Search
Generic filters
Exact matches only
Filter by Custom Post Type

Colecting Certificates form an Enterprise CA for use with DSC

In a domain environment auto enrollment can be used to get create unique certificates for each node that can be used with DSC.  The problem is getting the public cert to the machine that creates the DSC MOF files. I wrote a module last year to collect them directly form the Enterprise CA. If it interests you take a look https://blog.bladefirelight.com/nuggets/collecting-ca-certificates-for-dsc-configuration/

 

5 Tips for Writing DSC Resources in PowerShell 5

PowerShell 5 brought class based DSC Resources, which majorly simplifies the process of writing custom DSC resources.

During my time working on some custom resources, I developed some tips a long the way which should save you some time and pain during your DSC journey.

The tips cover:

  • Structuring your class based DSC Resources
  • Making it easier to get IntelliSense based on your DSC resources without constantly copying them into the module path
  • Using PowerShell ISE IntelliSense when writing DSC configuration
  • Troubleshooting resources which aren't being exposed correctly from your DSC Module
  • Testing classed based resources with Pester

Head over to https://hodgkins.io/five-tips-for-writing-dsc-resources-in-powershell-version-5 to take a look at the tips.

Desired State Configuration - Beware Of Circular Configurations

Lately, I've been working at converting a lot of my server configuration scripts into DSC configurations.  After all, what better way to learn than by updating your existing methods?  I recently ran into an issue, however, while converting my SCCM Distribution Point deployment script into a config, where the test systems inexplicably began rebooting every thirty minutes or so.  The Local Configuration Manager was configured to reboot if necessary, and these were fresh installs, so I knew that my culprit was most likely in my configuration.

The config was pretty basic: Put the server into a Core state and uninstall the UI management tools, ensure RDC is installed, install the distribution point prerequisites (IIS, IIS 6 WMI Compatibility, .NET 4.5, etc), and configure some firewall rules.  My original script had always served me well, so I was dumbfounded as to what the problem could be.  I decided to enable the debug logging for DSC and see what came up.

Get-WinEvent -LogName "Microsoft-Windows-Dsc/Debug" -ComputerName LWINCM02 -Oldest | Out-Gridview

When I get the output, I'm seeing a lot of looping around my Remote Differential Compression resource, which ensures that the RDC component is installed.  A further look in the logs showed that the UI Management Tools were also being uninstalled repeatedly.  Hmm...

So on another system that isn't receiving the configuration, I decide to run the Install-WindowsFeature command with the WhatIf switch against the RDC component.  Upon the result, I immediately see what my problem is:

RDCInst

The Remote Differential Component requires the installation of the GUI Management Tools.  Likewise, the uninstallation of these tools results in the removal of the RDC component.  So what was happening was this:

  • GUI Tools are removed by DSC, also removing the RDC component.
  • Server reboots.
  • GUI tools are verified uninstalled.  RDC component is reinstalled, which reinstalls the GUI Tools.
  • Server Reboots.
  • Wash.  Rinse.  Repeat.

I've since removed the GUI tools removal from my configuration, as RDC is a required component for my distribution points, and my configuration is now working flawlessly.  In tracing the root of my problem, I came to realize two very important lessons.

First, as admins, engineers, and solution providers, we often don't take a very close look at our scripts and what it's really doing behind the scenes if it gives us the result we're looking for.  In the case of my configuration script, I added a line to install the RDC component after removing the UI and tools and didn't look any further into why I had to do this in the first place.  DSC kept me honest in this respect - and gave me a gentle reminder to look a little deeper if something unexpected occurs, rather than slapping a band-aid on it and calling it good.

Second, it can be very easy to find yourself dealing with a configuration loop if you're altering the state of components that other components in your config rely on.  Be sure to test your configurations, check your logs, and most importantly, make sure you know what you're really configuring when you configure it.

DevOps: A Practical Example

If you look at DevOps as a means of removing hurdles between coders and users, there's almost no better real-world, practical example than Amazon Elastic Beanstalk. If you're not familiar with EBS, look into it - it's kinda cool.

