DSC vs. "The Others" - A Song of Configuration Management
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Title of Series | ||
| Number of Parts | 60 | |
| Author | ||
| License | CC Attribution - ShareAlike 3.0 Unported: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this | |
| Identifiers | 10.5446/37380 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language | ||
| Producer | ||
| Production Year | 2018 |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
1
10
14
18
24
25
26
32
34
40
41
44
46
54
00:00
Information managementConfiguration spaceBuildingGame theoryGoodness of fitDescriptive statisticsProduct (business)Position operatorDirectory serviceService (economics)Multiplication signSpeech synthesisGroup actionAreaInformation Technology Infrastructure LibraryAuthorizationSound effectConfiguration spacePresentation of a groupArithmetic meanCodeProcess (computing)Flash memorySocial classComputer animation
05:55
Information managementConfiguration spaceBuildingHecke operatorProduct (business)Computing platformDeclarative programmingPartial derivativeFunction (mathematics)Source codeInformation Technology Infrastructure LibraryProduct (business)Computing platformComputer configurationRevision controlConfiguration spaceHigh availabilityOrder (biology)Web 2.0Server (computing)Computer fileFormal languageFunctional (mathematics)Goodness of fitMoment (mathematics)Dependent and independent variablesSelf-organizationInformationCommon Information Model (computing)Different (Kate Ryan album)Partial derivativeNumberShared memoryBookmark (World Wide Web)ScalabilityComputer animation
11:49
Configuration spaceInformation managementComputing platformFunction (mathematics)Source codeBuildingStack (abstract data type)Product (business)Integrated development environmentServer (computing)Client (computing)Workstation <Musikinstrument>Template (C++)AuthenticationClient (computing)Order (biology)Server (computing)Different (Kate Ryan album)CodeAlphabet (computer science)BitSoftware development kitConfiguration spaceTheoryExtension (kinesiology)Product (business)Data structureAuthenticationWordVirtual machineText editorComputer fileKey (cryptography)Demo (music)WindowTerm (mathematics)Workstation <Musikinstrument>Default (computer science)TelecommunicationInformationMechanism designBlogAuthorizationFormal languageQuery languagePointer (computer programming)Information Technology Infrastructure LibraryScaling (geometry)Goodness of fitTemplate (C++)Primitive (album)Boolean algebraPlug-in (computing)SchlüsselverteilungInclusion mapVideo game consoleDirectory serviceComputer animation
18:32
Configuration spaceInformation managementAddress spaceFirewall (computing)Vertex (graph theory)RSA (algorithm)Computer configurationAttribute grammarServer (computing)Process (computing)Firewall (computing)BootingIP addressMathematicsNumberDemo (music)Multiplication signComputer fileBootstrap aggregatingComputer animation
19:47
Configuration spaceInformation managementAlgorithmic information theoryComputer fileSelf-organizationVirtual machineConfiguration spacePasswordServer (computing)Instance (computer science)InformationPoint cloudComputer animation
21:51
Configuration spaceInformation managementAsynchronous Transfer ModeText editorComputer configurationEmpennageDrop (liquid)Ext functorMoment of inertiaSoftware repositoryComputer fileText editorCASE <Informatik>Server (computing)InformationPublic-key cryptographyWorkstation <Musikinstrument>Computer animation
23:39
Configuration spaceInformation managementMaxima and minimaDrop (liquid)Sanitary sewerRSA (algorithm)Attribute grammarVertex (graph theory)Address spaceFirewall (computing)Power (physics)InformationServer (computing)Electric currentComputer fileBitVideo game consoleDemo (music)Query languageServer (computing)Binary codeComputer animationXML
25:30
RSA (algorithm)Computer configurationVertex (graph theory)Attribute grammarInformation managementConfiguration spaceAddress spaceFirewall (computing)Normed vector spaceIP addressElectronic mailing listAttribute grammarNormal (geometry)Computer animation
26:32
Configuration spaceInformation managementElectric currentCue sportsMessage passingInteractive televisionRevision controlFunction (mathematics)Client (computing)Hand fanAsynchronous Transfer ModeServer (computing)Lipschitz-StetigkeitOnline helpComputer configurationComa BerenicesComputer fileTemplate (C++)Attribute grammarIP addressNormal (geometry)Demo (music)GodRight angleClient (computing)Computer animation
27:50
CodeConfiguration spaceInformation managementDemo (music)Default (computer science)Directory serviceCurvaturePower (physics)Core dumpBit rateRadical (chemistry)CodeDemo (music)Computer fileComputer animation
28:51
Power (physics)Demo (music)Information managementConfiguration spaceCore dumpDynamic random-access memoryDrum memoryData structureElectric generatorDirectory serviceComputer animation
30:13
Demo (music)Computer fileClient (computing)Default (computer science)CodeConfiguration spaceInformation managementGroup actionDirectory serviceServer (computing)RecursionJava appletRule of inferenceExtreme programmingConfiguration spaceProduct (business)Directory serviceModule (mathematics)Right angleWindowScripting languageWebsiteComputer animation
33:04
Power (physics)Demo (music)Information managementConfiguration spaceDefault (computer science)Client (computing)Server (computing)Template (C++)CodeServer (computing)Electronic mailing listWeb 2.0Moving averageLatent heatComputer fileComputer animation
34:30
Computer fileInformation managementConfiguration spacePiDemo (music)Client (computing)Default (computer science)CodeExtreme programmingArc (geometry)Text editorDemo (music)Default (computer science)Moving averageRadical (chemistry)Computer fileCodeRight angleComputer animation
35:44
Rule of inferenceComputer configurationInformation managementConfiguration spaceBit rateClient (computing)Power (physics)Convex hullCodeComputer fileColor managementTemplate (C++)Default (computer science)PasswordAttribute grammarDemo (music)InformationInfinityProcess (computing)PasswordVirtual machineRight angleMessage passingService (economics)Client (computing)2 (number)Binary codeCycle (graph theory)Attribute grammarWeb 2.0IP addressComputer animation
39:04
