powershell / dscresources Goto Github PK
View Code? Open in Web Editor NEWCentral repository for PowerShell Desired State Configuration (DSC) resources.
Home Page: http://blogs.msdn.com/b/powershell/
License: MIT License
Central repository for PowerShell Desired State Configuration (DSC) resources.
Home Page: http://blogs.msdn.com/b/powershell/
License: MIT License
I have created a DSC Resource Module for managing Distributed File System (DFS) Namespaces and Replication on Windows Server 2012+: https://github.com/PlagueHO/cDFS
It contains MOF based resources for the following:
It contains Unit and Integration tests for all resources, using the DSCResource.Test\TestHelper.psm1 functions. However, the integration tests for the DFS Replication require an Active Director domain and at least two servers with DFS installed.
Note about tests: Tests require Windows Server 2012 (or above) to pass because required DFS Namespace and DFS Replication features to be installed. Tests pass on AppVeyor because AppVeyor.yml is configured to ensure the required features are installed.
Would there be interest in moving this module over to the community module library here?
If so, I'd need to convert the resources over from BMD_ to MSFT_ and other updates to the .PSD1,AppVeyor.yml etc before transferring the repo.
Thanks!
I'm finding loads of modules do not conform to the verb-noun standard of PowerShell. I would like to add to the style guide that we expect to conform to the PowerShell standard of verb-noun even for private functions.
Obviously this is purely a stylicstic thing so I'll be quite if no one wants to take this. 😆
$
in front of it -- there's no real reason why anyone should care about variables being camelCase while functions are PascalCase.Oh, and I don't like your brace guidelines :-p and neither do most PowerShell power users 😛 PoshCode/PowerShellPracticeAndStyle#24
As @PlagueHO noted
Forgive me if I'm missing something: but has anyone noticed that Before_Deploy
is no longer firing for any of the most recent DSC Module builds on AppVeyor?
This looks to have started sometime in the last month.
It results in Artifacts not being produced against the build (see https://ci.appveyor.com/project/PowerShell/xnetworking/branch/master).
Ok, after digging around in http://help.appveyor.com/ I found a similar issue (After_Deploy not firing) (http://help.appveyor.com/discussions/problems/3657-after-deployment-cmd-doesnt-run-at-all).
What I get from this is that Before_Deploy shouldn't fire unless there is a Deploy_Script, but AppVeyor had a bug that allowed it to.
They fixed this bug (appveyor/ci#494).
All the DSC Resource AppVeyor.yml scripts took advantage of this bug. Solution: All AppVeyor.yml scripts should have Before_Deploy: changed to Deploy_Script:
We need to update appveyor.yml in all repos to use deploy_script instead of before_deploy
I would like to transfer a new repo for managing Zones in InternetSettings to the PowerShell org.
https://github.com/SimonWahlin/xInternetSettings
The module is passing all tests and should comply to all contribution guidelines.
The module includes one MOF-based resource (compatible with PS/WMF 4.0 and 5.0+)
Hi all!
Wondering if it would be possible to provide some guidelines around contributing tests for the DSC Resources. You probably have a better idea of what would go in this, but a few example questions that might be helpful to answer:
An initial complete test suite for a single repository might go a long way.
Cheers!
The Unit/Integration test templates are all configured to default to MSFT as the organization(?) code of the resource being tested (see https://github.com/PowerShell/DscResources/blob/master/Tests.Template/integration_config_template.ps1#L14).
They also default the module code to 'x' as well (see https://github.com/PowerShell/DscResources/blob/master/Tests.Template/integration_template.ps1#L16).
I think to make them more generic and usable for non-MSFT resources these codes should be removed from the defaults of these files.
The examples however should be left showing MSFT_ and x where appropriate (see https://github.com/PowerShell/DscResources/blob/master/Tests.Template/integration_template.ps1#L17).
@vors do you think you could include an overall license here?
I have created a DSC Resource Module for managing Windows Server 2012+ File Server Resource Manager (FSRM): https://github.com/PlagueHO/cFSRM
It contains MOF based resources for the following:
It contains Unit and Integration tests for all resources, using the DSCResource.Test\TestHelper.psm1 functions.
Note about tests: Tests require Windows Server 2012 (or above) to pass because required File Server Resource Manager feature to be installed. Tests pass on AppVeyor because AppVeyor.yml is configured to ensure the FSRM feature is installed before invoking pester.
The module doesn't have resources for managing File Tasks and File Reports, but I do plan on getting to those at some point when I have more time.
