DSC scaling question

This topic contains 3 replies, has 2 voices, and was last updated by  Sergei 7 months, 1 week ago.

  • Author
    Posts
  • #66624

    Sergei
    Participant

    I have been testing DSC for some time to see if we can start using it instead of SCCM. There is a plenty of documentation around and setting up basic setup is trivial. The problem starts when I try to build something more complex.
    Here is an example of what I am trying to achive. I have a feeling I am trying to achieve something that SCCM does well and DSC is not fit for.
    Let's say we have three servers and we build a configdata for them like below:

    @{
        AllNodes = @(           
            @{
            	NodeName   = "server1" 
                    Domain     = "london.net"
                    Datacenter = "uk2" 
            	Backup     = "1" 
            	Monitored  = "1" 
            },
            @{
            	NodeName   = "server2" 
                    Domain     = "atlanta.net"
                    Datacenter = "us1"
            	Backup     = "0" 
            	Monitored  = "1" 
            },
            @{
        	      NodeName     = "server3" 
        	      Domain       = "newyork.corp"
                  Datacenter   =  "us3" 
                  Backup       = "1" 
                  Monitored    = "0"
            }
        );
        NonNodeData = ''
    }
    

    I would like to set up DSC to set up Backup and Monitoring for servers. Below are the examples of configuration. The configuration may use some logic and each server will have a specific settings for backup and monitoring required.

    Monitoring configuration

    $configurationName = "SCOMAgentConfiguration"
    configuration $configurationName {
    Import-DscResource -ModuleName cMMagent
        Node $AllNodes.Where({$_.Monitored -eq '1'}).NodeName
            {
            $dataCenter = $node.DataCenter    
            $managementGroup = @{
                 "london.net" = "London"
                 "atlanta.net" = "Atlanta"
                 }
        }  
            cMMAgentManagementGroups ManagementGroups {
            managementGroupName  = $managementGroup.$($Node.domain)
            Ensure               = 'Present'
            }
             
        }
    }
    &$configurationName -ConfigurationData (Import-PowerShellDataFile -Path ".\ConfigData.psd1") 
    

    Backup Configuration

    $configurationName = "BackupFeatureEnable"
    
    configuration $configurationName {
    
        Node $AllNodes.Where({$_.Backup -eq '1'}).NodeName
            {
                WindowsFeature Backup {
                Name   = 'Windows-Server-Backup'
                Ensure = 'Present'
           }         
        }
    }
    &$configurationName -ConfigurationData (Import-PowerShellDataFile -Path ".\ConfigData.psd1") 
    

    As expected, I will have two folders containing mof files, "SCOMAgentConfiguration" and "BackupFeatureEnable"
    Mof files are named as .mof.
    I would like to be able to use information in these MOF files for configuring pull nodes.
    This is where I can't figure out what to do next. It seems that I want to have multiple Mof files per node and by the looks of thing this is not working.

    I have tried partial configuration setup:

    1. Renamed mof files as below. I expected nodes to be able to read this format ( WMF5.1) but nodes complain about unavailable Partial config.

    SCOMAgentConfiguration.server1.mof
    SCOMAgentConfiguration.server2.mof
    BackupFeatureEnable.server1.mof
    BackupFeatureEnable.server2.mof

    2. Updated LCM for each server. As expected, this did not work and resulted in compilation errors about duplicate resources

    [DSCLocalConfigurationManager()]
    Configuration LCMAgentConfiguration
    {     	
    	Node $AllNodes.Where({$_.Monitored -eq '1'}).NodeName  {
            
            ConfigurationRepositoryWeb PullServer {
                    ServerURL                  = $Node.ServerURL
                    ConfigurationNames         = @("SCOMAgentConfiguration")
                }
    
            PartialConfiguration SCOMAgentConfiguration {
                   Description                 = "SCOMAgentConfiguration"
                   ConfigurationSource         = @("[ConfigurationRepositoryWeb]PullServer") 
               }
    
    	}
    
    	Node $AllNodes.Where({$_.Backup -eq '1'}).NodeName  {
            
            ConfigurationRepositoryWeb PullServer {
                    ServerURL                  = $Node.ServerURL
                    ConfigurationNames         = @("BackupFeatureEnable")
                }
    
            PartialConfiguration BackupFeatureEnable {
                   Description                 = "BackupFeatureEnable"
                   ConfigurationSource         = @("[ConfigurationRepositoryWeb]PullServer") 
               }
    
    	}
    
    }
    LCMAgentConfiguration -ConfigurationData (Import-PowerShellDataFile -Path ".\ConfigData.psd1") 
    

    Is it even possible to achieve such setup where I can add configurations incrementally?
    It is definetly possible in SCCM. I can add Backup configuration setup for hosts that need to be backed up. Then I add set up Monitoring for hosts that requre it. Both operations are independent.
    Maybe I need to rethink the entire approach as DSC concepts are way too different from SCCM?

  • #66627

    Don Jones
    Keymaster

    You kids and your "scaling" these days. In my day, we had one server, and we were thankful for it.

    OK.

    DSC isn't a replacement for SCCM, in most cases. It just isn't. DSC is a platform technology; SCCM is an entire set of tooling. DSC isn't really great at software distribution at scale, and that's what SCCM is mainly good at. I view the two largely as complementary; despite its name, SCCM doesn't "manage" configurations, but DSC can.

    PartialConfigurations are going to frustrate you. If you've read "The DSC Book," you'll know I'm not a huge fan. If you're serious about this, you're going to have to build more of your own tooling, because the base platform just doesn't enable a ton of complexity in a manageable and scalable way. That's what the "Tug" project is all about – it's basically a framework for making a custom pull server. The idea is that a node contacts the pull server, and YOUR CODE RUNS – meaning you could dynamically assemble a MOF based on some back-end database and send that MOF to the requesting client. This is what you want; what you're trying to do now is make that happen in a backwards fashion, because that's all DSC has built in.

    I think going down the current path is going to make you bitter and cause you to eventually leave your family and turn to a life of crime. I wouldn't want that. Its right be better to step back and state, in kind of general terms, what business capabilities you're looking to implement. We can then discuss what the right way would be. The answer will likely not be partial configurations.

    • #66630

      Sergei
      Participant

      Hi Don

      Thank you for the quick response!
      I did read your book and know about the fact that partials are better to be avoided as they hard to troubleshoot and may bite you in the future. I just simply could not see any other way to achive what I wanted, hence in my desperation I tried them.

      For this specific case, I am trying to reproduce 'compliance' SCCM functionality.SCCM can run detection script on remote server and if script returns value that is not expected ( i.e. system is not compliant) , remediation script (e.g. powershell) is started to apply what would be called a 'configuration' in DSC world.

      I will try to avoid leaving my family and becoming a criminal by understanding better what DSC can and can't.
      What business capability I am trying to implement:

      1. User Pull server
      2. Use configData hashtable for all configuration information
      3. Configure backup agent on servers that have flag 'backup=yes' in configdata
      4. Configure monitoring agent on servers that have flag 'monitoring=yes' in configdata

      Each server is configured based on a set of parameters depending on location, role and domain. The parameters are pulled from configdata.
      Server may have both monitoring and backup agent, have only one of them or not to have either.

    • #66643

      Sergei
      Participant

      I have ended up creating one large configuration for all nodes . Then I created lcm configuration using ConfigurationNames=@("$Node.Nodename") for configuration name.
      Not as flexible as I would like to but it is a good start

You must be logged in to reply to this topic.