Twin primePasswordClient (computing)Configuration spaceInformation managementDemo (music)Template (C++)Computer fileRevision controlServer (computing)Address spaceOpen sourceEnterprise architectureIntegrated development environmentLatent heatCodeTime domainFormal languageLibrary catalogSocial classServer (computing)BitInformationLibrary catalogComputer fileCodeSoftware developerConfiguration spaceClient (computing)Goodness of fitSocial classTemplate (C++)NumberEquivalence relationRevision controlIP addressGraph (mathematics)Different (Kate Ryan album)DivisorGroup actionVisualization (computer graphics)Physical systemInstance (computer science)Web 2.0Open sourceMetadataVirtual machineExtension (kinesiology)Computer animation
44:36
Enterprise architectureOpen sourceClient (computing)Integrated development environmentFormal languageLatent heatTime domainCodeLibrary catalogSocial classInformation managementConfiguration spaceModule (mathematics)Portable communications deviceInstallation artVertex (graph theory)Extension (kinesiology)Data structureParsingWebsiteServer (computing)Physical systemPublic key certificateRootWindowConnected spaceBootstrap aggregatingData structureDefault (computer science)Computer fileNumberKey (cryptography)Similarity (geometry)Point (geometry)Directory serviceModule (mathematics)HierarchyConfiguration spaceEquivalence relationFirewall (computing)Operating systemMultiplication signMatching (graph theory)Direct numerical simulationSocial classDemo (music)Computer animationLecture/Conference
49:57
Configuration spaceInformation managementModule (mathematics)Data structureParsingWebsiteServer (computing)Computer filePower (physics)Module (mathematics)Different (Kate Ryan album)2 (number)WindowBitRootOrder (biology)Data structureDirectory serviceService (economics)Demo (music)Computer animationSource code
53:04
Template (C++)Computer fileRevision controlClient (computing)Information managementConfiguration spaceModule (mathematics)Data structureParsingWebsiteParsingSocial classComputer fileComputer animationSource code
54:34
CodeComputer fileClient (computing)Default (computer science)Information managementConfiguration spaceRevision controlDemo (music)Integrated development environmentWebsiteWeb pageGroup actionProcess (computing)InfinityPower (physics)Demo (music)Client (computing)Equivalence relationDifferent (Kate Ryan album)NumberScripting languageModule (mathematics)Range (statistics)Software testingComputer configurationProduct (business)Configuration spaceServer (computing)Social classEnterprise architectureHigh availabilityBitIntegrated development environmentComputer animation
01:00:25
Configuration spaceInformation managementCodeWebsiteIntegrated development environmentComputer fileService (economics)Demo (music)Installation artServer (computing)Identity managementSource codeContent (media)Time zoneTemplate (C++)Standard deviationDressing (medical)Client (computing)Directory serviceGroup actionComputer-generated imageryDefault (computer science)Programmer (hardware)Category of beingRippingEquivalence relationService (economics)Web 2.0Revision controlModule (mathematics)2 (number)Server (computing)Medical imagingComputer fileProcess (computing)Time zoneMultiplication signWebsiteConfiguration spaceInformationShared memoryRootTemplate (C++)Scripting languageProduct (business)Web pageCodeWindowFilesharing-SystemJackson-MethodeMereologyOrder (biology)Directory serviceComputer animation
01:06:53
Information managementConfiguration spaceExplosionInflection pointMUDUniqueness quantificationDefault (computer science)CodeRevision controlMaxima and minimaDrill commandsDean numberPower (physics)Computer fileExecution unitTemplate (C++)Demo (music)Client (computing)DemonModule (mathematics)Directory serviceSimulationPasswordNo free lunch in search and optimizationClefTemplate (C++)Computer fileDirectory serviceMedical imagingPoint (geometry)Computer animation
01:07:59
Computer fileDemo (music)Template (C++)Configuration spaceInformation managementInflection pointLine (geometry)Default (computer science)Revision controlCodeClient (computing)Module (mathematics)Directory serviceSoftware maintenanceEmailPoint (geometry)Source codeLink (knot theory)Computer fileMedical imagingRight angleNumberRadical (chemistry)Revision controlComputer animation
01:09:33
Demo (music)Configuration spaceInformation managementClient (computing)CodeDirectory serviceModule (mathematics)Revision controlAttribute grammarPasswordTemplate (C++)Power (physics)Maxima and minimaRule of inferenceDrum memoryInfinityPrimality testConfiguration spaceWebsiteWindowTime zoneModule (mathematics)Computer animationSource code
01:11:55
Configuration spaceInformation managementProgrammable read-only memoryOnline helpInformationPower (physics)Group actionExecution unitDifferent (Kate Ryan album)BitScripting languagePoint (geometry)Client (computing)WebsiteComputer animationSource code
01:13:08
InfinityInformationPower (physics)Information managementConfiguration spaceExplosionDefault (computer science)Pointer (computer programming)Maxima and minimaInternetworkingAlgorithmic information theorySummierbarkeitClient (computing)Source codeComputer animation
01:14:07
Information managementConfiguration spaceModule (mathematics)Data structureParsingWebsiteServer (computing)Attribute grammarIntegrated development environmentPetri netWindows ServerModule (mathematics)Instance (computer science)Disk read-and-write headLink (knot theory)Server (computing)ReliefEquivalence relationConnected spaceInformation2 (number)Petri netExtension (kinesiology)LaptopPublic key certificateConfiguration spaceComputer animationXML
01:17:31
Row (database)Coma BerenicesJSONXML
Transcript: English(auto-generated)
00:10
Welcome to DSC versus The Others, a song of configuration management. My name is Missy Genusco, and the first thing I'm going to open with is how many
00:20
people are familiar with the Game of Thrones references in my title. I was very excited about being able to incorporate Game of Thrones into my speech. The only reference that I'm going to make right now is that I was actually concerned after last night that I was going to show up looking like an other because of the
00:44
whole blue face and makeup, and I wasn't sure that I would be able to get all the makeup off in time for my presentation. So I'm glad that I'm not a White Walker. I won't, you know, flash ice at you or anything like that, so.