Would there be interest in moving this module over to the community module library here?
If so, I'd need to convert the resources over from BMD_ to MSFT_ and other updates to the .PSD1,AppVeyor.yml etc before transferring the repo.
Thanks!
Is this still working/supported? Will it be added to the repo?
Windows Advanced Audit Policy
MOF-based resources
For single instance resources it isn't clear what the recommended design pattern for implementing them is. It might be worth adding this design pattern to either the contributing.md or some other document in this repo so that it can be found more easily.
The recommended method is documented by @TravisEz13 here.
https://github.com/J0F3/cMicrosoftUpdate
cMicrosoftUpdate is a DSC Module and contains the contains the cMicrosoftUpdate resource. This resource can be used to enable/disable Microsoft Update in the Windows Update Settings. ("Give me update for other Microsoft products when I update Windows" checkbox)
MOF-based resources (compatible with PS/WMF 4.0 and 5.0+)
Thx
J0F3
Support statement from technet on DSC Resource Kit (All Modules), in second paragraph on introduction was not ported to github.
I have created a DSC Resource Module for managing HTTP and HTTPS WS-Management Listeners on Windows Server 2012+:
https://github.com/PlagueHO/cWSMan
It contains MOF based resources for the following:
cWSManListener - creates/removes HTTP or HTTPS WS-Management Listeners.
It contains Unit and Integration tests for all resources, using the DSCResource.Test\TestHelper.psm1 functions.
Would there be interest in moving this module over to the community module library here?
If so, I'd need to convert the resources over from BMD_ to MSFT_ and other updates to the .PSD1,AppVeyor.yml etc before transferring the repo. Just let me know and I'll make the applicable changes and then report and it the repo can be reviewed before transfer over.
Thanks!
What system will your DSC resource be managing?
Windows Local Security Policy
xSecedit is a wrapper around secedit.exe
A set of Unit and Integration Test template files have been developed and are available as part of the xNetworking resource (https://github.com/PlagueHO/xNetworking/tree/dev/Templates). I'm just waiting on this PR for these changes to be moved into the upstream PowerShell repo.
These test templates use the *-TestEnvironment
functions in DSCResource.Tests
. They also automatically download or update DSCRsource.Tests
using Git.exe
to the root of the DSC resource being tested.
Ideally these Test templates could be added to this repo so that they are available to all DSC resources. The documentation would also need to be updated to instruct on the use of these Test Templates.
This change was initially discussed here.
Also, this change should also incorporate adding a .gitignore
file to the DSCResource.Template
folder containing DSCResources.Tests
to ensure that the DSCResources.Tests
folder is never accidentally added to a DSC Resource.
I've actually made the changes above to my fork of this repo and will submit a PR for this if this is agreeable?
Cheers!
I would like to transfer a new repo for managing Windows Defender to the PowerShell org. This module is based on the PowerShell module 'Defender' and gets/sets preferences via the *-MPPreference commands.
The module has complete documentation and passes the tests included in the DSCResources.Tests repo.
https://github.com/mgreenegit/xDefender
Please confirm or suggest changes. Thank you.
The DSC Log Resource is a powerful tool in providing rich feedback from within the configuration process. However, this may not scale very well since the logs could potentially be spread across multiple DSC Servers or even LCM. I am familiar with gathering logs from Windows Event Log using NXLOG however we would have to install and configure such a tool using DSC before it would be of any use...
If you can support hooking into this log pipeline and direct this data elsewhere that would be great, but it is not clear in the documentation. Perhaps there is a way to leverage the 'DependsOn' property to pass configuration to Log Resource. Here is a fake example:
Log LogglyExample
{
Message = "This message will be piped out to a configurable Loggly Resource for processing."
DependsOn = "[ResourceType]myLoggly"
}
The end goal would be to send DSC logs from the LCM's and Push/Pull servers into a centralized log aggregation system like ELK Stack or Loggly which can easily consume logs in JSON format and have powerful dashboarding tools.
That just might save us all a little time...
image from an article
Using PSDscAllowPlainTextPassword=$true leaves passwords insecure. We should have guidance about example that need this.
Possible options:
What system will your DSC resources be managing?
Public Key Infrastructure (PKI)
Will your module include MOF-based resources (compatible with PS/WMF 4.0 and 5.0+) or class-based resources (only compatible with PS/WMF 5.0+)
MOF-based
This is code I've been using for over a year internally. Currently the only resource is xPfxImport
which is used to import a certificate and/or key to the cert store from a PFX file. It makes use of DSC's ability to encrypt credentials to keep the PFX extraction password safe.