EBS isn't suitable for every situation, to be sure. It's mainly useful for Linux VMs, running Web sites, in fact, which isn't 100% of your workloads. But the idea is pretty awesome. Developers store their code in a source control repo - ideally, Git. Along with their code - and this is the cool bit - they include a configuration file. This file can list things like environment variables, packages (installed from repos using NPM, RHL, YUM, etc), and so on.

When you recycle the application, EBS spins up new VMs and configures them on the fly to match your configuration file. It then shuts down any currently running machines. 

So the deal is, the developer specifies the machine configuration - and they can do that in a test silo. All the code, including the configuration directives, live in Git. So when it's working in test, you just point the production silo at the same Git repo, and SHAZAM! application is up and running. Nobody manually configures anything. Change the app? No problem - just check in the code and recycle the application, and the new code - and its configuration - is live.

The "ops" portion of the scenario, in other words, is completely automated. Amazon has automated all the bits that sit between a developer and deployed code. Amazon's back end magic reads that configuration document and uses it to configure 1-to-infinity virtual machines as directed. Nobody has to do anything manual. The "server," in the form of a VM, just becomes another software element. "Infrastructure as code," if you will.

Gosh, what could Microsoft do to compete with that in Azure? What could you do, in your "private cloud," to provide similar capabilities?

Hmm... 🙂

Setting up the PowerShell.org DSC tools from Github

I have created a short blog series about how to setup the DSC tooling from the PowerShell.org DSC repository. With the mindset of contributing changes.

 

  1. Test-HomeLab -InputObject ‘The Plan’
  2. Get-Posh-Git | Test-Lab
  3. Get-DSCFramework | Test-Lab
  4. Invoke-DscBuild | Test-Lab
  5. Test-Lab | Update-GitHub

-David Jones

 

February 2015 NoVa PSUG Meeting Notes

Matt had to cancel so we had a mini-scripting games. Bellow are the challenges.


 

Challenge 1

Generate a list of US Presidents sorted by last name alphabetically.

Hints:
Invoke-WebRequest http://www.presidentsusa.net/presvplist.html
Microsoft.PowerShell.Commands.HtmlWebResponseObject

Challenge 2

Create a DSC Configuration that verifies the w32time service is set to Automatic startup and is in a Running state.


 

Some links of note from our discussions:

The next meeting will be on March 25th at the Reston Microsoft Office.

Episode 293 - PowerScripting Podcast - MVP Brian Ehlert from Citrix

Listen:

In This Episode

Tonight on the PowerScripting Podcast, we talk to Brian Ehlert from Citrix about DSC and XenDesktop

 

Interview

 

Chatroom Highlights

<JasonMilczek> ##Do you know if Azure Pack is going to be able to provision in Microsoft Azure any time soon?

<Lars_Rasmussen> ### SNover said that even EXEs could be traced

<halr9000> http://itproctology.blogspot.com/

<halr9000> https://www.google.com/maps/place/2115+Jep+Wheeler+Rd,+Woodstock,+GA+30188/@34.1491471,-84.416224,617m/data=!3m1!1e3!4m2!3m1!1s0x88f571b78f6681b5:0xbd70324994bd2272

<halr9000> http://binged.it/1ANUsvp

<halr9000> http://blogs.citrix.com/author/brianeh/

<BrianEh> http://ITProctology.blogspot.com (the MVP blog)

<halr9000> http://www.thecloudcast.net/

<BrianEh> http://www.citrix.com/go/xendesktop-for-the-private-cloud.html

<halr9000> here they are: http://mvp.microsoft.com/en-us/search-mvp.aspx?ex=Remote+Desktop+Services

<halr9000> https://github.com/PowerShellOrg/cHyper-V

<halr9000> https://powershell.org/2014/02/12/episode-258-powerscripting-podcast-jim-britt-from-microsoft-on-service-management-automation/

<halr9000> http://itproctology.blogspot.com/

<halr9000> http://blogs.citrix.com/author/brianeh/

<halr9000> https://chocolatey.org/packages?q=reaper

 

 

Question

  • Superhero/Power - the power to convey understanding

Up Next: Brian Ehlert from Citrix talks about XenDesktop and PowerShell DSC

image

This Thursday, we will be joined by Brian Ehlert from Citrix, author of the XenDesktop Desired State Configuration Resource Provider!