01:00
The one thing that I do want to mention is, even though it's called DSC versus The Others. Now in Game of Thrones you have, you know, the good guys, which is basically everyone that's left that hasn't been already killed, versus the White Walkers or The Others, which are basically the undead, and you
01:24
have this battle of good versus evil. I just want to make note that DSC is not the good, and The Others are not the evil. All of these products are widely different. They do similar things, but my intent here is not to make one out
01:47
as a bad product and one as a good product or anything like that, just to show you some basics on what you can do with a couple of the other products, as well as DSC, and some things that I think are interesting and would really
02:04
like to see DSC do. So again, my name is Missy Genusco. That's how you pronounce it. I am or have been one of the poster children for changing
02:22
your career with PowerShell. A couple years ago I was an active directory person and that was my job, and I learned this thing called PowerShell, and now I am talking about configuration management and PowerShell and DSC, and
02:40
I'm standing up here in front of you all and it's very, very exciting. I recently, last year I was self-employed and I was going out and doing my own thing, but I recently took a new position. This is my third week, so I'll
03:01
be a DevOps pipeline engineer at a financial services company. Right now I am working on some ServiceNow and PowerShell integration, but I'm soon to transition into this new role. I'm the author of the DSC book with Don Jones, so that is my main area of expertise, and unfortunately I don't use
03:23
it very much right now at work, but I'm still very interested in configuration management products. However I'm not the DSC diva, I'm the DevOps diva on Twitter, so my goal for this presentation was not only to learn something new for
03:42
myself, but to be able to teach it and explain it to you all in the room in a way that makes sense for everyone. So I started learning something new, but at the same time I was also looking for a new job, and I had this resume
04:05
building quandary now. Have you ever read job descriptions for people who are looking for somebody with expertise in configuration management? Have you ever seen one that says I want somebody who has expertise in DSC?
04:22
Recently? Okay, that's good because I haven't had that experience. In fact a lot of them read something to the effect of, oh I want somebody who's got expertise in Azure and Google Cloud and AWS, or I need someone with configuration management experience
04:44
in Chef and Puppet and Ansible, but DSC is rarely mentioned, so if you see something that says DSC, you know, send it my way. No, I'm just kidding. While I was doing my resume
05:00
building, I had dabbled in Chef, meaning that I took an internal class, and I think I probably spent a lot of time writing DSC code on the side while I was listening to the class. And I was working on the Pluralsight
05:21
course on Puppet, which was really a good course, but I realized that it was slightly outdated. I think actually the course was maybe from 2016 or something like that, so I really wanted to learn the latest and greatest
05:46
configuration management products, and I wasn't really sure where to start. So job postings don't ask for DSC experience, but they do ask for generalized or specialized, they might mention a specific product, but
06:03
specialized or generalized configuration management knowledge. So my goal here is to show you some of the differences between what DSC does and what some of the other products do as well. One last note, the opinions that I express
06:27
here are my own. They are not the opinions of my company, they are not the opinion of everyone else, and again, no bad products, just maybe
06:42
learning experiences. I had a lot of learning experiences while I was going through learning some of these products, and I'm going to share some of them with you, and you'll get a kick out of some of them. These are my
07:00
own experiences. Again, no bad products, but I did fail a lot, and it's okay. So let's talk about DSC for a minute and just kind of a review. One of the good things about DSC is that it is a platform and it's not a tool, which
07:25
means you can roll your own tool set. A lot of the things that are not built in, you can make your own. I know Gail has some tooling that he's built
07:41
around DSC in the configuration data arena. You have the ability to build your own tool sets. This is one of the best benefits for me, is that if you have PowerShell knowledge and experience, you don't have to learn a new language in
08:01
order to use DSC. Your PowerShell knowledge will transfer over to your DSC knowledge. It's declarative, which you'll see in many of the other configuration management products, they are also declarative, which means you can say, I want my server to look like this, and it will apply itself that way.
08:27
I listed this as a benefit. Benefit, detriment, depends on how you look at it. Love them or hate them, it does have the ability to do composite
08:45
configurations and break your configurations apart and make this group responsible for this portion of the configuration and this group responsible for that portion of the configuration. Depends on how your organisation works.
