PowerShellDSC and Azure: more notes

This is starting to feel a little more robust in my mind… I created a pair of VMs on Azure, on the same subnet, with 1 implicitly a push server, and 1 a “client” server, or “pushee”. Each have public IPs… although thinking about it could I just have opened the RDP ports without that? Don’t know, don’t think so. But regardless they talk DSC to each other through their respective private ports. In fact I couldn’t actually get them to talk DSC/PowerShell/WsMan to each other through their public ports/DNS names. Authentication is done through runtime credentials… which are the same on both servers, FWIW. I don’t have a domain (uksouth.cloudapp.azure.com not really a domain… and if it was that would worry me from a security point of view.

The test here was to create a folder from one to the other, being the very simplest proof that had value… and it worked.

Advice: after each failed run, delete the created Dsc configuration folder. Avoids confusion.



PowerShell DSC: Using a Push Server

Driven from a Push Server, this creates an empty folder on the remote server (PS V5, Windows Server 2016, both), which is in the same domain:

It amused me to do a cartoony representation – I like pictures, diagrams:

The single code file and the history is in a Gist here.


PowerShell DSC: Creating IIS things on an Azure VM

I started out with an Azure VM (WS 2012 R2, SQLServer 2016). My aim was to deploy a web application so that the index.html was visible to the external world.

Additions I did not yet manage to achieve in DSC were a) adding endpoints for http and https in ARM, b) setting up self-signed certificates on the host VM. The http part right now is a Must.. the https might be considered optional but sensible.

Right now, this is the exciting output as an external user:

That already highlights one new thing: The UK now has its own Azure data centres… previously I noticed I would often get my browser language in Dutch.

Before I show you the whole of the DSC config, some key points were:

  • the use of the CimSession parameter to Start-DscConfiguration
  • as in a previous post, the need to delete pending configurations… assuming you are sure you don’t want them
  • There seems to be no “Let it be so” option for an existing virtual directory… so might have to replace that with some imperative code.


Code here.

PowerShell DSC: “A configuration is pending”

This was driving me absolutely nuts.

A helpful post pointed me at [C:\Windows\System32\Configuration], and get rid of the pending.mof file. But that didn’t help.

Then I found Test-DscConfiguration

… which then led me to this:

, and finally the answer – Remove-DscConfigurationDocument -Stage Pending

Now I had that, I could finally do the thing I wanted (content really doesn’t matter):

Now I can get on with the original goal.

PowerShell DSC: deleting a Windows Service

This is simple and it works – thanks DSC. Code is here.

I want to declaratively delete a Windows Service… I tell it what I want, it figures out how. Part of that is not involving me in interactive decisions about what to do if it is already Absent, to use the Service provider keyword. I have said the required state is Absent, just make it so.

I decided that the Fax service was one I would never need, so that is my test case. As ever with actions against Windows Services, make sure the Services dialog is closed when you perform the action, else it will just hang.

The code to achieve that is immediately below the service dialog.

That is then compiled into MOF format (the . .\ServiceManager.ps1 screenshot), and then we execute (Start-DscConfiguration…). Net result is no Fax Service in Services after this.

Chef does not currently have the ability to delete a Windows Service, as far as I can see here.