2012, WS2012R2, RHEL7, …)

• Some critical OS Patches (SP, etc)• Some Difficult To Install and configure software• Everything that cannot be automated

Workflow – Create Golden Image

OPS• Create Image• Make it accessible to DEV

DEV• Setup Prerequisites• Install application• Verify Application• Propose modification

OPS• Update machine if needed

Workflow – Update Golden Image

OPS• Modify Image• Make it accessible to DEV

DEV• Setup Prerequisites• Install application• Verify Application• Propose modification

OPS• Update machine if needed

• Previously validated Golden image needs to be modified• OS Patches• Software / Configuration patches• …

Each department -> Right work

• Ops duty– Manage virtualization environment– Manage basic configuration of a VM– Handle updates (Ex. critical system patches)

• Developers duty– Quickly validate a new version of an image– Being able to communicate configuration Drift

Workflow

• To validate a Golden Image DEV needs to perform repetitive operation– Install prerequisite– Install software– Run integration tests

• To setup a software OPS needs to perform the same set of operations

• These operations needs to be well documented• This is an area where “automation is the solution”

Rebuild from Metal (or Golden images)

• When an outage occur you need to minimize– Time needed to detect that something is not

working– Time needed to start working at the problem– Time needed to fix the problem

• Time needed to fix cannot be estimated• You can estimate how much time is needed to

rebuild the environment from scratch• Often it is better to rebuild than trying to fix what

is broken.

DESIRED STATESpecify environment state you need for your application to run

Concept of “Desired State”

• Conceptually we need to automate1. Install prerequisite of our application2. Install our application

• Both these operation starts from a Golden Image or bare metal

• We need to bring the environment from actual State to a State where the application can be installed

• This is what we call “Desired State”

Ex: Install IIS

• We can do a script with this pseudocode– Test if IIS is installed– If not installed install it– Verify if it is started– If not started start it– …

• We need to check actual state and take appropriate action

• Script can become complicated

DSC: POWERSHELL DESIRED STATE CONFIGURATION

Microsoft proposition to manage state of an environment

Solution: specify Desired State

• We can use PowerShell DSC to specify a Desired State

• All you need to do is specify the state you need• It is similar to puppet/chef • Everything related to real configuration is done by

a “resource”• Microsoft gives you many resources to manage OS

and Software.• You can write (or find in open source) additional

resources.

Three phases

• Authoring– Authoring a configuration with various tools– Produces a Mof file storing information of the

configuration• Staging– Make Mof available

• Make It So– Apply configuration

Make It So

Make It So

Pull or Push model

Run imperative PowerShell code

• You can mix DSC and imperative instructions• You can pack scripts inside a custom resource• Remember that DSC is a part of PowerShell, you

can use any PowerShell instruction you need

Avoid confusion

• DSC is often used / presented as a “way to deploy software”

• Remember that DSC is a library to bring a system in a desired state

• A Typical problem: you need to install a Windows Service– First install is ok– Update version, you can only specify if service

should be running or not

Deploy with multiple states

• A first State is required to start the deploy– Service are stopped– Sites are stopped

• A second DSC State (or imperative PowerShell) is required to physically update– Copy new version of the site on a folder– Overwrite Windows Service with new version

• A final State is used to restart Everything– Service are started– Sites are running

MORE COMPLEX DSCLet’s see something more complex to deploy a site + database