09:01
Partial configurations, again, because they are compiled when you are putting it on the server, they're not really recommended, but it's still a benefit in that it gives you options on how you can deploy your configurations. This
09:28
is one that I was really interested in, is that you can use DSC and you can use the vast number of DSC resources that are already out there in other configuration management tools, and this is one of the things I'm going to
09:40
show you later. All right, drawbacks of DSC. Oh, wait, it's a platform and not a tool. If you don't want to roll your own tool sets, DSC is
10:02
primitive compared to some of the other products. I should probably stop walking around. Where tooling exists, some of the tooling, and I'm looking at
10:20
you, Pull Server, lacks some key functionality. Many of these other products have highly available Pull Servers, Chef Servers, Puppet Masters, whatever you want to call them, whereas DSC at this moment in 5.1 doesn't
10:44
really have that high availability in their Pull Server as we would like them to. No SQL Server, no web server scalability. Hopefully that's going to change with the next version. I thought this was an interesting one,
11:09
because we always have the configuration data debate. This is Gail's favorite topic. If you're authoring a DSC configuration, you're basically taking
11:21
your configuration data and you are laying it out in a file, and you're munging the two files together, the configuration and the configuration data, to make your MOF file. There are automated ways in some of these other products of gathering that information so you don't have to type it into a file.
11:42
We'll see some of that in the demo as well. All right, when I first started preparing this, I was going to look at all of these products. I was so excited.
12:01
As I started getting into them, I realized exactly what I was taking on by trying to look at all of the products and compare them all. I had narrowed down my scale a little bit, and I chose to look at Chef and Puppet. If I had had more
12:23
time, Ansible would have been right in there, because I've seen a lot of good blog articles on using Ansible for configuration management on Windows servers and things like that. I'm choosing to do Chef first, because I'm
12:56
actually doing some Chef work at my job, for no other reason other than,
13:06
oh, wait, it's alphabetical. That's what it is. Best goes last. To develop in Chef, you have a couple of different tools. VS Code, everybody or
13:25
most folks who are already working in PowerShell have at least a little bit of primitive knowledge of VS Code. It's an editor. It has a plugin or an extension for Chef. And then there's the Chef DK, which is the Chef development kit.
13:44
It is basically a customized PowerShell console that you can use to run Chef commands as well. The communication between the Chef client...
14:02
So the Chef client... I wish I had a pointer. I'll just point. The Chef client is an agent that runs on your node. The Chef server is basically your pull server, and there is two-way communication between the two.
14:21
The workstation is where you author your config. I'm going to call it config for now. Oh, pointer. Thank you. Oh, he's got one too. Thank you.
14:49
Chef client is also the command that you run to deploy a config to your node. So not only is it the agent, but it's also the command.
15:02
You can have a node that is in local mode, so you just deploy it to your own machine without the Chef server involved, or you can have the Chef server set up. My workstation is actually my laptop, and on it, I'm going to use VS Code to
15:24
edit my configuration. There's another word for it, but we'll get to that in a minute. Oh yeah, VS Code. I'm going to use VS Code to edit it, and then I'm going
15:44
to use some Chef commands to upload it to the Chef server. So Chef uses the word recipe to describe their configurations. I'm going to keep saying configuration because that's the DSC term for it, and as we go through some
16:04
of these different products, I'm going to try to switch the terminology to the one that I'm talking about now. So now I'm going to talk about recipes. The recipe is the configuration that contains the resources to apply to the server. The recipe, when you write it, it applies it in the order that it is
16:27
written. Note that this is a little bit different from DSC. DSC in theory will apply it in any random order that it chooses. Now, I don't know if anybody
16:42
has this experience, but I've seen basically where it just goes through and goes in order anyway. I haven't really seen it deviate. The default language for Chef is Ruby, and I'm not sure that I put that in there, but the
17:05
language is Ruby. A cookbook is a structure of directories that contains the recipe and all of the files that go along with that recipe. That can include
17:24
things like templates that can help you to use configuration data to abstract your node-specific information away from your code. Templates. Knife is the command
17:47
that you run on your workstation to communicate with the Chef server. There's various things that you can do. You can do things like knife node and edit node information or list node information. It's a query mechanism and
18:06
editing mechanism between you and your Chef server. Authentication between your nodes and your Chef server is done through public-private key exchange.
18:25
And we'll get to that when I show you the demo and how to set up your keys. All right. Bootstrapping Chef nodes. Bootstrapping is the process where you
18:43
would go through to connect your node to your Chef server. So there's a couple of things that you need to do and remember. Number one, you need the IP address of your node. And for my demo, I'm running in Azure. So every time I
19:00
boot up my Chef node, my IP address changes. So I have to go into the Chef server each time and remind it what its IP address is. So that's why I have this up here. Firewall should be configured to allow WinRM traffic in because that's how you communicate with your...when you run the command that
19:26
will apply your recipe to the box, that traffic happens over WinRM. I'm going to show you some of this, actually. So generating your knife.rb and your PEM
19:43
file. Oh, great. You've timed out. All right. So for my demo environment,
20:17
I am running what's called Hosted Chef. It's basically like a shared instance of
20:23
your Chef that you can have a couple of nodes attached to. So I am not running this on Azure or my local machine. It is just...it's a shared instance out there in the cloud somewhere. This is why I sign into everything before...
20:48
All right. So everybody's going to pretend that they didn't see my passwords there. It's not recorded? I thought it was. So I have an
21:20
organization that's set up in the Chef server called Missy Chef, and I can come into my organization and I can say, generate knife config. And what this is going to do is it's going to generate a file for me that has all of the information about...and I'm going to show it to you here instead. Now you're
22:03
going to see how bad my typing is. All right. So when I go into the
22:28
Chef server and generate the knife.rb file, this is the information that it stores. And it gives me my node name, which is actually my username in this case because my workstation is not bootstrapped, but it is connecting.
22:46
The name of my PEM file where my private key is stored, the URL that I'm connecting to and the organization, and then the knife editor which I'd never changed from the default, which is Notepad. And that gets stored in my...