Brian is a Hyper-V MVP since 2007, and writes at blogs.Citrix.com.

If you'd like to see the show live and chat with Jon, Hal, and your fellow scripters, you can join us this Thursday at 9:30 PM EST at live.powerscripting.net.

Episode 290 - PowerScripting Podcast - Jeffrey Snover and John Slack on PowerShell 5.0 (Technical Preview)

Listen:

In This Episode

Tonight on the PowerScripting Podcast, we talk to Jeffrey Snover and John Slack from Microsoft

Interview

Chatroom Highlights

<jsnover> ### HAL what hair products are you using today?

<ehorley> ### curating code?

<sepeck> ## Any known conflicts with things like Exchange or System Center Operations Manager like previous versions of PowerShell had?

<McHelpin> ## or SharePoint??? add on to sepeck

<darylscorner> ## Is Microsoft using WMF5 in the Cloud Platform System

<darylscorner> ## does the previous Sep release have to be removed prior to installing the Nov release, didn't see anything in the release notes

<halr9000> ##

<organicit> ## any discussions of docker support in the near future?

<MikeFRobbins> ## Will the "x" ever be removed from the DSC resource names? Are they going to be experimental forever?

<sepeck> RobCannon: use ## in front of questions

<sepeck> ## When is the MS Virtual Academy session on PowerShell v5?

<darylscorner> ## upgrade process?

<ehorley> ## How is the pace of change impacting stuff like PDT?

<poshoholic> ## Given Microsoft's penchant towards open source these days (like .NET, huzzah!), how about open source PowerShell and PowerShell ISE?

<halr9000>  http://ansible.wikia.com/wiki/Han_Tzu

<StephenOwen> Did you guys see this?  Pash?  PowerShell on Bash! http://pash.sourceforge.net/

<MikeFRobbins> Windows Management Framework 5.0 Preview November 2014 is now available http://blogs.msdn.com/b/powershell/archive/2014/11/18/windows-management-framework-5-0-preview-november-2014-is-now-available.aspx

<halr9000> http://www.microsoft.com/en-us/download/details.aspx?id=44987

<MikeFRobbins> Speaking of OneGet, Garrett will be talking about Pester and also about ProGet tomorrow during the OneGet weekly meeting: https://github.com/OneGet/oneget/issues/81

<MikeFRobbins> ProGet is a NuGet package repository that lets you host and manage your own personal or enterprise-wide NuGet feeds. http://inedo.com/proget/overview

<alevyinroc> I'm trying to figure out how this happened https://www.dropbox.com/s/2vk4n12tht5oqmq/Screenshot%202014-11-20%2021.46.40.png?dl=0

<halr9000> https://www.powershellgallery.com/

<MikeFRobbins> http://www.powershellgallery.com/

<GBrayUT> http://www.boxstarter.org/ strings together chocolatey packages

<halr9000> anyway, the joke *was* http://boxstarter.org/package/nr/rickroll

<halr9000> https://chocolatey.org/packages?q=RickRoll

<halr9000> https://chocolatey.org/packages/Astley

<halr9000> and yes Dave_Wyatt it is in show notes, that's where i found it https://powershell.org/2014/04/15/episode-266-powerscripting-podcast-matt-wrock-from-microsoft-on-boxstarter/

<aupetemc> iex (New-Object Net.WebClient).DownloadString("http://bit.ly/e0Mw9w ")

<johnslack> http://blogs.msdn.com/b/powershell/archive/2014/11/19/powershell-break-all-command.aspx

<StephenOwen> http://blogs.msdn.com/b/powershell/

<halr9000> http://blogs.msdn.com/b/powershell/

<halr9000> https://powershell.org/2012/01/31/episode-174-matt-graeber-using-powershell-in-infosec/

<halr9000> http://blogs.msdn.com/b/powershell/archive/2014/10/28/powershell-dsc-reskit-wave-8-now-with-100-resources.aspx

<gpduck> http://www.sapien.com/blog/2014/11/14/update-oneget-install-oneget-on-ps-3-0/

<Keith_> @alexandair see the system reqs http://www.microsoft.com/en-us/download/details.aspx?id=44987

