Chef Client 11.16.0 gets into PowerShell DSC

Ohai Chefs. Today’s release of Chef Client 11.16.0 marks the inclusion of [PowerShell Desired State Configuration (DSC)](http://technet.microsoft.com/en-us/library/dn249912.aspx) support into Chef Client for Windows. DSC is a powerful configuration management platform built into PowerShell 4.0, and now you can use it with Chef!

To try it out, just configure a system with Chef Client 11.16.0 or later and target it with a recipe that uses the new `dsc_script` resource, which you can learn about on our [documentation site](http://docs.getchef.com/resource_dsc_script.html).

Like Chef, DSC exposes *resources* to configure systems. The rest of this post gives details on how to use Chef’s new `dsc_script` resource to gain access to all of DSC’s resources from your recipes, and also discusses where we’re headed with DSC in the future.

The dsc\_script resource

The `dsc_script` resource allows cookbook authors to include DSC configurations in the form of PowerShell code in their Chef
recipes. This is not unlike the use of script code through Chef’s `powershell_script` or
`bash` resources. With DSC and `dsc_script`, however, you get a lot
more than just access to a scripting language. Here’s a simple example that uses
`dsc_script` in a Chef recipe to unzip (i.e. decompress) a file using DSC’s
`Archive` resource:

dsc\_script 'unzip\_powershell\_modules' do
  code <<-EOH
  Archive PSModules
    Path = "$home/downloads/modules.zip"
    Destination = "$env:programfiles/WindowsPowerShell/Modules"
  }
EOH
end

The string supplied to the `code` attribute above is DSC (and therefore
PowerShell) code, which you can learn about at the [DSC site](http://technet.microsoft.com/en-us/library/dn249912.aspx). That PowerShell code specifies a “configuration” with DSC’s
`Archive` resource. Running this Chef recipe code will invoke
the DSC code and unzip the file located at `Path` to the directory location at
`Destination`.

Unlike, say, the use of a `bash` or `powershell_script` resource in Chef that
executes a decompression command like
`tar`, there is no need to write guard expressions (i.e. `not_if` / `only_if`)
in the recipe when using `dsc_script` in order to ensure idempotence — DSC
resources, like Chef resources, are intrinsically idempotent.

## DSC: A new universe of resources for Chef

PowerShell 4.0 ships with 12 built-in resources including `Archive`, most of
which are direct analogs of resources that already exist in Chef. But if you
install the recently released [DSC Wave 6 resource
kit](http://gallery.technet.microsoft.com/scriptcenter/DSC-Resource-Kit-All-c449312d)
from Microsoft, you suddenly have access to 80+ additional resources!

`xSQLHAGroup`, `xWebSite`, `xADUser`, `xDNSServer`, and `xVMHyperV` are some of
the suggestive resource names you’ll find if you install the resource kit and execute
`Get-DSCResource` in your PowerShell terminal. They do what their names imply
— configure web sites, high-availability database configurations, create
users in Active Directory, etc., all with Chef-like convergence. With
`dsc_script`, Chef users can build powerful cookbooks on top of DSC automation provided
by Microsoft and the [PowerShell community](https://github.com/PowerShellOrg/DSC).

## Re-using DSC configurations

While DSC itself is relatively new, ambitious users have already invested in their own libraries of DSC
scripts; these are consumed very much like Chef recipes. One could
integrate such a *”DSC recipe”* into a Chef recipe using `dsc_script` as follows:

dsc\_script 'CompanyWiki' do
  command '//infra01/configurations/wiki.ps1'
  flags AuthType: 'Windows', LogArchive: '//serverlogs/wiki'
end

This will run the DSC configuration named `CompanyWiki` found in the
`wiki.ps1` script (“recipe”) given by the `command` attribute, and pass the parameters `AuthType` and `LogArchive` to the
configuration using `flags`.

## What’s next for DSC + Chef

Chef is not yet finished with DSC:

  • We’ve already [demonstrated even tighter
    integration](http://www.youtube.com/watch?v=mXaAIawzNic) between Chef and DSC
    beyond `dsc_script` that exposes DSC **purely through the Chef DSL**.
  • You can test out the above approach in our
    [preview DSC community cookbook](http://www.getchef.com/blog/2014/07/24/getting-ready-for-chef-powershell-dsc/)
    while we guide it toward its destination alongside `dsc_script` in core Chef
    Client.
  • With DSC in Chef, Chefs have myriad possibilities for new and
    updated cookbooks — let’s get cooking!

DSC accelerates our collective Chef efforts to automate *all the Windows things*. Now it’s up to us to start building.

 

Author Adam Edwards

Former Chef Employee