23:09
So my repository, my Chef repo is called Learn Chef. And the only reason I'm using this name is because that is the name of their...when I was going through all the learnings, that was the name of their learning repo.
23:20
And I figured, well, I already have a repo set up, so why do another one? And then this hidden folder is .chef, which is where my knife.rb and my PEM file is going to go. To get my PEM file, I would come in here to users.
23:45
Come on, users. And I'm not going to do it, but I would do reset key, and I would get a new key file. I'm not going to do it because I'll probably mess everything up if I do. So I talked about the Chef DK a little bit.
24:12
This is actually the Chef DK window. It looks just like PowerShell. It's an administrative console, but it does give me, when I log on,
24:28
how you know it's the Chef DK. It tells you, hi. Oh, hi. Welcome. So then...go ahead. It is pretty much a PowerShell console, yes.
24:46
And you can actually...if you have the path to the binaries in your path statement, you can actually use the PowerShell console to run knife commands. And that's how I typically do it anyway. But for demo purposes,
25:02
I decided to use the Chef DK. So if I want to query my Chef server and find out which nodes I have connected, I can do a knife node list, and it will go out to the Chef server and ask it, which nodes do you have?
25:23
And it should come back with Chef node 1, which is my registered node. Oh, another thing. Since my node is in Azure, if your nodes are in the cloud,
25:41
you add the public IP address to the attributes list for that node.
26:01
Somewhere in here, I have the...it's under normal. Anybody see it? This one is actually...that is the private IP address. It's under normal somewhere, but I just can't seem to find it right now. All right.
26:29
Let's do this. If I do a knife node edit, it's going to bring me
26:43
up an editor, and it's going to show me editable attributes. This is how I add the public IP address in there. Oh, I forgot the node name. Knife node edit, Chef node 1. All right. See, I have a normal set
27:13
of attributes, and in there is my public IP address. So if you're in Azure, and you have public facing versus private IP addresses, knife node edit.
27:33
All right. So we're going to switch to the demo, and I'm going to do a really simple demo of creating a Chef cookbook with a very small recipe and deploy it
27:43
to my client. So everybody say a prayer to the demo gods for me. All right.
28:06
Chef DK. So I like VS code for editing, but I hate the terminal.
28:21
And it lies to you sometimes. Like, I'll do just like a get child item, and I expect to see certain things there because I know they're there, and I don't see them. So I'm going to use the demo file in VS code, but I'm going to transfer it over here. I'm going to go into the cookbooks
29:04
directory. I'm doing get child item. Just to show you, there's nothing under
29:22
summit demo, which is going to be the name of my cookbook. And I'm going to do chef generate cookbook summit demo. Somebody have a question over there?
29:51
No? All right. So now I have a summit demo, and it created the directory
30:06
structure for my cookbook for me. Next, I'm going to bring up my simple
30:21
configuration. And this is the simplest configuration that I could come up with. It's going to do three things. It's going to use a PowerShell script to install IIS, which is add Windows feature. It's going to start the
30:47
World Wide Web publishing service, and it's going to add a directory and give my ID rights to read that directory. Now, this is one of the things that I
31:04
think is really neat about some of these other products is how easy it is to assign rights to a folder. How many people have tried doing this in DSC? Is there actually a module for it yet? He's saying, eh, not so much.
31:30
There's an NTFS module. I've tried to write my own using get ACL, and it makes me cry. So I think this is one of the things that
31:42
I think is really easy in the other products that is really difficult in DSC. So I think that's neat. All right. Very simple config. What do you think of the syntax for this? Do you think it's easy to read? Do you think it's easier or harder than DSC? About the same? Yeah.
32:06
I don't think it's terribly difficult. If I had to write it on my own, I'd probably have to Google the syntax until I got used to it. So I'm going to save this in my recipes folder. I could have put it in a less
32:30
messy place. Oh, look, I already have it there. So now I've written my recipe.
32:46
I have it saved in my recipes folder. Now I'm going to upload it to the
33:10
server. So it's going to take that whole cookbook, send it up to the chef server so that I can use it on my node. All right. So it uploaded.
33:26
One last thing before I show you the apply. This particular node is set up with a role. So rather than like in DSC how you can do node name and deploy it
33:44
to a specific node name, in this example, I have it set up with a role of web server. So I'm going to come in here and I'm going to edit the run list, which is the list of recipes that I'm going to run. And I'm going to...
34:05
Actually, I'm not going to edit this one. This one was an example. But this is what you would do if you were going to change your run list for your node. Actually, I have to do it like this, knife roll from file.
34:35
It'll bring up my editor and I'll add the summit demo cookbook into my run
34:43
list. Oh, I didn't want you to update it. Oh, you know what?
35:03
I was supposed to edit this one. Instead of summit, I'm going to do summit-demo. And it's going to run the default recipe. And I save that.
35:27
And now I'm going to knife roll from file. This may or may not work because I just did it from code instead of... Yes. Terminate. All right.
35:54
Once this is done, everybody's going to close their eyes again so they don't see my password because it's actually over in Azure. It's not on my machine.
36:20
There's like 100 different ways that I could have done this.
36:22
And what did I do? I chose to save it all in key pass. So then I'm going to grab the command so that I can upload it. All right.
36:42
Let's talk about this command for a minute. I'm going to use winrm, knife winrm, the name of the node. Chef client is the command that I'm going to run, chef client. I'm using my winrm user ID and password, which is my credentials on the machine. And it will connect to...