I use this to distribute commercial SSL certificates to web servers (the existing IIS resources can be used to set the bindings after that).
Perhaps just this link:
https://github.com/pester/Pester#for-further-learning
Not quite a bug but...
I've recently started improving the xHyper-V resource, but have been stumbling upon some interesting questions and challenges around DSC as a whole, challenges I know for a fact will affect other resources too, but am not quite sure whether this is something that Microsoft has already considered and/or has an answer for...
You can read more about it below, would appreciate some direction as I'm really keen to develop some resources, but want to make sure they're done properly and don't feel I can do that at the moment.
Regards,
Fausto
In the contribution guidelines, it states 'If this is your first contribution to DscResources, you may be asked to sign a Contribution Licensing Agreement (CLA) before your changes will be accepted.'. However, there is no mention of where to obtain the CLA. This would be helpful so organizations could review this before beginning to create pull requests.
On a box that has all prerequisites and work-around installed and ready for installing Exchange Server, I was able to install Exchange Server 2013 using the below command line:
C:\exchange\setup.exe /mode:Install /role:Mailbox,ClientAccess /Iacceptexchangeserverlicenseterms /OrganizationName:PuppetLabs
However, I was unable to install Exchange Server 2013 using invoke-dscresource commands as below:
PS C:\exchange>
PS C:\exchange> $password = ConvertTo-SecureString ‘P@ssw0rd!’ -AsPlainText -Force
PS C:\exchange> $credentials = New-Object System.Management.Automation.PSCredential(‘Administrator’, $password)
PS C:\exchange> invoke-dscresource -Name xExchInstall -Method Set -ModuleName xExchange -Verbose -Property @{path=‘C:\exchange\setup.exe';arguments='/mode:Install /role:Mailbox,ClientAccess/Iacceptexchangeserverlicenseterms /OrganizationName:Puppetlabs’;credential=$credentials}
The output below does not have any error, but Exchange Server is NOT installed as expected.
Output:
VERBOSE: Performing the operation "Invoke-CimMethod: ResourceSet" on target "MSFT_DSCLocalConfigurationManager".
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = ResourceSet,'className' =
MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer OSKOULRAASJMYW8 with user sid
S-1-5-21-392757445-931416346-404708973-500.
VERBOSE: [OSKOULRAASJMYW8]: LCM: [ Start Set ] [[xExchInstall]DirectResourceAccess]
VERBOSE: [OSKOULRAASJMYW8]: [[xExchInstall]DirectResourceAccess] Entering function
'Set-TargetResource'. Notable parameters: Arguments = '/mode:Install /role:Mailbox,ClientAccess
/Iacceptexchangeserverlicenseterms /OrganizationName:Puppetlabs', Path = 'C:\exchange\setup.exe'
VERBOSE: [OSKOULRAASJMYW8]: [[xExchInstall]DirectResourceAccess] Initiating Exchange Setup.
Command: C:\exchange\setup.exe /mode:Install /role:Mailbox,ClientAccess /Iacceptexchangeserverlicenseterms
/OrganizationName:Puppetlabs
VERBOSE: [OSKOULRAASJMYW8]: [[xExchInstall]DirectResourceAccess] Created Scheduled Task with
name: Install Exchange 96edadcd-83a0-434d-8f89-75d3b75d93f1
VERBOSE: [OSKOULRAASJMYW8]: [[xExchInstall]DirectResourceAccess] Task Action:
C:\exchange\setup.exe /mode:Install /role:Mailbox,ClientAccess /Iacceptexchangeserverlicenseterms
/OrganizationName:Puppetlabs
VERBOSE: [OSKOULRAASJMYW8]: [[xExchInstall]DirectResourceAccess] Starting task at:
10/07/2015 15:57:15
VERBOSE: [OSKOULRAASJMYW8]: [[xExchInstall]DirectResourceAccess] Waiting up to 60 seconds
before exiting to give time for ExSetup.exe to start
VERBOSE: [OSKOULRAASJMYW8]: [[xExchInstall]DirectResourceAccess] Detected that ExSetup.exe
is running
VERBOSE: [OSKOULRAASJMYW8]: [[xExchInstall]DirectResourceAccess] Setup is still running at
10/07/2015 15:57:24. Sleeping for 1 minute.
VERBOSE: [OSKOULRAASJMYW8]: [[xExchInstall]DirectResourceAccess] Setup is still running at
10/07/2015 15:58:24. Sleeping for 1 minute.
