Author Posts

March 1, 2017 at 12:36 am

I'm a system engineer that supports vendor and homegrown applications(from an operational perspective). I've been researching DSC for about a month now, and think it might be a good fit for streamlining the overall support the applications. I have a few things I need to figure out before planning a more official roll out.
1.) Whats the best way to set up a repository for the different versions of the configuration files?
2.) My organization is very SILO'd with different teams handling patching, AD groups, app packaging, etc. Has anyone figured out how to break down those barriers that prevent a more efficient utilization of DSC? As an example, an OS patch recently caused an outage in production. I'm assuming with DSC I could roll back versions of the config file to quickly fix that issue(Please correct me if I'm wrong).

March 1, 2017 at 2:29 pm

1) Nobody's really come up with anything better than a version repo like Git. We tend to not worry about the MOFs, but rather the .PS1 files used to generate the MOFs.

2) Yeah, fix the organization's culture LOL. And no, DSC isn't a "total snapshot" of the machine, and you ordinarily wouldn't use DSC to manage patch installation anyway. DSC describes how the machine is to be configured – including, for example, ensuring WSUS is turned on to install patches. DSC isn't a "last known good" state, and its ability to uninstall a patch would be deeply limited. Rather, DSC's ultimate goal would be to let you trash the affected machine and rebuild it anew, quickly and automatically, back to the state you wanted.

If you've not gotten into "The DSC Book," you might; it covers a lot of the design stuff like this and might help shape your thinking.

March 1, 2017 at 3:58 pm

Don,

Thank you for your timely response! I like the idea of version control of the configuration script rather than the mof file.

I'm assuming if idea of "trashing" and quickly rebuilding would require all configurations/patching/updates to applied through DSC? Otherwise you would have a partially configured/patch server after you do the rebuild.

March 2, 2017 at 2:21 am

Hi Brian,

You could look a the custom resource https://github.com/PowerShell/xWindowsUpdate and see if that would help?

March 4, 2017 at 7:13 pm

Alex,

Thank you I'm planning on give that a shot next patch cycle.

March 6, 2017 at 4:29 am

In your dev environment yeah 😉