37:02
This is where that attribute came in to play. It's going to connect to that public IP address to make that winrm call. Yes. This is actually for the
37:22
winrm portion of it. So I'm making a remoting call to the machine to run chef client. Does that make sense? Instead of going over to the machine, logging on to it and saying, chef client, I'm remoting to it and doing that.
37:53
Yes. I do have it set on a cycle right now. I think it's 30 minutes, but yep. That's a good question. I don't really know. Yeah, I don't really
38:23
see any reason why you couldn't just remote over as long as your path is set up correctly and you have the binaries in there. I don't see why you couldn't do that as well. So a couple of things in here. I didn't see any red,
38:48
which is good. It installed IIS. It started the World Wide Web publishing service and it created my directory for me. All right. So we created a
39:23
cookbook. We wrote or edited a recipe. We haven't gotten to templates and files yet. Because I just generated the cookbook, I did not do update the metadata with the version number because it was my first version.
39:40
It's basically version 0.1. I did a knife cookbook upload to send it to the chef server and a chef client run to run it. All right. So here are some of the things that I found I liked about Chef. And the number one thing was hosted chef server. It was very easy to set up. I didn't have
40:08
to think about how to build a chef server or getting the nodes to communicate with it. It was a couple of steps and done. The other thing that I like about Chef is I'm using it at work as well. So I found it
40:23
a little bit easier to learn, especially because I was also doing it at work. The documentation is actually pretty good. I think it's pretty good. My coworkers who are also using it at work have differing opinions on
40:41
whether or not it's good for specifically people who are trying to manage Windows with it. They find it has a little bit of a Linux slant to it, which is okay. Aggravating. There's got to be a way to abstract
41:00
my IP address away from the configuration so I don't have to edit it every time, but I haven't figured that out yet. So let's switch to Puppet. I know the Puppet guys are super excited about this part. There are two different flavors of Puppet that I found. There's open source Puppet and
41:20
there's Puppet Enterprise. I went back and forth between the two. I ended up with a Puppet Enterprise machine in Azure, because they actually have an Azure template for it, and it made it almost as easy to bring it up as an
41:45
instance of hosted Chef server. For the development environment, there's the PE client tools, and there's the Puppet development kit, and I have not played with either of these, I'm going to be honest. I stuck to Visual
42:04
Studio Code and the extension for it when I was developing, and I would just basically copy and paste my code into the Puppet master. Puppet has its
42:23
own language, it's a domain-specific language, so you will see that the syntax is a little bit different than Chef. And I stole this graph from, or the Puppet website, because I thought it really explained a lot about how
42:42
Puppet works and its terminology and things like that. So a manifest is the equivalent of a Chef recipe or a DSC configuration document. It's the document that describes what your configuration will look like. Factor is
43:01
a really neat, I'm going to call it a tool, that collects information about your node and makes that information available to your configurations so that you can use it. It's kind of like an automated config data kind of thing. The catalog is the compiled version of what your system's going to look like.
43:27
So similar to DSC, you write your configuration, you compile it together with the configuration data, and you make a mock file. The catalog is the Puppet equivalent of the mock file. And in this graphic, the node will
43:49
re...when a node requests a configuration, it sends information to the Puppet master about itself and it gathers facts. The Puppet master takes
44:02
those facts and compiles it into a catalog with your manifest. Sorry, I got to switch.
44:21
A class is a named grouping of resources. Now, I named my class Summit Demo, same as I did in the Chef side. However, you could have a grouping of resources, say, for SQL Server or web servers or something like that and have that be contained in a class. The main class is always in a manifest called
44:45
init.pp, which is what we're going to see in a minute. And then the module is really the directory structure and the hierarchy around the manifest.
45:00
It's the equivalent of a Chef cookbook. And Puppet is also, along with Chef, I threw this in here because I think it's more evident in the
45:23
Puppet side than in the Chef side, but it is portable for both Windows and Linux. And I find it really neat how you can just say in a configuration, if your operating system is Windows, do this. If your operating system is Linux, do this instead. And I think DSC is actually going there when they
45:45
get to 6. They've introduced some new variables as well. So DSC is catching up on this. All right, bootstrapping. We're going to talk about this.
46:01
Bootstrapping the Puppet nodes. Okay, so I have a little story, and this is my experiences with the Puppet Master. I built my first Puppet Master in Hyper-V. It was not in Azure. And I got the Puppet Master up and running. And I would say the biggest pain point that I had was my own lack
46:30
of knowledge in Linux. It actually had nothing to do with Puppet. It was a... I knew what I wanted to do in Linux. I didn't know how to do it.
46:44
So, you know, Google was my friend. Google this, Google that. So I got the Puppet... And I'll be honest, the Puppet Master was very, very easy to install. I think it was one command and up and running. Configuring firewalls and DNS and all the connectivity stuff,
47:00
that was another story. So then I got my Puppet node, started it up, and I went to bootstrap it. And I ran the MSI file and I installed the agent. And then there's this exchange of keys. And so you run a Puppet
47:23
Apply for the first time and it says, I don't know who you are. I'm going to send a certificate request to the Puppet Master and somebody's got to come over and sign it and then send the signed certificate back. And so I ran Puppet Apply and it said, I don't know what you're talking about,
47:42
so go over to the Puppet Master. I went over to the Puppet Master and I would list the certificates that were available to be signed and nothing's there. I'm like, what the heck? Back and forth, back and forth. Or it would say it doesn't match, the certificate doesn't match, it doesn't match what I have.
48:04
Here are the instructions to delete what you've got and start over. So I'd follow the instructions and I could not get the things to talk to each other. Long story short, after calling friends and friends
48:21
of friends and people who know more than I did, they said, you're not root. And I'm like, but I typed pseudo and it said, pseudo puppet doesn't exist. So I just typed puppet, but it didn't do anything.
