Thursday, November 21, 2013

PowerShell DSC – Getting Your DependsOn

Had the opportunity yesterday to give a short talk on PowerShell Desired State Configuration at the Microsoft MVP Summit.  I figured delivering the talk in the FIM track was a safe bet, but to my terror at least two PowerShell MVPs showed up, eliminating my ability to just make shit up and look smart.

The talk went great (well, that just means I had fun) and I plan on sharing the demo code.  When the FIM custom resources are in usable form I will be doing a lot of sharing, but for now I want to share just a sample with the built-in resources because it is a simple way to demonstrate the ‘DependsOn’ parameter.

In the example below, I have two items in my configuration; a user and a group.  Note the ‘DependsOn’ entry in the group definition.  That makes DSC aware of the dependency, and DSC is smart enough to process the configuration items in order.

For FIM this is incredibly useful since most objects in FIM depend on other objects.  For example, a FIM MPR depends on attributes, sets, and workflows.  This simple feature in DSC paves the way for using custom DSC resources to manage a FIM deployment over time.  I’ll share demos later showing an MPR definition that depends on the Set and Attribute objects.  I have this working right now, but again, it is not in a sharable state.

In the example below I also show how to specify a password for the user.  It is pretty interesting how this works, in that the User resource takes Password as a parameter.  If you specify the Password, then DSC will throw an error because it does not like to pass around plain text passwords.  You can disable that FOR DEMO PURPOSES but to do it for real you can supply DSC with a certificate that it will use to encrypt/decrypt the password (more on that later).

 

md C:\dsccm

 

Configuration SampleConfiguration

{

    Node (hostname)

    {

        User UserExample

        {

            Ensure    = "Present" 

            UserName  = "MyFooUser"

            Password  = New-Object System.Management.Automation.PSCredential ("thisIsIgnored", (ConvertTo-SecureString "H00fHearted?" -AsPlainText -Force))

        }

 

        Group GroupExample

        {

            Ensure    = "Present"

            GroupName = "MyFooGroup"

            Members   = @("MyFooUser")

            DependsOn = "[User]UserExample"

        }

    }

}

 

 

$Global:AllNodes =

@{

    AllNodes = @(

        @{ 

            NodeName                    = (hostname)

            PSDscAllowPlainTextPassword = $true

        }

    )

}

 

SampleConfiguration -ConfigurationData $Global:AllNodes

 

Start-DscConfiguration -Wait -Verbose -Path "C:\dsccm\SampleConfiguration"

 

No comments: