Jaa


Working with SharePoint DSC - Part Deux

**UPDATE: I have modified the script and provided better how to steps, follow these links How to... and Script download please keep reading on to understand how the script DSC_Pullserver_Config.ps1 works

Hello All,

In my last post which you can find here https://blogs.technet.microsoft.com/christwe/2017/08/31/working-with-dsc-and-sharepoint I walked you thru the Config and Config data files that I created, these files are the heart of the configuration but still only just files.  So now let’s look at how to setup the DSC Pull server.

For my customer, I created a PowerShell script which configured the DSC service as well as started it, along the way we added a few other features.  This is what the script does

  1. Install Web Service
  2. Create local firewall rule
  3. Install of required modules
  4. Compression of modules for distribution to nodes
  5. Creation of self-signed certificates (If you’re not using a public certificate)
  6. Configuration of DSC
  7. Start DSC configuration on local machine

It grabs all the variables from the ConfigData file, as such it only has two parameters Configdata file and Config file.

Let’s go thru a few of these features, we can start with the install of the required modules.  Those lines looks like this

 if($data.NonNodeData.DSCConfig.DSCConfigModuleOnline)
{
    $SourceModulePath = "$env:ProgramFiles\WindowsPowerShell\DscService\Modules\*"
    Install-PackageProvider -Name Nuget -Force -RequiredVersion "2.8.5.201" -Confirm:$false
    Set-PSRepository -Name PSGallery -SourceLocation https://www.powershellgallery.com/api/v2/ -InstallationPolicy Trusted

    $data.NonNodeData.DSCConfig.InstalledModules | foreach-object {
        Install-Module -Name $_ -Force
    }
    Start-Sleep -Seconds 30
}Else
{
    Write-Host "WARNING: You have said that this server doesn't have internet access so we are unable to get current versions of modules." -ForegroundColor Red
    Write-Host "Download and install the following modules SharePointDSC, xWebAdministration, xCredSSP, xDiagnostics, and XPSDesiredStateConfiguration"
    Exit
}

 

First step is to verify that you are allowing the server to connect to the internet if you don’t we write to host the warning message and you will have to manually install the modules before you can proceed.

NOTE: Configuration of DSC will fail if xPSDesiredStateConfiguration is not installed on the server.

Assuming you will allow the script to install the modules next, we install the Package NuGet and we set PowerShell Gallery as a trusted repository.

Lastly we loop thru the variable $data.NonNodeData.DSCConfig.InstalledModules (In the ConfigData.psd1 file I provided) and install each module using the -Force switch means we will reinstall if already there.

Now that all the modules are on the server we go thru the configuration of the server. A few things to note I’m using the current style of registration between node and server which is the registration key, this requires that at least WMF 5.0 is installed on all servers.

The registration key behaves like a shared phrase allowing the server to know that the node was configured by somebody who knows the right Passphrase.  You set a path where the file is created, and the config creates the file that holds the registration key.  Any node that wants to receive updates must have that key at time of registration.

             RegistrationKeyPath = $RegistryKeyPath
        }

        File RegistrationKeyFile
        {
            Ensure          = 'Present'
            Type            = 'File'
            DestinationPath = "$RegistryKeyPath\RegistrationKeys.txt"
            Contents        = $RegistryKey
        }

The configuration creates a website which is used for communication between node and server this includes passing MOF, Modules, and reporting.

                  EndpointName             = $EndPointName
                 Port                     = 8080
                 PhysicalPath             = $PhysicalPath

Finally the configuration insures that DSC is running on the server by setting the windows feature DSC-Service to Present.

            WindowsFeature DSCServiceFeature
             {
                 Ensure = 'Present'
                 Name   = 'DSC-Service'            
           }

Then once the MOF gets created on the local machine (Look at variable $PullServerPath) we also set things like the path to were our modules are stored for use on node servers, where we store the MOF for the nodes.

DSC_PullServer_Config -PhysicalPath $DSCPhysicalPath -CertThumbprint $DSCCertThumbprint -ModulePath $DSCModulePath -ConfigurationPath $DSCConfigurationPath -EndPointName $DSCEndPointName -UseSecurityBestPractices $DSCUseSecurityBestPractices -AcceptSelfSignedCertificates $DSCAcceptSelfSignedCertificates -RegistryKey $DSCRegistryKey -RegistryKeyPath $DSCRegistryKeyPath -OutputPath $PullserverPath

Then we start DSC using the MOF created in the previous line

Start-DscConfiguration -Path $PullserverPath -Wait -Verbose -Force

At the end of the script we bundle the modules into zip files and publish them to the module folder using the command Publish-ModeToPullServer

 # Create packages for modules so that servers can grab them if they need them
$data.NonNodeData.DSCConfig.InstalledModules | ForEach-Object{
    $ModuleName = $_
    $ModuleFolder = "$env:ProgramFiles\WindowsPowerShell\Modules\$ModuleName"
    $ModuleVersion = (Get-ChildItem $ModuleFolder).Name
    $WorkingDirectory = "$env:TEMP\$ModuleName"
    New-Item $WorkingDirectory -ItemType Directory -ea SilentlyContinue -Force
    Get-ChildItem "$ModuleFolder\$ModuleVersion" | Copy-Item -Destination $WorkingDirectory -Recurse
    Publish-ModuleToPullServer -Name $ModuleName -Version $ModuleVersion -PullServerWebConfig $DSCWebConfigFile -ModuleBase $WorkingDirectory
    Remove-item $WorkingDirectory -recurse
}

You can find and download the complete script here https://gallery.technet.microsoft.com/scriptcenter/Deploy-DSC-Pull-server-1baa3c3a

Good luck as you walk down the path of PowerShell and DSC

Pax