48:44
They're like, you're not root. Two things I learned out of this. Number one, my very first attempt on Hyper-V was Ubuntu. And Ubuntu does not have root enabled by default.
49:02
Number two, there's a special way that you do pseudo in Azure and you don't just type pseudo, because otherwise you're not really root. Once I got through all of my Linux-y problems, I did a puppet apply-t,
49:24
sent the certificate over to the puppet master, puppet master signed it, sent it back, everything was good. So that's my long story about puppet master. All right. So we have a very similar set of steps
49:44
to do puppet. Make the module structure. On the puppet side, I might actually just switch to my demo.
50:05
Here I actually kept my structure around as I was testing, because I didn't want to have to recreate it and have you watch me type a lot. So I am starting out, I am on my puppet master. I am logged in as root. And the first thing is that I go to
50:32
etsy puppet labs code, and then from there, environments.
50:50
Did I spell that wrong? Oh, yes. So this is the directory structure,
51:09
and inside my modules directory, a module is the structure that the directory structure that has all of the manifests in it.
51:23
So I am going to go to the modules directory. And here I have got a couple of different modules. I have got the summit demo, which is the one I am going to apply, but I also have a couple of modules that I need for my manifest that I downloaded from the puppet forge cd summit demo.
51:47
All right, so let's take a look at init.pp. And this recipe does exactly
52:06
the same thing that my Chef demo did. However, I am doing it in a little bit different way. So rather than running a PowerShell script, and I will be completely transparent, I am not doing the PowerShell script, because I couldn't get it to work, and I didn't want to fight with it.
52:23
So I switched to, I am going to use the DSC Windows feature to install IIS. I am using a service resource to start up the service, and here I am doing the directory, but I left out the ACL for now. In order to use the DSC
52:45
Windows feature resource, I needed to go out to the puppet forge and grab the DSC module. Sorry about that. All right. I am going to grab this command
53:16
here. This is one of the things that I liked about puppet is that I can check
53:25
my syntax with puppet parser validate init.pp. Now, especially since I am just
53:51
using the DSC, I am going to update site.pp. So I am going to go switch back
54:07
to the manifest directory, and I am going to edit site.pp. Now, what this file does is this is how you link the node to the class that we are going to run.
54:55
So I am going to say for node puppet client, I am going to include the summit demo class. Save that. And then I can go to my puppet client,
55:21
run up PowerShell, and I also have a puppet client on here as well. What I can do is through PowerShell as well. Puppet apply dash t. Now there is
55:41
also a dash dash no op option which allows you to do the equivalent of a PowerShell what if. It will tell you what is going to be applied, but it won't actually apply it for you. Always a good test. I probably should have
56:02
taken that off because now I am going to have to run it twice. While this is running, are there any questions? I think that if I were looking
56:37
for an enterprise class product, something that I was going to use across all of my
56:44
production environments, I would go with something that is commercially viable, that it has the high availability that you want for your production environment. Knowing what I know about the pull server, I have this thing about the pull
57:02
server. It just doesn't feel as complete as these other products. How is that? There is a learning curve, and the syntax is a little bit
57:20
different. How you get things to work is a little bit different. Like I said, I was discouraged with some of the stuff about getting my PowerShell script to run, so I just switched it. It does seem like there is many different ways to do what you want to do. I don't know enough about either of the products to say this
57:43
is a best practice, but that's what if you want to talk about best practices, I'm sure you can sit down with any of the guys here and talk to them about it.
58:25
Both of these products you can use DSC, you can use DSC modules that you get from the gallery in your configurations. How you get it there is just a little bit different. I might switch
58:43
to that demo just so you can see it. That was going to be my final demo. I don't know if it depends, because both Chef and Puppet also have their own repositories of modules.
59:08
If you look at, and I think I looked today, Puppet had over 5,000 modules in their Puppet Forge. Chef had over 3,000 modules. I am sure that the PowerShell gallery does not
59:26
have that kind of numbers. I don't think. I shouldn't say I'm sure. There's a wide range of options for you. If you are more comfortable with Chef, if you're more comfortable with
59:46
Puppet and you would rather use their modules, by all means, I'm using the DSC module. By the way, I love it. That's one of the things that I really liked about this.
01:00:00
When you install the Puppet DSC module, it pulls all the stuff in from the gallery for you. I didn't have to do a darn thing to get a DSC module into Puppet. Whereas my Chef recipe I had to do some
01:00:22
finagling. So I'm going to actually switch back to my demo, and I'm going to show you some of that because it's fun. So this was intended to be my final demo,
01:00:44
and it's the same equivalent of both Chef and Puppet. I'm doing installing IIS. I got the World Wide Web publishing service. I got the WWW root. I'm applying some permissions.
01:01:04
Now for on the Puppet side, when I'm applying the permissions, I'm using another module from the Forge called the ECCL. It does the permissions for me, which is awesome. Then I'm doing
01:01:26
something that I don't feel that you can do well in DSC. I'm doing two file resources here. One of them is going to grab an image
01:01:42
from my cookbook or from my module. See, now I have to stop myself and make sure that I'm using the right terminology for the right product. So this is the Puppet version of my final config.
01:02:02
I'm taking a file, and I'm putting it inside my module, and I'm delivering it to the server. I'm not setting up a share or anything that it has to go reach out to somewhere else and get it. It's all encompassed within the module.