VERBOSE: [OSKOULRAASJMYW8]: LCM: [ End Set ] [[xExchInstall]DirectResourceAccess] in 139.5630 seconds.
VERBOSE: [OSKOULRAASJMYW8]: LCM: [ End Set ] in 141.8910 seconds.
VERBOSE: Operation 'Invoke CimMethod' complete.
RebootRequired
--------------
False
PS C:\exchange>
Note that ExSetup.exe was running:
PS C:\Users\Administrator> get-process | where {$_.Name -like 'ExSetup*'}
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
356 96 79860 87552 731 8.19 4936 ExSetup
Hello,
My organization is working on PS DSC configurations over at @d9micromgmt i'd like to know if there are existing code bases for the missing system center dsc resources, such as config manager?
Create guidance on how to properly create singleton (where only one resource of this type is allowed per configuration) resources
After installing a new version of .NET, the .NET Framework Optimization Service (mscorsvw.exe
) kicks in and will start to generate native images of the .NET assemblies available on the PC. It does so in a background service. See [http://blogs.msdn.com/b/dotnet/archive/2013/08/06/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up.aspx] for some more information.
When automating the deployment of .NET as part of a DSC Configuration, you may want to force the generation of native images. You do so by running ngen.exe /executeQueuedItems
for each version of ngen installed on your PC (one per .NET version)
I've generated a DSC Resource that allows you to trigger the the ngen
command, and would like to contribute it as a general DSC Resource.
You can find the current version at [https://github.com/quamotion/powershell-dsc/tree/master/vso-agent/NGen].
I would like to understand whether the PowerShell is interested in such a module. If yes, I'd be happy to go through the work to adapt the current module according to the PowerShell coding guidelines.
This line is incorrect in Integration Config Test Template:
https://github.com/PowerShell/DscResources/blob/master/Tests.Template/integration_config_template.ps1#L18
It should not have ' around .
Should be:
<ResourceName> Integration_Test {
Contribution guidelines should specify that code should be in UTF 8, unless these is a good reason for it to be in another encoding.
What system will your DSC resources be managing?
Windows 10 privacy settings (Start > Settings > Privacy)
Will your module include MOF-based resources (compatible with PS/WMF 4.0 and 5.0+) or class-based resources (only compatible with PS/WMF 5.0+)
class-based resources
Please let me know if I can go ahead with creating the resource module :-)
Here is an example @tysonjhayes gave in a review
Instead of calling a throw here, can you use the following construct to throw the exception?
https://github.com/PowerShell/xNetworking/blob/dev/DSCResources/MSFT_xFirewall/MSFT_xFirewall.psm1#L708I know this is a bit longer winded, but it creates a custom exception object that we can actually test for in unit tests.
So you'd end up with this:
$errorId = 'TeamCreateError' $errorCategory = [System.Management.Automation.ErrorCategory]::InvalidOperation $errorMessage = $localizedData.failedToCreateTeam $exception = New-Object -TypeName System.InvalidOperationException ` -ArgumentList $errorMessage $errorRecord = New-Object -TypeName System.Management.Automation.ErrorRecord ` -ArgumentList $exception, $errorId, $errorCategory, $null$PSCmdlet.ThrowTerminatingError($errorRecord)
Context 'testing with firewall that somehow occurs more than once' {
Mock Get-NetFirewallRule -MockWith { $FirewallRules }
$errorId = 'RuleNotUnique'
$errorCategory = [System.Management.Automation.ErrorCategory]::InvalidOperation
$errorMessage = $($LocalizedData.RuleNotUniqueError) -f 2,$FirewallRule.Name
$exception = New-Object -TypeName System.InvalidOperationException `
-ArgumentList $errorMessage
$errorRecord = New-Object -TypeName System.Management.Automation.ErrorRecord `
-ArgumentList $exception, $errorId, $errorCategory, $null
It "should throw RuleNotUnique exception on firewall rule $($FirewallRule.Name)" {
{ $Result = Get-FirewallRule -Name $FirewallRule.Name } | Should Throw $errorRecord
}
}
Hi all,
hope that's the right way for contributing my question.
Just wondering why the Module xOu from PowershellGallery.com is missing here?
Is there any reason for, which I haven't found yet?
I'm trying to configure my OUs and I thought I could do that with the xADOrganizationalUnit Resource.
Or is there an other way to configure Active Directory OUs?
Although I see the benefit for accrediting the original Author of DSC resources, if these are maintained by Microsoft then shouldn't Microsoft be the Author of the modules?
