1
00:00:01,340 --> 00:00:04,360
[Autogenerated] now let's look at Azure automation dsc

2
00:00:04,360 --> 00:00:06,700
or desired state configuration again,

3
00:00:06,700 --> 00:00:09,910
this is some repeat from what we did in the previous lesson but I'm

4
00:00:09,910 --> 00:00:12,740
going to extend on that discussion and flesh it out.

5
00:00:12,740 --> 00:00:16,840
DsC is meant to rectify the problem of configuration

6
00:00:16,840 --> 00:00:19,110
drift which occurs when someone,

7
00:00:19,110 --> 00:00:22,210
one of your colleagues I know not you makes a change to a

8
00:00:22,210 --> 00:00:25,660
production system without recording those changes and without

9
00:00:25,660 --> 00:00:28,150
ensuring parity between staging and production.

10
00:00:28,150 --> 00:00:28,720
In other words,

11
00:00:28,720 --> 00:00:33,940
configuration drift is an unauthorized change and we want to rectify that.

12
00:00:33,940 --> 00:00:37,180
So we've got a capability built into PowerShell and

13
00:00:37,180 --> 00:00:39,260
it's been a few years now anyway,

14
00:00:39,260 --> 00:00:43,440
so dsC or desired state configurations of mature technology

15
00:00:43,440 --> 00:00:46,660
built into PowerShell and built into PowerShell course so we

16
00:00:46,660 --> 00:00:49,280
can use dsC across operating systems,

17
00:00:49,280 --> 00:00:52,710
Mac os Linux and Windows down as a reminder.

18
00:00:52,710 --> 00:00:55,220
101 deal only with Windows.

19
00:00:55,220 --> 00:00:58,500
So we're assuming Windows PowerShell 5.1.

20
00:00:58,500 --> 00:00:59,730
Here's the high level view,

21
00:00:59,730 --> 00:01:04,510
we've got this library of open source resources that define what it is that

22
00:01:04,510 --> 00:01:07,440
you're looking to do with your desired state configuration?

23
00:01:07,440 --> 00:01:11,610
Do you want to ensure that the iis web server is always installed on a machine?

24
00:01:11,610 --> 00:01:15,030
Do you need to enforce environment variables or registry settings?

25
00:01:15,030 --> 00:01:17,760
If there's third party products that you need to monitor.

26
00:01:17,760 --> 00:01:20,290
I almost guarantee you at GitHub you'll find a.

27
00:01:20,290 --> 00:01:25,170
Dsc resource that either Microsoft a third party or independent

28
00:01:25,170 --> 00:01:28,040
software vendor or a community member has created.

29
00:01:28,040 --> 00:01:32,140
So you want to install those dsc resources on your administrator,

30
00:01:32,140 --> 00:01:35,890
pc as well as your target node as well as your poll server.

31
00:01:35,890 --> 00:01:40,770
You define your desired state for your target systems in a power shell

32
00:01:40,770 --> 00:01:44,180
script file using what's called configuration syntax.

33
00:01:44,180 --> 00:01:47,090
We're using ordinary garden variety PowerShell here and

34
00:01:47,090 --> 00:01:49,520
we're using declare it of syntax.

35
00:01:49,520 --> 00:01:54,670
Were just basically going to describe the desired state of that system and let

36
00:01:54,670 --> 00:02:00,170
the PowerShell dsc local configuration manager make it So now there's two ways

37
00:02:00,170 --> 00:02:05,160
to do dsC in Azure where when we use Azure automation dsC this is the poll

38
00:02:05,160 --> 00:02:10,470
server model where we centrally stage our configuration script and our DSC

39
00:02:10,470 --> 00:02:12,480
resources on the pole server.

40
00:02:12,480 --> 00:02:17,310
Those config scripts are compiled into moff files or managed object

41
00:02:17,310 --> 00:02:21,440
format files and this is the file format that's required on the

42
00:02:21,440 --> 00:02:25,740
target node to actually do the processing the local configuration

43
00:02:25,740 --> 00:02:30,350
manager is the client piece of dsc And that's responsible for

44
00:02:30,350 --> 00:02:31,880
checking with the pole server.

45
00:02:31,880 --> 00:02:37,250
Is there a configuration I need to apply if so, how am I doing the application?

46
00:02:37,250 --> 00:02:39,740
What if the machine comes out of compliance,

47
00:02:39,740 --> 00:02:42,910
do I just want to audit that or do I actually want to auto

48
00:02:42,910 --> 00:02:45,900
correct to bring the node back into compliance,

49
00:02:45,900 --> 00:02:46,350
you see?