01:02:21
The other thing is templates, and both Chef and Puppet do templates, but this is the way of abstracting out the information of what I'm putting in my web server page from the actual code that's putting it in there. Actually, let me
01:02:40
go grab that so you can see it. This is what my web page would look like. I would have an image at the top, and then it's going to say hello from, and
01:03:00
whatever my node's name is. Simple, easy, but I don't know of a good way that... How would you do this in DSC? I feel like you would have to have the image in a file share somewhere, and
01:03:23
then as far as this page goes, you'd probably have to have it in your configuration data. And then the last thing that I'm doing in this
01:03:44
manifest is I'm using the X time zone resource to set this time zone. I don't know why it's in there twice. I wanted to make sure it was set, I guess. Probably a copy and paste error, but I didn't have to do anything other than install the DSC module to use X time zone.
01:04:11
And I just... When I found that out, I thought this was really, really awesome. Did a nice job. See if I can...
01:04:29
This is the Chef equivalent. No, it's not default final. There we go.
01:04:44
So I have the initial same three resources to install the web server services directory, and notice Chef does the same thing with the cookbook file. In this case, it's in a...
01:05:02
It's in a directory inside the cookbook called files. Same thing for templates. This template is stored in a templates directory, and it's all uploaded as part of the cookbook. So it's all right there in your Chef server.
01:05:21
However, I had to do something a little different in order to get X time zone to my server in Chef. So I am also packaging up the cookbook file, and I'm creating it inside
01:05:47
my Chef server, and then when it gets to the node, then I'm using the Windows zip file to unzip it. So I'm basically placing that resource there so that it can be used. The other thing that I did try to do, and I just... I was unsuccessful,
01:06:07
was run a PowerShell script to do find module, install module. I didn't have any luck with it. So I changed it to this. And then again, I'm using DSC resource time zone.
01:06:30
Same thing. All right, so let's get all of the items that we need for the Chef apply.
01:07:02
I'm going to make the files and the templates directories. I'm going to copy my image file and my template file
01:07:25
into those new directories. Thank you.
01:07:41
You should have everything set up at this point. I have a files directory. Let's check.
01:08:21
I have my image file there, and I have my template file there. All right.
01:08:41
The one last thing I'm going to do here is I'm going to increase the version number. I'm going to call it 0.2.0.
01:09:01
I'm going to upload the new cookbook. Oh, why did I do that? This is the problem with having too many terminals up at once. All right, let's upload it there.
01:09:41
I'll grab this command while we're waiting. All right, so now I got 0.2.0 uploaded. Send that config over. All right, while that is applying,
01:10:05
I'm going to go back to my puppet master so I can do the same thing. I'm going to go to my modules directory.
01:10:41
This is where my Linux, my lack of Linux knowledge is showing. Help me out with rename. How do I rename a file? I'm looking at you. MV? Yes, this is, I have been a Windows person for as long as I can remember, and
01:11:09
my Linux skills are rudimentary. So let's take a quick look at init.pp. We got DSC Windows feature.
01:11:23
ACO, the graphic, the template, the timezone. It's only in there once. Sweet. Site.pp is already set up. So I shouldn't have to do anything more other than
01:11:42
apply it. So I'm going to quick go back to Chef. Looks like my Chef run is complete. Do the same thing with the puppet apply.
01:12:09
I'm going to do this a little bit different way. I'm thinking about it. I'm going to use the run puppet agent
01:12:22
instead of doing it from the command line or from a PowerShell script. Yay, it's talking.
01:12:42
So now it's applying my manifest and yay, it's done. No, it's not done. It's almost done. There we go, applied catalog. Okay, so at this point on Chef node one, I should have a website, and on puppet client one,
01:13:05
I should have a website. I'm going to find out. Okay, that's not the website I expected.
01:13:35
Huh? It's certainly a site, yes. Okay, that's not what I expected, but sure.
01:13:44
That probably means that I uploaded the wrong recipe, but that's okay. I'm looking for the name of my puppet client because I can never remember what it is. To look.
01:14:01
Yes, I'm shutting down all of these nodes as soon as this is over, so anybody in Daybreak faction? The Chef one would have been Flawless faction, but
01:14:30
I'm not going to try to troubleshoot it right now. So we did the custom DSC resource examples. I'm going to go back to the slideshow for a couple more slides.
01:15:02
Here's where you can go to learn more about both of these products. Now, this is where I started for both of them. Learn.Chef.io has self-directed education that you can go to to go through and, you know, do some examples and bring up an instance on HostageChef and
01:15:22
connect something up to it. Learn.Puppet.com, which I don't know why, but that's not where I started for Puppet. I started with the Puppet docs. I have to say that I said Chef's documentation was pretty good.
01:15:43
Puppet's documentation is really, really good, but he's like breathing a sigh of relief. But some of it is way over my head. Some of it is very, very detailed information. So
01:16:01
while the documentation is good, it's not a good place to get started at. This learn.puppet.com and their learning VM is awesome. You can download it. It's an appliance. You put it in VirtualBox if you want to play with it. I have a laptop that's actually running it.
01:16:22
But that is how I got started with both of these. Forge.Puppet.com is where you would go to grab Puppet modules. Chef's equivalent is called Chef Supermarket. I'm not entirely certain why I don't have the link to that as well.
01:16:42
And then I found this article recently from Petri about how to configure Puppet Master, and I just kind of came across that when I was troubleshooting my Puppet Master Puppet Agent problems, and it said, here's how you bring up a Puppet Master in Azure. There's an extension. Go click it, bring it up.
01:17:06
You bring up a second node or a second Azure instance as your agent. It has an Azure extension. It's already there once the server comes up. All you need to do is do that certificate
01:17:20
exchange procedure, and you are good to go.