This post describes a set of PowerShell scripts that can automatically provision a PowerShell DSC Pull Server and Client using Windows Azure Virtual Machines.
The scripts can be downloaded from here: Bootstrap PowerShell DSC in Windows Azure.
If you find bugs feel free to fork, fix and submit a pull request.
If you are brand new to Windows PowerShell DSC I recommend a slight detour from this post to watch the TechEd 2013 Introductory Session. Once you watch the TechEd session you should then read this blog post on how to configure a DSC Pull Server: Push and Pull Configuration Modes.
Ok, I feel better. You now should not only know what a DSC pull server is but you will likely appreciate the script more because it takes all of the complexity of putting together a DSC Pull Server and Client and wraps it up in two simple scripts. Not that I am saying you shouldn’t know how to do this on your own but if you need to quickly spin up an environment for a demo, testing or whatever it is nice not to have to reconstruct an environment from scratch each time.
The scripts have a dependency on the Windows Azure PowerShell Cmdlets. So read this article to configure them if you haven’t already.
Creating a Pull Server
$subscription = "opsgilitytraining" $serviceName = "mypullsvc" $vmNamePull = "pullsrv" $vmSize = "Small" $Location = "West US" .\create-pull-srv.ps1 -SubscriptionName $subscription ` -ServiceName $serviceName -Name $vmNamePull -Size $vmSize ` -Location $location
What the script does:
- Provisions a Server 2012 R2 VM in the “mypullsvc” cloud service in the West US data center. The VM name is “pullsrv”.
- Creates a self-signed SSL certificate that is used to connect to the pull server and for encrypting stored passwords and automatically deploys it to the new virtual machine.
- Uploads and executes the DSC Pull Server resource provider written by the PowerShell team.
- Uploads a file that contains a helper function called SetConfiguration. This helper executes your DSC configuration file, generates a deterministic GUID based on the configuration name (so you don’t have to have a table of GUIDs handy) and creates the .mof files + checksums. Basically, all of the nasty work to create a DSC configuration in a pull server environment.
- Provisions a Server 2012 R2 VM in the “mypullsvc” cloud service in the West US data center. The VM name is “pullclient”.
- Deploys the previously created certificate PSDSCPullServerCert.pfx and also adds this cert to the LocalMachine\Root (trusted root authority) so it can be used with SSL.
- Configures the client to point to the pull server using the DSC configuration name specified in -Configuration. The pull server has an example WebServer configuration that simply installs IIS that can be specified here.
Once the server is provisioned login to the Pull Server via RDP.
# if you don't want to leave your PowerShell session Get-AzureRemoteDesktopFile -ServiceName $serviceName -Name $vmNamePull -Launch
Open the example configuration file C:\DSCScript\WebServer.ps1 in PowerShell_ISE and Hit F5. This will create your first bare bones configuration named WebServer on the pull server.
Creating a Pull Client
Note: The scripts have been designed to only allow deploying the client into the same cloud service as the pull server
$vmNameClient = "pullclient" $configName = "WebServer" .\create-pull-client.ps1 -SubscriptionName $subscription ` -ServiceName $serviceName -Name $vmNameClient -Size $vmSize ` -CertificatePath .\PSDSCPullServerCert.pfx -PullServer $vmNamePull ` -ConfigurationName $configName
What the script does:
Testing the configuration
Once the server is provisioned login to the Pull Client via RDP.
# if you don't want to leave your PowerShell session Get-AzureRemoteDesktopFile -ServiceName $serviceName -Name $vmNameClient -Launch
After patiently waiting 30+ minutes the configuration should be downloaded to your client VM. To validate this launch PowerShell and run:
If all goes well you should see the following:
Forcing DSC Configuration
As of now there is no DSC cmdlet to force the client to pull a configuration. However, DSC is setup using scheduled tasks so you can force the task to run which will have your client check to see if it is up to date and if not apply the configuration.
Get-ScheduledTask "Consistency" | Start-ScheduledTask
There you have it. Two simple scripts that can quickly get you up and running with PowerShell DSC.
If you are interested in learning more about PowerShell DSC or Windows Azure in general for yourself or your organization we provide on-site or open enrollment Windows Azure and PowerShell Training.