We continue our journey and in this part we will talk about Local Configuration Manager. The local configuration manager often refered to as LCM is really the core of PowerShell DSC, it runs on every server/computer that has PowerShell 4 and above installed on it.
It’s responsible for basically doing everything. This is a component that will take care of bringing your machine in it’s desired state and monitoring and configuration drift.
The LCM has information or stores information locally on the disk about what the current configuration is what the previous configuration was. So you can actually do a rollback. So if you start DSC configuration on one server, it will apply the configuration. Once that configuration has been applied, it’s gonna store it as the current MOF file on disk. And then if you apply another contribution on top of it, that current MOF file is gonna become your previous state and you’re gonna be able to roll-back to whatever your previous state was.
And you also have the third one which is gonna be pending so while the contribution is being applied you’re gonna have depending on MOF file store as well.
You may wonder where are those files being stored on the disk? They are stored under C:\Windows\System32\Configuration
We can see Current.mof and Previous.mof. I don’t have any pending.mof so that one is not displayed.
If you wanna go about and delete or let’s say, you configure your server and you wanna remove that configuration, you can either go delete that file or you can go and use the Remove-DSCConfigurationDocument cmdlet. When you call the Remove-DSCConfigurationDocument, you need to specify the stage property. So as we just discussed, we keep information about what the current MOF is, the pending and the previous. So if you call in the Remove-DSCConfigurationDocument you need to specify which one you want to remove.
Before we proceed let’s talk about the commands that we can use for LCM. We have 2 commands.
Get-DscLocalConfigurationManager -> This command gets LCM settings, or meta-configuration, and the state of LCM for the node.
Set-DscLocalConfigurationManager –> This command applies LCM settings, to nodes
If we run Get-DscLocalConfigurationManager you will notice that LCM has a handful of properties you can set on it.
ActionAfterReboot –> Specifies what happens after a reboot during the application of a configuration. The possible values are “ContinueConfiguration” and “StopConfiguration”.
- ContinueConfiguration: Continue applying the current configuration after machine reboot. This is the default value
- StopConfiguration: Stop the current configuration after machine reboot.
AllowModuleOverwrite : TRUE –> if new configurations downloaded from the pull service are allowed to overwrite the old ones on the target node. Otherwise, FALSE.
CertificateID : The thumbprint of a certificate used to secure credentials passed in a configuration. We will see this in action later.
ConfigurationID : This is a GUID that identifies the configuration file to get from a pull service. The node will pull configurations on the pull service if the name of the configuration MOF is named ConfigurationID.mof. So you will generate a random guid and rename your mof file with that guid. Next you will edit this property and add that GUID.
ConfigurationMode: specifies how that configuration or how is LCM gonna be monitoring the changes it does to machine? We have 3 modes:
- ApplyOnly –> So that basically tells the LCM here’s what the Desired State Configuration should be. Go ahead, configure that server to match that configuration and when you’re done, that’s it. I’ll see you next time I need you. So this is one shot.
- ApplyAndMonitor –> This is the default value that basically tells the LCM here’s how I want you to configure my server. Bring the server to the Desired State and once you’re done, on a regular basis just check to make sure that, that server is still in its Desired State and if it’s no longer in the Desired State just report in the event log.
- ApplyAndAutoCorrect –> This is extremely powerful. This will configure the machine to be in the Desired State and if it detects (whenever it checks to see if the machine is still in the Desired State), that the machine is no longer in the Desired State is gonna do anything in its power to bring it back to that Desired State. So it will revert any changes made.
ConfigurationModeFrequencyMins –> How often, in minutes, the current configuration is checked and applied. This property is ignored if the ConfigurationMode property is set to ApplyOnly. The default value is 15.
StatusRetentionTimeInDays –> The number of days the LCM keeps the status of the current configuration.
RebootNodeIfNeeded –> Set this to TRUE to automatically reboot the node after a configuration that requires reboot is applied. Otherwise, you will have to manually reboot the node for any configuration that requires it.
RefreshMode –> This basically allows you to define how the configuration is gonna be applied to a server, how the MOF file is gonna get to your server. We have three
refresh modes : Disabled, Push and Pull
- Disabled -> The LCM is not doing any work, basically you have a new server that has partial install on it, and there’s nothing going on with DSC on that server.
- Push –> We already used this method in our first post. This means that you are going to create a MOF file and then push that configuration to the servers.
- Pull –> This is gonna allow you to register your server against a centralized repository where all your configuration are gonna be stored and all your modules are also gonna be available for those registered servers.
RefreshFrequencyMins: The time interval, in minutes, at which the LCM checks a pull service to get updated configurations. This value is ignored if the LCM is not configured in pull mode. The default value is 30.
[DSCLocalConfigurationManager()] Explanation
Once we know that let’s configure our LCM. We start with this keyword right at the very top, DSCLocalConfigurationManager. Through the configuration keyword you’re defining a name of something that gets generated. Now if you remember from the previous post when we did a configuration that install IIS, what you do when you see all the details, you’ll see that the configuration that gets generated is some node name .MOF. It was DC01.mof. Now that configures the machine. What we want to do is we want to configure the LCM agent on that machine. One way to think about this is what we call meta configuration. You configure the configuration management agent. You’ll see when we run this, that tag at the top saying (DSCLocalConfigurationManager) when you run this name, instead of generating a MOF, generate a metadata.MOF. Then that’s pushed through a different mechanism. MOFs are generated and pushed through Start-DSCConfiguration. Metadata.mofs are pushed through Set-DSCLocalConfigurationManager. We can use IntelliSense features to show us how to make the configuration.
So I will change RebootNodeIfNeeded and the Configuration Mode
When we run this it will generate meta.mof file.
To apply this to our machine we need to use Set-DscLocalConfigurationManager command.
Set-DscLocalConfigurationManager -Path ‘C:\’ -ComputerName dc01 -Verbose
An LCM configuration can contain blocks only for a limited set of resources. In the previous example, the only resource called is Settings. The other available resources are:
ConfigurationRepositoryWeb: specifies an HTTP pull service for configurations.
ConfigurationRepositoryShare: specifies an SMB share for configurations.
ResourceRepositoryWeb : specifies an HTTP pull service for modules.
ResourceRepositoryShare: specifies an SMB share for modules.
ReportServerWeb: specifies an HTTP pull service to which reports are sent.
PartialConfiguration: provides data to enable partial configurations.
We will check some of these when we will be talking about Pull server. That’s it. In our next post we will start to configure our servers and in future post we will see how to configure pull server.
Stay Tuned!
Cheers,
Nedim
Nedim's IT CORNER 