Upload
tobias-sachs
View
215
Download
1
Embed Size (px)
Citation preview
für was, wen, wann und überhaupt?
DEVOP PART IV: DSC – DESIRED STATE CONFIGURATION
Dank DSC werden viele Administratoren nicht einmal mehr Powershell lernen müssen…
DSC ist komplett Textfile basierend – jeder kann es lesen, indexieren, anpassen und generieren.
Calls
MOF onTarget Node
DSC Resourcesspecialized
Windows PowerShell modulesPu
shed
Compiled
DSC ArchitekturConfiguration Script
MyConfig.ps1
MOFSERVER42.mof
Authoring Deployment
Evolution des DevOps
Basic AdminScripter
Programmierer
Configuration ScriptsConfiguration MonitoringSoftware{ param( [string[]]$ComputerName="localhost" ) Node $ComputerName { File MonitoringInstallationFiles { Ensure = "Present" SourcePath = "\\dc01\Software\Monitoring" DestinationPath = "C:\Temp\Monitoring" Type = "Directory" Recurse = $true } }} MonitoringSoftware
Configuration Examples…
RegistryRegistry RegistryExample{ Ensure = "Present" # You can also set Ensure to "Absent" Key = "HKEY_LOCAL_MACHINE\SOFTWARE\ExampleKey" ValueName ="TestValue" ValueData ="TestData"}
Package ResourcePackage PackageExample{ Ensure = "Present" # You can also set Ensure to "Absent" Path = "$Env:SystemDrive\TestFolder\TestProject.msi" Name = "TestPackage" ProductId = "663A8209-89E0-4C48-898B-53D73CA2C14B"}
UmgebungsvariablenEnvironment EnvironmentExample{ Ensure = "Present" # You can also set Ensure to "Absent" Name = "TestEnvironmentVariable" Value = "TestValue"}
Archiv RessourceArchive ArchiveExample { Ensure = "Present" Path = "C:\Users\Public\Documents\Test.zip" Destination = "C:\Users\Public\Documents\ExtractionPath"}
Windows FeatureWindowsFeature IIS{ Ensure = "Present" # To uninstall, set Ensure to "Absent" Name = "Web-Server“ # Name property from Get-WindowsFeature}
GruppenGroup GroupExample{ # This will remove TestGroup, if present # To create a new group, set Ensure to "Present" Ensure = "Absent" GroupName = "TestGroup"}
DiensteService ServiceExample{ Name = "TermService" StartupType = "Manual"}
Script RessourceScript ScriptExample{ SetScript = { $sw = New-Object System.IO.StreamWriter("C:\TempFolder\TestFile.txt") $sw.WriteLine("Some sample string") $sw.Close() } TestScript = { Test-Path "C:\TempFolder\TestFile.txt" } GetScript = { <# This must return a hash table #> } }
Fehlt noch was…?
ProgrammiererScripter
Basic Admin
DSC Resource Design
ModulexNetworking
ResourcexIPAddress
ResourcexDNSServerAddress
ModulexFirewall
“x” denotes “Experimental”
“c” denotes “Community”
For internal resources
develop a private prefix
Resource PrototypeFunction Get-TargetResource {}
Function Set-TargetResource {}
Function Test-TargetResource {}
…da gibts noch was… Riesige Sammlung von Ressourcen von Microsoft: https://
gallery.technet.microsoft.com/scriptcenter/DSC-Resource-Kit-All-c449312d
Fehlt ein CMDlet…?
ProgrammiererScripter
Basic Admin
Abgrenzung zu GPO’s?Über Domänengrenzen hinweg
anwendbarErweiterbarkeit durch eigene PS-ScriptsStandardisiertes Format
DSC vs. GPOFeature Group Policy DSC
Configuration stored in GPO file Configuration script / MOF file
Target nodes by means of AD links to OUs, sites, etc. Configuration specifies node names
Configuration implemented by Client-side OS components Client-side shell scripts (resources)
Extensible by means of Complex native programming Windows PowerShell scripts
Primary configuration target Windows registry Anything Windows PowerShell can “touch”
Persistence Settings reapply each time Settings are persistentNumber of configurations per node
As many GPOs as you want to link One
Was passiert, wenn GPOs und DSC gleichzeitig im Einsatz sind…?
Click icon to add picture
…eine Anleitung…
Ich habe die Configurations gemacht – und jetzt?
Jetzt benötigen wir zuerst ein MOF!
MOF = Managed Object Format
Weshalb ein MOF? Generisches File Format Wird auch von Unix und NW-Komponenten
unterstützt Kann auch durch andere Tools (nicht PS)
generiert werden
Wie mache ich ein MOF?…indem einfach der Name der
CONFIGURATION aufgerufen wird…
Wie sieht ein MOF aus?
/*@TargetNode='GM15-SRV07'@GeneratedBy=Administrator@GenerationDate=11/24/2015 15:56:05@GenerationHost=GM15-SRV01*/instance of MSFT_RoleResource as $MSFT_RoleResource1ref{ ResourceID = "[WindowsFeature]IIS"; Ensure = "Present"; SourceInfo = "::7::1::WindowsFeature"; Name = "Web-Server"; ModuleName = "PsDesiredStateConfiguration"; ModuleVersion = "1.0"; ConfigurationName = "ContosoWebsite";};instance of OMI_ConfigurationDocument{ Version="2.0.0"; MinimumCompatibleVersion = "1.0.0"; CompatibleVersionAdditionalProperties={"Omi_BaseResource:ConfigurationName"}; Author="Administrator"; GenerationDate="11/24/2015 15:56:05"; GenerationHost="GM15-SRV01"; Name="ContosoWebsite";};
Configuration ContosoWebsite{ Node GM15-SRV07 { WindowsFeature BasicWebServerComponents { Ensure = "Present" Name = "Web-Server" } }}
CONFIGURATION MOF
Wie kommt das MOF nun auf die Rechner?
PUSH oder PULL?
PUSHZentral auf die Rechner verteilen: Start-DSCConfiguration –path .\ContosoWebsite –computername GM15-SRV07
PULLPraktikabler in produktiven UmgebungenÜber…:
HTTP/HTTPS (!!!)SMB
It’s all about…
DEMO: DSC