Chef Client 11.16.0 gets into PowerShell DSC

Ohai Chefs. Today’s release of Chef Client 11.16.0 marks the inclusion of [PowerShell Desired State Configuration (DSC)](http://technet.microsoft.com/en-us/library/dn249912.aspx) support into Chef Client for Windows. DSC is a powerful configuration management platform built into PowerShell 4.0, and now you can use it with Chef!

To try it out, just configure a system with Chef Client 11.16.0 or later and target it with a recipe that uses the new `dsc_script` resource, which you can learn about on our [documentation site](http://docs.getchef.com/resource_dsc_script.html).

Like Chef, DSC exposes *resources* to configure systems. The rest of this post gives details on how to use Chef’s new `dsc_script` resource to gain access to all of DSC’s resources from your recipes, and also discusses where we’re headed with DSC in the future.

The dsc\_script resource

The `dsc_script` resource allows cookbook authors to include DSC configurations in the form of PowerShell code in their Chef
recipes. This is not unlike the use of script code through Chef’s `powershell_script` or
`bash` resources. With DSC and `dsc_script`, however, you get a lot
more than just access to a scripting language. Here’s a simple example that uses
`dsc_script` in a Chef recipe to unzip (i.e. decompress) a file using DSC’s
`Archive` resource:

dsc\_script 'unzip\_powershell\_modules' do
  code <<-EOH
  Archive PSModules
    Path = "$home/downloads/modules.zip"
    Destination = "$env:programfiles/WindowsPowerShell/Modules"
  }
EOH
end

The string supplied to the `code` attribute above is DSC (and therefore
PowerShell) code, which you can learn about at the [DSC site](http://technet.microsoft.com/en-us/library/dn249912.aspx). That PowerShell code specifies a “configuration” with DSC’s
`Archive` resource. Running this Chef recipe code will invoke
the DSC code and unzip the file located at `Path` to the directory location at
`Destination`.

Unlike, say, the use of a `bash` or `powershell_script` resource in Chef that
executes a decompression command like
`tar`, there is no need to write guard expressions (i.e. `not_if` / `only_if`)
in the recipe when using `dsc_script` in order to ensure idempotence — DSC
resources, like Chef resources, are intrinsically idempotent.

## DSC: A new universe of resources for Chef

PowerShell 4.0 ships with 12 built-in resources including `Archive`, most of
which are direct analogs of resources that already exist in Chef. But if you
install the recently released [DSC Wave 6 resource
kit](http://gallery.technet.microsoft.com/scriptcenter/DSC-Resource-Kit-All-c449312d)
from Microsoft, you suddenly have access to 80+ additional resources!

`xSQLHAGroup`, `xWebSite`, `xADUser`, `xDNSServer`, and `xVMHyperV` are some of
the suggestive resource names you’ll find if you install the resource kit and execute
`Get-DSCResource` in your PowerShell terminal. They do what their names imply
— configure web sites, high-availability database configurations, create
users in Active Directory, etc., all with Chef-like convergence. With
`dsc_script`, Chef users can build powerful cookbooks on top of DSC automation provided
by Microsoft and the [PowerShell community](https://github.com/PowerShellOrg/DSC).

## Re-using DSC configurations

While DSC itself is relatively new, ambitious users have already invested in their own libraries of DSC
scripts; these are consumed very much like Chef recipes. One could
integrate such a *”DSC recipe”* into a Chef recipe using `dsc_script` as follows:

dsc\_script 'CompanyWiki' do
  command '//infra01/configurations/wiki.ps1'
  flags AuthType: 'Windows', LogArchive: '//serverlogs/wiki'
end

This will run the DSC configuration named `CompanyWiki` found in the
`wiki.ps1` script (“recipe”) given by the `command` attribute, and pass the parameters `AuthType` and `LogArchive` to the
configuration using `flags`.

## What’s next for DSC + Chef

Chef is not yet finished with DSC:

  • We’ve already [demonstrated even tighter
    integration](http://www.youtube.com/watch?v=mXaAIawzNic) between Chef and DSC
    beyond `dsc_script` that exposes DSC **purely through the Chef DSL**.
  • You can test out the above approach in our
    [preview DSC community cookbook](http://www.getchef.com/blog/2014/07/24/getting-ready-for-chef-powershell-dsc/)
    while we guide it toward its destination alongside `dsc_script` in core Chef
    Client.
  • With DSC in Chef, Chefs have myriad possibilities for new and
    updated cookbooks — let’s get cooking!

DSC accelerates our collective Chef efforts to automate *all the Windows things*. Now it’s up to us to start building.

 

Author Adam Edwards

  • Bob van den Heuvel

    Regarding dscscript and the Powershell 4 requirement, it seems that on a vanilla 2008 machine (no PS4) this presents a problem using this in the very first run; even if the very first recipe in the run list is the installation of PS4, if any other recipe contains the usage of dscscript, the compile phase will break with the message ‘Powershell 4.0 or higher
    was not detected on your system and is required to use the dsc_script resource’ thus preventing the installation of PS4, thus preventing from ever finishing the run.

    Or am I mistaken?

    • I think that’s a legitimate issue Bob — I’ve this issue to our source repository to track this: https://github.com/opscode/chef/issues/2027. Thank you for reporting it, and we’ll work on getting it resolved quickly. We are working on an update to the PowerShell cookbook as well that will make enabling DSC simpler.

      And thank you very much for the kind words despite this issue — very glad you like it.