When you run the below you can see that there are resources that are Authored differently to 'Microsoft Corporation'
find-module x* -Tag DSC | Select-object Name,Author | Group-Object -Property Author
This makes Discoverability for all these resources more difficult than it should be especially when you only want to download the x modules that are endorsed and developed by Microsoft
A couple of days ago @smurawski made a blog post about dropping the c nomenclature from the resources. I think this is a great idea and think we should drop x as well. All my arguements boil down to, "why do we really need it?" It's on GitHub now, everyone can contriubte, and IMO we should be trying to push more stuff into these repros/projects and an forks that occur can be easily traceable through GitHub.
Thoughts?
Currently the integration tests template (Integration_tests.ps1) will not support credentials to be used in the integration test config file (integration_config_tests.ps1) because they would need to be encrypted (or allowed to be stored unencrypted).
Although most integration tests do not require the use of credentials (specifically the PSDSCRunAsCredential parameter) there are some that do (e.g. resources that will need to connect to an AD domain). This of course isn't applicable to any Integration tests that should be run in AppVeyor, however I do create many integration tests that can be run manually on a local users machine or non-cloud CI that do require credentials to be configured.
To support this I would propose that the Integration test template be changed so that a -ConfigurationData parameter is always passed to the Integration_test_config.ps1 when it is compiled.
E.g. Change
https://github.com/PowerShell/DscResources/blob/master/Tests.Template/integration_template.ps1#L51
Should be changed to:
$ConfigData = @{
AllNodes = @(
@{
NodeName = 'localhost'
PSDscAllowPlainTextPassword = $true
}
)
}
Invoke-Expression -Command "$($Global:DSCResourceName)_Config -OutputPath `$TestEnvironment.WorkingFolder -ConfigurationData `$ConfigData"
The above code would allow unencrypted credentials to be used.
It would probably be possible to automatically create a self-signed certificate on the test machine of course and use that to encrypt the credentials as well - is it worth looking at automating credential encryption in the integration tests instead?
Does anyone have any thoughts on doing this?
Thanks!
Trond Hindenes (Tue, Jun 23 2015 3:14 PM)
"Just a note regarding submodules in git: Remember that the parent repo points to a certain commit in the submodule. This means that whenever a submodule is updated, the parent repo must be updated with the updated commit id in order to reflect the HEAD of the submodule branch. For example, looking at the master branch of the xActiveDirectory resource, the parent repo points to a commit in there that's a couple of months old. If someone simply clones the parent repo with included submodules they'll be looking at fairly out-of-date code.
(it's pretty easy to script auto-updating the parent repo using git and powershell :-) )"
https://github.com/mattmcnabb/xPackageManagement/
This is barebones but I think it's needed. Additional development could add credentials, sources, and providers to the list of properties.
Thanks!
have created a DSC Resource Module for managing iSCSI Virtual Disks and iSCSI Targets on Windows Server 2012+ as well as connecting iSCSI Initiators to iSCSI Targets on Windows Server 2012+: https://github.com/PlagueHO/ciSCSI
It contains MOF based resources for the following:
It contains Unit and Integration tests for all resources, using the DSCResource.Test\TestHelper.psm1 functions. However, the integration tests for iSCSI Initiators are currently disabled because although the documentation for MS iSCSI Initiators states that Loopback connections are supported, the documentation doesn't show how and I couldn't get it to work. Loopback is required for Integration tests. I have left the Integration test code there in case someone can find the documentation for iSCSI Loopback and get it working.
Note about tests: Tests require Windows Server 2012 (or above) to pass because required iSCSI Server feature to be installed. Tests pass on AppVeyor because AppVeyor.yml is configured to ensure the iSCSI Server is installed and the iSCSI Initiator service is started before invoking pester.
Would there be interest in moving this module over to the community module library here?
If so, I'd need to convert the resources over from BMD_ to MSFT_ and other updates to the .PSD1,AppVeyor.yml etc before transferring the repo.
Thanks!
Some of the modules that contain DSC resources do not have a DSC tag applied to them as can be found out using the below
find-module x* | Select-object Name,Author,Tags | Where-Object {($_.Tags -notcontains 'DSC') -and ($_.Name -notlike 'xb*') }
The $_.Name -notlike 'xb*' is to not find 2 Xbox related modules
I suggest Pascal Casing
We need to add missing module from https://gallery.technet.microsoft.com/scriptcenter/xDisk-Module-PowerShell-6b7870ed and double check that all modules are present.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.