
close
close
In a previous post related to deploying a web pull DSC host (“Deploying a Desired State Configuration Web Host Using PowerShell“), I presented a script which would put all the components into place in a manual fashion to get a new DSC pull server online and working. However, this script approach – while useful in illustrating the components required to get the service functional – does not play into the whole concept of configuration using desired state services. In this post, we will try again, but we will leverage some new modules that Microsoft’s DSC team has created for us. More accurately referred to as providers to actually commission a DSC pull server, using DSC.
To get started, we will need to download the latest version of the package from the Microsoft TechNet Gallery to our designated server, and as with all Internet downloads, unblock the file and extract its content.
advertisment
Our first task will be to place the module in the correct location on our server. Launch your PowerShell console, and navigate to the folder you just extracted. For example: Downloads\xPSDesiredStateConfiguration_1.0
cd $env:UserProfile\Downloads\xPSDesiredStateConfiguration_1.0 copy .\xPSDesiredStateConfiguration_1.0 $env:ProgramFiles\WindowsPowerShell\Modules –Recurse –Force
With our new module (provider) now located in its new home, we can proceed to establish our new service.
In the the following snip-it, we define a DSC Configuration which is to be applied to the current server (localhost), to configure both our DSC Pull Server and a DSC Compliance Server, referencing the new module we just published and its xPSDesiredStateConfiguration resource provider.
advertisment
Configuration Assert_DSCWebService { param ( [ValidateNotNullOrEmpty()] [String] $certificateThumbprint ) Import-DSCResource -ModuleName xPSDesiredStateConfiguration Node localhost { WindowsFeature DSCServiceFeature { Ensure = "Present" Name = "DSC-Service" } xDSCWebService PSDSCPullServer { Ensure = "Present" EndPointName = "PSDSCPullServer" CertificateThumbprint = $certificateThumbprint PhysicalPath = "$env:SystemDrive\inetpub\wwwroot\PSDSCPullServer" ConfigurationPath = "$env:ProgramFiles\WindowsPowerShell\DscService\Configuration" ModulePath = "$env:ProgramFiles\WindowsPowerShell\DscService\Modules" Port = 80 IsComplianceServer = $false State = "Started" DependsOn = "[WindowsFeature]DSCServiceFeature" } xDSCWebService PSDSCComplianceServer { Ensure = "Present" EndPointName = "PSDSCComplianceServer" CertificateThumbprint = "AllowUnencryptedTraffic" PhysicalPath = "$env:SystemDrive\inetpub\wwwroot\PSDSCComplianceServer" Port = 81 IsComplianceServer = $true State = "Started" DependsOn = "[WindowsFeature]DSCServiceFeature" } } }
In the previous post, I chose not to use SSL to secure the connection to the DSC pull server – an option I would never consider in a production deployment, but for the simplicity of demonstration we can leave out the extra steps. Similarly in this example I will also choose to use a non-SSL protected site, however you can easily change this for production.
The following command will execute the DSC configuration we just defined to provide a MOF file that will be used to apply the configuration. Our DSC configuration, named Assert_DSCWebService, will be executed just like any PowerShell function and provide the defined parameters (in this example, to define a non-SSL configuration).
Assert_DSCService –certificateThumbPrint “AllowUnencryptedTraffic” –OutputPath .
If you choose to use SSL, you simply require to have the certificate already in the computer store of your server and pass its thumbprint to the command, which will then validate that you have provided a valid match before completing its work.
Assert_DSCService –certificateThumbPrint “123213123123123123123” –OutputPath .
advertisment
All that remains now is for us to apply our new DSC configuration to the local server. We will use the Start-DSCConfiguration command, instruct it to provide verbose feedback, and wait for the job to complete, so that we can monitor what is actually happening.
Start-DSCConfiguration –Path .\Assert_DSCWebService –Wait –Verbose –Force
Once complete, we can check that the web services are online and working using our web browser. Assuming no issues were encountered we should be once again online, but this time using DSC itself to provision the service!
More from Damian Flynn
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in System Center
Microsoft Endpoint Configuration Manager Can Now Visualize Content Distribution Status
Feb 2, 2022 | Rabia Noureen
Microsoft Endpoint Manager Simplifies Remote PC Management During Pandemic
Jan 26, 2021 | Russell Smith
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group