Manage Service IF it exists

Tagged: 

This topic contains 3 replies, has 2 voices, and was last updated by Profile photo of Don Jones Don Jones 1 year, 8 months ago.

  • Author
    Posts
  • #32321
    Profile photo of Ryan Blaszczyk
    Ryan Blaszczyk
    Participant

    I am looking to use DSC as a replacement/enhancement to our GPOs on specifically locked-down computers in our environment. I have a DSC configuration script I developed which essentially mirrors/replaces settings from GPOs. In one section I specify whether I want a service Enabled or Disabled. In some cases a service does not exist, say perhaps one created by an application that may not be installed on a specific computer. However, when that service does not exist and I apply the configuration, it fails.
    Since these are locked-down computers, I cannot ignore managing that service in the event that it does get installed. I want to have a configuration in place for when it does, but it appears DSC will not allow for that.
    Does anyone know a way to allow DSC to configuration services and not error if the service is not (or not yet) installed. Seems like a "if exists" would do the trick but have not seen evidence that is available in DSC.

  • #32362
    Profile photo of Don Jones
    Don Jones
    Keymaster

    You're going to need different configurations for different machines. On machines where a service isn't expected or supposed to exist, you won't have the settings needed to manage that service.

    DSC doesn't work well with "in the event that it does get installed." Really, on machines where it doesn't exist, DSC should either be instructed to create or or to remove it, resolving the ambiguity.

    Configurations don't feature "logic." They're meant to describe an absolute desired end state, with no "well, maybe if" situations. On a locked down computer, there shouldn't be a situation where a service might or might not be installed; "might" is the opposite of "locked down."

  • #32410
    Profile photo of Ryan Blaszczyk
    Ryan Blaszczyk
    Participant

    Thanks for the answer Don. And yes, it all makes sense that DSC operates the way it does.
    The scenario I was thinking of was dealing with a pilot or beginning rollout of software that contains a service to be managed that is going out to the thousands of computers that would be managed by DSC. Obviously, a big bang install of the application would not be prudent so our typical deployment process covers several weeks. In that case, we would have to mirror timing for the application deployment and a separate DSC configuration. Ultimately, possible to do, or utilize a GPO to manage the service until complete saturation then transition to DSC. I guess there are many ways to get around this scenario instead of relying to DSC to do an If-Then statement.

  • #32411
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Well.. what about only shipping the DSC configuration to those machines that have been rolled out?

    The idea is actually to have DSC *perform* and then *maintain* the rollout. So you'd only ship a config to the boxes you were ready to go live. Each box has its own config; the script you use to PRODUCE those configs can have all the logic you like.

You must be logged in to reply to this topic.