Monday, 28 August 2017

Learn PowerShell DSC - Part 1

Introduction

PowerShell DSC. What’s that? DSC stands for Dynamic State Configuration. It sounds like it could get a little complicated but if you’re just starting out using PowerShell to deploy configurations to machines then you’ll probably be lost in long scripts which check whether your configuration is correct then takes the steps to correct it.

To go to other parts of this series, see below:

You would have to write out the check statements and then write out all the logic to install the feature or copy the file etc.

With PowerShell DSC, you just state what you want your configuration to look like and DSC just “makes it so” and that’s the beauty of DSC.

image

Advantages of PowerShell DSC

As explained above, you need to write less code. That’s great but there’s more.

1) You can read through your code easier

This is called a configuration document. Rather than having a long script with if statements and lots of logic, you now just have a simpler script which states what you want the configuration to look like.

2) Look for configuration drift

DSC allows you to check a server against a configuration document to make sure there hasn’t been any changes.

3) Auto-remediation

DSC periodically checks a server’s configuration against the configuration document and then can be set to automatically restore the configuration to what it should be

4) Remote execution

You can deploy a configuration to remote machines and you can apply the same configuration to many machines

5) Centralised repository

You can configure your servers to pull their configuration from a central repository. This saves you having to copy scripts around and helps you manage versioning.

6) Works with workgroup servers

You’re not tied down to Kerberos authentication! You can deploy configurations to remote machines which are not on the domain.

7) Different teams can manage different configurations

This is called partial configurations. For example it allows your DBAs to manage the SQL related configuration while your systems team can manage the networking and your developers manage IIS.

8) One to many deployment

You can deploy the same configuration to more than one server at a time.

As you can see, DSC is really the best thing since sliced bread! It saves so much time and is a very elegant and efficient way to deploy configurations.

PowerShell DSC Example

Let’s take a look at a quick example. Let’s say we just want to make sure that an install file is copied to C:\Software on our server.

  • Server to configure: contlonsql01
  • Source file: \\contchisql01\Software\Installer.msi
  • Destination file: C:\Software\Installer.msi

Here’s what we’d write out to make this happen. Things to note:

  • configuration. This specifies that this is a PowerShell DSC configuration and the name is Configuration1.
  • Import-DscResource -ModuleName PSDesiredStateConfiguration. Perhaps you guessed it already but this imports the DSC resources from the DSC module. We’ll go into resources and modules another time so don’t worry about this line for now.
  • node is an array of servers we want to configure.
  • File. This specifies that we will be asking DSC to do a file or folder operation and we tell it what we want - i.e. we want to ensure that installer.msi is present which means it needs to be copied from the source location to the destination location.


image

configuration Configuration1 #Configuration1 is the name of the configuration
{
     Import-DscResource -ModuleName PSDesiredStateConfiguration #Imports the DSC module

    node ("contlonsql01") #List the servers you'll be targeting. It'll deploy the settings within node {}
     {
         File InstallerFile #File is a DSC Resource
         {
            Ensure = "Present"
            SourcePath = "\\contchisql01\Software\Installer.msi"
            DestinationPath = "C:\Software\Installer.msi"          
         }
     }
}

There is no output from this. It’s like when you define a function:


image

Push a DSC configuration

Now we need to push the configuration to the machine. To do this we need to create a Management Object File or MOF file and we simply run the configuration and specify an output path for the MOF file:

Configuration1 -OutputPath C:\DS

image

Let’s take a look at the contents of C:\DSC

image

Note that the MOF file is named after the node specified in the configuration. If you have specified more than one node then you’ll get one MOF file per node.
We then deploy the configuration by using Start-DscConfiguration

Start-DscConfiguration -Path C:\DSC

image

Note that you don’t really get much output here. You just see that a job’s been started. if you want to get the output of the job, you can run use Get-Job:

Get-Job 11

image

So, it’s completed and we can confirm our install.msi file has been copied over:

image

We can also use Test-DscConfiguration to check our target machine configuration against the configuration we deployed to it:

Test-DscConfiguration -Path C:\DSC

image

Conclusion

So, that’s just a quick intro into PowerShell DSC. It’s such a great way to configure your servers and definitely the way of the future. In the next post, I’ll talk through DSC resources - these define what types of configuration settings you can make e.g. file, windows features, registry changes etc. Click here for part 2 to continue the DSC journey.

