Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.

How to Integrate Ansible and DSC

By - Source: Toms IT Pro

Using Ansible as the orchestration engine to deliver DSC configurations to servers is an excellent way to take advantage of both technologies.

Credit: ShutterstockCredit: ShutterstockManaging lots of servers can take a ton of an IT admin's time. There's software to be installed, security patches to apply, configuration changes that must be performed and so on. This is where configuration management tools come in. Using a tool like Ansible allows an IT admin to deliver changes to many servers at once quickly. However, in the Windows world, we already have a configuration management tool built-in called Desired State Configuration (DSC). Which one should you choose? The answer is both.

By using Ansible as the orchestration engine to deliver DSC configurations to servers is an excellent way to take advantage of both technologies. However, since Ansible doesn't natively support DSC, we'll have to do a little work upfront to make this work. First, we'll have to grab an Ansible module since, at this time, none are currently available in the box. Trond Hindenes has built an excellent module called win_dsc5 that allows us to create Ansible playbooks and have DSC invoke them. That will need to be downloaded and added to your Ansible server.

MORE: Which Configuration Tool Is Right for You

This module requires PowerShell v5 on each node, and it's recommended that the DSC Local Configuration Manager (LCM) on each node be disabled. This is because the win_dsc5 module will be directly invoking DSC resources under the covers using Invoke-DscResource and will not be using the LCM.

Once the win_dsc5 module is on your Ansible server, you can then begin to reference the module inside of your Ansible playbooks. For example, here's an Ansible task that adds a feature to a node.

- name: Ensure GUI is added
    resource_name: WindowsFeature
    name: Server-Gui-Shell
    ensure: present

You can see that building an Ansible task is now similar to creating a DSC configuration by specifying the resource and each property that's part of that resource. The win_dsc5 module passes each property and property value dynamically to DSC. This means that you don't have to worry about defining each attribute for every DSC resource you'll want to  use.

An example of a custom resource is below. Notice I have to specify the resource name and any properties necessary to apply the desired configuration. There's no need to define all of the DSC properties elsewhere on the Ansible server.

- name: Set DNS server search order
    resource_name: GHI_NetworkAdapter
    interfacealias: Ethernet
    ensure: present

If running into problems that indicate that a resource could not be found, remember that every DSC resource that's invoked on a target node must have the DSC module available to PowerShell on that node. This means that you must also come up with a way to copy DSC modules to each target node. This could be done a number of ways, but a great way would be to either perform this copy inside of the same Ansible playbook.

Using Ansible to invoke DSC resources directly combines the best of both worlds. Since DSC doesn't natively have a way to manage configurations across many nodes, administrators were being forced to build their own tooling. However, by using Ansible, this allows admins to stop recreating the wheel and use an existing configuration management tool that's designed for this very purpose.

To find out more information about how to implement this approach, check out Trond Hindenes' blog post where he outlines in detail how to get Ansible up and delivering DSC configurations.