PowerShell Desired State Configuration (DSC) with UpGuard

Posted by Paul McCarthy

Going from nothing to automation using one of the many tools available can be a daunting task. How can you automate systems when you’re not even 100% sure how they’ve been configured? The documentation is months out of date and the last guy to configure anything on that box has since left the company to ply his trade somewhere that will more fully appreciate his Ops cowboy routine.

UpGuard makes this transition a much smoother experience by helping to bring your environment under control first, so that when you’re happy that you’ve captured your current state you can then move on to automation. It will even help you to get started with several of the automation tools available out there so that you don’t have to worry about having your config stored in multiple places and learning multiple tools from scratch. To show you a basic example here, I’ll be using it to set up the UpGuard agent using Windows PowerShell Desired State Configuration (DSC) to make sure it is installed on any new servers I create.

Wave 1: Visibility

I could manually create the templates in UpGuard but that’s unnecessary as I’ve already got the agent installed on an existing machine. Instead I’ll scan it using UpGuard which will pick up the correct versions and state of my working system. I can then filter down to UpGuard related items:

Visibility

Wave 2: Control

I want the package installed, the correct config file in place, with the correct environment variables set so I’ll add them to my UpGuard policy. The policy that is getting created is a test policy that I can later use to validate the new server I’ll be building using DSC, both post build and ongoing, to make sure nothing changes without my knowledge.

UpGuard screenshot

Wave 3: Automation

From here I can create a DSC definition file:

UpGuard DSC screenshot

Which will produce the following output:

# DSC generated by UpGuard
# ---------------------------------
# Account: My Account
# Policy: UpGuard
#

Configuration UpGuard {

Node "## TODO: insert node name here" {

File "C:\Users\paulmccarthy\.UpGuard\UpGuard.yml"
{
Ensure = "Present"
DestinationPath = "C:\Users\paulmccarthy\.UpGuard\UpGuard.yml"
Contents = "Removed from blog post"
}

Environment "UpGuard_HOME"
{
Name = "UpGuard_HOME"
Ensure = "Present"
Value = "C:\Program Files (x86)\UpGuard"
}

Environment "UpGuardD_CONFIG"
{
Name = "UpGuardD_CONFIG"
Ensure = "Present"
Value = "C:\Users\paulmccarthy\.UpGuard"
}

Package "UpGuard"
{
Name = "UpGuard"
Path = "## TODO: Insert path to MSI"
ProductId = "## TODO: Insert Product Id that uniquely identifies the package"
Ensure = "Present"
}

}

}

Configuration Management Simplified.

I’ve still got some work to do to hook up the new server name and the package, but I’m well on my way and I’m yet to open up a text editor. I can also feel confident in the fact that all my paths and versions are correct, using the correct syntax. Almost all enterprises today aspire to, or are using some form of, configuration automation. By complementing your automation efforts with a UpGuard deployment you can:

  • Make the process of discovering your automation requirements a breeze
  • Turn those same requirements into pre-formatted automation files (ie: PowerShell DSC definition files, Puppet Manifests, Chef Cookbooks, etc)
  • Validate your configuration, both post build to verify the automation, and ongoing to keep the configuration under control and prevent drift
  • Make your onramp to IT automation for DevOps a breeze

Request a Free Demo

 

Topics: guardrail, dsc, desired configuration state, devops, powershell, Windows

UpGuard Customers