<halr9000> http://blogs.msdn.com/b/powershell/archive/2014/10/31/convertfrom-string-example-based-text-parsing.aspx

<GBrayUT> a Docker pull request from Microsoft on github was merged 5 days ago, so a native docker client for controlling remote host systems should be coming soon! https://github.com/docker/docker/pull/9113

<ehorley> PDT = powershell deployment toolkit - https://gallery.technet.microsoft.com/PowerShell-Deployment-f20bb605

<migreene> RE:PDT  http://blogs.technet.com/b/privatecloud/archive/2014/10/24/deployment-dsc-resources-for-system-center-deployment.aspx

<halr9000> https://powershell.org/2013/09/08/episode-239-powerscripting-podcast-rob-willis-from-microsoft-on-the-powershell-deployment-toolkit/

<MikeFRobbins> Speaking of the PowerShell Summit, tickets for the 2015 North America event are now onsale: https://powershell.org/community-events/summit/

<sepeck> https://www.bing.com/maps/default.aspx?encType=1&where1=Turks%20and%20Caicos%20Islands&cp=21.7587261199951~-71.7151489257813&qpvt=turks+and+caicos&FORM=MIRE

<Q_Continuum> http://en.wikipedia.org/wiki/Turks_and_Caicos_Islands

<halr9000> http://en.wikipedia.org/wiki/Turks_and_Caicos_Islands

<jsnover> Here is a link to my wife's reviews of great places in Turks and Caicos http://www.tripadvisor.com/members-citypage/jsnover/g147399

<jsnover> Here are some of my wife's photos from the Carribean: http://jo-ann-snover.artistwebsites.com/art/all/caribbean/all

<halr9000> http://jo-ann-snover.artistwebsites.com/featured/sun-dips-below-horizon-on-grace-bay-beach-jo-ann-snover.html

<halr9000> http://snag.gy/Sm5TB.jpg

Question

  • John Slack - power to make food appear at will
  • Jeffrey Snover: favorite vacation spot: Turks & Caicos

Episode 289 - PowerScripting Podcast - Mike Hendrickson and Jason Walker from Microsoft on Configuring Exchange With DSC

Listen:

In This Episode

Tonight on the PowerScripting Podcast, we talk to Mike Hendrickson and Jason Walker from Microsoft about their DSC resources for Exchange

News

 

Interview

 

Chatroom Highlights

<halr9000> http://blogs.technet.com/b/mhendric/archive/2014/10/17/managing-exchange-2013-with-dsc-part-1-introducing-xexchange.aspx

<halr9000> https://msconfiggallery.cloudapp.net/packages/xExchange/

<halr9000> http://blogs.technet.com/b/mhendric/archive/2014/10/17/managing-exchange-2013-with-dsc-part-1-introducing-xexchange.aspx

<Stuwee> DSC Resource Kit Wave 8 : https://gallery.technet.microsoft.com/DSC-Resource-Kit-All-c449312d

<halr9000> https://gist.github.com/halr9000/20ab184a91277f3a2438

<MikeFRobbins> https://github.com/pester/Pester

<MikeFRobbins> Using Pester for Test Driven Development in PowerShell http://mikefrobbins.com/2014/10/09/using-pester-for-test-driven-development-in-powershell/

<halr9000> https://gallery.technet.microsoft.com/DSC-Resource-Kit-All-c449312d

<halr9000> https://msconfiggallery.cloudapp.net/packages/xExchange/

<halr9000> https://gallery.technet.microsoft.com/xExchange-PowerShell-1dd18388/view/Discussions#content

<halr9000> http://blogs.technet.com/b/mhendric/archive/2014/10/17/managing-exchange-2013-with-dsc-part-1-introducing-xexchange.aspx

<MikeFRobbins> My New Book: Windows PowerShell TFM 4th Edition is now Available! http://mikefrobbins.com/2014/11/13/my-new-book-windows-powershell-tfm-4th-edition-is-now-available/

<MikeFRobbins> ## Do you use your resources for only the initial config or to also correct configuration problem with issues occur?

<sepeck> ## but this is an example of how powershell allows for outside 'unforseen' contributions to occur within or outside microsoft

 

Question

  • Mike: Omniscience
  • Jason: Jedi Knight
Skip to toolbar