Saturday, 26 August 2017

PowerShell functions with -Verbose and -Debug

Introduction

So, another rather standard day but made a little more interesting with some new tips on getting your PowerShell functions to provide some more feedback. We’re going to look at how to get your script to use the -Verbose and -Debug parameters.

Simple function

Okay, so our simple function is below. It just takes a Message parameter of and outputs Welcome <message> in green.

image

function Welcome
     {
         param(
             [string]$Message
             )

        Write-Host Welcome $message -ForegroundColor Green
     }

We can run the function as below:

Welcome -Message "to my blog!"

image

Nothing really that interesting here. Let’s move on.

Add -Verbose and -Debug to a PowerShell function

Here I’m adding another part to the script - [cmdletbinding()]. This automatically adds the -Verbose and -Debug parameters to the script and does all the logic behind it. By default, Write-Verbose doesn’t actually produce an output.

image

function Welcome
     {
         [cmdletbinding()] #This provides the function with the -Verbose and -Debug parameters
         param(
             [string]$Message
             )

        #Verbose - this is only shown if the -Verbose switch is used
         Write-Verbose -Message "This is verbose output"

        #Debug - this causes the script to halt at this point
         Write-Debug "This is debugging information"

        #Actual function
         Write-Host Welcome $message -ForegroundColor Green
     }

We can now run the function and specify the -Verbose parameter and we can see we’re now getting the output from Write-Verbose:

Welcome -Message "to my blog!" -Verbose

image

Let’s test out -Debug now. Debug is useful for when you’re debugging your script (who would have thought). Basically, it outputs Write-Debug, pauses the script and asks for you to either continue running it or to halt it. Write-Debug could contain more than just text. For example, if you want to check the value of a variable before it’s used, you can use Write-Debug to output the variable and then prompt you to either continue or halt the script.

Welcome -Message "to my blog!" -Debug

image

I selected Y and so it continued running the rest of the script:

image

So, there you have it. How to add -Verbose and -Debug into your functions.

Tuesday, 22 August 2017

VMware to Hyper-V migration with Veeam

Problem

Okay, so here’s the problem. You want to migrate VMs from VMware vSphere 5 or 6 or whatever to Hyper-V 2016 but you can’t find a tool to use because you want near-zero downtime. You search around and find some options:

Sysinternals Disk2Vhd

Great tool and free! The problem is that you need a lot of downtime because it converts the entire disk and you cannot sync changes after the conversion is done so you need downtime from the time you start the conversion.

Microsoft Virtual Machine Converter

Another good tool but no longer supports the later versions of vSphere or Hyper-V. In fact, the tool itself is not supported as of June 3rd 2017. See more here. However, even if you do use it, you still cannot do the incremental sync that you need.

Third party tools to migrate VMware to Hyper-V

There’s some very useful tools that you can use but these come at a cost but will literally do near-zero downtime conversions. Have a look at Quest, Double-Take or PlateSpin.

Solution

So, I found a neat little workaround for this. Basically, use Veeam. Now, you need both Veeam Agent for Windows and Veeam Backup and Replication (and you can get free trials for both). The steps are below:
  1. Install Veeam Agent for Windows on your VM
  2. Install Veeam Backup and Replication on a backup server
  3. Add your host into Veeam Backup and Replication
  4. Create a backup repository in Veeam Backup and Replication
  5. Back up your VM to a Veeam Repository on the backup server using Veeam Agent for Windows
  6. Prevent users accessing the server to make changes
  7. Do an incremental backup of your VM and shut it down
  8. Use Veeam Backup and Replication to rescan the repository
  9. Use Veeam Backup and Replication to do an Instant Restore of your VM onto a Hyper-V host and select to power on the VM
  10. Re-enable user access
  11. Use Veeam Backup and Replication to migrate the VM onto production storage (using the Instant Restore wizard)
The advantages of doing this are that you minimize downtime by doing incremental backups and then doing an instant restore. If you’re not familiar with this, Veeam Backup and Replication creates dummy VHD and VM configuration files on the Hyper-V storage which actually reference the backup server storage and the VM runs off the backup server storage. To improve performance, you may want to add faster disks and use 10Gb networking on your backup servers.
If you are a hosting provider then you really don’t want tenant VMs with access to the backup server so you can use the Veeam Cloud Connect Gateway (part of the Veeam Cloud Connect suite). This only requires a single port to be open from the tenant network - it’s generally used to back up VMs over the internet so it was designed with that security in mind.
I hope this helps people out as it looks like MS aren’t really providing a solution to do this just yet.