Hello everyone and welcome to a new and interesting article on PowerShell. This time we will learn how to implement DSC using PowerShell.
DSC is basically configuration as code, where we customize certain aspects of the system using some type of manifest, or better yet, a configuration file.
DSC is a PowerShell alternative to other technologies that provide DSC capability.
What DSC does for us is helps us prevent configuration drift by making sure the settings stay the same, and it can also help us define environments like production and testing without really needing to separate them in terms of infrastructure.
Now I’m sure you are wondering what configuration drift is. Let’s say you are creating a server template with specific configuration like roles, shares, etc.
You then grant access to that server to another team, such as the QA group, and that group starts removing roles and shares or making changes that shouldn’t be made due to policy. Well, DSC helps you keep all of your configuration in place.
Every time someone makes changes to a configuration that you configured in DSC, DSC will revert that configuration to its original state that you defined in the configuration file.
Now let’s take a look at an example DSC config block and how we use it.
To define the DSC block, we use the Configuration parameter.
Configuration RoleConfiguration {
MYSERVER Node {
WindowsFeature FeatureIwantToKeep {
Ensure = ‘Present’
Name = ‘FS-FileServer’
}
}
}
RoleConfiguration
This is now a configuration block that basically ensures that the FileServer role is always installed on the system of our choice. In my case, the server name is MYSERVER .
Now let’s take a look at the above script block and see what’s what.
Configuration states that we are performing DSC configuration.
The Host is the server or servers to which we want to apply this DSC configuration.
WindowsFeature we tell the config block that the required configuration belongs to the Windows Server role.
Ensure along with Present speaks for itself. We want to make sure the role is present, installed.
Name is the name of the Windows role or feature we want to test.
The last line runs a configuration named RoleConfiguration .
Now the next step is to compile the configuration. To do this, we simply run a script named RoleConfiguration.ps1
This will create an mof file and place it in this computer’s configuration store.
The local configuration manager responsible for DSC configuration will now read this mof file and apply the configuration at 15 minute intervals.
That’s all!
There are now a lot more configurable parameters like arguments, arrays, etc. to make it more dynamic. We can also create multiple mofs with multiple configurations and use them centrally in PULL mode instead of PUSH, which is used when the DSC LCM is local.
But this is all for another more complex article.
Thanks for reading this article and I hope it helped you get a basic understanding of DSC and why it’s a really cool feature.