... News ... Blog ...

5 Tips To Write Better PS DSC Scripts

5 Tips To Write Better PS DSC Scripts
DEAC | 09.06.2022

In the previous blog post Janis Veinbergs discussed how to reduce deployment interruptions for a rather large classic .NET Framework application to 22 Windows IIS servers with Azure DevOps.

In this blog article, we will share with you 5 tips to write better PowerShell Desired State Configuration (DSC) scripts.

One approach would be to write the initial installation and configuration script. Setting up an extra server is simple and quick, making it an excellent first step. If you pick this method, you should consider the following: You need to have a mechanism to run the script. Know the difference between the current system configuration and the script. The configuration has to be maintained [up-to-date], and your script must account for this (if this already exists then do nothing else configure). Configuration may drift if not recorded or not tracked changes are made.

Another approach would be to use a software configuration management tool. There are several tools available for delivering reliable server configuration, for example, System Center Configuration Manager/Microsoft Endpoint Configuration Manager, PowerShell DSC (Desired State Configuration), Docker, and various others. Some of the tools are not free, others rely on Active Directory, some feature a graphical user interface (GUI), and so on.

PowerShell DSC is what he selected.

Enter PowerShell DSC Deployment World

Janis found PowerShell DSC (PS DSC) instantly enjoyable: it's PowerShell with a little bit of additional syntax to learn and no additional tools to install (apart from PowerShell modules), it helps to define Infrastructure-as-Code, and it works over WinRM.

The main reasons that led him to try using PS DSC:

  • He didn't want to write configuration documentation.
  • IaC - desired valid configuration in source control.
  • He uses PowerShell often, so this would be a "natural expansion".
  • Possibility to check the IIS webserver configuration during deployment.

In an ideal deployment world, after the server has been linked to the domain, preferred is a one-click install for servers, whether in staging or production. PowerShell DSC does a lot, but it is not always a one-click deployment.

5 Tips To Write Better DSC Script

Drill down the concepts and how-to documentation to learn DSC first.

Once that is done, there will be some challenges to overcome when writing DSC scripts. Within v2, DSC has been split out from the PowerShell package, and v3 provides cross-platform capabilities.

Janis used PowerShell 5.1 with DSC 1.1.

1. Set up goals you want to achieve

Make a list of the key objectives you want to achieve. For example:

  1. One or maybe two simple commands to use to configure IIS servers.
  2. Ability to target all or subset of servers.
  3. Ability to target various environments (prod, staging).

2. Understand your resources

Whether you like it or not, you'll have to invest time learning about the resources you have at hand and how to read the code.

What does it mean?

SystemLocale EnglishLocale { SystemLocale = "en-US" ; IsSingleInstance = "Yes" } 

It means you are calling SystemLocale resource, giving it a friendly name EnglishLocale, and defining passing hashtable with properties resource accepts: SystemLocale, IsSingleInstance.

You can obtain available properties with this command:

Get-DscResource SystemLocale -Syntax
SystemLocale [String] #ResourceName
    IsSingleInstance = [string]{ Yes }
    SystemLocale = [string]
    [DependsOn = [string[]]]
    [PsDscRunAsCredential = [PSCredential]]

3. Focus on WHAT to do not HOW

It can be a simple install script.

That is, if you name it Simple.Install.Script.

DSC provides idempotent (repeatable) deployments, Continue Configuration After Reboot, Credential Encryption, and other.

Decide what you'll use before you start writing your deployment script.

4. Make it clear WHY you use the syntax

The resource implements 3 functions: Get, Set, Test.

  • Get - a representation of state when running configuration.
  • Set - Applies configuration.
  • Test - Determines whether configuration has to be applied. If not, Set will NOT run. That is, if system is already compliant with this resource, it won't re-run.

When Custom resources get written, these functions get implemented. For example, using built-in Script resources, you have to implement all of them.

5. Distribute modules

Out-of-the-box thing when it comes to DSC scripting is module distribution. Janis mentions it as a drawback (pain-point) because the modules have to be installed on the host that is building the configuration AND the host that gets configuration deployed.

Otherwise, when encountering

Import-DscResource -Module CertificateDsc -ModuleVersion 5.1.0

it will tell you:

Could not find the module '<CertificateDsc, 5.1.0>'

Read in-depth dive about module distribution here: Achieving single command Infrastructure deployment using PowerShell DSC.

Having framework helps not only in the development process, but also to save time and improve security.

Challenge yourself to bring your scripting skill to the next level!


Subscribe to our news DEAC Subscribe to our news

Get useful IT information and our news by signing up here!

IT Business Solutions DEAC Flexible service

Superfast and tailored solutions for specific and complex requirements.

IT Business Solutions DEAC Fast customer support

Choose the most convenient way to receive fast DEAC support 24/7.

IT Business Solutions DEAC Experienced IT experts

Professional and certified IT support 24/7.