50
00:02:46,350 --> 00:02:51,020
So this is a very high level perspective of dSC and the other option,

51
00:02:51,020 --> 00:02:55,840
if you don't want to do pull you can directly push a configuration to a node.

52
00:02:55,840 --> 00:02:59,960
But because we're concerned with at scale Systems administration

53
00:02:59,960 --> 00:03:03,810
and we want to use Azure automation that's using a highly available

54
00:03:03,810 --> 00:03:07,260
poll server architecture where again the benefit is we don't have

55
00:03:07,260 --> 00:03:09,250
to manage those poll servers.

56
00:03:09,250 --> 00:03:10,620
They're managed for us.

57
00:03:10,620 --> 00:03:13,950
Let's take a look at a declarative configuration script.

58
00:03:13,950 --> 00:03:17,960
If you've built PowerShell functions, it's quite a similar syntax,

59
00:03:17,960 --> 00:03:19,940
not identical by any means.

60
00:03:19,940 --> 00:03:23,640
We use the configuration keyword rather than the function keyword,

61
00:03:23,640 --> 00:03:28,180
you'll do import dsc resources to pull in any resources that

62
00:03:28,180 --> 00:03:30,830
are going to be referenced inside the script.

63
00:03:30,830 --> 00:03:34,630
You've got your no declaration and for each node you have these

64
00:03:34,630 --> 00:03:39,050
blocks where you pull from your dsc resources and then each

65
00:03:39,050 --> 00:03:42,040
resource has its own particular properties.

66
00:03:42,040 --> 00:03:45,620
In this case we're pulling from X web administration to

67
00:03:45,620 --> 00:03:49,520
ensure that the iis web server is present as is the

68
00:03:49,520 --> 00:03:51,840
graphical web management console.

69
00:03:51,840 --> 00:03:55,830
Pretty straightforward declared of syntax and depending upon how we

70
00:03:55,830 --> 00:03:59,380
configure the L C M or the local configuration manager,

71
00:03:59,380 --> 00:04:01,440
if we do apply an auto correct.

72
00:04:01,440 --> 00:04:03,760
This means that somebody again not you.

73
00:04:03,760 --> 00:04:07,910
One of your colleagues might uninstall IIs on a machine mistakenly.

74
00:04:07,910 --> 00:04:11,220
Well the next time the L C M does an evaluation if

75
00:04:11,220 --> 00:04:13,330
it's configured to auto correct?

76
00:04:13,330 --> 00:04:17,620
It will go ahead and re install the IIS feature in order to

77
00:04:17,620 --> 00:04:19,790
bring the machine back into compliance.

78
00:04:19,790 --> 00:04:23,140
This is one of the value propositions of desired state

79
00:04:23,140 --> 00:04:26,410
configuration and what's cool about it is that it's free.

80
00:04:26,410 --> 00:04:30,960
It's built right into PowerShell so it's not like a chef or a puppet that

81
00:04:30,960 --> 00:04:35,510
you would need an enterprise license for necessarily you can use desired

82
00:04:35,510 --> 00:04:40,520
state configuration with or without Azure automation to deploy the agents

83
00:04:40,520 --> 00:04:42,730
we've been talking about in this course,

84
00:04:42,730 --> 00:04:47,940
particularly the connected machine agent for Azure arc enabled servers

85
00:04:47,940 --> 00:04:51,430
or log analytics agent as far as that goes here,

86
00:04:51,430 --> 00:04:54,210
notice that we can use parameters and you can use

87
00:04:54,210 --> 00:04:57,690
parameters with any dsc configuration to make the

88
00:04:57,690 --> 00:05:00,180
configuration more portable and flexible.

89
00:05:00,180 --> 00:05:02,780
You also can target multiple nodes,

90
00:05:02,780 --> 00:05:07,160
check the exercise files for some reference links on dsc and of course

91
00:05:07,160 --> 00:05:11,400
check the Pluralsight library because we have plenty of dSC training and

92
00:05:11,400 --> 00:05:15,480
basically all we're doing in this script file is automating the

93
00:05:15,480 --> 00:05:19,360
installation of the connected machine agent and we would also need to make

94
00:05:19,360 --> 00:05:23,420
sure that we provide the metadata to make sure that we're coming in that is

95
00:05:23,420 --> 00:05:28,020
that the machine that we want to be an arc enabled server is represented in

96
00:05:28,020 --> 00:05:31,910
our Azure subscription in the appropriate resource group and so on and so

97
00:05:31,910 --> 00:05:32,330
forth.

98
00:05:32,330 --> 00:05:38,000
I give you all of these script and sample files in the course files as well by the way,